openbsd
3 years agoremove netbsd specific LIBRARY section; ok jca
jmc [Fri, 11 Jun 2021 19:36:00 +0000 (19:36 +0000)]
remove netbsd specific LIBRARY section; ok jca

3 years agoOnly use SSL_AD_* internally.
jsing [Fri, 11 Jun 2021 17:29:48 +0000 (17:29 +0000)]
Only use SSL_AD_* internally.

Due to hysterical raisins there are three different types of defines for
alerts. SSL3_AD_* are from SSLv3, TLS1_AD_* are from TLSv1.0 onwards and
SSL_AD_* currently map to either an SSL3_AD_* or TLS1_AD_* define.

Currently, all three of these are used in various places - switch to using
just SSL_AD_* values internally, as a first step in cleaning this up.

ok tb@

3 years agosetitimer(2): don't round up it_value
cheloha [Fri, 11 Jun 2021 16:36:34 +0000 (16:36 +0000)]
setitimer(2): don't round up it_value

We can reduce latency for the first expiration of a timer if we don't
round it_value up to the minimum interval (1 tick).

While we're at it, we may as well consolidate all input validation and
adjustment into a single itimerfix() call.  There are no other callers
in the kernel (nor should there be), so remove the prototype from
sys/time.h.

Discussion: https://marc.info/?l=openbsd-tech&m=162084338005502&w=2

Tested by weerd@ and claudio@.

probably ok claudio@

3 years agoAdd local functions edit() and setpid().
krw [Fri, 11 Jun 2021 16:22:46 +0000 (16:22 +0000)]
Add local functions edit() and setpid().

Reduce Xedit()/Xsetpid() to parsing the partition number and
invoking [g]edit()/[g]setpid() appropriately.

No intentional functional change.

3 years agorecognise ALC897
jsg [Fri, 11 Jun 2021 15:50:43 +0000 (15:50 +0000)]
recognise ALC897

3 years agoenable snooping on Z590 HDA
jsg [Fri, 11 Jun 2021 15:46:09 +0000 (15:46 +0000)]
enable snooping on Z590 HDA

from Ashton Fagg

3 years agoregen
jsg [Fri, 11 Jun 2021 15:43:22 +0000 (15:43 +0000)]
regen

3 years agoadd a HDA device found in a Z590 machine
jsg [Fri, 11 Jun 2021 15:42:36 +0000 (15:42 +0000)]
add a HDA device found in a Z590 machine

from Ashton Fagg

3 years agoadd AES-GCM constants from RFC 7714 for SRTP
landry [Fri, 11 Jun 2021 15:28:13 +0000 (15:28 +0000)]
add AES-GCM constants from RFC 7714 for SRTP

SRTP_AEAD_AES_128_GCM/SRTP_AEAD_AES_256_GCM can be used as DTLS-SRTP
protection profiles - seen with an update of telephony/baresip i'm
working on.

adapted from openssl commit 43e5faa2539ae8aae6ef55be2239b9b1a77fea45

ok tb@ jsing@

3 years agoTake a bit more obvious care in gedit() to restore original
krw [Fri, 11 Jun 2021 14:02:22 +0000 (14:02 +0000)]
Take a bit more obvious care in gedit() to restore original
partition information when one of the modification steps (e.g.
setting the partition type via gsetpid()) fails.

3 years agoRevert previous change in ikev2_cp_fixaddr().
tobhe [Fri, 11 Jun 2021 13:11:20 +0000 (13:11 +0000)]
Revert previous change in ikev2_cp_fixaddr().
Fixes a regression found by landry@.

ok patrick@

3 years agoDrop received packets unless IFF_RUNNING is set. When hvn(4) attaches
patrick [Fri, 11 Jun 2021 12:47:15 +0000 (12:47 +0000)]
Drop received packets unless IFF_RUNNING is set.  When hvn(4) attaches
it sends commands and waits for replies to come back in.  The receive
pipe seems to contain both command completions and data packets.  When
waiting for command completion during hvn(4) attach, it's possible for
packets to show up as well.  We shouldn't call if_input() if hvn(4) is
not set up, so drop them when we're not running.

ok mikeb@

3 years agoStore the device tree node in the pcitag_t like we do on powerpc64 andi
kettenis [Fri, 11 Jun 2021 12:23:52 +0000 (12:23 +0000)]
Store the device tree node in the pcitag_t like we do on powerpc64 andi
sparc64.  For now, do this only for aplpcie(4) as we only need this
functionality for Apple Silicon systems.

