OpenBSD src changes summary for 2017-05-07 ==========================================
distrib/arm64 distrib/sets etc/netstart lib/libc lib/libssl lib/libtls regress/lib regress/usr.bin share/man sys/arch/amd64/amd64 sys/arch/arm64/stand/efiboot sys/arch/armv7/stand/efiboot sys/dev/fdt sys/dev/ic sys/net sys/sys usr.bin/mandoc usr.bin/openssl usr.bin/ssh usr.bin/tmux usr.sbin/installboot usr.sbin/ocspcheck == distrib =========================================================== 01/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib arm64 ~ miniroot/Makefile ~ ramdisk/install.md > Increase the offset from the start of the disk to the FAT filesystem > from sector 2048/1MB to sector 8192/4MB. > This gives enough space for a combined U-Boot and ATF FIT image for the > Firefly-RK3399. > Requested by and ok kettenis@ (jsg@) sets ~ lists/comp/mi > sync (jsg@) == etc =============================================================== 02/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/etc netstart ~ netstart > Replace hardcoded script name with ${0##*/} > OK tb@ halex@ (rpe@) ~ netstart > Change test from [] to [[]] and simplify pattern. > OK tb@, krw@ (for [[]]) > Feedback and OK halex@ (rpe@) == lib =============================================================== 03/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib libc ~ compat-43/killpg.c > Don't allow a negative process group ID, it would turn into a > process ID when negated. (millert@) ~ compat-43/killpg.3 > killpg() is covered by XSI so add a STANDARDS section to that effect > and document that handling of process group 0 is not specified by > the standard. (millert@) libssl ~ d1_both.c ~ d1_clnt.c ~ d1_pkt.c ~ d1_srvr.c ~ s3_lib.c ~ ssl.h ~ ssl_both.c ~ ssl_clnt.c ~ ssl_err.c ~ ssl_lib.c ~ ssl_locl.h ~ ssl_pkt.c ~ ssl_srvr.c ~ ssl_stat.c ~ t1_lib.c > Move state from ssl->internal to the handshake structure. > while we are at it, convert SSLerror to use a function > internally, so that we may later allocate the handshake > structure and check for it > ok jsing@ (beck@) ~ bs_cbb.c > Instead of starting a 'zero-sized' CBB at the size of the first addition > to the CBB, then doubling, start with an initial size of 64 bytes. Almost > all uses will exceed this size and we avoid multiple small recallocarray() > calls during the initial usage. > ok beck@ (jsing@) ~ s3_lib.c > Drop cipher suites with DSS authentication - there is no good reason to > keep these around. > ok beck@ (jsing@) libtls ~ tls.c > Return an error if tls_handshake() is called on a TLS context that has > already completed a TLS handshake. (jsing@) ~ tls_client.c ~ tls_internal.h > Ensure that a client context has been connected before attempting to > complete a TLS handshake. (jsing@) == regress =========================================================== 04/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress lib ~ libtls/tls/tlstest.c > An an initial sequencing/ordering test for libtls. (jsing@) ~ libtls/tls/tlstest.c > Add a test that calls tls_handshake() on a connection that has already > completed a TLS handshake. This should return a failure, but currently > succeeds (hence the regress currently fails). (jsing@) ~ libtls/tls/tlstest.c > Also test calling tls_handshake() on a server connection context that has > already completed a TLS handshake. (jsing@) ~ libtls/tls/tlstest.c > Add a (currently failing) call to tls_handshake() on a client context that > has not yet been connected. We expect this to fail, but it should fail > gracefully. (jsing@) ~ libssl/client/clienttest.c > Revise cipher suites in regress to match DSS cipher suite removal. (jsing@) usr.bin ~ mandoc/roff/Makefile + mandoc/roff/ta/Makefile + mandoc/roff/ta/basic-man.in + mandoc/roff/ta/basic-man.out_ascii + mandoc/roff/ta/basic-mdoc.in + mandoc/roff/ta/basic-mdoc.out_ascii > Basic implementation of the roff(7) .ta (define tab stops) request. > This is the first feature made possible by the parser reorganization. > Improves the formatting of the SYNOPSIS in many Xenocara GL manuals. > Also important for ports, as reported by many, including naddy@. > (schwarze@) == share ============================================================= 05/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share man ~ man7/man.7 > implement .DT in terms of .ta; needed for print/ghostview, for example > (schwarze@) == sys =============================================================== 06/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys arch/amd64/amd64 ~ vmm.c > further improvement to vmm fpu handling (support avx and avx2, block > avx512 and various xsave* instructions) > tested by many (mlarkin@) arch/arm64/stand/efiboot ~ conf.c ~ efiboot.c ~ fdt.c ~ fdt.h > Pass the address of the EFI system table and the EFI memory map through > properties in the /chosen node of the FDT. The properties match the ones > used by Linux (see Documentation/arm/uefi.txt in the Linux