djm [Mon, 17 Jul 2023 05:20:15 +0000 (05:20 +0000)]
return SSH_ERR_KRL_BAD_MAGIC when a KRL doesn't contain a valid
magic number and not SSH_ERR_MESSAGE_INCOMPLETE; the former is
needed to fall back to text revocation lists in some cases;
fixes t-cert-hostkey.
djm [Mon, 17 Jul 2023 04:08:31 +0000 (04:08 +0000)]
Add support for configuration tags to ssh(1).
This adds a ssh_config(5) "Tag" directive and corresponding
"Match tag" predicate that may be used to select blocks of
configuration similar to the pf.conf(5) keywords of the same
name.
ok markus
djm [Mon, 17 Jul 2023 04:04:36 +0000 (04:04 +0000)]
add a "match localnetwork" predicate.
This allows matching on the addresses of available network interfaces
and may be used to vary the effective client configuration based on
network location (e.g. to use a ProxyJump when not on a particular
network).
ok markus@
djm [Mon, 17 Jul 2023 04:01:10 +0000 (04:01 +0000)]
remove vestigal support for KRL signatures
When the KRL format was originally defined, it included support for
signing of KRL objects. However, the code to sign KRLs and verify KRL
signatues was never completed in OpenSSH.
Now, some years later, we have SSHSIG support in ssh-keygen that is
more general, well tested and actually works. So this removes the
semi-finished KRL signing/verification support from OpenSSH and
refactors the remaining code to realise the benefit - primarily, we
no longer need to perform multiple parsing passes over KRL objects.
ok markus@
djm [Mon, 17 Jul 2023 03:57:21 +0000 (03:57 +0000)]
Support for KRL extensions.
This defines wire formats for optional KRL extensions and implements
parsing of the new submessages. No actual extensions are supported at
this point.
ok markus
kettenis [Sun, 16 Jul 2023 16:13:46 +0000 (16:13 +0000)]
Remove debug printfs that print the number of wakeups seen by the
individual CPUs. Ever since we switched from WFE to WFE in the suspend
loops the information hasn't been very useful anymore. And there is some
evidence that a printf here causes problems with syslog (e.g. running
xconsole under X).
ok deraadt@
kettenis [Sun, 16 Jul 2023 16:11:11 +0000 (16:11 +0000)]
Read out the system power consumption immediately after wakeup and print
it out in the DVACT_WAKEUP phase. This is a debugging aid to help us
drive down the power consumption in suspend.
ok deraadt@
claudio [Sun, 16 Jul 2023 15:21:46 +0000 (15:21 +0000)]
Merge ibuf_get() with ibuf_getdata() and rename it to ibuf_getdata().
Also replace a ibuf_reserve() call with ibuf_add_zero() and
remove a buf->buf == NULL check in ibuf_length() since it is not necessary.
OK tobhe@ tb@
kettenis [Sun, 16 Jul 2023 09:33:18 +0000 (09:33 +0000)]
When detaching devices when we suspend, we need to continue processing
command completion events. So only return early in xhci_softintr() if
the controller is dead instead of dying. This fixes USB suspend/resume
in Apple M1/M2.
ok mlarkin@, deraadt@
tb [Sun, 16 Jul 2023 09:23:33 +0000 (09:23 +0000)]
relayd: remove ENGINE dependency
What is achieved here through ENGINE can be done in a much simpler way
by setting the default RSA implementation. Drop a number of indirections
that only add a bit of logging. This removes a lot of boiler plate and
shows where the actual magic happens more clearly.
ok op tobhe
tb [Sun, 16 Jul 2023 08:25:41 +0000 (08:25 +0000)]
ecc_cdh: plug leak of peer public key
tb [Sun, 16 Jul 2023 07:34:07 +0000 (07:34 +0000)]
ecdhtest: Drop unnecessary constant and unneeded includes
anton [Sun, 16 Jul 2023 06:36:18 +0000 (06:36 +0000)]
Make remaining unstable tests fail consistently by adjusting the
modification time of the problematic file(s), causing the check_file()
routine to always hit the "file exists and is possible match" case.