ok patrick@

3 years agosync cert.pem with Mozilla's CA list generated from certdata.txt
sthen [Fri, 11 Jun 2021 11:40:35 +0000 (11:40 +0000)]
sync cert.pem with Mozilla's CA list generated from certdata.txt
(certificates with the "server auth" trust purpose permitted).
ok tb@

-AC Camerfirma S.A.
-  /C=EU/L=Madrid (see current address at www.camerfirma.com/address)/serialNumber=A82743287/O=AC Camerfirma S.A./CN=Chambers of Commerce Root - 2008
-  /C=EU/L=Madrid (see current address at www.camerfirma.com/address)/serialNumber=A82743287/O=AC Camerfirma S.A./CN=Global Chambersign Root - 2008
-

 FNMT-RCM
   /C=ES/O=FNMT-RCM/OU=AC RAIZ FNMT-RCM
+  /C=ES/O=FNMT-RCM/OU=Ceres/2.5.4.97=VATES-Q2826004J/CN=AC RAIZ FNMT-RCM SERVIDORES SEGUROS

-GeoTrust Inc.
-  /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
-  /C=US/O=GeoTrust Inc./OU=(c) 2007 GeoTrust Inc. - For authorized use only/CN=GeoTrust Primary Certification Authority - G2
-

 GlobalSign nv-sa
+  /C=BE/O=GlobalSign nv-sa/CN=GlobalSign Root E46
+  /C=BE/O=GlobalSign nv-sa/CN=GlobalSign Root R46
   /C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA

 Staat der Nederlanden
   /C=NL/O=Staat der Nederlanden/CN=Staat der Nederlanden EV Root CA
-  /C=NL/O=Staat der Nederlanden/CN=Staat der Nederlanden Root CA - G3

 Unizeto Technologies S.A.
   /C=PL/O=Unizeto Technologies S.A./OU=Certum Certification Authority/CN=Certum Trusted Network CA
+  /C=PL/O=Unizeto Technologies S.A./OU=Certum Certification Authority/CN=Certum Trusted Network CA 2
-
-VeriSign, Inc.
-  /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2008 VeriSign, Inc. - For authorized use only/CN=VeriSign Universal Root Certification Authority

(Note, "Staat der Nederlanden Root CA - G3" was changed to email trust only,
so is removed from this due to it only listing "server auth" purposes).

3 years agoSSL3_AD_ILLEGAL_PARAMETER is not a valid SSLerror() reason code.
jsing [Fri, 11 Jun 2021 11:29:44 +0000 (11:29 +0000)]
SSL3_AD_ILLEGAL_PARAMETER is not a valid SSLerror() reason code.

Use SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER instead.

ok tb@

3 years agoIndent all labels with a single space.
jsing [Fri, 11 Jun 2021 11:13:53 +0000 (11:13 +0000)]
Indent all labels with a single space.

This ensures that diff reports the correct function prototype.

Prompted by tb@

3 years agoAdjust futex regress test since futex(2) now returns -1 on error and sets
kettenis [Fri, 11 Jun 2021 10:30:36 +0000 (10:30 +0000)]
Adjust futex regress test since futex(2) now returns -1 on error and sets
errno like any normal syscall.

ok mpi@, bluhm@

3 years agoSince futex(2) can fail, it needs a full syscall stub. This should fixes
kettenis [Fri, 11 Jun 2021 10:29:33 +0000 (10:29 +0000)]
Since futex(2) can fail, it needs a full syscall stub.  This should fixes
issues on powerpc64 and sparc64.

Note that this makes the lib/libpthread/errno test fail since that test
detects that we are touching errno now.  This will be addressed in a
future diff as it is not entirely clear whether the test is correct.

ok mpi@, bluhm@

3 years agolimit workaround for AMD errata 400 to family 0fh and 10h
jsg [Fri, 11 Jun 2021 05:33:16 +0000 (05:33 +0000)]
limit workaround for AMD errata 400 to family 0fh and 10h

AMD errata 400
"APIC Timer Interrupt Does Not Occur in Processor C-States"
is only mentioned in the revision guides for family 0fh and 10h
but we were checking for and disabling C1E on >= family 0fh.

Since family 16h all the bits of the Interrupt Pending MSR the
workaround uses are documented as read as zero.  So this didn't cause
any problems on real hardware but did on EPYC based AWS t3a instances
according to Ilya Voronin who sent an initial patch to not attempt the
workaround on family 17h.

