openbsd
3 years agoCall the info cb on connect/accept exit in TLSv1.3
tb [Tue, 14 Sep 2021 14:31:21 +0000 (14:31 +0000)]
Call the info cb on connect/accept exit in TLSv1.3

The p5-Net-SSLeay test expects the info callback to be called on
connect exit. This is the behavior in the legacy stack but wasn't
implemented in the TLSv1.3 stack. With this commit, p5-Net-SSLeay
tests are happy again after the bump.

ok bluhm inoguchi jsing

3 years agoprovide a small manual page for the SSL_set_psk_use_session_callback(3)
schwarze [Tue, 14 Sep 2021 14:30:57 +0000 (14:30 +0000)]
provide a small manual page for the SSL_set_psk_use_session_callback(3)
stub, written from scratch;
OK tb@ on SSL_set_psk_use_session_callback.3

3 years ago/usr/bin/timeout should not be in man sets
sthen [Tue, 14 Sep 2021 14:09:21 +0000 (14:09 +0000)]
/usr/bin/timeout should not be in man sets

3 years agoMerge the stub SSL_SESSION_is_resumable(3) manual page from the
schwarze [Tue, 14 Sep 2021 14:08:15 +0000 (14:08 +0000)]
Merge the stub SSL_SESSION_is_resumable(3) manual page from the
OpenSSL 1.1.1 branch, which is still under a free license.
A few tweaks to wording and structure by me.
OK tb@ on SSL_SESSION_is_resumable.3

3 years agoAs suggested by tb@, merge the description of OPENSSL_EC_NAMED_CURVE
schwarze [Tue, 14 Sep 2021 13:47:59 +0000 (13:47 +0000)]
As suggested by tb@, merge the description of OPENSSL_EC_NAMED_CURVE
and OPENSSL_EC_EXPLICIT_CURVE
from OpenSSL commit 146ca72c Feb 19 14:35:43 2015 +0000
after tb@ changed the default from 0 to OPENSSL_EC_NAMED_CURVE
in ec/ec_lib.c rev. 1.41,
which is the same default that OpenSSL uses since 1.1.0.

While merging, drop the description of the pre-1.1.0 behaviour.
It seems irrelevant to me because tb@ found no application in Debian
codesearch using OPENSSL_EC_EXPLICIT_CURVE.  A former devious default
that was probably never relied upon by anyone does not need to be
documented.

3 years agoSync
jca [Tue, 14 Sep 2021 12:04:34 +0000 (12:04 +0000)]
Sync

3 years agoProvide instruction cache invalidation through sysarch(RISCV_ICACHE_SYNC)
jca [Tue, 14 Sep 2021 12:03:49 +0000 (12:03 +0000)]
Provide instruction cache invalidation through sysarch(RISCV_ICACHE_SYNC)

Modelled after the arm implementation.  The first consumer would be
__builtin___clear_cache() in libcompiler_rt.

Input from kettenis@ and deraadt@, ok kettenis@

3 years agoDo not download more than 300 deltas to sync a RRDP repo. Somewhere around
claudio [Tue, 14 Sep 2021 11:38:44 +0000 (11:38 +0000)]
Do not download more than 300 deltas to sync a RRDP repo. Somewhere around
300 the time it takes to fetch and process all the deltas is higher than
fetching just a snapshot.
OK job@ sthen@

3 years agoput back the mux_ctx memleak fix for SSH_CHANNEL_MUX_CLIENT
mbuhl [Tue, 14 Sep 2021 11:04:21 +0000 (11:04 +0000)]
put back the mux_ctx memleak fix for SSH_CHANNEL_MUX_CLIENT
OK mfriedl@

3 years agoFix regression test, prodded by bluhm@
mpi [Tue, 14 Sep 2021 09:52:12 +0000 (09:52 +0000)]
Fix regression test, prodded by bluhm@

3 years agoAdd missing kernel lock for Bi-directional Forwarding Detection data.
mvs [Tue, 14 Sep 2021 09:15:55 +0000 (09:15 +0000)]
Add missing kernel lock for Bi-directional Forwarding Detection data.

Also bfdset() calls pool_get(9) with PR_WAITOK flag so it should be done
before we check the existence of this `bfd', otherwise it could be added
multiple times.

