openbsd
3 years agoAvoid potential NULL dereferences in dtls1_free()
tb [Thu, 21 Oct 2021 08:30:14 +0000 (08:30 +0000)]
Avoid potential NULL dereferences in dtls1_free()

ok jsing

3 years agoShow error if user option doesn't exist, GitHub issue 2938.
nicm [Thu, 21 Oct 2021 08:23:48 +0000 (08:23 +0000)]
Show error if user option doesn't exist, GitHub issue 2938.

3 years agoRetrieve the actual engineid instead of a pointer value.
martijn [Thu, 21 Oct 2021 08:21:43 +0000 (08:21 +0000)]
Retrieve the actual engineid instead of a pointer value.

OK tb@

3 years agoSync ober_oid_cmp with ax_oid_cmp from libagentx.
martijn [Thu, 21 Oct 2021 08:17:33 +0000 (08:17 +0000)]
Sync ober_oid_cmp with ax_oid_cmp from libagentx.
This flips the returned signedness and adds the weight of 2 for
parent-child relationship in both direction.

This makes ober_oid_cmp consistent with the rest of the *_cmp based
functions.

OK tb@

3 years agosync
anton [Thu, 21 Oct 2021 05:30:15 +0000 (05:30 +0000)]
sync

3 years agodrm/edid: In connector_bad_edid() cap num_of_ext by num_blocks read
jsg [Wed, 20 Oct 2021 23:50:20 +0000 (23:50 +0000)]
drm/edid: In connector_bad_edid() cap num_of_ext by num_blocks read

From Douglas Anderson
a7b45024f66f9ec769e8dbb1a51ae83cd05929c7 in linux 5.10.y/5.10.75
97794170b696856483f74b47bfb6049780d2d3a0 in mainline linux

3 years agoAdd missing semicolon at the end of the listen_udptcp rule
gerhard [Wed, 20 Oct 2021 16:00:47 +0000 (16:00 +0000)]
Add missing semicolon at the end of the listen_udptcp rule

ok otto@

3 years agodocument ASN1_STRING_set_by_NID(3)
schwarze [Wed, 20 Oct 2021 15:54:21 +0000 (15:54 +0000)]
document ASN1_STRING_set_by_NID(3)
and the three functions related to the global mask

3 years agonew manual page ASN1_mbstring_copy(3)
schwarze [Wed, 20 Oct 2021 13:14:00 +0000 (13:14 +0000)]
new manual page ASN1_mbstring_copy(3)
also documenting ASN1_mbstring_ncopy(3)

3 years agoRemove a TODO comment.
nicm [Wed, 20 Oct 2021 09:52:27 +0000 (09:52 +0000)]
Remove a TODO comment.

3 years agoAdd -T to set a popup title, from Alexis Hildebrandt in GitHub issue 2941.
nicm [Wed, 20 Oct 2021 09:50:40 +0000 (09:50 +0000)]
Add -T to set a popup title, from Alexis Hildebrandt in GitHub issue 2941.

3 years agoDo not ignore carp(4) interfaces.
florian [Wed, 20 Oct 2021 07:04:49 +0000 (07:04 +0000)]
Do not ignore carp(4) interfaces.
Problem reported by Guy Godfroy on bugs, thanks!

3 years agorevert vnode: remove VLOCKSWORK and check locking when vop_islocked != nullop
semarie [Wed, 20 Oct 2021 06:35:39 +0000 (06:35 +0000)]
revert vnode: remove VLOCKSWORK and check locking when vop_islocked != nullop
(both kernel and userland bits)

GENERIC + VFSLCKDEBUG is broken with it.

3 years agosync
anton [Wed, 20 Oct 2021 06:01:16 +0000 (06:01 +0000)]
sync

3 years agonew manual page X509_ATTRIBUTE_get0_object(3)
schwarze [Wed, 20 Oct 2021 05:06:36 +0000 (05:06 +0000)]
new manual page X509_ATTRIBUTE_get0_object(3)
documenting the four X.501 Attribute read accessors

3 years agodocument X509_ATTRIBUTE_create(3) and X509_ATTRIBUTE_dup(3)
schwarze [Wed, 20 Oct 2021 03:31:20 +0000 (03:31 +0000)]
document X509_ATTRIBUTE_create(3) and X509_ATTRIBUTE_dup(3)

3 years agoMove get_default_mbr() invocation before DISK_open() invocation and remove
krw [Tue, 19 Oct 2021 19:38:10 +0000 (19:38 +0000)]
Move get_default_mbr() invocation before DISK_open() invocation and remove
"rpath wpath" from the pledge() invocation. Makes default_dmbr information
available to DISK_open().

