OpenBSD src changes summary for 2016-10-05 ==========================================
Makefile distrib/notes distrib/sgi etc/Makefile etc/examples/vm.conf etc/mtree/4.4BSD.dist lib/libcrypto regress/sys regress/usr.sbin share/man share/mk sys/arch/amd64/amd64 sys/arch/arm/armv7 sys/arch/arm/include sys/arch/arm/simplebus sys/arch/armv7/armv7 sys/arch/armv7/conf sys/arch/armv7/imx sys/arch/sgi/stand sys/arch/sgi/stand/boot sys/dev/pci sys/kern sys/net sys/uvm usr.bin/doas usr.bin/signify usr.bin/tmux usr.sbin/bgpd usr.sbin/dhcpd usr.sbin/httpd usr.sbin/nsd usr.sbin/pkg_add usr.sbin/relayd usr.sbin/switchd usr.sbin/unbound usr.sbin/vmd == Makefile ========================================================== 01/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/Makefile Makefile > De-escalate to an unprivileged users during 'make build' and 'make > release'. > - If you start make build as root, everything will be run as root. > Nothing new here. New is, that you can set BUILDUSER=somebody and the > unprived parts will be run as somebody. > - If you start make build with sudo, the unprived parts will be run as > the real user (meaning YOU). You can still set BUILDUSER=somebody and > the uprived parts will run as somebody. > - If you start make build as a normal user it will error out. "I'm sorry > Dave." > Note that DESTDIR must be on partition with the noperm flag set for make > release to work correctly as an unprivileged user. > idea and ok deraadt > input and ok tb ratchov millert > rpe, halex and probably others where part of the conversation to make > this happen, thanks! (natano@) == distrib =========================================================== 02/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib notes ~ sgi/install > Remove an outdated remark about the 'a' partition. The sgi bootblocks > now locate the partition by using the disklabel. > ok jsing@ (visa@) sgi ~ ramdisk/install.md > Remove an outdated remark about the 'a' partition. The sgi bootblocks > now locate the partition by using the disklabel. > ok jsing@ (visa@) == etc =============================================================== 03/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/etc Makefile ~ Makefile > De-escalate to an unprivileged users during 'make build' and 'make > release'. > - If you start make build as root, everything will be run as root. > Nothing new here. New is, that you can set BUILDUSER=somebody and the > unprived parts will be run as somebody. > - If you start make build with sudo, the unprived parts will be run as > the real user (meaning YOU). You can still set BUILDUSER=somebody and > the uprived parts will run as somebody. > - If you start make build as a normal user it will error out. "I'm sorry > Dave." > Note that DESTDIR must be on partition with the noperm flag set for make > release to work correctly as an unprivileged user. > idea and ok deraadt > input and ok tb ratchov millert > rpe, halex and probably others where part of the conversation to make > this happen, thanks! (natano@) ~ Makefile > conditionally create obj & xobj same way that src is handled > ok natano (deraadt@) examples/vm.conf ~ examples/vm.conf > Add support for enhanced networking configuration and virtual switches. > See vm.conf(5) for more details. > OK mlarkin@ (reyk@) ~ examples/vm.conf > Change switch "wireless" to another example - bridging from VM to > wireless in station mode is not supported. (reyk@) mtree/4.4BSD.dist ~ mtree/4.4BSD.dist > conditionally create obj & xobj same way that src is handled > ok natano (deraadt@) == lib =============================================================== 04/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib libcrypto ~ man/crypto.3 > Fix some broken .Xr links, loosely based on a diff > from Rob Pierce <rob at 2keys dot ca>. > The content of this page may also need expert attention, i suspect > it may be lacking modern algorithms and over-emphasizing obsolete > ones, but i dare not touch the content. (schwarze@) == regress =========================================================== 05/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress sys ~ kern/Makefile ~ kern/setuid/Makefile > Link the setuid regress test to the build in a way that the obj > directory gets created. But do not run the test during a global > make regress, as the test puts a setuid binary into the object > directory. Also remove the setuid bit after the test has been run > manually. > OK otto@ (bluhm@) usr.sbin ~ switchd/args-packet-jumbo.pm > Bump the sizes of generated jumbo frames up to the max. (reyk@) == share ============================================================= 06/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share man ~ man8/release.8 > Overhaul the release(8) manual: the current version prompted some users > to leave their boxes wide open with ... unfortunate doas.conf(5) rules. > Only give the essential commands for -release and -stable. Remove all > mentions of doas(1). Tighten up the style: avoid repetitions and the > second person. > requested by & ok deraadt, tweaks & ok tj (tb@) mk ~ bsd.own.mk > De-escalate to an unprivileged users during 'make build' and 'make > release'. > - If you start make build as root, everything will be run as root. > Nothing new here. New is, that you can set BUILDUSER=somebody and the > unprived parts will be run as somebody. > - If you start make build with sudo, the unprived parts will be run as > the real user (meaning YOU). You can still set BUILDUSER=somebody and > the uprived parts will run as somebody. > - If you start make build as a normal user it will error out. "I'm sorry > Dave." > Note that DESTDIR must be on partition with the noperm flag set for make > release to work correctly as an unprivileged user. > idea and ok deraadt > input and ok tb ratchov millert > rpe, halex and probably others where part of the conversation to make > this happen, thanks! (natano@) == sys =============================================================== 07/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys arch/amd64/amd64 ~ vmm.c > Add a missing flush; this appears to fix the broadwell/skylake "failed to > launch with valid vmcs" issue some people have been seeing when launching > vmm(4) VMs. > tested by reyk@ (mlarkin@) arch/arm/armv7 ~ armv7_space.c > Some device trees use 64-bit intermediate virtual addresses. This > means that even though the hardware in the end never leaves the 32-bit > address space, some addresses used solely in the device tree can be > bigger than 32-bit. As bus_space_map(9) takes addresses of size > bus_addr_t, which is 32-bit on ARMv7, we cannot pass those virtual > addresses to the parent bus, even though it will be mapped back into a > 32-bit address in the end. To work around this, make bus_space_map(9) > take a 64-bit address. Since this is implemented as a macro and > function pointer we can safely do that without harming any other > architecture. > ok kettenis@ deraadt@ (patrick@) arch/arm/include ~ bus.h > Some device trees use 64-bit intermediate virtual addresses. This > means that even though the hardware in the end never leaves the 32-bit > address space, some addresses used solely in the device tree can be > bigger than 32-bit. As bus_space_map(9) takes addresses of size > bus_addr_t, which is 32-bit on ARMv7, we cannot pass those virtual > addresses to the parent bus, even though it will be mapped back into a > 32-bit address in the end. To work around this, make bus_space_map(9) > take a 64-bit address. Since this is implemented as a macro and > function pointer we can safely do that without harming any other > architecture. > ok kettenis@ deraadt@ (patrick@) arch/arm/simplebus ~ simplebus.c > Some device trees use 64-bit intermediate virtual addresses. This > means that even though the hardware in the end never leaves the 32-bit > address space, some addresses used solely in the device tree can be > bigger than 32-bit. As bus_space_map(9) takes addresses of size > bus_addr_t, which is 32-bit on ARMv7, we cannot pass those virtual > addresses to the parent bus, even though it will be mapped back into a > 32-bit address in the end. To work around this, make bus_space_map(9) > take a 64-bit address. Since this is implemented as a macro and > function