OpenBSD src changes summary for 2016-12-13 ==========================================
distrib/sets lib/libcrypto lib/libssl regress/sys sbin/ifconfig sbin/route share/man sys/arch/amd64/conf sys/dev/pci sys/dev/pv sys/net sys/netinet sys/stand usr.sbin/dhcrelay usr.sbin/tcpdump == distrib =========================================================== 01/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib sets ~ lists/comp/mi > sync (deraadt@) == lib =============================================================== 02/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib libcrypto ~ man/OCSP_SERVICELOC_new.3 > typo fix; ok schwarze (jmc@) ~ man/Makefile + man/PKCS7_new.3 > Write PKCS7_new(3) manual page from scratch. All the functions are > public: listed in <openssl/pkcs7.h> and OpenSSL doc/man3/X509_dup.pod. > Note that the OpenSSL documentation specifies the wrong header file. > (schwarze@) ~ man/PEM_write_bio_PKCS7_stream.3 ~ man/PKCS7_decrypt.3 ~ man/PKCS7_encrypt.3 ~ man/PKCS7_sign.3 ~ man/PKCS7_sign_add_signer.3 ~ man/PKCS7_verify.3 ~ man/SMIME_read_PKCS7.3 ~ man/SMIME_write_PKCS7.3 ~ man/i2d_PKCS7_bio_stream.3 > tweak SEE ALSO; in particular, > make sure that all PKCS7 pages point to PKCS7_new(3) (schwarze@) ~ man/Makefile + man/RSA_PSS_PARAMS_new.3 > Start RSA_PSS_PARAMS_new(3) stub from scratch. Both functions > are listed in <openssl/rsa.h> and OpenSSL doc/man3/X509_dup.pod. > Note that the OpenSSL documentation specifies the wrong header file. > More could probably be said about PSS, but this is a start... (schwarze@) libssl ~ s3_clnt.c > Convert ssl3_send_client_kex_ecdhe() to CBB. Also check the return value of > the EC_POINT_point2oct() calls. > Feedback from and ok doug@ (jsing@) ~ s3_clnt.c > Convert ssl3_send_client_kex_gost() to CBB. > ok doug@ (jsing@) ~ s3_clnt.c > Complete the CBB conversion and cleanup of send_client_key_exchange(). > ok doug@ (jsing@) == regress =========================================================== 03/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress sys ~ netinet/pmtu/tcp_connect.py ~ netinet/pmtu/tcp_connect6.py ~ netinet/pmtu/udp_echo6.py > Print better error messages in case an expected packet is missing. (bluhm@) == sbin ============================================================== 04/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin ifconfig ~ ifconfig.c > make setting and getting tunnel addresses wrt to ipv6 scope handling. > setting a tunnel addresses uses a sockaddr_in6 from getaddrinfo, which > sets sin6_scope_id for scoped addresses. this is nice and portable. > reading a tunnel address assumed the scope was embedded in link local > addresses in sin6_addr, and unpacked the scope back into sin6_scope_id. > this is inconsistent with the code that sets tunnel addresses. > this fixes the read path so it assumes the kernel sets sin6_scope_id > like it it assumes the kernel will read on the set side. noone likes > the kame hack of embedding the scope id in the addreses. > ok mpi@ (dlg@) route ~ route.c ~ show.c ~ show.h > Print the correct netmask instead of /0 when flushing routes to networks. > Issue reported by jsing@, ok stsp@ (mpi@) == share ============================================================= 05/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share man ~ man5/spamd.conf.5 > In troff, a literal backslash character needs an 'e' at the end. > The nixspam example was missing this. From Larry Hynes. (millert@) ~ man5/port-modules.5 > Document MODFOO_post-extract. > From semarie@, ok espie@ (landry@) ~ man5/spamd.conf.5 > one more `e' required to mark up correctly; ok millert (jmc@) == sys =============================================================== 06/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys arch/amd64/conf ~ GENERIC > Enable xbf(4) (mikeb@) dev/pci ~ if_vio.c > Fix up tsleep priorities and make them interruptible > With help from and OK sf, OK mpi on the previous version. (mikeb@) dev/pv ~ xbf.c > Poll until the ITSDONE flag is set on the transfer (mikeb@) ~ xbf.c > Bounce unaligned transfer data through a scratch buffer > Thanks to the detailed report from Nathanael Rensen, the issue > with unaligned transfer data became apparent: the backend expects > buffers be multiple of 512 bytes and to be 512 byte aligned, which > is not always satisfied. > This isn't an issue when requests are coming from the buffer cache, > but can happen with raw device access since physio(9) ensures the > former requirement is met by disallowing non-block sized reads, but > doesn't enforce the latter. It remaps userland buffers into the > kernel virtual space which preserves the data offset within the > memory page and thus the original alignment. > Buffers with offsets under the block size can't be referenced by > Blkfront ring descriptors that measure data in blocks and must be > substituted with temporary buffers for the duration of the I/O > operation. (mikeb@) ~ if_xnf.c > Use new xs_{get,set}num functions instead of hand-rolled weirdness (mikeb@) net ~ if_vxlan.c ~ if_gif.c ~ if_etherip.c > make v6 tunnel address handling consider ipv6 scope. > an earlier version of this diff was ok mpi@ (dlg@) ~ if_media.h > New media types from FreeBSD > No objections from deraadt@, OK dlg > Thanks to stsp@ who has extended ifm_media field to 64 bits. (mikeb@) netinet ~ ip_mroute.c > Propagate the routing table id in ip_mrouter_set() so the MRT_ADD_VIF > calls won't fail anymore when doing from a different rdomain. > ok mpi@ (rzalamena@) stand + efi/include/arm64/efibind.h > Add an efibind.h for arm64. Taken from edk2, modified to be similar > to our arm version. > ok millert@ (patrick@) == usr.sbin ========================================================== 07/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin dhcrelay ~ dhcrelay.8 ~ dhcrelay.c > simplify previous; ok reyk (jmc@) ~ dhcrelay.c > Filter DHCP reply messages that were not meant for us by looking at the > gateway set. This happens mostly because we are watching a BPF socket. > Suggested by and ok jca@ (rzalamena@) ~ dhcrelay.c > Unbreak the insertion of Relay Agent Information on layer 3 mode when > using the default values: use the right address for remote-id. > ok reyk@ (rzalamena@) ~ dhcrelay.c > Unbreak the dhcrelay(8) support to run on enc(4) interfaces. > ok reyk@ (rzalamena@) tcpdump ~ print-gre.c ~ print-ip6.c > teach tcpdump some more things about gre. > gre can be encapsulated in ipv6. > gre can encapsulate ipv6, mpls, and ethernet. > nvgre is based on gre, so if the header could be nvgre print the > vsid and flow id as well as the key. > ok stsp@ (dlg@) =============================================================================== _______________________________________________ odc mailing list [email protected] http://www.squish.net/mailman/listinfo/odc