Tested on non-virtualised EPYC 7702P 17-31-00 by Hrvoje Popovski and
Ryzen 5 2600X 17-08-02 by myself.
ok mlarkin@

3 years agoSort ID->pledge name translation in the same order as the manual page
deraadt [Fri, 11 Jun 2021 04:44:25 +0000 (04:44 +0000)]
Sort ID->pledge name translation in the same order as the manual page
(which are idiomatically sorted rather than numerically), so that ps(1)
"-o pledge" is easier to understand.
from Josh Rickmar
ok semarie kn dv

3 years agoRemember to lock kqueue mutex in filt_timermodify().
visa [Fri, 11 Jun 2021 04:29:54 +0000 (04:29 +0000)]
Remember to lock kqueue mutex in filt_timermodify().

Reported-by: syzbot+c2aba7645a218ce03027@syzkaller.appspotmail.com
3 years agoNo need to parse partition number more than necessary. Just pass
krw [Fri, 11 Jun 2021 00:14:50 +0000 (00:14 +0000)]
No need to parse partition number more than necessary. Just pass
a parsed number to the helper functions gedit() and gsetpid().

No functional change.

3 years agoMinor mandoc -Tlint fixes
jca [Thu, 10 Jun 2021 23:44:28 +0000 (23:44 +0000)]
Minor mandoc -Tlint fixes

ok mortimer@

3 years agoIndentation
jca [Thu, 10 Jun 2021 23:44:05 +0000 (23:44 +0000)]
Indentation

ok mortimer@

3 years agoNo RCS IDs in shlib_version files
jca [Thu, 10 Jun 2021 23:43:45 +0000 (23:43 +0000)]
No RCS IDs in shlib_version files

ok mortimer@

3 years agoMove libexecinfo regress tests under regress/gnu/lib
jca [Thu, 10 Jun 2021 23:40:46 +0000 (23:40 +0000)]
Move libexecinfo regress tests under regress/gnu/lib

Discussed with mortimer@ and bluhm@

3 years agoAnother hand rolled partition number parsing bites the dust.
krw [Thu, 10 Jun 2021 22:27:37 +0000 (22:27 +0000)]
Another hand rolled partition number parsing bites the dust.

3 years agoOops. Forgot to commit the version bump.
krw [Thu, 10 Jun 2021 22:17:58 +0000 (22:17 +0000)]
Oops. Forgot to commit the version bump.

3 years agoMissed an occurance of hand rolled partition number parsing.
krw [Thu, 10 Jun 2021 21:28:43 +0000 (21:28 +0000)]
Missed an occurance of hand rolled partition number parsing.

No intentional funtional change.

3 years agoFix readrec's definition of a record
millert [Thu, 10 Jun 2021 21:01:43 +0000 (21:01 +0000)]
Fix readrec's definition of a record
It is not sufficient to check for the EOF flag on a stream.
From https://github.com/onetrueawk/awk/pull/117

3 years agovmctl(8)/vmd(8): communicate TERMINATE_VM_EVENT imsgs on vm stop.
dv [Thu, 10 Jun 2021 19:50:05 +0000 (19:50 +0000)]
vmctl(8)/vmd(8): communicate TERMINATE_VM_EVENT imsgs on vm stop.

Instead of translating imsg types, update vmclt(8) to handle receiving
IMSG_VMDOP_TERMINATE_VM_EVENT messages on vm termination.

This finishes the work previously committed for supporting multiple
waiters or the cancellation of a client waiting on a vm shutdown.
vmd no longer needs to translate an IMSG_VMDOP_TERMINATE_VM_RESPONSE
into an *_EVENT.

ok mlarkin@

3 years agoAbstract repeated parsing of partition numbers into parsepn() to
krw [Thu, 10 Jun 2021 18:41:52 +0000 (18:41 +0000)]
Abstract repeated parsing of partition numbers into parsepn() to
simplify the code.

No intentional funtional change.

3 years agoSync efid_io() with the recent improvements kettenis@ made to
krw [Thu, 10 Jun 2021 18:06:35 +0000 (18:06 +0000)]
Sync efid_io() with the recent improvements kettenis@ made to
arm64 efid_io().

ok kettenis@

3 years agoSync efid_io() with the recent improvements kettenis@ made to
krw [Thu, 10 Jun 2021 18:05:20 +0000 (18:05 +0000)]
Sync efid_io() with the recent improvements kettenis@ made to
arm64 efid_io().

ok kettenis@

3 years agoLocal functions don't need to be in .h files, nor do they need the
krw [Thu, 10 Jun 2021 16:09:17 +0000 (16:09 +0000)]
Local functions don't need to be in .h files, nor do they need the
all caps prefixes.

