naddy [Sat, 30 Jan 2021 15:15:20 +0000 (15:15 +0000)]
document that sizes in fdisk can be input and printed in terabytes
visa [Sat, 30 Jan 2021 14:59:13 +0000 (14:59 +0000)]
Abstract octeon board handling a little
Detect octeon board model in one place, and replace firmware-supplied
board_type with an abstract model identifier in driver code. This makes
it easier to manage with different products, and board flavours, that
happen to use the same model information, such as board_type.
deraadt [Sat, 30 Jan 2021 14:37:01 +0000 (14:37 +0000)]
satisfy -fno-common
espie [Sat, 30 Jan 2021 11:19:01 +0000 (11:19 +0000)]
do not print to STDOUT if we're in background, as requested by Theo
who pointed at ssh code for process group handling. Thanks
espie [Sat, 30 Jan 2021 11:16:58 +0000 (11:16 +0000)]
I'm such a doofus, of course I have to call base method as well
tb [Sat, 30 Jan 2021 10:48:15 +0000 (10:48 +0000)]
missing word in comment
espie [Sat, 30 Jan 2021 10:43:43 +0000 (10:43 +0000)]
switch ProgressMeter to clearer API
espie [Sat, 30 Jan 2021 10:37:22 +0000 (10:37 +0000)]
rework API slightly, so that handle_continue is an explicit method
(to be overrideen by subclasses when needed)
florian [Sat, 30 Jan 2021 10:31:51 +0000 (10:31 +0000)]
Re-try to open DNSSEC trust anchor file if /var is not mounted yet.
This is a step towards starting unwind earlier, before the network is
up and partitions are mounted.
OK kn
espie [Sat, 30 Jan 2021 10:24:19 +0000 (10:24 +0000)]
for now, do not try to install quirks in case we're running "not"
the better thing to do would be to pseudo-install it under /tmp so we
can run it, but it requires way more changes
martijn [Sat, 30 Jan 2021 08:44:42 +0000 (08:44 +0000)]
Fix delay parsing by stealing from strtonum and returning a proper error to
the user when an invalid value is entered instead of silently falling back
to the default 5s.
While here I also capped the upper limit to UINT32_MAX /
1000000 to prevent
useconds_t overflow. This hard limits us to 4294s, instead of the current
soft limit which just make systat go berserk if you go over it.
Reported and original diff by Nick Gasson nick <at> nickg <dot> me <dot> uk
OK cheloha@
Tweaks and OK bluhm@
djm [Sat, 30 Jan 2021 00:56:38 +0000 (00:56 +0000)]
add a SK_DUMMY_INTEGRATE define that allows the dummy security key
middleware to be directly linked; useful for writing fuzzers, etc.
tobhe [Fri, 29 Jan 2021 21:26:06 +0000 (21:26 +0000)]
Add proper padding for pfkey messages. Use ROUNDUP() for auth and
enc keys.
ok patrick@
florian [Fri, 29 Jan 2021 17:48:58 +0000 (17:48 +0000)]
Some libunbound configuration changes can change the quality of a
resolver so we have to schedule a re-check.
OK kn
florian [Fri, 29 Jan 2021 17:46:04 +0000 (17:46 +0000)]
Don't filter by address family on the route socket.
While here also set SOCK_NONBLOCK on the frontend routesock.
sthen [Fri, 29 Jan 2021 17:12:19 +0000 (17:12 +0000)]
update remaining usb.org URLs
sthen [Fri, 29 Jan 2021 17:06:19 +0000 (17:06 +0000)]
update usb.org URLs
sthen [Fri, 29 Jan 2021 16:59:41 +0000 (16:59 +0000)]
update some usb.org URLs following reorganisation, add a new one for upd
partly from Alessandro Ricci
kettenis [Fri, 29 Jan 2021 16:40:07 +0000 (16:40 +0000)]
Adjust for disabling gcc on macppc.
kettenis [Fri, 29 Jan 2021 16:38:20 +0000 (16:38 +0000)]
Stop building gcc on macppc.
ok cwen@, deraadt@
deraadt [Fri, 29 Jan 2021 16:22:34 +0000 (16:22 +0000)]
repair declerations to satisfy -fno-common
ok kettenis
espie [Fri, 29 Jan 2021 15:58:56 +0000 (15:58 +0000)]
be more forceful about FULLPKGPATH
edd [Fri, 29 Jan 2021 11:44:06 +0000 (11:44 +0000)]
Don't rely on USB interfaces being at compliant indices.
