tb [Fri, 22 Apr 2022 15:50:07 +0000 (15:50 +0000)]
Check tkp->output != NULL before taking strlen for both command mappings
and input mappings. This adds a missing check for command mappings and
simplifies the input mappings.
ok millert
millert [Fri, 22 Apr 2022 15:48:29 +0000 (15:48 +0000)]
vi: apply expandtab to the output of a ! command
This is consistent with vim's expandtab behavior.
From nvi2 (Craig Leres). OK tb@
bluhm [Fri, 22 Apr 2022 12:10:57 +0000 (12:10 +0000)]
ARP, ND6 and PPPoE are not MP safe. Protect them with kernel lock
for now. Then IP forward can run in parallel and this can be fixed
later.
OK sashan@
anton [Fri, 22 Apr 2022 05:08:43 +0000 (05:08 +0000)]
Only run agent-ptrace.sh if gdb is available as all architectures do not
ship with gdb.
dlg [Fri, 22 Apr 2022 00:29:20 +0000 (00:29 +0000)]
handle 16 bit kstat_kv types
dlg [Fri, 22 Apr 2022 00:27:55 +0000 (00:27 +0000)]
add 16 bit types to kstat_kv structs.
of course it is a realtek card that needs this because they provide
some 16 bit counters.
stsp [Thu, 21 Apr 2022 21:03:02 +0000 (21:03 +0000)]
Use memset() to initialize struct ieee80211_rxinfo properly.
Sven Wolf noticed that scans on ral(4) are buggy ever since I added a new
field to this struct. Turns out a lot of drivers were initializing fields
one-by-one, leaving any newly added fields uninitialized by default.
Affected drivers may report wrong channel numbers for received beacons.
The net80211 stack will discard such beacons, assuming they were received
on the wrong channel due to signal leakage. Scanning is broken as result.
ok miod@
danj [Thu, 21 Apr 2022 20:48:50 +0000 (20:48 +0000)]
Remove _switchd user/group/alias
ok millert deraadt
switchd(8) was removed back in November. Commit message was:
Retire switchd and switchctl. While interesting they never managed to
really get into a usable state. The OpenFlow API is mostly superseeded
by P4 and so this is a bit of a dead end.
kettenis [Thu, 21 Apr 2022 20:48:33 +0000 (20:48 +0000)]
Our malloc(3) guarantees 16-byte alignment.
ok sthen@, tb@
bluhm [Thu, 21 Apr 2022 19:21:04 +0000 (19:21 +0000)]
In vmm regress skip all corner cases that do not support vmm. Link
dump_tables and vmm to the build. Adopt all makefiles to skip tests
on non amd64 machines.
OK dv@
tb [Thu, 21 Apr 2022 18:01:09 +0000 (18:01 +0000)]
Add missing self. From anton
millert [Thu, 21 Apr 2022 17:50:29 +0000 (17:50 +0000)]
v_event_get: check qp->output for NULL before passing to e_memcmp().
Other users of qp->output already include a NULL check.
Avoids a crash when cursor key support is disabled in cl/cl_term.c.
From Jeremy Mates. OK tb@
sashan [Thu, 21 Apr 2022 15:22:49 +0000 (15:22 +0000)]
Introduce a dedicated link entries for snapshots in pfsync(4). The purpose
of snapshots is to allow pfsync(4) to move items from global lists
to local lists (a.k.a. snapshots) under a mutex protection. Snapshots
are then processed without holding any mutexes. Such idea does not fly
well if link entry is currently used for global lists as well as snapshots.
Feedback by bluhm@ Credits also goes to hrvoje@ for extensive testing.
OK bluhm@
espie [Thu, 21 Apr 2022 14:59:58 +0000 (14:59 +0000)]
-current recognizes that a symlink was deleted and just keep going with
a warning and no fuss.
claudio [Thu, 21 Apr 2022 12:59:03 +0000 (12:59 +0000)]
Further refactor and cleanup filemode.c mainly remove the copies of
proc_parser_cert_validate() and proc_parser_root_cert() adjust
parse_load_certchain() and parse_load_ta() respectivly.
