OpenBSD src changes summary for 2015-07-05 to 2015-07-12 inclusive ==================================================================
bin/ed distrib/armv7 distrib/miniroot distrib/sets etc/changelist lib/libc lib/libfuse lib/libutil libexec/comsat libexec/mail.local regress/lib regress/usr.bin regress/usr.sbin sbin/fdisk sbin/iked share/man sys/arch/amd64/amd64 sys/arch/i386/i386 sys/arch/loongson/conf sys/arch/loongson/include sys/arch/loongson/loongson sys/arch/macppc/dev sys/arch/mips64/conf sys/arch/mips64/include sys/arch/mips64/mips64 sys/arch/octeon/conf sys/arch/octeon/include sys/arch/octeon/octeon sys/arch/sgi/conf sys/arch/sgi/include sys/arch/sgi/sgi sys/arch/sparc/dev sys/arch/sparc64/sparc64 sys/ddb sys/dev sys/dev/ic sys/dev/isa sys/dev/pci sys/dev/pcmcia sys/dev/sbus sys/dev/usb sys/kern sys/net sys/netinet sys/netinet6 sys/nfs sys/sys usr.bin/file usr.bin/openssl usr.bin/ssh usr.bin/tmux usr.bin/vi usr.sbin/bgpd usr.sbin/pkg_add usr.sbin/syslogd usr.sbin/tcpdump == bin =============================================================== 01/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/bin ed ~ main.c > XXX annotate another signal race (deraadt@) == distrib =========================================================== 02/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib armv7 ~ ramdisk/install.md > At some point the u-boot mlo for panda/beagle stopped looking for > u-boot.bin and required u-boot.img on the fat fs so switch to using that > as we do for beaglebone. > Reported by abieber@ via bmercer@ (jsg@) miniroot ~ install.sub > In case-statements where single and multiline commands are used, > put the terminating ;; always on its own line. > discussed with and OK krw@ halex@ (rpe@) sets ~ lists/comp/mi > syn (deraadt@) == etc =============================================================== 03/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/etc changelist ~ changelist > Only store checksums for: > /var/nsd/etc/nsd.conf (may contain a key) > /var/unbound/db/root.key (fix path as well) > from Tim van der Molen > ok millert@ sthen@ (ajacoutot@) ~ changelist > /var/unbound/db/root.key can be stored in plain text actually; that's just > the public key. > prodded by semarie@ > ok sthen@ (ajacoutot@) == lib =============================================================== 04/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib libc ~ locale/runetable.c > the C locale should contain only ASCII > suggestion for removing (instead of commenting) the lines from stsp@ > OK millert@ (semarie@) libfuse ~ fuse_opt.c > Unbreak option parsing: > fuse_opt_pase is called with an opaque void * and struct fuse_opt. If val > has a > positive value and off != -1, we modify the opaque void * at the offset off > to > put it val. > This matches what the GNU libfuse does. > fixes (at least) simple-mtpfs option parsing > diff from slacker syl@, thanks! > "it can't get worse than not working" mikeb@ > ok miod@ sthen@ (ajacoutot@) ~ fuse.c > Skip mountpoint checking in case we only want the version or help > (-V, -h). > ok syl@ mikeb@ (ajacoutot@) libutil ~ imsg_init.3 > typo in embedded code block; from Ben Cornett (deraadt@) ~ imsg-buffer.c ~ imsg.c > Use memset instead of bzero for better portability. > ok gilles claudio doug (nicm@) == libexec =========================================================== 05/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/libexec comsat ~ comsat.c > Trim trailing whitespace from the comsat message before calling > strtonum() to parse the offset since mail.local writes a trailing > newline. Otherwise comsat just discards the message. OK deraadt@ > (millert@) mail.local ~ mail.local.c > Add support for IPv6 by using getaddrinfo(). Our inetd.conf ships > with an IPv6 comsat example but it would never get used. OK deraadt@ > (millert@) == regress =========================================================== 06/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress lib ~ libc/locale/Makefile > add setlocale test (semarie@) + libc/locale/setlocale/Makefile + libc/locale/setlocale/setlocale.c > add regress test for setlocale(3) and some related > functions (MB_CUR_MAX, isalpha() for ctype. > some tips from stsp@ (semarie@) ~ libssl/unit/Makefile + libssl/unit/tls_ext_alpn.c > Add tests for parsing TLS extension ALPN (RFC 7301). > The current libssl code does not pass these tests yet. (doug@) usr.bin ~ ssh/unittests/sshkey/testdata/dsa_1 ~ ssh/unittests/sshkey/testdata/dsa_1-cert.fp ~ ssh/unittests/sshkey/testdata/dsa_1-cert.pub ~ ssh/unittests/sshkey/testdata/dsa_1.fp ~ ssh/unittests/sshkey/testdata/dsa_1.fp.bb ~ ssh/unittests/sshkey/testdata/dsa_1.param.g ~ ssh/unittests/sshkey/testdata/dsa_1.param.priv ~ ssh/unittests/sshkey/testdata/dsa_1.param.pub ~ ssh/unittests/sshkey/testdata/dsa_1.pub ~ ssh/unittests/sshkey/testdata/dsa_1_pw ~ ssh/unittests/sshkey/testdata/dsa_2 ~ ssh/unittests/sshkey/testdata/dsa_2.fp ~ ssh/unittests/sshkey/testdata/dsa_2.fp.bb ~ ssh/unittests/sshkey/testdata/dsa_2.pub ~ ssh/unittests/sshkey/testdata/dsa_n ~ ssh/unittests/sshkey/testdata/dsa_n_pw ~ ssh/unittests/sshkey/testdata/ecdsa_1 ~ ssh/unittests/sshkey/testdata/ecdsa_1-cert.fp ~ ssh/unittests/sshkey/testdata/ecdsa_1-cert.pub ~ ssh/unittests/sshkey/testdata/ecdsa_1.fp ~ ssh/unittests/sshkey/testdata/ecdsa_1.fp.bb ~ ssh/unittests/sshkey/testdata/ecdsa_1.param.priv ~ ssh/unittests/sshkey/testdata/ecdsa_1.param.pub ~ ssh/unittests/sshkey/testdata/ecdsa_1.pub ~ ssh/unittests/sshkey/testdata/ecdsa_1_pw ~ ssh/unittests/sshkey/testdata/ecdsa_2 ~ ssh/unittests/sshkey/testdata/ecdsa_2.fp ~ ssh/unittests/sshkey/testdata/ecdsa_2.fp.bb ~ ssh/unittests/sshkey/testdata/ecdsa_2.param.priv ~ ssh/unittests/sshkey/testdata/ecdsa_2.param.pub ~ ssh/unittests/sshkey/testdata/ecdsa_2.pub ~ ssh/unittests/sshkey/testdata/ecdsa_n ~ ssh/unittests/sshkey/testdata/ecdsa_n_pw ~ ssh/unittests/sshkey/testdata/ed25519_1 ~ ssh/unittests/sshkey/testdata/ed25519_1-cert.fp ~ ssh/unittests/sshkey/testdata/ed25519_1-cert.pub ~ ssh/unittests/sshkey/testdata/ed25519_1.fp ~ ssh/unittests/sshkey/testdata/ed25519_1.fp.bb ~ ssh/unittests/sshkey/testdata/ed25519_1.pub ~ ssh/unittests/sshkey/testdata/ed25519_1_pw ~ ssh/unittests/sshkey/testdata/ed25519_2 ~ ssh/unittests/sshkey/testdata/ed25519_2.fp ~ ssh/unittests/sshkey/testdata/ed25519_2.fp.bb ~ ssh/unittests/sshkey/testdata/ed25519_2.pub ~ ssh/unittests/sshkey/testdata/rsa1_1.fp ~ ssh/unittests/sshkey/testdata/rsa1_1.fp.bb ~ ssh/unittests/sshkey/testdata/rsa1_1.param.n ~ ssh/unittests/sshkey/testdata/rsa1_1.pub ~ ssh/unittests/sshkey/testdata/rsa1_2.fp ~ ssh/unittests/sshkey/testdata/rsa1_2.fp.bb ~ ssh/unittests/sshkey/testdata/rsa1_2.param.n ~ ssh/unittests/sshkey/testdata/rsa1_2.pub ~ ssh/unittests/sshkey/testdata/rsa_1 ~ ssh/unittests/sshkey/testdata/rsa_1-cert.fp ~ ssh/unittests/sshkey/testdata/rsa_1-cert.pub ~ ssh/unittests/sshkey/testdata/rsa_1.fp ~ ssh/unittests/sshkey/testdata/rsa_1.fp.bb ~ ssh/unittests/sshkey/testdata/rsa_1.param.n ~ ssh/unittests/sshkey/testdata/rsa_1.param.p ~ ssh/unittests/sshkey/testdata/rsa_1.param.q ~ ssh/unittests/sshkey/testdata/rsa_1.pub ~ ssh/unittests/sshkey/testdata/rsa_1_pw ~ ssh/unittests/sshkey/testdata/rsa_2 ~ ssh/unittests/sshkey/testdata/rsa_2.fp ~ ssh/unittests/sshkey/testdata/rsa_2.fp.bb ~ ssh/unittests/sshkey/testdata/rsa_2.param.n ~ ssh/unittests/sshkey/testdata/rsa_2.param.p ~ ssh/unittests/sshkey/testdata/rsa_2.param.q ~ ssh/unittests/sshkey/testdata/rsa_2.pub ~ ssh/unittests/sshkey/testdata/rsa_n ~ ssh/unittests/sshkey/testdata/rsa_n_pw > regen test data after mktestdata.sh changes (markus@) ~ ssh/unittests/sshkey/mktestdata.sh ~ ssh/unittests/sshkey/test_file.c ~ ssh/unittests/sshkey/test_sshkey.c > adapt tests to new minimum RSA size and default FP format (markus@) ~ ssh/cert-hostkey.sh ~ ssh/cert-userkey.sh ~ ssh/hostkey-agent.sh ~ ssh/hostkey-rotate.sh ~ ssh/keytype.sh ~ ssh/unittests/kex/test_kex.c > Adapt tests, now that DSA if off by default; use PubkeyAcceptedKeyTypes > and PubkeyAcceptedKeyTypes to test DSA. (markus@) usr.sbin ~ syslogd/RSyslogd.pm ~ syslogd/args-client-bind-only4.pl ~ syslogd/args-client-bind-only6.pl ~ syslogd/args-client-bind-port.pl ~ syslogd/args-client-bind.pl ~ syslogd/args-client-bind4-port.pl ~ syslogd/args-client-bind4.pl ~ syslogd/args-client-bind6-port.pl ~ syslogd/args-client-bind6.pl ~ syslogd/args-length-udp.pl ~ syslogd/args-maxunix.pl ~ syslogd/args-rsyslog-tcp.pl ~ syslogd/args-rsyslog-tls.pl ~ syslogd/args-rsyslog-udp.pl ~ syslogd/args-sighup-tcp.pl ~ syslogd/args-sighup-tls.pl ~ syslogd/args-socket-tcp.pl ~ syslogd/args-socket-tls.pl ~ syslogd/funcs.pl ~ syslogd/syslogd.pl + syslogd/args-client-tcp-maxline.pl + syslogd/args-client-tcp-multichunks.pl + syslogd/args-client-tcp-multilines.pl + syslogd/args-client-tcp-nodns.pl + syslogd/args-client-tcp.pl + syslogd/args-client-tcp4-nodns.pl + syslogd/args-client-tcp4.pl + syslogd/args-client-tcp6-nodns.pl + syslogd/args-client-tcp6.pl + syslogd/args-maxtcp.pl + syslogd/args-rsyslog-client-tcp.pl + syslogd/args-rsyslog-client-udp.pl > Add tests for incomming syslog messages over TCP. (bluhm@) ~ syslogd/Makefile ~ syslogd/Proc.pm + syslogd/args-fdexhaustion-config.pl + syslogd/args-fdexhaustion-sighup.pl > Test syslogd with reduced file descriptor limit. It has too many > log files in syslog.conf and must close and reopen them at SIGHUP. (bluhm@) == sbin ============================================================== 07/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin fdisk ~ fdisk.c > Do not attempt to read a disk sector worth of data from the file > containing the MBR template. Most especially don't get upset when > the 512-byte file does not contain a full 4096 byte disk sector. > Allows 4096-byte disks to be fdisk'ed once more. > Problem reported and fix tested by Gerald Hanuer via bugs@. > ok deraadt@ (krw@) ~ fdisk.c > Nuke unused variable. (krw@) iked ~ config.c ~ iked.h ~ ikev2.c ~ policy.c > repair policy-ikesa-linking by replacing the broken RB_TREE w/TAILQ > (e.g. the policy might be used-after-free on 'ikectl reconfig') > ok mikeb@ (markus@) == share ============================================================= 08/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share man ~ man9/VOP_LOOKUP.9 > Document the new 'fflag' argument to VOP_POLL(). > From Martin Natano (millert@) ~ man9/km_alloc.9 > Include missing 'const' references in man page and fix some parameter names > that didn't match the code. (mlarkin@) ~ man9/Makefile ~ man9/mbuf.9 > MFREE(9) is dead, long live m_freem(9)! > ok bluhm@, claudio@, dlg@ (mpi@) ~ man4/rtwn.4 > Fix documentation error: rtwn(4) loads firmware on if up, not if attach. > (stsp@) == sys =============================================================== 09/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys arch/amd64/amd64 ~ vector.S > Prevent possible interrupt recursion before unwinding the stack. > Xen delivers about 20 seconds worth of missed LAPIC timer events > after we enable interrupts on application CPUs and this makes us > recurse and burn the stack. > OK kettenis, guenther, deraadt, "good find" mlarkin (mikeb@) ~ pmap.c > Avoid calling pool_put(9) while holding a mutex here as well to prevent > lock > order problems. > ok sthen@ (kettenis@) arch/i386/i386 ~ pmapae.c > Remove unused prototype. (kettenis@) ~ pmap.c > Don't call pool_put(9) while holding a mutex. Instead collect pv entries > in > a list and put them back into the pool after releasing the mutex. This > prevents a lock ordering problem between the