Re: new feature in pkg_add(1)
On Wed, Jun 22, 2016 at 02:19:26PM +0200, Marc Espie wrote: > On Tue, Jun 21, 2016 at 10:43:07PM +0200, Patrik Lundin wrote: > > The reason for doing this is that it is much faster than just blindly > > trying to install a package, and does not hammer mirrors needlessly. > > > > Are there any plans to teach pkg_info -e about "%"? Is it even possible? > > Okay, just committed the exit code fix. > > pkg_info -Iq inst:python%3.5 > will perform just as you would expect. Awesome :). I will play around with this and see what I can come up with, thanks! -- Patrik Lundin
Re: Allow device/fifo creation with zipped archives
On Wed, Jun 22, 2016 at 09:02:03PM -0400, tro...@kagu-tsuchi.com wrote: > As brought up on misc@ pax doesn't allow creation of devices or fifos without > the p flag, however this is only when the archive is not compressed. If you > compress the archive, you can create them upon decompression/unarchiving. > Since dpath was added to allow creation of devices in the pledge call for the > non-compression code path, I am assuming it was meant to be added to the > compresson code path as well. > > Tim. > > > Index: pax.c > === > RCS file: /cvs/src/bin/pax/pax.c,v > retrieving revision 1.44 > diff -u -p -r1.44 pax.c > --- pax.c 16 Dec 2015 01:39:11 - 1.44 > +++ pax.c 23 Jun 2016 00:40:55 - > @@ -267,7 +267,7 @@ main(int argc, char **argv) > > /* Copy mode, or no gzip -- don't need to fork/exec. */ > if (gzip_program == NULL || act == COPY) { > - if (pledge("stdio rpath wpath fattr cpath getpw ioctl", > + if (pledge("stdio rpath wpath dpath fattr cpath getpw > ioctl", > NULL) == -1) > err(1, "pledge"); > } > I agree with your diff. While here, reorder pledge promises to make the order consistent in pax. There are 3 pledges calls and with same order it makes differencies more obvious. OK ? -- Sebastien Marie Index: pax.c === RCS file: /cvs/src/bin/pax/pax.c,v retrieving revision 1.44 diff -u -p -r1.44 pax.c --- pax.c 16 Dec 2015 01:39:11 - 1.44 +++ pax.c 23 Jun 2016 04:38:34 - @@ -261,13 +261,13 @@ main(int argc, char **argv) * so can't pledge at all then. */ if (pmode == 0 || (act != EXTRACT && act != COPY)) { - if (pledge("stdio rpath wpath cpath dpath fattr getpw ioctl proc exec", + if (pledge("stdio rpath wpath cpath fattr dpath getpw ioctl proc exec", NULL) == -1) err(1, "pledge"); /* Copy mode, or no gzip -- don't need to fork/exec. */ if (gzip_program == NULL || act == COPY) { - if (pledge("stdio rpath wpath fattr cpath getpw ioctl", + if (pledge("stdio rpath wpath cpath fattr dpath getpw ioctl", NULL) == -1) err(1, "pledge"); }
Re: sqlite3 update
Stuart Henderson wrote: > Turns out I forgot about the pthread stubs, without which there > are build failures in mandoc and various ports things unless we link > them with -lpthread. This broke a few things in my first ports test > build, but thanks to guenther's work it should now be valid to pull > this in via an inter-library dependency rather than having to > sprinkle it over mandoc and lots of the ports tree. > Index: Makefile > -# so that it works with NO THREADS > -SRCS += pthread_stub.c > - > -#mem3.c mem5.c > +SRCS = sqlite3.c > +LDADD = -lpthread Why are we dropping the stubs in favor of linking with libpthread?
Re: opencvs - fix revision lookups for branches
Yes please. As noted in older thread that XXX block in rcs.c produced side effects with cvs annotate. https://marc.info/?l=openbsd-tech=144757775319206=2 On Wed, Jun 22, 2016 at 05:20:01PM +0200, Joris Vink wrote: > On Wed, Jun 22, 2016 at 09:07:03AM -0600, Todd C. Miller wrote: > > On Wed, 22 Jun 2016 12:21:56 +0200, Joris Vink wrote: > > > Index: rcs.c > > > === > > > RCS file: /cvs/src/usr.bin/cvs/rcs.c,v > > > retrieving revision 1.313 > > > diff -u -p -r1.313 rcs.c > > > --- rcs.c 5 Nov 2015 09:48:21 - 1.313 > > > +++ rcs.c 22 Jun 2016 09:52:04 - > > > @@ -1796,17 +1796,13 @@ rcs_rev_getlines(RCSFILE *rfp, RCSNUM *f > > > > > > again: > > > for (;;) { > > > + if (rdp == NULL) > > > + break; > > > > Wouldn't this be easier to read as: > > > > while (rdp != NULL) { > > Yes, updated diff below. > > .joris > > Index: rcs.c > === > RCS file: /cvs/src/usr.bin/cvs/rcs.c,v > retrieving revision 1.313 > diff -u -p -r1.313 rcs.c > --- rcs.c 5 Nov 2015 09:48:21 - 1.313 > +++ rcs.c 22 Jun 2016 15:13:14 - > @@ -1795,18 +1795,11 @@ rcs_rev_getlines(RCSFILE *rfp, RCSNUM *f > goto done; > > again: > - for (;;) { > + while (rdp != NULL) { > if (rdp->rd_next->rn_len != 0) { > trdp = rcs_findrev(rfp, rdp->rd_next); > if (trdp == NULL) > fatal("failed to grab next revision"); > - } else { > - /* > - * XXX Fail, although the caller does not always do the > - * right thing (eg cvs diff when the tree is ahead of > - * the repository). > - */ > - break; > } > > if (rdp->rd_tlen == 0) { > @@ -1857,7 +1850,7 @@ again: > } > > next: > - if (!rcsnum_differ(rdp->rd_num, frev)) > + if (rdp == NULL || !rcsnum_differ(rdp->rd_num, frev)) > done = 1; > > if (RCSNUM_ISBRANCHREV(frev) && done != 1) { > @@ -2045,6 +2038,7 @@ rcs_rev_getbuf(RCSFILE *rfp, RCSNUM *rev > struct rcs_delta *rdp; > struct rcs_lines *lines; > struct rcs_line *lp, *nlp; > + char version[RCSNUM_MAXSTR]; > BUF *bp; > > rdp = NULL; > @@ -2057,8 +2051,12 @@ rcs_rev_getbuf(RCSFILE *rfp, RCSNUM *rev > expmode = rcs_kwexp_get(rfp); > > if (!(expmode & RCS_KWEXP_NONE)) { > - if ((rdp = rcs_findrev(rfp, rev)) == NULL) > - fatal("could not fetch revision"); > + if ((rdp = rcs_findrev(rfp, rev)) == NULL) { > + rcsnum_tostr(rev, version, sizeof(version)); > + fatal("could not find desired version %s in %s", > + version, rfp->rf_path); > + } > + > expand = 1; > } > } >
unit test for fix included in r1.13 of bin/cat/cat.c
Hello, The patch below adds a regress test to check the behaviour of cat when invoked with the flags '-se' to ensure blank lines contain a dollar sign. The attached patch reverts the fix from r1.13 on the latest version of cat which allowed me to perform a comparison test. This fix was committed to the tree over 14 years ago, I understand if it's not of interest, I benefited from putting together the test. Sevan Janiyan Index: regress/bin/Makefile === RCS file: /cvs/src/regress/bin/Makefile,v retrieving revision 1.9 diff -u -p -u -r1.9 Makefile --- regress/bin/Makefile15 Jun 2015 09:25:22 - 1.9 +++ regress/bin/Makefile23 Jun 2016 02:43:46 - @@ -1,6 +1,6 @@ # $OpenBSD: Makefile,v 1.9 2015/06/15 09:25:22 florian Exp $ -SUBDIR+= chmod ksh ln md5 pax ps systrace test +SUBDIR+= cat chmod ksh ln md5 pax ps systrace test install: Index: regress/bin/cat/Makefile === RCS file: regress/bin/cat/Makefile diff -N regress/bin/cat/Makefile --- /dev/null 1 Jan 1970 00:00:00 - +++ regress/bin/cat/Makefile23 Jun 2016 02:43:46 - @@ -0,0 +1,8 @@ +# $OpenBSD$ + +REGRESS_TARGETS=cat_se + +cat_se: + cat -se ${.CURDIR}/cat_se.in | cmp -s ${.CURDIR}/cat_se.out /dev/stdin + +.include Index: regress/bin/cat/cat_se.in === RCS file: regress/bin/cat/cat_se.in diff -N regress/bin/cat/cat_se.in --- /dev/null 1 Jan 1970 00:00:00 - +++ regress/bin/cat/cat_se.in 23 Jun 2016 02:43:46 - @@ -0,0 +1,3 @@ + +Free, functional and secure + Index: regress/bin/cat/cat_se.out === RCS file: regress/bin/cat/cat_se.out diff -N regress/bin/cat/cat_se.out --- /dev/null 1 Jan 1970 00:00:00 - +++ regress/bin/cat/cat_se.out 23 Jun 2016 02:43:46 - @@ -0,0 +1,3 @@ +$ +Free, functional and secure$ +$ Index: cat.c === RCS file: /cvs/src/bin/cat/cat.c,v retrieving revision 1.24 diff -u -p -u -r1.24 cat.c --- cat.c 4 Nov 2015 21:28:01 - 1.24 +++ cat.c 23 Jun 2016 02:35:15 - @@ -145,23 +145,29 @@ cook_buf(FILE *fp) line = gobble = 0; for (prev = '\n'; (ch = getc(fp)) != EOF; prev = ch) { if (prev == '\n') { - if (sflag) { - if (ch == '\n') { - if (gobble) - continue; + if (ch == '\n') { + if (sflag) { + if (!gobble && putchar(ch) == EOF) + break; gobble = 1; - } else - gobble = 0; - } - if (nflag && (!bflag || ch != '\n')) { + continue; + } + if (nflag && !bflag) { + (void)fprintf(stdout, "%6d\t", ++line); + if (ferror(stdout)) + break; + } + } else if (nflag) { (void)fprintf(stdout, "%6d\t", ++line); if (ferror(stdout)) break; } } + gobble = 0; if (ch == '\n') { - if (eflag && putchar('$') == EOF) - break; + if (eflag) + if (putchar('$') == EOF) + break; } else if (ch == '\t') { if (tflag) { if (putchar('^') == EOF || putchar('I') == EOF)
Allow device/fifo creation with zipped archives
As brought up on misc@ pax doesn't allow creation of devices or fifos without the p flag, however this is only when the archive is not compressed. If you compress the archive, you can create them upon decompression/unarchiving. Since dpath was added to allow creation of devices in the pledge call for the non-compression code path, I am assuming it was meant to be added to the compresson code path as well. Tim. Index: pax.c === RCS file: /cvs/src/bin/pax/pax.c,v retrieving revision 1.44 diff -u -p -r1.44 pax.c --- pax.c 16 Dec 2015 01:39:11 - 1.44 +++ pax.c 23 Jun 2016 00:40:55 - @@ -267,7 +267,7 @@ main(int argc, char **argv) /* Copy mode, or no gzip -- don't need to fork/exec. */ if (gzip_program == NULL || act == COPY) { - if (pledge("stdio rpath wpath fattr cpath getpw ioctl", + if (pledge("stdio rpath wpath dpath fattr cpath getpw ioctl", NULL) == -1) err(1, "pledge"); }
Re: sqlite3 update
On 2016/06/22 00:10, Stuart Henderson wrote: > On 2016/06/08 19:01, James Turner wrote: > > I prefer option 2. Switch to the amalgamation with our changes on top. > > I've been looking at this. I don't really like any of the options > but this seems the "least worst" one. I'm not terribly happy about > this, but I don't see what else we can really do at present. > > Current version of this diff is a horrendous 480K lines / 17MB > uncompressed, so it's at https://junkpile.org/sqlite-3.11.0.diff.gz > rather than in this mail, and I am just starting a ports build > with it. Results from the ports build are in. pthread is a slight problem; most things are fine, but there are a couple of ports which statically link libsqlite3 and those of course don't pull in libpthread.
