openbsd
12 months agoDocument the OpenBSD-specific output format.
schwarze [Mon, 9 Oct 2023 19:28:42 +0000 (19:28 +0000)]
Document the OpenBSD-specific output format.
Feedback and OK millert, "more reasonable" deraadt@.

12 months agoUse the usual text for X509_ALGOR_free()
tb [Mon, 9 Oct 2023 16:59:55 +0000 (16:59 +0000)]
Use the usual text for X509_ALGOR_free()

12 months agoClarify that 'undefined type' means V_ASN1_UNDEF
tb [Mon, 9 Oct 2023 16:06:01 +0000 (16:06 +0000)]
Clarify that 'undefined type' means V_ASN1_UNDEF

12 months agoClarify documentation of X509_ALGOR_{set0,set_md}()
tb [Mon, 9 Oct 2023 16:03:57 +0000 (16:03 +0000)]
Clarify documentation of X509_ALGOR_{set0,set_md}()

The X509_ALGOR_set0() and X509_ALGOR_set_md() documentation comes from
upstream, which means it is as sloppy as the code and as vague as your
average upstream manpage. Be precise on what X509_ALGOR_set0() does on
different inputs and document return values and failure modes.

X509_ALGOR_set_md() is a void function that calls X509_ALGOR_set0() in a
way that can fail, leaving alg in a corrupted state. Document when that
can occur and how to avoid or detect that, but do not go too far, because
EVP_MD_meth_new(), one potential source of failures, is a whole another
can of worms.

joint work with schwarze

12 months agoAdd pledge("stdio") before parsing pfkey messages. This applies to
tobhe [Mon, 9 Oct 2023 15:32:14 +0000 (15:32 +0000)]
Add pledge("stdio") before parsing pfkey messages. This applies to
ipsecctl -m and ipsecctl -s. Refactor ipsecctl_show_*() to setup all
sysctls first before dropping privileges and finally parsing and
printing IPsec SAs and flows.

feedback and ok mbuhl@
ok deraadt@

12 months agoallow dwqe.c to build on architectures that do not have machine/fdt.h
stsp [Mon, 9 Oct 2023 14:25:00 +0000 (14:25 +0000)]
allow dwqe.c to build on architectures that do not have machine/fdt.h

Move struct if_device to a new fdt-specific softc struct, along with
the gmac_id field which is only used by if_dwqe_fdt.c at present.
This avoids the need to include any fdt header files in dwqe.c.

ok kettenis@

12 months agoplaceholder for later feature
espie [Mon, 9 Oct 2023 07:12:22 +0000 (07:12 +0000)]
placeholder for later feature

12 months agoFix return value confusion of sa_cmp() by renaming the function sa_equal().
claudio [Mon, 9 Oct 2023 07:11:20 +0000 (07:11 +0000)]
Fix return value confusion of sa_cmp() by renaming the function sa_equal().

The code in get_alternate_addr() checked for sa_cmp() == 0 but actually
sa_cmp() returned 1 for equal addrs. So rename the function to sa_equal()
to make it clear that a true return value means equality.

Found by Asa Yeamans (enigma2e at rivin net)
OK tb@

12 months agosimplify: all 3 mock-ups are strings that get eval'd, so do this properly.
espie [Mon, 9 Oct 2023 07:03:49 +0000 (07:03 +0000)]
simplify: all 3 mock-ups are strings that get eval'd, so do this properly.

12 months agodrm/amdkfd: Use gpu_offset for user queue's wptr
jsg [Mon, 9 Oct 2023 02:37:14 +0000 (02:37 +0000)]
drm/amdkfd: Use gpu_offset for user queue's wptr

From YuBiao Wang
b60028c81e463b0930191a4fa2ba770ff6d40e3a in linux-6.1.y/6.1.56
cc39f9ccb82426e576734b493e1777ea01b144a8 in mainline linux

12 months agodrm/i915/gt: Fix reservation address in ggtt_reserve_guc_top
jsg [Mon, 9 Oct 2023 02:35:47 +0000 (02:35 +0000)]
drm/i915/gt: Fix reservation address in ggtt_reserve_guc_top

From Javier Pello
69dd84470b4deed45658f2717aef533ec4ceb43d in linux-6.1.y/6.1.56
b7599d241778d0b10cdf7a5c755aa7db9b83250c in mainline linux

