Branch :
| Author | Commit | Date | CI | Message |
|---|---|---|---|---|
| c85bce7b | 2023-01-18 17:40:17 | Use the vstate of the filterstate struct instead of passing an extra copy to the various prefix update functions. While there fix a filterstate leak in up_generate_updates(). With and OK tb@ | ||
| 86c75b53 | 2023-01-18 13:20:00 | Improve pending checks in poll loop by ordering them by trigger frequency and by making peer_imsg_pending() a true O(1) function. OK tb@ | ||
| dbdb4107 | 2023-01-18 12:59:16 | Use ROUNDDOWN() to round down to cylinder boundary. | ||
| 32c728c5 | 2023-01-18 11:08:49 | Instead of mapping WSEMUL_UNDERLINE to a different bit in rasops, use the same bit and the define. rom Crystal Kolipe kolipe.c at exoticsilicon dot com. ok miod | ||
| 3b063803 | 2023-01-18 10:30:20 | Typofix array length syntax, spotted by afresh1 | ||
| 64bcbf86 | 2023-01-18 10:27:05 | Adjust how gcc4 handles the "missing braces around initializer" warning. In c99 any value can be initalised using a { 0 } constructor independent of the type. Now if a struct's first member is another struct then gcc4 issues the above warning but it should not do that. Move the warning check from push_init_level() to pop_init_level() and check if either { 0 } or { } was used. If additional implicit braces were added surpress the warning. Inspired by gcc PR#64709 OK deraadt@ miod@ | ||
| 7b8866bb | 2023-01-18 10:13:46 | The default output format is -o (openbgpd) but it now includes both roa-set and aspa-set by default. So make the man page less specific. OK tb@ job@ kn@ | ||
| 59586997 | 2023-01-18 06:55:32 | tweak previous; ok djm | ||
| 56539331 | 2023-01-18 05:29:48 | Bring in a description of bn_words_3_div(). This comes from OpenSSL commit 3da2e9c4ee45989a426ff513dc6c6250d1e460de. ok tb@ | ||
| 4aac296b | 2023-01-18 05:27:30 | Start cleaning up BN_div_internal(). Always provide a bn_div_3_words() function, rather than having deeply nested compiler conditionals. Use readable variable names, clean up formatting and use a single exit path. Tested on various platforms by miod@ ok tb@ | ||
| 0de25421 | 2023-01-18 05:06:44 | Do on i386 as we do on amd64. This is done on variable cpu_pae, which indicates the "PAE" pmap is being used, which only happens if the cpu has both PAE and NX. On i386 machines without the NX feature enabled, we can't distinguish between page faults as a result of instruction fetches or normal data access. Handle this in the same way as we do on landisk: if handling the fault with access type PROT_READ fails, retry with PROT_EXEC. Fortunately we know whether NX is enabled or nor so only do this when it isn't. ok kettenis, jsg | ||
| a35e5d14 | 2023-01-18 02:00:10 | when restoring non-blocking mode to stdio fds, restore exactly the flags that ssh started with and don't just clobber them with zero, as this could also remove the append flag from the set; bz3523; ok dtucker@ | ||
| 93d238a6 | 2023-01-18 01:50:21 | Add a -V (version) option to sshd like the ssh client has. OK markus@ deraadt@ | ||
| 7233a2b0 | 2023-01-18 00:48:14 | Use ROUNDUP() to round up to cylinder boundary. | ||
| bc7ae01a | 2023-01-18 00:27:10 | rpki-client: explicitly enable policy checks In x509_verify.c r1.62, beck disabled policy checks by default in the new X.509 verifier to match the behavior of the legacy validator and OpenSSL. In order to keep policy checks as mandated by RFC 7318, we need to opt into them explicitly. ok beck | ||
| f409a94a | 2023-01-17 23:56:51 | Nuke unused MAXIMUM(). Add ROUNDUP() and ROUNDDOWN(). | ||
