OpenBSD src changes summary for 2015-10-18 ==========================================
bin/csh bin/ksh distrib/notes etc/rc etc/rc.d/ypbind lib/libc lib/librthread regress/bin regress/lib regress/sys sbin/ipsecctl sbin/savecore sys/dev/pci sys/kern sys/netinet sys/netinet6 sys/sys usr.bin/bgplg usr.bin/finger usr.bin/ftp usr.bin/kdump usr.bin/sdiff usr.bin/sort usr.bin/tftp usr.bin/tmux usr.bin/ypcat usr.sbin/crunchgen usr.sbin/inetd usr.sbin/installboot usr.sbin/route6d usr.sbin/sasyncd usr.sbin/smtpd usr.sbin/syslogd usr.sbin/sysmerge usr.sbin/tftpd == bin =============================================================== 01/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/bin csh ~ csh.c > With TIOCSTI supported in pledge "tty proc", csh is good enough to run > with pledge "stdio rpath wpath cpath fattr getpw proc exec tty". (Note > that ksh "emacs mode" is also a abus^Wconsumer of TIOCSTI, but we had > let that slide for a week since noone uses it...) (deraadt@) ksh ~ main.c ~ sh.h > Move more EXTERN-defined globals from sh.h. > ok nicm@ (mmcc@) == distrib =========================================================== 02/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib notes ~ sparc64/hardware > Tadpole/Sun Voyager IIi reported to work via dmesg@ (jsg@) == etc =============================================================== 03/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/etc rc ~ rc > Forcibly delete /var/run/ypbind.lock to prepare for the worst cases. > ok aja (deraadt@) ~ rc > Finish first round of rework of the rc script. > OK krw@ halex@ (rpe@) rc.d/ypbind ~ rc.d/ypbind > Forcibly delete /var/run/ypbind.lock to prepare for the worst cases. > ok aja (deraadt@) == lib =============================================================== 04/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib libc ~ sys/Makefile.inc ~ hidden/arpa/nameser.h > create libc stubs for dnssocket() and dnsconnect() (deraadt@) ~ hidden/asr.h ~ hidden/arpa/nameser.h > better placement for dnssocket/dnsconnect (deraadt@) ~ asr/res_send_async.c > libc DNS functions will now use the new dnssocket() / dnsconnect() > system calls. These signal to the pledge kernel code that a DNS > transaction is happening. These special sockets only work well with > port 53 (there are some cute plans...). > Programs calling pledge "inet" will not work! You need pledge "dns", > and of course, you need a fairly fresh kernel. > ok guenther kettenis tedu (deraadt@) ~ arch/arm/gen/flt_rounds.c > Pull in <float.h> instead of declaring __flt_rounds() locally (guenther@) librthread ~ rthread.c ~ rthread.h ~ rthread_fork.c > ld.so no longer needs or uses a bind lock, so stop setting it. This > eliminates a chunk of complexity from the libpthread init and the fork > wrapper, as it was the bind lock that needed prebinding before use. > (guenther@) == regress =========================================================== 05/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress bin ~ systrace/id/id.policy > Need native-pledge for id. (doug@) lib ~ libc/sleep/sleep_test.c > Need <string.h> for memset() (guenther@) sys ~ kern/pledge/generic/manager.c > regress pledge: tweak a bit the manner to grab hte syscall number > permit debug string be present on the line (semarie@) ~ kern/pledge/generic/tests.out > regress pledge: cmsg is deprecated (semarie@) ~ kern/pledge/generic/main.c ~ kern/pledge/generic/tests.out > regress pledge: cpath test > you need to read the directory before creating something in. add rpath > (semarie@) ~ kern/pledge/generic/main.c ~ kern/pledge/generic/tests.out > regress pledge: remove cmsg > it has no sens to keep it. (semarie@) ~ kern/pledge/generic/main.c ~ kern/pledge/generic/tests.out > regress pledge: test kill() > since "inet" has PLEDGE_SELF, and now calling kill() to self is permitted > with PLEDGE_SELF, try this with "fattr" (semarie@) == sbin ============================================================== 06/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin ipsecctl ~ pfkey.c > Use explicit_bzero() when the memory is freed directly afterward. > ok deraadt@ (mmcc@) savecore ~ savecore.c > Collapse some strange programmer style with too much abstraction. > (deraadt@) ~ savecore.c > after kmem is open and setup, pledge "stdio rpath wpath cpath" > seems to be working. commiting to get feedback from people who crash. > (deraadt@) == sys =============================================================== 07/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys dev/pci ~ drm/i915/i915_gem_gtt.c > Backport another Broadwell fix from Linux 3.15 > Ben Widawsky > drm/i915: Provide PDP updates via MMIO > e178f7057b81c87a7ceaae0ca204487b6f7eedcf > Doesn't make resume work, but at least it prevents the machine from hanging > and/or resetting. (kettenis@) ~ pciide.c > The change of 5.7's sys/arch/i386/i386/bus_space.c and > sys/arch/i386/include/bus.h invokes the kernel crash at boot > when ignored (disabled) channel is detected. > In all ATA controllers, ignored (disabled) channel is still set cp->hwok = > 1. > And pciide_mapregs_native() is not called, wdc_cp->cmd_iot is 0. > 5.6 and before, cmd_iot = 0 is treated as I386_BUS_SPACE_IO, > so there is no problem to call bus_space_read_1() in wdcintr(). > 5.7 and after, cmd_iot is used as function pointer. > We have to initialize it with pciide_mapregs_native() or something, > otherwise set cp->hwok = 0 to prevent calling wdcintr(). > When ignored (disabled) channel is found, default_chip_map() should set > cp->hwok = 0. So all controllers do same thing. > ok by deraadt@ (uaa@) kern ~ init_sysent.c ~ syscalls.c > sync (deraadt@) ~ syscalls.master ~ kern_pledge.c ~ uipc_syscalls.c > Add two new system calls: dnssocket() and dnsconnect(). This creates a > SS_DNS tagged socket which has limited functionality (for example, you > cannot accept on them...) The libc resolver will switch to using these, > therefore pledge can identify a DNS transaction better. > ok tedu guenther kettenis beck and others (deraadt@) ~ kern_pledge.c > Allow read/write access to /dev/tty when using "tty" pledge. > Without this change, you need "rpath" and "wpath" to open /dev/tty. Some > applications explicitly open /dev/tty, but deraadt@ found the most > common use is indirectly via readpassphrase(). > tweak and ok deraadt@ > pre-tweak ok millert@, semarie@ (doug@) ~ kern_pledge.c > TIOCSTI and TIOCSCTTY; oops got the condition backwards. (deraadt@) ~ kern_pledge.c > Move your drink further away... When a program pledged "getpw" fails to > get a response from a YP server, it will open "/dev/tty" and spit out: > 'YP server for domain %s not responding, still trying' > For now allow open of /dev/tty for "getpw". I hope to re-architect the > libc:YP communication protocol (strategy similar to syslog->sendsyslog, > isatty->fcntl, dnssocket/dnsconnect) and then we can reevaluate this. > (deraadt@) ~ kern_pledge.c > getting sloppy, lost a } (deraadt@) ~ kern_pledge.c ~ sys_generic.c > move SS_DNS socket check from kern_plegde.c to sys_generic.c > this check has nothing to do with pledge(2). make it lives in sys_ioctl() > call. > while here, move the (fp == NULL) check early and remove duplicate check > from > pledge_ioctl_check(). > ok guenther@ deraadt@ (semarie@) ~ kern_pledge.c ~ uipc_syscalls.c ~ uipc_usrreq.c > Instead of fragile CMSG parsing, control pledge "sendfd" and "recvfd" > in unp_internalize and unp_externalize. > ok kettenis guenther (deraadt@) netinet ~ in_pcb.c > Add two new system calls: dnssocket() and dnsconnect(). This creates a > SS_DNS tagged socket which has limited functionality (for example, you > cannot accept on them...) The libc resolver will switch to using these, > therefore pledge can identify a DNS transaction better. > ok tedu guenther kettenis beck and others (deraadt@) netinet6 ~ in6_pcb.c > Add two new system calls: dnssocket() and dnsconnect(). This creates a > SS_DNS tagged socket which has limited functionality (for example, you > cannot accept