CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2024/03/18 23:04:13 Modified files: usr.sbin/rpki-client: cert.c extern.h filemode.c ip.c parser.c validate.c x509.c Log message: Rename parent to issuer in struct auth Parent is confusing and issuer is the appropriate terminology. This is a mechanical diff. The only remaining uses of 'parent' in this code base now mean 'parent process'. discussed with beck and job ok job
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2024/03/18 21:49:11 Modified files: sys/net: if_sec.c Log message: count if_enqueue/ifq_enqueue errors as oqdrops. this helps narrow down where some "output failures" on sec interfaces occur. based on discussion with jason tubnor
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: kette...@cvs.openbsd.org2024/03/18 15:57:22 Modified files: sys/arch/arm64/arm64: cpu.c sys/dev/fdt: psci.c pscivar.h Log message: Implement Spectre-V4 mitigations. The only real effect of this change is that we now make a firmware call to enable the mitigations if the firmware tells us mitigations are implemented and needed. But according to the specification these mitigations should be enabled by default. The open source TF-A implementation only implements mitigations for older Cortex-A76 cores. Newer Cortex-A76 revisions are not vulnerable and as far as I can tell we only support SoCs with the newer cores. ok patrick@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: patr...@cvs.openbsd.org 2024/03/18 15:37:44 Modified files: sys/dev/fdt: if_mvpp.c Log message: Pass PHY OF node to the MII layer for use by PHY drivers.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: kette...@cvs.openbsd.org2024/03/18 15:20:46 Modified files: sys/dev/pci: pci.c Log message: Reduce dmesg spam and only print about resource conflicts for resources that are actually enabled. ok dlg@, deraadt@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: kette...@cvs.openbsd.org2024/03/18 12:35:21 Modified files: sys/arch/arm64/arm64: cpu.c sys/arch/arm64/include: armreg.h Log message: Add support for the new layout of the CCSIDR_EL1 register that was introduced in Armv8.3 when the CCIDX feature is advertised. This makes us properly detect the cache size on newer CPU cores like Neoverse N2, at least when emulated by QEMU. ok jsg@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: clau...@cvs.openbsd.org 2024/03/18 08:54:53 Modified files: usr.sbin/bgpd : parse.y Log message: Typecast char argument to isxdigit() to unsigned char since isxdigit() only works that way correctly. OK deraadt@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/03/18 05:03:04 Modified files: lib/libexpat : Tag: OPENBSD_7_3 Changes lib/libexpat/lib: Tag: OPENBSD_7_3 xmlparse.c Log message: Cherry-pick fix for CVE-2024-28757 from libexpat. Detect billion laughs attack with isolated external parser. github commit 1d50b80cf31de87750103656f6eb693746854aa8 OK deraadt@ this is errata/7.3/027_expat.patch.sig
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/03/18 05:02:25 Modified files: lib/libexpat : Tag: OPENBSD_7_4 Changes lib/libexpat/lib: Tag: OPENBSD_7_4 xmlparse.c Log message: Cherry-pick fix for CVE-2024-28757 from libexpat. Detect billion laughs attack with isolated external parser. github commit 1d50b80cf31de87750103656f6eb693746854aa8 OK deraadt@ this is errata/7.4/015_expat.patch.sig
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: clau...@cvs.openbsd.org 2024/03/18 04:49:24 Modified files: usr.sbin/bgpd : bgpd.h Log message: Double PEER_DESCR_LEN to 64 characters since 32 is a bit on the short side. OK sthen@, deraadt@, dlg@, tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: clau...@cvs.openbsd.org 2024/03/18 04:16:50 Modified files: usr.sbin/bgpd : bgpd.conf.5 Log message: Use same markup for origin-set arguments as for roa-set. The maxlen argument is optional. OK tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: o...@cvs.openbsd.org2024/03/18 02:50:54 Modified files: lib/libc/gen : login_cap.3 Log message: fix markup of _PATH_DEFPATH (Li -> Dv); ok jmc
