OpenBSD src changes summary for 2015-12-09 ==========================================
bin/md5 bin/systrace distrib/sets etc/MAKEDEV.common games/grdc lib/libc lib/libcrypto lib/libssl lib/libtls lib/libutil regress/sys regress/usr.bin sbin/ifconfig sbin/iked sbin/ipsecctl sbin/isakmpd sbin/tunefs share/man sys/arch/amd64/amd64 sys/dev/pci sys/dev/pv sys/dev/usb sys/net sys/netinet sys/netinet6 usr.bin/bgplg usr.bin/cvs usr.bin/ftp usr.bin/less usr.bin/locate usr.bin/login usr.bin/newsyslog usr.bin/nm usr.bin/passwd usr.bin/paste usr.bin/quota usr.bin/rdist usr.bin/rusers usr.bin/telnet usr.bin/whois usr.bin/xargs usr.sbin/nsd usr.sbin/smtpd usr.sbin/unbound == bin =============================================================== 01/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/bin md5 ~ md5.c > Remove NULL-check before free(). ok tb@ (mmcc@) systrace ~ filter.c ~ intercept-translate.c ~ intercept.c ~ openbsd-syscalls.c > Remove NULL-check before free(). ok tb@ (mmcc@) == distrib =========================================================== 02/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib sets ~ lists/base/md.alpha ~ lists/base/md.amd64 ~ lists/base/md.armish ~ lists/base/md.armv7 ~ lists/base/md.hppa ~ lists/base/md.hppa64 ~ lists/base/md.i386 ~ lists/base/md.landisk ~ lists/base/md.loongson ~ lists/base/md.luna88k ~ lists/base/md.macppc ~ lists/base/md.octeon ~ lists/base/md.sgi ~ lists/base/md.socppc ~ lists/base/md.sparc ~ lists/base/md.sparc64 ~ lists/base/md.vax ~ lists/base/md.zaurus ~ lists/comp/mi ~ lists/man/mi > sync (deraadt@) ~ lists/base/md.alpha ~ lists/base/md.amd64 ~ lists/base/md.armish ~ lists/base/md.armv7 ~ lists/base/md.hppa ~ lists/base/md.hppa64 ~ lists/base/md.i386 ~ lists/base/md.landisk ~ lists/base/md.loongson ~ lists/base/md.luna88k ~ lists/base/md.macppc ~ lists/base/md.octeon ~ lists/base/md.sgi ~ lists/base/md.socppc ~ lists/base/md.sparc ~ lists/base/md.sparc64 ~ lists/base/md.zaurus ~ lists/base/mi ~ lists/comp/mi > sync (deraadt@) == etc =============================================================== 03/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/etc MAKEDEV.common ~ MAKEDEV.common > vmm node only needs mode 600 (deraadt@) == games ============================================================= 04/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/games grdc ~ grdc.c > include err.h for err() (jsg@) == lib =============================================================== 05/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib libc ~ stdlib/malloc.c > Integrate two patches originally from Daniel Micay. > 1. Optionally add random "canaries" to the end of an allocation. This > requires increasing the internal size of the allocation slightly, which > probably results in a large effective increase with current power of two > sizing. Therefore, this option is only enabled via 'C'. > 2. When writing junk (0xdf) to freed chunks (current default behavior), > check that the junk is still intact when finally freeing the delayed chunk > to catch some potential use after free. This should be pretty cheap so > there's no option to control it separately. > ok deraadt tb (tedu@) libcrypto ~ crypto/shlib_version > bump the major for libcrypto/ssl/tls for a CRYPTO_chacha_20 ABI change > ok jsing@, deraadt@, beck@ (bcook@) libssl ~ src/crypto/chacha/chacha.c ~ src/crypto/chacha/chacha.h > Change the counter argument for CRYPTO_chacha_20 to be 64-bits on all > platforms. > The recently-added EVP_aead_chacha20_poly1305_ietf() function, which > implements > informational RFC 7539, "ChaCha20 and Poly1305 for IETF Protocols", needs a > 64-bit counter to avoid truncation on 32-bit platforms. > The existing TLS ChaCha20-Poly1305 ciphersuite is not impacted by this, but > making this change requires an ABI bump. > ok jsing@, "Looks sane" beck@ (bcook@) ~ ssl/shlib_version > bump the major for libcrypto/ssl/tls for a CRYPTO_chacha_20 ABI change > ok jsing@, deraadt@, beck@ (bcook@) libtls ~ shlib_version > bump the major for libcrypto/ssl/tls for a CRYPTO_chacha_20 ABI change > ok jsing@, deraadt@, beck@ (bcook@) libutil ~ imsg.c > Add a cast