We have BFD disabled in the default kernel so this diff is for
consistency mostly.

ok mpi@

3 years agoEnable cy(4) on amd64.
jan [Tue, 14 Sep 2021 08:19:58 +0000 (08:19 +0000)]
Enable cy(4) on amd64.

ok deraadt

3 years agoWhen the dhcp server is unreachable via unicast UDP retry broadcast.
florian [Tue, 14 Sep 2021 07:51:51 +0000 (07:51 +0000)]
When the dhcp server is unreachable via unicast UDP retry broadcast.

The only indication we get is sendto(2) failing, so if our UDP packet
is silently dropped somewhere we won't notice.

This has been observed in the wild with a dhcp server at the remote
end of a VPN. The dhcp server is reachable via broadcast so we get an
initial lease. However the server is not in the same subnet as the
lease we are getting so to reach it unicast we depend on a default
route being set. When the VPN goes down we lose the default route [*]
and when dhcpleased then tries to renew the lease (unicast), sendto(2)
fails with "network unreachable".

[*] The exact mechanics on how this happens are unclear. I.e. why
didn't dhcpleased(8) see a link-state change and transitioned to
REBOOTING / INIT? Regardless, we shouldn't ignore sendto(2) errors.

Reported by stsp, OK benno

3 years agovmm(4): add limit to number of vcpus
dv [Mon, 13 Sep 2021 22:16:27 +0000 (22:16 +0000)]
vmm(4): add limit to number of vcpus

After fixing previous syzbot issues related to lock contention, the reproducer code managed to hit an issue where it can exhaust kernel memory by allocating vcpus. Since each vcpu (regardless if it's SVM or VMX-capable) requires wiring some number of pages of memory, it was possible to starve other parts of the kernel.

This change limits the total number of vcpus to 512, a conservative number given vmm(4) only supports single vcpu guests at the moment.

ok mlarkin@

3 years agosync
deraadt [Mon, 13 Sep 2021 17:45:59 +0000 (17:45 +0000)]
sync

3 years agofix SEE ALSO;
jmc [Mon, 13 Sep 2021 17:43:26 +0000 (17:43 +0000)]
fix SEE ALSO;

3 years agovarious formatting fixes;
jmc [Mon, 13 Sep 2021 17:42:47 +0000 (17:42 +0000)]
various formatting fixes;

3 years agotweak text in previous and fix SEE ALSO;
jmc [Mon, 13 Sep 2021 17:35:27 +0000 (17:35 +0000)]
tweak text in previous and fix SEE ALSO;

3 years agoIn X509_check_issued() do the same dance around x509v3_cache_extensions()
claudio [Mon, 13 Sep 2021 15:26:53 +0000 (15:26 +0000)]
In X509_check_issued() do the same dance around x509v3_cache_extensions()
as in all other palces. Check the EXFLAG_SET flag first and if not set
grab the CRYPTO_LOCK_X509 before calling x509v3_cache_extensions().
OK tb@ beck@

3 years agodisk.dk_size can't be 0 as we errx() if that happens during
krw [Mon, 13 Sep 2021 15:07:51 +0000 (15:07 +0000)]
disk.dk_size can't be 0 as we errx() if that happens during
DISK_open(). So eliminate pointless check when printing geometry.

Replace unit_lookup() with units_size(), reducing four
conversion dances to one. Return pointer to the unit_type used in
the conversion. unit_types[] is now needed only in misc.c.

Fewer variables make for cleaner logic.

No intentional functional change.

3 years agosync
deraadt [Mon, 13 Sep 2021 15:05:57 +0000 (15:05 +0000)]
sync

3 years agono longer needed
deraadt [Mon, 13 Sep 2021 15:05:44 +0000 (15:05 +0000)]
no longer needed

3 years agoadd 7.1 syspatch pubkey
robert [Mon, 13 Sep 2021 14:41:01 +0000 (14:41 +0000)]
add 7.1 syspatch pubkey

3 years agoRemember to lock user pmap in pmap_extract()
visa [Mon, 13 Sep 2021 12:19:10 +0000 (12:19 +0000)]
Remember to lock user pmap in pmap_extract()

pmap_extract() has to lock user pmap to prevent concurrent pruning
of the page table. The kernel pmap is exempt from this because it uses
a fixed page table structure.

