tb [Sat, 8 Jun 2024 13:29:54 +0000 (13:29 +0000)]
Extend the cert_purpose enum
This adds a TA and an EE purpose to be used in upcoming commits.
ok job
tb [Sat, 8 Jun 2024 13:28:35 +0000 (13:28 +0000)]
Add a x509_cache_extensions() helper
This is a simple wrapper around X509_check_policy(cert, -1, 0) that
doesn't need an explanatory comment in the caller.
The reason for having to do this is that various OpenSSL API calls rely
on having extension information cached. As an unsurprising consequence of
OpenSSL's characteristic API misdesign these calls can't report errors,
so they call the extension caching without error checking and the result
is that they may report nonsense.
To work around this, cache the extensions up front so a second call can't
fail and thus API calls such as X509_check_ca(), X509_get_key_usage() and
X509_cmp() work reliably.
ok job
florian [Sat, 8 Jun 2024 06:05:40 +0000 (06:05 +0000)]
Do not enforce the next version key if installing a snapshot.
Developers sometimes have dev machines with an older snapshot that
already has the correct signify key but sysupgrade(8) refuses to do an
upgrade because it thinks it's a version jump. That's just silly.
tb pointed out that signify(1) can just work out the correct key all
by itself.
problem reported, same diff & OK deraadt
jsg [Sat, 8 Jun 2024 00:24:00 +0000 (00:24 +0000)]
remove unused SECMIN and SECHOUR defines
jsg [Fri, 7 Jun 2024 23:19:18 +0000 (23:19 +0000)]
remove unused TAB defines; ok miod@
bluhm [Fri, 7 Jun 2024 18:24:16 +0000 (18:24 +0000)]
Read IP forwarding variables only once.
Do not assume that ip_forwarding and ip_directedbcast cannot change
while processing one packet. Read it once and pass down its value
with a flag. This is necessary for unlocking the sysctl path.
There are a few places where a consistent value does not really
matter, they are unchanged. Use a proper ip_ prefix for the global
variable.
OK claudio@
jmc [Fri, 7 Jun 2024 17:38:22 +0000 (17:38 +0000)]
trim the -w text: it's obvious -l is a different case, so no need to note
ok florian
kettenis [Fri, 7 Jun 2024 16:53:35 +0000 (16:53 +0000)]
Make sure we select the deepest possible C-state during suspend-to-idle.
ok deraadt@, guenther@, mlarkin@, jsg@
job [Fri, 7 Jun 2024 14:00:09 +0000 (14:00 +0000)]
Align documentation with reality
OK tb@
jsg [Fri, 7 Jun 2024 13:43:21 +0000 (13:43 +0000)]
remove ph_ppp_proto define, unused since rev 1.123
tb [Fri, 7 Jun 2024 13:24:35 +0000 (13:24 +0000)]
rpki-client: if anything changed, choose the freshly-fetched TA
Instead of just looking at the serial number it's easier to use X509_cmp().
This compares the certs' hashes computed during the extension caching. This
is currently SHA-512 for LibreSSL and SHA-1 for OpenSSL, which is good
enough. After all, the TA certs were signed by a trusted source and if you
choose to use OpenSSL this won't be the worst of your problems.
ok job
deraadt [Fri, 7 Jun 2024 13:23:30 +0000 (13:23 +0000)]
avoid shadowing issues which some compilers won't accept
ok djm
jsg [Fri, 7 Jun 2024 13:15:25 +0000 (13:15 +0000)]
remove MAXBUFSIZ define, unused since rev 1.33
job [Fri, 7 Jun 2024 11:48:05 +0000 (11:48 +0000)]
Fine-tune the TA tiebreaker logic
Additional tiebreaker: prefer TA certificates with the narrower validity window
OK tb@
jsg [Fri, 7 Jun 2024 10:14:29 +0000 (10:14 +0000)]
remove unused defines, missed in rev 1.34
florian [Fri, 7 Jun 2024 09:48:19 +0000 (09:48 +0000)]
Fix slaac on P2P interfaces
slaacd(8) can work on P2P interfaces, it will just never configure the
destination address. But this works fine on at least pppoe(4) and
tun(4).
