IABSD.fr/src

Branch :


Log

Author Commit Date CI Message
98f1db2d 2023-12-26 14:04:50 Update documentation URL
49a7a16f 2023-12-26 13:36:18 Align the other RIRs with the recent clarifications from AFRINIC Following https://lists.afrinic.net/pipermail/dbwg/2023-December/000496.html Simply apply the inverse of 'afrinic.constraints' r1.2 to the other RIR files (since no resources can be transferred from AFRINIC to any other RIRs). OK tb@
c35859a1 2023-12-26 11:03:27 Do not accept empty delta elements Ties de Kock found RRDP content that doesn't match the XML schema, most likely generated by krill: https://github.com/NLnetLabs/krill/issues/1180 Use the state machine to mark a new delta element as empty and check at the end whether that state was changed (which means it contained publish or withdraw elements). If so, raise a parse failure. ok claudio job
27b7e82d 2023-12-26 09:25:15 Apple machines with multiple speakers typically have the shutdown pin of the digital amplifier codecs wired up to a single GPIO. This is apparently problematic for Linux and Asahi Linux changed their device trees to use a regulator instead to such that reference counting makes sure that shutdown isn't asserted until all codecs are ready for it. Follow suit, even though our regulator code doesn't do the proper reference counting yet. ok patrick@
4ef70b62 2023-12-26 09:19:15 Improve handling of SError interrupts. Print some useful information and allow additional information to be printed for specific CPU types. Use this to print the L2C registers on Apple CPUs which can be very useful in tracking down the source of certain SError interrupts. ok miod@, dlg@
fa679d4f 2023-12-26 09:04:30 EVP_CipherInit(): remove cleanup call There is a bizarre EVP_CIPHER_CTX_cleanup() call in EVP_CipherInit() leading to a subtle behavior difference with EVP_CipherInit_ex(). The history is that before EVP_CIPHER_CTX was made opaque, a context would often live on the stack (hello, MariaDB) and the EVP_CIPHER_CTX_cleanup() call was in fact an EVP_CIPHER_CTX_init() which just zeroes out the struct. The problem with doing this is that on context reuse there could be data hanging off it, causing leaks. Attempts were made to clean up things in EVP_CipherFinal*(), but that broke applications reaching into the context afterward, so they were removed again. Later on, opacity allowed changing the _init() to a _cleanup() since EVP_CIPHER_CTX could no longer live on the stack, so it would no longer contain garbage. I have to correct myself: it would no longer contain stack garbage. Now: EVP_CipherInit_ex() does some extra dances to preserve the AES key wrap flag, which is cleared unconditionally in EVP_CipherInit(). That's annoying to document and very likely never going to be an issue in the wild: you'd need to do key wrap and then use the same context for use with a cipher that does not allow key wrap for this to make a difference. This way, all our EVP_{Cipher,Decrypt,Encrypt}*_ex() functions are now trivially wrapped by their non-_ex() versions. ok jsing
522874ac 2023-12-26 08:39:28 EVP_CipherInit_ex() merge two code paths Clean up the cipher context unconditionally if the cipher is being set. This allows doing the dance to retain the key wrap flag only once and makes it more obvious that allocating the cipher data doesn't leak. suggested by/ok jsing
936a262e 2023-12-25 22:41:50 Move EVP_PKEY_assign() a bit up and tweak it slightly ok jsing
3b2bee84 2023-12-25 22:14:23 Remove unused X509_LOOKUP_METHODs None of these function pointers were ever set. Now that the structure is opaque they won't ever be, so time for them to hit the bitbucket. Infinite extensibility of the toolkit results in complications, bugs, and dead code. ok jsing
