openbsd
2 years agoUse installboot -p; OK visa
kn [Sun, 6 Nov 2022 10:53:34 +0000 (10:53 +0000)]
Use installboot -p; OK visa

2 years agoDocument LOGDIR on its own since it's not a bsd.port.mk variable.
tb [Sun, 6 Nov 2022 09:26:29 +0000 (09:26 +0000)]
Document LOGDIR on its own since it's not a bsd.port.mk variable.

ok espie

2 years agoWhen a TEXTREL binary is loaded, non-writeable LOADs are not made immutable
deraadt [Sun, 6 Nov 2022 09:25:39 +0000 (09:25 +0000)]
When a TEXTREL binary is loaded, non-writeable LOADs are not made immutable
because a loader may want to perform text relocations wrapped inside
mprotect permission flips.  So static TEXTREL binaries need to perform
this operation themselves, at this fairly late point.
ok kettenis

2 years agotypo: wlll -> will
ajacoutot [Sun, 6 Nov 2022 09:12:03 +0000 (09:12 +0000)]
typo: wlll -> will

2 years agoReintroduce snippet describing startup behaviour to where it belongs. ok jmc@
otto [Sun, 6 Nov 2022 07:39:30 +0000 (07:39 +0000)]
Reintroduce snippet describing startup behaviour to where it belongs. ok jmc@

2 years agoremove the remnants of the old -s option, which was left stranded with poor,
jmc [Sun, 6 Nov 2022 06:51:22 +0000 (06:51 +0000)]
remove the remnants of the old -s option, which was left stranded with poor,
innocent -n;

noticed by indivc on misc@

2 years ago- escape a macro in an Rs/Re block: groff appears to think it is callable
jmc [Sat, 5 Nov 2022 23:18:03 +0000 (23:18 +0000)]
- escape a macro in an Rs/Re block: groff appears to think it is callable
- while here, sort NAME

2 years agoFix kernel build without IPSEC option.
jan [Sat, 5 Nov 2022 22:33:11 +0000 (22:33 +0000)]
Fix kernel build without IPSEC option.

ok deraadt@

2 years agoAdd mount_nfs(8) to fetch sets over NFS
kn [Sat, 5 Nov 2022 22:30:57 +0000 (22:30 +0000)]
Add mount_nfs(8) to fetch sets over NFS

bsd.rd and miniroot72.img fit, boot and install over NFS with this.

OK deraadt

2 years agoAdd regress coverage for TLS exporters.
jsing [Sat, 5 Nov 2022 21:58:24 +0000 (21:58 +0000)]
Add regress coverage for TLS exporters.

2 years agoclockintr(9): initial commit
cheloha [Sat, 5 Nov 2022 19:29:45 +0000 (19:29 +0000)]
clockintr(9): initial commit

clockintr(9) is a machine-independent clock interrupt scheduler.  It
emulates most of what the machine-dependent clock interrupt code is
doing on every platform.  Every CPU has a work schedule based on the
system uptime clock.  For now, every CPU has a hardclock(9) and a
statclock().  If schedhz is set, every CPU has a schedclock(), too.

This commit only contains the MI pieces.  All code is conditionally
compiled with __HAVE_CLOCKINTR.  This commit changes no behavior yet.

At a high level, clockintr(9) is configured and used as follows:

1. During boot, the primary CPU calls clockintr_init(9).  Global state
   is initialized.
2. Primary CPU calls clockintr_cpu_init(9).  Local, per-CPU state is
   initialized.  An "intrclock" struct may be installed, too.
3. Secondary CPUs call clockintr_cpu_init(9) to initialize their
   local state.
4. All CPUs repeatedly call clockintr_dispatch(9) from the MD clock
   interrupt handler.  The CPUs complete work and rearm their local
   interrupt clock, if any, during the dispatch.
5. Repeat step (4) until the system shuts down, suspends, or hibernates.
6. During resume, the primary CPU calls inittodr(9) and advances the
   system uptime.
7. Go to step (2).  This time around, clockintr_cpu_init(9) also
   advances the work schedule on the calling CPU to skip events that
   expired during suspend.  This prevents a "thundering herd" of
   useless work during the first clock interrupt.

In the long term, we need an MI clock interrupt scheduler in order to
(1) provide control over the clock interrupt to MI subsystems like
timeout(9) and dt(4) to improve their accuracy, (2) provide drivers
like acpicpu(4) a means for slowing or stopping the clock interrupt on
idle CPUs to conserve power, and (3) reduce the amount of duplicated
code in the MD clock interrupt code.

Before we can do any of that, though, we need to switch every platform
over to using clockintr(9) and do some cleanup.

Prompted by "the vmm(4) time bug," among other problems, and a
discussion at a2k19 on the subject.  Lots of design input from
kettenis@.  Early versions reviewed by kettenis@ and mlarkin@.
Platform-specific help and testing from kettenis@, gkoehler@,
mlarkin@, miod@, aoyama@, visa@, and dv@.  Babysitting and spiritual
guidance from mlarkin@ and kettenis@.

Link: https://marc.info/?l=openbsd-tech&m=166697497302283&w=2
ok kettenis@ mlarkin@

2 years agoBump version number so that it's easier to see if the running version has
patrick [Sat, 5 Nov 2022 19:01:51 +0000 (19:01 +0000)]
Bump version number so that it's easier to see if the running version has
the bugfixes in.

ok kettenis@

2 years agoNot every device tree we're getting passed has an /aliases or /chosen node,
patrick [Sat, 5 Nov 2022 19:00:31 +0000 (19:00 +0000)]
Not every device tree we're getting passed has an /aliases or /chosen node,
but our code assumes so.  It's useful to have them, so create them if they
do not exist.

ok kettenis@

2 years agoActivate the device tree we just loaded from disk. While this doesn't fix
patrick [Sat, 5 Nov 2022 18:58:24 +0000 (18:58 +0000)]
Activate the device tree we just loaded from disk.  While this doesn't fix
any current bug, it might catch issues in the future.

ok kettenis@

2 years agoMake sure fdt_find_node() returns NULL if it can't find the requested node.
patrick [Sat, 5 Nov 2022 18:56:09 +0000 (18:56 +0000)]
Make sure fdt_find_node() returns NULL if it can't find the requested node.

