jmc [Thu, 25 Apr 2024 05:26:41 +0000 (05:26 +0000)]
add percentage to ruler after recent changes;
miod [Thu, 25 Apr 2024 05:23:45 +0000 (05:23 +0000)]
Use -mno-fpu when compiling with clang now that the in-tree clang supports
this option; from Brad.
op [Wed, 24 Apr 2024 21:31:31 +0000 (21:31 +0000)]
fix error return in fork_proc_backend(); ok gilles@
claudio [Wed, 24 Apr 2024 19:10:11 +0000 (19:10 +0000)]
Regen
claudio [Wed, 24 Apr 2024 19:09:14 +0000 (19:09 +0000)]
Revert rev 1.261 and require sigsuspend and __thrsigdivert to take
KERNEL_LOCK. There is at least a race in sigsuspend which can be
triggered by dump(8). Should be enough to allow me to look for the
real cause.
job [Wed, 24 Apr 2024 15:15:40 +0000 (15:15 +0000)]
In ruler show the current line number as a percentage of the total lines
OK claudio@
claudio [Wed, 24 Apr 2024 10:42:09 +0000 (10:42 +0000)]
announce_capa is no more.
OK tb@
claudio [Wed, 24 Apr 2024 10:41:34 +0000 (10:41 +0000)]
Remove 'announce capabilities' as neighbor config stanza.
There is no need to have an easy knob to get outdated or crappy
implementations to limp along. Instead the various default on
capabilities just need to be disabled (e.g. announce as-4byte no).
OK tb@
claudio [Wed, 24 Apr 2024 09:30:30 +0000 (09:30 +0000)]
Use static inline for cd1400_write_ccr() because clang 16 has issues with it.
Also remove some unused prototypes.
From Koakuma, OK kn@
florian [Tue, 23 Apr 2024 22:17:49 +0000 (22:17 +0000)]
Use "indicate" to match reset of the document.
Pointed out by kn, missed in previous.
florian [Tue, 23 Apr 2024 22:11:59 +0000 (22:11 +0000)]
Implement RFC 4191 default router preference.
OK phessler, kn
(Committing from a ferry somewhere on the English channel. Sadly the
free WiFi does not provide IPv6.)
jsg [Tue, 23 Apr 2024 13:34:50 +0000 (13:34 +0000)]
correct indentation; no functional change
ok tb@
jsg [Tue, 23 Apr 2024 13:09:21 +0000 (13:09 +0000)]
use 1U << 31 to avoid undefined behaviour
ok miod@
tb [Tue, 23 Apr 2024 10:52:08 +0000 (10:52 +0000)]
One empty line is enough
tb [Tue, 23 Apr 2024 10:27:46 +0000 (10:27 +0000)]
Add missing comma
spotted by jsg
fcambus [Tue, 23 Apr 2024 10:17:20 +0000 (10:17 +0000)]
Sync the supported hardware list with arm64.html.
tb [Tue, 23 Apr 2024 09:09:29 +0000 (09:09 +0000)]
sync with ftp/fetch.c r1.218: send host header for proxies
ok claudio
sthen [Tue, 23 Apr 2024 08:50:38 +0000 (08:50 +0000)]
ftp: send Host: headers with CONNECT requests when tunneling TLS over an
HTTP proxy (i.e. for fetching resources over https). This is required by
some proxy servers.
Ftom KUWAZAWA Takuya, ok tb@
jsg [Tue, 23 Apr 2024 04:12:53 +0000 (04:12 +0000)]
simplify bit shift; avoids shifting into int sign bit
ok kettenis@ miod@
millert [Mon, 22 Apr 2024 14:20:35 +0000 (14:20 +0000)]
newsyslog: allow the F flag to be used on its own.
Fixes a conditional that lacked a check for 'F' or 'f'.
From Alvar Penning.
jsg [Mon, 22 Apr 2024 14:19:48 +0000 (14:19 +0000)]
fix indentation and remove uneeded braces
feedback and ok tb@
jmc [Mon, 22 Apr 2024 14:16:14 +0000 (14:16 +0000)]
mark the "signal" field as optional; from alvar penning
ok millert
ratchov [Mon, 22 Apr 2024 14:11:35 +0000 (14:11 +0000)]
sndiod: Use the channel mapping code of aucat
For now sndiod uses only a subset of the available channel mappings.
