[odc] Daily src changes for 2005-04-13

ODC auto at squish.net
Thu Apr 14 08:00:30 BST 2005


OpenBSD src changes summary for 2005-04-13
==========================================

bin/ksh                                 distrib/miniroot
distrib/sets                            etc/Makefile
etc/ftpusers                            etc/group
etc/hostapd.conf                        etc/mail/aliases
etc/master.passwd                       games/hangman
games/tetris                            lib/libc
lib/libevent                            libexec/lockspool
libexec/login_krb5                      libexec/uucpd
sbin/scsi                               sbin/sysctl
share/man                               sys/arch/arm/xscale
sys/arch/hppa64/include                 sys/arch/zaurus/dev
sys/arch/zaurus/stand/zboot             sys/dev/usb
usr.bin/bc                              usr.bin/cal
usr.bin/cvs                             usr.bin/make
usr.bin/mg                              usr.bin/oldrdist
usr.bin/talk                            usr.bin/top
usr.bin/vgrind                          usr.bin/window
usr.sbin                                usr.sbin/bgpctl
usr.sbin/bgpd                           usr.sbin/hostapd
usr.sbin/popa3d                         usr.sbin/user

== bin =============================================================== 01/11 ==

  http://www.openbsd.org/cgi-bin/cvsweb/src/bin

ksh

  ~ edit.c                                

  > use STD{IN,OUT,ERR}_FILENO (deraadt@)

== distrib =========================================================== 02/11 ==

  http://www.openbsd.org/cgi-bin/cvsweb/src/distrib

miniroot

  ~ install.sub                           

  > Allow any valid kbd(8) mapping to be specified (e.g. us.dvorak). Be
  > more terse both in prompts and output. Show list of major tables only
  > on request. Problem noted by Matt Jibson.
  > ok deraadt@ (krw@)

  ~ install.sub                           

  > Only show sets locations that might work. e.g. no /sbin/nfs == don't
  > offer nfs as a location. Eliminate (m)ounted source in favour of an
  > extra question for disk sources. Bit of cleanup and overall shrinkage.
  > ok deraadt@ miod@ (krw@)

  ~ install.sub                           

  > Display 'none' as v6 default address when no v6 address is detected.
  > Tighten some code. (krw@)

  ~ dhclient.conf                         

  > spacing (deraadt@)

  ~ install.sub                           

  > spacing (deraadt@)

  ~ install.sub                           

  > Tweak set source option testing. Don't offer nfs if no active interface
  > is found - even if /sbin/mount_nfs is present. (krw@)

sets

  ~ lists/base/mi                         ~ lists/etc/mi
  ~ lists/man/mi                          

  > sync (deraadt@)

== etc =============================================================== 03/11 ==

  http://www.openbsd.org/cgi-bin/cvsweb/src/etc

Makefile

  ~ Makefile                              

  > sample hostapd.conf from reyk, to be tweaked (henning@)

ftpusers

  ~ ftpusers                              

  > say hi to _hostapd (henning@)

group

  ~ group                                 

  > say hi to _hostapd (henning@)

hostapd.conf

  + hostapd.conf                          

  > sample hostapd.conf from reyk, to be tweaked (henning@)

mail/aliases

  ~ mail/aliases                          

  > say hi to _hostapd (henning@)

master.passwd

  ~ master.passwd                         

  > say hi to _hostapd (henning@)

== games ============================================================= 04/11 ==

  http://www.openbsd.org/cgi-bin/cvsweb/src/games

hangman

  ~ getguess.c                            

  > use STD{IN,OUT,ERR}_FILENO (deraadt@)

tetris

  ~ input.c                               

  > use STD{IN,OUT,ERR}_FILENO (deraadt@)

== lib =============================================================== 05/11 ==

  http://www.openbsd.org/cgi-bin/cvsweb/src/lib

libc

  + string/wcscat.c                       + string/wcschr.c
  + string/wcscmp.c                       + string/wcscpy.c
  + string/wcscspn.c                      + string/wcslcat.c
  + string/wcslcpy.c                      + string/wcslen.c
  + string/wcsncat.c                      + string/wcsncmp.c
  + string/wcsncpy.c                      + string/wcspbrk.c
  + string/wcsrchr.c                      + string/wcsspn.c
  + string/wcsstr.c                       + string/wcstok.3
  + string/wcstok.c                       + string/wcswcs.c
  + string/wcswidth.c                     + string/wmemchr.3
  + string/wmemchr.c                      + string/wmemcmp.c
  + string/wmemcpy.c                      + string/wmemmove.c
  + string/wmemset.c                      

  > Import w* functions so that I can send smaller diffs around.
  > (Nothing activated yet, of course)
  > okay deraadt@ (espie@)