To make this less confusing pull ifra_dstaddr into dst6 or gw6
depending on if we are doing autoconf or not.
I accidentally broke this when implementing rule 5.5 of RFC 6724.
reported by & testing naddy
OK bluhm
jsg [Fri, 7 Jun 2024 09:26:37 +0000 (09:26 +0000)]
remove unused ROOTNAME define and part of a comment
matches part of cd9660_vfsops.c rev 1.11 and ffs_vfsops.c rev 1.12
jsg [Fri, 7 Jun 2024 08:48:10 +0000 (08:48 +0000)]
remove unused IPL_SOFTAUDIO define, missed in rev 1.200
jan [Fri, 7 Jun 2024 08:44:25 +0000 (08:44 +0000)]
Use TCP Large Receive Offload in vmx(4).
tested by Hrvoje Popovski and bluhm@
ok bluhm@
jsg [Fri, 7 Jun 2024 08:37:59 +0000 (08:37 +0000)]
remove unused defines
tb [Fri, 7 Jun 2024 08:36:54 +0000 (08:36 +0000)]
Add two related todo items for purpose handling
BGPsec certs are a bit weird and checks for them are all over the place,
some of them in the TA handling, which makes very little sense. We'd be
better off adding another purpose for trust anchors and use that instead.
ok claudio job
tb [Fri, 7 Jun 2024 08:33:12 +0000 (08:33 +0000)]
Rework trust anchor handling
Mimick the approach already taken from manifests and compare the trust
anchor fetched from the net with the one in the cache (if any). This
allows us to choose which one to use and pick the one we like better.
We currently look at the notBefore date and pick the TA later one or
pick the new one if the serialNumber changed. These conditions will
be tweaked in tree.
This prevents replay attacks where a man in the middle could feed us
still valid TA certificates with outdated internet number resources.
This is not currently an issue since all currently valid TA certs from
the RIRs have the same set of resources. Some TA certificates in the RPKI
expire so far in the future that its 32-bit time is again positive.
Things may well change in the next 100 years...
Problem pointed out to us by Ties de Kock a long time ago.
with and ok claudio
ok job
claudio [Fri, 7 Jun 2024 08:22:53 +0000 (08:22 +0000)]
Download new TA files into a temporary place (.ta/) so that the parser
can decide which of the two files to use.
With and OK tb@
jsg [Fri, 7 Jun 2024 08:02:17 +0000 (08:02 +0000)]
remove unused packet header length defines
jsg [Fri, 7 Jun 2024 06:26:23 +0000 (06:26 +0000)]
remove unused CONCAT define
tb [Fri, 7 Jun 2024 06:21:40 +0000 (06:21 +0000)]
Fix non-xsc path in x509_verify_potential_parent()
The combination of two bugs made this unexpectedly work as intended. To
appreciate this, let's first note that
a) check_issued(..., child, parent) checks if child was issued by parent.
b) X509_check_issued(child, parent) checks if parent was issued by child.
Now like in the real world, b) will only be true in unusual circumstances
(child is known not to be self-issued at this point). X509_check_issued()
fails by returning something different from X509_V_OK, so
return X509_check_issued(child, parent) != X509_V_OK;
will return true if child was issued by parent since then parent was indeed
not issued by child. On the other hand, if child was not issued by parent,
the verifier will notice elsewhere, e.g., in a signature check.
