Add the -m (--prune-empty-dirs) option to openrsync

[Mohamed Bukhris]

Hello,
This patch adds the -m/--prume-empty-dirs option to openrsync
while keeping said feature compatible with rsync
this avoids the 27 -> 31 protocol mismatch error by not sharing the -m option 
to remote
This was tested locally (openrsync -> openrsync) and remotely (openrsync -> 
rsync)
Sorry if any mistakes were made

diff -ura ../origsync/extern.h ./extern.h
--- ../origsync/extern.h2023-02-21 21:43:18.871417908 +0100
+++ ./extern.h  2023-02-21 18:26:12.176316267 +0100
@@ -134,6 +134,7 @@
int  server;/* --server */
int  recursive; /* -r */
int  dry_run;   /* -n */
+   int  prune_empty_dirs;  /* -m */
int  preserve_times;/* -t */
int  preserve_perms;/* -p */
int  preserve_links;/* -l */
diff -ura ../origsync/flist.c ./flist.c
--- ../origsync/flist.c 2023-02-21 21:43:07.778145448 +0100
+++ ./flist.c   2023-02-22 06:09:51.097975517 +0100
@@ -907,6 +907,36 @@
continue;
}
 
+   /*
+* If -m (prune empty dirs) is enabled, create a new fts
+* to independently traverse directories at once and determine
+* whether we are dealing with a hierarchy of empty
+* directories, if so, skip.
+*/
+
+   if (sess->opts->prune_empty_dirs && ent->fts_info == FTS_D){
+   char*prune_cargv[2];
+   prune_cargv[0] = ent->fts_name;
+   prune_cargv[1] = NULL;
+   FTS *prunefts;
+   if ((prunefts = fts_open(prune_cargv, 
FTS_PHYSICAL, NULL)) == NULL) {
+   ERR("fts_open");
+   return 0;
+   }
+   FTSENT  *prunent;
+   int empty_chain = 1;
+   while ((prunent = fts_read(prunefts)) != NULL) {
+   if (prunent->fts_info != FTS_D && 
prunent->fts_info != FTS_DP){
+   empty_chain = 0;
+   break;
+   }
+   }
+   if (empty_chain){
+   continue;
+   }
+   fts_close(prunefts);
+   }
+
/* We don't allow symlinks without -l. */
 
assert(ent->fts_statp != NULL);
diff -ura ../origsync/main.c ./main.c
--- ../origsync/main.c  2023-02-21 21:43:10.861461862 +0100
+++ ./main.c2023-02-22 05:21:15.047310523 +0100
@@ -340,6 +340,7 @@
 { "verbose",   no_argument,,   1 },
 { "no-verbose",no_argument,,   0 },
 { "version",   no_argument,NULL,   OP_VERSION },
+   { "prune-empty-dirs", no_argument, _empty_dirs,  1 },
 { NULL,0,  NULL,   0 }
 };
 
@@ -362,7 +363,7 @@
 
opts.max_size = opts.min_size = -1;
 
-   while ((c = getopt_long(argc, argv, "Dae:ghlnoprtvxz", lopts, ))
+   while ((c = getopt_long(argc, argv, "Dae:ghlnoprtvxzm", lopts, ))
!= -1) {
switch (c) {
case 'D':
@@ -382,6 +383,9 @@
case 'e':
opts.ssh_prog = optarg;
break;
+   case 'm':
+   opts.prune_empty_dirs = 1;
+   break;
case 'g':
opts.preserve_gids = 1;
break;
@@ -633,7 +637,7 @@
exit(rc);
 usage:
fprintf(stderr, "usage: %s"
-   " [-aDglnoprtvx] [-e program] [--address=sourceaddr]\n"
+   " [-aDglnoprtvxm] [-e program] [--address=sourceaddr]\n"
"\t[--contimeout=seconds] [--compare-dest=dir] [--del] 
[--exclude]\n"
"\t[--exclude-from=file] [--include] [--include-from=file]\n"
"\t[--no-motd] [--numeric-ids] [--port=portnumber]\n"
diff -ura ../origsync/rsync.1 ./rsync.1
--- ../origsync/rsync.1 2023-02-21 21:43:19.451414725 +0100
+++ ./rsync.1   2023-02-22 05:45:26.459345977 +0100
@@ -220,6 +220,8 @@
 If this option is repeated, all mount point directories from the copy are
 omitted.
 Otherwise, it includes an empty directory at each mount point it encounters.
+.It Fl m , -prune-empty-dirs
+Prune empty directory chains from the file list.
 .It Fl -version
 Print version and exit.
 .El

pinsyscall, execve, and rop pivots, etc

[Theo de Raadt]

These days, when attackers find bugs they cannot simply load code onto
the stack or a databuffer and run it there.  Those days are over because
an increasing number of restrictions were imposed upon address space
use.

So they tend to use ROP.  This is done by loading return addresses onto
the stack, which point at small chunks of prexisting code (called
gadgets), which then operate on the registers, top of stack, and other
conditions known at the moment of attack, and influence the program state
and gain escalation using pre-calulated means.

The first challenge for a ROP programmer is know where the gadgets, they
must be in a text segment.  That is usually done by getting an info leak
from the same process before the ROP upload -- basically, the address of
some code section must be known (to de-ASLR it).

Of course you also know the layout, so random relinking is a pain, because
knowing one address in libc no longer tells you where the rest of libc's
gadget base is.

The same ASLR + random-relinking applies to the other executable chunk in
the address space: ld.so

We are also starting to randomly-relink other security sensitive programs
(sshd first)

Anyways, this ROP attack method can take a few approaches, and these are
probably the most common:

1 - modify some "global state", repair the damage, return to normal operation
and depend upon that changed global changed to provide the goal of giving
access or escalation.  I think this is complex, domain-specific work,
and very rare

2 - return-to-libc, this means to use a partially uploaded + further modified
block of arguments, and jump to libc execve or system.  The random
relinking really gets in the way here.

3 - another approach is to create the arguments as in #2, but to create a
system call entry by loading the system call number and jumping straight
to a system-call instruction.  This can be easier than #2, because you
don't need to find system or execve or family, but can find *any* system
call stub that works.  It might not be in libc, it might be in ld.so (which
is also ASLR located, and also random-relinked).  The syscall stub cannot
be in a dynamic main program's text segment because that blocks system
call entry (msyscall).  The alure of method #3 is that ld.so contains
30 system call entry points, and libc.so contains 150+, so if you have
enough info you can jump to any of your choice.

Well, you can't do #3 as easily anymore.  I have introduced
pinsyscall(2), which lets ld.so [dynamic programs] or crt0 [static
programs] tell the kernel where the SPECIFIC execve entry point is, and
any other entry point is invalid and kills the program.

Now the attacker must precisely know where that specific system call
nstruction is.

