OpenBSD src changes summary for 2017-08-10 ==========================================
games/caesar games/fortune gnu include/errno.h include/tib.h lib/libssl lib/libtls regress/lib regress/misc regress/sbin sbin/dhclient sbin/route sys/arch/sparc64/sparc64 sys/crypto sys/ddb sys/dev/pci sys/dev/pv sys/dev/usb sys/dev/wscons sys/kern sys/miscfs/fuse sys/net sys/netinet sys/netinet6 sys/nfs usr.bin/calendar usr.sbin/bgpctl usr.sbin/bgpd usr.sbin/ntpd usr.sbin/rtadvd usr.sbin/snmpctl usr.sbin/vmctl usr.sbin/vmd == games ============================================================= 01/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/games caesar ~ caesar.c > convert source code frequencies to match those in the man page (tedu@) fortune ~ fortune/fortune.c > Treat backspace as printable in sanitize() for non-UTF8 locales. > Fixes printing of fortunes that use a combination of backspace and > underbars for underlining in non-UTF8 locales. OK schwarze@ (millert@) == gnu =============================================================== 02/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/gnu gnu ~ lib/Makefile > Unlink libobjc. It is not used in base, and ports are pulling in libobjc2 > from ports. > ok bluhm@ sebastia@ dcoppa@ (mortimer@) == include =========================================================== 03/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/include errno.h ~ errno.h > ___errno (three underbars) is long gone (guenther@) tib.h ~ tib.h > fix typo in comment (guenther@) == lib =============================================================== 04/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib libssl ~ s3_lib.c ~ ssl.h ~ ssl_cert.c ~ ssl_lib.c ~ ssl_locl.h ~ ssl_srvr.c ~ t1_lib.c > Clean up the EC key/curve configuration handling. > Over the years OpenSSL grew multiple ways of being able to specify EC keys > (and/or curves) for use with ECDH and ECDHE key exchange. You could specify > a static EC key (SSL{_CTX,}_set_tmp_ecdh()), use that as a curve and > generate ephemeral keys (SSL_OP_SINGLE_ECDH_USE), provide the EC key via > a callback that was provided with insufficient information > (SSL{_CTX,}_set_tmp_ecdh_cb()) or enable automatic selection and generation > of EC keys via SSL{_CTX,}_set_ecdh_auto(). This complexity leads to > problems (like ECDHE not being enabled) and potential weird configuration > (like being able to do ECDHE without the ephemeral part...). > We no longer support ECDH and ECDHE can be disabled by removing ECDHE > ciphers from the cipher list. As such, permanently enable automatic EC > curve selection and generation, effectively disabling all of the > configuration knobs. The only exception is the > SSL{_CTX,}_set_tmp_ecdh() functions, which retain part of their previous > behaviour by configuring the curve of the given EC key as the only curve > being enabled. Everything else becomes a no-op. > ok beck@ doug@ (jsing@) libtls ~ Symbols.list ~ tls.h ~ tls_client.c ~ tls_config.c ~ tls_internal.h ~ tls_server.c ~ man/tls_config_set_protocols.3 > Add a tls_config_set_ecdhecurves() function to libtls, which allows the > names of the elliptic curves that may be used during client and server > key exchange to be specified. > This deprecates tls_config_set_ecdhecurve(), which could only be used to > specify a single supported curve. > ok beck@ (jsing@) == regress =========================================================== 05/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress lib + libc/locale/uselocale/Makefile + libc/locale/uselocale/uselocale.c > first draft of tests for newlocale(3), duplocale(3), uselocale(3) > (schwarze@) misc - objc/Makefile - objc/main.m ~ Makefile > Objective-C has been removed from base, do not test whether compiling > it works. (bluhm@) sbin ~ route/Makefile > Test that 'route change' has no effect on a RTF_LOCAL route. (mpi@) ~ route/Makefile > Use "! cmd" for commands that are expected to fail. > Suggested by bluhm@ (mpi@) == sbin ============================================================== 