tb [Sat, 13 Jul 2024 18:33:18 +0000 (18:33 +0000)]
ssl2.h and ssl23.h join the party in the attic
Now that the SSL2 client hello support is gone, nothing uses this anymore,
except that a few ports still need SSL2_VERSION.
ok beck
tb [Sat, 13 Jul 2024 17:42:13 +0000 (17:42 +0000)]
Make error constants const in libssl
This could be made cleaner if we expose ERR_load_const_strings(), but for
now this hackier version with casts achieves the same and removes the last
unprotected modifiable globals in this library.
ok jsing
tb [Sat, 13 Jul 2024 16:43:56 +0000 (16:43 +0000)]
Move the sigaction next to multi
Reduces diff in -portable
dv [Sat, 13 Jul 2024 16:13:45 +0000 (16:13 +0000)]
Add missing RCS header to vmd(8)'s vmm.h.
Apparently it never had one. It's rarely touched, so went unnoticed.
florian [Sat, 13 Jul 2024 16:06:34 +0000 (16:06 +0000)]
Reduce if_indextoname(3) usage.
Don't ask the kernel to translate an if_index to a name if we are not
running with verbose logging, it's not free.
kettenis [Sat, 13 Jul 2024 15:38:21 +0000 (15:38 +0000)]
Implement some more suspend/resume Linux compat such that inteldrm(4) can
achieve RC6 and save a significant amount of power for S0i.
ok jsg@
krw [Sat, 13 Jul 2024 15:28:42 +0000 (15:28 +0000)]
Mention nvme(4) and gdt(4) as devices that register with bio(4).
ok deraadt@
tb [Sat, 13 Jul 2024 15:08:58 +0000 (15:08 +0000)]
Unify X.509v3 extension methods
Use C99 initializers for all structs (some were forgotten).
Make all the structs static, call them x509v3_ext_* matching NID_*.
Add accessors called x509v3_ext_method_* and use these to implement
X509V3_EXT_get_nid().
This adds consistency and avoids a few contortions like grouping
a few extensions in arrays to save a couple externs.
ok beck jsing
beck [Sat, 13 Jul 2024 14:37:55 +0000 (14:37 +0000)]
Revert the vdoom change, while it prevents the crashes on joel's go
builder and avoids the ufs_inactive problems, bluhm hits panics on
shutdown and filesystem unmount on the regress testers.
We'll have to try the other approach of detecting the corrupted
vnode perhaps.
yasuoka [Sat, 13 Jul 2024 14:28:27 +0000 (14:28 +0000)]
NULL check must be inside the loop. found tobhe
ok tobhe
yasuoka [Sat, 13 Jul 2024 14:19:09 +0000 (14:19 +0000)]
Fix radius.c again^2. Cancel previous and revert the latest one
(sent to tech@).
yasuoka [Sat, 13 Jul 2024 14:08:53 +0000 (14:08 +0000)]
Fix radius.c again. Previous was old one.
bluhm [Sat, 13 Jul 2024 13:20:44 +0000 (13:20 +0000)]
Add condition to ip_gre.c in files.
Use gre condition in conf/files for compiling netinet/ip_gre.c only
if needed. Remove #if NGRE > 0 from ip_gre.c that caused ramdisk
build to compile an empty C file.
OK kn@ deraadt@; input jsg@
yasuoka [Sat, 13 Jul 2024 13:06:47 +0000 (13:06 +0000)]
Use calloc(3) instead of malloc(3). "accounting" is used without
initialization. Also don't check request authenticator for other than
Accounting-Request.
jmc [Sat, 13 Jul 2024 12:58:51 +0000 (12:58 +0000)]
grammar/macro fixes for the radius text;
yasuoka [Sat, 13 Jul 2024 12:25:07 +0000 (12:25 +0000)]
Fix radius.c. Previous it was broken.
yasuoka [Sat, 13 Jul 2024 12:22:46 +0000 (12:22 +0000)]
Add RADIUS support. Authentication, accounting, and "Dynamic
Authorization Extensions"(DAE) are supported.
feedback markus stu
ok tobhe
bluhm [Sat, 13 Jul 2024 12:00:11 +0000 (12:00 +0000)]
Mark IP protocol GRE as MP safe from socket layer.
The pipex code in gre_send() matches more or less what udp_send()
does. This has been MP safe for a long time. rip_send() is already
called with PR_MPSOCKET.
