openbsd
6 weeks agozic: cherrypick support for %z in time zone formats
millert [Wed, 18 Sep 2024 17:05:50 +0000 (17:05 +0000)]
zic: cherrypick support for %z in time zone formats

This extends the zic input format to add support for %z, which
expands to a UTC offset in as-short-as-possible ISO 8601 format.
It's intended to better support zones that do not have an established
abbreviation already.  tzdata2024b and higher require a version of
zic that supports the %z format.  From upstream tzcode.  OK beck@

6 weeks agomove common lines to mi
jsg [Wed, 18 Sep 2024 14:29:10 +0000 (14:29 +0000)]
move common lines to mi

6 weeks agoback to previous plan
deraadt [Wed, 18 Sep 2024 11:29:55 +0000 (11:29 +0000)]
back to previous plan

6 weeks agoFix a memory leak
job [Wed, 18 Sep 2024 10:22:36 +0000 (10:22 +0000)]
Fix a memory leak

Found by Martin Cracauer

"look right" tb@

6 weeks agoremove unneeded semicolons after switch statements
jsg [Wed, 18 Sep 2024 05:21:19 +0000 (05:21 +0000)]
remove unneeded semicolons after switch statements

6 weeks agoadjust date
deraadt [Wed, 18 Sep 2024 02:43:54 +0000 (02:43 +0000)]
adjust date

6 weeks agoRemove the MSI blacklist. Now that we use MSI-X interrupts for nvme(4),
jmatthew [Wed, 18 Sep 2024 00:03:19 +0000 (00:03 +0000)]
Remove the MSI blacklist.  Now that we use MSI-X interrupts for nvme(4),
the one device we ever found that needed this treatment, the obsolete Intel
Optane Memory series, doesn't need it any more.

ok kettenis@ dlg@

6 weeks agodisable POOL_DEBUG for release
jsg [Tue, 17 Sep 2024 13:45:49 +0000 (13:45 +0000)]
disable POOL_DEBUG for release
ok deraadt@

6 weeks agohead into release
deraadt [Tue, 17 Sep 2024 13:39:17 +0000 (13:39 +0000)]
head into release

6 weeks agogetdents(2) was pushed into rpath because it exposes pathname
deraadt [Tue, 17 Sep 2024 12:53:15 +0000 (12:53 +0000)]
getdents(2) was pushed into rpath because it exposes pathname
information, similar to getcwd(2).  Move it to the right place, and
also say why.
report from henryfordkjv@gmail.com

6 weeks agoupdate install.md path
jsg [Tue, 17 Sep 2024 10:19:54 +0000 (10:19 +0000)]
update install.md path

6 weeks agoupdate list file paths
jsg [Tue, 17 Sep 2024 10:13:50 +0000 (10:13 +0000)]
update list file paths

6 weeks agovio: Reduce code duplication in control queue handling
sf [Tue, 17 Sep 2024 09:00:14 +0000 (09:00 +0000)]
vio: Reduce code duplication in control queue handling

Pull the common parts of all the control queue operations into separate
functions.

While there, avoid setting sc_ctrl_inuse FREE if it was RESET, except in
vio_stop. Doing so could lead to more race conditions.

ok bluhm@

6 weeks agotlsfuzzer: add a start-server convenience target for interactive testing
tb [Tue, 17 Sep 2024 08:47:37 +0000 (08:47 +0000)]
tlsfuzzer: add a start-server convenience target for interactive testing

6 weeks agoReplace OpenSSL 3.1 (which no longer is in ports) with 3.3
tb [Tue, 17 Sep 2024 06:12:06 +0000 (06:12 +0000)]
Replace OpenSSL 3.1 (which no longer is in ports) with 3.3

6 weeks agospelling
jsg [Tue, 17 Sep 2024 04:12:57 +0000 (04:12 +0000)]
spelling

6 weeks agoMention psp(4) in vm.conf(5) man page.
bluhm [Mon, 16 Sep 2024 22:30:01 +0000 (22:30 +0000)]
Mention psp(4) in vm.conf(5) man page.

from hshoexer@; OK mlarkin@

6 weeks agoDocument ioctl(2) interface provided by psp(4) device.
bluhm [Mon, 16 Sep 2024 22:15:43 +0000 (22:15 +0000)]
Document ioctl(2) interface provided by psp(4) device.

from hshoexer@; OK mlarkin@

6 weeks agoAdd copy mode commands which were missed when descriptions were added,
nicm [Mon, 16 Sep 2024 20:46:58 +0000 (20:46 +0000)]
Add copy mode commands which were missed when descriptions were added,
from Julian Prein, GitHub issue 4121.