58b76109 2023-12-25 22:02:59 Avoid out-of-bounds accesses in ASN1_BIT_STRING_{get,set}() If a negative n is passed, these functions would underrun the bitstring's data array. So add checks for that and drop spades of unnecessary parens. These functions are quite broken anyway. The setter attempts to zap the unnecessary trailing zero octets, but fails to do so if the bit being cleared isn't already set. Worse is the getter where you can't tell an error (like attempting an out-of-bounds read) from the bit being unset. ok joshua
135a5ef6 2023-12-25 21:55:31 Rename a few ret into pkey
ca270c0a 2023-12-25 21:51:57 Rework EVP_PKEY_set_type{,_str}() These two functions previously wrapped a pkey_set_type() helper, which was an utter mess because of ENGINE. With the long awaited departure of ENGINE, this function became a lot simpler. A further simplification is obtained by not doing the optimization to avoid an ameth lookup: this requires walking a list of 11 ameths. We should consider bsearch()... With this gone and a saner implementation of EVP_PKEY_free_it(), we can implement these functions with a dozen lines of code each. ok jsing
8ae31416 2023-12-25 21:41:19 Rework EVP_PKEY_free() Use pkey instead of x, remove the pointless variable i, no need to check for NULL before sk_X509_ATTRIBUTE_pop_free(), switch to freezero() to leave fewer invalid pointers around. ok jsing
543ad17d 2023-12-25 21:37:26 Move EVP_PKEY_free() up next to evp_pkey_free_pkey_ptr() ok jsing
c5e4bc83 2023-12-25 21:36:05 Fix EVP_PKEY_up_ref() - must have hit ^X somehow
8d56179e 2023-12-25 21:33:50 Rework evp_pkey_free_pkey_ptr() Rename the variable from x into pkey, make it NULL safe and unindent. ok jsing
0ba081db 2023-12-25 21:31:58 Rename EVP_PKEY_free_it() into evp_pkey_free_pkey_ptr() ok jsing
dd32ff22 2023-12-25 21:30:53 Move the confusingly named EVP_PKEY_free_it() a bit up ok jsing
60c2bb4d 2023-12-25 21:27:03 Simplify EVP_PKEY_up_ref() There is no need for a local variable and a ternary operator here. ok jsing
7dfcc577 2023-12-25 21:25:24 Switch EVP_PKEY_new() from malloc() to calloc() ok jsing
8e10a4b6 2023-12-25 15:52:18 Clarify that the ENGINE argument is ignored; OK tb@. While here, also switch the argument placeholder from *impl to *engine as suggested by tb@.
747b4226 2023-12-25 10:01:18 Install media contain no packages anymore so move packages build last This may the first items all speak about base and xenocara material, and the mention of ports/packages feels less out of place. Input and ok tb@
a7fa164f 2023-12-25 09:58:15 Zap HISTORY Knowing for which release this documentation was introduced seems superfluous. ok tb@
9113674e 2023-12-24 22:17:05 Move EVP_Digest() next to the functions it wraps It really makes no sense to have the mess that is EVP_MD_CTX_copy{,_ex}() live between EVP_Digest{Init{,_ex},Update,Final{,_ex}}() and EVP_Digest(), the latter being a relatively simple wrapper of Init_ex/Update/Final_ex.
0793d0d1 2023-12-24 11:12:34 rename bus_type enum to sparc_bus_type to not conflict with bus_type in drm build error reported by deraadt@ ok kettenis@
b7a40dd6 2023-12-24 10:48:58 Zal dead code OK tb@
ea1a5cb4 2023-12-24 06:35:05 Rewrite dev_mkdb with FTS This adds support for the devices in nested directories. Pointers, review, and OK by semarie@
8ca43f86 2023-12-23 23:03:00 Relax -C pledge to unbreak shelling out in interactive mode r1.69 introduced -C in 2008 "to continue multiple transfers"; 'ftp -C ftp://ftp.eu.openbsd.org/' lands in "ftp> " and turns "mget" into "reget" by default. r1.139 -C/resume without "proc exec" thusly was too strict. Instead, now after recent cleanups/tweaks, prevent execution with -o. OK millert
9c72bbc0 2023-12-23 22:40:42 Remove unused variables.
52d62b4a 2023-12-23 21:03:01 Sync for perl 5.36.3
cf22c65b 2023-12-23 21:02:20 Update to perl 5.36.3 No changes to perl, as those were already committed for the earlier errata. This just brings documentation and such in line with upstream. ok bluhm@
494ba95a 2023-12-23 18:28:38 Add support for "locked" DARTs. These have the page table registers locked down and we need to retain the existing mappings. ok patrick@
d1526e1c 2023-12-23 15:58:58 Suppress a spurious empty arg at EOF w/ "find -0" caused by the last commit.
