OpenBSD src changes summary for 2015-06-14 to 2015-06-21 inclusive ==================================================================
bin/csh distrib/sets etc/etc.amd64/sysctl.conf etc/etc.i386/sysctl.conf etc/etc.octeon/MAKEDEV etc/etc.zaurus/sysctl.conf etc/rc.d/rc.subr etc/root/root.mail etc/signify/openbsd-59-base.pub etc/signify/openbsd-59-fw.pub etc/signify/openbsd-59-pkg.pub gnu gnu/usr.bin/binutils-2.17 lib/libc lib/libcrypto lib/libssl lib/libtls regress/bin regress/lib regress/libexec regress/usr.bin regress/usr.sbin sbin/pfctl share/man share/misc share/mk share/zoneinfo sys/arch/armv7/exynos sys/arch/armv7/vexpress sys/arch/aviion/stand/boot sys/arch/landisk/stand/boot sys/arch/landisk/stand/xxboot sys/arch/macppc/stand/tbxidata sys/arch/mips64/mips64 sys/arch/sgi/xbow sys/arch/sparc/conf sys/arch/sparc/dev sys/arch/sparc/stand/boot sys/arch/sparc64/dev sys/arch/vax/vax sys/conf sys/dev sys/dev/ic sys/dev/microcode sys/dev/pci sys/dev/rasops sys/dev/sbus sys/dev/usb sys/kern sys/lib/libsa sys/net sys/netinet sys/netinet6 sys/netmpls sys/nfs sys/sys sys/uvm usr.bin/diff usr.bin/file usr.bin/netstat usr.bin/openssl usr.bin/rcs usr.bin/ssh usr.bin/tmux usr.sbin/bgpd usr.sbin/httpd usr.sbin/quot usr.sbin/sensorsd usr.sbin/syslogd == bin =============================================================== 01/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/bin csh ~ lex.c > delete completely bogus (floating? was there an old variable decl > in the past?) comment about FILEC > noted by Peter Brottveit Bock (deraadt@) ~ Makefile ~ const.c ~ csh.h ~ extern.h ~ file.c ~ glob.c ~ lex.c ~ set.c > remove -DFILEC; code does not compile for the -UFILEC case, and anyways, > who wants csh without FILEC?? > from Peter Brottveit Bock, but redone using unifdef (deraadt@) ~ lex.c > stray char jumped in (deraadt@) == distrib =========================================================== 02/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib sets ~ lists/man/mi > sync (deraadt@) ~ lists/base/md.alpha ~ lists/base/md.amd64 ~ lists/base/md.armish ~ lists/base/md.armv7 ~ lists/base/md.aviion ~ lists/base/md.hppa ~ lists/base/md.hppa64 ~ lists/base/md.i386 ~ lists/base/md.landisk ~ lists/base/md.loongson ~ lists/base/md.luna88k ~ lists/base/md.macppc ~ lists/base/md.octeon ~ lists/base/md.sgi ~ lists/base/md.socppc ~ lists/base/md.sparc ~ lists/base/md.sparc64 ~ lists/base/md.vax ~ lists/base/md.zaurus ~ lists/comp/md.alpha ~ lists/comp/md.amd64 ~ lists/comp/md.armish ~ lists/comp/md.armv7 ~ lists/comp/md.aviion ~ lists/comp/md.hppa ~ lists/comp/md.hppa64 ~ lists/comp/md.i386 ~ lists/comp/md.landisk ~ lists/comp/md.loongson ~ lists/comp/md.luna88k ~ lists/comp/md.macppc ~ lists/comp/md.octeon ~ lists/comp/md.sgi ~ lists/comp/md.socppc ~ lists/comp/md.sparc ~ lists/comp/md.sparc64 ~ lists/comp/md.vax ~ lists/comp/md.zaurus > sync (deraadt@) ~ lists/base/mi > sync (deraadt@) ~ lists/base/md.alpha ~ lists/base/md.amd64 ~ lists/base/md.armish ~ lists/base/md.armv7 ~ lists/base/md.aviion ~ lists/base/md.hppa ~ lists/base/md.hppa64 ~ lists/base/md.i386 ~ lists/base/md.landisk ~ lists/base/md.loongson ~ lists/base/md.luna88k ~ lists/base/md.macppc ~ lists/base/md.octeon ~ lists/base/md.sgi ~ lists/base/md.socppc ~ lists/base/md.sparc ~ lists/base/md.sparc64 ~ lists/base/md.vax ~ lists/base/md.zaurus ~ lists/base/mi ~ lists/comp/mi > sync (deraadt@) ~ lists/base/md.alpha ~ lists/base/md.amd64 ~ lists/base/md.armish ~ lists/base/md.armv7 ~ lists/base/md.aviion ~ lists/base/md.hppa ~ lists/base/md.hppa64 ~ lists/base/md.i386 ~ lists/base/md.landisk ~ lists/base/md.loongson ~ lists/base/md.luna88k ~ lists/base/md.macppc ~ lists/base/md.octeon ~ lists/base/md.sgi ~ lists/base/md.socppc ~ lists/base/md.sparc ~ lists/base/md.sparc64 ~ lists/base/md.vax ~ lists/base/md.zaurus ~ lists/comp/mi ~ lists/man/mi > sync (deraadt@) ~ lists/base/mi > sync (deraadt@) == etc =============================================================== 03/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/etc etc.amd64/sysctl.conf ~ etc.amd64/sysctl.conf > Typos in comments; Ville Valkonen (miod@) etc.i386/sysctl.conf ~ etc.i386/sysctl.conf > Typos in comments; Ville Valkonen (miod@) etc.octeon/MAKEDEV ~ etc.octeon/MAKEDEV > sync (deraadt@) etc.zaurus/sysctl.conf ~ etc.zaurus/sysctl.conf > Typos in comments; Ville Valkonen (miod@) rc.d/rc.subr ~ rc.d/rc.subr > Really make daemon_class read-only; it's set to "daemon" of a matching > login class. (ajacoutot@) root/root.mail ~ root/root.mail > crank to 5.8-beta (deraadt@) ~ root/root.mail > I'm afraid it will be a sunday. (miod@) signify/openbsd-59-base.pub + signify/openbsd-59-base.pub > 5.9 base key (deraadt@) signify/openbsd-59-fw.pub + signify/openbsd-59-fw.pub > add 5.9 firmware key (sthen@) signify/openbsd-59-pkg.pub + signify/openbsd-59-pkg.pub > add 5.9 packages key (naddy@) == gnu =============================================================== 04/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/gnu gnu ~ gcc/gcc/c-decl.c > Don't error out when an existing typedef is redefined with the same > definition; > this is allowed in C11 and 3rd-party software is relying upon this to be > accepted by the compiler. > Nevertheless warn about this if -pedantic. > ok ajacoutot@ deraadt@ millert@ (miod@) ~ gcc/gcc/cfgexpand.c > Fix stack shuffle such that sj includes si and the last element actually > gets a chance to be reordered. (martynas@) usr.bin/binutils-2.17 ~ ld/emulparams/elf64btsmip_obsd.sh ~ ld/emulparams/elf64ltsmip_obsd.sh > Do not provide extra _fdata and __data_start symbols; nothing in the > non-mips32 > world uses them. (miod@) == lib =============================================================== 05/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib libc ~ arch/amd64/SYS.h ~ arch/amd64/sys/Ovfork.S ~ arch/amd64/sys/brk.S ~ arch/amd64/sys/exect.S ~ arch/amd64/sys/sbrk.S ~ arch/amd64/sys/sigpending.S ~ arch/amd64/sys/sigprocmask.S ~ arch/amd64/sys/sigreturn.S ~ arch/amd64/sys/sigsuspend.S ~ arch/amd64/sys/syscall.S > Set FUNC symbol sizes of auto-generated and hand-written syscall wrappers. > Original diff from guenther@, adjusted by me. > OK guenther@ (uebayasi@) ~ string/strtok.c > Remove needless casts. There's no reason to cast delim to char * > when we can just make spanp const char * to match it. OK deraadt@ > (millert@) ~ gen/ttyname.c > Tweak whitespace and remove dangling, unneeded "else". > No functional change. (jca@) ~ asr/asr_debug.c ~ asr/asr_private.h ~ asr/res_send_async.c > Rename print_sockaddr() to avoid symbol visibility problems > print_sockaddr is internal to asr, and conflicts with ports/net/samba4. > ok eric@ (jca@) ~ shlib_version > Bump major after {,asr_}print_sockaddr() renaming. (jca@) ~ stdlib/merge.c > Just return if nmemb is 0. Avoids a NULL dereference and is > consistent with the behavior of the other libc sort functions. > OK deraadt@ (millert@) libcrypto ~ cert.pem > add DST Root CA X3 certificate, already present in most browser cert > stores. > "O=Digital Signature Trust Co., CN=DST Root CA X3". This CA is cross > signing > the issuing intermediates for letsencrypt.org so is expected to be > important > for at least ports distfile fetching in the future. ok ajacoutot@ juanfra@ > (sthen@) ~ crypto/arch/alpha/opensslconf.h ~ crypto/arch/amd64/opensslconf.h ~ crypto/arch/arm/opensslconf.h ~ crypto/arch/hppa/opensslconf.h ~ crypto/arch/hppa64/opensslconf.h ~ crypto/arch/i386/opensslconf.h ~ crypto/arch/m88k/opensslconf.h ~ crypto/arch/mips64/opensslconf.h ~ crypto/arch/powerpc/opensslconf.h ~ crypto/arch/sh/opensslconf.h ~ crypto/arch/sparc/opensslconf.h ~ crypto/arch/sparc64/opensslconf.h ~ crypto/arch/vax/opensslconf.h > Disable ENGINE_load_dynamic (dynamic engine support). > We do not build, test or ship any dynamic engines, so we can remove the > dynamic > engine loader as well. This leaves a stub initialization function in its > place. > ok beck@, reyk@, miod@ (bcook@) ~ crypto/Makefile ~ man/Makefile > Remove obsolete MDC-2DES from libcrypto. > ok deraadt@ jsing@ miod@ (doug@) ~ crypto/shlib_version > Crank major for libcrypto, ssl and tls due to MDC-2DES removal. > ok miod@ jsing@ (doug@) libssl ~ src/doc/ssl/SSL_CTX_set_options.3 > Update SSL_OP_* to remove ancient hacks that are no longer enabled. (doug@) ~ src/doc/ssl/SSL_CTX_set_options.3 ~ src/ssl/s3_srvr.c > Remove 1997's compat hack SSL_OP_SSLEAY_080_CLIENT_DH_BUG. > This is a hack for an old version of SSLeay which predates OpenSSL. (doug@) ~ src/doc/ssl/SSL_CTX_set_options.3 ~ src/ssl/s3_srvr.c > Remove ancient compat hack SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG. > This was imported into OpenSSL from SSLeay. It was recently deleted > in OpenSSL commit 7a4dadc3a6a487db92619622b820eb4f7be512c9 (doug@) ~ src/doc/ssl/SSL_CTX_set_options.3 ~ src/ssl/d1_srvr.c ~ src/ssl/s3_clnt.c ~ src/ssl/s3_srvr.c > Remove ancient SSL_OP_NETSCAPE_CA_DN_BUG from SSLeay days. > This commit matches the OpenSSL removal in commit > 3c33c6f6b10864355553961e638514a6d1bb00f6. > ok deraadt@ (doug@) ~ src/ssl/bs_ber.c ~ src/ssl/bs_cbs.c ~ src/ssl/bytestring.h > Make CBS_get_any_asn1_element() more compliant with DER encoding. > CBS_get_any_asn1_element violates DER encoding by allowing indefinite > form. All callers except bs_ber.c expect DER encoding. The callers > must check to see if it was indefinite or not. > Rather than exposing all callers to this behavior, > cbs_get_any_asn1_element_internal() allows specifying whether you want to > allow the normally forbidden indefinite form. This