ok kettenis@

2 years agoThe /var/run/ld.so.hints file is mapped into memory. It is never replaced,
deraadt [Sat, 5 Nov 2022 18:48:31 +0000 (18:48 +0000)]
The /var/run/ld.so.hints file is mapped into memory.  It is never replaced,
so the mapping can be immutable.
ok kettenis

2 years agoteach ld.so how to call the mimmutable() system call
deraadt [Sat, 5 Nov 2022 18:44:09 +0000 (18:44 +0000)]
teach ld.so how to call the mimmutable() system call
ok kettenis

2 years agopowerpc64: TimeBase: add userspace timecounting support
cheloha [Sat, 5 Nov 2022 16:23:02 +0000 (16:23 +0000)]
powerpc64: TimeBase: add userspace timecounting support

Tested by gkoehler@.

ok gkoehler@

2 years ago"need root privileges" is an error, print it on stderr"
kn [Sat, 5 Nov 2022 12:06:05 +0000 (12:06 +0000)]
"need root privileges" is an error, print it on stderr"

2 years agoPrint full path in usage; OK jmc
kn [Sat, 5 Nov 2022 12:03:58 +0000 (12:03 +0000)]
Print full path in usage; OK jmc

2 years agoFix missing variable declaration in regress, thanks Anton Lindqvist for the report
job [Sat, 5 Nov 2022 10:32:51 +0000 (10:32 +0000)]
Fix missing variable declaration in regress, thanks Anton Lindqvist for the report

2 years agoFor textrel binaries, skipping immutability on text segments is not enough:
deraadt [Sat, 5 Nov 2022 10:31:16 +0000 (10:31 +0000)]
For textrel binaries, skipping immutability on text segments is not enough:
It needs to be all non-writeable segments, which really means rodata.
crt0 and ld.so will need to call mimmutable() later on these regions.
ok kettenis

2 years agomatch on Intel 500 Series HD Audio (0x43c8)
jsg [Sat, 5 Nov 2022 00:12:39 +0000 (00:12 +0000)]
match on Intel 500 Series HD Audio (0x43c8)

on a Lenovo ThinkPad P1 Gen 4, the audio device is subclass audio not
hd audio, so azalia does not match

reported by John Browning
ok kettenis@ thfr@

2 years agoDo not fail on non-rsync URIs in EE cert SIA extensions
tb [Fri, 4 Nov 2022 23:52:59 +0000 (23:52 +0000)]
Do not fail on non-rsync URIs in EE cert SIA extensions

The spec allows multiple accessMethod entries, ordered by preference.
While an rsync URI must be present, others are allowed. Do not fail
in that situation and pick the first rsync URI encountered. The logic
is very similar to the one in x509_get_crl().

ok job

2 years agoIn very verbose mode, log unexpected accessMethods
tb [Fri, 4 Nov 2022 23:42:56 +0000 (23:42 +0000)]
In very verbose mode, log unexpected accessMethods

While RFC 6487, 4.8.2.2 is very explicit about allowing id-ad-signedObject
as the only accessMethod, the clear language was lost during the RFC 8182
editing process. APNIC, TWNIC and JPNIC and a few others are currently
known to have an id-ad-rpkiNotify. The verbose logging allows us to check
the ecosystem while waiting for the point in time where we can turn this
into an error. See also https://www.rfc-editor.org/errata/eid7239.

ok job

2 years agoFormat filemode output in a tabular fashion to improve readability
job [Fri, 4 Nov 2022 17:39:36 +0000 (17:39 +0000)]
Format filemode output in a tabular fashion to improve readability

OK tb@ claudio@

2 years agoEFI firmware has bugs which may mean that calling EFI runtime services will
kettenis [Fri, 4 Nov 2022 16:49:31 +0000 (16:49 +0000)]
EFI firmware has bugs which may mean that calling EFI runtime services will
fault because it does memory accesses outside of the regions it told us to
map.  Try to mitigate this by installing a fault handler (using the
pcb_onfault mechanism) and bail out using longjmp(9) if we encounter a
page fault while executing an EFI runtime services call.

Since some firmware bugs result in us executing code that isn't mapped,
make kpageflttrap() handle execution faults as well as data faults.

ok guenther@

2 years agoallow "=" to be "hey only the default value" for pkgspec in dependencies
espie [Fri, 4 Nov 2022 13:22:15 +0000 (13:22 +0000)]
allow "=" to be "hey only the default value" for pkgspec in dependencies
to be used later once it's in snaps.

2 years agoAdd missing field initializer.
tb [Fri, 4 Nov 2022 13:01:19 +0000 (13:01 +0000)]
Add missing field initializer.

ok claudio

2 years agoIn ktrace execve(2) no longer shows meaningless exit code.
bluhm [Fri, 4 Nov 2022 12:59:26 +0000 (12:59 +0000)]
In ktrace execve(2) no longer shows meaningless exit code.
Change regex for kdump output to execve JUSTRETURN.
from anton@

2 years agowhitespace
tb [Fri, 4 Nov 2022 12:05:36 +0000 (12:05 +0000)]
whitespace

2 years agoExtend l3vpn test to insert and remove a route
claudio [Fri, 4 Nov 2022 11:33:26 +0000 (11:33 +0000)]
Extend l3vpn test to insert and remove a route

Also add some scaffolding for IPv6 testing but currently IPv6 is broken
because mpe(4) is unable to configure a local IPv6 address.