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: o...@cvs.openbsd.org2024/03/18 02:48:50 Modified files: usr.sbin/smtpd : smtpd.conf.5 Log message: improve the MDA documentation - add a pointer to the section when documenting the `mda' keyword - rename the section to MDA COMMANDS - document also what happens when the MDA doesn't exit with status 0 - add the missing environment variables - sort the variables - minor other tweaks to the text with several improvements from jmc, ok jmc
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2024/03/18 00:14:50 Modified files: sys/net: if_aggr.c Log message: expose per port information via kstats. the most interesting information exposed here is the number of times a port changes state according to the lacp state machine. if a port is flapping, it's hard to see if you only look at the current state. getting a count of changes over time makes problems a lot more visible and therefore fixable. this also exposes counters around how the lacp protocol packets. all of these can be useful when trying to line up behaviors with another system (eg, a switch). ok jmatthew@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2024/03/18 00:05:23 Modified files: sys/net: if_aggr.c Log message: use high bits from the mbuf flowid to pick a port to transmit on. a port here is a physical interface used by an aggr. this leaves the low bits for a physical interface to use to pick a tx ring. without this, aggr used low bits for port selection, which takes bits away from the ring selection, which can lead to uneven distribution of packets over tx rings. ive been running this in production for well over a year now.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: m...@cvs.openbsd.org2024/03/17 13:47:08 Modified files: sys/kern : uipc_usrreq.c Log message: Do UNP_CONNECTING and UNP_BINDING flags check in uipc_listen() and return EINVAL if set. This prevents concurrent solisten() thread to make this socket listening while socket is unlocked. Reported-by: syzbot+4acfcd73d15382a3e...@syzkaller.appspotmail.com ok mpi
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: kette...@cvs.openbsd.org2024/03/17 07:05:40 Modified files: sys/arch/arm64/arm64: cpu.c machdep.c sys/arch/arm64/include: armreg.h Log message: The feature is called SSBS instead of SBSS.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2024/03/17 01:10:00 Modified files: lib/libcrypto/rsa: rsa_ameth.c Log message: Annotate RSA-PSS SHA parameter encoding as wrong A historic blunderfest in the ASN.1 module for RSA-PSS led to very confusing text in various RFCs. davidben and my current reading of this is that parameters for SHA-* should be encoded as an ASN.1 NULL rather than omitted. The use of X509_ALGOR_set_evp_md() leads to them being omitted, and is therefore counter to the specification (but allowed. We should fix this. For now, leave a reminder. See https://boringssl-review.googlesource.com/c/boringssl/+/67088 for a lot more details. ok davidben
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: guent...@cvs.openbsd.org2024/03/16 23:49:41 Modified files: sys/arch/amd64/amd64: cpu.c identcpu.c locore.S vmm_support.S sys/arch/amd64/include: specialreg.h Log message: Use VERW to mitigate the RFDS (Register File Data Sampling) vulnerability present in Intel Atom CPUs, reordering some ASM in return-to-userspace and start/resume-vmx-guest to reduce the number of kernel values still live in registers when VERW is used. This mitigation requires updated firmware which has affected CPUs report RFDS_CLEAR in dmesg. Firmware packaging by jsg@ and sthen@ Logic for interpreting intel's flags by jsg@ after lots of discussion between him, deraadt@, and I ok deraadt@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2024/03/16 19:44:59 Modified files: usr.sbin/rpki-client: extern.h Log message: Remove unused enum rsc_resourceblock_tag This was used in rsc.c prior to the switch to ASN.1 templates. ok job
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: patr...@cvs.openbsd.org 2024/03/16 18:06:43 Modified files: sys/dev/mii: eephy.c Log message: Some PHYs need board-specific initializations, e.g. to correctly configure LED settings, which might be stored in the marvell,reg-init property. With these applied, the LEDs on the SolidRun ClearFog CN9130 Base work correctly. ok kettenis@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2024/03/16 15:42:20 Modified files: lib/libcrypto : cversion.c Log message: Remove ugly parens and thereby fix KNF
