OpenBSD src changes summary for 2016-09-28 ==========================================
lib/libc regress/sys regress/usr.bin regress/usr.sbin sbin/ping sbin/sysctl share/man share/zoneinfo sys/arch/loongson/loongson sys/kern sys/msdosfs sys/net sys/sys usr.bin/ssh usr.bin/tmux usr.sbin/httpd usr.sbin/ldpd usr.sbin/ospfd usr.sbin/pkg_add usr.sbin/relayd usr.sbin/switchctl usr.sbin/switchd usr.sbin/traceroute == lib =============================================================== 01/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib libc ~ gen/sysctl.3 > document kern.allowkmem; ok deraadt (jmc@) ~ gen/sysctl.3 > use the same template for describing securelevel interaction; (jmc@) == regress =========================================================== 02/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress sys ~ kern/siginfo-fault/siginfo-fault.c > If stdout is not line buffered, messages got lost when assert() was > called. Print errors to stderr instead. (bluhm@) usr.bin ~ ftp/dasho.sh ~ ftp/redirect.sh > Do not close stdout when starting netcat, redirect to /dev/null > instead. This prevents that the ftp test hangs in nc poll(2). Add > OpenBSD RCS id while there. (bluhm@) ~ ssh/unittests/Makefile.inc > Add a makefile rule to create the ssh library when regress needs > it. This allows to run the ssh regression tests without doing a > "make build" before. > Discussed with dtucker@ and djm@; OK djm@ (bluhm@) usr.sbin ~ switchd/run.pl > I wrote a perfect regress test: a test that never fails. Correctly > populate the die() from code within eval to make failed tests fail. (reyk@) ~ switchd/run.pl > Bump buffer size to 64k, the max OFP packet size (reyk@) ~ switchd/OFP.pm ~ switchd/run.pl > Fix length calculation of PACKET_IN (I forget the 10 byte packet_in > header). (reyk@) ~ switchd/run.pl > An unintened 65536 size change slipped in, revert to 65535 (reyk@) - ospfd/Tun.pm - ospfd/opentun.c - ospfd/tundump.pl ~ ospfd/Client.pm ~ ospfd/Default.pm ~ ospfd/Makefile ~ ospfd/README ~ ospfd/args-ifstate-pri-ism-ospfd.pl ~ ospfd/args-ifstate-pri-ism.pl ~ ospfd/args-ifstate-pri-ospfd-ism.pl ~ ospfd/args-ifstate-pri-ospfd.pl + ospfd/Tap.pm + ospfd/opentap.c + ospfd/tapdump.pl > The tun interface has been renamed to tap(4). Adapt ospfd test. (bluhm@) ~ ldapd/Makefile > The ldap regression test should behave more like the other tests. > So use REGRESS_TARGETS provided by bsd.regress.mk. > OK landry@ (bluhm@) == sbin ============================================================== 03/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin ping ~ ping.c > Always do the setgroups, setresgid and setresuid even if if the > unprivileged user is not present instead of erroring out. This lets > ping and traceroute work in restricted enviornments like the bgplg > chroot. > Problem reported by sthen@ > input & prodding deraadt@ (florian@) sysctl ~ sysctl.8 > document kern.allowkmem; ok deraadt (jmc@) == share ============================================================= 04/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share man ~ man7/securelevel.7 > document kern.allowkmem; reminded by deraadt (jmc@) ~ man7/securelevel.7 > group the sysctls; (jmc@) ~ man5/bsd.port.mk.5 > Add a sentence about BUILD_DEPENDS automatically set with EXTRACT_SUFX > ok jmc@ sthen@ (danj@) zoneinfo ~ datfiles/africa ~ datfiles/antarctica ~ datfiles/asia ~ datfiles/australasia ~ datfiles/backward ~ datfiles/etcetera ~ datfiles/europe ~ datfiles/factory ~ datfiles/leapseconds ~ datfiles/northamerica ~ datfiles/southamerica ~ datfiles/zone.tab ~ datfiles/zone1970.tab > Update to tzdata2016g from from ftp.iana.org. (millert@) == sys =============================================================== 05/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys arch/loongson/loongson ~ loongson2_machdep.c ~ machdep.c > Add logic for figuring out CPU clock rate and usable memory areas > by using Loongson EFI. > Regression testing on Loongson 2F by fcambus@ (visa@) ~ pmon.c > Tweak video BIOS pointer check. Current Loongson EFI firmware images > seem to provide a video BIOS in kseg0. (visa@) kern ~ vfs_subr.c > Cast enum to u_int when doing a bounds check to avoid a clang warning that > the comparison is always true. > ok jca@, tedu@ (kettenis@) msdosfs ~ msdosfs_vfsops.c > Kill empty ifdef; ok fcambus@ (jca@) net ~ switchofp.c > Do not truncate packets that are attached to PACKET_IN. > The switch should only truncate packets if it implements buffering - > which