OpenBSD src changes summary for 2017-08-06 to 2017-08-13 inclusive ==================================================================
Makefile.cross bin/dd bin/ksh distrib/alpha distrib/amd64 distrib/hppa distrib/i386 distrib/macppc distrib/miniroot distrib/notes distrib/ramdisk distrib/sets distrib/sparc64 etc/examples/bgpd.conf games/caesar games/fortune games/tetris gnu include/errno.h include/tib.h lib lib/csu lib/libc lib/libcrypto lib/libssl lib/libtls libexec/ld.so regress/bin regress/lib regress/libexec regress/misc regress/sbin regress/usr.bin regress/usr.sbin sbin/dhclient sbin/isakmpd sbin/pfctl sbin/pflogd sbin/route sbin/slaacd share/man share/mk sys/arch/alpha/conf sys/arch/amd64/amd64 sys/arch/amd64/conf sys/arch/amd64/include sys/arch/amd64/isa sys/arch/amd64/stand/efiboot sys/arch/arm/arm sys/arch/arm/include sys/arch/arm64/arm64 sys/arch/arm64/conf sys/arch/arm64/dev sys/arch/arm64/include sys/arch/arm64/stand/efiboot sys/arch/armv7/conf sys/arch/armv7/stand/efiboot sys/arch/hppa/conf sys/arch/i386/conf sys/arch/i386/i386 sys/arch/i386/include sys/arch/landisk/conf sys/arch/loongson/conf sys/arch/loongson/include sys/arch/luna88k/conf sys/arch/macppc/conf sys/arch/mips64/include sys/arch/octeon/conf sys/arch/octeon/dev sys/arch/octeon/include sys/arch/sgi/conf sys/arch/sgi/include sys/arch/socppc/conf sys/arch/sparc64/conf sys/arch/sparc64/dev sys/arch/sparc64/sparc64 sys/conf sys/crypto sys/ddb sys/dev/acpi sys/dev/atapiscsi sys/dev/fdt sys/dev/ic sys/dev/pci sys/dev/pv sys/dev/rasops sys/dev/usb sys/dev/wscons sys/kern sys/miscfs/fuse sys/msdosfs sys/net sys/netinet sys/netinet6 sys/nfs sys/sys sys/uvm usr.bin usr.bin/bgplg usr.bin/calendar usr.bin/ctfconv usr.bin/ctfdump usr.bin/mandoc usr.bin/mg usr.bin/netstat usr.bin/openssl usr.bin/ssh usr.bin/tmux usr.sbin/bgpctl usr.sbin/bgpd usr.sbin/httpd usr.sbin/ifstated usr.sbin/ndp usr.sbin/npppctl usr.sbin/npppd usr.sbin/nsd usr.sbin/ntpd usr.sbin/ospf6ctl usr.sbin/ospf6d usr.sbin/rebound usr.sbin/relayd usr.sbin/rtadvd usr.sbin/smtpd usr.sbin/snmpctl usr.sbin/snmpd usr.sbin/switchd usr.sbin/syslogd usr.sbin/unbound usr.sbin/vmctl usr.sbin/vmd == Makefile.cross ==================================================== 01/15 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/Makefile.cross Makefile.cross > Fix cross builds: no clang depend target, no DESTDIR on HOSTCC build > ok patrick@ (drahn@) == bin =============================================================== 02/15 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/bin dd ~ dd.c ~ dd.h ~ misc.c > convert gettimeofday to mono clock. > from Scott Cheloha (tedu@) ksh ~ history.c > Check whether the first two characters of $HISTFILE are the magic > characters of the old binary ksh history file. In that case ignore > the history file after displaying an error once. Prevents annoying > repeated 'history file is corrupt' messages in $HOME on NFS setups > suffered by henning and makes the migration from the old to the new > history file format safer. > ok henning, tweaks & ok jca (tb@) ~ main.c ~ ksh.1 > Retire old behavior of requiring root prompt to contain # or \! > Requested by akoshibe and phessler > ok phessler@ anton@ jca@ (guenther@) == distrib =========================================================== 03/15 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib alpha ~ bsd.rd/Makefile ~ common/Makefile.inc ~ inst-common/Makefile.inc > always strip the ctf section from ramdisk kernels > discussed with deraadt@ mpi@ > ok deraadt@ kettenis@ mpi@ (jasper@) amd64 ~ iso/Makefile ~ ramdiskA/Makefile.inc ~ ramdisk_cd/Makefile.inc > strip .SUNW_ctf in the remaining strip invocations > broke amd64/ramdisk_cd as it no longer fit; spotted by jsg@ > ok deraadt@ mpi@ (jasper@) hppa ~ ramdisk/Makefile > always strip the ctf section from ramdisk kernels > discussed with deraadt@ mpi@ > ok deraadt@ kettenis@ mpi@ (jasper@) i386 ~ common/Makefile.inc ~ iso/Makefile > strip .SUNW_ctf in the remaining strip invocations > broke amd64/ramdisk_cd as it no longer fit; spotted by jsg@ > ok deraadt@ mpi@ (jasper@) macppc ~ ramdisk/Makefile > strip .SUNW_ctf in the remaining strip invocations > broke amd64/ramdisk_cd as it no longer fit; spotted by jsg@ > ok deraadt@ mpi@ (jasper@) miniroot ~ install.sub > Fix a bug introduced in r1.1028 while switching enable_network() > from _hn to _if. > Found by Pontus Lundkvist (rpe@) notes ~ armv7/prep ~ arm64/prep > Avoid raw devices when dd'ing U-Boot. Avoids cases that might require > conv=sync. Discussed with kettenis some time ago. (jsg@) ~ armv7/prep > mention raw SD card offset for U-Boot on Rockchip RK3xxx (jsg@) ramdisk ~ Makefile > always strip the ctf section from ramdisk kernels > discussed with deraadt@ mpi@ > ok deraadt@ kettenis@ mpi@ (jasper@) sets ~ lists/base/md.alpha ~ lists/base/md.amd64 ~ lists/base/md.armv7 ~ lists/base/md.hppa ~ lists/base/md.i386 ~ lists/base/md.landisk ~ lists/base/md.loongson ~ lists/base/md.luna88k ~ lists/base/md.macppc ~ lists/base/md.octeon ~ lists/base/md.sgi ~ lists/base/md.socppc ~ lists/base/md.sparc64 ~ lists/comp/gcc.alpha ~ lists/comp/gcc.amd64 ~ lists/comp/gcc.armv7 ~ lists/comp/gcc.hppa ~ lists/comp/gcc.i386 ~ lists/comp/gcc.landisk ~ lists/comp/gcc.loongson ~ lists/comp/gcc.luna88k ~ lists/comp/gcc.macppc ~ lists/comp/gcc.octeon ~ lists/comp/gcc.sgi ~ lists/comp/gcc.socppc ~ lists/comp/gcc.sparc64 > sync (jsg@) ~ lists/base/mi > sync (jsg@) ~ lists/comp/mi > sync (deraadt@) ~ lists/comp/md.loongson ~ lists/comp/md.octeon ~ lists/comp/md.sgi > sync (visa@) ~ lists/comp/mi > sync (jsg@) sparc64 ~ bsd.rd/Makefile > always strip the ctf section from ramdisk kernels > discussed with deraadt@ mpi@ > ok deraadt@ kettenis@ mpi@ (jasper@) == etc =============================================================== 04/15 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/etc examples/bgpd.conf ~ examples/bgpd.conf > Add manpage update for new grouping feature '{from,to} {i,e}bgp' > OK phessler@ (job@) == games ============================================================= 05/15 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/games caesar ~ caesar.c > convert source code frequencies to match those in the man page (tedu@) fortune ~ fortune/fortune.c > Treat backspace as printable in sanitize() for non-UTF8 locales. > Fixes printing of fortunes that use a combination of backspace and > underbars for underlining in non-UTF8 locales. OK schwarze@ (millert@) tetris ~ input.c ~ input.h ~ tetris.c ~ tetris.h > replace gettimeofday with monotonic gettime. from Scott Cheloha > ok tb (tedu@) == gnu =============================================================== 06/15 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/gnu gnu ~ llvm/tools/clang/lib/Sema/SemaChecking.cpp > Actually enable the kprintf format attribute. > ok florian@ (kettenis@) ~ lib/Makefile > Unlink libobjc. It is not used in base, and ports are pulling in libobjc2 > from ports. > ok bluhm@ sebastia@ dcoppa@ (mortimer@) == include =========================================================== 07/15 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/include errno.h ~ errno.h > ___errno (three underbars) is long gone (guenther@) tib.h ~ tib.h > fix typo in comment (guenther@) == lib =============================================================== 08/15 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib lib ~ check_sym > Use getopts for option parsing > Add -v for verbose (relocation) output > Fix an existence check (guenther@) csu ~ aarch64/md_init.h ~ alpha/md_init.h ~ arm/md_init.h ~ hppa/md_init.h ~ i386/md_init.h ~ mips64/md_init.h ~ powerpc/md_init.h ~ sh/md_init.h ~ sparc64/md_init.h > _dl_printf is no longer referenced by RELOC_{JMPREL,DYN,GOT}; delete the > stub > ok kettenis@ (guenther@) ~ Makefile > Fix dependency generation: pass ${DFLAGS} and -MF explicitly > problem noted by deraadt@ > ok espie@ (guenther@) libc ~ gen/syslog_r.c > Since sendsyslog(2) handles the LOG_CONS parameter, the variable > conp in syslog(3) is unused. Remove dead code. > OK jca@ deraadt@ (bluhm@) ~ gen/syslog_r.c > Kernel sendsyslog(2), libc syslog(3), and syslogd(8) restrict and > truncate the length of a syslog message to 8192 bytes. Use one > global define LOG_MAXLINE for all of them. > OK deraadt@ millert@ (bluhm@) ~ gen/sysctl.3 > Stop running nd6_expire every second. > We know when pltime or vltime decrease to zero. Run nd6_expire then. > Input & OK mpi, bluhm (florian@) ~ sys/Makefile.inc > Instead of hardcoding a partial dependency list for the syscall stub > objects, > calculate them as done for other objects (guenther@) ~ gen/getlogin.c ~ gen/rewinddir.c ~ stdlib/abort.c ~ stdlib/exit.c > Minimize #includes, particularly to avoid thread_private.h > ok tedu@ (guenther@) ~ sys/Makefile.inc ~ sys/ktrace.2 > add fktrace to libc (tedu@) libcrypto ~ opensslv.h > bump to 2.6.1 (bcook@) ~ chacha/chacha-merged.c > Convert the sigma and tau initialisers to byte arrays, rather than using > strings. The original code is perfectly valid C, however it causes some > compilers to complain since it lacks room for a string NUL terminator and > the compiler is not smart enough to realise that these are only used as > byte arrays and never treated as strings. > ok bcook@ beck@ inoguchi@ (jsing@) ~ modes/ctr128.c ~ modes/gcm128.c ~ modes/xts128.c ~ rc4/rc4_enc.c > move endian/word size checks from runtime to compile time > ok guenther@ (bcook@) ~ Makefile > Switch to -Werror with clang for libressl. > Discussed with beck@ and jsing@ > ok beck@ (doug@) ~ asn1/a_time_tm.c ~ asn1/asn1_locl.h ~ x509/x509_vfy.c > Add ability to clamp a notafter to values representable in a 32 bit time_t > This will only be used in portable. As noted, necessary to > make us conformant to RFC 5280 4.1.2.5. > ok jsing@ bcook@ (beck@) libssl ~ s3_lib.c > Fix conditionals for DH controls. (jsing@) ~ s3_lib.c > Remove unnecessary curly braces and unindent. Also add a few blank lines > for readability. (jsing@) ~ s3_lib.c > Start splitting out controls into individual functions, so that they can > eventually be exposed as direct functions/symbols. (jsing@) ~ s3_lib.c > Split more controls into individual functions. (jsing@) ~ s3_lib.c > Split out the remaining SSL controls into individual functions. (jsing@) ~ s3_lib.c > Be consistent and return from each SSL control case, rather than breaking > from some. (jsing@) ~ s3_lib.c > Start splitting out SSL_CTX controls into individual functions, so that > they can eventually be exposed as direct functions/symbols. (jsing@) ~ s3_lib.c > Split out the remaining SSL_CTX controls into individual functions. > (jsing@) ~ s3_lib.c > Consistently return from each SSL/SSL_CTX control case, rather than > breaking from some and returning from others. (jsing@) ~ ssl_lib.c ~ ssl_locl.h ~ t1_lib.c > Pull out the code that identifies if we have an ECC cipher in the cipher > list or if we are negotiating an ECC cipher in the handshake. This dedups > some of the existing code and will make the EC extension rewrites easier. > ok doug@ (jsing@) ~ s3_lib.c ~ ssl.h ~ ssl_cert.c ~ ssl_lib.c ~ ssl_locl.h ~ ssl_srvr.c ~ t1_lib.c > Clean up the EC key/curve configuration handling. > Over the years OpenSSL grew multiple ways of being able to specify EC keys > (and/or curves) for use with ECDH and ECDHE key exchange. You could specify > a static EC key (SSL{_CTX,}_set_tmp_ecdh()), use that as a curve and > generate ephemeral keys (SSL_OP_SINGLE_ECDH_USE), provide the EC key via > a callback that was provided with insufficient information > (SSL{_CTX,}_set_tmp_ecdh_cb()) or enable automatic selection and generation > of EC keys via SSL{_CTX,}_set_ecdh_auto(). This complexity leads to > problems (like ECDHE not being enabled) and potential weird configuration > (like being able to do ECDHE without the ephemeral part...). > We no longer support ECDH and ECDHE can be disabled by removing ECDHE > ciphers from the cipher list. As such, permanently enable automatic EC > curve selection and generation, effectively disabling all of the > configuration knobs. The only exception is the > SSL{_CTX,}_set_tmp_ecdh() functions, which retain part of their previous > behaviour by configuring the curve of the given EC key as the only curve > being enabled. Everything else becomes a no-op. > ok beck@ doug@ (jsing@) ~ ssl_locl.h ~ ssl_tlsext.c ~ ssl_tlsext.h ~ t1_lib.c > Rewrite the ECPointFormats TLS extension handling using CBB/CBS and the > new extension framework. > input + ok jsing@ (doug@) ~ ssl_tlsext.c ~ ssl_tlsext.h > Add doug@'s copyright since he just added code to these two files. (jsing@) ~ s3_lib.c ~ ssl_locl.h ~ ssl_srvr.c > Convert ssl3_send_certificate_request() to CBB. > ok beck@ doug@ (jsing@) ~ ssl_locl.h ~ ssl_tlsext.c ~ ssl_tlsext.h ~ t1_lib.c > Rewrite EllipticCurves TLS extension handling using CBB/CBS and the new > extension framework. > input + ok jsing@ (doug@) ~ ssl_lib.c > style(9) in ssl_set_cert_masks(). (jsing@) ~ ssl_lib.c > I don't think eay will ever fix this... (jsing@) ~ man/SSL_alert_type_string.3 > remove bogus ".POD" from .Dt name; noticed by jsing@ (schwarze@) ~ bs_cbb.c > Clear the child pointer in CBB_cleanup(), so that we have fewer pointers > hanging around to potentially invalid address space. > Discussed with beck@ and doug@ (jsing@) ~ s3_lib.c ~ ssl_algs.c ~ ssl_both.c ~ ssl_cert.c ~ ssl_clnt.c ~ ssl_lib.c ~ ssl_locl.h ~ ssl_srvr.c ~ t1_lib.c > Remove support for DSS/DSA, since we removed the cipher suites a while > back. > ok guenther@ (jsing@) ~ man/SSL_CTX_set_tmp_rsa_callback.3 > Remove lots of outdated information found by jsing@. > OK jsing. (schwarze@) ~ man/Makefile ~ man/SSL_CTX_set_tmp_dh_callback.3 ~ man/ssl.3 + man/SSL_set_tmp_ecdh.3 > New manual page SSL_set_tmp_ecdh(3) written from scratch. > Feedback and OK jsing@. (schwarze@) ~ man/Makefile ~ man/SSL_CTX_set_cipher_list.3 ~ man/SSL_set_tmp_ecdh.3 ~ man/ssl.3 + man/SSL_CTX_set1_groups.3 > Import the SSL_CTX_set1_groups(3) manual page from OpenSSL, deleting > the read accessors we don't have and fixing the prototypes - the > data type of each and every argument differs in the OpenSSL manuals. > Reference the new page from SSL_set_tmp_ecdh(3) as suggested by jsing@. > (schwarze@) ~ s3_lib.c ~ ssl_clnt.c ~ ssl_lib.c ~ ssl_locl.h ~ ssl_srvr.c ~ t1_lib.c ~ man/SSL_CTX_set_alpn_select_cb.3 > Remove NPN support. > NPN was never standardised and the last draft expired in October 2012. > ALPN was standardised in July 2014 and has been supported in LibreSSL > since December 2014. NPN has also been removed from Chromium in May 2016. > TLS clients and servers that try to use/enable NPN will fail gracefully and > fallback to the default protocol, since it will essentially appear that the > otherside does not support NPN. At some point in the future we will > actually remove the NPN related symbols entirely. > ok bcook@ beck@ doug@ (jsing@) ~ ssl_tlsext.c ~ ssl_tlsext.h ~ t1_lib.c > Rewrite session ticket TLS extension handling using CBB/CBS and the new > extension framework. > ok jsing@ beck@ (doug@) ~ ssl_clnt.c ~ ssl_locl.h ~ ssl_srvr.c ~ ssl_tlsext.c ~ ssl_tlsext.h ~ t1_lib.c > Convert TLS signature algorithms extension handling to the new framework. > ok beck@ doug@ (jsing@) ~ ssl_tlsext.c ~ ssl_tlsext.h ~ t1_lib.c > Rewrite the TLS status request extension to use the new TLS extension > framework. > ok jsing@ (beck@) ~ ssl.h ~ t1_lib.c > Nuke SSL_OP_CRYPTOPRO_TLSEXT_BUG. > This was a workaround for a server that needed to talk GOST to old/broken > CryptoPro clients. This has no impact on TLS clients that are using GOST. > ok bcook@ beck@ doug@ (jsing@) ~ ssl.h ~ t1_lib.c > Remove support for the TLS padding extension. > This was added as a workaround for broken F5 TLS termination, which then > created issues talking to broken IronPorts. The size of the padding is > hardcoded so it cannot be used in any generic sense. > ok bcook@ beck@ doug@ (jsing@) ~ ssl_lib.c > Make SSL{,_CTX}_set_alpn_protos() do atomic updates and handle NULL. > Previously, the code would accept NULL and 0 length and try to > malloc/memcpy it. On OpenBSD, malloc(0) does not return NULL. It could > also fail in malloc and leave the old length. > Also, add a note that this public API has backwards semantics of what you > would expect where 0 is success and 1 is failure. > input + ok jsing@ beck@ (doug@) ~ Makefile > Switch to -Werror with clang for libressl. > Discussed with beck@ and jsing@ > ok beck@ (doug@) ~ t1_lib.c > match function implementation with declaration, ok beck@, doug@ (bcook@) libtls ~ tls.c ~ tls_config.c ~ tls_internal.h > Don't use tls_cert_hash for the hashing used by the engine offloading magic > for the TLS privsep code. Instead use X509_pubkey_digest() because only the > key should be used as identifier. Relayd is rewriting certificates and then > the hash would change. Rename the hash is struct tls_keypair to pubkey_hash > to make clear what this hash is about. > With input and OK jsing@ (claudio@) ~ Symbols.list ~ tls.h ~ tls_client.c ~ tls_config.c ~ tls_internal.h ~ tls_server.c ~ man/tls_config_set_protocols.3 > Add a tls_config_set_ecdhecurves() function to libtls, which allows the > names of the elliptic curves that may be used during client and server > key exchange to be specified. > This deprecates tls_config_set_ecdhecurve(), which could only be used to > specify a single supported curve. > ok beck@ (jsing@) ~ shlib_version > Bump minor due to symbol addition. > Prompted by jsg@, since I apparently left it sitting in my tree... (jsing@) ~ man/tls_config_set_protocols.3 > new sentence, new line; (jmc@) ~ man/tls_client.3 > Document tls_reset(). (jsing@) ~ man/tls_config_set_protocols.3 > Document tls_config_set_dheparams(). (jsing@) ~ Makefile > Switch to -Werror with clang for libressl. > Discussed with beck@ and jsing@ > ok beck@ (doug@) == libexec =========================================================== 09/15 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/libexec ld.so ~ mips64/archdep.h > Get R_MIPS_* defines via <machine/reloc.h>. > OK guenther@ (visa@) == regress =========================================================== 10/15 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress bin ~ ps/user.sh > Use the login name from id -p to compare with ps -o login. This > makes the test pass when invoked by doas. (bluhm@) lib ~ libm/exp/exp.c > use %Lf for printing long double; silences clang warning > ok kettenis@ (robert@) ~ libm/fenv/Makefile ~ libm/fenv/fenv.c > Clang does not support -ffloat-store, so libm fenv test failed on > i386. Gcc uses this option it to store x87 registers to memory. > This reduces precision and enforces rounding which this test checks. > The same effect can be achieved by using a volatile double variable > for the result. This works for both compilers. > OK kettenis@ (bluhm@) + libc/locale/uselocale/Makefile + libc/locale/uselocale/uselocale.c > first draft of tests for newlocale(3), duplocale(3), uselocale(3) > (schwarze@) ~ libssl/tlsext/tlsexttest.c > Rewrite the ECPointFormats TLS extension handling using CBB/CBS and