nicm [Mon, 4 Jul 2022 08:39:45 +0000 (08:39 +0000)]
Sort panes by index not by ID, GitHub issue 3249.
nicm [Mon, 4 Jul 2022 08:24:36 +0000 (08:24 +0000)]
Mouse clicks could change current item, so work it out again. GitHub
issue 3242.
tb [Sun, 3 Jul 2022 22:10:25 +0000 (22:10 +0000)]
Reword a comment
tb [Sun, 3 Jul 2022 22:07:12 +0000 (22:07 +0000)]
Unwrap a line
job [Sun, 3 Jul 2022 16:55:39 +0000 (16:55 +0000)]
Revert previous changeset: While using .Nm without an argument
in the SYNOPSIS is not strictly wrong, the conventional way is
to always state the name explicitely in the SYNOPSIS.
With help from Ingo Schwarze
florian [Sun, 3 Jul 2022 16:00:11 +0000 (16:00 +0000)]
use sys/types.h to get at __dead.
Pointed out by & OK deraadt
deraadt [Sun, 3 Jul 2022 15:06:06 +0000 (15:06 +0000)]
thou shalt not include sys/cdefs.h because it is not standardized, the
file to be used is sys/types.h
sthen [Sun, 3 Jul 2022 15:02:04 +0000 (15:02 +0000)]
Update instructions for using curl's mk-ca-bundle script.
jsing [Sun, 3 Jul 2022 14:58:00 +0000 (14:58 +0000)]
Simplify certificate list handling code in legacy server.
A client is required to send an empty list if it does not have a suitable
certificate - handle this case up front, rather than going through the
normal code path and ending up with an empty certificate list. This matches
what we do in the TLSv1.3 stack and will allow for ruther clean up (in
addition to making the code more readable).
Also tidy up the CBS code and remove some unnecessary length checks. Use
'cert' and 'certs' for certificates, rather than 'x' and 'sk'.
ok tb@
jsing [Sun, 3 Jul 2022 14:52:39 +0000 (14:52 +0000)]
Simplify certificate list handling code in legacy client.
Tidy up CBS code and remove some unnecessary length checks. Use 'cert' and
'certs' for certificates, rather than 'x' and 'sk'.
ok tb@
schwarze [Sun, 3 Jul 2022 14:28:26 +0000 (14:28 +0000)]
Instead of the custom <div class="manual-text">, use the standard
HTML <main> element. The benefit is that it has the ARIA landmark
role "main" by default. To ease the transition for people using
their own CSS file instead of mandoc.css, retain the custom class
for now.
I had this idea in a discussion with Anna Vyalkova <cyber at sysrq dot in>.
Patch from Anna, slightly tweaked by me.
job [Sun, 3 Jul 2022 14:12:30 +0000 (14:12 +0000)]
Nm is already defined
From Daniel Ebdrup
kn [Sun, 3 Jul 2022 12:14:36 +0000 (12:14 +0000)]
Create virtual interfaces upfront if specified on the command line
In cases like `sh /etc/netstart pair1 pair2', one of hostname.pair{1,2}
will contain a "patch pair{2,1}" command which expects the other interface
to exist.
If none exist, this would fail and netstart had to be run separately or
"patch"ed interface had to be manually created before.
There are other use cases where interfaces depend on each other, so before
(re)configuring an explicit list of interfaces, create all virtual ones
upfront so that a single netstart invocation will configure everything
correctly without having reflect dependencies in multiple ordered netstart
invocations.
Copy isin() from install.sub to help.
Feedback OK halex
florian [Sun, 3 Jul 2022 12:07:52 +0000 (12:07 +0000)]
Implement SVCB and HTTPS record types.
Testing caspar, otto
OK otto
tb [Sun, 3 Jul 2022 08:15:52 +0000 (08:15 +0000)]
Simplify tls1_ec_nid2group_id()
Replace long switch statement duplicating data from nid_list[] with a
linear scan.
requested by and ok jsing
tb [Sun, 3 Jul 2022 08:13:45 +0000 (08:13 +0000)]
Simplify tls1_ec_group_id2{bits,nid}()
Instead of a nonsensical NULL check, check nid_list[group_id].{bits,nid}
is not 0. This way we can drop the group_id < 1 check.
ok jsing
jsing [Sat, 2 Jul 2022 19:36:07 +0000 (19:36 +0000)]
Call certificate variables cert and certs, rather than x and sk
ok tb@
kn [Sat, 2 Jul 2022 19:00:35 +0000 (19:00 +0000)]
Make -s accept HUP like kill(1) and GNU timeout(1) do
timeout.c's parse_signal() basically does what kill.c's signame_to_num()
does, except it expects "SIG" in string signals.
