claudio [Tue, 10 Oct 2023 14:36:28 +0000 (14:36 +0000)]
When rewriting community_writebuf() the handling of non-transitive
ext-communities was put into the wrong place in the loop finding
start, end and number of communities to dump. As a result the end
pointer for regular communities can point at an ext-community and
with that the COMMUNITY attribute written includes unexpected extra
bytes. This in turn causes the peer to send a NOTIFICATION error
and to terminate the session.
Fix for -portable issue #64 reported by Pier Carlo Chiodi (pierky)
OK tb@
tb [Tue, 10 Oct 2023 13:59:47 +0000 (13:59 +0000)]
Improve X509_ALGOR_new(3) documentation
The previous wording was misleading since the result of X509_ALGOR_new()
is not actually an empty X509_ALGOR object. Rather, it contains the
undefined ASN1_OBJECT returned by OBJ_nid2obj(NID_undef). Therefore using
X509_ALGOR_get0(3) for error checking X509_ALGOR_set_md() is not trivial.
So: change the initial paragraph into a general intro referring to the
OpenSSL API needed to interface with X509_ALGOR and write a new paragraph
documenting X509_ALGOR_new(3) and drop the incorrect suggestion of an error
check. Notably there's now a reference to the OBJ_nid2obj() family without
which one cannot really use X509_ALGOR_* for anything at all.
With and ok schwarze
bluhm [Tue, 10 Oct 2023 11:25:31 +0000 (11:25 +0000)]
Remove dead code in pf_pull_hdr().
pf_pull_hdr() allows to pass an action pointer parameter as output
value. This is never used, all callers pass a NULL argument. Remove
ACTION_SET() entirely.
The logic (fragoff >= len) in pf_pull_hdr() does not work since
revision 1.4. Before it was used to drop short TCP or UDP fragments
that contained only part of the header. Current code in pf_pull_hdr()
drops the packets anyway, so always set reason PFRES_FRAG.
OK kn@ sashan@
tb [Tue, 10 Oct 2023 09:48:06 +0000 (09:48 +0000)]
Fix format string warning in robots/score.c
tb [Tue, 10 Oct 2023 09:43:52 +0000 (09:43 +0000)]
Print a long with %ld instead of %d
tb [Tue, 10 Oct 2023 09:42:56 +0000 (09:42 +0000)]
Use vw_printw() and fix a format print warning.
tb [Tue, 10 Oct 2023 09:30:06 +0000 (09:30 +0000)]
Drop GCC_PRINTFLIKE() at function definition
This makes gcc throw a fit and having the attributes for the prototypes in
engine.h is enough.
ok claudio sthen
tb [Tue, 10 Oct 2023 09:27:03 +0000 (09:27 +0000)]
Fix a format warning about a non-literal string
ok claudio sthen
tb [Tue, 10 Oct 2023 08:22:19 +0000 (08:22 +0000)]
Print non-literal string with "%s"
Caught by printf format attribute for printw(3) in newer curses.
stsp [Tue, 10 Oct 2023 07:11:50 +0000 (07:11 +0000)]
Fiv the value written to dwqe(4) MAC_1US_TIC_CTR register.
The calculation of this value is supposed to involve a clock frequency
but we were using a clock ID in the range 0-7 instead.
ok kettenis, patrick
tb [Tue, 10 Oct 2023 06:49:54 +0000 (06:49 +0000)]
Garbage collect cipher_get_keyiv_len()
This is a compat20 leftover, unused since 2017.
ok djm
djm [Tue, 10 Oct 2023 03:57:45 +0000 (03:57 +0000)]
Reserve a range of "local extension" message numbers that OpenSSH promises
not to use (comment change only)
patrick [Mon, 9 Oct 2023 22:05:27 +0000 (22:05 +0000)]
Recognize GICv4 in the MADT and configure it as arm,gic-v3.
ok kettenis@
kettenis [Mon, 9 Oct 2023 21:49:34 +0000 (21:49 +0000)]
Handle an arbitrary number of D11 cores and only disable them instead of
doing a full reset. Based on a diff from Hector Martin for Asahi Linux.
ok patrick@, tobhe@
millert [Mon, 9 Oct 2023 20:55:32 +0000 (20:55 +0000)]
Add Message-Id as needed for messages received on the submission port.
