eric [Fri, 23 Aug 2019 15:39:11 +0000 (15:39 +0000)]
only process records of the expected type.
fix an issue where CNAME records generate bogus results.
ok gilles@
schwarze [Fri, 23 Aug 2019 15:18:13 +0000 (15:18 +0000)]
document RSAPrivateKey_dup(3) and RSAPublicKey_dup(3)
schwarze [Fri, 23 Aug 2019 13:05:42 +0000 (13:05 +0000)]
explain in a simpler way when the default is -r and when it is -s;
triggered by a very different patch from Rashad Kanavath;
OK florian@
kn [Fri, 23 Aug 2019 12:48:14 +0000 (12:48 +0000)]
Use -delete in EXAMPLES
-delete is part of POSIX since 2001 and tedu added support for it in 2012,
-print0 however never made it into any standard, so replace this less
portable idiom with its more concise built-in counterpart.
Both -print0 as well as xargs(1) -0 explain and reference each other and
CAVEATS goes into detail with problematic file names, so no information
is lost by replacing this particular example.
While here, make the -exec example rm(1) multiple files at once.
Feedback from claudio tb
Input and OK millert
schwarze [Fri, 23 Aug 2019 12:23:39 +0000 (12:23 +0000)]
document X509_get1_email(3), X509_get1_ocsp(3), X509_email_free(3)
eric [Fri, 23 Aug 2019 12:09:41 +0000 (12:09 +0000)]
martijn@ found a regression so revert to the old behavior for now
bluhm [Fri, 23 Aug 2019 11:11:18 +0000 (11:11 +0000)]
Default layout for disklabel(8) has changed, /usr became larger.
Adjust expected values in test.
reminded by Moritz Buhl
schwarze [Fri, 23 Aug 2019 09:41:49 +0000 (09:41 +0000)]
document X509_dup(3)
mlarkin [Fri, 23 Aug 2019 07:55:20 +0000 (07:55 +0000)]
vmctl(8): fix wrong output when using 'vmctl stop'
Fix a wrong output when using 'vmctl stop' without any further arguments.
Patch from Caspar Schutijser, thanks!
ok deraadt
eric [Fri, 23 Aug 2019 07:09:52 +0000 (07:09 +0000)]
res_hnok() is too lenient wrt to acceptable domain name in mail addresses.
replace it with a valid_domainname() check that implements something closer
to RFC 5321, but still usable in real-life.
ok gilles@ millert@
anton [Fri, 23 Aug 2019 07:01:22 +0000 (07:01 +0000)]
sync
jsg [Fri, 23 Aug 2019 04:38:55 +0000 (04:38 +0000)]
update tradcpp to 0.5.3
jsg [Fri, 23 Aug 2019 01:19:24 +0000 (01:19 +0000)]
regen
jsg [Fri, 23 Aug 2019 01:18:08 +0000 (01:18 +0000)]
add Intel 100 Series LP eMMC/SDXC from fkr
add Intel WHL-U Host ids
krw [Thu, 22 Aug 2019 22:35:29 +0000 (22:35 +0000)]
T10/BSR INCITS 503 (SPC-5) is apparently a thing. Update
version_to_spc() to map the formerly reserved value 0x07 in the
INQUIRY version field to 5 (a.k.a. SPC-5), instead of 0 (a.k.a. device
does not claim support for any SPC version).
Tweak comment for 0x03 mapping to note it means compliance to SPC, not
SPC-3. Tweak comment for 0x06 mappoing to specify the ANSI INCITS
513-2005 that documents SPC-4.
bluhm [Thu, 22 Aug 2019 21:47:27 +0000 (21:47 +0000)]
Test did not compile due to missing symbols. Add source sshbuf-misc.c
to regress as it was done in ssh make file.
from Moritz Buhl
bluhm [Thu, 22 Aug 2019 21:31:48 +0000 (21:31 +0000)]
Define the new verbose variable also in the regression sources so
that the test programs link with the rpki-client object files again.
