CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2023/11/13 19:26:17 Modified files: sys/dev/pci: pcidevs.h pcidevs_data.h Log message: regen
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2023/11/13 19:25:48 Modified files: sys/dev/pci: pcidevs sys/dev/pci/drm/amd/amdgpu: amdgpu_devlist.h Log message: add another Navi 32 device id 7470 rev 00 is Radeon Pro W7700 found in AMD Software: PRO Edition for AMD Radeon PRO W7700
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: schwa...@cvs.openbsd.org2023/11/13 13:35:36 Modified files: regress/usr.bin/mandoc/char/N: basic.out_ascii regress/usr.bin/mandoc/char/accent: combine.out_utf8 nocombine.out_ascii nocombine.out_utf8 utf8only.out_utf8 regress/usr.bin/mandoc/char/bar: man.out_ascii regress/usr.bin/mandoc/char/hyphen: man.in man.out_ascii regress/usr.bin/mandoc/char/space: eos-man.out_ascii esct-man.out_ascii invalid.out_ascii leading-man.out_ascii tab-filled.out_ascii tab-man.out_ascii zerowidth.out_ascii zerowidth.out_utf8 regress/usr.bin/mandoc/char/unicode: ascii.out_ascii ascii.out_utf8 input.out_ascii input.out_utf8 latin1.out_ascii latin1.out_utf8 latin1diff.out_ascii latin1diff.out_utf8 man.out_utf8 named.out_ascii named.out_utf8 namediff.out_ascii namediff.out_utf8 nogroff.out_ascii nogroff.out_utf8 regress/usr.bin/mandoc/man/AT: basic.out_ascii regress/usr.bin/mandoc/man/B: args.out_ascii blank.out_ascii nest.out_ascii regress/usr.bin/mandoc/man/BI: emptyargs.out_ascii literal.out_ascii regress/usr.bin/mandoc/man/DT: basic.out_ascii regress/usr.bin/mandoc/man/EX: args.out_ascii nested.out_ascii spacing.out_ascii regress/usr.bin/mandoc/man/HP: break.out_ascii literal.out_ascii macrotag.out_ascii manyargs.out_ascii spacing.out_ascii vert.out_ascii regress/usr.bin/mandoc/man/IP: bullet.out_ascii bullet.out_utf8 empty.out_ascii literal.out_ascii longhead.out_ascii manyargs.out_ascii spacing.out_ascii tag.out_ascii vert.out_ascii width.out_ascii regress/usr.bin/mandoc/man/MT: args.out_ascii noME.out_ascii regress/usr.bin/mandoc/man/OP: args.out_ascii regress/usr.bin/mandoc/man/PD: args.out_ascii nextline.out_ascii spacing.out_ascii regress/usr.bin/mandoc/man/PP: args.out_ascii empty.out_ascii vert.out_ascii regress/usr.bin/mandoc/man/RS: REarg.out_ascii an-margin.out_ascii breaking.out_ascii broken.in broken.out_ascii empty.out_ascii literal.out_ascii lonelyRE.out_ascii nested.out_ascii noRE.out_ascii nowidth.out_ascii paragraph.out_ascii width.out_ascii regress/usr.bin/mandoc/man/SH: broken.out_ascii broken_eline.out_ascii empty_before.out_ascii longarg.out_ascii noarg.in noarg.out_ascii paragraph.out_ascii vert.out_ascii regress/usr.bin/mandoc/man/SS: broken.out_ascii broken_eline.out_ascii longarg.out_ascii noarg.in noarg.out_ascii paragraph.out_ascii vert.out_ascii regress/usr.bin/mandoc/man/SY:
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: st...@cvs.openbsd.org 2023/11/13 13:19:45 Modified files: etc/etc.i386 : login.conf Log message: raise i386's datasize for 'daemon' class so that relinking libc at boot doesn't fail - new clang is even greedier than the old one. I picked the value 1500M out of the air, it works for me but could perhaps be finessed downwards a bit. (I'm also using 1500M for make build / mkr+mkrx on i386; make -j8 build is no longer a good idea on i386 ;)
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: st...@cvs.openbsd.org 2023/11/13 12:53:34 Modified files: distrib/sets/lists/comp: clang.i386 Log message: fix i386 sets
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: jas...@cvs.openbsd.org 2023/11/13 12:15:01 Modified files: sys/arch/amd64/amd64: vmm_machdep.c Log message: include function name in warning printf in vmx_handle_np_fault() and svm_handle_np_fault() more clearer output ok mlarkin@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: schwa...