Fix this by reversing the order of child and parent in the above return
line and check for equality instead. This is nearly impossible to detect
in regress.
ok beck
jsg [Fri, 7 Jun 2024 06:04:43 +0000 (06:04 +0000)]
remove UADDR_HINT_MAXGAP, missed when uaddr_hint allocator was removed
tb [Fri, 7 Jun 2024 05:51:39 +0000 (05:51 +0000)]
Call out argument reversal between check_issued() and X509_check_issued()
It's a trap!
deraadt [Fri, 7 Jun 2024 05:17:34 +0000 (05:17 +0000)]
ret-clean is compatible with unhibernate again, due to a fix in
LLVM X86RetClean.cpp
issue observed by mglocker, diagnosed by mlarkin, kettenis, guenther.
deraadt [Fri, 7 Jun 2024 05:16:32 +0000 (05:16 +0000)]
Inside LLVM, Functions become marked with exposesReturnsTwice() if they
call a setjmp-type function (protyped with __attribute__((returns_twice)).
LLVM anticipates the longjmp type function will perform a direct branch
back (rather of a push;ret combo, almost certainly due to CET
shadow-stack coherency difficulties). Since we have CET/IBT enforced,
LLVM makes that direct branch legal by placing an endbr64 immediately
after the callq. Where I was placing the ret-clean sequence... this blows
up badly, in unhibernate / resume situations.
In the Functions marked exposesReturnsTwice(), skip doing ret-clean.
(placing the ret-clear after that endbr64 is much more difficult)
observed by mglocker, diagnosed by mlarkin, kettenis, guenther.
jmc [Thu, 6 Jun 2024 21:14:49 +0000 (21:14 +0000)]
escape the final dot at eol in "e.g." to avoid double spacing;
djm [Thu, 6 Jun 2024 20:25:48 +0000 (20:25 +0000)]
enable PerSourcePenalties by default.
ok markus
NB. if you run a sshd that accepts connections from behind large NAT
blocks, proxies or anything else that aggregates many possible users
behind few IP addresses, then this change may cause legitimate traffic
to be denied.
Please read the PerSourcePenalties, PerSourcePenaltyExemptList and
PerSourceNetBlockSize options in sshd_config(5) for how to tune your
sshd(8) for your specific circumstances.
djm [Thu, 6 Jun 2024 20:20:42 +0000 (20:20 +0000)]
mention that PerSourcePenalties don't affect concurrent in-progress
connections.
djm [Thu, 6 Jun 2024 19:50:01 +0000 (19:50 +0000)]
disable stderr redirection before closing fds
djm [Thu, 6 Jun 2024 19:49:25 +0000 (19:49 +0000)]
regress test for PerSourcePenalties
djm [Thu, 6 Jun 2024 19:48:40 +0000 (19:48 +0000)]
make sure logs are saved from sshd run via start_sshd
djm [Thu, 6 Jun 2024 19:47:48 +0000 (19:47 +0000)]
simplify
djm [Thu, 6 Jun 2024 18:48:13 +0000 (18:48 +0000)]
prepare for PerSourcePenalties being enabled by default in future
djm [Thu, 6 Jun 2024 17:15:25 +0000 (17:15 +0000)]
Add a facility to sshd(8) to penalise particular problematic client
behaviours, controlled by two new sshd_config(5) options:
PerSourcePenalties and PerSourcePenaltyExemptList.
When PerSourcePenalties are enabled, sshd(8) will monitor the exit
status of its child pre-auth session processes. Through the exit
status, it can observe situations where the session did not
authenticate as expected. These conditions include when the client
repeatedly attempted authentication unsucessfully (possibly indicating
an attack against one or more accounts, e.g. password guessing), or
when client behaviour caused sshd to crash (possibly indicating
attempts to exploit sshd).
When such a condition is observed, sshd will record a penalty of some
duration (e.g. 30 seconds) against the client's address. If this time
is above a minimum threshold specified by the PerSourcePenalties, then
connections from the client address will be refused (along with any
others in the same PerSourceNetBlockSize CIDR range).
Repeated offenses by the same client address will accrue greater
penalties, up to a configurable maximum. A PerSourcePenaltyExemptList
option allows certain address ranges to be exempt from all penalties.
We hope these options will make it significantly more difficult for
attackers to find accounts with weak/guessable passwords or exploit
bugs in sshd(8) itself.
