OpenBSD src changes summary for 2017-08-11 ==========================================
Makefile.cross bin/ksh distrib/sets lib lib/csu lib/libssl lib/libtls regress/lib regress/sbin regress/usr.sbin sbin/dhclient sbin/pfctl sbin/route share/man sys/arch/amd64/amd64 sys/arch/amd64/include sys/arch/amd64/isa sys/arch/arm64/arm64 sys/arch/arm64/conf sys/arch/i386/i386 sys/conf sys/ddb sys/dev/atapiscsi sys/dev/fdt sys/dev/ic sys/dev/usb sys/kern sys/net sys/netinet sys/netinet6 sys/nfs sys/sys usr.bin usr.bin/ctfconv usr.bin/ctfdump usr.bin/mandoc usr.bin/ssh usr.sbin/bgpd usr.sbin/httpd usr.sbin/npppctl usr.sbin/npppd usr.sbin/nsd usr.sbin/ntpd usr.sbin/vmd == Makefile.cross ==================================================== 01/10 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/Makefile.cross Makefile.cross > Fix cross builds: no clang depend target, no DESTDIR on HOSTCC build > ok patrick@ (drahn@) == bin =============================================================== 02/10 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/bin ksh ~ history.c > Check whether the first two characters of $HISTFILE are the magic > characters of the old binary ksh history file. In that case ignore > the history file after displaying an error once. Prevents annoying > repeated 'history file is corrupt' messages in $HOME on NFS setups > suffered by henning and makes the migration from the old to the new > history file format safer. > ok henning, tweaks & ok jca (tb@) ~ main.c ~ ksh.1 > Retire old behavior of requiring root prompt to contain # or \! > Requested by akoshibe and phessler > ok phessler@ anton@ jca@ (guenther@) == distrib =========================================================== 03/10 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib sets ~ lists/base/md.alpha ~ lists/base/md.amd64 ~ lists/base/md.armv7 ~ lists/base/md.hppa ~ lists/base/md.i386 ~ lists/base/md.landisk ~ lists/base/md.loongson ~ lists/base/md.luna88k ~ lists/base/md.macppc ~ lists/base/md.octeon ~ lists/base/md.sgi ~ lists/base/md.socppc ~ lists/base/md.sparc64 ~ lists/comp/gcc.alpha ~ lists/comp/gcc.amd64 ~ lists/comp/gcc.armv7 ~ lists/comp/gcc.hppa ~ lists/comp/gcc.i386 ~ lists/comp/gcc.landisk ~ lists/comp/gcc.loongson ~ lists/comp/gcc.luna88k ~ lists/comp/gcc.macppc ~ lists/comp/gcc.octeon ~ lists/comp/gcc.sgi ~ lists/comp/gcc.socppc ~ lists/comp/gcc.sparc64 > sync (jsg@) ~ lists/base/mi > sync (jsg@) == lib =============================================================== 04/10 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib lib ~ check_sym > Use getopts for option parsing > Add -v for verbose (relocation) output > Fix an existence check (guenther@) csu ~ aarch64/md_init.h ~ alpha/md_init.h ~ arm/md_init.h ~ hppa/md_init.h ~ i386/md_init.h ~ mips64/md_init.h ~ powerpc/md_init.h ~ sh/md_init.h ~ sparc64/md_init.h > _dl_printf is no longer referenced by RELOC_{JMPREL,DYN,GOT}; delete the > stub > ok kettenis@ (guenther@) libssl ~ ssl_locl.h ~ ssl_tlsext.c ~ ssl_tlsext.h ~ t1_lib.c > Rewrite the ECPointFormats TLS extension handling using CBB/CBS and the > new extension framework. > input + ok jsing@ (doug@) ~ ssl_tlsext.c ~ ssl_tlsext.h > Add doug@'s copyright since he just added code to these two files. (jsing@) ~ s3_lib.c ~ ssl_locl.h ~ ssl_srvr.c > Convert ssl3_send_certificate_request() to CBB. > ok beck@ doug@ (jsing@) ~ ssl_locl.h ~ ssl_tlsext.c ~ ssl_tlsext.h ~ t1_lib.c > Rewrite EllipticCurves TLS extension handling using CBB/CBS and the new > extension framework. > input + ok jsing@ (doug@) ~ ssl_lib.c > style(9) in ssl_set_cert_masks(). (jsing@) ~ ssl_lib.c > I don't think eay will ever fix this... (jsing@) ~ man/SSL_alert_type_string.3 > remove bogus ".POD" from .Dt name; noticed