OpenBSD src changes summary for 2015-12-12 ==========================================
distrib/sets lib/libc lib/libssl libexec/ftpd libexec/ld.so libexec/mail.local libexec/spamd libexec/spamd-setup sbin/dhclient sbin/fdisk sbin/wsconsctl share/man sys/arch/amd64/amd64 sys/arch/arm/cortex sys/arch/i386/i386 sys/arch/sgi/xbow sys/dev/isa sys/dev/pci sys/dev/pv sys/dev/wscons sys/net80211 usr.bin/tmux usr.sbin/amd usr.sbin/httpd usr.sbin/nsd usr.sbin/rdate usr.sbin/rebound usr.sbin/sasyncd usr.sbin/sensorsd usr.sbin/smtpd usr.sbin/ypbind == distrib =========================================================== 01/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib sets ~ lists/comp/mi > sync (deraadt@) == lib =============================================================== 02/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib libc ~ time/localtime.c > Remove calloc cast, give sizeof parens. No functional change. (mmcc@) libssl ~ src/crypto/asn1/a_time_tm.c > make the counter a size_t as well, which quells a warning on visual studio > 2015 > ok bcook@ (beck@) ~ src/crypto/asn1/asn1_gen.c > prevent possibly use of uninitialized variable > ok bcook@ (beck@) ~ src/crypto/asn1/tasn_dec.c > move initialization of buf up to quell warnings and make it obvious the err > case is ok. > ok bcook@ (beck@) ~ src/ssl/ssl_ciph.c > decipher comment. ok bcook@ (mmcc@) == libexec =========================================================== 03/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/libexec ftpd ~ ftpd.c > Remove NULL-checks before free(). ok tb@ (mmcc@) ld.so ~ ldconfig/prebind.c > Remove NULL-checks before free(). ok tb@ (mmcc@) mail.local ~ mail.local.c > Remove NULL-checks before free(). ok tb@ (mmcc@) spamd ~ spamd.c > Remove NULL-checks before free(). ok tb@ (mmcc@) spamd-setup ~ spamd-setup.c > Remove NULL-checks before free(). ok tb@ (mmcc@) == sbin ============================================================== 04/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin dhclient ~ dhclient.c ~ dhcpd.h > Send DECLINE messages in response to ACK messages that turn out to > have inadequate or invalid leases. In particular leases for addresses > that are already configured on a different interface. After the > DECLINE, return to INIT state and start looking for a valid lease. This > conforms much closer to the relevant RFC's. > Avoids 'hanging' dhclient(8) during boot when the attempt to configure > the address fails without dhclient(8) realizing it. > Issue found and various fixes tested by mpi@. Feedback from beck@ and > reyk@. > ok mpi@ (krw@) fdisk ~ disk.c ~ disk.h ~ fdisk.c > Open disk READONLY if none of i, e or u are specified. > Suggestion, original diff and ok naddy@ (krw@) ~ fdisk.c > In olden times (i + u + e) was considered a clever way to 'or' > together three boolean values. In today's englightened world we > know about '||'. > Pointed out by naddy@ (krw@) wsconsctl ~ keyboard.c > add keyboard backlight variable > tested by Bryan Vyhmeister, krw, tb, and myself > ok jcs krw tb (jung@) == share ============================================================= 05/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share man ~ man9/dohooks.9 ~ man9/hook_establish.9 > Kill domountroothooks(9) and mountroothook_establish(9) references, > reminded by jmc@ (mpi@) ~ man9/config_defer.9 > tweak; ok mpi (jmc@) ~ man4/asmc.4 > document the keyboard backlight support (jung@) == sys =============================================================== 06/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys arch/amd64/amd64 ~ identcpu.c ~ mainbus.c > Identify hypervisors before configuring other children of the mainbus > (bios, CPU, interrupt handlers, pvbus). This splits the pvbus attach > function into two parts: pvbus_identify() to scan the CPUID registers > for supported hypervisors and pvbus_attach() to attach the bus, print > information, and configure the children. > This will be needed for Xen and KVM, as discussed with mikeb@ and sf@ > OK mlarkin@ (reyk@) arch/arm/cortex ~ agtimer.c ~ amptimer.c > comment typo (mmcc@) arch/i386/i386 ~ machdep.c ~ mainbus.c > Identify hypervisors before configuring other children of the mainbus > (bios, CPU, interrupt handlers, pvbus). This splits the pvbus attach > function into two parts: pvbus_identify() to scan the CPUID registers > for supported hypervisors and pvbus_attach() to attach the bus, print > information, and configure the children. > This will be needed for Xen and KVM, as discussed with mikeb@ and sf@ > OK mlarkin@ (reyk@) arch/sgi/xbow ~ hub.h > Adjust IPI numbers to get the interrupts working. Bits 5 and 6 do not > seem to trigger an IPI. According to IP27 headers in Linux, those have