openbsd
2 years agoadjust notes for linker set change
jsg [Mon, 19 Sep 2022 12:37:02 +0000 (12:37 +0000)]
adjust notes for linker set change
ok miod@ deraadt@

2 years agoRemove PKCS12_MAKE_{,SH}KEYBAG from Symbols.list
tb [Mon, 19 Sep 2022 12:25:52 +0000 (12:25 +0000)]
Remove PKCS12_MAKE_{,SH}KEYBAG from Symbols.list

These functions were renamed in the last bump

#define PKCS12_MAKE_KEYBAG      PKCS12_SAFEBAG_create0_p8inf                                        #define PKCS12_MAKE_SHKEYBAG    PKCS12_SAFEBAG_create_pkcs8_encrypt

They don't appear in the compiled library itself, so no further bump
required.

Fixes libressl-portable/portable#791

Found the hard way by vollkommenheit
ok deraadt jsing

2 years agouse users-groups-by-id@openssh.com sftp-server extension (when
djm [Mon, 19 Sep 2022 10:46:00 +0000 (10:46 +0000)]
use users-groups-by-id@openssh.com sftp-server extension (when
available) to fill in user/group names for directory listings.
Implement a client-side cache of see uid/gid=>user/group names.
ok markus@

2 years agosftp client library support for users-groups-by-id@openssh.com;
djm [Mon, 19 Sep 2022 10:43:12 +0000 (10:43 +0000)]
sftp client library support for users-groups-by-id@openssh.com;
ok markus@

2 years agoextend sftp-common.c:extend ls_file() to support supplied user/group
djm [Mon, 19 Sep 2022 10:41:58 +0000 (10:41 +0000)]
extend sftp-common.c:extend ls_file() to support supplied user/group
names; ok markus@

2 years agosftp-server(8): add a "users-groups-by-id@openssh.com" extension
djm [Mon, 19 Sep 2022 10:40:52 +0000 (10:40 +0000)]
sftp-server(8): add a "users-groups-by-id@openssh.com" extension
request that allows the client to obtain user/group names that
correspond to a set of uids/gids.

Will be used to make directory listings more useful and consistent
in sftp(1).

ok markus@

2 years agobetter debugging for connect_next()
djm [Mon, 19 Sep 2022 08:49:50 +0000 (08:49 +0000)]
better debugging for connect_next()

2 years agoupdate set sizes
jsg [Mon, 19 Sep 2022 04:29:55 +0000 (04:29 +0000)]
update set sizes

2 years agoDefine PMU_ADB_CMD and PMU_INT_ACK
gkoehler [Sun, 18 Sep 2022 21:36:41 +0000 (21:36 +0000)]
Define PMU_ADB_CMD and PMU_INT_ACK

Taking these definitions from NetBSD's pm_direct.h; most PMU_*
commands have the same names in the BSDs and Linux.

ok miod@ kettenis@

2 years agoFix a memory leak which was introduced by the previous commit.
mglocker [Sun, 18 Sep 2022 21:12:19 +0000 (21:12 +0000)]
Fix a memory leak which was introduced by the previous commit.

The issue was reported by Stephan Somogyi - Thanks!

2 years agotimecounting: tc_reset_quality: print notice if active counter changes
cheloha [Sun, 18 Sep 2022 20:47:09 +0000 (20:47 +0000)]
timecounting: tc_reset_quality: print notice if active counter changes

Give the user a hint as to what happened if they boot up and the TSC
is not the active counter.

"sure" deraadt@

2 years agotsc: make tsc_report_test_results() less noisy without TSC_DEBUG
cheloha [Sun, 18 Sep 2022 20:38:50 +0000 (20:38 +0000)]
tsc: make tsc_report_test_results() less noisy without TSC_DEBUG

By default, just say "tsc: cpu0/cpuN: sync test failed".  If you want
more information you need to recompile with TSC_DEBUG set.

While here, disable TSC_DEBUG.

"sure" deraadt@

2 years agoRevert previous it prevents the PinebookPro and the Rockpro64 to reach userland.
mpi [Sun, 18 Sep 2022 14:41:54 +0000 (14:41 +0000)]
Revert previous it prevents the PinebookPro and the Rockpro64 to reach userland.

Found by kn@ and myself, ok deraadt@

2 years agoAllow TLSv1.3 clients to send CCS without middlebox compatibility mode.
jsing [Sat, 17 Sep 2022 17:14:06 +0000 (17:14 +0000)]
Allow TLSv1.3 clients to send CCS without middlebox compatibility mode.

