CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2022/06/28 00:09:14 Modified files: usr.bin/ssh: sftp.c Log message: reflect the update to -D arg name in usage();
Re: CVS: cvs.openbsd.org: src
For bgplg in www chroot, I think -- Sent from a phone, apologies for poor formatting. On 28 June 2022 07:50:06 Theo Buehler wrote: On Tue, Jun 28, 2022 at 06:45:30AM +0200, Anton Lindqvist wrote: On Mon, Jun 27, 2022 at 07:27:39AM -0600, Claudio Jeker wrote: > CVSROOT: /cvs > Module name: src > Changes by:clau...@cvs.openbsd.org 2022/06/27 07:27:38 > > Modified files: >usr.sbin/bgpctl: bgpctl.c output.c output_json.c > > Log message: > bgpctl bits for RFC 9234 support. > OK tb@ This broke the tree over here, looks like the log_policy() implementation is missing. Fixed, thanks. cc -static -pie -o bgpctl bgpctl.o output.o output_json.o parser.o mrtparser.o util.o json.o -lutil -lm Why does this link statically?
Re: CVS: cvs.openbsd.org: src
On Tue, Jun 28, 2022 at 06:45:30AM +0200, Anton Lindqvist wrote: > On Mon, Jun 27, 2022 at 07:27:39AM -0600, Claudio Jeker wrote: > > CVSROOT:/cvs > > Module name:src > > Changes by: clau...@cvs.openbsd.org 2022/06/27 07:27:38 > > > > Modified files: > > usr.sbin/bgpctl: bgpctl.c output.c output_json.c > > > > Log message: > > bgpctl bits for RFC 9234 support. > > OK tb@ > > This broke the tree over here, looks like the log_policy() > implementation is missing. Fixed, thanks. > cc -static -pie -o bgpctl bgpctl.o output.o output_json.o parser.o > mrtparser.o util.o json.o -lutil -lm Why does this link statically?
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2022/06/27 23:49:05 Modified files: usr.sbin/bgpd : util.c Log message: Unbreak tree: add log_policy() implementation missing from previous commit.
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: j...@cvs.openbsd.org2022/06/27 22:53:03 Modified files: . : 71.html faq: current.html openssh: specs.html Log message: spelling
Re: CVS: cvs.openbsd.org: src
On Mon, Jun 27, 2022 at 07:27:39AM -0600, Claudio Jeker wrote: > CVSROOT: /cvs > Module name: src > Changes by: clau...@cvs.openbsd.org 2022/06/27 07:27:38 > > Modified files: > usr.sbin/bgpctl: bgpctl.c output.c output_json.c > > Log message: > bgpctl bits for RFC 9234 support. > OK tb@ This broke the tree over here, looks like the log_policy() implementation is missing. cc -static -pie -o bgpctl bgpctl.o output.o output_json.o parser.o mrtparser.o util.o json.o -lutil -lm ld: error: undefined symbol: log_policy >>> referenced by output.c >>> output.o:(show_neighbor) >>> referenced by output.c >>> output.o:(show_neighbor) >>> referenced by output.c >>> output.o:(show_neighbor) >>> referenced 2 more times cc: error: linker command failed with exit code 1 (use -v to see invocation) *** Error 1 in usr.bin/bgplg/bgpctl (:126 'bgpctl') *** Error 2 in usr.bin/bgplg (:48 'all') *** Error 2 in usr.bin (:48 'all') *** Error 2 in . (:48 'all') *** Error 2 in . (Makefile:97 'do-build') *** Error 2 in /home/src2 (Makefile:74 'build') robsd-exec: process group exited 2
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2022/06/27 22:36:30 Modified files: usr.sbin/bgpd : bgpd.conf.5 usr.bin/mandoc : mandoc.1 gnu/usr.sbin/mkhybrid/src: mkhybrid.8tbl Log message: spelling
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2022/06/27 19:40:29 Modified files: usr.sbin/rpki-client: rpki-client.8 Log message: Remove superfluous 'any'
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2022/06/27 19:12:44 Modified files: usr.bin/mg : tutorial Log message: transistion -> transition
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2022/06/27 18:26:21 Modified files: gnu/usr.sbin/mkhybrid/src: mkhybrid.8tbl Log message: Entensions -> Extensions
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2022/06/27 15:41:55 Modified files: usr.bin/ssh: sftp.1 sftp.c Log message: allow arguments to sftp -D option, e.g. sftp -D "/usr/libexec/sftp-server -el debug3" ok markus@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: clau...@cvs.openbsd.org 2022/06/27 15:26:46 Modified files: sys/net: route.c route.h rtsock.c Log message: Rework the rttimer code. Instead of a global queue and a global timeout use a per rttimer struct timeout. On enqueue the struct rttimer belongs to the timeout, in case the route is removed before the timer fires cleanup based on the timeout_del() return value. If the timeout currently running then just clear the rtt_rt pointer and let the timeout handle the cleanup. This should hopefully fix the icmp_pmtu_timeout crashes reported by some people. OK bluhm@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2022/06/27 14:47:10 Modified files: sys/net: if_ethersubr.c sys/netinet: if_ether.c Log message: Push the kernel lock down into arpresolve(). We still need it to prevent concurrent access to rt_llinfo from rtrequest_delete(). But the common case, when the MAC address is already known, works without lock. tested by Hrvoje Popovski; OK mvs@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: m...