PerSourcePenalties is off by default, but we expect to enable it
automatically in the near future.
much feedback markus@ and others, ok markus@
tb [Thu, 6 Jun 2024 16:13:12 +0000 (16:13 +0000)]
ssl_tlsext: fix uninitialized variable warning with gcc
This is a false positive but as is well-known, gcc is terrible at
understanding conditionally initialized variables and it is tedious
to explain this to downstream maintainers who look at warnings.
ok miod
florian [Thu, 6 Jun 2024 15:24:46 +0000 (15:24 +0000)]
sync
florian [Thu, 6 Jun 2024 15:21:01 +0000 (15:21 +0000)]
hook dhcp6leasectl to the built
florian [Thu, 6 Jun 2024 15:16:57 +0000 (15:16 +0000)]
dhcp6leasectl
florian [Thu, 6 Jun 2024 15:15:44 +0000 (15:15 +0000)]
hand PD_IAs to dhcp6leasectl
florian [Thu, 6 Jun 2024 15:07:46 +0000 (15:07 +0000)]
Correct plural form usage.
tb [Thu, 6 Jun 2024 12:38:02 +0000 (12:38 +0000)]
Tell my future self why I don't want to change this check
bluhm [Thu, 6 Jun 2024 12:36:41 +0000 (12:36 +0000)]
Fix call instruction disassembler in ddb.
Disassembling the amd64 call instruction in ddb produced wrong
output. The operand of e8 is only 4 bytes long, not 8. The shown
address was off by 4 bytes. Following instructions were interpreted
incorrectly.
OK guenther@
tb [Thu, 6 Jun 2024 11:53:09 +0000 (11:53 +0000)]
Check that TA certs are correctly signed
We know the pubkey from the TAL, so check that the signature is right
as required by RFC 6487, section 7, additional condition 1, applied to
self-issued certs. Make the error check weird since OpenSSL 3 broke yet
another API (thanks claudio for making me go look).
ok claudio job
tb [Thu, 6 Jun 2024 07:20:15 +0000 (07:20 +0000)]
rpki-client: fix RFC section references in ta_parse()
ok claudio
tb [Thu, 6 Jun 2024 07:19:10 +0000 (07:19 +0000)]
rpki-client: fix a crash in filemode
For an expired TA, cert is freed and zeroed in file mode and cert_print()
crashes. For such TAs (and otherwise invalid ones) expired and notafter
become dangling pointers. Invalidate them and set them only for valid TA
certs.
with/ok claudio
florian [Thu, 6 Jun 2024 06:26:14 +0000 (06:26 +0000)]
Accept more compact forms of prefix delegation requests.
For example, these are now valid, too:
request prefix delegation on vio1 for vether4/64
request prefix delegation on vio1 for { vether5 vether6/64 }
Reminded by Tim Kuijsten
tb [Thu, 6 Jun 2024 05:57:36 +0000 (05:57 +0000)]
ip_resources_print(): zap extra blank line
tb [Thu, 6 Jun 2024 03:29:52 +0000 (03:29 +0000)]
rpki-client: simplify ta_parse()
Since this is always called after cert_parse_pre(), notBefore and notAfter
are available in struct cert, so we can use time_t comparison.
ok claudio
bluhm [Thu, 6 Jun 2024 00:36:46 +0000 (00:36 +0000)]
Clear DF flag after kcopy faulted.
A memory corruption in the kernel happend that was caused by memset
in the wrong direction. After that DF bit was set in ddb rflags.
Only kcopy and memmove use std to set DF bit. kcopy has the special
property that it can fault. In this case DF is set in the trap
frame. kpageflttrap() changes the return address to copy_fault via
pcb_onfault. When alltraps_kern returns, it restores the rflags
with DF set and jumps into copy_fault. From there a function return
goes back into regular kernel execution. Now DF is set, but kernel
memset and memcpy expect that it is cleared.
After copy fault, also reset the DF bit with cld in copy_fault.
The crash happend on OpenBSD 7.4 amd64. As i386 code looks similar,
also insert cld there.
