| created | 2019-12-25T09:41:24Z |
|---|---|
| begin | 2019-12-17T00:00:00Z |
| end | 2019-12-18T00:00:00Z |
| path | src/sys |
| commits | 6 |
| date | 2019-12-17T01:34:59Z | |||
|---|---|---|---|---|
| author | mortimer | |||
| files | src/sys/dev/ic/lm78.c | log | diff | annotate |
| src/sys/dev/ic/lm78var.h | log | diff | annotate | |
| src/sys/dev/isa/wbsio.c | log | diff | annotate | |
| src/sys/dev/isa/wbsioreg.h | log | diff | annotate | |
| message |
Add support for NCT6775F, NCT5104D, NCT6779D, NCT679[1235]D sensors. From Joe Gidi. |
|||
| date | 2019-12-17T08:01:36Z | |||
|---|---|---|---|---|
| author | claudio | |||
| files | src/sys/dev/spdmem.c | log | diff | annotate |
| message |
Add code to parse DDR4 and LPDDR3/4 SPD memories. Some numbers may be wrong but it a start and further fixes can happen in tree. Especially the LPDDRx case is untested. OK deraadt@ |
|||
| date | 2019-12-17T13:08:54Z | |||
|---|---|---|---|---|
| author | reyk | |||
| files | src/sys/arch/alpha/alpha/conf.c | log | diff | annotate |
| src/sys/arch/alpha/conf/GENERIC | log | diff | annotate | |
| src/sys/arch/amd64/amd64/conf.c | log | diff | annotate | |
| src/sys/arch/amd64/conf/GENERIC | log | diff | annotate | |
| src/sys/arch/arm64/conf/GENERIC | log | diff | annotate | |
| src/sys/dev/hid/hid.h | log | diff | annotate | |
| src/sys/dev/usb/fido.c | log | diff | annotate | |
| src/sys/dev/usb/files.usb | log | diff | annotate | |
| src/sys/dev/usb/uhid.c | log | diff | annotate | |
| src/sys/dev/usb/uhid.h | log | diff | annotate | |
| src/sys/sys/conf.h | log | diff | annotate | |
| message |
Add fido(4), a HID driver for FIDO/U2F security keys While FIDO/U2F keys were already supported by the generic uhid(4) driver, this driver adds the first step to tighten the security of FIDO/U2F access. Specifically, users don't need read/write access to all USB/HID devices anymore and the driver also improves integration with pledge(2) and unveil(2): It is pledge-friendly because it doesn't require any ioctls to discover the device and unveil-friendly because it uses a single /dev/fido/* directory for its device nodes. It also allows to support FIDO/U2F in firefox without further weakening the "sandbox" of the browser. Firefox does not have a proper privsep design and many operations, such as U2F access, are handled directly by the main process. This means that the browser's "fat" main process needs direct read/write access to all USB HID devices, at least on other operating systems. With fido(4) we can support security keys in Firefox under OpenBSD without such a compromise. With this change, libfido2 stops using the ioctl to query the device vendor/product and just assumes "OpenBSD" "fido(4)" instead. The ioctl is still supported but there was no benefit in obtaining the vendor product or name; it also allows to use libfido2 under pledge. With feedback from deraadt@ and many others OK kettenis@ djm@ and jmc@ for the manpage bits |
|||
| date | 2019-12-17T13:08:55Z | |||
|---|---|---|---|---|
| author | reyk | |||
| files | src/sys/arch/arm/arm/conf.c | log | diff | annotate |
| src/sys/arch/arm64/arm64/conf.c | log | diff | annotate | |
| src/sys/arch/armv7/conf/GENERIC | log | diff | annotate | |
| src/sys/arch/hppa/conf/GENERIC | log | diff | annotate | |
| src/sys/arch/hppa/hppa/conf.c | log | diff | annotate | |
| src/sys/arch/i386/conf/GENERIC | log | diff | annotate | |
| src/sys/arch/i386/i386/conf.c | log | diff | annotate | |
| src/sys/arch/landisk/conf/GENERIC | log | diff | annotate | |
| src/sys/arch/landisk/landisk/conf.c | log | diff | annotate | |
| src/sys/arch/loongson/conf/GENERIC | log | diff | annotate | |
| message |
