OpenBSD src changes summary for 2016-12-30
==========================================

distrib/amd64                           distrib/hppa
distrib/i386                            distrib/macppc
distrib/miniroot                        distrib/sets
distrib/special                         etc/etc.amd64/disktab
etc/etc.hppa/disktab                    etc/etc.i386/disktab
gnu                                     lib/libcrypto
lib/libssl                              regress/lib
regress/usr.sbin                        share/termtypes
sys/arch/amd64/conf                     sys/arch/amd64/stand/efiboot
sys/arch/arm/include                    sys/arch/arm64/stand/efiboot
sys/arch/armv7/include                  sys/arch/armv7/stand/efiboot
sys/arch/hppa/conf                      sys/arch/i386/conf
sys/arch/mips64/mips64                  usr.bin/less
usr.bin/openssl                         usr.bin/passwd
usr.bin/ssh                             usr.bin/tmux
usr.sbin/ntpd                           usr.sbin/syslogd

== distrib =========================================================== 01/09 ==

  http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib

amd64

  ~ common/list                           ~ ramdiskA/list.local
  ~ ramdisk_cd/Makefile                   ~ ramdisk_cd/Makefile.inc
  ~ ramdisk_cd/list.local                 

  > Install cert.pem + ftp(1) binary that supports SSL, so the install script
  > can perform https fetches.  While non-critical for sets (which are verified
  > using signify), it is an uplift for communication towards the
  > ftp.openbsd.org
  > cgi which provides mirror proposals, entropy seeds, and current time.
  > [The install script changes are not included in this commit]
  > ok beck jsing rpe (deraadt@)

hppa

  ~ list                                  ~ ramdisk/Makefile

  > Install cert.pem + ftp(1) binary that supports SSL, so the install script
  > can perform https fetches.  While non-critical for sets (which are verified
  > using signify), it is an uplift for communication towards the
  > ftp.openbsd.org
  > cgi which provides mirror proposals, entropy seeds, and current time.
  > [The install script changes are not included in this commit]
  > ok beck jsing rpe (deraadt@)

i386

  ~ common/Makefile.inc                   ~ common/list
  ~ ramdisk/list.local                    ~ ramdisk_cd/Makefile
  ~ ramdisk_cd/list.local                 

  > Install cert.pem + ftp(1) binary that supports SSL, so the install script
  > can perform https fetches.  While non-critical for sets (which are verified
  > using signify), it is an uplift for communication towards the
  > ftp.openbsd.org
  > cgi which provides mirror proposals, entropy seeds, and current time.
  > [The install script changes are not included in this commit]
  > ok beck jsing rpe (deraadt@)

macppc

  ~ ramdisk/Makefile                      ~ ramdisk/list

  > Install cert.pem + ftp(1) binary that supports SSL, so the install script
  > can perform https fetches.  While non-critical for sets (which are verified
  > using signify), it is an uplift for communication towards the
  > ftp.openbsd.org
  > cgi which provides mirror proposals, entropy seeds, and current time.
  > [The install script changes are not included in this commit]
  > ok beck jsing rpe (deraadt@)

miniroot

  ~ mtree.conf                            

  > create etc/ssl directory on all media (in case we want to put a file there)
  > (deraadt@)

  ~ makeconf.awk                          

  > Also link with -ltls -lssl -lcrypto, in case the instbin binary contains
  > calls to those libraries. (deraadt@)

  ~ install.sub                           

  > Switch the connection to ftp.openbsd.org from using the ip address
  > to hostname as preparation for an upcoming change.
  > But to ensure proper name resolution in case dns is not available
  > yet, add an entry to the hosts file. After an installation, remove
  > it so it does not end up in the final hosts file. Not needed for
  > upgrades because the file is not copied to the upgraded system.
  > OK deraadt@ (rpe@)

sets

  ~ lists/comp/mi                         

  > sync (deraadt@)

  ~ lists/base/mi                         

  > syunc (deraadt@)

special

  ~ Makefile                              

  > enter ftp-ssl also (deraadt@)

== etc =============================================================== 02/09 ==

  http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/etc

etc.amd64/disktab

  ~ etc.amd64/disktab                     

  > resize some of the ramdisks and miniroots that can be larger. (deraadt@)

etc.hppa/disktab

  ~ etc.hppa/disktab                      

  > resize some of the ramdisks and miniroots that can be larger. (deraadt@)

etc.i386/disktab

  ~ etc.i386/disktab                      

  > resize some of the ramdisks and miniroots that can be larger. (deraadt@)

== gnu =============================================================== 03/09 ==

  http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/gnu

gnu

  ~ gcc/gcc/config/m88k/m88k.c            ~ gcc/gcc/config/m88k/m88k.h

  > Prevent scheduling from interfering with the epilogue instructions, as soon
  > as any of the stack or frame pointers are modified.
  > Allow narrower-than-register types to be kept in registers in wider modes,
  > as was the case with gcc 3.
  > This now seems to produce reliable code with -O1. -O2 is not safe yet.
  > (miod@)

