otto [Sat, 26 Feb 2022 16:14:42 +0000 (16:14 +0000)]
Currently malloc caches a number of free'ed regions up to 128k
in size. This cache is indexed by size (in # of pages), so it is
very quick to check. Some programs allocate and deallocate larger
allocations in a frantic way. Accomodate those programs by also
keeping a cache of regions between 128k and 2M, in a cache of variable
sized regions.
Tested by many in snaps; ok deraadt@
kettenis [Sat, 26 Feb 2022 13:38:46 +0000 (13:38 +0000)]
regen
kettenis [Sat, 26 Feb 2022 13:38:11 +0000 (13:38 +0000)]
Add Broadcom BCM4387.
claudio [Sat, 26 Feb 2022 11:48:50 +0000 (11:48 +0000)]
Remove excessive ;
dlg [Sat, 26 Feb 2022 04:46:34 +0000 (04:46 +0000)]
add the mbuf tag that prevents loops in vxlan_encap, not vxlan_output.
vxlan_output calls ether_output, which will do arp for ipv4 packets.
if arp hasn't resolved an address for a peer yet, it will queue the
packet and transmit it again after resolution completes. the way
it outputs is to call the interface output routine again, which is
vxlan_output.
if we tag the packet in vxlan_output before arp, and then arp calls
vxlan_output again, it looks like a loop and drops it. moving the
tagging to when we add all the encap headers in vxlan_encap avoids
this issue.
dlg [Sat, 26 Feb 2022 02:15:45 +0000 (02:15 +0000)]
have another go at fixing assert "sc->sc_dev == NUM" failed.
claudio figured it out. his clue was that multiple concurrent calls
to tunopen (or tapopen) will share a vnode. because tunopen can sleep,
multiple programs can be inside tunopen for the same tun interface at
the same time, all with references against the same vnode.
at the same time as this another thread/program can call VOP_REVOKE
via tun_clone_destroy (eg, ifconfig tun1 destroy does this).
VOP_REVOKE marks a vnode as bad, which in turn means that subsequent
open()s of a tun interface will get a brand new vnode.
so multiple threads holding references to a vnode can be sleeping in
tun_dev_open on the interface cloner lock. one thread wins and takes
ownership of the tun interface, then another thread can destroy that tun
interface, calls VOP_REVOKE which calls tun_dev_close to tear down the
vnodes association with the tun interface and mark the vnode as bad.
the thread that called tun_clone_destroy then creates another instance
of the interface by calling tun_clone_create immediately.
one of the original threads with the old vnode reference wakes up and
takes ownership of the new tun_softc. however, because the vnode is bad,
all the vnode ops have been replaced with the deadfs ops. the close() op
on the old vnode is now a nop from the point of view of tun interfaces.
the old vnode is no longer associated with tun and tap and will now
never call tun_dev_close (via tunclose or tapclose), which in turn means
sc_dev won't get cleared.
another thread can now call tun_clone_destroy against the new instance
of tun_softc. this instance has sc_dev set, so it tries to revoke it,
but there's no vnode associated with it because the old vnode reference
is dead.
because this second call to VOP_REVOKE couldnt find a vnode, it
can't call tunclose against it, so sc_dev is still set and this
KASSERT fires.
claudio and i came up with the following, which is to have tun_dev_open
check the state of the vnode associated with the current open call
after all the sleeping and potential tun_clone_destroy and
tun_clone_create calls. if the vnode has been made bad/dead after
all the sleeping, it returns with ENXIO.
