OpenBSD src changes summary for 2015-10-16 ==========================================
bin/ksh distrib/common distrib/sets etc/Makefile etc/examples/hosts.lpd etc/rc.d/rc.subr games/hack lib/libc lib/libssl lib/libtls libexec/getty libexec/login_skey regress/usr.bin sbin/disklabel sbin/ping6 sys/dev/pci sys/kern sys/net sys/sys usr.bin/cu usr.bin/ftp usr.bin/htpasswd usr.bin/mail usr.bin/mandoc usr.bin/openssl usr.bin/patch usr.bin/rcs usr.bin/ssh usr.bin/tmux usr.sbin/config usr.sbin/dev_mkdb usr.sbin/identd usr.sbin/installboot usr.sbin/kvm_mkdb usr.sbin/pwd_mkdb usr.sbin/rarpd usr.sbin/rebound usr.sbin/rmt usr.sbin/route6d usr.sbin/smtpd usr.sbin/syslogd usr.sbin/sysmerge usr.sbin/vipw usr.sbin/zic == bin =============================================================== 01/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/bin ksh ~ alloc.c > Add allocarray(), an overflow-safe allocation function. > We avoided reallocation support because it demands more fancy footwork > to deal with the prepended link struct. > This has been on my mind for a while, and a 2010 security review of mksh > by the Android security team's Chris Palmer suggested it. > ok nicm@. Also discussed with millert@ and tedu@. (mmcc@) ~ main.c > Implement real "flock" request and add it to userland programs that > use pledge and file locking. OK deraadt@ (millert@) ~ main.c > wrap a long line (deraadt@) ~ emacs.c > Cast iscntrl()'s arg to unsigned char. > ok nicm@ (mmcc@) ~ alloc.c > Move the overflow check to alloc() so that the link struct overhead can > never bite us. > Suggested by Theo Buehler, inspired by Bitrig's natano@. > ok tedu@ (mmcc@) ~ emacs.c > Change x_do_ins()'s arg type from int to size_t for correctness's sake, > and to silence a compiler warning. Also remove its prototype, which is > directly above its definition. > ok tedu@ (mmcc@) == distrib =========================================================== 02/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib common ~ elfrd_size.c > Merge nlist out of boundary access fix with other nlist implementations. > While at it, merge style and typo fixes back into nlist(3), too. > ok deraadt, jsing, millert (tobias@) ~ elfrd_size.c > Check file sizes only for regular files. The current code breaks savecore > due to its kvm handling. > ok deraadt (tobias@) sets ~ lists/base/mi ~ lists/man/mi > sync (deraadt@) ~ lists/base/mi > sync (deraadt@) == etc =============================================================== 03/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/etc Makefile ~ Makefile > The hosts.lpd examples file does not contain a single example. > The file format is so simple that no example is needed. > All relevant documentation is already available > from the proper place, which is the lpd(8) manual. > Consequently, delete the empty file. > OK millert@ dcoppa@ beck@ deraadt@ (schwarze@) examples/hosts.lpd - examples/hosts.lpd > The hosts.lpd examples file does not contain a single example. > The file format is so simple that no example is needed. > All relevant documentation is already available > from the proper place, which is the lpd(8) manual. > Consequently, delete the empty file. > OK millert@ dcoppa@ beck@ deraadt@ (schwarze@) rc.d/rc.subr ~ rc.d/rc.subr > Missing local. > ok schwarze@ (ajacoutot@) == games ============================================================= 04/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/games hack ~ config.h ~ hh > Disable !-command to escape to a shell. You are supposed to play, press > ^Z, or open up another terminal if there is something else to do. > ok deraadt (tobias@) == lib =============================================================== 05/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib libc ~ gen/nlist.c > Validate parsed ELF values to prevent out of boundary accesses. > While at it, return proper return value when encountering a stripped > binary. Instead of -1 (illegal file), it should be the amount of symbols > that were tried to be resolved. > ok millert (tobias@) ~ gen/nlist.c > Merge nlist out of boundary access fix with other nlist implementations. > While at it, merge style and typo fixes back into nlist(3), too. > ok deraadt, jsing, millert (tobias@) ~ gen/nlist.c > Check file sizes only for regular files. The current code breaks