IABSD.fr/src
Branch :
Log
| Author | Commit | Date | CI | Message |
|---|---|---|---|---|
 |
be3edcf0 | 2022-01-18 21:59:29 | Avoid pulling sys/param.h, by using _ALIGN instead. sys/time.h now gets NBBY and howmany() also ok guenther | |
|
24e38e2f | 2022-01-18 21:00:59 | sync | |
 |
6aca8866 | 2022-01-18 19:37:27 | PRT_make() can just zap the destination dos_partition if the source prt has prt_ns == 0 or prt_id == DOSPTYP_UNUSED. No functional change. | |
 |
1fc0ff0b | 2022-01-18 18:19:47 | Pass the X509_V_FLAG_CRL_CHECK flag as argument to valid_x509(). For mfts this flag is cleared since the CRL is referenced by the MFT itself. Also remove some if (crl != NULL) checks since they are not needed. The functions protected by it are all handling NULL as an input. OK job@ tb@ | |
|
00e3cb6a | 2022-01-18 16:52:18 | Use X509_get0_pubkey() for opk and remove the EVP_PKEY_free(opk). Suggested by and OK tb@ | |
|
4521b834 | 2022-01-18 16:41:00 | Adjust after change to cert_parse() and ta_parse(). | |
|
9551aa73 | 2022-01-18 16:36:49 | Change cert_parse() and ta_parse() to no longer take a x509 handle as argument. The x509 cert is also inside struct cert and easy to access. Also switch auth_insert() to a void function since it can't fail. OK tb@ | |
|
4bccd3c1 | 2022-01-18 16:29:06 | More fixing. Previous revert was incomplete. | |
|
d3c7e816 | 2022-01-18 16:24:55 | Revert all the files that should have not been committed in last commit. | |
|
ba7feb83 | 2022-01-18 16:18:22 | Kill extra newline | |
 |
ffd2fc2b | 2022-01-18 16:09:51 | Fix function name in warn message. | |
|
0e31088c | 2022-01-18 13:46:07 | Unify the various X509_verify_cert() calls and the boiler plate code around it into its own function valid_x509(). Simplifies the code substantially. This may report a few more errors for .roa and .gbr files but IMO that special case was a left-over from long time ago. OK tb@ | |
|
de9b6f5d | 2022-01-18 13:06:43 | Cleanup the scattered OBJ_txt2obj() calls and move them into x509_init_oid() to initalize all necessary OID objects at start. OK tb@ | |
 |
2dffa172 | 2022-01-18 12:38:21 | Properly handle read-only clusters in m_pullup(9). If the first mbuf of a chain in m_pullup is a cluster, check if the cluster is read-only (shared or an external buffer). If so, don't touch it and create a new mbuf for the pullup data. This restores original 4.4BSD m_pullup, that not only returned contiguous mbuf data of the specified length, but also converted read-only clusters into writeable memory. The latter feature was lost during some refactoring. from ehrhardt@; tested by weerd@; OK stsp@ bluhm@ claudio@ | |
 |
bfa5fdb5 | 2022-01-18 11:36:21 | Improve how quirks are handled on sdhc(4)-compatible drivers. So far we have passed a modified version of the contents in the capabilities register if we wanted to override what sdhc(4) would otherwise read. Unfortunately there's a second capabilities register that we did not yet take into consideration, which is why to disable DDR50 support we created a quirk flag in the softc. The sdhc(4) ACPI nodes have a way to mask and set bits in both of the capabilities register, which is a flexible approach to solving that issue and using that for our sdhc(4) drivers even improves readability. ok kettenis@ | |
 |
ba7d956b | 2022-01-18 10:54:05 | return EIO, not ENXIO, when the interface underneath ifq_deq_sleep dies. this is consistent with other drivers when they report their underlying device being detached. | |
|
7a24b51f | 2022-01-18 10:48:33 | a comment about bridges shouldnt list switch(4), but can have veb(4). | |
 |
8b31f2a3 | 2022-01-18 07:53:39 | Add cdsdhc(4), a driver for the Cadence SD/SDIO/eMMC host controller. Tested on a PolarFire SoC. | |
|
