CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: n...@cvs.openbsd.org2024/07/22 09:27:42 Modified files: usr.bin/tmux : options.c Log message: Expand full array option values if no index is provided, GitHub issue 4051.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/07/22 08:50:45 Modified files: regress/lib/libssl/asn1: asn1test.c regress/lib/libssl/tlsext: tlsexttest.c Log message: Revise regress to match cipher suite values change.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/07/22 08:47:15 Modified files: lib/libssl : s3_lib.c ssl_asn1.c ssl_ciph.c ssl_ciphers.c ssl_clnt.c ssl_local.h ssl_pkt.c ssl_sess.c ssl_srvr.c ssl_txt.c tls13_client.c tls13_server.c Log message: Use cipher suite values instead of IDs. OpenSSL has had the concept of cipher IDs, which were a way of working around overlapping cipher suite values between SSLv2 and SSLv3. Given that we no longer have to deal with this issue, replace the use of IDs with cipher suite values. In particular, this means that we can stop mapping back and forth between the two, simplifying things considerably. While here, remove the 'valid' member of the SSL_CIPHER. The ssl3_ciphers[] table is no longer mutable, meaning that ciphers cannot be disabled at runtime (and we have `#if 0' if we want to do it at compile time). Clean up the comments and add/update RFC references for cipher suites. ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2024/07/22 08:03:22 Modified files: sys/dev/ata: wd.c sys/dev/i2c: ipmi_i2c.c Log message: remove unneeded prototypes for functions in other files
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2024/07/22 06:05:38 Modified files: sys/dev/pci: tga.c Log message: remove prototype with no matching function
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: yasu...@cvs.openbsd.org 2024/07/22 04:00:16 Modified files: usr.sbin/radiusd: radiusd_ipcp.c Log message: Fix ipcp module to use (the maximum sequence number from the db) + 1 properly.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: clau...@cvs.openbsd.org 2024/07/22 03:44:37 Modified files: bin/ps : ps.1 Log message: Sync with proc.h: s/PS_STOPPED/PS_STOPPING/ OK kettenis@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: clau...@cvs.openbsd.org 2024/07/22 03:43:48 Modified files: sys/kern : kern_sig.c sys/sys: proc.h Log message: Rename PS_STOPPED to PS_STOPPING. I want to use PS_STOPPED to indicate that a process has been stopped so make room for that. OK kettenis@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: yasu...@cvs.openbsd.org 2024/07/22 03:39:23 Modified files: usr.sbin/radiusctl: radiusctl.c usr.sbin/radiusd: radiusd_ipcp.c Log message: Modify ipcp module to return a result for IMSG_RADIUSD_MODULE_IPCP_DISCONNECT and radiusctl to handle the result.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: yasu...@cvs.openbsd.org 2024/07/22 03:27:16 Modified files: usr.sbin/radiusd: radiusd.c Log message: Make some functions "static".
