openbsd
14 months agoReduce unpractical package URL to usual package name; OK deraadt
kn [Thu, 19 Oct 2023 02:43:58 +0000 (02:43 +0000)]
Reduce unpractical package URL to usual package name; OK deraadt

This section about ports/packages really wants a revamp, though...

14 months agoSupport encrypting the root disk with a key disk
kn [Thu, 19 Oct 2023 02:39:06 +0000 (02:39 +0000)]
Support encrypting the root disk with a key disk

Extend the yes/no question to no/passphrase/keydisk and have users pick an
existing, preformated RAID partition;  no support (yet) for creating one.

OK tb afresh1

14 months agoAvoid forcible mounting a dirty filessystem. Mount such filesystems
kettenis [Wed, 18 Oct 2023 22:44:42 +0000 (22:44 +0000)]
Avoid forcible mounting a dirty filessystem.  Mount such filesystems
read-only instead.  This means that writing to the filesystem will fail.
As a consequence chmod'ing of files in the bootloader will fail, but that
will fix itself on the next clean boot.

ok kn@

14 months agoMake libssl interop server/client tests less flaky by ensuring the
anton [Wed, 18 Oct 2023 19:14:32 +0000 (19:14 +0000)]
Make libssl interop server/client tests less flaky by ensuring the
server has terminated before examining the outcome.

14 months agoadjust sgr0 escape sequence after ncurses update; ok nicm@
anton [Wed, 18 Oct 2023 18:01:10 +0000 (18:01 +0000)]
adjust sgr0 escape sequence after ncurses update; ok nicm@

14 months agoRemove EVP_add_alg_module() prototype
tb [Wed, 18 Oct 2023 17:26:06 +0000 (17:26 +0000)]
Remove EVP_add_alg_module() prototype

This function was the unfortunate protagonist in a series of tragic merge
errors resulting in only a short stint of a year and nine months between
OpenSSL 0.9.8j and 1.0.0a actually present in OpenBSD. Then it said good
bye for good, but somehow a prototype came back with 1.0.1g, a famous
version released when there were slightly more pressing things to be
taken care of than a function supporting a config knob whose only purpose
was to turn off fips mode or to error.

from schwarze

PS: The mechanism that it was supposed to provide is still documented in
openssl.cnf(5). I am going remove the relevant bit at some point, but not
today.

14 months agoSupport the GNU-specific syntax ".IP \\[bu]" for bullet lists in man(7)
schwarze [Wed, 18 Oct 2023 16:11:29 +0000 (16:11 +0000)]
Support the GNU-specific syntax ".IP \\[bu]" for bullet lists in man(7)
pages that Alejandro Colomar recommends in the "Lists" subsection of
https://man7.org/linux/man-pages/man7/man-pages.7.html#STYLE_GUIDE .

For example, this will improve HTML formatting of the first list in
the subsection "Feature test macros understood by glibc" on the page
https://manpages.debian.org/bookworm/manpages/ftm.7.en.html .

Issue reported by Alejandro Colomar <alx at kernel dot org>.

14 months agoBetter document the purpose and features of the file mandoc.css
schwarze [Wed, 18 Oct 2023 14:47:22 +0000 (14:47 +0000)]
Better document the purpose and features of the file mandoc.css
and the purpose and limitations of the embedded stylesheet.

Triggered by a conversation with Alejandro Colomar <alx at kernel dot org>.

14 months agoAvoid segments greater than maxsegsz during map merging
jan [Wed, 18 Oct 2023 14:24:29 +0000 (14:24 +0000)]
Avoid segments greater than maxsegsz during map merging

Found with hints from kettenis@

Tested on Sun-Fire-V215.
Also tested on U2 and UltraBook IIe by miod@

ok miod@

14 months agoonly strip actual file/line part from the eval error
espie [Wed, 18 Oct 2023 08:50:13 +0000 (08:50 +0000)]
only strip actual file/line part from the eval error

14 months agodocument semi-internal parts used by dpb(1)
espie [Wed, 18 Oct 2023 08:03:19 +0000 (08:03 +0000)]
document semi-internal parts used by dpb(1)

14 months agowith pfsync rewrite, pfsync interfaces need an "up" after configuration, not before.
benno [Wed, 18 Oct 2023 07:56:45 +0000 (07:56 +0000)]
with pfsync rewrite, pfsync interfaces need an "up" after configuration, not before.
Noted by Marko Cupac, thanks.

