Branch :
| Author | Commit | Date | CI | Message |
|---|---|---|---|---|
| 98f1db2d | 2023-12-26 14:04:50 | Update documentation URL | ||
| 49a7a16f | 2023-12-26 13:36:18 | Align the other RIRs with the recent clarifications from AFRINIC Following https://lists.afrinic.net/pipermail/dbwg/2023-December/000496.html Simply apply the inverse of 'afrinic.constraints' r1.2 to the other RIR files (since no resources can be transferred from AFRINIC to any other RIRs). OK tb@ | ||
| c35859a1 | 2023-12-26 11:03:27 | Do not accept empty delta elements Ties de Kock found RRDP content that doesn't match the XML schema, most likely generated by krill: https://github.com/NLnetLabs/krill/issues/1180 Use the state machine to mark a new delta element as empty and check at the end whether that state was changed (which means it contained publish or withdraw elements). If so, raise a parse failure. ok claudio job | ||
| 27b7e82d | 2023-12-26 09:25:15 | Apple machines with multiple speakers typically have the shutdown pin of the digital amplifier codecs wired up to a single GPIO. This is apparently problematic for Linux and Asahi Linux changed their device trees to use a regulator instead to such that reference counting makes sure that shutdown isn't asserted until all codecs are ready for it. Follow suit, even though our regulator code doesn't do the proper reference counting yet. ok patrick@ | ||
| 4ef70b62 | 2023-12-26 09:19:15 | Improve handling of SError interrupts. Print some useful information and allow additional information to be printed for specific CPU types. Use this to print the L2C registers on Apple CPUs which can be very useful in tracking down the source of certain SError interrupts. ok miod@, dlg@ | ||
| fa679d4f | 2023-12-26 09:04:30 | EVP_CipherInit(): remove cleanup call There is a bizarre EVP_CIPHER_CTX_cleanup() call in EVP_CipherInit() leading to a subtle behavior difference with EVP_CipherInit_ex(). The history is that before EVP_CIPHER_CTX was made opaque, a context would often live on the stack (hello, MariaDB) and the EVP_CIPHER_CTX_cleanup() call was in fact an EVP_CIPHER_CTX_init() which just zeroes out the struct. The problem with doing this is that on context reuse there could be data hanging off it, causing leaks. Attempts were made to clean up things in EVP_CipherFinal*(), but that broke applications reaching into the context afterward, so they were removed again. Later on, opacity allowed changing the _init() to a _cleanup() since EVP_CIPHER_CTX could no longer live on the stack, so it would no longer contain garbage. I have to correct myself: it would no longer contain stack garbage. Now: EVP_CipherInit_ex() does some extra dances to preserve the AES key wrap flag, which is cleared unconditionally in EVP_CipherInit(). That's annoying to document and very likely never going to be an issue in the wild: you'd need to do key wrap and then use the same context for use with a cipher that does not allow key wrap for this to make a difference. This way, all our EVP_{Cipher,Decrypt,Encrypt}*_ex() functions are now trivially wrapped by their non-_ex() versions. ok jsing | ||
| 522874ac | 2023-12-26 08:39:28 | EVP_CipherInit_ex() merge two code paths Clean up the cipher context unconditionally if the cipher is being set. This allows doing the dance to retain the key wrap flag only once and makes it more obvious that allocating the cipher data doesn't leak. suggested by/ok jsing | ||
| 936a262e | 2023-12-25 22:41:50 | Move EVP_PKEY_assign() a bit up and tweak it slightly ok jsing | ||
| 3b2bee84 | 2023-12-25 22:14:23 | Remove unused X509_LOOKUP_METHODs None of these function pointers were ever set. Now that the structure is opaque they won't ever be, so time for them to hit the bitbucket. Infinite extensibility of the toolkit results in complications, bugs, and dead code. ok jsing | ||