Re: pf divert port reuse
On Wed, Jun 22, 2016 at 08:15:09PM +0200, Mike Belopuhov wrote: > Can you or benno test NAT64 with this change? > In case of weird behavior do this: > > int sidx = pd->af == pd->naf ? pd->sidx : pd->didx; > int didx = pd->af == pd->naf ? pd->didx : pd->sidx; > > And use sidx/didx throughout instead of pd->sidx and pd->didx. > > I'm pretty sure you need to do this trick, but I'm not 100% > certain. af-to state lookup in pf_get_sport() is quite broken. Jun 23 00:25:26 q70 /bsd: pf: af-to inet6 rdr, 10.188.70.17:3003 -> 10.188.216.114:7 Jun 23 00:25:26 q70 /bsd: pf: find state all dir=out, af=24, key0: fdd7:e83e:66bc:211:725f:caff:fe21:8d70[10001], key1: abc:d872::[7], proto=17 Jun 23 00:25:26 q70 /bsd: pf: af-to inet6 rdr done, prefixlen 120, fdd7:e83e:66bc:211:725f:caff:fe21:8d70[10001] -> fdd7:e83e:66bc:212:725f:caff:fe21:8d72[7] Look at the key1: abc:d872::[7], that is the IPv4 address used as IPv6. pf_get_transaddr_af() will fix the prefix later. As there is more work to be done for af-to, I propose this version of the nat-to fix. With the explicit variables sidx and didx we can swap it easily if we will need it. bluhm Index: net/pf_lb.c === RCS file: /data/mirror/openbsd/cvs/src/sys/net/pf_lb.c,v retrieving revision 1.53 diff -u -p -r1.53 pf_lb.c --- net/pf_lb.c 15 Jun 2016 11:36:06 - 1.53 +++ net/pf_lb.c 22 Jun 2016 22:18:30 - @@ -155,6 +155,9 @@ pf_get_sport(struct pf_pdesc *pd, struct struct pf_state_key_cmp key; struct pf_addr init_addr; u_int16_t cut; + int dir = (pd->dir == PF_IN) ? PF_OUT : PF_IN; + int sidx = pd->sidx; + int didx = pd->didx; bzero(_addr, sizeof(init_addr)); if (pf_map_addr(pd->naf, r, >nsaddr, naddr, _addr, sn, >nat, @@ -182,9 +185,9 @@ pf_get_sport(struct pf_pdesc *pd, struct key.af = pd->naf; key.proto = pd->proto; key.rdomain = pd->rdomain; - PF_ACPY([0], >ndaddr, key.af); - PF_ACPY([1], naddr, key.af); - key.port[0] = pd->ndport; + PF_ACPY([didx], >ndaddr, key.af); + PF_ACPY([sidx], naddr, key.af); + key.port[didx] = pd->ndport; /* * port search; start random, step; @@ -194,20 +197,20 @@ pf_get_sport(struct pf_pdesc *pd, struct pd->proto == IPPROTO_ICMP || pd->proto == IPPROTO_ICMPV6)) { /* XXX bug: icmp states dont use the id on both * XXX sides (traceroute -I through nat) */ - key.port[1] = pd->nsport; - if (pf_find_state_all(, PF_IN, NULL) == NULL) { + key.port[sidx] = pd->nsport; + if (pf_find_state_all(, dir, NULL) == NULL) { *nport = pd->nsport; return (0); } } else if (low == 0 && high == 0) { - key.port[1] = pd->nsport; - if (pf_find_state_all(, PF_IN, NULL) == NULL) { + key.port[sidx] = pd->nsport; + if (pf_find_state_all(, dir, NULL) == NULL) { *nport = pd->nsport; return (0); } } else if (low == high) { - key.port[1] = htons(low); - if (pf_find_state_all(, PF_IN, NULL) == NULL) { + key.port[sidx] = htons(low); + if (pf_find_state_all(, dir, NULL) == NULL) { *nport = htons(low); return (0); } @@ -223,16 +226,16 @@ pf_get_sport(struct pf_pdesc *pd, struct cut = arc4random_uniform(1 + high - low) + low; /* low <= cut <= high */ for (tmp = cut; tmp <= high; ++(tmp)) { - key.port[1] = htons(tmp); - if (pf_find_state_all(, PF_IN, NULL) == + key.port[sidx] = htons(tmp); + if (pf_find_state_all(, dir, NULL) == NULL && !in_baddynamic(tmp, pd->proto)) { *nport = htons(tmp); return (0); } } for (tmp = cut - 1; tmp >= low; --(tmp)) { - key.port[1] = htons(tmp); - if (pf_find_state_all(, PF_IN, NULL) == + key.port[sidx] = htons(tmp); + if (pf_find_state_all(, dir,
Re: [PATCH] let the mbufs use more then 4gb of memory
> secondly, allocating more than 4g at a time to socket buffers is > generally a waste of memory. and there is one further problem. Eventually, this subsystem will starve the system. Other subsystems which also need large amounts of memory, then have to scramble. There have to be backpressure mechanisms in each subsystem to force out memory. There is no such mechanism in socket buffers. The mechanisms in the remaining parts of the kernel have always proven to be weak, as in, they don't interact as nicely as we want, to create space. There has been much work to make them work better. However in socket buffers, there is no such mechanism. What are you going to do. Throw data away? You can't do that. Therefore, you are holding the remaining system components hostage, and your diff creates deadlock. You probably tested your diff under ideal conditions with gobs of memory...
Re: klog message buffer full
> But if install kernel size is not that important, I can remove both > ifdefs. Kernel size does matter on the ramdisks. But excessive sprinkling of #ifdef gets out of control in some types of code. Then it better to forego it, and find a different target where it is less gross. As long as we have some anti-growth discipline, bsd.rd ends up being a fairly full featured kernel, and we won't eventually hit a mistake of "oh shit, the script needs this thing and we killed it on bsd.rd.." (and btw, that tends to matter more for upgrades, than installs)
Re: klog message buffer full
On Wed, Jun 22, 2016 at 05:08:24PM -0400, Ted Unangst wrote: > Alexander Bluhm wrote: > > +#ifndef SMALL_KERNEL > > + if (mbp->msg_bufd > 0) { > > + char buf[64]; > > This is not so much code that I'm worried about it on small kernels. Rather, > now you have the same problem where some kernels print correct information and > some don't. I guess there's no syslog on ramdisk, so moot point? But I've been > aggravated before by unexpected small kernel differences. I have the #ifndef SMALL_KERNEL also in sendsyslog counting and I wanted to be consistent. There is no syslogd on ramdisk, so the feature is useless there. Besides code we also save the size of the format strings. But if install kernel size is not that important, I can remove both ifdefs. bluhm
Re: [PATCH] let the mbufs use more then 4gb of memory
On Wed, Jun 22, 2016 at 01:58:25PM +0200, Simon Mages wrote: > On a System where you use the maximum socketbuffer size of 256kbyte you > can run out of memory after less then 9k open sockets. > > My patch adds a new uvm_constraint for the mbufs with a bigger memory area. > I choose this area after reading the comments in > sys/arch/amd64/include/pmap.h. > This patch further changes the maximum sucketbuffer size from 256k to 1gb as > it is described in the rfc1323 S2.3. You read that RFC wrong. I see no reason to increase the socketbuffer size to such a huge value. A change like this is currently not acceptable. > I tested this diff with the ix, em and urndis driver. I know that this > diff only works > for amd64 right now, but i wanted to send this diff as a proposal what could > be > done. Maybe somebody has a different solution for this Problem or can me why > this is a bad idea. > Are you sure that all drivers are able to handle memory with physical addresses that are more than 32bit long? I doubt this. I think a lot more is needed than this diff to make this work even just for amd64. > > Index: arch/amd64/amd64/bus_dma.c > === > RCS file: /openbsd/src/sys/arch/amd64/amd64/bus_dma.c,v > retrieving revision 1.49 > diff -u -p -u -p -r1.49 bus_dma.c > --- arch/amd64/amd64/bus_dma.c17 Dec 2015 17:16:04 - 1.49 > +++ arch/amd64/amd64/bus_dma.c22 Jun 2016 11:33:17 - > @@ -584,7 +584,7 @@ _bus_dmamap_load_buffer(bus_dma_tag_t t, >*/ > pmap_extract(pmap, vaddr, (paddr_t *)); > > - if (curaddr > dma_constraint.ucr_high) > + if (curaddr > mbuf_constraint.ucr_high) > panic("Non dma-reachable buffer at curaddr %#lx(raw)", > curaddr); > > Index: arch/amd64/amd64/machdep.c > === > RCS file: /openbsd/src/sys/arch/amd64/amd64/machdep.c,v > retrieving revision 1.221 > diff -u -p -u -p -r1.221 machdep.c > --- arch/amd64/amd64/machdep.c21 May 2016 00:56:43 - 1.221 > +++ arch/amd64/amd64/machdep.c22 Jun 2016 11:33:17 - > @@ -202,9 +202,11 @@ struct vm_map *phys_map = NULL; > /* UVM constraint ranges. */ > struct uvm_constraint_range isa_constraint = { 0x0, 0x00ffUL }; > struct uvm_constraint_range dma_constraint = { 0x0, 0xUL }; > +struct uvm_constraint_range mbuf_constraint = { 0x0, 0xfUL }; > struct uvm_constraint_range *uvm_md_constraints[] = { > _constraint, > _constraint, > +_constraint, > NULL, > }; > > Index: kern/uipc_mbuf.c > === > RCS file: /openbsd/src/sys/kern/uipc_mbuf.c,v > retrieving revision 1.226 > diff -u -p -u -p -r1.226 uipc_mbuf.c > --- kern/uipc_mbuf.c 13 Jun 2016 21:24:43 - 1.226 > +++ kern/uipc_mbuf.c 22 Jun 2016 11:33:18 - > @@ -153,7 +153,7 @@ mbinit(void) > > pool_init(, MSIZE, 0, 0, 0, "mbufpl", NULL); > pool_setipl(, IPL_NET); > - pool_set_constraints(, _dma_contig); > + pool_set_constraints(, _mbuf_contig); > pool_setlowat(, mblowat); > > pool_init(, PACKET_TAG_MAXSIZE + sizeof(struct m_tag), > @@ -166,7 +166,7 @@ mbinit(void) > pool_init([i], mclsizes[i], 0, 0, 0, > mclnames[i], NULL); > pool_setipl([i], IPL_NET); > - pool_set_constraints([i], _dma_contig); > + pool_set_constraints([i], _mbuf_contig); > pool_setlowat([i], mcllowat); > } > > Index: sys/socketvar.h > === > RCS file: /openbsd/src/sys/sys/socketvar.h,v > retrieving revision 1.60 > diff -u -p -u -p -r1.60 socketvar.h > --- sys/socketvar.h 25 Feb 2016 07:39:09 - 1.60 > +++ sys/socketvar.h 22 Jun 2016 11:33:18 - > @@ -112,7 +112,7 @@ struct socket { > short sb_flags; /* flags, see below */ > u_short sb_timeo; /* timeout for read/write */ > } so_rcv, so_snd; > -#define SB_MAX (256*1024) /* default for max chars in > sockbuf */ > +#define SB_MAX (1024*1024*1024)/* default for max chars in > sockbuf */ > #define SB_LOCK 0x01/* lock on data queue */ > #define SB_WANT 0x02/* someone is waiting to lock */ > #define SB_WAIT 0x04/* someone is waiting for > data/space */ > Index: uvm/uvm_extern.h > === > RCS file: /openbsd/src/sys/uvm/uvm_extern.h,v > retrieving revision 1.139 > diff -u -p -u -p -r1.139 uvm_extern.h > --- uvm/uvm_extern.h 5 Jun 2016 08:35:57 - 1.139 > +++ uvm/uvm_extern.h 22 Jun 2016 11:33:18 - > @@ -234,6 +234,7 @@ extern struct uvmexp uvmexp; > /* Constraint
Re: klog message buffer full
Alexander Bluhm wrote: > This also gets me closer to my goal of reliable logging. > > Do we want this feature? yes, and I'd say always. > +#ifndef SMALL_KERNEL > + if (mbp->msg_bufd > 0) { > + char buf[64]; This is not so much code that I'm worried about it on small kernels. Rather, now you have the same problem where some kernels print correct information and some don't. I guess there's no syslog on ramdisk, so moot point? But I've been aggravated before by unexpected small kernel differences.