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: kette...@cvs.openbsd.org2024/03/16 14:46:28 Modified files: sys/arch/arm64/arm64: locore.S sys/arch/arm64/include: hypervisor.h Log message: Set the HCR_API and HCR_APK bits in the HCR_EL2 when CPUs boot in EL2. Otherwise using PAC instructions in EL1 will trigger a trap into EL2 that we don't handle. ok jsg@, deraadt@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2024/03/16 14:42:33 Modified files: lib/libcrypto/bn: bn_rand.c Log message: Fix signed integer overflow in bnrand() If more bits than INT_MAX - 7 are requested, the calculation of number of bytes required to store the bignum triggers undefined behavior due to signed integer overflow. This will typically result in bytes becoming negative which will then make malloc() fail. If the ulimit should be high enough to make malloc() succeed, there is a bad out of bounds write in case bottom is set (an odd number was requested). On jsing's request this does not deal with another bug which we could catch with a similar check due to BN_bn2bin() failing later on as the number of words in a BIGNUM is some fraction of INT_MAX. ok jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: chel...@cvs.openbsd.org 2024/03/16 11:42:37 Modified files: usr.sbin/btrace: ksyms.c Log message: btrace(8): cache ELF symbols in sorted array Currently, every kelf_snprintsym() call performs a linear search through the .symtab for a symbol matching the given PC. The search is expensive and seems to be a major source of dropped profiling events. Storing all STT_FUNC .symtab entries and their names in a sorted array cuts search time from O(n) to O(lg n). In practice, the faster lookups seem to dramatically reduce the profiling drop rate. With tweaks from mpi@. Thread: https://marc.info/?l=openbsd-tech=170830125132105=2 ok mpi@
Re: CVS: cvs.openbsd.org: src
Should it be removed from changelist too? On 2024/03/15 23:18, Job Snijders wrote: > CVSROOT: /cvs > Module name: src > Changes by: j...@cvs.openbsd.org2024/03/15 23:18:01 > > Modified files: > distrib/sets/lists/base: mi > distrib/sets/lists/etc: mi > > Log message: > Move RPKI Trust Anchor constraints from etc set to base > > The cadence of updates being applied to the RPKI Trust Anchor constraints > seems sufficiently low, while the required understanding of context to make > educated decisions quite high, so centralized coordination of updates through > t...@openbsd.org is more appropriate. > > requested by & OK deraadt@, OK tb@ >
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2024/03/16 03:15:04 Modified files: sys/arch/arm64/arm64: cpu.c Log message: recognise Cortex-A520AE (Hayes AE), Cortex-A720AE (Hunter AE)
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2024/03/16 00:29:36 Modified files: usr.bin/whois : whois.c Log message: add -S to usage();
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2024/03/15 23:18:01 Modified files: distrib/sets/lists/base: mi distrib/sets/lists/etc: mi Log message: Move RPKI Trust Anchor constraints from etc set to base The cadence of updates being applied to the RPKI Trust Anchor constraints seems sufficiently low, while the required understanding of context to make educated decisions quite high, so centralized coordination of updates through t...@openbsd.org is more appropriate. requested by & OK deraadt@, OK tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mill...@cvs.openbsd.org 2024/03/15 20:00:31 Modified files: usr.bin/whois : whois.1 whois.c Log message: whois: trim output after ">>> Last update of WHOIS database:" Currently, whois(1) displays the full output it receives from the server. With this change, any text after a line starting with ">>> Last update of WHOIS database:" is dropped. This trims a lot of useless text that would otherwise cause the data you care about to scroll off the screen. From FreeBSD. OK deraadt@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: o...