millert [Wed, 29 Nov 2023 15:35:07 +0000 (15:35 +0000)]
relay_read_http: defer header parsing until after line continuation
Wait until we have a complete line before parsing the Content-Length,
Transfer-Encoding and Host headers. This prevents potential request
smuggling attacks. Filtering already happens after header line
continuation has been performed. Reported by Ben Kallus.
OK claudio@
espie [Wed, 29 Nov 2023 14:32:01 +0000 (14:32 +0000)]
aliases package.5 as packing-list and plist, since this is the entry
point for people looking for packing-list details.
small tweak by tb@ for readability
okay tb@, jca@
tb [Wed, 29 Nov 2023 13:39:34 +0000 (13:39 +0000)]
Convert ssl3_cipher_by_id() to bsearch()
This was previously the only user of OBJ_bsearch_ssl_cipher_id(), which
in turn is the one remaining user of OBJ_bsearch_() outside of libcrypto.
OBJ_bsearch_() is OpenSSL's idiosyncratic reimplementation of ANSI C89's
bsearch(). Since this used to be hidden behind macro insanity, the result
was three inscrutable layers of comparison functions.
It is much simpler and cleaner to use the standard API. Move all the code
to s3_lib.c, since it's ony used there.
In a few further diffs, OBJ_bsearch_() will be removed from libcrypto.
Unfortunately, we'll need to keep OBJ_bsearch_ex(), because it is
exposed via sk_find_ex(), which is exposed by M2Crypto...
ok jsing
tb [Wed, 29 Nov 2023 13:29:34 +0000 (13:29 +0000)]
Use a long for id in ssl3_get_cipher_by_id()
While the cipher id is effectively a 32-bit value, someone decided that
it should be represented by a long in various internal structs, whose
mameber is passed as id. So use a long because of this and also to make
an upcoming diff simpler.
ok jsing
claudio [Wed, 29 Nov 2023 11:47:15 +0000 (11:47 +0000)]
Cleanup kmeminit_nkmempages().
NKMEMPAGES_MIN was removed long time ago in all archs so there is no
need to keep it.
Also initalize nkmempages_max at compile time since sparc (with variable
page size) is long gone as well.
No objection from miod@
jmatthew [Wed, 29 Nov 2023 06:59:23 +0000 (06:59 +0000)]
update supported hardware lists
jmatthew [Wed, 29 Nov 2023 06:54:09 +0000 (06:54 +0000)]
Add support for new SAS HBAs (codenamed Aero and Sea, sold as Broadcom HBA
9500, Dell HBA350/5, Lenovo ThinkSystem 440 HBA, Supermicro AOC-S3808/16)
These apparently have a hardware problem that results in reads of some
registers returning all zeros under some transient conditions, which can
apparently be worked around by retrying reads that return 0 up to 3 times.
ok dlg@
jmatthew [Wed, 29 Nov 2023 06:46:58 +0000 (06:46 +0000)]
regen
jmatthew [Wed, 29 Nov 2023 06:46:29 +0000 (06:46 +0000)]
add some new Broadcom SAS HBA ids
jsg [Wed, 29 Nov 2023 03:41:31 +0000 (03:41 +0000)]
increase the number of address ranges in acpi attach args from 4 to 8
On Intel Alder Lake-S and Raptor Lake-S platforms GPIO has 5 address
ranges. One for each GPIO community.
Fixes suspend/resume on Laurence Tratt's Raptor Lake-S machine
which broke when Alder Lake-S support was added to pchgpio(4).
ok kettenis@
millert [Tue, 28 Nov 2023 20:54:38 +0000 (20:54 +0000)]
Update awk to the Nov 27, 2023 version.
millert [Tue, 28 Nov 2023 18:36:55 +0000 (18:36 +0000)]
relay_read_http: tighten up header parsing
1) reject headers with embedded NULs
2) reject headers with invalid characters in the name
3) reject Transfer-Encoding with values other than "chunked"
4) reject chunk values containing non-hex characters
5) reject Content-Length values of "+0" or "-0"
6) reject requests without a ' ' and headers without a ':'
Reported by Ben Kallus, OK bluhm@
bluhm [Tue, 28 Nov 2023 13:23:20 +0000 (13:23 +0000)]
Remove struct inpcb from in6_embedscope() parameters.
rip6_output() did modify inp_outputopts6 temporarily to provide
different ip6_pktopts to in6_embedscope(). Better pass inp_outputopts6
and inp_moptions6 as separate arguments to in6_embedscope().
