sync with OpenBSD -current

distrib/amd64/iso/Makefile

@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.48 2024/06/02 16:00:07 deraadt Exp $
+#	$OpenBSD: Makefile,v 1.49 2024/06/09 17:24:19 deraadt Exp $
 
 FS=		install${OSrev}.img
 FSSIZE=		1425408
@@ -13,7 +13,7 @@ BSDRD=		${RELDIR}/bsd.rd
 BASE=		${RELDIR}/base${OSrev}.tgz ${RELDIR}/comp${OSrev}.tgz \
 		${RELDIR}/game${OSrev}.tgz ${RELDIR}/man${OSrev}.tgz \
 		${RELDIR}/bsd ${RELDIR}/bsd.rd ${RELDIR}/bsd.mp \
-		${RELDIR}/INSTALL.${MACHINE}
+		${RELDIR}/INSTALL.${MACHINE} ${RELDIR}/BUILDINFO
 XBASE=		${RELXDIR}/xbase${OSrev}.tgz ${RELXDIR}/xfont${OSrev}.tgz \
 		${RELXDIR}/xshare${OSrev}.tgz ${RELXDIR}/xserv${OSrev}.tgz
 

distrib/arm64/iso/Makefile

@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.9 2024/02/10 16:47:46 deraadt Exp $
+#	$OpenBSD: Makefile,v 1.10 2024/06/09 17:24:19 deraadt Exp $
 
 FS=		install${OSrev}.img
 FSSIZE=		1136400
@@ -12,7 +12,7 @@ RELDIR?=	/home/rel-${MACHINE}
 BASE=		${RELDIR}/base${OSrev}.tgz ${RELDIR}/comp${OSrev}.tgz \
 		${RELDIR}/game${OSrev}.tgz ${RELDIR}/man${OSrev}.tgz \
 		${RELDIR}/bsd ${RELDIR}/bsd.mp ${RELDIR}/bsd.rd \
-		${RELDIR}/INSTALL.${MACHINE}
+		${RELDIR}/INSTALL.${MACHINE} ${RELDIR}/BUILDINFO
 XBASE=		${RELXDIR}/xbase${OSrev}.tgz ${RELXDIR}/xfont${OSrev}.tgz \
 		${RELXDIR}/xshare${OSrev}.tgz ${RELXDIR}/xserv${OSrev}.tgz
 

distrib/i386/iso/Makefile

@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.34 2023/04/28 12:26:43 krw Exp $
+#	$OpenBSD: Makefile,v 1.35 2024/06/09 17:24:19 deraadt Exp $
 
 FS=		install${OSrev}.img
 FSSIZE=		921600
@@ -14,7 +14,7 @@ BSDRD=		${RELDIR}/bsd.rd
 BASE=		${RELDIR}/base${OSrev}.tgz ${RELDIR}/comp${OSrev}.tgz \
 		${RELDIR}/game${OSrev}.tgz ${RELDIR}/man${OSrev}.tgz \
 		${RELDIR}/bsd ${RELDIR}/bsd.rd ${RELDIR}/bsd.mp \
-		${RELDIR}/INSTALL.${MACHINE}
+		${RELDIR}/INSTALL.${MACHINE} ${RELDIR}/BUILDINFO
 XBASE=		${RELXDIR}/xbase${OSrev}.tgz ${RELXDIR}/xfont${OSrev}.tgz \
 		${RELXDIR}/xshare${OSrev}.tgz ${RELXDIR}/xserv${OSrev}.tgz
 

etc/skel/dot.version

@@ -1 +1 @@
-# SecBSD 1.5-22ee75e: Fri May  3 00:00:00 UTC 2024 (Yatagarasu)
+# SecBSD 1.5-c5d0954: Mon Jun 10 00:00:00 UTC 2024 (Yatagarasu)

libexec/security/security

@@ -1,6 +1,6 @@
 #!/usr/bin/perl -T
 
-# $OpenBSD: security,v 1.42 2024/03/05 18:54:29 kn Exp $
+# $OpenBSD: security,v 1.43 2024/06/09 18:31:17 afresh1 Exp $
 #
 # Copyright (c) 2011, 2012, 2014, 2015 Ingo Schwarze <schwarze@openbsd.org>
 # Copyright (c) 2011 Andrew Fresh <andrew@afresh1.com>
@@ -30,6 +30,7 @@ require File::Find;
 
 use constant {
 	BACKUP_DIR => '/var/backups/',
+	RELINK_DIR => '/usr/share/relink/',
 };
 