kernel source > tree) but with the "linux," prefix replaced by "openbsd,". > ok jmatthew@, tom@ (kettenis@) arch/armv7/stand/efiboot ~ fdt.c ~ fdt.h > Sync FDT code with arm64. (kettenis@) dev/fdt ~ if_dwge_fdt.c > Refactor this code to support the GMAC found on the Rockchip RK3399 > alongside > the GMAC found on the Allwinner A20/A31. > With this diff I can receive packets on the Firefly-RK3399. Unfortunately > sending packets doesn't seem to work yet. (kettenis@) dev/ic ~ dwc_gmac.c > Program hardware address in dwc_gmac_init() instead of dwc_gmac_attach() > such that "ifconfig dwge0 lladdr 00:11:22:33:44:55" actually works. > (kettenis@) net ~ fq_codel.c > Fix stage transition from the initial one to DROPPING > When the initial state is set to DROPPING, the code immediately > jumps to a CONTROL state bypassing DROPPING. To fix this we start > with an explicit INITIAL state so that we do an INITIAL->DROPPING > transition right off the bat in the beginning of the loop and > then perform a DROPPING->CONTROL and either CONTROL->DROPPING and > restart the loop or CONTROL->RECOVERY/ACCEPTING and terminate. (mikeb@) sys ~ mbuf.h > Backout previous as it's causing problems on architectures that align > 64 bit integers on an 8 byte boundary such as armv7. MHLEN calculation > doesn't account for padding bytes inserted by the compiler after m_hdr. > Found the hard way by kettenis@. (mikeb@) == usr.bin =========================================================== 07/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin mandoc ~ Makefile ~ man_term.c ~ mdoc_man.c ~ mdoc_term.c ~ roff.c ~ roff.h ~ roff_html.c ~ roff_term.c ~ roff_validate.c ~ term.c ~ term.h ~ term_ascii.c + term_tab.c > Basic implementation of the roff(7) .ta (define tab stops) request. > This is the first feature made possible by the parser reorganization. > Improves the formatting of the SYNOPSIS in many Xenocara GL manuals. > Also important for ports, as reported by many, including naddy@. > (schwarze@) ~ man_term.c > implement .DT in terms of .ta; needed for print/ghostview, for example > (schwarze@) openssl ~ Makefile > Limit -Werror to gcc4 as was done in libcrypto/libssl/libtls to avoid > failed builds with different compilers. > ok jsing@ (jsg@) ssh ~ sshd_config.5 ~ sshd.8 ~ ssh_config.5 ~ ssh_config ~ packet.c ~ cipher.c ~ cipher.h > As promised in last release announcement: remove support for > Blowfish, RC4 and CAST ciphers. ok markus@ deraadt@ (djm@) ~ myproposal.h > Don't offer CBC ciphers by default in the client. ok markus@ (djm@) ~ ssh-keygen.c ~ ssh-rsa.c ~ ssh.h ~ ssherr.c ~ ssherr.h ~ sshkey.c ~ sshkey.h > Refuse RSA keys <1024 bits in length. Improve reporting for keys that > do not meet this requirement. ok markus@ (djm@) tmux ~ input-keys.c ~ key-bindings.c ~ server-client.c ~ tmux.h ~ tty-keys.c ~ xterm-keys.c > Up to now, tmux sees \033\033[OA as M-Up and since we turned on > xterm-keys by default, generates \033[1;3A instead of > \033\033[OA. Unfortunately this confuses vi, which doesn't understand > xterm keys and now sees Escape+Up pressed within escape-time as Escape > followed by A. > The issue doesn't happen in xterm itself because it gets the keys from X > and can distinguish between a genuine M-Up and Escape+Up. > Because xterm can, tmux can too: xterm will give us \033[1;3A (that is, > kUP3) for a real M-Up and \033\033OA for Escape+Up - in fact, we can be > sure any \033 preceding an xterm key is a real Escape key press because > Meta would be part of the xterm key instead of a separate \033. > So change tmux to recognise both sequences as M-Up for its own purposes, > but generate the xterm version of M-Up only if it originally received > the xterm version from the terminal. > This means we will return to sending \033\033OA instead of the xterm key > for terminals that do not support xterm keys themselves, but there is no > practical way around this because they do not allow us to distinguish > between Escape+Up and M-Up. xterm style escape sequences are now the de > facto standard for these keys in any case. > Problem reported by jsing@ and subsequently by Cecile Tonglet in GitHub > issue 907. (nicm@) ~ format.c ~ tmux.1 ~ tmux.h ~ window-choose.c ~ window-clock.c ~ window-copy.c > Add a format for the name of the pane's mode, lets it be used as a > conditional for key bindings. (nicm@) == usr.sbin ========================================================== 08/08 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin installboot ~ Makefile ~ armv7_installboot.c > Add arm64 support. > ok tom@ (kettenis@) ocspcheck ~ Makefile > Limit -Werror to gcc4 as was done in libcrypto/libssl/libtls to avoid > failed builds with different compilers. > ok jsing@ (jsg@) =============================================================================== _______________________________________________ odc mailing list [email protected] http://www.squish.net/mailman/listinfo/odc
