summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Fix an of by one when printing the oid of the error index.martijn2020-05-311-2/+2
|
* OIDs are unsigned. Reflect this when printing them.martijn2020-05-311-2/+2
|
* add umstc(4) for Microsoft Surface Type Cover keyboardsjcs2020-05-317-8/+237
|
* regenjcs2020-05-312-4/+14
|
* add two Surface Go Type Cover modelsjcs2020-05-311-1/+3
|
* Replace ssl_max_server_version() with ssl_downgrade_max_version()jsing2020-05-313-30/+6
| | | | | | | Replace the only occurrence of ssl_max_server_version() with a call to ssl_downgrade_max_version() and remove ssl_max_server_version(). ok beck@ tb@
* When building a chain look for non-expired certificates first.jsing2020-05-311-8/+29
| | | | | | | | | | | | | | | | | | | | | Currently, when building a certificate chain we look up an issuer and if it is the only issuer certificate available we still use it even if it has expired. When X509_V_FLAG_TRUSTED_FIRST is not in use, untrusted certificates are processed first and if one of these happens to be expired it will be used to build the chain, even if there is another non-expired option in the trusted store. Rework this code so that we first look for a non-expired untrusted certificate. If one does not exist then we take a look in the trusted store to see if we would be able to build the chain and only if there is not, do we then look for an expired untrusted certificate. This makes certificate validation possible for various sites that are serving expired AddTrust certificates. Issue reported by Christian Heimes via GitHub. ok beck@ tb@
* Correct downgrade sentinels when a version pinned method is in use.jsing2020-05-314-7/+40
| | | | | | | | | Previously only the enabled protocol versions were considered, however we also have to consider the method in use which may be version pinned. Found the hard way by danj@ with haproxy and force-tlsv12. ok beck@ inoguchi@ tb@
* Fix printing long doubles on architectures with hm and lm bits.mortimer2020-05-312-12/+22
| | | | | | Issue reported with initial patch by enh@google.com. ok deraadt@
* DDR mode seems to work fine on the Rockchip RK3399.kettenis2020-05-311-4/+1
| | | | tested by benno@
* Don't build the rs6000coff_vec and rs6000coff64_vec targets. Thesekettenis2020-05-311-3/+3
| | | | | | | generate fatal compiler warnings at least when cross-compiling and fixing the code isn't trivial. ok patrick@, drahn@
* Typo in WPA supplicant state machine: RNSA_SUPP_PTKDONE -> RSNA_SUPP_PTKDONEstsp2020-05-313-8/+8
|
* Remove a dead assignment to ni_rsn_state in ieee80211_node_leave_rsn().stsp2020-05-311-3/+1
| | | | Patch by Mikolaj Kucharski
* introduce "cpu_rnd_messybits" for use instead of nanotime in dev/rnd.c.dlg2020-05-3127-29/+175
| | | | | | | | | | | | | | | | | | | | | | | | | | rnd.c uses nanotime to get access to some bits that change quickly between events that it can mix into the entropy pool. it doesn't use nanotime to get a monotonically increasing set or ordered and accurate timestamps, it just wants something with bits that change. there's been discussions for years about letting rnd use a clock that's super fast to read, but not necessarily accurate, but it wasn't until recently that i figured out it wasn't interested in time at all, so things like keeping a fast clock coherent between cpu cores or correct according to ntp is unecessary. this means we can just let rnd read the cycle counters on cpus and things will be fine. cpus with cycle counters that vary in their speed and arent kept consistent between cores may even be desirable in this context. so this is the first step in converting rnd.c to reading cycle counter. it copies the nanotime backend to each arch, and they can replace it with something MD as a second step later on. djm@ suggested rnd_messybytes, but we landed on cpu_rnd_messybits. thanks to visa for his eyes. ok deraadt@ visa@ deraadt@ says he will help handle any MD fallout that occurs.
