afresh1 [Sun, 26 Nov 2023 16:52:12 +0000 (16:52 +0000)]
Fix read/write past buffer end
From upstream commit:
From
7047915eef37fccd93e7cd985c29fe6be54650b6 Mon Sep 17 00:00:00 2001
From: Karl Williamson <khw@cpan.org>
Date: Sat, 9 Sep 2023 11:59:09 -0600
Subject: [PATCH] Fix read/write past buffer end: perl-security#140
A package name may be specified in a \p{...} regular expression
construct. If unspecified, "utf8::" is assumed, which is the package
all official Unicode properties are in. By specifying a different
package, one can create a user-defined property with the same
unqualified name as a Unicode one. Such a property is defined by a sub
whose name begins with "Is" or "In", and if the sub wishes to refer to
an official Unicode property, it must explicitly specify the "utf8::".
S_parse_uniprop_string() is used to parse the interior of both \p{} and
the user-defined sub lines.
In S_parse_uniprop_string(), it parses the input "name" parameter,
creating a modified copy, "lookup_name", malloc'ed with the same size as
"name". The modifications are essentially to create a canonicalized
version of the input, with such things as extraneous white-space
stripped off. I found it convenient to strip off the package specifier
"utf8::". To to so, the code simply pretends "lookup_name" begins just
after the "utf8::", and adjusts various other values to compensate.
However, it missed the adjustment of one required one.
This is only a problem when the property name begins with "perl" and
isn't "perlspace" nor "perlword". All such ones are undocumented
internal properties.
What happens in this case is that the input is reparsed with slightly
different rules in effect as to what is legal versus illegal. The
problem is that "lookup_name" no longer is pointing to its initial
value, but "name" is. Thus the space allocated for filling "lookup_name"
is now shorter than "name", and as this shortened "lookup_name" is
filled by copying suitable portions of "name", the write can be to
unallocated space.
The solution is to skip the "utf8::" when reparsing "name". Then both
"lookup_name" and "name" are effectively shortened by the same amount,
and there is no going off the end.
This commit also does white-space adjustment so that things align
vertically for readability.
espie [Sun, 26 Nov 2023 16:04:17 +0000 (16:04 +0000)]
mark functions as static when they're unused elsewhere, makes the
code slightly easier to understand.
okay and tweak kn@
kettenis [Sun, 26 Nov 2023 13:47:45 +0000 (13:47 +0000)]
Add a few more RK3588 clocks/resets that are reference by newer device
trees.
ok dlg@
dv [Sun, 26 Nov 2023 13:02:44 +0000 (13:02 +0000)]
vmm(4)/vmx: pass correct vpid value to invvpid.
While vmm's use of invvpid in the vmx vcpu run loop is questionable
since we require and use EPT, the vpid value is unquestionably wrong
in these calls.
ok mlarkin@
jsg [Sun, 26 Nov 2023 05:47:54 +0000 (05:47 +0000)]
regen
jsg [Sun, 26 Nov 2023 05:47:21 +0000 (05:47 +0000)]
drm/i915/rpl: Update pci ids for RPL P/U
From Dnyaneshwar Bhadane
5d5fea7c79a7f7b61a9683784c83d539aca8dafe in mainline linux
kettenis [Sat, 25 Nov 2023 18:12:20 +0000 (18:12 +0000)]
Fix oslog support and be more forgiving when we see messages that we don't
recognize. Fixes booting with newer firmware (such as the firmware
currently installed by the Asahi installer).
ok tobhe@
espie [Sat, 25 Nov 2023 17:43:39 +0000 (17:43 +0000)]
recognize future updatedb tagged packages
millert [Sat, 25 Nov 2023 16:31:33 +0000 (16:31 +0000)]
Update awk to the Nov 24, 2023 version.
florian [Sat, 25 Nov 2023 13:00:05 +0000 (13:00 +0000)]
whitespace; spotted by kn
tb [Sat, 25 Nov 2023 12:05:08 +0000 (12:05 +0000)]
Move ssl_cipher_id_cmp() next to its only caller
It was left alone and forlorn in the middle of other nonsense. Since there
is only one caller (the OBJ_bsearch_ stupidity), it can be static and there
is no need to prototype it in ssl_local.h.
florian [Sat, 25 Nov 2023 12:00:39 +0000 (12:00 +0000)]
First stab at IPv6-only preferred from RFC8925.