Reported-by: syzbot+5e13201866c43afbfbf6@syzkaller.appspotmail.com
ok claudio@ visa@
guenther [Fri, 25 Feb 2022 23:51:03 +0000 (23:51 +0000)]
Reported-by: syzbot+1b5b209ce506db4d411d@syzkaller.appspotmail.com
Revert the pr_usrreqs move: syzkaller found a NULL pointer deref
and I won't be available to monitor for followup issues for a bit
bluhm [Fri, 25 Feb 2022 22:18:44 +0000 (22:18 +0000)]
To fix crashes seen by Hrvoje with pfsync, IPsec and parallel
forwarding, protect tdb flags and lists in pfsync with a mutex.
help and OK sashan@
tedu [Fri, 25 Feb 2022 18:29:32 +0000 (18:29 +0000)]
use setall for setusercontext, to make it simpler to inherit new changes.
note that the addition of setenv doesn't do much, since doas will rewrite
the environment anyway (but added variables are accessible in keepenv,
should anybody be using that feature).
tedu [Fri, 25 Feb 2022 18:24:01 +0000 (18:24 +0000)]
add setrtable to pledge("id"). from Matthew Martin
ok deraadt
rob [Fri, 25 Feb 2022 18:05:49 +0000 (18:05 +0000)]
A few additional changes related to the now 32 bit accounting flag.
Pointers from and discussions with millert and deraadt.
Ok millert@, deraadt@, bluhm@
rob [Fri, 25 Feb 2022 17:31:40 +0000 (17:31 +0000)]
Whitespace.
tb [Fri, 25 Feb 2022 16:00:39 +0000 (16:00 +0000)]
fix indent and other minor KNF nits
visa [Fri, 25 Feb 2022 13:51:02 +0000 (13:51 +0000)]
Enable cduart(4) on arm64.
OK kettenis@
claudio [Fri, 25 Feb 2022 12:56:12 +0000 (12:56 +0000)]
The pointer returned by pt_fill() can be directly used in most cases.
There is no need for an extra local variable.
Noticed by and OK tb@
claudio [Fri, 25 Feb 2022 11:36:54 +0000 (11:36 +0000)]
For add-path send the Adj-RIB-Out needs to handle multiple paths per
prefix. For this extend the RB trees of the Adj-RIB-Out to also consider
the path_id. Add functions to lookup a prefix without path_id so that
bgpctl works. Rename functions so that all Adj-RIB-Out specific functions
start with prefix_adjout_
For now the path_id_tx in the Adj-RIB-Out is forced to 0 since
up_generate_updates() is not ready to handle more than one path per prefix.
OK tb@
dtucker [Fri, 25 Feb 2022 09:46:24 +0000 (09:46 +0000)]
Remove the char * casts from arguments to do_lstat, do_readdir and
do_stat paths since the underlying functions now take a const char *.
Patch from vapier at gentoo.org.
guenther [Fri, 25 Feb 2022 08:36:01 +0000 (08:36 +0000)]
Move pr_attach and pr_detach to a new structure pr_usrreqs that can
then be shared among protosw structures, following the same basic
direction as NetBSD and FreeBSD for this.
Split PRU_CONTROL out of pr_usrreq into pru_control, giving it the
proper prototype to eliminate the previously necessary casts.
ok mvs@ bluhm@
guenther [Fri, 25 Feb 2022 08:33:26 +0000 (08:33 +0000)]
in6_ioctl() is declared in in6_var.h as it's used in if_umb.c, so
don't declare it again in the .c file
ok dlg@ mvs@ bluhm@
djm [Fri, 25 Feb 2022 02:09:27 +0000 (02:09 +0000)]
save an unneccessary alloc/free, based on patch from
Martin Vahlensieck; ok dtucker@
beck [Thu, 24 Feb 2022 22:05:06 +0000 (22:05 +0000)]
Get rid of SHA1 for comparing CRL's - use SHA512 just like we do for certs.
ok tb@
tb [Thu, 24 Feb 2022 21:07:03 +0000 (21:07 +0000)]
Remove accidentally committed debug code.
claudio [Thu, 24 Feb 2022 14:54:03 +0000 (14:54 +0000)]
struct prefix holds path_id_tx for the path id sent to peers when
add-path send is enabled. Start using this instead of 0. Currently
nothing sets path_id_tx to any value != 0 so this is the same but
a bit more correct.
OK tb@
krw [Thu, 24 Feb 2022 14:44:14 +0000 (14:44 +0000)]
Rename parselabel() to parsefstab() and makelabel() to
parsedisktab().
Move non-fstab and non-disktab bits to the single points of
invocation for both.
