OpenBSD src changes summary for 2016-09-25 to 2016-10-02 inclusive ==================================================================
bin/ksh distrib/miniroot distrib/notes distrib/sets distrib/special etc/changelist etc/group etc/mail/aliases etc/master.passwd etc/mtree/4.4BSD.dist etc/mtree/special etc/netstart etc/rc gnu gnu/usr.bin/cc gnu/usr.bin/cvs lib/csu lib/libc lib/libcrypto lib/libkvm lib/libssl regress/bin regress/gnu regress/libexec regress/sbin regress/sys regress/usr.bin regress/usr.sbin sbin/dhclient sbin/iked sbin/kbd sbin/ping sbin/sysctl share/man share/misc share/snmp share/termtypes share/zoneinfo sys/arch/alpha/alpha sys/arch/amd64/amd64 sys/arch/amd64/include sys/arch/arm/arm sys/arch/arm/include sys/arch/armv7/imx sys/arch/armv7/omap sys/arch/hppa/hppa sys/arch/i386/i386 sys/arch/loongson/loongson sys/arch/m88k/m88k sys/arch/macppc/macppc sys/arch/mips64/mips64 sys/arch/sh/sh sys/arch/socppc/socppc sys/arch/sparc64/include sys/arch/sparc64/sparc64 sys/dev/acpi sys/dev/ic sys/dev/pci sys/dev/rasops sys/dev/usb sys/dev/wscons sys/kern sys/msdosfs sys/net sys/netinet sys/netinet6 sys/nfs sys/sys usr.bin/aucat usr.bin/fstat usr.bin/ftp usr.bin/make usr.bin/signify usr.bin/ssh usr.bin/tcpbench usr.bin/tmux usr.bin/ul usr.bin/units usr.sbin/acpidump usr.sbin/dhcrelay usr.sbin/ftp-proxy usr.sbin/httpd usr.sbin/kgmon usr.sbin/ldpd usr.sbin/ntpd usr.sbin/ospfd usr.sbin/pkg_add usr.sbin/procmap usr.sbin/pstat usr.sbin/relayd usr.sbin/rtadvd usr.sbin/snmpd usr.sbin/switchctl usr.sbin/switchd usr.sbin/tftpd usr.sbin/traceroute usr.sbin/trpt usr.sbin/vmd == bin =============================================================== 01/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/bin ksh ~ ksh.1 > Move bug description to the BUGS section > OK natano@, jmc@ > (I forgot to commit it back in mid-August when it was discussed.) > (czarkoff@) ~ ksh.1 > remove unneccessary .Pp; from jan stary (jmc@) == distrib =========================================================== 02/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib miniroot ~ install.sub > Tweak addel(), rmel() and bsort() to not emit a leading/trailing blank. > OK tb krw (rpe@) ~ install.sub > Tweak/add comments. > with input from and OK tb > OK halex krw (rpe@) ~ group ~ master.passwd > Add _ping user/group. > OK natano on a previous diff which used a different uid/gid. > naddy@ pointed out that uid/gid was already taken on "important" systems. > Turns out we cannot easily recycle freed up uids/gids so settle on 51. > (florian@) notes ~ armv7/prep > Add notes on installing on systems a miniroot is not available for. > ok kettenis@ (jsg@) sets ~ Makefile > Fix /usr/lib/locate/src.db owner for noperm release builds. > ok millert tb (natano@) ~ lists/base/mi > sync (deraadt@) ~ lists/base/mi > sync (deraadt@) ~ lists/base/mi ~ lists/etc/mi > sync (deraadt@) special ~ kbd/Makefile > remove more kvm code (deraadt@) == etc =============================================================== 03/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/etc changelist ~ changelist > Add /etc/acme-client.conf to mtree/special and changelist. > ok deraadt@ sthen@ florian@ (ajacoutot@) group ~ group > Add _ping user/group. > OK natano on a previous diff which used a different uid/gid. > naddy@ pointed out that uid/gid was already taken on "important" systems. > Turns out we cannot easily recycle freed up uids/gids so settle on 51. > (florian@) ~ group > Add unprivileged user for traceroute. > Input deraadt@ > OK benno@, sthen@ (florian@) mail/aliases ~ mail/aliases > + _ping (otto@) ~ mail/aliases > Add unprivileged user for traceroute. > Input deraadt@ > OK benno@, sthen@ (florian@) master.passwd ~ master.passwd > Add _ping user/group. > OK natano on a previous diff which used a different uid/gid. > naddy@ pointed out that uid/gid was already taken on "important" systems. > Turns out we cannot easily recycle freed up uids/gids so settle on 51. > (florian@) ~ master.passwd > Add unprivileged user for traceroute. > Input deraadt@ > OK benno@, sthen@ (florian@) mtree/4.4BSD.dist ~ mtree/4.4BSD.dist > Run acpidump(8) at system startup and store ACPI tables in the > /var/db/acpi directory. Later sendbug(1) will use this data in > bug reports. That directory is created by mtree. > idea from and OK deraadt > OK kettenis (rpe@) mtree/special ~ mtree/special > Add /etc/acme-client.conf to mtree/special and changelist. > ok deraadt@ sthen@ florian@ (ajacoutot@) netstart ~ netstart > Delay switch(4) interface start up so it can attach virtual interfaces > like vether(4). > nits from and ok benno@, phessler@ (rzalamena@) rc ~ rc > Run acpidump(8) at system startup and store ACPI tables in the > /var/db/acpi directory. Later sendbug(1) will use this data in > bug reports. That directory is created by mtree. > idea from and OK deraadt > OK kettenis (rpe@) == gnu =============================================================== 04/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/gnu gnu ~ llvm/tools/clang/lib/Driver/Tools.cpp > Disable -fstrict-aliasing per default on OpenBSD. > cluebat & ok kettenis@ (pascal@) usr.bin/cc ~ cc/Makefile > Set owner for /usr/lib/gcc-lib and /usr/include/g++ on install. > initial diff and ok tb (natano@) usr.bin/cvs ~ Makefile.bsd-wrapper ~ mkinstalldirs ~ contrib/Makefile.in > Set correct owner for installed files. Required for noperm release. > ok tb (natano@) == lib =============================================================== 05/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib csu ~ crt0.c > Now that vax has been removed, nothing defined MD_NO_CLEANUP anymore. > ok guenther@ (kettenis@) libc ~ compat-43/sigcompat.c ~ hidden/signal.h > sigsetmask() and sigblock() are no longer used by any setjmp implementation > so the internal hidden names are unused; switch to PROTO_DEPRECATED() > and drop the DEF_WEAK()s (guenther@) ~ gen/sysctl.3 > document kern.allowkmem; ok deraadt (jmc@) ~ gen/sysctl.3 > use the same template for describing securelevel interaction; (jmc@) ~ sys/read.2 > Make read(2) return EISDIR on directories. > Years ago Theo made read(2) return 0 on directories, instead of dumping > the directory content. Another behavior is allowed as an extension by > POSIX, returning an EISDIR error, as used on a few other systems. This > behavior is deemed more useful as it