sthen [Fri, 12 Apr 2024 15:44:27 +0000 (15:44 +0000)]
import unbound 1.19.2, reminded by florian@
(yes I know there is a newer one, I'll update on top)
bluhm [Fri, 12 Apr 2024 14:17:42 +0000 (14:17 +0000)]
In snmpd_metrics process keep file descriptors 0 1 2 open.
stdin, stdout, stderr are reserverd. They should point to a terminal,
a redirect file or pipe, or /dev/null. Closing them and allocating
arbitrary files in those places is not good. Call closefrom with
4 to keep /dev/null open in snmpd_metrics.
OK martijn@
millert [Fri, 12 Apr 2024 14:10:28 +0000 (14:10 +0000)]
Avoid snprintf() of NULL when _nc_get_source() returns NULL.
The filename buffer is not actually used in this case but it is
safer to set it to the empty string than to leave it uninitialized.
OK tb@
bluhm [Fri, 12 Apr 2024 12:25:58 +0000 (12:25 +0000)]
Fix race between rip_input() and soisdisconnected().
Setting SS_CANTRCVMORE is protected by mutex of receive socket
buffer. The raw inpcb loop in rip_input() does a lockless access.
Protect it with READ_ONCE(), although it is not perfect. Check the
socket buffer state again when the mutex is held. Drop and count
the packet that is processed between the checks.
Currently soisdisconnected() is called with exclusive net lock.
The new code also works without net lock.
OK mvs@
job [Fri, 12 Apr 2024 11:50:29 +0000 (11:50 +0000)]
Fix warning about delta element issues in the Update Notification File XML
OK tb@
tb [Fri, 12 Apr 2024 11:10:34 +0000 (11:10 +0000)]
bio_enc: various basic cleanup
Call a BIO bio rather than bi, a, or b; don't cast when assigning from
or to a (void *). Drop loads of silly redundant parentheses, use better
order of variable declarations.
No change in the generated assembly
jsg [Fri, 12 Apr 2024 09:56:39 +0000 (09:56 +0000)]
correct loop in channel set function
found by smatch indent warning
ok kevlo@ stsp@
tb [Fri, 12 Apr 2024 09:41:39 +0000 (09:41 +0000)]
Garbage collect various *_init() pmeths
It's unclear whether the functions these support were ever really
used for anything else than kicking off an overenginerred state
machine.
ok jsing
tb [Fri, 12 Apr 2024 02:56:15 +0000 (02:56 +0000)]
Fix a potential NULL-deref in EVP_PKEY_keygen()
After a EVP_PKEY_new() failure, a NULL pointer would be passed to the
keygen pmeth, which could result in tears.
ok beck jsing
tb [Fri, 12 Apr 2024 02:51:52 +0000 (02:51 +0000)]
gnu/cvs: avoid a harmless configure warning
Ever since the prehistoric zlib was removed last fall, the configure script
would complain because of a missing file:
sed: 0: /usr/src/gnu/usr.bin/cvs/zlib/Makefile.in: No such file or directory
noticed by deraadt
ok bluhm
jsg [Fri, 12 Apr 2024 01:54:21 +0000 (01:54 +0000)]
fix non-auto setting of extended media type bits
found by smatch warning about uninitialised var use
ok jmatthew@
kevlo [Fri, 12 Apr 2024 00:44:07 +0000 (00:44 +0000)]
Regen
kevlo [Fri, 12 Apr 2024 00:43:32 +0000 (00:43 +0000)]
Add support for CH343 uart.
The CH343 devices support any baud rate up to 6 Mbps.
ok miod@
jsg [Thu, 11 Apr 2024 23:00:13 +0000 (23:00 +0000)]
correct value of XFEATURE_AMX
ok miod@ guenther@
miod [Thu, 11 Apr 2024 18:58:44 +0000 (18:58 +0000)]
Stop making <machine/pmap.h> include <machine/pte.h>, and fix the very few
files which really need <machine/pte.h> guts.
tb [Thu, 11 Apr 2024 18:07:55 +0000 (18:07 +0000)]
Remove repeated type declaration that makes bison unhappy
Fixes: https://github.com/openbgpd-portable/openbgpd-portable/issues/77
ok claudio
otto [Thu, 11 Apr 2024 16:31:30 +0000 (16:31 +0000)]
Fix previous: it should not have removed the "max_softdeps" entry
to keep the indexes consistent. ok deraadt@
bluhm [Thu, 11 Apr 2024 15:08:18 +0000 (15:08 +0000)]
Prevent changing interface loopback flag from userland.
