OpenBSD src changes summary for 2015-12-15 ==========================================
etc/skel/dot.login etc/unbound.conf games/atc lib/libcrypto regress/bin sbin/mountd sys/arch/amd64/amd64 sys/arch/amd64/include sys/dev/isa sys/net sys/sys usr.bin/fmt usr.bin/mandoc usr.bin/tmux usr.sbin/relayd usr.sbin/smtpd usr.sbin/unbound usr.sbin/vmd == etc =============================================================== 01/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/etc skel/dot.login ~ skel/dot.login > automatic HOSTALIASES setup is a bad idea (deraadt@) unbound.conf ~ unbound.conf > add commented-out unbound.conf entries for dns64 (sitting in my tree and > ok'd > some time ago by phessler and IIRC also mikeb), and for qname-minimisation > (sthen@) == games ============================================================= 02/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/games atc ~ update.c > Replace 'arc4random() % range' by 'arc4random_uniform(range)'. > Do this by introducing atcrandom_uniform(range) which returns > deterministic randomness or good randomness depending on whether > a seed was specified with the -r option. > Diff by Matthew Martin, reviewed by deraadt@ and me. > ok deraadt@ (tb@) ~ include.h > Cleanup: pwd.h is no longer needed. (tb@) == lib =============================================================== 03/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib libcrypto ~ cert.pem > Remove "C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification > Authority" (serial 3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be) root > certificate from cert.pem. ok rpe@ > Symantec/VeriSign say "Browsers/root store operators are encouraged to > remove/untrust this root from their root stores" and "hasn't been used to > generate new certificates in several years, and will now be repurposed to > provide transition support for some of our enterprise customers' legacy, > non-public applications" (https://www.symantec.com/page.jsp?id=roots, > http://www.scmagazine.com/google-will-remove-trust-of-symantecs-pca3-g1-cer > tificate/article/459688/). > Also see > https://knowledge.symantec.com/support/ssl-certificates-support/index?page= > content&id=ALERT1941 > https://googleonlinesecurity.blogspot.co.uk/2015/12/proactive-measures-in-d > igital.html (sthen@) == regress =========================================================== 04/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress bin ~ ps/Makefile + ps/command.sh + ps/shortsleep.c > regression suite for the "command" keyword (schwarze@) ~ ps/Makefile + ps/cwd.sh + ps/user.sh > tests for the following keywords: cwd login group rgroup ruser user > (schwarze@) ~ ps/command.sh > test vis(3)ing (schwarze@) ~ ps/command.sh > test encoding of a few invalid UTF-8 sequences (schwarze@) ~ ps/command.sh > test some valid UTF-8, but in the C locale (schwarze@) == sbin ============================================================== 05/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin mountd ~ mountd.c > When (re)reading /etc/exports, handle the case where the mount point of an > export is not also the mount point of a local filesystem. In this case, the > local filesystem would not be removed from the "unexport list", causing the > export to be "unexported" again. > This fix then also allows us to actually delete an export that has been > removed > from /etc/exports, by passing the MNT_DELEXPORT export flag to mount(2). > Makes sense to millert@. (tim@) ~ mountd.8 > Document /var/db/mountdtab (tim@) ~ exports.5 > Include RFC number in reference. While here, improve formatting of another > reference. (tim@) == sys =============================================================== 06/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys arch/amd64/amd64 ~ vmm.c > support reset vcpu by triple fault (kernel part, userland fix will come > later). > discussed with deraadt@ and reyk@ at length. (mlarkin@) ~ vmm.c > remove some not interesting debug printfs (mlarkin@) arch/amd64/include ~ vmmvar.h > support reset vcpu by triple fault (kernel part, userland fix will come > later). > discussed with deraadt@ and reyk@ at length. (mlarkin@) dev/isa ~ asmc.c > make sure the read fan description is always nul terminated > hint from kettenis (jung@) ~ asmc.c > add more temperature keys found in newer macbook airs (6,1 and 7,2) > encountered via key dump diff, run by Bryan Vyhmeister (jung@) ~ asmc.c > add 2 more temperature keys found in macbook pro (10,2) > found via key dump diff, run by Bryan Vyhmeister > also remove 3 temperature keys which likely do not return useful values > verified with help from macbook pro output of tb (4,1 