openbsd
9 months agoRemove unneeded brackets from if statement in EVP_DigestSignFinal
joshua [Mon, 25 Mar 2024 11:10:17 +0000 (11:10 +0000)]
Remove unneeded brackets from if statement in EVP_DigestSignFinal

ok tb@

9 months agoClean up use of EVP_MD_CTX_{legacy_clear,cleanup} in EVP_BytesToKey
joshua [Mon, 25 Mar 2024 10:58:06 +0000 (10:58 +0000)]
Clean up use of EVP_MD_CTX_{legacy_clear,cleanup} in EVP_BytesToKey

ok tb@

9 months agoCodify more insane CRYPTO_EX_DATA API.
jsing [Mon, 25 Mar 2024 10:41:36 +0000 (10:41 +0000)]
Codify more insane CRYPTO_EX_DATA API.

The current CRYPTO_EX_DATA implementation allows for data to be set without
calling new, indexes can be used without allocation, new can be called without
getting an index and dup can be called after new or without calling new.

9 months agoRevise for TLS extension parsing/processing changes.
jsing [Mon, 25 Mar 2024 10:19:14 +0000 (10:19 +0000)]
Revise for TLS extension parsing/processing changes.

9 months agoSimplify TLS extension parsing and processing.
jsing [Mon, 25 Mar 2024 10:18:13 +0000 (10:18 +0000)]
Simplify TLS extension parsing and processing.

Rather than having a separate parse and process step for each TLS
extension, do a first pass that parses all of the TLS outer extensions and
retains the extension data, before running a second pass that calls the TLS
extension processing code.

ok beck@ tb@

9 months agoClean up create_digest()
tb [Mon, 25 Mar 2024 10:16:02 +0000 (10:16 +0000)]
Clean up create_digest()

The ts code is its own kind of special. I only sent this diff out to hear
beck squeal. This diff doesn't actually fix anything, apart from (maybe)
appeasing some obscure static analyzer. It is decidedly less bad than a
similar change in openssl's issue tracker.

ok beck

9 months agoFix time conversion that broke regress.
beck [Mon, 25 Mar 2024 07:02:22 +0000 (07:02 +0000)]
Fix time conversion that broke regress.

ok tb@

9 months agoMove custom sigctx handling out of EVP_DigestSignFinal
joshua [Mon, 25 Mar 2024 06:20:16 +0000 (06:20 +0000)]
Move custom sigctx handling out of EVP_DigestSignFinal

ok tb@

9 months agoVerify string returned from local shell command.
dtucker [Mon, 25 Mar 2024 06:05:42 +0000 (06:05 +0000)]
Verify string returned from local shell command.

9 months agoFix typo msg_types -> msg_type
tb [Mon, 25 Mar 2024 05:48:39 +0000 (05:48 +0000)]
Fix typo msg_types -> msg_type

from jsing

9 months agoRevise TLS extension regress for parse/process changes.
jsing [Mon, 25 Mar 2024 04:06:41 +0000 (04:06 +0000)]
Revise TLS extension regress for parse/process changes.

9 months agoClean up EVP_CIPHER_CTX_{legacy_clear,cleanup} usage in evp/bio_enc.c
joshua [Mon, 25 Mar 2024 04:05:22 +0000 (04:05 +0000)]
Clean up EVP_CIPHER_CTX_{legacy_clear,cleanup} usage in evp/bio_enc.c

Additionally, this tidies up some surrounding code and replaces usage of
free with freezero and malloc with calloc.

ok tb@

9 months agoFinal tweaks in x509_trs.c for now
tb [Mon, 25 Mar 2024 04:03:26 +0000 (04:03 +0000)]
Final tweaks in x509_trs.c for now

looked over by jsing

9 months agoSplit TLS extension parsing from processing.
jsing [Mon, 25 Mar 2024 04:02:29 +0000 (04:02 +0000)]
Split TLS extension parsing from processing.

