Re: CVS: cvs.openbsd.org: src
On Thu, Jun 01, 2023 at 12:57:54PM -0600, Klemens Nanni wrote: > CVSROOT: /cvs > Module name: src > Changes by: k...@cvs.openbsd.org2023/06/01 12:57:54 > > Modified files: > sys/net: if_wg.c if_wg.h > sbin/ifconfig : ifconfig.8 ifconfig.c > > Log message: > Add support for wireguard peer descriptions > > "wgdescr[iption] foo" to label one peer (amongst many) on a wg(4) interface, > "-wgdescr[iption]" or "wgdescr ''" to remove the label, completely analogous > to existing interface discriptions. > > Idea/initial diff from Mikolaj Kucharski (OK sthen) > Tests/prodded by Hrvoje Popovski > Tweaks/manual bits from me > Feedback deraadt sthen mvs claudio > OK claudio > I would like to point out, that initial version was written by Noah Meier https://marc.info/?l=openbsd-tech&m=163478285129091&w=2 -- Regards, Mikolaj
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: k...@cvs.openbsd.org2023/06/01 18:10:25 Modified files: sys/arch/sparc64/stand/ofwboot: elf64_exec.c Log message: Missed a trailing space.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: k...@cvs.openbsd.org2023/06/01 12:57:54 Modified files: sys/net: if_wg.c if_wg.h sbin/ifconfig : ifconfig.8 ifconfig.c Log message: Add support for wireguard peer descriptions "wgdescr[iption] foo" to label one peer (amongst many) on a wg(4) interface, "-wgdescr[iption]" or "wgdescr ''" to remove the label, completely analogous to existing interface discriptions. Idea/initial diff from Mikolaj Kucharski (OK sthen) Tests/prodded by Hrvoje Popovski Tweaks/manual bits from me Feedback deraadt sthen mvs claudio OK claudio
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: k...@cvs.openbsd.org2023/06/01 11:24:56 Modified files: sys/arch/sparc64/stand/ofwboot: Locore.c boot.c disk.h diskprobe.c elf64_exec.c md5.h net.c netif_of.c ofdev.c softraid_sparc64.c Log message: Expunge a bunch of eye searing trailing whitespace.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: clau...@cvs.openbsd.org 2023/06/01 04:21:26 Modified files: sys/dev/pci/drm: drm_linux.c sys/kern : kern_synch.c sys/sys: proc.h Log message: Change wakeup_proc() to no longer grab the SCHED_LOCK() instead it must be called with SCHED_LOCK() held. Also add an extra argument to update the process flags p_flag so that the timeout handler can set the P_TIMEOUT flag before making the process runnable. OK mpi@
Re: CVS: cvs.openbsd.org: src
On 2023/06/01 03:47, Claudio Jeker wrote: > CVSROOT: /cvs > Module name: src > Changes by: clau...@cvs.openbsd.org 2023/06/01 03:47:35 > > Modified files: > usr.sbin/bgpd : kroute.c > > Log message: > Check the F_NEXTHOP flag on the right kroute6 object. > > On multipath routes the check ended up checking the wrong route for the > nexthop update. This resulted in a use-after-free in kroute_detach_nexthop(). > This only affects IPv6 in the IPv4 code path the right object was already > used. > > Thanks to sthen@ for providing the debug information to track this down. > OK sthen@ tb@ > I think this is one where we can definitely say "found the hard way", thank you Claudio for staring at the code..
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: clau...@cvs.openbsd.org 2023/06/01 03:47:35 Modified files: usr.sbin/bgpd : kroute.c Log message: Check the F_NEXTHOP flag on the right kroute6 object. On multipath routes the check ended up checking the wrong route for the nexthop update. This resulted in a use-after-free in kroute_detach_nexthop(). This only affects IPv6 in the IPv4 code path the right object was already used. Thanks to sthen@ for providing the debug information to track this down. OK sthen@ tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/06/01 03:46:00 Modified files: regress/usr.bin/openssl: Makefile Log message: Remove the speed test again It takes too much time and we now know that all covered ciphers can cope with unaligned input and output on all tested architectures.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2023/06/01 03:05:33 Modified files: sys/dev/pci: if_ix.c sys/netinet6 : ip6_forward.c Log message: Enable forwarding of ix(4) LRO Pakets via TSO Also fix ip6_forwarding of TSO packets with tcp_if_output_tso(). With a lot of testing from Hrvoje Popovski and a lot of tweaks from bluhm@ ok bluhm@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/06/01 01:32:25 Modified files: lib/libtls : tls_verify.c Log message: Rework tls_check_subject_altname() error handling Default to having rv = -1 and explicitly goto done to set rv = 0. This matches other code better. ok jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/06/01 01:29:15 Modified files: lib/libtls : tls_verify.c Log message: Check for X509_get_ext_d2i() failure X509_get_ext_d2i() (or rather X509V3_get_d2i()) can return NULL for various reasons. If it fails because the extension wasn't found, it sets *crit = -1. In any other case, e.g., the cert is bad or we ran out of memory in X509V3_EXT_d2i(), crit is set to something else, so we should actually error. ok jsing