OpenBSD src changes summary for 2016-05-03 ==========================================
distrib/special etc/mail/smtpd.conf etc/rc.d/rc.subr lib/libedit lib/libpcap lib/libssl regress/sys regress/usr.bin regress/usr.sbin sbin/dhclient sbin/ifconfig sys/arch/alpha/include sys/arch/amd64/amd64 sys/arch/i386/i386 sys/arch/macppc/include sys/arch/sparc64/sparc64 sys/conf sys/dev/acpi sys/dev/pci sys/kern sys/net sys/netinet usr.bin/ssh usr.bin/telnet usr.bin/tmux usr.sbin/smtpd usr.sbin/tcpdump usr.sbin/user == distrib =========================================================== 01/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib special ~ ifconfig/Makefile > Also remove -DINET6 here, noticed by tedu > -DKAME_SCOPEID can go away too, meaningless since 2006 (jca@) == etc =============================================================== 02/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/etc mail/smtpd.conf ~ mail/smtpd.conf > listen directive may use a table for authentication, to make this work the > table has to be defined BEFORE > consequently move all tables in the examples to the beginning and before > the > listen directive to avoid tables not being found > no functional change > ran into this myself earlier, also reported by cjones via irc > ok gilles (jung@) rc.d/rc.subr ~ rc.d/rc.subr > signal name should be first, fixes reload; ok deraadt@ (otto@) == lib =============================================================== 03/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib libedit ~ Makefile ~ makelist + editline.c + historyn.c + tokenizern.c > The files editline.c, historyn.c, and tokenizern.c are completely > constant and very short and simple. Check them into CVS rather > than generating them at build time in a complicated way. > OK martijn@, also proofread by Christian Heckendorf <mbie at ulmus dot me> > (schwarze@) ~ Makefile ~ editline.c ~ makelist ~ map.c > Combine help.h and help.c into a simplified help.h > and include it only in the one file needing it, map.c. > Also delete makelist -bc. > OK martijn@, also proofread by Christian Heckendorf <mbie at ulmus dot me> > (schwarze@) libpcap ~ pcap-bpf.c > Move to /dev/bpf; ok lteo (natano@) libssl ~ src/crypto/asn1/a_d2i_fp.c ~ src/crypto/asn1/a_type.c ~ src/crypto/asn1/tasn_dec.c ~ src/crypto/asn1/tasn_enc.c ~ src/crypto/evp/e_aes_cbc_hmac_sha1.c ~ src/crypto/evp/encode.c ~ src/crypto/evp/evp_enc.c + src/crypto/constant_time_locl.h > patch from openssl for multiple issues: > missing padding check in aesni functions > overflow in evp encode functions > use of invalid negative asn.1 types > ok beck (tedu@) ~ src/crypto/asn1/a_d2i_fp.c ~ src/crypto/asn1/a_type.c ~ src/crypto/asn1/tasn_dec.c ~ src/crypto/asn1/tasn_enc.c ~ src/crypto/evp/e_aes_cbc_hmac_sha1.c ~ src/crypto/evp/encode.c ~ src/crypto/evp/evp_enc.c + src/crypto/constant_time_locl.h TAGGED OPENBSD_5_8 > backport patch from openssl for multiple issues: > missing padding check in aesni functions > overflow in evp encode functions > use of invalid negative asn.1 types > ok beck (tedu@) ~ src/crypto/asn1/a_d2i_fp.c ~ src/crypto/asn1/a_type.c ~ src/crypto/asn1/tasn_dec.c ~ src/crypto/asn1/tasn_enc.c ~ src/crypto/evp/e_aes_cbc_hmac_sha1.c ~ src/crypto/evp/encode.c ~ src/crypto/evp/evp_enc.c ~ src/ssl/s3_pkt.c + src/crypto/constant_time_locl.h TAGGED OPENBSD_5_9 > backport patch from openssl for multiple issues: > missing padding check in aesni functions > overflow in evp encode functions > use of invalid negative asn.1 types > ok beck (tedu@) ~ src/crypto/opensslv.h TAGGED OPENBSD_5_9 > bump to 2.3.4 (bcook@) ~ src/crypto/evp/encode.c TAGGED OPENBSD_5_9 > prefer limits.h over sys/limits.h (bcook@) ~ src/crypto/opensslv.h TAGGED OPENBSD_5_8 > bump to 2.2.7 (bcook@) ~ src/crypto/evp/encode.c TAGGED OPENBSD_5_8 > prefer limits.h over sys/limits.h (bcook@) ~ src/crypto/evp/encode.c TAGGED OPENBSD_5_8 > prefer limits.h over sys/limits.h (bcook@) == regress =========================================================== 04/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress sys ~ kern/sosplice/Proc.pm ~ kern/sosplice/Remote.pm ~ kern/sosplice/funcs.pl ~ kern/sosplice/error/remote.pl ~ net/pf_divert/Proc.pm ~ net/pf_divert/Remote.pm > Fix some Perl statements perlcritic was bitching about: Variable > declared in conditional statement. (bluhm@) usr.bin ~ ssh/cert-userkey.sh > Use a subshell for constructing key types to work around