Re: klog message buffer full
On Wed, 22 Jun 2016 22:14:19 +0200, Alexander Bluhm wrote: > When doing usb debugging with a lot of kernel printfs, the dmesg > buffer can overflow easily. It is annoying that you don't notice > this. Then it is hard to correlate the messages. > > So to make clear what happens, I would like to write such a message > to syslogd: > Jun 22 21:58:16 t430s /bsd: usbd_start_next: pipe=0x803cf > Jun 22 21:58:16 t430s /bsd: klog: dropped 75602 bytes, message buffer full > Jun 22 21:58:16 t430s /bsd: b_transfer_complete: repeat=0 new head=0x0 > > This also gets me closer to my goal of reliable logging. > > Do we want this feature? I think so. Ultimately it would be nice to queue up messages in the kernel for later delivery but for now just logging that messages were dropped is an improvement. - todd
update nsd to 4.1.7 -> 4.1.10
Lightly tested, I will test AXFR with tsig tomorrow. tests / OKs? diff --git Makefile.in Makefile.in index 9103291..3fbd01b 100644 --- Makefile.in +++ Makefile.in @@ -439,9 +439,9 @@ xfrd-disk.o: $(srcdir)/xfrd-disk.c config.h $(srcdir)/xfrd-disk.h $(srcdir)/xfrd xfrd-notify.o: $(srcdir)/xfrd-notify.c config.h $(srcdir)/xfrd-notify.h $(srcdir)/tsig.h $(srcdir)/buffer.h \ $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/dname.h $(srcdir)/rbtree.h $(srcdir)/xfrd.h $(srcdir)/namedb.h $(srcdir)/dns.h \ $(srcdir)/radtree.h $(srcdir)/options.h $(srcdir)/xfrd-tcp.h $(srcdir)/packet.h -xfrd-tcp.o: $(srcdir)/xfrd-tcp.c config.h $(srcdir)/xfrd-tcp.h $(srcdir)/xfrd.h $(srcdir)/rbtree.h \ - $(srcdir)/region-allocator.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h $(srcdir)/util.h $(srcdir)/dns.h $(srcdir)/radtree.h \ - $(srcdir)/options.h $(srcdir)/tsig.h $(srcdir)/packet.h $(srcdir)/xfrd-disk.h +xfrd-tcp.o: $(srcdir)/xfrd-tcp.c config.h $(srcdir)/nsd.h $(srcdir)/dns.h $(srcdir)/edns.h $(srcdir)/buffer.h \ + $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/xfrd-tcp.h $(srcdir)/xfrd.h $(srcdir)/rbtree.h $(srcdir)/namedb.h $(srcdir)/dname.h \ + $(srcdir)/radtree.h $(srcdir)/options.h $(srcdir)/tsig.h $(srcdir)/packet.h $(srcdir)/xfrd-disk.h zlexer.o: zlexer.c config.h $(srcdir)/zonec.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h \ $(srcdir)/region-allocator.h $(srcdir)/util.h $(srcdir)/dns.h $(srcdir)/radtree.h $(srcdir)/rbtree.h zparser.h zonec.o: $(srcdir)/zonec.c config.h $(srcdir)/zonec.h $(srcdir)/namedb.h $(srcdir)/dname.h $(srcdir)/buffer.h \ diff --git acx_nlnetlabs.m4 acx_nlnetlabs.m4 index 26513e4..a6c174f 100644 --- acx_nlnetlabs.m4 +++ acx_nlnetlabs.m4 @@ -2,7 +2,11 @@ # Copyright 2009, Wouter Wijngaards, NLnet Labs. # BSD licensed. # -# Version 30 +# Version 34 +# 2016-03-21 Check -ldl -pthread for libcrypto for ldns and openssl 1.1.0. +# 2016-03-21 Use HMAC_Update instead of HMAC_CTX_Init (for openssl-1.1.0). +# 2016-01-04 -D_DEFAULT_SOURCE defined with -D_BSD_SOURCE for Linux glibc 2.20 +# 2015-12-11 FLTO check for new OSX, clang. # 2015-11-18 spelling check fix. # 2015-11-05 ACX_SSL_CHECKS no longer adds -ldl needlessly. # 2015-08-28 ACX_CHECK_PIE and ACX_CHECK_RELRO_NOW added. @@ -241,7 +245,7 @@ ACX_CHECK_COMPILER_FLAG(xc99, [C99FLAG="-xc99"]) AC_CHECK_HEADERS([getopt.h time.h],,, [AC_INCLUDES_DEFAULT]) -ACX_CHECK_COMPILER_FLAG_NEEDED($C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_ALL_SOURCE, +ACX_CHECK_COMPILER_FLAG_NEEDED($C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_ALL_SOURCE, [ #include "confdefs.h" #include @@ -276,9 +280,9 @@ int test() { a = 0; return a; } -], [CFLAGS="$CFLAGS $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_ALL_SOURCE"]) +], [CFLAGS="$CFLAGS $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_ALL_SOURCE"]) -ACX_CHECK_COMPILER_FLAG_NEEDED($C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_ALL_SOURCE, +ACX_CHECK_COMPILER_FLAG_NEEDED($C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_ALL_SOURCE, [ #include "confdefs.h" #include @@ -313,7 +317,7 @@ int test() { a = 0; return a; } -], [CFLAGS="$CFLAGS $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_ALL_SOURCE"]) +], [CFLAGS="$CFLAGS $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_ALL_SOURCE"]) ACX_CHECK_COMPILER_FLAG_NEEDED($C99FLAG, [ @@ -325,7 +329,7 @@ int test() { } ], [CFLAGS="$CFLAGS $C99FLAG"]) -ACX_CHECK_COMPILER_FLAG_NEEDED(-D_BSD_SOURCE, +ACX_CHECK_COMPILER_FLAG_NEEDED(-D_BSD_SOURCE -D_DEFAULT_SOURCE, [ #include @@ -334,7 +338,7 @@ int test() { a = isascii(32); return a; } -], [CFLAGS="$CFLAGS -D_BSD_SOURCE"]) +], [CFLAGS="$CFLAGS -D_BSD_SOURCE -D_DEFAULT_SOURCE"]) ACX_CHECK_COMPILER_FLAG_NEEDED(-D_GNU_SOURCE, [ @@ -423,7 +427,7 @@ AC_DEFUN([ACX_CHECK_FLTO], [ BAKCFLAGS="$CFLAGS" CFLAGS="$CFLAGS -flto" AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])], [ -if $CC $CFLAGS -o conftest conftest.c 2>&1 | grep "warning: no debug symbols in executable" >/dev/null; then +if $CC $CFLAGS -o conftest conftest.c 2>&1 | $GREP -e "warning: no debug symbols in executable" -e "warning: object" >/dev/null; then CFLAGS="$BAKCFLAGS" AC_MSG_RESULT(no) else @@ -669,16 +673,16 @@ AC_DEFUN([ACX_SSL_CHECKS], [ ACX_RUNTIME_PATH_ADD([$ssldir/lib]) fi -
klog message buffer full
Hi, When doing usb debugging with a lot of kernel printfs, the dmesg buffer can overflow easily. It is annoying that you don't notice this. Then it is hard to correlate the messages. So to make clear what happens, I would like to write such a message to syslogd: Jun 22 21:58:16 t430s /bsd: usbd_start_next: pipe=0x803cf Jun 22 21:58:16 t430s /bsd: klog: dropped 75602 bytes, message buffer full Jun 22 21:58:16 t430s /bsd: b_transfer_complete: repeat=0 new head=0x0 This also gets me closer to my goal of reliable logging. Do we want this feature? bluhm Index: kern/subr_log.c === RCS file: /data/mirror/openbsd/cvs/src/sys/kern/subr_log.c,v retrieving revision 1.46 diff -u -p -r1.46 subr_log.c --- kern/subr_log.c 8 Jun 2016 11:11:47 - 1.46 +++ kern/subr_log.c 22 Jun 2016 20:09:08 - @@ -155,6 +155,7 @@ msgbuf_putchar(struct msgbuf *mbp, const if (mbp->msg_bufr == mbp->msg_bufx) { if (++mbp->msg_bufr >= mbp->msg_bufs) mbp->msg_bufr = 0; + mbp->msg_bufd++; } splx(s); } @@ -200,6 +201,21 @@ logread(dev_t dev, struct uio *uio, int goto out; } logsoftc.sc_state &= ~LOG_RDWAIT; + +#ifndef SMALL_KERNEL + if (mbp->msg_bufd > 0) { + char buf[64]; + + l = snprintf(buf, sizeof(buf), + "<%d>klog: dropped %ld byte%s, message buffer full\n", + LOG_KERN|LOG_WARNING, mbp->msg_bufd, +mbp->msg_bufd == 1 ? "" : "s"); + error = uiomove(buf, ulmin(l, sizeof(buf) - 1), uio); + if (error) + goto out; + mbp->msg_bufd = 0; + } +#endif while (uio->uio_resid > 0) { if (mbp->msg_bufx >= mbp->msg_bufr) Index: sys/msgbuf.h === RCS file: /data/mirror/openbsd/cvs/src/sys/sys/msgbuf.h,v retrieving revision 1.10 diff -u -p -r1.10 msgbuf.h --- sys/msgbuf.h13 Jan 2015 18:51:27 - 1.10 +++ sys/msgbuf.h22 Jun 2016 19:45:10 - @@ -39,6 +39,7 @@ structmsgbuf { longmsg_bufr; /* read pointer */ longmsg_bufs; /* real msg_bufc size (bytes) */ longmsg_bufl; /* # chars, <= msg_bufs */ + longmsg_bufd; /* number of dropped bytes */ charmsg_bufc[1];/* buffer */ }; #ifdef _KERNEL
Re: Stop mesa W^X violations
On Mon, Jun 20, 2016 at 10:22:58PM +0200, Mark Kettenis wrote: > As reported by several people, mesa contains code that violates W^X. > As a result glxgears aborts when using the swrast driver. The diff > below disables the offending code. The code seems to deal the absence > of W|X memory just fine. There is a fallback path that is also used > on SELinux systems. > > Note that the existing code would have worked just fine if mmap > returned MAP_FAILED for W^X violations instead of terminating the > program. Not entirely sure what the long-term plans are. > Ok matthieu@ > > Index: src/gallium/auxiliary/rtasm/rtasm_execmem.c > === > RCS file: /cvs/xenocara/lib/mesa/src/gallium/auxiliary/rtasm/rtasm_execmem.c,v > retrieving revision 1.1.1.1 > diff -u -p -r1.1.1.1 rtasm_execmem.c > --- src/gallium/auxiliary/rtasm/rtasm_execmem.c 22 Nov 2015 02:43:24 > - 1.1.1.1 > +++ src/gallium/auxiliary/rtasm/rtasm_execmem.c 20 Jun 2016 20:08:37 > - > @@ -69,6 +69,16 @@ static struct mem_block *exec_heap = NUL > static unsigned char *exec_mem = NULL; > > > +#ifdef __OpenBSD__ > + > +static int > +init_heap(void) > +{ > + return 0; > +} > + > +#else > + > static int > init_heap(void) > { > @@ -82,6 +92,8 @@ init_heap(void) > > return (exec_mem != MAP_FAILED); > } > + > +#endif > > > void * > Index: src/mapi/u_execmem.c > === > RCS file: /cvs/xenocara/lib/mesa/src/mapi/u_execmem.c,v > retrieving revision 1.1.1.1 > diff -u -p -r1.1.1.1 u_execmem.c > --- src/mapi/u_execmem.c 22 Nov 2015 02:45:44 - 1.1.1.1 > +++ src/mapi/u_execmem.c 20 Jun 2016 20:08:39 - > @@ -45,8 +45,15 @@ static unsigned int head = 0; > > static unsigned char *exec_mem = (unsigned char *)0; > > +#if defined(__OpenBSD__) > > -#if defined(__linux__) || defined(__OpenBSD__) || defined(_NetBSD__) || > defined(__sun) || defined(__HAIKU__) > +static int > +init_map(void) > +{ > + return 0; > +} > + > +#elif defined(__linux__) || defined(_NetBSD__) || defined(__sun) || > defined(__HAIKU__) > > #include > #include > Index: src/mesa/main/execmem.c > === > RCS file: /cvs/xenocara/lib/mesa/src/mesa/main/execmem.c,v > retrieving revision 1.1.1.1 > diff -u -p -r1.1.1.1 execmem.c > --- src/mesa/main/execmem.c 22 Nov 2015 02:39:37 - 1.1.1.1 > +++ src/mesa/main/execmem.c 20 Jun 2016 20:08:40 - > @@ -36,7 +36,15 @@ > > > > -#if defined(__linux__) || defined(__OpenBSD__) || defined(_NetBSD__) || > defined(__sun) || defined(__HAIKU__) > +#if defined(__OpenBSD__) > + > +static int > +init_heap(void) > +{ > + return 0; > +} > + > +#elif defined(__linux__) || defined(_NetBSD__) || defined(__sun) || > defined(__HAIKU__) > > /* > * Allocate a large block of memory which can hold code then dole it out -- Matthieu Herrb signature.asc Description: PGP signature
Re: pf divert port reuse
