CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: yasu...@cvs.openbsd.org 2024/07/03 00:09:13 Modified files: usr.sbin/radiusd: radiusd.conf.5 Log message: Add missing "module standard". It is needed before use it.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2024/07/02 19:36:50 Modified files: sys/arch/alpha/alpha: lock_machdep.c sys/arch/alpha/include: mplock.h sys/arch/hppa/hppa: lock_machdep.c sys/arch/hppa/include: mplock.h sys/kern : kern_lock.c sys/sys: mplock.h Log message: remove __mp_release_all_but_one(), unused since sched_bsd.c rev 1.92 ok claudio@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: kette...@cvs.openbsd.org2024/07/02 16:28:29 Modified files: sys/dev/pci: pcidevs.h pcidevs_data.h Log message: regen
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: kette...@cvs.openbsd.org2024/07/02 16:28:02 Modified files: sys/dev/pci: pcidevs Log message: Add Qualcomm X1E80100
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: kette...@cvs.openbsd.org2024/07/02 13:59:54 Modified files: sys/arch/arm64/arm64: cpu.c Log message: Fix unintended comparison between signed and unsigned integer. C type conversion rules are hard, let's go shopping. ok patrick@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: patr...@cvs.openbsd.org 2024/07/02 13:44:37 Modified files: sys/dev/fdt: dwpcie.c Log message: Support the Qualcomm Snapdragon X Elite (X1E80100) PCIe controller. We do not do anything fancy for the SC8280XP either, so treat it equally. ok kettenis@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: patr...@cvs.openbsd.org 2024/07/02 13:43:52 Modified files: sys/dev/fdt: qcgpio_fdt.c Log message: >From what we currently use, the Qualcomm Snapdragon X Elite (X1E80100) GPIO controller is to be treated equally as the SC8280XP, apart from the new one having a few more pins. ok kettenis@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: patr...@cvs.openbsd.org 2024/07/02 13:41:52 Modified files: sys/arch/arm64/dev: smmu_fdt.c Log message: Give the Qualcomm Snapdragon X Elite (X1E80100) the same treatment as its predecessors and don't touch the SMMUv2. ok kettenis@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/07/02 12:33:47 Modified files: sys/net: pf.c sys/netinet: ip_input.c ip_mroute.c ip_output.c ip_var.h Log message: Read IPsec forwarding information once. Fix MP race between reading ip_forwarding in ip_input() and checking ip_forwarding == 2 in ip_output(). In theory ip_forwarding could be 2 during ip_input() and later 0 in ip_output(). Then a packet would be forwarded that was never allowed. Currently exclusive netlock in sysctl(2) prevents all races. Introduce IP_FORWARDING_IPSEC and pass it with the flags parameter that was introduced for IP_FORWARDING. Instead of calling m_tag_find(), traversing the list, and comparing with NULL, just check the PACKET_TAG_IPSEC_IN_DONE bit. Reading ipsec_in_use in ip_output() is a performance hack that is not necessary. New code only checks tree bits. OK mvs@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: flor...@cvs.openbsd.org 2024/07/02 11:41:27 Modified files: usr.sbin/rad : frontend.c Log message: Use correct idiom to get mac addresses from ethernet-like interfaces. This unbreaks rad(8) on top of carp(4). OK deraadt, bluhm
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dera...@cvs.openbsd.org 2024/07/02 10:18:45 Modified files: distrib/sets/lists/man: mi Log message: sync
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dera...@cvs.openbsd.org 2024/07/02 10:18:11 Modified files: usr.sbin/radiusd: Makefile Makefile.inc usr.sbin/radiusd/radiusd_bsdauth: Makefile usr.sbin/radiusd/radiusd_radius: Makefile usr.sbin/radiusd/radiusd_standard: Makefile Log message: minor cleanups, especially DPADD
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: kette...@cvs.openbsd.org2024/07/02 04:25:16 Modified files: sys/arch/arm64/arm64: cpu.c sys/arch/arm64/conf: Makefile.arm64 files.arm64 Added files: sys/arch/arm64/arm64: lse.S Log message: The traditional LL/SC atomics perform poorly on modern arm64 systems with many CPU cores. With the recent conversion of the sched lock to a mutex some systems appear to hang if the sched lock is contended. ARMv8.1 introduced an LSE feature that provides atomic instructions such as CAS that perform much better. Unfortunately these can't be used on older ARMv8.0 systems. Use -moutline-atomics to make the compiler generate function calls for atomic operations and provide an implementation for the functions we use in the kernel that use LSE when available and fall back on LL/SC. Fixes regressions seen on Ampere Altra and Apple M2 Pro/Max/Ultra since the conversion of the sched lock to a mutex. tested by claudio@, phessler@, mpi@ ok patrick@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: kette...