6 weeks agoChange the behaviour of extended-keys always slightly so that
nicm [Mon, 16 Sep 2024 20:38:48 +0000 (20:38 +0000)]
Change the behaviour of extended-keys always slightly so that
applications can still enter mode 2 if they want, they just cannot turn
extended keys off entirely. From Stanislav Kljuhhin.

6 weeks agoAdd a prefix timeout option, from Conor Taylor in GitHub issue 4108.
nicm [Mon, 16 Sep 2024 20:28:22 +0000 (20:28 +0000)]
Add a prefix timeout option, from Conor Taylor in GitHub issue 4108.

6 weeks agoClose correct file descriptor.
florian [Mon, 16 Sep 2024 07:34:49 +0000 (07:34 +0000)]
Close correct file descriptor.

Instead of closing the just received UDP socket we closed the imsg fd
thus cleanly shutting down dhcpleased(8).

Problem triggered by sf@ with something like
while :; do ifconfig vio0 -inet; done
while :; do ifconfig vio0 inet autoconf; done

The problem triggers when dhcpleased configured a lease and in just
the right moment the autoconf flag gets removed. The main process
opens a udp socket and sends it to the frontend. At the same time the
frontend learned (from the route socket), that the interface lost its
autoconf flag. When the frontend then receives the udp socket via fd
passing it tries to close it. Due to a typo it would instead close the
imsg file descriptor.

Found by me after lots of head scratching.
OK tb

6 weeks agouse 64 bit math to avoid signed underflow. upstream code relies on
djm [Mon, 16 Sep 2024 05:37:05 +0000 (05:37 +0000)]
use 64 bit math to avoid signed underflow. upstream code relies on
using -fwrapv to provide defined over/underflow behaviour, but we use
-ftrapv to catch integer errors and abort the program. ok dtucker@

6 weeks agoInvalid pintables in ELF binaries can crash the kernel.
deraadt [Sun, 15 Sep 2024 23:13:19 +0000 (23:13 +0000)]
Invalid pintables in ELF binaries can crash the kernel.
Fix from yufeng.gao@uq.edu.au

6 weeks agoDocument when vmd(8) VMs are stopped; OK mlarkin
kn [Sun, 15 Sep 2024 19:39:26 +0000 (19:39 +0000)]
Document when vmd(8) VMs are stopped;  OK mlarkin

Useful to know in setups where pkg daemons and VMs depend on each other.

6 weeks agoAdd handling of "Class" attribute. diff from markus
yasuoka [Sun, 15 Sep 2024 11:08:50 +0000 (11:08 +0000)]
Add handling of "Class" attribute.  diff from markus

ok markus

6 weeks agominor grammar/sort fixes for refuseconnection; ok djm
jmc [Sun, 15 Sep 2024 08:27:38 +0000 (08:27 +0000)]
minor grammar/sort fixes for refuseconnection; ok djm

6 weeks agoremove unused variables
jsg [Sun, 15 Sep 2024 07:14:58 +0000 (07:14 +0000)]
remove unused variables

6 weeks ago__STDC_VERSION__ not __STDC_VERSION; ok miod@
jsg [Sun, 15 Sep 2024 05:49:05 +0000 (05:49 +0000)]
__STDC_VERSION__ not __STDC_VERSION; ok miod@

6 weeks agoImprove the log messages and white spaces.
yasuoka [Sun, 15 Sep 2024 05:31:23 +0000 (05:31 +0000)]
Improve the log messages and white spaces.

6 weeks agoKeep the number of requests for a DAE server below 64 to avoid
yasuoka [Sun, 15 Sep 2024 05:29:11 +0000 (05:29 +0000)]
Keep the number of requests for a DAE server below 64 to avoid
congestion.

