openbsd
6 months agoAdd regress coverage for BN_lebin2bn().
jsing [Wed, 17 Apr 2024 08:51:11 +0000 (08:51 +0000)]
Add regress coverage for BN_lebin2bn().

6 months agoRevert previous, it breaks IPv6 on loopback interfaces.
florian [Wed, 17 Apr 2024 08:36:30 +0000 (08:36 +0000)]
Revert previous, it breaks IPv6 on loopback interfaces.

Reported by bket & anton

6 months agoAvoid NULL dereference in EVP_PKEY_paramgen()
tb [Wed, 17 Apr 2024 08:24:11 +0000 (08:24 +0000)]
Avoid NULL dereference in EVP_PKEY_paramgen()

If EVP_PKEY_new() returns NULL, it would be passed to the paramgen() pmeth
which would typically dereference it. This is identical to a recent change
in keygen().

ok jsing

6 months agoOnly use the first egress interface in $IFIDX and $IFLLADDR. Systems
claudio [Wed, 17 Apr 2024 06:18:18 +0000 (06:18 +0000)]
Only use the first egress interface in $IFIDX and $IFLLADDR. Systems
can have more then one interface.
This only works if ther first egress interface is a ethernet interface
(P2P interfaces have no LLADDR) but that was already buggy before this.
OK bluhm@ martijn@

6 months agoUse $_disk consistently over $1 in md_installboot(); no functional change
kn [Wed, 17 Apr 2024 04:36:39 +0000 (04:36 +0000)]
Use $_disk consistently over $1 in md_installboot();  no functional change

Somehow I did not amend those right away when adding local _disk in r1.43

6 months agoopenssl req: plug obvious leak
tb [Wed, 17 Apr 2024 01:24:43 +0000 (01:24 +0000)]
openssl req: plug obvious leak

CID 492603

6 months agoSwitch tar(1) write default format to 'pax'
jca [Tue, 16 Apr 2024 23:09:35 +0000 (23:09 +0000)]
Switch tar(1) write default format to 'pax'

Lets us store longer file names, link names, finer grained timestamps,
larger archive member files, etc; at the expense of larger uncompressed
archives and less widespread support across the ecosystem.  If you're
unhappy with the new defaults, you can use -F ustar.  Or you can help
fix bugs / find a better middle ground.

Prodding from various including job@ and deraadt@
ok sthen@ caspar@ millert@

6 months agoFix reading large pax extended records
jca [Tue, 16 Apr 2024 22:58:10 +0000 (22:58 +0000)]
Fix reading large pax extended records

512 bytes isn't enough if you want to store rather large but still
useful long file names or symbolic links destinations.  The best way to
size the buffer to read those records is based upon the largest paths
pax(1) can handle, and that is PAXPATHLEN.

Reported by caspar@, input and ok millert@

6 months agoFix pasto: broken storage of symbolic link long destinations in pax format
jca [Tue, 16 Apr 2024 20:51:11 +0000 (20:51 +0000)]
Fix pasto: broken storage of symbolic link long destinations in pax format

6 months agoRevert wip patch, not intended for commit
jca [Tue, 16 Apr 2024 19:09:06 +0000 (19:09 +0000)]
Revert wip patch, not intended for commit

6 months agoAdd tar(1) -F option to select write format
jca [Tue, 16 Apr 2024 19:04:11 +0000 (19:04 +0000)]
Add tar(1) -F option to select write format

We want to move towards 'pax' as the default format for writing, this
option lets users downgrade to -F ustar where the 'pax' format isn't
convenient/usable (same as -x <format> in pax(1)).

-F <format> is more generic than -o/-O. -H (GNU tar) was already used
and we don't want long options so --format (NetBSD/FreeBSD) is excluded
too.

ok sthen@ caspar@ millert@

6 months agoCorrectly detect 'pax' format archives in append mode
jca [Tue, 16 Apr 2024 18:52:43 +0000 (18:52 +0000)]
Correctly detect 'pax' format archives in append mode

We expect that existing pax archives start with a global or extended
header. If they don't, append operations will be done using ustar
format.