While here, sync expected failures with reality.
yasuoka [Sun, 16 Jul 2023 03:01:31 +0000 (03:01 +0000)]
Make the mbstat preserve the same size which is actually used. Also
revert the previous that the mbstat is located on the stack.
ok claudio
tb [Sun, 16 Jul 2023 00:16:42 +0000 (00:16 +0000)]
ecdhtest: fix a couple bugs plus some cosmetic tweaks
tb [Sat, 15 Jul 2023 23:40:46 +0000 (23:40 +0000)]
fix include directive - this is make, not C
tb [Sat, 15 Jul 2023 23:35:02 +0000 (23:35 +0000)]
Rework the ecdhtest
Test keyshare for all built-in curves and simplify, especially printing
on failure. Incorporate known answer tests from RFC 5114 and RFC 5903.
All in all, this is a lot less code and a lot more test coverage and
hopefully a little less eyebleed.
Very loosely based on OpenSSL
b438f0ed by Billy Brumley
kn [Sat, 15 Jul 2023 23:01:25 +0000 (23:01 +0000)]
sync with <sys/namei.h>; 'looks good' deraadt
Document missing struct nameidata members and fix one member's const-ness.
Add REALPATH flag from 2019.
tb [Sat, 15 Jul 2023 20:11:37 +0000 (20:11 +0000)]
Fix return value check for ECDH_compute_key()
ECDH_compute_key() usually returns -1 on error (but sometimes 0). This
was also the case in OpenSSL when these tests were written. This will
soon change. The check for <= 0 will still be correct.
tb [Sat, 15 Jul 2023 19:51:13 +0000 (19:51 +0000)]
Add test coverage for cofactor ECDH using NIST test vectors
Since all non-binary NIST curves have cofactor 1, this is in effect plain
ECDH. Current regress coverage of ECDH is quite lacking on architectures
where Go isn't available. This fixes that.
Actual cofactor ECDH support may be added soon to libcrypto, at which
point I will also add testcases with cofactor > 1.
kettenis [Sat, 15 Jul 2023 19:35:53 +0000 (19:35 +0000)]
Implement PAC support.
ok patrick@
tb [Sat, 15 Jul 2023 19:32:54 +0000 (19:32 +0000)]
Link symbols test to build
tb [Sat, 15 Jul 2023 19:31:02 +0000 (19:31 +0000)]
remove accidentally imported files again
tb [Sat, 15 Jul 2023 19:29:44 +0000 (19:29 +0000)]
Import a version of libcrypto's symbols test for libssl
kettenis [Sat, 15 Jul 2023 19:21:47 +0000 (19:21 +0000)]
Remove stray argument name in function prototype.
dv [Sat, 15 Jul 2023 18:32:21 +0000 (18:32 +0000)]
vmd(8): fix use of qcow base images.
The vm process was prematurely setting device fds to not close-on-exec
and then trying to close(2) them after the fork(2) of the device
process.
This caused a reuse of an fd for one of the socketpair(2)'s for
communication between vm and device. Having device processes close(2)
other device fds after fork would break the socketpair, causing the
device to fail during startup post-exec when trying to receive its
device state from the parent vm process.
Instead, mark the fds to not close on exec post-fork(2) call allowing
other device fds to be closed automatically and avoid closing by
the tracked fd.
Reported by solene@. OK tb@.
jsing [Sat, 15 Jul 2023 15:37:05 +0000 (15:37 +0000)]
Mop up MD32_XARRAY from md5.
MD32_XARRAY was added as a workaround for a broken HP C compiler (circa
1999). Clean it up to simplify the code.
No change in generated assembly.
jsing [Sat, 15 Jul 2023 15:30:43 +0000 (15:30 +0000)]
Mop up MD32_XARRAY from md4.
MD32_XARRAY was added as a workaround for a broken HP C compiler (circa
1999). Clean it up to simplify the code.
No change in generated assembly.
kettenis [Sat, 15 Jul 2023 13:35:17 +0000 (13:35 +0000)]
Add mute control. This makes the mute button on laptops that use
tascodec(4) work.
ok tobhe@
florian [Sat, 15 Jul 2023 10:42:54 +0000 (10:42 +0000)]
Prevent patch(1) from scribbling all over the place.
Arguably the only sensible use of patch(1) is changing files in the
current working directory and subdirectories.
However, patch(1) has this anti-feature, or dare I say bug, where it
will happily follow "../" upwards and outside of the current working
directory to find files to change. All it takes is a line like
+++ ../../../../home/florian/.ssh/authorized_keys
in the patchfile.
patch(1) operates on untrusted input and it already pledge(2)'ed to
not execute arbitrary programs, but of course it needs to write
files.
