IABSD.fr/src

Branch :


Log

Author Commit Date CI Message
d103d2f2 2023-03-02 16:13:57 rad_recv: verify length field in received auth_hdr_t before using it. Reported by Peter J. Philipp. OK deraadt@
9eb80002 2023-03-02 11:56:25 add arch to Dt
a0eb7693 2023-03-02 11:49:45 mention eephy(4) ok jmatthew@
cc1408e1 2023-03-02 11:10:27 Remove SUDO in proxy command wrapper. Anything that needs sudo is already run by it, and it breaks if root isn't in sudoers.
c7ff23bc 2023-03-02 10:07:18 mvodog(4) and mvortc(4)
e5ce42d2 2023-03-02 09:59:29 Enable mvodog(4) and mvortc(4)
b6ff5396 2023-03-02 09:57:43 Add mvortc(4), a driver for the RTC on the ARMADA 38x series. ok kettenis@ patrick@
69b6280c 2023-03-02 09:56:52 Add mvodog(4), a driver for the watchdog on the ARMADA 38x series. ok kettenis@ patrick@
983ce4b9 2023-03-02 09:39:45 Add eephy(4), found on the Turris Omnia's WAN port
e1279ed8 2023-03-02 08:24:41 Fix breakage on dhgex test. This was due to the sshd logs being written to the wrong log file. While there, make save_debug_logs less verbose, write the name of the tarball to regress.log and use $SUDO to remove the old symlinks (which shouldn't be needed, but won't hurt). Initial problem spotted by anton@.
4bdbd313 2023-03-02 08:14:52 Quote grep and log message better.
74d38529 2023-03-02 06:41:56 Ensure we always call fclose when writing checkpoints. In the case of an fprintf failure we would not call fclose which would leak the FILE pointer. While we're there, try to clean up the temp file on failure. Spotted by Coverity, ok djm@
11666e1d 2023-03-01 23:27:46 Fix potentially uninitialized use of variable fsb on error. OK mbuhl@
dae58e70 2023-03-01 22:45:25 /etc/examples/iked.conf tweaks: - show a demo of a strong random string for psk, for some types of configuration psk makes sense. the previous example hinted at.not using it. - change the EAP MSCHAPv2 example so that more than one client can connect (previous used address config but with only a single address not a pool), and use the newer keywords to show how to route all traffic from dynamic-ip clients over the tunnel ok tobhe@
2669c8e8 2023-03-01 21:54:50 Remove old log symlinks before creating new ones. In -portable some platforms don't like overwriting existing symlinks.
b1668e29 2023-03-01 17:27:45 Bogus full stop.
fbca2b84 2023-03-01 12:34:12 Comment out glob for JSON webcrypto tests for now Allows test to pass with the old version of the wycheproof-testvectors package.
9fb10e5c 2023-03-01 11:28:30 Link evp/cipher_method_lib.c to the build ok jsing
cee51a3a 2023-03-01 11:27:37 Convert EVP_CIPHER_meth_dup() to using calloc() There is no reason for this to call EVP_CIPHER_meth_new(), as the flags will be copied a line later anyway. Simplify this. Requested by jsing
6a816b17 2023-03-01 11:25:25 Make cipher_method_lib.c compile with LibreSSL OPENSSL_zalloc() -> calloc(), OPENSSL_free() -> free() and a few assorted cosmetic tweaks to match our style better. ok jsing
f28dc7d0 2023-03-01 11:17:22 Add EVP_CIPHER_meth_* prototypes to evp.h As usual, this will be guarded by LIBRESSL_INTERNAL || LIBRESSL_NEXT_API until the next bump. ok jsing
d8fdceda 2023-03-01 11:16:06 Make the cleanup() method return an int again This partially reverts jsing's OpenBSD commit b8185953, but without adding back the error check that potentialy results in dumb leaks. No cleanup() method in the wild returns anything but 1. Since that's the signature in the EVP_CIPHER_meth_* API, we have no choice... ok jsing
48e299a7 2023-03-01 11:08:37 Fix line wrapping of function pointer arguments ok jsing
10427503 2023-03-01 11:07:25 First KNF approximation as per knfmt(1) ok jsing
b33a8133 2023-03-01 11:06:23 Drop the EVP_CIPHER_METH_get_* functions Nothing interesting uses them. There's a Debian SSH-1 module and corresponding ncrack bits. That's not reason enough to have this garbage. ok jsing
215c8ab0 2023-03-01 11:04:17 Add RCS tag
77bab3bb 2023-03-01 11:02:25 Revert OpenSSL commit aa6bb135 This reinstates the original license on this file. Don't bother bumping the copyright year. Nothing interesting has happened in here since the initial commit. (There was one interesting commit though: "Don't care openssl_zmalloc()", which is interesting due to the lack of care, not because it's copyright worthy) ok jsing
802d2d2b 2023-03-01 10:57:08 libcrypto: import a copy of OpenSSL 1.1's cmeth_lib.c This is the file as of OpenSSL 1.1.1 commit 82dfb986. Call the file cipher_method_lib.c since the short names in this directory are hard enough to read. This is a first step towards providing the poorly named EVP_CIPHER_meth_* API which is needed by some projects because of EVP_CIPHER opacity. ok jsing
f82bd1c6 2023-03-01 09:29:32 Rework logging for the regression tests. Previously we would log to ssh.log and sshd.log, but that is insufficient for tests that have more than one concurent ssh/sshd. Instead, we'll log to separate datestamped files in a $OBJ/log/ and leave a symlink at the previous location pointing at the most recent instance with an entry in regress.log showing which files were created at each point. This should be sufficient to reconstruct what happened even for tests that use multiple instances of each program. If the test fails, tar up all of the logs for later analysis. This will let us also capture the output from some of the other tools which was previously sent to /dev/null although most of those will be in future commits.