@cvs.openbsd.org2022/06/27 14:22:26 Modified files: sys/stand/boot : cmd.c Log message: Revert 1.44; that slow getsecs() workaround had been added for the sake of an i386 system noone remembers details about and which is unlikely to be relevant those days, and has been found to misbehave on some modern systems, such as the OnLogic Helix 500, or RPi4 with glass console.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: m...@cvs.openbsd.org2022/06/27 14:14:51 Modified files: sys/dev/ic : arcofi.c Log message: Fix comment.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2022/06/27 11:15:35 Modified files: sys/net: rtable.c rtsock.c Log message: Fix white space and wrap long lines.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2022/06/27 10:39:34 Modified files: sys/arch/i386/stand/biosboot: biosboot.8 sys/arch/amd64/stand/biosboot: biosboot.8 Log message: zap extraneous .Pp
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2022/06/27 10:27:03 Modified files: sbin/ifconfig : ifconfig.8 Log message: tweak the tso text a little;
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dera...@cvs.openbsd.org 2022/06/27 10:10:09 Modified files: sys/arch/amd64/stand/biosboot: biosboot.8 sys/arch/amd64/stand/mbr: mbr.S sys/arch/i386/stand/biosboot: biosboot.8 sys/arch/i386/stand/mbr: mbr.S Log message: Delete the ancient "hold Shift key to force CHS" code. Noone has needed this in decades. ok sthen krw
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2022/06/27 09:12:14 Modified files: sys/arch/amd64/amd64: vmm.c Log message: vmm: move ept pointer configuration to vcpu_init_vmx No need to be twiddling eptp in vcpu_reset_regs. ok mlarkin@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2022/06/27 09:11:23 Modified files: sbin/ifconfig : ifconfig.8 ifconfig.c sys/dev/pci: if_ix.c if_ix.h sys/net: if.c if.h Log message: Introduce Large Receive Offloading of TCP segment offloading for ix(4). It is disabled by default. Also add a tso option to ifconfig(8) to enable and disable this feature. ok deraadt
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2022/06/27 09:05:34 Modified files: sys/arch/amd64/amd64: vmm.c Log message: vmm: zero virtual addresses of vcpu state pages after freeing Consolidate the km_free calls while at it. ok mlarkin@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2022/06/27 09:03:11 Modified files: lib/libcrypto/x509: x509_constraints.c Log message: Correct misleading comment for URI parsing ok jsing@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: chel...@cvs.openbsd.org 2022/06/27 08:26:06 Modified files: sys/kern : syscalls.master init_sysent.c sys/sys: proc.h syscall.h syscallargs.h sys/uvm: uvm_mmap.c Log message: kbind(2): unlock syscall, push kernel lock down to binding loop - Rearrange the security check code in sys_kbind() so that we only need to take the kernel lock once if we need to raise SIGILL. - Protect process.ps_kbind_addr and process.ps_kbind_cookie with process.ps_mtx. This is easier to do after the aforementioned rearrangement. Under normal circumstances this isn't necessary: the process is single-threaded when we initialize kbind(2). But in stranger situations this brief mutex ensures that the first thread to reach sys_kbind() initializes both variables. - Wrap the binding loop with the kernel lock. We need to carefully confirm that uvm_unmap_remove(), uvm_map_extract(), and uvm_unmap_detach() are MP-safe in a subsequent patch before completely removing the kernel lock from sys_kbind(). - Remove the kernel lock from kbind(2) in syscalls.master. Prompted by mpi@, dlg@, and deraadt@. Current patch workshopped with deraadt@. Based on a patch from dlg@. With input from dlg@, bluhm@, mpi@, kettenis@, deraadt@, and guenther@. Thread: https://marc.info/?l=openbsd-tech&m=165274831829349&w=2 ok deraadt@ kettenis@ mpi@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2022/06/27 08:23:41 Modified files: lib/libcrypto/x509: x509_issuer_cache.c Log message: Add function to free all of the issuer cache. ok jsing@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: v...