No intentional functional change.

3 years agodocument X509_get_pubkey_parameters(3) in a new manual page
schwarze [Tue, 19 Oct 2021 17:42:49 +0000 (17:42 +0000)]
document X509_get_pubkey_parameters(3) in a new manual page

3 years agomore precision, fewer words
schwarze [Tue, 19 Oct 2021 16:27:47 +0000 (16:27 +0000)]
more precision, fewer words

3 years agovnode: remove VLOCKSWORK usage in pstat and mention in man pages
semarie [Tue, 19 Oct 2021 14:50:05 +0000 (14:50 +0000)]
vnode: remove VLOCKSWORK usage in pstat and mention in man pages

unbreak the tree. found hard way by tb@

ok tb@ which have the same diff

3 years agoSame as -N, don't send if 0 arguments and -R.
nicm [Tue, 19 Oct 2021 12:51:43 +0000 (12:51 +0000)]
Same as -N, don't send if 0 arguments and -R.

3 years agodocument i2d_PrivateKey_bio(3) and i2d_PrivateKey_fp(3)
schwarze [Tue, 19 Oct 2021 12:03:46 +0000 (12:03 +0000)]
document i2d_PrivateKey_bio(3) and i2d_PrivateKey_fp(3)

3 years agoinstall X509_PKEY_new(3)
schwarze [Tue, 19 Oct 2021 10:55:57 +0000 (10:55 +0000)]
install X509_PKEY_new(3)

3 years agodocument X509_PKEY_new(3) and X509_PKEY_free(3)
schwarze [Tue, 19 Oct 2021 10:39:33 +0000 (10:39 +0000)]
document X509_PKEY_new(3) and X509_PKEY_free(3)

3 years agovnode: remove VLOCKSWORK and check locking when vop_islocked != nullop
semarie [Tue, 19 Oct 2021 06:26:08 +0000 (06:26 +0000)]
vnode: remove VLOCKSWORK and check locking when vop_islocked != nullop

This flag is currently used to mark or unmark a vnode to actively
check vnode locking semantic (when compiled with VFSLCKDEBUG).

Currently, VLOCKSWORK flag isn't properly set for several FS
implementation which have full locking support. This commit enable
proper checking for them too (cd9660, udf, fuse, msdosfs, tmpfs).

Instead of using a particular flag, it directly check if
v_op->vop_islocked is nullop or not to activate or not the vnode
locking checks.

ok mpi@

3 years agovnode: do not manipulate vnode lock directly
semarie [Tue, 19 Oct 2021 06:11:45 +0000 (06:11 +0000)]
vnode: do not manipulate vnode lock directly

use VOP_LOCK / VOP_UNLOCK wrappers.

VOP_LOCK() is prefered over vn_lock() here in order to keep equivalent code.

ok mpi@ visa@ (as part of larger diff)

3 years agovnode: deadfs: do not call v_op->vop_lock directly, use VOP_LOCK() wrapper
semarie [Tue, 19 Oct 2021 06:09:39 +0000 (06:09 +0000)]
vnode: deadfs: do not call v_op->vop_lock directly, use VOP_LOCK() wrapper

ok mpi@ visa@ (as part of larger diff)

3 years agoDon't bother decoding a partition's c/h/s start or end from the MBR read from
krw [Mon, 18 Oct 2021 20:27:32 +0000 (20:27 +0000)]
Don't bother decoding a partition's c/h/s start or end from the MBR read from
disk.

The decoded values were overwritten by an invocation of PRT_fix_CHS() before
they were used.

3 years agodocument X509_VERIFY_PARAM_inherit(3) and X509_VERIFY_PARAM_set1(3)
schwarze [Mon, 18 Oct 2021 18:20:39 +0000 (18:20 +0000)]
document X509_VERIFY_PARAM_inherit(3) and X509_VERIFY_PARAM_set1(3)

3 years agor1.66 (May 2014) introduced a two #if 0/#else/#endif chunks to avoid "over
krw [Mon, 18 Oct 2021 16:12:02 +0000 (16:12 +0000)]
r1.66 (May 2014) introduced a two #if 0/#else/#endif chunks to avoid "over
optimistic alignment expectations" when extracting a uint32_t field from a
packed struct.

r1.70 (March 2015) removed one of the two #if 0 chunks, realizing there was no
real gain to be had even if various compilers were ever able to intuit the
expected alignment.