by jsing@ (schwarze@) libtls ~ shlib_version > Bump minor due to symbol addition. > Prompted by jsg@, since I apparently left it sitting in my tree... (jsing@) ~ man/tls_config_set_protocols.3 > new sentence, new line; (jmc@) == regress =========================================================== 05/10 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress lib ~ libssl/tlsext/tlsexttest.c > Rewrite the ECPointFormats TLS extension handling using CBB/CBS and the > new extension framework. > input + ok jsing@ (doug@) ~ libssl/tlsext/tlsexttest.c > Rewrite EllipticCurves TLS extension handling using CBB/CBS and the new > extension framework. > input + ok jsing@ (doug@) ~ libssl/tlsext/tlsexttest.c > Sort by extension/function name. (jsing@) ~ libssl/tlsext/tlsexttest.c > doug@ added code in here as well. (jsing@) ~ libssl/tlsext/tlsexttest.c > Be consistent with goto labels, failure flag and use of FAIL macro. > (jsing@) sbin ~ pfctl/Makefile > add option -N (no domain resolution) > manpage wording and reminder about usage() jmc@ > ok florian@ henning@ (benno@) usr.sbin + snmpd/Makefile + snmpd/snmpd.sh > Add regression tests for snmpd. Not hooked into regress/usr.sbin/Makefile > yet. > Ok benno@, tb@ (rob@) ~ snmpd/snmpd.sh > Add a wait call between different invocations of snmpd test runs to avoid > failed to bind errors due to SNMP UDP socket: Address already in use. > Discussed and ok jca@. (rob@) == sbin ============================================================== 06/10 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin dhclient ~ privsep.c > Don't write out resolv.conf unless the contents > are changed or dhclient's interface takes over > the default route. (krw@) pfctl ~ parse.y ~ pfctl.8 ~ pfctl.c ~ pfctl.h ~ pfctl_parser.c ~ pfctl_parser.h ~ pfctl_radix.c ~ pfctl_table.c > add option -N (no domain resolution) > manpage wording and reminder about usage() jmc@ > ok florian@ henning@ (benno@) route ~ route.8 > new sentence, new line; (jmc@) == share ============================================================= 07/10 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share man ~ man3/intro.3 > remove libobjc; (jmc@) ~ man5/bsd.regress.mk.5 > Typo fix. > Ok benno@, tb@, tj@, jmc@, schwarze@, phessler@ (rob@) ~ man7/packages.7 ~ man7/ports.7 > Mention that some packages and ports don't work without the wxallowed > mount(8) option on /usr/local and /usr/ports/pobj. > Triggered by a question from Diana Eichert <deichert at wrench dot com>. > OK danj@, and no opposition when shown on ports@. (schwarze@) == sys =============================================================== 08/10 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys arch/amd64/amd64 ~ db_trace.c > Merge DDBCTF into DDB. (mpi@) arch/amd64/include ~ cpu.h > apmwarn and the ridiculous apmhalt hack sysctls are not relevant here > (tedu@) arch/amd64/isa ~ clock.c > don't bother checking diagnostic status (which patrick reports > actually hangs a particular machine) to avoid reporting an error > which is common on modern machines > ok deraadt, patrick (jcs@) arch/arm64/arm64 ~ bus_dma.c > Have bus_dmamem_map() store the virtual address of the mapping such that > we can use it to flush the cache in bus_dmamap_sync() if necessary. > ok patrick@ (kettenis@) arch/arm64/conf ~ GENERIC > Add glue for the USB3 controller on the rk3399-firefly. (kettenis@) ~ RAMDISK > Add rkdwusb(4) here as well. (kettenis@) arch/i386/i386 ~ db_trace.c > Merge DDBCTF into DDB. (mpi@) conf ~ GENERIC ~ files > Merge DDBCTF into DDB. (mpi@) ddb ~ db_ctf.c > Remove debugging leftovers, document functions, bump copyright. (mpi@) ~ db_prof.c > Kernel compilation with DDBPROF enabled fails as db_sym_t is no longer > defined (removed in "Kill db_sym_t." from 2017-05-30 11:39 mpi). This > change fixes the problem. > OK mpi@ (nayden@) ~ db_ctf.c > Improve pretty printing of pointers. > ok jasper@ (mpi@) ~ db_ctf.c > Fall back using db_print_cmd() if no CTF data has been found. (mpi@) ~ db_command.c ~ db_sym.h > Merge DDBCTF into DDB. (mpi@) dev/atapiscsi ~ atapiscsi.c > Missing break/return statement on switch case > Coverity CID 1453394 > OK deraadt@ (mestre@) ~ atapiscsi.c > Fix previous by calling wdc_atapi_intr_complete() before rerturning. > Suggested by and ok millert@ (mpi@) dev/fdt ~ files.fdt + rkdwusb.c > Add glue for the USB3 controller on the rk3399-firefly. (kettenis@) dev/ic ~ ar5xxx.c > Fix copy pasto (Coverity CID 1452996), with this it matches the code in > FreeBSD > OK phessler@ and stsp@ (mestre@) dev/usb ~ if_umb.c > Remove NET_LOCK()'s argument. > Tested by Hrvoje Popovski, ok bluhm@ (mpi@) kern ~ uipc_usrreq.c > Validate sockaddr from userland in central functions. This results > in common checks for unix, inet, inet6 instead of partial checks > here and there. Some checks are already done at a higher layer, > but better be paranoid with user input. > OK claudio@ millert@ (bluhm@) ~ init_main.c > Merge DDBCTF into DDB. (mpi@) ~ kern_sysctl.c ~ sys_socket.c ~ uipc_domain.c ~ uipc_socket2.c > Remove NET_LOCK()'s argument. > Tested by Hrvoje Popovski, ok bluhm@ (mpi@) net ~ if_spppsubr.c > The timeval in sppp_input() is also used when the interface is not IFF_UP. > Always call getmicrouptime(&tv) to avoid an "Uninitialized scalar > variable". > Coverity CID 1453266; Severity: Insignificant > OK deraadt@ (reyk@) ~ switchofp.c > Fix out-of-bounds read when looking up the message handler. > This could be triggered by an OpenFlow packet with the message type of 30 > ... because C array indexes start at 0. > Coverity CID 1453219; Severity: Major > OK millert@ goda@ (reyk@) ~ switchofp.c > Fix out-of-bounds read when looking up the multipart message handler. > This could be triggered by an OpenFlow packet with the multipart > message type of 14 ... because C array indexes start at 0. > Coverity CID 1452917; Severity: Major > OK millert@ goda@ (reyk@) ~ switchofp.c > Instead of repeating the same return statement in both cases of a > final if statement, use it once after the if statement. > Avoids duplicated and structurally dead code. > Coverity CID 1452943; Severity: Insignificant > OK millert@ goda@ (reyk@) ~ switchofp.c > Fix copy-paste error: first check is on "target", second check is on "key". > Coverity CID 1453281; Severity: Minor > OK millert@ goda@ (reyk@) ~ switchofp.c > Priority is stored in the vlan_pcp field not in the vlan_vid field. > Found by Coverity because vlan_vid was assigned twice. > Coverity CID 1453293; Severity: Minor > OK millert@ goda@ (reyk@) ~ switchofp.c > Set free'd tables to NULL in swofp_flow_entry_instruction_free(). > swofp_flow_entry_instruction_free is used to "reset" the tables. It > called free on each table but didn't set them to NULL, causing > potential double-frees in swofp_flow_entry_put_instructions(). > Instead of complicating the code and adding a X = NULL for each table, > restructure it by introducing a generic function to free tables as > they're all derived from struct ofp_instruction. > Reported by Coverity as various "Read from pointer after free" errors: > Coverity CIDs 1452955 1453345 1452858 1453031 1453179 1453216 1453093 > OK millert@ goda@ (reyk@) ~ switchofp.c > Fix out-of-bounds read when looking up the flow-mod handler. > Another case of the "C indexes start at 0" bug where ">" must be ">=": > if (i >= nitems(foo)) > return (NULL); > else > return (foo[i].handler); > Coverity CID 1453340; Severity: Major > OK