06/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin dhclient ~ dhclient.c ~ dhcpd.h ~ kroute.c ~ privsep.c ~ privsep.h > Add IMSG_SET_RESOLV_CONF and keep the cached contents > in the priv process, so that they do not have to be > continually retransmitted. IMSG_WRITE_RESOLV_CONF > now just triggers a write of the cached info. > Simplifies a bunch of logic. (krw@) route ~ keywords.h ~ keywords.sh ~ route.c > allow "del" in addition to "delete" > from Denis Fondras, positive feedback from sthen@ and deraadt@ > ok jca@ (benno@) ~ route.8 ~ route.c > autodetect AF when setting inet6 default route > From Denis Fondras, thanks! > ok phessler@ bluhm@ (benno@) ~ route.8 > document use of del as short form for delete, from jca > ok schwarze@ (benno@) == sys =============================================================== 07/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys arch/sparc64/sparc64 ~ openfirm.c > With a CTF kernel, DDB's print command will now pretty-print symbols. > Casting a type is not yet supported. > ok kettenis@, jasper@ (mpi@) crypto ~ cryptodev.h > the userland crypto interface died long ago, can clean up the header > (tedu@) ddb ~ db_command.c ~ db_ctf.c ~ db_elf.c ~ db_expr.c ~ db_sym.h > With a CTF kernel, DDB's print command will now pretty-print symbols. > Casting a type is not yet supported. > ok kettenis@, jasper@ (mpi@) dev/pci ~ drm/drm_linux.h > Add glue for passing through file+line when WITNESS is enabled > ok kettenis@ (guenther@) ~ mpii.c > Remove a leftover bit that was dereferencing an uninitialized pointer > Coverity CID 1453398; ok deraadt. (mikeb@) ~ azalia.c > Power off all codecs on shutdown to eliminate static noise in speakers > or headphones on reboot. > From Manuel Giraud <manuel () ledu-giraud ! fr> > Tweaks & ok ratchov (tb@) dev/pv ~ hypervic.c > Fail if unknown type of an address family was specified > Coverity CID 1452981; Severity: unlikely, not user-visible. (mikeb@) ~ if_hvn.c > Fixup upper bound for the completion descriptor identifier > Coverity CID 1452864; Severity: unlikely, not user-visible. (mikeb@) ~ hvs.c > Buffer size for the SCSI vendor string should be 8 char long > A vendor and part of the product string got copied into a larger > on-stack buffer as a result of an out-of-bounds access, however > only 4 characters are meaningful in this context. > Coverity CID 1453206; Severity: insignificant. (mikeb@) ~ hvs.c > Correct the upper bound for the command size before the passthrough > Coverity CID 1453317; Severity: unlikely, not user-visible. (mikeb@) ~ virtio.c > Add missing comma that caused a concatenated string. Fixes printing of > the device names of "9P Transport" and "mac80211 wlan" virtio devices. > Coverity CID 1453254; Severity: Insignificant > OK mikeb@ (reyk@) ~ if_vio.c > Fix copy-paste error in the error path of vio_alloc_mem() that checked > the wrong variable (sc_tx_dmamaps[i] instead of sc_rx_dmamaps[i]). > Coverity CID 1452937; Severity: Minor > OK mikeb@ (reyk@) ~ vioblk.c > sector_count is uninitialized if the SCSI cmdlen is not 6, 10, 12 or > 16 bytes long. This cannot happen. But it is good to silence the > uninitialized variable warning. > Coverity CID 1453104; Severity: Insignificant > OK mikeb@ (reyk@) ~ xenstore.c > Prevent an unlikely resource leak > Coverity CID 1453069; Severity: unlikely, not user-visible. (mikeb@) ~ xen.c > Don't forget to call va_end in xen_hypercall > Coverity CID 1453343 (mikeb@) dev/usb ~ umcs.c > Deactivate the device if I/O fails in attach. > Coverity CID 1453399; ok deraadt@ (mpi@) dev/wscons ~ wsemul_vt100.c > Remove some case statements which have been compiled out since 2000. > OK mpi@ (fcambus@) kern ~ uipc_socket.c > The socket field so_proto can never be NULL. Remove the checks. > OK mpi@ visa@ (bluhm@) ~ kern_rwlock.c > Make rw_enter() always succeed after a panic. > This prevents deadlocks when doing 'boot reboot' after the kernel panic'd. > Discussed with bluhm@ and guenther@, ok visa@ (mpi@) ~ uipc_socket.c ~ uipc_syscalls.c > Move the solock()/sounlock() dance outside of sobind(). > ok phessler@, visa@, bluhm@ (mpi@) miscfs/fuse ~ fuse_device.c > Avoid possible NULL pointer dereference on fuseioctl() > Found by Coverity Scan (CID 1453387) > OK mpi@ (mestre@) net ~ rtsock.c > Prevent userland to modify RTF_LOCAL route entries. > In particular setting an expiration timer on a route entry which would > confuse L2 state machines. > ok bluhm@ (mpi@) ~ bfd.c > The caller of sobind() has to free the name mbuf. Plug a mbuf leak > in bfd_listener(). > OK phessler@ (bluhm@) ~ if.c > The socket field so_proto can never be NULL. Remove the checks. > OK mpi@ visa@ (bluhm@) ~ if_vxlan.c > A missing break in vxlan_sockaddr_cmp() could eventually trick an > vxlan interface into accepting packets for the wrong destination (if > the sockaddr_in6 checks somehow match on sockaddr_in addresses). > Coverity CID 1452902; Severity: Moderate > OK mikeb@ (reyk@) ~ if_pflow.c > Move the solock()/sounlock() dance outside of sobind(). > ok phessler@, visa@, bluhm@ (mpi@) netinet ~ ip_icmp.c > icmp_mtudisc() might be called by TCP even on loopback after a > retransmit timeout. Do not run path MTU discovery on local routes > as we never want that on loopback. For permanent ARP or ND entries > disable path MTU discovery as they use the same rt_expire field. > This prevents that permanent routes and entries disappear. > bug analysis friehm@; OK mpi@ (bluhm@) netinet6 ~ icmp6.c > icmp_mtudisc() might be called by TCP even on loopback after a > retransmit timeout. Do not run path MTU discovery on local routes > as we never want that on loopback. For permanent ARP or ND entries > disable path MTU discovery as they use the same rt_expire field. > This prevents that permanent routes and entries disappear. > bug analysis friehm@; OK mpi@ (bluhm@) ~ nd6.c > Do not invalidate ND for local routes, make it consistent like ARP. > OK mpi@ (bluhm@) nfs ~ krpc_subr.c ~ nfs_socket.c > Move the solock()/sounlock() dance outside of sobind(). > ok phessler@, visa@, bluhm@ (mpi@) == usr.bin =========================================================== 08/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin calendar ~ io.c > Remove KOI8 lines after 5.9 is out. > From Jan Stary, Klemens Nanni and others (tb@) == usr.sbin ========================================================== 09/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin bgpctl ~ bgpctl.c ~ parser.c ~ parser.h > handle extended communities in bgpctl. > From Dennis Fondras, thanks! > ok phessler@ (benno@) ~ bgpctl.c > replace memcpy() with assignements where the type is the same. > noticed by deraadt@, ok claudio@ (benno@) bgpd ~ bgpd.h ~ control.c ~ rde.c > handle extended communities in bgpctl. > From Dennis Fondras, thanks! > ok phessler@ (benno@) ~ rde.c > Fix a comment and line length. Noted by Dennis fondras. > ok benno@ (benno@) ntpd ~ ntpd.conf.5 > naddy@ reported confusion on why "query from" seemed to be ignored in > some cases. > OK naddy@ henning@ (job@) rtadvd ~ if.c ~ if.h ~ rtadvd.c > No need to handle multiple routing messages here. > route(4) sockets only ever ship a single routing message per read(2) > call, so simplify this. Mostly mechanical diff for now, some further > cleanups will follow. > ok rob@ florian@ (jca@) snmpctl ~ snmpclient.c ~ snmpctl.c > Pledge snmpctl. Ok jca@, tb@ (rob@) vmctl ~ vmctl.c > don't have cu try to open '/dev', instead check if there's a valid tty > associated with the vm upfront > as discussed with and ok mlarkin@ pd@ (jasper@) vmd ~ virtio.c > whitespace (mlarkin@) ~ pci.c > vmd: partially back out a change committed yesterday regarding guest > changing IRQs. After discussing with kettenis, that wasn't the right way > to do things, and this diff fixes that. > ok kettenis (mlarkin@) =============================================================================== _______________________________________________ odc mailing list odc@squish.net http://www.squish.net/mailman/listinfo/odc