the > new extension framework. > input + ok jsing@ (doug@) ~ libssl/tlsext/tlsexttest.c > Rewrite EllipticCurves TLS extension handling using CBB/CBS and the new > extension framework. > input + ok jsing@ (doug@) ~ libssl/tlsext/tlsexttest.c > Sort by extension/function name. (jsing@) ~ libssl/tlsext/tlsexttest.c > doug@ added code in here as well. (jsing@) ~ libssl/tlsext/tlsexttest.c > Be consistent with goto labels, failure flag and use of FAIL macro. > (jsing@) ~ libssl/client/clienttest.c > Update the TLSv1.2 Client Hello messages, due to the removal of DSA > sigalgs. (jsing@) ~ libcrypto/bn/general/bntest.c > fix resource leaks, ok @guenther (bcook@) ~ libssl/tlsext/tlsexttest.c > errant whitespace (beck@) ~ libssl/ssl/ssltest.c ~ libssl/ssl/testssl > Remove NPN test coverage. (jsing@) ~ libssl/tlsext/tlsexttest.c > Rewrite session ticket TLS extension handling using CBB/CBS and the new > extension framework. > ok jsing@ beck@ (doug@) ~ libssl/tlsext/tlsexttest.c > Add regress coverage for the TLS signature algorithms extension. (jsing@) ~ libssl/tlsext/tlsexttest.c > Rewrite the TLS status request extension to use the new TLS extension > framework. > ok jsing@ (beck@) libexec ~ ld.so/constructor/libaa/aa.C ~ ld.so/constructor/libaa/aa.h ~ ld.so/constructor/libab/ab.C ~ ld.so/constructor/libab/ab.h ~ ld.so/edgecases/test1/libaa_b/aa.c ~ ld.so/edgecases/test1/libaa_g/aa.c ~ ld.so/hidden/test1/test1.c ~ ld.so/hidden/test2/test2.c ~ ld.so/lazy/libfoo/foo.c > Silence most clang warnings in ld.so regress. > OK kettenis@ (bluhm@) misc - objc/Makefile - objc/main.m ~ Makefile > Objective-C has been removed from base, do not test whether compiling > it works. (bluhm@) sbin ~ pfctl/pf10.in ~ pfctl/pf10.loaded ~ pfctl/pf10.ok ~ pfctl/pf10.optimized > In pf.conf the icmp6-type notnbr-unr has been renamed to beyond-unr. > Adapt regress test. (bluhm@) ~ route/Makefile > Test that 'route change' has no effect on a RTF_LOCAL route. (mpi@) ~ route/Makefile > Use "! cmd" for commands that are expected to fail. > Suggested by bluhm@ (mpi@) ~ pfctl/Makefile > add option -N (no domain resolution) > manpage wording and reminder about usage() jmc@ > ok florian@ henning@ (benno@) + pfctl/pfcmdfail1.in + pfctl/pfcmdfail1.ok + pfctl/pfcmdfail1.opts > actually add the files needed by my test. noted by bluhm@, thx (benno@) usr.bin ~ ssh/login-timeout.sh > Remove non-privsep test since disabling privsep is now deprecated. > (dtucker@) ~ ssh/reexec.sh > Remove obsolete privsep=no fallback test. (dtucker@) ~ mandoc/db/out/all.mout > Mandoc no longer uses names that only occur in the SYNOPSIS. > Adapt test. > OK schwarze@ (bluhm@) ~ doas/Makefile > If the user running doas regress is not in the wobj group, switch > to the build user. This allows to run doas with a suitable user > and tests pass when started as root. (bluhm@) usr.sbin + snmpd/Makefile + snmpd/snmpd.sh > Add regression tests for snmpd. Not hooked into regress/usr.sbin/Makefile > yet. > Ok benno@, tb@ (rob@) ~ snmpd/snmpd.sh > Add a wait call between different invocations of snmpd test runs to avoid > failed to bind errors due to SNMP UDP socket: Address already in use. > Discussed and ok jca@. (rob@) ~ snmpd/snmpd.sh > snmpe runs as user _snmpd not _snmp. (rob@) ~ ifstated/ifstated > Use vether instead of physical interfaces for temporary carp creation. > Recommended by and discussed with many. (rob@) ~ Makefile > Hookup ifstated and snmpd regress. Discussed with benno@ and bluhm@. > Ok benno@ (rob@) ~ ifstated/ifstated ~ ifstated/statemachine > Use obj directory instead of a handcrafted working directory. > Pointers from tb@ (rob@) ~ ifstated/Makefile > Forgot to commit updated Makefile for regress test changes using obj > directory. (rob@) == sbin ============================================================== 11/15 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin dhclient ~ kroute.c ~ privsep.c > Simplify logic seeking/checking the interface over > which the current default route exits. > If the dhclient instance owns that interface it > owns resolv.conf and will overwrite it no matter > who created the default route. > Feedback & suggestions claudio@ (krw@) ~ dhclient.c ~ kroute.c > KNF some long lines. (krw@) ~ kroute.c ~ privsep.c ~ privsep.h > Rename resolv_conf_priority() to default_route_index() to > reflect what it does. (krw@) ~ dhclient.c ~ dispatch.c > Add some additional poll() error checking. Remove checks > for EAGAIN as that is not a possible poll() errno. > suggestions & ok guenther@ (krw@) ~ dhcpd.h ~ dispatch.c ~ kroute.c > Stop obsessively flushing the imsg connection. Just > flush any queued messages on getting a POLLOUT. (krw@) ~ dhclient.c ~ dhcpd.h ~ kroute.c ~ privsep.c ~ privsep.h > Add IMSG_SET_RESOLV_CONF and keep the cached contents > in the priv process, so that they do not have to be > continually retransmitted. IMSG_WRITE_RESOLV_CONF > now just triggers a write of the cached info. > Simplifies a bunch of logic. (krw@) ~ privsep.c > Don't write out resolv.conf unless the contents > are changed or dhclient's interface takes over > the default route. (krw@) ~ kroute.c ~ privsep.c ~ privsep.h > Stop trying to outfox the routing table > by labelling dhclient routes. Just use > the route(8) logic when flushing routes. > ok benno@ claudio@ (krw@) ~ dhcpd.h ~ dispatch.c > sig_atomic_t is not (necessarily) an int. Use > SIG_ATOMIC_MAX for INTERNALSIG instead of > INT_MAX. (krw@) ~ dhclient.c ~ dispatch.c ~ privsep.c ~ privsep.h > Simplify HUP handling now that proper error > checks are done on the imsg socket to detect > closure, etc. > Die immediately if the priv process notices > the interface name can't be turned into an > index. (krw@) isakmpd ~ connection.c ~ pf_key_v2.c > Prevent a use-after-free by always passing dynamically allocated > arguments to f_key_v2_connection_check(). > The race can be triggered by sending SIGHUP to the daemon. Note that > this change do not fix the memory leak if exchange_establish() fails. > Reported by MichaÅ Koc. > ok hshoexer@, markus@, henning@ (mpi@) pfctl ~ parse.y ~ pfctl.8 ~ pfctl.c ~ pfctl.h ~ pfctl_parser.c ~ pfctl_parser.h ~ pfctl_radix.c ~ pfctl_table.c > add option -N (no domain resolution) > manpage wording and reminder about usage() jmc@ > ok florian@ henning@ (benno@) pflogd ~ privsep.c > Make not yet implemented pledges more visible in grep output. > input benno, deraadt, tedu > also standardize on #if 0 since it makes tedu's editor vomit. > OK benno, pirofti on a previous version (florian@) route ~ keywords.h ~ keywords.sh ~ route.c > allow "del" in addition to "delete" > from Denis Fondras, positive feedback from sthen@ and deraadt@ > ok jca@ (benno@) ~ route.8 ~ route.c > autodetect AF when setting inet6 default route > From Denis Fondras, thanks! > ok phessler@ bluhm@ (benno@) ~ route.8 > document use of del as short form for delete, from jca > ok schwarze@ (benno@) ~ route.8 > new sentence, new line; (jmc@) slaacd ~ frontend.c > When read(2)'ing from the routing socket only one message is returned. > Clue provided by jca and claudio. > OK jca (florian@) ~ slaacd.c > Make not yet implemented pledges more visible in grep output. > input benno, deraadt, tedu > also standardize on #if 0 since it makes tedu's editor vomit. > OK benno, pirofti on a previous version (florian@) == share ============================================================= 12/15 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share man ~ man4/man4.octeon/octcib.4 ~ man4/man4.octeon/octcit.4 ~ man4/man4.octeon/octciu.4 > Xr octeon interrupt controller drivers. (visa@) ~ man4/puc.4 > add ASIX AX99100 description > ok by jmc@ (uaa@) ~ man4/uplcom.4 > Mention supported Aten UC232A adapter. > ok deraadt@ jca@ jmc@ (anton@) ~ man3/intro.3 > remove libobjc; (jmc@) ~ man5/bsd.regress.mk.5 > Typo fix. > Ok benno@, tb@, tj@, jmc@, schwarze@, phessler@ (rob@) ~ man7/packages.7 ~ man7/ports.7 > Mention that some packages and ports don't work without the wxallowed > mount(8) option on /usr/local and /usr/ports/pobj. > Triggered by a question from Diana Eichert <deichert at wrench dot com>. > OK danj@, and no opposition when shown on ports@. (schwarze@) ~ man9/rwlock.9 > Add rw_assert_anylock(), for assering you have it either read or write > locked > ok tedu@ mpi@ (guenther@) ~ man5/resolv.conf.5 > Bring the dhclient(8) related text into > line with reality. More polishing sure > to follow. > ok beck@ (krw@) ~ man9/pool.9 > New flag PR_RWLOCK for pool_init(9) makes the pool use rwlocks instead > of mutexes. Use this immediately for the pool_cache futex pools. > Mostly worked out with dlg@ during e2k17 > ok mpi@ tedu@ (guenther@) mk ~ bsd.lib.mk > switch the order of substitutions for syspatch object file order to avoid > deleting ../ in the path (robert@) ~ bsd.dep.mk > Let DFLAGS been added to by the per-directory Makefile > ok espie@ (guenther@) == sys =============================================================== 13/15 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys arch/alpha/conf ~ Makefile.alpha > Use ctfstrip(1) by default to strip kernels. > ok deraadt@, jasper@ (mpi@) arch/amd64/amd64 ~ intr.c ~ ioapic.c > Get rid of read_psl() and write_psl() by replacing > read_psl() + disable_intr() with intr_disable(), > and write_psl() with intr_restore(). > OK kettenis@ (visa@) ~ vmm.c > typo in comment (mlarkin@) ~ vmm.c > Expose TSC to vmm guest > This exposes TSC to vmm guest and OpenBSD guests should use it as a > preferred > timecounter on >= skylake. This should improve the clock drift