OpenBSD src changes summary for 2017-05-06 ==========================================
distrib/miniroot distrib/sets lib/libc lib/libcrypto lib/libssl lib/libtls regress/lib sys/arch/arm64/arm64 sys/arch/arm64/conf sys/dev/fdt sys/dev/pci sys/kern sys/net sys/netinet sys/netinet6 usr.sbin/relayd == distrib =========================================================== 01/05 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib miniroot ~ install.sub > Add build to the list of usernames that are rejected during > installation. > Noted by crd _at_ crdavies.eu > OK tb@ (rpe@) sets ~ lists/base/mi > sync (tb@) == lib =============================================================== 02/05 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib libc ~ sys/kill.2 > Move info about group handling via a negative pid into the list > with the other pid-specific details. (millert@) libcrypto ~ asn1/a_time_tm.c ~ asn1/asn1.h ~ man/ASN1_time_parse.3 > Add ASN1_TIME_set_tm to set an asn1 from a struct tm * > ok jsing@ (beck@) ~ Symbols.list > Add ASN1_TIME_set_to to exported symbols > ok jsing@ (beck@) ~ shlib_version > Bump minors for symbol addition in libcrypto > ok jsing@ (beck@) ~ man/ASN1_time_parse.3 > space needed between macro arg and punctuation; (jmc@) ~ Makefile + hkdf/hkdf.c + hkdf/hkdf.h > Bring in HKDF, from BoringSSL, with regress tests modified to be > in C. Ride previous minor bump > ok tom@ inoguchi@ jsing@ (beck@) libssl ~ ssl_asn1.c ~ ssl_packet.c ~ ssl_versions.c ~ t1_hash.c > Add missing $OpenBSD$ tags. (jsing@) ~ shlib_version > Bump minors for symbol addition in libcrypto > ok jsing@ (beck@) ~ Symbols.list ~ s3_lib.c ~ ssl.h ~ ssl_lib.c ~ ssl_locl.h ~ ssl_versions.c > Provide SSL{,_CTX}_set_{min,max}_proto_version() functions. > Rides minor bump. > ok beck@ (jsing@) ~ d1_clnt.c ~ d1_srvr.c ~ s3_lib.c ~ ssl_both.c ~ ssl_clnt.c ~ ssl_lib.c ~ ssl_locl.h ~ ssl_pkt.c ~ ssl_srvr.c ~ t1_enc.c ~ t1_lib.c > Bring in an SSL_HANDSHAKE structure and commence the great shovelling > ok jsing@, gcc@, regress@ (beck@) libtls ~ shlib_version > Bump minors for symbol addition in libcrypto > ok jsing@ (beck@) ~ Symbols.list ~ tls.h ~ tls_util.c > Provide a tls_unload_file() function, that frees the memory returned from > a tls_load_file() call, ensuring that it the contents become inaccessible. > This is specifically needed on platforms where the library allocators may > be different from the application allocator. > ok beck@ (jsing@) ~ tls.c ~ tls_config.c ~ tls_internal.h ~ tls_server.c > Perform reference counting for tls_config. This allows tls_config_free() to > be called as soon as it has been passed to the final tls_configure() call, > simplifying lifetime tracking for the application. > Requested some time ago by tedu@. > ok beck@ (jsing@) ~ man/tls_load_file.3 > Document tls_unload_file(). (jsing@) ~ man/tls_init.3 > Be explicit about when it is safe to call tls_config_free(). > Discussed with beck@ (jsing@) ~ tls_util.c > BIO_free_all() and EVP_PKEY_free() can be called with NULL. (jsing@) ~ tls_util.c > Use freezero() for the tls_load_file() failure case, since we're > potentially dealing with key material. Also switch a calloc to malloc, > since we immediately copy the same amount of data to the newly allocated > buffer. (jsing@) == regress =========================================================== 03/05 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress lib ~ libssl/unit/ssl_versions.c > Add regress coverage for SSL{,_CTX}_set_{min,max}_proto_version(). (jsing@) ~ libcrypto/Makefile + libcrypto/hkdf/Makefile + libcrypto/hkdf/hkdf_test.c > Bring in HKDF, from BoringSSL, with regress tests modified to be > in C. Ride previous minor bump > ok tom@ inoguchi@ jsing@ (beck@) ~ libcrypto/free/freenull.c > Not much point using a failed variable here. (jsing@) ~ libcrypto/free/freenull.c > Sort/group functions. (jsing@) ~ libcrypto/free/freenull.c > Add more functions. (jsing@) ~ libtls/tls/tlstest.c > Free tls_configs earlier now that we have refcounting. (jsing@) ~ libtls/tls/Makefile ~ libtls/tls/tlstest.c > Move TLS test code into a function that is called from main, making it > easier for new tests to be added. (jsing@) ~ libssl/unit/tls_prf.c > Bring in an SSL_HANDSHAKE structure and commence the great shovelling > ok jsing@, gcc@, regress@ (beck@) ~ libtls/tls/tlstest.c > Split TLS client/server handshake and close code into separate functions > so that it can be reused. (jsing@) == sys =============================================================== 04/05 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys arch/arm64/arm64 ~ cpu.c > Now that we have a table of Cavium part numbers add the part number for > Broadcom's Vulcan design with a Cavium implementer code > (ThunderX2 T99/CN99xx). Suggested by kettenis@ (jsg@) ~ cpu.c > Print full MIDR for CPUs that can't be identified. > ok jsg@ (kettenis@) arch/arm64/conf ~ GENERIC ~ RAMDISK > Add rkgpio(4), a driver to handle GPIOs on Rockchip SoCs. (kettenis@) dev/fdt ~ sdhc_fdt.c > Configure pins and deassert resets, just in case some other board needs it. > (kettenis@) ~ rkclock.c ~ rkclock_clocks.h > Add a few GMAC related clocks and implement reset logic. (kettenis@) ~ rkclock.c > Remove unused local variable such that this actually compiles. (kettenis@) ~ files.fdt ~ rkpinctrl.c + rkgpio.c > Add rkgpio(4), a driver to handle GPIOs on Rockchip SoCs. (kettenis@) dev/pci ~ pucdata.c > add Moxa CP-104EL > ok kettenis@ (jmatthew@) kern ~ kern_sysctl.c > Do not export the protocol PCB pointer from kernel to non-root users > also in the IPv6 case. This fixes "netstat -An -f inet6 -p tcp" > and shows 0x0. > report and OK dhill@ (bluhm@) net ~ pf.c TAGGED OPENBSD_6_1 > Put back the call to pf_remove_src_node lost in the netlock backout > Reported by Remi Barbier, thanks! OK mpi@ (mikeb@) netinet ~ ip_ipip.c ~ ip_ipsp.c ~ ip_ipsp.h > Convert the xformsw definition to C99 style initializer. Also fix > the function declaration of ipe4_input() and avoid a wrong cast. > OK mikeb@ dhill@ (bluhm@) ~ tcp_input.c ~ udp_usrreq.c > Checking for IPv4 mapped addreses and dropping the packet is done > in ip6_input(). Do not check that again in the protocol input > functions. > OK mpi@ (bluhm@) netinet6 ~ raw_ip6.c > Checking for IPv4 mapped addreses and dropping the packet is done > in ip6_input(). Do not check that again in the protocol input > functions. > OK mpi@ (bluhm@) == usr.sbin ========================================================== 05/05 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin relayd ~ relayd.c > Convert explicit_bzero() + free() to freezero(). > OK reyk@, deraadt@ (previous version) (fcambus@) =============================================================================== _______________________________________________ odc mailing list [email protected] http://www.squish.net/mailman/listinfo/odc
