IABSD.fr/src

Branch :


Log

Author Commit Date CI Message
ac44f262 2024-12-03 11:18:34 M-1 to M-7 for 7 preset layouts; from bunkmate ok nicm
f934cab5 2024-12-03 11:15:44 refer to glob(7) rather than fnmatch(3); from evan silberman ok sthen semarie millert nicm
5ffbcedb 2024-12-03 10:38:06 Add /rib/in and /rib/out as endpoints to query the Adj-RIB-In and Adj-RIB-Out respectively. Also fix the rib query parameter to properly work. bgpctl calls this table. OK sthen@
71e7e711 2024-12-03 08:31:49 support FIDO tokens that return no attestation data, e.g. recent WinHello. From Michael Braun via GHPR542
b16b5f31 2024-12-03 07:54:20 Add missing wakeup & cleanup in error path. ok tb@
897b1709 2024-12-03 07:51:21 Use uvm_pagewait() rather than re-rolling it. ok miod@, tb@
394d9b5a 2024-12-03 07:09:14 glob patterns described in glob(7) not fnmatch(3); from evan silberman ok sthen semarie millert
d11b04b2 2024-12-02 22:32:57 Have pkg_add run ldconfig after each updateset if the list of shared libraries was changed. Before @tag we used to execute programs directly as part of many updates (rebuilding desktop databases, icon cache, etc) but those are now usually deferred until the end of the run, leaving some executables not able to be run until pkg_add finishes. From espie.
ba04a0e7 2024-12-02 16:31:51 Check in bgpctl show rib commands if the table / rib passed is Adj-RIB-Out and in that case set F_CTL_ADJ_OUT on the request. With this 'bgpctl show rib out' and 'bgpctl show rib table Adj-RIB-Out' return the same results. OK tb@
aaaf7e1f 2024-12-02 15:13:57 Remove the ASPA imsg size workaround now that imsg are large enough to handle MAX_ASPA_SPAS_COUNT (10k) entries. OK tb@
5bf6f543 2024-12-02 15:03:46 Bump imsg size like bgpd just did. OK tb@
04e12482 2024-12-02 15:03:17 Bump imsg size up to MAX_BGPD_IMSGSIZE (128k) to support extended messages and more. OK tb@
bf5a499b 2024-12-02 14:55:02 If AS0 TALs are provided, by default omit VRPs derived from such AS0 TALs AS0 TALs represent unmitigated operational risks: what if the RIR by accident marks some IP space as 'unassigned'? APNIC notes in their limitation of liability statement: """ Depending on router configuration, errors in the AS0 ROA could cause unintended interruption to routing with other networks. For this reason, it is strongly recommended that the AS0 ROA is used for advisory and/ or alerting purposes only, and not for automatic filtering of BGP routes. """ https://www.apnic.net/community/security/resource-certification/apnic-limitations-of-liability-for-rpki-2/ Guard usage of AS0 TALs behind new '-0' option OK deraadt@ tb@
eac0e5c0 2024-12-02 14:06:42 unbreak
3417aeae 2024-12-02 13:46:11 Remove global queue_buf which is no longer used. OK compiler
08d45e79 2024-12-02 13:37:18 prefer AES-GCM to AES-CTR; ok deraadt markus
7f98e85f 2024-12-01 10:38:47 Fix typo in comment
347b7373 2024-12-01 09:58:15 -o[arg] must not have spaces between option and argument; OK jmc getopt(3) says so and, e.g. 'mrouted -d 1' must be 'mrouted -d1' to work. dhcpd(8) and sed(1) got this right, our multicast programs did not.