per-pmap mutexes and the > kernel > lock that arises because pool_put(9) may grab the kernel lock when it > decides > to free a pool page. > This seems to make the i386 pmap mpsafe enough to run the reaper without > holding the kernel lock. > ok sthen@ (who helped me a lot debugging this) (kettenis@) ~ pmapae.c > Don't call pool_put(9) while holding a mutex. Instead collect pv entries > in > a list and put them back into the pool after releasing the mutex. This > prevents a lock ordering problem between the per-pmap mutexes and the > kernel > lock that arises because pool_put(9) may grab the kernel lock when it > decides > to free a pool page. > This seems to make the i386 pmap mpsafe enough to run the reaper without > holding the kernel lock. > ok sthen@ (who helped me a lot debugging this) (kettenis@) ~ pmapae.c > Committed from the wrong tree. So now for real: > Don't call pool_put(9) while holding a mutex. Instead collect pv entries > in > a list and put them back into the pool after releasing the mutex. This > prevents a lock ordering problem between the per-pmap mutexes and the > kernel > lock that arises because pool_put(9) may grab the kernel lock when it > decides > to free a pool page. > This seems to make the i386 pmap mpsafe enough to run the reaper without > holding the kernel lock. > ok sthen@ (who helped me a lot debugging this) (kettenis@) arch/loongson/conf ~ files.loongson > unify the mutex implementations on all the mips64 platforms. > this basically copies the sgi implementation to mips64 and removes > it from the rest. this way they get an optimised UP mutex implementation > and correct asserts on all platforms. > ok miod@ jmatthew@ (dlg@) arch/loongson/include ~ intr.h ~ mutex.h > unify the mutex implementations on all the mips64 platforms. > this basically copies the sgi implementation to mips64 and removes > it from the rest. this way they get an optimised UP mutex implementation > and correct asserts on all platforms. > ok miod@ jmatthew@ (dlg@) arch/loongson/loongson - mutex.c > unify the mutex implementations on all the mips64 platforms. > this basically copies the sgi implementation to mips64 and removes > it from the rest. this way they get an optimised UP mutex implementation > and correct asserts on all platforms. > ok miod@ jmatthew@ (dlg@) arch/macppc/dev ~ if_bm.c ~ if_mc.c > MFREE(9) is dead, long live m_freem(9)! > ok bluhm@, claudio@, dlg@ (mpi@) arch/mips64/conf ~ files.mips64 > unify the mutex implementations on all the mips64 platforms. > this basically copies the sgi implementation to mips64 and removes > it from the rest. this way they get an optimised UP mutex implementation > and correct asserts on all platforms. > ok miod@ jmatthew@ (dlg@) arch/mips64/include + mutex.h > unify the mutex implementations on all the mips64 platforms. > this basically copies the sgi implementation to mips64 and removes > it from the rest. this way they get an optimised UP mutex implementation > and correct asserts on all platforms. > ok miod@ jmatthew@ (dlg@) arch/mips64/mips64 + mutex.c > unify the mutex implementations on all the mips64 platforms. > this basically copies the sgi implementation to mips64 and removes > it from the rest. this way they get an optimised UP mutex implementation > and correct asserts on all platforms. > ok miod@ jmatthew@ (dlg@) arch/octeon/conf ~ files.octeon > unify the mutex implementations on all the mips64 platforms. > this basically copies the sgi implementation to mips64 and removes > it from the rest. this way they get an optimised UP mutex implementation > and correct asserts on all platforms. > ok miod@ jmatthew@ (dlg@) arch/octeon/include ~ intr.h ~ mutex.h > unify the mutex implementations on all the mips64 platforms. > this basically copies the sgi implementation to mips64 and removes > it from the rest. this way they