openbsd
12 months agoKNF plus fixed a few signed vs unsigned compares (that we actually
otto [Sat, 4 Nov 2023 11:02:35 +0000 (11:02 +0000)]
KNF plus fixed a few signed vs unsigned compares (that we actually
not real problems)

12 months agoWith the move of SNMPv2-SMI::snmpV2 into application_internal.c, it's no
martijn [Sat, 4 Nov 2023 09:42:17 +0000 (09:42 +0000)]
With the move of SNMPv2-SMI::snmpV2 into application_internal.c, it's no
longer possible to register objects underneath this region. This
effectively made a few snmp(1) regress tests unusable, which essentially
don't belong here. Simply remove these tests.

12 months agoMove SNMPv2-MIB::system from mib.c into the new application_internal.c.
martijn [Sat, 4 Nov 2023 09:38:47 +0000 (09:38 +0000)]
Move SNMPv2-MIB::system from mib.c into the new application_internal.c.
This was the last consumer of mib.c, so send it to the great bitbucket
in the sky.

This move removes the sysORTable, but it was basically non-functioning
anyway and removal of previous entries from the table didn't caused
any fallout that reached my ears.
I hope to add proper sysORTable/agent-capabilities support, which
is compatible with AgentX's {Add,Remove}AgentCaps, soon.

OK tb@

12 months agoMove SNMPv2-SMI::snmpV2 from mib.c into the new application_internal.c
martijn [Sat, 4 Nov 2023 09:30:28 +0000 (09:30 +0000)]
Move SNMPv2-SMI::snmpV2 from mib.c into the new application_internal.c

OK tb@

12 months agoMove SNMPv2-MIB::snmp from mib.c into the new application_internal.c
martijn [Sat, 4 Nov 2023 09:28:04 +0000 (09:28 +0000)]
Move SNMPv2-MIB::snmp from mib.c into the new application_internal.c

OK tb@

12 months agoIntroduce application_internal.c. This backend is meant to replace
martijn [Sat, 4 Nov 2023 09:22:52 +0000 (09:22 +0000)]
Introduce application_internal.c. This backend is meant to replace
application_legacy.c, mps.c, and mib.c. This commit just introduces the
backend. The existing MIBs inside mib.c will be copied over in
subsequent commits.

OK tb@

12 months agoCheck if a signal already has been received before entering a blocking
anton [Fri, 3 Nov 2023 19:32:28 +0000 (19:32 +0000)]
Check if a signal already has been received before entering a blocking
read as opposed of only doing it afterwards. Issue uncovered by the mail
regress tests.

With claudio@ and ok millert@

12 months agotimeout(1): align execvp(3) failure statuses with GNU timeout
cheloha [Fri, 3 Nov 2023 19:16:31 +0000 (19:16 +0000)]
timeout(1): align execvp(3) failure statuses with GNU timeout

Align our exit statuses with those of GNU timeout in the execvp(3)
failure case.  Exit with 127 if the utility is not found.  Exit with
126 if we cannot execute the utility for any other reason.

While here, the child should _exit(2) instead of calling exit(3) via
err(3).

Update the manpage accordingly.

With input from millert@ and deraadt@.

Link: https://marc.info/?l=openbsd-tech&m=169739592322978&w=2
ok millert@

12 months agotypo: ignorning -> ignoring
tb [Fri, 3 Nov 2023 15:02:06 +0000 (15:02 +0000)]
typo: ignorning -> ignoring

From Laurie Tratt, ok florian

12 months agoMake netcat tests less flaky by ensuring the server has terminated before
anton [Fri, 3 Nov 2023 14:05:30 +0000 (14:05 +0000)]
Make netcat tests less flaky by ensuring the server has terminated before
examining the outcome.

ok bluhm@

12 months agoinitialize `format' earlier
op [Fri, 3 Nov 2023 13:40:07 +0000 (13:40 +0000)]
initialize `format' earlier

It's easier to see that it's never used un-initialized.

ok tb@

12 months agocast tv_usec to long for *printf
op [Fri, 3 Nov 2023 13:38:28 +0000 (13:38 +0000)]
cast tv_usec to long for *printf

mostly for -portable; on darwin suseconds_t is an int.

ok tb@

12 months agoBe explicit in saying what a shell pattern is.
espie [Fri, 3 Nov 2023 13:03:02 +0000 (13:03 +0000)]
Be explicit in saying what a shell pattern is.
I'm not a big fan of idiosyncratic lua patterns, especially in
that context, but pointing towards them and not mentionning glob(7)
is thoroughly confusing. Don't push lua patterns down people throats !