  ~ string/wcstok.3                       ~ string/wmemchr.3

  > - our pages do not have a LIBRARY section;
  > - attach rcs id
  > - wording tweak (jmc@)

libevent

  ~ event.3                               ~ event.c

  > use "volatile sig_atomic_t" types instead of "int" for signal flags.
  > ok deraadt@ henning@ provos (reyk@)

== libexec =========================================================== 06/11 ==

  http://www.openbsd.org/cgi-bin/cvsweb/src/libexec

lockspool

  ~ lockspool.c                           

  > use STD{IN,OUT,ERR}_FILENO (deraadt@)

login_krb5

  ~ login_krb5.c                          

  > Do as login_krb5-or-pwd(8) says: "When root tries to login,
  > login_krb5-or-pwd skips KerberosV authentication,"
  > ok beck@ some time ago (biorn@)

uucpd

  ~ uucpd.c                               

  > use STD{IN,OUT,ERR}_FILENO (deraadt@)

== sbin ============================================================== 07/11 ==

  http://www.openbsd.org/cgi-bin/cvsweb/src/sbin

scsi

  ~ scsi.c                                

  > use STD{IN,OUT,ERR}_FILENO (deraadt@)

sysctl

  ~ sysctl.c                              

  > avoid variable aliasing (deraadt@)

== share ============================================================= 08/11 ==

  http://www.openbsd.org/cgi-bin/cvsweb/src/share

man

  ~ man4/ath.4                            ~ man4/atu.4
  ~ man4/atw.4                            ~ man4/ipw.4
  ~ man4/ral.4                            ~ man4/ray.4
  ~ man4/rtw.4                            ~ man4/wi.4tbl

  > it is not possible to specify `media' and `-mediaopt' to ifconfig at
  > the same time; just use `media autoselect' in our example how to
  > return nic to default state;
  > found by johan torin;
  > usage confirmed by reyk@ (jmc@)

  ~ man8/vpn.8                            

  > although the example gateway addresses given are private IP addresses, make
  > it
  > clear that this is an example only, and would normally be public addresses;
  > ok hshoexer@ henning@ msf@ (jmc@)

== sys =============================================================== 09/11 ==

  http://www.openbsd.org/cgi-bin/cvsweb/src/sys

arch/arm/xscale

  ~ pxa2x0_apm.c                          ~ pxa2x0_apm.h

  > Call special suspend and resume hooks.  The latter can cancel a resume.
  > (uwe@)

arch/hppa64/include

  ~ vmparam.h                             

  > free STACKGAP_RANDOM commit (mickey@)

arch/zaurus/dev

  ~ zaurus_apm.c                          

  > Resume only if the lid is open and the power key pressed.  Also fix
  > peridic discharging in zapm_poll(). (uwe@)

arch/zaurus/stand/zboot

  ~ compat_linux.h                        ~ unixdev.c
  ~ unixsys.S                             

  > boot when then timeout expires; prodded by drahn@ dlg@ and others (uwe@)

dev/usb

  ~ usbdevs.h                             ~ usbdevs_data.h

  > sync (damien@)

  ~ if_ral.c                              ~ usbdevs

  > New ural devices. Pointed out by Rodolfo Gouveia. (damien@)

== usr.bin =========================================================== 10/11 ==

  http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin

bc

  ~ scan.l                                

  > Always use lex in interactive mode. Makes bc running as a co-process
  > behave. Very, very little performance loss. Spotted by and ok fschg@
  > (otto@)

cal

  ~ cal.c                                 

  > do not trust snprintf return value; ok otto mickey (deraadt@)

cvs

  ~ cmd.c                                 

  > cmd_helper() returns error codes > 0 or 0 on success. (joris@)

  ~ resp.c                                

  > check return values of snprintf() for potential overflows or errors
  > ok xsa@, joris@ (jfb@)

  - cache.c                               

  > dead code.
  > "ditch it" jfb@ (joris@)

  ~ rcs.h                                 

  > cache leftovers (jfb@)

  ~ rcsnum.c                              

  > make rcsnum_tostr() return an empty string if the RCSNUM is NULL (jfb@)

  ~ getlog.c                              

  > cleanup and split the log code into two separate functions for local
  > and remote, and a first stab at the code for local log (jfb@)

  ~ getlog.c                              

  > * accept the -N option to suppress logging of tags
  > * print locks, access entries and description in local mode
  > * cleanup and get rid of unused variables (jfb@)

  ~ annotate.c                            

  > use the option string from the cvs_cmd entry instead of keeping a
  > hardcoded copy
  > ok joris@ (jfb@)

