Branch :
| Author | Commit | Date | CI | Message |
|---|---|---|---|---|
| ac44f262 | 2024-12-03 11:18:34 | M-1 to M-7 for 7 preset layouts; from bunkmate ok nicm | ||
| f934cab5 | 2024-12-03 11:15:44 | refer to glob(7) rather than fnmatch(3); from evan silberman ok sthen semarie millert nicm | ||
| 5ffbcedb | 2024-12-03 10:38:06 | Add /rib/in and /rib/out as endpoints to query the Adj-RIB-In and Adj-RIB-Out respectively. Also fix the rib query parameter to properly work. bgpctl calls this table. OK sthen@ | ||
| 71e7e711 | 2024-12-03 08:31:49 | support FIDO tokens that return no attestation data, e.g. recent WinHello. From Michael Braun via GHPR542 | ||
| b16b5f31 | 2024-12-03 07:54:20 | Add missing wakeup & cleanup in error path. ok tb@ | ||
| 897b1709 | 2024-12-03 07:51:21 | Use uvm_pagewait() rather than re-rolling it. ok miod@, tb@ | ||
| 394d9b5a | 2024-12-03 07:09:14 | glob patterns described in glob(7) not fnmatch(3); from evan silberman ok sthen semarie millert | ||
| d11b04b2 | 2024-12-02 22:32:57 | Have pkg_add run ldconfig after each updateset if the list of shared libraries was changed. Before @tag we used to execute programs directly as part of many updates (rebuilding desktop databases, icon cache, etc) but those are now usually deferred until the end of the run, leaving some executables not able to be run until pkg_add finishes. From espie. | ||
| ba04a0e7 | 2024-12-02 16:31:51 | Check in bgpctl show rib commands if the table / rib passed is Adj-RIB-Out and in that case set F_CTL_ADJ_OUT on the request. With this 'bgpctl show rib out' and 'bgpctl show rib table Adj-RIB-Out' return the same results. OK tb@ | ||
| aaaf7e1f | 2024-12-02 15:13:57 | Remove the ASPA imsg size workaround now that imsg are large enough to handle MAX_ASPA_SPAS_COUNT (10k) entries. OK tb@ | ||
| 5bf6f543 | 2024-12-02 15:03:46 | Bump imsg size like bgpd just did. OK tb@ | ||
| 04e12482 | 2024-12-02 15:03:17 | Bump imsg size up to MAX_BGPD_IMSGSIZE (128k) to support extended messages and more. OK tb@ | ||
| bf5a499b | 2024-12-02 14:55:02 | If AS0 TALs are provided, by default omit VRPs derived from such AS0 TALs AS0 TALs represent unmitigated operational risks: what if the RIR by accident marks some IP space as 'unassigned'? APNIC notes in their limitation of liability statement: """ Depending on router configuration, errors in the AS0 ROA could cause unintended interruption to routing with other networks. For this reason, it is strongly recommended that the AS0 ROA is used for advisory and/ or alerting purposes only, and not for automatic filtering of BGP routes. """ https://www.apnic.net/community/security/resource-certification/apnic-limitations-of-liability-for-rpki-2/ Guard usage of AS0 TALs behind new '-0' option OK deraadt@ tb@ | ||
| eac0e5c0 | 2024-12-02 14:06:42 | unbreak | ||
| 3417aeae | 2024-12-02 13:46:11 | Remove global queue_buf which is no longer used. OK compiler | ||
| 08d45e79 | 2024-12-02 13:37:18 | prefer AES-GCM to AES-CTR; ok deraadt markus | ||
| 7f98e85f | 2024-12-01 10:38:47 | Fix typo in comment | ||
| 347b7373 | 2024-12-01 09:58:15 | -o[arg] must not have spaces between option and argument; OK jmc getopt(3) says so and, e.g. 'mrouted -d 1' must be 'mrouted -d1' to work. dhcpd(8) and sed(1) got this right, our multicast programs did not. | ||
| 8e650cf5 | 2024-12-01 09:05:05 | upd(4): add PercentLoad sensor Reports the % of the available UPS power drawed by output outlets. tested by sthen@, matthieu@ and Walter Alejandro Iglesias ok sthen@ as part of a larger diff | ||
| ac4b1d57 | 2024-12-01 08:11:14 | Properly document TCP_SACK_ENABLE socket option. This used to be documented in options(4), but was deleted there in 2017. Reinstate the same text here. ok jmc@ | ||
| a976df8d | 2024-11-30 21:21:40 | Meant to split the sentence in two | ||
