OpenBSD src changes summary for 2017-11-28 ==========================================
include/dlfcn.h include/tib.h lib/libc lib/libcrypto lib/libssl libexec/ld.so regress/lib regress/sys sbin/disklabel sbin/pfctl share/man sys/arch/amd64/amd64 sys/arch/i386/i386 sys/dev/ic sys/dev/pci sys/kern sys/net sys/netinet sys/netinet6 sys/sys usr.bin/dc usr.bin/kdump usr.bin/mandoc usr.bin/nc usr.bin/ssh usr.sbin/httpd usr.sbin/ocspcheck usr.sbin/relayd usr.sbin/vmd == include =========================================================== 01/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/include dlfcn.h ~ dlfcn.h > Implement a DL_REFERENCE dlctl. To be used by the upcoming > __cxa_thread_atexit() implementation. > ok guenther@ (kettenis@) tib.h ~ tib.h > Add a member to be used by __cxa_thread_atexit(). Remove padding which > would > now misalign things. > ok guenther@ (kettenis@) == lib =============================================================== 02/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib libc ~ sys/Makefile.inc ~ sys/ktrace.2 > Delete fktrace(2). The consequences of it were not thought through > sufficiently and at least one horrific security hole was the result. > ok deraadt@ beck@ (guenther@) ~ arch/i386/string/strcat.S ~ arch/i386/string/strcpy.S ~ compat-43/getwd.c ~ stdio/mktemp.c ~ stdio/sprintf.c ~ stdio/tempnam.c ~ stdio/tmpnam.c ~ stdio/vsprintf.c ~ stdlib/rand.c ~ stdlib/random.c ~ string/stpcpy.c ~ string/strcat.c ~ string/strcpy.c ~ string/wcscat.c ~ string/wcscpy.c > GNU ld has prefixed the contents of .gnu.warning.SYMBOL sections > with "warning: " since 2003, so the messages themselves need not > contain the prefix anymore. > From Scott Cheloha > ok jca, deraadt (tb@) ~ net/getnetent.3 > Add the missing STANDARDS section (kettenis@ noticed that these are > POSIX functions) and turn the weird DIAGNOSTICS section into a normal > RETURN VALUES section while here. (schwarze@) libcrypto ~ evp/evp_enc.c > GNU ld has prefixed the contents of .gnu.warning.SYMBOL sections > with "warning: " since 2003, so the messages themselves need not > contain the prefix anymore. > From Scott Cheloha > ok jca, deraadt (tb@) ~ asn1/evp_asn1.c > Rewrite ASN1_TYPE_{get,set}_octetstring() using templated ASN.1. > This removes the last remaining use of the old M_ASN1_* macros (asn1_mac.h) > from API that needs to continue to exist. > ok beck@ inoguchi@ (jsing@) libssl ~ bs_cbb.c ~ bytestring.h > Add CBB_discard_child(), which allows for a child CBB to be discarded. > Based on BoringSSL. (jsing@) ~ ssl_tlsext.c > Correct TLS extensions handling when no extensions are present. > If no TLS extensions are present in a client hello or server hello, omit > the entire extensions block, rather than including it with a length of > zero. > ok beck@ inoguchi@ (jsing@) == libexec =========================================================== 03/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/libexec ld.so ~ dlfcn.c > Implement a DL_REFERENCE dlctl. To be used by the upcoming > __cxa_thread_atexit() implementation. > ok guenther@ (kettenis@) == regress =========================================================== 04/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress lib ~ libssl/bytestring/bytestringtest.c > Add regress for CBB_discard_child(). > Converted from BoringSSL. (jsing@) ~ libssl/tlsext/tlsexttest.c > Add regress test coverage for building clienthello and serverhello > extensions, both with extensions being present and not present. The not > present case currently fails. (jsing@) ~ libcrypto/asn1/Makefile + libcrypto/asn1/asn1evp.c > Add regress coverage for ASN1_TYPE_{get,set}_int_octetstring() (jsing@) sys ~ kern/pledge/pledgepath/syscalls.c > copyright (beck@) == sbin ============================================================== 05/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin disklabel ~ editor.c > in auto-allocation, increase size of /usr/src to 1.3G. > Our tree is now 1.1G big. > ok florian@, sure deraadt@ (benno@) pfctl ~ parse.y ~ pfctl_parser.c > The divert structure was using the port number to indicate that > divert-to or divert-reply was active. If the address was also set, > it meant divert-to. Divert packet used a separate structure. This > is confusing and makes it hard to add new features. It is better > to have a divert type that explicitly says what is configured. > Adapt the pf rule struct in kernel and pfctl, no functional change. > Note that kernel and pfctl have to be updated together. > OK sashan@ (bluhm@) == share ============================================================= 06/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share man ~ man9/VOP_LOOKUP.9 > Correct the description for VOP_RENAME to reflect that tvp is unlocked > on exit. > ok mpi@ (helg@) ~ man9/VOP_LOOKUP.9 > zap trailing whitespace, and zap some Tn while here; (jmc@) == sys =============================================================== 07/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys arch/amd64/amd64 ~ vmm.c > better handling for invalid instruction lengths. > ok beck@, ccardenas@ (mlarkin@) arch/i386/i386 ~ vmm.c > better handling for invalid instruction lengths. > equivalent amd64 version (already committed) was ok beck@, ccardenas@ > (mlarkin@) ~ vmm.c > fix some clang warnings when building with VMM_DEBUG. Matches a previous > commit to the amd64 version of this file (mlarkin@) dev/ic ~ ar5008reg.h > In athn(4), fix a comment which misidentifies the field where RSSI > values occur. Add macros to access RSSI info in ds_status4 as well. > ok kevlo@ (stsp@) ~ ar5008.c ~ athnreg.h > The athn(4) PCI driver forgot about adding the default noisefloor to > measured RSSI values. The same is already done for USB devices. > RSSI values shown in ifconfig make sense now. > ok kevlo@ (stsp@) dev/pci ~ drm/i915/i915_gem.c > Use mutex_trylock() rather than mixing Linux APIs with OpenBSD ones. > ok kettenis@ (mpi@) ~ drm/i915/intel_uncore.c > Silence the "Unclaimed register before interrupt" errors. While these do > indicate a bug somewhere, it is unlikely to be in the OpenBSD glue code. > There are reports that these go away in newer Linux code anyway. > Stops claudio@ from whining. (kettenis@) ~ files.pci + if_ixl.c + if_ixlreg.h > add ixl(4) for the "Intel Ethernet 700 Series" > this doesn't work yet, but it very recently got too big to hack on > without cvs to help me manage further changes to it. > ok deraadt@ (dlg@) ~ if_ixlreg.h > add missing $OpenBSD$ tag (dlg@) ~ if_ixl.c > remove the #if 0ed out ixl_add_veb now that cvs has backed it up > im pretty sure we dont need it if we're just using the chip as a > single ethernet port. (dlg@) ~ files.pci > refer to ixl as "Intel Ethernet 700 Series" > calling it intel 40g is less correct because the same driver is used for > 10g and 25g parts as well. (dlg@) kern ~ syscalls.master ~ kern_ktrace.c > Delete fktrace(2). The consequences of it were not thought through > sufficiently and at least one horrific security hole was the result. > ok deraadt@ beck@ (guenther@) ~ init_sysent.c ~ syscalls.c > sync (guenther@) ~ kern_exit.c > deadproc_mutex is only taken _before_ kernel_lock; exclude it from > WITNESS checking as (our) witness code isn't smart enough to let that by. > ok visa@ (guenther@) ~ kern_sched.c > Raise the IPL of the sbar taskq to avoid lock order issues > with the kernel lock. > Fixes a deadlock seen by Hrvoje Popovski and dhill@. > OK mpi@, dhill@ (visa@) net ~ pf.c ~ pf_ioctl.c ~ pfvar.h > The divert structure was using the port number to indicate that > divert-to or divert-reply was active. If the address was also set, > it meant divert-to. Divert packet used a separate structure. This > is confusing and makes it hard to add new features. It is better > to have a divert type that explicitly says what is configured. > Adapt the pf rule struct in kernel and pfctl, no functional change. > Note that kernel and pfctl have to be updated together. > OK sashan@ (bluhm@) netinet ~ raw_ip.c > The divert