8e650cf5 2024-12-01 09:05:05 upd(4): add PercentLoad sensor Reports the % of the available UPS power drawed by output outlets. tested by sthen@, matthieu@ and Walter Alejandro Iglesias ok sthen@ as part of a larger diff
ac4b1d57 2024-12-01 08:11:14 Properly document TCP_SACK_ENABLE socket option. This used to be documented in options(4), but was deleted there in 2017. Reinstate the same text here. ok jmc@
a976df8d 2024-11-30 21:21:40 Meant to split the sentence in two
8e3d34b8 2024-11-30 21:20:44 Be a bit more precise on the error conditions of CMS_get1_{certs,crls}()
5c792f2e 2024-11-30 21:15:19 Explain how to free the stack returned by CMS_get1_{certs,crls}() with job
9da94e6d 2024-11-30 21:09:59 Inline trivial EC point methods Like most of the "group" methods these are shared between Montgomery curves and simple curves. There's no point in five methods hanging off the EC_METHODS struct whne they can just as well be inlined in the public API. It makes all files involved shorter... ok jsing
06a3f189 2024-11-30 20:15:03 uvideo.4: add Jabra PanaCast 20 as known to work OK mglocker@
d223718e 2024-11-30 17:47:23 sys/uvideo: add quirk for Jabra PanaCast 20 Jabra PanaCast 20 needs uvideo_vs_negotiation between usbd_set_interface and usbd_open_pipe, otherwise it doesn't work with error: ioctl VIDIOC_DQBUF: Invalid argument OK mglocker@
9497c257 2024-11-30 17:43:46 Regen
94ba045d 2024-11-30 17:41:57 sys/dev/usb/usbdevs: add Jabra PanaCast 20, to be used in quirks OK mglocker@
970efd76 2024-11-30 16:34:34 Get BNs Z coordinates from the BN_CTX While there likely won't be enough BNs already available in the ctx, and thus it won't greatly reduce the amount of allocated BNs, it simplifies the exit path quite a bit. review feedback from jsing
adc6938b 2024-11-30 16:18:01 Improve ec_points_make_affine() It is unclear how the original code was supposed to work. It clearly missed a few corner cases (like handling points at infinity correctly) and the badly mangled comment that was supposed to display a binary search tree didn't help at all. Instead do something much more straightforward: multiply all the non-zero Z coordinates of the points not at infinity together, keeping track of the intermediate products. Then do a single expensive modular inversion before working backwards to compute all the inverses. Then the transformation from Jacobian coordinates to affine coordiantes (x, y, z) -> (x/z^2, y/z^3, 1) becomes cheap. A little bit of care has to be taken for Montgomery curves but that's very simple compared to the mess that was there before. ok jsing This is a cleaned up version of: commit 0fe73d6c3641cb175871463bdddbbea3ee0b62ae Author: Bodo Moeller <bodo@openssl.org> Date: Fri Aug 1 17:18:14 2014 +0200 Simplify and fix ec_GFp_simple_points_make_affine (which didn't always handle value 0 correctly). Reviewed-by: emilia@openssl.org
ee8ccd1f 2024-11-30 10:05:41 openssl speed: stop trying to use small curves secp160r1 and nistp192 are no longer available in libcrypto. Should have been committed along with disabling these curves, but was missed. ok jsing
3e463d5f 2024-11-30 10:01:31 Don't leak the abuf on error in PKCS7_dataFinal() ok beck miod
93da23da 2024-11-30 06:59:12 use a more readable explanation of directory creation; from evan silberman, tweaked by millert ok sthen (pre-tweak)
6f45564e 2024-11-29 23:46:40 undo unneccessary \*([GL]t sequences; balance that by adding Sq; from evan silberman
009b798e 2024-11-29 18:54:39 Add support for read/write of xmm/ymm registers to lldb. ok kettenis@, robert@
15073478 2024-11-29 15:59:57 Remove X9.42 DH rudiments In the unlikely event that we should ever decide to implement this after a quarter century of not needing it, we can readily put this back. Until then this is dead weight. prompted by a question by djm ok jsing
47aad511 2024-11-29 12:05:06 Provide an example of signing with HMAC-SHA256 or Ed25519 because that makes it easier to see the big picture of how EVP_PKEY_new_raw_private_key(3) is supposed to be used. Feedback and OK tb@.
a4f89571 2024-11-29 10:19:37 Mark six EVP_PKEY control constants as intentionally undocumented that are only intended for internal use, do very little (only validity checking), are unused in the wild, and marked obsolete in OpenSSL 3.
11e77a13 2024-11-29 10:09:10 Mark nine unused EVP constants as intentionally undocumented. Fix related indentation while here.
d2a56ad6 2024-11-29 07:42:35 Remove weird pad member that was never set to zero after malloc() so the weird thing it was supposed to be doing couldn't possibly work. ok jsing
5797ad06 2024-11-29 06:44:57 Also call pmap_extract() before entering a page ahead for lower layer faults. As for the upper layer, call pmap_update() only if, at least, a page has been entered. ok tb@, kettenis@
a52f395c 2024-11-29 06:40:57 When paging ahead, delay calling pmap_extract() after checking for a valid page. While here call pmap_update() only if, at least, a page has been entered. ok tb@, kettenis@
a4ff2ce6 2024-11-29 04:35:13 Garbage collect the unused imsg_hdr in imsg_close() ok claudio
f651b06a 2024-11-29 00:13:36 Import regenerated moduli.
d9a6171a 2024-11-28 18:54:36 Move cpu_features to hwcap and cpu_features2 to hwcap2 ok jca@
db835d32 2024-11-28 13:13:03 Replace magic numbers to macro defined values. Also make it possible to change the amount of 3-port RAM usage by the kernel option.