@cvs.openbsd.org2022/06/27 08:11:44 Modified files: sys/sys: conf.h etc/etc.hppa : MAKEDEV.md Log message: Remove switch(4) leftovers. OK deraadt@ mpi@ claudio@ miod@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2022/06/27 08:10:22 Modified files: lib/libcrypto/x509: x509_internal.h x509_verify.c x509_vfy.c x509_vfy.h Log message: Allow security_level to mestastasize into the verifier The tentacles are everywhere. This checks that all certs in a chain have keys and signature algorithms matching the requirements of the security_level configured in the verify parameters. ok beck jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2022/06/27 08:00:09 Modified files: lib/libcrypto/x509: x509_lcl.h x509_vfy.h x509_vpm.c Log message: Prepare to provide X509_VERIFY_PARAM_set_auth_level() For some unknown reason this needed a different name than security_level, both internally and in the public API. Obviously it is exactly the same garbage. ok beck jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2022/06/27 07:54:58 Modified files: lib/libcrypto/asn1: a_time.c a_time_tm.c asn1.h regress/lib/libcrypto/asn1: asn1time.c Log message: Add new time manipulation funcitons that OpenSSL has exposed that the world seems to be using. Symbols.list changes and exposure to wait for minor bump ok jsing@ jca@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dera...@cvs.openbsd.org 2022/06/27 07:48:38 Modified files: distrib/miniroot: install.sub Log message: install script no longer creates a dhclient.conf under any circumstances, so we do not need to copy it to the new system.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: v...@cvs.openbsd.org2022/06/27 07:39:58 Modified files: sys/nfs: nfs_node.c Log message: Fix lock order reversal in nfs_inactive() Make the silly file removal happen after the vnode has been unlocked. This avoids a file-directory reversal in the vnode locking order. OK jca@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: v...@cvs.openbsd.org2022/06/27 07:35:21 Modified files: sys/kern : kern_event.c sys/sys: eventvar.h Log message: kqueue: Clear task when closing kqueue When closing a kqueue, block until any pending wakeup task has finished. Otherwise, if a pending task progressed slowly, the kqueue could stay alive longer than the associated file descriptor table, causing a use-after-free in KQRELE(). This also fixes a failed assertion "p->p_kq->kq_refcnt.r_refs == 1" in kqpoll_exit(). The use-after-free bug had existed since the introduction of kqueue_task() (the bug could occur if fdplock() blocked in KQRELE()). However, the issue became worse when the task was allowed to run without the kernel lock in sys/kern/kern_event.c r1.187. Prompted by a report from Mikhail on bugs@. OK mpi@ Reported-by: syzbot+fca7e4fa773c90886...@syzkaller.appspotmail.com
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: clau...@cvs.openbsd.org 2022/06/27 07:26:51 Modified files: usr.sbin/bgpd : bgpd.h parse.y printconf.c rde.c rde.h rde_peer.c rde_update.c session.c session.h Log message: Add support for RFC 9234 - Route Leak Prevention and Detection Using Roles With this it is possible to send a role in the OPEN message and if that was successful the RDE will add the new OTC attribute if necessary. OK tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: clau...@cvs.openbsd.org 2022/06/27 07:29:40 Modified files: regress/usr.sbin/bgpd/integrationtests: Makefile Added files: regress/usr.sbin/bgpd/integrationtests: bgpd.op.client.conf bgpd.op.master.conf policy.sh Log message: Regress test for the open policy role capability. Make sure it properly fails when enforced or there is a missmatch and that the session is accepeted if the roles match.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: clau...@cvs.openbsd.org 2022/06/27 07:27:38 Modified files: usr.sbin/bgpctl: bgpctl.c output.c output_json.c Log message: bgpctl bits for RFC 9234 support. OK tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2022/06/27 07:14:49 Modified files: sys/dev/usb: ucom.c Log message: Remember the error of ucomreadcb() for the next ucomread() call and returns an EIO. Thus the userland notices the error and closes the device. We forget the error on reopen and the device works again. Ok mbuhl
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: an...@cvs.openbsd.org 2022/06/27 07:04:25 Modified files: faq: current.html Log message: mention required pluart(4) baud rate correction
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: an...@cvs.openbsd.org 2022/06/27 07:03:32 Modified files: sys/dev/fdt: pluart_fdt.c sys/dev/ic : pluart.c pluartvar.h Log message: Allow the pluart(4) baud rate to be changed. It's most likely that users have the wrong baud rate in /etc/ttys as this was corrected in revision 1.11 of sys/dev/ic/pluart.c. Make sure to change the console baud rate from 38400 to 115200 in /etc/ttys before upgrading. ok visa@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2022/06/27 06:47:07 Modified files: sys/netinet: if_ether.c Log message: Instead of calling getuptime() all the time in ARP code, do it only once per function. This gives a more consistent time value. OK claudio@ miod@ mvs@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2022/06/27 06:36:06 Modified files: lib/libcrypto/asn1: ameth_lib.c asn1_locl.h lib/libcrypto/dh: dh_ameth.c lib/libcrypto/dsa: dsa_ameth.c lib/libcrypto/ec: ec_ameth.c lib/libcrypto/evp: evp.h p_lib.c lib/libcrypto/rsa: rsa_ameth.c Log message: Prepare to provide EVP_PKEY_security_bits() This also provides a pkey_security_bits member to the PKEY ASN.1 methods and a corresponding setter EVP_PKEY_asn1_set_security_bits(). ok beck jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2022/06/27 06:31:38 Modified files: lib/libcrypto/dh: dh.h dh_lib.c Log message: Prepare to provide DH_security_bits() ok beck jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2022/06/27 06:30:28 Modified files: lib/libcrypto/rsa: rsa.h rsa_lib.c Log message: Prepare to provide RSA_security_bits() ok beck jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2022/06/27 06:28:46 Modified files: lib/libcrypto/dsa: dsa.h dsa_lib.c Log message: Prepare to provide DSA_security_bits() ok beck jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2022/06/27 06:25:49 Modified files: lib/libcrypto/bn: bn.h bn_lib.c Log message: Prepare to provide BN_security_bits() ok beck jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: st...@cvs.openbsd.org 2022/06/27 05:01:41 Modified files: distrib/miniroot: install.sub Log message: Move rc.firsttime additions before some slower jobs run from install.sub. Reduces the risk of post-upgrade steps (sysmerge -b etc) being missed if there was some issue with those jobs e.g. fw_update or reorder_kernel triggering watchdog or an impatient admin to reboot the system. ok florian@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mart...@cvs.openbsd.org 2022/06/27 04:31:17 Modified files: usr.sbin/snmpd : application.c Log message: Mostly rewrite appl_request_upstream_reply. The old code had a potential off by one underflow, which is unlikely to be hit with the current builtin backend, and didn't show the returned varbindlist correct. OK sthen@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mart...@cvs.openbsd.org 2022/06/27 04:25:32 Modified files: usr.sbin/snmpd : application.c Log message: Initialize oidbuf and regionbuf when registering a region in appl_region. This prevents us from spewing garbage on error. regionbuf case pointed out by tb@ OK deraadt@ tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2022/06/27 04:18:27 Modified files: usr.sbin/rpki-client: extern.h main.c rpki-client.8 Log message: Add skiplist option to steer clear of skiplisted hosts Blocking outbound connections towards RPKI publication servers based on IP or IPv6 address in external instrumentation like HTTP proxies or pf(4) rules is somewhat unwieldy. It might be easier for operators if we offer a mechanism that cuts at the CA cert SIA parsing step. OK claudio@ tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2022/06/27 04:02:20 Modified files: sys/dev/pci: if_bnxt.c Log message: Do not run receive and transmit interrupt handlers when the bnxt(4) interface is not running. Prevents a panic triggered by ifconfig bnxt0 down. found by Hrvoje Popovski; OK jmatthew@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: s...@cvs.openbsd.org2022/06/27 03:16:56 Modified files: sys/dev/ic : bwfm.c Log message: Fix bwfm(4) ifconfig media display on devices with sta_info command version 3. ok jsg@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: n...@cvs.openbsd.org2022/06/27 03:16:54 Modified files: usr.bin/tmux : format.c Log message: Tweak previous - find end of style correctly.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: n...@cvs.openbsd.org2022/06/27 03:14:49 Modified files: usr.bin/tmux : format.c Log message: Do not expand single character format aliases inside #[] since they interfere with colours. GitHub issue 3239 from Magnus Gross.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: clau...@cvs.openbsd.org 2022/06/27 02:15:38 Modified files: sys/net: rtsock.c Log message: Don't copy more than sa_len from the sockaddr to the sysctl / rt msg buffer. In the rt msg buffer the size of the full buffer is calculated first then filled out after allocating the mbuf. In the sysctl code this is not needed since the buffer is already provided. OK mvs@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mlar...@cvs.openbsd.org 2022/06/27 02:00:31 Modified files: sys/dev/acpi : amdgpio.c Log message: Whitespace/KNF
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mlar...@cvs.openbsd.org 2022/06/27 01:55:28 Modified files: sys/dev/acpi : amdgpio.c Log message: amdgpio(4): restore pin configuration on resume Save/restore the pin configuration on suspend/resume for amdgpio(4). This fixes missing interrupts after resume for trackpads on some machines, including the ROG Zephyrus 14 and the HP DevOne (and probably others). Code based on pchgpio(4). ok deraadt, kettenis