The TLS extension parsing and processing order is currently dependent on
the order of the extensions in the handshake message. This means that the
processing order (and callback order) is not under our control. Split the
parsing from the processing such that the processing (and callbacks) are
run in a defined order.

Convert ALPN to the new model - other extensions will be split into
separate parse/process in following diffs.

ok beck@ tb@

9 months agoKill X509_TRUST
tb [Mon, 25 Mar 2024 03:57:13 +0000 (03:57 +0000)]
Kill X509_TRUST

After peeling off enough layers, the entire wacky abstraction turns out
to be nothing but dispatching from a trust_id to a trust handler and
passing the appropriate nid and the cert.

ok beck jsing

9 months agoClean up EVP_MD_CTX_{legacy_clear,cleanup}() usage in x509/x509_cmp.c
joshua [Mon, 25 Mar 2024 03:41:16 +0000 (03:41 +0000)]
Clean up EVP_MD_CTX_{legacy_clear,cleanup}() usage in x509/x509_cmp.c

ok tb@

9 months agoImprove shell portability: grep -q is not portable so redirect stdout,
dtucker [Mon, 25 Mar 2024 03:30:31 +0000 (03:30 +0000)]
Improve shell portability: grep -q is not portable so redirect stdout,
and use printf instead of relying on echo to do \n substitution.  Reduces
diff vs Portable.

9 months agoDecouple TLS extension table order from tlsext_randomize_build_order()
jsing [Mon, 25 Mar 2024 03:23:59 +0000 (03:23 +0000)]
Decouple TLS extension table order from tlsext_randomize_build_order()

The PSK extension must be the last extension in the client hello. This is
currently implemented by relying on the fact that it is the last extension
in the TLS extension table. Remove this dependency so that we can reorder
the table as needed.

ok tb@

9 months agoAdd back trust member of X509_TRUST that I accidentally deleted
tb [Mon, 25 Mar 2024 02:18:35 +0000 (02:18 +0000)]
Add back trust member of X509_TRUST that I accidentally deleted

9 months agoSave error code from SSH for use inside case statement, from portable.
dtucker [Mon, 25 Mar 2024 02:07:08 +0000 (02:07 +0000)]
Save error code from SSH for use inside case statement, from portable.
In some shells, "case" will reset the value of $?, so save it first.

9 months agoConst correct the trust handlers
tb [Mon, 25 Mar 2024 01:48:50 +0000 (01:48 +0000)]
Const correct the trust handlers

The certificates no longer need to be modified since we cache the
extensions up front.

ok beck

9 months agoIncrease timeout. Resyncs with portable where some of the test
dtucker [Mon, 25 Mar 2024 01:40:47 +0000 (01:40 +0000)]
Increase timeout.  Resyncs with portable where some of the test
VMs are slow enough for this to matter.

9 months agoIn PuTTY interop test, don't assume the PuTTY major version is 0.
dtucker [Mon, 25 Mar 2024 01:28:29 +0000 (01:28 +0000)]
In PuTTY interop test, don't assume the PuTTY major version is 0.
Patch from cjwatson at debian.org via bz#3671.

9 months agoPass the nid instead of the entire trust structure
tb [Mon, 25 Mar 2024 01:00:02 +0000 (01:00 +0000)]
Pass the nid instead of the entire trust structure

This code is so ridiculously overengineered that it is an achievement even
by early OpenSSL standards.

ok beck

9 months agoPull extension caching into X509_check_trust()
tb [Mon, 25 Mar 2024 00:46:57 +0000 (00:46 +0000)]
Pull extension caching into X509_check_trust()

This way the trust handlers can stop modifying the certificates.

ok beck

9 months agoRemove unnecessary stat() calls from by_dir
beck [Mon, 25 Mar 2024 00:05:49 +0000 (00:05 +0000)]
Remove unnecessary stat() calls from by_dir

When searching for a CA or CRL file in by_dir, this stat()
was used to short circuit attempting to open the file with
X509_load_cert_file(). This was a deliberate TOCTOU introduced
to avoid setting an error on the error stack, when what you
really want to say is "we couldn't find a CA" and continue
merrily on your way.