== lib =============================================================== 04/09 ==

  http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib

libcrypto

  ~ pkcs12/p12_kiss.c                     ~ pkcs12/p12_npas.c
  ~ pkcs12/p12_utl.c                      

  > Expand M_PKCS12_* "compatibility" macros. No change to generated assembly.
  > (jsing@)

  ~ pkcs12/pkcs12.h                       

  > Place M_PKCS12_* compatibility macros under #ifndef LIBRESSL_INTERNAL.
  > (jsing@)

  ~ x509/x509_req.c                       ~ x509/x_all.c

  > Expand ASN1_ITEM_rptr macros - no change in generated assembly. (jsing@)

  ~ dh/dh_asn1.c                          

  > Expand ASN1_ITEM_rptr macro - no change in generated assembly. (jsing@)

  ~ dsa/dsa_asn1.c                        

  > Expand ASN1_ITEM_rptr macro - no change in generated assembly. (jsing@)

  ~ ocsp/ocsp_cl.c                        ~ ocsp/ocsp_srv.c

  > Expand ASN1_ITEM_rptr macros - no change in generated assembly. (jsing@)

  ~ pkcs12/p12_add.c                      ~ pkcs12/p12_p8d.c
  ~ pkcs12/p12_p8e.c                      ~ pkcs12/p12_utl.c

  > Expand ASN1_ITEM_rptr macros - no change in generated assembly. (jsing@)

  ~ pkcs7/bio_pk7.c                       ~ pkcs7/pk7_attr.c
  ~ pkcs7/pk7_doit.c                      ~ pkcs7/pk7_mime.c

  > Expand ASN1_ITEM_rptr macros - no change in generated assembly. (jsing@)

  ~ rsa/rsa_ameth.c                       ~ rsa/rsa_asn1.c

  > Expand ASN1_ITEM_rptr macros - no change in generated assembly. (jsing@)

  ~ x509v3/v3_akey.c                      ~ x509v3/v3_alt.c
  ~ x509v3/v3_bcons.c                     ~ x509v3/v3_bitst.c
  ~ x509v3/v3_conf.c                      ~ x509v3/v3_cpols.c
  ~ x509v3/v3_crld.c                      ~ x509v3/v3_enum.c
  ~ x509v3/v3_extku.c                     ~ x509v3/v3_ia5.c
  ~ x509v3/v3_info.c                      ~ x509v3/v3_int.c
  ~ x509v3/v3_lib.c                       ~ x509v3/v3_ncons.c
  ~ x509v3/v3_ocsp.c                      ~ x509v3/v3_pci.c
  ~ x509v3/v3_pcons.c                     ~ x509v3/v3_pku.c
  ~ x509v3/v3_pmaps.c                     ~ x509v3/v3_prn.c
  ~ x509v3/v3_skey.c                      ~ x509v3/v3_sxnet.c

  > Expand ASN1_ITEM_ref and ASN1_ITEM_ptr macros - no change in generated
  > assembly. Of particular interest is ASN1_ITEM_ptr which does nothing
  > and resulted in code like:
  > if (method->it)
  > ASN1_ITEM_free(..., ASN1_ITEM_ptr(method->it)); (jsing@)

  ~ asn1/p5_pbe.c                         ~ asn1/p5_pbev2.c
  ~ asn1/tasn_dec.c                       ~ asn1/tasn_enc.c
  ~ asn1/tasn_fre.c                       ~ asn1/tasn_new.c
  ~ asn1/tasn_prn.c                       ~ asn1/x_crl.c
  ~ asn1/x_name.c                         

  > Expand ASN1_ITEM_rptr and ASN1_ITEM_ptr macros - no change in generated
  > assembly. (jsing@)

  ~ ocsp/ocsp.h                           

  > Expand ASN1_ITEM_rptr macros - no change in preprocessor output. (jsing@)

  ~ x509v3/x509v3.h                       

  > Expand ASN1_ITEM_rptr macros - no change in preprocessor output. (jsing@)

  ~ asn1/asn1.h                           

  > Place ASN_ITEM_{ptr,rptr,ref} and DECLARE_ASN1_ITEM under #ifndef
  > LIBRESSL_INTERNAL. (jsing@)

libssl

  ~ dtls1.h                               ~ ssl3.h

  > Explicitly include openssl/opensslconf.h in headers that use OPENSSL_NO_*
  > defines - do not rely on another heading making those available for us.
  > (jsing@)

  ~ s3_both.c                             ~ ssl_locl.h

  > Remove now unused c2l, c2ln, l2c, n2l, l2cn and n2l3 macros. (jsing@)

  ~ s23_clnt.c                            ~ ssl_lib.c
  ~ ssl_locl.h                            

  > Pull out (and largely rewrite) the code that determines the enabled
  > protocol version range.
  > This also fixes a bug whereby if all protocols were disabled, the client
  > would still use TLSv1.2 in the client hello, only to have if fail with
  > unsupported version when it received and processed the server hello.
  > ok doug@ (jsing@)

