jsg [Tue, 23 Nov 2021 00:17:59 +0000 (00:17 +0000)]
avoid clang -Wsometimes-uninitialized warnings in fms(4)
feedback and ok millert@
jcs [Mon, 22 Nov 2021 22:12:37 +0000 (22:12 +0000)]
use ISC license for ubcmtp
tobhe [Mon, 22 Nov 2021 20:51:48 +0000 (20:51 +0000)]
MOBIKE is RFC 4555.
kettenis [Mon, 22 Nov 2021 20:25:50 +0000 (20:25 +0000)]
Enable iicmux(4) and pcyrtc(4).
kettenis [Mon, 22 Nov 2021 20:24:41 +0000 (20:24 +0000)]
pcyrtc(4)
kettenis [Mon, 22 Nov 2021 20:20:20 +0000 (20:20 +0000)]
Add pcyrtc(4), a driver for the NXP PCF85063A/TP RTC chips.
ok patrick@
kettenis [Mon, 22 Nov 2021 20:19:23 +0000 (20:19 +0000)]
Remove unused header files and make some cosmetic changes.
ok patrick@
jca [Mon, 22 Nov 2021 20:18:27 +0000 (20:18 +0000)]
Implement rfc6840 (AD flag processing) if using trusted name servers
libc can't do DNSSEC validation but it can ask a "security-aware"
resolver to do so. Let's send queries with the AD flag set when
appropriate, and let applications look at the AD flag in responses in
a safe way, ie clear the AD flag if the resolvers aren't trusted.
By default we only trust resolvers if resolv.conf(5) only lists name
servers on localhost - the obvious candidates being unwind(8) and
unbound(8). For non-localhost resolvers, an admin who trusts *all the
name servers* listed in resolv.conf(5) *and the network path leading to
them* can annotate this with "options trust-ad".
AD flag processing gives ssh -o VerifyHostkeyDNS=Yes a chance to fetch
SSHFP records in a secure manner, and tightens the situation for other
applications, eg those using RES_USE_DNSSEC for DANE. It should be
noted that postfix currently assumes trusted name servers by default and
forces RES_TRUSTAD if available.
RES_TRUSTAD and "options trust-ad" were first introduced in glibc by
Florian Weimer. Florian Obser (florian@) contributed various
improvements, fixed a bug and added automatic trust for name servers on
localhost.
ok florian@ phessler@
job [Mon, 22 Nov 2021 19:32:32 +0000 (19:32 +0000)]
Fix typo
thanks Matthias Schmidt
kettenis [Mon, 22 Nov 2021 19:22:59 +0000 (19:22 +0000)]
Hack alert! Apple M1 systems still don't work with an MP kernel.
In order to make progress (and protect myself from things dumping cores
left and right when I run sysupgrade) abuse the hw.smt mechanism to
only schedule processes on the primary CPU.
ok deraadt@, patrick@
kettenis [Mon, 22 Nov 2021 18:42:16 +0000 (18:42 +0000)]
Add regress test for futexes in shared anonymous memory.
ok mpi@
visa [Mon, 22 Nov 2021 17:15:05 +0000 (17:15 +0000)]
Revert poll(2) back to the original implementation
The translation to and from kqueue still has major shortcomings.
Discussed with deraadt@
schwarze [Mon, 22 Nov 2021 16:19:54 +0000 (16:19 +0000)]
new manual page ASN1_NULL_new(3), also documenting ASN1_NULL_free(3)
visa [Mon, 22 Nov 2021 14:59:03 +0000 (14:59 +0000)]
Translate POLLNVAL in ppollcollect()
This makes the kqueue-based poll(2) behave more similarly to the old
code when a monitored file descriptor is closed by another thread.
OK mpi@
visa [Mon, 22 Nov 2021 14:57:17 +0000 (14:57 +0000)]
Let futex_wait() run without kernel lock
The KERNEL_LOCK() is no longer necessary with rwsleep() and PCATCH
because the sleep machinery now does the locking internally.
