summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2021-10-30match on Intel 600 SeriesJonathan Gray
2021-10-30enable snooping on Intel 600 SeriesJonathan Gray
2021-10-30regenJonathan Gray
2021-10-30add Intel 600 Series and Alder Lake S idsJonathan Gray
described in 648364-001 Intel 600 Series Chipset Family Platform Controller Hub Datasheet 655258-001 12th Generation Intel Core Processors Datasheet
2021-10-29If the test fails, do not hang forever. Abort with a 10 secondsAlexander Bluhm
timeout.
2021-10-29Tweak code to make it clear that MBR_init() uses just the boot code andKenneth R Westerback
partition 0 information from the default MBR. loongson and macppc provide partition 0 information but no boot code. amd64, i386, landisk provide boot code but no partition 0 information. Other arch's get by w/o a default MBR (a.k.a. /usr/mdec/mbr). No functional change.
2021-10-29syncTheo de Raadt
2021-10-29the list of devices which can be created it getting unwieldy and keep gettingJason McIntyre
out of date: remove it (sthen) and add a pointer to -C (dlg); ok sthen
2021-10-29poll needs similar treatment as select recently gained in order to notAnton Lindqvist
mask failed kqueue_register() attempts which in turn causes the thread to end up sleeping as opposed of propagating the failure to user space. Regression introduced in the recent switch to implement poll on top of kqueue. Thanks to Larry Hynes <larry at larryhynes dot com> for reporting and Leah Neukirchen <leah at vuxu dot org> for providing a reproducer; which also already made its way into regress. ok mpi@
2021-10-29A USB HID report ID must be represented using a single byte rangingAnton Lindqvist
between 1-255 where 0 is reserved. The pseudo report ID UHIDEV_CLAIM_MULTIPLE_REPORTID is currently colliding with the valid report ID 255. Therefore crank it which gets rid of the collision and increase the related fields in order to cope with larger integers. Thanks to Damien Couderc <openbsd at petrocore dot eu> for reporting and testing.
2021-10-29In x509/x509_purp.c rev. 1.11, tb@ fixed X509_check_purpose(3)Ingo Schwarze
to fail if parsing of a certificate extension failed. Adjust the documentation accordingly. OK tb@
2021-10-29match more Prolific HXN idsJonathan Gray
tested by robert@ on PL2303GT ok deraadt@ robert@ patrick@
2021-10-29regenJonathan Gray
2021-10-29more Prolific HXN idsJonathan Gray
ok deraadt@ robert@ patrick@
2021-10-29Don't grab audio_lock in filt_midi{read,write} if NOTE_SUBMIT is set.Alexandre Ratchov
Fixes panics caused by attempts to grab audio_lock twice in the interrupt code path: once in the low-lever interrupt handler and once in selwakeup() This is exactly how audio(4) handles this problem. ok mpi
2021-10-29Hook poll tests.Martin Pieuchot
2021-10-29Test that poll(2) returns POLLNVAL for an already closed fd.Martin Pieuchot
poll(2) rewrite on top of kqueue is currently blocking instead of returning. Regression reported by Larry Hynes with a reproducer from Leah Neukirchen, thanks a lot!