A simple unveil(".", "rwc") restricts patch(1) to its current working
directory.
We also need to allow /tmp and potentially the output file and reject
file if given on the command line. But those paths are safe.
input op, deraadt
OK millert, sthen
nicm [Fri, 14 Jul 2023 19:32:59 +0000 (19:32 +0000)]
Set extended keys flag again after reset, from Eric T Johnson.
kevlo [Fri, 14 Jul 2023 14:28:47 +0000 (14:28 +0000)]
Check if the OWN bit of Tx descriptor instead of Rx descriptor is set
in rtwn_tx().
Because definitions of R92C_TXDW0_OWN and R92C_RXDW0_OWN are the same,
no functional change.
ok stsp@
claudio [Fri, 14 Jul 2023 10:30:53 +0000 (10:30 +0000)]
Cleanup mrt message handling. Remove the DUMP_XYZ() macros and replace
them with direct calls to for example ibuf_add_n16(). Further cleanup
the error handling and use goto fail in most places. Remove many of the
error messages and combine all the possible ibuf errors in one place.
For this remove most warnings from internal functions (also mark all
internal helper functions with static to make that more obvious).
There are still some cases where an error will result in to warnings but
those errors are unreachable in normal operations.
OK tb@
dtucker [Fri, 14 Jul 2023 07:44:21 +0000 (07:44 +0000)]
Include stdint.h for SIZE_MAX. Fixes OPENSSL=no build.
gerhard [Fri, 14 Jul 2023 07:09:00 +0000 (07:09 +0000)]
Do not ignore the AF_LINK entries of carp(4) interfaces.
OK kn@
claudio [Fri, 14 Jul 2023 07:07:08 +0000 (07:07 +0000)]
struct sleep_state is no longer used, remove it.
Also remove the priority argument to sleep_finish() the code can use
the p_flag P_SINTR flag to know if the signal check is needed or not.
OK cheloha@ kettenis@ mpi@
djm [Fri, 14 Jul 2023 05:31:44 +0000 (05:31 +0000)]
add defence-in-depth checks for some unreachable integer overflows
reported by Yair Mizrahi @ JFrog; feedback/ok millert@
tb [Thu, 13 Jul 2023 20:59:10 +0000 (20:59 +0000)]
Refactor ASN1_item_sign_ctx()
Oh, joy! The muppets had a feast: they could combine the horrors of EVP
with X.509... Return values between -1 and 3 indicating how much work
needs to be done, depending on whether methods are present or absent.
Needless to say that RSA and EdDSA had inconsistent return values until
recently.
Instead of interleaving if/else branches, split out two helper functions
that do essentially independent things, which results in something that
isn't entirely bad. Well, at least not compared to the surrounding code.
asn1_item_set_algorithm_identifiers() extracts the signature algorithm
from the digest and pkey if known, and sets it on the two X509_ALGOR that
may or may not have been passed in.
asn1_item_sign() converts data into der and signs.
Of course there were also a few leaks and missing error checks.
ok jsing
millert [Thu, 13 Jul 2023 20:33:30 +0000 (20:33 +0000)]
bcmp(3) tries to return length, which is a size_t, as an int.
Instead, just return 1 if there is a difference, else 0.
Fixed by ray@ in 2008 but the libkern version was not synced.
OK deraadt@
jasper [Thu, 13 Jul 2023 19:04:50 +0000 (19:04 +0000)]
- use IS_ELF() to check the ELF magic bytes
- reject non-sensical program header values which would result in a crash
when accessing the 0 bytes sized buffer allocated due to it
ok deraadt@ kettenis@
dv [Thu, 13 Jul 2023 18:31:59 +0000 (18:31 +0000)]
vmd(8): pull validation into local prefix parser.
Validation for local prefixes, both inet and inet6, was scattered
around. To make it even more confusing, vmd was using generic address
parsing logic from prior network daemons. vmd doesn't need to parse
addresses other than when parsing the local prefix settings in
vm.conf and no runtime parsing is needed.
This change merges parsing and validation based on vmd's specific
needs for local prefixes (e.g. reserving enough bits for vm id and
network interface id encoding in an ipv4 address). In addition, it
simplifies the struct from a generic address struct to one focused
on just storing the v4 and v6 prefixes and masks. This cleans up an
unused TAILQ struct member that isn't used by vmd and was leftover
copy-pasta from those prior daemons.
