IABSD.fr/src

Branch :


Log

Author Commit Date CI Message
c85bce7b 2023-01-18 17:40:17 Use the vstate of the filterstate struct instead of passing an extra copy to the various prefix update functions. While there fix a filterstate leak in up_generate_updates(). With and OK tb@
86c75b53 2023-01-18 13:20:00 Improve pending checks in poll loop by ordering them by trigger frequency and by making peer_imsg_pending() a true O(1) function. OK tb@
dbdb4107 2023-01-18 12:59:16 Use ROUNDDOWN() to round down to cylinder boundary.
32c728c5 2023-01-18 11:08:49 Instead of mapping WSEMUL_UNDERLINE to a different bit in rasops, use the same bit and the define. rom Crystal Kolipe kolipe.c at exoticsilicon dot com. ok miod
3b063803 2023-01-18 10:30:20 Typofix array length syntax, spotted by afresh1
64bcbf86 2023-01-18 10:27:05 Adjust how gcc4 handles the "missing braces around initializer" warning. In c99 any value can be initalised using a { 0 } constructor independent of the type. Now if a struct's first member is another struct then gcc4 issues the above warning but it should not do that. Move the warning check from push_init_level() to pop_init_level() and check if either { 0 } or { } was used. If additional implicit braces were added surpress the warning. Inspired by gcc PR#64709 OK deraadt@ miod@
7b8866bb 2023-01-18 10:13:46 The default output format is -o (openbgpd) but it now includes both roa-set and aspa-set by default. So make the man page less specific. OK tb@ job@ kn@
59586997 2023-01-18 06:55:32 tweak previous; ok djm
56539331 2023-01-18 05:29:48 Bring in a description of bn_words_3_div(). This comes from OpenSSL commit 3da2e9c4ee45989a426ff513dc6c6250d1e460de. ok tb@
4aac296b 2023-01-18 05:27:30 Start cleaning up BN_div_internal(). Always provide a bn_div_3_words() function, rather than having deeply nested compiler conditionals. Use readable variable names, clean up formatting and use a single exit path. Tested on various platforms by miod@ ok tb@
0de25421 2023-01-18 05:06:44 Do on i386 as we do on amd64. This is done on variable cpu_pae, which indicates the "PAE" pmap is being used, which only happens if the cpu has both PAE and NX. On i386 machines without the NX feature enabled, we can't distinguish between page faults as a result of instruction fetches or normal data access. Handle this in the same way as we do on landisk: if handling the fault with access type PROT_READ fails, retry with PROT_EXEC. Fortunately we know whether NX is enabled or nor so only do this when it isn't. ok kettenis, jsg
a35e5d14 2023-01-18 02:00:10 when restoring non-blocking mode to stdio fds, restore exactly the flags that ssh started with and don't just clobber them with zero, as this could also remove the append flag from the set; bz3523; ok dtucker@
93d238a6 2023-01-18 01:50:21 Add a -V (version) option to sshd like the ssh client has. OK markus@ deraadt@
7233a2b0 2023-01-18 00:48:14 Use ROUNDUP() to round up to cylinder boundary.
bc7ae01a 2023-01-18 00:27:10 rpki-client: explicitly enable policy checks In x509_verify.c r1.62, beck disabled policy checks by default in the new X.509 verifier to match the behavior of the legacy validator and OpenSSL. In order to keep policy checks as mandated by RFC 7318, we need to opt into them explicitly. ok beck
f409a94a 2023-01-17 23:56:51 Nuke unused MAXIMUM(). Add ROUNDUP() and ROUNDDOWN().
