claudio [Thu, 4 Nov 2021 18:26:48 +0000 (18:26 +0000)]
Cleanup some old XXX needed comments. cert_parse() returns a referenced
x509 object from the call and that reference needs to be freed. There is
a second inside of struct cert but that reference is still held.
So the X509_free() calls are indeed needed and by moving them up a bit
the code gets a bit simpler too.
With and OK tb@
claudio [Thu, 4 Nov 2021 18:00:07 +0000 (18:00 +0000)]
On errors related to the pipes to the childs don't error out right away.
Instead exit the main event loop and use waitpid to know why a child
went away. This should make it hopefully more clear when shit hits the fan.
OK tb@ deraadt@
jan [Thu, 4 Nov 2021 17:50:05 +0000 (17:50 +0000)]
Fix broken "boot device cdrom" feature after a fix in seabios.
seabios fixes wrong LUN handling upstream. Thus, we have to adapt the LUN
of our cdrom bootorder string, too.
ok brynet@, dv@
claudio [Thu, 4 Nov 2021 17:35:09 +0000 (17:35 +0000)]
Instead of creating a struct repo for each unique caRepository URI
use the rsync URI (a base version of caRepository) and the notify URI
to identify repositories. If both rsync URI and notify URI are the same
then the repo is the same. The notify URI is optional and can be NULL
so the lookup needs to be a bit careful.
This reduces the number of struct repos from 26k to around 50.
OK tb@
tobhe [Thu, 4 Nov 2021 14:45:07 +0000 (14:45 +0000)]
The authenticator is removed elsewhere.
ok patrick@
claudio [Thu, 4 Nov 2021 14:24:41 +0000 (14:24 +0000)]
Move and promote getmonotime() to an internal API function.
claudio [Thu, 4 Nov 2021 14:21:19 +0000 (14:21 +0000)]
Use the same spacing for all defines.
kn [Thu, 4 Nov 2021 13:15:13 +0000 (13:15 +0000)]
Fix mandoc HTML rendering for command aliases
Replace hand-rolled parentheses with the proper mdoc(7) macro,
otherwise the closing ")" ends up inside the command description.
Reported by Josh Rickmar, thanks!
jsg [Thu, 4 Nov 2021 12:52:37 +0000 (12:52 +0000)]
revert rev 1.30 of ttm_bo_util.c
Laurence Tratt reported firefox would hard lock a machine
with polaris12 with the ttm change from linux 5.10.77.
robert@ also hit the same problem.
claudio [Thu, 4 Nov 2021 11:32:55 +0000 (11:32 +0000)]
Instead of passing tal descriptions around just pass a tal id and
use a small lookup table to print the description in the output path.
OK tb@
yasuoka [Thu, 4 Nov 2021 04:20:14 +0000 (04:20 +0000)]
Tweaks (improve previous commit)
from jmc
yasuoka [Thu, 4 Nov 2021 03:53:57 +0000 (03:53 +0000)]
Clarify "aes" will accept keys which length is in 128:256 bits. Also
correct "cast" in ipsec.conf.5 to "cast128", add missing
"chacha20-poly1305", and sync iked.conf.5 and ipsec.conf.5 some
places.
ok jmc sthen
deraadt [Wed, 3 Nov 2021 22:00:56 +0000 (22:00 +0000)]
Many downstreams expect ssh to compile as non-C99...
sthen [Wed, 3 Nov 2021 21:40:03 +0000 (21:40 +0000)]
log the interface along with the neighbour ID in various ospfd/ospf6d
messages. ok remi@ benno@
if a neighbour is reachable over multiple network links, some problems
may be related to the link itself rather than the neighbour, so knowing
the interface can be important when trying to locate the source of a
problem.
jmc [Wed, 3 Nov 2021 19:54:28 +0000 (19:54 +0000)]
adjust for perfpolicy being auto by default; ok deraadt
tb [Wed, 3 Nov 2021 18:10:12 +0000 (18:10 +0000)]
When handling CRLF and nulling out the optional CR, point nl at the
right NUL so that valid_url() and the .cer check work.