OK mpi@
jsg [Mon, 22 Nov 2021 14:00:52 +0000 (14:00 +0000)]
avoid uninitialised variable use in igc(4)
read icr reg before testing bit in result
add missing block in rxeof from ix
ok kevlo@ patrick@
schwarze [Mon, 22 Nov 2021 14:00:27 +0000 (14:00 +0000)]
new manual page a2d_ASN1_OBJECT(3);
while here, add a few STANDARDS references
bluhm [Mon, 22 Nov 2021 13:47:10 +0000 (13:47 +0000)]
Copy code from ip_forward() to ip6_forward() to fix Path MTU discovery
in IPsec IPv6 tunnel. Implement sending ICMP6 packet too big
messages. Also implement the pf error case in ip6_forward(). While
there, do some cleanup and make the IPv4 and IPv6 code look similar.
OK tobhe@
jsg [Mon, 22 Nov 2021 12:56:04 +0000 (12:56 +0000)]
move PFR_TFLAG_CONST test, missed in rev 1.138
prompted by uninitialised var found by bluhm@ running regress on sparc64
ok sashan@
dv [Mon, 22 Nov 2021 12:55:40 +0000 (12:55 +0000)]
vmm(4): copyout guest state on VM_EXIT_NONE
Partly related to a bug reported by kn@. We should be copying out
the guest exit state (including registers) when we succesfully
return from the vcpu run loop even if we don't require an emulation
assist from userland/vmd(8). This condition was introduced when I
removed the use of yield() and instead exit the kernel if the
scheduler says we've hogged the cpu.
ok mlarkin@
schwarze [Mon, 22 Nov 2021 12:06:51 +0000 (12:06 +0000)]
document ASN1_OBJECT_create(3)
mglocker [Mon, 22 Nov 2021 11:46:11 +0000 (11:46 +0000)]
M_USB -> M_USBHC
anton [Mon, 22 Nov 2021 11:30:16 +0000 (11:30 +0000)]
Drop the old problematic claim multiple report ids logic now that all
uhidev drivers have been fixed.
anton [Mon, 22 Nov 2021 11:29:17 +0000 (11:29 +0000)]
Add missing claim multiple report ids conditionals to uhidev drivers.
espie [Mon, 22 Nov 2021 11:17:39 +0000 (11:17 +0000)]
explain about the new defaults for PKGNAME-sub
espie [Mon, 22 Nov 2021 11:07:50 +0000 (11:07 +0000)]
gc parts that reference "describe"
stsp [Mon, 22 Nov 2021 11:01:12 +0000 (11:01 +0000)]
Make iwx(4) update an Rx BA session's last_rx timestamp when a frame
is received which matches the session.
Same change as just made in iwm(4).
stsp [Mon, 22 Nov 2021 11:00:50 +0000 (11:00 +0000)]
Make iwm(4) update an Rx BA session's last_rx timestamp when a frame
is received which matches the session.
Tested by myself and bket@
stsp [Mon, 22 Nov 2021 10:54:36 +0000 (10:54 +0000)]
Let iwx(4) use per-Tx-queue interface timers to ensure that the interface
watchdog will trigger a device timeout if a particular Tx queue gets stuck
while other Tx queues keep working.
The Linux driver is using a similar workaround for "stuck queues".
Tested by myself and jmc@
stsp [Mon, 22 Nov 2021 10:47:55 +0000 (10:47 +0000)]
In iwx(4), fix off-by-one errors during TID value bounds checks.
The TID is used as an array index and, according to the Linux driver,
must be smaller than IWX_MAX_TID_COUNT (8). The AP might request an Rx
aggregation session using TID 8. Our driver uses the TID as an index into
an array of IEEE80211_NUM_TID (16) elements, and hence would not crash.
However, the index is exposed to firmware which could potentially crash
or raise an assertion failure for values >= 8.
ok kettenis@
stsp [Mon, 22 Nov 2021 10:31:58 +0000 (10:31 +0000)]
Fix iwx(4) Tx ring array size which was one entry too short.