c62816f0 2023-01-17 23:49:28 Don't do policy checking unless we were asked to do so. ok tb@
eed49ca9 2023-01-17 23:39:30 include isadma.h not isa.h missed in rev 1.5 when #if NISA became #if NISADMA not a problem in practice as isavar.h includes isadma.h ok miod@ deraadt@ millert@
1114fe1a 2023-01-17 23:12:37 test NSDMMC not SDMMC ok miod@ deraadt@
34ff57a3 2023-01-17 19:51:37 sync
01852f87 2023-01-17 19:29:09 Simplify and clarify the implementation of the pmap_page_protect(9) API. This function is only ever called with PROT_NONE or PROT_READ where PROT_NONE removes the mapping from the page tables and PROT_READ takes away write permission. Add a KASSERT to make sure no other values are passed. This KASSERT should be optimized away by any decent compiler. ok deraadt@, mpi@, guenther@
dc4459a6 2023-01-17 18:52:44 For "ssh -V" always exit 0, there is no need to check opt again. This was missed when the fallthrough in the switch case above it was removed. OK deraadt@
ac7f9f19 2023-01-17 16:22:56 Add debug FUNCS_ONLY knob Hacking on the installer while running it is a lot easier when you can inspect or run functions directly without paging the whole script or poking around in it with ed. install.sub is already structured so that all functions come first, then MD code, then actual commands. Copy FUNCS_ONLY from rc.subr(8) so you can drop out any time and hack around more conveniently: Available disks are: sd0 sd1. Which disk is the root disk? ('?' for details) [sd0] ! Type 'exit' to return to install. test# FUNCS_ONLY=1 . /install.sub test# typeset -f get_dkdevs get_dkdevs() { echo $(scan_disknames "${MDDKDEVS:-/^[sw]d[0-9][0-9]* /s/ .*//p}") } test# get_dkdevs sd0 sd1 test# This requires the sourcing shell to be ksh(1) or sh(1) with 'strict Bourne shell mode' disabled. '!' is ksh now, but the initial (S)hell answer still lands in a strict (default) sh(1) -- that can/should be fixed separately. OK deraadt
366a2d32 2023-01-17 16:20:28 pax: Switch a function definition from K&R to ANSI.
1abb2e83 2023-01-17 16:14:23 Skip all interface config questions when there are none Even without any interfaces the installer still asks for one and only continues when the only possible answer 'done' is provided. That means one mandatory but useless answer during installations like # vmctl start -c -d ./install72.img -d ./disk.img test ... System hostname? (short form, e.g. 'foo') test Available network interfaces are: . Network interface to configure? (name, lladdr, '?', or 'done') A response is required. Network interface to configure? (name, lladdr, '?', or 'done') ? Available network interfaces are: . Network interface to configure? (name, lladdr, '?', or 'done') done DNS domain name? (e.g. 'example.com') [my.domain] ... Skip it when there is no viable answer: # vmctl start -c -d ./install72.img -d ./disk.img test ... System hostname? (short form, e.g. 'foo') test DNS domain name? (e.g. 'example.com') [my.domain] ... OK deraadt
0f5e1a03 2023-01-17 16:11:52 Add a dummy stub for getmonotime(). Reminded by tb@
c4f772fd 2023-01-17 16:09:34 Teach bgpctl about ASPA tables. OK tb@
d7e93531 2023-01-17 16:09:01 Add the needed logic to load the ASPA table from the rtr process into the RDE. The actual reload logic is missing to keep the diff small. OK tb@
e9c09c27 2023-01-17 15:04:27 Remove non-visible and unused OPENSSL_wipe_cpu and OPENSSL_atomic_add interfaces, and remove empty assembly OPENSSL_cpuid_setup routines - the default empty C fallback will work as good. ok jsing@
c842d149 2023-01-17 13:03:22 Arguments may contain more than one variable assignment `make FOO=1 BAR=2 ...' works as expected and lots of things wouldn't work if make only accepted a single assignment, as currently documented. Fix SYNOPSIS and usage to match reality and POSIX spec (thanks jmc). OK jmc
1e415b51 2023-01-17 10:40:51 Support -1 without -N for list-keys.
f4c0a1e2 2023-01-17 10:15:10 also check that an active session inhibits UnusedConnectionTimeout idea markus@
9170da37 2023-01-17 10:10:10 remove elansc(4) driver for AMD Elan SC520 System Controller AMD Elan SC520 has a Am5x86, 486-class processor. We require a 586-class processor. feedback from jmc@ ok miod@
d4f0be88 2023-01-17 10:02:34 regression test for UnusedConnectionTimeout
f98a6cf6 2023-01-17 09:44:48 Add a sshd_config UnusedConnectionTimeout option to terminate client connections that have no open channels for some length of time. This complements the recently-added ChannelTimeout option that terminates inactive channels after a timeout. ok markus@
5ccb5796 2023-01-17 08:03:51 On amd64 machines without the NX feature enabled, we can't distinguish between page faults as a result of instruction fetches or normal data access. Handle this in the same way as we do on landisk: if handling the fault with access type PROT_READ fails, retry with PROT_EXEC. Fortunately we know whether NX is enabled or nor so only do this when it isn't. Nobody should be running an amd64 machine without NX! ok deraadt@, miod@
bf31d21b 2023-01-17 06:50:55 Update palette when moving a pane, GitHub issue 3437.