12 months agodrm/amdgpu: Handle null atom context in VBIOS info ioctl
jsg [Mon, 9 Oct 2023 02:33:44 +0000 (02:33 +0000)]
drm/amdgpu: Handle null atom context in VBIOS info ioctl

From David Francis
91b6845ef387ab9ae2c6f3f8d43655be955e444b in linux-6.1.y/6.1.56
5e7e82254270c8cf8b107451c5de01cee2f135ae in mainline linux

12 months agodrm/amdgpu/nbio4.3: set proper rmmio_remap.reg_offset for SR-IOV
jsg [Mon, 9 Oct 2023 02:32:10 +0000 (02:32 +0000)]
drm/amdgpu/nbio4.3: set proper rmmio_remap.reg_offset for SR-IOV

From Alex Deucher
ad3c37f90bae3675bc686562f7e63511d1033cc0 in linux-6.1.y/6.1.56
ab43213e7afd08ac68d4282060bacf309e70fd14 in mainline linux

12 months agodrm/amdgpu/soc21: don't remap HDP registers for SR-IOV
jsg [Mon, 9 Oct 2023 02:30:32 +0000 (02:30 +0000)]
drm/amdgpu/soc21: don't remap HDP registers for SR-IOV

From Alex Deucher
cca15a82790772c0303ae295f7153c4af0536ad1 in linux-6.1.y/6.1.56
1832403cd41ca6b19b24e9d64f79cb08d920ca44 in mainline linux

12 months agodrm/amd/display: Don't check registers, if using AUX BL control
jsg [Mon, 9 Oct 2023 02:29:10 +0000 (02:29 +0000)]
drm/amd/display: Don't check registers, if using AUX BL control

From Swapnil Patel
b9971393d4c9be5eec3c6b30d9e312ba88c865ac in linux-6.1.y/6.1.56
f5b2c10b57615828b531bb0ae56bd6325a41167e in mainline linux

12 months agodrm/amdkfd: Insert missing TLB flush on GFX10 and later
jsg [Mon, 9 Oct 2023 02:27:27 +0000 (02:27 +0000)]
drm/amdkfd: Insert missing TLB flush on GFX10 and later

From Harish Kasiviswanathan
cdfcaa4e80430003dbba1bdb86f9fde5480ddbe5 in linux-6.1.y/6.1.56
edcfe22985d09ee8e2346c9217f5a52ab150099f in mainline linux

12 months agodrm/amdkfd: Flush TLB after unmapping for GFX v9.4.3
jsg [Mon, 9 Oct 2023 02:25:37 +0000 (02:25 +0000)]
drm/amdkfd: Flush TLB after unmapping for GFX v9.4.3

From Philip Yang
9becfff9f91e350fd4d6f16e9f117f9227258fb0 in linux-6.1.y/6.1.56
75dda67c7213c3e0d17244a8c42547c27ee746f8 in mainline linux

12 months agoi915/pmu: Move execlist stats initialization to execlist specific setup
jsg [Mon, 9 Oct 2023 02:23:51 +0000 (02:23 +0000)]
i915/pmu: Move execlist stats initialization to execlist specific setup

From Umesh Nerlige Ramappa
987a7f5311ba1fd4ccf3637c09e6424741aacd01 in linux-6.1.y/6.1.56
c524cd40e8a2a1a36f4898eaf2024beefeb815f3 in mainline linux

12 months agoadd SZ_4G for 6.1.56 drm
jsg [Mon, 9 Oct 2023 02:19:26 +0000 (02:19 +0000)]
add SZ_4G for 6.1.56 drm

12 months agouse shifts for size defines
jsg [Mon, 9 Oct 2023 02:15:40 +0000 (02:15 +0000)]
use shifts for size defines

12 months agoclockintr: move intrclock wrappers from sys/clockintr.h to kern_clockintr.c
cheloha [Sun, 8 Oct 2023 21:08:00 +0000 (21:08 +0000)]
clockintr: move intrclock wrappers from sys/clockintr.h to kern_clockintr.c

intrclock_rearm() and intrclock_trigger() are not part of the public
API, so there's no reason to implement them in sys/clockintr.h.  Move
them to kern_clockintr.c.

