summary refs log tree commit diff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/usr.bin/calendar/calendars/calendar.birthday4
-rw-r--r--src/usr.bin/calendar/calendars/calendar.openbsd4
-rw-r--r--src/usr.bin/calendar/io.c7
-rw-r--r--src/usr.bin/jot/jot.147
-rw-r--r--src/usr.bin/jot/jot.c278
-rw-r--r--src/usr.bin/signify/Makefile3
-rw-r--r--src/usr.bin/signify/signify.136
-rw-r--r--src/usr.bin/signify/signify.c266
-rw-r--r--src/usr.bin/vis/vis.c7
9 files changed, 375 insertions, 277 deletions
diff --git a/src/usr.bin/calendar/calendars/calendar.birthday b/src/usr.bin/calendar/calendars/calendar.birthday
index 6f05dd7..785d9a9 100644
--- a/src/usr.bin/calendar/calendars/calendar.birthday
+++ b/src/usr.bin/calendar/calendars/calendar.birthday
@@ -1,7 +1,7 @@
 /*
  * Birthday
  *
- * $OpenBSD: calendar.birthday,v 1.63 2016/04/11 09:03:41 sthen Exp $
+ * $OpenBSD: calendar.birthday,v 1.64 2016/08/31 12:33:03 schwarze Exp $
  */
 
 #ifndef _calendar_birthday_
@@ -330,6 +330,7 @@
 11/26	Norbert Wiener born, 1894
 11/27	Bruce Lee born in San Francisco, 1940
 11/28	Friedrich Engels born, 1820
+11/28	Joe Ossanna died, 1977
 11/29	John Mayall is born in Cheshire, England, 1933
 11/30	Cleopatra died, 30 BC
 11/30	Mark Twain (Samuel Clemens) born in Florida, Missouri, 1835
@@ -341,6 +342,7 @@
 12/08	Horace (Quintus Horatius Flaccus) born in Venosa (Italy), 65BC
 12/08	James (Grover) Thurber born in Columbus, Ohio, 1894
 12/10	Emily Dickinson born, 1830
+12/10	Joe Ossanna born, 1928
 12/12	E.G. Robinson born, 1893
 12/14	George Washington dies, 1799
 12/16	Arthur C. Clarke born in Somerset, England, 1917
diff --git a/src/usr.bin/calendar/calendars/calendar.openbsd b/src/usr.bin/calendar/calendars/calendar.openbsd
index 2823e23..208b23b 100644
--- a/src/usr.bin/calendar/calendars/calendar.openbsd
+++ b/src/usr.bin/calendar/calendars/calendar.openbsd
@@ -1,7 +1,7 @@
 /*
  * OpenBSD-related dates to celebrate
  *
- * $OpenBSD: calendar.openbsd,v 1.37 2016/03/11 20:20:26 jmc Exp $
+ * $OpenBSD: calendar.openbsd,v 1.38 2016/09/03 13:37:45 guenther Exp $
  */
 
 #ifndef _calendar_openbsd_
@@ -80,6 +80,8 @@ Aug 16	IPX network stack added to OpenBSD, from FreeBSD, 1996
 Aug 17	c2k1-2: Sparc64 hackathon, Washington D.C., 12 developers, 2001
 Aug 17	OpenBSD/sparc64 port is added, from NetBSD, 2001
 Aug 28	k2k6: IPSec hackathon, Schloss Kransberg, Germany, 14 developers, 2006
+Sep 01	Support for the sparc (32bit) architecture removed, 2016
+Sep 03	Support for the zaurus architecture removed, 2016
 Sep 16	s2k11: General hackathon, Ljubljana, Slovenia, 25 developers, 2011
 Sep 17	n2k12: Network hackathon, Starnberg, Germany, 23 developers, 2012
 Sep 19	j2k10: Mini-hackathon, Sakae Mura, Nagano, Japan, 19 developers, 2010
diff --git a/src/usr.bin/calendar/io.c b/src/usr.bin/calendar/io.c
index f17cacb..e4cb689 100644
--- a/src/usr.bin/calendar/io.c
+++ b/src/usr.bin/calendar/io.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: io.c,v 1.43 2015/12/08 19:04:50 mmcc Exp $	*/
+/*	$OpenBSD: io.c,v 1.44 2016/08/31 09:38:47 jsg Exp $	*/
 
 /*
  * Copyright (c) 1989, 1993, 1994
@@ -335,12 +335,15 @@ opencal(void)
 		}
 	}
 
