IABSD.fr/src

Branch :


Log

Author Commit Date CI Message
4c6157fa 2021-04-21 09:38:11 Improve ntpd offset handling. Call the index of the offset loops "shift" consistently. Merge the two offset loops in client_update() into one. Use a simple assignment for the best value instead of memcpy(). Use the same mechanism to loop over the offset array everywhere to avoid an invalid best value. tested by weerd@; OK claudio@
1648e347 2021-04-21 09:36:06 HTTP errors are logged by the http module. No need to repeat them. Instead add a logx when a fallback from delta sync to a snapshot happens.
8f9ca9f8 2021-04-21 09:03:42 When setting RRDP_STATE_PARSE_ERROR a warning is issued so there is no need to warn a 2nd time here, it adds no additional information.
8a42180c 2021-04-21 07:54:10 unplug unused certificate verification code, now that this is done by libtls. ok tb@ millert@
6ec9c1ad 2021-04-21 00:31:59 Fix const in previous. Pointed out by asou
ad7a5093 2021-04-21 00:22:16 Fix __builtin_bitreverse32 on 32-bit PowerPC This is a backport from LLVM 11. Before this fix, code using __builtin_bitreverse32 was crashing SIGILL because clang-10 emitted a 64-bit rldicl/clrldi instruction. The SIGILL only happened on 32-bit cpus, not on the G5. The code for LLVM 11 uses __builtin_bitreverse, so clang-10 needs this fix to build clang-11. https://github.com/llvm/llvm-project/commit/a5d161c119d5a https://reviews.llvm.org/D77946 ok kettenis@
c5fa57f5 2021-04-20 21:11:56 Move TAILQ initialization to files where they are used. These priv-sep daemons all follow a similar design and use TAILQs for tracking control process connections. In most cases, the TAILQs are initialized separate from where they are used. Since the scope of use is generally confined to a specific control process file, this commit also removes any extern definitions and exposing the TAILQ structures to other compilation units. ok bluhm@, tb@
a55f8224 2021-04-20 19:33:03 Match on "amlogic,meson-sm1-mmc" compatible.
42c940fb 2021-04-20 17:38:02 Fix indent of EC_METHODs as requested by jsing. While there zap trailing whitespace from a KNF approximation gone wrong.
a20a87c2 2021-04-20 17:35:21 Adjust ectest.c for set_compressed_coordinates
a96afa0f 2021-04-20 17:34:33 Compare pointer against NULL and fix a KNF issue. ok jsing
103ad672 2021-04-20 17:32:57 Prepare to provide EC_POINT_set_compressed_coordinates ok jsing
746c093a 2021-04-20 17:30:32 Adjust ectest.c for get_Jprojective coordinate change
e23a27f7 2021-04-20 17:29:21 Compare function pointers against NULL, not 0. ok jsing
4f21b6f2 2021-04-20 17:28:18 Provide EC_POINT_{g,s}et_Jprojective_coordinates for internal use ok jsing
600ec3e2 2021-04-20 17:23:37 Simplify code after adding EC_POINT_{s,g}et_affine_coordinates() ok jsing
ab43e96b 2021-04-20 17:21:27 Adjust ecdhtest.c for affine_coordinates change
b425ed70 2021-04-20 17:19:39 Adjust ectest.c for affine_coordinates change
14a674d4 2021-04-20 17:17:47 Compare function pointers against NULL, not 0. ok jsing
74a506e7 2021-04-20 17:16:37 Prepare to provide EC_POINT_{g,s}et_affine_coordinates Similar to part of OpenSSL commit 8e3cced75fb5fee5da59ebef9605d403a999391b ok jsing
86985512 2021-04-20 17:12:43 Simplify after EC_POINT_get_curve() addition ok jsing
0318edf0 2021-04-20 17:09:45 Adjust ectest.c for EC_GROUP_{g,s}et_curve change
e3361c9c 2021-04-20 17:08:08 Add prototypes for EC_GROUP_get_curve_{GF2m,GFp}(). These will be removed once EC_GROUP_get_curve() is public.
