OpenBSD src changes summary for 2016-02-14 to 2016-02-21 inclusive ==================================================================
bin/pax distrib/miniroot distrib/notes etc/Makefile etc/examples/pkg.conf gnu gnu/lib/libstdc++-v3 lib/libc lib/libcrypto regress/usr.bin sbin/newfs share/man sys/arch/amd64/amd64 sys/arch/amd64/include sys/arch/amd64/stand/boot sys/arch/amd64/stand/cdboot sys/arch/amd64/stand/efiboot sys/arch/amd64/stand/pxeboot sys/arch/i386/conf sys/arch/i386/i386 sys/arch/i386/stand/boot sys/arch/i386/stand/cdboot sys/arch/i386/stand/pxeboot sys/conf sys/dev sys/dev/pci sys/kern sys/ufs/ext2fs sys/ufs/ffs sys/ufs/ufs usr.bin/calendar usr.bin/doas usr.bin/file usr.bin/sendbug usr.bin/skeyinit usr.bin/ssh usr.bin/talk usr.bin/whois usr.sbin/eigrpd usr.sbin/httpd usr.sbin/installboot usr.sbin/ospf6d usr.sbin/ospfd usr.sbin/smtpd usr.sbin/syslogd usr.sbin/tcpdump usr.sbin/vmd == bin =============================================================== 01/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/bin pax ~ tar.c > To archive a 101 character absolute path in ustar format we must > split it on a slash other than the leading one. > Fix based on patches from Peter Fokker (openbsd (at) berestijn.nl) and > Peter Bisroev (peter (at) int19h.net) (guenther@) ~ file_subs.c > Ignore trailing slashes and skip over duplicate slashes in chk_path() to > avoid infinite loop when creating intermediate directories > Fix based on diff by Nicolas Bedos (nicolas.bedos (at) gmail.com) > ok millert@ ok and tweak zhuk@, (guenther@) == distrib =========================================================== 02/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib miniroot ~ install.sub > remove stray semicolon > OK krw@, halex@ (rpe@) ~ install.sub > Combine two sed calls into one. > OK krw@, halex@ (rpe@) notes ~ m4.common ~ amd64/hardware ~ amd64/install > Mention UEFI/GPT, fix some weird spacing, try to adjust 'partitioning' > verbiage to make more sense overall. > ok rpe@ (krw@) == etc =============================================================== 03/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/etc Makefile ~ Makefile > When the default mode on /var/log/maillog was changed to 640 the > creation of maillog as part of the distribution-etc-root-var target > was missed. From Nathanael Rensen (millert@) examples/pkg.conf ~ examples/pkg.conf > sync (sthen@) == gnu =============================================================== 04/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/gnu gnu ~ gcc/gcc/config/alpha/alpha.c > In alpha_expand_block_clear(), cope with the offset being negative; > this can happen due to the frame layout change introduced in order to > support the stack protector. Fix from miod. > Bug originally observed by jca and condensed to a 3-liner by myself, > basically local [] arrays being initialized with shorter strings. > (deraadt@) lib/libstdc++-v3 ~ Makefile > Disable the stack protector when building libstdc++ on arm. Fixes test > cases from dcoppa@ where incorrect behaviour was trigged when using > std::ifstream and linking libpthread. Further investigation and patch > from miod. ok deraadt@ (jsg@) == lib =============================================================== 05/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib libc ~ gen/syslog_r.c > Remove the "error" variable; we no longer fall back to writing to > /dev/console so the value of "error" is never read. Also mention > that sendsyslog2 can fail due to ENOBUFS in the comment. OK deraadt@ > (millert@) libcrypto ~ cert.pem > Sync some root certificates with Mozilla's cert store. ok bcook@ > - Add new root certificates present in Mozilla cert store from CA > organizations who are already in cert.pem (AddTrust, Comodo, DigiCert, > Entrust, GeoTrust, USERTrust). > - Replace Startcom's root with their updated sha256 version present in > Mozilla cert store. (They maintained serial# etc so this is still valid > for existing signed certificates). > - Add two root certificates from CA not previously present: > "C=US, O=Network Solutions L.L.C., CN=Network Solutions Certificate > Authority" > "C=PL, O=Unizeto Sp. z o.o., CN=Certum CA" (the latter used by yandex.ru) > We are still listing some certificates that have been removed from > Mozilla's store (1024-bit etc) however these cannot be removed