openbsd
3 years agoUse a dynamic buffer to allow parsing scripts bigger than BUFSIZ.
mpi [Thu, 9 Sep 2021 07:03:10 +0000 (07:03 +0000)]
Use a dynamic buffer to allow parsing scripts bigger than BUFSIZ.

ok jasper@

3 years agoCheck clear(), delete(), zero() and print() after clear().
mpi [Thu, 9 Sep 2021 06:59:51 +0000 (06:59 +0000)]
Check clear(), delete(), zero() and print() after clear().

ok jasper@

3 years agoMake sure all map operators work after calling clear() on a map.
mpi [Thu, 9 Sep 2021 06:58:39 +0000 (06:58 +0000)]
Make sure all map operators work after calling clear() on a map.

Fix assertions found by jasper@ with AFL++.

ok jasper@

3 years agoFix parsing of aliases again (GitHub issue 2842), also make argument
nicm [Thu, 9 Sep 2021 06:57:48 +0000 (06:57 +0000)]
Fix parsing of aliases again (GitHub issue 2842), also make argument
parsing a bit simpler and fix the names of some client flags.

3 years ago- move CAVEATS to its correct order
jmc [Thu, 9 Sep 2021 06:17:39 +0000 (06:17 +0000)]
- move CAVEATS to its correct order
- use the term "legacy" protocol rather than "original", as the latter
made the text misleading
- uppercase SCP

ok djm

3 years agodrm: Copy drm_wait_vblank to user before returning
jsg [Thu, 9 Sep 2021 04:09:41 +0000 (04:09 +0000)]
drm: Copy drm_wait_vblank to user before returning

From Mark Yacoub
6fd6e20520ccd05a1ac3321404dd498cc28576cb in linux 5.10.y/5.10.62
fa0b1ef5f7a694f48e00804a391245f3471aa155 in mainline linux

3 years agodrm/amd/pm: change the workload type for some cards
jsg [Thu, 9 Sep 2021 04:06:55 +0000 (04:06 +0000)]
drm/amd/pm: change the workload type for some cards

From Kenneth Feng
b00ca567579a4c2f9a4cd6f9a63946f793e8b506 in linux 5.10.y/5.10.62
93c5701b00d50d192ce2247cb10d6c0b3fe25cd8 in mainline linux

3 years agoRevert "drm/amd/pm: fix workload mismatch on vega10"
jsg [Thu, 9 Sep 2021 04:04:45 +0000 (04:04 +0000)]
Revert "drm/amd/pm: fix workload mismatch on vega10"

From Kenneth Feng
3c37ec4350220a548ffc6753646913899e86b1c7 in linux 5.10.y/5.10.62
2fd31689f9e44af949f60ff4f8aca013e628ab81 in mainline linux

3 years agodrm/i915: Fix syncmap memory leak
jsg [Thu, 9 Sep 2021 04:02:53 +0000 (04:02 +0000)]
drm/i915: Fix syncmap memory leak

From Matthew Brost
257ea8a5edc04d5199db83137fbaa24e1de98e9e in linux 5.10.y/5.10.62
a63bcf08f0efb5348105bb8e0e1e8c6671077753 in mainline linux

3 years agodrm/amdgpu: Cancel delayed work when GFXOFF is disabled
jsg [Thu, 9 Sep 2021 04:01:05 +0000 (04:01 +0000)]
drm/amdgpu: Cancel delayed work when GFXOFF is disabled

From Michel Daenzer
da3067eadcc156b742657c0694beae0a7c49d157 in linux 5.10.y/5.10.62
32bc8f8373d2d6a681c96e4b25dca60d4d1c6016 in mainline linux

3 years agoDon't print references to Intel's website for downloading firmware
jcs [Thu, 9 Sep 2021 02:23:14 +0000 (02:23 +0000)]
Don't print references to Intel's website for downloading firmware
when loading fails, it will just confuse people

ok jsg

3 years agoUse the SFTP protocol by default. The original scp/rcp protocol remains
djm [Wed, 8 Sep 2021 23:31:39 +0000 (23:31 +0000)]
Use the SFTP protocol by default. The original scp/rcp protocol remains
available via the -O flag.