Tweaked version of a diff by claudio.
ok claudio
claudio [Wed, 3 Nov 2021 17:30:13 +0000 (17:30 +0000)]
Add a test tal that has comments and also comes with CRLF
schwarze [Wed, 3 Nov 2021 15:02:14 +0000 (15:02 +0000)]
document d2i_X509_ALGORS(3) and i2d_X509_ALGORS(3)
claudio [Wed, 3 Nov 2021 14:59:37 +0000 (14:59 +0000)]
Limit the number of rsync processes being spawned by stopping to accept
new requests when over the limit. Use a generous limit of 16.
OK deraadt@
deraadt [Wed, 3 Nov 2021 14:42:12 +0000 (14:42 +0000)]
whitespace observed during a read-through
schwarze [Wed, 3 Nov 2021 14:36:21 +0000 (14:36 +0000)]
Fix five bugs in X509_REQ_to_X509(3):
* memory leak in X509_set_subject_name(ret, X509_NAME_dup(xn));
* memory leak in X509_set_issuer_name(ret, X509_NAME_dup(xn));
* memory leak in X509_set_pubkey(ret, X509_REQ_get_pubkey(r));
* missing return value check of X509_REQ_get_pubkey(r);
* missing return value check of X509_set_pubkey(...);
Some of these bugs have survived for twenty-five years.
I noticed the first two bugs while documenting the function,
then found that a commit in the OpenSSL 1.1.1 branch, which is
still under a free license, fixed all of them in 2016.
In the function X509_REQ_to_X509(3), merge everything worth merging
from OpenSSL 1.1.1, in particular the relevant parts of:
*
222561fe Apr 30 17:33:59 2015 -0400 (err: label cleanup)
*
0517538d Mar 17 00:15:48 2016 +0100 (the bugfix)
*
c5137473 Apr 3 23:37:32 2016 +0200 (code simplification)
While here, delete some commented out code that is wrong in
multiple ways and untouched since the SSLeay era.
One code tweak for readability by tb@, and OK tb@.
deraadt [Wed, 3 Nov 2021 13:48:46 +0000 (13:48 +0000)]
use some sizeof, rather than INADDRSZ/IN6ADDRSZ; ok claudio
tb [Wed, 3 Nov 2021 13:44:15 +0000 (13:44 +0000)]
Fix ASN1_TIME_diff() with NULL times
The ASN1_TIME_diff() API accepts NULL ASN1_TIMEs and interprets them
as "now". This is used in sysutils/monit, as found by semarie with a
crash after update. Implement this behavior by porting a version of
ASN1_TIME_to_tm() to LibreSSL and using it in ASN1_TIME_diff().
Tested by semarie
ok beck jsing semarie
nicm [Wed, 3 Nov 2021 13:37:17 +0000 (13:37 +0000)]
Add a cursor-style option, from Alexis Hildebrandt in GitHub issue 2960.
claudio [Wed, 3 Nov 2021 13:30:56 +0000 (13:30 +0000)]
Print the name of the non conforming attribute in the XML parse error.
OK beck@
claudio [Wed, 3 Nov 2021 13:29:28 +0000 (13:29 +0000)]
For chunked encoding on switch to STATE_RESPONSE_CHUNKED_TRAILER when
the full chunk was fetched. If the chunk size is bigger than
HTTP_BUF_SIZE iosz will be not zero and STATE_RESPONSE_DATA should
be used to fetch another buffer full of data.
OK beck@
schwarze [Wed, 3 Nov 2021 13:27:28 +0000 (13:27 +0000)]
Some cleanup in X509_REQ_get_extensions(3), no functional change.
In this function, merge everything that is worth merging
from the OpenSSL 1.1.1 branch, which is still under a free license,
mostly the relevant part of commit
9b0a4531 Mar 14 23:48:47 2015 +0000
to use X509_ATTRIBUTE_get0_type(3) rather than re-implementing it.
While here,
* use d2i_X509_EXTENSIONS(3) rather than ASN1_item_d2i(3);
* test pointers explicitly against NULL, not with '!', as suggested by tb@;
* drop some useless parentheses as suggested by tb@.