The address parsing that vmd uses is also updated to using the
latest logic in bgpd(8).
ok mlarkin@
ajacoutot [Thu, 13 Jul 2023 13:54:27 +0000 (13:54 +0000)]
Check input before trying to disable a non-existing daemon to prevent parsing
bogus characters and outputing hell on the console.
based on an initial submission from Anthony Coulter, thanks!
kettenis [Thu, 13 Jul 2023 08:33:36 +0000 (08:33 +0000)]
Use the deep idle state available on Apple M1/M2 cores in the idle loop and
for suspend. This state makes the CPU lose some of its register state so
we need to save these registers before putting the core to sleep and
restore them when we wake up. This deep idle state has a higher wakeup
latency than the normal WFI idle state. Use similar logic as acpucpu(4) to
decide which idle state to pick.
If some cores of a cluster are in this deep idle state, turbo states become
available to the cores that remain active. So stop skipping these states.
This improves single-core performance a little bit.
The main win is in power savings when running in a state with a high clock
frequency. My M2 Pro mini goes from 14W to 6.5W when idle at the maximum
clock frequency. But event at the lowest clock frequency there are small
but significant power savings.
ok deraadt@, tobhe@
jsg [Thu, 13 Jul 2023 07:31:12 +0000 (07:31 +0000)]
Change function definitions using the identifier-list form used in the
1st edition of Kernighan and Ritchie's The C Programming Language, to
that of the parameter-type-list form described in the ANSI X3.159-1989
standard.
In ISO/IEC 9899:2023 drafts, there is only one form of function definition.
"N2432 Remove support for function definitions with identifier lists".
nicm [Thu, 13 Jul 2023 06:03:48 +0000 (06:03 +0000)]
Use 8 for underscore colour defaults instead of 0 which is less
confusing, and fix writing tge default colour. GitHub issue 3627.
jasper [Wed, 12 Jul 2023 19:49:06 +0000 (19:49 +0000)]
validate alignment of ELF program headers
jasper [Wed, 12 Jul 2023 19:34:14 +0000 (19:34 +0000)]
address incomplete validation of ELF program headers in execve(2) which could lead
to a panic in vmcmd_map_readvn() with a malformed binary/interpreter.
original crash found with Melkor, additional validation provided by
guenther@.
ok kettenis@ guenther@ deraadt@
cheloha [Wed, 12 Jul 2023 18:40:06 +0000 (18:40 +0000)]
GPROF: sleep_state: disable _mcount() across suspend/resume
Something in the amd64 resume path doesn't agree with _mcount(), so
suspend/resume always fails if gmoninit is non-zero. It would be nice
if GPROF kernels didn't crash during resume.
In sleep_state(), (1) clear gmoninit after sched_stop_secondary_cpus()
so the primary CPU isn't racing sysctl(2) on another CPU, and (2)
restore gmoninit just after resume_mp() so the secondary CPUs are out
of cpu_hatch() and away from whatever is causing the crash before
_mcount() is reenabled.
Lots of input from claudio@, deraadt@, and kettenis@.
Thread 1: https://marc.info/?l=openbsd-tech&m=
168721453821801&w=2
Thread 2: https://marc.info/?l=openbsd-tech&m=
168892518722935&w=2
ok kettenis@ deraadt@
anton [Wed, 12 Jul 2023 18:36:06 +0000 (18:36 +0000)]
Add test which consistently triggers the problem with test6_perms,
omitting all other irrelevant files.
anton [Wed, 12 Jul 2023 18:21:39 +0000 (18:21 +0000)]
Report fork errors as this test is likely to hit the default
kern.maxproc limit.
jmc [Wed, 12 Jul 2023 18:14:13 +0000 (18:14 +0000)]
missing word; from thib4711
mvs [Wed, 12 Jul 2023 16:10:45 +0000 (16:10 +0000)]
Fix solock()/sounlock() usage.
This time solock() doesn't return value and sounlock() hasn't second
parameter. Bi-directional Forwarding Detection is disabled by default,
so it was forgotten when solock()/sounlock() were changed.
Build test done with BFD option.
ok phessler claudio
florian [Wed, 12 Jul 2023 15:45:34 +0000 (15:45 +0000)]
Don't run off the end of path if it ends in /.