switch(4) doesn't - or the controller might end up sending > PACKET_OUT responses with truncated packets that will eventually end > up on the network. > OK goda@ (reyk@) ~ if.c ~ if_switch.c ~ if_switch.h > Fix a kernel panic that happened when destroying interfaces attached to > the switch(4) without prior removal. > ok reyk@, goda@ (rzalamena@) ~ if_vxlan.c > Fix the way of checking the length of vxlan packet and made it strict. > ok reyk (yasuoka@) ~ if_vxlan.c > Fix vxlan to use the destination address correctly. > Use the dst of the bridge_tunneltag for src on vxlan output and vice > versa. > ok reyk (yasuoka@) sys ~ socket.h > Hide RT_TABLEID_MAX behind __BSD_VISIBLE > Alternate define location suggested by deraadt@ and kettenis@, ok kettenis@ > (jca@) == usr.bin =========================================================== 06/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin ssh - monitor_mm.c - monitor_mm.h ~ monitor.c ~ monitor.h ~ monitor_wrap.h ~ myproposal.h ~ opacket.h ~ packet.c ~ packet.h ~ servconf.c ~ sshconnect2.c ~ sshd.c ~ sshd/Makefile > Remove support for pre-authentication compression. Doing compression > early in the protocol probably seemed reasonable in the 1990s, but > today it's clearly a bad idea in terms of both cryptography (cf. > multiple compression oracle attacks in TLS) and attack surface. > Moreover, to support it across privilege-separation zlib needed > the assistance of a complex shared-memory manager that made the > required attack surface considerably larger. > Prompted by Guido Vranken pointing out a compiler-elided security > check in the shared memory manager found by Stack > (http://css.csail.mit.edu/stack/); ok deraadt@ markus@ > NB. pre-auth authentication has been disabled by default in sshd > for >10 years. (djm@) ~ ssh_config.5 > use a separate TOKENS section, as we've done for sshd_config(5); > help/ok djm (jmc@) ~ kex.c ~ kex.h ~ packet.c ~ sshconnect2.c ~ sshd_config.5 ~ servconf.c > restore pre-auth compression support in the client -- the previous > commit was intended to remove it from the server only. > remove a few server-side pre-auth compression bits that escaped > adjust wording of Compression directive in sshd_config(5) > pointed out by naddy@ ok markus@ (djm@) ~ kex.c ~ kex.h ~ packet.c > put back some pre-auth zlib bits that I shouldn't have removed - > they are still used by the client. Spotted by naddy@ (djm@) tmux ~ server-client.c ~ tmux.h ~ window.c > Rate limit TIOCSWINSZ on a timer to avoid programs getting hammered with > SIGWINCH when the size changes rapidly. To help a problem reported by > Rui Pinheiro. (nicm@) ~ cmd-queue.c ~ input.c > Couple of vasprintf -> xvasprintf. (nicm@) == usr.sbin ========================================================== 07/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin httpd ~ httpd.c ~ httpd.h ~ proc.c > sync proc.c from switchd, includes minor cast qual fix and removal of > p_env. (reyk@) ~ Makefile > Add -Wcast-qual after syncing proc.c fix (reyk@) ldpd ~ ldpd.c > 'unneded stuff' -> 'unneeded stuff' in comments. (krw@) ospfd ~ ospfd.c ~ rde.c > 'unneded stuff' -> 'unneeded stuff' in comments. (krw@) pkg_add ~ OpenBSD/PkgSign.pm > oops, forgot THAT hook. You have to start with unsigned to get signed > (espie@) relayd ~ proc.c ~ relayd.c ~ relayd.h > sync proc.c incl. the p_env removal (reyk@) ~ Makefile ~ ca.c > Add -Wcast-qual and cast away one false positive where we use a const > u_char * variable for an iovec from within the libcrypto engine callback. > OK millert@ (reyk@) switchctl ~ switchctl.c > Adjust the mac_port format string since it got upgraded to 32bits > (following OpenFlow 1.3). (reyk@) switchd ~ ofp13.c > Always ask the switch to send the whole packet unbuffered so we can > analyze the content of the packet and not truncate it when sending > packet_out. > ok reyk@ (rzalamena@) ~ ofp.h > Use the packed attribute for every structure that is used in the wire > messages. > ok reyk@ (rzalamena@) traceroute ~ traceroute.c > Always do the setgroups, setresgid and setresuid even if if the > unprivileged user is not present instead of erroring out. This lets > ping and traceroute work in restricted enviornments like the bgplg > chroot. > Problem reported by sthen@ > input & prodding deraadt@ (florian@) =============================================================================== _______________________________________________ odc mailing list [email protected] http://www.squish.net/mailman/listinfo/odc
