openbsd
14 months agoFix timing issue in which one thread could be left hanging in
anton [Tue, 10 Oct 2023 18:18:05 +0000 (18:18 +0000)]
Fix timing issue in which one thread could be left hanging in
pipe_read().

14 months agoMake it possible to run fileops tests in parallel by making use of a
anton [Tue, 10 Oct 2023 18:17:25 +0000 (18:17 +0000)]
Make it possible to run fileops tests in parallel by making use of a
unique mount point and vnd device.

14 months agopf(4) must not pass packet if state cannot be created.
bluhm [Tue, 10 Oct 2023 16:26:06 +0000 (16:26 +0000)]
pf(4) must not pass packet if state cannot be created.

The behavior of the PFRULE_SRCTRACK and max_states check was
unintentionally changed by commit revision 1.964.  If the state was
not created due to some limit had been reached, pf still passed the
packet.  Restore the old logic by setting action to pass later,
after the checks.  In pf_test_rule() action is initialized to drop.

OK sashan@

14 months agoPrint at most pkgsize - hdrsize bytes for pfkey tag and identity to
tobhe [Tue, 10 Oct 2023 16:16:16 +0000 (16:16 +0000)]
Print at most pkgsize - hdrsize bytes for pfkey tag and identity to
prevent out-of-bounds read in strlen().

ok tb@

14 months agoDo not copy stack garbage, that's not going to be used.
florian [Tue, 10 Oct 2023 16:09:53 +0000 (16:09 +0000)]
Do not copy stack garbage, that's not going to be used.

Pointed out by gcc via tb.

rdns_count is validated by all callers of propose_rdns(), so we can
trust it here to be sensible.

While here fix a pasto in an error message.

OK tb

14 months agoWhen rewriting community_writebuf() the handling of non-transitive
claudio [Tue, 10 Oct 2023 14:36:28 +0000 (14:36 +0000)]
When rewriting community_writebuf() the handling of non-transitive
ext-communities was put into the wrong place in the loop finding
start, end and number of communities to dump. As a result the end
pointer for regular communities can point at an ext-community and
with that the COMMUNITY attribute written includes unexpected extra
bytes. This in turn causes the peer to send a NOTIFICATION error
and to terminate the session.

Fix for -portable issue #64 reported by Pier Carlo Chiodi (pierky)
OK tb@

14 months agoImprove X509_ALGOR_new(3) documentation
tb [Tue, 10 Oct 2023 13:59:47 +0000 (13:59 +0000)]
Improve X509_ALGOR_new(3) documentation

The previous wording was misleading since the result of X509_ALGOR_new()
is not actually an empty X509_ALGOR object. Rather, it contains the
undefined ASN1_OBJECT returned by OBJ_nid2obj(NID_undef). Therefore using
X509_ALGOR_get0(3) for error checking X509_ALGOR_set_md() is not trivial.

So: change the initial paragraph into a general intro referring to the
OpenSSL API needed to interface with X509_ALGOR and write a new paragraph
documenting X509_ALGOR_new(3) and drop the incorrect suggestion of an error
check. Notably there's now a reference to the OBJ_nid2obj() family without
which one cannot really use X509_ALGOR_* for anything at all.

With and ok schwarze

14 months agoRemove dead code in pf_pull_hdr().
bluhm [Tue, 10 Oct 2023 11:25:31 +0000 (11:25 +0000)]
Remove dead code in pf_pull_hdr().

pf_pull_hdr() allows to pass an action pointer parameter as output
value.  This is never used, all callers pass a NULL argument.  Remove
ACTION_SET() entirely.

The logic (fragoff >= len) in pf_pull_hdr() does not work since
revision 1.4.  Before it was used to drop short TCP or UDP fragments
that contained only part of the header.  Current code in pf_pull_hdr()
drops the packets anyway, so always set reason PFRES_FRAG.

OK kn@ sashan@

14 months agoFix format string warning in robots/score.c
tb [Tue, 10 Oct 2023 09:48:06 +0000 (09:48 +0000)]
Fix format string warning in robots/score.c

14 months agoPrint a long with %ld instead of %d
tb [Tue, 10 Oct 2023 09:43:52 +0000 (09:43 +0000)]
Print a long with %ld instead of %d

14 months agoUse vw_printw() and fix a format print warning.
tb [Tue, 10 Oct 2023 09:42:56 +0000 (09:42 +0000)]
Use vw_printw() and fix a format print warning.