12 months agomove release a earlier. when we wait for security fixes from one piece
deraadt [Sun, 8 Oct 2023 14:05:10 +0000 (14:05 +0000)]
move release a earlier.  when we wait for security fixes from one piece
of software, another one will announce that we should wait for a security
fix.   the only winning move is not to play.

12 months agosubclass system libraries so we can give better diagnostic eventually
espie [Sun, 8 Oct 2023 12:45:31 +0000 (12:45 +0000)]
subclass system libraries so we can give better diagnostic eventually

12 months agooops, those eval need to be STRINGS, otherwise the whole definition stuff
espie [Sun, 8 Oct 2023 12:44:58 +0000 (12:44 +0000)]
oops, those eval need to be STRINGS, otherwise the whole definition stuff
happens regardless.

Add a third one to only disregard base libraries

12 months agoAdd inclusion of "dev/hid/files.hid" and "dev/usb/files.usb".
aoyama [Sun, 8 Oct 2023 10:40:23 +0000 (10:40 +0000)]
Add inclusion of "dev/hid/files.hid" and "dev/usb/files.usb".

Actually these devices are not supported on luna88k, but we need them
in order to create attribute header files (e.g. "ucom.h") required in
MI part recently.

Suggested by miod@, tested by me.

12 months agoadd another two regression testing parts. Use a simple framework that
espie [Sun, 8 Oct 2023 09:17:27 +0000 (09:17 +0000)]
add another two regression testing parts. Use a simple framework that
allows me to redefine methods to not do a thing
(maybe this will migrate to its own file if it grows enough)

12 months agowrong prototype, it's called as an OO method
espie [Sun, 8 Oct 2023 09:16:39 +0000 (09:16 +0000)]
wrong prototype, it's called as an OO method

12 months agoRevert commitid: KtmyJEoS0WWxmlZ5
claudio [Sun, 8 Oct 2023 07:44:52 +0000 (07:44 +0000)]
Revert commitid: KtmyJEoS0WWxmlZ5
---
Protect interface queues with read once and mutex.

Reading atomic values need at least read once and writing values
should have a mutex.  This is what mbuf queues already do.  Add
READ_ONCE() to ifq and ifiq macros for len and empty.  Convert
ifq_set_maxlen() to a function that grabs ifq_mtx.

OK mvs@
---

ifq_set_maxlen() is called before the ifq_mtx is initalized and this at
least crashes WITNESS kernels on boot.

Reported-by: syzbot+7b218ef53432b5d56d7d@syzkaller.appspotmail.com
12 months agoplain forgot to save the values for regression testing
espie [Sun, 8 Oct 2023 06:55:02 +0000 (06:55 +0000)]
plain forgot to save the values for regression testing

12 months agoInclude .EX/.EE in the MACRO OVERVIEW and improve its description.
schwarze [Sat, 7 Oct 2023 21:26:29 +0000 (21:26 +0000)]
Include .EX/.EE in the MACRO OVERVIEW and improve its description.

It is supported by all major man(7) implementations that G. Branden
Robinson and myself are aware of, so calling it "non-portable" can
no longer be justified.  Using it becomes increasingly more common,
so calling it "non-standard" is now misleading.  It is certainly
useful and not deprecated.

While here, also remove the word "non-standard" from the descriptions
of several other macros because it is slightly confusing.  A formal
standard for the man(7) language does not exist.  Arguably, Version 7
AT&T UNIX used to be a de-facto standard, but its influence has been
waning for 40 years, and various features that Version 7 did not
support are now widely used.

13 months agoSimplify the display() function by getting rid of a useless buffer
schwarze [Sat, 7 Oct 2023 13:29:08 +0000 (13:29 +0000)]
Simplify the display() function by getting rid of a useless buffer
on the stack.  No functional change, +8 -15 LOC.

Suggested by and OK millert@.

13 months agoRetry on empty passphrase
kn [Sat, 7 Oct 2023 12:20:10 +0000 (12:20 +0000)]
Retry on empty passphrase

They must not be empty, or else creation/unlock fails (and boot loaders
would not be able to abort and drop back to the boot> prompt).

[-p passfile] handles this with "invalid passphrase length", so align
the interactive prompt and retry there.

-s remains a one-shot whilst getting a better error message.

This is user friendlier and fixes the last installer "bug" on my list
wrt. disk encryption where hitting Enter twice at the passphrase prompt
would abort bioctl(8) and thus the installation.

