Branch :
| Author | Commit | Date | CI | Message |
|---|---|---|---|---|
| bf77f779 | 2025-05-24 06:50:02 | sync | ||
| 75937829 | 2025-05-24 06:49:16 | In the old gprof profiling subsystem, the simplistic profil() syscall told the kernel about the sample buffer, and then the normal exit-time _mcleanup() would finalize the buffer, open()'ed a file and write out the details. This file opening has become increasingly impossible because of our privsep / privdrop, chroot, setresuid uid-dropping, pledge, unveil, and other efforts. So people stopped using gprof. Programs which needed profiling needed substantial mitigation removal changes to put them under test. In the new gprof profiling subsystem, profil() is enhanced to provide more buffer information to the kernel, as well as better instructions for where the file should be written. At normal exit-time mcleanup(), after finalizing the buffer, the process simply terminates via _exit(2), and the kernel does all the opening and writing in a safe way. The file is now deposited into the starting directory, or into PROFDIR as determined at program start, with safety issues taken into consideration. Additional side effecs: - The monstartup(3) interface will go away, it cannot be supported. - profil() is now allowed in pledge "stdio", access is decided by the -pg ELF note - gmon.out is renamed to gmon.progname.pid.out, due to pervasive multi-process privsep practices prompted originally by job and claudio for use in rpki-client and bgpd advice from kettenis and claudio | ||
| c56c8d96 | 2025-05-24 06:47:27 | Adapt to new maloc_options declaration | ||
| d6f14666 | 2025-05-24 06:43:37 | Plug leak of startup_pollfd in debug and child paths. Coverity CID 405024, ok djm@ | ||
| a0e2dd05 | 2025-05-24 06:40:29 | Adapt test to new malloc_options regime | ||
| 27c41a1c | 2025-05-24 06:32:12 | As a first step in making the gprof profiling subsystem compatible with all of our privsep work, add an ELF note to gcrt0, this means we know which binaries have been compiled with -pg. ok kettenis | ||
| 58e1f4f3 | 2025-05-24 04:41:12 | add some verbosity | ||
| a274c9fc | 2025-05-24 04:41:03 | use start_ssh_agent() to ensure we get logging add some verbosity | ||
| 914a0bf5 | 2025-05-24 04:40:37 | add a start_ssh_agent() function that sets up an agent with logging | ||
| cbb4578c | 2025-05-24 04:19:06 | Link regress udpthread to build. | ||
| 088dbb11 | 2025-05-24 04:17:26 | Fix races in regress udpthread. Other threads could cause errors that are stored at the socket. If next system call gets such an error, just ignore it. | ||
| e76dad40 | 2025-05-24 04:05:18 | Update and improve documentation for pkcs8 -v2 with input from jsing | ||
| 42c46e78 | 2025-05-24 03:44:06 | Bring regress tcpthread in sync with udpthread. Switch tcpthread to arc4random() to run through test cases more aggressively. Fix or workaround races that caused test abort. Reduce difference between tcp and udp thread tests. | ||
| d89dc0d6 | 2025-05-24 03:40:54 | Remove ssh-keygen's moduli screen -Omemory option. This vaguely made sense 20 years ago, but these days you'd be hard pressed to *find* a machine small enough to not support the maximum (127MB), and no one is screening moduli on such machines anyway, so just use the max. This also fixes Coverity CID 470522 by deleting code in question. "kill it with fire" djm@. | ||
| 3bab43df | 2025-05-24 03:39:48 | Remove ssh-keygen's moduli screen -Omemory option. This vaguely made sense 20 years ago, but these days you'd be hard pressed to *find* a machine small enough to not support the maximum (127MB), and no one is screening moduli on such machines anyway, so just use the max. This also fixes Coverity CID 470522 by deleting code in question. "kill it with fire" djm@. | ||
