Branch :
| Author | Commit | Date | CI | Message |
|---|---|---|---|---|
| 596e1897 | 2024-08-27 05:55:39 | Do not send zero sized vendor or client ids. The frontend and engine do not like this due to improved error checking. Found by Josh Grosse and Renato Aguiar, thanks! | ||
| c701dc03 | 2024-08-27 01:19:27 | cms_att.c: tidy includes and add x509_local.h for upcoming change | ||
| c19afa09 | 2024-08-26 22:54:21 | calendars are so hard | ||
| 40e63673 | 2024-08-26 22:01:28 | replace atoi(3) usage with strtonum(3); ok/tweaks tb@ | ||
| 1e10d066 | 2024-08-26 22:00:47 | replace strtol(3) usage with strtonum(3); idea/ok/tweaks tb@ | ||
| 259ea3b8 | 2024-08-26 21:34:32 | replace hand-rolled number parser with strtonum original report by Collin Funk ok bluhm, millert | ||
| 28472285 | 2024-08-26 20:12:33 | fortune files are no longer being rot13d; | ||
| 18d14a27 | 2024-08-26 20:10:53 | - remove the "real" dance. there is no longer a need for it. - do not install the offensive files rotated 13 chars, as suggested by deraadt. it hardly makes sense, and only one of the "potentially offensive" files was being treated this way anyway - simplify the makefile to catch up with all this - update NOTES to catch up with all this - the notes in README pertaining to not installing the offensive files is no longer relevant, so remove it, as suggested by millert | ||
| dc275227 | 2024-08-26 19:37:54 | virtio: Introduce dedicated attach args Instead of abusing virtio_softc as attach args, create a separate struct. Use it to pass the number of available interrupts. This will be useful for vio(4) multi-queue support. ok jan@ | ||
| 310c43a6 | 2024-08-26 19:24:02 | vio(4): Fix hardmtu without MRG_RXBUF Without VIRTIO_NET_F_MRG_RXBUF, we cannot chain several buffers together and we can only receive packets up to the length of the buffers we put into the ring. OK bluhm@ | ||
| 1c25dff2 | 2024-08-26 18:40:50 | ts.c: typo flaf -> flag | ||
| eff908c2 | 2024-08-26 13:57:34 | Replace recallocarray() with a realloc() + memset() combo. recallocarray(), with its guarantee that memory becoming unallocated is explicitly discarded, is too slow. In rpki-client forming one particular ibuf takes more then 4mins because every recallocarray() call ends up doing a fresh malloc + memcpy + freezero call. For sensitive data use ibuf_open() instead of ibuf_dynamic() to avoid any memory reallocations. OK tb@ | ||
| 60f67f01 | 2024-08-26 13:55:14 | Rearrange #ifdef TCP_SIGNATURE to keep braces balanced. | ||
| 527d0d53 | 2024-08-26 13:02:15 | Use strtonum instead of atoi. | ||
| a4a66a2b | 2024-08-26 12:15:40 | Test bitstring macro evaluation. For all bitstring macros, add a test with side effects in the arguments. Also fix compiler warnings and wrap long line. In main() replace exit(0) with return(0) to check stack canary. Create expected test files with make target create-good. OK florian deraadt@ | ||
| 4491bd90 | 2024-08-26 11:52:54 | Evaluate arguments of bitstring macros only once. According to bit_alloc(3) man page the arguments to bitstring macros are evaluated only once and may safely have side effects. Fix the implementation with temporary variables to fulfill this requirement. OK florian@ deraadt@ | ||
| acdebe03 | 2024-08-26 08:24:25 | style(9) fix. No functional changes. | ||
| 4aaf2c8d | 2024-08-26 07:45:05 | C-h should not be treated specially and represented internally as \b but as C-h like the other Ctrl keys. Backspace is already handled separately if it VERASE. | ||
