OpenBSD src changes summary for 2015-10-20 ==========================================
distrib/ramdisk distrib/sets gnu/lib/libiberty lib/libc lib/libssl regress/sys sbin/iked share/man sys/dev/pci sys/kern sys/netinet sys/netinet6 sys/sys usr.bin/mandoc usr.bin/script usr.bin/ssh usr.bin/tmux usr.bin/write usr.sbin/eigrpd usr.sbin/rmt usr.sbin/syslogd usr.sbin/tcpdump == distrib =========================================================== 01/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib ramdisk ~ Makefile > Missing commit of vax switch to MI installboot(8), forgotten when it went > in. (miod@) ~ Makefile > ... but keep the previous logic for sparc, which is the other user of this > Makefile, until it switches to MI installboot, too. (miod@) sets ~ lists/base/mi > sync (deraadt@) == gnu =============================================================== 02/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/gnu lib/libiberty ~ src/xmalloc.c > On xmalloc failure, stop trying to determine the total amount of allocated > memory up to this point by using sbrk(2). This is of course wildly > incorrect > for any mmap-based malloc(3). > This also makes it possible to bring pledge(2) to gnu/. > comments kettenis@, ok miod@ (pascal@) == lib =============================================================== 03/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib libc ~ sys/socket.2 > Document SOCK_DNS flag > ok guenther tedu semarie (deraadt@) libssl ~ src/crypto/rc4/rc4.h ~ src/crypto/rc4/rc4_enc.c ~ src/crypto/rc4/rc4_skey.c > Lob a style(9) grenade in here. (jsing@) == regress =========================================================== 04/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress sys ~ kern/pledge/generic/tests.out > update regress for pledge after whitelisted-path view inclusion (semarie@) == sbin ============================================================== 05/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin iked ~ policy.c > Fix ocsp by adding a missing TAILQ_INIT(). > Confirmed by markus@ with an identical diff (reyk@) == share ============================================================= 06/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share man ~ man4/ip.4 > add a new getsockopt option IP_IPDEFTTL to retrieve the default ttl. > this can be used as an alternative to sysctl net.inet.ip.ttl, in > programs that use pledge(). > ok reyk@, "Like this" deraadt@ (benno@) ~ man4/ip.4 > tweak previous; (jmc@) == sys =============================================================== 07/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys dev/pci ~ if_vr.c ~ if_vrreg.h > Fix 802.1p VLAN priority code points for VLAN_HWTAGGING. > Our in-kernel ether-vtag has a different layout to the vr TXSTAT register. > ok sthen@ (chrisz@) kern ~ kern_pledge.c ~ uipc_syscalls.c > Always allow the setsockopt & getsockopt system calls... however, in the > default case only allows SOL_SOCKET SO_RCVBUF which is very common in > network-facing daemons. Many of them manage this on a socket after > dropping abilities which can get them _new_ sockets.. syslogd, bgpd, > relayd, etc etc. Other sockopts still require specific pledges. > Tested by bluhm. (deraadt@) ~ kern_pledge.c > allow SO_ERROR all the time (deraadt@) ~ kern_pledge.c ~ vfs_syscalls.c > clear whitelisted-paths view in pledge. > the following diff adds a clear view of whitelisted-paths in pledge. > before, whitelisting "/usr/local/bin" path would make only "/usr/local/bin" > VNODE was present and let "/usr/local", "/usr", and "/" been ENOENT. It was > a > somehow odd filesystem hierarchy, and it breaks realpath(3). > with this diff, the directories that are one of the parents of a > whitelisted-directory become visible to stat(2) related syscalls, but only > with restricted permissions: stat(2) will lie a bit, and saying they owned > by > root:wheel and mode is --x--x--x. Note that only stat(2) is affected by > this > "view", and the owner/mode aren't effectively changed: it is just a "lie". > while here, refactor a bit pledge_namei() in order to avoid multiple > for-loop > on whitelisted-path array. > ok deraadt@ (semarie@) ~ kern_pledge.c > Add SIOCGIFGMEMB to "route" (returns a list of all interfaces who are > member of the given group). This is used by some parse.y. > OK deraadt@ (reyk@) ~ kern_pledge.c ~ uipc_syscalls.c > At guenther's suggestion replace dnssocket() with a SOCK_DNS flag on > socket(). Without pledge, all other socket behaviours become permitted, > except this one case: connect/send* only works to *:53. In pledge mode, > a very few are further restricted. Some backwards compatibility for > the dnssocket/dnsconnect calls will remain in the tree temporarily so > that people can build through the transition. > ok tedu guenther semarie (deraadt@) netinet ~ in_pcb.c > At guenther's suggestion replace dnssocket() with a SOCK_DNS flag on > socket(). Without pledge, all other socket behaviours become permitted, > except this one case: connect/send* only works to *:53. In pledge mode, > a very few are further restricted. Some backwards compatibility for > the dnssocket/dnsconnect calls will remain in the tree temporarily so > that people can build through the