job [Thu, 29 Aug 2024 09:54:13 +0000 (09:54 +0000)]
Improve warning message
Requested by claudio@
OK tb@
job [Thu, 29 Aug 2024 09:53:04 +0000 (09:53 +0000)]
Periodically reinitialize RRDP sessions to snapshot at random intervals
It is technically possible for a series of RRDP deltas and a snapshot
to diverge. An RRDP server could distribute files via Deltas and then
forget about those files, causing copies to remain stuck in the caches
of RRDP clients. Resetting RRDP sessions once every few weeks helps with
garbage collection.
In week 0 the probability of triggering re-initialization is ~0.025% and
doubles every week, in week 11 its 50% and always after week 12. Thus,
RPs will reinitialize at least once every 3 months.
OK tb@ claudio@
anton [Thu, 29 Aug 2024 07:33:50 +0000 (07:33 +0000)]
Fix regression introduced in previous migration to strtol() by
correcting the error condition, making it on par with the example in the
manual.
ok op@
florian [Thu, 29 Aug 2024 07:20:16 +0000 (07:20 +0000)]
Update root hints.
b.root-servers.net renumbered on 2023-11-27.
OK phessler, jsg, sthen, deraadt
jsg [Thu, 29 Aug 2024 03:57:35 +0000 (03:57 +0000)]
unstub pdev_to_i915()
jsg [Thu, 29 Aug 2024 03:38:13 +0000 (03:38 +0000)]
call pci_set_drvdata() on attach
deraadt [Thu, 29 Aug 2024 03:30:05 +0000 (03:30 +0000)]
repair bizzare indents; ok tb
bluhm [Wed, 28 Aug 2024 18:21:15 +0000 (18:21 +0000)]
If bounce buffers do not fit, defragment mbuf.
Some packets were dropped by vio_encap() when using bounce buffers.
These mbufs are too fragmented for the pre allocated bounce buffer
pages. By returing EFBIG the network driver will call m_defrag()
and try again. This fixes the problem.
OK sf@ hshoexer@
miod [Wed, 28 Aug 2024 17:37:12 +0000 (17:37 +0000)]
Enable per-cpu page cache.
op [Wed, 28 Aug 2024 15:51:01 +0000 (15:51 +0000)]
use the right FILE to parse the config, not stdin
I typoed the file argument to getline() in rev 1.14 when converting
fgetln remnants to getline back in aug 2022. guess not many people
are hosting hunt servers.
tb [Wed, 28 Aug 2024 15:48:33 +0000 (15:48 +0000)]
def_create(): switch from malloc() to calloc()
ok jsing
millert [Wed, 28 Aug 2024 14:32:02 +0000 (14:32 +0000)]
Add test for for the case where the pattern space is empty but does
not start with a NUL character, which might occur after using the
D command.
millert [Wed, 28 Aug 2024 14:30:26 +0000 (14:30 +0000)]
Fix the case where the pattern space is empty but does not start
with a NUL character, which might occur after using the D command.
From Mohamed Akram
naddy [Wed, 28 Aug 2024 14:22:36 +0000 (14:22 +0000)]
Stop printing the "syscall" bit in the header line, too.
ok deraadt@
claudio [Wed, 28 Aug 2024 13:21:39 +0000 (13:21 +0000)]
Introduce peer_is_up() and use it instead of peer->state == PEER_UP checks
also enqueue update and rrfresh imsgs only if the peer is up and flush them
once this is no longer the case.
OK tb@
claudio [Wed, 28 Aug 2024 13:18:11 +0000 (13:18 +0000)]
Check the max_prefix and max_out_prefix limit during config reload.
This is cheap and will trigger immediatly instead of waiting until
the next UPDATE happens (which could happen a lot later).
OK tb@ job@
claudio [Wed, 28 Aug 2024 13:14:39 +0000 (13:14 +0000)]
Extend maxprefix and maxprefixout tests to also check that the limits
are checked during reload.
sf [Wed, 28 Aug 2024 12:40:22 +0000 (12:40 +0000)]
vio: Fix allocation sizes
For both rx and tx, we need an array of bus_dmamap_t and mbuf pointers each.
