CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2021/08/29 19:15:45 Modified files: regress/usr.bin/ssh: knownhosts-command.sh Log message: adapt to RSA/SHA1 deprectation
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2021/08/29 17:53:10 Modified files: usr.bin/ssh: myproposal.h Log message: After years of forewarning, disable the RSA/SHA-1 signature algorithm by default. It is feasible to create colliding SHA1 hashes, so we need to deprecate its use. RSA/SHA-256/512 remains available and will be transparently selected instead of RSA/SHA1 for most SSH servers released in the last five+ years. There is no need to regenerate RSA keys. The use of RSA/SHA1 can be re-enabled by adding "ssh-rsa" to the PubkeyAcceptedAlgorithms directives on the client and server. ok dtucker deraadt
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2021/08/29 17:44:07 Modified files: usr.bin/ssh: clientloop.c Log message: wrap at 80 columns
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: gne...@cvs.openbsd.org 2021/08/29 15:32:52 Modified files: gnu/llvm/clang/lib/Driver/ToolChains: OpenBSD.cpp Log message: Revert: llvm: openbsd driver had one -lcompiler_rt too many Suggested by jca@ that kettenis@ looks at it first.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: st...@cvs.openbsd.org 2021/08/29 15:10:31 Modified files: usr.bin/calendar/calendars: calendar.music Log message: Lee "Scratch" Perry died :(
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: gne...@cvs.openbsd.org 2021/08/29 15:05:15 Modified files: gnu/llvm/clang/lib/Driver/ToolChains: OpenBSD.cpp Log message: llvm: openbsd driver had one -lcompiler_rt too many Tested by doing a full system build locally. Will work with brad@ for upstream-ing. OK patrick & mortimer
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: gne...@cvs.openbsd.org 2021/08/29 14:31:18 Modified files: sys/dev/pci: if_iwm.c if_iwx.c Log message: iwm/iwx: propagate errors out of iw{m,x}_set_bits_mask_prph routines This might help with troubleshooting "iwx0: acquiring device failed" errors. OK stsp@
CVS: cvs.openbsd.org: xenocara
CVSROOT:/cvs Module name:xenocara Changes by: matth...@cvs.openbsd.org2021/08/29 14:04:26 Modified files: font/alias : ChangeLog Makefile.am Makefile.in aclocal.m4 configure configure.ac font/alias/100dpi: Makefile.in font/alias/75dpi: Makefile.in font/alias/cyrillic: Makefile.in fonts.alias font/alias/misc: Makefile.in fonts.alias Added files: font/alias : README.md Removed files: font/alias : README Log message: Update font-alias to 1.0.4
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: schwa...@cvs.openbsd.org2021/08/29 13:56:40 Modified files: usr.bin/openssl: x509.c Log message: Do not call X509_alias_get0(3) with NULL as the second argument. Even if the buffer is guaranteed to be NUL-terminated in a particular case, it is still setting a bad example. Besides, it is unclear to me whether there is any such guarantee in the case at hand. Checking that would require auditing all of d2i_X509_bio(3), ASN1_item_d2i_bio(_X509_it, ...), PEM_read_bio_X509_AUX(3), and PKCS12_parse(3), since no such guarantee is documented for any of these functions, and even then it would remain fragile with respect to later changes of implementation details. In the worst case, this could potentially result in a read buffer overrun. OK tb@ on an earlier version of this patch. While we are here, deraadt@ requested to not use the word "string" in the name of a variable that is not a string in the sense of the C language.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: k...@cvs.openbsd.org2021/08/29 13:55:12 Modified files: sbin/route : route.8 Log message: nameserver command requires an interface argument
CVS: cvs.openbsd.org: xenocara
CVSROOT:/cvs Module name:xenocara Changes by: matth...@cvs.openbsd.org2021/08/29 13:20:30 Modified files: font/misc-ethiopic: ChangeLog Makefile.am Makefile.in aclocal.m4 configure configure.ac Added files: font/misc-ethiopic: README.md Removed files: font/misc-ethiopic: README Log message: Update to font-misc-ethiopic 1.0.4
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: an...@cvs.openbsd.org 2021/08/29 13:00:59 Modified files: sys/dev/usb: ucc.c Log message: Pass volume related key presses as both raw and translating input to wskbd in order to make them visible in X11. Matches what ukbd(4) already does.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: schwa...@cvs.openbsd.org2021/08/29 13:00:20 Modified files: lib/libutil: ober_set_header.3 Log message: fix an obvious mixup regarding the order of lines in the SYNOPSIS, and an omission below HISTORY
