OpenBSD src changes summary for 2016-12-30 ==========================================
distrib/amd64 distrib/hppa distrib/i386 distrib/macppc distrib/miniroot distrib/sets distrib/special etc/etc.amd64/disktab etc/etc.hppa/disktab etc/etc.i386/disktab gnu lib/libcrypto lib/libssl regress/lib regress/usr.sbin share/termtypes sys/arch/amd64/conf sys/arch/amd64/stand/efiboot sys/arch/arm/include sys/arch/arm64/stand/efiboot sys/arch/armv7/include sys/arch/armv7/stand/efiboot sys/arch/hppa/conf sys/arch/i386/conf sys/arch/mips64/mips64 usr.bin/less usr.bin/openssl usr.bin/passwd usr.bin/ssh usr.bin/tmux usr.sbin/ntpd usr.sbin/syslogd == distrib =========================================================== 01/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib amd64 ~ common/list ~ ramdiskA/list.local ~ ramdisk_cd/Makefile ~ ramdisk_cd/Makefile.inc ~ ramdisk_cd/list.local > Install cert.pem + ftp(1) binary that supports SSL, so the install script > can perform https fetches. While non-critical for sets (which are verified > using signify), it is an uplift for communication towards the > ftp.openbsd.org > cgi which provides mirror proposals, entropy seeds, and current time. > [The install script changes are not included in this commit] > ok beck jsing rpe (deraadt@) hppa ~ list ~ ramdisk/Makefile > Install cert.pem + ftp(1) binary that supports SSL, so the install script > can perform https fetches. While non-critical for sets (which are verified > using signify), it is an uplift for communication towards the > ftp.openbsd.org > cgi which provides mirror proposals, entropy seeds, and current time. > [The install script changes are not included in this commit] > ok beck jsing rpe (deraadt@) i386 ~ common/Makefile.inc ~ common/list ~ ramdisk/list.local ~ ramdisk_cd/Makefile ~ ramdisk_cd/list.local > Install cert.pem + ftp(1) binary that supports SSL, so the install script > can perform https fetches. While non-critical for sets (which are verified > using signify), it is an uplift for communication towards the > ftp.openbsd.org > cgi which provides mirror proposals, entropy seeds, and current time. > [The install script changes are not included in this commit] > ok beck jsing rpe (deraadt@) macppc ~ ramdisk/Makefile ~ ramdisk/list > Install cert.pem + ftp(1) binary that supports SSL, so the install script > can perform https fetches. While non-critical for sets (which are verified > using signify), it is an uplift for communication towards the > ftp.openbsd.org > cgi which provides mirror proposals, entropy seeds, and current time. > [The install script changes are not included in this commit] > ok beck jsing rpe (deraadt@) miniroot ~ mtree.conf > create etc/ssl directory on all media (in case we want to put a file there) > (deraadt@) ~ makeconf.awk > Also link with -ltls -lssl -lcrypto, in case the instbin binary contains > calls to those libraries. (deraadt@) ~ install.sub > Switch the connection to ftp.openbsd.org from using the ip address > to hostname as preparation for an upcoming change. > But to ensure proper name resolution in case dns is not available > yet, add an entry to the hosts file. After an installation, remove > it so it does not end up in the final hosts file. Not needed for > upgrades because the file is not copied to the upgraded system. > OK deraadt@ (rpe@) sets ~ lists/comp/mi > sync (deraadt@) ~ lists/base/mi > syunc (deraadt@) special ~ Makefile > enter ftp-ssl also (deraadt@) == etc =============================================================== 02/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/etc etc.amd64/disktab ~ etc.amd64/disktab > resize some of the ramdisks and miniroots that can be larger. (deraadt@) etc.hppa/disktab ~ etc.hppa/disktab > resize some of the ramdisks and miniroots that can be larger. (deraadt@) etc.i386/disktab ~ etc.i386/disktab > resize some of the ramdisks and miniroots that can be larger. (deraadt@) == gnu =============================================================== 