CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2022/01/07 00:34:34 Modified files: usr.sbin/radiusctl: chap_ms.c Log message: Sync EVP_MD_CTX to heap switch from npppd. ok millert
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2022/01/07 00:33:35 Modified files: usr.sbin/npppd/npppd: chap_ms.c Log message: npppd: convert to EVP_MD_CTX on heap In the upcoming libcrypto bump, EVP_MD_CTX will become opaque, so all EVP_MD_CTX variables will need to be moved from the stack to the heap. This is a mechanical conversion which also switches from EVP_Digest{Init,Final}() to their _ex() versions as suggested by millert. We cannot do error checking since this code is structured in several layers of void functions. This will have to be fixed by someone else. ok millert
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: d...@cvs.openbsd.org2022/01/06 20:07:49 Modified files: openssh: agent-restrict.html Log message: typos; from Ãngel
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: d...@cvs.openbsd.org2022/01/06 19:58:01 Modified files: openssh: agent-restrict.html Log message: clarify
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: guent...@cvs.openbsd.org2022/01/06 19:47:07 Modified files: sys/sys: hibernate.h sys/kern : subr_hibernate.c Log message: hibernate_clear_signature() is only used by hibernate_resume(), so pass in the already read hibernate_info instead of reading it again. ok deraadt@
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: d...@cvs.openbsd.org2022/01/06 19:33:42 Modified files: openssh: agent-restrict.html Log message: mention proxyjump
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: guent...@cvs.openbsd.org2022/01/06 19:26:53 Modified files: sys/kern : subr_hibernate.c Log message: Extract the slice from the zeroth swap device instead of assuming it's the 'b' slice and (sanity) check against the partition count. Also, make the "is union hibernate_info too large?" a compile time check. ok deraadt@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: afre...@cvs.openbsd.org 2022/01/06 19:25:40 Modified files: usr.sbin/fw_update: fw_update.sh Log message: whitespace
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2022/01/06 18:16:27 Modified files: etc/etc.amd64 : MAKEDEV etc/etc.arm64 : MAKEDEV etc/etc.i386 : MAKEDEV etc/etc.loongson: MAKEDEV etc/etc.macppc : MAKEDEV etc/etc.powerpc64: MAKEDEV etc/etc.sparc64: MAKEDEV share/man/man8/man8.amd64: MAKEDEV.8 share/man/man8/man8.arm64: MAKEDEV.8 share/man/man8/man8.i386: MAKEDEV.8 share/man/man8/man8.loongson: MAKEDEV.8 share/man/man8/man8.macppc: MAKEDEV.8 share/man/man8/man8.powerpc64: MAKEDEV.8 share/man/man8/man8.sparc64: MAKEDEV.8 Log message: regen
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2022/01/06 18:13:15 Modified files: etc: MAKEDEV.common etc/etc.amd64 : MAKEDEV.md etc/etc.arm64 : MAKEDEV.md etc/etc.i386 : MAKEDEV.md etc/etc.loongson: MAKEDEV.md etc/etc.macppc : MAKEDEV.md etc/etc.powerpc64: MAKEDEV.md etc/etc.sparc64: MAKEDEV.md Log message: stop creating old drm device nodes
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2022/01/06 17:44:17 Modified files: share/man/man4 : drm.4 Log message: mention radeondrm on riscv64
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2022/01/06 16:44:21 Modified files: etc/etc.amd64 : fbtab etc/etc.arm64 : fbtab etc/etc.i386 : fbtab etc/etc.loongson: fbtab etc/etc.macppc : fbtab etc/etc.sparc64: fbtab Log message: stop chowning old drm device nodes
CVS: cvs.openbsd.org: xenocara
CVSROOT:/cvs Module name:xenocara Changes by: j...@cvs.openbsd.org2022/01/06 16:35:41 Modified files: app/xenodm/config: GiveConsole.in TakeConsole.in Log message: stop chowning old drm device nodes
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2022/01/06 15:14:25 Modified files: regress/usr.bin/ssh: test-exec.sh Log message: Don't explicitly set HostbasedAuthentication in sshd_config. It defaults to "no", and not explicitly setting it allows us to enable it for the (optional) hostbased test.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2022/01/06 15:06:51 Modified files: usr.bin/ssh: sshconnect2.c Log message: allow hostbased auth to select RSA keys when only RSA/SHA2 are configured (this is the default case); ok markus@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2022/01/06 15:05:42 Modified files: usr.bin/ssh: sshkey.c sshkey.h Log message: add a helper function to match a key type to a list of signature algorithms. RSA keys can make signatures with multiple algorithms, so some special handling is required. ok markus@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2022/01/06 15:04:20 Modified files: usr.bin/ssh: ssh.c Log message: log some details on hostkeys that ssh loads for hostbased authn ok markus@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2022/01/06 15:03:59 Modified files: usr.bin/ssh: monitor.c Log message: log signature algorithm during verification by monitor; ok markus
