OpenBSD src changes summary for 2017-09-24 to 2017-10-01 inclusive ==================================================================
distrib/notes etc/examples/bgpd.conf gnu gnu/usr.bin/perl lib/libc lib/libcrypto lib/libm lib/libssl lib/libtls regress/usr.bin regress/usr.sbin sbin/dhclient sbin/disklabel sbin/pfctl share/man sys/arch/alpha/conf sys/arch/amd64/amd64 sys/arch/amd64/conf sys/arch/amd64/include sys/arch/arm/include sys/arch/arm64/conf sys/arch/arm64/include sys/arch/armv7/conf sys/arch/hppa/conf sys/arch/i386/conf sys/arch/i386/i386 sys/arch/landisk/conf sys/arch/loongson/conf sys/arch/luna88k/conf sys/arch/macppc/conf sys/arch/octeon/conf sys/arch/sgi/conf sys/arch/socppc/conf sys/arch/sparc64/conf sys/conf sys/ddb sys/dev/fdt sys/dev/ic sys/dev/pci sys/kern sys/sys usr.bin/awk usr.bin/calendar usr.bin/ctfconv usr.bin/ftp usr.bin/ssh usr.sbin/config usr.sbin/mtree usr.sbin/syslogd usr.sbin/unbound == distrib =========================================================== 01/10 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib notes ~ alpha/contents ~ amd64/contents ~ arm64/contents ~ armv7/contents ~ hppa/contents ~ i386/contents ~ landisk/contents ~ loongson/contents ~ luna88k/contents ~ macppc/contents ~ octeon/contents ~ sgi/contents ~ sparc64/contents > update set sizes (jsg@) ~ arm64/prep > With arm64 targets U-Boot looks for dtbs in a directory named after the > vendor of the SoC. (jsg@) ~ armv7/prep ~ arm64/prep > Mention that U-Boot images for Allwinner and Rockchip targets contain a > default DTB. (jsg@) == etc =============================================================== 02/10 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/etc examples/bgpd.conf ~ examples/bgpd.conf > SPI values 0-255 are reserved, so change the example to use a valid one. > fixes parsing of the example configuration > OK benno@ (phessler@) == gnu =============================================================== 03/10 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/gnu gnu ~ llvm/lib/MC/MCParser/AsmParser.cpp > make clang include a FILE symbol for .(s|S) files > This is mostly needed by syspatch at the moment to be > to be able to re-link in the same order as the original > libraries were linked with by relying on the readelf(1) > and without this .(s|S) assembly files were not getting > a file directive. > A bug reports has been filed as well: > https://bugs.llvm.org/show_bug.cgi?id=34019 > ok deraadt@ (robert@) usr.bin/perl ~ cpan/podlators/scripts/pod2man.PL > Rev. 1.2 enabled UTF-8 by default. > During subsequent Perl updates, all the documentation changes etc. > got carried along, but the actual code change was deleted > in Rev. 1.3 and never restored. Restore it now. > Bug found by bentley@; OK afresh1@ bentley@. (schwarze@) == lib =============================================================== 04/10 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib libc ~ sys/sendsyslog.2 > sendsyslog should take a const char * everywhere. > okay bluhm@, deraadt@ (espie@) ~ sys/sendsyslog.2 > Document how ioctl(2) LIOCSFD on /dev/klog registers a socket pair > to receive sendsyslog(2) messages. > discussed with martijn@; OK jmc@ deraadt@ (bluhm@) libcrypto ~ opensslv.h > bump wo 2.6.2 (bcook@) ~ opensslv.h > bump version in advance of final release (bcook@) libm ~ man/sin.3 > Xr; from jan stary (jmc@) libssl ~ ssl_tlsext.c > When building the OCSP extension, only add the length prefixed extensions > after we finish building the responder ID list. Otherwise adding to the > responder ID list fails. > ok beck@ (jsing@) ~ ssl_tlsext.c > Fix various issues in the OCSP extension parsing code: > - When parsing the OCSP extension we can have multiple responder IDs - pull > these out correctly. > - Stop using CBS_stow() - it's unnecessary since we just need access to the > data and length (which we can get via CBS_data() and CBS_len()). > - Use a temporary pointer when calling d2i_*() functions, since it will > increment the pointer by the number of bytes it consumed when decoding. > The original code incorrectly passes the pointer allocated via CBS_stow() > (using malloc()) to a d2i_*() function