This results in a size of
(rxqsize + txqsize) * (sizeof(bus_dmamap_t) + sizeof(struct mbuf *))
The factor 2 before the sizeof(bus_dmamap_t) was too much and we
allocated more than we needed.
OK bluhm@
djm [Wed, 28 Aug 2024 12:08:26 +0000 (12:08 +0000)]
fix test: -F is the argument to specify a non-default ssh_config,
not -f (this is sadly not a new bug)
op [Wed, 28 Aug 2024 11:41:42 +0000 (11:41 +0000)]
libpcap: replace atoi() usage with strtonum()
ok/improvements beck@
op [Wed, 28 Aug 2024 11:40:33 +0000 (11:40 +0000)]
libpcap: replace hand-rolled number parser with strtol
can't use strtonum here since it needs to handle octal and hex
notations as well. Part of a larger diff that's ok beck@
tb [Wed, 28 Aug 2024 09:39:17 +0000 (09:39 +0000)]
sync ibuf_realloc() copy with libutil
This pulls in an overflow check and the change from recallocarray() to
realloc(). claudio tells me that we might soon get rid of this copy.
ok claudio
tb [Wed, 28 Aug 2024 08:59:03 +0000 (08:59 +0000)]
Get rid of last use of db_meth
Nothing touches db_meth in ports. Thus only way a db_meth can be set is
now as a side effect X509V3_set_conf() in which case the db is an NCONF
database and the db_meth will be a thin wrapper of NCONF_get_section().
Make that explicit in the implementation, remove the guts of the unused
X509V3_get_string() and X509V3_string_free(), turn X509V3_section_free()
into a noop and replace several checks for ctx->db, ctx->db->meth, ...
with a simple ctx->db != NULL check.
ok beck jsing
tb [Wed, 28 Aug 2024 08:50:41 +0000 (08:50 +0000)]
Remove a few obvious comments, unwrap a few lines and annotate some
functions for removal
tb [Wed, 28 Aug 2024 08:43:55 +0000 (08:43 +0000)]
Turn X509V3_set_conf_lhash() into a noop
Another legacy turd that was only used by PHP 7.4 and 8.0.
ok beck jsing
tb [Wed, 28 Aug 2024 08:41:18 +0000 (08:41 +0000)]
Add LCRYPTO_USED(X509_get_signature_info)
tb [Wed, 28 Aug 2024 08:33:06 +0000 (08:33 +0000)]
Disable X509V3_EXT{,_CRL,_REQ}_add_conf()
These legacy interfaces were only used by PHP 7.4 and 8.0 and they will
be removed in an upcoming bump.
ok beck jsing
tb [Wed, 28 Aug 2024 08:22:57 +0000 (08:22 +0000)]
Annotate X509V3_CONF_CTX and its only instance for removal
A comment saying /* Maybe more here */ in a public also goes (yuck).
Of course the promise was fulfilled by OpenSSL 3.
ok beck jsing
tb [Wed, 28 Aug 2024 07:37:50 +0000 (07:37 +0000)]
Make use of X509_get_signature_info() in check_sig_level()
If an auth_level (i.e., security_level, but not quite, because Viktor) was
set on the X509_VERIFY_PARAM in the X509_STORE_CTX, the verifier would
reject RSA-PSS or EdDSA certificates for insufficient security bits due to
incorrect use of OBJ_find_sigid_algs() (this was also a bug in the initial
security level implementation in OpenSSL 1.1).
Using X509_get_signature_info() fixes this while preserving behavior for
all other algorithms.
Reported by Steffen Ullrich as one of multiple issues with RSA-PSS.
ok jsing
tb [Wed, 28 Aug 2024 07:18:55 +0000 (07:18 +0000)]
Document X509_get0_signature_info()
Loosely based on the OpenSSL 1.1 documentation but extended quite a bit to
explain what the flags mean and what info they do (and do not) convey. With
the usual valuable feedback from jmc.
ok jmc
tb [Wed, 28 Aug 2024 07:15:04 +0000 (07:15 +0000)]
Implement X509_get_signature_info()
This is a slightly strange combination of OBJ_find_sigid_algs() and the
security level API necessary because OBJ_find_sigid_algs() on its own
isn't smart enough for the special needs of RSA-PSS and EdDSA.