| 58b76109 | 2023-12-25 22:02:59 | Avoid out-of-bounds accesses in ASN1_BIT_STRING_{get,set}() If a negative n is passed, these functions would underrun the bitstring's data array. So add checks for that and drop spades of unnecessary parens. These functions are quite broken anyway. The setter attempts to zap the unnecessary trailing zero octets, but fails to do so if the bit being cleared isn't already set. Worse is the getter where you can't tell an error (like attempting an out-of-bounds read) from the bit being unset. ok joshua | ||
| 135a5ef6 | 2023-12-25 21:55:31 | Rename a few ret into pkey | ||
| ca270c0a | 2023-12-25 21:51:57 | Rework EVP_PKEY_set_type{,_str}() These two functions previously wrapped a pkey_set_type() helper, which was an utter mess because of ENGINE. With the long awaited departure of ENGINE, this function became a lot simpler. A further simplification is obtained by not doing the optimization to avoid an ameth lookup: this requires walking a list of 11 ameths. We should consider bsearch()... With this gone and a saner implementation of EVP_PKEY_free_it(), we can implement these functions with a dozen lines of code each. ok jsing | ||
| 8ae31416 | 2023-12-25 21:41:19 | Rework EVP_PKEY_free() Use pkey instead of x, remove the pointless variable i, no need to check for NULL before sk_X509_ATTRIBUTE_pop_free(), switch to freezero() to leave fewer invalid pointers around. ok jsing | ||
| 543ad17d | 2023-12-25 21:37:26 | Move EVP_PKEY_free() up next to evp_pkey_free_pkey_ptr() ok jsing | ||
| c5e4bc83 | 2023-12-25 21:36:05 | Fix EVP_PKEY_up_ref() - must have hit ^X somehow | ||
| 8d56179e | 2023-12-25 21:33:50 | Rework evp_pkey_free_pkey_ptr() Rename the variable from x into pkey, make it NULL safe and unindent. ok jsing | ||
| 0ba081db | 2023-12-25 21:31:58 | Rename EVP_PKEY_free_it() into evp_pkey_free_pkey_ptr() ok jsing | ||
| dd32ff22 | 2023-12-25 21:30:53 | Move the confusingly named EVP_PKEY_free_it() a bit up ok jsing | ||
| 60c2bb4d | 2023-12-25 21:27:03 | Simplify EVP_PKEY_up_ref() There is no need for a local variable and a ternary operator here. ok jsing | ||
| 7dfcc577 | 2023-12-25 21:25:24 | Switch EVP_PKEY_new() from malloc() to calloc() ok jsing | ||
| 8e10a4b6 | 2023-12-25 15:52:18 | Clarify that the ENGINE argument is ignored; OK tb@. While here, also switch the argument placeholder from *impl to *engine as suggested by tb@. | ||
| 747b4226 | 2023-12-25 10:01:18 | Install media contain no packages anymore so move packages build last This may the first items all speak about base and xenocara material, and the mention of ports/packages feels less out of place. Input and ok tb@ | ||
| a7fa164f | 2023-12-25 09:58:15 | Zap HISTORY Knowing for which release this documentation was introduced seems superfluous. ok tb@ | ||
| 9113674e | 2023-12-24 22:17:05 | Move EVP_Digest() next to the functions it wraps It really makes no sense to have the mess that is EVP_MD_CTX_copy{,_ex}() live between EVP_Digest{Init{,_ex},Update,Final{,_ex}}() and EVP_Digest(), the latter being a relatively simple wrapper of Init_ex/Update/Final_ex. | ||
| 0793d0d1 | 2023-12-24 11:12:34 | rename bus_type enum to sparc_bus_type to not conflict with bus_type in drm build error reported by deraadt@ ok kettenis@ | ||
| b7a40dd6 | 2023-12-24 10:48:58 | Zal dead code OK tb@ | ||
| ea1a5cb4 | 2023-12-24 06:35:05 | Rewrite dev_mkdb with FTS This adds support for the devices in nested directories. Pointers, review, and OK by semarie@ | ||
| 8ca43f86 | 2023-12-23 23:03:00 | Relax -C pledge to unbreak shelling out in interactive mode r1.69 introduced -C in 2008 "to continue multiple transfers"; 'ftp -C ftp://ftp.eu.openbsd.org/' lands in "ftp> " and turns "mget" into "reget" by default. r1.139 -C/resume without "proc exec" thusly was too strict. Instead, now after recent cleanups/tweaks, prevent execution with -o. OK millert | ||
| 9c72bbc0 | 2023-12-23 22:40:42 | Remove unused variables. | ||
| 52d62b4a | 2023-12-23 21:03:01 | Sync for perl 5.36.3 | ||
| cf22c65b | 2023-12-23 21:02:20 | Update to perl 5.36.3 No changes to perl, as those were already committed for the earlier errata. This just brings documentation and such in line with upstream. ok bluhm@ | ||
| 494ba95a | 2023-12-23 18:28:38 | Add support for "locked" DARTs. These have the page table registers locked down and we need to retain the existing mappings. ok patrick@ | ||