3 years agoConsistently use unsigned long for CPU masks in pmap.c.
visa [Mon, 13 Sep 2021 12:16:43 +0000 (12:16 +0000)]
Consistently use unsigned long for CPU masks in pmap.c.

3 years agointroduce /etc/bsd.re-config which can be used to configure the kernel
robert [Mon, 13 Sep 2021 11:49:21 +0000 (11:49 +0000)]
introduce /etc/bsd.re-config which can be used to configure the kernel
using config(8);

the contents of this configuration file will be fed to config(8) after
kernel relinking is done, so on the next boot the new kernel will have
all the configuration changes set by the user

this comes handy if you still want to use KARL while making changes
to the GENERIC kernel

diff from Paul de Weerd with input from several developers

3 years agoDocument that the editing command 'disk' takes an optional units argument.
krw [Mon, 13 Sep 2021 11:44:40 +0000 (11:44 +0000)]
Document that the editing command 'disk' takes an optional units argument.

3 years agoEnable uaq(4) on amd64. Investigations into problems on other platforms
jmatthew [Mon, 13 Sep 2021 09:57:48 +0000 (09:57 +0000)]
Enable uaq(4) on amd64.  Investigations into problems on other platforms
are ongoing.

3 years agocheck the installer's /tmp/i/hostname.* files for a configured IP address
robert [Mon, 13 Sep 2021 05:17:04 +0000 (05:17 +0000)]
check the installer's /tmp/i/hostname.* files for a configured IP address
so that configurations without a broadcast address are detected as well

ok sthen@

3 years agotake us out of beta
deraadt [Mon, 13 Sep 2021 04:02:15 +0000 (04:02 +0000)]
take us out of beta

3 years agofreebsd history is irrelevant here; pointed ok by and ok deraadt
jmc [Sun, 12 Sep 2021 16:37:42 +0000 (16:37 +0000)]
freebsd history is irrelevant here; pointed ok by and ok deraadt

3 years agoStop taking detour through unit_types[SECTORS] to find
krw [Sun, 12 Sep 2021 16:36:52 +0000 (16:36 +0000)]
Stop taking detour through unit_types[SECTORS] to find
dl.d_secsize.

Leave unit_types[SECTORS].ut_conversion at 0, and test that to
determine if a size needs to be converted from a sectors value.

Use consistent dance to find the desired size value to print.

Logic is clearer, unit_types[] is now const, nobody but misc.c
knows about SECTORS.

No intentional functional change.

3 years agoDefault to using named curve parameter encoding
tb [Sun, 12 Sep 2021 16:23:19 +0000 (16:23 +0000)]
Default to using named curve parameter encoding

The pre-OpenSSL 1.1.0 default was to use explicit curve parameter
encoding. Most applications want to use named curve parameter encoding
and have to opt into this explicitly.

Stephen Henson changed this default in OpenSSL commit 86f300d3 6 years
ago and provided a new OPENSSL_EC_EXPLICIT_CURVE define to opt back into
the old default.  According to Debian's codesearch, no application
currently does this, which indicates that we currently have a bad default.

In the future it is more likely that applications expect the new
default, so we follow OpenSSL to avoid problems.

Prompted by schwarze who noted that OPENSSL_EC_EXPLICIT_CURVE is missing.

ok beck inoguchi jsing

3 years agoannotate root only targets; ok bluhm@
anton [Sun, 12 Sep 2021 07:06:59 +0000 (07:06 +0000)]
annotate root only targets; ok bluhm@

3 years agohook up libagentx; ok martijn@
anton [Sun, 12 Sep 2021 07:06:08 +0000 (07:06 +0000)]
hook up libagentx; ok martijn@

3 years agoRevert recent uhidev report size changes. It's reported to break fido devices
anton [Sun, 12 Sep 2021 06:58:08 +0000 (06:58 +0000)]
Revert recent uhidev report size changes. It's reported to break fido devices
for as of now unknown reasons.