It gives the same result as the previous one, but having the same
in both programs makes code review and testing easier.
bluhm [Mon, 22 Apr 2024 13:30:22 +0000 (13:30 +0000)]
Show pf fragment reassembly counters.
Framgent count and statistics are stored in struct pf_status. From
there pfctl(8) and systat(1) collect and show them. Note that pfctl
-s info needs the -v switch to show fragments. As fragment reassembly
has its own mutex, also grab this in pf ipctl(2) and sysctl(2) code.
input claudio@; OK henning@
ratchov [Mon, 22 Apr 2024 12:32:51 +0000 (12:32 +0000)]
aucat: Use a 24-bit table for index to volume conversion
ratchov [Mon, 22 Apr 2024 12:21:49 +0000 (12:21 +0000)]
aucat: Fix comments, from similar comments fixes in sndiod
ratchov [Mon, 22 Apr 2024 11:07:42 +0000 (11:07 +0000)]
sndiod: Use a 24-bit table for index to volume conversion.
ratchov [Mon, 22 Apr 2024 11:01:02 +0000 (11:01 +0000)]
sndiod: Use resampling algorithm from aucat
sndiod doesn't use partial blocks as aucat, but having the same
algorithm makes code review and testing easier.
ratchov [Mon, 22 Apr 2024 10:57:36 +0000 (10:57 +0000)]
sndiod: Drop duplicate prototype of dev_new()
ratchov [Mon, 22 Apr 2024 10:49:01 +0000 (10:49 +0000)]
sndioctl: Remove assert about duplicate controls
On the sndiod(8) side device controls are not ordered. While switching
from one device to another, a new control (of the new device) may
appear before an old control with the same name is removed. As
discussed in sioctl_open(3), once the full description increment is
fetched (i.e. the call-back is invoked with NULL sioctl_desc
structure) the representation of the control set is consistent.
ratchov [Mon, 22 Apr 2024 10:43:55 +0000 (10:43 +0000)]
sndiod: Hide forgotten debug printfs
ratchov [Mon, 22 Apr 2024 10:43:16 +0000 (10:43 +0000)]
sndiod: Call ctlslot->ops->sync() after every control update
This ensures that the final NULL sioctl_ondesc() call-back
call is not lost.
ratchov [Mon, 22 Apr 2024 10:42:04 +0000 (10:42 +0000)]
sndiod: Make opt_setdev() return 1 if the device was accepted
ratchov [Mon, 22 Apr 2024 10:39:51 +0000 (10:39 +0000)]
sndiod: Return the number of controls ctl_del() has deleted.
claudio [Mon, 22 Apr 2024 09:43:11 +0000 (09:43 +0000)]
In state IDLE handle EVNT_STOP and stop the IdleHold timer. This way
a down of an idle connection will properly stop the session.
OK tb@ (as part of larger diff)
claudio [Mon, 22 Apr 2024 09:36:04 +0000 (09:36 +0000)]
Move setting of the shutdown reason to session_stop()
Also make sure that something is logged when a session is stopped.
Part of a bigger diff which was OK tb@
claudio [Mon, 22 Apr 2024 08:53:59 +0000 (08:53 +0000)]
No longer fall back to no capabilities when there is an OPEN/optional
attribute error.
BGP more and more relies on capabilities, automatically clearing them
all no longer seems the right choice. Now operators need to adjust the
config explicitly to allow such connections.
From a larger diff which is OK tb@
anton [Mon, 22 Apr 2024 07:31:54 +0000 (07:31 +0000)]
Instead of unhooking libssl/client regress tests, flag them as expected
to fail.
ok tb@
claudio [Mon, 22 Apr 2024 05:54:01 +0000 (05:54 +0000)]
Sprinkle experimental into regress so they compile
Reported by anton@
jsg [Mon, 22 Apr 2024 02:30:23 +0000 (02:30 +0000)]
remove space at eol
claudio [Sun, 21 Apr 2024 19:27:44 +0000 (19:27 +0000)]
P-256 support is experimental so require -x to enable it.
Also clean up the externs a little bit by moving experimental and noop
to extern.h.