2 years agoCatch bad characters in rpkiManifest filenames earlier on
job [Fri, 4 Nov 2022 10:09:09 +0000 (10:09 +0000)]
Catch bad characters in rpkiManifest filenames earlier on

This improves the hard-to-read error:

rpki-client: .rrdp/59B96A4C078FDCEDBB776D5BE8DF45EAC0149157547270EA7D4647A76611E145/rpki-rsync.us-east-2.amazonaws.com/volume/220c3ec2-ccf9-4b8a-bf61-fd4d1e151271/LAXNBPgDnLLjagP8++RFIoaMCGo.mft: RFC 6487 section 4.8.6: CRL: bad CRL distribution point extension
rpki-client: rpki-rsync.us-east-2.amazonaws.com/volume/220c3ec2-ccf9-4b8a-bf61-fd4d1e151271/LAXNBPgDnLLjagP8++RFIoaMCGo.mft: no valid mft available

to:

rpki-client: rpki.ripe.net/repository/DEFAULT/ZMvVW3ZpjFaCVe2TtDEqMlyFk3E.cer: SIA: rpkiManifest filename contains invalid characters

OK tb@

2 years agoDon't show CPS URIs when in filemode
job [Fri, 4 Nov 2022 09:45:19 +0000 (09:45 +0000)]
Don't show CPS URIs when in filemode

OK tb@

2 years agoCheck the SIA signedObject in ROA/MFT/ASPA/TAK/GBR EE certificates
job [Fri, 4 Nov 2022 09:43:13 +0000 (09:43 +0000)]
Check the SIA signedObject in ROA/MFT/ASPA/TAK/GBR EE certificates

Unfortunately we can't yet error out when accessMethods other than
signedObject are encountered in the SubjectInformationAccess extension
because there is pollution in the ecosystem.

OK tb@

2 years agoAssert the VM map lock is held in function used by mmap/mprotect/munmap.
mpi [Fri, 4 Nov 2022 09:36:44 +0000 (09:36 +0000)]
Assert the VM map lock is held in function used by mmap/mprotect/munmap.

Also grab the lock in uvm_map_teardown() and uvm_map_deallocate() to
satisfy the assertions.  Grabbing the lock there shouldn't be strictly
necessary, because no other reference to the map should exist when the
reaper is holding it, but it doesn't hurt and makes our life easier.

Inputs & tests from Ivo van der Sangen, tb@, gnezdo@, kn@

kettenis@ and tb@ agree with the direction, ok kn@

2 years agoUnescape the string for the literal operator (l:) so special characters
nicm [Fri, 4 Nov 2022 08:03:23 +0000 (08:03 +0000)]
Unescape the string for the literal operator (l:) so special characters
work.

2 years agoriscv64 pmap: flush memory writes before remote sfence.vma
jca [Thu, 3 Nov 2022 23:30:55 +0000 (23:30 +0000)]
riscv64 pmap: flush memory writes before remote sfence.vma

As pointed out by the RISC-V privileged spec.  Sadly this is not enough
to solve all existing userland or kernel crashes seen on Unmatched (and
possibly other?) machines.

ok kettenis@

2 years agoZap unused variable
jca [Thu, 3 Nov 2022 23:26:49 +0000 (23:26 +0000)]
Zap unused variable

ok kettenis@

2 years agoreplace recently-added valid_domain() check for hostnames going to
djm [Thu, 3 Nov 2022 21:59:20 +0000 (21:59 +0000)]
replace recently-added valid_domain() check for hostnames going to
known_hosts with a more relaxed check for bad characters; previous
commit broke address literals. Reported by/feedback from florian@

2 years agoWhen decoding a sequence/set, make sure that:
martijn [Thu, 3 Nov 2022 17:58:10 +0000 (17:58 +0000)]
When decoding a sequence/set, make sure that:
- We don't create an uninitialized element when there are no subelements to
  decode
- If subelements overflow we return EINVAL

While here fix an eyesore of a line continuation.

OK claudio@

2 years agodon't needlessy uppercase Nd;
jmc [Thu, 3 Nov 2022 17:43:39 +0000 (17:43 +0000)]
don't needlessy uppercase Nd;

2 years agoEnable smbios0 on arm64 RAMDISK so the code mitigating crashes on the x13s
patrick [Thu, 3 Nov 2022 17:41:22 +0000 (17:41 +0000)]
Enable smbios0 on arm64 RAMDISK so the code mitigating crashes on the x13s
gets correct info from hw.version.

2 years agoAdd an abolute minimal test for L3VPNs. Right now not linked since there
claudio [Thu, 3 Nov 2022 15:39:54 +0000 (15:39 +0000)]
Add an abolute minimal test for L3VPNs. Right now not linked since there
is a bug in the kroute code preventing the VPN route to be added properly.

2 years agoConstrain KeyUsage and ExtendedKeyUsage on both CA & EE certificates
job [Thu, 3 Nov 2022 10:39:19 +0000 (10:39 +0000)]
Constrain KeyUsage and ExtendedKeyUsage on both CA & EE certificates

RFC 6487 section 4.8.4 restricts the KeyUsage extension on EE
certificates to only be digitalSignature.

RFC 6487 section 4.8.5 forbids the ExtendedKeyUsage extension from
appearing on CA certificates. However, this may change in the future
through the standardisation process.

OK tb@

2 years agoIf there are no buffers, reset mode as soon as any key pressed. Fixes
nicm [Thu, 3 Nov 2022 08:41:53 +0000 (08:41 +0000)]
If there are no buffers, reset mode as soon as any key pressed. Fixes
crash reported by Gaoyang Zhang in GitHub issue 3373.

2 years agoAdd a -l flag to display-message to disable format expansion, from Aaron
nicm [Thu, 3 Nov 2022 08:33:57 +0000 (08:33 +0000)]
Add a -l flag to display-message to disable format expansion, from Aaron
Jensen. GitHub issue 3372.