3 years agoIdentify TPM2.0 devices and perform the 2.0-specific "suspend" command
deraadt [Sat, 11 Sep 2021 23:22:38 +0000 (23:22 +0000)]
Identify TPM2.0 devices and perform the 2.0-specific "suspend" command
(researched by mlarkin).  With this, and the latest BIOS which added S3,
the lenovo x1r9 and x1nano can resume.
ok kettenis mlarkin

3 years agoDon't set the highspeed bit on bcm2835-sdhci sdhc(4) controllers.
mglocker [Sat, 11 Sep 2021 22:42:12 +0000 (22:42 +0000)]
Don't set the highspeed bit on bcm2835-sdhci sdhc(4) controllers.
Same approach as on Linux and NetBSD.  This fixes bwfm(4) Wi-Fi on the
Raspberry Pi 3 Model B Plus.

help and ok kettenis@

3 years agomerge the description of SSL_get_tlsext_status_type(3)
schwarze [Sat, 11 Sep 2021 18:58:41 +0000 (18:58 +0000)]
merge the description of SSL_get_tlsext_status_type(3)
from the OpenSSL 1.1.1 branch, which is still under a free license

3 years agoChange the scope of the locking in pmap_extract() to prevent a race between
kettenis [Sat, 11 Sep 2021 18:08:32 +0000 (18:08 +0000)]
Change the scope of the locking in pmap_extract() to prevent a race between
walking the page tables and another thread calling pmap_remove() that ends
up removing a page table page.

tested by sthen@
ok deraadt@, mpi@

3 years agoMerge documentation of EC_GROUP_order_bits(3) from the OpenSSL 1.1.1
schwarze [Sat, 11 Sep 2021 17:59:04 +0000 (17:59 +0000)]
Merge documentation of EC_GROUP_order_bits(3) from the OpenSSL 1.1.1
branch, which is still under a free license.
While here, also merge a few other improvements, mostly regarding
EC_GROUP_get_order(3) and EC_GROUP_get_cofactor(3); in particular,
some statements below RETURN VALUES were outright wrong.
This patch includes a few minor tweaks and an addition to HISTORY by me.
Feedback and OK tb@.

3 years agoZero out iwx(4) Tx descriptors of frames which are done.
stsp [Sat, 11 Sep 2021 17:28:44 +0000 (17:28 +0000)]
Zero out iwx(4) Tx descriptors of frames which are done.

This will hopefully prevent the device from ever writing to the former
DMA address of a buffer which has been taken off the Tx ring.

As far as I understand, the Linux driver unmaps (parts of) Tx descriptors
that are done. We use a static DMA mapping for the entire descriptor array,
so unmapping is not an option for us.

Tested by several as part of my Tx aggregation support patch.

3 years agoFix a bug in iwx(4) Tx done interrupt processing.
stsp [Sat, 11 Sep 2021 17:28:04 +0000 (17:28 +0000)]
Fix a bug in iwx(4) Tx done interrupt processing.

Clear the byte-count for the correct frame while taking frames off the ring.
This should fix some 'fatal firmware errors' seen under load, and prevent
memory corruption: The device could access an mbuf we have freed, but which
is still marked as used in the byte count table and which still has a DMA
address in its Tx descriptor. Problem observed by mlarkin with NFS while
testing my patch for Tx aggregation support.

3 years agoAdd BGPSec Router (RFC 8209) Key Purpose OID
job [Sat, 11 Sep 2021 13:31:31 +0000 (13:31 +0000)]
Add BGPSec Router (RFC 8209) Key Purpose OID

OK tb@

3 years agoDo not ignore SIGINT while waiting for input if editline(3) is not used.
schwarze [Sat, 11 Sep 2021 09:05:50 +0000 (09:05 +0000)]
Do not ignore SIGINT while waiting for input if editline(3) is not used.
Instead, in non-interactive mode, exit sftp(1), like for other serious errors.
As pointed out by dtucker@, when compiled without editline(3) support in
portable OpenSSH, the el == NULL branch is also used for interactive mode.
In that case, discard the input line and provide a fresh prompt to the user
just like in the case where editline(3) is used.
OK djm@

