OpenBSD src changes summary for 2016-05-22 to 2016-05-29 inclusive ==================================================================
distrib/armv7 distrib/miniroot distrib/notes distrib/sets etc/MAKEDEV.common etc/Makefile etc/Makefile.inc etc/etc.armv7/Makefile.inc etc/etc.armv7/disktab etc/examples/pkg.conf etc/rc gnu/usr.bin/binutils-2.17 include/setjmp.h include/unistd.h lib/libc lib/libcrypto lib/libcurses lib/libedit lib/libfuse lib/libkvm lib/libssl lib/libtls libexec/ld.so regress/lib regress/sys regress/usr.bin regress/usr.sbin sbin/disklabel sbin/fsck_msdos sbin/fsirand sbin/growfs sbin/mount sbin/mount_ffs sbin/mount_nfs sbin/ncheck_ffs sbin/pdisk sbin/sysctl sbin/tunefs share/locale share/man share/mk sys/arch sys/arch/alpha/alpha sys/arch/alpha/include sys/arch/amd64/amd64 sys/arch/amd64/stand/boot sys/arch/amd64/stand/cdboot sys/arch/amd64/stand/libsa sys/arch/amd64/stand/pxeboot sys/arch/arm/arm sys/arch/arm/conf sys/arch/arm/include sys/arch/arm/mainbus sys/arch/arm/simplebus sys/arch/armv7/conf sys/arch/armv7/stand sys/arch/armv7/stand/efiboot sys/arch/hppa/hppa sys/arch/i386/i386 sys/arch/i386/stand/boot sys/arch/i386/stand/cdboot sys/arch/i386/stand/libsa sys/arch/i386/stand/pxeboot sys/arch/m88k/include sys/arch/macppc/dev sys/arch/macppc/macppc sys/arch/mips64/mips64 sys/arch/octeon/dev sys/arch/octeon/include sys/arch/sh/include sys/arch/sh/sh sys/arch/socppc/socppc sys/arch/sparc/include sys/arch/sparc/sparc sys/arch/sparc64/include sys/arch/sparc64/sparc64 sys/dev sys/dev/acpi sys/dev/hid sys/dev/pci sys/dev/pckbc sys/dev/usb sys/isofs/cd9660 sys/isofs/udf sys/kern sys/miscfs/fuse sys/msdosfs sys/net sys/netinet sys/ntfs sys/sys sys/ufs/ext2fs sys/ufs/ffs sys/uvm usr.bin/aucat usr.bin/fold usr.bin/ftp usr.bin/kdump usr.bin/lock usr.bin/mandoc usr.bin/mklocale usr.bin/nc usr.bin/sndiod usr.bin/ssh usr.bin/tmux usr.bin/vi usr.bin/which usr.sbin/arp usr.sbin/bgpctl usr.sbin/dhcpd usr.sbin/dhcrelay usr.sbin/hostapd usr.sbin/httpd usr.sbin/installboot usr.sbin/ldpctl usr.sbin/ldpd usr.sbin/mopd usr.sbin/npppd usr.sbin/pkg_add usr.sbin/procmap usr.sbin/pstat usr.sbin/rarpd usr.sbin/rbootd usr.sbin/smtpd usr.sbin/vmd == distrib =========================================================== 01/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib armv7 ~ miniroot/Makefile.inc + miniroot/boot.cmd > use a simple u-boot script for all the miniroots that loads with fdt > ok patrick@ kettenis@ (jsg@) ~ miniroot/am335x/Makefile ~ miniroot/beagle/Makefile ~ miniroot/cubie/Makefile ~ miniroot/cubox/Makefile ~ miniroot/nitrogen/Makefile ~ miniroot/panda/Makefile ~ miniroot/wandboard/Makefile > Remove LOADADDR definitions, the default ${loadaddr} set by u-boot is > now used. (jsg@) ~ ramdisk/install.md > use a common simple u-boot script that loads with fdt (jsg@) ~ ramdisk/install.md > force long filenames on the initial fat16 mount here as well > dtb filenames are longer than 8.3 (jsg@) ~ ramdisk/install.md > Use efiboot when setting up the installed disk. If efiboot is placed > in the correct path on disk u-boot will load it and search for dtb > files without a script. > Leave sabre lite/nitrogen with the old method as boundary devices haven't > released u-boot 2015.05 yet. > ok kettenis@ (jsg@) ~ miniroot/Makefile.inc ~ miniroot/cubox/Makefile ~ miniroot/nitrogen/Makefile ~ ramdisk/install.md > Use a fat16 partition starting at sector 2048/1MB everywhere to simplify > things. OMAP can still load the first u-boot stage (MLO) from the fs > and imx u-boot can load files off fat. The offset allows space for the > u-boot images placed at raw offsets on imx and sunxi. > discussed with kettenis (jsg@) ~ miniroot/Makefile.inc > use efiboot in armv7 miniroot images (jsg@) ~ miniroot/Makefile.inc ~ ramdisk/install.md > Assume sabrelite/nitrogen has a bootefi enabled u-boot in flash and just > install dtbs and efiboot on the fat fs. (jsg@) ~ ramdisk/Makefile ~ ramdisk/install.md > Stop building u-boot kernel and ramdisk images. The kernel make targets > are left for now but umg files are no longer built when building > releases. (jsg@) ~ ramdisk/install.md > Decide which u-boot/dtb to use based on the fdt model printed when > attaching mainbus not the string we print based on the board id when > attaching the soc platform abstraction. > Overhaul md_installboot() to make it much more readable based on > suggestions from rpe@ (jsg@) ~ miniroot/Makefile.inc > Add back the fdisk command to flag the fat fs as active. > The omap boot rom that loads the first u-boot stage requires this. (jsg@) miniroot ~ install.sub > Rename variable $action (which is actually global) to AI_MODE. > While there, (re)set AI_MODE and AI_SERVER at the start of the > installer script. > OK krw@ (rpe@) ~ install.sub > Rename variables to a less ambiguous name better matching their purpose. > OK krw (rpe@) ~ install.sub > During install, set new 'wxallowed' mount option for the filesystem > /usr/local resides on. > idea from and ok deraadt > with feedback from halex (rpe@) ~ install.sub > whitespaces grow bsd.rd, you know (deraadt@) notes ~ armv7/prep > Remove the section on tftp booting a umg file. This might come back in > a different form when u-boot supports efi networking interfaces. (jsg@) sets ~ lists/man/mi > sync (deraadt@) ~ lists/base/md.alpha ~ lists/base/md.amd64 ~ lists/base/md.armish ~ lists/base/md.armv7 ~ lists/base/md.hppa ~ lists/base/md.i386 ~ lists/base/md.landisk ~ lists/base/md.loongson ~ lists/base/md.luna88k ~ lists/base/md.macppc ~ lists/base/md.octeon ~ lists/base/md.sgi ~ lists/base/md.socppc ~ lists/base/md.sparc ~ lists/base/md.sparc64 ~ lists/base/md.zaurus ~ lists/base/mi ~ lists/comp/mi > sync (deraadt@) ~ lists/base/md.armish ~ lists/base/md.armv7 ~ lists/base/md.zaurus ~ lists/comp/md.armish ~ lists/comp/md.armv7 ~ lists/comp/md.zaurus > sync (jsg@) == etc =============================================================== 02/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/etc MAKEDEV.common ~ MAKEDEV.common > whitespace found during review (deraadt@) Makefile ~ Makefile > whitespace found during review (deraadt@) Makefile.inc ~ Makefile.inc > whitespace found during review (deraadt@) etc.armv7/Makefile.inc ~ etc.armv7/Makefile.inc > build armv7 efiboot (jsg@) ~ etc.armv7/Makefile.inc > Stop building u-boot kernel and ramdisk images. The kernel make targets > are left for now but umg files are no longer built when building > releases. (jsg@) etc.armv7/disktab ~ etc.armv7/disktab > use efiboot in armv7 miniroot images (jsg@) examples/pkg.conf ~ examples/pkg.conf > sync (sthen@) rc ~ rc > Use the -F flag of install(1) to ensure the file's content is flushed to > disk. > OK deraadt (rpe@) ~ rc > - rename rebuildlibs() to reorder_libs() > - move the info message inside the function > - skip reordering if /usr/lib is on a nfs mounted filesystem > - temporarily remount rw if /usr/lib is on a ro ffs file-system > OK deraadt (rpe@) ~ rc > whitespace found during review (deraadt@) ~ rc > Add function comments. > OK sthen, deraadt (rpe@) ~ rc > No need to show the messages if we skip in case of /usr/lib on nfs. > OK deraadt (rpe@) ~ rc > Improve error handling in reorder_libs() > - run commands in subshell only if mktemp is successful > - on error just leave the for-loop but set _error=true > - cleanup tmpdirs afterwards > - set _error=true if the ro remount fails > - print appropriate final message depending on $_error > positive feedback from deraadt > OK krw (rpe@) == gnu =============================================================== 03/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/gnu usr.bin/binutils-2.17 ~ bfd/elf64-sparc.c > On sparc64, make the PLT read-only. This allows the kernel and ld.so to > load binaries without violating W^X. ld.so will make the PLT temporarily > writable (making it non-executable at the same time) to set up the initial > PLT slots and to do non-lazy relocations and restore permissions > afterwards. > Make sure you install an updated ld.so before doing a full build. > ok deraadt@ (kettenis@) ~ bfd/elf-bfd.h ~ bfd/elf.c ~ bfd/elflink.c ~ binutils/readelf.c ~ include/bfdlink.h ~ include/elf/common.h ~ ld/ld.texinfo ~ ld/ldgram.y ~ ld/emultempl/elf32.em > -z wxneeded creates a PHDR PT_OPENBSD_WXNEEDED. This annotation is placed > on a binary by a software builder (ie. packager) to indicate to the kernel > that this software performs W^X violations. > ok kettenis guenther millert (deraadt@) == include =========================================================== 04/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/include setjmp.h ~ setjmp.h > Stop supporting longjmperror(); it's not used, not portable, and the checks > longjmp performs can't really be relied upon, even after we got rid of the > false positives... > ok millert@ deraadt@ (guenther@) unistd.h ~ unistd.h > Remove iruserok(_sa)? and __ivaliduser(sa)? > ok millert@ deraadt@ (guenther@) == lib =============================================================== 05/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib libc - arch/powerpc/sys/cerror.S > Oh right, actually delete this now that __cerror is unused (guenther@) ~ arch/powerpc/gen/setjmp.S ~ arch/powerpc/gen/sigsetjmp.S > Add XOR cookies for r1 (stack) and lr. Switch from calling obsolete > sig{block,setmask} to directly using the sigprocmask syscall. Rewrite > sig{set,long}jmp based on {set,long}jmp to avoid the deprecated > store/load-multiple instructions. > in snaps; ok deraadt@ (guenther@) ~ Symbols.list ~ time/strptime.c ~ locale/__mb_cur_max.c ~ locale/_def_messages.c ~ locale/_def_monetary.c ~ locale/_def_numeric.c ~ locale/_def_time.c ~ locale/localeconv.c ~ locale/nl_langinfo.c ~ locale/rune.h ~ locale/setlocale.c + include/localedef.h > Stop exposing <sys/localedef.h> and various symbols internal to the libc > locale implementation: _{Current,Default}*Locale, __[mn]locale_changed, > __mb_len_max_runtime > ok millert@ schwarze@ deraadt@ (guenther@) ~ Symbols.list ~ net/ruserok.c > Eliminate __check_rhosts_file and __rcmd_errstr: they were only used by > rlogind and rshd (remember them?) > ok deraadt@ (guenther@) ~ Symbols.list ~ hidden/unistd.h ~ net/ruserok.c ~ net/rcmd.3 > Remove iruserok(_sa)? and __ivaliduser(sa)? > ok millert@ deraadt@ (guenther@) - gen/setjmperr.c ~ Symbols.list ~ gen/Makefile.inc ~ gen/setjmp.3 ~ arch/arm/gen/_setjmp.S ~ arch/arm/gen/setjmp.S ~ arch/m88k/gen/_setjmp.S ~ arch/m88k/gen/setjmp.S ~ arch/m88k/gen/sigsetjmp.S ~ arch/mips64/gen/_setjmp.S ~ arch/mips64/gen/setjmp.S > Stop supporting longjmperror(); it's not used, not portable, and the checks > longjmp performs can't really be relied upon, even after we got rid of the > false positives... > ok millert@ deraadt@ (guenther@) ~ stdio/fwalk.c ~ stdio/local.h > Make _fwalk and _cleanup completely internal to libc > ok deraadt@ (guenther@) ~ arch/hppa/gen/setjmp.S > Add XOR cookies for rp and sp. Switch from calling obsolete > sig{block,setmask} to directly using the sigprocmask syscall. > Remove longjmperror()-if-passed-real-sigcontext