At least you know what the incredibly fuzzy "shell patterns" refers to
now !

okay millert@, jmc@

12 months agovmd(8): fix block size calculation for vioscsi devices.
dv [Fri, 3 Nov 2023 11:16:43 +0000 (11:16 +0000)]
vmd(8): fix block size calculation for vioscsi devices.

During the multi-process rework, I changed the way disk sizes are
calculated, switching to storing bytes and not 512-byte blocks. The
size calculation from reading an iso did not receive the change in
scaling, resulting in the virtio scsi emulation to think iso's are
larger than reality.

This fixes booting the latest Ubuntu amd64 iso's as apparently
there's some program that tries to arbitrarily read the tail end
of the iso into memory.

ok mlarkin@

12 months agodrm/dp_mst: Fix NULL deref in get_mst_branch_device_by_guid_helper()
jsg [Fri, 3 Nov 2023 03:29:36 +0000 (03:29 +0000)]
drm/dp_mst: Fix NULL deref in get_mst_branch_device_by_guid_helper()

From Lukasz Majczak
6c668e2f338bde76279aeaf4d4c035c4196a479b in linux-6.1.y/6.1.61
3d887d512494d678b17c57b835c32f4e48d34f26 in mainline linux

12 months agodrm/amd: Disable ASPM for VI w/ all Intel systems
jsg [Fri, 3 Nov 2023 03:26:51 +0000 (03:26 +0000)]
drm/amd: Disable ASPM for VI w/ all Intel systems

From Mario Limonciello
024251bab25daf97a3599c985dd04117b9c60d6b in linux-6.1.y/6.1.61
64ffd2f1d00c6235dabe9704bbb0d9ce3e28147f in mainline linux

12 months agodrm/i915/pmu: Check if pmu is closed before stopping event
jsg [Fri, 3 Nov 2023 03:24:23 +0000 (03:24 +0000)]
drm/i915/pmu: Check if pmu is closed before stopping event

From Umesh Nerlige Ramappa
eded5f5261b8ff14417f9441934a1865b379b7db in linux-6.1.y/6.1.61
4cbed7702eb775cca22fff6827a549092cb59f61 in mainline linux

12 months agoUse pfctl_fopen (which checks to ensure the given file isn't a directory)
sthen [Thu, 2 Nov 2023 20:47:31 +0000 (20:47 +0000)]
Use pfctl_fopen (which checks to ensure the given file isn't a directory)
for pfctl -f /path/to/pf.conf. Otherwise, if you accidentally use a dir
instead of a file (e.g. if you have an /etc/pf directory and don't notice
the name when tab-completing), you successfully install an empty ruleset.
ok sashan@

12 months agoFix a few bizarre line wraps in x509.h
tb [Thu, 2 Nov 2023 20:25:48 +0000 (20:25 +0000)]
Fix a few bizarre line wraps in x509.h

12 months agomention codeberg and kde templates on bsd.port.mk(5) DIST_TUPLE
paco [Thu, 2 Nov 2023 16:14:46 +0000 (16:14 +0000)]
mention codeberg and kde templates on bsd.port.mk(5) DIST_TUPLE

ok op@
+1 rsadowski

12 months agonext-prompt can have 1 argument.
nicm [Thu, 2 Nov 2023 10:38:14 +0000 (10:38 +0000)]
next-prompt can have 1 argument.

12 months agoUse X509_ALGOR_set0_by_nid() in X509_ALGOR_set_evp_md()
tb [Wed, 1 Nov 2023 20:41:12 +0000 (20:41 +0000)]
Use X509_ALGOR_set0_by_nid() in X509_ALGOR_set_evp_md()

ok jsing

12 months agoAdd X509_ALGOR_set0_by_nid()
tb [Wed, 1 Nov 2023 20:37:42 +0000 (20:37 +0000)]
Add X509_ALGOR_set0_by_nid()

X509_ALGOR_set0() is annoyingly unergonomic since it takes an ASN1_OBJECT
rather than a nid.  This means that almost all callers call OBJ_obj2nid()
and they often do this inline without error checking so that the resulting
X509_ALGOR object is corrupted and may lead to incorrect encodings.