Fortunately, this bug was harmless. The last Tx agg queue is never used
because ieee80211_classify() only returns TID values in the range 0 - 3.
And iterations over the txq array use nitems() to find the upper bound.
The possiblity of shrinking the txq array by 4 elements to get rid of
unused Tx agg queues could be investigated later.
For now, just fix the off-by-one error.
ok kettenis@
stsp [Mon, 22 Nov 2021 10:23:42 +0000 (10:23 +0000)]
Let iwm(4) resume directly in DVACT_WAKEUP instead of running the init task.
Same change as made for iwx(4) some time ago.
tested by myself and bket@
mglocker [Mon, 22 Nov 2021 10:17:14 +0000 (10:17 +0000)]
Align memory allocation for USB device drivers and USB HC drivers:
* USB device drivers use M_USBDEV instead of M_DEVBUF.
* USB HC drivers use M_USBHC instead of M_DEVBUF.
In a vanilla setup, this enlarges the USB memory pool.
ok anton@
tb [Mon, 22 Nov 2021 08:26:08 +0000 (08:26 +0000)]
acme-client: use BIO_number_written(bio) instead of bio->num_write.
Avoid awkward line wrapping by removing awkward else if chaining.
ok claudio florian
jsg [Mon, 22 Nov 2021 03:30:20 +0000 (03:30 +0000)]
avoid clang -Wsometimes-uninitialized warning with SMALL_KERNEL
jan [Sun, 21 Nov 2021 23:44:55 +0000 (23:44 +0000)]
improve legibility of structs in several manpages
General uses tabs for general indentation and 4 spaces
on tight spots. Also uses extra space to align pointers
and non-pointers as we do this on certain places in our
source.
with improvements from schwarze@
OK schwarze@
deraadt [Sun, 21 Nov 2021 23:07:11 +0000 (23:07 +0000)]
correct the vnd-on-vnd dev_t test, and avoid leaking a cred in an
obscure condition
ok tb
deraadt [Sun, 21 Nov 2021 23:06:24 +0000 (23:06 +0000)]
sync
jmc [Sun, 21 Nov 2021 23:02:50 +0000 (23:02 +0000)]
sort SEE ALSO;
tobhe [Sun, 21 Nov 2021 22:44:08 +0000 (22:44 +0000)]
Add 'ikectl show certinfo' to show trusted CAs and certificates.
This helps debug authentication issues with x509 certificates.
ok markus@
tb [Sun, 21 Nov 2021 22:34:30 +0000 (22:34 +0000)]
Tweak for opaque EVP_MD: use EVP_MD_type(dgst) instead of dgst->type.
kettenis [Sun, 21 Nov 2021 22:27:16 +0000 (22:27 +0000)]
Mention iicmux(4).
requested by & ok jmc@
tb [Sun, 21 Nov 2021 21:40:45 +0000 (21:40 +0000)]
Prepare ssltest for opaque DH
schwarze [Sun, 21 Nov 2021 17:35:53 +0000 (17:35 +0000)]
In asn1.h rev. 1.55 and asn1/a_time.c rev. 1.28, beck@
provided ASN1_TIME_diff(3). Merge the documentation from
the OpenSSL 1.1.1 branch, which is still under a free license.
mvs [Sun, 21 Nov 2021 16:17:48 +0000 (16:17 +0000)]
Add the new `ipsec_exctdb' ipsec(4) counter to count and expose to the
userland the TDBs which exceeded hard limit.