CVS: cvs.openbsd.org: xenocara
CVSROOT:/cvs Module name:xenocara Changes by: matth...@cvs.openbsd.org2021/08/29 12:51:33 Modified files: app/twm: ChangeLog Makefile.am Makefile.in aclocal.m4 compile config.h.in configure configure.ac app/twm/man: Makefile.in twm.man app/twm/src: Makefile.am Makefile.in add_window.c add_window.h cursor.c deftwmrc.sed events.c events.h gc.h gram.y iconmgr.c iconmgr.h icons.c icons.h lex.l list.c list.h menus.c menus.h parse.c parse.h resize.c resize.h screen.h session.c session.h twm.c twm.h util.c util.h version.c version.h Added files: app/twm: README.md Removed files: app/twm: README Log message: Update to twm 1.0.11
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: an...@cvs.openbsd.org 2021/08/29 12:31:08 Modified files: sys/dev/usb: ucc.c Log message: correct range upper bound in comment
CVS: cvs.openbsd.org: xenocara
CVSROOT:/cvs Module name:xenocara Changes by: matth...@cvs.openbsd.org2021/08/29 12:23:58 Modified files: app/xwd: ChangeLog Makefile.am Makefile.in aclocal.m4 clientwin.c compile configure configure.ac dsimple.c dsimple.h list.c list.h multiVis.c multiVis.h xwd.c app/xwd/man: Makefile.in xwd.man Added files: app/xwd: README.md Removed files: app/xwd: README Log message: Update to xwd 1.0.8
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: an...@cvs.openbsd.org 2021/08/29 12:21:16 Modified files: sys/dev/usb: ucc.c Log message: Make the ucc match criteria more stringent by requiring at least one usage greater than zero. Usage zero is defined as unassigned by the specification and cannot be mapped to anything sensible. Prevents ucc from attaching to bunch of odd report IDs from a Lenovo ThinkPad USB-C Dock which only exposes the unassigned usage. This is not a problem in practice but I think we're better attaching them as uhid devices instead as ucc cannot provide any functionality. Thanks to Mario Peter for reporting and testing.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: an...@cvs.openbsd.org 2021/08/29 12:20:18 Modified files: sys/dev/usb: ucc.c Log message: Some reports embeds multiple report IDs inside the same collection causing ucc to only being able to attach to the last report ID. This in turn is caused by hid_is_collection() only being able to observe an end of collection item with the last report ID for the same collection. Instead, change the matching of ucc to only consider report IDs with at least one corresponding Consumer Control usage. Fixes gnezdo@'s Google Pixel earbuds.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: an...@cvs.openbsd.org 2021/08/29 12:19:09 Modified files: sys/dev/usb: ucc.c Log message: An interrupt report contains the state of all items (Input, Output and Feature) from the corresponding descriptor report for a given report ID. The ordering of the items is identical in both the descriptor and interrupt report. As the interrupt report can cover more than Consumer Control related key presses, ucc must be more careful while examining the interrupt report in order to not confuse other items as key presses. While parsing the descriptor report, take note of the bits that represents Consumer Control key presses and use it to slice the interrupt report. Thanks to florian@ gnezdo@ and Alessandro De Laurenzis for testing.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: an...@cvs.openbsd.org 2021/08/29 12:17:51 Modified files: sys/dev/usb: ucc.c Log message: As the Consumer Control usages are well defined by the HID Usage Tables specification ucc might as well enumerate all of them. Finding an appropriate scan code recognized by X11 for each usage is more tricky. I've added a few more but the majority are still unmapped. Linux has defined a couple of more usages covered by the evdev[1] key codes but those symbols are not picked up in an vanilla X11 configuration on OpenBSD, according to setxkbmap(1). This should at least lower the barrier for adding scan codes for wanted keys. Note that the strings are discarded unless UCC_DEBUG is enabled. Thanks to gnezdo@ for testing. [1] xenocara/dist/xkeyboard-config/keycodes/evdev
CVS: cvs.openbsd.org: xenocara