Also cleanup the functions in parser.c and make it possible to call
ta_parse and cert_parse with a NULL cert.
OK tb@
jsg [Thu, 21 Apr 2022 10:01:24 +0000 (10:01 +0000)]
drm/i915: Sunset igpu legacy mmap support based on GRAPHICS_VER_FULL
From Matt Roper
14785927a1d46817b1648806ed5124be049bea75 in linux 5.15.y/5.15.35
1acb34e7dd7720a1fff00cbd4d000ec3219dc9d6 in mainline linux
jsg [Thu, 21 Apr 2022 09:59:41 +0000 (09:59 +0000)]
drm/amdgpu: Enable gfxoff quirk on MacBook Pro
From Tomasz Mon
2dd7d2eddf8e1ff3556e333979af99e4c167a7b5 in linux 5.15.y/5.15.35
4593c1b6d159f1e5c35c07a7f125e79e5a864302 in mainline linux
jsg [Thu, 21 Apr 2022 09:55:25 +0000 (09:55 +0000)]
drm/amd/display: don't ignore alpha property on pre-multiplied mode
From Melissa Wen
804c096d640ece718d6505c5252eb66544bbc2c9 in linux 5.15.y/5.15.35
e4f1541caf60fcbe5a59e9d25805c0b5865e546a in mainline linux
jsg [Thu, 21 Apr 2022 09:53:32 +0000 (09:53 +0000)]
drm/amd/display: Fix allocate_mst_payload assert on resume
From Roman Li
6a03581ccffa571bfa1a9f3a097e1a4d7164fd2d in linux 5.15.y/5.15.35
f4346fb3edf7720db3f7f5e1cab1f667cd024280 in mainline linux
claudio [Thu, 21 Apr 2022 09:53:07 +0000 (09:53 +0000)]
The filemode code is enough different from the regular parser code that it
makes sense to totally split it out. Duplicate proc_parser_cert_validate()
and proc_parser_root_cert() for now.
The valid_x509() plus the required static functions are moved to validate.c.
The crl_tree code moved into crl.c similar to the auth_tree handling in
cert.c. All the proc functions are now tagged with __attribute(noreturn)
which allows to remove the errx() after them.
OK tb@
jsg [Thu, 21 Apr 2022 09:51:39 +0000 (09:51 +0000)]
drm/amd/display: Revert FEC check in validation
From Martin Leung
ac2eb310af0582428400186173d070320a8bfd6f in linux 5.15.y/5.15.35
b2075fce104b88b789c15ef1ed2b91dc94198e26 in mainline linux
jsg [Thu, 21 Apr 2022 09:49:14 +0000 (09:49 +0000)]
drm/amd/display: Enable power gating before init_pipes
From Roman Li
eab8e585840f84c6a352eaab70e5495eda7ebb6f in linux 5.15.y/5.15.35
58e16c752e9540b28a873c44c3bee83e022007c1 in mainline linux
jsg [Thu, 21 Apr 2022 09:47:25 +0000 (09:47 +0000)]
drm/amdkfd: Check for potential null return of kmalloc_array()
From QintaoShen
f2658d5966bcee8c3eb487875f459756d4f7cdfc in linux 5.15.y/5.15.35
ebbb7bb9e80305820dc2328a371c1b35679f2667 in mainline linux
jsg [Thu, 21 Apr 2022 09:45:53 +0000 (09:45 +0000)]
drm/amdgpu/vcn: improve vcn dpg stop procedure
From Tianci Yin
9f0fabf30b486e3d5c9b578073cea369ffc05c43 in linux 5.15.y/5.15.35
6ea239adc2a712eb318f04f5c29b018ba65ea38a in mainline linux
jsg [Thu, 21 Apr 2022 09:44:07 +0000 (09:44 +0000)]