OK mvs@
bluhm [Sat, 13 Jul 2024 10:09:40 +0000 (10:09 +0000)]
Previous commit broke RAMDISK_CD kernel build. Always include udp.h
in ip6_forward.c.
bluhm [Sat, 13 Jul 2024 09:34:26 +0000 (09:34 +0000)]
Do not store full IPv6 packet in common forwarding case.
Forwarding IPv6 packets is slower than IPv4. Reason is that m_copym()
is done for every packet. Just in case we may have to send an ICMP6
packet, ip6_forward() creates a mbuf copy. After that mbuf cluster
is read only, so for the ethernet header another mbuf is allocated.
pf NAT and RDR ignores readonly clusters, so it also modifies the
potential ICMP6 packet.
IPv4 ip_forward() avoids all these problems by copying the leading
68 bytes of the original packets onto the stack. More is not need
for ICMP. IPv6 RFC 4443 2.4. (c) requires up to 1232 bytes in the
ICMP6 packet. This cannot be copied to the stack.
The reason for the difference in the standard seems to be that the
ICMP6 packet has to contain the full header chain. If we have a
simple TCP, UDP or ESP packet without chain, do a shortcut and just
preserve the header for the ICMP6 packet.
Small packets already use stack memory, large packets need extra
mbuf allocation. Now truncate ICMP6 packet to a reasonable length
if the original packets has a final protocol header directly after
the IPv6 header. List of suitable protocols contains TCP, UDP, ESP
as they cover the common cases and anything behind the header should
not be needed for path MTU discovery.
OK deraadt@ florian@ mvs@
dv [Sat, 13 Jul 2024 08:59:41 +0000 (08:59 +0000)]
Backout previous change related to not freeing memory on suspend.
It broke resume from hibernate. :(
asou [Sat, 13 Jul 2024 07:25:38 +0000 (07:25 +0000)]
Implement investigate kernel corefile to lldb.
bluhm [Fri, 12 Jul 2024 19:50:35 +0000 (19:50 +0000)]
Remove internet PCB mutex.
All incpb locking has been converted to socket receive buffer mutex.
Per PCB mutex inp_mtx is not needed anymore. Also delete PRU related
locking functions. A flag PR_MPSOCKET indicates whether protocol
functions support parallel access with per socket rw-lock.
TCP is the only protocol that is not MP capable from the socket
layer and needs exclusive netlock.
OK mvs@
florian [Fri, 12 Jul 2024 19:11:25 +0000 (19:11 +0000)]
Rewrite bytes/sec calculation using fixed point math.
This makes signal handler safe on OpenBSD.
To avoid overflows the accuracy is scaled. Above 10 minutes run time
we only care about second accuracy. Between 1 seconds and 10 minutes
we use millisecond accuracy.
Below one second we use nanoseconds, but those numbers are probably
meaningless.
Signal handler problem pointed out by deraadt
OK deraadt, millert, tb
beck [Fri, 12 Jul 2024 18:15:10 +0000 (18:15 +0000)]
Fix the horrible and undocumented behaviour of X509_check_trust
Of allowing you to pass in a NID directly, instead of a trust_id,
and have it work, as long as the trust_id's and the NID's did not
overlap.
This screwball behaviour was depended upon by the OCSP code that
called X509_check_trust with the NID, instead of the trust id, so
let's fix that.
We also rename the confusingly named X509_TRUST_DEFAULT to
X509_TRUST_ACCEPT_ALL which makes a lot more sense, and rototill
this to remove the confusingly named static functions.
This will shortly be follwed up by making this function private,
so we have not bothered to fix the amazingly obtuse man page
as it will be taken behind the barn at that time.
ok tb@
mvs [Fri, 12 Jul 2024 17:20:18 +0000 (17:20 +0000)]
Switch `so_snd' of udp(4) sockets to the new locking scheme.
udp_send() and following udp{,6}_output() do not append packets to
`so_snd' socket buffer. This mean the sosend() and sosplice() sending
paths are dummy pru_send() and there is no problems to simultaneously
run them on the same socket.
Push shared solock() deep down to sesend() and take it only around
pru_send(), but keep somove() running unedr exclusive solock(). Since
sosend() doesn't modify `so_snd' the unlocked `so_snd' space checks
within somove() are safe. Corresponding `sb_state' and `sb_flags'
modifications are protected by `sb_mtx' mutex(9).
