[odc] Daily src changes for 2004-06-10

ODC auto at squish.net
Fri Jun 11 08:00:40 BST 2004


OpenBSD src changes summary for 2004-06-10
==========================================

gnu/egcs                                lib/libc
sbin/isakmpd                            sbin/pfctl
sys/arch/alpha/include                  sys/arch/hppa/hppa
sys/arch/hppa/include                   sys/arch/i386/i386
sys/arch/i386/include                   sys/arch/i386/isa
sys/arch/i386/pci                       sys/arch/m88k/include
sys/arch/mvme88k/dev                    sys/arch/powerpc/include
sys/arch/vax/include                    sys/dev/usb
sys/kern                                sys/net
sys/netinet                             sys/sys
sys/uvm                                 usr.sbin/httpd

== gnu =============================================================== 01/05 ==

  http://www.openbsd.org/cgi-bin/cvsweb/src/gnu

egcs

  ~ gcc/toplev.c                          

  > Typos in option descriptions; fixed in gcc 3. (miod@)

== lib =============================================================== 02/05 ==

  http://www.openbsd.org/cgi-bin/cvsweb/src/lib

libc

  ~ arch/hppa/sys/cerror.S                

  > include whole SYS.h instead of just machine/asm.h (mickey@)

== sbin ============================================================== 03/05 ==

  http://www.openbsd.org/cgi-bin/cvsweb/src/sbin

isakmpd

  ~ ike_phase_1.c                         ~ ike_quick_mode.c
  ~ ipsec.c                               ~ message.c
  ~ message.h                             

  > Mark authenticated messages explicitly.  Better check for authentication
  > before
  > deleteing SAs.
  > This fix is needed to solve the problems reported by Thomas Walpuski,
  > previous
  > diff was not sufficient.  Pointed out by Thomas.  Thanks!
  > ok ho@ niklas@, testing and spellcheck by todd@ msf@ (hshoexer@)

pfctl

  ~ parse.y                               ~ pfctl_parser.c

  > rename struct pf_rule_addr member 'not' to 'neg', as 'not' is a reserved
  > keyword in C++. ok henning@, cedric@ (dhartmei@)

  ~ Makefile                              

  > Work around an uncovered gcc problem on m88k until it receives proper cure.
  > (miod@)

== sys =============================================================== 04/05 ==

  http://www.openbsd.org/cgi-bin/cvsweb/src/sys

arch/alpha/include

  ~ pmap.h                                

  TAGGED SMP
  > sync with head, make i386 __HAVE_CPUINFO (niklas@)

arch/hppa/hppa

  ~ genassym.cf                           ~ locore.S
  ~ pmap.c                                ~ vm_machdep.c

  TAGGED SMP
  > sync with head, make i386 __HAVE_CPUINFO (niklas@)

  ~ trap.c                                

  TAGGED SMP
  > Generate SIGTRAP for breakpoint instructions.
  > ok mickey@ (kettenis@)

arch/hppa/include

  ~ pcb.h                                 ~ pmap.h

  TAGGED SMP
  > sync with head, make i386 __HAVE_CPUINFO (niklas@)

arch/i386/i386

  ~ locore.s                              ~ machdep.c
  ~ trap.c                                

  TAGGED SMP
  > sync with head, make i386 __HAVE_CPUINFO (niklas@)

  ~ ioapic.c                              

  TAGGED SMP
  > crazy indent (deraadt@)

  ~ apic.c                                ~ mpbios.c

  TAGGED SMP
  > Our %b can't handle new netbsd format, so just use %x for now. (grange@)

  ~ machdep.c                             

  TAGGED SMP
  > Don't install F00F workaround twice, should fix pb's machine.
  > Idea from mickey.
  > ok deraadt@ (grange@)

arch/i386/include

  ~ cpu.h                                 ~ intr.h
  ~ pcb.h                                 ~ types.h

  TAGGED SMP
  > sync with head, make i386 __HAVE_CPUINFO (niklas@)

arch/i386/isa

  ~ icu.s                                 

  TAGGED SMP
  > sync with head, make i386 __HAVE_CPUINFO (niklas@)

arch/i386/pci

  ~ elan520.c                             

  TAGGED SMP
  > sync with head, make i386 __HAVE_CPUINFO (niklas@)

arch/m88k/include

  ~ va-m88k.h                             

  TAGGED SMP
  > sync with head, make i386 __HAVE_CPUINFO (niklas@)

arch/mvme88k/dev

  ~ vs.c                                  

  > Fix a logic error in sglist creation. (miod@)

arch/powerpc/include

  ~ pmap.h                                

  TAGGED SMP
  > sync with head, make i386 __HAVE_CPUINFO (niklas@)

arch/vax/include

  ~ pmap.h                                

  TAGGED SMP
  > sync with head, make i386 __HAVE_CPUINFO (niklas@)