2 years agoStyle: always use *retval and never retval[0] in syscalls,
guenther [Thu, 3 Nov 2022 04:56:47 +0000 (04:56 +0000)]
Style: always use *retval and never retval[0] in syscalls,
to reflect that retval is just a single return value.

ok miod@

2 years agoMake scdebug_ret() behave like ktrsysret(), showing the off_t value
guenther [Thu, 3 Nov 2022 04:52:41 +0000 (04:52 +0000)]
Make scdebug_ret() behave like ktrsysret(), showing the off_t value
for lseek() and a single register_t value for all others.

ok miod@

2 years agoshorten Autonomous System Provider Authorizations
job [Thu, 3 Nov 2022 00:48:31 +0000 (00:48 +0000)]
shorten Autonomous System Provider Authorizations

2 years agoAdd notion of ASPA
job [Thu, 3 Nov 2022 00:44:13 +0000 (00:44 +0000)]
Add notion of ASPA

2 years agoPermit only keyCertSign and CRLSign in CA KeyUsage extension
job [Thu, 3 Nov 2022 00:00:53 +0000 (00:00 +0000)]
Permit only keyCertSign and CRLSign in CA KeyUsage extension

OK tb@

2 years agoEmit warnings when unexpected X.509v3 extensions are encountered
job [Wed, 2 Nov 2022 23:20:59 +0000 (23:20 +0000)]
Emit warnings when unexpected X.509v3 extensions are encountered

OK tb@

2 years agoIntroduce conn_info() which combines http_info() and ip_info() to output
claudio [Wed, 2 Nov 2022 16:50:51 +0000 (16:50 +0000)]
Introduce conn_info() which combines http_info() and ip_info() to output
both the host/uri and IP address of a connection.

Adjust http_connect() error handling to make sure conn->res is set to the
last address when hitting the error condition after the loop.
OK tb@

2 years agoAdd regress for Signed TAL (.tak) files
job [Wed, 2 Nov 2022 12:56:38 +0000 (12:56 +0000)]
Add regress for Signed TAL (.tak) files

2 years agoReference RSC RFC-to-be instead of internet-draft
job [Wed, 2 Nov 2022 12:46:49 +0000 (12:46 +0000)]
Reference RSC RFC-to-be instead of internet-draft

2 years agoAdd support for draft-ietf-sidrops-signed-tal-12
job [Wed, 2 Nov 2022 12:43:02 +0000 (12:43 +0000)]
Add support for draft-ietf-sidrops-signed-tal-12

Add support validation of Signed Objects containing Trust Anchor Keys
(TAKs - aka 'Signed TALs'). Signed TALs provide a mechanism for RIRs
to distribute and sign the next Trust Anchor with the current Trust
Anchor. This might be an improvement over visiting RIR websites and
copy+pasting TAL data by hand.

OK tb@

2 years agoDon't free the addrinfo array after connect and refactor http_finish_connect.
claudio [Wed, 2 Nov 2022 11:44:19 +0000 (11:44 +0000)]
Don't free the addrinfo array after connect and refactor http_finish_connect.

In http_connect_done() the addrinfo array was freed but this makes it
impossible to show the IP address of the connection in log messages.
Also refactor http_finish_connect() to call http_connect_failed() instead
of doing the same inline.
OK tb@

2 years agoLength check URI before strncasecmp()
tb [Wed, 2 Nov 2022 11:28:36 +0000 (11:28 +0000)]
Length check URI before strncasecmp()

A priori URI is not NUL terminated, so we should first check it is long
enough before comparing it against proto. As a side effect, this now
rejects "https://" and "rsync://", which are invalid due to the missing
host in the authority section.

ok claudio

2 years agoAlso print IP address of the connection that timed out to aid debugging
job [Wed, 2 Nov 2022 10:41:43 +0000 (10:41 +0000)]
Also print IP address of the connection that timed out to aid debugging

OK claudio@

2 years agoRemove audio(9) speaker_ctl(), let open() handle speakers where needed
kn [Wed, 2 Nov 2022 10:41:34 +0000 (10:41 +0000)]
Remove audio(9) speaker_ctl(), let open() handle speakers where needed

Only five legacy half-duplex hardware drivers require this function to
change between playing and recording:
i386: ess(4), gus(4), pas(4), sb(4)
luna88k: nec86(4)

If defined, it is always called early in audio_open(), so just move the
call from audio(4) to each hardware driver's open() handler.

SPKR_ON/OFF remain defined to leave driver-specific code unchanged.

Further cleanup (unchecked speaker_ctl() return values,
FWRITE -> AUMODE_PLAY -> SPKR_ON dances, etc.) can happen later.

Builds fine on i386.
OK ratchov

2 years agoFix x509_get_time() error checks
tb [Wed, 2 Nov 2022 10:04:41 +0000 (10:04 +0000)]
Fix x509_get_time() error checks

Like most x509_* functions, x509_get_time() returns 0/1 on error/success,
not -1/0.

ok claudio job

2 years agoInstead of always setting the extended flag, set it only when searching.
nicm [Wed, 2 Nov 2022 07:36:07 +0000 (07:36 +0000)]
Instead of always setting the extended flag, set it only when searching.
Allows send-keys to work. From Aaron Jensen.

2 years agoClean up more ancient history: since 2015 the libc stubs for
guenther [Wed, 2 Nov 2022 07:20:07 +0000 (07:20 +0000)]
Clean up more ancient history: since 2015 the libc stubs for
fork/vfork/__tfork haven't cared about the second return register.
So, stop setting retval[1] in kern_fork.c and stop setting the
second return register in the MD child_return() routines.

With the above, we have no multi-register return values on LP64,
so stop touching that register in the trapframe on those archs.

testing miod@ and aoyama@
ok miod@

2 years agoDo not neuter __attribute__ with __STRICT_ANSI__
tb [Tue, 1 Nov 2022 20:26:20 +0000 (20:26 +0000)]
Do not neuter __attribute__ with __STRICT_ANSI__

This broke readline support in newer Pythons and generally seems a
bad idea.  Upstream have removed this conditional in 5.0.

ok millert

2 years agoHave -S actually behave like the other introspection options, namely only
espie [Tue, 1 Nov 2022 17:41:19 +0000 (17:41 +0000)]
Have -S actually behave like the other introspection options, namely only
eschew building the package is -n is mentionned.

Document that -S -n is heavily optimized for speed since it's mostly used
by dpb -R to figure out what to rebuild.

2 years agofix a logic error from 2018: be silent if any of -S, -n, -q are mentioned.
espie [Tue, 1 Nov 2022 17:25:33 +0000 (17:25 +0000)]
fix a logic error from 2018: be silent if any of -S, -n, -q are mentioned.

The actual bug reverted in 1.128 was from "make print-plist-libs"
which would invoke pkg_create -n -Q  and filter out the libs: but
in that case, pkg_create would not be silent, thus yielding
    reading plist|-/usr/local/lib/libpython3.9.so.0.0
to filter, which obviously wouldn't work.

