OpenBSD src changes summary for 2017-03-26 to 2017-04-02 inclusive ==================================================================
bin/kill distrib/alpha distrib/miniroot distrib/notes distrib/sets etc/root/root.mail etc/signify/openbsd-61-syspatch.pub etc/signify/openbsd-62-syspatch.pub gnu/usr.bin/binutils-2.17 gnu/usr.bin/clang lib/libc lib/libcrypto lib/libssl libexec/comsat libexec/spamd regress/sys sbin/dhclient sbin/fdisk sbin/iked sbin/isakmpd sbin/pfctl share/man share/mk sys/arch/amd64/amd64 sys/arch/amd64/include sys/arch/arm64/arm64 sys/arch/arm64/dev sys/arch/i386/i386 sys/arch/loongson/dev sys/arch/loongson/loongson sys/arch/mips64/mips64 sys/arch/octeon/dev sys/arch/octeon/octeon sys/arch/sgi/sgi sys/conf sys/dev sys/dev/acpi sys/dev/fdt sys/dev/pci sys/dev/pv sys/dev/usb sys/kern sys/net sys/netinet sys/netinet6 usr.bin/less usr.bin/mail usr.bin/mandoc usr.bin/patch usr.bin/ssh usr.bin/systat usr.bin/tail usr.bin/unifdef usr.bin/units usr.sbin/acme-client usr.sbin/bgpd usr.sbin/ikectl usr.sbin/makefs usr.sbin/ocspcheck usr.sbin/pkg_add usr.sbin/radiusd usr.sbin/rtadvd usr.sbin/smtpd usr.sbin/syslogd usr.sbin/syspatch usr.sbin/vmctl usr.sbin/vmd usr.sbin/ypldap == bin =============================================================== 01/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/bin kill ~ kill.c > Use strtonum(3) instead of strtol(3). OK deraadt@ (millert@) == distrib =========================================================== 02/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib alpha ~ Makefile > skip floppyB until more space is found (deraadt@) miniroot ~ install.sub > The default for the "Server directory?" question can possibly come > from either what information is extracted from the cgi server or > from installurl(5). Otherwise a sane default is used. > Based on what server (HTTP_SERVER) is provided by the user decide > on what source to choose from for the default. > At the end of install_http() use the url from the cgi server as the > base for what's written to /etc/installurl if an official mirror was > used. Otherwise trim _url_base and remove the architecture and > snapshots or version part. > This fixes the problem reported by phessler@ which exposed how > fragile the current logic for this was after recent changes. > At this time of the release cycle the kernel presents itself as > release kernel, but we're still pre-release and the sets are still > in the snapshots directory on the mirrors. This was confusing the > installer script. > Thanks to phessler@ for finding this and testing. > Special thanks to tb@ who imposed on himself to try to understand > and review the diffs. > OK tb@, phessler@ (on a similar diff) > 'commit when your are happy' deraadt@ (rpe@) notes ~ arm64/hardware > add overdrive 1000 (jsg@) sets ~ lists/comp/mi > sync (tb@) ~ lists/base/mi > sync (deraadt@) ~ lists/man/mi > sync (deraadt@) == etc =============================================================== 03/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/etc root/root.mail ~ root/root.mail > sync the version of the example package; ok deraadt@ (naddy@) ~ root/root.mail > MDT... (deraadt@) signify/openbsd-61-syspatch.pub + signify/openbsd-61-syspatch.pub > add signify public keys for syspatch for the current and next release > (robert@) signify/openbsd-62-syspatch.pub + signify/openbsd-62-syspatch.pub > add signify public keys for syspatch for the current and next release > (robert@) == gnu =============================================================== 04/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/gnu usr.bin/binutils-2.17 ~ bfd/archive64.c > Fix an out-of-bounds memory access with 64-bit armaps. > OK kettenis@ (visa@) usr.bin/clang ~ clang/Makefile ~ lld/Makefile > Do not clobber the default compiler/linker links unless COMPILER_VERSION is > set to clang. > ok jsg@ (kettenis@) == lib =============================================================== 