No intentional functional change.
visa [Thu, 24 Feb 2022 14:19:10 +0000 (14:19 +0000)]
Fix kernel stack alignment on riscv64
Pad trapframe and switchframe structs so that their size is a multiple
of 16 bytes. This makes context switching and exception handlers keep
kernel stack properly aligned.
OK kettenis@
visa [Thu, 24 Feb 2022 14:16:53 +0000 (14:16 +0000)]
Reserve room for holding curcpu pointer in u-area
The tp register contains the curcpu pointer in kernel mode. The pointer
has to be saved and replaced with the TCB pointer in the register when
entering user mode. These steps are reversed when returning to kernel.
The curcpu pointer is saved in the u-area. Explicitly reserve room for
the pointer to make the saving more visible.
OK kettenis@
jsg [Thu, 24 Feb 2022 13:14:18 +0000 (13:14 +0000)]
drm/amd/display: fix yellow carp wm clamping
From Dmytro Laktyushkin
1ddab2ee882900df817dd89882618356b7ecbab3 in linux 5.15.y/5.15.25
60fdf98a774eee244a4e00c34a9e7729b61d0f44 in mainline linux
jsg [Thu, 24 Feb 2022 13:11:45 +0000 (13:11 +0000)]
drm/amd/display: Cap pflip irqs per max otg number
From Roman Li
929b2eddebc2cb5ecf220337658f8d8538d4ab9d in linux 5.15.y/5.15.25
328e34a5ad227399391891d454043e5d73e598d2 in mainline linux
jsg [Thu, 24 Feb 2022 13:09:00 +0000 (13:09 +0000)]
display/amd: decrease message verbosity about watermarks table failure
From Mario Limonciello
3fd92f5be6c48cce92c90ecf71719582645da888 in linux 5.15.y/5.15.25
03ad3093c7c069d6ab4403730009ebafeea9ee37 in mainline linux
jsg [Thu, 24 Feb 2022 13:06:39 +0000 (13:06 +0000)]
drm/i915/ttm: tweak priority hint selection
From Matthew Auld
79bdf56cc55d103f2a276318fd973a296a110b95 in linux 5.15.y/5.15.25
0bdc0a0699929c814a8aecd55d2accb8c11beae2 in mainline linux
jsg [Thu, 24 Feb 2022 13:04:07 +0000 (13:04 +0000)]
drm/i915: Fix mbus join config lookup
From Ville Syrjala
fe802b3fe7631c35abbf280702c5d29b867a1150 in linux 5.15.y/5.15.25
8d9d2a723d64b650f2e6423024ccb4a33f0cdc40 in mainline linux
jsg [Thu, 24 Feb 2022 13:02:08 +0000 (13:02 +0000)]
drm/i915: Fix dbuf slice config lookup
From Ville Syrjala
34f5556ddf2b5fc25696832fa4a1a7013fc80a05 in linux 5.15.y/5.15.25
698bef8ff5d2edea5d1c9d6e5adf1bfed1e8a106 in mainline linux
jsg [Thu, 24 Feb 2022 12:59:55 +0000 (12:59 +0000)]
drm/i915/opregion: check port number bounds for SWSCI display power state
From Jani Nikula
d006f2fe7d627b3ff3f637cf2fa90d30e05887c9 in linux 5.15.y/5.15.25
ea958422291de248b9e2eaaeea36004e84b64043 in mainline linux
jsg [Thu, 24 Feb 2022 12:57:15 +0000 (12:57 +0000)]
drm/amdgpu: skipping SDMA hw_init and hw_fini for S0ix.