So, turn on silent mode for -Q as well.

2 years agoUse todr_attach().
kettenis [Tue, 1 Nov 2022 13:59:00 +0000 (13:59 +0000)]
Use todr_attach().

ok phessler@

2 years agoUse unsigned long long to store integer value. At least that can always
claudio [Tue, 1 Nov 2022 13:35:09 +0000 (13:35 +0000)]
Use unsigned long long to store integer value. At least that can always
be printed with %llu unlike uint64_t.

2 years agoOn endOfMibView reset OID back to the original requested OID as per RFC3416
martijn [Tue, 1 Nov 2022 13:34:44 +0000 (13:34 +0000)]
On endOfMibView reset OID back to the original requested OID as per RFC3416
section 4.2.2, instead of returning the (internal) current OID, which could
happen on empty tables.

Found and diff tested by Ryan Freeman (ryan <at> slipgate <dot> org)
OK sthen@

2 years agoOnly load the SOII key if IPv6 is available
kn [Tue, 1 Nov 2022 11:18:06 +0000 (11:18 +0000)]
Only load the SOII key if IPv6 is available

Possible now that IP6KERNERL is hoisted.
This also improves readability and zaps double negation logic.

2 years agoI plain forgot to document -S !
espie [Tue, 1 Nov 2022 10:50:05 +0000 (10:50 +0000)]
I plain forgot to document -S !

2 years agoDo not wait for DAD completion in dry-run mode
kn [Tue, 1 Nov 2022 10:45:53 +0000 (10:45 +0000)]
Do not wait for DAD completion in dry-run mode

1. only do so when running without -n
2. move code to own wait_dad() helper like wait_autoconf_default() has it
3. use local _count as usual in both functions rather than the global count

Feedback OK claudio

2 years agoAdd modified Tab key sequences, from Aaron Jensen, GitHub issue 3368.
nicm [Tue, 1 Nov 2022 09:54:13 +0000 (09:54 +0000)]
Add modified Tab key sequences, from Aaron Jensen, GitHub issue 3368.

2 years agoUse active pane in target window not current window for +/-. GitHub
nicm [Tue, 1 Nov 2022 09:46:14 +0000 (09:46 +0000)]
Use active pane in target window not current window for +/-. GitHub
issue 3370.

2 years agovmm(4): vcpu_reset_regs_svm: allow reads of MSR_HWCR, MSR_PSTATEDEF(0)
cheloha [Tue, 1 Nov 2022 01:01:14 +0000 (01:01 +0000)]
vmm(4): vcpu_reset_regs_svm: allow reads of MSR_HWCR, MSR_PSTATEDEF(0)

Guests may need these MSRs to determine the TSC frequency on AMD
families 17h and 19h.

GP fault reported by weerd@, observed on "AMD EPYC 3201 8-Core Processor"
(17-01-02).  Same issue observed by Jesper Wallin on "AMD Ryzen PRO 3700U".
Tested by Jesper Wallin.

Link: https://marc.info/?l=openbsd-bugs&m=166721628323483&w=2
ok mlarkin@

2 years agoHoist only the feature check
kn [Mon, 31 Oct 2022 20:14:45 +0000 (20:14 +0000)]
Hoist only the feature check

Keep adding IPv6 routes after lo0 got an addres like before, meant to be
committed together with r1.223.

2 years agoFix comment: IPv6 link local addresses do not use SOII anymore
kn [Mon, 31 Oct 2022 19:48:50 +0000 (19:48 +0000)]
Fix comment:  IPv6 link local addresses do not use SOII anymore

sys/netinet6/in6_ifattach.c r1.114 limited it to SLAAC addresses in 2019.

2 years agoImprove shell style wrt. variable naming/boolean convention
kn [Mon, 31 Oct 2022 19:25:16 +0000 (19:25 +0000)]
Improve shell style wrt. variable naming/boolean convention

The mixed use of upper and lower case variables is neither obvious nor
consistent.

PRINT_ONLY is local to netstart.
ip6kernel is local to netstart.
multicast gets sourced from rc.subr(8).

1. uppercase ip6kernel as is common for global variables in base scripts
2. use the simpler true/false idiom and default with the rest of
   netstart-only variables, making it clearer that only `multicast=YES/NO'
   comes from the rc environment
3. hoist kernel feature detection such that a later diff can load the SOII
   key conditionally
4. zap obvious comment

OK aja

2 years agoAdd a intergration test that checks if the pftable feature works.
claudio [Mon, 31 Oct 2022 18:34:11 +0000 (18:34 +0000)]
Add a intergration test that checks if the pftable feature works.

2 years agoMake CLEANFILES patterns not match anything that may live outside of obj.
claudio [Mon, 31 Oct 2022 18:31:36 +0000 (18:31 +0000)]
Make CLEANFILES patterns not match anything that may live outside of obj.
Running make clean without obj should not remove any non-temp files
like *.conf.

2 years agoThe cad(4) ethernet controller works well on the Hifive Unmatched
jca [Mon, 31 Oct 2022 17:44:21 +0000 (17:44 +0000)]
The cad(4) ethernet controller works well on the Hifive Unmatched

From Miguel Landaeta

2 years agoUpdate to 2022fgtz from https://github.com/JodaOrg/global-tz
millert [Mon, 31 Oct 2022 15:35:11 +0000 (15:35 +0000)]
Update to 2022fgtz from https://github.com/JodaOrg/global-tz
Major changes:
 o Mexico will no longer observe DST except near the US border.
 o Chihuahua moves to year-round -06 on 2022-10-30.
 o Fiji no longer observes DST.

2 years agovmd(8): remove unfinished user accounting.
dv [Mon, 31 Oct 2022 14:02:11 +0000 (14:02 +0000)]
vmd(8): remove unfinished user accounting.

User accounting and enforcement was never finished. tedu the thing
until someone wants to pick it up and finish it.

Originally found by Matthew Martin.

ok mlarkin@, kn@. input from tb@.

2 years agomips64: Raise SPL for hardclock()
visa [Mon, 31 Oct 2022 13:59:10 +0000 (13:59 +0000)]
mips64: Raise SPL for hardclock()

This lets the MI clock interrupt code see the correct SPL.