| 4a91b963 | 2025-05-24 03:37:40 | Remove ssh-keygen's moduli screen -Omemory option. This vaguely made sense 20 years ago, but these days you'd be hard pressed to *find* a machine small enough to not support the maximum (127MB), and no one is screening moduli on such machines anyway, so just use the max. This also fixes Coverity CID 470522 by deleting code in question. "kill it with fire" djm@. | ||
| 6a4a1089 | 2025-05-24 02:57:14 | Crank default salt length of PBE2 to 16 octets FIPS is currently revising their PBKDF2 recommendations and apparently they want to require 16 octets. https://github.com/pyca/cryptography/issues/12949 https://github.com/libressl/portable/issues/1168 ok kenjiro joshua jsing | ||
| 79d0c6f3 | 2025-05-24 02:56:41 | Add [-w percent] and /etc/apm/warnlow hook So '-w25 -Z15' can log charge level and run the warnlow script to, e.g. play a sound or pop a window when running on battery below 25%, *before* life^work saving hibernate/suspend kicks in. OK tobhe Feedback jmc | ||
| 08d9e4c1 | 2025-05-24 02:54:09 | Switch the default PBMAC to hmacWithSHA256 Using hmacWithSHA1 isn't outrageously bad, but newly generated encrypted password files ought to be using something better. Make it so. https://github.com/pyca/cryptography/issues/12949 https://github.com/libressl/portable/issues/1168 ok joshua | ||
| 3f2f4c76 | 2025-05-24 02:46:02 | add directory for gbm backends, used by newer Mesa | ||
| 716755a3 | 2025-05-24 02:35:25 | Switch default to PBES2 for openssl pkcs8 -topk8 We currently use the glorious default of NID_pbeWithMD5AndDES_CBC which we inherited from OpenSSL. This could have been worse - there is also NID_pbeWithMD2AndDES_CBC... The way this diff works is that the undocumented PKCS8_encrypt() API uses the PKCS#5v2 code path when it's passed a NID of -1 and requires a cipher to succeed, otherwise it uses the PKCS#5v1.5 path. So pass in a sensible cipher, namely AES-CBC-256, and let layers of muppetry cascade to doing something resembling the right thing. This still uses the default of hmacWithSHA1 and a somewhat short salt, which will be improved in a subsequent commit. https://github.com/pyca/cryptography/issues/12949 https://github.com/libressl/portable/issues/1168 ok kenjiro joshua jsing | ||
| ab118c17 | 2025-05-24 02:33:33 | Fix compile error on 32bit platforms. Spotted by & ok tb@ | ||
| 754ffb53 | 2025-05-24 02:03:02 | openssl speed: use single md buffer for digests ok jsing tb | ||
| 44dd73a1 | 2025-05-24 02:01:28 | Use pointer from strprefix in error message, missed in previous. | ||
| 173f4495 | 2025-05-24 00:19:09 | timeout_add_ticks doesnt have to do rounding now it's callers do it. timeout_add_ticks turned short (less than 1 tick but greater than 0) timeouts into 1 tick timeouts. timeout_add_nsec/usec/msec round themselves up now, so this isn't necessary anymore. | ||
| 86ddee2d | 2025-05-24 00:11:08 | have timeout_add_nsec/usec/msec wait at least their specified time. timeouts run off kernel clock ticks which are longer than nsec/usec/msec intervals, so simply dividing these values by how long a tick is will truncate the desired times. to mitigate this, round up the value before the divide. rounding up can lead to integer overflow, so detect this and clamp the value to the max sleep time. while here get timeout_add_sec to check for a negative time like timeout_add does to the specified tick interval. discussed with many help with the int overflow stuff from djm@ ok sashan@ | ||
| a86a4190 | 2025-05-23 23:56:14 | deprecate timeout_add_tv now that nothing uses it anymore. i feel like it was a bit of a footgun because timeouts had to assume that the timeval passed is valid. the api only returns whether the timeout was added or already pending, it's not clear what it should do if the timeval is invalid. ok mpi@ bluhm@ | ||
