openbsd
2 years agos/0/instance/ in usage to match manual synopsis
kn [Sun, 10 Jul 2022 19:51:37 +0000 (19:51 +0000)]
s/0/instance/ in usage to match manual synopsis

OK jmc

2 years agoAnnotate the security callback and the security ex_data as deliberately
tb [Sun, 10 Jul 2022 18:40:55 +0000 (18:40 +0000)]
Annotate the security callback and the security ex_data as deliberately
not exposed in the public API.

2 years agoUse nice #define's for input buf size and output help buf size.
krw [Sun, 10 Jul 2022 17:46:03 +0000 (17:46 +0000)]
Use nice #define's for input buf size and output help buf size.

No functional change.

2 years agoIn dsa.h rev. 1.38, tb@ provided DSA_meth_get0_name(3)
schwarze [Sun, 10 Jul 2022 13:41:59 +0000 (13:41 +0000)]
In dsa.h rev. 1.38, tb@ provided DSA_meth_get0_name(3)
and DSA_meth_set1_name(3).
Merge the documentation from the OpenSSL 1.1.1 branch, which
is still under a free license, significantly tweaked by me.

2 years agoAdd missing device_unref() calls.
visa [Sun, 10 Jul 2022 08:33:00 +0000 (08:33 +0000)]
Add missing device_unref() calls.

OK kettenis@

2 years agoExplicitly set the default value for Bflag to BPF_FILDROP_PASS
halex [Sat, 9 Jul 2022 23:24:44 +0000 (23:24 +0000)]
Explicitly set the default value for Bflag to BPF_FILDROP_PASS

Technically a nop since the value of the initial constant is 0 anyway
but we should not rely on that.

2 years agoFix the error path of the 'SIOCSIFMTU' pppoe_ioctl() case. Return error
mvs [Sat, 9 Jul 2022 20:57:01 +0000 (20:57 +0000)]
Fix the error path of the 'SIOCSIFMTU' pppoe_ioctl() case. Return error
value if the `error' is set instead of continue to sppp_ioctl().

ok bluhm@

2 years agoAdd suspend/resume support
kettenis [Sat, 9 Jul 2022 20:52:46 +0000 (20:52 +0000)]
Add suspend/resume support

ok mlarkin@, patrick@

2 years agoAdd suspend/resume support.
kettenis [Sat, 9 Jul 2022 20:51:39 +0000 (20:51 +0000)]
Add suspend/resume support.

ok mlarkin@, patrick@

2 years agoAdd support for calling the CPU_OFF and SYSTEM_SUSPEND functions.
kettenis [Sat, 9 Jul 2022 19:27:56 +0000 (19:27 +0000)]
Add support for calling the CPU_OFF and SYSTEM_SUSPEND functions.
Add a function to check whether SYSTEM_SUSPEND is supported by the
PSCI firmware.

ok patrick@

2 years agoSync: add llvm-readelf/llvm-readobj
jca [Sat, 9 Jul 2022 16:44:48 +0000 (16:44 +0000)]
Sync: add llvm-readelf/llvm-readobj

2 years agoBuild and install llvm-readobj, also install it as llvm-readelf
jca [Sat, 9 Jul 2022 16:25:37 +0000 (16:25 +0000)]
Build and install llvm-readobj, also install it as llvm-readelf

Useful on architectures not actually supported by our ancient binutils
(arm64, powerpc64, riscv64), or on architectures incompletely supported
(eg recent features on amd64).

ok kettenis@ sthen@

2 years agoCheck that ASN1_{INTEGER,ENUMERATED}_get(NULL) return 0 as documented.
tb [Sat, 9 Jul 2022 14:47:42 +0000 (14:47 +0000)]
Check that ASN1_{INTEGER,ENUMERATED}_get(NULL) return 0 as documented.

2 years agoMake ASN1_{INTEGER,ENUMERATED}_get() return 0 on NULL again
tb [Sat, 9 Jul 2022 14:46:42 +0000 (14:46 +0000)]
Make ASN1_{INTEGER,ENUMERATED}_get() return 0 on NULL again

This is the documented behavior which got lost in the recent rewrite.