Fixes append mode on pax archives where pax(1) would bail out when
appending to pax archives, falsely detecting a mismatch.  Reading was
unaffected.  Reported by caspar@, ok caspar@ millert@

6 months agoFix key share negotiation in HRR case
tb [Tue, 16 Apr 2024 17:46:30 +0000 (17:46 +0000)]
Fix key share negotiation in HRR case

In the ClientHello retrying the handshake after a HelloRetryRequest, the
client must send a single key share matching the group selected by the
server in the HRR. This is not necessarily the mutually preferred group.
Incorrect logic added in ssl_tlsect.c r1.134 would potentially reject
such a key share because of that.

Instead, add logic to ensure on the server side that there is a single
share matching the group we selected in the HRR.

Fixes a regress test in p5-IO-Socket-SSL where server is configured
with P-521:P-384 and the client with P-256:P-384:P-521. Since the
client sends an initial P-256 key share, a HRR is triggered which
the faulty logic rejected because it was not the mutually preferred
P-384 but rather matching the server-selected P-521.

This will need some deduplication in subsequent commits. We may also
want to consider honoring the mutual preference and request a key
accordingly in the HRR.

reported by bluhm, fix suggested by jsing
ok beck jsing

6 months agoPrevent toctu issues in static file serving and auto index generation.
florian [Tue, 16 Apr 2024 17:15:50 +0000 (17:15 +0000)]
Prevent toctu issues in static file serving and auto index generation.

This fixes a problem in passing, reported by matthieu@ where httpd
would return 500 Internal Server Error when it could stat(2) but not
open(2) a file. The correct error code is 403.

testing matthieu
ok tobhe, tl;dr ok stsp
input & OK deraadt

6 months agoUpdate Spleen kernel fonts to version 2.1.0, bringing the following
fcambus [Tue, 16 Apr 2024 17:15:15 +0000 (17:15 +0000)]
Update Spleen kernel fonts to version 2.1.0, bringing the following
improvements:

- Fix latin small letter 'u' smoothing in the 32x64 version

6 months agoDestination addresses make no sense on loopback interfaces.
florian [Tue, 16 Apr 2024 14:37:49 +0000 (14:37 +0000)]
Destination addresses make no sense on loopback interfaces.

While here use (variable & FLAG) or !(variable & FLAG) consistently in
in6_update_ifa().

Discussed with claudio
OK denis

6 months agoInvert BN_BITS2 handling in bn_bin2bn_cbs() and bn_hex2bn_cbs().
jsing [Tue, 16 Apr 2024 13:14:46 +0000 (13:14 +0000)]
Invert BN_BITS2 handling in bn_bin2bn_cbs() and bn_hex2bn_cbs().

This results in simpler code.

Suggested by tb@ during review.

6 months agoRewrite BN_bin2bn() using CBS.
jsing [Tue, 16 Apr 2024 13:11:37 +0000 (13:11 +0000)]
Rewrite BN_bin2bn() using CBS.

ok tb@

6 months agoProvide bn_expand_bytes().
jsing [Tue, 16 Apr 2024 13:07:14 +0000 (13:07 +0000)]
Provide bn_expand_bytes().

This will be used in an upcoming change.

ok tb@

6 months agoRename bn_expand() to bn_expand_bits().
jsing [Tue, 16 Apr 2024 13:04:05 +0000 (13:04 +0000)]
Rename bn_expand() to bn_expand_bits().

Also change the bits type from int to size_t, since that's what the callers
are passing and we can avoid unnecessary input validation.

ok tb@

6 months agoUse route cache function in IP input.
bluhm [Tue, 16 Apr 2024 12:56:39 +0000 (12:56 +0000)]
Use route cache function in IP input.

Instaed of passing a struct rtentry from ip_input() to ip_forward()
and then embed it into a struct route for ip_output(), start with
struct route and pass it along.  Then the route cache is used
consistently.  Also the route cache hit and missed counters should
reflect reality after this commit.

There is a small difference in the code.  in_ouraddr() checks for
NULL and not rtisvalid().  Previous discussion showed that the route
RTF_UP flag should only be considered for multipath routing.
Otherwise it does not mean anything.  Especially the local and
broadcast check in in_ouraddr() should not be affected by interface
link status.

When doing cache lookups, route must be valid, but after rtalloc_mpath()
lookup, use any route that route_mpath() returns.

