OpenBSD src changes summary for 2016-07-03 to 2016-07-10 inclusive ==================================================================
bin/cat distrib/notes distrib/sets etc/etc.octeon/MAKEDEV etc/etc.octeon/MAKEDEV.md etc/examples/pkg.conf etc/rc gnu/lib/libobjc gnu/usr.bin/perl lib/csu lib/libc lib/libcrypto lib/libcurses lib/libform lib/libkvm lib/libmenu lib/libpanel lib/libssl lib/libtls libexec/ftpd libexec/ld.so regress/bin regress/lib regress/usr.bin regress/usr.sbin sbin/route sbin/savecore sbin/sysctl share/man share/misc share/mk share/zoneinfo sys/arch/amd64/stand sys/arch/armv7/conf sys/arch/armv7/imx sys/arch/armv7/omap sys/arch/hppa/stand sys/arch/i386/stand sys/arch/macppc/pci sys/arch/octeon/conf sys/arch/octeon/dev sys/arch/octeon/include sys/arch/octeon/octeon sys/arch/sparc64/conf sys/dev sys/dev/acpi sys/dev/microcode sys/dev/mii sys/dev/ofw sys/dev/wscons sys/kern sys/net sys/netinet sys/netinet6 sys/nfs sys/sys sys/uvm usr.bin/biff usr.bin/doas usr.bin/less usr.bin/mandoc usr.bin/mesg usr.bin/mg usr.bin/nc usr.bin/rcs usr.bin/ssh usr.bin/tail usr.bin/tmux usr.bin/vi usr.sbin/eeprom usr.sbin/ldpd usr.sbin/route6d usr.sbin/smtpd usr.sbin/syslogd usr.sbin/vmd usr.sbin/ypbind == bin =============================================================== 01/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/bin cat ~ cat.1 > attempt to improve clarity by reducing forward references and more > directly documenting each option's effect. (tedu@) == distrib =========================================================== 02/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib notes ~ armv7/prep > Mention the EFI and DTB requirement. List U-Boot 2016.07 as 2016.05 > needs a patch to work with efiboot on non imx platforms that is > included in ports/packages but might not be present otherwise. > While U-Boot 2016.07 final is not released yet the > "efi_loader: Don't allocate from memory holes" patch is included > in rc1/rc2/rc3 and should make the final release. (jsg@) sets ~ lists/base/md.alpha ~ lists/base/md.amd64 ~ lists/base/md.armish ~ lists/base/md.armv7 ~ lists/base/md.hppa ~ lists/base/md.i386 ~ lists/base/md.landisk ~ lists/base/md.loongson ~ lists/base/md.luna88k ~ lists/base/md.macppc ~ lists/base/md.octeon ~ lists/base/md.sgi ~ lists/base/md.socppc ~ lists/base/md.sparc ~ lists/base/md.sparc64 ~ lists/base/md.zaurus ~ lists/base/mi > sync (deraadt@) ~ lists/base/md.alpha ~ lists/base/md.amd64 ~ lists/base/md.armish ~ lists/base/md.armv7 ~ lists/base/md.hppa ~ lists/base/md.i386 ~ lists/base/md.landisk ~ lists/base/md.loongson ~ lists/base/md.luna88k ~ lists/base/md.macppc ~ lists/base/md.octeon ~ lists/base/md.sgi ~ lists/base/md.socppc ~ lists/base/md.sparc ~ lists/base/md.sparc64 ~ lists/base/md.zaurus ~ lists/comp/mi > sync (deraadt@) ~ lists/man/mi > sync (deraadt@) ~ lists/base/md.octeon ~ lists/comp/md.octeon > sync (visa@) ~ lists/base/mi > sync (deraadt@) == etc =============================================================== 03/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/etc etc.octeon/MAKEDEV ~ etc.octeon/MAKEDEV > regen (visa@) etc.octeon/MAKEDEV.md ~ etc.octeon/MAKEDEV.md > Add /dev/openprom. > ok kettenis@ deraadt@ jasper@ (visa@) examples/pkg.conf ~ examples/pkg.conf > sync (sthen@) rc ~ rc > Fix detection of /usr/lib on NFS. > Found by Frank Scheiner, thanks for reporting this. > OK krw, halex > 'cool' deraadt (rpe@) == gnu =============================================================== 04/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/gnu lib/libobjc ~ Makefile.bsd-wrapper > DEBUGLIBS has been broken since the gcc4 switch, so delete it. CFLAGS > contains -g by default anyway > problem noted by Edgar Pettijohn (edgar (at) pettijohn-web.com) > ok millert@ kettenis@ deraadt@ (guenther@) usr.bin/perl ~ AUTHORS ~ Configure ~ INSTALL ~ MANIFEST ~ META.json ~ META.yml ~ Makefile.SH ~ Makefile.bsd-wrapper ~ README.haiku ~ README.macosx ~ README.os2 ~ README.vms ~ cop.h ~ embed.fnc ~ embed.h ~ gv.c ~ hv.c ~ hv_func.h ~ inline.h ~ intrpvar.h ~ locale.c ~ mg.c ~ mg.h ~ op.c ~ op.h ~ pad.c ~ patchlevel.h ~ perl.c ~ pp_sys.c ~ proto.h ~ regcomp.c ~ regexec.c ~ sv.c ~ sv.h ~ toke.c ~ util.c ~ Cross/config.sh-arm-linux ~ Cross/config.sh-arm-linux-n770 ~ NetWare/Makefile ~ NetWare/config_H.wc ~ Porting/Maintainers.pl ~ Porting/checkAUTHORS.pl ~ Porting/cmpVERSION.pl ~ Porting/config.sh ~ Porting/config_H ~ Porting/epigraphs.pod ~ Porting/perldelta_template.pod ~ Porting/release_managers_guide.pod ~ Porting/todo.pod ~ cpan/OpenBSD-MkTemp/t/OpenBSD-MkTemp.t ~ cpan/OpenBSD-Pledge/lib/OpenBSD/Pledge.pm ~ cpan/OpenBSD-Pledge/t/OpenBSD-Pledge.t ~ cpan/Term-ReadKey/Configure.pm ~ cpan/Term-ReadKey/Makefile.PL ~ cpan/Term-ReadKey/ReadKey.xs ~ cpan/Term-ReadKey/genchars.pl ~ cpan/Term-ReadKey/example/test.pl ~ dist/Module-CoreList/Changes ~ dist/Module-CoreList/lib/Module/CoreList.pm ~ dist/Module-CoreList/lib/Module/CoreList.pod ~ dist/Module-CoreList/lib/Module/TieHashDelta.pm ~ dist/Module-CoreList/lib/Module/Utils.pm ~ dist/Module-CoreList/t/corelist.t ~ dist/Module-CoreList/t/is_core.t ~ dist/Module-CoreList/t/utils.t ~ ext/Errno/Errno_pm.PL ~ hints/catamount.sh ~ hints/darwin.sh ~ hints/os390.sh ~ lib/h2ph.t ~ lib/perl5db.pl ~ plan9/config.plan9 ~ plan9/config_sh.sample ~ pod/perl.pod ~ pod/perlclib.pod ~ pod/perldelta.pod ~ pod/perlfunc.pod ~ pod/perlguts.pod ~ pod/perlhacktips.pod ~ pod/perlhist.pod ~ pod/perlpod.pod ~ pod/perlpodspec.pod ~ pod/perlpolicy.pod ~ pod/perlunicook.pod ~ regen/lib_cleanup.pl ~ t/base/lex.t ~ t/base/rs.t ~ t/comp/parser.t ~ t/lib/feature/bundle ~ t/lib/warnings/toke ~ t/op/crypt.t ~ t/op/lex.t ~ t/op/sub.t ~ t/op/taint.t ~ t/op/threads.t ~ t/porting/customized.dat ~ t/re/pat_advanced.t ~ t/re/re_tests ~ t/re/reg_mesg.t ~ t/run/switchd.t ~ utils/h2ph.PL ~ vms/descrip_mms.template ~ win32/Makefile ~ win32/config_H.gc ~ win32/makefile.mk ~ win32/pod.mak ~ win32/win32.c ~ win32/win32.h + pod/perl5202delta.pod + t/perf/taint.t + t/porting/re_context.t > Update to perl 5.20.3 > OK bluhm@ (afresh1@) ~ dist/XSLoader/XSLoader_pm.PL ~ dist/XSLoader/t/XSLoader.t > Apply http://perl5.git.perl.org/perl.git/commitdiff/08e3451d7 > This fixes a bug where XSLoader could try to load from a subdir > of the cwd when called via eval. OK afresh1@ (millert@) ~ patchlevel.h > The XSLoader issue has been assigned CVE-2016-6185 (millert@) == lib =============================================================== 05/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib csu ~ boot.h > Missed a reference to dl_prebind.h > problem noted by Andrew Ngo (andrew.ngo (at) gmail.com) (guenther@) libc ~ sys/pledge.2 > introduces new promise "chown" to allow changing owner/group with *chown(2) > family > it splits PLEDGE_FATTR in two ("fattr" stills grant the 2 flags, so no > functional changes): > - PLEDGE_CHOWN : to be able to call *chown(2) syscalls > - PLEDGE_FATTR : the rest > it introduces "chown" which grant: > - PLEDGE_CHOWN : be able to call *chown(2) > - PLEDGE_CHOWNUID : be able to modifying owner/group > ok deraadt@ tedu@ (semarie@) ~ sys/Makefile.inc > DEBUGLIBS has been broken since the gcc4 switch, so delete it. CFLAGS > contains -g by default anyway > problem noted by Edgar Pettijohn (edgar (at) pettijohn-web.com) > ok millert@ kettenis@ deraadt@ (guenther@) ~ gen/devname.c > Use fstatat() to avoid path surgery. > bug catching and ok millert@ (guenther@) ~ stdlib/malloc.c > J/j is a three valued option, document and fix code to actuall support that > with a little help from jmc@ for the man page bits > ok jca@ and a reluctant tedu@ (otto@) ~ termios/tcsetpgrp.3 > Document that SIGTTOU is sent if the process is in the background. > Adapted from text from tcsetattr(3). (millert@) libcrypto ~ man/BN_add_word.3 > On systems where we do not have BN_ULLONG defined (most 64-bit systems), > BN_mod_word() can return incorrect results if the supplied modulus is > too big, so we need to fall back to BN_div_word. > Now that BN_mod_word may fail, handle errors properly update the man page. > Thanks to Brian Smith for pointing out these fixes from BoringSSL: > https://boringssl.googlesource.com/boringssl/+/67cb49d045f04973ddba0f92fe8a > 8ad483c7da89 > https://boringssl.googlesource.com/boringssl/+/44bedc348d9491e63c7ed1438db1 > 00a4b8a830be > ok beck@ (bcook@) libcurses ~ Makefile > DEBUGLIBS has been broken since the gcc4 switch, so delete it. CFLAGS > contains -g by default anyway > problem noted by Edgar Pettijohn (edgar (at) pettijohn-web.com) > ok millert@ kettenis@ deraadt@ (guenther@) libform ~ Makefile > DEBUGLIBS has been broken since the gcc4 switch, so delete it. CFLAGS > contains -g by default anyway > problem noted by Edgar Pettijohn (edgar (at) pettijohn-web.com) > ok millert@ kettenis@ deraadt@ (guenther@) libkvm ~ kvm.c > use offsetof to create an offset instead of illegal unaligned pointers > ok guenther (tedu@) libmenu ~ Makefile > DEBUGLIBS has been broken since the gcc4 switch, so delete it. CFLAGS > contains -g by default anyway > problem noted by Edgar Pettijohn (edgar (at) pettijohn-web.com) > ok millert@ kettenis@ deraadt@ (guenther@) libpanel ~ Makefile > DEBUGLIBS has been broken since the gcc4 switch, so delete it. CFLAGS > contains -g by default anyway > problem noted by Edgar Pettijohn (edgar (at) pettijohn-web.com) > ok millert@ kettenis@ deraadt@ (guenther@) libssl ~ src/crypto/ocsp/ocsp_vfy.c > Add several fixes from OpenSSL to make OCSP work with intermediate > certificates provided in the response. - makes our newly added > ocsp regress test pass too.. > ok bcook@ (beck@) ~ src/crypto/bn/bn_prime.c ~ src/crypto/bn/bn_word.c ~ src/crypto/dh/dh_check.c > On systems where we do not have BN_ULLONG defined (most 64-bit systems), > BN_mod_word() can return incorrect results if the supplied modulus is > too big, so we need to fall back to BN_div_word. > Now that BN_mod_word may fail, handle errors properly update the man page. > Thanks to Brian Smith for pointing out these fixes from BoringSSL: > https://boringssl.googlesource.com/boringssl/+/67cb49d045f04973ddba0f92fe8a > 8ad483c7da89 > https://boringssl.googlesource.com/boringssl/+/44bedc348d9491e63c7ed1438db1 > 00a4b8a830be > ok beck@ (bcook@) ~ src/crypto/ocsp/ocsp_cl.c > remove unneeded duplicate call - spotted by jsing@ (beck@) ~ src/crypto/dh/dh_key.c ~ src/crypto/rsa/rsa_crpt.c ~ src/crypto/rsa/rsa_eay.c > call BN_init on temporaries to avoid use-before-set warnings > ok beck@ (bcook@) ~ src/ssl/s3_pkt.c > zero the read buffer after copying data to user so it doesn't linger. > ok beck (tedu@) libtls ~ tls.c > Correctly handle an EOF that occurs prior to the TLS handshake completing. > Reported by Vasily Kolobkov, based on a diff from Marko Kreen. > ok beck@ (jsing@) ~ tls.c ~ tls_config.c ~ tls_internal.h > Always load CA, key and certificate files at the time the configuration > function is called. This simplifies code and results in a single memory > based code path being used to provide data to libssl. Errors that occur > when accessing the specified file are now detected and propagated > immediately. Since the file access now occurs when the configuration > function is called, we now play nicely with privsep/pledge. > ok beck@ bluhm@ doug@ (jsing@) ~ tls_config.c > Check that the given ciphers string is syntactically valid and results in > at least one matching cipher suite. > ok doug@ (jsing@) ~ tls.c ~ tls_config.c ~ tls_internal.h > Revert previous - it introduces problems with a common privsep use case. > (jsing@) == libexec =========================================================== 06/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/libexec ftpd ~ ftpd.c > Use fstatat() instead of crafting a filename to use with stat() > ok millert@ (guenther@) ld.so ~ i386/rtld_machine.c > The GOT has been initally mapped RW for *years*; ld.so doesn't need to > mprotect it to RW when filling in the references from the PLT > in snaps for a week, ok deraadt@ (guenther@) - ldconfig/debug.c - ldconfig/library.c - ldconfig/prebind.c - ldconfig/prebind.h - ldconfig/prebind_delete.c - ldconfig/prebind_path.c - ldconfig/prebind_struct.h ~ ldconfig/Makefile ~ ldconfig/ldconfig.8 ~ ldconfig/ldconfig.c + ldconfig/ldconfig_path.c > Nuke prebind support; it's unworkable and we're never going to finish it. > ok guenther@, deraadt@ (kettenis@) - dl_prebind.c - dl_prebind.h - prebind.h ~ Makefile ~ ld.so.1 ~ library.c ~ library_mquery.c ~ loader.c ~ resolve.c ~ resolve.h ~ alpha/syscall.h ~ amd64/syscall.h ~ arm/syscall.h ~ hppa/syscall.h ~ i386/syscall.h ~ m88k/syscall.h ~ mips64/syscall.h ~ powerpc/syscall.h ~ sh/syscall.h ~ sparc/syscall.h ~ sparc64/syscall.h > Remove prebind support: binding to symbol table indices is too fragile > for our development process. > ok kettenis@ deraadt@ (guenther@) == regress =========================================================== 