CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dera...@cvs.openbsd.org 2018/08/03 21:27:45 Modified files: distrib/sets/lists/comp: mi Log message: sync
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dera...@cvs.openbsd.org 2018/08/03 21:23:08 Modified files: usr.sbin/portmap: portmap.c Log message: I can find no reason why portmap needs rpath after initialization.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2018/08/03 18:55:06 Modified files: usr.bin/ssh: dh.c Log message: invalidate dh->priv_key after freeing it in error path; avoids unlikely double-free later. Reported by Viktor Dukhovni via https://github.com/openssh/openssh-portable/pull/96 feedback jsing@ tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: h...@cvs.openbsd.org2018/08/03 18:08:53 Modified files: lib/libfuse: fuse_new.3 Log message: Uncomment no-longer-dead Xr.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: h...@cvs.openbsd.org2018/08/03 17:32:04 Modified files: lib/libfuse: Makefile Added files: lib/libfuse: fuse_get_context.3 Log message: Add man page for fuse_get_context(3).
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: kette...@cvs.openbsd.org2018/08/03 16:40:05 Modified files: sys/dev/fdt: dwpcie.c sys/arch/arm64/dev: acpipci.c pciecam.c Log message: Pass PCIe requester ID as sideband data here as well.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: kette...@cvs.openbsd.org2018/08/03 16:18:13 Modified files: sys/dev/acpi : acpi.c acpivar.h ahci_acpi.c sys/dev/pci: ahci_pci.c pcireg.h Log message: Let ahci(4) match on _CLS instead of _HID when attaching at acpi(4). Avoids having to add many more _HID entries to the match table. ok deraadt@, mlarkin@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: kette...@cvs.openbsd.org2018/08/03 15:28:28 Modified files: sys/dev/fdt: sxiccmu.c Log message: Implement setting the CPU clock for Allwinner H3/H5 SoCs.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: kette...@cvs.openbsd.org2018/08/03 15:07:34 Modified files: sys/dev/fdt: sypwr.c Log message: Also attach as a regulator if the FDT provides the fixed voltage value. Restore fixed voltage at reboot time to prevent hangs after a warm reset if DVFS is active.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2018/08/03 14:09:48 Modified files: usr.sbin/rad : rad.8 Log message: advertise slaacd.8;
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2018/08/03 13:54:11 Modified files: usr.sbin/rad : rad.conf.5 Log message: sort; ok florian
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: kette...@cvs.openbsd.org2018/08/03 12:36:01 Modified files: sys/arch/arm64/arm64: cpu.c exception.S process_machdep.c trap.c sys/arch/arm64/include: armreg.h Log message: Implement single-stepping. Based on an earlier diff from drahn@. Disable userland debug communication access while there. ok patrick@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: be...@cvs.openbsd.org 2018/08/03 11:57:21 Modified files: usr.sbin/acme-client: parse.y Log message: return is not a function and if (x) -> if (x != NULL) >From Ross L Richardson, thanks ok millert@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: be...@cvs.openbsd.org 2018/08/03 11:51:40 Modified files: usr.sbin/acme-client: parse.y Log message: fix error messages from earlier syntax change >From Ross L Richardson ok millert@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: be...@cvs.openbsd.org 2018/08/03 11:49:57 Modified files: usr.sbin/acme-client: parse.y Log message: correct an error message, from Ross L Richardson ok millert@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: be...@cvs.openbsd.org 2018/08/03 11:48:34 Modified files: usr.sbin/acme-client: acme-client.conf.5 Log message: document the default in the abscence of a certificate authority. >From Ross L Richardson
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: be...@cvs.openbsd.org 2018/08/03 11:46:57 Modified files: usr.sbin/acme-client: acme-client.conf.5 Log message: Document that domain certificate is optional. >From Ross L Richardson
