guenther [Sat, 18 May 2024 05:21:02 +0000 (05:21 +0000)]
Regen
guenther [Sat, 18 May 2024 05:20:22 +0000 (05:20 +0000)]
Add pathconfat(2): pathconf(2) but with at-fd and flags arguments,
the latter supporting the ability to get timestamp resolution of
symlinks.
ok deraadt@ millert@
jsg [Sat, 18 May 2024 02:44:22 +0000 (02:44 +0000)]
remove prototype with no matching function
jsg [Sat, 18 May 2024 01:51:44 +0000 (01:51 +0000)]
remove prototypes with no matching function
jsg [Sat, 18 May 2024 00:08:06 +0000 (00:08 +0000)]
remove externs for removed vars
jsg [Fri, 17 May 2024 23:56:19 +0000 (23:56 +0000)]
remove prototypes with no matching function; ok florian@
bluhm [Fri, 17 May 2024 20:44:36 +0000 (20:44 +0000)]
IPv6 has to use ip6_defhlim, not ip_defttl.
OK claudio@
miod [Fri, 17 May 2024 20:11:58 +0000 (20:11 +0000)]
Make sure `row' is not used uninitialized in wsmouse_matching().
miod [Fri, 17 May 2024 20:07:33 +0000 (20:07 +0000)]
Cast alpha_pal_swpipl return value to int in splx, to make sure both sides
of the ternary operator have the same type. NFC
miod [Fri, 17 May 2024 20:05:08 +0000 (20:05 +0000)]
Constify the first argument of getdevunit(). NFCI
miod [Fri, 17 May 2024 20:03:13 +0000 (20:03 +0000)]
Update comments to match reality.
kettenis [Fri, 17 May 2024 19:43:45 +0000 (19:43 +0000)]
The INTSTS register is read-only, so the attempt to clear interrupts
by writing to it doesn't actually work. Therefore we have to keep
processing interrupts until all the bits corresponding to enabled
interrupts are cleared. This makes MSIs actually work, also on the AMD
implementations for which we currently disable MSIs.
Based on some digging by martijn@
ok ratchov@, martijn@, stsp@
mvs [Fri, 17 May 2024 19:11:14 +0000 (19:11 +0000)]
Turn sblock() to `sb_lock' rwlock(9) wrapper for all sockets.
Unify behaviour to all sockets. Now sblock() should be always
taken before solock() in all involved paths as sosend(), soreceive(),
sorflush() and sosplice(). sblock() is fine-grained lock which
serializes socket send and receive routines on `so_rcv' or `so_snd'
buffers. There is no big problem to wait netlock while holding sblock().
This unification removes a lot of temporary "sb_flags & SB_MTXLOCK" code
from sockets layer. This unification makes straight "solock()" and
"sblock()" lock order, no more solock() -> sblock() -> sounlock() ->
solock() -> sbunlock() -> sounlock() chains in sosend() and soreceive()
paths. This unification brings witness(4) support for sblock(), include
NFS involved sockets, which is useful.
Since the witness(4) support was introduced to sblock() with this diff,
some new witness reports appeared.
bulk(1) tests by tb, ok bluhm
mvs [Fri, 17 May 2024 19:02:04 +0000 (19:02 +0000)]
Switch AF_KEY sockets to the new locking scheme.
The simplest case. Nothing to change in sockets layer, only set
SB_MTXLOCK on socket buffers.
ok bluhm
mvs [Fri, 17 May 2024 18:58:26 +0000 (18:58 +0000)]
Fix uninitialized memory access in pfkeyv2_sysctl().
pfkeyv2_sysctl() reads the SA type from uninitialized memory if it is
not provided by the caller of sysctl(2) because of a missing length
check.
From Carsten Beckmann.
ok bluhm
bluhm [Fri, 17 May 2024 18:11:58 +0000 (18:11 +0000)]
Fix possible segmentation fault in Perl 5.38.2.
