OpenBSD src changes summary for 2016-09-22 ==========================================
distrib/miniroot lib lib/libc lib/libcrypto lib/libssl regress/usr.sbin share/man sys/arch/armv7/imx sys/arch/i386/isa sys/dev sys/dev/pci sys/kern sys/lib/libkern sys/net sys/netinet sys/sys sys/tmpfs usr.bin/openssl usr.bin/ssh usr.sbin/relayd usr.sbin/sysmerge usr.sbin/ypserv == distrib =========================================================== 01/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib miniroot ~ install.sub > vi is not available on the install media. > Besides ... real men use ed! > OK krw halex deraadt (rpe@) ~ install.sub > The tape install method is gone for a while already. > Remove leftovers. > OK krw halex deraadt (rpe@) == lib =============================================================== 02/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib lib ~ check_sym > Add copyright (guenther@) ~ check_sym > Simplify mips64 GOTSYM bits to eliminate a couple temp files > Remove extra file truncation that the at-start bits rendered superfluous > (guenther@) libc ~ arch/m88k/DEFS.h ~ arch/m88k/SYS.h ~ arch/m88k/sys/cerror.S > Simplify __cerror now that %r27 is always the TCB pointer. > Don't need a PLT relocation for __cerror. > Move macros for doing internal aliases in ASM from SYS.h to DEFS.h > __cerror tweaks by Miod Vallat, testing by aoyama@ (guenther@) ~ arch/m88k/Symbols.list > m88k switched to RELRO (guenther@) ~ arch/m88k/gen/_setjmp.S ~ arch/m88k/gen/setjmp.S ~ arch/m88k/gen/sigsetjmp.S > Switch from calling obsolete sig{block,setmask} to directly using the > sigprocmask syscall. > abort() can't return, so simplify the call, and use the internal name to > avoid the PLT. > no-return observation by Miod Vallat, testing by aoyama@ (guenther@) libcrypto ~ doc/EVP_EncryptInit.pod > revert documentation update for the clearning behavior we already reverted > (bcook@) libssl ~ src/crypto/evp/evp_enc.c TAGGED OPENBSD_6_0 > back out calls to EVP_CIPHER_CTX_cleanup() in EVP_Encrypt/DecryptFinal > Software that refers to ctx after calling Final breaks with these changes. > revert parts of 1.31. ok jsing@ (bcook@) ~ src/crypto/opensslv.h TAGGED OPENBSD_6_0 > bump version for 2.4.3 (bcook@) ~ src/crypto/opensslv.h TAGGED OPENBSD_5_9 > bump version for 2.3.8 (bcook@) ~ t1_lib.c TAGGED OPENBSD_5_9 > Improve ticket validity checking when tlsext_ticket_key_cb() callback > chooses a different HMAC algorithm. > Avert memory leaks if the callback preps the HMAC in some way. > Based on openssl commit 1bbe48ab149893a78bf99c8eb8895c928900a16f > but retaining a pre-callback length check to guarantee the callback > is provided the buffer that the API claims. > ok bcook@ jsing@ (guenther@) ~ s3_srvr.c TAGGED OPENBSD_5_9 > Check for packet with truncated DTLS cookie. > Flip pointer comparison logic to avoid beyond-end-of-buffer pointers > to make it less likely a compiler will decide to screw you. > Based on parts of openssl commits > 6f35f6deb5ca7daebe289f86477e061ce3ee5f46 and > 89c2720298f875ac80777da2da88a64859775898 > ok jsing@ (guenther@) ~ t1_lib.c TAGGED OPENBSD_5_9 > Avoid unbounded memory growth, which can be triggered by a client > repeatedly renegotiating and sending OCSP Status Request TLS extensions. > Fix based on OpenSSL. (jsing@) ~ ssl_lib.c TAGGED OPENBSD_5_9 > Improve on code from the previous commit. > ok bcook@ (jsing@) ~ src/ssl/t1_lib.c TAGGED OPENBSD_5_9 > MFC: Avoid unbounded memory growth in libssl, which can be triggered by a > TLS client repeatedly renegotiating and sending OCSP Status Request TLS > extensions. (jsing@) ~ src/ssl/ssl_lib.c TAGGED OPENBSD_5_9 > MFC: Avoid falling back to a weak digest for (EC)DH when using SNI with > libssl. (jsing@) ~ src/ssl/t1_lib.c TAGGED OPENBSD_6_0 > MFC: Avoid unbounded memory growth in libssl, which can be triggered by a > TLS client repeatedly renegotiating and sending OCSP Status Request TLS > extensions. (jsing@) ~ src/ssl/ssl_lib.c TAGGED OPENBSD_6_0 > MFC: Avoid falling back to a weak digest for (EC)DH when using SNI with > libssl. (jsing@) == regress =========================================================== 03/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress usr.sbin ~ relayd/Client.pm ~ relayd/Server.pm > Call setsockopt(2) before listen(2) in relayd tests and adjust some > error messages. (bluhm@) == share ============================================================= 04/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share man ~ man9/timeout.9 > Introduce a new 'softclock' thread that will be used to execute timeout > callbacks needing a process context. > The function