| d1526e1c | 2023-12-23 15:58:58 | Suppress a spurious empty arg at EOF w/ "find -0" caused by the last commit. | ||
| 9342ba5e | 2023-12-23 14:18:27 | Provide more complete implementations of some of the Linux compat interfaces that are needed for the upcoming apple kms driver. ok jsg@ | ||
| 93276353 | 2023-12-23 13:44:57 | Change the type of dma_addr_t to uint64_t. It is a 64-bit type on most Linux architectures (including the most popular 32-bit ones) and a new driver I'm working on tries to print a dma_addr_t variable using %llx. ok jsg@ | ||
| cc7eb4ae | 2023-12-23 13:05:06 | Use more consistent order for Init/Update/Final Consistently implement the _ex() version after the non-extended versions, First Cipher Init/Update/Final, then Encrypt, then Decrypt. This only switches the order of CipherFinal{,_ex} and move the DecryptInit* down, so they are no longer somewhere in the middle of the Encrypt* functions. | ||
| 938ff1ae | 2023-12-23 10:52:54 | Backout always allocate per-CPU statistics counters for network interface descriptor. It panics during attach of em(4) device at boot. | ||
| d835b37b | 2023-12-23 10:29:05 | remove trailing whitespaces | ||
| 0ef57bf0 | 2023-12-23 02:42:51 | ketttenis -> kettenis | ||
| ce8152ca | 2023-12-23 00:52:13 | Prefix get_trusted_issuer() with x509_vfy_ | ||
| 4046f503 | 2023-12-22 23:01:50 | Always allocate per-CPU statistics counters for network interface descriptor. We have the mess in network interface statistics. Only pseudo drivers do per-CPU counters allocation, all other network devices use the old `if_data'. The network stack partially uses per-CPU counters and partially use `if_data', but the protection is inconsistent: some times counters accessed with exclusive netlock, some times with shared netlock, some times with kernel lock, but without netlock, some times with another locks. To make network interfaces statistics more consistent, always allocate per-CPU counters at interface attachment time and use it instead of `if_data'. At this step only move counters allocation to the if_attach() internals. The `if_data' removal will be performed with the following diffs to make review and tests easier. ok bluhm | ||
| cd67bb40 | 2023-12-22 20:32:29 | Zap useless newline added in previous | ||
| eafddf6e | 2023-12-22 20:29:27 | 'pax' format support for files over 8GB ok millert@ | ||
| b30f349c | 2023-12-22 17:37:14 | Remove two no longer necessary reminders I guess I'm getting old. Next time I'll have to add a reminder not to forget to remove the reminder. | ||
| 074f23d4 | 2023-12-22 17:25:47 | Remove extra whitespace on two lines | ||
| dffc24ec | 2023-12-22 17:12:13 | xargs: fix parsing of empty fields when "xargs -0" is used. Previously, these fields would be skipped. From Hiltjo Posthuma. | ||
| 5065ecc0 | 2023-12-22 14:58:05 | Add length checks for partial_len These remove a few more potential out-of-bounds accesses and ensure in particular that the padding is between 1 and block_size (inclusive). ok joshua jsing | ||
| 2506fb05 | 2023-12-22 13:48:04 | sync | ||
| d01ede91 | 2023-12-22 13:46:37 | Rename check_hosts() | ||
| d75c6b31 | 2023-12-22 13:45:28 | Replace check_trust() with its x509_vfy_ prefixed wrapper | ||
| c046cfbb | 2023-12-22 13:42:18 | Replace check_chain_extensions() with its x509_vfy_ wrapper | ||
| 29ea0b8e | 2023-12-22 13:36:20 | Replace check_id() with its x509_vfy_check_id() wrapper | ||
| f7b04d53 | 2023-12-22 13:31:35 | Remove a bunch of function pointers from X509_STORE_CTX These are only ever set to one particular function which is either local to this file or part of the public API and we never added the public API to set them to something else. Prefix the local functions touched in this commit with x509_vfy_. More cleanup to follow. ok joshua jsing | ||
| a66ae6eb | 2023-12-22 13:04:30 | Call log_setverbosity() directly after getopt() so that debugging information during config-parsing can be displayed. OK tb@ | ||
