Port OpenSSL commit 99540ec79491f59ed8b46b4edf130e17dc907f52 -- mitigation
for a timing vullnerability in ECDSA signature generation (CVE-2018-0735).
Note that the blinding that we introduced back in June for ECDSA and DSA
should mitigate this and related issues. This simply adds an additional
layer of protection.
discussed with jsing
Theodore Wynnychenko discovered the gettytab "lo=path" feature didn't work
anymore with unveil wired to /usr/bin/login. So let's parse gettytab a bit
earlier to learn which login path to unveil. Later in the loop gettytab is
re-parsed, if the login changes re-exec getty to reach the unveil from the top.
ok millert, also discussed with mestre
provide ip_tos_patch() for setting ip_tos and patching the ipv4 cksum.
previously the gif code would patch the tos field and not recalc
the cksum, which would cause ip input code to drop the packet due
to a cksum failure. the ipip code patched ip_tos and unconditionally
recalculated the cksum, making it correct, but also wiping out any
errors that may have been present before the recalculation. updating
the cksum rather than replacing it lets cksum failures still fire.
ip_tos_patch() is provided in the ecn code since it's because of ecn
propagation that we need to update the tos field. internally it
works like pf_patch_8 and pf_cksum_fixup, but since pf is optional
it rolls its own code. procter may fix that in the future...
Record an inter-library dependency on libcurses in libedit and libreadline,
avoiding runtime failures on architectures using ld.lld. Also add a note to
libcurses shlib_version reminding about bumps (as done with libcrypto/libssl).
Thanks guenther@ for suggestions of tests involving library bumps and jca@
for doing these tests and hint about DPADD.
Looks good kettenis@, ok jca@
Fix wrong sizeof argument by using 'uint16_t *', with minor nit from tb@,
instead of 'uint16_t'
Found with llvm's static analyzer, noticed that it was also already reported in
Coverity CID 155890 and to ensure this was correct also inspected OpenSSL's
OK tb@ and jsing@
Make sed's -i flag more compatible with what gsed does.
- Reset the hold-space in between files
- quit the editor as soon as a 'q' command is found
- Make sure the temp-file is written back to the original file if we quit
temp-file not written back issue found by Time Chase.
Lots of feedback from millert@ and schwarze@
Fix a slip in previous. FFSSZ should reflect the "pa" disktab field,
not "pc", as is documented in the file. However, the value of FFSSZ
is not used anywhere so remove the variable.
Pointed out by miod@
Remove #if'ed 0 code around a broken pledge. Due to some ioctls and sysctls
pledge cannot be used, nevertheless since we now have unveil available we can
use it to guarantee that in this particular case the snmpe process cannot
access the filesystem at all, therefore close a big attack vector and achieve
a great level of protection even without being able to use pledge.
prodded by deraadt@
add txprio support to gre, mgre, egre, nvgre, and eoip
for l3 interfaces (gre and mgre), allow txprio from the payload,
the mbuf, or a hardcoded value. for l2 interfaces (egre, ngre, and
eoip), get txprio from the mbuf or a hardcoded value.