| 8e3d34b8 | 2024-11-30 21:20:44 | Be a bit more precise on the error conditions of CMS_get1_{certs,crls}() | ||
| 5c792f2e | 2024-11-30 21:15:19 | Explain how to free the stack returned by CMS_get1_{certs,crls}() with job | ||
| 9da94e6d | 2024-11-30 21:09:59 | Inline trivial EC point methods Like most of the "group" methods these are shared between Montgomery curves and simple curves. There's no point in five methods hanging off the EC_METHODS struct whne they can just as well be inlined in the public API. It makes all files involved shorter... ok jsing | ||
| 06a3f189 | 2024-11-30 20:15:03 | uvideo.4: add Jabra PanaCast 20 as known to work OK mglocker@ | ||
| d223718e | 2024-11-30 17:47:23 | sys/uvideo: add quirk for Jabra PanaCast 20 Jabra PanaCast 20 needs uvideo_vs_negotiation between usbd_set_interface and usbd_open_pipe, otherwise it doesn't work with error: ioctl VIDIOC_DQBUF: Invalid argument OK mglocker@ | ||
| 9497c257 | 2024-11-30 17:43:46 | Regen | ||
| 94ba045d | 2024-11-30 17:41:57 | sys/dev/usb/usbdevs: add Jabra PanaCast 20, to be used in quirks OK mglocker@ | ||
| 970efd76 | 2024-11-30 16:34:34 | Get BNs Z coordinates from the BN_CTX While there likely won't be enough BNs already available in the ctx, and thus it won't greatly reduce the amount of allocated BNs, it simplifies the exit path quite a bit. review feedback from jsing | ||
| adc6938b | 2024-11-30 16:18:01 | Improve ec_points_make_affine() It is unclear how the original code was supposed to work. It clearly missed a few corner cases (like handling points at infinity correctly) and the badly mangled comment that was supposed to display a binary search tree didn't help at all. Instead do something much more straightforward: multiply all the non-zero Z coordinates of the points not at infinity together, keeping track of the intermediate products. Then do a single expensive modular inversion before working backwards to compute all the inverses. Then the transformation from Jacobian coordinates to affine coordiantes (x, y, z) -> (x/z^2, y/z^3, 1) becomes cheap. A little bit of care has to be taken for Montgomery curves but that's very simple compared to the mess that was there before. ok jsing This is a cleaned up version of: commit 0fe73d6c3641cb175871463bdddbbea3ee0b62ae Author: Bodo Moeller <bodo@openssl.org> Date: Fri Aug 1 17:18:14 2014 +0200 Simplify and fix ec_GFp_simple_points_make_affine (which didn't always handle value 0 correctly). Reviewed-by: emilia@openssl.org | ||
| ee8ccd1f | 2024-11-30 10:05:41 | openssl speed: stop trying to use small curves secp160r1 and nistp192 are no longer available in libcrypto. Should have been committed along with disabling these curves, but was missed. ok jsing | ||
| 3e463d5f | 2024-11-30 10:01:31 | Don't leak the abuf on error in PKCS7_dataFinal() ok beck miod | ||
| 93da23da | 2024-11-30 06:59:12 | use a more readable explanation of directory creation; from evan silberman, tweaked by millert ok sthen (pre-tweak) | ||
| 6f45564e | 2024-11-29 23:46:40 | undo unneccessary \*([GL]t sequences; balance that by adding Sq; from evan silberman | ||
| 009b798e | 2024-11-29 18:54:39 | Add support for read/write of xmm/ymm registers to lldb. ok kettenis@, robert@ | ||
| 15073478 | 2024-11-29 15:59:57 | Remove X9.42 DH rudiments In the unlikely event that we should ever decide to implement this after a quarter century of not needing it, we can readily put this back. Until then this is dead weight. prompted by a question by djm ok jsing | ||
| 47aad511 | 2024-11-29 12:05:06 | Provide an example of signing with HMAC-SHA256 or Ed25519 because that makes it easier to see the big picture of how EVP_PKEY_new_raw_private_key(3) is supposed to be used. Feedback and OK tb@. | ||