Reminded by and OK tb@
florian [Sun, 21 Apr 2024 17:33:05 +0000 (17:33 +0000)]
Pass advertising router to the kernel.
We are using the ifra_dstaddr for this because it will always be
unused with autoconf addresses since they can't be used on P2P links.
OK bluhm
florian [Sun, 21 Apr 2024 17:32:10 +0000 (17:32 +0000)]
Implement rule 5.5 of RFC 6724 (Default Address Selection for IPv6)
Rule 5.5: Prefer addresses in a prefix advertised by the next-hop.
For this we have to track the (link-local) address of the advertising
router per interface address and compare it with the selected route.
Rule 5.5 is useful in multi-homing setups where we have more than one
prefix and default router. We have to use the source address with the
correct default gateway otherwise traffic is likely going to be
dropped because of BCP 38.
While here refactor in6_update_ifa() a bit to make the code clearer
and consistently use (var & flag) instead of (var & flag) != 0.
Patiently reviewed by & OK bluhm.
tb [Sun, 21 Apr 2024 13:41:14 +0000 (13:41 +0000)]
unwrap line
tb [Sun, 21 Apr 2024 10:13:37 +0000 (10:13 +0000)]
Remove file without the now mandatory signing-time attribute
job [Sun, 21 Apr 2024 09:03:22 +0000 (09:03 +0000)]
Mandate presence of CMS signing-time and disallow binary-signing-time
RFC-to-be draft-ietf-sidrops-cms-signing-time updates RFC 6488 by
mandating the presence of the CMS signing-time attribute and disallowing
the use of the CMS binary-signing-time attribute in RPKI Signed Objects.
The ecosystem has behaved this way for a number of years now.
Flip from warning to erroring for non-compliant objects.
OK tb@
job [Sat, 20 Apr 2024 15:45:41 +0000 (15:45 +0000)]
Display distinct errors for various problematic CRL/MFT situationships
RFC 6487 section 8 specifies only a single CRL is issued at a time, so
error when multiple .crl files are listed in a Manifest's FileList.
The CRLDP extension identifies the location of the CRL, so the CRL's
filename must match the CA's CRLDP's 'rsync://' entry, error if that
isn't the case. (RFC 6486 section 4.8.6)
with & OK tb@
tb [Sat, 20 Apr 2024 10:11:55 +0000 (10:11 +0000)]
Remove more unnecessary GOST code
ok jsing
jsg [Sat, 20 Apr 2024 08:54:29 +0000 (08:54 +0000)]
regen
jsg [Sat, 20 Apr 2024 08:54:01 +0000 (08:54 +0000)]
add Ryzen 8040 "Hawk Point" ids
found in AMD Software: Adrenalin Edition 24.3.1
functionally the same as Ryzen 7040 "Phoenix"
bluhm [Fri, 19 Apr 2024 22:20:36 +0000 (22:20 +0000)]
Make regress mpath more reliable.
Create 100 IP addresses and 100 multipath routes. Then the test
can expect a better distribution of routes that are actually used.
OK anton@
mglocker [Fri, 19 Apr 2024 20:43:33 +0000 (20:43 +0000)]
As of the documentation, the UTP Command Descriptor Base Address (UCDBA)
needs to be aligned on a 128-byte address.
This fixes an issue seen on the PCI controller, where a DMA transfer
scheduled on a odd slot will fail.
jmc [Fri, 19 Apr 2024 19:16:26 +0000 (19:16 +0000)]
replace a (technically incorrect) instance of "IP" with "address";
issue reported by tech3599 at posteo net via henning;
discussed with/ok henning
jca [Fri, 19 Apr 2024 14:39:34 +0000 (14:39 +0000)]
Fix typo in comment
mpi [Fri, 19 Apr 2024 10:22:50 +0000 (10:22 +0000)]
Revert per-CPU caches a double-free has been found by naddy@.
bluhm [Fri, 19 Apr 2024 10:13:58 +0000 (10:13 +0000)]
Merge IPv4 and IPv6 options in inpcb.
A internet PCB has either inp_options or inp_outputopts6. Put them
into a common anonymous union.