Since listener->port is in network byte order we need to compare
against htons(587). The fix for this got dropped in the rewrite
in revision 1.335.
schwarze [Mon, 9 Oct 2023 19:32:51 +0000 (19:32 +0000)]
Mention that the strings are OS-specific.
In part based on input from deraadt@, OK millert@.
schwarze [Mon, 9 Oct 2023 19:28:42 +0000 (19:28 +0000)]
Document the OpenBSD-specific output format.
Feedback and OK millert, "more reasonable" deraadt@.
tb [Mon, 9 Oct 2023 16:59:55 +0000 (16:59 +0000)]
Use the usual text for X509_ALGOR_free()
tb [Mon, 9 Oct 2023 16:06:01 +0000 (16:06 +0000)]
Clarify that 'undefined type' means V_ASN1_UNDEF
tb [Mon, 9 Oct 2023 16:03:57 +0000 (16:03 +0000)]
Clarify documentation of X509_ALGOR_{set0,set_md}()
The X509_ALGOR_set0() and X509_ALGOR_set_md() documentation comes from
upstream, which means it is as sloppy as the code and as vague as your
average upstream manpage. Be precise on what X509_ALGOR_set0() does on
different inputs and document return values and failure modes.
X509_ALGOR_set_md() is a void function that calls X509_ALGOR_set0() in a
way that can fail, leaving alg in a corrupted state. Document when that
can occur and how to avoid or detect that, but do not go too far, because
EVP_MD_meth_new(), one potential source of failures, is a whole another
can of worms.
joint work with schwarze
tobhe [Mon, 9 Oct 2023 15:32:14 +0000 (15:32 +0000)]
Add pledge("stdio") before parsing pfkey messages. This applies to
ipsecctl -m and ipsecctl -s. Refactor ipsecctl_show_*() to setup all
sysctls first before dropping privileges and finally parsing and
printing IPsec SAs and flows.
feedback and ok mbuhl@
ok deraadt@
stsp [Mon, 9 Oct 2023 14:25:00 +0000 (14:25 +0000)]
allow dwqe.c to build on architectures that do not have machine/fdt.h
Move struct if_device to a new fdt-specific softc struct, along with
the gmac_id field which is only used by if_dwqe_fdt.c at present.
This avoids the need to include any fdt header files in dwqe.c.
ok kettenis@
espie [Mon, 9 Oct 2023 07:12:22 +0000 (07:12 +0000)]
placeholder for later feature
claudio [Mon, 9 Oct 2023 07:11:20 +0000 (07:11 +0000)]
Fix return value confusion of sa_cmp() by renaming the function sa_equal().
The code in get_alternate_addr() checked for sa_cmp() == 0 but actually
sa_cmp() returned 1 for equal addrs. So rename the function to sa_equal()
to make it clear that a true return value means equality.
Found by Asa Yeamans (enigma2e at rivin net)
OK tb@
espie [Mon, 9 Oct 2023 07:03:49 +0000 (07:03 +0000)]
simplify: all 3 mock-ups are strings that get eval'd, so do this properly.
