OpenBSD src changes summary for 2017-07-05 ==========================================
Makefile bin/ed lib/libc lib/libcrypto lib/libkeynote lib/libssl lib/libtls regress/bin regress/lib regress/sbin sbin/dhclient sbin/ping sbin/slaacd share/man share/mk sys/arch/amd64/amd64 sys/arch/arm64/conf sys/arch/armv7/conf sys/dev/pci sys/net sys/netinet sys/netinet6 usr.bin/mandoc usr.bin/vi usr.sbin/dhcrelay usr.sbin/hostapd usr.sbin/syslogd == Makefile ========================================================== 01/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/Makefile Makefile > bye bye depends > okay tb@ deraadt@ (espie@) == bin =============================================================== 02/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/bin ed ~ ed.1 > nits about trailing punctuation found with mandoc -Tlint (schwarze@) == lib =============================================================== 03/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib libc ~ sys/pledge.2 > fix cross references to self; found with mandoc -Tlint (schwarze@) ~ string/strmode.3 > void functions don't return 0 > From Klemens Nanni (tb@) libcrypto ~ man/X509V3_get_d2i.3 ~ man/X509v3_get_ext_by_NID.3 > fix cross references to self; found with mandoc -Tlint (schwarze@) ~ x509v3/x509v3.h ~ x509v3/v3_purp.c TAGGED OPENBSD_6_1 > MFC: > Distinguish between self-issued certificates and self-signed certificates. > The certificate verification code has special cases for self-signed > certificates and without this change, self-issued certificates (which it > seems are common place with openvpn/easyrsa) were also being included in > this category. > ok inoguchi@ (jsing@) libkeynote ~ keynote.3 > fix cross references to self; found with mandoc -Tlint (schwarze@) libssl ~ man/SSL_CIPHER_get_name.3 ~ man/SSL_num_renegotiations.3 > fix cross references to self; found with mandoc -Tlint (schwarze@) ~ man/SSL_CTX_set_tmp_dh_callback.3 > nits about trailing punctuation found with mandoc -Tlint (schwarze@) libtls ~ tls_server.c > RFC 6066 states that IP literals are not permitted in "HostName" for a > TLS Server Name extension, however seemingly several clients (including > Python, Ruby and Safari) violate the RFC. Given that this is a fairly > widespread issue, if we receive a TLS Server Name extension that contains > an IP literal, pretend that we did not receive the extension rather than > causing a handshake failure. > Issue raised by jsg@ > ok jsg@ (jsing@) == regress =========================================================== 04/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress bin ~ ksh/edit/emacs.sh ~ ksh/edit/subr.sh > Add tests for file completion in ksh emacs mode, currently failing. > While here, pass the v option to hexdump in order to output all data. > (anton@) ~ ksh/edit/emacs.sh ~ ksh/edit/subr.sh > Revert previously added tests for file completion that are currently > failing. > Prodded by bluhm@ (anton@) ~ ksh/edit/emacs.sh ~ ksh/edit/vi.sh > Favor a UID-agnostic prompt in ksh edit mode tests. Allows the tests to > pass > when executed as root. > Spotted by bluhm@ (anton@) lib ~ libedit/Makefile.inc ~ libedit/chared/Makefile ~ libedit/chared/test_gets.c ~ libedit/keymacro/test_get.c ~ libedit/read/Makefile ~ libedit/read/glue.c ~ libedit/read/test_getcmd.c ~ libedit/read/test_read_char.c ~ libedit/read/test_read_char.sh ~ libedit/readline/history.c > Implement the generated dependency with a stamp file to avoid needless > recompiling of the test programs. Add some RCS ids. (bluhm@) sbin ~ isakmpd/Makefile.inc > Implement the generated dependency with a stamp file to avoid needless > recompiling of the test programs. Add some RCS ids. (bluhm@) == sbin ============================================================== 05/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin dhclient ~ clparse.c ~ dhclient.c ~ dhcpd.h > Remove knowledge of struct interface_info from clparse.c. Just > pass the interface name and the TAILQ to put static leases into. > Add a TAILQ for static leases to struct client_config to hold the > static leases until it's time to add them to ifi. > Add add_lease() to add leases to a TAILQ while checking for > leases that are superseded by the new lease. (krw@) ping ~ ping.c > remove useless (void)printf casts, diff from Klemens Nanni, massaged > by me. (florian@) slaacd ~ engine.c > Validate prefix information in router advertisements according to RFC > 4862 Section 5.5.3. > This very likely solves the problem of slaacd generating privacy > addresses at a very high rate as reported by Matthias Schmidt on > bugs@; thanks! > The problem is that we constantly generate new privacy addresses if we > receive a router advertisement with a pltime of 0 since that address > will immediately be deprecated. > This needs revisiting since we will run into the same problem with > other low pltimes. (florian@) == share ============================================================= 06/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share man ~ man9/socreate.9 > fix cross references to self; found with mandoc -Tlint (schwarze@) ~ man7/mdoc.7 ~ man7/roff.7 > nits about trailing punctuation found with mandoc -Tlint (schwarze@) mk ~ bsd.README > document that we're no longer using 'make depend' (espie@) ~ bsd.dep.mk > based on florian@'s observation and guenther@'s work in kernel makefiles. > don't include .d files during obj and cleanup, because those files might > be utterly bogus following an untimely reboot. > This