from Moritz Buhl
espie [Thu, 22 Aug 2019 19:37:30 +0000 (19:37 +0000)]
GC some old stuff
okay millert@
kn [Thu, 22 Aug 2019 19:33:57 +0000 (19:33 +0000)]
Replace hand-rolled errors with warn(3)
"Looks good" deraadt millert
kettenis [Thu, 22 Aug 2019 17:14:21 +0000 (17:14 +0000)]
Don't check _TTP for io windows.
ok patrick@, jsg@
jmc [Thu, 22 Aug 2019 16:32:26 +0000 (16:32 +0000)]
spelling fix and zap a stray line while here;
schwarze [Thu, 22 Aug 2019 15:15:35 +0000 (15:15 +0000)]
document X509_check_purpose(3)
miko [Thu, 22 Aug 2019 09:47:29 +0000 (09:47 +0000)]
do pci_intr_disestablish() and bus_space_unmap() calls if auich_alloc_cdata() fails; ok ratchov@
deraadt [Thu, 22 Aug 2019 01:11:19 +0000 (01:11 +0000)]
unused variable, after previous commit
deraadt [Wed, 21 Aug 2019 21:06:48 +0000 (21:06 +0000)]
sync
cheloha [Wed, 21 Aug 2019 20:44:09 +0000 (20:44 +0000)]
sysctl(2): add kern.utc_offset: successor to the DST/TIMEZONE options(4)
The DST and TIMEZONE options(4) are incompatible with KARL, so we need
some other way to compensate for an RTC running with a known offset.
Enter kern.utc_offset, an offset in minutes East of UTC. TIMEZONE has
always been minutes West, but this is inconsistent with how everyone
else talks about timezones, hence the flip.
TIMEZONE has the advantage of being compiled into the binary. Our new
sysctl(2) has no such luck, so it needs to be set as early as possible
in boot, from sysctl.conf(5), so we can correct the kernel clock from
the RTC's local time to UTC before daemons like ntpd(8) and cron(8)
start. To encourage this, kern.utc_offset is made immutable after the
securelevel(7) is raised to 1.
Prompted by yasuoka@. Discussed with deraadt@, kettenis@, yasuoka@.
Additional testing by yasuoka@.
ok deraadt@, yasuoka@
danj [Wed, 21 Aug 2019 19:21:57 +0000 (19:21 +0000)]
Remove cdrom mention
ok espie@
kn [Wed, 21 Aug 2019 17:39:30 +0000 (17:39 +0000)]
Lower syspugrade timeout to 30 minutes
The previous mechanism used a single timeout for the entire upgrade which
was kept when introducing the per-set watchdog.
Half an hour now seems more sensible to safely catch the biggest sets on
slow hardware, so avoid needlessly stalling (failed) upgrades for too long.
OK sthen deraadt
visa [Wed, 21 Aug 2019 16:14:34 +0000 (16:14 +0000)]
Fix a race in invalidation of remote TLB entries.
If a CPU updates a pmap concurrently with the activation of that pmap
on another CPU, invalidation of TLB entries might be incomplete.
It is also possible that a CPU altogether stops updating its TLB.
Prevent the race by synchronizing pmap activations and logic that
determines where to send TLB invalidation IPIs.
To avoid mutex wait without ability to process IPIs, the context switch
code is adjusted to call pmap_activate() with interrupts enabled.
In practice, interrupts up to IPL_SCHED are still disabled on context
switch.
florian [Wed, 21 Aug 2019 15:32:18 +0000 (15:32 +0000)]
Remove support for semantically opace interface identifiers (RFC 7217)
for IPv6 link local addresses.
Some hosting and VM providers route customer IPv6 prefixes to link
local addresses derived from ethernet MAC addresses (RFC 2464). This
leads to hard to debug IPv6 connectivity problems and is probably not
worth the effort.
RFC 7721 lists 4 weaknesses:
3.1. Correlation of Activities over Time & 3.2. Location Tracking
These are still possible with RFC 7217 addresses for an adversary
connected to the same layer 2 network (think conference wifi). Since
the link local prefix stays the same (fe80::/64) the link local
addresses do not change between different networks.
An adversary on the same layer 2 network can probably track ethernet
MAC addresses via different means, too.