Add fido(4), a HID driver for FIDO/U2F security keys While FIDO/U2F keys were already supported by the generic uhid(4) driver, this driver adds the first step to tighten the security of FIDO/U2F access. Specifically, users don't need read/write access to all USB/HID devices anymore and the driver also improves integration with pledge(2) and unveil(2): It is pledge-friendly because it doesn't require any ioctls to discover the device and unveil-friendly because it uses a single /dev/fido/* directory for its device nodes. It also allows to support FIDO/U2F in firefox without further weakening the "sandbox" of the browser. Firefox does not have a proper privsep design and many operations, such as U2F access, are handled directly by the main process. This means that the browser's "fat" main process needs direct read/write access to all USB HID devices, at least on other operating systems. With fido(4) we can support security keys in Firefox under OpenBSD without such a compromise. With this change, libfido2 stops using the ioctl to query the device vendor/product and just assumes "OpenBSD" "fido(4)" instead. The ioctl is still supported but there was no benefit in obtaining the vendor product or name; it also allows to use libfido2 under pledge. With feedback from deraadt@ and many others OK kettenis@ djm@ and jmc@ for the manpage bits |
|||
| date | 2019-12-17T13:08:56Z | |||
|---|---|---|---|---|
| author | reyk | |||
| files | src/sys/arch/loongson/loongson/conf.c | log | diff | annotate |
| src/sys/arch/macppc/conf/GENERIC | log | diff | annotate | |
| src/sys/arch/macppc/macppc/conf.c | log | diff | annotate | |
| src/sys/arch/octeon/conf/GENERIC | log | diff | annotate | |
| src/sys/arch/octeon/octeon/conf.c | log | diff | annotate | |
| src/sys/arch/sgi/conf/GENERIC-IP27 | log | diff | annotate | |
| src/sys/arch/sgi/conf/GENERIC-IP30 | log | diff | annotate | |
| src/sys/arch/sgi/conf/GENERIC-IP32 | log | diff | annotate | |
| src/sys/arch/sgi/sgi/conf.c | log | diff | annotate | |
| src/sys/arch/sparc64/conf/GENERIC | log | diff | annotate | |
| src/sys/arch/sparc64/sparc64/conf.c | log | diff | annotate | |
| message |
Add fido(4), a HID driver for FIDO/U2F security keys While FIDO/U2F keys were already supported by the generic uhid(4) driver, this driver adds the first step to tighten the security of FIDO/U2F access. Specifically, users don't need read/write access to all USB/HID devices anymore and the driver also improves integration with pledge(2) and unveil(2): It is pledge-friendly because it doesn't require any ioctls to discover the device and unveil-friendly because it uses a single /dev/fido/* directory for its device nodes. It also allows to support FIDO/U2F in firefox without further weakening the "sandbox" of the browser. Firefox does not have a proper privsep design and many operations, such as U2F access, are handled directly by the main process. This means that the browser's "fat" main process needs direct read/write access to all USB HID devices, at least on other operating systems. With fido(4) we can support security keys in Firefox under OpenBSD without such a compromise. With this change, libfido2 stops using the ioctl to query the device vendor/product and just assumes "OpenBSD" "fido(4)" instead. The ioctl is still supported but there was no benefit in obtaining the vendor product or name; it also allows to use libfido2 under pledge. With feedback from deraadt@ and many others OK kettenis@ djm@ and jmc@ for the manpage bits |
|||
| date | 2019-12-17T22:25:56Z | |||
|---|---|---|---|---|
| author | deraadt | |||
| files | src/sys/arch/arm64/arm64/exception.S | log | diff | annotate |
| src/sys/arch/arm64/arm64/trampoline.S | log | diff | annotate | |
| message |
arm64 cpus speculatively execute instructions after ERET, and on some processors not all microarchitectural side effects are abandoned, leading to spectre-like effects. This was fixed quietly and without responsible disclosure by ARM in linux mainline a year ago, but rediscovered independently by Anthony Steinhauser. ok patrick guenther kettenis comment to ARM: "Responsible Disclosure" doesn't mean "downplay at maximum to avoid damage to the bottom line", the responsibility aspect entails ensuring "all customers are aware of the defect". What happened here is indistinguishable from Intel's behaviour, and that's not the look you want. |
|||