@cvs.openbsd.org2024/07/02 02:27:04 Modified files: sys/dev/acpi : acpi.c Log message: Do not attach acpitz(4) if the _STA method indicates that a thermal zone isn't present. While it isn't clear whether _STA applies to thermal zones according to the ACPI standard, this prevents issues on the Asus Vivobook S15. ok miod@, patrick@, deraadt@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2024/07/02 00:01:22 Modified files: usr.sbin/radiusd: radiusd.conf.5 Log message: spelling, grammar, macro fixes for previous;
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: gkoeh...@cvs.openbsd.org2024/07/01 23:50:02 Modified files: sys/dev/hid: hidkbd.c Log message: Support numpad on newer macppc Apple PowerBooks This is for newer PowerBooks with ukbd(4), and doesn't affect older models with akbd(4). The Fn key now makes a numpad, 7 8 9 0 - 7 8 9 / = U I O P => 4 5 6 * J K L ; 1 2 3 - M . /0 . + Also, Fn+F6 is Num Lock. This acts like Num Lock on other USB keyboards, and unlike Num Lock on akbd(4). >From jon (at) elytron (dot) openbsd (dot) amsterdam
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: yasu...@cvs.openbsd.org 2024/07/01 18:35:56 Modified files: usr.sbin/radiusd: radiusd.conf.5 Log message: Fix previous. The place of "accounting" was wrong.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: yasu...@cvs.openbsd.org 2024/07/01 18:33:51 Modified files: usr.sbin/radiusd: parse.y radiusd.c radiusd.conf.5 radiusd.h radiusd_local.h radiusd_module.c radiusd_module.h radiusd_standard.8 radiusd_standard.c Log message: Add support for RADIUS accounting.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: yasu...@cvs.openbsd.org 2024/07/01 18:00:12 Modified files: usr.sbin/radiusd: parse.y radiusd.conf.5 usr.sbin/radiusd/radiusd_bsdauth: Makefile usr.sbin/radiusd/radiusd_radius: Makefile usr.sbin/radiusd/radiusd_standard: Makefile Added files: usr.sbin/radiusd: radiusd_bsdauth.8 radiusd_radius.8 radiusd_standard.8 Log message: Change the syntax for "module" and "authenticate". "module" can have a {} block now. On the other hand, "authentication" can be without a {} block. The previous syntax is still accepted. Also make specifying the path of "module" be optional.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: yasu...@cvs.openbsd.org 2024/07/01 17:53:30 Modified files: usr.sbin/radiusd: radiusd.c Log message: Stop scheduling an I/O event by the timer when the imsg_buf has the data larger than the imsg header. It prevented the receiver from receiving the following parts of the message.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dera...@cvs.openbsd.org 2024/07/01 12:52:22 Modified files: usr.bin/openssl: speed.c Log message: signal handler must use the save_errno dance, and massage a variable of type 'volatile sig_atomic_t' ok tb
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dera...@cvs.openbsd.org 2024/07/01 12:43:50 Modified files: usr.bin/bgplg : misc.c Log message: missing save_errno dance inside non-terminal signal handler
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2024/07/01 08:56:19 Modified files: usr.sbin/npppd/npppd: npppd.conf.5 Log message: tidy up the text in previous; ok yasuoka
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: yasu...@cvs.openbsd.org 2024/07/01 08:15:15 Modified files: sbin/iked : util.c Log message: Enclose IPv6 address in a square bracket if the address is used with the port number. ok florian tobhe
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: kette...@cvs.openbsd.org2024/07/01 08:13:44 Modified files: sys/dev/ofw: ofw_thermal.c Log message: Don't crash if we can't read the temperature for a zone while polling it. ok dv@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/07/01 06:06:45 Modified files: usr.sbin/syslogd: syslogd.c regress/usr.sbin/syslogd: args-client-tls.pl Log message: Explicit TLS handshake with syslog client. Add a new TLS handshake callback for incoming connections. This will allow to inspect the client certificate later. For now only print a debug message and check it in regress. with and OK henning@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: yasu...@cvs.openbsd.org 2024/07/01 01:09:07 Modified files: usr.sbin/npppd/npppd: chap.c npppd.conf.5 npppd.h npppd_radius.c pap.c parse.y ppp.c ppp.h Log message: Modify IPCP to use {D,NB}NS servers from RADIUS. Also move the radius related functions from ppp.c to npppd_radius.c.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: yasu...@cvs.openbsd.org 2024/06/30 23:20:01 Modified files: usr.sbin/radiusd: radiusd.c radiusd_local.h Log message: Exit with an error code when error or module die. CVS --