| c62816f0 | 2023-01-17 23:49:28 | Don't do policy checking unless we were asked to do so. ok tb@ | ||
| eed49ca9 | 2023-01-17 23:39:30 | include isadma.h not isa.h missed in rev 1.5 when #if NISA became #if NISADMA not a problem in practice as isavar.h includes isadma.h ok miod@ deraadt@ millert@ | ||
| 1114fe1a | 2023-01-17 23:12:37 | test NSDMMC not SDMMC ok miod@ deraadt@ | ||
| 34ff57a3 | 2023-01-17 19:51:37 | sync | ||
| 01852f87 | 2023-01-17 19:29:09 | Simplify and clarify the implementation of the pmap_page_protect(9) API. This function is only ever called with PROT_NONE or PROT_READ where PROT_NONE removes the mapping from the page tables and PROT_READ takes away write permission. Add a KASSERT to make sure no other values are passed. This KASSERT should be optimized away by any decent compiler. ok deraadt@, mpi@, guenther@ | ||
| dc4459a6 | 2023-01-17 18:52:44 | For "ssh -V" always exit 0, there is no need to check opt again. This was missed when the fallthrough in the switch case above it was removed. OK deraadt@ | ||
| ac7f9f19 | 2023-01-17 16:22:56 | Add debug FUNCS_ONLY knob Hacking on the installer while running it is a lot easier when you can inspect or run functions directly without paging the whole script or poking around in it with ed. install.sub is already structured so that all functions come first, then MD code, then actual commands. Copy FUNCS_ONLY from rc.subr(8) so you can drop out any time and hack around more conveniently: Available disks are: sd0 sd1. Which disk is the root disk? ('?' for details) [sd0] ! Type 'exit' to return to install. test# FUNCS_ONLY=1 . /install.sub test# typeset -f get_dkdevs get_dkdevs() { echo $(scan_disknames "${MDDKDEVS:-/^[sw]d[0-9][0-9]* /s/ .*//p}") } test# get_dkdevs sd0 sd1 test# This requires the sourcing shell to be ksh(1) or sh(1) with 'strict Bourne shell mode' disabled. '!' is ksh now, but the initial (S)hell answer still lands in a strict (default) sh(1) -- that can/should be fixed separately. OK deraadt | ||
| 366a2d32 | 2023-01-17 16:20:28 | pax: Switch a function definition from K&R to ANSI. | ||
| 1abb2e83 | 2023-01-17 16:14:23 | Skip all interface config questions when there are none Even without any interfaces the installer still asks for one and only continues when the only possible answer 'done' is provided. That means one mandatory but useless answer during installations like # vmctl start -c -d ./install72.img -d ./disk.img test ... System hostname? (short form, e.g. 'foo') test Available network interfaces are: . Network interface to configure? (name, lladdr, '?', or 'done') A response is required. Network interface to configure? (name, lladdr, '?', or 'done') ? Available network interfaces are: . Network interface to configure? (name, lladdr, '?', or 'done') done DNS domain name? (e.g. 'example.com') [my.domain] ... Skip it when there is no viable answer: # vmctl start -c -d ./install72.img -d ./disk.img test ... System hostname? (short form, e.g. 'foo') test DNS domain name? (e.g. 'example.com') [my.domain] ... OK deraadt | ||
| 0f5e1a03 | 2023-01-17 16:11:52 | Add a dummy stub for getmonotime(). Reminded by tb@ | ||
| c4f772fd | 2023-01-17 16:09:34 | Teach bgpctl about ASPA tables. OK tb@ | ||
| d7e93531 | 2023-01-17 16:09:01 | Add the needed logic to load the ASPA table from the rtr process into the RDE. The actual reload logic is missing to keep the diff small. OK tb@ | ||
| e9c09c27 | 2023-01-17 15:04:27 | Remove non-visible and unused OPENSSL_wipe_cpu and OPENSSL_atomic_add interfaces, and remove empty assembly OPENSSL_cpuid_setup routines - the default empty C fallback will work as good. ok jsing@ | ||