9342ba5e 2023-12-23 14:18:27 Provide more complete implementations of some of the Linux compat interfaces that are needed for the upcoming apple kms driver. ok jsg@
93276353 2023-12-23 13:44:57 Change the type of dma_addr_t to uint64_t. It is a 64-bit type on most Linux architectures (including the most popular 32-bit ones) and a new driver I'm working on tries to print a dma_addr_t variable using %llx. ok jsg@
cc7eb4ae 2023-12-23 13:05:06 Use more consistent order for Init/Update/Final Consistently implement the _ex() version after the non-extended versions, First Cipher Init/Update/Final, then Encrypt, then Decrypt. This only switches the order of CipherFinal{,_ex} and move the DecryptInit* down, so they are no longer somewhere in the middle of the Encrypt* functions.
938ff1ae 2023-12-23 10:52:54 Backout always allocate per-CPU statistics counters for network interface descriptor. It panics during attach of em(4) device at boot.
d835b37b 2023-12-23 10:29:05 remove trailing whitespaces
0ef57bf0 2023-12-23 02:42:51 ketttenis -> kettenis
ce8152ca 2023-12-23 00:52:13 Prefix get_trusted_issuer() with x509_vfy_
4046f503 2023-12-22 23:01:50 Always allocate per-CPU statistics counters for network interface descriptor. We have the mess in network interface statistics. Only pseudo drivers do per-CPU counters allocation, all other network devices use the old `if_data'. The network stack partially uses per-CPU counters and partially use `if_data', but the protection is inconsistent: some times counters accessed with exclusive netlock, some times with shared netlock, some times with kernel lock, but without netlock, some times with another locks. To make network interfaces statistics more consistent, always allocate per-CPU counters at interface attachment time and use it instead of `if_data'. At this step only move counters allocation to the if_attach() internals. The `if_data' removal will be performed with the following diffs to make review and tests easier. ok bluhm
cd67bb40 2023-12-22 20:32:29 Zap useless newline added in previous
eafddf6e 2023-12-22 20:29:27 'pax' format support for files over 8GB ok millert@
b30f349c 2023-12-22 17:37:14 Remove two no longer necessary reminders I guess I'm getting old. Next time I'll have to add a reminder not to forget to remove the reminder.
074f23d4 2023-12-22 17:25:47 Remove extra whitespace on two lines
dffc24ec 2023-12-22 17:12:13 xargs: fix parsing of empty fields when "xargs -0" is used. Previously, these fields would be skipped. From Hiltjo Posthuma.
5065ecc0 2023-12-22 14:58:05 Add length checks for partial_len These remove a few more potential out-of-bounds accesses and ensure in particular that the padding is between 1 and block_size (inclusive). ok joshua jsing
2506fb05 2023-12-22 13:48:04 sync
d01ede91 2023-12-22 13:46:37 Rename check_hosts()
d75c6b31 2023-12-22 13:45:28 Replace check_trust() with its x509_vfy_ prefixed wrapper
c046cfbb 2023-12-22 13:42:18 Replace check_chain_extensions() with its x509_vfy_ wrapper
29ea0b8e 2023-12-22 13:36:20 Replace check_id() with its x509_vfy_check_id() wrapper
f7b04d53 2023-12-22 13:31:35 Remove a bunch of function pointers from X509_STORE_CTX These are only ever set to one particular function which is either local to this file or part of the public API and we never added the public API to set them to something else. Prefix the local functions touched in this commit with x509_vfy_. More cleanup to follow. ok joshua jsing
a66ae6eb 2023-12-22 13:04:30 Call log_setverbosity() directly after getopt() so that debugging information during config-parsing can be displayed. OK tb@
7a7ccefc 2023-12-22 13:03:16 Remove a log_debug from usm_checkuser(). It would only display what is in the config and was never actually displayed because of insufficient verbosity level during config-parsing and would display the wrong auth algorithm for SHA2. OK tb@
17d58910 2023-12-22 12:51:53 handle MODPY_PYBUILD=jupyter_packaging
2a59f15e 2023-12-22 12:35:22 Simplify some logic in EVP_EncryptInit_ex() Pull up the EVP_R_NO_CIPHER_SET check that was hidden somewhere down in the middle of the function. Handle the reuse case outside of the big non-NULL cipher case for now. This looks a bit odd but relies on the invariant that cipher_data is only set if the cipher is set. It will be reworked in a subsequent commit. ok jsing
1a313b5f 2023-12-22 10:23:11 Clean up includes in cms_smime.c
bacfa156 2023-12-22 10:20:33 evp_enc: make some flag checks explicit ok joshua jsing
330f150e 2023-12-22 09:40:14 Remove cleanup() and get_crl() from X509_STORE_CTX ok jsing
5bbb1462 2023-12-22 07:35:09 Remove unused function pointers from X509_STORE The struct underlying the X509_STORE type is opaque ars and nothing uses the accessors that OpenSSL added blindly for these. Therefore we didn't add them in the first place. So this rips out several dozens of lines of dead code. ok beck joshua jsing
8cbc3b0a 2023-12-22 05:28:14 Update microcode, initialization and reset behavior. Remove two chip versions (identified by MAC_CFG2 and MAC_CFG4) support that may not be available in the market, and also raise rxring lwm to 32. Tested by Nick Owens.