is used by > CBS_get_any_asn1_element() for strict DER encoding and by a new static > function in bs_ber.c for the relaxed version. > While I was here, I added comments to differentiate between ASN.1 > restrictions and CBS limitations. > ok miod@ (doug@) ~ src/ssl/bs_cbs.c ~ src/ssl/bytestring.h > Simplify cbs_get_any_asn1_element_internal based on comments from jsing@ > (doug@) ~ src/ssl/bs_ber.c ~ src/ssl/bytestring.h > Be more strict about BER and DER terminology. > bs_ber.c does not convert BER to DER. It's a hack to convert a DER-like > encoding with one violation (indefinite form) to strict DER. Rename > the functions to reflect this. > ok miod@ jsing@ (doug@) ~ src/ssl/ssl.h > Cleanup SSL_OP_* compat flags in ssl.h. > These were recently removed and are now set to 0: > SSL_OP_NETSCAPE_CA_DN_BUG > SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG > SSL_OP_SSLEAY_080_CLIENT_DH_BUG > The code associated with these was deleted in the past at some point > and these are also now 0: > SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION > SSL_OP_EPHEMERAL_RSA > SSL_OP_MICROSOFT_SESS_ID_BUG > SSL_OP_NETSCAPE_CHALLENGE_BUG > SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG > The SSL_OP_ALL macro has been updated to reflect the removals. > ok miod@ jsing@ (doug@) ~ src/ssl/bs_cbs.c ~ src/ssl/bytestring.h > Add a new function CBS_offset() to report the current offset in the data. > "why not" miod@, sure jsing@ (doug@) ~ src/ssl/bs_cbs.c ~ src/ssl/bytestring.h > Add CBS_write_bytes() to copy the remaining CBS bytes to the caller. > This is a common operation when dealing with CBS. > ok miod@ jsing@ (doug@) ~ src/ssl/bs_ber.c > Use explicit int in bs_ber.c. > ok miod@ jsing@ (doug@) ~ src/ssl/bs_cbs.c ~ src/ssl/bytestring.h > Use explicit int in bs_cbs.c. > ok miod@ jsing@ (doug@) ~ src/ssl/d1_pkt.c ~ src/ssl/s3_srvr.c > KNF whitespace. > ok miod@ jsing@ (doug@) ~ src/ssl/t1_lib.c > Convert tls1_check_curve to CBS. > ok miod@ jsing@ (doug@) ~ src/ssl/t1_lib.c > Convert ssl_next_proto_validate to CBS. > ok miod@, tweak + ok jsing@ (doug@) ~ src/ssl/ssl.h > Remove pointless comments. (jsing@) ~ src/ssl/s3_enc.c ~ src/ssl/ssl.h ~ src/ssl/t1_enc.c > Keep alerts sorted by alert code. (jsing@) ~ src/ssl/tls1.h > Clean up alert codes and add references. (jsing@) ~ src/ssl/d1_srvr.c > Change DTLS client cert request code to match TLS. > DTLS currently doesn't check whether a client cert is expected. This > change makes the logic in dtls1_accept() match that from ssl3_accept(). > From OpenSSL commit c8d710dc5f83d69d802f941a4cc5895eb5fe3d65 > input + ok jsing@ miod@ (doug@) ~ src/doc/ssl/BIO_f_ssl.3 ~ src/doc/ssl/SSL_accept.3 ~ src/doc/ssl/SSL_do_handshake.3 ~ src/ssl/d1_srvr.c ~ src/ssl/s3_both.c ~ src/ssl/s3_srvr.c ~ src/ssl/ssl3.h ~ src/ssl/ssl_locl.h > Remove Microsoft Server Gated Crypto. > Another relic due to the old US crypto policy. > From OpenSSL commit 63eab8a620944a990ab3985620966ccd9f48d681 and > 95275599399e277e71d064790a1f828a99fc661a. > ok jsing@ miod@ (doug@) ~ src/ssl/bs_cbb.c ~ src/ssl/bytestring.h > Extend the input types for CBB_add_*() to help catch bugs. > While the previous types were correct, they can silently accept bad data > via truncation or signed conversion. We now take size_t as input for > CBB_add_u*() and do a range check. > discussed with deraadt@ > input + ok jsing@ miod@ (doug@) ~ src/ssl/bs_cbs.c ~ src/ssl/bytestring.h > Add CBS_dup() to initialize a new CBS with the same values. > This is useful for when you need to check the data ahead and then continue > on from the same spot. > input + ok jsing@ miod@ (doug@) ~ src/ssl/t1_lib.c > Convert tls1_alpn_handle_client_hello() to CBS. > tweak + ok miod@ jsing@ (doug@) ~ src/crypto/engine/eng_all.c ~ src/crypto/engine/eng_dyn.c ~ src/crypto/engine/eng_list.c ~ src/doc/crypto/engine.pod > Disable ENGINE_load_dynamic (dynamic engine support). > We do not build, test or ship any dynamic engines, so we can remove the > dynamic > engine loader as well. This leaves a stub initialization function in its > place. > ok beck@, reyk@, miod@ (bcook@) ~ src/crypto/engine/eng_list.c > Return the failing engine ID in the error stack. > Noted by doug@ in an earlier revision of the dynamic engine removal patch, > but > I had forgotten to include it in the latest version. (bcook@) - src/crypto/evp/m_mdc2.c - src/crypto/mdc2/mdc2.h - src/crypto/mdc2/mdc2_one.c - src/crypto/mdc2/mdc2dgst.c ~ src/crypto/opensslfeatures.h ~ src/crypto/evp/c_all.c ~ src/crypto/evp/evp.h ~ src/crypto/rsa/rsa_pmeth.c ~ src/crypto/rsa/rsa_sign.c ~ src/doc/apps/ca.pod ~ src/doc/apps/dgst.pod ~ src/doc/apps/openssl.pod ~ src/doc/apps/req.pod ~ src/doc/apps/speed.pod ~ src/doc/apps/ts.pod ~ src/doc/apps/x509.pod ~ src/doc/crypto/EVP_DigestInit.pod ~ src/doc/crypto/EVP_DigestSignInit.pod ~ src/doc/crypto/EVP_DigestVerifyInit.pod ~ src/doc/crypto/EVP_SignInit.pod ~ src/doc/crypto/EVP_VerifyInit.pod ~ src/doc/crypto/crypto.pod > Remove obsolete MDC-2DES from libcrypto. > ok deraadt@ jsing@ miod@ (doug@) ~ ssl/shlib_version > Crank major for libcrypto, ssl and tls due to MDC-2DES removal. > ok miod@ jsing@ (doug@) ~ src/crypto/bio/bio.h > Fix warning on vax due to old gcc. > Old gcc warns when parameters have the same names as functions. Noticed > by deraadt@. > ok deraadt@ jsing@ (doug@) ~ src/ssl/bs_cbs.c > Replace internal call to CRYPTO_memcmp with timingsafe_memcmp. > Suggested by jsing@. > ok jsing@ miod@ (doug@) ~ src/ssl/ssl_locl.h ~ src/ssl/t1_reneg.c > Convert ssl_parse_clienthello_renegotiate_ext to CBS. > ok miod@, tweak + ok jsing@ (doug@) ~ src/crypto/evp/e_aes.c ~ src/crypto/evp/e_chacha20poly1305.c ~ src/crypto/rsa/rsa_oaep.c > Replace remaining CRYPTO_memcmp() calls with timingsafe_memcmp(). > ok doug@ deraadt@ (jsing@) ~ src/crypto/crypto.h > Put CRYPTO_memcmp() under #ifndef LIBRESSL_INTERNAL. > ok doug@ deraadt@ (jsing@) ~ src/ssl/ssl.h > Make SSL_OP_ALL readable. > ok deraadt@ doug@ millert@ miod@ sthen@ (jsing@) ~ src/crypto/ec/ec.h ~ src/crypto/ec/ec_curve.c > Provide EC_curve_nid2nist() and EC_curve_nist2nid(). > From OpenSSL. > Rides libcrypto bump. > ok miod@ (a while ago) (jsing@) ~ src/crypto/ec/eck_prn.c > Have ECPKParameters_print() include the NIST curve name, if known. > From OpenSSL. > ok miod@ (a while ago). (jsing@) ~ src/crypto/ec/ec_pmeth.c > Handle NIST curve names. > From OpenSSL. > ok miod@ (a while ago) (jsing@) ~ src/ssl/ssl_locl.h ~ src/ssl/t1_reneg.c > Convert ssl_parse_serverhello_renegotiate_ext to CBS. > ok miod@ jsing@ (doug@) ~ src/ssl/s3_srvr.c > Convert ssl3_get_next_proto to CBS. > tweak + ok miod@ jsing@ (doug@) ~ src/ssl/s3_clnt.c > Convert ssl3_get_new_session_ticket to CBS. > tweak + ok miod@ jsing@ (doug@) ~ src/ssl/bs_ber.c > Check for failure with CBB_init() in bs_ber.c. > From BoringSSL commit 3fa65f0f05f67615d9daf48940e07f84d094ac6e. (doug@) libtls ~ tls.h > Add standard headers, C++ support to tls.h. > This makes using libtls easier to include by including dependent headers, > making something like this work as expected: > #include <iostream> > #include <tls.h> > int main() > { > std::cout << "tls_init: " << tls_init() << "\n"; > } > This also makes building a standalone libtls-portable simpler. > ok doug@, jsing@ (bcook@) ~ shlib_version > Crank major for libcrypto, ssl and tls due to MDC-2DES removal. > ok miod@ jsing@ (doug@) == regress =========================================================== 06/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress bin + chmod/Makefile + chmod/Makefile~ + chmod/chflags.error + chmod/chgrp.error + chmod/chmod.error + chmod/chown.error > First stab at regression test for chmod (and chflags, chgrp and chown > which are the same binary). This is supposed to exercise all syscalls > paths through those tools and not a comprehensive regression test. > (florian@) - chmod/Makefile~ > oops (florian@) ~ Makefile > hook up chmod (florian@) lib ~ libssl/bytestring/bytestringtest.c > Be more strict about BER and DER terminology. > bs_ber.c does not convert BER to DER. It's a hack to convert a DER-like > encoding with one violation (indefinite form) to strict DER. Rename > the functions to reflect this. > ok miod@ jsing@ (doug@) ~ libssl/bytestring/bytestringtest.c > Add tests for CBS_offset() and CBS_write_bytes(). > "no problem" miod@, tweak + ok jsing@ (doug@) - libcrypto/mdc2/Makefile - libcrypto/mdc2/mdc2test.c ~ libcrypto/Makefile > Remove obsolete MDC-2DES from libcrypto. > ok deraadt@ jsing@ miod@ (doug@) libexec ~ ld.so/dlopen/prog1/Makefile ~ ld.so/dlopen/prog2/Makefile ~ ld.so/dlopen/prog3/Makefile ~ ld.so/dlopen/prog4/Makefile > fix regress fallout due to CFLAGS vs CXXFLAGS (deraadt@) usr.bin ~ ssh/unittests/Makefile.inc > turn SSH1 back on to match src/usr.bin/ssh being tested (djm@) usr.sbin ~ syslogd/Makefile ~ syslogd/Syslogd.pm ~ syslogd/args-length-tcp.pl ~ syslogd/args-length-tls.pl ~ syslogd/args-length-udp.pl ~ syslogd/args-length-unix.pl ~ syslogd/args-length-vis.pl ~ syslogd/args-libevent-kqueue.pl ~ syslogd/args-libevent-poll.pl ~ syslogd/args-libevent-select.pl ~ syslogd/args-only4.pl ~ syslogd/args-only6.pl ~ syslogd/args-sendsyslog.pl ~ syslogd/args-sighup-config.pl ~ syslogd/args-sighup-privsep.pl ~ syslogd/args-sighup-tcp.pl ~ syslogd/args-sighup-tls.pl ~ syslogd/args-sighup.pl ~ syslogd/args-sigpipe.pl ~ syslogd/args-sigterm.pl ~ syslogd/args-socket-tcp.pl ~ syslogd/args-socket-tls.pl ~ syslogd/args-socket.pl ~ syslogd/funcs.pl + syslogd/args-privsep-daemon.pl + syslogd/args-privsep-foreground.pl + syslogd/args-privsep.pl > Rework how