OK deraadt

13 months agoImprove horizontal alignment in long format when printing minor
schwarze [Sat, 7 Oct 2023 11:51:08 +0000 (11:51 +0000)]
Improve horizontal alignment in long format when printing minor
device numbers greater than 999 by measuring the two widths needed
for device numbers just like it is already done for other numbers.
In the output, this only changes whitespace, but not the text.

Ugly formatting reported by
Crystal Kolipe <kolipe dot c at exoticsilicon dot com>.

OK millert.  Also tested by Crystal Kolipe.

13 months agowith firmware known, recognize that we couldn't find any update at all
espie [Sat, 7 Oct 2023 09:11:26 +0000 (09:11 +0000)]
with firmware known, recognize that we couldn't find any update at all
and just say that instead of a dauntingly long list of packages

13 months agotrack firmware separately, since those will appear as uptodate for us
espie [Sat, 7 Oct 2023 09:10:03 +0000 (09:10 +0000)]
track firmware separately, since those will appear as uptodate for us

13 months agouse more specific regression testing knob
espie [Sat, 7 Oct 2023 09:09:07 +0000 (09:09 +0000)]
use more specific regression testing knob

13 months agoCorrectly reset the goto table for a state.
millert [Fri, 6 Oct 2023 22:31:21 +0000 (22:31 +0000)]
Correctly reset the goto table for a state.

We cannot use set_gototab() to reset all the entries for a state,
it will leave existing entries as-is.  Add a new reset_gototab()
function that zeroes the table entries for the specified state.
There is no need to reset the goto table immediately after
resize_state(), it is already initialized via calloc().
Fixes https://github.com/onetrueawk/awk/issues/199

13 months agoUpdate awk to Sep 24, 2023 version.
millert [Fri, 6 Oct 2023 22:29:24 +0000 (22:29 +0000)]
Update awk to Sep 24, 2023 version.

fnematch and getrune have been overhauled to solve issues around
unicode FS and RS. also fixed gsub null match issue with unicode.
big thanks to Arnold Robbins.

13 months ago__swsetup: set error flag and errno on error.
millert [Fri, 6 Oct 2023 16:41:02 +0000 (16:41 +0000)]
__swsetup: set error flag and errno on error.

Previously, we set errno to EBADF if the cantwrite() macro (which calls
__swsetup()) returns true for POSIX compliance.  However, we neglected
to also set the error flag, __SERR.  Rather than set the error flag in
all callers of cantwrite(), set both errno and the error flag in
__swsetup().  This matches what FreeBSD does and makes it possible
to choose a proper errno value for the second error condition in
__swsetup().  OK deraadt@

13 months agoRename 'ifaceidx' variables and parameters to 'ifaceno'. More
krw [Fri, 6 Oct 2023 16:06:11 +0000 (16:06 +0000)]
Rename 'ifaceidx' variables and parameters to 'ifaceno'. More
consistent with existing code and thus less cnance for confusion.

requested by kettenis@

13 months agoIgnore thermal dual-chain requests from iwx(4) firmware.
stsp [Fri, 6 Oct 2023 15:15:41 +0000 (15:15 +0000)]
Ignore thermal dual-chain requests from iwx(4) firmware.

Linux only acts on these requests in 11ax mode on 160MHz channels so
we can simply ignore this request for now. Prevents a warning from
being printed when we receive such a request:
  iwx0: unhandled firmware response 0x5f6/0x20000008 rx ring 64[3]

Observed on AX210 hardware by bluhm@

13 months agoIgnore thermal dual-chain requests from iwx(4) firmware.
stsp [Fri, 6 Oct 2023 15:15:29 +0000 (15:15 +0000)]
Ignore thermal dual-chain requests from iwx(4) firmware.

Linux only acts on these requests in 11ax mode on 160MHz channels so
we can simply ignore this request for now. Prevents a warning from
being printed when we receive such a request:
  iwx0: unhandled firmware response 0x5f6/0x20000008 rx ring 64[3]

Observed on AX210 hardware by bluhm@

13 months agobe more explicit about the usage pattern of register-plist and the variables
espie [Fri, 6 Oct 2023 12:45:45 +0000 (12:45 +0000)]
be more explicit about the usage pattern of register-plist and the variables
in bsd.port.mk that govern its behavior.

