OpenBSD src changes summary for 2016-11-05 ==========================================
distrib/miniroot distrib/sets etc/Makefile games/fortune lib/libcrypto lib/libssl lib/libtls regress/lib regress/sys regress/usr.bin sys/arch/alpha/compile sys/arch/amd64/compile sys/arch/armv7/compile sys/arch/hppa/compile sys/arch/i386/compile sys/arch/landisk/compile sys/arch/loongson/compile sys/arch/loongson/dev sys/arch/loongson/include sys/arch/luna88k/compile sys/arch/macppc/compile sys/arch/octeon/compile sys/arch/octeon/dev sys/arch/sgi/compile sys/arch/socppc/compile sys/arch/sparc64/compile usr.bin/nc usr.bin/vi == distrib =========================================================== 01/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib miniroot ~ group ~ install.sub > Remove the obj, xobj and src directories from the base set. > The installer will create these directories during install. > So local setups will not get overwritten during upgrades. > idea from and OK deraadt@ > with help from and OK tb@ > feedback from and no objections halex@ (rpe@) sets ~ lists/base/mi > Remove the obj, xobj and src directories from the base set. > The installer will create these directories during install. > So local setups will not get overwritten during upgrades. > idea from and OK deraadt@ > with help from and OK tb@ > feedback from and no objections halex@ (rpe@) ~ lists/base/mi ~ lists/comp/mi > sync (deraadt@) ~ lists/comp/mi > sync (deraadt@) == etc =============================================================== 02/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/etc Makefile ~ Makefile > Remove the obj, xobj and src directories from the base set. > The installer will create these directories during install. > So local setups will not get overwritten during upgrades. > idea from and OK deraadt@ > with help from and OK tb@ > feedback from and no objections halex@ (rpe@) == games ============================================================= 03/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/games fortune ~ datfiles/fortunes2 > spelling fix from eric van gyzen, freebsd r308293; (jmc@) == lib =============================================================== 04/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib libcrypto ~ man/ASN1_time_parse.3 > further tweakage, with an improvement from joel; > ok jsing schwarze (jmc@) ~ bn/bn_mod.c > Stop abusing the ternary operator to decide which function to call in a > return statement. > ok beck@ jsing@ (miod@) ~ evp/e_aes_cbc_hmac_sha1.c ~ evp/e_rc4_hmac_md5.c > No need to duplicate definitions from evp.h locally. > ok bock@ jsing@ (miod@) ~ pem/pem_seal.c > Make sure PEM_SealInit() will correctly destroy the PEM_ENCODE_SEAL_CTX > upon error, as there is no way to do this outside of PEM_SealFinal(), which > can only work if PEM_SealInit() succeeded... > ok beck@ jsing@ (miod@) ~ pkcs12/p12_key.c > Do not leak the ressources possibly allocated by EVP_MD_CTX_init() in the > trivial error path of PKCS12_key_gen_uni(). > ok beck@ jsing@ (miod@) ~ ocsp/ocsp_vfy.c > X509_STORE_CTX_set_*() may fail, so check for errors. > ok beck@ (miod@) - doc/RC4.pod - doc/RIPEMD160.pod - doc/SHA1.pod - doc/bn.pod - doc/d2i_DHparams.pod - doc/d2i_DSAPublicKey.pod - doc/d2i_ECPKParameters.pod - doc/dh.pod - doc/dsa.pod - doc/ec.pod - doc/engine.pod - doc/lh_stats.pod ~ man/Makefile + man/RC4.3 + man/RIPEMD160.3 + man/SHA1.3 + man/bn.3 + man/d2i_DHparams.3 + man/d2i_DSAPublicKey.3 + man/d2i_ECPKParameters.3 + man/dh.3 + man/dsa.3 + man/ec.3 + man/engine.3 + man/lh_stats.3 > convert the remaining manual pages from pod to mdoc (schwarze@) ~ pkcs12/p12_utl.c > Stricter validation of inputs of OPENSSL_asc2uni() and OPENSSL_uni2asc(). > While there, try to make these slightly less obfuscated. > ok beck@ jsing@ (miod@) ~ man/PKCS7_decrypt.3 > add the missing content, sorry for committing an empty file (schwarze@) ~ man/ASN1_generate_nconf.3 ~ man/EVP_AEAD_CTX_init.3 ~ man/EVP_PKEY_verify_recover.3 > minor mandoc -Tlint nits (schwarze@) ~ Makefile + curve25519/curve25519-generic.c + curve25519/curve25519.c + curve25519/curve25519.h + curve25519/curve25519_internal.h > Add support for X25519. > This brings in code from BoringSSL, which is mostly taken from SUPERCOP. > ok beck@ bcook@ (jsing@) ~ Makefile ~ man/Makefile > after getting rid of the pod files, clean up the Makefiles; ok bcook@ > (schwarze@) ~ shlib_version > bump minors for symbol addition for ocsp and x25519 symbol additions > (beck@) ~ pkcs7/pk7_doit.c ~ pkcs7/pk7_smime.c ~ ts/ts_rsp_verify.c > More X509_STORE_CTX_set_*() return value checks. > ok beck@ jsing@ (miod@) ~ ocsp/ocsp_ht.c ~ x509v3/pcy_tree.c > Check BIO_new*() for failure. > ok beck@ jsing@ (miod@) ~ objects/obj_mac.num ~ objects/objects.txt > Add objects for X25519, X448, Ed25519 and Ed448. > ok miod@ (jsing@) ~ x509/vpm_int.h ~ x509/x509_vfy.h ~ x509/x509_vpm.c > Part one of the alt chains changes, bring in newer modifications to > VERIFY_PARAMS - based on boringssl. > ok jsing@ miod@ (beck@) ~ man/BN_add.3 ~ man/BN_set_bit.3 ~ man/BN_zero.3 ~ man/Makefile ~ man/bn.3 + man/BN_set_negative.3 > document BN_set_negative() and BN_is_negative(); > feedback and OK bcook@, OK jsing@ (schwarze@) libssl ~ Makefile > Remove generated Symbols.map on make clean. > ok guenther@ (jsing@) ~ s3_clnt.c ~ ssl_locl.h ~ t1_lib.c > Convert ssl3_get_server_kex_ecdhe() to CBS, simplifying tls1_check_curve() > in the process. This also fixes a long standing bug where > tls1_ec_curve_id2nid() is called with only one byte of the curve ID. > ok beck@ miod@ (jsing@) - man/Makefile ~ Makefile + doc/Makefile > after getting rid of the pod files, clean up the Makefiles; ok bcook@ > (schwarze@) ~ shlib_version > bump minors for symbol addition for ocsp and x25519 symbol additions > (beck@) - doc/BIO_f_ssl.3 - doc/Makefile - doc/SSL_CIPHER_get_name.3 - doc/SSL_COMP_add_compression_method.3 - doc/SSL_CTX_add_extra_chain_cert.3 - doc/SSL_CTX_add_session.3 - doc/SSL_CTX_ctrl.3 - doc/SSL_CTX_flush_sessions.3 - doc/SSL_CTX_free.3 - doc/SSL_CTX_get_ex_new_index.3 - doc/SSL_CTX_get_verify_mode.3 - doc/SSL_CTX_load_verify_locations.3 - doc/SSL_CTX_new.3 - doc/SSL_CTX_sess_number.3 - doc/SSL_CTX_sess_set_cache_size.3 - doc/SSL_CTX_sess_set_get_cb.3 - doc/SSL_CTX_sessions.3 - doc/SSL_CTX_set_cert_store.3 - doc/SSL_CTX_set_cert_verify_callback.3 - doc/SSL_CTX_set_cipher_list.3 - doc/SSL_CTX_set_client_CA_list.3 - doc/SSL_CTX_set_client_cert_cb.3 - doc/SSL_CTX_set_default_passwd_cb.3 - doc/SSL_CTX_set_generate_session_id.3 - doc/SSL_CTX_set_info_callback.3 - doc/SSL_CTX_set_max_cert_list.3 - doc/SSL_CTX_set_mode.3 - doc/SSL_CTX_set_msg_callback.3 - doc/SSL_CTX_set_options.3 - doc/SSL_CTX_set_psk_client_callback.3 - doc/SSL_CTX_set_quiet_shutdown.3 - doc/SSL_CTX_set_session_cache_mode.3 - doc/SSL_CTX_set_session_id_context.3 - doc/SSL_CTX_set_ssl_version.3 - doc/SSL_CTX_set_timeout.3 - doc/SSL_CTX_set_tmp_dh_callback.3 - doc/SSL_CTX_set_tmp_rsa_callback.3 - doc/SSL_CTX_set_verify.3 - doc/SSL_CTX_use_certificate.3 - doc/SSL_CTX_use_psk_identity_hint.3 - doc/SSL_SESSION_free.3 - doc/SSL_SESSION_get_ex_new_index.3 - doc/SSL_SESSION_get_time.3 - doc/SSL_accept.3 - doc/SSL_alert_type_string.3 - doc/SSL_clear.3 - doc/SSL_connect.3 - doc/SSL_do_handshake.3 - doc/SSL_free.3 - doc/SSL_get_SSL_CTX.3 - doc/SSL_get_ciphers.3 - doc/SSL_get_client_CA_list.3 - doc/SSL_get_current_cipher.3 - doc/SSL_get_default_timeout.3 - doc/SSL_get_error.3 - doc/SSL_get_ex_data_X509_STORE_CTX_idx.3 - doc/SSL_get_ex_new_index.3 - doc/SSL_get_fd.3 - doc/SSL_get_peer_cert_chain.3 - doc/SSL_get_peer_certificate.3 - doc/SSL_get_psk_identity.3 - doc/SSL_get_rbio.3 - doc/SSL_get_session.3 - doc/SSL_get_verify_result.3 - doc/SSL_get_version.3 - doc/SSL_library_init.3 - doc/SSL_load_client_CA_file.3 - doc/SSL_new.3 - doc/SSL_pending.3 - doc/SSL_read.3 - doc/SSL_rstate_string.3 - doc/SSL_session_reused.3 - doc/SSL_set_bio.3 - doc/SSL_set_connect_state.3 - doc/SSL_set_fd.3 - doc/SSL_set_session.3 - doc/SSL_set_shutdown.3 - doc/SSL_set_verify_result.3 - doc/SSL_shutdown.3 - doc/SSL_state_string.3 - doc/SSL_want.3 - doc/SSL_write.3 - doc/d2i_SSL_SESSION.3 - doc/ssl.3 ~ Makefile + man/BIO_f_ssl.3 + man/Makefile + man/SSL_CIPHER_get_name.3 + man/SSL_COMP_add_compression_method.3 + man/SSL_CTX_add_extra_chain_cert.3 + man/SSL_CTX_add_session.3 + man/SSL_CTX_ctrl.3 + man/SSL_CTX_flush_sessions.3 + man/SSL_CTX_free.3 + man/SSL_CTX_get_ex_new_index.3 + man/SSL_CTX_get_verify_mode.3 + man/SSL_CTX_load_verify_locations.3 + man/SSL_CTX_new.3 + man/SSL_CTX_sess_number.3 + man/SSL_CTX_sess_set_cache_size.3 + man/SSL_CTX_sess_set_get_cb.3 + man/SSL_CTX_sessions.3 + man/SSL_CTX_set_cert_store.3 + man/SSL_CTX_set_cert_verify_callback.3 + man/SSL_CTX_set_cipher_list.3 + man/SSL_CTX_set_client_CA_list.3 + man/SSL_CTX_set_client_cert_cb.3 + man/SSL_CTX_set_default_passwd_cb.3 + man/SSL_CTX_set_generate_session_id.3 + man/SSL_CTX_set_info_callback.3 + man/SSL_CTX_set_max_cert_list.3 + man/SSL_CTX_set_mode.3 + man/SSL_CTX_set_msg_callback.3 + man/SSL_CTX_set_options.3 + man/SSL_CTX_set_psk_client_callback.3 + man/SSL_CTX_set_quiet_shutdown.3 + man/SSL_CTX_set_session_cache_mode.3 + man/SSL_CTX_set_session_id_context.3 + man/SSL_CTX_set_ssl_version.3 + man/SSL_CTX_set_timeout.3 + man/SSL_CTX_set_tmp_dh_callback.3 + man/SSL_CTX_set_tmp_rsa_callback.3 + man/SSL_CTX_set_verify.3 + man/SSL_CTX_use_certificate.3 + man/SSL_CTX_use_psk_identity_hint.3 + man/SSL_SESSION_free.3 + man/SSL_SESSION_get_ex_new_index.3 + man/SSL_SESSION_get_time.3 + man/SSL_accept.3 + man/SSL_alert_type_string.3 + man/SSL_clear.3 + man/SSL_connect.3 + man/SSL_do_handshake.3 + man/SSL_free.3 + man/SSL_get_SSL_CTX.3 + man/SSL_get_ciphers.3 + man/SSL_get_client_CA_list.3 + man/SSL_get_current_cipher.3 + man/SSL_get_default_timeout.3 + man/SSL_get_error.3 + man/SSL_get_ex_data_X509_STORE_CTX_idx.3 + man/SSL_get_ex_new_index.3 + man/SSL_get_fd.3 + man/SSL_get_peer_cert_chain.3 + man/SSL_get_peer_certificate.3 + man/SSL_get_psk_identity.3 + man/SSL_get_rbio.3 + man/SSL_get_session.3 + man/SSL_get_verify_result.3 + man/SSL_get_version.3 + man/SSL_library_init.3 + man/SSL_load_client_CA_file.3 + man/SSL_new.3 + man/SSL_pending.3 + man/SSL_read.3 + man/SSL_rstate_string.3 + man/SSL_session_reused.3 + man/SSL_set_bio.3 + man/SSL_set_connect_state.3 + man/SSL_set_fd.3 + man/SSL_set_session.3 + man/SSL_set_shutdown.3 + man/SSL_set_verify_result.3 + man/SSL_shutdown.3 + man/SSL_state_string.3 + man/SSL_want.3 + man/SSL_write.3 + man/d2i_SSL_SESSION.3 + man/ssl.3 > move manual pages from doc/ to man/ for consistency with other > libraries, in particular considering that there are unrelated > files in doc/; requested by jsing@ and beck@ (schwarze@) ~ s3_srvr.c > Do a partial CBB conversion of ssl3_send_server_key_exchange(), which will > make it easier to do further clean up. > ok beck@ miod@ (jsing@) ~ ssl_asn1.c > One of the error paths would attempt to access not-yet-initialized locals. > Simply return since there is nothing more to do. > Spotted by coverity. ok jsing@ beck@ (miod@) libtls ~ Makefile > Remove generated Symbols.map on make clean. > ok guenther@ (jsing@) ~ tls.c ~ tls_internal.h ~ tls_ocsp.c > rename ocsp_ctx to ocsp > ok jsing@ (beck@) ~ Symbols.list ~ tls.h ~ tls_config.c ~ tls_init.3 ~ tls_internal.h ~ tls_ocsp.c ~ tls_server.c > Add support for server side OCSP stapling to libtls. > Add support for server side OCSP stapling to netcat. (beck@) ~ shlib_version > bump minors for symbol addition for ocsp and x25519 symbol additions > (beck@) ~ tls_init.3 > tweak previous; (jmc@) ~ tls_init.3 > fix misplaced quote by tls_peer_ocsp_this_update (bcook@) == regress =========================================================== 05/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress lib ~ libcrypto/ocsp/Makefile > Set PROG so that the binary correctly gets recompiled when the libraries > it is linked against change. > ok beck@ jsing@ (miod@) ~ libcrypto/Makefile + libcrypto/curve25519/Makefile + libcrypto/curve25519/x25519test.c > Add regress for X25519, converted from BoringSSL. (jsing@) sys ~ net/vxlan/Makefile ~ net/vxlan/vxlan_subr + net/vxlan/vxlan_2.sh > Add regress tests for multicasts and dynamic vxlans (vgross@) usr.bin ~ mandoc/db/mlinks/mlinks.1 > add EXAMPLES and tweak some wording (schwarze@) ~ mandoc/db/mlinks/mlinks.1 > update example directory (bcook@) ~ mandoc/db/mlinks/mlinks.c > don't skip names that match the beginning of the file name; > joint work with bcook@ (schwarze@) ~ mandoc/db/mlinks/mlinks.c > fix previous; looks good to bcook@ (schwarze@) == sys =============================================================== 06/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys arch/alpha/compile ~ Makefile.inc > Two tweaks for compile/Makefile.inc: > 1) Replace '.elif !exists(${OBJDIR}/Makefile)' with just '.else'. espie > pointed out, that if the file existed, make wouldn't be reading this > file, so the check is superflous. Less clutter. > 2) Unconditionally define the 'clean' and 'cleandir' targets, also when > obj doesn't exist. This changes the behaviour of 'make clean' to be > successful (doing nothing) without obj@ or obj/. > ok tb millert deraadt (natano@) arch/amd64/compile ~ Makefile.inc > Two tweaks for compile/Makefile.inc: > 1) Replace '.elif !exists(${OBJDIR}/Makefile)' with just '.else'. espie > pointed out, that if the file existed, make wouldn't be reading this > file, so the check is superflous. Less clutter. > 2) Unconditionally define the 'clean' and 'cleandir' targets, also when > obj doesn't exist. This