14 months agoUse X509_ALGOR_set_evp_md() in CMS_add1_signer()
tb [Wed, 18 Oct 2023 07:30:49 +0000 (07:30 +0000)]
Use X509_ALGOR_set_evp_md() in CMS_add1_signer()

Contrary to X509_ALGOR_set_md() this allows for error checking. Avoid
local complications by freeing in the exit path and use a const version
of X509_ALGOR for walking a STACK_OF() to avoid a bad free.

Clean up includes

ok jsing

14 months agocms_DigestedData_create() use X509_ALGOR_set_evp_md()
tb [Wed, 18 Oct 2023 07:24:15 +0000 (07:24 +0000)]
cms_DigestedData_create() use X509_ALGOR_set_evp_md()

Our internal version allows for error checking and this avoids a silent
failure leading to corruption later on.

Clean up includes while there.

ok jsing

14 months agoSync the supported hardware list with arm64.html.
fcambus [Wed, 18 Oct 2023 07:23:58 +0000 (07:23 +0000)]
Sync the supported hardware list with arm64.html.

14 months agorpki-client: move inherit in {ip,as}_warn()
tb [Wed, 18 Oct 2023 07:10:24 +0000 (07:10 +0000)]
rpki-client: move inherit in {ip,as}_warn()

While alphabetic order makes sense, having inherit between individual
AS and IP entries and ranges makes little sense. Use the order that we
have elsewhere.

ok claudio job

14 months agorpki-client: rework ip_addr_check_overlap()
tb [Wed, 18 Oct 2023 07:08:19 +0000 (07:08 +0000)]
rpki-client: rework ip_addr_check_overlap()

Avoid conditional early returns and significantly simplify the printing
of ip addresses/ranges by using the new ip_warn(). This also eliminates
an extremely weird usage of the comma operator and reduces noise levels
quite a bit.

ok claudio job

14 months agorpki-client: rework as_check_overlap()
tb [Wed, 18 Oct 2023 07:04:24 +0000 (07:04 +0000)]
rpki-client: rework as_check_overlap()

Avoid early returns and use a single copy of the warning by reworking
the control flow through two nested switches.

ok claudio job

14 months agoMention U-Boot file and offset for Rockchip RK356x.
kevlo [Wed, 18 Oct 2023 06:45:45 +0000 (06:45 +0000)]
Mention U-Boot file and offset for Rockchip RK356x.

"Sure." miod@

14 months agorfc3779: no need for err.h, but we do need asn1.h
tb [Wed, 18 Oct 2023 06:30:40 +0000 (06:30 +0000)]
rfc3779: no need for err.h, but we do need asn1.h

14 months agodrm/amd: Fix logic error in sienna_cichlid_update_pcie_parameters()
jsg [Wed, 18 Oct 2023 01:52:20 +0000 (01:52 +0000)]
drm/amd: Fix logic error in sienna_cichlid_update_pcie_parameters()

From Mario Limonciello
d2894c4f473ab71cd68ef0f9b086148bb2c02132 in linux-6.1.y/6.1.57
2a1fe39a5be785e962e387146aed34fa9a829f3f in mainline linux

14 months agodrm/amd: Fix detection of _PR3 on the PCIe root port
jsg [Wed, 18 Oct 2023 01:49:45 +0000 (01:49 +0000)]
drm/amd: Fix detection of _PR3 on the PCIe root port

From Mario Limonciello
c8bd3e12b3291e632ae189619169914743ba77d1 in linux-6.1.y/6.1.57
134b8c5d8674e7cde380f82e9aedfd46dcdd16f7 in mainline linux

14 months agoIncrease max depth for termcaps
afresh1 [Wed, 18 Oct 2023 01:49:26 +0000 (01:49 +0000)]
Increase max depth for termcaps

With the update to ncurses 6.4-20230826 /etc/termcap now needs at
least a 36 deep search.  Instead, we'll just bump to 64.  It seems
32 has been enough since perl 5.001 in 1995, so hopefully this buys
us at least another 28 years.

"please commit that" deraadt@

14 months agodrm/amd/display: Adjust the MST resume flow
jsg [Wed, 18 Oct 2023 01:47:42 +0000 (01:47 +0000)]
drm/amd/display: Adjust the MST resume flow

From Wayne Lin
71472872932b11ca2591104eb73255fecaae9d33 in linux-6.1.y/6.1.57
ec5fa9fcdeca69edf7dab5ca3b2e0ceb1c08fe9a in mainline linux

14 months agogrow arm64 iso media space
deraadt [Wed, 18 Oct 2023 01:45:42 +0000 (01:45 +0000)]
grow arm64 iso media space

14 months agoNeither sin_len nor sin6_len can be 0 so these checks are not needed.
claudio [Tue, 17 Oct 2023 17:59:59 +0000 (17:59 +0000)]
Neither sin_len nor sin6_len can be 0 so these checks are not needed.