The API extracts the hash's NID and the pubkey's NID from the certificate's
signatureAlgorithm and invokes special handlers for RSA-PSS and EdDSA
for retrieving the corresponding information. This isn't entirely free
for RSA-PSS, but for now we don't cache this information.
The security bits calculation is a bit hand-wavy, but that's something
that comes along with this sort of numerology.
ok jsing
tb [Wed, 28 Aug 2024 06:53:24 +0000 (06:53 +0000)]
Fix underlying pkey of RSA-PSS
There are currently very few differences between the rsa_asn1_meth for
plain RSA and the rsa_pss_asn1_meth for RSA-PSS apart from the obviously
necessary differnces for base_method, pkey_id, pem_str and info (and the
fact that RSA has support for legacy private key encoding). This had the
lucky side effect that it didn't really matter which ameth one ended up
using after OBJ_find_sigid_algs().
With the upcoming support for X509_get_signature_infO() for RSA-PSS, this
needs to change as for RSA-PSS we need to decode the PSS parameters for
extracting the "security level", whereas for RSA we can just use the hash
length. Thus, for RSA-PSS switch pkey_id from the incorrect rsaEncryption
to rassaPss.
ok jsing
PS: OBJ_find_sigid_algs() manual is no longer entirely correct, but this
has been the case since we added
Ed25519 support to obj_xref.
tb [Wed, 28 Aug 2024 06:27:19 +0000 (06:27 +0000)]
Add a comment to OCSP_id_issuer_cmp() to make blind use of X509_ALGOR_cmp()
less likely.
ok jsing
tb [Wed, 28 Aug 2024 06:26:06 +0000 (06:26 +0000)]
Clean up and simplify OCSP_cert_id_new()
Use proper NULL checks, set hashAlgorithm with X509_ALGOR_set0_by_nid(),
and avoid a silly digerr label.
ok jsing
tb [Wed, 28 Aug 2024 06:18:44 +0000 (06:18 +0000)]
Avoid reaching into X509_ALGOR in ocsp_certid_print()
ok jsing
tb [Wed, 28 Aug 2024 06:17:06 +0000 (06:17 +0000)]
Avoid polluting the error stack when printing certificates
For a certificate serial number between LONG_MAX and ULONG_MAX, the call to
ASN1_INTEGER_get() fails and leaves an error on the stack because the check
bs->length <= sizeof(long) doesn't quite do what it's supposed to do (bs is
probably for bitstring, although the more common reading would be adequate,
too.)
Fix this by checking for non-negativity and using ASN1_INTEGER_get_uint64()
and add a lengthy comment to explain the nonsense per beck's request.
discussed with jsing
ok beck
jsg [Wed, 28 Aug 2024 06:09:36 +0000 (06:09 +0000)]
change dev_set_drvdata() call to pci_set_drvdata() to match linux
no functional change
jsg [Wed, 28 Aug 2024 04:55:45 +0000 (04:55 +0000)]
implement pci drvdata functions
deraadt [Wed, 28 Aug 2024 03:54:54 +0000 (03:54 +0000)]
splnet() not needed in activate function
ok gkoehler
jsg [Wed, 28 Aug 2024 01:59:27 +0000 (01:59 +0000)]
skip GPU reset on everything, not just APUs
Fixes S3 suspend/resume on jrick's VEGA10 after the
amdgpu_pmops_suspend_noirq() call was added to amdgpu_activate().
To be revisted after more of the reset functions are unstubbed.
op [Tue, 27 Aug 2024 19:27:19 +0000 (19:27 +0000)]
inline `start' and simplify; from/ok millert@
sf [Tue, 27 Aug 2024 19:11:20 +0000 (19:11 +0000)]
vio: whitespace and message tweaks
Fix whitespace.
Other network drivers use a comma in the boot message.