pointer we can safely do that without harming any other > architecture. > ok kettenis@ deraadt@ (patrick@) arch/armv7/armv7 ~ armv7_machdep.c ~ armv7_machdep.h ~ platform.c > Introduce a global function pointer to reset the CPU akin to amd64 and > i386. As newer ARMs where we use device tree from the get go don't > necessarily have a 'platform', this will allow drivers to hook > themselves as a way to reset the CPU. > ok jsg@ kettenis@ tom@ (patrick@) ~ armv7_machdep.c > Some device trees use 64-bit intermediate virtual addresses. This > means that even though the hardware in the end never leaves the 32-bit > address space, some addresses used solely in the device tree can be > bigger than 32-bit. As bus_space_map(9) takes addresses of size > bus_addr_t, which is 32-bit on ARMv7, we cannot pass those virtual > addresses to the parent bus, even though it will be mapped back into a > 32-bit address in the end. To work around this, make bus_space_map(9) > take a 64-bit address. Since this is implemented as a macro and > function pointer we can safely do that without harming any other > architecture. > ok kettenis@ deraadt@ (patrick@) ~ armv7var.h ~ platform.c > Make imxdog(4) set cpuresetfn, and remove all the imx platform that is no > longer needed, including the imx board IDs. > ok patrick@, jsg@ (kettenis@) arch/armv7/conf ~ GENERIC ~ RAMDISK > Make imxdog(4) set cpuresetfn, and remove all the imx platform that is no > longer needed, including the imx board IDs. > ok patrick@, jsg@ (kettenis@) arch/armv7/imx - imx.c - imx6.c - imx_machdep.c ~ files.imx ~ imxdog.c > Make imxdog(4) set cpuresetfn, and remove all the imx platform that is no > longer needed, including the imx board IDs. > ok patrick@, jsg@ (kettenis@) arch/sgi/stand ~ Makefile32.inc > Make the sgi boot blocks read the real OpenBSD disklabel instead of > assuming that the 'a' partition starts at the same location as the > volume header partition #0. > Diff from Miod Vallat (visa@) arch/sgi/stand/boot ~ Makefile ~ diskio.c ~ version > Make the sgi boot blocks read the real OpenBSD disklabel instead of > assuming that the 'a' partition starts at the same location as the > volume header partition #0. > Diff from Miod Vallat (visa@) dev/pci ~ if_iwm.c > Set the USE_RTS flag in the right place. Error introduced in if_iwm.c > r1.139. (stsp@) ~ if_wpi.c > Hide wpi(4) fatal firmware error details inside #ifdef WPI_DEBUG. > ok sthen tb deraadt (stsp@) kern ~ exec_elf.c ~ kern_sig.c ~ kern_xxx.c > Display/test/use the process PID, not the thread's TID, in a few places. > ok mpi@ mikeb@ (guenther@) ~ kern_pledge.c > Display the process's PID with p->p_p->ps_pid, not p->p_pid. > Use a local variable struct process *pr to simplify expressions > ok deraadt@ (guenther@) net ~ route.c > rt_timer_timer() needs a process context because it messes with the > routing table. > Found the hardway by Chris Jackman. (mpi@) uvm ~ uvm_mmap.c > Display/test/use the process PID, not the thread's TID, in a few places. > ok mpi@ mikeb@ (guenther@) == usr.bin =========================================================== 08/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin doas ~ doas.c ~ doas.h ~ parse.y > as a result of the env rework, arraylen() is only used in parse.y. > move it there and make it static. (tedu@) ~ doas.c ~ doas.h > move yyparse decl next to yyfp (tedu@) ~ doas.c > Add back the call to yyparse() that was accidentally dropped in the > previous commit. Fortunately, doas fails closed... > ok tedu (tb@) signify ~ signify.c > combining an assignment and *two* tests in one conditional is a bit much. > pull things apart. > reported by espie in a separate complaint. :) (tedu@) ~ signify.1 > document the previously hidden keyname detection. urged by espie. (tedu@) ~ signify.c > more properly check the secret key extension. from espie (tedu@) ~ signify.c > when generating keys, make sure the names specified adhere to all > department of keyname compliance regulations. see if anybody complains... > (tedu@) tmux ~ cmd.c > Allow cmd_mouse_at return arguments to be NULL. (nicm@) ~ paste.c ~ tmux.h > Keep buffer creation time and add accessors