drm/amdkfd: Fix Incorrect VMIDs passed to HWS
From Tushar Patel
25efb191d86b108f100f82f414229f8269d00b28 in linux 5.15.y/5.15.35
b7dfbd2e601f3fee545bc158feceba4f340fe7cf in mainline linux
jsg [Thu, 21 Apr 2022 09:42:38 +0000 (09:42 +0000)]
drm/amd/display: Update VTEM Infopacket definition
From Leo (Hanghong) Ma
7a3bc11a40346987649018ecd82caa744117c347 in linux 5.15.y/5.15.35
c9fbf6435162ed5fb7201d1d4adf6585c6a8c327 in mainline linux
jsg [Thu, 21 Apr 2022 09:40:40 +0000 (09:40 +0000)]
drm/amd/display: FEC check in timing validation
From Chiawen Huang
92951699a5f11043b9d1402ea21787f420b36094 in linux 5.15.y/5.15.35
7d56a154e22ffb3613fdebf83ec34d5225a22993 in mainline linux
jsg [Thu, 21 Apr 2022 09:37:52 +0000 (09:37 +0000)]
drm/amd/display: fix audio format not updated after edid updated
From Charlene Liu
b054e8183fbdec15955311956df8a9ce47e0ab6d in linux 5.15.y/5.15.35
5e8a71cf13bc9184fee915b2220be71b4c6cac74 in mainline linux
jsg [Thu, 21 Apr 2022 09:36:10 +0000 (09:36 +0000)]
drm/amdgpu/gmc: use PCI BARs for APUs in passthrough
From Alex Deucher
37bc29a445384f4bdfc734dfe7f763ede604acfe in linux 5.15.y/5.15.35
b818a5d374542ccec73dcfe578a081574029820e in mainline linux
jsg [Thu, 21 Apr 2022 09:33:45 +0000 (09:33 +0000)]
drm/amdgpu: conduct a proper cleanup of PDB bo
From Guchun Chen
5a3b56a4a1c79111bc4aaa9caba5eb5e9cfaeaeb in linux 5.15.y/5.15.35
2d505453f38e18d42ba7d5428aaa17aaa7752c65 in mainline linux
jsg [Thu, 21 Apr 2022 09:31:58 +0000 (09:31 +0000)]
drm/amd: Add USBC connector ID
From Aurabindo Pillai
6dded62e5aa6e29f18a1079002109cb6068e9bf6 in linux 5.15.y/5.15.35
c5c948aa894a831f96fccd025e47186b1ee41615 in mainline linux
sthen [Thu, 21 Apr 2022 09:31:28 +0000 (09:31 +0000)]
Fix previous rc.d/spamlogd commit, the check in rc_pre is not needed
because rc.subr has special-casing for spamd/spamlogd.
Teach the script to detect the pflog interface from spamlogd flags and
create the correct interface if needed.
ok jturner@
jsg [Thu, 21 Apr 2022 09:30:18 +0000 (09:30 +0000)]
drm/amd/display: Fix p-state allow debug index on dcn31
From Nicholas Kazlauskas
8e663865f5284124196bc04e010e7344d8a278f3 in linux 5.15.y/5.15.35
3107e1a7ae088ee94323fe9ab05dbefd65b3077f in mainline linux
jsg [Thu, 21 Apr 2022 09:28:16 +0000 (09:28 +0000)]
drm/amd/display: Add pstate verification and recovery for DCN31
From Nicholas Kazlauskas
685a19fa6ae99dc7a18a9af2a7626162e1db7aff in linux 5.15.y/5.15.35
e7031d8258f1b4d6d50e5e5b5d92ba16f66eb8b4 in mainline linux
jmc [Thu, 21 Apr 2022 05:27:53 +0000 (05:27 +0000)]
fix SEE ALSO;
kevlo [Thu, 21 Apr 2022 05:08:39 +0000 (05:08 +0000)]
Repair hw vlan tagging. Previously swapped byte RGE_TDEXTSTS_VTAG, this
caused no tag was sent on the outgoing packet.
