OpenBSD src changes summary for 2015-10-15 ==========================================
bin/ksh distrib/special distrib/vax etc/group etc/mail/aliases etc/master.passwd lib/librthread lib/libssl lib/libutil libexec/login_token sbin/disklabel sbin/fsck_ext2fs sbin/fsck_ffs sbin/iked sbin/isakmpd share/man share/snmp sys/arch/octeon/dev sys/arch/vax/stand/xxboot sys/dev/isa sys/kern sys/net sys/netinet6 usr.bin/ctags usr.bin/lex usr.bin/lock usr.bin/mandoc usr.bin/sdiff usr.bin/ssh usr.bin/x99token usr.sbin usr.sbin/installboot usr.sbin/nsd usr.sbin/rebound usr.sbin/smtpd usr.sbin/syslogd usr.sbin/tcpdump == bin =============================================================== 01/10 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/bin ksh ~ vi.c > Introduce an unsigned char variable for the ctype function calls. > ok millert@ (mmcc@) ~ tty.c > Remove an unused included header (sys/stat.h). (mmcc@) ~ syn.c ~ tree.h > Remove three distracting aliases for NULL. > ok nicm@ (mmcc@) == distrib =========================================================== 02/10 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib special ~ fsck_ext2fs/Makefile ~ fsck_ffs/Makefile > corrects pledge code for fsck_ffs and fsck_ext2fs > on filesystem error, fsck will try to display username of inode, resulting > need > of "getpw" for not SMALL version. > add a missed (?) -DSMALL in distrib/special/ for fsck_ffs and fsck_ext2fs > found by hard way by ajacoutot@ > OK millert@ (semarie@) ~ more/more.c > remove '!' (subshell) and 'v' (edit) commands from ramdisk more(1) command. > first off, ^Z job control was added to BSD unix sometime around 1980 and is > a much better mechanism since the parent shell can contain what is going > on. > !command support becomes a visible defect when programs are pledge'd > secondly this saves space. > ok miod tobias (deraadt@) vax ~ install.md ~ common/Makefile.inc ~ common/list ~ iso/Makefile ~ ramdisk/Makefile.inc ~ ramdisk/list.local > Use MI installboot instead of disklabel -B to install boot blocks. > ok krw@ deraadt@ (miod@) == etc =============================================================== 03/10 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/etc group ~ group > _rebound user and group (52) (tedu@) mail/aliases ~ mail/aliases > no mail for _rebound. deraadt (tedu@) master.passwd ~ master.passwd > _rebound user and group (52) (tedu@) == lib =============================================================== 04/10 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib librthread ~ rthread_cancel.c > Handle F_ISATTY in the fcntl() stub as well > ok guenther (deraadt@) libssl ~ src/crypto/objects/obj_dat.c TAGGED OPENBSD_5_6 > pull up fixes for leak and overrun (tedu@) ~ src/crypto/objects/obj_dat.c TAGGED OPENBSD_5_7 > pull up fixes for leak and overrun (tedu@) ~ src/crypto/objects/obj_dat.c TAGGED OPENBSD_5_8 > pull up fixes for leak and overrun (tedu@) ~ src/crypto/opensslv.h TAGGED OPENBSD_5_8 > Bump LibreSSL version number to 2.2.4 in 5.8 release branch. (bcook@) libutil ~ pw_lock.3 > Don't Xr flock, since that is not the locking method used. > ok millert (deraadt@) == libexec =========================================================== 05/10 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/libexec login_token ~ login_token.c > Pledge login_token with "stdio rpath wpath cpath fattr getpw tty". > OK deraadt@ (bluhm@) == sbin ============================================================== 06/10 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin disklabel ~ Makefile ~ disklabel.8 ~ disklabel.c ~ editor.c > Remove disklabel -B (NUMBOOT) support. All the platforms which used to need > it are now using MI installboot for that purpose. > ok krw@ deraadt@ (miod@) fsck_ext2fs ~ setup.c > corrects pledge code for fsck_ffs and fsck_ext2fs > on filesystem error, fsck will try to display username of inode, resulting > need > of "getpw" for not SMALL version. > add a missed (?) -DSMALL in distrib/special/ for fsck_ffs and fsck_ext2fs > found by hard way by ajacoutot@ > OK millert@ (semarie@) fsck_ffs ~ main.c ~ utilities.c > fsck_ffs has a ^T signal handler which opens /dev/tty late. Hoist