changes the behaviour of 'make clean' to be > successful (doing nothing) without obj@ or obj/. > ok tb millert deraadt (natano@) arch/armv7/compile ~ Makefile.inc > Two tweaks for compile/Makefile.inc: > 1) Replace '.elif !exists(${OBJDIR}/Makefile)' with just '.else'. espie > pointed out, that if the file existed, make wouldn't be reading this > file, so the check is superflous. Less clutter. > 2) Unconditionally define the 'clean' and 'cleandir' targets, also when > obj doesn't exist. This changes the behaviour of 'make clean' to be > successful (doing nothing) without obj@ or obj/. > ok tb millert deraadt (natano@) arch/hppa/compile ~ Makefile.inc > Two tweaks for compile/Makefile.inc: > 1) Replace '.elif !exists(${OBJDIR}/Makefile)' with just '.else'. espie > pointed out, that if the file existed, make wouldn't be reading this > file, so the check is superflous. Less clutter. > 2) Unconditionally define the 'clean' and 'cleandir' targets, also when > obj doesn't exist. This changes the behaviour of 'make clean' to be > successful (doing nothing) without obj@ or obj/. > ok tb millert deraadt (natano@) arch/i386/compile ~ Makefile.inc > Two tweaks for compile/Makefile.inc: > 1) Replace '.elif !exists(${OBJDIR}/Makefile)' with just '.else'. espie > pointed out, that if the file existed, make wouldn't be reading this > file, so the check is superflous. Less clutter. > 2) Unconditionally define the 'clean' and 'cleandir' targets, also when > obj doesn't exist. This changes the behaviour of 'make clean' to be > successful (doing nothing) without obj@ or obj/. > ok tb millert deraadt (natano@) arch/landisk/compile ~ Makefile.inc > Two tweaks for compile/Makefile.inc: > 1) Replace '.elif !exists(${OBJDIR}/Makefile)' with just '.else'. espie > pointed out, that if the file existed, make wouldn't be reading this > file, so the check is superflous. Less clutter. > 2) Unconditionally define the 'clean' and 'cleandir' targets, also when > obj doesn't exist. This changes the behaviour of 'make clean' to be > successful (doing nothing) without obj@ or obj/. > ok tb millert deraadt (natano@) arch/loongson/compile ~ Makefile.inc > Two tweaks for compile/Makefile.inc: > 1) Replace '.elif !exists(${OBJDIR}/Makefile)' with just '.else'. espie > pointed out, that if the file existed, make wouldn't be reading this > file, so the check is superflous. Less clutter. > 2) Unconditionally define the 'clean' and 'cleandir' targets, also when > obj doesn't exist. This changes the behaviour of 'make clean' to be > successful (doing nothing) without obj@ or obj/. > ok tb millert deraadt (natano@) arch/loongson/dev ~ bonitoreg.h > Move the definition of REGVAL into a common header to make it usable > outside bonito(4). > ok miod@ (visa@) arch/loongson/include ~ autoconf.h > Move the definition of REGVAL into a common header to make it usable > outside bonito(4). > ok miod@ (visa@) arch/luna88k/compile ~ Makefile.inc > Two tweaks for compile/Makefile.inc: > 1) Replace '.elif !exists(${OBJDIR}/Makefile)' with just '.else'. espie > pointed out, that if the file existed, make wouldn't be reading this > file, so the check is superflous. Less clutter. > 2) Unconditionally define the 'clean' and 'cleandir' targets, also when > obj doesn't exist. This changes the behaviour of 'make clean' to be > successful (doing nothing) without obj@ or obj/. > ok tb millert deraadt (natano@) arch/macppc/compile ~ Makefile.inc > Two tweaks for compile/Makefile.inc: > 1) Replace '.elif !exists(${OBJDIR}/Makefile)' with just '.else'. espie > pointed out, that if the file existed, make wouldn't be reading this > file, so the check is superflous. Less clutter. > 2) Unconditionally define the 'clean' and 'cleandir' targets, also when > obj doesn't exist. This changes the behaviour of 'make clean' to be > successful (doing nothing) without obj@ or obj/. > ok tb millert deraadt (natano@) arch/octeon/compile ~ Makefile.inc > Two tweaks for compile/Makefile.inc: > 1) Replace '.elif !exists(${OBJDIR}/Makefile)' with just '.else'. espie > pointed out, that if the file existed, make wouldn't be reading this > file, so the check is superflous. Less clutter. > 2) Unconditionally define the 'clean' and 'cleandir' targets, also when > obj doesn't exist. This changes the behaviour of 'make clean' to be > successful (doing nothing) without obj@ or obj/. > ok tb millert deraadt (natano@) arch/octeon/dev ~ if_cnmac.c > Do not show a device unit number in the cnmac interrupt name. The same > interrupt drives all the cnmac ports. > ok stsp@ (visa@) ~ if_cnmac.c > Drop unnecessary #ifdef MBUF_TIMESTAMP. (visa@) arch/sgi/compile ~ Makefile.inc > Two tweaks for compile/Makefile.inc: > 1) Replace '.elif !exists(${OBJDIR}/Makefile)' with just '.else'. espie > pointed out, that if the file existed, make wouldn't be reading this > file, so the check is superflous. Less clutter. > 2) Unconditionally define the 'clean' and 'cleandir' targets, also when > obj doesn't exist. This changes the behaviour of 'make clean' to be > successful (doing nothing) without obj@ or obj/. > ok tb millert deraadt (natano@) arch/socppc/compile ~ Makefile.inc > Two tweaks for compile/Makefile.inc: > 1) Replace '.elif !exists(${OBJDIR}/Makefile)' with just '.else'. espie > pointed out, that if the file existed, make wouldn't be reading this > file, so the check is superflous. Less clutter. > 2) Unconditionally define the 'clean' and 'cleandir' targets, also when > obj doesn't exist. This changes the behaviour of 'make clean' to be > successful (doing nothing) without obj@ or obj/. > ok tb millert deraadt (natano@) arch/sparc64/compile ~ Makefile.inc > Two tweaks for compile/Makefile.inc: > 1) Replace '.elif !exists(${OBJDIR}/Makefile)' with just '.else'. espie > pointed out, that if the file existed, make wouldn't be reading this > file, so the check is superflous. Less clutter. > 2) Unconditionally define the 'clean' and 'cleandir' targets, also when > obj doesn't exist. This changes the behaviour of 'make clean' to be > successful (doing nothing) without obj@ or obj/. > ok tb millert deraadt (natano@) == usr.bin =========================================================== 07/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin nc ~ nc.1 ~ netcat.c > Add support for server side OCSP stapling to libtls. > Add support for server side OCSP stapling to netcat. (beck@) ~ nc.1 ~ netcat.c > zap trailing whitespace, and add -o to usage() and help (-h); (jmc@) vi ~ build/recover > Remove syscall.ph from vi.recover > since perl-5.10 chdir supports fchdir > ok guenther@ (afresh1@) =============================================================================== _______________________________________________ odc mailing list [email protected] http://www.squish.net/mailman/listinfo/odc