12bf74e7 2023-03-01 08:17:53 Change fatal() to fatalx() since the errno has no meaning here. OK tb@
93343522 2023-03-01 08:15:58 KNF, no functional change.
520304af 2023-02-28 21:31:50 fatal out if allocating banner string fails to avoid potential null deref later in sscanf. Spotted by Coverity, ok deraadt@
1729e143 2023-02-28 16:58:36 +sync
ffc3cc9d 2023-02-28 16:12:13 add 7.4 fw key
8c5f03ce 2023-02-28 12:29:57 Rewrite/simplify BN_from_montgomery_word() and BN_from_montgomery(). Rename BN_from_montgomery_word() to bn_montgomery_reduce() and rewrite it to be simpler and clearer, moving further towards constant time in the process. Clean up BN_from_montgomery() in the process. ok tb@
50b5a752 2023-02-28 10:46:27 Explicitly skip the json_web* tests now.
e02409e9 2023-02-28 10:45:46 Add a few missing NIDs for new Wycheproof tests.
ea0c8657 2023-02-28 10:43:21 Skip FRP256v1 curve in ECDH tests. We do not support it.
2b7cc9f7 2023-02-28 10:04:50 Adjust default_print() to not run over snapend. Kill default_print_unaligned() and adjust default_print() to also work with unaligned buffers. There is no need for two functions doing the same thing. Pass the right length in nsh_print to default_print(). Fixes on place that makes tcpdump crash. Reported by Peter J. Philipp (pjp at delphinusdns dot org) OK mbuhl@
a4a4354d 2023-02-28 08:45:24 Explicitly ignore return from fchmod similar to other calls to prevent warning.
deb51e2e 2023-02-27 22:12:40 Plug mem leak on globbed ls error path. Spotted by Coverity, ok deraadt@
c35fbcd4 2023-02-27 15:00:17 use the correct size of the execve syscall stub
c5cc3359 2023-02-27 14:59:33 Calculate the size of the static (and profiled static) execve syscall stub and store it in a const variable for use by crt0. help from kettenis and miod
b1faa4dd 2023-02-27 14:53:38 sort VEB and add "rules"; ok stsp
58958f7a 2023-02-27 13:30:59 Add missing documentation of veb(4) ioctls to the ifconfig(8) VEB section. These ifconfig commands are supported by veb(4) but were undocumented: deladdr flushrule maxaddr rule rulefile static timeout up As was done before, copy relevant prose from the BRIDGE section. ok jmc@
7c9f8224 2023-02-27 09:59:46 Pass MII flags depending on the phy mode specified in the device tree. With this, the WAN port on the Turris Omnia works. tested on Turris MOX by kettenis@ ok patrick@
24e9bd86 2023-02-27 09:35:32 Turn off TSO if interface is added to layer 2 devices. ok bluhm@, claudio@
eed1419e 2023-02-27 06:47:54 There is no reason to-be-cleared chunks cannot participate in delayed freeing; ok tb@
67c46970 2023-02-27 02:04:12 drm/i915: Remove __maybe_unused from mtl_info From Lucas De Marchi 44610f4c3093bbce3061b77d37bdf1bed8e379da in linux-6.1.y/6.1.14 fff758698842fb6722be37498d8773e0fb47f000 in mainline linux
01f821cd 2023-02-27 02:01:38 drm/edid: Fix minimum bpc supported with DSC1.2 for HDMI sink From Ankit Nautiyal 0deb50618944aed143269214daea0ba2ddf2222d in linux-6.1.y/6.1.14 18feaf6d0784dcba888859109676adf1e0260dfd in mainline linux
7e869319 2023-02-27 00:58:38 sync
b7889e53 2023-02-27 00:18:00 Include varags types in sys/syscalls.h comment Separated with the existing "..." requested by deraadt@ OK gnezdo@
ace67ae8 2023-02-26 23:00:42 clockintr: add a kernel-facing API We need an API for creating, scheduling, and rescheduling clock interrupts. - Add struct clockintr, a schedulable clock interrupt callback. - Add clockintr_establish(). Allocates a new struct clockintr and binds it to the given clockintr_queue. - Add clockintr_expiration(). Returns the clockintr's absolute expiration uptime. - Add clockintr_nsecuptime(). Returns the clockintr's parent queue's cached uptime. Using a cached timestamp is cheaper than calling nsecuptime(9) repeatedly when we don't absolutely need to. - Add clockintr_schedule(). Schedules the clock interrupt to run at or after the given absolute uptime. - Add clockintr_advance(). Reschedules the clock interrupt in the future on the given period relative to the parent queue's cached uptime. With the above pieces in place we can push most of the scheduling code for hardclock()/statclock()/schedclock() from clockintr_dispatch() into the wrapper functions clockintr_hardclock(), clockintr_statclock(), and clockintr_schedclock(). These wrappers are temporary. I don't want to muck up the wrapped functions while things are still moving around. For the moment these interfaces are internal to kern_clockintr.c. In a later patch we will move the prototypes into <sys/clockintr.h> so anyone can use them. We first need to add a data structure for sorting the clockintr structs. We also need to add a mutex to clockintr_queue to allow arbitrary threads to safely manipulate clock interrupts established on other CPUs. Shown on hackers@. Tweaked by mlarkin@. ok mlarkin@, "no objections" kettenis@
