[odc] Daily src changes for 2002-07-30
ODC
auto at squish.net
Wed Jul 31 08:00:16 BST 2002
OpenBSD src changes summary for 2002-07-30
==========================================
bin/systrace distrib/notes
games/backgammon games/wump
lib/libc lib/libssl
libexec/ld.so libexec/tcpd
regress/sbin sbin/pfctl
share/man sys/arch/alpha/include
sys/arch/hppa/include sys/arch/i386/include
sys/arch/m68k/include sys/arch/mvme88k/include
sys/arch/powerpc/include sys/arch/sparc/include
sys/arch/sparc64/dev sys/arch/sparc64/include
sys/arch/vax/include sys/dev
sys/dev/sbus sys/kern
sys/net sys/netinet
sys/netinet6 sys/nfs
usr.bin/ssh usr.sbin/httpd
usr.sbin/named usr.sbin/pppd
usr.sbin/rdate
== bin =============================================================== 01/11 ==
http://www.openbsd.org/cgi-bin/cvsweb/src/bin
systrace
~ intercept.c
> solve a problem with realpath when the last component of the path is
> a directory without S_IXUSR; tested by me and dugsong.
~ parse.y
> extern decls should be outside of function.
~ parse.y
> include filter.h, dont' duplicate prototype
~ lex.l
> sync prototype for yyerror().
~ alias.c ~ systrace.c
> SPLAY_INSERT is a void function
~ alias.c
> oops, i've been looking at older tree.h
~ register.c ~ systrace-translate.c
~ systrace.h
> avoid using same variable name for global and auto variable.
~ openbsd-syscalls.c
> sync function decl and prototype (static-ness)
~ intercept.c
> sometimes no-return syscalls (execve) emit errno < 0. ignore them.
~ systrace.1
> use Nm
~ systrace.1
> obey section order to mandoc. sync with netbsd.
== distrib =========================================================== 02/11 ==
http://www.openbsd.org/cgi-bin/cvsweb/src/distrib
notes
~ sparc64/hardware
> Mention PGX and PGX24 here too.
== games ============================================================= 03/11 ==
http://www.openbsd.org/cgi-bin/cvsweb/src/games
backgammon
~ common_source/back.h ~ common_source/init.c
~ common_source/table.c
> Kill buffer overflow.
+ backgammon/pubeval.c ~ backgammon/Makefile
~ backgammon/backgammon.6 ~ backgammon/backlocal.h
~ backgammon/move.c
> Replace the "blows chunks" algorithm with pubeval, a public domain algorith
> m
> which plays an acceptable, if not optimal, game. pubeval author approves.
wump
~ wump.c
> ansi wump, plus a more accurate comment
== lib =============================================================== 04/11 ==
http://www.openbsd.org/cgi-bin/cvsweb/src/lib
libc
~ stdlib/calloc.c
> return failure if integer overflow happens. sigh; too people had to
> help get this right.
~ gen/exec.c
> be even more careful with strlcpy()
~ net/gethostnamadr.c
> more strlcpy; itojun ok
~ rpc/xdr_array.c
TAGGED OPENBSD_3_0
> Errata #029 (deraadt):
> careful malloc
~ stdlib/calloc.c
TAGGED OPENBSD_3_0
> MFC (deraadt):
> return failure if integer overflow happens. sigh; too people had to
> help get this right.
~ rpc/xdr_array.c
TAGGED OPENBSD_3_1
> Pull in patch from current:
> Fix (deraadt), Errata 012:
> careful malloc
~ stdlib/calloc.c
TAGGED OPENBSD_3_1
> Pull in patch from current:
> Fix (deraadt):
> return failure if integer overflow happens. sigh; too people had to
> help get this right.
~ gen/scandir.c ~ gen/opendir.c
TAGGED OPENBSD_3_1
> malloc paranoia; it is unlikely that any filesystem will support
> enough directory entries to cause a problem but it is good form anyway.
