OpenBSD/src 4lJlu2Tsys/net pf.c

   in the "pf: key search" debug message, add the direction. interface *and*
   dir make debugging much easier than the if alone.
VersionDeltaFile
1.1078+3-2sys/net/pf.c
+3-21 files

OpenBSD/src ngdNphJusr.bin/tmux cmd-choose-tree.c cmd-display-panes.c

   Add [template] to display-panes and choose-{buffer,client,tree} usage

   OK nicm

OpenBSD/src Jm6u4CJlib/libcrypto/ec ecp_smpl.c

   Port OpenSSL commit 99540ec79491f59ed8b46b4edf130e17dc907f52 -- mitigation
   for a timing vullnerability in ECDSA signature generation (CVE-2018-0735).

   Note that the blinding that we introduced back in June for ECDSA and DSA
   should mitigate this and related issues. This simply adds an additional
   layer of protection.

   discussed with jsing
VersionDeltaFile
1.29+4-4lib/libcrypto/ec/ecp_smpl.c
+4-41 files

OpenBSD/src nsXLt5Dsbin/pfctl parse.y

   scrub opts dont set tos, so remove it from the scrub_opts struct

   ok deraadt@
VersionDeltaFile
1.688+1-2sbin/pfctl/parse.y
+1-21 files

OpenBSD/src L4MsKFqlibexec/getty main.c pathnames.h

   Theodore Wynnychenko discovered the gettytab "lo=path" feature didn't work
   anymore with unveil wired to /usr/bin/login.  So let's parse gettytab a bit
   earlier to learn which login path to unveil. Later in the loop gettytab is
   re-parsed, if the login changes re-exec getty to reach the unveil from the top.
   ok millert, also discussed with mestre
VersionDeltaFile
1.50+24-9libexec/getty/main.c
1.4+2-1libexec/getty/pathnames.h
+26-102 files

OpenBSD/src 3wbR3cNsys/net if_gre.c

   the variable holding the ip tos should be called tos, not ttl.

   no functional change.
VersionDeltaFile
1.139+3-3sys/net/if_gre.c
+3-31 files

OpenBSD/src nVoRp0Nsys/net if_gif.c, sys/netinet ip_ecn.c ip_ipip.c

   provide ip_tos_patch() for setting ip_tos and patching the ipv4 cksum.

   previously the gif code would patch the tos field and not recalc
   the cksum, which would cause ip input code to drop the packet due
   to a cksum failure. the ipip code patched ip_tos and unconditionally
   recalculated the cksum, making it correct, but also wiping out any
   errors that may have been present before the recalculation. updating
   the cksum rather than replacing it lets cksum failures still fire.

   ip_tos_patch() is provided in the ecn code since it's because of ecn
   propagation that we need to update the tos field. internally it
   works like pf_patch_8 and pf_cksum_fixup, but since pf is optional
   it rolls its own code. procter may fix that in the future...

   ok claudio@

OpenBSD/src vAH01zgsbin/ifconfig ifconfig.c

   Warn on deprecated 'vlan' and 'vlandev' option usage

   These were superseeded by 'vnetid' and 'parent' in june 2017 and will be
   removed in the future.

   "Looks right" deraadt, OK benno
VersionDeltaFile
1.383+7-1sbin/ifconfig/ifconfig.c
+7-11 files

OpenBSD/src AyzEeVWgnu/lib/libreadline Makefile, lib/libcurses shlib_version

   Record an inter-library dependency on libcurses in libedit and libreadline,
   avoiding runtime failures on architectures using ld.lld. Also add a note to
   libcurses shlib_version reminding about bumps (as done with libcrypto/libssl).

   Thanks guenther@ for suggestions of tests involving library bumps and jca@
   for doing these tests and hint about DPADD.