03/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/gnu gnu ~ gcc/gcc/config/m88k/m88k.c ~ gcc/gcc/config/m88k/m88k.h > Prevent scheduling from interfering with the epilogue instructions, as soon > as any of the stack or frame pointers are modified. > Allow narrower-than-register types to be kept in registers in wider modes, > as was the case with gcc 3. > This now seems to produce reliable code with -O1. -O2 is not safe yet. > (miod@) == lib =============================================================== 04/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib libcrypto ~ pkcs12/p12_kiss.c ~ pkcs12/p12_npas.c ~ pkcs12/p12_utl.c > Expand M_PKCS12_* "compatibility" macros. No change to generated assembly. > (jsing@) ~ pkcs12/pkcs12.h > Place M_PKCS12_* compatibility macros under #ifndef LIBRESSL_INTERNAL. > (jsing@) ~ x509/x509_req.c ~ x509/x_all.c > Expand ASN1_ITEM_rptr macros - no change in generated assembly. (jsing@) ~ dh/dh_asn1.c > Expand ASN1_ITEM_rptr macro - no change in generated assembly. (jsing@) ~ dsa/dsa_asn1.c > Expand ASN1_ITEM_rptr macro - no change in generated assembly. (jsing@) ~ ocsp/ocsp_cl.c ~ ocsp/ocsp_srv.c > Expand ASN1_ITEM_rptr macros - no change in generated assembly. (jsing@) ~ pkcs12/p12_add.c ~ pkcs12/p12_p8d.c ~ pkcs12/p12_p8e.c ~ pkcs12/p12_utl.c > Expand ASN1_ITEM_rptr macros - no change in generated assembly. (jsing@) ~ pkcs7/bio_pk7.c ~ pkcs7/pk7_attr.c ~ pkcs7/pk7_doit.c ~ pkcs7/pk7_mime.c > Expand ASN1_ITEM_rptr macros - no change in generated assembly. (jsing@) ~ rsa/rsa_ameth.c ~ rsa/rsa_asn1.c > Expand ASN1_ITEM_rptr macros - no change in generated assembly. (jsing@) ~ x509v3/v3_akey.c ~ x509v3/v3_alt.c ~ x509v3/v3_bcons.c ~ x509v3/v3_bitst.c ~ x509v3/v3_conf.c ~ x509v3/v3_cpols.c ~ x509v3/v3_crld.c ~ x509v3/v3_enum.c ~ x509v3/v3_extku.c ~ x509v3/v3_ia5.c ~ x509v3/v3_info.c ~ x509v3/v3_int.c ~ x509v3/v3_lib.c ~ x509v3/v3_ncons.c ~ x509v3/v3_ocsp.c ~ x509v3/v3_pci.c ~ x509v3/v3_pcons.c ~ x509v3/v3_pku.c ~ x509v3/v3_pmaps.c ~ x509v3/v3_prn.c ~ x509v3/v3_skey.c ~ x509v3/v3_sxnet.c > Expand ASN1_ITEM_ref and ASN1_ITEM_ptr macros - no change in generated > assembly. Of particular interest is ASN1_ITEM_ptr which does nothing > and resulted in code like: > if (method->it) > ASN1_ITEM_free(..., ASN1_ITEM_ptr(method->it)); (jsing@) ~ asn1/p5_pbe.c ~ asn1/p5_pbev2.c ~ asn1/tasn_dec.c ~ asn1/tasn_enc.c ~ asn1/tasn_fre.c ~ asn1/tasn_new.c ~ asn1/tasn_prn.c ~ asn1/x_crl.c ~ asn1/x_name.c > Expand ASN1_ITEM_rptr and ASN1_ITEM_ptr macros - no change in generated > assembly. (jsing@) ~ ocsp/ocsp.h > Expand ASN1_ITEM_rptr macros - no change in preprocessor output. (jsing@) ~ x509v3/x509v3.h > Expand ASN1_ITEM_rptr macros - no change in preprocessor output. (jsing@) ~ asn1/asn1.h > Place ASN_ITEM_{ptr,rptr,ref} and DECLARE_ASN1_ITEM under #ifndef > LIBRESSL_INTERNAL. (jsing@) libssl ~ dtls1.h ~ ssl3.h > Explicitly include openssl/opensslconf.h in headers that use OPENSSL_NO_* > defines - do not rely on another heading making those available for us. > (jsing@) ~ s3_both.c ~ ssl_locl.h > Remove now unused c2l, c2ln, l2c, n2l, l2cn and n2l3 macros. (jsing@) ~ s23_clnt.c ~ ssl_lib.c ~ ssl_locl.h > Pull out (and largely rewrite) the code that determines the enabled > protocol version range. > This also fixes a bug whereby if all protocols were disabled, the client > would still use TLSv1.2 in the client hello, only to have if fail with > unsupported version when it received and processed the server hello. > ok doug@ (jsing@) ~ s3_lib.c ~ ssl.h > Add support for SSL_get_server_tmp_key(). > ok doug@ (jsing@) == regress =========================================================== 05/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress lib ~ libssl/unit/Makefile + libssl/unit/ssl_versions.c > Add regress coverage for enabled protocol version range. (jsing@) usr.sbin ~ syslogd/args-tls-cafile-default.pl ~ syslogd/args-tls-cafile-fake.pl > Now libtls creates nicer certificate verification error