While RFC 8446 is clear about what legacy session identifiers can be sent
by a TLSv1.3 client and how middlebox compatibility mode is requested, it
is delightfully vague about the circumstances under which a client is
permitted to send CCS messages. While it does not make sense for a client
to send CCS messages when they are not requesting middlebox compatibility
mode, it is not strictly forbidden by the RFC and at least one (unknown)
TLSv1.3 stack has been observed to do this in the wild.

Revert part of the previous change and allow clients to send CCS messages,
even if they are not requesting middlebox compatibility mode.

Found the hard way by florian@

ok tb@

2 years agoLink to SSL_read_early_data(3)
kn [Sat, 17 Sep 2022 16:03:21 +0000 (16:03 +0000)]
Link to SSL_read_early_data(3)

OK tb

2 years agobind/connect is now expected to succeed
benno [Sat, 17 Sep 2022 12:51:23 +0000 (12:51 +0000)]
bind/connect is now expected to succeed

2 years agobind() to AF_UNIX will now require unveil "w". "w" may seem a little odd
deraadt [Sat, 17 Sep 2022 12:40:52 +0000 (12:40 +0000)]
bind() to AF_UNIX will now require unveil "w".  "w" may seem a little odd
(and it may seem it should be "r" to get access to the file to collect
the underlying socket, which is fully r/w in a non-file way).  But this
matches the POSIX spec that the file be 'writeable'.  The regress test
and daemons have been updated for this behaviour.
Gap discovered by martijn, long discussions with benno

2 years agoadd some notes on common pytest arguments
sthen [Sat, 17 Sep 2022 12:17:52 +0000 (12:17 +0000)]
add some notes on common pytest arguments

2 years agotweaks; from jan stary
jmc [Sat, 17 Sep 2022 11:39:09 +0000 (11:39 +0000)]
tweaks; from jan stary

2 years agoAdd RequiredRSASize for sshd(8); RSA keys that fall beneath this limit
djm [Sat, 17 Sep 2022 10:34:29 +0000 (10:34 +0000)]
Add RequiredRSASize for sshd(8); RSA keys that fall beneath this limit
will be ignored for user and host-based authentication.

Feedback deraadt@ ok markus@

2 years agoadd a RequiredRSASize for checking RSA key length in ssh(1).
djm [Sat, 17 Sep 2022 10:33:18 +0000 (10:33 +0000)]
add a RequiredRSASize for checking RSA key length in ssh(1).
User authentication keys that fall beneath this limit will be
ignored. If a host presents a host key beneath this limit then
the connection will be terminated (unfortunately there are no
fallbacks in the protocol for host authentication).

feedback deraadt, Dmitry Belyavskiy; ok markus@

2 years agoShow time zone name and offset in clock border if TZ environment
florian [Sat, 17 Sep 2022 10:32:05 +0000 (10:32 +0000)]
Show time zone name and offset in clock border if TZ environment
variable is set. This is useful when running multiple clocks in
different time zones.
From James Russell Stickney (jrs AT outband.net), tweaked by me.
Input & OK kn

2 years agoAdd a sshkey_check_rsa_length() call for checking the length of an
djm [Sat, 17 Sep 2022 10:30:45 +0000 (10:30 +0000)]
Add a sshkey_check_rsa_length() call for checking the length of an
RSA key; ok markus@

2 years agoactually hook up restrict_websafe; the command-line flag was
djm [Sat, 17 Sep 2022 10:11:29 +0000 (10:11 +0000)]
actually hook up restrict_websafe; the command-line flag was
never actually used. Spotted by Matthew Garrett

2 years agoHook up installboot unconditionally, skip on unsupported archs
kn [Sat, 17 Sep 2022 09:30:18 +0000 (09:30 +0000)]
Hook up installboot unconditionally, skip on unsupported archs

The list of not yet tested archs is smaller, so follow bsd.regress.mk(5)
advise and just print SKIPPED on those.