14 months agoDrop GCC_PRINTFLIKE() at function definition
tb [Tue, 10 Oct 2023 09:30:06 +0000 (09:30 +0000)]
Drop GCC_PRINTFLIKE() at function definition

This makes gcc throw a fit and having the attributes for the prototypes in
engine.h is enough.

ok claudio sthen

14 months agoFix a format warning about a non-literal string
tb [Tue, 10 Oct 2023 09:27:03 +0000 (09:27 +0000)]
Fix a format warning about a non-literal string

ok claudio sthen

14 months agoPrint non-literal string with "%s"
tb [Tue, 10 Oct 2023 08:22:19 +0000 (08:22 +0000)]
Print non-literal string with "%s"

Caught by printf format attribute for printw(3) in newer curses.

14 months agoFiv the value written to dwqe(4) MAC_1US_TIC_CTR register.
stsp [Tue, 10 Oct 2023 07:11:50 +0000 (07:11 +0000)]
Fiv the value written to dwqe(4) MAC_1US_TIC_CTR register.

The calculation of this value is supposed to involve a clock frequency
but we were using a clock ID in the range 0-7 instead.

ok kettenis, patrick

14 months agoGarbage collect cipher_get_keyiv_len()
tb [Tue, 10 Oct 2023 06:49:54 +0000 (06:49 +0000)]
Garbage collect cipher_get_keyiv_len()

This is a compat20 leftover, unused since 2017.

ok djm

14 months agoReserve a range of "local extension" message numbers that OpenSSH promises
djm [Tue, 10 Oct 2023 03:57:45 +0000 (03:57 +0000)]
Reserve a range of "local extension" message numbers that OpenSSH promises
not to use (comment change only)

14 months agoRecognize GICv4 in the MADT and configure it as arm,gic-v3.
patrick [Mon, 9 Oct 2023 22:05:27 +0000 (22:05 +0000)]
Recognize GICv4 in the MADT and configure it as arm,gic-v3.

ok kettenis@

14 months agoHandle an arbitrary number of D11 cores and only disable them instead of
kettenis [Mon, 9 Oct 2023 21:49:34 +0000 (21:49 +0000)]
Handle an arbitrary number of D11 cores and only disable them instead of
doing a full reset.  Based on a diff from Hector Martin for Asahi Linux.

ok patrick@, tobhe@

14 months agoAdd Message-Id as needed for messages received on the submission port.
millert [Mon, 9 Oct 2023 20:55:32 +0000 (20:55 +0000)]
Add Message-Id as needed for messages received on the submission port.

Since listener->port is in network byte order we need to compare
against htons(587).  The fix for this got dropped in the rewrite
in revision 1.335.

14 months agoMention that the strings are OS-specific.
schwarze [Mon, 9 Oct 2023 19:32:51 +0000 (19:32 +0000)]
Mention that the strings are OS-specific.
In part based on input from deraadt@, OK millert@.

14 months agoDocument the OpenBSD-specific output format.
schwarze [Mon, 9 Oct 2023 19:28:42 +0000 (19:28 +0000)]
Document the OpenBSD-specific output format.
Feedback and OK millert, "more reasonable" deraadt@.

14 months agoUse the usual text for X509_ALGOR_free()
tb [Mon, 9 Oct 2023 16:59:55 +0000 (16:59 +0000)]
Use the usual text for X509_ALGOR_free()

14 months agoClarify that 'undefined type' means V_ASN1_UNDEF
tb [Mon, 9 Oct 2023 16:06:01 +0000 (16:06 +0000)]
Clarify that 'undefined type' means V_ASN1_UNDEF

14 months agoClarify documentation of X509_ALGOR_{set0,set_md}()
tb [Mon, 9 Oct 2023 16:03:57 +0000 (16:03 +0000)]
Clarify documentation of X509_ALGOR_{set0,set_md}()

The X509_ALGOR_set0() and X509_ALGOR_set_md() documentation comes from
upstream, which means it is as sloppy as the code and as vague as your
average upstream manpage. Be precise on what X509_ALGOR_set0() does on
different inputs and document return values and failure modes.