When calling POSIX::setlocale() with unknown locale category, Perl
could crash due to NULL dereference.
found by sthen@ in smokeping build; OK afresh1@
sf [Fri, 17 May 2024 16:37:10 +0000 (16:37 +0000)]
vio: Fix signal handling and locking in sysctl path
Commits
f0b002d01d5 "Release the netlock when sleeping for control
messages in in vioioctl()" and
126b881f71 "Insert a workaround for
per-ifp ioctl being called w/o NET_LOCK()." in vio(4) fixed a deadlock
but may cause a crash with a protection fault trap if addresses are
added/removed concurrently.
The actual issue is that signals are not handled correctly while
sleeping. After a signal, there is a race condition where sc_ctrl_inuse
is first set to FREE and then the interrupt handler sets it to DONE,
causing a hang in the next vio_wait_ctrl() call.
To fix it:
* Revert the NET_LOCK unlocking work-around.
* Remove PCATCH from the sleep call when we wait for control queue,
avoiding the race with vio_ctrleof(). To ensure that we don't hang
forever, use a 5 second timeout.
* If the timeout is hit, or if the hypervisor has set the
DEVICE_NEEDS_RESET status bit, do not try to use the control queue
until the next ifconfig down/up which resets the device.
* In order to allow reading the device status from device drivers, add a
new interface to the virtio transport drivers.
* Avoid a crash if there is outgoing traffic while doing ifconfig down.
OK bluhm@
naddy [Fri, 17 May 2024 14:42:00 +0000 (14:42 +0000)]
remove duplicate copy of relink kit for sshd-session
tb [Fri, 17 May 2024 09:36:48 +0000 (09:36 +0000)]
dig: make function definitions match their prototypes
ok florian
tb [Fri, 17 May 2024 09:36:15 +0000 (09:36 +0000)]
dig: garbage collect the unused 'added'
ok florian
florian [Fri, 17 May 2024 06:50:14 +0000 (06:50 +0000)]
Send source link-layer address option in router advertisements.
With this, hosts immediately learn the layer 2 (i.e. ethernet mac)
address of their default router and don't need to do another round
trip.
It also turns out that apple devices (macOS & iOS) install the default
route as what they call "interface scoped" if a DNS option is present
and the source link-layer address option is absent. This effectively
makes the default route unusable.
Problem with fruit devices tracked down & diff by Ryan Vogt (rvogt.ca
AT gmail), thanks!
OK sthen, bket
jsg [Fri, 17 May 2024 06:42:04 +0000 (06:42 +0000)]
remove prototypes with no matching function; ok djm@
jsg [Fri, 17 May 2024 06:38:00 +0000 (06:38 +0000)]
remove externs for removed vars; ok djm@
deraadt [Fri, 17 May 2024 06:11:54 +0000 (06:11 +0000)]
use SIGKILL instead of 9; ok guenther
deraadt [Fri, 17 May 2024 06:11:17 +0000 (06:11 +0000)]
-Werror was turned on (probably just for development), and this is a
simple way to satisfy older gcc.
djm [Fri, 17 May 2024 04:42:13 +0000 (04:42 +0000)]
g/c unused variable
tb [Fri, 17 May 2024 02:57:26 +0000 (02:57 +0000)]
asn1_str2tag(): no need for tntmp to be static
tb [Fri, 17 May 2024 02:49:21 +0000 (02:49 +0000)]
The long primitive function table can be const
tb [Fri, 17 May 2024 02:47:21 +0000 (02:47 +0000)]
The bignum primitive function table (bignum_pf) can be const
jsg [Fri, 17 May 2024 02:39:11 +0000 (02:39 +0000)]
spelling; ok djm@
djm [Fri, 17 May 2024 01:45:22 +0000 (01:45 +0000)]
allow overriding the sshd-session binary path
djm [Fri, 17 May 2024 01:17:40 +0000 (01:17 +0000)]
fix incorrect debug option name introduce in previous commit
deraadt [Fri, 17 May 2024 00:33:57 +0000 (00:33 +0000)]
sync
deraadt [Fri, 17 May 2024 00:33:43 +0000 (00:33 +0000)]
run the sshd-session link kit also
deraadt [Fri, 17 May 2024 00:33:25 +0000 (00:33 +0000)]
construct and install a relink-kit for sshd-session
ok djm
djm [Fri, 17 May 2024 00:32:32 +0000 (00:32 +0000)]
missing files from previous
djm [Fri, 17 May 2024 00:30:23 +0000 (00:30 +0000)]
Start the process of splitting sshd into separate binaries. This step
splits sshd into a listener and a session binary. More splits are
planned.