No functional change.

3 years agoShift zeroing of gpt header and partition table to top of
krw [Thu, 10 Jun 2021 15:30:49 +0000 (15:30 +0000)]
Shift zeroing of gpt header and partition table to top of
MBR_init() from middle of MBR partition flag tweaking.

No functional change.

3 years agoToss in 'const' for the parameters to string_to_utf16le() and
krw [Thu, 10 Jun 2021 15:21:19 +0000 (15:21 +0000)]
Toss in 'const' for the parameters to string_to_utf16le() and
utf16le_to_string().

No functional change.

3 years agoSerialize internals of kqueue with a mutex
visa [Thu, 10 Jun 2021 15:10:56 +0000 (15:10 +0000)]
Serialize internals of kqueue with a mutex

Extend struct kqueue with a mutex and use it to serializes the internals
of each kqueue instance. This should make possible to call kqueue's
system call interface without the kernel lock. The event source facing
side of kqueue should now be MP-safe, too, as long as the event source
itself is MP-safe.

msleep() with PCATCH still requires the kernel lock. To manage with
this, kqueue_scan() locks the kernel temporarily for the section that
may sleep.

As a consequence of the kqueue mutex, knote_acquire() can lose a wakeup
when klist_invalidate() calls it. To preserve proper nesting of mutexes,
knote_acquire() has to release the kqueue mutex before it unlocks klist.
This early unlocking of the mutex lets badly timed wakeups go unnoticed.
However, the system should not hang because the sleep has a timeout.

Tested by gnezdo@ and mpi@

OK mpi@

3 years ago'i' is a silly name for a daddr_t variable, and could be needed
krw [Thu, 10 Jun 2021 15:09:16 +0000 (15:09 +0000)]
'i' is a silly name for a daddr_t variable, and could be needed
for a future 'for'. Use 'daddr' instead.

No functional change.

3 years agoRename vars 'oldpart' to 'oldgg' when storing 'gg' value, and
krw [Thu, 10 Jun 2021 15:01:34 +0000 (15:01 +0000)]
Rename vars 'oldpart' to 'oldgg' when storing 'gg' value, and
'oldpp' when storing 'pp' value.

A bit easier to read. No functional change.

3 years agoNuke extraneous blank line.
krw [Thu, 10 Jun 2021 14:53:27 +0000 (14:53 +0000)]
Nuke extraneous blank line.

3 years agoDon't skip mouse attachment if an otherwise qualified report doesn't
jcs [Thu, 10 Jun 2021 13:34:37 +0000 (13:34 +0000)]
Don't skip mouse attachment if an otherwise qualified report doesn't
include X and Y usages.

Some devices put the buttons on one report and X/Y on another, which
was causing us to ignore button data.  This change will cause
attachment of two mouse devices in this case, but wsmux and X's
handling of input devices will make this transparent.

A future change should use [IU]HIDEV_CLAIM_MULTIPLE_REPORTID and
attach just one [iu]ms device that claims multiple reports and gets
X/Y and button data from whichever report it needs to.  But the
future is not today.

ok gnezdo

3 years agoprovide an Xr for backtrace; ok mortimer
jmc [Thu, 10 Jun 2021 13:13:38 +0000 (13:13 +0000)]
provide an Xr for backtrace; ok mortimer

3 years agofix some formatting errors;
jmc [Thu, 10 Jun 2021 13:12:31 +0000 (13:12 +0000)]
fix some formatting errors;

3 years agoPrevent interleaved stack traces in ddb from multiple CPUs. Check
bluhm [Thu, 10 Jun 2021 12:33:48 +0000 (12:33 +0000)]
Prevent interleaved stack traces in ddb from multiple CPUs.  Check
atomically which CPU is currently tracing.
OK cheloha@

3 years agoUse $SUDO when reading sshd's pidfile here too.
dtucker [Thu, 10 Jun 2021 09:46:28 +0000 (09:46 +0000)]
Use $SUDO when reading sshd's pidfile here too.

