IABSD.fr/src

Branch :


Log

Author Commit Date CI Message
8bc1a323 2020-02-07 02:27:37 Remove backward compatibility for obsolete -H flag. The -H flag was deprecated in 1998. OK jung@
32a20e26 2020-02-07 00:57:49 update to upstream libfido2 780ad3c25 (20120123) install manual pages crank major feedback & ok jmc@ and naddy@
70bdf492 2020-02-06 22:48:23 When using HostkeyAlgorithms to merely append or remove algorithms from the default set (i.e. HostkeyAlgorithms=+/-...), retain the default behaviour of preferring those algorithms that have existing keys in known_hosts; ok markus
60da7224 2020-02-06 22:46:31 expand HostkeyAlgorithms prior to config dump, matching other algorithm lists; ok markus@
b89bcff9 2020-02-06 22:34:58 Add Include to the list of permitted keywords after a Match keyword. ok markus@
5f47a660 2020-02-06 22:30:54 Replace "security key" with "authenticator" in program messages. This replaces "security key" in error/usage/verbose messages and distinguishes between "authenticator" and "authenticator-hosted key". ok djm@
4674773e 2020-02-06 21:06:15 Try to reduce the lying, hyperbolic or obsolete commentary on the relationships between various scsi structs.
b3eeebc7 2020-02-06 19:41:34 Make sure that -l always causes -w to be ignored, as documented in the man(1) manual page. This bugfix is needed to prevent the command "man -lw" from dereferencing a NULL pointer.
cd3edfc4 2020-02-06 19:17:54 Remove pointless intermediate scsi_adapter field of softc by pointing sc_link.adapter at trm_switch directly.
7a8c3d64 2020-02-06 18:18:51 Delete unused scsi_adapter fields of softc's.
b7ca6301 2020-02-06 17:35:22 Re-enable the TLSv1.3 client since the known issues have been addressed. ok tb@
2be83379 2020-02-06 17:24:18 Eliminate use of 'migration aids' #define scsipi_<blah> and just use the real names.
da308e26 2020-02-06 16:05:58 Add a workaround to make SSL_set_session() work with TLSv1.3. While we do not currently do session resumption, just return the TLS_client_method() or TLS_server_method() when asked for a method that does TLSv1.3. ok tb@ (who also arrived at the same diff)
51407a81 2020-02-06 15:56:36 Soooooo much eye-searing trailing whitespace.
6f5906fa 2020-02-06 15:34:29 So much eye-searing trailing whitespace.
cb3167a9 2020-02-06 15:08:19 Whitespace tweak.
9b437883 2020-02-06 13:19:18 Add support for handling hello retry requests in the TLSv1.3 client. In the case of a hello retry request, we need to replace the client hello with a synthetic handshake message, switch key share to that selected by the server, build and send a new client hello, then process the resulting server hello. ok tb@
e0404061 2020-02-06 13:14:17 Correctly handle key share extensions in a hello retry request. In a hello retry request the server will only send the selected group and not actually provide a key exchange. In this case we need to store the server selected group for further processing. ok tb@
41a5d32e 2020-02-06 05:40:02 mention cbor fido llvm and llvm-c top level include directories
2ee00db3 2020-02-06 03:13:45 Instead of opting in to futexes on archs with atomics opt out on archs without atomics, a smaller list. ok mpi@ visa@
ca82ddf5 2020-02-05 21:50:41 Ooops. Missed a file in nuke of scsi_minphys. mpath_minphys() needs to check dev_minphys for NULL before calling it.
78e2db9e 2020-02-05 18:06:42 Reset the key share so that we do not have an existing peer public key.
2d2ee2e9 2020-02-05 17:30:30 Refactor the server hello processing code in the TLSv1.3 client. Use flags to signal the need to switch to the legacy client and to identify a hello retry request. This allows the caller to take appropriate action, rather than trying to do this in the parsing/processing code. Split the key deriviation and record protection engagement code into a separate function, both for readability and reuse. Change handshake states outside of the processing code. ok tb@
e0b6964f 2020-02-05 17:03:13 Move kernel locking inside knote_fdclose() from finishdup() and fdrelease(). This makes the upper layer of file descriptor closing free of KERNEL_LOCK() when the process does not use kqueue. The kernel locking around fdremove() and knote_fdclose() is no longer needed because kqueue_register() checks if there has been a race with file descriptor close. Moreover, the locking became ineffective against these races when filterops callbacks were allowed to sleep. OK anton@, mpi@
390a99a6 2020-02-05 17:01:43 Remove the hello retry request processing code that was previously added. This got added to the wrong functions (server side, not client) - swap the now unimplemented send/recv functions between client and server. ok tb@
3213f5ab 2020-02-05 16:47:34 Provide tls1_transcript_unfreeze() to avoid the need for manual flags mangling. ok tb@
5559e140 2020-02-05 16:42:29 Pull the handshake message transcript code into its own function. This is soon going to be used in the TLSv1.3 client code. ok tb@
21ceeee0 2020-02-05 16:29:29 Nuke unnecessary abstraction 'scsi_minphys()' which just calls 'minphys()'. Just use & check for NULL instead, since 'minphys()' is always called on the code path ([cd|sd|st]minphys) that calls physio().
