Build date: 1736118003 - Sun Jan 5 23:00:03 UTC 2025 Build cvs date: 1736103123 - Sun Jan 5 18:52:03 UTC 2025 Build id: 2025-01-06.1 Build tags: amd64-regress ports sysupgrade Applied the following diff(s): /home/anton/tmp/robsd/src-regress-usr.bin-ftp.diff /home/anton/tmp/robsd/src-sys-em.diff /home/anton/tmp/robsd/src-sys-newvers.diff /home/anton/tmp/robsd/src-sys-uhidev-sispm.diff /home/anton/tmp/robsd/src-sysupgrade.diff P lib/libcrypto/ec/ec_convert.c P lib/libcrypto/ec/ec_lib.c P lib/libcrypto/ec/ec_local.h P lib/libcrypto/ec/ec_pmeth.c P lib/libcrypto/ec/ecp_methods.c P lib/libcrypto/man/RSA_get0_key.3 P lib/libcrypto/man/RSA_meth_new.3 P lib/libcrypto/rsa/rsa_local.h P lib/libcrypto/rsa/rsa_sign.c P regress/lib/libcrypto/rsa/rsa_method_test.c P regress/usr.bin/mandoc/tbl/mod/width.in P regress/usr.bin/mandoc/tbl/mod/width.out_ascii P sys/kern/uipc_socket2.c P sys/kern/uipc_syscalls.c P sys/net/af_frame.c P sys/netinet/in_pcb.h P sys/netinet/in_proto.c P sys/netinet/tcp_input.c P sys/netinet/tcp_output.c P sys/netinet/tcp_timer.c P sys/netinet/tcp_usrreq.c P sys/netinet/tcp_var.h P sys/netinet6/in6_proto.c P sys/sys/protosw.h P usr.bin/mandoc/libmandoc.h P usr.bin/mandoc/mandoc.1 P usr.bin/mandoc/mandoc.h P usr.bin/mandoc/mandoc_msg.c P usr.bin/mandoc/out.c P usr.bin/mandoc/roff.c P usr.bin/mandoc/tbl.c P usr.bin/mandoc/tbl.h P usr.bin/mandoc/tbl_layout.c commit gSvy2z9EipQ48FHb Author: schwarze Date: 2025/01/05 18:52:03 spelling; requested by jmc@ usr.bin/mandoc/mandoc.1 commit QGAvPnVnJvTULlpt Author: tb Date: 2025/01/05 18:21:36 Let's use RSA_3 rather than 3 regress/lib/libcrypto/rsa/rsa_method_test.c commit kuvd0BV0LWHVKe3K Author: schwarze Date: 2025/01/05 18:03:51 In the tbl(7) layout parser, use the roff(7) numerical expression parser to support arithmetic operations in column width modifiers. Documentation authors ought to focus on semantic markup and avoid trying to manipulate presentational details. Consequently, using tbl(7) is discouraged in the first place, using column width modifiers even more so, and complicating them by performing arithmetics yet more so. However, the madhouse called DocBook relies on this feature. For example, DocBook XSL version 1.79.2 generates man(7)+tbl(7) code that abuses arithmetics in column width modifiers to format things as simple and mundane as numbered lists, resulting in atrocious layout that is very hard to read. Last year, tb@ reported git-reset(1) as an example of an affected manual page. Properly parsing the width in the tbl(7) parser allows removal of some incomplete ad-hoc parsing from the tbl(7) formatter, where it didn't really belong. regress/usr.bin/mandoc/tbl/mod/width.in regress/usr.bin/mandoc/tbl/mod/width.out_ascii usr.bin/mandoc/mandoc.1 usr.bin/mandoc/mandoc.h usr.bin/mandoc/mandoc_msg.c usr.bin/mandoc/out.c usr.bin/mandoc/tbl.c usr.bin/mandoc/tbl.h usr.bin/mandoc/tbl_layout.c commit TaVbCMrhcG1jIsWN Author: schwarze Date: 2025/01/05 16:56:48 Add an additional argument to the functions implementing the roff(7) numerical parser to select the default scaling unit for numbers not followed by a scaling unit, rather than always using basic units ('u'). Expose roff_evalnum() via the internal parser API such that, in addition to the roff(7) parser, other parsers become able to parse numerical expressions, too. This commit implies no functional change yet, but prepares for adding new functionality in future commits. usr.bin/mandoc/libmandoc.h usr.bin/mandoc/roff.c commit Z9dzNQ26YbmSrL8A Author: tb Date: 2025/01/05 16:07:08 Move BIGNUMs in EC_GROUP and EC_POINT to the heap The only way to get an EC_GROUP or an EC_POINT is by calling the relevant _new() function and to get rid of it, something must call _free(). Thus we can establish the invariant that every group has Weierstrass coefficients p, a, b as well as order