OpenBSD src changes summary for 2016-09-18 to 2016-09-25 inclusive ==================================================================
Makefile.cross bin/ed bin/md5 bin/ps distrib/i386 distrib/miniroot distrib/sets distrib/special etc/Makefile etc/acme-client.conf gnu/usr.bin/binutils gnu/usr.bin/binutils-2.17 gnu/usr.bin/clang gnu/usr.bin/cvs gnu/usr.bin/perl include/Makefile include/link_elf.h include/stdlib.h lib lib/libc lib/libcompiler_rt lib/libcrypto lib/libcxx lib/libcxxabi lib/libsqlite3 lib/libssl lib/libtls lib/libunwind libexec/ld.so regress/bin regress/gnu regress/lib regress/sys regress/usr.bin regress/usr.sbin sbin/bioctl sbin/disklabel sbin/ping sbin/route sbin/sysctl share/man share/misc share/mk share/snmp share/termtypes sys/arch/alpha/alpha sys/arch/alpha/conf sys/arch/amd64/amd64 sys/arch/amd64/conf sys/arch/amd64/stand/boot sys/arch/amd64/stand/cdboot sys/arch/amd64/stand/efiboot sys/arch/amd64/stand/libsa sys/arch/amd64/stand/pxeboot sys/arch/arm/arm sys/arch/arm/conf sys/arch/arm/cortex sys/arch/arm/include sys/arch/arm/simplebus sys/arch/armv7/armv7 sys/arch/armv7/conf sys/arch/armv7/imx sys/arch/armv7/stand/efiboot sys/arch/hppa/conf sys/arch/hppa/gsc sys/arch/hppa/hppa sys/arch/i386/conf sys/arch/i386/i386 sys/arch/i386/isa sys/arch/i386/stand/boot sys/arch/i386/stand/cdboot sys/arch/i386/stand/libsa sys/arch/i386/stand/pxeboot sys/arch/landisk/conf sys/arch/loongson/conf sys/arch/luna88k/cbus sys/arch/m88k/m88k sys/arch/macppc/conf sys/arch/macppc/dev sys/arch/macppc/macppc sys/arch/mips64/mips64 sys/arch/octeon/conf sys/arch/sgi/conf sys/arch/sgi/dev sys/arch/sh/sh sys/arch/socppc/conf sys/arch/socppc/socppc sys/arch/sparc64/conf sys/arch/sparc64/dev sys/arch/sparc64/include sys/arch/sparc64/sparc64 sys/arch/sparc64/stand/ofwboot sys/conf sys/crypto sys/ddb sys/dev sys/dev/acpi sys/dev/i2c sys/dev/ic sys/dev/isa sys/dev/pci sys/dev/pv sys/dev/sbus sys/dev/tc sys/dev/usb sys/isofs/udf sys/kern sys/lib/libkern sys/lib/libsa sys/miscfs/fifofs sys/net sys/net80211 sys/netinet sys/netinet6 sys/nfs sys/ntfs sys/sys sys/tmpfs sys/uvm usr.bin usr.bin/aucat usr.bin/gprof usr.bin/mandoc usr.bin/openssl usr.bin/renice usr.bin/signify usr.bin/sqlite3 usr.bin/ssh usr.bin/tcpbench usr.bin/yacc usr.sbin/acme-client usr.sbin/acpidump usr.sbin/kgmon usr.sbin/npppd usr.sbin/procmap usr.sbin/pstat usr.sbin/radiusd usr.sbin/relayd usr.sbin/rtadvd usr.sbin/snmpd usr.sbin/switchd usr.sbin/syslogd usr.sbin/sysmerge usr.sbin/tftp-proxy usr.sbin/traceroute usr.sbin/trpt usr.sbin/ypserv == Makefile.cross ==================================================== 01/14 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/Makefile.cross Makefile.cross > Unhook sqlite3. (sthen@) == bin =============================================================== 02/14 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/bin ed ~ ed.1 > remove the note about the list command (l) displaying a --More-- > prompt for huge lines (according to otto this happens only when > BACKWARDS is not defined); > ok otto (jmc@) md5 ~ md5.1 > sync the description of -q with that of cksum.1; > from bytevolcano > ok millert (jmc@) ps ~ ps.1 ~ ps.c > Attempt to use stdout, stderr, or stdin terminal widths if they exist. > This behavior already existed but was unintentionally lost in revision > 1.70 of ps.c. > ok millert@ tb@ (bentley@) == distrib =========================================================== 03/14 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib i386 ~ common/Makefile.inc ~ ramdisk/Makefile > Switch the i386 floppy ramdisk