Also reorder the RTF_HOST vs netmask check. RTF_HOST wins if both are set.
Makes the code a bit neater.
OK tb@

14 months agoRemove bogus plen != 0xff check
claudio [Tue, 17 Oct 2023 17:58:15 +0000 (17:58 +0000)]
Remove bogus plen != 0xff check
OK tb@

14 months agosync, from sthen
nicm [Tue, 17 Oct 2023 10:13:53 +0000 (10:13 +0000)]
sync, from sthen

14 months agoUpdate termtypes to 6.4-20230424 with local changes.
nicm [Tue, 17 Oct 2023 10:05:46 +0000 (10:05 +0000)]
Update termtypes to 6.4-20230424 with local changes.

14 months agoSwitch to tiparm_s (added in ncurses 6.4-20230424) instead of tparm,
nicm [Tue, 17 Oct 2023 09:55:32 +0000 (09:55 +0000)]
Switch to tiparm_s (added in ncurses 6.4-20230424) instead of tparm,
which allows ncurses to validate the capabilities correctly.

14 months agoUpdate ncurses and associated libraries (form, panel, menu) to
nicm [Tue, 17 Oct 2023 09:52:08 +0000 (09:52 +0000)]
Update ncurses and associated libraries (form, panel, menu) to
6.4-20230826 (from 5.7-20081102).

Based on result from Thomas Dickey's ncu2openbsd script and then
modified. Switches to the upstream tput. Major bump for the ncurses
libraries and for libedit and libreadline.

Help from tb, millert.

ok deraadt sthen

14 months agoclockintr: move callback-specific API behaviors to "clockrequest" namespace
cheloha [Tue, 17 Oct 2023 00:04:02 +0000 (00:04 +0000)]
clockintr: move callback-specific API behaviors to "clockrequest" namespace

The API's behavior when invoked from a callback function is impossible
to document.  Move the special behavior into a distinct namespace,
"clockrequest".

- Add a 'struct clockrequest'.  Basically a stripped-down 'struct clockintr'
  for exclusive use during clockintr_dispatch().
- In clockintr_queue, replace the "cq_shadow" clockintr with a "cq_request"
  clockrequest.  They serve the same purpose.
- CLST_SHADOW_PENDING -> CR_RESCHEDULE; different namespace, same meaning.
- CLST_IGNORE_SHADOW -> CLST_IGNORE_REQUEST; same meaning.
- Move shadow branch in clockintr_advance() to clockrequest_advance().
- clockintr_request_random() becomes clockrequest_advance_random().
- Delete dead shadow branches in clockintr_cancel(), clockintr_schedule().
- Callback functions now get a clockrequest pointer instead of a special
  clockintr pointer: update all prototypes, callers.

No functional change intended.

14 months agoAdjust lladdr test to use templates in rdomain1 (e.g. fe80::%pair11/64)
claudio [Mon, 16 Oct 2023 12:49:15 +0000 (12:49 +0000)]
Adjust lladdr test to use templates in rdomain1 (e.g. fe80::%pair11/64)

The code allready supports matching of templates with a scope id and
fe80::%pair11/64 and fe80::%gif11/64 are different to session_match_mask().

14 months agoConsider required constraint when moving pages from active to inactive lists.
mpi [Mon, 16 Oct 2023 11:32:54 +0000 (11:32 +0000)]
Consider required constraint when moving pages from active to inactive lists.

Make sure low pages are deactivated first when there is a shortage of inactive
pages.  Without this the system can have a ton of high pages on the active list
and never swapout anything if there's a shortage of low pages.

This prevents a deadlock on amd64 reported and tested by bluhm@.

ok kettenis@

14 months agoAdd regress test to verify that IPv6 link-local addresses work
claudio [Mon, 16 Oct 2023 10:26:51 +0000 (10:26 +0000)]
Add regress test to verify that IPv6 link-local addresses work

14 months agoImprove IPv6 link-local address handling
claudio [Mon, 16 Oct 2023 10:25:45 +0000 (10:25 +0000)]
Improve IPv6 link-local address handling

When a session is established determine the possible interface scope of that
session. The scope is only set when the remote address is directly connected.
This interface scope is passed to the RDE that uses this information when
link-local nexthops are received. Again checking that a link-local nexthop
is actually acceptable.

