OpenBSD src changes summary for 2015-11-03 ==========================================
distrib/sets lib/libc lib/libssl regress/sys sbin/clri sbin/fdisk share/man sys/arch/amd64/stand/efi sys/arch/amd64/stand/efiboot sys/conf sys/crypto sys/kern sys/net sys/netinet sys/netinet6 sys/sys usr.bin/at usr.bin/banner usr.bin/column usr.bin/cut usr.bin/dc usr.bin/finger usr.bin/from usr.bin/m4 usr.bin/tmux usr.sbin/cron usr.sbin/hostapd usr.sbin/installboot usr.sbin/radiusd usr.sbin/rtadvd usr.sbin/smtpd usr.sbin/snmpd usr.sbin/tcpdump == distrib =========================================================== 01/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib sets ~ lists/base/md.alpha ~ lists/base/md.amd64 ~ lists/base/md.armish ~ lists/base/md.armv7 ~ lists/base/md.aviion ~ lists/base/md.hppa ~ lists/base/md.hppa64 ~ lists/base/md.i386 ~ lists/base/md.landisk ~ lists/base/md.loongson ~ lists/base/md.luna88k ~ lists/base/md.macppc ~ lists/base/md.octeon ~ lists/base/md.sgi ~ lists/base/md.socppc ~ lists/base/md.sparc ~ lists/base/md.sparc64 ~ lists/base/md.vax ~ lists/base/md.zaurus ~ lists/comp/mi > sync (jsg@) == lib =============================================================== 02/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib libc ~ sys/pledge.2 > systrace should work now (tedu@) ~ sys/pledge.2 > Improve explanations throughout (deraadt@) libssl ~ src/crypto/opensslv.h > bump to 2.3.2, format LIBRESSL_VERSION_NUMBER like OPENSSL_VERSION_NUMBER. > Suggested by WubTheCaptain so the same comparison code can be used with > LibreSSL. > https://www.openssl.org/docs/manmaster/crypto/OPENSSL_VERSION_NUMBER.html > (bcook@) == regress =========================================================== 03/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress sys + crypto/chachapoly/Makefile + crypto/chachapoly/chachapoly_test.c > Test vectors for Chacha20-Poly1305 > ok naddy, djm, reyk (mikeb@) ~ kern/pledge/generic/Makefile + kern/pledge/generic/systrace.filter.in > regress pledge: check the regress with systrace enabled too (semarie@) ~ kern/pledge/generic/systrace.filter.in > regress: pledge > - add $OpenBSD$ tag in systrace.filter.in > - replace dir by variable (semarie@) ~ kern/pledge/generic/Makefile > regress: pledge > check for error output for systrace (semarie@) == sbin ============================================================== 04/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin clri ~ clri.c > Add blank lines surrounding pledge call, as per decree of deraadt@ (mmcc@) fdisk ~ cmd.c ~ misc.c > Don't allow the user to enter GPT partition names too large to fit > in the GPT partition structure. And don't run off the end of the > name buffer by confusing sizeof() with the number of elements in > an array. Use the new GPTPARTNAMESIZE #define instead. While here, > zap the old partition name before setting the new one, lest a short > new name leave bits of an old long name in place. > Originally spotted by jsg@ and his friend cppcheck. > ok jsg@ for slightly different version. (krw@) == share ============================================================= 05/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share man ~ man9/socreate.9 > you must pass uio to socreate, even if you want an mbuf back. > the uio specifies how much data may be returned in the mbuf. > this should make teary students less sad, but probably not cos > theyve already had to hand the assignment in. (dlg@) ~ man4/ip6.4 > RFC2292 and IPV6_PKTOPTIONS are dead; ok millert@ (jca@) ~ man4/systrace.4 > zap the correspoonding note in systrace(4) - tedu says > systrace/pledge should work; (jmc@) ~ man5/pf.conf.5 > we need an unbreakable space in O(log2 n). > ok jmc@ (sobrado@) ~ man4/carp.4 > improve the load balancing text; ok mpi (jmc@) == sys =============================================================== 06/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys arch/amd64/stand/efi ~ include/efiapi.h > Use "Loaded Image Protocol" instead of "Loaded Device Path Protocol" > to find the boot device since macbook doesn't support later protocol. > reported by Joel Roberts and Bryan Vyhmeister (yasuoka@) arch/amd64/stand/efiboot ~ efiboot.c > Use "Loaded Image Protocol" instead of "Loaded Device Path Protocol" > to find the boot device since macbook doesn't support later protocol. > reported by Joel Roberts and Bryan Vyhmeister (yasuoka@) ~ efiboot.c > Ignore disks whose media is not present. (yasuoka@) conf ~ files > Hook up Chacha20-Poly1305 to the OpenBSD Cryptographic Framework > ok naddy, jsing (mikeb@) crypto + chachapoly.c + chachapoly.h > Chacha20-Poly1305 AEAD construction as described in RFC7634 and RFC7539 > ok naddy, jsing (mikeb@) ~ cryptodev.h ~ xform.c ~ xform.h > Hook up Chacha20-Poly1305 to the OpenBSD Cryptographic Framework > ok naddy, jsing (mikeb@) ~ cryptosoft.c > Enable Chacha20-Poly1305 in the software crypto driver > ok naddy, jsing, reyk (mikeb@) ~ cryptodev.h > Remove