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: clau...@cvs.openbsd.org 2024/07/22 02:18:53 Modified files: sys/kern : kern_exit.c Log message: Switch proc_finish_wait() to use the process as argument instead of its ps_mainproc. dowait6() needs to stop using ps_mainproc and this is the first step. OK guenther@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/07/21 13:41:31 Modified files: sys/arch/amd64/amd64: cpu.c locore0.S pmap.c sys/arch/amd64/include: cpu.h specialreg.h Log message: For AMD SEV determine C-bit position and guest mode in locore0. Actually determine the C-bit position if we are running as a guest with SEV enabled. Configure pg_crypt, pg_frame and pg_lgframe accordingly, using the physical address bit reduction provided by cpuid. from hshoexer@; OK mlarkin@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: kette...@cvs.openbsd.org2024/07/21 12:57:31 Modified files: sys/arch/arm64/arm64: cpu.c Log message: Populate hwcap and hwcap2 based on the sanitized values of the ID register values and the feature bits that we recognize. ok naddy@, jca@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2024/07/21 10:49:26 Modified files: sys/arch/powerpc64/include: cpu.h elf.h sys/arch/powerpc64/powerpc64: cpu.c Log message: Export basic HWCAP bits to let applications detect Altivec & VSX on powerpc64 Input from miod@ and gkoehler@, tests & ok gkoehler@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2024/07/21 10:46:57 Modified files: sys/arch/macppc/macppc: cpu.c sys/arch/powerpc/include: elf.h Log message: Export basic HWCAP bits to let applications detect Altivec on powerpc Input from miod@ and gkoehler@, tests & ok gkoehler@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dera...@cvs.openbsd.org 2024/07/21 10:19:25 Modified files: sys/arch/amd64/amd64: vector.S Log message: A few manual ret-cleans. Seeing as these pertain to interrupt servicing, the stack utilization ends up near the the deep end of the stack where, retcleans are useful. tested for a while in snaps ok bluhm
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2024/07/21 07:25:11 Modified files: regress/lib/libcrypto/asn1: asn1time.c Log message: asn1time: indicate which comparison function failed extracted from a diff by Kenjiro Nakayama
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: fcam...@cvs.openbsd.org 2024/07/21 07:18:15 Modified files: sys/dev/rasops : rasops32.c Log message: Add optimized character rendering case for 6 pixels wide fonts in rasops32_putchar(). >From jon (at) elytron (dot) openbsd (dot) amsterdam.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2024/07/21 02:36:43 Modified files: lib/libcrypto/man: DH_get0_pqg.3 DSA_get0_pqg.3 EC_KEY_METHOD_new.3 EVP_AEAD_CTX_init.3 EVP_DigestInit.3 EVP_DigestSignInit.3 EVP_DigestVerifyInit.3 EVP_EncryptInit.3 EVP_PKEY_CTX_new.3 EVP_PKEY_asn1_get_count.3 EVP_PKEY_new.3 EVP_SignInit.3 EVP_VerifyInit.3 HMAC.3 Log message: Unify description of the obsolete ENGINE parameter This uses the same language in most manuals mentioning the obsolete ENGINE parameters. Make it clear that it is always ignored and that NULL should be passed. Always call it engine instead of a mix of e pe, impl, eng.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2024/07/21 02:10:17 Modified files: lib/libcrypto/man: EVP_PKEY_decrypt.3 Log message: Garbage collect ENGINE "use" from EVP_PKEY_decrypt() example
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2024/07/20 12:37:38 Modified files: regress/lib/libssl/client: Makefile clienttest.c Log message: Fix golden numbers after beck broke it months ago (why is it always me who gets to clean up this shit?)
