CVS: cvs.openbsd.org: src

2020-11-03 Thread Greg Steuck 
CVSROOT:/cvs
Module name:src
Changes by: gne...@cvs.openbsd.org  2020/11/03 21:40:13

Modified files:
sys/net: bpf.c 

Log message:
Use sysctl_int_bounded in bpf_sysctl

Unlike the other cases of sysctl_bounded_arr this one uses a dynamic limit.

OK millert@

CVS: cvs.openbsd.org: src

2020-11-03 Thread Damien Miller 
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2020/11/03 15:53:12

Modified files:
usr.bin/ssh: match.c 

Log message:
fold consecutive '*' wildcards to mitigate combinatorial explosion
of recursive searches; ok dtucker

CVS: cvs.openbsd.org: src

2020-11-03 Thread Theo Buehler 
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2020/11/03 14:50:58

Modified files:
regress/sys/net/rtable: kern_compat.h 

Log message:
The 'source IP address' commit (route.c r1.249) broke the rtable regress
tests since it introduced use of ifa_ifwithaddr() from if.c, so the tests
no longer link due to the missing symbol.

Provide an ifa_ifwithaddr() shim that makes the test link again.
Passes on amd64 and sparc64.

ok bluhm

CVS: cvs.openbsd.org: src

2020-11-03 Thread Patrick Wildt 
CVSROOT:/cvs
Module name:src
Changes by: patr...@cvs.openbsd.org 2020/11/03 14:50:54

Modified files:
sys/dev/fdt: if_mvpp.c 

Log message:
Have mvpp(4) pass MII flags depending on the phy mode specified in
the device tee.  This allows my ClearFog GT 8K to get the 1G link up.

ok kettenis@

CVS: cvs.openbsd.org: src

2020-11-03 Thread Patrick Wildt 
CVSROOT:/cvs
Module name:src
Changes by: patr...@cvs.openbsd.org 2020/11/03 14:49:42

Modified files:
sys/dev/mii: eephy.c eephyreg.h miivar.h 

Log message:
The Marvell 88E1512 supports multiple modes between MAC to PHY and PHY
to Media.  The mode can be configured in the General Control Register 1.
On the 88E1512 and 88E1514 this mode defaults to 111 (invalid).  Thus we
need to change the mode if we want SGMII-to-Copper.  For this, allow the
interface to pass an SGMII flag, indicating that the interface between
MAC and PHY is SGMII.

ok kettenis@

CVS: cvs.openbsd.org: src

2020-11-03 Thread Patrick Wildt 
CVSROOT:/cvs
Module name:src
Changes by: patr...@cvs.openbsd.org 2020/11/03 14:46:14

Modified files:
sys/dev/fdt: if_mvpp.c if_mvppreg.h 

Log message:
Disable HW PHY polling.  It's enabled by default.

CVS: cvs.openbsd.org: src

2020-11-03 Thread Theo Buehler 
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2020/11/03 14:16:32

Modified files:
regress/usr.sbin/rpki-client: test-mft.c test-roa.c 

Log message:
Inline pem_print(). It's a wrapper around PEM_write_bio_X509().

ok benno claudio

CVS: cvs.openbsd.org: src

2020-11-03 Thread Tobias Heider 
CVSROOT:/cvs
Module name:src
Changes by: to...@cvs.openbsd.org   2020/11/03 13:45:58

Modified files:
regress/sbin/iked/dh: Makefile dhtest.c 

Log message:
Fix dh test after recent API refactoring. Remove outdated references to
EC2N while we're at it.

CVS: cvs.openbsd.org: src

2020-11-03 Thread Theo Buehler 
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2020/11/03 11:50:25

Modified files:
usr.bin/openssl: verify.c 

Log message:
Wrap remaining overlong lines.

CVS: cvs.openbsd.org: src

2020-11-03 Thread Theo Buehler 
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2020/11/03 11:47:19

Modified files:
usr.bin/openssl: verify.c 

Log message:
garbage collect an essentially unused variable and wrap some overlong
lines

CVS: cvs.openbsd.org: src

2020-11-03 Thread Theo Buehler 
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2020/11/03 11:42:52

Modified files:
usr.bin/openssl: verify.c 

Log message:
* ptr -> *ptr

CVS: cvs.openbsd.org: src

2020-11-03 Thread Theo Buehler 
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2020/11/03 11:39:18

Modified files:
usr.bin/openssl: verify.c 

Log message:
X509_verify_cert()'s return value is not reliable if the callback
returns 1. verify.c's cb() ignores a bunch of things to display as
much info as possible. Thus, check the error code on the store ctx
as well, similar to OpenSSL commit d9e309a6 (old licence).