-	if (pipe(pdes) < 0)
+	if (pipe(pdes) < 0) {
+		close(fdin);
 		return (NULL);
+	}
 	switch (vfork()) {
 	case -1:			/* error */
 		(void)close(pdes[0]);
 		(void)close(pdes[1]);
+		close(fdin);
 		return (NULL);
 	case 0:
 		dup2(fdin, STDIN_FILENO);
diff --git a/src/usr.bin/jot/jot.1 b/src/usr.bin/jot/jot.1
index 628b07e..c82553e 100644
--- a/src/usr.bin/jot/jot.1
+++ b/src/usr.bin/jot/jot.1
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: jot.1,v 1.21 2016/07/17 04:15:25 tb Exp $
+.\"	$OpenBSD: jot.1,v 1.23 2016/08/12 21:49:31 tb Exp $
 .\"	$NetBSD: jot.1,v 1.2 1994/11/14 20:27:36 jtc Exp $
 .\"
 .\" Copyright (c) 1993
@@ -30,7 +30,7 @@
 .\"
 .\"	@(#)jot.1	8.1 (Berkeley) 6/6/93
 .\"
-.Dd $Mdocdate: July 17 2016 $
+.Dd $Mdocdate: August 12 2016 $
 .Dt JOT 1
 .Os
 .Sh NAME
@@ -101,28 +101,39 @@ conversion specification inside
 in which case the data is inserted rather than appended.
 .El
 .Pp
-The last four arguments indicate, respectively,
-the maximum number of data, the lower bound, the upper bound,
-and the step size.
-While at least one of them must appear,
-any of the other three may be omitted, and
-will be considered as such if given as
-.Ql - .
-Any three of these arguments determines the fourth.
-If four are specified and the given and computed values of
+The last four arguments specify the length of the output sequence,
+its start and end points, and the step size.
+Any three of these arguments determine the fourth.
+If the given and computed values for
 .Ar reps
 conflict, the lower value is used.
-If fewer than three are specified, defaults are assigned
-left to right, except for
-.Ar s ,
-which assumes its default unless both
+.Pp
+Arguments can be omitted by specifying a
+.Ql - .
+The default values for
+.Ar reps ,
+.Ar begin ,
+.Ar end ,
+and
+.Ar s
+are 100, 1, 100, and 1, respectively.
+Omitted values are computed if possible or assume the default.
+A special case arises if only
 .Ar begin
 and
 .Ar end
-are given.
+are specified:
+if
+.Ar begin
+is greater than
+.Ar end
+then
+.Ar s
+is set to \(mi1, otherwise it is set to 1;
+afterwards
+.Ar reps
+is computed.
 .Pp
-Defaults for the four arguments are, respectively,
-100, 1, 100, and 1.
 .Ar reps
 is expected to be an unsigned integer,
 and if given as zero is taken to be infinite.
diff --git a/src/usr.bin/jot/jot.c b/src/usr.bin/jot/jot.c
index 08da69f..0de3a51 100644
--- a/src/usr.bin/jot/jot.c
+++ b/src/usr.bin/jot/jot.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: jot.c,v 1.28 2016/07/17 04:04:46 tb Exp $	*/
+/*	$OpenBSD: jot.c,v 1.36 2016/09/02 14:23:09 tb Exp $	*/
 /*	$NetBSD: jot.c,v 1.3 1994/12/02 20:29:43 pk Exp $	*/
 
 /*-
@@ -36,44 +36,45 @@
  * Author:  John Kunze, Office of Comp. Affairs, UCB
  */
 
-#include <err.h>
-#include <stdbool.h>
 #include <ctype.h>
+#include <err.h>
 #include <limits.h>
 #include <math.h>
+#include <stdbool.h>
 #include <stdint.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
 
-#define	REPS_DEF	100
-#define	BEGIN_DEF	1
-#define	ENDER_DEF	100
-#define	STEP_DEF	1
+#define	REPS	1
+#define	BEGIN	2
+#define	ENDER	4
+#define	STEP	8
 
 #define	is_default(s)	(strcmp((s), "-") == 0)
 
-static double	begin;
-static double	ender;
-static double	s;
-static long	reps;
-static bool	randomize;
-static bool	infinity;
-static bool	boring;
+static long	reps	= 100;
+static double	begin	= 1;
+static double	ender	= 100;
+static double	step	= 1;
+
+static char	format[BUFSIZ];
+static char	sepstring[BUFSIZ] = "\n";
 static int	prec = -1;
+static bool	boring;
+static bool	chardata;
+static bool	finalnl = true;
+static bool	infinity;
 static bool	intdata;
 static bool	longdata;
-static bool	chardata;
 static bool	nosign;
-static bool	finalnl = true;
-static char	sepstring[BUFSIZ] = "\n";
-static char	format[BUFSIZ];
+static bool	randomize;
 
 static void	getformat(void);
 static int	getprec(char *);
 static int	putdata(double, bool);
-static void	usage(void);
+static void __dead	usage(void);
 
 int
 main(int argc, char *argv[])
@@ -89,10 +90,13 @@ main(int argc, char *argv[])
 	if (pledge("stdio", NULL) == -1)
 		err(1, "pledge");
 
-	while ((ch = getopt(argc, argv, "rb:w:cs:np:")) != -1)
+	while ((ch = getopt(argc, argv, "b:cnp:rs:w:")) != -1) {
 		switch (ch) {
-		case 'r':
-			randomize = true;
+		case 'b':
+			boring = true;
+			if (strlcpy(format, optarg, sizeof(format)) >=
+			    sizeof(format))
+				errx(1, "-b word too long");
 			break;
 		case 'c':
 			chardata = true;
@@ -100,40 +104,38 @@ main(int argc, char *argv[])
 		case 'n':
 			finalnl = false;
 			break;
-		case 'b':
-			boring = true;
-			if (strlcpy(format, optarg, sizeof(format)) >=
-			    sizeof(format))
-				errx(1, "-b word too long");
+		case 'p':
+			prec = strtonum(optarg, 0, INT_MAX, &errstr);
+			if (errstr != NULL)
+				errx(1, "bad precision value, %s: %s", errstr,
+					optarg);
 			break;
-		case 'w':
-			if (strlcpy(format, optarg, sizeof(format)) >=
-			    sizeof(format))
-				errx(1, "-w word too long");
+		case 'r':
+			randomize = true;
 			break;
 		case 's':
 			if (strlcpy(sepstring, optarg, sizeof(sepstring)) >=
 			    sizeof(sepstring))
 				errx(1, "-s string too long");
 			break;
-		case 'p':
-			prec = strtonum(optarg, 0, INT_MAX, &errstr);
-			if (errstr != NULL)
-				errx(1, "bad precision value, %s: %s", errstr,
-					optarg);
+		case 'w':
+			if (strlcpy(format, optarg, sizeof(format)) >=
+			    sizeof(format))
+				errx(1, "-w word too long");
 			break;
 		default:
 			usage();
 		}
+	}
 	argc -= optind;
 	argv += optind;
 