* match on pci id for azalia device with wrong subclassjsg2020-05-311-2/+7
| | | | | | | | | The HP EliteBook 850 G6 has an Intel 300 Series HD Audio device with pci subclass of MULTIMEDIA_AUDIO instead of the expected MULTIMEDIA_HDAUDIO. Match on the pci id to handle this. Reported and tested by Bruno Flueckiger. ok kettenis@ deraadt@
* Remove an outdated BUGS section.visa2020-05-311-6/+2
| | | | OK mpi@ beck@
* use ip{,6}_send instead of ip{,6}_output for l2tp and pptp.dlg2020-05-311-14/+4
| | | | | | | | | | pipex output is part of pppx and pppac if_start functions, so it can't rely on or know if it already has NET_LOCK. this defers the ip output stuff to where it can take the NET_LOCK reliably. tested by Vitaliy Makkoveev, who also found that this was necessary after ifq.c 1.38 and provided an excellent analysis of the problem. ok mpi@
* Switch Powerpc64 Big Endian to ELFv2 on OpenBSD, as least for now.drahn2020-05-301-0/+2
| | | | | | | | This should simplify bringup and make it easier to support Big Endian and Little Endian with the same code. May be reconsidered if it causes too many problems with Ports. ok kettenis@
* Powerpc64 should use same _mcount profiling as powerpc 32bit.drahn2020-05-301-0/+1
| | | | ok kettenis@
* Initial set of changes to build powerpc64 toolchain.drahn2020-05-304-10/+14
| | | | Disable PIC/PIE for powerpc64 for now.
* Indentation style(9).tobhe2020-05-301-11/+11
|
* In automatic performance mode on systems with offline CPUs because of SMTsolene2020-05-301-1/+3
| | | | | | | | | | | | | | | | | | | | | | | mitigation the algorithm was still accounting the offline CPUs, leading to a code path that would never be reached. This should allow better frequency scaling on systems with many CPUs. The frequency should scale up if one of two condition is true. - if at least one CPU has less than 25% of idle cpu time - if the average of all idle time is under 33% The second condition was never met because offline CPU are always accounted as 100% idle. A bit more explanations about the auto scaling in case someone want to improve this later: When one condition is met, CPU frequency is set to maximum and a counter set to 5, then the function will be run again 100ms later and decrement the counter if both conditions are not met anymore. Once the counter reach 0 the frequency is set to minimum. This mean that it can take up to 100ms to scale up and up to 500ms to scale down. ok brynet@ looks good tedu@
* Introduce kqueue_terminate() & kqueue_free(), no functional changes.mpi2020-05-301-12/+38
| | | | | | | These functions will be used to managed per-thread kqueues that are not associated to a file descriptor. ok visa@
* Fix UVIDEO_DEBUG buildfeinerer2020-05-301-1/+2
| | | | | | | | | | | | | | | | | | | | Include sys/proc.h to address following errors: /usr/src/sys/dev/usb/uvideo.c:2901:31: error: incomplete definition of type 'struct proc' vn_close(nd.ni_vp, FWRITE, p->p_ucred, p); ~^ /usr/src/sys/sys/types.h:223:8: note: forward declaration of 'struct proc' struct proc; ^ /usr/src/sys/dev/usb/uvideo.c:2925:40: error: incomplete definition of type 'struct proc' UIO_SYSSPACE, IO_APPEND|IO_UNIT, p->p_ucred, NULL, p); ~^ /usr/src/sys/sys/types.h:223:8: note: forward declaration of 'struct proc' struct proc; ^ 2 errors generated. ok mpi@
* Fix error message on close(2) and add printf format attributes.millert2020-05-291-4/+7
| | | | From Christos Zoulas, OK markus@
* Add a fix from ncurses 20200523 via Hiltjo Posthuma that preventsnicm2020-05-291-3/+7
| | | | | | | | | | | | ncurses passing strings to tputs() that look like BSD padding when using the rep terminfo(5) capability (with BSD_TPUTS which we and upstream both have enabled). Upstream change: + add a check in EmitRange to guard against repeat_char emitting digits which could be interpreted as BSD-style padding when --enable-bsdpad is configured (report/patch by Hiltjo Posthuma). ok millert
* Adjust some PPC ELF code to return -1 instead of doing pointerpatrick2020-05-291-1/+1
| | | | | | | arithmetics on NULL, like we did in r1.21 on elflink.c, to stop clang from complaining when setting up a cross-toolchain. ok kettenis@
* syncderaadt2020-05-291-0/+2
|
* Improve server certificate selection for TLSv1.3.jsing2020-05-292-23/+94
| | | | | | | | | This allows an EC certificate to be selected and used, if the client sigalgs would allow it. With feedback from tb@ ok inoguchi@ tb@
* Handle the case where we receive a valid 0 byte application data record.jsing2020-05-291-1/+10
| | | | | | | | In this situation we cannot return zero bytes, as that signals EOF. Rather we need to return TLS13_IO_WANT_POLLIN so tell the caller to call us again, at which point we'll pull up the next record. ok tb@
* Wire up the servername callback in the TLSv1.3 server.jsing2020-05-293-3/+45
| | | | | | | | This makes SNI work correctly with TLSv1.3. Found the hard way by danj@, gonzalo@ and others. ok beck@ inoguchi@ tb@
* Mop up servername_done, which is unused.jsing2020-05-293-14/+3
| | | | ok beck@ inoguchi@ tb@
* Add checks for SH downgrade sentinel and HRR hash in appstest.shinoguchi2020-05-291-1/+27
|
* Add -i to find-window to ignore case.nicm2020-05-292-60/+41
|
* syncderaadt2020-05-291-3/+1
|
* Make dollar_expand variadic and pass a real va_list to vdollar_percent_expand.dtucker2020-05-292-5/+14
| | | | Fixes build error on arm64 spotted by otto@.