266241f9 2024-11-28 11:51:45 Fix radiusd_ipcp module to check whether the type of the ipcp_address is for pool when selecting a random address from the pools, and tweak the code for easier understanding. Also, check whether the left value of an address range configuration is smaller than the right value.
1669612d 2024-11-28 10:42:16 Fix warnings from gcc. found by deraadt
a65ab485 2024-11-28 08:49:14 Add extended keys flag for foot terminal.
41517b19 2024-11-28 02:01:57 avoid lock contention in __thrsleep and __thrwakeup syscalls turns out the __thrsleep and __thrwakeup syscalls largely coordinate using a single lock per process. if you have heavily threaded code building locks in userland out of thrsleep, this kernel lock gets hammered. this is true even if userland thinks it's operating on separate locks, it all ends up serialised in the kernel. this reduces the throughput of these heavily threaded programs. the big change is hashing thrsleep waiters into an different locks/lists based on their "id" to try and avoid all locks in a process contending on a single lock. the hash is shared by all processes though. the change also avoids having a waiter re-take the lock to avoid contention on the thrwakeup code which is currently holding the lock. __thrsleep and __thrwakeup seem to be largely unused these days, except by go. go still uses it as a backend to it's locks, and also creates a lot of threads which end up contending on the lock. these changes provide an improvement for go programs. the contention was pointed out by nick owens jsing@ and nick owens did a bit of testing
8fbe85f5 2024-11-27 22:32:14 vmd/vioblk: add missed break There's no value in that log message in that specific condition. OK dv@ kn@
14cbb2b5 2024-11-27 20:30:15 In powerpc64 pmap, when replacing a pte, put it in the correct pteg In pte_insert(), if both the primary page table entry group and the secondary pteg are full, then we delete an old pte and replace it with the new pte. We might have set "idx" wrong and inserted the new pte into the wrong pteg (with the wrong PTE_HID bit). This problem almost never happened; it is rare for both ptegs to be full. When the loop "for (try = 0; try < 16; try++)" looks for a slot for the new pte, set "idx" to the new pte's primary pteg. Put it in the primary pteg "idx" or secondary pteg "idx ^ pmap_ptab_mask". When we delete the old pte, set "idx" to the old pte's primary pteg. Eric Gosse reported a bug where the kernel crashed on an unexpected fault. I suspect that a pte fell into the wrong "idx" and got lost. ok kettenis@
0cd9f930 2024-11-27 20:11:32 Change getfp() to return an unBIASed stack pointer; this unbreaks stackdump() which got broken in machdep.c 1.202. It is much simpler to change getfp() than stackdump() which is its only caller.
049e6dd2 2024-11-27 16:07:08 fix argument of "Compression" directive in ssh -G config dump, which used to work but broke in 9.8
21cb8457 2024-11-27 15:23:58 defer creation of ice(4) ifp until device attachment has succeeded Otherwise we would crash when something goes wrong in ice_attach_hook(). problem found by bluhm@
a0b97782 2024-11-27 15:19:26 zap trailing whitespace from previous
f6e19f51 2024-11-27 13:27:34 new name/link for agent I-D
5e0634cb 2024-11-27 13:26:42 Revert "vio: Unlock" This causes some crashes. Revert for now ok sf@
0d94c36d 2024-11-27 13:00:23 mention that biometrics may be used for FIDO key user verification as well as PIN. Prompted by Zack Newman, ok jmc@
4fda2ec5 2024-11-27 12:29:14 remove unneeded fpu.h include to unbreak the build on archs without it already indirectly included by reg.h on amd64 ok sthen@
e4c405f0 2024-11-27 11:37:23 sys/uvideo: add missed abort of transfer pipe in uvideo_vs_close A bulk transfer cannot timeout and must be aborted on close. OK mpi@
8a233859 2024-11-27 10:58:07 Neighbor (fault ahead) pages are never mapped with the wired attribute. Wired faults are always "narrow". That means the fault handler do not try to fault neighbor pages ahead. So do not propagate the `flt->wired' attribute to the corresponding pmap_enter(9) calls and instead assert that it is false whenever neighbor pages are entered in a memory space. ok tb@
a8f4448a 2024-11-27 10:41:38 Change pgo_get() interface in preparation for running PGO_LOCKED in parallel. - Do not allocate zero-fill'd pages in uao_get(), leave that for PGO_SYNCIO. - Reduce cosmetic differences between uvn_get() and uao_get() ok tb@
be8d5ab0 2024-11-27 10:33:31 remove #if 0'd entries for /dev/pcmcia functions removed in 1998
891a8d29 2024-11-27 10:12:20 Do not check for latest client in callback since the type may be latest but with no window, fixes new-session -x and -y with another attached client. GitHub issue 4268.