Tested and OK bluhm.
yasuoka [Fri, 12 Jul 2024 15:54:52 +0000 (15:54 +0000)]
Fix a typo in log
yasuoka [Fri, 12 Jul 2024 15:54:11 +0000 (15:54 +0000)]
Fix Disconnect-Ack not to have an Error-Cause attribute. Tweak
some log messages.
beck [Fri, 12 Jul 2024 15:53:51 +0000 (15:53 +0000)]
Clean up in X509_check_trust.
The XXX comment in here is now outdated. Our behaviour matches boringssl
in that passing in a 0 trust gets the default behavior, which is to
trust the certificate only if it has EKU any, or is self signed.
Remove the goofy unused nid argument to "trust_compat" and rename it to
what it really does, instead of some bizzare abstraction to something
simple so the code need not change if we ever change our mind on what
"compat" is for X.509, which will probably only happen when we are back
to identifying things by something more sensible like recognizable grunts
and smells.
ok jsing@
dv [Fri, 12 Jul 2024 14:53:09 +0000 (14:53 +0000)]
Simplify nvme suspend/resume by resetting queues and not deallocating
memory. This removes memory allocation from the resume-side of
device activation.
ok deraadt@
jan [Fri, 12 Jul 2024 14:34:08 +0000 (14:34 +0000)]
vmd(8): Fix error handling in tx path.
ok dv@
deraadt [Fri, 12 Jul 2024 14:30:27 +0000 (14:30 +0000)]
refactor the signal handlers for clarity, inverting the situation:
the signal handler was calling a big function which is shared between
multiple contexts -- that hides the rule that this big function has
signal safe requirements (which it fails). now, the signal handler
contains all the code, and everyone else calls the signal handler function
as a regular function, from their (normal) contexts.
the signal handler context is the most strict, so this pattern is better.
ok florian
dv [Fri, 12 Jul 2024 13:51:12 +0000 (13:51 +0000)]
Quiet vmd debug logging about page faults.
When we get bumped to userland and the fault is already handled,
don't log anything. It's way too chatty and helps nobody trying to
debug things.
deraadt [Fri, 12 Jul 2024 13:10:58 +0000 (13:10 +0000)]
manual ret-clean; ok mlarkin
florian [Fri, 12 Jul 2024 12:35:32 +0000 (12:35 +0000)]
Recommend veb(4) instead of bridge(4).
bridge(4) has weird interactions with traffic crossing the bridge.
Missing change after updating the faq pointed out by ajacoutot
OK dv
nicm [Fri, 12 Jul 2024 11:21:18 +0000 (11:21 +0000)]
UTF-8 keys now contain the internal representation and not the Unicode
codepoint, so convert extended keys properly. From Stanislav Kljuhhin.
deraadt [Fri, 12 Jul 2024 11:01:40 +0000 (11:01 +0000)]
Improve signal handlers guidance.
ok beck kettenis, earlier versions jmc
tobhe [Fri, 12 Jul 2024 10:01:28 +0000 (10:01 +0000)]
Add pool to allocate individual rtkit task arguments instead of passing a
shared argument. This fixes a race condition where a message could overwrite
rtkep->msg of a previously scheduled task resulting in a refcounting error later
on causing the screen to stay dark after waking up from suspend.
ok kettenis@
tb [Fri, 12 Jul 2024 09:57:04 +0000 (09:57 +0000)]
Drop the unused evp include
tb [Fri, 12 Jul 2024 09:55:38 +0000 (09:55 +0000)]
Rename the sk in this file to exts
tb [Fri, 12 Jul 2024 09:53:30 +0000 (09:53 +0000)]
Avoid using ret for an X509_EXTENSION
Instead rename the **ext in this file to **out_ext, freeing up ext in
X509_EXTENSION_create_by_OBJ()
Appeases some jsing grumbling on review
tb [Fri, 12 Jul 2024 09:47:49 +0000 (09:47 +0000)]
Tweak variable names in X509v3_add_ext()
x -> out_ext, sk -> exts
requested by jsing on review
tb [Fri, 12 Jul 2024 09:42:24 +0000 (09:42 +0000)]
Rename crit to critical in this file
requested by jsing on review
tb [Fri, 12 Jul 2024 09:35:54 +0000 (09:35 +0000)]
Simplify X509_EXTENSION_get_critical()
This is a silly API, but there are worse.