13 months agorename pass{word -> file} variable
kn [Fri, 6 Oct 2023 09:55:02 +0000 (09:55 +0000)]
rename pass{word -> file} variable

It contains the path to the file containing a passphrase;
password reads misleading and was also the only usage of "word" in contrast
to consistent "phrase" usage.

13 months agoclean up old 6.7 softraid migration code
kn [Fri, 6 Oct 2023 09:34:19 +0000 (09:34 +0000)]
clean up old 6.7 softraid migration code

ofwboot still passes an old/small .openbsd.bootdata size from before 6.7
when boothowto was added.

Report the exact size from now on such that a future diff can rectify
the corresponding check in autoconf.c:bootstrap().

All this was done to keep old/new bootloaders working with new/old kernels,
but 6.7 is long gone and we should all be running current code.

OK stsp

13 months agoIn sys___thrsigdivert() switch tsleep_nsec() to use the nowake ident
claudio [Fri, 6 Oct 2023 08:58:13 +0000 (08:58 +0000)]
In sys___thrsigdivert() switch tsleep_nsec() to use the nowake ident
channel instead of inventing an own one.
OK kettenis@ mvs@

13 months agoprepare for adding a value for REGRESSION_TESTING, so that I can test
espie [Fri, 6 Oct 2023 06:00:18 +0000 (06:00 +0000)]
prepare for adding a value for REGRESSION_TESTING, so that I can test
more funky situations eventually

13 months agoadd -v to usage();
jmc [Fri, 6 Oct 2023 05:31:54 +0000 (05:31 +0000)]
add -v to usage();

13 months agotypo in error message
djm [Fri, 6 Oct 2023 03:32:15 +0000 (03:32 +0000)]
typo in error message

13 months agoPerform the softhsm2 setup as discrete steps rather than as a long
djm [Fri, 6 Oct 2023 03:25:14 +0000 (03:25 +0000)]
Perform the softhsm2 setup as discrete steps rather than as a long
shell pipeline. Makes it easier to figure out what has happened when
it breaks.

13 months agoDo log output to stderr while running dhcpd(8) in foreground to make
mvs [Thu, 5 Oct 2023 18:46:14 +0000 (18:46 +0000)]
Do log output to stderr while running dhcpd(8) in foreground to make
behaviour in accordance with man page. Introduce '-v' option to make
output more verbose.

Do a little refactoring to make code more consistent with other daemons
like ospfd(8), httpd(8), relayd(8), etc.

Feedback from bluhm benno

ok bluhm

13 months agoMention the option to encrypt the root disk on supported architectures
kn [Thu, 5 Oct 2023 11:58:34 +0000 (11:58 +0000)]
Mention the option to encrypt the root disk on supported architectures

with miod

13 months agoProtect interface queues with read once and mutex.
bluhm [Thu, 5 Oct 2023 11:08:56 +0000 (11:08 +0000)]
Protect interface queues with read once and mutex.

Reading atomic values need at least read once and writing values
should have a mutex.  This is what mbuf queues already do.  Add
READ_ONCE() to ifq and ifiq macros for len and empty.  Convert
ifq_set_maxlen() to a function that grabs ifq_mtx.

OK mvs@

13 months agoAdd regress coverage for ASN1_UTCTIME_cmp_time_t()
tb [Thu, 5 Oct 2023 07:59:41 +0000 (07:59 +0000)]
Add regress coverage for ASN1_UTCTIME_cmp_time_t()

13 months agore-enable POOL_DEBUG
bluhm [Wed, 4 Oct 2023 18:07:13 +0000 (18:07 +0000)]
re-enable POOL_DEBUG
OK deraadt@

13 months agobase is unlocked, move to 7.4-current
bluhm [Wed, 4 Oct 2023 15:40:13 +0000 (15:40 +0000)]
base is unlocked, move to 7.4-current
OK deraadt@

13 months agospelling fix;
jmc [Wed, 4 Oct 2023 05:42:10 +0000 (05:42 +0000)]
spelling fix;

13 months agoopenssh-9.5
djm [Wed, 4 Oct 2023 04:04:09 +0000 (04:04 +0000)]
openssh-9.5