| a4f89571 | 2024-11-29 10:19:37 | Mark six EVP_PKEY control constants as intentionally undocumented that are only intended for internal use, do very little (only validity checking), are unused in the wild, and marked obsolete in OpenSSL 3. | ||
| 11e77a13 | 2024-11-29 10:09:10 | Mark nine unused EVP constants as intentionally undocumented. Fix related indentation while here. | ||
| d2a56ad6 | 2024-11-29 07:42:35 | Remove weird pad member that was never set to zero after malloc() so the weird thing it was supposed to be doing couldn't possibly work. ok jsing | ||
| 5797ad06 | 2024-11-29 06:44:57 | Also call pmap_extract() before entering a page ahead for lower layer faults. As for the upper layer, call pmap_update() only if, at least, a page has been entered. ok tb@, kettenis@ | ||
| a52f395c | 2024-11-29 06:40:57 | When paging ahead, delay calling pmap_extract() after checking for a valid page. While here call pmap_update() only if, at least, a page has been entered. ok tb@, kettenis@ | ||
| a4ff2ce6 | 2024-11-29 04:35:13 | Garbage collect the unused imsg_hdr in imsg_close() ok claudio | ||
| f651b06a | 2024-11-29 00:13:36 | Import regenerated moduli. | ||
| d9a6171a | 2024-11-28 18:54:36 | Move cpu_features to hwcap and cpu_features2 to hwcap2 ok jca@ | ||
| db835d32 | 2024-11-28 13:13:03 | Replace magic numbers to macro defined values. Also make it possible to change the amount of 3-port RAM usage by the kernel option. | ||
| 266241f9 | 2024-11-28 11:51:45 | Fix radiusd_ipcp module to check whether the type of the ipcp_address is for pool when selecting a random address from the pools, and tweak the code for easier understanding. Also, check whether the left value of an address range configuration is smaller than the right value. | ||
| 1669612d | 2024-11-28 10:42:16 | Fix warnings from gcc. found by deraadt | ||
| a65ab485 | 2024-11-28 08:49:14 | Add extended keys flag for foot terminal. | ||
| 41517b19 | 2024-11-28 02:01:57 | avoid lock contention in __thrsleep and __thrwakeup syscalls turns out the __thrsleep and __thrwakeup syscalls largely coordinate using a single lock per process. if you have heavily threaded code building locks in userland out of thrsleep, this kernel lock gets hammered. this is true even if userland thinks it's operating on separate locks, it all ends up serialised in the kernel. this reduces the throughput of these heavily threaded programs. the big change is hashing thrsleep waiters into an different locks/lists based on their "id" to try and avoid all locks in a process contending on a single lock. the hash is shared by all processes though. the change also avoids having a waiter re-take the lock to avoid contention on the thrwakeup code which is currently holding the lock. __thrsleep and __thrwakeup seem to be largely unused these days, except by go. go still uses it as a backend to it's locks, and also creates a lot of threads which end up contending on the lock. these changes provide an improvement for go programs. the contention was pointed out by nick owens jsing@ and nick owens did a bit of testing | ||
| 8fbe85f5 | 2024-11-27 22:32:14 | vmd/vioblk: add missed break There's no value in that log message in that specific condition. OK dv@ kn@ | ||
| 14cbb2b5 | 2024-11-27 20:30:15 | In powerpc64 pmap, when replacing a pte, put it in the correct pteg In pte_insert(), if both the primary page table entry group and the secondary pteg are full, then we delete an old pte and replace it with the new pte. We might have set "idx" wrong and inserted the new pte into the wrong pteg (with the wrong PTE_HID bit). This problem almost never happened; it is rare for both ptegs to be full. When the loop "for (try = 0; try < 16; try++)" looks for a slot for the new pte, set "idx" to the new pte's primary pteg. Put it in the primary pteg "idx" or secondary pteg "idx ^ pmap_ptab_mask". When we delete the old pte, set "idx" to the old pte's primary pteg. Eric Gosse reported a bug where the kernel crashed on an unexpected fault. I suspect that a pte fell into the wrong "idx" and got lost. ok kettenis@ | ||