to silence a compiler warning by clang on FreeBSD. > From Craig Rodrigues. > ok tedu@ (tb@) == regress =========================================================== 06/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress sys ~ netinet/in_pcbbind/runtest.c ~ netinet/in_pcbbind/Makefile > add multicast test suites (vgross@) usr.bin ~ fmt/fmt.sh > add a quick test for utf-8 handling (tedu@) == sbin ============================================================== 07/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin ifconfig ~ ifconfig.c > Revert SIOCDIFADDR_IN6 fix. > It's not possible to fix this issue in ifconfig(8) because in_control() > and in6_control() have a subtle semantic difference which result in > breaking alias for IPv4. > in_control() always select the first address on the list of an interface > whereas in6_control() doesn't. That's why ifconfig(8) passes an empty > "struct in_aliasreq" and that fails in netinet6. > Breakage reported by deraadt@ (mpi@) iked ~ iked.conf.5 ~ parse.y ~ pfkey.c > Remove plain DES encryption from IPsec. > DES is insecure since brute force attacks are practical due to its > short key length. > This removes support for DES-CBC encryption in ESP and in IKE main > and quick mode from the kernel, isakmpd(8), ipsecctl(8), and iked(8). > ok mikeb@ (naddy@) ipsecctl ~ ike.c ~ ipsec.conf.5 ~ ipsecctl.h ~ parse.y ~ pfkdump.c ~ pfkey.c > Remove plain DES encryption from IPsec. > DES is insecure since brute force attacks are practical due to its > short key length. > This removes support for DES-CBC encryption in ESP and in IKE main > and quick mode from the kernel, isakmpd(8), ipsecctl(8), and iked(8). > ok mikeb@ (naddy@) isakmpd ~ conf.c ~ crypto.c ~ ipsec.c ~ isakmpd.conf.5 ~ pf_key_v2.c ~ sa.c > Remove plain DES encryption from IPsec. > DES is insecure since brute force attacks are practical due to its > short key length. > This removes support for DES-CBC encryption in ESP and in IKE main > and quick mode from the kernel, isakmpd(8), ipsecctl(8), and iked(8). > ok mikeb@ (naddy@) tunefs ~ tunefs.c > add braces to correct pledge logic > ok deraadt@ (jsg@) == share ============================================================= 08/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share man ~ man4/Makefile + man4/xen.4 > xen(4) man page (mikeb@) ~ man4/Makefile + man4/xspd.4 > xspd(4) man page (mikeb@) ~ man9/Makefile ~ man9/ifq_enqueue.9 > document ifq_restart. or try to. (dlg@) ~ man9/ifq_enqueue.9 > missing apostrophe; (jmc@) ~ man4/pvbus.4 > - pvbus on vmm(4) guests prints "OpenBSD", not vmm(4). > - Add xen(4) to the list. (reyk@) ~ man5/malloc.conf.5 > Document the new canaries and junk validation features. > ok tedu@, jmc@ (tb@) == sys =============================================================== 09/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys arch/amd64/amd64 ~ vmm.c > successful vmm enter/leave does not need to be reported > ok mlarkin (deraadt@) dev/pci ~ if_myx.c > rework the if_start mpsafe serialisation so it can serialise arbitrary work > work is represented by struct task. > the start routine is now wrapped by a task which is serialised by the > infrastructure. if_start_barrier has been renamed to ifq_barrier and > is now implemented as a task that gets serialised with the start > routine. > this also adds an ifq_restart() function. it serialises a call to > ifq_clr_oactive and calls the start routine again. it exists to > avoid a race that kettenis@ identified in between when a start > routine discovers theres no space left on a ring, and when it calls > ifq_set_oactive. if the txeof side of the driver empties the ring > and calls ifq_clr_oactive in between the above calls in start, the > queue will be marked oactive and the stack will never call the start > routine again. > by serialising the ifq_set_oactive call in the start routine and > ifq_clr_oactive calls we avoid that race. > tested on various nics > ok mpi@ (dlg@) ~ drm/i915_pciids.h ~ drm/i915/i915_drv.h ~ drm/i915/intel_dp.c ~ drm/i915/intel_drv.h > Backport some commits from mainline linux to enable High Bit Rate 2 > (HBR2) for Broadwell and non-ULX