IFF_LOOPBACK is telling userland the behaviour of a specific driver,
it is supposed to be static and permanent. Clearing the loopback
flag on lo0 could lead to a kernel crash due to inconsistent multicast
igmp group.
Reported-by: syzbot+2f24ed6c8ddb2d6bb22c@syzkaller.appspotmail.com
OK claudio@ deraadt@
mvs [Thu, 11 Apr 2024 13:32:51 +0000 (13:32 +0000)]
Don't take solock() in soreceive() for SOCK_RAW inet sockets.
For inet sockets solock() is the netlock wrapper, so soreceive() could
be performed simultaneous with exclusively locked code paths.
These sockets are not connection oriented, they don't call pru_rcvd(),
they can't be spliced, they don't set `so_error'. Nothing to protect
with solock() in soreceive() path.
`so_rcv' buffer protected by `sb_mtx' mutex(9), but since it released,
sblock() required to serialize concurrent soreceive() and sorflush()
threads. Current sblock() is some kind of rwlock(9) implementation, so
introduce `sb_lock' rwlock(9) and use it directly for that purpose.
The sorflush() and callers were refactored to avoid solock() for raw
inet sockets. This was done to avoid packet processing stop.
Tested and ok bluhm.
mvs [Thu, 11 Apr 2024 08:33:37 +0000 (08:33 +0000)]
Take solock_shared() in soo_stat().
Only unix(4) and tcp(4) sockets set (*pru_sence)() handler. The rest of
soo_stat() is the read only access.
ok bluhm
claudio [Thu, 11 Apr 2024 08:33:15 +0000 (08:33 +0000)]
Use != NULL for pointer check. No binary change.
tb [Thu, 11 Apr 2024 06:49:19 +0000 (06:49 +0000)]
Remove parentheses after return
This file was very undecided what style to choose and often changed its
mind in the middle of a function. No change in the generated assembly.
jmatthew [Thu, 11 Apr 2024 06:42:12 +0000 (06:42 +0000)]
Match on ConnectX-6 virtual functions too, since they don't seem to be
any different to earlier revisions.
from Brad
tb [Thu, 11 Apr 2024 06:42:09 +0000 (06:42 +0000)]
Rework internal tm_to_*() converters
Make them static. Don't make them allocate if passed a NULL ASN1_TIME to
avoid leaks. This currently means that we accept a NULL and succeed. That's
very ugly but better than what we have now.
Simplify ASN1_TIME_set_string_internal() accordingly and allocate an
ASN1_TIME at the API boundary of ASN1_TIME_adj_internal() and of
ASN1_TIME_to_generalized_time().
ok beck (after a lot of squealing and distress)
jmatthew [Thu, 11 Apr 2024 05:30:55 +0000 (05:30 +0000)]
Add support for media types from the extended ethernet capabilities fields.
If none of the regular ethernet capabilities are present, check the extended
capabilities. Since we only report that the link is active if there's a
detected media type, this isn't just a cosmetic change.
Joerg Streckfuss reported that a gigabit SFP didn't work in a ConnectX-6 Lx,
and tested that this change makes it work.
