OpenBSD src changes summary for 2016-11-28 ==========================================
distrib/sets gnu lib/libcrypto lib/libssl regress/sys regress/usr.sbin sbin/ifconfig sbin/iked share/man sys/arch/landisk/stand/boot sys/arch/landisk/stand/xxboot sys/kern sys/net sys/netinet sys/netinet6 sys/sys usr.bin/tmux usr.sbin/tcpdump == distrib =========================================================== 01/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib sets ~ lists/comp/mi > sync (deraadt@) ~ lists/comp/mi > sync (deraadt@) ~ lists/comp/mi > sync (deraadt@) == gnu =============================================================== 02/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/gnu gnu ~ llvm/tools/clang/lib/Basic/Targets.cpp > Setup clang to use OpenBSD settings and defines for our AArch64 > (little-endian) target. > ok phessler@ (patrick@) == lib =============================================================== 03/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib libcrypto ~ man/lh_new.3 ~ man/lh_stats.3 > Add Copyright and license. > This documentation is obviously incomplete and unintelligible. > However, as the interfaces are utterly ill-designed and contorted > to the point of absurdity, i refuse to even attempt improvements, > at least for now. (schwarze@) ~ man/OPENSSL_VERSION_NUMBER.3 > Copyright and license (schwarze@) ~ man/OPENSSL_config.3 > Add Copyright and license. > There are many recommendations in this page, and most of them were > changed in OpenSSL. I have no idea what makes sense, so i'm not > touching the content. (schwarze@) ~ man/OPENSSL_load_builtin_modules.3 > Add Copyright and license. > Garbage collect empty RETURN VALUES section. (schwarze@) ~ man/Makefile + man/OPENSSL_malloc.3 > Document and discourage those wrappers that we have and that OpenSSL > documents, too. There are many additional undocumented ones in our > public OpenSSL headers, but advertising those would be a bad idea. > Nothing of the text from OPENSSL_malloc.pod remains, so use my own > Copyright and license. (schwarze@) ~ man/OpenSSL_add_all_algorithms.3 > Copyright and license (schwarze@) ~ man/Makefile + man/PEM_read.3 > import from OpenSSL with minor tweaks (schwarze@) ~ man/PEM_read_bio_PrivateKey.3 > For unknown reasons, this summer, OpenSSL added an additional manual > page PEM_read_CMS(3) to document a bunch of functions unrelated > among themselves, but very similar to those documented here. > Information in that page is scantier than for the functions documented > here - and besides, it is mostly wrong. Looks like they lost their > way in the vast forest of functions they autogenerated with chains > of macros... > Document those functions documented there which are relevant to us > in the present page instead, and with correct prototypes. Given > that i know too little about PEM formats, information about semantics > is almost certainly incomplete, but at least better than what OpenSSL > provides. > While here, add Copyright and license. (schwarze@) ~ man/PEM_write_bio_PKCS7_stream.3 > Add Copyright and license. > Remove one needless #include from the SYNOPSIS (from OpenSSL). (schwarze@) ~ man/CRYPTO_set_ex_data.3 > Add Copyright and license. > Merge the documentation of six additional functions from OpenSSL. > There are some differences between OpenSSL and LibreSSL, for example > we don't have CRYPTO_free_ex_index(), CRYPTO_EX_INDEX_EC_KEY, > and CRYPTO_EX_INDEX_APP. I hope i got the differences right. > "if you don;t get any feedback promptly i say just go ahead" jmc@ > (schwarze@) ~ man/PKCS12_create.3 ~ man/PKCS12_parse.3 > Copyright and license (schwarze@) ~ man/Makefile + man/PKCS12_newpass.3 > import PKCS12_newpass(3) from OpenSSL (schwarze@) ~ man/PKCS5_PBKDF2_HMAC.3 ~ man/PKCS7_decrypt.3 ~ man/PKCS7_encrypt.3 ~ man/PKCS7_sign.3 ~ man/PKCS7_sign_add_signer.3 ~ man/PKCS7_verify.3 > Copyright and license (schwarze@) libssl ~ man/Makefile + man/PEM_read_SSL_SESSION.3 > The OpenSSL file doc/man3/PEM_read_CMS.pod contains parts belonging > to libcrypto and parts belonging to libssl. Extract the parts > relevant for our libssl and import them with some tweaks. (schwarze@) == regress =========================================================== 04/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress sys ~ kern/setuid/Makefile > The setuid regression test builds and runs a binary that is setuid > or setgid nobody. Since /usr/obj is 0770, user nobody cannot access > other files there anymore. Install all programs into a temporary > directory and run them there. Check that /tmp is mounted without > nosuid. (bluhm@) ~ net/pf_forward/Makefile > Enable the pmtu and traceroute subtests with af-to. pf has been > fixed now. (bluhm@) usr.sbin ~ syslogd/Syslogd.pm > To test the pipe feature, a