33eead7d 2024-11-27 10:10:20 Do not stop drag on double or triple click, GitHub issue 4272.
96aab481 2024-11-27 10:09:51 Use uvm_fault_wire() for consistency and to keep VM_FAULT_WIRE usage in uvm/. ok dv@, mlarkin@
e9be07d5 2024-11-27 05:27:21 hook up ptrace xstate regress
664d632d 2024-11-27 05:26:58 Add ptrace xstate regress suite.
deef986e 2024-11-27 05:25:56 Add ptrace commands used to read/write the XSAVE area of a traced process. Intended to give debuggers access to xmm/ymm registers. Inspired by FreeBSD which exposes a similar set of ptrace commands. ok kettenis@
484eec8f 2024-11-27 04:05:47 sync
51248bbd 2024-11-27 02:40:53 Enable rx/tx checksum offloading on ivaf(4). from Yuichiro NAITO and jan; test jan ok jan jmatthew
b5f9b883 2024-11-27 02:38:35 continue enumerating devices if a device is not matched fixes xbf(4) and xnf(4) not attaching on XCP-ng 8.3/Xen 4.17 which has "device/9pfs/" from Joel Knight
3aca4c8c 2024-11-27 02:14:48 zero attach args; return on missing properties will be removed
66cfbb9d 2024-11-27 01:02:03 rework rwlocks to reduce pressure on the scheduler and SCHED_LOCK it's become obvious that heavily contended rwlocks put a lot of pressure on the scheduler, and we have enough contended locks that there's a benefit to changing rwlocks to try and mitigate against that pressure. when a thread is waiting on an rwlock, it sets a bit in the rwlock to indicate that when the current owner of the rwlock leaves the critical section, it should wake up the waiting thread to try and take the lock. if there's no waiting thread, the owner can skip the wakeup. the problem is that rwlocks can't tell the difference between one waiting thread and more than one waiting thread. so when the "there's a thread waiting" bit is cleared, all the waiting threads are woken up. one of these woken threads will take ownership of the lock, but also importantly, the other threads will end up setting the "im waiting" bit again, which is necessary for them to be woken up by the 2nd thread that won the race to become the owner of the lock. this is compounded by pending writers and readers waiting on the same wait channel. an rwlock may have one pending writer trying to take the lock, but many readers waiting for it too. it would make sense to wake up only the writer so it can take the lock next, but we end up waking the readers at the same time. the result of this is that contended rwlocks wake up a lot of threads, which puts a lot of pressure on the scheduler. this is noticeable as a lot of contention on the scheduler lock, which is a spinning lock that increases time used by the system. this is a pretty classic thundering herd problem. this change mitigates against these wakeups by adding counters to rwlocks for the number threads waiting to take write and read locks instead of relying on bits. when a thread needs to wait for a rwlock it increments the relevant counter before sleeping. after it is woken up and takes the lock it decrements that counter. this means rwlocks know how many threads are waiting at all times without having to wake everything up to rebuild state every time a thread releases the lock. pending writers and readers also wait on separate wchans. this allows us to prioritise writers and to wake them up one at a time. once there's no pending writers all pending readers can be woken up in one go so they can share the lock as soon as possible. if you are suffering a contended rwlock, this should reduce the amount of time spent spinning on the sched lock, which in turn may also reduce the wall clock time doing that work. the only downside to this change in my opinion is that it grows struct rwlock by 8 bytes. if we can reduce rwlock contention in the future, i reckon i could shrink the rwlock struct again while still avoiding some of the scheduler interactions. work with claudio@ ok claudio@ mpi@ stsp@ testing by many including claudio@ landry@ stsp@ sthen@ phessler@ tb@ and mark patruck
bae7b9e3 2024-11-26 22:05:51 g/c outdated XXX comments
e0982860 2024-11-26 22:02:28 regression test for UpdateHostkeys with multiple keys backed by ssh-agent. Patch from Maxime Rey.