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dera...@cvs.openbsd.org 2018/08/03 11:09:22 Modified files: sbin/shutdown : shutdown.c Log message: Move pledge after getopt when we know whether the operation is reboot, powerdown, halt, or singleuser. Before pledge, unveil access to /dev/console, /etc/rc for singleuser entry, execute of /usr/bin/wall to alert users, and creation of the fastboot and nologin files. Also conditionally allow execute of halt, reboot, or the shell depending on mode. Believe all scenarios were tested -- please exercise this one a bit.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: kette...@cvs.openbsd.org2018/08/03 10:45:17 Modified files: sys/dev/fdt: rkclock.c sys/arch/arm64/arm64: cpu.c sys/arch/arm64/include: cpu.h Log message: Implement DVFS support. ok patrick@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: clau...@cvs.openbsd.org 2018/08/03 10:31:22 Modified files: usr.sbin/bgpd : rde.c rde.h rde_filter.c rde_rib.c rde_update.c Log message: Move nexthop and nexthop flags from the rde_aspath to struct prefix. struct prefix will be slowly becomming the hub of the rib. OK phessler@ job@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dera...@cvs.openbsd.org 2018/08/03 10:02:53 Modified files: usr.bin/users : users.c Log message: unveil _PATH_UTMP at startup. Time for a commentary: There is a TOCTOU between unveil() and open() which should always be considered, since a path is being supplied twice to the kernel. First unveil()s define which paths remain in scope, then secondly open()s try to access paths in scope. The unveil() generates a vnode reservation against the final path resolution (including symbolic link collapse). Before the open() occurs, root could replace the path with symbolic traversal pointing elsewhere. Then open() will traverse a path which fails to discover the reserved vnode, and thus fail with ENOENT. The TOCTOU sequence doesn't succeed against the new path, it *always fails*. (Unless the symlink resolves to another unveil'd vnode object, but that is not new behaviour). So once a process is running with veiled filesystem view, we can consider such a symlink change action as PERMANENTLY visible to this process and correctly contained to the scoped view, rather than the previous behaviour of being TRANSIENT and global in view. So this is not a real race, security implications will be narrow, and generally the old symlink-race case is the less secure. When we add this unveil+open TOCTOU scenario to a program, we should consider who can perform such a symlink snap, and whether behaviour change to the program is more disruptive than the risks prevented through filesystem hiding. How does a program behave if a file disappears due to active interference? Are users (and scripts) used to operating in a racey best-effort way, and is the additional strictness strangling their freedom to run shitty stuff? A few general rules for base programs can avoid problems in this area: don't en masse unveil argv[], then process argv[] in a second phase. Don't unveil args which get placed into TZ, TERM, and some other environment variables, unless you completely understand what libc is doing.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dera...@cvs.openbsd.org 2018/08/03 09:29:51 Modified files: usr.sbin/acpidump: acpidump.c Log message: We can only unveil if the prefix is a directory (the input paths, and the output directory). If prefix isn't a directory, that would require enumerating all prefix. filenames and unveiling all of them which isn't reasonable... for the file case can we identify whether it starts start with '/' or not, and unveil '/' or '.' for "w"?
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: v...@cvs.openbsd.org2018/08/03 09:19:44 Modified files: regress/sys/kern/kqueue: kqueue-process.c Log message: Improve synchronization between the parent and children. This fixes a spurious test failure spotted by anton@ and eliminates sleeping in the test. Feedback and OK anton@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dera...@cvs.openbsd.org 2018/08/03 09:14:18 Modified files: libexec/fingerd: fingerd.c Log message: Move pledge to after getopt, when the finger program becomes known (defaults to /usr/bin/finger, but can be redefined with -P option). Then unveil that program for "x" (execution), and pledge as before. No other filesystem accesses occur after that point.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dera...@cvs.openbsd.org 2018/08/03 09:01:28 Modified files: usr.bin/last : last.c Log message: pledge() a little later, after getopt operation, in case -f option changes the filename. We can then unveil that file, pledge() as before, and proceed to parsing.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dera...@cvs.openbsd.org 2018/08/03 08:58:21 Modified files: distrib/sets/lists/comp: mi distrib/sets/lists/man: mi Log message: sync
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dera...@cvs.openbsd.org 2018/08/03 08:47:56 Modified files: sys/kern : kern_sig.c Log message: wrap long lines
