CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: an...@cvs.openbsd.org 2022/02/05 00:31:40 Modified files: sys/dev/usb: uhidpp.c Log message: Only install the sensors once as multiple devices can be paired with the same receiver. Prevents a newly added assertion from triggering. Problem reported by Joel Carnat on bugs@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2022/02/04 21:08:27 Modified files: sys/net: bpf.c Log message: make bpf_movein align the packet payload. bluhm@ hit a problem while running a regress test where a packet generated and injected via bpf ends up being consumed by the network stack. the stack assumes that packets are aligned properly, but bpf was lazy and put whatever was written to it at the start of an mbuf. ethernet has a 14 byte header, so if you put that at the start the payload will be misaligned by 2 bytes. bpf already has handling for different link header types, so this handling is extended a bit to align the payload after the link header. while here we're fixing up a few error codes. short packets produce EINVAL instead of EPERM, and packets larger than the biggest mbuf the kernel supports generates EMSGSIZE. with tweaks and ok bluhm@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2022/02/04 20:56:16 Modified files: sys/net: if_aggr.c Log message: remove an extra set of brackets. no functional change.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: k...@cvs.openbsd.org2022/02/04 16:32:17 Modified files: sbin/fdisk : fdisk.c gpt.c mbr.c part.c Log message: Wrap some annoyingly long lines.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: kette...@cvs.openbsd.org2022/02/04 15:24:09 Modified files: sys/dev/ofw: ofw_clock.h Log message: Add prototype for clock_set_frequency_idx().
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: k...@cvs.openbsd.org2022/02/04 11:21:33 Modified files: sbin/fdisk : cmd.c mbr.c Log message: %llu should be enough for anybody, no need to use %lld/(long long) for uint64_t values.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: kette...@cvs.openbsd.org2022/02/04 11:15:40 Modified files: sys/arch/arm64/include: pmap.h Log message: Define __HAVE_PMAP_MPSAFE_ENTER_COW; the ARMv8 architecture requires that we implement proper "break-before-make" semantics and I've stared at the code for long enough that I've convinced myself that we do indeed implement this correctly several times. ok guenther@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: k...@cvs.openbsd.org2022/02/04 11:12:47 Modified files: distrib/riscv64/iso: Makefile distrib/riscv64/ramdisk: Makefile install.md Log message: Use the '-b' to create boot partitions instead of '-e' scripts. Media creation & subsequent installation tests by visa@ ok visa@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2022/02/04 10:50:28 Modified files: sys/kern : kern_pledge.c Log message: whitelist resolv.conf for stat. go dns library does this. ok deraadt
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2022/02/04 09:50:49 Modified files: usr.sbin/rpki-client: cert.c Log message: More consistency in the return code docs.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2022/02/04 09:50:02 Modified files: usr.sbin/rpki-client: cert.c Log message: Document certificate_policies() in a comment.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2022/02/04 09:42:16 Modified files: lib/libcrypto : generate_pkgconfig.sh lib/libssl : generate_pkgconfig.sh Log message: Bump libressl's version in pkgconfig to 2.0.0 LibreSSL's pc files effectively hardcode the version to 1.0.0 since LibreSSL exists. That probably never made much sense. This causes some pain for ports that "need 'openssl' ['>= +1.1.0'] found '1.0.0'" or similar while they would build perfectly fine with LibreSSL. This only affects OpenBSD. We do not put the actual LibreSSL version in there since it may cause trouble Discussed with sthen, millert, inoguchi, beck over the past year. Diff from/ok sthen
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2022/02/04 09:34:15 Modified files: lib/libcrypto/x509: x509_addr.c Log message: Remove a strange inheritance check from addr_validate_path_internal() The trust anchor can't inherit, but the code says that it can inherit just not if the leaf tries to inherit from that. This makes no sense and doesn't match what is done on the asid side. ok jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2022/02/04 09:29:43 Modified files: usr.sbin/rpki-client: parser.c Log message: whitespace