This lets dhcpleased(8) request "IPv6-only preferred". If the
server replies with this option dhcpleased stops and does not request
a lease and deconfigures IPv4 on the interface.
For now this is pretty much useless unless one dynamically configures
pf(4) to act as a CLAT. gelatod(8) from ports can help with this.
However, this helps me while hacking on a kernel based stateless CLAT
by moving dhcpleased out of the way while having an IPv6-mostly
network configured to compare behaviour with macOS.
Input jmc
OK phessler
Input & OK sthen
espie [Sat, 25 Nov 2023 11:02:23 +0000 (11:02 +0000)]
forgot to zap really old D/F
espie [Sat, 25 Nov 2023 11:01:22 +0000 (11:01 +0000)]
-h is handled by State.pm, don't try to recognize it
espie [Sat, 25 Nov 2023 10:58:45 +0000 (10:58 +0000)]
check_security has been around long enough, no need to check quirks can
do it
espie [Sat, 25 Nov 2023 10:29:23 +0000 (10:29 +0000)]
reinstate checking the keytype, which I unwittingly dropped a long time ago.
espie [Sat, 25 Nov 2023 10:18:40 +0000 (10:18 +0000)]
reason this is here
espie [Sat, 25 Nov 2023 10:17:59 +0000 (10:17 +0000)]
dead too
espie [Sat, 25 Nov 2023 10:17:38 +0000 (10:17 +0000)]
this is dead since 2016
florian [Sat, 25 Nov 2023 08:14:43 +0000 (08:14 +0000)]
Document that "localhost" only resolves to the loopback addresses.
prodding pb
OK phessler, sthen
Input & OK jmc
dv [Fri, 24 Nov 2023 21:48:25 +0000 (21:48 +0000)]
vmm(4)/vmx: fix memory scribbling by updating GDTR/TR if vcpu moves.
If the vcpu thread sleeps in the kernel, like when handling a nested
page fault and calling uvm_fault(9), the thread may be rescheduled
on another host cpu. vmm(4) was only setting the GDTR and TR bases
in the VMCS once prior to first vm entry, so a thread migration can
result in restoring the wrong GDTR and TR on vm exit for the host
cpu. This results in borked interrupts and corrupted stack pointers,
causing programs to segfault or sigabort. It can also result in
missed ipi's causing kernel deadlocks.
Use similar logic to the SVM routines and check for cpu migration
within the hot loop. Since we're letting the VMX features of the
cpu restore GDTR, we can also drop the manual store/load routines.
Reported and with much appreciated testing help from Mischa Peters.
ok mlarkin@
espie [Fri, 24 Nov 2023 18:19:25 +0000 (18:19 +0000)]
add glue to match usage against actual options, as a debugging facility
miod [Fri, 24 Nov 2023 16:41:12 +0000 (16:41 +0000)]
Remove unneeded symbols.
tobhe [Fri, 24 Nov 2023 14:43:00 +0000 (14:43 +0000)]
Empty IKEv2 DPD messages should not contain extra NONE payloads
from markus@
job [Fri, 24 Nov 2023 14:05:47 +0000 (14:05 +0000)]
Require files to be of a minimum size in the RRDP & RSYNC transports
Picked 100 bytes as a minimum, to accommodate future signature schemes
(such as the smaller P-256) and small files like empty CRLs.