3 years agoMerge documentation for BN_bn2binpad(3), BN_bn2lebinpad(3),
schwarze [Sat, 11 Sep 2021 08:45:47 +0000 (08:45 +0000)]
Merge documentation for BN_bn2binpad(3), BN_bn2lebinpad(3),
and BN_lebin2bn(3) from the OpenSSL 1.1.1 branch,
which is still under a free license.
While here, tweak a number of details for clarity.
OK tb@

3 years agowhen using SFTP protocol, continue transferring files after a
djm [Sat, 11 Sep 2021 00:40:24 +0000 (00:40 +0000)]
when using SFTP protocol, continue transferring files after a
transfer error occurs. This matches original scp/rcp behaviour.
ok dtucker@

3 years agoCalling OpenSSL_add_all_digests() is no longer needed since the library
millert [Fri, 10 Sep 2021 18:58:43 +0000 (18:58 +0000)]
Calling OpenSSL_add_all_digests() is no longer needed since the library
automatically initializes itself.  OK tb@

3 years agoLet iwx(4) resume directly in DVACT_WAKEUP instead of running the init task.
stsp [Fri, 10 Sep 2021 16:38:35 +0000 (16:38 +0000)]
Let iwx(4) resume directly in DVACT_WAKEUP instead of running the init task.

Suggested by deraadt@ during discussion at k2k21.
With additional input from mlarkin. And deraadt spotted some pointless
splnet() calls which this patch is removing.

Resume from S3 tested by me on an x250 thinkpad with a compatible
ax200 wifi card provided by mlarkin. Hibernate tested by deraadt.

Sync comments about the PCI retry timeout workaround with Linux while here.

ok mlarkin@

3 years agoStop using NULL as a synonym for "s" (SECTORS). Just use "s".
krw [Fri, 10 Sep 2021 15:26:36 +0000 (15:26 +0000)]
Stop using NULL as a synonym for "s" (SECTORS). Just use "s".
Remove now pointless NULL check in unit_lookup().

No intentional functional change.

3 years agoWhen writing a message, syslogd did a combination of putting
bluhm [Fri, 10 Sep 2021 15:18:36 +0000 (15:18 +0000)]
When writing a message, syslogd did a combination of putting
everything into an iov and do some sprintf() formating later.  Better
put everything into the iov upfront based on what the output methods
need.  Then either the full iov is written or a line is created by
concatenating.
OK martijn@

3 years agosync
tb [Fri, 10 Sep 2021 15:10:38 +0000 (15:10 +0000)]
sync

3 years agocrank major for libcrypto as well
tb [Fri, 10 Sep 2021 15:09:40 +0000 (15:09 +0000)]
crank major for libcrypto as well

'may as well' deraadt

3 years agomajor bump (same type of crank as libssl)
tb [Fri, 10 Sep 2021 15:06:48 +0000 (15:06 +0000)]
major bump (same type of crank as libssl)

3 years agobump major after symbol addition and struct removal, struct visibility
tb [Fri, 10 Sep 2021 15:06:12 +0000 (15:06 +0000)]
bump major after symbol addition and struct removal, struct visibility
changes

3 years agoUpdate Symbols.list after API additions
tb [Fri, 10 Sep 2021 15:05:35 +0000 (15:05 +0000)]
Update Symbols.list after API additions

3 years agoBump minor after symbol addition
tb [Fri, 10 Sep 2021 15:04:49 +0000 (15:04 +0000)]
Bump minor after symbol addition

3 years agoAdd BN_bn2{,le}binpad(), BN_lebin2bn(), EC_GROUP_order_bits to Symbols.list
tb [Fri, 10 Sep 2021 15:04:11 +0000 (15:04 +0000)]
Add BN_bn2{,le}binpad(), BN_lebin2bn(), EC_GROUP_order_bits to Symbols.list

ok beck inoguchi jsing

3 years agoDo fatal/fatalx a different way so the compiler trick to avoid warnings
nicm [Fri, 10 Sep 2021 15:03:18 +0000 (15:03 +0000)]
Do fatal/fatalx a different way so the compiler trick to avoid warnings
becomes unnecessary, prompted by theo.