@cvs.openbsd.org2024/03/15 15:56:22 Modified files: usr.sbin/smtpd : smtpd.conf.5 Log message: add some initial documentation regarding MDAs this adds some initial commentary for how MDAs should behave and in what environment they are executed. diff from Philipp (philipp+openbsd [at] bureaucracy [dot] de) with some tweaks from Richard Toohey and me. ok gilles@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: o...@cvs.openbsd.org2024/03/15 15:52:20 Modified files: usr.sbin/smtpd : mda_unpriv.c Log message: set ORIGINAL_RECIPIENT in the environment of mda scripts mostly for compatibility with postfix since some mdas (like public-inbox) make use of it. diff from Philipp (philipp+openbsd [at] bureaucracy [dot] de) ok gilles@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2024/03/15 15:32:54 Modified files: sys/lib/libz : deflate.c Log message: zlib: sync with src
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2024/03/15 15:32:21 Modified files: lib/libz : deflate.c gzguts.h gzlib.c Log message: zlib: sync with upstream More Windows #ifdef shuffling. Only one change relevant for OpenBSD: Make deflateBound() more conservative and handle Z_STREAM_END.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: s...@cvs.openbsd.org2024/03/15 11:45:36 Modified files: sys/net80211 : ieee80211_input.c Log message: Ignore ADDBA requests if we are not ready to receive data frames. This prevents potential firmware errors in Intel wifi drivers when APs send an ADDBA request before the driver's state machine has settled into RUN state. The driver's addba task would race the driver's newstate task, and the hardware would see an incorrect sequence of commands. Ignoring an early ADDBA request is harmless. The AP will retry later. Reported by zxystd from the OpenIntelWireless project, thanks! ok phessler@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: k...@cvs.openbsd.org2024/03/15 11:31:21 Modified files: distrib/miniroot: install.sub Log message: Backout "Move code into new stop_watchdog()" An upgrade stalled on me, either my testing was flawed or my diff is... Having stop_watchdog() is fine, but calling it in a different place has is apparently too subtle for me to get right.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: k...@cvs.openbsd.org2024/03/15 10:29:32 Modified files: distrib/miniroot: install.sub Log message: Move code into new stop_watchdog() We have {reset,start}_watchdog() which are only used in unattended upgrade code, but stopping the background timer is done inline for all upgrades, incl. interactive ones. Relocate it out of the very end of do_upgrade() right after its only caller and limit it to unattended upgrades to match where/how the timer is started. OK afresh1
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: kette...@cvs.openbsd.org2024/03/15 07:26:09 Modified files: sys/arch/arm64/arm64: cpu.c trampoline.S Log message: According to errata AC03_CPU_12, AmpereOne needs the loopy branches with a loop count of 11 to mitigate Spectre-BHB. And it seems Cortex-A57 was missed when Spectre-BHB mitigation support was added, so add it here as well. ok jsg@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2024/03/14 23:14:16 Modified files: usr.sbin/rpki-client: constraints.c Log message: whitespace
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2024/03/14 21:38:59 Modified files: usr.sbin/rpki-client: constraints.c Log message: Log which of the constraints files triggered a violation Requested by Ties de Kock (RIPE NCC) OK tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2024/03/14 17:54:55 Modified files: lib/libcrypto/man: EVP_CIPHER_do_all.3 Log message: Add missing Nm entries for OBJ_NAME_do_all*
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2024/03/14 16:19:12 Modified files: lib/libcrypto/man: X509_STORE_set1_param.3 Log message: Mark up X509_STORE_get1_objects()
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2024/03/14 16:09:40 Modified files: lib/libcrypto/man: CRYPTO_lock.3 Log message: Add back a .Pp