As it so happens you really do not care why the load_file failed
in any of these cases, it all boils down to "I can't find the CA
or CRL". Instead we just omit the stat call, and clear the error
stack if the load_file fails. The fact that you don't have a CA or
CRL is caught later in the callers and is what you want, mimicing
the non by_dir behaviour instead of possibly some bizzaro file
system error.

Based on a similar change in Boring.

ok tb@

9 months agoEnable cad(4).
patrick [Sun, 24 Mar 2024 22:34:48 +0000 (22:34 +0000)]
Enable cad(4).

ok kettenis@

9 months agoImplement resetting the PHY via a GPIO pin, like in fec(4). This helps
patrick [Sun, 24 Mar 2024 22:34:06 +0000 (22:34 +0000)]
Implement resetting the PHY via a GPIO pin, like in fec(4).  This helps
enable the PHY on the Raspberry Pi 5.

ok kettenis@

9 months agowhois: remove obsolete handle support
millert [Sun, 24 Mar 2024 19:51:47 +0000 (19:51 +0000)]
whois: remove obsolete handle support

Contact handles have been obsolete for some time now.  The "!handle"
InterNic syntax no longer works and core COCO handle queries seems
to only return empty records.  OK sthen@ job@

9 months agoAdd tests for EVP_get_cipherbyname(NULL) and EVP_get_digestbyname(NULL)
jca [Sun, 24 Mar 2024 14:00:11 +0000 (14:00 +0000)]
Add tests for EVP_get_cipherbyname(NULL) and EVP_get_digestbyname(NULL)

Requested by and ok tb@

9 months agoRestore EVP_get_cipherbyname(NULL)/EVP_get_digestbyname(NULL) handling
jca [Sun, 24 Mar 2024 13:56:35 +0000 (13:56 +0000)]
Restore EVP_get_cipherbyname(NULL)/EVP_get_digestbyname(NULL) handling

The previous implementation used the now defunct OBJ_NAME_get() which
bailed out when passed a NULL argument.  Difference spotted by the
regress tests in ports/net/openvpn (regular openvpn use is fine but
openvpn --show-ciphers/--show-digests crashes).

ok tb@

9 months agoConvert libressl to use the BoringSSL style time conversions
beck [Sun, 24 Mar 2024 11:30:12 +0000 (11:30 +0000)]
Convert libressl to use the BoringSSL style time conversions

This gets rid of our last uses of timegm and gmtime in the
library and things that ship with it. It includes a bit
of refactoring in ocsp_cl.c to remove some obvious ugly.

ok tb@

9 months agoSync with IANA Status Code Registry
job [Sun, 24 Mar 2024 10:53:27 +0000 (10:53 +0000)]
Sync with IANA Status Code Registry

From https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml

OK sthen@ miod@

9 months agoCleanup uvmpd_tune() & document global variable ownership.
mpi [Sun, 24 Mar 2024 10:29:35 +0000 (10:29 +0000)]
Cleanup uvmpd_tune() & document global variable ownership.

- Stop calling uvmpd_tune() inside uvm_pageout().  OpenBSD currently doesn't
support adding RAM. `uvmexp.npages' is immutable after boot.

- Document that `uvmexp.freemin' and `uvmexp.freetarg' are immutable.

- Reduce the scope of the `uvm_pageq_lock' lock.  It serializes accesses
to `uvmexp.active' and `uvmexp.inactive'.

ok kettenis@

9 months agoRename ax into aux
tb [Sun, 24 Mar 2024 08:27:35 +0000 (08:27 +0000)]
Rename ax into aux

9 months agoDrop redundant NULL checks around two for loops
tb [Sun, 24 Mar 2024 08:03:29 +0000 (08:03 +0000)]
Drop redundant NULL checks around two for loops

ok beck

9 months agoFix namespace build
tb [Sun, 24 Mar 2024 06:48:03 +0000 (06:48 +0000)]
Fix namespace build

noticed/ok beck

9 months agopermament -> permanent
jsg [Sun, 24 Mar 2024 06:22:18 +0000 (06:22 +0000)]
permament -> permanent