When obtaining an interface handle, we currently rely on the device being
properly USB compliant, and thus the interface being at the correct index in
the interfaces array.
However, some devices present their indices incorrectly. For example, the
following audio device exposes interfaces 0, 1 and 3, in that order (skipping
interface 2 entirely):
uaudio2 at uhub4 port 4 configuration 1 interface 3 "E+ Corp. DAC Audio" rev 1.10/0.01 addr 2
uaudio2: class v1, full-speed, async, channels: 2 play, 0 rec, 3 ctls
This means that that the audio stream interface (number 3) is not found at the
expected index of 2, and this causes looking up the handle to fail.
This change makes usbd_device2interface_handle() search for the right
interface, instead of assuming it will be at the right index. Although this is
a little slower, note that this routine not very frequently called and there
are typically not hundreds of interfaces on a typical USB device.
This fixes the above E+ Corp device, and one other uaudio device reported
broken by a user.
With input from, tested by, and OK ratchov@, mglocker@ and kettenis@.
Many thanks!
ratchov [Fri, 29 Jan 2021 11:38:23 +0000 (11:38 +0000)]
Make audio clients use struct opt to reach the device
No behavior change. This decreases the number of explicit references
to the dev structure
ratchov [Fri, 29 Jan 2021 11:36:44 +0000 (11:36 +0000)]
Make control clients use struct opt to reach the device
No behavior change. This decreases the number of explicit references
to the dev structure.
ratchov [Fri, 29 Jan 2021 11:31:28 +0000 (11:31 +0000)]
Rename ctlslot->mask to ctlslot->self to match the rest of the code
No binary change.
ratchov [Fri, 29 Jan 2021 11:25:05 +0000 (11:25 +0000)]
Order opt_list in opt_new() call order, limit items to OPT_NMAX
No behavior change, except for improved debug printfs.
ratchov [Fri, 29 Jan 2021 11:21:00 +0000 (11:21 +0000)]
Move the options list out of the device structure
No behavior change. Later this will ease applying the configuration of
one device to another by "just" swapping pointers.
ratchov [Fri, 29 Jan 2021 10:55:19 +0000 (10:55 +0000)]
Move the control client state out of the device structure
No behavior change. Later this will ease changing the controlled
device by "just" swapping pointers.
ratchov [Fri, 29 Jan 2021 10:51:24 +0000 (10:51 +0000)]
Move the audio clients state out of the device structure
No behavior change. Later this will ease moving clients from one
device to another by "just" swapping pointers.
claudio [Fri, 29 Jan 2021 10:47:24 +0000 (10:47 +0000)]
Use NULL instead of 0 to clear v_socket pointer (which actually clears all
of the v_un pointers).
OK jsg@ mvs@
claudio [Fri, 29 Jan 2021 10:15:42 +0000 (10:15 +0000)]
Adjust regress test, the hash argument to the parse functions was removed.
claudio [Fri, 29 Jan 2021 10:13:16 +0000 (10:13 +0000)]
A while ago rpki-client was changed to validate the sha256 hashes of
files referenced in MFT files during the validation of the MFT file.
An MFT is only valid if all files are present and their hashes are valid.
Because of this there is no longer the need to check the hash when
these files are parsed later on. Remove these checks for CRT, ROA and CRL
files. Use the presence of the pkey when parsing cert files to decide
if it is a root cert or not.