situation. > This > breaks vmctl send and receive (for >= skylake), working on that. > ok mlarkin@ (pd@) ~ vmm.c > fix a few DPRINTFs in vmm.c so that compilation with VMM_DEBUG works > ok mlarkin@ (pd@) ~ db_trace.c > Merge DDBCTF into DDB. (mpi@) ~ vmm.c > vmm: handle IA32_MISC_ENABLE MSR. Bits set in this MSR can result in > some feature flags in CPUID being set or cleared. > ok pd (mlarkin@) arch/amd64/conf ~ Makefile.amd64 > Use ctfstrip(1) by default to strip kernels. > ok deraadt@, jasper@ (mpi@) arch/amd64/include ~ cpufunc.h > Get rid of read_psl() and write_psl() by replacing > read_psl() + disable_intr() with intr_disable(), > and write_psl() with intr_restore(). > OK kettenis@ (visa@) ~ specialreg.h > reorder some MSRs in the MSR list that were out of order. No functional > change; I'll be adding a few new ones and noticed these were misplaced. > (mlarkin@) ~ specialreg.h > Add IA32_MISC_ENABLE MSR and bitfield values, to be used shortly by > vmm(4) (mlarkin@) ~ cpu.h > apmwarn and the ridiculous apmhalt hack sysctls are not relevant here > (tedu@) ~ specialreg.h > add some extra comments that got left out of the previous IA32_MISC_ENABLE > MSR commits (mlarkin@) ~ vmmvar.h > vmm: handle IA32_MISC_ENABLE MSR. Bits set in this MSR can result in > some feature flags in CPUID being set or cleared. > ok pd (mlarkin@) arch/amd64/isa ~ clock.c > don't bother checking diagnostic status (which patrick reports > actually hangs a particular machine) to avoid reporting an error > which is common on modern machines > ok deraadt, patrick (jcs@) arch/amd64/stand/efiboot ~ efiboot.c > Add "machine exit" and "machine poweroff" commands to the arm64 and armv7 > bootloaders. Replace while (1) { } with for (;;) continue; per request > from tom@. > ok tom@, jsg@ (kettenis@) arch/arm/arm ~ arm32_machdep.c > remove apmwarn sysctl which is not used (tedu@) arch/arm/include ~ cpu.h > remove apmwarn sysctl which is not used (tedu@) arch/arm64/arm64 ~ locore0.S > Fix TCR definitions to avoid integer overflow. Rename TCR_ASID_16 to > TCR_AS > to match the official ARM docs. > ok patrick@, tom@ (kettenis@) ~ locore.S ~ sig_machdep.c > Arm64 compilers like many others anymore will use floating point registers > for non-foating point data, so it is important that FPU state be > saved and restored when a signal is delivered. > This diff that performs a save and restore of all of the floating point > registers (not just the callee save registers). It is added to sigcode > running in userland instead of into the kernel with copyin()/copyout() > similar to the code in powerpc (macppc) locore.S (drahn@) ~ support.S > remove duplicated PAGE macros and drop type suffix > ok kettenis@ (jsg@) ~ machdep.c > fix format strings > ok kettenis@ (jsg@) ~ cpu.c ~ pmap.c ~ trap.c > Fix format strings to make the kernel build on arm64 again after the > recent kprintf changes in clang. > ok deraadt@ kettenis@ (jsg@) ~ bus_dma.c > Have bus_dmamem_map() store the virtual address of the mapping such that > we can use it to flush the cache in bus_dmamap_sync() if necessary. > ok patrick@ (kettenis@) ~ vm_machdep.c > Clear pcb_fpcpu of the child upon fork. Not clearing it is probably not > a critical issue as the pointer back to the proc in the struct cpu_info > won't match, but it is better to avoid dangling pointers like this. > ok patrick@, drahn@ (kettenis@) arch/arm64/conf ~ GENERIC > Add glue for the USB3 controller on the rk3399-firefly. (kettenis@) ~ RAMDISK > Add rkdwusb(4) here as well. (kettenis@) ~ Makefile.arm64 > Use ctfstrip(1) by default to strip kernels. > ok deraadt@, jasper@ (mpi@) arch/arm64/dev ~ agintc.c > Fix format strings to make the kernel build on arm64 again after the > recent kprintf changes in clang. > ok deraadt@ kettenis@ (jsg@) arch/arm64/include ~ armreg.h > Fix TCR definitions to avoid integer overflow. Rename TCR_ASID_16 to > TCR_AS > to match the official ARM docs. > ok patrick@, tom@ (kettenis@) ~ param.h ~ vmparam.h > remove duplicated PAGE macros and drop type suffix > ok kettenis@ (jsg@) arch/arm64/stand/efiboot ~ conf.c ~ efiboot.c ~ libsa.h > Add "machine exit" and "machine poweroff" commands to the arm64 and armv7 > bootloaders. Replace while (1) { } with for (;;) continue; per request > from tom@. > ok tom@, jsg@ (kettenis@) arch/armv7/conf ~ Makefile.armv7 > Use ctfstrip(1) by default to strip kernels. > ok deraadt@, jasper@ (mpi@) arch/armv7/stand/efiboot ~ conf.c ~ efiboot.c ~ libsa.h > Add "machine exit" and "machine poweroff" commands to the arm64 and armv7 > bootloaders. Replace while (1) { } with for (;;) continue; per request > from tom@. > ok tom@, jsg@ (kettenis@) arch/hppa/conf ~ Makefile.hppa > Use ctfstrip(1) by default to strip kernels. > ok deraadt@, jasper@ (mpi@) arch/i386/conf ~ Makefile.i386 > Use ctfstrip(1) by default to strip kernels. > ok deraadt@, jasper@ (mpi@) arch/i386/i386 ~ ioapic.c > Get rid of read_psl() and write_psl() by replacing > read_psl() + disable_intr() with intr_disable(), > and write_psl() with intr_restore(). > OK kettenis@ (visa@) ~ db_trace.c > Merge DDBCTF into DDB. (mpi@) arch/i386/include ~ cpufunc.h > Get rid of read_psl() and write_psl() by replacing > read_psl() + disable_intr() with intr_disable(), > and write_psl() with intr_restore(). > OK kettenis@ (visa@) ~ specialreg.h > reorder some MSRs in the MSR list that were out of order. No functional > change; I'll be adding a few new ones and noticed these were misplaced. > (mlarkin@) ~ specialreg.h > Add IA32_MISC_ENABLE MSR and bitfield values, to be used shortly by > vmm(4) (mlarkin@) ~ specialreg.h > add some extra comments that got left out of the previous IA32_MISC_ENABLE > MSR commits (mlarkin@) arch/landisk/conf ~ Makefile.landisk > Use ctfstrip(1) by default to strip kernels. > ok deraadt@, jasper@ (mpi@) arch/loongson/conf ~ Makefile.loongson > Use ctfstrip(1) by default to strip kernels. > ok deraadt@, jasper@ (mpi@) arch/loongson/include + reloc.h > Add a dummy (for now) <machine/reloc.h> for mips64 to fix build. > OK guenther@ (visa@) arch/luna88k/conf ~ Makefile.luna88k > Use ctfstrip(1) by default to strip kernels. > ok deraadt@, jasper@ (mpi@) arch/macppc/conf ~ Makefile.macppc > Use ctfstrip(1) by default to strip kernels. > ok deraadt@, jasper@ (mpi@) arch/mips64/include + reloc.h > Add a dummy (for now) <machine/reloc.h> for mips64 to fix build. > OK guenther@ (visa@) ~ exec.h ~ reloc.h > Make R_MIPS_* defines available via <machine/reloc.h>. > OK guenther@ (visa@) arch/octeon/conf ~ Makefile.octeon > Use ctfstrip(1) by default to strip kernels. > ok deraadt@, jasper@ (mpi@) arch/octeon/dev ~ octcit.c > Clear any pending (edge-triggered) interrupts at setup to avoid > spurious interrupts with newly established handlers. (visa@) ~ octohci.c > Fix a dereference of a bogus pointer. (visa@) arch/octeon/include + reloc.h > Add a dummy (for now) <machine/reloc.h> for mips64 to fix build. > OK guenther@ (visa@) arch/sgi/conf ~ Makefile.sgi > Use ctfstrip(1) by default to strip kernels. > ok deraadt@, jasper@ (mpi@) arch/sgi/include + reloc.h > Add a dummy (for now) <machine/reloc.h> for mips64 to fix build. > OK guenther@ (visa@) arch/socppc/conf ~ Makefile.socppc > Use ctfstrip(1) by default to strip kernels. > ok deraadt@, jasper@ (mpi@) arch/sparc64/conf ~ Makefile.sparc64 > Use ctfstrip(1) by default to strip kernels. > ok deraadt@, jasper@ (mpi@) arch/sparc64/dev ~ vgafb.c > Return WSDISPLAY_TYPE_PCIVGA like we do on macppc. > Pointed out by jsg@ (kettenis@) arch/sparc64/sparc64 ~ openfirm.c > With a CTF kernel, DDB's print command will now pretty-print symbols. > Casting a type is not yet supported. > ok kettenis@, jasper@ (mpi@) conf ~ GENERIC ~ files > Merge DDBCTF into DDB. (mpi@) crypto ~ cryptodev.h > the userland crypto interface died long ago, can clean up the header > (tedu@) ddb ~ db_command.c ~ db_ctf.c ~ db_elf.c ~ db_expr.c ~ db_sym.h > With a CTF kernel, DDB's print command will now pretty-print symbols. > Casting a type is not yet supported. > ok kettenis@, jasper@ (mpi@) ~ db_ctf.c > Remove debugging leftovers, document functions, bump copyright. (mpi@) ~ db_prof.c > Kernel compilation with DDBPROF enabled fails as db_sym_t is no longer > defined (removed in "Kill db_sym_t." from 2017-05-30 11:39 mpi). This > change fixes the problem. > OK mpi@ (nayden@) ~ db_ctf.c > Improve pretty printing of pointers. > ok jasper@ (mpi@) ~ db_ctf.c > Fall back using db_print_cmd() if no CTF data has been found. (mpi@) ~ db_command.c ~ db_sym.h > Merge DDBCTF into DDB. (mpi@) dev/acpi ~ acpi.c > Add "PNP0303" (8042 PS/2 Controller) to acpi_isa_hids[] > ok kettenis@ (dcoppa@) ~ acpithinkpad.c > ignore unknown/boring events by default, which modern thinkpads have > a lot of. > put the spam behind an ACPITHINKPAD_DEBUG define which can be used > when adding support for actually useful buttons. > previous version ok deraadt, phessler, and kettenis (jcs@) dev/atapiscsi ~ atapiscsi.c > Missing break/return statement on switch case > Coverity CID 1453394 > OK deraadt@ (mestre@) ~ atapiscsi.c > Fix previous by calling wdc_atapi_intr_complete() before rerturning. > Suggested by and ok millert@ (mpi@) dev/fdt ~ rkclock.c ~ rkclock_clocks.h > Add RK3399 USB3 related clocks. (kettenis@) ~ files.fdt + rkdwusb.c > Add glue for the USB3 controller on the rk3399-firefly. (kettenis@) ~ xhci_fdt.c > Improve snps,dwc3 support. Enough to make the USB3 controller on the > rk3399-firefly work in USB2 mode. > ok patrick@ (kettenis@) ~ xhci_fdt.c > Set vendor to "Generic" like we do for