9 months agoRemove OPENSSL_NO_* #ifdefs from evp_names.c
tb [Sun, 24 Mar 2024 06:15:59 +0000 (06:15 +0000)]
Remove OPENSSL_NO_* #ifdefs from evp_names.c

discussed with jsing

9 months agoBye bye gost, bye, bye turdiness
tb [Sun, 24 Mar 2024 06:05:41 +0000 (06:05 +0000)]
Bye bye gost, bye, bye turdiness

ok beck

9 months agouse LIST_FOREACH_SAFE() to avoid use after free
jsg [Sun, 24 Mar 2024 05:50:20 +0000 (05:50 +0000)]
use LIST_FOREACH_SAFE() to avoid use after free
this can't happen in a libsa environment

found by smatch, ok jsing@

9 months agoRename arg1 to nid because that's what it is
tb [Sun, 24 Mar 2024 01:24:26 +0000 (01:24 +0000)]
Rename arg1 to nid because that's what it is

"Yeah, arg1 is always such an imaginative name" ian
ok beck

9 months agoClamp the manifestNumber to 20 octets value
tb [Sun, 24 Mar 2024 00:38:58 +0000 (00:38 +0000)]
Clamp the manifestNumber to 20 octets value

The standards contain somewhat ambiguous language as to what the largest
acceptable value for a crlNumber or manifestNumber could be, due to a
limitation to 20 octets. The question is what 20 octets specifically are
meant...

Consensus seems to have emerged that the largest value is 2^159-1 since
2^160-1 would encode to 21 octets due to a padding octet to disambiguate
ff .. ff from -7f ff .. ff (iow the top bit of the first octet is a sign
bit).

Thus, switch from 2^160 - 1 to 2^159 - 1 as an upper bound by checking
the length of the value portion of the DER encoded ASN.1 integer to be
at most 20 octets.

Thanks to Martin Hoffmann, Tom Harrison, and Ben Maddison for raising and
discussing the issue. Thanks also to the spec authors for making me waste
a few hours of my life on a single bit.

ok job

9 months agoDrop the unused 'name' member from X509_TRUST
tb [Sun, 24 Mar 2024 00:35:45 +0000 (00:35 +0000)]
Drop the unused 'name' member from X509_TRUST

This used to be exposed via an accessor, but this accessor is no longer
part of the library, so nuke it.

ok beck

9 months agoupdate project-cymru url, from Robert Keizer, slightly tweaked
sthen [Sun, 24 Mar 2024 00:33:41 +0000 (00:33 +0000)]
update project-cymru url, from Robert Keizer, slightly tweaked

9 months agoRemove radius.c which is added mistakenly and under review.
yasuoka [Sun, 24 Mar 2024 00:14:19 +0000 (00:14 +0000)]
Remove radius.c which is added mistakenly and under review.

9 months agoAllow zero-length identity response
yasuoka [Sun, 24 Mar 2024 00:05:01 +0000 (00:05 +0000)]
Allow zero-length identity response

ok tobhe

9 months agoIn kq_del(), delete matching EV_ADD entries to prevent libevent from
yasuoka [Sat, 23 Mar 2024 22:51:49 +0000 (22:51 +0000)]
In kq_del(), delete matching EV_ADD entries to prevent libevent from
passing both EV_ADD and EV_DELETE for the same fd to kevent().

ok visa

9 months agoreaddir_r(3) was never necessary and has been deprecated by POSIX.
guenther [Sat, 23 Mar 2024 16:30:01 +0000 (16:30 +0000)]
readdir_r(3) was never necessary and has been deprecated by POSIX.
Document that in the manpage and stop using it internally.

ok deraadt@ millert@ jmc@

9 months agoRecognise Meinberg PCI510, from Maurice Janssen
sthen [Sat, 23 Mar 2024 10:38:02 +0000 (10:38 +0000)]
Recognise Meinberg PCI510, from Maurice Janssen