Make more clear what features are meant in an error message
OK bluhm@
sf [Tue, 27 Aug 2024 19:01:11 +0000 (19:01 +0000)]
constify struct virtio_ops
OK bluhm@
op [Tue, 27 Aug 2024 18:45:58 +0000 (18:45 +0000)]
ksh: use strtonum() in findhistrel()
ok millert@, deraadt@
sf [Tue, 27 Aug 2024 18:44:12 +0000 (18:44 +0000)]
virtio: Remove some unused leftovers
Some fields in struct virtqueue are unused.
The maxsegsize argument to virtio_alloc_vq is unused.
OK bluhm@
aisha [Tue, 27 Aug 2024 13:52:41 +0000 (13:52 +0000)]
remove some dead code that wasn't cleaned up
ok sashan
sthen [Tue, 27 Aug 2024 12:41:18 +0000 (12:41 +0000)]
use UQ_ALWAYS_OPEN for various PixArt/Logitech USB mice. ok bru miod
Some USB mice are known to have problems if the device isn't polled
regularly (seems to be something in the firmware overflows). Symptoms
are frequent disconnect/reconnect cycles unless either X or wsmoused
are used.
jcs and kurt figured out a related problem with the Surface Type Cover
and added UQ_ALWAYS_OPEN in 2021 (similar to linux HID_QUIRK_ALWAYS_POLL
and NetBSD UQ_ALWAYS_ON) which also works around the problem with these
mice.
I've added the list of vid/pid from NetBSD, plus the mouse which I've
been having problems with which they didn't have.
sthen [Tue, 27 Aug 2024 12:31:43 +0000 (12:31 +0000)]
sync
sthen [Tue, 27 Aug 2024 12:31:18 +0000 (12:31 +0000)]
add a few USB mice, to be used for quirks. ok bru miod
jsg [Tue, 27 Aug 2024 10:58:53 +0000 (10:58 +0000)]
frambuffer -> framebuffer
bluhm [Tue, 27 Aug 2024 09:16:03 +0000 (09:16 +0000)]
Enable AMD SEV support in vmm(4).
Bring the pieces for vmm(4) to support guests with SEV memory
encryption on AMD CPUs. The corresponding vmd(8) changes will
follow.
Emulate cpuid 0x8000001f so the guest can discover SEV features.
Allow vmd(8) to enable SEV on VM creation. Inform vmd(8) about the
c-bit position and ASID assigned to each VCPU.
Note that vmd(8) has to be rebuilt with the new header files.
from hshoexer@; input dv@; OK mlarkin@
nicm [Tue, 27 Aug 2024 07:49:07 +0000 (07:49 +0000)]
Display hyperlinks in copy mode and add copy_cursor_hyperlink format to
get the hyperlink under the cursor.
nicm [Tue, 27 Aug 2024 07:31:26 +0000 (07:31 +0000)]
Add search_count and search_count_partial formats in copy mode, GitHub
issue 4091.
nicm [Tue, 27 Aug 2024 07:25:27 +0000 (07:25 +0000)]
Do not reset mouse pane if clicked on status line, it may have been set
by a range.
florian [Tue, 27 Aug 2024 06:06:14 +0000 (06:06 +0000)]
Mechanically change inet_aton to inet_pton.
Documentation says IP addresses are not truncated, so the parser can
be stricter and only accept dotted IP addresses.
OK yasuoka
florian [Tue, 27 Aug 2024 06:04:03 +0000 (06:04 +0000)]
Use getaddrinfo to parse IP addresses and lookup names.
Input & OK bluhm
florian [Tue, 27 Aug 2024 06:03:20 +0000 (06:03 +0000)]
Use getaddrinfo to parse IP addresses and lookup names.
OK bluhm
florian [Tue, 27 Aug 2024 05:55:39 +0000 (05:55 +0000)]
Do not send zero sized vendor or client ids.
The frontend and engine do not like this due to improved error
checking.