CVSROOT:/cvs Module name:xenocara Changes by: matth...@cvs.openbsd.org2021/08/29 12:03:41 Modified files: app/xkbcomp: COPYING ChangeLog Makefile.am Makefile.in action.c action.h alias.c alias.h compat.c configure configure.ac expr.c expr.h geometry.c indicators.c indicators.h keycodes.c keycodes.h keymap.c keytypes.c listing.c misc.c misc.h parseutils.c parseutils.h symbols.c tokens.h utils.c utils.h vmod.c vmod.h xkbcomp.c xkbcomp.h xkbparse.y xkbpath.c xkbscan.c Log message: Update to xkbcomp 1.4.5
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2021/08/29 12:01:32 Modified files: usr.sbin/vmd : virtio.c Log message: Mask viornd descriptor value to prevent out of bound reads. viornd did not mask the descriptor value in the avialable ring allowing guest values to read past the end of the descriptor table. While here, change fatal to fatalx because errno is not set. Reported by Ilja van Sprundel ok mlarkin@
CVS: cvs.openbsd.org: xenocara
CVSROOT:/cvs Module name:xenocara Changes by: matth...@cvs.openbsd.org2021/08/29 11:50:32 Modified files: app/xeyes : ChangeLog Eyes.c Eyes.h EyesP.h Makefile.am Makefile.in aclocal.m4 compile config.h.in configure configure.ac xeyes.c app/xeyes/man : Makefile.in Added files: app/xeyes : README.md Removed files: app/xeyes : README Log message: Update xeyes to 1.2.0
CVS: cvs.openbsd.org: xenocara
CVSROOT:/cvs Module name:xenocara Changes by: matth...@cvs.openbsd.org2021/08/29 11:39:13 Modified files: app/fonttosfnt : ChangeLog configure configure.ac write.c Log message: Update to fonttosfnt 1.2.2
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: k...@cvs.openbsd.org2021/08/29 11:29:14 Modified files: sbin/fdisk : cmd.c Log message: Nuke unused variable and unnecessary initialization.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2021/08/29 11:13:15 Modified files: lib/libcrypto/x509: x509_verify.c Log message: Don't call the verify callback twice on success. This fixes a problem in the perl regress where it notices the callback is called twice and complains. ok tb@ bluhm@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dera...@cvs.openbsd.org 2021/08/29 10:40:26 Modified files: distrib/sets/lists/base: mi Log message: sync
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2021/08/29 09:52:47 Modified files: regress/usr.bin/openssl/x509: Makefile Log message: Pass the -quiet option to openssl s_server to make it ignore EOF. This makes some tests run from the Makefile behave as they should.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: clau...@cvs.openbsd.org 2021/08/29 09:37:58 Modified files: usr.bin/rsync : rmatch.c Log message: This needs extern.h for the rmatch prototype
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: rob...@cvs.openbsd.org 2021/08/29 09:22:24 Modified files: usr.bin/passwd : local_passwd.c Log message: notify the user about a successful password change; ok millert@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mart...@cvs.openbsd.org 2021/08/29 09:15:45 Modified files: regress/lib/libagentx: Makefile Log message: libagentx regress relied on snmp(1) defaulting to -v2c -cpublic. Make this explicit. Pointed out and OK bluhm@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: clau...@cvs.openbsd.org 2021/08/29 07:43:46 Modified files: usr.bin/rsync : Makefile extern.h flist.c main.c receiver.c sender.c Added files: usr.bin/rsync : charclass.h rmatch.c rules.c Log message: Implement --exclude/exclude-file and --include/include-file. Currently only simple include and excludes work, the advanced filters introduced later in rsync are not implemented. It is unclear if the per directory filters are something we want to implement. This requires more modern protocols which openrsync is not able to handle right now. This adds a special matching function to allow the ** matching which behaves mostly like rsyncs version with the exception of how bad [] patterns are expanded. For bad patterns openrsync follows more how fnmatch behaves and not the somewhat strange rsync behaviour. Not perfect but committing now so people can test and provide feedback.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: k...@cvs.openbsd.org2021/08/29 07:31:52 Modified files: distrib/miniroot: install.sub dot.profile Log message: Merge sysupgrade watchdog and prompt timeout code Provide TIMOUT_{ACTION,PERIOD_SEC} in {start,stop,reset}_timeout() to have install.sub and dot.profile use the same mnemonic helpers.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2021/08/29 07:17:42 Modified files: regress/usr.bin/openssl/x509: Makefile Log message: Add back the echo Q thing.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: k...