OpenBSD src changes summary for 2016-09-28
==========================================

lib/libc                                regress/sys
regress/usr.bin                         regress/usr.sbin
sbin/ping                               sbin/sysctl
share/man                               share/zoneinfo
sys/arch/loongson/loongson              sys/kern
sys/msdosfs                             sys/net
sys/sys                                 usr.bin/ssh
usr.bin/tmux                            usr.sbin/httpd
usr.sbin/ldpd                           usr.sbin/ospfd
usr.sbin/pkg_add                        usr.sbin/relayd
usr.sbin/switchctl                      usr.sbin/switchd
usr.sbin/traceroute                     

== lib =============================================================== 01/07 ==

  http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib

libc

  ~ gen/sysctl.3                          

  > document kern.allowkmem; ok deraadt (jmc@)

  ~ gen/sysctl.3                          

  > use the same template for describing securelevel interaction; (jmc@)

== regress =========================================================== 02/07 ==

  http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress

sys

  ~ kern/siginfo-fault/siginfo-fault.c    

  > If stdout is not line buffered, messages got lost when assert() was
  > called.  Print errors to stderr instead. (bluhm@)

usr.bin

  ~ ftp/dasho.sh                          ~ ftp/redirect.sh

  > Do not close stdout when starting netcat, redirect to /dev/null
  > instead.  This prevents that the ftp test hangs in nc poll(2).  Add
  > OpenBSD RCS id while there. (bluhm@)

  ~ ssh/unittests/Makefile.inc            

  > Add a makefile rule to create the ssh library when regress needs
  > it.  This allows to run the ssh regression tests without doing a
  > "make build" before.
  > Discussed with dtucker@ and djm@; OK djm@ (bluhm@)

usr.sbin

  ~ switchd/run.pl                        

  > I wrote a perfect regress test: a test that never fails.  Correctly
  > populate the die() from code within eval to make failed tests fail. (reyk@)

  ~ switchd/run.pl                        

  > Bump buffer size to 64k, the max OFP packet size (reyk@)

  ~ switchd/OFP.pm                        ~ switchd/run.pl

  > Fix length calculation of PACKET_IN (I forget the 10 byte packet_in
  > header). (reyk@)

  ~ switchd/run.pl                        

  > An unintened 65536 size change slipped in, revert to 65535 (reyk@)

  - ospfd/Tun.pm                          - ospfd/opentun.c
  - ospfd/tundump.pl                      ~ ospfd/Client.pm
  ~ ospfd/Default.pm                      ~ ospfd/Makefile
  ~ ospfd/README                          ~ ospfd/args-ifstate-pri-ism-ospfd.pl
  ~ ospfd/args-ifstate-pri-ism.pl         ~ ospfd/args-ifstate-pri-ospfd-ism.pl
  ~ ospfd/args-ifstate-pri-ospfd.pl       + ospfd/Tap.pm
  + ospfd/opentap.c                       + ospfd/tapdump.pl

  > The tun interface has been renamed to tap(4).  Adapt ospfd test. (bluhm@)

  ~ ldapd/Makefile                        

  > The ldap regression test should behave more like the other tests.
  > So use REGRESS_TARGETS provided by bsd.regress.mk.
  > OK landry@ (bluhm@)

== sbin ============================================================== 03/07 ==

  http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin

ping

  ~ ping.c                                

  > Always do the setgroups, setresgid and setresuid even if if the
  > unprivileged user is not present instead of erroring out. This lets
  > ping and traceroute work in restricted enviornments like the bgplg
  > chroot.
  > Problem reported by sthen@
  > input & prodding deraadt@ (florian@)

sysctl

  ~ sysctl.8                              

  > document kern.allowkmem; ok deraadt (jmc@)

== share ============================================================= 04/07 ==

  http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share

man

  ~ man7/securelevel.7                    

  > document kern.allowkmem; reminded by deraadt (jmc@)

  ~ man7/securelevel.7                    

  > group the sysctls; (jmc@)

  ~ man5/bsd.port.mk.5                    

  > Add a sentence about BUILD_DEPENDS automatically set with EXTRACT_SUFX
  > ok jmc@ sthen@ (danj@)

zoneinfo

  ~ datfiles/africa                       ~ datfiles/antarctica
  ~ datfiles/asia                         ~ datfiles/australasia
  ~ datfiles/backward                     ~ datfiles/etcetera
  ~ datfiles/europe                       ~ datfiles/factory
  ~ datfiles/leapseconds                  ~ datfiles/northamerica
  ~ datfiles/southamerica                 ~ datfiles/zone.tab
  ~ datfiles/zone1970.tab                 

  > Update to tzdata2016g from from ftp.iana.org. (millert@)

== sys =============================================================== 05/07 ==

  http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys

arch/loongson/loongson

  ~ loongson2_machdep.c                   ~ machdep.c

  > Add logic for figuring out CPU clock rate and usable memory areas
  > by using Loongson EFI.
  > Regression testing on Loongson 2F by fcambus@ (visa@)

  ~ pmon.c                                

  > Tweak video BIOS pointer check. Current Loongson EFI firmware images
  > seem to provide a video BIOS in kseg0. (visa@)

kern

  ~ vfs_subr.c                            

  > Cast enum to u_int when doing a bounds check to avoid a clang warning that
  > the comparison is always true.
  > ok jca@, tedu@ (kettenis@)

msdosfs

  ~ msdosfs_vfsops.c                      

  > Kill empty ifdef; ok fcambus@ (jca@)

net

  ~ switchofp.c                           

  > Do not truncate packets that are attached to PACKET_IN.
  > The switch should only truncate packets if it implements buffering -
  > which switch(4) doesn't - or the controller might end up sending
  > PACKET_OUT responses with truncated packets that will eventually end
  > up on the network.
  > OK goda@ (reyk@)