Belatedly nuke the other #if 0 chunk and always memcpy() the uint32_t values out
of the struct.

3 years agosplit seven functions out of the page X509_VERIFY_PARAM_set_flags(3), which
schwarze [Mon, 18 Oct 2021 14:46:37 +0000 (14:46 +0000)]
split seven functions out of the page X509_VERIFY_PARAM_set_flags(3), which
is becoming excessively long, into a new page X509_VERIFY_PARAM_new(3);
no content change

3 years agoFix menu width containing disabled items, from Alexis Hildebrandt in
nicm [Mon, 18 Oct 2021 09:48:35 +0000 (09:48 +0000)]
Fix menu width containing disabled items, from Alexis Hildebrandt in
GitHub issue 2935.

3 years agoSpacing fixes from Alexis Hildebrandt.
nicm [Mon, 18 Oct 2021 09:15:56 +0000 (09:15 +0000)]
Spacing fixes from Alexis Hildebrandt.

3 years agoRemove duplicate options, spotted by Ricky Cintron.
nicm [Mon, 18 Oct 2021 09:09:46 +0000 (09:09 +0000)]
Remove duplicate options, spotted by Ricky Cintron.

3 years agosimplify a few accesses to fields of structs, using auxiliary pointer
schwarze [Sun, 17 Oct 2021 21:03:05 +0000 (21:03 +0000)]
simplify a few accesses to fields of structs, using auxiliary pointer
variables that are already present (and used nearby) in the code;
no functional change

3 years agoSimplify the code building lists of spans, no output change intended.
schwarze [Sun, 17 Oct 2021 20:47:54 +0000 (20:47 +0000)]
Simplify the code building lists of spans, no output change intended.

A comment in the code claimed that the list of spans would be sorted,
but the sorting did not actually work.  The layout "LSSS,LLSL" resulted
in the list "0-3, 1-2", whereas the layout "LLSL,LSSS" resulted
in the list "1-2, 0-3".  Since sorting serves no purpose, just leave
the list unsorted.

3 years agoDisambiguate "autoconf" handling now that it is used for IPv4 as well
kn [Sun, 17 Oct 2021 13:20:46 +0000 (13:20 +0000)]
Disambiguate "autoconf" handling now that it is used for IPv4 as well

This was the last mention of "dhcp" in our manuals except for
hostname.if(5) documenting it as an "inet autoconf" alias;  everything has
been converted to modern syntax now (hopefully).

OK jmc

3 years agokm_alloc(9) needs to be passed a size that is a multiple of PAGE_SIZE.
patrick [Sun, 17 Oct 2021 11:39:40 +0000 (11:39 +0000)]
km_alloc(9) needs to be passed a size that is a multiple of PAGE_SIZE.

ok mpi@

3 years agodrm/amdgpu: fix gart.bo pin_count leak
jsg [Sun, 17 Oct 2021 10:59:45 +0000 (10:59 +0000)]
drm/amdgpu: fix gart.bo pin_count leak

From Leslie Shi
621ddffb70db824eabd63d18ac635180fe9500f9 in linux 5.10.y/5.10.74
66805763a97f8f7bdf742fc0851d85c02ed9411f in mainline linux

3 years agoInstall "autoconf" as proper "inet autoconf" in hostname.if(5) files
kn [Sun, 17 Oct 2021 02:05:40 +0000 (02:05 +0000)]
Install "autoconf" as proper "inet autoconf" in hostname.if(5) files

OK aja

3 years agoTeach modern "inet autoconf"
kn [Sun, 17 Oct 2021 02:03:39 +0000 (02:03 +0000)]
Teach modern "inet autoconf"

This goes in line with hostname.if(5), unwind.conf(5), ifconfig(8)
as well as our installer.

OK deraadt

3 years agoBail out early if the PCIe controller hasn't been initialized by the
kettenis [Sat, 16 Oct 2021 17:14:41 +0000 (17:14 +0000)]
Bail out early if the PCIe controller hasn't been initialized by the
firmware.

ok jsg@

3 years ago40mhz is now supported so remove the caveat; ok stsp
jmc [Sat, 16 Oct 2021 15:05:59 +0000 (15:05 +0000)]
40mhz is now supported so remove the caveat; ok stsp

3 years agozap 3 comments
job [Fri, 15 Oct 2021 22:30:33 +0000 (22:30 +0000)]
zap 3 comments

3 years agoUpdate name of SMF, and add SAC (Sacramento Executive)
jeremy [Fri, 15 Oct 2021 20:47:11 +0000 (20:47 +0000)]
Update name of SMF, and add SAC (Sacramento Executive)

I've flown through SMF and been to SAC.

