millert [Thu, 15 Sep 2022 12:47:10 +0000 (12:47 +0000)]
Use non-blocking connect() with ppoll() and timeout instead of alarm().
For hosts with multiple IP addrs this makes it possible to fall
over from an unresponsive IP to another. This also replaces the
other connect(2) + connect_wait() calls with timed_connect() so the
-w option now works for more that just http. OK sthen@ deraadt@
krw [Thu, 15 Sep 2022 10:10:14 +0000 (10:10 +0000)]
Add GPTPARTATTR_MS_* defines for Microsoft basic data attributes
and make 'fdisk -v' display their names (NoAutoMount, Hidden,
Shadow, ReadOnly).
Shift 1ULL instead of 1 to make it clear these are uint64_t
flags. Makes clang happier.
krw [Thu, 15 Sep 2022 09:08:29 +0000 (09:08 +0000)]
Remove unneeded interim DPRINTF() verbiage. Make DEBUG compile
again.
job [Thu, 15 Sep 2022 08:20:34 +0000 (08:20 +0000)]
Add OID for RPKI signedTAL objects
IANA made a permanent registration in the SMI Security for S/MIME CMS
Content Type registry at
https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#security-smime-1
for signed objects conforming to draft-ietf-sidrops-signed-tal.
OK tb@
claudio [Thu, 15 Sep 2022 08:20:14 +0000 (08:20 +0000)]
Make kroute_matchgw() also work with connected routes.
Connected routes have no gateway set but only have ifindex set.
When an interface is deconfigured this makes sure the right route is
removed.
OK tb@
florian [Thu, 15 Sep 2022 07:59:59 +0000 (07:59 +0000)]
Ignore error when we try to delete an address that's already gone.
This will happen when an address expires because the vltime drops to
zero. The kernel then deletes the address and slaacd tries to do so,
too. The correct fix is to track in slaacd that the kernel already
deleted the address for us, but that's too much work shortly before a
release so just hide the ugly warning for now, it's harmless.
Problem reported by semarie some time ago.
OK deraadt, benno
jsing [Thu, 15 Sep 2022 07:04:19 +0000 (07:04 +0000)]
Use LONG_MAX as the limit for ciphers with long based APIs.
These ciphers have long based APIs, while EVP has a size_t based API. The
intent of these loops is to handle sizes that are bigger than LONG_MAX.
Rather than using the rather crazy EVP_MAXCHUNK construct, use LONG_MAX
rounded down to a large block size, ensuring that it is a block size
multiple. Revert the recently added overflow checks now that this is
handled more appropriately.
ok tb@
kmos [Thu, 15 Sep 2022 04:28:51 +0000 (04:28 +0000)]
regen
kmos [Thu, 15 Sep 2022 04:28:07 +0000 (04:28 +0000)]
Add IDs for the JHL6240 Thunderbolt 3 controller found in my Thinkpad T490
ok jsg
jsg [Thu, 15 Sep 2022 01:57:52 +0000 (01:57 +0000)]
recognise Neoverse V2 (Demeter)
deraadt [Wed, 14 Sep 2022 22:28:52 +0000 (22:28 +0000)]
AF_UNIX bind() must use UNVEIL_CREATE for namei() because it is creating
a file in the filesystem. Spotted by martijn. A review of AF_UNIX
binding programs has been done by benno, and we think it is worth commiting
this semantic change now and watching for fallout.
kn [Wed, 14 Sep 2022 16:43:00 +0000 (16:43 +0000)]
Backout "Reflect script failure in exit code"
amd64 install using (G)PT seems busted as reported by tb
tb [Wed, 14 Sep 2022 16:31:36 +0000 (16:31 +0000)]
remove an extraneous empty line
deraadt [Wed, 14 Sep 2022 14:25:31 +0000 (14:25 +0000)]
closer to potential release date
kn [Wed, 14 Sep 2022 13:37:03 +0000 (13:37 +0000)]
Merge common FORMAT_FDISK and USE_SOFTRAID default, simpler cleanup
tobhe [Wed, 14 Sep 2022 13:07:49 +0000 (13:07 +0000)]
Compare 'srcnat' when comparing policies. Fixes a bug where policy lookup could
not differentiate between similar policies that only differ in srcnat. Also
include srcnat when logging flows or policies.