It is very cheap code relative to the hurdle it provides.

ps. Another similar problem called "SROP" was fixed in 2016 for sigreturn(),
using a similar idea of looking at the PC entry point.

Re: assert fail in pfsync_grab_snapshot()

[Alexandr Nedvedicky]

Hello Lyndon,

this assert has been removed in current (revision 1.310). The complete diff
reads as follows:

8<---8<---8<--8<
diff --git a/sys/net/if_pfsync.c b/sys/net/if_pfsync.c
index d279ede9cd6..64a2da195ab 100644
--- a/sys/net/if_pfsync.c
+++ b/sys/net/if_pfsync.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: if_pfsync.c,v 1.309 2022/11/06 21:34:01 kn Exp $  */
+/* $OpenBSD: if_pfsync.c,v 1.310 2022/11/11 11:22:48 sashan Exp $  */
 
 /*
  * Copyright (c) 2002 Michael Shalayeff
@@ -1362,10 +1362,17 @@ pfsync_grab_snapshot(struct pfsync_snapshot *sn, struct 
pfsync_softc *sc)
TAILQ_INIT(>sn_qs[q]);
 
while ((st = TAILQ_FIRST(>sc_qs[q])) != NULL) {
-   KASSERT(st->snapped == 0);
TAILQ_REMOVE(>sc_qs[q], st, sync_list);
-   TAILQ_INSERT_TAIL(>sn_qs[q], st, sync_snap);
-   st->snapped = 1;
+   if (st->snapped == 0) {
+   TAILQ_INSERT_TAIL(>sn_qs[q], st, sync_snap);
+   st->snapped = 1;
+   } else {
+   /*
+* item is on snapshot list already, so we can
+* skip it now.
+*/
+   pf_state_unref(st);
+   }
}
}
 
8<---8<---8<--8<

commit changes the assert to regular condition. Not sure if diff applies
cleanly to 7.2

regards
sashan

On Tue, Feb 21, 2023 at 11:58:51AM -0800, Lyndon Nerenberg (VE7TFX/VE6BBM) 
wrote:
> Perhaps related to the recent discussion about pf errors?  This
> happened this morning, on a fully patched 7.2 amd64. dmesg and other
> info available on request.
> 
> ddb{0}> bt
> db_enter() at db_enter+0x10
> panic(81f30a19) at panic+0xbf
> __assert(81fa0761,81fd3154,637,81f6b8f7) at 
> __assert+0x
> 25
> pfsync_grab_snapshot(8000211e0ee0,80b57000) at 
> pfsync_grab_snapshot
> +0x308
> pfsync_sendout() at pfsync_sendout+0x89
> pfsync_update_state(fd905d068020) at pfsync_update_state+0x15b
> pf_test(2,3,80b65000,8000211e1258) at pf_test+0x117a
> ip_output(fd806e7ce500,0,8000211e13e8,1,0,0,e42ab41b1c818e9c) at 
> ip_out
> put+0x6b7
> ip_forward(fd806e7ce500,80b53800,fd8d52297390,0) at 
> ip_forward+
> 0x2da
> ip_input_if(8000211e1528,8000211e1534,4,0,80b53800) at 
> ip_input
> _if+0x35c
> ipv4_input(80b53800,fd806e7ce500) at ipv4_input+0x39
> ether_input(80b53800,fd806e7ce500) at ether_input+0x3b1
> carp_input(80b67800,fd806e7ce500,5e000106) at carp_input+0x196
> ether_input(80b67800,fd806e7ce500) at ether_input+0x1d9
> vlan_input(80b39000,fd806e7ce500,8000211e175c) at 
> vlan_input+0x
> 23d
> ether_input(80b39000,fd806e7ce500) at ether_input+0x85
> if_input_process(802c5048,8000211e17f8) at if_input_process+0x6f
> ifiq_process(802c8600) at ifiq_process+0x69
> taskq_thread(80033200) at taskq_thread+0x100
> end trace frame: 0x0, count: -19
> ddb{0}> show panic
> *cpu0: kernel diagnostic assertion "st->snapped == 0" failed: file 
> "/usr/src/sy
> s/net/if_pfsync.c", line 1591
>  cpu3: kernel diagnostic assertion "st->snapped == 0" failed: file 
> "/usr/src/sy
> s/net/if_pfsync.c", line 1591
>  cpu1: kernel diagnostic assertion "st->snapped == 0" failed: file 
> "/usr/src/sy
> s/net/if_pfsync.c", line 1591
> ddb{0}> 
> 
> --lyndon
> 

assert fail in pfsync_grab_snapshot()

[Lyndon Nerenberg (VE7TFX/VE6BBM)]

Perhaps related to the recent discussion about pf errors?  This
happened this morning, on a fully patched 7.2 amd64. dmesg and other
info available on request.

ddb{0}> bt
db_enter() at db_enter+0x10
panic(81f30a19) at panic+0xbf
__assert(81fa0761,81fd3154,637,81f6b8f7) at __assert+0x
25
pfsync_grab_snapshot(8000211e0ee0,80b57000) at pfsync_grab_snapshot
+0x308
pfsync_sendout() at pfsync_sendout+0x89
pfsync_update_state(fd905d068020) at pfsync_update_state+0x15b
pf_test(2,3,80b65000,8000211e1258) at pf_test+0x117a
ip_output(fd806e7ce500,0,8000211e13e8,1,0,0,e42ab41b1c818e9c) at ip_out
put+0x6b7
ip_forward(fd806e7ce500,80b53800,fd8d52297390,0) at ip_forward+
0x2da
ip_input_if(8000211e1528,8000211e1534,4,0,80b53800) at ip_input
_if+0x35c
ipv4_input(80b53800,fd806e7ce500) at ipv4_input+0x39
ether_input(80b53800,fd806e7ce500) at ether_input+0x3b1
carp_input(80b67800,fd806e7ce500,5e000106) at carp_input+0x196
ether_input(80b67800,fd806e7ce500) at ether_input+0x1d9
vlan_input(80b39000,fd806e7ce500,8000211e175c) at vlan_input+0x
23d
ether_input(80b39000,fd806e7ce500) at ether_input+0x85
if_input_process(802c5048,8000211e17f8) at if_input_process+0x6f
ifiq_process(802c8600) at ifiq_process+0x69
taskq_thread(80033200) at taskq_thread+0x100
end trace frame: 0x0, count: -19
ddb{0}> show panic
*cpu0: kernel diagnostic assertion "st->snapped == 0" failed: file "/usr/src/sy
s/net/if_pfsync.c", line 1591
 cpu3: kernel diagnostic assertion "st->snapped == 0" failed: file "/usr/src/sy
s/net/if_pfsync.c", line 1591
 cpu1: kernel diagnostic assertion "st->snapped == 0" failed: file "/usr/src/sy
s/net/if_pfsync.c", line 1591
ddb{0}> 

--lyndon

wsmouse(4): multi-touch buttons again

[Ulf Brosziewski]

This diff is an extension of Tobias Heider's proposal, which aims at
providing "Apple-like" button inputs on clickpads.  I have added some
things in order to approximate the behaviour of other input drivers.

