openbsd
11 months agoRegen cert.pem
tb [Mon, 27 Nov 2023 21:44:21 +0000 (21:44 +0000)]
Regen cert.pem

ok sthen

New Roots for existing CA:
  /CN=Atos TrustedRoot Root CA ECC TLS 2021/O=Atos/C=DE
  /CN=Atos TrustedRoot Root CA RSA TLS 2021/O=Atos/C=DE

New CA:
BEIJING CERTIFICATE AUTHORITY
  /C=CN/O=BEIJING CERTIFICATE AUTHORITY/CN=BJCA Global Root CA1
  /C=CN/O=BEIJING CERTIFICATE AUTHORITY/CN=BJCA Global Root CA2

Two E-Tugra roots were removed due to a breach:
  /C=TR/L=Ankara/O=E-Tugra EBG A.S./OU=E-Tugra Trust Center/CN=E-Tugra Global Root CA ECC v3
  /C=TR/L=Ankara/O=E-Tugra EBG A.S./OU=E-Tugra Trust Center/CN=E-Tugra Global Root CA RSA v3
https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/C-HrP1SEq1A

Removed expired root:
  /C=HK/O=Hongkong Post/CN=Hongkong Post Root CA 1

Removed expired CA:
SECOM Trust.net
  /C=JP/O=SECOM Trust.net/OU=Security Communication RootCA1

New CA:
Sectigo Limited
  /C=GB/O=Sectigo Limited/CN=Sectigo Public Server Authentication Root E46
  /C=GB/O=Sectigo Limited/CN=Sectigo Public Server Authentication Root R46

New roots for existing CA:
  /C=US/O=SSL Corporation/CN=SSL.com TLS ECC Root CA 2022
  /C=US/O=SSL Corporation/CN=SSL.com TLS RSA Root CA 2022

11 months agoAdd NULL check before dereferencing inp_seclevel.
bluhm [Mon, 27 Nov 2023 20:37:15 +0000 (20:37 +0000)]
Add NULL check before dereferencing inp_seclevel.

In some cases inp may be NULL, so check that before passing
inp->inp_seclevel to ipsp_spd_lookup() or ip_output().

Missed in previous commit.

11 months agoRegen
miod [Mon, 27 Nov 2023 20:04:07 +0000 (20:04 +0000)]
Regen

11 months agoNew devices, support for which is coming soon.
miod [Mon, 27 Nov 2023 20:03:50 +0000 (20:03 +0000)]
New devices, support for which is coming soon.

11 months agoRemove some trailing whitespace
tb [Mon, 27 Nov 2023 19:27:21 +0000 (19:27 +0000)]
Remove some trailing whitespace

x509_prn.c r1.6 changed the output of 'openssl -in foo.pem -noout -text'
by removing trailing whitespace from non-critical certificate extensions.
Committing the difference now to reduces noise in an upcoming diff.

There's some trailing whitespace remaining. That's because we try to print
a BMPString in an User Notice's Explicit Text with "%*s". That doesn't work
so well with an encoding full of NULs...

11 months agoAdd missing error check for yp_get_default_domain()
tb [Mon, 27 Nov 2023 18:37:53 +0000 (18:37 +0000)]
Add missing error check for yp_get_default_domain()

Avoids a crash when no default domain is set.

from hshoexer
ok deraadt who had the same diff

11 months agoadditonal -> additional
jsg [Mon, 27 Nov 2023 13:42:19 +0000 (13:42 +0000)]
additonal -> additional

11 months agoRemove silly parentheses
tb [Mon, 27 Nov 2023 11:52:32 +0000 (11:52 +0000)]
Remove silly parentheses

11 months agoDocument -J, --omit-link-times and remove a confusing sentence from
claudio [Mon, 27 Nov 2023 11:32:34 +0000 (11:32 +0000)]
Document -J, --omit-link-times and remove a confusing sentence from
the -O, --omit-dir-times description.
OK tb@

11 months agoImplement --omit-link-times / -J based on the --omit-dir-times work
claudio [Mon, 27 Nov 2023 11:30:49 +0000 (11:30 +0000)]
Implement --omit-link-times / -J based on the --omit-dir-times work
done by job@.
OK tb@

11 months agoThe uploader tail shortcut to skip dir postprocessing should also check
claudio [Mon, 27 Nov 2023 11:28:39 +0000 (11:28 +0000)]
The uploader tail shortcut to skip dir postprocessing should also check
if ignore_dir_times is set. In that case preserve_times loses its meaning.
OK tb@