3.3. Address Scanning & 3.4. Device-Specific Vulnerability Exploitation
These now become possible, however, as noted above a layer 2 adversary
was probably able to do this via different means.
People concerned with these weaknesses are advised to use
ifconfig lladdr random.
OK benno
input & OK kn
otto [Wed, 21 Aug 2019 11:08:58 +0000 (11:08 +0000)]
Bump /usr on big auto-allocation table; ok krw@ sthen@ phessler@
jsg [Wed, 21 Aug 2019 02:18:33 +0000 (02:18 +0000)]
Add simple amdgpu pci id devlist for the ramdisk to determine if
aperture is needed. Skip SI/CIK ids as we don't build amdgpu with
SI/CIK support (radeondrm covers these) and skip VEGA20 ids we
don't match on as they are flagged AMD_EXP_HW_SUPPORT.
krw [Tue, 20 Aug 2019 23:55:41 +0000 (23:55 +0000)]
Trailing whitespace.
patrick [Tue, 20 Aug 2019 23:38:19 +0000 (23:38 +0000)]
Network-based device paths use Messaging and not Media types. Thus
in reality the depth was always -1 which made the compare function
a No-Op. Properly check the device path depth value and look for
the Messaging type instead to find the correct NIC. This check
never worked before and was uncovered by the last change.
Regression noticed by bluhm@
krw [Tue, 20 Aug 2019 22:31:28 +0000 (22:31 +0000)]
Use the defines DETACH_FORCE and DETACH_QUIET when constructing a value
that will end up in config_detach() flags via scsi_detach_target().
ok jmatthew@ dlg@
kettenis [Tue, 20 Aug 2019 17:16:43 +0000 (17:16 +0000)]
Enable ipmi(4).
ok deraadt@
claudio [Tue, 20 Aug 2019 16:02:57 +0000 (16:02 +0000)]
Adjust manpage. Document -t tal and the new output argument. Also remove
some of the comments for sections that will never ever be used here.
claudio [Tue, 20 Aug 2019 16:01:52 +0000 (16:01 +0000)]
Change the arguments to rpki-client a bit. Instead of listing all TAL files
as arguments rpki-client will now load the TAL installed in /etc/rpki by
default. For debug reasons an option -t tal is added to pass in TAL files
by hand. The argument is now instead the filename of the output file.
Now `rpki-client roa.conf` will do what you need which is a lot nicer.
Agreed by deraadt@ job@ to be a step in the right direction.
krw [Tue, 20 Aug 2019 13:40:37 +0000 (13:40 +0000)]
scsi_probe_bus() always returns 0. Nobody but scsi_probe() even
pretended to care. So just make in a void, and explicitly return 0 in
the appropriate case in scsi_probe().
schwarze [Tue, 20 Aug 2019 13:27:19 +0000 (13:27 +0000)]
New manual page X509_cmp(3) documenting the same public functions
as in OpenSSL 1.1.1. I rewrote most of the text for clarity, precision,
and conciseness and added some additional information. A few sentences
from Paul Yang remain.
inoguchi [Tue, 20 Aug 2019 13:10:09 +0000 (13:10 +0000)]
Add static_ASN1_* macro
- Add static_ASN1_* macro. Patch was provided by steils AT gentoo.org
jmc [Tue, 20 Aug 2019 11:34:18 +0000 (11:34 +0000)]
- more no longer accepts random less commands
- history trim
- sundry
diff from evan silberman;
tweaked/ok by schwarze and deraadt
espie [Tue, 20 Aug 2019 11:11:53 +0000 (11:11 +0000)]
fix error reporting, specifically having two repos on the same site may
lead to one repo closing handles from the other to avoid DoS, as exemplified
by stable-packages.