83739621 2020-02-05 16:01:32 Very old firmware umsm devices don't work as umb(4), so I made them work as umsm(4). But the discrimination in the driver match functions is obviously weak in some way, so skip this for now. We need to figure out how to identify the retrogrades better.
a0a043be 2020-02-05 14:51:29 regen
ef369ecd 2020-02-05 14:50:57 Add some more Apollo Lake PCI IDs.
c2ed1e85 2020-02-05 14:26:26 Fix confusion between minimum and maximum samples-per-frame. This may fix rare stuttering caused by underruns in case device clock drifts with respect to the bus clock.
69b8accd 2020-02-05 13:06:49 Make list-keys description clearer in tmux.1 and remove an unused variable.
f9f64f7b 2020-02-05 12:35:19 More precision regarding the openlog(3) *ident argument; direction suggested by Laurence Tratt <laurie at tratt dot net>, part of the wording from deraadt@. While here, add the missing STANDARDS section, correct HISTORY, drop redundant verbiage from RETURN VALUES, and garbage collect .Tn. OK sthen@ jmc@ millert@ and Laurence Tratt, and deraadt@ likes one line of the patch in particular.
d3462bd9 2020-02-05 11:27:06 regen
abe3b7ad 2020-02-05 11:26:52 Add some more Apollo Lake PCI IDs.
c244ee1b 2020-02-05 10:44:25 Mention AUDIO_MIXER_{DEVINFO,READ,WRITE} in the "audio" section
9dc2590b 2020-02-05 10:40:37 Allow programs with the "audio" promise to use the AUDIO_MIXER_xxx ioctls. ok semarie, deraadt
4d6a222d 2020-02-05 10:34:01 regen
2777f970 2020-02-05 10:33:20 Add Pericom PI7C9X2G404EL PCIe Packet Switch
512ae95b 2020-02-05 10:21:17 Detach timeouts and the softint handler before freeing memory. As more and more teardown functions include barriers, or any kind of context change, it is unsafe to continue to assume that such code paths are atomic. So a good practise is to only free descriptor when we're sure that no other context can access them. Found while looking at visa@'s ttkqflush() replacement diff. The same pattern is present in many USB drivers as found with Peter Stuge. ok visa@
273d195e 2020-02-05 10:19:34 regen
3ad6036a 2020-02-05 10:19:19 Add some more Gemini Lake IDs. from James Hastings
55e608a4 2020-02-05 10:12:38 Remove dead store, from Amit Kulkarni.
371cec60 2020-02-05 06:41:46 Replace atoi with strtonum for stricter and safer integer parsing. -N ndots: 0, INT_MAX The upper limit is a bit silly, everything bigger than a small number will force domain names to be interpretet as relative. -R retries INT_MIN, INT_MAX - 1 Specifically documented to accept negative numbers. -W wait 0, INT_MAX One could interpret the documentation as meaning that it accepts negative numbers but that failes later on with an error message from the timer code.. with deraadt, OK kn, input & OK tedu
753de96b 2020-02-05 06:12:43 Rework tls13_legacy_handshake_message_{recv,sent}_cb() to use their own CBS as a preparation for upcoming HRR diffs. ok jsing
1189ea33 2020-02-04 19:42:25 iterated_hash is unused
19783156 2020-02-04 19:41:10 bit.h and events.h are unused.
200e61a4 2020-02-04 19:40:01 lwres no longer deals with lists.
a0dd80fd 2020-02-04 19:38:54 Nothing sets DNS_RDATASETATTR_NEGATIVE; remove code dealing with that and then remove ncache.c.
8275d75e 2020-02-04 19:34:39 dig is not generating DS records.