Mismatch of documentation and reality pointed out by schwarze

ok jsing

2 years agoDocument ASN1_INTEGER_get_uint64(3), ASN1_INTEGER_get_int64(3),
schwarze [Sat, 9 Jul 2022 13:13:34 +0000 (13:13 +0000)]
Document ASN1_INTEGER_get_uint64(3), ASN1_INTEGER_get_int64(3),
ASN1_INTEGER_set_uint64(3), ASN1_INTEGER_set_int64(3),
ASN1_ENUMERATED_get_int64(3), and ASN1_ENUMERATED_set_int64(3)
recently provided by tb@.

Even though Dr. Steven Henson also documented these functions in OpenSSL,
the text over there is excessively verbose, repetitive, very badly ordered,
and incomplete, so i chose to instead write this patch from scratch,
also adding some precision in a few places.

2 years agoUnwrap klist from struct selinfo as this code no longer uses selwakeup().
visa [Sat, 9 Jul 2022 12:48:21 +0000 (12:48 +0000)]
Unwrap klist from struct selinfo as this code no longer uses selwakeup().

OK jsg@

2 years agoConsistently use uint64_t.
kettenis [Sat, 9 Jul 2022 09:25:52 +0000 (09:25 +0000)]
Consistently use uint64_t.

2 years agoDisplay parameters exposed to userland as percentages (backlight, brightness,
miod [Fri, 8 Jul 2022 21:29:20 +0000 (21:29 +0000)]
Display parameters exposed to userland as percentages (backlight, brightness,
contrast) are not valid if they only have one state, i.e. minimum and maximum
values being equal.

Do not expose them to userland in this case, for wsconsctl would attempt to
divide by zero (which is known to have unwelcome consequences).

This allows display drivers trusting not-so-reliable sources (fdt, bogus
hardware...) to not have to perform those checks themselves.

Found the hard way by daniel@. No firm consensus on this workaround, using
one seniority point here, will revert if this spawns complaints.

2 years agoAdd a missing check for negative tv_sec when setting the timeout.
millert [Fri, 8 Jul 2022 20:47:24 +0000 (20:47 +0000)]
Add a missing check for negative tv_sec when setting the timeout.
Also clear the entire timeout if the remaining time becomes negative
instead of just clearing tv_sec or tv_nsec.  OK cheloha@.

2 years agoSupport sending certificate chains with intermediate CAs in multiple CERT
tobhe [Fri, 8 Jul 2022 19:51:11 +0000 (19:51 +0000)]
Support sending certificate chains with intermediate CAs in multiple CERT
payloads.  Local certificate chains as required with LetsEncrypt certs will
work between iked and other IKEv2 implementations,  iked to iked connections
won't work yet because of missing support to receive multiple CERT
payloads.

from Katsuhiro Ueno
tested by and ok sthen@

2 years agoUse AID_MIN instead of 0 == AID_UNSPEC as foo loop start value where apropriate
claudio [Fri, 8 Jul 2022 16:12:11 +0000 (16:12 +0000)]
Use AID_MIN instead of 0 == AID_UNSPEC as foo loop start value where apropriate

OK tb@

2 years agowhitespace
tb [Fri, 8 Jul 2022 14:33:56 +0000 (14:33 +0000)]
whitespace

2 years agoPass path_id_tx to the Adj-RIB-Out
claudio [Fri, 8 Jul 2022 10:01:52 +0000 (10:01 +0000)]
Pass path_id_tx to the Adj-RIB-Out

Adjust prefix_adjout_update() to properly handle path_id_tx.
Move the lookup of the prefix out of prefix_adjout_update() and to
up_generate_updates(). While that code uses prefix_adjout_lookup() to
find the current prefix in the Adj-RIB-Out and add-path aware function
will use prefix_adjout_get().

In up_generate_default() just use 0 for path_id_tx since for this peer
that is the only prefix installed into the Adj-RIB-Out.