checks and the > filling in of sigcontext fields that longjmp ignores. > in snaps; ok deraadt@ (guenther@) ~ shlib_version > Major bump for the removal of the various locale, ruserok, and > longjmperror symbols (guenther@) ~ arch/sparc/gen/setjmp.S > Include SYS.h instead of DEFS.h now that this does a direct syscall > (guenther@) ~ arch/sparc/gen/setjmp.S > More fixes from miod (guenther@) ~ regex/engine.c > Fix another one-byte buffer underflow (read access only). > This change touches code that only runs when REG_BASIC is given and the > regular expression is anchored with [[:<:]] or \< _and_ uses > backreferences. > Simplify the logic while here, already looking at the previous character > if REG_STARTEND and REG_NOTBOL are both in use, in anticipation of > martijn@'s upcoming patch which will further improve REG_STARTEND. > OK millert@ martijn@ > Also tested by Pedro Giffuni (pfg) on FreeBSD. (schwarze@) ~ regex/engine.c > KNF with respect to indentation; no code change (schwarze@) ~ regex/engine.c ~ regex/regex.3 > Change the way regexec handles REG_STARTEND combined with REG_NOTBOL. > The new code sees this combination as a continuation of string at offset > pmatch[0].rm_so, instead of a new string which starts at that offset. > This change fixes a search quirk in vi and is needed for upcoming fixes in > ed/sed/vi. > This new behaviour is also used in gnu regex. > Lots of help from schwarze@ > Manpage bits by schwarze@ > OK schwarze@ and millert@ (martijn@) ~ asr/asr.c > Calculate elapsed time in poll() and subtract that from the remaining time > when restarting poll() after receiving a signal. > The ruby runtime send signals to threads periodically, so without > accounting > for elapsed time, the timeout would never expire if we didn't get a > response > from a nameserver. > ok deraadt@ eric@ (jmatthew@) ~ stdio/fputs.3 > fputs(3) now returns a non-negative number (as opposed to 0) on successful > completion, just like puts(3). Found the hard way in portable code. > OK jmc@ (millert@) ~ gen/authenticate.c > Use S_ISDIR instead of doing it by hand. No binary change. (millert@) ~ string/strcat.3 > The destination string is declared as "s" but referred to as "dst" > in some cases. Be consistent and use "dst" everywhere like for > strlcat(3) and strncat(3). From Tim Kuijsten. (millert@) ~ asr/asr.c > typo fixes; Anthony Coulter (sthen@) ~ sys/mmap.2 ~ sys/mount.2 ~ sys/mprotect.2 > W^X violations are no longer permitted by default. A kernel log message > is generated, and mprotect/mmap return ENOTSUP. If the sysctl(8) flag > kern.wxabort is set then a SIGABRT occurs instead, for gdb use or coredump > creation. > W^X violating programs can be permitted on a ffs/nfs filesystem-basis, > using the "wxallowed" mount option. One day far in the future > upstream software developers will understand that W^X violations are a > tremendously risky practice and that style of programming will be > banished outright. Until then, we recommend most users need to use the > wxallowed option on their /usr/local filesystem. At least your other > filesystems don't permit such programs. > ok jca kettenis mlarkin natano (deraadt@) ~ net/rcmdsh.c > Use getaddrinfo() instead of the non-standard gethostbyname2(). > OK deraadt@ jca@ jung@ florian@ (millert@) ~ net/rcmd.3 ~ net/rcmdsh.3 > rcmd(3) and rcmdsh(3) use getaddrinfo(3) not gethostbyname(3). (millert@) ~ gen/signal.3 > The synopsis rendered very poorly because of a "Quite Ugly but > syntactically correct" roff mess. Follow the mdoc style guide on > function pointers to improve this a little. Neglect and remove a > comment that advises against trying to fix this. > guidance and ok schwarze@ (tb@) ~ net/getaddrinfo.3 ~ sys/socketpair.2 > Prefer AF_* over PF_* and 'address family' over 'protocol family' > ok jung@ (guenther@) ~ arch/powerpc/gen/setjmp.S > Use .balign instead of .align; only need 8 byte alignment not 2^8 > (guenther@) ~ arch/hppa/gen/setjmp.S ~ arch/powerpc/gen/setjmp.S > Only require 4 byte alignment on ILP32 archs (guenther@) ~ gen/sysctl.3 > wxabort bits; ok deraadt (jmc@) ~ hidden/db.h ~ stdlib/hcreate.c ~ db/hash/extern.h ~ db/hash/hash_func.c > Remove dead support for changing BDB hash algorithm and cache of > alternatives > ok natano@ millert@ deraadt@ (guenther@) + hidden/machine/sysarch.h > Wrap <machine/sysarch.h> to prevent overriding internal calls, for > alpha and mips64 > ok millert@ (guenther@) ~ arch/amd64/gen/setjmp.S ~ arch/amd64/gen/sigsetjmp.S > Switch from calling obsolete sig{block,setmask} to directly using the > sigprocmask syscall > ok kettenis@ (guenther@) ~ yp/yp_bind.c ~ yp/ypinternal.h > _yp_bind(), _ypbindlist, _yp_domain, and _yplib_timeout are no longer > exported, so declare them as hidden to avoid pointless GOT relocations > ok millert@ deraadt@ (guenther@) libcrypto ~ cert.pem > use -nameopt esc_msb so "NetLock Kft" cert has the non-ascii > and non-utf8 bytes escaped. > ok sthen@ (jsg@) libcurses ~ Makefile > Use "cc -E" instead of "cpp". OK deraadt@ natano@ (millert@) libedit ~ editline.3 ~ editrc.5 > Document el_wpush(3) and fix the description of el_push(3). > Improve precision in the description of the "bind" builtin command. > Tweak terminology to better match editline(7). (schwarze@) ~ chared.c ~ chared.h ~ common.c ~ el.c ~ read.c ~ read.h > Improve modularization at the chared/read boundary, no functional change. > Stop the read.c module from poking the el_chared.c_macro data > structure that used to belong to the chared.c module. Given that > no other module, not even chared itself, is using that data, move it > into the read modules's own opaque data structure, struct el_read_t. > That gets rid of one struct, one #define, one struct member, and one > function argument in the chared.h interface. > OK czarkoff@ (schwarze@) ~ Makefile ~ read.c > Remove debugging ifdefs. > I'm debugging the read module for weeks now, > but these ifdefs aren't helpful. > OK cpp(1). (schwarze@) ~ el.h ~ keymacro.c ~ read.c > Saving errno in el_errno is only needed for one purpose: > Restoring the original errno found in el_wgetc() after > el_wgets() did some cleanup that may have changed errno. > Improve clarity and robustness of the code by not setting and > inspecting el_errno where it isn't needed; in particular, let > keymacro_get() properly report read failure to read_getcmd(). > Move el_errno to el_read_t because it's only used in read.c. > Never set errno back to zero. > Checked with a test program installing a USR1 signal handler > without SA_RESTART, for the cases read_getcmd(), ed_quoted_insert(), > keymacro_get(), ed_command(), and EL_EDITMODE=0. > OK czarkoff@ (schwarze@) ~ read.c > el_map.alt can never be NULL, delete dead code > OK czarkoff@ (schwarze@) libfuse ~ fuse.c ~ fuse_subr.c > Add missing strdup NULL checks; from Ray Lai. > ok mpi@ beck@ mlarkin@ (okan@) ~ fuse_opt.c > NUL-terminate argv when parsing options, following other > implementations; fixes issue when exec*() is used for > fuse_args, notably in sshfs; from Hiltjo Posthuma and > reminded by ray. > ok mpi@ (okan@) libkvm ~ kvm_proc.c > Make amaps use less kernel memory > This is achieved by grouping amap slots into chunks that are allocated > on-demand by pool(9). Endless "fltamapcopy" loops because of kmem > shortage should be solved now. The kmem savings are also important to later > enable vmm(4) to use larged shared memory mappings for guest VM RAM. > This adapts libkvm also because the amap structure layout has changed. > Testing and fix of libkvm glitch in initial diff by tb@ > Feedback and "time to get this in" kettenis@ (stefan@) ~ kvm_proc.c > Revert previous: breaks i386 and powerpc, probably all non-PMAP_DIRECT > archs (guenther@) ~ kvm_proc.c > Make amaps use less kernel memory (2nd try) > The original diff would crash at least i386 and powerpc, as spotted by > guenther@ The reason was an incorrect use of sizeof in amap_lookups(). > Confirmation that powerpc works by mpi@ and mglocker@ > "throw it in" deraadt@ > Original commit message: > This is achieved by grouping amap slots into chunks that are allocated > on-demand by pool(9). Endless "fltamapcopy" loops because of kmem > shortage should be solved now. The kmem savings are also important to later > enable vmm(4) to use larged shared memory mappings for guest VM RAM. > This adapts libkvm also because the amap structure layout has changed. > Testing and fix of libkvm glitch in initial diff by tb@ > Feedback and "time to get this in" kettenis@ (stefan@) libssl ~ src/crypto/asn1/a_d2i_fp.c TAGGED OPENBSD_5_8 > Fix a short-read bug in the previous version of asn1_d2i_read_bio > The outer while() loop is missing, so we only read up to chunk_max bytes. > ok tedu (bcook@) ~ src/crypto/asn1/a_d2i_fp.c TAGGED OPENBSD_5_9 > Fix a short-read bug in the previous version of asn1_d2i_read_bio > The outer while() loop is missing, so we only read up to chunk_max bytes. > ok tedu (bcook@) ~ src/crypto/opensslv.h TAGGED OPENBSD_5_8 > bump to 2.2.8 (bcook@) ~ src/crypto/opensslv.h TAGGED OPENBSD_5_9 > bump to 2.3.5 (bcook@) libtls ~ tls_init.3 > typo fixes; Anthony Coulter (sthen@) ~ tls.h > Fix function parameters that do not have an underscore prefix. (jsing@) ~ tls_config.c > Avoid leaking ca_mem when freeing a tls_config. (jsing@) ~ tls.c ~ tls_config.c ~ tls_internal.h > Rename some of the internal error setting functions to more closely follow > existing naming standards. Also provide functions for setting a struct > tls_error * directly (rather than having to have a struct tls * or a > struct tls_config *). (jsing@) == libexec =========================================================== 06/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/libexec ld.so ~ i386/rtld_machine.c > Ignore the listed protection (which may contain X) when making page > writeable temporary. > As pointed out by kettenis, discussed with guenther (deraadt@) ~ i386/rtld_machine.c > for textrels (sthen ran into one...): > Ignore the listed protection (which may contain X) when making page > writeable temporary. (deraadt@) == regress =========================================================== 07/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress lib ~ libedit/read/glue.c ~ libedit/read/test_getcmd.c > cope with simplified chared/read interface (schwarze@) ~ libedit/keymacro/test_get.c ~ libedit/read/test_getcmd.c > deal with the el_errno -> read_errno cleanup, read.c rev. 1.43 (schwarze@) ~ libc/regex/main.c > support for testing REG_STARTEND together with REG_NOTBOL (schwarze@) ~ libc/regex/tests > systematically test all combinations of REG_STARTEND, REG_NEWLINE, > and REG_NOTBOL with line and word anchors (schwarze@) ~ libc/regex/main.c > Fix an oversight that caused the test program to segfault: > Don't try to calculate strlen(NULL). (schwarze@) ~ libc/regex/tests > tests for the two segfaults in backref() that were just fixed (schwarze@) ~ libc/Makefile > We don't have sigreturn anymore (beck@) - libc/sigreturn/Makefile - libc/sigreturn/sigret.c > Nuke sigret.c > ok deraadt@ kettenis@ (beck@) sys ~ net/pf_forward/ping6_mtu.py ~ net/pf_forward/ping_mtu.py ~ net/pf_fragment/frag.py ~ net/pf_fragment/frag6.py ~ net/pf_fragment/frag6_cutnew.py ~ net/pf_fragment/frag6_cutold.py ~ net/pf_fragment/frag6_dropnew.py ~ net/pf_fragment/frag6_dropold.py ~ net/pf_fragment/frag6_ext.py ~ net/pf_fragment/frag_cutnew.py ~ net/pf_fragment/frag_cutold.py ~ net/pf_fragment/frag_dropnew.py ~ net/pf_fragment/frag_dropold.py ~ net/pf_fragment/ping6_cksum.py ~ net/pf_fragment/ping6_mtu_1300.py ~ net/pf_fragment/ping_cksum.py ~ net/pf_fragment/ping_mtu_1300.py ~ net/pf_fragment/udp6_cksum.py ~ net/pf_fragment/udp_cksum.py ~ netinet6/frag6/frag6.py ~ netinet6/frag6/frag6_ext.py ~ netinet6/frag6/frag6_opt.py ~ netinet6/frag6/frag6_overatomic.py ~ netinet6/frag6/frag6_overdrop.py ~ netinet6/frag6/frag6_overhead.py ~ netinet6/frag6/frag6_overhead0.py ~ netinet6/frag6/frag6_overtail.py ~ netinet6/frag6/frag6_padding.py ~ netinet6/frag6/frag6_permute.py ~ netinet6/frag6/frag6_refrag.py ~ netinet6/frag6/frag6_shortatomic.py ~ netinet6/frag6/frag6_timeout.py ~ netinet6/frag6/frag6_udpatomic.py ~ netinet6/frag6/frag6_udpheader.py ~ netinet6/frag6/frag6_udppayload.py ~ netinet6/frag6/frag6_zerofirst.py ~ netinet6/frag6/frag6_zerosecond.py ~ netinet6/rh0/rh0_empty.py ~ netinet6/rh0/rh0_final.py ~ netinet6/rh0/rh0_frag2.py ~ netinet6/rh0/rh0_frag_empty.py ~ netinet6/rh0/rh0_frag_final.py ~ netinet6/rh0/rh0_frag_route.py ~ netinet6/rh0/rh0_none.py ~ netinet6/rh0/rh0_route.py > Fix tests: Restrict getpid() to lower 16 bit so that it can still > be used as packet id. Now scapy calls nexthopmtu with this name > explicitly in icmp structure. (bluhm@) ~ net/pf_fragment/Makefile > comment typos (sthen@) usr.bin ~ fold/fold.sh > UTF-8 support. > Using feedback about bugs in earlier versions from Matthew Martin > <phy1729 at gmail dot com> and from tsg@ who tested it with afl(1). > OK czarkoff@ tsg@ (schwarze@) ~ ssh/unittests/Makefile + ssh/unittests/utf8/Makefile + ssh/unittests/utf8/tests.c > test the new utf8 module (schwarze@) usr.sbin ~ syslogd/args-server-tcp-reconnect.pl ~ syslogd/args-server-tls-reconnect.pl > When connecting to a non existing tcp listen socket on localhost, > connect(2) does no longer fail immediately. It reports EINPROGRESS > first, an ECONNREFUSED or EPIPE error follows later. Allow this > changed behavior in syslogd(8) regression tests. (bluhm@) == sbin ============================================================== 08/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin disklabel ~ disklabel.c > Hoist the opendev() call before the pledge because it can ioctl() when > the provided path is bogus or not a device. > ok deraadt (beck@) ~ disklabel.c > fix crash if filename not provided (beck@) ~ disklabel.c > host readlabel() above the pledge so we can avoid pledge violations > when the provided device is not a disk > ok tb@ (beck@) ~ disklabel.c > back out previous; -wAT template vnd0 fails (deraadt@) ~ disklabel.c > Refactor and clean up the logic before pledge a bit and fix pledge > fallout related to pledge disklabel (e.g. 'disklabel /dev/tty'). > - Allow 'disklabel sdN' again for non-root users. > - Make sure at least one DIO* ioctl comes before pledge "disklabel" > - Fix the op == WRITE logic that broke 'make release' in -r2.217 > Based on -r2.17 from beck. > ok beck (tb@) fsck_msdos ~ main.c > Another misplaced pledge disklabel that needs to be removed because of > a DIOCGPDINFO that could be applied to a non-disk and thus cause a > crash. After that ioctl, the program continues with pledge "stdio". > ok beck semarie (tb@) fsirand ~ fsirand.c > Fix a pledge abort that can be triggered by using DIOCGDINFO on a file > that is not a disk device (e.g. fsirand -p /altroot) by removing the > first of the two pledges. The program then runs with pledge "stdio" > right after the ioctl. > ok deraadt (tb@) growfs ~ growfs.c > Give growfs a chance to error out with ENOTTY before pledging disklabel. > Fixes pledge crash due to ioctl DIOCGDINFO with an inappropriate file. > looks good to deraadt (tb@) mount ~ mount.c > remove knowledge of MNT_EXKERB (deraadt@) ~ mntopts.h ~ mount.8 ~ mount.c > W^X violations are no longer permitted by default. A kernel log message > is generated, and mprotect/mmap return ENOTSUP. If the sysctl(8) flag > kern.wxabort is set then a SIGABRT occurs instead, for gdb use or coredump > creation. > W^X violating programs can be permitted on a ffs/nfs filesystem-basis, > using the "wxallowed" mount option. One day far in the future > upstream software developers will understand that W^X violations are a > tremendously risky practice and that style of programming will be > banished outright. Until then, we recommend most users need to use the > wxallowed option on their /usr/local filesystem. At least your other > filesystems don't permit such programs. > ok jca kettenis mlarkin natano (deraadt@) ~ mount.8 > sort mount options, and shorten slightly the wxabort text; (jmc@) mount_ffs ~ mount_ffs.c > W^X violations are no longer permitted by default. A kernel log message > is generated, and mprotect/mmap return ENOTSUP. If the sysctl(8) flag > kern.wxabort is set then a SIGABRT occurs instead, for gdb use or coredump > creation. > W^X violating programs can be permitted on a ffs/nfs filesystem-basis, > using the "wxallowed" mount option. One day far in the future > upstream software developers will understand that W^X violations are a > tremendously risky practice and that style of programming will be > banished outright. Until then, we recommend most users need to use the > wxallowed option on their /usr/local filesystem. At least your other > filesystems don't permit such programs. > ok jca kettenis mlarkin natano (deraadt@) mount_nfs ~ mount_nfs.c > W^X violations are no longer permitted by default. A kernel log message > is generated, and mprotect/mmap return ENOTSUP. If the sysctl(8) flag > kern.wxabort is set then a SIGABRT occurs instead, for gdb use or coredump > creation. > W^X violating programs can be permitted on a ffs/nfs filesystem-basis, > using the "wxallowed" mount option. One day far in the future > upstream software developers will understand that W^X violations are a > tremendously risky practice and that style of programming will be > banished outright. Until then, we recommend most users need to use the > wxallowed option on their /usr/local filesystem. At least your other > filesystems don't permit such programs. > ok jca kettenis mlarkin natano (deraadt@) ncheck_ffs ~ ncheck_ffs.c > Don't pledge before opendev() and ioctl DIOCGDINFO were called. > Avoids a pledge crash with 'ncheck_ffs /dev/tty'. > deraadt agrees (tb@) pdisk ~ pdisk.c > Remove all the pledge "disklabel" before ioctl DIOCGPDINFO is > called in order to avoid a pledge crash with 'pdisk /dev/tty'. > Only the pledge "stdio" right after the ioctl remains. > ok krw (tb@) sysctl ~ sysctl.8 > VOP_REALLOCBLKS() and related code is unused since the removal of > cluster_write(). > ok beck zhuk (natano@) ~ sysctl.c > remove the sysctl kern.random counters, since none of the remaining > ones are capable of giving valuable works vs does-not-work evidence. > ok tedu (deraadt@) ~ sysctl.8 > wxabort bits; ok deraadt (jmc@) tunefs ~ tunefs.c > Don't pledge before opendev. Just leave pledge "stdio" right > afterwards. > deraadt agrees (tb@) == share ============================================================= 09/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share locale ~ ctype/Makefile > mklocale(1) can handle C-style and shell-style comments natively, > no need for cpp here. From natano@ (millert@) man ~ man9/VOP_LOOKUP.9 > VOP_REALLOCBLKS() and related code is unused since the removal of > cluster_write(). > ok beck zhuk (natano@) ~ man4/ugen.4 ~ man4/usb.4 > USB_DISCOVER and USB_GET_STRING_DESC are no more. > ok deraadt@ (mpi@) ~ man4/urtwn.4 > use a consistent naming for chipsets; > issue found by ross l richardson > help/ok stsp (jmc@) ~ man4/iwm.4 ~ man4/pci.4 > iwm(4) man page updates (new firmware version 16, 8260 device support) > (stsp@) ~ man4/iwm.4 > Mention 3165 device support in iwm(4) man page. > Patch by Imre Vadasz. (stsp@) mk ~ sys.mk > Zap the 'l' from ARFLAGS, totally useless these days. > Found while comparing qmake specs of different *BSDs. > okay deraadt@ and millert@ (zhuk@) == sys =============================================================== 10/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys arch ~ armv7/Makefile > build armv7 efiboot (jsg@) arch/alpha/alpha ~ locore.s > Place a cpu-dependent trap/illegal instruction over the remainder of the > sigtramp page, so that it will generate a nice kernel fault if touched. > While here, move most of the sigtramps to the .rodata segment, because > they are not executed in the kernel. > Also some preparation for sliding the actual sigtramp forward (will need > some gdb changes) > ok mlarkin kettenis (deraadt@) arch/alpha/include ~ asm.h > Remove the non ELF macros > ok millert (deraadt@) arch/amd64/amd64 ~ locore.S > Place a cpu-dependent trap/illegal instruction over the remainder of the > sigtramp page, so that it will generate a nice kernel fault if touched. > While here, move most of the sigtramps to the .rodata segment, because > they are not executed in the kernel. > Also some preparation for sliding the actual sigtramp forward (will need > some gdb changes) > ok mlarkin kettenis (deraadt@) arch/amd64/stand/boot ~ conf.c > crank version numbers of those bootloaders that have been changed by > the com_init fix. ok beck deraadt (sthen@) arch/amd64/stand/cdboot ~ conf.c > crank version numbers of those bootloaders that have been changed by > the com_init fix. ok beck deraadt (sthen@) arch/amd64/stand/libsa ~ bioscons.c > Modify com_init to match the com driver initializaiton, and add > a short delay so that baud rate changes on the console have > a chance of working. Lots of help from theo on this one. > Makes my serial console on my APU work for an unattended > reboot instead of hanging when garbage is echoed to the tty. > ok deraadt@ (beck@) arch/amd64/stand/pxeboot ~ conf.c > crank version numbers of those bootloaders that have been changed by > the com_init fix. ok beck deraadt (sthen@) arch/arm/arm ~ conf.c ~ openprom.c > Change openprom into a pseudo-device, because not all arm platforms > will have it. This is a bit of a hack. Maybe it should attach off > mainbus as a proper fake device, but that would have more tendrils.. > checked by jsg (deraadt@) ~ sigcode.S > Place a cpu-dependent trap/illegal instruction over the remainder of the > sigtramp page, so that it will generate a nice kernel fault if touched. > While here, move most of the sigtramps to the .rodata segment, because > they are not executed in the kernel. > Also some preparation for sliding the actual sigtramp forward (will need > some gdb changes) > ok mlarkin kettenis (deraadt@) arch/arm/conf ~ files.arm > Change openprom into a pseudo-device, because not all arm platforms > will have it. This is a bit of a