@cvs.openbsd.org2021/08/29 07:16:22 Modified files: distrib/miniroot: dot.profile Log message: Sync prompt timeout code with sysupgrade watchdog Simplify code and employ the same technique in both places. The "prompt timeout" hits when on non-interactive installations or upgrades: Welcome to the OpenBSD/amd64 6.9 installation program. Starting non-interactive mode in 5 seconds... (I)nstall, (U)pgrade, (A)utoinstall or (S)hell? Performing non-interactive upgrade... The existing code uses a regular background job and does quirky file descriptor fiddling just to avoid job control messages when starting the timeout in the background. It also does `set +m' a second time for no reason and hardodes the number of seconds in multiple places. Do better by using a co-process just like sysupgrade's watchdog that reboots when the upgrade did not finish in time. reads good to aja
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2021/08/29 07:16:17 Modified files: usr.bin/openssl: s_server.c Log message: Start naccept .desc with a capital noted by inoguchi
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: k...@cvs.openbsd.org2021/08/29 07:05:43 Modified files: distrib/miniroot: install.sub Log message: Stop parsing unsupported dhcp-options(5) dhcpleased(8) does not support everything dhclient(8) did, so stop pretending. OK florian
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2021/08/29 06:40:37 Modified files: regress/usr.bin/openssl/x509: Makefile Log message: Use s_server -naccept 1 and remove echo "Q" | openssl s_client hack.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2021/08/29 06:33:15 Modified files: usr.bin/openssl: openssl.1 s_apps.h s_server.c s_socket.c Log message: Implement -naccept in the s_server. doc fixes/ok jmc ok beck
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2021/08/29 06:17:38 Modified files: usr.sbin/vmd : virtio.c Log message: mask next descriptor value and fix chunk_size calculation Guest can cause out of bounds read with a malformed descriptor. In same loop, also fix a chunk size calculation. Reported by Ilja van Sprundel. ok mlarkin@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: kette...@cvs.openbsd.org2021/08/29 06:02:52 Modified files: sys/dev/ic : nvmevar.h Log message: Reduce the number of openings for aplns(4) to 1. This isn't correct but make NVMe on the Apple M1 stable. Hopefully we can figure out the real issue in the future. ok jmatthew@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2021/08/29 05:41:27 Modified files: usr.sbin/vmd : virtio.c Log message: check for null vioblk info If {c,m}alloc fail, info could be NULL and result in NULL deref. Reported by Ilja van Sprundel. ok mlarkin@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: kette...@cvs.openbsd.org2021/08/29 05:23:29 Modified files: sys/dev/ic : nvme.c sys/arch/arm64/dev: aplns.c Log message: Reduce the number of openings for aplns(4) to 1. This isn't correct but make NVMe on the Apple M1 stable. Hopefully we can figure out the real issue in the future. ok jmatthew@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2021/08/29 05:14:27 Modified files: usr.sbin/vmd : virtio.c Log message: correct device status write size Reported by Ilja van Sprundel. ok mlarkin@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2021/08/29 05:09:05 Modified files: usr.sbin/vmd : virtio.c Log message: remove old descriptor dump function Used originally to aid dev. Unneeded. ok mlarkin@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dera...@cvs.openbsd.org 2021/08/29 03:10:57 Modified files: distrib/arm64/ramdisk: list distrib/riscv64/ramdisk: list Log message: new installboot will sometimes reuse the existing msdos boot partition instead of running newfs_msdos, so fsck_msdos gets run behind the scenes. A few architectures were missing this binary on their install media jsg notices two more arch need it also, due to crazy Makefile games in installboot
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dera...@cvs.openbsd.org 2021/08/29 03:05:21 Modified files: distrib/armv7/ramdisk: list distrib/macppc/ramdisk: list distrib/octeon/ramdisk: list distrib/powerpc64/ramdisk: list Log message: new installboot will sometimes reuse the existing msdos boot partition instead of running newfs_msdos, so fsck_msdos gets run behind the scenes. A few architectures were missing this binary on their install media noticed by sthen
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2021/08/29 00:50:29 Modified files: usr.sbin/traceroute: traceroute.8 Log message: -w default is now 3;