It's a quick shot, and I have no idea whether it is sufficient in
practice, it certainly needs thorough testing.

The wsconsctl part doesn't provide a named field yet.  With a
recompiled wsconsctl and kernel, the command

# wsconsctl mouse.param=72:1

activates the feature, if it is available (see below).

The patch contains a simple filter for distinguishing the two-finger
inputs that should trigger right-button events from the ones that
shouldn't:  If the distance between two contacts is small, the driver
generates a right-button event; if it is greater than some threshold
value, the second contact will be ignored.

When a touch is resting in the bottom area, it will be ignored, and no
further filtering applies to the other touches.

You can inspect the threshold value with

# wsconsctl mouse.param=143

and change it with

# wsconsctl mouse.param=143:

The value is given in device units.  If the driver for your touchpad is
imt(4), the default should correspond, roughly, to a distance of 35mm.
The threshold is reduced by one third if a two-finger click involves a
touch in the bottom area.  (On medium-sized touchpads, this may be
necessary to leave enough room for left-button clicks performed by the
thumb while the pointer-controlling touch remains on the touchpad.)

The feature won't work decently on small touchpads, and it cannot work
on touchpads without MT-support in our kernel.  wsmouse checks whether
a touchpad
1) has MT support,
2) is a clickpad,
3) its resolution is reported to wsmouse,
4) it reports a horizontal size greater than 100mm, and
5) a vertical size greater than 60mm.

If these conditions aren't met, wsmouse sets the distance limit to -1,
which blocks the MTBUTTONS feature.  I think only imt(4) touchpads can
meet these criteria; however, the value can be overridden manually or
programmatically, and ubcmtp and aplms do this on initialization.
These drivers don't report resolution values; the distance limit will
be set to a fourth of the length of the touchpad diagonal.  That's a
workaround based on a wild guess, and I couldn't test it with Apple
hardware.  If you want to apply it to an Elantech-v4 touchpad run by
pms(4), try

# wsconsctl mouse.param=143:0,72:1

(A change from -1 to 0 will trigger the workaround.)


diff --git a/sbin/wsconsctl/mousecfg.c b/sbin/wsconsctl/mousecfg.c
index 76a9984bd86..d6609218372 100644
--- a/sbin/wsconsctl/mousecfg.c
+++ b/sbin/wsconsctl/mousecfg.c
@@ -40,9 +40,9 @@
 #define TP_FILTER_FIRSTWSMOUSECFG_DX_MAX
 #define TP_FILTER_LAST WSMOUSECFG_SMOOTHING
 #define TP_FEATURES_FIRST  WSMOUSECFG_SOFTBUTTONS
-#define TP_FEATURES_LAST   WSMOUSECFG_DISABLE
+#define TP_FEATURES_LAST   WSMOUSECFG_MTBUTTONS
 #define TP_SETUP_FIRST WSMOUSECFG_LEFT_EDGE
-#define TP_SETUP_LAST  WSMOUSECFG_TAP_THREE_BTNMAP
+#define TP_SETUP_LAST  WSMOUSECFG_MTBTN_MAXDIST
 #define LOG_FIRST  WSMOUSECFG_LOG_INPUT
 #define LOG_LAST   WSMOUSECFG_LOG_EVENTS

diff --git a/sys/arch/arm64/dev/aplhidev.c b/sys/arch/arm64/dev/aplhidev.c
index 265c5196168..b3bf4838fe8 100644
--- a/sys/arch/arm64/dev/aplhidev.c
+++ b/sys/arch/arm64/dev/aplhidev.c
@@ -680,6 +680,10 @@ struct ubcmtp_finger {
 /* Use a constant, synaptics-compatible pressure value for now. */
 #define DEFAULT_PRESSURE   40

+static struct wsmouse_param aplms_wsmousecfg[] = {
+   { WSMOUSECFG_MTBTN_MAXDIST, 0 }, /* 0: Compute a default value. */
+};
+
 struct aplms_softc {
struct device   sc_dev;
struct device   *sc_wsmousedev;
@@ -759,7 +763,8 @@ aplms_configure(struct aplms_softc *sc)
hw->mt_slots = UBCMTP_MAX_FINGERS;
hw->flags = WSMOUSEHW_MT_TRACKING;

-   return wsmouse_configure(sc->sc_wsmousedev, NULL, 0);
+   return wsmouse_configure(sc->sc_wsmousedev,
+   aplms_wsmousecfg, nitems(aplms_wsmousecfg));
 }

 void
diff --git a/sys/dev/hid/hidmt.c b/sys/dev/hid/hidmt.c
index 62b500a4f44..9e01fe597bf 100644
--- a/sys/dev/hid/hidmt.c
+++ b/sys/dev/hid/hidmt.c
@@ -103,7 +103,7 @@ hidmt_get_resolution(struct hid_item *h)
phy_extent *= 10;
}

-   return (log_extent / phy_extent);
+   return ((log_extent + phy_extent / 2) / phy_extent);
 }

 int
diff --git a/sys/dev/usb/ubcmtp.c b/sys/dev/usb/ubcmtp.c
index d86883bd6c2..b5acdadef46 100644
--- a/sys/dev/usb/ubcmtp.c
+++ b/sys/dev/usb/ubcmtp.c
@@ -309,6 +309,10 @@ static const struct ubcmtp_dev ubcmtp_devices[] = {
},
 };

+static struct wsmouse_param ubcmtp_wsmousecfg[] = {
+   { WSMOUSECFG_MTBTN_MAXDIST, 0 }, /* 0: Compute a default value. */
+};
+
 struct ubcmtp_softc {
struct device   sc_dev; /* base device */

@@ -529,7 +533,8 @@ 

installer: location of sets: better default for boot-only CDs

[Klemens Nanni]

If there is a CD during install, it is picked as default set location:

Let's install the sets!
Location of sets? (cd0 disk http nfs or 'done') [cd0] 

(Only netboot or existing installurl(5) on the root disk take priority and
defaul it to "http".)

For install72.iso the "cd0" default makes sense as it contains sets,
but cd72.iso is like miniroot72.img, so you need another location.

Skip "cd0" if it is cd72.iso such that the next default kicks in: "http".

Match for the exact CD label and skip "boot-only" aka. cd72.iso.
This seems better than limiting the default to "Install" aka. install72.iso
as it will keep picking "cd0" for custom user CDs.


Feedback? Objection? OK?

