OpenBSD src changes summary for 2015-04-26 to 2015-05-03 inclusive ==================================================================
bin/cp bin/ksh bin/mv bin/pax bin/ps distrib/miniroot distrib/sets etc/daily etc/examples/remote etc/group etc/mail/aliases etc/master.passwd etc/mtree/4.4BSD.dist etc/rc etc/rc.conf etc/rc.d/rc.subr gnu/usr.bin/binutils-2.17 lib/libcrypto lib/librthread lib/libssl lib/libtls libexec/ld.so regress/usr.bin regress/usr.sbin sbin/dhclient sbin/disklabel sbin/dump sbin/pflogd sbin/ping sbin/ping6 sbin/route sbin/savecore share/man share/termtypes sys/arch/alpha/alpha sys/arch/alpha/include sys/arch/amd64/amd64 sys/arch/amd64/conf sys/arch/amd64/include sys/arch/arm/include sys/arch/hppa/hppa sys/arch/hppa/include sys/arch/hppa64/include sys/arch/i386/i386 sys/arch/i386/include sys/arch/m88k/include sys/arch/mips64/include sys/arch/mips64/mips64 sys/arch/octeon/dev sys/arch/powerpc/include sys/arch/powerpc/powerpc sys/arch/sgi/sgi sys/arch/sh/include sys/arch/solbourne/solbourne sys/arch/sparc/include sys/arch/sparc64/include sys/arch/vax/if sys/arch/vax/include sys/compat/linux sys/ddb sys/dev/ic sys/dev/pci sys/dev/usb sys/kern sys/net sys/netinet sys/netinet6 sys/nfs sys/sys usr.bin/calendar usr.bin/compress usr.bin/diff usr.bin/file usr.bin/grep usr.bin/m4 usr.bin/make usr.bin/mandoc usr.bin/netstat usr.bin/sndiod usr.bin/ssh usr.bin/tmux usr.bin/units usr.sbin/bgpctl usr.sbin/bgpd usr.sbin/dhcpd usr.sbin/httpd usr.sbin/relayd usr.sbin/smtpd == bin =============================================================== 01/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/bin cp ~ utils.c > Preserve times to nanosecond precision instead of just microsecond. > Prefer to set attributes by fd for regular files, and not follwing > symlinks for others. > ok brynet@ millert@ (guenther@) ksh ~ sh.1 > reapply the rules of english to the option keywords: i was persuaded to > undo it > because the option names are case sensitive, but it just looks awful. so > expect just a little more from the reader... (jmc@) mv ~ mv.c > Preserve times to nanosecond precision instead of just microsecond. > Prefer to set attributes by fd for regular files, and not follwing > symlinks for others. > ok brynet@ millert@ (guenther@) pax ~ ar_subs.c ~ extern.h ~ file_subs.c ~ ftree.c ~ pat_rep.c ~ pax.c ~ pax.h ~ tables.c ~ tables.h ~ tar.c TAGGED OPENBSD_5_7 > Backport trunk commit of 2015/03/09 04:23:29: > tar/pax/cpio had multiple issues: > * extracting a malicious archive could create files outside of the > current directory without using pre-existing symlinks to 'escape', > and could change the timestamps and modes on preexisting files > * tar without -P would permit extraction of paths with ".." components > * there was a buffer overflow in the handling of pax extension headers > (guenther@) ~ ar_subs.c ~ extern.h ~ file_subs.c ~ ftree.c ~ pat_rep.c ~ pax.c ~ pax.h ~ tables.c ~ tables.h ~ tar.c TAGGED OPENBSD_5_6 > Backport trunk commit of 2015/03/09 04:23:29: > tar/pax/cpio had multiple issues: > * extracting a malicious archive could create files outside of the > current directory without using pre-existing symlinks to 'escape', > and could change the timestamps and modes on preexisting files > * tar without -P would permit extraction of paths with ".." components > * there was a buffer overflow in the handling of pax extension headers > (guenther@) ps ~ ps.h > struct usave is unused, and eproc is gone; delete the former and > stop referencing them in comments (guenther@) == distrib =========================================================== 02/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib miniroot ~ install.sub > get_responsefile: instead of keeping the dhcp-supplied next-server where > we fetch the response file from in a local _server var, put it in an > exported AI_SERVER one. last not least that allows install.site to see it. > ok krw rpe (henning@) ~ install.sh ~ install.sub > Rework sshd enable root login questions in light of sshd PermitRootLogin > default change. The new default is not to ask to enable root logins > when a non-root user has been addedi. There is some additional sublety > for auto-installs that provide root ssh keys. > patch by myself and rpe@ with feedback from sthen@; > ok rpe@ deraadt@ sthen@ (djm@) ~ install.sub > ajacoutot spotted a problem with the new sshd logic (to disable root logins > by default completely in most cases, except where a public ssh key was > provided > to autoinstall) - in the case where a (non-root) account was created, sshd > was being disabled; this diff fixes it. Looks good ajacoutot, OK djm@, > extensive testing+OK rpe@, (sthen@) sets ~ lists/base/md.alpha ~ lists/base/md.amd64 ~ lists/base/md.armish ~ lists/base/md.armv7 ~ lists/base/md.aviion ~ lists/base/md.hppa ~ lists/base/md.hppa64 ~ lists/base/md.i386 ~ lists/base/md.landisk ~ lists/base/md.loongson ~ lists/base/md.luna88k ~ lists/base/md.macppc ~ lists/base/md.octeon ~ lists/base/md.sgi ~ lists/base/md.socppc ~ lists/base/md.sparc ~ lists/base/md.sparc64 ~ lists/base/md.vax ~ lists/base/md.zaurus ~ lists/base/mi ~ lists/comp/md.macppc ~ lists/man/mi > sync (deraadt@) ~ lists/base/mi > sync (deraadt@) == etc =============================================================== 03/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/etc daily ~ daily > VERBOSESTATUS or no VERBOSESTATUS, failed or missing dumps are still > worth noting > "go ahead" schwarze@ (halex@) examples/remote ~ examples/remote > Simplify remote(5) example file and remove stuff not supported by cu(1). > some tweaks from sobrado@, ok deraadt@ (nicm@) group ~ group > Add a _file user and use for privsep, ok deraadt (nicm@) mail/aliases ~ mail/aliases > Add a _file user and use for privsep, ok deraadt (nicm@) master.passwd ~ master.passwd > Add a _file user and use for privsep, ok deraadt (nicm@) mtree/4.4BSD.dist ~ mtree/4.4BSD.dist > Add smtpd(8) spool directories so that they are registered as part of base. > ok henning@ gilles@ deraadt@ (ajacoutot@) rc ~ rc > Drop pf_rules and ipsec_rules from rc.conf(5); it shouldn't have been made > tweakable: there's no real point and these files support the 'include' > option so > one can always get its config from whatever path... especially useful when > testing a new ruleset. > man page inputs from schwarze@ > ok halex@ schwarze@ rpe@ deraadt@ (ajacoutot@) rc.conf ~ rc.conf > Drop pf_rules and ipsec_rules from rc.conf(5); it shouldn't have been made > tweakable: there's no real point and these files support the 'include' > option so > one can always get its config from whatever path... especially useful when > testing a new ruleset. > man page inputs from schwarze@ > ok halex@ schwarze@ rpe@ deraadt@ (ajacoutot@) rc.d/rc.subr ~ rc.d/rc.subr > Check arguments before eval so we don't end up with a cryptic error > message. > reported by jasper@ > While here: _rc_is_supported() -> _rc_not_supported() > - saves a fork > - reduces triple negation to double negation in _rc_not_supported() > - simplifie condition for rc_restart=NO > from schwarze@ > ok jasper@ schwarze@ (ajacoutot@) ~ rc.d/rc.subr > No more pf_rules ipsec_rules. (ajacoutot@) == gnu =============================================================== 04/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/gnu usr.bin/binutils-2.17 ~ ld/lexsup.c > Adjust ld semantics to make static PIE the default. Forgotten by pascal@. > Original commit message: > Change gcc and ld semantics to make static PIE the default when invoking > 'cc -static'. To explicitly request the legacy behaviour, use -nopie. > For the few port affected by this, bumps will follow shortly. > looks good to kettenis@, ok kurt@ (kettenis@) ~ ld/emulparams/elf_obsd.sh > Unset SEPARATE_GOTPLT. We don't want a seperate .got.plt section on > OpenBSD, > at least for now, as it would result in a partially writable GOT. Our > ld.so(1) has the smarts to properly write-protect the single .got, so we > don't need this. > ok guenther@ (kettenis@) == lib =============================================================== 05/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib libcrypto ~ crypto/getentropy_aix.c > Support AIX versions without WPAR support. > From Michael Felt. (bcook@) ~ crypto/getentropy_linux.c > Not all Linux libc's include linux/sysctl.h in sys/sysctl.h. > Include it if we have the sysctl syscall. (bcook@) librthread ~ rthread.c ~ rthread.h ~ rthread_sched.c > Delete the duplicated sched_{policy,param} members from the internal struct > pthread and instead use the values from the embedded struct pthread_attr. > For bonus points, pay attention to the sched_inherit attribute and possibly > set the values from the parent thread. > Problem noted by natano of bitrig. (guenther@) libssl ~ src/crypto/bn/bn_gf2m.c ~ src/crypto/bn/bn_recp.c ~ src/crypto/bn/bn_x931p.c ~ src/crypto/ec/ec_lib.c > Add missing BN_CTX_end() calls. > After calling BN_CTX_start(), there must be a BN_CTX_end() before > returning. There were missing BN_CTX_end() calls in error paths. One diff > chunk was simply removing redundant code related to this. > ok deraadt@ (doug@) ~ src/ssl/bs_cbs.c > free() can handle NULL. > ok jsing@ (doug@) ~ src/ssl/bs_cbs.c > Added error checking for len argument in cbs_get_u(). > tweak + ok jsing@ (doug@) ~ src/ssl/bs_cbs.c > Avoid NULL deref in CBS_get_any_asn1_element(). > This function is documented as allowing NULL for out_header_len. > ok jsing@ (doug@) ~ src/ssl/bs_ber.c > Call CBS_mem_equal() rather than reimplementing it. > ok jsing@ (doug@) ~ src/ssl/bs_cbb.c > Added len_len error checking for internal cbb_buffer_add_u(). > ok jsing@ (doug@) ~ src/ssl/bs_cbb.c > Rename cbb_buffer_add_u to cbb_add_u and remove redundant code. > All of cbb_buffer_add_u's callers first call CBB_flush and send cbb->base. > cbb_add_u() now has that common code in one place. > ok jsing@ (doug@) ~ src/ssl/bs_cbb.c > Call CBB_add_space() rather than reimplementing it. > ok jsing@ (doug@) ~ src/ssl/bs_ber.c ~ src/ssl/bs_cbs.c ~ src/ssl/bytestring.h > Add whitespace and replace OPENSSL_free with free in documentation. > ok jsing@ (doug@) ~ src/crypto/conf/conf_def.c > use strdup() to init string > ok doug millert (deraadt@) libtls ~ tls_verify.c > Reject dNSName of " " for subjectAltName extension. > RFC 5280 says " " must not be used as a dNSName. > ok jsing@ jca@ (doug@) == libexec =========================================================== 06/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/libexec ld.so ~ ldconfig/ldconfig.8 > tidy up the prebind text; prompted by zhuk (jmc@) == regress =========================================================== 07/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress usr.bin ~ ssh/cfgparse.sh > Add tests for ListenAddress/Port/AddressFamily in alternate orders. > (dtucker@) ~ mandoc/roff/esc/Makefile ~ mandoc/roff/esc/z.in ~ mandoc/roff/esc/z.out_ascii > Replace the kludge for the \z escape sequence by an actual > implementation. As a side effect, minus ten lines of code. > As another side effect, this also fixes the assertion failure that > used to be triggered by "\z\o'ab'c" at the beginning of an output > line, found by jsg@ with afl (test case 022/Apr27). (schwarze@) usr.sbin + relayd/args-http-headline-close.pl + relayd/args-https-headline-close.pl > Let the HTTP client close the connection within an incomplete header > line. Check that the session in relayd gets closes and