jsg [Mon, 9 Oct 2023 02:37:14 +0000 (02:37 +0000)]
drm/amdkfd: Use gpu_offset for user queue's wptr
From YuBiao Wang
b60028c81e463b0930191a4fa2ba770ff6d40e3a in linux-6.1.y/6.1.56
cc39f9ccb82426e576734b493e1777ea01b144a8 in mainline linux
jsg [Mon, 9 Oct 2023 02:35:47 +0000 (02:35 +0000)]
drm/i915/gt: Fix reservation address in ggtt_reserve_guc_top
From Javier Pello
69dd84470b4deed45658f2717aef533ec4ceb43d in linux-6.1.y/6.1.56
b7599d241778d0b10cdf7a5c755aa7db9b83250c in mainline linux
jsg [Mon, 9 Oct 2023 02:33:44 +0000 (02:33 +0000)]
drm/amdgpu: Handle null atom context in VBIOS info ioctl
From David Francis
91b6845ef387ab9ae2c6f3f8d43655be955e444b in linux-6.1.y/6.1.56
5e7e82254270c8cf8b107451c5de01cee2f135ae in mainline linux
jsg [Mon, 9 Oct 2023 02:32:10 +0000 (02:32 +0000)]
drm/amdgpu/nbio4.3: set proper rmmio_remap.reg_offset for SR-IOV
From Alex Deucher
ad3c37f90bae3675bc686562f7e63511d1033cc0 in linux-6.1.y/6.1.56
ab43213e7afd08ac68d4282060bacf309e70fd14 in mainline linux
jsg [Mon, 9 Oct 2023 02:30:32 +0000 (02:30 +0000)]
drm/amdgpu/soc21: don't remap HDP registers for SR-IOV
From Alex Deucher
cca15a82790772c0303ae295f7153c4af0536ad1 in linux-6.1.y/6.1.56
1832403cd41ca6b19b24e9d64f79cb08d920ca44 in mainline linux
jsg [Mon, 9 Oct 2023 02:29:10 +0000 (02:29 +0000)]
drm/amd/display: Don't check registers, if using AUX BL control
From Swapnil Patel
b9971393d4c9be5eec3c6b30d9e312ba88c865ac in linux-6.1.y/6.1.56
f5b2c10b57615828b531bb0ae56bd6325a41167e in mainline linux
jsg [Mon, 9 Oct 2023 02:27:27 +0000 (02:27 +0000)]
drm/amdkfd: Insert missing TLB flush on GFX10 and later
From Harish Kasiviswanathan
cdfcaa4e80430003dbba1bdb86f9fde5480ddbe5 in linux-6.1.y/6.1.56
edcfe22985d09ee8e2346c9217f5a52ab150099f in mainline linux
jsg [Mon, 9 Oct 2023 02:25:37 +0000 (02:25 +0000)]
drm/amdkfd: Flush TLB after unmapping for GFX v9.4.3
From Philip Yang
9becfff9f91e350fd4d6f16e9f117f9227258fb0 in linux-6.1.y/6.1.56
75dda67c7213c3e0d17244a8c42547c27ee746f8 in mainline linux
jsg [Mon, 9 Oct 2023 02:23:51 +0000 (02:23 +0000)]
i915/pmu: Move execlist stats initialization to execlist specific setup
From Umesh Nerlige Ramappa
987a7f5311ba1fd4ccf3637c09e6424741aacd01 in linux-6.1.y/6.1.56
c524cd40e8a2a1a36f4898eaf2024beefeb815f3 in mainline linux
jsg [Mon, 9 Oct 2023 02:19:26 +0000 (02:19 +0000)]
add SZ_4G for 6.1.56 drm
jsg [Mon, 9 Oct 2023 02:15:40 +0000 (02:15 +0000)]
use shifts for size defines
cheloha [Sun, 8 Oct 2023 21:08:00 +0000 (21:08 +0000)]
clockintr: move intrclock wrappers from sys/clockintr.h to kern_clockintr.c
intrclock_rearm() and intrclock_trigger() are not part of the public
API, so there's no reason to implement them in sys/clockintr.h. Move
them to kern_clockintr.c.
deraadt [Sun, 8 Oct 2023 14:05:10 +0000 (14:05 +0000)]
move release a earlier. when we wait for security fixes from one piece
of software, another one will announce that we should wait for a security
fix. the only winning move is not to play.
espie [Sun, 8 Oct 2023 12:45:31 +0000 (12:45 +0000)]
subclass system libraries so we can give better diagnostic eventually
espie [Sun, 8 Oct 2023 12:44:58 +0000 (12:44 +0000)]
oops, those eval need to be STRINGS, otherwise the whole definition stuff
happens regardless.
Add a third one to only disregard base libraries
aoyama [Sun, 8 Oct 2023 10:40:23 +0000 (10:40 +0000)]
Add inclusion of "dev/hid/files.hid" and "dev/usb/files.usb".
Actually these devices are not supported on luna88k, but we need them
in order to create attribute header files (e.g. "ucom.h") required in
MI part recently.