Provide an internal alternative X509_ALGOR_set0_by_nid() that takes a nid
instead of an ASN1_OBJECT and performs proper error checking. This will be
used to convert callers of X509_ALGOR_set0() in the library.

ok jsing

12 months agoExplain the weird order of doing things in X509_ALGOR_set0()
tb [Wed, 1 Nov 2023 20:26:24 +0000 (20:26 +0000)]
Explain the weird order of doing things in X509_ALGOR_set0()

12 months agoRename ptype and pval to parameter_type and parameter_value
tb [Wed, 1 Nov 2023 20:25:27 +0000 (20:25 +0000)]
Rename ptype and pval to parameter_type and parameter_value

ok jsing

12 months agoUnindent X509_ALGOR_set0_parameter()
tb [Wed, 1 Nov 2023 20:22:24 +0000 (20:22 +0000)]
Unindent X509_ALGOR_set0_parameter()

ok jsing

12 months agoSplit X509_ALGOR_set0_parameter() out of X509_ALGOR_set0()
tb [Wed, 1 Nov 2023 20:19:16 +0000 (20:19 +0000)]
Split X509_ALGOR_set0_parameter() out of X509_ALGOR_set0()

ok jsing

12 months agoSplit X509_ALGOR_set0_obj() out of X509_ALGOR_set0()
tb [Wed, 1 Nov 2023 20:14:51 +0000 (20:14 +0000)]
Split X509_ALGOR_set0_obj() out of X509_ALGOR_set0()

ok jsing

12 months agoSpecify ssh binary to use instead of relying on installed one. Fixes
dtucker [Wed, 1 Nov 2023 02:08:38 +0000 (02:08 +0000)]
Specify ssh binary to use instead of relying on installed one.  Fixes
test failures in -portable when running tests prior to installation.

12 months agoadd some tests of forced commands overriding Subsystem directives
djm [Wed, 1 Nov 2023 00:29:46 +0000 (00:29 +0000)]
add some tests of forced commands overriding Subsystem directives

12 months agocksum: better describe the -c (checklist) option
millert [Tue, 31 Oct 2023 20:42:14 +0000 (20:42 +0000)]
cksum: better describe the -c (checklist) option

The -c option can handle entries in normal (BSD) and reverse (GNU)
format.  Both hex and base64 entries are supported.  OK jmc@

12 months agocksum -c: support checking base64 digests in reverse mode too.
millert [Tue, 31 Oct 2023 19:37:17 +0000 (19:37 +0000)]
cksum -c: support checking base64 digests in reverse mode too.

In reverse mode, the entry does not include the digest algorithm
so the specified algorithm (or the default) is used when checking.
OK deraadt@

12 months agoRemove 3 expected failures those got fixed in the regress code.
claudio [Tue, 31 Oct 2023 08:00:33 +0000 (08:00 +0000)]
Remove 3 expected failures those got fixed in the regress code.

12 months agounlink("/") just needs to error. Checking for a specific errno makes
claudio [Tue, 31 Oct 2023 07:59:52 +0000 (07:59 +0000)]
unlink("/") just needs to error. Checking for a specific errno makes
little sense here since there are multiple possible errnos that could
be returned. On OpenBSD this returns EISDIR and not EBUSY.
OK mbuhl@ millert@

12 months agoWhen creating a file in a directory the file gid is inherited from
claudio [Tue, 31 Oct 2023 07:57:59 +0000 (07:57 +0000)]
When creating a file in a directory the file gid is inherited from
the directory and so checking against getgid() makes no sense.
OK mbuhl@ millert@

12 months agoIgnore closefrom() failure. This fails normally since fd 4 and up are all
claudio [Tue, 31 Oct 2023 07:56:44 +0000 (07:56 +0000)]
Ignore closefrom() failure. This fails normally since fd 4 and up are all
closed.
OK mbuhl@ millert@