OK tb@
nicm [Fri, 29 Jan 2021 09:48:43 +0000 (09:48 +0000)]
Trim output overwritten by later text or clears completely rather than
only in a few cases. This means we can better track when a line should
wrap. GitHub issue 2537.
jsg [Fri, 29 Jan 2021 08:48:19 +0000 (08:48 +0000)]
recognise Cortex-A78C
djm [Fri, 29 Jan 2021 06:29:46 +0000 (06:29 +0000)]
fix the values of enum sock_type
djm [Fri, 29 Jan 2021 06:28:10 +0000 (06:28 +0000)]
give typedef'd struct a struct name; makes the fuzzer I'm writing a bit
easier
rob [Fri, 29 Jan 2021 00:31:41 +0000 (00:31 +0000)]
Whitespace.
martijn [Thu, 28 Jan 2021 20:45:14 +0000 (20:45 +0000)]
Remove print_{debug,verbose} since they're currently unused and I see no
reason to start using them in the future.
OK tb@
mvs [Thu, 28 Jan 2021 20:06:38 +0000 (20:06 +0000)]
bridge(4): convert ifunit() to if_unit(9)
ok bluhm@ sashan@
mvs [Thu, 28 Jan 2021 20:04:44 +0000 (20:04 +0000)]
trunk(4): convert ifunit to if_unit(9)
ok bluhm@
martijn [Thu, 28 Jan 2021 19:56:33 +0000 (19:56 +0000)]
Add '$' to ober_scanf_elements().
This allows us to enforce end of sequence/set without having to manually
check be_next for NULL.
No lib bump needed according to millert@
OK millert@ rob@
deraadt [Thu, 28 Jan 2021 18:54:50 +0000 (18:54 +0000)]
bios_memmap[] should not be a common
ok kettenis
jsing [Thu, 28 Jan 2021 18:32:46 +0000 (18:32 +0000)]
Remove direct assignment of aead_ctx.
Now that AEAD is handled internally, we should no longer be assigning
aead_ctx directly, as this will result in a leak. Missed during the
previous change.
millert [Thu, 28 Jan 2021 18:09:15 +0000 (18:09 +0000)]
Add ldap(1) to the SEE ALSO section. OK deraadt@
deraadt [Thu, 28 Jan 2021 17:39:01 +0000 (17:39 +0000)]
Again allow COPTS= to come from the environment again, and don't lose the
SMALL_KERNEL specific variations.
ok espie jsg
cheloha [Thu, 28 Jan 2021 17:19:40 +0000 (17:19 +0000)]
tpm(4): fix delay units
tpm(4) has timeout constants in milliseconds, e.g.
#define TPM_ACCESS_TMO 2000 /* 2sec */
This is fine.
The odd thing is that tpm(4) first converts these timeouts to counts
of ticks via tpm_tmotohz() before using DELAY() to busy-wait. DELAY()
takes a count of microseconds, which are not equivalent to ticks, so
the units are all screwed up.
Let's correct this:
- Remove tpm_tmotohz(). We're not working with ticks so we don't it.
- Multiply the timeouts to match the delay interval. tpm_request_locality()
and tpm_getburst() use intervals of 10 microseconds, so multiply the
millisecond timeouts by 100. In tpm_waitfor() the delay interval is 1
microsecond, so multiply the millisecond timeout by 1000.
- Update the parameter name in tpm_waitfor() to note that we expect a
count of milliseconds, not "tries".
Discussion: https://marc.info/?l=openbsd-tech&m=
160995671326406&w=2
Prompted by kettenis@.
Suspend/resume tested by florian@ on an X1 Gen 2. For the record, it
looks like this:
tpm0 at acpi0 TPM_ addr 0xfed40000/0x5000, device 0x0000104a rev 0x4e
Earlier versions of this patch were reviewed by kn@, but the patch
became more ambitious when kettenis@ got involved so those reviews
are no longer applicable.
jcs@ notes (https://marc.info/?l=openbsd-tech&m=
160834427630142&w=2)
in a related discussion that this driver "sucks" and should be
replaced with NetBSD's rewrite. This would get us a cleaner driver
with TPM 2.0 support. So there is future work to do here.
ok kettenis@
jsing [Thu, 28 Jan 2021 17:00:38 +0000 (17:00 +0000)]
Move AEAD handling into the new TLSv1.2 record layer.
ok tb@
visa [Thu, 28 Jan 2021 15:13:27 +0000 (15:13 +0000)]
Show when witness(4) has run out of lock order data entries.
