[odc] Daily src changes for 2004-06-10
ODC
auto at squish.net
Fri Jun 11 08:00:40 BST 2004
OpenBSD src changes summary for 2004-06-10
==========================================
gnu/egcs lib/libc
sbin/isakmpd sbin/pfctl
sys/arch/alpha/include sys/arch/hppa/hppa
sys/arch/hppa/include sys/arch/i386/i386
sys/arch/i386/include sys/arch/i386/isa
sys/arch/i386/pci sys/arch/m88k/include
sys/arch/mvme88k/dev sys/arch/powerpc/include
sys/arch/vax/include sys/dev/usb
sys/kern sys/net
sys/netinet sys/sys
sys/uvm usr.sbin/httpd
== gnu =============================================================== 01/05 ==
http://www.openbsd.org/cgi-bin/cvsweb/src/gnu
egcs
~ gcc/toplev.c
> Typos in option descriptions; fixed in gcc 3. (miod@)
== lib =============================================================== 02/05 ==
http://www.openbsd.org/cgi-bin/cvsweb/src/lib
libc
~ arch/hppa/sys/cerror.S
> include whole SYS.h instead of just machine/asm.h (mickey@)
== sbin ============================================================== 03/05 ==
http://www.openbsd.org/cgi-bin/cvsweb/src/sbin
isakmpd
~ ike_phase_1.c ~ ike_quick_mode.c
~ ipsec.c ~ message.c
~ message.h
> Mark authenticated messages explicitly. Better check for authentication
> before
> deleteing SAs.
> This fix is needed to solve the problems reported by Thomas Walpuski,
> previous
> diff was not sufficient. Pointed out by Thomas. Thanks!
> ok ho@ niklas@, testing and spellcheck by todd@ msf@ (hshoexer@)
pfctl
~ parse.y ~ pfctl_parser.c
> rename struct pf_rule_addr member 'not' to 'neg', as 'not' is a reserved
> keyword in C++. ok henning@, cedric@ (dhartmei@)
~ Makefile
> Work around an uncovered gcc problem on m88k until it receives proper cure.
> (miod@)
== sys =============================================================== 04/05 ==
http://www.openbsd.org/cgi-bin/cvsweb/src/sys
arch/alpha/include
~ pmap.h
TAGGED SMP
> sync with head, make i386 __HAVE_CPUINFO (niklas@)
arch/hppa/hppa
~ genassym.cf ~ locore.S
~ pmap.c ~ vm_machdep.c
TAGGED SMP
> sync with head, make i386 __HAVE_CPUINFO (niklas@)
~ trap.c
TAGGED SMP
> Generate SIGTRAP for breakpoint instructions.
> ok mickey@ (kettenis@)
arch/hppa/include
~ pcb.h ~ pmap.h
TAGGED SMP
> sync with head, make i386 __HAVE_CPUINFO (niklas@)
arch/i386/i386
~ locore.s ~ machdep.c
~ trap.c
TAGGED SMP
> sync with head, make i386 __HAVE_CPUINFO (niklas@)
~ ioapic.c
TAGGED SMP
> crazy indent (deraadt@)
~ apic.c ~ mpbios.c
TAGGED SMP
> Our %b can't handle new netbsd format, so just use %x for now. (grange@)
~ machdep.c
TAGGED SMP
> Don't install F00F workaround twice, should fix pb's machine.
> Idea from mickey.