12 months agoremove unneeded includes
jsg [Tue, 31 Oct 2023 05:46:36 +0000 (05:46 +0000)]
remove unneeded includes
ok deraadt@

12 months agoDon't try to use sudo inside sshd log wrapper. We still need to
dtucker [Tue, 31 Oct 2023 04:15:40 +0000 (04:15 +0000)]
Don't try to use sudo inside sshd log wrapper.  We still need to
check if we're using sudo since we don't want to chown unecessarily,
as on some platforms this causes an error which pollutes stderr.
We also don't want to unnecessarily invoke sudo, since it's running
in the context of the proxycommand, on *other* platforms it may not
be able to authenticate, and if we're using SUDO then it should
already be privileged.

12 months agoOnly try to chmod logfile if we have sudo. If we don't have sudo
dtucker [Tue, 31 Oct 2023 02:58:45 +0000 (02:58 +0000)]
Only try to chmod logfile if we have sudo.  If we don't have sudo
then we won't need to chmod.

12 months agoUpdate awk to Oct 30, 2023 version.
millert [Tue, 31 Oct 2023 01:08:51 +0000 (01:08 +0000)]
Update awk to Oct 30, 2023 version.

This is really just a version number bump as we already have the
fixes committed.

12 months agomove PKCS#11 setup code to test-exec.sh so it can be reused elsewhere
djm [Mon, 30 Oct 2023 23:00:25 +0000 (23:00 +0000)]
move PKCS#11 setup code to test-exec.sh so it can be reused elsewhere

12 months agoThis is the OpenBSD version of Awk.
millert [Mon, 30 Oct 2023 22:12:02 +0000 (22:12 +0000)]
This is the OpenBSD version of Awk.

12 months agoMinor cosmetic changes to make our awk match my github branch.
millert [Mon, 30 Oct 2023 17:52:54 +0000 (17:52 +0000)]
Minor cosmetic changes to make our awk match my github branch.

12 months agotidy and refactor PKCS#11 setup code
djm [Mon, 30 Oct 2023 17:32:00 +0000 (17:32 +0000)]
tidy and refactor PKCS#11 setup code

Replace the use of a perl script to delete the controlling TTY with a
SSH_ASKPASS script to directly load the PIN.

Move PKCS#11 setup code to functions in anticipation of it being used
elsewhere in additional tests.

Reduce stdout spam

12 months agoAdd support for OpenSSL 3.1 interop tests
tb [Mon, 30 Oct 2023 17:15:21 +0000 (17:15 +0000)]
Add support for OpenSSL 3.1 interop tests

Until OpenSSL 3.1 has replaced OpenSSL 3.0 on most architectures, run
both tests. Installed packages of OpenSSL 3.0 will update automatically
to 3.1, so regress runners should not need to do anything.

12 months agoInclude strings.h for the strncasecmp() prototype.
millert [Mon, 30 Oct 2023 16:14:51 +0000 (16:14 +0000)]
Include strings.h for the strncasecmp() prototype.

From upstream.

12 months agoDo not allow combined UTF-8 characters that are too long, GitHub issue
nicm [Mon, 30 Oct 2023 16:05:30 +0000 (16:05 +0000)]
Do not allow combined UTF-8 characters that are too long, GitHub issue
3729.

12 months agoDo not truncate MSG_EOR in recvmsg().
bluhm [Mon, 30 Oct 2023 13:27:53 +0000 (13:27 +0000)]
Do not truncate MSG_EOR in recvmsg().

The soreceive() code depends on the fact that MSG_EOR is set on the
last mbuf of the chain.  In sbappendcontrol() move MSG_EOR to the
end like sbcompress() does it.  This fixes MSG_EOR handling for
SOCK_SEQPACKET sockets with control message.

bug reported by Eric Wong
analysed, tested and OK claudio@

12 months agoUse KERNEL_ASSERT_UNLOCKED() instead of KASSERT(!_kernel_lock_held()).
mvs [Mon, 30 Oct 2023 12:50:59 +0000 (12:50 +0000)]
Use KERNEL_ASSERT_UNLOCKED() instead of KASSERT(!_kernel_lock_held()).
The first one defined as the second, so no functional changed.

ok claudio

12 months agoUse ERESTART for any single_thread_set() error in sys_execve().
claudio [Mon, 30 Oct 2023 07:13:10 +0000 (07:13 +0000)]
Use ERESTART for any single_thread_set() error in sys_execve().