ok markus@
kn [Wed, 14 Sep 2022 10:09:48 +0000 (10:09 +0000)]
Fold root disk setup targets into one
kn [Wed, 14 Sep 2022 10:06:14 +0000 (10:06 +0000)]
Fold vnd disk setup targets into a single loop
kn [Wed, 14 Sep 2022 09:57:47 +0000 (09:57 +0000)]
Make NDISKS an integer, simplify CLEANFILES with globbing
Testing with three softraid chunks now means NDISKS=3 as one would expect
and not NDISKS='1 2 3'.
This uses the powerful jot(1) -w and rs(1) -T commands and allows for more
simplifications in the Makefile.
kn [Wed, 14 Sep 2022 08:52:47 +0000 (08:52 +0000)]
Format softraid keydisk to make regress pass without installboot fix
Treat keydisks like real chunks until installboot properly skips it and
does not touch/install to them anymore.
jmc [Wed, 14 Sep 2022 07:14:02 +0000 (07:14 +0000)]
clarify behaviour when the second address in a range is smaller than
or equal to the first;
diff from luka krmpotic
ok kn
deraadt [Wed, 14 Sep 2022 06:31:14 +0000 (06:31 +0000)]
sync
djm [Wed, 14 Sep 2022 00:14:37 +0000 (00:14 +0000)]
sk_enroll: never drop SSH_SK_USER_VERIFICATION_REQD flag from response
Now that all FIDO signing calls attempt first without PIN and then
fall back to trying PIN only if that attempt fails, we can remove the
hack^wtrick that removed the UV flag from the keys returned during
enroll.
By Corinna Vinschen
djm [Wed, 14 Sep 2022 00:13:13 +0000 (00:13 +0000)]
a little extra debugging
djm [Wed, 14 Sep 2022 00:02:03 +0000 (00:02 +0000)]
ssh-agent: attempt FIDO key signing without PIN and use the error
to determine whether a PIN is required and prompt only if necessary.
from Corinna Vinschen
sthen [Tue, 13 Sep 2022 20:56:47 +0000 (20:56 +0000)]
add some initial docs for MODPY_PYBUILD, prompted by espie
kn [Tue, 13 Sep 2022 20:26:26 +0000 (20:26 +0000)]
== in [[ does pattern matching as well
OK millert
kettenis [Tue, 13 Sep 2022 17:14:54 +0000 (17:14 +0000)]
Split out the code that collects data from acpiac(4), acpibat(4) and
acpisbs(4) for apm(4) and hook it up to the arm64 version of apm(4) on
systems with ACPI.
ok kn@
martijn [Tue, 13 Sep 2022 10:28:19 +0000 (10:28 +0000)]
Add (partial) support for agentx in vmd.
Metrics can be found under mib-2.236 and VM-MIB (RFC7666).
Stress tested by and happy noises from Mischa Peters
OK dv@
martijn [Tue, 13 Sep 2022 10:22:07 +0000 (10:22 +0000)]
varbind was designed to allow both a ber NULL and a NULL pointer for
value. The ber NULL case is there for when it was received via a PDU.
The NULL pointer case can happen if application.c runs into a timeout
or when a backend runs into problems.
The NULL pointer case however was overlooked in appl_varbind_valid and
results in an "missing value" error, (needlessly) terminating the
connection to the backend.
Found the hard way by Mischa Peters while stress testing agentx support
for vmd.