Haswell DisplayPort. This enables > support for 3840x2160 60Hz SST. > Initial patch from and tested by Scot Doyle. > drm/i915: Enable 5.4Ghz (HBR2) link rate for Displayport 1.2-capable > devices > from Todd Previte > 06ea66b6bb445043dc25a9626254d5c130093199 > drm/i915: don't try DP_LINK_BW_5_4 on HSW ULX > from Paulo Zanoni > 9bbfd20abe5025adbb0ac75160bd2e41158a9e83 > drm/i915/dp: add missing \n in the TPS3 debug message > from Jani Nikula > f8d8a672f9370278ae2c9752ad3021662dbc42fd > drm/i915/dp: only use training pattern 3 on platforms that support it > from Jani Nikula > 7809a61176b385ebb3299ea43c58b1bb31ffb8c0 (jsg@) ~ azalia.c > No need to check if size = az->pstream.buffer.size is zero, as > this is handled in audio(4) layer. From > Alexey Suslikov <alexey.suslikov at gmail.com> (ratchov@) dev/pv ~ xenstore.c > Don't expose XenStore ops we don't know how to deal with (mikeb@) ~ xen.c ~ xenvar.h > Don't expose XenStore ops we don't know how to deal with (mikeb@) ~ xen.c > cfdriver can't be const... (mikeb@) ~ xen.c ~ xenvar.h > Store the backend node in the attach argument structure (mikeb@) ~ xenstore.c ~ xenvar.h > Implement a function to fetch device properties (mikeb@) ~ xenstore.c > Correct the response string length > Apparently length values returned by XenStore depend on which > operation has been requested: for instance XS_READ will always > return an strlen() result without accounting for the trailing > NUL character, however XS_LIST will return length that includes > it. While staying within our data buffer limit (xsm_dlen) we > can readjust the length of the resulting string accordingly. (mikeb@) dev/usb ~ ukbd.c > cleanup macbook air iso keyboard support > also some KNF and whitespace cleanup while here > initial diff from William Orr with some tweaks by me > ok jcs mpi (jung@) net ~ if.c ~ if_var.h ~ ifq.c ~ ifq.h > rework the if_start mpsafe serialisation so it can serialise arbitrary work > work is represented by struct task. > the start routine is now wrapped by a task which is serialised by the > infrastructure. if_start_barrier has been renamed to ifq_barrier and > is now implemented as a task that gets serialised with the start > routine. > this also adds an ifq_restart() function. it serialises a call to > ifq_clr_oactive and calls the start routine again. it exists to > avoid a race that kettenis@ identified in between when a start > routine discovers theres no space left on a ring, and when it calls > ifq_set_oactive. if the txeof side of the driver empties the ring > and calls ifq_clr_oactive in between the above calls in start, the > queue will be marked oactive and the stack will never call the start > routine again. > by serialising the ifq_set_oactive call in the start routine and > ifq_clr_oactive calls we avoid that race. > tested on various nics > ok mpi@ (dlg@) ~ route.c > Do not trigger a KASSERT() when destroying/detaching an interface with > RTF_CLONED routes attached. > In thise case if_get(9) can return NULL inside rtflushclone1() because > ifdetach() starts by clearing the interface pointer in the index map. > So it is perfectly correct to bail and we're not going to leak any route > entry because we're garbage collecting all of them. > Reported by daniel@ and Aaron Miller <aaron DOT miller04 AT gmail DOT com> > (mpi@) ~ route.c > Do not trigger a KASSERT() if the route we're trying to remove does not > exist and we get another matching one instead. > This bug has been here since the KAME area and recently exposed by a > refactoring at n2k15. The problem is that rtrequest(9) does not check > on which interface the route entry is attached when issuing a RTM_DELETE. > So the kernel would end up deleting the route attached on a different ifp > when in_ifinit() fails. > This fix is currently a workaround, a better fix is in the pipeline. > Reported by Laurence Tratt <laurie AT tratt DOT net>, thanks! (mpi@) ~ ifq.c > rework ifq_serialise to avoid some atomic ops. > now both the list of work and the flag saying if something is > running the list are protected by a single mutex. it cuts the > number of interlocked ops for an uncontended