OK claudio@

6 months agoRun raw IPv6 input in parallel.
bluhm [Tue, 16 Apr 2024 12:40:40 +0000 (12:40 +0000)]
Run raw IPv6 input in parallel.

Get rip6_input() in the same shape as rip_input().  Call
soisdisconnected() from rip6_disconnect().  This means that the raw
IP socket cannot be reconnected later.  Now raw IPv6 behaves like
IPv4 in this regard, KAME code is quite inconsistent here.  Also
make sure that there is no race between disconnect, input and wakeup.
The inpcb fileds inp_icmp6filt and inp_cksum6 are protected by
exclusive net lock in icmp6_ctloutput().  With all that, mark raw
IPv6 sockets to handle input in parallel.

OK mvs@

6 months agoremove unused functions; ok tb@
jsg [Tue, 16 Apr 2024 10:19:00 +0000 (10:19 +0000)]
remove unused functions; ok tb@

6 months agoCall bufq_destroy() in swap_off for the VREG case since swap_on() called
claudio [Tue, 16 Apr 2024 10:06:37 +0000 (10:06 +0000)]
Call bufq_destroy() in swap_off for the VREG case since swap_on() called
bufq_init(). Similar issue as the use-after-free in mfs.
Missing call noticed by jsg@
OK deraadt@ mpi@

6 months agoCall bufq_destroy() in mfs_reclaim() before freeing the mfsnode.
claudio [Tue, 16 Apr 2024 10:04:41 +0000 (10:04 +0000)]
Call bufq_destroy() in mfs_reclaim() before freeing the mfsnode.
This fixes a use-after-free bug in bufq_quiesce() once a mfs partition
was unmounted.
OK mpi@ deraadt@

6 months agoPrevent a NULL dereference in error code path.
mpi [Tue, 16 Apr 2024 08:53:02 +0000 (08:53 +0000)]
Prevent a NULL dereference in error code path.

Under memory pressure allocating an amap chunk can fail.  In such case it
is not possible to call amap_wipeout() because the newly allocated amap
isn't yet on the global list.

Issue reported by bluhm@, ok jsg@

6 months agosort
tb [Tue, 16 Apr 2024 07:34:18 +0000 (07:34 +0000)]
sort

6 months agoAmend previous: improve comment
caspar [Mon, 15 Apr 2024 22:07:08 +0000 (22:07 +0000)]
Amend previous: improve comment

6 months agoDon't take solock() in soreceive() for udp(4) sockets.
mvs [Mon, 15 Apr 2024 21:31:29 +0000 (21:31 +0000)]
Don't take solock() in soreceive() for udp(4) sockets.

These sockets are not connection oriented, they don't call pru_rcvd(),
but they have splicing ability and they set `so_error'.

Splicing ability is the most problem. However, we can hold `sb_mtx'
around `ssp_socket' modifications together with solock(). So the
`sb_mtx' is pretty enough to isspiced() check in soreceive(). The
unlocked `so_sp' dereference is fine, because we set it only once for
the whole socket life-time and we do this before `ssp_socket'
assignment.

We also need to take sblock() before splice sockets, so the sosplice()
and soreceive() are both serialized. Since `sb_mtx' required to unsplice
sockets too, it also serializes somove() with soreceive() regardless on
somove() caller.

The sosplice() was reworked to accept standalone sblock() for udp(4)
sockets.

soreceive() performs unlocked `so_error' check and modification.
Previously, we have no ability to predict which concurrent soreceive()
or sosend() thread will fail and clean `so_error'. With this unlocked
access we could have sosend() and soreceive() threads which fails
together.

`so_error' stored to local `error2' variable because `so_error' could be
overwritten by concurrent sosend() thread.

Tested and ok bluhm

6 months agoDelete unused inp_csumoffset define.
bluhm [Mon, 15 Apr 2024 18:31:04 +0000 (18:31 +0000)]
Delete unused inp_csumoffset define.