OK tb@, sthen@
martijn [Tue, 13 Sep 2022 10:20:22 +0000 (10:20 +0000)]
When a connection is reset while we still have an outstanding request,
the connection from the request to the rest of the structure is removed,
so we don't send any old data over the new connection.
However, the old code dereferences axc at a couple of places before
we check it for NULL.
Found the hard way by Mischa Peters while stress testing agentx support
for vmd.
OK tb@, sthen@
robert [Tue, 13 Sep 2022 09:57:09 +0000 (09:57 +0000)]
support more than one input file in llvm-ranlib by backporting
commit
aa173573198e024b065c5f6523ce26bb865781b7 from upstream
ok kettenis@
mvs [Tue, 13 Sep 2022 09:05:47 +0000 (09:05 +0000)]
Change pru_rcvd() return type to the type of void. We have no interest
on pru_rcvd() return value.
Drop "pru_rcvd != NULL" check within pru_rcvd() wrapper. We only call it
if the socket's protocol have PR_WANTRCVD flag set. Such sockets are
route domain, tcp(4) and unix(4) sockets.
ok guenther@ bluhm@
mvs [Tue, 13 Sep 2022 09:05:02 +0000 (09:05 +0000)]
Do soreceive() with shared netlock for raw sockets.
ok bluhm@
jmc [Tue, 13 Sep 2022 06:20:38 +0000 (06:20 +0000)]
document "configtest" in SYNOPSIS; from andrei
while here, sort SYNOPSIS at the behest of ajacoutot;
ok ajacoutot
jmc [Tue, 13 Sep 2022 05:49:23 +0000 (05:49 +0000)]
fix Xr;
jmc [Tue, 13 Sep 2022 05:48:54 +0000 (05:48 +0000)]
add missing quote;
jmc [Tue, 13 Sep 2022 05:46:00 +0000 (05:46 +0000)]
add arch to Dt;
jsing [Tue, 13 Sep 2022 04:59:18 +0000 (04:59 +0000)]
Stop pretending that EVP_CIPHER cleanup can fail.
Now that EVP_CIPHER is opaque, stop pretending that EVP_CIPHER cleanup can
fail.
ok tb@
jsg [Tue, 13 Sep 2022 01:38:31 +0000 (01:38 +0000)]
SIOCDIFPARENT removes configuration not SIOCGIFPARENT
spotted by kn@
kettenis [Mon, 12 Sep 2022 20:31:53 +0000 (20:31 +0000)]
Enable acpiac(4) and acpibat(4).
ok deraadt@
miod [Mon, 12 Sep 2022 19:35:20 +0000 (19:35 +0000)]
Store mod/ref flags using md pg_flags values rather than a specific field in
vm_page_md, which allows this struct to shrink a bit.
miod [Mon, 12 Sep 2022 19:33:34 +0000 (19:33 +0000)]
Store mod/ref flags using md pg_flags values rather than a specific field in
vm_page_md, which allows this struct to shrink a bit.
miod [Mon, 12 Sep 2022 19:28:19 +0000 (19:28 +0000)]
Drop orphaned pv_flags values.
kettenis [Mon, 12 Sep 2022 17:42:31 +0000 (17:42 +0000)]
Add support for level-triggered GPIO events.
ok mlarkin@
kettenis [Mon, 12 Sep 2022 17:30:32 +0000 (17:30 +0000)]
sxirintc(4)
kettenis [Mon, 12 Sep 2022 15:59:16 +0000 (15:59 +0000)]
qcgpio(4) and qciic(4)
kettenis [Mon, 12 Sep 2022 15:49:36 +0000 (15:49 +0000)]
qcgpio(4) and qciic(4)
tb [Mon, 12 Sep 2022 14:36:09 +0000 (14:36 +0000)]
zap extra .Pp
tb [Mon, 12 Sep 2022 14:33:47 +0000 (14:33 +0000)]
Stop documenting i2c_ASN1_INTEGER.