ehci@fdt. (kettenis@) ~ sximmc.c ~ sxipio.c > Add support for Allwinner A64/H5 device trees that use the official Linux > bindings. The current U-Boot device trees are somewhat broken and keep > the SD-card controller from working. (kettenis@) ~ if_dwge_fdt.c > remove uneeded bpf include (jsg@) dev/ic ~ ar5xxx.c > Fix copy pasto (Coverity CID 1452996), with this it matches the code in > FreeBSD > OK phessler@ and stsp@ (mestre@) ~ rt2661.c > Fix Coverity CID 1453237: With rt2661 chips ral(4) was writing some stack > memory garbage to the hardware while setting up beacon transmission. > The driver left some fields of a struct rt2661_tx_desc on stack > uninitialized. > Zero out the entire struct before using it. > ok mpi@ (stsp@) ~ ahci.c > improve AHCI hibernate writeout performance by doing smaller delay()s > between each I/O. > ok kettenis@, jmatthew@ (mlarkin@) dev/pci ~ pcireg.h > vmd: allow guest PCI interrupt line reassignment. > I also added a couple config space register names to pcireg.h to try and > reduce the use of magic numbers in vmd/pci.c > ok pd@ (mlarkin@) ~ drm/drm_linux.h > Add glue for passing through file+line when WITNESS is enabled > ok kettenis@ (guenther@) ~ mpii.c > Remove a leftover bit that was dereferencing an uninitialized pointer > Coverity CID 1453398; ok deraadt. (mikeb@) ~ azalia.c > Power off all codecs on shutdown to eliminate static noise in speakers > or headphones on reboot. > From Manuel Giraud <manuel () ledu-giraud ! fr> > Tweaks & ok ratchov (tb@) ~ if_iwnreg.h > In iwn(4), fix CID 1199266 "Missing comma in a string array"; only affects > fatal firmware error debug output. (stsp@) ~ if_iwm.c > Fix Coverity CID 1453280: > iwm(4) firmware could cause an out of bounds read of the ic->ic_channels > array by lying about the channel a frame was received on. This array index > is now properly bounds-checked. Not an errata-worthy fix, since the > firmware > has full DMA access anyway. > While here, I noticed another problem: Stop assigning a firmware-derived > value > to ni->ni_chan. The Rx interrupt handler has no business tweaking that > pointer. > ok mpi@ (stsp@) ~ drm/radeon/si.c > Fix copy/paste error, CID 1453558. > ok kettenis@ (mpi@) ~ if_iwm.c > Prevent a NULL pointer deref in iwm(4) which I have seen during testing. > iwm_stop() sets the phy context pointer in the ic_bss node to NULL. > If iwm_stop() runs in parallel to the newstate task, the newstate task can > dereference this pointer in iwn_update_quotas() or iwm_binding_cmd(). > So check the pointer for NULL before derefencing. > This is a quick and dirty workaround. > A proper fix for such task races is still pending. (stsp@) ~ drm/drm_linux.h > Always provide _mtx_* APIs, the use those to simplify the WITNESS wrappers > elsewhere > ok visa@ kettenis@ (guenther@) ~ if_em_hw.c ~ if_em_hw.h > em: Disable ultra-low-power mode on boot > With i219V, it sometimes happens that em fails to attach with this error: > em0: Hardware Initialization Failed > em0: Unable to initialize the hardware > This happens always if booting native Windows 10 first and then rebooting > into > openbsd without switching the laptop off. But it has also been seen in > other > cases. > This change ports the e1000_disable_ulp_lpt_lp() logic from the FreeBSD > driver > to disable ultra-low-power (ULP) mode. This seems to fix the problem in > many > (but not all) cases. > The code has been merged in a way to make the diff from FreeBSD minimal. > For > example, the SWFW register is called H2ME on newer chips, so a new define > is > introduced. Also, the em_toggle_lanphypc_pch_lpt() function is left as > separate > function even if only used in one place at the moment. > ok tom@ > "commit it" deraadt@ (sf@) ~ if_iwm.c ~ if_iwmvar.h > In iwm(4), instead of scheduling a task which calls ieee80211_end_scan(), > call ieee80211_end_scan() directly from interrupt context. > This extra task was already part of the original driver code from 2015 (but > with a workq instead of a task). Back then, the driver had to run two > separate > scan commands in succession, for 2 GHz and then 5 GHz. Which is why a task > was used, since sending another command requires a sleepable context. > Nowadays, with our current firmware, a single scan command is sufficient > so there is no code path which needs to sleep when the scan ends. > ok mpi@ (stsp@) ~ drm/drm_irq.c ~ drm/drm_linux.h > Provide a stub implementation for request_irq() and free_irq(). > Fix Coverity CID 1453484 and reduce diff with Linux. > ok kettenis@ (mpi@) ~ if_iwm.c > Fix iwm(4) channel reporting, broken by my unrelated tweak during commit of > my CID 1453280 fix (r1.205). Some APs were showing up on the wrong channel. > Problem reported by & ok mpi@ (stsp@) ~ if_iwm.c > When iwm_stop() releases the scan lock wake processes sleeping on it. > Fixes ifconfig scan hanging after resume if system suspended during a scan. > ok tb@ (stsp@) ~ if_iwn.c > When iwn_stop() releases the scan lock wake processes sleeping on it. > Fixes ifconfig scan hanging after resume if system suspended during a scan. > ok stsp (tb@) ~ if_iwm.c ~ if_iwmvar.h > Add proper support for iwm(4) firmware's time event. Cancel the event if > it is still scheduled before tearing down firmware state in iwm_unauth(). > This change does not address any particular known issue, but matches what > Linux does. If it causes any problems, let me know. > ok tb@ (stsp@) ~ if_iwm.c > Remove the second parameter of iwm_stop(). It was not used for anything. > No functional change. (stsp@) dev/pv ~ hypervic.c > Fail if unknown type of an address family was specified > Coverity CID 1452981; Severity: unlikely, not user-visible. (mikeb@) ~ if_hvn.c > Fixup upper bound for the completion descriptor identifier > Coverity CID 1452864; Severity: unlikely, not user-visible. (mikeb@) ~ hvs.c > Buffer size for the SCSI vendor string should be 8 char long > A vendor and part of the product string got copied into a larger > on-stack buffer as a result of an out-of-bounds access, however > only 4 characters are meaningful in this context. > Coverity CID 1453206; Severity: insignificant. (mikeb@) ~ hvs.c > Correct the upper bound for the command size before the passthrough > Coverity CID 1453317; Severity: unlikely, not user-visible. (mikeb@) ~ virtio.c > Add missing comma that caused a concatenated string. Fixes printing of > the device names of "9P Transport" and "mac80211 wlan" virtio devices. > Coverity CID 1453254; Severity: Insignificant > OK mikeb@ (reyk@) ~ if_vio.c > Fix copy-paste error in the error path of vio_alloc_mem() that checked > the wrong variable (sc_tx_dmamaps[i] instead of sc_rx_dmamaps[i]). > Coverity CID 1452937; Severity: Minor > OK mikeb@ (reyk@) ~ vioblk.c > sector_count is uninitialized if the SCSI cmdlen is not 6, 10, 12 or > 16 bytes long. This cannot happen. But it is good to silence the > uninitialized variable warning. > Coverity CID 1453104; Severity: Insignificant > OK mikeb@ (reyk@) ~ xenstore.c > Prevent an unlikely resource leak > Coverity CID 1453069; Severity: unlikely, not user-visible. (mikeb@) ~ xen.c > Don't forget to call va_end in xen_hypercall > Coverity CID 1453343 (mikeb@) dev/rasops ~ rasops.c > Fix rotation in combination wth vcons support by calling > rasops_putchar_rotated() within the other rotation support functions. > ok patrick@ (kettenis@) dev/usb ~ umcs.c > Deactivate the device if I/O fails in attach. > Coverity CID 1453399; ok deraadt@ (mpi@) ~ if_umb.c > Remove NET_LOCK()'s argument. > Tested by Hrvoje Popovski, ok bluhm@ (mpi@) ~ if_urtwn.c > Fix Coverity CID 1452915: urtwn(4) would use an uninitialized array index > if a hypothetical and malicious USB device reports no Rx endpoints. > ok mpi@ (stsp@) dev/wscons ~ wsemul_vt100.c > Remove some case statements which have been compiled out since 2000. > OK mpi@ (fcambus@) kern ~ subr_disk.c > Use %hhx instead of %hx to print u_char. Silences clang warning. > ok jca@, florian@ (kettenis@) ~ subr_disk.c > Turns out gcc complains about %02hhx. So simply use %02x instead. This is > accepted by both clang and gcc and safe given that varargs arguments are > promoted to int anyway. Using %h in the kernel is discouraged anyway > according > to bluhm@. > Unbreaks the tree on gcc architectures. > ok pirofti@, bluhm@, florian@ (kettenis@) ~ subr_log.c > Kernel sendsyslog(2), libc syslog(3), and syslogd(8) restrict and > truncate the length of a syslog message to 8192 bytes. Use one > global define LOG_MAXLINE for all of them. > OK deraadt@ millert@ (bluhm@) ~ uipc_socket.c ~ uipc_syscalls.c > Move the socket lock "above" sosetopt(), sogetopt() and sosplice(). > Protect the fields modifieds by sosetopt() and simplify the dance > with the stars. > ok bluhm@ (mpi@) ~ uipc_socket.c > The socket field so_proto can never be NULL. Remove the checks. > OK mpi@ visa@ (bluhm@) ~ kern_rwlock.c > Make rw_enter() always succeed after a panic. > This prevents deadlocks when doing 'boot reboot' after the kernel panic'd. > Discussed with bluhm@ and guenther@, ok visa@ (mpi@) ~ uipc_socket.c ~ uipc_syscalls.c > Move the solock()/sounlock() dance outside of sobind(). > ok phessler@, visa@, bluhm@ (mpi@) ~ uipc_usrreq.c > Validate sockaddr from userland in central functions. This results > in common checks for unix, inet, inet6 instead of partial checks > here and there. Some checks are already done at a higher layer, > but better be paranoid with user input. > OK claudio@ millert@ (bluhm@) ~ init_main.c > Merge DDBCTF into DDB. (mpi@) ~ kern_sysctl.c ~ sys_socket.c ~ uipc_domain.c ~ uipc_socket2.c > Remove NET_LOCK()'s argument. > Tested by Hrvoje Popovski, ok bluhm@ (mpi@) ~ syscalls.master ~ kern_ktrace.c > add a fktrace syscall that takes a file descriptor instead of a name. > libc and man page parts to come. > ok guenther (tedu@) ~ init_sysent.c ~ syscalls.c > regen (tedu@) ~ subr_witness.c > Silence clang warnings: remove unused variables and s/%hx/%x/g > ok mpi@ deraadt@ (guenther@) ~ kern_rwlock.c > Add rw_assert_anylock(), for assering you have it either read or write > locked > ok tedu@ mpi@ (guenther@) ~ subr_pool.c ~ sys_futex.c > New flag PR_RWLOCK for pool_init(9) makes the pool use rwlocks instead > of mutexes. Use this immediately for the pool_cache futex pools. > Mostly worked out with dlg@ during e2k17 > ok mpi@ tedu@ (guenther@) ~ vfs_vnops.c > Nuke trailing whitespace (beck@) miscfs/fuse ~ fuse_device.c > Avoid possible NULL pointer dereference on fuseioctl() > Found by Coverity Scan (CID 1453387) > OK mpi@ (mestre@) msdosfs ~ msdosfs_fat.c > minor msdosfs tweaks > * add to comments for pcbmap() > * remove useless ";" > ok tb@ (sf@) net ~ pf.c ~ pf_ioctl.c ~ pfvar.h ~ pfvar_priv.h > Reduce contention on the NET_LOCK() by moving the logic of the pfpurge > thread to a task running on the `softnettq`. > Tested and inputs from Hrvoje Popovski. > ok visa@, sashan@ (mpi@) ~ rtsock.c > Prevent userland to modify RTF_LOCAL route entries. > In particular setting an expiration timer on a route entry which would > confuse L2 state machines. > ok bluhm@ (mpi@) ~ bfd.c > The caller of sobind() has to free the name mbuf. Plug a mbuf leak > in bfd_listener(). > OK phessler@ (bluhm@) ~ if.c > The socket field so_proto can never be NULL. Remove the checks. > OK mpi@ visa@ (bluhm@) ~ if_vxlan.c > A missing break in vxlan_sockaddr_cmp() could eventually trick an > vxlan interface into accepting packets for the wrong destination (if > the sockaddr_in6 checks somehow match on sockaddr_in addresses). > Coverity CID 1452902; Severity: Moderate > OK mikeb@ (reyk@) ~ if_pflow.c > Move the solock()/sounlock() dance outside of sobind(). > ok phessler@, visa@, bluhm@ (mpi@) ~ if_spppsubr.c > The timeval in sppp_input() is also used when the interface is not IFF_UP. > Always call getmicrouptime(&tv) to avoid an "Uninitialized scalar > variable". > Coverity CID 1453266; Severity: Insignificant > OK deraadt@ (reyk@) ~ switchofp.c > Fix out-of-bounds read when looking up the message handler. > This could be triggered by an OpenFlow packet with the message type of 30 > ... because C array indexes start at 0. > Coverity CID 1453219; Severity: Major > OK millert@ goda@ (reyk@) ~ switchofp.c > Fix out-of-bounds read when looking up the multipart message handler. > This could be triggered by an OpenFlow packet with the multipart > message type of 14 ... because C array indexes start at 0. > Coverity CID 1452917; Severity: Major > OK millert@ goda@ (reyk@) ~ switchofp.c > Instead of repeating the same return statement in both cases of a > final if statement, use it once after the if statement. > Avoids duplicated and structurally dead code. > Coverity CID 1452943; Severity: Insignificant > OK millert@ goda@ (reyk@) ~ switchofp.c > Fix copy-paste error: first check is on "target", second check is on "key". > Coverity CID 1453281; Severity: Minor > OK millert@ goda@ (reyk@) ~ switchofp.c > Priority is stored in the vlan_pcp field not in the vlan_vid field. > Found by Coverity because vlan_vid was assigned twice. > Coverity CID 1453293; Severity: Minor > OK millert@ goda@ (reyk@) ~ switchofp.c > Set free'd tables to NULL in swofp_flow_entry_instruction_free(). > swofp_flow_entry_instruction_free is used to "reset" the tables. It > called free on each table but didn't set them to NULL, causing > potential double-frees in swofp_flow_entry_put_instructions(). > Instead of complicating the code and adding a X = NULL for each table, > restructure it by introducing a generic function to free tables as > they're all derived from struct ofp_instruction. > Reported by Coverity as various "Read from pointer after free" errors: > Coverity CIDs 1452955 1453345 1452858 1453031 1453179 1453216 1453093 > OK millert@ goda@ (reyk@) ~ switchofp.c > Fix out-of-bounds read when looking up the flow-mod handler. > Another case of the "C indexes start at 0" bug where ">" must be ">=": > if (i >= nitems(foo)) > return (NULL); > else > return (foo[i].handler); > Coverity CID 1453340; Severity: Major > OK millert@ goda@ (reyk@) ~ if_spppsubr.c > Revision 1.139 accidentally removed an ip = mtod(), resulting in a > pointless "ip = NULL; if (ip) ..." sequence. > Coverity CID 1453286; Severity: Minor > OK sthen@ tom@ (reyk@) ~ if_spppsubr.c > space after if. > Pointed out by tom@ (reyk@) ~ pipex.c > During MPPE key reduction on the 40 bits case the first 3 octets need to be > changed with known constants (RFC3079). Current code uses a switch case > without > breaks which implicitly makes the code correct, but to improve readibility > the > first octect should have the constant assigned also in the first case, > without > relying on a fallthrough to the second, and the break statement should be > called on boths cases. > This was a false positive found in Coverity CID 1453390, but changed due to > to readibility as explained above. > After discussion with millert@ and guenther@ (mestre@) ~ bpf.c ~ if.c ~ if_enc.c ~ if_gif.c ~ if_gre.c ~ if_pflog.c ~ if_pflow.c ~ if_pfsync.c ~ if_ppp.c ~ if_pppoe.c ~ if_pppx.c ~ if_spppsubr.c ~ if_trunk.c ~ if_tun.c ~ if_vxlan.c ~ pf.c ~ pf_ioctl.c ~ pfkeyv2.c ~ pipex.c ~ route.c ~ rtsock.c ~ switchctl.c > Remove NET_LOCK()'s argument. > Tested by Hrvoje Popovski, ok bluhm@ (mpi@) ~ if_pppx.c ~ if.c ~ if_pflow.c > Use the NET_LOCK() macro instead of handrolling it. > Tested by Hrvoje Popovski. (mpi@) ~ pf.c ~ pfvar.h > to change a state's state (that term is overloaded in pf, protocol state > like ESTABLISHED for tcp here), don't do it directly, but go through a > newly > introduced pf_set_protostate() > ok bluhm benno (henning@) netinet ~ ip.h ~ ip_input.c > Increase the limit of the IP protocol queues from 256 to 2048 mbufs. > The interface congestion algorithm kills performance at this place, > with the large queues it never triggers. > OK mpi@ claudio@ (bluhm@) ~ icmp6.h > Stop running nd6_expire every second. > We know when pltime or vltime decrease to zero. Run nd6_expire then. > Input & OK mpi, bluhm (florian@) ~ ip.h > fix typo in previous commit. (tj@) ~ ip_icmp.c > icmp_mtudisc() might be called by TCP even on loopback after a > retransmit timeout. Do not run path MTU discovery on local routes > as we never want that on loopback. For permanent ARP or ND entries > disable path MTU discovery as they use the same rt_expire field. > This prevents that permanent routes and entries disappear. > bug analysis friehm@; OK mpi@ (bluhm@) ~ in.c ~ in.h ~ in_pcb.c ~ raw_ip.c ~ udp_usrreq.c > Validate sockaddr from userland in central functions. This results > in common checks for unix, inet, inet6 instead of partial checks > here and there. Some checks are already done at a higher layer, > but better be paranoid with user input. > OK claudio@ millert@ (bluhm@) ~ if_ether.c ~ ip_ah.c ~ ip_carp.c ~ ip_esp.c ~ ip_input.c ~ ip_ipcomp.c ~ ip_ipsp.c ~ tcp_input.c ~ tcp_timer.c > Remove NET_LOCK()'s argument. > Tested by Hrvoje Popovski, ok bluhm@ (mpi@) netinet6 ~ in6.c ~ in6_var.h > in6_leavegroup can't fail; OK phessler (florian@) ~ nd6.c > Reduce contention on the NET_LOCK() by moving the nd6 address expiration > task to the `softnettq`. > While here update comments and names to reflect reality after the removal > of router and prefix lists. > ok florian@, bluhm@ (mpi@) ~ ip6_input.c > Increase the limit of the IP protocol queues from 256 to 2048 mbufs. > The interface congestion algorithm kills performance at this place, > with the large queues it never triggers. > OK mpi@ claudio@ (bluhm@) ~ in6.c ~ nd6.c ~ nd6.h > Stop running nd6_expire every second. > We know when pltime or vltime decrease to zero. Run nd6_expire then. > Input & OK mpi, bluhm (florian@) ~ nd6_rtr.c > We are no longer processing router advertisements in the > kernel. > OK mpi (florian@) ~ nd6.c ~ nd6.h > We are no longer generating privacy addresses in the > kernel. > OK mpi (florian@) ~ nd6.c ~ nd6.h > accept_rtadv doesn't do anything since some time. > OK mpi (florian@) ~ nd6.c ~ nd6.h > Remove knob and always do neighbor unreachable detection. (florian@) ~ icmp6.c > icmp_mtudisc() might be called by TCP even on loopback after a > retransmit timeout. Do not run path MTU discovery on local routes > as we never want that on loopback. For permanent ARP or ND entries > disable path MTU discovery as they use the same rt_expire field. > This prevents that permanent routes and entries disappear. > bug analysis friehm@; OK mpi@ (bluhm@) ~ nd6.c > Do not invalidate ND for local routes, make it consistent like ARP. > OK mpi@ (bluhm@) ~ in6.c ~ in6.h ~ in6_pcb.c ~ raw_ip6.c ~ udp6_output.c > Validate sockaddr from userland in central functions. This results > in common checks for unix, inet, inet6 instead of partial checks > here and there. Some checks are already done at a higher layer, > but better be paranoid with user input. > OK claudio@ millert@ (bluhm@) ~ ip6_input.c ~ nd6.c ~ nd6_nbr.c > Remove NET_LOCK()'s argument. > Tested by Hrvoje Popovski, ok bluhm@ (mpi@) nfs ~ krpc_subr.c ~ nfs_socket.c ~ nfs_syscalls.c > Move the socket lock "above" sosetopt(), sogetopt() and sosplice(). > Protect the fields