and then calls free() on the now > incremented pointer, most likely resulting in a crash. This issue was > reported by Robert Swiecki who found the issue using honggfuzz. > ok beck@ (jsing@) ~ s3_lib.c > Annotate some API-side memory leaks for future resolution. (jsing@) libtls ~ tls_config.c > If tls_config_parse_protocols() is called with a NULL pointer, return the > default protocols instead of crashing - this makes the behaviour more > useful and mirrors what we already do in tls_config_set_ciphers() et al. > (jsing@) == regress =========================================================== 05/10 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress usr.bin ~ ssh/proxy-connect.sh > UsePrivilegeSeparation is gone, stop trying to test it. (dtucker@) usr.sbin ~ pkg_add/signatures.ref > keep up with @version, noticed by bluhm@ (espie@) == sbin ============================================================== 06/10 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin dhclient ~ dhclient.c > Correct the timeout used when select-timeout is > set to a non-zero value in dhclient.conf(5). > Fixes the bsd.rd upgrade issue reported by > Eivinde Eide via misc@. (krw@) disklabel ~ disklabel.c ~ editor.c ~ extern.h > don't be silent on auto-allocation failure in write mode. ok millert@ krw@ > (otto@) pfctl ~ pfctl.c > - pfctl always prints warning when flushes ruleset > OK mikeb@ (sashan@) == share ============================================================= 07/10 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share man ~ man4/urng.4 > the Alea I works fine with urng(4) so update the manpage accordingly > (jasper@) ~ man4/ddb.4 > New ddb(4) command: kill. > Send an uncatchable SIGABRT to the process specified by the pid > argument. Useful in case of CPU exhaustion to kill the DoSing > process and generate a core for later inspection. > ok phessler@, visa@, kettenis@, miod@ (mpi@) == sys =============================================================== 08/10 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys arch/alpha/conf ~ Makefile.alpha > When option DDB_STRUCTINFO was removed from the kernel, too much from > the kernel makefiles was removed which lead to C files not being re- > compiled when a dependency changed. This can lead to panics in odd > places and generally a broken system. > ok deraadt@ (patrick@) arch/amd64/amd64 ~ sys_machdep.c > amd64 needs FS.base values (the TCB pointer) to be validated, as > noncanonical > addresses will cause a fault on load by the kernel. > Problem observed by Maxime Villard > ok kettenis@ deraadt@ (guenther@) ~ sys_machdep.c TAGGED OPENBSD_6_1 > MFC: amd64 needs FS.base values (the TCB pointer) to be validated, > as noncanonical addresses will cause a fault on load by the kernel. (tj@) ~ sys_machdep.c TAGGED OPENBSD_6_0 > MFC: amd64 needs FS.base values (the TCB pointers) to be validated, > as noncanonical addresses will cause a fault on load by the kernel. (tj@) arch/amd64/conf ~ Makefile.amd64 > When option DDB_STRUCTINFO was removed from the kernel, too much from > the kernel makefiles was removed which lead to C files not being re- > compiled when a dependency changed. This can lead to panics in odd > places and generally a broken system. > ok deraadt@ (patrick@) arch/amd64/include ~ tcb.h > amd64 needs FS.base values (the TCB pointer) to be validated, as > noncanonical > addresses will cause a fault on load by the kernel. > Problem observed by Maxime Villard > ok kettenis@ deraadt@ (guenther@) ~ tcb.h TAGGED OPENBSD_6_1 > MFC: amd64 needs FS.base values (the TCB pointer) to be validated, > as noncanonical addresses will cause a fault on load by the kernel. (tj@) ~ tcb.h TAGGED OPENBSD_6_0 > MFC: amd64 needs FS.base values (the TCB pointers) to be validated, > as noncanonical addresses will cause a fault on load by the kernel. (tj@) arch/arm/include ~ vmparam.h > set MAXSSIZ to the same value as on all other architectures (32MB) > ok deraadt@ (naddy@) arch/arm64/conf ~ Makefile.arm64 > When option DDB_STRUCTINFO was removed from the kernel, too much from > the kernel makefiles was removed which lead to C files not being re- > compiled when