60ca3fa5 2021-04-20 17:06:17 Compare function pointers against NULL, not 0. ok jsing
0b15d7ee 2021-04-20 17:04:13 Prepare to provide EC_GROUP_{get,set}_curve(3) There are numerous functions in ec/ that exist with _GF2m and _GFp variants for no good reason. The code of both variants is the same. The EC_METHODs contain a pointer to the appropriate version. This commit hides the _GF2m and _GFp variants from internal use and provides versions that work for both curve types. These will be made public in an upcoming library bump. Similar to part of OpenSSL commit 8e3cced75fb5fee5da59ebef9605d403a999391b ok jsing
089ec08b 2021-04-20 16:34:20 Indicate if an mg function is unsuitable for a startup file (requires user interaction).
75c55a07 2021-04-20 14:32:49 Add keep-alive support to the HTTP module. Requests are split away from connections. When a request is received try to reuse an IDLE connection. If none is around start a new one (unless there are too many connections inflight). Idle connections are kept for 10sec and closed after that time. For rpki-client this is plenty of time since RRDP exchanges will be a burst of requests. So the connection used to fetch the notification XML file will be reused to fetch all delta XML files. This reduces the CPU load since far less TLS handshakes need to happen. OK job@ deraadt@
17c1e8f1 2021-04-20 14:26:19 Allow more than one block of code to exist on a single line. Also, move the code which expands variables to be ran when variables are discovered instead of in multiarg() just before execution. This means a variable who's value is included in anothers', won't change the others value if its own is changed. I have also included code, which is commented out at the moment, which implements a function map specific to interpreter. Not sure if I can ultimately avoid using it though.
4320059b 2021-04-20 13:26:46 Switch some warnings to logx() to reduce log noise on runs without -v. OK job@
9709a516 2021-04-20 11:19:56 Update comment to be less confusing (I hope)
569e8303 2021-04-20 11:19:54 Properly shutdown on connection loss instead of crashing. Found by bluhm@ while playing with setting noclose to 1 for daemon(3): Also included in this commit OK bluhm@
26c62576 2021-04-20 11:17:52 Don't overwrite environment CFLAGS. OK bluhm@
cc1acc7a 2021-04-20 10:02:50 Add 'dired-jump' from Philip K. <philip@warpmail.net> sent to tech@ over a year ago. Comments and testing from gkoehler@. Thanks to both. Also, some modifications from me.
43888d92 2021-04-20 08:03:12 prefix_insert() and prefix_remove() emulate a tail queue by keeping the tail pointer (pointer to last element) around and depending on the state of the list insert at head or insert after tailp. Now gcc has a hard time to realize that the tail pointer is not used uninitalized. So rewrite the code to be more explicit about tailp handling (also rename the pointer to be more explicit). All in all this should be more readable and silences the gcc warning as well.
f3a4f9e5 2021-04-20 07:35:42 Use LIST instead of SLIST for requests. The way SLIST_REMOVE was used did a double traverse of the list which now is replaced with no traversal at all. Also stop double wrapping requests just for the list. OK millert@
f94ba4a2 2021-04-20 07:32:19 Ignore SIGPIPE by default and restore default behaviour before executing the CGI. OK bluhm@ florian@
22deb96f 2021-04-20 04:31:54 Add quirk to enable all Thinkpad X1 Extreme 1 speakers & atmos dolby From Ivo Sbalzarini <ivo.sbalzarini@gmail.com>, thanks!