OK tb@
schwarze [Wed, 3 Nov 2021 13:08:57 +0000 (13:08 +0000)]
Test adding extensions to certification requests.
Related to the bugfixes in x509_req.c rev. 1.25.
OK tb@.
schwarze [Wed, 3 Nov 2021 12:53:25 +0000 (12:53 +0000)]
Fix two bugs in X509_REQ_add_extensions_nid(3)
that i noticed while documneting the function:
* missing return value check for ASN1_item_i2d(3) and
* missing return value check for OBJ_nid2obj(3).
In the function X509_REQ_add_extensions_nid(3), merge everything
that is worth merging from the OpenSSL 1.1.1 branch, which is still
under a free license; that's mostly parts of the commit
9b0a4531
Mar 14 23:48:47 2015 +0000 (containing the bugfix, even though the
OpenSSL commit message did not mention the bugs) and some minor
stylistic changes from
0f113f3e and
26a7d938.
While here, use i2d_X509_EXTENSIONS(3) instead of the layer-violating
call to ASN1_item_i2d(3), and include a few stylistic tweaks from tb@.
OK tb@, and jsing@ agreed on the general direction.
krw [Wed, 3 Nov 2021 11:52:59 +0000 (11:52 +0000)]
In addition to the WEP key(s) being set at device initialization with
'nwid'/'nwkey', the keys will be set at random times when 'join'/'nwkey' is
used. So also stop trying to set IEEE80211_CIPHER_NONE keys on that path.
James Hastings confirms this fixes his '(null node)' panics on run(4). Thanks!
ok stsp@
claudio [Wed, 3 Nov 2021 10:50:18 +0000 (10:50 +0000)]
Move the MAX_CERT_DEPTH to extern.h and adjust the comments of all limits
a bit.
claudio [Wed, 3 Nov 2021 10:19:22 +0000 (10:19 +0000)]
In proc_parser_roa() adjust the expiry calculation to walk all of
the auth tree (including the TA) and be more careful to not dereference
NULL pointers. Both valid_ski_aki() and get_crl() can return NULL
pointers. In these situations X509_verify_cert() should fail and
the affected code should be not reachable but better be prepared.
With and OK tb@
claudio [Wed, 3 Nov 2021 08:30:14 +0000 (08:30 +0000)]
Add missing copyright statement. Reminded by deraadt@
yasuoka [Wed, 3 Nov 2021 05:59:25 +0000 (05:59 +0000)]
Clarify that ANY can be used for several parameters of IPsec transform.
ok jmc sthen
jsg [Wed, 3 Nov 2021 02:37:48 +0000 (02:37 +0000)]
drm/amdgpu: fix out of bounds write
From Thelford Williams
eb3b6805e3e9d98b2507201fd061a231988ce623 in linux 5.10.y/5.10.77
5afa7898ab7a0ec9c28556a91df714bf3c2f725e in mainline linux
jsg [Wed, 3 Nov 2021 02:33:46 +0000 (02:33 +0000)]
drm/ttm: fix memleak in ttm_transfered_destroy
From Christian Koenig
c21b4002214c1c7e7b627b9b53375612f7aab6db in linux 5.10.y/5.10.77
0db55f9a1bafbe3dac750ea669de9134922389b5 in mainline linux
kn [Wed, 3 Nov 2021 02:02:36 +0000 (02:02 +0000)]
Zap swapips remnants
There since 1998, probably dead long before.
"I am sure swabips died before you were born." deraadt
jsg [Wed, 3 Nov 2021 00:48:08 +0000 (00:48 +0000)]
mention hw.power
ok deraadt@
kn [Tue, 2 Nov 2021 23:39:27 +0000 (23:39 +0000)]
fix previous
kn [Tue, 2 Nov 2021 23:36:43 +0000 (23:36 +0000)]
Return non-zero on failed "nwkey" command
Fail early and exit non-zero immediately instead of indicating success and
possibly carrying the next ifconfig command.