| 7a4fa660 | 2024-08-26 07:34:40 | Pass the screen_redraw_ctx struct into more functions instead of individual arguments (for example for the pane status), from Michael Grant. | ||
| ab0a70a7 | 2024-08-26 07:30:46 | Client flags was changed to uint64_t a while ago, fix a few cases where it is still int (do not matter now but will with some new flags). From Michael Grant. | ||
| ad46cda3 | 2024-08-26 07:14:40 | Add window_pane_mode helper function to tell if a pane is in copy mode, from Michael Grant. | ||
| 38deddc0 | 2024-08-26 07:09:34 | Add copy-mode -d flag to scroll a page down if in copy mode already, from Michael Grant. | ||
| 7e5648d1 | 2024-08-26 06:06:04 | Use i2s instead of hard coding the imsg type. Suggested by tb. | ||
| c7074a52 | 2024-08-26 06:05:05 | errno is unset, use fatalx(3) instead of fatal(3). | ||
| f46577a8 | 2024-08-26 06:04:24 | Be stricter in what we accept from the main process. While here mention function where fatalx(3) occurred like everywhere else. Suggested by & OK tb | ||
| c71db3fd | 2024-08-26 03:49:06 | annoying whitespace found during an audit process | ||
| a3863cb8 | 2024-08-26 03:37:56 | replace multiple '.arch armv8.3-a' with a pauth target attribute 'no objection' kettenis@ | ||
| 19bff977 | 2024-08-25 19:57:33 | typo | ||
| 95d5c332 | 2024-08-25 14:51:33 | make activate function confirm to the common idiom; ok miod | ||
| 45c5e5ad | 2024-08-25 09:53:53 | Do not peek inside of struct imsg. input & OK tb | ||
| 79df796a | 2024-08-25 09:32:08 | Since netstart r1.208 (2020), it no longer applies /etc/myname Change Xr from netstart to rc. From Christian Schulte, ok florian | ||
| 5bd09d2d | 2024-08-25 07:04:05 | sin6_to_str and i2s take a single argument. Pointed out by tb | ||
| 591be731 | 2024-08-25 05:43:36 | PASSTHROUGH -> FALLTHROUGH ok ratchov@ | ||
| 46a25271 | 2024-08-24 19:31:09 | More precision on what exactly OCSP_id_cmp and OCSP_issuer_id_cmp compare. The existing description was lacking and incorrect, respectively. | ||
| 9a7d784a | 2024-08-24 16:35:05 | Simplify engine_showinfo_ctl() It only handles one imsg type these days, so it doesn't need to peek into struct imsg at all. pointed out by & OK tb | ||
| 46c03dec | 2024-08-24 16:34:23 | Stop peeking into struct imsg when relaying control messages. pointed out by & OK tb | ||
| b6c247c1 | 2024-08-24 12:08:49 | conf_def.c: add two trailing commas | ||
| ed8f5e8d | 2024-08-24 10:47:59 | Remove documentation for no longer existing or mostly unused allocators. ok guenther@ | ||
| 0944b500 | 2024-08-24 10:46:43 | Place uvm_km_zalloc(9) under #ifdef __i386__. This allocator is only used by a single pmap which will be hopefully converted. Suggested by guenther@ | ||
| d2ff86ca | 2024-08-24 10:38:44 | Kill uvm_km_alloc(9) and uvm_km_alloc1(9). ok guenther@ | ||
| 33d2acb6 | 2024-08-24 09:44:41 | Do not peek inside of struct imsg. While here use i2s helper function for error logging. OK tb | ||
| d5be4999 | 2024-08-24 09:42:40 | Helper function for logging imsg type names. OK tb as part of a larger diff | ||
| fc09b128 | 2024-08-24 09:23:09 | X509at_get_attr: zap trailing comma. reminded by mandoc -Tlint | ||
| f91d77c0 | 2024-08-24 09:16:12 | sync | ||
| a9d2f0ce | 2024-08-24 09:15:36 | LibreSSL no longer supports adding X.501 attributes to an EVP_PKEY Remove the corresponding documentation. | ||
| 6b4f6e93 | 2024-08-24 09:08:38 | sync | ||
| 31e6f1a8 | 2024-08-24 08:35:24 | Change DHCP_SYNC_LEASE messages from log_info to log_debug, they result in quite a lot of noise in a typical dhcpd sync setup. From MichaĆ Markowski, ok florian | ||