  ~ if.c                                  ~ if_switch.c
  ~ if_switch.h                           

  > Fix a kernel panic that happened when destroying interfaces attached to
  > the switch(4) without prior removal.
  > ok reyk@, goda@ (rzalamena@)

  ~ if_vxlan.c                            

  > Fix the way of checking the length of vxlan packet and made it strict.
  > ok reyk (yasuoka@)

  ~ if_vxlan.c                            

  > Fix vxlan to use the destination address correctly.
  > Use the dst of the bridge_tunneltag for src on vxlan output and vice
  > versa.
  > ok reyk (yasuoka@)

sys

  ~ socket.h                              

  > Hide RT_TABLEID_MAX behind __BSD_VISIBLE
  > Alternate define location suggested by deraadt@ and kettenis@, ok kettenis@
  > (jca@)

== usr.bin =========================================================== 06/07 ==

  http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin

ssh

  - monitor_mm.c                          - monitor_mm.h
  ~ monitor.c                             ~ monitor.h
  ~ monitor_wrap.h                        ~ myproposal.h
  ~ opacket.h                             ~ packet.c
  ~ packet.h                              ~ servconf.c
  ~ sshconnect2.c                         ~ sshd.c
  ~ sshd/Makefile                         

  > Remove support for pre-authentication compression. Doing compression
  > early in the protocol probably seemed reasonable in the 1990s, but
  > today it's clearly a bad idea in terms of both cryptography (cf.
  > multiple compression oracle attacks in TLS) and attack surface.
  > Moreover, to support it across privilege-separation zlib needed
  > the assistance of a complex shared-memory manager that made the
  > required attack surface considerably larger.
  > Prompted by Guido Vranken pointing out a compiler-elided security
  > check in the shared memory manager found by Stack
  > (http://css.csail.mit.edu/stack/); ok deraadt@ markus@
  > NB. pre-auth authentication has been disabled by default in sshd
  > for >10 years. (djm@)

  ~ ssh_config.5                          

  > use a separate TOKENS section, as we've done for sshd_config(5);
  > help/ok djm (jmc@)

  ~ kex.c                                 ~ kex.h
  ~ packet.c                              ~ sshconnect2.c
  ~ sshd_config.5                         ~ servconf.c

  > restore pre-auth compression support in the client -- the previous
  > commit was intended to remove it from the server only.
  > remove a few server-side pre-auth compression bits that escaped
  > adjust wording of Compression directive in sshd_config(5)
  > pointed out by naddy@ ok markus@ (djm@)

  ~ kex.c                                 ~ kex.h
  ~ packet.c                              

  > put back some pre-auth zlib bits that I shouldn't have removed -
  > they are still used by the client. Spotted by naddy@ (djm@)

tmux

  ~ server-client.c                       ~ tmux.h
  ~ window.c                              

  > Rate limit TIOCSWINSZ on a timer to avoid programs getting hammered with
  > SIGWINCH when the size changes rapidly. To help a problem reported by
  > Rui Pinheiro. (nicm@)

  ~ cmd-queue.c                           ~ input.c

  > Couple of vasprintf -> xvasprintf. (nicm@)

== usr.sbin ========================================================== 07/07 ==

  http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin

httpd

  ~ httpd.c                               ~ httpd.h
  ~ proc.c                                

  > sync proc.c from switchd, includes minor cast qual fix and removal of
  > p_env. (reyk@)

  ~ Makefile                              

  > Add -Wcast-qual after syncing proc.c fix (reyk@)

ldpd

  ~ ldpd.c                                

  > 'unneded stuff' -> 'unneeded stuff' in comments. (krw@)

ospfd

  ~ ospfd.c                               ~ rde.c

  > 'unneded stuff' -> 'unneeded stuff' in comments. (krw@)

pkg_add

  ~ OpenBSD/PkgSign.pm                    

  > oops, forgot THAT hook. You have to start with unsigned to get signed
  > (espie@)

relayd

  ~ proc.c                                ~ relayd.c
  ~ relayd.h                              

  > sync proc.c incl. the p_env removal (reyk@)

  ~ Makefile                              ~ ca.c

  > Add -Wcast-qual and cast away one false positive where we use a const
  > u_char * variable for an iovec from within the libcrypto engine callback.
  > OK millert@ (reyk@)

switchctl

  ~ switchctl.c                           

  > Adjust the mac_port format string since it got upgraded to 32bits
  > (following OpenFlow 1.3). (reyk@)

switchd

  ~ ofp13.c                               

  > Always ask the switch to send the whole packet unbuffered so we can
  > analyze the content of the packet and not truncate it when sending
  > packet_out.
  > ok reyk@ (rzalamena@)

  ~ ofp.h                                 

  > Use the packed attribute for every structure that is used in the wire
  > messages.
  > ok reyk@ (rzalamena@)

traceroute

  ~ traceroute.c                          

  > Always do the setgroups, setresgid and setresuid even if if the
  > unprivileged user is not present instead of erroring out. This lets
  > ping and traceroute work in restricted enviornments like the bgplg
  > chroot.
  > Problem reported by sthen@
  > input & prodding deraadt@ (florian@)

===============================================================================
_______________________________________________
odc mailing list
[email protected]
http://www.squish.net/mailman/listinfo/odc

Reply via email to