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2022/01/06 15:02:52 Modified files: usr.bin/ssh: hostfile.c Log message: piece of UpdateHostkeys client strictification: when updating known_hosts with new keys, ignore NULL keys (forgot to include in prior commit)
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2022/01/06 15:01:14 Modified files: usr.bin/ssh: auth2-hostbased.c Log message: include rejected signature algorithm in error message and not the (useless) key type; ok markus
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2022/01/06 15:00:18 Modified files: usr.bin/ssh: ssh-keysign.c Log message: make ssh-keysign use the requested signature algorithm and not the default for the keytype. Part of unbreaking hostbased auth for RSA/SHA2 keys. ok markus@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2022/01/06 14:57:28 Modified files: usr.bin/ssh: clientloop.c Log message: stricter UpdateHostkey signature verification logic on the client- side. Require RSA/SHA2 signatures for RSA hostkeys except when RSA/SHA1 was explicitly negotiated during initial KEX; bz3375 ok markus@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2022/01/06 14:55:23 Modified files: usr.bin/ssh: kex.c kex.h serverloop.c Log message: Fix signature algorithm selection logic for UpdateHostkeys on the server side. The previous code tried to prefer RSA/SHA2 for hostkey proofs of RSA keys, but missed some cases. This will use RSA/SHA2 signatures for RSA keys if the client proposed these algorithms in initial KEX. bz3375 Mostly by Dmitry Belyavskiy with some tweaks by me. ok markus@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2022/01/06 14:48:38 Modified files: usr.bin/ssh: channels.c channels.h clientloop.c serverloop.c Log message: convert ssh, sshd mainloops from select() to poll(); feedback & ok deraadt@ and markus@ has been in snaps for a few months
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2022/01/06 14:46:56 Modified files: regress/usr.bin/ssh: Makefile Added files: regress/usr.bin/ssh: hostbased.sh Log message: Add test for hostbased auth. It requires some external setup (see comments at the top) and thus is disabled unless TEST_SSH_HOSTBASED_AUTH and SUDO are set.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2022/01/06 14:46:23 Modified files: usr.bin/ssh: channels.c channels.h Log message: prepare for conversion of ssh, sshd mainloop from select() to poll() by moving FD_SET construction out of channel handlers into separate functions. ok markus
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dera...@cvs.openbsd.org 2022/01/06 13:15:54 Modified files: usr.sbin/fw_update: fw_update.sh Log message: repair usage
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: afre...@cvs.openbsd.org 2022/01/06 12:27:01 Modified files: usr.sbin/fw_update: fw_update.8 fw_update.sh Log message: Switch fw_update -D to instead -F The perl version of fw_update used -D for something else and although the mneumonic isn't as good, the conflict was worse. Requested by deraadt@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2022/01/06 11:58:24 Modified files: lib/libc/stdlib: getopt_long.3 Log message: refer to longindex as an argument, not a field; from uwe@netbsd -r1.22 ok millert
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2022/01/06 11:27:32 Modified files: regress/lib/libssl/tlsext: tlsexttest.c Log message: Revise for change to tls_key_share_peer_public()
