OpenBSD src changes summary for 2015-11-18 ==========================================
bin/ksh distrib/miniroot distrib/sets include/Makefile include/icdb.h include/pwd.h lib/libc lib/libkeynote lib/libsndio libexec/login_lchpass libexec/login_passwd sbin/fdisk sbin/fsirand sbin/iked sbin/init sys/arch/octeon/dev sys/crypto sys/kern sys/net sys/netinet sys/netinet6 sys/sys usr.bin/chpass usr.bin/mg usr.bin/newsyslog usr.bin/sndiod usr.bin/ssh usr.bin/tmux usr.sbin/bgpctl usr.sbin/mtrace usr.sbin/tcpdump == bin =============================================================== 01/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/bin ksh ~ lex.c > Only unget match[] if it has been used, ok sthen (nicm@) == distrib =========================================================== 02/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib miniroot ~ install.sub > Now that the transition is over, have the installer set 'prohibit-password' > in sshd_config instead of 'without-password'. "it is time" deraadt@ > (sthen@) sets ~ lists/base/md.alpha ~ lists/base/md.amd64 ~ lists/base/md.armish ~ lists/base/md.armv7 ~ lists/base/md.aviion ~ lists/base/md.hppa ~ lists/base/md.hppa64 ~ lists/base/md.i386 ~ lists/base/md.landisk ~ lists/base/md.loongson ~ lists/base/md.luna88k ~ lists/base/md.macppc ~ lists/base/md.octeon ~ lists/base/md.sgi ~ lists/base/md.socppc ~ lists/base/md.sparc ~ lists/base/md.sparc64 ~ lists/base/md.vax ~ lists/base/md.zaurus ~ lists/comp/mi > sync (deraadt@) == include =========================================================== 03/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/include Makefile ~ Makefile > add icdb.h here (this header may go away entirely, but the functions > need to live somewhere in the meantime.) (tedu@) icdb.h + icdb.h > Add icdb, the internal c database. A simpler replacement for the old > Berzerkeley DB code. (tedu@) ~ icdb.h > add a version field to prevent mayhem if different data gets stored (tedu@) pwd.h ~ pwd.h > Add _shadow variants to the two popular getpw functions (uid and nam). > This version of the function will always open the secure/shadow/master > password files. Soon, the regular variants of these functions will not. > (Intermixing shadow and regular gets a little weird; don't do that.) > Not using struct spwd and getspwnam functions to reduce churn in callers. > Should just be a one line diff in most places. > ok deraadt (tedu@) == lib =============================================================== 04/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib libc ~ sys/pledge.2 > rob pierce spotted a mistake left by jmc (deraadt@) ~ gen/getpwent.c ~ hidden/pwd.h > Add _shadow variants to the two popular getpw functions (uid and nam). > This version of the function will always open the secure/shadow/master > password files. Soon, the regular variants of these functions will not. > (Intermixing shadow and regular gets a little weird; don't do that.) > Not using struct spwd and getspwnam functions to reduce churn in callers. > Should just be a one line diff in most places. > ok deraadt (tedu@) + stdlib/icdb.c > Add icdb, the internal c database. A simpler replacement for the old > Berzerkeley DB code. (tedu@) ~ shlib_version ~ Symbols.list ~ stdlib/Makefile.inc > update for new symbols and code (tedu@) ~ stdlib/icdb.c > add a version field to prevent mayhem if different data gets stored (tedu@) ~ gen/getpwnam.3 > document the _shadow functions (tedu@) ~ gen/Makefile.inc > mlinks for _shadow (tedu@) libkeynote ~ environment.c ~ keynote-verify.c > Remove memory.h includes. > ok deraadt@ (mmcc@) libsndio ~ sio_sun.c > Split function to initialize the raw device in two parts, one to open > the device node, the other to do the initialization. This will allow > with minimal changes, work to be done in two process sharing the fd. > No behaviour change. (ratchov@) == libexec =========================================================== 05/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/libexec login_lchpass ~ login_lchpass.c > use _shadow getpw functions. these utilities obviously deal with hashes. > (tedu@) login_passwd ~ login_passwd.c > use _shadow getpw functions. these utilities obviously deal with hashes. > (tedu@) == sbin ============================================================== 06/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin fdisk ~ fdisk.c > Read MBR immediately, and only read the GPT if the MBR is a > protective MBR. (krw@) ~ user.c > USER_edit() (a.k.a. -e) edits the on-disk information. So zap GPT > and re-read it from disk if appropriate. i.e. when the re-read MBR > is a protective MBR. (krw@) ~ fdisk.c > Rejig the MBR file reading logic so > 1) If mbr_file is NULL use built-in mbr for -i, -u and 'reinit'. > 2) If mbr_file cannot be opened issue a warning and use built-in mbr for > -i, > -u, and 'reinit'. > 3) If mbr_file can't be read, bail out of fdisk. > 4) Use the mbr read from mbr_file for -i, -u, and 'reinit'. > Remove inappropriate GPT dancing. > This restores pre-GPT-editing mbr_file handling and makes the logic > clearer at the expense of a tiny bit of duplication. (krw@) ~ fdisk.c > g_flag does not need to be a global. Move it inside main(). (krw@) ~ fdisk.c ~ mbr.c ~ mbr.h > Parse the original on-disk MBR into a local variable. Use the > partition table in this variable when doing an 'u'pdate of the MBR. > Remove now superfluous MBR_pcopy() and its re-read of the on-disk MBR. > (krw@) ~ cmd.c ~ mbr.c > Change #include <memory.h> to #include <string.h> (krw@) fsirand ~ fsirand.c > opendev() should not use OPENDEV_PART; ok millert (deraadt@) iked ~ config.c > pledge exposed a simple bug: the unprivileged child tried to print the > policy after receiving it from the parent. print_policy -> > print_proto -> getprotobynumber -> pledge abort because it tried to > access /etc/protocols without rpath. It was just a debugging message > that can be moved to the parent (printing the policy on the sender > side and not the receiver side). The parent has rpath and dns. > Issue found by sthen@ with "proto etherip" > OK sthen@ benno@ (reyk@) init ~ init.c > use _shadow getpwnam (and crypt_checkpass) (tedu@) == sys =============================================================== 07/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys arch/octeon/dev ~ if_cnmac.c > Take account of padding with dynamic short packets. This fixes the > reception of short non-IP packets which I broke in revision 1.28. (visa@) crypto ~ cryptosoft.c > Cleanup gotos as suggested by jsing@ along with spaces and label names > (mikeb@) kern ~ vfs_syscalls.c > In sys_revoke, inspect the VISTTY flag on the backside of VOP_GETATTR, > because that shows the /dev/console translated vnode. > You either already know the story, or you don't want to know. (deraadt@) ~ kern_pledge.c ~ uipc_syscalls.c > check domain and state of socket against pledge promise. > ok deraadt@ (semarie@) net ~ route.c > Multipath selection should be done before caching the next hop. > Fix a regression introduced by rtalloc(9) rewrite where only the > first route of a multipath chain had a valid next hop and could > be used. > ok sthen@, dlg@ (mpi@) ~ route.c > Revert previous workaround now that multipath route selection has been > fixed. > ok sthen@, dlg@ (mpi@) ~ if.c ~ if_var.h > Factorize the bits to check if a L2 route is connected, wether it is > attached to a carp(4) or bridge(4) member, to not dereference rt_ifp > directly. > ok visa@ (mpi@) ~ route.c ~ rtsock.c > Do not dereference rt_ifp to call if_rtrequest. > This only happens under KERNEL_LOCK() so we know for sure that the > interface attached to a route entry is valid. (mpi@) netinet ~ if_ether.c ~ ip_carp.c ~ ip_carp.h > Make use of srp_enter()/srp_leave() in carp_iamatch() in preparation > for unlocking the ARP input path. > ok dlg@ (mpi@) ~ if_ether.c > Factorize the bits to check if a L2 route is connected, wether it is > attached to a carp(4) or bridge(4) member, to not dereference rt_ifp > directly. > ok visa@ (mpi@) netinet6 ~ in6.c ~ in6_var.h ~ nd6_nbr.c > Factorize the bits to check if a L2 route is connected, wether it is > attached to a carp(4) or bridge(4) member, to not dereference rt_ifp > directly. > ok visa@ (mpi@) sys ~ pledge.h > check domain and state of socket against pledge promise. > ok deraadt@ (semarie@) ~ pledge.h > remove pledge_aftersyscall() prototype as the function was been removed. > while here, move pledge_namei() proto with others pledge_* functions used > for > check promises. (semarie@) == usr.bin =========================================================== 08/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin chpass ~ chpass.c > needs _shadow so it can rewrite the master.passwd file (tedu@) mg ~ mg.1 > Remove "space-to-tabstop" from the manpage - it is not enabled, > ifdef'ed with NOTAB, and doesn't seem to work. > OK lum@ (reyk@) ~ util.c ~ window.c > whitespace (jasper@) ~ tty.c > shrink differences between ttinsl/ttdell (jasper@) newsyslog ~ newsyslog.c > don't drop "pledge exec", it's needed for compression. ok deraadt@ (sthen@) sndiod ~ sndiod.1 > say that network communication is not secure (ratchov@) ~ listen.c ~ sndiod.c > disable networking (i.e. -L option) until privilege separation is > implemented (ratchov@) ~ sndiod.1 > missing word; from jan stary (jmc@) ssh ~ ssh-keygen.c > fix "ssh-keygen -l" of private key, broken in support for > multiple plain keys on stdin (djm@) tmux ~ session.c > Don't update activity time twice for new sessions, and add some logging. > (nicm@) ~ input.c ~ log.c ~ options.c ~ tmux.h ~ tty-term.c ~ xmalloc.c + xmalloc.h > Sync the entire xmalloc.[ch] with the other users, but with the addition > of xrealloc, xvasprintf, xvsnprintf. (nicm@) ~ format.c ~ tmux.1 > Add s/foo/bar/: prefix for formats to substitute bar for foo. (nicm@) ~ alerts.c ~ cfg.c ~ client.c ~ cmd-kill-server.c ~ cmd-list-buffers.c ~ cmd-list-keys.c ~ cmd-lock-server.c ~ cmd-pipe-pane.c ~ cmd-set-option.c ~ cmd-wait-for.c ~ control-notify.c ~ control.c ~ format.c ~ job.c ~ log.c ~ names.c ~ proc.c ~ screen-write.c ~ server-client.c ~ server-fn.c ~ server.c ~ session.c ~ status.c ~ tmux.h ~ tty-keys.c ~ tty.c ~ window-choose.c ~ window-clock.c ~ window-copy.c ~ window.c > Use __unused rather than rolling our own. (nicm@) ~ cmd-display-message.c > Use format_expand_time for display-message. (nicm@) == usr.sbin ========================================================== 09/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin bgpctl ~ irr_output.c > err(1, "foo") -> err(1, NULL) for strdup() (mmcc@) mtrace ~ mtrace.c > Remove memory.h include. > ok deraadt@ (mmcc@) tcpdump ~ addrtoname.c ~ parsenfsfh.c ~ print-arp.c ~ print-bootp.c ~ print-dhcp6.c ~ print-snmp.c > Remove memory.h includes. > ok deraadt@ (mmcc@) =============================================================================== _______________________________________________ odc mailing list [email protected] http://www.squish.net/mailman/listinfo/odc