9856be75 2021-04-20 04:30:05 Allow INTEL 400SERIES cAVS to attach the azalia(4) driver From Ivo Sbalzarini <ivo.sbalzarini at gmail.com>
08236fe4 2021-04-20 03:37:25 more KNF
9576522b 2021-04-19 17:26:39 Remove new_sym_enc and new_aead. These can be replaced with accessors that allow this information to be retrieved from the new record layer. ok inoguchi@ tb@
eec146bd 2021-04-19 17:06:37 Avoid division by zero in hybrid point encoding In hybrid and compressed point encodings, the form octet contains a bit of information allowing to calculate y from x. For a point on a binary curve, this bit is zero if x is zero, otherwise it must match the rightmost bit of of the field element y / x. The existing code only considers the second possibility. It could thus fail with a division by zero error as found by Guido Vranken's cryptofuzz. This commit adds a few explanatory comments to oct2point and fixes some KNF issues. The only actual code change is in the last hunk which adds a BN_is_zero(x) check to avoid the division by zero. ok jsing
95b65f7c 2021-04-19 17:04:35 code review results in KNF, and moving local variables into lowest scope ok claudio
6a4689e2 2021-04-19 17:03:49 Recognize BCM57762 A0 and A1. My diff for this only added the A0 revision, but the A1 revision has been seen in the wild and Brad Smith provided a diff that adds both. ok jsg@
759d1726 2021-04-19 17:03:39 Move new_mac_secret_size into the TLSv1.2 handshake struct. Drop the 'new_' prefix in the process. ok inoguchi@ tb@
03eef713 2021-04-19 16:51:56 Move reuse_message, message_type, message_size and cert_verify into the TLSv1.2 handshake struct. ok inoguchi@ tb@
e306641c 2021-04-19 16:47:25 Set alpn_selected_len to zero when freeing alpn_selected. This is not strictly necessary since we proceed to zero the entire struct, however it keeps the code consistent and easily auditable. ok tb@
4635eb8e 2021-04-19 15:56:37 The powerpc64 ELFv2 ABI explicitly states that exception enable bits and rounding control bits are not restored by longjmp(3). So expect the some failures on that platform. ok bluhm@
ac84d6f0 2021-04-19 14:27:25 Multicast decryption fixes for iwx(4). Pick the correct key for multicast frames in iwx_ccmp_decap(). Comparing the PN of a multicast frame against the last-seen PN of the pairwise key is obviously wrong. We need to check the multicast frame's PN against the last-seen PN of the group key. Update crypto-offloading checks in iwx_rx_frame() to match recent WPA1/TKIP groupcipher fixes made in athn(4). The code inherited from iwm(4) only looked at the pairwise key, and unlike iwx(4) and athn(4), iwm(4) only offloads pairwise crypto. Found while investigating a question from zxystd at OpenIntelWireless.
0a102a45 2021-04-19 14:08:55 RS ^-anchoring needs to know if it's reading the first record of a file. Without this fix, when reading the first record of an input file named on the command line, the regular expression engine will be misconfigured, precluding a successful match. From Miguel Pineiro Jr
cee623cc 2021-04-19 10:58:31 Fix TLS error message race. Due to less handshakes in TLS 1.3 an EPIPE error may be reported instead of a TLS alert.
52918795 2021-04-19 06:43:15 Same internal consistency check as libc malloc: size in hash table should correspond to size of chunk meta data
c186fadc 2021-04-18 23:51:47 Simpler error handling for suspend()/hibernate() Save errno when we get an error so we can pass it to the apm(8) client. ok kn@
eb43b0d3 2021-04-18 23:40:52 post 6.9 development continues...
2247d090 2021-04-18 00:21:58 sync
7d9dcfa3 2021-04-18 00:21:53 even more shrink
28fa8371 2021-04-18 00:17:28 sync
2a89bff4 2021-04-18 00:17:22 more shrink
d77a3cad 2021-04-17 21:21:41 Adjust Raspberry Pi installation instructions, direct users towards the U-Boot based method primarily, though keep a quick mention of the UEFI firmware (U-Boot method not working on Pi400 currently whereas UEFI sort-of works). Add some notes about framebuffer consoles, they do work on RPi these days but there are still some rough edges.
