OpenBSD src changes summary for 2016-12-18 to 2016-12-25 inclusive ==================================================================
Makefile.cross bin/pax distrib/miniroot distrib/sets distrib/socppc distrib/special games/adventure gnu gnu/lib/libreadline gnu/usr.bin/clang lib/csu lib/libc lib/libcrypto lib/libcxx lib/libcxxabi lib/libm lib/libssl lib/libtls regress/lib regress/usr.bin regress/usr.sbin sbin/bioctl sbin/ifconfig sbin/sysctl share/man share/mk sys/arch/amd64/amd64 sys/arch/amd64/stand/efiboot sys/arch/amd64/stand/libsa sys/arch/arm/cortex sys/arch/arm64/arm64 sys/arch/arm64/conf sys/arch/arm64/dev sys/arch/arm64/include sys/arch/arm64/stand/efiboot sys/arch/armv7/sunxi sys/arch/mips64/include sys/arch/mips64/mips64 sys/arch/octeon/conf sys/arch/octeon/dev sys/arch/powerpc/powerpc sys/arch/sparc64/dev sys/arch/sparc64/sparc64 sys/conf sys/dev sys/dev/acpi sys/dev/ic sys/dev/microcode sys/dev/pci sys/dev/pv sys/dev/usb sys/kern sys/miscfs/fifofs sys/net sys/net80211 sys/netinet sys/netinet6 sys/nfs sys/sys usr.bin/ftp usr.bin/gprof usr.bin/lex usr.bin/libtool usr.bin/netstat usr.bin/rpcgen usr.bin/ssh usr.bin/systat usr.bin/vi usr.sbin/amd usr.sbin/bgpd usr.sbin/mkuboot usr.sbin/mopd usr.sbin/mrouted usr.sbin/ospf6ctl usr.sbin/ospf6d usr.sbin/ospfd usr.sbin/rarpd usr.sbin/ripd usr.sbin/sa usr.sbin/switchctl usr.sbin/switchd usr.sbin/syslogd usr.sbin/tcpdump usr.sbin/trpt == Makefile.cross ==================================================== 01/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/Makefile.cross Makefile.cross > Implement support for cross-compiling arm64 in Makefile.cross. This > adds code to build clang as cross-compiler instead of gcc. Since we > don't have binutils for aarch64 in base, skip the binutils cross- > toolchain build for that architecture. > ok kettenis@ (patrick@) == bin =============================================================== 02/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/bin pax ~ buf_subs.c > Fix a bug where archives smaller than 512 bytes would trigger a next volume > prompt. From NetBSD. > ok millert@, deraadt@ (kettenis@) == distrib =========================================================== 03/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib miniroot ~ install.sub > Split _issue msg and "Continue without verification?" question. > Prodded by and OK aja@ > OK halex@ krw@ (rpe@) ~ install.sub > - no need to export the TERM variable twice > - re-format case-block > - unquote single word default answer > - use 'break' instead of return to leave (same effect here, but > needed later when the function is no function anymore) > - use -q option with kbd to limit output to warnings/errors only > discussed with and OK krw@ tb@ (rpe@) ~ install.sub > Revert r1.934 to unbreak autoinstall (rpe@) sets ~ lists/base/mi ~ lists/comp/mi > sync (deraadt@) ~ lists/comp/mi ~ lists/man/mi > Remove PIM support from the multicast stack. > ok mpi@ (rzalamena@) ~ lists/comp/mi > sync (deraadt@) ~ lists/comp/mi > sync (deraadt@) ~ lists/comp/mi > sync (deraadt@) ~ lists/comp/mi > sync (deraadt@) socppc ~ ramdisk/Makefile > Use makefs to build bsd.rd; build & boot tested by mpi (natano@) special ~ libstubs/db.c > Add 'default:' cases to switch statements that gcc whines about. > ok jung@ (krw@) + ftp-ssl/Makefile > stub for building HTTPS-enabled client (deraadt@) == games ============================================================= 04/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/games adventure ~ io.c > Eliminate another 'calculated, not used' warning by nuking a spurious > dereference. > Same change made in NetBSD in 1997. > ok tb@ millert@ tom@ (krw@) ~ main.c > gcc says "if you define labels and don't use them, I will whine." > ok tom@ (krw@) == gnu =============================================================== 05/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/gnu gnu ~ gcc/gcc/config/m88k/m88k.md > Convert the gcc 3 scheduling information to the gcc 4 model. (miod@) lib/libreadline ~ histfile.c > A couple more unused variables. > tweak & ok kettenis@ (krw@) usr.bin/clang ~ Makefile.inc > Compile clang with clang by default instead of egcc. This allows our > build system to selfhost itself after the initial clang bootstrap > without relying on an external compiler. Setting BOOTSTRAP_CLANG > allows bootstrapping clang with egcc. > ok kettenis@ (patrick@) == lib =============================================================== 06/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib csu ~ boot.h > A couple more unused variables. > tweak & ok kettenis@ (krw@) ~ crtbegin.c > Don't make __CTOR_LIST__ and __DTOR_LIST__ const. This makes the .ctors > and > .dtors sections writable just like they are in crtend.o and code generated > by compilers. This is necessary to make sure that linkers that respect the > ELF spec a bit better (such as lld) correctly concatenate the secttions. > ok deraadt@ (kettenis@) ~ boot.h > Remove code that reprotects the GOT based on the __got_start and __got_end > symbols. Either the PT_LOAD RWX->RX case ot PT_GNU_RELRO should cover this > already for anything we care about. And lld, the llvm linker, doesn't emit > the __got_start and __got_end symbols and there are good reasons to leave > it > that way. > ok guenther@ (kettenis@) ~ boot.h > Replace return by break; requested by guenther@ (kettenis@) libc ~ asr/asr_private.h > Remove prototype for static function _asr_resolver. Eliminates gcc > whining about undefined static in all the .c files that include > asr_private.h. _asr_resolver() is defined and used in asr.c only. > ok kettenis@ (krw@) ~ db/hash/hash_page.c > Another whitespace nit that wandered into my sights. (krw@) ~ rpc/rpc_prot.c ~ rpc/xdr.c ~ rpc/xdr_array.c ~ rpc/xdr_reference.c > Add 'default:' cases to switch statements that gcc whines about. > ok jung@ (krw@) ~ regex/regcomp.c > Adopt relevant part of NetBSD's r1.7 commit to discard unused results of > the > expressions generated by the REQUIRE() macro. Thus eliminating from build > output 100 lines or so of gcc complaints about "computed but not used". > cluebat & ok tom@ (krw@) ~ regex/regcomp.c > Clarify code by eliminating unused #define's MUSTSEE, MUSTNOTSEE and > inlining > MUSTEAT. > ok tom@ (krw@) ~ gen/nlist.c > gcc says "if you define labels and don't use them, I will whine." > ok tom@ (krw@) libcrypto ~ man/RSA_generate_key.3 > fix typo, from OpenSSL > commit 0b742f93ea7882a447f6523ac56a6f847d9f8e92 > Author: Finn Hakansson <[email protected]> > Date: Thu Dec 15 12:58:19 2016 -0500 (schwarze@) ~ bio/b_sock.c ~ man/BIO_s_connect.3 > Delete completely useless crap and just use getaddrinfo. Fix man page > while we're at it. > Note for the nostalgic, since "wais" is still an alias in /etc/services > it will continue to work.. > ok deraadt@ millert@ krw@ (beck@) ~ x509/x509_vfy.h ~ x509/x509_vpm.c > Remove prototypes from the public header for X509_VERIFY_PARAM functions > that were recently added but not intended to be made public at this stage. > Discussed with beck@ (jsing@) ~ Makefile ~ constant_time_locl.h ~ o_time.h ~ aes/aes_locl.h ~ asn1/asn1_locl.h ~ asn1/charmap.h ~ bf/bf_pi.h ~ bn/bn.h ~ bn/bn_lcl.h ~ bn/bn_prime.h ~ camellia/cmll_locl.h ~ cast/cast_s.h ~ conf/conf_def.h ~ des/des_locl.h ~ des/spr.h ~ dsa/dsa_locl.h ~ ec/ec_lcl.h ~ ec/ecp_nistz256_table.h ~ ecdh/ech_locl.h ~ ecdsa/ecs_locl.h ~ engine/eng_int.h ~ evp/evp_locl.h ~ gost/gost_asn1.h ~ gost/gost_locl.h ~ md4/md4_locl.h ~ md5/md5_locl.h ~ modes/modes_lcl.h ~ objects/obj_xref.h ~ ripemd/rmd_locl.h ~ ripemd/rmdconst.h ~ rsa/rsa_locl.h ~ sha/sha_locl.h ~ ui/ui_locl.h ~ whrlpool/wp_locl.h ~ x509/vpm_int.h ~ x509/x509_lcl.h ~ x509v3/ext_dat.h ~ x509v3/pcy_int.h + Symbols.list > Explicitly export a list of symbols from libcrypto. > Move the "internal" BN functions from bn.h to bn_lcl.h and stop exporting > the bn_* symbols. These are documented as only being intended for internal > use, so why they were placed in a public header is beyond me... > This hides 363 previously exported symbols, most of which exist in headers > that are not installed and were never intended to be public. This also > removes a few crusty old things that should have died long ago (like > _ossl_old_des_read_pw). But don't worry... there are still 3451 symbols > exported from the library. > With input and testing from inoguchi@. > ok beck@ inoguchi@ (jsing@) ~ shlib_version > Bump libcrypto/libssl/libtls majors due to libcrypto symbol removal and > changes to libssl non-opaque structs. (jsing@) ~ ocsp/ocsp_lib.c > rewrite OCSP_parse_url to be sligthly less nasty and not have one byte > buffer overreads > helpful nitpicking and ok tb@ miod@ (beck@) ~ man/Makefile ~ man/d2i_PKCS8PrivateKey_bio.3 + man/PKCS8_PRIV_KEY_INFO_new.3 > Write new PKCS8_PRIV_KEY_INFO_new(3) manual page from scratch. > Both functions are listed in <openssl/x509.h> > and in OpenSSL doc/man3/X509_dup.pod. > Note that OpenSSL documentation specifies the wrong header file. > (schwarze@) ~ man/Makefile > Stop installing the bn_dump(3) manual page. > The functions documented there are no longer public. (schwarze@) - man/x509.3 ~ man/Makefile ~ man/X509_new.3 > Delete the x509(3) manual page and merge what little content remained > into X509_new(3). Add information about STANDARDS. (schwarze@) ~ man/crypto.3 > reference X509_new(3) instead of x509(3) (schwarze@) ~ man/Makefile + man/X509_SIG_new.3 > Write X509_SIG_new(3) manual page from scratch. Both functions are > listed in <openssl/x509.h> and in OpenSSL doc/man3/X509_dup.pod. > OpenSSL documentation specifies the wrong header file. (schwarze@) ~ man/crypto.3 > spelling fix; (jmc@) ~ man/Makefile ~ man/X509_ATTRIBUTE_new.3 + man/PKCS12_SAFEBAG_new.3 + man/PKCS12_new.3 > Write new manual pages PKCS12_new(3) and PKCS12_SAFEBAG_new(3) from > scratch. All these functions are listed in <openssl/pkcs12.h> and > in OpenSSL doc/man3/X509_dup.pod. As usual, OpenSSL documentation > specifies the wrong header file. > Note that PKCS#12 documentation is still scanty at best. > For example, out of 19 public functions handling PKCS12 objects, > five are now documented, and this commit documents the first two > out of 24 public functions handling PKCS12_SAFEBAG objects. (schwarze@) ~ objects/obj_dat.c > OBJ_obj2txt() should return the total amount of space required > reported by @rhenium on GitHub > ok jsing@ (inoguchi@) ~ man/BN_new.3 > no more bn_dump(3); (jmc@) ~ man/Makefile + man/GENERAL_NAME_new.3 > Write GENERAL_NAME_new(3) manual page from scratch - as if plain X.501 > Name structures weren't already complicated enough, see X509_NAME_new(3). > All these functions are listed in <openssl/x509v3.h> > and in OpenSSL doc/man3/X509_dup.pod. > OpenSSL documentation specifies the wrong header file. (schwarze@) ~ man/X509_new.3 > Link to Peter Gutmann's classic "X.509 Style Guide". > Thanks to otto@ for making me aware of it. > If people know newer documents that are similarly readable and > interesting, please speak up. I hate sending people to the STANDARDS > only for more information. On the one hand, that's torture, and > on the other hand, if i read Gutmann correctly, the standards > sometimes provide bad advice, and often none at all. (schwarze@) ~ man/Makefile + man/AUTHORITY_KEYID_new.3 > Write new AUTHORITY_KEYID_new(3) manual page from scratch. > Both functions are listed in <openssl/x509v3.h> > and in OpenSSL doc/man3/X509_dup.pod. > OpenSSL documentation specifies the wrong header file. (schwarze@) ~ man/Makefile + man/DIST_POINT_new.3 > Write new DIST_POINT_new(3) manual page from scratch. > All functions documented here are listed in <openssl/x509v3.h> > and in OpenSSL doc/man3/X509_dup.pod. > OpenSSL documentation specifies the wrong header file. (schwarze@) ~ man/Makefile + man/BASIC_CONSTRAINTS_new.3 > Write new BASIC_CONSTRAINTS_new(3) manual from scratch, explaining > the important point of how to distinguish CA certificates from end > entity certificates. Both functions are listed in <openssl/x509v3.h> > and in OpenSSL doc/man3/X509_dup.pod. > OpenSSL documentation specifies the wrong header file. (schwarze@) ~ man/Makefile + man/NAME_CONSTRAINTS_new.3 > Write new NAME_CONSTRAINTS_new(3) manual page from scratch. > These functions are listed in <openssl/x509v3.h> > and in OpenSSL doc/man3/X509_dup.pod. > OpenSSL documentation specifies the wrong header file. (schwarze@) ~ man/Makefile + man/POLICYINFO_new.3 > Write new POLICYINFO_new(3) manual page from scratch; i can't say that > i particularly like these fourteen functions, but they are all listed > in <openssl/x509v3.h> and in OpenSSL doc/man3/X509_dup.pod. > OpenSSL documentation specifies the wrong header file. (schwarze@) ~ man/Makefile + man/EXTENDED_KEY_USAGE_new.3 > Write new EXTENDED_KEY_USAGE_new(3) manual page from scratch. > Both functions are listed in <openssl/x509v3.h> > and in OpenSSL doc/man3/X509_dup.pod. > OpenSSL documentation specifies the wrong header file. (schwarze@) ~ man/Makefile + man/ACCESS_DESCRIPTION_new.3 > Write ACCESS_DESCRIPTION_new(3) manual page from scratch. > All four functions are listed in <openssl/x509v3.h> > and in OpenSSL doc/man3/X509_dup.pod. > OpenSSL documentation specifies the wrong header file. (schwarze@) ~ man/Makefile + man/PROXY_POLICY_new.3 > Write RFC 3820 manual page PROXY_POLICY_new(3) from scratch. > These four functions are listed in <openssl/x509v3.h> > and in OpenSSL doc/man3/X509_dup.pod. > OpenSSL documentation specifies the wrong header file. (schwarze@) ~ sha/sha_locl.h > Move __BEGIN_HIDDEN_DECLS out of the middle of a function declaration. > ok jca@ (patrick@) ~ man/Makefile + man/PKEY_USAGE_PERIOD_new.3 > Write new PKEY_USAGE_PERIOD_new(3) manual page from scratch, > documenting the dubious RFC 3280 PrivateKeyUsagePeriod extension. > Both functions are listed in <openssl/x509v3.h> > and in OpenSSL doc/man3/X509_dup.pod. > OpenSSL documentation specifies the wrong header file. (schwarze@) ~ man/Makefile + man/SXNET_new.3 > Write new SXNET_new(3) manual page from scratch. All four functions > are listed in <openssl/x509v3.h> and in OpenSSL doc/man3/X509_dup.pod. > OpenSSL documentation specifies the wrong header file. > I consider the quotation from > http://www-03.ibm.com/security/library/wp_pki0730.shtml > fair use because > (1) it is a very brief extract from a long text, > (2) no other source of information is available, > (3) it is quoted for the purpose of education and research, > (4) republishing happens in a not-for-profit context. > I'm not including the URI into the manual page because large corporate > websites are notorious for changing URIs during each spring cleaning. > (schwarze@) ~ man/OCSP_REQUEST_new.3 ~ man/TS_REQ_new.3 ~ man/X509_CRL_new.3 ~ man/X509_EXTENSION_set_object.3 ~ man/X509_NAME_new.3 ~ man/X509_new.3 > sprinkle some cross references to newly written x509v3 manual pages > (schwarze@) ~ man/PKEY_USAGE_PERIOD_new.3 > minor fixes; (jmc@) ~ man/Makefile + man/ASN1_item_d2i.3 + man/ASN1_item_new.3 > Very carefully tweak OpenSSL doc/man3/d2i_X509.pod and create a new > ASN1_item_d2i(3) manual page from it. Enough text remains to keep > Stephen Henson's Copyright. > The eight functions documented in this new page are listed in > <openssl/asn1.h> and in Symbols.list, so they are public even though > OpenSSL does not document them. They are very important because > hundreds of documented, much-used public interface functions are > trivial wrappers around them, sharing their complicated semantics > and their copious CAVEATS and BUGS. > The plan is for the many pages documenting the wrappers to become > very concise, to focus on the few type-dependent specifics, and to > point to this new page for the details of the semantics, for the > CAVEATS, and for the BUGS. > While here, write a companion page ASN1_item_new(3) from scratch. > The user interface described in that page scares the hell out of > me, and i think people writing code to handle ASN.1 ought to be > aware of that dangerous user interface design, or they will sooner > or later get trapped. (schwarze@) ~ man/d2i_DSAPublicKey.3 > First example of how to fix the d2i_*() manuals: > - add four missing functions found in OpenSSL doc/man3/d2i_X509.pod > - simplify .Nd > - drop needless extra include line > - use the same parameter names as in ASN1_item_d2i(3) > - point to ASN1_item_d2i(3) for details > - sort the text and simplify the wording > More work is needed on STANDARDS references. (schwarze@) ~ man/d2i_DSAPublicKey.3 > Clarify what DSAparams_dup(3) does. > Add STANDARDS references. > Add cross references to manual pages documenting conversion functions > that are used by the functions documented here. > Mark up the names of custom ASN.1 datatypes that are defined in > standards with .Vt, allowing to search for them. > Do not mark up basic ASN.1 data types. They stand out by being ALL > CAPS anyway, and searching for them would be pointless. (schwarze@) ~ man/d2i_ECPKParameters.3 > Basic cleanup to prepare for content improvements: > Use the same parameter names as in ASN1_item_d2i(3). > Point to ASN1_item_d2i(3) for details. > Delete lots of rendundant text. > While here, add ten missing functions found in OpenSSL > doc/man3/d2i_X509.pod > and fix errors in the prototypes of i2d_ECPKParameters_bio(3) > and i2d_ECPKParameters_fp(3). (schwarze@) ~ man/d2i_ECPKParameters.3 > Correct the DESCRIPTION of ECParameters_dup(3). > Clarify requirements for o2i_ECPublicKey(3). > Add STANDARDS references for d2i_ECPrivateKey(3) and d2i_EC_PUBKEY(3). > Trim some excessive cross references that are only tangentially > related and add some more relevant ones instead. (schwarze@) ~ man/d2i_PrivateKey.3 > Add missing functions d2i_PublicKey(3) and i2d_PublicKey(3) > found in OpenSSL doc/man3/d2i_X509.pod. > Simplify one-line description. > Use the same parameter names as in ASN1_item_d2i(3). > Point to ASN1_item_d2i(3) for details. > Add a STANDRADS reference regarding PKCS#8 PrivateKeyInfo. > Mention d2i_PrivateKey_bio(3) and d2i_PrivateKey_fp(3) > in the DESCRIPTION and below RETURN VALUES. > Add some missing markup and tweak some wording. > Add some cross references. (schwarze@) ~ man/ACCESS_DESCRIPTION_new.3 ~ man/ASN1_STRING_length.3 ~ man/ASN1_generate_nconf.3 ~ man/AUTHORITY_KEYID_new.3 ~ man/BASIC_CONSTRAINTS_new.3 ~ man/DIST_POINT_new.3 ~ man/ESS_SIGNING_CERT_new.3 ~ man/EVP_EncryptInit.3 ~ man/EVP_PKEY_CTX_ctrl.3 ~ man/EXTENDED_KEY_USAGE_new.3 ~ man/GENERAL_NAME_new.3 ~ man/NAME_CONSTRAINTS_new.3 ~ man/OCSP_CRLID_new.3 ~ man/OCSP_REQUEST_new.3 ~ man/OCSP_SERVICELOC_new.3 ~ man/OCSP_cert_to_id.3 ~ man/OCSP_resp_find_status.3 ~ man/OCSP_response_status.3 ~ man/PEM_read_bio_PrivateKey.3 ~ man/PKCS12_SAFEBAG_new.3 ~ man/PKCS12_new.3 ~ man/PKCS7_new.3 ~ man/PKCS8_PRIV_KEY_INFO_new.3 ~ man/PKEY_USAGE_PERIOD_new.3 ~ man/POLICYINFO_new.3 ~ man/PROXY_POLICY_new.3 ~ man/RSA_PSS_PARAMS_new.3 ~ man/TS_REQ_new.3 ~ man/X509_ALGOR_dup.3 ~ man/X509_CINF_new.3 ~ man/X509_CRL_new.3 ~ man/X509_EXTENSION_set_object.3 ~ man/X509_NAME_ENTRY_get_object.3 ~ man/X509_NAME_add_entry_by_txt.3 ~ man/X509_NAME_get_index_by_NID.3 ~ man/X509_NAME_new.3 ~ man/X509_NAME_print_ex.3 ~ man/X509_PUBKEY_new.3 ~ man/X509_REQ_new.3 ~ man/X509_REVOKED_new.3 ~ man/X509_SIG_new.3 ~ man/X509_STORE_CTX_get_error.3 ~ man/X509_new.3 ~ man/d2i_RSAPublicKey.3 ~ man/d2i_X509_ALGOR.3 ~ man/d2i_X509_NAME.3 ~ man/d2i_X509_SIG.3 ~ man/x509v3.cnf.5 > Consistently mark up various ASN.1 type names defined in standards > related to X.509 with .Vt such that they can be searched for. (schwarze@) libcxx ~ Makefile > Compile libc++ and libc++abi with clang by default instead of egcc. > This allows our build system to selfhost itself after the initial > clang bootstrap without relying on an external compiler. > with input from and ok kettenis@ (patrick@) libcxxabi ~ Makefile > Compile libc++ and libc++abi with clang by default instead of egcc. > This allows our build system to selfhost itself after the initial > clang bootstrap without relying on an external compiler. > with input from and ok kettenis@ (patrick@) libm ~ arch/amd64/s_copysign.S ~ arch/amd64/s_copysignf.S ~ arch/i387/s_copysign.S ~ arch/i387/s_copysignf.S > copysign and copysignf are used within libm, so declare them accordingly. > Required if the compiler doesn't replace them with builtins (e.g. clang > on amd64). > ok kettenis@ guenther@ > i386 sync requested by guenther@ (naddy@) libssl ~ s3_clnt.c ~ ssl_locl.h ~ t1_lib.c > Convert ssl3_get_server_hello() to CBS. > ok doug@ (jsing@) ~ s3_clnt.c ~ s3_lib.c ~ s3_srvr.c ~ ssl3.h ~ ssl_cert.c ~ ssl_locl.h ~ t1_lib.c > Add support for ECDHE with X25519. > Testing of an earlier revision by naddy@. > ok beck@ (jsing@) ~ ssl.h > Add minimum and maximum version fields to SSL, SSL_CTX and SSL_METHOD > for future work. > Discussed with beck@ (jsing@) ~ shlib_version > Bump libcrypto/libssl/libtls majors due to libcrypto symbol removal and > changes to libssl non-opaque structs. (jsing@) ~ s3_clnt.c > Pacify compiler warning about an unitialized variable which is obviously > not really being used. > ok beck. (deraadt@) libtls ~ shlib_version > Bump libcrypto/libssl/libtls majors due to libcrypto symbol removal and > changes to libssl non-opaque structs. (jsing@) == regress =========================================================== 07/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress lib ~ libssl/unit/tls_ext_alpn.c > Revise regress for changes to ssl_parse_serverhello_tlsext(). > Same diff from inoguchi@ (jsing@) ~ libssl/asn1/asn1test.c > Ensure negative time/timeout are handled appropriately. (jsing@) ~ libcrypto/bn/general/Makefile ~ libcrypto/bn/general/bntest.c ~ libcrypto/utf8/Makefile + libcrypto/Makefile.inc > Update libcrypto regress to handle header and non-exported symbol changes. > (jsing@) ~ libssl/client/clienttest.c > Update regress for ECDHE with X25519. (jsing@) usr.bin ~ ssh/allow-deny-users.sh > Use LOGNAME to get current user and fall back to whoami if not set. > Mainly to benefit -portable since some platforms don't have whoami. > (dtucker@) ~ ssh/unittests/utf8/tests.c > remove testcase that depends on exact output and behaviour of > snprintf(..., "%s", NULL) (djm@) ~ ssh/allow-deny-users.sh > use standard /bin/sh equality test; from Mike Frysinger (djm@) usr.sbin ~ switchd/OFP.pm ~ switchd/run.pl > Update the regress test to work with the new changes in the switchd(8) > table learning implementation. > ok reyk@ (rzalamena@) == sbin ============================================================== 08/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin bioctl ~ bioctl.c > This commit removes bio_status() calls after a BIOCLOCATE since the > bio status will never be updated on a BIOCLOCATE. In addition with > missed zeroing of the passed bio struct, this could lead to a print > of uninitialized memory. While there, properly zero the bio struct > before passing it to ioctl(). > ok mikeb@ (patrick@) ifconfig ~ ifconfig.c > Make 'ifconfig if0 wpa' and 'ifconfig if0 -wpa' reset WPA params (does not > include the wpakey) to their defaults. > And make 'ifconfig if0 wpaprotos' reset WPA crypto parameters to settings > which are appropriate for the specified WPA protocol version. (stsp@) ~ ifconfig.8 > Document our new WPA default settings. Discourage use of TKIP. (stsp@) ~ ifconfig.c > gcc says "if you define labels and don't use them, I will whine." > ok tom@ (krw@) sysctl ~ sysctl.c > Remove PIM support from the multicast stack. > ok mpi@ (rzalamena@) == share ============================================================= 09/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share man ~ man4/man4.octeon/Makefile + man4/man4.octeon/octmmc.4 > Add octmmc(4). (visa@) ~ man4/man4.octeon/octmmc.4 > tweak previous; (jmc@) - man4/pim.4 ~ man4/Makefile ~ man4/multicast.4 > Remove PIM support from the multicast stack. > ok mpi@ (rzalamena@) mk ~ bsd.own.mk > Introduce a list of architectures that use clang as compiler. The > first arch on that list is aarch64. > ok kettenis@ (patrick@) == sys =============================================================== 10/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys arch/amd64/amd64 ~ acpi_wakecode.S ~ mptramp.S > Generating mixed 16-bit/32-bit/64-bit code with clang's integrated > assembler is a bit tricky. It supports the .code16, .code32 and > .code64 directives. But it doesn't know about the data16/data32 and > addr16/addr32 instruction prefixes. Instead it tries to determine > those from the instruction opcode. It mostly succeeds, but there are > a couple of corner cases where clang will generate the "addr32" form > where gas generates the "addr16" form in .code16 segments. That > should be no problem (and just waste a couple of bytes), but it makes > comparing the generated code a bit difficult. > Allow the trampoline code to be compiled with both. For clang #define > away the addr32 prefix and avoid using the data32 prefix by using a > mnemonic that explicitly encodes the size of the operand. Add a few > addr32 prefixes in .code16 blocks to reduce the differences between > code generated by clang and gas. > ok patrick@, deraadt@, mlarkin@ (kettenis@) ~ vmm_support.S > Fix operand of pushq instruction; clang's integrated assembler is less > forgiving than gas and insists that we use a 64-bit integer. No binary > change. > ok mlarkin@ (kettenis@) arch/amd64/stand/efiboot ~ efidev.c > The efi disk i/o to read sectors properly when the sector size is not > 512. The problem actually had happened on macbookair7,1. reported > and tested by gonzalo@. (yasuoka@) ~ efidev.c > Convert the sector number in the patition table to the sector number > in 512 byte blocks. This fixes efiboot to read disklabel on 4K sector > size disk properly. tested by gonzalo@ (yasuoka@) ~ efidev.c > The unit of the parition offset in disklabel is number of sectors in the > sector size, not in 512 byte blocks. tested by gonzalo. (yasuoka@) arch/amd64/stand/libsa ~ softraid_amd64.c > Make the boot programs support booting from softraid on 4K byte sector > disks. > test gonzalo > ok tom krw jsing (yasuoka@) arch/arm/cortex ~ ampintc.c > The code to retrieve the interrupt ID only works if the amount of IRQs > supported by the controller is not too big. Otherwise the mask will be > wrong and the calculated IRQ as well. Split the dynamic mask into two > pieces. First of all use a static mask to remove the bits we don't want > to look at. Then we use that value to check for spurious or false IRQs. > ok jsg@ (patrick@) ~ ampintc.c > Match on "arm,gic-400" another GICv2 compat string. > ok patrick@ kettenis@ (jsg@) arch/arm64/arm64 ~ locore.S ~ support.S > Adjust OpenBSD/arm64 files with FreeBSD origin to show the upstream > revision. While there, update a few of those files. > Prompted by mikeb@. (patrick@) ~ exception.S ~ trap.c > Adjust OpenBSD/arm64 files with FreeBSD origin to show the upstream > revision. > Prompted by mikeb@. (patrick@) - arm64_a4x_iobus.c - arm64_iobus.c > Consolidate bus space tags into generic bus space code. Especially > considering we don't have a separate iobus and the a4x iobus wasn't > even compiled it does not make sense to declare those in iobus. > Improves code readability as well. (patrick@) ~ sig_machdep.c > Fix