fstat and ktrace pattern are specified in the test > arguments. Add tests to check wether syslogd privsep works. This > is done for debug and foreground and daemon mode. Fstat is checked > for chroot and sockets. Ktrace dump is grepped for setting uid and > gid. (bluhm@) == sbin ============================================================== 07/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin pfctl ~ pfctl.8 > document pfctl -ss -R <rule>, ok mikeb@ (sthen@) == share ============================================================= 08/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share man ~ man4/man4.armv7/Makefile + man4/man4.armv7/plrtc.4 + man4/man4.armv7/pluart.4 + man4/man4.armv7/sysreg.4 + man4/man4.armv7/vexpress.4 > add some initial vexpress man pages (jsg@) ~ man9/mbuf.9 > Sync with recent changes. (mpi@) ~ man9/Makefile ~ man9/mbuf.9 + man9/ml_init.9 + man9/mq_init.9 > Move mbuf_list and mbuf_queue documentation in their own manual. > ok jmc@, deraadt@, dlg@ (mpi@) - man4/isp.4 ~ man4/Makefile > isp(4) man page needs to go too, pointed out by jmc@ (jmatthew@) ~ man4/pci.4 > remove a bit more isp(4), from brad (jmatthew@) misc ~ mime.types > Add .mkv (video/x-matroska). > From David Hill > ok halex@ (reyk@) mk ~ sys.mk > crank to 5.8-beta (deraadt@) zoneinfo ~ datfiles/africa ~ datfiles/antarctica ~ datfiles/backward ~ datfiles/europe ~ datfiles/iso3166.tab ~ datfiles/northamerica ~ datfiles/southamerica ~ datfiles/zone1970.tab > Update to tzdata2015e from ftp.iana.org (millert@) == sys =============================================================== 09/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys arch/armv7/exynos ~ exynos5.c > correct the uart irq numbers > ok bmercer@ (jsg@) arch/armv7/vexpress ~ files.vexpress ~ vexpress.c ~ vexpress_a15.c ~ vexpress_a9.c + pl031.c > add a driver for the ARM PrimeCell PL031 RTC (jsg@) arch/aviion/stand/boot ~ Makefile > Bring a few routines from libkern in order to avoid linking against libgcc. > (miod@) arch/landisk/stand/boot ~ Makefile > Build required bits from libkern rather than importing them from libgcc. > (miod@) arch/landisk/stand/xxboot ~ Makefile > Build required bits from libkern rather than importing them from libgcc. > (miod@) arch/macppc/stand/tbxidata ~ bsd.tbxi > crank to 5.8-beta (deraadt@) arch/mips64/mips64 ~ cpu.c > alloc_contiguous_pages() is supposed to round the allocation size to a page > boundary, not to an u area boundary. Oops. (miod@) arch/sgi/xbow ~ xbridge.c ~ xbridgereg.h > Clear the PIC `write request' memory at initialization time. There is > apparently a risk of spurious parity errors if we don't. (miod@) arch/sparc/conf ~ files.sparc > remove isp(4) now that the ql* family have replaced it (jmatthew@) arch/sparc/dev - isp_sbus.c > remove isp(4) now that the ql* family have replaced it (jmatthew@) arch/sparc/stand/boot ~ Makefile > Build __moddi3, __muldi3 and __qdivrem from libkern, and built no-pie, > instead > of getting them from libgcc.a, built pie. > This repairs boot blocks operation on sparc, as found the hard way by > sebastia@ (miod@) arch/sparc64/dev ~ vnet.c > Count transmitted packets. (kettenis@) arch/vax/vax ~ pmap.c > Make kernel text read-only and unreadable from userland, and remove the > bogus > comment about the emulation code requiring kernel text to be readable from > userland. > Add a few DIAGNOSTIC checks for rogue ptes passed to rmpage(). > Make sure the pte extent operations and update_pcbs() run at >= IPL_SCHED. > (miod@) conf ~ newvers.sh > move to 5.8-beta. This is a bit earlier than normal... (deraadt@) ~ files > remove isp(4) now that the ql* family have replaced it (jmatthew@) dev ~ ipmi.c > memory leak on failure; from Maxime Villard (deraadt@) dev/ic - isp.c - isp_library.c - isp_library.h - isp_openbsd.c - isp_openbsd.h - isp_stds.h - isp_target.h - ispmbox.h - ispreg.h - ispvar.h ~ qla.c > remove isp(4) now that the ql* family have replaced it (jmatthew@) ~ an.c > Don't use uninitialized data as a return value. > From Brainy via Maxime Villard via tech@. > ok kettenis@ (krw@) dev/microcode - isp/isp_fw2100.c - isp/isp_fw2200.c - isp/isp_fw2300.c > remove isp(4) now that the ql* family have replaced it (jmatthew@) dev/pci ~ if_rtwn.c ~ if_rtwnreg.h > Implement IQ calibration support for rtwn(4). Lots of black magic involved. > (stsp@) ~ if_iwm.c ~ if_iwmvar.h > Make the wifi LED work with iwm(4). > The bad news: Many laptops sold with iwm(4) cards don't have a wifi LED :-( > The good news: Laptops with LEDs and no wifi device white-list in BIOS > actually exist! Tested in one such machine. > ok kettenis@ deraadt@ (stsp@) ~ if_iwm.c ~ if_iwmreg.h ~ if_iwmvar.h > Remove comments referring to Linux iwlwifi source filenames from iwm(4). > Linux is a moving target so these