OK mvs@ kn@
tb [Fri, 19 Apr 2024 09:54:36 +0000 (09:54 +0000)]
bss_conn: zap trailing whitespace
ratchov [Fri, 19 Apr 2024 06:50:37 +0000 (06:50 +0000)]
nfs: Permit null requests (aka server pings) from non-reserved ports
Unfortunately, this is recommended by rfc 2623 and used by Linux
nfs-utils to mount NFS exports. So until nfs-utils switches into
using reserved ports, this is needed to mount OpenBSD file-systems
on most (all?) Linux distros.
Bits from claudio, ok millert
tb [Thu, 18 Apr 2024 16:50:22 +0000 (16:50 +0000)]
Remove a couple of lies about GOST in CMS
tb [Thu, 18 Apr 2024 16:33:33 +0000 (16:33 +0000)]
More GOST removal adjustments
tb [Thu, 18 Apr 2024 16:32:22 +0000 (16:32 +0000)]
EVP_PKEY_set1_RSA.3 some adjustments after GOST removal
tb [Thu, 18 Apr 2024 11:56:53 +0000 (11:56 +0000)]
Add some more comments explaining shortcomings of the API
The case in point is the incompatibility of the very ergonomic X509_ALGOR
API with the RC2-derived API massacre that is EVP_CIPHER_asn1_to_param()
and its "inverse".
ok jsing
tb [Thu, 18 Apr 2024 11:53:40 +0000 (11:53 +0000)]
Use X509_ALGOR_get0() in ecdh_cms_set_shared_info()
This makes things slightly less gross since it involves less reaching
into nested ASN.1 structures. But don't get the idea that this means
the code is now clean.
ok jsing
tb [Thu, 18 Apr 2024 11:51:53 +0000 (11:51 +0000)]
Test and assign in ecdh_cms_set_shared_info()
ok jsing
tb [Thu, 18 Apr 2024 11:51:01 +0000 (11:51 +0000)]
Turn ecdh_cms_set_shared_info() into single exit
ok jsing
claudio [Thu, 18 Apr 2024 10:29:39 +0000 (10:29 +0000)]
proc_trampoline_mp() was replaced by proc_trampoline_mi() adjust prototype.
OK mpi@
claudio [Thu, 18 Apr 2024 09:06:42 +0000 (09:06 +0000)]
If a proc has P_WEXIT set do not stop it, let it exit since it is already
mostly dead.
This is more like belts and suspenders since a proc in exit1() will not
receive signals anymore and so proc_stop() should not be reachable. This
is even the case when sigexit() is called and a coredump() is happening.
OK mpi@
claudio [Thu, 18 Apr 2024 08:59:38 +0000 (08:59 +0000)]
Clear PCATCH for procs that have P_WEXIT set.
Exiting procs will not return to userland and can not deliver signals so
it is better to not even try.
OK mpi@
jsg [Thu, 18 Apr 2024 01:15:33 +0000 (01:15 +0000)]
drm/amd/display: fix disable otg wa logic in DCN316
From Fudongwang
50971570ba79e421e0df8785dd58f4b696c8c1b7 in linux-6.6.y/6.6.28
cf79814cb0bf5749b9f0db53ca231aa540c02768 in mainline linux
jsg [Thu, 18 Apr 2024 01:13:07 +0000 (01:13 +0000)]
drm/amd/display: Set VSC SDP Colorimetry same way for MST and SST
From Harry Wentland
5ca6cbd8adbedd4aa2ef7e77aa31354f6dfee573 in linux-6.6.y/6.6.28
c3e2a5f2da904a18661335e8be2b961738574998 in mainline linux
jsg [Thu, 18 Apr 2024 01:10:52 +0000 (01:10 +0000)]
drm/amd/display: Program VSC SDP colorimetry for all DP sinks >= 1.4
From Harry Wentland
b12c3cfd8265f69d238b4a3200d8755f609e9e58 in linux-6.6.y/6.6.28