OK tb@

2 years agoThis needs arpa/inet.h for ntohs() and htons()
claudio [Fri, 8 Jul 2022 08:48:56 +0000 (08:48 +0000)]
This needs arpa/inet.h for ntohs() and htons()

2 years agoAssign a local path_id to all prefixes
claudio [Fri, 8 Jul 2022 08:11:25 +0000 (08:11 +0000)]
Assign a local path_id to all prefixes

For add-path a unique path_id needs to be assigne to all prefixes.
Use a random number since the RFC explicitly mentions that there is no
meaning what the value means. The local path_id is inherited to all
the RIBs. Adj-RIB-Out handling is not yet down.
OK tb@

2 years agoremove unused variables
jsg [Fri, 8 Jul 2022 07:04:54 +0000 (07:04 +0000)]
remove unused variables

2 years agoAdd to variables instead of overriding them
tb [Fri, 8 Jul 2022 06:25:39 +0000 (06:25 +0000)]
Add to variables instead of overriding them

2 years agodrm/fourcc: fix integer type usage in uapi header
jsg [Thu, 7 Jul 2022 23:32:11 +0000 (23:32 +0000)]
drm/fourcc: fix integer type usage in uapi header

From Carlos Llamas
5b458d3de9cfac4a21b704c90c8c7eff244c8b13 in linux 5.15.y/5.15.53
20b8264394b33adb1640a485a62a84bc1388b6a3 in mainline linux

2 years agodrm/i915/gem: add missing else
jsg [Thu, 7 Jul 2022 23:28:58 +0000 (23:28 +0000)]
drm/i915/gem: add missing else

From katrinzhou
a13ea254268c5538f4c2f1a1a344ad07cd7b87d3 in linux 5.15.y/5.15.53
9efdd519d001ee3e761f6ff80d5eb123387421c1 in mainline linux

2 years agodrm/amdgpu: To flush tlb for MMHUB of RAVEN series
jsg [Thu, 7 Jul 2022 23:25:48 +0000 (23:25 +0000)]
drm/amdgpu: To flush tlb for MMHUB of RAVEN series

From Ruili Ji
31c371b61d13dd457fdcc27cd728c04ee09f9cdb in linux 5.15.y/5.15.53
5cb0e3fb2c54eabfb3f932a1574bff1774946bc0 in mainline linux

2 years agoRevert "drm/amdgpu/display: set vblank_disable_immediate for DC"
jsg [Thu, 7 Jul 2022 23:23:10 +0000 (23:23 +0000)]
Revert "drm/amdgpu/display: set vblank_disable_immediate for DC"

From Alex Deucher
990132bebcc81aa95c1a1ac4422b0364753d9d39 in linux 5.15.y/5.15.53
a775e4e4941bf2f326aa36c58f67bd6c96cac717 in mainline linux

2 years agoIf ppoll(2) exits, log to syslog(3) instead of stderr
jca [Thu, 7 Jul 2022 20:58:57 +0000 (20:58 +0000)]
If ppoll(2) exits, log to syslog(3) instead of stderr

By default cron runs as a daemon, with stderr redirected to /dev/null.
Better not exit silently, as spotted by sthen@, danj@, "wxallowed" on
irc/libera and myself.  There probably is a bug lurking in ppoll(2)
usage or in the syscall implementation.

ok millert@

2 years agoAdd support for primality checking
tb [Thu, 7 Jul 2022 20:01:20 +0000 (20:01 +0000)]
Add support for primality checking

Project Wycheproof's primality_tests.json contain a set of 280 numbers
that trigger edge cases in Miller-Rabin and related checks. libcrypto's
Miller-Rabin test is known to be rather poor, hopefully we will soon see
a diff on tech that improves on this.

This extends the Go test in the usual way and also adds a perl script
that allows testing on non-Go architectures.

Deliberately not yet linked to regress since the tests are flaky with
the current BN_is_prime_ex() implementatation.

2 years agoRework prefix_insert() and prefix_remove() to properly recalculate dmetric
claudio [Thu, 7 Jul 2022 19:46:38 +0000 (19:46 +0000)]
Rework prefix_insert() and prefix_remove() to properly recalculate dmetric

The med regress test triggered the fatal in prefix_set_dmetric() because
on MED priority inversion the simple check previous with next before remove
can return a negative number because that prefix is also inversed.