985778eb | 2022-01-18 07:44:37 | plic: Fix cpuid handling Make `cpu' signed so that the possible return value -1 from plic_get_cpuid() gets handled correctly in the (cpu < 0) condition. This prevents plic_attach() from updating sc_contexts[] out of bounds. When plic_get_cpuid() returns -1, ignore the entry and continue processing. The error is not fatal. It is normal that secondary CPUs are not found when running a non-MULTIPROCESSOR kernel on a multiprocessor machine. OK kettenis@ | |
 |
697e0366 | 2022-01-17 22:56:04 | when decompressing zlib compressed packets, use Z_SYNC_FLUSH instead of Z_PARTIAL_FLUSH as the latter is not actually specified as a valid mode for inflate(). There should be no practical change in behaviour as the compression side ensures a flush that should make all data available to the receiver in all cases. repoted by lamm AT ibm.com via bz3372; ok markus | |
|
4cd3c7b2 | 2022-01-17 21:41:04 | make most of the sftp errors more idiomatic, following the general form of "[local/remote] operation path: error message"; ok markus | |
|
b87c645d | 2022-01-17 21:39:51 | when transferring multiple files in SFTP mode, create the destination directory if it doesn't already exist to match olde-scp(1) behaviour. noticed by deraadt@ ok markus@ | |
|
2c19dcf8 | 2022-01-17 20:50:22 | Update libexpat to 2.4.3. This fixes CVE-2021-45960, CVE-2021-46143, and CVE-2022-22822 to CVE-2022-22827. Relevant for OpenBSD are security fixes #531 #534 #532 #538 #539 and other changes #527 #513 #514 #502 #503. No library bump necessary. OK millert@ | |
 |
a175a520 | 2022-01-17 19:45:34 | Stop supporting a GOT with only one reserved entry in static PIE and ld.so itself: support for that in dynamic objects was removed in 2010. Inline RELOC_GOT() into boot_md.c and clean up the result like boot.c, snag just the three DT_MIPS_* tags needed, and delete the error case which is verified at build time. ok visa@ | |
 |
e26546db | 2022-01-17 18:19:51 | dig: fix -Wunused-but-set-variable warnings with and ok florian@ | |
|
50b55cf4 | 2022-01-17 18:04:35 | rad: fix -Wunused-but-set-variable warning ok florian@ | |
|
5b34a885 | 2022-01-17 14:17:48 | sfcc: Fix accidental spinning Adjust end condition so that sfcc_cache_wbinv_range() would not spin when (pa + len) is not cache line aligned. While here, fix parameter types of sfcc_cache_wbinv_range() as suggested by kettenis@. OK kettenis@ (earlier version), miod@ | |
 |
7f144f4c | 2022-01-17 13:55:32 | Call uvm_pglistfree(9) instead of uvm_pmr_freepageq(). There is no functionnal change as the former is just a wrapper around the latter. However upper layer of UVM do not need to mess with the internals of the page allocator. This will also help when a page cache will be introduced to reduce contention on the global mutex serializing acess to pmemrange's data. ok kettenis@, kn@, tb@ | |
 |
892a73ca | 2022-01-17 12:42:30 | change irq work from interrupt context back to process context like our 5.10 drm used (via a task) by changing from timeout_set() to timeout_set_proc() irq work is supposed to be in interrupt context but some path used on inteldrm with gen 9 graphics sleeps. Reported by Agnosto Dvonik on kaby lake and jcs@ and aja@ on comet lake. For Agnosto Dvonik this occured when running firefox or mpv, for jcs@ when playing a video in firefox, for aja@ after 5 min of running gnome. aja@ has run gnome for many hours with this change without problem. | |
 |
f81bc88f | 2022-01-17 10:40:03 | Do not try to strdup NULL, from seL4 at disroot dot org in GitHub issue 3038. | |
|
342eb06c | 2022-01-17 04:12:15 | filessystems -> filesystems | |
|
f56254de | 2022-01-17 03:54:03 | unstub dma_fence_chain_find_seqno() for non zero seqno | |
 |
116c1678 | 2022-01-17 02:54:28 | Allow more memory ranges in hibernate The previous limit of VM_PHYSSEG_MAX ranges (16) was proving too small for newer machines. This diff reorganizes the hibernate signature block to allow for 22 ranges by removing the kernel version comparison and replacing it with a SHA of several unique kernel features (the version string and several addresses of functions not inside the same .o). Reported by claudio@, who also helped fix some issues in the diff. Input from deraadt@ as well. Tested by myself and claudio on a variety of machines. Only compile tested on i386 as I have no more S4-capable i386 hardware anymore. ok claudio@ | |
