OpenBSD src changes summary for 2015-12-04 ==========================================
distrib/sets games/battlestar games/bs games/robots games/tetris lib/libssl regress/misc regress/sys regress/usr.sbin share/man sys/arch/alpha/alpha sys/arch/sparc64/dev sys/dev/usb sys/kern sys/net sys/netinet6 sys/netmpls sys/sys usr.bin/cap_mkdb usr.bin/doas usr.bin/signify usr.bin/ssh usr.bin/tsort usr.bin/unifdef usr.sbin/ftp-proxy usr.sbin/npppd usr.sbin/rebound usr.sbin/relayd usr.sbin/vmctl usr.sbin/vmd == distrib =========================================================== 01/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib sets ~ lists/man/mi > sync (deraadt@) == games ============================================================= 02/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/games battlestar ~ battlestar.c ~ com6.c ~ extern.h > cleanup: remove pwd.h, delete a stray comment and a const qualifier (tb@) bs ~ bs.c > assume modern curses and unifdef ancient feature tests (tedu@) robots ~ main.c ~ robots.6 ~ robots.h ~ score.c > Drop pledge("getpw") and pwd.h and use the now usual > LOGNAME -> USER -> getlogin() -> ??? fallback > in the score file, as requested by tedu@ > Man page bits adapted from jmc@'s tweaks to snake.6 (tb@) ~ robots.6 > put FILES into a similar format as ENVIRONMENT; (jmc@) tetris ~ tetris.6 > Tweak alignment of ENVIRONMENT and FILES. > Use sentence format for the highscore file, too. > Discussed with jmc@ (tb@) == lib =============================================================== 03/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib libssl ~ src/crypto/rsa/rsa_ameth.c TAGGED OPENBSD_5_8 > patch for OpenSSL CVE-2015-3194 (beck@) ~ src/crypto/rsa/rsa_ameth.c TAGGED OPENBSD_5_7 > patch for OpenSSL CVE-2015-3194 (beck@) ~ src/crypto/asn1/tasn_dec.c TAGGED OPENBSD_5_7 > Fix for OpenSSL CVE-2015-3195 > ok djm@ jsing@ (beck@) ~ src/crypto/asn1/tasn_dec.c TAGGED OPENBSD_5_8 > Fix for OpenSSL CVE-2015-3195 (beck@) ~ src/crypto/asn1/tasn_dec.c TAGGED OPENBSD_5_7 > Fix for OpenSSL CVE-2015-3195 (beck@) ~ src/crypto/opensslv.h TAGGED OPENBSD_5_8 > Bump LibreSSL version number to 2.2.5 in 5.8 release branch. (bcook@) == regress =========================================================== 04/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress misc + utf8/wc.exp + utf8/wc.sh > add a test for wc -m > (this may not be the best place for these tests. perhaps they all belong > in the regular usr.bin hierarchy. for now, keeping them all together.) > (tedu@) ~ utf8/wc.exp ~ utf8/wc.sh > tweak wc test to include a nonbreaking space (tedu@) sys ~ net/rtable/kern_compat.h ~ net/rtable/util.c > Sync after rt_mask() removal. (mpi@) ~ netinet/arp/Makefile + netinet/arp/arp_nonproxy.py > Enter a static ARP entry for a fake address which is not published > by the ARP proxy. The kernel must not answer ARP requests for such > addresss. This test triggers a misbehavior in ART as it currently > answers in such situations. Radix tree works fine as it uses 33 > bit IPv4 entries for ARP proxy. (bluhm@) ~ netinet/arp/Makefile + netinet/arp/arp_otherproxy.py > Comment all existing ARP test cases describing what is going on. > Add a new test that creates proxy ARP entries on a second interface. > Requests for that from the first interfaces must not be answered. (bluhm@) usr.sbin ~ syslogd/Server.pm ~ syslogd/args-sendsyslog-native.pl ~ syslogd/args-ttymsg-delay.pl ~ syslogd/funcs.pl ~ syslogd/ttylog.c + syslogd/args-sendsyslog-syscall.pl + syslogd/args-sendsyslog-syscall2.pl > Add tests that call the syscalls sendsyslog(2) and