Borrow the isalpha() check from kill.c to get the same behaviour.
OK deraadt
jsing [Sat, 2 Jul 2022 18:14:35 +0000 (18:14 +0000)]
Use ASN1_INTEGER to parse/build (Z)LONG_it
Rather than having yet another (broken) ASN.1 INTEGER content builder and
parser, use {c2i,i2c}_ASN1_INTEGER().
ok beck@
deraadt [Sat, 2 Jul 2022 17:38:23 +0000 (17:38 +0000)]
sync
deraadt [Sat, 2 Jul 2022 17:21:32 +0000 (17:21 +0000)]
dhclient(8) has been undergoing replacement with "ifconfig xxx inet auto"
for a couple of years, backed by dhcpleased(8), which provides much better
dns handling. The next step is to make the dhclient simply execve
ifconfig in that way, and provide syslog warnings about deprecated options
along the way. This way, we can find the last few dhclient users, and what
they are missing.
ok florian krw
jsing [Sat, 2 Jul 2022 17:09:09 +0000 (17:09 +0000)]
Remove references to openssl/obj_mac.h
Consumers should include openssl/objects.h instead.
tb [Sat, 2 Jul 2022 16:31:04 +0000 (16:31 +0000)]
Stop using ssl{_ctx,}_security() outside of ssl_seclevel.c
The API is ugly and we can easily abstract it away. The SSL_SECOP_* stuff
is now confined into ssl_seclevel.c and the rest of the library can make
use of the more straightforward wrappers, which makes it a lot easier on
the eyes.
ok beck jsing
deraadt [Sat, 2 Jul 2022 16:06:56 +0000 (16:06 +0000)]
Avoid c99 features, come on, this is supposed to be highly portable software
ok florian
tb [Sat, 2 Jul 2022 16:01:56 +0000 (16:01 +0000)]
Adjust to new tls1_ec_nid2group_id API.
tb [Sat, 2 Jul 2022 16:00:12 +0000 (16:00 +0000)]
Rename uses 'curve' to 'group' and rework tls1 group API.
This reworks various tls1_ curve APIs to indicate success via a boolean
return value and move the output to an out parameter. This makes the
caller code easier and more consistent.
Based on a suggestion by jsing
ok jsing
tb [Sat, 2 Jul 2022 15:53:37 +0000 (15:53 +0000)]
Fix off-by-one in length check.
Spotted by jsing
jsg [Sat, 2 Jul 2022 14:08:52 +0000 (14:08 +0000)]
remove machine/lock.h where unused
Previously for __cpu_simple_lock parts. Now only hppa and m88k use
__cpu_simple_lock (and hppa uses atomic.h for it).
ok miod@ visa@
mvs [Sat, 2 Jul 2022 11:49:23 +0000 (11:49 +0000)]
Unlock peer in the SOCK_STREAM and SOCK_SEQPACKET error path.
Reported-by: syzbot+a648408d6a58fd40b59a@syzkaller.appspotmail.com
by anton@
tb [Sat, 2 Jul 2022 09:33:20 +0000 (09:33 +0000)]
Make tls1_ec_curve_id2nid() return explicit NID_undef instead of 0 on error
and adjust the only caller that didn't check for NID_undef already.
ok beck jsing
visa [Sat, 2 Jul 2022 08:50:41 +0000 (08:50 +0000)]
Remove unused device poll functions.
Also remove unneeded includes of <sys/poll.h> and <sys/select.h>.
Some addenda from jsg@.