805a1f0c 2023-02-26 15:09:53 Add a few missing bounds checks when processing terminal escape sequences. Without them, the kernel could be made to crash or reboot after receiving some specially crafted terminal escape sequences. Reported by David Leadbeater (dgl, dgl dot cx)
53c4c9bd 2023-02-26 13:28:12 Defragment mbufs in the tx path to work around a (not fully understood) issue on the StarFive JH7100 SoC where packets spanning multiple mbufs are corrupted. Makes ethernet work reliably on the StarFive VisionFive 1 board. ok patrick@
b639f230 2023-02-26 12:39:48 RK3588 support. ok patrick@
e3f8cdb8 2023-02-26 12:39:07 RK3588 support. ok patrick@
78bc23e3 2023-02-26 12:37:58 Modern Rockchip SoCs, such as the RK356x and RK3588, use a different register layout where the upper 16 bits decide which of the lower 16 bits apply when writing to a register. Handle this new variant. ok patrick@
11826ff3 2023-02-25 15:39:40 Use separate lines instead of semicolons. macOS aarch64 assembly dialect treats ; as comment instead of a newline ok tb@, jsing@
4f78a0f4 2023-02-25 09:56:17 regen
be29726c 2023-02-25 09:55:46 Unlock select(2), pselect(2), poll(2) and ppoll(2). The assertion within tsleep(9) was relaxed to allow calls on special `nowake' channel without kernel lock held. So the sisguspend(2) like cases "select(0, NULL, NULL, NULL, NULL)" and "poll(NULL, 0, INFTIM)" should not trigger it. Commit reverted diff back. ok claudio@
b8db0973 2023-02-24 23:36:10 Change to use the default bsd.prog.mk "install" target. This also brings to install boot.8 man page correctly. ok miod@
50581e41 2023-02-24 16:30:19 Try to warn about syscall() possibly being deleted from libc in the future. The ports team is already running around with axes and mops, but don't worry such an action won't happen quickly. with tb
58d67603 2023-02-24 16:28:26 switch mips64 ld.lld to execute-only, in case someone uses it (the mips64 default is still ld.bfd)
5e90ddee 2023-02-24 16:27:17 disable jump tables by default on sparc64, in prep for xonly by default ok miod
b5b36f0f 2023-02-24 15:17:48 Do not held the vm_map lock while flushing pages in msync(2) and madvise(2). Mark the VM map as busy instead to prevent any sibling thread to request an exclusive version of the vm_map. This is necessary to let any PG_BUSY page, found in the UVM vnode object, to be released by a sibling in the middle of a page-fault. Note: the page-fault handler releases & re-grab a shared version of the vm_map lock and expect it to be available to make progress. Prevent a 3-Threads deadlock between msync(2), page-fault and mmap(2). The deadlock reported on bugs@ by many occured as follow: ..ThreadA faults & grabs the shared `vmmaplk' then release it before calling ..uvn_get() which might sleep to allocate pages and mark them as PG_BUSY. ..Once the lock is released, threadB calls uvn_flush(). It sees at least a ..PG_BUSY page and sleeps on the `vmmaplk' waiting for threadA to un-busy ..the page. ..At the same time threadC asked for an exclusive version of the lock and ..sleeps until all reader are done with it. This prevents threadA to ..acquire a shared-version of the lock and finish the page fault. This issue is similar to NetBSD's PR #56952 and the fix is from Chuck Silvers. Tested by many on bugs@, thanks! ok kettenis@
a4f11372 2023-02-23 19:48:21 Remove dangerous user-settable "addr" variable from MI boot loader, and only compile tty-related code (stty command, tty variable) on platforms where it makes sense for the boot loader to control it, rather than the PROM/firmware/whatever.
