aisha [Sat, 21 Sep 2024 05:37:26 +0000 (05:37 +0000)]
add route-to example
ok benno@
mlarkin [Sat, 21 Sep 2024 04:36:28 +0000 (04:36 +0000)]
vmm(4): remove EPT mprotect ioctl
This old ioctl isn't used by vmd(8) and is getting in the way of some
improvements we want to do. It was used by solo5 but the person who was
helping maintain this is no longer involved with that project.
ok dv
mlarkin [Sat, 21 Sep 2024 04:12:18 +0000 (04:12 +0000)]
vmm.h is a needed include now
kettenis [Fri, 20 Sep 2024 19:12:50 +0000 (19:12 +0000)]
Add device tree mapping for Lenovo ThinkPad T14s.
ok tobhe@, mlarkin@
tb [Fri, 20 Sep 2024 12:52:37 +0000 (12:52 +0000)]
Avoid use after free when retrying the -o file
This is horrible code and at least file leaks in various paths, but that's
for someone else to fix.
found by & ok jsg
tb [Fri, 20 Sep 2024 11:41:15 +0000 (11:41 +0000)]
gdb: fix path to ex
from Nir Lichtman
ok pascal sthen
(they okayed the ports version which I take to be an agreement with this).
jsg [Fri, 20 Sep 2024 02:20:44 +0000 (02:20 +0000)]
correct format string in debug printf
jsg [Fri, 20 Sep 2024 02:15:53 +0000 (02:15 +0000)]
remove unneeded semicolon
jsg [Fri, 20 Sep 2024 02:00:46 +0000 (02:00 +0000)]
remove unneeded semicolons; checked by millert@
dlg [Fri, 20 Sep 2024 01:15:53 +0000 (01:15 +0000)]
fix up the ip address config in the example config.
you're supposed to configure the IP addresses inside the tunnel,
sec doesn't support configuration of the tunnel endpoint addresses
because that's handled by SAs via ike config.
hit by Luca Di Gregorio on misc@
djm [Thu, 19 Sep 2024 22:17:44 +0000 (22:17 +0000)]
openssh-9.9
tb [Thu, 19 Sep 2024 20:48:36 +0000 (20:48 +0000)]
Shift 1U rather than 1 to avoid -Wsign-compare whining
claudio agress
job [Thu, 19 Sep 2024 13:45:07 +0000 (13:45 +0000)]
Move rpki-client to 9.3
requested by tb@
jsg [Thu, 19 Sep 2024 09:44:36 +0000 (09:44 +0000)]
fixup! drm/apple: Add support for the macOS 13.2 DCP firmware
From Janne Grunau in asahi bits/200-dcp
puts logging of power state changes under DRMDEBUG
ok kettenis@
claudio [Thu, 19 Sep 2024 08:55:22 +0000 (08:55 +0000)]
Remove spaces before EOL.
sf [Thu, 19 Sep 2024 06:23:38 +0000 (06:23 +0000)]
vio: allow longer tx chains
When TCP segmentation offload is supported, we may get larger packets
with more dma segments. Allocate more segments in the busdma_map in this
case, so that we need to defragment less often.
ok jan@
sf [Thu, 19 Sep 2024 06:19:05 +0000 (06:19 +0000)]
virtio_pci: Fix off-by-one in interrupt setup
This was introduced by "virtio: Move interrupt setup into separate
function".