it does not > result in a file descriptor leak. > Bug in relayd found by claudio@. (bluhm@) ~ relayd/args-http-chunked.pl ~ relayd/args-http-mark-marked2.pl ~ relayd/args-https-chunked.pl > Make some regular expressions more strict. This allows the tests > to pass also if relayd is compiled with DEBUG. (bluhm@) == sbin ============================================================== 08/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin dhclient ~ conflex.c > Correct switch between current and previous line buffers when > encountering a carriage return in the input. > Found by jsg@ a long time ago in a respository far, far away. (krw@) ~ conflex.c > Hoist common assignments out of a series of if/if-else statements > in get_token(). Simplifies code and shrinks future diff. > No intentional functional change. (krw@) disklabel ~ disklabel.8 ~ disklabel.c ~ editor.c ~ extern.h > support passing a template file for the auto-allocation to disklabel. > template gives mountpoints, min-max size ranges and percentage of disk > foremost intended for autoinstalls, installer bits to follow soon. > with input from many, ok theo (henning@) ~ editor.c > g/c unneeded second char * var, ok benno (henning@) ~ disklabel.8 ~ disklabel.c > some fine-tuning in SYNOPSIS, usage, and order of options, with jmc > (henning@) dump ~ dump.8 ~ dump.h ~ itime.c ~ main.c > Eliminate the -U flag and make usage of DUID in /etc/dumpdates the default. > Correct old style entries so nothing has to be done for the admin. > diff from Manuel Giraud (manuel (at) ledu-giraud.fr) Thanks! (guenther@) pflogd ~ privsep.c > Someone went to the trouble of vertically aligning a set of parameters but > missed one. This diff is only a spacing change. (mlarkin@) ping ~ ping.c > A ttl of 0 is valid. While here use MAXTTL instead of 255. > Input bluhm@, OK krw@ (florian@) ~ ping.c > de-castify strtonum to make it consistent again. > Pointed out by bluhm@; no object change. > OK bluhm@, krw@ (florian@) ping6 ~ ping6.c > Use strtonum() when parsing argument list, as ping(8) does. Give > or take a cast. Tweak error messages to also be consistant with > ping(8). > Change lower bound of '-h' to 0 from -1 at the request of florian@. > Tweaks and suggestions from, ok florian@ (krw@) ~ ping6.c > Use IPV6_MAXHLIM instead of 255; pointed out by bluhm@ > No object change. (florian@) route ~ show.c > route show does not need to filter unwanted af itself, the sysctl does > that for us. > approach seems sound deraadt@ > ok claudio@ mpi@ henning@ phessler@ (benno@) savecore ~ savecore.c > Fix glitches in previous commit: strip the \n and only complain on failure > ok deraadt@ (guenther@) == share ============================================================= 09/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share man ~ man4/urtw.4 > Add Digitus DN-7003GT to list of supported urtw(4) devices. (stsp@) ~ man4/rtsx.4 > Update list of card readers supported by rtsx(4). From brad. (stsp@) ~ man7/roff.7 > Replace the kludge for the \z escape sequence by an actual > implementation. As a side effect, minus ten lines of code. > As another side effect, this also fixes the assertion failure that > used to be triggered by "\z\o'ab'c" at the beginning of an output > line, found by jsg@ with afl (test case 022/Apr27). (schwarze@) ~ man9/file.9 > FRELE returns an int not void. It is actually the return value > of fdrop() (or 0 if the ref count is non-zero). From Kanonenvogel > (millert@) ~ man8/rc.conf.8 > Drop pf_rules and ipsec_rules from rc.conf(5); it shouldn't have been made > tweakable: there's no real point and these files support the 'include' > option so > one can always get its config from whatever path... especially useful when > testing a new ruleset. > man page inputs from schwarze@ > ok halex@ schwarze@ rpe@ deraadt@ (ajacoutot@) ~ man8/autoinstall.8 > Remove subsections and start documentation of autoinstall only installer > features. > Feedback and OK jmc@ > "Reads ok" krw@ (rpe@) termtypes ~ termtypes.master > Add tmux and tmux-256color entries; this can be used inside tmux for > correct italics support. > ok naddy (on a slightly older version) (nicm@) == sys =============================================================== 10/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys arch/alpha/alpha ~ pmap.c > fix build with option DEBUG (miod@) arch/alpha/include ~ limits.h > Remove SIZE_MAX from limits.h. It was added years ago before we > had a proper stdint.h. No ports fallout. OK guenther@ miod@ (millert@) arch/amd64/amd64 ~ pmap.c > Clean up some spacing. No functional change (mlarkin@) arch/amd64/conf ~ ld.script > Explicitly include .codepatch and .codepatchend in .rodata such that > the binutils 2.17 linker doesn't make them disappear. > ok deraadt@, guenther@ (kettenis@) arch/amd64/include ~ limits.h > Remove SIZE_MAX from limits.h. It was added years ago before we > had a proper stdint.h. No ports fallout. OK guenther@ miod@ (millert@) arch/arm/include ~ limits.h > Remove SIZE_MAX from limits.h. It was added years ago before we > had a proper stdint.h. No ports fallout. OK guenther@ miod@ (millert@) arch/hppa/hppa ~ intr.c > Don't grab the kernel lock for clock interrupts. The way we use mutexes > these days is incompatible with that practice and leads to deadlocks. > ok jsing@ (kettenis@) ~ mutex.c > rework hppa mutexes. > this is largely based on src/sys/arch/alpha/alpha/mutex.c r1.14 and > src/sys/arch/sgi/sgi/mutex.c r1.15 > always and explicitely record which cpu owns the lock (or NULL if > noone owns it). improve the mutex diagnostics/asserts so they operate > on the mtx_owner field rather than mtx_lock. previously the asserts > would assume the lock cpu owns the lock if any of