OpenBSD src changes summary for 2017-05-31 ==========================================
bin/ksh distrib/miniroot distrib/sets games/battlestar gnu gnu/usr.bin/cc lib/libc regress/bin regress/sys regress/usr.bin sbin/ifconfig share/man share/mk sys/arch/amd64/amd64 sys/arch/amd64/conf sys/arch/amd64/stand/efiboot sys/arch/amd64/stand/libsa sys/arch/i386/conf sys/arch/i386/i386 sys/conf sys/crypto sys/dev/ata sys/dev/ic sys/dev/pci sys/dev/pv sys/kern sys/lib/libsa sys/net sys/net80211 sys/netinet sys/netinet6 sys/sys usr.bin/audioctl usr.bin/cvs usr.bin/from usr.bin/lex usr.bin/mandoc usr.bin/ssh usr.bin/tmux usr.sbin/bgpctl usr.sbin/bgpd usr.sbin/bind usr.sbin/ikectl usr.sbin/ntpd usr.sbin/rebound usr.sbin/relayd usr.sbin/slaacctl usr.sbin/slaacd usr.sbin/smtpd == bin =============================================================== 01/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/bin ksh ~ vi.c > Allow replacement of UTF-8 characters in vi mode. > Reported by Walter Alejandro Iglesias on tech@. > ok schwarze@ tb@ (anton@) ~ vi.c > Let the 's' command delete the right number of bytes when UTF-8 > characters are involved; similar to what anton@ previously did for 'r'; > OK tb@ anton@; > also tested by Walter Alejandro Iglesias <wai at roquesor dot com>. > (schwarze@) == distrib =========================================================== 02/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib miniroot ~ install.sub > Change cp -pR to pax copy mode with -k when copying /etc/skel. This way > we keep existing files in the user's home directory that might have been > installed from siteXX.tgz. Found the hard way by Erling Westenvik. > Thanks to trondd for helpful analysis. > "If that's what it does, I'm all for it" halex (tb@) ~ install.sub > whitespace nit (tb@) sets ~ lists/comp/mi > sync (sthen@) ~ lists/man/mi > sync (tb@) == games ============================================================= 03/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/games battlestar ~ battlestar.c > late game space battles require tty pledge to clear screen, etc. > from tomr (tedu@) == gnu =============================================================== 04/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/gnu gnu ~ gcc/gcc/config/i386/openbsd64.h > Make gcc move switch tables into .rodata instead of .text on i386/amd64 > For C++, gcc has to make use of comdat sections instead > of .gnu.linkonce sections for this because > switch tables and functions would now end up > in different .gnu.linkonce sections. This can cause ld > to sometimes incorrectly discard the switch tables, which causes > linker errors. With comdat sections, making the switch table > and function sections belong together is more reliable. > ok deraadt@ (stefan@) usr.bin/cc ~ cc_tools/auto-host.h > Make gcc move switch tables into .rodata instead of .text on i386/amd64 > For C++, gcc has to make use of comdat sections instead > of .gnu.linkonce sections for this because > switch tables and functions would now end up > in different .gnu.linkonce sections. This can cause ld > to sometimes incorrectly discard the switch tables, which causes > linker errors. With comdat sections, making the switch table > and function sections belong together is more reliable. > ok deraadt@ (stefan@) == lib =============================================================== 05/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib libc ~ sys/Makefile.inc > install futex(2), ok mpi (sthen@) ~ sys/kqueue.2 > Add support for EV_RECEIPT and EV_DISPATCH flags > From FreeBSD via Jan Schreiber <jes at posteo ! de>, thanks! > OK tedu, bluhm (mikeb@) == regress =========================================================== 06/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress bin ~ ksh/vi/vi.sh > Allow replacement of UTF-8 characters in vi mode. > Reported by Walter Alejandro Iglesias on tech@. > ok schwarze@ tb@ (anton@) sys ~ netinet6/frag6/Makefile + netinet6/frag6/pf.conf > As pf blocks packets with IPv6 options header, the tests needs an > allow-opts rule. (bluhm@) usr.bin ~ mdoclint/mdoclint ~ mdoclint/mdoclint.1 > remove -X, it was just migrated to mandoc -Wstyle; OK wiz@ (schwarze@) == sbin ============================================================== 07/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin ifconfig ~ ifconfig.c > fold the