11 months agoAdd --no-O and --no-omit-dir-times options. For some reason the real
claudio [Mon, 27 Nov 2023 10:14:19 +0000 (10:14 +0000)]
Add --no-O and --no-omit-dir-times options. For some reason the real
rsync has these options and so should ours. These strange --no-XYZ
options are undocumented and are there just for compatibility.
OK tb@ job@

11 months agointerfacename -> interface to match usage and other manuals; OK florian
kn [Mon, 27 Nov 2023 09:29:48 +0000 (09:29 +0000)]
interfacename -> interface to match usage and other manuals;  OK florian

11 months agoMove the callers X509_STORE_CTX_purpose_inherit() down a bit
tb [Mon, 27 Nov 2023 00:51:12 +0000 (00:51 +0000)]
Move the callers X509_STORE_CTX_purpose_inherit() down a bit

11 months agosupport Alder Lake-N and Alder Lake-S
jsg [Mon, 27 Nov 2023 00:39:42 +0000 (00:39 +0000)]
support Alder Lake-N and Alder Lake-S

Alder Lake-N tested by sthen@
Alder Lake-S tested by Laurence Tratt (on Raptor Lake-S)
feedback and ok kettenis@

11 months agoAdd arm64 bti pads for range extension thunks.
tobhe [Sun, 26 Nov 2023 22:18:45 +0000 (22:18 +0000)]
Add arm64 bti pads for range extension thunks.

Large arm64 binaries like chromium use range extension thunks
for accessing plt entries. Add bti landing pads for the
additional indirection.

upstream commit: 60827df765156cee6cca3dc5049388dde9dac1c0

ok kettenis@

11 months agoRemove inp parameter from ip_output().
bluhm [Sun, 26 Nov 2023 22:08:10 +0000 (22:08 +0000)]
Remove inp parameter from ip_output().

ip_output() received inp as parameter.  This is only used to lookup
the IPsec level of the socket.  Reasoning about MP locking is much
easier if only relevant data is passed around.  Convert ip_output()
to receive constant inp_seclevel as argument and mark it as protected
by net lock.

OK mvs@

11 months agoFix read/write past buffer end
afresh1 [Sun, 26 Nov 2023 16:52:12 +0000 (16:52 +0000)]
Fix read/write past buffer end

From upstream commit:

From 7047915eef37fccd93e7cd985c29fe6be54650b6 Mon Sep 17 00:00:00 2001
From: Karl Williamson <khw@cpan.org>
Date: Sat, 9 Sep 2023 11:59:09 -0600
Subject: [PATCH] Fix read/write past buffer end: perl-security#140

A package name may be specified in a \p{...} regular expression
construct.  If unspecified, "utf8::" is assumed, which is the package
all official Unicode properties are in.  By specifying a different
package, one can create a user-defined property with the same
unqualified name as a Unicode one.  Such a property is defined by a sub
whose name begins with "Is" or "In", and if the sub wishes to refer to
an official Unicode property, it must explicitly specify the "utf8::".
S_parse_uniprop_string() is used to parse the interior of both \p{} and
the user-defined sub lines.

In S_parse_uniprop_string(), it parses the input "name" parameter,
creating a modified copy, "lookup_name", malloc'ed with the same size as
"name".  The modifications are essentially to create a canonicalized
version of the input, with such things as extraneous white-space
stripped off.  I found it convenient to strip off the package specifier
"utf8::".  To to so, the code simply pretends "lookup_name" begins just
after the "utf8::", and adjusts various other values to compensate.
However, it missed the adjustment of one required one.

This is only a problem when the property name begins with "perl" and
isn't "perlspace" nor "perlword".  All such ones are undocumented
internal properties.

What happens in this case is that the input is reparsed with slightly
different rules in effect as to what is legal versus illegal.  The
problem is that "lookup_name" no longer is pointing to its initial
value, but "name" is.  Thus the space allocated for filling "lookup_name"
is now shorter than "name", and as this shortened "lookup_name" is
filled by copying suitable portions of "name", the write can be to
unallocated space.

The solution is to skip the "utf8::" when reparsing "name".  Then both
"lookup_name" and "name" are effectively shortened by the same amount,
and there is no going off the end.

This commit also does white-space adjustment so that things align
vertically for readability.