helps spotting errors. This > implies that it might break some setups. > Ports bulk builds by ajacoutot@ and naddy@, ok millert@ bluhm@ naddy@ > deraadt@ (jca@) libcrypto ~ x509/x509_vfy.c > In X509_cmp_time(), pass asn1_time_parse() the tag of the field being > parsed so that a malformed GeneralizedTime field is recognized as an error > instead of potentially being interpreted as if it was a valid UTCTime. > Reported by Theofilos Petsios (theofilos (at) cs.columbia.edu) > ok beck@ tedu@ jsing@ (guenther@) libkvm ~ shlib_version ~ kvm_cd9660.c ~ kvm_file2.c ~ kvm_ntfs.c ~ kvm_udf.c > Add va_nlink information to struct kinfo_file (so bump the shlib minor) > from Sebastien Marie (guenther@) libssl ~ t1_lib.c > Detect zero-length encrypted session data early, instead of when malloc(0) > fails or the HMAC check fails. > Noted independently by jsing@ and Kurt Cancemi (kurt (at) > x64architecture.com) > ok bcook@ (guenther@) ~ t1_lib.c > Check for and handle failure of HMAC_{Update,Final} or EVP_DecryptUpdate() > based on openssl commit a5184a6c89ff954261e73d1e8691ab73b9b4b2d4 > ok bcook@ (guenther@) ~ src/crypto/opensslv.h TAGGED OPENBSD_6_0 > bump to 2.4.4 (bcook@) ~ src/crypto/opensslv.h TAGGED OPENBSD_5_9 > bump to 2.3.9 (bcook@) == regress =========================================================== 06/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress bin ~ ksh/vi/Makefile > fix dependency, fixing regress if make regress is called with a clean obj > (like the parent does). > When make is called in the parent dir, both make regress and make all > are called for the vi subdir. Need to figure out how to avoid that. (otto@) ~ ksh/history.t ~ ksh/integer.t ~ ksh/regress.t ~ ksh/unclass2.t > Adjusts some patterns, so that the warning messages ksh prints if > it has no controlliing tty is not causing the test to fail. > based on otto@'s work; OK otto@ (bluhm@) ~ ksh/Makefile + ksh/main/Makefile > If a Makefile both defines SUBDIR and includes <bsd.regress.mk>, > the "all" target will depend on the "regress" target, so running > "make all" will recurse into the subdirectories for "regress", and > then recurse a second time into the same subdirectories for "all", > running all the tests twice. > Fix this by moving the Makefile to run the main-level tests into > a subdirectory "main" and only including <bsd.subdir.mk> from the > top level Makefile. > Issue reported by otto@; patch OK'ed by otto@ and bluhm@. (schwarze@) gnu ~ egcs/gcc-builtins/Makefile ~ egcs/gcc-builtins/sprintf-1.c.exp ~ egcs/gcc-builtins/sprintf-2.c.exp ~ egcs/gcc-builtins/sprintf-3.c.exp ~ egcs/gcc-builtins/stpcpy-1.c.exp ~ egcs/gcc-builtins/stpcpy-2.c.exp ~ egcs/gcc-builtins/strcat-1.c.exp ~ egcs/gcc-builtins/strcat-2.c.exp ~ egcs/gcc-builtins/strcpy-1.c.exp ~ egcs/gcc-builtins/strcpy-2.c.exp ~ egcs/gcc-builtins/vsprintf-1.c.exp ~ egcs/gcc-builtins/vsprintf-2.c.exp ~ egcs/gcc-builtins/vsprintf-3.c.exp ~ egcs/gcc-bounds/Makefile > Adapt more places where binutils-2.17 has changed the format of the > linker warning massages. (bluhm@) - egcs/Makefile.inc - egcs/gcc/Makefile - egcs/libiberty/Makefile ~ egcs/Makefile > The gcc and libiberty regression tests seem to be broken since the > gcc4 update. Delete this test wrapper, it does not add anything > of value. > OK deraadt@ kettenis@ (bluhm@) libexec ~ ld.so/Makefile ~ ld.so/constructor/libaa/aa.C ~ ld.so/constructor/libab/Makefile ~ ld.so/constructor/libab/ab.C ~ ld.so/constructor/prog1/Makefile ~ ld.so/constructor/prog1/prog1.C ~ ld.so/constructor/prog2/Makefile ~ ld.so/constructor/prog2/prog2.C > Modernize constructor test such that it builds again and enable it. > ok bluhm@ (kettenis@) ~ ld.so/constructor/libaa/Makefile ~ ld.so/constructor/libab/Makefile > Make sure that the regress target builds the libraries. Stop building a > profile library and add $OpenBSD$ markers. Similar to what we do in other > regress tests that build libraries such as regress/lib/libc/cxa-exit. > ok bluhm@ (kettenis@) sbin ~ pfctl/Makefile > also copy pf103.include to obj dir (otto@) sys ~ kern/siginfo-fault/siginfo-fault.c > If stdout is not line buffered, messages got lost when assert() was > called. Print errors to stderr instead. (bluhm@) - crypto/auth/Makefile - crypto/auth/md5.c > crypto(4) is no more (otto@) usr.bin ~ Makefile > add ul (otto@) ~ ssh/agent-getpeereid.sh ~ ssh/keys-command.sh ~ ssh/principals-command.sh ~ ssh/sftp-chroot.sh > Allow to run ssh regression tests as root. If the user is already > root, the test should not expect that SUDO is set. If ssh needs > another user, use sudo or doas to switch from root if necessary. > OK dtucker@ (bluhm@) ~ ftp/dasho.sh ~ ftp/redirect.sh > Do not close stdout when starting netcat, redirect to /dev/null > instead. This prevents that the ftp test hangs in nc poll(2). Add > OpenBSD RCS id while there. (bluhm@) ~ ssh/unittests/Makefile.inc > Add a makefile rule to create the ssh library when regress needs > it. This allows to run the ssh regression tests without doing a > "make build" before. > Discussed with dtucker@ and djm@; OK djm@ (bluhm@) ~ rcs/Makefile ~ rcs/rlog-rflag2.out ~ rcs/rlog-rflag3.out > Fix tests > - rlog lines end with ';' these days > - error message in low-mem conditions changed (otto@) ~ cvs/Makefile > with commitids, status produces an extra line per revision (otto@) ~ ssh/Makefile ~ ssh/unittests/Makefile ~ ssh/unittests/Makefile.inc > In ssh tests set REGRESS_FAIL_EARLY with ?