hack. Maybe it should attach off > mainbus as a proper fake device, but that would have more tendrils.. > checked by jsg (deraadt@) arch/arm/include ~ asm.h ~ profile.h > Remove the non ELF macros > ok millert (deraadt@) arch/arm/mainbus ~ mainbus.c > use fdt "model" string for hw.product > ok kettenis@ (jsg@) arch/arm/simplebus ~ simplebus.c > Print the name from the corresponding FDT node to make identifying > simplebus(4) > instances easier. > ok jsg@, patrick@ (kettenis@) arch/armv7/conf ~ GENERIC ~ RAMDISK ~ files.armv7 > Change openprom into a pseudo-device, because not all arm platforms > will have it. This is a bit of a hack. Maybe it should attach off > mainbus as a proper fake device, but that would have more tendrils.. > checked by jsg (deraadt@) arch/armv7/stand + Makefile > build armv7 efiboot (jsg@) arch/armv7/stand/efiboot ~ Makefile > install into mdec (jsg@) ~ Makefile > build armv7 efiboot (jsg@) arch/hppa/hppa ~ locore.S > Place a cpu-dependent trap/illegal instruction over the remainder of the > sigtramp page, so that it will generate a nice kernel fault if touched. > While here, move most of the sigtramps to the .rodata segment, because > they are not executed in the kernel. > Also some preparation for sliding the actual sigtramp forward (will need > some gdb changes) > ok mlarkin kettenis (deraadt@) arch/i386/i386 ~ locore.s > Place a cpu-dependent trap/illegal instruction over the remainder of the > sigtramp page, so that it will generate a nice kernel fault if touched. > While here, move most of the sigtramps to the .rodata segment, because > they are not executed in the kernel. > Also some preparation for sliding the actual sigtramp forward (will need > some gdb changes) > ok mlarkin kettenis (deraadt@) ~ mptramp.s > remove some ancient debugging code > ok deraadt@ (mlarkin@) arch/i386/stand/boot ~ conf.c > crank version numbers of those bootloaders that have been changed by > the com_init fix. ok beck deraadt (sthen@) arch/i386/stand/cdboot ~ conf.c > crank version numbers of those bootloaders that have been changed by > the com_init fix. ok beck deraadt (sthen@) arch/i386/stand/libsa ~ bioscons.c > Modify com_init to match the com driver initializaiton, and add > a short delay so that baud rate changes on the console have > a chance of working. Lots of help from theo on this one. > Makes my serial console on my APU work for an unattended > reboot instead of hanging when garbage is echoed to the tty. > ok deraadt@ (beck@) arch/i386/stand/pxeboot ~ conf.c > crank version numbers of those bootloaders that have been changed by > the com_init fix. ok beck deraadt (sthen@) arch/m88k/include ~ asm.h > Remove the non ELF macros > ok millert (deraadt@) arch/macppc/dev ~ thermal.c ~ thermal.h > Some of our fan scaling calculations with the muK temperature unit above > 59 degC require temporary values larger than 32bit signed. Therefore > bump those involved variables to int64_t and replace imin/imax with > ulmin/ulmax to get proper results. (mglocker@) ~ thermal.c > Fix shutdown sequence. (mglocker@) ~ maci2c.c > Pass the device node to ia_cookie so we can pick it up in the i2c driver. > ok deraadt kettenis (mglocker@) ~ smu.c > Add support for new smu-firmware fan commands. This fixes wrong sysctl > hw.sensors fan values seen on macppc models with a new smu-firmware. > Help and ok kettenis (mglocker@) arch/macppc/macppc ~ locore.S > Place a cpu-dependent trap/illegal instruction over the remainder of the > sigtramp page, so that it will generate a nice kernel fault if touched. > While here, move most of the sigtramps to the .rodata segment, because > they are not executed in the kernel. > Also some preparation for sliding the actual sigtramp forward (will need > some gdb changes) > ok mlarkin kettenis (deraadt@) arch/mips64/mips64 ~ lcore_access.S > Place a cpu-dependent trap/illegal instruction over the remainder of the > sigtramp page, so that it will generate a nice kernel fault if touched. > While here, move most of the sigtramps to the .rodata segment, because > they are not executed in the kernel. > Also some preparation for sliding the actual sigtramp forward (will need > some gdb changes) > ok mlarkin kettenis (deraadt@) arch/octeon/dev ~ if_cnmac.c > remove the function pointer from mbufs. this memory is shared with data > via unions, and we don't want to make it easy to control the target. > instead an integer index into an array of acceptable functions is used. > drivers using custom functions must register them to receive an index. > ok deraadt (tedu@) ~ if_cnmac.c > Fix previous. (visa@) ~ if_cnmac.c > Try to defragment overly long mbuf chains. > ok mpi@ (visa@) ~ cn30xxfpavar.h ~ cn30xxipd.c ~ cn30xxpko.c ~ if_cnmac.c > Drop a redundant set of FPA pool definitions. (visa@) ~ cn30xxgmx.c > The same MAC filter setup code should work with all PHY link types. > Remove unnecessary abstraction. > ok mpi@ (visa@) ~ cn30xxgmx.c ~ if_cnmac.c ~ if_cnmacvar.h > Map ASX registers only if link control needs them. > ok mpi@ (visa@) arch/octeon/include ~ octeonvar.h > Reduce the size of gather buffers and allocate more of them to make > better use of memory. This should prevent gather buffer starvation on > currently supported systems. > Discussed with mpi@ (visa@) arch/sh/include ~ asm.h ~ profile.h > Remove the non ELF macros > ok millert (deraadt@) arch/sh/sh ~ locore_subr.S > Place a cpu-dependent trap/illegal instruction over the remainder of the > sigtramp page, so that it will generate a nice kernel fault if touched. > While here, move most of the sigtramps to the .rodata segment, because > they are not executed in the kernel. > Also some preparation for sliding the actual sigtramp forward (will need > some gdb changes) > ok mlarkin kettenis (deraadt@) arch/socppc/socppc ~ machdep.c > repair typo of sizeof in copyin() (deraadt@) ~ locore.S > Place a cpu-dependent trap/illegal instruction over the remainder of the > sigtramp page, so that it will generate a nice kernel fault if touched. > While here, move most of the sigtramps to the .rodata segment, because > they are not executed in the kernel. > Also some preparation for sliding the actual sigtramp forward (will need > some gdb changes) > ok mlarkin kettenis (deraadt@) arch/sparc/include ~ asm.h ~ profile.h > Remove the non ELF macros > ok millert (deraadt@) arch/sparc/sparc ~ locore.s > Place a cpu-dependent trap/illegal instruction over the remainder of the > sigtramp page, so that it will generate a nice kernel fault if touched. > While here, move most of the sigtramps to the .rodata segment, because > they are not executed in the kernel. > Also some preparation for sliding the actual sigtramp forward (will need > some gdb changes) > ok mlarkin kettenis (deraadt@) arch/sparc64/include ~ asm.h > Remove the non ELF macros > ok millert (deraadt@) arch/sparc64/sparc64 ~ locore.s > Place a cpu-dependent trap/illegal instruction over the remainder of the > sigtramp page, so that it will generate a nice kernel fault if touched. > While here, move most of the sigtramps to the .rodata segment, because > they are not executed in the kernel. > Also some preparation for sliding the actual sigtramp forward (will need > some gdb changes) > ok mlarkin kettenis (deraadt@) dev ~ rnd.c ~ rndvar.h > remove the sysctl kern.random counters, since none of the remaining > ones are capable of giving valuable works vs does-not-work evidence. > ok tedu (deraadt@) ~ softraid_crypto.c > no need to open key disk for writing, from bytevolcano. ok jung (tedu@) dev/acpi ~ acpitz.c > Disabling active cooling trip points when we lack the right method to > operate. > Problem reported by James Hastings. > ok dcoppa@ mlarkin@ (semarie@) dev/hid ~ hidms.c > Use the new input functions of wsmouse in mouse and touchscreen drivers. > ok kettenis@ (bru@) dev/pci ~ pcidevs > add the intel xl710 device ids from the documentation > i think some parts are called X710, not XL710, but i cant find where > and why. defaulting to XL710 for now. (dlg@) ~ pcidevs.h ~ pcidevs_data.h > regen (dlg@) ~ if_myx.c ~ if_nep.c > remove the function pointer from mbufs. this memory is shared with data > via unions, and we don't want to make it easy to control the target. > instead an integer index into an array of acceptable functions is used. > drivers using custom functions must register them to receive an index. > ok deraadt (tedu@) ~ pcidevs > VIA VL805 xHCI (chris@) ~ pcidevs.h ~ pcidevs_data.h > regen (chris@) ~ pchtemp.c > Add PCI_PRODUCT_INTEL_100SERIES_LP_THERM, suggested by kettenis@ (reyk@) ~ if_iwm.c ~ if_iwmreg.h ~ if_iwmvar.h > Update iwm(4) to firmware API 16 and enable RTS/CTS frame protection. > Requires new firmware! Which has been available in fw_update(1) for some > time. > With helpful hints from Emmanuel Grumbach and contributions from Imre > Vadasz. > Tested verbatim by phessler@, jasper@, gilles@. Tested as part of a larger > diff by reyk@, robert@, Imre Vadasz, and Bryan Vyhmeister. > Earlier version tested by many. Also passed by kettenis@ very early on. > (stsp@) ~ pcidevs > Add PCI ID for RTL8188EE. Prompted by Ross L Richardson. (stsp@) ~ pcidevs.h ~ pcidevs_data.h > regen (stsp@) ~ if_iwm.c ~ if_iwmreg.h ~ if_iwmvar.h > Add support for Intel Wireless 8260 devices to iwm(4). > Firmware has been available in fw_update(1) for some time (thanks sthen!). > Tested by robert, reyk, Imre Vadasz, Bryan Vyhmeister. > Thank you, Emmanuel Grumbach, for helping me diagnose issues during > development. > ok kettenis (stsp@) ~ if_iwm.c > In iwm(4), don't parse nvram antenna data for 7k devices, they don't have > it. > And don't complain if no data is provided in nvram, needed for 3165 > devices. > Patch by Imre Vadasz. (stsp@) ~ if_iwm.c > Add support for Intel Wireless 3165 devices to iwm(4). > Patch by Imre Vadasz. (stsp@) dev/pckbc ~ pms.c > Use the new input functions of wsmouse in mouse and touchscreen drivers. > ok kettenis@ (bru@) dev/usb ~ usb_subr.c ~ usbdivar.h > Get rid of usbd_get_device_strings() because we use it only once. > Return a char * rather using a void function for usbd_get_device_string() > ok patrick@ (mpi@) ~ umsm.c > Support Airprime/Sierra AirCard 313U, Netgear/Sierra AirCard 770S > ok mpi@ (chris@) ~ ugen.c ~ uhid.c ~ umodem.c ~ uplcom.c ~ usb.h ~ uticom.c > Kill unused ioctl(2)s. > ok deraadt@ (mpi@) ~ uvideo.c > Remove superfluous loop counter to set alternate video interface since we > store the alternate video interface number already. > From Patrick Keshishian, thanks! (mglocker@) ~ uvideo.c > Do the endpoint verification before opening the pipe on the selected > alternate interface endpoint instead statically on interface 0. > Fix duplicate DPRINTF output while there. > Initial diff from Patrick Keshishian, thanks! (mglocker@) isofs/cd9660 ~ cd9660_vfsops.c > When pulling an msdos formated umass stick during mount while the > usb stack was busy, the kernel could trigger an uvm fault. There > is a race between vop_generic_revoke() and sys_mount() where vgonel() > could reset v_specinfo. Then v_specmountpoint