Adjust code so that when removing prefixes from the list wait until the
next element is checked to do the fixup. In prefix_remove() cache the
previous element and calculate the dmetric at the end of the MED check.
In prefix_insert() alter the loop to also defer the dmetric recalc by
removing most continue statements in the loop.
With and OK tb@

2 years agosort
tb [Thu, 7 Jul 2022 19:43:37 +0000 (19:43 +0000)]
sort

2 years agoSync bs_cbb.c with libssl.
tb [Thu, 7 Jul 2022 17:16:05 +0000 (17:16 +0000)]
Sync bs_cbb.c with libssl.

ok jsing

2 years agoMake CBB_finish() fail if *out_data is not NULL
tb [Thu, 7 Jul 2022 17:12:15 +0000 (17:12 +0000)]
Make CBB_finish() fail if *out_data is not NULL

Contrary to CBS_stow(), CBB_finish() will leak, so ensure we fail if
*out_data is populated.

Discussed with & ok jsing

2 years agoInitialize hkdf_label to NULL.
tb [Thu, 7 Jul 2022 17:09:45 +0000 (17:09 +0000)]
Initialize hkdf_label to NULL.

Needed for an upcoming diff adding a NULL check to CBB_finish().

ok jsing

2 years agoUse a local bits variable to avoid ugly line break due to nested function
tb [Thu, 7 Jul 2022 17:08:28 +0000 (17:08 +0000)]
Use a local bits variable to avoid ugly line break due to nested function
calls.

ok jsing

2 years agoSkip dmetric related code for the Adj-RIB-Out since there is no decision
claudio [Thu, 7 Jul 2022 13:55:52 +0000 (13:55 +0000)]
Skip dmetric related code for the Adj-RIB-Out since there is no decision
process there.
OK tb@

2 years agoRevert previous attempt at serializing `uo_refs'.
mpi [Thu, 7 Jul 2022 13:52:20 +0000 (13:52 +0000)]
Revert previous attempt at serializing `uo_refs'.

It is incorrect to look at/modify `uo_refs' without lock in uvm_vnp_sync().
However sleeping is not possible and spinning introduces a deadlock with the
KERNEL_LOCK() when another thread faults on a mmaped region related to a
vnode we're currently synching.

A proper fix should be investigated.  For now a kown a race, mostly safe due
to the KERNEL_LOCK(), is better than a possible deadlock.

Issue reported by caspar@

Discussed with and ok semarie@

2 years agoAdjust to new bgpctl output
claudio [Thu, 7 Jul 2022 13:40:27 +0000 (13:40 +0000)]
Adjust to new bgpctl output

2 years agoUse the security level knob in the test script.
tb [Thu, 7 Jul 2022 13:20:12 +0000 (13:20 +0000)]
Use the security level knob in the test script.

from beck

2 years agoOnly run tests against ciphers supported by the method.
tb [Thu, 7 Jul 2022 13:12:57 +0000 (13:12 +0000)]
Only run tests against ciphers supported by the method.

2 years agoAdd some minimal regress coverage for the security level.
tb [Thu, 7 Jul 2022 13:11:45 +0000 (13:11 +0000)]
Add some minimal regress coverage for the security level.

From beck

2 years agoMake the ssltest security level aware.
tb [Thu, 7 Jul 2022 13:10:22 +0000 (13:10 +0000)]
Make the ssltest security level aware.

From beck

2 years agosync
tb [Thu, 7 Jul 2022 13:05:40 +0000 (13:05 +0000)]
sync

2 years agoBump libtls minor after libcrypto and libssl minor bump
tb [Thu, 7 Jul 2022 13:05:13 +0000 (13:05 +0000)]
Bump libtls minor after libcrypto and libssl minor bump

2 years agoUnifdef LIBRESSL_HAS_SECURITY_LEVEL and remove some workarounds
tb [Thu, 7 Jul 2022 13:04:39 +0000 (13:04 +0000)]
Unifdef LIBRESSL_HAS_SECURITY_LEVEL and remove some workarounds
that are no longer needed now that libcrypto exposes the necessary
security-bits API.

ok jsing

2 years agoBump minor after symbol addition
tb [Thu, 7 Jul 2022 13:03:53 +0000 (13:03 +0000)]
Bump minor after symbol addition

2 years agoUpdate Symbols.list
tb [Thu, 7 Jul 2022 13:03:20 +0000 (13:03 +0000)]
Update Symbols.list

ok jsing

2 years agoExpose security level symbols and error codes in the headers.
tb [Thu, 7 Jul 2022 13:02:59 +0000 (13:02 +0000)]
Expose security level symbols and error codes in the headers.

ok jsing

2 years agobump minor after symbol addition
tb [Thu, 7 Jul 2022 13:02:11 +0000 (13:02 +0000)]
bump minor after symbol addition

2 years agoUpdate Symbols.list
tb [Thu, 7 Jul 2022 13:01:51 +0000 (13:01 +0000)]
Update Symbols.list

ok jsing

2 years agoExpose new API in headers.
tb [Thu, 7 Jul 2022 13:01:28 +0000 (13:01 +0000)]
Expose new API in headers.