Index: install.sub
===
RCS file: /cvs/src/distrib/miniroot/install.sub,v
retrieving revision 1.1230
diff -u -p -r1.1230 install.sub
--- install.sub 21 Feb 2023 12:56:50 -  1.1230
+++ install.sub 21 Feb 2023 17:09:40 -
@@ -2771,7 +2771,11 @@ install_sets() {
[[ -s /mnt/etc/installurl ]] && _d=http
 
# Set default location to the first cdrom device if any are found.
-   [[ -n $_cddevs ]] && : ${_d:=cd0}
+   # Skip official cd*.iso without sets.
+   if [[ -n $_cddevs ]] &&
+   disklabel cd0 | ! grep -qxF "label: $VNAME boot-only CD"; then
+   : ${_d:=cd0}
+   fi
 
# Add NFS to set locations if the boot kernel supports it.
[[ -x /sbin/mount_nfs ]] && _locs="$_locs nfs"

Re: Patch to add -p (reading/parsing /etc/sysctl.conf) option to sysctl

[Theo de Raadt]

I do not see the value of this change.

jhx  wrote:

> Thanks to all the suggestions/hints from Crystal Kolipe and Janne
> Johansson I made a few changes to the patch.
> 
> This also fixes reading commented lines.
> 
> Thanks!
> 
> --- sysctl.c.dist Tue Feb 21 12:17:57 2023
> +++ sysctl.c  Tue Feb 21 13:41:13 2023
> @@ -138,6 +138,9 @@
>  /* Maximum size object to expect from sysctl(2) */
>  #define SYSCTL_BUFSIZ8192
> 
> +/* Default sysctl.conf location */
> +#define SYSCTL_CONF "/etc/sysctl.conf"
> +
>  struct list {
>   struct  ctlname *list;
>   int size;
> @@ -161,7 +164,7 @@
>   { 0, 0 },   /* CTL_VFS */
>  };
> 
> -int  Aflag, aflag, nflag, qflag;
> +int  Aflag, aflag, nflag, pflag, qflag;
> 
>  time_t boottime;
> 
> @@ -192,6 +195,7 @@
>  ssize_t parse_hex_string(unsigned char *, size_t, const char *);
>  void parse(char *, int);
>  void parse_baddynamic(int *, size_t, char *, void **, size_t *, int, int);
> +void read_config(void);
>  void usage(void);
>  int findname(char *, char *, char **, struct list *);
>  int sysctl_inet(char *, char **, int *, int, int *);
> @@ -232,7 +236,7 @@
>  {
>   int ch, lvl1;
> 
> - while ((ch = getopt(argc, argv, "Aanqw")) != -1) {
> + while ((ch = getopt(argc, argv, "Aanpqw")) != -1) {
>   switch (ch) {
> 
>   case 'A':
> @@ -247,6 +251,10 @@
>   nflag = 1;
>   break;
> 
> + case 'p':
> + pflag = 1;
> + break;
> +
>   case 'q':
>   qflag = 1;
>   break;
> @@ -268,9 +276,16 @@
>   err(1,"unveil %s", _PATH_DEVDB);
>   if (unveil("/dev", "r") == -1 && errno != ENOENT)
>   err(1, "unveil /dev");
> + if(unveil(SYSCTL_CONF, "r") == -1 && errno != ENOENT)
> + err(1, "unveil /etc/sysctl.conf");
>   if (unveil(NULL, NULL) == -1)
>   err(1, "unveil");
> 
> + if (pflag) {
> + read_config();
> + return (0);
> + }
> +
>   if (argc == 0 || (Aflag || aflag)) {
>   debuginit();
>   vfsinit();
> @@ -278,9 +293,33 @@
>   listall(topname[lvl1].ctl_name, [lvl1]);
>   return (0);
>   }
> +
>   for (; *argv != NULL; ++argv)
>   parse(*argv, 1);
>   return (0);
> +}
> +
> +/*
> + * Read sysctl.conf and parse every line
> + */
> +void
> +read_config(void)
> +{
> + char line[SYSCTL_BUFSIZ];
> + FILE *file;
> +
> + file = fopen(SYSCTL_CONF, "r");
> + if(!file)
> + errx(1, "Cannot open %s", SYSCTL_CONF);
> +
> + while(fgets(line, SYSCTL_BUFSIZ, file) != NULL) {
> + /* Ignore comments */
> + if (strncmp(line, "#", 1) == 0)
> + continue;
> + line[strlen(line)-1] = '\0';
> + parse(line, 1);
> + memset(line, '\0', SYSCTL_BUFSIZ);
> + }
>  }
> 
>  /*
> 
> 
> --- sysctl.8.dist Tue Feb 21 12:18:21 2023
> +++ sysctl.8  Tue Feb 21 12:09:59 2023
> @@ -38,7 +38,7 @@
>  .Nd get or set kernel state
>  .Sh SYNOPSIS
>  .Nm sysctl
> -.Op Fl Aanq
> +.Op Fl Aanpq
>  .Op Ar name Ns Op = Ns Ar value
>  .Sh DESCRIPTION
>  The
> @@ -74,6 +74,8 @@
>  For example, to set the psize shell variable to the pagesize of the
>  hardware:
>  .Pp
>  .Dl # set psize=`sysctl -n hw.pagesize`
> +.It Fl p
> +Read and apply all settings from /etc/sysctl.conf.
>  .It Fl q
>  Suppress all output when setting a variable.
>  This option overrides the behaviour of
> @@ -133,6 +135,10 @@
>  To retrieve information about the load average history:
>  .Pp
>  .Dl $ sysctl vm.loadavg
> +.Pp
> +To apply all settings from /etc/sysctl.conf
> +.Pp
> +.Dl # sysctl -p
>  .Pp
>  To make the
>  .Xr chown 2
> 

Re: Patch to add -p (reading/parsing /etc/sysctl.conf) option to sysctl

[Fabian Keil]

jhx  wrote on 2023-02-21 at 12:46:28:

> Thanks to all the suggestions/hints from Crystal Kolipe and Janne 
> Johansson I made a few changes to the patch.

FYI, there is prior art.

ElectroBSD's sysctl inherited an -f option from FreeBSD:

| -f filename
| Specify a file which contains a pair of name and value in each
| line.  sysctl reads and processes the specified file first and
| then processes the name and value pairs in the command line
| argument.


Fabian

Re: Patch to add -p (reading/parsing /etc/sysctl.conf) option to sysctl

[Stuart Henderson]

A couple of comments,

> - while ((ch = getopt(argc, argv, "Aanqw")) != -1) {
> + while ((ch = getopt(argc, argv, "Aanpqw")) != -1) {

The use of -p as the flag seems a bit odd, -f would be my instinctive
choice - though it does match one of the three possibliities in Linux'
sysctl(8).

FreeBSD has this functionality under -f with a non-optional filename.