comments provide little value. > Discussed with kettenis and deraadt. (stsp@) ~ cmpci.c > For unsupported sample formats, don't return EINVAL but set the closest > available format. ok ratchov@ (naddy@) - isp_pci.c ~ files.pci > remove isp(4) now that the ql* family have replaced it (jmatthew@) dev/rasops ~ rasops.c > Don't leak mem if wsfont_rotate() fails. > Problem reported by Maxime Villard, ok miod@ (jca@) dev/sbus - isp_sbus.c ~ files.sbus > remove isp(4) now that the ql* family have replaced it (jmatthew@) dev/usb ~ uaudio.c ~ ugen.c ~ usbdi.c > Set the length of isochronous transfers as the sum of the frames lengths. > This reduces differences between non-isoch and isoch transfers submissions, > makes the generic DMA buffer overrun check work with isoch transfers and > will allow some code simplifications in HC drivers. > Since short-transfers were never checked for isoch transfers, we now need > to > pass the USBD_SHORT_XFER_OK flag to not change this behavior. This might > be > revisited later. > ok ratchov@ (mpi@) ~ uhub.c > Bring back r1.78 and r1.79, now that ajactouto@'s regression has > been found: it was a hardware failure. > When a bus is explored, do not probe the ports which status hasn't > changed. This saves a lot of I/O when attaching/detaching devices > and might help with some timing related problems. (mpi@) ~ usbdevs > Add a uslcom id for the Netgear M7100 console from Andrew Daugherity. > Add some additional uslcom ids found in the Linux driver while here. (jsg@) ~ usbdevs.h ~ usbdevs_data.h > regen (jsg@) ~ uslcom.c > Add a uslcom id for the Netgear M7100 console from Andrew Daugherity. > Add some additional uslcom ids found in the Linux driver while here. (jsg@) ~ upd.c ~ usbhid.h > Four new sensors, from David Higgs. (mpi@) ~ ubcmtp.c > fix compilation with UBCMTP_DEBUG (jcs@) ~ ubcmtp.c > when no fingers are down, send 0 for z > fixes tap-to-click (jcs@) ~ if_smsc.c ~ if_smscreg.h > Only match devices with a valid configuration. > Most of the WiFi/Ethernet USB adapter only have one configuration and > always > use its first interface. In order to improve USB descriptors parsing start > by reducing the number of places where a configuration is set. > Tested by jsg@ (mpi@) ~ uftdi.c > Only match devices with a valid configuration. (mpi@) ~ if_aue.c ~ if_auereg.h > Only match devices with a valid configuration. > Tested by jsg@ (mpi@) ~ uslcom.c > CP2110 is handled by uslhcom not uslcom (jsg@) ~ if_udav.c ~ if_udavreg.h > Only match devices with a valid configuration. > ok by mpi@ (uaa@) ~ if_ugl.c > Only match devices with a valid configuration. > ok uaa@ (mpi@) kern ~ uipc_mbuf.c ~ uipc_socket.c > Store a unique ID, an interface index, rather than a pointer to the > receiving interface in the packet header of every mbuf. > The interface pointer should now be retrieved when necessary with > if_get(). If a NULL pointer is returned by if_get(), the interface > has probably been destroy/removed and the mbuf should be freed. > Such mechanism will simplify garbage collection of mbufs and limit > problems with dangling ifp pointers. > Tested by jmatthew@ and krw@, discussed with many. > ok mikeb@, bluhm@, dlg@ (mpi@) lib/libsa ~ printf.c > Fix 1.26; kdoprnt() should not attempt to invoke va_end() at all, it's the > caller's responsibility to do so. (miod@) net ~ if_trunk.c > Fix a double free in the destroy path triggered when a second process, > in my case dhclient(8), races with ifconfig(8) to free the descriptors > of the joined multicast groups. > While here reduce the difference with carp(4). > ok dms@ (mpi@) ~ bpf.c ~ bpf.h ~ bridgestp.c ~ if.c ~ if_bridge.c ~ if_ethersubr.c ~ if_loop.c ~ if_mpe.c ~ if_pflow.c ~ if_pfsync.c ~ if_ppp.c ~ if_pppoe.c ~ if_spppsubr.c ~ if_trunk.c ~ if_tun.c ~ if_vlan.c ~ pf.c ~ pipex.c ~ ppp_tty.c ~ rtsock.c > Store a unique ID, an interface index, rather than a pointer to the > receiving interface in the packet header of every mbuf. > The interface pointer should now be retrieved when necessary with > if_get(). If a NULL pointer is returned by if_get(), the interface > has probably been destroy/removed and the mbuf should be freed. > Such mechanism will simplify garbage collection of mbufs and limit > problems with dangling ifp pointers. > Tested by jmatthew@ and krw@, discussed with many. > ok mikeb@, bluhm@, dlg@ (mpi@) netinet ~ ip_ah.c ~ ip_esp.c > Use proper argument type for crp_callback functions; no functional change. > (mikeb@) ~ ip_esp.c > No need for an extra local variable; no functional change. (mikeb@) ~ ip_ipcomp.c > Use proper argument type for crp_callback functions; no functional change. > (mikeb@) ~ if_ether.c ~ igmp.c ~ in_gif.c ~ ip_carp.c ~ ip_divert.c ~ ip_ether.c ~ ip_gre.c ~ ip_icmp.c ~ ip_input.c ~ ip_ipip.c ~ ip_output.c ~ ipsec_input.c ~ tcp_input.c ~ tcp_output.c ~ tcp_subr.c ~ udp_usrreq.c > Store a unique ID, an interface index, rather than a pointer to the > receiving interface in the packet header of every mbuf. > The interface pointer should now be retrieved when necessary with > if_get(). If a NULL pointer is returned by if_get(), the interface > has probably been destroy/removed and the mbuf should be freed. > Such mechanism will simplify garbage collection of mbufs and limit > problems with dangling ifp pointers. > Tested by jmatthew@ and krw@, discussed with many. > ok mikeb@, bluhm@, dlg@ (mpi@) netinet6 ~ frag6.c ~ icmp6.c ~ in6_gif.c ~ ip6_divert.c ~ ip6_forward.c ~ ip6_input.c ~ ip6_mroute.c ~ ip6_output.c ~ mld6.c ~ nd6.c ~ nd6_nbr.c ~ nd6_rtr.c ~ raw_ip6.c > Store a unique ID, an interface index, rather than a pointer to the > receiving interface in the packet header of every mbuf. > The interface pointer should now be retrieved when necessary with > if_get(). If a NULL pointer is returned by if_get(), the interface > has probably been destroy/removed and the mbuf should be freed. > Such mechanism will simplify garbage collection of mbufs and limit > problems with dangling ifp pointers. > Tested by jmatthew@ and krw@, discussed with many. > ok mikeb@, bluhm@, dlg@ (mpi@) netmpls ~ mpls_input.c > Store a unique ID, an interface index, rather than a pointer to the > receiving interface in the packet header of every mbuf. > The interface pointer should now be retrieved when necessary with > if_get(). If a NULL pointer is returned by if_get(), the interface > has probably been destroy/removed and the mbuf should be freed. > Such mechanism will simplify garbage collection of mbufs and limit > problems with dangling ifp pointers. > Tested by jmatthew@ and krw@, discussed with many. > ok mikeb@, bluhm@, dlg@ (mpi@) nfs ~ krpc_subr.c ~ nfs_subs.c ~ nfs_syscalls.c > Store a unique ID, an interface index, rather than a pointer to the > receiving interface in the packet header of every mbuf. > The interface pointer should now be retrieved when necessary with > if_get(). If a NULL pointer is returned by if_get(), the interface > has probably been destroy/removed and the mbuf should be freed. > Such mechanism will simplify garbage collection of mbufs and limit > problems with dangling ifp pointers. > Tested by jmatthew@ and krw@, discussed with many. > ok mikeb@, bluhm@, dlg@ (mpi@) sys ~ mbuf.h > Store a unique ID, an interface index, rather than a pointer to the > receiving interface in the packet header of every mbuf. > The interface pointer should now be retrieved when necessary with > if_get(). If a NULL pointer is returned by if_get(), the interface > has probably been destroy/removed and the mbuf should be freed. > Such mechanism will simplify garbage collection of mbufs and limit > problems with dangling ifp pointers. > Tested by jmatthew@ and krw@, discussed with many. > ok mikeb@, bluhm@, dlg@ (mpi@) ~ param.h > crank to 5.8-beta (deraadt@) ~ param.h > my keyboard is conspiring against me (deraadt@) uvm ~ uvm_pmemrange.c > Fix a bug that causes uvm_pmr_get1page() to fail for allocations that > specify an address constraint even when free pages that meet the constraint > are still available. This happens because the old code was using the root > of the size tree as a starting point for a search down the address tree. > This meant only part of the address tree was searched, and that part could > very well not contain any of the pages that met the constraint. Instead, > always walk the address tree from its root if the list of single pages is > empty and the root of the size tree doesn't meet our constraints. > From Visa Hankala. > ok deraadt@ (kettenis@) == usr.bin =========================================================== 10/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin diff ~ xmalloc.c > Use strdup in xstrdup; from Fritjof Bornebusch. (nicm@) file ~ xmalloc.c > Use strdup in xstrdup from Fritjof Bornebusch. While here, remove xfree > which is unused. (nicm@) netstat ~ inet.c > There is no need to include sys/ucred.h. Only sys/file.h is needed for the > DTYPE defines. (claudio@) openssl ~ s_server.c > Remove ancient compat hack SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG. > This was imported into OpenSSL from SSLeay. It was recently deleted > in OpenSSL commit 7a4dadc3a6a487db92619622b820eb4f7be512c9 (doug@) ~ apps.c > Add support for OPTION_DISCARD. > ok jsing@ (doug@) ~ openssl.1 > spelling fixes from theo buehler; (jmc@) ~ apps.c > Remove fallback dynamic engine loading support. > Since we no longer have dynamic engines, don't bother falling back to them > if a builtin engine is not found first. > Before: > $ openssl dgst -engine unknown > invalid engine "unknown" > 