| b00facf8 | 2025-05-23 23:41:46 | replace timeout_add_tv with timeout_add_nsec via TIMEVAL_TO_NSEC. this is the last use of timeout_add_tv, which id like to deprecate. ok mp@ bluhm@ | ||
| 403e61e5 | 2025-05-23 23:39:30 | replace timeout_add_tv with timeout_add_usec this changes the calculation of the interval slightly, but in practice it should not make a difference. this is a step toward deprecating timeout_add_tv. ok mpi@ bluhm@ | ||
| 0cc6f778 | 2025-05-23 16:19:52 | Spawn multiple threads and run system calls on UDP socket in parallel. Setup UDP sockets on localhost and run system calls connect(2), send(2), recv(2), recvfrom(2), and close(2) in parallel. In addition stress test for socket splicing, unsplice, max length and idle timeout can run. The successful operations are counted. | ||
| b59df021 | 2025-05-23 14:33:23 | Fix a mismerge in the tzcode2013d update | ||
| ce54b553 | 2025-05-23 12:52:45 | Replace strncmp and strncasecmp with hand-counting bytes with strprefix. nits lucas@, ok lucas@ djm@ | ||
| 6c206b51 | 2025-05-23 11:54:50 | Include stdint.h for UINT32_MAX. | ||
| c75d946f | 2025-05-23 11:50:21 | remove unused ice(4) softc fields inherited from FreeBSD iflib if_softc_ctx Leaving TSO-related ones in place for now, since TSO is still a todo item. | ||
| 801be1c5 | 2025-05-23 11:25:35 | Ensure args to nh_update() fit within uint32, which it should always anyway. Placates Coverity CID 470520. While there, fix the upstream URL. ok djm@ | ||
| 09743abc | 2025-05-23 09:56:26 | Set an RSS key and lookup table so traffic is properly distributed across the queues, and copy the RSS hash into received packets as the flow ID. from Yuichiro NAITO, lightly modified | ||
| d88d09a1 | 2025-05-23 09:53:15 | ice(4) supports some offloading now, remove CAVEATS section. Mention that firmware is required for multi-queue operation. | ||
| 3f82bc0a | 2025-05-23 09:26:25 | Don't leak the args list. Coverity CIDs 481569 & 481570, ok job@ tb@. | ||
| f3256d04 | 2025-05-23 09:16:14 | enable RSS in ice(4), and enable Tx/Rx across multiple queues Port ice_upd_prof_hw() and related functions from FreeBSD which were still missing from the RSS init code path. With 9k jumbo frames I am now seeing about 10Gbit/s throughput in multi-threaded iperf benchmarks against FreeBSD ice(4). | ||
| 19fb9659 | 2025-05-23 09:11:06 | remove unused and redundant isc_nrxqsets and isc_ntxqsets variables from ice(4) | ||
| dc13af7a | 2025-05-23 08:57:49 | implement ice(4) Tx checksum offloading test + ok bluhm@ | ||
| ae5c9834 | 2025-05-23 08:40:13 | Explictly set LC_ALL=C on each sort invocation. Remove it from sshd_config (where it could be overridden by shell startup scripts, eg on macos-15) causing random test failures. with & ok djm@ | ||
| 27d5f987 | 2025-05-23 05:48:13 | put -R in the right place in the options list: apologies, ken, for not spotting this in the diff review; i also added a colon to "For example", and added a missing space in ".Ar file." | ||
| c9e61bd7 | 2025-05-23 03:46:08 | Add the ability to run individual ruby ssl test for figuring out what is going on when these break ok tb@ | ||
| cad777a1 | 2025-05-23 03:13:33 | stacktrace_save_utrace() should be more robust Currently the function assumes the frame pointer address which comes from userland is always valid frame pointer address. Unfortunately if the frame address gets corrupted such it fits a kernel memory address range, then stacktrace_save_utrace() function just dereferences the address causing a kernel crash. The fix makes sure that as soon as stack unwinding crosses kernel<->userland boundary it never attempts to interpret the frame address to be coming from kernel. So after crossing the boundary all frame pointer addresses are passed to copyin(9f) to obtain a next frame. copyin(9f) then may fail with error indicating the stack is corrupted and stack unwinding process should stop. The fix was discussed at tech@. The idea to use two loops comes from tedu@ There is also a todo note from claudio@: skip iteration over kernel frames just find the first userland's frame and start there. OK tedu@ | ||