ok jan@
denis [Thu, 19 Sep 2024 06:12:46 +0000 (06:12 +0000)]
document how to add a restricted socket
OK claudio@
jsg [Thu, 19 Sep 2024 05:08:10 +0000 (05:08 +0000)]
don't warn when returning early in hdcp functions
jsg [Thu, 19 Sep 2024 04:26:25 +0000 (04:26 +0000)]
drm/i915/guc: prevent a possible int overflow in wq offsets
From Nikita Zhandarovich
86238603c8f4df09b2a926617511310fd550737c in linux-6.6.y/6.6.52
d3d37f74683e2f16f2635ee265884f7ca69350ae in mainline linux
jsg [Thu, 19 Sep 2024 04:24:20 +0000 (04:24 +0000)]
drm/amd/amdgpu: apply command submission parser for JPEG v1
From David (Ming Qiang) Wu
ff65ae25d3cbcd8737e5971230031f0826a33250 in linux-6.6.y/6.6.52
8409fb50ce48d66cf9dc5391f03f05c56c430605 in mainline linux
jsg [Thu, 19 Sep 2024 04:21:53 +0000 (04:21 +0000)]
drm/amdgpu/atomfirmware: Silence UBSAN warning
From Alex Deucher
54268468399e5d1b23e76e43d06ff49ccad5fd4d in linux-6.6.y/6.6.52
17ea4383649fdeaff3181ddcf1ff03350d42e591 in mainline linux
jsg [Thu, 19 Sep 2024 04:19:44 +0000 (04:19 +0000)]
drm/syncobj: Fix syncobj leak in drm_syncobj_eventfd_ioctl
From T.J. Mercier
8e1ffb257982974352e9153eddcbaf01f949f700 in linux-6.6.y/6.6.52
8c7c44be57672e1474bf15a451011c291e85fda4 in mainline linux
jsg [Thu, 19 Sep 2024 04:17:11 +0000 (04:17 +0000)]
drm/amd/display: Fix FEC_READY write on DP LT
From Ilya Bakoulin
7853c146f8b45107bea25dcc1870c4dc3a042540 in linux-6.6.y/6.6.52
a8baec4623aedf36d50767627f6eae5ebf07c6fb in mainline linux
jsg [Thu, 19 Sep 2024 04:15:37 +0000 (04:15 +0000)]
drm/amd/display: Disable error correction if it's not supported
From Cruise
27bbf0b1cac9866666878421d57c15a78867f7cd in linux-6.6.y/6.6.52
a8ac994cf0693a1ce59410995594e56124a1c79f in mainline linux
jsg [Thu, 19 Sep 2024 04:13:21 +0000 (04:13 +0000)]
drm: panel-orientation-quirks: Add quirk for Ayn Loki Max
From Bouke Sybren Haarsma
31b9fc3d0c1078a7ca5982de45a3f29ac2e7d711 in linux-6.6.y/6.6.52
2c71c8459c8ca66bd8f597effaac892ee8448a9f in mainline linux
jsg [Thu, 19 Sep 2024 04:11:20 +0000 (04:11 +0000)]
drm: panel-orientation-quirks: Add quirk for Ayn Loki Zero
From Bouke Sybren Haarsma
7d42d19973cbe1fa30b6f2aad7d06189ec0ef2e8 in linux-6.6.y/6.6.52
b86aa4140f6a8f01f35bfb05af60e01a55b48803 in mainline linux
jsg [Thu, 19 Sep 2024 01:05:48 +0000 (01:05 +0000)]
correct indentation
tb [Wed, 18 Sep 2024 19:12:37 +0000 (19:12 +0000)]
Enable large number of extension tests and stop skippking QUIC transport
parameter extension which we now know about
millert [Wed, 18 Sep 2024 17:05:50 +0000 (17:05 +0000)]
zic: cherrypick support for %z in time zone formats
This extends the zic input format to add support for %z, which
expands to a UTC offset in as-short-as-possible ISO 8601 format.
It's intended to better support zones that do not have an established
abbreviation already. tzdata2024b and higher require a version of
zic that supports the %z format. From upstream tzcode. OK beck@
jsg [Wed, 18 Sep 2024 14:29:10 +0000 (14:29 +0000)]
move common lines to mi
deraadt [Wed, 18 Sep 2024 11:29:55 +0000 (11:29 +0000)]
back to previous plan
job [Wed, 18 Sep 2024 10:22:36 +0000 (10:22 +0000)]
Fix a memory leak
Found by Martin Cracauer
"look right" tb@
jsg [Wed, 18 Sep 2024 05:21:19 +0000 (05:21 +0000)]
remove unneeded semicolons after switch statements
deraadt [Wed, 18 Sep 2024 02:43:54 +0000 (02:43 +0000)]
adjust date
jmatthew [Wed, 18 Sep 2024 00:03:19 +0000 (00:03 +0000)]
Remove the MSI blacklist. Now that we use MSI-X interrupts for nvme(4),
the one device we ever found that needed this treatment, the obsolete Intel
Optane Memory series, doesn't need it any more.