= so that the environment > can change it. > OK djm@ (bluhm@) ~ cvs/Makefile > The opencvs sources are not linked to the build. To make the cvs > regression test run, build opencvs on demand as a dependency. > Input and OK otto@ (bluhm@) - cvs/import_seed/seed1.txt ~ cvs/Makefile ~ cvs/setdate.pl + cvs/seed1.txt > The import test of regress/usr.bin/cvs tries to touch a file in > src, not in obj. So better populate an import directory in obj and > import from there. Also remove trailing whitespaces and semicolons. > OK otto@ (bluhm@) ~ cvs/test_opencvs_import_01_seed1.txt,v > The opencvs test checks the RCS id of the file I have just commited. > So the test broke with my commit. Change the expected result and > hope that this commit will not break it again. (bluhm@) usr.sbin ~ switchd/run.pl > I wrote a perfect regress test: a test that never fails. Correctly > populate the die() from code within eval to make failed tests fail. (reyk@) ~ switchd/run.pl > Bump buffer size to 64k, the max OFP packet size (reyk@) ~ switchd/OFP.pm ~ switchd/run.pl > Fix length calculation of PACKET_IN (I forget the 10 byte packet_in > header). (reyk@) ~ switchd/run.pl > An unintened 65536 size change slipped in, revert to 65535 (reyk@) - ospfd/Tun.pm - ospfd/opentun.c - ospfd/tundump.pl ~ ospfd/Client.pm ~ ospfd/Default.pm ~ ospfd/Makefile ~ ospfd/README ~ ospfd/args-ifstate-pri-ism-ospfd.pl ~ ospfd/args-ifstate-pri-ism.pl ~ ospfd/args-ifstate-pri-ospfd-ism.pl ~ ospfd/args-ifstate-pri-ospfd.pl + ospfd/Tap.pm + ospfd/opentap.c + ospfd/tapdump.pl > The tun interface has been renamed to tap(4). Adapt ospfd test. (bluhm@) ~ ldapd/Makefile > The ldap regression test should behave more like the other tests. > So use REGRESS_TARGETS provided by bsd.regress.mk. > OK landry@ (bluhm@) == sbin ============================================================== 07/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin dhclient ~ dhclient.c > Reintroduce rdaemon() - working properly this time > Thanks Ken for fixing my initial implementation. ok krw@ (jca@) ~ dispatch.c > 'ifname' --> 'ifi->name' so DEBUG compiles again. (krw@) ~ dhclient.c > Don't record non-existant client identifier in lease file. (krw@) ~ clparse.c > Zap stray whitespace. (krw@) iked ~ util.c > Pass the flags argument of recvfromto down to the underlying recvmsg > Doesn't matter in iked as recvfromto is only called with flags = 0, but > this code tends to be copied. ok sthen@ florian@ (jca@) kbd ~ Makefile ~ kbd_wscons.c > Remove kvm groveling code. To restore the lost functionality we need to > implement something like a WSKBDIO_GETENCODINGS ioctl that fetches a list > of possible encodings for the specified keyboard from the kernel. Until > that happens, kbd -l will simple show the same harcoded list of possible > encodings as the installer does. > Prompted by deraadt@ (kettenis@) ~ kbd_wscons.c > remove more kvm code (deraadt@) ~ kbd_wscons.c > Use WSKBDIO_GETENCODINGS ioctl to generate a list of supported keyboard > encodings. Restores functionality lost when removing the kvm groveling > code. > ok deraadt@, jca@ (kettenis@) ping ~ ping.c > Drop privileges to newly added _ping user/group. > It does not buy us much when called as a unpriv user. But if run as > root we can now lose privileges. > OK natano@, deraadt@ is happy (florian@) ~ ping.c > Always do the setgroups, setresgid and setresuid even if if the > unprivileged user is not present instead of erroring out. This lets > ping and traceroute work in restricted enviornments like the bgplg > chroot. > Problem reported by sthen@ > input & prodding deraadt@ (florian@) sysctl ~ sysctl.8 > document kern.allowkmem; ok deraadt (jmc@) == share ============================================================= 08/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share man ~ Makefile > Install the copyright notice as ${MANOWN}:${MANGRP} with ${MANMODE} and > use ${INSTALL_COPY}; chown root:wheel mandoc.db for noperm builds. > ok natano (tb@) ~ man4/hifn.4 ~ man9/hardclock.9 > missing colon; from Rob Pierce <rob at 2keys dot ca> (schwarze@) + man1/clang-local.1 > Add a clang-local(1) man page, similar to gcc-local(1). This documents > OpenBSD-specific quirks for LLVM/clang. To be expanded as we go along. > idea from kettenis@, ok deraadt@ (pascal@) ~ man1/clang-local.1 > Small nit from kettenis@: -fstrict-aliasing is turned on if -Ofast. > (pascal@) ~ man7/securelevel.7 > document kern.allowkmem; reminded by deraadt (jmc@) ~ man7/securelevel.7 > group the sysctls; (jmc@) ~ man5/bsd.port.mk.5 > Add a sentence about BUILD_DEPENDS automatically set with EXTRACT_SUFX > ok jmc@ sthen@ (danj@) ~ man4/switch.4 > some minor tweaks; ok yasuoka (jmc@) misc ~ pcvtfonts/Makefile > Some ownership fixes for /usr/share/. > feedback and tweaks rpe > ok tb (natano@) snmp ~ Makefile > Some ownership fixes for /usr/share/. > feedback and tweaks rpe > ok tb (natano@) termtypes ~ Makefile > Some ownership fixes for /usr/share/. > feedback and tweaks rpe > ok tb (natano@) zoneinfo ~ datfiles/africa ~ datfiles/antarctica ~ datfiles/asia ~ datfiles/australasia ~ datfiles/backward ~ datfiles/etcetera ~ datfiles/europe ~ datfiles/factory ~ datfiles/leapseconds ~ datfiles/northamerica ~ datfiles/southamerica ~ datfiles/zone.tab ~ datfiles/zone1970.tab > Update to tzdata2016g from from ftp.iana.org. (millert@) == sys =============================================================== 09/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys arch/alpha/alpha ~ mem.c > Make a move towards ending 4 decades of kernel snooping. > Add sysctl kern.allowkmem (default 0) which controls the ability to open > /dev/mem or /dev/kmem at securelevel > 0. Over 15 years we converted 99% > of utilities in the tree to operate on sysctl-nodes (either by themselves > or via code hiding in the guts of -lkvm). > pstat -d and -v & procmap are affected and continued use of them will > require kern.allowkmem=1 in /etc/sysctl.conf. acpidump (and it's > buddy sendbug) are affected, but we'll work out a solution soon. > There will be some impact in ports. > ok kettenis guenther (deraadt@) ~ mem.c > typo (deraadt@) arch/amd64/amd64 ~ vmm.c > remove an extraneous vmcs flush (mlarkin@) ~ vmm.c > refactor vmcs flush and reload into one function, and remove another > flush that wasn't needed (mlarkin@) ~ mem.c > Make a move towards ending 4 decades of kernel snooping. > Add sysctl kern.allowkmem (default 0) which controls the ability to open > /dev/mem or /dev/kmem at securelevel > 0. Over 15 years we converted 99% > of utilities in the tree to operate on sysctl-nodes (either by themselves > or via code hiding in the guts of -lkvm). > pstat -d and -v & procmap are affected and continued use of them will > require kern.allowkmem=1 in /etc/sysctl.conf. acpidump (and it's > buddy sendbug) are affected, but we'll work out a solution soon. > There will be some impact in ports. > ok kettenis guenther (deraadt@) ~ identcpu.c > read and cache VMFUNC capability during boot. for use in an upcoming diff > (mlarkin@) ~ identcpu.c > clarify a comment whose text became out of date with the previous commit > (mlarkin@) ~ identcpu.c > Compute CR3 target count. Needed for upcoming debugging diff. (mlarkin@) arch/amd64/include ~ cpu.h ~ specialreg.h > read