 	switch (argc) {	/* examine args right to left, falling thru cases */
 	case 4:
 		if (!is_default(argv[3])) {
-			if (!sscanf(argv[3], "%lf", &s))
+			if (!sscanf(argv[3], "%lf", &step))
 				errx(1, "Bad s value:  %s", argv[3]);
-			mask |= 01;
+			mask |= STEP;
 			if (randomize)
 				warnx("random seeding not supported");
 		}
@@ -141,7 +143,7 @@ main(int argc, char *argv[])
 		if (!is_default(argv[2])) {
 			if (!sscanf(argv[2], "%lf", &ender))
 				ender = argv[2][strlen(argv[2])-1];
-			mask |= 02;
+			mask |= ENDER;
 			if (prec == -1)
 				n = getprec(argv[2]);
 		}
@@ -149,7 +151,7 @@ main(int argc, char *argv[])
 		if (!is_default(argv[1])) {
 			if (!sscanf(argv[1], "%lf", &begin))
 				begin = argv[1][strlen(argv[1])-1];
-			mask |= 04;
+			mask |= BEGIN;
 			if (prec == -1)
 				prec = getprec(argv[1]);
 			if (n > prec)		/* maximum precision */
@@ -159,7 +161,9 @@ main(int argc, char *argv[])
 		if (!is_default(argv[0])) {
 			if (!sscanf(argv[0], "%ld", &reps))
 				errx(1, "Bad reps value:  %s", argv[0]);
-			mask |= 010;
+			mask |= REPS;
+			if (reps == 0)
+				infinity = true;
 			if (prec == -1)
 				prec = 0;
 		}
@@ -171,105 +175,80 @@ main(int argc, char *argv[])
 		errx(1, "Too many arguments.  What do you mean by %s?",
 		    argv[4]);
 	}
+
 	getformat();
-	while (mask)	/* 4 bit mask has 1's where last 4 args were given */
-		switch (mask) {	/* fill in the 0's by default or computation */
-		case 001:
-			reps = REPS_DEF;
-			mask = 011;
-			break;
-		case 002:
-			reps = REPS_DEF;
-			mask = 012;
-			break;
-		case 003:
-			reps = REPS_DEF;
-			mask = 013;
-			break;
-		case 004:
-			reps = REPS_DEF;
-			mask = 014;
-			break;
-		case 005:
-			reps = REPS_DEF;
-			mask = 015;
+
+	if (!randomize) {
+		/*
+		 * Consolidate the values of reps, begin, ender, step:
+		 * The formula ender - begin == (reps - 1) * step shows that any
+		 * three determine the fourth (unless reps == 1 or step == 0).
+		 * The manual states the following rules:
+		 * 1. If four are specified, compare the given and the computed
+		 *    value of reps and take the smaller of the two.
+		 * 2. If steps was omitted, it takes the default, unless both
+		 *    begin and ender were specified.
+		 * 3. Assign defaults to omitted values for reps, begin, ender,
+		 *    from left to right.
+		 */
+		switch (mask) { /* Four cases involve both begin and ender. */
+		case REPS | BEGIN | ENDER | STEP:
+			if (infinity)
+				errx(1,
+				    "Can't specify end of infinite sequence");
+			if (step != 0.0) {
+				long t = (ender - begin + step) / step;
+				if (t <= 0)
+					errx(1, "Impossible stepsize");
+				if (t < reps)
+					reps = t;
+			}
 			break;
-		case 006:
-			reps = REPS_DEF;
-			mask = 016;
+		case REPS | BEGIN | ENDER:
+			if (infinity)
+				errx(1,
+				    "Can't specify end of infinite sequence");
+			if (reps == 1)
+				step = 0.0;
+			else
+				step = (ender - begin) / (reps - 1);
 			break;
-		case 007:
-			if (randomize) {
-				reps = REPS_DEF;
-				mask = 0;
-				break;
-			}
-			if (s == 0.0) {
+		case BEGIN | ENDER:
+			step = ender > begin ? 1 : -1; /* FreeBSD's behavior. */
+			/* FALLTHROUGH */
+		case BEGIN | ENDER | STEP:
+			if (step == 0.0) {
 				reps = 0;
-				mask = 0;
+				infinity = true;
 				break;
 			}
-			reps = (ender - begin + s) / s;
+			reps = (ender - begin + step) / step;
 			if (reps <= 0)
 				errx(1, "Impossible stepsize");
-			mask = 0;
-			break;
-		case 010:
-			begin = BEGIN_DEF;
-			mask = 014;
-			break;
-		case 011:
-			begin = BEGIN_DEF;
-			mask = 015;
 			break;
-		case 012:
-			s = STEP_DEF;
-			mask = 013;
-			break;
-		case 013:
-			if (randomize)
-				begin = BEGIN_DEF;
-			else if (reps == 0)
-				errx(1, "Must specify begin if reps == 0");
-			begin = ender - reps * s + s;
-			mask = 0;
-			break;
-		case 014:
-			s = STEP_DEF;
-			mask = 015;
-			break;
-		case 015:
-			if (randomize)
-				ender = ENDER_DEF;
-			else
-				ender = begin + reps * s - s;
-			mask = 0;
-			break;
-		case 016:
-			if (reps == 0)
-				errx(1, "Infinite sequences cannot be bounded");
-			else if (reps == 1)
-				s = 0.0;
-			else
-				s = (ender - begin) / (reps - 1);
-			mask = 0;
-			break;
-		case 017:		/* if reps given and implied, */
-			if (!randomize && s != 0.0) {
-				long t = (ender - begin + s) / s;
-				if (t <= 0)
-					errx(1, "Impossible stepsize");
-				if (t < reps)		/* take lesser */
-					reps = t;
-			}
-			mask = 0;
+		case ENDER:		/* Four cases involve only ender. */
+		case ENDER | STEP:
+		case REPS | ENDER:
+		case REPS | ENDER | STEP:
+			if (infinity)
+				errx(1,
+				    "Must specify start of infinite sequence");
+			begin = ender - reps * step + step;
 			break;
 		default:
-			errx(1, "bad mask");
+			/*
+			 * The remaining eight cases omit ender.  We don't need
+			 * to compute anything because only reps, begin, step
+			 * are used for producing output below.  Rules 2. and 3.
+			 * together imply that ender will be set last.
+			 */
+			break;
 		}
-	if (reps == 0)
-		infinity = true;
-	if (randomize) {
+
+		for (i = 1, x = begin; i <= reps || infinity; i++, x += step)
+			if (putdata(x, reps == i && !infinity))
+				errx(1, "range error in conversion: %f", x);
+	} else { /* Random output: use defaults for omitted values. */
 		bool		use_unif;
 		uint32_t	pow10 = 1;
 		uint32_t	uintx = 0; /* Initialized to make gcc happy. */
@@ -316,13 +295,11 @@ main(int argc, char *argv[])
 				errx(1, "range error in conversion: %f", v);
 		}
 	}
-	else
-		for (i = 1, x = begin; i <= reps || infinity; i++, x += s)
-			if (putdata(x, reps == i && !infinity))
-				errx(1, "range error in conversion: %f", x);
+
 	if (finalnl)
 		putchar('\n');
-	exit(0);
+
+	return 0;
 }
 