ok kettenis@ dlg@
jsg [Tue, 17 Sep 2024 13:45:49 +0000 (13:45 +0000)]
disable POOL_DEBUG for release
ok deraadt@
deraadt [Tue, 17 Sep 2024 13:39:17 +0000 (13:39 +0000)]
head into release
deraadt [Tue, 17 Sep 2024 12:53:15 +0000 (12:53 +0000)]
getdents(2) was pushed into rpath because it exposes pathname
information, similar to getcwd(2). Move it to the right place, and
also say why.
report from henryfordkjv@gmail.com
jsg [Tue, 17 Sep 2024 10:19:54 +0000 (10:19 +0000)]
update install.md path
jsg [Tue, 17 Sep 2024 10:13:50 +0000 (10:13 +0000)]
update list file paths
sf [Tue, 17 Sep 2024 09:00:14 +0000 (09:00 +0000)]
vio: Reduce code duplication in control queue handling
Pull the common parts of all the control queue operations into separate
functions.
While there, avoid setting sc_ctrl_inuse FREE if it was RESET, except in
vio_stop. Doing so could lead to more race conditions.
ok bluhm@
tb [Tue, 17 Sep 2024 08:47:37 +0000 (08:47 +0000)]
tlsfuzzer: add a start-server convenience target for interactive testing
tb [Tue, 17 Sep 2024 06:12:06 +0000 (06:12 +0000)]
Replace OpenSSL 3.1 (which no longer is in ports) with 3.3
jsg [Tue, 17 Sep 2024 04:12:57 +0000 (04:12 +0000)]
spelling
bluhm [Mon, 16 Sep 2024 22:30:01 +0000 (22:30 +0000)]
Mention psp(4) in vm.conf(5) man page.
from hshoexer@; OK mlarkin@
bluhm [Mon, 16 Sep 2024 22:15:43 +0000 (22:15 +0000)]
Document ioctl(2) interface provided by psp(4) device.
from hshoexer@; OK mlarkin@
nicm [Mon, 16 Sep 2024 20:46:58 +0000 (20:46 +0000)]
Add copy mode commands which were missed when descriptions were added,
from Julian Prein, GitHub issue 4121.
nicm [Mon, 16 Sep 2024 20:38:48 +0000 (20:38 +0000)]
Change the behaviour of extended-keys always slightly so that
applications can still enter mode 2 if they want, they just cannot turn
extended keys off entirely. From Stanislav Kljuhhin.
nicm [Mon, 16 Sep 2024 20:28:22 +0000 (20:28 +0000)]
Add a prefix timeout option, from Conor Taylor in GitHub issue 4108.
florian [Mon, 16 Sep 2024 07:34:49 +0000 (07:34 +0000)]
Close correct file descriptor.
Instead of closing the just received UDP socket we closed the imsg fd
thus cleanly shutting down dhcpleased(8).
Problem triggered by sf@ with something like
while :; do ifconfig vio0 -inet; done
while :; do ifconfig vio0 inet autoconf; done
The problem triggers when dhcpleased configured a lease and in just
the right moment the autoconf flag gets removed. The main process
opens a udp socket and sends it to the frontend. At the same time the
frontend learned (from the route socket), that the interface lost its
autoconf flag. When the frontend then receives the udp socket via fd
passing it tries to close it. Due to a typo it would instead close the
imsg file descriptor.
Found by me after lots of head scratching.
OK tb
djm [Mon, 16 Sep 2024 05:37:05 +0000 (05:37 +0000)]
use 64 bit math to avoid signed underflow. upstream code relies on
using -fwrapv to provide defined over/underflow behaviour, but we use
-ftrapv to catch integer errors and abort the program. ok dtucker@
deraadt [Sun, 15 Sep 2024 23:13:19 +0000 (23:13 +0000)]
Invalid pintables in ELF binaries can crash the kernel.