6 weeks agoAdd "delete" command to "radiusctl ipcp". Also, send "stop" that was
yasuoka [Sun, 15 Sep 2024 05:26:05 +0000 (05:26 +0000)]
Add "delete" command to "radiusctl ipcp".  Also, send  "stop" that was
missing when disconnecting all when acct-{on,off} received.

6 weeks agoHandle EAGAIN properly and fix the log when disconnected.
yasuoka [Sun, 15 Sep 2024 05:14:32 +0000 (05:14 +0000)]
Handle EAGAIN properly and fix the log when disconnected.

6 weeks agobad whitespace in config dump output
djm [Sun, 15 Sep 2024 03:09:44 +0000 (03:09 +0000)]
bad whitespace in config dump output

6 weeks agoupdate the Streamlined NTRU Prime code from the "ref" implementation
djm [Sun, 15 Sep 2024 02:20:51 +0000 (02:20 +0000)]
update the Streamlined NTRU Prime code from the "ref" implementation
in SUPERCOP 20201130 to the "compact" implementation in SUPERCOP
20240808. The new version is substantially faster.
Thanks to Daniel J Bernstein for pointing out the new implementation
(and of course for writing it).

tested in snaps/ok deraadt@

6 weeks agodocument Match invalid-user
djm [Sun, 15 Sep 2024 01:19:56 +0000 (01:19 +0000)]
document Match invalid-user

6 weeks agoadd a "Match invalid-user" predicate to sshd_config Match options.
djm [Sun, 15 Sep 2024 01:18:26 +0000 (01:18 +0000)]
add a "Match invalid-user" predicate to sshd_config Match options.

This allows writing Match conditions that trigger for invalid username.
E.g.

PerSourcePenalties refuseconnection:90s
Match invalid-user
  RefuseConnection yes

Will effectively penalise bots try to guess passwords for bogus accounts,
at the cost of implicitly revealing which accounts are invalid.

feedback markus@

6 weeks agoAdd a "refuseconnection" penalty class to sshd_config
djm [Sun, 15 Sep 2024 01:11:26 +0000 (01:11 +0000)]
Add a "refuseconnection" penalty class to sshd_config
PerSourcePenalties

This allows penalising connection sources that have had connections
dropped by the RefuseConnection option. ok markus@

6 weeks agoAdd a sshd_config "RefuseConnection" option
djm [Sun, 15 Sep 2024 01:09:40 +0000 (01:09 +0000)]
Add a sshd_config "RefuseConnection" option

If set, this will terminate the connection at the first authentication
request (this is the earliest we can evaluate sshd_config Match blocks)

ok markus@

6 weeks agoswitch sshd_config Match processing to the argv tokeniser too;
djm [Sun, 15 Sep 2024 00:58:01 +0000 (00:58 +0000)]
switch sshd_config Match processing to the argv tokeniser too;
ok markus@

6 weeks agoswitch "Match" directive processing over to the argv string
djm [Sun, 15 Sep 2024 00:57:36 +0000 (00:57 +0000)]
switch "Match" directive processing over to the argv string
tokeniser, making it possible to use shell-like quoting in Match
directives, particularly "Match exec". ok markus@

6 weeks agoinclude pathname in some of the ssh-keygen passphrase prompts. Helps
djm [Sun, 15 Sep 2024 00:47:01 +0000 (00:47 +0000)]
include pathname in some of the ssh-keygen passphrase prompts. Helps
the user know what's going on when ssh-keygen is invoked via other
tools. Requested in GHPR503

6 weeks agoDo not apply authorized_keys options when signature verification
djm [Sun, 15 Sep 2024 00:41:18 +0000 (00:41 +0000)]
Do not apply authorized_keys options when signature verification
fails. Prevents restrictive key options being incorrectly applied
to subsequent keys in authorized_keys. bz3733, ok markus@

6 weeks agoDrop the "Giant panda discovered" entry because it looks like
schwarze [Sat, 14 Sep 2024 20:15:24 +0000 (20:15 +0000)]
Drop the "Giant panda discovered" entry because it looks like
half-way between misleadingly eurocentric and urban legend.
It was so obviously suspect that it had already been marked "(?!)"
since at least 4.3BSD-Tahoe (June 1988).

Brought up by <Rob dot Schmersel at bahnhof dot se>,
additional research by <me at FletcherPorter dot com>,
see https://marc.info/?l=openbsd-bugs&m=172634202204747 for details.