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: m...@cvs.openbsd.org2024/07/20 11:26:19 Modified files: sys/kern : uipc_socket.c sys/netinet: udp_usrreq.c sys/sys: socketvar.h Log message: Unlock udp(4) somove(). Socket splicing belongs to sockets buffers. udp(4) sockets are fully switched to fine-grained buffers locks, so use them instead of exclusive solock(). Always schedule somove() thread to run as we do for tcp(4) case. This brings delay to packet processing, but it is comparable wit non splicing case where soreceive() threads are always scheduled. So, now spliced udp(4) sockets rely on sb_lock() of `so_rcv' buffer together with `sb_mtx' mutexes of both buffers. Shared solock() only required around pru_send() call, so the most of somove() thread runs simultaneously with network stack. Also document 'sosplice' structure locking. Feedback, tests and OK from bluhm.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: an...@cvs.openbsd.org 2024/07/20 00:54:15 Modified files: usr.sbin/relayd: relay_http.c Log message: Fix regression introduced in previous causing HEAD requests to be erroneously rejected as malformed. ok chrisz@
Re: CVS: cvs.openbsd.org: src
On Thu, Jul 18, 2024 at 10:26:23PM -0600, Christopher Zimmermann wrote: > CVSROOT: /cvs > Module name: src > Changes by: chr...@cvs.openbsd.org 2024/07/18 22:26:23 > > Modified files: > usr.sbin/relayd: relay_http.c > > Log message: > Keep Content-length header in HEAD responses. > > ok millert@ This commit introduced a regression as highlighted by the relayd regress tests. Some HEAD requests are now rejected as malformed, preserving the lost break fixes the issue. Index: relay_http.c === RCS file: /cvs/src/usr.sbin/relayd/relay_http.c,v diff -u -p -r1.89 relay_http.c --- relay_http.c19 Jul 2024 04:26:23 - 1.89 +++ relay_http.c20 Jul 2024 04:36:59 - @@ -435,6 +435,10 @@ relay_read_http(struct bufferevent *bev, kv_delete(>http_headers, desc->http_lastheader); break; + case HTTP_METHOD_RESPONSE: + if (request_method == HTTP_METHOD_HEAD) + break; + /* FALLTHROUGH */ default: /* * Need to read data from the client
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/07/19 22:04:23 Modified files: lib/libssl : d1_pkt.c ssl_asn1.c ssl_ciph.c ssl_clnt.c ssl_lib.c ssl_local.h ssl_pkt.c ssl_sess.c ssl_srvr.c ssl_txt.c t1_enc.c tls13_client.c tls13_server.c Log message: Remove cipher from SSL_SESSION. For a long time SSL_SESSION has had both a cipher ID and a pointer to an SSL_CIPHER (and not both are guaranteed to be populated). There is also a pointer to an SSL_CIPHER in the SSL_HANDSHAKE that denotes the cipher being used for this connection. Some code has been using the cipher from SSL_SESSION and some code has been using the cipher from SSL_HANDSHAKE. Remove cipher from SSL_SESSION and use the version in SSL_HANDSHAKE everywhere. If resuming from a session then we need to use the SSL_SESSION cipher ID to set the SSL_HANDSHAKE cipher. And we still need to ensure that we update the cipher ID in the SSL_SESSION whenever the SSL_HANDSHAKE cipher changes (this only occurs in a few places). ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/07/19 10:58:32 Modified files: sys/netinet: ip_input.c sys/netinet6 : in6_proto.c ip6_forward.c ip6_input.c Log message: Unlock sysctl net.inet.ip.redirect and net.inet6.ip6.redirect. Variable ip and ip6 sendredirects is only read once during packet processing. Use atomic_load_int() to access the value in exactly one read instruction. No memory barriers needed as there is no correlation with other values. Sort the ip and ip6 checks, so the difference is easier to see. Move access to global variable to the end. OK mvs@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/07/19 09:41:58 Modified files: sys/netinet: udp_usrreq.c Log message: Relax socket lock assertion in UDP input and send. OK mvs@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/07/19 09:28:51 Modified files: libexec/getty : main.c Log message: unveil(2) /etc/gettytab.db in getty(8) to avoid possible violation. OK deraadt@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dera...@cvs.openbsd.org 2024/07/19 08:32:56 Modified files: distrib/sets/lists/comp: md.armv7 Log message: sync
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/07/19 02:54:31 Modified files: lib/libssl : s3_lib.c ssl_lib.c ssl_local.h ssl_sess.c ssl_srvr.c tls13_server.c Log message: Move client ciphers from SSL_SESSION to SSL_HANDSHAKE. SSL_SESSION has a 'ciphers' member which contains a list of ciphers that were advertised by the client. Move this from SSL_SESSION to SSL_HANDSHAKE and rename it to match reality. ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/07/19 02:56:17 Modified files: lib/libssl : ssl_clnt.c ssl_srvr.c Log message: Annotate issues with tls_session_secret_cb() related code.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2024/07/18 22:33:36 Modified files: regress/usr.bin/ssh: multiplex.sh Log message: test transfers in mux proxy mode too