okay sthen@
espie [Tue, 20 Aug 2019 11:05:42 +0000 (11:05 +0000)]
shrink using new mechanisms
espie [Tue, 20 Aug 2019 11:03:42 +0000 (11:03 +0000)]
two simple scripts to shrink package generation
espie [Tue, 20 Aug 2019 11:03:05 +0000 (11:03 +0000)]
use wrapper module instead of rolling our own
espie [Tue, 20 Aug 2019 11:02:28 +0000 (11:02 +0000)]
remove old cdrom=... property
schwarze [Tue, 20 Aug 2019 10:59:09 +0000 (10:59 +0000)]
make BN_CTX_end(NULL) a NOOP for compatibility with documented behaviour
in OpenSSL 1.1.1 even though in general, letting random functions
accept NULL is not advisable because it can hide programming errors;
"yes please" tb@
"unfortunately I suspect you're right" jsing@
"oh well" deraadt@
dlg [Tue, 20 Aug 2019 08:21:03 +0000 (08:21 +0000)]
i broke the example slightly by making the driver more compliant with 802.1Q.
bru [Mon, 19 Aug 2019 21:42:33 +0000 (21:42 +0000)]
Add a field for enabling/disabling reverse scrolling.
ok patrick@
deraadt [Mon, 19 Aug 2019 21:22:26 +0000 (21:22 +0000)]
Restore msrs & pat on main cpu. jcs observed a slow console on x1r7,
and kettenis identified missing pat restore.
Many other machines may be improved by this change.
ok kettenis jcs
bru [Mon, 19 Aug 2019 21:19:38 +0000 (21:19 +0000)]
Add a configuration option for reverse scrolling.
ok patrick@
bru [Mon, 19 Aug 2019 21:08:26 +0000 (21:08 +0000)]
Accept more elantech-v4 models, and apply a test for external buttons.
Thanks to Alexander Cronheim.
ok mpi@
naddy [Mon, 19 Aug 2019 20:59:14 +0000 (20:59 +0000)]
The piggies have outgrown their pen again: Firefox 69 will no longer
build in 5 GB of memory. Bump default datasize for pbuild to 6 GB.
ok landry@ ajacoutot@
deraadt [Mon, 19 Aug 2019 19:55:54 +0000 (19:55 +0000)]
sync
kettenis [Mon, 19 Aug 2019 18:56:23 +0000 (18:56 +0000)]
Mention ipmi@acpi and ipmi@iic. Add a short description for SSIF.
kettenis [Mon, 19 Aug 2019 18:31:02 +0000 (18:31 +0000)]
Add support for SMBus System Interface (SSIF).
ok jmatthew@
krw [Mon, 19 Aug 2019 17:16:55 +0000 (17:16 +0000)]
Remove some unused code left over from an ancient (i.e. 2007) attempt
to present wd disks as sd drives.
ok deraadt@
eric [Mon, 19 Aug 2019 15:42:24 +0000 (15:42 +0000)]
use a specific and more relevant status message for failed smarthost
resolution.
ok gilles@
schwarze [Mon, 19 Aug 2019 13:52:53 +0000 (13:52 +0000)]
document X509_INFO_new(3) and X509_INFO_free(3)
robert [Mon, 19 Aug 2019 13:50:38 +0000 (13:50 +0000)]
add 6.7 syspatch key
schwarze [Mon, 19 Aug 2019 13:08:26 +0000 (13:08 +0000)]
document ECDH_compute_key(3) and ECDH_size(3);
feedback and OK tb@
espie [Mon, 19 Aug 2019 12:25:40 +0000 (12:25 +0000)]
-Pcdrom is nonsensical now, so error out properly on it.
Prompted and okay danj@
espie [Mon, 19 Aug 2019 12:11:04 +0000 (12:11 +0000)]
silently add -DDONTLOG
espie [Mon, 19 Aug 2019 12:09:07 +0000 (12:09 +0000)]
add a special flag -DDONTLOG so that regress test won't spam /var/log/messages
jsg [Mon, 19 Aug 2019 09:34:13 +0000 (09:34 +0000)]
define CONFIG_X86* in autoconf.h as needed and reduce diff to linux
ok kettenis@
jsg [Mon, 19 Aug 2019 07:27:11 +0000 (07:27 +0000)]
match on r40 ahci
tested by and ok jsing@ ok kettenis@
jan [Mon, 19 Aug 2019 07:07:35 +0000 (07:07 +0000)]
Enable TCP and UDP checksum offloading by default for ix(4).
ok deraadt@
kettenis [Mon, 19 Aug 2019 06:13:44 +0000 (06:13 +0000)]
Add missing OHCI clocks for Allwinner R40.