and 5,5), > kettenis (12,1), and Cristoph R. Murauer (9,1) via misc@ (jung@) ~ asmc.c > ignore unlikely temperature values like -127 degC (jung@) net ~ rtable.c > Do not panic when trying to delete an non-existing route with ART. > Reported by bluhm@, ok jmatthew@ (mpi@) sys ~ videoio.h + v4l2-common.h + v4l2-controls.h > Sync V4L2 header files with recent Linux kernel. > This introduces the two header files v4l2-common.h and v4l2-controls.h > which were split off from videodev2.h (which corresponds to our videoio.h). > There will be a second commit just addressing whitespace and formatting. > The > current version has only real changes whereas the second commit will bring > videoio.h in line with videodev2.h formatting so that potential syncs in > the > future are easier to implement. > Bulk build by ajacoutot@; ok robert@, ajacoutot@ (feinerer@) - v4l2-common.h - v4l2-controls.h ~ videoio.h > Revert the previous commit; the licencing needs to be checked very > carefully. (feinerer@) == usr.bin =========================================================== 07/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin fmt ~ fmt.1 ~ fmt.c > UTF-8 support; does not yet handle the -c option. > No longer expand tabs up front in get_line(), their width depends on the > width of characters earlier on the line. Always NUL-terminate the input > buffer for easier and safer handling. Get rid of the hand-rolled output > buffer, just let stdio do its work. > OK tedu@ (schwarze@) ~ fmt.1 > missing space in previous; (jmc@) mandoc ~ main.c ~ mandocdb.c > pledge(2) style: > Make sure to always use the idiom 'if (pledge("' > such that it can easily be searched for. > No functional change. > Requested by deraadt@ some time ago. (schwarze@) tmux ~ cmd-find.c ~ cmd-select-pane.c ~ screen-redraw.c ~ server.c ~ tmux.h ~ window.c > Make the marked pane a cmd_find_state. (nicm@) ~ cmd-find.c > Don't copy marked pane when can just point to it. (nicm@) ~ cmd-find.c > We changed somewhat recently to us the pty when tmux was run inside > itself to work out the current pane. This is confusing in many cases > (particularly notable is that "tmux neww\; splitw" would not split the > new window), and the few advantages do not make up for the confusion. > So drop this behaviour and return to using the current window and pane; > keep the pty check but only use it to limit the list of possible current > sessions. (nicm@) ~ cmd-list-keys.c > Allow list-keys and list-commands to be run without a running server. > (nicm@) ~ cmd-attach-session.c ~ hooks.c ~ server-client.c ~ tmux.h > Some hooks API changes to fire a hook while waiting another cmdq and > infrastructure that will be needed soon. (nicm@) ~ cmd-find.c > Copy state directly rather than dereferencing wl (which could be NULL). > (nicm@) == usr.sbin ========================================================== 08/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin relayd ~ relay_http.c > PATCH is like PUT, data is expected. > From mxb at alumni chalmers se (reyk@) smtpd ~ makemap.c > Sync the DB file once when done with fsync(), not on each write with > O_SYNC. > The DB file being written is a temp file, so O_EXLOCK is unnecesary. > ok sunil@ gilles@ (guenther@) ~ smtpd.conf.5 > less macro and lines > ok millert (jung@) unbound ~ Makefile.in ~ README ~ acx_nlnetlabs.m4 ~ config.h.in ~ configure ~ configure.ac ~ daemon/unbound.c ~ daemon/worker.c ~ doc/Changelog ~ doc/README ~ doc/example.conf.in ~ doc/libunbound.3.in ~ doc/unbound-anchor.8.in ~ doc/unbound-checkconf.8.in ~ doc/unbound-control.8.in ~ doc/unbound-host.1.in ~ doc/unbound.8.in ~ doc/unbound.conf.5.in ~ iterator/iter_scrub.c ~ iterator/iterator.c ~ iterator/iterator.h ~ libunbound/libunbound.c ~ services/cache/rrset.c ~ smallapp/unbound-anchor.c ~ smallapp/unbound-checkconf.c ~ smallapp/unbound-control.c ~ util/config_file.c ~ util/config_file.h ~ util/configlexer.lex ~ util/configparser.y ~ util/iana_ports.inc ~ util/random.c ~ validator/autotrust.c ~ validator/val_nsec.c ~ validator/val_nsec3.c ~ validator/val_secalgo.c ~ validator/val_secalgo.h ~ validator/val_sigcrypt.c > update to Unbound 1.5.7, looks fine to deraadt@. > Notable addition: implements optional support for qname minimisation > (a privacy improvement; see draft-ietf-dnsop-qname-minimisation-07) > (sthen@) vmd ~ vmm.c > if a vcpu run thread in vmd exits unexpectedly, teardown the VM's kernel > components as well. > ok deraadt@ (mlarkin@) =============================================================================== _______________________________________________ odc mailing list [email protected] http://www.squish.net/mailman/listinfo/odc