a > special meaning in hardware. (visa@) dev/isa ~ asmc.c > enable keyboard backlight support via wskbd(4) hooks > tested by Bryan Vyhmeister, krw, tb, and myself > ok krw tb (jung@) dev/pci ~ xspd.c > Add OpenBSD Id. (reyk@) dev/pv ~ pvbus.c ~ pvreg.h ~ pvvar.h ~ xen.c ~ xenreg.h > Identify hypervisors before configuring other children of the mainbus > (bios, CPU, interrupt handlers, pvbus). This splits the pvbus attach > function into two parts: pvbus_identify() to scan the CPUID registers > for supported hypervisors and pvbus_attach() to attach the bus, print > information, and configure the children. > This will be needed for Xen and KVM, as discussed with mikeb@ and sf@ > OK mlarkin@ (reyk@) ~ pvbus.c > x2APIC is currently enabled on HV guests only, not on bare metal, to > speedup interrupt handling on virtual machines. Unfortunately it is > broken on Xen 4.2 or older, so use the early pvbus detection to drop > the advertised x2APIC CPU feature. Xen has fixed this in late 2013, > but the problem still shows up in "the Cloud" (it doesn't seem to > affect others as they either use legacy APIC or Xen IPIs). > OK mlarkin@ mikeb@ > Cvs: ---------------------------------------------------------------------- > (reyk@) ~ xen.c ~ xenreg.h ~ xenstore.c ~ xenvar.h > Add OpenBSD CVS/RCS Ids. > mikeb@ doesn't like the Ids, "somebody else has to add them". (reyk@) dev/wscons ~ wsconsio.h ~ wskbd.c > add new ioctls to control keyboard backlights > tested by Bryan Vyhmeister, krw, tb, and myself > ok jcs krw tb (jung@) net80211 ~ ieee80211_input.c ~ ieee80211_node.c ~ ieee80211_node.h > Finish support for receiving 11n A-MPDUs. > The initial implementation was added by damien@ years ago. > Summary of the changes made in this commit: > - In ieee80211_input(), process A-MPDUs before duplicate detection. > - Don't forget to set ba->ba_ni in ieee80211_recv_addba_req() > so we don't crash in ieee80211_rx_ba_timeout(). > - In ieee80211_recv_addba_req(), tweak the logic to deny BlockAck > requests if the driver has no callback for doing so. > - Implement ieee80211_ba_del() which cleans up BlockAck state. > - Increase the minimum and maximum lifetime for BlockAck agrements. > ok mpi@ (stsp@) ~ ieee80211_output.c > 11n/HT negotiation fixes: > Some APs will not negotiate HT if the vendor-specific WME info > element is missing in probe and association requests, so add one. > Fix the wrong flag (NODE_HT) being checked to determine whether 11n > related elements should be included in management frames. If 11n mode > is enabled (F_HTON flag) we can always include 11n related elements > in management frames. > ok mpi@ (stsp@) ~ ieee80211_input.c > Flag AP as QoS capable when EDCA or WME information elements occur in > beacons > or probe responses. Makes 11n negotiation with Linux iwlwifi AP succeed. > ok mpi@ (stsp@) ~ ieee80211_input.c > In the A-MSDU receive code path, add an upper bounds check on A-MSDU > subframe length and a clean exit at the bottom of the subframe loop. > ok mpi@ (stsp@) == usr.bin =========================================================== 07/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin tmux ~ cmd-bind-key.c ~ cmd-send-keys.c ~ cmd-set-option.c ~ cmd-unbind-key.c ~ input-keys.c ~ key-string.c ~ server-client.c ~ tmux.1 ~ tmux.h ~ tty-keys.c > Allow prefix and prefix2 to be set to None to disable (useful if you > would rather bind the prefix in the root table). (nicm@) ~ cmd-switch-client.c > Return after changing key table. (nicm@) ~ cmd-attach-session.c ~ cmd-new-session.c ~ cmd-set-option.c ~ cmd-switch-client.c ~ format.c ~ options-table.c ~ server-client.c ~ server-fn.c ~ tmux.1 ~ tmux.h > Add key-table option to set the default key table for a session, allows > different key bindings for different sessions and a few other things. > (nicm@) == usr.sbin ========================================================== 08/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin amd ~ amd/util.c ~ amd/xutil.c > Remove the rest of the 20+ year-old memory debugging gunk. Discussed > with deraadt@ (mmcc@) httpd ~ patterns.h > Remove a needless inclusion of sys/cdefs.h. Inspired by reyk's recent > commit doing the same. (mmcc@) nsd ~ nsd.c > zap surplus blank line (sthen@) rdate ~ ntpleaps.c > Remove NULL-checks before free(). (mmcc@) rebound ~ rebound.c > correct comment (tedu@) sasyncd ~ net.c > Remove NULL-checks before free(). (mmcc@) sensorsd ~ sensorsd.c > Remove NULL-checks before free(). (mmcc@) smtpd ~ smtpd.h > prepare some imsg structures for upcoming diff to support wildcard ca > (gilles@) ~ mta_session.c > when a specific CA was not requested, pass hint to lka that fallback to a > wildcard CA is possible (lka does not use the