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: yasu...@cvs.openbsd.org 2024/06/30 23:18:16 Modified files: usr.sbin/radiusd: radiusd.c Log message: Set SO_REUSEADDR for the listening socket. This makes radiusd(8) can bind both on an interface address and a wildcard address.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2024/06/30 22:31:59 Modified files: usr.bin/ssh: version.h Log message: openssh-9.8
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2024/06/30 22:31:17 Modified files: usr.bin/ssh: clientloop.c Log message: when sending ObscureKeystrokeTiming chaff packets, we can't rely on channel_did_enqueue to tell that there is data to send. This flag indicates that the channels code enqueued a packet on _this_ ppoll() iteration, not that data was enqueued in _any_ ppoll() iteration in the timeslice. ok markus@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: yasu...@cvs.openbsd.org 2024/06/30 21:48:57 Modified files: usr.sbin/radiusd: radiusd.c Log message: Call daemon(3) before parse_config() since parse_config() of radiusd(8) starts some sub processes and parent-child relationship with them must be kept. But we want to show config error on stderr, so keep stdio files open and close them after parse_config().
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: yasu...@cvs.openbsd.org 2024/06/30 21:32:09 Modified files: usr.sbin/radiusd: radiusd_local.h Log message: Remove unused secret field from struct radiusd_authentication
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: yasu...@cvs.openbsd.org 2024/06/30 21:31:29 Modified files: usr.sbin/radiusd: radiusd.c radiusd_local.h Log message: Don't receive decoration when not requested.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: yasu...@cvs.openbsd.org 2024/06/30 21:29:21 Modified files: usr.sbin/radiusd: radiusd.c Log message: Show config error when -n
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: yasu...@cvs.openbsd.org 2024/06/30 21:27:31 Modified files: usr.sbin/radiusd: radiusd.c Log message: Add missing size check.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: yasu...@cvs.openbsd.org 2024/06/30 21:22:07 Modified files: usr.sbin/radiusd: radiusd.conf.5 Log message: "secret" without quote can be used for key or value since it is treated specially now.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: yasu...@cvs.openbsd.org 2024/06/30 21:17:00 Modified files: usr.sbin/radiusd: radiusd_radius.c Log message: Tweak a white space.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: yasu...@cvs.openbsd.org 2024/06/30 21:13:42 Modified files: usr.sbin/radiusd: parse.y Log message: Delete a garbage empty definition.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2024/06/30 18:05:43 Modified files: lib/libc/gen : times.3 Log message: Remove history of the tms struct. It is tied to the function, and the manual incorrectly claimed it first appeared in 4BSD. ok deraadt@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2024/06/30 17:57:31 Modified files: share/man/man8 : rc.8 Log message: correct history; first mention of /etc/rc in init manual pages was v4 ok deraadt@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dera...@cvs.openbsd.org 2024/06/30 12:17:10 Modified files: distrib/special/gzip: Makefile sys/arch/amd64/stand/boot: Makefile sys/arch/amd64/stand/cdboot: Makefile sys/arch/amd64/stand/efiboot: Makefile.common sys/arch/amd64/stand/pxeboot: Makefile sys/arch/arm64/stand/efiboot: Makefile sys/arch/armv7/stand/efiboot: Makefile sys/arch/i386/stand/boot: Makefile sys/arch/i386/stand/cdboot: Makefile sys/arch/i386/stand/pxeboot: Makefile sys/arch/riscv64/stand/efiboot: Makefile sys/lib/libz : Makefile zutil.h Log message: we don't need the NOBYFOUR space-savings option anymore, that codepath was replaced a while ago. ok tb