> deraadt@ OK.
libssl
~ src/CHANGES ~ src/crypto/cryptlib.h
~ src/crypto/asn1/asn1_lib.c ~ src/crypto/conf/conf_def.c
~ src/crypto/objects/obj_dat.c ~ src/ssl/s2_clnt.c
~ src/ssl/s2_lib.c ~ src/ssl/s2_srvr.c
~ src/ssl/s3_clnt.c ~ src/ssl/s3_srvr.c
~ src/ssl/ssl.h ~ src/ssl/ssl_asn1.c
~ src/ssl/ssl_err.c ~ src/ssl/ssl_lib.c
~ src/ssl/ssl_locl.h ~ src/ssl/ssl_sess.c
TAGGED OPENBSD_3_0
> Errata #030 (markus):
> Fixes for the "OpenSSL Security Advisory [30 July 2002]"
~ src/CHANGES ~ src/crypto/cryptlib.h
~ src/crypto/asn1/asn1_lib.c ~ src/crypto/conf/conf_def.c
~ src/crypto/objects/obj_dat.c ~ src/ssl/s2_clnt.c
~ src/ssl/s2_lib.c ~ src/ssl/s2_srvr.c
~ src/ssl/s3_clnt.c ~ src/ssl/s3_srvr.c
~ src/ssl/ssl.h ~ src/ssl/ssl_asn1.c
~ src/ssl/ssl_err.c ~ src/ssl/ssl_lib.c
~ src/ssl/ssl_locl.h ~ src/ssl/ssl_sess.c
~ ssl/Makefile
TAGGED OPENBSD_3_0
> apply patches from OpenSSL Security Advisory [30 July 2002],
> http://marc.theaimsgroup.com/?l=openssl-dev&m=102802395104110&w=2
~ src/CHANGES ~ src/crypto/cryptlib.h
~ src/crypto/asn1/asn1_lib.c ~ src/crypto/conf/conf_def.c
~ src/crypto/objects/obj_dat.c ~ src/ssl/s2_clnt.c
~ src/ssl/s2_lib.c ~ src/ssl/s2_srvr.c
~ src/ssl/s3_clnt.c ~ src/ssl/s3_srvr.c
~ src/ssl/ssl.h ~ src/ssl/ssl_asn1.c
~ src/ssl/ssl_err.c ~ src/ssl/ssl_lib.c
~ src/ssl/ssl_locl.h ~ src/ssl/ssl_sess.c
TAGGED OPENBSD_3_1
> Pull in patch from current:
> Fix (markus), errata 013:
> apply patches from OpenSSL Security Advisory [30 July 2002],
> http://marc.theaimsgroup.com/?l=openssl-dev&m=102802395104110&w=2
~ src/crypto/conf/conf_mod.c ~ src/crypto/engine/hw_cswift.c
~ src/ssl/s3_clnt.c ~ src/ssl/s3_srvr.c
TAGGED OPENBSD_3_1
> sync with http://www.openssl.org/news/patch_20020730_0_9_7.txt
> (adds fix for unused kerberos and engine code, and some more
> assertions, as well as a 64bit integer string fix for conf_mod.c)
== libexec =========================================================== 05/11 ==
http://www.openbsd.org/cgi-bin/cvsweb/src/libexec
ld.so
~ ldconfig/ldconfig.c ~ ldconfig/shlib.c
> knf & ansi
tcpd
~ tcpd/tcpd.c ~ tcpdchk/inetcf.c
~ tcpdchk/scaffold.c ~ tcpdchk/tcpdchk.c
> some snprintf and strlcpy
== regress =========================================================== 06/11 ==
http://www.openbsd.org/cgi-bin/cvsweb/src/regress
sbin
~ pfctl/pf3.in ~ pfctl/pf3.ok
> positive regression test for flag handling
+ pfctl/pfail13.in ~ pfctl/Makefile
> negative regression test for flags handling
== sbin ============================================================== 07/11 ==
http://www.openbsd.org/cgi-bin/cvsweb/src/sbin
pfctl
~ parse.y
> allow to specify flags on all rules that include tcp.