OK tb@

14 months agoMove declaration of "len" into the block where it's used. This lets
dtucker [Mon, 16 Oct 2023 08:40:00 +0000 (08:40 +0000)]
Move declaration of "len" into the block where it's used.  This lets
us compile Portable with -Werror with when OpenSSL doesn't have Ed25519
support.

14 months agoreinstate space-to-tabstop entry in the manpage
op [Mon, 16 Oct 2023 08:33:16 +0000 (08:33 +0000)]
reinstate space-to-tabstop entry in the manpage

removed in rev 1.95 since was hidden behind NOTAB, and forgot to be
re-added when no-tab-mode was resurrected.

14 months agoSet fib-update no since the fib is not needed here.
claudio [Mon, 16 Oct 2023 06:14:20 +0000 (06:14 +0000)]
Set fib-update no since the fib is not needed here.

14 months agotime(1): miscellaneous style(9) tweaks
cheloha [Sun, 15 Oct 2023 18:20:25 +0000 (18:20 +0000)]
time(1): miscellaneous style(9) tweaks

Use a space after keywords, binary operators require spaces, second-level
indents are four spaces, remove some extraneous parentheses and empty lines,
fill empty loop bodies with a "continue" statement.

No binary change.

14 months agoaudio(9): deprecate start_{output,input}
chrisz [Sun, 15 Oct 2023 15:49:47 +0000 (15:49 +0000)]
audio(9): deprecate start_{output,input}

ok ratchov@, kn@

14 months agoPledge once with or without "proc exec", not twice
kn [Sun, 15 Oct 2023 09:49:57 +0000 (09:49 +0000)]
Pledge once with or without "proc exec", not twice

Spotted while comparing ktraces between 'tar -z' and 'gzcat | tar -f-'.

Only the former runs, e.g. gzip(1), but the latter also pledges theses promises
just to pledge again immediately afterwards without them.

Make the calls mutually exclusive so 'tar -f-' et al. skip the first pledge
and thus never have "proc exec" to begin wth.

"looks good to me" mbuhl
OK millert

14 months agoDocument the hw.battery sysctls.
kettenis [Sat, 14 Oct 2023 19:02:16 +0000 (19:02 +0000)]
Document the hw.battery sysctls.

ok benno@, jmc@, schwarze@

14 months agoVerify but don't overwrite SHA256.sig in fw_update(8)
afresh1 [Sat, 14 Oct 2023 18:10:47 +0000 (18:10 +0000)]
Verify but don't overwrite SHA256.sig in fw_update(8)

Signify is happy to overwite the file with the signature stripped off.
However, if we do that, when downloading firmware we lose the ability
to check the signature before verifying checksums on the downloaded files.

Noticed by Thomas <exnihilo () fastmail ! org>
Right deraadt@

14 months agoSuppress harmless EPIPE errors during test shutdown.
anton [Sat, 14 Oct 2023 13:05:43 +0000 (13:05 +0000)]
Suppress harmless EPIPE errors during test shutdown.

14 months agoRewrite log_peer_info() and log_peer_warn[x]()
claudio [Sat, 14 Oct 2023 09:46:14 +0000 (09:46 +0000)]
Rewrite log_peer_info() and log_peer_warn[x]()

Passing the peer description as part of the format string was a bad idea
since the peer description may include some % signs (e.g. for link local
IPv6 addresses). So instead of asprintf a new fmt string use vasprintf
to get the message and then use logit("%s: %s", peer_info, msg).
OK tb@

14 months agoalign the intel wifi entries with the other pci wifi entries; ok stsp
jmc [Sat, 14 Oct 2023 06:29:11 +0000 (06:29 +0000)]
align the intel wifi entries with the other pci wifi entries; ok stsp

14 months agosync
deraadt [Sat, 14 Oct 2023 05:07:05 +0000 (05:07 +0000)]
sync

14 months agoUpdate lang/ruby module documentation for the removal of Ruby 3.0
jeremy [Fri, 13 Oct 2023 23:16:58 +0000 (23:16 +0000)]
Update lang/ruby module documentation for the removal of Ruby 3.0

14 months agoUse a unique mount point rooted in /mnt in order to not conflict with other
anton [Fri, 13 Oct 2023 19:30:18 +0000 (19:30 +0000)]
Use a unique mount point rooted in /mnt in order to not conflict with other
tests.

14 months agoUse the idiom in cleanup target like many others
anton [Fri, 13 Oct 2023 19:28:59 +0000 (19:28 +0000)]
Use the  idiom in cleanup target like many others
in regress already does.