OK mvs@

6 months agoSwitch pax(1) to write archives using the 'pax' format by default
jca [Mon, 15 Apr 2024 17:33:10 +0000 (17:33 +0000)]
Switch pax(1) to write archives using the 'pax' format by default

ramdisk versions will keep using ustar for writing.

ok millert@

6 months agoRemove workarounds for unprototyped symbols
tb [Mon, 15 Apr 2024 16:49:13 +0000 (16:49 +0000)]
Remove workarounds for unprototyped symbols

6 months agoSync with font module variable namespacing changes.
bentley [Mon, 15 Apr 2024 16:11:01 +0000 (16:11 +0000)]
Sync with font module variable namespacing changes.

ok sthen@

6 months agoInclude the correct header
tb [Mon, 15 Apr 2024 16:05:49 +0000 (16:05 +0000)]
Include the correct header

6 months agosync libressl bump
tb [Mon, 15 Apr 2024 16:04:02 +0000 (16:04 +0000)]
sync libressl bump

6 months agocrank libtls like libcrypto and libssl
tb [Mon, 15 Apr 2024 16:01:23 +0000 (16:01 +0000)]
crank libtls like libcrypto and libssl

6 months agocrank libssl major after libcrypto major and symbol removal
tb [Mon, 15 Apr 2024 16:00:51 +0000 (16:00 +0000)]
crank libssl major after libcrypto major and symbol removal

6 months agoUnexport SSL_version_str
tb [Mon, 15 Apr 2024 16:00:05 +0000 (16:00 +0000)]
Unexport SSL_version_str

ok jsing

6 months agocrank libcrypto major after symbol removal
tb [Mon, 15 Apr 2024 15:58:55 +0000 (15:58 +0000)]
crank libcrypto major after symbol removal

6 months agoBye, bye, OPENSSL_str{,n}casecmp()
tb [Mon, 15 Apr 2024 15:55:01 +0000 (15:55 +0000)]
Bye, bye, OPENSSL_str{,n}casecmp()

ok jsing

6 months agoAnd a pile of TS ASN.1 stuff becomes internal-only, too
tb [Mon, 15 Apr 2024 15:52:46 +0000 (15:52 +0000)]
And a pile of TS ASN.1 stuff becomes internal-only, too

ok jsing

6 months agoX509_NAME_ENTRIES_it and X509_NAME_INTERNAL_it go internal
tb [Mon, 15 Apr 2024 15:52:01 +0000 (15:52 +0000)]
X509_NAME_ENTRIES_it and X509_NAME_INTERNAL_it go internal

It's always good to see something called internal in the public API.

ok jsing

6 months agoAnd here go {,EC}DSA_SIG_it
tb [Mon, 15 Apr 2024 15:49:37 +0000 (15:49 +0000)]
And here go {,EC}DSA_SIG_it

ok jsing

6 months agoAdd scandirat(3); from freebsd
florian [Mon, 15 Apr 2024 15:47:58 +0000 (15:47 +0000)]
Add scandirat(3); from freebsd

To be used in httpd(8) shortly to prevent toctu issues.

This makes __fdopendir internally accessible to avoid unnecessary
syscalls in scandirat(3). Suggested & diff by guenther

suggested by & OK millert
tweak & OK guenther
OK tb, jca

This rides the libc crank.

6 months agoDHparam_it becomes static, too
tb [Mon, 15 Apr 2024 15:47:37 +0000 (15:47 +0000)]
DHparam_it becomes static, too

ok jsing

6 months agoMore X9.62 stuff was never used outside of ec_asn1.c
tb [Mon, 15 Apr 2024 15:46:29 +0000 (15:46 +0000)]
More X9.62 stuff was never used outside of ec_asn1.c

We only need the ASN.1 items.

ok jsing

6 months agoEC_PRIVATEKEY becomes internal-only, too
tb [Mon, 15 Apr 2024 15:44:15 +0000 (15:44 +0000)]
EC_PRIVATEKEY becomes internal-only, too

ok jsing

6 months agoUnexport the ECPKPARAMETERS API
tb [Mon, 15 Apr 2024 15:42:23 +0000 (15:42 +0000)]
Unexport the ECPKPARAMETERS API

ok jsing

6 months agoMake ECPARAMETERS_{new,free,it} internal-only
tb [Mon, 15 Apr 2024 15:41:27 +0000 (15:41 +0000)]
Make ECPARAMETERS_{new,free,it} internal-only

ok jsing

6 months agoMove BIO_CONNECT_{new,free}() to internal-only
tb [Mon, 15 Apr 2024 15:40:08 +0000 (15:40 +0000)]
Move BIO_CONNECT_{new,free}() to internal-only

ok jsing

6 months agoRemove ASN1_time_clamp_not_after() from Symbols.list
tb [Mon, 15 Apr 2024 15:37:37 +0000 (15:37 +0000)]
Remove ASN1_time_clamp_not_after() from Symbols.list