6 weeks agovxlan.h not needed
jsg [Sat, 14 Sep 2024 11:06:48 +0000 (11:06 +0000)]
vxlan.h not needed

6 weeks agopvclock.h not needed
jsg [Sat, 14 Sep 2024 09:21:13 +0000 (09:21 +0000)]
pvclock.h not needed

6 weeks agoccp.h no longer required
jsg [Sat, 14 Sep 2024 09:00:16 +0000 (09:00 +0000)]
ccp.h no longer required

6 weeks agotlsfuzzer: grammar fix missed in previous
tb [Sat, 14 Sep 2024 07:11:34 +0000 (07:11 +0000)]
tlsfuzzer: grammar fix missed in previous

6 weeks agorectify comment about syncing trace points letters, kdump usage has none
kn [Fri, 13 Sep 2024 20:19:50 +0000 (20:19 +0000)]
rectify comment about syncing trace points letters, kdump usage has none

kdump.c r1.138 in 2019 dropped the letters list in favour of [-t trstr].

6 weeks agoAdd sensors based on information in the SMART/health log page,
jmatthew [Fri, 13 Sep 2024 09:57:34 +0000 (09:57 +0000)]
Add sensors based on information in the SMART/health log page,
showing overall device health and temperature.

tested by many (a while ago)
tweaks from gkoehler@ kettenis@ dv@
ok kettenis@ jca@ (earlier version), dlg@

6 weeks agotypo: troups -> groups
tb [Fri, 13 Sep 2024 05:58:17 +0000 (05:58 +0000)]
typo: troups -> groups

6 weeks agodrm/i915/fence: Mark debug_fence_free() with __maybe_unused
jsg [Thu, 12 Sep 2024 23:54:17 +0000 (23:54 +0000)]
drm/i915/fence: Mark debug_fence_free() with __maybe_unused

From Andy Shevchenko
60d54a45dbbbac8af9f3352042bd30b527995aef in linux-6.6.y/6.6.51
f99999536128b14b5d765a9982763b5134efdd79 in mainline linux

6 weeks agodrm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused
jsg [Thu, 12 Sep 2024 23:52:33 +0000 (23:52 +0000)]
drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused

From Andy Shevchenko
a65ebba8733727ffd9d0de78899ea6ef1791ebc7 in linux-6.6.y/6.6.51
fcd9e8afd546f6ced378d078345a89bf346d065e in mainline linux

6 weeks agodrm/amdgpu: handle gfx12 in amdgpu_display_verify_sizes
jsg [Thu, 12 Sep 2024 23:50:02 +0000 (23:50 +0000)]
drm/amdgpu: handle gfx12 in amdgpu_display_verify_sizes

From Marek Olsak
302ba299c31e0de54cea431ac1d281dbab7fd0b5 in linux-6.6.y/6.6.51
8dd1426e2c80e32ac1995007330c8f95ffa28ebb in mainline linux

6 weeks agodrm/amd: Add gfx12 swizzle mode defs
jsg [Thu, 12 Sep 2024 23:45:02 +0000 (23:45 +0000)]
drm/amd: Add gfx12 swizzle mode defs

From Aurabindo Pillai
5f2a2bf25395f50b1b2cb7c04ae2d5986520be5f in linux-6.6.y/6.6.51
7ceb94e87bffff7c12b61eb29749e1d8ac976896 in mainline linux

6 weeks agodrm/amdgpu: reject gang submit on reserved VMIDs
jsg [Thu, 12 Sep 2024 23:42:34 +0000 (23:42 +0000)]
drm/amdgpu: reject gang submit on reserved VMIDs

From Christian Koenig
6922ab2932622dbc638620aae0e2f6b8eb22940c in linux-6.6.y/6.6.51
320debca1ba3a81c87247eac84eff976ead09ee0 in mainline linux

6 weeks agodrm/amdgpu: Set no_hw_access when VF request full GPU fails
jsg [Thu, 12 Sep 2024 23:39:51 +0000 (23:39 +0000)]
drm/amdgpu: Set no_hw_access when VF request full GPU fails

From Yifan Zha
077c7e5fee4b4b3fea29fd3a951a6b01f2802d9e in linux-6.6.y/6.6.51
33f23fc3155b13c4a96d94a0a22dc26db767440b in mainline linux