This makes it clearer why lock order traces are sometimes not displayed.
Prompted by a question from, and OK anton@
visa [Thu, 28 Jan 2021 14:53:20 +0000 (14:53 +0000)]
Drop tcp_trace() from SMALL_KERNEL builds to make room on amd64 floppy
OK deraadt@
mglocker [Thu, 28 Jan 2021 12:50:28 +0000 (12:50 +0000)]
Be consistent in not using parameter names for function prototypes;
I've missed two more cases in the previous commit.
ratchov [Thu, 28 Jan 2021 11:17:58 +0000 (11:17 +0000)]
When an audio device is disconnected, drop MIDI clients controlling it
ratchov [Thu, 28 Jan 2021 11:15:31 +0000 (11:15 +0000)]
Dont attempt to drain disconnected clients
Clients are always drained before they disconnect, so this change
affects programs that die unexpectedly or loose thier network
connection.
Besides the bad style, this change fixes a theoretical bug when the
disconnected client slot could be recycled and given to another client
while it's being drained
ratchov [Thu, 28 Jan 2021 11:10:00 +0000 (11:10 +0000)]
In slot_xxx(), store dev pointer in local variable
This removes many redundant dereferences to obtain the dev pointer
from the slot stucture and makes the source slightly more readable.
No behavior change.
ratchov [Thu, 28 Jan 2021 11:06:58 +0000 (11:06 +0000)]
Use everywhere the same pattern to handle fractional clock ticks
No behavior change; this change is only to make the maths easier to
proofread
ratchov [Thu, 28 Jan 2021 11:06:07 +0000 (11:06 +0000)]
Make slot_{attach,detach}() the opposite of each other
No bahavior change. Now, slot_attach() moves slot's clock forward and
puts the slot on device list; slot_detach() does the opposite: remove
from device list and move clock backwards. This will allow to detach a
client and attach it later in exactly the same state.
ratchov [Thu, 28 Jan 2021 11:02:28 +0000 (11:02 +0000)]
Drop unused dev_nctl() function and few unused prototypes
dlg [Thu, 28 Jan 2021 09:37:20 +0000 (09:37 +0000)]
handle "once" rules before letting pfsync defer tx of a packet.
pfsync may want to defer the transmission of a packet. it does this so
it can try and get a state over to a peer firewall before a host may
send a reply to the peer, which would get dropped cos there's no
matching state.
i think the once rule processing should happen before that. the state
is created from the rule, whether the packet the state is for goes out
immediately or not shouldn't matter.
ok sashan@
florian [Thu, 28 Jan 2021 07:34:34 +0000 (07:34 +0000)]
A new resolver can be created while we currently run a check with the
old configuration. We will then request another check that runs in
parallel to the old check. If the new check finishes earlier, the
current check result will be overwritten by an outdated check result
which is likely wrong.
While here fix some whitespace.
OK phessler
kurt [Thu, 28 Jan 2021 01:48:54 +0000 (01:48 +0000)]
Rename bNumInterface to bNumInterfaces to fix build on arm64.
mortimer [Thu, 28 Jan 2021 01:39:19 +0000 (01:39 +0000)]
Extern dwarf2_loc_mark_labels. Fixes compiation with -fno-common.
ok deraadt@
mortimer [Thu, 28 Jan 2021 01:36:32 +0000 (01:36 +0000)]
Explicitly enable -fcommon, rather than untangle common symbols.
ok deraadt@
mortimer [Thu, 28 Jan 2021 01:20:37 +0000 (01:20 +0000)]
Extern privsep_process. Fixes compilation with -fno-common.
