OpenBSD src changes summary for 2017-04-29 ==========================================
distrib/sets lib/libcrypto lib/libssl regress/usr.sbin sys/arch/arm64/arm64 sys/arch/arm64/conf sys/arch/arm64/dev sys/dev/fdt sys/kern usr.bin/mandoc usr.bin/ssh usr.bin/tmux usr.sbin/smtpd == distrib =========================================================== 01/06 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib sets ~ lists/comp/md.amd64 ~ lists/comp/mi > sync (deraadt@) ~ lists/comp/clang.amd64 ~ lists/comp/clang.i386 ~ lists/comp/md.amd64 > put clang headers into clang sets > ok deraadt@ (jsg@) == lib =============================================================== 02/06 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib libcrypto ~ arc4random/getentropy_linux.c > Switch Linux getrandom() usage to non-blocking mode, continuing to > use fallback mechanims if unsuccessful. > The design of Linux getrandom is broken. It has an > uninitialized phase coupled with blocking behaviour, which > is unacceptable from within a library at boot time without > possible recovery. > ok deraadt@ jsing@ (beck@) ~ arc4random/getentropy_linux.c TAGGED OPENBSD_6_1 > MFC: Switch Linux getrandom() usage to non-blocking mode, continuing to > use fallback mechanims if unsuccessful. > The design of Linux getrandom is broken. It has an > uninitialized phase coupled with blocking behaviour, which > is unacceptable from within a library at boot time without > possible recovery. > ok deraadt@ jsing@ (beck@) ~ opensslv.h TAGGED OPENBSD_6_1 > bump to 2.5.4 (bcook@) ~ crypto.h ~ cryptlib.c ~ evp/names.c TAGGED OPENBSD_6_1 > Stop calling OPENSSL_init() internally, since it is a no-op. Also place > it under #ifndef LIBRESSL_INTERNAL. > ok beck@ (jsing@) libssl ~ ssl_algs.c > Make it safe to call SSL_library_init more than once. > We are basically admitting that pthread is everywhere, and > we will be using it for other things too. > ok jsing@ (beck@) ~ Makefile > We now require you to have a working libpthread (beck@) ~ Makefile ~ ssl_algs.c > Revert previous - we still want to do this, but I forgot about the > installer > and want to avoid the wrath of theo when he arrives home in a couple > of hours :) (beck@) ~ ssl_srvr.c > Fix a bug caused by the return value being set early to signal successful > DTLS cookie validation. This can mask a later failure and result in a > positive return value being returned from ssl3_get_client_hello(), when > it should return a negative value to propagate the error. > Ironically this was introduced in OpenSSL 2e9802b7a7b with the commit > message "Fix DTLS cookie management bugs". > Fix based on OpenSSL. > Issue reported by Nicolas Bouliane <nbouliane at jive dot com>. > ok beck@ (jsing@) ~ ssl_srvr.c TAGGED OPENBSD_6_1 > MFC. > Fix a bug caused by the return value being set early to signal successful > DTLS cookie validation. This can mask a later failure and result in a > positive return value being returned from ssl3_get_client_hello(), when > it should return a negative value to propagate the error. > ok beck@ (jsing@) == regress =========================================================== 03/06 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress usr.sbin + syslogd/args-secure-udp.pl > Test that suslogd's UDP sockets bound to *.514 do not receive packets > if the -u insecure mode is not selected. (bluhm@) == sys =============================================================== 04/06 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys arch/arm64/arm64 ~ machdep.c ~ cpu.c > store cpu model information in the buffer used by the hw.model sysctl > ok kettenis@ (jsg@) ~ ast.c > Call refreshcreds() in ast() since we may get there without going through > do_el0_sync() or mi_syscall(). (kettenis@) ~ trap.c > Move the userret() call out of data_abort() and simply call it just before > we > return from do_el0_sync(). Prevents future mistakes. (kettenis@) arch/arm64/conf ~ GENERIC ~ RAMDISK ~ files.arm64 > Add agintc(4), a driver for interrupt controllers conforming to ARM's > generic interrupt controller architecture specification v3/4. > The hard work was done by drahn@, I just cleaned it up a bit and fixed > a couple of bugs. > ok patrick@, drahn@ (kettenis@) arch/arm64/dev + agintc.c > Add agintc(4), a driver for interrupt controllers conforming to ARM's > generic interrupt controller architecture specification v3/4. > The hard work was done by drahn@, I just cleaned it up a bit and fixed > a couple of bugs. > ok patrick@, drahn@ (kettenis@) ~ agintc.c > Decrement ci_idepth on all returns from agintc_irq_handler(). (kettenis@) dev/fdt - sxiehci.c ~ files.fdt + ehci_fdt.c > Replace sxiehci.c with more generic glue in ehci_fdt.c that is similiar in > spirit to the xhci_fdt.c glue. The new code sets up any attached USB PHYs > based on their "compatible" property. All the hardware supported by > sxiehci.c > should be supported by this new code. In addition to that this adds > support > for the EHCI controllers found on various Rockchip hardware such as the > RK3288 and RK3399 SoCs. > ok patrick@ (kettenis@) kern ~ kern_pledge.c > Mark futex(2) as PLEDGE_STDIO like all other thread-related syscalls. > From semarie@, ok deraadt@ (mpi@) == usr.bin =========================================================== 05/06 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin mandoc - man_hash.c - mdoc_hash.c ~ Makefile ~ libman.h ~ libmandoc.h ~ libmdoc.h ~ man.c ~ mdoc.c ~ mdoc_macro.c ~ mdoc_validate.c ~ read.c ~ roff.c ~ roff.h > Parser unification: use nice ohashes for all three request and macro > tables; > no functional change, minus two source files, minus 200 lines of code. > (schwarze@) ssh ~ ssh-keygen.1 ~ ssh-keygen.c > allow ssh-keygen to include arbitrary string or flag certificate > extensions and critical options. ok markus@ dtucker@ (djm@) ~ ssh-keygen.1 > tweak previous; (jmc@) tmux ~ screen-write.c > Fix UTF-8 combining characters in column 0, based on a diff from Keith > Winstein. (nicm@) == usr.sbin ========================================================== 06/06 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin smtpd ~ mail.file.c > fix argument check, this should never trigger because it is a libexec > called by > smtpd, but for the sake of correctness > from Edgar Pettijohn > ok gilles@ (jung@) =============================================================================== _______________________________________________ odc mailing list [email protected] http://www.squish.net/mailman/listinfo/odc