11 months agomark functions as static when they're unused elsewhere, makes the
espie [Sun, 26 Nov 2023 16:04:17 +0000 (16:04 +0000)]
mark functions as static when they're unused elsewhere, makes the
code slightly easier to understand.

okay and tweak kn@

11 months agoAdd a few more RK3588 clocks/resets that are reference by newer device
kettenis [Sun, 26 Nov 2023 13:47:45 +0000 (13:47 +0000)]
Add a few more RK3588 clocks/resets that are reference by newer device
trees.

ok dlg@

11 months agovmm(4)/vmx: pass correct vpid value to invvpid.
dv [Sun, 26 Nov 2023 13:02:44 +0000 (13:02 +0000)]
vmm(4)/vmx: pass correct vpid value to invvpid.

While vmm's use of invvpid in the vmx vcpu run loop is questionable
since we require and use EPT, the vpid value is unquestionably wrong
in these calls.

ok mlarkin@

11 months agoregen
jsg [Sun, 26 Nov 2023 05:47:54 +0000 (05:47 +0000)]
regen

11 months agodrm/i915/rpl: Update pci ids for RPL P/U
jsg [Sun, 26 Nov 2023 05:47:21 +0000 (05:47 +0000)]
drm/i915/rpl: Update pci ids for RPL P/U

From Dnyaneshwar Bhadane
5d5fea7c79a7f7b61a9683784c83d539aca8dafe in mainline linux

11 months agoFix oslog support and be more forgiving when we see messages that we don't
kettenis [Sat, 25 Nov 2023 18:12:20 +0000 (18:12 +0000)]
Fix oslog support and be more forgiving when we see messages that we don't
recognize.  Fixes booting with newer firmware (such as the firmware
currently installed by the Asahi installer).

ok tobhe@

11 months agorecognize future updatedb tagged packages
espie [Sat, 25 Nov 2023 17:43:39 +0000 (17:43 +0000)]
recognize future updatedb tagged packages

11 months agoUpdate awk to the Nov 24, 2023 version.
millert [Sat, 25 Nov 2023 16:31:33 +0000 (16:31 +0000)]
Update awk to the Nov 24, 2023 version.

11 months agowhitespace; spotted by kn
florian [Sat, 25 Nov 2023 13:00:05 +0000 (13:00 +0000)]
whitespace; spotted by kn

11 months agoMove ssl_cipher_id_cmp() next to its only caller
tb [Sat, 25 Nov 2023 12:05:08 +0000 (12:05 +0000)]
Move ssl_cipher_id_cmp() next to its only caller

It was left alone and forlorn in the middle of other nonsense. Since there
is only one caller (the OBJ_bsearch_ stupidity), it can be static and there
is no need to prototype it in ssl_local.h.

11 months agoFirst stab at IPv6-only preferred from RFC8925.
florian [Sat, 25 Nov 2023 12:00:39 +0000 (12:00 +0000)]
First stab at IPv6-only preferred from RFC8925.

This lets dhcpleased(8) request "IPv6-only preferred". If the
server replies with this option dhcpleased stops and does not request
a lease and deconfigures IPv4 on the interface.

For now this is pretty much useless unless one dynamically configures
pf(4) to act as a CLAT. gelatod(8) from ports can help with this.

However, this helps me while hacking on a kernel based stateless CLAT
by moving dhcpleased out of the way while having an IPv6-mostly
network configured to compare behaviour with macOS.

Input jmc
OK phessler
Input & OK sthen

11 months agoforgot to zap really old D/F
espie [Sat, 25 Nov 2023 11:02:23 +0000 (11:02 +0000)]
forgot to zap really old D/F

11 months ago-h is handled by State.pm, don't try to recognize it
espie [Sat, 25 Nov 2023 11:01:22 +0000 (11:01 +0000)]
-h is handled by State.pm, don't try to recognize it

11 months agocheck_security has been around long enough, no need to check quirks can
espie [Sat, 25 Nov 2023 10:58:45 +0000 (10:58 +0000)]
check_security has been around long enough, no need to check quirks can
do it

11 months agoreinstate checking the keytype, which I unwittingly dropped a long time ago.
espie [Sat, 25 Nov 2023 10:29:23 +0000 (10:29 +0000)]
reinstate checking the keytype, which I unwittingly dropped a long time ago.