vnetid and parent lines into a single encap line. > this is a modest attempt to shorten the ifconfig output. encap wont > show up if neither vnetid or parent are supplied by an interface. > whitespace tweaks from benno@ > output tweaks from reyk@ > ok deraadt@ henning@ (dlg@) == share ============================================================= 08/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share man ~ man4/ral.4 > Add support for Ralink RT5360. From Kevin Lo who tested with a > D-Link DWA-525 rev A2. (jsg@) ~ man5/bsd.port.mk.5 > document COMPILER, this is getting to be clean enough to be documentable > (espie@) ~ man7/Makefile + man7/utf8.7 > add a tiny, to be improved, man page for utf8 encoding. > ok stsp (tedu@) ~ man5/pf.conf.5 > Block IPv6 packets in pf(4) that have hop-by-hop options header or > destination options header. Such packets can be passed by adding > "allow-opts" to the rule. So IPv6 options are handled like their > counterpart in IPv4 now. > tested by benno@; OK henning@ (bluhm@) ~ man5/pf.conf.5 > clarify that translations happen immediately on match rules, not generally > Tony Gong <tony.y.gong at gmail> (henning@) ~ man7/utf8.7 > utf8 has an rfc (tedu@) ~ man5/bsd.port.mk.5 > minor tweaks; (jmc@) ~ man7/utf8.7 > perhaps a few more words about encoding format (tedu@) ~ man7/utf8.7 > section order; (jmc@) ~ man7/airport.7 ~ man7/utf8.7 > use the standard OpenBSD license for new manual pages > rather than some 2-clause variant of the ancient BSD license; > OK benno@ tedu@ (schwarze@) ~ man7/utf8.7 > about ten different improvements; OK tedu@ espie@ bentley@ (schwarze@) mk ~ bsd.dep.mk > Drop -t option from ctags call. > The option has been deprecated for almost 7 years by now. > ok tb@ (anton@) == sys =============================================================== 09/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys arch/amd64/amd64 ~ autoconf.c ~ locore.S + locore0.S > Split early startup code out of locore.S into locore0.S. Adjust link > run so that this locore0.o is always at the start of the executable. > But randomize the link order of all other .o files in the kernel, so > that their exec/rodata/data/bss segments land all over the place. > Late during kernel boot, unmap the early startup code. > As a result, the internal layout of every newly build bsd kernel is > different from past kernels. Internal relative offsets are not known > to an outside attacker. The only known offsets are in the startup code, > which has been unmapped. > Ramdisk kernels cannot be compiled like this, because they are gzip'd. > When the internal pointer references change, the compression dictionary > bloats and results in poorer compression. > ok kettenis mlarkin visa, also thanks to tedu for getting me back to this > (deraadt@) arch/amd64/conf ~ Makefile.amd64 ~ files.amd64 ~ ld.script > Split early startup code out of locore.S into locore0.S. Adjust link > run so that this locore0.o is always at the start of the executable. > But randomize the link order of all other .o files in the kernel, so > that their exec/rodata/data/bss segments land all over the place. > Late during kernel boot, unmap the early startup code. > As a result, the internal layout of every newly build bsd kernel is > different from past kernels. Internal relative offsets are not known > to an outside attacker. The only known offsets are in the startup code, > which has been unmapped. > Ramdisk kernels cannot be compiled like this, because they are gzip'd. > When the internal pointer references change, the compression dictionary > bloats and results in poorer compression. > ok kettenis mlarkin visa, also thanks to tedu for getting me back to this > (deraadt@) arch/amd64/stand/efiboot ~ conf.c ~ efiboot.c ~ efiboot.h > Add serial console support for efiboot. (yasuoka@) arch/amd64/stand/libsa ~ cmd_i386.c > Disable "machine boot" and "machine comaddr" from efiboot. (yasuoka@) ~ dev_i386.c > Add serial console support for efiboot. (yasuoka@) arch/i386/conf ~ Makefile.i386 ~ files.i386 ~ ld.script > Split early startup code out of locore.S into locore0.S. Adjust link > run so that this locore0.o is always at the start of the executable. > But randomize the link order of all other .o files in the kernel, so > that their exec/rodata/data/bss segments land all over the place. > Late during kernel