 $ENV{PATH} = '/bin:/usr/bin:/sbin:/usr/sbin';
@@ -574,6 +575,7 @@ sub find_special_files {
 		# SUID/SGID files
 		my $file = {};
 		if (-f _ && $mode & (S_ISUID | S_ISGID)) {
+			return if -e RELINK_DIR . $_;
 			$setuid_files->{$File::Find::name} = $file;
 			$uudecode_is_setuid = 1
 			    if basename($_) eq 'uudecode';
@@ -660,6 +662,7 @@ sub check_filelist {
 		push @{$changed{additions}}, [ @{$files->{$f}}{@fields}, $f ];
 	}
 	foreach my $f (sort keys %current) {
+		next if $mode eq 'setuid' && -e RELINK_DIR . $f;
 		push @{$changed{deletions}}, [ @{$current{$f}}{@fields}, $f ];
 	};
 

sbin/ifconfig/ifconfig.8

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ifconfig.8,v 1.399 2024/01/11 17:22:04 jan Exp $
+.\"	$OpenBSD: ifconfig.8,v 1.400 2024/06/09 16:25:27 jan Exp $
 .\"	$NetBSD: ifconfig.8,v 1.11 1996/01/04 21:27:29 pk Exp $
 .\"     $FreeBSD: ifconfig.8,v 1.16 1998/02/01 07:03:29 steve Exp $
 .\"
@@ -31,7 +31,7 @@
 .\"
 .\"     @(#)ifconfig.8	8.4 (Berkeley) 6/1/94
 .\"
-.Dd $Mdocdate: January 11 2024 $
+.Dd $Mdocdate: June 9 2024 $
 .Dt IFCONFIG 8
 .Os
 .Sh NAME
@@ -294,6 +294,9 @@ tag.
 On transmit, the device can add the
 .Xr vlan 4
 tag.
+.It Sy VLAN_HWOFFLOAD
+On transmit, the device can handle checksum or TSO offload without
+.Sy VLAN_HWTAGGING .
 .It Sy WOL
 The device supports Wake on LAN (WoL).
 .It Sy hardmtu

sbin/ifconfig/ifconfig.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: ifconfig.c,v 1.472 2024/05/18 02:44:22 jsg Exp $	*/
+/*	$OpenBSD: ifconfig.c,v 1.473 2024/06/09 16:25:27 jan Exp $	*/
 /*	$NetBSD: ifconfig.c,v 1.40 1997/10/01 02:19:43 enami Exp $	*/
 
 /*
@@ -125,7 +125,7 @@
 
 #define HWFEATURESBITS							\
 	"\024\1CSUM_IPv4\2CSUM_TCPv4\3CSUM_UDPv4"			\
-	"\5VLAN_MTU\6VLAN_HWTAGGING\10CSUM_TCPv6"			\
+	"\5VLAN_MTU\6VLAN_HWTAGGING\7VLAN_HWOFFLOAD\10CSUM_TCPv6"	\
 	"\11CSUM_UDPv6\15TSOv4\16TSOv6\17LRO\20WOL"
 
 struct ifencap {

sys/arch/amd64/include/cpu.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: cpu.h,v 1.172 2024/06/07 16:53:35 kettenis Exp $	*/
+/*	$OpenBSD: cpu.h,v 1.173 2024/06/09 21:15:29 jca Exp $	*/
 /*	$NetBSD: cpu.h,v 1.1 2003/04/26 18:39:39 fvdl Exp $	*/
 
 /*-
@@ -319,7 +319,7 @@ void cpu_unidle(struct cpu_info *);
 #define cpu_kick(ci)
 #define cpu_unidle(ci)
 
-#define CPU_BUSY_CYCLE()	do {} while (0)
+#define CPU_BUSY_CYCLE()	__asm volatile ("" ::: "memory")
 
 #endif
 

sys/arch/arm/include/cpu.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: cpu.h,v 1.66 2024/02/25 19:15:50 cheloha Exp $	*/
+/*	$OpenBSD: cpu.h,v 1.67 2024/06/09 21:15:29 jca Exp $	*/
 /*	$NetBSD: cpu.h,v 1.34 2003/06/23 11:01:08 martin Exp $	*/
 
 /*
@@ -251,7 +251,7 @@ extern struct cpu_info *cpu_info[MAXCPUS];
 void cpu_boot_secondary_processors(void);
 #endif /* !MULTIPROCESSOR */
 
-#define CPU_BUSY_CYCLE()	do {} while (0)
+#define CPU_BUSY_CYCLE()	__asm volatile ("" ::: "memory")
 