With and OK claudio@ tb@
jmatthew [Fri, 24 Nov 2023 08:47:35 +0000 (08:47 +0000)]
Match on 19h/1xh PSP
ok dlg@
miod [Fri, 24 Nov 2023 07:57:39 +0000 (07:57 +0000)]
No need to load function addresses in registers and branch to the register
contents when there is that nifty instruction called "call"; NFC
miod [Fri, 24 Nov 2023 07:18:49 +0000 (07:18 +0000)]
Remove unused direct map defines and macros, originating from FreeBSD.
ok mlarkin@ kettenis@
schwarze [Fri, 24 Nov 2023 04:53:39 +0000 (04:53 +0000)]
Additional tests of automatic tagging involving different kinds of hyphens
after tag.c rev. 1.38.
schwarze [Fri, 24 Nov 2023 04:48:02 +0000 (04:48 +0000)]
1. Do not put ASCII_HYPH (0x1c) into the tag file.
That happened when tagging a string containing '-' on an input text line,
most commonly in man(7) .TP next line scope.
2. Do not let "\-" end the tag.
In both cases, translate ASCII_HYPH and "\-" to plain '-' for output.
For example, this improves handling of unbound.conf(5).
These two bugs were found thanks to a posting by weerd@.
jmatthew [Fri, 24 Nov 2023 04:34:35 +0000 (04:34 +0000)]
regen
jmatthew [Fri, 24 Nov 2023 04:34:09 +0000 (04:34 +0000)]
Add devices found in 4th generation (Genoa) Epyc systems
input from and ok jsg@
dtucker [Fri, 24 Nov 2023 00:31:30 +0000 (00:31 +0000)]
Plug mem leak of msg when processing a quit message.
Coverity CID#427852, ok djm@
asou [Fri, 24 Nov 2023 00:15:42 +0000 (00:15 +0000)]
Fix comments longer than 80 column.
ok miod@
dlg [Thu, 23 Nov 2023 23:45:10 +0000 (23:45 +0000)]
avoid passing weird mbuf chains to pf when pushing out a veb.
pf expects the ip header to be in the first mbuf of the chain we
pass to pf_test, but in some situations the ethernet header is the
only data in the first mbuf. after we remove the ethernet header,
the first mbuf had no data in it which confused pf. fix this by
passing all packets to ip_check on output as well as input. ip input
handlers do all the necessary m_pullups.
found by Mark Patruck.
patrick [Thu, 23 Nov 2023 19:54:30 +0000 (19:54 +0000)]
A mountroot hook unsets ci->ci_opp_table in case clocks or regulators
aren't available, so we have to continue to check its existence on each
kstat read.
ok dlg@
florian [Thu, 23 Nov 2023 16:30:12 +0000 (16:30 +0000)]
tweak previous; suggested by jmc
deraadt [Thu, 23 Nov 2023 15:02:57 +0000 (15:02 +0000)]
now always needs sys/task.h
jsg [Thu, 23 Nov 2023 14:24:06 +0000 (14:24 +0000)]
match on Alder Lake-N ids
tested-by and ok sthen@
jsg [Thu, 23 Nov 2023 14:22:30 +0000 (14:22 +0000)]
regen
jsg [Thu, 23 Nov 2023 14:21:47 +0000 (14:21 +0000)]
add Alder Lake-N ids
from:
Intel Processor and Intel Core i3 N-Series
Datasheet, Volume 1 of 2, Doc. No.: 759603, Rev.: 001
ok sthen@
job [Thu, 23 Nov 2023 13:01:15 +0000 (13:01 +0000)]
Don't set directory modtimes to match the source
When syncing against remote repositories, the modtimes of the
remote directories is irrelevant. In the RRDP protocol the directory
modtimes aren't signalled either. This should save some IOPS.
OK tb@
job [Thu, 23 Nov 2023 11:59:53 +0000 (11:59 +0000)]
Add --omit-dir-times / -O
OK claudio@
espie [Thu, 23 Nov 2023 09:44:08 +0000 (09:44 +0000)]
need to represent the option for it to actually make it into the package
jsg [Thu, 23 Nov 2023 05:09:30 +0000 (05:09 +0000)]
regen
jsg [Thu, 23 Nov 2023 05:08:56 +0000 (05:08 +0000)]
add another Van Gogh device id
1435 rev ae is "Custom GPU 0932"
found in Windows driver for Steam Deck OLED APU
dlg [Thu, 23 Nov 2023 03:38:34 +0000 (03:38 +0000)]
add an endpoint command for "bridges" that use addresses as endpoints.