9 months agosync
sthen [Sat, 23 Mar 2024 10:36:37 +0000 (10:36 +0000)]
sync

9 months agoAdd Meinberg PCI510, from Maurice Janssen
sthen [Sat, 23 Mar 2024 10:35:50 +0000 (10:35 +0000)]
Add Meinberg PCI510, from Maurice Janssen

9 months agoRemove unused flags and arg2 members from X509_TRUST
tb [Sat, 23 Mar 2024 06:38:01 +0000 (06:38 +0000)]
Remove unused flags and arg2 members from X509_TRUST

ok jsing

9 months agoRemove unused flags argument from the trust handlers
tb [Sat, 23 Mar 2024 06:37:15 +0000 (06:37 +0000)]
Remove unused flags argument from the trust handlers

The public X509_check_trust() takes a flag parameter which we must leave
in place. However, we can stop passing the flag parameter around without
ever looking at it.

ok jsing

9 months agoExpand ASN range for LACNIC
job [Sat, 23 Mar 2024 04:18:56 +0000 (04:18 +0000)]
Expand ASN range for LACNIC

LACNIC received a new block of ASNs from IANA
https://mail.lacnic.net/pipermail/lacnog/2024-March/009690.html

OK tb@

9 months agoFix main() definition.
mvs [Sat, 23 Mar 2024 01:35:57 +0000 (01:35 +0000)]
Fix main() definition.

9 months agoIncrease /usr/src partition to 2GB - 5GB
jan [Fri, 22 Mar 2024 21:49:52 +0000 (21:49 +0000)]
Increase /usr/src partition to 2GB - 5GB

ok miod@, deraadt@, otto@ and bluhm@

9 months agoRemove padding from union inpaddru.
bluhm [Fri, 22 Mar 2024 21:48:38 +0000 (21:48 +0000)]
Remove padding from union inpaddru.

Alignment of IPv4 address with lower part of IPv6 address looks
like a leftover from times when IPv6 compatible addresses should
contain IPv4 addreses.  Better use a simple union for both IPv4 and
IPv6 addresses like everywhere else.  Use this type also for common
zero address.

OK mvs@

9 months agoadd "-V none" to prevent making any backups
jcs [Fri, 22 Mar 2024 19:22:23 +0000 (19:22 +0000)]
add "-V none" to prevent making any backups

from FreeBSD

ok bluhm deraadt

9 months agoFix chroot(2) call in control process.
bluhm [Fri, 22 Mar 2024 19:14:28 +0000 (19:14 +0000)]
Fix chroot(2) call in control process.

Use /var/empty as chroot directory.  Call chroot(2) before setresuid(2).
Do the error check correctly.  Call chdir(2) after chroot(2).

from spiros thanasoulas; with florian@ tb@; OK millert@

9 months agoMake local port which is bound during connect(2) unique per laddr.
bluhm [Fri, 22 Mar 2024 18:05:01 +0000 (18:05 +0000)]
Make local port which is bound during connect(2) unique per laddr.

in_pcbconnect() did not pass down the address it got from in_pcbselsrc()
to in_pcbpickport().  As a consequence local port numbers selected
during connect(2) were globally unique although they belong to
different addresses.  This strict uniqueness is not necessary and
wastes usable ports for outgoing connections.

To solve this, pass ina from in_pcbconnect() to in_pcbbind_locked().
This does not interfere how wildcard sockets are matched with
specific sockets during bind(2).  It only allows non-wildcard sockets
to share a local port during connect(2).

OK mvs@ deraadt@

9 months agoUse sorflush() instead of direct unp_scan(..., unp_discard) to discard
mvs [Fri, 22 Mar 2024 17:34:11 +0000 (17:34 +0000)]
Use sorflush() instead of direct unp_scan(..., unp_discard) to discard
dead unix(4) sockets.