| 449dd8e0 | 2025-05-23 03:06:09 | Add preliminary support for RTL8157. Tested: RTL8153 (0x5c20/0x5c30): stsp | ||
| 1a842094 | 2025-05-23 03:05:05 | sync | ||
| 191dd14a | 2025-05-23 03:04:43 | Add USB product ID for RTL8157 | ||
| 1b0dae99 | 2025-05-23 02:50:08 | handle in_s4 moving to pm notifier | ||
| 5a206aca | 2025-05-23 02:48:47 | drm/amdgpu: fix pm notifier handling From Alex Deucher 25e07c8403f4daad35cffc18d96e32a80a2a3222 in linux-6.12.y/6.12.30 4aaffc85751da5722e858e4333e8cf0aa4b6c78f in mainline linux | ||
| 5c0b549e | 2025-05-23 02:47:09 | drm/fbdev-dma: Support struct drm_driver.fbdev_probe From Thomas Zimmermann 25998ed87f0c8772bd5faf8ee92d831f1c69e1d0 in linux-6.12.y/6.12.30 8998eedda2539d2528cfebdc7c17eed0ad35b714 in mainline linux | ||
| f621b50a | 2025-05-23 02:44:18 | dma-buf: insert memory barrier before updating num_fences From Hyejeong Choi fe1bebd0edb22e3536cbc920ec713331d1367ad4 in linux-6.12.y/6.12.30 72c7d62583ebce7baeb61acce6057c361f73be4a in mainline linux | ||
| 6f46f340 | 2025-05-23 02:42:45 | drm/amd/display: Avoid flooding unnecessary info messages From Wayne Lin 64a33088adf2b4b23f34566d18ac73e8b4f64243 in linux-6.12.y/6.12.30 d33724ffb743d3d2698bd969e29253ae0cff9739 in mainline linux | ||
| bfa243c3 | 2025-05-23 02:41:09 | drm/amd/display: Correct the reply value when AUX write incomplete From Wayne Lin 2d125a1f0d61bf224ed7fe6ce2f4f7d4f37b4c61 in linux-6.12.y/6.12.30 d433981385c62c72080e26f1c00a961d18b233be in mainline linux | ||
| 98b3332a | 2025-05-23 02:39:20 | drm/amdgpu: csa unmap use uninterruptible lock From Philip Yang 8d71c3231b33e24a911b8f2d8c3a17ee40aa32d5 in linux-6.12.y/6.12.30 a0fa7873f2f869087b1e7793f7fac3713a1e3afe in mainline linux | ||
| ecabef8d | 2025-05-23 02:37:58 | drm/amdgpu: fix incorrect MALL size for GFX1151 From Tim Huang e54f20c5a17e8dff4bb54f4f88ec098dc905ee41 in linux-6.12.y/6.12.30 2d73b0845ab3963856e857b810600e5594bc29f4 in mainline linux | ||
| 5133bdf5 | 2025-05-23 02:36:37 | Revert "drm/amd/display: Hardware cursor changes color when switched to software cursor" From Melissa Wen c75f3f9cbfb7a84254285c587840afe4494d6992 in linux-6.12.y/6.12.30 fe14c0f096f58d2569e587e9f4b05d772272bbb4 in mainline linux | ||
| 4d9edfda | 2025-05-23 02:35:08 | Revert "drm/amd: Stop evicting resources on APUs in suspend" From Alex Deucher 5d9d62323e1893e6f429fad7da19a652088cac21 in linux-6.12.y/6.12.30 d0ce1aaa8531a4a4707711cab5721374751c51b0 in mainline linux | ||
| 7eb2eeb0 | 2025-05-23 02:32:31 | drm/amd: Add Suspend/Hibernate notification callback support From Mario Limonciello 4d45a5f1e2a04f5f84d5d5121dfbfff8d65c9c1c in linux-6.12.y/6.12.30 2965e6355dcdf157b5fafa25a2715f00064da8bf in mainline linux | ||
| c9b0513d | 2025-05-23 02:26:42 | add register_pm_notifier() for 6.12.30 drm | ||
| 0142a991 | 2025-05-23 01:14:35 | Import regenerated moduli. | ||
| d5361483 | 2025-05-23 00:40:45 | use "const char * const" for malloc_options here also | ||
| fb69fb32 | 2025-05-23 00:40:05 | When commons were deprecated, noone noticed that malloc_options in static binaries had become unlinkable. Change the libc definition to weak to solve that, and to "const char * const" so that noone will try to set it late. It must be stable before the first malloc() call, which could be before main()... discussion with otto, kettenis, tedu | ||