3 years agoPull in ssl_locl.h so that we can keep reaching into libssl internals.
jsing [Fri, 15 Oct 2021 16:49:12 +0000 (16:49 +0000)]
Pull in ssl_locl.h so that we can keep reaching into libssl internals.

3 years agoMove various structs from ssl.h/tls1.h to ssl_locl.h.
jsing [Fri, 15 Oct 2021 16:48:46 +0000 (16:48 +0000)]
Move various structs from ssl.h/tls1.h to ssl_locl.h.

These were already under LIBRESSL_INTERNAL hence no ABI change.

ok tb@

3 years agoDon't declare variables as "unsigned char *" that are passed to
naddy [Fri, 15 Oct 2021 15:01:27 +0000 (15:01 +0000)]
Don't declare variables as "unsigned char *" that are passed to
functions that take "char *" arguments.  Where such chars are
assigned to int or passed to ctype functions, explicitly cast them
to unsigned char.

For OpenBSD's clang, -Wpointer-sign has been disabled by default,
but when the parse.y code was built elsewhere, the compiler would
complain.

With help from millert@
ok benno@ deraadt@

3 years agoopenbsd 7.0 release shipped with the (hopefully last) scp that uses RCP
deraadt [Fri, 15 Oct 2021 14:46:46 +0000 (14:46 +0000)]
openbsd 7.0 release shipped with the (hopefully last) scp that uses RCP
protocol for copying.  Let's get back to testing the SFTP protocol.

3 years agoAdd initial 40MHz support to the iwx(4) driver.
stsp [Fri, 15 Oct 2021 13:38:10 +0000 (13:38 +0000)]
Add initial 40MHz support to the iwx(4) driver.

Tested:
ax200: jmc, phessler, kevlo, hrvoje, sdk, fkr, stsp, Mark Patruck
ax201: jcs, stsp, Fredrik Engberg, Eric Auge

3 years agoDo not send any key if -N flag is given even if no other arguments,
nicm [Fri, 15 Oct 2021 10:39:22 +0000 (10:39 +0000)]
Do not send any key if -N flag is given even if no other arguments,
fixes problem with repeat in copy mode reported by tb@.

3 years agoUpdate json key names
job [Fri, 15 Oct 2021 08:48:18 +0000 (08:48 +0000)]
Update json key names

OK claudio@

3 years agoTeach modern "inet autoconf"
kn [Fri, 15 Oct 2021 08:10:44 +0000 (08:10 +0000)]
Teach modern "inet autoconf"

This goes in line with hostname.if(5), unwind.conf(5), ifconfig(8)
as well as our installer.

OK deraadt

3 years agoRevert "Implement select(2) and pselect(2) on top of kqueue."
mpi [Fri, 15 Oct 2021 06:59:57 +0000 (06:59 +0000)]
Revert "Implement select(2) and pselect(2) on top of kqueue."

It introduced a regression exposed by the ssh tests.

Reported by anton@

3 years agovnode: remove vop_generic_{,is,un}lock stub functions
semarie [Fri, 15 Oct 2021 06:30:06 +0000 (06:30 +0000)]
vnode: remove vop_generic_{,is,un}lock stub functions

These functions are only stubs (returning 0). Replace them with nullop
function (same behaviour). There is no intented behaviour changes.

While here, reorder some vop_islocked member in structs to be next
others vop_{,un}lock members.

ok visa@

3 years agoRelease solock() before call unp_externalize().
mvs [Thu, 14 Oct 2021 23:05:10 +0000 (23:05 +0000)]
Release solock() before call unp_externalize().

A little step forward to make UNIX domain sockets locking fine grained.
The closest goal is to introduce the new rwlock(9) and use it to protect
garbage collector data. This leaves existing `unp_lock' rwlock(9) which
cowers the whole layer for per-socket data only and allows to replace it
with per-socket `so_lock' with further diffs.