Fix from yufeng.gao@uq.edu.au
kn [Sun, 15 Sep 2024 19:39:26 +0000 (19:39 +0000)]
Document when vmd(8) VMs are stopped; OK mlarkin
Useful to know in setups where pkg daemons and VMs depend on each other.
yasuoka [Sun, 15 Sep 2024 11:08:50 +0000 (11:08 +0000)]
Add handling of "Class" attribute. diff from markus
ok markus
jmc [Sun, 15 Sep 2024 08:27:38 +0000 (08:27 +0000)]
minor grammar/sort fixes for refuseconnection; ok djm
jsg [Sun, 15 Sep 2024 07:14:58 +0000 (07:14 +0000)]
remove unused variables
jsg [Sun, 15 Sep 2024 05:49:05 +0000 (05:49 +0000)]
__STDC_VERSION__ not __STDC_VERSION; ok miod@
yasuoka [Sun, 15 Sep 2024 05:31:23 +0000 (05:31 +0000)]
Improve the log messages and white spaces.
yasuoka [Sun, 15 Sep 2024 05:29:11 +0000 (05:29 +0000)]
Keep the number of requests for a DAE server below 64 to avoid
congestion.
yasuoka [Sun, 15 Sep 2024 05:26:05 +0000 (05:26 +0000)]
Add "delete" command to "radiusctl ipcp". Also, send "stop" that was
missing when disconnecting all when acct-{on,off} received.
yasuoka [Sun, 15 Sep 2024 05:14:32 +0000 (05:14 +0000)]
Handle EAGAIN properly and fix the log when disconnected.
djm [Sun, 15 Sep 2024 03:09:44 +0000 (03:09 +0000)]
bad whitespace in config dump output
djm [Sun, 15 Sep 2024 02:20:51 +0000 (02:20 +0000)]
update the Streamlined NTRU Prime code from the "ref" implementation
in SUPERCOP
20201130 to the "compact" implementation in SUPERCOP
20240808. The new version is substantially faster.
Thanks to Daniel J Bernstein for pointing out the new implementation
(and of course for writing it).
tested in snaps/ok deraadt@
djm [Sun, 15 Sep 2024 01:19:56 +0000 (01:19 +0000)]
document Match invalid-user
djm [Sun, 15 Sep 2024 01:18:26 +0000 (01:18 +0000)]
add a "Match invalid-user" predicate to sshd_config Match options.
This allows writing Match conditions that trigger for invalid username.
E.g.
PerSourcePenalties refuseconnection:90s
Match invalid-user
RefuseConnection yes
Will effectively penalise bots try to guess passwords for bogus accounts,
at the cost of implicitly revealing which accounts are invalid.
feedback markus@
djm [Sun, 15 Sep 2024 01:11:26 +0000 (01:11 +0000)]
Add a "refuseconnection" penalty class to sshd_config
PerSourcePenalties
This allows penalising connection sources that have had connections
dropped by the RefuseConnection option. ok markus@
djm [Sun, 15 Sep 2024 01:09:40 +0000 (01:09 +0000)]
Add a sshd_config "RefuseConnection" option
If set, this will terminate the connection at the first authentication
request (this is the earliest we can evaluate sshd_config Match blocks)
ok markus@
djm [Sun, 15 Sep 2024 00:58:01 +0000 (00:58 +0000)]
switch sshd_config Match processing to the argv tokeniser too;
ok markus@
djm [Sun, 15 Sep 2024 00:57:36 +0000 (00:57 +0000)]
switch "Match" directive processing over to the argv string
tokeniser, making it possible to use shell-like quoting in Match
directives, particularly "Match exec". ok markus@
djm [Sun, 15 Sep 2024 00:47:01 +0000 (00:47 +0000)]
include pathname in some of the ssh-keygen passphrase prompts. Helps
the user know what's going on when ssh-keygen is invoked via other
tools. Requested in GHPR503
djm [Sun, 15 Sep 2024 00:41:18 +0000 (00:41 +0000)]
Do not apply authorized_keys options when signature verification
fails. Prevents restrictive key options being incorrectly applied
to subsequent keys in authorized_keys. bz3733, ok markus@
schwarze [Sat, 14 Sep 2024 20:15:24 +0000 (20:15 +0000)]
Drop the "Giant panda discovered" entry because it looks like
half-way between misleadingly eurocentric and urban legend.
It was so obviously suspect that it had already been marked "(?!)"
since at least 4.3BSD-Tahoe (June 1988).
