Module name: src
Changes by: jsg@cvs.openbsd.org 2014/07/28 09:00:27

Modified files:
sys/dev/pci : vga_pci.c vga_pci_common.c
sys/arch/macppc/pci: vgafb.c
sys/arch/sparc64/dev: machfb.c vgafb.c

Log message:
Limit the "aperture needed" printf to ramdisks via RAMDISK_HOOKS.
Originally with SMALL_KERNEL until sebastia@ pointed out that not
all ramdisks are built with SMALL_KERNEL.
ok deraadt@ kettenis@

Module name: src
Changes by: schwarze@cvs.openbsd.org 2014/07/28 09:40:08

Modified files:
usr.bin/ssh : sftp-server.8 sshd_config.5

Log message:
some systems no longer need /dev/log;
issue noticed by jirib;
ok deraadt

Module name: src
Changes by: tobias@cvs.openbsd.org 2014/07/28 10:40:32

Modified files:
sbin/dhclient : packet.c
usr.sbin/dhcrelay: packet.c

Log message:
merge dhcpd's packet.c revision 1.7:

Fix very hard to reach DoS attack vector, which would involve more than
8 billion network packets. Mixture of many many malformed and proper
packets could result in a division by zero.

ok krw@

Module name: src
Changes by: tobias@cvs.openbsd.org 2014/07/28 10:45:35

Modified files:
sbin/dhclient : options.c
usr.sbin/dhcpd : options.c

Log message:
Fix memory exhaustion occurring on DHCP options with 0 length.

halex@ and krw@ pointed out that a NULL check before free can go, too.

ok deraadt@, halex@, krw@

Module name: www
Changes by: tobias@cvs.openbsd.org 2014/07/28 10:48:23

Modified files:
. : errata54.html errata55.html security.html

Log message:
fix dates of last two security fixes.

ok deraadt@

Module name: src
Changes by: tedu@cvs.openbsd.org 2014/07/28 11:57:18

Modified files:
lib/libcrypto/crypto: Makefile
lib/libssl/src/apps: progs.h
Removed files:
lib/libssl/src/crypto/srp: srp.h srp_grps.h srp_lcl.h srp_lib.c
srp_vfy.c

Log message:
Remove SRP code. It contains a bug (this should not surprise anyone), but
the details are under embargo. The original plan was to wait for the
embargo to lift, but we've been waiting for quite some time, and there's no
indication of when or even if it will end. No sense in dragging this out
any longer.

The SRP code has never been enabled in OpenBSD, though I understand it is
in use by some other people. However, in light of this and other issues,
we're officially saying SRP is outside the scope of libressl. (For now.)

Module name: src
Changes by: miod@cvs.openbsd.org 2014/07/28 12:31:39

Modified files:
sys/arch/sparc/dev: dma.c dmavar.h if_le.c

Log message:
On SPARCbook systems, the ledma device node has a `cable-selection' property
specifying which media the on-board interface uses. We already query it to
set up proper register values; extend this to be able to pass a default
media to the le(4) child.

This makes SPARCbook system default to AUI without needing for a manual media
change.

tested by sebastia@

Module name: ports
Changes by: naddy@cvs.openbsd.org 2014/07/28 12:28:26

Modified files:
. : INDEX

Log message:
sync; 8829

Module name: src
Changes by: bluhm@cvs.openbsd.org 2014/07/28 14:30:01

Modified files:
sys/kern : subr_log.c

Log message:
I/O ktrace of sendsyslog(2) did not work. As uiomove() adjusts
iov_len to 0, we need a propper length calculation. While there,
use -1 for the file descriptor because 0 is reserved for stdin.
OK deraadt@ guenther@

Module name: src
Changes by: deraadt@cvs.openbsd.org 2014/07/28 14:35:32

Modified files:
distrib/sets/lists/base: md.alpha md.amd64 md.armish md.armv7
md.aviion md.hppa md.hppa64 md.i386
md.landisk md.loongson md.luna88k
md.macppc md.octeon md.sgi md.socppc
md.sparc md.sparc64 md.vax md.zaurus
distrib/sets/lists/comp: mi

