BSD Commit Log Search

   Xr qwz

   Add qwz(4) man page.

   ok deraadt@

   bump datasize to 2176M for the build class in prep for llvm22

   ok deraadt@

   remove commented-out unused namei structure fields not used for a long time
   ok beck

   Fix signed integer overflow in repetition count

   OK millert

   relayd: allow explicit paths for certificates, keys and OCSP staples

   Extend the "keypair" keyword in relayd.conf to support optional explicit paths.
   Previously, relayd enforced a naming convention, looking up files in /etc/ssl
   and /etc/ssl/private based on the keypair name.

   This change allows other applications to manage their certificates without
   having to comply with relayd's internal naming logic.

   Input and OK kirill@, help form tb@

   incorrect test for error

   remove -Wno-uninitialized, no warnings seen with gcc4 or clang
   ok dlg@

   frag6_input(): must always decrement counter when dropping fragment

   Currently frag6_input() does not decrement counter in one case:
   - it is processing fragment with offset 0 which arrives after
   the last fragment (fragment with max. offset)
   - there are more IPv6 extension headers between IPv6 header
   and IPv6 fragment header
   - re-assembled packet exceeds IPV6_MAXPACKET size limit

   if conditions above are met, then fragment gets dropped without
   decrementing counters. This commit fixes that.

   The issue was pointed out by Frank Denis.

   OK bluhm@

   correct mdoc macro ordering

   remove tab at end of line

   Insist on opening only regular files. (On OpenBSD, the directory
   case is handled by the kernel, but I want to stop other weird stuff)
   ok millert, dgl

   Make __pledge_open(2) of /etc/localtime and /usr/share/zoneinfo much
   more strict.  If /etc/localtime is a symbolic link, allow one translation
   which must land cleanly in /usr/share/zoneinfo (.. is checked for) otherwise
   error with EACCES.  In /usr/share/zoneinfo, do not allow symbolic links and
   error with ELOOP.
   Alfredo Ortega observed the non-strict handling, but agrees no specific
   exploitability exists.  Changing this took almost a month with many
   discarded prototypes.
   ok beck dgl

   If the main process receives an oversized passwd or group entry message from
   the ldap client process, discard it rather than overflowing the struct
   idm_req on the stack.

   Pointed out by Frank Denis
   ok claudio@

   Rework the re-evaluation of a prefix if PREFIX_FLAG_FILTERED changed.

   The fix committed in rev 1.291 is not quite right. The problem is that
   prefix_evaluate() uses prefix_best() which calls prefix_eligible().
   It is wrong to alter the eligible state of a prefix while it is still
   on the rib list.

   Instead remove the prefix first, toggle the state, then readd it again.
   Even though prefix_evaluate() is called twice the code complexity is
   about the same since the 2 calls only do half the work.

   OK tb@

   Enable qwz(4) for amd64 and arm64 RAMDISK.

   Enable qwz(4) for amd64 and arm64 GENERIC.

   Get qwz(4) in to an initial working state (assoc/rx/tx).

   Bug fixes (HAL/WMI drift vs. current ath12k):
     1. RX_BE_PADDING0_BYTES 80 -> 8 -- fixes RX-descriptor misalignment
        (dlpager crash, Hexagon 0x23).
     2. Send WMI_VDEV_PARAM_SET_HEMU_MODE = 0 before peer_assoc_cmd --
        clears stale HE-MU state.
     3. volatile cast on dst-ring hp_addr read in
        qwz_hal_srng_access_begin() -- matches SRC branch, fixes ARM64 hoist.
     4. BUFFER_ADDR_INFO1: RET_BUF_MGR GENMASK(10,8) -> (11,8),
        SW_COOKIE (31,11) -> (31,12).
     5. wbm2sw_cc_enable = WBM2SW3_EN only -- keeps HW Cookie Convert off
        the TX rings.
     6. HTT_TX_WBM_COMP_INFO0_STATUS (12,9) -> (16,13); drop bogus
        INFO2_SW_PEER_ID/VALID; add INFO1_REINJECT_REASON,
        INFO1_EXCEPTION_FRAME, INFO2_ACK_RSSI.
     7. REO/TX_RATE_STATS GENMASK shifts
        (HAL_REO_UPD_RX_QUEUE_INFO2_*, HAL_RX_REO_QUEUE_INFO0/1_* +2 bits;
        HAL_TX_RATE_STATS_INFO0_* +1 bit) + new