The full splx() is skipped because the updating of the hardware interrupt
masks should not be needed here.

Prompted by and OK cheloha@

2 years agoFix VMMAP_DEBUG code to compile with not-so-recent changes.
mpi [Mon, 31 Oct 2022 10:46:24 +0000 (10:46 +0000)]
Fix VMMAP_DEBUG code to compile with not-so-recent changes.

If enabled the debug code currently panic the kernel.  To investigate.

2 years agostyle: 'The function type should be on a line by itself preceding the function.'
guenther [Mon, 31 Oct 2022 03:20:41 +0000 (03:20 +0000)]
style: 'The function type should be on a line by itself preceding the function.'

2 years agoUse variable for diff options instead of unconditionally specifying "-rN".
dtucker [Sun, 30 Oct 2022 18:42:07 +0000 (18:42 +0000)]
Use variable for diff options instead of unconditionally specifying "-rN".
This will make life easier in -portable where not all diff's understand -N.

2 years agoSimplfity setregs() by passing it the ps_strings and switching
guenther [Sun, 30 Oct 2022 17:43:39 +0000 (17:43 +0000)]
Simplfity setregs() by passing it the ps_strings and switching
sys_execve() to return EJUSTRETURN.

setregs() is the MD routine used by sys_execve() to set up the
thread's trapframe and PCB such that, on 'return' to userspace, it
has the register values defined by the ABI and otherwise zero.  It
had to set the syscall retval[] values previously because the normal
syscall return path overwrites a couple registers with the retval[]
values.  By instead returning EJUSTRETURN that and some complexity
with program-counter handling on m88k and sparc64 goes away.

Also, give setregs() add a 'struct ps_strings *arginfo' argument
so powerpc, powerpc64, and sh can directly get argc/argv/envp
values for registers instead of copyin()ing the one in userspace.

Improvements from miod@ and millert@
Testing assistance miod@, kettenis@, and aoyama@
ok miod@ kettenis@

2 years agoOn the Lenovo X13s attaching to the multiport USB controller leads to hard
patrick [Sun, 30 Oct 2022 15:34:54 +0000 (15:34 +0000)]
On the Lenovo X13s attaching to the multiport USB controller leads to hard
resets.  Previously this was only seen with smmu(4) enabled, probably as
there is no IORT reference to that controller and hence no IOMMU mapping
established.  Since recent BIOS updates, this now also happens without
smmu(4) enabled.  Let's skip this node for now to keep machines running.

Prompted by deraadt@
ok phessler@

2 years agoThe previous commit message out to say this:
kn [Sun, 30 Oct 2022 13:27:15 +0000 (13:27 +0000)]
The previous commit message out to say this:
---
Fix sparc64 build

cc1: warnings being treated as errors
.../constraints.c: In function 'test_constraints1':
.../constraints.c:451: warning: ISO C90 forbids mixed declarations and code

Fix RCS ID while here.

2 years ago/* $OpenBSD: $ */
kn [Sun, 30 Oct 2022 13:23:49 +0000 (13:23 +0000)]
/* $OpenBSD: $ */
/*
 * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

#include <err.h>
#include <string.h>

#include <openssl/safestack.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include "x509_internal.h"

#define FAIL(msg, ...) \
do { \
fprintf(stderr, "[%s:%d] FAIL: ", __FILE__, __LINE__); \
fprintf(stderr, msg, ##__VA_ARGS__); \
} while(0)

unsigned char *valid_hostnames[] = {
"openbsd.org",
"op3nbsd.org",
"org",
"3openbsd.com",
"3-0penb-d.c-m",
"a",
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.com",
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
"open_bsd.org", /* because this is liberal */
NULL,
};

unsigned char *valid_sandns_names[] = {
"*.ca",
"*.op3nbsd.org",
"c*.openbsd.org",
"foo.*.d*.c*.openbsd.org",
NULL,
};

unsigned char *valid_domain_constraints[] = {
"",
".ca",
".op3nbsd.org",
".aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
"www.openbsd.org",
NULL,
};

unsigned char *valid_mbox_names[] = {
"\"!#$%&\\\"*+-/=?\002^_`{|}~.\"@openbsd.org",
"beck@openbsd.org",
"beck@openbsd.org",
"beck@op3nbsd.org",
"beck@org",
"beck@3openbsd.com",
"beck@3-0penb-d.c-m",
"bec@a",
"beck@aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.com",
"beck@aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
"beck@open_bsd.org", /* because this is liberal */
NULL,
};

unsigned char *invalid_hostnames[] = {
"openbsd.org.",
"openbsd..org",
"openbsd.org-",
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.com",
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.a",
"-p3nbsd.org",
"openbs-.org",
"openbsd\n.org",
"open\178bsd.org",
"open\255bsd.org",
"*.openbsd.org",
NULL,
};

unsigned char *invalid_sandns_names[] = {
"",
".",
"*.a",
"*.",
"*.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.com",
".aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.a",
"*.-p3nbsd.org",
"*.*..openbsd.org",
"*..openbsd.org",
".openbsd.org",
"c*c.openbsd.org",
NULL,
};

unsigned char *invalid_mbox_names[] = {
"beck@aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.com",
"beck@aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.a",
"beck@.-openbsd.org",
"beck@.openbsd.org.",
"beck@.a",
"beck@.",
"beck@",
"beck@.ca",
"@openbsd.org",
NULL,
};

unsigned char *invalid_domain_constraints[] = {
".",
".a",
"..",
".aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.com",
".aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.a",
".-p3nbsd.org",
"..openbsd.org",
NULL,
};

unsigned char *invaliduri[] = {
"https://-www.openbsd.org",
"https://.www.openbsd.org/",
"https://www.ope|nbsd.org%",
"https://www.openbsd.org.#",
"///",
"//",
"/",
"",
NULL,
};

static int
test_valid_hostnames(void)
{
int i, failure = 0;

