OpenBSD src changes summary for 2015-08-02 to 2015-08-09 inclusive ==================================================================
distrib/macppc distrib/miniroot distrib/notes distrib/sets etc/Makefile etc/changelist etc/examples/radiusd.conf etc/mtree/special etc/rc etc/rc.conf etc/rc.d/radiusd gnu/usr.bin/binutils-2.17 lib/libc lib/libcrypto regress/sys regress/usr.bin sbin/ping share/man sys/arch/i386/i386 sys/arch/mips64/mips64 sys/arch/octeon/conf sys/dev/acpi sys/dev/pci sys/kern sys/net usr.bin/doas usr.bin/openssl usr.bin/ssh usr.sbin/apm usr.sbin/bgpd usr.sbin/httpd usr.sbin/identd usr.sbin/radiusctl usr.sbin/radiusd usr.sbin/rarpd usr.sbin/rcctl == distrib =========================================================== 01/10 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib macppc ~ ramdisk/install.md > Enable the xdm installer question on macppc, now that it has virtual > consoles. > Noted by stsp > OK deraadt (rpe@) miniroot ~ install.sub > Change the ssh root login question to avoid the unnatural keyword > "without-password". Instead use "pubkeys-only" which people will find > conceptually easier. Still quietly accept "w" or "without-password" > as an option. > Place a warning beforehands: > WARNING: root is targetted by password guessing attacks, pubkeys are safer. > Everyone happy now, or at learning to not use root passwords? (deraadt@) ~ install.sub > spelling (deraadt@) ~ install.sub > match change to prohibit-password. however, also default to "no", as > as strong secure-by-default stance. > people who upload root keys via site.tgz need to adjust sshd_config; > those who load a root key via autoinstall should trigger on this > question and select prohibit-password. > discussed at length (deraadt@) notes ~ octeon/hardware ~ octeon/install ~ octeon/prep > long overdue overhaul to include instructions for miniroot and usb > (jasper@) sets ~ lists/base/mi ~ lists/man/mi > sync (deraadt@) ~ lists/base/mi > sync (deraadt@) == etc =============================================================== 02/10 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/etc Makefile ~ Makefile > Place etc/defaults/radiusd.conf and etc/rc.d/radiusd. Modify etc/rc > to hook the rc script and modify etc/rc.conf to make it disable by > default. Also add an entry for /etc/radiusd.conf to etc/changelist > and etc/mtree/special. > ok deraadt (yasuoka@) ~ Makefile > install the radiusd rc.d file > ok deraadt@ (jsg@) changelist ~ changelist > Place etc/defaults/radiusd.conf and etc/rc.d/radiusd. Modify etc/rc > to hook the rc script and modify etc/rc.conf to make it disable by > default. Also add an entry for /etc/radiusd.conf to etc/changelist > and etc/mtree/special. > ok deraadt (yasuoka@) examples/radiusd.conf + examples/radiusd.conf > Place etc/defaults/radiusd.conf and etc/rc.d/radiusd. Modify etc/rc > to hook the rc script and modify etc/rc.conf to make it disable by > default. Also add an entry for /etc/radiusd.conf to etc/changelist > and etc/mtree/special. > ok deraadt (yasuoka@) mtree/special ~ mtree/special > Place etc/defaults/radiusd.conf and etc/rc.d/radiusd. Modify etc/rc > to hook the rc script and modify etc/rc.conf to make it disable by > default. Also add an entry for /etc/radiusd.conf to etc/changelist > and etc/mtree/special. > ok deraadt (yasuoka@) rc ~ rc > Place etc/defaults/radiusd.conf and etc/rc.d/radiusd. Modify etc/rc > to hook the rc script and modify etc/rc.conf to make it disable by > default. Also add an entry for /etc/radiusd.conf to etc/changelist > and etc/mtree/special. > ok deraadt (yasuoka@) rc.conf ~ rc.conf > Place etc/defaults/radiusd.conf and etc/rc.d/radiusd. Modify etc/rc > to hook the rc script and modify etc/rc.conf to make it disable by > default. Also add an entry for /etc/radiusd.conf to etc/changelist > and etc/mtree/special. > ok deraadt (yasuoka@) rc.d/radiusd + rc.d/radiusd > Place etc/defaults/radiusd.conf and etc/rc.d/radiusd. Modify etc/rc > to hook the rc script and modify etc/rc.conf to make it disable by > default. Also add an entry for /etc/radiusd.conf to etc/changelist > and etc/mtree/special. > ok deraadt (yasuoka@) == gnu =============================================================== 03/10 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/gnu usr.bin/binutils-2.17 ~ bfd/elf32-ppc.c > Prevent a NULL dereference when a plt entry is not found. > This smells like a workaround but it allows audio/mpd to > build and the resulting binary runs well enough to make > landry@ happy. In any case, having a broken binary is not > much worse than not having a binary because ld(1) crashed. > ok miod@, deraadt@ (mpi@) == lib =============================================================== 04/10 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib libc ~ sys/ptrace.2 > spelling; ok deraadt (jmc@) libcrypto ~ man/BIO_s_bio.3 ~ man/BN_BLINDING_new.3 > spelling; ok deraadt (jmc@) == regress =========================================================== 05/10 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress sys ~ kern/kqueue/kqueue-process.c > Refactor to prepare a future change; no functional changes. (uebayasi@) ~ kern/kqueue/kqueue-process.c > Kill a useless assignment. (uebayasi@) usr.bin ~ ssh/unittests/sshkey/test_sshkey.c > adjust for RSA minimum modulus switch; ok deraadt@ (djm@) == sbin ============================================================== 06/10 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin ping ~ ping.c > repair buffer size checks around chacha block, spotted by Dimitris > Papastamos > ok florian (deraadt@) == share ============================================================= 07/10 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share man ~ man4/carp.4 > Rolf Sommerhalder reports that the examples in the carp manpage are > little lies: you have to use carpdev now to configure a carp parent > interface. > ok mpi@ jmc@ (benno@) ~ man7/hier.7 > add /var/run/rc.d/ > help/ok schwarze (jmc@) == sys =============================================================== 08/10 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys arch/i386/i386 ~ pmapae.c > Remove some ancient code in PAE mode that was part of supporting > 4GB > physmem on i386, which we don't support anymore. And since we removed the > physmem ranges above 4GB in machdep.c, this code did nothing anyway. > ok beck@, deraadt@ (mlarkin@) arch/mips64/mips64 ~ trap.c > On mips64, enable IPIs before calling refreshcreds() in trap(), to > avoid a potential deadlock. > ok miod@, deraadt@ (visa@) arch/octeon/conf ~ RAMDISK > add amdcf(4) here too; unbreaks RAMDISK > ok pirofti@ (jasper@) ~ RAMDISK > Add octrtc(4) to RAMDISK. > Okay deraadt@, jasper@. (pirofti@) dev/acpi ~ acpidev.h > Fix a handful of incorrect register offsets in acpihpet. > from patrick keshishian <pkeshish at gmail.com> > ok deraadt@ (mlarkin@) ~ acpicpu.c > Provide the fallback C1-via-halt even when _CST can't be evaluated. > Fixed systems that only provide _CST for a subset of the CPUs. > Problem reported by <david.a.baer (at) gmail.com> > ok mlarkin@ deraadt@ (guenther@) ~ acpi.c ~ acpicpu.c > If we are setting ACPI_PM1_BM_RLD do it only once, and remember to > repeat this action at resume time. > ok mlarkin guenther (deraadt@) ~ acpihpet.c > do not save & restore a capability register, it is RO. > issue noticed by patrick kehishian, ok mlarkin (deraadt@) ~ acpicpu.c > Skip C2 and C3 states from the FADT if the cpu doesn't have ARAT. > problem reported by patrick keshishian (pkeshish (at) gmail.com) > based on diff from mlarkin@, ok mlarkin@ deraadt@ (guenther@) dev/pci ~ cs4281.c > Remove a debug printf that should have been removed years ago. ok ratchov > (stsp@) ~ cs4281.c > Fix clct(4) audio driver which was stuttering to the point of being > useless. > Tested on Thinkpad X21 by me. All the hard work was done by ratchov@. > I just made some cosmetic fixes while here. > ok ratchov@ deraadt@ (stsp@) ~ pcidevs > add C610 HD Audio, from Alexandre H. ok deraadt (tedu@) ~ pcidevs.h ~ pcidevs_data.h > regen (tedu@) ~ azalia_codec.c > add Realtek ALC1150, from Alexandre H. ok deraadt (tedu@) ~ if_em_hw.c ~ if_em_hw.h > Fix i217 PHY initialization > Add a workaround for a hardware bug were receiving of packets would stop > until the battery of the laptop was removed. The problem could be > triggered if the LAN cable was plugged in after the PHY had already been > initialized. > The workaround is already present in FreeBSD (e1000_ich8lan.c: > e1000_lv_jumbo_workaround_ich8lan()) and Linux. The commit messages of > b20a7744 and da1e2046 in Linux have some more details. > Found