[odc] Daily src changes for 2005-04-13
ODC
auto at squish.net
Thu Apr 14 08:00:30 BST 2005
OpenBSD src changes summary for 2005-04-13
==========================================
bin/ksh distrib/miniroot
distrib/sets etc/Makefile
etc/ftpusers etc/group
etc/hostapd.conf etc/mail/aliases
etc/master.passwd games/hangman
games/tetris lib/libc
lib/libevent libexec/lockspool
libexec/login_krb5 libexec/uucpd
sbin/scsi sbin/sysctl
share/man sys/arch/arm/xscale
sys/arch/hppa64/include sys/arch/zaurus/dev
sys/arch/zaurus/stand/zboot sys/dev/usb
usr.bin/bc usr.bin/cal
usr.bin/cvs usr.bin/make
usr.bin/mg usr.bin/oldrdist
usr.bin/talk usr.bin/top
usr.bin/vgrind usr.bin/window
usr.sbin usr.sbin/bgpctl
usr.sbin/bgpd usr.sbin/hostapd
usr.sbin/popa3d usr.sbin/user
== bin =============================================================== 01/11 ==
http://www.openbsd.org/cgi-bin/cvsweb/src/bin
ksh
~ edit.c
> use STD{IN,OUT,ERR}_FILENO (deraadt@)
== distrib =========================================================== 02/11 ==
http://www.openbsd.org/cgi-bin/cvsweb/src/distrib
miniroot
~ install.sub
> Allow any valid kbd(8) mapping to be specified (e.g. us.dvorak). Be
> more terse both in prompts and output. Show list of major tables only
> on request. Problem noted by Matt Jibson.
> ok deraadt@ (krw@)
~ install.sub
> Only show sets locations that might work. e.g. no /sbin/nfs == don't
> offer nfs as a location. Eliminate (m)ounted source in favour of an
> extra question for disk sources. Bit of cleanup and overall shrinkage.
> ok deraadt@ miod@ (krw@)
~ install.sub
> Display 'none' as v6 default address when no v6 address is detected.
> Tighten some code. (krw@)
~ dhclient.conf
> spacing (deraadt@)
~ install.sub
> spacing (deraadt@)
~ install.sub
> Tweak set source option testing. Don't offer nfs if no active interface
> is found - even if /sbin/mount_nfs is present. (krw@)
sets
~ lists/base/mi ~ lists/etc/mi
~ lists/man/mi
> sync (deraadt@)
== etc =============================================================== 03/11 ==
http://www.openbsd.org/cgi-bin/cvsweb/src/etc
Makefile
~ Makefile
> sample hostapd.conf from reyk, to be tweaked (henning@)
ftpusers
~ ftpusers
> say hi to _hostapd (henning@)
group
~ group
> say hi to _hostapd (henning@)
hostapd.conf
+ hostapd.conf
> sample hostapd.conf from reyk, to be tweaked (henning@)
mail/aliases
~ mail/aliases
> say hi to _hostapd (henning@)
master.passwd
~ master.passwd
> say hi to _hostapd (henning@)
== games ============================================================= 04/11 ==
http://www.openbsd.org/cgi-bin/cvsweb/src/games
hangman
~ getguess.c
> use STD{IN,OUT,ERR}_FILENO (deraadt@)
tetris
~ input.c
> use STD{IN,OUT,ERR}_FILENO (deraadt@)
== lib =============================================================== 05/11 ==
http://www.openbsd.org/cgi-bin/cvsweb/src/lib
libc
+ string/wcscat.c + string/wcschr.c
+ string/wcscmp.c + string/wcscpy.c
+ string/wcscspn.c + string/wcslcat.c
+ string/wcslcpy.c + string/wcslen.c
+ string/wcsncat.c + string/wcsncmp.c
+ string/wcsncpy.c + string/wcspbrk.c
+ string/wcsrchr.c + string/wcsspn.c
+ string/wcsstr.c + string/wcstok.3
+ string/wcstok.c + string/wcswcs.c
+ string/wcswidth.c + string/wmemchr.3
+ string/wmemchr.c + string/wmemcmp.c
+ string/wmemcpy.c + string/wmemmove.c
+ string/wmemset.c
> Import w* functions so that I can send smaller diffs around.