This is no longer public API. Also remove some comments about i2c and c2i
functions being intentionally undocumented since they are no longer public.
jsg [Mon, 12 Sep 2022 14:18:17 +0000 (14:18 +0000)]
disable Panel Self Refresh (PSR) by default in inteldrm
After i915_drv.c 1.144 PSR changed to being on by default.
On a TUXEDO InfinityBook Pro 14 Gen6 (Tiger Lake) this introduced screen
flicker. Reported and tested by Matthias Schmidt.
Should also avoid flicker problem on Dell XPS 13 7390 (Comet Lake)
reported by James Cook.
tb [Mon, 12 Sep 2022 13:11:36 +0000 (13:11 +0000)]
Add CBC, CFB64 and OFB64 test coverage for RC2
From Joshua Sing
kn [Mon, 12 Sep 2022 13:10:03 +0000 (13:10 +0000)]
Hook up installboot(8) tests on all covered archs
Those that still fail (softraid+keydisk or explicit-stage-files) have fixes on tech@.
tb [Mon, 12 Sep 2022 13:09:01 +0000 (13:09 +0000)]
whitespace nits
claudio [Mon, 12 Sep 2022 12:04:55 +0000 (12:04 +0000)]
Bump version for upcoming -portable release
nicm [Mon, 12 Sep 2022 12:02:17 +0000 (12:02 +0000)]
Don't use options from pane if pane is NULL.
cheloha [Mon, 12 Sep 2022 10:58:05 +0000 (10:58 +0000)]
acpihpet(4): acpihpet_delay: only use lower 32 bits of counter
We can't use acpihpet_r() to implement acpihpet_delay(). Even if we
made acpihpet_r() atomic on amd64, i386 would still be incapable of
doing atomic 8-byte reads. As-is, the code does a split read on all
platforms, which may or may not already be causing problems with TSC
calibration:
https://marc.info/?l=openbsd-tech&m=
166220561709496&w=2
Switch from acpihpet_r() to bus_space_read_4() and only use the lower
32 bits of the counter. This makes acpihpet_delay() slightly larger,
but unless we want two acpihpet_delay() implementations we have no
choice.
Link: https://marc.info/?l=openbsd-tech&m=166165347220077&w=2
ok jsg@
jsg [Mon, 12 Sep 2022 10:16:09 +0000 (10:16 +0000)]
spelling
claudio [Mon, 12 Sep 2022 10:03:17 +0000 (10:03 +0000)]
Introduce tree walkers that only walk a subtree of the RIB.
In some cases only a "small" part of the RIB needs to be looked at. Like
bgpctl show rib 10/8 or-longer that only needs to travers nodes under
10/8 all other RIB entries do not matter. By setting the start node to
the RB_NFIND(10/8) the all nodes below this point can be skipped.
Using prefix_compare() while walking the tree with RB_NEXT() the walker
know when it steps outside of the 10/8 subtree and stops.
With this the or-longer commands become a lot faster.
Looks good to tb@
jsg [Mon, 12 Sep 2022 09:18:30 +0000 (09:18 +0000)]
SIOCGIFPARENT uses struct if_parent not ireq
ok jmc@
jsg [Mon, 12 Sep 2022 09:15:29 +0000 (09:15 +0000)]
SIOCGVNETID uses struct ifreq not if_parent
ok jmc@
tb [Mon, 12 Sep 2022 04:26:38 +0000 (04:26 +0000)]
Move division by two out of sizeof()
tb [Mon, 12 Sep 2022 04:20:59 +0000 (04:20 +0000)]
Error checks for EVP_*
CID 356777
tb [Mon, 12 Sep 2022 04:12:39 +0000 (04:12 +0000)]
Move division by two out of sizeof()
CID 356778
mbuhl [Sun, 11 Sep 2022 20:51:44 +0000 (20:51 +0000)]
Add regression tests for the sendmmsg and recvmmsg system calls.
miod [Sun, 11 Sep 2022 19:34:40 +0000 (19:34 +0000)]
Remove the DKF_LABELVALID flag from struct disk. Instead, trust disk drivers
to always be able to provide a duid, and keep ignoring whole zero duids.