them own the lock, > which blows up badly. > hppa hasnt got good atomic cpu opcodes, so this still relies on > ldcws to serialise access to the lock. > while im here i also shuffled the code. on MULTIPROCESSOR systems > instead of duplicating code between mtx_enter and mtx_enter_try, > mtx_enter simply loops on mtx_enter_try until it succeeds. > this also provides an alternative implementation of mutexes on > !MULTIPROCESSOR systems that avoids interlocking opcodes. mutexes > wont contend on UP boxes, theyre basically wrappers around spls. > we can just do the splraise, stash the owner as a guard value for > DIAGNOSTIC and return. similarly, mtx_enter_try on UP will never > fail, so we can just call mtx_enter and return 1. > tested by and ok kettenis@ jsing@ (dlg@) arch/hppa/include ~ limits.h > Remove SIZE_MAX from limits.h. It was added years ago before we > had a proper stdint.h. No ports fallout. OK guenther@ miod@ (millert@) ~ mutex.h > rework hppa mutexes. > this is largely based on src/sys/arch/alpha/alpha/mutex.c r1.14 and > src/sys/arch/sgi/sgi/mutex.c r1.15 > always and explicitely record which cpu owns the lock (or NULL if > noone owns it). improve the mutex diagnostics/asserts so they operate > on the mtx_owner field rather than mtx_lock. previously the asserts > would assume the lock cpu owns the lock if any of them own the lock, > which blows up badly. > hppa hasnt got good atomic cpu opcodes, so this still relies on > ldcws to serialise access to the lock. > while im here i also shuffled the code. on MULTIPROCESSOR systems > instead of duplicating code between mtx_enter and mtx_enter_try, > mtx_enter simply loops on mtx_enter_try until it succeeds. > this also provides an alternative implementation of mutexes on > !MULTIPROCESSOR systems that avoids interlocking opcodes. mutexes > wont contend on UP boxes, theyre basically wrappers around spls. > we can just do the splraise, stash the owner as a guard value for > DIAGNOSTIC and return. similarly, mtx_enter_try on UP will never > fail, so we can just call mtx_enter and return 1. > tested by and ok kettenis@ jsing@ (dlg@) arch/hppa64/include ~ limits.h > Remove SIZE_MAX from limits.h. It was added years ago before we > had a proper stdint.h. No ports fallout. OK guenther@ miod@ (millert@) arch/i386/i386 ~ locore.s ~ mptramp.s ~ pmapae.c > Only enable PAE if the CPU we're running on has NX support. Without NX > support we're only wasting memory on the larger PAE page tables without > any real benefit. This allows some simplifications of the low-level > assembly code. > ok mlarkin@, deraadt@ (kettenis@) ~ acpi_wakecode.S > Enable NX support in the resume path. Makes suspend/resume work with the > PAE pmap. > ok deraadt@, mlarkin@ (kettenis@) ~ acpi_wakecode.S ~ hibernate_machdep.c > Disable PAE when switching to the hibernate resume pagetables. This > involves > a slightly conmplicated dance where we stash the PAE PDPTEs into the > hibernate resume pagetables and use those before turning off PAE. > Makes (un)hibernate work with the new PAE pmap. > ok mlarkin@ (kettenis@) ~ ioapic.c > Move a variable's initialisation so a panic will work as intended. > ok guenther@ deraadt@ (jsg@) arch/i386/include ~ vmparam.h > bump i386 MAXDSIZ to 3GB. - "If you're running this, and presumably > actually > using that much memory, go for it" tedu@ "I don't see any immediate > downsides" > kettenis@ (sthen@) ~ limits.h > Remove SIZE_MAX from limits.h. It was added years ago before we > had a proper stdint.h. No ports fallout. OK guenther@ miod@ (millert@) arch/m88k/include ~ limits.h > Remove SIZE_MAX from limits.h. It was added years ago before we > had a proper stdint.h. No ports fallout. OK guenther@ miod@ (millert@) arch/mips64/include ~ limits.h > Remove SIZE_MAX from limits.h. It was added years ago before we > had a proper stdint.h. No ports fallout. OK guenther@ miod@ (millert@) arch/mips64/mips64 ~ clock.c > Do not grab the kernel lock for clock interrupts. Help and ok kettenis@ > (miod@) ~ pmap.c > add missing splx calls > ok miod@ (jsg@) arch/octeon/dev ~ iobusvar.h ~ octeon_iobus.c ~ octdwctwo.c > Get dwc2 working on octeon. > - transplant the clock setup code from octhci > - add a bus space tag to deal with dwc2 using little endian addressing > - bump up the rx fifo size, necessary for umass/sd to work > tested on an edgerouter lite, which can almost boot by itself now > ok uebayasi@ (various parts), miod@ (bus space bits) (jmatthew@) ~ if_cnmac.c > Convert to if_input(). > Tested by jmatthew@ (mpi@) ~ octeon_intr.c > Do not grab the kernel lock for clock interrupts. Help and ok kettenis@ > (miod@) arch/powerpc/include ~ limits.h > Remove SIZE_MAX from limits.h. It was added years ago before we > had a proper stdint.h. No ports fallout. OK guenther@ miod@ (millert@) arch/powerpc/powerpc ~ cpu_subr.c > Correctly write the 64bits of the HID 1, 4 and 5 registers. > This makes the secondary cpu of my PowerMac as fast as the primary one, > and divide the build time by 3 with a GENERIC.MP kernel on MP G5s > Found thanks to MP kernel profiling. > ok dlg@, miod@ (mpi@) ~ trap.c > Remove a check for NULL that would have been after a NULL dereference > if callers of save_vec() weren't expected to pass a non NULL pointer > as an argument. > ok kettenis@ (jsg@) arch/sgi/sgi ~ intr_template.c > Do not grab the kernel lock for clock interrupts. Help and ok kettenis@ > (miod@) arch/sh/include ~ limits.h > Remove SIZE_MAX from limits.h. It was added years ago before we > had a proper stdint.h. No ports fallout. OK guenther@ miod@ (millert@) arch/solbourne/solbourne ~ pmap.c > add missing splx calls > ok miod@ (jsg@) arch/sparc/include ~ limits.h > Remove SIZE_MAX from limits.h. It was added