Brought up by <Rob dot Schmersel at bahnhof dot se>,
additional research by <me at FletcherPorter dot com>,
see https://marc.info/?l=openbsd-bugs&m=
172634202204747 for details.
jsg [Sat, 14 Sep 2024 11:06:48 +0000 (11:06 +0000)]
vxlan.h not needed
jsg [Sat, 14 Sep 2024 09:21:13 +0000 (09:21 +0000)]
pvclock.h not needed
jsg [Sat, 14 Sep 2024 09:00:16 +0000 (09:00 +0000)]
ccp.h no longer required
tb [Sat, 14 Sep 2024 07:11:34 +0000 (07:11 +0000)]
tlsfuzzer: grammar fix missed in previous
kn [Fri, 13 Sep 2024 20:19:50 +0000 (20:19 +0000)]
rectify comment about syncing trace points letters, kdump usage has none
kdump.c r1.138 in 2019 dropped the letters list in favour of [-t trstr].
jmatthew [Fri, 13 Sep 2024 09:57:34 +0000 (09:57 +0000)]
Add sensors based on information in the SMART/health log page,
showing overall device health and temperature.
tested by many (a while ago)
tweaks from gkoehler@ kettenis@ dv@
ok kettenis@ jca@ (earlier version), dlg@
tb [Fri, 13 Sep 2024 05:58:17 +0000 (05:58 +0000)]
typo: troups -> groups
jsg [Thu, 12 Sep 2024 23:54:17 +0000 (23:54 +0000)]
drm/i915/fence: Mark debug_fence_free() with __maybe_unused
From Andy Shevchenko
60d54a45dbbbac8af9f3352042bd30b527995aef in linux-6.6.y/6.6.51
f99999536128b14b5d765a9982763b5134efdd79 in mainline linux
jsg [Thu, 12 Sep 2024 23:52:33 +0000 (23:52 +0000)]
drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused
From Andy Shevchenko
a65ebba8733727ffd9d0de78899ea6ef1791ebc7 in linux-6.6.y/6.6.51
fcd9e8afd546f6ced378d078345a89bf346d065e in mainline linux
jsg [Thu, 12 Sep 2024 23:50:02 +0000 (23:50 +0000)]
drm/amdgpu: handle gfx12 in amdgpu_display_verify_sizes
From Marek Olsak
302ba299c31e0de54cea431ac1d281dbab7fd0b5 in linux-6.6.y/6.6.51
8dd1426e2c80e32ac1995007330c8f95ffa28ebb in mainline linux
jsg [Thu, 12 Sep 2024 23:45:02 +0000 (23:45 +0000)]
drm/amd: Add gfx12 swizzle mode defs
From Aurabindo Pillai
5f2a2bf25395f50b1b2cb7c04ae2d5986520be5f in linux-6.6.y/6.6.51
7ceb94e87bffff7c12b61eb29749e1d8ac976896 in mainline linux
jsg [Thu, 12 Sep 2024 23:42:34 +0000 (23:42 +0000)]
drm/amdgpu: reject gang submit on reserved VMIDs
From Christian Koenig
6922ab2932622dbc638620aae0e2f6b8eb22940c in linux-6.6.y/6.6.51
320debca1ba3a81c87247eac84eff976ead09ee0 in mainline linux
jsg [Thu, 12 Sep 2024 23:39:51 +0000 (23:39 +0000)]
drm/amdgpu: Set no_hw_access when VF request full GPU fails
From Yifan Zha
077c7e5fee4b4b3fea29fd3a951a6b01f2802d9e in linux-6.6.y/6.6.51
33f23fc3155b13c4a96d94a0a22dc26db767440b in mainline linux
jsg [Thu, 12 Sep 2024 23:38:36 +0000 (23:38 +0000)]
drm/amdgpu: check for LINEAR_ALIGNED correctly in check_tiling_flags_gfx6
From Marek Olsak
9a41def4c48f92d386fdadc332a91c379257aa6a in linux-6.6.y/6.6.51
11317d2963fa79767cd7c6231a00a9d77f2e0f54 in mainline linux
jsg [Thu, 12 Sep 2024 23:36:35 +0000 (23:36 +0000)]
drm/amd/display: Check denominator pbn_div before used
From Alex Hung
dfafee0a7b51c7c9612edd2d991401294964d02f in linux-6.6.y/6.6.51
116a678f3a9abc24f5c9d2525b7393d18d9eb58e in mainline linux
jsg [Thu, 12 Sep 2024 23:34:57 +0000 (23:34 +0000)]
drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts
From Danijel Slivka
2521ba3cfa1d1c541e1ba1a32d1b43ad5a8e412f in linux-6.6.y/6.6.51
afbf7955ff01e952dbdd465fa25a2ba92d00291c in mainline linux