modifieds by sosetopt() and simplify the dance > with the stars. > ok bluhm@ (mpi@) ~ krpc_subr.c ~ nfs_socket.c > Move the solock()/sounlock() dance outside of sobind(). > ok phessler@, visa@, bluhm@ (mpi@) ~ nfs_boot.c ~ nfs_socket.c > Remove NET_LOCK()'s argument. > Tested by Hrvoje Popovski, ok bluhm@ (mpi@) sys ~ syslog.h > Kernel sendsyslog(2), libc syslog(3), and syslogd(8) restrict and > truncate the length of a syslog message to 8192 bytes. Use one > global define LOG_MAXLINE for all of them. > OK deraadt@ millert@ (bluhm@) ~ systm.h > Remove NET_LOCK()'s argument. > Tested by Hrvoje Popovski, ok bluhm@ (mpi@) ~ syscall.h ~ syscallargs.h > regen (tedu@) ~ mutex.h > Always provide _mtx_* APIs, the use those to simplify the WITNESS wrappers > elsewhere > ok visa@ kettenis@ (guenther@) ~ rwlock.h > Add rw_assert_anylock(), for assering you have it either read or write > locked > ok tedu@ mpi@ (guenther@) ~ ctf.h > Convert variable type to C99. > OK mpi@ (nayden@) ~ ktrace.h > declaration for fktrace (tedu@) ~ pool.h > New flag PR_RWLOCK for pool_init(9) makes the pool use rwlocks instead > of mutexes. Use this immediately for the pool_cache futex pools. > Mostly worked out with dlg@ during e2k17 > ok mpi@ tedu@ (guenther@) ~ vnode.h > Evidence suggests this trailing whitespace was left here by maurauding > Vikings... We don't need to keep it (beck@) ~ vnode.h > remove accidental addition (beck@) uvm ~ uvm_map.c > In the locking wrappers for &map->lock and &map->mtx, pass through > file+line > when WITNESS is enabled > ok visa@ kettenis@ (guenther@) ~ uvm_vnode.c > Use the NET_LOCK() macro instead of handrolling it. > Tested by Hrvoje Popovski. (mpi@) == usr.bin =========================================================== 14/15 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin usr.bin ~ Makefile > Enter ctfconv and ctfdump (mpi@) bgplg ~ bgplg.h > let the looking glass look at the details for a specific AS > diff from Denis Fondras, thanks! > OK benno@, phessler@ (phessler@) calendar ~ io.c > Remove KOI8 lines after 5.9 is out. > From Jan Stary, Klemens Nanni and others (tb@) ctfconv + Makefile + ctfconv.1 + ctfconv.c + ctfstrip + ctfstrip.1 + dw.c + dw.h + dwarf.h + elf.c + generate.c + hash.c + hash.h + itype.h + parse.c + pool.c + pool.h + xmalloc.c + xmalloc.h > Import a tool for generating CTF data section (SUNW_ctf) based on DWARF > information. > ctfconv(1) support multiple CUs in order to work on binaries. ctfstrip(1) > works like strip(1) but also insert a .SUNW_ctf section inside a binary. > ok deraadt@, kettenis@, jasper@ (mpi@) ~ ctfstrip > CVS Id and license. (mpi@) ~ ctfconv.1 ~ ctfconv.c ~ ctfstrip.1 ~ dw.c ~ dw.h ~ dwarf.h ~ elf.c ~ generate.c ~ hash.c ~ hash.h ~ itype.h ~ parse.c ~ pool.c ~ pool.h > add rcs ids (jasper@) ~ ctfstrip > - use mktemp to provide the tempfile name and clean it up properly > - set strict posix mode > ok mpi@ (jasper@) ~ ctfconv.c ~ generate.c ~ itype.h ~ parse.c > Do not insert random name for anonymous member. (mpi@) ~ ctfconv.1 ~ ctfstrip.1 > tweak previous; (jmc@) ~ ctfconv.c ~ parse.c > Fix nested declaration inside union or struct. (mpi@) ~ ctfstrip.1 > Fix typo in SEE ALSO section. > ok mpi@, jmc@ (nayden@) ~ ctfconv.c ~ ctfconv.1 > make 'dump' mutually exclusive with writing out the data, to ease pleding > ok mpi@ (jasper@) ~ ctfconv.c > pledge ctfconv > feedback/ok mpi@ tb@ (jasper@) ~ ctfstrip > fallback to strip(1) in case ctfconv(1) couldn't handle the file (i.e. when > the input file lacks useful debug sections). > adjust option handling accordingly to pass any flags not handled by > ctfstrip(1) down to strip(1). > help and ok mpi@ tb@ (jasper@) ~ ctfconv.1 ~ ctfconv.c > tweak usage > prompted by and ok jmc@ (jasper@) ~ ctfstrip > make this properly portable: > - keep track of the argument inside the for loop to determine INFILE > - replace the builtin [[ with [ and adjust the tests > - use echo instead of the print builtin > from tb@ (jasper@) ~ ctfconv.1 > zap trailing whitespace (sorry - failed to spot in previous); (jmc@) ~ ctfconv.1 > ouch - failed to spot typo in previous too, even though my spell checker > was doing one! (jmc@) ~ ctfstrip > Fix arguments that are passed to strip(1). In particular, > $INFILE should not appear twice. > OK mpi@, jasper@ (visa@) ctfdump + Makefile + ctfdump.1 + ctfdump.c + elf.c > Import a tool for dumping the contents of CTF data section (SUNW_ctf). > ok deraadt@, kettenis@, jasper@ (mpi@) ~ ctfdump.1 ~ ctfdump.c ~ elf.c > add rcs ids (jasper@) ~ ctfdump.1 > tweak previous; (jmc@) ~ ctfdump.c > pledge ctfdump to stdio and rpath > ok mpi@ (jasper@) ~ ctfdump.c > move pledge after setlocale as suggested by tb@ (jasper@) mandoc ~ man.1 > Explain how to transform markup for the terminal when not using a > pager, and how to remove markup. Add related cross references. > While here, as suggested by jmc@, replace the excessive cross > references to the intro pages by a more relevant one to mandoc(1). > Triggered by a question from, using feedback from, and OK jmc@. (schwarze@) ~ man.1 > Add two EXAMPLES; triggered by a question from jmc@. > Feedback and OK jmc@. (schwarze@) ~ mdoc.c > Make the "new sentence, new line" check stricter, allowing digits > in the last two letters of the last word of the sentence. > No false positives in base or Xenocara. > Suggested by and OK jmc@. (schwarze@) mg ~ buffer.c ~ re_search.c ~ search.c ~ tags.c > Present the default choice before the colon in prompts. Matches GNU Emacs > behavior. > From Scott Cheloha <[email protected]> > ok florian@ (bcallah@) netstat ~ inet.c ~ main.c ~ netstat.1 ~ netstat.h > add option -l to show only listening sockets (for tcp) > feedback and ok awhile ago bluhm@ job@ (benno@) openssl ~ apps.c ~ s_cb.c ~ s_client.c ~ s_server.c > Remove NPN support - the -nextprotoneg options now become no-ops. > ok bcook@ beck@ doug@ (jsing@) ~ Makefile > Switch to -Werror with clang for libressl. > Discussed with beck@ and jsing@ > ok beck@ (doug@) ssh ~ serverloop.c > Keep track of the last time we actually heard from the client and > use this to also schedule a client_alive_check(). Prevents activity > on a forwarded port from indefinitely preventing the select timeout > so that client_alive_check() will eventually (although not optimally) > be called. > Analysis by willchan at google com via bz#2756, feedback & ok djm@ > (dtucker@) ~ serverloop.c > Tweak previous keepalive commit: if last_time + keepalive <= now > instead of just "<" so client_alive_check will fire if the select > happens to return on exact second of the timeout. ok djm@ (dtucker@) ~ sftp-client.c > don't print verbose error message when ssh disconnects under sftp; > bz#2750; ok dtucker@ (djm@) ~ sshconnect2.c > refuse to a private keys when its corresponding .pub key does not > match. bz#2737 ok dtucker@ (djm@) ~ sshkey.c > Switch from aes256-cbc to aes256-ctr for encrypting new-style > private keys. The latter having the advantage of being supported > for no-OpenSSL builds; bz#2754 ok markus@ (djm@) ~ ssh.c > make "--" before the hostname terminate command-line option processing > completely; previous behaviour would not prevent further options > appearing after the hostname (ssh has a supported options after the > hostname for >20 years, so that's too late to change). > ok deraadt@ (djm@) tmux ~ cmd-select-pane.c ~ cmd-select-window.c > Hooks for after-select-pane and after-select-window. (nicm@) ~ cmd-choose-tree.c ~ format.c ~ screen-write.c ~ tmux.1 ~ window-buffer.c ~ window-client.c ~ window-tree.c > Add -F to choose-tree, choose-client, choose-buffer to specify the > format of each line, as well as adding a couple of formats needed for > the default display. (nicm@) ~ options.c ~ window-tree.c > Fix filtering so it works after the change to only show windows if they > have multiple panes. (nicm@) == usr.sbin ========================================================== 15/15 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin bgpctl ~ bgpctl.c ~ parser.c ~ parser.h > handle extended communities in bgpctl. > From Dennis Fondras, thanks! > ok phessler@ (benno@) ~ bgpctl.c > replace memcpy() with assignements where the type is the same. > noticed by deraadt@, ok claudio@ (benno@) bgpd ~ bgpd.h > add a zeroed out element at the end of the iana_ext_comms array, so > that the iteration over it actually stops. > ok and feedback from florian@ phessler@ and claudio@ (benno@) ~ bgpd.h > Remove comma from last element since that is the terminator. (claudio@) ~ bgpd.h ~ control.c ~ rde.c > handle extended communities in bgpctl. > From Dennis Fondras, thanks! > ok phessler@ (benno@) ~ rde.c > Fix a comment and line length. Noted by Dennis fondras. > ok benno@ (benno@) ~ bgpd.conf.5 ~ bgpd.h ~ control.c ~ parse.y ~ printconf.c ~ rde.c > softreconfig in and out are on by default for ever and machines now have > enough memory that it does not make sense to provide these knobs anymore. > They just make the code more complex for no much gain. > OK phessler@, benno@ (claudio@) ~ bgpd.c > Make not yet implemented pledges more visible in grep output. > input benno, deraadt, tedu > also standardize on #if 0 since it makes tedu's editor vomit. > OK benno, pirofti on a previous version (florian@) ~ bgpd.h ~ parse.y ~ printconf.c ~ rde_filter.c > allow filter rules to be written that affect ibgp or ebgp neighbors > discussed with henning@ > OK claudio@, benno@, job@ (phessler@) ~ bgpd.conf.5 > Add manpage update for new grouping feature '{from,to} {i,e}bgp' > OK phessler@ (job@) httpd ~ httpd.conf.5 ~ httpd.h ~ parse.y ~ server.c > Convert httpd to tls_config_set_ecdhecurves(), allowing a list of curves > to be specified, rather than a single curve. > ok beck@ (jsing@) ~ httpd.conf.5 > punctuation; (jmc@) ifstated ~ ifstated.c > Improve error checking during processing of routing messages. Handling of > RTM_DESYNC encouraged by deraadt. ok jca@ benno@ (rob@) ~ ifstated.c > Consistent use of log.c, and removal of err.h include. Makes ifstated > configtest output the same as other networking daemons. > Ok jca@ (rob@) ~ ifstated.8 > Use configtest as one word like other network daemon man pages. > Ok benno@, jmc@ (rob@) ndp ~ ndp.8 ~ ndp.c > accept_rtadv doesn't do anything since some time. > OK mpi (florian@) ~ ndp.8 ~ ndp.c > Remove knob and always do neighbor unreachable detection. (florian@) ~ ndp.c > the recent adjustment of -i means usage() fits nicely on > two lines now, instead of three; (jmc@) npppctl ~ npppctl.c > display MRU each sessions in npppctl session command > ok yasuoka@ (goda@) npppd ~ npppd/npppd_ctl.h ~ npppd/npppd_ctl.c > display MRU each sessions in npppctl session command > ok yasuoka@ (goda@) ~ npppd/npppd.c ~ npppd/npppd.conf.5 ~ npppd/npppd.h ~ npppd/npppd_auth.c ~ npppd/npppd_auth.h ~ npppd/npppd_auth_local.h ~ npppd/parse.y ~ npppd/ppp.c > add a new option to set limits on user-max-sessions each AUTHENTICATION. > It can set limits on different user-max-sessions if there're using several > protocols such as PPPoE and L2TP/IPsec. > ok yasuoka@ (goda@) ~ npppd/npppd.c ~ npppd/npppd.conf.5 ~ npppd/npppd.h ~ npppd/npppd_local.h ~ npppd/parse.y ~ npppd/ppp.h > add a new option to set limits on max-sessions each IPCP. > It can set limits on different max-sessions if there're using several > protocols > such as PPPoE and L2TP/IPsec. > ok yasuoka@ (goda@) nsd ~ Makefile.in ~ configure.ac ~ dns.c ~ dns.h ~ namedb.c ~ rdata.c ~ xfrd-tcp.c ~ zonec.c > update to 4.1.17 > OK sthen (florian@) ~ configure > regen (florian@) ~ zparser.y > missed in previous (florian@) ntpd ~ ntpd.conf.5 > naddy@ reported confusion on why "query from" seemed to be ignored in > some cases. > OK naddy@ henning@ (job@) ~ parse.y > zero out sockaddr_in before use; fixes use of stack garbage as port number > in "query from"; ok phessler@ job@ (naddy@) ospf6ctl ~ ospf6ctl.c > fix the else case (i.e. LSA_IS_SCOPE_AS) where header could remain > uninitialized. found by clang. > ok claudio@ (benno@) ospf6d ~ control.c ~ log.c ~ log.h ~ ospf6d.c ~ ospf6d.h ~ ospfe.c ~ rde.c > bring ospf6d's log.c in sync with ospfd and bgpd > ok florian@ claudio@ (benno@) rebound ~ rebound.c > stop pretending that qnames are always strings. treat everything as a > dname always. (tedu@) relayd ~ relay.c > Call tls_config_skip_private_key_check() to disable the key checking in > the inspect case (same is done in the regular server mode). > OK bluhm@ and jsing@ (claudio@) ~ ca.c > Use X509_pubkey_digest() like libtls to hash the keys for the TLS privsep > code. This fixes interception mode (since there we rewrite the CERT which > would alter the hash of the cert but the keys still remain the same). > OK bluhm@ and jsing@ (claudio@) rtadvd ~ config.c > Do not forget to reschedule the timer when we receive a new prefix. > This way the new prefix can be advertized asap. ok florian@ (jca@) ~ if.c ~ if.h ~ rtadvd.c > No need to handle multiple routing messages here. > route(4) sockets only ever ship a single routing message per read(2) > call, so simplify this. Mostly mechanical diff for now, some further > cleanups will follow. > ok rob@ florian@ (jca@) ~ if.c ~ rtadvd.c > No need to constantly re-open a socket. Just open it up front and keep > it around. > OK jca (florian@) ~ rtadvd.c > The impossibility has been impossible since an impossible long > time. And indeed it is impossible to arrive here with something other > than a ND_OPT_PREFIX_INFORMATION. Remove #if 0'ed block. (florian@) smtpd ~ envelope.c > a long time ago, we made a change to the format of envelopes and introduced > a function to upgrade from v1 to v2 on the fly. this was meant to stay just > for the transition in one release. 3 years and 8 months later, it's finally > time we remove it ;-) > ok eric@, sunil@ (gilles@) ~ mail.file.c ~ mail.lmtp.c ~ mail.maildir.c > at the exception of mail.local, smtpd never executes an MDA as root. > the check is performed daemon-side before even forking the child process, > but let's also check euid in the mda we ship in case someone executes them > by hand and needs to see an explicit error message. (gilles@) ~ mail/Makefile + mail.mda.8 + mail.mda.c + mail/mail.mda/Makefile > add mail.mda MDA in charge of running a third-party MDA, not linked yet > (gilles@) ~ pony.c ~ smtp_session.c ~ smtpd.h ~ smtpd/Makefile > bypass the filter code for incoming smtp sessions. > experimental support for filters has been removed from the config > parser already, and we want to get rid of the remaining code. > ok gilles@ (eric@) snmpctl ~ snmpclient.c ~ snmpctl.c > Pledge snmpctl. Ok jca@, tb@ (rob@) snmpd ~ snmpd.c ~ snmpe.c ~ traphandler.c > Initial pledge for snmpd. snmpe remains unpledged. Regression tests pass. > Ok benno@, jca@. (rob@) ~ snmpe.c > Make not yet implemented pledges more visible in grep output. > input benno, deraadt, tedu > also standardize on #if 0 since it makes tedu's editor vomit. > OK benno, pirofti on a previous version (florian@) switchd ~ packet.c ~ parse.y > packet.c and parse.y no longer require err.h. ok jca@ florian@ (rob@) syslogd ~ syslogd.c ~ syslogd.h ~ ttymsg.c > Kernel sendsyslog(2), libc syslog(3), and syslogd(8) restrict and > truncate the length of a syslog message to 8192 bytes. Use one > global define LOG_MAXLINE for all of them. > OK deraadt@ millert@ (bluhm@) unbound ~ Makefile.bsd-wrapper ~ Makefile.in ~ ac_pkg_swig.m4 ~ acx_python.m4 ~ config.h.in ~ configure ~ configure.ac ~ cachedb/cachedb.c ~ daemon/daemon.c ~ daemon/daemon.h ~ daemon/remote.c ~ daemon/stats.c ~ daemon/stats.h ~ daemon/worker.c ~ daemon/worker.h ~ dns64/dns64.c ~ doc/Changelog ~ doc/README ~ doc/example.conf.in ~ doc/libunbound.3.in ~ doc/unbound-anchor.8.in ~ doc/unbound-checkconf.8.in ~ doc/unbound-control.8.in ~ doc/unbound-host.1.in ~ doc/unbound.8.in ~ doc/unbound.conf.5.in ~ iterator/iter_hints.c ~ iterator/iterator.c ~ libunbound/libunbound.c ~ libunbound/unbound.h ~ services/listen_dnsport.c ~ services/listen_dnsport.h ~ services/localzone.c ~ services/localzone.h ~ services/mesh.c ~ services/mesh.h ~ services/modstack.c ~ services/modstack.h ~ services/outside_network.c ~ services/view.c ~ services/view.h ~ services/cache/dns.c ~ services/cache/dns.h ~ services/cache/infra.c ~ services/cache/infra.h ~ sldns/keyraw.c ~ sldns/keyraw.h ~ sldns/parse.c ~ sldns/rrdef.c ~ sldns/rrdef.h ~ sldns/sbuffer.c ~ sldns/sbuffer.h ~ sldns/str2wire.c ~ sldns/str2wire.h ~ sldns/wire2str.c ~ sldns/wire2str.h ~ smallapp/unbound-anchor.c ~ smallapp/unbound-checkconf.c ~ smallapp/unbound-control.c ~ util/config_file.c ~ util/config_file.h ~ util/configlexer.lex ~ util/configparser.y ~ util/fptr_wlist.c ~ util/fptr_wlist.h ~ util/iana_ports.inc ~ util/log.c ~ util/module.c ~ util/module.h ~ util/netevent.c ~ util/netevent.h ~ util/timehist.c ~ util/timehist.h ~ util/data/msgencode.c ~ util/data/msgparse.c ~ util/data/msgreply.c ~ util/data/msgreply.h ~ util/data/packed_rrset.h ~ util/storage/lruhash.c ~ util/storage/lruhash.h ~ validator/val_anchor.c ~ validator/val_anchor.h ~ validator/val_secalgo.c ~ validator/val_sigcrypt.c ~ validator/val_utils.c ~ validator/val_utils.h ~ validator/validator.c ~ validator/validator.h + dnscrypt/cert.h + dnscrypt/dnscrypt.c + dnscrypt/dnscrypt.h + dnscrypt/dnscrypt.m4 + dnscrypt/dnscrypt_config.h.in + edns-subnet/addrtree.c + edns-subnet/addrtree.h + edns-subnet/edns-subnet.c + edns-subnet/edns-subnet.h + edns-subnet/subnet-whitelist.c + edns-subnet/subnet-whitelist.h + edns-subnet/subnetmod.c + edns-subnet/subnetmod.h + ipsecmod/ipsecmod-whitelist.c + ipsecmod/ipsecmod-whitelist.h + ipsecmod/ipsecmod.c + ipsecmod/ipsecmod.h + respip/respip.c + respip/respip.h + services/authzone.c + services/authzone.h + util/shm_side/shm_main.c + util/shm_side/shm_main.h > update to unbound 1.6.4, ok florian@ (sthen@) vmctl ~ vmctl.c > don't have cu try to open '/dev', instead check if there's a valid tty > associated with the vm upfront > as discussed with and ok mlarkin@ pd@ (jasper@) vmd ~ pci.c > vmd: allow guest PCI interrupt line reassignment. > I also added a couple config space register names to pcireg.h to try and > reduce the use of magic numbers in vmd/pci.c > ok pd@ (mlarkin@) ~ virtio.c > whitespace (mlarkin@) ~ pci.c > vmd: partially back out a change committed yesterday regarding guest > changing IRQs. After discussing with kettenis, that wasn't the right way > to do things, and this diff fixes that. > ok kettenis (mlarkin@) ~ priv.c > Use vmd's process rdomain via getrtable() instead of 0 by default. > This allows to run "route -T 1 exec vmd" to get rdomain 1 tap(4) and > bridge interfaces by default. > ok mlarkin@ (reyk@) ~ virtio.h > vmd: bump virtio queue size back to 128. The problem that resulted in > lowering the queue size to 64 was caused by something unrelated. (mlarkin@) ~ vmd.c > don't issue a termination command to an already stopped vm > ok mlarkin@ (jasper@) ===============================================================================
_______________________________________________ owc mailing list [email protected] http://www.squish.net/mailman/listinfo/owc