Simplify the code that deals with these options in in6_embedscope().
Doucument inp_moptions and inp_moptions6 as protected by net lock.
OK kn@
tb [Tue, 28 Nov 2023 13:19:04 +0000 (13:19 +0000)]
Switch to legacy method late in tls13_use_legacy_stack()
If memory allocation of s->init_buf fails in ssl3_setup_init_buffer()
during downgrade to the legacy stack, the legacy state machine would
resume with an incorrectly set up SSL, resulting in a NULL dereference.
The fix is to switch to the legacy method only after the SSL is fully
set up. There is a second part to this fix, which will be committed
once we manage to agree on the color of the bikeshed.
Detailed analysis and patch from Masaru Masuda, many thanks!
https://github.com/libressl/openbsd/issues/146
ok jsing
jsg [Tue, 28 Nov 2023 09:29:20 +0000 (09:29 +0000)]
correct spelling of FALLTHROUGH
jsg [Tue, 28 Nov 2023 09:10:18 +0000 (09:10 +0000)]
remove more unused defines
ok kettenis@
dv [Tue, 28 Nov 2023 00:17:48 +0000 (00:17 +0000)]
Adapt inv{vpid,ept} to return success or failure.
ok mlarkin@
tb [Mon, 27 Nov 2023 22:39:26 +0000 (22:39 +0000)]
EVP test: fix includes
tb [Mon, 27 Nov 2023 22:29:51 +0000 (22:29 +0000)]
EVP test: add regress coverage for the do_all() API
tb [Mon, 27 Nov 2023 21:44:21 +0000 (21:44 +0000)]
Regen cert.pem
ok sthen
New Roots for existing CA:
/CN=Atos TrustedRoot Root CA ECC TLS 2021/O=Atos/C=DE
/CN=Atos TrustedRoot Root CA RSA TLS 2021/O=Atos/C=DE
New CA:
BEIJING CERTIFICATE AUTHORITY
/C=CN/O=BEIJING CERTIFICATE AUTHORITY/CN=BJCA Global Root CA1
/C=CN/O=BEIJING CERTIFICATE AUTHORITY/CN=BJCA Global Root CA2
Two E-Tugra roots were removed due to a breach:
/C=TR/L=Ankara/O=E-Tugra EBG A.S./OU=E-Tugra Trust Center/CN=E-Tugra Global Root CA ECC v3
/C=TR/L=Ankara/O=E-Tugra EBG A.S./OU=E-Tugra Trust Center/CN=E-Tugra Global Root CA RSA v3
https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/C-HrP1SEq1A
Removed expired root:
/C=HK/O=Hongkong Post/CN=Hongkong Post Root CA 1
Removed expired CA:
SECOM Trust.net
/C=JP/O=SECOM Trust.net/OU=Security Communication RootCA1
New CA:
Sectigo Limited
/C=GB/O=Sectigo Limited/CN=Sectigo Public Server Authentication Root E46
/C=GB/O=Sectigo Limited/CN=Sectigo Public Server Authentication Root R46
New roots for existing CA:
/C=US/O=SSL Corporation/CN=SSL.com TLS ECC Root CA 2022
/C=US/O=SSL Corporation/CN=SSL.com TLS RSA Root CA 2022
bluhm [Mon, 27 Nov 2023 20:37:15 +0000 (20:37 +0000)]
Add NULL check before dereferencing inp_seclevel.
In some cases inp may be NULL, so check that before passing
inp->inp_seclevel to ipsp_spd_lookup() or ip_output().