OK op, sthen
florian [Wed, 12 Jul 2023 15:44:47 +0000 (15:44 +0000)]
basename(3) can fail, prevent segfault in strlen(3).
OK tb, sthen
claudio [Wed, 12 Jul 2023 15:34:59 +0000 (15:34 +0000)]
Add regress test to check for bad attribute lenght for optional transitive
attributes.
claudio [Wed, 12 Jul 2023 15:27:11 +0000 (15:27 +0000)]
Update rde_community_test after the major change in how attributes and
communities are written.
claudio [Wed, 12 Jul 2023 14:45:42 +0000 (14:45 +0000)]
Update OpenBGPD to use new ibuf API.
This replaces the old way of using a static buffer and a len to build
UPDATEs with a pure ibuf solution. The result is much cleaner and a lot
of almost duplicate code can be removed because often a version for ibufs
and one for this static buffer was implemented (e.g. for mrt or bgpctl).
With and OK tb@
tb [Wed, 12 Jul 2023 12:37:27 +0000 (12:37 +0000)]
Work around use after free in httpd(8)
A malformed HTTP request can cause httpd in fastcgi mode to crash due to a
use-after-free. This is an awful hack, but it's good enough until someone
figures out the correct way of dealing with server_close() here.
"this will do the trick for now" claudio
ok beck deraadt
claudio [Wed, 12 Jul 2023 12:31:28 +0000 (12:31 +0000)]
In rde_attr_parse() if an attribute causes a parse error which results in
a treat-as-withdraw consume the full attribute by updating plen else the
parser will fail parsing a possible next element which results in a
session reset.
Initial report by Ben Cox (ben at benjojo.co.uk)
OK tb@
tb [Wed, 12 Jul 2023 11:26:13 +0000 (11:26 +0000)]
Use ssize_t instead of short for line lengths
sthen hit a binary patch containing a 'line' of length > 32kB. This made
the short used for storing the line length wrap and resulted in a buffer
underflow and segfault. This uses a larger type, which doesn't actually
fix the problem, but makes it much less likely to be hit.
ok florian otto sthen
tb [Wed, 12 Jul 2023 08:54:18 +0000 (08:54 +0000)]
Revert accidental addition of cofactor ECDH support
This snuck in with ech_key.c r1.33 because I committed from a dirty tree.
tb [Wed, 12 Jul 2023 07:03:24 +0000 (07:03 +0000)]
Reenable clienttest and servertest
tb [Tue, 11 Jul 2023 17:03:44 +0000 (17:03 +0000)]
Fix last bit of the clienttest, needs ssl_pkt.c r1.66
tb [Tue, 11 Jul 2023 17:02:47 +0000 (17:02 +0000)]
Remove old workaround for F5
F5 is well-known for needing workaround (go read RFC 8446). In this
particular case, it required implementation sending CHs larger than
255 bytes to 0x0300 otherwise their server would hang. This is the
same hang that required the CH padding extension which broke other
implementations. The CH padding extension was removed ~6 years ago,
so hopefully this kludge will no longer needed either.
ok jsing
op [Tue, 11 Jul 2023 16:40:22 +0000 (16:40 +0000)]
drop engine support
diff originally by tb@, tweaked to apply after the useless logging
methods removal.
ok tb
op [Tue, 11 Jul 2023 16:39:41 +0000 (16:39 +0000)]
remove the useless logging methods
Instead of wrapping all the methods of the RSA and ECDSA ENGINE,
duplicate the default and override only the ones that are actually
needed for the privsep crypto engine.
part of a larger diff that's ok tb@
nicm [Tue, 11 Jul 2023 16:09:09 +0000 (16:09 +0000)]
Remove Ns and Li and change Nm to Ic, suggested by jmc.
claudio [Tue, 11 Jul 2023 15:18:31 +0000 (15:18 +0000)]
Bump version for -portable release
claudio [Tue, 11 Jul 2023 12:14:16 +0000 (12:14 +0000)]
No need to initialize the first element of st->string since it was just
calloc(3)-ed a few lines above.
