OpenBSD src changes summary for 2015-10-17 ==========================================
bin/ksh distrib/macppc distrib/special include/db.h lib/libc libexec/login_token regress/usr.bin sbin/disklabel sbin/ping6 sys/dev/pci sys/kern sys/net sys/net80211 sys/sys usr.bin/aucat usr.bin/compress usr.bin/file usr.bin/mandoc usr.bin/openssl usr.bin/sort usr.bin/tmux usr.sbin/bgpd usr.sbin/rebound usr.sbin/route6d usr.sbin/smtpd usr.sbin/snmpd == bin =============================================================== 01/10 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/bin ksh ~ alloc.c > Copy alloc()'s overflow check to aresize(). > Suggested by nicm@. (mmcc@) ~ alloc.c > Change allocarray() to areallocarray(), a full reallocarray clone. All > the logic is already in aresize(). > "Sure" nicm@ (mmcc@) ~ exec.c ~ main.c ~ sh.h > Move a system header include from the global header (sh.h) into the > files that need it. No binary change. > "This looks fine" -nicm@ (mmcc@) ~ exec.c ~ sh.h > Drop two useless defines. > ok nicm@ (mmcc@) ~ ksh.1 > add missing underscore; from theo buehler (jmc@) == distrib =========================================================== 02/10 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib macppc ~ ramdisk/install.md > Cleanup a bit. > OK krw@ halex@ (rpe@) special ~ libstubs/Makefile > Move the last of the __DBINTERFACE_PRIVATE bits from <db.h> to libc's > wrapper > and eliminate the now superfluous -D option > ok kettenis@ millert@ (guenther@) == include =========================================================== 03/10 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/include db.h ~ db.h > Move the last of the __DBINTERFACE_PRIVATE bits from <db.h> to libc's > wrapper > and eliminate the now superfluous -D option > ok kettenis@ millert@ (guenther@) == lib =============================================================== 04/10 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib libc ~ hidden/unistd.h > PROTO_NORMAL for pledge(); ok guenther (deraadt@) ~ hidden/db.h ~ db/Makefile.inc > Move the last of the __DBINTERFACE_PRIVATE bits from <db.h> to libc's > wrapper > and eliminate the now superfluous -D option > ok kettenis@ millert@ (guenther@) ~ arch/amd64/SYS.h ~ arch/amd64/sys/Ovfork.S ~ arch/amd64/sys/sigprocmask.S ~ arch/amd64/sys/sigsuspend.S ~ arch/amd64/sys/syscall.S > Rename SYSEXIT() to SYSCALL_END() for consistency with most other archs. > No change in resulting object files > ok millert@ (guenther@) == libexec =========================================================== 05/10 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/libexec login_token ~ login_token.c > login_token needs pledge "flock" now. > OK millert@ (bluhm@) == regress =========================================================== 06/10 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress usr.bin ~ mandoc/mdoc/Bl/column.in ~ mandoc/mdoc/Bl/column.out_ascii ~ mandoc/mdoc/Bl/column.out_lint > Very tricky diff to fix macro interpretation and spacing around tabs > in .Bl -column; it took me more than a day to get this right. > Triggered by a loosely related bug report from tim@. > The lesson for you is: Use .Ta macros in .Bl -column, avoid tabs, > or you are in for surprises: The last word before a tab is not > interpreted as a macro (unless there is a blank in between), the > first word after a tab isn't either (unless there is a blank in > between), and a blank after a tab causes a leading blank in the > respective output cell. Yes, "blank", "tab", "blank tab" and "tab > blank" all have different semantics; if you write code relying on > that, good luck maintaining it afterwards... (schwarze@) == sbin ============================================================== 07/10 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin disklabel ~ disklabel.c ~ editor.c ~ extern.h > NUMBOOT is dead! Nuke the variables and abstractions that were used > to build boot blocks. > ok miod@ (krw@) ping6 ~ ping6.8 > Remove left over -N and -w. Adapt wording for the link local example. > Pointed out by, input & OK jmc (florian@) ~ ping6.c > move -V option before -v and remove one spurious newline, now in sync > with ping. > No object change. (florian@) ~ ping6.c ~ ping6.8 > Implement -w maxwait now that the -w flag is free in ping6. Same > behaviour as ping(8). (florian@) ~ ping6.c > make usage() less horrible (florian@) == sys =============================================================== 08/10 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys dev/pci ~ drm/drm_linux.h ~ drm/i915/i915_dma.c ~ drm/i915/i915_drv.c ~ drm/i915/i915_drv.h > Fix the code that sets up the MCH BAR on systems where the (buggy) BIOS > doesn't do this for us. The code was poking registers on the wrong PCI > device. We were just lucky that it worked on most systems. > This should fix machines such as the Asus EeePC 701 and get rid of the > error: [drm:pid0:i915_gem_detect_bit_6_swizzle] *ERROR* Couldn't read from > MC HBAR. Disabling tiling. > messages on that machine. (kettenis@) kern ~ kern_pledge.c > Allow a few 'get' ioctls for pledge("route"). route6d will soon use this. > ok deraadt@ (jca@) ~ kern_pledge.c > Add pledge "id" support. This request permits setuid/seteuid/setresuid, > setgid/setegid/setresgid, setgroups, setlogin, and setpriority. > setrlimit and getpriority are also allowed (they are also in "proc") > some of these were previously permitted in "proc" but have been removed. > this seperation is intentional. "proc" is intended for reasoning about > the relationship of a process "with other processes", whereas "id" deals > the powerful/dangerous concept of unix ids. "id" will see some action > very soon. > ok gilles tedu semarie doug (deraadt@) ~ kern_pledge.c > whitespace (deraadt@) ~ kern_pledge.c > Allow TIOCSCTTY on tty devices, if the pledge says "tty id" > worked out with nicm (deraadt@) ~ kern_pledge.c > Unify TIOCGPGRP/TIOCGWINSZ/TIOCGWINSZ behaviour regarding ENOTTY return. > (both "tty" and "ioctl" allow these; they should behave the same) > (deraadt@) ~ kern_pledge.c > better wording in a comment (deraadt@) ~ kern_pledge.c > Allow the nasty ioctl TIOCSTI in "tty", but also require the "proc" > permission. For now, we'll tighten it down further later. (deraadt@) ~ uipc_usrreq.c > connect() to an AF_UNIX socket is really read/write, so tell pledge this > is a RPATH|WPATH operation. > Discussed with doug and millert (deraadt@) ~ kern_pledge.c > naddy asks me if __tfork should be allowed by "proc". yes! > We may need a better semantic later ("thread"?), but this allows > progress, and people can report their experiences. (deraadt@) net ~ if_media.c > Fix build with IFMEDIA_DEBUG defined; ok sthen@ (stsp@) net80211 ~ ieee80211.c > Spell all "unexpected mode %u" panics in lower case, not just one of them. > (stsp@) sys ~ pledge.h > Add pledge "id" support. This request permits setuid/seteuid/setresuid, > setgid/setegid/setresgid, setgroups, setlogin, and setpriority. > setrlimit and getpriority are also allowed (they are also in "proc") > some of these were previously permitted in "proc" but have been removed. > this seperation is intentional. "proc" is intended for reasoning about > the relationship of a process "with other processes", whereas "id" deals > the powerful/dangerous concept of unix ids. "id" will see some action > very soon. > ok gilles tedu semarie doug (deraadt@) == usr.bin =========================================================== 09/10 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin aucat ~ aucat.1 > remove some unneccessary macros; from michael reed (jmc@) compress ~ main.c > Tighten pledge: We only write to stdio and never to any files if > in cat mode (-c, zcat), or in test mode (-t), or if there are no > file arguments and there is no -o outfile. Due to fts(3) we require > rpath even for compress <in >out. > "seems sound" deraadt@ (naddy@) file ~ file.c > The file(1) magic-parsing process was using pledge "stdio getpw proc > recvfd" > early on, then a set of getpwnam/setresuid/... before quickly dropping to > "stdio recvfd". It receives fd's and runs the magic code on them in a > chroot'd "stdio" jail. We can do better than that. > Before the recent change, "proc" contained both the concepts of "forking" > and "setuid". "id" is now split out as a seperate request, and it is > exactly what this process needs momentarily. So this loses another window > of opportunity, in case we have a major bug in .... hmm, it'd have to be > in getpwnam.... > ok tedu doug semarie gilles (deraadt@) mandoc ~ libmdoc.h ~ mdoc_argv.c ~ mdoc_macro.c ~ roff.h > Very tricky diff to fix macro interpretation and spacing around tabs > in .Bl -column; it took me more than a day to get this right. > Triggered by a