CVS: cvs.openbsd.org: www

[Kurt Mosiejczuk]

CVSROOT:/cvs
Module name:www
Changes by: k...@cvs.openbsd.org2022/05/31 23:22:52

Modified files:
.  : plus.html 

Log message:
Updated changelog to 2022-05-01

feedback and ok pamela@

CVS: cvs.openbsd.org: src

[David Gwynne]

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2022/05/31 22:31:08

Modified files:
sys/dev/fdt: if_mvneta.c if_mvnetareg.h 

Log message:
rework the rx ring processing.

this is another big step toward making the code mpsafe, and makes
a bunch of ring operations such as dmamap syncs and register updates
get done once for the ring rather than for every packet.

CVS: cvs.openbsd.org: src

[David Gwynne]

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2022/05/31 21:51:19

Modified files:
sys/dev/fdt: if_mvneta.c 

Log message:
mark mvneta_start mpsafe.

the interrupt handler is still under kernel lock, but at least you
can queue packets from another cpu concurrently.

CVS: cvs.openbsd.org: src

[David Gwynne]

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2022/05/31 21:39:57

Modified files:
sys/dev/fdt: if_mvneta.c 

Log message:
dont have to say Ethernet address in dmesg, address is fine

CVS: cvs.openbsd.org: src

[David Gwynne]

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2022/05/31 21:37:41

Modified files:
sys/dev/fdt: if_mvneta.c 

Log message:
trim some white space

CVS: cvs.openbsd.org: src

[David Gwynne]

CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2022/05/31 21:34:21

Modified files:
sys/dev/fdt: if_mvneta.c if_mvnetareg.h 

Log message:
rework tx start and completion.

this is a big step toward making the code mpsafe, and makes a bunch
of ring operations such as dmamap syncs and register updates per
start/completion call rather than per packet.

CVS: cvs.openbsd.org: src

[Theo Buehler]

CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2022/05/31 15:35:46

Modified files:
regress/usr.sbin/rpki-client: test-gbr.c test-mft.c test-roa.c 
  test-rsc.c 

Log message:
Make sure we error on parse failure.

ok claudio

CVS: cvs.openbsd.org: src

[Ingo Schwarze]

CVSROOT:/cvs
Module name:src
Changes by: schwa...@cvs.openbsd.org2022/05/31 14:21:40

Modified files:
share/man/man7 : roff.7 
usr.bin/mandoc : roff.c roff_escape.c 

Log message:
Rudimentary implementation of the \A escape sequence, following groff
semantics (test identifier for syntactical validity), not at all
following the completely unrelated Heirloom semantics (define
hyperlink target position).

The main motivation for providing this implementation is to get \A
into the parsing class ESCAPE_EXPAND that corresponds to groff parsing
behaviour, which is quite similar to the \B escape sequence (test
numerical expression for syntactical validity).  This is likely
to improve parsing of nested escape sequences in the future.

Validation isn't perfect yet.  In particular, this implementation
rejects \A arguments containing some escape sequences that groff
allows to slip through.  But that is unlikely to cause trouble even
in documents using \A for non-trivial purposes.  Rejecting the nested
escapes in question might even improve robustnest because the rejected
names are unlikely to really be usable for practical purposes - no
matter that groff dubiously considers them syntactically valid.

CVS: cvs.openbsd.org: src

[Jason McIntyre]

CVSROOT:/cvs
Module name:src
Changes by: j...@cvs.openbsd.org2022/05/31 14:12:24

Modified files:
usr.sbin/bgpd  : bgpd.conf.5 

Log message:
fix spacing;

CVS: cvs.openbsd.org: src

[Theo Buehler]

CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2022/05/31 13:37:02

Modified files:
regress/usr.sbin/rpki-client: test-gbr.c 

Log message:
Fix typo: argv[1] -> argv[i]

CVS: cvs.openbsd.org: src

[Theo Buehler]

CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2022/05/31 13:14:15

Added files:
regress/usr.sbin/rpki-client/rsc: 
  
c6938fc00af6496d9d4e6e2d876e4b4811887b60f4f1bc9cd0b3cdb7c57c6d5e.sig 
  checklist-08.sig 
Removed files:
regress/usr.sbin/rpki-client/rsc: 
  
98e8734fa1c9d72cec864aff45a39863a896ed6c00d2508a707b43c720558632.sig 
  apnic-demo.sig checklist.sig 

Log message:
Remove old checklists and add a couple of new ones.

CVS: cvs.openbsd.org: src

[Moritz Buhl]

CVSROOT:/cvs
Module name:src
Changes by: mb...@cvs.openbsd.org   2022/05/31 13:01:46

Modified files:
regress/sys/net/pflow: flow.10_4 flow.10_6 gen_traffic.c 

Log message:
The pflow regression test could fail due to a race where the close(2)
call of the receiver was called before the FIN on the sender was
processed.

OK bluhm@
OK anton@

CVS: cvs.openbsd.org: src

[Theo Buehler]

CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2022/05/31 12:51:35

Modified files:
usr.sbin/rpki-client: cert.c mft.c roa.c rsc.c x509.c 

Log message:
I made non-trivial contributions to these files.

CVS: cvs.openbsd.org: src

[Theo Buehler]

CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2022/05/31 12:45:14

Modified files:
usr.sbin/rpki-client: rsc.c 

Log message:
Shuffle two helper functions down.

This way the helper functions appear in the order they are used in
rsc_parse_econtent().