@cvs.openbsd.org2023/11/13 12:13:00 Modified files: usr.bin/mandoc : man_macro.c man_term.c mandoc.1 mdoc_term.c term_ascii.c Log message: Reduce the man(7) default global indentation from 7n, which was an oddity in groff-1.01 to groff-1.22.4, to 5n for compatibility with Version 7 AT UNIX, 4.3BSD-Reno, groff-1.23.0, and all versions of mdoc(7). OK jmc@ millert@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2023/11/13 10:18:27 Modified files: sys/net: route.c Log message: Fix rt_setgate() error handling. In revision 1.424 the logic in rt_setgate() has changed. The old code entered a value into rt_gateway also if rt_setgwroute() returned an error. Now if rt_setgwroute() fails, rt_gateway is NULL and ROUNDUP(rt->rt_gateway->sa_len) crashes. Put back the old logic in rt_setgate(). Setting rt_gateway and rt_gwroute are actually independent. If malloc(9) in rt_setgate() fails, rt_gateway can still be NULL. The subsequent crash in free(rt->rt_gateway, M_RTABLE, ROUNDUP(rt->rt_gateway->sa_len)) was just never observed. Add a NULL check around these free(9). Reported-by: syzbot+2e79dd9db712d3c5a...@syzkaller.appspotmail.com OK mvs@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/11/13 09:16:14 Modified files: lib/libcrypto/x509: x509type.c Log message: Make X509_certificate_type() less bad This converts to proper single exit and undoes a number of unnecessarily silly muppet antics. ok beck
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/11/13 08:44:15 Modified files: lib/libcrypto/x509: x509type.c Log message: Garbage collect an incoherent export crypto check Contrast "#define EVP_PKT_EXP 0x1000 /* <= 512 bit key */" with the diff: - /* /8 because it's 1024 bits we look for, not bytes */ - if (EVP_PKEY_size(pk) <= 1024 / 8) - ret |= EVP_PKT_EXP; EVP_PKT_EXP will be nuked at the next opportunity. discussed with jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/11/13 08:40:44 Modified files: lib/libcrypto/x509: x509type.c Log message: Use a sensible variable name (i.e. nid) instead of i for a NID
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/11/13 08:38:09 Modified files: lib/libcrypto/x509: x509type.c Log message: Use X509_get_signature_nid() instead of inlining it ok beck jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/11/13 08:36:55 Modified files: lib/libcrypto/x509: x509type.c Log message: X509_certificate_type() needs to know about RSA-PSS This doesn't do much right now, but is part of the tangle that is adding RSA-PSS support. ok beck jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mart...@cvs.openbsd.org 2023/11/13 08:05:14 Modified files: usr.sbin/snmpd : snmpd.h Log message: Apparently base-gcc doesn't like having OID() inside MIBDECL(). Handroll the OID() logic into MIBDECL(). Found, tested, and OK jca@ OK tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/11/13 07:13:23 Removed files: lib/libcsi : Makefile Symbols.list csi.c csi.h csi_dh.c csi_dh_groups.c csi_internal.h csi_util.c shlib_version Log message: Bye bye libcsi This is sad, but unfortunately, we never had time to grow it to its intended use. It's been in maintenance mode for too long, and there currently aren't concrete projects to pursue this direction further. It can be revived when the time is ripe. Until then, let it not get in the way of more urgent work. discussed with jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/11/13 07:03:17 Removed files: regress/lib/libcsi: Makefile regress/lib/libcsi/dh: Makefile dhtest.c Log message: Retire the libcsi regress
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: rob...@cvs.openbsd.org 2023/11/13 06:34:40 Modified files: lib/libcsi : Symbols.list Log message: sync Symbols.list with reality; ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2023/11/13 05:49:41 Modified files: sys/arch/arm64/conf: RAMDISK distrib/arm64/ramdisk: list Log message: enable UDF on arm64 install media ok deraadt@ kn@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: b...@cvs.openbsd.org2023/11/13 05:46:07 Modified files: lib/libcrypto/asn1: a_time_posix.c asn1.h lib/libcrypto/hidden/openssl: asn1.h lib/libcrypto/man: ASN1_TIME_set.3 Log message: Prepare to expose OPENSSL_gmtime and OPENSSL_timegm as public This matches when BoringSSL has done, and allows for getting rid of the dependency on system timegm() and gmtime() in libtls. which will make life easier for portable, and remove our dependency on the potentially very slow system versions. ok tb@ - tb will handle the minor bump bits and expose on the next minor bump CVS :--
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/11/13 05:43:08 Modified files: usr.bin/openssl: ca.c Log message: Kill last user of ASN1_time_parse() in the tree ASN1_time_parse() was useful while OpenSSL didn't have something sort of equivalent, but now they do. Let's retire ASN1_time_parse() to internal. This will require some patching in ports, but shrug. ok beck
