OpenBSD src changes summary for 2015-10-29 ==========================================
lib/libc libexec/ld.so regress/sys regress/usr.bin sbin/ping sys/arch/amd64/conf sys/arch/amd64/include sys/arch/i386/conf sys/crypto sys/dev/isa sys/dev/pci sys/kern sys/netinet6 usr.bin/cap_mkdb usr.bin/last usr.bin/mg usr.bin/ssh usr.bin/tmux usr.sbin/cron usr.sbin/eigrpctl usr.sbin/rdate usr.sbin/rebound usr.sbin/smtpd == lib =============================================================== 01/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib libc ~ gen/time.c > (struct timezone *)0 -> NULL, while I'm here. (mmcc@) ~ sys/msync.2 > update text to be more like posix, in particular wrt length = 0 (tedu@) == libexec =========================================================== 02/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/libexec ld.so ~ sod.c ~ ldconfig/sod.c > remove tests for LD_HINTS_VERSION_1; ok kettenis (deraadt@) == regress =========================================================== 03/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress sys ~ kern/pledge/generic/main.c ~ kern/pledge/generic/tests.out > regress pledge: rpath isn't needed anymore for mkdir() > make the cpath test more strict. (semarie@) usr.bin ~ ssh/limit-keytype.sh > regress test for "PubkeyAcceptedKeyTypes +..." inside a Match block (djm@) == sbin ============================================================== 04/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin ping ~ ping.c > Backout chacha. > It's getting in the way of the merge and it's not supposed to pull in > a private header. > Prodding deraadt@ (florian@) == sys =============================================================== 05/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys arch/amd64/conf ~ GENERIC ~ files.amd64 > Make inteldrm(4) attach to pci(4) instead of vga(4) just like radeondrm(4). > This is needed for machines where Intel graphics isn't the primary graphics > device and on systems with UEFI firmware that put the device in non-VGA > mode. > ok jsg@ (kettenis@) arch/amd64/include ~ pci_machdep.h > Remove duplicated prototype. (miod@) arch/i386/conf ~ GENERIC ~ files.i386 > Make inteldrm(4) attach to pci(4) instead of vga(4) just like radeondrm(4). > This is needed for machines where Intel graphics isn't the primary graphics > device and on systems with UEFI firmware that put the device in non-VGA > mode. > ok jsg@ (kettenis@) crypto + poly1305.c + poly1305.h > Import Poly1305 Message Authentication Code > Poly1305 is a one-time authenticator designed by Daniel J. Bernstein. > This is a slightly adjusted public domain implementation by Andrew Moon > found at https://github.com/floodyberry/poly1305-donna > ok jsing, previous version ok djm, looked at by reyk@ (mikeb@) dev/isa ~ asmc.c > enable keyboard backlight led earlier to avoid race (jung@) dev/pci ~ if_em.c > fix newlines on an error message (jsg@) ~ pcidevs > add some amd family 16h model 30h-3fh, mullins/bolton ids (jsg@) ~ pcidevs.h ~ pcidevs_data.h > regen (jsg@) ~ agp_i810.c ~ vga_pci.c ~ vga_pci_common.c ~ vga_pcivar.h ~ drm/files.drm ~ drm/i915/i915_drv.c ~ drm/i915/i915_drv.h > Make inteldrm(4) attach to pci(4) instead of vga(4) just like radeondrm(4). > This is needed for machines where Intel graphics isn't the primary graphics > device and on systems with UEFI firmware that put the device in non-VGA > mode. > ok jsg@ (kettenis@) kern ~ kern_pledge.c > Reorder system call table into sequential blocks of alike-functionality > and similar usage cases. Should provide abit more clarity for those > who read the kernel code. (deraadt@) ~ kern_event.c > In knote(), use SLIST_FOREACH_SAFE when walking the klist since a call to > an f_event() handler may remove an entry. > Currently knote_processexit() calls knote() with NOTE_EXIT, knote() walks > the list and calls f_event(), one of these happens to be filt_proc(), which > happily SLIST_REMOVEs the NOTE_EXIT note from the same list that knote() is > currently walking, then we get back to knote() and go boom... > Flushed out by bluhm@'s invalidation change to sys/queue.h and found the > hard way by naddy@. > ok doug@ nicm@ tedu@ (jsing@) ~ kern_pledge.c > Add some setsockopt hacks for libisc, aka John Frum (deraadt@) netinet6 ~ nd6.c > Kill a comment saying that rt_ifp may not be the same as ifp, that's no > longer true. (mpi@) ~ in6.h ~ ip6_input.c ~ ip6_output.c > RFC 2292 API support was removed 9 years ago, but left in a binary compat > ABI form for the sake of existing programs. no programs from that era have > been able to run for quite some time. Kill it all. > ok deraadt florian millert mpi > (I believe this is my first IPv6 diff. Future, here I come!) (tedu@) ~ ip6_output.c > oops, one firebomb went off course. put back some code that's still used. > (tedu@) ~ ip6_output.c > a few redundant tests can be deleted now that switch cases are only for > a single value (tedu@) == usr.bin =========================================================== 06/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin cap_mkdb ~ cap_mkdb.c > Pretty sure this can pledge "stdio rpath wpath cpath". Commiting to start > the review for regressions... (deraadt@) last ~ last.c > pledge "stdio rpath". (deraadt@) mg ~ theo.c > This sausage is made from unsound meat. (tedu@) ~ def.h ~ dired.c ~ file.c ~ main.c > Fix opening dired from the command line. Incorrect cursor placement > and make the error more useful when there is a problem opening a > directory. Reported by and ok jasper@ (lum@) ~ window.c > I assume KRANDOM was the previous name for FFRAND. KRANDOM is not in > the mg source now. (lum@) ssh ~ servconf.c > Fix "PubkeyAcceptedKeyTypes +..." inside a Match block; ok dtucker@ (djm@) tmux ~ proc.c > Break version check into a separate function, and limit version to 8 bits. > (nicm@) == usr.sbin ========================================================== 07/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin cron ~ misc.c > Remove useless FACILITY define and use LOG_CRON directly. > Remove unneeded limits.h include. (millert@) ~ env.c ~ funcs.h ~ misc.c > Convert env_get() into env_find() similar to __findenv() in libc. > Use env_find() in both env_get() and env_set() to find a var in envp. > Remove now-unused strcmp_until() function. (millert@) ~ cron.c ~ env.c > remove unused variables (millert@) ~ do_command.c ~ funcs.h ~ misc.c > Use stravis(3) instead of a homegrown vis-like function. > OK nicm@ (millert@) ~ crontab.c > crontab needs "proc" for fork(2) (millert@) ~ crontab.c > Also need exec to run the editor of course. (millert@) eigrpctl ~ eigrpctl.c > Almost assuredly no longer needs pledge "route" (deraadt@) rdate ~ rdate.c > rdate is a classic "run as root, talk to internet for a while doing > crazy packet parsing, then do something requiring privilege at the > end" program. Simplistic pledge would be "stdio rpath wpath inet dns > settime", which is not very useful. Imagine if it was exploited? It > could still change your time backwards or write to your passwd file - > game over. However the pledge "categorization" is educational, and > quickly leads to a priv-sep solution of sorts. > Create a pipe and fork. child pledges "stdio inet dns", and talks the > time protocols, then writes error message + timeinfo to the pipe. > parent pledges "stdio rpath wpath settime" and reads error > message/timeinfo from pipe. If error message, spit it out. Otherwise > handle the time, then pledge "stdio rpath", and finally report how the > time was adjusted. > A bit more complicated. Now observe that the pledges help test if > it is right... > (Now that privsep processing is in place, the child could be modified > to chroot + change to a different uid... problem is: which uid..) > ok millert (deraadt@) rebound ~ rebound.c > collect some cool stats and print them out with SIGUSR1 (tedu@) ~ rebound.c > refold a few lines (tedu@) ~ rebound.c > be a little more precise about checking filters (tedu@) ~ rebound.c > put timeout nullification in correct spot (tedu@) smtpd ~ control.c ~ queue.c ~ queue_backend.c ~ queue_fs.c ~ scheduler.c ~ scheduler_ramqueue.c ~ smtpctl.8 ~ smtpctl.c ~ smtpd-api.h ~ smtpd.c ~ smtpd.h > Implement smtpctl discover <evpid|msgid>. > discover subcommand schedules envelopes manually moved to the queue. > It triggers a queue walk searching for envelopes with the given id, > schedules them and informs the user number of envelopes scheduled. > Admins no longer would need to restart the daemon to discover > manually moved messages. > Ok gilles@ (sunil@) =============================================================================== _______________________________________________ odc mailing list [email protected] http://www.squish.net/mailman/listinfo/odc