   Looks good kettenis@, ok jca@

OpenBSD/src mH4NKtLsys/kern subr_extent.c

   Revert previous, it breaks regress.
VersionDeltaFile
1.60+3-3sys/kern/subr_extent.c
+3-31 files

OpenBSD/src polb4szsys/kern subr_extent.c

   Userland malloc(3) & free(3) take only one argument.
VersionDeltaFile
1.59+3-3sys/kern/subr_extent.c
+3-31 files

OpenBSD/src d6Zy1salib/libssl ssl_lib.c

   Fix wrong sizeof argument by using 'uint16_t *', with minor nit from tb@,
   instead of 'uint16_t'

   Found with llvm's static analyzer, noticed that it was also already reported in
   Coverity CID 155890 and to ensure this was correct also inspected OpenSSL's
   equivalent code.

   OK tb@ and jsing@
VersionDeltaFile
1.194+2-2lib/libssl/ssl_lib.c
+2-21 files

OpenBSD/src FDOf9Z8usr.sbin/bgpd config.c

   Plug memory leak in host()'s error code path

   OK claudio@
VersionDeltaFile
1.78+2-1usr.sbin/bgpd/config.c
+2-11 files

OpenBSD/src l6zx2wqsys/dev/usb usb.c

   free(9) sizes for configuration descriptors, missed in previous.
VersionDeltaFile
1.121+3-3sys/dev/usb/usb.c
+3-31 files

OpenBSD/src gMJmSGVsys/net bridgectl.c if_bridge.c

   Batch copyout(9)s in preparation for finer locking.

   Tested by Hrvoje Popovski, inputs and ok visa@
VersionDeltaFile
1.12+67-63sys/net/bridgectl.c
1.313+10-20sys/net/if_bridge.c
+77-832 files

OpenBSD/src SQR5IXksys/dev/usb ugen.c usb_subr.c

   free(9) sizes for configuration descriptors.

   ok tedu@, visa@
VersionDeltaFile
1.99+10-11sys/dev/usb/ugen.c
1.140+3-3sys/dev/usb/usb_subr.c
+13-142 files

OpenBSD/src OUh1qTAbin/mv mv.1

   mv imitates, but no longer uses, cp and rm to cross filesystems.
VersionDeltaFile
1.34+3-3bin/mv/mv.1
+3-31 files

OpenBSD/src rM4pB1Dusr.bin/join join.c

   Remove slurpit definition. Leftover from earlier cleanup by otto@.
VersionDeltaFile
1.32+1-2usr.bin/join/join.c
+1-21 files

OpenBSD/src fGgLFnKusr.sbin/bgpd rde_filter.c bgpd.h

   Remove an unneeded union wrapping the skipsteps pointer.
   OK phessler@
VersionDeltaFile
1.113+5-5usr.sbin/bgpd/rde_filter.c
1.354+2-7usr.sbin/bgpd/bgpd.h
+7-122 files

OpenBSD/src InmzyO0usr.sbin/bgpd rde_rib.c

   Adjust comment.
VersionDeltaFile
1.186+2-6usr.sbin/bgpd/rde_rib.c
+2-61 files

OpenBSD/src IUGYAa7usr.bin/sed main.c sed.1

   Make sed's -i flag more compatible with what gsed does.
   - Reset the hold-space in between files
   - quit the editor as soon as a 'q' command is found
   - Make sure the temp-file is written back to the original file if we quit
     the editor

   temp-file not written back issue found by Time Chase.
   Lots of feedback from millert@ and schwarze@
   OK millert@
VersionDeltaFile
1.38+27-21usr.bin/sed/main.c
1.57+6-3usr.bin/sed/sed.1
1.34+6-2usr.bin/sed/process.c
1.14+3-2usr.bin/sed/extern.h
+42-284 files

OpenBSD/src BZlhYjQsys/dev/pci/drm/radeon radeon_fb.c

   Add back part of the changes to takeover the firmware framebuffer on
   sparc64 lost in the update to linux 4.4.  Compile tested only.
VersionDeltaFile
1.15+23-0sys/dev/pci/drm/radeon/radeon_fb.c
+23-01 files

OpenBSD/src csuKJltusr.bin/openssl s_client.c

   didn't found -> didn't find.