dd is started and writing into a log > file as user _syslogd. Since /usr/obj is 0770 now, user _syslogd > cannot access this file there anymore. Create pipe.log in temporary > directory in /tmp instead. (bluhm@) == sbin ============================================================== 05/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin ifconfig ~ brconfig.c ~ ifconfig.8 > Rename "flowmax" to "maxflow" and give each switch(4) ioctl a > dedicated number. Both changes for consistency. > OK rzalamena@ (reyk@) iked ~ iked.conf.5 > ikelifetime time spec is the same the one for lifetime (mikeb@) == share ============================================================= 06/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share man ~ man4/switch.4 > catch up with ioctl rename; ok reyk (jmc@) == sys =============================================================== 07/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys arch/landisk/stand/boot ~ Makefile > need ashrdi3 (deraadt@) arch/landisk/stand/xxboot ~ Makefile > need ashrdi3 (deraadt@) kern ~ uipc_syscalls.c > Remove NULL checks before m_free{m,}(). > ok reyk@, rzalamena@ (mpi@) net ~ if_switch.c ~ switchofp.c > Rename "flowmax" to "maxflow" and give each switch(4) ioctl a > dedicated number. Both changes for consistency. > OK rzalamena@ (reyk@) ~ bpf.c > Make sure the descriptor has been removed from the interface list > before we call ifpromisc() and possibly sleep. > ok bluhm@ (mpi@) ~ if.c > Remove simple recursive splsoftnet() calls inside ifioctl(). (mpi@) ~ switchofp.c > Implement more validations for switch(4) groups handling: check for invalid > group-mod message sizes and validate bucket sizes and actions lists. > Discussed with reyk@: we should get this in as it is better to have some > validation than having none at all. (rzalamena@) ~ pf.c > Path MTU discovery and traceroute did not always work with pf af-to. > If an incoming packet is directly put into the output path, sending > the icmp error packet is never done. As this is basically forwarding, > calling ip_forward() for such packets does everything that is needed. > OK mikeb@ (bluhm@) netinet ~ ip_output.c > Kill a micro optimization that no longer make sense since the two routing > blocks have been merged in r1.292. > ok claudio@ (mpi@) ~ udp_usrreq.c > Allow to build kernels without IPSEC but with PIPEX. (mpi@) ~ igmp.c ~ ip_input.c ~ tcp_timer.c > Assert that every slow/fast timeout routine is called at IPL_SOFTNET. > This removes multipe recursive splsoftnet()/splx() dances. (mpi@) ~ ip_icmp.c > Explicitly initialize rti_ifa when automagically adding a route. > This will allow to strengthen checks when userland adds a route. > ok phessler@, bluhm@ (mpi@) ~ ip_input.c ~ ip_var.h > Path MTU discovery and traceroute did not always work with pf af-to. > If an incoming packet is directly put into the output path, sending > the icmp error packet is never done. As this is basically forwarding, > calling ip_forward() for such packets does everything that is needed. > OK mikeb@ (bluhm@) netinet6 ~ ip6_input.c > Merge two "#ifdef MROUTING" blocks. > It's one more step towards splitting ip6_input() in two and it reduces > differences with v4. > ok bluhm@ (mpi@) ~ frag6.c > Assert that every slow/fast timeout routine is called at IPL_SOFTNET. > This removes multipe recursive splsoftnet()/splx() dances. (mpi@) ~ nd6.c ~ nd6.h ~ nd6_nbr.c ~ nd6_rtr.c > Remove multiple recursive splsoftnet(). > ok bluhm@ (mpi@) ~ icmp6.c ~ in6.c ~ nd6.c ~ nd6_rtr.c > Explicitly initialize rti_ifa when automagically adding a route. > This will allow to strengthen checks when userland adds a route. > ok phessler@, bluhm@ (mpi@) sys ~ sockio.h > Rename "flowmax" to "maxflow" and give each switch(4) ioctl a > dedicated number. Both changes for consistency. > OK rzalamena@ (reyk@) ~ exec_elf.h > Add the ELF machine type for AArch64 as specified in the ELF spec for > the ARM 64-bit Architecture. > ok phessler@ (patrick@) == usr.bin =========================================================== 08/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin tmux ~ tty.c > When comparing ocy to orlower in tty_cmd_cell, there is no need to add > yoff (because they are both already relative to the pane). Also fix some > other minor nits. (nicm@) == usr.sbin ========================================================== 09/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin tcpdump ~ print-lldp.c ~ print-ofp.c > ether_ntoa -> etheraddr_string, like elsewhere in tcpdump > openflow part tested by rzalamena@, ok deraadt@ (jca@) =============================================================================== _______________________________________________ odc mailing list [email protected] http://www.squish.net/mailman/listinfo/odc