until > cert validation is improved (we don't currently accept a certificate > as valid unless the CA is at the end of a chain). (sthen@) == regress =========================================================== 06/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress usr.bin ~ ssh/proxy-connect.sh > include bad $SSH_CONNECTION in failure output (djm@) ~ ssh/Makefile > bsd.regress.mk doesn't automatically add "make clean" targets for > $SUBDIRS so do it explicitly (djm@) == sbin ============================================================== 07/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin newfs ~ newfs.8 > TMPDIR is no longer supported; > from rafael neves (jmc@) == share ============================================================= 08/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share man ~ man4/em.4 > add I219 to the list of supported chips > OK bluhm@ (kirby@) ~ man5/port-modules.5 > spacing fixes, from ray; (jmc@) ~ man5/malloc.conf.5 > Fix grammar by splitting a longish sentence. > ok jmc@ (tb@) == sys =============================================================== 09/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys arch/amd64/amd64 ~ vmm.c > Allow userland to initialize CR0 when resetting a VCPU instead of > hardcoding it. Be careful to obey VMX's must-be-0 and must-be-1 > restrictions for CR0. > This gives us the opportunity later to start VCPUs in real-mode, etc. > (for those CPUs that support unrestricted guest). > Be sure to update your vmd(8) also, the ioctl interface has > changed. > ok mlarkin@, deraadt@ (stefan@) ~ vmm.c > Add "interrupt pending on vcpu" ioctl to vmm. Needed for upcoming interrupt > controller work in vmd(8). > ok stefan@, mpi@ (mlarkin@) arch/amd64/include ~ vmmvar.h > Allow userland to initialize CR0 when resetting a VCPU instead of > hardcoding it. Be careful to obey VMX's must-be-0 and must-be-1 > restrictions for CR0. > This gives us the opportunity later to start VCPUs in real-mode, etc. > (for those CPUs that support unrestricted guest). > Be sure to update your vmd(8) also, the ioctl interface has > changed. > ok mlarkin@, deraadt@ (stefan@) ~ vmmvar.h > Add "interrupt pending on vcpu" ioctl to vmm. Needed for upcoming interrupt > controller work in vmd(8). > ok stefan@, mpi@ (mlarkin@) arch/amd64/stand/boot ~ conf.c > belatedly bump bootstrap version after mdrandom() changes; ok deraadt@ > (naddy@) arch/amd64/stand/cdboot ~ conf.c > belatedly bump bootstrap version after mdrandom() changes; ok deraadt@ > (naddy@) arch/amd64/stand/efiboot ~ conf.c > belatedly bump bootstrap version after mdrandom() changes; ok deraadt@ > (naddy@) arch/amd64/stand/pxeboot ~ conf.c > belatedly bump bootstrap version after mdrandom() changes; ok deraadt@ > (naddy@) arch/i386/conf ~ ld.script > Fixes a boot issue on non-ACPI i386 machines that need X permissions on > the BIOS region in the ISA hole. > Also fix a separate unrelated issue relating to placing R/O (no X) > permissions on the kernel symbol area on bsd.rd. > ok deraadt (mlarkin@) arch/i386/i386 ~ bios.c ~ pmapae.c > Fixes a boot issue on non-ACPI i386 machines that need X permissions on > the BIOS region in the ISA hole. > Also fix a separate unrelated issue relating to placing R/O (no X) > permissions on the kernel symbol area on bsd.rd. > ok deraadt (mlarkin@) arch/i386/stand/boot ~ conf.c > belatedly bump bootstrap version after mdrandom() changes; ok deraadt@ > (naddy@) arch/i386/stand/cdboot ~ conf.c > belatedly bump bootstrap version after mdrandom() changes; ok deraadt@ > (naddy@) arch/i386/stand/pxeboot ~ conf.c > belatedly bump bootstrap version after mdrandom() changes; ok deraadt@ > (naddy@) conf ~ files > Die, trailing whitespace, die! (krw@) dev ~ softraid.c > Avoid using uninitialized variables in two corner cases. In one > case check if it was set and bail out with a useful message if not. > In the other the variable was the wrong one anyway, and we can just > use the correct variable. > Found by & ok jsg@ (krw@) ~ rnd.c > Right shift by an amount larger than width of type is undefined behavior. > Pointed out by Martin Natano, slightly tweaked by me. > ok deraadt@ (stefan@) dev/pci ~ bktr/bktr_core.c > Convert to uiomove. From Martin Natano. (stefan@) ~ pcidevs > Add Intel i219 em(4). (bluhm@) ~ pcidevs.h ~ pcidevs_data.h > regen (bluhm@) ~ if_em.c ~ if_em.h ~ if_em_hw.c ~ if_em_hw.h ~ if_em_osdep.h > Add support for the Intel i219 network chip to the em(4) driver. > from Christian Ehrhardt; input jsg@; OK deraadt@ sthen@ mpi@ jsg@ > tested by sthen@ jca@ benno@ bluhm@ (bluhm@) ~ azalia.c > enable snooping on Intel C610 > from Alexandre H > add C600 as well while here. (jsg@) ~ pcidevs > pci bridge, from Hrvoje Popovski (deraadt@) ~ pcidevs.h ~ pcidevs_data.h > sync (deraadt@) kern ~ kern_pledge.c > Return ENOTTY for TIOCFLUSH when allowed by pledge but the fd is > not a tty. Fixes a pledge failure in telnet when piping the output. > OK deraadt@ (millert@) ufs/ext2fs ~ ext2fs_lookup.c ~ ext2fs_readwrite.c ~ ext2fs_vnops.c > Convert to uiomove. From Martin Natano. (stefan@) ufs/ffs ~ ffs_vnops.c > Convert to uiomove. From Martin Natano. (stefan@) ufs/ufs ~ ufs_vnops.c > Convert to uiomove. From Martin Natano. (stefan@) == usr.bin =========================================================== 10/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin calendar ~ calendars/calendar.birthday ~ calendars/calendar.history > correct(ish) date of death for alexander the great; > from soren jacobsen, netbsd -r1.26 > i've done it a bit differently though: since the date was listed > both in .birthday and .history i added his (reputed) birth date > to .birthday and removed the dup. i also standardised the date > as "[year][space]BC". (jmc@) doas ~ doas.c > Do a carriage return before password prompt. > OK tedu@ (martijn@) file ~ magic-test.c > Fix the C type used for 32-bit float/lefloat/befloat, it should be float > not double (they are not used in any magic files anyway at the moment > though). Spotted by and ok jsg. (nicm@) sendbug ~ sendbug.1 > TMPDIR is no longer supported; > from rafael neves (jmc@) skeyinit ~ skeyinit.c > Fix skeyinit -E by hoisting argument parsing and the call to enable_db() > above the calls to pledge(): /etc/skey wants to have its sticky bit. > ok deraadt@ (tb@) ssh ~ sftp-server-main.c ~ sftp-server.c ~ sftp.c ~ ssh-add.c ~ ssh-agent.c ~ ssh-keygen.c ~ ssh-keyscan.c ~ ssh-keysign.c ~ ssh-pkcs11-helper.c ~ ssh.c ~ sshd.c ~ xmalloc.c ~ xmalloc.h > Add a function to enable security-related malloc_options. With and ok > deraadt@, something similar has been in the snaps for a while. (dtucker@) ~ monitor.c > memleak of algorithm name in mm_answer_sign; reported by Jakub Jelen (djm@) ~ session.c > add a "Close session" log entry (at loglevel=verbose) to correspond > to the existing "Starting session" one. Also include the session id > number to make multiplexed sessions more apparent. > feedback and ok dtucker@ (djm@) ~ ssh.1 ~ ssh_config.5 ~ sshd_config.5 > Replace list of ciphers and MACs adjacent to -1/-2 flag descriptions in > ssh(1) with a strong recommendation not to use protocol 1. Add a similar > warning to the Protocol option descriptions in ssh_config(5) and > sshd_config(5); > prompted by and ok mmcc@ (djm@) ~ ssh.1 > no need to state that protocol 2 is the default twice; (jmc@) ~ servconf.c ~ sshd_config > make sandboxed privilege separation the default, not just for new > installs; "absolutely" deraadt@ (djm@) ~ ssh-keygen.1 ~ ssh-keysign.8 ~ ssh.1 ~ ssh_config.5 ~ sshd.8 ~ sshd_config.5 > since these pages now clearly tell folks to avoid v1, normalise > the docs from a v2 perspective (i.e. stop pointing out which bits > are v2 only); > ok/tweaks djm ok markus (jmc@) ~ ssh_config.5 ~ sshd_config.5 > rsa-sha2-512,rsa-sha2-256 cannot be selected explicitly in > *KeyTypes options yet. Remove them from the lists of algorithms > for now. committing on behalf of markus@ ok djm@ (djm@) ~ packet.c > rekey refactor broke SSH1; spotted by Tom G. Christensen (djm@) ~ ssh_config.5 > AddressFamily defaults to any. > ok djm@ (sobrado@) ~ ssh_config > add missing ~/.ssh/id_ecdsa and ~/.ssh/id_ed25519 to IdentityFile. > ok djm@ (sobrado@) ~ ssh_config > set ssh(1) protocol version to 2 only. > ok djm@ (sobrado@) talk ~ io.c > finish conversion select -> poll, error messages count too, sloppy theo. > okay millert@ (espie@) whois ~ whois.1 > spell out RIPE without errant acute accents; ok millert@ (naddy@) == usr.sbin ========================================================== 11/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin eigrpd ~ kroute.c > Filter our RTM_GET messages which are not from us. > Pulled