this can be used to add static entries on interfaces like vxlan(4).
dtucker [Thu, 23 Nov 2023 03:37:05 +0000 (03:37 +0000)]
Include existing mux path in debug message.
dlg [Thu, 23 Nov 2023 03:36:42 +0000 (03:36 +0000)]
non-standard vxlan port is set on the tunnel src address
dlg [Thu, 23 Nov 2023 03:22:14 +0000 (03:22 +0000)]
add support for specifying ports on the src address in tunnel endpoints.
dlg [Thu, 23 Nov 2023 01:00:44 +0000 (01:00 +0000)]
provide operating performance point info about each cpu via kstats.
if there's a device tree and it provides information about cpu
speed, expose those stats. this is particularly useful on big.little
or systems with multiple clusters/clock domains or cores that can
scale indepenently because it can report the actual speed each cpu
is operating at independently.
ok patrick@ who used an earlier version of this diff to work on cpu
scaling on an rk3588 system.
dlg [Thu, 23 Nov 2023 00:47:13 +0000 (00:47 +0000)]
expose the state of thermal zones as kstats.
this makes it a bit more obvious how much head room you have for
things like cpu performance scaling.
the information provided at the moment is more useful for developers
working on cpu scaling, but it should improve as i get my head
around more of these things.
patrick@ and kettenis@ like the idea.
bluhm [Wed, 22 Nov 2023 18:50:10 +0000 (18:50 +0000)]
Fix race when initializing TSC.
During boot TSC initialization could fail with panic: tsc_test_sync_ap:
cpu2: tsc_ap_name is not NULL: cpu1.
The root cause is a race between the moment the application processor
sets CPUF_IDENTIFIED in cpu_hatch() and the moment the boot processor
checks CPUF_IDENTIFIED in cpu_start_secondary() before the TSC sync
test.
The fix is to set CPUF_IDENTIFIED before clearing CPUF_IDENTIFY in
cpu_hatch().
from hshoexer@ cheloha@; OK deraadt@ mlarkin@
op [Wed, 22 Nov 2023 18:23:09 +0000 (18:23 +0000)]
typo: mutiple -> multiple
from Ryan Kavanagh (rak [at] debian [dot] org), ok tb@
tobhe [Wed, 22 Nov 2023 18:22:53 +0000 (18:22 +0000)]
regen
tobhe [Wed, 22 Nov 2023 18:19:25 +0000 (18:19 +0000)]
Add support for keyboard backlight hotkeys in wskbd and hook up macppc apple
keyboards.
From jon (at) elytron (dot) openbsd (dot) amsterdam with some changes by me
ok gkoehler@
tobhe [Wed, 22 Nov 2023 18:14:35 +0000 (18:14 +0000)]
Add support for keyboard backlight on Apple Powerbooks.
From jon (at) elytron (dot) openbsd (dot) amsterdam
ok gkoehler@
florian [Wed, 22 Nov 2023 18:06:44 +0000 (18:06 +0000)]
Recognize option ipv6-only-preferred (RFC8925).
"option option-108 00:00:07:08;" is unwieldy and error prone.
OK denis, kn, deraadt
tb [Wed, 22 Nov 2023 15:55:28 +0000 (15:55 +0000)]
Unhook and remove the now even more useless ssl_algs.c than it was before.
ok jsing
tb [Wed, 22 Nov 2023 15:53:53 +0000 (15:53 +0000)]
Make SSL_library_init() a wrapper of OPENSSL_init_ssl()
This way it doesn't do nonsensical work for all those who cargo culted an
init sequence. There's no point in having SSL_library_init() as a cheaper
version of OPENSSL_init_ssl(): once you do crypto, you'll init crypto...