ok jsing
tb [Fri, 12 Jul 2024 09:33:05 +0000 (09:33 +0000)]
Lose a few extra lines in X509_EXTENSION_set_object()
ok jsing
tb [Fri, 12 Jul 2024 09:31:28 +0000 (09:31 +0000)]
Streamline X509_EXTENSION_create_by_OBJ()
ok jsing
claudio [Fri, 12 Jul 2024 09:27:32 +0000 (09:27 +0000)]
Improve duplicate detection and repo_move_valid
Only trigger a duplicate error if a valid filepath is revisted. It is
possible that a bad CA references somebody else's files and if that
happens first it would block the valid access.
To make this work, pass the ok flag to filepath_add() and only set the
talmask bit if the file was ok. Since we need to do the duplicate check
before processing the entity introduce filepath_valid() which checks
if the path is in the tree and has its talmask bit set.
In repo_move_valid() handle conflicts more gracefully. When both a valid
and temporary file are present assume that one of the files was never ok
(talmask == 0) and silently remove that file from the filepath tree.
OK tb@
tb [Fri, 12 Jul 2024 09:25:43 +0000 (09:25 +0000)]
Clean up X509_EXTENSION_create_by_NID()
Remove unnecessary ret parameter and freeing of obj (which looks like
a double free or freeing of unallocated memory but actually isn't due
to various magic flags). Also make this const correct.
ok jsing
bluhm [Fri, 12 Jul 2024 09:25:27 +0000 (09:25 +0000)]
Run sysctl net.inet.ip.forwarding without net lock.
The places in packet processing where ip_forwarding is evaluated
have been consolidated. The remaining pieces in pf test, ip input,
and icmp input do not need consistent information. If the integer
value is changed by another CPU, it is harmless.
The sysctl syscall sets the value atomically, so add atomic read
in network processing and remove the net lock in sysctl IPCTL_FORWARDING.
OK claudio@ mvs@
tb [Fri, 12 Jul 2024 08:58:59 +0000 (08:58 +0000)]
Rewrite X509v3_add_ext()
This is another brilliancy straight out of muppet labs. Overeager and
misguided sprinkling of NULL checks, going through the trademark poor
code review, made this have semantics not matching what almost every
other function with this signature would be doing in OpenSSL land.
This is a long standing mistake we can't fix without introducing
portability traps, but at least annotate it. Simplify the elaborate
dance steps and make this resemble actual code.
ok jsing
claudio [Fri, 12 Jul 2024 08:54:48 +0000 (08:54 +0000)]
Rename the variable c to ok. It returns if the file failed to parse or not.
We need to pass this to filepath_add so lets use a better name.
OK tb@
tb [Fri, 12 Jul 2024 08:46:45 +0000 (08:46 +0000)]
Simplify X509v3_get_ext() and X509v3_delete_ext()
Drop unnecessary checks that are part of the stack API.
ok jsing
tb [Fri, 12 Jul 2024 08:44:16 +0000 (08:44 +0000)]
Align X509v3_get_ext_by_critical() with X509v3_get_ext_by_OBJ()
Plus, replace a manual check with a call to X509_EXTENSION_get_critical().
ok jsing
tb [Fri, 12 Jul 2024 08:39:54 +0000 (08:39 +0000)]
Clean up X509v3_get_ext_by_OBJ()
Like most of its siblings, this function can be simplified significantly
by making proper use of the API that is being built. Drop unnecessary NULL
checks and other weirdness and add some const correctness.
ok jsing
kettenis [Fri, 12 Jul 2024 08:33:25 +0000 (08:33 +0000)]
Use dedicated window for access to the PCIe core registers.
Based on a diff from Hector Martin for Asahi Linux.
ok patrick@, tobhe@
deraadt [Fri, 12 Jul 2024 08:21:07 +0000 (08:21 +0000)]
sync
beck [Fri, 12 Jul 2024 08:15:19 +0000 (08:15 +0000)]
Add vdoom() to fix ufs/ext2fs re-use of invalid vnode.
This was noticed by syzkiller and analyzed in isolaiton by mbuhl@
and visa@ two years ago. As the kernel has become more unlocked it
has started to appear more and was being hit regularly by jsing@
on the Go builder.