OK tb@
tb [Tue, 11 Jul 2023 11:52:35 +0000 (11:52 +0000)]
Keep servertest silent and align with clienttest
tb [Tue, 11 Jul 2023 10:09:47 +0000 (10:09 +0000)]
Neuter expected server test failures with SSLv2
This test should either be extended or retired. As it is it is useless.
tb [Tue, 11 Jul 2023 08:31:34 +0000 (08:31 +0000)]
Fix most of the clienttest. With this only test cases 9 and 13 fail.
nicm [Tue, 11 Jul 2023 07:34:23 +0000 (07:34 +0000)]
Add descriptions of copy mode commands, from Michael Bianco.
claudio [Tue, 11 Jul 2023 07:02:43 +0000 (07:02 +0000)]
Rework sleep_setup()/sleep_finish() to no longer hold the scheduler lock
between calls.
Instead of forcing an atomic operation across multiple calls use a three
step transaction.
1. setup sleep state by calling sleep_setup()
2. recheck sleep condition to ensure that the event did not fire before
sleep_setup() registered the proc onto the sleep queue
3. call sleep_finish() to either sleep or keep on running based on the
step 2 outcome and any possible signal delivery
To make this work wakeup from signals, single thread api and wakeup(9) need
to be aware if a process is between step 1 and step 3 so that the process
is not enqueued back onto the runqueue while going to sleep. Introduce
the p_flag P_WSLEEP to detect this situation.
On top of this remove the spl dance in msleep() which is no longer required.
It is ok to process interrupts between step 1 and 3.
OK mpi@ cheloha@
anton [Tue, 11 Jul 2023 06:09:32 +0000 (06:09 +0000)]
Trim leading whitespace from find(1) output, missed in previous.
deraadt [Mon, 10 Jul 2023 22:54:40 +0000 (22:54 +0000)]
Allow unveiled programs to dump core (in the default, classic, into . way)
by passing BYPASSUNVEIL just for this vnode. The coredump() code is quite
careful, so this will be fine.
ok kn kettenis semarie
tb [Mon, 10 Jul 2023 20:21:37 +0000 (20:21 +0000)]
Add test case for negative number with highest bit of top octet set
This currently adds an incorrect 00: padding, consistent with OpenSSL's
behavior.
jan [Mon, 10 Jul 2023 19:36:54 +0000 (19:36 +0000)]
ix(4): allocate less memory for tx buffers
TSO packets are limited to MAXMCLBYTES (64k). Thus, we don't need to
allocate IXGBE_TSO_SIZE (256k) per packet for the transmit buffers.
tested by bluhm
ok bluhm@
tb [Mon, 10 Jul 2023 19:10:51 +0000 (19:10 +0000)]
Rename EC_KEY from r to key like in the rest of the file
anton [Mon, 10 Jul 2023 17:46:29 +0000 (17:46 +0000)]
The rsync tests are unstable since the directory listing includes the
last modification timestamp. One directory represents the one rsync is
operating on and the other is our reference to compare against. If the
current time managed to tick up to the next minute between creation of
the two directories, the timestamps will differ.
Improving the normalization in the findme helper makes the tests stable.
ok bluhm@ claudio@
anton [Mon, 10 Jul 2023 17:46:03 +0000 (17:46 +0000)]
Infer the timeout from the environment, with sane defaults. Should
hopefully make these tests more stable on my slow^W regress machines.
ok sashan@
anton [Mon, 10 Jul 2023 17:45:17 +0000 (17:45 +0000)]
Improve err/warn messages:
* The colon space separator is already appended by err/warn.
* Favor err(1, NULL) for malloc errors.
jeremy [Mon, 10 Jul 2023 16:28:33 +0000 (16:28 +0000)]
Don't open files that will be skipped
Previously, when creating an archive file with pax(1), pax will attempt
to open a file even if the file will be skipped due to an -s replacement
with the empty string. With this change, pax will not attempt to open
files that it knows will be skipped.
When doing direct copies to a directory (-rw), pax already skips
the file before attempting to open it. So this makes the behavior
more consistent.
This can measurably speed up pax when skipping a large number of files.