dev/usb

  ~ uhub.c                                

  > From FreeBSD (via rees at umich.edud nate)
  > Initialise `restartcnt' in the newly malloc'd usbd_port structure,
  > as otherwise the junk it contains may cause uhub_explore to give
  > up without ever trying to restart the port. This fixes the following
  > errors I was seeing with a VIA UHCI controller:
  > uhub0: port error, restarting port 1
  > uhub0: port error, giving up port 1 (pvalchev@)

kern

  ~ init_main.c                           ~ kern_clock.c
  ~ kern_fork.c                           ~ kern_ktrace.c
  ~ kern_subr.c                           ~ kern_synch.c
  ~ kern_sysctl.c                         ~ kern_time.c
  ~ vfs_default.c                         

  TAGGED SMP
  > sync with head, make i386 __HAVE_CPUINFO (niklas@)

  ~ kern_synch.c                          

  TAGGED SMP
  > Typo in merge. (art@)

net

  ~ pfvar.h                               ~ pf.c
  ~ pf_ioctl.c                            ~ pf_norm.c

  > rename struct pf_rule_addr member 'not' to 'neg', as 'not' is a reserved
  > keyword in C++. ok henning@, cedric@ (dhartmei@)

netinet

  ~ ip_carp.c                             

  > Plug a memory leak in carp_clone_destroy()
  > From Patrick Latifi (mcbride@)

  ~ ip_carp.c                             

  > zero the cif struct correctly. (mcbride@)

sys

  ~ kernel.h                              ~ proc.h
  ~ sched.h                               

  TAGGED SMP
  > sync with head, make i386 __HAVE_CPUINFO (niklas@)

  ~ proc.h                                

  TAGGED SMP
  > a reminder: sparc64 says you CANNOT DO THIS.  This stuff is needed because
  > of how something in sparc64 works.	Run anything relating to this via me,
  > until you grok it. (deraadt@)

uvm

  ~ uvm_km.c                              

  TAGGED SMP
  > sync with head, make i386 __HAVE_CPUINFO (niklas@)

== usr.sbin ========================================================== 05/05 ==

  http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin

httpd

  ~ src/include/http_core.h               ~ src/main/http_core.c
  ~ src/main/http_protocol.c              ~ src/modules/standard/mod_digest.c

  TAGGED OPENBSD_3_5
  > MFC:
  > Fix by brad@
  > mod_digest for Apache does not properly verify the nonce of a client
  > response
  > by using a AuthNonce secret.
  > CAN-2003-0987 (brad@)

  ~ src/include/httpd.h                   ~ src/main/http_log.c
  ~ src/main/util.c                       

  TAGGED OPENBSD_3_5
  > MFC:
  > Fix by brad@
  > Apache does not filter terminal escape sequences from its error logs, which
  > could make it easier for attackers to insert those sequences into terminal
  > emulators containing vulnerabilities related to escape sequences.
  > CAN-2003-0020 (brad@)

  ~ src/include/httpd.h                   ~ src/main/http_log.c
  ~ src/main/util.c                       

  TAGGED OPENBSD_3_4
  > MFC:
  > Fix by brad@
  > Apache does not filter terminal escape sequences from its error logs, which
  > could make it easier for attackers to insert those sequences into terminal
  > emulators containing vulnerabilities related to escape sequences.
  > CAN-2003-0020 (brad@)

  ~ src/include/http_core.h               ~ src/main/http_core.c
  ~ src/main/http_protocol.c              ~ src/modules/standard/mod_digest.c

  TAGGED OPENBSD_3_4
  > MFC:
  > Fix by brad@
  > mod_digest for Apache does not properly verify the nonce of a client
  > response
  > by using a AuthNonce secret.
  > CAN-2003-0987 (brad@)

  ~ src/modules/ssl/mod_ssl.h             ~ src/modules/ssl/ssl_engine_kernel.c
  ~ src/modules/ssl/ssl_util.c            

  TAGGED OPENBSD_3_4
  > get changes from mod_ssl 2.8.18:
  > *) Fix buffer overflow in "SSLOptions +FakeBasicAuth" implementation
  > if the Subject-DN in the client certificate exceeds 6KB in length.
  > (CVE CAN-2004-0488).
  > *) Handle the case of OpenSSL retry requests after interrupted system
  > calls during the SSL handshake phase.
  > *) Remove some unused functions. (henning@)

  ~ src/modules/proxy/proxy_http.c        

  TAGGED OPENBSD_3_4
  > SECURITY: CAN-2004-0492 (cve.mitre.org)
  > Reject responses from a remote server if sent an invalid (negative)
  > Content-Length.  [Mark Cox] (henning@)

===============================================================================



More information about the odc mailing list