Suggested by miod@, tested by me.
espie [Sun, 8 Oct 2023 09:17:27 +0000 (09:17 +0000)]
add another two regression testing parts. Use a simple framework that
allows me to redefine methods to not do a thing
(maybe this will migrate to its own file if it grows enough)
espie [Sun, 8 Oct 2023 09:16:39 +0000 (09:16 +0000)]
wrong prototype, it's called as an OO method
claudio [Sun, 8 Oct 2023 07:44:52 +0000 (07:44 +0000)]
Revert commitid: KtmyJEoS0WWxmlZ5
---
Protect interface queues with read once and mutex.
Reading atomic values need at least read once and writing values
should have a mutex. This is what mbuf queues already do. Add
READ_ONCE() to ifq and ifiq macros for len and empty. Convert
ifq_set_maxlen() to a function that grabs ifq_mtx.
OK mvs@
---
ifq_set_maxlen() is called before the ifq_mtx is initalized and this at
least crashes WITNESS kernels on boot.
Reported-by: syzbot+7b218ef53432b5d56d7d@syzkaller.appspotmail.com
espie [Sun, 8 Oct 2023 06:55:02 +0000 (06:55 +0000)]
plain forgot to save the values for regression testing
schwarze [Sat, 7 Oct 2023 21:26:29 +0000 (21:26 +0000)]
Include .EX/.EE in the MACRO OVERVIEW and improve its description.
It is supported by all major man(7) implementations that G. Branden
Robinson and myself are aware of, so calling it "non-portable" can
no longer be justified. Using it becomes increasingly more common,
so calling it "non-standard" is now misleading. It is certainly
useful and not deprecated.
While here, also remove the word "non-standard" from the descriptions
of several other macros because it is slightly confusing. A formal
standard for the man(7) language does not exist. Arguably, Version 7
AT&T UNIX used to be a de-facto standard, but its influence has been
waning for 40 years, and various features that Version 7 did not
support are now widely used.
schwarze [Sat, 7 Oct 2023 13:29:08 +0000 (13:29 +0000)]
Simplify the display() function by getting rid of a useless buffer
on the stack. No functional change, +8 -15 LOC.
Suggested by and OK millert@.
kn [Sat, 7 Oct 2023 12:20:10 +0000 (12:20 +0000)]
Retry on empty passphrase
They must not be empty, or else creation/unlock fails (and boot loaders
would not be able to abort and drop back to the boot> prompt).
[-p passfile] handles this with "invalid passphrase length", so align
the interactive prompt and retry there.
-s remains a one-shot whilst getting a better error message.
This is user friendlier and fixes the last installer "bug" on my list
wrt. disk encryption where hitting Enter twice at the passphrase prompt
would abort bioctl(8) and thus the installation.
OK deraadt
schwarze [Sat, 7 Oct 2023 11:51:08 +0000 (11:51 +0000)]
Improve horizontal alignment in long format when printing minor
device numbers greater than 999 by measuring the two widths needed
for device numbers just like it is already done for other numbers.
In the output, this only changes whitespace, but not the text.
Ugly formatting reported by
Crystal Kolipe <kolipe dot c at exoticsilicon dot com>.
OK millert. Also tested by Crystal Kolipe.
espie [Sat, 7 Oct 2023 09:11:26 +0000 (09:11 +0000)]
with firmware known, recognize that we couldn't find any update at all
and just say that instead of a dauntingly long list of packages
espie [Sat, 7 Oct 2023 09:10:03 +0000 (09:10 +0000)]
track firmware separately, since those will appear as uptodate for us
espie [Sat, 7 Oct 2023 09:09:07 +0000 (09:09 +0000)]
use more specific regression testing knob
millert [Fri, 6 Oct 2023 22:31:21 +0000 (22:31 +0000)]
Correctly reset the goto table for a state.
We cannot use set_gototab() to reset all the entries for a state,
it will leave existing entries as-is. Add a new reset_gototab()
function that zeroes the table entries for the specified state.
There is no need to reset the goto table immediately after
resize_state(), it is already initialized via calloc().
