OpenBSD src changes summary for 2017-06-08 ==========================================
Makefile.cross distrib/sets regress/usr.bin regress/usr.sbin sbin/ifconfig share/man sys/arch/armv7/stand/efiboot sys/arch/landisk/conf sys/arch/landisk/landisk sys/arch/loongson/conf sys/arch/loongson/loongson sys/arch/mips64/include sys/arch/mips64/mips64 sys/arch/octeon/octeon sys/arch/sgi/conf sys/arch/sgi/sgi sys/dev/ic sys/kern sys/netinet6 sys/sys usr.bin/lastcomm usr.bin/mandoc usr.bin/tmux usr.sbin/cron usr.sbin/ikectl == Makefile.cross ==================================================== 01/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/Makefile.cross Makefile.cross > Pass CC and CXX to make depend as well. As soon as we support > dependencies in the clang makefiles we need to make sure to use > a compiler that supports C++11. (patrick@) == distrib =========================================================== 02/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib sets ~ lists/comp/md.luna88k > Add a missing header file. > ok deraadt@ (aoyama@) == regress =========================================================== 03/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress usr.bin + lastcomm/Makefile + lastcomm/crash.c + lastcomm/LICENSE > New import: > Start with a clean /var/account/acct accounting file and turn on ~ Makefile > Link lastcomm regress to build. (bluhm@) ~ mandoc/tbl/mod/Makefile + mandoc/tbl/mod/width.in + mandoc/tbl/mod/width.out_ascii > Implement w layout specifier (minimum column width). > Improve width calculation of text blocks. > Reduces the groff/mandoc diff in Base+Xenocara by about 800 lines. > (schwarze@) ~ mdoclint/mdoclint ~ mdoclint/mdoclint.1 > delete -e and -l, now covered by mandoc; OK jmc@ wiz@ (schwarze@) usr.sbin ~ syslogd/args-client-multilisten.pl > Start syslogd with -rr. With different timing the order of messages > changed. Then a "last message repeated" confused the test. (bluhm@) == sbin ============================================================== 04/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin ifconfig ~ ifconfig.8 > consistently use lowercase suffixes for 802.1 things. > eg, 802.1x, 802.1q, and 802.1ad (dlg@) ~ ifconfig.8 ~ ifconfig.c > remove the timeslot code, it was only for now deleted T1 devices. > ok sthen (tedu@) == share ============================================================= 05/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share man ~ man4/vlan.4 > consistently use lowercase for the 802.1 suffixes. (dlg@) ~ man9/RBT_INIT.9 > add RBT_SET_LEFT, RBT_SET_RIGHT, and RBT_SET_PARENT > this are provided so an RBT and it's topology can be copied without > having to reinsert the copied nodes into a new tree. > there are two reasons RBT_LEFT/RIGHT/PARENT macros cant be used like > RB_LEFT/RIGHT/PARENT for this. firstly, RBT_LEFT and co are functions that > return a pointer value, they dont provide access to the pointer > itself for use as an lvalue that you can assign to. secondly, RBT > entries dont store pointers to other nodes, they point to the > RBT_ENTRY structures inside other nodes. this means that RBT_SET_LEFT > and co have to get an offset from the node to the RBT_ENTRY and > store that. (dlg@) ~ man4/gre.4 > wrec.org is dead. Use working links instead. > patch from jj, found by "Norrland" on icb. Thanks! (tb@) ~ man5/pf.conf.5 > clarify set prio: the second prio given applies to > 1) TCP ACKs > 2) packets with ToS=lowdelay > and not TCP ACKs that have ToS=lowdelay > confusion discovered during bsdcan pf tutorial (henning@) ~ man5/acct.5 > ASLR, W^X, and guard pages trigger processor traps that result in > SIGILL, SIGBUS, SIGSEGV signals. Make such memory violations visible > in lastcomm(1). This also works if a programm tries to hide them > with a signal handler. Manual kill -SEGV does not generate false > positives. > OK deraadt@ (bluhm@) ~ man7/tbl.7 > Implement w layout specifier (minimum column width). > Improve width calculation of text blocks. > Reduces the groff/mandoc diff in Base+Xenocara by about 800 lines. > (schwarze@) == sys =============================================================== 06/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys arch/armv7/stand/efiboot ~ exec.c > Remove esym (.data) patching. Thanks to Mark we stopped requiring this > and with the random-order kernel we shouldn't be doing that anyway. > ok kettenis@ (patrick@) arch/landisk/conf ~ Makefile.landisk ~ files.landisk > Split early startup code out of locore.S into locore0.S. Adjust link > run so that this locore0.o is always at the start of the executable. > But randomize the link order of all other .o files in the kernel, so > that their exec/rodata/data/bss segments land all over the place. > I