The difference in direct unp_scan() and sorflush() is the mbuf(9) chain.
For the first case it is still linked to the `so_rcv', for the second it
is not. This is required to make `sb_mtx' mutex(9) the only `so_rcv'
sockbuf protection and remove socket re-locking from the most of
uipc_*send() paths. The unlinked mbuf(9) chain doesn't require any
protection, so this allows to perform sleeping unp_discard() lockless.

Also, the mbuf(9) chain of the discarded socket still contains addresses
of file descriptors and it is much safer to unlink it before FRELE()
them. This is the reason to commit this diff standalone.

ok bluhm

9 months agoRework the cease shutdown reason to work in both directions by looking
claudio [Fri, 22 Mar 2024 15:41:34 +0000 (15:41 +0000)]
Rework the cease shutdown reason to work in both directions by looking
at the ibuf payload passed to log_notification().
Because of this move ibuf_get_string() and the log_notification() call
in parse_notification().
OK tb@

9 months agocorrect history of /dev/mem and /dev/kmem
jsg [Fri, 22 Mar 2024 12:29:33 +0000 (12:29 +0000)]
correct history of /dev/mem and /dev/kmem

The history section (added in CSRG) claimed both first appeared in v6.
Looking at the manuals in the TUHS archive, /dev/mem was in v1 and
/dev/kmem was introduced in v5.

ok jan@

9 months agoRework parse_notification() to use the ibuf API for everything.
claudio [Fri, 22 Mar 2024 07:19:28 +0000 (07:19 +0000)]
Rework parse_notification() to use the ibuf API for everything.

While there fix the RFC5492 handling of ERR_OPEN_CAPA (the current code
has the logic inversed). ERR_OPEN_CAPA is there to signal that a needed
capability is missing in our OPEN message. Just add the handling of
ERR_OPEN_CAPA to log_notification().

Also rework the handling of the shutdown reason and move the printing
into log_notification().

OK tb@

9 months agoLimit NFS connections to originate from a reserved port.
claudio [Fri, 22 Mar 2024 07:15:04 +0000 (07:15 +0000)]
Limit NFS connections to originate from a reserved port.

For TCP connections do the check when adding the socket via nfssvc(2).
For UDP do the check early after soreceive().
On top of this limit the sockets added via nfssvc(2) to IPv4 TCP and UDP
sockets.
OK millert@ deraadt@

9 months agoSimplify X509_STORE_free()
tb [Fri, 22 Mar 2024 06:24:54 +0000 (06:24 +0000)]
Simplify X509_STORE_free()

This had an inlined version of sk_pop_free(). We can just call it the
right way.

ok jsing

9 months agoaucat: Allow any device sample encoding.
ratchov [Fri, 22 Mar 2024 06:20:48 +0000 (06:20 +0000)]
aucat: Allow any device sample encoding.

If the device doesn't support the aucat internal encoding,
then setup a conversion layer instead of failing. This allows
aucat to be used for audio equipment testing/debugging
without involving the full sndiod processing chain.

9 months agoaucat: Add a bytes-per-sample argument to allcobuf()
ratchov [Fri, 22 Mar 2024 06:06:06 +0000 (06:06 +0000)]
aucat: Add a bytes-per-sample argument to allcobuf()

No behavior change.

9 months agopledge: Allow the AUDIO_GETDEV ioctl in "audio"
ratchov [Fri, 22 Mar 2024 05:54:25 +0000 (05:54 +0000)]
pledge: Allow the AUDIO_GETDEV ioctl in "audio"

ok deraadt, kn, phessler

9 months agoReplace protocol literal strings and strlen() calls with defined constants
job [Fri, 22 Mar 2024 03:38:12 +0000 (03:38 +0000)]
Replace protocol literal strings and strlen() calls with defined constants

OK tb@ claudio@

9 months agoNever bindings use the phy-handle property instead of the phy property.
patrick [Thu, 21 Mar 2024 23:12:33 +0000 (23:12 +0000)]
Never bindings use the phy-handle property instead of the phy property.

ok kettenis@

9 months agoAvoid redundant allocation in ikev2_prfplus()
tobhe [Thu, 21 Mar 2024 22:08:49 +0000 (22:08 +0000)]
Avoid redundant allocation in ikev2_prfplus()

from markus@

9 months agoFix white space. OK tobhe@
bluhm [Thu, 21 Mar 2024 16:46:04 +0000 (16:46 +0000)]
Fix white space.  OK tobhe@

9 months agoWrite padding character into the right position.
nicm [Thu, 21 Mar 2024 12:10:57 +0000 (12:10 +0000)]
Write padding character into the right position.

