OpenBSD src changes summary for 2015-10-21 ==========================================
bin/ed bin/ksh etc/moduli etc/rc.d/eigrpd lib/libssl share/man sys/arch/alpha/alpha sys/arch/amd64/amd64 sys/arch/arm/arm sys/arch/aviion/aviion sys/arch/hppa/hppa sys/arch/hppa64/hppa64 sys/arch/i386/i386 sys/arch/luna88k/luna88k sys/arch/macppc/macppc sys/arch/sh/sh sys/arch/sparc/sparc sys/arch/sparc64/sparc64 sys/arch/vax/vax sys/kern sys/net usr.bin/mandoc usr.bin/rcs usr.bin/ssh usr.bin/tmux usr.bin/who usr.sbin/eigrpd usr.sbin/pkg_add usr.sbin/smtpd usr.sbin/syslogd == bin =============================================================== 01/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/bin ed ~ main.c > Style fixes; from Ilya Kaliman (millert@) ksh ~ main.c ~ sh.h > Penultimate commit to remove EXTERN. > ok nicm@ (mmcc@) ~ edit.c > Assign pointer to NULL rather than 0. > ok nicm@ (mmcc@) ~ c_ksh.c ~ c_sh.c ~ history.c > Don't bother casting NULL. > ok nicm@ (mmcc@) ~ history.c ~ shf.h > Remove a couple of unhelpful defines. > ok nicm@ (mmcc@) == etc =============================================================== 02/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/etc moduli ~ moduli > Remove Diffie-Hellman moduli entries below 2048. > OpenSSH requires a 2048 minimum for DH in the client and server. > input and ok sthen@ > ok dtucker@, djm@ (doug@) rc.d/eigrpd ~ rc.d/eigrpd > add missing rcsid > ok renato@ (gsoares@) == lib =============================================================== 03/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib libssl ~ src/crypto/rc4/rc4_enc.c > In the case where len is not a multiple of sizeof(RC4_CHUNK) the RC4 code > will end up doing a read and write of up to 7 bytes beyond the specified > length. This is effectively a non-issue since we read and write back the > same data and due to alignment it is within a page boundary. > Regardless, avoid this by removing the "special" handling for the remaining > length and allow the standard (non-chunk) code to process the remaining > bytes, which does not result in overrun. > Reported by Pascal Cuoq <cuoq at trust-in-soft.com> - thanks! > ok beck@ miod@ (jsing@) ~ src/crypto/bn/bn.h ~ src/crypto/bn/bn_err.c ~ src/crypto/bn/bn_prime.c > Reject too small bits value in BN_generate_prime_ex(), so that it does not > risk > becoming negative in probable_prime_dh_safe(). Reported by Franck Denis who > noticed `openssl gendh 0' would segfault. > Fix adapted from OpenSSL RT#2701. > ok beck@ jsing@ (miod@) == share ============================================================= 04/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share man ~ man9/Makefile ~ man9/rtable_add.9 ~ man9/rtrequest1.9 > No longer mention rtable_get(), it's a private function now. > While here use C99 types in function definitions. (mpi@) == sys =============================================================== 05/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys arch/alpha/alpha ~ machdep.c > Do not call uvm_swap_finicrypt_all() a second time in dumpsys(). > ok tedu@, deraadt@, miod@ (mpi@) arch/amd64/amd64 ~ machdep.c > Do not call uvm_swap_finicrypt_all() a second time in dumpsys(). > ok tedu@, deraadt@, miod@ (mpi@) arch/arm/arm ~ stubs.c > Do not call uvm_swap_finicrypt_all() a second time in dumpsys(). > ok tedu@, deraadt@, miod@ (mpi@) arch/aviion/aviion ~ machdep.c > Do not call uvm_swap_finicrypt_all() a second time in dumpsys(). > ok tedu@, deraadt@, miod@ (mpi@) arch/hppa/hppa ~ machdep.c > Do not call uvm_swap_finicrypt_all() a second time in dumpsys(). > ok tedu@, deraadt@, miod@ (mpi@) arch/hppa64/hppa64 ~ machdep.c > Do not call uvm_swap_finicrypt_all() a second time in dumpsys(). > ok tedu@, deraadt@, miod@ (mpi@) arch/i386/i386 ~ machdep.c > Do not call uvm_swap_finicrypt_all() a second time in dumpsys(). > ok tedu@, deraadt@, miod@ (mpi@) arch/luna88k/luna88k ~ machdep.c > Do not call uvm_swap_finicrypt_all() a second time in dumpsys(). > ok tedu@, deraadt@, miod@ (mpi@) arch/macppc/macppc ~ machdep.c > Do not call uvm_swap_finicrypt_all() a second time in dumpsys(). > ok tedu@, deraadt@, miod@ (mpi@) arch/sh/sh ~ sh_machdep.c > Do not call uvm_swap_finicrypt_all() a second time in dumpsys(). > ok tedu@, deraadt@, miod@ (mpi@) arch/sparc/sparc ~ machdep.c > Do not call uvm_swap_finicrypt_all() a second time in dumpsys(). > ok tedu@, deraadt@, miod@ (mpi@) arch/sparc64/sparc64 ~ machdep.c > Do not call uvm_swap_finicrypt_all() a second time in dumpsys(). > ok tedu@, deraadt@, miod@ (mpi@) arch/vax/vax ~ machdep.c > Do not call uvm_swap_finicrypt_all() a second time in dumpsys(). > ok tedu@, deraadt@, miod@ (mpi@) kern ~ kern_descrip.c > Setting fcntl(F_SETOWN) for a pipe failed with inappropriate ioctl > for device. In sys_fcntl() the ioctl(TIOCSPGRP) is called, but the > pipe expects SIOCSPGRP. Sockets have a specal case for the same > reason, so adapt the special code for pipes. > OK millert@ (bluhm@) net ~ route.c > u_short -> unsigned int for rtableid. (mpi@) ~ rtable.c > Return the correct error code when a table already exists. (mpi@) == usr.bin =========================================================== 06/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin mandoc ~ mdoc_state.c ~ mdoc_validate.c ~ roff.c ~ roff_int.h > Move all mdoc(7) node validation done before child parsing > to the new separate validation pass, except for a tiny bit > needed by the parser which goes to the new mdoc_state() module; > cleaner, simpler, and surprisingly also shorter by 15 lines. (schwarze@) rcs ~ co.c > Style fixes; from Ilya Kaliman (millert@) ssh - moduli-gen/moduli.1536 ~ moduli-gen/Makefile > Remove Diffie-Hellman moduli entries below 2048. > OpenSSH requires a 2048 minimum for DH in the client and server. > input and ok sthen@ > ok dtucker@, djm@ (doug@) ~ packet.c > fix memory leak in error path > ok djm@ (gsoares@) tmux ~ key-bindings.c > By popular demand add a default binding for mouse wheel up to scroll > into history (if the mouse is, on of course). (nicm@) ~ tmux.1 > client_key_table was missing. (nicm@) who ~ who.c > Style fixes; from Ilya Kaliman (millert@) == usr.sbin ========================================================== 07/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin eigrpd ~ eigrpd.h ~ interface.c ~ kroute.c ~ rde.c ~ rde.h ~ rde_dual.c ~ rtp.c ~ tlv.c > Minor fixes and code cleanup. (renato@) ~ eigrpd.c ~ eigrpd.h ~ eigrpe.c ~ interface.c ~ kroute.c ~ parse.y ~ printconf.c ~ rde.c ~ rde.h ~ rde_dual.c ~ util.c > Add support for route summarization. > Working great but need more testing, especially with ipv6. For now > we don't validate if one configured summary is inside another or the > presence of duplicates. Will address these issues in a future commit. > (renato@) pkg_add ~ OpenBSD/PkgCheck.pm > make sure ProgressMeter gets set up. Fixes some weirdness in package > installs, > as it now must contain a proper linkback to its own state. (espie@) smtpd ~ smtpd.h ~ ssl_smtpd.c ~ smtp_session.c > Only enable SSL_VERIFY_PEER when the verify option is set on a listener. > Always enabling SSL_VERIFY_PEER unnecessarily increases the number of > messages/bytes in the TLS handshake and increases our attack surface, > since we request and then process client certificates. > ok gilles@ (jsing@) ~ ssl.c ~ ssl.h > Use SSL_CTX_set_ecdh_auto() instead of rolling our own version. > ok gilles@ (jsing@) syslogd ~ syslogd.c ~ syslogd.h ~ ttymsg.c > Do some cleanup in syslogd ttymsg(). Add a debug message when the > syslogd child calls fork(2) to delay blocked output. > OK benno@ (bluhm@) =============================================================================== _______________________________________________ odc mailing list [email protected] http://www.squish.net/mailman/listinfo/odc