haven't worked on the unmap/smashing of the startup code yet. (deraadt@) arch/landisk/landisk ~ locore.S + locore0.S > Split early startup code out of locore.S into locore0.S. Adjust link > run so that this locore0.o is always at the start of the executable. > But randomize the link order of all other .o files in the kernel, so > that their exec/rodata/data/bss segments land all over the place. > I haven't worked on the unmap/smashing of the startup code yet. (deraadt@) arch/loongson/conf ~ Makefile.loongson ~ files.loongson > Split early startup code out of locore.S into locore0.S. Adjust link > run so that this locore0.o is always at the start of the executable. > But randomize the link order of all other .o files in the kernel, so > that their exec/rodata/data/bss segments land all over the place. > Late during kernel boot, smash the startup code with traps so that > it does not point to the other randomly placed code. It has be smashed, > because loongson runs in the kseg0 space. > As a result, the internal layout of every newly build bsd kernel is > different from past kernels. Internal relative offsets are not known > to an outside attacker. > Ramdisk kernels cannot be compiled like this, because they are gzip'd. > When the internal pointer references change, the compression dictionary > bloats and results in poorer compression. (visa@) arch/loongson/loongson ~ autoconf.c ~ locore.S + locore0.S > Split early startup code out of locore.S into locore0.S. Adjust link > run so that this locore0.o is always at the start of the executable. > But randomize the link order of all other .o files in the kernel, so > that their exec/rodata/data/bss segments land all over the place. > Late during kernel boot, smash the startup code with traps so that > it does not point to the other randomly placed code. It has be smashed, > because loongson runs in the kseg0 space. > As a result, the internal layout of every newly build bsd kernel is > different from past kernels. Internal relative offsets are not known > to an outside attacker. > Ramdisk kernels cannot be compiled like this, because they are gzip'd. > When the internal pointer references change, the compression dictionary > bloats and results in poorer compression. (visa@) ~ autoconf.c > Move loongson/octeon/sgi unmap_startup() under arch/mips64. (visa@) arch/mips64/include ~ autoconf.h > Move loongson/octeon/sgi unmap_startup() under arch/mips64. (visa@) arch/mips64/mips64 ~ mips64_machdep.c > Move loongson/octeon/sgi unmap_startup() under arch/mips64. (visa@) arch/octeon/octeon ~ autoconf.c > Move loongson/octeon/sgi unmap_startup() under arch/mips64. (visa@) ~ locore.S ~ locore0.S > Wrap startup code with .ent and .end for proper disassembly. (visa@) arch/sgi/conf ~ Makefile.sgi ~ files.sgi > Split early startup code out of locore.S into locore0.S. Adjust link > run so that this locore0.o is always at the start of the executable. > But randomize the link order of all other .o files in the kernel, so > that their exec/rodata/data/bss segments land all over the place. > Late during kernel boot, smash the startup code with traps so that > it does not point to the other randomly placed code. It has be smashed, > because sgi runs in the kseg0 or xkphys space. > As a result, the internal layout of every newly build bsd kernel is > different from past kernels. Internal relative offsets are not known > to an outside attacker. > Ramdisk kernels cannot be compiled like this, because they are gzip'd. > When the internal pointer references change, the compression dictionary > bloats and results in poorer compression. (visa@) arch/sgi/sgi ~ autoconf.c ~ locore.S + locore0.S > Split early startup code out of locore.S into locore0.S. Adjust link > run so that this locore0.o is always at the start of the executable. > But randomize the link order of all other .o files in the kernel, so > that their exec/rodata/data/bss segments land all over the place. > Late during kernel boot, smash the startup code with traps so that > it does not point to the other randomly placed code. It has be smashed, > because sgi runs in the kseg0 or xkphys space. > As a result, the internal layout of every newly build bsd kernel is > different from past kernels. Internal relative offsets are not known > to an outside attacker. > Ramdisk kernels cannot be compiled like this, because they are gzip'd. > When the internal pointer references change, the compression dictionary > bloats and results in poorer compression. (visa@) ~ autoconf.c > Move loongson/octeon/sgi unmap_startup() under arch/mips64. (visa@) dev/ic ~ gem.c > make the gem tx path MPSAFE. > this mostly follows the pattern in ifq.h > ok jmatthew@ (dlg@) kern ~ subr_tree.c > add RBT_SET_LEFT, RBT_SET_RIGHT, and