OpenBSD src changes summary for 2017-01-03 ==========================================
bin/ed distrib/miniroot lib/libcrypto lib/libsndio lib/libssl lib/libtls regress/lib sbin/iked share/man sys/arch/amd64/amd64 sys/arch/arm/mainbus sys/arch/armv7/conf sys/arch/i386/i386 sys/arch/i386/include sys/arch/mips64/include sys/dev sys/dev/fdt sys/dev/usb sys/net sys/netinet sys/netinet6 usr.bin/aucat usr.bin/find usr.bin/ftp usr.bin/openssl usr.bin/sndiod usr.bin/ssh usr.bin/xargs usr.sbin/smtpd == bin =============================================================== 01/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/bin ed ~ main.c > Allow the omission of one address in (.,.) and (.;.) address ranges > as per POSIX. With this patch, ",n" is an abbreviation for "1,n", > ";n" abbreviates ".;n". The "n," and "n;" variants mean "n,n" and "n;n", > respectively. > Patch from Jerome FRGAGIC; ok stefan, deraadt (tb@) == distrib =========================================================== 02/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib miniroot ~ install.sub > Add https support to the OpenBSD installer. > The sets are downloaded using https per default. If the server does > not support https, the installer offers falling back to http after > asking for confirmation. > NOTE: Depending on the setup, people using autoinstall(8) might > need to add this new installer question to the response file. > Unable to connect using https. Use http instead = yes|no > Joint work with and 'go for it' from deraadt@ > Tested from and OK tb@ > Feedback and OK for the approach halex@ (rpe@) == lib =============================================================== 03/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib libcrypto ~ x509/x509_vfy.c > bring in boring's internal check_trust function to fix a bug introduced > when we went to alternate cert chains. this correctly does not clobber > the ctx->error when using an alt chain. > ok jsing@ (beck@) ~ x509/x509_vfy.c > Add a small bit of belt and suspenders around ERR_V_OK with X509_STORE_ctx > and X509_verify_cert - We at least make it so an an init'ed ctx is not > "valid" until X509_verify_cert has actually been called, And we make it > impossible to return success without having the error set to ERR_V_OK. > ok jsing@ (beck@) ~ man/X509_verify_cert.3 > It takes a special style of creative writing to be unspecific about the > error > return code of a function in a man page. Let's remove the ambiguity and > half truths in here. > ok jsing@ (beck@) ~ man/ASN1_TYPE_get.3 ~ man/ASN1_item_new.3 > Document ASN1_TYPE_new(3) and ASN1_TYPE_free(3), even though OpenSSL > does not document them. By being in <openssl/asn1.h>, they are > public, and it makes no sense to document accessors but not document > constructors and destructors. > Improve the one-line description. > Mention various missing details. > Many wording improvements. > Add some cross references. (schwarze@) ~ man/ASN1_item_d2i.3 > Document d2i_ASN1_TYPE(3) and i2d_ASN1_TYPE(3), > both listed in <openssl/asn1.h> and in OpenSSL doc/man3/d2i_X509.pod. > Minor wording improvements while here. (schwarze@) libsndio ~ sio_open.3 > Tweak RETURN VALUES section. Move description of sio_pollfd() and > sio_nfds() return values there and add a paragraph about sio_eof(). > ok jmc ratchov (natano@) libssl ~ s23_clnt.c ~ s23_srvr.c ~ ssl_lib.c ~ ssl_locl.h > Pull out, rework and dedup the code that determines the highest shared > version. > ok beck@ doug@ (jsing@) libtls ~ tls.c > Revert previous - the original code was correct since X509_verify_cert() > should not have changed the X509_STORE_CTX error value on success and it > was initialised to X509_V_OK by X509_STORE_CTX_init(). Other software also > depends on this behaviour. > Previously X509_verify_cert() was mishandling the X509_STORE_CTX error > value when validating alternate chains. This has been fixed and further > changes now explicitly ensure that the error value will be set to X509_V_OK > if X509_verify_cert() returns success. (jsing@) ~ tls.c > If certificate verification has been disabled, do not attempt to load a > CA chain or specify CA paths. This prevents attempts to access the file > system, which may fail due to pledge. > ok bluhm@ (jsing@) == regress =========================================================== 04/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress lib ~ libssl/unit/ssl_versions.c > Add regress tests for max shared version code. (jsing@) == sbin ============================================================== 05/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin iked ~ ca.c ~ config.c ~ iked.c ~ iked.h ~ types.h > Fix pledge of the ca process by calling the right function on startup. > As a related change, load the local.pub and local.key keys after > privsep and reload them on SIGHUP/reload. > OK mikeb@ (reyk@) == share ============================================================= 06/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share