OK miod@ mpi@
danj [Sat, 2 Jul 2022 03:32:05 +0000 (03:32 +0000)]
Add /etc/rpki/skiplist
ok tb
deraadt [Sat, 2 Jul 2022 03:03:00 +0000 (03:03 +0000)]
sync
mvs [Fri, 1 Jul 2022 09:57:24 +0000 (09:57 +0000)]
Remove PIPEXCSESSION ioctl(2) call only from npppd(8).
Long time ago pipex(4) sessions can't be deleted until pipex(4) queues
become empty. Such dead sessions stay linked to the stack and the
session `ip_forward' flag was used to prevent packets processing. But
now pipex(4) session could be closed just after close request. This
logic became unnecessary.
PIPEXCSESSION ioctl(2) will be removed from kernel with upcoming diff.
ok yasuoka@
mvs [Fri, 1 Jul 2022 09:56:17 +0000 (09:56 +0000)]
Make fine grained unix(4) domain sockets locking. Use the per-socket
`so_lock' rwlock(9) instead of global `unp_lock' which locks the whole
layer.
The PCB of unix(4) sockets are linked to each other and we need to lock
them both. This introduces the lock ordering problem, because when the
thread (1) keeps lock on `so1' and trying to lock `so2', the thread (2)
could hold lock on `so2' and trying to lock `so1'. To solve this we
always lock sockets in the strict order.
For the sockets which are already accessible from userland, we always
lock socket with the smallest memory address first. Sometimes we need to
unlock socket before lock it's peer and lock it again.
We use reference counters for prevent the connected peer destruction
during to relock. We also handle the case where the peer socket was
replaced by another socket.
For the newly connected sockets, which are not yet exported to the
userland by accept(2), we always lock the listening socket `head' first.
This allows us to avoid unwanted relock within accept(2) syscall.
ok claudio@
dtucker [Fri, 1 Jul 2022 05:08:23 +0000 (05:08 +0000)]
Remove extra line leftover from merge conflict. ok djm@
djm [Fri, 1 Jul 2022 04:45:50 +0000 (04:45 +0000)]
use consistent field names (s/char/byte) in format description
djm [Fri, 1 Jul 2022 03:52:57 +0000 (03:52 +0000)]
bump up loglevel from debug to info when unable to open authorized
keys/principals file for errno != ENOENT; bz2042 ok dtucker
dtucker [Fri, 1 Jul 2022 03:39:44 +0000 (03:39 +0000)]
Don't leak the strings allocated by order_hostkeyalgs() and
list_hostkey_types() that are passed to compat_pkalg_proposal().
Part of github PR#324 from ZoltanFridrich, ok djm@
This is a roll-forward of the previous rollback now that the required
changes in compat.c have been done.
dtucker [Fri, 1 Jul 2022 03:35:45 +0000 (03:35 +0000)]
Always return allocated strings from the kex filtering so that we
can free them later. Fix one leak in compat_kex_proposal. Based
on github PR#324 from ZoltanFridrich with some simplications by me.
ok djm@
djm [Fri, 1 Jul 2022 00:36:30 +0000 (00:36 +0000)]
ignore SIGPIPE earlier in main(), specifically before muxclient()
which performs operations that could cause one; Reported by
Noam Lewis via bz3454, ok dtucker@
jmc [Thu, 30 Jun 2022 21:40:41 +0000 (21:40 +0000)]
- do not talk about non-standard conversions, because we are not talking
about any specific standards
- only use escapes where needed
- SEE ALSO
ok claudio
claudio [Thu, 30 Jun 2022 20:33:14 +0000 (20:33 +0000)]
Only have one version of send_rtmsg() which uses struct kroute_full().
Code uses struct sockaddr_storage to have enough space for ROUNDUP() in
all cases. Makes the code mostly nicer.
OK tb@
mpi [Thu, 30 Jun 2022 20:28:42 +0000 (20:28 +0000)]
Reduce allocations and possible failures in uvm_pagermapin/out().
. If a direct map exists use it to map single-page allocations
. Use pmap_kenter_pa() instead of pmap_enter() in all other cases.
This speeds up file-based mmap up to 75% when I/O are performed and it
also reduces possible allocations failtures in the page daemon making
it more stable in OOM situations.
ok kettenis@, beck@
stsp [Thu, 30 Jun 2022 19:57:40 +0000 (19:57 +0000)]
Fix bwfm(4) crash during detach on USB.