| c842d149 | 2023-01-17 13:03:22 | Arguments may contain more than one variable assignment `make FOO=1 BAR=2 ...' works as expected and lots of things wouldn't work if make only accepted a single assignment, as currently documented. Fix SYNOPSIS and usage to match reality and POSIX spec (thanks jmc). OK jmc | ||
| 1e415b51 | 2023-01-17 10:40:51 | Support -1 without -N for list-keys. | ||
| f4c0a1e2 | 2023-01-17 10:15:10 | also check that an active session inhibits UnusedConnectionTimeout idea markus@ | ||
| 9170da37 | 2023-01-17 10:10:10 | remove elansc(4) driver for AMD Elan SC520 System Controller AMD Elan SC520 has a Am5x86, 486-class processor. We require a 586-class processor. feedback from jmc@ ok miod@ | ||
| d4f0be88 | 2023-01-17 10:02:34 | regression test for UnusedConnectionTimeout | ||
| f98a6cf6 | 2023-01-17 09:44:48 | Add a sshd_config UnusedConnectionTimeout option to terminate client connections that have no open channels for some length of time. This complements the recently-added ChannelTimeout option that terminates inactive channels after a timeout. ok markus@ | ||
| 5ccb5796 | 2023-01-17 08:03:51 | On amd64 machines without the NX feature enabled, we can't distinguish between page faults as a result of instruction fetches or normal data access. Handle this in the same way as we do on landisk: if handling the fault with access type PROT_READ fails, retry with PROT_EXEC. Fortunately we know whether NX is enabled or nor so only do this when it isn't. Nobody should be running an amd64 machine without NX! ok deraadt@, miod@ | ||
| bf31d21b | 2023-01-17 06:50:55 | Update palette when moving a pane, GitHub issue 3437. | ||
| f87b8e3f | 2023-01-17 06:33:49 | fix typo in package name | ||
| cef95745 | 2023-01-17 06:33:25 | cope with ktrace "(via syscall)" changes | ||
| 18cf9b3a | 2023-01-17 02:58:22 | agtimer(4/armv7): switch to clockintr - Strip out custom hardclock/statclock scheduling code. - Remove debug evcount code. We can no longer differentiate between hardclock and statclock in the driver. - Wire up agtimer_intrclock. With tweaks from miod@ and jca@. Tested by jca@ and kettenis@. Link: https://marc.info/?l=openbsd-tech&m=167044965011140&w=2 ok kettenis@ | ||
| 8e3880d2 | 2023-01-17 02:47:55 | amptimer(4): switch to clockintr - Strip out custom hardclock/statclock scheduling code. - Wire up amptimer_intrclock. - Remove debug evcounts. All interrupts are now counted with the evcount in the interrupt handler. - Remove apparently dead USE_GTIMER_CMP code. Debugged with jca@. Tested by jca@. Link: https://marc.info/?l=openbsd-tech&m=167060127825418&w=2 ok kettenis@ jca@ | ||
| 1286a7b8 | 2023-01-17 02:38:59 | sxitimer(4): switch to clockintr - Strip out custom hardclock/statclock scheduling code. - Stop using STATTIMER. We can multiplex TICKTIMER to handle all clock interrupts. - Wire up sxitimer_intrclock. - For parity with other platforms, change stathz from 128 to hz and change profhz from 1024 to (stathz * 10). Tested by kettenis@. Link: https://marc.info/?l=openbsd-tech&m=167060659329137&w=2 ok kettenis@ | ||
| 9451db9b | 2023-01-17 02:32:07 | dmtimer(4): switch to clockintr - Strip out custom hardclock/statclock scheduling code. - Wire up dmtimer_intrclock. - For convenience, add dmtimer_reset_tisr(); we do the "clear interrupt bits" dance in multiple places, may as well put it in a function. - For parity with other platforms, change stathz from 128 to 100 and profhz from 1024 to 1000. Testing by stuge@ and jsg@. v1: https://marc.info/?l=openbsd-tech&m=167060320326851&w=2 v2: https://marc.info/?l=openbsd-tech&m=167340009006972&w=2 ok mlarkin@ kettenis@ | ||