3 years agoMove SSL_set0_rbio() outside of LIBRESSL_HAS_TLS1_3
tb [Fri, 10 Sep 2021 14:58:44 +0000 (14:58 +0000)]
Move SSL_set0_rbio() outside of LIBRESSL_HAS_TLS1_3

ok inoguchi jsing

3 years agoExpose SSL_get_tlext_status_type() in tls1.h
tb [Fri, 10 Sep 2021 14:57:31 +0000 (14:57 +0000)]
Expose SSL_get_tlext_status_type() in tls1.h

ok beck jsing

3 years agoExpose SSL_R_NO_APPLICATION_PROTOCOL in ssl.h
tb [Fri, 10 Sep 2021 14:55:53 +0000 (14:55 +0000)]
Expose SSL_R_NO_APPLICATION_PROTOCOL in ssl.h

ok beck jsing

3 years agoExpose SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE in ssl.h
tb [Fri, 10 Sep 2021 14:55:24 +0000 (14:55 +0000)]
Expose SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE in ssl.h

ok beck jsing

3 years agoExpose SSL_CTX_get0_privatekey() in ssl.h
tb [Fri, 10 Sep 2021 14:54:14 +0000 (14:54 +0000)]
Expose SSL_CTX_get0_privatekey() in ssl.h

ok beck

3 years agoRemove TLS1_get_{,client_}version()
tb [Fri, 10 Sep 2021 14:50:19 +0000 (14:50 +0000)]
Remove TLS1_get_{,client_}version()

ok jsing

3 years agoRemove SSL3_RECORD and SSL3_BUFFER
tb [Fri, 10 Sep 2021 14:49:13 +0000 (14:49 +0000)]
Remove SSL3_RECORD and SSL3_BUFFER

with/ok jsing

3 years agoRemove TLS1_RT_HEARTBEAT
tb [Fri, 10 Sep 2021 14:47:24 +0000 (14:47 +0000)]
Remove TLS1_RT_HEARTBEAT

ok jsing

3 years agoMake SSL opaque
tb [Fri, 10 Sep 2021 14:46:31 +0000 (14:46 +0000)]
Make SSL opaque

with/ok jsing

3 years agoRemove struct tls_session_ticket_ext_st and TLS_SESSION_TICKET_EXT
tb [Fri, 10 Sep 2021 14:44:25 +0000 (14:44 +0000)]
Remove struct tls_session_ticket_ext_st and TLS_SESSION_TICKET_EXT
from public visibility.

with/ok jsing

3 years agoUncomment LIBRESSL_HAS_{TLS1_3,DTLS1_2} in opensslfeatures.h
tb [Fri, 10 Sep 2021 14:39:22 +0000 (14:39 +0000)]
Uncomment LIBRESSL_HAS_{TLS1_3,DTLS1_2} in opensslfeatures.h

3 years agoUse BN_RAND_* instead of mysterious values in the documentation of
tb [Fri, 10 Sep 2021 14:37:14 +0000 (14:37 +0000)]
Use BN_RAND_* instead of mysterious values in the documentation of
BN_rand_range()

From OpenSSL 1.1.1l

ok beck jsing

3 years agoExpose EC_GROUP_order_bits() in <openssl/ec.h>
tb [Fri, 10 Sep 2021 14:35:36 +0000 (14:35 +0000)]
Expose EC_GROUP_order_bits() in <openssl/ec.h>

ok beck jsing

3 years agoExpose BN_bn2{,le}binpad() and BN_lebin2bn() in <openssl/bn.h>
tb [Fri, 10 Sep 2021 14:33:44 +0000 (14:33 +0000)]
Expose BN_bn2{,le}binpad() and BN_lebin2bn() in <openssl/bn.h>

ok beck inoguchi

3 years agoExpose BN_RAND_* in <openssl/bn.h>
tb [Fri, 10 Sep 2021 14:32:05 +0000 (14:32 +0000)]
Expose BN_RAND_* in <openssl/bn.h>

ok beck jsing

3 years agoGet rid of the last two warnings by turning them off around the problem
nicm [Fri, 10 Sep 2021 14:22:24 +0000 (14:22 +0000)]
Get rid of the last two warnings by turning them off around the problem
statements, if the compiler supports it.