9 months agoReduce escape-time default to 10 milliseconds, 500 is far too long for
nicm [Thu, 21 Mar 2024 11:53:11 +0000 (11:53 +0000)]
Reduce escape-time default to 10 milliseconds, 500 is far too long for
modern terminals and networks. Case made by Kurtis Rader in GitHub issue
3844.

9 months agoAdd -M to always turn mouse on in a menu, GitHub issue 3779.
nicm [Thu, 21 Mar 2024 11:51:32 +0000 (11:51 +0000)]
Add -M to always turn mouse on in a menu, GitHub issue 3779.

9 months agoLook for feature code 21 for DECSLRM and 28 for DECFRA in the device
nicm [Thu, 21 Mar 2024 11:47:55 +0000 (11:47 +0000)]
Look for feature code 21 for DECSLRM and 28 for DECFRA in the device
attributes and also accept level 1 (there is no hardware with this but
some emulators may use it). Pointed out by James Holderness.

9 months agoUse -p for default paste-buffer command in buffer mode, it will only do
nicm [Thu, 21 Mar 2024 11:32:49 +0000 (11:32 +0000)]
Use -p for default paste-buffer command in buffer mode, it will only do
anything if the application asked for it. From Gregory Anders.

9 months agoDo not notify window-layout-changed if the window is about to be
nicm [Thu, 21 Mar 2024 11:30:42 +0000 (11:30 +0000)]
Do not notify window-layout-changed if the window is about to be
destroyed (since it may have been freed by the time the notify happens),
from Romain Francoise in GitHub issue 3860.

9 months agoRevert detach-client part of last, did not intend this to go in.
nicm [Thu, 21 Mar 2024 11:27:18 +0000 (11:27 +0000)]
Revert detach-client part of last, did not intend this to go in.

9 months agoDo not consider a selection present if it is empty, from Michael Grant
nicm [Thu, 21 Mar 2024 11:26:28 +0000 (11:26 +0000)]
Do not consider a selection present if it is empty, from Michael Grant
(GitHub issue 3869). Also a typo fix from GitHub issue 3877.

9 months agoDo not exit the master process if a client TCP connection fails to be
claudio [Thu, 21 Mar 2024 10:58:15 +0000 (10:58 +0000)]
Do not exit the master process if a client TCP connection fails to be
added.
OK millert@

9 months agoRemove now unused certificates (which are also soon to expire).
jsing [Thu, 21 Mar 2024 08:17:23 +0000 (08:17 +0000)]
Remove now unused certificates (which are also soon to expire).

9 months agoadd uao_read_to_iosys_map() alternative to shmem_read_to_iosys_map()
jsg [Thu, 21 Mar 2024 05:14:35 +0000 (05:14 +0000)]
add uao_read_to_iosys_map() alternative to shmem_read_to_iosys_map()

9 months agounstub intel_uc_fw_copy_rsa()
jsg [Thu, 21 Mar 2024 05:06:42 +0000 (05:06 +0000)]
unstub intel_uc_fw_copy_rsa()

9 months agomention that SR-IOV virtual functions work too
jmatthew [Thu, 21 Mar 2024 04:10:37 +0000 (04:10 +0000)]
mention that SR-IOV virtual functions work too

9 months agoClear spinner after each cycle
afresh1 [Thu, 21 Mar 2024 01:02:29 +0000 (01:02 +0000)]
Clear spinner after each cycle

Otherwise we can get left with a piece of the spinner if all firmware
gets updates and don't print a "kept" value.