boot, unmap the early startup code. > As a result, the internal layout of every newly build bsd kernel is > different from past kernels. Internal relative offsets are not known > to an outside attacker. The only known offsets are in the startup code, > which has been unmapped. > Ramdisk kernels cannot be compiled like this, because they are gzip'd. > When the internal pointer references change, the compression dictionary > bloats and results in poorer compression. > ok kettenis mlarkin visa, also thanks to tedu for getting me back to this > (deraadt@) arch/i386/i386 ~ autoconf.c ~ locore.s + locore0.S > Split early startup code out of locore.S into locore0.S. Adjust link > run so that this locore0.o is always at the start of the executable. > But randomize the link order of all other .o files in the kernel, so > that their exec/rodata/data/bss segments land all over the place. > Late during kernel boot, unmap the early startup code. > As a result, the internal layout of every newly build bsd kernel is > different from past kernels. Internal relative offsets are not known > to an outside attacker. The only known offsets are in the startup code, > which has been unmapped. > Ramdisk kernels cannot be compiled like this, because they are gzip'd. > When the internal pointer references change, the compression dictionary > bloats and results in poorer compression. > ok kettenis mlarkin visa, also thanks to tedu for getting me back to this > (deraadt@) conf + makegap.sh > Split early startup code out of locore.S into locore0.S. Adjust link > run so that this locore0.o is always at the start of the executable. > But randomize the link order of all other .o files in the kernel, so > that their exec/rodata/data/bss segments land all over the place. > Late during kernel boot, unmap the early startup code. > As a result, the internal layout of every newly build bsd kernel is > different from past kernels. Internal relative offsets are not known > to an outside attacker. The only known offsets are in the startup code, > which has been unmapped. > Ramdisk kernels cannot be compiled like this, because they are gzip'd. > When the internal pointer references change, the compression dictionary > bloats and results in poorer compression. > ok kettenis mlarkin visa, also thanks to tedu for getting me back to this > (deraadt@) crypto ~ xform.c > make the AES-XTS mode a little more constant-time, though the AES > implementation that it depends on currently isn't. > ok mikeb tom (djm@) dev/ata ~ atascsi.h > fix SATA_SStatus_DET_OFFLINE value and add newer SStatus bits > from Imre Vadasz via sf@ (jmatthew@) ~ atascsi.h > add some details relating to SATA device power management > part of a diff from Imre Vadasz via sf@ (jmatthew@) dev/ic ~ rt2860.c ~ rt2860reg.h > Add support for Ralink RT5360. From Kevin Lo who tested with a > D-Link DWA-525 rev A2. (jsg@) ~ dpt.c > avoid going outside array bounds > ok krw@ deraadt@ (jsg@) ~ ath.c > The net80211 stack was providing a 'beacon miss timeout' value (in ms) > which specified how much time may elapse without beacons before drivers > begin searching for a new AP. > Drivers convert this timeout value into the amount of beacons they're > allowed > to miss. Having the stack provide this number upfront simplifies things. > ok mpi@ (stsp@) dev/pci ~ pcidevs > Add Ralink RT5360. From Kevin Lo. (jsg@) ~ pcidevs.h ~ pcidevs_data.h > regen (jsg@) ~ if_ral_pci.c > Add support for Ralink RT5360. From Kevin Lo who tested with a > D-Link DWA-525 rev A2. (jsg@) ~ if_iwm.c > Implement support for iwm(4) firmware's missed beacon notification. > Requested by deraadt@ > ok mpi@ (stsp@) ~ if_iwm.c > Add missing function prototype for iwm_rx_bmiss(). (stsp@) ~ virtio_pci.c > virtio_pci: Support IPL_MPSAFE interrupt handlers (sf@) ~ if_iwm.c > The net80211 stack was providing a 'beacon miss timeout' value (in ms) > which specified how much time may elapse without beacons before drivers > begin searching for a new AP. > Drivers convert this timeout value into the amount of beacons they're > allowed > to miss. Having the stack provide this number upfront simplifies things. > ok mpi@ (stsp@) ~ if_iwm.c > add ieee80211_min_basic_rate() to iwm(4), to select the lowest available > datarate for management frames > based on revs 1.187 and r 1.188 from iwn(4) > OK stsp@ (phessler@) ~ if_iwm.c > another place to use ieee80211_min_basic_rate() to select the minimum tx > rate > OK stsp@ (phessler@) ~ if_iwn.c > Implement support for missed beacon notifications in iwn(4). > Works with WIFIonICE. > ok phessler@ (stsp@) dev/pv ~ virtio.c > Optimize virtio_enqueue_trim() a bit by nuking unneeded > re-initializations of statically set fields. Move a common > chunk out of both clauses of if/else. > No intentional functional change. > ok sf@ (krw@) kern ~ uipc_socket.c > new socketoption SO_ZEROIZE: zero out all mbufs sent over socket > ok deraadt bluhm (markus@) ~ kern_event.c > Add support for EV_RECEIPT and EV_DISPATCH flags > From FreeBSD via Jan Schreiber <jes at posteo ! de>, thanks! > OK tedu, bluhm (mikeb@) lib/libsa ~ aes_xts.c > make the AES-XTS mode a little more constant-time, though the AES > implementation that it depends on currently isn't. > ok mikeb tom (djm@) net ~ if_vlan.c > make vlan use their parents lladdr all the time, not just when theyre up. > krw@ has been having issues with dhclient on vlan interfaces because > i made them only configure the lladdr when they were brought up. > dhclient likes to read the mac address and then bring them up. > this makes vlan copy the parents lladdr onto the vlan interface > when the parent is configured. this probably helps with v6 addresses > on vlan interfaces too. > the new code still supports configuring a custom lladdr on a vlan > interface. this can be done both before and after a parent is > configured, and if a parent is removed. > while here, if the parent is reconfigured while the vlan is up, dont > error if the new parent is the same as the current one. this should > make running netstart again less noisy. > ok krw@ (dlg@) ~ if.c ~ if_ethersubr.c ~ if_switch.c > Move IPv4 & IPv6 incoming/forwarding path, PIPEX ppp processing and > IPv4 & IPv6 dispatch functions outside the KERNEL_LOCK(). > We currently rely on the NET_LOCK() serializing access to most global > data structures for that. IP input queues are no longer used in the > forwarding case. They still exist as boundary between the network and > transport layers because TCP/UDP & friends still need the KERNEL_LOCK(). > Since we do not want to grab the NET_LOCK() for every packet, the > softnet thread will do it once before processing a batch. That means > the L2 processing path, which is currently running without lock, will > now run with the NET_LOCK(). > IPsec isn't ready to run without KERNEL_LOCK(), so the softnet thread > will grab the KERNEL_LOCK() as soon as ``ipsec_in_use'' is set. > Tested by Hrvoje Popovski. > ok visa@, bluhm@, henning@ (mpi@) ~ pf.c > Block IPv6 packets in pf(4) that have hop-by-hop options header or > destination options header. Such packets can be passed by adding > "allow-opts" to the rule. So IPv6 options are handled like their > counterpart in IPv4 now. > tested by benno@; OK henning@ (bluhm@) ~ if_pflow.c ~ if_pflow.h > Use mbuf_queue to properly serialize access to pflow output queue. > Input from mpi@, jmatthew@; OK mpi@, henning@, benno@ (visa@) net80211 ~ ieee80211.c ~ ieee80211_var.h > The net80211 stack was providing a 'beacon miss timeout' value (in ms) > which specified how much time may elapse without beacons before drivers > begin searching for a new AP. > Drivers convert this timeout value into the amount of beacons they're > allowed > to miss. Having the stack provide this number upfront simplifies things. > ok mpi@ (stsp@) netinet ~ ip_input.c ~ ip_var.h > Move IPv4 & IPv6 incoming/forwarding path, PIPEX ppp processing and > IPv4 & IPv6 dispatch functions outside the KERNEL_LOCK(). > We currently rely on the NET_LOCK() serializing access to most global > data structures for that. IP input queues are no longer used in the > forwarding case. They still exist as boundary between the network and > transport layers because TCP/UDP & friends still need the KERNEL_LOCK(). > Since we do not want to grab the NET_LOCK() for every packet, the > softnet thread will do it once before processing a batch. That means > the L2 processing path, which is currently running without lock, will > now run with the NET_LOCK(). > IPsec isn't ready to run without KERNEL_LOCK(), so the softnet thread > will grab the KERNEL_LOCK() as soon as ``ipsec_in_use'' is set. > Tested by Hrvoje Popovski. > ok visa@, bluhm@, henning@ (mpi@) netinet6 ~ ip6_input.c ~ ip6_var.h > Move IPv4 & IPv6 incoming/forwarding path, PIPEX ppp processing and > IPv4 & IPv6 dispatch functions outside the KERNEL_LOCK(). > We currently rely on the NET_LOCK() serializing access to most global > data structures for that. IP input queues are no longer used in the > forwarding case. They still exist as boundary between the network and > transport layers because TCP/UDP & friends still need the KERNEL_LOCK(). > Since we do not want to grab the NET_LOCK() for every packet, the > softnet thread will do it once before processing a batch. That means > the L2 processing path, which is currently running without lock, will > now run with the NET_LOCK(). > IPsec isn't ready to run without KERNEL_LOCK(), so the softnet thread > will grab the KERNEL_LOCK() as soon as ``ipsec_in_use'' is set. > Tested by Hrvoje Popovski. > ok visa@, bluhm@, henning@ (mpi@) sys ~ event.h > make a copy of the first EV_SET argument to prevent multiple evaluation. > matches freebsd, fixes lldb. from Kamil Rytarowski at NetBSD. > while here, make the same change to KNOTE. ok deraadt (tedu@) ~ socket.h > new socketoption SO_ZEROIZE: zero out all mbufs sent over socket > ok deraadt bluhm (markus@) ~ event.h > Add support for EV_RECEIPT and EV_DISPATCH flags > From FreeBSD via Jan Schreiber <jes at posteo ! de>, thanks! > OK tedu, bluhm (mikeb@) == usr.bin =========================================================== 10/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin audioctl ~ audioctl.c > close fd on an exit path (jsg@) cvs ~ tag.c > Fix opencvs tag so it does not attempt to to local operations in a remote > setup. > While here make sure the "up-to-date" check (-c) works as one expects. > (joris@) ~ annotate.c > fix indentation (joris@) ~ repository.c > When unlocking a directory only unlock the given one rather then all > repo_locks. (joris@) ~ rcs.c > Plug memleak in rcs_translate_tag() that was causing havoc on large repos. > (joris@) ~ commit.c > Do not use CVS_LOCK_REPO for committing. > This flag tells our file recursion code that for each directory entered > we should lock it. Commit however locks all relevant directories on its > own when it is about to make changes and should not depend on the file > recursion code to do so. (joris@) from ~ from.c > Use ferror() to check for getline() failure. From Scott Cheloha. > OK jung@ (millert@) lex ~ scanopt.c ~ scanopt.h > we can just use void for functions that always return 0. > from Michael W. Bombardieri (tedu@) mandoc ~ mandoc.1 ~ mandoc.h ~ mdoc_validate.c ~ read.c > STYLE message about missing use of Ox/Nx/Fx/Dx; OK jmc@ wiz@ (schwarze@) ssh ~ channels.c > fix possible OOB strlen() in SOCKS4A hostname parsing; ok markus@ (djm@) ~ kexc25519c.c > one more void *ctx => struct ssh *ssh conversion (djm@) ~ kexc25519s.c > one more void *ctx => struct ssh *ssh conversion (djm@) ~ PROTOCOL.certkeys > spell out that custom options/extensions should follow the usual SSH > naming rules, e.g. "[email protected]" (djm@) ~ sshconnect2.c > another ctx => ssh conversion (in GSSAPI code) (djm@) ~ auth2.c > use the ssh_dispatch_run_fatal variant (markus@) ~ auth2.c ~ clientloop.c ~ dispatch.c ~ dispatch.h ~ serverloop.c ~ ssh-keyscan.c ~ sshconnect2.c ~ sshd.c > remove now obsolete ctx from ssh_dispatch_run; ok djm@ (markus@) ~ monitor.c ~ monitor_wrap.h ~ opacket.h ~ packet.c ~ packet.h ~ session.c ~ sshd.c ~ umac.c > clear session keys from memory; ok djm@ (markus@) ~ channels.c ~ packet.c > These shutdown() SHUT_RDWR are not needed before close() > ok djm markus claudio (deraadt@) ~ auth2-pubkey.c ~ authfile.c ~ bitmap.c ~ clientloop.c ~ hostfile.c ~ krl.c ~ misc.c ~ scp.c ~ session.c ~ ssh-pkcs11.c ~ sshbuf.c ~ sshkey.c ~ utf8.c ~ xmalloc.c ~ xmalloc.h > Switch to recallocarray() for a few operations. Both growth and shrinkage > are handled safely, and there also is no need for preallocation dances. > Future changes in this area will be less error prone. > Review and one bug found by markus (deraadt@) ~ monitor.c > use SO_ZEROIZE for privsep communication (if available) (markus@) ~ auth-options.c ~ auth-options.h ~ auth2-pubkey.c > make sure we don't pass a NULL string to vfprintf (triggered by the > principals-command regress test); ok bluhm (markus@) tmux ~ tmux.h ~ tty-term.c ~ tty.c > Look for setrgbf and setrgbb terminfo extensions