Linux has the same thing under all of -f, -p and --load (why?!) with
an optional filename defaulting to /etc/sysctl.conf.

At this point it might make sense to pause for more feedback to see if
there are objections before spending more time coding, OpenBSD is
often quite conservative about adding options to standard tools.

> + if(unveil(SYSCTL_CONF, "r") == -1 && errno != ENOENT)
> + err(1, "unveil /etc/sysctl.conf");

It would make more sense to use the macro in the error message as
well, though if this does go in, matching other OS' ability to use
a different filename would make more sense.

> + while(fgets(line, SYSCTL_BUFSIZ, file) != NULL) {
> + /* Ignore comments */
> + if (strncmp(line, "#", 1) == 0)
> + continue;

The existing format allows # in the middle of a line, and (especially
in conjunction with this) there maybe spaces which need trimming.
FreeBSD's implementation handles those (with extra bits to avoid
trimming # inside quotes).

Re: Patch to add -p (reading/parsing /etc/sysctl.conf) option to sysctl

[Crystal Kolipe]

On Tue, Feb 21, 2023 at 12:46:11PM +0100, Mike Fischer wrote:
> 
> > Am 21.02.2023 um 12:00 schrieb Crystal Kolipe :
> > 
> > On Tue, Feb 21, 2023 at 11:29:17AM +0100, jhx wrote:
> >> this patch adds the "-p" option to sysctl which makes it possible to
> >> read/parse/apply settings from /etc/sysctl.conf at any time the user 
> >> wishes.
> > 
> > This is an interesting idea, but you can effectively do the same thing
> > from the shell with:
> > 
> > # sysctl `cat /etc/sysctl.conf`
> > 
> > Also, note that both your patch and the above shell command do not
> > gracefully handle comment lines in /etc/sysctl.conf, (although that
> > shouldn't cause any problem in practice).
> 
> Also there is a difference between the use of /etc/sysctl.conf at boot and
> when using either the proposed -p option or the shell command: At boot we
> start out with the default values. When re-reading /etc/sysctl.conf the
> current state is the base. That is very relevant if you e.g. remove a line
> from /etc/sysctl.conf (to go back to the default).

Agreed.

Also, the main use of this would presumably be to test a new configuration in
/etc/sysctl.conf without rebooting.  The problem here is that when
/etc/sysctl.conf is read by /etc/rc, this is done before kern.securelevel is
raised.

The upshot of this is that we can never fully implement the idea, because
if you put, for example:

hw.allowpowerdown=0

in /etc/sysctl.conf, then you will get different behaviour re-loading the
config without rebooting, (the value won't change), to that which you get
when rebooting, (the new value of 0 will be set).

So at the very least, this limitation would probably need to be mentioned in
the manual page.

Re: Patch to add -p (reading/parsing /etc/sysctl.conf) option to sysctl

[jhx]

Thanks to all the suggestions/hints from Crystal Kolipe and Janne 
Johansson I made a few changes to the patch.


This also fixes reading commented lines.

Thanks!

--- sysctl.c.dist   Tue Feb 21 12:17:57 2023
+++ sysctl.cTue Feb 21 13:41:13 2023
@@ -138,6 +138,9 @@
 /* Maximum size object to expect from sysctl(2) */
 #define SYSCTL_BUFSIZ  8192

+/* Default sysctl.conf location */
+#define SYSCTL_CONF "/etc/sysctl.conf"
+
 struct list {
struct  ctlname *list;
int size;
@@ -161,7 +164,7 @@
{ 0, 0 },   /* CTL_VFS */
 };

-intAflag, aflag, nflag, qflag;
+intAflag, aflag, nflag, pflag, qflag;

 time_t boottime;

@@ -192,6 +195,7 @@
 ssize_t parse_hex_string(unsigned char *, size_t, const char *);
 void parse(char *, int);
 void parse_baddynamic(int *, size_t, char *, void **, size_t *, int, int);
+void read_config(void);
 void usage(void);
 int findname(char *, char *, char **, struct list *);
 int sysctl_inet(char *, char **, int *, int, int *);
@@ -232,7 +236,7 @@
 {
int ch, lvl1;

-   while ((ch = getopt(argc, argv, "Aanqw")) != -1) {
+   while ((ch = getopt(argc, argv, "Aanpqw")) != -1) {
switch (ch) {

case 'A':
@@ -247,6 +251,10 @@
nflag = 1;
break;

+   case 'p':
+   pflag = 1;
+   break;
+
case 'q':
qflag = 1;
break;
@@ -268,9 +276,16 @@
err(1,"unveil %s", _PATH_DEVDB);
if (unveil("/dev", "r") == -1 && errno != ENOENT)
err(1, "unveil /dev");
+   if(unveil(SYSCTL_CONF, "r") == -1 && errno != ENOENT)
+   err(1, "unveil /etc/sysctl.conf");
if (unveil(NULL, NULL) == -1)
err(1, "unveil");

+   if (pflag) {
+   read_config();
+   return (0);
+   }
+
if (argc == 0 || (Aflag || aflag)) {
debuginit();
vfsinit();
@@ -278,9 +293,33 @@
listall(topname[lvl1].ctl_name, [lvl1]);
return (0);
}
+
for (; *argv != NULL; ++argv)
parse(*argv, 1);
return (0);
+}
+
+/*
+ * Read sysctl.conf and parse every line
+ */
+void
+read_config(void)
+{
+   char line[SYSCTL_BUFSIZ];
+   FILE *file;
+
+   file = fopen(SYSCTL_CONF, "r");
+   if(!file)
+   errx(1, "Cannot open %s", SYSCTL_CONF);
+
+   while(fgets(line, SYSCTL_BUFSIZ, file) != NULL) {
+   /* Ignore comments */
+   if (strncmp(line, "#", 1) == 0)
+   continue;
+   line[strlen(line)-1] = '\0';
+   parse(line, 1);
+   memset(line, '\0', SYSCTL_BUFSIZ);
+   }
 }

 /*


--- sysctl.8.dist   Tue Feb 21 12:18:21 2023
+++ sysctl.8Tue Feb 21 12:09:59 2023
@@ -38,7 +38,7 @@
 .Nd get or set kernel state
 .Sh SYNOPSIS
 .Nm sysctl
-.Op Fl Aanq
+.Op Fl Aanpq
 .Op Ar name Ns Op = Ns Ar value
 .Sh DESCRIPTION
 The
@@ -74,6 +74,8 @@
 For example, to set the psize shell variable to the pagesize of the 
hardware:

 .Pp
 .Dl # set psize=`sysctl -n hw.pagesize`
+.It Fl p
+Read and apply all settings from /etc/sysctl.conf.
 .It Fl q
 Suppress all output when setting a variable.
 This option overrides the behaviour of
@@ -133,6 +135,10 @@
 To retrieve information about the load average history:
 .Pp
 .Dl $ sysctl vm.loadavg
+.Pp
+To apply all settings from /etc/sysctl.conf
+.Pp
+.Dl # sysctl -p
 .Pp
 To make the
 .Xr chown 2

Re: Patch to add -p (reading/parsing /etc/sysctl.conf) option to sysctl

[Mike Fischer]

> Am 21.02.2023 um 12:00 schrieb Crystal Kolipe :
> 
> On Tue, Feb 21, 2023 at 11:29:17AM +0100, jhx wrote:
>> this patch adds the "-p" option to sysctl which makes it possible to
>> read/parse/apply settings from /etc/sysctl.conf at any time the user wishes.
> 
> This is an interesting idea, but you can effectively do the same thing
> from the shell with:
> 
> # sysctl `cat /etc/sysctl.conf`
> 
> Also, note that both your patch and the above shell command do not
> gracefully handle comment lines in /etc/sysctl.conf, (although that
> shouldn't cause any problem in practice).

