OpenBSD src changes summary for 2015-10-22 ==========================================
bin/csh bin/ksh bin/ps games/hangman gnu/usr.bin/binutils-2.17 lib/libc lib/libssl libexec/login_chpass libexec/login_lchpass libexec/login_reject libexec/login_yubikey libexec/rpc.yppasswdd regress/lib sbin/bioctl sbin/iked share/man sys/arch/alpha/stand/boot sys/arch/alpha/stand/bootxx sys/dev/pci sys/kern sys/net sys/netinet sys/netinet6 sys/sys usr.bin/awk usr.bin/doas usr.bin/mandoc usr.bin/renice usr.bin/tmux usr.sbin/bgpd usr.sbin/eigrpd usr.sbin/inetd usr.sbin/smtpd == bin =============================================================== 01/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/bin csh ~ csh.c > setlocale() before pledge()... until we learn more (deraadt@) ksh ~ Makefile > Fix typo in comment. From Theo Buehler. (mmcc@) ~ main.c ~ sh.h > Final removal of EXTERN. > ok nicm@ (mmcc@) ps ~ ps.1 > document tid keyword. > found with and ok bluhm@ (benno@) == games ============================================================= 02/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/games hangman ~ main.c > Pledge "stdio rpath tty" for hangman(6). > Patch submitted by Ricardo Mestre <[email protected]> > ok semarie@ (doug@) == gnu =============================================================== 03/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/gnu usr.bin/binutils-2.17 ~ binutils/addr2line.c ~ binutils/objdump.c ~ binutils/readelf.c ~ binutils/strings.c > Add pledge(2) to some binutils that handle untrusted data. Most can do > with > "stdio rpath", while objdump(1) also needs "tmppath" for objdump -i. > ok deraadt@, comments sthen@ kettenis@ (pascal@) == lib =============================================================== 04/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib libc ~ sys/pledge.2 > document "id" request; from Gregor Best (deraadt@) ~ net/inet_network.c ~ gen/auth_subr.c > Cast ctype function arguments to unsigned char. > ok guenther@ (mmcc@) libssl ~ src/crypto/asn1/a_time_tm.c > Restore previous behaviour and allow > ASN1_{GENERALIZED,UTC,}TIME_set_string() to be called with a NULL pointer. > Found the hard way by @kinichiro on github. > ok beck@ (jsing@) ~ src/crypto/asn1/a_time_tm.c > Another change that is needed to restore the previous behaviour of > ASN1_{GENERALIZED,UTC}TIME_set_string(), which allows it to be called > with a NULL pointer. > ok beck@ (jsing@) == libexec =========================================================== 05/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/libexec login_chpass ~ Makefile ~ login_chpass.c > use crypt_checkpass instead of doing things the hard way with crypt. > (tedu@) login_lchpass ~ Makefile ~ login_lchpass.c > use crypt_checkpass instead of doing things the hard way with crypt. > (tedu@) login_reject ~ login_reject.c > use crypt_checkpass("password", NULL) to fake a login instead of bcrypt > (tedu@) login_yubikey ~ login_yubikey.c > Add pledge support to login_yubikey. Much feedback and OK millert@ > (bmercer@) rpc.yppasswdd ~ yppasswdd_mkpw.c > use crypt_checkpass to check password (tedu@) == regress =========================================================== 06/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress lib + libc/sigthr/Makefile + libc/sigthr/sigthr_test.c > Add a regress for libc handling of SIGTHR (guenther@) ~ libcrypto/asn1/asn1time.c > Fix case where we wanted to test ASN1_TIME_set_string() but were testing > ASN1_UTCTIME_set_string() twice instead. (jsing@) ~ libcrypto/asn1/rfc5280time.c > Fix case where we wanted to test ASN1_TIME_set_string() but were testing > ASN1_UTCTIME_set_string() twice instead. (jsing@) ~ libcrypto/asn1/asn1time.c > Extend tests to call ASN1_{GENERALIZED,UTC,}TIME_set_string() with a NULL > pointer - because, you know, you might want to set a string on a NULL > object. The previous implementation apparently allowed this as a way of > testing if the string was valid... probably because the *_check() functions > are only useable after the string has already been set. (jsing@) + libc/ifnameindex/Makefile + libc/ifnameindex/ifnitest.c > Add a regress test for if_indextoname() and if_nametoindex() (claudio@) == sbin ============================================================== 07/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin bioctl ~ bioctl.8 > halex removed the -p restriction, so do not document it; > from kirill bychkov (jmc@) iked ~ Makefile > Stop linking iked -static: It was inherited from isakmpd that is > -static for NFS-over-IPsec that might mount the libraries after /usr. > The benefit of linking iked dynamic outweighs the historic reason, eg. > to get full address space randomization and to benefit from libcrypto > updates, so we turn it into a dynamic binary. > OK deraadt@ naddy@ (reyk@) ~ ca.c ~ control.c ~ iked.c ~ iked.h ~ ikev2.c ~ proc.c ~ types.h > iked hereby pledges that it will run with restricted system > operations. This adds pledge(2) too all processes, including the iked > parent process; the existing privsep design has been improved for > better pledgeability. There haven't been any serious problems as it > was already sane (eg. by receiving the PFKEYv2 and UDP sockets via fd > passing). The control socket moved to an independent process to > remove some abilities from the cert process. > Committed in agreement with many but nobody was brave enough to OK it. > Better testing will happen with having it in the tree. > "It's the truth" deraadt@ > "Let's see what happens" benno@ (reyk@) == share ============================================================= 08/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share man ~ man9/Makefile ~ man9/ml_init.9 > rename ml_join to ml_enlist and expose it to the rest of the kernel. (dlg@) ~ man4/man4.amd64/skgpio.4 ~ man4/man4.i386/skgpio.4 > typo. > ok jmc@ (sobrado@) ~ man4/man4.octeon/octrng.4 > fix typo in unit of time. > ok jmc@ (sobrado@) ~ man5/pf.conf.5 > improve indentation in list block. > ok jmc@ (sobrado@) ~ man4/man4.macppc/mediabay.4 > fix spelling mess. > ok jmc@ (sobrado@) ~ man4/man4.sparc64/clock.4 > fix company name. > ok jmc@ (sobrado@) == sys =============================================================== 09/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys arch/alpha/stand/boot ~ Makefile > Build boot blocks with -msmall-data -msmall-text. (miod@) arch/alpha/stand/bootxx ~ Makefile > Build boot blocks with -msmall-data -msmall-text. (miod@) dev/pci ~ if_iwm.c ~ if_iwmvar.h > remove some horrible iwm typedefs > ok stsp@ (jsg@) kern ~ uipc_mbuf.c > rename ml_join to ml_enlist and expose it to the rest of the kernel. (dlg@) ~ kern_pledge.c > After some consideration, simply allow TIOCSCTTY in the "tty" pledge. > Discussion with nicm. (deraadt@) ~ kern_pledge.c > Further study shows "route" should allow all address families in > NET_RT_DUMP > With benno (deraadt@) net ~ if.c > Do not dereference ``ifa_ifp'' when we already have an ``ifp'' pointer. > (mpi@) ~ if.c ~ if_dl.h ~ if_enc.c ~ if_ethersubr.c ~ if_mpe.c ~ if_mpw.c ~ route.c ~ rtsock.c > Inspired by satosin(), use inline functions to convert sockaddr dl. > Instead of casts they check wether the incoming object has the > expected type. So introduce satosdl() and sdltosa() in the kernel. > OK mpi@ (bluhm@) ~ route.c > Kill dead code, ifa is specified and won't change. > ok bluhm@ (mpi@) ~ if.c > Make sure that the address matching the key (destination) of a route > entry is attached to this entry. > ok phessler@, bluhm@ (mpi@) ~ route.c > Only check for rt_ifp now that it is alays the same as rt_ifa->ifa_ifp. > ok millert@, bluhm@ (mpi@) ~ route.c ~ rtable.c ~ rtable.h ~ rtsock.c > Use only one refcounting mechanism for route entries. > ok bluhm@, dlg@, claudio@ (mpi@) ~ if.c ~ if_enc.c ~ if_mpe.c ~ if_mpw.c ~ if_var.h > Kill link_rtrequest(), introduce in 1990 to "fix" the result > of rt_getifa() when adding link level route from outside the > kernel. > ok claudio@ (mpi@) netinet ~ ip_icmp.c > Do not dereference ``ia_ifp'' when we already have an ``ifp'' pointer. > (mpi@) ~ if_ether.c ~ ip_carp.c ~ ip_carp.h > Do not pass an ``ia'' just to dereference ``ia_ifp''. > ok claudio@, bluhm@, jsg@ (mpi@) ~ if_ether.c > Inspired by satosin(), use inline functions to convert sockaddr dl. > Instead of casts they check wether the incoming object has the > expected type. So introduce satosdl() and sdltosa() in the kernel. > OK mpi@ (bluhm@) ~ if_ether.c > Make sure that the address matching the key (destination) of a route > entry is attached to this entry. > ok phessler@, bluhm@ (mpi@) ~ if_ether.c > Drop historical comment and an old '#if notyet'. (mpi@) netinet6 ~ frag6.c > Kill dead code missed in per-ifp counter removal. > ok millert@, bluhm@ (mpi@) ~ nd6.c > Use rt_ifp as intended. > During s2k15 we fixed this ugly 20+ years loopback hack of having a > rt_ifp different than rt_ifa->ifa_ifp. > ok millert@, bluhm@ (mpi@) ~ icmp6.c ~ in6_ifattach.c ~ nd6.c ~ nd6_nbr.c ~ nd6_rtr.c > Inspired by satosin(), use inline functions to convert sockaddr dl. > Instead of casts they check wether the incoming object has the > expected type. So introduce satosdl() and sdltosa() in the kernel. > OK mpi@ (bluhm@) ~ in6_src.c > Use rt_ifp instead of rt_ifa->ifa_ifp. > ok bluhm@ (mpi@) ~ nd6.c > Make sure that the address matching the key (destination) of a route > entry is attached to this entry. > ok phessler@, bluhm@ (mpi@) sys ~ mbuf.h > rename ml_join to ml_enlist and expose it to the rest of the kernel. (dlg@) == usr.bin =========================================================== 10/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin awk ~ main.c > Until we understand the sitaution better, we should pledge() after > setlocale(), not before. Not just here, but probably everywhere? > (deraadt@) doas ~ doas.c > pledge in doas. startup pledge "stdio rpath getpw proc exec id". 4 > more times after that more attributes are dropped: "proc" after bsd > auth has spawned/received result from the login_* program; "getpw" > after the final getpwent lookup, "id" after the final uid changing, > and "rpath" after constructing getcwd. leaving only "exec", for the > ride into execve(). (deraadt@) ~ doas.c > copying of the environment can be done later, as the user running (tedu@) mandoc ~ main.c > If no output device was allocated because no file wanted to produce output, > refrain from dereferencing a NULL pointer during final deallocation. > Fixing a recent regression reported by czarkoff@ (schwarze@) ~ libman.h ~ main.c ~ man.c ~ man.h ~ man_macro.c ~ man_validate.c ~ roff.c ~ roff_int.h > move man(7) validation into the dedicated validation phase, too (schwarze@) ~ Makefile ~ cgi.c ~ mandocdb.c > use the new function man_validate() here, too (schwarze@) renice ~ renice.c > at present the setpriority() syscall is considered fairly low risk and > placed in pledge "proc". pledge "stdio getpw proc", from Theo Buehler > (deraadt@) tmux ~ server.c > Rename shutdown to exit. (nicm@) ~ server.c > This should not be changed. (nicm@) ~ server-client.c > Log identify messages. (nicm@) ~ cmd-select-pane.c > Unzoom before -LRUD, reported by Andy Weidenbaum. (nicm@) ~ cmd-find.c > If the pane is still on all_window_panes but not actually connected to > window or session (which can happen if it is killed during a command > sequence and something else has a reference), fall back to the best > effort. Fixes "tmux killw\; detach" for Rudis Muiznieks. (nicm@) == usr.sbin ========================================================== 11/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin bgpd ~ kroute.c > If we receive an empty route message, log it and ignore it. Happens > occasionally on FreeBSD. > from Melissa Jenkins > OK claudio@, florian@, benno@ (phessler@) ~ parse.y > Revert revision 1.282: > "Allow for empty blocks for peers. While this is bad style for permant > use, this is very nice to temporarily disable a peer option." > This broke the grammar by introducing shift/reduce errors. > OK phessler@ (reyk@) eigrpd ~ eigrpe.c > The eigrpe process also needs to pledge "cpath" for unlinking the > control socket. (renato@) ~ kroute.c > Fix some bugs in the handling of the RTM_GET and RTM_CHANGE messages > found when running eigrpd(8) and ldpd(8) together. (renato@) inetd ~ inetd.c > pledge "abort" left behind accidentally (deraadt@) smtpd ~ smtpd.c > delivery to maildir needs pledge fattr > from Gregor Best <[email protected]> (gilles@) =============================================================================== _______________________________________________ odc mailing list [email protected] http://www.squish.net/mailman/listinfo/odc