| 7a7ccefc | 2023-12-22 13:03:16 | Remove a log_debug from usm_checkuser(). It would only display what is in the config and was never actually displayed because of insufficient verbosity level during config-parsing and would display the wrong auth algorithm for SHA2. OK tb@ | ||
| 17d58910 | 2023-12-22 12:51:53 | handle MODPY_PYBUILD=jupyter_packaging | ||
| 2a59f15e | 2023-12-22 12:35:22 | Simplify some logic in EVP_EncryptInit_ex() Pull up the EVP_R_NO_CIPHER_SET check that was hidden somewhere down in the middle of the function. Handle the reuse case outside of the big non-NULL cipher case for now. This looks a bit odd but relies on the invariant that cipher_data is only set if the cipher is set. It will be reworked in a subsequent commit. ok jsing | ||
| 1a313b5f | 2023-12-22 10:23:11 | Clean up includes in cms_smime.c | ||
| bacfa156 | 2023-12-22 10:20:33 | evp_enc: make some flag checks explicit ok joshua jsing | ||
| 330f150e | 2023-12-22 09:40:14 | Remove cleanup() and get_crl() from X509_STORE_CTX ok jsing | ||
| 5bbb1462 | 2023-12-22 07:35:09 | Remove unused function pointers from X509_STORE The struct underlying the X509_STORE type is opaque ars and nothing uses the accessors that OpenSSL added blindly for these. Therefore we didn't add them in the first place. So this rips out several dozens of lines of dead code. ok beck joshua jsing | ||
| 8cbc3b0a | 2023-12-22 05:28:14 | Update microcode, initialization and reset behavior. Remove two chip versions (identified by MAC_CFG2 and MAC_CFG4) support that may not be available in the market, and also raise rxring lwm to 32. Tested by Nick Owens. | ||
| 355ebfe3 | 2023-12-21 21:32:01 | Remove EVP_PKEY_asn1_add{0,_alias}() documentation This API was recently neutered and will be removed in the next major bump. Mark it as intentionally undocumented in EVP_PKEY_asn1_new.3 and remove it from all other manuals. | ||
| 1e76f160 | 2023-12-21 21:23:37 | Mark some API-to-be-removed as intentionally undocumented | ||
| 48ed1303 | 2023-12-21 20:50:43 | Remove some superfluous parentheses | ||
| fdbc13eb | 2023-12-21 19:40:47 | New TEMPerGold sensor; reported by Mikolaj Kucharski on bugs@ | ||
| 03f86260 | 2023-12-21 19:34:07 | Remove logic and comments related to INDIR now that they aren't supported anymore. ok tb@ deraadt@, no need to regen anything | ||
| 4e2cbd5c | 2023-12-21 13:54:05 | mib_init() and MIB() disappeared with mib.c, remove their declarations. MIBDECL() and MIBEND are only used inside mib.h, so move their definition in there. OK tb@ | ||
| a9292d2a | 2023-12-21 12:43:30 | Clean up snmpd's header situation. With the help of tb@ and include-what-you-use. OK tb@ | ||
| 5cc7c8af | 2023-12-21 11:25:38 | Tweak comment, the actual format is "ucom<unit#>:<usb id>" ok krw@ | ||
| fd6a1eb9 | 2023-12-21 08:01:21 | Fix a few unchecked allocations; ok millert@ miod@ | ||
| fe7c67cd | 2023-12-21 03:49:28 | drm/i915: Fix remapped stride with CCS on ADL+ From Ville Syrjala 7b0faa541f15af170607e565ceca1ae44e6daa35 in linux-6.1.y/6.1.69 0ccd963fe555451b1f84e6d14d2b3ef03dd5c947 in mainline linux | ||
| b5a87694 | 2023-12-21 03:47:04 | drm/amd/display: Disable PSR-SU on Parade 0803 TCON again From Mario Limonciello 20907717918f0487258424631b704c7248a72da2 in linux-6.1.y/6.1.69 e7ab758741672acb21c5d841a9f0309d30e48a06 in mainline linux | ||
| 753b8a43 | 2023-12-21 03:45:45 | drm/amdgpu: fix tear down order in amdgpu_vm_pt_free From Christian Koenig a9e2de19433fe0b63c080e910cce9954745cd903 in linux-6.1.y/6.1.69 ceb9a321e7639700844aa3bf234a4e0884f13b77 in mainline linux | ||
| 04bcdf75 | 2023-12-21 03:43:28 | drm/amdgpu/sdma5.2: add begin/end_use ring callbacks From Alex Deucher 78b2ba39beef21c8baebb1868569c2026ad76de0 in linux-6.1.y/6.1.69 ab4750332dbe535243def5dcebc24ca00c1f98ac in mainline linux | ||
| 930af38e | 2023-12-21 03:09:08 | use strnstr paths in amdgpu | ||
| e86eac0a | 2023-12-21 02:57:14 | add strnstr(9) string search within character limit From Mike Barcroft in FreeBSD. Added to FreeBSD in 2001, Linux in 2010. Used in amdgpu. ok deraadt@ | ||