millert@ goda@ (reyk@) ~ if_spppsubr.c > Revision 1.139 accidentally removed an ip = mtod(), resulting in a > pointless "ip = NULL; if (ip) ..." sequence. > Coverity CID 1453286; Severity: Minor > OK sthen@ tom@ (reyk@) ~ if_spppsubr.c > space after if. > Pointed out by tom@ (reyk@) ~ pipex.c > During MPPE key reduction on the 40 bits case the first 3 octets need to be > changed with known constants (RFC3079). Current code uses a switch case > without > breaks which implicitly makes the code correct, but to improve readibility > the > first octect should have the constant assigned also in the first case, > without > relying on a fallthrough to the second, and the break statement should be > called on boths cases. > This was a false positive found in Coverity CID 1453390, but changed due to > to readibility as explained above. > After discussion with millert@ and guenther@ (mestre@) ~ bpf.c ~ if.c ~ if_enc.c ~ if_gif.c ~ if_gre.c ~ if_pflog.c ~ if_pflow.c ~ if_pfsync.c ~ if_ppp.c ~ if_pppoe.c ~ if_pppx.c ~ if_spppsubr.c ~ if_trunk.c ~ if_tun.c ~ if_vxlan.c ~ pf.c ~ pf_ioctl.c ~ pfkeyv2.c ~ pipex.c ~ route.c ~ rtsock.c ~ switchctl.c > Remove NET_LOCK()'s argument. > Tested by Hrvoje Popovski, ok bluhm@ (mpi@) netinet ~ in.c ~ in.h ~ in_pcb.c ~ raw_ip.c ~ udp_usrreq.c > Validate sockaddr from userland in central functions. This results > in common checks for unix, inet, inet6 instead of partial checks > here and there. Some checks are already done at a higher layer, > but better be paranoid with user input. > OK claudio@ millert@ (bluhm@) ~ if_ether.c ~ ip_ah.c ~ ip_carp.c ~ ip_esp.c ~ ip_input.c ~ ip_ipcomp.c ~ ip_ipsp.c ~ tcp_input.c ~ tcp_timer.c > Remove NET_LOCK()'s argument. > Tested by Hrvoje Popovski, ok bluhm@ (mpi@) netinet6 ~ in6.c ~ in6.h ~ in6_pcb.c ~ raw_ip6.c ~ udp6_output.c > Validate sockaddr from userland in central functions. This results > in common checks for unix, inet, inet6 instead of partial checks > here and there. Some checks are already done at a higher layer, > but better be paranoid with user input. > OK claudio@ millert@ (bluhm@) ~ ip6_input.c ~ nd6.c ~ nd6_nbr.c > Remove NET_LOCK()'s argument. > Tested by Hrvoje Popovski, ok bluhm@ (mpi@) nfs ~ nfs_boot.c ~ nfs_socket.c > Remove NET_LOCK()'s argument. > Tested by Hrvoje Popovski, ok bluhm@ (mpi@) sys ~ systm.h > Remove NET_LOCK()'s argument. > Tested by Hrvoje Popovski, ok bluhm@ (mpi@) == usr.bin =========================================================== 09/10 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin usr.bin ~ Makefile > Enter ctfconv and ctfdump (mpi@) ctfconv + Makefile + ctfconv.1 + ctfconv.c + ctfstrip + ctfstrip.1 + dw.c + dw.h + dwarf.h + elf.c + generate.c + hash.c + hash.h + itype.h + parse.c + pool.c + pool.h + xmalloc.c + xmalloc.h > Import a tool for generating CTF data section (SUNW_ctf) based on DWARF > information. > ctfconv(1) support multiple CUs in order to work on binaries. ctfstrip(1) > works like strip(1) but also insert a .SUNW_ctf section inside a binary. > ok deraadt@, kettenis@, jasper@ (mpi@) ~ ctfstrip > CVS Id and license. (mpi@) ~ ctfconv.1 ~ ctfconv.c ~ ctfstrip.1 ~ dw.c ~ dw.h ~ dwarf.h ~ elf.c ~ generate.c ~ hash.c ~ hash.h ~ itype.h ~ parse.c ~ pool.c ~ pool.h > add rcs ids (jasper@) ~ ctfstrip > - use mktemp to provide the tempfile name and clean it up properly > - set strict posix mode > ok mpi@ (jasper@) ~ ctfconv.c ~ generate.c ~ itype.h ~ parse.c > Do not insert random name for anonymous member. (mpi@) ~ ctfconv.1 ~ ctfstrip.1 > tweak previous; (jmc@) ~ ctfconv.c ~ parse.c > Fix nested declaration inside union or struct. (mpi@) ~ ctfstrip.1 > Fix typo in SEE ALSO section. > ok mpi@, jmc@ (nayden@) ~ ctfconv.c ~ ctfconv.1 > make 'dump' mutually