f87b8e3f 2023-01-17 06:33:49 fix typo in package name
cef95745 2023-01-17 06:33:25 cope with ktrace "(via syscall)" changes
18cf9b3a 2023-01-17 02:58:22 agtimer(4/armv7): switch to clockintr - Strip out custom hardclock/statclock scheduling code. - Remove debug evcount code. We can no longer differentiate between hardclock and statclock in the driver. - Wire up agtimer_intrclock. With tweaks from miod@ and jca@. Tested by jca@ and kettenis@. Link: https://marc.info/?l=openbsd-tech&m=167044965011140&w=2 ok kettenis@
8e3880d2 2023-01-17 02:47:55 amptimer(4): switch to clockintr - Strip out custom hardclock/statclock scheduling code. - Wire up amptimer_intrclock. - Remove debug evcounts. All interrupts are now counted with the evcount in the interrupt handler. - Remove apparently dead USE_GTIMER_CMP code. Debugged with jca@. Tested by jca@. Link: https://marc.info/?l=openbsd-tech&m=167060127825418&w=2 ok kettenis@ jca@
1286a7b8 2023-01-17 02:38:59 sxitimer(4): switch to clockintr - Strip out custom hardclock/statclock scheduling code. - Stop using STATTIMER. We can multiplex TICKTIMER to handle all clock interrupts. - Wire up sxitimer_intrclock. - For parity with other platforms, change stathz from 128 to hz and change profhz from 1024 to (stathz * 10). Tested by kettenis@. Link: https://marc.info/?l=openbsd-tech&m=167060659329137&w=2 ok kettenis@
9451db9b 2023-01-17 02:32:07 dmtimer(4): switch to clockintr - Strip out custom hardclock/statclock scheduling code. - Wire up dmtimer_intrclock. - For convenience, add dmtimer_reset_tisr(); we do the "clear interrupt bits" dance in multiple places, may as well put it in a function. - For parity with other platforms, change stathz from 128 to 100 and profhz from 1024 to 1000. Testing by stuge@ and jsg@. v1: https://marc.info/?l=openbsd-tech&m=167060320326851&w=2 v2: https://marc.info/?l=openbsd-tech&m=167340009006972&w=2 ok mlarkin@ kettenis@
dfaeb4bf 2023-01-17 02:27:14 arm, armv7: add clockintr support The interrupt clock drivers need these pieces to be in place first. ok mlarkin@ kettenis@
3c8da594 2023-01-16 23:07:47 Mention riscv64 boot support efiboot could always boot from CRYPTO and RAID 1, since version 1.5 RAID 1C also works. installboot was enabled just now, so only new installations work out of the box without manual intervention.
7a579a5a 2023-01-16 22:59:41 Enable softraid(4) support in installboot(8) riscv64 efiboot already supports booting from softraid volumes. These installboot bits make sure that the boot loader will be installed on chunk devices rather than the volume for root on softraid installations, i.e. full boot support for riscv64, just like amd64, arm64 and sparc64. regress is happy. OK kettenis
c6918e3c 2023-01-16 22:08:50 Fix transmit queue selection based on frame type. I introduced an error here when I split up urtwn_tx() to add support for RTL8192EU devices. from Mikhail (mp395990 at gmail) ok stsp@
94c88aa8 2023-01-16 21:32:12 bump minor after RAID 1C support synced form arm64
3ea82190 2023-01-16 21:30:46 Sync with original arm64 copy to get RAID 1C bits, fix include guard OK kettenis
5172d7d1 2023-01-16 20:12:38 Manage RTC offset through UEFI variables handled by a TEE application that can be interacted with using SMC calls. ok kettenis@
b7307cad 2023-01-16 20:07:48 Attach drivers on nodes under /firmware. ok kettenis@
02e02031 2023-01-16 18:41:53 some kernel prototypes should also be made available to _STANDALONE
4bf7d47f 2023-01-16 17:56:25 Move BN_sqr() to the bottom of the file. This will simplify review/upcoming changes. No functional change.
619eff19 2023-01-16 16:53:19 Mop up debug code that escaped previously. This is the result of `unifdef -m -U BN_COUNT'.