timeout_set_proc(9) has to be used instead of timeout_set(9) > when a timeout callback needs a process context. > Note that if such a timeout is waiting, understand sleeping, for a non > negligible amount of time it might delay other timeouts needing a process > context. > dlg@ agrees with this as a temporary solution. > Manpage tweaks from jmc@ > ok kettenis@, bluhm@, mikeb@ (mpi@) == sys =============================================================== 05/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys arch/armv7/imx ~ if_fec.c > Periodically call mii_tick() like all our other ethernet drivers that use > mii(4). Should fix the link negotiation issues that people have been > seeing. > ok jsg@, mikeb@, guenther@ (kettenis@) arch/i386/isa ~ isa_machdep.c > Fix indentation. No binary change. (jsg@) dev ~ radio.c > Fix indentation of a break statement. No binary change. (jsg@) ~ rnd.c > Stop pushing version & cfdata into as entropy, since the contents are > known and we rely on the bootpath to prime us anyways. > This also solves the issue raised by kettenis, of version potentially > being non-word aligned > ok kettenis djm (deraadt@) dev/pci ~ if_iwm.c > Simplify assignment of sgi_ok variable in iwm_setrates(). No functional > change. (stsp@) ~ if_iwm.c > Remove some unused cruft from iwm, including a local namespace-polluting > definition of an ieee80211_tu_to_usec() macro... (stsp@) kern ~ init_main.c ~ kern_timeout.c > Introduce a new 'softclock' thread that will be used to execute timeout > callbacks needing a process context. > The function timeout_set_proc(9) has to be used instead of timeout_set(9) > when a timeout callback needs a process context. > Note that if such a timeout is waiting, understand sleeping, for a non > negligible amount of time it might delay other timeouts needing a process > context. > dlg@ agrees with this as a temporary solution. > Manpage tweaks from jmc@ > ok kettenis@, bluhm@, mikeb@ (mpi@) lib/libkern ~ arch/arm/divsi3.S > Add aeabi aliases. > ok guenther@, patrick@ (kettenis@) net ~ pf.c > Fix indentation. No binary change. (jsg@) ~ if.c > Raise spl level to IPL_SOFTNET before calling rt_ifmsg(). > From dhill@, found the hardway by semarie@ (mpi@) netinet ~ ip_input.c > Fix indentation. No binary change. > ok mpi@ (jsg@) sys ~ timeout.h > Introduce a new 'softclock' thread that will be used to execute timeout > callbacks needing a process context. > The function timeout_set_proc(9) has to be used instead of timeout_set(9) > when a timeout callback needs a process context. > Note that if such a timeout is waiting, understand sleeping, for a non > negligible amount of time it might delay other timeouts needing a process > context. > dlg@ agrees with this as a temporary solution. > Manpage tweaks from jmc@ > ok kettenis@, bluhm@, mikeb@ (mpi@) tmpfs ~ tmpfs_subr.c > Fix indentation. No binary change. (jsg@) == usr.bin =========================================================== 06/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin openssl ~ openssl.1 > shorten x509; (jmc@) ~ openssl.1 > some minor cleanup; (jmc@) ~ openssl.1 > trim STANDARDS; ok jsing (jmc@) ssh ~ sshconnect2.c > If ssh receives a PACKET_DISCONNECT during userauth it will cause > ssh_dispatch_run(DISPATCH_BLOCK, ...) to return without the session > being authenticated. Check for this and exit if necessary. ok djm@ > (dtucker@) ~ kex.c ~ myproposal.h > support plain curve25519-sha256 KEX algorithm now that it is > approaching standardisation (same algorithm is currently supported > as curve25519-sha...@libssh.org) (djm@) ~ sshd_config.5 ~ ssh_config.5 > mention curve25519-sha256 KEX (djm@) ~ sshd_config.5 > organise the token stuff into a separate section; > ok markus for an earlier version of the diff > ok/tweaks djm (jmc@) ~ kex.h > missing bit from previous commit (djm@) == usr.sbin ========================================================== 07/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin relayd ~ relay.c > correct invalid use of sizeof > ok krw@ millert@ claudio@ (jsg@) ~ relay.c > Change function arguments from "unsigned char keyname[16]" to > "unsigned char *keyname" to make it clear that an array size can not > be inferred. Suggested by millert@ (jsg@) sysmerge ~ sysmerge.sh > Make sure we don't have conflicting UIDs/GIDs when adding user/group. > reported by florian@ (ajacoutot@) ypserv ~ mkalias/mkalias.c > include time.h for time() (jsg@) =============================================================================== _______________________________________________ odc mailing list odc@squish.net http://www.squish.net/mailman/listinfo/odc