  ~ s3_lib.c                              ~ ssl.h

  > Add support for SSL_get_server_tmp_key().
  > ok doug@ (jsing@)

== regress =========================================================== 05/09 ==

  http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress

lib

  ~ libssl/unit/Makefile                  + libssl/unit/ssl_versions.c

  > Add regress coverage for enabled protocol version range. (jsing@)

usr.sbin

  ~ syslogd/args-tls-cafile-default.pl    ~ syslogd/args-tls-cafile-fake.pl

  > Now libtls creates nicer certificate verification error messages.
  > Adapt regex in syslogd test. (bluhm@)

== share ============================================================= 06/09 ==

  http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share

termtypes

  ~ termtypes.master                      

  > Update to terminfo-20161126. (nicm@)

  ~ termtypes.master                      

  > Add xterm+pcfkeys to the tmux entry, for all the xterm(1) function keys.
  > (nicm@)

== sys =============================================================== 07/09 ==

  http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys

arch/amd64/conf

  ~ RAMDISK_CD                            

  > Increase space for ramdisk inserts to match ftp(1) https growth. (deraadt@)

arch/amd64/stand/efiboot

  ~ eficall.h                             

  > Fix EFI_CALL() to pass the arguments properly when number of arguments is
  > 0.
  > From pulse.purge at gmail.com (yasuoka@)

arch/arm/include

  - isa_machdep.h                         - pio.h

  > Remove unused headers.
  > ISA and PIO don't really fit in the ARM landscape.  Suggested by patrick@
  > and kettenis@, ok deraadt@ (jca@)

arch/arm64/stand/efiboot

  ~ eficall.h                             

  > Fix EFI_CALL() to pass the arguments properly when number of arguments is
  > 0.
  > From pulse.purge at gmail.com (yasuoka@)

arch/armv7/include

  - isa_machdep.h                         - pio.h

  > Remove unused headers.
  > ISA and PIO don't really fit in the ARM landscape.  Suggested by patrick@
  > and kettenis@, ok deraadt@ (jca@)

arch/armv7/stand/efiboot

  ~ eficall.h                             

  > Fix EFI_CALL() to pass the arguments properly when number of arguments is
  > 0.
  > From pulse.purge at gmail.com (yasuoka@)

arch/hppa/conf

  ~ RAMDISK                               

  > Increase space for ramdisk inserts to match ftp(1) https growth. (deraadt@)

arch/i386/conf

  ~ RAMDISK_CD                            

  > Increase space for ramdisk inserts to match ftp(1) https growth. (deraadt@)

arch/mips64/mips64

  ~ pmap.c                                

  > When entering a mapping on write access, compute the PTE after making
  > the page dirty. This lets the system avoid an extra TLB modify fault
  > because the TLB mapping now allows writes immediately.
  > Noticed by miod@ (visa@)

  ~ pmap.c                                

  > Ansify pmap_copy(). (visa@)

== usr.bin =========================================================== 08/09 ==

  http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin

less

  ~ linenum.c                             

  > restore a not so redundant test. loopcount = -1 is a significant indicator
  > to prevent printing the calculating message over and over.
  > from Hugo Villeneuve (tedu@)

openssl

  ~ pkcs12.c                              

  > Stop using M_PKCS12_* compatibility macros here as well. (jsing@)

  ~ apps.c                                ~ x509.c

  > Expand ASN1_ITEM_rptr macros here as well... used with NETSCAPE_X509 of all
  > things... (jsing@)

  ~ s_apps.h                              ~ s_cb.c
  ~ s_client.c                            

  > Display details of the server ephemeral key, based on OpenSSL.
  > ok doug@ (jsing@)

passwd

  ~ local_passwd.c                        

  > Use explicit_bzero() to clear the buffer used when the user retypes
  > the new password.  From isk AT ingve DOT org (millert@)

ssh

  ~ auth2-pubkey.c                        

  > fix deadlock when keys/principals command produces a lot of output
  > and a key is matched early; bz#2655, patch from jboning AT gmail.com (djm@)

tmux

  ~ options-table.c                       

  > Change the xterm-keys option to default to on, so that tmux will
  > generate xterm(1) escape sequences for function keys with modifiers.
  > With the option off most of these keys are ignored by default, except
  > for ctrl + arrows which use a variant that nothing else seems to use and
  > I don't remember why we chose. The xterm escape sequences are now the
  > most common.
  > Prompted by a question from mpi@. (nicm@)

== usr.sbin ========================================================== 09/09 ==

  http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin

ntpd

  ~ ntpd.conf.5                           

  > markup from jan stary; (jmc@)

syslogd

  ~ privsep.c                             ~ syslogd.c

  > When syslogd received a SIGHUP during startup, it died instead of
  > reloading its config.  This could happen when multiple signals were
  > sent during a short interval.  So block SIGHUP until signal handlers
  > are installed.
  > OK deraadt@ jca@ (bluhm@)

===============================================================================
_______________________________________________
odc mailing list
[email protected]
http://www.squish.net/mailman/listinfo/odc

Reply via email to