3 years agoQuirk-compatibility with GNU tbl(1):
schwarze [Fri, 10 Sep 2021 13:23:44 +0000 (13:23 +0000)]
Quirk-compatibility with GNU tbl(1):
With the "nospaces" option, skip space characters before and after "T{",
in addition to skipping those at the beginning and end of data cells.

Minor issue reported by <Oliver dot Corff at email dot de>.

3 years agoProperly handle keep-alive for HTTP/1.1. If the server uses HTTP/1.1
claudio [Fri, 10 Sep 2021 13:20:03 +0000 (13:20 +0000)]
Properly handle keep-alive for HTTP/1.1. If the server uses HTTP/1.1
keep-alive is the default. Check this early on and disable keep-alive
if a Connection: closed header is sent. Fixes the keep-alive issues
I have seen.
OK sthen@

3 years agoIn a tbl(7) having the "nospaces" option, skip space characters
schwarze [Fri, 10 Sep 2021 12:06:29 +0000 (12:06 +0000)]
In a tbl(7) having the "nospaces" option, skip space characters
not only at the end of data cells, but also after "T}",
aligning the behaviour of the parser with GNU tbl(1).

Issue reported by <Oliver dot Corff at email dot de>.

3 years agoDocument that non-interactive commands are run via the user's shell
dtucker [Fri, 10 Sep 2021 11:38:38 +0000 (11:38 +0000)]
Document that non-interactive commands are run via the user's shell
using the -c flag.  ok jmc@

3 years agoDocument behaviour of arguments following non-interactive commands.
dtucker [Fri, 10 Sep 2021 10:26:02 +0000 (10:26 +0000)]
Document behaviour of arguments following non-interactive commands.
Prompted by github PR#139 from EvanTheB, feedback & ok djm@ jmc@

3 years agoDo not ignore SSL_TLSEXT_ERR_FATAL from the ALPN callback
tb [Fri, 10 Sep 2021 09:25:29 +0000 (09:25 +0000)]
Do not ignore SSL_TLSEXT_ERR_FATAL from the ALPN callback

As reported by Jeremy Harris, we inherited a strange behavior from
OpenSSL, in that we ignore the SSL_TLSEXT_ERR_FATAL return from the
ALPN callback. RFC 7301, 3.2 states: 'In the event that the server
supports no protocols that the client advertises, then the server
SHALL respond with a fatal "no_application_protocol" alert.'

Honor this requirement and succeed only on SSL_TLSEXT_ERR_{OK,NOACK}
which is the current behavior of OpenSSL. The documentation change
is taken from OpenSSL 1.1.1 as well.

As pointed out by jsing, there is more to be fixed here:
- ensure that the same protocol is selected on session resumption
- should the callback be called even if no ALPN extension was sent?
- ensure for TLSv1.2 and earlier that the SNI has already been processed

ok beck jsing

3 years agoPrepare to provide BN_RAND_* flags for BN_rand_range()
tb [Fri, 10 Sep 2021 09:08:03 +0000 (09:08 +0000)]
Prepare to provide BN_RAND_* flags for BN_rand_range()

ok beck jsing

3 years agoPrepare to provide SSL_CTX_get0_privatekey()
tb [Fri, 10 Sep 2021 08:59:56 +0000 (08:59 +0000)]
Prepare to provide SSL_CTX_get0_privatekey()

ok beck

3 years agoDisable aliases inside aliases for the moment.
nicm [Fri, 10 Sep 2021 08:52:46 +0000 (08:52 +0000)]
Disable aliases inside aliases for the moment.

3 years agoClarify which file's attributes -p preserves, and that it's specifically
dtucker [Fri, 10 Sep 2021 07:11:11 +0000 (07:11 +0000)]
Clarify which file's attributes -p preserves, and that it's specifically
the file mode bits. bz#3340 from calestyo at scientia.net, ok djm@ jmc@

3 years agoMinor KNF nit, align struct field.
anton [Fri, 10 Sep 2021 05:48:43 +0000 (05:48 +0000)]
Minor KNF nit, align struct field.