man ~ man4/Makefile + man4/simplefb.4 > simplefb(4) (kettenis@) == sys =============================================================== 07/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys arch/amd64/amd64 ~ vmm.c > reduce differences between amd64 and i386 vmm (mlarkin@) arch/arm/mainbus ~ mainbus.c > Add simplefb(4), a driver to support the framebuffer set up by the firmware > on some platforms that use device trees. Works on Allwinner (sunxi) and > should also work on Raspberry Pi (broadcom) armv7 platforms. > ok jsg@, visa@ (kettenis@) arch/armv7/conf ~ GENERIC ~ files.armv7 > Add simplefb(4), a driver to support the framebuffer set up by the firmware > on some platforms that use device trees. Works on Allwinner (sunxi) and > should also work on Raspberry Pi (broadcom) armv7 platforms. > ok jsg@, visa@ (kettenis@) arch/i386/i386 ~ machdep.c ~ vmm.c > reduce differences between amd64 and i386 vmm (mlarkin@) arch/i386/include ~ cpu.h > reduce differences between amd64 and i386 vmm (mlarkin@) arch/mips64/include ~ _types.h > Remove #define __SWAP_BROKEN from mips64. The architecture now > has a proper pmap_collect() implementation, and the current > uvm_swapout_threads() code does not need other MD interfaces. > OK miod@ (visa@) dev ~ midi.c > No need to include sys/malloc.h. From Michael W. Bombardieri. Thanks. > (ratchov@) ~ audio.c > If gain is above MAX, no need to check whether it's below MIN. > From Michael W. Bombardieri. Thanks. (ratchov@) dev/fdt + files.fdt + simplefb.c > Add simplefb(4), a driver to support the framebuffer set up by the firmware > on some platforms that use device trees. Works on Allwinner (sunxi) and > should also work on Raspberry Pi (broadcom) armv7 platforms. > ok jsg@, visa@ (kettenis@) dev/usb ~ umidi_quirks.c > No need to include sys/malloc.h. From Michael W. Bombardieri. Thanks. > (ratchov@) ~ uaudio.c > No need to set use_maxpkt twice. From Michael W. Bombardieri. Thanks. > (ratchov@) net ~ if_pflow.c > Move the logic for SIOCSETPFLOW in a helper function to help with > upcoming locking. > ok visa@, bluhm@ (mpi@) ~ if.c > Do not trash the original SPL level. > Pointed out by and ok jsg@, ok mikeb@ (mpi@) ~ if_vxlan.c > Don't try to reconfigure the multicast group in the detach handler of > the multicast interface - simply clear the VXLAN configuration when > the associated multicast interface disappears. This fixes some > locking and recursion problems. > OK mpi@ mikeb@ (reyk@) ~ bpf.c ~ bpfdesc.h > Revert previous, there's still a problem with recursive entries in > bpf_mpath_ether(). > Problem reported by Hrvoje Popovski. (mpi@) netinet ~ ip_gre.c ~ tcp_usrreq.c > Remove some recursives splsoftnet(). > ok visa@, mikeb@ (mpi@) netinet6 ~ nd6_nbr.c > Take the neighbor solicitation's source address from the packet to > send if the mbuf contains the complete IPv6 header. The old check > was wrong, it required one additional octet after the header. So > the source address selection was depending on the layout of the > mbuf chain. > OK mpi@ (bluhm@) == usr.bin =========================================================== 08/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin aucat ~ utils.c ~ utils.h > Sync utils.c and utils.h to sndiod. (ratchov@) ~ aucat.c > Log play volume together with other play parameters. (ratchov@) ~ abuf.c ~ aucat.c > Assert we're not freeing buffers we didn't allocate (DEBUG mode). > (ratchov@) find ~ extern.h ~ find.1 ~ find.c ~ find.h ~ function.c ~ main.c ~ option.c > add -delete option which can simplify the common case of wanting to delete > lots of files without the arcane -exec or error prone xargs. > code from freebsd. > ok millert (tedu@) ~ find.1 > tweak previous; (jmc@) ftp ~ extern.h ~ fetch.c ~ ftp.1 ~ main.c > Add a "-w connect_timeout" option in support of URL-fetching. This allows > slow / failing connects to be identified. The install script needs this > functionaly. > ok jca rpe millert (deraadt@) openssl ~ openssl.1 > consistently spell ASN.1; (jmc@) sndiod ~ listen.c > Use a goto to factor all calls to close() when listen_in() returns > an error. From Michael W. Bombardieri. Thanks. (ratchov@) ~ dev.c ~ midi.c ~ utils.c > Many typos in comments. From Michael W. Bombardieri. Thanks. (ratchov@) ssh ~ sftp-client.c > check number of entries in SSH2_FXP_NAME response; avoids > unreachable overflow later. Reported by Jann Horn (djm@) xargs ~ strnsubst.c > remove unused variable repllen. > i tried to see if it could be useful, but this function is kinda crazy. > from Julien Ramseier (tedu@) == usr.sbin ========================================================== 09/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin smtpd ~ smtpd.8 > document forward(5); from mk > ok gilles (jmc@) =============================================================================== _______________________________________________ odc mailing list [email protected] http://www.squish.net/mailman/listinfo/odc