These are mostly security-level related, but there are also ASN1_TIME
and ASN_INTEGER functions here, as well as some missing accessors.

ok jsing

2 years agoProperly break out of the loop setting the PREF flags.
claudio [Thu, 7 Jul 2022 12:38:19 +0000 (12:38 +0000)]
Properly break out of the loop setting the PREF flags.

2 years agoAdjust prototype of dummy rde_generate_updates() function
claudio [Thu, 7 Jul 2022 12:20:50 +0000 (12:20 +0000)]
Adjust prototype of dummy rde_generate_updates() function

2 years agoPrint dmetric for prefixes, this may still change in the future.
claudio [Thu, 7 Jul 2022 12:17:57 +0000 (12:17 +0000)]
Print dmetric for prefixes, this may still change in the future.
OK tb@

2 years agoIntroduce a decision metric (dmetric) that classifies the relation of
claudio [Thu, 7 Jul 2022 12:16:04 +0000 (12:16 +0000)]
Introduce a decision metric (dmetric) that classifies the relation of
this prefix with respect to its previous one.

Currently the plan is to distinguish the best prefix (only one), ecmp
prefixes (currently the same as as-wide-multipath), as-wide-multipath
prefixes, valid prefixes and invalid prefixes.
This information will be used to implement add-path send but also for
ecmp support in bgpd.
OK tb@

2 years agoSwitch ssltest to using the newly generated certs that use SHA-256 instead
tb [Thu, 7 Jul 2022 11:40:17 +0000 (11:40 +0000)]
Switch ssltest to using the newly generated certs that use SHA-256 instead
of SHA-1. This helps the switch to security-level aware ssltest.

From jsing

2 years agoRefactor the code that generates updates so that up_generate_updates is
claudio [Thu, 7 Jul 2022 10:46:54 +0000 (10:46 +0000)]
Refactor the code that generates updates so that up_generate_updates is
only called in one spot.

rde_generate_updates() gets a enum eval_mode argument to discern
the different cases. peer_generate_update() uses the eval_mode to skip
the update if it is not needed.
While there also add an extra AID check in IMSG_REFRESH case to make sure
the requested AID is actually available for this peer.
OK tb@

2 years agoHandle strange format strings better.
claudio [Thu, 7 Jul 2022 10:40:25 +0000 (10:40 +0000)]
Handle strange format strings better.

Make sure that the allocated buffers are not zero sized even for an empty
format string. Also do not call strftime if the buffer is empty. The return
value of strftime does not distinguish between an empty format string and
an overflow of the output buffer. Finally auto scale the size of the outbuf
in case strftime fails. Some format specifiers expand to 25 and more chars
so it is hard to guess in advance what size is required.
This may waste some memory but it keeps the code as simple as possible.
OK tb@

2 years agoremove a DPRINTF() from iwm(4) which no longer makes any sense
stsp [Thu, 7 Jul 2022 07:48:45 +0000 (07:48 +0000)]
remove a DPRINTF() from iwm(4) which no longer makes any sense

The conditions under which this debug message should trigger were
changed in r1.330 (cvs commit RcatFKLXoHUopLvW), which removed a
txd_done() call located before txq_advance(). The mbuf for the
most recently completed frame will no longer be NULL on entry.

Prompted by a question from waddlesplash at haiku-os.

2 years agoretire NexGen CPU identification code
daniel [Thu, 7 Jul 2022 00:56:46 +0000 (00:56 +0000)]
retire NexGen CPU identification code

On OpenBSD/i386 we only support Pentium compatible CPUs with an FPU.
The NexGen CPUs probably don't meet this requirement so remove the
small amount of support code to identify this brand of CPU.

The Nx586 "P" models did not include an FPU as they were expected
to be paired with an Nx587 FPU (which was never officially released).