 static int
@@ -334,31 +311,31 @@ putdata(double x, bool last)
 		if (x <= (double)ULONG_MAX && x >= 0.0)
 			printf(format, (unsigned long)x);
 		else
-			return (1);
+			return 1;
 	} else if (longdata) {
 		if (x <= (double)LONG_MAX && x >= (double)LONG_MIN)
 			printf(format, (long)x);
 		else
-			return (1);
+			return 1;
 	} else if (chardata || (intdata && !nosign)) {
 		if (x <= (double)INT_MAX && x >= (double)INT_MIN)
 			printf(format, (int)x);
 		else
-			return (1);
+			return 1;
 	} else if (intdata) {
 		if (x <= (double)UINT_MAX && x >= 0.0)
 			printf(format, (unsigned int)x);
 		else
-			return (1);
+			return 1;
 	} else
 		printf(format, x);
 	if (!last)
 		fputs(sepstring, stdout);
 
-	return (0);
+	return 0;
 }
 
-static void
+static void __dead
 usage(void)
 {
 	(void)fprintf(stderr, "usage: jot [-cnr] [-b word] [-p precision] "
@@ -370,18 +347,9 @@ usage(void)
 static int
 getprec(char *s)
 {
-	char	*p;
-	char	*q;
-
-	for (p = s; *p != '\0'; p++)
-		if (*p == '.')
-			break;
-	if (*p == '\0')
-		return (0);
-	for (q = ++p; *p != '\0'; p++)
-		if (!isdigit((unsigned char)*p))
-			break;
-	return (p - q);
+	if ((s = strchr(s, '.')) == NULL)
+		return 0;
+	return strspn(s + 1, "0123456789");
 }
 
 static void
@@ -394,8 +362,11 @@ getformat(void)
 	if (boring)				/* no need to bother */
 		return;
 	for (p = format; *p != '\0'; p++)	/* look for '%' */
-		if (*p == '%' && *(p+1) != '%')	/* leave %% alone */
-			break;
+		if (*p == '%') {
+			if (*(p+1) != '%')
+				break;
+			p++;			/* leave %% alone */
+		}
 	sz = sizeof(format) - strlen(format) - 1;
 	if (*p == '\0' && !chardata) {
 		int n;
@@ -474,7 +445,6 @@ getformat(void)
 fmt_broken:
 			*++p = '\0';
 			errx(1, "illegal or unsupported format '%s'", p2);
-			/* NOTREACHED */
 		}
 		while (*++p != '\0')
 			if (*p == '%' && *(p+1) != '\0' && *(p+1) != '%')
diff --git a/src/usr.bin/signify/Makefile b/src/usr.bin/signify/Makefile
index 09c3075..161c43d 100644
--- a/src/usr.bin/signify/Makefile
+++ b/src/usr.bin/signify/Makefile
@@ -1,6 +1,7 @@
-#	$OpenBSD: Makefile,v 1.10 2014/07/22 00:41:19 deraadt Exp $
+#	$OpenBSD: Makefile,v 1.11 2016/09/02 16:10:56 espie Exp $
 
