CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: gne...@cvs.openbsd.org 2020/12/04 21:46:34 Modified files: sys/kern : kern_tc.c Log message: Convert sysctl_tc to sysctl_bounded_arr ok gkoehler@
CVS: cvs.openbsd.org: xenocara
CVSROOT:/cvs Module name:xenocara Changes by: aoy...@cvs.openbsd.org 2020/12/04 18:46:42 Modified files: distrib/sets/lists/xserv: md.luna88k Log message: luna88k still uses wsfb_drv.{la,so} on X. ok matthieu@ deraadt@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: kette...@cvs.openbsd.org2020/12/04 14:18:09 Modified files: sys/arch/arm64/arm64: cpu.c Log message: Recognize Neoverse-N2.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: chel...@cvs.openbsd.org 2020/12/04 11:05:26 Modified files: sys/dev/pv : if_hvn.c Log message: hvn(4): msleep(9) -> msleep_nsec(9) In hvn_alloc_cmd() we may spin waiting for a free rndis_cmd. We check the list once per tick and block with msleep(9) if there aren't any free objects. In practice though we don't need to poll for a free rndis_cmd because our sleep is protected by a mutex, so we can't miss a wakeup(9). That is, it's safe to use msleep_nsec(9) here and not set a timeout (INFSLP). Tested by Andre Stoebe (Hyper-V on Windows 10). "LGTM" mikeb@, ok mpi@
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: st...@cvs.openbsd.org 2020/12/04 10:08:16 Modified files: faq/ports : ports.html Log message: Following feedback from tb@, talk a bit more about cleaning/reinstalling packages and mention INSTALL_DEBUG_PACKAGES=Yes. Slightly separate the "how do I enable debug packages in a port" from the "how do I debug this package".
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: st...@cvs.openbsd.org 2020/12/04 09:29:15 Modified files: . : arm64.html Log message: similar to several of the other platform pages, add hrefs to manufacturer details for some of the arm64 boards
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dera...@cvs.openbsd.org 2020/12/04 09:26:56 Modified files: distrib/sets/lists/man: mi Log message: sync
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: to...@cvs.openbsd.org 2020/12/04 09:18:14 Modified files: sbin/iked : pfkey.c Log message: Log pfkey type and message length on write failure.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: m...@cvs.openbsd.org2020/12/04 08:16:45 Modified files: sys/kern : kern_fork.c kern_sig.c Log message: Prevent a TOCTOU race in single_thread_set() by extending the scope of the lock. Make sure `ps_single' is set only once by checking then updating it without releasing the lock. Analyzed by and ok claudio@
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: st...@cvs.openbsd.org 2020/12/04 08:06:41 Modified files: faq/ports : ports.html Log message: add an XXXrelease comment to remove "If a debug package is available, you must install it otherwise the backtrace will be useless" after 69
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: st...@cvs.openbsd.org 2020/12/04 05:39:51 Modified files: faq/ports : ports.html Log message: add a bit about DEBUG_PACKAGES.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: clau...@cvs.openbsd.org 2020/12/04 04:57:13 Modified files: usr.sbin/bgpd : rde.c rde.h rde_peer.c rde_rib.c Log message: Reference count prefixes added to a pftable. This allows to export prefixes from multiple sessions into the same table. Before a prefix was removed from the table on the first withdraw (even though there was an alternative around). Requested by, tested and OK dlg@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: m...@cvs.openbsd.org2020/12/04 04:36:14 Modified files: usr.sbin/tcpdump: Makefile privsep.c tcpdump.c Log message: Don't link tcpdump(8) with libl and remove reference to `yydebug'. >From Martin Vahlensieck.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2020/12/04 01:55:30 Modified files: lib/libcrypto/ec: ec2_oct.c ec_lib.c ec_oct.c ecp_oct.c Log message: Move point-on-curve check to set_affine_coordinates Bad API design makes it possible to set an EC_KEY public key to a point not on the curve. As a consequence, it was possible to have bogus ECDSA signatures validated. In practice, all software uses either EC_POINT_oct2point*() to unmarshal public keys or issues a call to EC_KEY_check_key() after setting it. This way, a point on curve check is performed and the problem is mitigated. In OpenSSL commit 1e2012b7ff4a5f12273446b281775faa5c8a1858, Emilia Kasper moved the point-on-curve check from EC_POINT_oct2point to EC_POINT_set_affine_coordinates_*, which results in more checking. In addition to this commit, we also check in the currently unused codepath of a user set callback for setting compressed coordinates, just in case this will be used at some point in the future. The documentation of EC_KEY_check_key() is very vague on what it checks and when checks are needed. It could certainly be improved a lot. It's also strange that EC_KEY_set_key() performs no checks, while EC_KEY_set_public_key_affine_coordinates() implicitly calls EC_KEY_check_key(). It's a mess. Issue found and reported by Guido Vranken who also tested an earlier version of this fix. ok jsing