* Pass a NULL instead of zeroed out va_list from dollar_expand. The originaldtucker2020-05-291-4/+2
| | | | | | intent was in case there's some platform where va_list is not a pointer equivalent, but on i386 this chokes on the memset. This unbreaks that build, but will require further consideration.
* If no station happens to be associated when ieee80211_setkeys() runs thenstsp2020-05-291-1/+5
| | | | | | | complete group key renewal immediately. The old code would not install the new group key unless a station in need of re-keying was present. Tested by Mikolaj Kucharski on bugs@
* In hostap mode, after completing a new group key handshake with allstsp2020-05-291-1/+7
| | | | | | | | | | | | | associated clients and before switching over to the new group key, purge the AP's global power-save frame queue. This queue may contain group-addressed frames which were encrypted with the old group key. Clients will not be able to decrypt such frames, and purging the queue prevents a panic ("key unset for sw crypto") where athn(4) attempts to transmit such frames from its software beacon alert interrupt handler. This is another variant of the problem fixed in CVS commit ufdFLtcLfPRrbshM. Panic reported and fix tested by Mikolaj Kucharski on bugs@
* At this point getpwuid(3) was already called therefore "getpw" promise can bemestre2020-05-291-2/+2
| | | | | | | dropped from pledge(2). From Martin Vahlensieck < openbsd at academicsolutions dot ch> OK millert@
* Mark the descriptor as dead when starting to destroy it.mpi2020-05-291-1/+2
| | | | | | This help in case of a context switch inside if_detach(). From Vitaliy Makkoveev.
* When the preferred cylinder group if full scan forward (wrapping if needed)otto2020-05-291-14/+15
| | | | | | to find another, instead of first forward and then backward. The latter method causes most full cgs to end up at the end of the partition. From FreeBSD. ok millert@
* from edgar pettijohn: correct return type in pcap_open_live.3;jmc2020-05-291-3/+3
| | | | ok djm
* remove a stray .El;jmc2020-05-291-2/+1
|
* mention that wildcards are processed in lexical order; bz#3165djm2020-05-292-4/+5
|
* syncderaadt2020-05-291-1/+0
|
* dev/rndvar.h no longer has statistical interfaces (removed during variousderaadt2020-05-2961-177/+63
| | | | | | conversion steps). it only contains kernel prototypes for 4 interfaces, all of which legitimately belong in sys/systm.h, which are already included by all enqueue_randomness() users.
* Add regression and unit tests for ${ENV} style environment variabledtucker2020-05-292-5/+79
| | | | expansion in various keywords (bz#3140). ok djm@
* Allow some keywords to expand shell-style ${ENV} environmentdtucker2020-05-295-53/+230
| | | | | | | | variables on the client side. The supported keywords are CertificateFile, ControlPath, IdentityAgent and IdentityFile, plus LocalForward and RemoteForward when used for Unix domain socket paths. This would for example allow forwarding of Unix domain socket paths that change at runtime. bz#3140, ok djm@
* pointless referencing .h files in SYNOPSISderaadt2020-05-291-5/+2
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.