|
b0714f38 | 2022-01-17 01:35:36 | Nothing depends on archdep.h pulling in other #includes anymore, so delete the #includes and hide the RELOC_* functions that are only used by lib/csu behind "#ifdef RCRT0" these are the ones I tested; kettenis@ was on board with the concept | |
|
9b82141f | 2022-01-16 23:05:48 | remove "for all AArch64 platforms" from comment removed from other archs in 2020 before riscv64 was imported | |
|
08475498 | 2022-01-16 22:43:25 | drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk() From Nathan Chancellor 48d56b00c35266b00ec92aaf0db5b71ce1f27702 in linux 5.15.y/5.15.15 2e70570656adfe1c5d9a29940faa348d5f132199 in mainline linux | |
|
ee3cdc34 | 2022-01-16 22:27:46 | Remove trailing whitespace in a few places. No code change. | |
|
88c7b412 | 2022-01-16 21:20:25 | dhcpd: fix -Wunused-but-set-variable warning ok krw@ | |
|
3c787698 | 2022-01-16 20:06:18 | libfuse: fix -Wunused-but-set-variable warning ok tb@ | |
|
0ebca8ea | 2022-01-16 14:30:11 | isakmpd: fix -Wunused-but-set-variable warnings ok guenther@ | |
|
e4e00973 | 2022-01-16 14:28:16 | pfctl: fix -Wunused-but-set-variable warning ok dlg@ guenther@ | |
|
3830ce0b | 2022-01-16 11:34:05 | modernise pcn_start with m_defrag and the "new" ifq pattern. aside from getting rid of a use of the ifq_deq_begin/commit/rollback stuff, it simplifies the code a lot. im also sick of having the diff in my tree. | |
 |
b70cebc4 | 2022-01-16 07:12:28 | Avoid memory leak in error path with openssl(1) smime CID 345316 ok tb@ | |
|
58c4462f | 2022-01-16 07:11:49 | Avoid memory leak in error path with openssl(1) cms CID 345314 345320 ok tb@ | |
|
c8b9beef | 2022-01-16 06:27:14 | activate/notify waiting kq kevents from bpf_wakeup directly. this builds on the mpsafe kq/kevent work visa has been doing. normally kevents are notified by calling selwakeup, but selwakeup needs the KERNEL_LOCK. because bpf runs from all sorts of contexts that may or may not have the kernel lock, the call to selwakeup is deferred to the systq which already has the kernel lock. while this avoids spinning in bpf for the kernel lock, it still adds latency between when the buffer is ready for a program and when that program gets notified about it. now that bpf kevents are mpsafe and bpf_wakeup is already holding the necessary locks, we can avoid that latency. bpf_wakeup now checks if there are waiting kevents and notifies them immediately. if there are no other things to wake up, bpf_wakeup avoids the task_add (and associated reference counting) to defer the selwakeup call. selwakeup can still try to notify waiting kevents, so this uses the hint passed to knote() to differentiate between the notification from bpf_wakeup and selwakeup and returns early from the latter. ok visa@ | |
|
b0877370 | 2022-01-16 05:38:58 | initialies -> initializes ok visa@ | |
|
92890ded | 2022-01-16 04:43:34 | spelling | |
|
b0a1b819 | 2022-01-16 02:17:05 | Nothing depends on archdep.h pulling in other #includes anymore, so delete the #includes and hide the RELOC_* functions that are only used by lib/csu behind "#ifdef RCRT0" ok jca@ | |
|
2a697c88 | 2022-01-16 02:16:40 | Nothing depends on archdep.h pulling in other #includes anymore, so delete the #includes and hide the RELOC_* functions that are only used by lib/csu behind "#ifdef RCRT0" ok kettenis@ | |
|
b3a968f5 | 2022-01-16 02:14:27 | Nothing depends on archdep.h pulling in other #includes anymore, so delete the #includes and hide the RELOC_* functions that are only used by lib/csu behind "#ifdef RCRT0" ok aoyama@ | |
|
90398e5b | 2022-01-16 00:15:48 | stoeplizt -> stoeplitz | |
|