The Nx586 "FP" models did include an FPU, but even these are allegedly
386 clones and not Pentium compatible. According to some websites,
486 instructions were emulated via hypercode. However the 486
instruction emulation was only enough to run applications and wasn't
good enough to run an OS that needs newer 486 and Pentium instructions.

Finally, while our current code references the "Processor Recognition
Application Note", we only implement the half of the documented
algorithm to detect NexGen CPUs. We don't implement the second half
of the algorithm to check for the vendor string "NexGenDriven" on NexGen
CPUs that support the CPUID instruction (like the Nx586-P120 and Nx586-P133).

ok jsg@

2 years agoFor accessibility, label the last two widgets in the search form.
schwarze [Wed, 6 Jul 2022 17:19:57 +0000 (17:19 +0000)]
For accessibility, label the last two widgets in the search form.
Patch from Anna Vyalkova <cyber at sysrq dot in>, significantly tweaked by me.

2 years agohttps://www.w3.org/WAI/ARIA/apg/practices/names-and-descriptions/ says:
schwarze [Wed, 6 Jul 2022 16:02:52 +0000 (16:02 +0000)]
https://w3.org/WAI/ARIA/apg/practices/names-and-descriptions/ says:
"Start names with a capital letter;
it helps some screen readers speak them with appropriate inflection."
Anna Vyalkova already did that correctly when sending patches,
but i ruined it when committing, so fix it now.

2 years agoimprove the description of header.html and footer.html
schwarze [Wed, 6 Jul 2022 15:47:10 +0000 (15:47 +0000)]
improve the description of header.html and footer.html

2 years agoassign the ARIA role "doc-subtitle" to the .Nd element;
schwarze [Wed, 6 Jul 2022 15:25:22 +0000 (15:25 +0000)]
assign the ARIA role "doc-subtitle" to the .Nd element;
discussed with Anna Vyalkova <cyber at sysrq dot in>

2 years agoWhile the HTML standard allows multiple <h1> elements in the same
schwarze [Wed, 6 Jul 2022 14:27:54 +0000 (14:27 +0000)]
While the HTML standard allows multiple <h1> elements in the same
document, <h1> is intended for top level headers, and most of the
sections in a manual page can hardly be considered top-level.
It is more usual to use <h1> only for the main title of the document
of for the site name.

Consequently, move .Sh/.SH from <h1> to <h2> and .Ss/.SS from <h2>
to <h3>, freeing <h1> for use by header.html in man.cgi(8).

Discussed with Anna Vyalkova <cyber at sysrq dot in>.

2 years agomissed one PERMIT_PACKAGE_* -> PERMIT_PACKAGE
espie [Wed, 6 Jul 2022 09:42:15 +0000 (09:42 +0000)]
missed one PERMIT_PACKAGE_* -> PERMIT_PACKAGE

2 years agoShow config errors on attach if they were not shown when the session
nicm [Wed, 6 Jul 2022 08:40:52 +0000 (08:40 +0000)]
Show config errors on attach if they were not shown when the session
was created.

2 years agoRemove debugging code.
nicm [Wed, 6 Jul 2022 08:32:28 +0000 (08:32 +0000)]
Remove debugging code.

2 years agoDefer reading from control client until the command line command has
nicm [Wed, 6 Jul 2022 08:31:59 +0000 (08:31 +0000)]
Defer reading from control client until the command line command has
completed.

2 years agoMore ts(1) cleanup. Change main loop so that in interval mode only one
claudio [Wed, 6 Jul 2022 07:59:03 +0000 (07:59 +0000)]
More ts(1) cleanup. Change main loop so that in interval mode only one
clock_gettime call is used resulting in more precise interval times.
Move the localtime call to fmtfmt() and rename the variable for the
micorsecond string to us.
Based on work done by cheloha@
OK job@ and cheloha@

2 years agoMention whether time is creation/activity for sort orders.
nicm [Wed, 6 Jul 2022 07:51:37 +0000 (07:51 +0000)]
Mention whether time is creation/activity for sort orders.

2 years agoSupport hyperlinks with capture-pane -e and add a mouse_hyperlink
nicm [Wed, 6 Jul 2022 07:36:36 +0000 (07:36 +0000)]
Support hyperlinks with capture-pane -e and add a mouse_hyperlink
format, GitHub issue 3247 from Jeff Chiang.