2 years agomove most of the key combination translation code out of ukbd(4)
robert [Fri, 16 Sep 2022 16:30:10 +0000 (16:30 +0000)]
move most of the key combination translation code out of ukbd(4)
to hidkbd so that it can be re-used by apldc(4) and aplhidev(4) as well

this also adds support for apple fn key combinations to aplhidev(4)

ok miod@

2 years agosemctl1 and msgctl were introduced for binary compatibility for OpenBSD 3.5.
mbuhl [Fri, 16 Sep 2022 15:57:23 +0000 (15:57 +0000)]
semctl1 and msgctl were introduced for binary compatibility for OpenBSD 3.5.
They are no longer needed.
OK bluhm@

2 years agoMake mfii(4) recover from firmware FAULT state on startup.
stsp [Fri, 16 Sep 2022 12:08:27 +0000 (12:08 +0000)]
Make mfii(4) recover from firmware FAULT state on startup.

In case firmware initially comes up in FAULT state, reset the device and
give it one more chance to attach successfully. The Linux megaraid_sas
driver applies the same workaround in this case. There seems to be a bug
in some firmware versions which can trigger this behaviour; see mainline
Linux commit 6431f5d7c6025f8b007af06ea090de308f7e6881

Problem observed by me with mfii(4) attached via KVM PCI-passthrough:
mfii0 at pci0 dev 2 function 0 "Symbios Logic MegaRAID SAS2208" rev 0x05: msi
mfii0: firmware fault

With this workaround in place, attachment succeeds and the device works:
mfii0 at pci0 dev 2 function 0 "Symbios Logic MegaRAID SAS2208" rev 0x05: msi
mfii0: firmware fault; attempting full device reset, this can take some time
mfii0: "RAID Ctrl SAS 6G 1GB (D3116C)", firmware 23.29.0-0019, 1024MB cache

Tested for regressions on bare metal by Hrvoje with two different adapters:
mfii0 at pci1 dev 0 function 0 "Symbios Logic MegaRAID SAS3508" rev 0x01: msi
mfii0: "PERC H740P Mini ", firmware 51.16.0-4076, 8192MB cache
mfii0 at pci4 dev 0 function 0 "Symbios Logic MegaRAID SAS2208" rev 0x05: msi
mfii0: "ServeRAID M5110", firmware 23.34.0-0023, 512MB cache

ok jmatthew@

2 years agocorrect error value
djm [Fri, 16 Sep 2022 06:55:37 +0000 (06:55 +0000)]
correct error value

2 years agosftp: Be a bit more clever about completions
djm [Fri, 16 Sep 2022 03:33:14 +0000 (03:33 +0000)]
sftp: Be a bit more clever about completions

There are commands (e.g. "get" or "put") that accept two
arguments, a local path and a remote path. However, the way
current completion is written doesn't take this distinction into
account and always completes remote or local paths.

By expanding CMD struct and "cmds" array this distinction can be
reflected and with small adjustment to completer code the correct
path can be completed.

By Michal Privoznik, ok dtucker@

2 years agosftp: Don't attempt to complete arguments for non-existent commands
djm [Fri, 16 Sep 2022 03:13:34 +0000 (03:13 +0000)]
sftp: Don't attempt to complete arguments for non-existent commands

If user entered a non-existent command (e.g. because they made a
typo) there is no point in trying to complete its arguments. Skip
calling complete_match() if that's the case.

From Michal Privoznik

2 years agodrm/i915: Implement WaEdpLinkRateDataReload
jsg [Fri, 16 Sep 2022 02:29:47 +0000 (02:29 +0000)]
drm/i915: Implement WaEdpLinkRateDataReload

From Ville Syrjala
d2ca79dd0b5487991dac52c6b679915dbd70ee4c in linux 5.15.y/5.15.68
672d6ca758651f0ec12cd0d59787067a5bde1c96 in mainline linux

2 years agodrm/amd/display: fix memory leak when using debugfs_lookup()
jsg [Fri, 16 Sep 2022 02:26:35 +0000 (02:26 +0000)]
drm/amd/display: fix memory leak when using debugfs_lookup()

From Greg Kroah-Hartman
58acd2ebae034db3bacf38708f508fbd12ae2e54 in linux 5.15.y/5.15.68
cbfac7fa491651c57926c99edeb7495c6c1aeac2 in mainline linux

2 years agodrm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly
jsg [Fri, 16 Sep 2022 02:24:23 +0000 (02:24 +0000)]
drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly

From Qu Huang
ad5ef763dbbea8193bd2095a1401aeac6e8f74e8 in linux 5.15.y/5.15.68
b8983d42524f10ac6bf35bbce6a7cc8e45f61e04 in mainline linux

2 years agodrm/radeon: add a force flush to delay work when radeon
jsg [Fri, 16 Sep 2022 02:22:45 +0000 (02:22 +0000)]
drm/radeon: add a force flush to delay work when radeon

From Zhenneng Li
5a7a5b2edac4b05abd744eeaebda46d9dacd952d in linux 5.15.y/5.15.68
f461950fdc374a3ada5a63c669d997de4600dffe in mainline linux

2 years agodrm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup.
jsg [Fri, 16 Sep 2022 02:20:28 +0000 (02:20 +0000)]
drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup.