tested by jsing@
krw [Sun, 18 Aug 2019 23:58:24 +0000 (23:58 +0000)]
Every "goto bad" in scsi_probedev() deserves a SC_DEBUG().
schwarze [Sun, 18 Aug 2019 21:44:10 +0000 (21:44 +0000)]
Tweak cross references, in particular making sure that
all CMS pages are linked to CMS_ContentInfo_new(3) both ways
and that closely related pages reference each other.
gilles [Sun, 18 Aug 2019 16:52:02 +0000 (16:52 +0000)]
version field was reserved but not discussed, this is done now
ok millert@ martijn@
krw [Sun, 18 Aug 2019 16:21:32 +0000 (16:21 +0000)]
Rename 'link' to 'link0' as it refers to target 0 only.
kettenis [Sun, 18 Aug 2019 15:52:45 +0000 (15:52 +0000)]
Increase timeout used when waiting for the Rx FIFO to fill up when in polled
mode.
ok jcs@, mlarkin@
kettenis [Sun, 18 Aug 2019 15:51:18 +0000 (15:51 +0000)]
In polled mode, wait on STOP detected bit to be set in the interrupt status
register like we do for non-polled mode. This seems to increase the
reliability of i2c transfers on the controller integrated on the Ampare
eMAG processor.
ok jcs@, mlarkin@
kettenis [Sun, 18 Aug 2019 13:11:47 +0000 (13:11 +0000)]
Implement a few Linux compat ACPI interfaces and enable the ACPI support
code in radeon(4) and amdgpu(4).
ok jsg@
schwarze [Sun, 18 Aug 2019 13:02:37 +0000 (13:02 +0000)]
minor cleanup:
* avoid jumping back and forth between use cases
* delete duplicate information
* and minor wording improvements
schwarze [Sun, 18 Aug 2019 12:06:51 +0000 (12:06 +0000)]
minor cleanup:
* add the missing STANDARDS sections
* mark up ASN.1 type names
* GOST does not need an ENGINE in LibreSSL, so don't use it as an example
* and minor wording improvements and typo fixes
schwarze [Sun, 18 Aug 2019 10:54:57 +0000 (10:54 +0000)]
minor cleanup:
* mark up ASN.1 type and field names
* move the RFC reference to STANDARDS
* and minor wording improvements
schwarze [Sun, 18 Aug 2019 10:19:17 +0000 (10:19 +0000)]
some cleanup:
* do not jump back and forth among functions
* show data type - NID correspondance in a table
* make the difference between content type and embedded content clearer
* add the missing STANDARDS section
* mark up ASN.1 type names
* remove some text that says nothing
* and minor wording improvements
krw [Sun, 18 Aug 2019 02:43:52 +0000 (02:43 +0000)]
When activating or detaching a target don't search the scsi_link SLIST
for each target:lun. Just travese the SLIST once taking care of relevant
scsi_link's as they are encountered.
ok jmatthew@
krw [Sun, 18 Aug 2019 00:58:54 +0000 (00:58 +0000)]
sc_buswidth field in struct scsi_link is redundant. Just use
adapter_link->adapter_buswidth, which supplied the value for
sc_buswidth and is never changed.
krw [Sat, 17 Aug 2019 15:31:41 +0000 (15:31 +0000)]
Nuke some unused variables, tweak some declarations and
variable names into a consistant idiom.