Note that ~user/ prefixed paths in SFTP mode require a protocol extension
that was first shipped in OpenSSH 8.7.

ok deraadt, after baking in snaps for a while without incident

3 years agoupdate rge: can do 10/100/1Gb/2.5Gb according to chris
jmc [Wed, 8 Sep 2021 20:33:42 +0000 (20:33 +0000)]
update rge: can do 10/100/1Gb/2.5Gb according to chris

3 years agoattempt to standardise the way we specify speeds in our name description (Nd)
jmc [Wed, 8 Sep 2021 20:29:21 +0000 (20:29 +0000)]
attempt to standardise the way we specify speeds in our name description (Nd)
lines;

sthen and deraadt argued for unit suffixes for speeds 1Gb+
deraadt also requested Gigabit be standardised to 1Gb

ok sthen deraadt ian benno

3 years agoPrepare to provide EC_GROUP_order_bits()
tb [Wed, 8 Sep 2021 17:29:21 +0000 (17:29 +0000)]
Prepare to provide EC_GROUP_order_bits()

ok jsing

3 years agoProvide SSL_SESSION_is_resumable and SSL_set_psk_use_session_callback stubs
tb [Wed, 8 Sep 2021 17:27:33 +0000 (17:27 +0000)]
Provide SSL_SESSION_is_resumable and SSL_set_psk_use_session_callback stubs

ok jsing

3 years agoPrepare to provide API stubs for PHA
tb [Wed, 8 Sep 2021 17:24:23 +0000 (17:24 +0000)]
Prepare to provide API stubs for PHA

ok bcook jsing

3 years agoThe number of elements being processed is known upfront. So allocate the
claudio [Wed, 8 Sep 2021 16:37:20 +0000 (16:37 +0000)]
The number of elements being processed is known upfront. So allocate the
storage needed outside of the loop. This reduces the number of recallocarray
calls.
OK tb@

3 years agoZap _THIS_PORT helper for printf("%n") tracking in ports land
jca [Wed, 8 Sep 2021 15:57:27 +0000 (15:57 +0000)]
Zap _THIS_PORT helper for printf("%n") tracking in ports land

This hack isn't very useful now that libc aborts on printf("%n") calls,
it's expected that the resulting error would lead to a build
failure, and that the coredump along with the syslog message should be
enough to find the culprit.

Hinted by naddy@ and prodded by deraadt@

3 years agoRevert a chunk committed by inadvertence in my last fix.
mpi [Wed, 8 Sep 2021 15:34:01 +0000 (15:34 +0000)]
Revert a chunk committed by inadvertence in my last fix.

3 years agoFix leak in cms_RecipientInfo_kekri_decrypt()
tb [Wed, 8 Sep 2021 14:33:02 +0000 (14:33 +0000)]
Fix leak in cms_RecipientInfo_kekri_decrypt()

Free ec->key before reassigning it.

From OpenSSL 1.1.1, 58e1e397

ok inoguchi

3 years agobtrace(8): add initial support for cli arguments
dv [Wed, 8 Sep 2021 13:29:51 +0000 (13:29 +0000)]
btrace(8): add initial support for cli arguments

This adds initial support for passing cli args to btrace(8) for use
in bt(5) scripts. Similar to bpftrace, they are referenced via $1,
$2, etc. with $# being the number of command line arguments provided.

Adds an initial regress test and a Makefile change to allow providing
arguments to regress tests in a .args file.

Currently no limit is imposed on the number of arguments, keeping
a similar approach as observed in bpftrace. References to undefined
arguments result in a new "nil" type that contextually acts as a
zero or empty string. More work can be done here to improve bpftrace
compatibility.

ok mpi@, jasper@

3 years agoBackout "Merge sysupgrade watchdog and prompt timeout code"
kn [Wed, 8 Sep 2021 13:16:53 +0000 (13:16 +0000)]
Backout "Merge sysupgrade watchdog and prompt timeout code"
(commitid 0SH0ijktpPPcSctj)

"/autoinstall[2697]: start_timeout: not found" during non-interactive
upgrade, e.g. sysupgrade(8).

Reported by Joel Carnat <joel at carnat dot net>, thanks.

3 years agoAdd a missing call to iwx_ctxt_info_free_fw_img() in an error path
stsp [Wed, 8 Sep 2021 13:06:53 +0000 (13:06 +0000)]
Add a missing call to iwx_ctxt_info_free_fw_img() in an error path
of iwx_ctxt_info_init() which should always free on error.