If single thread is already held by another thread just unwind to userret()
wait there and retry the system call later (if at all).
OK mpi@

12 months agoAdjust KERNEL_ASSERT_UNLOCKED() to not assert during a panic.
claudio [Mon, 30 Oct 2023 07:04:36 +0000 (07:04 +0000)]
Adjust KERNEL_ASSERT_UNLOCKED() to not assert during a panic.

KERNEL_ASSERT_UNLOCKED calls _kernel_lock_held() which returns true
if panicstr || db_active which triggers this assert. Workaround this by
checking them before.

This will alter the following Syzkaller reports:
Reported-by: syzbot+169110a0815838ab5940@syzkaller.appspotmail.com
Reported-by: syzbot+3c2eced405b9de6f79c2@syzkaller.appspotmail.com
OK mpi@

12 months agoseperate -> separate;
jmc [Mon, 30 Oct 2023 06:11:04 +0000 (06:11 +0000)]
seperate -> separate;

12 months agomake special note, right at the start, that DNS is handled seperately
deraadt [Mon, 30 Oct 2023 01:34:13 +0000 (01:34 +0000)]
make special note, right at the start, that DNS is handled seperately
from regular network.  All the crummy pledge clones don't do that.
ok millert

12 months agodrm/amd/pm: add unique_id for gc 11.0.3
jsg [Mon, 30 Oct 2023 01:02:30 +0000 (01:02 +0000)]
drm/amd/pm: add unique_id for gc 11.0.3

From Kenneth Feng
2a2df4f74f3746b614af686a9cbaa390d3828b09 in linux-6.1.y/6.1.60
4953856f280b2b606089a72a93a1e9212a3adaca in mainline linux

12 months agodrm: panel-orientation-quirks: Add quirk for One Mix 2S
jsg [Mon, 30 Oct 2023 00:59:56 +0000 (00:59 +0000)]
drm: panel-orientation-quirks: Add quirk for One Mix 2S

From Kai Uwe Broulik
c3657e5fa7b6310a485f59ca965d12a618e0c8df in linux-6.1.y/6.1.60
cbb7eb2dbd9472816e42a1b0fdb51af49abbf812 in mainline linux

12 months agodrm/i915: Retry gtt fault when out of fence registers
jsg [Mon, 30 Oct 2023 00:56:47 +0000 (00:56 +0000)]
drm/i915: Retry gtt fault when out of fence registers

From Ville Syrjala
add2eeda1d6e3ead1d61db70e37615e5ef6c5e75 in linux-6.1.y/6.1.60
e339c6d628fe66c9b64bf31040a55770952aec57 in mainline linux

12 months agolibc: Makefile.inc: remove "sparc" from quad support list; ok deraadt@
cheloha [Sun, 29 Oct 2023 23:32:52 +0000 (23:32 +0000)]
libc: Makefile.inc: remove "sparc" from quad support list; ok deraadt@

12 months agoMake gnu99 the default for gcc 3.3.6 and 4.2.1, not gnu89.
millert [Sun, 29 Oct 2023 23:31:15 +0000 (23:31 +0000)]
Make gnu99 the default for gcc 3.3.6 and 4.2.1, not gnu89.
While these versions of gcc don't have full C99 support, it is
better than defaulting to C89 when building modern software.
OK deraadt@

12 months agoEnable ISO C11 APIs when building libc, even with an older compiler.
millert [Sun, 29 Oct 2023 14:26:13 +0000 (14:26 +0000)]
Enable ISO C11 APIs when building libc, even with an older compiler.
Otherwise, the prototypes for timespec_get() and aligned_alloc()
are not visible.  OK guenther@

12 months agoUse clock_gettime(), not timespec_get() like other parts of ifconfig.
millert [Sun, 29 Oct 2023 14:23:04 +0000 (14:23 +0000)]
Use clock_gettime(), not timespec_get() like other parts of ifconfig.
This makes is possible to build the base system with a C99 compiler.
OK deraadt@ mvs@