savecore > due to its kvm handling. > ok deraadt (tobias@) libssl ~ src/crypto/bn/bn.h > actually include the prerequisite dependency for BIO instead of doing > nastyness (beck@) ~ src/ssl/ssl_lib.c > Fix use of pointer value after BIO_free, and remove senseless NULL checks. > ok bcook@ (beck@) ~ src/crypto/asn1/n_pkey.c ~ src/crypto/ec/ec_asn1.c ~ src/crypto/ecdsa/ecs_asn1.c > Remove pointless uses of DECLARE_ASN1_ENCODE_FUNCTIONS_const. > DECLARE_ASN1_FUNCTIONS_const already includes this macro so using both > means we end up with duplicate function prototypes and externs. (jsing@) ~ src/crypto/asn1/n_pkey.c ~ src/crypto/ec/ec_asn1.c ~ src/crypto/ecdsa/ecs_asn1.c > Expand DECLARE_ASN1_ALLOC_FUNCTIONS and DECLARE_ASN1_FUNCTIONS_const > macros. The only change in the generated assembly is due to line numbering. > (jsing@) ~ src/crypto/asn1/n_pkey.c ~ src/crypto/ec/ec_asn1.c ~ src/crypto/ecdsa/ecs_asn1.c > Remove pointless externs - the structs are declared in the same files a > few lines above. (jsing@) libtls ~ tls_init.3 > Fix tpyo. (jsing@) ~ tls_init.3 > Put tls_config_verify_client_optional() in the right place. (jsing@) == libexec =========================================================== 06/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/libexec getty ~ main.c > Hoist clearing of FIOASYNC to much earlier, then getty can use > pledge "stdio rpath fattr proc exec tty". (deraadt@) login_skey ~ login_skey.c > Implement real "flock" request and add it to userland programs that > use pledge and file locking. OK deraadt@ (millert@) == regress =========================================================== 07/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress usr.bin ~ mandoc/mdoc/Bl/column.in ~ mandoc/mdoc/Bl/column.out_ascii ~ mandoc/mdoc/Bl/column.out_lint > test mixing of tabs with Ta (schwarze@) == sbin ============================================================== 08/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin disklabel ~ disklabel.8 > Remove -B from EXAMPLES; reminded by jmc@ (miod@) ping6 ~ ping6.8 ~ ping6.c > Move -t and -w functionality to -a. Both flags are in the way for a > merge with ping(8). Let's see if we can shove every weird and special v6 > functionality into -a. > suggested by and OK sthen@ (florian@) ~ ping6.8 > No longer talk about -b flag, it's gone. (florian@) ~ ping6.c ~ ping6.8 > Remove RFC 4620 support. The RFC is experimental and this code plain > needs killing before the installed user base excedes 6. Minus 745 LOC. > This is getting in the way of a merge since it has it's tentacles all > over the place. > OK jca@, deraadt@ (florian@) == sys =============================================================== 09/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys dev/pci ~ if_iwm.c ~ if_iwmreg.h > In iwm(4), correctly size and map the mbuf used for large firmware > commands. > Fixes occasional firmware errors while bringing the interface up or > scanning. > ok phessler@ (stsp@) ~ if_iwm.c > Oops, committed old version of previous diff with a typo in it: NLL -> NULL > (stsp@) ~ if_iwm.c > Clean up iwm(4) scanning logic a bit: Reset sc_scanband in callers of > iwm_mvm_scan_request() and always call ieee80211_end_scan() when done. > ok mpi@ (stsp@) ~ if_iwm.c > Put some iwm(4) debug code into #ifdef IWM_DEBUG. > ok mpi@ (stsp@) kern ~ kern_pledge.c > Add TIOCCBRK and TIOCSDTR to the whitelist for pledge ioctl. > cu(1) uses these. > ok deraadt@ (doug@) ~ kern_pledge.c > FIOSETOWN/FIOGETOWN were added to "ioctl", but study finds no programs > currently needing them. delete 'em for now. > ok doug (deraadt@) ~ kern_descrip.c ~ kern_pledge.c ~ vfs_syscalls.c > Implement real "flock" request and add it to userland programs that > use pledge and file locking. OK deraadt@ (millert@) ~ kern_pledge.c > For "tty" pledges, treat TIOCGPGRP and TIOCGWINSZ like TIOCGETA - > returning ENOTTY instead of killing the process. (deraadt@) ~ kern_pledge.c > Place TIOCSTI reminder block better (deraadt@) ~ kern_pledge.c ~ uipc_syscalls.c > delete pledge_bind_check() function and remove pledge_bind_check() call > from sys_bind(). > bind(2) still require PLEDGE_INET or PLEDGE_UNIX in order to be called, due > to > SYS_bind entry in pledge_syscalls array. The diff restores also the ability > for > PLEDGE_UNIX to call