11 months agoreason this is here
espie [Sat, 25 Nov 2023 10:18:40 +0000 (10:18 +0000)]
reason this is here

11 months agodead too
espie [Sat, 25 Nov 2023 10:17:59 +0000 (10:17 +0000)]
dead too

11 months agothis is dead since 2016
espie [Sat, 25 Nov 2023 10:17:38 +0000 (10:17 +0000)]
this is dead since 2016

11 months agoDocument that "localhost" only resolves to the loopback addresses.
florian [Sat, 25 Nov 2023 08:14:43 +0000 (08:14 +0000)]
Document that "localhost" only resolves to the loopback addresses.
prodding pb
OK phessler, sthen
Input & OK jmc

11 months agovmm(4)/vmx: fix memory scribbling by updating GDTR/TR if vcpu moves.
dv [Fri, 24 Nov 2023 21:48:25 +0000 (21:48 +0000)]
vmm(4)/vmx: fix memory scribbling by updating GDTR/TR if vcpu moves.

If the vcpu thread sleeps in the kernel, like when handling a nested
page fault and calling uvm_fault(9), the thread may be rescheduled
on another host cpu. vmm(4) was only setting the GDTR and TR bases
in the VMCS once prior to first vm entry, so a thread migration can
result in restoring the wrong GDTR and TR on vm exit for the host
cpu. This results in borked interrupts and corrupted stack pointers,
causing programs to segfault or sigabort. It can also result in
missed ipi's causing kernel deadlocks.

Use similar logic to the SVM routines and check for cpu migration
within the hot loop. Since we're letting the VMX features of the
cpu restore GDTR, we can also drop the manual store/load routines.

Reported and with much appreciated testing help from Mischa Peters.

ok mlarkin@

11 months agoadd glue to match usage against actual options, as a debugging facility
espie [Fri, 24 Nov 2023 18:19:25 +0000 (18:19 +0000)]
add glue to match usage against actual options, as a debugging facility

11 months agoRemove unneeded symbols.
miod [Fri, 24 Nov 2023 16:41:12 +0000 (16:41 +0000)]
Remove unneeded symbols.

11 months agoEmpty IKEv2 DPD messages should not contain extra NONE payloads
tobhe [Fri, 24 Nov 2023 14:43:00 +0000 (14:43 +0000)]
Empty IKEv2 DPD messages should not contain extra NONE payloads

from markus@

11 months agoRequire files to be of a minimum size in the RRDP & RSYNC transports
job [Fri, 24 Nov 2023 14:05:47 +0000 (14:05 +0000)]
Require files to be of a minimum size in the RRDP & RSYNC transports

Picked 100 bytes as a minimum, to accommodate future signature schemes
(such as the smaller P-256) and small files like empty CRLs.

With and OK claudio@ tb@

11 months agoMatch on 19h/1xh PSP
jmatthew [Fri, 24 Nov 2023 08:47:35 +0000 (08:47 +0000)]
Match on 19h/1xh PSP

ok dlg@

11 months agoNo need to load function addresses in registers and branch to the register
miod [Fri, 24 Nov 2023 07:57:39 +0000 (07:57 +0000)]
No need to load function addresses in registers and branch to the register
contents when there is that nifty instruction called "call"; NFC

11 months agoRemove unused direct map defines and macros, originating from FreeBSD.
miod [Fri, 24 Nov 2023 07:18:49 +0000 (07:18 +0000)]
Remove unused direct map defines and macros, originating from FreeBSD.
ok mlarkin@ kettenis@

11 months agoAdditional tests of automatic tagging involving different kinds of hyphens
schwarze [Fri, 24 Nov 2023 04:53:39 +0000 (04:53 +0000)]
Additional tests of automatic tagging involving different kinds of hyphens
after tag.c rev. 1.38.

11 months ago1. Do not put ASCII_HYPH (0x1c) into the tag file.
schwarze [Fri, 24 Nov 2023 04:48:02 +0000 (04:48 +0000)]
1. Do not put ASCII_HYPH (0x1c) into the tag file.
That happened when tagging a string containing '-' on an input text line,
most commonly in man(7) .TP next line scope.
2. Do not let "\-" end the tag.
In both cases, translate ASCII_HYPH and "\-" to plain '-' for output.
For example, this improves handling of unbound.conf(5).

These two bugs were found thanks to a posting by weerd@.