07/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress bin ~ Makefile + cat/Makefile + cat/cat_be.in + cat/cat_be.out + cat/cat_se.in + cat/cat_se.out > Some new tests related to bin/cat.c rev. 1.25, > from Sevan Janiyan <venture37 at geeklan dot co dot uk>. (schwarze@) lib ~ libcrypto/Makefile + libcrypto/ocsp/Makefile + libcrypto/ocsp/ocsp_test.c > Add a nasty little ocsp regress test in the hope pedants will make it > better. (beck@) ~ libcrypto/ocsp/Makefile ~ libcrypto/ocsp/ocsp_test.c > make less awful.. test against cloudflare too (beck@) ~ libcrypto/bn/general/bntest.c > On systems where we do not have BN_ULLONG defined (most 64-bit systems), > BN_mod_word() can return incorrect results if the supplied modulus is > too big, so we need to fall back to BN_div_word. > Now that BN_mod_word may fail, handle errors properly update the man page. > Thanks to Brian Smith for pointing out these fixes from BoringSSL: > https://boringssl.googlesource.com/boringssl/+/67cb49d045f04973ddba0f92fe8a > 8ad483c7da89 > https://boringssl.googlesource.com/boringssl/+/44bedc348d9491e63c7ed1438db1 > 00a4b8a830be > ok beck@ (bcook@) ~ libcrypto/bn/general/bntest.c > remove extra assignment of s from 1.11, fix regression test (bcook@) ~ libcrypto/ocsp/ocsp_test.c > add ca cert error check and make the path configurable > from Kinichiro Inoguchi (bcook@) usr.bin ~ ssh/unittests/test_helper/Makefile > DEBUGLIBS has been broken since the gcc4 switch, so delete it. CFLAGS > contains -g by default anyway > problem noted by Edgar Pettijohn (edgar (at) pettijohn-web.com) > ok millert@ kettenis@ deraadt@ (guenther@) usr.sbin ~ syslogd/args-tls-cafile-default.pl > Now libtls is always reading cert.pem during tls_config_new(). > Adapt ktrace count in syslogd test. (bluhm@) == sbin ============================================================== 08/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin route ~ route.c > only print one error, not multiple misleading messages (tedu@) savecore ~ savecore.c > Drop support for the undocumented second argument (same as -N option) > ok deraadt@ (guenther@) sysctl ~ sysctl.8 > Remove kern.random remnants; OK deraadt@ (tim@) == share ============================================================= 09/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share man ~ man5/mk.conf.5 > DEBUGLIBS has been broken since the gcc4 switch, so delete it. CFLAGS > contains -g by default anyway > problem noted by Edgar Pettijohn (edgar (at) pettijohn-web.com) > ok millert@ kettenis@ deraadt@ (guenther@) ~ man4/Makefile > Hook up the pcfrtc(4) manual; OK kettenis@ (tim@) ~ man5/malloc.conf.5 > J/j is a three valued option, document and fix code to actuall support that > with a little help from jmc@ for the man page bits > ok jca@ and a reluctant tedu@ (otto@) ~ man4/Makefile + man4/maxrtc.4 > Add man page for the maxrtc(4) I2C driver. (mglocker@) ~ man4/man4.armv7/imx.4 > ehci no longer attaches to imx (jsg@) misc ~ inter.phone > spelling; from Ilya dot Kaliman at gmail dot com (schwarze@) ~ airport > consistent spelling of "Moscow"; Ilya dot Kaliman at gmail dot com > (schwarze@) mk ~ bsd.own.mk > gcc's -fvisibility=hidden isn't the behavior we wanted when cleaning up > symbol exports, so delete ${VISIBILITY_HIDDEN} as unused > ok kettenis@ deraadt@ (guenther@) ~ bsd.README ~ bsd.lib.mk ~ bsd.own.mk > DEBUGLIBS has been broken since the gcc4 switch, so delete it. CFLAGS > contains -g by default anyway > problem noted by Edgar Pettijohn (edgar (at) pettijohn-web.com) > ok millert@ kettenis@ deraadt@ (guenther@) zoneinfo ~ datfiles/africa ~ datfiles/europe > Update to tzdata2016f from from ftp.iana.org. (millert@) == sys =============================================================== 10/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys arch/amd64/stand ~ Makefile.inc > DEBUGLIBS has been broken since the gcc4 switch, so delete it. CFLAGS > contains -g by default anyway > problem noted by Edgar Pettijohn (edgar (at) pettijohn-web.com) > ok millert@ kettenis@ deraadt@ (guenther@) arch/armv7/conf ~ GENERIC ~ RAMDISK > Dynamically attach i.MX6 ehci(4) using the FDT. > ok jsg@ (kettenis@) ~ GENERIC ~ RAMDISK > Dynamically attach imxgpio(4) using the FDT. (kettenis@) arch/armv7/imx ~ files.imx ~ imx.c ~ imxehci.c > Dynamically attach i.MX6 ehci(4) using the FDT. > ok jsg@ (kettenis@) ~ if_fec.c > Perform PHY-specific initialization based on the PHY ID instead of the > board ID for the AR8031/AR8035. > ok jsg@ (kettenis@) ~ imx.c ~ imx6.c > Simplify the i.MX6 platform code. The list of board devices is now > (essentially) the same for all boards, so we can use a single list and > match based on the compatible property of the root node in the device tree. > ok jsg@ (kettenis@) ~ if_fec.c ~ imxehci.c ~ imxesdhc.c ~ imxiic.c ~ imxiomuxc.c ~ imxiomuxcvar.h ~ imxuart.c > Add support for handling pinctrl device tree bindings to imxiomuxc(4). > These are used to do board-specific setup of mux settings and pad > configuration. > ok jsg@, patrick@ (kettenis@) ~ files.imx ~ imx.c ~ imxgpio.c > Dynamically attach imxgpio(4) using the FDT. (kettenis@) ~ imxiomuxc.c > Fix typo. Pointed out by patrick@ (kettenis@) ~ imxiomuxc.c > Not all i.MX6 devices have a pinctrl property in their device nodes. > In that case, soft fail and return instead of allocating buffer with > a bogus size. > ok kettenis@ (patrick@) arch/armv7/omap ~ if_cpsw.c > Use mac address and phy id from the fdt. Store settings for a second > port as well, though we still only handle a single port for now. > ok kettenis@ (jsg@) ~ am335x.c ~ omap3.c ~ omap4.c > Remove now unused definitions for drivers that have been converted to > use the fdt. (jsg@) ~ omap.c > Instead of attaching the omap device based on board ids follow imx > and match based on the compatible property of the root node in the fdt. > Each of am33xx, omap3, and omap4 have their own list of devices to > attach. (jsg@) arch/hppa/stand ~ Makefile.inc > DEBUGLIBS has been broken since the gcc4 switch, so delete it. CFLAGS > contains -g by default anyway > problem noted by Edgar Pettijohn (edgar (at) pettijohn-web.com) > ok millert@ kettenis@ deraadt@ (guenther@) arch/i386/stand ~ Makefile.inc > DEBUGLIBS has been broken since the gcc4 switch, so delete it. CFLAGS > contains -g by default anyway > problem noted by Edgar Pettijohn (edgar (at) pettijohn-web.com) > ok millert@ kettenis@ deraadt@ (guenther@) arch/macppc/pci ~ pci_machdep.c > On Quad-G5 make hpb(4) attach first when iterating PCI buses. > This allows openpic(4) to properly map interrupt for the devices > instead of possibly dereferencing garbage. > Found the hardway by and ok jmatthew@ (mpi@) arch/octeon/conf ~ GENERIC ~ RAMDISK ~ files.octeon > Add openprom(4) for octeon. > ok kettenis@ deraadt@ jasper@ (visa@) arch/octeon/dev ~ cn30xxfau.c ~ cn30xxfauvar.h ~ cn30xxpow.c > Use the synciobdma instruction instead of the sync instruction for > flushing any pending local IOBDMA operations. The sync instruction is > overkill because it implies a full memory barrier. > ok jasper@ (long time ago) (visa@) arch/octeon/include ~ conf.h + openpromio.h > Add openprom(4) for octeon. > ok kettenis@ deraadt@ jasper@ (visa@) ~ octeonvar.h > Use the synciobdma instruction instead of the sync instruction for > flushing any pending local IOBDMA operations. The sync instruction is > overkill because it implies a full memory barrier. > ok jasper@ (long time ago) (visa@) arch/octeon/octeon ~ conf.c + openprom.c > Add openprom(4) for octeon. > ok kettenis@ deraadt@ jasper@ (visa@) ~ openprom.c > Remove debug code that slipped in. (visa@) arch/sparc64/conf ~ RAMDISK > Add nep(4). (kettenis@) dev - videovar.h ~ video.c > Move videovar.h in to video.c since it isn't used anywhere else. > Suggested by mpi@ diff from Patrick Keshishian. > ok mpi (mglocker@) dev/acpi ~ acpireg.h > Rename apic_proc_uid field to acpi_proc_uid in the acpi_madt_x2apic struct. > It is the ACPI processor UID that is stored here. > ok guenther@ (kettenis@) ~ acpimadt.c > Pay attention to Processor Local X2APIC structures. ACPI 6.0 allows these > even for APIC ID values less than 255. Makes secondary CPUs attach on the > HP DL360 gen 9. > tested by jung@ > ok guenther@ (kettenis@) dev/microcode ~ atmel/Makefile ~ kue/Makefile ~ ral/Makefile ~ rum/Makefile ~ tusb3410/Makefile ~ udl/Makefile ~ zydas/Makefile > Build firmware for USB devices on octeon. > ok deraadt@ (visa@) dev/mii ~ miidevs ~ atphy.c > The Atheros PHYs with model ID 7 are the AR8031/AR8033/AR8035 family. > Identify as AR8035 since that one has