CVS: cvs.openbsd.org: src

2020-12-04 Thread Greg Steuck 
CVSROOT:/cvs
Module name:src
Changes by: gne...@cvs.openbsd.org  2020/12/04 21:46:34

Modified files:
sys/kern   : kern_tc.c 

Log message:
Convert sysctl_tc to sysctl_bounded_arr

ok gkoehler@

CVS: cvs.openbsd.org: xenocara

2020-12-04 Thread Kenji Aoyama 
CVSROOT:/cvs
Module name:xenocara
Changes by: aoy...@cvs.openbsd.org  2020/12/04 18:46:42

Modified files:
distrib/sets/lists/xserv: md.luna88k 

Log message:
luna88k still uses wsfb_drv.{la,so} on X.

ok matthieu@ deraadt@

CVS: cvs.openbsd.org: src

2020-12-04 Thread Mark Kettenis 
CVSROOT:/cvs
Module name:src
Changes by: kette...@cvs.openbsd.org2020/12/04 14:18:09

Modified files:
sys/arch/arm64/arm64: cpu.c 

Log message:
Recognize Neoverse-N2.

CVS: cvs.openbsd.org: src

2020-12-04 Thread Scott Soule Cheloha 
CVSROOT:/cvs
Module name:src
Changes by: chel...@cvs.openbsd.org 2020/12/04 11:05:26

Modified files:
sys/dev/pv : if_hvn.c 

Log message:
hvn(4): msleep(9) -> msleep_nsec(9)

In hvn_alloc_cmd() we may spin waiting for a free rndis_cmd.  We check
the list once per tick and block with msleep(9) if there aren't any
free objects.

In practice though we don't need to poll for a free rndis_cmd because
our sleep is protected by a mutex, so we can't miss a wakeup(9).  That
is, it's safe to use msleep_nsec(9) here and not set a timeout (INFSLP).

Tested by Andre Stoebe  (Hyper-V on Windows 10).

"LGTM" mikeb@, ok mpi@

CVS: cvs.openbsd.org: www

2020-12-04 Thread Stuart Henderson 
CVSROOT:/cvs
Module name:www
Changes by: st...@cvs.openbsd.org   2020/12/04 10:08:16

Modified files:
faq/ports  : ports.html 

Log message:
Following feedback from tb@, talk a bit more about cleaning/reinstalling
packages and mention INSTALL_DEBUG_PACKAGES=Yes. Slightly separate the
"how do I enable debug packages in a port" from the "how do I debug this
package".

CVS: cvs.openbsd.org: www

2020-12-04 Thread Stuart Henderson 
CVSROOT:/cvs
Module name:www
Changes by: st...@cvs.openbsd.org   2020/12/04 09:29:15

Modified files:
.  : arm64.html 

Log message:
similar to several of the other platform pages, add hrefs to
manufacturer details for some of the arm64 boards

CVS: cvs.openbsd.org: src

2020-12-04 Thread Theo de Raadt 
CVSROOT:/cvs
Module name:src
Changes by: dera...@cvs.openbsd.org 2020/12/04 09:26:56

Modified files:
distrib/sets/lists/man: mi 

Log message:
sync

CVS: cvs.openbsd.org: src

2020-12-04 Thread Tobias Heider 
CVSROOT:/cvs
Module name:src
Changes by: to...@cvs.openbsd.org   2020/12/04 09:18:14

Modified files:
sbin/iked  : pfkey.c 

Log message:
Log pfkey type and message length on write failure.

CVS: cvs.openbsd.org: src

2020-12-04 Thread Martin Pieuchot 
CVSROOT:/cvs
Module name:src
Changes by: m...@cvs.openbsd.org2020/12/04 08:16:45

Modified files:
sys/kern   : kern_fork.c kern_sig.c 

Log message:
Prevent a TOCTOU race in single_thread_set() by extending the scope of the lock.

Make sure `ps_single' is set only once by checking then updating it without
releasing the lock.

Analyzed by and ok claudio@

CVS: cvs.openbsd.org: www

2020-12-04 Thread Stuart Henderson 
CVSROOT:/cvs
Module name:www
Changes by: st...@cvs.openbsd.org   2020/12/04 08:06:41

Modified files:
faq/ports  : ports.html 

Log message:
add an XXXrelease comment to remove "If a debug package is available,
you must install it otherwise the backtrace will be useless" after 69

CVS: cvs.openbsd.org: www

2020-12-04 Thread Stuart Henderson 
CVSROOT:/cvs
Module name:www
Changes by: st...@cvs.openbsd.org   2020/12/04 05:39:51

Modified files:
faq/ports  : ports.html 

Log message:
add a bit about DEBUG_PACKAGES.

CVS: cvs.openbsd.org: src

2020-12-04 Thread Claudio Jeker 
CVSROOT:/cvs
Module name:src
Changes by: clau...@cvs.openbsd.org 2020/12/04 04:57:13

Modified files:
usr.sbin/bgpd  : rde.c rde.h rde_peer.c rde_rib.c 

Log message:
Reference count prefixes added to a pftable. This allows to export
prefixes from multiple sessions into the same table. Before a prefix
was removed from the table on the first withdraw (even though there
was an alternative around).
Requested by, tested and OK dlg@

CVS: cvs.openbsd.org: src

2020-12-04 Thread Vitaliy Makkoveev 
CVSROOT:/cvs
Module name:src
Changes by: m...@cvs.openbsd.org2020/12/04 04:36:14

Modified files:
usr.sbin/tcpdump: Makefile privsep.c tcpdump.c 

Log message:
Don't link tcpdump(8) with libl and remove reference to `yydebug'.

>From Martin Vahlensieck.

CVS: cvs.openbsd.org: src

2020-12-04 Thread Theo Buehler 
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2020/12/04 01:55:30

Modified files:
lib/libcrypto/ec: ec2_oct.c ec_lib.c ec_oct.c ecp_oct.c 

Log message:
Move point-on-curve check to set_affine_coordinates

Bad API design makes it possible to set an EC_KEY public key to
a point not on the curve. As a consequence, it was possible to
have bogus ECDSA signatures validated. In practice, all software
uses either EC_POINT_oct2point*() to unmarshal public keys or
issues a call to EC_KEY_check_key() after setting it. This way,
a point on curve check is performed and the problem is mitigated.

In OpenSSL commit 1e2012b7ff4a5f12273446b281775faa5c8a1858, Emilia
Kasper moved the point-on-curve check from EC_POINT_oct2point to
EC_POINT_set_affine_coordinates_*, which results in more checking.
In addition to this commit, we also check in the currently unused
codepath of a user set callback for setting compressed coordinates,
just in case this will be used at some point in the future.

The documentation of EC_KEY_check_key() is very vague on what it
checks and when checks are needed.  It could certainly be improved
a lot. It's also strange that EC_KEY_set_key() performs no checks,
while EC_KEY_set_public_key_affine_coordinates() implicitly calls
EC_KEY_check_key().

It's a mess.

Issue found and reported by Guido Vranken who also tested an earlier
version of this fix.

ok jsing