for it and the order number. > (nicm@) ~ screen-write.c > Wrap some long lines in screen-write.c. (nicm@) ~ screen-write.c > screen_write_copy tried to be clever and clear the line if it reached > the end of the source, but it was wrong and causes problems that are > only showing up now we are more aggressive about skipping redundant > screen updates. Remove the optimization entirely as more trouble than it > is worth to fix (and it'll have to go when BCE is done anyway). (nicm@) == usr.sbin ========================================================== 09/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin bgpd ~ bgpd.conf.5 ~ bgpd.h ~ kroute.c ~ parse.y ~ printconf.c > Let bgpd announce routes based on a route-label. > OK henning@ benno@ (phessler@) dhcpd ~ dhcp.c > Use consistant idiom (intermediate variable 'i' rather than repeated > uses of very long #define names) to access option data in nak_lease() > and ack_lease(). > Shortens a lot of lines, which allows a number of line splits to > be eliminates. > Makes some upcoming diffs easier to integrate. > No intentional functional change. (krw@) httpd ~ httpd.h ~ proc.c > sync proc.c with vmd: add p_pw to specify a non-standard user for a > process. > OK rzalamena@ (reyk@) ~ proc.c > Call setsid() to create a new session for the executed processes. > From deraadt@ > OK rzalamena@ (reyk@) ~ proc.c > Check if oldd == newd before dup2(), if that is the case we need to remove > the CLOEXEC flag ourselves. > ok bluhm@, deraadt@ (rzalamena@) nsd ~ Makefile.bsd-wrapper > Rewriting USER gets in the way of the de-escalation mechanism as it > shadows the real user's identity. > ok deraadt (natano@) pkg_add ~ OpenBSD/PackageRepository.pm > getting errors is trivial, just don't forget to close the handle and not > return anything in case signature did fail. (espie@) ~ package.5 > document signature change (espie@) relayd ~ proc.c ~ relayd.h > sync proc.c with vmd: add p_pw to specify a non-standard user for a > process. > OK rzalamena@ (reyk@) ~ proc.c > Call setsid() to create a new session for the executed processes. > From deraadt@ > OK rzalamena@ (reyk@) ~ proc.c > Sync with httpd(8) proc file. Check for dup2() usage to avoid oldd == newd > and remove the CLOEXEC with fcntl() if necessary. > ok reyk@ (rzalamena@) switchd ~ ofrelay.c > More debugging (reyk@) ~ ofrelay.c > I added a second buffer as fix for the fact that /dev/switch doesn't > act like a socket. Unfortunately, this broke handling of jumbo > buffers in the adjusted version of ofrelay. Don't abort the > connection until there is no more data to read or the connection has > been closed. > Problem out by rzalamena@ (reyk@) ~ ofp10.c > Move ofp_validate_header() to ofp10.c until we have a better place (reyk@) ~ ofp.c > Remove ofp_validate_header() here (reyk@) ~ proc.c ~ proc.h > sync proc.c with vmd: add p_pw to specify a non-standard user for a > process. > OK rzalamena@ (reyk@) ~ proc.c > Call setsid() to create a new session for the executed processes. > From deraadt@ > OK rzalamena@ (reyk@) ~ proc.c > Sync with httpd(8) proc file. Check for dup2() usage to avoid oldd == newd > and remove the CLOEXEC with fcntl() if necessary. > ok reyk@ (rzalamena@) unbound ~ Makefile.bsd-wrapper > Rewriting USER gets in the way of the de-escalation mechanism as it > shadows the real user's identity. > ok deraadt (natano@) vmd ~ proc.c > Call setsid() to create a new session for the executed processes. > From deraadt@ > OK rzalamena@ (reyk@) ~ config.c ~ parse.y ~ priv.c ~ proc.h ~ virtio.c ~ vm.conf.5 ~ vmd.c ~ vmd.h ~ vmm.c > Add support for enhanced networking configuration and virtual switches. > See vm.conf(5) for more details. > OK mlarkin@ (reyk@) ~ parse.y > Replace one u_int8_t with uint8_t (finger memory) (reyk@) ~ proc.c > Sync with httpd(8) proc file. Check for dup2() usage to avoid oldd == newd > and remove the CLOEXEC with fcntl() if necessary. > ok reyk@ (rzalamena@) =============================================================================== _______________________________________________ odc mailing list [email protected] http://www.squish.net/mailman/listinfo/odc