The net80211 stack detach routine can trigger more tasks to be scheduled,
e.g. to delete WPA keys. So let's not free the driver's taskq before
net80211 has been detached.
fixed with and ok by mpi@
Crash reported by mlarkin@ who yanked the USB cable to test our fix.
guenther [Thu, 30 Jun 2022 17:15:48 +0000 (17:15 +0000)]
To figure our whether a large allocation can be grown into the
following page(s) we've been first mquery()ing for it, mmapp()ing
w/o MAP_FIXED if available, and then munmap()ing if there was a
race. Instead, just try it directly with
mmap(MAP_FIXED | __MAP_NOREPLACE)
tested in snaps for weeks
ok deraadt@
tb [Thu, 30 Jun 2022 16:18:03 +0000 (16:18 +0000)]
Remove redundant comments
discussed with jsing
tb [Thu, 30 Jun 2022 16:05:07 +0000 (16:05 +0000)]
Check security level for supported groups.
ok jsing
anton [Thu, 30 Jun 2022 15:46:57 +0000 (15:46 +0000)]
As we now have two bios_consdev_t structures, make use of the old one
until the bootstrap populates the new structure.
Found the hard way by Hrvoje Popovski.
ok kettenis@
kn [Thu, 30 Jun 2022 15:45:31 +0000 (15:45 +0000)]
Zap trailing spaces to be "mandoc -Tlint ts.1" clean
claudio [Thu, 30 Jun 2022 15:35:14 +0000 (15:35 +0000)]
Allow sysctl mib CTL_NET.PF_INET6 with a length of 3 in PLEDGE_VMINFO.
This will be used for sysconf(3) and getconf(1) to handle _POSIX_IPV6
without opening a socket.
OK sthen@ deraadt@
mpi [Thu, 30 Jun 2022 13:54:37 +0000 (13:54 +0000)]
Remove an incorrect KASSERT() introduced in previous.
If uvm_pagermapin() fails that doesn't mean the emergency pages aren't
in use. In OOM situation, a single segment can still be held by an
asynchronous write so the second call to uvm_pagermapin() can fail.
mlarkin [Thu, 30 Jun 2022 13:51:24 +0000 (13:51 +0000)]
amd64/pmap: Change the wording of a panic string
Change a panic string to make the text locatable in the code since there
is another panic with the same text. Helps debugging when the line number
information isn't available.
no functional change.
ok dv
dv [Thu, 30 Jun 2022 13:17:58 +0000 (13:17 +0000)]
vmm(4): reference count vm's and vcpu's
Unlocking most of vmm last year at k2k21 exposed bugs related to
lifetime management of vm and vcpu objects.
Add reference counts to make sure we don't attempt to teardown vcpu
or vm related objects while a thread is holding a reference. This
also reduces abuse of rwlocks originally intended to protect the
linked lists cleaning things up quite a bit. While here, also
document assumptions on how struct members are protected for the
next brave soul wander in.
ok mlarkin@
martijn [Thu, 30 Jun 2022 11:53:07 +0000 (11:53 +0000)]
Be more explicit in filter-pf-addresses deprication message by mentioning
blocklist pfTblAddrTable in full.
Requested by and OK sthen@, who also OKed the previous commit.
martijn [Thu, 30 Jun 2022 11:28:36 +0000 (11:28 +0000)]
Introduce a blocklist backend and keyword.
This allows the admin to specify a full region of the OID tree to be
blocked and simply returns NOSUCHOBJECT/ENDOFMIBVIEW.
This deprecates filter-pf-addresses in favour of:
blocklist pfTblAddrTable
OK tb@
tb [Thu, 30 Jun 2022 11:25:52 +0000 (11:25 +0000)]
Rename variable from tls_version to version since it could also be
a DTLS version at this point.
tb [Thu, 30 Jun 2022 11:18:38 +0000 (11:18 +0000)]
Check whether the security level allows session tickets.
ok beck jsing
tb [Thu, 30 Jun 2022 11:17:49 +0000 (11:17 +0000)]
Add checks to ensure we do not initiate or negotiate handshakes with
versions below the minimum required by the security level.