two unused defines (mikeb@) kern ~ kern_pledge.c > pledge_aftersyscall has been reduced to one case, "getpw", to open a > window for chatting to ypserv. This can be done in pledge_namei, so > improve system call performance by removing the pledge_aftersyscall hook. > ok semarie (deraadt@) ~ uipc_usrreq.c > AF_UNIX connect is a "unix" operation, not "rpath wpath" (deraadt@) net ~ pfkeyv2.h ~ pfkeyv2_convert.c > Plumb Chacha20-Poly1305 into the IPsec/ESP and PF_KEY frameworks > ok naddy (mikeb@) ~ if_mpw.c > pull packets off the send queue with IFQ_DEQUEUE instead of IF_DEQUEUE. > (dlg@) ~ if_pppx.c > use an mbuf_queue for the svcq instead of an ifqueue. (dlg@) ~ if.c > Do not clear M_PROTO1 flag before calling if_start() because pseudo- > drivers, like vlan(4), call if_enqueue() in their *start function. > Prevent an infinite recursion reported by Armin Wolfermann on bugs@. (mpi@) ~ pipex.c > Remove dead assignment and newly created unused variable. > Found by LLVM/Clang Static Analyzer. > ok yasuoka@ mpi@ (chl@) ~ pf_table.c > - fixes potential use-after-free in pfr_set_addrs() > OK mikeb@, OK bluhm@ (sashan@) netinet ~ ip_esp.c > Plumb Chacha20-Poly1305 into the IPsec/ESP and PF_KEY frameworks > ok naddy (mikeb@) ~ ip_output.c > Disable TCP/UDP TX hardware checksumming if an IPv4 packet contains > IP options or if an IPv6 packet contains header extensions. > Required by cnmac(4) and a sensible precautionary measure in general. > ok visa@, mikeb@ (naddy@) netinet6 ~ ip6_output.c > Disable TCP/UDP TX hardware checksumming if an IPv4 packet contains > IP options or if an IPv6 packet contains header extensions. > Required by cnmac(4) and a sensible precautionary measure in general. > ok visa@, mikeb@ (naddy@) ~ icmp6.c ~ ip6_output.c > Remove dead assignments. > Found by LLVM/Clang Static Analyzer. > ok bluhm@ mpi@ (chl@) sys ~ vnode.h > Delete VBITS: it's unused and the definition is actually wrong > ok miod@ (guenther@) ~ disklabel.h > Add & use a #define GPTPARTNAMESIZE rather than the magic number > '36'. > ok jsg@ as part of larger diff. (krw@) ~ proc.h ~ syscall_mi.h > pledge_aftersyscall has been reduced to one case, "getpw", to open a > window for chatting to ypserv. This can be done in pledge_namei, so > improve system call performance by removing the pledge_aftersyscall hook. > ok semarie (deraadt@) == usr.bin =========================================================== 07/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin at - privs.h ~ at.c > It is only necessary to swap the effective gid when reading a file. > An attacker exploiting an overflow can change the egid themselves > so running with the egid of the user in other places just gives you > a false sense of security. OK nicm@ deraadt@ (millert@) banner ~ banner.c > Add blank line after pledge call. (mmcc@) column ~ column.c > Blank line before pledge(). (mmcc@) cut ~ cut.c > Blank line after pledge(). (mmcc@) dc ~ dc.c > Surround pledge calls with blank lines. (mmcc@) finger ~ finger.c > Blank line after pledge call. (mmcc@) from ~ from.c > Blank line after pledge call. (mmcc@) m4 ~ main.c ~ mdef.h ~ pathnames.h > There really is no double standard. Treat m4 just like openssl, by > removing VMS and MSDOS support. > ok espie (deraadt@) tmux ~ cmd-attach-session.c > Detach the client we are looping over, from Thomas Adam. (nicm@) == usr.sbin ========================================================== 08/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin cron ~ client.c > Use send(MSG_NOSIGNAL) instead of mucking with the disposition of SIGPIPE > ok millert@ (guenther@) ~ crontab.c > It is only necessary to swap the effective gid when reading a file. > Since we got rid of TMPDIR support there's no need to swap gids > when creating or unlinking the temporary file. OK deraadt@ (millert@) ~ crontab.c > If pledge(2) fails use perror instead of log_it(RealUser, ...) since > RealUser has not been filled in yet. (millert@) hostapd ~ iapp.h > Missing comma. > from Kevin Reay <kevintreayopenbsd AT gmail DOT com> (mpi@) installboot ~ i386_installboot.c > fix a memory leak in an error path (jsg@) radiusd ~ radiusd_radius.c > Blank lines around pledge call. (mmcc@) rtadvd ~ if.c > Recognize carp(4) interfaces (yes, they are special...) in order to send > the src lladdr option. > Problem reported and diff provided by Lauri Tirkkonen on bugs@ > ok sthen@ (mpi@) smtpd ~ enqueue.c > Blank line after pledge call. (mmcc@) snmpd ~ kroute.c > When updating an interface, do not delete the kif_node but let > fetchifs() update the existing node. Thus we don't lose the ARP entries. > And while here, also handle RTM_DESYNC messages. > ok mikeb@ (gerhard@) tcpdump ~ privsep.c > Surround pledge call with blank lines. (mmcc@) =============================================================================== _______________________________________________ odc mailing list [email protected] http://www.squish.net/mailman/listinfo/odc
