OpenBSD src changes summary for 2017-04-10 ==========================================
distrib/sets games/adventure gnu/usr.bin/clang include/stdlib.h lib/libc lib/libcrypto lib/libssl lib/libtls regress/lib sbin/dhclient sbin/fsck_ffs sbin/ipsecctl sys/arch/mips64/include sys/dev/pci usr.sbin/sasyncd usr.sbin/slaacctl usr.sbin/slaacd usr.sbin/slaacdctl == distrib =========================================================== 01/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib sets ~ lists/base/mi > sync (deraadt@) ~ lists/comp/md.arm64 > sync (jsg@) ~ lists/comp/mi > sync (deraadt@) ~ lists/comp/mi > sync (deraadt@) == games ============================================================= 02/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/games adventure ~ hdr.h > Clean up disabled declaration in the text struct. > OK deraadt@ (fcambus@) == gnu =============================================================== 03/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/gnu usr.bin/clang ~ include/clang/intrin/Makefile > Generate and install arm_neon.h on arm and arm64. > ok jsg@ (kettenis@) == include =========================================================== 04/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/include stdlib.h ~ stdlib.h > Introducing freezero(3) a version of free that guarantees the process > no longer has access to the content of a memmory object. It does > this by either clearing (if the object memory remains cached) or > by calling munmap(2). ok millert@, deraadt@, guenther@ (otto@) == lib =============================================================== 05/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib libc ~ shlib_version > monir bump for freezero (otto@) ~ Symbols.list ~ hidden/stdlib.h ~ stdlib/malloc.3 ~ stdlib/malloc.c > Introducing freezero(3) a version of free that guarantees the process > no longer has access to the content of a memmory object. It does > this by either clearing (if the object memory remains cached) or > by calling munmap(2). ok millert@, deraadt@, guenther@ (otto@) ~ stdlib/malloc.3 > tweak previous; (jmc@) ~ sys/recv.2 > Fix tabs in example code. (jca@) libcrypto ~ man/X509_cmp_time.3 > document three additional functions; > from Emilia Kasper <emilia at openssl dot org>, OpenSSL commit 4ac139b4 > (schwarze@) ~ man/EVP_PKEY_CTX_new.3 ~ man/EVP_PKEY_derive.3 ~ man/EVP_PKEY_keygen.3 ~ man/Makefile + man/X25519.3 > new X25519(3) manual page; > from Dr. Stephen Henson <[email protected]>, OpenSSL commit d218f3c3 > (schwarze@) libssl ~ man/SSL_CTX_sess_number.3 > typo fix; from <Jon dot Spillett at oracle dot com> > via OpenSSL commit 7bd27895 (schwarze@) ~ man/SSL_CTX_use_certificate.3 > pasto; from <Jon dot Spillett at oracle dot com> via OpenSSL commit > 3aaa1bd0 (schwarze@) ~ ssl_clnt.c > Convert various client key exchange functions to freezero(3). The memory > contents needs to be made inaccessible - this is simpler and less error > prone than the current "if not NULL, explicit_bzero(); free()" dance. > (jsing@) ~ man/Makefile + man/SSL_CTX_set_tlsext_servername_callback.3 > new manual page SSL_CTX_set_tlsext_servername_callback(3) for SNI; > from <Jon dot Spillett at oracle dot com> > via OpenSSL commit 8c55c461 (schwarze@) ~ man/SSL_CTX_add_extra_chain_cert.3 ~ man/SSL_CTX_ctrl.3 ~ man/SSL_CTX_sess_number.3 ~ man/SSL_CTX_sess_set_cache_size.3 ~ man/SSL_CTX_set_max_cert_list.3 ~ man/SSL_CTX_set_mode.3 ~ man/SSL_CTX_set_options.3 ~ man/SSL_CTX_set_session_cache_mode.3 ~ man/SSL_CTX_set_tlsext_status_cb.3 ~ man/SSL_CTX_set_tlsext_ticket_key_cb.3 ~ man/SSL_num_renegotiations.3 ~ man/SSL_session_reused.3 ~ man/SSL_set_max_send_fragment.3 ~ man/ssl.3 > for pure *_ctrl() wrapper macros, move the reference from ssl(3) > to SSL_CTX_ctrl(3) to make ssl(3) slightly more palatable (schwarze@) ~ man/Makefile ~ man/SSL_CTX_set_session_id_context.3 ~ man/SSL_SESSION_get_time.3 ~ man/SSL_SESSION_new.3 ~ man/SSL_copy_session_id.3 ~ man/SSL_get_session.3 ~ man/ssl.3 + man/SSL_SESSION_get0_peer.3 + man/SSL_SESSION_get_compress_id.3 + man/SSL_SESSION_get_id.3 + man/SSL_SESSION_set1_id_context.3 > Additional SSL_SESSION documentation > from Matt Caswell <matt at openssl dot org>, OpenSSL commit b31db505. > Improve crosslinking while here. (schwarze@) ~ man/Makefile ~ man/SSL_CTX_ctrl.3 + man/SSL_get_server_tmp_key.3 > new manual page SSL_get_server_tmp_key(3) > from Matt Caswell <[email protected]>, OpenSSL commit 508fafd8 (schwarze@) ~ man/BIO_f_ssl.3 ~ man/SSL_CTX_set_cert_store.3 ~ man/d2i_SSL_SESSION.3 > fix some .Xr errors that jmc@ found with mdoclint(1) (schwarze@) ~ ssl_asn1.c > Use freezero() for i2d_SSL_SESSION() - one line of code instead of three. > In this case the memory allocated can also be significant, in which case > freezero() will have less overhead than explicit_bzero() (munmap instead > of touching all of the memory to write zeros). (jsing@) ~ t1_enc.c > freezero() the key block; simpler code and less of it. (jsing@) ~ s3_lib.c > Use freezero() for X25519 keys - same result with more readable code. > (jsing@) ~ d1_lib.c ~ s3_lib.c ~ ssl_sess.c > Use freezero() for the internal opaque structures, instead of the current > explicit_bzero()/free(). Less code and potentially less overhead. (jsing@) libtls ~ tls_client.c ~ tls_internal.h ~ tls_peer.c ~ tls_server.c ~ tls_verify.c > Rework name verification code so that a match is indicated via an argument, > rather than return codes. More strictly follow RFC 6125, in particular only > check the CN if there are no SAN identifiers present in the certificate > (per section 6.4.4). > Previous behaviour questioned by Daniel Stenberg <daniel at haxx dot se>. > ok beck@ jca@ (jsing@) == regress =========================================================== 06/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress lib ~ libtls/verify/verifytest.c > Rework and significantly extend TLS name verification tests to match > changes in libtls. (jsing@) == sbin ============================================================== 07/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin dhclient ~ dhclient.c ~ privsep.c ~ privsep.h > Rework -L logic to use the idiom used in handling the leases file. > i.e. open FILE during program set up and use the FILE created for > the rest of the program lifetime after dropping privilege and > pledge()'ing. No need for passing messages to the priv process. > Tweak lease file handling a bit in passing. > Monitoring the -L file with external programs like sysutils/entr > still works. > Looks good to sthen@. (krw@) fsck_ffs ~ pass1.c > Remove always false comparison: inosused type is ino_t, which is > unsigned. > While there, fix a whitespace issue. > OK deraadt@ (fcambus@) ipsecctl ~ pfkdump.c > Found another len += snprintf... > ok mikeb (deraadt@) == sys =============================================================== 08/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys arch/mips64/include ~ signal.h > Use __ASSEMBLER__ instead of __LANGUAGE_ASSEMBLY. > The latter is not defined by clang. > OK guenther@, kettenis@ (visa@) dev/pci ~ if_msk.c > Attempt to map msk(4) interrupt via MSI. > The device tree that ships with the overdrive 1000 has an interrupt-map > property that is known to be wrong. Using MSI on msk makes the builtin > Ethernet on the overdrive 1000 work. > Tested on arm64 with > "Marvell Yukon 88E8059" rev 0x00, Yukon-2 Optima (0x1) > and i386 with > "Marvell Yukon 88E8072" rev 0x10, Yukon-2 Extreme rev. B0 (0x2) > Committing this early in the release cycle to try find cases where using > MSI doesn't work. > Based on part of an earlier patch from jmatthew@ > ok jmatthew@ kettenis@ (jsg@) == usr.sbin ========================================================== 09/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin sasyncd ~ sasyncd.c > Check early if the mandatory carp "interface" was configured. > This allows the new -n config check to work correctly. > OK jsg@ deraadt@ (reyk@) slaacctl + Makefile + parser.c + parser.h + slaacctl.8 + slaacctl.c > The canonical name for ctl programs is without 'd'. > Pointed out by Brad. > OK deraadt@ (florian@) ~ slaacctl.8 > slaacdctl -> slaacctl; (jmc@) slaacd ~ slaacd.8 > slaacdctl -> slaacctl; (jmc@) slaacdctl - Makefile - parser.c - parser.h - slaacdctl.8 - slaacdctl.c > The canonical name for ctl programs is without 'd'. > Pointed out by Brad. > OK deraadt@ (florian@) =============================================================================== _______________________________________________ odc mailing list [email protected] http://www.squish.net/mailman/listinfo/odc