After this changes, the listener binary will validate the configuration,
load the hostkeys, listen on port 22 and manage MaxStartups only. All
session handling will be performed by a new sshd-session binary that the
listener fork+execs.
This reduces the listener process to the minimum necessary and sets us
up for future work on the sshd-session binary.
feedback/ok markus@ deraadt@
NB. if you're updating via source, please restart sshd after installing,
otherwise you run the risk of locking yourself out.
schwarze [Thu, 16 May 2024 21:27:38 +0000 (21:27 +0000)]
Check that lower-case variants of UTF-16 surrogate escape sequences
are rejected with the correct error message.
schwarze [Thu, 16 May 2024 21:21:08 +0000 (21:21 +0000)]
Fix UTF-16 surrogate detection:
lower case variants have to be rejected, too.
schwarze [Thu, 16 May 2024 20:32:24 +0000 (20:32 +0000)]
Improve coverage of edge cases for 3-byte UTF-8 sequences.
Coverage for 2-byte and 4-byte sequences was already reasonable.
schwarze [Thu, 16 May 2024 18:49:00 +0000 (18:49 +0000)]
Add a complete suite of tests covering ASCII characters in UTF-8 spelling.
Most of this goes to nogroff.in rather than ascii.in for now
because groff-1.23.0 is buggy as hell in this respect
and i'm too lazy to debug the horrific function make_glyph_node()
in the file groff/src/roff/troff/node.cpp right now.
tb [Thu, 16 May 2024 13:19:09 +0000 (13:19 +0000)]
x509_v3.c: remove superfluous parentheses
No change in the generated assembly
bluhm [Thu, 16 May 2024 13:01:04 +0000 (13:01 +0000)]
Fix IPsec in use with IP forwarding 2 logic.
If sysctl net.inet.ip.forwarding is 2, only packets processed by
IPsec are forwarded. Variable ipsec_in_use is a shortcut to avoid
IPsec processing if no policy has been configured. With ipsec_in_use
unset and ipforwarding set to IPsec only, the packet must be dropped.
OK claudio@
solene [Thu, 16 May 2024 11:33:59 +0000 (11:33 +0000)]
Make daily(8) reporting services that are running
but not enabled in rc.conf.local(8)
wording by jmc@
ok schwarze@ florian@
mglocker [Thu, 16 May 2024 10:52:11 +0000 (10:52 +0000)]
As of the documentation, the value of the Command UPIU expected_xfer_len
field shall be the product of the Logical Block Size and the transfer
length field of the CDB.
sthen [Thu, 16 May 2024 10:31:55 +0000 (10:31 +0000)]
40GB WRKOBJDIR is too tight if you end up with two chromium-based ports
built on the same machine, suggest 50 min on archs with chromium and that
100 wouldn't be unreasonable
tb [Thu, 16 May 2024 10:14:22 +0000 (10:14 +0000)]
distfiles consume more like 100GB these days, so recommend 120GB
sthen [Thu, 16 May 2024 09:52:58 +0000 (09:52 +0000)]
add LUAJIT_ARCHS
claudio [Thu, 16 May 2024 09:38:21 +0000 (09:38 +0000)]
Simplify the code to clamp the TCP send and recv buffer to 64k.
We don't really care if it works or not and we don't want to clamp it
down further then 64k. So just call setsockopt() once and ignore the error.