> these are valid:
> pass in from any to any flags S
> pass in proto { tcp, udp, icmp } from any to any flags S
> pass in proto tcp from any to any flags S
> these are invalid:
> pass in proto { udp, icmp } from any to any flags S
> pass in proto udp from any to any flags S
> ok "I've lost my slacker status for at least a week" frantzen@
> ok pb@, dhartmei@, deraadt@
~ parse.y
> grmpf.
> in some cases, on non-tcp rules flags weren't resetted. cosmetical only
> problem. but, well, checking for r->flags and r->flagset if we could have
> assigned them zero just one round ago is just stupid, and it's not needed t
> o
> check them at all.
> ok pb@, dhartmei@
== share ============================================================= 08/11 ==
http://www.openbsd.org/cgi-bin/cvsweb/src/share
man
~ man7/securelevel.7
> Clarify time handling at securelevel 2. Idea from mpech@ ok millert@
~ man5/pf.conf.5
> backout, this will go in in little pieces
> as advised by theo and henning
~ man5/pf.conf.5
> 65335->65535 typo
> henning ok@
~ man5/pf.conf.5
> .Sh GRAMMAR moves to bottom, it's a reference and not readable
> for the casual user in first place
> ok henning@
~ man5/pf.conf.5
> typo/pasto in route-to/dup-to syntax
> ok henning@
~ man5/pf.conf.5
> BNF catchup to reality:
> - set loginterface none
> - add "self" to hosts
> ok henning@
~ man5/pf.conf.5
> Merge filter and nat BNF for simplification:
> - top of reduction is now 'line', better to add more keywords later on
> - reorder, group
> - remove double productions
> ok dhartmei@, henning@
~ man5/pf.conf.5
> BNF catchup and consolidation of interface name handling:
> ok henning@, dhartmei@
~ man5/pf.conf.5
> BNF is now in sync with reality:
> - commas are optional in lists
> ok henning@, dhartmei@
~ man4/man4.sparc64/creator.4 ~ man4/man4.sparc64/cgsix.4
> add docs for flags to disable console acceleration
== sys =============================================================== 09/11 ==
http://www.openbsd.org/cgi-bin/cvsweb/src/sys
arch/alpha/include
~ limits.h
> Add SIZE_MAX define. This is the same as SIZE_T_MAX but more portable.
> The only OSes I've seen that use SIZE_T_MAX are 4.4BSD-derived whereas
> SYSV things seem to use SIZE_MAX. It is also consistent with SSIZE_MAX
> (which we already have). deraadt@ OK
arch/hppa/include
~ limits.h
> Add SIZE_MAX define. This is the same as SIZE_T_MAX but more portable.
> The only OSes I've seen that use SIZE_T_MAX are 4.4BSD-derived whereas
> SYSV things seem to use SIZE_MAX. It is also consistent with SSIZE_MAX
> (which we already have). deraadt@ OK
arch/i386/include
~ limits.h
> Add SIZE_MAX define. This is the same as SIZE_T_MAX but more portable.
> The only OSes I've seen that use SIZE_T_MAX are 4.4BSD-derived whereas
> SYSV things seem to use SIZE_MAX. It is also consistent with SSIZE_MAX
> (which we already have). deraadt@ OK
arch/m68k/include
~ limits.h
> Add SIZE_MAX define. This is the same as SIZE_T_MAX but more portable.
> The only OSes I've seen that use SIZE_T_MAX are 4.4BSD-derived whereas
> SYSV things seem to use SIZE_MAX. It is also consistent with SSIZE_MAX
> (which we already have). deraadt@ OK
arch/mvme88k/include
~ limits.h
> Add SIZE_MAX define. This is the same as SIZE_T_MAX but more portable.
> The only OSes I've seen that use SIZE_T_MAX are 4.4BSD-derived whereas
> SYSV things seem to use SIZE_MAX. It is also consistent with SSIZE_MAX
> (which we already have). deraadt@ OK
arch/powerpc/include
~ limits.h
> Add SIZE_MAX define. This is the same as SIZE_T_MAX but more portable.