Also, free firmware paging DMA memory in case loading firmware has failed.
If we don't free paging on error we hit KASSERT(dram->paging == NULL)
in iwx_init_fw_sec() once we try to load firmware again.  I have hit
this while debugging firmware load failures during suspend/resume.

ok mpi@

3 years agoMake iwm(4) and iwx(4) raise IPL to splnet() while loading firmware.
stsp [Wed, 8 Sep 2021 13:06:23 +0000 (13:06 +0000)]
Make iwm(4) and iwx(4) raise IPL to splnet() while loading firmware.

ok mpi@

3 years agoPrepare to provide SSL_get_tlsext_status_type()
tb [Wed, 8 Sep 2021 12:56:14 +0000 (12:56 +0000)]
Prepare to provide SSL_get_tlsext_status_type()

Needed for nginx-lua to build with opaque SSL.

ok inoguchi jsing

3 years agoPrepare to provide SSL_set0_rbio()
tb [Wed, 8 Sep 2021 12:32:07 +0000 (12:32 +0000)]
Prepare to provide SSL_set0_rbio()

This is needed for telephony/coturn and telephony/resiprocate to compile
without opaque SSL.

ok inoguchi jsing

3 years agoPrepare to provide BN_bn2{,le}binpad() and BN_lebin2bn()
tb [Wed, 8 Sep 2021 12:19:17 +0000 (12:19 +0000)]
Prepare to provide BN_bn2{,le}binpad() and BN_lebin2bn()

As found by jsg and patrick, this is needed for newer uboot and
will also be used in upcoming elliptic curve work.

This is from OpenSSL 1.1.1l with minor style tweaks.

ok beck inoguchi

3 years agoImprove debug output when sending 802.11 action frames by showing the
stsp [Wed, 8 Sep 2021 11:40:30 +0000 (11:40 +0000)]
Improve debug output when sending 802.11 action frames by showing the
action frame subtypes we care about (i.e. those related to 11n block ack).

ok mpi@

3 years agoPrint correct RTP_PROPOSAL types with 'unwindctl status autoconf'.
tobhe [Wed, 8 Sep 2021 11:38:39 +0000 (11:38 +0000)]
Print correct RTP_PROPOSAL types with 'unwindctl status autoconf'.

Feedback and ok florian@

3 years agoLet iwm(4) and iwx(4) sleep for 1 second while loading firmware.
stsp [Wed, 8 Sep 2021 11:35:08 +0000 (11:35 +0000)]
Let iwm(4) and iwx(4) sleep for 1 second while loading firmware.

Sleeping for 1 second matches what iwn(4) does. Fixes issues where loading
firmware failed for bogus reasons. I could trigger this failure on AX200
with suspend/resume but it was not inherently specific to suspend/resume.

The previous code was looping over tsleep(9) in steps of 100msec.
This could lead to a race where the firmware's alive interrupt fired between
the endtsleep() timeout handler, which marks the sleep timeout as expired,
and sleep_finish(), which reschedules the sleeping thread. The driver would
see EWOULDBLOCK and report an error even though loading firmware did succeed.

ok mpi@

3 years agoReplace bare ; with continue;
job [Wed, 8 Sep 2021 10:49:34 +0000 (10:49 +0000)]
Replace bare ; with continue;

OK tb@

3 years agoFix indentation of comments and labels
job [Wed, 8 Sep 2021 09:49:24 +0000 (09:49 +0000)]
Fix indentation of comments and labels

OK tb@

3 years agocorrect my mistake in previous fix; spotted by halex
djm [Wed, 8 Sep 2021 03:23:44 +0000 (03:23 +0000)]
correct my mistake in previous fix; spotted by halex

3 years agodocument that SFP modules work in SFP+ cards.
benno [Tue, 7 Sep 2021 19:35:41 +0000 (19:35 +0000)]
document that SFP modules work in SFP+ cards.
change the title to show speeds of 100 and 1Gb too.
ok sthen@

3 years agoHook new tests.
mpi [Tue, 7 Sep 2021 19:31:56 +0000 (19:31 +0000)]
Hook new tests.

3 years agoCheck that clear() and zero() only work with map.
mpi [Tue, 7 Sep 2021 19:30:44 +0000 (19:30 +0000)]
Check that clear() and zero() only work with map.

3 years agoCheck that map/hist functions are called with the right argument.
mpi [Tue, 7 Sep 2021 19:29:12 +0000 (19:29 +0000)]
Check that map/hist functions are called with the right argument.

Change the parser to make clear() and zero() accept only local and
global variables as arguments.

Since the parser has no knowledge of the type of a variable abort
the execution if clear() or zero() are being called with something
other than a map or hist.

Fix assertions found by jasper@ with AFL++ (port coming soon!).

ok jasper@

3 years agoTest that syntax errors do not trigger sanity checks.
mpi [Tue, 7 Sep 2021 19:20:22 +0000 (19:20 +0000)]
Test that syntax errors do not trigger sanity checks.

3 years agoReturn early if a parsing error has been found and do not perform any
mpi [Tue, 7 Sep 2021 19:18:08 +0000 (19:18 +0000)]
Return early if a parsing error has been found and do not perform any
sanity check as they might obviously fail.