| ba5cb451 | 2023-12-21 01:20:54 | Print the proper file name in case we fail to allocate a "path" extended header Use name, not ln_name. Pasto introduced in previous. | ||
| e877db1a | 2023-12-20 18:38:19 | Clean up includes in cms_pwri.c | ||
| b71395ea | 2023-12-20 17:29:01 | update to nsd 4.8.0 OK sthen | ||
| 8745f5cf | 2023-12-20 15:36:36 | introduce log_ntp_addr() and use it where applicable, avoids a null pointer deref in constraint.c reported by bluhm@; ok millert@ | ||
| a346a825 | 2023-12-20 14:54:29 | create a stub for pinsyscalls(2) | ||
| 43ad5020 | 2023-12-20 14:52:07 | there is a super-alignment between btext and text, this creates a hole. Twice, I have seen the sigtramp mapping land inside that hole. This causes grief for the upcoming pinsyscalls() work which operates on address space ranges. But the micro-optimization is silly. ok kettenis | ||
| 805b87ea | 2023-12-20 14:50:08 | For strange reasons which made sense at the time, the text segment was placed head of the btext (boot.text) segment. (the boot.text segment is "unmapped" after initization, as a self-protection mechanism). this meant the LOAD's virtual addresses were not in sequence, which clearly isn't what we intended. | ||
| bd1f785c | 2023-12-20 14:26:47 | Use BIO_indent() for indentation in tasn_prn.c Using a loop to print pieces of a static buffer containing 20 spaces to indent things is just silly. Even sillier is making this buffer const without looking what it's actually used for... There is BIO_indent() or BIO_printf() that can handle "%*s". Add a length check to preserve behavior since BIO_indent() succeeds for negattive indent. However, peak silliness must be how BIO_dump_indent_cb() indents things. That's for another day. ok jsing | ||
| 0efbd76f | 2023-12-20 14:15:19 | Rename impl into engine | ||
| 0d061780 | 2023-12-20 14:14:39 | Rename inl to in_len throughout the file | ||
| eb7e3ec9 | 2023-12-20 14:13:07 | Rename outl into out_len throughout the file | ||
| 5d24bf0c | 2023-12-20 14:11:41 | Tweak a comment a bit | ||
| cdb4020f | 2023-12-20 14:10:03 | Remove block_mask from EVP_CIPHER_CTX The block mask is only used in EVP_{De,En}cryptUpdate(). There's no need to hang it off the EVP_CIPHER_CTX since it is easy to compute and validate. ok joshua jsing | ||
| 1d4d2a17 | 2023-12-20 14:05:58 | Add some sanity checks for EVP_CIPHER_meth_new() Ensure that the nid and key length are non-negative and that the block size is one of the three sizes 1, 8, or 16 supported by the EVP subsystem. ok joshua jsing | ||
| bf2cda35 | 2023-12-20 14:00:17 | btrace: add support for hex and octal values. Changes number tokenizing and parsing to support hex & octal values. Does not address other lexer issues (e.g. $0x1) to close gaps with bpftrace. OK claudio@ | ||
| 3e06329b | 2023-12-20 13:52:17 | Merge p_open and p_seal into p_legacy discussed with jsing | ||
| 5b3fc661 | 2023-12-20 13:46:05 | Fold p_dec.c and p_enc.c into a new p_legacy.c discussed with jsing | ||
| daef0c50 | 2023-12-20 13:37:25 | Don't create an sd(4) larger than what the namespace will allow. A namespace must satisfy size (nsze) >= capacity (ncap) >= utilization (nuse) Use ncap for the sd(4) size when THINP is set and ncap < nsze. Tweak some variable names in passing to make code clearer. ok dlg@ | ||
| 5f3989c5 | 2023-12-20 13:34:47 | Less confusing variable names in EVP_PKEY_{de,en}crypt_old() ok jsing | ||
| d69c19be | 2023-12-20 13:30:51 | MODPY_PYBUILD: use "bootstrap" instead of "Yes" | ||
| 72bc33e8 | 2023-12-20 11:33:52 | Improve local variable names Rename the slightly awkward buf_offset into partial_len and rename buf_avail into partial_needed to match. suggested by jsing | ||
| 1420f9e4 | 2023-12-20 11:31:17 | Rename buf_len into partial_len in EVP_CIPHER_CTX suggested by jsing | ||
| 357ffaed | 2023-12-20 11:01:34 | Clean up EVP_DecryptFinal_ex() Rework the code to use the usual variable names, return early if we have block size 1 and unindent the remainder of the code for block sizes 8 and 16. Rework the padding check to be less acrobatic and copy the remainder of the plain text into out using memcpy() rather than a for loop. input/ok jsing |