OpenBSD src changes summary for 2017-03-10 ==========================================
distrib/arm64 distrib/miniroot lib/libssl regress/lib share/man sys/arch/arm64/conf sys/arch/armv7/armv7 sys/arch/armv7/exynos sys/arch/armv7/include sys/dev/usb sys/net sys/netinet usr.bin/ssh usr.sbin/httpd usr.sbin/relayd == distrib =========================================================== 01/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib arm64 ~ miniroot/Makefile ~ ramdisk/install.md > The SoftIron OverDrive 3000 boots to an EFI shell. Create a startup.nsh > file on the ESP to explicitly load bootaa64.efi so it will load without > manual intervention. > Suggested by patrick@ verified by deraadt@ ok kettenis@ > The partition type of the ESP remains 0x0c rather than 0xef as it > should be as otherwise the rpi3 won't boot. The AMI EDK2 based UEFI > on the other hand can handle the ESP partition type being 0x0c or 0xef. > (jsg@) miniroot ~ install.sub > Always create the installurl(5) file during installation and upgrade > if it does not yet exist. Before it was created only when a mirror > server was used. > suggested by deraadt@ > OK halex@ tb@ (rpe@) ~ install.sub > Explain more accurately why to remember the sets location. > noted by tb@ (rpe@) ~ install.sub > Search case-insensitive for HTTP_SERVER in the ftplist.cgi output. > This ensures that ftp.OpenBSD.org is detected as mirror if > ftp.openbsd.org is specified as set location. > noticed by tj@ > joint work with and OK tb@ (rpe@) ~ install.sub > In a scenario, where the distribution sets are fetched from a mirror > and the siteXX.tgz file is fetched from a local server, ensure that > the mirror server ends up in /etc/installurl. > joint work with and OK tb@ (rpe@) ~ install.sub > Add a comment why INSTALL_MIRROR must not become a local variable > although it's only used in install_http() now. (rpe@) == lib =============================================================== 02/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib libssl ~ t1_enc.c > Make tls1_PRF() non-static so it can be regress tested. (jsing@) ~ t1_enc.c > First pass at cleaning up the tls1_P_hash() function - remove a pointless > EVP_DigestSignInit() call and avoid the need for ctx_tmp by reordering the > code slightly. > ok inoguchi@ (jsing@) ~ bs_cbb.c > Switch CBB to use recallocarray() - this ensures that we do not leak > secrets via realloc(). > ok inoguchi@ (jsing@) ~ d1_srvr.c ~ s3_lib.c ~ ssl_ciph.c ~ ssl_clnt.c ~ ssl_locl.h ~ ssl_srvr.c ~ t1_enc.c > Remove the handshake digests and related code, replacing remaining uses > with the handshake hash. For now tls1_digest_cached_records() is retained > to release the handshake buffer. > ok beck@ inoguchi@ (jsing@) == regress =========================================================== 03/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress lib ~ libssl/unit/Makefile + libssl/unit/tls_prf.c > Add a unit test for tls1_PRF(). (jsing@) ~ libc/asr/Makefile ~ libc/asr/regress.sh ~ libc/asr/regress.subr > refresh the test infrastructure a bit. (eric@) == share ============================================================= 04/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share man ~ man5/installurl.5 > Reflect the installer change in the manual page. (rpe@) ~ man5/hostname.if.5 > update the autoconfiguration section for ip6 to use "autoconf" rather > than "rtsol": the former is the new way to do things and showing two > ways to do this is just confusing; > ok bluhm (jmc@) == sys =============================================================== 05/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys arch/arm64/conf ~ GENERIC ~ RAMDISK > enable amphy(4) for udav(4) and urlphy(4) for url(4) (jsg@) arch/armv7/armv7 ~ armv7_machdep.c > Lookup the /memory node again after we reinit the FDT. This makes adding > additional memory segments provided by the device tree actually work. > ok jsg@ (kettenis@) arch/armv7/exynos ~ files.exynos + exdwusb.c > Add glue to attach xhci(4) on exynos. (kettenis@) - exynos_machdep.c > Missed this file in the deplatformization commit. (kettenis@) - expowervar.h ~ exehci.c ~ expower.c > Use regmap interface to power up the PHY