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: chr...@cvs.openbsd.org 2024/07/18 22:26:23 Modified files: usr.sbin/relayd: relay_http.c Log message: Keep Content-length header in HEAD responses. ok millert@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: yasu...@cvs.openbsd.org 2024/07/18 16:40:09 Modified files: usr.sbin/radiusd: radiusd_file.c Log message: Send Access-Reject when the authentication is not handled or the user is not found.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: yasu...@cvs.openbsd.org 2024/07/18 16:18:00 Modified files: usr.sbin/radiusd: radiusd_file.c Log message: unveil .db is needed. Also move pledge() earlier.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: kette...@cvs.openbsd.org2024/07/18 11:18:01 Modified files: sys/arch/arm64/arm64: cpu.c Log message: Fix typos in previous commit spotted by naddy@
Re: CVS: cvs.openbsd.org: src
Todd C. Miller wrote: > CVSROOT: /cvs > Module name: src > Changes by: mill...@cvs.openbsd.org 2024/07/18 09:38:57 > > Modified files: > lib/libc/sys : link.2 > > Log message: > The source of a link (name1) may not be a directory. > > POSIX says this is implementation-dependent; OpenBSD does not allow > it. OK guenther@ > it's so dumb. Where is the code in cp(1) to handle the filesystem being a graph? Why is that code also missing in find(1)? Is that code in rsync? It's nowhere. Programs expect the filesystem to be a tree, not a graph.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mill...@cvs.openbsd.org 2024/07/18 09:38:57 Modified files: lib/libc/sys : link.2 Log message: The source of a link (name1) may not be a directory. POSIX says this is implementation-dependent; OpenBSD does not allow it. OK guenther@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/07/18 08:46:28 Modified files: sys/net: pf_ioctl.c Log message: In pfattach() pass malloc type instead of flags to cpumem_malloc(). from markus@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dera...@cvs.openbsd.org 2024/07/18 05:21:10 Modified files: distrib/sets/lists/comp: md.landisk Log message: sync
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: yasu...@cvs.openbsd.org 2024/07/18 02:58:59 Modified files: sbin/iked : radius.c Log message: Fix memory leaks and improve id handling of iked_radserver_req. original diff from markus ok tobhe
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2024/07/17 23:44:46 Modified files: share/man/man4 : speaker.4 Log message: remove extra punctuation; from alexander arch
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: yasu...@cvs.openbsd.org 2024/07/17 20:45:32 Modified files: libexec/login_radius: raddauth.c Log message: Since libcrypto is used to calc message authenticator, use libcrypto md5 also in other places instead libc md5. ok millert
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2024/07/17 19:47:27 Modified files: usr.bin/ssh: ssh.1 Log message: mention mux proxy mode
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: yasu...@cvs.openbsd.org 2024/07/17 18:28:53 Modified files: usr.sbin/radiusd: radiusd.conf.5 Log message: Add a link to radiud_file(8)
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mill...@cvs.openbsd.org 2024/07/17 14:57:16 Modified files: usr.bin/sed: compile.c defs.h extern.h main.c misc.c process.c Log message: sed: use warn()/err() where appropriate Use warn()/err() instead of sed's homegrown warning()/error() for things other than parser problems. The warning()/error() functions display the file and line number in addition to the error message. This also removes of the COMPILE/FATAL argument to error() since now all calls to error() are for compilation/parsing issues. OK op@ espie@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: yasu...@cvs.openbsd.org 2024/07/17 14:50:28 Modified files: libexec/login_radius: Makefile raddauth.c Log message: Add Message-Authenticator attriubte when sending Access-Request. ok millert