years ago before we > had a proper stdint.h. No ports fallout. OK guenther@ miod@ (millert@) arch/sparc64/include ~ limits.h > Remove SIZE_MAX from limits.h. It was added years ago before we > had a proper stdint.h. No ports fallout. OK guenther@ miod@ (millert@) arch/vax/if ~ sgec.c > add missing splx calls > ok miod@ (jsg@) arch/vax/include ~ limits.h > Remove SIZE_MAX from limits.h. It was added years ago before we > had a proper stdint.h. No ports fallout. OK guenther@ miod@ (millert@) compat/linux ~ linux_cdrom.c ~ linux_termios.c > Indroduce fd_getfile_mode() and use it were fd_getfile() is directly > followed by a mode check. This will simplify the ref/unref dance as > soon as fd_getfile() will increment fp's reference counter. > Idea from and ok guenther@, ok millert@ (mpi@) ~ linux_misc.c > add missing splx calls > ok krw@ (jsg@) ddb ~ parse_structinfo.pl > Also generate db_structinfo.txt with struct member offset and size info > prodded by deraadt@ and miod@ (guenther@) dev/ic ~ rtsx.c ~ rtsxvar.h > In rtsx(4), condense the list of support chips in a comment, remove the > unused > F_5227 flag, sort PCI IDs, and fix a typo in a comment. No functional > change. > from brad (stsp@) ~ aic6915.c > Fix a memory leak in an error path found by Maxime Villard's > Brainy Code Scanner. (jsg@) ~ dp8390.c > Convert to if_input(). > ok miod@ (mpi@) ~ lance.c ~ lancevar.h ~ am7990.c ~ am79900.c > Convert to if_input(), ok miod@ (mpi@) ~ i82596.c > Convert to if_input(), ok miod@ (mpi@) ~ aac.c > Die, damned distracting red space. (krw@) ~ ciss.c > add missing CISS_UNLOCK_SCRATCH/splx calls > ok krw@ (jsg@) dev/pci ~ if_vio.c > vio: Support checksum offloading for IPv4 TX > "Looks good to me" brad@ (sf@) ~ if_vio.c > Have vio_start() check if the queue is empty. > from brad@ (sf@) ~ rtsx_pci.c > In rtsx(4), condense the list of support chips in a comment, remove the > unused > F_5227 flag, sort PCI IDs, and fix a typo in a comment. No functional > change. > from brad (stsp@) ~ if_age.c ~ if_et.c ~ if_ixgb.c ~ if_msk.c ~ if_oce.c ~ if_se.c ~ if_stge.c ~ if_tht.c ~ if_tl.c ~ if_txp.c ~ if_vte.c ~ if_xge.c > Convert moar drivers to if_input(). > ok dlg@ (mpi@) ~ if_jme.c ~ if_vic.c > No need to set `rcvif', if_input() does it for you! (mpi@) ~ if_sk.c > Convert to if_input(), tweak and ok dlg@ (mpi@) ~ ixgbe_82599.c ~ ixgbe_phy.c ~ ixgbe_type.h > Allow use of 1Gb 1000baseLX SFPs in 82599 ix(4) SFP+ port. Adapted from > Linux commit 345be204dcbb. ok jsg@ mikeb@ (sthen@) ~ ixgbe_82599.c ~ ixgbe_type.h ~ if_ix.c > Set the correct media type for 1000baseLX SFPs. > Tested by/ok sthen@, ok mikeb@ (jsg@) ~ pcidevs > Correct some E5 v2 ids and add E5 v2 R2PCIE. > From Hrvoje Popovski. (jsg@) ~ pcidevs.h ~ pcidevs_data.h > regen (jsg@) dev/usb ~ umct.c ~ umct.h > Two extra messages required after sending a baud rate update, as observed > in the linux mct_u232 driver, which apparently got them by sniffing usb > traffic from the vendor's windows 98 driver. Makes this device work at > 115200: > umct0 at uhub0 port 2 "Belkin Components F5U109 Serial" rev 1.10/1.02 addr > 2 > ok dlg@ (jmatthew@) ~ usbdevs > Add USB device ID for RTL8812AU. Found in "TP-Link AC1200 T4U" device. > (stsp@) ~ usbdevs.h ~ usbdevs_data.h > regen (stsp@) ~ usbdevs.h ~ usbdevs_data.h > regen (stsp@) ~ usbdevs > Add IDs for RTL8188ETV and RTL8188EU. From FreeBSD via Mikhail on tech@ > (stsp@) ~ upd.c > Make use of DEVNAME(), from David Higgs. (mpi@) ~ upd.c > with more unit convertion when new sensors will appear. > From David Higgs. (mpi@) ~ upd.c > Since upd(4) currently supports a known but limited number of sensors, > parse the HID descriptor multiple times to find them. > This logic is necessary to later create a tree of sensors in order to > avoid lookups in the hot path for sensors that depend on the value of > others. > From David Higgs. (mpi@) ~ upd.c > Instead of using a single flat array for all sensors, put all the > children of a sensor in a separate structure. > Children sensors should only be probbed if their parent is active. > This make the dependency tree explicit and will reduce the number > of I/O. > From David Higgs. (mpi@) ~ upd.c > Link report descriptors to known sensors. > Since HID buffers always start by a reportID we can access the > corresponding > report descriptor in O(1). Having a list of sensors attached to each > report > descriptor makes it easier to update all of them with only on I/O request. > Note that sensors are attached in depency order on every report list. > From David Higgs. (mpi@) ~ if_mos.c ~ if_upgt.c ~ udl.c > add missing splx calls (jsg@) kern ~ exec_elf.c > Require a PT_LOAD segment's p_filesz to be no larger than its p_memsz. > test cases provided by Alejandro Herna'ndez (nitrousenador (at) gmail.com) > ok deraadt@ jsg@ (guenther@) ~ kern_time.c > Protect the per-process itimerval structs with a mutex. We update these > from hardclock() which runs without grabbing the kernel lock. This means > that two threads could concurrently update the struct which could lead to > corruption of the value which in turn could stop the timer. It could also > result in getitimer(2) returning a non-normalized value. > With help from guenther@. > ok deraadt@, guenther@ (kettenis@) ~ exec_elf.c > Error out if the PT_INTERP segment isn't NUL terminated > ok deraadt@ millert@ miod@ (guenther@) ~ kern_descrip.c ~ sys_generic.c ~ vfs_syscalls.c > Indroduce fd_getfile_mode() and use it were fd_getfile() is directly > followed by a mode check. This will simplify the ref/unref dance as > soon as fd_getfile() will increment fp's reference counter. > Idea from and ok guenther@, ok millert@ (mpi@) ~ exec_elf.c > Now we use p_filesz - 1 to test for NUL check