for (i = 0; valid_hostnames[i] != NULL; i++) {
if (!x509_constraints_valid_host(valid_hostnames[i],
strlen(valid_hostnames[i]))) {
FAIL("Valid hostname '%s' rejected\n",
    valid_hostnames[i]);
failure = 1;
goto done;
}
if (!x509_constraints_valid_sandns(valid_hostnames[i],
strlen(valid_hostnames[i]))) {
FAIL("Valid sandns '%s' rejected\n",
    valid_hostnames[i]);
failure = 1;
goto done;
}
}
 done:
return failure;
}

static int
test_valid_sandns_names(void)
{
int i, failure = 0;
for (i = 0; valid_sandns_names[i] != NULL; i++) {
if (!x509_constraints_valid_sandns(valid_sandns_names[i],
strlen(valid_sandns_names[i]))) {
FAIL("Valid dnsname '%s' rejected\n",
    valid_sandns_names[i]);
failure = 1;
goto done;
}
}
 done:
return failure;
}

static int
test_valid_domain_constraints(void)
{
int i, failure = 0;
for (i = 0; valid_domain_constraints[i] != NULL; i++) {
if (!x509_constraints_valid_domain_constraint(valid_domain_constraints[i],
    strlen(valid_domain_constraints[i]))) {
FAIL("Valid dnsname '%s' rejected\n",
    valid_domain_constraints[i]);
failure = 1;
goto done;
}
}
 done:
return failure;
}

static int
test_valid_mbox_names(void)
{
struct x509_constraints_name name = {0};
int i, failure = 0;
for (i = 0; valid_mbox_names[i] != NULL; i++) {
if (!x509_constraints_parse_mailbox(valid_mbox_names[i],
    strlen(valid_mbox_names[i]), &name)) {
FAIL("Valid mailbox name '%s' rejected\n",
    valid_mbox_names[i]);
failure = 1;
goto done;
}
free(name.name);
name.name = NULL;
free(name.local);
name.local = NULL;
}
 done:
return failure;
}

static int
test_invalid_hostnames(void)
{
int i, failure = 0;
char *nulhost = "www.openbsd.org\0";

for (i = 0; invalid_hostnames[i] != NULL; i++) {
if (x509_constraints_valid_host(invalid_hostnames[i],
    strlen(invalid_hostnames[i]))) {
FAIL("Invalid hostname '%s' accepted\n",
    invalid_hostnames[i]);
failure = 1;
goto done;
}
}
if (x509_constraints_valid_host(nulhost,
    strlen(nulhost) + 1)) {
FAIL("hostname with NUL byte accepted\n");
failure = 1;
goto done;
}
if (x509_constraints_valid_sandns(nulhost,
    strlen(nulhost) + 1)) {
FAIL("sandns with NUL byte accepted\n");
failure = 1;
goto done;
}
 done:
return failure;
}

static int
test_invalid_sandns_names(void)
{
int i, failure = 0;
for (i = 0; invalid_sandns_names[i] != NULL; i++) {
if (x509_constraints_valid_sandns(invalid_sandns_names[i],
    strlen(invalid_sandns_names[i]))) {
FAIL("Valid dnsname '%s' rejected\n",
    invalid_sandns_names[i]);
failure = 1;
goto done;
}
}
 done:
return failure;
}

static int
test_invalid_mbox_names(void)
{
int i, failure = 0;
struct x509_constraints_name name = {0};
for (i = 0; invalid_mbox_names[i] != NULL; i++) {
if (x509_constraints_parse_mailbox(invalid_mbox_names[i],
    strlen(invalid_mbox_names[i]), &name)) {
FAIL("invalid mailbox name '%s' accepted\n",
    invalid_mbox_names[i]);
failure = 1;
goto done;
}
free(name.name);
name.name = NULL;
free(name.local);
name.local = NULL;
}
 done:
return failure;
}

static int
test_invalid_domain_constraints(void)
{
int i, failure = 0;
for (i = 0; invalid_domain_constraints[i] != NULL; i++) {
if (x509_constraints_valid_domain_constraint(invalid_domain_constraints[i],
    strlen(invalid_domain_constraints[i]))) {
FAIL("invalid dnsname '%s' accepted\n",
    invalid_domain_constraints[i]);
failure = 1;
goto done;
}
}
 done:
return failure;
}

static int
test_invalid_uri(void)
{
int j, failure=0;
char *hostpart = NULL;

for (j = 0; invaliduri[j] != NULL; j++) {
if (x509_constraints_uri_host(invaliduri[j],
strlen(invaliduri[j]), &hostpart) != 0) {
FAIL("invalid URI '%s' accepted\n",
    invaliduri[j]);
failure = 1;
goto done;
}
free(hostpart);
hostpart = NULL;
}

 done:
return failure;
}

static int
test_constraints1(void)
{
char *c; size_t cl;
char *d; size_t dl;
int failure = 0;
int error = 0;
int i, j;
unsigned char *constraints[] = {
".org",
".openbsd.org",
"www.openbsd.org",
NULL,
};
unsigned char *failing[] = {
".ca",
"openbsd.ca",
"org",
NULL,
};
unsigned char *matching[] = {
"www.openbsd.org",
NULL,
};
unsigned char *matchinguri[] = {
"https://www.openbsd.org",
"https://www.openbsd.org/",
"https://www.openbsd.org?",
"https://www.openbsd.org#",
"herp://beck@www.openbsd.org:",
"spiffe://beck@www.openbsd.org/this/is/so/spiffe/",
NULL,
};
unsigned char *failinguri[] = {
"https://www.openbsd.ca",
"https://www.freebsd.com/",
"https://www.openbsd.net?",
"https://org#",
"herp://beck@org:",
"///",
"//",
"/",
"",
NULL,
};
unsigned char *noauthority[] = {
"urn:open62541.server.application",
NULL,
};
for (i = 0; constraints[i] != NULL; i++) {
char *constraint = constraints[i];
size_t clen = strlen(constraints[i]);
for (j = 0; matching[j] != NULL; j++) {
if (!x509_constraints_domain(matching[j],
    strlen(matching[j]), constraint, clen)) {
FAIL("constraint '%s' should have matched"
    " '%s'\n",
    constraint, matching[j]);
failure = 1;
goto done;
}
}
for (j = 0; matchinguri[j] != NULL; j++) {
error = 0;
if (!x509_constraints_uri(matchinguri[j],
    strlen(matchinguri[j]), constraint, clen, &error)) {
FAIL("constraint '%s' should have matched URI"
    " '%s' (error %d)\n",
    constraint, matchinguri[j], error);
failure = 1;
goto done;
}
}
for (j = 0; failing[j] != NULL; j++) {
if (x509_constraints_domain(failing[j],
    strlen(failing[j]), constraint, clen)) {
FAIL("constraint '%s' should not have matched"
    " '%s'\n",
    constraint, failing[j]);
failure = 1;
goto done;
}
}
for (j = 0; failinguri[j] != NULL; j++) {
error = 0;
if (x509_constraints_uri(failinguri[j],
    strlen(failinguri[j]), constraint, clen, &error)) {
FAIL("constraint '%s' should not have matched URI"
    " '%s' (error %d)\n",
    constraint, failinguri[j], error);
failure = 1;
goto done;
}
}
for (j = 0; noauthority[j] != NULL; j++) {
char *hostpart = NULL;
error = 0;
if (!x509_constraints_uri_host(noauthority[j],
strlen(noauthority[j]), &hostpart)) {
FAIL("name '%s' should parse as a URI",
    noauthority[j]);
failure = 1;
free(hostpart);
goto done;
}
free(hostpart);