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2024/07/17 09:22:56 Modified files: regress/lib/libssl/ciphers: cipherstest.c Log message: Add RCS id
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: kette...@cvs.openbsd.org2024/07/17 09:21:59 Modified files: sys/arch/arm64/arm64: autoconf.c cpu.c machdep.c sys/arch/arm64/include: cpu.h Log message: Clean up the cpi_id_aa64xxx variables at the end of autoconf such that sysclt(2) and ID register access emulation can share the variables. ok jca@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/07/17 09:01:22 Modified files: regress/lib/libssl/ciphers: cipherstest.c Log message: Enable regress for SSL_CIPHER_get_handshake_digest() Turns out this is already linked statically.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dera...@cvs.openbsd.org 2024/07/17 08:57:59 Modified files: distrib/sets/lists/comp: md.macppc Log message: sync
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/07/17 08:51:54 Modified files: regress/lib/libssl/ciphers: cipherstest.c Log message: Rework cipher find test to also provide coverage for SSL_CIPHER_*()
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: clau...@cvs.openbsd.org 2024/07/17 07:29:05 Modified files: lib/libc/sys : getrusage.2 Log message: Be clear that RUSAGE_CHILDREN only works for terminated children that have been waited for. If you SIG_IGN SIGCHLD or don't call any of the wait functions then RUSAGE_CHILDREN wont report anything. OK deraadt@ millert@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: yasu...@cvs.openbsd.org 2024/07/17 05:31:46 Modified files: usr.sbin/radiusd: radiusd_ipcp.c radiusd_local.h Log message: Fix some gcc warnings
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dera...@cvs.openbsd.org 2024/07/17 05:20:24 Modified files: usr.sbin/radiusd/radiusd: Makefile usr.sbin/radiusd/radiusd_eap2mschap: Makefile usr.sbin/radiusd/radiusd_standard: Makefile Log message: minor repairs
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: yasu...@cvs.openbsd.org 2024/07/17 05:19:27 Modified files: usr.sbin/radiusd: radiusd_eap2mschap.c Log message: Error if config parameter is unknown. This also fixes a gcc warning. spotted by deraadt
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: yasu...@cvs.openbsd.org 2024/07/17 05:13:22 Modified files: usr.sbin/radiusd: radiusd.conf.5 Log message: Document "authentication-filter".
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: yasu...@cvs.openbsd.org 2024/07/17 05:05:11 Modified files: usr.sbin/radiusd: radiusd.c Log message: Decrypt "Password" attribute always before passing the packet to modules. Also, don't assume the authenticator of the packet from the module that has no secret is valid.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: yasu...@cvs.openbsd.org 2024/07/17 04:15:39 Modified files: usr.sbin/radiusd: radiusd_file.c Log message: Delete log_info() line for debug.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: clau...@cvs.openbsd.org 2024/07/17 03:54:15 Modified files: sys/sys: proc.h Log message: Sync struct proc P_BITS with reality. Remove "\027XX" (old systrace flag) and "\035SOFTDEP". OK jsg@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: yasu...@cvs.openbsd.org 2024/07/17 02:26:19 Modified files: usr.sbin/npppd/npppd: parse.y Log message: Fix indent
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mill...@cvs.openbsd.org 2024/07/16 21:05:19 Modified files: usr.bin/sed: main.c Log message: Display an error message for "sed -i" if the file is unwritable Previously, sed would fail silently if it was unable to move the temporary file into place. Also allow "sed -i" on symbolic link--the link will be broken but this matches GNU sed behavior. From espie@ OK op@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/07/16 08:38:59 Modified files: regress/lib/libssl/unit: tls_prf.c Log message: Update regress for removal of SSL_HANDSHAKE_MAC_DEFAULT.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/07/16 08:38:04 Modified files: lib/libssl : s3_lib.c ssl_ciph.c ssl_local.h Log message: Clean up SSL_HANDSHAKE_MAC_DEFAULT. The handshake MAC needs to be upgraded when TLSv1.0 and TLSv1.1 ciphersuites are used with TLSv1.2. Since we no longer support TLSv1.0 and TLSv1.1, we can simply upgrade the handshake MAC in the ciphersuite table and remove the various defines/macros/code that existed to handle the upgrade. ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2024/07/16 04:19:38 Modified files: lib/libssl/man : SSL_CIPHER_get_name.3 Log message: Fix .Ox for SSL_CIPHER_get_handshake_digest()