2021-10-29Actually error in X509_check_purpose() if x509v3_cache_extensions()Theo Buehler
indicates failure. The previous "error return" X509_V_ERR_UNSPECIFIED translates to 1, i.e., success. This changes to the intended behavior of x509_purp.c r1.3 and matches OpenSSL. This will need various adjustments in the documentation. ok jsing
2021-10-29document the horrifying function X509_TRUST_set_default(3)Ingo Schwarze
2021-10-29add missing .h file includeTheo de Raadt
from Emil Engler
2021-10-29rpki-client 7.4 is imminent, bump versionClaudio Jeker
2021-10-29document X509_EXTENSION_dup(3);Ingo Schwarze
while here, add the missing const qualifier to the obj argument of X509_EXTENSION_create_by_OBJ(3) and correct a typo in the argument name of X509_EXTENSION_get_data(3)
2021-10-29new manual page X509_REQ_print_ex(3),Ingo Schwarze
also documenting X509_REQ_print(3) and X509_REQ_print_fp(3)
2021-10-29Ensure that RRDP snapshot and delta files are fetched from the same hostClaudio Jeker
as the notification file. OK tb@ job@
2021-10-29Limit the HTTP requests to 2GB of data. This is enforced via a quickClaudio Jeker
check of the content-lenght header and also with a check when writing data out so that chunked encoding can not bypass the limit. OK beck@ job@
2021-10-29Properly implement --max-size and --min-size.Claudio Jeker
This uses scan_scaled(3) from libutil which is very similar to how rsync behaves. Not implemented are the +/-1 math and the 1000 vs 1024 multipliers. OK benno@ job@
2021-10-29ssh-keygen: make verify-time argument parsing optionalDamien Miller
From Fabian Stelzer
2021-10-29sshsig: add tests for signing key validity and find-principalsDamien Miller
- adds generic find-principals tests (this command had none before) - tests certs with a timeboxed validity both with and without a restriced lifetime for the CA - test for a revoked CA cert by Fabian Stelzer
2021-10-29avoid signedness warning; spotted in -portableDamien Miller
2021-10-28Sync output at end of run with output inside the openbgpd output file.Claudio Jeker
With and OK tb@
2021-10-28Do not force the cursor to move if it is in the automargin space at EOLNicholas Marriott
and that is where we want it to be, GitHub issue 2956.
2021-10-28Allow detach even if suspend flag set, GitHub issue 2932.Nicholas Marriott
2021-10-28Expand command as a format, GitHub issue 2920.Nicholas Marriott
2021-10-28document X509_REQ_to_X509(3)Ingo Schwarze
2021-10-28flesh out veb(4)/vport description a bit, spell out in more words whatStuart Henderson
is meant by "independently of the host network stack" feedback jmc dlg
2021-10-28unwrap a lineTheo Buehler
2021-10-28Limit how many FileAndHash entries a single manifest may containJob Snijders
OK claudio@
2021-10-28Don't fetch files larger than 2MBJob Snijders
OK claudio@
2021-10-28document X509_to_X509_REQ(3)Ingo Schwarze
2021-10-28sortTheo Buehler
2021-10-28Provide --max-size and --min-size arguments. Currently ignored butClaudio Jeker
rpki-client wants --max-size and this will unblock that work. With job@
2021-10-28syncStuart Henderson
2021-10-28Limit the size of the base64 blob inside the RRDP XML to be less thanClaudio Jeker
MAX_FILE_SIZE after base64 decoding it. This way hostile RRDP servers do less damage. OK beck@ tb@
2021-10-28Mechanical KNF in preparation for changingBob Beck
2021-10-28Add headers normally contained in include/openssl, verbatim from 1.1.1Bob Beck
2021-10-28Import Certificate Transparency verbatim from OpenSSL 1.1.1Bob Beck
This is not yet hooked up and will not compile. Follow on commits will KNF and then make it build. ok jsing@ tb@
2021-10-28openssl-ruby tests: rework for x509_alt.c r1.3 and r1.5.Theo Buehler
ruby can no longer generate certs with bogus wildcards in it to check that they will fail to verify when creating TLS connections. It will throw an error. This change needs openssl-ruby-tests-20211024p0 or later to work.
2021-10-28Bring back r1.3, ok beckTheo Buehler
Original commit message from beck: Validate Subject Alternate Names when they are being added to certificates. With this change we will reject adding SAN DNS, EMAIL, and IP addresses that are malformed at certificate creation time. ok jsing@ tb@
2021-10-28Accept server replies from any server portKlemens Nanni
There is no requirement other than replying to client port 68/udp as per RFC 2131, so drop the 67/udp check. Same conclusion from florian Reported and tested by Roc Vallès < vallesroc AT gmail DOT com>, thanks!
2021-10-28Don't exit in certain cases on failures to parse x509 objects.Bob Beck
In most cases we already warn and continue if someone sends us malformed x509 objects. This makes this consistent behaviour in all places so that if someone passes in bogus X509, We end up failing their entry and continuing rather than exiting. We still exit on memory/system failures so that a future run of rpki client can simply do better when the machine is perhaps less hammered on ok job@ claudio@
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-04 15:51:58 +0000