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dera...@cvs.openbsd.org 2018/08/03 08:39:56 Modified files: usr.sbin/pstat : pstat.c Log message: unveil _PATH_DEVDB for devname(). All other filenames are opened before unveil/pledge.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: clau...@cvs.openbsd.org 2018/08/03 08:10:39 Modified files: usr.sbin/bgpd : rde.c Log message: Reshuffle the way bgpd does the softreload after filter changes. Walk each rib at most once and push it from there to all RIBs or peers that need the update. Makes the logic more streight and so easier to run in background. Tested by and OK phessler@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: ke...@cvs.openbsd.org 2018/08/03 07:37:08 Modified files: sys/arch/arm64/conf: GENERIC RAMDISK sys/arch/armv7/conf: GENERIC RAMDISK Log message: Enable mue(4). Tested on Orange Pi Plus 2E (armv7) and Orange Pi PC 2 (arm64). ok jsg@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: flor...@cvs.openbsd.org 2018/08/03 07:14:46 Modified files: usr.sbin/rad : engine.c frontend.c parse.y printconf.c rad.c rad.conf.5 rad.h Log message: Move dns settings to global options so that they don't need to be repeated in every interface block - they can still be overwritten on a per interface basis. Pointed out by, tweaks & OK sthen
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: ha...@cvs.openbsd.org 2018/08/03 05:21:27 Modified files: sbin/ifconfig : ifconfig.8 Log message: document that wpakey needs a preceeding nwid OR join specification ok phessler@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: phess...@cvs.openbsd.org2018/08/03 04:52:46 Modified files: sys/net80211 : ieee80211_node.c Log message: revert 1.133 and part of 1.131 the stack doesn't always fill in the paramaters correctly reported by many
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2018/08/03 03:39:00 Modified files: sys/arch/amd64/amd64: Tag: OPENBSD_6_3 cpu.c Log message: Rest the FPU's fcw and mxcsr before initializing the "FPU reset state" area tested by Mike Erdely; from guenther@; OK deraadt@ kettenis@ OpenBSD 6.3 errata 016
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2018/08/03 03:38:16 Modified files: sys/arch/amd64/amd64: Tag: OPENBSD_6_2 cpu.c Log message: Rest the FPU's fcw and mxcsr before initializing the "FPU reset state" area from guenther@; OK deraadt@ kettenis@ OpenBSD 6.2 errata 021
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: flor...@cvs.openbsd.org 2018/08/03 03:11:56 Modified files: sys/netinet6 : nd6.c Log message: Account when the next nd6_timer_to is scheduled in nd6_timer() otherwise nd6_llinfo_settimer() might wrongly assume that a timeout is already scheduled earlier and not schedule one itself. This in turn lead to the neighbor cache no longer updating because neighbor solicitations were not send. Observed by many. OK kn
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dera...@cvs.openbsd.org 2018/08/03 00:57:35 Modified files: usr.bin/mesg : mesg.c Log message: pledge() a little later, after getopt operation, when we know tty name. We can then unveil the tty file, and pledge() as before. No other files are accessed after that point in time.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dera...@cvs.openbsd.org 2018/08/03 00:55:41 Modified files: usr.bin/tty: tty.c Log message: unveil of _PATH_DEVDB "/var/run/dev.db" can be done before pledge for use by ttyname, no other files are accessed after that.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: es...@cvs.openbsd.org 2018/08/03 00:49:27 Modified files: usr.sbin/pkg_add/OpenBSD: PackingElement.pm PkgCreate.pm Log message: actually heed localbase when looking for groff
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: es...@cvs.openbsd.org 2018/08/03 00:39:12 Modified files: usr.sbin/pkg_add/OpenBSD: PackingElement.pm PkgCreate.pm Log message: reorg groff runner so that failures are handled better do the logic for manpage formatting better, so that we can't miss things simplify filenames, fullname always has a slash
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: es...@cvs.openbsd.org 2018/08/03 00:37:08 Modified files: usr.sbin/pkg_add/OpenBSD: State.pm Log message: - exit in case of exec error. Prevents code from continuing badly - display error message on STDERR... better - don't extract the code twice
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: ke...@cvs.openbsd.org 2018/08/03 00:19:15 Modified files: sys/dev/usb: if_mue.c Log message: - use memset() for for clearing hashtbl - the switch case for IFM_100_TX was the same code as for IFM_1000_T so it can be rolled into one. >From Michael W. Bombardieri
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2018/08/03 00:13:14 Modified files: share/man/man4 : mue.4 Log message: tweak previous;