Fixes https://github.com/onetrueawk/awk/issues/199
millert [Fri, 6 Oct 2023 22:29:24 +0000 (22:29 +0000)]
Update awk to Sep 24, 2023 version.
fnematch and getrune have been overhauled to solve issues around
unicode FS and RS. also fixed gsub null match issue with unicode.
big thanks to Arnold Robbins.
millert [Fri, 6 Oct 2023 16:41:02 +0000 (16:41 +0000)]
__swsetup: set error flag and errno on error.
Previously, we set errno to EBADF if the cantwrite() macro (which calls
__swsetup()) returns true for POSIX compliance. However, we neglected
to also set the error flag, __SERR. Rather than set the error flag in
all callers of cantwrite(), set both errno and the error flag in
__swsetup(). This matches what FreeBSD does and makes it possible
to choose a proper errno value for the second error condition in
__swsetup(). OK deraadt@
krw [Fri, 6 Oct 2023 16:06:11 +0000 (16:06 +0000)]
Rename 'ifaceidx' variables and parameters to 'ifaceno'. More
consistent with existing code and thus less cnance for confusion.
requested by kettenis@
stsp [Fri, 6 Oct 2023 15:15:41 +0000 (15:15 +0000)]
Ignore thermal dual-chain requests from iwx(4) firmware.
Linux only acts on these requests in 11ax mode on 160MHz channels so
we can simply ignore this request for now. Prevents a warning from
being printed when we receive such a request:
iwx0: unhandled firmware response 0x5f6/0x20000008 rx ring 64[3]
Observed on AX210 hardware by bluhm@
stsp [Fri, 6 Oct 2023 15:15:29 +0000 (15:15 +0000)]
Ignore thermal dual-chain requests from iwx(4) firmware.
Linux only acts on these requests in 11ax mode on 160MHz channels so
we can simply ignore this request for now. Prevents a warning from
being printed when we receive such a request:
iwx0: unhandled firmware response 0x5f6/0x20000008 rx ring 64[3]
Observed on AX210 hardware by bluhm@
espie [Fri, 6 Oct 2023 12:45:45 +0000 (12:45 +0000)]
be more explicit about the usage pattern of register-plist and the variables
in bsd.port.mk that govern its behavior.
kn [Fri, 6 Oct 2023 09:55:02 +0000 (09:55 +0000)]
rename pass{word -> file} variable
It contains the path to the file containing a passphrase;
password reads misleading and was also the only usage of "word" in contrast
to consistent "phrase" usage.
kn [Fri, 6 Oct 2023 09:34:19 +0000 (09:34 +0000)]
clean up old 6.7 softraid migration code
ofwboot still passes an old/small .openbsd.bootdata size from before 6.7
when boothowto was added.
Report the exact size from now on such that a future diff can rectify
the corresponding check in autoconf.c:bootstrap().
All this was done to keep old/new bootloaders working with new/old kernels,
but 6.7 is long gone and we should all be running current code.
OK stsp
claudio [Fri, 6 Oct 2023 08:58:13 +0000 (08:58 +0000)]
In sys___thrsigdivert() switch tsleep_nsec() to use the nowake ident
channel instead of inventing an own one.
OK kettenis@ mvs@
espie [Fri, 6 Oct 2023 06:00:18 +0000 (06:00 +0000)]
prepare for adding a value for REGRESSION_TESTING, so that I can test
more funky situations eventually
jmc [Fri, 6 Oct 2023 05:31:54 +0000 (05:31 +0000)]
add -v to usage();
djm [Fri, 6 Oct 2023 03:32:15 +0000 (03:32 +0000)]
typo in error message
djm [Fri, 6 Oct 2023 03:25:14 +0000 (03:25 +0000)]
Perform the softhsm2 setup as discrete steps rather than as a long
shell pipeline. Makes it easier to figure out what has happened when
it breaks.
mvs [Thu, 5 Oct 2023 18:46:14 +0000 (18:46 +0000)]
Do log output to stderr while running dhcpd(8) in foreground to make
behaviour in accordance with man page. Introduce '-v' option to make
output more verbose.
