OpenBSD src changes summary for 2015-10-13 ==========================================
bin/rm lib/libc lib/libssl libexec/lockspool regress/lib regress/usr.bin sbin/newfs_ext2fs sbin/nologin sbin/ping6 sys/dev/usb sys/kern sys/net sys/netinet sys/netinet6 sys/sys usr.bin/diff usr.bin/ftp usr.bin/mail usr.bin/mandoc usr.bin/mg usr.bin/mklocale usr.bin/sort usr.bin/ssh usr.bin/yes usr.sbin/crunchgen usr.sbin/httpd usr.sbin/kvm_mkdb usr.sbin/netgroup_mkdb usr.sbin/smtpd usr.sbin/syslogc usr.sbin/sysmerge usr.sbin/tcpdump == bin =============================================================== 01/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/bin rm ~ rm.1 ~ rm.c > revert previous. changes the behaviour of: > rm -f "" (daniel@) == lib =============================================================== 02/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib libc ~ citrus/citrus_utf8.c > Tighten the ranges in wcrtomb(3). > By definition, the range of valid Unicode code points is the union of > U+0000..U+D7FF and U+E000..U+10FFFF (see Unicode 8.0.0, chapter 3.9). > In UTF-16, the encoded values that would represent U+D800..U+DFFF are > used for surrogate pairs. UTF-8 has no concept of surrogate pairs; > attempting to treat them as regular code points violates the standard > and makes no sense besides. > ok stsp@ (bentley@) ~ sys/pledge.2 > new sentence, new line; > do not Xr self; (jmc@) ~ stdio/printf.3 > Sync printf family return value with ISO C which specifies that > these functions return a negative value on failure. > OK doug@ deraadt@ (millert@) ~ stdlib/realpath.c > In rev 1.15 the sizeof argument was fixed in a strlcat() call but > the truncation check immediately following it was not updated to > match. Not an issue in practice since the buffers are the same > size. OK deraadt@ (millert@) libssl ~ src/crypto/dsa/dsa.h > Group d2i/i2d function prototypes by type and add missing externs for the > DSAPublicKey, DSAPrivateKey and DSAparams ASN1_ITEMs. (jsing@) ~ src/crypto/x509/x_all.c > Convert a number of the old ASN1_{d2i,i2d}_{bio,fp}_of() macros to > ASN1_item_{d2i,i2d}_{bio,fp}() function calls. > ok beck@ doug@ (jsing@) ~ src/crypto/ec/ec.h ~ src/crypto/ec/ec_lib.c ~ src/doc/crypto/ec.pod > Convert ECParameters_dup() from a macro that uses ASN1_dup_of() into an > actual function. This removes the last ASN1_dup_of usage from the tree. > Feedback from doug@ and miod@ (jsing@) ~ src/crypto/asn1/asn1.h > Put ASN1_dup() under #ifndef LIBRESSL_INTERNAL. (jsing@) == libexec =========================================================== 03/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/libexec lockspool ~ lockspool.c > pledge "stdio rpath wpath cpath fattr"; fattr due to locking code borrowed > from mail.local (deraadt@) == regress =========================================================== 04/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress lib ~ libtls/gotls/tls.go > Make regress work again post hackathon tls_handshake/tls_read/tls_write > changes. (jsing@) ~ libtls/gotls/tls.go ~ libtls/gotls/tls_test.go > Add test coverage for peer certificate info and connection info. (jsing@) ~ libtls/gotls/tls_test.go > Single byte read/write tests. (jsing@) usr.bin ~ patch/Makefile + patch/t17.diff + patch/t17.in + patch/t17.out > Test t16 for ed-formatted diffs does not contain a substitution. > Add a minimalistic check in t17. (tobias@) ~ sort/stests > Call the sort program through $SORTPROG, as intended; OK millert@ (tim@) ~ mandoc/char/unicode/input.out_ascii ~ mandoc/char/unicode/input.out_lint ~ mandoc/char/unicode/input.out_utf8 > Reject the escape sequences \[uD800] to \[uDFFF] in the parser. > These surrogates are not valid Unicode codepoints, > so treat them just like any other undefined character escapes: > Warn about them and do not produce output. > Issue noticed while talking to stsp@, semarie@, and bentley@. (schwarze@) == sbin ============================================================== 05/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin newfs_ext2fs ~ newfs_ext2fs.c > can pledge "stdio" after opening device. (deraadt@) nologin ~ nologin.c > Pledge "stdio rpath" requests for nologin. > ok deraadt@ > "reads ok" semarie@ (doug@) ping6 ~ ping6.c ~ ping6.8 > Remove -b flag and let ping6 set the socket buffer size automatically > like ping. > Suggested by deraadt@, OK dlg (florian@) == sys =============================================================== 06/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys dev/usb ~ ugen.c > Prevent a NULL-pointer dereference when closing a ugen(4) node > in case the kernel failed to change the interface of a device. > Found the hardway by okan (mpi@) kern ~ kern_pledge.c > Pledge "fattr" request should allow fchflags(). > "add it" deraadt@ (doug@) ~ vfs_subr.c > Initialize va_filerev in vattr_null() to avoid leaking stack garbage; > problem pointed out by Martin Natano (natano (at) natano.net) > Also, stop chaining assignments (foo = bar = baz) in vattr_null(). > The exact meaning of those depends on the order of the sizes-and- > signednesses of the lvalues, making them fragile: a statement here > mixed *six* types, but managed to get them in a safe order. Delete > a 20+ year old XXX comment that was almost certainly bemoaning a bug > from when they were in an unsafe order. > ok deraadt@ miod@ (guenther@) ~ kern_pledge.c > allow getsockopt IP_RECVDSTPORT & IPV6_RECVDSTPORT for an "inet" pledge > (deraadt@) ~ kern_pledge.c > Allow ioctl SIOCGNBRINFO_IN6 in case of "route", for use by ndp. (deraadt@) ~ kern_pledge.c > NET_RT_FLAGS must also accept a proto selection. (deraadt@) ~ kern_pledge.c > 3 more headers required for one stinking inet6 ioctl.. (deraadt@) net ~ route.c > Make sure RTF_LOCAL route entries are UP when added to the tree. > This is required to maintain the original BSD behavior of locally > configured addresses being always reacheable. > Some interfaces are^w^W^Wem(4) is special and generally has a DOWN > link state when configured by netstart(8). As a result all the > route entries cloned/added before its link state goes to UP are also > marked as DOWN. > Note that this problem was not present when local addresses were > attached to lo0. > ok mikeb@ (mpi@) ~ pf.c ~ pf_ioctl.c ~ pf_lb.c ~ pfvar.h > - pf_insert_src_node(): global argument (arg6) is useless, function > always gets pointer to rule. > - pf_remove_src_node(): function should always remove matching src node, > regardless the sn->rule.ptr being NULL or valid rule > - sn->rule.ptr is never NULL, spotted by mpi and Richard Procter _von_ > gmail.com > OK mpi@, OK mikeb@ (sashan@) netinet ~ ip_output.c > Use rtisivalid(9) to check if the given (cached) route can be used. > Note that after calling rtalloc(9) we only check if a route has been > returned or not and do not check for its validity. This cannot be > improved without a massive refactoring. > The kernel currently *do* use !RTF_UP route due to a mismatch between > the value of ifp->if_link_state and the IFF_UP|IFF_RUNNING code. > I'd explain the RTF_UP flag as follow: > . If a cached route entry w/o RTF_UP is passed to ip{6,}_output(), > . call rtalloc(9) to see if a better entry is present in the tree. > This is enough to support MPATH and route cache invalidation. > ok bluhm@ (mpi@) ~ if_ether.c > Simplify arptfree() to no longer look at the route entry's refcounter. > ARP entries with an expired timeout are now removed from the tree even > if they are cached somehwere else. This also reduces differences with > NDP. > ok bluhm@ (mpi@) ~ ip_input.c > Make use of rtisvalid(9) to check if local route entries match existing > configured addressses. > ok mikeb@ (mpi@) netinet6 ~ in6_src.c > Use rtisivalid(9) to check if the given (cached) route can be used. > Note that after calling rtalloc(9) we only check if a route has been > returned or not and do not check for its validity. This cannot be > improved without a massive refactoring. > The kernel currently *do* use !RTF_UP route due to a mismatch between > the value of ifp->if_link_state and the IFF_UP|IFF_RUNNING code. > I'd explain the RTF_UP flag as follow: > . If a cached route entry w/o RTF_UP is passed to ip{6,}_output(), > . call rtalloc(9) to see if a better entry is present in the tree. > This is enough to support MPATH and route cache invalidation. > ok bluhm@ (mpi@) ~ ip6_input.c > Make use of rtisvalid(9) to check if local route entries match existing > configured addressses. > ok mikeb@ (mpi@) sys ~ exec_elf.h > Add some newer DT_* and DF_* constants > ok kettenis@ miod@ (guenther@) == usr.bin =========================================================== 07/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin diff ~ diffreg.c > Replace our /^\.\././ expression with /.