9e61ef8d219877202d4ee51d0d2ad9072c99a262 in mainline linux
jsg [Thu, 18 Apr 2024 01:08:20 +0000 (01:08 +0000)]
drm/amdgpu: fix incorrect number of active RBs for gfx11
From Tim Huang
bd3105a71d1c125deedf35be11b4d79e8b84e6f2 in linux-6.6.y/6.6.28
bbca7f414ae9a12ea231cdbafd79c607e3337ea8 in mainline linux
jsg [Thu, 18 Apr 2024 01:06:33 +0000 (01:06 +0000)]
drm/amdgpu: always force full reset for SOC21
From Alex Deucher
fa2df4aa3e3aeae02adc9b4b4f43b7b69b63e5cf in linux-6.6.y/6.6.28
65ff8092e4802f96d87d3d7cde146961f5228265 in mainline linux
jsg [Thu, 18 Apr 2024 01:04:41 +0000 (01:04 +0000)]
drm/amdgpu: Reset dGPU if suspend got aborted
From Lijo Lazar
1520bf605d2ff0d733648713b5485865dde0dea9 in linux-6.6.y/6.6.28
8b2be55f4d6c1099d7f629b0ed7535a5be788c83 in mainline linux
jsg [Thu, 18 Apr 2024 01:02:15 +0000 (01:02 +0000)]
drm/i915: Disable port sync when bigjoiner is used
From Ville Syrjala
2708354ffb70c0a6ec8dd6944077ca7e50a2688b in linux-6.6.y/6.6.28
0653d501409eeb9f1deb7e4c12e4d0d2c9f1cba1 in mainline linux
jsg [Thu, 18 Apr 2024 01:00:30 +0000 (01:00 +0000)]
drm/i915/cdclk: Fix CDCLK programming order when pipes are active
From Ville Syrjala
d1742f77bdf28ffd37a9bd94934a2d261e85de33 in linux-6.6.y/6.6.28
7b1f6b5aaec0f849e19c3e99d4eea75876853cdd in mainline linux
jsg [Thu, 18 Apr 2024 00:58:03 +0000 (00:58 +0000)]
drm/client: Fully protect modes[] with dev->mode_config.mutex
From Ville Syrjala
04e018bd913d3d3336ab7d21c2ad31a9175fe984 in linux-6.6.y/6.6.28
3eadd887dbac1df8f25f701e5d404d1b90fd0fea in mainline linux
jsg [Thu, 18 Apr 2024 00:56:11 +0000 (00:56 +0000)]
drm/amdkfd: Reset GPU on queue preemption failure
From Harish Kasiviswanathan
4d87f08eb75513334a85458306373d7560af1017 in linux-6.6.y/6.6.28
8bdfb4ea95ca738d33ef71376c21eba20130f2eb in mainline linux
jsg [Thu, 18 Apr 2024 00:54:36 +0000 (00:54 +0000)]
drm/i915/vrr: Disable VRR when using bigjoiner
From Ville Syrjala
f9b31dfdc0b5a04fb78cde6d2c64e54607dd316d in linux-6.6.y/6.6.28
dcd8992e47f13afb5c11a61e8d9c141c35e23751 in mainline linux
jsg [Thu, 18 Apr 2024 00:52:17 +0000 (00:52 +0000)]
drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11
From Tim Huang
1e3b8874d55c0c28378beb9007494a7a9269a5f5 in linux-6.6.y/6.6.28
31729e8c21ecfd671458e02b6511eb68c2225113 in mainline linux
tb [Wed, 17 Apr 2024 23:24:18 +0000 (23:24 +0000)]
Remove comments from captain obvious and drop useless prototypes
tb [Wed, 17 Apr 2024 22:48:17 +0000 (22:48 +0000)]
SSL_version_str is no more
tb [Wed, 17 Apr 2024 22:43:42 +0000 (22:43 +0000)]
tidy includes
tb [Wed, 17 Apr 2024 21:55:43 +0000 (21:55 +0000)]
bn_convert: zap extra blank line
bluhm [Wed, 17 Apr 2024 20:48:51 +0000 (20:48 +0000)]
Use struct ipsec_level within inpcb.
Instead of passing around u_char[4], introduce struct ipsec_level
that contains 4 ipsec levels. This provides better type safety.
The embedding struct inpcb is globally visible for netstat(1), so
put struct ipsec_level outside of #ifdef _KERNEL.