 SRCS=	signify.c
+SRCS+=	zsig.c
 SRCS+=	fe25519.c sc25519.c smult_curve25519_ref.c
 SRCS+=	mod_ed25519.c mod_ge25519.c
 SRCS+=	crypto_api.c
diff --git a/src/usr.bin/signify/signify.1 b/src/usr.bin/signify/signify.1
index 349c02f..92b13f9 100644
--- a/src/usr.bin/signify/signify.1
+++ b/src/usr.bin/signify/signify.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: signify.1,v 1.34 2016/05/11 18:07:28 deraadt Exp $
+.\" $OpenBSD: signify.1,v 1.38 2016/09/02 21:04:26 tedu Exp $
 .\"
 .\"Copyright (c) 2013 Marc Espie <espie@openbsd.org>
 .\"Copyright (c) 2013 Ted Unangst <tedu@openbsd.org>
@@ -14,7 +14,7 @@
 .\"WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 .\"ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\"OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.Dd $Mdocdate: May 11 2016 $
+.Dd $Mdocdate: September 2 2016 $
 .Dt SIGNIFY 1
 .Os
 .Sh NAME
@@ -35,15 +35,16 @@
 .Fl s Ar seckey
 .Nm signify
 .Fl S
-.Op Fl e
+.Op Fl ez
 .Op Fl x Ar sigfile
 .Fl s Ar seckey
 .Fl m Ar message
 .Nm signify
 .Fl V
-.Op Fl eq
+.Op Fl eqz
+.Op Fl p Ar pubkey
+.Op Fl t Ar keytype
 .Op Fl x Ar sigfile
-.Fl p Ar pubkey
 .Fl m Ar message
 .Sh DESCRIPTION
 The
@@ -104,10 +105,21 @@ Secret (private) key produced by
 and used by
 .Fl S
 to sign a message.
+.It Fl t Ar keytype
+When deducing the correct key to check a signature, make sure
+the actual key matches
+.Pa /etc/signify/<somekey>-keytype.pub .
 .It Fl x Ar sigfile
 The signature file to create or verify.
 The default is
 .Ar message Ns .sig .
+.It Fl z
+Sign and verify
+.Xr gzip 1
+archives, where the signing data
+is embedded in the
+.Xr gzip 1
+header.
 .El
 .Pp
 The key and signature files created by
@@ -155,8 +167,19 @@ Verify a bsd.rd before an upgrade:
 .Bd -literal -offset indent -compact
 $ signify -C -p /etc/signify/openbsd-61-base.pub -x SHA256.sig bsd.rd
 .Ed
+.Pp
+Sign a gzip archive:
+.Bd -literal -offset indent -compact
+$ signify -Sz -s key-arc.sec -m in.tgz -x out.tgz
+.Ed
+.Pp
+Verify a gzip pipeline:
+.Bd -literal -offset indent -compact
+$ ftp url | signify -Vz -t arc | tar ztf -
+.Ed
 .Sh SEE ALSO
 .Xr fw_update 1 ,
+.Xr gzip 1 ,
 .Xr pkg_add 1 ,
 .Xr sha256 1
 .Sh HISTORY
@@ -165,4 +188,7 @@ The
 command first appeared in
 .Ox 5.5 .
 .Sh AUTHORS
+.An -nosplit
 .An Ted Unangst Aq Mt tedu@openbsd.org
+and
+.An Marc Espie Aq Mt espie@openbsd.org .
diff --git a/src/usr.bin/signify/signify.c b/src/usr.bin/signify/signify.c
index a4cb84a..dd9a0dc 100644
--- a/src/usr.bin/signify/signify.c
+++ b/src/usr.bin/signify/signify.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: signify.c,v 1.105 2015/12/04 11:05:22 tedu Exp $ */
+/* $OpenBSD: signify.c,v 1.117 2016/09/03 12:21:38 espie Exp $ */
 /*
  * Copyright (c) 2013 Ted Unangst <tedu@openbsd.org>
  *
@@ -34,6 +34,7 @@
 #include <sha2.h>
 
 #include "crypto_api.h"
+#include "signify.h"
 
 #define SIGBYTES crypto_sign_ed25519_BYTES
 #define SECRETBYTES crypto_sign_ed25519_SECRETKEYBYTES
@@ -81,14 +82,14 @@ usage(const char *error)
 #ifndef VERIFYONLY
 	    "\t%1$s -C [-q] -p pubkey -x sigfile [file ...]\n"
 	    "\t%1$s -G [-n] [-c comment] -p pubkey -s seckey\n"
-	    "\t%1$s -S [-e] [-x sigfile] -s seckey -m message\n"
+	    "\t%1$s -S [-ez] [-x sigfile] -s seckey -m message\n"
 #endif
-	    "\t%1$s -V [-eq] [-x sigfile] -p pubkey -m message\n",
+	    "\t%1$s -V [-eqz] [-p pubkey] [-t keytype] [-x sigfile] -m message\n",
 	    __progname);
 	exit(1);
 }
 
-static int
+int
 xopen(const char *fname, int oflags, mode_t mode)
 {
 	struct stat sb;
@@ -112,7 +113,7 @@ xopen(const char *fname, int oflags, mode_t mode)
 	return fd;
 }
 
-static void *
+void *
 xmalloc(size_t len)
 {
 	void *p;
@@ -190,7 +191,7 @@ readmsg(const char *filename, unsigned long long *msglenp)
 				errx(1, "msg too large in %s", filename);
 			space = msglen;
 			if (!(msg = realloc(msg, msglen + space + 1)))
-				errx(1, "realloc");
+				err(1, "realloc");
 		}
 		if ((x = read(fd, msg + msglen, space)) == -1)
 			err(1, "read from %s", filename);
@@ -207,7 +208,7 @@ readmsg(const char *filename, unsigned long long *msglenp)
 	return msg;
 }
 
-static void
+void
 writeall(int fd, const void *buf, size_t buflen, const char *filename)
 {
 	ssize_t x;
@@ -221,26 +222,32 @@ writeall(int fd, const void *buf, size_t buflen, const char *filename)
 }
 
 #ifndef VERIFYONLY
-static void
-writeb64file(const char *filename, const char *comment, const void *buf,
-    size_t buflen, const void *msg, size_t msglen, int oflags, mode_t mode)
+static char *
+createheader(const char *comment, const void *buf, size_t buflen)
 {
-	char header[1024];
+	char *header;
 	char b64[1024];
-	int fd, rv, nr;
 