Also move the now trivial implementation to ssl_init.c which has a good
license.
ok jsing
tb [Wed, 22 Nov 2023 15:49:47 +0000 (15:49 +0000)]
Stop calling SSL_library_init() from OPENSSL_init_ssl_internal()
It's pointless: all the ciphers and digests added by SSL_library_init()
are already added by OPENSSL_init_crypto(), which was already called at
that point.
ok jsing
tb [Wed, 22 Nov 2023 15:43:42 +0000 (15:43 +0000)]
Move SSL_library_init() next to OPENSSL_init_ssl()
Its current position makes no sense and it will become a wrapper of the
latter in a subsequent commit.
ok jsing
florian [Wed, 22 Nov 2023 13:19:31 +0000 (13:19 +0000)]
Set correct errno field in struct asr_result.
Otherwise gethostbyname(3) returns stack garbage when it is called
with an invalid host name, indicating success.
Problem observed in segfaulting ifconfig(8) by bluhm.
espie [Wed, 22 Nov 2023 11:18:37 +0000 (11:18 +0000)]
Prepare to do the updatedb stuff as an @option, so that the code is less ad-hoc
kn [Wed, 22 Nov 2023 02:20:54 +0000 (02:20 +0000)]
Piping single file to standard out needs no "proc exec"
'-o -' now means no "ftp> " shell, so no "|some cmd" files, "!some cmd" or
"page" commands.
OK millert
kn [Wed, 22 Nov 2023 02:16:20 +0000 (02:16 +0000)]
Do not drop into "ftp> " shell when piping to stdandard output
'-o -' is orthogonal to an interactive prompt, yet some (malformed) URLs
such as ftp://host/ would still end up there; exit after processing the
first file/URL to prevent this.
sthen deraadt agree
OK millert
millert [Wed, 22 Nov 2023 01:01:21 +0000 (01:01 +0000)]
Update awk to the Nov 20, 2023 version.
This includes a rewrite of the fnematch() function as well as a
refactoring of the sub and gsub implementation.
tb [Tue, 21 Nov 2023 22:17:15 +0000 (22:17 +0000)]
ec_print.c: Unwrap a line
tb [Tue, 21 Nov 2023 22:05:33 +0000 (22:05 +0000)]
Inline a better version of print_bin() in only caller
Instead of printing to a temporary buffer with weird gymnastics, we can
simply write things out to the BIO using proper indent. This still isn't
perfect since we have a CBS version of this in ecx_buf_print(), which is
basically what used to be ASN1_buf_print(). Annotate this with an XXX for
future cleanup.
ok beck
tb [Tue, 21 Nov 2023 17:56:19 +0000 (17:56 +0000)]
Make a few purpose things const
This should allow us to constify a sizable table in libcrypto in an
upcoming bump.
tb [Tue, 21 Nov 2023 16:31:31 +0000 (16:31 +0000)]
Fix a <= 5-byte buffer overwrite in print_bin()
If the offset is > 124, this function would overwrite between 1 and 5 bytes
of stack space after str[128]. So for a quick fix extend the buffer by 5
bytes. Obviously this is the permanent fix chosen elswehere. The proper fix
will be to rewrite this function from scratch.
Reported in detail by Masaru Masuda, many thanks!
Fixes https://github.com/libressl/openbsd/issues/145
begrudging ok from beck
florian [Tue, 21 Nov 2023 15:26:56 +0000 (15:26 +0000)]
Do not short-circuit localhost resolution when AI_NUMERICHOST is set.
localhost is not a valid IP address and so getaddrinfo(3) has to fail.
Found by anton in pfctl & ipsecctl regress.
OK anton
bluhm [Tue, 21 Nov 2023 14:00:13 +0000 (14:00 +0000)]
Fix kernel build without option PTRACE, but with dt(4).
Since revision 1.26 dt_ioctl_get_auxbase() is calling process_domem().
Build the latter function into kernel if pseudo device dt is enabled.
from Matthias Pitzl; OK claudio@
martijn [Tue, 21 Nov 2023 08:49:08 +0000 (08:49 +0000)]
Set sc_rtfilter to specific ROUTE_FILTER() values, as was originally
intended, instead of filtering out everything.
OK sthen@
martijn [Tue, 21 Nov 2023 08:47:04 +0000 (08:47 +0000)]
Make RTFILTER/filter-routes a simple boolean assignment, since the
specific value isn't used anymore, and is just used to generate an
argument for snmpd_metrics.