05/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib libc ~ stdlib/malloc.3 > Stop enumeration all allocation functions, just say "allocation functions" > ok jmc@ deraadt@ (otto@) ~ sys/Makefile.inc > Use .file to convince 'as' to generate proper FILE symbols in the syscall > stubs that aren't actually in files, so that syspatch can figure out what > order the syscall stub objects are in the .so. Use -P to suppress to #line > directives that would override that. Tested with both gcc/gas and clang. > ok deraadt@ (guenther@) ~ sys/pledge.2 > Document the mcast pledge(2) as an addition to inet. > OK deraadt@ (bluhm@) ~ stdlib/malloc.c > small cleanup & optimization; ok deraadt@ millert@ (otto@) ~ sys/Makefile.inc > The hppa version of as(1) requires whitespace before a .file directive, > it may not be in column 0. This kind of thing is very common in GNU > and Linux software because the software was written from the start to > be 'compatible replacements' of vendor software. > ok jsing guenther (deraadt@) ~ stdlib/malloc.3 > rephrase more enumerations of functions (otto@) libcrypto ~ man/Makefile ~ man/UI_new.3 + man/UI_UTIL_read_pw.3 + man/UI_create_method.3 + man/UI_get_string_type.3 > merge new UI documentation from OpenSSL (schwarze@) ~ man/UI_create_method.3 ~ man/UI_get_string_type.3 ~ man/X509_cmp_time.3 > tweak previous; (jmc@) ~ man/X509_cmp_time.3 > reinstate the capitalisation from previous, as advised by schwarze; (jmc@) libssl ~ man/SSL_renegotiate.3 > After i wrote SSL_renegotiate(3) from scratch, OpenSSL also > documented the function. Merge the more detailed descriptions > and the additional documentation of SSL_renegotiate_abbreviated(3) > and SSL_renegotiate_pending(3). > From Matt Caswell, OpenSSL commit 39820637. (schwarze@) ~ man/SSL_get_peer_cert_chain.3 > Fix typo in function name; > from Markus Triska <triska at metalevel dot at> > via OpenSSL commit 1f164c6f. (schwarze@) ~ man/SSL_renegotiate.3 > tweak previous; (jmc@) == libexec =========================================================== 06/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/libexec comsat ~ comsat.c > Prefer pread() over lseek()+read() > open() only needs the mode argument if O_CREAT is present > ok beck@ deraadt@ (guenther@) spamd ~ spamd.8 > note that some hosts never generate tuples and are ignored; > ok beck (jmc@) == regress =========================================================== 07/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress sys + kern/pledge/sockopt/Makefile + kern/pledge/sockopt/sockopt.c > New import: > Call get/setsockopt(2) with various sockets and check which options ~ kern/pledge/Makefile > Link pledge sockopt regression tests to build. (bluhm@) ~ kern/pledge/sockopt/Makefile > Make the test also work with obj directory. > from semarie@ (bluhm@) == sbin ============================================================== 08/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin dhclient ~ options.c > Fix dhclient vis/unvis of strings stored in the leases file. > Replaces incorrect manual emulation of vis() for single, double and > back quotes, dollar signs and back slashes. Just use vis() with > VIS_ALL for these characters. > Should fix problem reported by robert@ with ssid's containing back > slash. (krw@) ~ parse.c > Change parse_string() warning from "filename must be a string" to > "expecting a string". Things other than filenames are parsed here. (krw@) fdisk ~ fdisk.8 ~ part.c > cleanup fdisk(8) partition names used by FAT file systems so they are more > consistent and easier to identify, as outlined here: > - FAT12: FAT12 (01h) > - FAT16: FAT16S (04h), FAT16B (06h), FAT16L (0Eh) > - FAT32: FAT32 (0Bh), FAT32L (0Ch) > nothing in our tree is looking to the strings being replaced for anything > but printing them out, only to the numerical ids taken from disklabel.h > ok krw@, jmc@ (sobrado@) iked ~ ca.c ~ crypto.c ~ iked.8 ~ iked.conf.5 ~ iked.h ~ ikev2.c ~ ikev2.h ~ ikev2_msg.c ~ parse.y > Add support for RFC4754 (ECDSA) and RFC7427 authentication. > These modes provide stronger and more flexible ways for > authentication: while RSA public key auth relies on SHA-1 hashes, the > news modes use SHA2-256 and up to SHA2-512 hashes. > Original diff from markus@ with patches from mikeb@ and me. > OK mikeb@ patrick@ (reyk@) ~ iked.h ~ ikev2.c ~ ikev2_msg.c ~ ikev2_pld.c ~ types.h > Add support to reflect the responder IKEv2 COOKIE. > This fixes connecting to Azure VPN and other implementations that > implement the IKEv2 COOKIE mechanism on the responder side. Azure > decides to send you a responder COOKIE after too many connection > attempts - we have to keep it and reflect it to establish a > connection. This implementation is only for the initiator (client) > side, we do not support sending COOKIEs on the responder (server) side > yet. > OK patrick@ mikeb@ (reyk@) ~ config.c ~ ikev2.c ~ pfkey.c > Fix another iked leak of SAs in pfkey_sa(), copy tags correctly. > Diff from markus@ > OK mikeb@ patrick@ (reyk@) ~ config.c ~ crypto.c ~ ikev2.c ~ pfkey.c > spacing (reyk@) ~ config.c ~ iked.h ~ ikev2.c ~ parse.y ~ types.h > Factor out flows into separate configuration messages > We reach an imsg payload limit with just a few traffic selectors > so in order to load more we need to split them up and send separately. > Suggested and OK reyk (mikeb@) ~ iked.conf.5 > correct verb pattern; (jmc@) ~ dh.c ~ dh.h ~ iked.h ~ ikev2.c ~ ikev2_pld.c > Don't cache the DH group in the policy > When tearing IKE SA down, the DH group referred by it is destroyed, > however it remains cached in the policy. With the introduction of > IKE SA rekeying we have extended the life of this dangling pointer > by reusing it on new SAs. So instead of caching the pointer in the > policy we can store the DH group ID and create a DH group on demand > using this parameter if it's specified. > With and OK reyk (mikeb@) ~ ikev2.c > Returning -1 in an imsg handler like ikev2_dispatch_cert aborts iked. > -1 means "I didn't handle or know this imsg", it should not be used to > indicate an application error in this context. > OK mikeb@ (reyk@) ~ ikev2.c > Don't send informational responses before we're having the key material. > iked starts sending keepalive messages after authentication and after > successfully completing the handshake. Other implementations, like > we've seen on Microsoft Azure, start sending keepalive messages right > after receiving the first SA_INIT message when they set up the key > material, even before we received the SA_INIT response to complete the > DH exchange. The solution is to ignore early keepalive messages > before we're ready to encrypt our response, in the transition between > SA_INIT and AUTH. The peer should still accept one or more missed > keepalives. > OK mikeb@ (reyk@) ~ parse.y > Remove RSA from the list of keywords, lookup is now done in a table. > This lets us configure explicit old-style RSA again. > OK mikeb@ (reyk@) ~ ca.c > Add helpful debug messages to tell us why public key authentication failed. > This is currently only visible in debug mode (eg. iked -dvv), some > debug messages will be turned into regular warnings later. > OK claudio@ deraadt@ (reyk@) ~ ikev2.c > Only close the SA if an error happens before ikev2_msg_init() was called > to make sure we do not run ikev2_msg_cleanup() on an unitialized stack > variable. > ok deraadt@ reyk@ (patrick@) isakmpd ~ field.c > Check return value of asprintf(), and don't use 0 as a char * > Started by, and ok, deraadt@ (tom@) pfctl ~ pfctl.c > rather than printing the wrong function name, dont print it at all. > found by Klemens Nanni (benno@) == share ============================================================= 09/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share man ~ man7/pkgpath.7 > Fix a typo: /usr/port => /usr/ports > OK sthen@ (fcambus@) ~ man4/inet6.4 > various fixes to bring this page up to date a