an off by one when saving and restoring an array of registers. > ok patrick@ (jsg@) ~ db_trace.c > ansify function declaration; better whitespace (patrick@) ~ pmap.c > remove redundant return statements > ok patrick@ (jsg@) ~ db_trace.c ~ machdep.c > fix uninitialised variable warnings from clang > ok patrick@ (jsg@) ~ pmap.c > Fix debug printf format and arguments. > Found by and input from jsg@ (patrick@) arch/arm64/conf ~ files.arm64 > Consolidate bus space tags into generic bus space code. Especially > considering we don't have a separate iobus and the a4x iobus wasn't > even compiled it does not make sense to declare those in iobus. > Improves code readability as well. (patrick@) ~ Makefile.arm64 > Adjust Makefile to gain improvements that were made in other archs > already. This means for example dropping -Wno-format or adding -g > by default. > Prompted by jsg@ (patrick@) arch/arm64/dev ~ arm64_bus_space.c > Consolidate bus space tags into generic bus space code. Especially > considering we don't have a separate iobus and the a4x iobus wasn't > even compiled it does not make sense to declare those in iobus. > Improves code readability as well. (patrick@) ~ ampintc.c > The code to retrieve the interrupt ID only works if the amount of IRQs > supported by the controller is not too big. Otherwise the mask will be > wrong and the calculated IRQ as well. Split the dynamic mask into two > pieces. First of all use a static mask to remove the bits we don't want > to look at. Then we use that value to check for spurious or false IRQs. > ok jsg@ (patrick@) ~ ampintc.c > Match on "arm,gic-400" another GICv2 compat string. > ok patrick@ kettenis@ (jsg@) arch/arm64/include ~ armreg.h ~ bootconfig.h ~ hypervisor.h ~ vfp.h > Adjust OpenBSD/arm64 files with FreeBSD origin to show the upstream > revision. While there, update a few of those files. > Prompted by mikeb@. (patrick@) ~ _types.h > Update and add wide character support types. (patrick@) arch/arm64/stand/efiboot ~ self_reloc.c ~ start.S > Adjust OpenBSD/arm64 files with FreeBSD origin to show the upstream > revision. While there, update a few of those files. > Prompted by mikeb@. (patrick@) arch/armv7/sunxi ~ sxipio.c ~ sxipio_pins.h ~ sxipiovar.h > Add support for the 2nd sxipio(4) device on the Allwinner H3. (kettenis@) arch/mips64/include ~ cache.h > Add a driver for OCTEON MMC host controller. > Tested on EdgeRouter Pro, and Shasta. > OK mpi@ (visa@) ~ pmap.h ~ vmparam.h > Extend the size of user virtual address space from 2GB to 1TB on mips64 > by adding another level to page directories. This improves ASLR and > complements W^X added earlier on some systems, giving a notable update > to the architecture's security. Besides, there is now more room for > running tasks that hog memory. > Testing help from deraadt@ and fcambus@. > Platforms tested: loongson, octeon, sgi/IP27 and sgi/IP30 > (IP30 also with 4KB pages). (visa@) ~ vmparam.h > Tweaks suggested by miod@ (visa@) arch/mips64/mips64 ~ cache_octeon.c > Add a driver for OCTEON MMC host controller. > Tested on EdgeRouter Pro, and Shasta. > OK mpi@ (visa@) ~ exception_tfp.S ~ genassym.cf ~ pmap.c ~ r4000_errata.c ~ tlbhandler.S > Extend the size of user virtual address space from 2GB to 1TB on mips64 > by adding another level to page directories. This improves ASLR and > complements W^X added earlier on some systems, giving a notable update > to the architecture's security. Besides, there is now more room for > running tasks that hog memory. > Testing help from deraadt@ and fcambus@. > Platforms tested: loongson, octeon, sgi/IP27 and sgi/IP30 > (IP30 also with 4KB pages). (visa@) ~ pmap.c > Tweaks suggested by miod@ (visa@) arch/octeon/conf ~ GENERIC ~ RAMDISK ~ files.octeon > Add a driver for OCTEON MMC host controller. > Tested on EdgeRouter Pro, and Shasta. > OK mpi@ (visa@) arch/octeon/dev + octmmc.c + octmmcreg.h > Add a driver for OCTEON MMC host controller. > Tested on EdgeRouter Pro, and Shasta. > OK mpi@ (visa@) arch/powerpc/powerpc ~ trap.c > fix an uninitialised variable on altivec assist trap > ok krw@ kettenis@ (jsg@) arch/sparc64/dev ~ cbus.c ~ pyro.c ~ vpci.c > no need to test if an array is non-NULL > ok kettenis@ (jsg@) ~ uperf.c > fix use of uninitialised variables > ok kettenis@ (jsg@) arch/sparc64/sparc64 ~ trap.c > fix use of uninitialised variables > ok kettenis@ (jsg@) conf ~ GENERIC > Remove PIM support from the multicast stack. > ok mpi@ (rzalamena@) dev ~ audio.c > Fix many typos. From Michael W. Bombardieri <mb at ii.net>. Thanks > (ratchov@) ~ midi.c > In midiread() and midiwrite(), add a second goto label to > factor calls to mtx_leave() before returning. From Michael > W. Bombardieri <mb at ii.net>. Thanks! (ratchov@) ~ softraidvar.h > Make the boot programs support booting from softraid on 4K byte sector > disks. > test gonzalo > ok tom krw jsing (yasuoka@) dev/acpi ~ dsdt.c > Remove comparison of array which is always non-NULL. Fixes clang warning. > ok jca@ (a while back) (kettenis@) ~ acpials.c > Add missing sentinel. > ok deraadt@ (kettenis@) dev/ic ~ ar5xxx.h ~ athnreg.h > Add cast to mask and shift macros to silence warnings generated by clang. > ok millert@ (kettenis@) ~ ar5xxx.h > Define HAL_OPCODE using enum ieee80211_opmode to prevent clang from warning > about an implicit enum conversion. > ok stsp@ (kettenis@) dev/microcode ~ bnx/build.c ~ cirruslogic/build.c ~ fxp/build.c ~ kue/build.c ~ tusb3410/build.c ~ typhoon/build.c ~ yds/build.c > Use %zu/%d to print size_t/ssize_t. Cast recno_t (a.k.a. u_int32_t) > to (unsigned long) to match %lu formats. Makes gcc happier and > quieter. > ok deraadt@ (krw@) dev/pci ~ if_iwm.c ~ if_iwn.c > While copying out channel flags to userspace, omit the HT channel flag if > we're not in 11n mode. This will allow tcpdump to show the mode correctly. > ok mpi@ (stsp@) ~ fms.c > Set free(9) size argument. From Michael W. Bombardieri <mb at ii.net>. > Thanks. (ratchov@) ~ auglx.c ~ autri.c ~ auvia.c > Simplify the activate() functions of auglx(4), autri(4), and > auvia(4). From Michael W. Bombardieri <mb at ii.net>. Thanks. (ratchov@) ~ drm/radeon/rs690.c ~ drm/radeon/rv515.c > Fix compiler warnings generated by clang. This matches upstream commit > 1cd73ff70d13a22faa95db8323382dd6d036554e by Alex Deucher, whose commit > message makes me suspect that Brad Smith mailed us a diff back in 2013 > that we ignored. > ok jsg@ (kettenis@) ~ if_iwn.c ~ if_wpi.c > Hide static inline functions that are only used in debug code behind the > same > #ifdef as the debug code itself. Prevents clang from warning about these > functions being unused. > ok stsp@, deraadt@ (kettenis@) ~ drm/i915/intel_lvds.c > Put a bit more unused code under #ifdef notyet to prevent a clang warning. > (kettenis@) ~ drm/i915/intel_tv.c > Remove some unused variables that have