From Rajib Mahapatra
960c8a55016bece26140eef7a8077e9dc3709098 in linux 5.15.y/5.15.25
f8f4e2a518347063179def4e64580b2d28233d03 in mainline linux
jsg [Thu, 24 Feb 2022 12:54:50 +0000 (12:54 +0000)]
drm/amd/pm: correct the sequence of sending gpu reset msg
From Yifan Zhang
3851046599c1907c956b126bac18c4b84bf6a16b in linux 5.15.y/5.15.25
9c4f59ea3f865693150edf0c91d1cc6b451360dd in mainline linux
jsg [Thu, 24 Feb 2022 12:52:42 +0000 (12:52 +0000)]
drm/atomic: Don't pollute crtc_state->mode_blob with error pointers
From Ville Syrjala
a1596e0277ed430dc2f44b61ebc2c1ecdab718e4 in linux 5.15.y/5.15.25
439cf34c8e0a8a33d8c15a31be1b7423426bc765 in mainline linux
jsg [Thu, 24 Feb 2022 12:49:47 +0000 (12:49 +0000)]
drm/radeon: Fix backlight control on iMac 12,1
From Nicholas Bishop
68f3a4252e9718843bd172f9761267aa288647d0 in linux 5.15.y/5.15.25
364438fd629f7611a84c8e6d7de91659300f1502 in mainline linux
jsg [Thu, 24 Feb 2022 12:47:29 +0000 (12:47 +0000)]
drm/amdgpu: fix logic inversion in check
From Christian Koenig
0fec53c5dca8a218e20b1d3964db23391a689dff in linux 5.15.y/5.15.25
e8ae38720e1a685fd98cfa5ae118c9d07b45ca79 in mainline linux
jsg [Thu, 24 Feb 2022 12:45:37 +0000 (12:45 +0000)]
drm/amd: Only run s3 or s0ix if system is configured properly
From Mario Limonciello
38108fd273acbc6248870a7a3e61714398af6f94 in linux 5.15.y/5.15.25
04ef860469fda6a646dc841190d05b31fae68e8c in mainline linux
jsg [Thu, 24 Feb 2022 12:42:54 +0000 (12:42 +0000)]
drm/amd: add support to check whether the system is set to s3
From Mario Limonciello
72808bb42c87c4887c553ea8d9f4ecaf15d867d3 in linux 5.15.y/5.15.25
f52a2b8badbd24faf73a13c9c07fdb9d07352944 in mainline linux
jsg [Thu, 24 Feb 2022 12:40:35 +0000 (12:40 +0000)]
drm/amd: Warn users about potential s0ix problems
From Mario Limonciello
64519c9e32ac548fd47cf16767f4b779a8cbdd14 in linux 5.15.y/5.15.25
a6ed2035878e5ad2e43ed175d8812ac9399d6c40 in mainline linux
claudio [Thu, 24 Feb 2022 08:45:00 +0000 (08:45 +0000)]
Regen most of the config output. With support for alternating ports the
moment when the default listeners are added to the config got moved into
parse_config() and so is now visible in the printed config. Showing the
listen on statements is probably a good thing.
Failure noticed by anton@
tb [Thu, 24 Feb 2022 08:35:45 +0000 (08:35 +0000)]
Minor tweaks
i is a silly name for BN_num_bits(dsa->q); move a comment for readability.
tb [Thu, 24 Feb 2022 08:31:11 +0000 (08:31 +0000)]
Add sanity checks on p and q in old_dsa_priv_decode()
dsa_do_verify() has checks on dsa->p and dsa->q that ensure that p isn't
overly long and that q has one of the three allowed lengths specified in
FIPS 186-3, namely 160, 224, or 256.
Do these checks on deserialization of DSA keys without parameters. This
means that we will now reject keys we would previously deserialize. Such
keys are useless in that signatures generated by them would be rejected
by both LibreSSL and OpenSSL.
This avoids a timeout flagged in oss-fuzz #26899 due to a ridiculous
DSA key whose q has size 65KiB. The timeout comes from additional checks
on DSA keys added by miod in dsa_ameth.c r1.18, especially checking such
a humungous number for primality is expensive.
ok jsing
mvs [Thu, 24 Feb 2022 07:43:02 +0000 (07:43 +0000)]
regen
mvs [Thu, 24 Feb 2022 07:41:51 +0000 (07:41 +0000)]
Unlock getsockname(2) syscall. For inet and UNIX sockets it fills passed
'sockaddr' structure with socket's address. For key management and route
domain sockets it just returns error.