904400d1 2021-04-17 21:19:40 Embiggen arm64 ramdisk kernel and miniroot/install img files. Provide U-Boot binaries that work on Raspberry Pi 3 and 4 (and possibly others) and firmware for Raspberry Pi 4. This allows the same installation method as used on Raspberry Pi 3 without separate UEFI firmware (although UEFI can still be used). Help from kettenis@ jsg@ deraadt@
fce1e255 2021-04-17 14:29:02 sync
8020b50f 2021-04-17 14:28:58 some name shortening
411213d3 2021-04-17 06:01:49 rewrite the text describing the "address" parameter into something easier to read;
2f8c4829 2021-04-16 14:39:33 When loading a config poll iscsid for up to 10 seconds and check if the sessions all managed to connect to the targets. With this slow session establishment should not cause mount errors during startup. Initial version from Dr Ashton Fagg ashton (at) fagg id au OK dlg@ deraadt@
ea99aae6 2021-04-16 14:37:06 Implement a control message to get the state of iscsid. This is used by iscsictl to poll for completion after reload commands. With this slow session establishment should not cause mount errors during startup. Initial version from Dr Ashton Fagg ashton (at) fagg id au OK dlg@ deraadt@
e28bdeb5 2021-04-16 12:08:25 Turn on the direct ACK on every other segment. This is a backout of rev 1.366 which turned this feature off. Although sending less ACKs makes TCP faster if the CPU is busy with processing packets, there are corner cases where TCP gets slower. Especially OpenBSD 6.8 and older has a maxbust limitiation that scales badly if the other side sends too few ACKs. Also regress test relayd run-args-http-slow-consumer.pl uses strange socket buffer sizes that triggers slow performance with the new algorithm. For OpenBSD 6.9 release switch back to 6.8 delayed ACK behavior. discussed with deraadt@ benno@ claudio@ jan@
c3eae84e 2021-04-16 12:05:32 Add a workaround to avoid wrong code generated by m88k gcc. NATIVE_TO_UNI is defined as follows in utf8.h: -- #define NATIVE_TO_UNI(ch) ((UV) ((ch) | 0)) -- and UV is 'unsigned long' on m88k. Details are at: https://github.com/Perl/perl5/issues/18655 help and ok afresh1@
d29970a7 2021-04-16 08:17:35 Unhook ieee80211_mira.c from the build. All consumers have switched to RA. Keeping files in CVS HEAD for now until we are certain we're not going back. ok deraadt@
9a30bd65 2021-04-16 06:20:29 Add back IMSG_RECONF_ROA_ITEM in the parent imsg handler. It is needed for origin-sets. Found by and reminder procter@ OK deraadt@
bacd28a5 2021-04-16 03:42:00 openssh-8.6
e1a9b71e 2021-04-15 18:32:19 Since iwi(4) doesn't call into net80211_newstate() the interface link state must be updated by the driver in order to get packets to flow. In case of WPA the link state was updated as a side-effect of a successful WPA handshake. This commit fixes the WEP and plaintext cases. Similar fix as recently committed to ipw(4). Additionally, check for errors from iwi_auth_and_assoc() and keep scanning if this function fails. Problem confirmed and fix tested by matthieu@ ok deraadt@
d2dd70ac 2021-04-15 18:25:43 Switch athn(4) 802.11n Tx rate adaptation from MiRA to RA. Tests: AR5418: Uwe Werler AR9280: kn, jmatthew, Lauri Tirkkonen, Scott Bennett, Mikolaj Kucharski AR9285: kevlo, trondd, myself ok deraadt@
5f8ede55 2021-04-15 18:14:45 Make athn(4) set the channel when hostap or monitor modes enter RUN state. Fixes a problem where the hardware would end up using a different channel than the one selected by net80211. Found while investigating issues reported by trondd testing my athn RA patch. ok deraadt@
bedba225 2021-04-15 18:13:24 Make the description of the ELF header reflect reality, removing the traces of the long gone FreeBSD "ELF brand" code. Based on a diff from George Brown. ok jmc@
69746424 2021-04-15 18:05:05 When starting an AP or IBSS network, reconfigure the operation mode to 11ac/n/a/g/b as applicable. Fixes an issue where hostap would end up running in the rather meaningless MODE_AUTO unless a mode was explicitly configured with ifconfig. Found while investigating issues reported by trondd testing my athn RA patch. ok deraadt@
d2aee082 2021-04-15 17:06:59 Implement version 2 of virtio(4) at fdt, as used by Parallels on the Apple M1. With this vio(4) shows up and we can properly install and use OpenBSD as VM. "not afraid of the virtio diff" deraadt@ "okie dokie" jcs@
23eb925f 2021-04-15 16:43:27 mention DTLS1_2_VERSION
49fbd780 2021-04-15 16:40:32 Mention DTLS1_2_VERSION here, too
dfac485b 2021-04-15 16:35:54 Document SSL_OP_NO_DTLSv1{,_2}
c6ef6829 2021-04-15 16:30:14 Document DTLSv1_2_{,client_,server_}method(3)
31d2fcf0 2021-04-15 16:24:31 do not pass file/func to monitor; noted by Ilja van Sprundel; ok djm@
81c610d1 2021-04-15 16:13:22 Merge documentation for SSL_is_dtls() from OpenSSL
c8a1112e 2021-04-15 16:07:21 Reshuffle and reindent code. No functional change.
cec4d91c 2021-04-15 14:22:05 Rework the http code to require poll() only when really needed. Especially tls_read() and tls_write() do not map 1:1 to read() and write() calls and so assuming that after a tls_read() one needs to poll for more data is wrong. Instead call tls_read() until it returns a TLS_WANT_* return. While here also ignore SIGPIPE. It is almost impossible to properly guard from SIGPIPE by looking at POLLHUP. Instead just let write() handle it and return an error. Putting this in now so this can be tested widely.