| 46c79823 | 2024-08-24 07:51:19 | Switch UI_UTIL_read_pw* to LCRYPTO_UNUSED() ok jsing | ||
| 82859680 | 2024-08-24 07:50:23 | Neuter the completely broken UI_UTIL_read_pw* API Return 0 on success, return <= 0 on failure. Sigh. In particular, if an allocation failed, the password that no one entered was considered valid. ok jsing | ||
| 3b161766 | 2024-08-24 07:48:37 | Remove documentation of UI_UTIL_read_pw* According to some, a fail-open password verification function is par for the course for libcrypto. Unfortunately, we have been recommending its use over similarly named EVP functions after what amounted to a coin toss a few years back. Luckily enough, no one followed that advice and we can soon remove this API for good. | ||
| cfd7bd0d | 2024-08-24 07:04:29 | Make clear it's about *ship* parts when you list the quiz(6) subjects. ok jmc@ | ||
| ea4684a6 | 2024-08-24 06:45:26 | spelling | ||
| edad63f2 | 2024-08-24 05:35:28 | the index is alphabetically sorted; | ||
| 0ead25fe | 2024-08-23 23:45:34 | sync | ||
| cea0d947 | 2024-08-23 19:47:13 | Enable per-cpu page cache; tested on Octeon. | ||
| 6b2d8873 | 2024-08-23 18:45:28 | Switch alpha to MI mplock code. | ||
| a6105854 | 2024-08-23 17:29:08 | The greek quiz is so obscure that it is ridiculous -- noone can play this. Replace it with a new quiz about galley (ship) parts. This commit changes the *LAST UNMODIFIED ORIGINAL FILE* (meaning revision 1.1.1.1) from the original import that created OpenBSD on Oct 18, 1995. With this commit, we have completed an amusing mission of replacing the final parts of the original OpenBSD. We have reached OpenBSD of Theseus. ideas & assistance from mglocker, naval terminology help from jmc | ||
| b3a275b2 | 2024-08-23 17:19:16 | Putting Xs into squares is all the rage with statisticians. We should test that they can use bitstring macros for that. with & OK deraadt OK bluhm | ||
| 106a5347 | 2024-08-23 15:22:59 | Speed up script by using awk(1). Discussed with deraadt@ | ||
| d7d91d03 | 2024-08-23 15:14:45 | Make sure pmap_kernel's mutex field gets correctly initialized rather than bss initialized. | ||
| f313ac3f | 2024-08-23 15:13:58 | Generate tabset files using a script. ok deraadt millert | ||
| 94b44fb8 | 2024-08-23 15:10:40 | Fix some program names that were not expanded correctly when ncurses was updated and were instead replaced by ?. ok millert | ||
| 99d0e43d | 2024-08-23 14:50:16 | slight improvement to index file parsing; ok mlarkin | ||
| 3be60a96 | 2024-08-23 13:25:39 | Ignore internal function keys if they have not got an entry in the key table. | ||
| 6822f9c8 | 2024-08-23 12:56:26 | Remove unwanted trailing newlines from err/warn format strings. | ||
| cd409aae | 2024-08-23 10:19:06 | Check for exact match for layout name before looking for a prefix match. | ||
| 9197f06f | 2024-08-23 04:57:12 | Remove use of CSP/LMK in pkcs12 create/verify tests reminded by ... anton | ||