Fix an assert found by jasper@ with AFL++ (port coming soon!).

ok jasper@

3 years agoclang: add a new warning for %n format specifier usage in printf(3) family functions
semarie [Tue, 7 Sep 2021 17:39:49 +0000 (17:39 +0000)]
clang: add a new warning for %n format specifier usage in printf(3) family functions

ok deraadt@
different versions tested by jca@ naddy@ sthen@

3 years agoFix an infinite loop that could occur during some cases of horizontally
schwarze [Tue, 7 Sep 2021 17:05:30 +0000 (17:05 +0000)]
Fix an infinite loop that could occur during some cases of horizontally
overlapping horizontal spans.  One span would calculate a desired
target width and start preparations for applying it to some columns,
then the other span would overwrite the target width with a different
value and also start preparations for applying that one to some
columns, which could sometimes confuse the code doing the final
distribution to the point of not doing anything at all before
entering the next iteration.

Fix this by making sure the distribution is done step by step, doing
one step at a time rather than allowing multiple steps to conflict.
Specifically, always do the smallest useful step first.  This change
also simplifies the code.  For example, the local "colwidth" array
is no longer needed.

Note that the algorithm still differs from the one implemented in
GNU tbl(1), which appears to not even try to harmonize column widths
but seems to simply distribute the same amount to all constituent
columns, no matter whether their intrinsic width is narrow or wide.
Adopting a GNU-compatible algorithm might allow further simplifiction
in addition to yielding even more similar output, but i do not want
to implement any major changes of the algorithm at this time.

The infinite loop was reported by <Oliver dot Corff at email dot de>.

3 years agoReplace (&(x)) pattern with &x
job [Tue, 7 Sep 2021 16:50:54 +0000 (16:50 +0000)]
Replace (&(x)) pattern with &x

No functional changes.

OK tb@

3 years agoFix NULL pointer dereference introduced by previous commit.
mvs [Tue, 7 Sep 2021 16:07:46 +0000 (16:07 +0000)]
Fix NULL pointer dereference introduced by previous commit.

Reported-by: syzbot+684597dbbb9b516e76ae@syzkaller.appspotmail.com
ok mpi@

3 years agoCorrectly calculate required column widths for tables containing
schwarze [Tue, 7 Sep 2021 14:50:56 +0000 (14:50 +0000)]
Correctly calculate required column widths for tables containing
cells that horizontally span columns which contains "n" (number)
formatted cells on other rows.  This requires updating total column
widths from "n" formatted cells before starting width distribution
from the spanning cells to their constituent columns.

3 years agoFix leak of msg_cert.id_buf. ikev2_msg_cleanup() frees id_buf if we
tobhe [Tue, 7 Sep 2021 14:09:04 +0000 (14:09 +0000)]
Fix leak of msg_cert.id_buf. ikev2_msg_cleanup() frees id_buf if we
don't delete the pointer.

ok markus@

3 years agoFix leak of m if message initialization fails.
tobhe [Tue, 7 Sep 2021 14:06:23 +0000 (14:06 +0000)]
Fix leak of m if message initialization fails.

ok markus@

3 years agoRetry up to 3 times on password authentication failure
jcs [Tue, 7 Sep 2021 13:46:07 +0000 (13:46 +0000)]
Retry up to 3 times on password authentication failure

ok martijn
support from various

3 years agowe already parse the GNU tbl(7) "nospaces" option,
schwarze [Tue, 7 Sep 2021 11:47:42 +0000 (11:47 +0000)]
we already parse the GNU tbl(7) "nospaces" option,
so let it have the intended effect, too

3 years agoRegress targets for PROGS are created by default now. Do not run
bluhm [Tue, 7 Sep 2021 11:10:28 +0000 (11:10 +0000)]
Regress targets for PROGS are created by default now.  Do not run
the program rde_trie_test without a parameter.  Create separate
tests for each option.
OK claudio@

3 years agodo not crash when a tbl(7) cell uses roman font
schwarze [Tue, 7 Sep 2021 10:58:44 +0000 (10:58 +0000)]
do not crash when a tbl(7) cell uses roman font

3 years agoKNF
job [Tue, 7 Sep 2021 10:24:51 +0000 (10:24 +0000)]
KNF

OK tb@ jsing@ beck@

3 years agoThe trap receiver syntax changed.
martijn [Tue, 7 Sep 2021 10:09:28 +0000 (10:09 +0000)]
The trap receiver syntax changed.