sendsyslog2(2) > directly. (bluhm@) == share ============================================================= 05/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share man ~ man4/Makefile > Add etherip.4 to MAN > ok goda (yasuoka@) ~ man7/hier.7 > document /usr/include/{msdosfs,ntfs} (jmc@) == sys =============================================================== 06/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys arch/alpha/alpha ~ pmap.c > add a missing mtx_leave before a panic to give ddb/reboot a better > chance of working. > ok deraadt@ (jsg@) arch/sparc64/dev ~ vnet.c > Add intr_barrier() just in case... (kettenis@) dev/usb ~ ubcmtp.c ~ utpms.c > Activate functions should in general return 0 for events they don't handle. > ok deraadt@ (kettenis@) kern ~ kern_pledge.c > Do not think atomicity is required here. In any case, prepare for > ps_pledge to become 64-bits over the next few days (things are getting > a bit tight; most newer pledges will be quite device-driver specific) > (deraadt@) ~ kern_pledge.c ~ vfs_syscalls.c > Add pledge "dpath", which provides access to mknod(2) and mkfifo(2). > This will be required to keep pax/tar/cpio at otherwise very high levels > of pledge (and we will see where else it is beneficial). > Allocate a bit for pledge "audio", which will be coming soon. > good discussions with semarie (deraadt@) ~ kern_pledge.c > remove PLEDGE_INET granting when using "getpw" in YP environnment > it makes PLEDGE_YPACTIVE enough for doing required networking with YP. It > should permit to bring YP internals into the light. > discuted with deraadt@ (semarie@) ~ kern_pledge.c > allow utrace(2) by default. > conversation with jsg (deraadt@) net ~ if_bridge.c > bridge(4) never outputs packets so set its if_output and if_start to NULL. > bridge_output() is used by the stack to duplicate a packet coming from a > bridge member to its other ports. > Confusion pointed by Momtchil Momtchev on misc@ > ok reyk@ (mpi@) ~ if.c > Grab the KERNEL_LOCK() around bridge_output(). > It is now safe to call if_enqueue() without holding the KERNEL_LOCK() > even on an interface part of a bridge(4). > ok dlg@, henning@, kettenis@ (mpi@) ~ if_etherip.c > Reject input when either the version is wrong or the pad is non-zero; > not when the version is wrong and the pad is non-zero. > OK goda@ (reyk@) ~ route.c ~ rtable.c > Move the KERNEL_LOCK from rt_match() to rtable_match(). > ok claudio@ (mpi@) ~ art.c ~ art.h > Reduce the stride length of the tables by two and use a single page > allocator for the 4K heap. > In this configuration a fullfeed BGP server for v4 and v6 consumes > 10M more than with the radix tree. > This double the depth of the tree and makes the lookup slower. But > the ratio speed/memory can be adjusted in the future, for now we are > interested in a lock-free route lookup. > Tested by and ok benno@ (mpi@) netinet6 ~ ip6_id.c > prefix function names like randomid and pmod to keep them out of global > namespace. the history of this file is that it was a modified version of > ip_id.c (with static functions to avoid clashes), then that file was > rewritten, then this file lost static. (tedu@) netmpls ~ mpls_input.c > There is no need to grab the KERNEL_LOCK here anymore. After discussion > with > dlg@ and mpi@ (claudio@) sys ~ pledge.h > Add pledge "dpath", which provides access to mknod(2) and mkfifo(2). > This will be required to keep pax/tar/cpio at otherwise very high levels > of pledge (and we will see where else it is beneficial). > Allocate a bit for pledge "audio", which will be coming soon. > good discussions