   From Edgar Pettijohn III
VersionDeltaFile
1.37+2-2usr.bin/openssl/s_client.c
+2-21 files

OpenBSD/src MnMDSwQsys/dev/pci/drm/radeon radeon_fb.c

   Setup radeondrm burner task.  Missed when updating to linux 4.4.
   Fixes wsconsctl display.screen_off panic reported by Dmitry Murti.
VersionDeltaFile
1.14+5-0sys/dev/pci/drm/radeon/radeon_fb.c
+5-01 files

OpenBSD/src Wse8mk7sys/net if_gif.c

   remove the encapsulation headers before looking at the inner headers

   it works less well when you look before the adj
VersionDeltaFile
1.123+5-5sys/net/if_gif.c
+5-51 files

OpenBSD/src EqR737wsys/net if_gif.c

   revert 1.121. i got confused between ecn on ingress and egress
VersionDeltaFile
1.122+4-4sys/net/if_gif.c
+4-41 files

OpenBSD/src smebNZ4lib/libssl ssl_sigalgs.c

   In TLS1.2 we use evp_sha1 if we fall back this far, not evp_md5_sha1 as in 1.1
   Makes connections to outlook.office365.com work
VersionDeltaFile
1.10+2-2lib/libssl/ssl_sigalgs.c
+2-21 files

OpenBSD/src bys3cj7sys/net if_gif.c

   get ecn ingress args the right way round. again.
VersionDeltaFile
1.121+5-5sys/net/if_gif.c
+5-51 files

OpenBSD/src ymma80usys/net if_gre.c

   use the txprio setting to populate the tos in keepalive packets.

   the mbuf prio will still be set according to the llprio value, but the
   tos on the packet may be forced to a specific number by txprio
VersionDeltaFile
1.138+6-7sys/net/if_gre.c
+6-71 files

OpenBSD/src hpdjErTsys/net if_gif.c if_gre.c

   according to ip_ipip.c, rfc1853 says not to copy the ttl on decapsulation

   rfc1853 is about IP in IP Tunneling. rfc2003 about IP Encapsulation
   within IP agrees.
VersionDeltaFile
1.120+5-18sys/net/if_gif.c
1.137+1-15sys/net/if_gre.c
+6-332 files

OpenBSD/src lR43WE9regress/usr.sbin/bgpd/config bgpd.conf.10.in bgpd.conf.10.ok

   check various community combinations

OpenBSD/src 0MlEBJHregress/sys/kern/sigio sigio_common.c

   Add some coverage for the ioctl() interface.

OpenBSD/src pcxP0wVlib/libssl ssl_sigalgs.c

   Temporary workaround for breakage seen in www.videolan.org with curve mismatch
VersionDeltaFile
1.9+4-3lib/libssl/ssl_sigalgs.c
+4-31 files

OpenBSD/src 2USPRnWusr.bin/make suff.c

   commit again the cleanup part that didn't break anything
   and was ok'd millert@
VersionDeltaFile
1.95+6-12usr.bin/make/suff.c
+6-121 files

OpenBSD/src cZFw6dWregress/usr.sbin/pkg_add Makefile

   it's expected for pkg_add to exit 1 now, since it's missing one dependent
   package it wants to update.
   what matters is the list of installed files.
VersionDeltaFile
1.58+2-2regress/usr.sbin/pkg_add/Makefile
+2-21 files

OpenBSD/src 6ecHg61share/man/man5 malloc.conf.5

   knock out a useless sentence, and reword another to make it read more nicely;
   ok otto
VersionDeltaFile
1.19+3-4share/man/man5/malloc.conf.5
+3-41 files

OpenBSD/src 6z8K4MSsbin/ping ping.c

   Fix previous, which broke ping -T.

   ok dlg@
VersionDeltaFile
1.234+2-2sbin/ping/ping.c
+2-21 files

OpenBSD/src IBNox3Eregress/sys/kern/sigio sigio_common.c sigio_pipe.c

   Add regress tests for pipe fcntl(fd, F_GETOWN).