Pointed out by and OK bluhm@

3 years agoFix the race between if_detach() and rtm_output().
mvs [Tue, 7 Sep 2021 09:56:00 +0000 (09:56 +0000)]
Fix the race between if_detach() and rtm_output().

When the dying network interface descriptor has if_get(9) obtained
reference owned by foreign thread, the if_detach() thread will sleep
just after it removed this interface from the interface index map.

The data related to this interface is still in routing table, so
if_get(9) called by concurrent rtm_output() thread will return NULL and
the following "ifp != NULL" assertion will be triggered.

So remove the "ifp != NULL" assertions from rtm_output() and try to grab
`ifp' as early as possible then hold it until we finish the work. In the
case we won the race and we have `ifp' non NULL, concurrent if_detach()
thread will wait us. In the case we lost we just return ESRCH.

The problem reported by danj@.
Diff tested by danj@.

ok mpi@

3 years agosynchronize tcpdump.8 and pcap-filter.5 primitives documentation
denis [Tue, 7 Sep 2021 06:48:42 +0000 (06:48 +0000)]
synchronize tcpdump.8 and pcap-filter.5 primitives documentation

reads ok to jmc@
good enough start for deraadt@

3 years agoavoid NULL deref in -Y find-principals. Report and fix from
djm [Tue, 7 Sep 2021 06:03:51 +0000 (06:03 +0000)]
avoid NULL deref in -Y find-principals. Report and fix from
Carlo Marcelo Arenas Belón

3 years agoThe default Ruby has switched to 3.0
tb [Mon, 6 Sep 2021 20:52:59 +0000 (20:52 +0000)]
The default Ruby has switched to 3.0

3 years agoAccompany some functions wich are marked inline with the static keyword
patrick [Mon, 6 Sep 2021 19:55:27 +0000 (19:55 +0000)]
Accompany some functions wich are marked inline with the static keyword
to make the arm64 kernel link when compiled with -fno-inline.

ok kettenis@ mpi@

3 years agowe do not build binaries -g by default
deraadt [Mon, 6 Sep 2021 13:37:50 +0000 (13:37 +0000)]
we do not build binaries -g by default

3 years agorepair missing paths on unveil failure
deraadt [Mon, 6 Sep 2021 13:32:18 +0000 (13:32 +0000)]
repair missing paths on unveil failure

3 years agoFix leaks in vroute addr and route caches.
tobhe [Mon, 6 Sep 2021 13:29:17 +0000 (13:29 +0000)]
Fix leaks in vroute addr and route caches.

ok patrick@

3 years agoSerialize access to the global list of pmaps with a mutex.
mpi [Mon, 6 Sep 2021 12:59:59 +0000 (12:59 +0000)]
Serialize access to the global list of pmaps with a mutex.

This prevents possible corruption due to a concurrent access between
pmap_growkernel() & pmap_create/pmap_destroy().

Discussed with and ok kettenis@

3 years agodocument EFAULT, and replace all 'It Er' errno with 'It Bq Er'
deraadt [Mon, 6 Sep 2021 08:03:08 +0000 (08:03 +0000)]
document EFAULT, and replace all 'It Er' errno with 'It Bq Er'

3 years agorevision 1.381 neglected to remove sChallengeResponseAuthentication
millert [Mon, 6 Sep 2021 00:36:01 +0000 (00:36 +0000)]
revision 1.381 neglected to remove sChallengeResponseAuthentication
from the enum.  Noticed by christos@zoulas.com.  OK dtucker@

3 years agovmm(4): raise vm pool ipl to IPL_MPFLOOR
dv [Sun, 5 Sep 2021 16:36:34 +0000 (16:36 +0000)]
vmm(4): raise vm pool ipl to IPL_MPFLOOR

Similar to the recent change by mpi in revision 1.288, commitid:
A4zhVhOoHAIpRGBJ, raise the ipl level of the vm_pool to IPL_MPFLOOR
to prevent lock ordering issues.

ok mpi@

3 years agoThis allows us to disable usb(4) without kernel crash.
mglocker [Sun, 5 Sep 2021 16:16:13 +0000 (16:16 +0000)]
This allows us to disable usb(4) without kernel crash.

ok mpi@

3 years agovmm(4): fix vcpu locking issues reported by syzbot
dv [Sun, 5 Sep 2021 13:13:31 +0000 (13:13 +0000)]
vmm(4): fix vcpu locking issues reported by syzbot

Syzbot found 3 issues related to the new vcpu lock. This diff adds
a write lock to vm_rwregs (needed on VMX as vmread instructions
require taking ownership of the vcpu to load the VMCS) and prevents
locking the vcpu in vm_run if we fail the cas operation for toggling
vcpu state.