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dera...@cvs.openbsd.org 2024/07/16 02:25:47 Modified files: distrib/sets/lists/base: mi distrib/sets/lists/comp: md.octeon distrib/sets/lists/man: mi Log message: sync
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: m...@cvs.openbsd.org2024/07/16 00:18:20 Modified files: usr.sbin/radiusd: eap2mschap_local.h Log message: Only perform the static_assert checks in C>=11 environment; unbreaks build on platforms using gcc.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dera...@cvs.openbsd.org 2024/07/15 23:01:10 Modified files: bin/ed : ed.h io.c main.c Log message: Fix the SIGHUP signal race. ed's "event loop" operates a getchar(); check the hup flag before and after that call, when the buffer structures are stable for write_file() to work. Remove the hup handling from the SPL0() macro, because this is run in at least one place during structure instability. The SIGINT handler, which uses siglongjmp(), is also trusting the SPL1/SPL0 dance more than it should. ok millert
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2024/07/15 19:14:23 Modified files: sys/dev/pci: ichiic.c Log message: match on Atom C3000 from and tested by Brendan Shanks
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2024/07/15 12:50:42 Modified files: lib/libcrypto/hidden/openssl: x509.h Log message: Switch the EVP_PKEY_*attr* API to LCRYPTO_UNUSED() This would have prevented the PKCS12 oopsie.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2024/07/15 09:43:25 Modified files: lib/libcrypto/pkcs12: p12_crt.c Log message: Fix PKCS12_create() This tries to copy some microsoft attributes which are not usually present and chokes on the now disabled EVP_PKEY_*attr* API. Instead of reviving about four layers of traps and indirection, just inline the two functions in a way that should be more obvious. found by anton via the ruby-openssl tests ok jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mgloc...@cvs.openbsd.org2024/07/15 09:33:54 Modified files: sys/dev/acpi : qcgpio.c Log message: Make the touchpad on the Samsung Galaxy Book4 Edge work. ok patrick@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/07/15 08:45:15 Modified files: lib/libssl : s3_lib.c ssl_local.h Log message: Mop up TLS1_PRF* defines. These have not been used for a long time, however SSL_CIPHER was not opaque at the time, hence they had to stick around. Now that SSL_CIPHER is opaque we can simply mop them up. ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mart...@cvs.openbsd.org 2024/07/15 07:27:36 Modified files: sys/ufs/ext2fs : ext2fs.h Log message: Add ext4 field definitions. Taken from NetBSD, with some cosmetic changes to keep it in line with our style. OK miod@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: an...@cvs.openbsd.org 2024/07/15 04:11:56 Modified files: regress/lib/libc/regex: t_exhaust.c Log message: fix signature of main()
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: patr...@cvs.openbsd.org 2024/07/15 03:56:30 Modified files: sys/dev/fdt: dwmshc.c Log message: Add support for the RK3588 eMMC controller. This is mostly the same, with some HS400 bits that we don't support yet. While there, fix some constants that weren't applied to the correct registers. ok dlg@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: patr...@cvs.openbsd.org 2024/07/15 03:54:38 Modified files: sys/dev/fdt: rkclock.c rkclock_clocks.h Log message: Add RK3588 eMMC clocks and resets. ok dlg@
Re: CVS: cvs.openbsd.org: src
On Sun, Jul 14, 2024 at 01:33:59PM -0600, Miod Vallat wrote: > CVSROOT: /cvs > Module name: src > Changes by: m...@cvs.openbsd.org2024/07/14 13:33:59 > > Added files: > sys/arch/armv7/include: elf.h > sys/arch/landisk/include: elf.h > sys/arch/loongson/include: elf.h > sys/arch/luna88k/include: elf.h > sys/arch/macppc/include: elf.h > sys/arch/octeon/include: elf.h > > Log message: > Add missing for compound arches. > > The spice^Wkernel must flow^Wbuild. Ah, that makes more sense. Thanks! -- jca