to fdboot(8), now that it works correctly. > This will avoid overflow caused by upcoming changes to boot(8). > ok deraadt@ (jsing@) miniroot ~ install.sub > vi is not available on the install media. > Besides ... real men use ed! > OK krw halex deraadt (rpe@) ~ install.sub > The tape install method is gone for a while already. > Remove leftovers. > OK krw halex deraadt (rpe@) ~ install.sub > Tweak addel(), rmel() and bsort() to not emit a leading/trailing blank. > OK tb krw (rpe@) ~ install.sub > Tweak/add comments. > with input from and OK tb > OK halex krw (rpe@) sets ~ lists/base/md.alpha ~ lists/base/md.amd64 ~ lists/base/md.armv7 ~ lists/base/md.hppa ~ lists/base/md.i386 ~ lists/base/md.landisk ~ lists/base/md.loongson ~ lists/base/md.luna88k ~ lists/base/md.macppc ~ lists/base/md.octeon ~ lists/base/md.sgi ~ lists/base/md.socppc ~ lists/base/md.sparc64 ~ lists/base/mi ~ lists/comp/mi > sync (deraadt@) ~ lists/man/mi > sync (deraadt@) ~ lists/etc/mi ~ lists/man/mi > sync (deraadt@) - lists/etc/md.mvmeppc - lists/game/md.mvmeppc - lists/man/md.mvmeppc > Remove some mvmeppc leftovers. > ok deraadt@ (visa@) ~ lists/base/md.alpha ~ lists/base/md.amd64 ~ lists/base/md.armv7 ~ lists/base/md.hppa ~ lists/base/md.i386 ~ lists/base/md.landisk ~ lists/base/md.loongson ~ lists/base/md.luna88k ~ lists/base/md.macppc ~ lists/base/md.octeon ~ lists/base/md.sgi ~ lists/base/md.socppc ~ lists/base/md.sparc64 ~ lists/comp/mi > sync (deraadt@) ~ lists/base/md.alpha ~ lists/base/md.amd64 ~ lists/base/md.armv7 ~ lists/base/md.hppa ~ lists/base/md.i386 ~ lists/base/md.landisk ~ lists/base/md.loongson ~ lists/base/md.luna88k ~ lists/base/md.macppc ~ lists/base/md.octeon ~ lists/base/md.sgi ~ lists/base/md.socppc ~ lists/base/md.sparc64 ~ lists/base/mi ~ lists/comp/mi ~ lists/man/mi > sync (sthen@) ~ Makefile > Fix /usr/lib/locate/src.db owner for noperm release builds. > ok millert tb (natano@) special ~ route/Makefile > build the ramdisk version of route(8) with SMALL > OK deraadt@ (phessler@) == etc =============================================================== 04/14 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/etc Makefile ~ Makefile > add a config file parser to acme-client (unused at the moment, so that > it can be worked on in the tree). > ok florian@ deraadt@ (benno@) ~ Makefile > fix build (deraadt@) acme-client.conf + acme-client.conf > add a config file parser to acme-client (unused at the moment, so that > it can be worked on in the tree). > ok florian@ deraadt@ (benno@) ~ acme-client.conf > the account key(s) live in /etc/acme; OK benno@ (florian@) == gnu =============================================================== 05/14 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/gnu usr.bin/binutils ~ Makefile.bsd-wrapper > Use ${INSTALL} instead of install, like in all the other Makefile's. > ok guenther (natano@) usr.bin/binutils-2.17 ~ Makefile.bsd-wrapper > Use ${INSTALL} instead of install, like in all the other Makefile's. > ok guenther (natano@) ~ bfd/bfd-in2.h ~ bfd/elf32-arm.c ~ bfd/libbfd.h ~ bfd/reloc.c > Support a few more relocations, most notably R_ARM_MOVW_ABS_NC and > R_ARM_MOVT_ABS that clang creates in its default configuration. > From FreeBSD. > ok jsg@ (kettenis@) usr.bin/clang ~ Makefile.inc > On arm, set the "triple" to armv7-unknown-openbsdX.Y-gnueabi. This makes > the > compiler generate code for armv7 by default (giving us proper atomic > operations) and selects the right default ABI. > ok patrick@, tom@ (kettenis@) + include/llvm/PowerPC/Makefile + libLLVMPowerPCAsmParser/Makefile + libLLVMPowerPCAsmPrinter/Makefile + libLLVMPowerPCCodeGen/Makefile + libLLVMPowerPCDesc/Makefile + libLLVMPowerPCDisassembler/Makefile + libLLVMPowerPCInfo/Makefile > Add PowerPC backend build infrastructure. > ok kettenis@ (pascal@) usr.bin/cvs ~ Makefile.bsd-wrapper ~ mkinstalldirs ~ contrib/Makefile.in > Set correct owner for installed files. One step closer to noperm > builds. > initial diff and ok millert (natano@) ~ Makefile.bsd-wrapper ~ mkinstalldirs ~ contrib/Makefile.in > Revert previous, I didn't intend to commit this (yet). (natano@) usr.bin/perl ~ Makefile.bsd-wrapper ~ install_lib.pl ~ installperl > Set correct owner for installed files. One step closer to noperm > builds. > initial diff and ok millert (natano@) ~ configpm ~ installperl > Build install Config_heavy.pl during build not install > Needed for noperm builds > OK natano@ (afresh1@) == include =========================================================== 06/14 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/include Makefile ~ Makefile > Unhook sqlite3. (sthen@) link_elf.h ~ link_elf.h > Add dl_unwind_find_exidx prototype. > ok guenther@ (kettenis@) stdlib.h ~ stdlib.h > Remove duplicated includes in stdlib.h and termios.h > OK guenther@ (fcambus@) == lib =============================================================== 07/14 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib lib + check_sym > Add check_sym, a utility for checking shared libraries for symbol changes > that may require version bumps...or fixing. Details in comments at the > top of the script. > ok mpi@ millert@ deraadt@ (guenther@) ~ check_sym > Add $OpenBSD tag (guenther@) ~ check_sym > Add copyright (guenther@) ~ check_sym > Simplify mips64 GOTSYM bits to eliminate a couple temp files > Remove extra file truncation that the at-start bits rendered superfluous > (guenther@) ~ Makefile > Unhook sqlite3. (sthen@) libc ~ arch/arm/dlfcn/exidx.c > unbreak the build by including stddef.h for the definition of NULL > fix suggested by and ok guenther@ (jsg@) ~ arch/arm/string/ffs.S > Use unified syntax such that this compiles with both gcc and clang. > ok jsg@ (kettenis@) ~ stdlib/malloc.c > move page junking tp unmap(), right before we stick the region in the > cache; > ok tedu@ (otto@) ~ time/localtime.c > gmtime_r() should return NULL on failure, not the struct tm * result > parameter that was passed in. From Carlin Bingham. (millert@) ~ db/hash/hash.c ~ db/recno/rec_close.c ~ db/recno/rec_open.c ~ gdtoa/misc.c ~ gen/fts.c ~ gen/getcap.c ~ gen/nlist.c ~ gen/opendir.c ~ gmon/gmon.c ~ net/ethers.c ~ net/freeaddrinfo.c ~ net/inet_ntop.c ~ net/rthdr.c ~ nls/catopen.c ~ regex/engine.c ~ regex/regcomp.c ~ rpc/xdr_rec.c ~ stdio/fgetln.c ~ stdio/fgets.c ~ stdio/fopen.c ~ stdio/fread.c ~ stdio/freopen.c ~ stdio/fsetpos.c ~ stdio/fvwrite.c ~ stdio/getdelim.c ~ stdio/getw.c ~ stdio/setbuffer.c ~ stdio/setvbuf.c ~ stdio/stdio.c ~ stdio/ungetc.c ~ stdio/vfscanf.c ~ stdlib/malloc.c ~ stdlib/setenv.c ~ time/strftime.c ~ hash/helper.c > Delete casts to off_t and size_t that are implied by assignments > or prototypes. Ditto for some of the char* and void* casts too. > verified no change to instructions on ILP32 (i386) and LP64 (amd64) > ok natano@ abluhm@ deraadt@ millert@ (guenther@) ~ gen/sysctl.3 > no more KERN_ARND; ok deraadt (jmc@) ~ arch/m88k/DEFS.h ~ arch/m88k/SYS.h ~ arch/m88k/sys/cerror.S > Simplify __cerror now that %r27 is always the TCB pointer. > Don't need a PLT relocation for __cerror. > Move macros for doing internal aliases in ASM from SYS.h