Also there is a difference between the use of /etc/sysctl.conf at boot and when 
using either the proposed -p option or the shell command: At boot we start out 
with the default values. When re-reading /etc/sysctl.conf the current state is 
the base. That is very relevant if you e.g. remove a line from /etc/sysctl.conf 
(to go back to the default).


Mike

Re: Patch to add -p (reading/parsing /etc/sysctl.conf) option to sysctl

[Crystal Kolipe]

On Tue, Feb 21, 2023 at 11:29:17AM +0100, jhx wrote:
> this patch adds the "-p" option to sysctl which makes it possible to
> read/parse/apply settings from /etc/sysctl.conf at any time the user wishes.

This is an interesting idea, but you can effectively do the same thing
from the shell with:

# sysctl `cat /etc/sysctl.conf`

Also, note that both your patch and the above shell command do not
gracefully handle comment lines in /etc/sysctl.conf, (although that
shouldn't cause any problem in practice).

Patch to add -p (reading/parsing /etc/sysctl.conf) option to sysctl

[jhx]

Hello everyone,

this patch adds the "-p" option to sysctl which makes it possible to 
read/parse/apply settings from /etc/sysctl.conf at any time the user 
wishes. Normally, the sysctl.conf is only parsed during system boot via rc.
I've tested the patch on OpenBSD 7.2 amd64 and so far there have been no 
problems.


Thanks in advance!

PS: Sorry if any mistakes were made, first time trying to contribute.


--- sysctl.c.dist   Tue Feb 21 12:17:57 2023
+++ sysctl.cTue Feb 21 11:59:56 2023
@@ -138,6 +138,9 @@
 /* Maximum size object to expect from sysctl(2) */
 #define SYSCTL_BUFSIZ  8192

+/* Default sysctl.conf location */
+#define SYSCTL_CONF "/etc/sysctl.conf"
+
 struct list {
struct  ctlname *list;
int size;
@@ -161,7 +164,7 @@
{ 0, 0 },   /* CTL_VFS */
 };

-intAflag, aflag, nflag, qflag;
+intAflag, aflag, nflag, pflag, qflag;

 time_t boottime;

@@ -192,6 +195,7 @@
 ssize_t parse_hex_string(unsigned char *, size_t, const char *);
 void parse(char *, int);
 void parse_baddynamic(int *, size_t, char *, void **, size_t *, int, int);
+void read_config(void);
 void usage(void);
 int findname(char *, char *, char **, struct list *);
 int sysctl_inet(char *, char **, int *, int, int *);
@@ -232,7 +236,7 @@
 {
int ch, lvl1;

-   while ((ch = getopt(argc, argv, "Aanqw")) != -1) {
+   while ((ch = getopt(argc, argv, "Aanpqw")) != -1) {
switch (ch) {

case 'A':
@@ -247,6 +251,10 @@
nflag = 1;
break;

+   case 'p':
+   pflag = 1;
+   break;
+
case 'q':
qflag = 1;
break;
@@ -268,9 +276,16 @@
err(1,"unveil %s", _PATH_DEVDB);
if (unveil("/dev", "r") == -1 && errno != ENOENT)
err(1, "unveil /dev");
+   if(unveil("/etc", "r") == -1 && errno != ENOENT)
+   err(1, "unveil /etc");
if (unveil(NULL, NULL) == -1)
err(1, "unveil");

+   if (pflag) {
+   read_config();
+   return (0);
+   }
+
if (argc == 0 || (Aflag || aflag)) {
debuginit();
vfsinit();
@@ -278,9 +293,30 @@
listall(topname[lvl1].ctl_name, [lvl1]);
return (0);
}
+
for (; *argv != NULL; ++argv)
parse(*argv, 1);
return (0);
+}
+
+/*
+ * Read sysctl.conf and parse every line
+ */
+void
+read_config(void)
+{
+   char line[SYSCTL_BUFSIZ];
+   FILE *file;
+
+   file = fopen(SYSCTL_CONF, "r");
+   if(!file)
+   err(1, "fopen");
+
+   while(fgets(line, SYSCTL_BUFSIZ, file) != NULL) {
+   line[strlen(line)-1] = '\0';
+   parse(line, 1);
+   memset(line, '\0', SYSCTL_BUFSIZ);
+   }
 }

 /*

--- sysctl.8.dist   Tue Feb 21 12:18:21 2023
+++ sysctl.8Tue Feb 21 12:09:59 2023
@@ -38,7 +38,7 @@
 .Nd get or set kernel state
 .Sh SYNOPSIS
 .Nm sysctl
-.Op Fl Aanq
+.Op Fl Aanpq
 .Op Ar name Ns Op = Ns Ar value
 .Sh DESCRIPTION
 The
@@ -74,6 +74,8 @@
 For example, to set the psize shell variable to the pagesize of the 
hardware:

 .Pp
 .Dl # set psize=`sysctl -n hw.pagesize`
+.It Fl p
+Read and apply all settings from /etc/sysctl.conf.
 .It Fl q
 Suppress all output when setting a variable.
 This option overrides the behaviour of
@@ -133,6 +135,10 @@
 To retrieve information about the load average history:
 .Pp
 .Dl $ sysctl vm.loadavg
+.Pp
+To apply all settings from /etc/sysctl.conf
+.Pp
+.Dl # sysctl -p
 .Pp
 To make the
 .Xr chown 2

Re: rpki-client: refactor parse_load_crl_from_mft()

[Claudio Jeker]

On Tue, Feb 21, 2023 at 11:10:33AM +0100, Theo Buehler wrote:
> > Why did you rename *crl to *res? For me res is normally more like an
> > integer result. I would prefer if you keep that as crl.
> > 
> > Still OK claudio@
> 
> I would prefer to keep the refactor/cleanup separate from the behavior
> change. This change is incomplete and not easy to follow. For example,
> there's no point in passing down location to proc_parser_mft_pre()
> anymore.