14 months agoAdd Allwinner D1 support.
kettenis [Fri, 13 Oct 2023 15:41:25 +0000 (15:41 +0000)]
Add Allwinner D1 support.

ok mbuhl@, patrick@, dlg@

14 months agoenable dwqe(4) in RAMDISK_CD
stsp [Fri, 13 Oct 2023 13:52:08 +0000 (13:52 +0000)]
enable dwqe(4) in RAMDISK_CD
reminded by jsg@, snapshot test build done by me

14 months agoRemove bold8x16-iso1 font.
fcambus [Fri, 13 Oct 2023 13:28:02 +0000 (13:28 +0000)]
Remove bold8x16-iso1 font.

This font has been unlinked from the build in January 2019 when it was
replaced by Spleen 8x16.

OK mpi@

14 months agoAdjust regress to cope with constraints
tb [Fri, 13 Oct 2023 12:12:05 +0000 (12:12 +0000)]
Adjust regress to cope with constraints

14 months agoAllow imposing constraints on RPKI trust anchors
job [Fri, 13 Oct 2023 12:06:49 +0000 (12:06 +0000)]
Allow imposing constraints on RPKI trust anchors

The ability to constrain a RPKI Trust Anchor's effective signing
authority to a limited set of Internet Number Resources allows
Relying Parties to enjoy the potential benefits of assuming trust,
within a bounded scope.

Some examples: ARIN does not support inter-RIR IPv6 transfers, so
it wouldn't make any sense to see a ROA subordinate to ARIN's trust
anchor covering RIPE-managed IPv6 space. Conversely, it wouldn't
make sense to observe a ROA covering ARIN-managed IPv6 space under
APNIC's, LACNIC's, or RIPE's trust anchor - even if a derived trust
arc (a cryptographically valid certificate path) existed. Along these
same lines, AFRINIC doesn't support inter-RIR transfers of any kind,
and none of the RIRs have authority over private resources like
10.0.0.0/8 and 2001:db8::/32.

For more background see:
https://datatracker.ietf.org/doc/draft-snijders-constraining-rpki-trust-anchors/
https://mailman.nanog.org/pipermail/nanog/2023-September/223354.html

With and OK tb@, OK claudio@

14 months agoForce the router-id on all bgpd instances to make the expected output
claudio [Fri, 13 Oct 2023 07:55:57 +0000 (07:55 +0000)]
Force the router-id on all bgpd instances to make the expected output
predictable.

14 months agoAdd missing Ns in argument list of announce (IPv4|IPv6) ...
claudio [Fri, 13 Oct 2023 07:37:35 +0000 (07:37 +0000)]
Add missing Ns in argument list of announce (IPv4|IPv6) ...

14 months agoTweak previous by using the argument name, not its type
tb [Fri, 13 Oct 2023 05:49:34 +0000 (05:49 +0000)]
Tweak previous by using the argument name, not its type

14 months agoImprove the description of X509_ALGOR_dup(3)
tb [Fri, 13 Oct 2023 05:47:35 +0000 (05:47 +0000)]
Improve the description of X509_ALGOR_dup(3)

The old description was vague, but strictly speaking a lie, so make it
more precise and turn the lie into a truth.

14 months agoRemove ancient version of zlib bundled with GNU cvs.
bluhm [Fri, 13 Oct 2023 00:00:51 +0000 (00:00 +0000)]
Remove ancient version of zlib bundled with GNU cvs.

Avoid false positive in security scan.  Removal of embedded zlib
ensures that cvs is linked dynamically with /usr/lib/libz.so.  We
do not want any zlib 1.1.3 from 2001 in our source tree.

no binary diff; OK millert@ deraadt@

14 months agoTest retry after DNS lookup failure.
bluhm [Thu, 12 Oct 2023 22:41:29 +0000 (22:41 +0000)]
Test retry after DNS lookup failure.

14 months agoRetry DNS lookup for remote loghost.
bluhm [Thu, 12 Oct 2023 22:36:54 +0000 (22:36 +0000)]
Retry DNS lookup for remote loghost.

If DNS lookup for a remote loghost configured in syslog.conf did
not work at startup, the entry was ignored.  Better retry the lookup
in intervals until it succeeds.  Improve debug output to print IP
address after resolution.  Unify retry code that resolves DNS for
UDP and connects to TCP server.

testing and feedback from Paul de Weerd; OK deraadt@

14 months agopflog(4) logs packet dropped by default rule with block.
bluhm [Thu, 12 Oct 2023 19:15:21 +0000 (19:15 +0000)]
pflog(4) logs packet dropped by default rule with block.