| f5960ed9 | 2024-08-23 04:51:00 | As defined in the RFC, the SSH protocol has negotiable compression support (which is requested as the name "zlib"). Compression starts very early in the session. Relative early in OpenSSH lifetime, privsep was added to sshd, and this required a shared-memory hack so the two processes could see what was going on in the dataflow. This shared-memory hack was soon recognized as a tremendous complexity risk, because it put libz (which very much trusts it's memory) in a dangerous place, and a new option ("zlib@openssh.com") was added begins compression after authentication (aka delayed-compression). That change also permitted removal of the shared-memory hack. Despite removal from the server, the old "zlib" support remained in the client, to allow negotiation with non-OpenSSH daemons which lack the delayed-compression option. This commit deletes support for the older "zlib" option in the client. It reduces our featureset in a small way, and encourages other servers to move to a better design. The SSH protocol is different enough that compressed-key-material attacks like BEAST are unlikely, but who wants to take the chance? We encourage other ssh servers who care about optional compression support to add delayed-zlib support. (Some already do "zlib@openssh.com") ok djm markus | ||
| 78ff30cd | 2024-08-23 04:26:11 | add rcsid markers so that we can visually see the flurry of commits in this area ok mlarkin | ||
| 3d017125 | 2024-08-23 04:25:46 | add the dumbest #-comment parser for the Game_List parser, someone else can improve this later. My code is not substandard considering what I saw. | ||
| 9919444f | 2024-08-23 04:21:18 | add rcsid markers so that we can visually see the flurry of commits in this area ok mlarkin | ||
| 8793f83a | 2024-08-23 04:19:40 | fix spelling of sequence ok mglocker | ||
| a7137979 | 2024-08-23 03:43:33 | atc(6): update ORD marker beacon information ok deraadt@ | ||
| 20459491 | 2024-08-23 03:25:32 | probition is over. most people want want to laugh at lightly offensive things. suggested it is time by millert | ||
| f16da4d7 | 2024-08-23 02:49:20 | these tests only print strerror result, which can be confusing to look up. print errno also. | ||
| 59f8131b | 2024-08-23 02:46:09 | must use sh to run the script, because /usr/src may be noexec | ||
| 5629e519 | 2024-08-23 01:31:04 | Fix KERN_AUDIO broken in rev 1.440. | ||
| 7f966493 | 2024-08-23 01:23:50 | FALLTROUGH -> FALLTHROUGH | ||
| 7f17d764 | 2024-08-23 01:19:33 | FALLTHROUHG -> FALLTHROUGH | ||
| 988a3bda | 2024-08-23 00:58:04 | cron: use strtonum() and tighter limits on step values Using strtonum() instead of atoi() gives us an extra layer of bounds checking for free while parsing an entry. This is in addition to the existing bounds checking in set_range(). The step value is now limited to the maximum range for an entry. If the field consists of a range, the step must not be larger than the difference between the high and low parts of the range. OK deraadt@ | ||
| 0569e73d | 2024-08-23 00:43:34 | Change SIGCHLD handler to just set a flag. We already call reap_kids() in multiple event loops so there is no need to call waitpid() inside the handler itself. OK denis@ deraadt@ | ||
| 258a53ee | 2024-08-22 23:11:30 | sntrup761x25519-sha512 now has an IANA codepoint assigned, so we can make the algorithm available without the @openssh.com suffix too. ok markus@ deraadt@ | ||
| d2f31222 | 2024-08-22 12:26:01 | PKCS12_create(3): remove Xr to EVP_PKEY_add1_attr(3) This API family has been neutered and will be removed in the next bump. Further cross references will be untangled in the future. | ||
| ce6bee98 | 2024-08-22 12:24:24 | Garbage collect unused attributes member from EVP_PKEY ok miod | ||
| e12df184 | 2024-08-22 12:22:42 | Remove copy_bag_attr() It is no longer possible to set an attribute on an EVP_PKEY, so this code is dead. ok miod | ||