allows cleaning stuff up without needing to manually remove those > files. > okay millert@, kettenis@ (espie@) ~ bsd.sys.mk ~ sys.mk > make use of (f)lex -o option to create unique temporary files, so that > make -j will be happier. > okay millert@ (espie@) == sys =============================================================== 07/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys arch/amd64/amd64 ~ db_trace.c > Comments are lying. (mpi@) arch/arm64/conf ~ RAMDISK > Enable NFSCLIENT to let installation over NFS work. > OK kettenis@, deraadt@ (visa@) arch/armv7/conf ~ RAMDISK > Enable NFSCLIENT to let installation over NFS work. > OK kettenis@, deraadt@ (visa@) dev/pci ~ pcidevs > Add Intel Braswell Sensor Hub device. (kettenis@) ~ pcidevs.h ~ pcidevs_data.h > regen (kettenis@) ~ drm/drmP.h ~ drm/drm_linux.c ~ drm/drm_linux.h ~ drm/i915/i915_drv.c ~ drm/i915/i915_drv.h ~ drm/i915/intel_panel.c ~ drm/radeon/atombios_encoders.c ~ drm/radeon/radeon_legacy_encoders.c > Fix native/raw backlight support in inteldrm(4). (kettenis@) net ~ pf_ioctl.c > Convert pf tagname malloc(9) into pool_get(9) to make it MP safe. > While there use TAILQ_FOREACH macro for traversing tags. > OK mpi@ (bluhm@) netinet ~ ip_input.c ~ ip_ipip.c ~ ipsec_input.c > The IP in IP input function strips the outer header and reinserts > the inner IP packet into the internet queue. The IPv6 local delivery > code has a loop to deal with header chains. The idea is to use > this loop and avoid the queueing and rescheduling. The IPsec packet > will be processed in a single flow. > Merge the IP deliver loop from both IP versions into a single > ip_deliver() function that can handle both addresss families. This > allows to process an IP in IP header like a normal extension header. > If af != AF_UNSPEC, we are already in a deliver loop and have the > kernel look. Then we can just return the next protocol. Otherwise > we enqueue. The dequeue thread has the kernel lock and starts an > IP delivery loop. > OK mpi@ (bluhm@) ~ ip_input.c > Fix RAMDISK build. > OK bluhm@ (visa@) netinet6 ~ nd6_nbr.c > If we are sending a neighbor solicitation for a link local address > send it with a link local source address as well. > This helps upstream routers with their own source address > selection. > A reoccurring scenario is: > - gateway on fe80::1%if > - the gateway does not have an IP in the same prefix as our global address > When we want to talk to the outside world we first need to resolve the > gateway. We copy the source address from our outgoing packet to the > neighbor solicitation packet (a global address) and ask for layer2 > information of a link local address. > The upstream router now needs to do source address selection of it's > own. Since we are coming from a global address and there is no address > from the same prefix the router uses another global address lying > around. > We then drop this with "ND packet from non-neighbor". > Reported over the years by a few people, most recently by Marc Peters > on bugs@ who confirmed that this fixes the problem. > OK stsp@, mpi@ (florian@) ~ ip6_input.c ~ ip6_var.h > The IP in IP input function strips the outer header and reinserts > the inner IP packet into the internet queue. The IPv6 local delivery > code has a loop to deal with header chains. The idea is to use > this loop and avoid the queueing and rescheduling. The IPsec packet > will be processed in a single flow. > Merge the IP deliver loop from both IP versions into a single > ip_deliver() function that can handle both addresss families. This > allows to process an IP in IP header like a normal extension header. > If af != AF_UNSPEC, we are already in a deliver loop and have the > kernel look. Then we can just return the next protocol. Otherwise > we enqueue. The dequeue thread has the kernel lock and starts an > IP delivery loop. > OK mpi@ (bluhm@) == usr.bin =========================================================== 08/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin mandoc ~ eqn.c ~ eqn_html.c ~ eqn_term.c ~ mandoc.h ~ tree.c > The EQN_LISTONE box type is pointless. > Simplify by just using EQN_LIST with expectargs = 1. > Noticed while investigating a bug report from bentley@. > No functional change. (schwarze@) vi ~ docs/USD.doc/vi.man/vi.1 > nits about trailing punctuation found with mandoc -Tlint (schwarze@) ~ docs/USD.doc/vi.man/vi.1 > avoid double space caused by end-of-sentence detection; requested by jmc@ > (schwarze@) == usr.sbin ========================================================== 09/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin dhcrelay ~ dhcrelay.c > Don't stop logging to stderr when running in foreground with -d. > Pointed out by Kapetanakis Giannis (reyk@) hostapd ~ Makefile > forgot to commit this one (espie@) syslogd ~ syslogd.8 > Some documentation improvements: > - Fix TLS s/server/client/ > - Use 'remote loghost' consistently, even if it's not clear to which > endpoint this correspond. > - Replace 'forwarding' by 'sending' to remove the ambiguity about the > inserted hostname. > - Do not use the word 'server' with 'socket' to avoid confusion with > a TLS server. > - Prefer 'senders' than 'clients' when it comes to spoofing, to reduce > one usage of the word 'client. > ok jmc@, bluhm@ (mpi@) =============================================================================== _______________________________________________ odc mailing list [email protected] http://www.squish.net/mailman/listinfo/odc