RBT_SET_PARENT > this are provided so an RBT and it's topology can be copied without > having to reinsert the copied nodes into a new tree. > there are two reasons RBT_LEFT/RIGHT/PARENT macros cant be used like > RB_LEFT/RIGHT/PARENT for this. firstly, RBT_LEFT and co are functions that > return a pointer value, they dont provide access to the pointer > itself for use as an lvalue that you can assign to. secondly, RBT > entries dont store pointers to other nodes, they point to the > RBT_ENTRY structures inside other nodes. this means that RBT_SET_LEFT > and co have to get an offset from the node to the RBT_ENTRY and > store that. (dlg@) ~ subr_tree.c > use unsigned long instead of caddr_t to move between nodes and entries. > this removes the need for sys/param.h. this code can be built with > only sys/tree.h, which in turn only needs sys/_null.h. (dlg@) ~ subr_tree.c > make rb_n2e return a struct rb_entry *, not void * > maybe this will help prevent misassignment in the future. (dlg@) ~ kern_sig.c > ASLR, W^X, and guard pages trigger processor traps that result in > SIGILL, SIGBUS, SIGSEGV signals. Make such memory violations visible > in lastcomm(1). This also works if a programm tries to hide them > with a signal handler. Manual kill -SEGV does not generate false > positives. > OK deraadt@ (bluhm@) netinet6 ~ nd6_nbr.c > Notify userland when a new ND is reachable. > The same notification is already present in ARP. > From Jan Klemkow, ok bluhm@ (mpi@) sys ~ tree.h > add RBT_SET_LEFT, RBT_SET_RIGHT, and RBT_SET_PARENT > this are provided so an RBT and it's topology can be copied without > having to reinsert the copied nodes into a new tree. > there are two reasons RBT_LEFT/RIGHT/PARENT macros cant be used like > RB_LEFT/RIGHT/PARENT for this. firstly, RBT_LEFT and co are functions that > return a pointer value, they dont provide access to the pointer > itself for use as an lvalue that you can assign to. secondly, RBT > entries dont store pointers to other nodes, they point to the > RBT_ENTRY structures inside other nodes. this means that RBT_SET_LEFT > and co have to get an offset from the node to the RBT_ENTRY and > store that. (dlg@) ~ tree.h > remove the _rb_color prototype in RBT, it's unused/unimplimented (dlg@) ~ acct.h > ASLR, W^X, and guard pages trigger processor traps that result in > SIGILL, SIGBUS, SIGSEGV signals. Make such memory violations visible > in lastcomm(1). This also works if a programm tries to hide them > with a signal handler. Manual kill -SEGV does not generate false > positives. > OK deraadt@ (bluhm@) == usr.bin =========================================================== 07/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin lastcomm ~ lastcomm.1 ~ lastcomm.c > ASLR, W^X, and guard pages trigger processor traps that result in > SIGILL, SIGBUS, SIGSEGV signals. Make such memory violations visible > in lastcomm(1). This also works if a programm tries to hide them > with a signal handler. Manual kill -SEGV does not generate false > positives. > OK deraadt@ (bluhm@) mandoc ~ mandoc.1 ~ mandoc.h ~ read.c > Portable mandoc just got a warning about unknown .Lb names > which we don't want in OpenBSD, but let's keep the message table > and the manual page in sync. (schwarze@) ~ html.c ~ man_html.c ~ man_term.c ~ mdoc_man.c ~ mdoc_term.c ~ out.c ~ out.h ~ roff_html.c ~ roff_term.c ~ term.c ~ term_tab.c > make the internal a2roffsu() interface more powerful by returning > a pointer to the end of the parsed data, making it easier to > parse subsequent bytes (schwarze@) ~ mandoc.h ~ out.c ~ out.h ~ tbl.c ~ tbl_data.c ~ tbl_html.c ~ tbl_layout.c ~ tbl_term.c > Implement w layout specifier (minimum column width). > Improve width calculation of text blocks. > Reduces the groff/mandoc diff in Base+Xenocara by about 800 lines. > (schwarze@) ~ roff.c > Properly reinitialize roffce_node between parses, > or this may crash with use-after-free in makewhatis(8); > reported by jmc@, thanks! (schwarze@) tmux ~ window-client.c > Add size to client descriptions in list, suggested by Greg Hurrell. (nicm@) == usr.sbin ========================================================== 08/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin cron ~ atrun.c > Add logging for when we find a non-file in the at spool that was > a file when we scanned the at spool earlier. (millert@) ~ cron.8 > update permissions info to match recent changes (millert@) ikectl ~ ikeca.c > Invoke openssl with -passin file rather than -key in ca_revoke(). > From Andrei-Marius Radu via sthen@ (jsg@) =============================================================================== _______________________________________________ odc mailing list [email protected] http://www.squish.net/mailman/listinfo/odc