From Candice Li
622a557b28b718d4da92ff3504d83af2310324d2 in linux 5.15.y/5.15.68
c351938350ab9b5e978dede2c321da43de7eb70c in mainline linux

2 years agodrm/amdgpu: Move psp_xgmi_terminate call from amdgpu_xgmi_remove_device to psp_hw_fini
jsg [Fri, 16 Sep 2022 02:18:48 +0000 (02:18 +0000)]
drm/amdgpu: Move psp_xgmi_terminate call from amdgpu_xgmi_remove_device to psp_hw_fini

From YiPeng Chai
c15c2c2c08964fd99d3366f80742129f8ae28eaa in linux 5.15.y/5.15.68
9d705d7741ae70764f3d6d87e67fad3b5c30ffd0 in mainline linux

2 years agodrm/gem: Fix GEM handle release errors
jsg [Fri, 16 Sep 2022 02:16:44 +0000 (02:16 +0000)]
drm/gem: Fix GEM handle release errors

From Jeffy Chen
1f574fbe9c2b831a8c3156260842a7abd280d59f in linux 5.15.y/5.15.68
ea2aa97ca37a9044ade001aef71dbc06318e8d44 in mainline linux

2 years agomask non-chain fence sequence numbers to 32-bit for comparisons
jsg [Fri, 16 Sep 2022 01:48:07 +0000 (01:48 +0000)]
mask non-chain fence sequence numbers to 32-bit for comparisons

Most of drm uses 32-bit sequence numbers in fences.
dma-fence-chain opts into 64-bit comparisons.

Wrapping is handled like i915_seqno_passed() except that if the sequence
numbers are the same one is not considered later than the other.

2 years agotsc: configure LFENCE to serialize dispatch before testing TSC sync
cheloha [Thu, 15 Sep 2022 19:30:51 +0000 (19:30 +0000)]
tsc: configure LFENCE to serialize dispatch before testing TSC sync

On AMD CPUs, LFENCE does not serialize instruction dispatch until MSR
C001_1029[1] is properly configured.  We do this in identifycpu(); see
amd64/identcpu.c,v 1.103.

The upshot is that the first TSC synchronization test is currently
invalid on most AMD CPUs because the LFENCE in the test loop does not
ensure that the AP loads the BP's latest TSC value before executing
RDTSC.  So the synchronization test is yielding false positives on AMD
CPUs where the TSCs are actually synchronized.

The simplest fix is to wait until after the secondary CPU runs
identifycpu() in cpu_hatch() to test TSC synchronization.

Moving the TSC sync test after CPU identification means that we can
remove the CPUID() calls from tsc.c: the CPU feature flags are set in
identifycpu() so we no longer need to test for IA32_TSC_ADJUST support
by hand.

While we are at it, we should also pass the correct cpu_info pointer
to tsc_test_sync_bp().  It was unused before, so the bug was harmless,
but we definitely need the BP's cpu_info pointer, not the AP's pointer.

Unfortunately, this change does not fix the TSC sync problems we've
been seeing on e.g. dv@'s and jmc@'s Ryzen 5 machines.  Hopefully the
problem on those machines is buggy firmware and not another
architectural misunderstanding on my part.

Prompted by robert@.  Problem diagnosed by brynet@.  With input from
robert@, brynet@, and deraadt@.  Tested by robert@, brynet@, dv@,
phessler@, and jmc@.

ok robert@ brynet@ sthen@

2 years agoEnable the keyboard on the Samsung Galaxy Book Go.
mglocker [Thu, 15 Sep 2022 18:03:52 +0000 (18:03 +0000)]
Enable the keyboard on the Samsung Galaxy Book Go.

Help from kettenis@, "Nice!" deraadt@

2 years agoShort names make for shorter and prettier lines.
krw [Thu, 15 Sep 2022 15:05:58 +0000 (15:05 +0000)]
Short names make for shorter and prettier lines.