Except file descriptor table unp_externalize() operates with the garbage
collector data only such as `unp_rights', `unp_msgcount' directly and
`unp_deferred' through unp_discard(). I want to introduce the new garbage
collector rwlock(9) with the separate diff, so `unp_lock' is still taken
within unp_externalize() around garbage collector data access. But right
now M_WAITOK allocation removed from rwlock(9). Also useless M_WAITOK
allocation and fdplock()/fdpunlock() dances removed from the error path.
The `unp_lock' and fdplock() are not taken together within
unp_externalize() but unp_internalize() still enforces `unp_lock' ->
fdplock() lock order. This rests the only place and will be changed with
the upcoming unp_internalize() and garbage collector rwlock(9) diffs.

ok bluhm@

3 years agoReplace lrint(3), lrintf(3), llrint(3) and llrintf(3) implementations with
kettenis [Thu, 14 Oct 2021 21:30:00 +0000 (21:30 +0000)]
Replace lrint(3), lrintf(3), llrint(3) and llrintf(3) implementations with
the same implementation that we're already using for lrintl(3) and llrintl(3).
The old implementations were derived from code from NetBSD that didn't pass
the lib/libm/msun/lrint_test regress test.  NetBSD replaced their
implementation with the FreeBSD implementation of this code which we were
already using for lrintl(3) and llrintl(3).  This fixes the regress test.

ok bluhm@, millert@

3 years agoip6_output_ipsec_send() may change the route embeded in struct ro
bluhm [Thu, 14 Oct 2021 17:39:42 +0000 (17:39 +0000)]
ip6_output_ipsec_send() may change the route embeded in struct ro
during path MTU discovery.  ip6_forward() has to update its rt
variable to the new route in ro.  Otherwise it could operate on a
freed route.
from markus@

3 years agoAdd popup-border-lines option to set popup line style, from Alexis
nicm [Thu, 14 Oct 2021 13:19:01 +0000 (13:19 +0000)]
Add popup-border-lines option to set popup line style, from Alexis
Hildebrandt, GitHub issue 2930.

3 years agoWhen checking ranges in tty_cmd_cells, cannot use the tty cursor
nicm [Thu, 14 Oct 2021 09:54:51 +0000 (09:54 +0000)]
When checking ranges in tty_cmd_cells, cannot use the tty cursor
position and tty_cursor because it may be at the final invisible cursor
position on automargin terminals. The text to be drawn is confined to
the pane, so use the pane cursor position for the checks instead. Fix
from Anindya Mukherjee, redraw problem reported by naddy@.

3 years agoImplement select(2) and pselect(2) on top of kqueue.
mpi [Thu, 14 Oct 2021 08:46:01 +0000 (08:46 +0000)]
Implement select(2) and pselect(2) on top of kqueue.

The given set of fds are converted to equivalent kevents using EV_SET(2)
and passed to the scanning internals of kevent(2): kqueue_scan().  Those
events are lazily deleted to reduce the overhard of freeing/allocating
them when select(2) is called in a loop.

ktrace(1) will now output the converted kevents on top of the usuals set
bits to be able to find possible error in the convertion.

This switch implies that select(2) and pselect(2) will now query the
underlying kqfilters instead of the *_poll() routines.  An increase in
latency is visible, especially with UDP sockets and NET_LOCK()-contended
subsystems and will be addressed in a next step.

The various *_poll() routines could be removed as soon as poll(2) and
ppoll(2) are also converted.

Based on similar work done on DragonFlyBSD with inputs from from visa@,
millert@, anton@, cheloha@, thanks!

ok claudio@, bluhm@

3 years agoUse unsigned char instead of u_char for two prototypes (like everywhere
tb [Thu, 14 Oct 2021 00:45:02 +0000 (00:45 +0000)]
Use unsigned char instead of u_char for two prototypes (like everywhere
else in libcrypto's manuals and headers).

3 years agoRemove redundant NULL checks in IPsec which are never reached.
bluhm [Wed, 13 Oct 2021 22:49:11 +0000 (22:49 +0000)]
Remove redundant NULL checks in IPsec which are never reached.
ok mvs@

3 years agoThe function crypto_dispatch() never returns an error. Make it
bluhm [Wed, 13 Oct 2021 22:43:44 +0000 (22:43 +0000)]
The function crypto_dispatch() never returns an error.  Make it
void and remove error handling in the callers.
OK patrick@ mvs@

3 years agoChange syslog.conf comments relating to network logging to focus on client
sthen [Wed, 13 Oct 2021 20:34:03 +0000 (20:34 +0000)]
Change syslog.conf comments relating to network logging to focus on client
setup which is configured in the file itself, rather than talking partly about
client (set in the file), command-line flags used for servers which are
better suited to the syslogd(8) manual, and ISDN.