This makes openssl verify error on expired certs, at least with the
legacy verify code.

While here, fix a number of style issues, simplify and plug a leak.

ok inoguchi

CVS: cvs.openbsd.org: src

2020-11-03 Thread Philip Guenther 
CVSROOT:/cvs
Module name:src
Changes by: guent...@cvs.openbsd.org2020/11/03 11:19:32

Modified files:
sys/arch/amd64/amd64: locore.S 

Log message:
Give sizes to more of the functions in locore.S

ok mpi@

CVS: cvs.openbsd.org: src

2020-11-03 Thread Joel Sing 
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2020/11/03 10:43:01

Modified files:
lib/libcrypto/x509: x509_verify.c 

Log message:
Fix bad indent.

CVS: cvs.openbsd.org: src

2020-11-03 Thread Joel Sing 
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2020/11/03 10:41:39

Modified files:
lib/libssl : tls13_legacy.c 

Log message:
Only check BIO_should_read() on read and BIO_should_write() on write.

The TLSv1.3 code that drives a BIO currently checks BIO_should_read()
after BIO_write() and BIO_should_write() after BIO_read(), which was
modelled on SSL_get_error(). However, there are certain cases where
this can confuse the caller - primarily where the same BIO is being
used for both read and write and the caller is manipulating the retry
flags. SSL_get_error() tends avoids this issue by relying on another
layer of state tracking.

Unfortunately haproxy hits this situation - it has its own BIO_METHOD,
the same BIO is used for both read and write and it manipulates the
retry flags - resulting in it stalling.

Issued noted by Thorsten Lockert 

ok beck@ tb@

CVS: cvs.openbsd.org: src

2020-11-03 Thread Joel Sing 
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2020/11/03 10:22:45

Modified files:
lib/libcrypto/x509: x509_verify.c 

Log message:
Hook X509_STORE_CTX get_issuer() callback from new X509 verifier.

If we fail to find a parent certificate from either the supplied roots or
intermediates and we have a X509_STORE_CTX, call its get_issuer() callback
to see if it can supply a suitable certificate. This makes things like
certificates by directory (aka by_dir) work correctly.

Issue noted by Uwe Werler 

ok beck@ tb@

CVS: cvs.openbsd.org: www

2020-11-03 Thread Theo Buehler 
CVSROOT:/cvs
Module name:www
Changes by: t...@cvs.openbsd.org2020/11/03 10:09:49

Modified files:
.  : errata68.html 

Log message:
release wg errata

CVS: cvs.openbsd.org: src

2020-11-03 Thread Tobias Heider 
CVSROOT:/cvs
Module name:src
Changes by: to...@cvs.openbsd.org   2020/11/03 09:45:40

Modified files:
sbin/iked  : parse.y 

Log message:
Add 'any' keyword for request to allow 'request address any'.

CVS: cvs.openbsd.org: src

2020-11-03 Thread Theo Buehler 
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2020/11/03 09:43:31

Modified files:
sys/net: Tag: OPENBSD_6_8 wg_noise.c 

Log message:
release the correct lock in noise_remote_begin_session()

fixes a "noise_keypair: lock not held" panic observed by Caspar Schutijser
from Jason A. Donenfeld
original commit: jasper

this is errata/6.8/004_wg.patch.sig

CVS: cvs.openbsd.org: src

2020-11-03 Thread Alexander Bluhm 
CVSROOT:/cvs
Module name:src
Changes by: bl...@cvs.openbsd.org   2020/11/03 06:58:45

Modified files:
regress/sys/uvm/vnode: vnode.c 

Log message:
On arm64 char is unsigned, use int in getopt() loop.

CVS: cvs.openbsd.org: src

2020-11-03 Thread Ingo Schwarze 
CVSROOT:/cvs
Module name:src
Changes by: schwa...@cvs.openbsd.org2020/11/03 02:23:46

Modified files:
usr.sbin/accton: accton.8 

Log message:
insert missing EXIT STATUS section;
OK jmc@ deraadt@

CVS: cvs.openbsd.org: src

2020-11-03 Thread Nicholas Marriott 
CVSROOT:/cvs
Module name:src
Changes by: n...@cvs.openbsd.org2020/11/03 01:09:35

Modified files:
usr.bin/tmux   : cmd-display-menu.c tmux.1 

Log message:
Expand menu and popup -x and -y as a format, from teo_paul1 at yahoo dot
com in GitHub issue 2442.