a dependency changed. This can lead to panics in odd > places and generally a broken system. > ok deraadt@ (patrick@) arch/arm64/include ~ vmparam.h > set MAXSSIZ to the same value as on all other architectures (32MB) > ok deraadt@ (naddy@) arch/armv7/conf ~ Makefile.armv7 > When option DDB_STRUCTINFO was removed from the kernel, too much from > the kernel makefiles was removed which lead to C files not being re- > compiled when a dependency changed. This can lead to panics in odd > places and generally a broken system. > ok deraadt@ (patrick@) arch/hppa/conf ~ Makefile.hppa > When option DDB_STRUCTINFO was removed from the kernel, too much from > the kernel makefiles was removed which lead to C files not being re- > compiled when a dependency changed. This can lead to panics in odd > places and generally a broken system. > ok deraadt@ (patrick@) arch/i386/conf ~ Makefile.i386 > When option DDB_STRUCTINFO was removed from the kernel, too much from > the kernel makefiles was removed which lead to C files not being re- > compiled when a dependency changed. This can lead to panics in odd > places and generally a broken system. > ok deraadt@ (patrick@) arch/i386/i386 ~ trap.c > When fault indicates PGEX_W, only tell uvm we need a writeable page.. > don't request R+W. Issue observed by jsing in a go test of some sort. > ok mlarkin (deraadt@) arch/landisk/conf ~ Makefile.landisk > When option DDB_STRUCTINFO was removed from the kernel, too much from > the kernel makefiles was removed which lead to C files not being re- > compiled when a dependency changed. This can lead to panics in odd > places and generally a broken system. > ok deraadt@ (patrick@) arch/loongson/conf ~ Makefile.loongson > When option DDB_STRUCTINFO was removed from the kernel, too much from > the kernel makefiles was removed which lead to C files not being re- > compiled when a dependency changed. This can lead to panics in odd > places and generally a broken system. > ok deraadt@ (patrick@) arch/luna88k/conf ~ Makefile.luna88k > When option DDB_STRUCTINFO was removed from the kernel, too much from > the kernel makefiles was removed which lead to C files not being re- > compiled when a dependency changed. This can lead to panics in odd > places and generally a broken system. > ok deraadt@ (patrick@) arch/macppc/conf ~ Makefile.macppc > When option DDB_STRUCTINFO was removed from the kernel, too much from > the kernel makefiles was removed which lead to C files not being re- > compiled when a dependency changed. This can lead to panics in odd > places and generally a broken system. > ok deraadt@ (patrick@) arch/octeon/conf ~ Makefile.octeon > When option DDB_STRUCTINFO was removed from the kernel, too much from > the kernel makefiles was removed which lead to C files not being re- > compiled when a dependency changed. This can lead to panics in odd > places and generally a broken system. > ok deraadt@ (patrick@) arch/sgi/conf ~ Makefile.sgi > When option DDB_STRUCTINFO was removed from the kernel, too much from > the kernel makefiles was removed which lead to C files not being re- > compiled when a dependency changed. This can lead to panics in odd > places and generally a broken system. > ok deraadt@ (patrick@) arch/socppc/conf ~ Makefile.socppc > When option DDB_STRUCTINFO was removed from the kernel, too much from > the kernel makefiles was removed which lead to C files not being re- > compiled when a dependency changed. This can lead to panics in odd > places and generally a broken system. > ok deraadt@ (patrick@) arch/sparc64/conf ~ Makefile.sparc64 > When option DDB_STRUCTINFO was removed from the kernel, too much from > the kernel makefiles was removed which lead to C files not being re- > compiled when a dependency changed. This can lead to panics in odd > places and generally a broken system. > ok deraadt@ (patrick@) conf ~ newvers.sh > take us out of -beta (deraadt@) ~ GENERIC > disable POOL_DEBUG for release > ok deraadt@ (jsg@) ddb ~ db_command.c ~ db_interface.h > New ddb(4) command: kill. > Send an uncatchable SIGABRT to the process specified by the pid > argument. Useful in case of CPU exhaustion to kill the