is no longer valid. > So after sleeping, msdosfs_mountfs() could crash in the error path. > The code in the different *_mountfs() functions was inconsistent, > implement the same check everywhere. > OK krw@ natano@ (bluhm@) isofs/udf ~ udf_vfsops.c > When pulling an msdos formated umass stick during mount while the > usb stack was busy, the kernel could trigger an uvm fault. There > is a race between vop_generic_revoke() and sys_mount() where vgonel() > could reset v_specinfo. Then v_specmountpoint is no longer valid. > So after sleeping, msdosfs_mountfs() could crash in the error path. > The code in the different *_mountfs() functions was inconsistent, > implement the same check everywhere. > OK krw@ natano@ (bluhm@) kern ~ vfs_vops.c > VOP_REALLOCBLKS() and related code is unused since the removal of > cluster_write(). > ok beck zhuk (natano@) ~ uipc_mbuf.c > remove the function pointer from mbufs. this memory is shared with data > via unions, and we don't want to make it easy to control the target. > instead an integer index into an array of acceptable functions is used. > drivers using custom functions must register them to receive an index. > ok deraadt (tedu@) ~ kern_sysctl.c > remove the sysctl kern.random counters, since none of the remaining > ones are capable of giving valuable works vs does-not-work evidence. > ok tedu (deraadt@) ~ kern_exec.c > Place a cpu-dependent trap/illegal instruction over the remainder of the > sigtramp page, so that it will generate a nice kernel fault if touched. > While here, move most of the sigtramps to the .rodata segment, because > they are not executed in the kernel. > Also some preparation for sliding the actual sigtramp forward (will need > some gdb changes) > ok mlarkin kettenis (deraadt@) ~ tty_pty.c > Remove two sysctls which were introduced only for development of the > ptm/pty subsystem, and got left behind. > ok beck (deraadt@) ~ vfs_subr.c > The doforce variable isn't modified anywhere. Also, the only filesystem > left using it is fuse. It has been removed from all other filesystems. > ok millert deraadt (natano@) ~ kern_pledge.c > rename(2) operation requires "rpath cpath" at the underlying operation > (the src path lookup is considered a rpath operation) > noticed by kristaps, discussed with semarie (deraadt@) ~ kern_sysctl.c ~ vfs_syscalls.c > W^X violations are no longer permitted by default. A kernel log message > is generated, and mprotect/mmap return ENOTSUP. If the sysctl(8) flag > kern.wxabort is set then a SIGABRT occurs instead, for gdb use or coredump > creation. > W^X violating programs can be permitted on a ffs/nfs filesystem-basis, > using the "wxallowed" mount option. One day far in the future > upstream software developers will understand that W^X violations are a > tremendously risky practice and that style of programming will be > banished outright. Until then, we recommend most users need to use the > wxallowed option on their /usr/local filesystem. At least your other > filesystems don't permit such programs. > ok jca kettenis mlarkin natano (deraadt@) ~ kern_descrip.c > add sizes to free() calls for descrip tables (tedu@) ~ kern_descrip.c > Fix sizes passed to free() in fdfree(). This prevents a panic reported > by sthen. > ok semarie (natano@) miscfs/fuse ~ fuse_vfsops.c > The doforce variable isn't modified anywhere. Also, the only filesystem > left using it is fuse. It has been removed from all other filesystems. > ok millert deraadt (natano@) msdosfs ~ msdosfs_vfsops.c > When pulling an msdos formated umass stick during mount while the > usb stack was busy, the kernel could trigger an uvm fault. There > is a race between vop_generic_revoke() and sys_mount() where vgonel() > could reset v_specinfo. Then v_specmountpoint is no longer valid. > So after sleeping, msdosfs_mountfs() could crash in the error path. > The code in the different *_mountfs() functions was inconsistent, > implement the same check everywhere. > OK krw@ natano@ (bluhm@) net ~ pf.c > Pass a route entry to if_output() instead of relying on arpresolve() magic. > This refactoring aims to reduce the number of places where a route entry is > inserted in the routing table. > ok bluhm@ (mpi@) ~ if_ppp.c > remove the function pointer from mbufs. this memory is shared with data > via unions, and we don't want to make it easy to control the target. > instead an integer index into an array of acceptable functions is used. > drivers using custom functions must register them to receive an index. > ok deraadt (tedu@) ~ pf.c ~ pf_norm.c > Do not call nd6_output() without route entry argument. > ok bluhm@ (mpi@) ~ pf.c ~ pf_norm.c > Backout pf.c r1.972, pf_norm.c r1.184, ok claudio > pf_test calls pf_refragment6 with dst=NULL, which is passed down to > rtable_match which attempts to dereference it. (sthen@) netinet ~ if_ether.c > Shorten en error string. (mpi@) ~ if_ether.c > Pass a 'struct in_addr *' to arplookup() instead of always dereferencing > one. (mpi@) ntfs ~ ntfs_vfsops.c > When pulling an msdos formated umass stick during mount while the > usb stack was busy, the kernel could trigger an uvm fault. There > is a race between vop_generic_revoke() and sys_mount() where vgonel() > could reset v_specinfo. Then v_specmountpoint is no longer valid. > So after sleeping, msdosfs_mountfs() could crash in the error path. > The code in the different *_mountfs() functions was inconsistent, > implement the same check everywhere. > OK krw@ natano@ (bluhm@) sys - localedef.h > Stop exposing <sys/localedef.h> and various symbols internal to the libc > locale implementation: _{Current,Default}*Locale, __[mn]locale_changed, > __mb_len_max_runtime > ok millert@ schwarze@ deraadt@ (guenther@) ~ buf.h ~ vnode.h > VOP_REALLOCBLKS() and related code is unused since the removal of > cluster_write(). > ok beck zhuk (natano@) ~ mbuf.h > remove the function pointer from mbufs. this memory is shared with data > via unions, and we don't want to make it easy to control the target. > instead an integer index into an array of acceptable functions is used. > drivers using custom functions must register them to receive an index. > ok deraadt (tedu@) ~ sysctl.h > remove the sysctl kern.random counters, since none of the remaining > ones are capable of giving valuable works vs does-not-work evidence. > ok tedu (deraadt@) ~ tty.h > Remove two sysctls which were introduced only for development of the > ptm/pty subsystem, and got left behind. > ok beck (deraadt@) ~ mount.h > MNT_EXKERB bit is unused (deraadt@) ~ mount.h ~ sysctl.h > W^X violations are no longer permitted by default. A kernel log message > is generated, and mprotect/mmap return ENOTSUP. If the sysctl(8) flag > kern.wxabort is set then a SIGABRT occurs instead, for gdb use or coredump > creation. > W^X violating programs can be permitted on a ffs/nfs filesystem-basis, > using the "wxallowed" mount option. One day far in the future > upstream software developers will understand that W^X violations are a > tremendously risky practice and that style of programming will be > banished outright. Until then, we recommend most users need to use the > wxallowed option on their /usr/local filesystem. At least your other > filesystems don't permit such programs. > ok jca kettenis mlarkin natano (deraadt@) ~ exec_elf.h > define PT_OPENBSD_WXNEEDED (deraadt@) ufs/ext2fs ~ ext2fs_vfsops.c > When pulling an msdos formated umass stick during mount while the > usb stack was busy, the kernel could trigger an uvm fault. There > is a race between vop_generic_revoke() and sys_mount() where vgonel() > could reset v_specinfo. Then v_specmountpoint is no longer valid. > So after sleeping, msdosfs_mountfs() could crash in the error path. > The code in the different *_mountfs() functions was inconsistent, > implement the same check everywhere. > OK krw@ natano@ (bluhm@) ufs/ffs ~ ffs_vfsops.c > When pulling an msdos formated umass stick during mount while the > usb stack was busy, the kernel could trigger an uvm fault. There > is a race between vop_generic_revoke() and sys_mount() where vgonel() > could reset v_specinfo. Then v_specmountpoint is no longer valid. > So after sleeping, msdosfs_mountfs() could crash in the error path. > The code in the different *_mountfs() functions was inconsistent, > implement the same check everywhere. > OK krw@ natano@ (bluhm@) ~ ffs_alloc.c ~ ffs_extern.h ~ ffs_vfsops.c ~ ffs_vnops.c > VOP_REALLOCBLKS() and related code is unused since the removal of > cluster_write(). > ok beck zhuk (natano@) ~ ffs_alloc.c > Use arc4random_uniform() instead of arc4random() to avoid modulus bias. > This eliminates the idiom 'arc4random() % X' (where X + 1 is not a > power of two) from base. > Part of a patch from Matthew Martin from end of last year. > ok tedu@ (a long time ago), natano@ (tb@) uvm ~ uvm_amap.c ~ uvm_amap.h > Make amaps use less kernel memory > This is achieved by grouping amap slots into chunks that are allocated > on-demand by pool(9). Endless "fltamapcopy" loops because of kmem > shortage should be solved now. The kmem savings are also important to later > enable vmm(4) to use larged shared memory mappings for guest VM RAM. > This adapts libkvm also because the amap structure layout has changed. > Testing and fix of libkvm glitch in initial diff by tb@ > Feedback and "time to get this in" kettenis@ (stefan@) ~ uvm_amap.c ~ uvm_amap.h > Revert previous: breaks i386 and powerpc, probably all non-PMAP_DIRECT > archs (guenther@) ~ uvm_amap.c ~ uvm_amap.h > Make amaps use less kernel memory (2nd try) > The original diff would crash at least i386 and powerpc, as spotted by > guenther@ The reason was an incorrect use of sizeof in amap_lookups(). > Confirmation that powerpc works by mpi@ and mglocker@ > "throw it in" deraadt@ > Original commit message: > This is achieved by grouping amap slots into chunks that are allocated > on-demand by pool(9). Endless "fltamapcopy" loops because of kmem > shortage should be solved now. The kmem savings are also important to later > enable vmm(4) to use larged shared memory mappings for guest VM RAM. > This adapts libkvm also because the amap structure layout has changed. > Testing and fix of libkvm glitch in initial diff by tb@ > Feedback and "time to get this in" kettenis@ (stefan@) ~ uvm_mmap.c > W^X violations are no longer permitted by default. A kernel log message > is generated, and mprotect/mmap return ENOTSUP. If the sysctl(8) flag > kern.wxabort is set then a SIGABRT occurs instead, for gdb use or coredump > creation. > W^X violating programs can be permitted on a ffs/nfs filesystem-basis, > using the "wxallowed" mount option. One day far in the future > upstream software developers will understand that W^X violations are a > tremendously risky practice and that style of programming will be > banished outright. Until then, we recommend most users need to use the > wxallowed option on their /usr/local filesystem. At least your other > filesystems don't permit such programs. > ok jca kettenis mlarkin natano (deraadt@) == usr.bin =========================================================== 11/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin aucat ~ aucat.c ~ dsp.c ~ dsp.h > Make format conversion routines return the number of frames > consumed from both input and output buffers. No behaviour change. > (ratchov@) ~ aucat.c ~ dsp.c ~ dsp.h > Make resamp_do() get the exact number input and output samples and > provide routines to calculate them. This way we don't rely on it > to calculate the bytes procuded/consumed anymore. No behaviour change. > (ratchov@) ~ aucat.c > Simplify slot_fill() and slot_flush(). No behaviour change (ratchov@) ~ aucat.c > Flush rec buffer if there's less than one block space left and refill > play buffer if there's less than one block of data left. This is the > correct condition in the general case. No behaviour change, as all > input/output is multiple of the block size. (ratchov@) ~ aucat.c ~ dsp.c > When resampling, use the exact resampling factor instead of the ratio > between input and output block sizes. This was inherited from sndiod, > but is not required for files because they are continuous streams of > samples and do not need to be split in blocks of equal duration. > This change makes playback/recording rate match exactly the requested > sample rate. (ratchov@) ~ aucat.c > Fix file block size rounding and ensure it's large enough to store a > full audio block. (ratchov@) fold ~ fold.1 ~ fold.c > UTF-8 support. > Using feedback about bugs in earlier versions from Matthew Martin > <phy1729 at gmail dot com> and from tsg@ who tested it with afl(1). > OK czarkoff@ tsg@ (schwarze@) ftp ~ cmds.c ~ small.c > Avoid a use-after-free. > Diff from Vladimir Sotirov via tech@. Thanks! > ok millert@ (krw@) ~ fetch.c ~ main.c > Per the libtls man page, tls_init() must be called prior to any other > tls_* function; so actually do that. (jsing@) kdump ~ ktrstruct.c > On hppa, function pointer comparison can require dereferencing them. > kdump can't do that for a sigaction sa_handler pointer from the trace, > so cast to void* to suppress it. > ok deraadt@ (guenther@) lock ~ lock.c > repair braces. from ilya.kaliman/gsoares/natano (tedu@) mandoc ~ manpath.c > Trim trailing whitespace from man.conf lines. OK schwarze@. (millert@) ~ cgi.c ~ man.cgi.8 > Simplify search form: minus two visible control elements, minus > one table, minus twenty lines of code, no loss of functionality. > No idea why i didn't do this earlier... (schwarze@) mklocale ~ lex.l ~ mklocale.1 > Eat all blanks between the VARIABLE keywords and the definition, > not just the first one. Otherwise we end up storing the blanks. > Now the file generated by mklocale(1) is the same regardless of > whether or not the input is sent through the C preprocessor. > OK deraadt@ jca@ schwarze@ (millert@) nc ~ netcat.c > Fix nc -verbose mode when used on a unix domain socket. > Noticed by and a modified version of fix from <[email protected]> > (beck@) ~ netcat.c > Fix pledge violation with -P s used and we need to supply a password > for an http proxy - we need tty in this case. Found and fixed by > Anthony Coulter <[email protected]>. > ok tb@ (beck@) sndiod ~ dev.c > Set initial mixer slot name to "prog" to make all slots visible in > audioctl and alike. (ratchov@) ~ file.c > Log files skipped during poll() as well, and flush the log buffer > right before we call poll(). (ratchov@) ~ utils.c > Assert we're not freeing buffers we didn't allocate (ratchov@) ~ siofile.c > Don't warn when read or write block at cycle boundary, this may > happen when remote devices are used and is not an error. (ratchov@) ssh ~ compat.c > Plug mem leak in filter_proposal. ok djm@ (dtucker@) ~ sshconnect2.c > prefer agent-hosted keys to keys from PKCS#11; ok markus (djm@) ~ compat.c > Back out 'plug memleak'. (dtucker@) ~ sshconnect2.c ~ sshd.c > KNF compression proposal and simplify the client side a little. ok djm@ > (dtucker@) ~ progressmeter.c ~ scp.c ~ sftp-client.c ~ sftp.c ~ lib/Makefile + utf8.c + utf8.h > To prevent screwing up terminal settings when printing to the > terminal, for ASCII and UTF-8, escape bytes not forming characters > and bytes forming non-printable characters with vis(3) VIS_OCTAL. > For other character sets, abort printing of the current string in > these cases. In particular, > * let scp(1) respect the local user's LC_CTYPE locale(1); > * sanitize data received from the remote host; > * sanitize filenames, usernames, and similar data even locally; > * take character display widths into account for the progressmeter. > This is believed to be sufficient to keep the local terminal safe > on OpenBSD, but bad things can still happen on other systems with > state-dependent locales because many places in the code print > unencoded ASCII characters into the output stream. > Using feedback from djm@ and martijn@, > various aspects discussed with many others. > deraadt@ says it should go in now, i probably already hesitated too long > (schwarze@) tmux ~ window-copy.c > Remove unused variable, from Ben Boeckel. (nicm@) ~ format.c > Use a fixed buffer for strftime() because there is no portable way to > tell if the buffer is too small, and an expanding buffer is overkill > anyway. (nicm@) ~ environ.c > Just nuke environ instead of trying to unsetenv everything because that > doesn't necessarily work if there is an entry with an empty name. (nicm@) ~ key-string.c > Extend 0x1234 keys form to more bits so that Unicode keys work. (nicm@) ~ tmux.c ~ tmux.h > Use getprogname() instead of __progname to make portability easier. (nicm@) ~ utf8.c > Most of the utf8_data is fixed so simplify utf8_set to use a memcpy. > (nicm@) ~ screen-write.c > Break the save-last-cell code into a separate function (so it can be > called conditionally later). (nicm@) ~ screen-write.c > Padding cell is always the same so use a static. (nicm@) vi ~ cl/cl.h ~ cl/cl_funcs.c ~ cl/cl_read.c ~ cl/cl_term.c ~ common/args.h ~ common/cut.c ~ common/cut.h ~ common/exf.c ~ common/gs.h ~ common/key.c ~ common/key.h ~ common/log.c ~ common/main.c ~ common/mark.c ~ common/mark.h ~ common/put.c ~ common/screen.h ~ common/seq.c ~ common/seq.h ~ common/util.c ~ docs/interp/interp ~ ex/ex.h ~ ex/ex_abbrev.c ~ ex/ex_append.c ~ ex/ex_argv.c ~ ex/ex_at.c ~ ex/ex_cd.c ~ ex/ex_display.c ~ ex/ex_file.c ~ ex/ex_global.c ~ ex/ex_map.c ~ ex/ex_print.c ~ ex/ex_read.c ~ ex/ex_script.c ~ ex/ex_subst.c ~ ex/ex_txt.c ~ include/cl_extern.h ~ include/com_extern.h ~ include/ex_extern.h ~ include/vi_extern.h ~ vi/v_at.c ~ vi/v_ch.c ~ vi/v_put.c ~ vi/v_txt.c ~ vi/v_ulcase.c ~ vi/vi.c ~ vi/vi.h ~ vi/vs_line.c ~ vi/vs_msg.c ~ vi/vs_split.c > Revert CHAR_T removal. Some signedness flaws were introduced. > Found the hard way by jca@ (martijn@) ~ cl/cl_screen.c > Test if stdin is a terminal before resetting the tty state. > Diff supplied by Kai Antweiler. > OK semarie@ and deraadt@ (martijn@) which ~ Makefile > Use "cc -E" instead of "cpp". OK deraadt@ natano@ (millert@) == usr.sbin ========================================================== 12/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin arp ~ arp.c > Replace the /dev/bpf* open loop with a plain open("/dev/bpf0", ...). > ok deraadt jca (natano@) bgpctl ~ bgpctl.8 > flesh out "show summary" description a bit, from julien at dhaille.com via > jmc, ok benno claudio (henning@) ~ bgpctl.8 > new sentence, new line, and avoid line wrap; (jmc@) dhcpd ~ bpf.c > Replace the /dev/bpf* open loop with a plain open("/dev/bpf0", ...). > ok deraadt jca (natano@) dhcrelay ~ bpf.c > Replace the /dev/bpf* open loop with a plain open("/dev/bpf0", ...). > ok deraadt jca (natano@) hostapd ~ hostapd.c > Replace the /dev/bpf* open loop with a plain open("/dev/bpf0", ...). > ok deraadt jca (natano@) httpd ~ httpd.c > fix unbalanced va_start and va_end macros > from Hiltjo Posthuma > "do." deraadt (jung@) ~ server_http.c > makes sure the value of the asprintf buffer is zeroed on error > from Hiltjo Posthuma > "do." deraadt (jung@) ~ server_http.c > Return "400 Bad Request" instead of "500 Server Internal Error" for > requests lacking "HTTP/<version>". > This makes it more obvious that httpd(8) does not attempt to support > HTTP v0.9 (circa 1991), when "GET <url>\r\n" was valid. > ok millert@ florian@ (krw@) installboot ~ i386_installboot.c > Use PATH_MAX instead of a hardcoded minimal value. Stack space is cheap > and > this isn't the kernel. > requested by deraadt@ (kettenis@) ldpctl ~ ldpctl.c > Sync with ldpd. (renato@) ~ ldpctl.c ~ parser.c ~ parser.h > Change ldpctl(8) to use C99-style fixed-width integers. (renato@) ~ ldpctl.8 > s/routes/labels (renato@) ~ ldpctl.c ~ parser.c > Replace legacy bzero and bcopy by memset and memcpy. > bzero(), bcopy() and bcmp() were deprecated in POSIX.1-2001 and removed > in POSIX.1-2008 in deference to memset(), memcpy() and memcmp(). (renato@) ~ ldpctl.c > Add function that print labels to avoid code duplication. > In addition to that, print "exp-null" instead of "0" or "2". (renato@) ~ Makefile ~ ldpctl.8 ~ ldpctl.c ~ parser.c ~ parser.h > Sync with the latest IPv6 bits in ldpd(8). (renato@) ~ ldpctl.8 ~ ldpctl.c ~ parser.c ~ parser.h > Introduce the 'ldpctl clear neighbors' command. (renato@) ldpd ~ control.c ~ packet.c > Call accept_unpause() when any TCP socket is closed. > We were calling accept_unpause() only when an LDP session is shut > down. But, during the LDP session establishment process, we may have > TCP sockets that are not associated with any neighbor. If we close one > of these sockets, we must call accept_unpause() too. (renato@) ~ control.c ~ ldpe.c > Call accept_del() on exit. (renato@) ~ control.c > imsg_* returns ssize_t > Pulled from ospfd. Original author: claudio@ (renato@) ~ ldpd.h ~ ldpe.c > Explicitly close the pfkey socket on exit. (renato@) ~ pfkey.c > Pull explicit_bzero patch from bgpd. > Original author: Michael McConville. (renato@) ~ ldpd.8 > Update section of supported standards in the manpage. (renato@) ~ accept.c ~ address.c ~ adjacency.c ~ control.c ~ hello.c ~ init.c ~ interface.c ~ keepalive.c ~ kroute.c ~ labelmapping.c ~ lde.c ~ lde_lib.c ~ ldpd.c ~ ldpe.c ~ log.c ~ neighbor.c ~ notification.c ~ packet.c > Replace manually written function names with __func__. (renato@) ~ kroute.c > Don't try to install pseudowires of unknown type. (renato@) ~ ldpe.c > Clear the configuration before closing the network sockets. > This fixes some errors and warnings when ldpd is shutting down. (renato@) ~ log.c > Fix logging of wildcard label mappings. > If snprintf fails, a value less than 0 is returned. (renato@) ~ parse.y > Bring in the findeol() fix from pfctl. > Pulled from ospfd. Original author: henning@ (renato@) ~ parse.y > Fix router-id selection if static router-id is not given. > First convert IP addresses to host byte-order before checking which one > is smaller. Additionally fix the check to find the lowest configured IP > as suggested by the RFC. > Pulled from ospfd. Original author: claudio@ (renato@) ~ ldpd.conf.5 ~ parse.y > Add support for including additional configuration files. > Pulled from