 #define curpcb		curcpu()->ci_curpcb
 

sys/arch/i386/include/cpu.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: cpu.h,v 1.190 2024/06/07 16:53:35 kettenis Exp $	*/
+/*	$OpenBSD: cpu.h,v 1.191 2024/06/09 21:15:29 jca Exp $	*/
 /*	$NetBSD: cpu.h,v 1.35 1996/05/05 19:29:26 christos Exp $	*/
 
 /*-
@@ -262,7 +262,7 @@ void cpu_unidle(struct cpu_info *);
 #define cpu_kick(ci)
 #define cpu_unidle(ci)
 
-#define CPU_BUSY_CYCLE()	do {} while (0)
+#define CPU_BUSY_CYCLE()	__asm volatile ("" ::: "memory")
 
 #endif
 

sys/dev/pv/if_vio.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: if_vio.c,v 1.37 2024/06/04 09:51:52 jan Exp $	*/
+/*	$OpenBSD: if_vio.c,v 1.38 2024/06/09 16:25:28 jan Exp $	*/
 
 /*
  * Copyright (c) 2012 Stefan Fritsch, Alexander Fiveg.
@@ -604,7 +604,11 @@ vio_attach(struct device *parent, struct device *self, void *aux)
 	ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST;
 	ifp->if_start = vio_start;
 	ifp->if_ioctl = vio_ioctl;
-	ifp->if_capabilities = IFCAP_VLAN_MTU;
+	ifp->if_capabilities = 0;
+#if NVLAN > 0
+	ifp->if_capabilities |= IFCAP_VLAN_MTU;
+	ifp->if_capabilities |= IFCAP_VLAN_HWOFFLOAD;
+#endif
 	if (virtio_has_feature(vsc, VIRTIO_NET_F_CSUM))
 		ifp->if_capabilities |= IFCAP_CSUM_TCPv4|IFCAP_CSUM_UDPv4|
 		    IFCAP_CSUM_TCPv6|IFCAP_CSUM_UDPv6;

sys/net/if.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: if.h,v 1.216 2024/04/11 15:08:18 bluhm Exp $	*/
+/*	$OpenBSD: if.h,v 1.217 2024/06/09 16:25:28 jan Exp $	*/
 /*	$NetBSD: if.h,v 1.23 1996/05/07 02:40:27 thorpej Exp $	*/
 
 /*
@@ -249,6 +249,7 @@ struct if_status_description {
 #define	IFCAP_CSUM_UDPv4	0x00000004	/* can do IPv4/UDP csum */
 #define	IFCAP_VLAN_MTU		0x00000010	/* VLAN-compatible MTU */
 #define	IFCAP_VLAN_HWTAGGING	0x00000020	/* hardware VLAN tag support */
+#define	IFCAP_VLAN_HWOFFLOAD	0x00000040	/* hw offload w/ inline tag */
 #define	IFCAP_CSUM_TCPv6	0x00000080	/* can do IPv6/TCP checksums */
 #define	IFCAP_CSUM_UDPv6	0x00000100	/* can do IPv6/UDP checksums */
 #define	IFCAP_TSOv4		0x00001000	/* IPv4/TCP segment offload */

sys/net/if_vlan.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: if_vlan.c,v 1.218 2023/12/23 10:52:54 bluhm Exp $	*/
+/*	$OpenBSD: if_vlan.c,v 1.219 2024/06/09 16:25:28 jan Exp $	*/
 
 /*
  * Copyright 1998 Massachusetts Institute of Technology
@@ -523,7 +523,7 @@ vlan_up(struct vlan_softc *sc)
 	/*
 	 * Note: In cases like vio(4) and em(4) where the offsets of the
 	 * csum can be freely defined, we could actually do csum offload
-	 * for VLAN and QINQ packets.
+	 * for QINQ packets.
 	 */
 	if (sc->sc_type != ETHERTYPE_VLAN) {
 		/*
@@ -531,10 +531,14 @@ vlan_up(struct vlan_softc *sc)
 		 * ethernet type (0x8100).
 		 */
 		ifp->if_capabilities = 0;
-	} else if (ISSET(ifp0->if_capabilities, IFCAP_VLAN_HWTAGGING)) {
+	} else if (ISSET(ifp0->if_capabilities, IFCAP_VLAN_HWTAGGING) ||
+	    ISSET(ifp0->if_capabilities, IFCAP_VLAN_HWOFFLOAD)) {
 		/*
 		 * Chips that can do hardware-assisted VLAN encapsulation, can
 		 * calculate the correct checksum for VLAN tagged packets.
+		 *
+		 * Hardware which does checksum offloading, but not VLAN tag
+		 * injection, have to set IFCAP_VLAN_HWOFFLOAD.
 		 */
 		ifp->if_capabilities = ifp0->if_capabilities &
 		    (IFCAP_CSUM_MASK | IFCAP_TSOv4 | IFCAP_TSOv6);

usr.sbin/smtpd/lka.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: lka.c,v 1.248 2024/01/20 09:01:03 claudio Exp $	*/
+/*	$OpenBSD: lka.c,v 1.249 2024/06/09 10:13:05 gilles Exp $	*/
 