27256010481532:error:2606A074:engine routines:ENGINE_by_id:no such > engine:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/engine/eng_lis > t.c:384:id=unknown > 27256010481532:error:2606A074:engine routines:ENGINE_by_id:no such > engine:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/engine/eng_lis > t.c:384:id=dynamic > After: > $ openssl dgst -engine unknown > invalid engine "unknown" > 27256010481532:error:2606A074:engine routines:ENGINE_by_id:no such > engine:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/engine/eng_lis > t.c:384:id=unknown > ok doug@ (bcook@) ~ progs.h > Add missing message digests to function table. > Diff from kinichiro via github. > ok doug@ (jsing@) ~ openssl.1 ~ req.c ~ speed.c ~ ts.c ~ x509.c > Remove obsolete MDC-2DES from libcrypto. > ok deraadt@ jsing@ miod@ (doug@) ~ progs.h > Less mdc2. (jsing@) ~ ecparam.c > Handle NIST curve names in openssl(1) ecparam. > From OpenSSL. (jsing@) rcs ~ ci.c > Remove NULL check before free; Fritjof Bornebusch. (nicm@) ~ xmalloc.c > Use strdup in xstrdup; from Fritjof Bornebusch. (nicm@) ssh ~ ssh-rsa.c > return failure on RSA signature error; reported by Albert S (djm@) ~ auth2-pubkey.c > Make the arguments to match_principals_command() similar to > match_principals_file(), by changing the last argument a > struct sshkey_cert * and dereferencing key->cert in the caller. > No functional change. > ok djm@ (jsing@) ~ auth2-pubkey.c > If AuthorizedPrincipalsCommand is specified, however > AuthorizedPrincipalsFile is not (or is set to "none"), authentication will > potentially fail due to key_cert_check_authority() failing to locate a > principal that matches the username, even though an authorized principal > has already been matched in the output of the subprocess. Fix this by using > the same logic to determine if pw->pw_name should be passed, as is used to > determine if a authorized principal must be matched earlier on. > ok djm@ (jsing@) tmux ~ client.c ~ format.c ~ server-client.c ~ tmux.1 ~ tmux.h > Add a format for client PID (client_pid) and server PID (pid). Diff for > client_pid from Thomas Adam. (nicm@) ~ format.c ~ input.c ~ tmux.1 ~ tmux.h ~ window.c > Add window_activity format, from Thomas Adam based on a diff originally > from propos6 at gmail dot com. (nicm@) ~ job.c ~ tmux.h > Use an explicit job state instead of avoid closing our side of the > socketpair and setting it to -1 to mark when the other side is > closed. This avoids closing it while the libevent bufferevent still has > it (it could try to add it to the polled set which some mechanisms don't > like). Fixes part a problem reported by Bruno Sutic. (nicm@) ~ cmd-move-window.c ~ cmd-new-window.c ~ tmux.1 ~ tmux.h ~ window.c > Move the shuffle code from new-window -a into a function and add a -a > flag for move-window too. From Thomas Adam. (nicm@) ~ cmd-queue.c > Break cmdq_continue inner loop into a helper function. (nicm@) ~ cmd-break-pane.c ~ tmux.1 > Change break-pane to take target and source panes (-t and -s) in line > with other commands, from Thomas Adam. (nicm@) ~ tmux.1 > Remove a stray : and tweak paragraph. (nicm@) ~ cmd-join-pane.c > Use the SRCDST define for usage. (nicm@) ~ format.c > Use xsnprintf. (nicm@) == usr.sbin ========================================================== 11/11 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin bgpd ~ rde.c > show the number of (currently) known prefixes and the max-prefix limit, > when we terminate the session. > since we terminate the session as soon as we go above the limit, show > '>' since there may be more that we haven't/won't process. > OK benno@ (phessler@) ~ rde.c > There is a race between sending notifications to the SE and getting a new > peer_up event in the RDE. This can be triggered by graceful restart. So > remove the panic and replace it with roughly what peer_down does. > OK phessler and henning (claudio@) httpd ~ server_http.c > When encoding the Location url, only encode the query and path > elements from the user input and not the constants from the > configuration. This makes it possible to specify chars like '?' in > the uri. > OK Sebastien Marie (reyk@) quot ~ quot.8 > sort +0n -> sort -n, the former is historical (jca@) sensorsd ~ sensorsd.c > get_val() already frees the buffer passed to it so we don't need to > do it in the caller. (millert@) syslogd ~ syslogd.8 ~ syslogd.c > Implement a -F switch, that tells syslogd to stay in foreground. > OK benno@; input millert@; no objections deraadt@ (bluhm@) ~ syslogd.8 > put -F before -f in the options list; (jmc@) =============================================================================== _______________________________________________ owc mailing list [email protected] http://www.squish.net/mailman/listinfo/owc
