CVS: cvs.openbsd.org: src

[Mark Lumsden]

CVSROOT:/cvs
Module name:src
Changes by: l...@cvs.openbsd.org2018/11/18 00:57:28

Modified files:
usr.bin/mg : mg.1 

Log message:
small clean up of dired section
ok jmc@

CVS: cvs.openbsd.org: www

[Theo de Raadt]

CVSROOT:/cvs
Module name:www
Changes by: dera...@cvs.openbsd.org 2018/11/17 20:28:24

Modified files:
.  : errata64.html 

Log message:
fix canon name

CVS: cvs.openbsd.org: src

[Theo de Raadt]

CVSROOT:/cvs
Module name:src
Changes by: dera...@cvs.openbsd.org 2018/11/17 16:48:22

Modified files:
etc/root   : root.mail 

Log message:
add the missing space.  in the future, should mail -f the file to ensure it is 
correct format

CVS: cvs.openbsd.org: src

[Scott Soule Cheloha]

CVSROOT:/cvs
Module name:src
Changes by: chel...@cvs.openbsd.org 2018/11/17 16:10:08

Modified files:
lib/libc/sys   : sysctl.2 
sys/kern   : kern_pledge.c kern_sched.c kern_sysctl.c 
sys/sys: sched.h sysctl.h 
usr.bin/systat : cpu.c vmstat.c 
usr.bin/top: display.c display.h machine.c machine.h top.c 

Log message:
Add new KERN_CPUSTATS sysctl(2) so we can identify offline CPUs.

Because of hw.smt we need a way to determine whether a given CPU is "online"
or "offline" from userspace.  KERN_CPTIME2 is an array, and so cannot be
cleanly extended for this purpose, so add a new sysctl(2) KERN_CPUSTATS
with an extensible struct.  At the moment it's just KERN_CPTIME2 with a
flags member, but it can grow as needed.

KERN_CPUSTATS appears to have been defined by BSDi long ago, but there are
few (if any) packages in the wild still using the symbol so breakage in ports
should be near zero.  No other system inherited the symbol from BSDi, either.

Then, use the new sysctl(2) in systat(1) and top(1):

- systat(1) draws placeholder marks ('-') instead of percentages for
offline CPUs in the cpu view.

- systat(1) omits offline CPU ticks when drawing the "big bar" in
the vmstat view.  The upshot is that the bar isn't half idle when
half your logical CPUs are disabled.

- top(1) does not draw lines for offline CPUs; if CPUs toggle on or
offline in interactive mode we redraw the display to expand/reduce
space for the new/missing CPUs.  This is consistent with what some
top(1) implementations do on Linux.

- top(1) omits offline CPUs from the totals when CPU totals are
combined into a single line (the '-1' flag).

Originally prompted by deraadt@.  Discussed endlessly with deraadt@,
ketennis@, and sthen@.  Tested by jmc@ and jca@.  Earlier versions also
discussed with jca@.  Earlier versions tested by jmc@, tb@, and many
others.

docs ok jmc@, kernel bits ok ketennis@, everything ok sthen@,
"Is your stuff in yet?" deraadt@

CVS: cvs.openbsd.org: www

[T . J . Townsend]

CVSROOT:/cvs
Module name:www
Changes by: t...@cvs.openbsd.org2018/11/17 15:02:36

Modified files:
.  : errata63.html errata64.html 

Log message:
release libcrypto and lockf errata.

CVS: cvs.openbsd.org: src

[Claudio Jeker]

CVSROOT:/cvs
Module name:src
Changes by: clau...@cvs.openbsd.org 2018/11/17 13:46:12

Modified files:
usr.bin/kdump  : ktrstruct.c 

Log message:
Be more careful when dumping cmsghdr struct. In the SCM_RIGHTS case an
extra check for a truncated cmsghdr needs to be done since the embeded
lenght may be longer than the supplied buffer (MSG_CTRUNC case).
OK deraadt@

CVS: cvs.openbsd.org: src

[Martin Pieuchot]

CVSROOT:/cvs
Module name:src
Changes by: m...@cvs.openbsd.org2018/11/17 13:17:10

Modified files:
sys/dev/usb: usb_subr.c usbdivar.h 

Log message:
free(9) size for USB subdevs array.

ok ratchov@, visa@

CVS: cvs.openbsd.org: src

[Daniel Dickman]

CVSROOT:/cvs
Module name:src
Changes by: dan...@cvs.openbsd.org  2018/11/17 13:09:03

Modified files:
share/misc : airport 

Log message:
consistency.