On Tue, Jun 21, 2016 at 05:12:39PM +0200, Mike Belopuhov wrote: > On Tue, Jun 21, 2016 at 16:08 +0200, Alexander Bluhm wrote: > > On Tue, Jun 21, 2016 at 02:45:42PM +0200, Mike Belopuhov wrote: > > > Unless I'm wrong, I have to retract my OK and ask you to fix > > > the sport bit instead. > > > > Yes, fixing it in pf_get_sport() is more correct. I will try > > to make a diff. > > > > Cool. I have found an issue with pf_get_sport(), it only works for out rules. In my use case I have an in rule that does nat and diverts to a socket. Collisions with existing states were not found. This diff fixes it, now I can trigger such a log message: Jun 21 11:18:14 q70 /bsd: pf: pf: NAT proxy port allocation (1-10001) failed Unfortunately it does not solve my orignal state key reuse problem. But I suggest fixing things step by step. ok? bluhm Index: net/pf_lb.c === RCS file: /data/mirror/openbsd/cvs/src/sys/net/pf_lb.c,v retrieving revision 1.53 diff -u -p -r1.53 pf_lb.c --- net/pf_lb.c 15 Jun 2016 11:36:06 - 1.53 +++ net/pf_lb.c 22 Jun 2016 17:08:06 - @@ -155,6 +155,7 @@ pf_get_sport(struct pf_pdesc *pd, struct struct pf_state_key_cmp key; struct pf_addr init_addr; u_int16_t cut; + int dir = (pd->dir == PF_IN) ? PF_OUT : PF_IN; bzero(_addr, sizeof(init_addr)); if (pf_map_addr(pd->naf, r, >nsaddr, naddr, _addr, sn, >nat, @@ -182,9 +183,9 @@ pf_get_sport(struct pf_pdesc *pd, struct key.af = pd->naf; key.proto = pd->proto; key.rdomain = pd->rdomain; - PF_ACPY([0], >ndaddr, key.af); - PF_ACPY([1], naddr, key.af); - key.port[0] = pd->ndport; + PF_ACPY([pd->didx], >ndaddr, key.af); + PF_ACPY([pd->sidx], naddr, key.af); + key.port[pd->didx] = pd->ndport; /* * port search; start random, step; @@ -194,20 +195,20 @@ pf_get_sport(struct pf_pdesc *pd, struct pd->proto == IPPROTO_ICMP || pd->proto == IPPROTO_ICMPV6)) { /* XXX bug: icmp states dont use the id on both * XXX sides (traceroute -I through nat) */ - key.port[1] = pd->nsport; - if (pf_find_state_all(, PF_IN, NULL) == NULL) { + key.port[pd->sidx] = pd->nsport; + if (pf_find_state_all(, dir, NULL) == NULL) { *nport = pd->nsport; return (0); } } else if (low == 0 && high == 0) { - key.port[1] = pd->nsport; - if (pf_find_state_all(, PF_IN, NULL) == NULL) { + key.port[pd->sidx] = pd->nsport; + if (pf_find_state_all(, dir, NULL) == NULL) { *nport = pd->nsport; return (0); } } else if (low == high) { - key.port[1] = htons(low); - if (pf_find_state_all(, PF_IN, NULL) == NULL) { + key.port[pd->sidx] = htons(low); + if (pf_find_state_all(, dir, NULL) == NULL) { *nport = htons(low); return (0); } @@ -223,16 +224,16 @@ pf_get_sport(struct pf_pdesc *pd, struct cut = arc4random_uniform(1 + high - low) + low; /* low <= cut <= high */ for (tmp = cut; tmp <= high; ++(tmp)) { - key.port[1] = htons(tmp); - if (pf_find_state_all(, PF_IN, NULL) == + key.port[pd->sidx] = htons(tmp); + if (pf_find_state_all(, dir, NULL) == NULL && !in_baddynamic(tmp, pd->proto)) { *nport = htons(tmp); return (0); } } for (tmp = cut - 1; tmp >= low; --(tmp)) { - key.port[1] = htons(tmp); - if (pf_find_state_all(, PF_IN, NULL) == + key.port[pd->sidx] = htons(tmp); + if (pf_find_state_all(, dir, NULL) == NULL && !in_baddynamic(tmp, pd->proto)) { *nport = htons(tmp); return (0);
Re: Deprecate flags DH_FLAG_NO_EXP_CONSTTIME and RSA_FLAG_NO_CONSTTIME
I'm wondering outloud it we should remove the #define, instead of leaving it in there. I.E. should we be deliberately breaking anything making use of that? At the very least this (along with the DH one) can probably #ifndef LIBRESSL_INTERNAL - and failing that should we nuke them and bump majors? On Wed, Jun 22, 2016 at 7:44 AM, Brent Cookwrote: > This is another patch from César Pereida that disables the DH and RSA > non-constant-time flags as well. > > ok? > > Index: src/crypto/dh/dh.h > === > RCS file: /cvs/src/lib/libssl/src/crypto/dh/dh.h,v > retrieving revision 1.16 > diff -u -p -u -p -r1.16 dh.h > --- src/crypto/dh/dh.h 12 Jun 2014 15:49:28 - 1.16 > +++ src/crypto/dh/dh.h 22 Jun 2016 13:37:33 - > @@ -78,12 +78,8 @@ > #endif > > #define DH_FLAG_CACHE_MONT_P 0x01 > -#define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH > - * implementation now uses constant > time > - * modular exponentiation for secret > exponents > - * by default. This flag causes the > - * faster variable sliding window > method to > - * be used for all exponents. > +#define DH_FLAG_NO_EXP_CONSTTIME 0x00 /* Does nothing. Previously this > switched off > + * constant time behaviour. > */ > > /* If this flag is set the DH method is FIPS compliant and can be used > Index: src/crypto/dh/dh_key.c > === > RCS file: /cvs/src/lib/libssl/src/crypto/dh/dh_key.c,v > retrieving revision 1.23 > diff -u -p -u -p -r1.23 dh_key.c > --- src/crypto/dh/dh_key.c 9 Feb 2015 15:49:22 - 1.23 > +++ src/crypto/dh/dh_key.c 22 Jun 2016 13:37:33 - > @@ -147,21 +147,21 @@ generate_key(DH *dh) > } > > { > - BIGNUM local_prk; > - BIGNUM *prk; > + BIGNUM *prk = BN_new(); > > - if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) { > - BN_init(_prk); > - prk = _prk; > - BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME); > - } else > - prk = priv_key; > + if (prk == NULL) > + goto err; > + > + BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME); > > if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, > - mont)) > + mont)) { > + BN_free(prk); > goto err; > + } > + BN_free(prk); > } > - > + > dh->pub_key = pub_key; > dh->priv_key = priv_key; > ok = 1; > @@ -206,10 +206,9 @@ compute_key(unsigned char *key, const BI > if (dh->flags & DH_FLAG_CACHE_MONT_P) { > mont = BN_MONT_CTX_set_locked(>method_mont_p, > CRYPTO_LOCK_DH, dh->p, ctx); > - if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) { > - /* XXX */ > - BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME); > - } > + > + BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME); > + > if (!mont) > goto err; > } > @@ -238,16 +237,7 @@ static int > dh_bn_mod_exp(const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, > const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) > { > - /* > -* If a is only one word long and constant time is false, use the > faster > -* exponenentiation function. > -*/ > - if (a->top == 1 && (dh->flags & DH_FLAG_NO_EXP_CONSTTIME) != 0) { > - BN_ULONG A = a->d[0]; > - > - return BN_mod_exp_mont_word(r, A, p, m, ctx, m_ctx); > - } else > - return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx); > + return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx); > } > > static int > Index: src/crypto/rsa/rsa.h > === > RCS file: /cvs/src/lib/libssl/src/crypto/rsa/rsa.h,v > retrieving revision 1.27 > diff -u -p -u -p -r1.27 rsa.h > --- src/crypto/rsa/rsa.h14 Feb 2015 15:10:39 - 1.27 > +++ src/crypto/rsa/rsa.h22 Jun 2016 13:37:33 - > @@ -195,13 +195,9 @@ struct rsa_st { > #define RSA_FLAG_NO_BLINDING 0x0080 > > /* > - * The built-in RSA implementation uses constant time operations by default > - * in private key operations, e.g., constant time modular exponentiation, > - * modular inverse without leaking branches, division without leaking > branches. > - * This flag disables these constant time operations and
Re: add mirror discovery to pkg_add
>this is the exact same code that s currently in install.sub >transposed ad perl I get it. It makes sense for installing the base system. We started using it in pkg.conf. I am no longer sure that is the right thing to do. Speaking to the installation backend all the time worries me.
Re: add mirror discovery to pkg_add
this is the exact same code that s currently in install.sub transposed ad perl
Re: add mirror discovery to pkg_add
> On 06/22/16 18:57, Theo de Raadt wrote: > >>> Aside from that, i dont think we should be hardcoding ip-adresses like > >>> that. > >>> > >> we are doing that with miniroot/install.sub, time to change ? > > > > No, that is not what miniroot/install.sub does. Not at all. > > > I know, I just said that the ip address is hardcoded somewhere else as well. No, it is not.
Re: add mirror discovery to pkg_add
On 06/22/16 18:57, Theo de Raadt wrote: >>> Aside from that, i dont think we should be hardcoding ip-adresses like that. >>> >> we are doing that with miniroot/install.sub, time to change ? > > No, that is not what miniroot/install.sub does. Not at all. > I know, I just said that the ip address is hardcoded somewhere else as well.
Re: add mirror discovery to pkg_add
> > Aside from that, i dont think we should be hardcoding ip-adresses like that. > > > we are doing that with miniroot/install.sub, time to change ? No, that is not what miniroot/install.sub does. Not at all.
Re: add mirror discovery to pkg_add
On 06/22/16 18:28, Sebastian Benoit wrote: > Ted Unangst(t...@tedunangst.com) on 2016.06.22 12:25:04 -0400: >> Marc Espie wrote: >>> This would allow pkg_add to auto-configure a mirror, for the case where >>> PKG_PATH was not specified and where pkg.conf does not exist. >>> >>> It only triggers when a location ends up empty and when run in interactive >>> mode, e.g., it shouldn't interfere with local lookups. >>> >>> Good idea, or awful ? >> >> This would be pretty surprising to me I think. If for some reason I have >> failed to configure a mirror, I would prefer to get an error so I can fix the >> underlying problem. If we can't contact a DNS server, we don't fallback on a >> list of known public servers. >> >> Auto config at install time is helpful, but this sort of dynamic auto config >> violates an important principle: it should be possible to unconfig something. > > Aside from that, i dont think we should be hardcoding ip-adresses like that. > we are doing that with miniroot/install.sub, time to change ? > A name can be changed in DNS, but this will cause http requests to that ip > for quite some time. > I agree with that. Cheers Giovanni
Re: add mirror discovery to pkg_add
Ted Unangst(t...@tedunangst.com) on 2016.06.22 12:25:04 -0400: > Marc Espie wrote: > > This would allow pkg_add to auto-configure a mirror, for the case where > > PKG_PATH was not specified and where pkg.conf does not exist. > > > > It only triggers when a location ends up empty and when run in interactive > > mode, e.g., it shouldn't interfere with local lookups. > > > > Good idea, or awful ? > > This would be pretty surprising to me I think. If for some reason I have > failed to configure a mirror, I would prefer to get an error so I can fix the > underlying problem. If we can't contact a DNS server, we don't fallback on a > list of known public servers. > > Auto config at install time is helpful, but this sort of dynamic auto config > violates an important principle: it should be possible to unconfig something. Aside from that, i dont think we should be hardcoding ip-adresses like that. A name can be changed in DNS, but this will cause http requests to that ip for quite some time.
