| Age | Commit message (Collapse) | Author |
|---|
|
From Leo Li
eb3c69c7c777d9d3c016568cb062ef02197a5a4e in linux 5.15.y/5.15.61
f5ba14043621f4afdf3ad5f92ee2d8dbebbe4340 in mainline linux
|
|
From Dmitry Osipenko
da2a1aa058acd7eb2cccd9de74df0809cbe4f1f8 in linux 5.15.y/5.15.61
2939deac1fa220bc82b89235f146df1d9b52e876 in mainline linux
|
|
This implements SSL_get_shared_{curve,group}() in a bug-compatible
fashion with OpenSSL.
This is your average OpenSSL-style overloaded parameter API where n >= 0
means "return the n-th shared group's NID" (as if anyone possibly ever
cared about the case n > 0) and n == -1 means "return the number of
shared groups". There is also an undocumented case n == -2 for Suite B
profile support which falls back to n == 0 in case Suite B profile
support is disabled, so n == -2 is the same as n == 0 in LibreSSL.
The API also returns 0 for error, which is indistinguishable from a
count of 0 shared groups but coincides with NID_undef. Contrary to claims
in the documentation, the API doesn't actually return -1 for clients,
rather it returns 0.
Obviously this entire exercise is pretty useless, but since somebody
exposed it because they could and someone else used it because they could
we need to provide it.
ok jsing
|
|
|
|
This splits tls1_get_supported_group() into a few helper functions to
be able to count shared groups and to return the n-th shared group since
someone thought it is a great idea to expose that in a single API and
some others thought it is useful to add this info to log noise.
This is all made a bit more complicated thanks to the security level
having its tentacles everywhere and because a user-provided security
callback can influence the list of groups shared by the peers.
ok jsing
|
|
These are wrappers of SSL_ctrl() using the SSL_CTRL_GET_SHARED_GROUP
control. Do not provide SSL_CTRL_GET_SHARED_CURVE since that is only
mentioned in Net::SSLeay docs according to codesearch.debian.net.
ok jsing
|
|
ok jsing
|
|
Refactor ssl_security_supported_group() into a wrapper of a new internal
ssl_security_group() which takes a secop as an argument. This allows
adding ssl_security_shared_group() which will be needed in upcoming
commits.
ok jsing
|
|
|
|
Indicate non-activeness when the device is not ready for reading
or writing. This should make the event filters behave more like
the old poll code.
"makes sense to me" mpi@
|
|
OK tb@ deraadt@
|
|
The memory regions passed to memcpy() can not overlap so no need for memmove().
OK tb@ deraadt@
|
|
|
|
Adds experimental structured comments in zone1970.tab to clarify
whether Zones like Africa/Abidjan and Europe/Istanbul cross continent
or ocean boundaries.
|
|
OK tb@
|
|
struct.
OK tb@
|
|
|
|
|
|
Rather than reimplement this in each TLS client and server, deduplicate it
into a single function. Furthermore, rather than dealing with the API
hazard that is SSL_get_peer_cert_chain() in this code, simply produce two
chains - one that has the leaf and one that does not.
SSL_get_peer_cert_chain() can then return the appropriate one.
This also moves the peer cert chain from the SSL_SESSION to the
SSL_HANDSHAKE, which makes more sense since it is not available on
resumption.
ok tb@
|
|
probing for a FIDO resident key or not. Unused here, but will
make like easier for portable
|
|
The new version of the output file was generated with groff-current.
|
|
macros .B, .I, .SM, and .SB that the next-line scope extends
to the end of the next logical input line and is not extended
if that line ends with a \c (no-space) escape sequence.
While improving a loosely related feature in the man(7) .TP
macro, a regression entered the groff codebase in groff
commit 3549fd9f (28-Apr-2017) caused by the usual sloppiness
of Bjarni Ingi Gislason. Since that time, groff wrongly had \c
extend next-line scope to a second line for these macros.
In man.c rev. 1.127 (25-Aug-2018) i synched mandoc behaviour
with groff in this respect, unfortunately failing to notice
the recent regression in groff. The groff regression was
finally fixed by gbranden@ in commit 09c028f3 (07-Jun-2022).
With the present commit, mandoc is back in sync with both GNU and
Heirloom roff regarding the interaction of single-font macros with \c.
|
|
|
|
when multiple input or output lines are involved.
|
|
The new version of this file was generated with groff-current.
Heirloom nroff produces exactly the same output for the content
of the DESCRIPTION.
|
|
line, use the current output position as the reference position
for tabs on that input line. This brings mandoc in line with the
behaviour of GNU, Heirloom, and Plan 9 roff.
|
|
move it to the top level include file mandoc.h to reduce the risk of causing
clashes when introducing new ASCII_* constants in the future.
|
|
Ought to go in 2020 already.