Also the `ipsec_notdb' counter description in header doesn't math to
netstat(1) description. We never count `ipsec_notdb' and the netstat(1)
description looks more appropriate so it's used to avoid confusion with
the new counter.
ok bluhm@
cheloha [Sun, 21 Nov 2021 16:15:43 +0000 (16:15 +0000)]
tee(1): use idiomatic write loop
tee(1) handles partial writes correctly, but the more idiomatic write
loop is shorter and easier to audit than this heterodox approach.
ok millert@
schwarze [Sun, 21 Nov 2021 15:16:45 +0000 (15:16 +0000)]
oops, i forgot the STANDARDS section
schwarze [Sun, 21 Nov 2021 15:11:01 +0000 (15:11 +0000)]
new manual page d2i_ASN1_BOOLEAN(3) also documenting i2d_ASN1_BOOLEAN(3)
martijn [Sun, 21 Nov 2021 13:33:53 +0000 (13:33 +0000)]
getaddrinfo doesn't resolve numeric hostname in the !AI_NUMERICHOST case
if family in resolv.conf is not set to its specific family.
e.g. 0.0.0.0 will not resolve if family is set to "family inet6"
Fix this by first trying to resolve with AI_NUMERIC set and if EAI_NONAME
is returned (it's an actual hostname) retry with an empty ai_flags.
bug reported by and OK sthen@
tb [Sun, 21 Nov 2021 11:55:00 +0000 (11:55 +0000)]
wycheproof: modify RSA tests to work with opaque RSA struct
tb [Sun, 21 Nov 2021 11:41:18 +0000 (11:41 +0000)]
wycheproof.go: modify some DSA and ECDSA code to work with opaque structs
kettenis [Sun, 21 Nov 2021 11:10:35 +0000 (11:10 +0000)]
iicmux(4)
kettenis [Sun, 21 Nov 2021 11:02:21 +0000 (11:02 +0000)]
Add iicmux(4), a driver that switches between I2C busses connected to
a single I2C controller by using the pin muxing facilities of an SoC.
ok visa@
kettenis [Sun, 21 Nov 2021 11:00:40 +0000 (11:00 +0000)]
Register i2c bus.
ok jsg@
espie [Sun, 21 Nov 2021 10:15:52 +0000 (10:15 +0000)]
temporarily reallow "empty" flavor parts so that rsync-- works again
(I really need to split that code off)
jmc [Sun, 21 Nov 2021 06:48:15 +0000 (06:48 +0000)]
smtpd-filters.7 referred to itself internally as just filters(7): fix that,
and put some Xr in smtpd.conf.5 so people can find it;
from leon fischer
visa [Sun, 21 Nov 2021 06:21:01 +0000 (06:21 +0000)]
Add tests for concurrent closing of a poll/select monitored fd.
bluhm [Sun, 21 Nov 2021 02:54:56 +0000 (02:54 +0000)]
Fix whitespace and long lines.
krw [Sat, 20 Nov 2021 21:35:52 +0000 (21:35 +0000)]
Gather the setup of the initial OpenBSD MBR partition into one
location within MBR_init(), ensuring that MBR_init() creates an
OpenBSD MBR partition only when there is space for it.
No functional change.
tobhe [Sat, 20 Nov 2021 20:44:33 +0000 (20:44 +0000)]
Fix some strdup() leaks in ocsp config option.
ok markus@
jmc [Sat, 20 Nov 2021 19:15:55 +0000 (19:15 +0000)]
since it's unlikely that i'll get away with changing fortune's real usage to
the string below (unfortunately), settle for making it more realistic: Usage->usage
-Usage: fortune -P [] -a [xsz] [Q: [file]] [rKe9] -v6[+] dataspec ... inputdir
+usage: fortune -P [] -a [xsz] [Q: [file]] [rKe9] -v6[+] dataspec ... inputdir
jmc [Sat, 20 Nov 2021 19:11:33 +0000 (19:11 +0000)]
install smtpd-filters.7;
cleanup/push from larry hynes;
gilles agreed the page is suitable for installation;
tb [Sat, 20 Nov 2021 18:39:48 +0000 (18:39 +0000)]
sort
krw [Sat, 20 Nov 2021 18:35:55 +0000 (18:35 +0000)]
No need for intermediate 'adj' variable. Add 'disksz'
intermediate variable to make MBR_init() code clearer and lay
more groundwork for upcoming functional enhancements.