on them...) The libc resolver will switch to using these, > therefore pledge can identify a DNS transaction better. > ok tedu guenther kettenis beck and others (deraadt@) sys ~ syscall.h ~ syscallargs.h > sync (deraadt@) ~ pledge.h ~ proc.h ~ socketvar.h > Add two new system calls: dnssocket() and dnsconnect(). This creates a > SS_DNS tagged socket which has limited functionality (for example, you > cannot accept on them...) The libc resolver will switch to using these, > therefore pledge can identify a DNS transaction better. > ok tedu guenther kettenis beck and others (deraadt@) ~ pledge.h > Instead of fragile CMSG parsing, control pledge "sendfd" and "recvfd" > in unp_internalize and unp_externalize. > ok kettenis guenther (deraadt@) == usr.bin =========================================================== 08/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin bgplg ~ bgplg.c > pledge bgplg(8). > ok deraadt (benno@) finger ~ finger.c > Add "dns" to the pledges. Previously these worked because of "inet", > alas "dns" is now a mandatory statement if you want to do dns! (deraadt@) ftp ~ cmds.c ~ complete.c ~ domacro.c ~ small.c ~ util.c > A whole buncha unsigned char casts for ctype function arguments. > ok guenther@ (mmcc@) ~ main.c ~ util.c > First casualty of making pledge "dns" mandatory for dns users. > "dns" was missing, and this was relying on "inet" support.. (deraadt@) ~ util.c > unrelated commit; not ready yet (deraadt@) kdump ~ kdump.c > Describe dnssocket / dnsconnect arguments (deraadt@) ~ ktrstruct.c > Use offsetof() instead of adding the sizes of the preceeding struct members > ok millert@ (guenther@) sdiff ~ sdiff.c > sorry, sdiff -o interactive mode does another spawn (deraadt@) sort ~ sort.c > Do not warn for sort -o if we can't chown the output temporary file > to match the owner of the output file. (millert@) tftp ~ main.c > Add "dns" to the pledges. Previously these worked because of "inet", > alas "dns" is now a mandatory statement if you want to do dns! (deraadt@) tmux ~ client.c ~ tmux.h ~ server-client.c > Pass current directory as a string rather than a file descriptor because > pledge doesn't let us pass directory file descriptors. (nicm@) ypcat ~ ypcat.c > pledge+=flock, for /var/run/ypbind.lock. ok semarie@ (miod@) ~ ypcat.c > Use "getpw" rather than "flock", per deraadt@'s suggestion. (miod@) == usr.sbin ========================================================== 09/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin crunchgen ~ crunchide.c > Avoid integer overflow with very large files. > ok millert (tobias@) inetd ~ inetd.8 > actually, it uses getaddrinfo (deraadt@) ~ inetd.c > Make use of pledge(2); initial diff from deraadt@ > As Theo says, there's probably room for stricter pledge requests, but > this would involve refactoring. (jca@) installboot ~ i386_installboot.c > Fix comments. > OK krw@ (rpe@) route6d ~ route6d.c > Tweak previous: call fatal(), not err(3), for consistency. err.h goes away. > (jca@) sasyncd ~ monitor.c ~ pfkey.c > Use explicit_bzero() when the memory is freed directly afterward. > ok deraadt@ (mmcc@) smtpd ~ delivery_lmtp.c > fix lmtp delivery regressions introduced in previous: > - strip \r\n and add them explicitly to all DATA lines > - fix DATA termination > - add missing QUIT command (and check for reply) > - remove free() and fclose() and use exit(3) instead of _exit(2) > to handle cleanup > ok sunil gilles (jung@) syslogd ~ privsep.c > Add "id" pledge to syslogd privsep process. Needed for logging to pipe. > OK deraadt@ (bluhm@) sysmerge ~ sysmerge.sh > Make sure sm_rotate_bak() is only run once. (ajacoutot@) tftpd ~ tftpd.c > Add "dns" to the pledges. Previously these worked because of "inet", > alas "dns" is now a mandatory statement if you want to do dns! (deraadt@) =============================================================================== _______________________________________________ odc mailing list [email protected] http://www.squish.net/mailman/listinfo/odc
