openbsd/src
1
0
Fork 0
mirror of https://github.com/openbsd/src.git synced 2026-04-29 08:36:22 +00:00
Code Issues Projects Releases Wiki Activity
243,166 Commits 1 Branch 0 Tags
bdbab326880b3548426b015e189d94c2602edcf0
Commit Graph

243166 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
deraadt
bdbab32688 Use unveil() instead of pledge "tmppath". There is a bit of bulldozering 
here to handle the many codeflows regarding output files, and I hope ingo
improves it later.
Some help with regression validation from job
 2026-02-23 18:58:30 +00:00
deraadt
c2d38473df nc(1) has the more crazy unveil + pledge configuration based upon 
argument flags.  I think this correctly replaces "tmppath" with an
unveil.
 2026-02-23 16:47:07 +00:00
deraadt
3ae6636769 replace pledge "stdio rpath tmppath" with unveil "/tmp" "rwc" to satisfy 
mktemp(3) type operations, unveil "/" "r" for reading all over the tree,
and pledge "stdio rpath wpath cpath" to permit both unveils subject to
their own limitations.
 2026-02-23 16:45:16 +00:00
deraadt
1b5c1c8cc4 Since this program is "rpath wpath cpath", it does not need to use 
"tmppath"
ok op
 2026-02-23 16:40:45 +00:00
sthen
8a1a49e10d mention ip address certs 2026-02-23 10:39:39 +00:00
sthen
4553a27546 regress tests for iPAddress certificates, from florian 2026-02-23 10:28:23 +00:00
sthen
4f09c169eb acme-client: add support for iPAddress certificates, ok florian 
started by Lloyd <ng2d68@proton.me>, also worked on by myself and florian@
 2026-02-23 10:27:49 +00:00
op
a7f0c950bd rework grabword() a bit; plug a leak 
spotted thanks to Han Boetes (hboetes at gmail) providing a diff to plug
a leak in the asprintf() usage.  While here though, rework it to avoid
hitting asprintf() per character.  Han agrees.
 2026-02-23 09:36:50 +00:00
nicm
2bd4781e37 Free history entries properly, from Huihui Huang in GitHub issue 4870. 2026-02-23 09:12:57 +00:00
nicm
9750c304bb Use buffer size for b64_pton, from someone in GitHub issue 4882. 2026-02-23 09:08:07 +00:00
nicm
0ed3ac6729 Do not leak list on failure, reported by Huihui Huang. 2026-02-23 08:58:40 +00:00
nicm
b4c21dd8c4 Another memory leak from Huihui Huang. 2026-02-23 08:54:56 +00:00
nicm
1593a2d466 Memory leaks in cmd_display_menu, from Huihui Huang. 2026-02-23 08:50:00 +00:00
nicm
ac93c84efb Free format on -a, reported by Huihui Huang. 2026-02-23 08:46:57 +00:00
nicm
9fc228dcca Fix memory leaks, reported by Huihui Huang in GitHub issue 4872. 2026-02-23 08:45:27 +00:00
nicm
5da5a60b27 Set cell to default when off screen to avoid crash when logging it. 2026-02-23 08:29:30 +00:00
gnezdo
c840a4de3c Report success in ftp when file is fully retrieved 
OK rasadowski
 2026-02-23 05:00:51 +00:00
jsg
c1c10b3e4d don't return an error when skipping sysfs bits in amdgpu_ras_sysfs_create() 
should avoid fatal init error on Radeon VII reported by Justin Roberts
 2026-02-23 00:38:34 +00:00
dv
11a5864391 vmd(8): convert virtio scsi device to a subprocess. 
Break the virtio scsi device (used as a cd-rom drive) into a
subprocess like the virtio block and network devices. This leaves
only the entropy device (viornd) and vmmci device running in-process
with the vcpus.

ok mlarkin@
 2026-02-22 22:54:54 +00:00
kettenis
b8b33024fd Reset the PNVM segment count back to zero after we free the segments. 
Prevents us from calling bus_dmamap_sync(9) on random DMA map pointers
when reloading the firmware.

