OpenBSD src changes summary for 2017-01-26 ==========================================
distrib/sets lib/libcrypto lib/libssl lib/libtls regress/sys regress/usr.bin regress/usr.sbin sbin/pfctl share/man sys/arch/arm64/conf sys/arch/arm64/dev sys/arch/armv7/vexpress sys/arch/sparc64/conf sys/dev/fdt sys/dev/ic sys/kern sys/netinet sys/netinet6 sys/sys usr.bin/mandoc usr.bin/nc usr.sbin/ldomctl usr.sbin/ocspcheck usr.sbin/syspatch == distrib =========================================================== 01/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib sets ~ lists/comp/mi > sync (sthen@) == lib =============================================================== 02/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib libcrypto ~ man/ERR_load_crypto_strings.3 > Document ERR_load_BN_strings(3). > jsing@ confirmed that this function is public and worth documenting. > This page needs much more work, it is outrageously incomplete and > unclear. For example, it remains unexplained what error strings > are, what "registering" means and what the benefit for the application > is, what happens if it is not done, or what happens if an error > occurs after calling ERR_free_strings(3). I tried to read the code, > but it is so contorted that i postponed that work. For example, > it looks like there are hooks for applications to replace the > functions used for registering strings by other, application-supplied > functions, and, of course, there are many levels of macro and > function wrappers. > For now, i only documented the most obvious BUGS. (schwarze@) ~ err/err.h > Hide SSLerr() under #ifndef LIBRESSL_INTERNAL since we shouldn't be > using it anymore > ok jsing@ (beck@) libssl ~ ssl.h > Remove a sess_cert reference from a comment in the public header. > Noted by zhuk@ (jsing@) ~ ssl_lib.c ~ ssl_locl.h ~ t1_clnt.c ~ t1_meth.c ~ t1_srvr.c > Remove ssl3_undef_enc_method - if we have internal bugs we want to segfault > so that we can debug it, rather than adding a "should not be called" error > to the stack. > Discussed with beck@ (jsing@) - s23_clnt.c - s23_lib.c - s23_pkt.c - s23_srvr.c ~ Makefile ~ d1_clnt.c ~ d1_srvr.c ~ s3_both.c ~ s3_clnt.c ~ s3_pkt.c ~ s3_srvr.c ~ ssl_locl.h ~ t1_clnt.c ~ t1_meth.c ~ t1_srvr.c + ssl_packet.c > Merge the client/server version negotiation into the existing (currently > fixed version) client/server code. > ok beck@ (jsing@) - s3_both.c - s3_clnt.c - s3_pkt.c - s3_srvr.c ~ Makefile + ssl_both.c + ssl_clnt.c + ssl_pkt.c + ssl_srvr.c > Rename s3_{both,clnt,pkt_srvr}.c to have an ssl_ prefix since they are no > longer SSLv3 code. > ok beck@ (jsing@) ~ Makefile ~ ssl_lib.c + ssl_versions.c > Move relatively new version range code from ssl_lib.c into a separate > ssl_versions.c file. > ok beck@ (jsing@) ~ d1_clnt.c ~ d1_lib.c ~ d1_pkt.c ~ d1_srvr.c ~ ssl_both.c ~ ssl_clnt.c ~ ssl_lib.c ~ ssl_locl.h ~ ssl_pkt.c ~ ssl_srvr.c ~ t1_lib.c > Remove most of SSL3_ENC_METHOD - we can just inline the function calls > and defines since they are the same everywhere. > ok beck@ (jsing@) ~ ssl_pkt.c > Refactor the code to generate a WANT_READ into a function, as we are > using it more and more to avoid spins. > ok jsing@ (beck@) ~ ssl.h ~ ssl_err.c ~ ssl_locl.h ~ ssl_pkt.c > Limit the number of sequential empty records that we will process > before yielding, and fail if we exceed a maximum. loosely based > on what boring and openssl are doing > ok jsing@ (beck@) ~ ssl_pkt.c > english is hard. (beck@) - ssl_err2.c ~ Makefile ~ ssl_err.c > Merge the single two line function from ssl_err2.c into ssl_err.c. > ok beck@ (jsing@) ~ d1_both.c ~ d1_clnt.c ~ d1_lib.c ~ d1_pkt.c ~ d1_srtp.c ~ d1_srvr.c ~ s3_lib.c ~ ssl_asn1.c ~ ssl_both.c ~ ssl_cert.c ~ ssl_ciph.c ~ ssl_clnt.c ~ ssl_err.c ~ ssl_lib.c ~ ssl_locl.h ~ ssl_packet.c ~ ssl_pkt.c ~ ssl_rsa.c ~ ssl_sess.c ~ ssl_srvr.c ~ ssl_txt.c ~ t1_enc.c ~ t1_lib.c ~ t1_reneg.c > Send the error function codes to rot in the depths of hell where they > belong > We leave a single funciton code (0xFFF) to say "SSL_internal" so the public > API will not break, and we replace all internal use of the two argument > SSL_err() with the internal only SSL_error() that only