DoSing > process and generate a core for later inspection. > ok phessler@, visa@, kettenis@, miod@ (mpi@) dev/fdt ~ if_dwxe.c > The property that points the the attached PHY is called "phy-handle" > instead > of "phy". > ok patrick@, deraadt@ (kettenis@) ~ if_dwxe.c > Align Rx buffers to prevent unaligned access in the network stack. > ok patrick@, deraadt@ (kettenis@) dev/ic ~ wdc.c > Prevent null pointer dereference when probing channels > Account for the case when wdc is attached to the ISA bus and performs > channel probing using a dummy structure that lacks the back pointer to > the controller's softc. > Bug reported and fix tested by Andrew Daugherity, thanks! > OK phessler, jsg, krw, deraadt (mikeb@) dev/pci ~ drm/drm.h ~ drm/drm_mode.h > Use quoted #includes for files kdump's mkioctls indirectly includes so > mkioctls can find the files and not error out as drm headers are not > installed to /usr/include. This results in more complete ioctl coverage > in kdump (not just for drm). > ok kettenis@ (jsg@) ~ if_iwn.c > The DELAY() recently added to iwn(4) to make association more reliable > could > be triggered by incoming management frames, such as DEAUTH frames. As krw@ > found out, a system receiving many such frames would become unresponsive. > Ensure this extra DELAY() only happens if we decide to send an AUTH frame. > ok mpi@ krw@ (stsp@) ~ drm/i915_pciids.h ~ drm/i915/i915_devlist.h ~ drm/i915/i915_dma.c ~ drm/i915/i915_drv.c ~ drm/i915/i915_drv.h ~ drm/i915/i915_gem.c ~ drm/i915/i915_gem_stolen.c ~ drm/i915/i915_guc_submission.c ~ drm/i915/i915_irq.c ~ drm/i915/i915_reg.h ~ drm/i915/intel_csr.c ~ drm/i915/intel_ddi.c ~ drm/i915/intel_display.c ~ drm/i915/intel_dp.c ~ drm/i915/intel_fbc.c ~ drm/i915/intel_guc_loader.c ~ drm/i915/intel_hdmi.c ~ drm/i915/intel_i2c.c ~ drm/i915/intel_lrc.c ~ drm/i915/intel_mocs.c ~ drm/i915/intel_panel.c ~ drm/i915/intel_pm.c ~ drm/i915/intel_ringbuffer.c ~ drm/i915/intel_runtime_pm.c > Add preliminary kabylake support to inteldrm(4) by backporting the relevant > commits from linux-4.8.x. > The changes are quiet minimal due to the fact that kabylake and skylake > share > most of the code because they are both gen9 graphics. > This was tested by many and was also in snapshots for a while. > ok kettenis@ (robert@) kern ~ subr_log.c ~ syscalls.master > sendsyslog should take a const char * everywhere. > okay bluhm@, deraadt@ (espie@) ~ kern_fork.c ~ kern_prot.c > amd64 needs FS.base values (the TCB pointer) to be validated, as > noncanonical > addresses will cause a fault on load by the kernel. > Problem observed by Maxime Villard > ok kettenis@ deraadt@ (guenther@) ~ kern_fork.c ~ kern_prot.c > guenther sleep-commited the version without #ifdefs (deraadt@) ~ kern_fork.c ~ kern_prot.c TAGGED OPENBSD_6_1 > MFC: amd64 needs FS.base values (the TCB pointer) to be validated, > as noncanonical addresses will cause a fault on load by the kernel. (tj@) ~ kern_fork.c ~ kern_prot.c TAGGED OPENBSD_6_0 > MFC: amd64 needs FS.base values (the TCB pointers) to be validated, > as noncanonical addresses will cause a fault on load by the kernel. (tj@) ~ kern_proc.c TAGGED OPENBSD_6_0 > New ddb(4) command: kill. > Send an uncatchable SIGABRT to the process specified by the pid > argument. Useful in case of CPU exhaustion to kill the DoSing > process and generate a core for later inspection. > ok phessler@, visa@, kettenis@, miod@ (mpi@) sys ~ syscall.h ~ syscallargs.h > sendsyslog should take a const char * everywhere. > okay bluhm@, deraadt@ (espie@) == usr.bin =========================================================== 09/10 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin awk ~ lib.c ~ proto.h > Mark FATAL() as __dead so clang doesn't report > use of uninitialized variables after calls to > FATAL(). > ok millert@ guenther@ (krw@) calendar ~ io.c > Calling waitpid(pid,...) where pid is either uninitialized or > -1 because vflork() failed is bad. Initialize pid to -1 and call > waitpid() only when pid != -1. > Uninitialized use of pid found by clang. > Suggestion of -1 from millert@. > ok millert@ (krw@) ctfconv ~ parse.c > Ignore DW_FORM_strp with size larger