8b6dc78c 2023-02-23 18:12:32 Introduce X509_get0_uids() accessor function By introducing X509_get0_uids(), one can add RPKI profile compliance checks to conform the absence of the issuerUID and subjectUID. OK tb@ jsing@
c1e2a033 2023-02-23 14:55:54 openssl speed: avoid bad plural Remedy a case of twitching eyes caused by seeing "Doing ... rsa's for 10s". If this breaks someone's script, so be it. ok jsing sthen
8a21412c 2023-02-23 13:28:38 Make bootloader 'time' command work correctly on luna88k. Now the correct date is displayed instead of January 1, 1970. Tested on LUNA-88K2 and nono emulator by me. "make sense" miod@
6fd959f8 2023-02-23 13:06:42 rpki-client: simplify parse_load_crl_from_mft() Now that we always inspect both locations if necessary, we can do away with the loop and simply have the only caller call twice. Removes a bunch of clever complexity and streamlines the code quite a bit. ok claudio job
e038f1a1 2023-02-23 09:50:40 When parsing MFT the CRL referenced by the MFT is loaded and verified at the same time. So in case of a valid crl pass the CRL filename as entity message to the parent process together with the MFT. This way the MFT and CRL end up both in the valid cache even if some files in the MFT are missing. On severe errors (like X.509 verify errors) the CRL is not moved since it is not considered valid. With and OK job@, tb@
08705922 2023-02-23 08:55:44 Use explicit .text instead of .previous to please Windows/MinGW on amd64 ok miod
2536c3e3 2023-02-23 08:49:02 Fix up the .rodata segment's name for Windows as well. Here we need .rdata with some alignment goo. Fortunately, this was already present for .pdata and .xdata, so the change is easy. Also, this is a code path that doesn't affect OpenBSD at all. ok jsing miod
c5d243a0 2023-02-23 08:37:03 Fix ethertype for NSH. RFC 8300 states ethertype 0x894F has been allocated for NSH. Found by bluhm. ok dlg.
4f60c9b9 2023-02-23 02:29:39 drm/i915/gen11: Wa_1408615072/Wa_1407596294 should be on GT list From Matt Roper 2fc3ff76e96f48e5e4dd705f6794b8483f7c1624 in linux-6.1.y/6.1.13 d5a1224aa68c8b124a4c5c390186e571815ed390 in mainline linux
7679cee4 2023-02-23 02:27:50 drm/amd/display: Fail atomic_check early on normalize_zpos error From Leo Li 020eccac747e30a35f1fdd4dc6f18425ff1a5870 in linux-6.1.y/6.1.13 2a00299e7447395d0898e7c6214817c06a61a8e8 in mainline linux
73029064 2023-02-23 02:25:43 drm/amd/amdgpu: fix warning during suspend From Jack Xiao dbe3529e816ee77a19fb6636e762b1dadbd02d10 in linux-6.1.y/6.1.13 8f32378986218812083b127da5ba42d48297d7c4 in mainline linux
91354d16 2023-02-23 02:24:10 drm/amd/display: Properly handle additional cases where DCN is not supported From Alex Deucher b4e79d0c7f9bb938525716b3e05cfca6418e2bae in linux-6.1.y/6.1.13 6fc547a5a2ef5ce05b16924106663ab92f8f87a7 in mainline linux
c8811de4 2023-02-23 02:21:15 drm/amdgpu: Enable vclk dclk node for gc11.0.3 From Yiqing Yao fc64b04297a0674f4e5aff50622efdce46715fe1 in linux-6.1.y/6.1.13 ac7170082c0e140663f0853d3de733a5341ce7b0 in mainline linux
e97ffb69 2023-02-23 02:19:13 drm/amdgpu: enable HDP SD for gfx 11.0.3 From Evan Quan e9cbb2b0d9f679d7e25b9415cf9d7345441a95c5 in linux-6.1.y/6.1.13 bb25849c0fa550b26cecc9c476c519a927c66898 in mainline linux
6150e708 2023-02-23 02:17:38 drm/amd/display: Reset DMUB mailbox SW state after HW reset From Nicholas Kazlauskas 488770cbddd8a873fb3bb8866e8a46211570c367 in linux-6.1.y/6.1.13 154711aa5759ef9b45903124fa813c4c29ee681c in mainline linux