In the future, we can push the locking in vm_rwregs on AMD SVM
systems.

The panics in question:

 panic: rw_enter: vcpulock locking against myself
 panic: lock (rwlock) vcpulock not locked
 panic: vcpulock: lock not held

Reported-by: syzbot+1dab11e14aa7a159cadf@syzkaller.appspotmail.com
Reported-by: syzbot+36244e105daffa1a81b6@syzkaller.appspotmail.com
Reported-by: syzbot+c78b5644c7dc3d9b689a@syzkaller.appspotmail.com
ok mlarkin@

3 years agoIntroduce dummy pagers for 'special' subsystems using UVM objects.
mpi [Sun, 5 Sep 2021 11:44:46 +0000 (11:44 +0000)]
Introduce dummy pagers for 'special' subsystems using UVM objects.

Some pmaps (x86, hppa) and the buffer cache rely on UVM objects to allocate
and manipulate pages.  These objects should not be manipulated by uvm_fault()
and do not currently require the same locking enforcement.

Use the dummy pagers to explicitly document which UVM functions are meant to
manipulate UVM objects (uobj) that do not need the upcoming `vmobjlock' and
instead still rely on the KERNEL_LOCK().

Tested by many as part of a larger diff.

ok kettenis@, beck@

3 years agoInclude encoding.c
job [Sun, 5 Sep 2021 10:45:40 +0000 (10:45 +0000)]
Include encoding.c

Thanks patrick@

3 years agoClear map to not double print it now that map & hist are printed by default.
mpi [Sun, 5 Sep 2021 10:14:11 +0000 (10:14 +0000)]
Clear map to not double print it now that map & hist are printed by default.

3 years agoPass `uobj' to uvmfault_unlockall() at the end of the fault handler.
mpi [Sun, 5 Sep 2021 07:59:47 +0000 (07:59 +0000)]
Pass `uobj' to uvmfault_unlockall() at the end of the fault handler.

This is currently a NOOP but will become necessary to unlock the UVM
object with the upcoing "vmobjlock" diff.

Tested by patrick@ and robert@

ok jsg@

3 years agonew sentence, new line, and tweak wording of previous;
jmc [Sun, 5 Sep 2021 06:16:30 +0000 (06:16 +0000)]
new sentence, new line, and tweak wording of previous;

3 years agoRemove unused variable tmptm in do_body of openssl(1) ca
inoguchi [Sun, 5 Sep 2021 04:05:14 +0000 (04:05 +0000)]
Remove unused variable tmptm in do_body of openssl(1) ca

3 years agoUsing serial number instead as subject if it is empty in openssl(1) ca
inoguchi [Sun, 5 Sep 2021 01:55:54 +0000 (01:55 +0000)]
Using serial number instead as subject if it is empty in openssl(1) ca

This allows multiple entries without a subject even if unique_subject == yes.
Referred to OpenSSL commit 5af88441 and arranged for our codebase.

ok tb@

3 years agoCheck extensions before setting version to v3
inoguchi [Sun, 5 Sep 2021 01:49:42 +0000 (01:49 +0000)]
Check extensions before setting version to v3

Referred to OpenSSL commit 4881d849 and arranged for our codebase.

comment and ok from tb@

3 years agoUse accessor method rather than direct X509 structure access
inoguchi [Sun, 5 Sep 2021 01:33:18 +0000 (01:33 +0000)]
Use accessor method rather than direct X509 structure access

Referred to OpenSSL commit a8d8e06b and arranged for our codebase.

comment and ok from tb@

3 years agosync
deraadt [Sat, 4 Sep 2021 23:58:54 +0000 (23:58 +0000)]
sync

3 years agoduring prioritization for man(1), correctly extract the section name
schwarze [Sat, 4 Sep 2021 22:37:26 +0000 (22:37 +0000)]
during prioritization for man(1), correctly extract the section name
from the file name extension of gzipped manual page files; bug found
on Alpine Linux by Soeren Tempel <soeren at soeren hyphen tempel dot net>,
who also tested this patch

3 years agoTo mitigate against spectre attacks, AMD processors without the
bluhm [Sat, 4 Sep 2021 22:15:33 +0000 (22:15 +0000)]
To mitigate against spectre attacks, AMD processors without the
IBRS feature need an lfence instruction after every near ret.  Place
them after all functions in the kernel which are implemented in
assembler.  Change the retguard macro so that the end of the lfence
instruction is 16-byte aligned now.  This prevents that the ret
instruction is at the end of a 32-byte boundary.  The latter would
cause a performance impact on certain Intel processors which have
a microcode update to mitigate the jump conditional code erratum.
See software techniques for managing speculation on AMD processors
revision 9.17.20 mitigation G-5.
See Intel mitigations for jump conditional code erratum revision
1.0 november 2019 2.4 software guidance and optimization methods.
OK deraadt@ mortimer@