messages. > Adapt regex in syslogd test. (bluhm@) == share ============================================================= 06/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share termtypes ~ termtypes.master > Update to terminfo-20161126. (nicm@) ~ termtypes.master > Add xterm+pcfkeys to the tmux entry, for all the xterm(1) function keys. > (nicm@) == sys =============================================================== 07/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys arch/amd64/conf ~ RAMDISK_CD > Increase space for ramdisk inserts to match ftp(1) https growth. (deraadt@) arch/amd64/stand/efiboot ~ eficall.h > Fix EFI_CALL() to pass the arguments properly when number of arguments is > 0. > From pulse.purge at gmail.com (yasuoka@) arch/arm/include - isa_machdep.h - pio.h > Remove unused headers. > ISA and PIO don't really fit in the ARM landscape. Suggested by patrick@ > and kettenis@, ok deraadt@ (jca@) arch/arm64/stand/efiboot ~ eficall.h > Fix EFI_CALL() to pass the arguments properly when number of arguments is > 0. > From pulse.purge at gmail.com (yasuoka@) arch/armv7/include - isa_machdep.h - pio.h > Remove unused headers. > ISA and PIO don't really fit in the ARM landscape. Suggested by patrick@ > and kettenis@, ok deraadt@ (jca@) arch/armv7/stand/efiboot ~ eficall.h > Fix EFI_CALL() to pass the arguments properly when number of arguments is > 0. > From pulse.purge at gmail.com (yasuoka@) arch/hppa/conf ~ RAMDISK > Increase space for ramdisk inserts to match ftp(1) https growth. (deraadt@) arch/i386/conf ~ RAMDISK_CD > Increase space for ramdisk inserts to match ftp(1) https growth. (deraadt@) arch/mips64/mips64 ~ pmap.c > When entering a mapping on write access, compute the PTE after making > the page dirty. This lets the system avoid an extra TLB modify fault > because the TLB mapping now allows writes immediately. > Noticed by miod@ (visa@) ~ pmap.c > Ansify pmap_copy(). (visa@) == usr.bin =========================================================== 08/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin less ~ linenum.c > restore a not so redundant test. loopcount = -1 is a significant indicator > to prevent printing the calculating message over and over. > from Hugo Villeneuve (tedu@) openssl ~ pkcs12.c > Stop using M_PKCS12_* compatibility macros here as well. (jsing@) ~ apps.c ~ x509.c > Expand ASN1_ITEM_rptr macros here as well... used with NETSCAPE_X509 of all > things... (jsing@) ~ s_apps.h ~ s_cb.c ~ s_client.c > Display details of the server ephemeral key, based on OpenSSL. > ok doug@ (jsing@) passwd ~ local_passwd.c > Use explicit_bzero() to clear the buffer used when the user retypes > the new password. From isk AT ingve DOT org (millert@) ssh ~ auth2-pubkey.c > fix deadlock when keys/principals command produces a lot of output > and a key is matched early; bz#2655, patch from jboning AT gmail.com (djm@) tmux ~ options-table.c > Change the xterm-keys option to default to on, so that tmux will > generate xterm(1) escape sequences for function keys with modifiers. > With the option off most of these keys are ignored by default, except > for ctrl + arrows which use a variant that nothing else seems to use and > I don't remember why we chose. The xterm escape sequences are now the > most common. > Prompted by a question from mpi@. (nicm@) == usr.sbin ========================================================== 09/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin ntpd ~ ntpd.conf.5 > markup from jan stary; (jmc@) syslogd ~ privsep.c ~ syslogd.c > When syslogd received a SIGHUP during startup, it died instead of > reloading its config. This could happen when multiple signals were > sent during a short interval. So block SIGHUP until signal handlers > are installed. > OK deraadt@ jca@ (bluhm@) =============================================================================== _______________________________________________ odc mailing list [email protected] http://www.squish.net/mailman/listinfo/odc