Found by Josh Grosse and Renato Aguiar, thanks!
tb [Tue, 27 Aug 2024 01:19:27 +0000 (01:19 +0000)]
cms_att.c: tidy includes and add x509_local.h for upcoming change
deraadt [Mon, 26 Aug 2024 22:54:21 +0000 (22:54 +0000)]
calendars are so hard
op [Mon, 26 Aug 2024 22:01:28 +0000 (22:01 +0000)]
replace atoi(3) usage with strtonum(3); ok/tweaks tb@
op [Mon, 26 Aug 2024 22:00:47 +0000 (22:00 +0000)]
replace strtol(3) usage with strtonum(3); idea/ok/tweaks tb@
op [Mon, 26 Aug 2024 21:34:32 +0000 (21:34 +0000)]
replace hand-rolled number parser with strtonum
original report by Collin Funk
ok bluhm, millert
jmc [Mon, 26 Aug 2024 20:12:33 +0000 (20:12 +0000)]
fortune files are no longer being rot13d;
jmc [Mon, 26 Aug 2024 20:10:53 +0000 (20:10 +0000)]
- remove the "real" dance. there is no longer a need for it.
- do not install the offensive files rotated 13 chars, as suggested by deraadt.
it hardly makes sense, and only one of the "potentially offensive" files
was being treated this way anyway
- simplify the makefile to catch up with all this
- update NOTES to catch up with all this
- the notes in README pertaining to not installing the offensive files is no
longer relevant, so remove it, as suggested by millert
sf [Mon, 26 Aug 2024 19:37:54 +0000 (19:37 +0000)]
virtio: Introduce dedicated attach args
Instead of abusing virtio_softc as attach args, create a separate
struct. Use it to pass the number of available interrupts. This will be
useful for vio(4) multi-queue support.
ok jan@
sf [Mon, 26 Aug 2024 19:24:02 +0000 (19:24 +0000)]
vio(4): Fix hardmtu without MRG_RXBUF
Without VIRTIO_NET_F_MRG_RXBUF, we cannot chain several buffers together
and we can only receive packets up to the length of the buffers we put
into the ring.
OK bluhm@
tb [Mon, 26 Aug 2024 18:40:50 +0000 (18:40 +0000)]
ts.c: typo flaf -> flag
claudio [Mon, 26 Aug 2024 13:57:34 +0000 (13:57 +0000)]
Replace recallocarray() with a realloc() + memset() combo.
recallocarray(), with its guarantee that memory becoming unallocated is
explicitly discarded, is too slow. In rpki-client forming one particular
ibuf takes more then 4mins because every recallocarray() call ends up
doing a fresh malloc + memcpy + freezero call.
For sensitive data use ibuf_open() instead of ibuf_dynamic() to avoid
any memory reallocations.
OK tb@
bluhm [Mon, 26 Aug 2024 13:55:14 +0000 (13:55 +0000)]
Rearrange #ifdef TCP_SIGNATURE to keep braces balanced.
nicm [Mon, 26 Aug 2024 13:02:15 +0000 (13:02 +0000)]
Use strtonum instead of atoi.
bluhm [Mon, 26 Aug 2024 12:15:40 +0000 (12:15 +0000)]
Test bitstring macro evaluation.
For all bitstring macros, add a test with side effects in the
arguments. Also fix compiler warnings and wrap long line. In
main() replace exit(0) with return(0) to check stack canary. Create
expected test files with make target create-good.
OK florian deraadt@
bluhm [Mon, 26 Aug 2024 11:52:54 +0000 (11:52 +0000)]
Evaluate arguments of bitstring macros only once.
According to bit_alloc(3) man page the arguments to bitstring macros
are evaluated only once and may safely have side effects. Fix the
implementation with temporary variables to fulfill this requirement.
OK florian@ deraadt@
mvs [Mon, 26 Aug 2024 08:24:25 +0000 (08:24 +0000)]
style(9) fix. No functional changes.
nicm [Mon, 26 Aug 2024 07:45:05 +0000 (07:45 +0000)]
C-h should not be treated specially and represented internally as \b but
as C-h like the other Ctrl keys. Backspace is already handled separately
if it VERASE.
nicm [Mon, 26 Aug 2024 07:34:40 +0000 (07:34 +0000)]
Pass the screen_redraw_ctx struct into more functions instead of
individual arguments (for example for the pane status), from Michael
Grant.
nicm [Mon, 26 Aug 2024 07:30:46 +0000 (07:30 +0000)]
Client flags was changed to uint64_t a while ago, fix a few cases where
it is still int (do not matter now but will with some new flags). From
Michael Grant.