X509_ALGOR_set_md() is a void function that calls X509_ALGOR_set0() in a
way that can fail, leaving alg in a corrupted state. Document when that
can occur and how to avoid or detect that, but do not go too far, because
EVP_MD_meth_new(), one potential source of failures, is a whole another
can of worms.

joint work with schwarze

14 months agoAdd pledge("stdio") before parsing pfkey messages. This applies to
tobhe [Mon, 9 Oct 2023 15:32:14 +0000 (15:32 +0000)]
Add pledge("stdio") before parsing pfkey messages. This applies to
ipsecctl -m and ipsecctl -s. Refactor ipsecctl_show_*() to setup all
sysctls first before dropping privileges and finally parsing and
printing IPsec SAs and flows.

feedback and ok mbuhl@
ok deraadt@

14 months agoallow dwqe.c to build on architectures that do not have machine/fdt.h
stsp [Mon, 9 Oct 2023 14:25:00 +0000 (14:25 +0000)]
allow dwqe.c to build on architectures that do not have machine/fdt.h

Move struct if_device to a new fdt-specific softc struct, along with
the gmac_id field which is only used by if_dwqe_fdt.c at present.
This avoids the need to include any fdt header files in dwqe.c.

ok kettenis@

14 months agoplaceholder for later feature
espie [Mon, 9 Oct 2023 07:12:22 +0000 (07:12 +0000)]
placeholder for later feature

14 months agoFix return value confusion of sa_cmp() by renaming the function sa_equal().
claudio [Mon, 9 Oct 2023 07:11:20 +0000 (07:11 +0000)]
Fix return value confusion of sa_cmp() by renaming the function sa_equal().

The code in get_alternate_addr() checked for sa_cmp() == 0 but actually
sa_cmp() returned 1 for equal addrs. So rename the function to sa_equal()
to make it clear that a true return value means equality.

Found by Asa Yeamans (enigma2e at rivin net)
OK tb@

14 months agosimplify: all 3 mock-ups are strings that get eval'd, so do this properly.
espie [Mon, 9 Oct 2023 07:03:49 +0000 (07:03 +0000)]
simplify: all 3 mock-ups are strings that get eval'd, so do this properly.

14 months agodrm/amdkfd: Use gpu_offset for user queue's wptr
jsg [Mon, 9 Oct 2023 02:37:14 +0000 (02:37 +0000)]
drm/amdkfd: Use gpu_offset for user queue's wptr

From YuBiao Wang
b60028c81e463b0930191a4fa2ba770ff6d40e3a in linux-6.1.y/6.1.56
cc39f9ccb82426e576734b493e1777ea01b144a8 in mainline linux

14 months agodrm/i915/gt: Fix reservation address in ggtt_reserve_guc_top
jsg [Mon, 9 Oct 2023 02:35:47 +0000 (02:35 +0000)]
drm/i915/gt: Fix reservation address in ggtt_reserve_guc_top

From Javier Pello
69dd84470b4deed45658f2717aef533ec4ceb43d in linux-6.1.y/6.1.56
b7599d241778d0b10cdf7a5c755aa7db9b83250c in mainline linux

14 months agodrm/amdgpu: Handle null atom context in VBIOS info ioctl
jsg [Mon, 9 Oct 2023 02:33:44 +0000 (02:33 +0000)]
drm/amdgpu: Handle null atom context in VBIOS info ioctl

From David Francis
91b6845ef387ab9ae2c6f3f8d43655be955e444b in linux-6.1.y/6.1.56
5e7e82254270c8cf8b107451c5de01cee2f135ae in mainline linux

14 months agodrm/amdgpu/nbio4.3: set proper rmmio_remap.reg_offset for SR-IOV
jsg [Mon, 9 Oct 2023 02:32:10 +0000 (02:32 +0000)]
drm/amdgpu/nbio4.3: set proper rmmio_remap.reg_offset for SR-IOV

From Alex Deucher
ad3c37f90bae3675bc686562f7e63511d1033cc0 in linux-6.1.y/6.1.56
ab43213e7afd08ac68d4282060bacf309e70fd14 in mainline linux

14 months agodrm/amdgpu/soc21: don't remap HDP registers for SR-IOV
jsg [Mon, 9 Oct 2023 02:30:32 +0000 (02:30 +0000)]
drm/amdgpu/soc21: don't remap HDP registers for SR-IOV

From Alex Deucher
cca15a82790772c0303ae295f7153c4af0536ad1 in linux-6.1.y/6.1.56
1832403cd41ca6b19b24e9d64f79cb08d920ca44 in mainline linux

14 months agodrm/amd/display: Don't check registers, if using AUX BL control
jsg [Mon, 9 Oct 2023 02:29:10 +0000 (02:29 +0000)]
drm/amd/display: Don't check registers, if using AUX BL control

From Swapnil Patel
b9971393d4c9be5eec3c6b30d9e312ba88c865ac in linux-6.1.y/6.1.56
f5b2c10b57615828b531bb0ae56bd6325a41167e in mainline linux