OK deraadt@ mvs@
tb [Wed, 17 Apr 2024 20:47:36 +0000 (20:47 +0000)]
sync
jca [Wed, 17 Apr 2024 18:12:12 +0000 (18:12 +0000)]
Provide a pax format specific option handler
The existing tar_opt() implements support for -o write_opt=nodir for the
old tar and ustar formats. We don't really want to support it for the
pax format, and we want to be able to implement pax format specific
options (even if there are none right now). ok millert@
jca [Wed, 17 Apr 2024 15:48:44 +0000 (15:48 +0000)]
Fold long line
tb [Wed, 17 Apr 2024 15:03:22 +0000 (15:03 +0000)]
Simplify super ugly exit path
ok job
job [Wed, 17 Apr 2024 15:00:50 +0000 (15:00 +0000)]
Remove outdated (now inaccurate) warning message
OK tb@
jsing [Wed, 17 Apr 2024 14:47:17 +0000 (14:47 +0000)]
Rewrite BN_mpi2bn() using CBS and bn_bin2bn_cbs().
ok tb@
jsing [Wed, 17 Apr 2024 14:45:46 +0000 (14:45 +0000)]
Rewrite BN_lebin2bn() using CBS.
We get an implementation of this for free by having bn_bin2bn_cbs() use
CBS_get_u8() instead of CBS_get_last_u8().
ok tb@
jsing [Wed, 17 Apr 2024 14:43:37 +0000 (14:43 +0000)]
Provide constant time operations for uint8_t.
These will be used in upcoming changes.
ok tb@
job [Wed, 17 Apr 2024 14:31:59 +0000 (14:31 +0000)]
Sync RPKI Trust Anchor constraints to nro-delegated-stats
Turns out that registry at https://www.iana.org/assignments/as-numbers/as-numbers.xml
is an incomplete one, where only 'new' assignments are listed. In the
past this registry used to list all ASNs, but the RIRs asked IANA to
revert to not being very detailed...
There is another source of truth, the 'nro-delegated-stats' file at
https://ftp.ripe.net/pub/stats/ripencc/nro-stats/latest/nro-delegated-stats
this is updated daily and composed of information from each RIR.
Summary of changes:
* LACNIC manages a more ASNs than previously known:
- allow those ASNs for LACNIC
- deny those for RIPE, APNIC, ARIN
* AFRINIC's allow list was good (compared to nro-delegated-stats), but the
full set of AfriNIC ASNs wasn't denylisted for RIPE, ARIN, APNIC.
OK tb@
tb [Wed, 17 Apr 2024 14:01:33 +0000 (14:01 +0000)]
Shuffle EVP_PKEY_CTX setting together
Another stroke of the already very dirty brush eliminates more traces
of ADHD and/or crack.
ok jsing
claudio [Wed, 17 Apr 2024 14:01:17 +0000 (14:01 +0000)]
Set Accept: */* HTTP header like it was done in ftp(1).
OK tb@ job@
tb [Wed, 17 Apr 2024 14:00:17 +0000 (14:00 +0000)]
ecdh_cms_encrypt(): tweak wrap_algor construction
This manually constructs an X509_ALGOR because the (now internal) legacy
interface EVP_CIPHER_param_to_asn1() (which is an unwelcome complication
thanks to RC2) is entirely incompatible with X509_ALGOR_set0() since
the ASN1_TYPE can't be pulled apart nicely (because the ASN1_TYPE API
is incomplete as well).
Once we got this far, we get to DER-encode the inner AlgorithmIdentifier
and set that blob as the parameters of another one. The same variables
are reused of course and needless to say an unchecked X509_ALGOR_set0()
would leak this blob on failure. So fix this by switching to the usual
error checked X509_ALGOR_set0_by_nid().
ok jsing
tb [Wed, 17 Apr 2024 13:58:55 +0000 (13:58 +0000)]
ecdh_cms_encrypt: tweak handling of ecdh_nid
ok jsing
tb [Wed, 17 Apr 2024 13:57:58 +0000 (13:57 +0000)]
ecdh_cms_encrypt: handle kdf_md in one go
Again the getting and the setting were interrupted by ten lines of
completely unrelated code.
ok jsing
tb [Wed, 17 Apr 2024 13:56:36 +0000 (13:56 +0000)]
ecdh_cms_encrypt: simplify setting the KDF type
It is much simpler to avoid the key_type variable altogether and inline
its use. Also it makes no sense to have 15 unrelated lines between the
getting of the kdf type, checking its content, and then actually setting
it to EVP_PKEY_ECDH_KDF_X9_63.
ok jsing