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/11/13 04:50:36 Modified files: usr.bin/openssl: x509.c Log message: Check notBefore/notAfter validity with ASN1_TIME_to_tm(3) ok beck
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/11/13 04:46:25 Modified files: usr.sbin/ocspcheck: ocspcheck.c Log message: Replace ASN1_time_parse() with ASN1_TIME_to_tm() Like in libtls, we use ASN1_GENERALIZEDTIME_check() to ensure we actually have a GeneralizedTime. ok beck
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2023/11/13 04:33:52 Modified files: etc/etc.riscv64: login.conf Log message: Bump datasize for staff to match amd64 Suggested by jsing@, ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2023/11/13 04:12:37 Modified files: distrib/sets/lists/comp: clang.arm64 clang.armv7 clang.i386 clang.loongson clang.macppc clang.octeon clang.powerpc64 clang.riscv64 clang.sparc64 Log message: sync
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/11/13 03:56:19 Modified files: lib/libtls : tls_ocsp.c Log message: Remove last caller of ASN1_time_parse(3) in libtls This one is slightly annoying since ASN1_TIME_to_tm(3) doesn't provide a direct check for a GeneralizedTime, so call ASN1_GENERALIZEDTIME_check() as well. This means LibreSSL parses the time twice. Shrug. ok beck
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/11/13 03:51:49 Modified files: lib/libtls : tls_conninfo.c Log message: Remove ASN1_time_parse() dependency in tls_conninfo.c During r2k22 ported some of the missing OpenSSL ASN.1 time API. This is a step towards removing the dependency of libtls on ASN1_time_parse(). The latter grew a dependency on CBS/CBB, and thus the choice is to pull in all this code or to use a no longer maintained version of the API. Both options are unappealing. ok beck
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/11/13 03:33:00 Modified files: lib/libcrypto/x509: x509_internal.h x509_purp.c x509_verify.c x509_vfy.c Log message: Eliminate the timegm(3) dependency in libcrypto timegm(3) is not available on some operating systems we support in portable. We currently use musl's implementation, for which gcc-13 decided to emit warnings (which seem incorrect in general and are irrelevant in this case anyway). Instead of patching this up and diverge from upstream, we can avoid reports about compiler warnings by simply not depending on this function. Rework the caching of notBefore and notAfter by replacing timegm(3) with asn1_time_tm_to_time_t(3). Also make this API properly error checkable since at the time x509v3_cache_extensions(3) is called, nothing is known about the cert, in particular not whether it isn't malformed one way or the other. suggested by and ok beck
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mart...@cvs.openbsd.org 2023/11/13 03:16:51 Modified files: regress/usr.sbin/snmpd: Makefile backend.c regress.h snmpd_regress.c Log message: Add 2 tests to make sure getbulkrequests return the correct error index.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mart...@cvs.openbsd.org 2023/11/13 03:14:29 Modified files: usr.sbin/snmpd : application.c Log message: struct appl_varbind_internal's avi_index is used to give the index to the original varbindlist's index. In the case of a GetBulkRequest this must never be larger than the length of the original varbindlist. OK tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: o...@cvs.openbsd.org2023/11/13 03:11:41 Modified files: share/man/man5 : bsd.regress.mk.5 Log message: adjust `regress' description since REGRESS_FAIL_EARLY is yes now ok plus various improvements to the text by tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2023/11/13 02:51:33 Modified files: distrib/sets/lists/comp: clang.amd64 clang.arm64 clang.armv7 clang.i386 clang.loongson clang.macppc clang.octeon clang.powerpc64 clang.riscv64 clang.sparc64 Log message: sync ok robert@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: to...@cvs.openbsd.org 2023/11/13 02:18:19 Modified files: usr.bin/ssh: sftp-client.c Log message: Make sure sftp_get_limits() only returns 0 if 'limits' was initialized. This fixes a potential uninitialized use of 'limits' in sftp_init() if sftp_get_limits() returned early because of an unexpected message type. ok djm@