get an optimised UP mutex implementation > and correct asserts on all platforms. > ok miod@ jmatthew@ (dlg@) arch/octeon/octeon - mutex.c > unify the mutex implementations on all the mips64 platforms. > this basically copies the sgi implementation to mips64 and removes > it from the rest. this way they get an optimised UP mutex implementation > and correct asserts on all platforms. > ok miod@ jmatthew@ (dlg@) arch/sgi/conf ~ files.sgi > unify the mutex implementations on all the mips64 platforms. > this basically copies the sgi implementation to mips64 and removes > it from the rest. this way they get an optimised UP mutex implementation > and correct asserts on all platforms. > ok miod@ jmatthew@ (dlg@) arch/sgi/include ~ intr.h ~ mutex.h > unify the mutex implementations on all the mips64 platforms. > this basically copies the sgi implementation to mips64 and removes > it from the rest. this way they get an optimised UP mutex implementation > and correct asserts on all platforms. > ok miod@ jmatthew@ (dlg@) arch/sgi/sgi - mutex.c > unify the mutex implementations on all the mips64 platforms. > this basically copies the sgi implementation to mips64 and removes > it from the rest. this way they get an optimised UP mutex implementation > and correct asserts on all platforms. > ok miod@ jmatthew@ (dlg@) arch/sparc/dev ~ hme.c > MFREE(9) is dead, long live m_freem(9)! > ok bluhm@, claudio@, dlg@ (mpi@) arch/sparc64/sparc64 ~ pmap.c > Avoid calling pool_put(9) while holding a mutex here as well to prevent > lock > order problems. (kettenis@) ddb ~ db_dwarf.c > Return correct file name entry from DWARF line table > We run the DWARF line table program to generate each row of the table > until we find a row after the one we wanted, and then take the > previous row's entries. The code correctly took the previous row's > line number entry, but incorrectly took the current row's file name > entry. Notably, this caused DDB to report the wrong file names for > inlined calls to functions defined in header files. > ok mlarkin (matthew@) dev ~ softraid_crypto.c > fix a format specifier used in SR_DEBUG printfs. > from Karel Gardas (gardask at gmail.com) (mlarkin@) dev/ic ~ malo.c > Make malo(4) compile with MALO_DEBUG. Problem found by Walter Daugherity. > (stsp@) ~ elink3.c ~ lance.c > MFREE(9) is dead, long live m_freem(9)! > ok bluhm@, claudio@, dlg@ (mpi@) dev/isa ~ if_ef_isapnp.c > MFREE(9) is dead, long live m_freem(9)! > ok bluhm@, claudio@, dlg@ (mpi@) dev/pci ~ qle.c > Overallocate the data segment lists to ensure there's always space for the > terminating entry, return all 8 bits of the scsi status code, only set > xs->resid on underruns (it's not defined for overruns), and simplify how > data segment lists are constructed. > with lots of help from and ok dlg@ (jmatthew@) ~ if_et.c > Fix a use-after-free, from Maxime Villard w/ Brainy. > ok jsg@ (mpi@) ~ drm/drm_crtc.h ~ drm/drm_crtc_helper.c ~ drm/drm_linux.h ~ drm/radeon/atom.c ~ drm/radeon/radeon.h ~ drm/radeon/radeon_benchmark.c ~ drm/radeon/radeon_fence.c ~ drm/radeon/radeon_pm.c ~ drm/radeon/radeon_ring.c ~ drm/ttm/ttm_bo.c ~ drm/ttm/ttm_bo_driver.h > Make use of recent drm_linux.h additions to further reduce the > diff to linux. > ok kettenis@ (jsg@) dev/pcmcia ~ if_cnw.c ~ if_xe.c > MFREE(9) is dead, long live m_freem(9)! > ok bluhm@, claudio@, dlg@ (mpi@) dev/sbus ~ be.c ~ qe.c > MFREE(9) is dead, long live m_freem(9)! > ok bluhm@, claudio@, dlg@ (mpi@) dev/usb ~ usbdevs > add id for TEMPerHUM sensor > ok mpi@ (jung@) ~ usbdevs.h ~ usbdevs_data.h > regen (jung@) ~ usb.h > Name unamed structures, from Ludovic Coues with some tweaks. (mpi@) ~ ulpt.c > Do not use usbd_endpoint_count(), this function is almost unused and > creates confusion. Do like the rest of the drivers and simply get a > interface descriptor with