3 years agoUse $SUDO when reading sshd's pidfile in case it was created with a very
dtucker [Thu, 10 Jun 2021 09:43:51 +0000 (09:43 +0000)]
Use $SUDO when reading sshd's pidfile in case it was created with a very
restrictive umask.  This resyncs with -portable.

3 years agoSet umask when creating hostkeys to prevent excessive permissions warning.
dtucker [Thu, 10 Jun 2021 09:37:59 +0000 (09:37 +0000)]
Set umask when creating hostkeys to prevent excessive permissions warning.

3 years agoDo not clear region based on current cursor position, this is not
nicm [Thu, 10 Jun 2021 07:59:31 +0000 (07:59 +0000)]
Do not clear region based on current cursor position, this is not
necessary anymore and causes problems, GitHub issue 2735.

3 years agoFeature for the mouse since FreeBSD termcap does not have kmous.
nicm [Thu, 10 Jun 2021 07:59:08 +0000 (07:59 +0000)]
Feature for the mouse since FreeBSD termcap does not have kmous.

3 years agoFix rectangle selection, from Anindya Mukherjee, GitHub issue 2709.
nicm [Thu, 10 Jun 2021 07:58:42 +0000 (07:58 +0000)]
Fix rectangle selection, from Anindya Mukherjee, GitHub issue 2709.

3 years agoBump FORMAT_LOOOP_LIMIT and add a log message when hit, GitHub issue 2715.
nicm [Thu, 10 Jun 2021 07:58:08 +0000 (07:58 +0000)]
Bump FORMAT_LOOOP_LIMIT and add a log message when hit, GitHub issue 2715.

3 years agoFix <= operator.
nicm [Thu, 10 Jun 2021 07:57:06 +0000 (07:57 +0000)]
Fix <= operator.

3 years agoMore accurate vi(1) word navigation in copy mode and on the status line.
nicm [Thu, 10 Jun 2021 07:56:47 +0000 (07:56 +0000)]
More accurate vi(1) word navigation in copy mode and on the status line.
This changes the meaning of the word-separators option - setting it to
the empty string is equivalent to the previous behavior. From Will Noble
in GitHub issue 2693.

3 years agoDo not use NULL client when source-file finishes, GitHub issue 2707.
nicm [Thu, 10 Jun 2021 07:53:19 +0000 (07:53 +0000)]
Do not use NULL client when source-file finishes, GitHub issue 2707.

3 years agoAdd -F for command-prompt and use it to fix "Rename" on the window menu,
nicm [Thu, 10 Jun 2021 07:52:56 +0000 (07:52 +0000)]
Add -F for command-prompt and use it to fix "Rename" on the window menu,
GitHub issue 2699.

3 years agoDo not expand the file given with -f so it can contain :s.
nicm [Thu, 10 Jun 2021 07:52:29 +0000 (07:52 +0000)]
Do not expand the file given with -f so it can contain :s.

3 years agoRemove old shift function keys which interfere with xterm keys now.
nicm [Thu, 10 Jun 2021 07:52:07 +0000 (07:52 +0000)]
Remove old shift function keys which interfere with xterm keys now.
GitHub issue 2696.

3 years agoFire check callback after cleaning up event so it does not get stuck,
nicm [Thu, 10 Jun 2021 07:51:43 +0000 (07:51 +0000)]
Fire check callback after cleaning up event so it does not get stuck,
from Jeongho Jang in GitHub issue 2695.

3 years agoAdd different command historys for different types of prompts
nicm [Thu, 10 Jun 2021 07:50:03 +0000 (07:50 +0000)]
Add different command historys for different types of prompts
("command", "search" etc). From Anindya Mukherjee.

3 years agoFix warnings, from Jan Tache in GitHub issue 2692.
nicm [Thu, 10 Jun 2021 07:45:43 +0000 (07:45 +0000)]
Fix warnings, from Jan Tache in GitHub issue 2692.

3 years agoImprove logging of screen mode changes.
nicm [Thu, 10 Jun 2021 07:43:44 +0000 (07:43 +0000)]
Improve logging of screen mode changes.

3 years agoMove "special" keys into the Unicode PUA rather than making them top bit
nicm [Thu, 10 Jun 2021 07:38:28 +0000 (07:38 +0000)]
Move "special" keys into the Unicode PUA rather than making them top bit
set, some compilers do not allow enums that are larger than int. GitHub
issue 2673.