If a packet is malformed, it is dropped by pf(4).  The rule referenced
in pflog(4) is the default rule.  As the default rule is a pass
rule, tcpdump printed "pass" although the packet was actually
dropped.  To avoid confusion, change the action to drop.  Then
tcpdump prints "block".

OK sashan@ kn@

14 months agox509_algor: fix error message
tb [Thu, 12 Oct 2023 17:14:17 +0000 (17:14 +0000)]
x509_algor: fix error message

14 months agoLet vnconfig select an unused device as opposed of unconditionally
anton [Thu, 12 Oct 2023 16:59:23 +0000 (16:59 +0000)]
Let vnconfig select an unused device as opposed of unconditionally
assume vnd0 is available.

14 months agoStatic binaries which do not call execve() were not calling
deraadt [Thu, 12 Oct 2023 16:37:05 +0000 (16:37 +0000)]
Static binaries which do not call execve() were not calling
pinsyscall(SYS_execve, ...).  Upon review, this is a fairly small
set of programs which either pledge() aggressively or don't usually
operate in a risky operating environment.  We now point at a location
which is definately not a "syscall" instruction.
ok kettenis

14 months agotimeout: add TIMEOUT_MPSAFE flag
cheloha [Thu, 12 Oct 2023 15:32:38 +0000 (15:32 +0000)]
timeout: add TIMEOUT_MPSAFE flag

Add a TIMEOUT_MPSAFE flag to signal that a timeout is safe to run
without the kernel lock.  Currently, TIMEOUT_MPSAFE requires
TIMEOUT_PROC.  When the softclock() is unlocked in the future this
dependency will be removed.

On MULTIPROCESSOR kernels, softclock() now shunts TIMEOUT_MPSAFE
timeouts to a dedicated "timeout_proc_mp" bucket for processing by the
dedicated softclock_thread_mp() kthread.  Unlike softclock_thread(),
softclock_thread_mp() is not pinned to any CPU and runs run at IPL_NONE.

Prompted by bluhm@.  Lots of input from bluhm@.  Joint work with mvs@.

Prompt: https://marc.info/?l=openbsd-tech&m=169646019109736&w=2
Thread: https://marc.info/?l=openbsd-tech&m=169652212131109&w=2

ok mvs@

14 months agobt(5), btrace(8): add support for binary modulo operator ('%')
cheloha [Thu, 12 Oct 2023 15:16:44 +0000 (15:16 +0000)]
bt(5), btrace(8): add support for binary modulo operator ('%')

Link: https://marc.info/?l=openbsd-tech&m=169695435209410&w=2
ok mpi@

14 months agoBefore calling rde_generate_updates() with EVAL_ALL ensure that the new
claudio [Thu, 12 Oct 2023 14:22:08 +0000 (14:22 +0000)]
Before calling rde_generate_updates() with EVAL_ALL ensure that the new
path is actually eligible. If this is not the case pass NULL instead.
This is an optimisation to bypass extra work if both old and new path
were ineligible.
OK tb@

14 months agoIn up_generate_addpath_all() ensure that the new prefix is valid.
claudio [Thu, 12 Oct 2023 14:16:28 +0000 (14:16 +0000)]
In up_generate_addpath_all() ensure that the new prefix is valid.

This should fix a fatal error reported by Arend Brouwer (arend at eritap com)
when "announce add-path send all" is used.
As a workaround "announce add-path send best plus 500" can used.

OK tb@

14 months agofor a few sysctl nodes, mention standard or at least more widely
schwarze [Thu, 12 Oct 2023 12:56:26 +0000 (12:56 +0000)]
for a few sysctl nodes, mention standard or at least more widely
available libc API functions and utility programs that produce
equivalent output on OpenBSD;
OK deraadt@

14 months agoRemove default sets answer
kn [Thu, 12 Oct 2023 12:31:15 +0000 (12:31 +0000)]
Remove default sets answer

The autoinstall(8) response file contains only non-defaults, except for
        Set name(s)? (or 'abort' or 'done') [done] done
which is the hardcoded default since 2009.

Added in 2019 r1.23 "Let sysupgrade(8) create auto_upgrade.conf file [...]"
with all others, remove the exception.

OK florian

14 months agoAdd a fairly minimal ixp setup generated by arouteserver
claudio [Thu, 12 Oct 2023 09:18:56 +0000 (09:18 +0000)]
Add a fairly minimal ixp setup generated by arouteserver
This does a lot of community manipulation and also tests a few other
bits of code (prepends, roa, prefix-set).