been removed upstream as well. > Fixes some clang warnings. > ok jsg@ (kettenis@) dev/pv ~ xen.c ~ xenvar.h > Add experimental support for device hot-plugging > We're installing watches on all nodes under "device/" and re-scan > the subtree every time the watch is triggered looking for changes > in the output. Tested with xnf(4) and xbf(4), helpful hints from > Roger Pau Monne, thanks! (mikeb@) ~ if_xnf.c > Implement interface detaching (mikeb@) ~ xen.c ~ xenvar.h > Remove the rwlock paranoia since we're under KERNEL_LOCK anyway (mikeb@) ~ xbf.c > Implement disk detaching (mikeb@) dev/usb ~ umidi.c > Group identical close_in_jack() and close_out_jack() into a single > routine. From Michael W. Bombardieri <mb at ii.net>. Thanks! (ratchov@) kern ~ kern_xxx.c > Include sys/proc.h when compiled with SYSCALL_DEBUG to get access to > struct proc. Also bump the printf of "code" to %ld and remove a few > casts to long as register_t is always long. > ok kettenis@ (patrick@) ~ sys_socket.c ~ uipc_socket.c ~ uipc_socket2.c ~ uipc_syscalls.c ~ uipc_usrreq.c > Introduce the NET_LOCK() a rwlock used to serialize accesses to the parts > of the network stack that are not yet ready to be executed in parallel or > where new sleeping points are not possible. > This first pass replace all the entry points leading to ip_output(). This > is done to not introduce new sleeping points when trying to acquire ART's > write lock, needed when a new L2 entry is created via the RT_RESOLVE. > Inputs from and ok bluhm@, ok dlg@ (mpi@) ~ uipc_domain.c > A NET_LOCK() was is missing in tcp_sysctl() which shows up as spl > softnet assert failures. It is better to place the lock into > net_sysctl() where all the protocol sysctls are called via pr_sysctl. > As calling sysctl(2) is in the slow path, doing fine grained locking > has no benefit. Many sysctl cases copy out a struct. Having a > lock around that keeps the struct consistent. Put assertions in > the protocol sysctls that need it. > OK mpi@ (bluhm@) ~ uipc_domain.c ~ uipc_socket.c > Grab the NET_LOCK() in so{s,g}etopt(), pffasttimo() and pfslowtimo(). > ok rzalamena@, bluhm@ (mpi@) ~ uipc_usrreq.c > Work around a NET_LOCK() recursion seen during NFS netboot: > sosend <- NET_LOCK() > nfs_send > nfs_request > nfs_lookup > VOP_LOOKUP > vfs_lookup > namei > unp_connect > uipc_usrreq > soconnect <- NET_LOCK() > sys_connect > OK bluhm@ mpi@ (visa@) ~ uipc_usrreq.c > Revert workaround for NFS boot, it triggers the following assert: > swakeup > sowakeup > sowwakeup > unp_connect2 > unp_connect > uipc_usrreq > soconnect > sys_connect > reported by stsp@, tb@ and RT Thrush (mpi@) ~ uipc_usrreq.c > Release the NET_LOCK() before namei(9) as a workaround to let NFS boot > work without assert. > ok visa@, bluhm@ (mpi@) miscfs/fifofs ~ fifo_vnops.c > Introduce the NET_LOCK() a rwlock used to serialize accesses to the parts > of the network stack that are not yet ready to be executed in parallel or > where new sleeping points are not possible. > This first pass replace all the entry points leading to ip_output(). This > is done to not introduce new sleeping points when trying to acquire ART's > write lock, needed when a new L2 entry is created via the RT_RESOLVE. > Inputs from and ok bluhm@, ok dlg@ (mpi@) net ~ if.c ~ if_spppsubr.c ~ raw_usrreq.c ~ route.c ~ rtsock.c > Introduce the NET_LOCK() a rwlock used to serialize accesses to the parts > of the network stack that are not yet ready to be executed in parallel or > where new sleeping points are not possible. > This first pass replace all the entry points leading to ip_output(). This > is done to not introduce new sleeping points when trying to acquire ART's > write lock, needed when a new L2 entry is created via the RT_RESOLVE. > Inputs from and ok bluhm@, ok dlg@ (mpi@) ~ if_pfsync.c > Timer sending packets need to grab the NET_LOCK(). > ok bluhm@ (mpi@) ~ if_bridge.c > Assert that IPL_SOFTNET is needed rather than calling splsoftnet() > recursively. > ok bluhm@ (mpi@) ~ if_gre.c > Sending keep alive ends up in ip_output(), so it needs the NET_LOCK(). > ok bluhm@ (mpi@) ~ pipex.c > Kill useless comment about splsoftnet() which is going away. (mpi@) ~ ppp_tty.c > Stop mentioning splsoftnet() in comments, it's almost history. (mpi@) ~ if_mpe.c ~ if_mpw.c > Kill recursive splsoftnet()/splx() dances in ioctl(2) path. > ok rzalamena@ (mpi@) ~ if_pflow.c > Release the NET_LOCK() before calling any socket function since it is > not recursive. > This is temporary until all recursions are found and can be addressed > in a correct way. > With inputs from bluhm@ (mpi@) ~ rtsock.c > A NET_LOCK() was is missing in tcp_sysctl() which shows up as spl > softnet assert failures. It is better to place the lock into > net_sysctl() where all the protocol sysctls are called via pr_sysctl. > As calling sysctl(2) is in the slow path, doing fine grained locking > has no benefit. Many sysctl cases copy out a struct. Having a > lock around that keeps the struct consistent. Put assertions in > the protocol sysctls that need it. > OK mpi@ (bluhm@) ~ if.c > Grab the netlock during interface attach and detach. > With help from and OK mpi. (mikeb@) ~ if.c > Generate an IFINFO message when changing the MTU of an interface. > Helps route(4) listeners to refresh their knowledge of the MTU of > interfaces. Prompted by a diff for ospfd(8) by Remi Locherer, ok claudio@ > (jca@) ~ if_pflow.c > Remove the netlock workaround since if_detach is doing it for us now. > ok mpi, bluhm (mikeb@) ~ if_tun.c > Grab the netlock when opened and closed; ok mpi, rzalamena (mikeb@) ~ switchctl.c > Grab the netlock when device is opened; ok mpi, rzalamena (mikeb@) ~ if_switch.c ~ switchofp.c > Validate the OFP header to make sure it always have a sane size, also > make sure to not accept anything else outside of the header size > boundaries. > ok reyk@ (rzalamena@) ~ pf.c > Fix white spaces. No binary change. (bluhm@) ~ pf.c > Replace function names with __func__ in debug prints to make grep > happy. (bluhm@) net80211 ~ ieee80211_crypto_tkip.c > Set the maximum TKIP countermeasure timeout to 90 seconds instead of 120. > Waiting more time does not buy us anything and makes a denial of service > a tiny bit easier. > Suggested by Mathy Vanhoef. (stsp@) ~ ieee80211_ioctl.c > While copying out channel flags to userspace, omit the HT channel flag if > we're not in 11n mode. This will allow tcpdump to show the mode correctly. > ok mpi@ (stsp@) ~ ieee80211_crypto.c ~ ieee80211_ioctl.c > Disable TKIP (WPA1) by default. > It is time for this legacy of WEP to die (remember WEP?). > The 802.11-2012 standard says: > The use of TKIP is deprecated. The TKIP algorithm is unsuitable for > the purposes of this standard. > TKIP has numerous problems. One of which is that TKIP allows a denial of > service attack which can be