if (x509_constraints_uri(noauthority[j],
    strlen(noauthority[j]), constraint, clen, &error)) {
FAIL("constraint '%s' should not have matched URI"
    " '%s' (error %d)\n",
    constraint, failinguri[j], error);
failure = 1;
goto done;
}
}
}
c = ".openbsd.org";
cl = strlen(".openbsd.org");
d = "*.openbsd.org";
dl = strlen("*.openbsd.org");
if (!x509_constraints_domain(d, dl, c, cl)) {
FAIL("constraint '%s' should have matched '%s'\n",
    c, d);
failure = 1;
goto done;
}
c = "www.openbsd.org";
cl = strlen("www.openbsd.org");
if (x509_constraints_domain(d, dl, c, cl)) {
FAIL("constraint '%s' should not have matched '%s'\n",
    c, d);
failure = 1;
goto done;
}
c = "";
cl = 0;
if (!x509_constraints_domain(d, dl, c, cl)) {
FAIL("constraint '%s' should have matched '%s'\n",
    c, d);
failure = 1;
goto done;
}
 done:
return failure;
}

int
main(int argc, char **argv)
{
int failed = 0;

failed |= test_valid_hostnames();
failed |= test_invalid_hostnames();
failed |= test_valid_sandns_names();
failed |= test_invalid_sandns_names();
failed |= test_valid_mbox_names();
failed |= test_invalid_mbox_names();
failed |= test_valid_domain_constraints();
failed |= test_invalid_domain_constraints();
failed |= test_invalid_uri();
failed |= test_constraints1();

return (failed);
}

2 years agoMove duplex check from sbdsp_midi_open() to sbdsp_open() where it belongs
kn [Sun, 30 Oct 2022 10:55:52 +0000 (10:55 +0000)]
Move duplex check from sbdsp_midi_open() to sbdsp_open() where it belongs

sbdsp.c r1.42 "Replace audio(9) get_props() with duplex check in open()
  in partial duplex drivers" added it to the wrong function.

2 years agoThe x13s only defines the (legacy) 32-bit SMBIOS entry point. Add code to
kettenis [Sat, 29 Oct 2022 20:35:50 +0000 (20:35 +0000)]
The x13s only defines the (legacy) 32-bit SMBIOS entry point.  Add code to
handle that such that we can see the firmware version in dmesg.

ok deraadt@, phessler@

2 years agoFix indent botch; noticed by kettenis@
miod [Fri, 28 Oct 2022 16:06:54 +0000 (16:06 +0000)]
Fix indent botch; noticed by kettenis@

2 years agoRemove antique^Wolder-than-binutils-2.17 c++filt(1).
miod [Fri, 28 Oct 2022 15:50:55 +0000 (15:50 +0000)]
Remove antique^Wolder-than-binutils-2.17 c++filt(1).

2 years agoBuild and install binutils-2.17's version of c++filt(1), since we already
miod [Fri, 28 Oct 2022 15:49:52 +0000 (15:49 +0000)]
Build and install binutils-2.17's version of c++filt(1), since we already
install its manual page.
Reported by vol at ljabl dot com

2 years agoDecode DT_MIPS_RLD_MAP_REL.
kettenis [Fri, 28 Oct 2022 15:26:46 +0000 (15:26 +0000)]
Decode DT_MIPS_RLD_MAP_REL.

ok deraadt@

2 years agoRemove unused audio(9) get_props()/AUDIO_PROP_FULLDUPLEX
kn [Fri, 28 Oct 2022 15:13:59 +0000 (15:13 +0000)]
Remove unused audio(9) get_props()/AUDIO_PROP_FULLDUPLEX

All audio drivers have been cleaned up and, if needed, now check for duplex
mode in their open() handler.

OK ratchov miod

2 years agoReplace audio(9) get_props() with duplex check in open() in non-duplex drivers
kn [Fri, 28 Oct 2022 15:09:45 +0000 (15:09 +0000)]
Replace audio(9) get_props() with duplex check in open() in non-duplex drivers

Make drivers which do *not* adverise AUDIO_PROP_FULLDPLEX return ENXIO
in their open() if full-duplex mode was requested.

This way, sys/dev/audio.c:audio_open() will fail immediately rather than
later through the to-be-removed get_props() check.

These are all drivers which simply don't support full-duplex mode.

In device-tree based drivers like simpleaudio(4)/rkiis(4) and newer Apple
ones like aplaudio(4)/aplmca(4), this adds a new open() stub to the
low-level drivers which merely does the duplex check.

My Pinebook Pro keeps playing audio and recording silence with this diff
just like before (rkiis(4) is currently play-only):
simpleaudio0 at mainbus0
simpleaudio1 at mainbus0
audio0 at simpleaudio1

$ aucat -i song69.wav -o rec.wav

OK ratchov miod