No functional change.
jsing [Sat, 20 Nov 2021 18:10:52 +0000 (18:10 +0000)]
Provide the bytestring APIs for libcrypto internal use.
Bring a copy of the bytestring APIs (CBB/CBS) from libssl, for use in
libcrypto - these are not exposed publicly.
Discussed with beck@ and tb@
tb [Sat, 20 Nov 2021 18:10:48 +0000 (18:10 +0000)]
Convert openssl(1) to using BN_GENCB on the heap
This is three times the same thing while genrsa needs some extra steps
to deal with opaque BIGNUMs. We can also garbage collect some Win 3.1
contortions and use the conversion routines directly instead of doing
them manually.
ok jsing
florian [Sat, 20 Nov 2021 17:54:40 +0000 (17:54 +0000)]
Send default client identifier when a config file is present but no
client identifier is configured like the man page claims we would do.
Problem found and patch by Joel Knight (knight.joel AT gmail), thanks!
tb [Sat, 20 Nov 2021 16:36:55 +0000 (16:36 +0000)]
Switch to BIO_up_ref() instead of adjusting references manually.
tb [Sat, 20 Nov 2021 16:32:55 +0000 (16:32 +0000)]
Use BIO_up_ref() instead of adjusting refcounts manually
tb [Sat, 20 Nov 2021 15:55:00 +0000 (15:55 +0000)]
typo in comment
krw [Sat, 20 Nov 2021 15:29:45 +0000 (15:29 +0000)]
Sectors-per-cylinder (spc) is a constant value, so make it const
and use it instead of calculating it twice in MBR_init().
No functional change.
schwarze [Sat, 20 Nov 2021 13:06:26 +0000 (13:06 +0000)]
Document ASN1_INTEGER_cmp(3) and ASN1_INTEGER_dup(3).
While here, also improve the description of ASN1_INTEGER_set(3)
and add a BUGS section explaining that several of these functions
do not provide type safety.
schwarze [Sat, 20 Nov 2021 11:49:08 +0000 (11:49 +0000)]
Improve the description of ASN1_OCTET_STRING_cmp(3),
ASN1_OCTET_STRING_dup(3), and ASN1_OCTET_STRING_set(3).
Explicitly say that they do not provide any type safety
and explain what that means.
kn [Sat, 20 Nov 2021 11:47:02 +0000 (11:47 +0000)]
Start on DOWN interfaces
Do not skip interfaces during startup because they're not UP.
dhcpd(8) can start listening on such interfaces just fine (given suitable
IPs on them) and interfaces may come UP later in time.
Otherwise dhcpd would fail to start completely if it didn't find any
interface that would be UP early on and administrators had to restart dhcpd.
Other daemons and nc(1)'s `-l' listen just fine on DOWN interfaces as well.
Noticed while switching a bridge(4)/vether(4) setup to veb(4)/vport(4) and
hostname.vport without explicit "up" (vport does not implicitly pulls itself
UP when configuring an address).
OK dlg florian
jcs [Sat, 20 Nov 2021 03:13:37 +0000 (03:13 +0000)]
When cmdfile is specified, use lines from it for all input, not just
commands. This allows complex actions like changing device
parameters to be done with a command file.
beck [Sat, 20 Nov 2021 01:10:49 +0000 (01:10 +0000)]
Make these files compile - not hooked up to build yet.
ok jsing@ tb@
tb [Fri, 19 Nov 2021 23:15:59 +0000 (23:15 +0000)]
isakmpd: stop reaching into EVP_PKEY.
Straightforward conversion to the OpenSSL 1.1 API as a step towards
making EVP_PKEY opaque. EVP_PKEY_get0_RSA() can't fail if we know
that the pkey type is RSA.
ok sthen
tobhe [Fri, 19 Nov 2021 21:16:25 +0000 (21:16 +0000)]
Check stdrup() return value.
tb [Fri, 19 Nov 2021 18:53:10 +0000 (18:53 +0000)]
libssl: don't reach for pkey->save_type.