12 months agoFix an error exit in X509v3_addr_validate_path()
tb [Sun, 29 Oct 2023 13:22:37 +0000 (13:22 +0000)]
Fix an error exit in X509v3_addr_validate_path()

If the topmost cert is invalid, this should result in a validation failure.
Do the same dance as elsewhere permitting the verify callback to intercept
the error but ensuring that we throw an error.

ok jsing

12 months agoUnmention/don't explain SSL, drop 9y old "ssl" keyword/deprecation warning
kn [Sun, 29 Oct 2023 11:27:11 +0000 (11:27 +0000)]
Unmention/don't explain SSL, drop 9y old "ssl" keyword/deprecation warning

Switch "ssl" to "tls" in relayd.conf(5) if you haven't done so in the last
ten years, "ssl" is now an error.

Say "TLS" not "SSL/TLS" and drop the primer in the TLS RELAYS section.

OK benno

12 months agoAdd a few tests to make sure that getnext requests on/under a registered
martijn [Sun, 29 Oct 2023 11:26:12 +0000 (11:26 +0000)]
Add a few tests to make sure that getnext requests on/under a registered
instance with a registered region above cause a recursion in the tree.

12 months agoWhen doing a get{next,bulk} below an instance we must move the OID to
martijn [Sun, 29 Oct 2023 11:20:06 +0000 (11:20 +0000)]
When doing a get{next,bulk} below an instance we must move the OID to
the next sibling. Not simply copying over the value of the next to use
region, since that might be the parent and we would walk backwards in
the tree.

OK tb@

12 months agoAdd a regress test to make sure that agentx responses equal to
martijn [Sun, 29 Oct 2023 11:15:09 +0000 (11:15 +0000)]
Add a regress test to make sure that agentx responses equal to
searchrange.end are rejected.

12 months agosearchrange.end is non-inclusive. Adjust the tests for that.
martijn [Sun, 29 Oct 2023 11:12:57 +0000 (11:12 +0000)]
searchrange.end is non-inclusive. Adjust the tests for that.

OK tb@

12 months agoAdd a test to the end of agentx_varbind_finalize(), after completing the
martijn [Sun, 29 Oct 2023 11:10:07 +0000 (11:10 +0000)]
Add a test to the end of agentx_varbind_finalize(), after completing the
full OID, that checks if we're >= searchrange.end. If so, just make it
an endOfMIBView.

OK tb@

12 months agoOnly try to chown logfiles that exist to prevent spurious errors.
dtucker [Sun, 29 Oct 2023 06:22:07 +0000 (06:22 +0000)]
Only try to chown logfiles that exist to prevent spurious errors.

12 months agosubstr: fix buffer overflow with utf-8 strings
millert [Sat, 28 Oct 2023 22:38:22 +0000 (22:38 +0000)]
substr: fix buffer overflow with utf-8 strings

We need to use u8_strlen(), not strlen(), to compute the length.
Otherwise, there may be an out of bounds write when writing the NUL
terminator to set the length of the substring.
https://github.com/onetrueawk/awk/pull/205

12 months agoBack out change to make the default -std=gnu99 for now.
millert [Sat, 28 Oct 2023 00:25:18 +0000 (00:25 +0000)]
Back out change to make the default -std=gnu99 for now.

There has been some unexpected fallout.  Requested by deraadt@.

12 months agoForward TCP LRO disabling to parent devices.
jan [Fri, 27 Oct 2023 20:56:47 +0000 (20:56 +0000)]
Forward TCP LRO disabling to parent devices.

Also disable TCP LRO on bridged vlan(4) and default for bpe(4), nvgre(4) and
vxlan(4).

ok bluhm@

12 months agoMake out-of-swap checks more robust.
mpi [Fri, 27 Oct 2023 19:18:53 +0000 (19:18 +0000)]
Make out-of-swap checks more robust.

Consider that the swap space is full when 99% of it is filled with pages that
are no longer present in memory.  This prevents deadlocks when out-of-swap if
some swap ranges had I/O errors and have been marked as 'bad', or if some
pages are unreachable by the pagedaemon and still holding some slots.