Sure. Just flip the input to always go for both dirs and do the cleanup
afterwards. I just don't want to add more on top of this (like registring
CRLs in a different way). This should be a seperate step.

-- 
:wq Claudio

Re: rpki-client: refactor parse_load_crl_from_mft()

[Theo Buehler]

> Why did you rename *crl to *res? For me res is normally more like an
> integer result. I would prefer if you keep that as crl.
> 
> Still OK claudio@

I would prefer to keep the refactor/cleanup separate from the behavior
change. This change is incomplete and not easy to follow. For example,
there's no point in passing down location to proc_parser_mft_pre()
anymore.

Re: rpki-client: refactor parse_load_crl_from_mft()

[Claudio Jeker]

On Sun, Feb 19, 2023 at 10:36:28AM +, Job Snijders wrote:
> Hi,
> 
> I wasn't entirely happy about how parse_load_crl_from_mft() behaved and
> refactored the function.
> 
> The good: if the MFT at hand was located in DIR_TEMP and no matching CRL
> could be found in DIR_TEMP, it would additionally attempt to find a CRL
> in DIR_VALID.
> The bad: if the MFT at hand was located in DIR_VALID, no attempt would
> be made to search for a matching CRL in DIR_TEMP; resulting in less
> opportunity to potentially salvage a broken situation at a future point
> in time with the help of locally cached artefacts.
> 
> If the following 5 commands are run (before and after applying the below
> changeset), one can observe that with this diff rpki-client's behaviour
> becomes more idempotent.
> 
>   rm -rf /var/cache/rpki-client/{*,.rrdp,.rsync}
> 
>   rpki-client -t /etc/rpki/lacnic.tal 2>&1 | fgrep 
> 6QvnUnEXe5JTf7VhQHnUFRwdzeEpbF4rt3b5PLrvdeyy
> 
>   ls -lahtr 
> /var/cache/rpki-client/{.rsync,.,.rrdp/*}/rpki-repo.registro.br/repo/6QvnUnEXe5JTf7VhQHnUFRwdzeEpbF4rt3b5PLrvdeyy/0/
> 
>   rpki-client -t /etc/rpki/lacnic.tal 2>&1 | fgrep 
> 6QvnUnEXe5JTf7VhQHnUFRwdzeEpbF4rt3b5PLrvdeyy
> 
>   ls -lahtr 
> /var/cache/rpki-client/{.rsync,.,.rrdp/*}/rpki-repo.registro.br/repo/6QvnUnEXe5JTf7VhQHnUFRwdzeEpbF4rt3b5PLrvdeyy/0/
> 
> With the diff applied, the second invocation of rpki-client won't delete
> CDD9973303E25E7554D25F5703FB347389D59326.crl & friends from DIR_TEMP;
> without this diff, we lose sight of some files. Losing the files hampers
> our ability to (re)construct the publication point if a future RRDP
> delta publish the correct ROAs (because by then we'd be missing the
> CRL).
> 
> Since SHA256 hashes are used to confirm the correct object is loaded, it
> doesn't matter whether the CRL comes from DIR_VALID, DIR_TEMP, USB
> stick, or pigeon carrier.
> 
> OK?

Fine with this change. As we discussed offlist this is the right approach
since the hash will protect us from loding a CRL that does not match with
the MFT.
 
One minor complaint below.

> Index: parser.c
> ===
> RCS file: /cvs/src/usr.sbin/rpki-client/parser.c,v
> retrieving revision 1.82
> diff -u -p -r1.82 parser.c
> --- parser.c  6 Jan 2023 16:06:43 -   1.82
> +++ parser.c  19 Feb 2023 10:17:09 -
> @@ -210,43 +210,47 @@ proc_parser_mft_check(const char *fn, st
>  }
>  
>  /*
> - * Load the correct CRL using the info from the MFT.
> + * Load the correct CRL using the SHA256 info from the MFT.
> + * Returns NULL if no valid matching CRL was found in either the staging area
> + * or the validated cache area.
>   */
>  static struct crl *
> -parse_load_crl_from_mft(struct entity *entp, struct mft *mft, enum location 
> loc)
> +parse_load_crl_from_mft(struct entity *entp, struct mft *mft)
>  {
> - struct crl  *crl = NULL;
> - unsigned char   *f = NULL;
> - char*fn = NULL;
> - size_t   flen;
> + char*fn = NULL;
> + unsigned char   *f = NULL;
> + struct crl  *res = NULL;

Why did you rename *crl to *res? For me res is normally more like an
integer result. I would prefer if you keep that as crl.

Still OK claudio@

> + const enum location  loc[2] = { DIR_TEMP, DIR_VALID };
> + size_t   flen;
> + int  i;
>  
> - while (1) {
> - fn = parse_filepath(entp->repoid, entp->path, mft->crl, loc);
> + for (i = 0; i < 2; i++) {
> + fn = parse_filepath(entp->repoid, entp->path, mft->crl, loc[i]);
>   if (fn == NULL)
> - goto next;
> + continue;
>  
>   f = load_file(fn, );
>   if (f == NULL && errno != ENOENT)
>   warn("parse file %s", fn);
> - if (f == NULL)
> - goto next;
> - if (!valid_hash(f, flen, mft->crlhash, sizeof(mft->crlhash)))
> - goto next;
> - crl = crl_parse(fn, f, flen);
> + if (f == NULL) {
> + free(fn);
> + continue;
> + }
> +
> + if (valid_hash(f, flen, mft->crlhash, sizeof(mft->crlhash))) {
> + res = crl_parse(fn, f, flen);
> + break;
> + }
>  
> -next:
>   free(f);
>   free(fn);
>   f = NULL;
>   fn = NULL;
> -
> - if (crl != NULL)
> - return crl;
> - if (loc == DIR_TEMP)
> - loc = DIR_VALID;
> - else
> - return NULL;
>   }
> +
> + free(f);
> + free(fn);
> + return res;
>  }
>  
>  /*
> @@ -268,7 +272,7 @@ proc_parser_mft_pre(char *file, const un
>   *errstr = NULL;
>   if ((mft = mft_parse(, file, der, len)) == NULL)
>  

Re: rpki-client: disallow trailing garbage in signed objects

[Claudio Jeker]

On Tue, Feb 21, 2023 at 03:07:00AM +0100, Theo Buehler wrote:
> By design of d2i, it's the caller's responsibility to check a DER object
> has been fully consumed. We read files from the disk, check hashes,
> parse and validate the DER we encounter, but we do not make sure that
> nothing follows the DER blob we parsed.
> 
> As Job noticed, it is possible to append data to a CRL and still have a
> manifest display "Validation: OK" in file mode. This is partly possible
> due to the fact that filemode has a rather lax notion of validity (since
> it is an inspection tool), but also due to these missing checks.
> 
> The diff below checks for !=. Barring bugs in ASN1_item_d2i() (unheard
> of!), only the < case should be possible, but it seems better to allow
> for > as well. I guess we could assert <=.