060f58f2 2020-02-04 19:33:48 keydata.c is unused.
0e5fb1b4 2020-02-04 19:30:01 soa.c is unused.
ca6b57ac 2020-02-04 19:27:45 We are not going to generate nsec or nsec3 RRsets.
7740122f 2020-02-04 19:24:07 dig(1) only needs tsig support so we can delete all non-HMAC crypto code.
fa00c3c6 2020-02-04 19:18:57 isc/stat.h is unused
758f105f 2020-02-04 19:17:58 just use netdb.h directly
6cce272f 2020-02-04 19:13:02 Remove unused typedefs that got left behind in previous shreddings from types.h and get rid of offset.h while here by just using off_t in the one place where it's needed. However offset.h brought in limits.h and sys/types.h so sprinkle some includes over the tree to have various _MAX and intX_t defined.
b91cec24 2020-02-04 19:06:54 Get rid of getopt(3) compat code.
217d53ce 2020-02-04 18:45:07 Remove a bunch of unused functions who access the filesystem and then get rid of lib/isc/unix/dir.c
41446d20 2020-02-04 18:42:51 We are not going to generate sig0 records so we can rip out the sig0key which in turn lets us delete all of dnssec.c
8122188b 2020-02-04 18:41:04 Use opendir(3) to not depend on lib/isc/unix/dir.c. No change in generated .h files in obj.
6ad1781c 2020-02-04 18:06:53 unused
9b242555 2020-02-04 18:06:26 Add support for TLSv1.3 key shares with secp256r1 and secp384r1 groups. ok inoguchi@ tb@
4ffeaa56 2020-02-04 18:02:31 We are not using aes.
daaa2dc5 2020-02-04 18:00:30 Free the transcript as soon as we initialise the transcript hash. Unlike TLSv1.2 there is only a single hash in use, hence as soon as we know what the hash is and have initialised the transcript hash, we can free the transcript buffers. ok inoguchi@ tb@
74ec555c 2020-02-04 11:02:16 Remove unused files.
bc099f5f 2020-02-04 10:59:23 Refactoring to prepare multi-queues support, no intended behavior change: - Abstract the allocation/freeing of TX/RX ring into em_dma_malloc(). This will ease the introduction of multiple rings. - Split the 82576 variant out of 82575. The distinction is necessary when it comes to setting multiple queues. - Change multiple TX/RX related macro to take an index argument corresponding to a ring. Currently only the index 0 and 1 are used. - Gather and print more stats counters - Switch to using a function, like FreeBSD, to translate 82542 registers and get rid of a set of defines. Tested by many, thanks! ok mlarkin@, jmatthew@
1159b649 2020-02-04 10:56:15 Replace msleep(9) by sleep_setup/setup_signal/finish() dance. This handrolled cond_wait() dealing with signals prevents a lock ordering problem when executing probes inside the scheduler code. That means we stop relying on a mutex for synchronisation and instead rely on the sleep_* internals, currently the SCHED_LOCK(). From kettenis@
5d6a987f 2020-02-04 10:09:37 allow reading of sysctl kern.somaxconn in "inet", due to operational behaviour of "go" which is not unreasonable from Jimmy Brush
67d0e46d 2020-02-04 09:58:04 require FIDO application strings to start with "ssh:"; ok markus@
57e95379 2020-02-04 04:09:11 Replace TAILQ concatenation loop with TAILQ_CONCAT OK florian@, bluhm@, visa@
afd4461c 2020-02-04 01:01:09 Enable rge(4). Tested on rockpro64. ok sthen@
067cc469 2020-02-03 23:47:57 revert enabling UpdateHostKeys by default - there are still corner cases we need to address; ok markus
7f62056d 2020-02-03 22:33:04 1. To avoid confusion, when showing a function definition, call it a definition rather than a declaration, even though every definition is of course also a declaration. 2. Prototype functions used from other files in include files; stop restricting that advice to kernel code. 3. Drop some duplicate content. OK jca@
2d8fd64b 2020-02-03 15:53:52 ORCPT addresses are prefixed with an address type, the stricter check cause the prefix to be rejected as it contains a character not allowed in address reported by Scott Vanderbilt
68213f7b 2020-02-03 15:41:22 now that mail.local(8) relies on lockspool(1) for mailbox locking, have the mailbox created by smtpd for mbox before privileges are dropped then we can call mail.local(8) with the recipient privileges. ok millert@
fe77834b 2020-02-03 13:46:27 Instead of passing titles through vis() which doubles backslashes, just ignore any containing control characters or invalid UTF-8. GitHub issue 2070.