2 years agoupdate countres and capitals in quiz(6)
daniel [Wed, 6 Jul 2022 02:09:05 +0000 (02:09 +0000)]
update countres and capitals in quiz(6)

Changes:
- update country and capital names that have changed in recent years
- remove the formal prefix from South Africa for consistency with other
  country names
- add additional capitals for countries with multiple capitals
- add "The" as optional prefix for The Gambia and The Bahamas
- add missing suffix "City" to a few capitals
- add many missing countries

NetBSD appears to have also added territories which I've not added in this
update.

The removal of The Hague for The Netherlands was taken from NetBSD and
confirmed by otto@

The duplicate Turkey and Georgia entries have not been touched.

Prompted by a diff by Ben Fuller, who also provided much helpful feedback.

2 years agoFinally get rid of the archaic <table> markup for header and footer lines
schwarze [Tue, 5 Jul 2022 21:25:23 +0000 (21:25 +0000)]
Finally get rid of the archaic <table> markup for header and footer lines
and use flexbox CSS instead.  Improve accessibility by adding role
and aria-label attributes to these header and footer lines.
Using ideas from both Anna Vyalkova <cyber at sysrq dot in> and myself.

As a welcome side effect, this also resolves the long-standing issue
that the rendering was always 65em wide, requiring horizontal scrolling
when the window was narrower.  Now, rendering nicely adapts to browser
windows of arbitrary narrowness.

2 years agoAdd missing X509_V_ERR_ strings using the ones from OpenSSL.
tb [Tue, 5 Jul 2022 20:31:46 +0000 (20:31 +0000)]
Add missing X509_V_ERR_ strings using the ones from OpenSSL.

The well-known masters of consistency of course use strings that don't
match the names of the errors.

ok jsing

2 years agoUse secop instead of op everywhere
tb [Tue, 5 Jul 2022 16:14:18 +0000 (16:14 +0000)]
Use secop instead of op everywhere

2 years agoPull setting of is_ee out of the function calls to appease scan-build
tb [Tue, 5 Jul 2022 16:05:18 +0000 (16:05 +0000)]
Pull setting of is_ee out of the function calls to appease scan-build

2 years agoRemove old poll/select wakeup mechanism.
visa [Tue, 5 Jul 2022 15:06:16 +0000 (15:06 +0000)]
Remove old poll/select wakeup mechanism.

Also remove unneeded seltrue() and selfalse().

OK mpi@ jsg@

2 years agoSomehow, the content of header.html ended up
schwarze [Tue, 5 Jul 2022 14:03:35 +0000 (14:03 +0000)]
Somehow, the content of header.html ended up
before and outside the <header> element.
Fix this by moving it into the <header> element where it belongs.
While here, also wrap footer.html in a <footer> element.

2 years agoMissing header change that should have gone with xhci_acpi.c r1.8
tb [Tue, 5 Jul 2022 09:33:39 +0000 (09:33 +0000)]
Missing header change that should have gone with xhci_acpi.c r1.8

from kettenis via patrick

2 years agoStick with just "interfaces and bridges"
kn [Tue, 5 Jul 2022 08:14:12 +0000 (08:14 +0000)]
Stick with just "interfaces and bridges"

Drop the Xr to bridge(4) since it isn't handled specially and there's also
veb(4) around.

OK jmc

2 years agocope with ASN1_TIME_set_string_X509() rename
anton [Tue, 5 Jul 2022 04:49:02 +0000 (04:49 +0000)]
cope with ASN1_TIME_set_string_X509() rename

2 years agoworkaround link training problems on s3 resume with alder lake
jsg [Tue, 5 Jul 2022 02:47:05 +0000 (02:47 +0000)]
workaround link training problems on s3 resume with alder lake

The firmware from multiple lenovo alder lake machines claim there are
two eDP ports in the video bios table (VBT).