0b696230 2024-11-26 22:01:37 Explicitly specify the signature algorithm when signing hostkeys-prove requests. Fixes a corner-case triggered by UpdateHostKeys with one or more unknown host keys stored in ssh-agent where sshd refuses to accept the signature coming back from the agent. Report/fix from Maxime Rey
00e420e5 2024-11-26 21:59:29 add a manual page for ice(4)
7601f687 2024-11-26 21:45:35 enable ice(4) in GENERIC and RAMDISK_CD kernels on amd64 ok deraadt
72de6406 2024-11-26 21:23:35 when using RSA keys to sign messages, select the signature algorithm based on the requested hash algorithm ("-Ohashalg=xxx"). This allows using something other than rsa-sha2-512, which may not be supported on all signing backends, e.g. some smartcards only support SHA256. Patch from Morten Linderud; ok markus@
54585ff1 2024-11-26 21:21:44 repair build without ICE_DEBUG set and stop setting it by default
d8ac2821 2024-11-26 17:38:43 ice(4) contains dlg@ code from ixl(4), add copyright header from there
444719c5 2024-11-26 17:37:30 implement ice_txeof(), based on ixl(4) code
88d9063a 2024-11-26 17:36:06 Enable TSO in ice(4) Tx queue context. Else the device won't send packets.
ad5417e7 2024-11-26 17:34:00 implement ice_start(), based on code from ixl(4)
80e2dad2 2024-11-26 17:32:05 add an rwlock to protect the ice(4) ioctl handler; based on ixl(4)
4d3ac07a 2024-11-26 15:52:41 Add copy-mode-position-style and copy-mode-selection-style for copy mode (they default to mode-style as before).
f82227c0 2024-11-26 15:51:48 Enter is now sent from single prompt as \r not empty string.
5ad10c24 2024-11-26 14:01:03 sync, libutil major bump
9509a1e6 2024-11-26 13:59:54 Adjust the msgbuf parser callbacks in bgpd to the new API. OK tb@
929d2bb2 2024-11-26 13:59:09 Adapt the rpki-client message reader to the new msgbuf_new_reader callback. This is mostly stolen from the imsg handler and should probably be cleaned up further. OK tb@
ff59764d 2024-11-26 13:57:31 Adjust the reader callback API to return an ibuf and to also claim the fd which is passed as argument. This is needed because on Linux the control messages used to pass fds are not acting as a barrier and ensuring that the fd is passed with the first byte of the read call. Instead we need to mark the message that holds to fd and the scan for that message in the stream. While there also adjust imsgbuf_set_maxsize() to return an int to indicate an error if the requested size is out of range. Problem reported and fix tested by nicm@ on a linux system. OK tb@
475ff837 2024-11-26 13:35:48 Workaround for compatibility issue with some libcrypto implementations Historically, CMS_get1_crls() returned NULL if the CMS is an unsupported content type or contained zero CRLs. Nowadays, if the CMS contains zero CRLs, some implementations will return a pointer to a STACK of CRLs with zero objects. OK tb@
c6b373c6 2024-11-26 10:42:58 let bpf pick the first attached dlt when attaching to an interface. this is instead of picking the lowest numbered dlt, which was done to make bpf more predictable with interfaces that attached multiple DLTs. i think the real problem was that bpf would keep the list in the reverse order of attachment and would prefer the last dlt. interfaces that attach multiple DLTs attach ethernet first, which is what you want the majority of the time anyway. but letting bpf pick the first one means drivers can control which dlt they want to default to, regardless of the numeric id behind a dlt. ok claudio@
bb6b0345 2024-11-26 10:28:27 Generate a single event when timers advance for more than one tick. Also report the number of events missed due to recursions or skipped ticks to btrace(8). From Christian Ludwig.
34e43087 2024-11-26 10:10:28 Make uvmfault_anonget() return errno values instead of converting them. ok miod@, tb@
4c69b3de 2024-11-26 10:10:03 Make a comment match reality better $i386only never existed, it should be $x86only. Replace des asm file example with an aes one since we're firmly in the third millenium. ok sthen
d84bf95d 2024-11-26 09:51:30 Remove unused min values and document reserves for pagedaemon & kernel. ok tb@, kn@
7fb791d7 2024-11-26 06:12:44 Pass -g to CFLAGS for regression testing It is annoying to have a regress test crash and then be faced with question marks in the backtrace, and then have to recompile and pass -g via DEBUG or similar. This may bite people with small obj/. Let's see if anyone shouts. ok anton claudio