that > opening to before the pledge, and cache the fd. > looked over by millert (deraadt@) ~ setup.c > corrects pledge code for fsck_ffs and fsck_ext2fs > on filesystem error, fsck will try to display username of inode, resulting > need > of "getpw" for not SMALL version. > add a missed (?) -DSMALL in distrib/special/ for fsck_ffs and fsck_ext2fs > found by hard way by ajacoutot@ > OK millert@ (semarie@) iked ~ config.c ~ iked.c ~ ikev2.c ~ ikev2_msg.c ~ ikev2_pld.c ~ pfkey.c > Remove some unnecessary NULL-checks before free(). Change two bzero() > calls on pf data to explicit_bzero(). > ok mikeb@ (mmcc@) isakmpd ~ hash.c > A classic case for bzero() -> explicit_bzero() > ok deraadt@ (mmcc@) == share ============================================================= 07/10 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share man ~ man4/pf.4 > Add missing includes to make the pf(4) man page example program compile > again. > Spotted by and based on a diff from Jack J. Woehr. (lteo@) snmp ~ OPENBSD-RELAYD-MIB.txt > relaydMIBObjects, not relaydMIBOjbects. From Rob Pierce. (sthen@) ~ OPENBSD-RELAYD-MIB.txt > add missing comma and missing range restriction, found by smilint (sthen@) == sys =============================================================== 08/10 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys arch/octeon/dev ~ if_cnmac.c > Let the rx path of cnmac run without the kernel lock. To avoid the need > of a mutex, the path no longer cleans up the queue of tx requests. > ok mpi@ (visa@) arch/vax/stand/xxboot ~ Makefile > No need to create links for xxboot now that MI installboot is the preferred > way to install boot blocks. (miod@) dev/isa ~ asmc.c > avoid using a var uninitialised > ok jung@ (jsg@) kern ~ kern_pledge.c > FIOCLEX & FIONCLEX should be in base ioctl set (deraadt@) ~ kern_pledge.c > Exposing FIOASYNC in pledge "ioctl" is a mistake; remove it, cannot find > safe uses of it (deraadt@) ~ kern_pledge.c > Add TIOCFLUSH to "tty" in support of tcflush() (deraadt@) net ~ if_vxlan.c > Fix previous. The port number is not included in sc_src and it is > checked already at beginning of the loop. > ok reyk (yasuoka@) ~ pf_lb.c > When using a pf rule with both nat-to and rdr-to, it could happen > that the nated source port was reused as destination port. Do not > initialize nport at the beginning of the function, but where it is > needed. > OK sashan@ (bluhm@) netinet6 ~ in6_pcb.c > in6_pcbconnect() returns EADDRNOTAVAIL when > all the ports in the range portfirst .. portlast > are in use. > ok millert@, mpi@ (vgross@) == usr.bin =========================================================== 09/10 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin ctags ~ ctags.1 > Do not abuse .Nm for emphasis; > patch from Michael Reed <m dot reed at mykolab dot com>. > Also drop .Tn while here. (schwarze@) lex ~ misc.c > Cast arguments of ctype functions to Char, a lexism defined as unsigned > char. > Part of a larger attempt to audit ctype function argument types with > Coccinelle. > ok deraadt@ (mmcc@) lock ~ lock.c > lock needs pledge(proc exec) to use bsd auth system. from trondd (tedu@) mandoc ~ mdoc_macro.c > When blk_full() handles an .It line in .Bl -column and indirectly > calls phrase_ta() to handle a .Ta child macro, advance the body > pointer accordingly, such that a subsequent tab character rewinds > the right body block and doesn't fail an assertion. That happened > when there was nothing between the .Ta and the tab character. > Bug reported by tim@ some time ago. (schwarze@) ~ mdoc_argv.c > Simplify the part of args() that is handling .Bl -column phrases: > Delete manual "Ta" handling because macro handling should > not be done in an argument parser but should be left to the > macro parsers, which exist anyway and work well. > No functional change, minus 40 lines of code. > Confusing and redundant code found while investigating > an old bug report from tim@. (schwarze@) ~ mandoc.c ~ roff.c > Delete two preprocessor constants that are no longer used. > Patch from Michael Reed <m dot reed at mykolab dot com>. (schwarze@) sdiff ~ sdiff.c > After spawning, the parent can pledge "stdio rpath