> (Nothing activated yet, of course)
> okay deraadt@ (espie@)
~ string/wcstok.3 ~ string/wmemchr.3
> - our pages do not have a LIBRARY section;
> - attach rcs id
> - wording tweak (jmc@)
libevent
~ event.3 ~ event.c
> use "volatile sig_atomic_t" types instead of "int" for signal flags.
> ok deraadt@ henning@ provos (reyk@)
== libexec =========================================================== 06/11 ==
http://www.openbsd.org/cgi-bin/cvsweb/src/libexec
lockspool
~ lockspool.c
> use STD{IN,OUT,ERR}_FILENO (deraadt@)
login_krb5
~ login_krb5.c
> Do as login_krb5-or-pwd(8) says: "When root tries to login,
> login_krb5-or-pwd skips KerberosV authentication,"
> ok beck@ some time ago (biorn@)
uucpd
~ uucpd.c
> use STD{IN,OUT,ERR}_FILENO (deraadt@)
== sbin ============================================================== 07/11 ==
http://www.openbsd.org/cgi-bin/cvsweb/src/sbin
scsi
~ scsi.c
> use STD{IN,OUT,ERR}_FILENO (deraadt@)
sysctl
~ sysctl.c
> avoid variable aliasing (deraadt@)
== share ============================================================= 08/11 ==
http://www.openbsd.org/cgi-bin/cvsweb/src/share
man
~ man4/ath.4 ~ man4/atu.4
~ man4/atw.4 ~ man4/ipw.4
~ man4/ral.4 ~ man4/ray.4
~ man4/rtw.4 ~ man4/wi.4tbl
> it is not possible to specify `media' and `-mediaopt' to ifconfig at
> the same time; just use `media autoselect' in our example how to
> return nic to default state;
> found by johan torin;
> usage confirmed by reyk@ (jmc@)
~ man8/vpn.8
> although the example gateway addresses given are private IP addresses, make
> it
> clear that this is an example only, and would normally be public addresses;
> ok hshoexer@ henning@ msf@ (jmc@)
== sys =============================================================== 09/11 ==
http://www.openbsd.org/cgi-bin/cvsweb/src/sys
arch/arm/xscale
~ pxa2x0_apm.c ~ pxa2x0_apm.h
> Call special suspend and resume hooks. The latter can cancel a resume.
> (uwe@)
arch/hppa64/include
~ vmparam.h
> free STACKGAP_RANDOM commit (mickey@)
arch/zaurus/dev
~ zaurus_apm.c
> Resume only if the lid is open and the power key pressed. Also fix
> peridic discharging in zapm_poll(). (uwe@)
arch/zaurus/stand/zboot
~ compat_linux.h ~ unixdev.c
~ unixsys.S
> boot when then timeout expires; prodded by drahn@ dlg@ and others (uwe@)
dev/usb
~ usbdevs.h ~ usbdevs_data.h
> sync (damien@)
~ if_ral.c ~ usbdevs
> New ural devices. Pointed out by Rodolfo Gouveia. (damien@)
== usr.bin =========================================================== 10/11 ==
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin
bc
~ scan.l
> Always use lex in interactive mode. Makes bc running as a co-process
> behave. Very, very little performance loss. Spotted by and ok fschg@
> (otto@)
cal
~ cal.c
> do not trust snprintf return value; ok otto mickey (deraadt@)
cvs
~ cmd.c
> cmd_helper() returns error codes > 0 or 0 on success. (joris@)
~ resp.c
> check return values of snprintf() for potential overflows or errors
> ok xsa@, joris@ (jfb@)
- cache.c
> dead code.