For some strange historical reason ECDSA_sign() and ECDSA_verify}() have
a type argument that they ignore. For another strange historical reason,
the type passed to them from libssl is pkey->save_type, which is used to
avoid expensive engine lookups when setting the pkey type... Whatever the
aforementioned reasons were, we can't access pkey->save_type with the
OpenSSL 1.1 API, and this is thus in the way of making EVP_PKEY opaque.
Simply pass in 0 instead.
ok jsing
deraadt [Fri, 19 Nov 2021 18:11:35 +0000 (18:11 +0000)]
sync
schwarze [Fri, 19 Nov 2021 17:42:22 +0000 (17:42 +0000)]
Mark the X509_VERIFY_PARAM_ID variable type as intentionally
undocumented. It is an opaque struct used only internally, as a
sub-object of the public X509_VERIFY_PARAM type. All related API
functions take X509_VERIFY_PARAM arguments, so X509_VERIFY_PARAM_ID
is of no interest to the user.
schwarze [Fri, 19 Nov 2021 17:29:17 +0000 (17:29 +0000)]
Make function prototype parsing a bit stricter,
reducing the risk of accidental misparsing:
Require whitespace after the function return type (before the
asterisk indicating that the function returns a pointer, if any)
and do not accept whitespace between the function name and the
opening parenthesis of the parameter list. These changes are not
a problem because we want that style for KNF reasons anyway.
mvs [Fri, 19 Nov 2021 17:14:38 +0000 (17:14 +0000)]
Add and enable the new 'undgram_conclose' test which tries to kill the
datagram socket connected to the dying socket while it cleaning it's
list of connected sockets. Incorrect handling of this case could produce
kernel crash.
ok bluhm@
mvs [Fri, 19 Nov 2021 17:07:10 +0000 (17:07 +0000)]
Add and enable new 'unsendrecvthr' test which performs multithreaded
writes on unix(4) sockets. The receiver should be sure no data corruption
or loss.
ok bluhm@
florian [Fri, 19 Nov 2021 16:49:32 +0000 (16:49 +0000)]
Sync to unbound to allow interface names as scope-id in IPv6
link-local addresses. With this dns proposals from slaacd with
link-local addresses from slaacd(8) are wroking.
Requested by & OK kn
florian [Fri, 19 Nov 2021 16:42:01 +0000 (16:42 +0000)]
Allow interface names as scope-id in IPv6 link-local addresses.
For example, this makes
forward-zone:
name: "."
forward-addr: fe80::20d:b9ff:fe46:c7f4%vio0
forward-first: yes
work instead of using fe80::20d:b9ff:fe46:c7f4%1 for the forward-addr.
This has been submitted upstream.
sthen@ is fine with carrying this as a local diff.
Requested by & OK kn
schwarze [Fri, 19 Nov 2021 16:35:10 +0000 (16:35 +0000)]
minor KNF improvement, changing only whitespace, no code change:
say: return_type *function_name(args);
not: return_type* function_name (args);
OK tb@
schwarze [Fri, 19 Nov 2021 16:00:54 +0000 (16:00 +0000)]
new manual page ASN1_BIT_STRING_num_asc(3)
documenting the three functions using the BIT_STRING_BITNAME structure
kettenis [Fri, 19 Nov 2021 15:58:36 +0000 (15:58 +0000)]
Make futexes work in shared anonymous memory.
ok mpi@
schwarze [Fri, 19 Nov 2021 15:50:46 +0000 (15:50 +0000)]
add two missing .Dv macros;
markup bug found with regress/lib/libcrypto/man/check_complete.pl
stsp [Fri, 19 Nov 2021 13:05:19 +0000 (13:05 +0000)]
Fix monitor mode on iwm(4) and iwx(4).