OK guenther@ miod@
deraadt [Wed, 5 Jun 2024 20:19:26 +0000 (20:19 +0000)]
disable -fret-clean in the kernel until the returns_twice situation is handled
tb [Wed, 5 Jun 2024 19:43:06 +0000 (19:43 +0000)]
Revert __bounded__ hack in chacha-merged.c
Thanks to Viktor Szakats for figuring out that stdint.h was missing
in the portable tarballs.
miod [Wed, 5 Jun 2024 19:22:04 +0000 (19:22 +0000)]
Pass cpu_fork() function to the new process through caller-saved registers
in the pcb rather than on the stack. This makes the code simpler and faster
and gets rid of one short timeframe where the stack pointer is only aligned
to an 8 byte boundary instead of a 16 byte boundary.
florian [Wed, 5 Jun 2024 16:15:47 +0000 (16:15 +0000)]
Implement lease files.
florian [Wed, 5 Jun 2024 16:14:12 +0000 (16:14 +0000)]
Use a loop to add request options.
This makes it easier to extend in the future.
florian [Wed, 5 Jun 2024 16:12:09 +0000 (16:12 +0000)]
unused function
florian [Wed, 5 Jun 2024 16:11:26 +0000 (16:11 +0000)]
implement removing of addresses from interfaces
tb [Wed, 5 Jun 2024 13:36:28 +0000 (13:36 +0000)]
Only complain about empty list of revoked certs if verbosity > 1
Given that 15% of CRLs is affected, this is a noisy warning. Krill is
dormant and it will take forever until a fixed version iss deployed.
Until then I'd like to avoid being annoyed wiht this stupid noise.
ok claudio
krw [Wed, 5 Jun 2024 11:04:17 +0000 (11:04 +0000)]
No need to call d_open/d_close for every hibernate resume i/o.
Speeds up resuming from hibernate.
Testing florian@ stsp@
ok mlarkin@ stsp@
florian [Wed, 5 Jun 2024 10:48:56 +0000 (10:48 +0000)]
Do not try to configure an interface with prefix length 0.
florian [Wed, 5 Jun 2024 10:25:07 +0000 (10:25 +0000)]
Do not request a prefix with length zero.
If we got a prefix delegation for some IA but not others use the
prefix lenght from the configuration for the ones we did not get a
prefix delegation.
stsp [Wed, 5 Jun 2024 10:19:55 +0000 (10:19 +0000)]
add support for VLAN tag offloading to dwqe(4)
Tested:
RK3568: kettenis@, jmatthew@; RK3568 can do Rx VLAN tag stripping only
Intel Elkhart Lake: stsp@; EHL additionally supports VLAN tagging on Tx
tweaks + ok jmatthew@
mglocker [Wed, 5 Jun 2024 04:58:05 +0000 (04:58 +0000)]
Now that our hibernation sub-system supports 4096 byte sectors, add
hibernation support for ufshci(4).
Input from kettenis@, krw@, deraadt@, mlarkin@.
ok mlarkin@, deraadt@
tb [Wed, 5 Jun 2024 04:50:36 +0000 (04:50 +0000)]
make test struct const
krw [Tue, 4 Jun 2024 21:48:20 +0000 (21:48 +0000)]
Bump versions of boot media now capable of un-hibernating from non-DEV_BSIZE
sectored media.
Bump to common version (3.67) to indicate new MI capability.
Reminded by deraadt@
krw [Tue, 4 Jun 2024 20:31:35 +0000 (20:31 +0000)]
Enable hibernate/resume to nvme(4) disks with 4096 byte sectors.
testing by florian@ mglocker@ mlarkin@
ok deraadt@ mglocker@ mlarkin@
landry [Tue, 4 Jun 2024 18:13:23 +0000 (18:13 +0000)]
services: add matrix-fed tcp port 8448
registered at IANA since last august for Matrix Federation Protocol
https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?search=8448
ok djm@ solene@
gkoehler [Tue, 4 Jun 2024 17:31:59 +0000 (17:31 +0000)]
Allow sbld allocation to fail when PMAP_CANFAIL.
pool_get in powerpc64's pmap might fail when uvm_km_pages.free == 0.