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/03/14 13:37:40 Modified files: lib/libexpat : Changes lib/libexpat/tests: acc_tests.c Log message: Change log and regress test for expat billion laughs attack.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/03/14 11:35:37 Modified files: lib/libexpat/lib: xmlparse.c Log message: Cerry-pick fix for CVE-2024-28757 from libexpat. Detect billion laughs attack with isolated external parser. github commit 1d50b80cf31de87750103656f6eb693746854aa8 OK deraadt@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: kette...@cvs.openbsd.org2024/03/14 08:29:03 Modified files: regress/sys: Makefile Log message: Hook up the btcfi test.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2024/03/14 00:23:14 Modified files: usr.bin/ssh: ssh.1 Log message: Clarify how literal IPv6 addresses can be used in -J mode OK djm@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: chel...@cvs.openbsd.org 2024/03/13 18:54:54 Modified files: usr.sbin/btrace: ksyms.c Log message: Revert "btrace(8): cache ELF .symtab, .strtab entries in sorted array" "No it's not okay." mpi@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: kette...@cvs.openbsd.org2024/03/13 08:57:08 Modified files: sys/arch/arm64/arm64: machdep.c Log message: Expose BTI support to userland. ok deraadt@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/03/13 08:43:31 Modified files: sys/conf : GENERIC Log message: enable POOL_DEBUG after 7.5 release OK deraadt@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/03/13 07:13:57 Modified files: sys/dev/dt : dt_prov_profile.c Log message: Fix potential NULL pointer dereference in dt(4). When initializing the profiling probes, check if we sucessfully allocated the probe, before registering it. This avoids a NULL pointer dereference when probe allocation has failed. from Christian Ludwig
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: n...@cvs.openbsd.org2024/03/13 05:25:50 Modified files: usr.bin/tmux : tmux.1 Log message: Make the attach-session description clearer - do not mention creating a client which is not important, explicitly say the session must exist, and mention new-session and new-session -A. Prompted by Theo.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: kette...@cvs.openbsd.org2024/03/13 05:18:42 Modified files: regress/usr.bin/lastcomm: gadget.S Log message: Add endbr64/bti instruction at the start of the gadget, otherwise we'll get a SIGILL when the gadget gets call. Fix the instruction that sets the syscall number on arm64. ok anton@, deraadt@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dera...@cvs.openbsd.org 2024/03/13 04:02:37 Modified files: etc/root : root.mail Log message: mail(1) is very sensitive to spacing in the header, and sometimes when we manually edit this file we forget that. noticed by naddy
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/03/12 15:31:29 Modified files: regress/sys/netinet6/frag6: LICENSE Makefile Added files: regress/sys/netinet6/frag6: frag6_oversize.py frag6_unfragsize.py Log message: Add regress test showing that OpenBSD IPv6 fragment reassembly is not affected by FreeBSD-SA-23:06.ipv6 security advisory. Scapy test frag6_oversize.py reassembles fragments of a packet too big to fit. Test frag6_unfragsize.py also plays games with ECN bits and hop-by-hop extension header to check overflow protection. ICMP6 parameter problem responses are expected. As pf does not generate such ICMP6 error packets, these tests are only run with frag6_input() in the IPv6 stack.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: chel...@cvs.openbsd.org 2024/03/12 11:22:24 Modified files: usr.sbin/btrace: ksyms.c Log message: btrace(8): cache ELF .symtab, .strtab entries in sorted array Currently, every kelf_snprintsym() call performs a linear search through the .symtab for a matching symbol. The search is very costly and causes btrace(8) to drop a lot of profiling events. Storing the STT_FUNC .symtab entries and their corresponding .strtab entries in a sorted array cuts the lookup cost from O(n) to O(lg n). Lower overhead reduces the drop rate for profiling events. With tweaks from mpi@. Thread: https://marc.info/?l=openbsd-tech=170830125132105=2 probably ok mpi@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: kette...@cvs.openbsd.org2024/03/12 10:26:46 Modified files: sys/dev/mii: ytphy.c Log message: Configure the signal on the CLKOUT pin of the YT8531 PHY when we're instructed to do so by the device tree. ok patrick@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2024/03/12 10:03:56 Modified files: regress/usr.sbin/rpki-client: test-http.c regress/usr.sbin/rpki-client/libressl: Makefile Log message: Add regress for cross-origin HTTP redirection