the lowest revision number. > ok mlarkin@, millert@ (kettenis@) ~ miidevs.h > regen (kettenis@) ~ atphy.c > Initialize the mii_oui field such that fec(4) can look at it. > ok jsg@ (kettenis@) ~ miidevs > Add MICREL KSZ9021 and KSZ9031. (kettenis@) ~ miidevs.h > regen (kettenis@) dev/ofw ~ fdt.c > Fix check for "name" property. Restores synthesised "name" proprties in > eeprom -p output that were lost in revision 1.13. (kettenis@) ~ fdt.c ~ fdt.h ~ openfirm.h > Add interfaces to look up a device tree node by phandle. > ok patrick@, jsg@, visa@ (kettenis@) dev/wscons ~ wsmouse.c > Improve the tracking functions in wsmouse. > ok mpi@ (bru@) kern ~ kern_pledge.c ~ vfs_syscalls.c > introduces new promise "chown" to allow changing owner/group with *chown(2) > family > it splits PLEDGE_FATTR in two ("fattr" stills grant the 2 flags, so no > functional changes): > - PLEDGE_CHOWN : to be able to call *chown(2) syscalls > - PLEDGE_FATTR : the rest > it introduces "chown" which grant: > - PLEDGE_CHOWN : be able to call *chown(2) > - PLEDGE_CHOWNUID : be able to modifying owner/group > ok deraadt@ tedu@ (semarie@) ~ kern_synch.c > switch calculuated thrsleep timeout to unsigned to prevent overflow > into negative values, which later causes a panic. > reported by Tim Newsham at NCC. > ok guenther (tedu@) ~ sys_generic.c > remove some casts that aren't necessary. (tedu@) ~ kern_sig.c ~ kern_synch.c ~ kern_tc.c ~ kern_timeout.c > fix several places where calculating ticks could overflow. > it's not enough to assign to an unsigned type because if the arithmetic > overflows the compiler may decide to do anything. so change all the > long long casts to uint64_t so that we start with the right type. > reported by Tim Newsham of NCC. > ok deraadt (tedu@) ~ vfs_syscalls.c > Return EINVAL for mknod/mknodat when dev is -1 (aka VNOVAL). > OK beck@ tedu@ (millert@) ~ kern_pledge.c > Paranoia: check KTRPOINT() before calling ktrpledge() to guarantee we > can't (in the future) loop from ktrace writing hitting a pledge condition. > diff from Michal Mazurek (akfaew (at) jasminek.net) (guenther@) ~ tty.c > POSIX specifies that if a processing calling tcsetpgrp() is in the > background it shall receive SIGTTOU. Handle TIOCSPGRP like we do > the other tty ioctls that change the terminal. OK deraadt@ guenther@ > (millert@) ~ kern_pledge.c > pledge: use uint64_t instead of int for temporary storing a 64bit integer > affects only 32 bits platform (like i386). > problem spotted and diff from pelikan@ > ok deraadt@ jca@ (semarie@) net ~ art.c ~ rtable.c > Use the _SAFE_ version of SRPL_FOREACH() in rtable_walk_helper() to > prevent an off-by-one when removing entries from the mpath list. > Fix a regression introduced by the refactoring needed to serialize > rtable_walk() with create/delete. > ok jca@ (mpi@) netinet ~ in_pcb.c > Do not use ``rt_addr'' in in{6,}_selectsrc() it doesn't work with magic > addresses set on p2p interfaces. > Found the hardway by naddy@ (mpi@) netinet6 ~ in6_src.c > Do not use ``rt_addr'' in in{6,}_selectsrc() it doesn't work with magic > addresses set on p2p interfaces. > Found the hardway by naddy@ (mpi@) ~ icmp6.c ~ in6.c ~ in6_pcb.c ~ in6_src.c ~ in6_var.h ~ ip6_input.c ~ mld6.c ~ nd6_nbr.c ~ nd6_rtr.c ~ raw_ip6.c > Expand IN6_IFF_NOTREADY, ok bluhm@ (mpi@) ~ ip6_input.c > Move Hop-by-Hop processing into its own function ip6_hbhchcheck(). > This function will help splitting the IPv6 input path in two, in > order to run the first part without KERNEL_LOCK() held. > Tested by Hrvoje Popovski, ok bluhm@ (mpi@) nfs ~ nfs_serv.c > Add missing vput() in error path to prevent a vnode getting stuck with a > stale reference and lock, while it shouldn't hold either. > "makes sense to me" beck@ (natano@) sys ~ pledge.h > introduces new promise "chown" to allow changing owner/group with *chown(2) > family > it splits PLEDGE_FATTR in two ("fattr" stills grant the 2 flags, so no > functional changes): > - PLEDGE_CHOWN : to be able to call *chown(2) syscalls > - PLEDGE_FATTR : the rest > it introduces "chown" which grant: > - PLEDGE_CHOWN : be able to call *chown(2) > - PLEDGE_CHOWNUID : be able to modifying owner/group > ok deraadt@ tedu@ (semarie@) uvm ~ uvm_amap.c > Fix bugs introduced with the amap rework > - The number of slots must be