ok dlg@
jsg [Thu, 11 Apr 2024 03:40:05 +0000 (03:40 +0000)]
drm/i915/gt: Enable only one CCS for compute workload
From Andi Shyti
a7ff84a6fe5ae8889a5f1c97008358836bd7f947 in linux-6.6.y/6.6.26
6db31251bb265813994bfb104eb4b4d0f44d64fb in mainline linux
jsg [Thu, 11 Apr 2024 03:35:18 +0000 (03:35 +0000)]
drm/i915/gt: Do not generate the command streamer for all the CCS
From Andi Shyti
726ff623869ddc3de887d99296cac3c849061b21 in linux-6.6.y/6.6.26
ea315f98e5d6d3191b74beb0c3e5fc16081d517c in mainline linux
jsg [Thu, 11 Apr 2024 03:33:42 +0000 (03:33 +0000)]
drm/i915/gt: Disable HW load balancing for CCS
From Andi Shyti
c1f7ce2a11a945044d9d5556e638efdca70fb321 in linux-6.6.y/6.6.26
bc9a1ec01289e6e7259dc5030b413a9c6654a99a in mainline linux
jsg [Thu, 11 Apr 2024 03:31:39 +0000 (03:31 +0000)]
drm/prime: Unbreak virtgpu dma-buf export
From Rob Clark
cc4d9f0597ee1f1f94323611ae5d7473ddf2a99a in linux-6.6.y/6.6.26
a4ec240f6b7c21cf846d10017c3ce423a0eae92c in mainline linux
jsg [Thu, 11 Apr 2024 03:29:26 +0000 (03:29 +0000)]
drm/amd: Flush GFXOFF requests in prepare stage
From Mario Limonciello
3da10e91ecd24c49dd80e73f5ca86166f90dcfe1 in linux-6.6.y/6.6.26
ca299b4512d4b4f516732a48ce9aa19d91f4473e in mainline linux
jsg [Thu, 11 Apr 2024 03:27:39 +0000 (03:27 +0000)]
drm/amd: Add concept of running prepare_suspend() sequence for IP blocks
From Mario Limonciello
da67a1139f054fc59c9c18f135729bc16aef93d4 in linux-6.6.y/6.6.26
cb11ca3233aa3303dc11dca25977d2e7f24be00f in mainline linux
jsg [Thu, 11 Apr 2024 03:24:40 +0000 (03:24 +0000)]
drm/amd: Evict resources during PM ops prepare() callback
From Mario Limonciello
8b5f720486ca87e102ee722a73ae0894c12f1e7a in linux-6.6.y/6.6.26
5095d5418193eb2748c7d8553c7150b8f1c44696 in mainline linux
jsg [Thu, 11 Apr 2024 03:20:22 +0000 (03:20 +0000)]
drm/amd/display: Prevent crash when disable stream
From Chris Park
4356a2c3f296503c8b420ae8adece053960a9f06 in linux-6.6.y/6.6.26
72d72e8fddbcd6c98e1b02d32cf6f2b04e10bd1c in mainline linux
jsg [Thu, 11 Apr 2024 03:18:45 +0000 (03:18 +0000)]
drm/amd/display: Fix DPSTREAM CLK on and off sequence
From Dmytro Laktyushkin
8dc9a27589a9bf5f0a7eb517543411adc185e957 in linux-6.6.y/6.6.26
e8d131285c98927554cd007f47cedc4694bfedde in mainline linux
jsg [Thu, 11 Apr 2024 03:16:35 +0000 (03:16 +0000)]
drm/i915/mtl: Update workaround
14018575942
From Tejas Upadhyay
2564623ee0da92ed7f8a87aa3758cbf2c46257bb in linux-6.6.y/6.6.26
186bce682772e7346bf7ced5325b5f4ff050ccfb in mainline linux
jsg [Thu, 11 Apr 2024 03:15:02 +0000 (03:15 +0000)]
drm/i915/xelpg: Extend some workarounds/tuning to gfx version 12.74
From Matt Roper
798781b43194c6d2bdea0c4ded660f3135c484d3 in linux-6.6.y/6.6.26
c44d4ef47fdad0a33966de89f9064e19736bb52f in mainline linux
jsg [Thu, 11 Apr 2024 03:13:06 +0000 (03:13 +0000)]
drm/i915/mtl: Update workaround
14016712196
From Tejas Upadhyay
338db8193cb2dd93544ac445a7b4b4a7f77094ad in linux-6.6.y/6.6.26
7467e1da906468bcbd311023b30708193103ecf9 in mainline linux
jsg [Thu, 11 Apr 2024 03:11:25 +0000 (03:11 +0000)]
drm/i915: Replace several IS_METEORLAKE with proper IP version checks
From Matt Roper
ec84b2a44b057b2c51ed9f670b92690904e1106c in linux-6.6.y/6.6.26
14128d64090fa88445376cb8ccf91c50c08bd410 in mainline linux
jsg [Thu, 11 Apr 2024 03:09:31 +0000 (03:09 +0000)]
drm/i915: Eliminate IS_MTL_GRAPHICS_STEP
From Matt Roper
b3749611a5e51188d17b4898eed8ecea571bc539 in linux-6.6.y/6.6.26