3 years agoChange cursor style handling so tmux understands which sequences contain
nicm [Thu, 10 Jun 2021 07:36:47 +0000 (07:36 +0000)]
Change cursor style handling so tmux understands which sequences contain
blinking and sets the flag appropriately, means that it works whether
cnorm disables blinking or not. GitHub issue 2682.

3 years agoChange resize timers and flags into one timer and a queue which is
nicm [Thu, 10 Jun 2021 07:33:41 +0000 (07:33 +0000)]
Change resize timers and flags into one timer and a queue which is
simpler and fixes problems with vim when resized multiple times. GitHub
issue 2677.

3 years agoDo not count client (and crash) if no window.
nicm [Thu, 10 Jun 2021 07:29:45 +0000 (07:29 +0000)]
Do not count client (and crash) if no window.

3 years agoThree changes to fix problems with xterm in VT340 mode, reported by
nicm [Thu, 10 Jun 2021 07:28:45 +0000 (07:28 +0000)]
Three changes to fix problems with xterm in VT340 mode, reported by
Thomas Sattler.

1) Do not include the DECSLRM or DECFRA features for xterm; they will be
   added instead if secondary DA responds as VT420 (this happens
   already).

2) Set or reset the individual flags after terminal-overrides is
   applied, so the user can properly disable them.

3) Add a capability for DECFRA ("Rect").

3 years agoInclude current client in size calculation for new sessions, GitHub
nicm [Thu, 10 Jun 2021 07:24:45 +0000 (07:24 +0000)]
Include current client in size calculation for new sessions, GitHub
issue 2662.

3 years agoAdd an "always" value to the extended-keys option to always forward
nicm [Thu, 10 Jun 2021 07:24:10 +0000 (07:24 +0000)]
Add an "always" value to the extended-keys option to always forward
these keys to applications inside tmux.

3 years agoback-to-indentation fixes, from Anindya Mukherjee.
nicm [Thu, 10 Jun 2021 07:22:37 +0000 (07:22 +0000)]
back-to-indentation fixes, from Anindya Mukherjee.

3 years agoFix display-menu -xR, from Alexis Hildebrandt.
nicm [Thu, 10 Jun 2021 07:22:06 +0000 (07:22 +0000)]
Fix display-menu -xR, from Alexis Hildebrandt.

3 years agoAdjust latest client when a client detaches, GitHub issue 2657.
nicm [Thu, 10 Jun 2021 07:21:46 +0000 (07:21 +0000)]
Adjust latest client when a client detaches, GitHub issue 2657.

3 years agoAdd another couple of keys needed for extended keys, GitHub issue 2658.
nicm [Thu, 10 Jun 2021 07:21:09 +0000 (07:21 +0000)]
Add another couple of keys needed for extended keys, GitHub issue 2658.

Handle modifier 9 as Meta, GitHub issue 2647.

3 years agoAdd Spleen 12x24 and 16x32 on amd64's RAMDISK_CD and arm64 RAMDISK kernels.
fcambus [Thu, 10 Jun 2021 06:54:42 +0000 (06:54 +0000)]
Add Spleen 12x24 and 16x32 on amd64's RAMDISK_CD and arm64 RAMDISK kernels.

The size of kernel fonts in RAMDISKs had long been a problem on systems
with large screen resolutions booting via EFI, as previously only the 8x16
font was built into RAMDISKs. As those systems are becoming more common,
this should make the installation and update process more comfortable.

OK deraadt@, jcs@

3 years agoBump pkg-config version to 1.8.0 to match portable package version
ratchov [Thu, 10 Jun 2021 05:02:50 +0000 (05:02 +0000)]
Bump pkg-config version to 1.8.0 to match portable package version

Suggested by brad@

3 years agorecognise Cortex-A510, Cortex-A710 and Cortex-X2
jsg [Thu, 10 Jun 2021 04:49:48 +0000 (04:49 +0000)]
recognise Cortex-A510, Cortex-A710 and Cortex-X2

3 years agoAdd regress test for SIGHUP restart while handling active and
dtucker [Thu, 10 Jun 2021 03:45:31 +0000 (03:45 +0000)]
Add regress test for SIGHUP restart while handling active and
unauthenticated clients.  Should catch anything similar to the
pselect bug just fixed in sshd.c.