and cofactor hanging off it. Similarly, Every point has allocated BIGNUMs for its Jacobian projective coordinates. Unfortunately, a group has the generator as an optional component in addition to seed and montgomery context/one (where optionality makes more sense). This is a mostly mechanical diff and only drops a few silly comments and a couple of unnecessary NULL checks since in our part of the wrold the word invariant has a meaning. This should also appease Coverity who likes to throw fits at calling BN_free() for BIGNUM on the stack (yes, this is actually a thing). ok jsing lib/libcrypto/ec/ec_convert.c lib/libcrypto/ec/ec_lib.c lib/libcrypto/ec/ec_local.h lib/libcrypto/ec/ec_pmeth.c lib/libcrypto/ec/ecp_methods.c commit TjOkjogYPH5Vxd0y Author: tb Date: 2025/01/05 15:42:48 Stop setting RSA_FLAG_SIGN_VER With rsa_sign.c r1.37 this is no longer needed. regress/lib/libcrypto/rsa/rsa_method_test.c commit EmW1syk8Oq5An44z Author: tb Date: 2025/01/05 15:40:42 Remove most of the RSA_FLAG_SIGN_VER documentation ok jsing kn lib/libcrypto/man/RSA_get0_key.3 lib/libcrypto/man/RSA_meth_new.3 commit FqDlgOXR1uOh3NEz Author: tb Date: 2025/01/05 15:39:12 Stop requiring the RSA_FLAG_SIGN_VER You can set custom sign and verify handlers on an RSA method (wihch is used to create RSA private and public key handles). However, even if you set them explicitly with RSA_meth_set_{sign,verify}(3), these handlers aren't used for the sake of "backward compatibility" (with what?). In order to use them, you need to opt your objects into using the custom methods you set by setting the RSA_FLAG_SIGN_VER flag. OpenSSL 1.1 dropped this requirement and therefore nobody sets this flag anyore. Like most of the mechanically added accessors, almost nothing uses them, but, as found by kn, the yubco-piv-tool does. This resulted in a public key being passed to rsa_private_encrypt(), which of course doesn't end well. So follow OpenSSL 1.1 and drop this muppetry. This makes kn's problem with yubico-piv-tool go away. ok jsing kn lib/libcrypto/rsa/rsa_local.h lib/libcrypto/rsa/rsa_sign.c commit 32lFGvX1P5GLoq9n Author: bluhm Date: 2025/01/05 12:36:48 Retire PR_MPSOCKET flag. TCP socket layer is MP safe for more than a week now. That means all protocols with pr_usrreqs have the PR_MPSOCKET flag. Remove PR_MPSOCKET and use the logic that was used when set. OK mvs@ sys/kern/uipc_socket2.c sys/net/af_frame.c sys/netinet/in_proto.c sys/netinet6/in6_proto.c sys/sys/protosw.h commit xi7EhXsgqInnDiGc Author: bluhm Date: 2025/01/05 12:23:38 TCP integer sysctl variables are all atomic. Remove net lock. OK mvs@ sys/netinet/tcp_usrreq.c commit 6PPYN8YyhjczvPCp Author: bluhm Date: 2025/01/05 12:18:48 Read tcp_do_ecn only once during packet processing and mark atomic. OK mvs@ sys/netinet/tcp_input.c sys/netinet/tcp_output.c sys/netinet/tcp_timer.c sys/netinet/tcp_var.h commit zfVRdiL9YV5ybBOV Author: bluhm Date: 2025/01/05 12:10:39 Reorder struct inpcb fields and shorten struct inpcb_iterator. OK mvs@ sys/netinet/in_pcb.h commit Od0ri2dKBkhn80oY Author: mvs Date: 2025/01/05 11:33:45 Unlock accept(4) for tcp sockets. Makes sense because accept(2) could be fast path. tcp_accept() is the only in_setpeeraddr() which copies `inp_fport' and `inp_faddr' to passed mbuf(9). Shared netlock with `so_lock' taken is pretty enough, but both sockets should be locked simultaneously. So yet another solock() variation. The second arg of doaccept_so*lock() controls shared netlock acquisition and release. tcp(4) sockets are PR_MPSOCKET sockets, so soleep_nsec() will be happy. We have some raw inet6 sockets which are not PR_MPSOCKET, but they never follow this path. Note, we modify `so_qlen' of listening socket but filt_soread() takes only shared netlock. This should be enough because we cache `so_qlen' to local variable. ok bluhm sys/kern/uipc_syscalls.c