5a213086a025349361b5cf75c8fd4591d96a7a99 in mainline linux
jsg [Thu, 11 Apr 2024 03:06:59 +0000 (03:06 +0000)]
drm/i915/xelpg: Call Xe_LPG workaround functions based on IP version
From Matt Roper
18e77951e14a73f75d269e54b90c648b1e18b66e in linux-6.6.y/6.6.26
f7696ded7c9e358670dae1801660f442f059c7db in mainline linux
jsg [Thu, 11 Apr 2024 03:04:44 +0000 (03:04 +0000)]
drm/i915: Consolidate condition for Wa_22011802037
From Matt Roper
67f7fba8a08608cfd42ab354b79df56e9fee8856 in linux-6.6.y/6.6.26
28c46feec7f8760683ef08f12746630a3598173e in mainline linux
jsg [Thu, 11 Apr 2024 03:02:42 +0000 (03:02 +0000)]
drm/i915: Tidy workaround definitions
From Matt Roper
6b25099eea4b65ba3b750ce49fa1a9a13d158046 in linux-6.6.y/6.6.26
f1c805716516f9e648e13f0108cea8096e0c7023 in mainline linux
jsg [Thu, 11 Apr 2024 03:01:04 +0000 (03:01 +0000)]
drm/i915/dg2: Drop pre-production GT workarounds
From Matt Roper
0a9901fdb7bb785ec4975aeeebc1428e3abae172 in linux-6.6.y/6.6.26
eaeb4b3614529bfa8a7edfdd7ecf6977b27f18b2 in mainline linux
jsg [Thu, 11 Apr 2024 02:58:50 +0000 (02:58 +0000)]
drm/i915: Pre-populate the cursor physical dma address
From Ville Syrjala
cc696ce93089e3e1bc28d749aee321a37cabe4bd in linux-6.6.y/6.6.26
582dc04b0658ef3b90aeb49cbdd9747c2f1eccc3 in mainline linux
jsg [Thu, 11 Apr 2024 02:56:48 +0000 (02:56 +0000)]
drm/i915/display: Use i915_gem_object_get_dma_address to get dma address
From Maarten Lankhorst
2c07e2437a3e98027c049ca560e4b6e39a975089 in linux-6.6.y/6.6.26
7054b551de18e9875fbdf8d4f3baade428353545 in mainline linux
bluhm [Wed, 10 Apr 2024 22:24:07 +0000 (22:24 +0000)]
Make TCP debug code MP safe.
Protect the global variables in TCP debug code with global mutex.
Add a missing include and also fix the -Wunused-but-set-variable
warning.
OK mvs@
bluhm [Wed, 10 Apr 2024 22:10:03 +0000 (22:10 +0000)]
Move global variables for TCP debug onto the tcp_input() stack.
OK mvs@
jan [Wed, 10 Apr 2024 19:55:50 +0000 (19:55 +0000)]
Implement TCP Segmentation Offload for vio(4)
Tested by Brian Conway and bluhm
With tweaks from bluhm
ok bluhm
miod [Wed, 10 Apr 2024 19:43:16 +0000 (19:43 +0000)]
When rewriting an ELF header (i.e. in strip and objcopy), keep the
.openbsd.syscalls section with the PT_OPENBSD_SYSCALLS phdr, even though is
does not have the ALLOC flag; otherwise the phdr gets rewritten with a size
of zero, which prevents the binary from working.
ok kettenis@
tb [Wed, 10 Apr 2024 16:12:10 +0000 (16:12 +0000)]
symbols test: Remove a few things that are long gone
mpi [Wed, 10 Apr 2024 15:38:11 +0000 (15:38 +0000)]
Use km_alloc(9) to allocate USPACE instead of uvm_pglistalloc(9).
ok miod@
mpi [Wed, 10 Apr 2024 15:26:18 +0000 (15:26 +0000)]
Use uvmpd_dropswap() in the case of swap shortage.
ok kn@, kettenis@, miod@
mpi [Wed, 10 Apr 2024 15:25:14 +0000 (15:25 +0000)]
Call uao_dropswap() instead of rerolling it.
ok kn@, kettenis@, miod@
beck [Wed, 10 Apr 2024 15:13:23 +0000 (15:13 +0000)]
Re-guard the crypto_malloc macros.
accidentally not included in crypto.h commit
requested and ok tb@
tb [Wed, 10 Apr 2024 15:09:03 +0000 (15:09 +0000)]
Remove the prototype of BN_gcd_nonct()
beck [Wed, 10 Apr 2024 15:01:31 +0000 (15:01 +0000)]
Hide deprecated functions in ec.h
use LCRYPTO_UNUSED and remove the LIBRESSL_INTERNAL guard
ok tb@
beck [Wed, 10 Apr 2024 15:00:38 +0000 (15:00 +0000)]
Hide deprecated functions in evp.h
use LCRYPTO_UNUSED and remove the LIBRESSL_INTERNAL guard around them.