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2024/07/15 01:24:03 Modified files: sys/sys: proc.h Log message: sync PS_BITS with flags; ok claudio@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2024/07/14 23:36:08 Modified files: sbin/bioctl: bioctl.8 bioctl.c Log message: bioctl.8: - tweak bioctl text - don;t repeat the device examples - reinstate softraid device being always softraid0 usage(): - add vertical blank between two formats - rewrap to match 80col (shorter and matches man) feedback/ok krw kn
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: an...@cvs.openbsd.org 2024/07/14 23:24:02 Modified files: regress/lib/libc/elf_aux_info: Makefile elf_aux_info.c Log message: enable warnings and apply a dash of knfmt
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2024/07/14 18:11:59 Modified files: lib/libssl/man : SSL_CIPHER_get_name.3 Log message: ocurred -> occurred
CVS: cvs.openbsd.org: src
CVSROOT:/cvs
Module name:src
Changes by: sas...@cvs.openbsd.org 2024/07/14 13:51:08
Modified files:
sbin/pfctl : parse.y pfctl.c pfctl.h pfctl_optimize.c
pfctl_parser.h pfctl_radix.c pfctl_table.c
Log message:
This change allows user to define table inside the anchor like that:
anchor foo {
table { 192.168.1.1 }
pass in from to
}
Without this diff one must either create table in main
ruleset (root) or use 'pfctl -a foo -t bar -T add 192.168.1.1'
This glitch is hard to notice. Not many human admins try to attach
tables to non-global anchors. Deamons which configure pf(4) automatically
at run time such as relayd(8) and spamd(8) create tables attached to
thair anchors (for example 'relayd/*') but the deamons use way similar
to pfctl(8) to add and manage those tables.
The reason why I'd like to seal this gap is that my long term goal
is to turn global `pfr_ktable` in pf(4) into member of pf_anchor.
So each ruleset will get its own tree of tables.
feedback and OK bluhm@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: m...@cvs.openbsd.org2024/07/14 13:33:59 Added files: sys/arch/armv7/include: elf.h sys/arch/landisk/include: elf.h sys/arch/loongson/include: elf.h sys/arch/luna88k/include: elf.h sys/arch/macppc/include: elf.h sys/arch/octeon/include: elf.h Log message: Add missing for compound arches. The spice^Wkernel must flow^Wbuild.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/07/14 12:53:39 Modified files: sys/net: if.c pf.c pf_norm.c sys/netinet: ip_carp.c ip_icmp.c ip_input.c sys/netinet6 : icmp6.c ip6_input.c nd6.c nd6.h nd6_nbr.c nd6_rtr.c Log message: Unlock IPv6 sysctl net.inet6.ip6.forwarding from net lock. Use atomic operations to read ip6_forwarding while processing packets in the network stack. To make clear where actually the router property is needed, use the i_am_router variable based on ip6_forwarding. It already existed in nd6_nbr. Move i_am_router setting up the call stack until all users are independent. The forwarding decisions in pf_test, pf_refragment6, ip6_input do also not interfere. Use a new array ipv6ctl_vars_unlocked to make transition of all the integer sysctls easier. Adapt IPv4 to the new style. OK mvs@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: an...@cvs.openbsd.org 2024/07/14 12:49:32 Modified files: regress/sys/kern/unp-write-closed: Makefile unp-write-closed.c Log message: enable warnings and fix complaints
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2024/07/14 12:11:18 Modified files: usr.sbin/radiusd: radiusd_file.8 Log message: fix SEE ALSO and a word tweak;
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2024/07/14 12:09:05 Modified files: usr.sbin/radiusd: radiusd_eap2mschap.8 Log message: grammar and macro tweaks;
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2024/07/14 12:03:59 Modified files: usr.sbin/radiusd: radiusd.conf.5 Log message: zap a stray Nd line;
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: yasu...@cvs.openbsd.org 2024/07/14 10:22:59 Modified files: usr.sbin/radiusd: radiusd.conf.5 usr.sbin/radiusd/radiusd_file: Makefile Added files: usr.sbin/radiusd: radiusd_file.8 Log message: Add radiusd_file(5) and link it from radiusd.conf(5).