Missed in previous commit.
miod [Mon, 27 Nov 2023 20:04:07 +0000 (20:04 +0000)]
Regen
miod [Mon, 27 Nov 2023 20:03:50 +0000 (20:03 +0000)]
New devices, support for which is coming soon.
tb [Mon, 27 Nov 2023 19:27:21 +0000 (19:27 +0000)]
Remove some trailing whitespace
x509_prn.c r1.6 changed the output of 'openssl -in foo.pem -noout -text'
by removing trailing whitespace from non-critical certificate extensions.
Committing the difference now to reduces noise in an upcoming diff.
There's some trailing whitespace remaining. That's because we try to print
a BMPString in an User Notice's Explicit Text with "%*s". That doesn't work
so well with an encoding full of NULs...
tb [Mon, 27 Nov 2023 18:37:53 +0000 (18:37 +0000)]
Add missing error check for yp_get_default_domain()
Avoids a crash when no default domain is set.
from hshoexer
ok deraadt who had the same diff
jsg [Mon, 27 Nov 2023 13:42:19 +0000 (13:42 +0000)]
additonal -> additional
tb [Mon, 27 Nov 2023 11:52:32 +0000 (11:52 +0000)]
Remove silly parentheses
claudio [Mon, 27 Nov 2023 11:32:34 +0000 (11:32 +0000)]
Document -J, --omit-link-times and remove a confusing sentence from
the -O, --omit-dir-times description.
OK tb@
claudio [Mon, 27 Nov 2023 11:30:49 +0000 (11:30 +0000)]
Implement --omit-link-times / -J based on the --omit-dir-times work
done by job@.
OK tb@
claudio [Mon, 27 Nov 2023 11:28:39 +0000 (11:28 +0000)]
The uploader tail shortcut to skip dir postprocessing should also check
if ignore_dir_times is set. In that case preserve_times loses its meaning.
OK tb@
claudio [Mon, 27 Nov 2023 10:14:19 +0000 (10:14 +0000)]
Add --no-O and --no-omit-dir-times options. For some reason the real
rsync has these options and so should ours. These strange --no-XYZ
options are undocumented and are there just for compatibility.
OK tb@ job@
kn [Mon, 27 Nov 2023 09:29:48 +0000 (09:29 +0000)]
interfacename -> interface to match usage and other manuals; OK florian
tb [Mon, 27 Nov 2023 00:51:12 +0000 (00:51 +0000)]
Move the callers X509_STORE_CTX_purpose_inherit() down a bit
jsg [Mon, 27 Nov 2023 00:39:42 +0000 (00:39 +0000)]
support Alder Lake-N and Alder Lake-S
Alder Lake-N tested by sthen@
Alder Lake-S tested by Laurence Tratt (on Raptor Lake-S)
feedback and ok kettenis@
tobhe [Sun, 26 Nov 2023 22:18:45 +0000 (22:18 +0000)]
Add arm64 bti pads for range extension thunks.
Large arm64 binaries like chromium use range extension thunks
for accessing plt entries. Add bti landing pads for the
additional indirection.
upstream commit:
60827df765156cee6cca3dc5049388dde9dac1c0
ok kettenis@
bluhm [Sun, 26 Nov 2023 22:08:10 +0000 (22:08 +0000)]
Remove inp parameter from ip_output().
ip_output() received inp as parameter. This is only used to lookup
the IPsec level of the socket. Reasoning about MP locking is much
easier if only relevant data is passed around. Convert ip_output()
to receive constant inp_seclevel as argument and mark it as protected
by net lock.
OK mvs@
afresh1 [Sun, 26 Nov 2023 16:52:12 +0000 (16:52 +0000)]
Fix read/write past buffer end
From upstream commit:
From
7047915eef37fccd93e7cd985c29fe6be54650b6 Mon Sep 17 00:00:00 2001
From: Karl Williamson <khw@cpan.org>
Date: Sat, 9 Sep 2023 11:59:09 -0600
Subject: [PATCH] Fix read/write past buffer end: perl-security#140
A package name may be specified in a \p{...} regular expression
construct. If unspecified, "utf8::" is assumed, which is the package
all official Unicode properties are in. By specifying a different
package, one can create a user-defined property with the same
unqualified name as a Unicode one. Such a property is defined by a sub
whose name begins with "Is" or "In", and if the sub wishes to refer to
an official Unicode property, it must explicitly specify the "utf8::".