355ebfe3 2023-12-21 21:32:01 Remove EVP_PKEY_asn1_add{0,_alias}() documentation This API was recently neutered and will be removed in the next major bump. Mark it as intentionally undocumented in EVP_PKEY_asn1_new.3 and remove it from all other manuals.
1e76f160 2023-12-21 21:23:37 Mark some API-to-be-removed as intentionally undocumented
48ed1303 2023-12-21 20:50:43 Remove some superfluous parentheses
fdbc13eb 2023-12-21 19:40:47 New TEMPerGold sensor; reported by Mikolaj Kucharski on bugs@
03f86260 2023-12-21 19:34:07 Remove logic and comments related to INDIR now that they aren't supported anymore. ok tb@ deraadt@, no need to regen anything
4e2cbd5c 2023-12-21 13:54:05 mib_init() and MIB() disappeared with mib.c, remove their declarations. MIBDECL() and MIBEND are only used inside mib.h, so move their definition in there. OK tb@
a9292d2a 2023-12-21 12:43:30 Clean up snmpd's header situation. With the help of tb@ and include-what-you-use. OK tb@
5cc7c8af 2023-12-21 11:25:38 Tweak comment, the actual format is "ucom<unit#>:<usb id>" ok krw@
fd6a1eb9 2023-12-21 08:01:21 Fix a few unchecked allocations; ok millert@ miod@
fe7c67cd 2023-12-21 03:49:28 drm/i915: Fix remapped stride with CCS on ADL+ From Ville Syrjala 7b0faa541f15af170607e565ceca1ae44e6daa35 in linux-6.1.y/6.1.69 0ccd963fe555451b1f84e6d14d2b3ef03dd5c947 in mainline linux
b5a87694 2023-12-21 03:47:04 drm/amd/display: Disable PSR-SU on Parade 0803 TCON again From Mario Limonciello 20907717918f0487258424631b704c7248a72da2 in linux-6.1.y/6.1.69 e7ab758741672acb21c5d841a9f0309d30e48a06 in mainline linux
753b8a43 2023-12-21 03:45:45 drm/amdgpu: fix tear down order in amdgpu_vm_pt_free From Christian Koenig a9e2de19433fe0b63c080e910cce9954745cd903 in linux-6.1.y/6.1.69 ceb9a321e7639700844aa3bf234a4e0884f13b77 in mainline linux
04bcdf75 2023-12-21 03:43:28 drm/amdgpu/sdma5.2: add begin/end_use ring callbacks From Alex Deucher 78b2ba39beef21c8baebb1868569c2026ad76de0 in linux-6.1.y/6.1.69 ab4750332dbe535243def5dcebc24ca00c1f98ac in mainline linux
930af38e 2023-12-21 03:09:08 use strnstr paths in amdgpu
e86eac0a 2023-12-21 02:57:14 add strnstr(9) string search within character limit From Mike Barcroft in FreeBSD. Added to FreeBSD in 2001, Linux in 2010. Used in amdgpu. ok deraadt@
ba5cb451 2023-12-21 01:20:54 Print the proper file name in case we fail to allocate a "path" extended header Use name, not ln_name. Pasto introduced in previous.