This was only ever semi-public and libtls no longer uses it since it was
switched to the BoringSSL POSIX time API.

ok jsing

6 months agosync libc bump
tb [Mon, 15 Apr 2024 15:34:11 +0000 (15:34 +0000)]
sync libc bump

6 months agowhee libc 100. break all the things
tb [Mon, 15 Apr 2024 15:32:12 +0000 (15:32 +0000)]
whee libc 100. break all the things

6 months agoremove unused __bswap16, __bswap32 MD functions from arm and aarch64
naddy [Mon, 15 Apr 2024 15:21:11 +0000 (15:21 +0000)]
remove unused __bswap16, __bswap32 MD functions from arm and aarch64

ok miod@

6 months agoRegen after sigsuspend and __thrsigdivert unlock
claudio [Mon, 15 Apr 2024 15:09:26 +0000 (15:09 +0000)]
Regen after sigsuspend and __thrsigdivert unlock

6 months agosigsuspend and __thrsigdivert no longer require the KERNEL_LOCK since
claudio [Mon, 15 Apr 2024 15:08:20 +0000 (15:08 +0000)]
sigsuspend and __thrsigdivert no longer require the KERNEL_LOCK since
dosigsuspend() no longer needs it.
OK mvs@ mpi@

6 months agoEnable negative zero checks for BN_clear_bit() and BN_mask_bits().
jsing [Mon, 15 Apr 2024 14:36:16 +0000 (14:36 +0000)]
Enable negative zero checks for BN_clear_bit() and BN_mask_bits().

6 months agoPrevent negative zero from being created via BN bit functions.
jsing [Mon, 15 Apr 2024 14:35:25 +0000 (14:35 +0000)]
Prevent negative zero from being created via BN bit functions.

Both BN_clear_bit() and BN_mask_bits() can create zero values - in both
cases ensure that the negative sign is correctly handled if the value
becomes zero.

Thanks to Guido Vranken for providing a reproducer.

Fixes oss-fuzz #67901

ok tb@

6 months agodrop htonl(), htons(), ntohl(), ntohs() MD functions from libc
naddy [Mon, 15 Apr 2024 14:30:48 +0000 (14:30 +0000)]
drop htonl(), htons(), ntohl(), ntohs() MD functions from libc

Userland code compiled in a normal fashion picks up the htonl(),
htons(), ntohl(), ntohs() macros implemented by endian.h.  The
functions in libc are effectively unused.  Keep the MI functions
in case something looks for the symbols in libc or plays games
with #undef, but change them to wrap the implementation from
endian.h.

tweaks suggested by claudio@, ok miod@

6 months agoDon't wait forever in nvme_poll(). Respect the timeout provided by a scsi_xfer.
krw [Mon, 15 Apr 2024 14:25:10 +0000 (14:25 +0000)]
Don't wait forever in nvme_poll(). Respect the timeout provided by a scsi_xfer.
Define values for internal commands (identity and queue ops) that are polled.

Adapted from work by jdolecek@netbsd.

Feedback/suggestions deraadt@, testing by jca@, ok jmatthew@.

6 months agohint that the tcp timeout values can be adjusted collectively via
jmc [Mon, 15 Apr 2024 14:06:52 +0000 (14:06 +0000)]
hint that the tcp timeout values can be adjusted collectively via
"set optimization"; from jesper wallin

ok bluhm

6 months agodocument tcp.tsdiff; from jesper wallin
jmc [Mon, 15 Apr 2024 14:04:49 +0000 (14:04 +0000)]
document tcp.tsdiff; from jesper wallin
ok bluhm

6 months agoDon't hang in nvme_poll() if the nvme controller has disconnected from the pcie
krw [Mon, 15 Apr 2024 13:58:48 +0000 (13:58 +0000)]
Don't hang in nvme_poll() if the nvme controller has disconnected from the pcie
bus. i.e. if register reads start returning 0xffffffff.