14 months agodrm/amdkfd: Insert missing TLB flush on GFX10 and later
jsg [Mon, 9 Oct 2023 02:27:27 +0000 (02:27 +0000)]
drm/amdkfd: Insert missing TLB flush on GFX10 and later

From Harish Kasiviswanathan
cdfcaa4e80430003dbba1bdb86f9fde5480ddbe5 in linux-6.1.y/6.1.56
edcfe22985d09ee8e2346c9217f5a52ab150099f in mainline linux

14 months agodrm/amdkfd: Flush TLB after unmapping for GFX v9.4.3
jsg [Mon, 9 Oct 2023 02:25:37 +0000 (02:25 +0000)]
drm/amdkfd: Flush TLB after unmapping for GFX v9.4.3

From Philip Yang
9becfff9f91e350fd4d6f16e9f117f9227258fb0 in linux-6.1.y/6.1.56
75dda67c7213c3e0d17244a8c42547c27ee746f8 in mainline linux

14 months agoi915/pmu: Move execlist stats initialization to execlist specific setup
jsg [Mon, 9 Oct 2023 02:23:51 +0000 (02:23 +0000)]
i915/pmu: Move execlist stats initialization to execlist specific setup

From Umesh Nerlige Ramappa
987a7f5311ba1fd4ccf3637c09e6424741aacd01 in linux-6.1.y/6.1.56
c524cd40e8a2a1a36f4898eaf2024beefeb815f3 in mainline linux

14 months agoadd SZ_4G for 6.1.56 drm
jsg [Mon, 9 Oct 2023 02:19:26 +0000 (02:19 +0000)]
add SZ_4G for 6.1.56 drm

14 months agouse shifts for size defines
jsg [Mon, 9 Oct 2023 02:15:40 +0000 (02:15 +0000)]
use shifts for size defines

14 months agoclockintr: move intrclock wrappers from sys/clockintr.h to kern_clockintr.c
cheloha [Sun, 8 Oct 2023 21:08:00 +0000 (21:08 +0000)]
clockintr: move intrclock wrappers from sys/clockintr.h to kern_clockintr.c

intrclock_rearm() and intrclock_trigger() are not part of the public
API, so there's no reason to implement them in sys/clockintr.h.  Move
them to kern_clockintr.c.

14 months agomove release a earlier. when we wait for security fixes from one piece
deraadt [Sun, 8 Oct 2023 14:05:10 +0000 (14:05 +0000)]
move release a earlier.  when we wait for security fixes from one piece
of software, another one will announce that we should wait for a security
fix.   the only winning move is not to play.

14 months agosubclass system libraries so we can give better diagnostic eventually
espie [Sun, 8 Oct 2023 12:45:31 +0000 (12:45 +0000)]
subclass system libraries so we can give better diagnostic eventually

14 months agooops, those eval need to be STRINGS, otherwise the whole definition stuff
espie [Sun, 8 Oct 2023 12:44:58 +0000 (12:44 +0000)]
oops, those eval need to be STRINGS, otherwise the whole definition stuff
happens regardless.

Add a third one to only disregard base libraries

14 months agoAdd inclusion of "dev/hid/files.hid" and "dev/usb/files.usb".
aoyama [Sun, 8 Oct 2023 10:40:23 +0000 (10:40 +0000)]
Add inclusion of "dev/hid/files.hid" and "dev/usb/files.usb".

Actually these devices are not supported on luna88k, but we need them
in order to create attribute header files (e.g. "ucom.h") required in
MI part recently.

Suggested by miod@, tested by me.

14 months agoadd another two regression testing parts. Use a simple framework that
espie [Sun, 8 Oct 2023 09:17:27 +0000 (09:17 +0000)]
add another two regression testing parts. Use a simple framework that
allows me to redefine methods to not do a thing
(maybe this will migrate to its own file if it grows enough)

14 months agowrong prototype, it's called as an OO method
espie [Sun, 8 Oct 2023 09:16:39 +0000 (09:16 +0000)]
wrong prototype, it's called as an OO method

14 months agoRevert commitid: KtmyJEoS0WWxmlZ5
claudio [Sun, 8 Oct 2023 07:44:52 +0000 (07:44 +0000)]
Revert commitid: KtmyJEoS0WWxmlZ5
---
Protect interface queues with read once and mutex.

Reading atomic values need at least read once and writing values
should have a mutex.  This is what mbuf queues already do.  Add
READ_ONCE() to ifq and ifiq macros for len and empty.  Convert
ifq_set_maxlen() to a function that grabs ifq_mtx.