6 weeks agodrm/amdgpu: check for LINEAR_ALIGNED correctly in check_tiling_flags_gfx6
jsg [Thu, 12 Sep 2024 23:38:36 +0000 (23:38 +0000)]
drm/amdgpu: check for LINEAR_ALIGNED correctly in check_tiling_flags_gfx6

From Marek Olsak
9a41def4c48f92d386fdadc332a91c379257aa6a in linux-6.6.y/6.6.51
11317d2963fa79767cd7c6231a00a9d77f2e0f54 in mainline linux

6 weeks agodrm/amd/display: Check denominator pbn_div before used
jsg [Thu, 12 Sep 2024 23:36:35 +0000 (23:36 +0000)]
drm/amd/display: Check denominator pbn_div before used

From Alex Hung
dfafee0a7b51c7c9612edd2d991401294964d02f in linux-6.6.y/6.6.51
116a678f3a9abc24f5c9d2525b7393d18d9eb58e in mainline linux

6 weeks agodrm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts
jsg [Thu, 12 Sep 2024 23:34:57 +0000 (23:34 +0000)]
drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts

From Danijel Slivka
2521ba3cfa1d1c541e1ba1a32d1b43ad5a8e412f in linux-6.6.y/6.6.51
afbf7955ff01e952dbdd465fa25a2ba92d00291c in mainline linux

6 weeks agodrm/amdgpu: Fix smatch static checker warning
jsg [Thu, 12 Sep 2024 23:32:30 +0000 (23:32 +0000)]
drm/amdgpu: Fix smatch static checker warning

From Hawking Zhang
8bc7b3ce33e64c74211ed17aec823fc4e523426a in linux-6.6.y/6.6.51
bdbdc7cecd00305dc844a361f9883d3a21022027 in mainline linux

6 weeks agodrm/amd/display: Check HDCP returned status
jsg [Thu, 12 Sep 2024 23:31:07 +0000 (23:31 +0000)]
drm/amd/display: Check HDCP returned status

From Alex Hung
1bd1fe1109fcd9213494283b01d9421f58e0b6c5 in linux-6.6.y/6.6.51
5d93060d430b359e16e7c555c8f151ead1ac614b in mainline linux

6 weeks agodrm/amd/display: Run DC_LOG_DC after checking link->link_enc
jsg [Thu, 12 Sep 2024 23:28:44 +0000 (23:28 +0000)]
drm/amd/display: Run DC_LOG_DC after checking link->link_enc

From Alex Hung
874e3bb302f97b94ac548959ec4f925b8e7b45e2 in linux-6.6.y/6.6.51
3a82f62b0d9d7687eac47603bb6cd14a50fa718b in mainline linux

6 weeks agodrm/i915: Do not attempt to load the GSC multiple times
jsg [Thu, 12 Sep 2024 23:26:26 +0000 (23:26 +0000)]
drm/i915: Do not attempt to load the GSC multiple times

From Daniele Ceraolo Spurio
337266ada863a4232c9f8634deedc298a145521c in linux-6.6.y/6.6.51
59d3cfdd7f9655a0400ac453bf92199204f8b2a1 in mainline linux

6 weeks agoRevert "drm/amdgpu: align pp_power_profile_mode with kernel docs"
jsg [Thu, 12 Sep 2024 23:22:10 +0000 (23:22 +0000)]
Revert "drm/amdgpu: align pp_power_profile_mode with kernel docs"

From Alex Deucher
94479011f4f551b4b1e010776a131512402b27bc in linux-6.6.y/6.6.51
1a8d845470941f1b6de1b392227530c097dc5e0c in mainline linux

6 weeks agoReintroduce check that CRL Number is in range
tb [Thu, 12 Sep 2024 10:33:25 +0000 (10:33 +0000)]
Reintroduce check that CRL Number is in range

The CRL number draft clarified what ignoring means and it includes checking
that the CRL number is well-formed again. So do this but continue to ignore
the value for any other purpose. This refactors x509_convert_seqnum() into
a couple of helpers. There's some duplication between crl_check_crl_number()
and crl_parse_crl_number() which could be removed if anyone cares.

tweaks/ok job

6 weeks agoDo a basic sanity check that dirents returned via fuse are kind of sane.
claudio [Thu, 12 Sep 2024 09:10:46 +0000 (09:10 +0000)]
Do a basic sanity check that dirents returned via fuse are kind of sane.