triggered by any client. Report 2 Michael MIC > failures to a TKIP AP to trigger "TKIP countermeasures". The AP is now > required by the 802.11 standard to lock everyone out for at least 60 > seconds. > The network will remain unusable for as long as such MIC failure reports > are sent twice per minute. > TKIP remains available for interoperability purposes, for now. > It must be enabled manually with ifconfig(8). > Prompted by discussion with Mathy Vanhoef. > ok deraadt@ sthen@ reyk@ (stsp@) netinet ~ if_ether.c ~ ip_carp.c ~ ip_divert.c ~ ip_icmp.c ~ ip_input.c ~ ip_ipsp.c ~ ip_output.c ~ raw_ip.c ~ tcp_input.c ~ tcp_timer.c ~ tcp_usrreq.c ~ udp_usrreq.c > Introduce the NET_LOCK() a rwlock used to serialize accesses to the parts > of the network stack that are not yet ready to be executed in parallel or > where new sleeping points are not possible. > This first pass replace all the entry points leading to ip_output(). This > is done to not introduce new sleeping points when trying to acquire ART's > write lock, needed when a new L2 entry is created via the RT_RESOLVE. > Inputs from and ok bluhm@, ok dlg@ (mpi@) ~ igmp.c ~ ip_input.c ~ ip_mroute.c ~ ip_mroute.h ~ ip_output.c ~ ip_var.h ~ raw_ip.c > Extend the multicast sockets and multicast hash table support to multiple > domains. This is one step towards supporting to run more than one multicast > socket in different domains at the same time. > ok mpi@ (rzalamena@) ~ in.c > If rt_ifa_addlocal() in in_ifinit() fails, the address has been > added to the interface address list, but the local route is missing. > This inconsistency could result in a "ifa == rt->rt_ifa" assertion > panic later. So in case of a route add error, remove the interface > address to get a consistent state again. > OK stsp@ mpi@ (bluhm@) ~ in.c > Remove a recursive splsoftnet() in in_ioctl() that already asserts that > it is called at IPL_SOFTNET. (mpi@) ~ ip_mroute.c ~ ip_mroute.h > Kill unused function. > ok mpi@ (rzalamena@) ~ udp_usrreq.c > Remove redundant splsoftnet(). > ok bluhm@ (mpi@) ~ ip_mroute.c ~ ip_mroute.h > Remove unused timeout that was never being set. > ok reyk@ (rzalamena@) ~ tcp_subr.c > No need for splsoftnet()/splx() dance around a pool_put() if the pool > has IPL_SOFTNET as ipl. > ok mikeb@, kettenis@ (mpi@) ~ ip_mroute.c > Call the multicast timer callback per domain instead of for all domains > this way we save doing big tables walk and iterating tables that we don't > need to. > ok mpi@ (rzalamena@) ~ in.c > Remove duplicate in_ioctl() prototype, it is in in_var.h now. (bluhm@) ~ tcp_usrreq.c > Kill recursive splsoftnet()/splx() in tcp_ctloutput(). > ok mikeb@, bluhm@ (mpi@) ~ ip_carp.c > Prevent grabing the NET_LOCK() twice in the ioctl(2) and input path. > While here remove two redundant splsoftnet()/splx() dances. > inputs and ok bluhm@ (mpi@) ~ ip_icmp.c ~ ip_input.c ~ tcp_usrreq.c > A NET_LOCK() was is missing in tcp_sysctl() which shows up as spl > softnet assert failures. It is better to place the lock into > net_sysctl() where all the protocol sysctls are called via pr_sysctl. > As calling sysctl(2) is in the slow path, doing fine grained locking > has no benefit. Many sysctl cases copy out a struct. Having a > lock around that keeps the struct consistent. Put assertions in > the protocol sysctls that need it. > OK mpi@ (bluhm@) ~ ip_mroute.c > Fix PIM compilation even though it is disabled. > ok bluhm@ (rzalamena@) ~ ip_mroute.c > Fix build without PIM defined. (mpi@) - pim.h - pim_var.h ~ in.h ~ in_proto.c ~ ip_mroute.c ~ ip_mroute.h > Remove PIM support from the multicast stack. > ok mpi@ (rzalamena@) ~ ip_ah.c ~ ip_esp.c ~ ip_ipcomp.c > Grab the NET_LOCK() before calling ipsp_process_done() as it ends up > in ip_output(). > Found the hardway by and ok kettenis@ (mpi@) netinet6 ~ icmp6.c ~ ip6_divert.c ~ ip6_input.c ~ nd6.c ~ raw_ip6.c > Introduce the NET_LOCK() a rwlock used to serialize accesses to the parts > of the network stack that are not yet ready to be executed in parallel or > where new sleeping points are not possible. > This first pass replace all the entry points leading to ip_output(). This > is done to not introduce new sleeping points when trying to acquire ART's > write lock, needed when a new L2 entry is created via the RT_RESOLVE. > Inputs from and ok bluhm@, ok dlg@ (mpi@) ~ udp6_output.c > Remove redundant splsoftnet(). > ok bluhm@ (mpi@) ~ ip6_input.c ~ nd6.c > A NET_LOCK() was is missing in tcp_sysctl() which shows up as spl > softnet assert failures. It is better to place the lock into > net_sysctl() where all the protocol sysctls are called via pr_sysctl. > As calling sysctl(2) is in the slow path, doing fine grained locking > has no benefit. Many sysctl cases copy out a struct. Having a > lock around that keeps the struct consistent. Put assertions in > the protocol sysctls that need it. > OK mpi@ (bluhm@) ~ in6.c > Remove recursive splsoftnet() from the ioctl(2) path. > ok bluhm@ (mpi@) ~ mld6.c > Remove recursive splsoftnet(). > ok bluhm@ (mpi@) ~ nd6_nbr.c > Use __func__ in debug log to reduce noise when grepping. (mpi@) - pim6.h - pim6_var.h ~ in6.h ~ in6_proto.c ~ ip6_mroute.c ~ ip6_mroute.h ~ raw_ip6.c > Remove PIM support from the multicast stack. > ok mpi@ (rzalamena@) ~ nd6.c ~ nd6_nbr.c ~ nd6_rtr.c > Remove all splsoftnet() from ND6 converting the non-recrusive ones to > NET_LOCK(). > ok bluhm@ (mpi@) ~ nd6.c > Do not call timeout_set(9) multiple times for nd6_slowtimo(), especially > whem timeout_set_proc(9) is what we need. > Found the hardway by and ok visa@, ok mikeb@, bluhm@ (mpi@) nfs ~ nfs_boot.c ~ nfs_socket.c > Introduce the NET_LOCK() a rwlock used to serialize accesses to the parts > of the network stack that are not yet ready to be executed in parallel or > where new sleeping points are not possible. > This first pass replace all the entry points leading to ip_output(). This > is done to not introduce new sleeping points when trying to acquire ART's > write lock, needed when a new L2 entry is created via the RT_RESOLVE. > Inputs from and ok bluhm@, ok dlg@ (mpi@) sys ~ socketvar.h ~ systm.h > Introduce the NET_LOCK() a rwlock used to serialize accesses to the parts > of the network stack that are not yet ready to be executed in parallel or > where new sleeping points are not possible. > This first pass replace all the entry points leading to ip_output(). This > is done to not introduce new sleeping points when trying to acquire ART's > write lock, needed when a new L2 entry is created via the RT_RESOLVE. > Inputs from and ok bluhm@, ok dlg@ (mpi@) ~ percpu.h > Put a write memory barrier into counters_enter(). This ensures > that the generation number increment is written before the function > returns and anything else is written. > OK patrick@ mpi@ dlg@ (bluhm@) == usr.bin =========================================================== 