11 months agoregen
jmatthew [Fri, 24 Nov 2023 04:34:35 +0000 (04:34 +0000)]
regen

11 months agoAdd devices found in 4th generation (Genoa) Epyc systems
jmatthew [Fri, 24 Nov 2023 04:34:09 +0000 (04:34 +0000)]
Add devices found in 4th generation (Genoa) Epyc systems

input from and ok jsg@

11 months agoPlug mem leak of msg when processing a quit message.
dtucker [Fri, 24 Nov 2023 00:31:30 +0000 (00:31 +0000)]
Plug mem leak of msg when processing a quit message.
Coverity CID#427852, ok djm@

11 months agoFix comments longer than 80 column.
asou [Fri, 24 Nov 2023 00:15:42 +0000 (00:15 +0000)]
Fix comments longer than 80 column.

ok miod@

11 months agoavoid passing weird mbuf chains to pf when pushing out a veb.
dlg [Thu, 23 Nov 2023 23:45:10 +0000 (23:45 +0000)]
avoid passing weird mbuf chains to pf when pushing out a veb.

pf expects the ip header to be in the first mbuf of the chain we
pass to pf_test, but in some situations the ethernet header is the
only data in the first mbuf. after we remove the ethernet header,
the first mbuf had no data in it which confused pf. fix this by
passing all packets to ip_check on output as well as input. ip input
handlers do all the necessary m_pullups.

found by Mark Patruck.

11 months agoA mountroot hook unsets ci->ci_opp_table in case clocks or regulators
patrick [Thu, 23 Nov 2023 19:54:30 +0000 (19:54 +0000)]
A mountroot hook unsets ci->ci_opp_table in case clocks or regulators
aren't available, so we have to continue to check its existence on each
kstat read.

ok dlg@

11 months agotweak previous; suggested by jmc
florian [Thu, 23 Nov 2023 16:30:12 +0000 (16:30 +0000)]
tweak previous; suggested by jmc

11 months agonow always needs sys/task.h
deraadt [Thu, 23 Nov 2023 15:02:57 +0000 (15:02 +0000)]
now always needs sys/task.h

11 months agomatch on Alder Lake-N ids
jsg [Thu, 23 Nov 2023 14:24:06 +0000 (14:24 +0000)]
match on Alder Lake-N ids
tested-by and ok sthen@

11 months agoregen
jsg [Thu, 23 Nov 2023 14:22:30 +0000 (14:22 +0000)]
regen

11 months agoadd Alder Lake-N ids
jsg [Thu, 23 Nov 2023 14:21:47 +0000 (14:21 +0000)]
add Alder Lake-N ids

from:
Intel Processor and Intel Core i3 N-Series
Datasheet, Volume 1 of 2, Doc. No.: 759603, Rev.: 001

ok sthen@

11 months agoDon't set directory modtimes to match the source
job [Thu, 23 Nov 2023 13:01:15 +0000 (13:01 +0000)]
Don't set directory modtimes to match the source

When syncing against remote repositories, the modtimes of the
remote directories is irrelevant. In the RRDP protocol the directory
modtimes aren't signalled either. This should save some IOPS.

OK tb@

11 months agoAdd --omit-dir-times / -O
job [Thu, 23 Nov 2023 11:59:53 +0000 (11:59 +0000)]
Add --omit-dir-times / -O

OK claudio@

11 months agoneed to represent the option for it to actually make it into the package
espie [Thu, 23 Nov 2023 09:44:08 +0000 (09:44 +0000)]
need to represent the option for it to actually make it into the package

11 months agoregen
jsg [Thu, 23 Nov 2023 05:09:30 +0000 (05:09 +0000)]
regen

11 months agoadd another Van Gogh device id
jsg [Thu, 23 Nov 2023 05:08:56 +0000 (05:08 +0000)]
add another Van Gogh device id

1435 rev ae is "Custom GPU 0932"
found in Windows driver for Steam Deck OLED APU

11 months agoadd an endpoint command for "bridges" that use addresses as endpoints.
dlg [Thu, 23 Nov 2023 03:38:34 +0000 (03:38 +0000)]
add an endpoint command for "bridges" that use addresses as endpoints.

this can be used to add static entries on interfaces like vxlan(4).

11 months agoInclude existing mux path in debug message.
dtucker [Thu, 23 Nov 2023 03:37:05 +0000 (03:37 +0000)]
Include existing mux path in debug message.