Do a little refactoring to make code more consistent with other daemons
like ospfd(8), httpd(8), relayd(8), etc.
Feedback from bluhm benno
ok bluhm
kn [Thu, 5 Oct 2023 11:58:34 +0000 (11:58 +0000)]
Mention the option to encrypt the root disk on supported architectures
with miod
bluhm [Thu, 5 Oct 2023 11:08:56 +0000 (11:08 +0000)]
Protect interface queues with read once and mutex.
Reading atomic values need at least read once and writing values
should have a mutex. This is what mbuf queues already do. Add
READ_ONCE() to ifq and ifiq macros for len and empty. Convert
ifq_set_maxlen() to a function that grabs ifq_mtx.
OK mvs@
tb [Thu, 5 Oct 2023 07:59:41 +0000 (07:59 +0000)]
Add regress coverage for ASN1_UTCTIME_cmp_time_t()
bluhm [Wed, 4 Oct 2023 18:07:13 +0000 (18:07 +0000)]
re-enable POOL_DEBUG
OK deraadt@
bluhm [Wed, 4 Oct 2023 15:40:13 +0000 (15:40 +0000)]
base is unlocked, move to 7.4-current
OK deraadt@
jmc [Wed, 4 Oct 2023 05:42:10 +0000 (05:42 +0000)]
spelling fix;
djm [Wed, 4 Oct 2023 04:04:09 +0000 (04:04 +0000)]
openssh-9.5
djm [Wed, 4 Oct 2023 04:03:50 +0000 (04:03 +0000)]
add some cautionary text about % token expansion and shell metacharacters;
based on report from vinci AT protonmail.ch
djm [Tue, 3 Oct 2023 23:56:10 +0000 (23:56 +0000)]
fix link to agent draft; spotted by Jann Horn
sthen [Tue, 3 Oct 2023 10:22:10 +0000 (10:22 +0000)]
Reinstate setting rtableid based on rdomain for pfsync,
lost during the rewrite, reported by Mark Patruck.
ok phessler claudio sashan deraadt
tb [Tue, 3 Oct 2023 09:58:06 +0000 (09:58 +0000)]
Fix a typo and move a word
jmc [Tue, 3 Oct 2023 05:20:38 +0000 (05:20 +0000)]
remove unused Pp macro;
krw [Mon, 2 Oct 2023 23:38:11 +0000 (23:38 +0000)]
Add 'host root port' information to hw.ucomnames.
usbN.X.Y becomes usbN.Z.X.Y
Display the usb<blah> string in ucom attach messages so grepping
dmesg can be used to find the path to a ucom.
More USB cluebats from kettenis@. Deep hub depths testing from
drahn@.
ok deraadt@ drahn@ kettenis@
bluhm [Mon, 2 Oct 2023 16:11:09 +0000 (16:11 +0000)]
Now nearbyint_test-1 is passing on macppc, powerpc64, sparc64. Some
recent fixes seem to help also there, not only on amd64.
OK deraadt@
krw [Mon, 2 Oct 2023 14:48:10 +0000 (14:48 +0000)]
Enable cu(1) -l to accept the usb paths shown in hw.ucomnames.
Usual man page tweaks from jmc@ and schwarze@.
Testing various iterations by deraadt@, nicm@, kettenis@, drahn@.
ok deraadt@
claudio [Mon, 2 Oct 2023 13:31:32 +0000 (13:31 +0000)]
bump version
deraadt [Mon, 2 Oct 2023 13:26:04 +0000 (13:26 +0000)]
maybe a bit earlier
tb [Mon, 2 Oct 2023 11:14:15 +0000 (11:14 +0000)]
Add some coverage for ASN1_TIME_cmp_time_t() as well
ASN1_UTCTIME_cmp_tim_t() could be done similarly, but then I have to mess
with LIBRESSL_INTERNAL. Let's do this after unlock.
tb [Mon, 2 Oct 2023 10:40:43 +0000 (10:40 +0000)]
Add regress coverage for ASN1_TIME_compare()
tb [Mon, 2 Oct 2023 09:42:58 +0000 (09:42 +0000)]
Minor asn1time tweaks
Sprinkle some (static) const and garbage collect an unused struct.