and cache VMFUNC capability during boot. for use in an upcoming diff > (mlarkin@) ~ cpu.h ~ specialreg.h > Compute CR3 target count. Needed for upcoming debugging diff. (mlarkin@) arch/arm/arm ~ mem.c > Make a move towards ending 4 decades of kernel snooping. > Add sysctl kern.allowkmem (default 0) which controls the ability to open > /dev/mem or /dev/kmem at securelevel > 0. Over 15 years we converted 99% > of utilities in the tree to operate on sysctl-nodes (either by themselves > or via code hiding in the guts of -lkvm). > pstat -d and -v & procmap are affected and continued use of them will > require kern.allowkmem=1 in /etc/sysctl.conf. acpidump (and it's > buddy sendbug) are affected, but we'll work out a solution soon. > There will be some impact in ports. > ok kettenis guenther (deraadt@) ~ cpu.c > Remove xscale support. Properly distinguish between ARMv7 and ARMv8. > ok patrick@, jsg@ (kettenis@) arch/arm/include ~ tcb.h > The userspace TCB_GET() shouldn't take an argument > ok deraadt@ tom@ patrick@ (guenther@) arch/armv7/imx ~ imxehci.c > Save and restore the (non-standard) USBMODE register around a reset of the > controller. This register controls whether the controller is in device or > host mode on many dual role controllers and gets reset during a reset of > the controller, placing the controller in (non-functional) idle mode. By > saving and restoring it, we keep the controller in host mode. Since this > is > a non-standard register, add a new EHCIF_USBMODE flag and only do the save > and > restore if it has been set. > Makes the upper "OTG" port of the Cubox-i work. > ok mpi@, jsg@ (kettenis@) arch/armv7/omap ~ if_cpsw.c > Set IFCAP_VLAN_MTU capability in cpsw(4). Avoids > "ifconfig: SIOCSETVLAN: No buffer space available" when creating vlan > interfaces without first lowering the mtu. Reported by Steven Chamberlain, > diagnosed by mikeb@, patch from Brad. ok bmercer@ (jsg@) arch/hppa/hppa ~ mem.c > Make a move towards ending 4 decades of kernel snooping. > Add sysctl kern.allowkmem (default 0) which controls the ability to open > /dev/mem or /dev/kmem at securelevel > 0. Over 15 years we converted 99% > of utilities in the tree to operate on sysctl-nodes (either by themselves > or via code hiding in the guts of -lkvm). > pstat -d and -v & procmap are affected and continued use of them will > require kern.allowkmem=1 in /etc/sysctl.conf. acpidump (and it's > buddy sendbug) are affected, but we'll work out a solution soon. > There will be some impact in ports. > ok kettenis guenther (deraadt@) arch/i386/i386 ~ mem.c > Make a move towards ending 4 decades of kernel snooping. > Add sysctl kern.allowkmem (default 0) which controls the ability to open > /dev/mem or /dev/kmem at securelevel > 0. Over 15 years we converted 99% > of utilities in the tree to operate on sysctl-nodes (either by themselves > or via code hiding in the guts of -lkvm). > pstat -d and -v & procmap are affected and continued use of them will > require kern.allowkmem=1 in /etc/sysctl.conf. acpidump (and it's > buddy sendbug) are affected, but we'll work out a solution soon. > There will be some impact in ports. > ok kettenis guenther (deraadt@) ~ pctr.c > Check cpuid_level before using CPUID(). > Problem noted by Sami (sami.tikkanen (at) haxaa.net) > ok deraadt@ (guenther@) arch/loongson/loongson ~ loongson2_machdep.c ~ machdep.c > Add logic for figuring out CPU clock rate and usable memory areas > by using Loongson EFI. > Regression testing on Loongson 2F by fcambus@ (visa@) ~ pmon.c > Tweak video BIOS pointer check. Current Loongson EFI firmware images > seem to provide a video BIOS in kseg0. (visa@) arch/m88k/m88k ~ mem.c > Make a move towards ending 4 decades of kernel snooping. > Add sysctl kern.allowkmem (default 0) which controls the ability to open > /dev/mem or /dev/kmem at securelevel > 0. Over 15 years we converted 99% > of utilities in the tree to operate on sysctl-nodes (either by themselves > or via code hiding in the guts of -lkvm). > pstat -d and -v & procmap are affected and continued use of them will > require kern.allowkmem=1 in /etc/sysctl.conf. acpidump (and it's > buddy sendbug) are affected, but we'll work out a solution soon. > There will be some impact in ports. > ok kettenis guenther (deraadt@) arch/macppc/macppc ~ mem.c > Make a move towards ending 4 decades of kernel snooping. > Add sysctl kern.allowkmem (default 0) which controls the ability to open > /dev/mem or /dev/kmem at securelevel > 0. Over 15 years we converted 99% > of utilities in the tree to operate on sysctl-nodes (either by themselves > or via code hiding in the guts of -lkvm). > pstat -d and -v & procmap are affected and continued use of them will > require kern.allowkmem=1 in /etc/sysctl.conf. acpidump (and it's > buddy sendbug) are affected, but we'll work out a solution soon. > There will be some impact in ports. > ok kettenis guenther (deraadt@) arch/mips64/mips64 ~ mem.c > Make a move towards ending 4 decades of kernel snooping. > Add sysctl kern.allowkmem (default 0) which controls the ability to open > /dev/mem or /dev/kmem at securelevel > 0. Over 15 years we converted 99% > of utilities in the tree to operate on sysctl-nodes (either by themselves > or via code hiding in the guts of -lkvm). > pstat -d and -v & procmap are affected and continued use of them will > require kern.allowkmem=1 in /etc/sysctl.conf. acpidump (and it's > buddy sendbug) are affected, but we'll work out a solution soon. > There will be some impact in ports. > ok kettenis guenther (deraadt@) arch/sh/sh ~ mem.c > Make a move towards ending 4 decades of kernel snooping. > Add sysctl kern.allowkmem (default 0) which controls the ability to open > /dev/mem or /dev/kmem at securelevel > 0. Over 15 years we converted 99% > of utilities in the tree to operate on sysctl-nodes (either by themselves > or via code hiding in the guts of -lkvm). > pstat -d and -v & procmap are affected and continued use of them will > require kern.allowkmem=1 in /etc/sysctl.conf. acpidump (and it's > buddy sendbug) are affected, but we'll work out a solution soon. > There will be some impact in ports. > ok kettenis guenther (deraadt@) arch/socppc/socppc ~ mem.c > Make a move towards ending 4 decades of kernel snooping. > Add sysctl kern.allowkmem (default 0) which controls the ability to open > /dev/mem or /dev/kmem at securelevel > 0. Over 15 years we converted 99% > of utilities in the tree to operate on sysctl-nodes (either by themselves > or via code hiding in the guts of -lkvm). > pstat -d and -v & procmap are affected and continued use of them will > require kern.allowkmem=1 in /etc/sysctl.conf. acpidump (and it's > buddy sendbug) are affected, but we'll work out a solution soon. > There will be some impact in ports. > ok kettenis guenther (deraadt@) arch/sparc64/include ~ asm.h > Remove more duplicated includes > OK jca@, deraadt@ (fcambus@) arch/sparc64/sparc64 ~ mem.c > Make a move towards ending 4 decades of kernel snooping. > Add sysctl kern.allowkmem (default 0) which controls the ability to open > /dev/mem or /dev/kmem at securelevel > 0. Over 15 years we converted 99% > of utilities in the tree to operate on sysctl-nodes (either by themselves > or via code hiding in the guts of -lkvm). > pstat -d and -v & procmap are affected and continued use of them will > require kern.allowkmem=1 in /etc/sysctl.conf. acpidump (and it's > buddy sendbug) are affected, but we'll work out a solution soon. > There will be some impact in ports. > ok kettenis guenther (deraadt@) dev/acpi ~ dsdt.c > Print the type of operation space that failed as there seem to be more of > these occurring recently. (mlarkin@) dev/ic ~ ahci.c > Contrary to e. g. the xHCI specification, the AHCI rev. 1.3 spec > does not say anything about which type (snoopable/uncached etc.) of > bus transactions are issued by HBAs on accesses to the descriptors. > Thus, the right assumption would be "classical" concurrent accesses > by both CPU/driver as well as hardware to the descriptors and their > DMA memory backings respectively, which is also confirmed by actual > testing. Consequently, switch to BUS_DMA_COHERENT mappings for said > DMA memory as otherwise corruption of descriptors is seen. > From Marius Strobl > tested by awolk (amd64), bluhm (amd64, i386), myself (amd64, armv7) > ok jmatthew@ (patrick@) ~ ahci.c > Given that ahci_port_alloc() grabs one CCB for use during NCQ error > recovery from the CCB pool sized based on the NCS capability, i. e. > number of command slots reported by the controller, it is necessary > to pretend at least 2 slots in sc->sc_ncmds for devices without NCQ > support. That way, also at least 1 available slot is made available > for atascsi(4). Otherwise, controllers having only a single command > slot will trigger "no free xfers on a new port" in atascsi(4). > Note that pretending 2 command slots is also fine with the abuse of > the NCQ error recovery CCB in ahci_port_softreset(). > From Marius Strobl > tested by awolk (amd64), bluhm (amd64, i386), myself (amd64, armv7) > ok jmatthew@ (patrick@) ~ ahci.c > Some HBAs report NCQ capability despite only supporting one command > slot. Thus, extend the check whether NCQ actually should be enabled > accordingly. > From Marius Strobl > tested by awolk (amd64), bluhm (amd64, i386), myself (amd64, armv7) > ok jmatthew@ (patrick@) ~ ahci.c > Some HABs reset parts of AHCI_PREG_CMD when AHCI_PREG_SCTL_DET_INIT > gets set. Therefore, ahci_port_softreset() restores the sate of the > former register once the device detection sequence is finished. The > device detection code in ahci_pmp_port_portreset() does not restore > AHCI_PREG_CMD afterwards, so let it catch up. Apparently, this part > was an oversight as ahci_pmp_port_portreset() did not otherwise use > "cmd". > From Marius Strobl > tested by awolk (amd64), bluhm (amd64, i386), myself (amd64, armv7) > ok jmatthew@ (patrick@) dev/pci ~ ixgbe.h > Remove more duplicated includes > OK jca@, deraadt@ (fcambus@) ~ if_iwm.c > Wait until the BSSID is known before adding the MAC context to iwm > firmware. > Fixes iwm connectivity issues after first boot. > Tested by myself (8260 chip) and tb@ (7265 chip) > ok tb@ (stsp@) dev/rasops ~ rasops.c > Avoid calculating offset several times. This was done for a few functions > already, but not all of them. > OK natano@ (fcambus@) dev/usb ~ if_cdce.c > Move the net/bpf.h include within the #if NBPFILTER directive > OK deraadt@ (fcambus@) ~ ehci.c ~ ehcireg.h ~ ehcivar.h > Save and restore the (non-standard) USBMODE register around a reset of the > controller. This register controls whether the controller is in device or > host mode on many dual role controllers and gets reset during a reset of > the controller, placing the controller in (non-functional) idle mode. By > saving and restoring it, we keep the controller in host mode. Since this > is > a non-standard register, add a new EHCIF_USBMODE flag and only do the save > and > restore if it has been set. > Makes the upper "OTG" port of the Cubox-i work. > ok mpi@, jsg@ (kettenis@) dev/wscons ~ wsconsio.h ~ wskbd.c > Add a WSKBDIO_GETENCODINGS ioctl that returns the supported keyboard > encodings. > ok deraadt@, jca@ (kettenis@) kern ~ kern_sysctl.c > Make a move towards ending 4 decades of kernel snooping. > Add sysctl kern.allowkmem (default 0) which controls the ability to open > /dev/mem or /dev/kmem at securelevel > 0. Over 15 years we converted 99% > of utilities in the tree to operate on sysctl-nodes (either by themselves > or via code hiding in the guts of -lkvm). > pstat -d and -v & procmap are affected and continued use of them will > require kern.allowkmem=1 in /etc/sysctl.conf. acpidump (and it's > buddy sendbug) are affected, but we'll work out a solution soon. > There will be some impact in ports. > ok kettenis guenther (deraadt@) ~ makesyscalls.sh > unbalenced->unbalanced (jca@) ~ init_sysent.c ~ syscalls.c > Regen (jca@) ~ subr_hibernate.c > move from RB macros to RBT functions (dlg@) ~ vfs_subr.c > Cast enum to u_int when doing a bounds check to avoid a clang warning that > the comparison is always true. > ok jca@, tedu@ (kettenis@) ~ vfs_vnops.c > Make read(2) return EISDIR on directories. > Years ago Theo made read(2) return 0 on directories, instead of dumping > the directory content. Another behavior is allowed as an extension by > POSIX, returning an EISDIR error, as used on a few other systems. This > behavior is deemed more useful as it helps spotting errors. This > implies that it might break some setups. > Ports bulk builds by ajacoutot@ and naddy@, ok millert@ bluhm@ naddy@ > deraadt@ (jca@) ~ vfs_vnops.c > Drop a now unneeded variable initialization; spotted by bluhm@ (jca@) ~ kern_sysctl.c > Add va_nlink information to struct kinfo_file (so bump the shlib minor) > from Sebastien Marie (guenther@) msdosfs ~ msdosfs_vfsops.c > Kill empty ifdef; ok fcambus@ (jca@) net ~ if_pfsync.c ~ pf.c ~ pf_if.c ~ pf_ioctl.c ~ pf_lb.c ~ pf_norm.c ~ pf_ruleset.c ~ pf_table.c ~ pfvar.h > move pf from the RB macros to the RBT functions. (dlg@) ~ if_pfsync.c ~ pf.c ~ pf_if.c ~ pf_ioctl.c ~ pf_lb.c ~ pf_norm.c ~ pf_ruleset.c ~ pf_table.c ~ pfvar.h > roll back turning RB into RBT until i get better at this process. (dlg@) ~ rtsock.c > Protect sbappendaddr() and sorwakeup() with splsoftnet in > rt_senddesync(). This fixes a splassert warning seen by sthen@. > Problem found by David Hill; OK sthen@ (bluhm@) ~ switchofp.c > Do not truncate packets that are attached to PACKET_IN. > The switch should only truncate packets if it implements buffering - > which switch(4) doesn't - or the controller might end up sending > PACKET_OUT responses with truncated packets that will eventually end > up on the network. > OK goda@ (reyk@) ~ if.c ~ if_switch.c ~ if_switch.h > Fix a kernel panic that happened when destroying interfaces attached to > the switch(4) without prior removal. > ok reyk@, goda@ (rzalamena@) ~ if_vxlan.c > Fix the way of checking the length of vxlan packet and made it strict. > ok reyk (yasuoka@) ~ if_vxlan.c > Fix vxlan to use the destination address correctly. > Use the dst of the bridge_tunneltag for src on vxlan output and vice > versa. > ok reyk (yasuoka@) ~ bridgectl.c ~ if_bridge.c ~ if_bridge.h ~ if_switch.c ~ if_vxlan.c > Rename brtag_src/brtag_dst to brtag_peer/brtag_local to avoid > confusion about the tunnel endpoints when responding to the peer. > OK yasuoka@ (reyk@) ~ switchofp.c > Make set-field action about tunneling work with bridge_tunneltag. > input goda, ok reyk goda (yasuoka@) ~ switchofp.c > typo: send ofp messages instead of massages. (reyk@) ~ if_vxlan.c > Accept a packet smaller than ETHERMIN. > ok reyk (yasuoka@) ~ ofp.h > sync ofp.h from switchd, add missing comments (reyk@) netinet ~ ip_spd.c > Remove empty #ifdef and #ifndef blocks > OK natano@ (fcambus@) netinet6 ~ nd6_rtr.c > typo in comment (sthen@) ~ nd6_rtr.c > Revert sending router solicitations when a prefix expires and go back > to previous behaviour of starting quick, exponentially backing off and > settling on every 60 seconds. > sthen@ noticed that this broke the backing off when we don't receive > an advertisment and so we would hammer the network every second which > is particularly bad on wifi networks. > OK sthen@ (florian@) nfs ~ nfs_node.c ~ nfs_var.h ~ nfs_vfsops.c ~ nfsmount.h > replace the use of RB macros with the RBT functions. (dlg@) sys ~ sysctl.h > Make a move towards ending 4 decades of kernel snooping. > Add sysctl kern.allowkmem (default 0) which controls the ability to open > /dev/mem or /dev/kmem at securelevel > 0. Over 15 years we converted 99% > of utilities in the tree to operate on sysctl-nodes (either by themselves > or via code hiding in the guts of -lkvm). > pstat -d and -v & procmap are affected and continued use of them will > require kern.allowkmem=1 in /etc/sysctl.conf. acpidump (and it's > buddy sendbug) are affected, but we'll work out a solution soon. > There will be some impact in ports. > ok kettenis guenther (deraadt@) ~ tree.h > Mark the static inline functions defined by RBT_PROTOTYPE as __unused. The > way these functions are generated through a macro makes clang think they're > defined in the .c file. Since some of these function may be unused, clang > issues a warning. Marking them as __unused suppresses the macro. > ok visa@, deraadt@, dlg@ (kettenis@) ~ syscall.h ~ syscallargs.h > Regen (jca@) ~ hibernate.h > move from RB macros to RBT functions (dlg@) ~ socket.h > Hide RT_TABLEID_MAX behind __BSD_VISIBLE > Alternate define location suggested by deraadt@ and kettenis@, ok kettenis@ > (jca@) ~ ctf.h > add integer and float encoding macros > ok mpi@ (jasper@) ~ sysctl.h > Add va_nlink information to struct kinfo_file (so bump the shlib minor) > from Sebastien Marie (guenther@) == usr.bin =========================================================== 10/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin aucat ~ aucat.c > Don't rely on the resampling code to calculate the number of samples > to process, as it may produce one extra sample (to handle accumulation > of fractional samples), which would cause access to one sample past > the end of the buffer and crash aucat. Fix this by limiting the number > of samples processed to a single block. > Found by and help from Michael W. Bombardieri <mb at ii.net>. Thanks. > (ratchov@) ~ abuf.c ~ afile.c ~ aucat.c ~ dsp.c ~ utils.c > Remove unnecessary includes. From Michael W. Bombardieri <mb at ii.net>. > (ratchov@) ~ aucat.c > Set the device rate to the calculated rate. Otherwise, the signal > may endup resampled twice. (ratchov@) fstat ~ fstat.1 ~ fstat.c > Indicate with an asterisk when a file has been unlinked. > from Sebastien Marie (guenther@) ftp ~ extern.h > Remove empty #ifdef and #ifndef blocks > OK natano@ (fcambus@) make ~ varmodifiers.c > Avoid two printf("%s", NULL) with 'make -d v'. > improvements & ok espie, earlier version ok deraadt (tb@) signify ~ signify.c > there's a hidden feature to infer the public key from the signature > comment, but it doesn't work well because it encodes the full path. > signature creaters don't usually keep the secret keys in /etc/signify, > but that's where we look for public keys. > switch to saving only the basename, and have the verifier add the path. > should make it easier to start using this feature. > anybody depending on the current behavior may have to adjust, but > there's a reason this was never officially documented. (tedu@) ~ signify.c > have to advance pointer past the / to get basename. > noticed by naddy (tedu@) ~ signify.c > no need to copy keypath if we already have one (tedu@) ~ signify.c > the keytype checking is logically part of verify, and it's small, so > always include it. but it can be made a bit simpler with zero malloc. > (tedu@) ~ zsig.c > can make function static now that it's living in a separate file. > bye bye XXX! (tedu@) ssh ~ sshkey.c > Avoid a theoretical signed integer overflow should BN_num_bytes() > ever violate its manpage and return a negative value. Improve > order of tests to avoid