e877db1a 2023-12-20 18:38:19 Clean up includes in cms_pwri.c
b71395ea 2023-12-20 17:29:01 update to nsd 4.8.0 OK sthen
8745f5cf 2023-12-20 15:36:36 introduce log_ntp_addr() and use it where applicable, avoids a null pointer deref in constraint.c reported by bluhm@; ok millert@
a346a825 2023-12-20 14:54:29 create a stub for pinsyscalls(2)
43ad5020 2023-12-20 14:52:07 there is a super-alignment between btext and text, this creates a hole. Twice, I have seen the sigtramp mapping land inside that hole. This causes grief for the upcoming pinsyscalls() work which operates on address space ranges. But the micro-optimization is silly. ok kettenis
805b87ea 2023-12-20 14:50:08 For strange reasons which made sense at the time, the text segment was placed head of the btext (boot.text) segment. (the boot.text segment is "unmapped" after initization, as a self-protection mechanism). this meant the LOAD's virtual addresses were not in sequence, which clearly isn't what we intended.
bd1f785c 2023-12-20 14:26:47 Use BIO_indent() for indentation in tasn_prn.c Using a loop to print pieces of a static buffer containing 20 spaces to indent things is just silly. Even sillier is making this buffer const without looking what it's actually used for... There is BIO_indent() or BIO_printf() that can handle "%*s". Add a length check to preserve behavior since BIO_indent() succeeds for negattive indent. However, peak silliness must be how BIO_dump_indent_cb() indents things. That's for another day. ok jsing
0efbd76f 2023-12-20 14:15:19 Rename impl into engine
0d061780 2023-12-20 14:14:39 Rename inl to in_len throughout the file
eb7e3ec9 2023-12-20 14:13:07 Rename outl into out_len throughout the file
5d24bf0c 2023-12-20 14:11:41 Tweak a comment a bit
cdb4020f 2023-12-20 14:10:03 Remove block_mask from EVP_CIPHER_CTX The block mask is only used in EVP_{De,En}cryptUpdate(). There's no need to hang it off the EVP_CIPHER_CTX since it is easy to compute and validate. ok joshua jsing
1d4d2a17 2023-12-20 14:05:58 Add some sanity checks for EVP_CIPHER_meth_new() Ensure that the nid and key length are non-negative and that the block size is one of the three sizes 1, 8, or 16 supported by the EVP subsystem. ok joshua jsing
bf2cda35 2023-12-20 14:00:17 btrace: add support for hex and octal values. Changes number tokenizing and parsing to support hex & octal values. Does not address other lexer issues (e.g. $0x1) to close gaps with bpftrace. OK claudio@
3e06329b 2023-12-20 13:52:17 Merge p_open and p_seal into p_legacy discussed with jsing
5b3fc661 2023-12-20 13:46:05 Fold p_dec.c and p_enc.c into a new p_legacy.c discussed with jsing
daef0c50 2023-12-20 13:37:25 Don't create an sd(4) larger than what the namespace will allow. A namespace must satisfy size (nsze) >= capacity (ncap) >= utilization (nuse) Use ncap for the sd(4) size when THINP is set and ncap < nsze. Tweak some variable names in passing to make code clearer. ok dlg@
5f3989c5 2023-12-20 13:34:47 Less confusing variable names in EVP_PKEY_{de,en}crypt_old() ok jsing
d69c19be 2023-12-20 13:30:51 MODPY_PYBUILD: use "bootstrap" instead of "Yes"
72bc33e8 2023-12-20 11:33:52 Improve local variable names Rename the slightly awkward buf_offset into partial_len and rename buf_avail into partial_needed to match. suggested by jsing
1420f9e4 2023-12-20 11:31:17 Rename buf_len into partial_len in EVP_CIPHER_CTX suggested by jsing
357ffaed 2023-12-20 11:01:34 Clean up EVP_DecryptFinal_ex() Rework the code to use the usual variable names, return early if we have block size 1 and unindent the remainder of the code for block sizes 8 and 16. Rework the padding check to be less acrobatic and copy the remainder of the plain text into out using memcpy() rather than a for loop. input/ok jsing