932af72c 2023-02-23 02:16:09 drm/amd/display: Unassign does_plane_fit_in_mall function from dcn3.2 From George Shen 383e32fa274a330dbf2d2db538b6bf2f9ef390aa in linux-6.1.y/6.1.13 275d8a1db261a1272a818d40ebc61b3b865b60e5 in mainline linux
318b2972 2023-02-23 02:13:24 drm/amd/display: Adjust downscaling limits for dcn314 From Daniel Miess 7dbd205349f1fb098057c28a9a2af244aa868f72 in linux-6.1.y/6.1.13 dd2db2dc4bd298f33dea50c80c3c11bee4e3b0a4 in mainline linux
3b171d31 2023-02-23 02:11:58 drm/amd/display: Add missing brackets in calculation From Daniel Miess 0c42622a573b716d79c57ff61c52fea46c0a5c94 in linux-6.1.y/6.1.13 ea062fd28f922cb118bfb33229f405b81aff7781 in mainline linux
06a07dad 2023-02-23 01:34:27 adjust documentation for ktrace.h changes. utrace() is now easier to use ok guenther
8a00361a 2023-02-23 01:33:20 include two required header files, because we want people to use utrace() easier ok guenther
501909c0 2023-02-22 10:04:45 Explicitly initialize vmd_vm pointer with NULL before calling vm_register. Found by codechecker. ok dv@
f508dbd1 2023-02-22 07:04:50 remove .Pp before .Sh;
c56b7b9a 2023-02-22 06:54:13 Point to <signal.h> and not <sys/signal.h>: the latter is an implementation detail for the kernel, libc, and libkvm, and should not be a concern for others.
353247b6 2023-02-22 06:43:45 Don't mention <sys/signal.h>: <pthread_np.h> pulls in everything that's needed.
6e8597f4 2023-02-22 06:39:39 Prefer 'argument' over 'parameter' when refering to the value passed in a specific call. From discussion with schwarze@ and jmc@ ok jmc@
46635b74 2023-02-22 06:31:51 Prefer "get or set" over "get/set" or "get and set". From discussion with schwarze@ and jmc@ ok jmc@
832168d9 2023-02-22 06:00:24 Adjust parentheses in mont->ri assignment. Requested by tb@
a70818d0 2023-02-22 05:57:19 Replace bn_sub_part_words() with bn_sub(). Now that bn_sub() handles word arrays with potentially different lengths, we no longer need bn_sub_part_words() - call bn_sub() instead. This allows us to entirely remove the unnecessarily complex bn_sub_part_words() code. ok tb@
e7144bbb 2023-02-22 05:46:37 Rework bn_add()/bn_sub() to operate on word arrays. Rather than working on BIGNUMs, change bn_add()/bn_sub() to operate on word arrays that potentially differ in length. This matches the behaviour of s2n-bignum's bignum_add() and bignum_sub(). ok tb@
cef02a03 2023-02-22 05:25:47 Rewrite and simplify BN_MONT_CTX_set() OpenSSL commit 4d524040bc8 changed BN_MONT_CTX_set() so that it computed a 64 bit N^-1 on both BN_BITS2 == 32 and BN_BITS2 == 64 platforms. However, the way in which this was done was to duplicate half the code and wrap it in #ifdef. Rewrite this code to use a single code path on all platforms, with #ifdef being limited to setting an additional word in the temporary N and storing the result on BN_BITS2 == 32 platforms. Also remove stack based BIGNUM in favour of using the already present BN_CTX. ok tb@
28ee9a64 2023-02-22 03:56:43 fix progressmeter corruption on wide displays; bz3534 feedback/ok dtucker@
f638887c 2023-02-21 19:49:50 adress -> address;
a4968bd9 2023-02-21 17:06:52 rpki-client: refactor manifest/crl parsing a bit Now that we always try to load the CRL from both locations, we can deal with loading the DER directly in proc_parser_mft_pre(), so shuffle the code around to accomplish that. This should make an upcoming diff by claudio a bit simpler. ok claudio