OpenBSD src changes summary for 2015-11-02 ==========================================
bin/ksh lib/libc lib/libcrypto lib/libssl lib/libtls libexec/ld.so regress/lib regress/usr.sbin sbin/mount_msdos share/man sys/arch/mips64/include sys/arch/sgi/conf sys/arch/sparc/include sys/arch/sparc/sparc sys/dev/ic sys/dev/pci sys/dev/usb sys/kern sys/net sys/netinet sys/netinet6 sys/sys usr.bin/rcs usr.bin/signify usr.bin/uniq usr.bin/whois usr.sbin/cron usr.sbin/ikectl usr.sbin/ldapd usr.sbin/tcpdump usr.sbin/ypldap == bin =============================================================== 01/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/bin ksh ~ history.c > Another aresize() -> areallocarray(). > ok nicm@ (mmcc@) == lib =============================================================== 02/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib libc ~ gen/times.c > (struct timezone *)0 -> NULL (mmcc@) ~ gen/auth_subr.c > (struct timezone *)NULL -> NULL (mmcc@) ~ sys/kill.2 > kill 0 has worked for ages, no idea how the man page could be so innacurate > so long; ok guenther (deraadt@) libcrypto ~ man/EVP_AEAD_CTX_init.3 > Add EVP_aead_chacha20_poly1305_ietf() - The informational RFC 7539, > "ChaCha20 and Poly1305 for IETF Protocols", introduced a modified AEAD > construction that is incompatible with the common style that has been > already used in TLS with EVP_aead_chacha20_poly1305(). The IETF > version also adds a constant (salt) that is prepended to the nonce. > OK mikeb@ jsing@ (reyk@) ~ crypto/shlib_version > bump minors after adding EVP_aead_chacha20_poly1305_ietf() > OK jsing@ (reyk@) libssl ~ src/crypto/evp/e_chacha20poly1305.c ~ src/crypto/evp/evp.h > Add EVP_aead_chacha20_poly1305_ietf() - The informational RFC 7539, > "ChaCha20 and Poly1305 for IETF Protocols", introduced a modified AEAD > construction that is incompatible with the common style that has been > already used in TLS with EVP_aead_chacha20_poly1305(). The IETF > version also adds a constant (salt) that is prepended to the nonce. > OK mikeb@ jsing@ (reyk@) ~ ssl/shlib_version > bump minors after adding EVP_aead_chacha20_poly1305_ietf() > OK jsing@ (reyk@) ~ src/crypto/evp/e_chacha20poly1305.c > Fix typo in comment of previous commit: "that that". (reyk@) libtls ~ shlib_version > bump minors after adding EVP_aead_chacha20_poly1305_ietf() > OK jsing@ (reyk@) == libexec =========================================================== 03/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/libexec ld.so ~ arm/rtld_machine.c ~ sh/rtld_machine.c > Fix typo: s/DT_JUMPREL/DT_JMPREL/ (guenther@) ~ resolve.c ~ resolve.h ~ alpha/rtld_machine.c ~ amd64/rtld_machine.c ~ arm/rtld_machine.c ~ hppa/rtld_machine.c ~ i386/rtld_machine.c ~ m88k/rtld_machine.c ~ mips64/rtld_machine.c ~ powerpc/rtld_machine.c ~ sh/rtld_machine.c ~ sparc/rtld_machine.c ~ sparc64/rtld_machine.c > Factor out the logic for mprotecting the memory between two symbols into > a new MI routine _dl_protect_segment(), and use that for protecting the > GOT and--on some archs--the PLT. > Amazing testing turnaround by miod@, who apparently violated relativity > to get back results on some archs as fast as he did (guenther@) ~ dl_prebind.h > Remove duplicate declaration (guenther@) == regress =========================================================== 04/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress lib ~ libcrypto/aead/aeadtest.c ~ libcrypto/aead/aeadtests.txt > Add EVP_aead_chacha20_poly1305_ietf() - The informational RFC 7539, > "ChaCha20 and Poly1305 for IETF Protocols", introduced a modified AEAD > construction that is incompatible with the common style that has been > already used in TLS with EVP_aead_chacha20_poly1305(). The IETF > version also adds a constant (salt) that is prepended to the nonce. > OK mikeb@ jsing@ (reyk@) usr.sbin ~ syslogd/Client.pm ~ syslogd/RSyslogd.pm ~ syslogd/args-rsyslog-client-tcp.pl + syslogd/args-rsyslog-client-tls.pl > Test that rsyslogd can send over TLS to OpenBSD syslogd. (bluhm@) == sbin ============================================================== 05/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin mount_msdos ~ mount_msdos.c > remove unused variables > ok krw@ millert@ (chl@) == share ============================================================= 06/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share man ~ man9/printf.9 > Remove space before colon. (mmcc@) ~ man9/Makefile ~ man9/ml_init.9 ~ man9/mq_init.9 > provide ml_purge and mq_purge. > these are modelled on IF_PURGE or IFQ_PURGE. they m_freem all the > mbufs on an mbuf list or queue. > ok jmatthew@ mpi@ (dlg@) ~ man4/carp.4 > Stop mentionning ARP load balancing. (mpi@) == sys =============================================================== 07/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys arch/mips64/include ~ param.h > Only define KERNBASE if defined(_KERNEL), for nothing in userland needs it, > and only if not already defined. Allows for KERNBASE to be defined > elsewhere. (miod@) arch/sgi/conf ~ GENERIC-IP22 ~ GENERIC-IP26 ~ GENERIC-IP27 ~ GENERIC-IP28 ~ GENERIC-IP30 ~ GENERIC-IP32 ~ RAMDISK-IP22 ~ RAMDISK-IP26 ~ RAMDISK-IP27 ~ RAMDISK-IP28 ~ RAMDISK-IP30 ~ RAMDISK-IP32 > Define KERNBASE in addition to LINK_ADDRESS. (miod@) arch/sparc/include ~ intr.h > intr_barrier() stub. > ok miod@ (mpi@) arch/sparc/sparc ~ intr.c > intr_barrier() stub. > ok miod@ (mpi@) dev/ic ~ re.c ~ rtl81x9reg.h > later variants of these chips can support bigger rx and tx rings. this > diff expands them so devices that need more packets per interrupt can > use them. > this is all from brad@ > tested by jim smith and benjamin perrault on APUs > tested by me on 8139s (which dont support bit rings) on landisk, and > 8169s (dlg@) dev/pci ~ pcidevs > add some "Broadwell H" ids and another asmedia xhci (jsg@) ~ pcidevs.h ~ pcidevs_data.h > regen (jsg@) ~ xhci_pci.c > Mark xhci_intr() as IPL_MPSAFE since it only schedules a soft-interrupt. > ok visa@ (mpi@) ~ ehci_pci.c > Delay root hub interrupt processing to the soft-interrupt path in order > to mark ehci_intr() as IPL_MPSAFE. > Earlier version tested by ratchov@, ok visa@ (mpi@) dev/usb ~ xhci.c > Mark xhci_intr() as IPL_MPSAFE since it only schedules a soft-interrupt. > ok visa@ (mpi@) ~ ehci.c ~ ehcivar.h > Delay root hub interrupt processing to the soft-interrupt path in order > to mark ehci_intr() as IPL_MPSAFE. > Earlier version tested by ratchov@, ok visa@ (mpi@) kern ~ uipc_mbuf.c > provide ml_purge and mq_purge. > these are modelled on IF_PURGE or IFQ_PURGE. they m_freem all the > mbufs on an mbuf list or queue. > ok jmatthew@ mpi@ (dlg@) ~ kern_pledge.c > also handle the kill(self) case for threads; from Theo Buehler (deraadt@) ~ exec_elf.c ~ kern_exec.c ~ kern_ktrace.c ~ kern_pledge.c ~ kern_sig.c ~ tty.c ~ tty_pty.c ~ uipc_usrreq.c ~ vfs_lookup.c ~ vfs_syscalls.c > move the pledgenote annotation from `struct proc' to `struct nameidata' > pledgenote is used for annotate the policy for a namei context. So make it > tracking the nameidata. > It is expected for the caller to explicitly define the policy. It is a > kernel > bug to not do so. > ok deraadt@ (semarie@) ~ kern_pledge.c > use binary-search for pledge-request > (semblable diff proposed by Peter J. Philipp) > "no problem" deraadt@ (semarie@) ~ kern_pledge.c > some tweaks to the signal code. > allow signals to any thread (they'll be checked within process later). > guenther also notes the pid check should be process pid, not proc pid. > (tedu@) net ~ if_spppsubr.c ~ if_sppp.h > sppp_pick is unused, it can go away. (dlg@) ~ bridgestp.c > Some of the bridge code is running in splsoftnet now, change the > splassert() in bstp_notify_rtage() from IPL_NET to IPL_SOFTNET > accordingly. > OK mpi@ (reyk@) ~ if.c ~ route.c ~ rtable.c ~ rtable.h ~ rtsock.c > Merge rtable_mpath_match() into rtable_lookup(). > ok bluhm@ (mpi@) ~ if_ppp.c > get rid of the "fastq", which is where this driver puts ip packets > with IPTOS_LOWDELAY set. > this complicates efforts to clean up the send queue, and is probably > better done by queues in pf than unconditionally in a single driver. > ok sthen@ (dlg@) netinet ~ if_ether.c > Rename the list of arp entries to arp_list. This is consistent to > the other arp variables and nd6. Convert a hand-crafted loop to > LIST_FOREACH_SAFE. > OK mpi@ (bluhm@) ~ if_ether.c ~ ip_carp.c ~ ip_carp.h > Retire ARP load-balacing, thanks for all the fish! > One of the keys of our MP work relies on making OpenBSD's kernel simpler! > In this case turning ARP processing MP-safe is quite complicated due to > the way carp(4) is hooked in arpinput() and nowadays you'd better run > kitchensinkd(9) anyway :) > ok bluhm@, claudio@, reyk@ (mpi@) ~ ip_carp.c > Remove leftovers from previous carp(4)-to-relayd(8) conversion diff. > Pointed by and ok reyk@ (mpi@) netinet6 ~ ip6_forward.c > Stop using rt_ifp. > ok bluhm@ (mpi@) ~ nd6.c ~ nd6.h ~ nd6_nbr.c ~ nd6_rtr.c > Prefer an existing refcounted ``ifp'' to rt_ifp when possible or use the > interface index directly. > ok bluhm@ (mpi@) ~ nd6.c ~ nd6.h > Implement the list of nd6 llinfo entries with a TAILQ. > OK millert@ mpi@ (bluhm@) ~ nd6_rtr.c > typo in comment (sthen@) ~ in6.c ~ nd6_nbr.c > Retire ARP load-balacing, thanks for all the fish! > One of the keys of our MP work relies on making OpenBSD's kernel simpler! > In this case turning ARP processing MP-safe is quite complicated due to > the way carp(4) is hooked in arpinput() and nowadays you'd better run > kitchensinkd(9) anyway :) > ok bluhm@, claudio@, reyk@ (mpi@) sys ~ mbuf.h > provide ml_purge and mq_purge. > these are modelled on IF_PURGE or IFQ_PURGE. they m_freem all the > mbufs on an mbuf list or queue. > ok jmatthew@ mpi@ (dlg@) ~ namei.h ~ pledge.h ~ proc.h > move the pledgenote annotation from `struct proc' to `struct nameidata' > pledgenote is used for annotate the policy for a namei context. So make it > tracking the nameidata. > It is expected for the caller to explicitly define the policy. It is a > kernel > bug to not do so. > ok deraadt@ (semarie@) ~ syscall_mi.h > make systrace and pledge play nice again. ok deraadt (tedu@) == usr.bin =========================================================== 08/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin rcs ~ buf.c ~ ci.c ~ diff3.c ~ ident.c ~ rcs.c ~ rcsclean.c ~ rcsdiff.c ~ rcsmerge.c ~ rcsnum.c > Allow rcsnum_free and buf_free to accept NULL and remove various NULL > checks that are now unnecessary, from Michael W Bombardieri. ok millert > (nicm@) signify ~ signify.c > Make signify's stdout line buffered. This allows to run the verbose > output through a pipe and still see the progress immediately. > OK tedu@ (bluhm@) uniq ~ uniq.c > Cast isdigit()'s argument to an unsigned char. > ok millert@, jca@ (mmcc@) whois ~ whois.c > Cast isdigit()'s argument to unsigned char. > ok millert@ (mmcc@) ~ whois.1 ~ whois.c > add support for whois -I, to use whois.iana.org (root zone database). > ok millert@, tweak/"everything else looks fine" jmc@ (sthen@) ~ whois.1 > remove Tn macros ("Tradename") from things which are actually hostnames, > ok jmc (sthen@) == usr.sbin ========================================================== 09/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin cron ~ crontab.c > Use setegid() directly instead of swap_gids() / swap_gids_back(). > OK jca@ nicm@ (millert@) ikectl ~ ikeca.c ~ ikectl.8 ~ ikectl.c ~ parser.c ~ parser.h > Accept an ocsp option when creating certificates to set the extended > key usage for OCSP signing. > Requested by and ok reyk@ (jsg@) ~ ikeca.c ~ ikeca.cnf > sign csrs with openssl ca instead of x509 -req > This way openssl will add valid signed certs to the index file > which is required to use the builtin openssl OCSP server. > This change requires installing a new ikeca.cnf or updating > the default cnf files with equivalent sections. > Requested by and ok reyk@ (jsg@) ~ ikeca.c ~ ikeca.cnf > switch from using sha1 to sha256 > As the ca section of the cnf file requires a default_md line > (unlike req) this change also requires updating the installed ikeca.cnf > or equivalent files. > Requested by and ok reyk@ who also tested this against ios9 with iked. > (jsg@) ldapd ~ ldapd.c ~ ldape.c > Both ldapd processes need "stdio" to talk to clients and each other. > The parent process opens database files ("rpath wpath cpath"), sends fds to > the child ("sendfd"), and does bsd auth on behalf of the child ("getpw proc > exec"). > The child process accepts client connections ("inet unix"), receives fds > from > the parent ("recvfd") and locks database files ("flock"). > ok deraadt@ (jmatthew@) ~ conn.c ~ control.c ~ ldapd.c ~ ldapd.h ~ ldape.c ~ util.c > use SOCK_NONBLOCK instead of fcntl > ok dlg@ (jmatthew@) tcpdump ~ print-icmp6.c > Print RDNSS nameserver addresses, and print option names for some other > known options that we don't otherwise decode yet (DNSSL, route > information). > ok mpi@ (sthen@) ypldap ~ ypldap.c > use SOCK_NONBLOCK instead of fcntl > ok dlg@ (jmatthew@) =============================================================================== _______________________________________________ odc mailing list [email protected] http://www.squish.net/mailman/listinfo/odc