OK tb@
jmatthew [Tue, 21 Nov 2023 08:46:06 +0000 (08:46 +0000)]
Add '-e' (or -eltorito-boot-efi) option for writing an EFI eltorito boot
image, in addition to or instead of the x86 boot image, to the output file.
Per the UEFI standard, the EFI boot image should be an image of an EFI
System Partition to be loaded in no-emulation mode, so we always record it
that way rather than checking if it looks like a floppy image.
with, tested by and ok yasuoka@
strong encouragement from deraadt@
jsg [Tue, 21 Nov 2023 02:32:56 +0000 (02:32 +0000)]
drm/syncobj: fix DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE
From Erik Kurzinger
3bbf06efb8ed88fbafe7b10b79837b8300372f94 in linux-6.1.y/6.1.63
101c9f637efa1655f55876644d4439e552267527 in mainline linux
jsg [Tue, 21 Nov 2023 02:30:21 +0000 (02:30 +0000)]
drm/amd/display: Bail from dm_check_crtc_cursor if no relevant change
From Michel Daenzer
03e334565d2d67673d7405b5b4a746da0fc20f71 in linux-6.1.y/6.1.63
bc0b79ce2050aa523c38c96b6d26340a96bfbdca in mainline linux
jsg [Tue, 21 Nov 2023 02:28:24 +0000 (02:28 +0000)]
drm/amd/display: Refactor dm_get_plane_scale helper
From Michel Daenzer
a99afba394a9b014eafaca2aa83495d651054bb1 in linux-6.1.y/6.1.63
ec4d770bbb155674c2497f255f4199bdc42287a9 in mainline linux
jsg [Tue, 21 Nov 2023 02:26:43 +0000 (02:26 +0000)]
drm/amd/display: Check all enabled planes in dm_check_crtc_cursor
From Michel Daenzer
896066202757b5c890ee670840ba985d48da2e0e in linux-6.1.y/6.1.63
003048ddf44b1a6cfa57afa5a0cf40673e13f1ba in mainline linux
jsg [Tue, 21 Nov 2023 02:23:24 +0000 (02:23 +0000)]
drm/amdkfd: fix some race conditions in vram buffer alloc/free of svm code
From Xiaogang Chen
9eae81af9243aabb75bdf638fd773cdee0907f92 in linux-6.1.y/6.1.63
7bfaa160caed8192f8262c4638f552cad94bcf5a in mainline linux
jsg [Tue, 21 Nov 2023 02:22:04 +0000 (02:22 +0000)]
drm/radeon: possible buffer overflow
From Konstantin Meskhidze
341e79f8aec6af6b0061b8171d77b085835c6a58 in linux-6.1.y/6.1.63
dd05484f99d16715a88eedfca363828ef9a4c2d4 in mainline linux
jsg [Tue, 21 Nov 2023 02:18:47 +0000 (02:18 +0000)]
add more product names in comments
kettenis [Mon, 20 Nov 2023 20:41:18 +0000 (20:41 +0000)]
Handle rx error.
ok miod@
jca [Mon, 20 Nov 2023 19:29:18 +0000 (19:29 +0000)]
Stop erroring out when .gcc_except_table relocs point at discarded sections
lang/gcc on riscv64 has a wart, it creates such relocs which upset ld.lld.
The workaround I have used in lang/gcc since Sep 2022 doesn't work any
more, so ask ld.lld to be more lenient. This will let the fortran ports
and friends build on riscv64. clang has fixed since some time already,
but our lang/gcc port will likely keep that wart for some time.
Upstream report: https://reviews.llvm.org/D83244
Input and ok kettenis@
kn [Mon, 20 Nov 2023 17:48:27 +0000 (17:48 +0000)]
Include <dev/efi/efiio.h> to pretty print EFIIOC_* ioctls
No base usage yet, only efivar(1) from sysutils/efivar.