> ok deraadt@ (grange@)
arch/i386/include
~ cpu.h ~ intr.h
~ pcb.h ~ types.h
TAGGED SMP
> sync with head, make i386 __HAVE_CPUINFO (niklas@)
arch/i386/isa
~ icu.s
TAGGED SMP
> sync with head, make i386 __HAVE_CPUINFO (niklas@)
arch/i386/pci
~ elan520.c
TAGGED SMP
> sync with head, make i386 __HAVE_CPUINFO (niklas@)
arch/m88k/include
~ va-m88k.h
TAGGED SMP
> sync with head, make i386 __HAVE_CPUINFO (niklas@)
arch/mvme88k/dev
~ vs.c
> Fix a logic error in sglist creation. (miod@)
arch/powerpc/include
~ pmap.h
TAGGED SMP
> sync with head, make i386 __HAVE_CPUINFO (niklas@)
arch/vax/include
~ pmap.h
TAGGED SMP
> sync with head, make i386 __HAVE_CPUINFO (niklas@)
dev/usb
~ uhub.c
> From FreeBSD (via rees at umich.edud nate)
> Initialise `restartcnt' in the newly malloc'd usbd_port structure,
> as otherwise the junk it contains may cause uhub_explore to give
> up without ever trying to restart the port. This fixes the following
> errors I was seeing with a VIA UHCI controller:
> uhub0: port error, restarting port 1
> uhub0: port error, giving up port 1 (pvalchev@)
kern
~ init_main.c ~ kern_clock.c
~ kern_fork.c ~ kern_ktrace.c
~ kern_subr.c ~ kern_synch.c
~ kern_sysctl.c ~ kern_time.c
~ vfs_default.c
TAGGED SMP
> sync with head, make i386 __HAVE_CPUINFO (niklas@)
~ kern_synch.c
TAGGED SMP
> Typo in merge. (art@)
net
~ pfvar.h ~ pf.c
~ pf_ioctl.c ~ pf_norm.c
> rename struct pf_rule_addr member 'not' to 'neg', as 'not' is a reserved
> keyword in C++. ok henning@, cedric@ (dhartmei@)
netinet
~ ip_carp.c
> Plug a memory leak in carp_clone_destroy()
> From Patrick Latifi (mcbride@)
~ ip_carp.c
> zero the cif struct correctly. (mcbride@)
sys
~ kernel.h ~ proc.h
~ sched.h
TAGGED SMP
> sync with head, make i386 __HAVE_CPUINFO (niklas@)
~ proc.h
TAGGED SMP
> a reminder: sparc64 says you CANNOT DO THIS. This stuff is needed because
> of how something in sparc64 works. Run anything relating to this via me,
> until you grok it. (deraadt@)
uvm
~ uvm_km.c
TAGGED SMP
> sync with head, make i386 __HAVE_CPUINFO (niklas@)
== usr.sbin ========================================================== 05/05 ==
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin
httpd
~ src/include/http_core.h ~ src/main/http_core.c
~ src/main/http_protocol.c ~ src/modules/standard/mod_digest.c
TAGGED OPENBSD_3_5
> MFC:
> Fix by brad@
> mod_digest for Apache does not properly verify the nonce of a client
> response
> by using a AuthNonce secret.
> CAN-2003-0987 (brad@)
~ src/include/httpd.h ~ src/main/http_log.c
~ src/main/util.c
TAGGED OPENBSD_3_5
> MFC:
> Fix by brad@
> Apache does not filter terminal escape sequences from its error logs, which
> could make it easier for attackers to insert those sequences into terminal
> emulators containing vulnerabilities related to escape sequences.
> CAN-2003-0020 (brad@)
~ src/include/httpd.h ~ src/main/http_log.c
~ src/main/util.c
TAGGED OPENBSD_3_4
> MFC:
> Fix by brad@
> Apache does not filter terminal escape sequences from its error logs, which
> could make it easier for attackers to insert those sequences into terminal
> emulators containing vulnerabilities related to escape sequences.
> CAN-2003-0020 (brad@)
~ src/include/http_core.h ~ src/main/http_core.c
~ src/main/http_protocol.c ~ src/modules/standard/mod_digest.c
TAGGED OPENBSD_3_4
> MFC:
> Fix by brad@
> mod_digest for Apache does not properly verify the nonce of a client
> response
> by using a AuthNonce secret.
> CAN-2003-0987 (brad@)
~ src/modules/ssl/mod_ssl.h ~ src/modules/ssl/ssl_engine_kernel.c
~ src/modules/ssl/ssl_util.c
TAGGED OPENBSD_3_4
> get changes from mod_ssl 2.8.18:
> *) Fix buffer overflow in "SSLOptions +FakeBasicAuth" implementation
> if the Subject-DN in the client certificate exceeds 6KB in length.
> (CVE CAN-2004-0488).
> *) Handle the case of OpenSSL retry requests after interrupted system
> calls during the SSL handshake phase.
> *) Remove some unused functions. (henning@)
~ src/modules/proxy/proxy_http.c
TAGGED OPENBSD_3_4
> SECURITY: CAN-2004-0492 (cve.mitre.org)
> Reject responses from a remote server if sent an invalid (negative)
> Content-Length. [Mark Cox] (henning@)
===============================================================================
More information about the odc
mailing list