Found at install when wifi interfaces are reset with "-nwid -nwkey -wpa":
Which network interface do you wish to configure? (or 'done') [bse0] bwfm0
ifconfig: SIOCS80211NWKEY: Operation not supported by device
Access point? (ESSID, 'any', list# or '?') [any] 2
Security protocol? (O)pen, (W)EP, WPA-(P)SK [O]
bwfm(4) currently does not support WEP.
OK stsp
mlarkin [Tue, 2 Nov 2021 23:30:15 +0000 (23:30 +0000)]
Remove trailing whitespace
djm [Tue, 2 Nov 2021 22:57:27 +0000 (22:57 +0000)]
crank SSH_SK_VERSION_MAJOR to match recent change in usr/bin/ssh
djm [Tue, 2 Nov 2021 22:56:40 +0000 (22:56 +0000)]
Better handle FIDO keys on tokens that provide user verification (UV)
on the device itself, including biometric keys.
Query the token during key creation to determine whether it supports
on-token UV and, if so, clear the SSH_SK_USER_VERIFICATION_REQD flag
in the key so that ssh(1) doesn't automatically prompty for PIN later.
When making signatures with the key, query the token's capabilities
again and check whether the token is able (right now) to perform user-
verification without a PIN. If it is then the PIN prompt is bypassed
and user verification delegated to the token. If not (e.g. the token
is biometric capable, but no biometric are enrolled), then fall back
to user verification via the usual PIN prompt.
Work by Pedro Martelletto; ok myself and markus@
NB. cranks SSH_SK_VERSION_MAJOR
kn [Tue, 2 Nov 2021 22:26:46 +0000 (22:26 +0000)]
Add standard EXIT STATUS
OK deraadt
deraadt [Tue, 2 Nov 2021 22:07:33 +0000 (22:07 +0000)]
sync
claudio [Tue, 2 Nov 2021 19:30:30 +0000 (19:30 +0000)]
Only add CA certificates to the auth tree, skip BGPsec certificates.
Also make sure that trust anchors are not BGPsec certs.
While there fix some overly long lines.
OK benno@
kn [Tue, 2 Nov 2021 16:54:01 +0000 (16:54 +0000)]
Remove "!" escape handling from WEP/WPA passphrase questions
Answering any question (except user password prompts) with "!" drops to
the shell ("!foo" executes "foo" immediately), but this is an obviously
bad idea for the wifi passphrase questions in case the magic words start
with... an "!":
WPA passphrase? (will echo) !
2345678
/install:
2345678: not found
WPA passphrase? (will echo)
Adapt the existing password prompt code into a new self-contained
ask_passphrase() which prompts only once and echos its input (like the
passphrase question has been doing all the time), doing no input parsing
whatsoever (as with user passwords):
WPA passphrase? (will echo) !
2345678
IPv4 address for bwfm0? (or 'autoconf' or 'none') [autoconf]
Reported by Pasi-Pekka Karppinen <ppkarppi AT icloud DOT com>, thanks!
Feedback tb (wifi passphrases should still be printed)
OK deraadt
fcambus [Tue, 2 Nov 2021 16:31:27 +0000 (16:31 +0000)]
Enable spleen16x32 and spleen32x64 on powerpc64 for GENERIC kernels.
Pointed out by Brad, thanks!
OK kettenis@, deraadt@
cheloha [Tue, 2 Nov 2021 15:45:52 +0000 (15:45 +0000)]
tr(1): main(): eliminate isstring2 variable
If only there we a way to express how many positional arguments we
needed to run tr(1) in a given operating mode.
... oh. Wait. We have argc for that.
Remove the isstring2 variable to simplify some of the logic in main().
millert [Tue, 2 Nov 2021 15:29:41 +0000 (15:29 +0000)]
Update awk to October 12, 2021 version.
Fixes a decision bug with trailing stuff in lib.c:is_valid_number.