hint yet) (gilles@) ~ mta_session.c > change variable name (gilles@) ~ parse.y ~ smtpd.h > rename an smtpd specific define (gilles@) ~ smtpd.h > do not limit usernames to LOGIN_NAME_MAX in places where "virtual users" > may be used, in such places an email address may be specified. (gilles@) ~ smtp.c > display CA name in log debug (gilles@) ~ smtpd.h > pki name and ca name must match a hostname, use HOST_NAME_MAX (gilles@) ~ smtp_session.c > fix prototypes (gilles@) ~ smtpd.h > use smtpd specific define for table name sizes (gilles@) ~ smtpd.h > sender and recipient are mail addresses, not pathnames, use proper define > (gilles@) ~ smtp_session.c > add filter_dataline prototype + empty function (gilles@) ~ smtp_session.c > declare and init filter wait queues (unused yet) (gilles@) ~ smtpd.c > In the configuration test mode (smtpd -n) setup queue crypto iff a > valid queue key is specified. > Ok gilles@ jung@ (sunil@) ~ smtp_session.c > if ca name not specified, pass hint to lka that a wildcard can match > (gilles@) ~ smtp_session.c > add watermark define which will be needed for filters > add two session flags which will be needed for filters (gilles@) ~ smtp_session.c > prepare struct smtp_session for handling of filters (gilles@) ~ smtp_session.c > add a log_trace() for debugging purposes (gilles@) ~ smtpd.c > prepare load_pki_tree() for pki/ca split (gilles@) ~ smtpd.h > expose foreground_log in smtpd.h so filters can inherit it (gilles@) ~ lka.c > prepare for asynchronous certificate verify, needed for a mechanical > cleanup and later on for DANE support (gilles@) ~ ssl.h > whitespaces (gilles@) ~ lka.c ~ parse.y ~ smtp.c ~ smtp_session.c ~ smtpd-api.h ~ smtpd.c ~ smtpd.conf.5 > Implement senders map. > senders table allows to restrict the addresses that an authenticated > user can use in the SMTP dialogue. > Ok gilles@ (sunil@) ~ smtpd.conf.5 > tweak previous; (jmc@) ~ parse.y ~ smtp.c ~ smtpd.h > add bits so local enqueuer can run filters when they are enabled (gilles@) ~ parse.y > spaces (gilles@) ~ parse.y > add missing check for failed allocation (gilles@) ~ parse.y > prepare bits to enable masquerade in parse.y (gilles@) ~ lka.c > smtp / mta have been factored in the same process months ago, factor the > code that handles the same imsg's too > ok sunil@, ok jung@ (gilles@) ~ lka.c > move the cert verify code to its own function outside the imsg handling > code, no functional change but this makes code easier to read, and will > ease implementing DANE later on. (gilles@) ~ lka.c > remove empty line (gilles@) ~ smtp_session.c > remove redundant check (gilles@) ~ lka.c > if no certificate matches name AND fallback hint was given, search for a > global certificate (gilles@) ~ smtp_session.c > do not limit smtp session username to LOGIN_NAME_MAX it could be a virtual > username (gilles@) ~ smtp_session.c > remove whitespaces (gilles@) ~ smtp_session.c > rename enum value (gilles@) ~ ssl.h > pki name is a hostname not a path (gilles@) ~ parse.y > check in parse.y that pki param is a valid hostname (gilles@) ~ ssl.c ~ ssl.h > bump DH params to 2048, it's been part of smtpd releases for a long time > and I've been running with it since June with no side-effect > ok sunil@, jung@, millert@ (gilles@) ~ mta_session.c ~ parse.y ~ smtp.c ~ smtpd.conf.5 ~ smtpd.h ~ ssl.c ~ ssl.h ~ ssl_smtpd.c > allow overriding the default cipher-suite > ok jung@, sunil@, millert@ (gilles@) ~ ssl.c > do not prevent group from reading key, it prevents a certificate from > being shared between smtpd and another daemon (gilles@) ~ smtp_session.c > add the plumbing for masquerading > ok sunil@, jung@ (gilles@) ~ parse.y ~ smtp_session.c ~ smtpd.conf.5 > when using senders map to restrict email address a user may use in SMTP > dialogue, if `masquerade' is used as a parameter then rewrite the email > address of the DATA From header to the email address in the map. (gilles@) ~ parse.y > whitespaces (gilles@) ~ lka.c ~ mta.c ~ mta_session.c ~ parse.y ~ smtp_session.c ~ smtpd.c ~ smtpd.conf.5 ~ ssl.c ~ ssl.h > remove CA from pki and no longer allow specifying a CA with 'pki' keyword. > introduce 'ca' keyword to allow specifying a custom CA. > making CA part of pki was a bad idea and several people hit use-cases that > plain couldn't work. > instead of: > pki foobar.org ca "/etc/mail/CA.pem" > use now: > ca foobar.org certificate "/etc/mail/CA.pem" > ok sunil@, jung@ (gilles@) ~ smtpd.conf.5 > tweaks; (jmc@) ypbind ~ ypbind.c > Remove NULL-checks before free(). (mmcc@) =============================================================================== _______________________________________________ odc mailing list [email protected] http://www.squish.net/mailman/listinfo/odc