S_parse_uniprop_string() is used to parse the interior of both \p{} and
the user-defined sub lines.
In S_parse_uniprop_string(), it parses the input "name" parameter,
creating a modified copy, "lookup_name", malloc'ed with the same size as
"name". The modifications are essentially to create a canonicalized
version of the input, with such things as extraneous white-space
stripped off. I found it convenient to strip off the package specifier
"utf8::". To to so, the code simply pretends "lookup_name" begins just
after the "utf8::", and adjusts various other values to compensate.
However, it missed the adjustment of one required one.
This is only a problem when the property name begins with "perl" and
isn't "perlspace" nor "perlword". All such ones are undocumented
internal properties.
What happens in this case is that the input is reparsed with slightly
different rules in effect as to what is legal versus illegal. The
problem is that "lookup_name" no longer is pointing to its initial
value, but "name" is. Thus the space allocated for filling "lookup_name"
is now shorter than "name", and as this shortened "lookup_name" is
filled by copying suitable portions of "name", the write can be to
unallocated space.
The solution is to skip the "utf8::" when reparsing "name". Then both
"lookup_name" and "name" are effectively shortened by the same amount,
and there is no going off the end.
This commit also does white-space adjustment so that things align
vertically for readability.
espie [Sun, 26 Nov 2023 16:04:17 +0000 (16:04 +0000)]
mark functions as static when they're unused elsewhere, makes the
code slightly easier to understand.
okay and tweak kn@
kettenis [Sun, 26 Nov 2023 13:47:45 +0000 (13:47 +0000)]
Add a few more RK3588 clocks/resets that are reference by newer device
trees.
ok dlg@
dv [Sun, 26 Nov 2023 13:02:44 +0000 (13:02 +0000)]
vmm(4)/vmx: pass correct vpid value to invvpid.
While vmm's use of invvpid in the vmx vcpu run loop is questionable
since we require and use EPT, the vpid value is unquestionably wrong
in these calls.
ok mlarkin@
jsg [Sun, 26 Nov 2023 05:47:54 +0000 (05:47 +0000)]
regen
jsg [Sun, 26 Nov 2023 05:47:21 +0000 (05:47 +0000)]
drm/i915/rpl: Update pci ids for RPL P/U
From Dnyaneshwar Bhadane
5d5fea7c79a7f7b61a9683784c83d539aca8dafe in mainline linux
kettenis [Sat, 25 Nov 2023 18:12:20 +0000 (18:12 +0000)]
Fix oslog support and be more forgiving when we see messages that we don't
recognize. Fixes booting with newer firmware (such as the firmware
currently installed by the Asahi installer).
ok tobhe@
espie [Sat, 25 Nov 2023 17:43:39 +0000 (17:43 +0000)]
recognize future updatedb tagged packages
millert [Sat, 25 Nov 2023 16:31:33 +0000 (16:31 +0000)]
Update awk to the Nov 24, 2023 version.
florian [Sat, 25 Nov 2023 13:00:05 +0000 (13:00 +0000)]
whitespace; spotted by kn
tb [Sat, 25 Nov 2023 12:05:08 +0000 (12:05 +0000)]
Move ssl_cipher_id_cmp() next to its only caller
It was left alone and forlorn in the middle of other nonsense. Since there
is only one caller (the OBJ_bsearch_ stupidity), it can be static and there
is no need to prototype it in ssl_local.h.
florian [Sat, 25 Nov 2023 12:00:39 +0000 (12:00 +0000)]
First stab at IPv6-only preferred from RFC8925.
This lets dhcpleased(8) request "IPv6-only preferred". If the
server replies with this option dhcpleased stops and does not request
a lease and deconfigures IPv4 on the interface.
For now this is pretty much useless unless one dynamically configures
pf(4) to act as a CLAT. gelatod(8) from ports can help with this.
However, this helps me while hacking on a kernel based stateless CLAT
by moving dhcpleased out of the way while having an IPv6-mostly
network configured to compare behaviour with macOS.