In the commented-out examples, use tls rather than the plaintext protocol.
If users don't need tls they can change it, but it's a sane default, and
a good place to show that we have the feature.

ok bluhm@

3 years agoSending live tcpdump output over SSH while running tests may drop
bluhm [Wed, 13 Oct 2021 18:55:04 +0000 (18:55 +0000)]
Sending live tcpdump output over SSH while running tests may drop
bpf logs in the kernel.  Better write pcap files onto remote machine's
disk and collect and convert after testing with live packets has
finished.  Move the TCP path MTU tests to the end.  Otherwise TCP
packets floating around could affect the packet counters of the
subsequent tests.

3 years agoacme-client: stop reaching into X509
tb [Wed, 13 Oct 2021 18:09:42 +0000 (18:09 +0000)]
acme-client: stop reaching into X509

Prepare for an upcoming change in libcrypto and retrieve the stack
of extensions via X509_get0_extensions(). Simplify the for loop by
relying on the fact that empty or NULL stacks have an sk_num() of 0
and -1, respectively, so the loop won't be entered and the extsz
dance is unnecessary.

ok florian

3 years agoFix fd leak of /dev/tty on auth failure, introduced in revision 1.91.
millert [Wed, 13 Oct 2021 17:41:14 +0000 (17:41 +0000)]
Fix fd leak of /dev/tty on auth failure, introduced in revision 1.91.
Move the auth retry loop into authuser() and only open /dev/tty once.
Also refactor the password reading into authuser_checkpass().
Bug reported by multi AT in-addr DOT xyz.  OK kn@

3 years agossltest.c does not need param.h
tb [Wed, 13 Oct 2021 17:02:10 +0000 (17:02 +0000)]
ssltest.c does not need param.h

From Jonas Termansen

3 years agoRemove __dead from usage() to reduce the diff needed to build LibreSSL
tb [Wed, 13 Oct 2021 17:00:35 +0000 (17:00 +0000)]
Remove __dead from usage() to reduce the diff needed to build LibreSSL
on sortix.

Prompted by a diff by Jonas Termansen

3 years agoisakmpd: remove #ifdefs for ancient OPENSSL_VERSIONs.
tb [Wed, 13 Oct 2021 16:57:43 +0000 (16:57 +0000)]
isakmpd: remove #ifdefs for ancient OPENSSL_VERSIONs.

No-one is going to build this with OpenSSL 0.9.7 or earlier, so we
can remove this code.

ok bluhm sthen (as part of a larger diff)

3 years agoisakmpd: remove libcrypto.c
tb [Wed, 13 Oct 2021 16:56:30 +0000 (16:56 +0000)]
isakmpd: remove libcrypto.c

All this does is a call to OpenSSL_add_all_algorithms(), which is
no longer needed since libbcrypto initializes itself.

ok bluhm sthen (part of a larger diff)

3 years agoProvide realpath(1)
kn [Wed, 13 Oct 2021 15:04:53 +0000 (15:04 +0000)]
Provide realpath(1)

A tiny realpath(3) wrapper to make a porter's life easier.

Feedback kettenis deraadt cheloha sthen
OK cheloha martijn deraadt

3 years agoThe function ipip_output() was registered as .xf_output() xform
bluhm [Wed, 13 Oct 2021 14:36:31 +0000 (14:36 +0000)]
The function ipip_output() was registered as .xf_output() xform
function.  But was is never called via this pointer.  It would have
immediatley crashed as mp is always NULL when called via .xf_output().
Do not set .xf_output to ipip_output.  This allows to pass only the
parameters which are actually needed and the control flow is clearer.
OK mpi@

3 years agoNuke builtin_mbr.
krw [Wed, 13 Oct 2021 13:18:57 +0000 (13:18 +0000)]
Nuke builtin_mbr.

Those architectures needing either MBR boot code (amd64, i386,
landisk) or special boot partitions (macppc, loongson) have long
used /usr/mdec/mbr to provide that information.

Other architectures should not blindly write i386/amd64 boot code
into the MBR.

Fail quickly if the desired default MBR file is missing.

Prompted by deraadt@, tweak from kettenis@.