| a3f9d031 | 2025-05-23 00:20:02 | Add -R to recover/create GPT or MBR from a file or partial GPT. Feedback from lucas@ kettenis@ jmc@ Tests, fixes and ok lucas@ | ||
| 2f076c17 | 2025-05-22 15:00:32 | Fix vmm(4) regress test after recent UVM change. Now VMM_IOC_SHAREMEM creates the shared mappings for vmd(8). So vmd(8) does no have to map -> unmap -> VMM_IOC_SHAREMEM, i.e. remap. from hshoexer@; OK dv@ | ||
| 896a7df4 | 2025-05-22 12:44:14 | Do a clean up pass over the GCM code. Rework some logic, add explicit numerical checks, move assignment out of variable declaration and use post-increment/post-decrement unless there is a specific reason to do pre-increment. ok kenjiro@ tb@ | ||
| 38645cd8 | 2025-05-22 12:33:36 | Use timingsafe_memcmp() in CRYPTO_gcm128_finish(). When checking the GCM tag, use timingsafe_memcmp() instead of memcmp(). ok tb@ | ||
| 3a8b92ef | 2025-05-22 12:14:19 | Adjust debug message to prevent (unsigned) integer overflow. Fixes Coverity CID 481110, ok djm@ | ||
| 3d8cde81 | 2025-05-22 11:33:04 | Update/improve FAT partition names. FAT has survived the rise and fall of DOS and Win95. No need to continue to defer to them. Originally from sobrado@ | ||
| ba45935f | 2025-05-22 10:50:10 | ix(4): use 4k clusters in LRO mode to avoid m_defrag calls ok bluhm | ||
| 90a7f92b | 2025-05-22 09:15:48 | Bring up multiple transmit and receive queues. The IAVF spec only says we have at least 5 vectors, so limit to 4 queues. We're not setting a proper RSS key or lookup table yet, so traffic is not distributed across queues correctly. from Yuichiro NAITO | ||
| 4e120550 | 2025-05-22 08:55:11 | sync | ||
| 134c5a4e | 2025-05-22 08:32:50 | pass correct sizes to free() calls in ice_free_vsi_qmaps() | ||
| a10bf9eb | 2025-05-22 08:25:26 | Simplify SSL_alert_desc_string SSL_alert_desc_string() is only used by our good old friends M2Crypto and Net::SSLeay. While some of the two-letter combinations can be made sense of without looking at the switch, I guess, this is just a completely useless interface. The same level of uselessness can be acchieved in a single line matching BoringSSL. ok joshua kenjiro | ||
| 80f2f779 | 2025-05-22 08:01:29 | Bump UTF8_SIZE to the maximum 32 because there are some crazy long UTF-8 sequences out there (GitHub issue 4506). This should not significantly increase typical memory consumption because we only store each Unicode character once in the shared cache. | ||
| abdf2f73 | 2025-05-22 07:49:24 | Typo, from someone in GitHub issue 4511. | ||
| 8e7844d6 | 2025-05-22 07:46:38 | When there are more than two horizontal windows and the active window is in not on an edge, correctly highlight both its left and right borders. GitHub issue 4513 from Michael Grant. | ||
| 9bb79675 | 2025-05-22 07:43:38 | Add a set-default style attribute which replaces the current default colours and attributes completely, useful at the start of compound format strings (like status-format) to set the default colours for all the following options. | ||
| e037dc57 | 2025-05-22 07:31:18 | Use literal <> characters instead of Aq macros. From Evan Silberman | ||
| 0814c25f | 2025-05-22 06:41:20 | Move packet classifier defines to if_ixlreg.h so iavf(4) can see them too. ok dlg@ | ||
| e4db903d | 2025-05-22 06:40:26 | Fix HTTP CONNECT proxy support to not treat responses like "HTTP/1.0 200poo" as success; patch from Spiros Thanasoulas | ||