 /*
  * Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org>
@@ -720,6 +720,7 @@ static int
 lka_authenticate(const char *tablename, const char *user, const char *password)
 {
 	struct table		*table;
+	char	       		 offloadkey[LINE_MAX];
 	union lookup		 lk;
 
 	log_debug("debug: lka: authenticating for %s:%s", tablename, user);
@@ -730,6 +731,26 @@ lka_authenticate(const char *tablename, const char *user, const char *password)
 		return (LKA_TEMPFAIL);
 	}
 
+	/* table backend supports authentication offloading */
+	if (table_check_service(table, K_AUTH)) {
+		if (!bsnprintf(offloadkey, sizeof(offloadkey), "%s:%s",
+		    user, password)) {
+			log_warnx("warn: key serialization failed for %s:%s",
+			    tablename, user);
+			return (LKA_TEMPFAIL);
+		}
+		switch (table_match(table, K_AUTH, offloadkey)) {
+		case -1:
+			log_warnx("warn: user credentials lookup fail for %s:%s",
+			    tablename, user);
+			return (LKA_TEMPFAIL);
+		case 0:
+			return (LKA_PERMFAIL);
+		default:
+			return (LKA_OK);
+		}
+	}
+
 	switch (table_lookup(table, K_CREDENTIALS, user, &lk)) {
 	case -1:
 		log_warnx("warn: user credentials lookup fail for %s:%s",

usr.sbin/smtpd/smtpd-api.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: smtpd-api.h,v 1.36 2018/12/23 16:06:24 gilles Exp $	*/
+/*	$OpenBSD: smtpd-api.h,v 1.37 2024/06/09 10:13:05 gilles Exp $	*/
 
 /*
  * Copyright (c) 2013 Eric Faurot <eric@openbsd.org>
@@ -135,8 +135,9 @@ enum table_service {
 	K_RELAYHOST	= 0x200,	/* returns struct relayhost	*/
 	K_STRING	= 0x400,
 	K_REGEX		= 0x800,
+	K_AUTH		= 0x1000,
 };
-#define K_ANY		  0xfff
+#define K_ANY		  0xffff
 
 enum {
 	PROC_TABLE_OK,

usr.sbin/smtpd/smtpd-tables.7

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: smtpd-tables.7,v 1.3 2024/05/23 17:10:00 op Exp $
+.\"	$OpenBSD: smtpd-tables.7,v 1.4 2024/06/09 10:13:05 gilles Exp $
 .\"
 .\" Copyright (c) 2008 Janne Johansson <jj@openbsd.org>
 .\" Copyright (c) 2009 Jacek Masiulaniec <jacekm@dobremiasto.net>
@@ -18,7 +18,7 @@
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
 .\"
-.Dd $Mdocdate: May 23 2024 $
+.Dd $Mdocdate: June 9 2024 $
 .Dt SMTPD-TABLES 7
 .Os
 .Sh NAME
@@ -191,6 +191,10 @@ The services and their result format are as follows:
 .Bl -tag -width mailaddrmap -compact
 .It Ic alias
 One or more aliases separated by a comma.
+.It Ic auth
+Only usable for check.
+Lookup key is username and cleartext password separated by
+.Sq \&: .
 .It Ic domain
 A domain name.
 .\" XXX are wildcards allowed?

usr.sbin/smtpd/table.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: table.c,v 1.53 2024/05/28 07:10:30 op Exp $	*/
+/*	$OpenBSD: table.c,v 1.54 2024/06/09 10:13:05 gilles Exp $	*/
 
 /*
  * Copyright (c) 2013 Eric Faurot <eric@openbsd.org>
@@ -83,6 +83,7 @@ table_service_name(enum table_service s)
 	case K_RELAYHOST:	return "relayhost";
 	case K_STRING:		return "string";
 	case K_REGEX:		return "regex";
+	case K_AUTH:		return "auth";
 	}
 	return "???";
 }
@@ -116,6 +117,8 @@ table_service_from_name(const char *service)
 		return K_STRING;
 	if (!strcmp(service, "regex"))
 		return K_REGEX;
+	if (!strcmp(service, "auth"))
+		return K_AUTH;
 	return (-1);
 }