2fcfb0f5 2023-01-16 16:49:16 Use size of largest chunk of free space, not total of all chunks of free space, when checking for sufficient space to add a partition. As a side-benefit the list of free chunks only needs to be built once.
c602d4c8 2023-01-16 15:34:54 sync
c79c3b80 2023-01-16 11:26:14 Mark keys sent by command and skip paste handling for them.
d7214ab1 2023-01-16 10:37:08 Fix bad MP logic in the route refresh handling. Found by and fix provided by Zenon Mousmoulas (@zmousm)
89096d95 2023-01-16 10:11:39 Don't put data in .text. ok deraadt@, miod@
e3d38566 2023-01-16 07:29:32 roughly cleanup terrible pre-ansi practices ok miod
b18b10d8 2023-01-16 07:09:11 Currently we disable kbind(2) for static program from libc.a's preinit hook. Delete that and instead have the kernel disable kbind at exec-time if the program doesn't have an ELF interpreter. For now, permit userland calls to disable it when already disabled so existing static programs continue to work. prompted by deraadt@ questioning about the call in libc.a ok deraadt@ miod@
e2c8dd8b 2023-01-16 05:32:04 we spent far too long debugging a weird go library problem (incorrect arguments to mmap) because it was using syscall(2) and that callpath is invisible in ktrace. make it visible, it will now show "(via syscall)" and such. ok guenther
c0aad570 2023-01-16 04:11:29 unbreak test: cannot access shell positional parameters past $9 without wrapping the position in braces (i.e. need ${10}, etc.)
9eca5023 2023-01-16 00:05:18 export PGK_VALUE so that .S files can use it
cf8ee16d 2023-01-16 00:04:47 3 new defines: he PTE protection key mask, the specific key value we use for execute-only, and the PKU value used by userland to use that key.
6c912f35 2023-01-15 23:35:10 adapt to ed25519 changes in src/usr.bin/ssh
938209f1 2023-01-15 23:05:32 update OpenSSH's Ed25519 code to the last version of SUPERCOP (20221122) and change the import approach to the same one we use for Streamlined NTRUPrime: use a shell script to extract the bits we need from SUPERCOP, make some minor adjustments and squish them all into a single file. ok tb@ tobhe@
cc7df389 2023-01-15 13:58:44 gost: add missing BN_CTX_{start,end}() pair The new BN_CTX code enforces that the context be started before a BIGNUM can be obtained from it via BN_CTX_get(), tests for ssl/interop and the openssl app broke, implying missing test coverage in libcrypto itself. Add the obviously missing bits. reported by anton ok jsing
b34a7ebb 2023-01-15 13:51:59 restore strscpy() paths to reduce diff to linux
93d5a0ee 2023-01-15 06:55:12 fix text error; from jan stary
f6305eed 2023-01-15 02:18:06 sync
41d0860c 2023-01-14 23:38:23 Change suspend idle loop from WFE to WFI. This avoids spurious wakeups while other CPUs are still active. And prepares us for deeper sleep states which require an interrupt for wakeup anyway. ok patrick@
ee8269dd 2023-01-14 23:35:09 Assign (stereo) channel numbers based on "sound-name-prefix" properties. ok patrick@, ratchov@
2748f5e2 2023-01-14 20:55:55 Only open /dev/vmm once in vmd(8). Have the parent process open /dev/vmm and send the fd to the vmm child process. Only the vmm process and its resulting children (guest vms) need it for ioctl calls. ok kn@
d4e23fe7 2023-01-14 18:21:46 Replace comparisons/assignments to '3' with equivalent comparisons to RAW_PART and assignment to RAW_PART + 1.
726266a1 2023-01-14 18:16:24 sync
46834d56 2023-01-14 17:02:57 Add support for "enhanced descriptor" mode found on some variants of the Synopsys DesignWare GMAC. ok mlarkin@
03a2914f 2023-01-14 16:58:55 Move constants out of text segment into rodata to prepare for xonly support on amd64. no pic handling is neccessary since amd64 has full reach. ok kettenis
810555b2 2023-01-14 16:20:32 Update the list of architectures where clang will accept the --execute-only option, and also indicate which ones have enabled by default now (in our naming convention, that is arm64 and riscv64)
b8052447 2023-01-14 16:15:43 Allow people to try --execute-only on amd64 and sparc64. the default is changed.
