Re: CVS: cvs.openbsd.org: src
On Mon, Apr 24, 2023 at 10:55:06AM -0600, Theo Buehler wrote: > CVSROOT: /cvs > Module name: src > Changes by: t...@cvs.openbsd.org2023/04/24 10:55:06 > > Modified files: > lib/libssl : ssl_tlsext.c > > Log message: > Free and calloc() the tlsext_build_order and remember its length > > Aligns tlsext_randomize_build_order() with tlsext_linearize_build_order() > and will help regression testing. > > ok jsing Does not compile without the following: Index: ssl_local.h === RCS file: /cvs/src/lib/libssl/ssl_local.h,v retrieving revision 1.4 diff -u -p -r1.4 ssl_local.h --- ssl_local.h 23 Apr 2023 18:51:53 - 1.4 +++ ssl_local.h 25 Apr 2023 05:13:01 - @@ -975,6 +975,7 @@ struct ssl_st { unsigned int max_send_fragment; const struct tls_extension **tlsext_build_order; + size_t tlsext_build_order_len; char *tlsext_hostname; /* certificate status request info */
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: a...@cvs.openbsd.org2023/04/24 23:02:56 Modified files: sbin/ifconfig : ifconfig.8 Log message: add eoip to keepalive. ok david@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dera...@cvs.openbsd.org 2023/04/24 22:42:26 Modified files: lib/libcrypto : x86_64cpuid.pl lib/libcrypto/aes/asm: aes-x86_64.pl aesni-sha1-x86_64.pl aesni-x86_64.pl bsaes-x86_64.pl vpaes-x86_64.pl lib/libcrypto/bn/arch/amd64: bignum_add.S bignum_cmadd.S bignum_cmul.S bignum_mul.S bignum_mul_4_8_alt.S bignum_mul_8_16_alt.S bignum_sqr.S bignum_sqr_4_8_alt.S bignum_sqr_8_16_alt.S bignum_sub.S word_clz.S lib/libcrypto/bn/asm: modexp512-x86_64.pl x86_64-mont.pl x86_64-mont5.pl lib/libcrypto/camellia/asm: cmll-x86_64.pl lib/libcrypto/md5/asm: md5-x86_64.pl lib/libcrypto/modes/asm: ghash-x86_64.pl lib/libcrypto/rc4/asm: rc4-md5-x86_64.pl rc4-x86_64.pl lib/libcrypto/sha/asm: sha1-x86_64.pl sha512-x86_64.pl lib/libcrypto/whrlpool/asm: wp-x86_64.pl Log message: Add endbr64 where needed by inspection. Passes regresson tests. ok jsing, and kind of tb an earlier version
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dera...@cvs.openbsd.org 2023/04/24 22:11:10 Modified files: libexec/ld.so/amd64: SYS.h Log message: endbr64 is potentially neccessary in the syscall stubs.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dera...@cvs.openbsd.org 2023/04/24 22:10:21 Modified files: lib/csu/amd64 : md_init.h Log message: Add missing endbr64 instructions as required. Verified as neccessary with a fully IBT userland operational..
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dera...@cvs.openbsd.org 2023/04/24 22:06:06 Modified files: lib/csu/amd64 : md_init.h lib/csu/i386 : md_init.h Log message: placing .align after the function start is crazy. other things are ensuring this function is at the start of the section, there is no poing in potentially stuffing nops into the sequence if things go wrong, it is better to fail hard. ok guenther
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: chel...@cvs.openbsd.org 2023/04/24 19:32:36 Modified files: sys/kern : subr_prof.c Log message: prof_state_toggle: keep a count of CPUs with profiling enabled On MULTIPROCESSOR systems, the following sequence of kgmon(8) invocations leaves the statclock() frequency at stathz when there is still a CPU on the system where the gmon state is GMON_PROF_ON: # kgmon -c 0 -b # kgmon -c 1 -b # kgmon -c 0 -h The problem is that we aren't counting CPUs with profiling enabled. Add "gmon_cpu_count" to keep a count. Call startprofclock() for the first CPU to enable profiling and stopprofclock() for the last CPU to disable profiling.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: chel...@cvs.openbsd.org 2023/04/24 18:58:48 Modified files: sys/kern : subr_prof.c kern_clock.c sys/sys: resourcevar.h Log message: addupc_intr: support adding multiple profiling ticks at once Add a third parameter to addupc_intr(), "u_long nticks". This will allow us to credit more than one profiling tick to the thread at once. Should be useful in the unusual case where the clock interrupt is masked for an extended period.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/04/24 16:30:17 Modified files: lib/libcrypto/stack: safestack.h lib/libcrypto/x509: x509v3.h Log message: Future users of libcrypto will also have to do without strong extranet support. discussed with beck and jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/04/24 16:24:39 Modified files: lib/libcrypto/pem: pem.h pem_all.c lib/libcrypto/x509: x509.h Log message: Mark NETSCAPE_CERT_SEQUENCE for removal discussed with beck and jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/04/24 16:12:28 Modified files: lib/libcrypto/asn1: asn1.h lib/libcrypto/pkcs7: pkcs7.h Log message: Mark the NDEF API for removal Discussed with jsing and beck