This fixes a race in vnd setup where the disk_attach callback could run
before any I/O occurs on the vnd, thus not having a label available yet.
noticed by otto@ and kn@; ok kn@
dv [Sun, 11 Sep 2022 19:05:44 +0000 (19:05 +0000)]
Add the new inout vmm(4) tracepoint to dt(4).
Forgot to put it in the list of static tracepoints when I committed
the tracepoint at g2k22. Woops.
jsing [Sun, 11 Sep 2022 18:13:30 +0000 (18:13 +0000)]
Enforce the minimum TLS version requirement for QUIC.
ok tb@
tb [Sun, 11 Sep 2022 18:08:17 +0000 (18:08 +0000)]
Adjust for opaque structs in ts.h
ok jsing
tb [Sun, 11 Sep 2022 18:07:46 +0000 (18:07 +0000)]
Adjust for opaque structs in pkcs12.h
ok jsing
kettenis [Sun, 11 Sep 2022 18:07:26 +0000 (18:07 +0000)]
Register the I2C controller with ACPI. Skip this on the SC8280XP SoC for
now as the AML on the Lenovo X13S tries to do I2C transactions to a device
that doesn't respond leading to the ACPI thread spinning until the
transaction times out.
ok mlarkin@, deraadt@
tb [Sun, 11 Sep 2022 17:45:14 +0000 (17:45 +0000)]
sync
tb [Sun, 11 Sep 2022 17:43:27 +0000 (17:43 +0000)]
bump major after libcrypto and libssl major bump
tb [Sun, 11 Sep 2022 17:42:55 +0000 (17:42 +0000)]
Crank major after symbol addition and libcrypto major bump
tb [Sun, 11 Sep 2022 17:42:09 +0000 (17:42 +0000)]
Update Symbols.list
ok jsing
tb [Sun, 11 Sep 2022 17:39:46 +0000 (17:39 +0000)]
Expose SSL_get_share_{group,curve}() and related #defines
ok jsing
tb [Sun, 11 Sep 2022 17:38:58 +0000 (17:38 +0000)]
Expose some error codes needed for QUIC support
ok jsing
tb [Sun, 11 Sep 2022 17:36:34 +0000 (17:36 +0000)]
Define LIBRESSL_HAS_QUIC
ok jsing
tb [Sun, 11 Sep 2022 17:34:41 +0000 (17:34 +0000)]
Bump major after symbol addition and removal and struct visibility changes
tb [Sun, 11 Sep 2022 17:32:01 +0000 (17:32 +0000)]
Update Symbols.list
ok jsing
tb [Sun, 11 Sep 2022 17:31:19 +0000 (17:31 +0000)]
Make structs in ts.h opaque
ok jsing
tb [Sun, 11 Sep 2022 17:30:13 +0000 (17:30 +0000)]
Make structs in pkcs12.h opaque
ok jsing
tb [Sun, 11 Sep 2022 17:29:24 +0000 (17:29 +0000)]
Expose EVP_chacha20_poly1305()
ok jsing
tb [Sun, 11 Sep 2022 17:28:33 +0000 (17:28 +0000)]
Expose various EVP AEAD constants for EVP ChaCha and QUIC
ok jsing
tb [Sun, 11 Sep 2022 17:26:51 +0000 (17:26 +0000)]
Expose OPENSL_cleanup()
ok jsing
tb [Sun, 11 Sep 2022 17:26:03 +0000 (17:26 +0000)]
Make BIO_info_cb() identical to bio_info_cb()
Various projects use bio_info_cb and BIO_info_cb interchangeably, for
example mupdf and freerdp. This is because this was changed in OpenSSL
commit
fce78bd4 (2017), triggered by new warnings in gcc 8.
https://github.com/openssl/openssl/pull/4493
This results in some scary compiler warnings and useless patches in ports.