11/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin ftp ~ ftp.1 ~ main.c > add muststaple option so that oscp stapling can be required for sites you > expect to provide it. > ok jsing@ (beck@) ~ ftp.1 > missing full stop; (jmc@) ~ fetch.c > Correctly handle tls_read()/tls_write(). > In one tls_read() case, we failed to check for WANT_{POLLIN,POLLOUT}, so > fix that. In the same tls_read() case and the tls_write() case we fail to > handle errors correctly, which means that error is not reported and can be > lost by a futher libtls call. > ok beck@ jca@ (jsing@) gprof ~ printgprof.c > Simply some for() loops to eliminate "computed, not used" warnings. > Also makes the code much easier to understand. > ok tom@ ok millert@ pirofti@ on earlier version. (krw@) lex ~ filter.c > Nuke more unused variables. > ok millert@ (krw@) ~ main.c > Add some {}'s to eliminate "ambiguous else" warnings from gcc. > ok tb@ millert@ (krw@) libtool ~ LT/UList.pm ~ LT/Mode/Link.pm > Teach libtool how to deal with both -lestdc++ and -lstdc++ in command line. > This helps to avoid linking both libraries, making -lestdc++ the only one > there. The concrete example would be print/poppler port after Qt5 update, > which is coming right now. > This hack would go away together with libestdc++... > Kind support on all the way by aja@, thanks! (zhuk@) netstat ~ inet.c ~ inet6.c ~ main.c ~ mroute6.c > Remove PIM support from the multicast stack. > ok mpi@ (rzalamena@) rpcgen ~ rpc_cout.c > Tweak generated .c output so switch statements always have a > 'default:' case. > Several hundred "not handled" warnings go away. > ok deraadt@ (krw@) ~ rpc_cout.c ~ rpc_hout.c > Add 'default:' cases to switch statements that gcc whines about. > ok jung@ (krw@) ~ rpc_cout.c > Avoid "unused variable 'i'" warnings in generated .c files by only emitting > the "int i;" for non-opaque arrays. Opaque arrays use xdr_opaque() rather > than iterating over the array. > Eliminates another couple of dozen warnings from snap build output. > ok deraadt@ millert@ (krw@) ssh ~ version.h > openssh-7.4 (djm@) systat ~ pftop.c > increase width of interface column in the pf rules view by 2 chars, so that > 'vetherXY' fits > ok deraadt@ mpi@ (jasper@) ~ vmstat.c > Remove statements that have no effect from X(), Y() and Z() #define's. > Leftovers from the re-engining of systat eight years ago. Makes gcc > quieter. > ok otto@ deraadt@ (krw@) vi ~ cl/cl_term.c ~ vi/vs_msg.c > Nuke more unused variables. > ok millert@ (krw@) ~ common/msg.c > Use %zu/%d to print size_t/ssize_t. Cast recno_t (a.k.a. u_int32_t) > to (unsigned long) to match %lu formats. Makes gcc happier and > quieter. > ok deraadt@ (krw@) == usr.sbin ========================================================== 12/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin amd ~ amq/amq.c > Add 'default:' cases to switch statements that gcc whines about. > ok jung@ (krw@) ~ rpcx/nfs_prot_xdr.c > Regenerate with -current rpcgen, eliminating "unused variable 'i'" > warning. > ok millert@ (krw@) bgpd ~ session.c > Correct logic, make it the same as in the other mrt_dump_bgp_msg case. > Found while looking for something else. (claudio@) ~ session.c > In parse_header() not all of the bgp message may be in the buffer yet so > move the MRT msg dump to session_process_msg() after the point the full > message is in the read buffer. > Bug found and fix tested by Ian Bobbitt (claudio@) mkuboot ~ mkuboot.c > Add the u-boot arm64 architecture number and map it to "aarch64" to > match OpenBSD/arm64 MACHINE_ARCH. > ok patrick@ (jsg@) mopd ~ mopa.out/mopa.out.c > Add 'default:' cases to switch statements that gcc whines about. > ok jung@ (krw@) ~ common/dl.c > Add some {}'s to eliminate "ambiguous else" warnings from gcc. > ok tb@ millert@ (krw@) mrouted ~ prune.c > Add some {}'s to eliminate "ambiguous else" warnings from gcc. > ok tb@ millert@ (krw@) ospf6ctl ~ ospf6ctl.c > Also print the mtu in detailed interface info. > Copied on the diff from Remi Locherer for ospfctl. ok benno@ claudio@ > (jca@) ospf6d ~ ospfe.c > Don't run the FSM if the interface state hasn't changed. > ok benno@ claudio@ (jca@) ~ kroute.c > Let rde and ospfe know about all IFINFO messages (eg an interface MTU > change). > The parent now passes all IFINFO messages down to the children, then > looks whether he has any work to do. Same idea as ospfd. > ok benno@ claudio@ (jca@) ~ printconf.c > Print metric and type for "redistribute" in ospf6d -v. > Similar diff as for ospfd, from Remi Locherer. ok stsp@ (jca@) ospfd ~ ospfe.c > When receiving an IFINFO message, also update the MTU of the interface > Helps recovering from MTU mismatches. Prompted by a diff from Remi > Locherer, ok claudio@ (jca@) ~ ospfe.c > For IFINFO msgs, don't run the FSM if the interface state hasn't changed. > ok claudio@ (jca@) rarpd ~ rarpd.c > Nuke more unused variables. > ok millert@ (krw@) ripd ~ packet.c > Support p2p links where endpoints aren't in the same subnet. > Diff from Piotr Durlej, similar diff from chris@, ok mpi@ (jca@) sa ~ sa.8 > Explain what the trailing '*' in command names output by sa(8) mean. > Reworked version from deraadt@, final okay from jmc@ (zhuk@) ~ sa.8 > rework the end text somewhat so that the informatiom pertaining to -m > and -u is a) not repeated and b) listed under the respective options > instead of in isolation; (jmc@) switchctl ~ parser.c > Don't convert endianess for flow-mod command field, it is a 8 bit field. > (rzalamena@) switchd ~ ofp.c ~ ofp13.c ~ ofp_common.c ~ ofrelay.c ~ switchd.h > Learn remote switch flow tables properties to find out where to install > the default table-miss flow for OpenFlow 1.3.5. This is enough to make > switchd(8) to work with switch(4) and HP 3800 switch out-of-the-box. > ok reyk@ (rzalamena@) syslogd ~ syslogd.c > When the kernel message buffer overflows, a message is printed by > syslogd(8) and the buffer is overwritten. But after a complete > message buffer was read, we got a split line. This happened as > syslogd did a partial read which ended within a line. To avoid the > latter, syslogd has to reserve space for the kernel message buffer > plus 64 chars for the buffer full message. > OK millert@ (bluhm@) tcpdump ~ print-802_11.c > Make tcpdump show "11n" for a channel which is used in 11n mode. > ok mpi@ (stsp@) ~ print-802_11.c > Remove duplicated lines of code introduced in my previous tcpdump commit. > Noticed by claudio@ (stsp@) trpt ~ trpt.c > Replace the archaic n_time data type with u_int32_t. This also allows the > removal of the <netinet/in_systm.h> include. > ok mpi@ stsp@ (lteo@) =============================================================================== _______________________________________________ owc mailing list [email protected] http://www.squish.net/mailman/listinfo/owc