jmc [Mon, 2 Oct 2023 05:29:59 +0000 (05:29 +0000)]
DV -> Dv;
tb [Sun, 1 Oct 2023 22:46:21 +0000 (22:46 +0000)]
Example code tweak: do not hardcode the size of array
tb [Sun, 1 Oct 2023 22:14:36 +0000 (22:14 +0000)]
Fix a copy-paste bug in ASN1_TIME_compare()
ASN1_TIME_compare() compares two times t1 and t2. Due to a copy-paste
error, we would do ASN1_time_parse(t1->data, t2->length, &tm2, t2->type)
Now if t1 is a UTCTime (length 13) and t2 is a GeneralizedTime (length 15),
the worst that could happen is a 2-byte out-of-bounds read. Fortunately, t1
will already have parsed as a UTCTime, so it will have a Z where there
should be the first digit of the seconds for a GeneralizedTime and we will
error out.
Now if both t1 and t2 have the same type, we will parse t1's data twice
and we will return an incorrect comparison. This could have some security
impact if anything relied on this function for security purposes. It is
unused in our tree and unused in our ports tree ports and the only consumer
I could find was some MongoDB things doing OCSP, so this won't be too bad.
Then of course there's also the language bindings.
Issue reported by Duncan Thomson at esri dot com via libressl-security
ok beck deraadt
naddy [Sun, 1 Oct 2023 20:15:23 +0000 (20:15 +0000)]
show fingerprint of freshly generated ssh host key on first boot
Print to the console the fingerprint of a newly generated ssh host
key of the preferred type (currently
ED25519), typically when booting
for the first time. This simplifies a secure first ssh connection to
a freshly installed machine.
ok deraadt@ kn@, and various for earlier iterations
tb [Sun, 1 Oct 2023 18:23:50 +0000 (18:23 +0000)]
Document EVP_CIPHER_CTX_iv_length() return values
We aligned with upstream behavior. Let's document it properly.
Surprisingly, OpenSSL 1.1 half-assed the docs: two parts of the manual
contradict each other. The part getting EVP_CIPHER_CTX_iv_length() right,
incorrectly documents possible -1 return value to EVP_CIPHER_iv_length().
OpenSSL 3 documentation improvement efforts seem to have tried to address
this issue with the result that the manual is now entirely wrong when it
comes to the EVP_CIPHER_CTX_iv_length() replacement. Par for the course.
krw [Sun, 1 Oct 2023 15:58:11 +0000 (15:58 +0000)]
Add sysctl hw.ucomnames to list 'fixed' paths to USB serial
ports.
Suggested by deraadt@, USB route idea from kettenis@. Feedback
from anton@, man page improvements from deraadt@, jmc@,
schwarze@.
ok deraadt@ kettenis@
tb [Sun, 1 Oct 2023 10:51:19 +0000 (10:51 +0000)]
The colons separate the octets, not the digits; add missing link to
crypto(3)
kettenis [Sun, 1 Oct 2023 09:03:14 +0000 (09:03 +0000)]
Atlantic 2 hardware has a different layout for the TPS_DATA_TCT registers
and uses different buffer sizes. Fixes an issue where the card would
stop transmitting packets under load on the M2 Pro Mac mini.
ok jmatthew@
kettenis [Sun, 1 Oct 2023 08:56:24 +0000 (08:56 +0000)]
Print the correct SDHC spec version.
ok deraadt@
tb [Sun, 1 Oct 2023 08:29:12 +0000 (08:29 +0000)]
Improve a code comment in the EXAMPLES section
tb [Sun, 1 Oct 2023 08:23:58 +0000 (08:23 +0000)]
Refer to RFC 3779, 2.1.2 for encoding of ranges
Mention sections 2.1.1 and 2.1.2 in STANDARDS
tb [Sun, 1 Oct 2023 08:17:52 +0000 (08:17 +0000)]
Point out that the result of IPAddressRange_new() is an invalid range
since it should be a prefix.
tb [Sun, 1 Oct 2023 05:20:41 +0000 (05:20 +0000)]
encoding -> decoding for d2i