input & ok jsing
tb [Thu, 30 Jun 2022 11:14:47 +0000 (11:14 +0000)]
Replace obj_mac.h with object.h
Pointed out by and ok jsing
florian [Thu, 30 Jun 2022 10:49:39 +0000 (10:49 +0000)]
Update to nsd 4.6.0; OK sthen
job [Thu, 30 Jun 2022 10:27:52 +0000 (10:27 +0000)]
zap whitespace
nicm [Thu, 30 Jun 2022 09:55:53 +0000 (09:55 +0000)]
Add support for OSC 8 hyperlinks (a VTE extension now supported by other
terminals such as iTerm2). Originally written by me then extended and
completed by first Will Noble and later Jeff Chiang. GitHub issues 911,
2621, 2890, 3240.
martijn [Thu, 30 Jun 2022 09:42:19 +0000 (09:42 +0000)]
Rewrite smi_print_element to be more concise and complete.
Keep the old implementation around as smi_print_element_legacy for the
trap handler scripts, so these don't break.
Should help with request tracing.
OK sthen@
mlarkin [Thu, 30 Jun 2022 09:38:22 +0000 (09:38 +0000)]
amd64 pmap: Zero out the EPTP on pmap_create
Non-EPT pmaps were picking up old EPTPs from previous owners.
This doesn't cause any problems but makes debugging harder.
ok dv@
beck [Thu, 30 Jun 2022 09:13:49 +0000 (09:13 +0000)]
Add valid time test from ruby regress, and check ASN1_time_to_tm
against recorded time value.
tb [Thu, 30 Jun 2022 09:08:35 +0000 (09:08 +0000)]
Rename use_* to ssl_use_* for consistency.
discussed with jsing
beck [Thu, 30 Jun 2022 08:41:01 +0000 (08:41 +0000)]
add valid utc time that should fail to parse as generalized
beck [Thu, 30 Jun 2022 08:32:26 +0000 (08:32 +0000)]
Add tests for times missing seconds, and to be able to test
invalid generalized times specifically
tb [Thu, 30 Jun 2022 08:25:56 +0000 (08:25 +0000)]
whitespace nit
florian [Thu, 30 Jun 2022 08:21:37 +0000 (08:21 +0000)]
Track doc/README, makes merging new releases easier.
OK sthen
job [Thu, 30 Jun 2022 07:55:48 +0000 (07:55 +0000)]
Fix err()
OK claudio@
claudio [Thu, 30 Jun 2022 07:42:50 +0000 (07:42 +0000)]
Fix interval timers by forcing TZ to UTC, else some strftime formats
print strange offsets.
While there rework the main loop to only use localtime and now.
Calculate the relative time offset for -m mode just once at startup.
OK sthen@ job@
tb [Thu, 30 Jun 2022 07:28:38 +0000 (07:28 +0000)]
With recent a_time_tm.c changes, we also need the bytestring API.
tb [Thu, 30 Jun 2022 07:09:45 +0000 (07:09 +0000)]
Remove obj_mac.h include. Requested by jsing
bluhm [Wed, 29 Jun 2022 22:45:24 +0000 (22:45 +0000)]
Pass a pointer to mbuf pointer further down into ip6_process_hopopts()
and ip6_unknown_opt(). Instead of having dangling pointer in caller,
use m_freemp() to set mbuf to NULL.
OK sashan@
bluhm [Wed, 29 Jun 2022 22:20:47 +0000 (22:20 +0000)]
Between the calls to art_match() and SRPL_FIRST() another CPU may
remove the route from the list. In rtable_match() check if the
route entry is NULL.
discussed with mpi@ jmatthew@ claudio@; OK mpi@
tb [Wed, 29 Jun 2022 21:19:21 +0000 (21:19 +0000)]
Don't check the signature if a cert is self signed.