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dera...@cvs.openbsd.org 2024/06/30 11:30:54 Modified files: distrib/sets/lists/base: mi distrib/sets/lists/man: mi etc: Makefile sbin : Makefile Removed files: etc/examples : dhclient.conf sbin/dhclient : Makefile bpf.c clparse.c conflex.c dhclient.8 dhclient.c dhclient.conf.5 dhclient.leases.5 dhcp.h dhcpd.h dhctoken.h dispatch.c kroute.c log.c log.h options.c packet.c parse.c privsep.c privsep.h Log message: delete dhclient(8). ipv4 dhcp leases have been acquired by the always-running-in-background dhcpleased(8) for a while, which is activated per-interface with "ifconfig $if autoconf', or "ifconfig $if inet autoconf", or with "inet autoconf" in /etc/hostname.$if dhclient(8) has done execve(3) of ifconfig(8) to handle this for a while, so everyone has moved to the dhcpleased(8) method ok florian
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: flor...@cvs.openbsd.org 2024/06/30 10:10:26 Modified files: sbin/unwind: unwind.conf.5 Log message: Clearify "force" and "preference" interaction. Problem reported by Kirill A. Korinsky OK kn
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/06/30 08:13:08 Modified files: lib/libcrypto/lhash: lhash.c lhash_local.h Log message: Remove lhash statistics. These are not exactly useful and we previously stopped exposing them. ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: k...@cvs.openbsd.org2024/06/30 06:03:17 Modified files: sys/dev/ic : nvme.c Log message: Use howmany() to calculate how many prpl entries are needed to describe a hibernate i/o. Use of howmany() suggested by jmatthew@, ok jmatthew@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: ke...@cvs.openbsd.org 2024/06/30 02:13:02 Modified files: share/man/man4 : pci.4 rge.4 sys/dev/pci: if_rge.c if_rgereg.h Log message: Add support for the Realtek RTL8126 chip to the rge(4) driver. The RTL8126 is a PCIe to 5Gb Ethernet controller.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: ke...@cvs.openbsd.org 2024/06/30 02:12:06 Modified files: sys/dev/pci: pcidevs.h pcidevs_data.h Log message: regen
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: ke...@cvs.openbsd.org 2024/06/30 02:11:36 Modified files: sys/dev/pci: pcidevs Log message: Add Realtek RTL8126.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2024/06/29 23:16:17 Modified files: lib/libz : infback.c inffast.c inflate.c Log message: cast string literals with z_const char * from upstream 2ba25b2ddab9aa939c321d087fcfca573a9cca55
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2024/06/29 23:13:38 Modified files: lib/libz : zlib.h Log message: Z_HUFFMAN -> Z_HUFFMAN_ONLY + linewrapping churn in a comment from upstream 0f3b7b9595cc7d85c3b13282e71fcecef7f18f9c
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2024/06/29 18:29:36 Modified files: sys/dev/acpi : acpivar.h Log message: remove struct acpi_parsestate, unused since dsdt.c rev 1.16
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2024/06/29 17:37:50 Modified files: sys/dev/acpi : acpivar.h Log message: remove struct acpi_dev_rank, unused since acpi.c rev 1.144
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: flor...@cvs.openbsd.org 2024/06/29 11:25:56 Modified files: sbin/unwind: resolver.c Log message: Disable the shared cache between resolvers for now. Since the latest libunbound update the frontend process would segfault about once a day on one of my MX servers with what looks like a use-after-free deep inside of libunbound. Maybe we are poking too much at internals and the shared cache is too much of a hack. #ifdef for now to ease investigation, but it is possible that this code just has to go.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2024/06/29 10:10:08 Modified files: lib/libz : compress.3 Log message: Z_HUFFMAN -> Z_HUFFMAN_ONLY from upstream 0f3b7b9595cc7d85c3b13282e71fcecef7f18f9c
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2024/06/29 06:09:51 Modified files: sbin/ifconfig : ifconfig.c Log message: remove unused vars
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: yasu...@cvs.openbsd.org 2024/06/29 05:50:31 Modified files: lib/libradius : radius.h Log message: Fix typos in previous.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2024/06/29 05:32:35 Modified files: usr.bin/kdump : kdump.c Log message: remove unused vars
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2024/06/29 01:34:12 Modified files: lib/libssl : ssl_lib.c Log message: fix typo
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: yasu...@cvs.openbsd.org 2024/06/29 01:19:18 Modified files: lib/libradius : radius.h Log message: Add variables for RFC 5176 Error Cause.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: yasu...@cvs.openbsd.org 2024/06/28 18:53:57 Modified files: lib/libradius : radius.h Log message: Add variables for DAE for RADIUS (RFC 5176).