Ensure that file names passed back by readdir do not include a '/'
character. The '/' char is the path separator and is not allowed in
any filename. On top of this also check that d_reclen and d_namlen
are kind of sane and zero out the padding bytes after d_name.

OK beck@

6 weeks agomsdos already transfroms for Windows long names a '/' char into '?'.
claudio [Thu, 12 Sep 2024 09:07:28 +0000 (09:07 +0000)]
msdos already transfroms for Windows long names a '/' char into '?'.
Do the same for the 8.3 case as well.

This is not ideal since now it is possible that two files in the same
directory have the same name but the msdos code already does a lot of
this and so the problem already exists.

OK beck@ miod@

6 weeks agoEnsure that file names passed back by readdir do not include a '/'
claudio [Thu, 12 Sep 2024 09:04:51 +0000 (09:04 +0000)]
Ensure that file names passed back by readdir do not include a '/'
character. The '/' char is the path separator and is not allowed in
any filename.

NFS specific report by Apple Security Engineering and Architecture (SEAR).

Input from guenther@ and millert@
OK beck@ miod@

6 weeks agoRelax absolute path requirement back to what it was prior to OpenSSH 9.8,
djm [Thu, 12 Sep 2024 00:36:27 +0000 (00:36 +0000)]
Relax absolute path requirement back to what it was prior to OpenSSH 9.8,
which incorrectly required that sshd was started with an absolute path
in inetd mode. bz3717, patch from Colin Wilson

7 weeks agoMouse move keys are not useful as key bindings because we do not turn
nicm [Wed, 11 Sep 2024 19:12:33 +0000 (19:12 +0000)]
Mouse move keys are not useful as key bindings because we do not turn
them on unless the application requests them. Ignore them so they do not
cause the prefix to be canceled, GitHub issue 4111.

7 weeks agoImplement AMD SEV support in vmd(8).
bluhm [Wed, 11 Sep 2024 15:42:52 +0000 (15:42 +0000)]
Implement AMD SEV support in vmd(8).

To launch a guest with AMD SEV enabled, vmd needs to do a few things:
- retrieve ASID used by guest on VM creation
- provide ASID to psp(4)
- let psp(4) encrypt memory used intially by guest
- run guest
- release resources held by psp(4) on guest shutdown
To enable SEV for a guest use the parameter "sev" in the guest's vm
section in vm.conf.

from hshoexer@; OK mlarkin@

7 weeks agoparametes -> parameters
tb [Wed, 11 Sep 2024 15:04:16 +0000 (15:04 +0000)]
parametes -> parameters

7 weeks agoAfter calling m_freem() on nmi_mrep (or nmi_mreq) set the pointer to NULL.
claudio [Wed, 11 Sep 2024 12:22:34 +0000 (12:22 +0000)]
After calling m_freem() on nmi_mrep (or nmi_mreq) set the pointer to NULL.

Only do this if struct nfsm_info doesn't have local scope.
In some cases the caller would perfrom another m_freem and double free
the mbuf and Bad Things(TM) would happen.

Reported by Claes M Nyberg on bugs@; with & ok miod@

7 weeks agoWhile I can understand that ext2fs is using ufs_ihashget() I'm still
claudio [Wed, 11 Sep 2024 08:29:55 +0000 (08:29 +0000)]
While I can understand that ext2fs is using ufs_ihashget() I'm still
flabbergasted by the abuse from fuse.

For whatever dumb reason fuse uses the ufs inode instead of having its
own much simpler struct. Again this is a workaround to not crash when
fuse is used.

OK beck@

7 weeks agofstat(2) can't return an S_IFLNK, so delete that test.
guenther [Wed, 11 Sep 2024 03:57:14 +0000 (03:57 +0000)]
fstat(2) can't return an S_IFLNK, so delete that test.
Also, switch to S_IS*() tests and update the manpage
to reflect that POSIX-2024 has no substantive changes
for wc(1)

ok op@ millert@

7 weeks agoFix a typo
yasuoka [Wed, 11 Sep 2024 00:41:51 +0000 (00:41 +0000)]
Fix a typo

7 weeks agoDelete a test_ps() call that does not actually test
schwarze [Tue, 10 Sep 2024 19:46:01 +0000 (19:46 +0000)]
Delete a test_ps() call that does not actually test
what it was intended to test.