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2024/03/12 10:02:30 Modified files: usr.sbin/rpki-client: http.c Log message: Enforce same-origin policy for HTTP redirects Isolate resources from different RRDP servers to avoid inappropriately increasing resource consumption for both RRDP clients and the referenced server. OK claudio@ tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: kette...@cvs.openbsd.org2024/03/12 07:32:53 Modified files: sys/arch/arm64/arm64: db_trace.c exception.S Log message: Fix the "fake" frame that we create alongside the trapframe. This fixes backtraces through trap franes. Adjust the code that prints backtraces in ddb as the old code now tries to access a userland address. ok mpi@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2024/03/11 23:46:09 Modified files: sys/dev/pci/drm/amd/display/amdgpu_dm: amdgpu_dm_helpers.c Log message: drm/amd/display: Add monitor patch for specific eDP >From Ryan Lin 82dacc26e15cbac7f64a30ad4bc2c414f78eaa8f in linux-6.6.y/6.6.21 b7cdccc6a849568775f738b1e233f751a8fed013 in mainline linux
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2024/03/11 23:42:37 Modified files: sys/dev/pci/drm: drm_buddy.c Log message: drm/buddy: fix range bias >From Matthew Auld 5e476625fa8a36d7483ec3396a2bd124c2c02066 in linux-6.6.y/6.6.21 f41900e4a6ef019d64a70394b0e0c3bd048d4ec8 in mainline linux
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2024/03/11 23:40:37 Modified files: sys/dev/pci/drm/amd/pm/legacy-dpm: amdgpu_si_dpm.c Log message: Revert "drm/amd/pm: resolve reboot exception for si oland" >From Alex Deucher baac292852c0e347626fb5436916947188e5838f in linux-6.6.y/6.6.21 98030954b9637b41c97b730f9b38c92ac488 in mainline linux
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: guent...@cvs.openbsd.org2024/03/11 20:31:15 Modified files: sys/arch/amd64/amd64: vmm_machdep.c Log message: Correct handling of cpuid(0xd) subleaves, carefully hiding bits and sizes that the host does not intend to expose, but do expose xsaveopt and xgetbv(1). ok dv@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dera...@cvs.openbsd.org 2024/03/11 19:20:30 Modified files: sys/conf : newvers.sh Log message: moving on to 7.5-current
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: st...@cvs.openbsd.org 2024/03/11 10:35:48 Modified files: usr.sbin/unbound/util/data: msgencode.c Log message: apply https://nlnetlabs.nl/downloads/unbound/patch_CVE-2024-1931.diff to unbound, fixing an indefinite loop that could be triggered by a client against an unbound server where the (non-default) configuration "ede: yes" is used. https://nlnetlabs.nl/downloads/unbound/CVE-2024-1931.txt ok florian@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2024/03/10 22:59:47 Modified files: usr.bin/ssh: version.h Log message: openssh-9.7
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: kette...@cvs.openbsd.org2024/03/10 09:37:54 Modified files: sys/arch/armv7/stand/efiboot: conf.c exec.c Log message: Invalidating the D-cache after disabling it turned out to be a bad idea and broke Allwinner SoCs with Cortex-A7 cores. So skip that and also invalidate the I-cache before disabling it. This seems to work better on a wide range of boards. ok deraadt@, jmatthew@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2024/03/10 07:25:10 Modified files: sys/conf : GENERIC Log message: disable POOL_DEBUG for release ok deraadt@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: s...@cvs.openbsd.org2024/03/09 16:29:53 Modified files: sys/dev/ic : qwx.c Log message: Ensure that qwx(4) clears the OACTIVE flag when Tx rings have space again. Issue found and fix tested by dv@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2024/03/08 22:12:13 Modified files: usr.bin/ssh: ssh-agent.c Log message: avoid logging in signal handler by converting mainloop to ppoll() bz3670, reported by Ben Hamilton; ok dtucker@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2024/03/08 15:16:32 Modified files: usr.bin/ssh: sshsig.c Log message: skip more whitespace, fixes find-principals on allowed_signers files with blank lines; reported by Wiktor Kwapisiewicz