confusing increasingly pedantic compilers. > Reported by Guido Vranken from stack (css.csail.mit.edu/stack) > unstable optimisation analyser output. ok deraadt@ (djm@) - monitor_mm.c - monitor_mm.h ~ monitor.c ~ monitor.h ~ monitor_wrap.h ~ myproposal.h ~ opacket.h ~ packet.c ~ packet.h ~ servconf.c ~ sshconnect2.c ~ sshd.c ~ sshd/Makefile > Remove support for pre-authentication compression. Doing compression > early in the protocol probably seemed reasonable in the 1990s, but > today it's clearly a bad idea in terms of both cryptography (cf. > multiple compression oracle attacks in TLS) and attack surface. > Moreover, to support it across privilege-separation zlib needed > the assistance of a complex shared-memory manager that made the > required attack surface considerably larger. > Prompted by Guido Vranken pointing out a compiler-elided security > check in the shared memory manager found by Stack > (http://css.csail.mit.edu/stack/); ok deraadt@ markus@ > NB. pre-auth authentication has been disabled by default in sshd > for >10 years. (djm@) ~ ssh_config.5 > use a separate TOKENS section, as we've done for sshd_config(5); > help/ok djm (jmc@) ~ kex.c ~ kex.h ~ packet.c ~ sshconnect2.c ~ sshd_config.5 ~ servconf.c > restore pre-auth compression support in the client -- the previous > commit was intended to remove it from the server only. > remove a few server-side pre-auth compression bits that escaped > adjust wording of Compression directive in sshd_config(5) > pointed out by naddy@ ok markus@ (djm@) ~ kex.c ~ kex.h ~ packet.c > put back some pre-auth zlib bits that I shouldn't have removed - > they are still used by the client. Spotted by naddy@ (djm@) ~ channels.c ~ channels.h ~ clientloop.c ~ clientloop.h ~ mux.c ~ opacket.h ~ packet.c ~ packet.h ~ ssh.c > ssh proxy mux mode (-O proxy; idea from Simon Tatham): > - mux client speaks the ssh-packet protocol directly over unix-domain > socket. > - mux server acts as a proxy, translates channel IDs and relays to the > server. > - no filedescriptor passing necessary. > - combined with unix-domain forwarding it's even possible to run mux client > and server on different machines. > feedback & ok djm@ (markus@) ~ channels.c > fix some -Wpointer-sign warnings in the new mux proxy; ok markus@ (djm@) tcpbench ~ tcpbench.1 > Document the dependency on sysctl kern.allowkmem > ok tb (deraadt@) tmux ~ cmd-set-option.c ~ options.c > Support set -a (append) with user options, suggested by Xandor Schiefer. > (nicm@) ~ server-client.c ~ tmux.h ~ window.c > Rate limit TIOCSWINSZ on a timer to avoid programs getting hammered with > SIGWINCH when the size changes rapidly. To help a problem reported by > Rui Pinheiro. (nicm@) ~ cmd-queue.c ~ input.c > Couple of vasprintf -> xvasprintf. (nicm@) ~ screen-write.c > Check padding when writing any character with width > 1, in case they > overlap after the first character (for example with cells xy and ab, y > is replacing a). (nicm@) ul ~ ul.c > no overstrikes in -i mode; ok millert@ guenther@ (otto@) units ~ units.lib > update currency exchange rates; (jmc@) == usr.sbin ========================================================== 11/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin acpidump ~ acpidump.8 > Make a move towards ending 4 decades of kernel snooping. > Add sysctl kern.allowkmem (default 0) which controls the ability to open > /dev/mem or /dev/kmem at securelevel > 0. Over 15 years we converted 99% > of utilities in the tree to operate on sysctl-nodes (either by themselves > or via code hiding in the guts of -lkvm). > pstat -d and -v & procmap are affected and continued use of them will > require kern.allowkmem=1 in /etc/sysctl.conf. acpidump (and it's > buddy sendbug) are affected, but we'll work out a solution soon. > There will be some impact in ports. > ok kettenis guenther (deraadt@) ~ acpidump.8 ~ acpidump.c > If the argument of -o specifies a directory, dump the files without using a > prefix. > ok deraadt@ (kettenis@) dhcrelay ~ dhcrelay.c > Exit early from rdaemon() is the passed fd is invalid. > fd == -1 check suggested by deraadt@, ok florian@ (jca@) ftp-proxy ~ ftp-proxy.c > Exit early from rdaemon() is the passed fd is invalid. > fd == -1 check suggested by deraadt@, ok florian@ (jca@) httpd ~ httpd.c ~ httpd.h ~ proc.c > sync proc.c from switchd, includes minor cast qual fix and removal of > p_env. (reyk@) ~ Makefile > Add -Wcast-qual after syncing proc.c fix (reyk@) kgmon ~ kgmon.8 > Document the dependency on sysctl kern.allowkmem > ok tb (deraadt@) ldpd ~ ldpd.c > 'unneded stuff' -> 'unneeded stuff' in comments. (krw@) ntpd ~ ntp.c ~ ntp_dns.c ~ ntpd.c > Teach ntpd(8) how to use socket status to shutdown the daemon. While at > it, remove some verbose shutdown messages that we had before with pipe > close. > ok reyk@ (rzalamena@) ~ constraint.c ~ ntpd.c ~ ntpd.h > Teach ntpd(8) constraint process to use exec*() instead of just forking, > with this change we get the pledge() ability back to the parent process. > some tweaks from and ok reyk@ (rzalamena@) ospfd ~ ospfd.c ~ rde.c > 'unneded stuff' -> 'unneeded stuff' in comments. (krw@) pkg_add ~ OpenBSD/PackingList.pm ~ OpenBSD/State.pm > switch to using the new package signature scheme (signify2) by default > ok sthen@ (naddy@) ~ OpenBSD/PkgSign.pm > oops, forgot THAT hook. You have to start with unsigned to get signed > (espie@) procmap ~ procmap.1 > Make a move towards ending 4 decades of kernel snooping. > Add sysctl kern.allowkmem (default 0) which controls the ability to open > /dev/mem or /dev/kmem at securelevel > 0. Over 15 years we converted 99% > of utilities in the tree to operate on sysctl-nodes (either by themselves > or via code hiding in the guts of -lkvm). > pstat -d and -v & procmap are affected and continued use of them will > require kern.allowkmem=1 in /etc/sysctl.conf. acpidump (and it's > buddy sendbug) are affected, but we'll work out a solution soon. > There will be some impact in ports. > ok kettenis guenther (deraadt@) pstat ~ pstat.8 > Make a move towards ending 4 decades of kernel snooping. > Add sysctl kern.allowkmem (default 0) which controls the ability to open > /dev/mem or /dev/kmem at securelevel > 0. Over 15 years we converted 99% > of utilities in the tree to operate on sysctl-nodes (either by themselves > or via code hiding in the guts of -lkvm). > pstat -d and -v & procmap are affected and continued use of them will > require kern.allowkmem=1 in /etc/sysctl.conf. acpidump (and it's > buddy sendbug) are affected, but we'll work out a solution soon. > There will be some impact in ports. > ok kettenis guenther (deraadt@) relayd ~ control.c ~ parse.y ~ relay.c ~ relay_http.c > spacing (reyk@) ~ relayd.c > The fork+exec privsep commit broke the "block request method" http > config option. Due to reordering of the code, the variable > http_methods was initialized to late. Insert a relay_http() before > load_config(). > Found by make run-regress-args-http-filter-method.pl; OK reyk@ (bluhm@) ~ proc.c ~ relayd.c ~ relayd.h > sync proc.c incl. the p_env removal (reyk@) ~ Makefile ~ ca.c > Add -Wcast-qual and cast away one false positive where we use a const > u_char * variable for an iovec from within the libcrypto engine callback. > OK millert@ (reyk@) ~ relay.c > fix DEBUG build after ps->ps_instance change > ok reyk@ bluhm@ (benno@) rtadvd ~ config.c ~ rtadvd.h > Interval calculations are perfectly fine with ints. > OK jca@ (florian@) ~ config.c ~ rtadvd.h > consistently use MAX_ prefix > OK jca (florian@) ~ rtadvd.c > Exit early from rdaemon() is the passed fd is invalid. > fd == -1 check suggested by deraadt@, ok florian@ (jca@) snmpd ~ snmpd.h > Remove more duplicated includes > OK jca@, deraadt@ (fcambus@) ~ timer.c > Fix compilation warning by using the correct cast/format. > improved by sthen@ > ok reyk@ (rzalamena@) switchctl ~ switchctl.c > Adjust the mac_port format string since it got upgraded to 32bits > (following OpenFlow 1.3). (reyk@) switchd ~ switchd.8 ~ switchd.c > Correct the flag listing for switchd(8) and add a files section for the > configuration file. Sync usage() with the result. > With feedback from and ok jmc@ (jsg@) ~ ofp13.c ~ ofp_map.h > Enable more debug messages to help developing flow modification messages. > ok reyk@ (rzalamena@) ~ ofp.c > Fix a memory leak and a loop in the ofp_read() that happens every time a > message is received or a socket is closed. > This is just a temporary fix to avoid switchd(8) from hogging the cpu and > leaking memory while testing. > ok reyk@ (rzalamena@) ~ packet.c > Set pkt_buf variable on incoming packet_in messages. > small style correction and ok reyk@ (rzalamena@) ~ ofp.h ~ ofp13.c > Teach switchd(8) how to create flows for new connections using OpenFlow > 1.3.5, implement the OXM filters to use with flow matching and Set-Action, > prepare code to receive group management and add dummy flow_removed handler > to avoid closing the connection on idle flows. (rzalamena@) ~ ofp10.c ~ ofp13.c > OpenFlow PACKET_IN can send truncated packets; this only makes sense > if the switch buffers packets, otherwise we might end up forwarding > truncated packets to the network with the PACKET_OUT response. So, > for now, only close the connection if the packet is not buffered by > the switch but truncated. > OK rzalamena@ (reyk@) ~ ofp10.c ~ ofp13.c > Fix previous: don't attempt to write a NULL packet to the tap device. > Also print a debug message if the packet has been truncated by the switch. > (reyk@) ~ ofp13.c > Always ask the switch to send the whole packet unbuffered so we can > analyze the content of the packet and not truncate it when sending > packet_out. > ok reyk@ (rzalamena@) ~ ofp.h > Use the packed attribute for every structure that is used in the wire > messages. > ok reyk@ (rzalamena@) ~ ofp.h ~ ofp13.c ~ ofp_map.h > Teach switchd(8) some multipart table properties request/parse code to > handle basic display. (rzalamena@) ~ ofp13.c > Teach switchd(8) how to ask for and debug equipment description > requests / replies. (rzalamena@) ~ ofp13.c > Use the macro OFP_ALIGN() to find alignment instead of rolling my own way. > ok reyk@ (rzalamena@) ~ imsg_util.c > Replace memset in ibuf_zero with explicit_bzero as done in iked. (reyk@) ~ util.c > handle AF_UNIX sockaddrs (reyk@) ~ ofp13.c > Teach switchd(8) how to request flow entries and how to validate the > request/reply. With this we get the OXM type/value printing for all > directions. (rzalamena@) ~ ofp.c ~ ofp10.c ~ ofp13.c ~ switchd.h > Rename ofp_send to ofp_output (reyk@) ~ util.c ~ switchd.h > Add print_hex() for debugging of received packets (from iked) (reyk@) ~ Makefile ~ imsg_util.c ~ ofcconn.c ~ ofp.c ~ ofp10.c ~ ofp13.c ~ parse.y ~ switchd.c ~ switchd.h ~ types.h ~ util.c + ofrelay.c > Implement socket server code that properly handles async I/O, partial > messages, multiple messages per buffer and important things like > connection limits and file descriptor accounting. It works with TCP > connections as well as switch(4). The ofrelay.c part replaces > networking that was in ofp.c and will soon handle all socket > connections of switchd. It is called "ofrelay" because it will be > used as client, server, and forwarder. > OK rzalamena@ (reyk@) ~ switchd.c ~ types.h > Open next available tap(4) device instead of just tap0 (reyk@) ~ ofp.c ~ ofrelay.c ~ switchd.h > Disable write events if there is nothing to write. (reyk@) - ofp.h ~ Makefile ~ ofcconn.c ~ ofp.c ~ ofp10.c ~ ofp10.h ~ ofp13.c ~ switchd.h > Remove local copy of ofp.h and use net/ofp.h instead (reyk@) tftpd ~ tftpd.c > Exit early from rdaemon() is the passed fd is invalid. > fd == -1 check suggested by deraadt@, ok florian@ (jca@) traceroute ~ traceroute.c > Drop privileges to newly added _traceroute user/group. > It does not buy us much when called as a unpriv user. But if run as > root we can now lose privileges. > Input deraadt@ > OK benno@, sthen@ (florian@) ~ traceroute.c > Always do the setgroups, setresgid and setresuid even if if the > unprivileged user is not present instead of erroring out. This lets > ping and traceroute work in restricted enviornments like the bgplg > chroot. > Problem reported by sthen@ > input & prodding deraadt@ (florian@) trpt ~ trpt.8 > Document the dependency on sysctl kern.allowkmem > ok tb (deraadt@) vmd ~ config.c ~ control.c ~ proc.c ~ proc.h ~ vmd.c ~ vmd.h ~ vmm.c > Implement fork+exec for vmd, using the same framework from httpd etc. > No objections from mlarkin@ sunil@ (reyk@) =============================================================================== _______________________________________________ owc mailing list [email protected] http://www.squish.net/mailman/listinfo/owc