OK claudio@
 
> Index: cert.c
> ===
> RCS file: /cvs/src/usr.sbin/rpki-client/cert.c,v
> retrieving revision 1.101
> diff -u -p -r1.101 cert.c
> --- cert.c30 Nov 2022 09:12:34 -  1.101
> +++ cert.c21 Feb 2023 01:48:00 -
> @@ -641,13 +641,14 @@ cert_parse_ee_cert(const char *fn, X509 
>  struct cert *
>  cert_parse_pre(const char *fn, const unsigned char *der, size_t len)
>  {
> - int  extsz;
> - int  sia_present = 0;
> - size_t   i;
> - X509*x = NULL;
> - X509_EXTENSION  *ext = NULL;
> - ASN1_OBJECT *obj;
> - struct parse p;
> + const unsigned char *oder;
> + int  extsz;
> + int  sia_present = 0;
> + size_t   i;
> + X509*x = NULL;
> + X509_EXTENSION  *ext = NULL;
> + ASN1_OBJECT *obj;
> + struct parse p;
>  
>   /* just fail for empty buffers, the warning was printed elsewhere */
>   if (der == NULL)
> @@ -658,8 +659,13 @@ cert_parse_pre(const char *fn, const uns
>   if ((p.res = calloc(1, sizeof(struct cert))) == NULL)
>   err(1, NULL);
>  
> + oder = der;
>   if ((x = d2i_X509(NULL, , len)) == NULL) {
>   cryptowarnx("%s: d2i_X509", p.fn);
> + goto out;
> + }
> + if (der != oder + len) {
> + warnx("%s: %td bytes trailing garbage", fn, oder + len - der);
>   goto out;
>   }
>  
> Index: cms.c
> ===
> RCS file: /cvs/src/usr.sbin/rpki-client/cms.c,v
> retrieving revision 1.26
> diff -u -p -r1.26 cms.c
> --- cms.c 28 Dec 2022 21:30:18 -  1.26
> +++ cms.c 21 Feb 2023 01:45:37 -
> @@ -64,9 +64,10 @@ cms_extract_econtent(const char *fn, CMS
>  
>  static int
>  cms_parse_validate_internal(X509 **xp, const char *fn, const unsigned char 
> *der,
> -size_t derlen, const ASN1_OBJECT *oid, BIO *bio, unsigned char **res,
> +size_t len, const ASN1_OBJECT *oid, BIO *bio, unsigned char **res,
>  size_t *rsz)
>  {
> + const unsigned char *oder;
>   char buf[128], obuf[128];
>   const ASN1_OBJECT   *obj, *octype;
>   ASN1_OCTET_STRING   *kid = NULL;
> @@ -89,8 +90,13 @@ cms_parse_validate_internal(X509 **xp, c
>   if (der == NULL)
>   return 0;
>  
> - if ((cms = d2i_CMS_ContentInfo(NULL, , derlen)) == NULL) {
> + oder = der;
> + if ((cms = d2i_CMS_ContentInfo(NULL, , len)) == NULL) {
>   cryptowarnx("%s: RFC 6488: failed CMS parse", fn);
> + goto out;
> + }
> + if (der != oder + len) {
> + warnx("%s: %td bytes trailing garbage", fn, oder + len - der);
>   goto out;
>   }
>  
> Index: crl.c
> ===
> RCS file: /cvs/src/usr.sbin/rpki-client/crl.c,v
> retrieving revision 1.21
> diff -u -p -r1.21 crl.c
> --- crl.c 30 Nov 2022 09:03:44 -  1.21
> +++ crl.c 21 Feb 2023 01:47:31 -
> @@ -25,9 +25,10 @@
>  struct crl *
>  crl_parse(const char *fn, const unsigned char *der, size_t len)
>  {
> - struct crl  *crl;
> - const ASN1_TIME *at;
> - int  rc = 0;
> + const unsigned char *oder;
> + struct crl  *crl;
> + const ASN1_TIME *at;
> + int  rc = 0;
>  
>   /* just fail for empty buffers, the warning was printed elsewhere */
>   if (der == NULL)
> @@ -36,8 +37,13 @@ crl_parse(const char *fn, const unsigned
>   if ((crl = calloc(1, sizeof(*crl))) == NULL)
>   err(1, NULL);
>  
> + oder = der;
>   if ((crl->x509_crl = d2i_X509_CRL(NULL, , len)) == NULL) {
>   cryptowarnx("%s: d2i_X509_CRL", fn);
> + goto out;
> + }
> + if (der != oder + len) {
> + warnx("%s: %td bytes trailing garbage", fn, oder + len - der);
>   goto out;
>   }
>  
> 

Re: Enable Apollo Lake audio

[Jonathan Gray]

On Mon, Feb 20, 2023 at 09:17:51PM +, Brian Callahan wrote:
> Hello tech --
> 
> I recently found a ~5 year old laptop sitting in storage. It is
> an Apollo Lake machine. I think I put it in storage because it
> did not have working audio. I tried a -current kernel from today
> and found that it still did not have audio. The audio device
> does not attach.
> 
> There is a one-line fix to enable audio. With this, the audio
> device attaches and the laptop is playing audio just fine.
> 
> OK?

ok jsg@

> 
> ~Brian
> 
> Index: dev/pci/azalia.c
> ===
> RCS file: /cvs/src/sys/dev/pci/azalia.c,v
> retrieving revision 1.282
> diff -u -p -r1.282 azalia.c
> --- dev/pci/azalia.c  5 Feb 2023 02:26:02 -   1.282
> +++ dev/pci/azalia.c  20 Feb 2023 20:53:35 -
> @@ -492,6 +492,7 @@ const struct pci_matchid azalia_pci_devi
>   { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_500SERIES_HDA },
>   { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_500SERIES_LP_HDA },
>   { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_600SERIES_LP_HDA },
> + { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_APOLLOLAKE_HDA },
>   { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_GLK_HDA },
>   { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_JSL_HDA },
>   { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_EHL_HDA },
> 
> 

Re: rpki-client: disallow trailing garbage in signed objects

[Theo Buehler]

On Tue, Feb 21, 2023 at 02:51:09AM +, Job Snijders wrote:
> ps. If there are 'bytes trailing garbage' on an *.mft discovered in the
> DIR_VALID storage area, would a more pristine version of the MFT in
> DIR_TEMP be ignored?

Yes. The whole point of the complicated dance in proc_parser_mft() is to
try to fish a valid mft out of either DIR_VALID or DIR_TEMP.