418ce7a9 | 2022-01-15 23:39:11 | vmd: Remove a warning about non-32KHz timebases Remove a warning that has outlived its usefulness. From Brian Conway, thanks. | |
|
1ab0fb16 | 2022-01-15 23:38:50 | spelling ok tb@ | |
|
d3e27d77 | 2022-01-15 18:16:02 | Add back an accidentally dropped .Pp | |
 |
585c4a5a | 2022-01-15 11:04:16 | Don't reset the controller on each transaction. Remove unecessary polling loop and adjust another polling loop. This makes accessing the cs42l83 audio codec work. Probably removing the reset is enough to fix this but the other changes bring us in line with the Linux driver which had some decent RE done to it recently. ok patrick@ | |
|
0d9ce156 | 2022-01-15 09:14:40 | Update for HMAC_CTX_{init,cleanup} hand HMAC_cleanup removal | |
|
cd4b820d | 2022-01-15 09:08:51 | Stop documenting clone digests. | |
|
c7f72189 | 2022-01-15 04:10:01 | bring back spelling fix from rev 1.138 lost in rev 1.140 pointed out by Brad | |
|
c3954054 | 2022-01-15 04:02:37 | Minor cleanup and simplification in dsa_pub_encode() This function has a weird dance of allocating an ASN1_STRING in an inner scope and assigning it to a void pointer in an outer scope for passing it to X509_PUBKEY_set0_param() and ASN1_STRING_free() on error. This can be simplified and streamlined. ok inoguchi | |
|
d493aa45 | 2022-01-15 02:46:12 | Add ct.h and x509_vfy.h | |
|
e457bdd1 | 2022-01-14 23:55:46 | Avoid buffer overflow in asn1_parse2 asn1_par.c r1.29 changed to access p[0] directly, and this pointer could be overrun since ASN1_get_object advances pointer to the first content octet. In case invalid ASN1 Boolean data, it has length but no content, I thought this could be happen. Adding check p with tot (diff below) will avoid this failure. Reported by oss-fuzz 43633 and 43648(later) ok tb@ | |
 |
91768759 | 2022-01-14 19:53:42 | mark failing tests for macppc OK bluhm@ | |
|
0c3a2335 | 2022-01-14 15:00:23 | Introduce a validated cache which holds all the files that have successfully been verified by rpki-client. With this the rsync and rrdp directories are more of a temporary storage location. New files are downloaded there and then moved to the valid directory at the end. In -n mode only the valid directory is looked at with the exception of the ta directory holding the trust anchors. A file can now be in two different locations so adjust all the code paths that open files to check both locations. One nice side-effect of this is that the RRDP handling in the main process got simplified. There is no longer the need for temporary RRDP directories. OK tb@ | |
|
36ce76ee | 2022-01-14 15:00:16 | We don't have 64-bit atomics on powerpc, but we don't really need them. So don't provide atomic64_cmpxchg() on powerpc and on other architectures make its implementation similar to atomic64_xchg(). This makes the tree build again on macppc. suggested by & ok jsg@ | |
|
e304febb | 2022-01-14 10:17:30 | Enable openssl pkey -{,pub}check and pkeyparam -check | |
|
676ea2e3 | 2022-01-14 09:38:50 | Undo static linking and other workarounds that are no longer needed after the bump | |
|
9597e69b | 2022-01-14 09:35:18 | Convert wycheproof.go for opaque EVP_AEAD_CTX | |
|
5980d968 | 2022-01-14 09:33:46 | The cttest can link dynamically now | |
|
8561a852 | 2022-01-14 09:32:27 | Simplify BN_mont test slightly using a new accessor. | |
|
c44ca71a | 2022-01-14 09:28:07 | openssl(1) dgst: fix build after clones removal ok inoguchi jsing | |
|
b30977f7 | 2022-01-14 09:27:30 | Convert openssl(1) speed for opaque EVP_AEAD_CTX ok inoguchi jsing | |
|
2de05b95 | 2022-01-14 09:26:41 | Convert openssl(1) rsa.c for opaque RSA ok inoguchi jsing | |
|
5161c7cc | 2022-01-14 09:25:42 | openssl(1) genrsa: simplify access to rsa->e ok inoguchi jsing | |
|
f9413cc6 | 2022-01-14 09:25:00 | Convert openssl(1) gendsa.c to opaque DSA ok inoguchi jsing | |
|
437dba66 | 2022-01-14 09:24:20 | Convert openssl(1) dsaparam to opaque dsa ok inoguchi jsing | |
|