ok deraadt@
mortimer [Thu, 28 Jan 2021 01:18:44 +0000 (01:18 +0000)]
Extern transport_list. Fixed compilation with -fno-common.
ok deraadt@
dlg [Wed, 27 Jan 2021 23:53:35 +0000 (23:53 +0000)]
if the route resolved in pf_route is invalid, generate an icmp error.
of course this is limited to the !dup-to case.
ok sashan@ bluhm@
djm [Wed, 27 Jan 2021 23:49:46 +0000 (23:49 +0000)]
fix leak: was double allocating kex->session_id buffer
sthen [Wed, 27 Jan 2021 22:27:41 +0000 (22:27 +0000)]
update comment, SMALL was split into SMALL and NOSSL
rob [Wed, 27 Jan 2021 22:12:28 +0000 (22:12 +0000)]
Unveil ldapd. Follow recent precedent and elect to forego the unlinking of
some objects at shutdown thereby allowing for a tighter unveil.
Feedbackup from deraadt@ and martijn@.
OK deraadt@
eric [Wed, 27 Jan 2021 20:33:05 +0000 (20:33 +0000)]
remove bogus key hack now that it's handled by libtls
no objection claudio@
ok tb@ jsing@
tb [Wed, 27 Jan 2021 20:16:58 +0000 (20:16 +0000)]
wrap an overlong line
tb [Wed, 27 Jan 2021 18:01:55 +0000 (18:01 +0000)]
sync
tb [Wed, 27 Jan 2021 18:00:25 +0000 (18:00 +0000)]
Link SSL_get_finished.3 to build.
tb [Wed, 27 Jan 2021 17:59:57 +0000 (17:59 +0000)]
Write SSL_get_finished() documentation from scratch.
ok beck
tb [Wed, 27 Jan 2021 17:57:40 +0000 (17:57 +0000)]
Merge SSL_set_hostflags documentation from OpenSSL 1.1.1i and
add HISTORY section. This is currently ignored input next to
SSL_get0_peername() and will be unignored once the symbols are
made publicly visible in libssl.
mglocker [Wed, 27 Jan 2021 17:28:19 +0000 (17:28 +0000)]
The usb configuration descriptor parameter providing the number of
available device interfaces is called 'bNumInterfaces'.
ok phessler@, thfr@ (who provided the man page diff)
millert [Wed, 27 Jan 2021 17:02:50 +0000 (17:02 +0000)]
Promote nrules/maxrules to size_t and make sure they can't overflow.
reallocarray(3) will fail if nmemb * size would overflow.
OK tb@ martijn@
jmc [Wed, 27 Jan 2021 14:59:10 +0000 (14:59 +0000)]
mark up fixes; from lyndon
jmc [Wed, 27 Jan 2021 14:58:06 +0000 (14:58 +0000)]
word fix;
jmc [Wed, 27 Jan 2021 14:57:29 +0000 (14:57 +0000)]
spelling fixes;
jsg [Wed, 27 Jan 2021 10:48:44 +0000 (10:48 +0000)]
regen
jsg [Wed, 27 Jan 2021 10:47:58 +0000 (10:47 +0000)]
add some more amdgpu devices
nicm [Wed, 27 Jan 2021 10:42:52 +0000 (10:42 +0000)]
Flush pending output before entering or exiting alternate screen rather
than leaking it, oss-fuzz issue 29959.
djm [Wed, 27 Jan 2021 10:15:08 +0000 (10:15 +0000)]
this needs kex.h now
djm [Wed, 27 Jan 2021 10:05:28 +0000 (10:05 +0000)]
make ssh->kex->session_id a sshbuf instead of u_char*/size_t and
use that instead of global variables containing copies of it.
feedback/ok markus@
djm [Wed, 27 Jan 2021 09:26:53 +0000 (09:26 +0000)]
remove global variable used to stash compat flags and use the
purpose-built ssh->compat variable instead; feedback/ok markus@
mglocker [Wed, 27 Jan 2021 08:32:46 +0000 (08:32 +0000)]
Be consistent in not using parameter names for function prototypes.