0d844d36 2021-04-15 14:15:03 Switch back to the legacy verifier for the release. This is disappointing as a lot of work was put into the new verifier during this cycle. However, there are still too many known bugs and incompatibilities. It is better to be faced with known broken behavior than with new broken behavior and to switch now rather than via errata. This way we have another cycle to iron out the kinks and to fix some of the remaining bugs. ok jsing
52d49889 2021-04-15 14:12:05 Fix bgpctl show mrt for UPDATE messages. The call to output->attr() was incorrect. Adjust output->attr() to take a reqflag argument instead of a struct parse_result pointer since that is the only bit needed. Found by and OK procter@, OK deraadt@
655eac52 2021-04-15 13:42:33 On powerpc64 regress/usr.sbin/bgpd/config failed. It parses a config file, writes bgpd's config to stdout and compares it with an expected output. On big endian machines the order of the set of communities is different. The parser used memcmp(3) to sort a struct of integers. This depends of the endianess. The correct way is to compare the integer fields in native byte order. With this change, the resulting order is the same on i386 and powerpc64. OK claudio@
22e6bf8a 2021-04-15 13:33:17 Make rpki-client -V output nicer. OK job@, kn@, deraadt@
c494faa7 2021-04-15 13:31:30 Call rrdp_data_handler() for any kind of poll event that has happened. On OpenBSD closing a connection will result in a read even (POLLIN) while on Linux POLLHUP is returned. rrdp_data_handler()'s read() call returns in both cases 0 and finishes the XML parsing. Found and fix tested by job@, OK deraadt@
3580e840 2021-04-15 08:58:46 Do not only check the serial number but also the session_id before adding a delta to the queue. If the session_id differs there is no need for deltas since a snapshot must be fetched. OK job@ benno@ deraadt@
2207c432 2021-04-15 07:28:37 The SSR1 register can have bits set that don't match to bits in the MSR register. We would set the sc_ps member of struct sigcontext to SSR1 when entering a signal handler, and compare it to PSL_USER in sigreturn(2) to make sure that the user code didn't set any bits it shouldn't set. If non-MSR bits are set that comparison would fail and sigreturn(2) would fail. Fix this by initializing sc_ps to PSL_USER instead of taking its value from SSR1. On OpenBSD we always run processes with the same MSR value. ok deraadt@
01126689 2021-04-15 05:38:11 %begin now has three arguments, not two. GitHubs issue 2646.
50ec1594 2021-04-15 02:23:17 Match Linux path in r8153_set_rx_early_size(). The rx early size is used to reduce the loading of CPU by letting a transfer contain more data to reduce the number of transfers. ok deraadt@
c6e117d1 2021-04-14 23:35:24 my fingers cannot avoid KNF'ing as I review code
7c09302a 2021-04-14 19:34:56 On powerpc64 tcpdump(8) could not parse wireguard packets. EXTRACT_LE_32BITS() converts the type from little endian to host endian. So we need the constants in host endianess. This fixes regress/sys/net/wg. OK deraadt@ sthen@
4a00f2e1 2021-04-14 18:38:54 Make iwx(4) attach to AX201 devices with PCI ID 0x06f0. Patch and testing by Ivo Sbalzarini ok deraadt@
27fe6c91 2021-04-14 18:37:14 regen
57362fbe 2021-04-14 18:36:42 Add PCI IDs of the Thunderbolt and WiFi devices in Thinkpad X1 Extreme Gen 3. Patch by Ivo Sbalzarini ok deraadt@
1a1a23bd 2021-04-14 18:35:14 Properly restore FPSCR register. ok deraadt@
47066237 2021-04-14 18:10:47 handle obj dir
0bef1a86 2021-04-14 18:05:47 move the RPKI_VERSION define into its own version.h file, helps portable. ok claudio@