OK mvs@
---

ifq_set_maxlen() is called before the ifq_mtx is initalized and this at
least crashes WITNESS kernels on boot.

Reported-by: syzbot+7b218ef53432b5d56d7d@syzkaller.appspotmail.com
14 months agoplain forgot to save the values for regression testing
espie [Sun, 8 Oct 2023 06:55:02 +0000 (06:55 +0000)]
plain forgot to save the values for regression testing

14 months agoInclude .EX/.EE in the MACRO OVERVIEW and improve its description.
schwarze [Sat, 7 Oct 2023 21:26:29 +0000 (21:26 +0000)]
Include .EX/.EE in the MACRO OVERVIEW and improve its description.

It is supported by all major man(7) implementations that G. Branden
Robinson and myself are aware of, so calling it "non-portable" can
no longer be justified.  Using it becomes increasingly more common,
so calling it "non-standard" is now misleading.  It is certainly
useful and not deprecated.

While here, also remove the word "non-standard" from the descriptions
of several other macros because it is slightly confusing.  A formal
standard for the man(7) language does not exist.  Arguably, Version 7
AT&T UNIX used to be a de-facto standard, but its influence has been
waning for 40 years, and various features that Version 7 did not
support are now widely used.

14 months agoSimplify the display() function by getting rid of a useless buffer
schwarze [Sat, 7 Oct 2023 13:29:08 +0000 (13:29 +0000)]
Simplify the display() function by getting rid of a useless buffer
on the stack.  No functional change, +8 -15 LOC.

Suggested by and OK millert@.

14 months agoRetry on empty passphrase
kn [Sat, 7 Oct 2023 12:20:10 +0000 (12:20 +0000)]
Retry on empty passphrase

They must not be empty, or else creation/unlock fails (and boot loaders
would not be able to abort and drop back to the boot> prompt).

[-p passfile] handles this with "invalid passphrase length", so align
the interactive prompt and retry there.

-s remains a one-shot whilst getting a better error message.

This is user friendlier and fixes the last installer "bug" on my list
wrt. disk encryption where hitting Enter twice at the passphrase prompt
would abort bioctl(8) and thus the installation.

OK deraadt

14 months agoImprove horizontal alignment in long format when printing minor
schwarze [Sat, 7 Oct 2023 11:51:08 +0000 (11:51 +0000)]
Improve horizontal alignment in long format when printing minor
device numbers greater than 999 by measuring the two widths needed
for device numbers just like it is already done for other numbers.
In the output, this only changes whitespace, but not the text.

Ugly formatting reported by
Crystal Kolipe <kolipe dot c at exoticsilicon dot com>.

OK millert.  Also tested by Crystal Kolipe.

14 months agowith firmware known, recognize that we couldn't find any update at all
espie [Sat, 7 Oct 2023 09:11:26 +0000 (09:11 +0000)]
with firmware known, recognize that we couldn't find any update at all
and just say that instead of a dauntingly long list of packages

14 months agotrack firmware separately, since those will appear as uptodate for us
espie [Sat, 7 Oct 2023 09:10:03 +0000 (09:10 +0000)]
track firmware separately, since those will appear as uptodate for us

14 months agouse more specific regression testing knob
espie [Sat, 7 Oct 2023 09:09:07 +0000 (09:09 +0000)]
use more specific regression testing knob

14 months agoCorrectly reset the goto table for a state.
millert [Fri, 6 Oct 2023 22:31:21 +0000 (22:31 +0000)]
Correctly reset the goto table for a state.

We cannot use set_gototab() to reset all the entries for a state,
it will leave existing entries as-is.  Add a new reset_gototab()
function that zeroes the table entries for the specified state.
There is no need to reset the goto table immediately after
resize_state(), it is already initialized via calloc().
Fixes https://github.com/onetrueawk/awk/issues/199

14 months agoUpdate awk to Sep 24, 2023 version.
millert [Fri, 6 Oct 2023 22:29:24 +0000 (22:29 +0000)]
Update awk to Sep 24, 2023 version.

fnematch and getrune have been overhauled to solve issues around
unicode FS and RS. also fixed gsub null match issue with unicode.
big thanks to Arnold Robbins.

14 months ago__swsetup: set error flag and errno on error.
millert [Fri, 6 Oct 2023 16:41:02 +0000 (16:41 +0000)]
__swsetup: set error flag and errno on error.