Input jmc
OK phessler
Input & OK sthen
espie [Sat, 25 Nov 2023 11:02:23 +0000 (11:02 +0000)]
forgot to zap really old D/F
espie [Sat, 25 Nov 2023 11:01:22 +0000 (11:01 +0000)]
-h is handled by State.pm, don't try to recognize it
espie [Sat, 25 Nov 2023 10:58:45 +0000 (10:58 +0000)]
check_security has been around long enough, no need to check quirks can
do it
espie [Sat, 25 Nov 2023 10:29:23 +0000 (10:29 +0000)]
reinstate checking the keytype, which I unwittingly dropped a long time ago.
espie [Sat, 25 Nov 2023 10:18:40 +0000 (10:18 +0000)]
reason this is here
espie [Sat, 25 Nov 2023 10:17:59 +0000 (10:17 +0000)]
dead too
espie [Sat, 25 Nov 2023 10:17:38 +0000 (10:17 +0000)]
this is dead since 2016
florian [Sat, 25 Nov 2023 08:14:43 +0000 (08:14 +0000)]
Document that "localhost" only resolves to the loopback addresses.
prodding pb
OK phessler, sthen
Input & OK jmc
dv [Fri, 24 Nov 2023 21:48:25 +0000 (21:48 +0000)]
vmm(4)/vmx: fix memory scribbling by updating GDTR/TR if vcpu moves.
If the vcpu thread sleeps in the kernel, like when handling a nested
page fault and calling uvm_fault(9), the thread may be rescheduled
on another host cpu. vmm(4) was only setting the GDTR and TR bases
in the VMCS once prior to first vm entry, so a thread migration can
result in restoring the wrong GDTR and TR on vm exit for the host
cpu. This results in borked interrupts and corrupted stack pointers,
causing programs to segfault or sigabort. It can also result in
missed ipi's causing kernel deadlocks.
Use similar logic to the SVM routines and check for cpu migration
within the hot loop. Since we're letting the VMX features of the
cpu restore GDTR, we can also drop the manual store/load routines.
Reported and with much appreciated testing help from Mischa Peters.
ok mlarkin@
espie [Fri, 24 Nov 2023 18:19:25 +0000 (18:19 +0000)]
add glue to match usage against actual options, as a debugging facility
miod [Fri, 24 Nov 2023 16:41:12 +0000 (16:41 +0000)]
Remove unneeded symbols.
tobhe [Fri, 24 Nov 2023 14:43:00 +0000 (14:43 +0000)]
Empty IKEv2 DPD messages should not contain extra NONE payloads
from markus@
job [Fri, 24 Nov 2023 14:05:47 +0000 (14:05 +0000)]
Require files to be of a minimum size in the RRDP & RSYNC transports
Picked 100 bytes as a minimum, to accommodate future signature schemes
(such as the smaller P-256) and small files like empty CRLs.
With and OK claudio@ tb@
jmatthew [Fri, 24 Nov 2023 08:47:35 +0000 (08:47 +0000)]
Match on 19h/1xh PSP
ok dlg@
miod [Fri, 24 Nov 2023 07:57:39 +0000 (07:57 +0000)]
No need to load function addresses in registers and branch to the register
contents when there is that nifty instruction called "call"; NFC
miod [Fri, 24 Nov 2023 07:18:49 +0000 (07:18 +0000)]
Remove unused direct map defines and macros, originating from FreeBSD.
ok mlarkin@ kettenis@
schwarze [Fri, 24 Nov 2023 04:53:39 +0000 (04:53 +0000)]
Additional tests of automatic tagging involving different kinds of hyphens
after tag.c rev. 1.38.
schwarze [Fri, 24 Nov 2023 04:48:02 +0000 (04:48 +0000)]
1. Do not put ASCII_HYPH (0x1c) into the tag file.
That happened when tagging a string containing '-' on an input text line,
most commonly in man(7) .TP next line scope.
2. Do not let "\-" end the tag.
In both cases, translate ASCII_HYPH and "\-" to plain '-' for output.
For example, this improves handling of unbound.conf(5).