Re: add mirror discovery to pkg_add
I agree with Ted. This feels very much like building a CDN at the wrong level, considering how slowly and carelessly the mirrors are updated at this time.
Re: add mirror discovery to pkg_add
Marc Espie wrote: > This would allow pkg_add to auto-configure a mirror, for the case where > PKG_PATH was not specified and where pkg.conf does not exist. > > It only triggers when a location ends up empty and when run in interactive > mode, e.g., it shouldn't interfere with local lookups. > > Good idea, or awful ? This would be pretty surprising to me I think. If for some reason I have failed to configure a mirror, I would prefer to get an error so I can fix the underlying problem. If we can't contact a DNS server, we don't fallback on a list of known public servers. Auto config at install time is helpful, but this sort of dynamic auto config violates an important principle: it should be possible to unconfig something.
Fwd: tcp state transition in sloppy mode
Thanks for help on this issue! -- Forwarded message -- From: Stuart HendersonDate: Wed, Jun 22, 2016 at 2:21 AM Subject: Re: tcp state transition in sloppy mode To: Jingmin Zhou Hi, Nice analysis. The PF mailing list is not very widely used any more, so you might not get a useful response here - it might be a good idea to post this to tech@openbsd.org to reach a wider audience. Best regards Stuart On 2016/06/21 14:15, Jingmin Zhou wrote: > Hi, > > Recently we ran into some issues with pf sloppy mode with regards to > some long standing TCP connections. While reading pf code, we feel > puzzled by the way pf handles TCP packets in sloppy mode. Here are > some of our analysis. > > Background: a TCP connection were established between two hosts (A > and B) before pf is enabled in sloppy mode. The connection is mostly > idle with periodic keep alive packets, i.e., PUSH-ACK and ACK packets > every few minutes. An pass rule matches this connection and allows > packet to pass through. > > When a PUSH-ACK packet of the connection was observed from host A->B, > the pass rule lets pf.c:pf_create_state function to create a new > state for the connection. In the state, s->src.state = TCPS_SYN_SENT, > and s->dst.state = TCPS_CLOSED (line 3563 and 3564 in the code below). > > > 3488 static __inline int > > 3489 pf_create_state(struct pf_pdesc *pd, struct pf_rule *r, struct > pf_rule *a, > > 3490 struct pf_rule *nr, struct pf_state_key **skw, struct > pf_state_key **sks, > > 3491 int *rewrite, struct pf_state **sm, int tag, struct pf_rule_ > slist *rules, > > 3492 struct pf_rule_actions *act, struct pf_src_node *sns > [PF_SN_MAX]) > > 3493 { > > ... > > > 3532 switch (pd->proto) { > > 3533 case IPPROTO_TCP: > > ... > > 3561 s->dst.seqhi = 1; > > 3562 s->dst.max_win = 1; > > 3563 s->src.state = TCPS_SYN_SENT; > > 3564 s->dst.state = TCPS_CLOSED; > > 3565 s->timeout = PFTM_TCP_FIRST_PACKET; > > 3566 break; > > > The second packet is an ACK packet from B to A. It eventually makes > pf enter into pf.c:pf_test_state function. A simplified code flow > is shown as below: > > > 4320 int > > 4321 pf_test_state(struct pf_pdesc *pd, struct pf_state **state, u > _short *reason) > > 4322 { > > ... > > 4338 STATE_LOOKUP(pd->kif, , pd->dir, *state, pd->m); > > 4339 > > 4340 if (pd->dir == (*state)->direction) { > > 4341 src = &(*state)->src; > > 4342 dst = &(*state)->dst; > > 4343 } else { > > 4344 src = &(*state)->dst; > > 4345 dst = &(*state)->src; > > 4346 } > > 4347 > > 4348 switch (pd->virtual_proto) { > > 4349 case IPPROTO_TCP: > > ... > > 4369 if ((*state)->state_flags & PFSTATE_SLOPPY) { > > 4370 if (pf_tcp_track_sloppy(pd, src, dst, state, reason) = > = > > 4371 PF_DROP) > > 4372 return (PF_DROP); > > 4373 } else { > > ... > > 4465 } > > > Please notice that src and dst are taken from state entry and are > swapped at line 4344 and 4345 before being passed into function > pf_tcp_track_sloppy. So the src has a state TCPS_CLOSED and dst > has a state TCPS_SYN_SENT in function pf_tcp_track_sloppy. > > Below, a simplified pf_tcp_track_sloppy is shown. As we can see, > the ACK packet from B to A will match condition at line 4168. So > the state now changes to ESTABLISHED (A->B.src) and CLOSED (A->B. > dst). > > > 4155 int > > 4156 pf_tcp_track_sloppy(struct pf_pdesc *pd, struct pf_state_peer > *src, > > 4157 struct pf_state_peer *dst, struct pf_state **state, u_short > *reason) > > 4158 { > > ... > > 4167 if (th->th_flags & TH_ACK) { > > 4168 if (dst->state == TCPS_SYN_SENT) { > > 4169 dst->state = TCPS_ESTABLISHED; > > 4170 if (src->state == TCPS_ESTABLISHED && > > 4171 !SLIST_EMPTY(&(*state)->src_nodes) && > > 4172 pf_src_connlimit(state)) { > > 4173 REASON_SET(reason, PFRES_SRCLIMIT); > > 4174 return (PF_DROP); > > 4175 } > > 4176 } else if (dst->state == TCPS_CLOSING) { > > 4177 dst->state = TCPS_FIN_WAIT_2; > > 4178 } else if (src->state == TCPS_SYN_SENT && > > 4179 dst->state < TCPS_SYN_SENT) { > > 4180 /* > > 4181 * Handle a special sloppy case where we only see one > > 4182 * half of the connection. If there is a ACK after > > 4183 * the initial SYN without ever seeing a packet from > > 4184 * the destination, set the connection to established. > > 4185 */ > > 4186 dst->state = src->state = TCPS_ESTABLISHED; > > 4187 if (!SLIST_EMPTY(&(*state)->src_nodes) && > > 4188 pf_src_connlimit(state)) { > > 4189 REASON_SET(reason,
Re: add mirror discovery to pkg_add
Here's an expanded version of the patch. So far, ask_list was happy with prompting, but the mirror list is slightly large, so being able to pipe thru more comes in handy. This means a bit of refactor: we've got state, so we can get the height from a progressmeter (or the stub), and it's reasonably easy to tweak state display to be able to use arbitrary fh... This shows another logic limitation of the current code, namely that the size detection of the display is linked to the progressmeter options, whereas it should more or less always happen when we detect we got a tty connected, since the width/height information is uncorrelated to whether or not we need/want a progressmeter. To be continued... Index: OpenBSD/AddCreateDelete.pm === RCS file: /cvs/src/usr.sbin/pkg_add/OpenBSD/AddCreateDelete.pm,v retrieving revision 1.37 diff -u -p -r1.37 AddCreateDelete.pm --- OpenBSD/AddCreateDelete.pm 15 Jun 2016 15:40:13 - 1.37 +++ OpenBSD/AddCreateDelete.pm 22 Jun 2016 15:55:29 - @@ -43,6 +43,11 @@ sub progress return $self->{progressmeter}; } +sub height +{ + my $self = shift; + return $self->{progressmeter}->height; +} sub not { my $self = shift; Index: OpenBSD/Interactive.pm === RCS file: /cvs/src/usr.sbin/pkg_add/OpenBSD/Interactive.pm,v retrieving revision 1.20 diff -u -p -r1.20 Interactive.pm --- OpenBSD/Interactive.pm 30 Jan 2015 11:42:55 - 1.20 +++ OpenBSD/Interactive.pm 22 Jun 2016 15:55:29 - @@ -35,13 +35,23 @@ sub ask_list if ($self->{always}) { return $values[0]; } + my ($fh, $pid); + if ($self->{state}->height <= @values + 1) { + $pid = open($fh, "|-", "more", "-c"); + } - $self->{state}->errsay('#1', $prompt); + $fh //= \*STDERR; + + $self->{state}->fhsay($fh, '#1', $prompt); my $i = 0; for my $v (@values) { - $self->{state}->errsay("#1\t#2: #3", + $self->{state}->fhsay($fh, "#1\t#2: #3", $i == 0 ? "a" : "", $i, $v); $i++; + } + if (defined $pid) { + close($fh); + waitpid $pid, 0; } LOOP: $self->{state}->errprint("Your choice: "); Index: OpenBSD/PackageLocator.pm === RCS file: /cvs/src/usr.sbin/pkg_add/OpenBSD/PackageLocator.pm,v retrieving revision 1.105 diff -u -p -r1.105 PackageLocator.pm --- OpenBSD/PackageLocator.pm 30 Jan 2016 11:29:29 - 1.105 +++ OpenBSD/PackageLocator.pm 22 Jun 2016 15:55:29 - @@ -24,6 +24,7 @@ use OpenBSD::PackageRepositoryList; use OpenBSD::PackageRepository; my $default_path; +my $is_configured; sub build_default_path { @@ -37,17 +38,93 @@ sub build_default_path while (my $o = OpenBSD::PackageRepository->parse(\$v, $state)) { $default_path->add($o); } + $is_configured = 1; return; } $default_path->add(OpenBSD::PackageRepository->new("./", $state)->can_be_empty); - return if $state->defines('NOINSTALLPATH'); + if ($state->defines('NOINSTALLPATH')) { + $is_configured = 1; + return; + } return unless defined $state->config->value('installpath'); + $is_configured = 1; for my $i ($state->config->value("installpath")) { $default_path->add(OpenBSD::PackageRepository->new($i, $state)); } } +sub discover_mirror +{ + my ($self, $state) = @_; + + # can't ask the user -> no mirror + return undef unless $state->is_interactive; + + + require OpenBSD::PackageRepository; + # ftp.openbsd.org == 129.128.5.191 and will remain at + # that address for the foreseeable future. + my $fake = OpenBSD::PackageRepository->new("http://129.128.5.191/cgi-bin/;, $state); + # XXX + bless $fake, "OpenBSD::PackageRepository::Cgi"; + my $l = $fake->list; + my @m = @$l; + my %h; + for my $d (@m) { + my $e = $d; + $d =~ s,^http://(.*?)(/.*?)?\s+(.*)$,$1\t$3,; + $e =~ s/\s+.*$//; + $h{$d} = $e; + } + $m[0] = ""; + my $i = $state->ask_list("No mirror configured, choose one", @m); + if ($i eq "") { + return undef; + } + return $h{$i}; +} + +sub convert_to_packages +{ + my ($self, $url) = @_; + # mirror was "designed" for base releases. + # convert into short installpath version + $url =~ s,^http://(.*)/pub/OpenBSD$,$1, or + $url =~ s,$,/%c/packages/%a,; + return $url; +} + +sub last_chance +{ + if ($is_configured) { + return []; + } + $is_configured = 1; +
Re: opencvs - fix revision lookups for branches