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/06/28 15:36:05 Modified files: regress/sys/kern: Makefile Log message: Link regress unp-write-closed to build.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: m...@cvs.openbsd.org2024/06/28 15:30:24 Modified files: sys/kern : uipc_socket2.c uipc_usrreq.c sys/miscfs/fifofs: fifo_vnops.c Log message: Restore original EPIPE and ENOTCONN errors priority in the uipc_send() path changed in rev 1.206. At least acme-client(1) is not happy with this change. Reported by claudio. Tests and ok by bluhm.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/06/28 15:07:27 Log message: Test writing to socket pair closed by the other side. This must trigger EPIPE error. with and OK mvs@ Status: Vendor Tag: bluhm Release Tags: bluhm_20240628 N src/regress/sys/kern/unp-write-closed/Makefile N src/regress/sys/kern/unp-write-closed/unp-write-closed.c No conflicts created by this import
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2024/06/28 08:50:37 Modified files: regress/lib/libssl/unit: ssl_set_alpn_protos.c Log message: Add more regress coverage for SSL_select_next_proto()
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2024/06/28 08:48:43 Modified files: lib/libssl/man : SSL_CTX_set_alpn_select_cb.3 Log message: The ALPN callback should really ignore the out parameter if there's no overlap. Document that explicitly. Also make it more explicit that that the caller must work with a copy of out. ok jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2024/06/28 08:46:31 Modified files: sys/dev/pv : if_vio.c Log message: Cleanup control queue checks in vio(4). Add missing newlines in prints while here. ok sf@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2024/06/28 08:46:19 Modified files: lib/libssl : ssl_lib.c Log message: Fix SSL_select_next_proto() SSL_select_next_proto() is already quite broken by its design: const in, non-const out, with the intention of pointing somewhere inside of the two input pointers. A length returned in an unsigned char (because, you know, the individual protocols are encoded in Pascal strings). Can't signal uailure either. It also has an unreachable public return code. Also, due to originally catering to NPN, this function opportunistically selects a protocol from the second input (client) parameters, which makes little sense for ALPN since that means the server falls back to a protocol it doesn't (want to) support. If there's no overlap, it's the callback's job to signal error to its caller for ALPN. As if that wasn't enough misdesign and bugs, the one we're concerned with here wasn't reported to us twice in ten years is that if you pass this API a zero-length (or a sufficiently malformed client protocol list), it would return a pointer pointing somewhere into the heap instead into one of the two input pointers. This pointer could then be interpreted as a Pascal string, resulting in an information disclosure of up to 255 bytes from the heap to the peer, or a crash. This can only happen for NPN (where it does happen in old python and node). A long time ago jsing removed NPN support from LibreSSL, because it had an utter garbage implementation and because it was practically unused. First it was already replaced by the somewhat less bad ALPN, and the only users were the always same language bindings that tend to use every feature they shouldn't use. There were a lot of complaints due to failing test cases in there, but in the end the decision turned out to be the right one: the consequence is that LibreSSL isn't vulnerable to CVE-2024-5535. Still, there is a bug here to fix. It is completely straightforward to do so. Rewrite this mess using CBS, preserving the current behavior. Also, we do not follow BoringSSL's renaming of the variables. It would result in confusing code in almost all alpn callbacks I've seen in the wild. The only exception is the accidental example of Qt. ok jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/06/28 07:37:49 Modified files: lib/libssl : ssl_packet.c Log message: Remove handling of SSLv2 client hello messages. This code was only previously enabled if the minimum enabled version was TLSv1.0 and a non-version locked method is in use. Since TLSv1.0 and TLSv1.1 were disabled nearly a year ago, this code is no longer ever being used. ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2024/06/27 21:37:58 Modified files: sys/dev/pci/drm/amd/pm/legacy-dpm: amdgpu_kv_dpm.c Log message: drm/amdgpu: fix UBSAN warning in kv_dpm.c >From Alex Deucher b065d79ed06a0bb4377bc6dcc2ff0cb1f55a798f in linux-6.6.y/6.6.36 f0d576f840153392d04b2d52cf3adab8f62e8cb6 in mainline linux