little; > help/ok bluhm (jmc@) ~ man7/packages.7 > Fix broken PKG_PATH example link, ftp://ftp.openbsd.org is no more. > OK sthen@ (fcambus@) ~ man9/mbuf.9 > m_devget() lost its ipf pointer argument, update man page. (claudio@) ~ man4/Makefile ~ man4/acpibat.4 + man4/acpisbs.4 > add a manpage for acpisbs, remove caveat from acpibat (jcs@) ~ man4/acpi.4 > Xr acpisbs (jcs@) mk ~ bsd.lib.mk > The support in 'ar' for 'D'eterministic builds has been in for weeks, > so start using it to make archives (mostly) detereministic for syspatch > ok millert@ deraadt@ kettenis@ (guenther@) == sys =============================================================== 10/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys arch/amd64/amd64 ~ vmm.c > Suppress AVX from the extended CPUID flags. Our AVX treatment is currently > incomplete and enabling it leads ubuntu guests to try and use the feature, > with incorrect results. We can re-enable this at a later date when AVX > is properly handled. (mlarkin@) ~ vmm.c > Add "AVX" to the comment above the previous commit. Spotted by reyk > (mlarkin@) ~ vmm.c > discard MSR reads from unknown MSRs instead of passing them through. That > behaviour was needed during early development but not anymore. Suppress > the printf that accompanied these exits since linux guests go probing > wildly into msr-land on each boot. > ok deraadt (mlarkin@) ~ codepatch.c > KNF (jca@) ~ acpi_machdep.c > hibernate_free() should not be called from MD code, acpi_sleep_state() > unwinds that. Upon hibernate fail, this was a collection of double-frees.. > ok claudio mlarkin (deraadt@) ~ acpi_machdep.c > add a newline to an error printf (mlarkin@) ~ vmm.c > typo in debug build (mlarkin@) ~ identcpu.c > add RDTSCP flags to identcpu.c > ok guenther, deraadt (mlarkin@) ~ vmm.c > Properly handle VMX entry controls governing guest processor mode. > Before seabios, this didn't matter much but now it does since various > bootloaders/kernels need such treatment. > ok deraadt (mlarkin@) ~ vmm.c > Filter out RDTSCP, needed to handle solaris guests. We set the VMX control > to enable RDTSCP to 0, so when solaris attempted to use the instruction > (since it wasn't filtered out of CPUID information), the CPU issued an > #UD exception. (mlarkin@) arch/amd64/include ~ specialreg.h > add RDTSCP flags to identcpu.c > ok guenther, deraadt (mlarkin@) arch/arm64/arm64 ~ pmap.c > Previous W^X diff only changed the access permissions in the bootstrap page > tables. We need to set them in the final kernel page tables as well. > ok visa@ (kettenis@) ~ vfp.c > Add an instruction synchronisation barrier instruction after changing > the vfp state via cpacr_el1. This matches the advice given in the > "Synchronization requirements for system registers" section of the ARMv8 > ARM. > Without this an overdrive 1000 with A1120 (Cortex A57 r1p2) reliably > triggers "panic: VFP exception in the kernel" when init(8) is run. > ok drahn@ kettenis@ (jsg@) ~ pmap.c > On ARMv8, the translation table walk is fully coherent so there is no > reason to explicitly flush the cache before invalidating the TLB. The > barrier that is included in out TLB flushing code should be enough to > guarantee that the TLB walking hardware sees the updated page table > contents, so the explicit barriers can go as well. Sanitize the code > immediately surrounding the removed bits while I'm there. > Tested by jsg@, ok drahn@, visa@ (kettenis@) arch/arm64/dev ~ agtimer.c > Switch arm64 generic timer to use virtual timer instead of physical > timer. virtual timer will always be present where physical timer may > be disabled by hypervisor. Other OSes use virtual timer. ok patrick@ > (drahn@) arch/i386/i386 ~ codepatch.c > KNF (jca@) ~ acpi_machdep.c > hibernate_free() should not be called from MD code, acpi_sleep_state() > unwinds that. Upon hibernate fail, this was a collection of double-frees.. > ok claudio mlarkin (deraadt@) ~ acpi_machdep.c > add a newline to an error printf (mlarkin@) ~ cpu.c > Reset ci_curmap to kernel_pmap() in cpu_hatch(). Otherwise the lazy pmap > switching code might think the old pmap is still active after a resume > which could lead to a page fault in the kernel. > ok stsp@, mlarkin@, deraadt@ (kettenis@) arch/loongson/dev ~ apm.c > hibernate_free() should not be called from MD code, acpi_sleep_state() > unwinds that. Upon hibernate fail, this was a collection of double-frees.. > ok claudio mlarkin (deraadt@) arch/loongson/loongson ~ machdep.c > printf format strings should be literals. Reminded by clang. (visa@) arch/mips64/mips64 ~ context.S > Bring back the wait instruction into the idle loop, but only on octeon. > This lets an idle SoC run a bit cooler. > Tested on CN5020, CN6120 and CN7130. (visa@) arch/octeon/dev ~ if_cnmac.c > Drop address conversion cruft. (visa@) arch/octeon/octeon ~ machdep.c > printf format strings should be literals. Reminded by clang. (visa@) arch/sgi/sgi ~ machdep.c > printf format strings should be literals. Reminded by clang. (visa@) conf ~ newvers.sh > move to 6.1 release, drop -beta tag (deraadt@) ~ GENERIC > POOL_DEBUG off for release (deraadt@) ~ newvers.sh > unlock tree, we are now hacking on 6.1-current (deraadt@) dev ~ softraid.c > If the sub-device of a softraid lacks a side-effect io function, return > failure as early as possible. > ok mlarkin claudio (deraadt@) ~ audio.c > Simplify rate/channels/bits bounds checking code. From > Michael W. Bombardieri <mb at ii.net>. Thanks. (ratchov@) dev/acpi ~ acpi.c > Now that hibernate_alloc() only has clean success/failure, don't > need to call hibernate_free() to clean up a partial mess. > ok mlarkin kettenis (deraadt@) ~ acpitz.c > normalize order of arguments to if () (deraadt@) dev/fdt ~ sxiccmu.c ~ sxiccmu_clocks.h > Add support for a few more Allwinner H3 clocks. (kettenis@) ~ sxirtc.c > Reject times in the first year that can be represented by the clock to > catch > RTC clocks that aren't battery powered. > ok deraadt@, millert@, visa@, tom@ (kettenis@) dev/pci ~ pcidevs > shorten vmm strings > ok kettenis@ reyk@ (jsg@) ~ pcidevs.h ~ pcidevs_data.h > regen (jsg@) ~ azalia_codec.c > Add quirk for MacBook Pro 5,5. From Manav Rathi <mnvrth at gmail.com>. > Thanks! (ratchov@) ~ envy.c > Make set_params() return the rate the device is using. Fixes > a wrong rate being reported when a unsupported rate was requested. > (ratchov@) ~ if_iwi.c > Fix iwi(4) regressions. WPA was broken since 6.0 errata 018. > Also, the firmware was rejecting RTS frames so iwi(4) didn't work against > an OpenBSD athn(4) hostap anymore; fix the config sent to firmware. > Prompted by report from bg2200 at jamesjerkinscomputer on misc@ > ok deraadt@ (stsp@) dev/pv ~ vioblkreg.h > Add a #define needed for an upcoming vmd commit (to reflect a failure > when an operation was requested from vioblk host devices that is > not supported except on qemu). (mlarkin@) dev/usb ~ if_athn_usb.c ~ if_atu.c ~ if_kue.c ~ if_otus.c ~ if_rsu.c ~ if_rum.c ~ if_run.c ~ if_uath.c ~ if_upgt.c ~ if_urndis.c ~ if_zyd.c ~ udl.c ~ udl.h ~ ulpt.c ~ usb_subr.c ~ uticom.c ~ uvideo.c > Add sizes to various free(9) calls. Fixing the simpler ones first. > ok natano visa (deraadt@) ~ usb.h ~ umodem.c > Match on class communications subclass abstract control model protocol > 0 "No class specific protocol required" in addition to the existing > protocol 1 "AT Commands: V.250 etc" match. > This lets umodem(4) attach to the serial console on the overdrive 1000 > which is a usb type-b socket on the back of the box not a db9 like the > overdrive 3000. (jsg@) ~ umodem.c > Remove quirks for two devices that are known to be CDC ACM protocol 0 > that are now covered by the generic class matching. (jsg@) ~ if_ure.c > Use m_devget(9) to replace code that does more or less the same but assumes > the received packet fits in a single mbuf cluster, which isn't necessarily > the case. This might fix the pool corruption seen by