| 0cd9f930 | 2024-11-27 20:11:32 | Change getfp() to return an unBIASed stack pointer; this unbreaks stackdump() which got broken in machdep.c 1.202. It is much simpler to change getfp() than stackdump() which is its only caller. | ||
| 049e6dd2 | 2024-11-27 16:07:08 | fix argument of "Compression" directive in ssh -G config dump, which used to work but broke in 9.8 | ||
| 21cb8457 | 2024-11-27 15:23:58 | defer creation of ice(4) ifp until device attachment has succeeded Otherwise we would crash when something goes wrong in ice_attach_hook(). problem found by bluhm@ | ||
| a0b97782 | 2024-11-27 15:19:26 | zap trailing whitespace from previous | ||
| f6e19f51 | 2024-11-27 13:27:34 | new name/link for agent I-D | ||
| 5e0634cb | 2024-11-27 13:26:42 | Revert "vio: Unlock" This causes some crashes. Revert for now ok sf@ | ||
| 0d94c36d | 2024-11-27 13:00:23 | mention that biometrics may be used for FIDO key user verification as well as PIN. Prompted by Zack Newman, ok jmc@ | ||
| 4fda2ec5 | 2024-11-27 12:29:14 | remove unneeded fpu.h include to unbreak the build on archs without it already indirectly included by reg.h on amd64 ok sthen@ | ||
| e4c405f0 | 2024-11-27 11:37:23 | sys/uvideo: add missed abort of transfer pipe in uvideo_vs_close A bulk transfer cannot timeout and must be aborted on close. OK mpi@ | ||
| 8a233859 | 2024-11-27 10:58:07 | Neighbor (fault ahead) pages are never mapped with the wired attribute. Wired faults are always "narrow". That means the fault handler do not try to fault neighbor pages ahead. So do not propagate the `flt->wired' attribute to the corresponding pmap_enter(9) calls and instead assert that it is false whenever neighbor pages are entered in a memory space. ok tb@ | ||
| a8f4448a | 2024-11-27 10:41:38 | Change pgo_get() interface in preparation for running PGO_LOCKED in parallel. - Do not allocate zero-fill'd pages in uao_get(), leave that for PGO_SYNCIO. - Reduce cosmetic differences between uvn_get() and uao_get() ok tb@ | ||
| be8d5ab0 | 2024-11-27 10:33:31 | remove #if 0'd entries for /dev/pcmcia functions removed in 1998 | ||
| 891a8d29 | 2024-11-27 10:12:20 | Do not check for latest client in callback since the type may be latest but with no window, fixes new-session -x and -y with another attached client. GitHub issue 4268. | ||
| 33eead7d | 2024-11-27 10:10:20 | Do not stop drag on double or triple click, GitHub issue 4272. | ||
| 96aab481 | 2024-11-27 10:09:51 | Use uvm_fault_wire() for consistency and to keep VM_FAULT_WIRE usage in uvm/. ok dv@, mlarkin@ | ||
| e9be07d5 | 2024-11-27 05:27:21 | hook up ptrace xstate regress | ||
| 664d632d | 2024-11-27 05:26:58 | Add ptrace xstate regress suite. | ||
| deef986e | 2024-11-27 05:25:56 | Add ptrace commands used to read/write the XSAVE area of a traced process. Intended to give debuggers access to xmm/ymm registers. Inspired by FreeBSD which exposes a similar set of ptrace commands. ok kettenis@ | ||
| 484eec8f | 2024-11-27 04:05:47 | sync | ||
| 51248bbd | 2024-11-27 02:40:53 | Enable rx/tx checksum offloading on ivaf(4). from Yuichiro NAITO and jan; test jan ok jan jmatthew | ||
| b5f9b883 | 2024-11-27 02:38:35 | continue enumerating devices if a device is not matched fixes xbf(4) and xnf(4) not attaching on XCP-ng 8.3/Xen 4.17 which has "device/9pfs/" from Joel Knight | ||
| 3aca4c8c | 2024-11-27 02:14:48 | zero attach args; return on missing properties will be removed | ||