  ~ file.c                                

  > file callbacks won't return -1 anymore, but a CVS_EX_* error
  > ok jfb@ (joris@)

make

  ~ job.c                                 

  > use STD{IN,OUT,ERR}_FILENO (deraadt@)

mg

  ~ ttyio.c                               

  > use STD{IN,OUT,ERR}_FILENO (deraadt@)

oldrdist

  ~ server.c                              

  > use STD{IN,OUT,ERR}_FILENO (deraadt@)

talk

  ~ io.c                                  

  > use STD{IN,OUT,ERR}_FILENO (deraadt@)

top

  ~ display.c                             ~ top.c

  > use STD{IN,OUT,ERR}_FILENO (deraadt@)

vgrind

  ~ vgrindefs.c                           

  > use STDERR_FILENO (deraadt@)

window

  ~ wwrint.c                              

  > use STD{IN,OUT,ERR}_FILENO (deraadt@)

== usr.sbin ========================================================== 11/11 ==

  http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin

usr.sbin

  ~ Makefile                              

  > connect hostapd for reyk, ok theo reyk (henning@)

bgpctl

  ~ bgpctl.c                              

  > Show if a route is rejected or blackholed in show fib output. OK henning@
  > (claudio@)

bgpd

  ~ bgpd.conf.5                           

  > tweak to make this use similar format to ospfd.conf.5 and hostapd.conf.5;
  > (jmc@)

  ~ parse.y                               

  > filter_set cleanup. Plug some memleaks and fix an obvious bug in the
  > network case. OK henning@ (claudio@)

hostapd

  + Makefile                              + apme.c
  + hostapd.8                             + hostapd.c
  + hostapd.conf.5                        + hostapd.h
  + iapp.c                                + llc.c
  + parse.y                               + privsep.c

  > add the initial version of the OpenBSD hostapd daemon
  > ok deraadt@ (reyk@)

  ~ hostapd.8                             

  > add missing comma (reyk@)

  ~ apme.c                                ~ hostapd.c
  ~ iapp.c                                ~ privsep.c

  > KNF (henning@)

  ~ parse.y                               

  > whitespace (henning@)

  ~ hostapd.8                             

  > the ifconfig manpage is in section 8... (reyk@)

  ~ hostapd.h                             

  > KNG (henning@)

  ~ parse.y                               

  > don't lose copyright on the way... reyk ok (henning@)

  ~ hostapd.c                             

  > bzero of bss not needed (deraadt@)

  ~ parse.y                               

  > kill #if 0 crud (henning@)

  ~ privsep.c                             ~ hostapd.conf.5
  ~ hostapd.8                             ~ apme.c

  > spaces (deraadt@)

  ~ hostapd.c                             

  > do not close descriptors before exit (deraadt@)

  ~ hostapd.c                             

  > missing copyrights here as well
  > it is more than fine to re-use our code (please do!), but do not forget our
  > copyright! (henning@)

  ~ hostapd.c                             

  > only fflush STDERR when we actually log to STDERR, reyk ok (henning@)

  ~ privsep.c                             

  > privsep i/o functions are based on atomicio, add copyright notice (reyk@)

  ~ hostapd.8                             

  > various tweaks;
  > ok reyk@ (jmc@)

  ~ hostapd.c                             

  > sync usage() (jmc@)

  ~ hostapd.conf.5                        

  > tweaks; ok reyk@ (jmc@)

  ~ privsep.c                             

  > really abort, when privdrop fails. ok reyk@ (moritz@)

  ~ iapp.c                                ~ llc.c
  ~ privsep.c                             

  > tighten code vertically (deraadt@)

  ~ Makefile                              

  > spacing (deraadt@)

  ~ privsep.c                             

  > set gid before uid (reyk@)

  ~ iapp.c                                ~ privsep.c

  > add some missing arguments, where format strings
  > expect them and a minor comment fix. ok reyk@ (moritz@)

  ~ hostapd.8                             

  > a daemon, not an daemon; (jmc@)

  ~ privsep.c                             ~ hostapd.c

  > un-hack, use event_loopexit()
  > ok henning@ brad@ (reyk@)

popa3d

  ~ protocol.c                            

  > use STD{IN,OUT,ERR}_FILENO (deraadt@)

user

  ~ user.c                                

  > very unlikely overflow.  but sticking to the idiom is important:  thereby,
  > example by example, we teach people how to actually use snprintf.  because
  > it is clear (especially judging by code coming from netbsd hint hint
  > perhaps
  > if i say it like this they will finally learn) that people are not paying
  > attention, and replacing one security problem with another.
  > in the early days we replaced buffer the typical ANSI-C standardized
  > function
  > buffer overflows (by which I mean strcpy, strcat, and sprintf) with
  > non-overflowing ones -- range checking varients.  We knew we were fixing
  > a major problem.  The damn overflows.  But we did not have time in all
  > cases
  > to handle the next problem we were not handling:  string truncation.  Now
  > we
  > need to (I hope not slowly) start fixing the string truncations.
  > Anyone going to help? (deraadt@)

===============================================================================



More information about the odc mailing list