OpenBSD/src 1gRNhozsys/kern sys_pipe.c

   Fix fcntl(fd, F_GETOWN) with pipes. As a regression
   of kern_descrip.c r1.177 and sys_pipe.c r1.82, the call always
   returned an error.

   OK jca@ anton@ mpi@
VersionDeltaFile
1.87+2-2sys/kern/sys_pipe.c
+2-21 files

OpenBSD/src eTOk76Ndistrib/sgi/iso Makefile

   Fix a slip in previous. FFSSZ should reflect the "pa" disktab field,
   not "pc", as is documented in the file. However, the value of FFSSZ
   is not used anywhere so remove the variable.

   Pointed out by miod@
VersionDeltaFile
1.29+1-2distrib/sgi/iso/Makefile
+1-21 files

OpenBSD/src UC1RSFgusr.bin/tmux screen-write.c

   Initialize context property in alignment test handler function.
VersionDeltaFile
1.143+3-1usr.bin/tmux/screen-write.c
+3-11 files

OpenBSD/src Xug3ij7usr.sbin/snmpd snmpe.c

   Remove #if'ed 0 code around a broken pledge. Due to some ioctls and sysctls
   pledge cannot be used, nevertheless since we now have unveil available we can
   use it to guarantee that in this particular case the snmpe process cannot
   access the filesystem at all, therefore close a big attack vector and achieve
   a great level of protection even without being able to use pledge.

   prodded by deraadt@
VersionDeltaFile
1.56+1-9usr.sbin/snmpd/snmpe.c
+1-91 files

OpenBSD/src 57qJ9drusr.bin/ssh sftp.1

   fix markup error (missing blank before delimiter);
   from Mike Frysinger <vapier at gentoo dot org>
VersionDeltaFile
1.121+3-3usr.bin/ssh/sftp.1
+3-31 files

OpenBSD/src 81WRItodistrib/sgi/iso Makefile, etc/etc.sgi disktab

   Grow sgi iso to make room for clang.

   Cluebat and OK deraadt@
VersionDeltaFile
1.18+4-4etc/etc.sgi/disktab
1.28+3-3distrib/sgi/iso/Makefile
+7-72 files

OpenBSD/src p1PR2mhgnu/usr.bin/binutils-2.17/binutils readelf.c, sys/sys exec_elf.h

   Add GNU_HASH #defines; improve readelf output for SHT_GNU_HASH

   ok naddy@ jca@

OpenBSD/src SxC6jzzregress/lib/libssl/key_schedule key_schedule.c

   Just err if we can't create secrets

OpenBSD/src uHCO6xolib/libssl tls13_key_schedule.c

   NULL out mdctx to prevent possible double free introduced in version 1.4
   Spotted by maestre@, ok tb@
VersionDeltaFile
1.7+2-1lib/libssl/tls13_key_schedule.c
+2-11 files

OpenBSD/src S2HgMARlib/libssl ssl_sigalgs.c

   Fix pkey_ok to be less strange, and add cuve checks required for the EC ones
   ok tb@
VersionDeltaFile
1.8+26-9lib/libssl/ssl_sigalgs.c
+26-91 files

OpenBSD/src 4U6HSC3sys/net if_gif.c

   get the inner and outer tos values right for passing to ip_ecn_ingress
VersionDeltaFile
1.119+3-3sys/net/if_gif.c
+3-31 files

OpenBSD/src jPWNbAIsys/net if_gre.c

   add txprio support to gre, mgre, egre, nvgre, and eoip

   for l3 interfaces (gre and mgre), allow txprio from the payload,
   the mbuf, or a hardcoded value. for l2 interfaces (egre, ngre, and
   eoip), get txprio from the mbuf or a hardcoded value.

   ok claudio@
VersionDeltaFile
1.136+127-5sys/net/if_gre.c
+127-51 files