214ef3be 2020-02-03 08:15:37 use better markup for challenge and write-attestation, and rejig the challenge text a little; ok djm
c711e483 2020-02-02 23:17:09 Allow mail.local to be run as non-root. If mail.local is invoked by a non-root user, open a pipe to lockspool(1) for file locking. It is only possible to delivery to a pre-existing mail spool when running mail.local as non-root. OK gilles@ deraadt@
43304138 2020-02-02 22:13:48 add SENDER to mda environment and teach lmtp to use that instead of command line parameter. this allows simplifying lmtp command line and it would have prevented the unpriv command exec for LMTP in recent advisory. ok millert@ and jung@
aae2f867 2020-02-02 21:01:53 Since OpenBSD has switched to the strict host model, this regress needs IP forwarding enabled on the packet source machine. Otherwise the pf reply-to test fails.
79e9e8a1 2020-02-02 20:33:52 Tweak dhclient(8) timing defaults depending on SMALL rather than using /dev/stdin to fake a dhclient.conf file during install. Simplifies and shortens install.sub code. Allows further restrictions to be applied to '-c' specified files.
4ae13c99 2020-02-02 20:18:17 Add missing new line to printf. Make clean should not require SUDO.
0c8b720f 2020-02-02 18:55:46 Reapply post-svc-sled in a repaired fashion. The SYS_sigreturn-related sigcoderet label must point directly after the svc instruction, because the sigreturn() checks it as SROP mitigation, so place the sled after the label. tested by naddy
78ec4541 2020-02-02 18:01:39 Back out previous "insert two nop instructions after svc instructions for SYS_exit and SYS_sigreturn in the sigtramp"; init has trouble spawning processes.
6aa1eb2d 2020-02-02 09:45:34 Output (none) in debug in the case in the CheckHostIP=no case as suggested by markus@
adb494d5 2020-02-02 09:22:22 Prevent possible null pointer deref of ip_str in debug.
5fe3eeb1 2020-02-02 07:36:50 shuffle the challenge keyword to keep the -O list sorted;
b1517c8e 2020-02-02 05:25:41 Drop 'mixer' variable whose value is not used. It was introduced by mistake in r1.39.
c76634e5 2020-02-02 05:21:15 Rename {print,parse}_val() functions to {print,parse}_field() No object change.
c88ab7ef 2020-02-02 03:08:37 stop worrying about compilers that do not support ANSI C89; OK deraadt@ millert@ jung@ jca@
c9bcb21b 2020-02-02 00:49:06 Fix MD in "ldomctl dump" Commit below merged duplicate code into hv_config() but forgot to call the helper function from dump(). Noticed by "ldomctl dump" returning zero, dumping both MD and PRI but leaving the former empty, sorry. revision 1.32 date: 2020/01/03 19:45:51; author: kn; state: Exp; lines: +69 -46; Move code into new hv_config(), defer to commands needing it
884a0a9f 2020-02-01 23:09:46 Also insert two nop instructions after svc instructions for SYS_exit and SYS_sigreturn in the sigtramp. As these control-flow into a jump or process termination, we never do the +8 dance over the instructions, however the speculation prevention (once these nops are replaced with a speculation barrier) is required. oversight noticed by Anthony Steinhauser.
7cd70a91 2020-02-01 18:07:49 Rename print_names flag to show_names. Avoids confusion with print_xxx routines; no object change.
ae1c1eb9 2020-02-01 18:06:19 Move commands processing into it's own routine. Makes the code more readable and easier to tweak; no bahavior change.
52cbe529 2020-02-01 15:52:34 Back out previous. Nothing wrong with the diff per se but I should have asked for more oks; my bad!
18b9798e 2020-02-01 15:33:46 be much stricter about ORCPT, it isn't in the code path of local delivery and doesn't have an associated context variable, but let's be paranoid. ok millert@
fec696e8 2020-02-01 15:06:21 Grab the kernel lock in pgsigio() as it's strictly needed while operating on the process structure and issuing signals. This is similar to what sigio_setown() already does. With this in place, the pipe subsystem is no longer required to grab the kernel lock before calling pgsigio(). ok visa@
f2fecb5e 2020-02-01 15:00:20 Use -rdomain to reset rdomain Properly reflect the "delete" semantic; better than the implicit "reassign". OK jca