that p_filesz is > at least two and while here allow the upper bound to be > MAXPATHLEN by changing a >= to > as suggested by krw@ in a thread > on tech where Maxime Villard proposed additional PT_INTERP checks. > tested by and ok guenther@ (jsg@) ~ exec_elf.c TAGGED OPENBSD_5_7 > Backport r1.114-1.116 by myself and jsg: > Missing validity checks in the kernel ELF loader meant malformed binaries > could trigger kernel panics or view kernel memory. (guenther@) ~ exec_elf.c TAGGED OPENBSD_5_6 > Backport r1.114-1.116 by myself and jsg: > Missing validity checks in the kernel ELF loader meant malformed binaries > could trigger kernel panics or view kernel memory. (guenther@) ~ kern_descrip.c TAGGED OPENBSD_5_6 > Avoid NULL deref in fd_getfile_mode(); OK deraadt@ (millert@) ~ tty_tty.c ~ vfs_vnops.c ~ vfs_vops.c TAGGED OPENBSD_5_6 > Pass fflag to VOP_POLL so vfs fifo functions can get at the file > flags to check FREAD/FWRITE if needed. This will be used by fifo_poll > to avoid checking the write end of the fifo when the fd is read-only. > OK guenther@ (millert@) ~ init_main.c TAGGED OPENBSD_5_6 > reenable page zeroing thread on SMP mips kernels. (miod@) net ~ if_tun.c > Use if_get() after every tsleep(), in case the bottom half of the driver > has destroyed or damaged the interface clone. > with mpi (deraadt@) ~ pf_norm.c > In most cases, IP fragments do not have an Ethernet padding. So > add a condition to save a useless call to m_adj() and have a paranoid > length check in the other cases. > OK henning@ (bluhm@) ~ if_tun.c > Do not free & reallocate a new chunk of memory for the interface > descriptor during SIOCSIFFLAGS. > This prevent a use after free, triggered by the pool/malloc damage > finder being currently cooked by dlg@ and deraadt@. > ok deraadt@ (mpi@) netinet ~ ip_carp.c > Make sure to overwrite sdl_type after calling ether_ifattach(). > Fix a problem found by Johan Huldtgren, ok phessler@ (mpi@) ~ ip_spd.c > Merge two identical if() statements in ipsp_acquire_sa(). The > change in ip_spd.c 1.59 makes it appear that there is a cut & pasto. > OK mikeb@ (millert@) netinet6 ~ in6_ifattach.c ~ nd6.c ~ nd6_rtr.c > Do not call nd6_purge() before purging the IPv6 addresses of a detached > interface. > Fix a use after free introduced in r1.98 of netinet6/in6.c and recently > exposed by a crazy pool/malloc damage finder being currently refined by > dlg@ and deraadt@. > ok mikeb@, henning@ (mpi@) nfs ~ nfs_vnops.c > Make sure we don't leak bytes from malloced memory in the padding of struct > dirent. (The memset in previous commit was both wrong and insufficient.) > problem with memset noted by brad@ and jsg@ > ok millert@ (guenther@) sys ~ filedesc.h > Indroduce fd_getfile_mode() and use it were fd_getfile() is directly > followed by a mode check. This will simplify the ref/unref dance as > soon as fd_getfile() will increment fp's reference counter. > Idea from and ok guenther@, ok millert@ (mpi@) ~ stdint.h > SIZE_MAX is no longer in limits.h (millert@) ~ vnode.h > Pass fflag to VOP_POLL so vfs fifo functions can get at the file > flags to check FREAD/FWRITE if needed. This will be used by fifo_poll > to avoid checking the write end of the fifo when the fd is read-only. > OK guenther@ (millert@) == usr.bin =========================================================== 11/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin calendar ~ calendars/calendar.birthday > use adolf, not adolph, for hitler, to keep it consistent; > remove his suicide entry since it's already listed, more completely, > in calendar.history; > from craig skinner (jmc@) ~ calendars/calendar.holiday > - king's birthday now celebrated in the netherlands; from einfach jemand > ok, though not neccessarily endorsed, from/by otto > tim van der molen further requested it be "king's day" and the removal > of antilles > while here i've used an article (*the* netherlands), here and in another > example (jmc@) ~ calendars/calendar.holiday > statue [sic] day in netherlands antilles becomes kingdom day in the > netherlands; > thanks paul de weerd for pointers (jmc@) compress ~ main.c > Preserve times to nanosecond precision instead of just microsecond. > Prefer to set attributes by fd for regular files, and not follwing > symlinks for others. > ok brynet@ millert@ (guenther@) diff ~ diff.c ~ diffreg.c ~ xmalloc.c ~ xmalloc.h > Change internal xrealloc() to a idiom-following xreallocarray(). > This loses a "new size is 0" failure case. Probably not relevant; > and since we develop this in OpenBSD, we'll catch that before someone > else imports this... > ok millert (deraadt@) file ~ file.c > stat() the original link path not the resolved one which may be relative. > (nicm@) ~ file.1 ~ file.c > Don't support -s on FIFOs, it doesn't work well and the workarounds are > a bit horrible. (nicm@) ~ file.1 > remove some extraneous text; ok nicm (jmc@) ~ Makefile ~ file.c ~ file.h > Add simple privilege separation to file(1). Two processes, file > descriptors and a few other bits are opened in parent and passed to > child using imsg. Child currently drops to "nobody" but this will change. > (nicm@) ~ file.h > Add a _file user and use for privsep, ok deraadt (nicm@) ~ Makefile ~ file.c ~ file.h + sandbox.c > Use a systrace(4) sandbox with a short whitelist of allowed syscalls for > the file(1) child process. Based on similar code in ssh sandbox-systrace.c. > Idea and help from deraadt@. (nicm@) ~ file.c > Add a missing free in the error path. > ok nicm@ (lteo@) ~ sandbox.c > the non braced do while made my teeth hurt (deraadt@) ~ sandbox.c > Tweak comment so it doesn't imply line buffering is needed (any will do > so long as it is explicit), and set stderr to NBF not LBF. Pointed out > by espie@. (nicm@) ~ sandbox.c > Add a comment about waitpid, suggested by espie@. (nicm@) grep ~ grep.c > Add warning when user specifies -R but no files, like GNU grep. > OK schwarze@ ian@ (millert@) m4 ~ gnum4.c > Add missing #include <stdint.h> for SIZE_MAX (millert@) make ~ buf.c > Add missing #include <stdint.h> for SIZE_MAX (millert@) mandoc ~ main.c > Improve the error message in case somebody has configured an invalid PAGER. > Suggested by Lorenzo Beretta <lory dot fulgi at infinito dot it>. > (schwarze@) ~ tbl_layout.c > When the last line of a table layout turns out to be empty, it is deleted. > Do not just free the struct tbl_row but also make sure that no pointer > to it remains. Fixing a use after free found by jsg@ with afl. (schwarze@) ~ mdoc_macro.c > Do not mark a block with the MDOC_BROKEN flag if it merely contains > a mismatching explicit end macro without actually being broken. > Avoids a subsequent upward search for the non-existent breaker > ending up in a NULL pointer access; afl test case 005/Apr27 from jsg@. > (schwarze@) ~ term.c ~ term.h > Replace the kludge for the \z escape sequence by an actual > implementation. As a side effect, minus ten lines of code. > As another side effect, this also fixes the assertion failure that > used to be triggered by "\z\o'ab'c" at the beginning of an output > line, found by jsg@ with afl (test case 022/Apr27). (schwarze@) ~ mdoc_macro.c > If a block body gets broken, that's no good reason to extend the > scope of the end macro. Instead, only keep the tail scope open if > the end macro macro calls an explicit macro and actually breaks > that. This corrects syntax tree structure and fixes an assertion > found by jsg@ with afl (test case 098/Apr27). (schwarze@) ~ mdoc_macro.c > Minor bug fix: When .Pp rewinds .Nm, rewind the whole block, > not just the body. In some unusual edge cases, this caused > the .Pp to become a sibling of the .Nm body inside the .Nm block. > (schwarze@) ~ mdoc_macro.c ~ roff.c > Setting the "last" member of struct roff_node was done at an extremely > weird place. Move it to the obviously correct place. > Surprisingly, this didn't cause any misformatting in the test suite > or in any base system manuals, but i cannot believe the code was > really correct for all conceivable input, and it would be very hard > to verify. At the very least, it cannot have worked for man(7). > (schwarze@) ~ mdoc_macro.c > mdoc_valid_post() may indirectly call roff_node_unlink() which may > set ROFF_NEXT_CHILD, which is desirable for the final call to > mdoc_valid_post() - in case the target itself gets deleted, the > parse point may need this adjustment - but not for the intermediate > calls - if intermediate nodes get deleted, that mustn't clobber the > parse point. So move setting ROFF_NEXT_SIBLING to the proper place > in rew_last(). > This fixes the assertion failure in jsg@'s afl test case 108/Apr27. > (schwarze@) netstat ~ show.c > sync with rev 1.99 of sbin/route/show.c > requested by claudio@ and mpi@ (benno@) sndiod ~ sndiod.c > Fix typo in the buffer size value: 7680 in the manpage vs 7860 in > the sndiod.c code. > Initially, I thought the error was in the manpage, but Alexander > told me it was the code, so fix the code instead. > ok ratchov@ (dcoppa@) ssh ~ sshd.c > allow "sshd -f none" to skip reading the config file, much like > "ssh -F none" does. ok dtucker (djm@) ~ kexc25519s.c > Include stdio.h for FILE (used in sshkey.h) so it compiles with OPENSSL=no. > (dtucker@) ~ monitor.c ~ packet.c ~ ssh-keygen.c > fix compilation with OPENSSL=no; ok dtucker@ (djm@) ~ opacket.c > more OPENSSL=no fixes; ok dtucker@ (djm@) ~ sshd_config ~ servconf.c ~ sshd_config.5 > Make sshd default to PermitRootLogin=no; > ok deraadt@ rpe@ (djm@) ~ ssh_config.5 ~ sshd_config.5 > Document that the TERM environment variable is not subject to SendEnv > and AcceptEnv. bz#2386, based loosely on a patch from jjelen at redhat, > help and ok jmc@ (dtucker@) ~ sshd_config.5 > Fix typo in previous (dtucker@) ~ ssh_config.5 ~ sshd_config.5 > enviroment -> environment: apologies to darren for not spotting that first > time round... (jmc@) ~ servconf.c ~ servconf.h ~ sshd_config.5 > Allow ListenAddress, Port and AddressFamily in any order. bz#68, > ok djm@, jmc@ (for the man page bit). (dtucker@) ~ auth-options.c > Don't make parsing of authorized_keys' environment= option conditional > on PermitUserEnv - always parse it, but only use the result if the > option is enabled. This prevents the syntax of authorized_keys changing > depending on which sshd_config options were enabled. > bz#2329; based on patch from coladict AT gmail.com, ok dtucker@ (djm@) ~ auth.h ~ auth2-pubkey.c ~ monitor.c ~ monitor_wrap.c ~ monitor_wrap.h > prevent authorized_keys options picked up on public key tests without > a corresponding private key authentication being applied to other > authentication methods. Reported by halex@, ok markus@ (djm@) ~ mux.c > reduce stderr spam when using ssh -S /path/mux -O forward -R 0:... > ok dtucker@ (djm@) ~ mux.c > remove failed remote forwards established by muliplexing from the > list of active forwards; bz#2363, patch mostly by Yoann Ricordel; > ok dtucker@ (djm@) ~ servconf.c ~ auth.c > make handling of AuthorizedPrincipalsFile=none more consistent > with other =none options; bz#2288 from Jakub Jelen; ok dtucker@ (djm@) ~ servconf.c > a couple of parse targets were missing activep checks, causing them > to be misapplied in match context; > bz#2272 diagnosis and original patch from Sami Hartikainen > ok dtucker@ (djm@) ~ packet.c ~ dispatch.c > refactor ssh_dispatch_run_fatal() to use sshpkt_fatal() to better > report error conditions. Teach sshpkt_fatal() about