and ported from FreeBSD by Valentin Dornauer. > Tested by many. > ok deraadt@ (sf@) kern ~ kern_sysctl.c > Unfortunately netstat did not show sockets without file descriptors > since it had been converted from kvm to sysctl. This was hiding a > bunch of TCP states which are important for network debugging. > Loop over the internet PCB tables to fill the network information > into the KERN_FILE_BYFILE sysctl result. Skip internet sockets > when looping over the file desciptors. > From markus@; OK guenther@; Go for it deraadt@ (bluhm@) net ~ pf_lb.c > A recently added sanity check panic in pf_postprocess_addr() was > triggered for a reply-to rule. It turns out this case has been using > uninitialised memory as if it were a valid pf pool. > As the rest of the function assumes a valid pool for now just return. > Problem reported by RD Thrush. > ok jung@ mikeb@ (jsg@) == usr.bin =========================================================== 09/10 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin doas ~ doas.c > remove an extra getuid call, reported by Martijn van Duren (tedu@) openssl ~ openssl.1 > remove ssl3 bits; ok doug (jmc@) ssh ~ version.h > openssh 7.0; ok deraadt@ (djm@) ~ ssh.h ~ sshkey.h > backout SSH_RSA_MINIMUM_MODULUS_SIZE increase for this release; > problems spotted by sthen@ ok deraadt@ markus@ (djm@) ~ auth.c ~ servconf.c ~ sshd_config ~ sshd_config.5 > add prohibit-password as a synonymn for without-password, since the > without-password is causing too many questions. Harden it to ban all > but pubkey, hostbased, and GSSAPI auth (when the latter is enabled) > from djm, ok markus (deraadt@) == usr.sbin ========================================================== 10/10 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin apm ~ apm.8 > Clarify how ACPI unhibernate works, as well as expand a bit on visual > feedback that may be presented to the user during unhibernate/resume. > suggested by espie@ (mlarkin@) ~ apm.8 > tweak previous; ok deraadt (jmc@) bgpd ~ bgpd.c ~ rde.c ~ session.c > Give more precise errors, to help track when bgpd quits > OK florian@ benno@ sthen@ deraadt@ (phessler@) httpd ~ httpd.h ~ server.c ~ server_fcgi.c ~ server_file.c > Fix rev 1.70 of server.c by only re-enabling the bufferevent if we > previously disabled it because we were reading to fast (from disk). > Problem noted and tracked down to that commit by weerd@ and > independently by stsp@. > Tested by weerd@, stsp@, reyk@ > OK bluhm@, reyk@ (florian@) identd ~ identd.c > consider the default failure handling for errors on socket operations to > close the socket rather than kill the program. > tested for a few days on the student shell box at work. > based on discussion with guenther@ (dlg@) radiusctl ~ radiusctl.c > Fix styles. Also delete -h option since any other ctl command doesn't have > it. (yasuoka@) ~ Makefile + radiusctl.8 > Add radiusctl.8 > ok deraadt (yasuoka@) ~ radiusctl.8 > tweak previous; (jmc@) ~ radiusctl.c > sync usage(); (jmc@) radiusd ~ radiusd.c > Fix radiusd to start without -d. Also stop using event_initialized() > to check whether the event handler is set. (yasuoka@) ~ radiusd_radius.c > Fix radiusd_radius to use syslog(3). It had used stderr for debug. > (yasuoka@) ~ radiusd_module.c > radiusd_module with libevent didn't stop when the daemon stops. Fix > it to delete its event handler properly. (yasuoka@) ~ parse.y ~ radiusd.c > Tweak XXX comments. (yasuoka@) ~ radiusd.c > Fire pending events when the module starts. (yasuoka@) ~ radiusd_module.c > Check the received packet length properly. (yasuoka@) ~ radiusd.conf.5 > Make radiusd.conf.5 describe all configuration options (yasuoka@) ~ radiusd.conf.5 > fix up previous; (jmc@) rarpd ~ arptab.c > Explicitly request the sockaddr_dl when doing a RTM_GET rather than > assuming that it will be in the gateway sa. > Fixes a regression introduced with the support of multiple connected > routes, found the hardway by sebastia@. > ok florian@, benno@, deraadt@ (mpi@) rcctl ~ rcctl.sh > "ls" requires an argument. > issue reported by kirby@ > "hurry up" deraadt@ (ajacoutot@) =============================================================================== _______________________________________________ owc mailing list [email protected] http://www.squish.net/mailman/listinfo/owc