OK guenther
kn [Mon, 20 Nov 2023 17:43:51 +0000 (17:43 +0000)]
Sort includes, <scsi/scsi_all.h> before <dev/*>
For/OK guenther
miod [Mon, 20 Nov 2023 16:11:45 +0000 (16:11 +0000)]
Revert 1.18 and randomly sort kernel object files again now that the issue
has been addressed.
miod [Mon, 20 Nov 2023 16:10:37 +0000 (16:10 +0000)]
Make sure the low two bits of stvec are always zero (since we don't use
vectored exceptions) by adding an alignment constraint to cpu_exception_handler.
claudio [Mon, 20 Nov 2023 14:41:55 +0000 (14:41 +0000)]
Rename struct imsgbuf *ibuf to *imsgbuf. Same was done in bgpd.
OK tb@
claudio [Mon, 20 Nov 2023 14:40:52 +0000 (14:40 +0000)]
KNF, fix long line.
OK tb@
claudio [Mon, 20 Nov 2023 14:18:21 +0000 (14:18 +0000)]
KNF
florian [Mon, 20 Nov 2023 12:15:16 +0000 (12:15 +0000)]
localhost is either 127.0.0.1 or ::1, nothing else.
RFC 6761, 6.3 Domain Name Reservation Considerations for "localhost.":
3. Name resolution APIs and libraries SHOULD recognize localhost
names as special and SHOULD always return the IP loopback address
for address queries and negative responses for all other query
types. Name resolution APIs SHOULD NOT send queries for
localhost names to their configured caching DNS server(s).
This makes sure that the getaddrinfo(3) and gethostbyname(3) family of
functions always return the loopback address and do not send queries
to name servers. This includes "localhost", "localhost." and
everything under ".localhost" and ".localhost.".
For example, a host underneath the .com.ar zone will per default have
a search list of "com.ar.". resolv.conf(5) has a default of "lookup
bind file". Both combined will result in lookups for "localhost" to
not return 127.0.0.1 because localhost.com.ar is registered in DNS.
It has been known for decades that this is a problem, especially for
localhost.
Problem recently spotted by gonzalo@ and debugged by sthen@
Testing sthen, gonzalo
Input & OK phessler, eric, millert
OK sthen, kn, deraadt
martijn [Mon, 20 Nov 2023 10:34:21 +0000 (10:34 +0000)]
Add a couple of tests for handling of tcp connections.
martijn [Mon, 20 Nov 2023 10:32:45 +0000 (10:32 +0000)]
In snmpe_writecb, don't call snmpe_prepare_read() when there's still
data left inside sm_data. If there's an incomplete packet left in the
buffer it will be called from snmpe_tryparse, if there's a complete
packet left we can end up with new events from the tcp socket, which the
tcp subsystem isn't prepared to handle.
OK tb@
kettenis [Mon, 20 Nov 2023 10:11:03 +0000 (10:11 +0000)]
Code changes between llvm 13 and 16 mean that we have to drop the final dot
for the .openbsd.randomdata and .openbsd.mutable section merging code.
ok jca@
jca [Mon, 20 Nov 2023 04:53:11 +0000 (04:53 +0000)]
Restore lost patch: downgrade RISCV ABI mismatch error to a warning
This lets lld link code with object files created with ld -b binary,
as used by several ports (mupdf, postgresql-pllua, various games).
Upstream report with an unfinished diff: https://reviews.llvm.org/
D106378
ok gkoehler@ kettenis@
djm [Mon, 20 Nov 2023 02:50:00 +0000 (02:50 +0000)]
set errno=EAFNOSUPPORT when filtering addresses that don't match
AddressFamily; yields slightly better error message if no address
matches. bz#3526
jsg [Mon, 20 Nov 2023 01:35:21 +0000 (01:35 +0000)]
only enable bti and pac by default on arm64
before this change, clang on armv7 defined __ARM_FEATURE_BTI_DEFAULT and
__ARM_FEATURE_PAC_DEFAULT which broke the build of llvm libunwind
ok kettenis@ deraadt@
tb [Mon, 20 Nov 2023 01:20:19 +0000 (01:20 +0000)]
Still need engine.h for ENGINE_free()
But do away with the OPENSSL_NO_ENGINE dance.