different sed > behaviours for -portable. (dtucker@) ~ ssh/unittests/sshbuf/test_sshbuf_misc.c > unit tests for sshbuf_dup_string() (djm@) ~ ssh/agent-getpeereid.sh > support doas (djm@) ~ ssh/cfginclude.sh > Set umask to prevent "Bad owner or permissions" errors. (dtucker@) ~ Makefile + fold/Makefile + fold/fold.sh > Regression tests for fold(1). > The lines containing SKIPUTF8 will be removed once the utility is fixed. > (schwarze@) ~ fmt/fmt.sh > These tests depended on whatever the user's locale was, > and the last one failed for LC_CTYPE=C. > Instead, ignore the user's locale and run each test twice, > once for UTF-8 and once for US-ASCII. > Problem reported by deraadt@. (schwarze@) ~ sed/sedtest.expected > Fix test after changing default column size from 60 to 80. > OK bentley@ (martijn@) usr.sbin ~ syslogd/RSyslogd.pm ~ syslogd/args-rsyslog-client-tcp.pl ~ syslogd/args-rsyslog-client-tls.pl ~ syslogd/args-rsyslog-client-udp.pl ~ syslogd/args-rsyslog-tcp.pl ~ syslogd/args-rsyslog-tls.pl ~ syslogd/args-rsyslog-udp.pl > To test syslogd compatibility rsyslog is used as remote server. > New rsyslog has other options and debug output, adapt test. (bluhm@) ~ httpd/tests/Proc.pm ~ httpd/tests/funcs.pl ~ httpd/tests/httpd.pl ~ ospfd/Proc.pm ~ relayd/Proc.pm ~ relayd/Remote.pm ~ relayd/funcs.pl ~ relayd/relayd.pl ~ relayd/remote.pl ~ syslogd/Proc.pm ~ syslogd/syslogd.pl > Fix some Perl statements perlcritic was bitching about: Variable > declared in conditional statement. (bluhm@) == sbin ============================================================== 05/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin dhclient ~ bpf.c ~ dhclient.8 > Move to /dev/bpf; ok tb jmc (natano@) ifconfig ~ Makefile ~ ifconfig.c > Remove INET6 #ifdefs > ifconfig.c doesn't build without -DINET6, and those #ifdefs clutter the > code. ok bluhm@ henning@ (jca@) == sys =============================================================== 06/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys arch/alpha/include ~ bus.h > alias bus_space_{read,write}_raw to the non-raw counterparts > busses are little endian, so the non-raw ops are raw anyway. fixes > the kernel build after xge grew the use of the raw ops. (dlg@) arch/amd64/amd64 ~ cpu.c > Revert previous commit. Calling sched_init_cpu() from > cpu_boot_secondary_processors() break suspend/resume. (kettenis@) arch/i386/i386 ~ cpu.c > Revert previous commit. Calling sched_init_cpu() from > cpu_boot_secondary_processors() break suspend/resume. (kettenis@) arch/macppc/include ~ bus.h > implement bus_space_read_raw_X and bus_space_write_raw_X > with feedback from kettenis@ > fixes building a kernel with xge, which might actually work on these > machines now. (dlg@) arch/sparc64/sparc64 ~ cpu.c > Revert previous commit. Calling sched_init_cpu() from > cpu_boot_secondary_processors() break suspend/resume. (kettenis@) conf ~ files > Stop using a soft-interrupt context to process incoming network packets. > Use a new task that runs holding the KERNEL_LOCK to execute mp-unsafe > code. Our current goal is to progressively move input functions to the > unlocked task. > This gives a small performance boost confirmed by Hrvoje Popovski's > IPv4 forwarding measurement: > before: after: > send receive send receive > 400kpps 400kpps 400kpps 400kpps > 500kpps 500kpps 500kpps 500kpps > 600kpps 600kpps 600kpps 600kpps > 650kpps 650kpps 650kpps 640kpps > 700kpps 700kpps 700kpps 700kpps > 720kpps 640kpps 720kpps 710kpps > 800kpps 640kpps 800kpps 650kpps > 1.4Mpps 570kpps 1.4Mpps 590kpps > 14Mpps 570kpps 14Mpps 590kpps > ok kettenis@, bluhm@, dlg@ (mpi@) dev/acpi ~ bytgpio.c > Print missing newline if we bail out because of a uid mismatch. (kettenis@) dev/pci ~ pcidevs > samsung use the same pci device id for multiple nvme parts (dlg@) ~ pcidevs.h ~ pcidevs_data.h > regen (dlg@) kern ~ init_main.c > Stop using a soft-interrupt context to process incoming network packets. > Use a new task that runs holding the KERNEL_LOCK to execute mp-unsafe > code. Our current goal is to progressively move input functions to the > unlocked task. > This gives a small performance boost confirmed by Hrvoje Popovski's > IPv4 forwarding measurement: > before: after: > send receive send receive > 400kpps 400kpps 400kpps 400kpps > 500kpps 500kpps 500kpps 500kpps > 600kpps 600kpps 600kpps 600kpps > 650kpps 650kpps 650kpps 640kpps > 700kpps 700kpps 700kpps 700kpps > 720kpps 640kpps 