with semarie (deraadt@) == usr.bin =========================================================== 07/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin cap_mkdb - getinfo.c ~ Makefile ~ cap_mkdb.1 ~ cap_mkdb.c > cap_mkdb no longer needs to understand terminfo files, so remove -i. > ok tedu millert (nicm@) ~ cap_mkdb.1 ~ cap_mkdb.c > remove -i from SYNOPSIS and usage(); (jmc@) doas ~ parse.y > espie reminds me that EOF can happen for errors as well, so check for that > happening and print a message. (tedu@) signify ~ signify.c > polishing (tedu@) ssh ~ sshconnect2.c > clean up agent_fd handling; properly initialise it to -1 and > make tests consistent > ok markus@ (djm@) ~ auth.h ~ authfd.c ~ authfd.h ~ kex.c ~ kex.h ~ kexc25519s.c ~ kexdhs.c ~ kexecdhs.c ~ kexgexs.c ~ key.c ~ key.h ~ krl.c ~ monitor.c ~ monitor_wrap.c ~ monitor_wrap.h ~ myproposal.h ~ packet.c ~ serverloop.c ~ ssh-agent.c ~ ssh-keygen.c ~ ssh-keysign.c ~ ssh-rsa.c ~ ssh2.h ~ ssh_api.c ~ sshconnect2.c ~ sshd.c ~ sshkey.c ~ sshkey.h > implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures (user and host > auth) > based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt; > with & ok djm@ (markus@) ~ misc.c > Properly handle invalid %-format by calling fatal. > ok deraadt, djm (tobias@) tsort ~ tsort.c > read_hints should also protect against ferror. > obvious commit (espie@) unifdef ~ unifdef.1 ~ unifdef.c > Document that the -M option doesn't save a backup when passed ''. Also > clean up the corresponding logic to avoid a useless rename(2) call. > ok deraadt sthen (mmcc@) == usr.sbin ========================================================== 08/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin ftp-proxy ~ ftp-proxy.c > Make the NOPRIV_USER match that is actually intended to be used for > that. Problem introduced since tftp-proxy and ftp-proxy have separate > nonpriv users. > OK deraadt@ (sebastia@) npppd - npppd/npppd_tun.c - npppd/npppd_tun.h > Remove files which had been unused. (yasuoka@) ~ npppd/lcp.c > Fix typo in #include line. (yasuoka@) rebound ~ rebound.8 ~ rebound.c > - sync usage > - add a bit more detail about config alternative file > and add -d while here. > manpage help from jmc@ schwarze@ thanks a lot! > OK tedu jmc schwarze (gsoares@) ~ rebound.c > ignore SIGPIPE. i don't see any way for it to happen, but nevertheless we > definitely don't want to receive it unexpectedly. (tedu@) ~ rebound.c > one signal.h should suffice (tedu@) ~ rebound.c > push daemon call a little later so if the address is in use we see the > error message (tedu@) ~ rebound.c > refine some logging and error messages. errors will now always go to stderr > until daemonized and syslog as well. make logerr() work more like err(). > (tedu@) relayd ~ relay.c > pledge the relay (layer 7 proxy) children, they can do with "stdio > recvfd inet" > ok reyk@ (benno@) vmctl ~ vmctl.8 > sort flags. > ok jmc@ (sobrado@) ~ main.c ~ vmctl.8 ~ vmctl.c ~ vmctl.h > Add -c option to "vmctl start" to automatically connect to the VM > console after startup. This calls 'cu -l $TTY -s 9600' internally - > a "safe mode" for cu is proposed by tedu@. > Requested by mlarkin@ > OK tedu@ on the execl/cu chunk (reyk@) ~ vmctl.8 > macro args in previous were the wrong way round; > zap some trailing whitespace while here; (jmc@) vmd ~ config.c > A VM has to run with at least 1 CPU. (reyk@) =============================================================================== _______________________________________________ odc mailing list [email protected] http://www.squish.net/mailman/listinfo/odc