Feedback/suggestions deraadt@, testing by jca@, ok jmatthew@.

6 months agoUse the manifest location as additional differentiator when comparing CRLs
job [Mon, 15 Apr 2024 13:57:45 +0000 (13:57 +0000)]
Use the manifest location as additional differentiator when comparing CRLs

OK tb@

6 months agoSync to autoconf 2.71 upstream built infrastructure
florian [Mon, 15 Apr 2024 12:44:24 +0000 (12:44 +0000)]
Sync to autoconf 2.71 upstream built infrastructure

This reduces the diff when doing updates considerably.
No change in .o files.

Much help & OK sthen

6 months agoFixes for memory leaks reported by Lu Ming Yin, fixes from Howard Chu.
nicm [Mon, 15 Apr 2024 08:19:55 +0000 (08:19 +0000)]
Fixes for memory leaks reported by Lu Ming Yin, fixes from Howard Chu.

6 months agoadd an EXAMPLES section with a simple config file, similar to the wireless
jmc [Mon, 15 Apr 2024 06:12:46 +0000 (06:12 +0000)]
add an EXAMPLES section with a simple config file, similar to the wireless
pages;

started by a request from julian huhn, and adapted from a diff from
gerhard;

feedback claudio kevlo sthen gerhard
ok kevlo

6 months agodrm: Check polling initialized before enabling in drm_helper_probe_single_connector_modes
jsg [Mon, 15 Apr 2024 01:48:11 +0000 (01:48 +0000)]
drm: Check polling initialized before enabling in drm_helper_probe_single_connector_modes

From Shradha Gupta
5c1dc516f52a5a0c0370086509ec12e6c3acb428 in linux-6.6.y/6.6.27
048a36d8a6085bbd8ab9e5794b713b92ac986450 in mainline linux

6 months agodrm: Check output polling initialized before disabling
jsg [Mon, 15 Apr 2024 01:46:03 +0000 (01:46 +0000)]
drm: Check output polling initialized before disabling

From Shradha Gupta
3d1b47e3a935abd4f258a945db87e7267ff4079c in linux-6.6.y/6.6.27
5abffb66d12bcac84bf7b66389c571b8bb6e82bd in mainline linux

6 months agodrm/amd/display: Fix nanosec stat overflow
jsg [Mon, 15 Apr 2024 01:43:44 +0000 (01:43 +0000)]
drm/amd/display: Fix nanosec stat overflow

From Aric Cyr
953fee8160f1adf2929b9588c043170563c6ac4d in linux-6.6.y/6.6.27
14d68acfd04b39f34eea7bea65dda652e6db5bf6 in mainline linux

6 months agodrm/ttm: return ENOSPC from ttm_bo_mem_space v3
jsg [Mon, 15 Apr 2024 01:42:21 +0000 (01:42 +0000)]
drm/ttm: return ENOSPC from ttm_bo_mem_space v3

From Christian Koenig
852ad6a4f55c1e90123eff6d957119d4d5f27726 in linux-6.6.y/6.6.27
28e5126718c7b306b8c29d2ae8f48417e9303aa1 in mainline linux

6 months agoamdkfd: use calloc instead of kzalloc to avoid integer overflow
jsg [Mon, 15 Apr 2024 01:40:36 +0000 (01:40 +0000)]
amdkfd: use calloc instead of kzalloc to avoid integer overflow

From Dave Airlie
315eb3c2df7e4cb18e3eacfa18a53a46f2bf0ef7 in linux-6.6.y/6.6.27
3b0daecfeac0103aba8b293df07a0cbaf8b43f29 in mainline linux

6 months agoRun raw IP input in parallel.
bluhm [Sun, 14 Apr 2024 20:46:27 +0000 (20:46 +0000)]
Run raw IP input in parallel.

Running raw IPv4 input with shared net lock in parallel is less
complex than UDP.  Especially there is no socket splicing.

New ip_deliver() may run with shared or exclusive net lock.  The
last parameter indicates the mode.  If is is running with shared
netlock and encounters a protocol that needs exclusive lock, the
packet is queued.  Old ip_ours() always queued the packet.  Now it
calls ip_deliver() with shared net lock, and if that cannot handle
the packet completely, the packet is queued and later processed
with exclusive net lock.