720kpps 710kpps > 800kpps 640kpps 800kpps 650kpps > 1.4Mpps 570kpps 1.4Mpps 590kpps > 14Mpps 570kpps 14Mpps 590kpps > ok kettenis@, bluhm@, dlg@ (mpi@) net ~ pf.c > Put back a panic() if an incoming packet already has a statekey. > Apparently nobody can hit this condition anymore or people do not > report bugs if their kernel do not panic. > ok dlg@, sashan@ (mpi@) - netisr.c ~ if.c ~ netisr.h > Stop using a soft-interrupt context to process incoming network packets. > Use a new task that runs holding the KERNEL_LOCK to execute mp-unsafe > code. Our current goal is to progressively move input functions to the > unlocked task. > This gives a small performance boost confirmed by Hrvoje Popovski's > IPv4 forwarding measurement: > before: after: > send receive send receive > 400kpps 400kpps 400kpps 400kpps > 500kpps 500kpps 500kpps 500kpps > 600kpps 600kpps 600kpps 600kpps > 650kpps 650kpps 650kpps 640kpps > 700kpps 700kpps 700kpps 700kpps > 720kpps 640kpps 720kpps 710kpps > 800kpps 640kpps 800kpps 650kpps > 1.4Mpps 570kpps 1.4Mpps 590kpps > 14Mpps 570kpps 14Mpps 590kpps > ok kettenis@, bluhm@, dlg@ (mpi@) netinet ~ ip_input.c > Make ip_forward() use the route entry fetched in in_ouraddr() when it is > possible. > This reduce the number of lookups to 1 for non-multicast traffic when PF > is disable. > Tested by Hrvoje Popovski who confirmed that benchmark numbers are now as > good as with a single cache entry. > ok visa@, bluhm@ (mpi@) == usr.bin =========================================================== 07/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin ssh ~ ttymodes.h > Implement IUTF8 as per draft-sgtatham-secsh-iutf8-00. Patch from Simon > Tatham, ok markus@ (dtucker@) ~ PROTOCOL.agent > add ed25519 keys that are supported but missing from this > documents; from Peter Moody (djm@) ~ PROTOCOL.certkeys > correct some typos and remove a long-stale XXX note. > add specification for ed25519 certificates > mention no host certificate options/extensions are currently defined > pointed out by Simon Tatham (djm@) ~ PROTOCOL.chacha20poly1305 > clarify ordering of subkeys; pointed out by ietf-ssh AT stbuehler.de (djm@) ~ ssh-keygen.1 > make nethack^wrandomart fingerprint flag more readily searchable > pointed out by Matt Johnston (djm@) ~ servconf.c > don't forget to include StreamLocalBindUnlink in the config > dump output (djm@) ~ servconf.c > fix overriding of StreamLocalBindMask and StreamLocalBindUnlink in > Match blocks; found the hard way Rogan Dawes (djm@) ~ ssh-keygen.1 > correct article; (jmc@) telnet ~ commands.c > telnet should not verify if hostname is a fully qualified domain > telnet would perform a gethostbyname on close/quit commands > when the machine hostname is not a fully qualified domain. > This behavior added on 12-March-98 breaks the current pledge > that "dns" operations are not needed after establishing > a connection leading to a coredump from telnet when > quiting or closing an existing connection. > OK chris@ (awolk@) tmux ~ window-copy.c > Some tidying of copy mode search functions, based on a diff from Lukasz > Piatkowski (initial changes to help some more to come). (nicm@) == usr.sbin ========================================================== 08/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin smtpd ~ smtpd.conf.5 > listen directive may use a table for authentication, to make this work the > table has to be defined BEFORE > consequently move all tables in the examples to the beginning and before > the > listen directive to avoid tables not being found > no functional change > ran into this myself earlier, also reported by cjones via irc > ok gilles (jung@) tcpdump ~ privsep_pcap.c ~ tcpdump.8 > Move to /dev/bpf; ok lteo (natano@) user ~ user.c > Fix regression on usermod/userdel by calling getpwnam_shadow(3) and saving > passwd hash early, instead of getpwnam(3), then close fds by calling > endpwent(3) and finally only call pledge(2) after it, otherwise on any > modification to the user it would destroy the passwd hash and therefore > forbidding him/her to login again to the machine. > Reported and tested by Edgar Pettijohn <edgar ! pettijohn-web at com> > According to deraadt@ "that looks better then" (mestre@) =============================================================================== _______________________________________________ odc mailing list [email protected] http://www.squish.net/mailman/listinfo/odc