14 months agox509_algor: add a few missing includes
tb [Thu, 12 Oct 2023 04:53:45 +0000 (04:53 +0000)]
x509_algor: add a few missing includes

14 months agotypos and extra debug trace calls
djm [Thu, 12 Oct 2023 03:51:08 +0000 (03:51 +0000)]
typos and extra debug trace calls

14 months agoensure logs are owned by correct user; feedback/ok dtucker@
djm [Thu, 12 Oct 2023 03:48:53 +0000 (03:48 +0000)]
ensure logs are owned by correct user; feedback/ok dtucker@

14 months ago64 %-expansion keys ought to be enough for anybody; ok dtucker
djm [Thu, 12 Oct 2023 03:36:32 +0000 (03:36 +0000)]
64 %-expansion keys ought to be enough for anybody; ok dtucker
(we just hit the previous limit in some cases)

14 months agodon't dereference NULL pointer when hashing jumphost
djm [Thu, 12 Oct 2023 02:48:43 +0000 (02:48 +0000)]
don't dereference NULL pointer when hashing jumphost

14 months agoadd %j token that expands to the configured ProxyJump hostname (or
djm [Thu, 12 Oct 2023 02:18:18 +0000 (02:18 +0000)]
add %j token that expands to the configured ProxyJump hostname (or
the empty string if this option is not being used).
bz3610, ok dtucker

14 months agorelease GSS OIDs only at end of authentication; bz2982, ok dtucker@
djm [Thu, 12 Oct 2023 02:15:53 +0000 (02:15 +0000)]
release GSS OIDs only at end of authentication; bz2982, ok dtucker@

14 months agomask SIGINT/TERM/QUIT/HUP before checking quit_pending and use ppoll()
djm [Thu, 12 Oct 2023 02:12:53 +0000 (02:12 +0000)]
mask SIGINT/TERM/QUIT/HUP before checking quit_pending and use ppoll()
to unmask them in the mainloop. Avoids race condition between signaling
ssh to exit and polling. bz3531; ok dtucker

14 months agosync usage() with ssh.1; spotted by kn@
djm [Wed, 11 Oct 2023 23:23:58 +0000 (23:23 +0000)]
sync usage() with ssh.1; spotted by kn@

14 months agossh -Q does not make sense with other command-line options, so give
djm [Wed, 11 Oct 2023 23:14:33 +0000 (23:14 +0000)]
ssh -Q does not make sense with other command-line options, so give
it its own line in the manpage

14 months agoadd ChannelTimeout support to the client, mirroring the same option
djm [Wed, 11 Oct 2023 22:42:26 +0000 (22:42 +0000)]
add ChannelTimeout support to the client, mirroring the same option
in the server. ok markus@

14 months agoadd support for reading ED25519 private keys in PEM PKCS8 format;
djm [Wed, 11 Oct 2023 22:41:05 +0000 (22:41 +0000)]
add support for reading ED25519 private keys in PEM PKCS8 format;
ok markus@ tb@

14 months agoPrevent deref-after-free when tdb_timeout() fires on invalid new tdb.
tobhe [Wed, 11 Oct 2023 22:13:16 +0000 (22:13 +0000)]
Prevent deref-after-free when tdb_timeout() fires on invalid new tdb.

When receiving a pfkeyv2 SADB_ADD message, a newly created tdb can
fail in tdb_init(), which causes the tdb to not get added to the
global tdb list and an immediate dereference.  If a lifetime timeout
triggers on this tdb, it will unconditionally try to remove it from
the list and in the process deref once more than allowed,
causing a one bit corruption in the already freed up slot in the
tdb pool.

We resolve this issue by moving timeout_add() after tdb_init()
just before puttdb().  This means tdbs failing initialization
get discarded immediately as they only hold a single reference.
Valid tdbs get their timeouts activated just before we add them
to the tdb list, meaning the timeout can safely assume they are
linked.

Feedback from mvs@ and millert@
ok mvs@ mbuhl@

14 months agoCheck if loopback interfaces used are skipped by pf as opposed of
anton [Wed, 11 Oct 2023 18:07:56 +0000 (18:07 +0000)]
Check if loopback interfaces used are skipped by pf as opposed of
bailing out if any loopback interface is skipped other than lo0.

14 months agoInfer rdomains from environment variables N1 and N2 like many others in
anton [Wed, 11 Oct 2023 18:07:15 +0000 (18:07 +0000)]
Infer rdomains from environment variables N1 and N2 like many others in
regress/sys/net already does. No functional change as the defaults
remains the same.

14 months agoRemove dead CRYPTOCHUNK usage
kn [Wed, 11 Oct 2023 17:53:52 +0000 (17:53 +0000)]
Remove dead CRYPTOCHUNK usage

install.sub r1.1245 "Ask for disk crypto after root disk question" got rid
of global CRYPTO* variables;  no functional change.