Log message:
sync

Module name: src
Changes by: krw@cvs.openbsd.org 2014/07/28 16:18:31

Modified files:
usr.sbin/smtpd : enqueue.c

Log message:
Last (known) msgbuf_write() vs EOF fix.

ok gilles@ deraadt@

Module name: src
Changes by: miod@cvs.openbsd.org 2014/07/28 20:57:09

Modified files:
distrib/notes/alpha: contents
distrib/notes/amd64: contents
distrib/notes/aviion: contents
distrib/notes/hppa: contents
distrib/notes/i386: contents
distrib/notes/loongson: contents
distrib/notes/macppc: contents
distrib/notes/octeon: contents
distrib/notes/sgi: contents
distrib/notes/socppc: contents
distrib/notes/sparc: contents
distrib/notes/sparc64: contents
distrib/notes/vax: contents
distrib/notes/zaurus: contents

Log message:
update sets sizes

http://undeadly.org/cgi?action=article&sid=20140729070721

Contributed by tbert on Tue Jul 29 07:07:41 2014 (GMT)
from the less-is-more dept.

Ted Unangst (tedu@) talks about teduing a goodly amount of code, among other things:

> Despite being in the same room as many other LibreSSL developers for the first time (since the beginning of LibreSSL at least), I didn't do too much work on that front. I did remove the compression feature (as made famous by the [CRIME attack](http://en.wikipedia.org/wiki/CRIME); not all protocols or deployments are vulnerable, but we're also aiming for a simpler feature set overall) and made a few other cleanups. While it's very helpful to be in the same room as other hackers to exchange ideas, having everyone pounding on the source at the same time is a little troublesome so I elected to stay out of the way.

> I did, however, take the chance to bounce some ideas for a ressl API off the other developers. Instead of continuing to use the OpenSSL API, the ressl API is entirely separate. Internally, ressl itself uses the OpenSSL API, but the interface presented to the user is quite different. Our particular focus is on absolving the user of the need to know about X.509 and ASN.1 internals; instead you simply ask ressl to verify the remote peer's hostame. And actually, you don't even need to do that because that's the default behavior. (Un)fortunately, jsing@ liked the idea so much he ran ahead and implemented it before I got the chance. One of the dangers of being at a hackathon, I guess.
>
> Besides that, I continued my hackathon tradition of deleting a lot code that most people probably never even knew existed. Say goodbye to asa, fpr, mkstr, xstr, oldrdist, fsplit, uyap, and bluetooth. Of these, you may possibly miss bluetooth support. Unfortunately, the current code doesn't work and isn't structured properly to encourage much future development.
>
> I reviewed a few filesystem diffs from pelikan@ for ext2fs and tobias@ for msdosfs. At the beginning of the hackathon I showed some developers a diff that changes the buffer cache to using a 2Q like strategy. That's gone through a few iterations, but won't make 5.6. Expect to see it soon, though.
>
> I made two changes to the kernel malloc(). The first was an idea deraadt@ had suggested some time ago. The current poison values (designed to detect use after free and other corruption) are rather limited, meaning that if a particular flag bit is set or unset, the incorrect code may continue to function. I change the poison values to inverted patterns, reversing all the bits. This proved to be very successful, finding many more bugs. Too successful, in fact, because there's not enough time to chase down and fix all the fallout before release, so that change has since been reverted.
>
> The second change was to add a size argument to [free(9)](http://www.openbsd.org/cgi-bin/man.cgi?query=free&apropos=0&sec=9&arch=default&manpath=OpenBSD-current). This is currently not used, as most callers pass 0 to indicate unknown, but will allow us to simplify some code on the free side and make some other fun changes as well.
>
> For userland [malloc(3)](http://www.openbsd.org/cgi-bin/man.cgi?query=malloc&apropos=0&sec=3&arch=default&manpath=OpenBSD-current), I did some work to accelerate threaded applications. I now have a stable first version of this ready, but it will wait for the next release as well.

http://undeadly.org/cgi?action=article&sid=20140729071820

Contributed by tbert on Tue Jul 29 07:18:55 2014 (GMT)
from the not-that-DRM dept.