On Wed, Jun 22, 2016 at 09:07:03AM -0600, Todd C. Miller wrote: > On Wed, 22 Jun 2016 12:21:56 +0200, Joris Vink wrote: > > Index: rcs.c > > === > > RCS file: /cvs/src/usr.bin/cvs/rcs.c,v > > retrieving revision 1.313 > > diff -u -p -r1.313 rcs.c > > --- rcs.c 5 Nov 2015 09:48:21 - 1.313 > > +++ rcs.c 22 Jun 2016 09:52:04 - > > @@ -1796,17 +1796,13 @@ rcs_rev_getlines(RCSFILE *rfp, RCSNUM *f > > > > again: > > for (;;) { > > + if (rdp == NULL) > > + break; > > Wouldn't this be easier to read as: > > while (rdp != NULL) { Yes, updated diff below. .joris Index: rcs.c === RCS file: /cvs/src/usr.bin/cvs/rcs.c,v retrieving revision 1.313 diff -u -p -r1.313 rcs.c --- rcs.c 5 Nov 2015 09:48:21 - 1.313 +++ rcs.c 22 Jun 2016 15:13:14 - @@ -1795,18 +1795,11 @@ rcs_rev_getlines(RCSFILE *rfp, RCSNUM *f goto done; again: - for (;;) { + while (rdp != NULL) { if (rdp->rd_next->rn_len != 0) { trdp = rcs_findrev(rfp, rdp->rd_next); if (trdp == NULL) fatal("failed to grab next revision"); - } else { - /* -* XXX Fail, although the caller does not always do the -* right thing (eg cvs diff when the tree is ahead of -* the repository). -*/ - break; } if (rdp->rd_tlen == 0) { @@ -1857,7 +1850,7 @@ again: } next: - if (!rcsnum_differ(rdp->rd_num, frev)) + if (rdp == NULL || !rcsnum_differ(rdp->rd_num, frev)) done = 1; if (RCSNUM_ISBRANCHREV(frev) && done != 1) { @@ -2045,6 +2038,7 @@ rcs_rev_getbuf(RCSFILE *rfp, RCSNUM *rev struct rcs_delta *rdp; struct rcs_lines *lines; struct rcs_line *lp, *nlp; + char version[RCSNUM_MAXSTR]; BUF *bp; rdp = NULL; @@ -2057,8 +2051,12 @@ rcs_rev_getbuf(RCSFILE *rfp, RCSNUM *rev expmode = rcs_kwexp_get(rfp); if (!(expmode & RCS_KWEXP_NONE)) { - if ((rdp = rcs_findrev(rfp, rev)) == NULL) - fatal("could not fetch revision"); + if ((rdp = rcs_findrev(rfp, rev)) == NULL) { + rcsnum_tostr(rev, version, sizeof(version)); + fatal("could not find desired version %s in %s", + version, rfp->rf_path); + } + expand = 1; } }
Re: opencvs - fix revision lookups for branches
On Wed, 22 Jun 2016 12:21:56 +0200, Joris Vink wrote: > This diff below fixes a serious issue in opencvs when > checking out revisions from a branch. > > Properly perform a revision lookup so update -r actually > works again, as a bonus throw a more correct error when > the revision could not be found. > > .joris > > Index: rcs.c > === > RCS file: /cvs/src/usr.bin/cvs/rcs.c,v > retrieving revision 1.313 > diff -u -p -r1.313 rcs.c > --- rcs.c 5 Nov 2015 09:48:21 - 1.313 > +++ rcs.c 22 Jun 2016 09:52:04 - > @@ -1796,17 +1796,13 @@ rcs_rev_getlines(RCSFILE *rfp, RCSNUM *f > > again: > for (;;) { > + if (rdp == NULL) > + break; Wouldn't this be easier to read as: while (rdp != NULL) { > + > if (rdp->rd_next->rn_len != 0) { > trdp = rcs_findrev(rfp, rdp->rd_next); > if (trdp == NULL) > fatal("failed to grab next revision"); > - } else { > - /* > - * XXX Fail, although the caller does not always do the > - * right thing (eg cvs diff when the tree is ahead of > - * the repository). > - */ > - break; > } > > if (rdp->rd_tlen == 0) {
Add $REQUEST_SCHEME (block) macro to httpd
The patch below adds a "$REQUEST_SCHEME" macro to those available in block rules in httpd.conf Justification: when redirecting from a (virtual) server which supports both http and https to a (virtual) server which also supports both schemes, it make sense to be able to respect (preserve) the scheme of the original request rather than having to hard-code "http" or "https". Patch is against -current, but has been tested (only) against 5.9-stable. Ross Index: src/usr.sbin/httpd/httpd.conf.5 === RCS file: /cvs/src/usr.sbin/httpd/httpd.conf.5,v retrieving revision 1.73 diff -u -p -u -r1.73 httpd.conf.5 --- src/usr.sbin/httpd/httpd.conf.5 9 May 2016 19:36:54 - 1.73 +++ src/usr.sbin/httpd/httpd.conf.5 22 Jun 2016 11:16:01 - @@ -202,7 +202,7 @@ The .Ar uri may contain predefined macros that will be expanded at runtime: .Pp -.Bl -tag -width $DOCUMENT_URI -offset indent -compact +.Bl -tag -width $REQUEST_SCHEME -offset indent -compact .It Ic $DOCUMENT_URI The request path. .It Ic $QUERY_STRING @@ -213,6 +213,14 @@ The IP address of the connected client. The TCP source port of the connected client. .It Ic $REMOTE_USER The remote user for HTTP authentication. +.It Ic $REQUEST_SCHEME +The scheme +.Po +.Dq http +or +.Dq https +.Pc +of the request. .It Ic $REQUEST_URI The request path and optional query string. .It Ic $SERVER_ADDR Index: src/usr.sbin/httpd/server_http.c === RCS file: /cvs/src/usr.sbin/httpd/server_http.c,v retrieving revision 1.108 diff -u -p -u -r1.108 server_http.c --- src/usr.sbin/httpd/server_http.c27 May 2016 11:24:13 - 1.108 +++ src/usr.sbin/httpd/server_http.c22 Jun 2016 11:16:01 - @@ -1011,6 +1011,12 @@ server_expand_http(struct client *clt, c if (ret != 0) return (NULL); } + if (strstr(val, "$REQUEST_SCHEME") != NULL) { + ret = expand_string(buf, len, "$REQUEST_SCHEME", + clt->clt_tls_ctx != NULL ? "https" : "http"); + if (ret != 0) + return (NULL); + } if (strstr(val, "$SERVER_") != NULL) { if (strstr(val, "$SERVER_ADDR") != NULL) { if (print_host(_conf->ss,
add mirror discovery to pkg_add
Most of the code was already there. This would allow pkg_add to auto-configure a mirror, for the case where PKG_PATH was not specified and where pkg.conf does not exist. It only triggers when a location ends up empty and when run in interactive mode, e.g., it shouldn't interfere with local lookups. Good idea, or awful ? Index: OpenBSD/PackageLocator.pm === RCS file: /cvs/src/usr.sbin/pkg_add/OpenBSD/PackageLocator.pm,v retrieving revision 1.105 diff -u -p -r1.105 PackageLocator.pm --- OpenBSD/PackageLocator.pm 30 Jan 2016 11:29:29 - 1.105 +++ OpenBSD/PackageLocator.pm 22 Jun 2016 13:51:40 - @@ -24,6 +24,7 @@ use OpenBSD::PackageRepositoryList; use OpenBSD::PackageRepository; my $default_path; +my $is_configured; sub build_default_path { @@ -37,17 +38,91 @@ sub build_default_path while (my $o = OpenBSD::PackageRepository->parse(\$v, $state)) { $default_path->add($o); } + $is_configured = 1; return; } $default_path->add(OpenBSD::PackageRepository->new("./", $state)->can_be_empty); - return if $state->defines('NOINSTALLPATH'); + if ($state->defines('NOINSTALLPATH')) { + $is_configured = 1; + return; + } return unless defined $state->config->value('installpath'); + $is_configured = 1; for my $i ($state->config->value("installpath")) { $default_path->add(OpenBSD::PackageRepository->new($i, $state)); } } +sub discover_mirror +{ + my ($self, $state) = @_; + + # can't ask the user -> no mirror + return undef unless $state->is_interactive; + + + require OpenBSD::PackageRepository; + my $fake = OpenBSD::PackageRepository->new("http://129.128.5.191/cgi-bin/;, $state); + # XXX + bless $fake, "OpenBSD::PackageRepository::Cgi"; + my $l = $fake->list; + my @m = @$l; + my %h; + for my $d (@m) { + my $e = $d; + $d =~ s,^http://(.*?)(/.*?)?\s+(.*)$,$1\t$3,; + $e =~ s/\s+.*$//; + $h{$d} = $e; + } + $m[0] = ""; + my $i = $state->ask_list("No mirror configured, choose one", @m); + if ($i eq "") { + return undef; + } + return $h{$i}; +} + +sub convert_to_packages +{ + my ($self, $url) = @_; + # mirror was "designed" for base releases. + # convert into short installpath version + $url =~ s,^http://(.*)/pub/OpenBSD$,$1, or + $url =~ s,$,/%c/packages/%a,; + return $url; +} + +sub last_chance +{ + if ($is_configured) { + return []; + } + $is_configured = 1; + my ($self, @search) = @_; + my $state = pop @search; + + my $url = $self->discover_mirror($state); + if (!defined $url) { + return []; + } + + $url = $self->convert_to_packages($url); + + # try setting it "permanently" + if (open(my $f, ">>", OpenBSD::Paths->pkgconf)) { + print $f "installpath += $url\n"; + close $f; + } else { + $state->errsay("Couldn't write to #1", OpenBSD::Paths->pkgconf); + } + + # use it for the current round anyway + $default_path->add(OpenBSD::PackageRepository->new($url, $state)); + + return $self->match_locations(@search, $state); +} + sub default_path { if (!defined $default_path) { @@ -107,4 +182,27 @@ sub match_locations return $self->default_path($state)->match_locations(@search); } +package OpenBSD::PackageRepository::Cgi; +our @ISA = qw(OpenBSD::PackageRepository::HTTP); + +# we know how to get a list, we just need to override the specific url +# and parser +sub get_http_list +{ + my ($self, $error) = @_; + + require OpenBSD::Paths; + my $fullname = $self->url."ftplist.cgi?path=".OpenBSD::Paths->os_directory."/".OpenBSD::Paths->machine_architecture; + my $l = []; + my $fh = $self->open_read_ftp(OpenBSD::Paths->ftp." -o - $fullname", + $error) or return; + while(<$fh>) { + chomp; + if (m/^http:\/\//) { + push(@$l, $_); + } + } + $self->close_read_ftp($fh); + return $l; +} 1; Index: OpenBSD/PackageRepositoryList.pm === RCS file: /cvs/src/usr.sbin/pkg_add/OpenBSD/PackageRepositoryList.pm,v retrieving revision 1.30 diff -u -p -r1.30 PackageRepositoryList.pm --- OpenBSD/PackageRepositoryList.pm9 Jul 2015 12:57:55 - 1.30 +++ OpenBSD/PackageRepositoryList.pm22 Jun 2016 13:51:40 - @@ -86,7 +86,7 @@ sub match_locations return $l; } } - return []; + return
Deprecate flags DH_FLAG_NO_EXP_CONSTTIME and RSA_FLAG_NO_CONSTTIME
This is another patch from César Pereida that disables the DH and RSA non-constant-time flags as well. ok? Index: src/crypto/dh/dh.h === RCS file: /cvs/src/lib/libssl/src/crypto/dh/dh.h,v retrieving revision 1.16 diff -u -p -u -p -r1.16 dh.h --- src/crypto/dh/dh.h 12 Jun 2014 15:49:28 - 1.16 +++ src/crypto/dh/dh.h 22 Jun 2016 13:37:33 - @@ -78,12 +78,8 @@ #endif #define DH_FLAG_CACHE_MONT_P 0x01 -#define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH - * implementation now uses constant time - * modular exponentiation for secret exponents - * by default. This flag causes the - * faster variable sliding window method to - * be used for all exponents. +#define DH_FLAG_NO_EXP_CONSTTIME 0x00 /* Does nothing. Previously this switched off + * constant time behaviour. */ /* If this flag is set the DH method is FIPS compliant and can be used Index: src/crypto/dh/dh_key.c === RCS file: /cvs/src/lib/libssl/src/crypto/dh/dh_key.c,v retrieving revision 1.23 diff -u -p -u -p -r1.23 dh_key.c --- src/crypto/dh/dh_key.c 9 Feb 2015 15:49:22 - 1.23 +++ src/crypto/dh/dh_key.c 22 Jun 2016 13:37:33 - @@ -147,21 +147,21 @@ generate_key(DH *dh) } { - BIGNUM local_prk; - BIGNUM *prk; + BIGNUM *prk = BN_new(); - if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) { - BN_init(_prk); - prk = _prk; - BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME); - } else - prk = priv_key; + if (prk == NULL) + goto err; + + BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME); if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, - mont)) + mont)) { + BN_free(prk); goto err; + } + BN_free(prk); } - + dh->pub_key = pub_key; dh->priv_key = priv_key; ok = 1; @@ -206,10 +206,9 @@ compute_key(unsigned char *key, const BI if (dh->flags & DH_FLAG_CACHE_MONT_P) { mont = BN_MONT_CTX_set_locked(>method_mont_p, CRYPTO_LOCK_DH, dh->p, ctx); - if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) { - /* XXX */ - BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME); - } + + BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME); + if (!mont) goto err; } @@ -238,16 +237,7 @@ static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) { - /* -* If a is only one word long and constant time is false, use the faster -* exponenentiation function. -*/ - if (a->top == 1 && (dh->flags & DH_FLAG_NO_EXP_CONSTTIME) != 0) { - BN_ULONG A = a->d[0]; - - return BN_mod_exp_mont_word(r, A, p, m, ctx, m_ctx); - } else - return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx); + return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx); } static int Index: src/crypto/rsa/rsa.h === RCS file: /cvs/src/lib/libssl/src/crypto/rsa/rsa.h,v retrieving revision 1.27 diff -u -p -u -p -r1.27 rsa.h --- src/crypto/rsa/rsa.h14 Feb 2015 15:10:39 - 1.27 +++ src/crypto/rsa/rsa.h22 Jun 2016 13:37:33 - @@ -195,13 +195,9 @@ struct rsa_st { #define RSA_FLAG_NO_BLINDING 0x0080 /* - * The built-in RSA implementation uses constant time operations by default - * in private key operations, e.g., constant time modular exponentiation, - * modular inverse without leaking branches, division without leaking branches. - * This flag disables these constant time operations and results in faster RSA - * private key operations. + * Does nothing. Previously this switched off constant time behaviour. */ -#define RSA_FLAG_NO_CONSTTIME 0x0100 +#define RSA_FLAG_NO_CONSTTIME 0x #define EVP_PKEY_CTX_set_rsa_padding(ctx, pad) \ Index: src/crypto/rsa/rsa_crpt.c === RCS file: /cvs/src/lib/libssl/src/crypto/rsa/rsa_crpt.c,v retrieving revision 1.14 diff -u -p -u -p -r1.14 rsa_crpt.c --- src/crypto/rsa/rsa_crpt.c 11 Feb 2015 03:19:37 - 1.14 +++