Also introduce uvm_swapisfilled() to check if there are some free slots in
the swap.  Note that we consider the swap space completly filled if it is not
possible to write a full cluster.  This prevents deadlocks if a few slots are
never allocated.

ok miod@

12 months agoDo not decrement the swap counter if the anon is associated to a "bad" slot.
mpi [Fri, 27 Oct 2023 19:13:51 +0000 (19:13 +0000)]
Do not decrement the swap counter if the anon is associated to a "bad" slot.

When such anon is freed its content is obviously not living in swap.

ok miod@

12 months agoSimplify the handling of optparamlen and RFC9072 support.
claudio [Fri, 27 Oct 2023 14:22:43 +0000 (14:22 +0000)]
Simplify the handling of optparamlen and RFC9072 support.

Use the ibuf_size() of the optional params (opb) when writing the various
headers. Only use optparamlen to write the Opt Parm Len field of the OPEN
message. Since there the size could be forced to 255 in case of a RFC9072
exended header. Also use size_t for optparamlen since the new ibuf API
no longer depends on using the right sized type.
OK tb@

12 months agoIf an invalid varbindlist was returned by a backend we would call
martijn [Fri, 27 Oct 2023 10:32:11 +0000 (10:32 +0000)]
If an invalid varbindlist was returned by a backend we would call
appl_request_upstream_resolve() twice where the first call would already
return a reply and free the upstream request, leading to a use after
free.
Make appl_request_downstream_free() call appl_request_upstream_resolve()
unconditionally and remove the call from appl_response().

OK tb@

12 months agoAdd a test that would cause a use after free previously by sending a
martijn [Fri, 27 Oct 2023 10:26:20 +0000 (10:26 +0000)]
Add a test that would cause a use after free previously by sending a
protocol error-ed message and immediately followed up by a connection
close.

OK tb@

12 months agoUse event_add(), instead of calling appl_agentx_send() directly. If an
martijn [Fri, 27 Oct 2023 10:23:58 +0000 (10:23 +0000)]
Use event_add(), instead of calling appl_agentx_send() directly. If an
error occurs the connection will be freed and if the caller uses the
connection afterwards it will lead to a use after free.

OK tb@

12 months agoThe holdtime is added to the ibuf with ibuf_add_n16() so no need to
claudio [Fri, 27 Oct 2023 09:40:27 +0000 (09:40 +0000)]
The holdtime is added to the ibuf with ibuf_add_n16() so no need to
htons() the value before.
OK tb@

12 months agoInclude wait(2) status in error message, in the hopes of providing clues
anton [Fri, 27 Oct 2023 07:33:06 +0000 (07:33 +0000)]
Include wait(2) status in error message, in the hopes of providing clues
on why this occasionally fails.

12 months agosync
naddy [Thu, 26 Oct 2023 21:30:52 +0000 (21:30 +0000)]
sync

12 months agodo not create /usr/local/share/nls and subdirectories by default
naddy [Thu, 26 Oct 2023 19:28:30 +0000 (19:28 +0000)]
do not create /usr/local/share/nls and subdirectories by default

The share/nls/<locale> paths are unused.

ok miod@ deraadt@

12 months agomake use of bsd.regress.mk in extra and interop targets; ok dtucker@
anton [Thu, 26 Oct 2023 18:52:45 +0000 (18:52 +0000)]
make use of bsd.regress.mk in extra and interop targets; ok dtucker@

12 months agoFix a typo spotted by miod@.
millert [Thu, 26 Oct 2023 18:46:42 +0000 (18:46 +0000)]
Fix a typo spotted by miod@.

12 months agoA few micro-optimizations; ok asou@
otto [Thu, 26 Oct 2023 17:59:16 +0000 (17:59 +0000)]
A few micro-optimizations; ok asou@

12 months agoMake gnu99 the default for gcc 3.3.6 and 4.2.1, not gnu89.
millert [Thu, 26 Oct 2023 17:33:35 +0000 (17:33 +0000)]
Make gnu99 the default for gcc 3.3.6 and 4.2.1, not gnu89.
While these versions of gcc don't have full C99 support, it is
better than defaulting to C89 when building modern software.
OK deraadt@

12 months agothe dependency should have been moved down
deraadt [Thu, 26 Oct 2023 17:13:50 +0000 (17:13 +0000)]
the dependency should have been moved down