ok stsp@
 2026-02-22 22:24:05 +00:00
op
ab97852fca plug leak in transposeword(); from Han Boetes (hboetes at gmail), thanks! 
extracted from a bigger diff.
 2026-02-22 22:16:41 +00:00
kettenis
2c101244ab If we have a non-zero hint and none of the address selectors managed to 
return a valid address, set the hint to zero and retry.  This fixes
mmap(2) with a hint (and without MAP_FIXED) when the hint falls outside
of the userland address space range.

ok deraadt@
 2026-02-22 21:53:54 +00:00
kettenis
d1624edace Use bus_dmamap_load_raw(9) to load a DMA mapping for memory allocated with 
bus_dmamem_alloc(9).

ok stsp@
 2026-02-22 21:38:03 +00:00
bluhm
e49f994663 Prevent false ELOOP error in socket splicing. 
To avoid endless splicing loops, the mbuf's lifetime is limited by
the ph_loopcnt counter.  Each time somove() runs, it compares the
value to a maximum and increments.
In the unlikely case that the drain buffer is full, the mbuf stays
in the source buffer after incrementing.  When more data arrives
and somove() is called, the counter at the same mbuf is incremented
again.  Eventually the maxium could be reached and splicing dissolves
with ELOOP.  This is not intended for mbufs which are never moved,
we want to count the moves.
Fix the race and increment just before sending the mbuf out to the
drain buffer.

OK mvs@
 2026-02-22 21:30:58 +00:00
mvs
14f73a1227 Make bse(4) interrupts mp-safe. The code has nothing to do, so only 
establish interrupt handlers with IPL_MPSAFE bit.

ok jmatthew
 2026-02-22 18:44:41 +00:00
op
266e2f0407 fix two leaks in interpreter.c; from Han Boetes (hboetes at gmail) 
- upon redefinition of a variable, free the content of the old varentry
- free v1 if strndup fails, and delay the SLIST_INSERT_HEAD
 2026-02-22 10:31:28 +00:00
sthen
c745d9d774 don't talk about CN, we no longer send it in the CSR, and CAs constructed 
their own anyway.
 2026-02-21 19:23:45 +00:00
sthen
fc987e1c38 don't include CN in the certificate signing request. 
the CA will decide whether to include a CN based on their
configuration/profile and sets that up themselves.

ok florian
 2026-02-21 19:20:41 +00:00
kettenis
d97ab55405 Add missing bus_dmamap_unload(9). 
ok stsp@
 2026-02-21 16:48:21 +00:00
sthen
65ff3274db fix typo in comment, from Benjamin Lee McQueen 2026-02-20 12:32:34 +00:00
nicm
6e5bcb6513 Reuse the same extended slot when clearing non-RGB cells as well. From 
Michael K Darling in GitHub issue 4865.
 2026-02-20 08:41:23 +00:00
kirill
e2da7b503b sys/videoio.h: sync with Linux 
1. media: v4l2-ctrls: Add hevc_ext_sps_[ls]t_rps controls
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fa05705107a40131a8335ad37817153709261738

2. media: uapi: videodev2: Add support for AV1 stateful decoder
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=406fc2e9ca65e0df345ebf4ce95aa87cb6416f35

3. media: v4l: ctrls: add a control for flash/strobe duration
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d89ccbf3dde727d91a242a5a3f3b70a90579b057

4. media: v4l: ctrls: add a control for enabling strobe output
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5be4154f6255d92d9d2ad5da658d7d33a655386f

Here no ABI or API changes.

Scope limited to few new defines, new struct and new enum value only.

OK deraadt@
 2026-02-19 20:42:45 +00:00
bluhm
6a338f3f70 Print both nat-to and rdr-to in pfctl show rules. 
Kernel pf rule may have both nat-to and rdr-to fields.  pfctl printed
only one of them.  By removing one else if, the user sees what the
kernel does.