OK deraadt
|
|
stderr is expected and stdout would break vnconfig(8)'s usage
where vnd_dev is omitted and a new one is printed on stdout.
|
|
"rm -rfv nonexistent". problem spotted by Alfred Morgan
ok millert
|
|
These ktrace points do not seem useful any longer because the new
implementation of poll(2) and select(2) appears to work well.
OK deraadt@ mpi@
|
|
OK millert@ deraadt@
|
|
|
|
initial patch from Andreas Bartelt
ok deraadt@
|
|
instead use exit_nexthop (the nexthop from BGP). The FIB code can then
do the lookup and replace the nexthop in the FIB.
This solves an issue when multiple nexthops change concurrently. In the
RDE the decision process handles these changes ansynchronously which
resulted in bad true_nexthops to be sent to the FIB. The exit_nethop
is stable so the data sent to the FIB is always correct.
Fix a bug in netxhop tracking introduced in 1.280. On RTM_CHANGE when the
nexthop of a kroute changes a knexthop_send_update() must be sent but
knexthop_track() does not do that because the kroute did not change.
Introduce a knexthop_update() function for this case instead.
OK tb@
|
|
after vertical spacing was improved in man_term.c rev. 1.192.
|
|
at the beginning of the node handler, in the same way as it is done
in the mdoc(7) node handler.
As a side effect, this also fixes a bug: if an input line contained
nothing but an escape sequence producing no output whatsoever (for
example, \fR), the old code incorrectly emitted a blank line anyway,
whereas the new code only emits such a blank link if the input line
actually produces output (even invisible zero-width output). To make
the distinction, the ASCII_NBRZW -> lastcol -> term_newln() mechanism
established in term.c rev. 1.149 is used.
|
|
|
|
whatsoever (for example \fR) and escape sequences that produce
invisible zero-width output (for example \&). No, i'm not joking,
groff does make that distinction, and it has consequences in some
situations, for example for vertical spacing in no-fill mode.
Heirloom and Plan 9 behaviour is subtly different, but in case of
doubt, we want to follow groff.
While this fixes the behaviour for the majority of escape sequences,
in particular for those most likely to occur in practice, it is not
perfect yet because some of the more exotic ESCAPE_IGNORE sequences
are actually of the "no output whatsoever" type but treated
as "invisible zero-width" for now. With the new ASCII_NBRZW mechanism
in place, switching them over one by one when the need arises will
no longer be very difficult.
|
|
|
|
arm64 is the only currently supported OpenBSD platform which both
a) supports booting off root on softraid(4) (kernel and bootloader) and
b) is an EFI platform (as far as installboot(8) is concerned).
Currently, installboot treats softraid root volumes as regular devices,
ignoring ignores chunk devices completely.
Teach installboot the first bits of softraid support for EFI:
installing the single-stage boot loader on chunks rather than the volume.
Copy over sparc64's softraid stage-1 code as-is and make its stage-2 a NOOP:
# ./obj/installboot -v sd4
Using / as root
installing bootstrap on /dev/rsd4c
using first-stage /usr/mdec/BOOTAA64.EFI
sd4: softraid volume with 1 disk(s)
sd0a: installing boot blocks on /dev/rsd0c
copying /usr/mdec/BOOTAA64.EFI to /tmp/installboot.KuBD4zkfpM/efi/boot/bootaa64.efi
writing /tmp/installboot.KuBD4zkfpM/efi/boot/startup.nsh
arm64 miniroot fits and boots with this.
OK stsp
As of now, EFI partitions must still be created manually as installboot's
'-p' does not support softraid at all (next missing piece for root on
softraid on arm64 installations to work out-of-the-box).
|
|
code is MP safe and moves from ip6_local() to ip6_ours(). If there
are any options, store the chain offset and next protocol in a mbuf
tag. When dequeuing without tag, it is a regular IPv6 header. As
mbuf tags degrade performance, use them only if a hop-by-hop header
is present. Such packets are rare and pf drops them by default.
OK mvs@
|
|
|
|
This function will help to avoid code duplication when tcp_usrreq() will
be divided to multiple handlers.
ok bluhm@
|
|
|
|
|
|
This is the arm64 adaptation of stsp's (commitid: p55cmsVoEH0fRg77)
"add support for booting from RAID 1C softraid(4) volumes on amd64".
Tell the boot loader to decrypt 1C like C volumes and check the number of
disks in 1C like in 1C volumes -- no new code rquired.
Tested on SolidRun CEX7
OK stsp
NB: While kernel and boot loader support root on softraid on arm64,
installboot(8) does not, i.e. default installations still require manual
disk preparation for now.
|
|
not to *output* lines. In particular, if an input line gets broken in
fill mode and a tab occurs in the second output line, it advances to a
position of at least (width of the first output line) + (width of a
space character even though this is never printed) + (width of the part
of the second output line that precedes the tab).
Implement the same logic in mandoc.
Again, do not use tabs in filled text: they have surprising effects,
including this one.
|
|
|
|
They both are only used as struct http_descriptor.
OK tb@
|