bind(2) (pledge_bind_check function missed that). > problem spotted by doug@ > OK deraadt@ (semarie@) ~ kern_pledge.c > Always allow a r/w opening of /dev/null though the namei check. This > pattern is common, especially because of daemon(3) usage. Will probably > help some daemons move their pledge() calls further upwards. > ok doug, (deraadt@) ~ kern_pledge.c > Allow PTMGET with "tty rpath wpath" but restrict only to /dev/ptm by > checking cdevsw. ok deraadt (nicm@) ~ kern_pledge.c > Repair the pty check for kernels without pty support. (deraadt@) ~ kern_sched.c > Make sched_barrier() use its own task queue to avoid deadlocks. > Prevent a deadlock from occuring when intr_barrier() is called from > a non-primary CPU in the watchdog task, also enqueued on ``systq''. > ok kettenis@ (mpi@) ~ kern_pledge.c > Also allow 6 as a miblen for NET_RT_DUMP, not all users specify a rtable. > ok deraadt@ (jca@) net ~ route.c > If a DOWN route entry is passed to a L2 output function, be dumb and > simply use it. > In most of the cases doing a route lookup at this point is a noop as > it will return you the same DOWN entry you already have. > The exception is the case where the route has been removed from tree > since your kernel looked for it. So what? It's just a blue packet. > Note that this "exception" can only happen if your sending path does > not run under the KERNEL_LOCK. > ok mikeb@ (mpi@) sys ~ pledge.h > Implement real "flock" request and add it to userland programs that > use pledge and file locking. OK deraadt@ (millert@) ~ pledge.h > delete pledge_bind_check() function and remove pledge_bind_check() call > from sys_bind(). > bind(2) still require PLEDGE_INET or PLEDGE_UNIX in order to be called, due > to > SYS_bind entry in pledge_syscalls array. The diff restores also the ability > for > PLEDGE_UNIX to call bind(2) (pledge_bind_check function missed that). > problem spotted by doug@ > OK deraadt@ (semarie@) == usr.bin =========================================================== 10/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin cu ~ cu.c > doug and I think the kernel has enough features to support > pledge "stdio rpath wpath cpath getpw proc exec tty" now. > It will be hard to drop many of those features unless cu becomes > privsep for the "upload" commands. (deraadt@) ftp ~ main.c > Pledge for ftp(1) in non-interactive mode. > We will iterate and remove some of the pledges in the future. This is > conservative for now. > Tested by sthen@ and myself. > ok deraadt@ (doug@) htpasswd ~ htpasswd.c > Implement real "flock" request and add it to userland programs that > use pledge and file locking. OK deraadt@ (millert@) mail ~ aux.c ~ cmd2.c ~ cmd3.c ~ fio.c ~ lex.c ~ list.c ~ names.c ~ popen.c ~ strings.c ~ temp.c ~ vars.c > Modernize allocation by: > * removing unneeded casts of void* return values > * replacing varied and creative error messages with the allocation > function's name > * replacing errx() with err() so that the errno string is reported > ok beck@, jung@, millert@ (mmcc@) ~ fio.c > Cast isspace() argument to unsigned char. > ok jca@ (mmcc@) mandoc ~ main.c ~ mandocdb.c > Implement real "flock" request and add it to userland programs that > use pledge and file locking. OK deraadt@ (millert@) ~ main.c > Once apropos(1) or man(1) are done with database access, or if the > program was called as mandoc(1) in the first place, remove "flock" > from our pledge(2) before entering the parsers and formatters. > OK millert@ deraadt@ (schwarze@) openssl ~ openssl.c > Implement real "flock" request and add it to userland programs that > use pledge and file locking. OK deraadt@ (millert@) patch ~ Makefile ~ patch.c ~ pch.c ~ pch.h + ed.c + ed.h > Add native support for ed-style diffs. No need to pledge "proc exec" > anymore. > ok deraadt (tobias@) rcs ~ rcsprog.c > Implement real "flock" request and add it to userland programs that > use pledge and file locking. OK deraadt@ (millert@) ssh ~ scp.c > 0 -> NULL when comparing with a char*. > ok dtucker@, djm@. (mmcc@) ~ ssh.c > better handle anchored FQDNs (e.g. 