All other fixes were already present.
millert [Tue, 2 Nov 2021 15:12:09 +0000 (15:12 +0000)]
Add HISTORY section. OK schwarze@.
patrick [Tue, 2 Nov 2021 14:49:53 +0000 (14:49 +0000)]
Recognize BCM43436, as seen on the Raspberry Pi Zero 2 W.
ok jsg@
jsing [Tue, 2 Nov 2021 14:39:09 +0000 (14:39 +0000)]
Add regress that calls SSL_set_tlsext_host_name() with a NULL host name.
tb [Tue, 2 Nov 2021 13:59:29 +0000 (13:59 +0000)]
Do not take the strlen() of a NULL name. Defer the CBS_init() to later.
Found the hard way by sthen.
ok sthen
nicm [Tue, 2 Nov 2021 10:57:04 +0000 (10:57 +0000)]
fatalx on unknown enum members in a couple of places, from Ben Boeckel.
dlg [Tue, 2 Nov 2021 09:52:40 +0000 (09:52 +0000)]
add handling for parity and character size config.
i wanted to talk modbus to a thing using a uchcom rs485 adapter,
but i needed even parity enabled to do that which the code didnt
support. this pulls in the necessary changes from netbsd uchcom.c
r1.26. it does not pull in the reset changes in 1.26 because netbsd
r1.28 reverts the reset code back to what we have now.
existing functionality tested by felix kronlage-dammers
ok patrick@
patrick [Tue, 2 Nov 2021 08:39:23 +0000 (08:39 +0000)]
igc(4)
patrick [Tue, 2 Nov 2021 08:25:47 +0000 (08:25 +0000)]
Enable igc(4).
Tested by kevlo@
cheloha [Tue, 2 Nov 2021 03:09:15 +0000 (03:09 +0000)]
tr(1): plug leak in genclass()
If we have already generated a given character class we don't need to
do it again. We can also return some of the memory we allocated for
the class. NCHARS is an upper bound, most character classes are
small.
This fixes a small leak in genclass().
While here, switch to an ANSI function definition.
Thread: https://marc.info/?l=openbsd-tech&m=
163571942030440&w=2
ok millert@
deraadt [Tue, 2 Nov 2021 02:17:56 +0000 (02:17 +0000)]
knf
cheloha [Mon, 1 Nov 2021 23:20:35 +0000 (23:20 +0000)]
uniq(1): support arbitrarily long input lines
Switch from fgets(3) to getline(3) to support input lines of any
length.
Tested by sthen@, who uncovered a dumb bug that cut throughput in
half. getline(3) is indeed slower than fgets(3), but not *twice* as
slow.
millert@ suggests that preallocating both line buffers might be
worthwhile. I will need to do some additional testing to figure out
whether 8KB buffers (like we had for fgets(3)) are appropriate
starting lengths. For now I am not preallocating either buffer.
ok millert@ sthen@
tb [Mon, 1 Nov 2021 20:53:08 +0000 (20:53 +0000)]
Move the now internal X.509-related structs into x509_lcl.h.
Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and
LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and
fix a couple of unnecessary reacharounds.
ok jsing
kettenis [Mon, 1 Nov 2021 20:22:12 +0000 (20:22 +0000)]
Remove backwards compat code.
kettenis [Mon, 1 Nov 2021 20:04:11 +0000 (20:04 +0000)]
Catch up with the Linux device tree bindings. Put the USB DARTs into bypass
mode for now as we need to enter translations into both of them which is
hard to do now that they have separate device tree bindings.
fcambus [Mon, 1 Nov 2021 18:43:04 +0000 (18:43 +0000)]
Enable spleen16x32 and spleen32x64 on riscv64 for GENERIC kernels.
OK deraadt@
millert [Mon, 1 Nov 2021 18:28:24 +0000 (18:28 +0000)]
awkgetline: do not access unitialized data on EOF
getrec() returns 0 on EOF and leaves the contents of buf unchanged.
From https://github.com/onetrueawk/awk/pull/134
ratchov [Mon, 1 Nov 2021 18:23:09 +0000 (18:23 +0000)]
Remove unused struct name
tb [Mon, 1 Nov 2021 17:20:50 +0000 (17:20 +0000)]
In X509_STORE_CTX_get_obj_from_subject() rename X509_OBJECT from
the generic 'ret' to obj' in X509.