2 years agoAdd support for Apple fn key combinations. Based on Apple fn key handling
tobhe [Thu, 15 Sep 2022 14:45:49 +0000 (14:45 +0000)]
Add support for Apple fn key combinations. Based on Apple fn key handling
in ukbd(4).

ok miod@

2 years agoUse non-blocking connect() with ppoll() and timeout instead of alarm().
millert [Thu, 15 Sep 2022 12:47:10 +0000 (12:47 +0000)]
Use non-blocking connect() with ppoll() and timeout instead of alarm().
For hosts with multiple IP addrs this makes it possible to fall
over from an unresponsive IP to another.  This also replaces the
other connect(2) + connect_wait() calls with timed_connect() so the
-w option now works for more that just http.  OK sthen@ deraadt@

2 years agoAdd GPTPARTATTR_MS_* defines for Microsoft basic data attributes
krw [Thu, 15 Sep 2022 10:10:14 +0000 (10:10 +0000)]
Add GPTPARTATTR_MS_* defines for Microsoft basic data attributes
and make 'fdisk -v' display their names (NoAutoMount, Hidden,
Shadow, ReadOnly).

Shift 1ULL instead of 1 to make it clear these are uint64_t
flags. Makes clang happier.

2 years agoRemove unneeded interim DPRINTF() verbiage. Make DEBUG compile
krw [Thu, 15 Sep 2022 09:08:29 +0000 (09:08 +0000)]
Remove unneeded interim DPRINTF() verbiage. Make DEBUG compile
again.

2 years agoAdd OID for RPKI signedTAL objects
job [Thu, 15 Sep 2022 08:20:34 +0000 (08:20 +0000)]
Add OID for RPKI signedTAL objects

IANA made a permanent registration in the SMI Security for S/MIME CMS
Content Type registry at
https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#security-smime-1
for signed objects conforming to draft-ietf-sidrops-signed-tal.

OK tb@

2 years agoMake kroute_matchgw() also work with connected routes.
claudio [Thu, 15 Sep 2022 08:20:14 +0000 (08:20 +0000)]
Make kroute_matchgw() also work with connected routes.

Connected routes have no gateway set but only have ifindex set.
When an interface is deconfigured this makes sure the right route is
removed.
OK tb@

2 years agoIgnore error when we try to delete an address that's already gone.
florian [Thu, 15 Sep 2022 07:59:59 +0000 (07:59 +0000)]
Ignore error when we try to delete an address that's already gone.

This will happen when an address expires because the vltime drops to
zero. The kernel then deletes the address and slaacd tries to do so,
too. The correct fix is to track in slaacd that the kernel already
deleted the address for us, but that's too much work shortly before a
release so just hide the ugly warning for now, it's harmless.
Problem reported by semarie some time ago.
OK deraadt, benno

2 years agoUse LONG_MAX as the limit for ciphers with long based APIs.
jsing [Thu, 15 Sep 2022 07:04:19 +0000 (07:04 +0000)]
Use LONG_MAX as the limit for ciphers with long based APIs.

These ciphers have long based APIs, while EVP has a size_t based API. The
intent of these loops is to handle sizes that are bigger than LONG_MAX.
Rather than using the rather crazy EVP_MAXCHUNK construct, use LONG_MAX
rounded down to a large block size, ensuring that it is a block size
multiple. Revert the recently added overflow checks now that this is
handled more appropriately.

ok tb@

2 years agoregen
kmos [Thu, 15 Sep 2022 04:28:51 +0000 (04:28 +0000)]
regen

2 years agoAdd IDs for the JHL6240 Thunderbolt 3 controller found in my Thinkpad T490
kmos [Thu, 15 Sep 2022 04:28:07 +0000 (04:28 +0000)]
Add IDs for the JHL6240 Thunderbolt 3 controller found in my Thinkpad T490

ok jsg

2 years agorecognise Neoverse V2 (Demeter)
jsg [Thu, 15 Sep 2022 01:57:52 +0000 (01:57 +0000)]
recognise Neoverse V2 (Demeter)

2 years agoAF_UNIX bind() must use UNVEIL_CREATE for namei() because it is creating
deraadt [Wed, 14 Sep 2022 22:28:52 +0000 (22:28 +0000)]
AF_UNIX bind() must use UNVEIL_CREATE for namei() because it is creating
a file in the filesystem.  Spotted by martijn.  A review of AF_UNIX
binding programs has been done by benno, and we think it is worth commiting
this semantic change now and watching for fallout.