The intention was to test that src/bin/ps/utf8.c handles embedded NUL bytes
correctly, just as the other tests in the same group test the handling of
various other non-printable characters.  But testing that does not work
for multiple reasons.  Neither does the shell pass the NUL byte to the
called test program as intended, nor can argv[] in a C program contain
a NUL byte in the middle of an argument, simply because in the C language,
a string is defined to end at the first NUL byte.  On top of all that,
even the function mbswprint() that was supposed to be tested terminates
the processing of the multi-byte input string as soon as it encounters
a NUL byte (all of which is correct behaviour).

So this particular subtest was totally bogus and only worked by accident,
for reasons completely unrelated to the intended purpose.  I don't think
the test needs to be replaced by anything else.  NUL bytes in the middle
of a program argument just aren't a thing in the first place.

Thanks to deraadt@ for asking what the purpose of this test_ps() call was.

7 weeks agonfsm_srvnamesiz() may set up an NFSERR_NAMETOL error, which nfsm_reply() would
miod [Tue, 10 Sep 2024 18:44:04 +0000 (18:44 +0000)]
nfsm_srvnamesiz() may set up an NFSERR_NAMETOL error, which nfsm_reply() would
consider as not tragic enough to abort the operation, in order to batch error
replies.

This would end up invoking nfs_namei() using an uninitialized variable as
length, and Bad Things(TM) would happen.

Reported by Claes M Nyberg on bugs@; tweaks & ok claudio@

7 weeks agoUse doc/html link for consistency
tb [Tue, 10 Sep 2024 18:37:42 +0000 (18:37 +0000)]
Use doc/html link for consistency

7 weeks agoAdd reference to the manifest numbers draft
tb [Tue, 10 Sep 2024 18:34:19 +0000 (18:34 +0000)]
Add reference to the manifest numbers draft

ok job

7 weeks agolibcrypto hasn't had VIA padlock support compiled in for quite some time...
tb [Tue, 10 Sep 2024 17:01:09 +0000 (17:01 +0000)]
libcrypto hasn't had VIA padlock support compiled in for quite some time...

prompted by a question by jmc

7 weeks agoFix build of m_print_chain() on sparc64.
bluhm [Tue, 10 Sep 2024 14:52:42 +0000 (14:52 +0000)]
Fix build of m_print_chain() on sparc64.

Use %zu to print mbuf MHLEN and MLEN in ddb, otherwise gcc complains.

found by claudio@

7 weeks agoufs_ihashget() is also used by the ext2fs code but the DIP() makro does
claudio [Tue, 10 Sep 2024 12:14:26 +0000 (12:14 +0000)]
ufs_ihashget() is also used by the ext2fs code but the DIP() makro does
not handle that. So for now add an ugly hack here to support ext2fs.
This fixes access to ext2fs after the last commit. A better fix can be
implemented in tree.
Reported and OK anton@

7 weeks agoBe more careful with aspath that have 0 length (aka the empty AS_PATH).
claudio [Tue, 10 Sep 2024 09:38:45 +0000 (09:38 +0000)]
Be more careful with aspath that have 0 length (aka the empty AS_PATH).

Again malloc(0) is not portable and calling memcpy with a NULL pointer
and a 0 length is not allowed by the C standard.

OK tb@

7 weeks agocommunity_copy needs to check if nentries is 0 and handle that specially.
claudio [Tue, 10 Sep 2024 08:53:20 +0000 (08:53 +0000)]
community_copy needs to check if nentries is 0 and handle that specially.

Calling malloc / reallocarray with a 0 size is not portable and the
memcpy with a possible NULL pointer as source and 0 len is seen as UB
by newer C standards (grmbl).

OK tb@

7 weeks agoAID_VPN_IPv4 and AID_VPN_IPv6 require a labellen that is non-zero.
claudio [Tue, 10 Sep 2024 08:47:51 +0000 (08:47 +0000)]
AID_VPN_IPv4 and AID_VPN_IPv6 require a labellen that is non-zero.