run of the queue from > 5 down to 2. > jmatthew likes it. (dlg@) ~ if_var.h > Keep all ether prototypes in one place. (mpi@) ~ pfkeyv2.c ~ pfkeyv2.h ~ pfkeyv2_convert.c > Remove plain DES encryption from IPsec. > DES is insecure since brute force attacks are practical due to its > short key length. > This removes support for DES-CBC encryption in ESP and in IKE main > and quick mode from the kernel, isakmpd(8), ipsecctl(8), and iked(8). > ok mikeb@ (naddy@) netinet ~ ip_icmp.c > Always pass a valid interface pointer to rtdeletemsg(). > This will allows for stricter checks inside rtdeletemsg() and it should be > up to the caller to decide if the route needs to be deleted or not. > ok vgross@ (mpi@) ~ if_ether.h > Keep all ether prototypes in one place. (mpi@) ~ ip_esp.c > Remove plain DES encryption from IPsec. > DES is insecure since brute force attacks are practical due to its > short key length. > This removes support for DES-CBC encryption in ESP and in IKE main > and quick mode from the kernel, isakmpd(8), ipsecctl(8), and iked(8). > ok mikeb@ (naddy@) netinet6 ~ icmp6.c > Always pass a valid interface pointer to rtdeletemsg(). > This will allows for stricter checks inside rtdeletemsg() and it should be > up to the caller to decide if the route needs to be deleted or not. > ok vgross@ (mpi@) ~ nd6_nbr.c > Keep all ether prototypes in one place. (mpi@) == usr.bin =========================================================== 10/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin bgplg ~ bgplg.c ~ bgplgsh.c > Remove NULL-checks before free(). ok tb@ (mmcc@) cvs ~ server.c > Remove NULL-checks before free(). ok tb@ (mmcc@) ftp ~ util.c > Remove NULL-checks before free(). ok tb@ (mmcc@) less ~ search.c > Remove NULL-check before free(). (mmcc@) locate ~ bigram/locate.bigram.c > include unistd.h for pledge() and err.h for err.h for err() (jsg@) login ~ login.c > Remove NULL-check before free(). ok tb@ (mmcc@) newsyslog ~ newsyslog.c > Remove NULL-checks before free(). ok tb@ (mmcc@) nm ~ elf.c ~ nm.c > Remove NULL-checks before free(). ok tb@ (mmcc@) passwd ~ pwd_check.c > Remove NULL-checks before free(). ok tb@ (mmcc@) paste ~ paste.c > Remove NULL-checks before free(). ok tb@ (mmcc@) quota ~ quota.c > Remove NULL-checks before free(). ok tb@ (mmcc@) rdist ~ client.c > Remove NULL-checks before free(). ok tb@ (mmcc@) rusers ~ rusers.c > Remove NULL-checks before free(). ok tb@ (mmcc@) telnet ~ commands.c > Remove NULL-checks before free(). ok tb@ (mmcc@) whois ~ whois.c > Remove NULL-checks before free(). ok tb@ (mmcc@) xargs ~ xargs.c > Remove NULL-checks before free(). ok tb@ (mmcc@) == usr.sbin ========================================================== 11/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin nsd ~ dbaccess.c ~ dname.h ~ dns.c ~ lookup3.c ~ options.h ~ packet.h ~ query.c ~ rbtree.c ~ region-allocator.h ~ rrl.c ~ udbradtree.h ~ util.h ~ xfrd-tcp.c ~ zonec.c ~ zparser.y > comment typo fixes, from nsd 4.1.7rc1 (sthen@) ~ nsd.conf.5.in > doc cleanup from nsd 4.1.7rc1 (sthen@) smtpd ~ smtpctl/Makefile > Install aliases(5), forward(5), makemap(8) and newaliases(8) manpages > that got accidentally removed while merging makemap(8) into smtpctl(8). > Spotted by Nathanael Rensen. (sunil@) ~ smtpd.conf.5 > Document forward-only keyword. From Jason Barbier <[email protected]> > Ok gilles@ jung@ (sunil@) unbound ~ ltmain.sh ~ doc/unbound-control.8.in ~ doc/unbound.conf.5.in ~ iterator/iter_scrub.c ~ iterator/iter_utils.c ~ iterator/iterator.c ~ sldns/parseutil.h ~ smallapp/unbound-anchor.c ~ util/config_file.h ~ util/locks.c ~ util/rbtree.c ~ util/rtt.h ~ util/tube.h ~ util/winsock_event.h ~ util/storage/lookup3.c ~ validator/autotrust.c ~ validator/val_neg.c ~ validator/val_neg.h ~ validator/val_nsec.c ~ validator/val_nsec.h ~ validator/val_nsec3.c ~ validator/val_nsec3.h ~ validator/val_utils.h ~ validator/validator.c > typo fixes from unbound-1.5.7rc1 (sthen@) =============================================================================== _______________________________________________ odc mailing list [email protected] http://www.squish.net/mailman/listinfo/odc