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: kette...@cvs.openbsd.org2023/04/24 16:06:05 Modified files: libexec/ld.so/aarch64: ldasm.S Log message: Since ENTRY() already inserts a BTI instructions so don't add another one. ok patrick@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: clau...@cvs.openbsd.org 2023/04/24 11:11:33 Modified files: usr.sbin/rpki-client: mft.c Log message: If the two mfts in mft_compare() are the same do not prefer the first (DIR_VALID) but perfer the 2nd (DIR_TEMP) since this allows rpki-client to move the equal files from .rrdp back into the valid repo tree and so there are less unaccounted files for. Problem noticed by and OK job@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: k...@cvs.openbsd.org2023/04/24 11:07:34 Modified files: distrib/amd64/iso: Makefile distrib/amd64/ramdisk_cd: Makefile Log message: Replace the only two uses of disklabel template files with 'echo "/ *"'. No functional change. ok kn@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/04/24 10:55:06 Modified files: lib/libssl : ssl_tlsext.c Log message: Free and calloc() the tlsext_build_order and remember its length Aligns tlsext_randomize_build_order() with tlsext_linearize_build_order() and will help regression testing. ok jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2023/04/24 10:53:57 Modified files: sys/arch/amd64/amd64: vmm.c Log message: vmm(4): allow guests to enable and use supervisor IBT. Why should hosts have all the fun? Conditionally unmask the cpuid bits for IBT and allow r/w access to the supervisor CET msr. Will need revisiting when we introduce usage of userland CET msr. ok marlkin@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2023/04/24 10:46:43 Modified files: sys/kern : vfs_bio.c Log message: Remove recursive spl grabbing in vfs_bio.c in preparation for improvements. ok claudio@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: k...@cvs.openbsd.org2023/04/24 10:36:54 Modified files: etc: changelist Log message: add default tmux config; ok sthen
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: k...@cvs.openbsd.org2023/04/24 10:21:43 Modified files: distrib/arm64/ramdisk: Makefile distrib/powerpc64/ramdisk: Makefile distrib/riscv64/ramdisk: Makefile Log message: Change variables 'MRFSDISKTYPE' to 'MRDISKTYPE' like every other arch. No functional change. Noticed by & ok kn@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2023/04/24 09:35:22 Modified files: lib/libcrypto/stack: stack.c Log message: Fix sk_is_sorted to tread 0 and 1 element lists as sorted. from boringssl ok tb@ jsing@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/04/24 09:32:31 Modified files: lib/libssl : ssl_tlsext.c Log message: Use TLSEXT_TYPE_alpn instead of the stupid long one
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: k...@cvs.openbsd.org2023/04/24 09:31:14 Modified files: distrib/armv7/miniroot: Makefile.inc Log message: Change variable 'DISKTYPE' to 'FSDISKTYPE' like every other arch. No functional change. ok patrick@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: patr...@cvs.openbsd.org 2023/04/24 09:15:00 Modified files: sys/dev/fdt: dwpcie.c Log message: Enable MSI if the node contains an msi-map, like we already do in pciecam(4). This will make MSIs work on the Lenovo x13s as soon as an updated device tree is installed. Discussed with kettenis@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: k...@cvs.openbsd.org2023/04/24 09:12:14 Modified files: usr.sbin/vmd : parse.y vmd.c Log message: Missing the optional default config is not an error /var/log/{messages,daemon} logs ENOENT as error on default configless vmd. Only complain on explicitly passed files and print a debug hint under `-vv' in case someone forgot to populate their /etc/vm.conf. OK dv mlarkin
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: patr...@cvs.openbsd.org 2023/04/24 08:34:13 Modified files: sys/dev/fdt: qcpon.c Log message: Update qcpon(4) compatibles to match on qcom,pmk8350-pon, which is the updated binding in Linux 6.3 device trees. While there, remove retrieving the register address, as the new binding has an additional register with doesn't work with a single OF_getpropint(), and since we're not using it we don't need to keep it around.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: k...@cvs.openbsd.org2023/04/24 08:31:15 Modified files: usr.sbin/rcctl : rcctl.sh Log message: "ls rogue" needs root; OK aja
CVS: cvs.openbsd.org: xenocara