    [25 lines not shown]

   Transplant the EL2 virtual timer interrupt into the ACPI device tree if
   it is provided in the GTDT table.
   Based on a diff from Marc Zyngier.

   ok jsg@

   If either tcp_md5_set() or pfkey_establish() fail then also fail the
   ongoing connect.

   The old graceful failure mode was added for strange cases like kernels
   without TCP MD5 support but there is honestly no good reason to limp along.
   The correct way to handle this on such broken systems is to edit the config
   and remove the auth settings. After that a bgpctl reload will fix the problem
   by skipping the TCP MD5 or IPSec setup.

   Reported by Frank Denis
   OK tb@

   regen

   Add "interrupt-names" property to the timer node.

   ok jsg@

   In log_evpnaddr() the labellen for EVPN_ROUTE_TYPE_2 can either be 3 or 6.

   Currently only the first label is printed so only take the first 3 bytes
   of addr->labelstack to build the VNI. Do this by hand with a few shifts
   and or opertations instead of the memcpy and htonl() fumbling.

   EVPN is still experimental and disabled by default.
   Found by myself and also reported by Frank Denis
   OK denis@ tb@

   Sync cert.pem with mozilla roots; quite a few CA certificates were
   either removed or distrusted for web so are removed here.  ok tb@

   Common policies (moz, google, ca/b) are now to distrust roots with key
   material created before a certain time (currently 2008, this rolls
   forwards by 2 years each April until 2029 when it moves to '15 years
   from creation'), and also roots used for TLS are not permitted to be
   shared with other purposes (Secure Email, Code Signing, or others).

   This removes all root certificates from the following CA operators:

   -AffirmTrust
   -  /C=US/O=AffirmTrust/CN=AffirmTrust Commercial
   -  /C=US/O=AffirmTrust/CN=AffirmTrust Networking
   -  /C=US/O=AffirmTrust/CN=AffirmTrust Premium
   -  /C=US/O=AffirmTrust/CN=AffirmTrust Premium ECC

   -Firmaprofesional SA
   -  /C=ES/O=Firmaprofesional SA/2.5.4.97=VATES-A62634068/CN=FIRMAPROFESIONAL CA ROOT-A WEB

    [67 lines not shown]

   dhcpleased: Make sure to use VIS_NL with stravis()

   Various DHCP fields could include newlines, these were written to the lease file as-is. Nothing in base reads them, but it could confuse other tools.

   ok florian@

   dhcpleased: Change rdns_count to size_t

   Potentially on a 32-bit platform a crafted imsg could make the engine read 4 bytes of stack.

   ok florian@

   dhcpleased: Validate size of imsg_dhcp.len

   If the frontend manages to write something bad to imsg (bypassing the frontend's validation), where imsg_dhcp.len is > sizeof(imsg_dhcp.packet) it is possible for an OOB read to be forced in the engine. Make this fatal.

   ok florian@

   dhcpleased: Ensure imsg is zeroed in send_routes_withdraw.

   ok florian@

   mitigate AMD Zen-2 operation cache corruption

   On Zen 2, the operation cache can be used to change instructions
   of a different privilege level.
   https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7052.html

   The mitigation is setting a chicken bit in an MSR.  This is not documented
   publicly, even in the security bulletin.  The value comes from a patch
   submitted to Linux by AMD employees.

   ok deraadt@ brynet@

   Limit the maximum value of shminfo.shmseg to prevent `size' overflow in
   sys_shmat(). The default value of 128 is safe, but overflow could happen
   on 32 bits machine while the value of shminfo.shmseg was raised too high.

   Discussed with deraadt.