2 years agoBackout "Reflect script failure in exit code"
kn [Wed, 14 Sep 2022 16:43:00 +0000 (16:43 +0000)]
Backout "Reflect script failure in exit code"

amd64 install using (G)PT seems busted as reported by tb

2 years agoremove an extraneous empty line
tb [Wed, 14 Sep 2022 16:31:36 +0000 (16:31 +0000)]
remove an extraneous empty line

2 years agocloser to potential release date
deraadt [Wed, 14 Sep 2022 14:25:31 +0000 (14:25 +0000)]
closer to potential release date

2 years agoMerge common FORMAT_FDISK and USE_SOFTRAID default, simpler cleanup
kn [Wed, 14 Sep 2022 13:37:03 +0000 (13:37 +0000)]
Merge common FORMAT_FDISK and USE_SOFTRAID default, simpler cleanup

2 years agoCompare 'srcnat' when comparing policies. Fixes a bug where policy lookup could
tobhe [Wed, 14 Sep 2022 13:07:49 +0000 (13:07 +0000)]
Compare 'srcnat' when comparing policies.  Fixes a bug where policy lookup could
not differentiate between similar policies that only differ in srcnat.  Also
include srcnat when logging flows or policies.

ok markus@

2 years agoFold root disk setup targets into one
kn [Wed, 14 Sep 2022 10:09:48 +0000 (10:09 +0000)]
Fold root disk setup targets into one

2 years agoFold vnd disk setup targets into a single loop
kn [Wed, 14 Sep 2022 10:06:14 +0000 (10:06 +0000)]
Fold vnd disk setup targets into a single loop

2 years agoMake NDISKS an integer, simplify CLEANFILES with globbing
kn [Wed, 14 Sep 2022 09:57:47 +0000 (09:57 +0000)]
Make NDISKS an integer, simplify CLEANFILES with globbing

Testing with three softraid chunks now means NDISKS=3 as one would expect
and not NDISKS='1 2 3'.

This uses the powerful jot(1) -w and rs(1) -T commands and allows for more
simplifications in the Makefile.

2 years agoFormat softraid keydisk to make regress pass without installboot fix
kn [Wed, 14 Sep 2022 08:52:47 +0000 (08:52 +0000)]
Format softraid keydisk to make regress pass without installboot fix

Treat keydisks like real chunks until installboot properly skips it and
does not touch/install to them anymore.

2 years agoclarify behaviour when the second address in a range is smaller than
jmc [Wed, 14 Sep 2022 07:14:02 +0000 (07:14 +0000)]
clarify behaviour when the second address in a range is smaller than
or equal to the first;

diff from luka krmpotic
ok kn

2 years agosync
deraadt [Wed, 14 Sep 2022 06:31:14 +0000 (06:31 +0000)]
sync

2 years agosk_enroll: never drop SSH_SK_USER_VERIFICATION_REQD flag from response
djm [Wed, 14 Sep 2022 00:14:37 +0000 (00:14 +0000)]
sk_enroll: never drop SSH_SK_USER_VERIFICATION_REQD flag from response

Now that all FIDO signing calls attempt first without PIN and then
fall back to trying PIN only if that attempt fails, we can remove the
hack^wtrick that removed the UV flag from the keys returned during
enroll.

By Corinna Vinschen

2 years agoa little extra debugging
djm [Wed, 14 Sep 2022 00:13:13 +0000 (00:13 +0000)]
a little extra debugging

2 years agossh-agent: attempt FIDO key signing without PIN and use the error
djm [Wed, 14 Sep 2022 00:02:03 +0000 (00:02 +0000)]
ssh-agent: attempt FIDO key signing without PIN and use the error
to determine whether a PIN is required and prompt only if necessary.
from Corinna Vinschen

2 years agoadd some initial docs for MODPY_PYBUILD, prompted by espie
sthen [Tue, 13 Sep 2022 20:56:47 +0000 (20:56 +0000)]
add some initial docs for MODPY_PYBUILD, prompted by espie

2 years ago== in [[ does pattern matching as well
kn [Tue, 13 Sep 2022 20:26:26 +0000 (20:26 +0000)]
== in [[ does pattern matching as well

OK millert

2 years agoSplit out the code that collects data from acpiac(4), acpibat(4) and
kettenis [Tue, 13 Sep 2022 17:14:54 +0000 (17:14 +0000)]
Split out the code that collects data from acpiac(4), acpibat(4) and
acpisbs(4) for apm(4) and hook it up to the arm64 version of apm(4) on
systems with ACPI.

ok kn@

2 years agoAdd (partial) support for agentx in vmd.
martijn [Tue, 13 Sep 2022 10:28:19 +0000 (10:28 +0000)]
Add (partial) support for agentx in vmd.