Previously, we set errno to EBADF if the cantwrite() macro (which calls
__swsetup()) returns true for POSIX compliance.  However, we neglected
to also set the error flag, __SERR.  Rather than set the error flag in
all callers of cantwrite(), set both errno and the error flag in
__swsetup().  This matches what FreeBSD does and makes it possible
to choose a proper errno value for the second error condition in
__swsetup().  OK deraadt@

14 months agoRename 'ifaceidx' variables and parameters to 'ifaceno'. More
krw [Fri, 6 Oct 2023 16:06:11 +0000 (16:06 +0000)]
Rename 'ifaceidx' variables and parameters to 'ifaceno'. More
consistent with existing code and thus less cnance for confusion.

requested by kettenis@

14 months agoIgnore thermal dual-chain requests from iwx(4) firmware.
stsp [Fri, 6 Oct 2023 15:15:41 +0000 (15:15 +0000)]
Ignore thermal dual-chain requests from iwx(4) firmware.

Linux only acts on these requests in 11ax mode on 160MHz channels so
we can simply ignore this request for now. Prevents a warning from
being printed when we receive such a request:
  iwx0: unhandled firmware response 0x5f6/0x20000008 rx ring 64[3]

Observed on AX210 hardware by bluhm@

14 months agoIgnore thermal dual-chain requests from iwx(4) firmware.
stsp [Fri, 6 Oct 2023 15:15:29 +0000 (15:15 +0000)]
Ignore thermal dual-chain requests from iwx(4) firmware.

Linux only acts on these requests in 11ax mode on 160MHz channels so
we can simply ignore this request for now. Prevents a warning from
being printed when we receive such a request:
  iwx0: unhandled firmware response 0x5f6/0x20000008 rx ring 64[3]

Observed on AX210 hardware by bluhm@

14 months agobe more explicit about the usage pattern of register-plist and the variables
espie [Fri, 6 Oct 2023 12:45:45 +0000 (12:45 +0000)]
be more explicit about the usage pattern of register-plist and the variables
in bsd.port.mk that govern its behavior.

14 months agorename pass{word -> file} variable
kn [Fri, 6 Oct 2023 09:55:02 +0000 (09:55 +0000)]
rename pass{word -> file} variable

It contains the path to the file containing a passphrase;
password reads misleading and was also the only usage of "word" in contrast
to consistent "phrase" usage.

14 months agoclean up old 6.7 softraid migration code
kn [Fri, 6 Oct 2023 09:34:19 +0000 (09:34 +0000)]
clean up old 6.7 softraid migration code

ofwboot still passes an old/small .openbsd.bootdata size from before 6.7
when boothowto was added.

Report the exact size from now on such that a future diff can rectify
the corresponding check in autoconf.c:bootstrap().

All this was done to keep old/new bootloaders working with new/old kernels,
but 6.7 is long gone and we should all be running current code.

OK stsp

14 months agoIn sys___thrsigdivert() switch tsleep_nsec() to use the nowake ident
claudio [Fri, 6 Oct 2023 08:58:13 +0000 (08:58 +0000)]
In sys___thrsigdivert() switch tsleep_nsec() to use the nowake ident
channel instead of inventing an own one.
OK kettenis@ mvs@

14 months agoprepare for adding a value for REGRESSION_TESTING, so that I can test
espie [Fri, 6 Oct 2023 06:00:18 +0000 (06:00 +0000)]
prepare for adding a value for REGRESSION_TESTING, so that I can test
more funky situations eventually

14 months agoadd -v to usage();
jmc [Fri, 6 Oct 2023 05:31:54 +0000 (05:31 +0000)]
add -v to usage();

14 months agotypo in error message
djm [Fri, 6 Oct 2023 03:32:15 +0000 (03:32 +0000)]
typo in error message

14 months agoPerform the softhsm2 setup as discrete steps rather than as a long
djm [Fri, 6 Oct 2023 03:25:14 +0000 (03:25 +0000)]
Perform the softhsm2 setup as discrete steps rather than as a long
shell pipeline. Makes it easier to figure out what has happened when
it breaks.

14 months agoDo log output to stderr while running dhcpd(8) in foreground to make
mvs [Thu, 5 Oct 2023 18:46:14 +0000 (18:46 +0000)]
Do log output to stderr while running dhcpd(8) in foreground to make
behaviour in accordance with man page. Introduce '-v' option to make
output more verbose.

Do a little refactoring to make code more consistent with other daemons
like ospfd(8), httpd(8), relayd(8), etc.