5827572f | 2022-01-14 09:23:42 | Convert openssl(1) dsa.c to opaque DSA ok inoguchi jsing | |
|
61690107 | 2022-01-14 09:22:50 | Convert openssl(1) dhparam to opaque DH ok inoguchi jsing | |
|
d2103c91 | 2022-01-14 09:21:54 | Convert openssl(1) dh.c to opaque DH ok inoguchi jsing | |
|
d8ad561f | 2022-01-14 09:20:18 | Fix acme-client build with opaque RSA | |
|
66138239 | 2022-01-14 09:19:19 | isakmpd: convert modp to opaque DH | |
|
b7d3dce4 | 2022-01-14 09:16:52 | sync | |
|
27c8f1bf | 2022-01-14 09:15:07 | bump libcrypto, libssl, libtls majors after struct visibility changes and Symbol addition and removal in libcrypto. | |
|
c929ff6c | 2022-01-14 09:12:53 | Use the correct type for ssl_callback_ctrl() | |
|
f9a06750 | 2022-01-14 09:12:15 | Convert the new record layers to opaque EVP_AEAD_CTX ok jsing | |
|
426f2c04 | 2022-01-14 09:11:22 | Convert ssl_kex.c to opaque DH Stop reaching into DH internals and use the new API functions instead. ok inoguchi jsing | |
|
8c09bc91 | 2022-01-14 09:10:11 | Use BIO_next/BIO_set_next in ssl_lib.c Trivial conversion to cope with opaque BIO. | |
|
a366758f | 2022-01-14 09:09:30 | bio_ssl.c needs to peek into bio_local.h | |
|
2a12d662 | 2022-01-14 09:08:03 | libkeynote: fix build with opaque RSA and DSA This is a completely mechanical conversion to use accessors instead of reaching inside the structs by hand. ok millert | |
|
7df22999 | 2022-01-14 09:06:02 | Update Symbols.list ok inoguchi | |
|
082847b1 | 2022-01-14 09:03:53 | Unconditionally comment out OPENSSL_NO_RFC3779 ok inoguchi jsing | |
|
447b7d02 | 2022-01-14 09:01:36 | Remove header guard around RFC 3779 declarations ok inoguchi jsing | |
|
8be50d4c | 2022-01-14 08:59:30 | Expose Certificate Transparency symbols in headers ok inoguchi jsing | |
|
e7d5586a | 2022-01-14 08:56:00 | Hide OBJ_bsearch_ from public visibility, This removes OBJ_bsearch_ex_() from the exported symbols and makes OBJ_bsearch_() semi-private. It is still used in libssl. While here, remove some hideous unused macros ok inoguchi jsing | |
|
43c7bac0 | 2022-01-14 08:53:53 | Move ASN1_BOOLEAN to internal only. This moves {d2i,i2d}_ASN1_BOOLEAN() to internal only. They are unused, but help us testing the encoding. ok jsing | |
|
409e1e2a | 2022-01-14 08:52:05 | Remove check_defer and obj_cleanup_defer from public visibility ok inoguchi jsing | |
|
f0dfbe84 | 2022-01-14 08:50:25 | Remove name_cmp from public visibility ok inoguchi jsing | |
|
9bec1105 | 2022-01-14 08:43:06 | Remove all asn1_* symbols from public visibility ok inoguchi jsing | |
|
818427c5 | 2022-01-14 08:40:57 | Implement new-style OpenSSL BIO callbacks This provides support for new-style BIO callbacks in BIO_{read,write,gets,puts}() and a helper function to work out whether it should call the new or the old style callback. It also adds a few typedefs and minor code cleanup as well as the BIO_{get,set}_callback_ex() from jsing, ok tb | |
|
b7df4fb6 | 2022-01-14 08:38:48 | Garbage collect last use of EVP_ecdsa() ok inoguchi jsing | |
|
66c3bd61 | 2022-01-14 08:38:05 | Remove legacy sign/verify from EVP_MD. This removes m_dss.c, m_dss1.c, and m_ecdsa.c and the corresponding public API EVP_{dss,dss1,ecdsa}(). This is basically the following OpenSSL commit. The mentioned change in RSA is already present in rsa/rsa_pmeth.c. ok inoguchi jsing commit 7f572e958b13041056f377a62d3219633cfb1e8a Author: Dr. Stephen Henson <steve@openssl.org> Date: Wed Dec 2 13:57:04 2015 +0000 Remove legacy sign/verify from EVP_MD. Remove sign/verify and required_pkey_type fields of EVP_MD: these are a legacy from when digests were linked to public key types. All signing is now handled by the corresponding EVP_PKEY_METHOD. Only allow supported digest types in RSA EVP_PKEY_METHOD: other algorithms already block unsupported types. Remove now obsolete EVP_dss1() and EVP_ecdsa(). Reviewed-by: Richard Levitte <levitte@openssl.org> Plus OpenSSL commit 625a9baf11c1dd94f17e5876b6ee8d6271b3921d for m_dss.c |