Bug reported and the fix tested by Andrew Laramore.
tb [Thu, 21 Apr 2022 05:06:07 +0000 (05:06 +0000)]
Clarify comments at the start of {asid,addr}_validate_path_internal()
Requested by jsing
tb [Thu, 21 Apr 2022 04:48:12 +0000 (04:48 +0000)]
Avoid expensive RFC 3779 checks during cert verification
X509v3_{addr,asid}_is_canonical() check that the ipAddrBlocks and
autonomousSysIds extension conform to RFC 3779. These checks are not
cheap. Certs containing non-conformant extensions should not be
considered valid, so mark them with EXFLAG_INVALID while caching the
extension information in x509v3_cache_extensions(). This way the
expensive check while walking the chains during X509_verify_cert() is
replaced with a cheap check of the extension flags. This avoids a lot
of superfluous work when validating numerous certs with similar chains
against the same roots as is done in rpki-client.
Issue noticed and fix suggested by claudio
ok claudio inoguchi jsing
tb [Thu, 21 Apr 2022 04:24:51 +0000 (04:24 +0000)]
Fix X509_get_extension_flags()
Ensure that EXFLAG_INVALID is set on X509_get_purpose() failure.
ok inoguchi jsing
dtucker [Thu, 21 Apr 2022 01:36:46 +0000 (01:36 +0000)]
It looks like we can't completely avoid waiting for processes to
exit so retrieve the pid via controlmaster and use that.
krw [Wed, 20 Apr 2022 23:36:30 +0000 (23:36 +0000)]
Refine the GPT partition entry table validity check to ensure
that the partition entry table associated with the primary GPT
header at sector 1 doesn't overwrite the header or intrude into
the sectors available for partitions.
Similarly ensure that the partition entry table associated with
the alternate header does not overwrite that header or intrude
into the sectors available for partitions.
jcs [Wed, 20 Apr 2022 21:55:17 +0000 (21:55 +0000)]
Use glob to expand wildcards in "other device" paths rather than a
custom implementation that only allowed matching all files in a
directory.
ok millert
bluhm [Wed, 20 Apr 2022 20:51:09 +0000 (20:51 +0000)]
In pfsync there were some KASSERT hidden behind #ifdef PFSYNC_DEBUG.
Assertions should be active and rely on #ifdef DIAGNOSTIC. Retire
PFSYNC_DEBUG.
OK sashan@ dlg@
krw [Wed, 20 Apr 2022 20:43:32 +0000 (20:43 +0000)]
Wrap a long line.
tb [Wed, 20 Apr 2022 20:26:22 +0000 (20:26 +0000)]
Fix mandoc -Tlint warning about trailing whitespace
bluhm [Wed, 20 Apr 2022 17:58:22 +0000 (17:58 +0000)]
Fix white space and wrap long lines.
tb [Wed, 20 Apr 2022 17:37:53 +0000 (17:37 +0000)]
While I'm here, prepare regress for claudio's upcoming diff
tb [Wed, 20 Apr 2022 17:26:53 +0000 (17:26 +0000)]
Fix rpki-client regress after -j -f change
krw [Wed, 20 Apr 2022 17:14:35 +0000 (17:14 +0000)]
Sigh. Another forgotten header file.
millert [Wed, 20 Apr 2022 16:00:25 +0000 (16:00 +0000)]
Remove unnecessary includes: openssl/hmac.h and openssl/evp.h.
From Martin Vahlensieck.
millert [Wed, 20 Apr 2022 15:59:18 +0000 (15:59 +0000)]
Add missing includes of stdlib.h and stdint.h.
We need stdlib.h for malloc(3) and stdint.h for SIZE_MAX.
Unlike the other xmss files, ssh-xmss.c does not include xmss_commons.h
so ssh-xmss.c must include those headers itself.