jcs@. > ok jcs@, jmatthew@, deraadt@ (kettenis@) ~ ehci.c > these free() size choices appear to be wrong. joel has a diff that fixes > them, but for release let's be conservative and use 0. (deraadt@) kern ~ kern_pledge.c > For the tape ioctls, recognize that block devices don't exist anymore. > Also fail if the descriptor is actually a tty. > ok guenther (deraadt@) ~ kern_pledge.c > Inside pledge_ioctl, wrap #if's around the complete sub-blocks. (deraadt@) ~ kern_pledge.c > wrap bpf pledge code in #if BPFFILTER (deraadt@) ~ subr_log.c ~ uipc_syscalls.c > Reorder FREF() and FRELE() in a way that the the global variable > syslogf always points to a file object with increased reference > count. This makes the implementation independent from the fact > whether changing the reference counter may sleep. > pointed out by Mateusz Guzik; OK deraadt@ (bluhm@) ~ subr_hibernate.c > If hibernate_alloc() encounters a problem it should undo the partial > work. > ok mlarkin kettenis (deraadt@) ~ kern_pledge.c > Allow the multicast ttl/hops and loop options with the mcast pledge. > from Matthias Pitzl; OK deraadt@ (bluhm@) ~ kern_pledge.c > correct NBPFILTER #ifdef's > from sthen and others (deraadt@) ~ uipc_socket.c > Less convoluted code in soshutdown() > ok guenther (deraadt@) net ~ if_etherip.c > Don't reject etherip packets if they are protected with IPsec. > This aligns code with documentation & matches what was available before > etherip(4) was split from gif(4). sysctl net.inet.etherip.allow=1 is > still needed to accept etherip packets not protected with IPsec. > Reported by at least Jason Tubnor, ok mikeb@ (jca@) netinet ~ in.c > Fix the prefixlen sent by RTM_NEWADDR on new addresses without masks: > calculate the prefixlen using the address before sending the RTM_NEWADDR > message. > ok claudio@ (rzalamena@) ~ tcp_usrreq.c > Fix tcp stats reporting > Return the sum of per-cpu counters instead of the current cpu's > counters. Brainfart on my side. Analysis and fix by Andrei-Marius Radu. > (jca@) netinet6 ~ nd6.c > Do not invalidate a ND cache at the begining of nd6_free(). > We should not change the state of a cache entry at this point since > the default router selection logic looks at it. Instead, invalidate > the cache just before deleting the corresponding route entry, if it > applies. > Fixes a regression reported by semarie@ > ok bluhm@ (mpi@) == usr.bin =========================================================== 11/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin less ~ line.c > The character buffer should be resized using recallocarray() > ok millert and nicm a while ago (deraadt@) mail ~ edit.c > Prevent edit'ing a message from corrupting the mailbox. In an mbox file > every message is terminated by an empty line, so we have to make sure it > is preserved. Otherwise the message is combined with the next one. > joint effort with deraadt and millert (natano@) mandoc ~ apropos.1 ~ man.1 ~ mandoc.1 > Simplify: mention at one place that -fkl override each other, > rather than stating it separately for each option. > Suggested, OKed, and tweaked by jmc@. (schwarze@) ~ mandoc.1 > For some options that are rarely needed in mandoc(1), > delete the descriptions and point to man(1) instead. > Inspired by apropos.1 rev. 1.35. (schwarze@) ~ apropos.1 ~ main.c ~ man.1 ~ mandoc.1 > simplify the SYNOPSIS as well, just like the option lists; > suggested by and OK jmc@ (schwarze@) patch ~ pch.c > One string buffer can use recallocarray() to ensure that the address space > doesn't get dribbled with known contents. > ok otto millert tobias (deraadt@) ssh ~ authfile.c > incorrect renditions of this quote bother me (deraadt@) systat ~ iostat.c > Make dma range buffer cache pages visible in systat io > ok deraadt@ (beck@) tail ~ read.c > Change a reallocarray+bzero into recallocarray. > OK tb@ and deraadt@ (martijn@) unifdef ~ unifdef.c > Replace snprintf(NULL, malloc, snprintf.... with the much better asprintf. > ok