initialized in the chunk of a small amap, > otherwise unmapping() part of a mmap()'d range would delay freeing > of vm_anons for small amaps > - If the first chunk of a bucket is freed, check if the next chunk in > the list has to become the new first chunk > - Use a separate loop for each type of traversal (small amap, by bucket > by list) in amap_wiperange(). This makes the code easier to follow and > also fixes a bug where too many chunks were wiped out when traversing > by list > However, the last two bugs should happen only when turning a previously > private mapping into a shared one, then forking, and then having > both processes unmap a part of the mapping. > snap and ports build tested by krw@, review by kettenis@ (stefan@) == usr.bin =========================================================== 11/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin biff ~ biff.c > biff, mesg, vi: only consider ACCESSPERMS for setting tty mode. > it explicitly removes any S_ISUID|S_ISGID|S_ISTXT bits, instead of letting > pledge(2) silenciously remove them. > ok beck@ deraadt@ (semarie@) doas ~ env.c > rename variable for consistency (tedu@) less ~ screen.c > Pass errret pointer to setupterm() to prevent setupterm() > from calling exit() when given an unknown terminal type. > From Anton Lindqvist, who also upstreamed the fix. (millert@) mandoc ~ man.cgi.8 > sync with mdocml.bsd.lv: mention httpd(8) and slowcgi(8) (schwarze@) ~ tag.c > POSIX requires that a process calling tcsetpgrp(3) from the background > gets a SIGTTOU signal. In that case, do not stop. > Portability issue found while testing on commercial Solaris 9/10/11. > Thanks to opencsw.org for providing me with a testing environment. > (schwarze@) ~ main.c ~ main.h ~ term_ascii.c > ISO C99 7.19.2.5 doesn't like mixing putchar(3) and putwchar(3) on > the same stream, and actually, it fails spectacularly on glibc. > Portability issue pointed out by Svyatoslav Mishyn <juef at openmailbox > dot org> after testing on Void Linux. (schwarze@) ~ mandocdb.c ~ mansearch.c > getopt(3) is declared in <unistd.h>, and <getopt.h> is not needed; > from Joerg Sonnenberger via Thomas Klausner, NetBSD. (schwarze@) ~ cgi.c > Do not treat PATH_INFO as a complete path if it doesn't contain > a manpath. For example, this makes http://man.openbsd.org/mandoc > work as expected. > Bug reported by tb@, reminded by Svyatoslav Mishyn. (schwarze@) ~ Makefile ~ cgi.c ~ man.cgi.8 > Simplify the code and the server setup by deleting the pseudo-manpath > "mandoc" that was used for man.cgi(8) documentation and by assuming > that the apropos(1) and man.cgi(8) manuals are simply installed in > the default manpath. Even though man.cgi(8) is not installed by > default when installing OpenBSD, it is easy to copy it into the > default manpath used for man.cgi(8). > Idea found when considering a question asked by wrant dot com. (schwarze@) ~ read.c > Fix a nasty typo that prevented .so links to gziped manuals > from working in the absence of a mandoc.db(5) database. > Found the hard way by Svyatoslav Mishyn on Crux Linux. (schwarze@) mesg ~ mesg.c > biff, mesg, vi: only consider ACCESSPERMS for setting tty mode. > it explicitly removes any S_ISUID|S_ISGID|S_ISTXT bits, instead of letting > pledge(2) silenciously remove them. > ok beck@ deraadt@ (semarie@) mg ~ fileio.c > Use fstatat() instead of crafting a filename to use with stat() > ok millert@ (guenther@) nc ~ netcat.c > Remove manual file loading (now that libtls does this for us) and adjust > pledge to match. Also use tls_config_error() to provide friendlier error > messages. (jsing@) ~ netcat.c > Revert previous since the libtls change has been reverted. (jsing@) rcs ~ ci.c ~ rcsprog.c ~ rcsutil.c ~ rcsutil.h > The -I flag is documented but not implemented. This fixes that and > also honors the -I flag from ci/co when prompting like GNU RCS. > OK jca@ (millert@) ssh ~ lib/Makefile > DEBUGLIBS has been broken since the gcc4 switch, so delete it. CFLAGS > contains -g by default anyway > problem noted by Edgar Pettijohn (edgar (at) pettijohn-web.com) > ok millert@ kettenis@ deraadt@ (guenther@) ~ mac.c ~ mac.h ~ packet.c > Improve crypto ordering for Encrypt-then-MAC (EtM) mode MAC algorithms. > Previously we were computing the MAC, decrypting the packet and