nicm [Mon, 26 Aug 2024 07:14:40 +0000 (07:14 +0000)]
Add window_pane_mode helper function to tell if a pane is in copy mode,
from Michael Grant.
nicm [Mon, 26 Aug 2024 07:09:34 +0000 (07:09 +0000)]
Add copy-mode -d flag to scroll a page down if in copy mode already,
from Michael Grant.
florian [Mon, 26 Aug 2024 06:06:04 +0000 (06:06 +0000)]
Use i2s instead of hard coding the imsg type. Suggested by tb.
florian [Mon, 26 Aug 2024 06:05:05 +0000 (06:05 +0000)]
errno is unset, use fatalx(3) instead of fatal(3).
florian [Mon, 26 Aug 2024 06:04:24 +0000 (06:04 +0000)]
Be stricter in what we accept from the main process.
While here mention function where fatalx(3) occurred like everywhere
else.
Suggested by & OK tb
deraadt [Mon, 26 Aug 2024 03:49:06 +0000 (03:49 +0000)]
annoying whitespace found during an audit process
jsg [Mon, 26 Aug 2024 03:37:56 +0000 (03:37 +0000)]
replace multiple '.arch armv8.3-a' with a pauth target attribute
'no objection' kettenis@
miod [Sun, 25 Aug 2024 19:57:33 +0000 (19:57 +0000)]
typo
deraadt [Sun, 25 Aug 2024 14:51:33 +0000 (14:51 +0000)]
make activate function confirm to the common idiom; ok miod
florian [Sun, 25 Aug 2024 09:53:53 +0000 (09:53 +0000)]
Do not peek inside of struct imsg.
input & OK tb
tb [Sun, 25 Aug 2024 09:32:08 +0000 (09:32 +0000)]
Since netstart r1.208 (2020), it no longer applies /etc/myname
Change Xr from netstart to rc.
From Christian Schulte, ok florian
florian [Sun, 25 Aug 2024 07:04:05 +0000 (07:04 +0000)]
sin6_to_str and i2s take a single argument.
Pointed out by tb
jsg [Sun, 25 Aug 2024 05:43:36 +0000 (05:43 +0000)]
PASSTHROUGH -> FALLTHROUGH
ok ratchov@
tb [Sat, 24 Aug 2024 19:31:09 +0000 (19:31 +0000)]
More precision on what exactly OCSP_id_cmp and OCSP_issuer_id_cmp compare.
The existing description was lacking and incorrect, respectively.
florian [Sat, 24 Aug 2024 16:35:05 +0000 (16:35 +0000)]
Simplify engine_showinfo_ctl()
It only handles one imsg type these days, so it doesn't need to peek
into struct imsg at all.
pointed out by & OK tb
florian [Sat, 24 Aug 2024 16:34:23 +0000 (16:34 +0000)]
Stop peeking into struct imsg when relaying control messages.
pointed out by & OK tb
tb [Sat, 24 Aug 2024 12:08:49 +0000 (12:08 +0000)]
conf_def.c: add two trailing commas
mpi [Sat, 24 Aug 2024 10:47:59 +0000 (10:47 +0000)]
Remove documentation for no longer existing or mostly unused allocators.
ok guenther@
mpi [Sat, 24 Aug 2024 10:46:43 +0000 (10:46 +0000)]
Place uvm_km_zalloc(9) under #ifdef __i386__.
This allocator is only used by a single pmap which will be hopefully
converted.
Suggested by guenther@
mpi [Sat, 24 Aug 2024 10:38:44 +0000 (10:38 +0000)]
Kill uvm_km_alloc(9) and uvm_km_alloc1(9).
ok guenther@
florian [Sat, 24 Aug 2024 09:44:41 +0000 (09:44 +0000)]
Do not peek inside of struct imsg.
While here use i2s helper function for error logging.
OK tb
florian [Sat, 24 Aug 2024 09:42:40 +0000 (09:42 +0000)]
Helper function for logging imsg type names.
OK tb as part of a larger diff
tb [Sat, 24 Aug 2024 09:23:09 +0000 (09:23 +0000)]
X509at_get_attr: zap trailing comma.
reminded by mandoc -Tlint