12 months agowhitespace cleanup my fingers couldn't avoid doing while i was re-reading
deraadt [Thu, 26 Oct 2023 16:26:01 +0000 (16:26 +0000)]
whitespace cleanup my fingers couldn't avoid doing while i was re-reading
the parsing code

12 months agodelete incorrect dependency
deraadt [Thu, 26 Oct 2023 14:34:15 +0000 (14:34 +0000)]
delete incorrect dependency

12 months agoinstall CDs now available. (these are EFI-only)
deraadt [Thu, 26 Oct 2023 14:29:13 +0000 (14:29 +0000)]
install CDs now available.  (these are EFI-only)

12 months agoconstruct EFI bootable cdXX.iso and instalXX.iso files
deraadt [Thu, 26 Oct 2023 14:27:01 +0000 (14:27 +0000)]
construct EFI bootable cdXX.iso and instalXX.iso files

12 months agoadd cd9660
jsg [Thu, 26 Oct 2023 14:13:37 +0000 (14:13 +0000)]
add cd9660

12 months agomake efi_getdisklabel_cd9660() handle a block size of 512 and simplify
jsg [Thu, 26 Oct 2023 14:08:48 +0000 (14:08 +0000)]
make efi_getdisklabel_cd9660() handle a block size of 512 and simplify
ok yasuoka@

12 months agoSkip conch interop tests when not enabled instead of fatal.
dtucker [Thu, 26 Oct 2023 12:44:07 +0000 (12:44 +0000)]
Skip conch interop tests when not enabled instead of fatal.

12 months agoTidy includes
tb [Thu, 26 Oct 2023 09:08:57 +0000 (09:08 +0000)]
Tidy includes

12 months agoHide X509_ALGOR_set_md() for LIBRESSL_INTERNAL
tb [Thu, 26 Oct 2023 08:01:56 +0000 (08:01 +0000)]
Hide X509_ALGOR_set_md() for LIBRESSL_INTERNAL

12 months agoProvide prototype for X509_ALGOR_set_md()
tb [Thu, 26 Oct 2023 08:01:38 +0000 (08:01 +0000)]
Provide prototype for X509_ALGOR_set_md()

Once we remove X509_ALGOR_set_md() we can link this test statically and use
X509_ALGOR_set_evp_md() but for now make sure the documented workaround for
this garbage API works.

12 months agoRework the MD setting in the RSA ASN.1 method
tb [Thu, 26 Oct 2023 07:57:54 +0000 (07:57 +0000)]
Rework the MD setting in the RSA ASN.1 method

This streamlines the code to use safer idioms, do proper error checking
and be slightly less convoluted. Sprinkle a few references to RFC 8017
and explain better what we are doing and why. Clarify ownership and use
more consistent style.

This removes the last internal use of X509_ALGOR_set_md().

ok jsing

12 months agoFix unveil(2) in patch(1) with explicit patchfile.
bluhm [Wed, 25 Oct 2023 20:05:43 +0000 (20:05 +0000)]
Fix unveil(2) in patch(1) with explicit patchfile.

A backup file should be created in the directory of the original
file, but only the current directory was unveiled.  Then the patched
file was created in /tmp and did not replace the original patchfile
in place.  If a patchfile is passed in argv[0], unveil its directory
instead of current directory.

OK florian@ deraadt@ millert@

12 months agotypo; from katagawa gmail
deraadt [Wed, 25 Oct 2023 15:51:45 +0000 (15:51 +0000)]
typo; from katagawa gmail

12 months agovmd(8): stop toggling irq deassert for edge triggered devs.
dv [Wed, 25 Oct 2023 12:44:28 +0000 (12:44 +0000)]
vmd(8): stop toggling irq deassert for edge triggered devs.

For edge-triggered devices, there's no need to deassert an irq given
how vmd(8) emulates a pic.  Deassertion grabs a lock and can trigger
the ioctl for toggling pending interrupts causing a race condition.
This results in a storm of vm-exits and guest vcpu becoming
unresponsive.

The original sign of this issue is guest "pauses" when pasting text
into a serial console connection in something like xterm(1).

Tested by mbuhl@, cheloha@, sashan@, kn@, and mlarkin@.

"go for it", mlarkin@