structure was using the port number to indicate that > divert-to or divert-reply was active. If the address was also set, > it meant divert-to. Divert packet used a separate structure. This > is confusing and makes it hard to add new features. It is better > to have a divert type that explicitly says what is configured. > Adapt the pf rule struct in kernel and pfctl, no functional change. > Note that kernel and pfctl have to be updated together. > OK sashan@ (bluhm@) netinet6 ~ ip6_forward.c > Fix mbuf leak when an interface is destroyed while forwarding IPv6 > packets. > Found by Hrvoje Popovski. > ok visa@, bluhm@ (mpi@) ~ raw_ip6.c > The divert structure was using the port number to indicate that > divert-to or divert-reply was active. If the address was also set, > it meant divert-to. Divert packet used a separate structure. This > is confusing and makes it hard to add new features. It is better > to have a divert type that explicitly says what is configured. > Adapt the pf rule struct in kernel and pfctl, no functional change. > Note that kernel and pfctl have to be updated together. > OK sashan@ (bluhm@) sys ~ syscall.h ~ syscallargs.h > sync (guenther@) ~ ktrace.h > fktrace(2) has been removed (guenther@) == usr.bin =========================================================== 08/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin dc ~ dc.1 > document that the 'e' command is non-portable; from kshe; ok jmc@ (otto@) ~ bcode.c > garbage collect a few functions that are not really needed; from kshe > (otto@) ~ bcode.c > zap dead stores; prompted by a diff from kshe (otto@) ~ bcode.c > zap newline in warn(); from kshe (otto@) kdump ~ kdump.c > Need to remove fktrace here too > Noted by Andreas Kusalananda Kähäri (andreas.kahari(at)icm.uu.se) > (guenther@) mandoc ~ mandoc.1 > duplicate word, found by igor(1) (schwarze@) nc ~ nc.1 ~ netcat.c > Allow TLS ciphers and protocols to be specified for nc(1). > Replace the "tlscompat" and "tlsall" options with "cipher" and "protocol" > options that are key/value pairs. This allows the user to specify ciphers > and protocols in a form that are accepted by tls_config_set_ciphers() and > tls_config_set_protocols() respectively. > ok beck@ > (also ok jmc@ for a previous revision of the man page). (jsing@) ssh ~ umac.c > whitespace at EOL (djm@) ~ umac.c > more whitespace errors (djm@) ~ sftp-client.c > Have sftp print a warning about shell cleanliness when decoding the first > packet fails, which is usually caused by shells polluting stdout of > non-interactive starups. bz#2800, ok markus@ deraadt@. (dtucker@) == usr.sbin ========================================================== 09/09 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin httpd ~ httpd.conf.5 ~ server.c > Disable oscp stapling on invalid staple, rather than failing to start. > ok claudio@ florian@ (beck@) ~ httpd.conf.5 > tweak previous; (jmc@) ocspcheck ~ ocspcheck.8 ~ ocspcheck.c > Add option -i to allow oscpcheck to be used to validate an on-disk staple > ok claudio@ benno@ (beck@) relayd ~ relay.c > Add space between to and read like in other DPRINTFs. (claudio@) ~ ca.c > relay_load_fd() is no longer clobering errno in the error case so use > fatal() instead of fatalx() (claudio@) ~ relay.c ~ relayd.h > In TLS inspection mode we also need to keep the server tls object around. > For this we need to add an additional pointer to the ctl_relay_event. > Diff from Petri Mikkila (pmikkila at gmail) > OK benno@ (claudio@) ~ relay.c ~ relayd.h > Introduce relay_reset_event() which closes and resets a relay connection. > Currently this is only used by relay_close() but will be needed in near > future. > OK benno@ (claudio@) ~ relayd.h > One less lie in comments (claudio@) vmd ~ vm.c > fix some spelling errors in a few comments (mlarkin@) ===============================================================================
_______________________________________________ odc mailing list [email protected] http://www.squish.net/mailman/listinfo/odc