Requested by jsing
claudio [Mon, 1 Nov 2021 17:00:34 +0000 (17:00 +0000)]
Further simplify cert and auth handling. Move common code into auth_insert
and skip this distinction between invalid and failed certificates.
The difference between the to is getting more and more blurry.
OK tb@
jsing [Mon, 1 Nov 2021 16:45:56 +0000 (16:45 +0000)]
Ensure SSL_set_tlsext_host_name() is given a valid hostname.
ok inoguchi@ tb@
jsing [Mon, 1 Nov 2021 16:39:01 +0000 (16:39 +0000)]
Rework SNI hostname regress to be table driven.
Also adjust for the changes to tlsext_sni_is_valid_hostname() and include
tests for IPv4 and IPv6 literals.
ok beck@
jsing [Mon, 1 Nov 2021 16:37:17 +0000 (16:37 +0000)]
Improve SNI hostname validation.
For some time now we've validated the hostname provided to the server in
the SNI extension. Per RFC 6066, an IP literal is invalid as a hostname -
the current code rejects IPv6 literals, but allows IPv4 literals through.
Improve this check to explicitly detect both IPv4 and IPv6 literals. Some
software has been historically known to include IP literals in SNI, so
rather than rejecting this outright (and failing with a decode error),
pretend that the SNI extension does not exist (such that we do not break
some older clients).
ok inoguchi@ tb@
jmc [Mon, 1 Nov 2021 15:23:57 +0000 (15:23 +0000)]
fix Dt and SEE ALSO;
kn [Mon, 1 Nov 2021 14:44:10 +0000 (14:44 +0000)]
Ignore obj like in src
sys/ only checkouts are common, especiall in got(1) times, but they don't
include the global .gitignore which is annoying.
Duplicate it here.
OK sthen
ratchov [Mon, 1 Nov 2021 14:43:24 +0000 (14:43 +0000)]
Stop binding audio devices exposed by sndiod to physical devices
This a shift towards a new model: clients connect to logical devices
(created with -s option) then the server routes data to/from the
underlying physical device (registered with -f option). The binding
may be changed at run-time with the server.device control exposed by
sndioctl(1).
As audio devices exposed by sndiod(8) are not bound to fixed physical
devices anymore, the physical audio device number component of
sndio(7) descriptors was removed.
fixes, help from and ok denis, edd
kettenis [Mon, 1 Nov 2021 13:53:59 +0000 (13:53 +0000)]
Add CRC-16 implementation. From NetBSD.
ok krw@, deraadt@
deraadt [Mon, 1 Nov 2021 12:51:13 +0000 (12:51 +0000)]
sync
krw [Mon, 1 Nov 2021 12:08:46 +0000 (12:08 +0000)]
Restore some NULL checks lost in r1.132, add a couple more to deal with WEP key
installation happening w/o a node, and don't attempt to set WEP keys that don't
exist.
Should fix the '(null node)' panics reported by James Hastings.
ok stsp@
nicm [Mon, 1 Nov 2021 09:34:49 +0000 (09:34 +0000)]
Add a cursor-colour option, from Alexis Hildebrandt in GitHub issue
2959.
kettenis [Mon, 1 Nov 2021 09:21:24 +0000 (09:21 +0000)]
aplhidev(4), aplkbd(4) and aplms(4)
bluhm [Mon, 1 Nov 2021 09:19:10 +0000 (09:19 +0000)]
In ipsec_common_input_cb() pass mbuf pointer to pf_test() so that
all callers get an update if the mbuf changes.
OK tobhe@
claudio [Mon, 1 Nov 2021 09:12:18 +0000 (09:12 +0000)]
Cleanup struct auth a bit. The tal description is also stored in the cert
and the filename is only used in tracewarn which is not that helpful.