13 months agoadd some cautionary text about % token expansion and shell metacharacters;
djm [Wed, 4 Oct 2023 04:03:50 +0000 (04:03 +0000)]
add some cautionary text about % token expansion and shell metacharacters;
based on report from vinci AT protonmail.ch

13 months agofix link to agent draft; spotted by Jann Horn
djm [Tue, 3 Oct 2023 23:56:10 +0000 (23:56 +0000)]
fix link to agent draft; spotted by Jann Horn

13 months agoReinstate setting rtableid based on rdomain for pfsync,
sthen [Tue, 3 Oct 2023 10:22:10 +0000 (10:22 +0000)]
Reinstate setting rtableid based on rdomain for pfsync,
lost during the rewrite, reported by Mark Patruck.

ok phessler claudio sashan deraadt

13 months agoFix a typo and move a word
tb [Tue, 3 Oct 2023 09:58:06 +0000 (09:58 +0000)]
Fix a typo and move a word

13 months agoremove unused Pp macro;
jmc [Tue, 3 Oct 2023 05:20:38 +0000 (05:20 +0000)]
remove unused Pp macro;

13 months agoAdd 'host root port' information to hw.ucomnames.
krw [Mon, 2 Oct 2023 23:38:11 +0000 (23:38 +0000)]
Add 'host root port' information to hw.ucomnames.

usbN.X.Y becomes usbN.Z.X.Y

Display the usb<blah> string in ucom attach messages so grepping
dmesg can be used to find the path to a ucom.

More USB cluebats from kettenis@. Deep hub depths testing from
drahn@.

ok deraadt@ drahn@ kettenis@

13 months agoNow nearbyint_test-1 is passing on macppc, powerpc64, sparc64. Some
bluhm [Mon, 2 Oct 2023 16:11:09 +0000 (16:11 +0000)]
Now nearbyint_test-1 is passing on macppc, powerpc64, sparc64.  Some
recent fixes seem to help also there, not only on amd64.
OK deraadt@

13 months agoEnable cu(1) -l to accept the usb paths shown in hw.ucomnames.
krw [Mon, 2 Oct 2023 14:48:10 +0000 (14:48 +0000)]
Enable cu(1) -l to accept the usb paths shown in hw.ucomnames.

Usual man page tweaks from jmc@ and schwarze@.

Testing various iterations by deraadt@, nicm@, kettenis@, drahn@.

ok deraadt@

13 months agobump version
claudio [Mon, 2 Oct 2023 13:31:32 +0000 (13:31 +0000)]
bump version

13 months agomaybe a bit earlier
deraadt [Mon, 2 Oct 2023 13:26:04 +0000 (13:26 +0000)]
maybe a bit earlier

13 months agoAdd some coverage for ASN1_TIME_cmp_time_t() as well
tb [Mon, 2 Oct 2023 11:14:15 +0000 (11:14 +0000)]
Add some coverage for ASN1_TIME_cmp_time_t() as well

ASN1_UTCTIME_cmp_tim_t() could be done similarly, but then I have to mess
with LIBRESSL_INTERNAL. Let's do this after unlock.

13 months agoAdd regress coverage for ASN1_TIME_compare()
tb [Mon, 2 Oct 2023 10:40:43 +0000 (10:40 +0000)]
Add regress coverage for ASN1_TIME_compare()

13 months agoMinor asn1time tweaks
tb [Mon, 2 Oct 2023 09:42:58 +0000 (09:42 +0000)]
Minor asn1time tweaks

Sprinkle some (static) const and garbage collect an unused struct.

13 months agoDV -> Dv;
jmc [Mon, 2 Oct 2023 05:29:59 +0000 (05:29 +0000)]
DV -> Dv;

13 months agoExample code tweak: do not hardcode the size of array
tb [Sun, 1 Oct 2023 22:46:21 +0000 (22:46 +0000)]
Example code tweak: do not hardcode the size of array

13 months agoFix a copy-paste bug in ASN1_TIME_compare()
tb [Sun, 1 Oct 2023 22:14:36 +0000 (22:14 +0000)]
Fix a copy-paste bug in ASN1_TIME_compare()

ASN1_TIME_compare() compares two times t1 and t2. Due to a copy-paste
error, we would do ASN1_time_parse(t1->data, t2->length, &tm2, t2->type)

Now if t1 is a UTCTime (length 13) and t2 is a GeneralizedTime (length 15),
the worst that could happen is a 2-byte out-of-bounds read. Fortunately, t1
will already have parsed as a UTCTime, so it will have a Z where there
should be the first digit of the seconds for a GeneralizedTime and we will
error out.