11 months agonon-standard vxlan port is set on the tunnel src address
dlg [Thu, 23 Nov 2023 03:36:42 +0000 (03:36 +0000)]
non-standard vxlan port is set on the tunnel src address

11 months agoadd support for specifying ports on the src address in tunnel endpoints.
dlg [Thu, 23 Nov 2023 03:22:14 +0000 (03:22 +0000)]
add support for specifying ports on the src address in tunnel endpoints.

11 months agoprovide operating performance point info about each cpu via kstats.
dlg [Thu, 23 Nov 2023 01:00:44 +0000 (01:00 +0000)]
provide operating performance point info about each cpu via kstats.

if there's a device tree and it provides information about cpu
speed, expose those stats. this is particularly useful on big.little
or systems with multiple clusters/clock domains or cores that can
scale indepenently because it can report the actual speed each cpu
is operating at independently.

ok patrick@ who used an earlier version of this diff to work on cpu
scaling on an rk3588 system.

11 months agoexpose the state of thermal zones as kstats.
dlg [Thu, 23 Nov 2023 00:47:13 +0000 (00:47 +0000)]
expose the state of thermal zones as kstats.

this makes it a bit more obvious how much head room you have for
things like cpu performance scaling.

the information provided at the moment is more useful for developers
working on cpu scaling, but it should improve as i get my head
around more of these things.

patrick@ and kettenis@ like the idea.

11 months agoFix race when initializing TSC.
bluhm [Wed, 22 Nov 2023 18:50:10 +0000 (18:50 +0000)]
Fix race when initializing TSC.

During boot TSC initialization could fail with panic: tsc_test_sync_ap:
cpu2: tsc_ap_name is not NULL: cpu1.
The root cause is a race between the moment the application processor
sets CPUF_IDENTIFIED in cpu_hatch() and the moment the boot processor
checks CPUF_IDENTIFIED in cpu_start_secondary() before the TSC sync
test.
The fix is to set CPUF_IDENTIFIED before clearing CPUF_IDENTIFY in
cpu_hatch().

from hshoexer@ cheloha@; OK deraadt@ mlarkin@

11 months agotypo: mutiple -> multiple
op [Wed, 22 Nov 2023 18:23:09 +0000 (18:23 +0000)]
typo: mutiple -> multiple

from Ryan Kavanagh (rak [at] debian [dot] org), ok tb@

11 months agoregen
tobhe [Wed, 22 Nov 2023 18:22:53 +0000 (18:22 +0000)]
regen

11 months agoAdd support for keyboard backlight hotkeys in wskbd and hook up macppc apple
tobhe [Wed, 22 Nov 2023 18:19:25 +0000 (18:19 +0000)]
Add support for keyboard backlight hotkeys in wskbd and hook up macppc apple
keyboards.

From jon (at) elytron (dot) openbsd (dot) amsterdam with some changes by me
ok gkoehler@

11 months agoAdd support for keyboard backlight on Apple Powerbooks.
tobhe [Wed, 22 Nov 2023 18:14:35 +0000 (18:14 +0000)]
Add support for keyboard backlight on Apple Powerbooks.

From jon (at) elytron (dot) openbsd (dot) amsterdam
ok gkoehler@

11 months agoRecognize option ipv6-only-preferred (RFC8925).
florian [Wed, 22 Nov 2023 18:06:44 +0000 (18:06 +0000)]
Recognize option ipv6-only-preferred (RFC8925).

"option option-108 00:00:07:08;" is unwieldy and error prone.

OK denis, kn, deraadt

11 months agoUnhook and remove the now even more useless ssl_algs.c than it was before.
tb [Wed, 22 Nov 2023 15:55:28 +0000 (15:55 +0000)]
Unhook and remove the now even more useless ssl_algs.c than it was before.

ok jsing

11 months agoMake SSL_library_init() a wrapper of OPENSSL_init_ssl()
tb [Wed, 22 Nov 2023 15:53:53 +0000 (15:53 +0000)]
Make SSL_library_init() a wrapper of OPENSSL_init_ssl()

This way it doesn't do nonsensical work for all those who cargo culted an
init sequence. There's no point in having SSL_library_init() as a cheaper
version of OPENSSL_init_ssl(): once you do crypto, you'll init crypto...