exclusive with writing out the data, to ease pleding > ok mpi@ (jasper@) ~ ctfconv.c > pledge ctfconv > feedback/ok mpi@ tb@ (jasper@) ctfdump + Makefile + ctfdump.1 + ctfdump.c + elf.c > Import a tool for dumping the contents of CTF data section (SUNW_ctf). > ok deraadt@, kettenis@, jasper@ (mpi@) ~ ctfdump.1 ~ ctfdump.c ~ elf.c > add rcs ids (jasper@) ~ ctfdump.1 > tweak previous; (jmc@) ~ ctfdump.c > pledge ctfdump to stdio and rpath > ok mpi@ (jasper@) ~ ctfdump.c > move pledge after setlocale as suggested by tb@ (jasper@) mandoc ~ man.1 > Add two EXAMPLES; triggered by a question from jmc@. > Feedback and OK jmc@. (schwarze@) ~ mdoc.c > Make the "new sentence, new line" check stricter, allowing digits > in the last two letters of the last word of the sentence. > No false positives in base or Xenocara. > Suggested by and OK jmc@. (schwarze@) ssh ~ serverloop.c > Keep track of the last time we actually heard from the client and > use this to also schedule a client_alive_check(). Prevents activity > on a forwarded port from indefinitely preventing the select timeout > so that client_alive_check() will eventually (although not optimally) > be called. > Analysis by willchan at google com via bz#2756, feedback & ok djm@ > (dtucker@) ~ serverloop.c > Tweak previous keepalive commit: if last_time + keepalive <= now > instead of just "<" so client_alive_check will fire if the select > happens to return on exact second of the timeout. ok djm@ (dtucker@) ~ sftp-client.c > don't print verbose error message when ssh disconnects under sftp; > bz#2750; ok dtucker@ (djm@) ~ sshconnect2.c > refuse to a private keys when its corresponding .pub key does not > match. bz#2737 ok dtucker@ (djm@) == usr.sbin ========================================================== 10/10 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin bgpd ~ bgpd.conf.5 ~ bgpd.h ~ control.c ~ parse.y ~ printconf.c ~ rde.c > softreconfig in and out are on by default for ever and machines now have > enough memory that it does not make sense to provide these knobs anymore. > They just make the code more complex for no much gain. > OK phessler@, benno@ (claudio@) httpd ~ httpd.conf.5 ~ httpd.h ~ parse.y ~ server.c > Convert httpd to tls_config_set_ecdhecurves(), allowing a list of curves > to be specified, rather than a single curve. > ok beck@ (jsing@) ~ httpd.conf.5 > punctuation; (jmc@) npppctl ~ npppctl.c > display MRU each sessions in npppctl session command > ok yasuoka@ (goda@) npppd ~ npppd/npppd_ctl.h ~ npppd/npppd_ctl.c > display MRU each sessions in npppctl session command > ok yasuoka@ (goda@) ~ npppd/npppd.c ~ npppd/npppd.conf.5 ~ npppd/npppd.h ~ npppd/npppd_auth.c ~ npppd/npppd_auth.h ~ npppd/npppd_auth_local.h ~ npppd/parse.y ~ npppd/ppp.c > add a new option to set limits on user-max-sessions each AUTHENTICATION. > It can set limits on different user-max-sessions if there're using several > protocols such as PPPoE and L2TP/IPsec. > ok yasuoka@ (goda@) nsd ~ Makefile.in ~ configure.ac ~ dns.c ~ dns.h ~ namedb.c ~ rdata.c ~ xfrd-tcp.c ~ zonec.c > update to 4.1.17 > OK sthen (florian@) ~ configure > regen (florian@) ~ zparser.y > missed in previous (florian@) ntpd ~ parse.y > zero out sockaddr_in before use; fixes use of stack garbage as port number > in "query from"; ok phessler@ job@ (naddy@) vmd ~ priv.c > Use vmd's process rdomain via getrtable() instead of 0 by default. > This allows to run "route -T 1 exec vmd" to get rdomain 1 tap(4) and > bridge interfaces by default. > ok mlarkin@ (reyk@) =============================================================================== _______________________________________________ odc mailing list odc@squish.net http://www.squish.net/mailman/listinfo/odc