OK tb@ sthen@
kettenis [Thu, 16 May 2024 09:30:03 +0000 (09:30 +0000)]
Stop treating IPL_NONE mutexes special in MULTIPROCESSOR kernels. While
in theory these are safe to use in code that runs under the kernel lock
they are nasty trips when converting code to run without the kernel lock.
ok mpi@, claudio@
tb [Thu, 16 May 2024 08:39:30 +0000 (08:39 +0000)]
SSL_CTX_set_keylog_callback: copy-paste error _set_ -> _get_
kettenis [Wed, 15 May 2024 22:54:03 +0000 (22:54 +0000)]
Recent OpenSBI versions implement shutdown and reboot through the DA9063
PMIC, but expect the I2C controller to remain enabled. Adjust ociic(4)
such that this is the case.
ok jca@
tb [Wed, 15 May 2024 21:15:28 +0000 (21:15 +0000)]
Improve X509V3_get0_uids() documentation
Use less horrcble variable names and make it explicit that both output
arguments are allowed to be NULL.
mglocker [Wed, 15 May 2024 20:15:33 +0000 (20:15 +0000)]
Remove unused variable.
mglocker [Wed, 15 May 2024 20:10:27 +0000 (20:10 +0000)]
Fix multi-slot support.
We also add an timeout while waiting for command completion.
schwarze [Wed, 15 May 2024 19:37:24 +0000 (19:37 +0000)]
Add a complete set of tests for all C0 and C1 control characters.
This is particularly useful to make sure that man(1) does not let
control characters sneak through to the output side, no matter how
hard an input file tries to deceive it.
tb [Wed, 15 May 2024 18:10:03 +0000 (18:10 +0000)]
X509_check_akid: zap stray space
mglocker [Wed, 15 May 2024 18:01:10 +0000 (18:01 +0000)]
Also free CCBs in the error case. Fixes an intermittent panic seen on
arm64.
deraadt [Wed, 15 May 2024 17:09:26 +0000 (17:09 +0000)]
sync
claudio [Wed, 15 May 2024 14:43:32 +0000 (14:43 +0000)]
Add missing space
jsg [Wed, 15 May 2024 12:57:36 +0000 (12:57 +0000)]
ansi style function decl
sthen [Wed, 15 May 2024 11:27:36 +0000 (11:27 +0000)]
bump sizes a bit more
sthen [Wed, 15 May 2024 11:06:14 +0000 (11:06 +0000)]
the approximate storage requirements for bulk builds with dpb were a bit
on the low side; bump them
nicm [Wed, 15 May 2024 09:59:12 +0000 (09:59 +0000)]
Use default-shell for command prompt #() and popups as well
tb [Wed, 15 May 2024 09:19:48 +0000 (09:19 +0000)]
rpki-client: plug leak of the crl path
also, drop an unnecessary NULL check and make freeing have the same order
as the struct field so auditing for leaks is easier.
ok claudio
job [Wed, 15 May 2024 09:09:38 +0000 (09:09 +0000)]
Mark RTR and IPv6 BGP packets with DSCP CS6 (network control)
Additionally, set TCP_NODELAY on the RTR socket, there is no need to
queue up messages towards the RTR server.
OK claudio@
tb [Wed, 15 May 2024 09:01:36 +0000 (09:01 +0000)]
rpki-client: don't leak sia from struct tak.
ok claudio
job [Wed, 15 May 2024 08:45:03 +0000 (08:45 +0000)]
Mark network control packets with DSCP CS6 (parity with ospfd)
OK claudio@
nicm [Wed, 15 May 2024 08:39:30 +0000 (08:39 +0000)]
Fix memory leaks reported by Lu Ming Yin.
jsg [Wed, 15 May 2024 07:46:25 +0000 (07:46 +0000)]
remove unused header
opti functions were removed in pciide.c rev 1.360
jsg [Wed, 15 May 2024 04:36:28 +0000 (04:36 +0000)]
remove extra snprintf arguments to fix build
usps(4) is not included in any kernel config
kevlo [Wed, 15 May 2024 01:41:41 +0000 (01:41 +0000)]
regen
kevlo [Wed, 15 May 2024 01:41:18 +0000 (01:41 +0000)]
Add CH9102 support. Tested on the NodeMCU esp8266 v3 ch9102x board.
ok deraadt@
schwarze [Tue, 14 May 2024 21:12:44 +0000 (21:12 +0000)]
Garbage collect dead code intended to write five- and six-byte UTF-8
sequences since the Unicode standard has been explicitly prohibiting
the use of such sequences when encoding Unicode characters for more
than 20 years now.