wpath cpath" > from rob pierce (deraadt@) ssh ~ sshkey.c > argument to sshkey_from_private() and sshkey_demote() can't be NULL (djm@) ~ channels.c ~ mux.c ~ ssh-add.c ~ ssh.c > fix some signed/unsigned integer type mismatches in format > strings; reported by Nicholas Lemonias (djm@) x99token ~ x99token.c > Plegde x99token with "stdio rpath wpath cpath fattr getpw tty". > with and OK deraadt@ (bluhm@) ~ x99token.c > Avoid a race between fopen(3) and fchmod(2). Use umask(2) and > unlink(2) and fopen(3) to prevent an attacker to open an old file > with wrong permissions before the secret is written into it. This > also guarantees that a new file with correct permissions is created. > Without fchmod(2) "fattr" can be removed from pledge. > with and OK deraadt@ (bluhm@) == usr.sbin ========================================================== 10/10 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin usr.sbin ~ Makefile > everybody can build rebound (tedu@) installboot ~ installboot.h ~ stubs.c > give up; include stdlib.h from the .h file, sigh (deraadt@) ~ bootstrap.c ~ hppa64_installboot.c ~ hppa_installboot.c ~ installboot.h ~ landisk_installboot.c ~ vax_installboot.c > Add an extra argument to bootstrap() to allow for a limited overlap between > an > existing partition and the boot blocks span, and update all callers to > require > an overlap limit of zero sectors (thus not changing their behaviour). > Then, add proper support for vax: copy the 2nd-stage boot block to /boot > and > install the 1st-stage boot block at the beginning of the disk, retaining > the > disklabel; allow for an overlap of up to 16 sectors, which is perfectly > fine > as long as your `a' partition is FFS. > Note that regular installs will not even have such an overlap, because the > default OpenBSD span on a disk on vax starts at sector 16, but installation > media use sperific layout which require this. > ok krw@ (miod@) nsd ~ Makefile.bsd-wrapper > don't allow NSD to pick up libevent from /usr/local if the libevent2 > package is installed. (sthen@) rebound + Makefile + randomid.c + rebound.8 + rebound.c > import rebound, a lightweight dns proxy, for further polishing (tedu@) ~ rebound.c > child can be pledged down a bit to just sockets and io (tedu@) ~ rebound.8 > add a hint about the config file, until it changes (tedu@) ~ rebound.c > just a space in usage, from deraadt (tedu@) ~ rebound.c > trivial KNF (deraadt@) ~ rebound.c > make the HUP interlocking in the parent work better. (tedu@) ~ rebound.c > now with _rebound user, we can try a little harder at privdrop (tedu@) ~ rebound.c > introduce logerr, since most logging is followed by exit (tedu@) ~ rebound.c > the inet sockets don't work well with inet6 addrs. pick family from addr. > detected by naddy (tedu@) ~ rebound.c > assert is the wrong tool (tedu@) ~ rebound.c > doh, not all requests are the same size. check len first. (tedu@) ~ rebound.c > do not insert entry into cache until it's fully formed (tedu@) ~ rebound.c > better memory handling of the request/cache chain (tedu@) ~ rebound.c > make sure req is zeroed in tcp case (tedu@) ~ rebound.c > it is perhaps better style to not call close() on -1, even if harmless > (tedu@) smtpd ~ smtpctl.8 ~ smtpctl.c > Let "all" as an argument for "resume envelope", "pause envelope" > and "remove" subcommands. > seems potentially useful millert@, Ok gilles@ (sunil@) ~ iobuf.c > iobuf_queue() should return the number of bytes it queued on success, not 0 > ok eric@ (gilles@) syslogd ~ privsep.c ~ syslogd.c ~ syslogd.h > In syslogd replace the dprintf() macro with a logdebug() function > as dprintf(3) is in libc now and does something different. > OK guenther@ (bluhm@) tcpdump ~ print-nfs.c > Fix a crash that occurs when printing the filename in a malformed NFS > request packet. > From Kevin Reay who obtained the fix from the tcpdump.org repo (part of > commit 6191f36146f5d286304e9b6e893477fe509d83ab). > ok canacar@ sthen@ (lteo@) =============================================================================== _______________________________________________ odc mailing list [email protected] http://www.squish.net/mailman/listinfo/odc