iwm: lower retry limit for management frames
The Linux iwlwifi driver uses less retry attempts for management frames, as in the diff below. I think it makes sense to do likewise. Index: if_iwm.c === RCS file: /cvs/src/sys/dev/pci/if_iwm.c,v retrieving revision 1.92 diff -u -p -r1.92 if_iwm.c --- if_iwm.c22 Jun 2016 11:32:12 - 1.92 +++ if_iwm.c22 Jun 2016 13:15:38 - @@ -4381,6 +4381,7 @@ iwm_tx_fill_cmd(struct iwm_softc *sc, st /* for non-data, use the lowest supported rate */ ridx = (IEEE80211_IS_CHAN_5GHZ(ni->ni_chan)) ? IWM_RIDX_OFDM : IWM_RIDX_CCK; + tx->data_retry_limit = IWM_MGMT_DFAULT_RETRY_LIMIT; } else if (ic->ic_fixed_mcs != -1) { ridx = sc->sc_fixed_ridx; } else if (ic->ic_fixed_rate != -1) {
Re: [PATCH] let the mbufs use more then 4gb of memory
On Wed, Jun 22, 2016 at 01:58:25PM +0200, Simon Mages wrote: > On a System where you use the maximum socketbuffer size of 256kbyte you > can run out of memory after less then 9k open sockets. > > My patch adds a new uvm_constraint for the mbufs with a bigger memory area. > I choose this area after reading the comments in > sys/arch/amd64/include/pmap.h. > This patch further changes the maximum sucketbuffer size from 256k to 1gb as > it is described in the rfc1323 S2.3. > > I tested this diff with the ix, em and urndis driver. I know that this > diff only works > for amd64 right now, but i wanted to send this diff as a proposal what could > be > done. Maybe somebody has a different solution for this Problem or can me why > this is a bad idea. hey simon, first, some background. the 4G watermark is less about limiting the amount of memory used by the network stack and more about making the memory addressable by as many devices, including network cards, as possible. we support older chips that only deal with 32 bit addresses (and one or two stupid ones with an inability to address over 1G), so we took the conservative option and made made the memory generally usable without developers having to think about it much. you could argue that if you should be able to give big addresses to modern cards, but that falls down if you are forwarding packets between a modern and old card, cos the old card will want to dma the packet the modern card rxed, but it needs it below the 4g line. even if you dont have an old card, in todays hotplug world you might plug an old device in. either way, the future of an mbuf is very hard for the kernel to predict. secondly, allocating more than 4g at a time to socket buffers is generally a waste of memory. in practice you should scale the amount of memory available to sockets according to the size of the tcp windows you need to saturate the bandwidth available to the box. this means if you want to sustain a gigabit of traffic with a 300ms round trip time for packets, you'd "only" need ~37.5 megabytes of buffers. to sustain 40 gigabit you'd need 1.5 gigabytes, which is still below 4G. allowing more use of memory for buffers would likely induce latency. the above means that if you want to sustain a single 40G tcp connection to that host you'd need to be able to place 1.5G on the socket buffer, which is above the 1G you mention above. however, if you want to sustain 2 connections, you ideally want to fairly share the 1.5G between both sockets. they should get 750M each. fairly sharing buffers between the sockets may already be in place in openbsd. when i reworked the pools subsystem i set it up so things sleeping on memory were woken up in order. it occurs to me that perhaps we should limit mbufs by the bytes they can use rather than the number of them. that would also work well if we moved to per cpu caches for mbufs and clusters, cos the number of active mbufs in the system becomes hard to limit accurately if we want cpus to run independently. if you want something to work on in this area, could you look at letting sockets use the "jumbo" clusters instead of assuming everything has to be in 2k clusters? i started on thsi with the diff below, but it broke ospfd and i never got back to it. if you get it working, it would be interested to test creating even bigger cluster pools, eg, a 1M or 4M mbuf cluster. cheers, dlg Index: uipc_socket.c === RCS file: /cvs/src/sys/kern/uipc_socket.c,v retrieving revision 1.135 diff -u -p -r1.135 uipc_socket.c --- uipc_socket.c 11 Dec 2014 19:21:57 - 1.135 +++ uipc_socket.c 22 Dec 2014 01:11:03 - @@ -493,15 +493,18 @@ restart: mlen = MLEN; } if (resid >= MINCLSIZE && space >= MCLBYTES) { - MCLGET(m, M_NOWAIT); + MCLGETI(m, M_NOWAIT, NULL, lmin(resid, + lmin(space, MAXMCLBYTES))); if ((m->m_flags & M_EXT) == 0) goto nopages; if (atomic && top == 0) { - len = lmin(MCLBYTES - max_hdr, - resid); + len = lmin(resid, + m->m_ext.ext_size - + max_hdr); m->m_data += max_hdr; } else - len = lmin(MCLBYTES, resid); + len = lmin(resid, + m->m_ext.ext_size);
Re: new feature in pkg_add(1)
On Tue, Jun 21, 2016 at 10:43:07PM +0200, Patrik Lundin wrote: > The reason for doing this is that it is much faster than just blindly > trying to install a package, and does not hammer mirrors needlessly. > > Are there any plans to teach pkg_info -e about "%"? Is it even possible? Okay, just committed the exit code fix. pkg_info -Iq inst:python%3.5 will perform just as you would expect.
Re: new feature in pkg_add(1)
On Tue, Jun 21, 2016 at 10:43:07PM +0200, Patrik Lundin wrote: > However, "pkg_info -e" does not understand it: > === > # pkg_info -e python%2.7 > Invalid spec: python%2.7 > === > > I use pkg_info -e to check if a requested package is installed or > not prior to attempting to install/remove it. > > The reason for doing this is that it is much faster than just blindly > trying to install a package, and does not hammer mirrors needlessly. > > Are there any plans to teach pkg_info -e about "%"? Is it even possible? Doesn't fit within the model, but you can already do that thing in a different way, by choosing the right repository, namely inst. e.g., pkg_info inst:python2.7 ought to give you the right result. I need to make sure you get a sensible rc code though, which isn't okay right now.
[PATCH] let the mbufs use more then 4gb of memory
On a System where you use the maximum socketbuffer size of 256kbyte you can run out of memory after less then 9k open sockets. My patch adds a new uvm_constraint for the mbufs with a bigger memory area. I choose this area after reading the comments in sys/arch/amd64/include/pmap.h. This patch further changes the maximum sucketbuffer size from 256k to 1gb as it is described in the rfc1323 S2.3. I tested this diff with the ix, em and urndis driver. I know that this diff only works for amd64 right now, but i wanted to send this diff as a proposal what could be done. Maybe somebody has a different solution for this Problem or can me why this is a bad idea. Index: arch/amd64/amd64/bus_dma.c === RCS file: /openbsd/src/sys/arch/amd64/amd64/bus_dma.c,v retrieving revision 1.49 diff -u -p -u -p -r1.49 bus_dma.c --- arch/amd64/amd64/bus_dma.c 17 Dec 2015 17:16:04 - 1.49 +++ arch/amd64/amd64/bus_dma.c 22 Jun 2016 11:33:17 - @@ -584,7 +584,7 @@ _bus_dmamap_load_buffer(bus_dma_tag_t t, */ pmap_extract(pmap, vaddr, (paddr_t *)); - if (curaddr > dma_constraint.ucr_high) + if (curaddr > mbuf_constraint.ucr_high) panic("Non dma-reachable buffer at curaddr %#lx(raw)", curaddr); Index: arch/amd64/amd64/machdep.c === RCS file: /openbsd/src/sys/arch/amd64/amd64/machdep.c,v retrieving revision 1.221 diff -u -p -u -p -r1.221 machdep.c --- arch/amd64/amd64/machdep.c 21 May 2016 00:56:43 - 1.221 +++ arch/amd64/amd64/machdep.c 22 Jun 2016 11:33:17 - @@ -202,9 +202,11 @@ struct vm_map *phys_map = NULL; /* UVM constraint ranges. */ struct uvm_constraint_range isa_constraint = { 0x0, 0x00ffUL }; struct uvm_constraint_range dma_constraint = { 0x0, 0xUL }; +struct uvm_constraint_range mbuf_constraint = { 0x0, 0xfUL }; struct uvm_constraint_range *uvm_md_constraints[] = { _constraint, _constraint, +_constraint, NULL, }; Index: kern/uipc_mbuf.c === RCS file: /openbsd/src/sys/kern/uipc_mbuf.c,v retrieving revision 1.226 diff -u -p -u -p -r1.226 uipc_mbuf.c --- kern/uipc_mbuf.c13 Jun 2016 21:24:43 - 1.226 +++ kern/uipc_mbuf.c22 Jun 2016 11:33:18 - @@ -153,7 +153,7 @@ mbinit(void) pool_init(, MSIZE, 0, 0, 0, "mbufpl", NULL); pool_setipl(, IPL_NET); - pool_set_constraints(, _dma_contig); + pool_set_constraints(, _mbuf_contig); pool_setlowat(, mblowat); pool_init(, PACKET_TAG_MAXSIZE + sizeof(struct m_tag), @@ -166,7 +166,7 @@ mbinit(void) pool_init([i], mclsizes[i], 0, 0, 0, mclnames[i], NULL); pool_setipl([i], IPL_NET); - pool_set_constraints([i], _dma_contig); + pool_set_constraints([i], _mbuf_contig); pool_setlowat([i], mcllowat); } Index: sys/socketvar.h === RCS file: /openbsd/src/sys/sys/socketvar.h,v retrieving revision 1.60 diff -u -p -u -p -r1.60 socketvar.h --- sys/socketvar.h 25 Feb 2016 07:39:09 - 1.60 +++ sys/socketvar.h 22 Jun 2016 11:33:18 - @@ -112,7 +112,7 @@ struct socket { short sb_flags; /* flags, see below */ u_short sb_timeo; /* timeout for read/write */ } so_rcv, so_snd; -#defineSB_MAX (256*1024) /* default for max chars in sockbuf */ +#defineSB_MAX (1024*1024*1024)/* default for max chars in sockbuf */ #defineSB_LOCK 0x01/* lock on data queue */ #defineSB_WANT 0x02/* someone is waiting to lock */ #defineSB_WAIT 0x04/* someone is waiting for data/space */ Index: uvm/uvm_extern.h === RCS file: /openbsd/src/sys/uvm/uvm_extern.h,v retrieving revision 1.139 diff -u -p -u -p -r1.139 uvm_extern.h --- uvm/uvm_extern.h5 Jun 2016 08:35:57 - 1.139 +++ uvm/uvm_extern.h22 Jun 2016 11:33:18 - @@ -234,6 +234,7 @@ extern struct uvmexp uvmexp; /* Constraint ranges, set by MD code. */ extern struct uvm_constraint_range isa_constraint; extern struct uvm_constraint_range dma_constraint; +extern struct uvm_constraint_range mbuf_constraint; extern struct uvm_constraint_range no_constraint; extern struct uvm_constraint_range *uvm_md_constraints[]; @@ -398,6 +399,7 @@ extern const struct kmem_pa_mode kp_zero extern const struct kmem_pa_mode kp_dma; extern const struct kmem_pa_mode kp_dma_contig; extern const struct kmem_pa_mode kp_dma_zero; +extern const struct kmem_pa_mode kp_mbuf_contig; extern const struct kmem_pa_mode