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2022/01/06 11:23:56 Modified files: lib/libssl : s3_lib.c ssl_cert.c ssl_clnt.c ssl_locl.h ssl_tlsext.c tls_internal.h tls_key_share.c Log message: Convert legacy TLS client to tls_key_share. This requires adding DHE support to tls_key_share. In doing so, tls_key_share_peer_public() has to lose the group argument and gains an invalid_key argument. The one place that actually needs the group check is tlsext_keyshare_client_parse(), so add code to do this. ok inoguchi@ tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2022/01/06 11:18:13 Modified files: lib/libssl : tls13_record_layer.c Log message: Allocate and free the EVP_AEAD_CTX struct in tls13_record_protection. This brings the code more in line with the tls12_record_layer and reduces the effort needed to make EVP_AEAD_CTX opaque. Prompted by and ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: clau...@cvs.openbsd.org 2022/01/06 09:06:30 Modified files: usr.sbin/rpki-client: main.c mft.c Log message: Cleanup mft file handling, especially the stale mft bits. Move staleness check up into mft_parse_econtent() to simplify code. Remove the big FIXME bits since they are no longer needed. The parent process will only process MFTs that are not stale. Cleanup a few other bits mainly unneccessary else if cascades and use valid_filename() to check if the filename embedded in the mft fileandhash is sensible. OK tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dera...@cvs.openbsd.org 2022/01/06 08:41:53 Modified files: sys/arch/octeon/include: pci_machdep.h Log message: Use a 64-bit integer for pcitag_t and define PCITAG_NODE and PCITAG_OFFSET macros to make kernel build again, same diff as armv7. ok kettenis visa
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2022/01/06 08:21:33 Modified files: regress/lib/libcrypto/asn1: asn1basic.c Log message: Add regress tests for ASN1_BIT_STRING.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2022/01/06 07:55:52 Modified files: regress/lib/libcrypto/x509/rfc3779: Makefile rfc3779.c Log message: Add a comment that explains why build_addr_block_tests isn't const
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2022/01/06 07:34:40 Modified files: lib/libcrypto/ct: ct_vfy.c Log message: Convert SCT verification to CBB. ok inoguchi@ tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2022/01/06 07:32:55 Modified files: lib/libcrypto/bytestring: bs_cbb.c bytestring.h Log message: Sync from libssl.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2022/01/06 07:31:03 Modified files: regress/lib/libssl/bytestring: bytestringtest.c Log message: Test CBB_add_u64()
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2022/01/06 07:30:30 Modified files: lib/libssl : bytestring.h bs_cbb.c Log message: Provide CBB_add_u64() Prompted by and ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2022/01/06 07:08:15 Modified files: lib/libcrypto/x509: x509_addr.c Log message: minor tweaks, no code change Adjust a comment to reality, zap a stray empty line and fix whitespace before comment after #endif
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2022/01/06 06:36:56 Modified files: regress/lib/libssl/openssl-ruby: Makefile Log message: With openssl-ruby-tests 20220105, test_post_connection_check_wildcard_san is now an unexpected pass, so remove it from the expected failures.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: an...@cvs.openbsd.org 2022/01/06 06:18:36 Modified files: usr.sbin/fw_update: Makefile Log message: Make it possible to compile the patterns utility with the source tree checked out anywhere. While here, tidy up the Makefile a bit. ok deraadt@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: inogu...@cvs.openbsd.org2022/01/06 05:54:51 Modified files: usr.bin/openssl: cms.c Log message: Free memory before assign to avoid leak CID 313263 313301 313322
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: inogu...@cvs.openbsd.org2022/01/06 04:46:05 Modified files: usr.bin/openssl: cms.c Log message: Free memory if error occurred
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: inogu...@cvs.openbsd.org2022/01/06 04:37:29 Modified files: usr.bin/openssl: cms.c Log message: Remove NULL check before free
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2022/01/06 02:46:05 Modified files: regress/lib/libcrypto/x509/rfc3779: rfc3779.c Log message: Fix a copy-paste error that led to an out-of-bounds access. Found via a crash on bluhm's i386 regress test box
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: kette...@cvs.openbsd.org2022/01/06 01:46:50 Modified files: sys/arch/arm/include: pci_machdep.h Log message: Use a 64-bit integer for pcitag_t and define PCITAG_NODE and PCITAG_OFFSET macros to make armv7 build again. ok deraadt@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: n...@cvs.openbsd.org2022/01/06 01:20:00 Modified files: usr.bin/tmux : resize.c Log message: Ignore windows without a size set (may be used for pane only), from Anindya Mukherjee.