usbd_get_interface_descriptor(). > Tested by stsp@ (mpi@) ~ if_athn_usb.c > Allow more time for USB athn(4) firmware boot. It seems people on > daemonforums > are running into the previous 1 second timeout on some machines, which the > driver will treat as fatal. Not sure if this will really fix the issue but > it won't hurt. Also reported in NetBSD land which inherited our driver: > http://mail-index.netbsd.org/current-users/2014/05/06/msg024793.html > ok mpi@ (stsp@) ~ uvideo.c ~ uvideo.h > Move the softc definition to uvideo.c so that userland can include > <dev/usb/uvideo.h> to get USB video descriptor definitions. > from Ludovic Coues. (mpi@) ~ if_athn_usb.c > Revert previous, doesn't fix anything. I managed to reproduce > the problem on one of my machines and the patch doesn't help. > See http://marc.info/?l=openbsd-tech&m=143645936727569&w=2 (stsp@) ~ ugen.c > Do not use usbd_endpoint_count() and usbd_interface_count(), theses > functions are almost unused and create confusion. Do like the rest > of the drivers and simply get an interface or device descriptor. > Tested by ajacoutot@ and Grant Czajkowski, thanks! (mpi@) ~ usbdi.c ~ usbdi.h > usbd_{endpoint,interface}_count() are no longer used and die. (mpi@) ~ xhci.c > Do not trust the hardware when it says that the number of remaining > bytes to transfer is superior to the length of the transfer. > Found by krw@ with an ETRON controller. (mpi@) kern ~ uipc_socket.c ~ uipc_socket2.c > MFREE(9) is dead, long live m_freem(9)! > ok bluhm@, claudio@, dlg@ (mpi@) ~ init_main.c > Disable pool_gc on m88k if MULTIPROCESSOR; we don't have enough volunteers > for human sacrifices to get this fixed in a reasonably near future, and the > tree must build. (miod@) net ~ radix.c > Do not return internal nodes to the upper layer in rn_lookup(). > The limit between the radix layer and the route layer is somewhat > vague, if it exists at all. This changes prevent rtrequest1(9) to > find and delete the root node (RNF_ROOT) when trying to delete a > non-existing default route: > # route delete 0.0.0.0 > delete host 0.0.0.0 > # route delete 0.0.0.0 > route: writing to routing socket: No such process > delete host 0.0.0.0: not in table > Historically rn_delete() was a no-op when called with an internal > node as argument. But there's no reason to manipulate such node. > In a better world rn_match() would contain such check, but let's > change the perfect-match function for the moment as this fixes a > bug and many dragons are lurking in there. > Fix a regression introduced by the big refactoring of r1.40 and > reported by tobias@. > ok tobias@, claudio@, pelikan@ (mpi@) ~ if_ppp.c ~ if_pppx.c ~ if_tun.c ~ ppp_tty.c > MFREE(9) is dead, long live m_freem(9)! > ok bluhm@, claudio@, dlg@ (mpi@) ~ route.h > RTF_LOCAL and RTF_BROADCAST must not be settable by userland. > Note that current code is safe because an explicit check exists > in route_output(). > Pointed out by claudio@ while reviewing another diff. (mpi@) ~ route.h > Use a new RTF_CONNECTED flag for interface (connected) routes. > Recent changes to support multiple interface routes broke the > assumption made by all our userland routing daemons concerning > interface routes. Historically such routes had a "gateway" > sockaddr of type AF_LINK. But to be able to support multiple > interface routes as any other multipath routes, they now have > a unique "gateway" sockaddr containing their corresponding IP > address. > This self-describing flag should avoid ambiguity when dealing > with interface routes. > Issue reported by <mxb AT alumni DOT chalmers DOT se> and benno@ > ok claudio@, benno@ (mpi@) ~ pf.c > Linking the local socket to pf states went wrong when IPsec was > involved. For outgoing packets the IPsec layer did not clear the > sending socket from the mbuf when the address changed. This resulted > in strange state match and create behavior in pf. So clear the pf > statekey and inp in the packet header for both directions when the > address changes. > Mark Patruck reported the bug, identified my problematic commit and > tested the fix. > OK mikeb@ (bluhm@) netinet ~ in.c > No longer need to manually pass RTF_MPATH to rt_ifa_add(9). (mpi@) ~ in.c > We're now creating a connected route for every configured address so > there's no need to flag every address as IFA_ROUTE. (mpi@) ~ if_ether.c > Always use "ifp" instead of mixing it with "ac->ac_if" in in_arpinput(). > (mpi@) ~ in.c > Use a new RTF_CONNECTED flag for interface (connected) routes. > Recent changes to support multiple interface routes broke the > assumption made by all our userland routing daemons concerning > interface routes. Historically such routes had a "gateway" > sockaddr of type AF_LINK. But to be able to support multiple > interface routes as any other multipath routes, they now have > a unique "gateway" sockaddr containing their corresponding IP > address. > This self-describing flag should avoid ambiguity when dealing > with interface routes. > Issue reported by <mxb AT alumni DOT chalmers DOT se> and benno@ > ok claudio@, benno@ (mpi@) ~ udp_usrreq.c > Pass an interface index instead of a pointer to in6_addr2scopeid(). > ok millert@ (mpi@) ~ tcp_input.c > Remove unused arguments and the associated code from nd6_nud_hint(). > ok claudio@ (mpi@) ~ tcp_input.c > Make KASSERT in tcp_input() less strict, tcpcb may be NULL. > OK deraadt@ (bluhm@) netinet6 ~ frag6.c > unifdef IN6_IFSTAT_STRICT. > ok deraadt@, millert@ (mpi@) ~ nd6_rtr.c > Use a new RTF_CONNECTED flag for interface (connected) routes. > Recent changes to support multiple interface routes broke the > assumption made by all our userland routing daemons concerning > interface routes. Historically such routes had a "gateway" > sockaddr of type AF_LINK. But to be able to support multiple > interface routes as any other multipath routes, they now have > a unique "gateway" sockaddr containing their corresponding IP > address. > This self-describing flag should avoid ambiguity when dealing > with interface routes. > Issue reported by <mxb AT alumni DOT chalmers DOT se> and benno@ > ok claudio@, benno@ (mpi@) ~ icmp6.c ~ in6.c ~ in6_var.h ~ ip6_forward.c ~ ip6_mroute.c > Pass an interface index instead of a pointer to in6_addr2scopeid(). > ok millert@ (mpi@) ~ nd6.c ~ nd6.h > Remove unused arguments and the associated code from nd6_nud_hint(). > ok claudio@ (mpi@) nfs ~ nfs_syscalls.c > MFREE(9) is dead, long live m_freem(9)! > ok bluhm@, claudio@, dlg@ (mpi@) sys ~ buf.h > disksort is dead, and now so is any code that relied on its compat > in bufqs. > it's only taken us 6 years. > ok millert@ krw@ (dlg@) ~ mbuf.h > MFREE(9) is dead, long live m_freem(9)! > ok bluhm@, claudio@, dlg@ (mpi@) == usr.bin =========================================================== 10/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin file ~ magic-load.c > Do not allow '\0' as an offset operator or type. > ok nicm (tobias@) ~ file.c > Properly handle files >= 4 GB on 32 bit architectures. > with input by and ok nicm@ (tobias@) ~ file.c > Keep one byte for terminating '\0'. > ok nicm@ (tobias@) openssl ~ dhparam.c ~ openssl.1 > switch "openssl dhparam" default from 512 to 2048 bits, ok jsing@ (sthen@) ~ dhparam.c > Convert openssl(1) dhparam to new option handling. > ok doug@ (jsing@) ~ crl2p7.c > Convert openssl(1) crl2pkcs7 to the new option handling. > input + ok jsing@ (doug@) ~ dsaparam.c > Convert openssl(1) dsaparam to the new option handling. > This also removes support for -timebomb related code which was only > enabled for GENCB_TEST. > ok jsing@ (doug@) ~ gendh.c > Convert gendh.c to the new option handling. > ok jsing@ (doug@) ~ ec.c > Convert openssl(1) ec to