loosely related bug report from tim@. > The lesson for you is: Use .Ta macros in .Bl -column, avoid tabs, > or you are in for surprises: The last word before a tab is not > interpreted as a macro (unless there is a blank in between), the > first word after a tab isn't either (unless there is a blank in > between), and a blank after a tab causes a leading blank in the > respective output cell. Yes, "blank", "tab", "blank tab" and "tab > blank" all have different semantics; if you write code relying on > that, good luck maintaining it afterwards... (schwarze@) openssl ~ ca.c ~ cms.c ~ dgst.c ~ dsa.c ~ ec.c ~ enc.c ~ gendsa.c ~ genpkey.c ~ genrsa.c ~ openssl.c ~ passwd.c ~ pkcs12.c ~ pkcs8.c ~ pkey.c ~ pkeyutl.c ~ req.c ~ rsa.c ~ rsautl.c ~ s_client.c ~ s_server.c ~ smime.c ~ spkac.c ~ ts.c ~ x509.c > add "tty" for several subcommands of openssl > it is needed in order to let libssl UI_* function plays with echo on/off > when > asking for password on terminal. > passwd subcommand needs additionnal "wpath cpath" in order to let it calls > fopen("/dev/tty", "w") (O_WRONLY with O_CREAT | O_TRUNC). > problem reported by several > with and ok doug@ (semarie@) ~ asn1pars.c ~ ca.c ~ certhash.c ~ ciphers.c ~ cms.c ~ crl.c ~ crl2p7.c ~ dgst.c ~ dh.c ~ dhparam.c ~ dsa.c ~ dsaparam.c ~ ec.c ~ ecparam.c ~ enc.c ~ errstr.c ~ gendh.c ~ gendsa.c ~ genpkey.c ~ genrsa.c ~ nseq.c ~ ocsp.c ~ passwd.c ~ pkcs12.c ~ pkcs7.c ~ pkcs8.c ~ pkey.c ~ pkeyparam.c ~ pkeyutl.c ~ prime.c ~ rand.c ~ req.c ~ rsa.c ~ rsautl.c ~ s_client.c ~ s_server.c ~ s_time.c ~ sess_id.c ~ smime.c ~ speed.c ~ spkac.c ~ ts.c ~ verify.c ~ version.c ~ x509.c > Exit if a pledge call fails in non-interactive mode. > ok semarie@ (doug@) sort ~ sort.c > Pledge; OK millert@ tobias@ (tim@) tmux ~ client.c > Add pledge "stdio unix sendfd proc exec tty" to tmux client process, > "sendfd" is dropped after first message from the server. (nicm@) == usr.sbin ========================================================== 10/10 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin bgpd ~ control.c > Do no accept fds on the control socket; including the restricted socket. > OK gilles@ eric@ (reyk@) rebound ~ rebound.c > don't need fcntl for non blocking socket, just ask for it upfront (tedu@) route6d ~ route6d.c > route6d pledges to use only "stdio rpath wpath cpath inet route mcast" > ok deraadt@ (jca@) smtpd ~ smtpd.c > smtpd starts rather robustly with a gigantic pledge request group (keep > in mind that a gigantic group is already < ~50% of POSIX). It then > grinds these down bit by bit as it sets up privsep for the various > processes. At startup, smtpd will need the new "id" request as well. > ok gilles tedu (deraadt@) ~ util.c > our strip() function should use isspace() > ok jung@, ok millert@ (gilles@) ~ ca.c > KNF (gilles@) ~ dns.c > remove unused variables (gilles@) - filter_api.c > this file is deprecated (gilles@) ~ smtpd.c > LMTP delivery requires "inet unix". > Ok millert@ gilles@ (sunil@) ~ delivery_lmtp.c > Cleanup and simplify LMTP code. > Ok millert@ gilles@ (sunil@) ~ enqueue.c > Convert some fgetln to getline. > tested and ok gilles@ (sunil@) - queue_api.c - scheduler_api.c > both of these are deprecated (gilles@) ~ makemap.8 > document handling of comments in makemap > ok millert@, ok sunil@, ok jung@ (gilles@) ~ makemap.c > makemap shout strip initial and trailing whitespaces using strip() > ok millert@, ok jung@ (gilles@) ~ smtpd.h ~ util.c > mailaddr_match() allows comparing two struct mailaddr taking into account > catchall and +-tags > ok millert@ and jung@ for util.c (gilles@) snmpd ~ control.c > Tighten up snmpd's control socket: do not allow users to terminate the > daemon by sending corrupted imsgs to snmpd. This is especially > important for the optional world-writeable restricted socket that is > used for AgentX. In particular, don't fatal() in the daemon when imsg > size checks on control messages fail, do stricter validation of > expected messages (even assert zero-length imsgs), don't continue and > close the control socket on suspicious input, print a debug log > message on error. > OK gilles@ "the rationale behind it is quite clear" (reyk@) =============================================================================== _______________________________________________ odc mailing list [email protected] http://www.squish.net/mailman/listinfo/odc