takes a reason code. > ok jsing@ (beck@) ~ d1_both.c ~ d1_clnt.c ~ d1_srtp.c ~ d1_srvr.c ~ s3_lib.c ~ ssl_both.c ~ ssl_cert.c ~ ssl_ciph.c ~ ssl_clnt.c ~ ssl_lib.c ~ ssl_packet.c ~ ssl_pkt.c ~ ssl_rsa.c ~ ssl_sess.c ~ ssl_srvr.c ~ t1_enc.c ~ t1_lib.c ~ t1_reneg.c > Finish the fallout of the SSLerr->SSLerror cleanup to get rid of the ugly > line wraps that resulted (beck@) ~ ssl_srvr.c > Convert ssl3_get_client_hello() to CBS. > ok beck@ (jsing@) ~ bio_ssl.c > knf (beck@) libtls ~ shlib_version > Bump libtls minor due to symbol additions earlier this week. (jsing@) ~ tls.h > Bump TLS_API due to new features being added earlier this week. (jsing@) ~ tls.c ~ tls_client.c ~ tls_internal.h ~ tls_server.c > Use a flag to track when we need to call SSL_shutdown(). This avoids an > issue where by calling tls_close() on a TLS context that has not attempted > a handshake, results in an unexpected failure. > Reported by Vinay Sajip. > ok beck@ (jsing@) ~ man/tls_conn_version.3 > fix Dt; (jmc@) == regress =========================================================== 03/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress sys ~ kern/unfdpass/Makefile ~ kern/unfdpass/unfdpass.c > enable compiler warnings and fix them. (benno@) + kern/pledge/ioctl/Makefile + kern/pledge/ioctl/expected + kern/pledge/ioctl/pfioctl1.c + kern/pledge/ioctl/pfioctl2.c + kern/pledge/ioctl/unfdpass.c > add check for pledge(pf), and pledge(pf) + fd passing (benno@) ~ kern/pledge/Makefile > deactivate the existing pledge regress tests, they need > some changes to work again. > activate new ioctl subdirectory. (benno@) usr.bin ~ mandoc/char/space/zerowidth.out_html ~ mandoc/char/unicode/ascii.out_html ~ mandoc/char/unicode/latin1.out_html ~ mandoc/char/unicode/latin1diff.out_html ~ mandoc/char/unicode/named.out_html ~ mandoc/char/unicode/namediff.out_html ~ mandoc/char/unicode/nogroff.out_html > Fix -man -Thtml formatting after .nf (which has nothing to do > with "literal", by the way, it means "no fill"): > * Use <pre> such that whitespace is preserved. > * Preserve lines breaks. > * For font alternating macros, avoid node recursion which required > scary juggling with the fill state. Instead, simply print the text > children directly. > Missing feature first noticed by kristaps@ in 2011, > the again reported by afresh1@ in 2016, > and finally reported here: https://github.com/Debian/debiman/issues/21 , > which i only found because of Shane Kerr's comment here: > https://plus.google.com/110314300533310775053/posts/H1eaw9Yskoc (schwarze@) usr.sbin ~ ldapd/Makefile > Each entry in REGRESS_TARGETS is run in a separate make process, so the > .END target will kill ldapd after each one. To compensate, make each test > target depend on bootstrap to ensure ldapd is running. In .END, remove the > pid file after killing ldapd so reduce noise. (jmatthew@) == sbin ============================================================== 04/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin pfctl ~ pfctl.8 ~ pfctl.c > Select the routing domain to be used for kill states by host or by > label, by adding a -V <rdomain> option. > written by Bertrand Provost, provost DOT bertrand AT gmail DOT com, thanks. > ok florian@, with feedback from florian and jmc. (benno@) ~ pfctl.8 > one more fix i requested for previous; (jmc@) == share ============================================================= 05/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share man ~ man4/virtio.4 > add fdt config line to synopsis (jsg@) == sys =============================================================== 06/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys arch/arm64/conf ~ files.arm64 > The only difference between armv7 and arm64 fdt virtio attachments is an > uneeded include. Remove the include and move to MI fdt directory. (jsg@) arch/arm64/dev - virtio_mmio.c > The only difference between armv7 and arm64 fdt virtio attachments is an > uneeded include. Remove the include and move to MI fdt directory. (jsg@) arch/armv7/vexpress - virtio_mmio.c ~ files.vexpress > The only difference between armv7 and arm64 fdt virtio attachments is an > uneeded include. Remove the include and