The default is to install the next release. Snapshots are only
installed when invoked with -s.
The logic on what to do per default got out of hand and it was very
difficult to reason about what sysupgrade(8) actually did. deraadt@
then suggested that we should dumb it all down, sysupgrade(8) is there
to upgrade from one release to the next. More advance usage needs to
be requested by the user.
With all this simplification we can now be a bit more smart to work
out what the next release is. With that, snapshots right before a
release can be sysupgrade(8)'ed to the official release.
OK sthen on a previous version that was much more complicated but
allowed shortly-before-release -> release upgrade
testing sthen on this version
Guidance, prodding & OK deraadt
This extends the zic input format to add support for %z, which
expands to a UTC offset in as-short-as-possible ISO 8601 format.
It's intended to better support zones that do not have an established
abbreviation already. tzdata2024b and higher require a version of
zic that supports the %z format. From upstream tzcode. OK beck@
The CRL number draft clarified what ignoring means and it includes checking
that the CRL number is well-formed again. So do this but continue to ignore
the value for any other purpose. This refactors x509_convert_seqnum() into
a couple of helpers. There's some duplication between crl_check_crl_number()
and crl_parse_crl_number() which could be removed if anyone cares.
tweaks/ok job
To launch a guest with AMD SEV enabled, vmd needs to do a few things:
- retrieve ASID used by guest on VM creation
- provide ASID to psp(4)
- let psp(4) encrypt memory used intially by guest
- run guest
- release resources held by psp(4) on guest shutdown
To enable SEV for a guest use the parameter "sev" in the guest's vm
section in vm.conf.
from hshoexer@; OK mlarkin@
Calling malloc / reallocarray with a 0 size is not portable and the
memcpy with a possible NULL pointer as source and 0 len is seen as UB
by newer C standards (grmbl).
OK tb@
An announce PDU requires at least one provider ASnum while a withdraw
must not include any provider ASnums. The first is mandated by the ASPA
profile and the 2nd by the 8210bis draft.
Further cleanup some leftovers from the old per-AFI split of ASPA.
OK tb@
to be rechecked when a BGP route is added (or changed).
We need to revalidate nexthops on inserts (kroute_insert) and
on change (krX_change but only for AID_INET and AID_INET6 -- no nexthops
in the other tables) the nexthop needs to be updated.
Only validate nexthops if 'nexthop qualify via bgp' is enabled. For route
changes the code can depend on the F_NEXTHOP flag.
Fix for: https://github.com/openbgpd-portable/openbgpd-portable/issues/81
OK tb@
It is technically possible for a series of RRDP deltas and a snapshot
to diverge. An RRDP server could distribute files via Deltas and then
forget about those files, causing copies to remain stuck in the caches
of RRDP clients. Resetting RRDP sessions once every few weeks helps with
garbage collection.
In week 0 the probability of triggering re-initialization is ~0.025% and
doubles every week, in week 11 its 50% and always after week 12. Thus,
RPs will reinitialize at least once every 3 months.
OK tb@ claudio@
Using strtonum() instead of atoi() gives us an extra layer of bounds
checking for free while parsing an entry. This is in addition to
the existing bounds checking in set_range(). The step value is now
limited to the maximum range for an entry. If the field consists
of a range, the step must not be larger than the difference between
the high and low parts of the range. OK deraadt@
This lets us replace inet_aton with inet_pton since we do not need
inet_aton's flexibility.
phessler, sthen and Tom Smyth all confirm that they never came across
a different way of specifying an area.
OK claudio, deraadt
This lets us replace inet_aton with inet_pton since we do not need
inet_aton's flexibility.
phessler, sthen and Tom Smyth all confirm that they never came across
a different way of specifying an area.
OK claudio, deraadt
Also export the msgbuf queue len as a stats member so bgpctl does not need
to dig into the msgbuf structure inside struct peer.
This skips imsg related msgbuf since that will be handled by a imsgbuf
specific function.
OK tb@
In get_number(), reject values that are so large that they are
interpreted as negative numbers. In set_range(), step values smaller
than one or larger than the "stop" value are ignored. This prevents
bit_nset() from being called with out-of-range values.
Bug found by Dave G. of Supernetworks.
filtered prefixes in the Loc-RIB
This includes filtered prefixes into the Loc-RIB but they are marked
ineligible so nothing will select them but it is possible to show them
in bgpctl. So 'bppctl show rib filtered' will return all prefixes filtered
out by the input filters.
OK tb@
The min-version pins a minimal required version for rtr session. This is
needed if specific PDUs are required and it ensures that the session is
not suddenly downgraded. This is important for ASPA where a minimum
version of 2 is required. Only then the ASPA PDUs are transmitted.
By default a RTR version of 1 is used but setting min-version to 2
will enable draft-ietf-sidrops-8210bis-14 support and enforce it
at the same time. Right now defaulting to version 2 is not possible
since draft-ietf-sidrops-8210bis failed to progress for a too long
time resulting in split eco system with various incompatible RTR
version 2 implementations.
OK tb@
pf's rule names are limited by 32 characters, so lower the length bounds
for redirect names and tags that relayd accepts as valid config but would
later fail to load into pf. Also display the offending name on error.
from Mark Johnston
ok florian
Otherwise, it is possible to create a passwd(5) entry that is too
large for getpwent(3), which ignores database entries larger than
_PW_BUF_LEN. This adds a check in db_store() so that we do not
store an entry larger than getpwent(3) can read. Callers of
pwd_mkdb(8), typically via pw_mkdb(3), already check for failure.
In most cases, the checks in chpass(1) will prevent a user from
creating an entry that is too large by changing their gecos field.