then > checking the MAC. This gave rise to the possibility of creating a > side-channel oracle in the decryption step, though no such oracle has > been identified. > This adds a mac_check() function that computes and checks the MAC in > one pass, and uses it to advance MAC checking for EtM algorithms to > before payload decryption. > Reported by Jean Paul Degabriele, Kenny Paterson, Torben Hansen and > Martin Albrecht. feedback and ok markus@ (djm@) tail ~ forward.c > Modify code added in rev 1.30 to use the correct variable instead of a > different uninitialised one. > ok martijn@ (jsg@) tmux ~ server.c > tmux: only consider ACCESSPERMS for setting mode on socket_path. > it explicitly removes any S_ISUID|S_ISGID|S_ISTXT bits, instead of letting > pledge(2) silenciously remove them. > ok nicm@ beck@ deraadt@ (semarie@) vi ~ cl/cl_term.c > biff, mesg, vi: only consider ACCESSPERMS for setting tty mode. > it explicitly removes any S_ISUID|S_ISGID|S_ISTXT bits, instead of letting > pledge(2) silenciously remove them. > ok beck@ deraadt@ (semarie@) == usr.sbin ========================================================== 12/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin eeprom ~ Makefile > Build eeprom(8) on octeon. > ok kettenis@ deraadt@ jasper@ (visa@) ldpd ~ ldpd.conf.5 > Updated the ldpd.conf man page examples > The man page already contains the definition of the new neighbor-addr and > neighbor-id, but the examples were outdated. Now we may have an LSR-ID that > is different from its address. > ok renato@ (rzalamena@) route6d ~ route6d.c > route6d spring cleanup > Various tweaks and fixes: > - nuke util.h, not needed since pidfile(3) went away > - nuke the rrt_same member of struct riprt, "future use" since import > - mark rtdexit as __dead > - nuke progname handling > - fix pid handling: cache the pid *after* calling daemon(3) > - nuke setting rtm_pid. The kernel is responsible for setting this > in routing messages. > - nuke the useless myseq variable > ok florian@ benno@ millert@ deraadt@ renato@ (jca@) smtpd ~ enqueue.c > add -r option to enqueuer as compat interface for mailx > diff by Richard <[email protected]> (gilles@) syslogd ~ syslog.conf.5 ~ syslogd.c > Allow space-deliminated fields in syslog.conf in addition to > traditional tabs-deliminated fields. This is consistent with what > FreeBSD, NetBSD and Linux do. Adapted from FreeBSD. (millert@) vmd ~ virtio.c > limit each viornd request to 64KB. (mlarkin@) ~ vmm.c > clarify a comment about memory regions (mlarkin@) ~ virtio.c ~ vmm.c > sanity check vm create and run args earlier (mlarkin@) ~ vmm.c > Return 0 on read from PIT control port. Intel explicitly says this is not > supported, and it looks like other emulators/hypervisors do a variety of > different things here. Most return 0, but at least one might return random > garbage. Returning 0 seems safest here, but leave a warning in place for > the logs in case a guest VM does this. (mlarkin@) ~ virtio.c ~ virtio.h ~ vmd.h ~ vmm.c > Prepare vionet to be handled asynchronously to the VCPU thread > This splits the handling of received data into a separate function > that can later be called in parallel to the VCPU thread instead of > handling received packets on VCPU exits only. > It also makes virtq accesses in the rx path safe to run in parallel > to the VCPU thread: the last index into the 'avail' ring the driver > has notified to the host is kept track of. It also makes sure that > the host only writes back to the 'avail' ring instead of modifying > the whole receive virtq. > While there, describe what virtio_vq_info and virtio_io_cfg are used > for, as suggested by mlarkin@ > ok mlarkin@ (stefan@) ypbind ~ ypbind.c > Move to svc_getreq_poll/svc_pollfd. > Stop using select to avoid the weird workarounds for fd_set size. > Also replace calloc with reallocarray. Prompted by a mail by Miod, > cluebat from guenther@. > ok millert@, prodding deraadt@ (jca@) ~ ypbind.c > When making a copy of svc_pollfd, use the correct size. > Also pass the correct fd count to svc_getreq_poll(). > OK jca@ (millert@) =============================================================================== _______________________________________________ owc mailing list [email protected] http://www.squish.net/mailman/listinfo/owc