3 years agoInstead of letting uhidev drivers get the report sizes, do it once in
anton [Fri, 10 Sep 2021 05:47:38 +0000 (05:47 +0000)]
Instead of letting uhidev drivers get the report sizes, do it once in
uhidev and pass the same sizes as part of the attach arguments. Makes
the uhidev drivers a bit less repetitive.

It might look tempting to let uhidev assign the sizes after a driver has
attached, removing the need to repeat this logic in each driver. This
does however not work since the input size must be known while calling
uhidev_open() in order to open the interrupt pipe; and uhidev_open() is
called from several attach routines.

Note that this change only works and applies to when attaching to a
single report ID.

ok jcs@

3 years agoopenssh-7.4 was incorrectly listed twice; spotted by Dmitry
djm [Fri, 10 Sep 2021 05:46:09 +0000 (05:46 +0000)]
openssh-7.4 was incorrectly listed twice; spotted by Dmitry
Belyavskiy, ok dtucker@

3 years agoRemove unused repsizes array.
anton [Fri, 10 Sep 2021 05:46:01 +0000 (05:46 +0000)]
Remove unused repsizes array.

ok jcs@ as part of a larger diff

3 years agoannotate what symbols are used from sys/param.h lines, or delete them
deraadt [Fri, 10 Sep 2021 00:02:43 +0000 (00:02 +0000)]
annotate what symbols are used from sys/param.h lines, or delete them
if not required.  when deleting, add sys/signal.h or other lines which
were not being pulled in

3 years agonothing from sys/param.h is used
deraadt [Fri, 10 Sep 2021 00:01:13 +0000 (00:01 +0000)]
nothing from sys/param.h is used

3 years agothe SunOS lseek 4G wraparound workaround is not needed, consequently
deraadt [Fri, 10 Sep 2021 00:00:55 +0000 (00:00 +0000)]
the SunOS lseek 4G wraparound workaround is not needed, consequently
pulling BSD from sys/param.h is not needed either

3 years agoAdjust for DT binding changes. Add some temporary backwards compatibility
kettenis [Thu, 9 Sep 2021 22:46:03 +0000 (22:46 +0000)]
Adjust for DT binding changes.  Add some temporary backwards compatibility
code to help making the transition.  This will be removed in a few weeks.

3 years agoKeep -? as usage.
nicm [Thu, 9 Sep 2021 21:55:03 +0000 (21:55 +0000)]
Keep -? as usage.

3 years agoadd test for printing empty arguments
jasper [Thu, 9 Sep 2021 20:08:15 +0000 (20:08 +0000)]
add test for printing empty arguments

ok mpi@

3 years agofix crash when passing empty cli arguments as B_AT_NIL wasn't handled as a valid...
jasper [Thu, 9 Sep 2021 20:07:49 +0000 (20:07 +0000)]
fix crash when passing empty cli arguments as B_AT_NIL wasn't handled as a valid argument type

found with afl++
ok mpi@

3 years agoTurn on both button and all mouse modes for menus since some terminals
nicm [Thu, 9 Sep 2021 19:37:17 +0000 (19:37 +0000)]
Turn on both button and all mouse modes for menus since some terminals
only support the former.

3 years agoadd hist() tests similar to mapempty.bt
jasper [Thu, 9 Sep 2021 19:02:50 +0000 (19:02 +0000)]
add hist() tests similar to mapempty.bt

ok mpi@

3 years agoAdd THREAD_PID_OFFSET to tracepoint arguments that pass a TID to userland.
mpi [Thu, 9 Sep 2021 18:41:39 +0000 (18:41 +0000)]
Add THREAD_PID_OFFSET to tracepoint arguments that pass a TID to userland.

Bring these values in sync with the `tid' builtin which already include
the offset.  This is necessary to build script comparing them, like:

tracepoint:sched:enqueue
{
@ts[arg0] = nsecs;
}

tracepoint:sched:on__cpu
/@ts[tid]/
{
latency = nsecs - @ts[tid];
}

Discussed with and ok bluhm@

3 years agoMove a check to avoid panicing on contended rwlock(9) outside of DIAGNOSTIC.
mpi [Thu, 9 Sep 2021 18:23:31 +0000 (18:23 +0000)]
Move a check to avoid panicing on contended rwlock(9) outside of DIAGNOSTIC.

ok kettenis@