Which results in link training problems on resume from S3 with the
screen continually turning on and off.  Forcing port B to not be
recognised as eDP works around this.  I believe port A is the normal eDP
port.

https://gitlab.freedesktop.org/drm/intel/-/issues/5531
https://gitlab.freedesktop.org/drm/intel/-/issues/4950

2 years agoAdd support for the dual role controllers integrated on the Qualcomm
kettenis [Mon, 4 Jul 2022 20:03:15 +0000 (20:03 +0000)]
Add support for the dual role controllers integrated on the Qualcomm
Snapdragon 8cx gen 3 SoC.

ok patrick@

2 years agoUse destination buffer size as strlcpy() bound, not source; harmless here for
miod [Mon, 4 Jul 2022 19:06:10 +0000 (19:06 +0000)]
Use destination buffer size as strlcpy() bound, not source; harmless here for
both sizes are equal.
ok kettenis@

2 years agots(1): the first argument to clock_gettime(2) is a clockid_t, not an int
cheloha [Mon, 4 Jul 2022 17:29:03 +0000 (17:29 +0000)]
ts(1): the first argument to clock_gettime(2) is a clockid_t, not an int

2 years agoImprove accessibility of man.cgi(8) in various respects,
schwarze [Mon, 4 Jul 2022 16:20:09 +0000 (16:20 +0000)]
Improve accessibility of man.cgi(8) in various respects,
in particular adding <header>, <main>, and <nav> elements
and role and aria-label attributes in several places.
Patch from Anna Vyalkova <cyber at sysrq dot in>,
minimally tweaked by me.

2 years agoRepair "make man.cgi" which got accidentally broken in the previous
schwarze [Mon, 4 Jul 2022 15:45:27 +0000 (15:45 +0000)]
Repair "make man.cgi" which got accidentally broken in the previous
commit to the Makefile.  The man.cgi binary now uses roff_escape.o, too.

2 years agoThe OpenSSL API is called ASN1_TIME_set_string_X509() (uppercase x)
tb [Mon, 4 Jul 2022 14:39:43 +0000 (14:39 +0000)]
The OpenSSL API is called ASN1_TIME_set_string_X509() (uppercase x)

2 years agoPut the HTML comment containing the Copyright header (if any)
schwarze [Mon, 4 Jul 2022 14:37:14 +0000 (14:37 +0000)]
Put the HTML comment containing the Copyright header (if any)
between the <head> and the <body> rather than before the <head>
because the <meta charset="utf-8"/> element ought to be within
the first 1024 bytes of the HTML code.
Issue found with validator.w3.org.

2 years agoBump to LibreSSL 3.6.0
tb [Mon, 4 Jul 2022 12:31:55 +0000 (12:31 +0000)]
Bump to LibreSSL 3.6.0

2 years agoSync with changes in dsa_meth.c
tb [Mon, 4 Jul 2022 12:23:30 +0000 (12:23 +0000)]
Sync with changes in dsa_meth.c

pointed out by jsing

2 years agoPrepare to provide DSA_meth_{get0,set1}_name()
tb [Mon, 4 Jul 2022 12:22:32 +0000 (12:22 +0000)]
Prepare to provide DSA_meth_{get0,set1}_name()

Also follow OpenSSL by making the name non-const to avoid ugly casting.
Used by OpenSC's pkcs11-helper, as reported by Fabrice Fontaine in
https://github.com/libressl-portable/openbsd/issues/130

ok jsing sthen

2 years agoPrepare to provide X509_VERIFY_PARAM_get_time()
tb [Mon, 4 Jul 2022 12:17:32 +0000 (12:17 +0000)]
Prepare to provide X509_VERIFY_PARAM_get_time()

ok jsing sthen

2 years agosomehow, when I created this file, I copied the licence of the other files
espie [Mon, 4 Jul 2022 10:41:21 +0000 (10:41 +0000)]
somehow, when I created this file, I copied the licence of the other files
around, but with my name instead... which makes absolutely no sense
whatsoever, especially the regents part.

replace with ISC licence, much saner.

(as noticed by miod@, who else ?)

2 years agoIgnore any CERT payload after the first instead of failing the exchange
tobhe [Mon, 4 Jul 2022 09:23:15 +0000 (09:23 +0000)]
Ignore any CERT payload after the first instead of failing the exchange
when more than one is received.  The first CERT is always the leaf
certificate, additional payloads can be used to send intermediate certs
which iked can not handle at the moment.
This fixes exchanges where the certificate chain is still valid because
matching intermediate certs are available locally in /etc/iked.

Reported and tested by Loïc Revest <l.revest (at) apc.fr>
ok mbuhl@