OpenBSD src changes summary for 2017-03-28 ==========================================
lib/libc lib/libssl regress/sys sbin/iked sys/arch/amd64/amd64 sys/arch/amd64/include sys/arch/arm64/arm64 sys/arch/i386/i386 sys/dev sys/dev/pci sys/kern usr.bin/mail usr.sbin/bgpd usr.sbin/makefs usr.sbin/syslogd == lib =============================================================== 01/06 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib libc ~ sys/pledge.2 > Document the mcast pledge(2) as an addition to inet. > OK deraadt@ (bluhm@) ~ stdlib/malloc.c > small cleanup & optimization; ok deraadt@ millert@ (otto@) libssl ~ man/SSL_renegotiate.3 > After i wrote SSL_renegotiate(3) from scratch, OpenSSL also > documented the function. Merge the more detailed descriptions > and the additional documentation of SSL_renegotiate_abbreviated(3) > and SSL_renegotiate_pending(3). > From Matt Caswell, OpenSSL commit 39820637. (schwarze@) ~ man/SSL_get_peer_cert_chain.3 > Fix typo in function name; > from Markus Triska <triska at metalevel dot at> > via OpenSSL commit 1f164c6f. (schwarze@) == regress =========================================================== 02/06 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress sys + kern/pledge/sockopt/Makefile + kern/pledge/sockopt/sockopt.c > New import: > Call get/setsockopt(2) with various sockets and check which options ~ kern/pledge/Makefile > Link pledge sockopt regression tests to build. (bluhm@) ~ kern/pledge/sockopt/Makefile > Make the test also work with obj directory. > from semarie@ (bluhm@) == sbin ============================================================== 03/06 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin iked ~ ikev2.c > Returning -1 in an imsg handler like ikev2_dispatch_cert aborts iked. > -1 means "I didn't handle or know this imsg", it should not be used to > indicate an application error in this context. > OK mikeb@ (reyk@) ~ ikev2.c > Don't send informational responses before we're having the key material. > iked starts sending keepalive messages after authentication and after > successfully completing the handshake. Other implementations, like > we've seen on Microsoft Azure, start sending keepalive messages right > after receiving the first SA_INIT message when they set up the key > material, even before we received the SA_INIT response to complete the > DH exchange. The solution is to ignore early keepalive messages > before we're ready to encrypt our response, in the transition between > SA_INIT and AUTH. The peer should still accept one or more missed > keepalives. > OK mikeb@ (reyk@) ~ parse.y > Remove RSA from the list of keywords, lookup is now done in a table. > This lets us configure explicit old-style RSA again. > OK mikeb@ (reyk@) ~ ca.c > Add helpful debug messages to tell us why public key authentication failed. > This is currently only visible in debug mode (eg. iked -dvv), some > debug messages will be turned into regular warnings later. > OK claudio@ deraadt@ (reyk@) == sys =============================================================== 04/06 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys arch/amd64/amd64 ~ identcpu.c > add RDTSCP flags to identcpu.c > ok guenther, deraadt (mlarkin@) ~ vmm.c > Properly handle VMX entry controls governing guest processor mode. > Before seabios, this didn't matter much but now it does since various > bootloaders/kernels need such treatment. > ok deraadt (mlarkin@) arch/amd64/include ~ specialreg.h > add RDTSCP flags to identcpu.c > ok guenther, deraadt (mlarkin@) arch/arm64/arm64 ~ pmap.c > Previous W^X diff only changed the access permissions in the bootstrap page > tables. We need to set them in the final kernel page tables as well. > ok visa@ (kettenis@) ~ vfp.c > Add an instruction synchronisation barrier instruction after changing > the vfp state via cpacr_el1. This matches the advice given in the > "Synchronization requirements for system registers" section of the ARMv8 > ARM. > Without this an overdrive 1000 with A1120 (Cortex A57 r1p2) reliably > triggers "panic: VFP exception in the kernel" when init(8) is run. > ok drahn@ kettenis@ (jsg@) arch/i386/i386 ~ cpu.c > Reset ci_curmap to kernel_pmap() in cpu_hatch(). Otherwise the lazy pmap > switching code might think the old pmap is still active after a resume > which could lead to a page fault in the kernel. > ok stsp@, mlarkin@, deraadt@ (kettenis@) dev ~ audio.c > Simplify rate/channels/bits bounds checking code. From > Michael W. Bombardieri <mb at ii.net>. Thanks. (ratchov@) dev/pci ~ azalia_codec.c > Add quirk for MacBook Pro 5,5. From Manav Rathi <mnvrth at gmail.com>. > Thanks! (ratchov@) ~ envy.c > Make set_params() return the rate the device is using. Fixes > a wrong rate being reported when a unsupported rate was requested. > (ratchov@) kern ~ kern_pledge.c > Allow the multicast ttl/hops and loop options with the mcast pledge. > from Matthias Pitzl; OK deraadt@ (bluhm@) == usr.bin =========================================================== 05/06 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin mail ~ edit.c > Prevent edit'ing a message from corrupting the mailbox. In an mbox file > every message is terminated by an empty line, so we have to make sure it > is preserved. Otherwise the message is combined with the next one. > joint effort with deraadt and millert (natano@) == usr.sbin ========================================================== 06/06 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin bgpd ~ kroute.c > For IPv6 pass prefix not nexthop as network for connected nexthops back to > the RDE so that the code actually works. > Problem found and reported by Pier Carlo Chiodi (pierky at pierky com) > OK deraadt@ (claudio@) makefs ~ msdos/mkfs_msdos.c > add missing braces around a multi line if statement > ok patrick@ deraadt@ (jsg@) syslogd ~ syslogd.c > fix semicolon after if statement in currently uncalled code > ok bluhm@ deraadt@ (jsg@) =============================================================================== _______________________________________________ odc mailing list [email protected] http://www.squish.net/mailman/listinfo/odc