From Martin Vahlensieck
millert [Wed, 20 Apr 2022 15:56:49 +0000 (15:56 +0000)]
Avoid an unnecessary xstrdup in rm_env() when matching patterns.
Since match_pattern() doesn't modify its arguments (they are const),
there is no need to make an extra copy of the strings in options->send_env.
From Martin Vahlensieck
krw [Wed, 20 Apr 2022 15:49:56 +0000 (15:49 +0000)]
Simpify code manipulating GPT partition names by coalescing
logic into GPT_get_name(), string_to_name() and name_to_string()
functions. Remove unnecessarily abstract functions ask_string(),
utf16le_to_string() and string_to_utf16le().
No intentional functional change.
deraadt [Wed, 20 Apr 2022 15:38:24 +0000 (15:38 +0000)]
more whitespace cleanups
tb [Wed, 20 Apr 2022 15:31:48 +0000 (15:31 +0000)]
Fix various annoying whitespace errors.
tb [Wed, 20 Apr 2022 15:29:24 +0000 (15:29 +0000)]
Print UTC time with gmtime()
This replaces a strange hack that sets TZ=UTC and calls localtime().
Tweak format string to keep printing UTC.
ok claudio
job [Wed, 20 Apr 2022 15:13:08 +0000 (15:13 +0000)]
Improve proc_parser_file handling of Trust Anchors
OK tb@
deraadt [Wed, 20 Apr 2022 14:21:56 +0000 (14:21 +0000)]
repair kstat entry
espie [Wed, 20 Apr 2022 14:00:38 +0000 (14:00 +0000)]
don't try to create a partial-* package when we find out there's nothing
where we expected a symlink.
millert [Wed, 20 Apr 2022 14:00:19 +0000 (14:00 +0000)]
Make the termp and winp arguments for openpty, et al. const.
This matches the prototypes in glibc and musl libc.
From Matthew Martin. OK tb@
tb [Wed, 20 Apr 2022 13:32:34 +0000 (13:32 +0000)]
Avoid use of uninitialized in BN_mod_exp_recp()
If either of the two initial BN_CTX_get() fails, we will call
BN_RECP_CTX_free() on the uninitialized recp, which won't end
well, so hoist the BN_RECP_CTX_init() call a few lines up.
From Pauli, OpenSSL
ad249412
ok inoguchi jsing
dtucker [Wed, 20 Apr 2022 13:25:55 +0000 (13:25 +0000)]
Use ssh -f and ControlPersist to start up test forwards and ssh -O stop
to shut them down intead of sleep loops. This speeds up the test by
an order of magnitude.
dv [Wed, 20 Apr 2022 12:49:20 +0000 (12:49 +0000)]
Add vmm(4) regress, disabled for now. ok rob@
espie [Wed, 20 Apr 2022 12:10:33 +0000 (12:10 +0000)]
register new tests, they don't pass yet
espie [Wed, 20 Apr 2022 12:09:46 +0000 (12:09 +0000)]
it also breaks somewhat differently when files vanish, we still need
a few checks
job [Wed, 20 Apr 2022 10:46:20 +0000 (10:46 +0000)]
Add Concatenated JSON output in filemode (rpki-client -j -f *)
The schema is still work in progress.
OK claudio@
espie [Wed, 20 Apr 2022 09:58:19 +0000 (09:58 +0000)]
add a symlink test that currently fails, I want to fix it soonish
bluhm [Wed, 20 Apr 2022 09:38:25 +0000 (09:38 +0000)]
Route timeout was a mixture of int, u_int and long. Use type int
for timeout, add sysctl bounds checking between 0 and max int, and
use time_t for absolute times.
Some code assumes that the route timeout queue can be NULL and at
some places this was checked. Better make sure that all queues
always exist. The pool_get for struct rttimer_queue is only called
from initialization and from syscall, so PR_WAITOK is possible.
Keep the special hack when ip_mtudisc is set to 0. Destroy the
queue and generate an empty one.