Jonathan Gray (jsg@) [posted](http://marc.info/?l=openbsd-tech&m=140654976008811&w=2) a call for testers for [radeondrm(4)]() updates:

> I'm looking for a few people to test some additional radeondrm fixes from the recently released Linux 3.8.13.27: <https://lkml.org/lkml/2014/7/25/621>
>
> In particular on newer asics with displayport/eDP as I can only test on r100/lvds at the moment.

Module name: src
Changes by: blambert@cvs.openbsd.org 2014/07/29 02:51:49

Modified files:
lib/libssl/src/apps: ca.c

Log message:
Fix a usage string; the proper spelling of 'alot' is 'a lot'.

ok bcook@

Module name: src
Changes by: reyk@cvs.openbsd.org 2014/07/29 06:16:36

Modified files:
usr.sbin/httpd : httpd.h server.c

Log message:
Move configurable TCP options into struct server_config.

Module name: src
Changes by: mpi@cvs.openbsd.org 2014/07/29 06:18:41

Modified files:
sys/net : route.c route.h rtsock.c

Log message:
Revert the checks about RTF_LOCAL routes.

Even if in the end we would like to be more strict about what userland
can do with kernel-managed route entries, most of the tools out there
are not yet ready for this. Since RTF_LOCAL routes are for the moment
just like RTF_LLINFO routes without expire timer, allow userland tools
to remove/modify them. In case they are missing, the good old cloning
mechanism will recreate what you need.

bluhm@ and deraadt@ agree.

Module name: src
Changes by: deraadt@cvs.openbsd.org 2014/07/29 06:56:41

Modified files:
sys/conf : newvers.sh

Log message:
move to -release mode

Module name: src
Changes by: deraadt@cvs.openbsd.org 2014/07/29 06:57:08

Modified files:
sys/conf : GENERIC

Log message:
disable POOL_DEBUG for release

Module name: src
Changes by: reyk@cvs.openbsd.org 2014/07/29 10:17:28

Modified files:
etc/examples : httpd.conf
usr.sbin/httpd : httpd.conf.5 httpd.h parse.y server_file.c

Log message:
Add extended directory index options: "[no] index" and "[no] auto index".
The option "directory auto index" implements basic directory listing
and is turned off by default.

ok deraadt@

Module name: src
Changes by: reyk@cvs.openbsd.org 2014/07/29 10:38:34

Modified files:
usr.sbin/httpd : server.c

Log message:
The inflight decremented message should only be printed with DEBUG.

Module name: src
Changes by: tobias@cvs.openbsd.org 2014/07/29 12:21:30

Modified files:
sbin/dhclient : Tag: OPENBSD_5_5 options.c
usr.sbin/dhcpd : Tag: OPENBSD_5_5 options.c

Log message:
Fix memory exhaustion occurring on DHCP options with 0 length.

halex@ and krw@ pointed out that a NULL check before free can go, too.

ok deraadt@, halex@, krw@, jasper@

Module name: src
Changes by: tobias@cvs.openbsd.org 2014/07/29 12:23:07

Modified files:
sbin/dhclient : Tag: OPENBSD_5_4 options.c
usr.sbin/dhcpd : Tag: OPENBSD_5_4 options.c

Log message:
Fix memory exhaustion occurring on DHCP options with 0 length.

halex@ and krw@ pointed out that a NULL check before free can go, too.

ok deraadt@, halex@, krw@, jasper@

Module name: src
Changes by: reyk@cvs.openbsd.org 2014/07/30 01:09:38

Modified files:
usr.sbin/httpd : server_file.c

Log message:
Reserve an extra file descriptor per connection instead of per
request. This fixes fd accounting with persistent connections and
reduces the complexity of the implementation.