CVS: cvs.openbsd.org: src

[Theo Buehler]

CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2018/11/17 12:11:14

Modified files:
sys/kern   : Tag: OPENBSD_6_4 vfs_lockf.c 
sys/sys: Tag: OPENBSD_6_4 lockf.h 

Log message:
A recent change to POSIX file locks could cause incorrect results during
lock acquisition.

OpenBSD 6.4 errata 004

CVS: cvs.openbsd.org: src

[Theo Buehler]

CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2018/11/17 12:03:57

Modified files:
sys/kern   : Tag: OPENBSD_6_3 vfs_lockf.c 
sys/sys: Tag: OPENBSD_6_3 lockf.h 

Log message:
A recent change to POSIX file locks could cause incorrect results during
lock acquisition.

OpenBSD 6.3 errata 023

CVS: cvs.openbsd.org: src

[Todd C . Miller]

CVSROOT:/cvs
Module name:src
Changes by: mill...@cvs.openbsd.org 2018/11/17 11:55:50

Modified files:
sys/kern   : kern_event.c 

Log message:
Avoid leaking kernel memory in struct kevent padding.
>From NetBSD (maxv).  OK deraadt@ visa@

CVS: cvs.openbsd.org: src

[Theo Buehler]

CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2018/11/17 11:55:42

Modified files:
lib/libcrypto/ec: Tag: OPENBSD_6_4 ec2_smpl.c ec_lcl.h ec_lib.c 
  ecp_mont.c ecp_nist.c ecp_nistp224.c 
  ecp_nistp256.c ecp_nistp521.c ecp_nistz256.c 
  ecp_smpl.c 

Log message:
Implement coordinate blinding for EC_POINT as an additional mitigation
for the portsmash vulnerability.

OpenBSD 6.4 errata 003

CVS: cvs.openbsd.org: src

[Theo Buehler]

CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2018/11/17 11:46:43

Modified files:
lib/libcrypto/dsa: Tag: OPENBSD_6_3 dsa_ossl.c 
lib/libcrypto/ecdsa: Tag: OPENBSD_6_3 ecs_ossl.c 

Log message:
Use a blinding value when generating DSA and ECDSA signatures, in order to
reduce the possibility of a side-channel attack leaking the private key.

OpenBSD 6.3 errata 022

CVS: cvs.openbsd.org: src

[Theo de Raadt]

CVSROOT:/cvs
Module name:src
Changes by: dera...@cvs.openbsd.org 2018/11/17 11:14:58

Modified files:
bin/ksh: main.c 

Log message:
Use a very regular call pattern to pledge, so that we can continue to
grep and compare the use in all programs..

CVS: cvs.openbsd.org: src

[Theo de Raadt]

CVSROOT:/cvs
Module name:src
Changes by: dera...@cvs.openbsd.org 2018/11/17 10:22:38

Modified files:
etc/examples   : bgpd.conf 

Log message:
make the bogon set competely or-longer, rather than having to manage it
or-longer at useage time.
ok job benno

CVS: cvs.openbsd.org: src

[Bryan Steele]

CVSROOT:/cvs
Module name:src
Changes by: bry...@cvs.openbsd.org  2018/11/17 09:52:02

Modified files:
usr.sbin/tcpdump: privsep_pcap.c privsep.c 

Log message:
tcpdump(8) monitor process privdrop

The privsep monitor process handles all privileged operations on behalf
of the unprivileged "packet parser" process. Once it enters its runtime
state, it only needs to:

* Perform DNS and other "numbers to names" lookups, sending results
back over a pipe/socketpair.
* Display the final packet statistics on ^C.

We can finally now drop root privileges in this process as well, as bpf
BIOCGSTATS is still permitted by non-root on open descriptors after it
has been permanently locked with BIOCLOCK. This provides some additional
protection, to go along with the already tight unveil(2) and pledge(2)
restrictions.

With this change tcpdump(8) completely drops root privileges at runtime.

ok mestre@, deraadt@

CVS: cvs.openbsd.org: src

[Bob Beck]

CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2018/11/17 04:22:43

Modified files:
lib/libssl : ssl_clnt.c ssl_lib.c 

Log message:
Fix DTLS, because DTLS still remains a special flower, allows regress to pass

CVS: cvs.openbsd.org: src

[Mark Lumsden]

CVSROOT:/cvs
Module name:src
Changes by: l...@cvs.openbsd.org2018/11/17 02:52:34

Modified files:
usr.bin/mg : paragraph.c 

Log message:
fix undo in transpose-paragraph.

CVS: cvs.openbsd.org: src

[Theo Buehler]

CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2018/11/17 02:34:11

Modified files:
lib/libcrypto/asn1: asn1_lib.c 

Log message:
Fix whitespace around assignment operators.