transition. > ok tedu guenther semarie (deraadt@) ~ ip_output.c ~ in.h > add a new getsockopt option IP_IPDEFTTL to retrieve the default ttl. > this can be used as an alternative to sysctl net.inet.ip.ttl, in > programs that use pledge(). > ok reyk@, "Like this" deraadt@ (benno@) netinet6 ~ in6_pcb.c > At guenther's suggestion replace dnssocket() with a SOCK_DNS flag on > socket(). Without pledge, all other socket behaviours become permitted, > except this one case: connect/send* only works to *:53. In pledge mode, > a very few are further restricted. Some backwards compatibility for > the dnssocket/dnsconnect calls will remain in the tree temporarily so > that people can build through the transition. > ok tedu guenther semarie (deraadt@) sys ~ pledge.h > Always allow the setsockopt & getsockopt system calls... however, in the > default case only allows SOL_SOCKET SO_RCVBUF which is very common in > network-facing daemons. Many of them manage this on a socket after > dropping abilities which can get them _new_ sockets.. syslogd, bgpd, > relayd, etc etc. Other sockopts still require specific pledges. > Tested by bluhm. (deraadt@) ~ proc.h > clear whitelisted-paths view in pledge. > the following diff adds a clear view of whitelisted-paths in pledge. > before, whitelisting "/usr/local/bin" path would make only "/usr/local/bin" > VNODE was present and let "/usr/local", "/usr", and "/" been ENOENT. It was > a > somehow odd filesystem hierarchy, and it breaks realpath(3). > with this diff, the directories that are one of the parents of a > whitelisted-directory become visible to stat(2) related syscalls, but only > with restricted permissions: stat(2) will lie a bit, and saying they owned > by > root:wheel and mode is --x--x--x. Note that only stat(2) is affected by > this > "view", and the owner/mode aren't effectively changed: it is just a "lie". > while here, refactor a bit pledge_namei() in order to avoid multiple > for-loop > on whitelisted-path array. > ok deraadt@ (semarie@) ~ pledge.h ~ socket.h > At guenther's suggestion replace dnssocket() with a SOCK_DNS flag on > socket(). Without pledge, all other socket behaviours become permitted, > except this one case: connect/send* only works to *:53. In pledge mode, > a very few are further restricted. Some backwards compatibility for > the dnssocket/dnsconnect calls will remain in the tree temporarily so > that people can build through the transition. > ok tedu guenther semarie (deraadt@) == usr.bin =========================================================== 08/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin mandoc ~ Makefile ~ cgi.c ~ libmdoc.h ~ main.c ~ mandocdb.c ~ mdoc.c ~ mdoc.h ~ mdoc_macro.c ~ mdoc_validate.c ~ roff.c ~ roff_int.h + mdoc_state.c > In order to become able to generate syntax tree nodes on the roff(7) > level, validation must be separated from parsing and rewinding. > This first big step moves calling of the mdoc(7) post_*() functions > out of the parser loop into their own mdoc_validate() pass, while > using a new mdoc_state() module to make syntax tree state handling > available to both the parser loop and the validation pass. (schwarze@) script ~ script.c > add "proc" to pledge for script(1) > it needs to "forward" SIGWINCH to subprocesses. > ok deraadt@ (semarie@) ssh ~ clientloop.c > Replace a function-local allocation with stack memory. > ok djm@ (mmcc@) ~ auth-bsdauth.c ~ monitor.c ~ sshbuf-getput-basic.c > Compare pointers to NULL rather than 0. > ok djm@ (mmcc@) tmux ~ server-client.c > The table could change when retrying so don't save it at start of > server_client_handle_key. (nicm@) ~ cmd-queue.c ~ cmd-wait-for.c ~ server-client.c ~ server-fn.c ~ status.c > Use client pointer not file descriptor in logging. (nicm@) write ~ write.c > Fix write to other user's tty. The device has to be opened with > O_WRONLY, but without O_CREAT. So freopen(3) has to be replaced > with open(2) and dup2(2). > from deraadt@ (bluhm@) == usr.sbin ========================================================== 09/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin eigrpd ~ rde_dual.c > fix a use after free found by clang using an approach suggested by renato > ok renato@ (jsg@) rmt ~ rmt.c > believe this will work with "stdio rpath wpath cpath inet" now that > SO_RCVBUF is permitted. It may even be possible to lose the "inet" a > bit later in the code. Anyone want to test? (deraadt@) syslogd ~ privsep.c > After pledge "dns" has been refactored and setsockopt(SO_RCVBUF) > has been added to it, the syslogd privsep parent does not need > pledge "inet" anymore. > discussed with deraadt@ (bluhm@) tcpdump ~ print-bgp.c > Add an explicit check for a malformed AS segment with (segment length 0), > avoiding division by zero when deciding whether it contains 2- or 4-byte > ASNs. > Refactor TCHECK calls to ensure proper coverage. > From Kevin Reay, ok canacar with wording tweak (I used "malformed" rather > than canacar's suggested "invalid size" or Kevin's original "empty"). > (sthen@) =============================================================================== _______________________________________________ odc mailing list [email protected] http://www.squish.net/mailman/listinfo/odc