ECONNRESET. > Improves error messages on TCP connection resets. bz#2257 > ok dtucker@ (djm@) ~ sshd.8 > mention that the user's shell from /etc/passwd is used for commands > too; bz#1459 ok dtucker@ (djm@) tmux ~ cmd-split-window.c > Remove panes from layout if spawning them fails, reported by Anthony J > Bentley. (nicm@) ~ cmd-select-pane.c > If the requested pane is already active, do not unzoom the window (or do > anything else). Prevents mouse clicking when zoomed causing unzoom, > reported by Jose Antonio Delgado Alfonso (with a different fix). (nicm@) ~ Makefile ~ cmd-choose-buffer.c ~ cmd-choose-client.c ~ cmd-choose-tree.c ~ cmd-display-message.c ~ cmd-find-window.c ~ cmd-load-buffer.c ~ cmd-new-session.c ~ cmd-save-buffer.c ~ cmd.c ~ tmux.1 ~ tmux.h + cmd-find.c > Rewrite of the target resolution internals to be simpler and more > consistent but with much less duplication, but keeping the same internal > API. Also adds more readable aliases for some of the special tokens used > in targets (eg "{start}" instead of "^"). Some behaviours may have > changed, for example prefix matches now happen before fnmatch. (nicm@) ~ cmd-find.c > Assign to the right variable when comparing clients. (nicm@) ~ cfg.c > Reset cfg_ncauses to 0 as well or we could allocate the wrong size if > called again. (nicm@) ~ cmd-find.c > Do not include unattached clients when trying to find one for target. > (nicm@) ~ cmd-select-layout.c ~ tmux.1 ~ tmux.h ~ window.c > Add select-layout -o to undo the last layout change (apply the previously > set layout). (nicm@) ~ cmd-find.c > If can't find pane as a pane, try as a window; likewise if can't find > window as a session. (nicm@) ~ cmd-find.c > Do not do a search for the tty path if there isn't one. (nicm@) ~ cmd-find.c > If looking for an index, don't fill in window when given a session. (nicm@) ~ options-table.c ~ server-fn.c ~ tmux.1 ~ tty.c > If default-terminal is set to "screen" or "screen-*", emulate screen's > historical (incorrect) behaviour for SGR 3 and send smso > (standout). Previously, we would send sitm (italics) if the terminal > outside had it and smso otherwise. This was acceptably until recently > because xterm's terminfo entry lacked sitm, so most users got smso. > People who want italics should set default-terminal to the forthcoming > "tmux" entry (and be prepared to deal with it being missing on older > hosts). > As a side-effect this changes default-terminal to be a server rather > than a session option. > suggested by and ok naddy (nicm@) ~ cmd-select-pane.c > Do not complain when directions fail. (nicm@) units ~ units.lib > update currency exchange rates; (jmc@) == usr.sbin ========================================================== 12/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin bgpctl ~ irr_output.c > for every policy we write out, flush the output so we don't get an > irritating partially written line (phessler@) bgpd ~ control.c ~ parse.y > mlarkin asks "bgpctl checks the length of the control socket path to > make sure it fits. When browsing around last night I saw that bgpd > does not. Any reason it shouldn't? Please commit" > Add a check in parse.y to check this when reading the configuration. > ok phessler@ henning@ (benno@) dhcpd ~ conflex.c > Correct switch between current and previous line buffers when > encountering a carriage return in the input. > Found by jsg@ a long time ago in a respository far, far away. (krw@) ~ conflex.c > Hoist common assignments out of a series of if/if-else statements > in get_token(). Simplifies code and shrinks future diff. > No intentional functional change. (krw@) httpd ~ server.c TAGGED OPENBSD_5_7 > MFC usr.sbin/httpd/server.c:1.62->1.63, req by florian@ > We cannot log errors with server_close() before allocating > clt_log evbuffer. > server_close() calls server_log() which uses ctl_log. > Crash reported by Daniel Jakots <vigdis AT chown DOT me>, thanks! > OK benno (sthen@) ~ server.c TAGGED OPENBSD_5_6 > MFC usr.sbin/httpd/server.c:1.62->1.63, req by florian@ > We cannot log errors with server_close() before allocating > clt_log evbuffer. > server_close() calls server_log() which uses ctl_log. > Crash reported by Daniel Jakots <vigdis AT chown DOT me>, thanks! > OK benno (sthen@) ~ server_file.c ~ server_http.c TAGGED OPENBSD_5_6 > Implement byte ranges. > From Sunil Nimmagadda <sunil At nimmagadda DOT net> > OK benno@ (florian@) relayd ~ relay.c ~ relay_http.c > When the HTTP client did close the connection while relayd was still > parsig the HTTP header, the session was never destroyed. This > resulted in a file descriptor leak. > Add a check wether the protocol knows how much data to expect. If > relayd is reading unlimited data or is expecting nothing to read, > ignore the end-of-file. Otherwise it is a protocol violation, so > close the session immediately. > While there, make relayd compile with DEBUG defined. > Based on a diff from claudio@; tested by claudio@; OK claudio@ benno@ > (bluhm@) ~ ca.c ~ config.c ~ parse.y ~ relayd.c ~ relayd.h > Fix obvious problems with relayd config reload. > - fix a TAILQ corruption because of a use after free > - do not reinit the SSL engine since that fails > OK sthen, benno (claudio@) smtpd ~ enqueue.c > smtpd enqueue -S does not take an argument, fix optstring accordingly > fix by Nathanael Rensen (gilles@) ~ enqueue.c > S was misplaced in r1.89, the optarg that was removed was actually needed > by R, so reintroduce it in the proper place. > spotted and diff by Sunil Nimmagadda (gilles@) =============================================================================== _______________________________________________ owc mailing list [email protected] http://www.squish.net/mailman/listinfo/owc