However, it is only when storing the db record that we know the
true size.
OK deraadt@
The code path gcc is whining about ensures that the struct auth in
question is initialized, but the pile of garbage that is gcc's use
of uninitialized warnings can't figure that one out. Enough time on
this was wasted during the last few releases that silencing gcc with
annoying workarounds may be the lesser evil.
ok claudio
Only trigger a duplicate error if a valid filepath is revisted. It is
possible that a bad CA references somebody else's files and if that
happens first it would block the valid access.
To make this work, pass the ok flag to filepath_add() and only set the
talmask bit if the file was ok. Since we need to do the duplicate check
before processing the entity introduce filepath_valid() which checks
if the path is in the tree and has its talmask bit set.
In repo_move_valid() handle conflicts more gracefully. When both a valid
and temporary file are present assume that one of the files was never ok
(talmask == 0) and silently remove that file from the filepath tree.
OK tb@
to npppd. It can be configured now so that it accepts disconnect
requests and this works together with radiusd_ipcp(8) module. Also
"nas-id" becomes configurable.
consideration for new disconnect requests during requesting DAE. The
ipcp module didn't send a DAE request again once DAE request failed.
Also fix log messages.
Makes as much of the core of vmd mi, pushing x86-isms into separate
compilation units. Adds build logic for arm64, but no emulation
yet. (You can build vmd, but it won't have a vmm device to connect
to.)
Some more cleanup probably needed around interrupt controller
abstraction, but that can come as we implement more than the i8259.
ok mlarkin@
To prepare for mi/md splitting vmd, need to fixup the dev/vmm/vmm.h
mi header. Move the vm_run_params struct and clean up the includes
in vmd.
"sure", mlarkin@
ones and do nothing is they match.
This mean that "rcctl enable foobar" will not touch anything is foobar is
already enabled.
spotted by robert@ using Saltstack (that runs "rcctl enable ..." on a regular
basis).
ok robert@
- add "~" to the valid field table, as pointed out by sthen
- note that the value is generated whenever the tab is loaded,
as requested by K R
- clarify the text, as pointed out by deraadt
ok stehn millert
a {} block now. On the other hand, "authentication" can be without a
{} block. The previous syntax is still accepted. Also make
specifying the path of "module" be optional.
Add a new TLS handshake callback for incoming connections. This
will allow to inspect the client certificate later. For now only
print a debug message and check it in regress.
with and OK henning@
starts some sub processes and parent-child relationship with them must
be kept. But we want to show config error on stderr, so keep stdio
files open and close them after parse_config().
withdraw case. Those bytes are needed for the attribute length field.
Without this withdraw messages can become overfull and are dropped
without notice.
Problem found and fix tested by denis@
OK denis@ tb@
The vm process uses multiple pthreads to emulate vcpu and also drive
an event loop doing various io emulation. At points, one or the
other needs to read/write global vm state bits and toggle if a vcpu
is halted or "done."
This adds in a another mutex to protected the global state and
untangles areas where the mutex for protecting a condition variable
was being used around modifying some global state.
ok mlarkin@
Instead just SIG_IGN SIGPIPE in main.c for all of acme-client.
More work to be done here but at least this distraction is gone.
OK florian@ deraadt@ op@
There was a shift of the index in the for loop, and invalidating the wrong
member could result in a double free in auth_tree_free() on process exit.
ok claudio job
Turns out filemode still relies on these. Rather than adding to the
spaghetti in filemode.c, begrudgingly put back the NULL checks with
an additional XXX.
ok claudio job
When relayd(8) handles 'host disable/enable' command issued by relayctl(8),
it disables redirect it finds in tables for particular host. However there can
be multiple redirect instances which use the same host in relayd(8) tables.
This change makes relayd(8) to walk through all tables and disable all redirects
which match the host.
OK giovanni@, OK sashan@
the option to set corresponding `log` action in pf(4) rules it generates
to handle network traffic.
The patch comes from Giannis Kapetanakis (bilias _from_ edu.physics.uoc.gr).
OK sashan@
Instead, continue processing what we can but avoid lots of warning noise.
Error out at the end of the parser process to avoid loading a bad config
into bgpd. This isn't great as it is and can be refined in tree.
ok claudio
This goes back to the initial import in mft.c and was then copied to rsc.c.
ASN1_tag2str() doesn't take a nid but rather an ASN.1 tag. Use nid2str()
instead.
ok claudio (who helped me use nid2str() correctly)
The OpenSSL 1.1 get_signature_nid() API is available for all libraries
that we support and it does exactly what we want. It is much simpler
than the unergonomic accessors we used previously. The ASN.1 templates
ensure that the relevant struct members aren't NULL after successful
deserialization, so the calls are safe.
ok claudio
Nothing says there may be only one purpose. We only need to find
id-kp-bgpsec-router among them. This matches the intention of the
extended key usage extension in RFCs 5280 and 8209 more closely.
ok claudio
Now all key usage and extended key usage handling is at the same place.
This fixes a bug for BGPsec Router certs where key usage was ignored.
Another omission that is fixed here is that criticality of the key usage
extension was not checked. Drop a comment about possible use of EKU that
was in the TA/CA code path but would only apply to EE certs.
ok claudio
table for non-crypt(3) authentication. tables configured with auth that
support K_AUTH are asked to check if a user and passwd are valid rather
than asked to provide the password for a user so smtpd does crypt(3) on
its side. helps with cases like ldap or custom auth.
ok op@
Require that a cert fed to cert_parse_ee_cert() have an EE cert purpose.
Instead of throwing a warning for BGPsec router certs, check for the TA
purpose in ta_parse() and reject everything else.
ok job