If redirect timeout is 0, it should not time out. Check the value
in IPv6 to make the behavior like IPv4.
Sysctl net.inet6.icmp6.redirtimeout had no effect as the queue
timeout was not modified. Make icmp6_sysctl() look like icmp_sysctl().
OK claudio@
espie [Wed, 20 Apr 2022 09:24:07 +0000 (09:24 +0000)]
likewise for set flavors
espie [Wed, 20 Apr 2022 09:19:52 +0000 (09:19 +0000)]
zap branch info so that pre-caching works with stuff like autoconf%2.64
espie [Wed, 20 Apr 2022 09:08:09 +0000 (09:08 +0000)]
reinstate temp-error3: do an update that will force temp files to be
created since the contents changed
espie [Wed, 20 Apr 2022 09:07:42 +0000 (09:07 +0000)]
better error report when I botch some test writing
dtucker [Wed, 20 Apr 2022 05:24:13 +0000 (05:24 +0000)]
Simplify forward-control test. Since we no longer need to support SSH1
we don't need to run shell commands on the other end of the connection
and can use ssh -N instead. This also makes the test less racy.
tb [Wed, 20 Apr 2022 04:40:33 +0000 (04:40 +0000)]
Remove an unreachable error message
If timeout != 0 and 0 <= timeout <= 24*60*60, then timeout < 1 is
impossible.
ok
djm [Wed, 20 Apr 2022 04:19:11 +0000 (04:19 +0000)]
Try to continue running local I/O for channels in state OPEN during
SSH transport rekeying. The most visible benefit is that it should make
~-escapes work in the client (e.g. to exit) if the connection happened
to have stalled during a rekey event. Based work by and ok dtucker@
deraadt [Wed, 20 Apr 2022 01:39:49 +0000 (01:39 +0000)]
sync
dtucker [Wed, 20 Apr 2022 01:13:47 +0000 (01:13 +0000)]
Import regenerated moduli
krw [Wed, 20 Apr 2022 00:47:32 +0000 (00:47 +0000)]
Eliminate some local pointers to gp[pn] and just use gp[pn].
Fix some whitespace and memset() parameters in passing.
No intentional functional change.
bluhm [Tue, 19 Apr 2022 22:16:24 +0000 (22:16 +0000)]
Add dummy implementation for rt_timer_init(). Kernel sources are
build for regress and need that function now.
tb [Tue, 19 Apr 2022 20:06:48 +0000 (20:06 +0000)]
zap extra line break and extra empty line
krw [Tue, 19 Apr 2022 20:02:56 +0000 (20:02 +0000)]
Forgot a file for previous commit.
No functional change.
bluhm [Tue, 19 Apr 2022 19:19:31 +0000 (19:19 +0000)]
Use a pool instead of malloc for struct rttimer_queue. As routing
runs without kernel lock, use IPL_MPFLOOR protection for its pools.
OK mvs@ claudio@
claudio [Tue, 19 Apr 2022 19:01:19 +0000 (19:01 +0000)]
Do not use a hidden global for the EVP_ENCODE_CTX to save a calloc() call.
Make this work concurrently by allocating and freeing the EVP_ENCODE_CTX
for every call to base64_decode(). This is not a hot path so the impact
is negligible.
OK tb@
tb [Tue, 19 Apr 2022 18:52:36 +0000 (18:52 +0000)]
Avoid leaking crldp in mft_parse() if one of the crlfile checks fails.
ok claudio
krw [Tue, 19 Apr 2022 17:53:15 +0000 (17:53 +0000)]
Bring GPT_print_partition() into line with other functions being passed
an index to the gp[] array by calling said parameter 'pn' and making it
const unsigned int.
No functional change.
krw [Tue, 19 Apr 2022 17:36:36 +0000 (17:36 +0000)]
Move declaration of DEBUG-only variable inside #ifdef DEBUG.