//. The term is simpler and has > the same meaning in our diff ed-context. > As a bonus, our ed-diff output can be processed by GNU patch now, too. > okay millert@ (tobias@) ftp ~ fetch.c > ctype functions isxdigit() expect an unsigned char value; add missing casts > and adjust variable types to get correct behavior > ok beck@ millert@ (guenther@) mail ~ aux.c ~ def.h > To alter just the atime of the mailspool, use utimensat()+UTIME_OMIT > instead > of stat()+utimes(). Prefer clock_gettime() over gettimeofday() to avoid > timeval->timespec conversion > ok millert@ (guenther@) mandoc ~ Makefile ~ mandocdb.c ~ mansearch.c ~ tag.c + mandoc_ohash.c + mandoc_ohash.h > Reduce the amount of code by moving the three copies of the ohash > callback functions into one common place, preparing for the use of > ohash for some additional purposes. No functional change. (schwarze@) - chars.in ~ cgi.c ~ chars.c ~ html.c ~ html.h ~ libmandoc.h ~ main.c ~ main.h ~ mandoc.h ~ mandocdb.c ~ read.c ~ roff.c ~ term.c ~ term.h ~ term_ascii.c ~ term_ps.c > Major character table cleanup: > * Use ohash(3) rather than a hand-rolled hash table. > * Make the character table static in the chars.c module: > There is no need to pass a pointer around, we most certainly > never want to use two different character tables concurrently. > * No need to keep the characters in a separate file chars.in; > that merely encourages downstream porters to mess with them. > * Sort the characters to agree with the mandoc_chars(7) manual page. > * Specify Unicode codepoints in hex, not decimal (that's the detail > that originally triggered this patch). > No functional change, minus 100 LOC, and i don't see a performance change. > (schwarze@) ~ mandoc.c > Reject the escape sequences \[uD800] to \[uDFFF] in the parser. > These surrogates are not valid Unicode codepoints, > so treat them just like any other undefined character escapes: > Warn about them and do not produce output. > Issue noticed while talking to stsp@, semarie@, and bentley@. (schwarze@) mg ~ dired.c > Check if a file name can be extracted from a line before marking for > deletion. (lum@) mklocale ~ yacc.y > pledge "stdio rpath wpath cpath" (deraadt@) sort ~ sort.c > -C and -c allow at most one input file. Ensure this is the case when the > input files are specified through --files0-from. > OK millert@ (tim@) ~ sort.c > Ignore the setuid/setgid/sticky bits when copying the permissions of an > input > file to the new output file. In preparation for pledge(2). > Suggested by and OK millert@ (tim@) ssh ~ kex.c > free the correct IV length, don't assume it's always the cipher > blocksize; ok dtucker@ (djm@) ~ sshconnect2.c > apply PubkeyAcceptedKeyTypes filtering earlier, so all skipped > keys are noted before pubkey authentication starts. ok dtucker@ (djm@) yes ~ yes.c > Obvious pledge "stdio" for yes. > ok deraadt@ (doug@) == usr.sbin ========================================================== 08/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin crunchgen ~ crunchgen.c > pledge "stdio rpath wpath cpath proc exec". creates files throughout > it's lifetime, and often runs a pipe through "cpp" (deraadt@) httpd ~ httpd.c ~ server_http.c > Pass unsigned chars to ctype functions. > From Michael McConville (reyk@) ~ server_http.c > Plug a leak. > Ok gilles@, reyk@ (sunil@) kvm_mkdb ~ kvm_mkdb.c > oops, a chown appears late on the code. to satisfy this pledge > "stdio rpath wpath cpath getpw fattr proc" early on; "proc fattr" > allows doing work with other uids on the file. after opening the > db, do the chown (replace with fchown since we know fd) and then > pledge "stdio rpath"; "rpath" due to tmpfile rename() at the end. > mistake spotted by mpi (deraadt@) ~ kvm_mkdb.c > semarie points out i am already forgetting the rules are very tight around > *chown, even "proc fattr" won't let you do such a job. remove early > pledge(), > only leave call after fchown, before when symbol table work gets done. > (deraadt@) netgroup_mkdb ~ netgroup_mkdb.c > pledge "stdio rpath wpath cpath", full path handling to satisfy dbopen() > (deraadt@) smtpd ~ smtpd.c > offline queue is no longer user-writable, do not attempt resetting fchflags > it serves no purpose. > ok millert@, ok jung@, ok eric@ (gilles@) ~ ca.c > pledge("stdio") the RSA-privsep process (gilles@) ~ scheduler.c > pledge("stdio") the scheduler process (gilles@) ~ smtpctl.c ~ enqueue.c > let the enqueuer pledge() in both online and offline modes > ok deraadt@ (gilles@) ~ control.c > pledge() control process > ok deraadt@ (gilles@) ~ queue.c > pledge() queue process > ok deraadt@ (gilles@) ~ smtp_session.c > Add a helper for writing the message to simplify the code. > It also fixes the reported message length by taking prepended > headers into account and adds missing error checks there. > ok millert@ gilles@ (eric@) syslogc ~ syslogc.c > After the socket is open, the remainder is just io operations. > Use pledge "stdio". (deraadt@) sysmerge ~ sysmerge.sh > sm_error() already does the exit for us. (ajacoutot@) tcpdump ~ Makefile ~ print-802_11.c > Don't use exp2f(), it breaks build on vax. Use a shift instead. > reported by deraadt@ (stsp@) =============================================================================== _______________________________________________ odc mailing list [email protected] http://www.squish.net/mailman/listinfo/odc