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: yasu...@cvs.openbsd.org 2024/07/14 10:09:23 Modified files: usr.sbin/radiusd: Makefile Makefile.inc parse.y radiusd.conf.5 Added files: usr.sbin/radiusd: eap2mschap_local.h radiusd_eap2mschap.8 radiusd_eap2mschap.c usr.sbin/radiusd/radiusd_eap2mschap: Makefile Log message: Add new radiusd_eap2mschap module. It provides conversions from EAP to MSCHAPv2.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: k...@cvs.openbsd.org2024/07/14 10:09:06 Modified files: sbin/bioctl: bioctl.8 Log message: Shuffle verbiage to make page more general. e.g. by mentioning nvme(4). Feedback jmc@ jmatthew@ deraadt@ kn@ ok jmc@ kn@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2024/07/14 10:06:31 Modified files: lib/libcrypto/evp: evp_pkey.c Log message: Rewrite EVP_PKEY_add1_attr_by_NID() Instead of jumping through many layers that cause headache, we can achieve the same in an entirely straightforward way without losing clarity. ok jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2024/07/14 10:04:10 Modified files: lib/libcrypto/evp: evp_pkey.c Log message: Disable most EVP_PKEY_*attr* API There is a single consumer of this entire family of function, namely the openssl(1) pkcs12 command uses EVP_PKEY_add1_attr_by_NID, so leave that one intact for now. ok jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2024/07/14 09:56:08 Modified files: lib/libssl : ssl_err.c Log message: Forgot to annotate the TMP UGLY CAST[S] as requested by jsing h/t to levitte
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2024/07/14 09:48:24 Modified files: lib/libssl/man : SSL_CIPHER_get_name.3 Log message: Document SSL_CIPHER_get_handshake_digest(3)
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/07/14 09:42:23 Modified files: sys/kern : uipc_socket.c Log message: Fix source and drain confusion in socket splicing somove(). If a large mbuf in the source socket buffer does not fit into the drain buffer, split the mbuf. But if the drain buffer still has some data in it, stop moving data and try again later. This skips a potentially expensive mbuf operation. When looking which socket buffer has to be locked, I found that the length of the source send buffer was checked. Change it to drain. As this is a performance optimization for a special corner case, noone noticed the bug. OK sashan@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: yasu...@cvs.openbsd.org 2024/07/14 09:34:20 src/usr.sbin/radiusd/radiusd_eap2mschap Update of /cvs/src/usr.sbin/radiusd/radiusd_eap2mschap In directory cvs.openbsd.org:/tmp/cvs-serv41962/radiusd_eap2mschap Log Message: Directory /cvs/src/usr.sbin/radiusd/radiusd_eap2mschap added to the repository
CVS: cvs.openbsd.org: src
CVSROOT:/cvs
Module name:src
Changes by: yasu...@cvs.openbsd.org 2024/07/14 09:31:49
Modified files:
usr.sbin/radiusd: radiusd.c radiusd_local.h
usr.sbin/radiusd/radiusd: Makefile
Added files:
usr.sbin/radiusd: radius_subr.c radius_subr.h
Log message:
Move radius_attr_{,un}hide() to radius_subr.c.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: yasu...@cvs.openbsd.org 2024/07/14 09:27:57 Modified files: usr.sbin/radiusd: parse.y radiusd.c radiusd.h radiusd_local.h radiusd_module.c radiusd_module.h Log message: Add "authentication-filter". Add new 2 imsg types so that authentication modules can request the next authentication and the next authentication can receive the result of the previous and modify the result.