> "ditch it" jfb@ (joris@)
~ rcs.h
> cache leftovers (jfb@)
~ rcsnum.c
> make rcsnum_tostr() return an empty string if the RCSNUM is NULL (jfb@)
~ getlog.c
> cleanup and split the log code into two separate functions for local
> and remote, and a first stab at the code for local log (jfb@)
~ getlog.c
> * accept the -N option to suppress logging of tags
> * print locks, access entries and description in local mode
> * cleanup and get rid of unused variables (jfb@)
~ annotate.c
> use the option string from the cvs_cmd entry instead of keeping a
> hardcoded copy
> ok joris@ (jfb@)
~ file.c
> file callbacks won't return -1 anymore, but a CVS_EX_* error
> ok jfb@ (joris@)
make
~ job.c
> use STD{IN,OUT,ERR}_FILENO (deraadt@)
mg
~ ttyio.c
> use STD{IN,OUT,ERR}_FILENO (deraadt@)
oldrdist
~ server.c
> use STD{IN,OUT,ERR}_FILENO (deraadt@)
talk
~ io.c
> use STD{IN,OUT,ERR}_FILENO (deraadt@)
top
~ display.c ~ top.c
> use STD{IN,OUT,ERR}_FILENO (deraadt@)
vgrind
~ vgrindefs.c
> use STDERR_FILENO (deraadt@)
window
~ wwrint.c
> use STD{IN,OUT,ERR}_FILENO (deraadt@)
== usr.sbin ========================================================== 11/11 ==
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin
usr.sbin
~ Makefile
> connect hostapd for reyk, ok theo reyk (henning@)
bgpctl
~ bgpctl.c
> Show if a route is rejected or blackholed in show fib output. OK henning@
> (claudio@)
bgpd
~ bgpd.conf.5
> tweak to make this use similar format to ospfd.conf.5 and hostapd.conf.5;
> (jmc@)
~ parse.y
> filter_set cleanup. Plug some memleaks and fix an obvious bug in the
> network case. OK henning@ (claudio@)
hostapd
+ Makefile + apme.c
+ hostapd.8 + hostapd.c
+ hostapd.conf.5 + hostapd.h
+ iapp.c + llc.c
+ parse.y + privsep.c
> add the initial version of the OpenBSD hostapd daemon
> ok deraadt@ (reyk@)
~ hostapd.8
> add missing comma (reyk@)
~ apme.c ~ hostapd.c
~ iapp.c ~ privsep.c
> KNF (henning@)
~ parse.y
> whitespace (henning@)
~ hostapd.8
> the ifconfig manpage is in section 8... (reyk@)
~ hostapd.h
> KNG (henning@)
~ parse.y
> don't lose copyright on the way... reyk ok (henning@)
~ hostapd.c
> bzero of bss not needed (deraadt@)
~ parse.y
> kill #if 0 crud (henning@)
~ privsep.c ~ hostapd.conf.5
~ hostapd.8 ~ apme.c
> spaces (deraadt@)
~ hostapd.c
> do not close descriptors before exit (deraadt@)
~ hostapd.c
> missing copyrights here as well
> it is more than fine to re-use our code (please do!), but do not forget our
> copyright! (henning@)
~ hostapd.c
> only fflush STDERR when we actually log to STDERR, reyk ok (henning@)
~ privsep.c
> privsep i/o functions are based on atomicio, add copyright notice (reyk@)
~ hostapd.8
> various tweaks;
> ok reyk@ (jmc@)
~ hostapd.c
> sync usage() (jmc@)
~ hostapd.conf.5
> tweaks; ok reyk@ (jmc@)
~ privsep.c
> really abort, when privdrop fails. ok reyk@ (moritz@)
~ iapp.c ~ llc.c
~ privsep.c
> tighten code vertically (deraadt@)
~ Makefile
> spacing (deraadt@)
~ privsep.c
> set gid before uid (reyk@)
~ iapp.c ~ privsep.c
> add some missing arguments, where format strings
> expect them and a minor comment fix. ok reyk@ (moritz@)
~ hostapd.8
> a daemon, not an daemon; (jmc@)
~ privsep.c ~ hostapd.c
> un-hack, use event_loopexit()
> ok henning@ brad@ (reyk@)
popa3d
~ protocol.c
> use STD{IN,OUT,ERR}_FILENO (deraadt@)
user
~ user.c
> very unlikely overflow. but sticking to the idiom is important: thereby,
> example by example, we teach people how to actually use snprintf. because
> it is clear (especially judging by code coming from netbsd hint hint
> perhaps
> if i say it like this they will finally learn) that people are not paying
> attention, and replacing one security problem with another.
> in the early days we replaced buffer the typical ANSI-C standardized
> function
> buffer overflows (by which I mean strcpy, strcat, and sprintf) with
> non-overflowing ones -- range checking varients. We knew we were fixing
> a major problem. The damn overflows. But we did not have time in all
> cases
> to handle the next problem we were not handling: string truncation. Now
> we
> need to (I hope not slowly) start fixing the string truncations.
> Anyone going to help? (deraadt@)
===============================================================================
More information about the odc
mailing list