OpenBSD src changes summary for 2017-04-10
==========================================

distrib/sets                            games/adventure
gnu/usr.bin/clang                       include/stdlib.h
lib/libc                                lib/libcrypto
lib/libssl                              lib/libtls
regress/lib                             sbin/dhclient
sbin/fsck_ffs                           sbin/ipsecctl
sys/arch/mips64/include                 sys/dev/pci
usr.sbin/sasyncd                        usr.sbin/slaacctl
usr.sbin/slaacd                         usr.sbin/slaacdctl

== distrib =========================================================== 01/09 ==

  http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib

sets

  ~ lists/base/mi                         

  > sync (deraadt@)

  ~ lists/comp/md.arm64                   

  > sync (jsg@)

  ~ lists/comp/mi                         

  > sync (deraadt@)

  ~ lists/comp/mi                         

  > sync (deraadt@)

== games ============================================================= 02/09 ==

  http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/games

adventure

  ~ hdr.h                                 

  > Clean up disabled declaration in the text struct.
  > OK deraadt@ (fcambus@)

== gnu =============================================================== 03/09 ==

  http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/gnu

usr.bin/clang

  ~ include/clang/intrin/Makefile         

  > Generate and install arm_neon.h on arm and arm64.
  > ok jsg@ (kettenis@)

== include =========================================================== 04/09 ==

  http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/include

stdlib.h

  ~ stdlib.h                              

  > Introducing freezero(3) a version of free that guarantees the process
  > no longer has access to the content of a memmory object. It does
  > this by either clearing (if the object memory remains cached) or
  > by calling munmap(2). ok millert@, deraadt@, guenther@ (otto@)

== lib =============================================================== 05/09 ==

  http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib

libc

  ~ shlib_version                         

  > monir bump for freezero (otto@)

  ~ Symbols.list                          ~ hidden/stdlib.h
  ~ stdlib/malloc.3                       ~ stdlib/malloc.c

  > Introducing freezero(3) a version of free that guarantees the process
  > no longer has access to the content of a memmory object. It does
  > this by either clearing (if the object memory remains cached) or
  > by calling munmap(2). ok millert@, deraadt@, guenther@ (otto@)

  ~ stdlib/malloc.3                       

  > tweak previous; (jmc@)

  ~ sys/recv.2                            

  > Fix tabs in example code. (jca@)

libcrypto

  ~ man/X509_cmp_time.3                   

  > document three additional functions;
  > from Emilia Kasper <emilia at openssl dot org>, OpenSSL commit 4ac139b4
  > (schwarze@)

  ~ man/EVP_PKEY_CTX_new.3                ~ man/EVP_PKEY_derive.3
  ~ man/EVP_PKEY_keygen.3                 ~ man/Makefile
  + man/X25519.3                          

  > new X25519(3) manual page;
  > from Dr. Stephen Henson <[email protected]>, OpenSSL commit d218f3c3
  > (schwarze@)

libssl

  ~ man/SSL_CTX_sess_number.3             

  > typo fix; from <Jon dot Spillett at oracle dot com>
  > via OpenSSL commit 7bd27895 (schwarze@)

  ~ man/SSL_CTX_use_certificate.3         

  > pasto; from <Jon dot Spillett at oracle dot com> via OpenSSL commit
  > 3aaa1bd0 (schwarze@)

  ~ ssl_clnt.c                            

  > Convert various client key exchange functions to freezero(3). The memory
  > contents needs to be made inaccessible - this is simpler and less error
  > prone than the current "if not NULL, explicit_bzero(); free()" dance.
  > (jsing@)

  ~ man/Makefile                          
  + man/SSL_CTX_set_tlsext_servername_callback.3

  > new manual page SSL_CTX_set_tlsext_servername_callback(3) for SNI;
  > from <Jon dot Spillett at oracle dot com>
  > via OpenSSL commit 8c55c461 (schwarze@)

  ~ man/SSL_CTX_add_extra_chain_cert.3    ~ man/SSL_CTX_ctrl.3
  ~ man/SSL_CTX_sess_number.3             ~ man/SSL_CTX_sess_set_cache_size.3
  ~ man/SSL_CTX_set_max_cert_list.3       ~ man/SSL_CTX_set_mode.3
  ~ man/SSL_CTX_set_options.3             
  ~ man/SSL_CTX_set_session_cache_mode.3
  ~ man/SSL_CTX_set_tlsext_status_cb.3    
  ~ man/SSL_CTX_set_tlsext_ticket_key_cb.3
  ~ man/SSL_num_renegotiations.3          ~ man/SSL_session_reused.3
  ~ man/SSL_set_max_send_fragment.3       ~ man/ssl.3

  > for pure *_ctrl() wrapper macros, move the reference from ssl(3)
  > to SSL_CTX_ctrl(3) to make ssl(3) slightly more palatable (schwarze@)

  ~ man/Makefile                          
  ~ man/SSL_CTX_set_session_id_context.3
  ~ man/SSL_SESSION_get_time.3            ~ man/SSL_SESSION_new.3
  ~ man/SSL_copy_session_id.3             ~ man/SSL_get_session.3
  ~ man/ssl.3                             + man/SSL_SESSION_get0_peer.3
  + man/SSL_SESSION_get_compress_id.3     + man/SSL_SESSION_get_id.3
  + man/SSL_SESSION_set1_id_context.3     