block. (kettenis@) arch/armv7/include ~ vmparam.h > Set VM_PHYSSEG_MAX to 32 and use VM_PSTRAT_BSEARCH as the sort/search > option > like we do on macppc and sparc64. This makes our kernel recognize all the > memory on the Odroid XU4. > ok jsg@ (kettenis@) dev/usb ~ usbdi.c ~ ehci.c ~ ohci.c ~ uhci.c ~ xhci.c ~ dwc2/dwc2.c > Move per HC polling code to the stack. > This code contains a use-after-free which be addressed in an upcoming > diff. > This fix xhci(4) polling mode. > ok kettenis@ (mpi@) ~ ehci.c ~ ohci.c ~ uhci.c ~ usbdi.c ~ xhci.c ~ dwc2/dwc2.c > Fix a use-after-free when sending root hub control transfers. > *_root_ctrl_start() routines are synchronous and all end up calling > usb_transfer_complete() in the non-error case. After calling this > function it is unsafe to dereference ``xfer'' since the transfer > callback has been called. So returning USBD_IN_PROGRESS is wrong in > this case since transfers are always completed at this point. > So return USBD_NORMAL_COMPLETION or the corresponding error code if > something wrong happen. (mpi@) net ~ bfd.c ~ bfd.h > move receiving and processing the BFD packet into a task (phessler@) ~ bfd.c ~ bfd.h > move clearing the bfd config to a task. while here, fix a typo (phessler@) netinet ~ in_proto.c ~ ip_ipip.c ~ ip_ipip.h > percpu counters for ip_ipip.c > ok bluhm@ dhill@ mpi@ (jca@) == usr.bin =========================================================== 06/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin ssh ~ digest-openssl.c > Validate digest arg in ssh_digest_final; from jjelen at redhat.com via > bz#2687, ok djm@ (dtucker@) ~ log.c > don't truncate off \r\n from long stderr lines; bz#2688, reported by > Brian Dyson; ok dtucker@ (djm@) ~ ssh-keyscan.c > correctly hash hosts with a port number. Reported by Josh Powers in > bz#2692; ok dtucker@ (djm@) ~ sshconnect.c > Plug descriptor leaks of auth_sock. From jjelen at redhat.com via > bz#2687, ok djm@ (dtucker@) ~ readconf.c > Plug mem leak on GLOB_NOMATCH case. From jjelen at redhat.com via > bz#2687, ok djm@ (dtucker@) ~ kex.c > Plug some mem leaks mostly on error paths. From jjelen at redhat.com > via bz#2687, ok djm@ (dtucker@) ~ sshkey.c > Check for NULL argument to sshkey_read. Patch from jjelen at redhat.com > via bz#2687, ok djm@ (dtucker@) ~ match.c > reword a comment to make it fit 80 columns (djm@) ~ sshconnect1.c > Check for NULL return value from key_new. Patch from jjelen at redhat.com > via bz#2687, ok djm@ (dtucker@) ~ kex.c ~ ssh.c ~ sshkey.c ~ sshkey.h > fix regression in 7.4 server-sig-algs, where we were accidentally > excluding SHA2 RSA signature methods. bz#2680, patch from Nuno > Goncalves; ok dtucker@ (djm@) ~ servconf.c > Remove old null check from config dumper. Patch from jjelen at redhat.com > vi bz#2687, ok djm@ (dtucker@) ~ match.c > make hostname matching really insensitive to case; bz#2685, > reported by Petr Cerny; ok dtucker@ (djm@) ~ hostfile.c ~ ssh-keygen.c ~ ssh-keyscan.c > ensure hostname is lower-case before hashing it; bz#2591 reported by > Griff Miller II; ok dtucker@ (djm@) ~ readconf.c > better match sshd config parser behaviour: fatal() if line is overlong, > increase line buffer to match sshd's; bz#2651 reported by Don Fong; > ok dtucker@ (djm@) ~ clientloop.c > When updating hostkeys, accept RSA keys if HostkeyAlgorithms contains > any RSA keytype. Previously, ssh could ignore RSA keys when any of the > ssh-rsa-sha2-* methods was enabled in HostkeyAlgorithms nit ssh-rsa > (SHA1 signatures) was not. bz#2650 reported by Luis Ressel; > ok dtucker@ (djm@) ~ krl.c > krl.c (dtucker@) == usr.sbin ========================================================== 07/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin httpd ~ server_http.c > Sync from relayd: DELETE can have a body. > Fix by Rivo Nurges, fixes a problem with Atlassian JIRA > OK benno@ (reyk@) relayd ~ relay_http.c > DELETE can have a body. > Fix by Rivo Nurges, fixes a problem with Atlassian JIRA > OK benno@ (reyk@) =============================================================================== _______________________________________________ odc mailing list [email protected] http://www.squish.net/mailman/listinfo/odc