move to MI fdt directory. (jsg@) arch/sparc64/conf ~ GENERIC > Disable pgt(4) and acx(4) on sparc64. The kernel has grown too large. > Unbreaks the build and allows GENERIC.MP to boot again on T5220. > I am quite sure the zero users of these old wireless cards on sparc64 > will be much happier with a ral(4) or athn(4) card instead. > ok otto@ (stsp@) dev/fdt ~ files.fdt + virtio_mmio.c > The only difference between armv7 and arm64 fdt virtio attachments is an > uneeded include. Remove the include and move to MI fdt directory. (jsg@) dev/ic ~ rtwn.c > Fix rtwn(4) IQ calibration code (affects PCI devices only). > Some bits which probably should have been cleared were never cleared. > Inspired by parts of FreeBSD's giant r307529 commit. > Tested by myself on 8188CE PCI and jca@ on RTL8188RU USB. (stsp@) kern ~ uipc_socket.c > Do not hold the netlock while pool_get() may sleep. It is not > necessary to lock code that initializes a new socket structure > before it has been linked to any global list. > OK mpi@ (bluhm@) ~ uipc_syscalls.c > Allocate the mbuf before the netlock. While here, move the setting of > nflag closer to where its value is used. > ok mpi@ (dhill@) netinet ~ ip_icmp.c ~ ip_ipsp.h ~ ipsec_input.c ~ tcp_subr.c ~ tcp_var.h ~ udp_usrreq.c ~ udp_var.h > Reduce the difference between struct protosw and ip6protosw. The > IPv4 pr_ctlinput functions did return a void pointer that was always > NULL and never used. Make all functions void like in the IPv6 case. > OK mpi@ (bluhm@) netinet6 ~ ip6protosw.h > Reduce the difference between struct protosw and ip6protosw. The > IPv4 pr_ctlinput functions did return a void pointer that was always > NULL and never used. Make all functions void like in the IPv6 case. > OK mpi@ (bluhm@) sys ~ protosw.h > Reduce the difference between struct protosw and ip6protosw. The > IPv4 pr_ctlinput functions did return a void pointer that was always > NULL and never used. Make all functions void like in the IPv6 case. > OK mpi@ (bluhm@) == usr.bin =========================================================== 07/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin mandoc ~ html.c ~ html.h ~ man_html.c > Fix -man -Thtml formatting after .nf (which has nothing to do > with "literal", by the way, it means "no fill"): > * Use <pre> such that whitespace is preserved. > * Preserve lines breaks. > * For font alternating macros, avoid node recursion which required > scary juggling with the fill state. Instead, simply print the text > children directly. > Missing feature first noticed by kristaps@ in 2011, > the again reported by afresh1@ in 2016, > and finally reported here: https://github.com/Debian/debiman/issues/21 , > which i only found because of Shane Kerr's comment here: > https://plus.google.com/110314300533310775053/posts/H1eaw9Yskoc (schwarze@) nc ~ nc.1 > oscp -> ocsp; > from holger mikolon, plus one more in nc; (jmc@) == usr.sbin ========================================================== 08/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin ldomctl ~ ldomctl.8 > Document the ldomctl(8) 'select' command previously not mentioned in the > manual page. Also, replace an alternative fact given for the 'dump' command > with an actual fact: it does not accept an argument. (stsp@) ocspcheck ~ ocspcheck.c > Fix the structure initialzation to compile. bad inioguchi and millert :) > ok jsing@ rpe@ (beck@) ~ ocspcheck.c > style (beck@) ~ ocspcheck.c > Use numeric exit codes consistently rather than a mix > ok jsing@ (beck@) ~ ocspcheck.8 ~ ocspcheck.c > oscp -> ocsp; > from holger mikolon, plus one more in nc; (jmc@) syspatch ~ syspatch.sh > Spacing and use arithmetic test > OK aja@ (rpe@) ~ syspatch.sh > No need to escape '.' in shell patterns - it has no special meaning. > OK aja@ (rpe@) ~ syspatch.sh > Move setting _OSrev to immediately after verifying _KERNV and exit > early if _OSrev is empty. > OK aja@ (rpe@) ~ syspatch.sh > Remove unused _REL variable > OK aja@ (rpe@) =============================================================================== _______________________________________________ odc mailing list [email protected] http://www.squish.net/mailman/listinfo/odc