Also move the now trivial implementation to ssl_init.c which has a good
license.

ok jsing

11 months agoStop calling SSL_library_init() from OPENSSL_init_ssl_internal()
tb [Wed, 22 Nov 2023 15:49:47 +0000 (15:49 +0000)]
Stop calling SSL_library_init() from OPENSSL_init_ssl_internal()

It's pointless: all the ciphers and digests added by SSL_library_init()
are already added by OPENSSL_init_crypto(), which was already called at
that point.

ok jsing

11 months agoMove SSL_library_init() next to OPENSSL_init_ssl()
tb [Wed, 22 Nov 2023 15:43:42 +0000 (15:43 +0000)]
Move SSL_library_init() next to OPENSSL_init_ssl()

Its current position makes no sense and it will become a wrapper of the
latter in a subsequent commit.

ok jsing

11 months agoSet correct errno field in struct asr_result.
florian [Wed, 22 Nov 2023 13:19:31 +0000 (13:19 +0000)]
Set correct errno field in struct asr_result.

Otherwise gethostbyname(3) returns stack garbage when it is called
with an invalid host name, indicating success.
Problem observed in segfaulting ifconfig(8) by bluhm.

11 months agoPrepare to do the updatedb stuff as an @option, so that the code is less ad-hoc
espie [Wed, 22 Nov 2023 11:18:37 +0000 (11:18 +0000)]
Prepare to do the updatedb stuff as an @option, so that the code is less ad-hoc

11 months agoPiping single file to standard out needs no "proc exec"
kn [Wed, 22 Nov 2023 02:20:54 +0000 (02:20 +0000)]
Piping single file to standard out needs no "proc exec"

'-o -' now means no "ftp> " shell, so no "|some cmd" files, "!some cmd" or
"page" commands.

OK millert

11 months agoDo not drop into "ftp> " shell when piping to stdandard output
kn [Wed, 22 Nov 2023 02:16:20 +0000 (02:16 +0000)]
Do not drop into "ftp> " shell when piping to stdandard output

'-o -' is orthogonal to an interactive prompt, yet some (malformed) URLs
such as ftp://host/ would still end up there;  exit after processing the
first file/URL to prevent this.

sthen deraadt agree
OK millert

11 months agoUpdate awk to the Nov 20, 2023 version.
millert [Wed, 22 Nov 2023 01:01:21 +0000 (01:01 +0000)]
Update awk to the Nov 20, 2023 version.

This includes a rewrite of the fnematch() function as well as a
refactoring of the sub and gsub implementation.

11 months agoec_print.c: Unwrap a line
tb [Tue, 21 Nov 2023 22:17:15 +0000 (22:17 +0000)]
ec_print.c: Unwrap a line

11 months agoInline a better version of print_bin() in only caller
tb [Tue, 21 Nov 2023 22:05:33 +0000 (22:05 +0000)]
Inline a better version of print_bin() in only caller

Instead of printing to a temporary buffer with weird gymnastics, we can
simply write things out to the BIO using proper indent. This still isn't
perfect since we have a CBS version of this in ecx_buf_print(), which is
basically what used to be ASN1_buf_print(). Annotate this with an XXX for
future cleanup.

ok beck

11 months agoMake a few purpose things const
tb [Tue, 21 Nov 2023 17:56:19 +0000 (17:56 +0000)]
Make a few purpose things const

This should allow us to constify a sizable table in libcrypto in an
upcoming bump.

11 months agoFix a <= 5-byte buffer overwrite in print_bin()
tb [Tue, 21 Nov 2023 16:31:31 +0000 (16:31 +0000)]
Fix a <= 5-byte buffer overwrite in print_bin()

If the offset is > 124, this function would overwrite between 1 and 5 bytes
of stack space after str[128]. So for a quick fix extend the buffer by 5
bytes. Obviously this is the permanent fix chosen elswehere. The proper fix
will be to rewrite this function from scratch.

Reported in detail by Masaru Masuda, many thanks!
Fixes https://github.com/libressl/openbsd/issues/145

begrudging ok from beck

11 months agoDo not short-circuit localhost resolution when AI_NUMERICHOST is set.
florian [Tue, 21 Nov 2023 15:26:56 +0000 (15:26 +0000)]
Do not short-circuit localhost resolution when AI_NUMERICHOST is set.

localhost is not a valid IP address and so getaddrinfo(3) has to fail.
Found by anton in pfctl & ipsecctl regress.

OK anton

11 months agoFix kernel build without option PTRACE, but with dt(4).
bluhm [Tue, 21 Nov 2023 14:00:13 +0000 (14:00 +0000)]
Fix kernel build without option PTRACE, but with dt(4).