ok tb@
beck [Wed, 10 Apr 2024 14:59:39 +0000 (14:59 +0000)]
Add HMAC_init and HMAC_CTX_reset to Symbols.namespace.
ok tb@
beck [Wed, 10 Apr 2024 14:58:06 +0000 (14:58 +0000)]
Hide symbols in bn.h
Mark them LCRYPTO_UNUSED appropriately and remove the LIBRESSL_INTERNAL
guards around them
ok tb@
beck [Wed, 10 Apr 2024 14:55:12 +0000 (14:55 +0000)]
Hide a couple of LCRYPTO_UNUSED in asn1.h
and remove the LIBRESSL_INTERNAL guards around them
ok tb@
beck [Wed, 10 Apr 2024 14:54:13 +0000 (14:54 +0000)]
Add RC2 symbols to Symbols.namespace.
These got missed when they were hidden
ok tb@
beck [Wed, 10 Apr 2024 14:53:01 +0000 (14:53 +0000)]
Finish hiding symbols in rand.h
This removes the LIBRESSL_INTERNAL guards and marks
the functions within as LCRYPTO_UNUSED
beck [Wed, 10 Apr 2024 14:51:02 +0000 (14:51 +0000)]
Finish Hiding symbols in crypto.h
crypto.h already had the symbols not hidden behind LIBRESSL_INTERNAL
hidden - This now picks up the reset of them marking them as
LCRYPTO_UNUSED, and removes the LIBRESSL_INTERNAL guard.
These symbols will now be hidden, but if we use them inside
the library in a namespaced build we will get a deprecation
warning. use outside the library will be as with any other hidden
symbol, so fine.
ok tb@
naddy [Wed, 10 Apr 2024 13:59:05 +0000 (13:59 +0000)]
remove unused hton[ls] functions from libkern
These have been superseded by inlines from endian.h.
ok miod@ mpi@
dv [Wed, 10 Apr 2024 13:03:41 +0000 (13:03 +0000)]
vmctl: fix incorrect scaling when converting disk images.
ctl_convert still had old logic assuming disk sizes were in MiB and
not bytes, causing an attempt to create a new disk using the '-i'
argument to generate impossibly large output disk images (e.g. 1 MiB
ends up 1 TiB).
Reported by and diff from Jesper Wallin.
mvs [Wed, 10 Apr 2024 12:04:41 +0000 (12:04 +0000)]
Remove `head' socket re-locking in sonewconn().
uipc_attach() releases solock() because it should be taken after
`unp_gc_lock' rwlock(9) which protects the `unp_link' list. For this
reason, the listening `head' socket should be unlocked too while
sonewconn() calls uipc_attach(). This could be reworked because now
`so_rcv' sockbuf relies on `sb_mtx' mutex(9).
The last one `unp_link' foreach loop within unp_gc() discards sockets
previously marked as UNP_GCDEAD. These sockets are not accessed from the
userland. The only exception is the sosend() threads of connected
sending peers, but they only sbappend*() mbuf(9) to `so_rcv'. So it's
enough to unlink mbuf(9) chain with `sb_mtx' held and discard lockless.
Please note, the existing SS_NEWCONN_WAIT logic was never used because
the listening unix(4) socket protected from concurrent unp_detach() by
vnode(9) lock, however `head' re-locked all times.
ok bluhm
mglocker [Wed, 10 Apr 2024 10:40:27 +0000 (10:40 +0000)]
Remove obsolete headers.
Spotted by jsg@
claudio [Wed, 10 Apr 2024 10:05:26 +0000 (10:05 +0000)]
Unlock dosigsuspend() and with that some aspects of ppoll and pselect
Change p_sigmask from atomic back to non-atomic updates. All changes to
p_sigmask are only allowed by curproc (the owner). There is no need for
atomic instructions here.
p_sigmask is mostly accessed by curproc with the exception of ptsignal().
In ptsignal() p_sigmask is now only read once unless a SSLEEP proc gets
the signal. In that case recheck the p_sigmask before wakeup to ensure
that no unnecessary wakeup happens.