These two bugs were found thanks to a posting by weerd@.
jmatthew [Fri, 24 Nov 2023 04:34:35 +0000 (04:34 +0000)]
regen
jmatthew [Fri, 24 Nov 2023 04:34:09 +0000 (04:34 +0000)]
Add devices found in 4th generation (Genoa) Epyc systems
input from and ok jsg@
dtucker [Fri, 24 Nov 2023 00:31:30 +0000 (00:31 +0000)]
Plug mem leak of msg when processing a quit message.
Coverity CID#427852, ok djm@
asou [Fri, 24 Nov 2023 00:15:42 +0000 (00:15 +0000)]
Fix comments longer than 80 column.
ok miod@
dlg [Thu, 23 Nov 2023 23:45:10 +0000 (23:45 +0000)]
avoid passing weird mbuf chains to pf when pushing out a veb.
pf expects the ip header to be in the first mbuf of the chain we
pass to pf_test, but in some situations the ethernet header is the
only data in the first mbuf. after we remove the ethernet header,
the first mbuf had no data in it which confused pf. fix this by
passing all packets to ip_check on output as well as input. ip input
handlers do all the necessary m_pullups.
found by Mark Patruck.
patrick [Thu, 23 Nov 2023 19:54:30 +0000 (19:54 +0000)]
A mountroot hook unsets ci->ci_opp_table in case clocks or regulators
aren't available, so we have to continue to check its existence on each
kstat read.
ok dlg@
florian [Thu, 23 Nov 2023 16:30:12 +0000 (16:30 +0000)]
tweak previous; suggested by jmc
deraadt [Thu, 23 Nov 2023 15:02:57 +0000 (15:02 +0000)]
now always needs sys/task.h
jsg [Thu, 23 Nov 2023 14:24:06 +0000 (14:24 +0000)]
match on Alder Lake-N ids
tested-by and ok sthen@
jsg [Thu, 23 Nov 2023 14:22:30 +0000 (14:22 +0000)]
regen
jsg [Thu, 23 Nov 2023 14:21:47 +0000 (14:21 +0000)]
add Alder Lake-N ids
from:
Intel Processor and Intel Core i3 N-Series
Datasheet, Volume 1 of 2, Doc. No.: 759603, Rev.: 001
ok sthen@
job [Thu, 23 Nov 2023 13:01:15 +0000 (13:01 +0000)]
Don't set directory modtimes to match the source
When syncing against remote repositories, the modtimes of the
remote directories is irrelevant. In the RRDP protocol the directory
modtimes aren't signalled either. This should save some IOPS.
OK tb@
job [Thu, 23 Nov 2023 11:59:53 +0000 (11:59 +0000)]
Add --omit-dir-times / -O
OK claudio@
espie [Thu, 23 Nov 2023 09:44:08 +0000 (09:44 +0000)]
need to represent the option for it to actually make it into the package
jsg [Thu, 23 Nov 2023 05:09:30 +0000 (05:09 +0000)]
regen
jsg [Thu, 23 Nov 2023 05:08:56 +0000 (05:08 +0000)]
add another Van Gogh device id
1435 rev ae is "Custom GPU 0932"
found in Windows driver for Steam Deck OLED APU
dlg [Thu, 23 Nov 2023 03:38:34 +0000 (03:38 +0000)]
add an endpoint command for "bridges" that use addresses as endpoints.
this can be used to add static entries on interfaces like vxlan(4).
dtucker [Thu, 23 Nov 2023 03:37:05 +0000 (03:37 +0000)]
Include existing mux path in debug message.
dlg [Thu, 23 Nov 2023 03:36:42 +0000 (03:36 +0000)]
non-standard vxlan port is set on the tunnel src address
dlg [Thu, 23 Nov 2023 03:22:14 +0000 (03:22 +0000)]
add support for specifying ports on the src address in tunnel endpoints.
dlg [Thu, 23 Nov 2023 01:00:44 +0000 (01:00 +0000)]
provide operating performance point info about each cpu via kstats.