3 years agomdoc(7): improve output of .At 32v
schwarze [Sat, 4 Sep 2021 20:24:40 +0000 (20:24 +0000)]
mdoc(7): improve output of .At 32v

The official designation by AT&T was "UNIX/32V", so use that in the output.
That also makes sense because "system/architecture" is a widespread
convention to refer to the port of an operating system to a specific
architecture, in this case 32V (32bit DEC VAX).

The former wording "Version 32V AT&T UNIX" was misleading
because 32V is not a version number.

Even though UNIX/32V was not officially designated as Version 7 by AT&T,
prepend "Version 7" because it was in fact a straightforward port of
Version 7 AT&T UNIX.  That makes it easier to understand for 21st
century readers of manual pages.

Suggested by nabijaczleweli at nabijaczleweli dot xyz.
Same change as in GNU troff commit 21d30728.
OK  G dot Branden dot Robinson at gmail dot com  (gbranden@ in groff)

3 years agodelete a stray word reported by wilfried dot meindl at gmail dot com;
schwarze [Sat, 4 Sep 2021 19:21:39 +0000 (19:21 +0000)]
delete a stray word reported by wilfried dot meindl at gmail dot com;
while here, delete the redundant word "will" right in front of it, too

3 years agoFactor out the TLSv1.3 code that handles content from TLS records.
jsing [Sat, 4 Sep 2021 16:26:12 +0000 (16:26 +0000)]
Factor out the TLSv1.3 code that handles content from TLS records.

Currently, the plaintext content from opened TLS records is handled via
the rbuf code in the TLSv1.3 record layer. Factor this out and provide a
separate struct tls_content, which knows how to track and manipulate the
content.

This makes the TLSv1.3 code cleaner, however it will also soon also be used
to untangle parts of the legacy record layer.

ok beck@ tb@

3 years agoRefactor ssl_update_cache. This now matches the logic used for TLS 1.3
beck [Sat, 4 Sep 2021 15:21:45 +0000 (15:21 +0000)]
Refactor ssl_update_cache. This now matches the logic used for TLS 1.3
in Openssl 1.1.1 for when to call the session callbacks. I believe it
to also generates a lot less eye bleed, confirmed by tb@

ok jsing@ tb@

3 years agoImprove DTLS hello request handling code.
jsing [Sat, 4 Sep 2021 14:31:54 +0000 (14:31 +0000)]
Improve DTLS hello request handling code.

Rather than manually checking multiple bytes, actually parse the DTLS
handshake message header, then check the values against what we parsed.

ok inoguchi@ tb@

3 years agoChange dtls1_get_message_header() to take a CBS.
jsing [Sat, 4 Sep 2021 14:24:28 +0000 (14:24 +0000)]
Change dtls1_get_message_header() to take a CBS.

The callers know the actual length and can initialise a CBS correctly.

ok inoguchi@ tb@

3 years agoImprove DTLS record header parsing.
jsing [Sat, 4 Sep 2021 14:15:52 +0000 (14:15 +0000)]
Improve DTLS record header parsing.

Rather than pulling out the epoch and then six bytes of sequence number,
pull out SSL3_SEQUENCE_SIZE for the sequence number, then pull the epoch
off the start of the sequence number.

ok inoguchi@ tb@

3 years agoIn the fallback code to look for manual pages without using mandoc.db(5),
schwarze [Sat, 4 Sep 2021 12:47:04 +0000 (12:47 +0000)]
In the fallback code to look for manual pages without using mandoc.db(5),
accept files "man<one-digit-section>/<name>.<full-section>"
in addition the already supported "man<full-section>/name.[01-9]*".
Needed for example on Alpine Linux which puts its Perl manuals
into "man3/<name>.3pm" and the POSIX manuals into "man3/<name>.3p".

While here, allow the glob(3) at the end of fs_lookup() to add multiple
matches to the result set.  This improves man -w output and may also
help some cases of plain man(1), allowing main() to prioritize properly
rather than fs_lookup() picking a random match.

None of this really matters for standard manpaths on OpenBSD because
both base system and ports developers are highly disciplined about
putting manual pages into properly named files and directories, but
even on OpenBSD, it may help to access some raw, unported third-party
manual page trees.