Set sc->ns_nstate when bypassing the driver's newstate handler while
bringing the interface down.
Otherwise, if the interface was already running, the INIT->RUN transition
which kicks off monitor mode will appear as a RUN->RUN transition to the
driver's newstate handler, and the handler will do nothing.
Monitor mode did not work as a result.
schwarze [Fri, 19 Nov 2021 09:58:41 +0000 (09:58 +0000)]
Make the public API function a2i_ASN1_STRING(3) actually work.
It contained two bugs:
1. If an input line ended in a backslash requesting line continuation,
there was duplicate code for removing that backslash, erroneously
removing another byte from the input and often causing the function
to return failure instead of correctly parsing valid input.
2. According to a comment in the source code, the former big "for"
loop was intended to "clear all the crap off the end of the line",
but actually, if there were multiple characters on the line that
were not hexadecimal digits, only the last of those and everything
following it was deleted, while all the earlier ones remained.
Besides, code further down clearly intends to error out when there
are invalid characters, which makes no sense if earlier code already
deletes such characters. Hence the comment did not only contradict
the code above it - but contradicted the code below it, too.
Resolve these contradiction in favour of stricter parsing:
No longer skip invalid characters but always error out
when any are found.
OK & "Unbelievable" tb@
job [Fri, 19 Nov 2021 09:47:30 +0000 (09:47 +0000)]
Fix typo
schwarze [Fri, 19 Nov 2021 09:15:35 +0000 (09:15 +0000)]
Very quick and dirty script to help me check that the symbols
in one of the public openssl/ header files are all documented.
Before attempting to read this code, make sure that you are
fully vaccinated against leaning toothpick syndrome.
Example usage:
./check_complete.pl x509_vfy
./check_complete.pl -v x509 | less
Intentionally not linked to the build.
jsing@ agrees with the general direction.
dlg [Fri, 19 Nov 2021 07:58:34 +0000 (07:58 +0000)]
whitespace tweaks. no functional change.
a lot more knf could be sprinkled in this file...
dlg [Fri, 19 Nov 2021 07:56:53 +0000 (07:56 +0000)]
let CH340 chips keep working in 8N1 mode.
they get confused if you try to configure them and don't work at
all otherwise. CH341 seems fine otherwise.
from miod
tested by me and Felix Kronlage-Dam
schwarze [Fri, 19 Nov 2021 07:49:27 +0000 (07:49 +0000)]
As long as X509_OBJECT_free_contents(3) is a public API function,
make sure it fully re-initializes the object rather than leaving
behind a stale pointer and a stale type in the object.
The old behaviour was dangerous because X509_OBJECT_get_type(3)
would then return the stale type to the user and one of
X509_OBJECT_get0_X509(3) or X509_OBJECT_get0_X509_CRL(3) would
then return the stale pointer to the user, provoking a use-after-free
bug in the application program. Having these functions return
X509_LU_NONE and NULL is better because those are the documented
return values for these functions when the object is empty.
OK tb@
guenther [Fri, 19 Nov 2021 04:00:53 +0000 (04:00 +0000)]
Correct the CPUID() and CPUID_LEAF() macros to not include a trailing
semicolon
ok deraadt@
jsg [Fri, 19 Nov 2021 03:22:29 +0000 (03:22 +0000)]
drm/plane-helper: fix uninitialized variable reference
From Alex Xu
2e548581fe5b48730d814916bd6bb8f8d8b5375a in linux 5.10.y/5.10.80
7be28bd73f23e53d6e7f5fe891ba9503fc0c7210 in mainline linux
jsg [Fri, 19 Nov 2021 03:19:13 +0000 (03:19 +0000)]
drm/amdgpu/gmc6: fix DMA mask from 44 to 40 bits
From Alex Deucher
ae1f588ca1b0c9e2f82c14479e408759a786f701 in linux 5.10.y/5.10.80
403475be6d8b122c3e6b8a47e075926d7299e5ef in mainline linux