OK tb@

7 weeks agoEnfroce proper encoding of ASPA announce/withdraw PDU.
claudio [Tue, 10 Sep 2024 08:41:13 +0000 (08:41 +0000)]
Enfroce proper encoding of ASPA announce/withdraw PDU.

An announce PDU requires at least one provider ASnum while a withdraw
must not include any provider ASnums. The first is mandated by the ASPA
profile and the 2nd by the 8210bis draft.

Further cleanup some leftovers from the old per-AFI split of ASPA.
OK tb@

7 weeks agoUse reallocarray() instead of recallocarray(), this code does not need the
claudio [Tue, 10 Sep 2024 08:37:52 +0000 (08:37 +0000)]
Use reallocarray() instead of recallocarray(), this code does not need the
extra security measures of recallocarray() which adds a lot of overhead.
OK tb@

7 weeks agoInclude CLUSTER_LIST in the bad attribute tests. Also add a 2nd session
claudio [Tue, 10 Sep 2024 08:27:00 +0000 (08:27 +0000)]
Include CLUSTER_LIST in the bad attribute tests. Also add a 2nd session
which is iBGP so we can test both CLUSTER_LIST behaviours.

7 weeks agochange bus notifier defines into inline functions
jsg [Tue, 10 Sep 2024 05:45:16 +0000 (05:45 +0000)]
change bus notifier defines into inline functions

7 weeks agomissing "Ar" in previous;
jmc [Tue, 10 Sep 2024 05:33:32 +0000 (05:33 +0000)]
missing "Ar" in previous;

7 weeks agoWhen accounting start the type attribute was added twice.
yasuoka [Mon, 9 Sep 2024 23:38:29 +0000 (23:38 +0000)]
When accounting start the type attribute was added twice.
from markus

7 weeks agoHandle the CLUSTER_LIST attribute as described in RFC7606
claudio [Mon, 9 Sep 2024 15:00:45 +0000 (15:00 +0000)]
Handle the CLUSTER_LIST attribute as described in RFC7606

Just drop the attribute if received from an external peer.
Treat as withdraw if the len is 0 or not % 4.
OK tb@

7 weeks agoThere is no need for an explicit size check for IMSG_RECONF_ASPA_TAS
claudio [Mon, 9 Sep 2024 14:58:47 +0000 (14:58 +0000)]
There is no need for an explicit size check for IMSG_RECONF_ASPA_TAS
imsg_get_data() does the same and produces the same error.
OK tb@

7 weeks agodocument the mlkem768x25519-sha256 key exchange algorithm
naddy [Mon, 9 Sep 2024 14:41:21 +0000 (14:41 +0000)]
document the mlkem768x25519-sha256 key exchange algorithm

7 weeks agoUse msgbuf_init() instead of hand initalizing the msgbuf.
claudio [Mon, 9 Sep 2024 12:59:49 +0000 (12:59 +0000)]
Use msgbuf_init() instead of hand initalizing the msgbuf.
OK tb@

7 weeks agoPrint mbuf size also for non cluster.
bluhm [Mon, 9 Sep 2024 11:27:03 +0000 (11:27 +0000)]
Print mbuf size also for non cluster.

Command "ddb> show /c mbuf" always prints mbuf data size.  In
uipc_mbuf.c include db_interface.h as it contains prototype for
m_print_chain().

OK mvs@

7 weeks agodrm/amd/display: Skip wbscl_set_scaler_filter if filter is null
jsg [Mon, 9 Sep 2024 10:02:33 +0000 (10:02 +0000)]
drm/amd/display: Skip wbscl_set_scaler_filter if filter is null

From Alex Hung
e3a95f29647ae45d1ec9541cd7df64f40bf2120a in linux-6.6.y/6.6.50
c4d31653c03b90e51515b1380115d1aedad925dd in mainline linux

7 weeks agodrm/amd/display: Check BIOS images before it is used
jsg [Mon, 9 Sep 2024 10:00:20 +0000 (10:00 +0000)]
drm/amd/display: Check BIOS images before it is used

From Alex Hung
e50bec62acaeec03afc6fa5dfb2426e52d049cf5 in linux-6.6.y/6.6.50
8b0ddf19cca2a352b2a7e01d99d3ba949a99c84c in mainline linux