OpenBSD src changes summary for 2017-09-12 ==========================================
Makefile.cross bin/pax lib/libc regress/sbin regress/usr.sbin share/man sys/arch/alpha/conf sys/arch/amd64/amd64 sys/arch/amd64/conf sys/arch/arm64/conf sys/arch/armv7/conf sys/arch/hppa/conf sys/arch/i386/conf sys/arch/landisk/conf sys/arch/loongson/conf sys/arch/luna88k/conf sys/arch/macppc/conf sys/arch/octeon/conf sys/arch/sgi/conf sys/arch/socppc/conf sys/arch/sparc64/conf sys/conf sys/ddb sys/dev/usb usr.bin/mandoc usr.bin/nm usr.bin/ssh usr.sbin/syslogd == Makefile.cross ==================================================== 01/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/Makefile.cross Makefile.cross > Fix cross-compiling GCC toolchains on Clang archs. > ok patrick@ (mpi@) == bin =============================================================== 02/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/bin pax ~ cpio.c ~ extern.h ~ pax.h ~ tables.c ~ tar.c > there is no offical way to get the max value of time_t, but this one works > on any sensible posix system (in which time_t must be an integer type) > ok deraadt@ millert@ (otto@) == lib =============================================================== 03/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib libc ~ gen/sysctl.3 > Update the documentation regarding /dev/mem and /dev/kmem; > Theo already clamped down on these devices last year. > Triggered by a question from Nan Xiao <xiaonan830818 at gmail dot com>. > OK deraadt@ (schwarze@) ~ stdlib/malloc.c > mapalign returns MAP_FAILED for failuer; from George Koehler (otto@) == regress =========================================================== 04/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress sbin ~ route/Makefile ~ route/rttest30.ok > Sleep for some time to avoid race reporting a different number of reference > count. > Iterating over the routing table implies using SRP which bump the refcount > of routes for a short period of time. Depending on how work is schedule > the second ifconfig(8) command might run before the timer dereference the > route. > Should fix races on bluhm@'s test setup. (mpi@) usr.sbin ~ syslogd/args-client-bind-port.pl ~ syslogd/args-client-bind.pl ~ syslogd/args-client-bind4-port.pl ~ syslogd/args-client-bind4.pl ~ syslogd/args-client-bind6-port.pl ~ syslogd/args-client-bind6.pl ~ syslogd/args-client-tcp.pl ~ syslogd/args-client-tcp4.pl ~ syslogd/args-client-tcp6.pl ~ syslogd/args-client-tls.pl ~ syslogd/args-client-tls4.pl ~ syslogd/args-client-tls6.pl ~ syslogd/args-fdexhaustion-sighup.pl ~ syslogd/args-privsep-daemon.pl ~ syslogd/args-privsep-foreground.pl ~ syslogd/args-privsep.pl ~ syslogd/args-secure-udp.pl ~ syslogd/args-selector-syslog.pl ~ syslogd/args-server-tcp.pl ~ syslogd/args-server-tcp4.pl ~ syslogd/args-server-tcp6.pl ~ syslogd/args-server-tls.pl ~ syslogd/args-server-tls4.pl ~ syslogd/args-server-tls6.pl ~ syslogd/args-socket.pl ~ syslogd/args-zulu.pl + syslogd/args-send46.pl > Syslogd does no longer keep the *:514 UDP sockets open by default. > Adapt tests. (bluhm@) == share ============================================================= 05/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share man ~ man7/securelevel.7 ~ man4/man4.alpha/mem.4 ~ man4/man4.amd64/mem.4 ~ man4/man4.hppa/mem.4 ~ man4/man4.i386/mem.4 ~ man4/man4.landisk/mem.4 ~ man4/man4.loongson/mem.4 ~ man4/man4.luna88k/mem.4 ~ man4/man4.macppc/mem.4 ~ man4/man4.socppc/mem.4 ~ man4/man4.sparc64/mem.4 > Update the documentation regarding /dev/mem and /dev/kmem; > Theo already clamped down on these devices last year. > Triggered by a question from Nan Xiao <xiaonan830818 at gmail dot com>. > OK deraadt@ (schwarze@) ~ man4/ddb.4 ~ man4/options.4 > option DDB_STRUCT is gone, 'show struct' now work in GENERIC. (mpi@) ~ man4/wsdisplay.4 > standard .Fa markup for ioctl(2) args, and add one missing .Dv; > from <ScottCheloha at gmail dot com> (schwarze@) ~ man4/wsdisplay.4 > minor markup corrections: Cd for options(4), Vt for data types (schwarze@) ~ man4/gpio.4 ~ man4/radio.4 ~ man4/uhid.4 > use the standard .Fa idiom for ioctl(2) args (schwarze@) ~ man4/usb.4 > use the standard .Fa idiom for ioctl(2) args, and kill .Tn (schwarze@) ~ man4/vscsi.4 > use .Dv for ioctl(2) request names; > from <ScottCheloha at gmail dot com> (schwarze@) == sys =============================================================== 06/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys arch/alpha/conf ~ Makefile.alpha > Remove option DDB_STRUCTINFO. Now that ddb(4) is CTF aware, similar > functionnalities are available in GENERIC. > ok jasper@, deraadt@, guenther@, dlg@ (mpi@) arch/amd64/amd64 ~ vm_machdep.c > add a guard page on the end of each threads kernel stack. > this protects the process control block. it also makes the kernel > fault hard when the guard page gets hit by the stack, allowing > debugging of the problem set of function calls at the time the > problem occurs. without this, a big stack can overwrite the pcb, > which makes the thread generate a fault when it is switched back > onto a cpu, which is way too late. > discussed with guenther@ > ok deraadt@ (dlg@) ~ vm_machdep.c > rename setredzone to setguardpage. > a redzone means something else on amd64, so im renaming this to > avoid confusion. (dlg@) arch/amd64/conf ~ Makefile.amd64 > Remove option DDB_STRUCTINFO. Now that ddb(4) is CTF aware, similar > functionnalities are available in GENERIC. > ok jasper@, deraadt@, guenther@, dlg@ (mpi@) arch/arm64/conf ~ Makefile.arm64 > Remove option DDB_STRUCTINFO. Now that ddb(4) is CTF aware, similar > functionnalities are available in GENERIC. > ok jasper@, deraadt@, guenther@, dlg@ (mpi@) arch/armv7/conf ~ Makefile.armv7 > Remove option DDB_STRUCTINFO. Now that ddb(4) is CTF aware, similar > functionnalities are available in GENERIC. > ok jasper@, deraadt@, guenther@, dlg@ (mpi@) arch/hppa/conf ~ Makefile.hppa > Remove option DDB_STRUCTINFO. Now that ddb(4) is CTF aware, similar > functionnalities are available in GENERIC. > ok jasper@, deraadt@, guenther@, dlg@ (mpi@) arch/i386/conf ~ Makefile.i386 > Remove option DDB_STRUCTINFO. Now that ddb(4) is CTF aware, similar > functionnalities are available in GENERIC. > ok jasper@, deraadt@, guenther@, dlg@ (mpi@) arch/landisk/conf ~ Makefile.landisk > Remove option DDB_STRUCTINFO. Now that ddb(4) is CTF aware, similar > functionnalities are available in GENERIC. > ok jasper@, deraadt@, guenther@, dlg@ (mpi@) arch/loongson/conf ~ Makefile.loongson > Remove option DDB_STRUCTINFO. Now that ddb(4) is CTF aware, similar > functionnalities are available in GENERIC. > ok jasper@, deraadt@, guenther@, dlg@ (mpi@) arch/luna88k/conf ~ Makefile.luna88k > Remove option DDB_STRUCTINFO. Now that ddb(4) is CTF aware, similar > functionnalities are available in GENERIC. > ok jasper@, deraadt@, guenther@, dlg@ (mpi@) arch/macppc/conf ~ Makefile.macppc > Remove option DDB_STRUCTINFO. Now that ddb(4) is CTF aware, similar > functionnalities are available in GENERIC. > ok jasper@, deraadt@, guenther@, dlg@ (mpi@) arch/octeon/conf ~ Makefile.octeon > Remove option DDB_STRUCTINFO. Now that ddb(4) is CTF aware, similar > functionnalities are available in GENERIC. > ok jasper@, deraadt@, guenther@, dlg@ (mpi@) arch/sgi/conf ~ Makefile.sgi > Remove option DDB_STRUCTINFO. Now that ddb(4) is CTF aware, similar > functionnalities are available in GENERIC. > ok jasper@, deraadt@, guenther@, dlg@ (mpi@) arch/socppc/conf ~ Makefile.socppc > Remove option DDB_STRUCTINFO. Now that ddb(4) is CTF aware, similar > functionnalities are available in GENERIC. > ok jasper@, deraadt@, guenther@, dlg@ (mpi@) arch/sparc64/conf ~ Makefile.sparc64 > Remove option DDB_STRUCTINFO. Now that ddb(4) is CTF aware, similar > functionnalities are available in GENERIC. > ok jasper@, deraadt@, guenther@, dlg@ (mpi@) conf ~ files > Remove option DDB_STRUCTINFO. Now that ddb(4) is CTF aware, similar > functionnalities are available in GENERIC. > ok jasper@, deraadt@, guenther@, dlg@ (mpi@) ddb ~ db_ctf.c > Skip forward declarations until ctfconv(1) properly merge them with > the corresponding struct definitions. > ok dlg@ (mpi@) - db_struct.c - db_structinfo.c - parse_structinfo.pl ~ db_command.c > Remove option DDB_STRUCTINFO. Now that ddb(4) is CTF aware, similar > functionnalities are available in GENERIC. > ok jasper@, deraadt@, guenther@, dlg@ (mpi@) dev/usb ~ urng.c > - sprinkle variable name and printf tweaks > - save product type for future use (jasper@) == usr.bin =========================================================== 07/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin mandoc ~ mdoc_validate.c > Do not segfault when there are two .Dt macros, the first without > an architecture argument and the second with an invalid one. > Bug found by jsg@ with afl(1). (schwarze@) nm ~ nm.c > Include room for NUL-termination when calculating the length of archive > member name. > Fix an of by one found by sthen@ with MALLOC_OPTIONS=C. > From Matthew Martin, ok deraadt@ (mpi@) ssh ~ auth-options.c ~ auth.c ~ channels.c ~ channels.h ~ clientloop.c ~ clientloop.h ~ monitor.c ~ monitor_wrap.c ~ mux.c ~ nchan.c ~ packet.c ~ packet.h ~ servconf.c ~ servconf.h ~ serverloop.c ~ serverloop.h ~ session.c ~ session.h ~ ssh.c ~ sshbuf.h ~ sshconnect.c ~ sshconnect.h ~ sshd.c ~ ssherr.c ~ ssherr.h > refactor channels.c > Move static state to a "struct ssh_channels" that is allocated at > runtime and tracked as a member of struct ssh. > Explicitly pass "struct ssh" to all channels functions. > Replace use of the legacy packet APIs in channels.c. > Rework sshd_config PermitOpen handling: previously the configuration > parser would call directly into the channels layer. After the refactor > this is not possible, as the channels structures are allocated at > connection time and aren't available when the configuration is parsed. > The server config parser now tracks PermitOpen itself and explicitly > configures the channels code later. > ok markus@ (djm@) ~ channels.c ~ channels.h ~ clientloop.c ~ mux.c ~ nchan.c ~ serverloop.c > Make remote channel ID a u_int > Previously we tracked the remote channel IDs in an int, but this is > strictly incorrect: the wire protocol uses uint32 and there is nothing > in-principle stopping a SSH implementation from sending, say, 0xffff0000. > In practice everyone numbers their channels sequentially, so this has > never been a problem. > ok markus@ (djm@) ~ channels.c > fix tun/tap forwarding case in previous (djm@) ~ channels.c > unused variable (djm@) == usr.sbin ========================================================== 08/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin syslogd ~ syslogd.c > In the default configuration syslogd(8) kept two *:514 UDP sockets > open. These sockets are used for sending UDP packets if there is > a UDP loghost in syslog.conf(5). If syslogd is started with -u, > they can receive packets, otherwise they are disabled with > shutdown(SHUT_RD). In case syslogd does neither send nor receive, > close the sockets after reading the configuration file. This gives > us a cleaner netstat output, and the ports are not reported by port > scanners. This has no security implication. > OK benno@ jca@ sthen@ deraadt@ (bluhm@) =============================================================================== _______________________________________________ odc mailing list [email protected] http://www.squish.net/mailman/listinfo/odc