14 months agokernel: expand fixed clock interrupt periods to 64-bit values
cheloha [Wed, 11 Oct 2023 15:42:44 +0000 (15:42 +0000)]
kernel: expand fixed clock interrupt periods to 64-bit values

Technically, all the current fixed clock interrupt periods fit within
an unsigned 32-bit value.  But 32-bit multiplication is an accident
waiting to happen.  So, expand the fixed periods for hardclock,
statclock, profclock, and roundrobin to 64-bit values.

One exception: statclock_mask remains 32-bit because random(9) yields
32-bit values.  Update the initclocks() comment to make it clear that
this is not an accident.

14 months agoclockintr: move clockintr_schedule() into public API
cheloha [Wed, 11 Oct 2023 15:07:04 +0000 (15:07 +0000)]
clockintr: move clockintr_schedule() into public API

Prototype clockintr_schedule() in <sys/clockintr.h>.

14 months agoput "stub" within grasp of -DREGRESSION_TESTING.
espie [Wed, 11 Oct 2023 13:54:43 +0000 (13:54 +0000)]
put "stub" within grasp of -DREGRESSION_TESTING.
Extend it slightly: do not stub quirks, so that caching mechanisms work
as usual even when using stubs.

14 months agomissing state in locator call, surprised nobody else ran into that
espie [Wed, 11 Oct 2023 13:52:29 +0000 (13:52 +0000)]
missing state in locator call, surprised nobody else ran into that

14 months agoSome housekeeping in x_algor
tb [Wed, 11 Oct 2023 13:22:11 +0000 (13:22 +0000)]
Some housekeeping in x_algor

Fix includes and zap an empty line.

ok jsing

14 months agoRewrite X509_ALGOR_set0()
tb [Wed, 11 Oct 2023 13:20:18 +0000 (13:20 +0000)]
Rewrite X509_ALGOR_set0()

The current implementation is a complete mess. There are three cases:
1) ptype == V_ASN1_UNDEF: parameter must be freed and set to NULL.
2) ptype == 0: existing non-NULL parameters are left untouched, NULL
   parameters are replaced with ASN1_TYPE_new()'s wacky defaults.
3) otherwise allocate new parameters if needed and set them to ptype/pval.
In all three cases free the algorithm and set it to aobj.

The challenge now is to implement this using nine if statements and one
else clause... We can do better. This preserves existing behavior. There
would be cleaner implementations possible, but they would change behavior.

There are many callers in the ecosystem that do not error check
X509_ALGOR_set0() since OpenSSL failed to do so. So this was carefully
rewritten to leave alg in a consisten state so that unchecking callers
don't encounter corrupted algs.

ok jsing

14 months agox509_algor: Turn expected failure into actual failure now that the API is
tb [Wed, 11 Oct 2023 13:13:25 +0000 (13:13 +0000)]
x509_algor: Turn expected failure into actual failure now that the API is
fixed.

14 months agoEnsure that out_value is initialized even if out_type is NULL
tb [Wed, 11 Oct 2023 13:12:46 +0000 (13:12 +0000)]
Ensure that out_value is initialized even if out_type is NULL

This fixes the printf in the x509_algor regress.

ok jsing

14 months agoRewrite X509_ALGOR_get0()
tb [Wed, 11 Oct 2023 13:10:13 +0000 (13:10 +0000)]
Rewrite X509_ALGOR_get0()

Make the logic slightly less convoluted. Preserve the behavior that
*ppval remains unset if pptype == NULL for now. However, ensure that
*ppval is set to NULL if pptype is V_ASN1_UNDER.

ok jsing

14 months agoAdd internal version of X509_ALGOR_set_md()
tb [Wed, 11 Oct 2023 13:05:18 +0000 (13:05 +0000)]
Add internal version of X509_ALGOR_set_md()

X509_ALGOR_set_md() is a void function that cannot easily be error checked.
The caller has to jump through hoops to make sure this function doesn't
fail. Prepare replacing this internally with X509_ALGOR_set_evp_md(), which
allows error checking. There is one slight change of behavior: if the EVP_MD
object passed in does not have an OID known to the library, then this new
API fails.

It is unclear what the library should do with such an object and people
who use EVP_MD_meth_new() need to know what they are doing anyway and they
are better off teaching the lib about the OID if they're going to be
messing with certs.

Oh, and the prototype is in x509_local.h because the rest of this API is
in x509.h despite being implemented in asn1/.

ok jsing