| dfaeb4bf | 2023-01-17 02:27:14 | arm, armv7: add clockintr support The interrupt clock drivers need these pieces to be in place first. ok mlarkin@ kettenis@ | ||
| 3c8da594 | 2023-01-16 23:07:47 | Mention riscv64 boot support efiboot could always boot from CRYPTO and RAID 1, since version 1.5 RAID 1C also works. installboot was enabled just now, so only new installations work out of the box without manual intervention. | ||
| 7a579a5a | 2023-01-16 22:59:41 | Enable softraid(4) support in installboot(8) riscv64 efiboot already supports booting from softraid volumes. These installboot bits make sure that the boot loader will be installed on chunk devices rather than the volume for root on softraid installations, i.e. full boot support for riscv64, just like amd64, arm64 and sparc64. regress is happy. OK kettenis | ||
| c6918e3c | 2023-01-16 22:08:50 | Fix transmit queue selection based on frame type. I introduced an error here when I split up urtwn_tx() to add support for RTL8192EU devices. from Mikhail (mp395990 at gmail) ok stsp@ | ||
| 94c88aa8 | 2023-01-16 21:32:12 | bump minor after RAID 1C support synced form arm64 | ||
| 3ea82190 | 2023-01-16 21:30:46 | Sync with original arm64 copy to get RAID 1C bits, fix include guard OK kettenis | ||
| 5172d7d1 | 2023-01-16 20:12:38 | Manage RTC offset through UEFI variables handled by a TEE application that can be interacted with using SMC calls. ok kettenis@ | ||
| b7307cad | 2023-01-16 20:07:48 | Attach drivers on nodes under /firmware. ok kettenis@ | ||
| 02e02031 | 2023-01-16 18:41:53 | some kernel prototypes should also be made available to _STANDALONE | ||
| 4bf7d47f | 2023-01-16 17:56:25 | Move BN_sqr() to the bottom of the file. This will simplify review/upcoming changes. No functional change. | ||
| 619eff19 | 2023-01-16 16:53:19 | Mop up debug code that escaped previously. This is the result of `unifdef -m -U BN_COUNT'. | ||
| 2fcfb0f5 | 2023-01-16 16:49:16 | Use size of largest chunk of free space, not total of all chunks of free space, when checking for sufficient space to add a partition. As a side-benefit the list of free chunks only needs to be built once. | ||
| c602d4c8 | 2023-01-16 15:34:54 | sync | ||
| c79c3b80 | 2023-01-16 11:26:14 | Mark keys sent by command and skip paste handling for them. | ||
| d7214ab1 | 2023-01-16 10:37:08 | Fix bad MP logic in the route refresh handling. Found by and fix provided by Zenon Mousmoulas (@zmousm) | ||
| 89096d95 | 2023-01-16 10:11:39 | Don't put data in .text. ok deraadt@, miod@ | ||
| e3d38566 | 2023-01-16 07:29:32 | roughly cleanup terrible pre-ansi practices ok miod | ||
| b18b10d8 | 2023-01-16 07:09:11 | Currently we disable kbind(2) for static program from libc.a's preinit hook. Delete that and instead have the kernel disable kbind at exec-time if the program doesn't have an ELF interpreter. For now, permit userland calls to disable it when already disabled so existing static programs continue to work. prompted by deraadt@ questioning about the call in libc.a ok deraadt@ miod@ | ||
| e2c8dd8b | 2023-01-16 05:32:04 | we spent far too long debugging a weird go library problem (incorrect arguments to mmap) because it was using syscall(2) and that callpath is invisible in ktrace. make it visible, it will now show "(via syscall)" and such. ok guenther | ||
| c0aad570 | 2023-01-16 04:11:29 | unbreak test: cannot access shell positional parameters past $9 without wrapping the position in braces (i.e. need ${10}, etc.) | ||