This might cause KASSERT(slbd) to panic 'kernel diagnostic assertion
"sbld" failed'. Remove this KASSERT and add a check for PMAP_CANFAIL.
pmap_enter calls without PMAP_CANFAIL might still panic.
ok mpi@ jca@
florian [Tue, 4 Jun 2024 15:48:47 +0000 (15:48 +0000)]
IAIDs can start at 0.
I was under the impression that an IAID of 0 is special, but that's
not true. Letting IAID start at zero makes array indexing easier and
avoids an out of bounds access pointed out by dhill.
While here, do not trust IAID received via imsg but do our own
accounting.
deraadt [Tue, 4 Jun 2024 15:14:44 +0000 (15:14 +0000)]
enable -fret-clean on amd64, for libc libcrypto ld.so kernel, and all the
ssh tools. The dynamic objects are entirely ret-clean, static binaries
will contain a blend of cleaning and non-cleaning callers.
millert [Tue, 4 Jun 2024 14:40:46 +0000 (14:40 +0000)]
Avoid unnecessary string traversals in u8_isutf() and substr().
For u8_isutf() the conditionals already ensure that a NUL byte won't
match. For substr() we can use the byte offset of 'm' to avoid
re-scanning the initial part of the string. From Jonas Bechtel.
tb [Tue, 4 Jun 2024 14:17:24 +0000 (14:17 +0000)]
rpki-client: rework AIA, SIA, and CRL handling
Assert that the out parameter is NULL rather than blindly NULL-ing it,
and follow the approach in sbgp_sia() more closely: use a local variable
and warn on any ignored accessMethod/distributionPoint in verbose mode.
AIA is slightly different because there's only a single accessMethod.
Drop the now useless (and previously wrong) warning on *out != NULL in
x509_location(). Instead, assert that the out parameter is NULL. This
way things are a bit less clever, but more explicit, more correct, more
robust, and the code grew only very slightly.
ok claudio
tb [Tue, 4 Jun 2024 14:10:53 +0000 (14:10 +0000)]
rpki-client: reject certs with unexpected SIA accessMethods
RFC 6487, section 4.8.8.1 only lists caRepository and rpkiManifest, and
RFC 8182 added rpkiNotify for RRDP. All other access methods (which would
be children of id-ad), are not allowed and do not really make sense here.
ok claudio
tb [Tue, 4 Jun 2024 14:07:10 +0000 (14:07 +0000)]
rpki-client: only allow a single rpkiNotify SIA accessMethod
RFC 8182, section 3.2 is not super explicit about it, but there should
only be one rpkiNotify accessMethod, and it should contain a location
with a URI of type https. Check this and reject certs that contain more
than one.
ok claudio
jan [Tue, 4 Jun 2024 09:51:52 +0000 (09:51 +0000)]
vio(4): remove useless casts and fix spacing
ok sf@
claudio [Tue, 4 Jun 2024 08:26:11 +0000 (08:26 +0000)]
In dequeue_randomness() use an atomic instruction to increase the
rnd_event_cons. This way even concurrent calls to dequeue_randomness()
will use some different events.
OK deraadt@ djm@
op [Tue, 4 Jun 2024 06:51:15 +0000 (06:51 +0000)]
now that we have dired-up-directory, use it in dired-jump too
it's handy to be able to do C-x C-j (dired-jump) repeatedly to
navigate upwards starting from a buffer, and follows GNU Emacs
behaviour too.
op [Tue, 4 Jun 2024 06:48:34 +0000 (06:48 +0000)]
add dired-up-directory bound to ^ to go up on directory in dired buffers
diff from Dante Catalfamo (date [at] lambda [dot] cx) with some minor
style nits and the manpage bits from me.