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2024/06/27 21:35:06 Modified files: sys/dev/pci/drm/radeon: sumo_dpm.c Log message: drm/radeon: fix UBSAN warning in kv_dpm.c >From Alex Deucher 9e57611182a817824a17b1c3dd300ee74a174b42 in linux-6.6.y/6.6.36 a498df5421fd737d11bfd152428ba6b1c8538321 in mainline linux
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2024/06/27 21:33:00 Modified files: sys/dev/pci/drm/i915/display: intel_dp.c Log message: drm/i915/mso: using joiner is not possible with eDP MSO >From Jani Nikula e7bda1f8ba8436266f7e49778009bf9995d1c801 in linux-6.6.y/6.6.36 49cc17967be95d64606d5684416ee51eec35e84a in mainline linux
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2024/06/27 17:01:15 Modified files: usr.bin/ssh: sshd.c Log message: delete obsolete comment
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2024/06/27 16:36:44 Modified files: usr.bin/ssh: log.c log.h Log message: retire unused API
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mgloc...@cvs.openbsd.org2024/06/27 15:35:34 Modified files: sys/dev/ic : ufshci.c Log message: Clear interrupt before we process the request as specified in the documentation.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2024/06/27 15:02:16 Modified files: usr.bin/ssh: ssh.1 Log message: ssl(8) no longer contains a HISTORY section;
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2024/06/27 14:15:50 Modified files: usr.sbin/dhcpd : dhcp-options.5 Log message: space before punctuation in macro;
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: flor...@cvs.openbsd.org 2024/06/27 10:39:31 Modified files: usr.sbin/dhcpd : dhcp-options.5 dhcpd.8 dhcpd.leases.5 parse.c usr.sbin/dhcrelay: dhcrelay.8 Log message: Remove outdated references to dhclient, it's finally going away. Input & OK jmc
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: flor...@cvs.openbsd.org 2024/06/27 08:53:06 Modified files: sbin/dhcpleased: frontend.c Log message: dhclient hasn't prodded us in a long time to renew a lease. OK deraadt
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: kette...@cvs.openbsd.org2024/06/27 03:40:15 Modified files: sys/dev/fdt: rktemp.c Log message: Implement ts_set_limit() for rk3588. This makes thermal zones on rk3588 boards work. This should make DVFS safe on those boards. Note that the device trees shipped with the current u-boot-rk3588 package do not include the necessary support for DVFS and thermal zones yet. ok dlg@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: kette...@cvs.openbsd.org2024/06/27 03:37:07 Modified files: sys/dev/ofw: ofw_thermal.c ofw_thermal.h Log message: Implement an optional callback function for thermal sensors to set a trip limit to support thermal zones that don't do polling. Thermal sensor drivers should implement this callback if they can generate an interrupt when the trop limit is reached and should call thermal_senser_update() when that happens. ok dlg@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dera...@cvs.openbsd.org 2024/06/26 17:16:52 Modified files: usr.bin/ssh: sshd-session.c Log message: Instead of using possibly complex ssh_signal(), write all the parts of the grace_alarm_handler() using the exact things allowed by the signal-safe rules. This is a good rule of thumb: Handlers should be written to either set a global volatile sig_atomic_t inspected from outside, and/or directly perform only safe operations listed in our sigaction(2) manual page. ok djm markus
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dera...@cvs.openbsd.org 2024/06/26 17:14:14 Modified files: usr.bin/ssh: scp.c sftp.c Log message: save_errno wrappers inside two small signal handlers that perform system calls, for systems with libc that do perform libc sigtramps. ok djm markus