Add some KASSERT(p == curproc) to ensure this precondition.
sigabort() is special since it is also called by ddb but apart from that
only works for curproc.
With and OK mvs@ OK mpi@
claudio [Wed, 10 Apr 2024 09:05:32 +0000 (09:05 +0000)]
Rework the logic to not send double notifications in session_notification().
last_sent_errcode is now cleared late (when state changes to ESTABLISHED)
and so notifications sent in the OPEN phase would be dropped after the
first incident. Using the session state to know if sending a message is
possible seems more robust and is what session_stop() uses as well.
For now log the notification which are not sent as 'dropping' to see how
often this happens.
OK tb@
nicm [Wed, 10 Apr 2024 07:36:25 +0000 (07:36 +0000)]
Add an option allow-set-title to forbid applications from changing the
pane title, from someone in GitHub issue 3930.
nicm [Wed, 10 Apr 2024 07:29:15 +0000 (07:29 +0000)]
Correct handling of mouse up events (don't ignore all but the last
released button), and always process down event for double click. From
Rudy Dellomas III in GitHub issue 3919.
nicm [Wed, 10 Apr 2024 07:15:21 +0000 (07:15 +0000)]
Do not get muddled and crash if focusing a pane that is exiting,
reported by Saul Nogueras in GitHub issue 3776.
dv [Tue, 9 Apr 2024 21:55:16 +0000 (21:55 +0000)]
vmm/vmd: add exception injection and refactor inject api.
In order to continue work on mmio and other instruction emulation,
vmd(8) needs the ability to inject exceptions (like page faults)
from userland.
Refactor the way events are injected from userland, cleaning up how
hardware (external) interrupts are injected in the process.
ok mlarkin@
mglocker [Tue, 9 Apr 2024 20:18:37 +0000 (20:18 +0000)]
Add ufshci(4) to pci(4). While there, add ahci(4) to acpi(4).
Suggested and ok jmc@
tb [Tue, 9 Apr 2024 18:12:11 +0000 (18:12 +0000)]
whirlpool_test: avoid calling arc4random_uniform(0)
This causes a SIGFPE on solaris
Fixes https://github.com/libressl/portable/issues/1042
tb [Tue, 9 Apr 2024 18:08:43 +0000 (18:08 +0000)]
whirlpool_test: zap lots of trailing whitespace
tb [Tue, 9 Apr 2024 16:06:01 +0000 (16:06 +0000)]
bn_convert: plug leak spotted by ASAN
tobhe [Tue, 9 Apr 2024 15:48:01 +0000 (15:48 +0000)]
Sync removal of setsid(), setpgid() and a few dup2() from relayd. They are
redundant since we call daemon() earlier.
ok bluhm@
cheloha [Tue, 9 Apr 2024 15:08:21 +0000 (15:08 +0000)]
make(1): inline set_times() into Job_Touch()
set_times() has one caller: Job_Touch(). set_times() is a thin
utimes(2) wrapper. Using utimes(2) to reset a file's atime/mtime
to the current time is not cumbersome.
So, remove set_times() and just call utimes(2) directly.
Thread: https://marc.info/?l=openbsd-tech&m=
171262211713835&w=2
ok kn@
tb [Tue, 9 Apr 2024 15:00:44 +0000 (15:00 +0000)]
Add a comment on abuse of EXFLAG_INVALID
We added things we probably shouldn't have, and so did BoringSSL and
OpenSSL. Terrible API is terrible.
discussed with jsing
jsing [Tue, 9 Apr 2024 14:59:57 +0000 (14:59 +0000)]
Add initial regress for BN_set_bit(), BN_clear_bit() and BN_mask_bits().
mglocker [Tue, 9 Apr 2024 14:58:41 +0000 (14:58 +0000)]
Add PCI support for ufshci(4). Tested on the Microsoft Surface Go 4.
CAVEATS:
The ufshci(4) openings need to be limited to 1 currently, otherwise
file system corruptions have been identified using PCI. I hope this
can be fixed soon.