if there's a device tree and it provides information about cpu
speed, expose those stats. this is particularly useful on big.little
or systems with multiple clusters/clock domains or cores that can
scale indepenently because it can report the actual speed each cpu
is operating at independently.
ok patrick@ who used an earlier version of this diff to work on cpu
scaling on an rk3588 system.
dlg [Thu, 23 Nov 2023 00:47:13 +0000 (00:47 +0000)]
expose the state of thermal zones as kstats.
this makes it a bit more obvious how much head room you have for
things like cpu performance scaling.
the information provided at the moment is more useful for developers
working on cpu scaling, but it should improve as i get my head
around more of these things.
patrick@ and kettenis@ like the idea.
bluhm [Wed, 22 Nov 2023 18:50:10 +0000 (18:50 +0000)]
Fix race when initializing TSC.
During boot TSC initialization could fail with panic: tsc_test_sync_ap:
cpu2: tsc_ap_name is not NULL: cpu1.
The root cause is a race between the moment the application processor
sets CPUF_IDENTIFIED in cpu_hatch() and the moment the boot processor
checks CPUF_IDENTIFIED in cpu_start_secondary() before the TSC sync
test.
The fix is to set CPUF_IDENTIFIED before clearing CPUF_IDENTIFY in
cpu_hatch().
from hshoexer@ cheloha@; OK deraadt@ mlarkin@
op [Wed, 22 Nov 2023 18:23:09 +0000 (18:23 +0000)]
typo: mutiple -> multiple
from Ryan Kavanagh (rak [at] debian [dot] org), ok tb@
tobhe [Wed, 22 Nov 2023 18:22:53 +0000 (18:22 +0000)]
regen
tobhe [Wed, 22 Nov 2023 18:19:25 +0000 (18:19 +0000)]
Add support for keyboard backlight hotkeys in wskbd and hook up macppc apple
keyboards.
From jon (at) elytron (dot) openbsd (dot) amsterdam with some changes by me
ok gkoehler@
tobhe [Wed, 22 Nov 2023 18:14:35 +0000 (18:14 +0000)]
Add support for keyboard backlight on Apple Powerbooks.
From jon (at) elytron (dot) openbsd (dot) amsterdam
ok gkoehler@
florian [Wed, 22 Nov 2023 18:06:44 +0000 (18:06 +0000)]
Recognize option ipv6-only-preferred (RFC8925).
"option option-108 00:00:07:08;" is unwieldy and error prone.
OK denis, kn, deraadt
tb [Wed, 22 Nov 2023 15:55:28 +0000 (15:55 +0000)]
Unhook and remove the now even more useless ssl_algs.c than it was before.
ok jsing
tb [Wed, 22 Nov 2023 15:53:53 +0000 (15:53 +0000)]
Make SSL_library_init() a wrapper of OPENSSL_init_ssl()
This way it doesn't do nonsensical work for all those who cargo culted an
init sequence. There's no point in having SSL_library_init() as a cheaper
version of OPENSSL_init_ssl(): once you do crypto, you'll init crypto...
Also move the now trivial implementation to ssl_init.c which has a good
license.
ok jsing
tb [Wed, 22 Nov 2023 15:49:47 +0000 (15:49 +0000)]
Stop calling SSL_library_init() from OPENSSL_init_ssl_internal()
It's pointless: all the ciphers and digests added by SSL_library_init()
are already added by OPENSSL_init_crypto(), which was already called at
that point.
ok jsing
tb [Wed, 22 Nov 2023 15:43:42 +0000 (15:43 +0000)]
Move SSL_library_init() next to OPENSSL_init_ssl()
Its current position makes no sense and it will become a wrapper of the
latter in a subsequent commit.
ok jsing
florian [Wed, 22 Nov 2023 13:19:31 +0000 (13:19 +0000)]
Set correct errno field in struct asr_result.
Otherwise gethostbyname(3) returns stack garbage when it is called
with an invalid host name, indicating success.
Problem observed in segfaulting ifconfig(8) by bluhm.
espie [Wed, 22 Nov 2023 11:18:37 +0000 (11:18 +0000)]
Prepare to do the updatedb stuff as an @option, so that the code is less ad-hoc