for RGB colour. This is > the most reasonable of the various (some bizarre) suggestions for > capabilities. (nicm@) ~ server-client.c ~ tmux.h ~ window.c > Because we defer actually resizing applications (calling TIOCSWINSZ) > until the end of the server loop, tmux may have gone through several > internal resizes in between. This can be a problem if the final size is > the same as the initial size (what the application things it currently > is), because the application may choose not to redraw, assuming the > screen state is unchanged, when in fact tmux has thrown away parts of > the screen, assuming the application will redraw them. > To avoid this, do an extra resize if the new size is the same size as > the initial size. This should force the application to redraw when tmux > needs it to, while retaining the benefits of deferring (so we now resize > at most two times instead of at most one - and only two very rarely). > Fixes a problem with break-pane and zoomed panes reported by Michal > Mazurek. (nicm@) ~ server-client.c ~ tmux.h ~ tty.c > It is not OK to ignore SIGWINCH if SIOCGWINSZ reports the size has > unchanged, because it may have changed and changed back in the time > between us getting the signal and calling ioctl(). Always redraw when we > see SIGWINCH. (nicm@) ~ server-client.c ~ tmux.h > Some applications like vi(1) and tmux until 10 minutes or so ago, do not > redraw on SIGWINCH if the size returns to the original size between the > original SIGWINCH and when they get around to calling TIOCGWINSZ. So use > the existing resize timer to introduce a small delay between the two > resizes. (nicm@) ~ window-buffer.c > Need time.h. (nicm@) ~ window-client.c > time.h here too. (nicm@) ~ cmd-find-window.c > Shut up a warning. (nicm@) ~ cmd-set-option.c ~ format.c ~ job.c ~ options.c ~ screen-write.c ~ utf8.c ~ window-buffer.c > Style and spacing nits. (nicm@) == usr.sbin ========================================================== 11/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin bgpctl ~ bgpctl.c > Update ext community printer to the changes done in bgpd. > OK henning@ benno@ (claudio@) bgpd ~ bgpd.h ~ kroute.c ~ parse.y ~ printconf.c ~ rde_attr.c ~ util.c > Rework the way we do extended communities (mainly in the parser) and update > the IANA table to a somewhat more complete list. This includes BGP Prefix > Origin Validation State support via the ext-community ovs keyword. > OK henning@ benno@ based on a diff by Job Snijders (claudio@) ~ kroute.c > Oups, that should have not been committed. Revert. (claudio@) ~ bgpd.8 ~ bgpd.conf.5 > Man page bits for ext-community which grew a few more subtypes. > Based on a diff from Job Snijders (claudio@) ~ parse.y > Too vs To. Found by Denis Fondras openbsd (at) ledeuns (dot) net (claudio@) bind ~ bin/dig/dighost.c > add a workaround for the rebound portjacking hijinks. ok millert (tedu@) ikectl ~ ikeca.c > ca_revoke() gets called two ways. Directly from ca_opt() with keyname > set to the cert to revoke, and indirectly from ca_create() with a > keyname set to NULL. > ca_create() sets REQ_EXT so avoid setting it in ca_revoke() when keyname > is NULL and the crl database is being initialised. > Avoids "REQ_EXT already set" when creating a CA error introduced > in rev 1.44 which set REQ_EXT unconditionally in ca_revoke(). (jsg@) ntpd ~ ntpd.conf.5 > tweak previous; (jmc@) rebound ~ rebound.c > use strerror; from Edgar Pettijohn (deraadt@) relayd ~ relayd.c > Fix a memory leak in pkey_add() error path. All current callers fatal > if pkey_add() fails. (jsg@) slaacctl ~ slaacctl.8 > No slaacd.conf(5) is currently planned. Remove Xr to nonexistent manual. > ok florian (tb@) slaacd ~ engine.c ~ frontend.c ~ slaacd.h > remove DEBUG_IMSG; I have figured out imsg flow by now; no binary > change (florian@) ~ engine.c > do not leak address and dfr proposals if an interface goes away (florian@) ~ engine.c > Deleting a default route proposal is a bit of work and the code got > copied around (not always correctly). Introduce free_dfr_proposal() to > have this in one place. (florian@) smtpd ~ dns.c > typo; from Edgar Pettijohn (deraadt@) =============================================================================== _______________________________________________ odc mailing list [email protected] http://www.squish.net/mailman/listinfo/odc