3 years agoThe kernel crypto framework sometimes returned an error, sometimes
bluhm [Wed, 13 Oct 2021 13:08:58 +0000 (13:08 +0000)]
The kernel crypto framework sometimes returned an error, sometimes
the callback was called, and sometimes both.  So the caller of that
API could not release resources correctly.
A bunch of errors can or should not happen, replace them with an
assert.  Remove redundant checks.  crypto_invoke() should not return
the error, but pass it via callback.
Some old hardware drivers keep part of their inconsistency as I
cannot test them.
OK mpi@

3 years agoAdd popup-style and popup-border-style options, from Alexis Hildebrandt
nicm [Wed, 13 Oct 2021 09:28:36 +0000 (09:28 +0000)]
Add popup-style and popup-border-style options, from Alexis Hildebrandt
in GitHub issue 2927.

3 years agoFix regress test after changing the way bgpsec pubkeys are shown and processed.
claudio [Wed, 13 Oct 2021 06:56:07 +0000 (06:56 +0000)]
Fix regress test after changing the way bgpsec pubkeys are shown and processed.
Reported by anton@

3 years agoRelax test regex, read or write error is possible.
bluhm [Tue, 12 Oct 2021 22:44:48 +0000 (22:44 +0000)]
Relax test regex, read or write error is possible.

3 years agoRemove misleading uvm reference counting that isn't actually used.
kettenis [Tue, 12 Oct 2021 18:22:04 +0000 (18:22 +0000)]
Remove misleading uvm reference counting that isn't actually used.
Make sure uvm_obj_init() is only called once.  Call uvm_obj_destroy()
when we release the GEM object that wraps an uvm object for which we
called uvm_obj_init().

ok mpi@, jsg@

3 years agoIntroduce a dummy uvm_obj_destroy() interface. This function will be
kettenis [Tue, 12 Oct 2021 18:16:51 +0000 (18:16 +0000)]
Introduce a dummy uvm_obj_destroy() interface.  This function will be
used in the near future (by mpi@) to improve the locking for uvm objects.
Introducing this function now will me allow me to call it in the
appropriate place in the drm code.

ok mpi@, jsg@

3 years agoAdd (minimal) accounting for wired pages in userland pmaps.
kettenis [Tue, 12 Oct 2021 18:06:15 +0000 (18:06 +0000)]
Add (minimal) accounting for wired pages in userland pmaps.
This enables enforcing of RLIMIT_MEMLOCK on powerpc64.

ok mpi@

3 years agomake armv7 fit again after bootblock growth; discussed with jsg
deraadt [Tue, 12 Oct 2021 16:39:22 +0000 (16:39 +0000)]
make armv7 fit again after bootblock growth; discussed with jsg

3 years agoEmit SKI in the JSON output and improve flow in x509_get_pubkey()
job [Tue, 12 Oct 2021 15:16:45 +0000 (15:16 +0000)]
Emit SKI in the JSON output and improve flow in x509_get_pubkey()

OK claudio@

3 years agoDo not extend PT_DYNAMIC segment on mips64
visa [Tue, 12 Oct 2021 14:06:04 +0000 (14:06 +0000)]
Do not extend PT_DYNAMIC segment on mips64

The IRIX-specific extension of the PT_DYNAMIC segment is not needed
by the dynamic linker on OpenBSD/mips64. Disable it so that the .dynamic
section stays at the start of the PT_DYNAMIC segment even when .dynstr,
.dynsym or .hash precedes .dynamic in the ELF file. This enables
Binutils 2.17 tools, such as strip(1), rewrite executables and shared
libraries that have been produced by LLD.

OK kettenis@

3 years agoiwm(4): revert to use firmware v17 on Intel AC 7265.
landry [Tue, 12 Oct 2021 11:20:32 +0000 (11:20 +0000)]
iwm(4): revert to use firmware v17 on Intel AC 7265.

fixes instability issues seen on X1 carbon gen3 (hw rev 0x210) by
anton@, mpi@ and myself.
diff from stsp@
ok mpi@ stsp@

3 years agoMake our old BSSID available to iwx_newstate_task() when roaming.
stsp [Tue, 12 Oct 2021 10:46:57 +0000 (10:46 +0000)]
Make our old BSSID available to iwx_newstate_task() when roaming.

ic_bss->ni_bssid has already been overwritten once we enter
iwx_newstate_task() to perform the state transitions necessary
for roaming to our new access point (RUN->AUTH->ASSOC->RUN).

We do however use the BSSID in commands sent to firmware.
Cache our BSSID in struct iwx_node such that firmware commands
keep using the old BSSID while we are still tearing things down.
Switch to the new BSSID only once we start back up in iwx_auth().
This should be consistent from the firmware's point of view.

Same fix as committed for iwm(4) recently.

