OpenBSD src changes summary for 2017-09-25 ==========================================
distrib/notes lib/libc lib/libssl lib/libtls regress/usr.sbin share/man sys/conf sys/kern sys/sys usr.bin/awk usr.bin/calendar usr.bin/ftp usr.sbin/mtree == distrib =========================================================== 01/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib notes ~ alpha/contents ~ amd64/contents ~ arm64/contents ~ armv7/contents ~ hppa/contents ~ i386/contents ~ landisk/contents ~ loongson/contents ~ luna88k/contents ~ macppc/contents ~ octeon/contents ~ sgi/contents ~ sparc64/contents > update set sizes (jsg@) == lib =============================================================== 02/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib libc ~ sys/sendsyslog.2 > sendsyslog should take a const char * everywhere. > okay bluhm@, deraadt@ (espie@) libssl ~ ssl_tlsext.c > When building the OCSP extension, only add the length prefixed extensions > after we finish building the responder ID list. Otherwise adding to the > responder ID list fails. > ok beck@ (jsing@) ~ ssl_tlsext.c > Fix various issues in the OCSP extension parsing code: > - When parsing the OCSP extension we can have multiple responder IDs - pull > these out correctly. > - Stop using CBS_stow() - it's unnecessary since we just need access to the > data and length (which we can get via CBS_data() and CBS_len()). > - Use a temporary pointer when calling d2i_*() functions, since it will > increment the pointer by the number of bytes it consumed when decoding. > The original code incorrectly passes the pointer allocated via CBS_stow() > (using malloc()) to a d2i_*() function and then calls free() on the now > incremented pointer, most likely resulting in a crash. This issue was > reported by Robert Swiecki who found the issue using honggfuzz. > ok beck@ (jsing@) ~ s3_lib.c > Annotate some API-side memory leaks for future resolution. (jsing@) libtls ~ tls_config.c > If tls_config_parse_protocols() is called with a NULL pointer, return the > default protocols instead of crashing - this makes the behaviour more > useful and mirrors what we already do in tls_config_set_ciphers() et al. > (jsing@) == regress =========================================================== 03/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress usr.sbin ~ pkg_add/signatures.ref > keep up with @version, noticed by bluhm@ (espie@) == share ============================================================= 04/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share man ~ man4/urng.4 > the Alea I works fine with urng(4) so update the manpage accordingly > (jasper@) == sys =============================================================== 05/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys conf ~ newvers.sh > take us out of -beta (deraadt@) kern ~ subr_log.c ~ syscalls.master > sendsyslog should take a const char * everywhere. > okay bluhm@, deraadt@ (espie@) sys ~ syscall.h ~ syscallargs.h > sendsyslog should take a const char * everywhere. > okay bluhm@, deraadt@ (espie@) == usr.bin =========================================================== 06/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin awk ~ lib.c ~ proto.h > Mark FATAL() as __dead so clang doesn't report > use of uninitialized variables after calls to > FATAL(). > ok millert@ guenther@ (krw@) calendar ~ io.c > Calling waitpid(pid,...) where pid is either uninitialized or > -1 because vflork() failed is bad. Initialize pid to -1 and call > waitpid() only when pid != -1. > Uninitialized use of pid found by clang. > Suggestion of -1 from millert@. > ok millert@ (krw@) ftp ~ fetch.c > Initialize 'out' file descriptor to avoid possible > uninitialized use. Spotted by clang during 'make > release', triggered when both NOSSL and SMALL are > defined. > ok bluhm@ deraadt@ (krw@) == usr.sbin ========================================================== 07/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin mtree ~ extern.h ~ misc.c > Mark error() as __dead so clang doesn't report > use of uninitialized variables after calls to > error(). > ok millert@ guenther@ (krw@) =============================================================================== _______________________________________________ odc mailing list [email protected] http://www.squish.net/mailman/listinfo/odc