ok bluhm@
guenther [Thu, 24 Feb 2022 07:08:21 +0000 (07:08 +0000)]
Fix PIC_SYM() macro: it never needs to token paste, so it's not
dependent on __STDC__ and doesn't need the ## operator.
ok jsg@
dlg [Thu, 24 Feb 2022 03:57:06 +0000 (03:57 +0000)]
document the tunnel ioctls that vxlan supports.
i need to add the bridge ioctls i copes with at some point.
dlg [Thu, 24 Feb 2022 03:25:18 +0000 (03:25 +0000)]
slight wording tweak
bluhm [Wed, 23 Feb 2022 22:50:32 +0000 (22:50 +0000)]
Prints in iked fuzzer fill 77% of full regress output. Nobody wants
to see 23.2 MB text output unless when debugging a failure. And
then a logfile is better than stderr.
OK claudio@
djm [Wed, 23 Feb 2022 21:21:49 +0000 (21:21 +0000)]
free(3) wants stdlib.h
djm [Wed, 23 Feb 2022 21:21:16 +0000 (21:21 +0000)]
put back the scp manpage changes for SFTP mode too
deraadt [Wed, 23 Feb 2022 19:13:29 +0000 (19:13 +0000)]
sync
deraadt [Wed, 23 Feb 2022 19:01:00 +0000 (19:01 +0000)]
and we go back to testing sftp-scp after the 8.9 release...
dlg [Wed, 23 Feb 2022 13:37:06 +0000 (13:37 +0000)]
better help for getting addresses for dgrams received with divert-to.
getsockname is for connected sockets, not all sockets. dgrams need
to use some setsockopt stuff and cmsgs to get packet info like that.
suggested by K R on bugs@
sthen [Wed, 23 Feb 2022 12:12:11 +0000 (12:12 +0000)]
merge upstream commit to unbound: "Fix that TCP interface does not use
TLS when TLS is also configured"
sthen [Wed, 23 Feb 2022 12:04:05 +0000 (12:04 +0000)]
merge unbound 1.15.0
sthen [Wed, 23 Feb 2022 11:57:23 +0000 (11:57 +0000)]
update to unbound 1.15.0, ok florian@
claudio [Wed, 23 Feb 2022 11:20:35 +0000 (11:20 +0000)]
Make it possible to bind and connect to non-default ports. This is mainly
for testing. Using alternate ports does not work for session using ipsec.
OK tb@ deraadt@
djm [Wed, 23 Feb 2022 11:18:13 +0000 (11:18 +0000)]
avoid integer overflow of auth attempts (harmless, caught by monitor)
djm [Wed, 23 Feb 2022 11:17:10 +0000 (11:17 +0000)]
randomise the password used in fakepw
djm [Wed, 23 Feb 2022 11:15:57 +0000 (11:15 +0000)]
use asprintf to construct .rhosts paths
djm [Wed, 23 Feb 2022 11:07:09 +0000 (11:07 +0000)]
openssh-8.9
martijn [Wed, 23 Feb 2022 10:28:05 +0000 (10:28 +0000)]
Interface index 1 doesn't need to have an lladdr.
Found by anton@ who has enc0 on index 1 on his arm64 regress machine.
with and OK anton@
jsg [Wed, 23 Feb 2022 07:16:26 +0000 (07:16 +0000)]
unifdef __ELF__
ok guenther@
tb [Tue, 22 Feb 2022 23:25:44 +0000 (23:25 +0000)]
whitespace
tb [Tue, 22 Feb 2022 23:24:09 +0000 (23:24 +0000)]
Check asprintf() return to avoid crashing in strcmp().
ok deraadt millert
kettenis [Tue, 22 Feb 2022 20:37:19 +0000 (20:37 +0000)]
Fix thinko in construction of SMC key for the targeted GPIO pin.
visa@
deraadt [Tue, 22 Feb 2022 20:00:11 +0000 (20:00 +0000)]
sync
millert [Tue, 22 Feb 2022 17:42:52 +0000 (17:42 +0000)]
Use sizeof() instead of KI_MAXCOMLEN and KI_WMESGLEN in structs.