from ospfd. Original author: claudio@ (renato@) ~ tlv.c > Make eigrpd work against newer IOS routers. > Different versions of IOS can use a different number of bytes to encode > the same IPv6 prefix inside route TLVs. This sucks but we have to deal > with it. Instead of calculating the number of bytes based on the value > of the prefixlen field, let's get this number by subtracting the size > of all other fields from the total size of the TLV. It works because > all the other fields have a fixed length. > For reference, the EIGRP draft says that length of the prefix field > should be obtained according to this function: > ((Bit Count - 1) / 8) + 1 > But older IOS versions use this for IPv6 (obtained through reverse > engineering): > ((Bit Count == 128) ? 16 : ((Bit Count / 8) + 1)) > Now, the new IOS-XR apparently uses the first formula for both IPv4 and > IPv6. With this patch, eigrpd will work against both older and newer > versions of IOS. (renato@) ~ packet.c > Add scope id only for unicast IPv6 packets. (renato@) ~ eigrpd.c ~ eigrpd.h ~ eigrpe.h ~ interface.c ~ kroute.c ~ packet.c ~ parse.y ~ rde_dual.c ~ tlv.c ~ util.c > Several minor tweaks. (renato@) ~ kroute.c ~ neighbor.c ~ rde_dual.c ~ util.c > Extend eigrp_addrcmp() and use it in more places. > The idea is to remove unnecessary code duplication throughout the code. > (renato@) ~ eigrpd.h ~ kroute.c ~ packet.c ~ parse.y ~ tlv.c ~ util.c > Introduce the bad_addr() family of functions. > These functions improve code reusability as there's no more need to > check for all possible "bad" addresses in several different places. > Besides that, this patch introduce additional checks in the code. (renato@) ~ eigrpd.c ~ eigrpe.c ~ interface.c ~ kroute.c ~ log.c ~ neighbor.c ~ packet.c ~ parse.y ~ rde.c ~ rde_dual.c ~ rtp.c ~ tlv.c > Copy structs by assignment instead of memcpy. > Copying by straight assignment is shorter, easier to read and has a > higher level of abstraction. We'll only avoid it when copying from an > unaligned source (e.g., network buffers). (renato@) ~ tlv.c > Simplify the handling of the sequence tlv. > The C standard says: "A pointer to a union object, suitably converted, > points to each of its members". > This means that we can use the same code to process both v4 and v6 > addresses. (renato@) ~ eigrpe.c ~ eigrpe.h ~ interface.c ~ kroute.c ~ parse.y ~ rde_dual.c > Move some functions around and rename a few variables and functions. > The sooner we do these changes the better. This rearrangement will make > the code easier to read. (renato@) ~ rde_dual.c > Skip redistributed routes when updating the FIB. (renato@) httpd ~ patterns.c > httpd patterns double free > issue and diff from Alexander Schrijver alex at flupzor nl > ok reyk@ (semarie@) installboot ~ vax_installboot.c > sync() requires unistd.h > Reported by Sigi Rudzio. Thanks! > "go for it" deraadt@ (tobiasu@) ospf6d ~ ospf6d.conf.5 > ospf6d looks for net.inet6.ip6.forwarding, not net.inet.ip.forwarding. > OK jca@ jmc@ sthen@ claudio@ (reyk@) ospfd ~ database.c > Fix format string of a warning. > from markus@; OK claudio@ (bluhm@) smtpd ~ to.c > Simplify address parsing code by only using inet_net_pton(3). > There's no need to have a separate case for non-CIDR addresses using > inet_pton(3) as inet_net_pton(3) handles them as well. > This simplification is valid for all our daemons parsing addresses, > it is a common patern. > ok gilles@, millert@, jung@ (mpi@) ~ to.c > Revert previous, semarie@ found a regression. (mpi@) ~ smtpd.h > bump version (gilles@) syslogd ~ syslogd.c > Prevent an integer overflow in syslogd when parsing the priority. > From Michael Savage; input and OK mmcc@ (bluhm@) tcpdump ~ print-802_11.c > Make tcpdump show details of beacon country elements in verbose mode only. > ok sthen@ (stsp@) vmd ~ vmm.c > Pass down the initial value of CR0 down to the RESETCPU ioctl() as well. > This gives us the opportunity later to start VCPUs in real-mode, etc. > (for those CPUs that support unrestricted guest). > You need to build an updated kernel for this first, the ioctl interface > has changed. > ok mlarkin@, deraadt@ (stefan@) =============================================================================== _______________________________________________ owc mailing list [email protected] http://www.squish.net/mailman/listinfo/owc