The problem was during reclaim of a inode the corresponding vnode
could be picked up by a vget() by another thread while the inode
was being cleared out in the ufs_inactive routine and the thread running
ufs_inactive slept for i/o. When raced the vnode would then not have
zero use count and would not be cleared out on exit from ufs_inactive
with a dead/invalid vnode being used.
While this could get "fixed" by checking for the race happening
and trying again in the inactive routine, or by adding "yet another
visible vnode locking flag" we choose to add a vdoom() api for the
moment that allows the caller to block future attempts to grab this
vnode until it is cleared out fully with vclean.
Teste by jsing@ on the Go builder and seems to solve the issue.
ok kettenis@, claudio@
deraadt [Fri, 12 Jul 2024 07:22:44 +0000 (07:22 +0000)]
annotate broken signal handler
deraadt [Fri, 12 Jul 2024 07:15:28 +0000 (07:15 +0000)]
use sigaction() to setup SIGARLM so we can set SA_RESTART, and
remove the re-arming in the handler. Better than using siginterrupt(),
and avoids the errno saving requirement in the handler also.
ok guenther millert
miod [Fri, 12 Jul 2024 05:26:34 +0000 (05:26 +0000)]
Despite being an ELF citizen, hppa is its own special snowflake and requires
different asm stanzas to produce strong aliases.
This unbreaks libssl on hppa after the recent switch to LIBRESSL_NAMESPACE.
jsg [Fri, 12 Jul 2024 04:10:46 +0000 (04:10 +0000)]
drm/amdgpu: silence UBSAN warning
From Alex Deucher
1ba66b121100862fc208848264821a788a79317f in linux-6.6.y/6.6.39
05d9e24ddb15160164ba6e917a88c00907dc2434 in mainline linux
jsg [Fri, 12 Jul 2024 04:07:17 +0000 (04:07 +0000)]
drm: panel-orientation-quirks: Add quirk for Valve Galileo
From John Schoenick
33de7c47a19ab1165ee2404f197de4f7e4848f23 in linux-6.6.y/6.6.39
26746ed40bb0e4ebe2b2bd61c04eaaa54e263c14 in mainline linux
jsg [Fri, 12 Jul 2024 04:05:29 +0000 (04:05 +0000)]
drm/amdgpu/atomfirmware: silence UBSAN warning
From Alex Deucher
004b7fe6ca8c709e8431b400c3082040b80e59cf in linux-6.6.y/6.6.39
d0417264437a8fa05f894cabba5a26715b32d78e in mainline linux
jsg [Fri, 12 Jul 2024 04:03:31 +0000 (04:03 +0000)]
drm/amdgpu: fix the warning about the expression (int)size - len
From Jesse Zhang
3fac5aecb59336c9ae808a2cf4733f9f185e3fa2 in linux-6.6.y/6.6.39
ea686fef5489ef7a2450a9fdbcc732b837fb46a8 in mainline linux
jsg [Fri, 12 Jul 2024 04:01:39 +0000 (04:01 +0000)]
drm/amdgpu: fix uninitialized scalar variable warning
From Tim Huang
7e0fbceae1e671af9d91e338cc8608c9bfb7d2f1 in linux-6.6.y/6.6.39
9a5f15d2a29d06ce5bd50919da7221cda92afb69 in mainline linux
jsg [Fri, 12 Jul 2024 03:59:54 +0000 (03:59 +0000)]
drm/amd/display: Fix uninitialized variables in DM
From Alex Hung
8e5cbc820ab4a0029e0765b47cb2b38354b02527 in linux-6.6.y/6.6.39
f95bcb041f213a5da3da5fcaf73269bd13dba945 in mainline linux
jsg [Fri, 12 Jul 2024 03:58:08 +0000 (03:58 +0000)]
drm/amd/display: Skip finding free audio for unknown engine_id
From Alex Hung
95ad20ee3c4efbb91f9a4ab08e070aa3697f5879 in linux-6.6.y/6.6.39
1357b2165d9ad94faa4c4a20d5e2ce29c2ff29c3 in mainline linux
jsg [Fri, 12 Jul 2024 03:55:50 +0000 (03:55 +0000)]
drm/amd/display: Check pipe offset before setting vblank
From Alex Hung
96bf81cc1bd058bb8af6e755a548e926e934dfd1 in linux-6.6.y/6.6.39
5396a70e8cf462ec5ccf2dc8de103c79de9489e6 in mainline linux
jsg [Fri, 12 Jul 2024 03:53:50 +0000 (03:53 +0000)]