OK tb@
kettenis [Mon, 1 Nov 2021 09:02:46 +0000 (09:02 +0000)]
Add support for the keyboard/touchpad on Apple M1 laptops.
ok patrick@
tb [Mon, 1 Nov 2021 08:28:31 +0000 (08:28 +0000)]
Rework x509attribute regress test in such a way that it doesn't need
to reach into opaque structs.
tb [Mon, 1 Nov 2021 08:14:36 +0000 (08:14 +0000)]
Unifdef LIBRESSL_NEW_API. Now that the library is bumped, this is
no longer needed.
ok jsing
landry [Mon, 1 Nov 2021 07:51:51 +0000 (07:51 +0000)]
pf.conf.5: improve reply-to documentation
reply-to uses addresses, not interfaces anymore since
https://marc.info/?l=openbsd-cvs&m=
161213948819452&w=2
make it clearer that reply-to allows for symmetric routing enforcement,
eg replying via a specific gateway when having multiple paths.
wording from sthen@, vastly improving my initial suggestion.
ok jmc@ dlg@
nicm [Mon, 1 Nov 2021 07:48:04 +0000 (07:48 +0000)]
Fix a comparison, from Ben Boeckel, and a crash when opening completion
menu, from Anindya Mukherjee.
jsg [Mon, 1 Nov 2021 03:29:53 +0000 (03:29 +0000)]
use hw_power to implement power_supply_is_system_supplied()
cheloha [Sun, 31 Oct 2021 21:34:16 +0000 (21:34 +0000)]
tr(1): backslash(): fix octal escape parsing
There are two bugs in backslash():
1. 8 and 9 are not octal digits. If we see '8' or '9' we should
terminate the octal escape.
2. We return octal escape values larger than UCHAR_MAX even though
tr(1) is (currently) a byte-oriented program and values larger
than UCHAR_MAX make no sense.
So, fix them both. In particular, (a) stop parsing if we see
characters outside of '0'-'7' and (b) escaped octal values larger than
UCHAR_MAX are a terminal error.
While here, some cleanup:
- Check for empty escapes at the top of the function. This simplifies
later cases.
- Use the for-loop conditional to terminate octal escape parsing after
three characters.
- Use an ANSI-style function definition.
We can fix the switch-statement indentation later, in a larger KNF
patch.
ok millert@
bluhm [Sun, 31 Oct 2021 18:24:08 +0000 (18:24 +0000)]
Also remove pcap files during make clean.
tb [Sun, 31 Oct 2021 18:22:42 +0000 (18:22 +0000)]
Enable RFC 3779 code.
From job. Discussed at length with beck, claudio, job during h2k21
ajacoutot [Sun, 31 Oct 2021 17:58:28 +0000 (17:58 +0000)]
Make it more visible that not only rc_reload() can be disabled.
kettenis [Sun, 31 Oct 2021 17:47:06 +0000 (17:47 +0000)]
aplspi(4)
ajacoutot [Sun, 31 Oct 2021 17:46:23 +0000 (17:46 +0000)]
Shuffle things around to have FUNCS_ONLY higher in the script so consummers
source only what they really needs.
Only expose the following which are used by /etc/rc, netstart and rcctl:
_rc_parse_conf
_rc_check_name
_rc_err
_rc_do
_rc_quirk
ok sthen@
schwarze [Sun, 31 Oct 2021 16:56:47 +0000 (16:56 +0000)]
document that fileno(3) returns -1 for some kinds of FILE * objects;
triggerd by but simpler than a similar patch sent in
by Simon Branch <simonmbranch at gmail dot com>;
OK millert@ jmc@
tb [Sun, 31 Oct 2021 16:56:17 +0000 (16:56 +0000)]
Make this test compile again after the damage done in libcrypto
tb [Sun, 31 Oct 2021 16:51:16 +0000 (16:51 +0000)]
Hide struct internals under LIBRESSL_CRYPTO_INTERNAL so that other
parts of LibreSSL can no longer reach into them.
discussed with beck, jsing
tb [Sun, 31 Oct 2021 16:47:27 +0000 (16:47 +0000)]
Various minor adjustments to make openssl(1) compile with opaque
structs in X509.
deraadt [Sun, 31 Oct 2021 16:45:06 +0000 (16:45 +0000)]
sync
tb [Sun, 31 Oct 2021 16:45:04 +0000 (16:45 +0000)]
Now that X509_OBJECT is opaque, we need to allocate it on the heap
instead of having it on the stack. Adjust code accordingly.