ok benno@

Module name: src
Changes by: reyk@cvs.openbsd.org 2014/07/30 03:51:40

Modified files:
usr.sbin/httpd : httpd.conf.5

Log message:
Small fix and clarification

Module name: src
Changes by: reyk@cvs.openbsd.org 2014/07/30 04:05:14

Modified files:
etc/examples : httpd.conf
usr.sbin/httpd : config.c httpd.conf.5 httpd.h parse.y server.c
server_http.c

Log message:
Add "location" keyword to specify path-specific configuration in
servers, for example auto index for a sub-directory only. Internally,
a "location" is just a special type of a "virtual" server.

Module name: ports
Changes by: jasper@cvs.openbsd.org 2014/07/30 05:44:40

Modified files:
www/firefox-esr: Tag: OPENBSD_5_5 Makefile distinfo
Added files:
www/firefox-esr/patches: Tag: OPENBSD_5_5 patch-configure_in

Log message:
update to firefox-24.7.0esr

Module name: src
Changes by: espie@cvs.openbsd.org 2014/07/30 06:44:26

Modified files:
usr.sbin/pkg_add/OpenBSD: PkgAdd.pm

Log message:
prepare for post 5.6 packages, recognize special case where timestamp exist.
(specifically, this is a nop for 5.6, but it will allow changes to packages
without needing anything in pkg_add)

Module name: ports
Changes by: jasper@cvs.openbsd.org 2014/07/30 05:57:30

Modified files:
www/firefox-esr-i18n: Tag: OPENBSD_5_5 Makefile.inc distinfo

Log message:
update to firefox-esr-i18n 24.7.0

Module name: src
Changes by: ajacoutot@cvs.openbsd.org 2014/07/30 07:18:59

Modified files:
etc/rc.d : rc.subr

Log message:
Fix evil typo (multicast_hosts -&gt; multicast_host).

Module name: src
Changes by: reyk@cvs.openbsd.org 2014/07/30 07:49:48

Modified files:
usr.sbin/httpd : config.c httpd.h parse.y server.c server_http.c

Log message:
Make "location" work with name-based virtual servers.

Module name: ports
Changes by: naddy@cvs.openbsd.org 2014/07/30 08:28:24

Modified files:
mail/dovecot : Makefile
mail/dovecot/patches: patch-src_login-common_ssl-proxy-openssl_c
Added files:
mail/dovecot/patches:
patch-src_lib-ssl-iostream_iostream-openssl-context_c
patch-src_lib-ssl-iostream_iostream-openssl_c

Log message:
fix build after SSL compression removal; from brad@ et al.

Module name: ports
Changes by: naddy@cvs.openbsd.org 2014/07/30 08:30:54

Modified files:
devel/vte3 : Makefile
Added files:
devel/vte3/patches: patch-src_vteaccess_c

Log message:
Fix segfault in gnome-terminal-server process.
This fix from espie@; ok ajacoutot@ jasper@ robert@

(The tree is still locked.)

Module name: www
Changes by: reyk@cvs.openbsd.org 2014/07/30 09:38:40

Modified files:
. : bank-donation.html

Log message:
With SEPA, there's no need to mention the legacy German bank details anymore.

ok deraadt@

Module name: ports
Changes by: naddy@cvs.openbsd.org 2014/07/30 09:46:05

Modified files:
. : INDEX

Log message:
sync

Module name: src
Changes by: jsg@cvs.openbsd.org 2014/07/30 10:29:05

src/libexec/tradcpp

Update of /cvs/src/libexec/tradcpp
In directory cvs.openbsd.org:/tmp/cvs-serv31611/tradcpp

Log Message:
Directory /cvs/src/libexec/tradcpp added to the repository

Module name: src
Changes by: jsg@cvs.openbsd.org 2014/07/30 10:33:11

Added files:
libexec/tradcpp: Makefile array.c array.h config.h directive.c
directive.h eval.c eval.h files.c files.h
inlinedefs.h macro.c macro.h main.c mode.h
output.c output.h place.c place.h tradcpp.1
utils.c utils.h version.h

Log message:
Add tradcpp 0.4, a standalone traditional whitespace preserving cpp
by David A. Holland of NetBSD.