schwarze [Sat, 17 Aug 2019 15:23:26 +0000 (15:23 +0000)]
some cleanup:
* add the missing STANDARDS section
* more precision below RETURN VALUES
* simplify some overly verbose text
* mark up ASN.1 type names
* and minor wording improvements and typo fixes
jmc [Sat, 17 Aug 2019 14:43:21 +0000 (14:43 +0000)]
no need to escape "-", generally speaking; instances remain in EXAMPLES;
(see ingo's notes in mandoc_char.7, if explanation neccessary)
ok schwarze gilles
schwarze [Sat, 17 Aug 2019 14:41:01 +0000 (14:41 +0000)]
minor cleanup:
* add the missing STANDARDS section
* mark up ASN.1 type names
* avoid some repetitions
* make some lists more palatable in -column form
* and minor wording improvements and typo fixes
deraadt [Sat, 17 Aug 2019 14:25:06 +0000 (14:25 +0000)]
signal handlers should not call exit() due to possibility of reentering
libc (stdio etc), instead do the unlink tasks then call _exit() instead
ok millert
jsg [Sat, 17 Aug 2019 08:27:43 +0000 (08:27 +0000)]
drm/i915: Fix wrong escape clock divisor init for GLK
From Stanislav Lisovskiy
edc388566a1d25f88e631bd8170462d4f86c5a24 in linux 4.19.y/4.19.67
73a0ff0b30af79bf0303d557eb82f1d1945bb6ee in mainline linux
jsg [Sat, 17 Aug 2019 08:25:28 +0000 (08:25 +0000)]
drm: silence variable 'conn' set but not used
From Qian Cai
991c4756be69417f720734ceb32a22071e0aa0af in linux 4.19.y/4.19.67
bbb6fc43f131f77fcb7ae8081f6d7c51396a2120 in mainline linux
jsg [Sat, 17 Aug 2019 08:23:28 +0000 (08:23 +0000)]
drm/amd/display: Increase size of audios array
From Tai Man
8d641499bf969a284161d2682b71669c96389773 in linux 4.19.y/4.19.67
7352193a33dfc9b69ba3bf6a8caea925b96243b1 in mainline linux
jsg [Sat, 17 Aug 2019 08:20:59 +0000 (08:20 +0000)]
drm/amd/display: Only enable audio if speaker allocation exists
From Alvin Lee
f9420bfa29f9ece0b02a5435ae95f1a48bc97723 in linux 4.19.y/4.19.67
6ac25e6d5b2fbf251e9fa2f4131d42c815b43867 in mainline linux
jsg [Sat, 17 Aug 2019 08:17:34 +0000 (08:17 +0000)]
drm/amd/display: Fix dc_create failure handling and 666 color depths
From Julian Parkin
3998e684463a7fa1721c171172ca085978d03a00 in linux 4.19.y/4.19.67
0905f32977268149f06e3ce6ea4bd6d374dd891f in mainline linux
jsg [Sat, 17 Aug 2019 08:14:34 +0000 (08:14 +0000)]
drm/amd/display: use encoder's engine id to find matched free audio device
From Tai Man
e7a8a794109c07e0b8d7bd55fbfcb3082991626a in linux 4.19.y/4.19.67
74eda776d7a4e69ec7aa1ce30a87636f14220fbb in mainline linux
jsg [Sat, 17 Aug 2019 08:11:32 +0000 (08:11 +0000)]
drm/amd/display: Wait for backlight programming completion in set backlight level
From Sivapiriyan Kumarasamy
2a5e21adc71b46beec9232cc6418676fd2255bc5 in linux 4.19.y/4.19.67
c7990daebe71d11a9e360b5c3b0ecd1846a3a4bb in mainline linux
jsg [Sat, 17 Aug 2019 06:07:22 +0000 (06:07 +0000)]
change drm memory barriers to be closer to what linux does on
amd64 and i386
ok kettenis@
ratchov [Sat, 17 Aug 2019 05:04:56 +0000 (05:04 +0000)]
Move play blocks count from the audio_softc to the audio_buf structure.
As the audio_buf structure is per-direction, this makes play and
recording code similar. No behavior change.
ratchov [Sat, 17 Aug 2019 04:57:52 +0000 (04:57 +0000)]
Move block size and block count calculations in their own routines.
Makes the code easier to read, no behabior change.
schwarze [Fri, 16 Aug 2019 22:23:41 +0000 (22:23 +0000)]
sort; OK deraadt@
deraadt [Fri, 16 Aug 2019 20:11:07 +0000 (20:11 +0000)]
sync
procter [Fri, 16 Aug 2019 19:53:32 +0000 (19:53 +0000)]
check that software de/encrypt is possible: under hardware
offload, it needn't be. the stack must otherwise rely on every
offloading driver correctly handling all frames governed by a
given key.
ok stsp@
projects / openbsd / log