| 9eca5023 | 2023-01-16 00:05:18 | export PGK_VALUE so that .S files can use it | ||
| cf8ee16d | 2023-01-16 00:04:47 | 3 new defines: he PTE protection key mask, the specific key value we use for execute-only, and the PKU value used by userland to use that key. | ||
| 6c912f35 | 2023-01-15 23:35:10 | adapt to ed25519 changes in src/usr.bin/ssh | ||
| 938209f1 | 2023-01-15 23:05:32 | update OpenSSH's Ed25519 code to the last version of SUPERCOP (20221122) and change the import approach to the same one we use for Streamlined NTRUPrime: use a shell script to extract the bits we need from SUPERCOP, make some minor adjustments and squish them all into a single file. ok tb@ tobhe@ | ||
| cc7df389 | 2023-01-15 13:58:44 | gost: add missing BN_CTX_{start,end}() pair The new BN_CTX code enforces that the context be started before a BIGNUM can be obtained from it via BN_CTX_get(), tests for ssl/interop and the openssl app broke, implying missing test coverage in libcrypto itself. Add the obviously missing bits. reported by anton ok jsing | ||
| b34a7ebb | 2023-01-15 13:51:59 | restore strscpy() paths to reduce diff to linux | ||
| 93d5a0ee | 2023-01-15 06:55:12 | fix text error; from jan stary | ||
| f6305eed | 2023-01-15 02:18:06 | sync | ||
| 41d0860c | 2023-01-14 23:38:23 | Change suspend idle loop from WFE to WFI. This avoids spurious wakeups while other CPUs are still active. And prepares us for deeper sleep states which require an interrupt for wakeup anyway. ok patrick@ | ||
| ee8269dd | 2023-01-14 23:35:09 | Assign (stereo) channel numbers based on "sound-name-prefix" properties. ok patrick@, ratchov@ | ||
| 2748f5e2 | 2023-01-14 20:55:55 | Only open /dev/vmm once in vmd(8). Have the parent process open /dev/vmm and send the fd to the vmm child process. Only the vmm process and its resulting children (guest vms) need it for ioctl calls. ok kn@ | ||
| d4e23fe7 | 2023-01-14 18:21:46 | Replace comparisons/assignments to '3' with equivalent comparisons to RAW_PART and assignment to RAW_PART + 1. | ||
| 726266a1 | 2023-01-14 18:16:24 | sync | ||
| 46834d56 | 2023-01-14 17:02:57 | Add support for "enhanced descriptor" mode found on some variants of the Synopsys DesignWare GMAC. ok mlarkin@ | ||
| 03a2914f | 2023-01-14 16:58:55 | Move constants out of text segment into rodata to prepare for xonly support on amd64. no pic handling is neccessary since amd64 has full reach. ok kettenis | ||
| 810555b2 | 2023-01-14 16:20:32 | Update the list of architectures where clang will accept the --execute-only option, and also indicate which ones have enabled by default now (in our naming convention, that is arm64 and riscv64) | ||
| b8052447 | 2023-01-14 16:15:43 | Allow people to try --execute-only on amd64 and sparc64. the default is changed. | ||
| 52939471 | 2023-01-14 15:45:43 | Remove unused Elliptic Curve code. For various reasons, the ecp_nistp* and ecp_nistz* code is unused. While ecp_nistp* was being compiled, it is disabled due to OPENSSL_NO_EC_NISTP_64_GCC_128 being defined. On the other hand, ecp_nistz* was not even being built. We will bring in new versions or alternative versions of such code, if we end up enabling it in the future. For now it is just causing complexity (and grep noise) while trying to improve the EC code. Discussed with tb@ | ||