52939471 2023-01-14 15:45:43 Remove unused Elliptic Curve code. For various reasons, the ecp_nistp* and ecp_nistz* code is unused. While ecp_nistp* was being compiled, it is disabled due to OPENSSL_NO_EC_NISTP_64_GCC_128 being defined. On the other hand, ecp_nistz* was not even being built. We will bring in new versions or alternative versions of such code, if we end up enabling it in the future. For now it is just causing complexity (and grep noise) while trying to improve the EC code. Discussed with tb@
24d7b3e0 2023-01-14 15:23:27 Rewrite BN_CTX. The current BN_CTX implementation is an incredibly overengineered piece of code, which even includes its own debug system. Rewrite BN_CTX from scratch, simplifying things things considerably by having a "stack" of BIGNUM pointers and a matching array of group assignments. This means that BN_CTX_start() and BN_CTX_end() effectively do not fail. Unlike the previous implementation, if a failure occurs nothing will work and the BN_CTX must be freed/recreated, instead of trying to pick up at the point where the failure occurred (which does not make sense given its intended usage). Additionally, it has long been documented that BN_CTX_start() must be called before BN_CTX_get() can be used, however the previous implementation did not actually enforce this. Now that missing BN_CTX_start() and BN_CTX_end() calls have been added to DSA and EC, we can actually make this a hard requirement. ok tb@
8d6b24b5 2023-01-14 15:12:27 Greatly simplify bn_expand_internal(). We have a function called recallocarray() - make use of it rather than handrolling a version of it. Also have bn_expand() call bn_wexpand(), which avoids some duplication. ok tb@
938302ac 2023-01-14 15:10:45 Clean up and simplify EC_KEY handling, mostly from a BN_CTX perspective. If we have a BN_CTX available, make use of it rather than calling BN_new(). Always allocate a new priv_key and pub_key, rather than having complex reuse dances on entry and exit. Add missing BN_CTX_start()/BN_CTX_end() calls. ok tb@
796f3615 2023-01-14 12:19:11 regen
b48a47a7 2023-01-14 12:15:12 Create /dev/efi on amd64 and arm64. ok yasuoka@
f2f88681 2023-01-14 12:11:10 Implement access to EFI variables and ESRT through an ioctl(2) interface that is compatible with what FreeBSD and NetBSD have. Setting EFI variables is only allowed at securelevel 0 and below. Heavily based on work done by Sergii Dmytruk. ok yasuoka@
3567c6ec 2023-01-14 10:05:54 Shell syntax fix. From ren mingshuai vi github PR#369.
b5171adf 2023-01-14 09:57:08 Instead of skipping the all-tokens test if we don't have OpenSSL (since we use it to compute the hash), put the hash at the end and just omit it if we don't have it. Prompted by bz#3521.
1d1793f7 2023-01-14 07:36:16 Add missing void to function definition
43fcf7cd 2023-01-14 03:37:13 add protection-key violation error code for page-fault exceptions ok deraadt@
15d042b5 2023-01-14 03:28:51 recognise protection keys for supervisor-mode (PKS) in cpuid ok deraadt@
e634434d 2023-01-14 03:21:17 sync cr4 and xcr0 bits with intel dec 2022 sdm ok deraadt@
ef53724c 2023-01-14 03:12:15 use the notice from 4.4BSD-Lite ok deraadt@ miod@
e394f909 2023-01-14 01:04:55 sysctl(2): KERN_CPUSTATS: zero struct cpustats before copyout
13f0bae7 2023-01-13 23:02:43 Since the signal trampoline is now execute-only we no longer write it into core dumps. As a result backtraces through signal handlers no longer work in gdb and other debuggers. Fix this by keeping a read-only mapping of the signal trampoline in the kernel and writing it into the core dump at the virtual address where it is mapped in the process. ok deraadt@, tb@
76b90a23 2023-01-13 18:26:29 sync
e7e982eb 2023-01-13 17:53:30 Drop PICCY_SET() and RODATA() macros now that libc no longer needs them. ok kettenis@
50caa7fd 2023-01-13 17:52:08 Move all data from .text section to .rodata, and update the code to fetch them correctly when building PIC. ok kettenis@
9484a439 2023-01-13 17:27:25 Move all data tables from .text section to .rodata, and update the code to fetch them correctly when building PIC. Also drop unused data, and remove --no-execute-only from linker flags. ok kettenis@