3 years agoExplicitly stop iwx(4) Rx block ack when roaming between access points.
stsp [Tue, 12 Oct 2021 10:45:21 +0000 (10:45 +0000)]
Explicitly stop iwx(4) Rx block ack when roaming between access points.

This is similar to a recent fix committed to iwm(4).
Unlike iwm(4) we do not need to disable Tx aggregation queues in iwx(4).
Attempting to do so would cause fatal firmware errors.

Tested by jmc@ and myself.

3 years agoRemove code which was needed to support old firmware images from iwx(4).
stsp [Tue, 12 Oct 2021 10:44:33 +0000 (10:44 +0000)]
Remove code which was needed to support old firmware images from iwx(4).

Tested with cc-a0-63 and QuZ-a0-hr-b0-63 firmware by myself.
Tested with Qu-c0-hr-b0-63 firmware by Fredrik Engberg.

3 years agoChange responder to prefer DH group from KE payload.
tobhe [Tue, 12 Oct 2021 10:01:59 +0000 (10:01 +0000)]
Change responder to prefer DH group from KE payload.
Without this change the responder would always prefer the first DH
group configured in its policy. This would lead to invalid KE
messages that cause an additional exchange which old
implementations do not support correctly. Now we ignore the order
of DH groups in the policy and prefer the group from the policy
that matches the KE payload.

from markus@
ok patrick@

3 years agoMake sure all copies of MSCHAPv2 passphrase are zeroed after use.
tobhe [Tue, 12 Oct 2021 09:27:21 +0000 (09:27 +0000)]
Make sure all copies of MSCHAPv2 passphrase are zeroed after use.

ok patrick@

3 years agodo the matching as a last resort to handle .libs
espie [Tue, 12 Oct 2021 09:06:37 +0000 (09:06 +0000)]
do the matching as a last resort to handle .libs
fix the bug I introduced that bluhm@ et al noticed

3 years agoFix the deadlock between uvn_io() and uvn_flush() by restarting the fault.
mpi [Tue, 12 Oct 2021 07:38:22 +0000 (07:38 +0000)]
Fix the deadlock between uvn_io() and uvn_flush() by restarting the fault.

Do not allow a faulting thread to sleep on a contended vnode lock to prevent
lock ordering issues with upcoming per-uobj lock.

Also reduce the sleep value for VM_PAGER_AGAIN from 1sec to 5nsec to not add
visible slowdown when starting a multi-threaded application with threads that
fault on the same vnode (chromium, firefox, etc).

Tested by anton@, tb@, robert@ and gnezdo@

ok anton@, tb@

Reported-by: syzbot+e63407b35dff08dbee02@syzkaller.appspotmail.com
3 years agoRevert the fix for the deadlock between uvn_io() and uvn_flush().
mpi [Tue, 12 Oct 2021 07:37:42 +0000 (07:37 +0000)]
Revert the fix for the deadlock between uvn_io() and uvn_flush().

This fix (ab)use the vnode lock to serialize access to some fields of
the corresponding pages associated with UVM vnode object and this will
create new deadlocks with the introduction of a per-uobj lock.

ok anton@

3 years agoquote sudo and handle arguments
anton [Tue, 12 Oct 2021 05:42:39 +0000 (05:42 +0000)]
quote sudo and handle arguments

3 years agoFold bgpsec cert & traditional certs into same test
job [Mon, 11 Oct 2021 17:32:27 +0000 (17:32 +0000)]
Fold bgpsec cert & traditional certs into same test

3 years agoImprove BGpsec regress test
job [Mon, 11 Oct 2021 16:55:18 +0000 (16:55 +0000)]
Improve BGpsec regress test

3 years agoAdd support for BGPsec Router Certificates (RFC 8209)
job [Mon, 11 Oct 2021 16:50:03 +0000 (16:50 +0000)]
Add support for BGPsec Router Certificates (RFC 8209)

BGPsec router keys are extracted from RPKI certificates and
emitted via the JSON output in base64 encoded form.

OK tb@ claudio@

3 years agobase64_encode() should not add any newlines into the output. Because
claudio [Mon, 11 Oct 2021 16:06:36 +0000 (16:06 +0000)]
base64_encode() should not add any newlines into the output. Because
of this switch from EVP_EncodeUpdate() plus complexity to the much
simpler use of calling EVP_EncodeBlock() directly.
OK job@

3 years agodoes not need arpa/nameser.h
deraadt [Mon, 11 Oct 2021 14:32:26 +0000 (14:32 +0000)]
does not need arpa/nameser.h