OK tb@
patrick [Mon, 10 Jul 2023 13:48:02 +0000 (13:48 +0000)]
The changes to the register layout affect the interrupt status/ack registers
as well. Make use of these, otherwise it might lead to an interrupt flood.
ok kettenis@
job [Mon, 10 Jul 2023 12:02:37 +0000 (12:02 +0000)]
Update outdated comment
nicm [Mon, 10 Jul 2023 12:00:08 +0000 (12:00 +0000)]
It should no longer be necessary to ignore SIGCHLD because it is now
blocked around daemon(), and doing so causes trouble with newer libevent
(it cannot restore the original handler). Reported by Azat Khuzhin in
GitHub issue 3626.
nicm [Mon, 10 Jul 2023 09:35:46 +0000 (09:35 +0000)]
Loop around waitpid in client, from Azat Khuzhin.
espie [Mon, 10 Jul 2023 09:29:48 +0000 (09:29 +0000)]
finish v5.36, UList was a bit more work
nicm [Mon, 10 Jul 2023 09:24:53 +0000 (09:24 +0000)]
Use a stack for last panes line windows, from Thomas Bertschinger in
GitHub issue 3588.
djm [Mon, 10 Jul 2023 04:51:26 +0000 (04:51 +0000)]
misplaced debug message
guenther [Mon, 10 Jul 2023 03:32:10 +0000 (03:32 +0000)]
Enable Indirect Branch Tracking for amd64 userland, using XSAVES/XRSTORS
to save/restore the state and enabling it at exec-time (and for
signal handling) if the PS_NOBTCFI flag isn't set.
Note: this changes the format of the sc_fpstate data in the signal
context to possibly be in compressed format: starting now we just
guarantee that that state is in a format understood by the XRSTOR
instruction of the system that is being executed on.
At this time, passing sigreturn a corrupt sc_fpstate now results
in the process exiting with no attempt to fix it up or send a
T_PROTFLT trap. That may change.
prodding by deraadt@
issues with my original signal handling design identified by kettenis@
lots of base and ports preparation for this by deraadt@ and the
libressl and ports teams
ok deraadt@ kettenis@
guenther [Mon, 10 Jul 2023 03:31:57 +0000 (03:31 +0000)]
Add PS_NOBTCFI, a per-process flag indicating that Branch Target
Control Flow Integrity has been disabled for the process. At
exec-time, set that flag iff EXEC_NOBTCFI is passed from the ELF
exec bits (which set it based on presence of a PT_OPENBSD_NOBTCFI
segment). This will be used by the amd64 code.
kern_exec.c part by kettenis@
ok guenther@ deraadt@
tb [Mon, 10 Jul 2023 03:26:30 +0000 (03:26 +0000)]
Pull BIGNUM constants out of get_* function bodies
The get_rfc*_prime_* functions will be removed. The constants will remain
for the BN_get_rfc*_prime_* functions. Make the latter call BN_bin2bn()
directly on these constants rather than going through get_*. This avoids
some overlong lines. Also KNF for some comments.
Reduces the diff I currently carry by quite a bit.
tb [Mon, 10 Jul 2023 02:33:33 +0000 (02:33 +0000)]
BIO_indent: use %*s rather than puts in a loop
ok beck jsing millert
tb [Mon, 10 Jul 2023 02:29:28 +0000 (02:29 +0000)]
bn_print: string.h is no longer needed
deraadt [Mon, 10 Jul 2023 00:31:03 +0000 (00:31 +0000)]
sync
nicm [Sun, 9 Jul 2023 22:54:52 +0000 (22:54 +0000)]
Call closefrom after removing signals because newer libevent doesn't
like its signal fd being closed Azat Khuzhin.
tb [Sun, 9 Jul 2023 19:22:43 +0000 (19:22 +0000)]
Fix ndef_{prefix,suffix}()
These functions inline a poor version of asn1_item_flags_i2d() without
error checks. This can be replaced with a single correct call to
ASN1_item_ndef_i2d(). Mechanically adding malloc checks and checks for
negative did not really improve things all that much in a related project.
ok beck jsing
patrick [Sun, 9 Jul 2023 19:11:30 +0000 (19:11 +0000)]
It turns out that there are seperate pins for the PCIe Gen 2 and 3, which
means that the x4 PCIe controller can get all PCIe Gen 3 lines, while the
others then only get PCIe Gen 2 lines. Therefore the decision on how to
configure the mux needs to be adjusted so that the PCIe Gen 3 lines are
only routed to other PCIe controllers when they are explicitly configured
for them. While there, fix an obvious typo.
ok kettenis@
bluhm [Sun, 9 Jul 2023 19:06:48 +0000 (19:06 +0000)]
Fix route entry leak.
In in6_ifdetach() two struct rtentry were leaked. This was triggered
by regress/sbin/route and detected with btrace(8) refcnt. The
reference returned by rtalloc() must be freed with rtfree() in all
cases.
OK phessler@ mvs@