-	fd = xopen(filename, O_CREAT|oflags|O_NOFOLLOW|O_WRONLY, mode);
-	if ((nr = snprintf(header, sizeof(header), "%s%s\n",
-	    COMMENTHDR, comment)) == -1 || nr >= sizeof(header))
-		errx(1, "comment too long");
-	writeall(fd, header, strlen(header), filename);
-	if ((rv = b64_ntop(buf, buflen, b64, sizeof(b64))) == -1)
+	if (b64_ntop(buf, buflen, b64, sizeof(b64)) == -1)
 		errx(1, "base64 encode failed");
-	b64[rv++] = '\n';
-	writeall(fd, b64, rv, filename);
+	if (asprintf(&header, "%s%s\n%s\n", COMMENTHDR, comment, b64) == -1)
+		err(1, "asprintf failed");
 	explicit_bzero(b64, sizeof(b64));
-	if (msg)
-		writeall(fd, msg, msglen, filename);
+	return header;
+}
+
+static void
+writekeyfile(const char *filename, const char *comment, const void *buf,
+    size_t buflen, int oflags, mode_t mode)
+{
+	char *header;
+	int fd;
+
+	fd = xopen(filename, O_CREAT|oflags|O_NOFOLLOW|O_WRONLY, mode);
+	header = createheader(comment, buf, buflen);
+	writeall(fd, header, strlen(header), filename);
+	explicit_bzero(header, strlen(header));
+	free(header);
 	close(fd);
 }
 
@@ -325,8 +332,8 @@ generate(const char *pubkeyfile, const char *seckeyfile, int rounds,
 	if ((nr = snprintf(commentbuf, sizeof(commentbuf), "%s secret key",
 	    comment)) == -1 || nr >= sizeof(commentbuf))
 		errx(1, "comment too long");
-	writeb64file(seckeyfile, commentbuf, &enckey,
-	    sizeof(enckey), NULL, 0, O_EXCL, 0600);
+	writekeyfile(seckeyfile, commentbuf, &enckey,
+	    sizeof(enckey), O_EXCL, 0600);
 	explicit_bzero(&enckey, sizeof(enckey));
 
 	memcpy(pubkey.pkalg, PKALG, 2);
@@ -334,27 +341,37 @@ generate(const char *pubkeyfile, const char *seckeyfile, int rounds,
 	if ((nr = snprintf(commentbuf, sizeof(commentbuf), "%s public key",
 	    comment)) == -1 || nr >= sizeof(commentbuf))
 		errx(1, "comment too long");
-	writeb64file(pubkeyfile, commentbuf, &pubkey,
-	    sizeof(pubkey), NULL, 0, O_EXCL, 0666);
+	writekeyfile(pubkeyfile, commentbuf, &pubkey,
+	    sizeof(pubkey), O_EXCL, 0666);
 }
 
-static void
-sign(const char *seckeyfile, const char *msgfile, const char *sigfile,
-    int embedded)
+uint8_t *
+createsig(const char *seckeyfile, const char *msgfile, uint8_t *msg,
+    unsigned long long msglen)
 {
-	struct sig sig;
-	uint8_t digest[SHA512_DIGEST_LENGTH];
 	struct enckey enckey;
 	uint8_t xorkey[sizeof(enckey.seckey)];
-	uint8_t *msg;
-	char comment[COMMENTMAXLEN], sigcomment[COMMENTMAXLEN];
+	struct sig sig;
+	char *sighdr;
 	char *secname;
-	unsigned long long msglen;
-	int i, rounds, nr;
+	uint8_t digest[SHA512_DIGEST_LENGTH];
+	int i, nr, rounds;
 	SHA2_CTX ctx;
+	char comment[COMMENTMAXLEN], sigcomment[COMMENTMAXLEN];
 
 	readb64file(seckeyfile, &enckey, sizeof(enckey), comment);
 
+	secname = strstr(seckeyfile, ".sec");
+	if (secname && strlen(secname) == 4) {
+		if ((nr = snprintf(sigcomment, sizeof(sigcomment), VERIFYWITH "%.*s.pub",
+		    (int)strlen(seckeyfile) - 4, seckeyfile)) == -1 || nr >= sizeof(sigcomment))
+			errx(1, "comment too long");
+	} else {
+		if ((nr = snprintf(sigcomment, sizeof(sigcomment), "signature from %s",
+		    comment)) == -1 || nr >= sizeof(sigcomment))
+			errx(1, "comment too long");
+	}
+
 	if (memcmp(enckey.kdfalg, KDFALG, 2) != 0)
 		errx(1, "unsupported KDF");
 	rounds = ntohl(enckey.kdfrounds);
@@ -370,29 +387,35 @@ sign(const char *seckeyfile, const char *msgfile, const char *sigfile,
 		errx(1, "incorrect passphrase");
 	explicit_bzero(digest, sizeof(digest));
 
-	msg = readmsg(msgfile, &msglen);
-
 	signmsg(enckey.seckey, msg, msglen, sig.sig);
 	memcpy(sig.keynum, enckey.keynum, KEYNUMLEN);
 	explicit_bzero(&enckey, sizeof(enckey));
 
 	memcpy(sig.pkalg, PKALG, 2);
-	secname = strstr(seckeyfile, ".sec");
-	if (secname && strlen(secname) == 4) {
-		if ((nr = snprintf(sigcomment, sizeof(sigcomment), VERIFYWITH "%.*s.pub",
-		    (int)strlen(seckeyfile) - 4, seckeyfile)) == -1 || nr >= sizeof(sigcomment))
-			errx(1, "comment too long");
-	} else {
-		if ((nr = snprintf(sigcomment, sizeof(sigcomment), "signature from %s",
-		    comment)) == -1 || nr >= sizeof(sigcomment))
-			errx(1, "comment too long");
-	}
+
+	sighdr = createheader(sigcomment, &sig, sizeof(sig));
+	return sighdr;
+}
+
+static void
+sign(const char *seckeyfile, const char *msgfile, const char *sigfile,
+    int embedded)
+{
+	uint8_t *msg;
+	char *sighdr;
+	int fd;
+	unsigned long long msglen;
+
+	msg = readmsg(msgfile, &msglen);
+
+	sighdr = createsig(seckeyfile, msgfile, msg, msglen);
+
+	fd = xopen(sigfile, O_CREAT|O_TRUNC|O_NOFOLLOW|O_WRONLY, 0666);
+	writeall(fd, sighdr, strlen(sighdr), sigfile);
+	free(sighdr);
 	if (embedded)
-		writeb64file(sigfile, sigcomment, &sig, sizeof(sig), msg,
-		    msglen, O_TRUNC, 0666);
-	else
-		writeb64file(sigfile, sigcomment, &sig, sizeof(sig), NULL,
-		    0, O_TRUNC, 0666);
+		writeall(fd, msg, msglen, sigfile);
+	close(fd);
 
 	free(msg);
 }
@@ -422,9 +445,30 @@ verifymsg(struct pubkey *pubkey, uint8_t *msg, unsigned long long msglen,
 	free(dummybuf);
 }
 