drm/amd/display: Check index msg_id before read or write
From Alex Hung
9933eca6ada0cd612e19522e7a319bcef464c0eb in linux-6.6.y/6.6.39
59d99deb330af206a4541db0c4da8f73880fba03 in mainline linux
jsg [Fri, 12 Jul 2024 03:52:00 +0000 (03:52 +0000)]
drm/amdgpu: Initialize timestamp for some legacy SOCs
From Ma Jun
e55077badb9054630856cbefc099ad148a446648 in linux-6.6.y/6.6.39
2e55bcf3d742a4946d862b86e39e75a95cc6f1c0 in mainline linux
jsg [Fri, 12 Jul 2024 03:50:23 +0000 (03:50 +0000)]
drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc
From Jesse Zhang
855ae72c20310e5402b2317fc537d911e87537ef in linux-6.6.y/6.6.39
88a9a467c548d0b3c7761b4fd54a68e70f9c0944 in mainline linux
jsg [Fri, 12 Jul 2024 03:48:26 +0000 (03:48 +0000)]
drm/amdgpu: Fix uninitialized variable warnings
From Ma Jun
646e13f0a65b1930a4fa838f31bf763dbb4307a3 in linux-6.6.y/6.6.39
60c448439f3b5db9431e13f7f361b4074d0e8594 in mainline linux
miod [Thu, 11 Jul 2024 21:31:52 +0000 (21:31 +0000)]
Despite being an ELF citizen, hppa is its own special snowflake and requires
different asm stanzas to produce strong aliases.
This unbreaks libcrypto (and thus ssh, among other things) on hppa after the
recent switch to LIBRESSL_CRYPTO_NAMESPACE.
yasuoka [Thu, 11 Jul 2024 14:14:56 +0000 (14:14 +0000)]
Update the example because now npppd can be a DAE server.
bluhm [Thu, 11 Jul 2024 14:11:55 +0000 (14:11 +0000)]
Use atomic operations to access integers in sysctl(2).
In sysctl_int_bounded() use atomic operations to load, store, or
swap integer values. By using volatile pointers this will result
in a single assembly instruction, no matter how over optimizing
compilers will become. Note that this does not solve data dependency
problems, nor MP problems in the kernel code using these integers.
For full MP safety additional considerations, memory barriers, or
locks will be needed where the values are used. But for simple
integer in- and output volatile is enough. If new and old value
pointers are given to sysctl, atomic swapping guarantees that
userlands sees the same old value only once. There are more
sysctl_int() functions that have to be adapted.
OK deraadt@ kettenis@
yasuoka [Thu, 11 Jul 2024 14:05:59 +0000 (14:05 +0000)]
Add Dynamic Authorization Extensions (DAE) for RADIUS server feature
to npppd. It can be configured now so that it accepts disconnect
requests and this works together with radiusd_ipcp(8) module. Also
"nas-id" becomes configurable.
tb [Thu, 11 Jul 2024 13:51:47 +0000 (13:51 +0000)]
Adjust regress to match changes in SSL_select_next_proto() args
tb [Thu, 11 Jul 2024 13:50:44 +0000 (13:50 +0000)]
Adjust documentation for SSL_select_next_proto()
Use better argument names, add a link to the relevant standards and add
CAVEATS and BUGS sections pointing out a few pitfalls.
discussed with davidben
ok beck
tb [Thu, 11 Jul 2024 13:48:52 +0000 (13:48 +0000)]
Follow BoringSSL's nomenclature in SSL_select_next_proto()
SSL_select_next_poto() was written with NPN in mind. NPN has a weird
fallback mechanism which is baked into the API. This is makes no sense
for ALPN, where the API behavior is undesirable since it a server
should not end up choosing a protocol it doesn't (want to) support.
Arguably, ALPN should simply have had its own API for protocol selection
supporting the proper semantics, instead of shoehorning an NPN API into
working for ALPN.