This way we keep the size of the strings in the private struct in
sync with what the kernel gives us. OK deraadt@
deraadt [Tue, 22 Feb 2022 17:35:01 +0000 (17:35 +0000)]
MAXCOMLEN is no longer needed in these programs, so remove the annotation
from sys/param.h include lines, or remove the include lines entirely if
it this was the least requirement.
ok millert
deraadt [Tue, 22 Feb 2022 17:31:31 +0000 (17:31 +0000)]
Since ktr_comm is now a string, we do not need MAXCOMLEN to limit printf.
And thus, sys/param.h is not needed either.
ok millert
deraadt [Tue, 22 Feb 2022 17:30:07 +0000 (17:30 +0000)]
Instead of using MAXCOMLEN from sys/param.h, use KI_MAXCOMLEN as width,
from sysctl.h. This isn't a perfect transition, still thinking about
other ways to do it.
ok millert
deraadt [Tue, 22 Feb 2022 17:26:04 +0000 (17:26 +0000)]
Since other exported commandnames were increased to 24 and graduated into
proper strings, adapt dt's exported string in the same way.
Old/new files/tools will not work the same way.
That this interface needs to also change was pointed out by jsg
claudio [Tue, 22 Feb 2022 17:24:12 +0000 (17:24 +0000)]
Convert parse.y to use stdint.h types uintX_t instead of u_intX_t
OK tb@
deraadt [Tue, 22 Feb 2022 17:22:28 +0000 (17:22 +0000)]
Since other exported commandnames were increased to 24 and graduated into
proper strings, adapt struct acct's ac_comm similarily. While here increase
ac_mem to 32-bits, increase ac_flag from 8 to 32 bits for future extensions,
add ac_pid for forensics, and reorder the structure to avoid compiler pads.
More work remains in the sa(8) command to use ac_pid better.
This is a flag day for the acct file format, new/old files/tools are incompatible.
ok bluhm millert
deraadt [Tue, 22 Feb 2022 17:14:13 +0000 (17:14 +0000)]
Start using new _MAXCOMLEN (a proper string expanded to 24 bytes
including the NUL), in all internal interafaces, and expose this
in ktrace, core, or proc.h visibility.
ok millert
deraadt [Tue, 22 Feb 2022 17:05:51 +0000 (17:05 +0000)]
sysctl already passed the commandname as a 24-byte string KI_MAXCOMLEN
because it was padded. Define it in terms of _MAXCOMLEN from syslimits.h
ok millert
deraadt [Tue, 22 Feb 2022 17:04:29 +0000 (17:04 +0000)]
Define MAXCOMLEN in terms of _MAXCOMLEN (-1, because MAXCOMLEN does not
have the terminating NUL). In the near future, fewer programs will use
this yucky non-string, some kernel:userland interfaces will to change to
pass a proper string.
ok millert
deraadt [Tue, 22 Feb 2022 16:58:08 +0000 (16:58 +0000)]
Add _MAXCOMLEN to syslimits, it is 24, and includes the NUL. Following
commits will change sys/param.h MAXCOMLEN, sys/sysctl.h KI_MAXCOMLEN,
sys/acct.h ac_comm[], dev/ic/dtvar.h DTMAXCOMLEN to use this, and also
adapt most to the included NUL correctly. This will allow us to remove
sys/param.h include from userland base.
sys/syslimits.h is chosen as the best place for this define because it
has very small namespace which is already pulled in often.
ok millert
rob [Tue, 22 Feb 2022 16:14:38 +0000 (16:14 +0000)]
Pledge stdio.
Ok millert@
rob [Tue, 22 Feb 2022 16:08:59 +0000 (16:08 +0000)]
Remove -v option from usage.
Ok millert@
martijn [Tue, 22 Feb 2022 15:59:13 +0000 (15:59 +0000)]
requestid is a 32 bit integer, make sure that we request that with
ober_scanf_elements.