Issue reported and patch tested
by Soeren Tempel <soeren at soeren hyphen tempel dot net>.

3 years agoAdd uaq(4), a driver for Aquantia AQC111U/AQC112U USB ethernet devices.
jmatthew [Sat, 4 Sep 2021 12:11:45 +0000 (12:11 +0000)]
Add uaq(4), a driver for Aquantia AQC111U/AQC112U USB ethernet devices.

hardware provided by Brad
tested with modest success by mlarkin@, kevlo@ and Brad
ok kevlo@

3 years ago* avoid the misleading wording "second kill signal"
schwarze [Sat, 4 Sep 2021 11:58:31 +0000 (11:58 +0000)]
* avoid the misleading wording "second kill signal"
* simplify and shorten EXIT STATUS, no change with respect to the meaning
* cut down HISTORY to the usual amount of information
feedback deraadt@ and jmc@; OK deraadt@; OK jmc@ on an earlier version

3 years ago* more specific error messages
schwarze [Sat, 4 Sep 2021 11:49:11 +0000 (11:49 +0000)]
* more specific error messages
* no need to check suffix != NULL twice in a row
* style:  *(suffix + 1)  ->  suffix[1]
feedback & OK deraadt@

3 years agoRevert list_move() to list_move_tail() change from last commit since it
mglocker [Sat, 4 Sep 2021 10:19:28 +0000 (10:19 +0000)]
Revert list_move() to list_move_tail() change from last commit since it
turned out that it has a negative impact to isoc transfers timing with our
driver implementation.

3 years agoin backtraces, print as many arguments as the function actually has
jasper [Sat, 4 Sep 2021 07:13:14 +0000 (07:13 +0000)]
in backtraces, print as many arguments as the function actually has

since amd64 is compiled with -msave-args we have all arguments available to print and
there's no reason to limit this to six.

discussed with kettenis@

3 years agoDisable tests that don't work in bluhms regress framework.
mbuhl [Sat, 4 Sep 2021 07:06:58 +0000 (07:06 +0000)]
Disable tests that don't work in bluhms regress framework.

3 years agoMake sure that strings passed to printline() are always NUL terminated.
bluhm [Fri, 3 Sep 2021 23:57:30 +0000 (23:57 +0000)]
Make sure that strings passed to printline() are always NUL terminated.
There was a corner case with a very long message received over TCP
or TLS where this was not clear.  Force a '\0' where this line is
truncated.
OK martijn@ deraadt@

3 years agoAdd X509 Extensions for IP Addresses and AS Identifiers
job [Fri, 3 Sep 2021 23:30:42 +0000 (23:30 +0000)]
Add X509 Extensions for IP Addresses and AS Identifiers

(subordinate code paths are include guarded)

OK tb@

3 years ago* add the missing STANDARDS section as noticed by tb@
schwarze [Fri, 3 Sep 2021 16:51:47 +0000 (16:51 +0000)]
* add the missing STANDARDS section as noticed by tb@
* mention that the *optionp input string will be modified
* clarify that the array of tokens is expected to be NULL-terminated
OK millert@ tb@, and the first half of STANDARDS also OK jmc@

3 years agoadd kprobes provider for dt
jasper [Fri, 3 Sep 2021 16:45:44 +0000 (16:45 +0000)]
add kprobes provider for dt

this allows us to dynamically trace function boundaries with btrace by patching
prologues and epilogues with a breakpoint upon which the handler records the data,
sends it back to userland for btrace to consume.
currently it's hidden behind DDBPROF, and there is still a lot to cleanup and
improve, but basic scripts that observe return codes from a probed function
work.

from Tom Rollet, with various changes by me
feedback and ok mpi@

3 years agoUse a define for the iov array size in syslogd. This is better
bluhm [Fri, 3 Sep 2021 16:28:33 +0000 (16:28 +0000)]
Use a define for the iov array size in syslogd.  This is better
than passing the magic number 6 around and checking at runtime
whether its fits.
OK deraadt@ martijn@ mvs@

3 years agoAllow the compiler driver to link the libclang_rt.profile library.
fcambus [Fri, 3 Sep 2021 16:11:45 +0000 (16:11 +0000)]
Allow the compiler driver to link the libclang_rt.profile library.

With this change, passing -fprofile-instr-generate -fcoverage-mapping
when building programs will attempt linking against libclang_rt.profile.a.

Please note that we do not ship the library yet.

OK jca@

3 years agoZap a chatty printf
jca [Fri, 3 Sep 2021 14:58:25 +0000 (14:58 +0000)]
Zap a chatty printf

ok mlarkin@ kettenis@