| 24d7b3e0 | 2023-01-14 15:23:27 | Rewrite BN_CTX. The current BN_CTX implementation is an incredibly overengineered piece of code, which even includes its own debug system. Rewrite BN_CTX from scratch, simplifying things things considerably by having a "stack" of BIGNUM pointers and a matching array of group assignments. This means that BN_CTX_start() and BN_CTX_end() effectively do not fail. Unlike the previous implementation, if a failure occurs nothing will work and the BN_CTX must be freed/recreated, instead of trying to pick up at the point where the failure occurred (which does not make sense given its intended usage). Additionally, it has long been documented that BN_CTX_start() must be called before BN_CTX_get() can be used, however the previous implementation did not actually enforce this. Now that missing BN_CTX_start() and BN_CTX_end() calls have been added to DSA and EC, we can actually make this a hard requirement. ok tb@ | ||
| 8d6b24b5 | 2023-01-14 15:12:27 | Greatly simplify bn_expand_internal(). We have a function called recallocarray() - make use of it rather than handrolling a version of it. Also have bn_expand() call bn_wexpand(), which avoids some duplication. ok tb@ | ||
| 938302ac | 2023-01-14 15:10:45 | Clean up and simplify EC_KEY handling, mostly from a BN_CTX perspective. If we have a BN_CTX available, make use of it rather than calling BN_new(). Always allocate a new priv_key and pub_key, rather than having complex reuse dances on entry and exit. Add missing BN_CTX_start()/BN_CTX_end() calls. ok tb@ | ||
| 796f3615 | 2023-01-14 12:19:11 | regen | ||
| b48a47a7 | 2023-01-14 12:15:12 | Create /dev/efi on amd64 and arm64. ok yasuoka@ | ||
| f2f88681 | 2023-01-14 12:11:10 | Implement access to EFI variables and ESRT through an ioctl(2) interface that is compatible with what FreeBSD and NetBSD have. Setting EFI variables is only allowed at securelevel 0 and below. Heavily based on work done by Sergii Dmytruk. ok yasuoka@ | ||
| 3567c6ec | 2023-01-14 10:05:54 | Shell syntax fix. From ren mingshuai vi github PR#369. | ||
| b5171adf | 2023-01-14 09:57:08 | Instead of skipping the all-tokens test if we don't have OpenSSL (since we use it to compute the hash), put the hash at the end and just omit it if we don't have it. Prompted by bz#3521. | ||
| 1d1793f7 | 2023-01-14 07:36:16 | Add missing void to function definition | ||
| 43fcf7cd | 2023-01-14 03:37:13 | add protection-key violation error code for page-fault exceptions ok deraadt@ | ||
| 15d042b5 | 2023-01-14 03:28:51 | recognise protection keys for supervisor-mode (PKS) in cpuid ok deraadt@ | ||
| e634434d | 2023-01-14 03:21:17 | sync cr4 and xcr0 bits with intel dec 2022 sdm ok deraadt@ | ||
| ef53724c | 2023-01-14 03:12:15 | use the notice from 4.4BSD-Lite ok deraadt@ miod@ | ||
| e394f909 | 2023-01-14 01:04:55 | sysctl(2): KERN_CPUSTATS: zero struct cpustats before copyout | ||
| 13f0bae7 | 2023-01-13 23:02:43 | Since the signal trampoline is now execute-only we no longer write it into core dumps. As a result backtraces through signal handlers no longer work in gdb and other debuggers. Fix this by keeping a read-only mapping of the signal trampoline in the kernel and writing it into the core dump at the virtual address where it is mapped in the process. ok deraadt@, tb@ | ||
| 76b90a23 | 2023-01-13 18:26:29 | sync | ||
| e7e982eb | 2023-01-13 17:53:30 | Drop PICCY_SET() and RODATA() macros now that libc no longer needs them. ok kettenis@ | ||
| 50caa7fd | 2023-01-13 17:52:08 | Move all data from .text section to .rodata, and update the code to fetch them correctly when building PIC. ok kettenis@ | ||
| 9484a439 | 2023-01-13 17:27:25 | Move all data tables from .text section to .rodata, and update the code to fetch them correctly when building PIC. Also drop unused data, and remove --no-execute-only from linker flags. ok kettenis@ |