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: m...@cvs.openbsd.org2024/03/08 09:18:53 Modified files: sys/arch/m88k/m88k: subr.S Log message: Make sure copyoutstr() invoked with a length of zero returns ENAMETOOLONG. This bug has been present in that file since the very beginning, more than 28 years ago.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2024/03/08 04:34:10 Modified files: regress/usr.bin/ssh: test-exec.sh dynamic-forward.sh Log message: Invoke ProxyCommand that uses stderr redirection via $TEST_SHELL. Fixes test when run by a user whose login shell is tcsh. Found by vinschen at redhat.com.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2024/03/07 10:09:02 Modified files: sys/dev/pci: if_ix.c Log message: Disable LRO in ix(4) on sparc64 by default As discussed on icb, we disables this here for a stable ix(4) in the 7.5 release to avoid buggy behavior. ok claudio@, deraadt@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: clau...@cvs.openbsd.org 2024/03/07 08:01:53 Modified files: sys/arch/sparc64/sparc64: machdep.c Log message: In _bus_dmamap_load_mbuf() ensure that for large mbuf m_len values the incr value is rounded to the page boundary. This can happen when m_defrag() packs a TSO packet into one big mbuf cluster. Also fix _bus_dmamap_load_uio() which has the same min(buflen, NBPG); logic. bus_dmamap_load_uio() is unsued and will be removed after unlock. OK miod@ bluhm@ kettenis@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: clau...@cvs.openbsd.org 2024/03/07 07:49:47 Modified files: sys/dev/pci: if_ix.c Log message: Fix possible double free in error path of ixgbe_rxeof. If fmp is not-NULL then the buf is part of the mbuf chain of fmp. So only m_freem either fmp or buf but clear both values. Also clear the M_PKTHDR flag if buf aka mp is not the first buffer in the chain. Double free found by bluhm@ OK bluhm@ jan@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: ke...@cvs.openbsd.org 2024/03/06 18:05:07 Modified files: sys/arch/riscv64/conf: GENERIC RAMDISK Log message: Enable dwxe(4) ok kettenis@, deraadt@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: ke...@cvs.openbsd.org 2024/03/06 18:04:16 Modified files: sys/dev/fdt: sxiccmu.c sxiccmu_clocks.h Log message: Support Allwinner D1's ethernet controller clocks and reset. ok kettenis@, deraadt@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: n...@cvs.openbsd.org2024/03/06 14:32:39 Modified files: usr.bin/tmux : cmd-split-window.c Log message: Check for the right flag to fix split-window -p, from Bryan Childs.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: kette...@cvs.openbsd.org2024/03/06 07:55:22 Modified files: sys/dev/fdt: rkclock.c rkclock_clocks.h Log message: Add SPI clocks for other 64-bit Rockchip SoCs. ok jsg@, deraadt@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2024/03/06 03:07:47 Modified files: lib/libcrypto/man: X509_STORE_load_locations.3 Log message: Clarify ownership in X509_STORE_add_lookup() Whether an X509_LOOKUP with given method already exists or not, this API returns an internal pointer that must not be freed.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bent...@cvs.openbsd.org 2024/03/06 00:29:37 Modified files: lib/libc/net : inet_addr.3 Log message: POSIX defines inet_ntoa, not inet_aton. ok deraadt@ jmc@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2024/03/06 00:01:53 Modified files: sys/dev/pci: pcidevs.h pcidevs_data.h Log message: regen
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2024/03/06 00:01:24 Modified files: sys/dev/pci: pcidevs sys/dev/pci/drm/amd/amdgpu: amdgpu_devlist.h Log message: add AMD Instinct MI300 device ids