> The only OSes I've seen that use SIZE_T_MAX are 4.4BSD-derived whereas
> SYSV things seem to use SIZE_MAX. It is also consistent with SSIZE_MAX
> (which we already have). deraadt@ OK
arch/sparc/include
~ limits.h
> Add SIZE_MAX define. This is the same as SIZE_T_MAX but more portable.
> The only OSes I've seen that use SIZE_T_MAX are 4.4BSD-derived whereas
> SYSV things seem to use SIZE_MAX. It is also consistent with SSIZE_MAX
> (which we already have). deraadt@ OK
arch/sparc64/dev
~ vgafb.c
> simplify vgafb_mmap()
~ creator.c ~ creatorvar.h
> allow cf_flags to determine whether console acceleration should be used (de
> faults to yes)
arch/sparc64/include
~ limits.h
> Add SIZE_MAX define. This is the same as SIZE_T_MAX but more portable.
> The only OSes I've seen that use SIZE_T_MAX are 4.4BSD-derived whereas
> SYSV things seem to use SIZE_MAX. It is also consistent with SSIZE_MAX
> (which we already have). deraadt@ OK
arch/vax/include
~ limits.h
> Add SIZE_MAX define. This is the same as SIZE_T_MAX but more portable.
> The only OSes I've seen that use SIZE_T_MAX are 4.4BSD-derived whereas
> SYSV things seem to use SIZE_MAX. It is also consistent with SSIZE_MAX
> (which we already have). deraadt@ OK
dev
~ systrace.c
> whitespace at EOL
~ systrace.c
> minor KNF. pid_t is unsigned.
dev/sbus
~ cgthree.c
> handle dumbfb and mapped mode requests differently
~ cgsix.c ~ cgsixreg.h
> - Allow disabling of console acceleration with cf_flags
> - handle native and dumb mappings separately
~ cgsix.c ~ cgsixreg.h
> - Whoops, I had the mode mask and value bits backwards
> - make sure FBC_MODE is reset when switching back to WSDISPLAYIO_MODE_EMUL
kern
~ tty.c
> Release sessions to avoid memory leak. From NetBSD. ok deraadt@
net
~ if_strip.c
> no need for check if m0 is NULL, as we have touched it already.
> From: tedu <grendel at zeitbombe.org
netinet
~ ip_esp.c
> Be sure to check the integrity verifier for packets that didn't have it don
> e
> in hardware; from angelos
netinet6
~ icmp6.c ~ nd6_rtr.c
> remove unneeded NULL pointer checks.
> From: tedu <grendel at zeitbombe.org
nfs
~ nfs_socket.c
> Bug/type found by tedu
== usr.bin =========================================================== 10/11 ==
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin
ssh
~ auth-options.c ~ servconf.c
~ servconf.h ~ session.c
~ sshd_config ~ sshd_config.5
> add PermitUserEnvironment (off by default!); from dot at dotat.atk provos,
> deraadt
== usr.sbin ========================================================== 11/11 ==
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin
httpd
~ src/modules/standard/mod_rewrite.c
> two more strip_chroot
> found by Steph <sengel at melshake.comwho also tested this.
> I'm very happy with the way you help here. Thanks a lot.
~ src/modules/proxy/mod_proxy.c
> strip_chroot here as well.
> pointed out by sengel at melshake dot com
named
~ named/storage.c
> for the disabled DSTORAGE option, fix the local calloc() here in the same w
> ay as libc; eugene at securityarchitects.com
pppd
~ main.c
TAGGED OPENBSD_3_0
> Errata #028 (millert):
> Replace an instance of chmod() with fchmod()
~ main.c
TAGGED OPENBSD_3_1
> Pull in patch from current:
> Fix (millert), errata 011:
> Replace an instance of chmod() with fchmod()
rdate
~ ntpleaps.c
> knf
===============================================================================
More information about the odc
mailing list