'cvs.openbsd.org.') in hostname > canonicalisation - treat them as already canonical and remove the > trailing '.' before matching ssh_config; ok markus@ (djm@) ~ dh.h > increase the minimum modulus that we will send or accept in > diffie-hellman-group-exchange to 2048 bits; ok markus@ (djm@) tmux ~ cmd-capture-pane.c > Don't free after calling paste_set but do after evbuffer_add, from Theo > Buehler. (nicm@) == usr.sbin ========================================================== 11/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin config ~ main.c > Implement real "flock" request and add it to userland programs that > use pledge and file locking. OK deraadt@ (millert@) dev_mkdb ~ dev_mkdb.c > Implement real "flock" request and add it to userland programs that > use pledge and file locking. OK deraadt@ (millert@) identd ~ identd.c > Pledge support for the parent/resolver in identd(8). > This limits the resolver to just "stdio getpw" or "stdio getpw rpath" > depending on whether ~/.noident files are checked. > The child/listener cannot use pledge yet because it calls a sysctl that > hasn't been whitelisted. > "commit" deraadt@ (doug@) installboot ~ i386_nlist.c > Merge nlist out of boundary access fix with other nlist implementations. > While at it, merge style and typo fixes back into nlist(3), too. > ok deraadt, jsing, millert (tobias@) ~ i386_nlist.c > Check file sizes only for regular files. The current code breaks savecore > due to its kvm handling. > ok deraadt (tobias@) kvm_mkdb ~ kvm_mkdb.c > Implement real "flock" request and add it to userland programs that > use pledge and file locking. OK deraadt@ (millert@) pwd_mkdb ~ pwd_mkdb.c > pledge "stdio rpath wpath cpath getpw fattr flock" (deraadt@) rarpd ~ rarpd.c > use daemon(), jca had the same diff in his tree (deraadt@) rebound ~ rebound.c > exit(1) is better for the impossible condition (tedu@) ~ rebound.c > most things should be static (tedu@) ~ rebound.c > safety check that we're dealing with the filter we expect (tedu@) ~ rebound.c > simplify logging functions. once a daemon, always a daemon (tedu@) ~ rebound.c > fine tune the logging some more (tedu@) ~ rebound.c > save request length in cache. naddy noticed we weren't getting any hits. > (tedu@) ~ rebound.c > two phase handling for tcp so that slow connects don't stall the process > (tedu@) ~ rebound.c > deraadt tells me i'm supposed to check if connect() actually worked. > (tedu@) ~ rebound.c > life is simpler if all requests go in the fifo, and then just remove them > in the error case instead of duplicating code. (tedu@) ~ rebound.c > naddy would like the child to exit when the parent dies. > hook up a pipe between them and watch for eof in the child. (tedu@) ~ rebound.c > save some file descriptors. instead of a pipe, use kevent to watch parent > (tedu@) rmt ~ rmt.c > ugly white space (deraadt@) route6d ~ route6d.c > Unbreak route6d. > Instead of breaking sendmsg(2) by adding unneeded space to its cmsg > item, add space to the cmsg used by recvmsg(2), where it will be used > to get the incoming packet hop limit. > Reported by several over the last years, and more recently by 'bsdsx', > who tested it against NetBSD route6d. Also works against Quagga ripng. > ok deraadt@ sthen@ (jca@) smtpd ~ queue.c ~ smtpctl.c > Implement real "flock" request and add it to userland programs that > use pledge and file locking. OK deraadt@ (millert@) ~ smtpd.c > add flock to pledge request, needed by delivery_filename > ok millert@ (gilles@) ~ ioev.c ~ smtp_session.c ~ ssl.c > Use SSL_get_version() not SSL_get_cipher_version(); the former gives the > TLS > version used for the connection, the latter gives "the SSL/TLS protocol > version > that first defined the cipher". Fixes "TLS version=TLSv1/SSLv3" in > received/log > lines. > ok millert@ "I was going to commit this today, so yes definitely" ok > gilles@ (sthen@) syslogd ~ privsep.c > Pledge the syslogd privsep process with "stdio rpath wpath cpath > inet dns getpw sendfd proc exec". > OK deraadt@ (bluhm@) sysmerge ~ sysmerge.8 ~ sysmerge.sh > Drop usage of TMPDIR. > While here, stop refering to /tmp/sysmerge.XXXXXXXXXX, that's a script > internal we don't need to know about. (ajacoutot@) vipw ~ vipw.c > pledge "stdio rpath wpath cpath fattr proc exec" (deraadt@) zic ~ zic.c > pledge "stdio rpath wpath cpath proc exec". (deraadt@) =============================================================================== _______________________________________________ odc mailing list [email protected] http://www.squish.net/mailman/listinfo/odc