Now if both t1 and t2 have the same type, we will parse t1's data twice
and we will return an incorrect comparison. This could have some security
impact if anything relied on this function for security purposes. It is
unused in our tree and unused in our ports tree ports and the only consumer
I could find was some MongoDB things doing OCSP, so this won't be too bad.

Then of course there's also the language bindings.

Issue reported by Duncan Thomson at esri dot com via libressl-security

ok beck deraadt

13 months agoshow fingerprint of freshly generated ssh host key on first boot
naddy [Sun, 1 Oct 2023 20:15:23 +0000 (20:15 +0000)]
show fingerprint of freshly generated ssh host key on first boot

Print to the console the fingerprint of a newly generated ssh host
key of the preferred type (currently ED25519), typically when booting
for the first time.  This simplifies a secure first ssh connection to
a freshly installed machine.

ok deraadt@ kn@, and various for earlier iterations

13 months agoDocument EVP_CIPHER_CTX_iv_length() return values
tb [Sun, 1 Oct 2023 18:23:50 +0000 (18:23 +0000)]
Document EVP_CIPHER_CTX_iv_length() return values

We aligned with upstream behavior. Let's document it properly.

Surprisingly, OpenSSL 1.1 half-assed the docs: two parts of the manual
contradict each other. The part getting EVP_CIPHER_CTX_iv_length() right,
incorrectly documents possible -1 return value to EVP_CIPHER_iv_length().

OpenSSL 3 documentation improvement efforts seem to have tried to address
this issue with the result that the manual is now entirely wrong when it
comes to the EVP_CIPHER_CTX_iv_length() replacement. Par for the course.

13 months agoAdd sysctl hw.ucomnames to list 'fixed' paths to USB serial
krw [Sun, 1 Oct 2023 15:58:11 +0000 (15:58 +0000)]
Add sysctl hw.ucomnames to list 'fixed' paths to USB serial
ports.

Suggested by deraadt@, USB route idea from kettenis@. Feedback
from anton@, man page improvements from deraadt@, jmc@,
schwarze@.

ok deraadt@ kettenis@

13 months agoThe colons separate the octets, not the digits; add missing link to
tb [Sun, 1 Oct 2023 10:51:19 +0000 (10:51 +0000)]
The colons separate the octets, not the digits; add missing link to
crypto(3)

13 months agoAtlantic 2 hardware has a different layout for the TPS_DATA_TCT registers
kettenis [Sun, 1 Oct 2023 09:03:14 +0000 (09:03 +0000)]
Atlantic 2 hardware has a different layout for the TPS_DATA_TCT registers
and uses different buffer sizes.  Fixes an issue where the card would
stop transmitting packets under load on the M2 Pro Mac mini.

ok jmatthew@

13 months agoPrint the correct SDHC spec version.
kettenis [Sun, 1 Oct 2023 08:56:24 +0000 (08:56 +0000)]
Print the correct SDHC spec version.

ok deraadt@

13 months agoImprove a code comment in the EXAMPLES section
tb [Sun, 1 Oct 2023 08:29:12 +0000 (08:29 +0000)]
Improve a code comment in the EXAMPLES section

13 months agoRefer to RFC 3779, 2.1.2 for encoding of ranges
tb [Sun, 1 Oct 2023 08:23:58 +0000 (08:23 +0000)]
Refer to RFC 3779, 2.1.2 for encoding of ranges

Mention sections 2.1.1 and 2.1.2 in STANDARDS

13 months agoPoint out that the result of IPAddressRange_new() is an invalid range
tb [Sun, 1 Oct 2023 08:17:52 +0000 (08:17 +0000)]
Point out that the result of IPAddressRange_new() is an invalid range
since it should be a prefix.

13 months agoencoding -> decoding for d2i
tb [Sun, 1 Oct 2023 05:20:41 +0000 (05:20 +0000)]
encoding -> decoding for d2i

13 months agoAdd an empty line
tb [Sun, 1 Oct 2023 04:48:39 +0000 (04:48 +0000)]
Add an empty line

13 months agoReorder list of additional validation checks needed
tb [Sat, 30 Sep 2023 19:07:38 +0000 (19:07 +0000)]
Reorder list of additional validation checks needed

13 months agoSwitch copyright year to 2023.
tb [Sat, 30 Sep 2023 18:16:44 +0000 (18:16 +0000)]
Switch copyright year to 2023.