CVSROOT:/cvs Module name:xenocara Changes by: rob...@cvs.openbsd.org 2023/04/24 08:17:56 Modified files: lib/mesa/mk/libvulkan_radeon: Makefile Log message: add the build id for libvulkan_radeon just like the intel* modules this fixes an unveil issue where mesa was trying to stat the module to build an UUID because the build id was not available ok jsg@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: k...@cvs.openbsd.org2023/04/24 08:06:01 Modified files: usr.sbin/rdsetroot: rdsetroot.8 rdsetroot.c Log message: Add '-s' option to simply display the number of bytes available for the rdroot filesystem in the specified kernel. No behaviour change to existing uses of rdsetroot. Improved option handling & ok kn@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: k...@cvs.openbsd.org2023/04/24 06:11:56 Modified files: sys/netinet: in.c Log message: Hoist privilege checks further in6.c already has the privilege check as early as possible, make in.c match. For unprivileged IPv4 ioctl calls with invalid args, this changes errno from E* to EPERM. OK bluhm
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: ajacou...@cvs.openbsd.org 2023/04/24 05:54:29 Modified files: share/man/man5 : gnome-module.5 port-modules.5 Log message: gtk-update-icon-cache moved from being a gtk+3 subpackage to a gtk+4 one.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: kette...@cvs.openbsd.org2023/04/24 04:22:48 Modified files: sys/arch/arm64/arm64: machdep.c Log message: Enable branch target control flow enforcement on arm64. ok robert@, deraadt@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: kette...@cvs.openbsd.org2023/04/24 04:22:06 Modified files: sys/kern : kern_exec.c Log message: Abuse the wxallowed flag to decide whether we should enforce branch target or not. The idea is that since /usr/local has wxallowed by default this will enable enforcement for base while leaving ports alone for now. This will help us transition to a state where ports are properly marked and allow us to establish that base is really clean. Also add an exception for chrome. Chrome already appears to be clean on arm64 and this exception can be easily modified for testing other ports. This will screw over people that deliberately disable wxallowed on /usr/local or who don't have a separate partition for /usr/local. We think that is an acceptable compromise for the next months. ok robert@, deraadt@ (who came up with the idea)
CVS: cvs.openbsd.org: xenocara
CVSROOT:/cvs Module name:xenocara Changes by: bent...@cvs.openbsd.org 2023/04/24 03:28:39 Modified files: app/xtsscale : xtsscale.1 Log message: Fix spacing in rendered manpage.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: m...@cvs.openbsd.org2023/04/24 03:20:09 Modified files: sys/kern : uipc_socket.c Log message: Don't check `so_sp' within sofree(). The following isspliced() and issplicedback() already have this check. ok bluhm@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: jmatt...@cvs.openbsd.org2023/04/24 03:18:55 Modified files: sys/dev/pci: if_aq_pci.c Log message: Add initial support for Atlantic 2 hardware. Atlantic 2 has much more complicated rx processing, and here we're doing the bare minimum to get packets moving. RSS is not implemented yet, vlans and multicast (among others) probably don't work yet either. tested by kettenis@ on an M2 Mac Mini, and by me on an AQC113 card provided by Brad ok dlg@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2023/04/24 03:04:03 Modified files: sys/arch/amd64/amd64: acpi_machdep.c cpu.c hibernate_machdep.c Log message: Toggle IBT off during amd64 hibernate before dropping to real mode. Hibernate on IBT-capable MP systems broke when trying to quiesce cpus. Instead of finding the locations of endbr64 in the asm indirect jumps in acpi_wakecode.S, simply disable CR4.CET beforehand and re-enable on resume. This will also disable shadowstack, but there are no plans to use it. "this approach is fine" deraadt@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: rob...@cvs.openbsd.org 2023/04/24 02:59:09 Modified files: libexec/ld.so : library_subr.c Log message: do a cache lookup as well in case a full pathname is passed to dlopen
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2023/04/24 02:39:06 Modified files: lib/libcrypto/x509: x509.h x509_err.c Log message: Sort X.509 error reasons, use next available error value, and align error message with internal error code name. OK tb@ jsing@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2023/04/24 02:09:29 Modified files: lib/libcrypto/asn1: x_x509.c Log message: Revert 1.32 jsing@ noted that ASN1_OP_D2I_POST might not be the best place to introduce this check (as could lead to pushing errors (ASN1_R_AUX_ERROR) onto the stack). Additionally, without matching validation on the encoding side brittleness is introduced.