| 66cfbb9d | 2024-11-27 01:02:03 | rework rwlocks to reduce pressure on the scheduler and SCHED_LOCK it's become obvious that heavily contended rwlocks put a lot of pressure on the scheduler, and we have enough contended locks that there's a benefit to changing rwlocks to try and mitigate against that pressure. when a thread is waiting on an rwlock, it sets a bit in the rwlock to indicate that when the current owner of the rwlock leaves the critical section, it should wake up the waiting thread to try and take the lock. if there's no waiting thread, the owner can skip the wakeup. the problem is that rwlocks can't tell the difference between one waiting thread and more than one waiting thread. so when the "there's a thread waiting" bit is cleared, all the waiting threads are woken up. one of these woken threads will take ownership of the lock, but also importantly, the other threads will end up setting the "im waiting" bit again, which is necessary for them to be woken up by the 2nd thread that won the race to become the owner of the lock. this is compounded by pending writers and readers waiting on the same wait channel. an rwlock may have one pending writer trying to take the lock, but many readers waiting for it too. it would make sense to wake up only the writer so it can take the lock next, but we end up waking the readers at the same time. the result of this is that contended rwlocks wake up a lot of threads, which puts a lot of pressure on the scheduler. this is noticeable as a lot of contention on the scheduler lock, which is a spinning lock that increases time used by the system. this is a pretty classic thundering herd problem. this change mitigates against these wakeups by adding counters to rwlocks for the number threads waiting to take write and read locks instead of relying on bits. when a thread needs to wait for a rwlock it increments the relevant counter before sleeping. after it is woken up and takes the lock it decrements that counter. this means rwlocks know how many threads are waiting at all times without having to wake everything up to rebuild state every time a thread releases the lock. pending writers and readers also wait on separate wchans. this allows us to prioritise writers and to wake them up one at a time. once there's no pending writers all pending readers can be woken up in one go so they can share the lock as soon as possible. if you are suffering a contended rwlock, this should reduce the amount of time spent spinning on the sched lock, which in turn may also reduce the wall clock time doing that work. the only downside to this change in my opinion is that it grows struct rwlock by 8 bytes. if we can reduce rwlock contention in the future, i reckon i could shrink the rwlock struct again while still avoiding some of the scheduler interactions. work with claudio@ ok claudio@ mpi@ stsp@ testing by many including claudio@ landry@ stsp@ sthen@ phessler@ tb@ and mark patruck | ||
| bae7b9e3 | 2024-11-26 22:05:51 | g/c outdated XXX comments | ||
| e0982860 | 2024-11-26 22:02:28 | regression test for UpdateHostkeys with multiple keys backed by ssh-agent. Patch from Maxime Rey. | ||
| 0b696230 | 2024-11-26 22:01:37 | Explicitly specify the signature algorithm when signing hostkeys-prove requests. Fixes a corner-case triggered by UpdateHostKeys with one or more unknown host keys stored in ssh-agent where sshd refuses to accept the signature coming back from the agent. Report/fix from Maxime Rey | ||
| 00e420e5 | 2024-11-26 21:59:29 | add a manual page for ice(4) | ||
| 7601f687 | 2024-11-26 21:45:35 | enable ice(4) in GENERIC and RAMDISK_CD kernels on amd64 ok deraadt | ||
| 72de6406 | 2024-11-26 21:23:35 | when using RSA keys to sign messages, select the signature algorithm based on the requested hash algorithm ("-Ohashalg=xxx"). This allows using something other than rsa-sha2-512, which may not be supported on all signing backends, e.g. some smartcards only support SHA256. Patch from Morten Linderud; ok markus@ | ||