CVS: cvs.openbsd.org: src

[Theo Buehler]

CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2022/05/31 12:42:26

Modified files:
usr.sbin/rpki-client: rpki-client.8 

Log message:
Update reference to RSC draft 08

ok claudio job

CVS: cvs.openbsd.org: src

[Theo Buehler]

CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2022/05/31 12:41:43

Modified files:
usr.sbin/rpki-client: cms.c extern.h 

Log message:
Remove now unused ASN1_frame() and cms_econtent_version()

ok claudio job

CVS: cvs.openbsd.org: src

[Theo Buehler]

CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2022/05/31 12:40:15

Modified files:
usr.sbin/rpki-client: rsc.c 

Log message:
Rewrite rsc.c using ASN.1 templates

This implements the constrained versions of the RFC 3779 structures
since OpenSSL's 3779 API doesn't expose IPAddrBlocks. This way we can
also avoid extra checks after walking the structs. Use the previously
exposed sbgp_as_{id,range}() and sbgp_addr{,_range}() to remove a lot
of copy-pasted code.

While parsing ConstrainedASIdentifiers allocate only once and for
ConstrainedIPAddrBlocks allocate once per address family instead of
doing a reallocation for each asid or prefix.

This removes the last explicit use of ASN1_TYPE and ASN1_SEQUENCE_ANY
from rpki-client.

ok claudio job

CVS: cvs.openbsd.org: src

[Theo Buehler]

CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2022/05/31 12:33:16

Modified files:
usr.sbin/rpki-client: cert.c extern.h 

Log message:
Prepare rewrite of rsc.c with templated ASN.1

Change signatures of various functions to avoid using struct parse and
expose sbgp_as_{id,range}() and sbgp_addr{,_range}() so they can be used
from rsc.c. This is a mostly mechanical diff.

ok claudio job

CVS: cvs.openbsd.org: src

[Ingo Schwarze]

CVSROOT:/cvs
Module name:src
Changes by: schwa...@cvs.openbsd.org2022/05/31 12:08:02

Modified files:
share/man/man7 : roff.7 
usr.bin/mandoc : roff.c roff_escape.c 

Log message:
Trivial patch to put the roff(7) \g (interpolate format of register)
escape sequence into the correct parsing class, ESCAPE_EXPAND.
Expansion of \g is supposed to work exactly like the expansion
of the related escape sequence \n (interpolate register value),
but since we ignore the .af (assign output format) request,
we just interpolate an empty string to replace the \g sequence.

Surprising as it may seem, this actually makes a formatting difference
for deviate input like ".O\gNx" which used to raise bogus "escaped
character not allowed in a name" and "skipping unknown macro" errors
and printed nothing, whereas now it correctly prints "OpenBSD".

CVS: cvs.openbsd.org: src

[Nicholas Marriott]

CVSROOT:/cvs
Module name:src
Changes by: n...@cvs.openbsd.org2022/05/31 10:13:43

Modified files:
usr.bin/tmux   : cmd-server-access.c 

Log message:
Add a missing space.

CVS: cvs.openbsd.org: src

[Christian Weisgerber]

CVSROOT:/cvs
Module name:src
Changes by: na...@cvs.openbsd.org   2022/05/31 08:05:12

Modified files:
usr.bin/ssh: ssh-keygen.c 

Log message:
ssh-keygen: implement "verify-required" certificate option

This was already documented when support for user-verified FIDO
keys was added, but the ssh-keygen(1) code was missing.

ok djm@

CVS: cvs.openbsd.org: src

[Nicholas Marriott]

CVSROOT:/cvs
Module name:src
Changes by: n...@cvs.openbsd.org2022/05/31 04:22:42

Modified files:
usr.bin/tmux   : menu.c 

Log message:
Trim menu item text correctly, GitHub issue 3197.

CVS: cvs.openbsd.org: src

[Claudio Jeker]

CVSROOT:/cvs
Module name:src
Changes by: clau...@cvs.openbsd.org 2022/05/31 03:50:26

Modified files:
regress/usr.sbin/bgpd/integrationtests: Makefile 
Added files:
regress/usr.sbin/bgpd/integrationtests: 
bgpd.maxcomm.rdomain1.conf 
bgpd.maxcomm.rdomain2.conf 
maxcomm.ok maxcomm.sh 

Log message:
Introduce a integration test for max-communities

CVS: cvs.openbsd.org: src

[Claudio Jeker]

CVSROOT:/cvs
Module name:src
Changes by: clau...@cvs.openbsd.org 2022/05/31 03:46:54

Modified files:
regress/usr.sbin/bgpd/unittests: rde_community_test.c 
 rde_community_test.h 

Log message:
Extend community unit test to also check community_count()

CVS: cvs.openbsd.org: src

[Claudio Jeker]

CVSROOT:/cvs
Module name:src
Changes by: clau...@cvs.openbsd.org 2022/05/31 03:45:33

Modified files:
usr.sbin/bgpd  : bgpd.conf.5 bgpd.h parse.y printconf.c rde.h 
 rde_community.c rde_filter.c 

Log message:
Implement a max communities filter match

When max-communities X is set on a filterrule the filter will match when
more than X communities are present in the path. In other words
max-communities 0 means no communities are allowed and max-communities 3
limits it up to 3 communities.
There is max-communities, max-ext-communities and max-large-communities
for each of the 3 community attributes. These three max checks can be used
together.
OK tb@ job@