Commit https://boringssl-review.googlesource.com/c/boringssl/+/17206/
renamed the arguments to work for both NPN and ALPN, with the slight
downside of honoring client preference instead of the SHOULD in
RFC 7301, section 3.2. This grates for most consumers in the wild,
but so be it. The behavior is saner and safer.
discussed with davidben
ok beck
florian [Thu, 11 Jul 2024 13:38:03 +0000 (13:38 +0000)]
Make sure we are interested in an interface that shows up.
yasuoka [Thu, 11 Jul 2024 13:29:08 +0000 (13:29 +0000)]
Add more attributes to Disconnect-Request following the RFC's
suggestions. Also nas_ipv6 wasn't stored by a mistake.
bentley [Thu, 11 Jul 2024 12:55:33 +0000 (12:55 +0000)]
Document new font module variables MODFONT_FONTFILES and MODFONT_FONTDIR.
ok sthen@
kettenis [Thu, 11 Jul 2024 12:39:53 +0000 (12:39 +0000)]
Turn FBINFO_xxx defines into proper flags. Gets rid of an unwanted
warning introduced by a recent commit to drm_fbdev_dma.c.
ok jsg@
deraadt [Thu, 11 Jul 2024 12:15:25 +0000 (12:15 +0000)]
sync
kettenis [Thu, 11 Jul 2024 12:07:39 +0000 (12:07 +0000)]
Use FEAT_RNG to feed entropy into the random subsystem like we do on amd64.
ok patrick@, deraadt@
florian [Thu, 11 Jul 2024 10:48:51 +0000 (10:48 +0000)]
Be a bit more noisy in syslog on what is going on.
So far dhcp6leased(8) has been completely silent.
Prodding by Brian Conway.
florian [Thu, 11 Jul 2024 10:38:57 +0000 (10:38 +0000)]
Write lease after we configured prefixes.
While here, do not claim we have a ::/0 lease, it confuses the parser.
florian [Thu, 11 Jul 2024 10:37:47 +0000 (10:37 +0000)]
Do not show expired lease information in dhcp6leasectl.
deraadt [Thu, 11 Jul 2024 09:41:07 +0000 (09:41 +0000)]
sync
florian [Thu, 11 Jul 2024 09:39:13 +0000 (09:39 +0000)]
Forgot to initialize status_code in previous.
No STATUS_CODE option from the server means "success", but we are now
using stack garbage, which is usually not "success".
deraadt [Thu, 11 Jul 2024 07:40:03 +0000 (07:40 +0000)]
umoddi3.c is now needed for libz
djm [Wed, 10 Jul 2024 21:58:34 +0000 (21:58 +0000)]
correct keyword; from Yatao Su via GHPR509
martijn [Wed, 10 Jul 2024 20:33:31 +0000 (20:33 +0000)]
Allow pfIfTable to have more than 64 entries.
Taken from pfctl_table.c r1.85 by sashan@
OK tb@
yasuoka [Wed, 10 Jul 2024 18:59:10 +0000 (18:59 +0000)]
Fix the problem that it breaks the event timer because there is no
consideration for new disconnect requests during requesting DAE. The
ipcp module didn't send a DAE request again once DAE request failed.
Also fix log messages.
patrick [Wed, 10 Jul 2024 18:46:42 +0000 (18:46 +0000)]
Extend DMA constraints override to include all SC8280XP and X1E80100 based
machines. The shipped hardware containing ath11k and ath12k WiFi cards all
need to have 32-bit DMA constraints enforced.
ok kettenis@
yasuoka [Wed, 10 Jul 2024 16:30:43 +0000 (16:30 +0000)]
Fix memory leaks, a use after free, accessing outside the region
introduced by recent commits. Found by malloc(3).
jca [Wed, 10 Jul 2024 14:17:58 +0000 (14:17 +0000)]
Zap warning against __findenv usage, it is not exported by libc
The comment probably made sense before guenther restricted the symbols
exported by libc in 2015.
beck [Wed, 10 Jul 2024 13:30:14 +0000 (13:30 +0000)]
Remove the static symbols.namespace, and just generate the _libre_
symbols from symbols.list now that we have everything hidden
ok tb@
krw [Wed, 10 Jul 2024 13:29:23 +0000 (13:29 +0000)]
Add flags NOPERM, STALLED, SWAPPABLE, DOOMED to -v output.
Brings -v output into line with MNT_BITS used in vfs_mount_print().
ok deraadt@
tb [Wed, 10 Jul 2024 13:11:22 +0000 (13:11 +0000)]
Teach symbols test about the namespace
This ensures that when adding public symbols, the magic is not omitted.
with/ok beck