florian [Wed, 27 Jan 2021 08:30:50 +0000 (08:30 +0000)]
Determine available address families (and monitor when this changes)
to configure libunbound accordingly. This way it no longer tries to
talk to IPv6 nameservers when only IPv4 is available and vice versa.
input deraadt
OK kn
dlg [Wed, 27 Jan 2021 07:46:11 +0000 (07:46 +0000)]
do better accounting of how many msix interrupts we want to use.
ok jmatthew@
deraadt [Wed, 27 Jan 2021 07:21:52 +0000 (07:21 +0000)]
these programs (with common ancestry) had a -fno-common problem related
to privsep_procid.
ok mortimer
deraadt [Wed, 27 Jan 2021 07:21:12 +0000 (07:21 +0000)]
split out extern and decl for -fno-common
deraadt [Wed, 27 Jan 2021 07:20:27 +0000 (07:20 +0000)]
makemap does not need a common which it does not use.
deraadt [Wed, 27 Jan 2021 07:19:54 +0000 (07:19 +0000)]
commons used rather than externs, fix for -fno-common
deraadt [Wed, 27 Jan 2021 07:18:41 +0000 (07:18 +0000)]
fix -fno-common issues; ok mortimer
deraadt [Wed, 27 Jan 2021 07:18:16 +0000 (07:18 +0000)]
fix -fno-common issues; ok mortimer
deraadt [Wed, 27 Jan 2021 05:06:12 +0000 (05:06 +0000)]
nsd contains two yacc parsers, but predates "yacc -b". Instead a
script renames the fields in one parser. Three additional variables
(yysslim, yyssp, yystacksize) need to be renamed also.
Yes it is worse than stepping out of bed on the wrong side into cat vomit.
deraadt [Wed, 27 Jan 2021 05:03:23 +0000 (05:03 +0000)]
shuffle externs (and definitions) around to satisfy -fno-common
ok mortimer
dlg [Wed, 27 Jan 2021 04:46:21 +0000 (04:46 +0000)]
have pf_route{,6} clear the pf_pdesc mbuf ref early for route-to/reply-to.
pf_route and pf_route6 are called to take over delivery of the
packet with route-to and reply-to instead of letting it get processed
normally. for the dup-to handling, it copies the mbuf but leaves
the original mbuf in place. pf_route takes over the packet by
clearing the mbuf pointer in the pf_pdesc struct. this diff moves
the clearing of that pointer to the start of the function, rather
than checking for dup-to again on the way out of the function.
i think this is better because it means that it's more robust in
the face of future code changes. even if that's not true, it's still
shorter code in a forwarding path.
ok sashan@ jmatthew@
dlg [Wed, 27 Jan 2021 03:02:06 +0000 (03:02 +0000)]
don't run copies of packets made by dup-to through pf_test.
dup-to is kind of like what you do with a span port, but is a bit
more fine grained. it copies packets in a connection out an interface
so that connection can be monitored. it doesnt make sense for pf
to see the copied packets and try to match or create new states for
them either. at best it needs config to stop pf seeing the copies
(eg, set skip on $dup_to_tgt_if). at worst it breaks the connections
you're monitoring because the states in pf get confused.
found while discussing larger route-to changes on tech@.
ok bluhm@ sashan@
visa [Wed, 27 Jan 2021 02:58:03 +0000 (02:58 +0000)]
kqueue: Fix termination assert
When a kqueue file is closed, the kqueue can still have threads
scanning it. Consequently, kqueue_terminate() can see scan markers
in the event queue. These markers are removed when the scanning threads
leave the kqueue. Take this into account when checking the queue's
state, to avoid a panic when kqueue is closed from under a thread.
OK anton@
Reported-by: syzbot+757c60a2aa1125137cce@syzkaller.appspotmail.com
deraadt [Wed, 27 Jan 2021 01:59:39 +0000 (01:59 +0000)]
satisfy -fno-common by duplicating deck chairs as required
ok mortimer millert