3 years agoContinue accept loop when pselect returns -1, eg if it was interrupted
dtucker [Thu, 10 Jun 2021 03:14:14 +0000 (03:14 +0000)]
Continue accept loop when pselect returns -1, eg if it was interrupted
by a signal.  This should prevent the hang discovered by sthen@ wherein
sshd receives a SIGHUP while it has an unauthenticated child and goes
on to a blocking read on a notify_pipe.  feedback deraadt@, ok djm@

3 years agoRemove pledgenames() from OpenBSD::Pledge perl module
afresh1 [Wed, 9 Jun 2021 23:21:34 +0000 (23:21 +0000)]
Remove pledgenames() from OpenBSD::Pledge perl module

Pointed out by deraadt@, this is not what that that incomplete table is for.
While the code has been there for several years, I haven't found a use for it,
which is good because it would have been wrong.

While here, update my name.

3 years agoEnable MSI-X support for powerpc64.
kettenis [Wed, 9 Jun 2021 19:46:33 +0000 (19:46 +0000)]
Enable MSI-X support for powerpc64.

ok patrick@

3 years agoEnable libexecinfo.
mortimer [Wed, 9 Jun 2021 19:44:55 +0000 (19:44 +0000)]
Enable libexecinfo.

With some build plumbing help from jsg@

ok kettenis@ sthen@

3 years agoEnable libexecinfo regress.
mortimer [Wed, 9 Jun 2021 19:42:46 +0000 (19:42 +0000)]
Enable libexecinfo regress.

3 years agoAdd regress test for libexecinfo.
mortimer [Wed, 9 Jun 2021 19:39:15 +0000 (19:39 +0000)]
Add regress test for libexecinfo.

ok kettenis@ sthen@

3 years agoAdd libexecinfo.
mortimer [Wed, 9 Jun 2021 19:37:43 +0000 (19:37 +0000)]
Add libexecinfo.

Based on NetBSD implementation, without the libelf dependency. Architectures
which have libunwind use libunwind, and others use a stub implementation
that does nothing since __builtin methods are unreliable.

Much feedback and help from jca@.

ok kettenis@ sthen@

3 years agounveil: small cleanup for UNVEIL_INSPECT
semarie [Wed, 9 Jun 2021 17:52:47 +0000 (17:52 +0000)]
unveil: small cleanup for UNVEIL_INSPECT

remove two leftover checks which were used when ni_unveil was used with UNVEIL_INSPECT.

it was used by:
- readlink(2) - removed 2019-08-31
- stat(2) and access(2) - removed 2019-03-24

ok claudio@

3 years agowhitespace tweak. no functional change.
dlg [Wed, 9 Jun 2021 03:24:54 +0000 (03:24 +0000)]
whitespace tweak. no functional change.

3 years agodon't fatally error on failing to map visible VRAM
jsg [Wed, 9 Jun 2021 02:56:45 +0000 (02:56 +0000)]
don't fatally error on failing to map visible VRAM

Mapping VRAM here is an optimisation only attempted on 64 bit archs,
there is a fallback path if it fails.

Reported and fix tested by Jerome Kasper on RX 5500 XT (Navi 14) who
mentioned the mapping error did not occur with 6.9-stable.

3 years agocleanup printf pattern to remove double 0x when printing pointer
dv [Tue, 8 Jun 2021 23:18:43 +0000 (23:18 +0000)]
cleanup printf pattern to remove double 0x when printing pointer

mlarkin: "sure"

3 years agotest that UserKnownHostsFile correctly accepts multiple arguments;
djm [Tue, 8 Jun 2021 22:30:27 +0000 (22:30 +0000)]
test that UserKnownHostsFile correctly accepts multiple arguments;
would have caught readconf.c r1.356 regression

3 years agofix regression in r1.356: for ssh_config options that accepted
djm [Tue, 8 Jun 2021 22:06:12 +0000 (22:06 +0000)]
fix regression in r1.356: for ssh_config options that accepted
multiple string arguments, ssh was only recording the first.
Reported by Lucas via bugs@

3 years agoSimplify tlsext_ecpf_parse()
tb [Tue, 8 Jun 2021 19:34:44 +0000 (19:34 +0000)]
Simplify tlsext_ecpf_parse()

The default alert in the tlsext parsing code is a decode_error, so
there's no need for an error path that only sets that alert.

suggested by/ok jsing

3 years agoRewrap a comment to avoid an overlong line
tb [Tue, 8 Jun 2021 18:13:50 +0000 (18:13 +0000)]
Rewrap a comment to avoid an overlong line

3 years agoIgnore the record version for early alerts
tb [Tue, 8 Jun 2021 18:05:47 +0000 (18:05 +0000)]
Ignore the record version for early alerts

On receiving the first flight from the peer, we do not yet know if
we are using TLSv1.3. In particular, we might get an alert record
with record version 0x0300 from a pre-TLSv1.2 peer in response to
our client hello. Ignore the record version instead of sending a
protocol version alert in that situtation. This may also be hit
when talking to a LibreSSL 3.3 server with an illegal SNI.