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2022/02/04 09:28:20 Modified files: usr.sbin/rpki-client: cert.c Log message: Ensure that certificate policies follow RFC 7318 RFC 7318 makes requirements on the certificate policy extension imposed by RFC 6487 a bit stricter. It requires that exactly one policy OID is present and that it be id-cp-ipAddr-asNumber and if there is a policy qualifier it must be id-qt-cps. These are requirements that the X.509 verifier's policy code can't enforce, so unpack the certificate policy extension by hand and check that it matches expectations. ok claudio
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2022/02/04 09:21:11 Modified files: usr.sbin/rpki-client: parser.c Log message: Enforce Certificate Policy for RPKI RFCs 6384 defines a certificate policy for RPKI. Ensure that the verifier builds a certification path that follows this OID: set up a policy on the X509_STORE_CTX's verify parameters and set initial-explicit-policy and initial-policy-mapping-inhibit. Pointed out by Ties de Kock ok claudio
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2022/02/04 09:08:53 Modified files: usr.sbin/rpki-client: x509.c Log message: Add id-cp-ipAddr-asNumber OID to x509_init_oid() Unfortunately, NID_ipAddr_asNumber is not available in LibreSSL < 3.3 and OpenSSL, so load its OID by hand to help -portable. This will be used for certificate policy checks. ok claudio
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: kette...@cvs.openbsd.org2022/02/04 09:08:39 Modified files: distrib/arm64/ramdisk: install.md Log message: Now that installboot(8) creates the startup.nsh file, remove the shell scripting doing the same thing from here. ok deraadt@, visa@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: k...@cvs.openbsd.org2022/02/04 07:07:56 Modified files: sbin/fdisk : cmd.c gpt.c mbr.c part.c part.h Log message: Remove CHS information from internal representation of MBR partitions. Generate CHS information as required when writing MBR to disk, editing a partition in CHS mode or printing MBR. No intentional functional change.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2022/02/04 06:50:32 Modified files: usr.sbin/rpki-client: validate.c Log message: Fix outdated comment Nowadays SKI/AKI validation happens in proc_parser_roa()
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: clau...@cvs.openbsd.org 2022/02/04 06:11:14 Modified files: regress/usr.sbin/rpki-client: Makefile.inc Added files: regress/usr.sbin/rpki-client/rrdp: notification_xmlns.xml rrdp-r7.out Log message: Test that a non conforming xmlns attribute results in a failure.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: clau...@cvs.openbsd.org 2022/02/04 06:05:47 Modified files: regress/usr.sbin/rpki-client: Makefile.inc regress/usr.sbin/rpki-client/rrdp: delta.xml Log message: Fix xmlns URI, I guess I search and replaced too much in this file. Update hash in the Makefile.inc since it changed as well. Noticed by anton@
Re: CVS: cvs.openbsd.org: src
On Thu, Feb 03, 2022 at 11:19:33AM -0700, Claudio Jeker wrote: > CVSROOT: /cvs > Module name: src > Changes by: clau...@cvs.openbsd.org 2022/02/03 11:19:33 > > Modified files: > usr.sbin/rpki-client: rrdp.h rrdp_delta.c rrdp_notification.c > rrdp_snapshot.c > > Log message: > Enforce the RRDP XMLNS to "http://www.ripe.net/rpki/rrdp"; > Missing check reported by Ties de Kock > OK tb@ benno@ Some regress fallouts: > usr.sbin/rpki-client: Exit: 1 Duration: 00:01:02 Log: 239-usr.sbin-rpki-client.log run-regress-test-rrdp ./test-rrdp -n < /home/src/regress/usr.sbin/rpki-client/libressl/../rrdp/notification.xml 2>&1 | tee rrdp-r1.out test-rrdp: session_id: 8fe05c2e-047d-49e7-8398-cd4250a572b1, serial: 50550 test-rrdp: snapshot_uri: https://rpki.example.com/8fe05c2e-047d-49e7-8398-cd4250a572b1/50550/snapshot.xml test-rrdp: snapshot hash: AE52F78BCB1B258A1DA924122971B0FDDFCE4C01B2B2DBA59C9B28EF1D94C02B OK cmp /home/src/regress/usr.sbin/rpki-client/libressl/../rrdp/rrdp-r1.out rrdp-r1.out ./test-rrdp -S 8fe05c2e-047d-49e7-8398-cd4250a572b1 -N 50500 -n < /home/src/regress/usr.sbin/rpki-client/libressl/../rrdp/notification.xml 2>&1 | tee rrdp-r2.out test-rrdp: session_id: 8fe05c2e-047d-49e7-8398-cd4250a572b1, serial: 50550 test-rrdp: snapshot_uri: https://rpki.example.com/8fe05c2e-047d-49e7-8398-cd4250a572b1/50550/snapshot.xml test-rrdp: snapshot hash: AE52F78BCB1B258A1DA924122971B0FDDFCE4C01B2B2DBA59C9B28EF1D94C02B test-rrdp: delta serial 50501 uri: https://rpki.example.com/8fe05c2e-047d-49e7-8398-cd4250a572b1/50501/delta.xml test-rrdp: delta hash: 40521FB9995ACA55D39360985C336619E08072A6AFFFCE97753E701A0D65D57B test-rrdp: delta serial 50502 uri: https://rpki.example.com/8fe05c2e-047d-49e7-8398-cd4250a572b1/50502/delta.xml test-rrdp: delta hash: 1036A71DF3129449E1403F3BEACFA427D59659FAC0B45C9E3DFFDBEBDB17D722 test-rrdp: delta serial 50503 uri: https://rpki.example.com/8fe05c2e-047d-49e7-8398-cd4250a572b1/50503/delta.xml test-rrdp: delta hash: E8DE1E10D05734BB9EFE65202B96023D3770F0B8FD457249676214612F4685B3 test-rrdp: delta serial 50504 uri: https://rpki.example.com/8fe05c2e-047d-49e7-8398-cd4250a572b1/50504/delta.xml test-rrdp: delta hash: CDCD746257A0F35BBCE0B1832C2DF4CF25751C281FDE23CAE8B17F607F1E82E1 test-rrdp: delta serial 50505 uri: https://rpki.example.com/8fe05c2e-047d-49e7-8398-cd4250a572b1/50505/delta.xml test-rrdp: delta hash: 50C95FF4B63C03836FE291AFCA61FDA25C96BC0D280E421DDDC307E591FE8F81 test-rrdp: delta serial 50506 uri: https://rpki.example.com/8fe05c2e-047d-49e7-8398-cd4250a572b1/50506/delta.xml test-rrdp: delta hash: 7C9C62DA4DD109E5151FCC0EA366DB343E35AB7F2A62D81D6C54EEE1E1FD72B1 test-rrdp: delta serial 50507 uri: https://rpki.example.com/8fe05c2e-047d-49e7-8398-cd4250a572b1/50507/delta.xml test-rrdp: delta hash: 20360D8B294E3A6E62DE2AF58955AFE601507231E6937B375DE0C047A69CD9C1 test-rrdp: delta serial 50508 uri: https://rpki.example.com/8fe05c2e-047d-49e7-8398-cd4250a572b1/50508/delta.xml test-rrdp: delta hash: B4AE54C1207EC9A12A5E20091004830FB3D146F62B2396A6C3DE2AB0795ED2E7 test-rrdp: delta serial 50509 uri: https://rpki.example.com/8fe05c2e-047d-49e7-8398-cd4250a572b1/50509/delta.xml test-rrdp: delta hash: FCD7FE3D59F4B8DAA40920C7B3C5C4D149660AFD35DFCA53EDE7671919802CFB test-rrdp: delta serial 50510 uri: https://rpki.example.com/8fe05c2e-047d-49e7-8398-cd4250a572b1/50510/delta.xml test-rrdp: delta hash: 6D8D296CA28CA390B761D25BDB69EAA0086242911A90965C7436D602B4190B66 test-rrdp: delta serial 50511 uri: https://rpki.example.com/8fe05c2e-047d-49e7-8398-cd4250a572b1/50511/delta.xml test-rrdp: delta hash: 9015620F5B20DBA3DEDC63F90C0CFAB5DD3816217976C6DCC4A68D649DC9 test-rrdp: delta serial 50512 uri: https://rpki.example.com/8fe05c2e-047d-49e7-8398-cd4250a572b1/50512/delta.xml test-rrdp: delta hash: 155C0F96DE414AC4CA7D60DE7B1ACBECDF5B192CCAE6AF3C78F06FFF212138F4 test-rrdp: delta serial 50513 uri: https://rpki.example.com/8fe05c2e-047d-49e7-8398-cd4250a572b1/50513/delta.xml test-rrdp: delta hash: 85DAF825C8335D8F59FD6B32B25F9B7152F89038B74ED3366A6EA59BD2F4E600 test-rrdp: delta serial 50514 uri: https://rpki.example.com/8fe05c2e-047d-49e7-8398-cd4250a572b1/50514/delta.xml test-rrdp: delta hash: 70D288EC67C4B47B6DC177BFB735DDD6542B2A9E484BAE770534A83FD515CE8B test-rrdp: delta serial 50515 uri: https://rpki.example.com/8fe05c2e-047d-49e7-8398-cd4250a572b1/50515/delta.xml test-rrdp: delta hash: BD258657DE4C220AD500CC0ECE87CFFCAD813ECD30A63DEFF28086A5F2DCBB5F test-rrdp: delta serial 50516 uri: https://rpki.example.com/8fe05c2e-047d-49e7-8398-cd4250a572b1/50516/delta.xml test-rrdp: delta hash: FADEE13B825F713E931EDADEDC79B1F86F4E501EF6C153C0F5FD4401C73B3065 test-rrdp: delta serial 50517 uri: https://rpki.example.com/8fe05c2e-047d-49e7-8398-cd4250a572b1/50517/delta.xml test-rrdp: delta hash: EAC5270A5109E95683EB73153E7F5E081F6DA473048782CE4E0E708AD2264B3A test-rrdp: delta serial 50518 uri: https://rpki.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: clau...@cvs.openbsd.org 2022/02/04 05:01:33 Modified files: usr.sbin/bgpctl: bgpctl.c Log message: Rename sockaddr_un sun to sa_un since sun is defined on illumos systems. OK dlg@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: clau...@cvs.openbsd.org 2022/02/04 05:01:12 Modified files: usr.sbin/bgpd : control.c Log message: Rename sockaddr_un sun to sa_un since sun is defined on illumos systems. OK dlg@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: n...@cvs.openbsd.org2022/02/04 04:57:22 Modified files: usr.bin/tmux : screen-redraw.c Log message: Use ACS for pane border indicators so they work with different line types, from Thomas Adam.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: rob...@cvs.openbsd.org 2022/02/04 01:06:48 Modified files: sys/dev/acpi : acpi.c Log message: set the APM_BATT_CHARGING state if the battery is being charged and try to calculate the remaining time to be fully charged ok jca@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2022/02/04 00:59:54 Modified files: sbin/ipsecctl : ipsec.conf.5 Log message: Fix another instance of incorrect capitalization of ChaCha20. pointed out by jmc