ok beck jsing
tb [Wed, 29 Jun 2022 21:18:04 +0000 (21:18 +0000)]
Make ssl_cert_add{0,1}_chain_cert() take ssl/ctx
ok beck jsing
tb [Wed, 29 Jun 2022 21:17:22 +0000 (21:17 +0000)]
ssl_cert_set{0,1}_chain() take ssl/ctx
ok beck jsing
tb [Wed, 29 Jun 2022 21:16:30 +0000 (21:16 +0000)]
Add a security check to ssl_set_cert()
ok beck jsing
tb [Wed, 29 Jun 2022 21:13:34 +0000 (21:13 +0000)]
Make ssl_set_{cert,pkey} take an ssl/ctx
ok beck jsing
tb [Wed, 29 Jun 2022 21:12:19 +0000 (21:12 +0000)]
Refactor use_certificate_chain_* to take ssl/ctx instead of a cert
ok beck jsing
tb [Wed, 29 Jun 2022 21:10:20 +0000 (21:10 +0000)]
Add functions that check security level in certs and cert chains.
ok beck jsing
tb [Wed, 29 Jun 2022 21:08:07 +0000 (21:08 +0000)]
Make sure the verifier checks the security level in cert chains
ok beck jsing
tb [Wed, 29 Jun 2022 20:06:55 +0000 (20:06 +0000)]
Remove a confusing comment
discussed with jsing
tb [Wed, 29 Jun 2022 20:04:28 +0000 (20:04 +0000)]
Parse the @SECLEVEL=n annotation in cipher strings
To this end, hand the SSL_CERT through about 5 levels of indirection to
set an integer on it.
ok beck jsing
job [Wed, 29 Jun 2022 18:57:30 +0000 (18:57 +0000)]
Manual page improvements from Leon Fischer
yep jmc@
dv [Wed, 29 Jun 2022 17:39:54 +0000 (17:39 +0000)]
vmd(8): fix off by one in vm memory range check
When inspecting if a gpa falls into a known memory range, vmd was
considering it valid 1 byte past the end resulting in selecting the
wrong starting range for the search.
ok mlarkin@
beck [Wed, 29 Jun 2022 17:39:20 +0000 (17:39 +0000)]
Add support for sending QUIC transport parameters
This is the start of adding the boringssl API for QUIC support,
and the TLS extensions necessary to send and receive QUIC transport
data.
Inspired by boringssl's https://boringssl-review.googlesource.com/24464
ok jsing@ tb@
job [Wed, 29 Jun 2022 17:35:44 +0000 (17:35 +0000)]
sync
job [Wed, 29 Jun 2022 16:06:22 +0000 (16:06 +0000)]
Clarify the shorter default format string only applies to -i and -s
mvs [Wed, 29 Jun 2022 16:04:49 +0000 (16:04 +0000)]
Remove switch(4) remains.
ok claudio@ mpi@
job [Wed, 29 Jun 2022 16:01:10 +0000 (16:01 +0000)]
Add -m option to ts(1)
OK claudio@
tb [Wed, 29 Jun 2022 15:06:18 +0000 (15:06 +0000)]
Use relative paths so beck can run regress in his git tree and have
the correct ssl_local.h etc be picked up.
dv [Wed, 29 Jun 2022 14:24:29 +0000 (14:24 +0000)]
remove archaic comment from original import of i386 pmap
This comment hasn't been relevant for at least 11 years as there's
no such lock. NetBSD removed the comment 11 years ago. No functional
change.
Discussed with mlarkin@
jca [Wed, 29 Jun 2022 13:07:19 +0000 (13:07 +0000)]
Regen syscalls files as they were meant to be, correcting the "created from:" info
Cluebat from miod@
jca [Wed, 29 Jun 2022 12:17:31 +0000 (12:17 +0000)]
Unlock the pledge(2) system call
Protect the ps_pledge/ps_execpledge fields with ps_mtx. Shuffle the
code to call unveil_destroy() outside the critical section. Only writes
to those fields are protected. Since we may only remove bits from those
fields, garbage values should do no harm even when a read crosses
a write on 32 bits systems.
Input claudio@ kettenis@ deraadt@, ok deraadt@
jca [Wed, 29 Jun 2022 12:06:11 +0000 (12:06 +0000)]
Simplify the locking dance around pledge_syscall()
It doesn't make sense to wrap this function with the kernel lock only
when the syscall to be executed is itself locked. Instead
pledge_syscall() should be always safe to execute without the kernel
lock.
"looks good" kettenis@, ok deraadt@
tb [Wed, 29 Jun 2022 12:03:38 +0000 (12:03 +0000)]
whitespace nit