While here, also weed out UTF-16 surrogates and codepoints in the
invalid range 110000 to 1FFFFF if any are encountered. I hoped to
write "no functional change", but to my shame it turns out there
are unrelated bugs with \[uXXXX] parsing in roff_escape.c, so this
new anti-surrogate check is actually reachable until those other
bugs get fixed, and even after fixing those other bugs, it will
remain useful as a defense in depth.
afresh1 [Tue, 14 May 2024 19:42:59 +0000 (19:42 +0000)]
Update sets lists for perl 5.38.2
afresh1 [Tue, 14 May 2024 19:40:17 +0000 (19:40 +0000)]
Apply pre-built unicore patch - perl-5.38.2
ok gkoehler@
Commit and we'll fix fallout bluhm@
Right away, please deraadt@
afresh1 [Tue, 14 May 2024 19:39:39 +0000 (19:39 +0000)]
Apply local patches - perl-5.38.2
ok gkoehler@
Commit and we'll fix fallout bluhm@
Right away, please deraadt@
afresh1 [Tue, 14 May 2024 19:38:53 +0000 (19:38 +0000)]
Fix merge issues, remove excess files - match perl-5.38.2 dist
ok gkoehler@
Commit and we'll fix fallout bluhm@
Right away, please deraadt@
afresh1 [Tue, 14 May 2024 19:36:00 +0000 (19:36 +0000)]
Import perl-5.38.2
ok gkoehler@
Commit and we'll fix fallout bluhm@
Right away, please deraadt@
schwarze [Tue, 14 May 2024 18:38:13 +0000 (18:38 +0000)]
The makewhatis(8) program already provided a "-T utf8" option
to put UTF-8 strings into the database, but that only worked
for input files containing the manually written, mnemonic roff(7)
character escape sequences documented in mandoc_char(7).
Even though mandoc(1), man(1), and man.cgi(8) have been able to
properly handle UTF-8 and ISO-Latin-1 encoded input files for many
years, makewhatis(8) unconditionally replaced all non-ASCII bytes
in all input files with ASCII question marks ("?").
Improve this by changing two aspects of non-ASCII character handling
in makewhatis(8) at the same time.
1. In the makewhatis(8) main program, when configuring the roff(7) parser,
enable UTF-8 and ISO-Latin-1 autorecognition and translation
to \[uXXXX] roff(7) Unicode character escape sequences.
The man(1) and man.cgi(8) programs prove that this option has
been working very reliably for many years, so there is no risk.
2. In the makewhatis(8) string rendering code, if "-T utf8" was
requested, translate these escape sequences to UTF-8 strings,
just like makewhatis(8) already did it for ESCAPE_SPECIAL sequences.
Otherwise, i.e. if an ASCII-only database is desired, replace
all character escape sequences by ASCII transliterations, again
like it was already done for ESCAPE_SPECIAL sequences.
With this change, giving UTF-8 command line arguments to apropos(1)
allows searching in UTF-8 and ISO-Latin-1 encoded manual pages if the
respective mandoc.db(5) has been built with makewhatis(8) -T utf8.
Issue found while investigating a question from
Valid-Amirali-Averiva at rambler dot ru, who is using mandoc
on FreeBSD to process documents containing cyrillic letters.
op [Tue, 14 May 2024 13:38:54 +0000 (13:38 +0000)]
oops, fix previous. wrong patch committed. was lacking the final \n
op [Tue, 14 May 2024 13:34:05 +0000 (13:34 +0000)]
include the filter protocol version in the handshake
This adds "config|protocol|0.7" during the filters handshake, like
was done for the tables too, so that the filters can know the version
of the protocol right from the start.