Apparently I should have used 2023 despite sharing versions of these
files with several people under this license (and thus permitting them
to redistribute and share with the public). It makes no sense to me,
but shrug.

13 months agoUse addrblocks for .Fa
tb [Sat, 30 Sep 2023 16:01:18 +0000 (16:01 +0000)]
Use addrblocks for .Fa

13 months agoavoid using the string "a" without markup as a placeholder
schwarze [Sat, 30 Sep 2023 14:29:41 +0000 (14:29 +0000)]
avoid using the string "a" without markup as a placeholder
where that feels potentially confusing,
and add one missing .Pp macro; no change of meaning

13 months agoconsistently use "allow_inherit" for the argument name
schwarze [Sat, 30 Sep 2023 14:26:09 +0000 (14:26 +0000)]
consistently use "allow_inherit" for the argument name
and fix whitespace on one text line; no change of meaning

13 months agodrop one pair of needless parentheses
schwarze [Sat, 30 Sep 2023 14:24:00 +0000 (14:24 +0000)]
drop one pair of needless parentheses
and polish one wording; no change of meaning

13 months agoremove a useless repetition of a function name
schwarze [Sat, 30 Sep 2023 14:21:57 +0000 (14:21 +0000)]
remove a useless repetition of a function name
that was also followed by a bogus argument,
and fix one grammatical error; no change of meaning

13 months agopolish an awkward wording
schwarze [Sat, 30 Sep 2023 14:12:40 +0000 (14:12 +0000)]
polish an awkward wording
and capitalize "AFI" where is does not refer to the function argument;
no change of meaning

13 months agotwo instances of missing .Fa macros
schwarze [Sat, 30 Sep 2023 14:10:56 +0000 (14:10 +0000)]
two instances of missing .Fa macros
and some missing escaping of HYPHEN-MINUS; no text change

13 months agofix one copy and paste error: d2i_*() decode rather than encode;
schwarze [Sat, 30 Sep 2023 13:58:29 +0000 (13:58 +0000)]
fix one copy and paste error: d2i_*() decode rather than encode;
plus some minor markup and punctuation fixes

13 months agogarbage collect two stray words, no change of meaning
schwarze [Sat, 30 Sep 2023 13:51:00 +0000 (13:51 +0000)]
garbage collect two stray words, no change of meaning

13 months agolist tracepoints directly in kdump.1 instead of pointing to ktrace.1
naddy [Sat, 30 Sep 2023 13:03:40 +0000 (13:03 +0000)]
list tracepoints directly in kdump.1 instead of pointing to ktrace.1

Also add a note to the respective section in kdump.1, ktrace.1, and
ltrace.1 to keep in sync with each other; suggested by schwarze@.

ok deraadt@ schwarze@

13 months agoReplace kernel lock with mutex in ixl(4) media status.
bluhm [Fri, 29 Sep 2023 19:44:47 +0000 (19:44 +0000)]
Replace kernel lock with mutex in ixl(4) media status.

Witness found that sc_atq_mtx mutex is held when kernel lock is
acquired.  This might cause a deadlock.  Protect sc_media_status
and sc_media_active with the link state mutex instead.  Global
fields ifm->ifm_status and ifm->ifm_active are still protected by
kernel lock.

OK tobhe@

13 months agoMake sure pfkeyv2_parsemessage() only returns 0 if the message was
tobhe [Fri, 29 Sep 2023 18:45:42 +0000 (18:45 +0000)]
Make sure pfkeyv2_parsemessage() only returns 0 if the message was
successfully validated.  Decline all messages from userland that contain
errnos and remove unneeded special handling for type SADB_X_PROMISC.

ok bluhm@

13 months agoOnly forward validated pfkey messages to promiscuous listeners.
tobhe [Fri, 29 Sep 2023 18:40:08 +0000 (18:40 +0000)]
Only forward validated pfkey messages to promiscuous listeners.
Fixes a bunch of crashes with ipsecctl -m.

ok bluhm@