Feedback from bluhm benno

ok bluhm

14 months agoMention the option to encrypt the root disk on supported architectures
kn [Thu, 5 Oct 2023 11:58:34 +0000 (11:58 +0000)]
Mention the option to encrypt the root disk on supported architectures

with miod

14 months agoProtect interface queues with read once and mutex.
bluhm [Thu, 5 Oct 2023 11:08:56 +0000 (11:08 +0000)]
Protect interface queues with read once and mutex.

Reading atomic values need at least read once and writing values
should have a mutex.  This is what mbuf queues already do.  Add
READ_ONCE() to ifq and ifiq macros for len and empty.  Convert
ifq_set_maxlen() to a function that grabs ifq_mtx.

OK mvs@

14 months agoAdd regress coverage for ASN1_UTCTIME_cmp_time_t()
tb [Thu, 5 Oct 2023 07:59:41 +0000 (07:59 +0000)]
Add regress coverage for ASN1_UTCTIME_cmp_time_t()

14 months agore-enable POOL_DEBUG
bluhm [Wed, 4 Oct 2023 18:07:13 +0000 (18:07 +0000)]
re-enable POOL_DEBUG
OK deraadt@

14 months agobase is unlocked, move to 7.4-current
bluhm [Wed, 4 Oct 2023 15:40:13 +0000 (15:40 +0000)]
base is unlocked, move to 7.4-current
OK deraadt@

14 months agospelling fix;
jmc [Wed, 4 Oct 2023 05:42:10 +0000 (05:42 +0000)]
spelling fix;

14 months agoopenssh-9.5
djm [Wed, 4 Oct 2023 04:04:09 +0000 (04:04 +0000)]
openssh-9.5

14 months agoadd some cautionary text about % token expansion and shell metacharacters;
djm [Wed, 4 Oct 2023 04:03:50 +0000 (04:03 +0000)]
add some cautionary text about % token expansion and shell metacharacters;
based on report from vinci AT protonmail.ch

14 months agofix link to agent draft; spotted by Jann Horn
djm [Tue, 3 Oct 2023 23:56:10 +0000 (23:56 +0000)]
fix link to agent draft; spotted by Jann Horn

14 months agoReinstate setting rtableid based on rdomain for pfsync,
sthen [Tue, 3 Oct 2023 10:22:10 +0000 (10:22 +0000)]
Reinstate setting rtableid based on rdomain for pfsync,
lost during the rewrite, reported by Mark Patruck.

ok phessler claudio sashan deraadt

14 months agoFix a typo and move a word
tb [Tue, 3 Oct 2023 09:58:06 +0000 (09:58 +0000)]
Fix a typo and move a word

14 months agoremove unused Pp macro;
jmc [Tue, 3 Oct 2023 05:20:38 +0000 (05:20 +0000)]
remove unused Pp macro;

14 months agoAdd 'host root port' information to hw.ucomnames.
krw [Mon, 2 Oct 2023 23:38:11 +0000 (23:38 +0000)]
Add 'host root port' information to hw.ucomnames.

usbN.X.Y becomes usbN.Z.X.Y

Display the usb<blah> string in ucom attach messages so grepping
dmesg can be used to find the path to a ucom.

More USB cluebats from kettenis@. Deep hub depths testing from
drahn@.

ok deraadt@ drahn@ kettenis@

14 months agoNow nearbyint_test-1 is passing on macppc, powerpc64, sparc64. Some
bluhm [Mon, 2 Oct 2023 16:11:09 +0000 (16:11 +0000)]
Now nearbyint_test-1 is passing on macppc, powerpc64, sparc64.  Some
recent fixes seem to help also there, not only on amd64.
OK deraadt@

14 months agoEnable cu(1) -l to accept the usb paths shown in hw.ucomnames.
krw [Mon, 2 Oct 2023 14:48:10 +0000 (14:48 +0000)]
Enable cu(1) -l to accept the usb paths shown in hw.ucomnames.

Usual man page tweaks from jmc@ and schwarze@.

Testing various iterations by deraadt@, nicm@, kettenis@, drahn@.

ok deraadt@

14 months agobump version
claudio [Mon, 2 Oct 2023 13:31:32 +0000 (13:31 +0000)]
bump version

14 months agomaybe a bit earlier
deraadt [Mon, 2 Oct 2023 13:26:04 +0000 (13:26 +0000)]
maybe a bit earlier

14 months agoAdd some coverage for ASN1_TIME_cmp_time_t() as well
tb [Mon, 2 Oct 2023 11:14:15 +0000 (11:14 +0000)]
Add some coverage for ASN1_TIME_cmp_time_t() as well

ASN1_UTCTIME_cmp_tim_t() could be done similarly, but then I have to mess
with LIBRESSL_INTERNAL. Let's do this after unlock.