opencvs - log command fixes
Hi, Brings log a bit more inline with its GNU counterpart by attempting to parse the date range early on, killing extra output from date.y and having a proper fatal message. Any caller of date_parse() already displays its own error messages anyway if it fails. Additionally lets not return -1 from a function that is declared to return an unsigned int. .joris Index: date.y === RCS file: /cvs/src/usr.bin/cvs/date.y,v retrieving revision 1.25 diff -u -p -r1.25 date.y --- date.y 5 Nov 2015 09:48:21 - 1.25 +++ date.y 22 Jun 2016 09:52:04 - @@ -483,16 +483,8 @@ static TABLE const MilitaryTable[] = { static int yyerror(const char *s) { -#if !defined(TEST) - char *str; - - (void)xasprintf(, "parsing date string: %s", s); - cvs_log(LP_ERR, "%s", str); - free(str); -#endif return (0); } - static time_t ToSeconds(time_t Hours, time_t Minutes, time_t Seconds, MERIDIAN Meridian) Index: getlog.c === RCS file: /cvs/src/usr.bin/cvs/getlog.c,v retrieving revision 1.98 diff -u -p -r1.98 getlog.c --- getlog.c1 Dec 2014 21:58:46 - 1.98 +++ getlog.c22 Jun 2016 09:52:04 - @@ -40,7 +40,7 @@ voidcvs_log_local(struct cvs_file *); static void log_rev_print(struct rcs_delta *); static char*push_date(char *dest, const char *); -static u_intdate_select(RCSFILE *, char *); +static int date_select(RCSFILE *, char *, u_int *); int runflags = 0; char *logrev = NULL; @@ -210,6 +210,14 @@ cvs_log_local(struct cvs_file *cf) cvs_file_classify(cf, cvs_directory_tag); + if (logrev != NULL) + nrev = cvs_revision_select(cf->file_rcs, logrev); + else if (logdate != NULL) { + if (date_select(cf->file_rcs, logdate, ) == -1) + fatal("Can't parse date/time: %s", logdate); + } else + nrev = cf->file_rcs->rf_ndelta; + if (cf->file_type == CVS_DIR) { if (verbosity > 1) cvs_log(LP_ERR, "Logging %s", cf->file_path); @@ -230,16 +238,6 @@ cvs_log_local(struct cvs_file *cf) return; } - if (logrev != NULL) - nrev = cvs_revision_select(cf->file_rcs, logrev); - else if (logdate != NULL) { - if ((nrev = date_select(cf->file_rcs, logdate)) == -1) { - cvs_log(LP_ERR, "invalid date: %s", logdate); - return; - } - } else - nrev = cf->file_rcs->rf_ndelta; - cvs_printf("\nRCS file: %s", cf->file_rpath); if (cvs_cmdop != CVS_OP_RLOG) @@ -418,8 +416,8 @@ push_date(char *dest, const char *src) return (dest); } -static u_int -date_select(RCSFILE *file, char *date) +static int +date_select(RCSFILE *file, char *date, u_int *cnt) { int i, nrev, flags; struct rcs_delta *rdp; @@ -427,6 +425,7 @@ date_select(RCSFILE *file, char *date) char *first, *last, delim; time_t firstdate, lastdate, rcsdate; + *cnt = 0; nrev = 0; args = cvs_strsplit(date, ";"); @@ -566,7 +565,8 @@ date_select(RCSFILE *file, char *date) } } + *cnt = nrev; cvs_argv_destroy(args); - return (nrev); + return 0; }
opencvs - use correct size when creating h_table
Hi, Don't allocate the length of a pointer but rather the entire size of the struct hash_head data structure when creating the h_table array. .joris Index: hash.c === RCS file: /cvs/src/usr.bin/cvs/hash.c,v retrieving revision 1.2 diff -u -p -r1.2 hash.c --- hash.c 16 Jan 2015 06:40:07 - 1.2 +++ hash.c 22 Jun 2016 09:52:04 - @@ -44,7 +44,7 @@ hash_table_init(struct hash_table *htabl hsize = 1 << power; } - htable->h_table = xcalloc(hsize, sizeof(struct hash_head *)); + htable->h_table = xcalloc(hsize, sizeof(struct hash_head)); htable->h_size = hsize; for (i = 0; i < htable->h_size; i++)
opencvs - fix signed vs unsigned type confusion across opencvs.
Hi, The diff below fixes several signed vs unsigned type confusion warnings and shuffles some assignments around. .joris Index: buf.c === RCS file: /cvs/src/usr.bin/cvs/buf.c,v retrieving revision 1.83 diff -u -p -r1.83 buf.c --- buf.c 5 Nov 2015 09:48:21 - 1.83 +++ buf.c 22 Jun 2016 09:52:04 - @@ -106,7 +106,7 @@ buf_load_fd(int fd) if (lseek(fd, 0, SEEK_SET) == -1) fatal("buf_load_fd: lseek: %s", strerror(errno)); - if (st.st_size > SIZE_MAX) + if ((uintmax_t)st.st_size > SIZE_MAX) fatal("buf_load_fd: file size too big"); buf = buf_alloc(st.st_size); if (atomicio(read, fd, buf->cb_buf, buf->cb_size) != buf->cb_size) Index: diff3.c === RCS file: /cvs/src/usr.bin/cvs/diff3.c,v retrieving revision 1.59 diff -u -p -r1.59 diff3.c --- diff3.c 5 Nov 2015 09:48:21 - 1.59 +++ diff3.c 22 Jun 2016 09:52:04 - @@ -295,7 +295,8 @@ diff3_internal(int argc, char **argv, co free(overlap); free(de); - de = d13 = d23 = overlap = NULL; + overlap = NULL; + de = d13 = d23 = NULL; increase(); @@ -793,7 +794,7 @@ edscript(int n) (void)fseek(fp[2], (long)de[n].new.from, SEEK_SET); for (k = de[n].new.to-de[n].new.from; k > 0; k-= j) { j = k > BUFSIZ ? BUFSIZ : k; - if (fread(block, 1, j, fp[2]) != j) + if (fread(block, 1, j, fp[2]) != (size_t)j) return (-1); block[j] = '\0'; diff_output("%s", block); Index: diff_internals.c === RCS file: /cvs/src/usr.bin/cvs/diff_internals.c,v retrieving revision 1.38 diff -u -p -r1.38 diff_internals.c --- diff_internals.c5 Nov 2015 09:48:21 - 1.38 +++ diff_internals.c22 Jun 2016 09:52:04 - @@ -455,13 +455,17 @@ prepare(int i, FILE *fd, off_t filesize, rewind(fd); - sz = (filesize <= SIZE_MAX ? filesize : SIZE_MAX) / 25; + if ((uintmax_t)filesize <= SIZE_MAX) + sz = filesize / 25; + else + sz = SIZE_MAX / 25; + if (sz < 100) sz = 100; p = xcalloc(sz + 3, sizeof(*p)); for (j = 0; (h = readhash(fd, flags));) { - if (j == sz) { + if ((size_t)j == sz) { sz = sz * 3 / 2; p = xreallocarray(p, sz + 3, sizeof(*p)); } Index: file.c === RCS file: /cvs/src/usr.bin/cvs/file.c,v retrieving revision 1.267 diff -u -p -r1.267 file.c --- file.c 5 Nov 2015 09:48:21 - 1.267 +++ file.c 22 Jun 2016 09:52:04 - @@ -461,12 +461,13 @@ cvs_file_walkdir(struct cvs_file *cf, st fatal("cvs_file_walkdir: %s %s", cf->file_path, strerror(errno)); - if (st.st_size > SIZE_MAX) + if ((uintmax_t)st.st_size > SIZE_MAX) fatal("cvs_file_walkdir: %s: file size too big", cf->file_name); - bufsize = st.st_size; - if (bufsize < st.st_blksize) + if (st.st_size < st.st_blksize) bufsize = st.st_blksize; + else + bufsize = st.st_size; buf = xmalloc(bufsize); RB_INIT(); @@ -1032,7 +1033,7 @@ cvs_file_cmp(const char *file1, const ch if (S_ISREG(stb1.st_mode)) { void *p1, *p2; - if (stb1.st_size > SIZE_MAX) { + if ((uintmax_t)stb1.st_size > SIZE_MAX) { ret = 1; goto out; } @@ -1087,28 +1088,31 @@ cvs_file_copy(const char *from, const ch if (S_ISREG(st.st_mode)) { char *p; + size_t len; int saved_errno; - if (st.st_size > SIZE_MAX) { + if ((uintmax_t)st.st_size > SIZE_MAX) { ret = -1; goto out; } + len = st.st_size; + if ((dst = open(to, O_CREAT|O_TRUNC|O_WRONLY, st.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO))) == -1) fatal("cvs_file_copy: open `%s': %s", to, strerror(errno)); - if ((p = mmap(NULL, st.st_size, PROT_READ, + if ((p = mmap(NULL, len, PROT_READ, MAP_FILE, src, (off_t)0)) == MAP_FAILED) { saved_errno = errno; (void)unlink(to); fatal("cvs_file_copy: mmap: %s", strerror(saved_errno)); } - madvise(p, st.st_size, MADV_SEQUENTIAL); + madvise(p, len,
opencvs - correct type of p in annotate
Hi, Use the correct type for p. .joris Index: annotate.c === RCS file: /cvs/src/usr.bin/cvs/annotate.c,v retrieving revision 1.65 diff -u -p -r1.65 annotate.c --- annotate.c 5 Nov 2015 09:48:21 - 1.65 +++ annotate.c 22 Jun 2016 09:52:04 - @@ -155,7 +155,8 @@ void cvs_annotate_local(struct cvs_file *cf) { int i; - char date[10], rnum[13], *p; + u_char *p; + char date[10], rnum[13]; RCSNUM *bnum, *rev; struct rcs_line *line; struct rcs_line **alines;
opencvs - fix revision lookups for branches
Hi, This diff below fixes a serious issue in opencvs when checking out revisions from a branch. Properly perform a revision lookup so update -r actually works again, as a bonus throw a more correct error when the revision could not be found. .joris Index: rcs.c === RCS file: /cvs/src/usr.bin/cvs/rcs.c,v retrieving revision 1.313 diff -u -p -r1.313 rcs.c --- rcs.c 5 Nov 2015 09:48:21 - 1.313 +++ rcs.c 22 Jun 2016 09:52:04 - @@ -1796,17 +1796,13 @@ rcs_rev_getlines(RCSFILE *rfp, RCSNUM *f again: for (;;) { + if (rdp == NULL) + break; + if (rdp->rd_next->rn_len != 0) { trdp = rcs_findrev(rfp, rdp->rd_next); if (trdp == NULL) fatal("failed to grab next revision"); - } else { - /* -* XXX Fail, although the caller does not always do the -* right thing (eg cvs diff when the tree is ahead of -* the repository). -*/ - break; } if (rdp->rd_tlen == 0) { @@ -1857,7 +1853,7 @@ again: } next: - if (!rcsnum_differ(rdp->rd_num, frev)) + if (rdp == NULL || !rcsnum_differ(rdp->rd_num, frev)) done = 1; if (RCSNUM_ISBRANCHREV(frev) && done != 1) { @@ -2045,6 +2041,7 @@ rcs_rev_getbuf(RCSFILE *rfp, RCSNUM *rev struct rcs_delta *rdp; struct rcs_lines *lines; struct rcs_line *lp, *nlp; + char version[RCSNUM_MAXSTR]; BUF *bp; rdp = NULL; @@ -2057,8 +2054,12 @@ rcs_rev_getbuf(RCSFILE *rfp, RCSNUM *rev expmode = rcs_kwexp_get(rfp); if (!(expmode & RCS_KWEXP_NONE)) { - if ((rdp = rcs_findrev(rfp, rev)) == NULL) - fatal("could not fetch revision"); + if ((rdp = rcs_findrev(rfp, rev)) == NULL) { + rcsnum_tostr(rev, version, sizeof(version)); + fatal("could not find desired version %s in %s", + version, rfp->rf_path); + } + expand = 1; } }