Help and ok jsg@, kettenis@
tb [Tue, 9 Apr 2024 14:57:28 +0000 (14:57 +0000)]
Add hidden conf.h, missed in an earlier commit
jsing [Tue, 9 Apr 2024 14:56:21 +0000 (14:56 +0000)]
Add regress coverage for BN_bn2mpi()/BN_mpi2bn().
beck [Tue, 9 Apr 2024 13:56:29 +0000 (13:56 +0000)]
Hide symbols in conf.h
This guentherizes the public symbols from conf.h
ok tb@
tb [Tue, 9 Apr 2024 13:56:00 +0000 (13:56 +0000)]
Plug leaks in ASN1_TIME_set_string_internal()
This API can be called with s == NULL, in which case the tm_to_*()
functions helpfully allocate a new s and then leak. This is a rather
ugly fix to make portable ASAN regress happy again, the better fix
will be to rewrite the tm_to_*() functions and adjust their callers.
That is more intrusive and will be done in a later pass.
ok bcook jsing
beck [Tue, 9 Apr 2024 13:55:02 +0000 (13:55 +0000)]
Hide public symbols in x509.h
This picks up most of the remaining public symbols in
x509.h
ok tb@
beck [Tue, 9 Apr 2024 13:52:41 +0000 (13:52 +0000)]
Hide public symbols in evp.h
largely mechanically done by the guentherizer 9000
ok tb@
beck [Tue, 9 Apr 2024 13:48:51 +0000 (13:48 +0000)]
Rename EVP_aes_XXX_cfb to EVP_aes_XXX_cfb128.
For consitency with everything else.
ok tb@
claudio [Tue, 9 Apr 2024 12:53:08 +0000 (12:53 +0000)]
Don't include net/art.h in net/rtable.h instead let the two users
include the file themselves.
OK bluhm@ mpi@
claudio [Tue, 9 Apr 2024 12:40:01 +0000 (12:40 +0000)]
Limit the number of provider ASnumbers to MAX_ASPA_SPAS_COUNT (10'000)
in the parser as well.
OK tb@
claudio [Tue, 9 Apr 2024 12:09:19 +0000 (12:09 +0000)]
Increase RTR PDU limit to 48k and limit number of SPAS to 10'000.
PDU larger then 48k will result in a session reset while ASPA records
with more than 10'000 entries will be implicitly withdrawn.
Also truncate RTR error PDUs to only include 256 bytes of the faulty PDU.
It makes no sense to include more to identify the issue.
OK tb@
claudio [Tue, 9 Apr 2024 12:05:07 +0000 (12:05 +0000)]
Check that the ASPA tas array fits in an IMSG before sending the ASPA
record over to RTR or the RDE.
The long term goal is to increase the IMSG size considerably but that
requires some additional API changes to the imsg API.
OK tb@
jsg [Tue, 9 Apr 2024 11:20:10 +0000 (11:20 +0000)]
reduce diff to linux
kettenis [Tue, 9 Apr 2024 11:13:51 +0000 (11:13 +0000)]
Remove the "cubie" miniroot. There are far more popular armv7 boards
with Allwinner SoCs and the presence of this particular miniroot is making
it hard to update U-Boot.
ok jsg@
bluhm [Tue, 9 Apr 2024 11:05:05 +0000 (11:05 +0000)]
Plug route leak in IP output.
If no struct route is passed to ip_output() or ip6_output(), it
uses its own iproute on the stack. In that case any route entry
in the local route cache has to be freed. After pf decides to
reroute, struct route is reset to NULL. Then the route reference
counter has to be released. Call rtfree() without needless NULL
check.
OK mvs@
claudio [Tue, 9 Apr 2024 09:35:57 +0000 (09:35 +0000)]
Add a capability enforcement integration test.
This should ensure that no / yes and enforce work the way we want.
claudio [Tue, 9 Apr 2024 09:33:46 +0000 (09:33 +0000)]
Add capability announce enforcement test and fixup some other result files
since the role capability is now shown in more cases.
claudio [Tue, 9 Apr 2024 09:03:18 +0000 (09:03 +0000)]
Allow operators to enforce the presence of certain capabilities on sessions.
For simple capabilities this just adds enforce to the yes/no option of the
announce statement. For multi-protocol capabilities and add-path there is
an extra keyword. On top of this for add-path the enforcement requires the
neighbor to send a matching capability, e.g
'announce add-path recv enforce' requires the other side to send any
'announce add-path send XYZ' capability.
This is mainly to enforce as-4byte and extra multi-protocol capabilities.
OK denis@ tb@
beck [Tue, 9 Apr 2024 01:39:27 +0000 (01:39 +0000)]
Clean up Symbols.namespace
These did not get removed from here when they got removed
from Symbols.list after a major bump.
ok tb@