than elf section buffer > fixes accessing memory out of bounds that led to a segfault. > Found with afl. ok mpi@ (jsg@) ~ parse.c > Handle parse_base() returning NULL for DW_TAG_base_type to avoid > attemping to insert a NULL iterator leading to a NULL deref crash. > Found with afl. ok mpi@ (jsg@) ~ generate.c > Return the correct error value in generate(). > From Mark Johnston, markj@FreeBSD (mpi@) ~ ctfconv.c ~ elf.c > Ignore file offset values in section headers that exceed the length of > the file. Avoids a crash found with afl. > ok mpi@ (jsg@) ~ dw.c > Unserstand DW_OP_bregN locations. > Sync with readdwarf(1). (mpi@) ~ ctfconv.c > Do not segfault when the string table is invalid or not present. > Based on a diff from jsg@. > Found independently by jsg@ with afl and markj@FreeBSD with a port. (mpi@) ~ ctfconv.c ~ elf.c > Check that the end of sections do not exceed the filesize for both > symtab and sections. Corrects behaviour that led to crashes found > via afl. > ok mpi@ (jsg@) ~ elf.c > Add some more boundary checks and prevent an attempt to divide by zero > to resolve some additional crashes found by afl. > ok mpi@ deraadt@ (jsg@) ftp ~ fetch.c > Initialize 'out' file descriptor to avoid possible > uninitialized use. Spotted by clang during 'make > release', triggered when both NOSSL and SMALL are > defined. > ok bluhm@ deraadt@ (krw@) ssh ~ channels.c > write the correct buffer when tunnel forwarding; doesn't matter > on OpenBSD (they are the same) but does matter on portable where > we use an output filter to translate os-specific tun/tap headers (djm@) ~ channels.c > fix inverted test on channel open failure path that "upgraded" a > transient failure into a fatal error; reported by sthen and also seen > by benno@; ok sthen@ (djm@) ~ sshd_config.5 > tweak EposeAuthinfo; > diff from lars nooden > tweaked by sthen; ok djm dtucker (jmc@) ~ version.h > openssh-7.6; ok deraadt@ (djm@) == usr.sbin ========================================================== 10/10 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin config ~ mkioconf.c ~ ukc.c ~ ukc.h ~ ukcutil.c > config -e's adds new devices to an extra locator array, which is accounted > using a variable which started at 0 and hence got planted in .bss. > Refactor that variable to begin at the maximum and decrease, such that it > lands in .data instead. > ok jsg (deraadt@) mtree ~ extern.h ~ misc.c > Mark error() as __dead so clang doesn't report > use of uninitialized variables after calls to > error(). > ok millert@ guenther@ (krw@) syslogd ~ syslogd.c > Document how ioctl(2) LIOCSFD on /dev/klog registers a socket pair > to receive sendsyslog(2) messages. > discussed with martijn@; OK jmc@ deraadt@ (bluhm@) unbound ~ Makefile.in ~ acx_nlnetlabs.m4 ~ config.h.in ~ configure ~ configure.ac ~ cachedb/cachedb.c ~ daemon/daemon.c ~ daemon/remote.c ~ daemon/stats.c ~ daemon/unbound.c ~ daemon/worker.c ~ dns64/dns64.c ~ dnscrypt/dnscrypt.c ~ dnscrypt/dnscrypt.h ~ doc/Changelog ~ doc/README ~ doc/example.conf.in ~ doc/libunbound.3.in ~ doc/unbound-anchor.8.in ~ doc/unbound-checkconf.8.in ~ doc/unbound-control.8.in ~ doc/unbound-host.1.in ~ doc/unbound.8.in ~ doc/unbound.conf.5.in ~ iterator/iterator.c ~ iterator/iterator.h ~ libunbound/libworker.c ~ libunbound/unbound.h ~ services/authzone.c ~ services/listen_dnsport.c ~ services/localzone.c ~ services/localzone.h ~ services/outside_network.c ~ services/cache/dns.c ~ services/cache/infra.c ~ sldns/parseutil.c ~ sldns/str2wire.c ~ sldns/wire2str.c ~ smallapp/unbound-anchor.c ~ smallapp/unbound-checkconf.c ~ smallapp/unbound-control.c ~ util/config_file.c ~ util/config_file.h ~ util/configlexer.lex ~ util/configparser.y ~ util/fptr_wlist.c ~ util/iana_ports.inc ~ util/net_help.c ~ util/net_help.h ~ util/netevent.c ~ util/data/msgreply.c ~ util/shm_side/shm_main.c ~ util/storage/lookup3.c ~ validator/val_secalgo.c ~ validator/val_utils.c > update to unbound-1.6.6, ok florian (sthen@) =============================================================================== _______________________________________________ owc mailing list [email protected] http://www.squish.net/mailman/listinfo/owc