+#ifndef VERIFYONLY
+static void
+check_keytype(const char *pubkeyfile, const char *keytype)
+{
+	size_t len;
+	char *cmp;
+	int slen;
+	
+	len = strlen(pubkeyfile);
+	slen = asprintf(&cmp, "-%s.pub", keytype);
+	if (slen < 0)
+		err(1, "asprintf error");
+	if (len < slen)
+		errx(1, "too short");
+
+	if (strcmp(pubkeyfile + len - slen, cmp) != 0)
+		errx(1, "wrong keytype");
+	free(cmp);
+}
+#endif
+
 static void
 readpubkey(const char *pubkeyfile, struct pubkey *pubkey,
-    const char *sigcomment)
+    const char *sigcomment, const char *keytype)
 {
 	const char *safepath = "/etc/signify/";
 
@@ -435,6 +479,10 @@ readpubkey(const char *pubkeyfile, struct pubkey *pubkey,
 			if (strncmp(pubkeyfile, safepath, strlen(safepath)) != 0 ||
 			    strstr(pubkeyfile, "/../") != NULL)
 				errx(1, "untrusted path %s", pubkeyfile);
+#ifndef VERIFYONLY
+			if (keytype)
+				check_keytype(pubkeyfile, keytype);
+#endif
 		} else
 			usage("must specify pubkey");
 	}
@@ -443,7 +491,7 @@ readpubkey(const char *pubkeyfile, struct pubkey *pubkey,
 
 static void
 verifysimple(const char *pubkeyfile, const char *msgfile, const char *sigfile,
-    int quiet)
+    int quiet, const char *keytype)
 {
 	char sigcomment[COMMENTMAXLEN];
 	struct sig sig;
@@ -454,7 +502,7 @@ verifysimple(const char *pubkeyfile, const char *msgfile, const char *sigfile,
 	msg = readmsg(msgfile, &msglen);
 
 	readb64file(sigfile, &sig, sizeof(sig), sigcomment);
-	readpubkey(pubkeyfile, &pubkey, sigcomment);
+	readpubkey(pubkeyfile, &pubkey, sigcomment, keytype);
 
 	verifymsg(&pubkey, msg, msglen, &sig, quiet);
 
@@ -463,7 +511,7 @@ verifysimple(const char *pubkeyfile, const char *msgfile, const char *sigfile,
 
 static uint8_t *
 verifyembedded(const char *pubkeyfile, const char *sigfile,
-    int quiet, unsigned long long *msglenp)
+    int quiet, unsigned long long *msglenp, const char *keytype)
 {
 	char sigcomment[COMMENTMAXLEN];
 	struct sig sig;
@@ -474,7 +522,7 @@ verifyembedded(const char *pubkeyfile, const char *sigfile,
 	msg = readmsg(sigfile, &msglen);
 
 	siglen = parseb64file(sigfile, msg, &sig, sizeof(sig), sigcomment);
-	readpubkey(pubkeyfile, &pubkey, sigcomment);
+	readpubkey(pubkeyfile, &pubkey, sigcomment, keytype);
 
 	msglen -= siglen;
 	memmove(msg, msg + siglen, msglen);
@@ -488,20 +536,21 @@ verifyembedded(const char *pubkeyfile, const char *sigfile,
 
 static void
 verify(const char *pubkeyfile, const char *msgfile, const char *sigfile,
-    int embedded, int quiet)
+    int embedded, int quiet, const char *keytype)
 {
 	unsigned long long msglen;
 	uint8_t *msg;
 	int fd;
 
 	if (embedded) {
-		msg = verifyembedded(pubkeyfile, sigfile, quiet, &msglen);
+		msg = verifyembedded(pubkeyfile, sigfile, quiet, &msglen,
+		    keytype);
 		fd = xopen(msgfile, O_CREAT|O_TRUNC|O_NOFOLLOW|O_WRONLY, 0666);
 		writeall(fd, msg, msglen, msgfile);
 		free(msg);
 		close(fd);
 	} else {
-		verifysimple(pubkeyfile, msgfile, sigfile, quiet);
+		verifysimple(pubkeyfile, msgfile, sigfile, quiet, keytype);
 	}
 }
 
@@ -637,11 +686,31 @@ check(const char *pubkeyfile, const char *sigfile, int quiet, int argc,
 	unsigned long long msglen;
 	uint8_t *msg;
 
-	msg = verifyembedded(pubkeyfile, sigfile, quiet, &msglen);
+	msg = verifyembedded(pubkeyfile, sigfile, quiet, &msglen, NULL);
 	verifychecksums((char *)msg, argc, argv, quiet);
 
 	free(msg);
 }
+
+void *
+verifyzdata(uint8_t *zdata, unsigned long long zdatalen, 
+    const char *filename, const char *pubkeyfile, const char *keytype)
+{
+	struct sig sig;
+	char sigcomment[COMMENTMAXLEN];
+	unsigned long long siglen;
+	struct pubkey pubkey;
+
+	if (zdatalen < sizeof(sig))
+		errx(1, "signature too short in %s", filename);
+	siglen = parseb64file(filename, zdata, &sig, sizeof(sig), 
+	    sigcomment);
+	readpubkey(pubkeyfile, &pubkey, sigcomment, keytype);
+	zdata += siglen;
+	zdatalen -= siglen;
+	verifymsg(&pubkey, zdata, zdatalen, &sig, 1);
+	return zdata;
+}
 #endif
 
 int
@@ -651,9 +720,11 @@ main(int argc, char **argv)
 	    *sigfile = NULL;
 	char sigfilebuf[PATH_MAX];
 	const char *comment = "signify";
+	char *keytype = NULL;
 	int ch, rounds;
 	int embedded = 0;
 	int quiet = 0;
+	int gzip = 0;
 	enum {
 		NONE,
 		CHECK,
@@ -667,7 +738,7 @@ main(int argc, char **argv)
 
 	rounds = 42;
 