  > Additional SSL_SESSION documentation
  > from Matt Caswell <matt at openssl dot org>, OpenSSL commit b31db505.
  > Improve crosslinking while here. (schwarze@)

  ~ man/Makefile                          ~ man/SSL_CTX_ctrl.3
  + man/SSL_get_server_tmp_key.3          

  > new manual page SSL_get_server_tmp_key(3)
  > from Matt Caswell <[email protected]>, OpenSSL commit 508fafd8 (schwarze@)

  ~ man/BIO_f_ssl.3                       ~ man/SSL_CTX_set_cert_store.3
  ~ man/d2i_SSL_SESSION.3                 

  > fix some .Xr errors that jmc@ found with mdoclint(1) (schwarze@)

  ~ ssl_asn1.c                            

  > Use freezero() for i2d_SSL_SESSION() - one line of code instead of three.
  > In this case the memory allocated can also be significant, in which case
  > freezero() will have less overhead than explicit_bzero() (munmap instead
  > of touching all of the memory to write zeros). (jsing@)

  ~ t1_enc.c                              

  > freezero() the key block; simpler code and less of it. (jsing@)

  ~ s3_lib.c                              

  > Use freezero() for X25519 keys - same result with more readable code.
  > (jsing@)

  ~ d1_lib.c                              ~ s3_lib.c
  ~ ssl_sess.c                            

  > Use freezero() for the internal opaque structures, instead of the current
  > explicit_bzero()/free(). Less code and potentially less overhead. (jsing@)

libtls

  ~ tls_client.c                          ~ tls_internal.h
  ~ tls_peer.c                            ~ tls_server.c
  ~ tls_verify.c                          

  > Rework name verification code so that a match is indicated via an argument,
  > rather than return codes. More strictly follow RFC 6125, in particular only
  > check the CN if there are no SAN identifiers present in the certificate
  > (per section 6.4.4).
  > Previous behaviour questioned by Daniel Stenberg <daniel at haxx dot se>.
  > ok beck@ jca@ (jsing@)

== regress =========================================================== 06/09 ==

  http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress

lib

  ~ libtls/verify/verifytest.c            

  > Rework and significantly extend TLS name verification tests to match
  > changes in libtls. (jsing@)

== sbin ============================================================== 07/09 ==

  http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin

dhclient

  ~ dhclient.c                            ~ privsep.c
  ~ privsep.h                             

  > Rework -L logic to use the idiom used in handling the leases file.
  > i.e. open FILE during program set up and use the FILE created for
  > the rest of the program lifetime after dropping privilege and
  > pledge()'ing. No need for passing messages to the priv process.
  > Tweak lease file handling a bit in passing.
  > Monitoring the -L file with external programs like sysutils/entr
  > still works.
  > Looks good to sthen@. (krw@)

fsck_ffs

  ~ pass1.c                               

  > Remove always false comparison: inosused type is ino_t, which is
  > unsigned.
  > While there, fix a whitespace issue.
  > OK deraadt@ (fcambus@)

ipsecctl

  ~ pfkdump.c                             

  > Found another len += snprintf...
  > ok mikeb (deraadt@)

== sys =============================================================== 08/09 ==

  http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys

arch/mips64/include

  ~ signal.h                              

  > Use __ASSEMBLER__ instead of __LANGUAGE_ASSEMBLY.
  > The latter is not defined by clang.
  > OK guenther@, kettenis@ (visa@)

dev/pci

  ~ if_msk.c                              

  > Attempt to map msk(4) interrupt via MSI.
  > The device tree that ships with the overdrive 1000 has an interrupt-map
  > property that is known to be wrong.  Using MSI on msk makes the builtin
  > Ethernet on the overdrive 1000 work.
  > Tested on arm64 with
  > "Marvell Yukon 88E8059" rev 0x00, Yukon-2 Optima (0x1)
  > and i386 with
  > "Marvell Yukon 88E8072" rev 0x10, Yukon-2 Extreme rev. B0 (0x2)
  > Committing this early in the release cycle to try find cases where using
  > MSI doesn't work.
  > Based on part of an earlier patch from jmatthew@
  > ok jmatthew@ kettenis@ (jsg@)

== usr.sbin ========================================================== 09/09 ==

  http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin

sasyncd

  ~ sasyncd.c                             

  > Check early if the mandatory carp "interface" was configured.
  > This allows the new -n config check to work correctly.
  > OK jsg@ deraadt@ (reyk@)

slaacctl

  + Makefile                              + parser.c
  + parser.h                              + slaacctl.8
  + slaacctl.c                            

  > The canonical name for ctl programs is without 'd'.
  > Pointed out by Brad.
  > OK deraadt@ (florian@)

  ~ slaacctl.8                            

  > slaacdctl -> slaacctl; (jmc@)

slaacd

  ~ slaacd.8                              

  > slaacdctl -> slaacctl; (jmc@)

slaacdctl

  - Makefile                              - parser.c
  - parser.h                              - slaacdctl.8
  - slaacdctl.c                           

  > The canonical name for ctl programs is without 'd'.
  > Pointed out by Brad.
  > OK deraadt@ (florian@)

===============================================================================
_______________________________________________
odc mailing list
[email protected]
http://www.squish.net/mailman/listinfo/odc

Reply via email to