ok florian@
tb [Tue, 4 Jun 2024 04:17:18 +0000 (04:17 +0000)]
rpki-client: remove proto argument from x509_location()
After recent changes, the rpkiNotify access description became the last
user of it, so this is now a pointless complication.
ok claudio
dv [Mon, 3 Jun 2024 20:53:00 +0000 (20:53 +0000)]
Lock and unlock EPT pmaps before page table entry modification.
ok mlarkin@
matthieu [Mon, 3 Jun 2024 20:08:12 +0000 (20:08 +0000)]
add .mjs -> text/javascript. ok florian@
florian [Mon, 3 Jun 2024 18:10:04 +0000 (18:10 +0000)]
gc v4 struct
deraadt [Mon, 3 Jun 2024 17:58:33 +0000 (17:58 +0000)]
more sleepy florian knf issues
florian [Mon, 3 Jun 2024 15:55:52 +0000 (15:55 +0000)]
OpenBSD intentionally does not print a flavor for -r.
confirmed by & OK deraadt
deraadt [Mon, 3 Jun 2024 15:53:26 +0000 (15:53 +0000)]
more whitespace and knf
florian [Mon, 3 Jun 2024 15:52:17 +0000 (15:52 +0000)]
knf; pointed out by deraadt
jsg [Mon, 3 Jun 2024 14:59:22 +0000 (14:59 +0000)]
correcly -> correctly
op [Mon, 3 Jun 2024 14:46:03 +0000 (14:46 +0000)]
httpd: render "emojis" as text in directory listing
The "up and down" character used in the directory listing is
technically an emoji and can, depending on the browser configuration,
be rendered in colors and whatnot. set `font-variant-emoji' to ask
the browser to render it as text. This property, as of now, needs
to be enabled manually in some browsers, but since it's part of the
"CSS Fonts Module Level 4" spec, support for it is expected to be
implemented and turned on "soon" in major browsers.
While here, remove the italic for directories.
Diff from Paul W. Rankin (hello (at) paulwrankin dot com)
ok claudio@
claudio [Mon, 3 Jun 2024 14:34:19 +0000 (14:34 +0000)]
Remove lock_class_sched_lock from lock_classes since the corresponding
entry in enum lock_class_index was removed in sys/_lock.h
You get fireworks if the lock_classes array and enum lock_class_index
get out of sync.
deraadt [Mon, 3 Jun 2024 14:11:31 +0000 (14:11 +0000)]
sort
tb [Mon, 3 Jun 2024 12:58:39 +0000 (12:58 +0000)]
Rework SIA handling to be less incorrect
Currently we would only accept rsync URIs in caRepository and rpkiManifest.
This is wrong. The specification requires at least one rsync URI to be
resent, but allows for other URI types, ordered by descending CA preference.
With this diff we will still only respect the first rsync address, but we
will no longer reject certificates listing other URIs. Make the warning
conditional on verbose mode.
Also make it clearer that sbgp_sia() (which is poorly named) is for CA
certs while x509_get_sia() is for EE certs.
input/ok claudio
claudio [Mon, 3 Jun 2024 12:48:25 +0000 (12:48 +0000)]
Remove the now unsued s argument to SCHED_LOCK and SCHED_UNLOCK.
The SPL level is not tacked by the mutex and we no longer need to track
this in the callers.
OK miod@ mlarkin@ tb@ jca@
claudio [Mon, 3 Jun 2024 12:46:59 +0000 (12:46 +0000)]
There is no more LO_CLASS_SCHED_LOCK lock class.
OK miod@ mlarkin@ tb@ jca@
mglocker [Mon, 3 Jun 2024 12:01:57 +0000 (12:01 +0000)]
Remove superfluous pmap_extract() call in the hibernation path.
ok jsg@
florian [Mon, 3 Jun 2024 11:08:31 +0000 (11:08 +0000)]
implement rapid commit
florian [Mon, 3 Jun 2024 10:08:05 +0000 (10:08 +0000)]
sync