In case of an IPv6 header chain, that switches from shared to
exclusive processing, the next protocol and mbuf offset are stored
in a mbuf tag.

OK mvs@

6 months agoTurn sp_tlb_flush_{ctx,pte} into function pointers, and pick one out of three
miod [Sun, 14 Apr 2024 19:08:09 +0000 (19:08 +0000)]
Turn sp_tlb_flush_{ctx,pte} into function pointers, and pick one out of three
flavours: pre-usIII, usIII, and sun4v.

This allows us to get rid of the HORRID_III_HACK define in locore and switch
pre-usIII systems to the older, slightly simpler, code for these routines.

ok claudio@ kettenis@

6 months agoDelete support for the LESSOPEN and LESSCLOSE environment variables
guenther [Sun, 14 Apr 2024 18:11:54 +0000 (18:11 +0000)]
Delete support for the LESSOPEN and LESSCLOSE environment variables
aka the "Input Preprocessor": it's been a source for multiple
security bugs in the past as everything has to deal with handling
arbitrary filenames and generally resulted in multiple TOCTOU issues.
The base system never included a default LESSOPEN setting like some
Linux distributions did, but it's a suds-filled sink full of knives
to try to use safely.

ok tb@ deraadt@ millert@

6 months agot22 and t23 can fail if the first chunk ends up being allocated at
otto [Sun, 14 Apr 2024 17:47:41 +0000 (17:47 +0000)]
t22 and t23 can fail if the first chunk ends up being allocated at
the very end of the page. Circumvent that. Reported by and fix ok
anton@

6 months agostop erroring if <file>.orig exists
phessler [Sun, 14 Apr 2024 17:24:15 +0000 (17:24 +0000)]
stop erroring if <file>.orig exists

OK op@ rsadowski@ kn@

6 months agoFix indent
tb [Sun, 14 Apr 2024 15:41:09 +0000 (15:41 +0000)]
Fix indent

pointed out by jsing

6 months agoDelete a few more GOST remnants
tb [Sun, 14 Apr 2024 14:14:14 +0000 (14:14 +0000)]
Delete a few more GOST remnants

When I unifdefed GOST support, the tree wasn't fully unlocked, so I didn't
want to touch a public header. All this code is in #ifndef OPENSSL_NO_GOST,
which we define.

ok jsing

6 months agoadd maturin as MODPY_PYBUILD backend
sthen [Sun, 14 Apr 2024 12:09:28 +0000 (12:09 +0000)]
add maturin as MODPY_PYBUILD backend

6 months agoZap trailing whitespace.
florian [Sun, 14 Apr 2024 11:21:08 +0000 (11:21 +0000)]
Zap trailing whitespace.

OK tb

6 months agoRemove documentation of no longer available API
tb [Sun, 14 Apr 2024 10:56:18 +0000 (10:56 +0000)]
Remove documentation of no longer available API

6 months agoImplement support for AVX-512. This required some fixes to the so-far
kettenis [Sun, 14 Apr 2024 09:59:04 +0000 (09:59 +0000)]
Implement support for AVX-512.  This required some fixes to the so-far
unused Skylake AVX-512 MDS handler and increases the ci_mds_tmp array to
64 bytes.  With help from guenther@

ok deraadt@, guenther@

6 months agoless: escape newlines in file names
tb [Sun, 14 Apr 2024 08:34:00 +0000 (08:34 +0000)]
less: escape newlines in file names

Newlines in a filename can lead to arbitrary code execution
https://marc.info/?l=oss-security&m=171292433330233&w=2
via LESSOPEN.  The diff is a straightforward adaptation of
https://github.com/gwsw/less/commit/007521ac3c95bc76

The better fix is deleting the misfeatures that are LESSOPEN
and LESSCLOSE which will happen in a separate commit.

diff looks good to guenther

6 months agowith empty body loops, put final semicolon on a new line for readability
jsg [Sun, 14 Apr 2024 03:26:25 +0000 (03:26 +0000)]
with empty body loops, put final semicolon on a new line for readability
ok bluhm@ jca@