Metrics can be found under mib-2.236 and VM-MIB (RFC7666).

Stress tested by and happy noises from Mischa Peters
OK dv@

2 years agovarbind was designed to allow both a ber NULL and a NULL pointer for
martijn [Tue, 13 Sep 2022 10:22:07 +0000 (10:22 +0000)]
varbind was designed to allow both a ber NULL and a NULL pointer for
value. The ber NULL case is there for when it was received via a PDU.
The NULL pointer case can happen if application.c runs into a timeout
or when a backend runs into problems.

The NULL pointer case however was overlooked in appl_varbind_valid and
results in an "missing value" error, (needlessly) terminating the
connection to the backend.

Found the hard way by Mischa Peters while stress testing agentx support
for vmd.

OK tb@, sthen@

2 years agoWhen a connection is reset while we still have an outstanding request,
martijn [Tue, 13 Sep 2022 10:20:22 +0000 (10:20 +0000)]
When a connection is reset while we still have an outstanding request,
the connection from the request to the rest of the structure is removed,
so we don't send any old data over the new connection.

However, the old code dereferences axc at a couple of places before
we check it for NULL.

Found the hard way by Mischa Peters while stress testing agentx support
for vmd.

OK tb@, sthen@

2 years agosupport more than one input file in llvm-ranlib by backporting
robert [Tue, 13 Sep 2022 09:57:09 +0000 (09:57 +0000)]
support more than one input file in llvm-ranlib by backporting
commit aa173573198e024b065c5f6523ce26bb865781b7 from upstream

ok kettenis@

2 years agoChange pru_rcvd() return type to the type of void. We have no interest
mvs [Tue, 13 Sep 2022 09:05:47 +0000 (09:05 +0000)]
Change pru_rcvd() return type to the type of void. We have no interest
on pru_rcvd() return value.

Drop "pru_rcvd != NULL" check within pru_rcvd() wrapper. We only call it
if the socket's protocol have PR_WANTRCVD flag set. Such sockets are
route domain, tcp(4) and unix(4) sockets.

ok guenther@ bluhm@

2 years agoDo soreceive() with shared netlock for raw sockets.
mvs [Tue, 13 Sep 2022 09:05:02 +0000 (09:05 +0000)]
Do soreceive() with shared netlock for raw sockets.

ok bluhm@

2 years agodocument "configtest" in SYNOPSIS; from andrei
jmc [Tue, 13 Sep 2022 06:20:38 +0000 (06:20 +0000)]
document "configtest" in SYNOPSIS; from andrei
while here, sort SYNOPSIS at the behest of ajacoutot;

ok ajacoutot

2 years agofix Xr;
jmc [Tue, 13 Sep 2022 05:49:23 +0000 (05:49 +0000)]
fix Xr;

2 years agoadd missing quote;
jmc [Tue, 13 Sep 2022 05:48:54 +0000 (05:48 +0000)]
add missing quote;

2 years agoadd arch to Dt;
jmc [Tue, 13 Sep 2022 05:46:00 +0000 (05:46 +0000)]
add arch to Dt;

2 years agoStop pretending that EVP_CIPHER cleanup can fail.
jsing [Tue, 13 Sep 2022 04:59:18 +0000 (04:59 +0000)]
Stop pretending that EVP_CIPHER cleanup can fail.

Now that EVP_CIPHER is opaque, stop pretending that EVP_CIPHER cleanup can
fail.

ok tb@

2 years agoSIOCDIFPARENT removes configuration not SIOCGIFPARENT
jsg [Tue, 13 Sep 2022 01:38:31 +0000 (01:38 +0000)]
SIOCDIFPARENT removes configuration not SIOCGIFPARENT
spotted by kn@

2 years agoEnable acpiac(4) and acpibat(4).
kettenis [Mon, 12 Sep 2022 20:31:53 +0000 (20:31 +0000)]
Enable acpiac(4) and acpibat(4).

ok deraadt@

2 years agoStore mod/ref flags using md pg_flags values rather than a specific field in
miod [Mon, 12 Sep 2022 19:35:20 +0000 (19:35 +0000)]
Store mod/ref flags using md pg_flags values rather than a specific field in
vm_page_md, which allows this struct to shrink a bit.