Nobody seems to be using the old bio_info_cb() version.
ok jsing
tb [Sun, 11 Sep 2022 17:22:52 +0000 (17:22 +0000)]
Remove c2i_* and i2c_* from public visibility
This removes c2i_ASN1_OBJECT(), {c2i,i2c}_ASN1_BIT_STRING() and
{c2i,i2c}_ASN1_INTEGER(). These are not part of the OpenSSL 1.1
API and should never have been exposed in the first place.
ok jsing
tb [Sun, 11 Sep 2022 15:24:53 +0000 (15:24 +0000)]
link asn1object test statically in preparation for upcoming bump
krw [Sun, 11 Sep 2022 15:05:27 +0000 (15:05 +0000)]
Replace "echo 'w\ny\nq\n' | disklabel -E" with equivalent
'disklabel -dw'.
Tested & ok visa@
jsing [Sun, 11 Sep 2022 14:39:44 +0000 (14:39 +0000)]
Be stricter with middlebox compatibility mode in the TLSv1.3 server.
Only allow a TLSv1.3 client to request middlebox compatibility mode if
this is permitted. Ensure that the legacy session identifier is either
zero length or 32 bytes in length. Additionally, only allow CCS messages
on the server side if the client actually requested middlebox compatibility
mode.
ok tb@
jsing [Sun, 11 Sep 2022 14:33:07 +0000 (14:33 +0000)]
Only permit CCS messages if requesting middlebox compatibility mode.
Currently the TLSv1.3 client always permits the server to send CCS
messages. Be more strict and only permit this if the client is actually
requesitng middlebox compatibility mode.
ok tb@
deraadt [Sun, 11 Sep 2022 14:27:09 +0000 (14:27 +0000)]
drop the -beta
jsing [Sun, 11 Sep 2022 13:51:25 +0000 (13:51 +0000)]
Use CBS when procesing a CCS message in the legacy stack.
ok tb@
jsing [Sun, 11 Sep 2022 13:50:41 +0000 (13:50 +0000)]
Ensure there is no trailing data for a CCS received by the TLSv1.3 stack.
ok tb@
jmc [Sun, 11 Sep 2022 11:56:28 +0000 (11:56 +0000)]
.Li in previous didn;t make sense;
krw [Sun, 11 Sep 2022 11:47:55 +0000 (11:47 +0000)]
Add #define's for GPT partition attribute bits REQUIRED, IGNORE
and BOOTABLE, set BOOTABLE attribute bit instead of using the
incorrect GPTDOSACTIVE value, have 'fdisk -v' print out GPT
partition attributes if any of the 64 bits are set, don't spoof
any partition with REQUIRED bit set.
Prompted by kettenis@ stumbling across a machine with 40+ (!!)
REQUIRED GPT partitions.
Tested & ok kettenis@
jsg [Sun, 11 Sep 2022 11:41:04 +0000 (11:41 +0000)]
correct argument to VMM_IOC_READVMPARAMS
krw [Sun, 11 Sep 2022 11:12:39 +0000 (11:12 +0000)]
Replace "echo 'w\ny\nq\n' | disklabel -E" with equivalent
'disklabel -dw'.
Tested & ok miod@
kettenis [Sun, 11 Sep 2022 10:40:35 +0000 (10:40 +0000)]
When looking up a symble using kvm_nlist(3), we need to prepend an
underscore. This fixes acpidump on arm64. How this ever worked before
is unclear, but part of the puzzle is that we didn't properly check the
return value of the kvm_nlist(3) calls. So fix that too.
ok deraadt@, mglocker@
kettenis [Sun, 11 Sep 2022 10:37:54 +0000 (10:37 +0000)]
Add wsmux(4) such that systems with multiple keyboards work in bsd.rd.
ok deraadt@, mpi@