FreshBSD

unbreak aac(4) by re-adding uvm_extern.h for ptoa()

ok deraadt@ sthen@

Only write the HTTP header for the first fastcgi chunk.

some fastcgi improvements:
- DPRINTF instead of log_info for internal debugging.
- submit QUERY_STRING, if it exists
- use a proper function to create an HTTP header.
- use server_file_error() to detect EOF and fastcgi stream errors.
- disable keep-alive/persist for now until we have a reliable way to
get the content length from the cgi response or support chunked
encoding.

"Cool, jep" florian@

use proper on-disk inode size: no more, no less.

Reported by Roman Yakovlev, thanks!

"do it now" deraadt

In debug mode, properly sort and drop duplicates so that we don't end
up with a confusing output like:
multicast_host      >NO<
<...>
multicast_host      >YES<

Also properly evaluate values _after_ running _rc_quirks() because these
can modify flags.

ok robert@ halex@

One bufferevent can be shared by file and fcgi.

Allow to specify a non-default fastcgi socket.

Rename the "docroot" variable to "path" because it will be used for
either files or the fastcgi socket (and there's no need to use a union yet).

Add a configuration variable "fastcgi" to enable it per server or location.

Put in first stab at fastcgi. Very early work in progress. Putting it
in now so that we can quickly work on it in tree. Requested by reyk@.
deraadt@ is OK with this according to reyk@.

sync

unhook auxcpp

Properly warn when an example changes and the corresponding file is found
under /etc.

issue reported by Nathanael Rensen
"fine" deraadt@

switch to tradcpp

descend into tradcpp

Add tradcpp 0.4, a standalone traditional whitespace preserving cpp
by David A. Holland of NetBSD.

Make "location" work with name-based virtual servers.

Fix evil typo (multicast_hosts -> multicast_host).

prepare for post 5.6 packages, recognize special case where timestamp exist.
(specifically, this is a nop for 5.6, but it will allow changes to packages
without needing anything in pkg_add)

Add "location" keyword to specify path-specific configuration in
servers, for example auto index for a sub-directory only.  Internally,
a "location" is just a special type of a "virtual" server.

Small fix and clarification

Reserve an extra file descriptor per connection instead of per
request.  This fixes fd accounting with persistent connections and
reduces the complexity of the implementation.

ok benno@

Fix memory exhaustion occurring on DHCP options with 0 length.

halex@ and krw@ pointed out that a NULL check before free can go, too.

ok deraadt@, halex@, krw@, jasper@

Fix memory exhaustion occurring on DHCP options with 0 length.

halex@ and krw@ pointed out that a NULL check before free can go, too.

ok deraadt@, halex@, krw@, jasper@

The inflight decremented message should only be printed with DEBUG.

Add extended directory index options: "[no] index" and "[no] auto index".
The option "directory auto index" implements basic directory listing
and is turned off by default.

ok deraadt@

disable POOL_DEBUG for release

move to -release mode

Revert the checks about RTF_LOCAL routes.

Even if in the end we would like to be more strict about what userland
can do with kernel-managed route entries, most of the tools out there
are not yet ready for this.  Since RTF_LOCAL routes are for the moment
just like RTF_LLINFO routes without expire timer, allow userland tools
to remove/modify them.  In case they are missing, the good old cloning
mechanism will recreate what you need.

bluhm@ and deraadt@ agree.

Move configurable TCP options into struct server_config.

Fix a usage string; the proper spelling of 'alot' is 'a lot'.

ok bcook@

update sets sizes

Last (known) msgbuf_write() vs EOF fix.

ok gilles@ deraadt@

sync

I/O ktrace of sendsyslog(2) did not work.  As uiomove() adjusts
iov_len to 0, we need a propper length calculation.  While there,
use -1 for the file descriptor because 0 is reserved for stdin.
OK deraadt@ guenther@

On SPARCbook systems, the ledma device node has a `cable-selection' property
specifying which media the on-board interface uses. We already query it to
set up proper register values; extend this to be able to pass a default
media to the le(4) child.

This makes SPARCbook system default to AUI without needing for a manual media
change.

tested by sebastia@

Remove SRP code. It contains a bug (this should not surprise anyone), but
the details are under embargo. The original plan was to wait for the
embargo to lift, but we've been waiting for quite some time, and there's no
indication of when or even if it will end. No sense in dragging this out
any longer.

The SRP code has never been enabled in OpenBSD, though I understand it is
in use by some other people. However, in light of this and other issues,
we're officially saying SRP is outside the scope of libressl. (For now.)

Fix memory exhaustion occurring on DHCP options with 0 length.

halex@ and krw@ pointed out that a NULL check before free can go, too.

ok deraadt@, halex@, krw@

merge dhcpd's packet.c revision 1.7:

Fix very hard to reach DoS attack vector, which would involve more than
8 billion network packets.  Mixture of many many malformed and proper
packets could result in a division by zero.

ok krw@

some systems no longer need /dev/log;
issue noticed by jirib;
ok deraadt

Limit the "aperture needed" printf to ramdisks via RAMDISK_HOOKS.
Originally with SMALL_KERNEL until sebastia@ pointed out that not
all ramdisks are built with SMALL_KERNEL.
ok deraadt@ kettenis@

Avoid matching a particular driver for "aperture needed" detection.
On sparc64 we also need to match machfb(4) in addition to vgafb(4) so let's
just match any driver.

ok halex@, deraadt@

Hardware supported by machfb(4) needs the aperture (for now) so make ramdisks
print a message to that extent such that the install scripts can do their
magic.

ok miod@, deraadt@

Change detection of unconfigured vlan interfaces from using flags to
looking for vlan id and parent interface. This avoids the creation of
unconfigured vlan interface every time /install is restarted.

Noted by and OK miod@
OK krw@
Positive feedback sthen@ claudio@

_dl_sigprocmask() works better when it actually saves the returned sigmask

asm suggestion from kettenis@
tested by miod@, suffering under the brain-destroying summer heat

The RSA, DH, and ECDH temporary key callbacks expect the number of keybits
for the key (expressed in RSA key bits, which makes *no sense* for ECDH) as
their second argument, not zero.

(jsing@ notes that the RSA callback is only invoked for 'export' ciphers,
which have been removed from LibreSSL, and for the SSL_OP_EPHEMERAL_RSA
option, which is makes the application non-compliant.  More fuel for the
tedu fire...)

jasper@ noted the breakage and bisected it down to the diff that broke this
ok jsing@ miod@

remove non-portable __progname extern from arc4random unit test.

ok @deraadt

turn of -Werror, unless you are sure both gcc work...

Link dependencies on libssl and libcrypto were missing.
OPENSSL_NO_RC5 is #defined in the #includes, so it's not needed here.

ok deraadt@

make sure makewhatis shows error messages without unsightly CODE() refs