millert (deraadt@) units ~ units.lib > update currency exchange rates; (jmc@) == usr.sbin ========================================================== 12/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin acme-client ~ http.c ~ keyproc.c > recallocarray() for data buffer from the net. > ok beck (deraadt@) ~ acme-client.conf.5 > account key needs to be in quotes. > ok benno deraadt (tj@) bgpd ~ kroute.c > For IPv6 pass prefix not nexthop as network for connected nexthops back to > the RDE so that the code actually works. > Problem found and reported by Pier Carlo Chiodi (pierky at pierky com) > OK deraadt@ (claudio@) ikectl ~ ikeca.c > set REQ_EXT to x509v3_CA, fixing "ikectl ca XX create" inadvertently broken > in r1.41. ok reyk deraadt (sthen@) makefs ~ msdos/mkfs_msdos.c > add missing braces around a multi line if statement > ok patrick@ deraadt@ (jsg@) ocspcheck ~ http.c > recallocarray() for data buffer from the net. > ok beck (deraadt@) ~ ocspcheck.c > Fail early if an ocep server returns a non-200 http response, there is no > point in trying to parse error pages as an ocsp response. (beck@) ~ ocspcheck.c > use a path of "/" if the URL does not include a trailing / - since > the web server probably doesn't like it, even though you published > the url without the trailing / in the certificate. (hello digicert!) > ok claudio@ (beck@) ~ ocspcheck.c > repair knf & whitespace that jumped out of the screen during review > ok beck (deraadt@) pkg_add ~ pkg_add.1 > spelling fix; ok espie (jmc@) radiusd ~ log.c > Bring radiusd log.c copyright in line with other program's log.c > and other radiusd source files. Remove the LOSS OF MIND clause. > OK henning@ yasuoka@ deraadt@ (bluhm@) rtadvd ~ dump.c > Always use return value of asprintf to determine success/failure, > don't rely upon *ret becoming NULL > ok millert, tom (deraadt@) smtpd ~ ssl.c > Disable client-initiated renegotiation. > ok gilles@ eric@ deraadt@ (jsing@) syslogd ~ syslogd.c > After my previous commit, file descriptor fd_sendsys may be -1 if > socketpair(2) has failed. Do not call ioctl(LIOCSFD) in this case. > OK millert@ (bluhm@) ~ syslogd.c > fix semicolon after if statement in currently uncalled code > ok bluhm@ deraadt@ (jsg@) syspatch ~ syspatch.sh > Be quiet in case /var/syspatch/ is empty and that there's no remote sig > file yet (i.e. when we are in release mode but not released yet). > ok deraadt@ (ajacoutot@) vmctl ~ vmctl.c > Set interface flag to VMIFF_UP when using -i option. This way vmd will make > sure the interfaces are up on startup. > OK deraadt@, reky@ (claudio@) vmd ~ config.c > Use the pseudo-bootloader if the boot image path matches the root disk > path. > This allows to use the non-BIOS on-disk bootloader for testing. It > might go away after release when we feel more confident about BIOS. > OK mlarkin@ (reyk@) ~ mc146818.c > With the updated get_input_data() interface, we need to zero-initialize > the stack variable that we use to store the data otherwise the bytes that > aren't touched by get_input_data() may contain garbage. > ok mlarkin@ (kettenis@) ~ config.c > Don't compare kernel and root disk name if both strings are empty. > This avoids jumping into vmboot in some edge conditions. > OK mlarkin@ (reyk@) ~ virtio.c ~ virtio.h > Implement a missing command in vioblk and allow > MAXPHYS transfers. > This diff (with the others previously committed) allows ubuntu 14.04 > amd64 guests to work. (mlarkin@) ~ i8253.c ~ loadfile_elf.c ~ mc146818.c ~ parse.y ~ pci.c ~ proc.h ~ virtio.h ~ vm.c > die whitespace die die die (deraadt@) ypldap ~ aldap.c > simplify parseval() by allocating a buffer the size of the input string, > which will always be big enough to hold the output string. > ok dlg@ (jmatthew@) =============================================================================== _______________________________________________ owc mailing list [email protected] http://www.squish.net/mailman/listinfo/owc