jsg [Thu, 12 Sep 2024 23:32:30 +0000 (23:32 +0000)]
drm/amdgpu: Fix smatch static checker warning
From Hawking Zhang
8bc7b3ce33e64c74211ed17aec823fc4e523426a in linux-6.6.y/6.6.51
bdbdc7cecd00305dc844a361f9883d3a21022027 in mainline linux
jsg [Thu, 12 Sep 2024 23:31:07 +0000 (23:31 +0000)]
drm/amd/display: Check HDCP returned status
From Alex Hung
1bd1fe1109fcd9213494283b01d9421f58e0b6c5 in linux-6.6.y/6.6.51
5d93060d430b359e16e7c555c8f151ead1ac614b in mainline linux
jsg [Thu, 12 Sep 2024 23:28:44 +0000 (23:28 +0000)]
drm/amd/display: Run DC_LOG_DC after checking link->link_enc
From Alex Hung
874e3bb302f97b94ac548959ec4f925b8e7b45e2 in linux-6.6.y/6.6.51
3a82f62b0d9d7687eac47603bb6cd14a50fa718b in mainline linux
jsg [Thu, 12 Sep 2024 23:26:26 +0000 (23:26 +0000)]
drm/i915: Do not attempt to load the GSC multiple times
From Daniele Ceraolo Spurio
337266ada863a4232c9f8634deedc298a145521c in linux-6.6.y/6.6.51
59d3cfdd7f9655a0400ac453bf92199204f8b2a1 in mainline linux
jsg [Thu, 12 Sep 2024 23:22:10 +0000 (23:22 +0000)]
Revert "drm/amdgpu: align pp_power_profile_mode with kernel docs"
From Alex Deucher
94479011f4f551b4b1e010776a131512402b27bc in linux-6.6.y/6.6.51
1a8d845470941f1b6de1b392227530c097dc5e0c in mainline linux
tb [Thu, 12 Sep 2024 10:33:25 +0000 (10:33 +0000)]
Reintroduce check that CRL Number is in range
The CRL number draft clarified what ignoring means and it includes checking
that the CRL number is well-formed again. So do this but continue to ignore
the value for any other purpose. This refactors x509_convert_seqnum() into
a couple of helpers. There's some duplication between crl_check_crl_number()
and crl_parse_crl_number() which could be removed if anyone cares.
tweaks/ok job
claudio [Thu, 12 Sep 2024 09:10:46 +0000 (09:10 +0000)]
Do a basic sanity check that dirents returned via fuse are kind of sane.
Ensure that file names passed back by readdir do not include a '/'
character. The '/' char is the path separator and is not allowed in
any filename. On top of this also check that d_reclen and d_namlen
are kind of sane and zero out the padding bytes after d_name.
OK beck@
claudio [Thu, 12 Sep 2024 09:07:28 +0000 (09:07 +0000)]
msdos already transfroms for Windows long names a '/' char into '?'.
Do the same for the 8.3 case as well.
This is not ideal since now it is possible that two files in the same
directory have the same name but the msdos code already does a lot of
this and so the problem already exists.
OK beck@ miod@
claudio [Thu, 12 Sep 2024 09:04:51 +0000 (09:04 +0000)]
Ensure that file names passed back by readdir do not include a '/'
character. The '/' char is the path separator and is not allowed in
any filename.
NFS specific report by Apple Security Engineering and Architecture (SEAR).
Input from guenther@ and millert@
OK beck@ miod@
djm [Thu, 12 Sep 2024 00:36:27 +0000 (00:36 +0000)]
Relax absolute path requirement back to what it was prior to OpenSSH 9.8,
which incorrectly required that sshd was started with an absolute path
in inetd mode. bz3717, patch from Colin Wilson
nicm [Wed, 11 Sep 2024 19:12:33 +0000 (19:12 +0000)]
Mouse move keys are not useful as key bindings because we do not turn
them on unless the application requests them. Ignore them so they do not
cause the prefix to be canceled, GitHub issue 4111.