Found the hard way on octeon and patch tested by sebastian <at> rostwald
<dot> de
OK tb
millert [Tue, 22 Feb 2022 15:15:34 +0000 (15:15 +0000)]
Add a seq(1) command, similar to what is present in GNU and Plan9.
Adapted from the NetBSD version with some changes from FreeBSD.
OK gnezdo@
claudio [Tue, 22 Feb 2022 13:47:21 +0000 (13:47 +0000)]
The fuzzer logs everything to syslog, this is not what we want.
Call log_init() and set debug but clear verbose afterwards with
log_setverbose(0) still the fuzzer is very verbose.
OK millert@ some time ago
tb [Tue, 22 Feb 2022 13:45:09 +0000 (13:45 +0000)]
Plug leak in ec_key_create()
EVP_PKEY_set1_EC_KEY() bumps the refcount of eckey, so eckey won't be
freed at the end of keyproc() or acctproc(), which means that secrets
aren't wiped. Move EC_KEY_free() to the out label, so that the refcount
is decremented or the key freed, as appropriate.
tested/ok claudio
visa [Tue, 22 Feb 2022 13:34:23 +0000 (13:34 +0000)]
Remove extra ;
No functional change.
nicm [Tue, 22 Feb 2022 13:31:18 +0000 (13:31 +0000)]
Do not attempt to update focus (and crash) when there is no previous window.
tb [Tue, 22 Feb 2022 12:38:30 +0000 (12:38 +0000)]
whitespace/KNF
tb [Tue, 22 Feb 2022 12:36:17 +0000 (12:36 +0000)]
acme-client: only warn on PEM_write_ECPrivateKey() failure instead
of everytime ec_create_key() is called.
From wolf at wolfsden dot cz
ok florian
job [Tue, 22 Feb 2022 12:08:22 +0000 (12:08 +0000)]
Clarify RTR and roa-set sections
OK claudio@
nicm [Tue, 22 Feb 2022 11:10:41 +0000 (11:10 +0000)]
Add next_session_id format with the next session ID, GitHub issue 3078.
nicm [Tue, 22 Feb 2022 11:07:25 +0000 (11:07 +0000)]
Initialize copy_width before adjusting it, GitHub issue 3079.
nicm [Tue, 22 Feb 2022 11:01:57 +0000 (11:01 +0000)]
Use correct size for screen when popup is created without borders.
nicm [Tue, 22 Feb 2022 10:53:34 +0000 (10:53 +0000)]
Add window-resized hook to man page, from Thomas Adam.
bluhm [Tue, 22 Feb 2022 10:53:10 +0000 (10:53 +0000)]
Update libexpat to 2.4.6. This fixes CVE-2022-25235, CVE-2022-25236
CVE-2022-25313, CVE-2022-25314, and CVE-2022-25315. Relevant for
OpenBSD are security fixes #558 #559 #560 #561 #562 and bug fixes
#566. No library bump necessary.
OK tb@
dlg [Tue, 22 Feb 2022 09:55:54 +0000 (09:55 +0000)]
don't hide the mtu on "bridge" interfaces.
interfaces like vxlan and nvgre have bridges inside them and respond
to bridge ioctls, but they are still interfaces that handle l3
traffic so the mtu means something on them. if we don't want bridge
to show an mtu, that can be done by bridge(4) instead of having
ifconfig make assumptions like this.
noticed by jason tubnor
ok deraadt@ claudio@
mestre [Tue, 22 Feb 2022 08:20:35 +0000 (08:20 +0000)]
disable further calls to unveil(2)
pointed out by brynet@
visa [Tue, 22 Feb 2022 07:47:46 +0000 (07:47 +0000)]
Clear frame pointer in cpu_fork() on riscv64
This ensures the chain of call frames is terminated properly, preventing
errors when unwinding kernel stacks.
OK miod@ kettenis@
visa [Tue, 22 Feb 2022 07:46:04 +0000 (07:46 +0000)]
ddb: Improve stack unwinding on riscv64
Add logic to navigate across trapframes. Stop unwinding if the frame
pointer is clearly bad. Adjust output, and tweak details.
OK miod@ kettenis@
projects / openbsd / log