No functional change.
krw [Tue, 19 Apr 2022 17:30:36 +0000 (17:30 +0000)]
Eliminate superfluous intermediate variables 'pncnt' now that
gh.gh_part_num does not need a letoh32().
No functional change.
tb [Tue, 19 Apr 2022 17:01:43 +0000 (17:01 +0000)]
Drop unused KeyUpdate from debug printf
The handshake state machine does not handle key updates since that's a
post-handshake handshake message. This is code under #ifdef TLS13_DEBUG
and if it is ever to be reused in tls13_handshake_msg.c, that will have
to be revisited.
ok inoguchi jsing
bluhm [Tue, 19 Apr 2022 15:44:56 +0000 (15:44 +0000)]
Instead of a MP unsafe global variable to initialize at first use,
call rt_timer_init() from rtable_init().
OK mvs@ claudio@
semarie [Tue, 19 Apr 2022 15:30:52 +0000 (15:30 +0000)]
add missing unlock before returning in uvn_detach()
uvn_detach sets UVM_VNODE_RELKILL flag and wait for all async i/o to finish. but
uvm_vnp_terminate() could clear the flag and take over the vnode.
mpi@ noted that this code path is mostly dead code because there is no "async
I/O" (uvn_io() is always synchronous).
ok visa@ mpi@
espie [Tue, 19 Apr 2022 15:03:12 +0000 (15:03 +0000)]
document the actual problems that pkg_check-version can diagnose
claudio [Tue, 19 Apr 2022 13:52:24 +0000 (13:52 +0000)]
Change type of talsz and dependent code from size_t to int. Tal ids are
already stored as int and and talsz is the limit for these ids.
OK tb@
claudio [Tue, 19 Apr 2022 13:25:08 +0000 (13:25 +0000)]
Make it a hard error when an unknown repoistory id is passed to
parse_filepath(). If that happens something went very wrong and
it is better to fail hard then to limp along.
OK tb@
espie [Tue, 19 Apr 2022 12:51:32 +0000 (12:51 +0000)]
next iteration: make the support dependent on TEST parameters
-DTEST_CACHING: try the cache
-DTEST_CACHING_VERBOSE: make it say what it does
-DTEST_CACHING_RECHECK: don't trust the cache and compare the extracted
value with the actual package contents (thus making it slower once again)
Quite a few more checks along the way, in general
claudio [Tue, 19 Apr 2022 11:07:33 +0000 (11:07 +0000)]
Cosmetics, add missing space
claudio [Tue, 19 Apr 2022 09:52:29 +0000 (09:52 +0000)]
Adjust on how CRL and MFT files are verified.
Verify the CRL referenced from the mft against the mft's fileAndHash info.
If the CRL matches then load it and use it to validate this mft. If the
mft validated OK add the now also valid CRL to the auth store for later use.
Before the newest CRL was always selected but that has negative consequences
because it is common practice to revoke the previous MFT's EE cert and with
that the cache is turned useless as soon as a new CRL is used. Also there
was a possibility that the CRL used for validation of the MFT was not the
one later used.
Both RFC6486 and draft-ietf-sidrops-6486bis are unclear about this part
of the validation process. We opted in favor of the chached MFT.
With and OK tb@
dlg [Tue, 19 Apr 2022 03:51:47 +0000 (03:51 +0000)]
document the bits of the kstat struct that providers work with.
the kstat api is a small part of implementing a kstat, most of it
depends on how you set up the kstat struct.
kevlo [Tue, 19 Apr 2022 03:26:52 +0000 (03:26 +0000)]
regen
kevlo [Tue, 19 Apr 2022 03:26:33 +0000 (03:26 +0000)]
Add a new RDC PHY.
From Andrius Varanavicius
kevlo [Tue, 19 Apr 2022 03:25:46 +0000 (03:25 +0000)]
Restore original MDC speed control register value on vte_reset,
which is needed for at least Vortex86DX3 machines.
Patch from Andrius Varanavicius via bugs@
Special thanks to DMP for donating hardware which helped make this fix
possible.