| 2f15dad5 | 2024-08-22 12:21:07 | Neuter EVP_PKEY_add1_attr_by_NID() The last consumer in openssl(1) pkcs12 has been removed, so we no longer need this function. ok miod | ||
| bb91d778 | 2024-08-22 12:15:07 | openssl: adjust manual for LMK and CSP removal | ||
| 05034cf3 | 2024-08-22 12:14:33 | openssl pkcs12: remove support for LMK and CSP attributes Documentation on what the Microsoft-specific local machine keyset and the cryptographic service provider are actually good for is hard to find. For some reason (perhaps one million and two arguments for PKCS12_create() was considered two too many) these hang off the EVP_PKEY in the attributes member, which serves no other purpose. Every use of EVP_PKEY (of which there are far too many) pays extra memory taxes for this fringe use case. This complication is not worth it. ok miod | ||
| e8c1c6d5 | 2024-08-22 11:36:24 | Fix merge of bounce buffer segments in amd64 bus dma. If the physical pages are contiguous, _bus_dmamap_load_buffer() tries to merge the segments. In case of mbuf chains, it can happen that the physical bounce buffers are contiguous, but the virtual addresses of mbuf m_data are not. Then during transmit _bus_dmamap_sync() tries to copy segments where it cannot access the virtual source address which is mapped in a different mbuf. So if bounce buffers are used, physical and virtual buffer must be contigous, to merge a segment. While there, split check and decrement of variable i in a for loop to make the code readable. with and OK hshoexer@ | ||
| 7af0f08f | 2024-08-22 10:58:31 | Unlock unlock ipip_sysctl(). - IPIPCTL_ALLOW - atomically accessed integer; - IPIPCTL_STATS - per-CPU counters; In ipip_input() load `ipip_allow' value to `ipip_allow_local' and pass it down to ipip_input_if() as `allow' arg. ok bluhm | ||
| f9d2544e | 2024-08-22 10:21:02 | Use aes128-ctr for MAC tests since default has implicit MAC. Also verify that the Cipher or MAC we intended to use is actually the one selected during the test. | ||
| 11c54b09 | 2024-08-22 10:08:25 | Introduce sysctl_securelevel() to modify `securelevel' mp-safe. Keep KERN_SECURELVL locked until existing `securelevel' checks became moved out of kernel lock. Make sysctl_securelevel_int() mp-safe by using atomic_load_int(9) to unlocked read-only access for `securelevel'. Unlock KERN_ALLOWDT. `allowdt' is the atomically accessed integer used only once in dtopen(). ok mpi | ||
| 1e0c60bf | 2024-08-22 10:00:16 | sync manual section numbers | ||
| 3979f694 | 2024-08-22 09:05:51 | Clear overlay when command prompt is entered. Also fix some spacing in man page pointed out by jmc. | ||
| 3fe6b20f | 2024-08-22 08:44:22 | Fix answer. 2,$-1g/^/.,.1j does not combine every even-numbered line with the next odd-numbered line. One correct way is 2,$-1g/^/.,+1j Pointed out by ed1conf on mastodon. | ||
| d2a044ef | 2024-08-22 08:34:51 | ospfd: fix whitespace error introduced in previous | ||
| 6e92fa47 | 2024-08-22 08:22:13 | lldb: shut up the warning message on quit debugging kernel core file. The diff from Yuichiro NAITO. ok yasuoka | ||
| f885c9d9 | 2024-08-22 08:17:54 | inet_pton returns 0 and -1 for error. Adjust the error check that is now wrong after the inet_aton -> inet_pton conversion. Noticed by & OK bluhm. OK tb | ||
| 262a2674 | 2024-08-22 07:56:47 | Mechanically change inet_aton to inet_pton. npppd does not document that it would accept truncated or otherwise not fully spelled out IPv4 addresses. ok yasuoka | ||
| f4e38f01 | 2024-08-22 05:40:09 | Charles III succeeded Elizabeth II in the 21st century. OK jmc, mlarkin |