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: a...@cvs.openbsd.org2024/06/26 15:41:30 Modified files: sys/dev/ic : nvmevar.h Log message: Remove unnecessary structure declaration. ok jsg@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: m...@cvs.openbsd.org2024/06/26 06:23:36 Modified files: sys/kern : uipc_usrreq.c Log message: Push socket re-lock to the vnode(9) release path within unp_detach(). The only reason to re-lock dying `so' is the lock order with vnode(9) lock, thus `unp_gc_lock' rwlock(9) could be taken after solock(). ok bluhm
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: clau...@cvs.openbsd.org 2024/06/26 02:28:45 Modified files: usr.sbin/bgpd : version.h Log message: Bump version
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2024/06/25 21:39:49 Modified files: lib/libssl : ssl_tlsext.c Log message: tls_extension_find(): make output index optional suggested by jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2024/06/25 19:40:49 Modified files: sys/arch/amd64/amd64: machdep.c vmm_machdep.c sys/arch/armv7/armv7: intr.c sys/arch/armv7/omap: intc.c omusbtll.c sys/arch/i386/stand/libsa: machdep.c sys/arch/luna88k/dev: xp.c sys/arch/m88k/include: asm_macro.h sys/arch/m88k/m88k: db_trace.c sys/arch/octeon/include: octeon_model.h sys/arch/riscv64/riscv64: intr.c sys/arch/sh/sh : interrupt.c sys/arch/sparc64/include: ctlreg.h psl.h sys/arch/sparc64/sparc64: db_interface.c pmap.c sys/arch/sparc64/stand/ofwboot: diskprobe.c sys/dev/acpi : acpidebug.c acpidmar.c acpidmar.h dsdt.c sys/dev/ic : aic7xxx_openbsd.h ami.c bt463.c iosf.c rtwn.c sys/dev/isa: ess_isapnp.c sys/dev/mii: eephy.c xmphy.c sys/dev/pci/bktr: bktr_core.c sys/dev/pci: if_bnxt.c if_em_hw.c if_iwx.c if_sk.c virtio_pci.c yds.c sys/dev/pv : if_vio.c vioblk.c viocon.c viornd.c sys/dev/wscons : wsmouse.c sys/kern : kern_malloc.c sys/net: if_pppoe.c sys/nfs: nfs_syscalls.c Log message: return type on a dedicated line when declaring functions ok mglocker@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/06/25 16:01:06 Modified files: usr.sbin/bgpd : Tag: OPENBSD_7_4 rde_prefix.c Log message: When filling prefixes with pt_writebuf() keep 2 bytes reserved in the withdraw case. Those bytes are needed for the attribute length field. Without this withdraw messages can become overfull and are dropped without notice. Problem found and fix tested by denis@ from claudio@; OK denis@ tb@ this is errata/7.4/017_bgpd.patch.sig
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/06/25 16:00:25 Modified files: usr.sbin/bgpd : Tag: OPENBSD_7_5 rde_prefix.c Log message: When filling prefixes with pt_writebuf() keep 2 bytes reserved in the withdraw case. Those bytes are needed for the attribute length field. Without this withdraw messages can become overfull and are dropped without notice. Problem found and fix tested by denis@ from claudio@; OK denis@ tb@ this is errata/7.5/004_bgpd.patch.sig
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2024/06/25 08:10:45 Modified files: lib/libssl : Makefile ssl_local.h ssl_srvr.c Log message: Implement RSA key exchange in constant time. RSA key exchange is known to have multiple security weaknesses, including being potentially susceptible to padding oracle and timing attacks. The RSA key exchange code that we inherited from OpenSSL was riddled with timing leaks, many of which we fixed (or minimised) early on. However, a number of issues still remained, particularly those related to libcrypto's RSA decryption and padding checks. Rework the RSA key exchange code such that we decrypt with RSA_NO_PADDING and then check the padding ourselves in constant time. In this case, the pre-master secret is of a known length, hence the padding is also a known length based on the size of the RSA key. This makes it easy to implement a check that is much safer than having RSA_private_decrypt() depad for us. Regardless, we still strongly recommend disabling RSA key exchange and using other key exchange methods that provide perfect forward secrecy and do not depend on client generated keys. Thanks to Marcel Maehren, Nurullah Erinola, Robert Merget, Juraj Somorovsky, Joerg Schwenk and Hubert Kario for raising these issues with us at various points in time. ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: clau...@cvs.openbsd.org 2024/06/25 07:21:18 Modified files: usr.sbin/bgpd : rde_prefix.c Log message: When filling prefixes with pt_writebuf() keep 2 bytes reserved in the withdraw case. Those bytes are needed for the attribute length field. Without this withdraw messages can become overfull and are dropped without notice. Problem found and fix tested by denis@ OK denis@ tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: kette...@cvs.openbsd.org2024/06/25 06:02:48 Modified files: sys/arch/amd64/amd64: intr.c Log message: Print the last non-wakeup interrupt received during suspend. Note that this may print an (MSI) interrupt that sneaks in just before we actually enter the idle loop on the primary CPU. While such an interrupt shouldn't happen, they won't prevent the machine from reaching a low power idle state. So at this point these non-wakeup interrupts only need to be investigated when the primary CPU gets woken up repeatedly. ok mglocker@, deraadt@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: kette...@cvs.openbsd.org2024/06/25 05:57:10 Modified files: sys/dev/acpi : acpi.c acpi_x86.c acpiec.c acpivar.h Log message: Implement sleep button and EC events as wakeup events. Print the wakeup reason. ok mglocker@, deraadt@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2024/06/24 23:46:48 Modified files: lib/libssl : ssl_tlsext.c Log message: Fix TLS extension shuffling The diff decoupling the shuffle from the table order still relied on PSK being last because it failed to adjust the upper bound in the for loop. ok jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/06/24 15:22:14 Modified files: sys/arch/amd64/amd64: identcpu.c sys/arch/amd64/include: cpu.h specialreg.h Log message: Show AMD SEV bits during identify CPU in dmesg. Enable identifycpu() to discover and show AMD SEV related information provided by cpuid. The "crypt bit" for page table entries is stored in amd64_pos_cbit, although it is not used yet. Registers ecx and edx provide the number of guest and minimum ASID for SEV-only guests. At least the latter value can be configured in the BIOS, so it is useful to have this information in dmesg. Therefore define emtpy bit masks for printf("%b") to get the raw numbers. from hshoexer@; OK mlarkin@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mgloc...@cvs.openbsd.org2024/06/24 09:56:07 Modified files: sys/dev/acpi : acpibat.c Log message: Some machines send AC change notifications to acpibat(4). Forward this notification to acpiac(4), so that the AC status can be reflected correctly to programs like apm(8). This for example fixes the AC status on the Microsoft Surface Go 4. Help from kettenis@ ok deraadt@, kettenis@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dera...@cvs.openbsd.org 2024/06/24 08:39:28 Modified files: lib/libc/sys : swapctl.2 Log message: changing EINVAL from "has no associated size" to "has insufficient size" does a better job of covering the case of partition not configured (size = 0) or other too-small decision the kernel may make
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/06/24 06:19:19 Modified files: sys/netinet: ip_input.c Log message: Explicitly allocate stack memory for ICMP payload in IPv4 forward. Old ip_forward() allocated a fake mbuf copy on the stack to send an ICMP packet after ip_output() has failed. It seems easier to just copy the data onto the stack that icmp_error() may use. Only if the ICMP error packet is acutally sent, create the mbuf. m_dup_pkthdr() uses atomic operation to link the incpb to mbuf. pf_pkt_addr_changed() was immediately called afterwards to remove the linkage again. Also m_tag_delete_chain() was overhead. New code uses less CPU locking in the hot path. OK deraadt@ claudio@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: n...@cvs.openbsd.org2024/06/24 02:30:50 Modified files: usr.bin/tmux : cmd-refresh-client.c input.c tmux.1 tmux.h tty-keys.c window.c Log message: Add a way (refresh-client -r) for control mode clients to provide OSC 10 and 11 responses to tmux so they can set the default foreground and background colours, from George Nachman in GitHub issue 4014.