CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: gne...@cvs.openbsd.org 2020/11/03 21:40:13 Modified files: sys/net: bpf.c Log message: Use sysctl_int_bounded in bpf_sysctl Unlike the other cases of sysctl_bounded_arr this one uses a dynamic limit. OK millert@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2020/11/03 15:53:12 Modified files: usr.bin/ssh: match.c Log message: fold consecutive '*' wildcards to mitigate combinatorial explosion of recursive searches; ok dtucker
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/11/03 14:50:58 Modified files: regress/sys/net/rtable: kern_compat.h Log message: The 'source IP address' commit (route.c r1.249) broke the rtable regress tests since it introduced use of ifa_ifwithaddr() from if.c, so the tests no longer link due to the missing symbol. Provide an ifa_ifwithaddr() shim that makes the test link again. Passes on amd64 and sparc64. ok bluhm
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: patr...@cvs.openbsd.org 2020/11/03 14:50:54 Modified files: sys/dev/fdt: if_mvpp.c Log message: Have mvpp(4) pass MII flags depending on the phy mode specified in the device tee. This allows my ClearFog GT 8K to get the 1G link up. ok kettenis@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: patr...@cvs.openbsd.org 2020/11/03 14:49:42 Modified files: sys/dev/mii: eephy.c eephyreg.h miivar.h Log message: The Marvell 88E1512 supports multiple modes between MAC to PHY and PHY to Media. The mode can be configured in the General Control Register 1. On the 88E1512 and 88E1514 this mode defaults to 111 (invalid). Thus we need to change the mode if we want SGMII-to-Copper. For this, allow the interface to pass an SGMII flag, indicating that the interface between MAC and PHY is SGMII. ok kettenis@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: patr...@cvs.openbsd.org 2020/11/03 14:46:14 Modified files: sys/dev/fdt: if_mvpp.c if_mvppreg.h Log message: Disable HW PHY polling. It's enabled by default.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/11/03 14:16:32 Modified files: regress/usr.sbin/rpki-client: test-mft.c test-roa.c Log message: Inline pem_print(). It's a wrapper around PEM_write_bio_X509(). ok benno claudio
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: to...@cvs.openbsd.org 2020/11/03 13:45:58 Modified files: regress/sbin/iked/dh: Makefile dhtest.c Log message: Fix dh test after recent API refactoring. Remove outdated references to EC2N while we're at it.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/11/03 11:50:25 Modified files: usr.bin/openssl: verify.c Log message: Wrap remaining overlong lines.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/11/03 11:47:19 Modified files: usr.bin/openssl: verify.c Log message: garbage collect an essentially unused variable and wrap some overlong lines
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/11/03 11:42:52 Modified files: usr.bin/openssl: verify.c Log message: * ptr -> *ptr
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/11/03 11:39:18 Modified files: usr.bin/openssl: verify.c Log message: X509_verify_cert()'s return value is not reliable if the callback returns 1. verify.c's cb() ignores a bunch of things to display as much info as possible. Thus, check the error code on the store ctx as well, similar to OpenSSL commit d9e309a6 (old licence). This makes openssl verify error on expired certs, at least with the legacy verify code. While here, fix a number of style issues, simplify and plug a leak. ok inoguchi
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: guent...@cvs.openbsd.org2020/11/03 11:19:32 Modified files: sys/arch/amd64/amd64: locore.S Log message: Give sizes to more of the functions in locore.S ok mpi@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2020/11/03 10:43:01 Modified files: lib/libcrypto/x509: x509_verify.c Log message: Fix bad indent.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2020/11/03 10:41:39 Modified files: lib/libssl : tls13_legacy.c Log message: Only check BIO_should_read() on read and BIO_should_write() on write. The TLSv1.3 code that drives a BIO currently checks BIO_should_read() after BIO_write() and BIO_should_write() after BIO_read(), which was modelled on SSL_get_error(). However, there are certain cases where this can confuse the caller - primarily where the same BIO is being used for both read and write and the caller is manipulating the retry flags. SSL_get_error() tends avoids this issue by relying on another layer of state tracking. Unfortunately haproxy hits this situation - it has its own BIO_METHOD, the same BIO is used for both read and write and it manipulates the retry flags - resulting in it stalling. Issued noted by Thorsten Lockert ok beck@ tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2020/11/03 10:22:45 Modified files: lib/libcrypto/x509: x509_verify.c Log message: Hook X509_STORE_CTX get_issuer() callback from new X509 verifier. If we fail to find a parent certificate from either the supplied roots or intermediates and we have a X509_STORE_CTX, call its get_issuer() callback to see if it can supply a suitable certificate. This makes things like certificates by directory (aka by_dir) work correctly. Issue noted by Uwe Werler ok beck@ tb@
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: t...@cvs.openbsd.org2020/11/03 10:09:49 Modified files: . : errata68.html Log message: release wg errata
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: to...@cvs.openbsd.org 2020/11/03 09:45:40 Modified files: sbin/iked : parse.y Log message: Add 'any' keyword for request to allow 'request address any'.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/11/03 09:43:31 Modified files: sys/net: Tag: OPENBSD_6_8 wg_noise.c Log message: release the correct lock in noise_remote_begin_session() fixes a "noise_keypair: lock not held" panic observed by Caspar Schutijser from Jason A. Donenfeld original commit: jasper this is errata/6.8/004_wg.patch.sig
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2020/11/03 06:58:45 Modified files: regress/sys/uvm/vnode: vnode.c Log message: On arm64 char is unsigned, use int in getopt() loop.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: schwa...@cvs.openbsd.org2020/11/03 02:23:46 Modified files: usr.sbin/accton: accton.8 Log message: insert missing EXIT STATUS section; OK jmc@ deraadt@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: n...@cvs.openbsd.org2020/11/03 01:09:35 Modified files: usr.bin/tmux : cmd-display-menu.c tmux.1 Log message: Expand menu and popup -x and -y as a format, from teo_paul1 at yahoo dot com in GitHub issue 2442.