| 85baac77 | 2025-05-22 06:34:03 | The current way to adjust pf(4) limits in pf.conf(5) is inconvenient. For example when ruleset uses more than 512 anchors (the current default limit) one would typically add 'set limit anchor 1024' to adjust the limit so the 'pf.conf(5)' gets processed. Unfortunately it does not work because limit gets changed with DIOCXCOMMIT which is too late. The pf.conf(5) fails to load the anchors to transaction, because the old lower limit is still in place. To fix it we must set the limit as soon as we parse 'set limit ...' option. The issue has been reported and fix tested by rafal _dot_ ramocki _von_ eo.pl OK @bluhm | ||
| ec3f7096 | 2025-05-22 05:58:36 | Reinstate mention of chroot(2) and user quoting That should clarify the implications of, e.g. symlink behaviour inside the directory being served. Input OK schwarze jmc | ||
| f30feaa1 | 2025-05-22 04:54:14 | asn1: merge invalid generalized time tests into invalid time tests Previously, invalid generalized time tests were split into a separate set of test vectors and a flag was used when calling the test function to indicate they should be tested as generalized only. This simplifies the code a bit, and makes converting to the new test framework easier. ok jsing | ||
| 43496798 | 2025-05-22 04:34:18 | Fix OpenBSD RCS ID typos. from Andrius V | ||
| 94488e84 | 2025-05-22 04:24:11 | get rid of unecessary casts ok florian@ | ||
| 133e2625 | 2025-05-22 04:22:03 | Output the current name for PermitRootLogin's "prohibit-password" in sshd -T instead of its deprecated alias "without-password". bz#3788, patch from cjwatson at debian.org. | ||
| 533f560f | 2025-05-22 03:53:46 | Copy arg to be passed to dirname(). POSIX allows dirname() to modify its args and return a pointer into it, so this prevents an overlapping strlcpy. bz#3819, patch from cjwatson at debian.org | ||
| 3ac71bda | 2025-05-22 03:41:10 | Add $OpenBSD$ marker for easier syncing. | ||
| 0a034d76 | 2025-05-22 03:35:40 | Convert sha_test to use new test framework ok beck | ||
| afab96b3 | 2025-05-22 03:24:47 | Convert md_test to use new test framework ok jsing tb beck | ||
| 40adde36 | 2025-05-22 03:12:33 | Fix trailing whitespace. | ||
| f4df864d | 2025-05-22 03:09:00 | Remove redundant NULL check from divert_packet() that it already in in_pcbunref(). | ||
| 0487f6a6 | 2025-05-22 03:04:01 | Add PERFORMANCE_LEVEL_SET logic and initialize all domains to the same level. On Snapdragon X Elite there are 3 performance domains spanning 4 CPUs each, where each can go from level 0 (719 Mhz) to 12 (3418 Mhz). By default domain 0 boots into level 10, domains 1 and 2 boot into level 12. Since the kernel only understands a single global performance value we keep them in sync by initializing them all to 12 for now. While there, also move PERFORMANCE_LEVEL_GET to a separate function and clean up a bit. ok patrick@ | ||
| 32856335 | 2025-05-22 02:23:41 | Fix test_errorf macro expanding to two lines This caused test_fail to always be called when used in certain conditions, and wrapping with do {} while (0) fixes this. | ||
| 6359e523 | 2025-05-22 02:10:27 | TAL stands for Trust Anchor Locator, not Location ok beck | ||
| d758b026 | 2025-05-22 01:40:21 | pkg_delete -c does more than file cleanup | ||
| 58283cdb | 2025-05-22 00:13:47 | Add basic HKDF test using EVP_PKEY_HKDF Add a basic test case for HKDF using EVP_PKEY_HKDF to evp_test.c. This test verifies the correct derivation of output keying material using SHA-256, matching the test vector from RFC 5869 Appendix A.1. ok tb@ joshua@ | ||
| 91d6bc35 | 2025-05-21 21:42:19 | Fix wrong description of PKG_CONFIG_DEBUG_SPEW. Add complete description of PKG_CONFIG_MAXIMUM_TRAVERSE_DEPTH. Improve descriptions of various other options and variables. This patch was accepted and pushed upstream by Ariadne Conill. | ||
| c902741c | 2025-05-21 18:41:41 | Define CPU_MIN_BUSY_CYCLES and CPU_MAX_BUSY_CYCLES outside of MULTIPROCESSOR since the ddb_mtx_enter is not under MULTIPROCESSOR. This is enough to unbreak GENERIC kernels. Reported by tb@ |