| 54585ff1 | 2024-11-26 21:21:44 | repair build without ICE_DEBUG set and stop setting it by default | ||
| d8ac2821 | 2024-11-26 17:38:43 | ice(4) contains dlg@ code from ixl(4), add copyright header from there | ||
| 444719c5 | 2024-11-26 17:37:30 | implement ice_txeof(), based on ixl(4) code | ||
| 88d9063a | 2024-11-26 17:36:06 | Enable TSO in ice(4) Tx queue context. Else the device won't send packets. | ||
| ad5417e7 | 2024-11-26 17:34:00 | implement ice_start(), based on code from ixl(4) | ||
| 80e2dad2 | 2024-11-26 17:32:05 | add an rwlock to protect the ice(4) ioctl handler; based on ixl(4) | ||
| 4d3ac07a | 2024-11-26 15:52:41 | Add copy-mode-position-style and copy-mode-selection-style for copy mode (they default to mode-style as before). | ||
| f82227c0 | 2024-11-26 15:51:48 | Enter is now sent from single prompt as \r not empty string. | ||
| 5ad10c24 | 2024-11-26 14:01:03 | sync, libutil major bump | ||
| 9509a1e6 | 2024-11-26 13:59:54 | Adjust the msgbuf parser callbacks in bgpd to the new API. OK tb@ | ||
| 929d2bb2 | 2024-11-26 13:59:09 | Adapt the rpki-client message reader to the new msgbuf_new_reader callback. This is mostly stolen from the imsg handler and should probably be cleaned up further. OK tb@ | ||
| ff59764d | 2024-11-26 13:57:31 | Adjust the reader callback API to return an ibuf and to also claim the fd which is passed as argument. This is needed because on Linux the control messages used to pass fds are not acting as a barrier and ensuring that the fd is passed with the first byte of the read call. Instead we need to mark the message that holds to fd and the scan for that message in the stream. While there also adjust imsgbuf_set_maxsize() to return an int to indicate an error if the requested size is out of range. Problem reported and fix tested by nicm@ on a linux system. OK tb@ | ||
| 475ff837 | 2024-11-26 13:35:48 | Workaround for compatibility issue with some libcrypto implementations Historically, CMS_get1_crls() returned NULL if the CMS is an unsupported content type or contained zero CRLs. Nowadays, if the CMS contains zero CRLs, some implementations will return a pointer to a STACK of CRLs with zero objects. OK tb@ | ||
| c6b373c6 | 2024-11-26 10:42:58 | let bpf pick the first attached dlt when attaching to an interface. this is instead of picking the lowest numbered dlt, which was done to make bpf more predictable with interfaces that attached multiple DLTs. i think the real problem was that bpf would keep the list in the reverse order of attachment and would prefer the last dlt. interfaces that attach multiple DLTs attach ethernet first, which is what you want the majority of the time anyway. but letting bpf pick the first one means drivers can control which dlt they want to default to, regardless of the numeric id behind a dlt. ok claudio@ | ||
| bb6b0345 | 2024-11-26 10:28:27 | Generate a single event when timers advance for more than one tick. Also report the number of events missed due to recursions or skipped ticks to btrace(8). From Christian Ludwig. | ||
| 34e43087 | 2024-11-26 10:10:28 | Make uvmfault_anonget() return errno values instead of converting them. ok miod@, tb@ | ||
| 4c69b3de | 2024-11-26 10:10:03 | Make a comment match reality better $i386only never existed, it should be $x86only. Replace des asm file example with an aes one since we're firmly in the third millenium. ok sthen | ||
| d84bf95d | 2024-11-26 09:51:30 | Remove unused min values and document reserves for pagedaemon & kernel. ok tb@, kn@ | ||
| 7fb791d7 | 2024-11-26 06:12:44 | Pass -g to CFLAGS for regression testing It is annoying to have a regress test crash and then be faced with question marks in the backtrace, and then have to recompile and pass -g via DEBUG or similar. This may bite people with small obj/. Let's see if anyone shouts. ok anton claudio |