OK henning@
 2026-02-19 16:59:15 +00:00
deraadt
5781d1bc88 uvmexp.faults is now counter in MI code 
ok claudio kettenis
 2026-02-19 15:42:17 +00:00
jan
f5ae478e68 Also put LRO Flags inside an ifndef SMALL_KERNEL 
ok bluhm@
 2026-02-19 10:15:36 +00:00
dv
5e6b300ad5 vmd(8): prevent pause deadlock when vcpu doesn't halt 
Trying to pause a vm that's got a vcpu busy polling that never
issues a HLT instruction results in a deadlock. Remove the check
for if the vcpu is halted. We have other logic to handle "suspending"
the vcpu thread if a vcpu halts with interrupts enabled. (The way
vmm(4) works is if the vcpu halts without interrupts, we consider
it a terminating event.)

ok hshoexer@, mlarkin@
 2026-02-18 22:28:19 +00:00
kirill
4dc0e834fe usr.sbin/relayd: add support for PROXY protocol in TCP relays 
patch from Christoph Liebender

OK: rsadowski@
 2026-02-18 22:27:03 +00:00
deraadt
1c096ed5f4 uses tmpfile(), which is why it used "tmppath", which is why it now 
needs "rpath wpath cpath"
spotted by brynet
 2026-02-18 21:40:55 +00:00
deraadt
0bcd6e0c21 This was using pledge "tmppath" with "rpath wpath cpath". 
The "tmppath" is not needed.
ok semarie and others
 2026-02-18 20:43:58 +00:00
deraadt
1ccd5a3a52 pledge "rpath tmppath" is replace with unveil "/" "r", unveil "/tmp" "rwc", 
and "rpath wpath cpath"
ok semarie
 2026-02-18 16:46:48 +00:00
deraadt
e05dc1d889 replace pledge "tmppath" with unveil "/tmp" "rwc" and "rpath wpath cpath". 
ok ok
 2026-02-18 15:54:20 +00:00
claudio
2a03ab9331 Add more error logging for the ERR_UPD_ATTRLIST case. 
Split it into a bad_list case for all those duplicate attr checks and
a bad_ibuf case that is used when the parsing hits a general issue.

OK sthen@
 2026-02-18 15:54:06 +00:00
kettenis
2f35217588 Make qwx_dmamem_alloc() wait for resources if necessary. 
ok deraadt@, stsp@
 2026-02-18 15:34:49 +00:00
deraadt
ad461ab28a Instead of pledge "tmppath rpath", setup a "rwc" unveil on "/tmp", a 
"r" unveil on "/", and then pledge "rpath wpath cpath".
ok semarie and others
 2026-02-18 15:25:01 +00:00
deraadt
cd7feeec72 This is using pledge "tmppath" with "rpath wpath cpath". 
The "tmppath" is not needed.
ok semarie and others
 2026-02-18 15:23:36 +00:00
nicm
8b8eaf56ff Pass which clipboard is set through to the terminal, from Axel Lindskog 
in GitHub issue 4858.
 2026-02-18 09:10:31 +00:00
deraadt
74811a55db These programs are using pledge "tmppath" with "rpath wpath cpath". 
The "tmppath" is not needed.
ok semarie and others
 2026-02-18 08:54:46 +00:00
jsg
c9a87b7d52 correct bounds check on number of memory segments 
found with smatch, ok patrick@
 2026-02-18 03:10:57 +00:00
djm
2312e0c0c9 same treatment for remote/remote copies (i.e. scp -3): adjust 
permissions on destination directory only if we created it or -p
was requested. bz3925
 2026-02-18 03:04:12 +00:00
djm
5f549511a7 when uploading a directory using sftp/sftp (e.g. during a recursive 
transfer), don't clobber the remote directory permissions unless
either we created the directory during the transfer or the -p flag
was set. bz3925 ok dtucker@
 2026-02-18 02:59:27 +00:00