the new option handling. > ok jsing@ (doug@) ~ dsa.c > Convert openssl(1) dsa to the new option handling. > ok jsing@ (doug@) ~ dh.c > Convert openssl(1) dh to the new option handling. > ok jsing@ (doug@) ssh ~ log.c ~ addrmatch.c > xmalloc.h is unused (markus@) ~ OVERVIEW > compress.c is gone (markus@) ~ cipher.h > typedefs for Cipher&CipherContext are unused (markus@) ~ ssh-agent.c > no need to include the old buffer/key API (markus@) ~ authfile.c > re-enable ed25519-certs if compiled w/o openssl; ok djm (markus@) ~ clientloop.c ~ myproposal.h ~ readconf.c ~ readconf.h ~ scp.1 ~ servconf.c ~ servconf.h ~ ssh.1 ~ ssh_config.5 ~ sshconnect2.c ~ sshd.c ~ sshd_config.5 > Turn off DSA by default; add HostKeyAlgorithms to the server and > PubkeyAcceptedKeyTypes to the client side, so it still can be > tested or turned back on; feedback and ok djm@ (markus@) tmux ~ cmd-attach-session.c ~ cmd-switch-client.c > Update environment with -E when attach-session used on an already > attached session or switch-client used on the current session. From Cam > Hutchison. (nicm@) vi ~ common/exf.c > Fix a regression caused by timespec changes when vi is run without > a file to edit. Based on a diff from Patrick Keshishian. (millert@) == usr.sbin ========================================================== 11/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin bgpd ~ kroute.c > Check for RTF_CONNECTED to track interface (connected) routes. > Make bgpd(8) properly handle interface routes since they no > longer have a "gateway" sockaddr of type AF_LINK. Regression > reported by <mxb AT alumni DOT chalmers DOT se> and benno@ > While here document traditional BSD connected route assumption. > ok claudio@, benno@ (mpi@) pkg_add ~ OpenBSD/PackageRepositoryList.pm > gc old code, from Jean-Philippe Ouellet (espie@) ~ OpenBSD/PackageRepository.pm > improve the error message for incorrect PKG_CACHE. > (yes, this should error out always) (espie@) syslogd ~ syslogd.c > Let syslogd run with non-blocking sockets. Replace the existing > fcntl(O_NONBLOCK) with the simpler SOCK_NONBLOCK and add this flag > to the UDP sockets. React to EWOULDBLOCK although it should not > happen. > OK benno@ (bluhm@) ~ evbuffer_tls.c ~ privsep.c ~ privsep_fdpass.c ~ ringbuf.c ~ syslogd.c ~ syslogd.h ~ ttymsg.c > Remove some unneeded includes. OK deraadt@ (millert@) ~ privsep.c ~ syslogd.8 ~ syslogd.c ~ syslogd.h > When syslogd is invoked with -T listen_address, it creates a TCP > socket and accepts incomming messages. At the moment, only RFC > 6587 3.4.2. Non-Transparent-Framing format with new-line separator > is supprted for incomming messsages. Outgoing messages are encoded > as 3.4.1. Octet Counting. Autodetection of incomming format will > be implemented later. > OK deraadt@ jmc@ millert@ (bluhm@) ~ syslogd.8 > Do not explain multiple times how to put brackets around IPv6 > addresses in syslogd(8). Using brackets to separate an IPv6 address > from the port number is common practice and we keep the text in > syslog.conf(5). > OK jmc@ (bluhm@) ~ syslogd.c > Set f_hostname to NULL after free() to avoid a double free when > both !host and memory buffer are used. > OK jung@ (bluhm@) ~ privsep_fdpass.c > During fd passing, receive_fd() tries to read the result value and > the file descriptor. If the fd limit is exhausted, recvmsg(2) > fails. The kernel discards the fd, but the result value stays in > the socket. It has to be read on its own to keep the privsep parent > and syslogd child in sync. > OK benno@ (bluhm@) tcpdump ~ tcpdump.c > For ASCII dumps, tighten printable characters. \v and \f aren't. > ok semarie@ sthen@ (naddy@) =============================================================================== _______________________________________________ owc mailing list [email protected] http://www.squish.net/mailman/listinfo/owc