Part of an issue reported by danj.

ok jsing

3 years agoTLSv1.3 server: avoid sending alerts in legacy records
tb [Tue, 8 Jun 2021 17:41:52 +0000 (17:41 +0000)]
TLSv1.3 server: avoid sending alerts in legacy records

As soon as we know that we're dealing with a TLSv1.3 client, set
the legacy version in the record layer to 0x0303 so that we send
alerts with the correct record version.  Previously we would send
early alerts with a record version of 0x0300.

ok jsing

3 years agoAdjust alert for ECPF without uncompressed point format
tb [Tue, 8 Jun 2021 17:22:00 +0000 (17:22 +0000)]
Adjust alert for ECPF without uncompressed point format

According to RFC 8422, we must send an illegal_parameter alert on
receiving an ECPF extension that doesn't include the uncompressed
format, not a decode_error.

Reported via GitHub issue #675.

ok jsing

3 years agovmd(8): malicious dhcp packets on local ifs can cause stack overflows
dv [Tue, 8 Jun 2021 14:37:48 +0000 (14:37 +0000)]
vmd(8): malicious dhcp packets on local ifs can cause stack overflows

A sufficiently large dhcp packet can cause a stack overflow in vmd's
internal dhcp server used for providing ip addresses to local guest
interfaces. (This does not affect non-local interfaces.)

The primary changes drop larger packets and change the memory copying
logic to use a compile-time constant. The dhcp option processing
also additional prevention for out of bound reads.

While here, improve construction of the dhcp response's hostname
handling to guard against overflowing the response dhcp options.

Vulnerability reported by Maxime Villard.

ok claudio@

3 years agoFix pkg-config .pc files with LibreSSL
inoguchi [Tue, 8 Jun 2021 11:19:39 +0000 (11:19 +0000)]
Fix pkg-config .pc files with LibreSSL

In libssl.pc, Libs: should not have '-lcrypto', and Requires.private:
should have it as 'libcrypto'.
openssl.pc does not need Libs: and Cflags:, but should have Requires:.

OK millert@

3 years agotest argv_split() optional termination on comments
djm [Tue, 8 Jun 2021 07:40:12 +0000 (07:40 +0000)]
test argv_split() optional termination on comments

3 years agoswitch sshd_config parsing to argv_split()
djm [Tue, 8 Jun 2021 07:09:42 +0000 (07:09 +0000)]
switch sshd_config parsing to argv_split()

similar to the previous commit, this switches sshd_config parsing to
the newer tokeniser. Config parsing will be a little stricter wrt
quote correctness and directives appearing without arguments.

feedback and ok markus@

tested in snaps for the last five or so days - thanks Theo and those who
caught bugs

3 years agoSwitch ssh_config parsing to use argv_split()
djm [Tue, 8 Jun 2021 07:07:15 +0000 (07:07 +0000)]
Switch ssh_config parsing to use argv_split()

This fixes a couple of problems with the previous tokeniser,
strdelim()

1. strdelim() is permissive wrt accepting '=' characters. This is
   intended to allow it to tokenise "Option=value" but because it
   cannot keep state, it will incorrectly split "Opt=val=val2".
2. strdelim() has rudimentry handling of quoted strings, but it
   is incomplete and inconsistent. E.g. it doesn't handle escaped
   quotes inside a quoted string.
3. It has no support for stopping on a (unquoted) comment. Because
   of this readconf.c r1.343 added chopping of lines at '#', but
   this caused a regression because these characters may legitimately
   appear inside quoted strings.

The new tokeniser is stricter is a number of cases, including #1 above
but previously it was also possible for some directives to appear
without arguments. AFAIK these were nonsensical in all cases, and the
new tokeniser refuses to accept them.

The new code handles quotes much better, permitting quoted space as
well as escaped closing quotes. Finally, comment handling should be
fixed - the tokeniser will terminate only on unquoted # characters.

feedback & ok markus@

tested in snaps for the last five or so days - thanks Theo and those who
caught bugs