2 years agoStore mod/ref flags using md pg_flags values rather than a specific field in
miod [Mon, 12 Sep 2022 19:33:34 +0000 (19:33 +0000)]
Store mod/ref flags using md pg_flags values rather than a specific field in
vm_page_md, which allows this struct to shrink a bit.

2 years agoDrop orphaned pv_flags values.
miod [Mon, 12 Sep 2022 19:28:19 +0000 (19:28 +0000)]
Drop orphaned pv_flags values.

2 years agoAdd support for level-triggered GPIO events.
kettenis [Mon, 12 Sep 2022 17:42:31 +0000 (17:42 +0000)]
Add support for level-triggered GPIO events.

ok mlarkin@

2 years agosxirintc(4)
kettenis [Mon, 12 Sep 2022 17:30:32 +0000 (17:30 +0000)]
sxirintc(4)

2 years agoqcgpio(4) and qciic(4)
kettenis [Mon, 12 Sep 2022 15:59:16 +0000 (15:59 +0000)]
qcgpio(4) and qciic(4)

2 years agoqcgpio(4) and qciic(4)
kettenis [Mon, 12 Sep 2022 15:49:36 +0000 (15:49 +0000)]
qcgpio(4) and qciic(4)

2 years agozap extra .Pp
tb [Mon, 12 Sep 2022 14:36:09 +0000 (14:36 +0000)]
zap extra .Pp

2 years agoStop documenting i2c_ASN1_INTEGER.
tb [Mon, 12 Sep 2022 14:33:47 +0000 (14:33 +0000)]
Stop documenting i2c_ASN1_INTEGER.

This is no longer public API. Also remove some comments about i2c and c2i
functions being intentionally undocumented since they are no longer public.

2 years agodisable Panel Self Refresh (PSR) by default in inteldrm
jsg [Mon, 12 Sep 2022 14:18:17 +0000 (14:18 +0000)]
disable Panel Self Refresh (PSR) by default in inteldrm

After i915_drv.c 1.144 PSR changed to being on by default.
On a TUXEDO InfinityBook Pro 14 Gen6 (Tiger Lake) this introduced screen
flicker.  Reported and tested by Matthias Schmidt.

Should also avoid flicker problem on Dell XPS 13 7390 (Comet Lake)
reported by James Cook.

2 years agoAdd CBC, CFB64 and OFB64 test coverage for RC2
tb [Mon, 12 Sep 2022 13:11:36 +0000 (13:11 +0000)]
Add CBC, CFB64 and OFB64 test coverage for RC2

From Joshua Sing

2 years agoHook up installboot(8) tests on all covered archs
kn [Mon, 12 Sep 2022 13:10:03 +0000 (13:10 +0000)]
Hook up installboot(8) tests on all covered archs

Those that still fail (softraid+keydisk or explicit-stage-files) have fixes on tech@.

2 years agowhitespace nits
tb [Mon, 12 Sep 2022 13:09:01 +0000 (13:09 +0000)]
whitespace nits

2 years agoBump version for upcoming -portable release
claudio [Mon, 12 Sep 2022 12:04:55 +0000 (12:04 +0000)]
Bump version for upcoming -portable release

2 years agoDon't use options from pane if pane is NULL.
nicm [Mon, 12 Sep 2022 12:02:17 +0000 (12:02 +0000)]
Don't use options from pane if pane is NULL.

2 years agoacpihpet(4): acpihpet_delay: only use lower 32 bits of counter
cheloha [Mon, 12 Sep 2022 10:58:05 +0000 (10:58 +0000)]
acpihpet(4): acpihpet_delay: only use lower 32 bits of counter

We can't use acpihpet_r() to implement acpihpet_delay().  Even if we
made acpihpet_r() atomic on amd64, i386 would still be incapable of
doing atomic 8-byte reads.  As-is, the code does a split read on all
platforms, which may or may not already be causing problems with TSC
calibration:

https://marc.info/?l=openbsd-tech&m=166220561709496&w=2

Switch from acpihpet_r() to bus_space_read_4() and only use the lower
32 bits of the counter.  This makes acpihpet_delay() slightly larger,
but unless we want two acpihpet_delay() implementations we have no
choice.

Link: https://marc.info/?l=openbsd-tech&m=166165347220077&w=2
ok jsg@