Since revision 1.26 dt_ioctl_get_auxbase() is calling process_domem().
Build the latter function into kernel if pseudo device dt is enabled.

from Matthias Pitzl; OK claudio@

11 months agoSet sc_rtfilter to specific ROUTE_FILTER() values, as was originally
martijn [Tue, 21 Nov 2023 08:49:08 +0000 (08:49 +0000)]
Set sc_rtfilter to specific ROUTE_FILTER() values, as was originally
intended, instead of filtering out everything.

OK sthen@

11 months agoMake RTFILTER/filter-routes a simple boolean assignment, since the
martijn [Tue, 21 Nov 2023 08:47:04 +0000 (08:47 +0000)]
Make RTFILTER/filter-routes a simple boolean assignment, since the
specific value isn't used anymore, and is just used to generate an
argument for snmpd_metrics.

OK tb@

11 months agoAdd '-e' (or -eltorito-boot-efi) option for writing an EFI eltorito boot
jmatthew [Tue, 21 Nov 2023 08:46:06 +0000 (08:46 +0000)]
Add '-e' (or -eltorito-boot-efi) option for writing an EFI eltorito boot
image, in addition to or instead of the x86 boot image, to the output file.
Per the UEFI standard, the EFI boot image should be an image of an EFI
System Partition to be loaded in no-emulation mode, so we always record it
that way rather than checking if it looks like a floppy image.

with, tested by and ok yasuoka@
strong encouragement from deraadt@

11 months agodrm/syncobj: fix DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE
jsg [Tue, 21 Nov 2023 02:32:56 +0000 (02:32 +0000)]
drm/syncobj: fix DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE

From Erik Kurzinger
3bbf06efb8ed88fbafe7b10b79837b8300372f94 in linux-6.1.y/6.1.63
101c9f637efa1655f55876644d4439e552267527 in mainline linux

11 months agodrm/amd/display: Bail from dm_check_crtc_cursor if no relevant change
jsg [Tue, 21 Nov 2023 02:30:21 +0000 (02:30 +0000)]
drm/amd/display: Bail from dm_check_crtc_cursor if no relevant change

From Michel Daenzer
03e334565d2d67673d7405b5b4a746da0fc20f71 in linux-6.1.y/6.1.63
bc0b79ce2050aa523c38c96b6d26340a96bfbdca in mainline linux

11 months agodrm/amd/display: Refactor dm_get_plane_scale helper
jsg [Tue, 21 Nov 2023 02:28:24 +0000 (02:28 +0000)]
drm/amd/display: Refactor dm_get_plane_scale helper

From Michel Daenzer
a99afba394a9b014eafaca2aa83495d651054bb1 in linux-6.1.y/6.1.63
ec4d770bbb155674c2497f255f4199bdc42287a9 in mainline linux

11 months agodrm/amd/display: Check all enabled planes in dm_check_crtc_cursor
jsg [Tue, 21 Nov 2023 02:26:43 +0000 (02:26 +0000)]
drm/amd/display: Check all enabled planes in dm_check_crtc_cursor

From Michel Daenzer
896066202757b5c890ee670840ba985d48da2e0e in linux-6.1.y/6.1.63
003048ddf44b1a6cfa57afa5a0cf40673e13f1ba in mainline linux

11 months agodrm/amdkfd: fix some race conditions in vram buffer alloc/free of svm code
jsg [Tue, 21 Nov 2023 02:23:24 +0000 (02:23 +0000)]
drm/amdkfd: fix some race conditions in vram buffer alloc/free of svm code

From Xiaogang Chen
9eae81af9243aabb75bdf638fd773cdee0907f92 in linux-6.1.y/6.1.63
7bfaa160caed8192f8262c4638f552cad94bcf5a in mainline linux

11 months agodrm/radeon: possible buffer overflow
jsg [Tue, 21 Nov 2023 02:22:04 +0000 (02:22 +0000)]
drm/radeon: possible buffer overflow

From Konstantin Meskhidze
341e79f8aec6af6b0061b8171d77b085835c6a58 in linux-6.1.y/6.1.63
dd05484f99d16715a88eedfca363828ef9a4c2d4 in mainline linux

11 months agoadd more product names in comments
jsg [Tue, 21 Nov 2023 02:18:47 +0000 (02:18 +0000)]
add more product names in comments