-	while ((ch = getopt(argc, argv, "CGSVc:em:np:qs:x:")) != -1) {
+	while ((ch = getopt(argc, argv, "CGSVzc:em:np:qs:t:x:")) != -1) {
 		switch (ch) {
 #ifndef VERIFYONLY
 		case 'C':
@@ -685,6 +756,9 @@ main(int argc, char **argv)
 				usage(NULL);
 			verb = SIGN;
 			break;
+		case 'z':
+			gzip = 1;
+			break;
 #endif
 		case 'V':
 			if (verb)
@@ -712,6 +786,9 @@ main(int argc, char **argv)
 		case 's':
 			seckeyfile = optarg;
 			break;
+		case 't':
+			keytype = optarg;
+			break;
 		case 'x':
 			sigfile = optarg;
 			break;
@@ -723,35 +800,16 @@ main(int argc, char **argv)
 	argc -= optind;
 	argv += optind;
 
+	if (embedded && gzip)
+		errx(1, "can't combine -e and -z options");
+
 	if (setvbuf(stdout, NULL, _IOLBF, 0) != 0)
 		err(1, "setvbuf");
 
-	switch (verb) {
-	case GENERATE:
-	case SIGN:
-		/* keep it all */
-		break;
-	case CHECK:
-		if (pledge("stdio rpath", NULL) == -1)
-			err(1, "pledge");
-		break;
-	case VERIFY:
-		if (embedded && (!msgfile || strcmp(msgfile, "-") != 0)) {
-			if (pledge("stdio rpath wpath cpath", NULL) == -1)
-				err(1, "pledge");
-		} else {
-			if (pledge("stdio rpath", NULL) == -1)
-				err(1, "pledge");
-		}
-		break;
-	default:
-		if (pledge("stdio", NULL) == -1)
-			err(1, "pledge");
-		break;
-	}
-
 #ifndef VERIFYONLY
 	if (verb == CHECK) {
+		if (pledge("stdio rpath", NULL) == -1)
+			err(1, "pledge");
 		if (!sigfile)
 			usage("must specify sigfile");
 		check(pubkeyfile, sigfile, quiet, argc, argv);
@@ -775,22 +833,46 @@ main(int argc, char **argv)
 	switch (verb) {
 #ifndef VERIFYONLY
 	case GENERATE:
+		/* no pledge */
 		if (!pubkeyfile || !seckeyfile)
 			usage("must specify pubkey and seckey");
 		generate(pubkeyfile, seckeyfile, rounds, comment);
 		break;
 	case SIGN:
-		if (!msgfile || !seckeyfile)
-			usage("must specify message and seckey");
-		sign(seckeyfile, msgfile, sigfile, embedded);
+		/* no pledge */
+		if (gzip) {
+			if (!msgfile || !seckeyfile || !sigfile)
+				usage("must specify message sigfile seckey");
+			zsign(seckeyfile, msgfile, sigfile);
+		} else {
+			if (!msgfile || !seckeyfile)
+				usage("must specify message and seckey");
+			sign(seckeyfile, msgfile, sigfile, embedded);
+		}
 		break;
 #endif
 	case VERIFY:
-		if (!msgfile)
-			usage("must specify message");
-		verify(pubkeyfile, msgfile, sigfile, embedded, quiet);
+		if ((embedded || gzip) &&
+		    (msgfile && strcmp(msgfile, "-") != 0)) {
+			/* will need to create output file */
+			if (pledge("stdio rpath wpath cpath", NULL) == -1)
+				err(1, "pledge");
+		} else {
+			if (pledge("stdio rpath", NULL) == -1)
+				err(1, "pledge");
+		}
+		if (gzip) {
+			zverify(pubkeyfile, msgfile, sigfile, keytype);
+		} else {
+			if (!msgfile)
+				usage("must specify message");
+			verify(pubkeyfile, msgfile, sigfile, embedded, 
+			    quiet, keytype);
+		}
 		break;
 	default:
+		if (pledge("stdio", NULL) == -1)
+			err(1, "pledge");
 		usage(NULL);
 		break;
 	}
diff --git a/src/usr.bin/vis/vis.c b/src/usr.bin/vis/vis.c
index cf5cd84..38aa9d7 100644
--- a/src/usr.bin/vis/vis.c
+++ b/src/usr.bin/vis/vis.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: vis.c,v 1.19 2015/10/09 01:37:09 deraadt Exp $	*/
+/*	$OpenBSD: vis.c,v 1.20 2016/08/31 09:45:00 jsg Exp $	*/
 /*	$NetBSD: vis.c,v 1.4 1994/12/20 16:13:03 jtc Exp $	*/
 
 /*-
@@ -111,9 +111,10 @@ main(int argc, char *argv[])
 
 	if (*argv)
 		while (*argv) {
-			if ((fp=fopen(*argv, "r")) != NULL)
+			if ((fp=fopen(*argv, "r")) != NULL) {
 				process(fp);
-			else
+				fclose(fp);
+			} else
 				warn("%s", *argv);
 			argv++;
 		}