6 months agoput loop body on a new line
jsg [Sun, 14 Apr 2024 03:23:13 +0000 (03:23 +0000)]
put loop body on a new line
ok bluhm@ jca@

6 months agoavoid uninitialised var use
jsg [Sun, 14 Apr 2024 00:38:26 +0000 (00:38 +0000)]
avoid uninitialised var use
found by smatch, ok miod@

6 months agocorrect indentation
jsg [Sat, 13 Apr 2024 23:44:11 +0000 (23:44 +0000)]
correct indentation

no functional change, found by smatch warnings
ok miod@ bluhm@

6 months agovmm: protect vmm activation with the vmm_softc rwlock.
dv [Sat, 13 Apr 2024 21:57:22 +0000 (21:57 +0000)]
vmm: protect vmm activation with the vmm_softc rwlock.

Syzbot found a race when enabling vmm mode on multiprocessor systems.

Protect the vmm start/stop lifecycle by taking the write lock used
for protecting the status of the vmm device.

Reported-by: syzbot+6ae9cec00bbe45fd7782@syzkaller.appspotmail.com
ok gnezdo@

6 months agocheck group and world permissions of iked psk files
jrick [Sat, 13 Apr 2024 15:58:10 +0000 (15:58 +0000)]
check group and world permissions of iked psk files

Similar to the permission checks performed on iked.conf(5) due to the
possibility of it containing inline psk strings, require psk files to not be
group writable or world read-writable.

ok tobhe@

6 months agoReadd FFS_MAX_SOFTDEPS define
jca [Sat, 13 Apr 2024 15:08:37 +0000 (15:08 +0000)]
Readd FFS_MAX_SOFTDEPS define

For consistency with other removed indexes which are still around.
No functional change except for the new define.  ok tb@

6 months agoZap unused sd_* softdep sysctl names
jca [Sat, 13 Apr 2024 15:07:10 +0000 (15:07 +0000)]
Zap unused sd_* softdep sysctl names

ok tb@

6 months agoRenove unused function and prototype.
kettenis [Sat, 13 Apr 2024 14:20:48 +0000 (14:20 +0000)]
Renove unused function and prototype.

ok jsg@

6 months agoSplit out Spectre-V2 and Spectre-BHB mitigation code like I did for
kettenis [Sat, 13 Apr 2024 14:19:39 +0000 (14:19 +0000)]
Split out Spectre-V2 and Spectre-BHB mitigation code like I did for
Spectre-V4 a few weeks ago.  Treat Qualcomm Kryo 400 Silver like Cortex-A55
for Spectre-V2 since that is what is is.

ok jsg@

6 months agoError check X509_ALGOR_set0() in {dsa,ec}_pkey_ctrl()
tb [Sat, 13 Apr 2024 14:02:51 +0000 (14:02 +0000)]
Error check X509_ALGOR_set0() in {dsa,ec}_pkey_ctrl()

These are four versions of near identical code: PKCS#7 and CMS controls
for DSA and EC. The checks are rather incomplete and should probably be
merged somehow (see the Ed25519 version in ecx_methods(). For now, only
replace X509_ALGOR_set0() with its internal by_nid() version and, while
there, spell NULL correctly.

ok jca

6 months agosync to unbound 1.19.3
florian [Sat, 13 Apr 2024 13:58:34 +0000 (13:58 +0000)]
sync to unbound 1.19.3

heavy lifting by & OK sthen

6 months agoUnwrap a line for consistency with other copy-pasted versions
tb [Sat, 13 Apr 2024 13:57:54 +0000 (13:57 +0000)]
Unwrap a line for consistency with other copy-pasted versions

6 months agomerge unbound 1.19.3
sthen [Sat, 13 Apr 2024 12:24:57 +0000 (12:24 +0000)]
merge unbound 1.19.3

6 months agoimport unbound 1.19.3, ok florian
sthen [Sat, 13 Apr 2024 12:23:45 +0000 (12:23 +0000)]
import unbound 1.19.3, ok florian

6 months agodocument "psk file path" notation; from josh rickmar
jmc [Sat, 13 Apr 2024 12:11:08 +0000 (12:11 +0000)]
document "psk file path" notation; from josh rickmar
ok tobhe