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2024/03/05 23:26:22 Modified files: bin/ksh: sh.1 Log message: add missing Ev macro; from mail at lukasneukom ch
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2024/03/05 19:59:59 Modified files: usr.bin/ssh: channels.c Log message: fix memory leak in mux proxy mode when requesting forwarding. found by RASU JSC, reported by Maks Mishin in GHPR#467
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2024/03/05 19:35:01 Modified files: distrib/sets/lists/comp: mi Log message: sync
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2024/03/05 19:34:14 Modified files: lib/libcrypto/man: Makefile X509_CRL_get0_by_serial.3 X509_CRL_new.3 X509_sign.3 d2i_X509_CRL.3 evp.3 Removed files: lib/libcrypto/man: X509_CRL_METHOD_new.3 Log message: Remove CRL method API documentation
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2024/03/05 17:31:04 Modified files: usr.bin/ssh: ssh-agent.c Log message: wrap a few PKCS#11-specific bits in ENABLE_PKCS11
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2024/03/05 17:11:25 Modified files: sys/dev/pci: azalia.c dwiic_pci.c ichiic.c pucdata.c Log message: match on Intel Meteor Lake U/H/U-Type4 ok deraadt@ kettenis@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2024/03/05 17:05:49 Modified files: sys/dev/pci: pcidevs.h pcidevs_data.h Log message: regen
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2024/03/05 17:05:18 Modified files: sys/dev/pci: pcidevs Log message: add Intel Meteor Lake U/H/U-Type4 ids from: Intel Core Ultra Processor Datasheet, Volume 1 of 2, Doc. No.: 792044, Rev.: 002 Mesa iris_pci_ids.h ok deraadt@ kettenis@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2024/03/05 15:15:29 Modified files: lib/libcrypto/man: lh_new.3 Log message: lh__error() is no longer implemented as a macro
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: k...@cvs.openbsd.org2024/03/05 12:47:58 Modified files: distrib/miniroot: install.sub Log message: prune clang13 libLLVM; OK sthen
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: m...@cvs.openbsd.org2024/03/05 12:27:47 Modified files: regress/lib/libc/atexit: atexit_test.c Log message: Ugly workaround to let this compile again on non-clang platforms.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2024/03/05 12:21:31 Modified files: lib/libcrypto/man: ERR_load_crypto_strings.3 EVP_PKCS82PKEY.3 EVP_PKEY_cmp.3 EVP_PKEY_derive.3 EVP_PKEY_get_default_digest_nid.3 EVP_PKEY_set1_RSA.3 EVP_PKEY_size.3 Log message: Remove GOST documentation
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: k...@cvs.openbsd.org2024/03/05 11:54:29 Modified files: libexec/security: security Log message: backup disklabel for softraid(4) chunks Extend "Check for changes to the disklabels of mounted disks" to those that host online softraid volumes, e.g installations with root inside CRYPTO sd0a (and EFI System partition on sd0i). That produces /var/backup/disklabel.sd0.current, previously missing in such setups; noticed after someone dd(1)ed miniroot onto sd0 by accident and had no disklabel(8) backup to restore. Feedback OK bluhm
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/03/05 11:52:41 Modified files: sys/kern : uipc_mbuf.c Log message: Revert m_defrag() mbuf alignment to IP header. m_defrag() is intended as last resort to make DMA transfers to the hardware. Therefore page alingment is more important than IP header alignment. The reason, why the mbuf returned by m_defrag() was switched to IP header alingment, was that ether_extract_headers() failed in em(4) driver with TSO on sparc64. This has been fixed by using memcpy(). The alignment change in m_defrag() is too late in the 7.5 relaese process. It may affect several drivers on different architectures. Bus dmamap for ixl(4) on sun4v expects page alignment. Such alignment issues and TSO mbuf mapping for IOMMU need more thought. OK deraadt@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: kette...@cvs.openbsd.org2024/03/05 11:42:20 Modified files: sys/arch/arm64/arm64: cpu.c sys/arch/arm64/include: armreg.h Log message: Tighten up BTCFI by flipping the bits that make PACIASP and PACIBSP behave like BTI c instead of BTI jc. ok deraadt@, tobhe@