ospfd. Original author: dlg@ (renato@) ~ ldpd.conf.5 > Sort configuration options in ldpd.conf(5). (renato@) ~ kroute.c > Filter our RTM_GET messages which are not from us. > Pulled from ospfd. Original author: claudio@ (renato@) ~ init.c ~ ldpd.c ~ ldpd.conf.5 ~ ldpe.h ~ neighbor.c ~ parse.y ~ printconf.c > Allow setting the session holdtime per neighbor. (renato@) ~ hello.c ~ init.c ~ ldpd.c ~ ldpd.conf.5 ~ ldpe.c ~ ldpe.h ~ neighbor.c ~ packet.c ~ parse.y ~ pfkey.c ~ printconf.c > Add knob to configure the transport address. > This will be especially important when we add support for IPv6, because > we'll not be able to use the router-id as the transport-address in > this case. (renato@) ~ adjacency.c ~ interface.c ~ l2vpn.c ~ lde.c ~ ldp.h ~ ldpd.c ~ ldpe.c ~ ldpe.h ~ log.c ~ neighbor.c ~ packet.c ~ printconf.c > Move some code around. > This patch doesn't introduce any logical change. (renato@) ~ address.c ~ interface.c ~ neighbor.c > We don't need a separate function for sending address withdraws. > Address and Address Withdraw messages have the exact same format, only > their type is different. (renato@) ~ ldpe.c > pledge() earlier on ldpe. (renato@) ~ hello.c ~ ldp.h ~ ldpd.conf.5 > Validate received hello holdtime and keepalive time. > Refuse a keepalive time of zero because it's invalid. For the hello > holdtime, zero is valid and means infinite. > Additionally, refuse values smaller than three for both the keepalive > timer and the hello holdtime. The keepalive/hello interval is calculated > as one third of their holdtime, which means that if the holdtime is one > or two, the calculated interval would be zero using integer arithmetic. > If anyone wants to use such a small holdtime, he or she should use > BFD instead. (renato@) ~ ldpd.c > Split merge_config() into smaller functions to improve readability. > The merge code will get bigger when we introduce IPv6 support, so we > better prepare the ground for it. (renato@) ~ adjacency.c ~ interface.c ~ neighbor.c > Remove duplicated code in timer functions. (renato@) ~ init.c ~ neighbor.c ~ notification.c > Fix issue with the exponential backoff timer. > Do not start the exponential backoff timer when playing the passive role > of the session establishment process. > RFC 5036 - Section 2.5.3 says: > "The specific session establishment action that must be > delayed is the attempt to open the session transport connection by > the LSR playing the active role". (renato@) ~ init.c ~ packet.c > Respect the received Max PDU Length field. (renato@) ~ address.c ~ hello.c ~ init.c ~ keepalive.c ~ labelmapping.c ~ ldp.h ~ notification.c ~ packet.c > Improve the parser of TCP/session packets. > Add more safeguards against malformed packets and fix existing ones. Also, > rename a few variables and constants to match their real meaning. For > example, rename gen_msg_tlv() to gen_msg_hdr() because this function > generates an LDP header, not a TLV. > Finally, clean-up all the send_* functions so they all follow the same > pattern. (renato@) ~ packet.c > Don't ignore notification messages before the session is operational. > This was preventing us from triggering the backoff exponential timer > after receiving a 'No Hello' notification. (renato@) ~ Makefile ~ hello.c ~ ldpd.h ~ packet.c ~ parse.y + util.c > Several improvements in the parsing of UDP/Hello packets. > * Fix check of the packet's size and the "PDU Length" field; > * Add check for the "Message Length" field; > * Check for invalid labelspace earlier. > * Use if_lookup() on disc_recv_iface() to reduce one level of identation; > Additionally, add the following safeguards: > * Check for unicast link hellos; > * Check for multicast targeted hellos; > * Validate packet's source address; > * Validate received transport-address. > Put the ancillary function bad_ip_addr() into a new file, util.c, which > will be used later for several other things. (renato@) ~ ldp.h ~ ldpd.h > Remove unused code. (renato@) ~ labelmapping.c ~ lde.c ~ lde_lib.c ~ ldp.h ~ log.c ~ notification.c > Rename a few constants to avoid confusion. > In ldpd we have the map structure, which is used to represent a label > message, > and the fec structure, used to store FECs in the LIB. > As of now, ldpd supports two type of FECs: > * IPv4 prefix (FEC_TYPE_IPV4); > * PWID (FEC_TYPE_PWID). > For the label messages, the following contants were being used: > * FEC_WILDCARD; > * FEC_PREFIX (IPv4 or IPv6); > * FEC_PWID. > Since these contants have similar names to the previous ones, rename > them to: > * MAP_TYPE_WILDCARD; > * MAP_TYPE_PREFIX; > * MAP_TYPE_PWID. (renato@) ~ hello.c ~ init.c ~ interface.c ~ kroute.c ~ l2vpn.c ~ lde.c ~ lde.h ~ lde_lib.c ~ ldpd.c ~ ldpd.h ~ parse.y ~ printconf.c > More renaming. > Rename a few more things to improve readability. > * s/F_PW_CONTROLWORD_CONF/F_PW_CWORD_CONF/ (shorter) > * s/F_PW_CONTROLWORD/F_PW_CWORD/ (shorter) > * s/LDPD_FLAG_*/F_LDPD_*/ (consistency) > * s/lde_nbr_address/lde_addr/ (shorter) > * s/ldp_discovery_socket/ldp_disc_socket/ (shorter) > * s/ldp_ediscovery_socket/ldp_edisc_socket/ (shorter) > * s/ldp_sendboth/main_imsg_compose_both/ (consistency) > * s/cons/total/ (makes more sense) > * s/kaddr/ka/ (consistency with remaining code) > * Always use 'ln' for lde_nbrs (consistency) (renato@) ~ ldpe.h ~ neighbor.c ~ notification.c ~ packet.c > Rework the way we handle income connection requests. > The logic of the previous code was to accept all TCP connection requests > (destined to port 646) and create a tcp_conn structure for each them. Once > the first packet of a connection was received, we would analyze the > LDP Initialization message and identify its origin by looking at the > LSR-ID field. > When parsing a received TCP packet, we would need to distinguish between > two cases: tcp packet from an LDP neighbor and tcp packet from a newborn > connection (not associated with any neighbor yet). For this reason, > the session_read() function was quite complicated. > Also, we were not keeping track of the allocated tcp_conn structures. So, > we were subject to memory leaks and even DOS attacks. > With this patch, we also accept all TCP connection requests, but with two > major differences: > * We identify the neighbor by the source address of the SYN > packet. This is possible because we don't support label spaces, so > the transport-address by itself is enough to identify a neighbor, > we don't need to wait for the Initialization message; > * If there's no matching adjacency for this neighbor, then we start a > timer of 5 seconds. If we receive a Hello packet from this neighbor > within this interval, then we stop this timer and move on in > the Initialization state machine. Otherwise, we send a No Hello > Notification message and close the socket. We try to avoid sending > the No Hello notification as much as possible because it triggers the > backoff exponential in the remote peer, which considerably slow down > the session establishment process. > In summary, this new approach allows for a simpler code and fixes the > memory leak problem mentioned before. (renato@) ~ ldpd.c ~ ldpd.conf.5 ~ neighbor.c ~ packet.c ~ parse.y ~ printconf.c > Make neighbor parameters per lsr-id not per transport-address. > With the advent of IPv6 support, a single neighbor can have two different > transport-addresses: one for ipv4 and one for ipv6. In order to define > neighbor-specific parameters in an indistinguishable way, define them > by lsr-id. This way we can switch between LDPov4 and LDPov6 and keep > the same configuration. (renato@) ~ adjacency.c ~ control.c ~ hello.c ~ init.c ~ interface.c ~ kroute.c ~ l2vpn.c ~ lde.c ~ log.c ~ neighbor.c ~ notification.c ~ packet.c ~ parse.y ~ pfkey.c > Standardize some log messages and fix some inconsistencies. > We were using several different names for the same thing in our log > messages: neighbor, neighbor ID, nbr ID and LSR ID. > Standardize to always use "lsr-id" to refer to a neighbor. > Also: > * Use log_warnx() instead of log_warn() when appropriate; > * Use fatal(x) instead of err(x) when appropriate; > * Fix some inconsistent log messages. (renato@) ~ neighbor.c > Reuse nbr_pending_connect() on nbr_del(). (renato@) ~ labelmapping.c ~ lde_lib.c ~ notification.c ~ pfkey.c > Remove unnecessary break statements. (renato@) ~ adjacency.c ~ interface.c > Simplify removal of targeted neighbors and adjacencies. > Unlink these structures inside their own delete function rather than from > the outside. (renato@) ~ lde_lib.c ~ notification.c > Fix byte order issues with notification messages. (renato@) ~ adjacency.c ~ hello.c ~ interface.c ~ ldpd.h > Remove unnecessary mirroring of sockets. (renato@) ~ l2vpn.c ~ lde.h ~ ldp.h > Minor adjustments in l2vpn code. > * Define a new constant for the default pseudowire type; > * On l2vpn_new(), initialize the l2vpn lists with LIST_NEW (cosmetic > because the struct was calloc'ed); > * Add a const qualifier to the second parameter of l2vpn_find(); > * Remove l2vpn_if_del() and use just free() instead. (renato@) ~ l2vpn.c ~ parse.y ~ printconf.c > Do not accept incomplete pseudowires in the configuration. > There's no point on keeping in the config something that can not be used, > it just adds unnecessary complexity. Also, it's better to warn the user > that there's something wrong rather than play nice and ignore the problem. > (renato@) ~ l2vpn.c > Check for local label before trying to install pseudowire. > While here, add a comment about ECMP and pseudowires. (renato@) ~ parse.y > clear_config() should only deallocate memory and nothing else. > clear_config() is called when the parser fails (at startup or config > reload). While cleaning up the allocated memory, the parser should not > log anything, after all the daemon's running configuration is untouched. > So, in this case, we se should clear the partial config by hand and > avoid functions like if_del(). (renato@) ~ labelmapping.c ~ lde.c ~ lde_lib.c > Make send_labelmessage() more robust. > Immediately return from this function if the given list of mappings > is empty. This way we have more freedom when sending label messages, > not having to care with corner cases. (renato@) ~ labelmapping.c > Fix check of when a wildcard group PW-ID FEC is valid or not. > In addition to label mappings, wildcard group PW-ID FECs are invalid in > label requests and label abort requests too. (renato@) ~ ldpd.h > Fix warnings when compiling with -pedantic. (renato@) ~ ldpd.h > Release allocated memory before exiting. (renato@) ~ lde.c > Remove protection that was prevent pseudowires to be updated in the kernel. > During the setup of a pseudowire, it might change its parameters > (e.g. control-word) once the negotiation with the remote peer is done. > (renato@) ~ lde_lib.c > Fix bug in the processing of label withdraws and releases. > The F_MAP_PW_ID flag is only set for PW-ID mappings, which means that we > were ignoring all label withdraws and label releases for non PW-ID FECs. > (renato@) ~ l2vpn.c ~ lde.c ~ lde_lib.c ~ ldpd.c ~ log.c ~ notification.c ~ parse.y ~ printconf.c > Rework L2VPN code. (renato@) ~ neighbor.c > Fix fd leak in error path. (renato@) ~ Makefile ~ interface.c ~ ldpd.h ~ packet.c + socket.c > Move setsockopt helper functions to a separate file. > IPv6 support is coming and we don't want to pollute the interface.c file > with too many of these helper functions. > Also, rename these functions from if_set_* to sock_set_*. (renato@) ~ Makefile ~ accept.c ~ address.c ~ adjacency.c ~ control.c ~ control.h ~ hello.c ~ init.c ~ interface.c ~ keepalive.c ~ kroute.c ~ l2vpn.c ~ labelmapping.c ~ lde.c ~ lde.h ~ lde_lib.c ~ ldp.h ~ ldpd.8 ~ ldpd.c ~ ldpd.conf.5 ~ ldpd.h ~ ldpe.c ~ ldpe.h ~ log.c ~ log.h ~ neighbor.c ~ notification.c ~ packet.c ~ parse.y ~ pfkey.c ~ printconf.c ~ socket.c ~ util.c > Fix mess caused by my commit script. > I screwed up everything... trying to fix now. (renato@) ~ ldpd.h ~ ldpe.c ~ socket.c > Move socket creation and setup into a specialized function. > Right now we use three network sockets in ldpd: > * the discovery socket (udp+mcast); > * the extended discovery socket (udp); > * the session socket (tcp). > When we introduce IPv6 support, we'll get three more sockets. In order > to prevent code duplication in the future, add a specialized function > that creates a socket according to the given type (and address-family > later). This also improves readability because it makes it easier to > see the differences between each socket. (renato@) ~ adjacency.c ~ hello.c ~ interface.c ~ kroute.c ~ lde.c ~ lde_lib.c ~ ldpd.c ~ neighbor.c ~ parse.y ~ pfkey.c > Copy structs by assignment instead of memcpy. > Copying by straight assignment is shorter, easier to read and has a > higher level of abstraction. We'll only avoid it when copying from an > unaligned source (e.g., network buffers). > In addition, copy in_addr structs directly. (renato@) ~ l2vpn.c ~ lde.c ~ parse.y > Fix bugs in pseudowire parameters negotiation. (renato@) ~ adjacency.c ~ hello.c ~ interface.c ~ l2vpn.c ~ ldpd.c ~ ldpd.h ~ ldpe.c ~ ldpe.h ~ log.c ~ log.h ~ socket.c > Create network sockets on the parent process. > We drop our privileges in ldpe right after we create the network sockets. > The problem is that we might want to change the transport-address and > reload the config, in which case we need new sockets. To allow that, > always create the network sockets in the parent process and pass them > to ldpe via imsg. (renato@) ~ lde_lib.c > Reuse lde_address_find() inside lde_check_mapping(). (renato@) ~ ldpe.c > Add an exception for kernels built without PFKEYv2 support. (renato@) ~ l2vpn.c ~ lde.h ~ ldpd.c ~ ldpe.c ~ parse.y > Don't create l2vpn targeted neighbors inside the config parser. > When removing a configured pseudowire, we remove the associated tnbr > in ldpe_l2vpn_pw_exit(). So, when a new pseudowire is configured, it > makes sense to create its tnbr in ldpe_l2vpn_pw_init() to keep things > consistent. (renato@) ~ interface.c ~ kroute.c ~ ldpd.c ~ ldpd.h ~ ldpe.c ~ ldpe.h > Several fixes in the config reload handling. (renato@) ~ adjacency.c ~ interface.c ~ ldpd.c ~ ldpe.c ~ ldpe.h ~ parse.y > Enable changing the router-id via config reload. > Now ldpd can start without a router-id, since it can be set later. Since > a router-id of 0.0.0.0 is invalid, interfaces and targeted-neighbors > will check for a valid router-id in order to be activated. > When the router-id is changed, all the neighborships are reset. (renato@) ~ ldpd.h ~ socket.c > Use SO_BINDANY before binding sockets to the transport-address. > This allows ldpd to start on a system without any IP address and bind > to the transport-address successfully. Without this patch, we'd need to > monitor the new addresses from the kernel and create the network sockets > only when the transport-address is available in the system. (renato@) ~ lde_lib.c > Simplify label allocation. > Whenever we lose a route, unset the local label. If the same route is > learned again later, allocate a new label for it. No need to be economic > with labels, it's not worth the added complexity. (renato@) ~ lde.c ~ lde.h ~ lde_lib.c > Introduce a garbage collector for dead entries in the LIB. > If we lose a route and all of its associated labels, then there's no > point on keeping an entry for it in the LIB. (renato@) ~ ldpd.conf.5 > Start sentences on new lines in ldpd.conf(5). (renato@) ~ labelmapping.c > Reject null labels for PW-ID FECs. (renato@) ~ printconf.c > Remove redundant new lines in print_config(). (renato@) ~ Makefile ~ address.c ~ adjacency.c ~ control.c ~ control.h ~ kroute.c ~ l2vpn.c ~ lde.c ~ lde_lib.c ~ ldpd.c ~ ldpd.h ~ ldpe.c ~ ldpe.h ~ log.c ~ log.h ~ neighbor.c ~ parse.y ~ printconf.c ~ util.c > Assorted fixes and small cleanup. > Nothing really interesting here. (renato@) ~ address.c ~ adjacency.c ~ hello.c ~ init.c ~ interface.c ~ kroute.c ~ l2vpn.c ~ labelmapping.c ~ lde.c ~ lde.h ~ lde_lib.c ~ ldp.h ~ ldpd.8 ~ ldpd.c ~ ldpd.conf.5 ~ ldpd.h ~ ldpe.c ~ ldpe.h ~ log.c ~ log.h ~ neighbor.c ~ packet.c ~ parse.y ~ pfkey.c ~ printconf.c ~ socket.c ~ util.c > Add support for IPv6 (RFC 7552). > This includes: > * Full compliance to RFC 7552; > * Support for MD5 on LDPov6 sessions; > * Support for pseudowires over IPv6 LSPs (we're probably the world's > first implementation doing this); > * Support for the IPv6 explicit-null label; > * Knob to specify the prefered address-family for TCP transport > connections; > * Knob to use cisco non-compliant format to send and interpret the > Dual-Stack capability TLV. (renato@) ~ accept.c ~ address.c ~ adjacency.c ~ control.c ~ control.h ~ hello.c ~ init.c ~ interface.c ~ kroute.c ~ l2vpn.c ~ labelmapping.c ~ lde.c ~ lde.h ~ lde_lib.c ~ ldpd.c ~ ldpd.h ~ ldpe.c ~ ldpe.h ~ log.c ~ log.h ~ neighbor.c ~ notification.c ~ packet.c ~ parse.y ~ pfkey.c ~ printconf.c ~ socket.c > Make functions and variables static whenever possible. > The benefits of this include: > * clean up of the ldpd global namespace; > * improved readability; > * more hints to the compiler/linker to generate more efficient code. > Whenever possible, move global static variables to a smaller scope > (function). > All extern variables are now declared in header files to avoid unnecessary > duplication. > This patch also cleans up the indentation of all function prototypes > and global variables. (renato@) ~ accept.c ~ address.c ~ adjacency.c ~ control.c ~ control.h ~ hello.c ~ init.c ~ interface.c ~ keepalive.c ~ kroute.c ~ l2vpn.c ~ labelmapping.c ~ lde.c ~ lde.h ~ lde_lib.c ~ ldp.h ~ ldpd.c ~ ldpd.h ~ ldpe.c ~ ldpe.h ~ log.c ~ neighbor.c ~ notification.c ~ packet.c ~ parse.y ~ pfkey.c ~ printconf.c > Remove superfluous includes. (renato@) ~ adjacency.c ~ hello.c ~ interface.c ~ kroute.c ~ labelmapping.c ~ lde.c ~ lde.h ~ lde_lib.c ~ ldp.h ~ ldpd.8 ~ ldpd.c ~ ldpd.conf.5 ~ ldpd.h ~ ldpe.c ~ ldpe.h ~ neighbor.c ~ packet.c ~ parse.y ~ printconf.c > Update copyright information. (renato@) ~ lde.c ~ lde.h ~ ldpd.c ~ ldpd.h ~ ldpe.c ~ ldpe.h ~ parse.y > Improve security by calling exec after fork. > For each child process (lde and ldpe), re-exec ldpd with a special > "per-role" getopt flag. This way we have seperate ASLR/cookies per > process. > Based on a similar patch for bgpd, from claudio@ > Requested by deraadt@ (renato@) ~ control.c ~ ldpd.h ~ ldpe.h ~ neighbor.c > Add support for manually resetting neighbors. (renato@) ~ ldpd.conf.5 > various tweaks; (jmc@) mopd ~ common/pf.c > Replace the /dev/bpf* open loop with a plain open("/dev/bpf0", ...). > ok deraadt jca (natano@) npppd ~ npppd/npppd.conf.5 > Improve and clarify a few bits; with input from jmc@, ok yasuoka, jmc > (mikeb@) ~ npppd/privsep.c ~ pppoe/pppoed.c > Replace the /dev/bpf* open loop with a plain open("/dev/bpf0", ...). > ok deraadt jca (natano@) pkg_add ~ fw_update.1 > tweak wording to avoid "firmware which are installed" (tj@) procmap ~ procmap.c > Must extract uvm_vnode from uvm_object first before reading the vnode > Otherwise procmap interprets the uvm_vnode contents as a vnode, > yielding bogus values. This should cure the > "procmap: invalid address (ffffffffffffffff) == -1 vs. 656 @ > ffffffffffffffff" > error messages that appear sporadically. > ok deraadt@ (stefan@) ~ procmap.1 ~ procmap.c > Re-introduce vnode-to-filename mapping > The name cache walking code got adapted to the new name cache layout. > Along with the previous commit, procmap is now able to map a vnode > to a filename as long as it is in the name cache. > "nice stuff" deraadt@ (stefan@) pstat ~ pstat.c > remove code to display MNT_EXKERB bit (deraadt@) ~ pstat.c > W^X violations are no longer permitted by default. A kernel log message > is generated, and mprotect/mmap return ENOTSUP. If the sysctl(8) flag > kern.wxabort is set then a SIGABRT occurs instead, for gdb use or coredump > creation. > W^X violating programs can be permitted on a ffs/nfs filesystem-basis, > using the "wxallowed" mount option. One day far in the future > upstream software developers will understand that W^X violations are a > tremendously risky practice and that style of programming will be > banished outright. Until then, we recommend most users need to use the > wxallowed option on their /usr/local filesystem. At least your other > filesystems don't permit such programs. > ok jca kettenis mlarkin natano (deraadt@) rarpd ~ rarpd.c > Replace the /dev/bpf* open loop with a plain open("/dev/bpf0", ...). > ok deraadt jca (natano@) rbootd ~ bpf.c ~ pathnames.h ~ rbootd.8 > Replace the /dev/bpf* open loop with a plain open("/dev/bpf0", ...). > ok deraadt jca (natano@) ~ Makefile ~ parseconf.c ~ rbootd.c ~ utils.c > Delete blocking/unblocking of signals, as the handlers now just set flags > that are tested by the main loop. > ok jca@ deraadt@ (guenther@) smtpd ~ to.c > use temporary variables to store some struct tm values, no functional > change but reduces the changeset with portable version (gilles@) ~ mda.c ~ mta.c ~ mta_session.c ~ smtp_session.c > start work on improving the log format, this is work in progress but it'll > be better worked in tree > ok eric@, beck@ (gilles@) ~ ca.c ~ config.c ~ control.c ~ lka.c ~ pony.c ~ queue.c ~ scheduler.c ~ smtpd.c ~ smtpd.h > Implement the fork+exec pattern in smtpd. > The parent process forks child processes and re-exec each of them with > an additional "-x <proc>" argument. During the early setup phase, the > parent process sends ipc socket pairs to interconnect the child > processes as needed, and it passes the queue encryption key to the > queue if necessary. When this is done, all processes have their > environment set as in the fork-only case, and they can start doing > their work as before. > ok gilles@ jung@ (eric@) vmd ~ loadfile_elf.c > Copy ELF headers into guest VM memory > This gives ddb access to the symbols of the kernel running inside the VM. > ok mlarkin@ (stefan@) =============================================================================== _______________________________________________ owc mailing list [email protected] http://www.squish.net/mailman/listinfo/owc