Module name: src
Changes by: jsg@cvs.openbsd.org 2014/07/30 10:34:24

Modified files:
libexec : Makefile

Log message:
descend into tradcpp

Module name: src
Changes by: jsg@cvs.openbsd.org 2014/07/30 10:46:17

Modified files:
usr.bin/calendar: pathnames.h

Log message:
switch to tradcpp

Module name: xenocara
Changes by: jsg@cvs.openbsd.org 2014/07/30 10:48:32

Modified files:
app/xrdb : Makefile.bsd-wrapper

Log message:
switch to tradcpp
fixes whitespace issues with auxcpp reported by Allan Streib

Module name: src
Changes by: ajacoutot@cvs.openbsd.org 2014/07/30 10:54:09

Modified files:
usr.sbin/sysmerge: sysmerge.sh

Log message:
Properly warn when an example changes and the corresponding file is found
under /etc.

issue reported by Nathanael Rensen
"fine" deraadt@

&gt; CVSROOT: /cvs
&gt; Module name: src
&gt; Changes by: ajacoutot@cvs.openbsd.org 2014/07/30 10:54:09
&gt;
&gt; Modified files:
&gt; usr.sbin/sysmerge: sysmerge.sh
&gt;
&gt; Log message:
&gt; Properly warn when an example changes and the corresponding file is found
&gt; under /etc.
&gt;
&gt; issue reported by Nathanael Rensen
&gt; "fine" deraadt@

and ok rpe@

--
Antoine

Module name: www
Changes by: tobias@cvs.openbsd.org 2014/07/30 11:06:25

Modified files:
. : errata54.html errata55.html

Log message:
release dhcp errata

ok deraadt@

Module name: xenocara
Changes by: todd@cvs.openbsd.org 2014/07/30 11:10:27

Modified files:
app/xdm/config : OpenBSD_15bpp.xpm OpenBSD_1bpp.xpm
OpenBSD_4bpp.xpm OpenBSD_8bpp.xpm

Log message:
puffy 5.6

Module name: src
Changes by: jsg@cvs.openbsd.org 2014/07/30 11:21:50

Modified files:
libexec : Makefile

Log message:
unhook auxcpp

Module name: src
Changes by: deraadt@cvs.openbsd.org 2014/07/30 11:45:13

Modified files:
distrib/sets/lists/base: mi
distrib/sets/lists/man: mi

Log message:
sync

Module name: xenocara
Changes by: miod@cvs.openbsd.org 2014/07/30 12:27:25

Modified files:
distrib/sets/lists/xbase: mi

Log message:
tantrum sync

Module name: xenocara
Changes by: matthieu@cvs.openbsd.org 2014/07/30 13:57:08

Modified files:
. : MODULES 3RDPARTY

Log message:
update

Module name: xenocara
Changes by: matthieu@cvs.openbsd.org 2014/07/30 14:06:30

Modified files:
distrib/notes : README.amd64 README.i386 README.loongson
README.luna88k README.sgi README.sparc
README.sparc64

Log message:
Various updates for 5.6:
- remove the discussion about aperture driver on i386/amd64; it is
handled by the installer
- change references to rc.conf to rc.conf.local(8)

Module name: www
Changes by: sthen@cvs.openbsd.org 2014/07/30 15:57:19

Modified files:
faq/pf : authpf.html nat.html pools.html rdr.html
shortcuts.html tables.html

Log message:
Switch example addresses to the prefixes reserved for documentation in rfc5737.
From Sevan Janiyan, nick@ ok