ok gilles@
op [Tue, 14 May 2024 13:32:09 +0000 (13:32 +0000)]
sync smtpd and protocol version in smtpd-filters(7) examples; ok gilles@
op [Tue, 14 May 2024 13:30:37 +0000 (13:30 +0000)]
remove no-op methods from table_getpwnam; ok gilles@
op [Tue, 14 May 2024 13:28:08 +0000 (13:28 +0000)]
use C99 syntax for filling the table_backend structs; ok gilles@
nicm [Tue, 14 May 2024 10:11:09 +0000 (10:11 +0000)]
Add missing time.h to tty.c (from Ismail Donmez), also remove some stray
spaces.
bluhm [Tue, 14 May 2024 09:39:02 +0000 (09:39 +0000)]
Sanity check for TSO payload length in TCP chopper.
Although it should not happen, check that ph_mss is not 0 in
tcp_chopper(). This could catch errors in the LRO path of network
drivers. Better count bad packet and drop it rather than ending
in an endless loop. The new logic is analog to a recent change in
the hardware TSO path in the drivers.
OK jan@
nicm [Tue, 14 May 2024 09:32:37 +0000 (09:32 +0000)]
Revert part of the change for GitHub issue 3675 because it does not work
correctly, it was intended to skip lines that are already being searched
as part of a previous wrapped line but in fact is skipping all lines
except the last in wrapped lines.
Also revert the search-wrapped-lines option (I didn't realize it was
intended to work around this).
jsg [Tue, 14 May 2024 08:26:13 +0000 (08:26 +0000)]
remove prototypes with no matching function
nicm [Tue, 14 May 2024 07:52:19 +0000 (07:52 +0000)]
Add a command-error hook when a command fails, from Hugh Davenport in
GitHub issue 3973.
nicm [Tue, 14 May 2024 07:40:39 +0000 (07:40 +0000)]
Add an option to disable unwrapping lines for searching, from
meanderingprogrammer at gmail dot com, GitHub issue 3975.
tb [Tue, 14 May 2024 07:39:43 +0000 (07:39 +0000)]
x509_ext.c: remove unnecessary includes
tb [Tue, 14 May 2024 07:35:23 +0000 (07:35 +0000)]
x509_ext.c: remove lots of extraneous parentheses
No change in the generated assembly
nicm [Tue, 14 May 2024 07:33:01 +0000 (07:33 +0000)]
Restore previous behaviour or writing to stdout if available.
tb [Tue, 14 May 2024 06:57:10 +0000 (06:57 +0000)]
Fix last sentence of CAVEATS which I got the wrong way around
jsg [Tue, 14 May 2024 06:26:05 +0000 (06:26 +0000)]
remove unneeded nfs_getreq() prototype
nfs_getreq() is in nfs_socket.c and not called from nfs_vnops.c
jsg [Tue, 14 May 2024 04:55:42 +0000 (04:55 +0000)]
make amdgpu_activate() return early when called during hibernate resume
Hibernate does DVACT_QUIESCE/DVACT_SUSPEND from hibernate_resume(),
before config_process_deferred_mountroot() calls amdgpu_attachhook().
Without this change the amdgpu_device_prepare() call ends up faulting in
ttm_resource_manager_evict_all() after the
'drm/amd: Evict resources during PM ops prepare() callback'
commit from April.
earlier diff from and ok stsp@
report and bisection from florian@
guenther [Tue, 14 May 2024 01:46:24 +0000 (01:46 +0000)]
Delete the declaration of cpu_feature which has been unused since
rev 1.17 (2017-5-27) when tlbflushg() stopped using it
guenther [Tue, 14 May 2024 01:42:07 +0000 (01:42 +0000)]
Instead of enabling use of PCLMUL and AESNI iff cpu0 supports them
via two global variables, make cpu_ecxfeature the intersection of
cpuid(1).ecx on all CPUs and switch cpu_configure() to directly
check that for the requisite flags.
ok kettenis@
schwarze [Tue, 14 May 2024 00:31:48 +0000 (00:31 +0000)]
fix a char signedness bug such that this testing code becomes able
to display the contents of databases containing UTF-8 strings
on signed char architectures:
for example on i386 and amd64, UTF-8 bytes are negative...