While here, replace \010 with the ksh supported \b, as suggested by cheloha@

Noticed by deraadt@

9 months agoFix build with bitmap_copy() on i386 by adding const qualifier.
bluhm [Wed, 20 Mar 2024 22:52:44 +0000 (22:52 +0000)]
Fix build with bitmap_copy() on i386 by adding const qualifier.

OK jsg@

9 months agoRename the remaining pmod to mod
tb [Wed, 20 Mar 2024 22:11:07 +0000 (22:11 +0000)]
Rename the remaining pmod to mod

9 months agopmod -> mod in CONF_IMODULE
tb [Wed, 20 Mar 2024 22:08:22 +0000 (22:08 +0000)]
pmod -> mod in CONF_IMODULE

Hungarian notation occasionally helps, but only if it is done consistently.
Steve and consistency... cf e.g the last few commits. Accordingly,
Hensonian Hungarian notation is a complete disaster. Start cleaning this
mess up.

9 months agotmod -> mod
tb [Wed, 20 Mar 2024 21:53:57 +0000 (21:53 +0000)]
tmod -> mod

requested by jsing

9 months agomd -> imod for CONF_IMODULEs
tb [Wed, 20 Mar 2024 21:51:23 +0000 (21:51 +0000)]
md -> imod for CONF_IMODULEs

A CONF_IMODULE is neither an EVP_MD nor a CONF_MODULE, so call it imod
instead of md or mod.

9 months agomd -> mod for CONF_MODULEs
tb [Wed, 20 Mar 2024 21:49:00 +0000 (21:49 +0000)]
md -> mod for CONF_MODULEs

A CONF_MODULE is no EVP_MD, so call it mod instead of md.

9 months agoChange return type of module_add()
tb [Wed, 20 Mar 2024 21:41:09 +0000 (21:41 +0000)]
Change return type of module_add()

There is one caller of this function which returns module_add() != NULL.
Make the function return an int instead.

suggested by and ok jsing

9 months agoImplement imodule_free() and call it from module_finish()
tb [Wed, 20 Mar 2024 21:31:31 +0000 (21:31 +0000)]
Implement imodule_free() and call it from module_finish()

ok jsing

9 months agoMake module_free() NULL safe
tb [Wed, 20 Mar 2024 21:21:03 +0000 (21:21 +0000)]
Make module_free() NULL safe

ok jsing

9 months agofix ORCPT handling
op [Wed, 20 Mar 2024 17:52:43 +0000 (17:52 +0000)]
fix ORCPT handling

due to a swapped strlcpy() arguments we don't save the ORCPT argument
after validation.  There's no buffer overflow since dsn_orcpt is zeroed.
Spotted by Tassilo Philipp, thanks!

ok millert gilles

9 months agoUse the new certificates/chains in regress.
jsing [Wed, 20 Mar 2024 10:38:05 +0000 (10:38 +0000)]
Use the new certificates/chains in regress.

The new certificates are more representative of the real world. The old
certificates use weak algorithms and expire in the very near future. Most
of our regress has already been switched over, this changes the remainder.

Thanks to Bernhard M. Wiedemann for reminding us of the upcoming expiry.

ok tb@

9 months agoCleanup AID handling.
claudio [Wed, 20 Mar 2024 09:35:46 +0000 (09:35 +0000)]
Cleanup AID handling.

- Loops over all valid AID should start with AID_MIN and go up to AID_MAX - 1
   e.g. for (i = AID_MIN; i < AID_MAX; i++)
  If for some reason AID_UNSPEC must be handled make that explicit in the
  for loop.

- aid2afi() now returns an error for AID_UNSPEC since there is no valid
  AFI SAFI combo for AID_UNSPEC.

- Add additional checks for AID_MIN where currently only AID_MAX was checked.
  This affects imsg for route refresh and graceful restart.

- Simplify add-path capability handling. Only the negotiated add_path capa
  sets the flag for AID_UNSPEC to help code to quickly check if any add-path
  is active.

OK tb@