14 months agoAdd regress coverage for ASN1_TIME_compare()
tb [Mon, 2 Oct 2023 10:40:43 +0000 (10:40 +0000)]
Add regress coverage for ASN1_TIME_compare()

14 months agoMinor asn1time tweaks
tb [Mon, 2 Oct 2023 09:42:58 +0000 (09:42 +0000)]
Minor asn1time tweaks

Sprinkle some (static) const and garbage collect an unused struct.

14 months agoDV -> Dv;
jmc [Mon, 2 Oct 2023 05:29:59 +0000 (05:29 +0000)]
DV -> Dv;

14 months agoExample code tweak: do not hardcode the size of array
tb [Sun, 1 Oct 2023 22:46:21 +0000 (22:46 +0000)]
Example code tweak: do not hardcode the size of array

14 months agoFix a copy-paste bug in ASN1_TIME_compare()
tb [Sun, 1 Oct 2023 22:14:36 +0000 (22:14 +0000)]
Fix a copy-paste bug in ASN1_TIME_compare()

ASN1_TIME_compare() compares two times t1 and t2. Due to a copy-paste
error, we would do ASN1_time_parse(t1->data, t2->length, &tm2, t2->type)

Now if t1 is a UTCTime (length 13) and t2 is a GeneralizedTime (length 15),
the worst that could happen is a 2-byte out-of-bounds read. Fortunately, t1
will already have parsed as a UTCTime, so it will have a Z where there
should be the first digit of the seconds for a GeneralizedTime and we will
error out.

Now if both t1 and t2 have the same type, we will parse t1's data twice
and we will return an incorrect comparison. This could have some security
impact if anything relied on this function for security purposes. It is
unused in our tree and unused in our ports tree ports and the only consumer
I could find was some MongoDB things doing OCSP, so this won't be too bad.

Then of course there's also the language bindings.

Issue reported by Duncan Thomson at esri dot com via libressl-security

ok beck deraadt

14 months agoshow fingerprint of freshly generated ssh host key on first boot
naddy [Sun, 1 Oct 2023 20:15:23 +0000 (20:15 +0000)]
show fingerprint of freshly generated ssh host key on first boot

Print to the console the fingerprint of a newly generated ssh host
key of the preferred type (currently ED25519), typically when booting
for the first time.  This simplifies a secure first ssh connection to
a freshly installed machine.

ok deraadt@ kn@, and various for earlier iterations

14 months agoDocument EVP_CIPHER_CTX_iv_length() return values
tb [Sun, 1 Oct 2023 18:23:50 +0000 (18:23 +0000)]
Document EVP_CIPHER_CTX_iv_length() return values

We aligned with upstream behavior. Let's document it properly.

Surprisingly, OpenSSL 1.1 half-assed the docs: two parts of the manual
contradict each other. The part getting EVP_CIPHER_CTX_iv_length() right,
incorrectly documents possible -1 return value to EVP_CIPHER_iv_length().

OpenSSL 3 documentation improvement efforts seem to have tried to address
this issue with the result that the manual is now entirely wrong when it
comes to the EVP_CIPHER_CTX_iv_length() replacement. Par for the course.

14 months agoAdd sysctl hw.ucomnames to list 'fixed' paths to USB serial
krw [Sun, 1 Oct 2023 15:58:11 +0000 (15:58 +0000)]
Add sysctl hw.ucomnames to list 'fixed' paths to USB serial
ports.

Suggested by deraadt@, USB route idea from kettenis@. Feedback
from anton@, man page improvements from deraadt@, jmc@,
schwarze@.

ok deraadt@ kettenis@

14 months agoThe colons separate the octets, not the digits; add missing link to
tb [Sun, 1 Oct 2023 10:51:19 +0000 (10:51 +0000)]
The colons separate the octets, not the digits; add missing link to
crypto(3)

14 months agoAtlantic 2 hardware has a different layout for the TPS_DATA_TCT registers
kettenis [Sun, 1 Oct 2023 09:03:14 +0000 (09:03 +0000)]
Atlantic 2 hardware has a different layout for the TPS_DATA_TCT registers
and uses different buffer sizes.  Fixes an issue where the card would
stop transmitting packets under load on the M2 Pro Mac mini.

ok jmatthew@