to DEFS.h > __cerror tweaks by Miod Vallat, testing by aoyama@ (guenther@) ~ arch/m88k/Symbols.list > m88k switched to RELRO (guenther@) ~ arch/m88k/gen/_setjmp.S ~ arch/m88k/gen/setjmp.S ~ arch/m88k/gen/sigsetjmp.S > Switch from calling obsolete sig{block,setmask} to directly using the > sigprocmask syscall. > abort() can't return, so simplify the call, and use the internal name to > avoid the PLT. > no-return observation by Miod Vallat, testing by aoyama@ (guenther@) ~ rpc/svc_auth.c > s/alloctaed/allocated/ in comment (guenther@) ~ gen/getnetgrent.c > Fix matching when all of user, host and domain are specified. > OK guenther@ (millert@) libcompiler_rt ~ Makefile > Add non-VFP arm-specific code. > ok patrick@ (kettenis@) ~ Makefile > Don't build saveFP/restFP for powerpc. Not needed on OpenBSD. > ok kettenis@ (pascal@) libcrypto ~ doc/EVP_EncryptInit.pod > revert documentation update for the clearning behavior we already reverted > (bcook@) ~ Makefile > Append to CLEANFILES instead of replacing it, so libcrypto.pc is > deleted on make clean. > ok millert (natano@) libcxx ~ Makefile > Add -nostdinc++ like the original CMakeLists.txt does. Fixes bulding with > clang++. > ok pascal@, patrick@ (kettenis@) ~ include/__config > We definitely want to use arc4random() on OpenBSD. > ok patrick@ (kettenis@) libcxxabi ~ Makefile > Add -nostdinc++ like the original CMakeLists.txt does. Fixes bulding with > clang++. > ok pascal@, patrick@ (kettenis@) ~ Makefile > We don't need cross-unwinding support, > ok patrick@, tom@ (kettenis@) libsqlite3 - Makefile - VERSION - addopcodes.awk - mkopcodec.awk - mkopcodeh.awk - shlib_version - sqlite3.pc - sqlite3.pc.in - ext/README.txt - ext/async/README.txt - ext/async/sqlite3async.c - ext/async/sqlite3async.h - ext/fts1/README.txt - ext/fts1/ft_hash.c - ext/fts1/ft_hash.h - ext/fts1/fts1.c - ext/fts1/fts1.h - ext/fts1/fts1_hash.c - ext/fts1/fts1_hash.h - ext/fts1/fts1_porter.c - ext/fts1/fts1_tokenizer.h - ext/fts1/fts1_tokenizer1.c - ext/fts1/fulltext.c - ext/fts1/fulltext.h - ext/fts1/simple_tokenizer.c - ext/fts1/tokenizer.h - ext/fts2/README.tokenizers - ext/fts2/README.txt - ext/fts2/fts2.c - ext/fts2/fts2.h - ext/fts2/fts2_hash.c - ext/fts2/fts2_hash.h - ext/fts2/fts2_icu.c - ext/fts2/fts2_porter.c - ext/fts2/fts2_tokenizer.c - ext/fts2/fts2_tokenizer.h - ext/fts2/fts2_tokenizer1.c - ext/fts2/mkfts2amal.tcl - ext/fts3/README.content - ext/fts3/README.syntax - ext/fts3/README.tokenizers - ext/fts3/README.txt - ext/fts3/fts3.c - ext/fts3/fts3.h - ext/fts3/fts3Int.h - ext/fts3/fts3_aux.c - ext/fts3/fts3_expr.c - ext/fts3/fts3_hash.c - ext/fts3/fts3_hash.h - ext/fts3/fts3_icu.c - ext/fts3/fts3_porter.c - ext/fts3/fts3_snippet.c - ext/fts3/fts3_term.c - ext/fts3/fts3_test.c - ext/fts3/fts3_tokenize_vtab.c - ext/fts3/fts3_tokenizer.c - ext/fts3/fts3_tokenizer.h - ext/fts3/fts3_tokenizer1.c - ext/fts3/fts3_unicode.c - ext/fts3/fts3_unicode2.c - ext/fts3/fts3_write.c - ext/fts3/fts3speed.tcl - ext/fts3/mkfts3amal.tcl - ext/fts3/tool/fts3view.c - ext/fts3/unicode/CaseFolding.txt - ext/fts3/unicode/UnicodeData.txt - ext/fts3/unicode/mkunicode.tcl - ext/fts3/unicode/parseunicode.tcl - ext/icu/README.txt - ext/icu/icu.c - ext/icu/sqliteicu.h - ext/misc/amatch.c - ext/misc/closure.c - ext/misc/compress.c - ext/misc/eval.c - ext/misc/fileio.c - ext/misc/fuzzer.c - ext/misc/ieee754.c - ext/misc/nextchar.c - ext/misc/percentile.c - ext/misc/regexp.c - ext/misc/rot13.c - ext/misc/showauth.c - ext/misc/spellfix.c - ext/misc/totype.c - ext/misc/vfslog.c - ext/misc/vtshim.c - ext/misc/wholenumber.c - ext/rtree/README - ext/rtree/rtree.c - ext/rtree/rtree.h - ext/rtree/rtree1.test - ext/rtree/rtree2.test - ext/rtree/rtree3.test - ext/rtree/rtree4.test - ext/rtree/rtree5.test - ext/rtree/rtree6.test - ext/rtree/rtree7.test - ext/rtree/rtree8.test - ext/rtree/rtree9.test - ext/rtree/rtreeA.test - ext/rtree/rtreeB.test - ext/rtree/rtreeC.test - ext/rtree/rtreeD.test - ext/rtree/rtreeE.test - ext/rtree/rtreeF.test - ext/rtree/rtree_perf.tcl - ext/rtree/rtree_util.tcl - ext/rtree/sqlite3rtree.h - ext/rtree/tkt3363.test - ext/rtree/viewrtree.tcl - ext/userauth/sqlite3userauth.h - ext/userauth/user-auth.txt - ext/userauth/userauth.c - src/alter.c - src/analyze.c - src/attach.c - src/auth.c - src/backup.c - src/bitvec.c - src/btmutex.c - src/btree.c - src/btree.h - src/btreeInt.h - src/build.c - src/callback.c - src/complete.c - src/ctime.c - src/date.c - src/dbstat.c - src/delete.c - src/expr.c - src/fault.c - src/fkey.c - src/func.c - src/global.c - src/hash.c - src/hash.h - src/hwtime.h - src/insert.c - src/journal.c - src/legacy.c - src/lempar.c - src/loadext.c - src/main.c - src/malloc.c - src/mem0.c - src/mem1.c - src/mem2.c - src/mem3.c - src/mem5.c - src/memjournal.c - src/msvc.h - src/mutex.c - src/mutex.h - src/mutex_noop.c - src/mutex_unix.c - src/mutex_w32.c - src/notify.c - src/os.c - src/os.h - src/os_common.h - src/os_setup.h - src/os_unix.c - src/os_win.c - src/os_win.h - src/pager.c - src/pager.h - src/parse.y - src/pcache.c - src/pcache.h - src/pcache1.c - src/pragma.c - src/pragma.h - src/prepare.c - src/printf.c - src/random.c - src/resolve.c - src/rowset.c - src/select.c - src/sqlite.h.in - src/sqlite3.h - src/sqlite3.rc - src/sqlite3ext.h - src/sqliteInt.h - src/sqliteLimit.h - src/status.c - src/table.c - src/tclsqlite.c - src/test1.c - src/test2.c - src/test3.c - src/test4.c - src/test5.c - src/test6.c - src/test7.c - src/test8.c - src/test9.c - src/test_async.c - src/test_autoext.c - src/test_backup.c - src/test_blob.c - src/test_btree.c - src/test_config.c - src/test_demovfs.c - src/test_devsym.c - src/test_fs.c - src/test_func.c - src/test_hexio.c - src/test_init.c - src/test_intarray.c - src/test_intarray.h - src/test_journal.c - src/test_loadext.c - src/test_malloc.c - src/test_multiplex.c - src/test_multiplex.h - src/test_mutex.c - src/test_onefile.c - src/test_osinst.c - src/test_pcache.c - src/test_quota.c - src/test_quota.h - src/test_rtree.c - src/test_schema.c - src/test_server.c - src/test_sqllog.c - src/test_stat.c - src/test_superlock.c - src/test_syscall.c - src/test_tclvar.c - src/test_thread.c - src/test_vfs.c - src/test_vfstrace.c - src/test_wsd.c - src/threads.c - src/tokenize.c - src/treeview.c - src/trigger.c - src/update.c - src/utf.c - src/util.c - src/vacuum.c - src/vdbe.c - src/vdbe.h - src/vdbeInt.h - src/vdbeapi.c - src/vdbeaux.c - src/vdbeblob.c - src/vdbemem.c - src/vdbesort.c - src/vdbetrace.c - src/vtab.c - src/vxworks.h - src/wal.c - src/wal.h - src/walker.c - src/where.c - src/whereInt.h - src/wherecode.c - src/whereexpr.c - tool/build-all-msvc.bat - tool/build-shell.sh - tool/checkSpacing.c - tool/diffdb.c - tool/extract.c - tool/fast_vacuum.c - tool/fragck.tcl - tool/fuzzershell.c - tool/genfkey.README - tool/genfkey.test - tool/getlock.c - tool/lemon.c - tool/lempar.c - tool/loadfts.c - tool/logest.c - tool/mkautoconfamal.sh - tool/mkkeywordhash.c - tool/mkopts.tcl - tool/mkpragmatab.tcl - tool/mkspeedsql.tcl - tool/mksqlite3c-noext.tcl - tool/mksqlite3c.tcl - tool/mksqlite3h.tcl - tool/mksqlite3internalh.tcl - tool/mkvsix.tcl - tool/offsets.c - tool/omittest.tcl - tool/opcodeDoc.awk - tool/pagesig.c - tool/restore_jrnl.tcl - tool/rollback-test.c - tool/showdb.c - tool/showjournal.c - tool/showlocks.c - tool/showstat4.c - tool/showwal.c - tool/soak1.tcl - tool/space_used.tcl - tool/spaceanal.tcl - tool/speedtest.tcl - tool/speedtest16.c - tool/speedtest2.tcl - tool/speedtest8.c - tool/speedtest8inst1.c - tool/split-sqlite3c.tcl - tool/sqldiff.c - tool/stack_usage.tcl - tool/symbols-mingw.sh - tool/symbols.sh - tool/tostr.awk - tool/varint.c - tool/vdbe-compress.tcl - tool/vdbe_profile.tcl - tool/warnings-clang.sh - tool/warnings.sh - tool/win/sqlite.vsix - tsrc/header_regen - tsrc/pthread_stub.c > remove lib/libsqlite3, it has moved back to ports (sthen@) libssl ~ Makefile > Update ld search path for libssl/libcrypto, fixes cross-build after source > moved. > from Patrick Wildt (bcook@) ~ ssl_lib.c > Avoid selecting weak digests for (EC)DH when using SNI. > from OpenSSL: > SSL_set_SSL_CTX is normally called for SNI after ClientHello has > received and the digest to use for each certificate has been decided. > The original ssl->cert contains the negotiated digests and is now > copied to the new ssl->cert. > noted by David Benjamin and Kinichiro Inoguchi (bcook@) ~ src/crypto/evp/evp_enc.c TAGGED OPENBSD_6_0 > back out calls to EVP_CIPHER_CTX_cleanup() in EVP_Encrypt/DecryptFinal > Software that refers to ctx after calling Final breaks with these changes. > revert parts of 1.31. ok jsing@ (bcook@) ~ src/crypto/opensslv.h TAGGED OPENBSD_6_0 > bump version for 2.4.3 (bcook@) ~ src/crypto/opensslv.h TAGGED OPENBSD_5_9 > bump version for 2.3.8 (bcook@) ~ t1_lib.c TAGGED OPENBSD_5_9 > Improve ticket validity checking when tlsext_ticket_key_cb() callback > chooses a different HMAC algorithm. > Avert memory leaks if the callback preps the HMAC in some way. > Based on openssl commit 1bbe48ab149893a78bf99c8eb8895c928900a16f > but retaining a pre-callback length check to guarantee the callback > is provided the buffer that the API claims. > ok bcook@ jsing@ (guenther@) ~ s3_srvr.c TAGGED OPENBSD_5_9 > Check for packet with truncated DTLS cookie. > Flip pointer comparison logic to avoid beyond-end-of-buffer pointers > to make it less likely a compiler will decide to screw you. > Based on parts of openssl commits > 6f35f6deb5ca7daebe289f86477e061ce3ee5f46 and > 89c2720298f875ac80777da2da88a64859775898 > ok jsing@ (guenther@) ~ t1_lib.c TAGGED OPENBSD_5_9 > Avoid unbounded memory growth, which can be triggered by a client > repeatedly renegotiating and sending OCSP Status Request TLS extensions. > Fix based on OpenSSL. (jsing@) ~ ssl_lib.c TAGGED OPENBSD_5_9 > Improve on code from the previous commit. > ok bcook@ (jsing@) ~ src/ssl/t1_lib.c TAGGED OPENBSD_5_9 > MFC: Avoid unbounded memory growth in libssl, which can be triggered by a > TLS client repeatedly renegotiating and sending OCSP Status Request TLS > extensions. (jsing@) ~ src/ssl/ssl_lib.c TAGGED OPENBSD_5_9 > MFC: Avoid falling back to a weak digest for (EC)DH when using SNI with > libssl. (jsing@) ~ src/ssl/t1_lib.c TAGGED OPENBSD_6_0 > MFC: Avoid unbounded memory growth in libssl, which can be triggered by a > TLS client repeatedly renegotiating and sending OCSP Status Request TLS > extensions. (jsing@) ~ src/ssl/ssl_lib.c TAGGED OPENBSD_6_0 > MFC: Avoid falling back to a weak digest for (EC)DH when using SNI with > libssl. (jsing@) libtls ~ Makefile > Update ld search path for libssl/libcrypto, fixes cross-build after source > moved. > from Patrick Wildt (bcook@) libunwind ~ src/AddressSpace.hpp > Go down the right path in the _LIBUNWIND_ARM_EHABI case. > ok patrick@ (kettenis@) ~ src/AddressSpace.hpp > When _LIBUNWIND_ARM_EHABI is defined, include <link.h> to get the > dl_unwind_find_exidx prototype. > ok guenther@ (kettenis@) == libexec =========================================================== 08/14 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/libexec ld.so ~ malloc.c > merge form libc malloc: > move page junking tp unmap(), right before we stick the region in the > cache; > ok tedu@ (otto@) == regress =========================================================== 09/14 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress bin ~ ps/command.sh > Fix a race in test. Wait until the process shown by ps is really > up and running. (bluhm@) gnu ~ egcs/gcc-bounds/Makefile ~ egcs/gcc-bounds/getcwd-1.c.exp.gcc4 > Format of warning messages has changed in binutils-2.17. Remove > variable line number in text segment. Adapt expected gcc linker > output in regress test. (bluhm@) ~ egcs/gcc-builtins/Makefile ~ egcs/gcc-builtins/sprintf-1.c.exp ~ egcs/gcc-builtins/sprintf-2.c.exp ~ egcs/gcc-builtins/sprintf-3.c.exp ~ egcs/gcc-builtins/stpcpy-1.c.exp ~ egcs/gcc-builtins/stpcpy-2.c.exp ~ egcs/gcc-builtins/strcat-1.c.exp ~ egcs/gcc-builtins/strcat-2.c.exp ~ egcs/gcc-builtins/strcpy-1.c.exp ~ egcs/gcc-builtins/strcpy-2.c.exp ~ egcs/gcc-builtins/vsprintf-1.c.exp ~ egcs/gcc-builtins/vsprintf-2.c.exp ~ egcs/gcc-builtins/vsprintf-3.c.exp ~ egcs/gcc-bounds/Makefile > Adapt more places where binutils-2.17 has changed the format of the > linker warning massages. (bluhm@) lib ~ libedit/chared/Makefile ~ libedit/keymacro/Makefile ~ libedit/read/Makefile > The libedit regress tests require header files generated during the > build. Add a dependency to run make depend in /usr/src/lib/libedit. > Problem found by otto@; OK schwarze@ (bluhm@) ~ libpthread/cancel/Makefile ~ libpthread/cancel/cancel.c ~ libpthread/poll/Makefile ~ libpthread/poll/poll.c > don't depend on /dev/tty, in bluhm's framework there is no such thing > use openpty(3) instead (otto@) ~ libpthread/cancel/cancel.c ~ libpthread/poll/poll.c > switch master & slave; prompted by bluhm@ (otto@) ~ libpthread/pcap/pcap.c > set BIOCIMMEDIATE, makes the test work for lo0, which does more buffering > than regular interfaces (otto@) sys ~ kern/kqueue/Makefile ~ kern/kqueue/kqueue-fdpass.c ~ kern/kqueue/kqueue-flock.c ~ kern/kqueue/kqueue-fork.c ~ kern/kqueue/kqueue-pipe.c ~ kern/kqueue/kqueue-process.c ~ kern/kqueue/kqueue-pty.c ~ kern/kqueue/kqueue-random.c ~ kern/kqueue/kqueue-signal.c ~ kern/kqueue/kqueue-timer.c ~ kern/kqueue/kqueue-tun.c ~ kern/kqueue/main.c + kern/kqueue/main.h > To make debugging the kqueue test easier, always print the assertion > failure before returning. (bluhm@) ~ net/rtable/Makefile.inc ~ net/rtable/kern_compat.h > Test ART implementation by default. > RADIX code can be tested by doing "make RADIX=1" (mpi@) ~ net/Makefile > Enter rtable (mpi@) ~ kern/kqueue/kqueue-pty.c > Use /dev/console as a template for the pseudo tty, stdin may be not > a terminal. Check wether tcgetattr() can read the values. Do not > only verify that kqueue does not report unwanted events but also > that expected events exist. (bluhm@) - kern/mquery/Makefile - kern/mquery/mquery.c > Zap. Has been disabled for a long time and makes unholy assumptions about > the address pace layout. ok bluhhm@ (otto@) ~ kern/Makefile > Zap mquery test for good (otto@) ~ kern/ptrace/Makefile > Making the regress target depends on building PROG. (bluhm@) ~ kern/noexec/noexec.c > recpect W^X, sparc64 still has a problem: non-exec mmap: execute > #1 is done, the others not. ok kettenis@ millert@ (otto@) ~ kern/noexec/testfly.S > On sparc64 we need "retl" not "ret" to do an immediate return. > ok deraadt@, tedu@ (kettenis@) usr.bin ~ ssh/principals-command.sh > test all the AuthorizedPrincipalsCommand % expansions (djm@) ~ ssh/unittests/match/tests.c > disable tests for affirmative negated match after backout of > match change (djm@) ~ mandoc/db/dbm_dump/Makefile ~ mandoc/db/run/Makefile > Add dependencies to build the required test tools for mandoc on > demand. This is necessary to run make regress without make all or > make build. (bluhm@) ~ Makefile > add ul (otto@) usr.sbin ~ ldapd/Makefile > Test should print SKIPPED if a package is missing. (bluhm@) ~ syslogd/Client.pm ~ syslogd/Server.pm ~ syslogd/args-server-tls-client-cert.pl ~ syslogd/args-server-tls-client-fake.pl + syslogd/args-client-tls-cert.pl + syslogd/args-client-tls-fake.pl + syslogd/args-client-tls-verify.pl > Test syslogd TLS client certificate validation. (bluhm@) ~ relayd/Client.pm ~ relayd/Server.pm > Call setsockopt(2) before listen(2) in relayd tests and adjust some > error messages. (bluhm@) ~ syslogd/Client.pm ~ syslogd/Server.pm ~ syslogd/args-dropped-sighup-tcp.pl ~ syslogd/args-dropped-sighup-tls.pl ~ syslogd/args-dropped-sigterm-tcp.pl ~ syslogd/args-dropped-sigterm-tls.pl ~ syslogd/args-dropped-tcp.pl ~ syslogd/args-dropped-tls.pl ~ syslogd/args-sync-tcp.pl > The TCP socket buffer size for syslogd has changed. Adapt tests > where we count the dropped messages. A different number gets stuck > in the kernel buffers now which is not included in the syslogd > statistics. (bluhm@) ~ httpd/tests/Makefile > Remove leftovers from relayd tests. (bluhm@) ~ relayd/Makefile > Check wether sudo or doas is working once at the beginning of the > test. (bluhm@) == sbin ============================================================== 10/14 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin bioctl ~ bioctl.c > Switch softraid crypto from PKCS5 PBKDF2 to bcrypt PBKDF. > New volumes will be created with bcrypt PBKDF, however existing volumes > will continue to use PKCS5 PBKDF2 until a passphrase change is made. > If you're booting from softraid crypto, ensure that your boot loader has > been upgraded to a version that supports bcrypt prior to changing your > passphrase. Also be aware that once the passphrase has been changed, an > older version of bioctl(8) (one that does not support bcrypt PBKDF) will > not be able to "unlock" the volume. > Partly based on a diff from djm@. (jsing@) ~ bioctl.8 > Update for bcrypt pbkdf. (jsing@) ~ bioctl.8 > Be clearer with the description of bioctl(8)'s -r option. > ok jmc@ (jsing@) ~ bioctl.c > Add support for automatically selecting the number of rounds to use with > bcrypt pbkdf, based on system performance. This is based on the bcrypt > autorounds code we have in libc. > Discussed with djm@ and tedu@. (jsing@) ~ bioctl.8 > Document auto rounds. (jsing@) disklabel ~ Makefile > Remove reference to zaurus > OK sthen@ (fcambus@) ping ~ ping.8 > minor tweaks; (jmc@) ~ ping.c > Do not print 'ping6' in reporting output, just 'ping'. > OK tom@, natano@, claudio@, sthen@, millert@ (florian@) ~ ping.c > If running in verbose mode and no source address has been specified > with -I find the kernel selected address and print it even for v4 > addresses. > OK phessler@, natano@, mpi@, claudio@, benno@, sthen@, millert@ (florian@) ~ ping.c > whitespace (deraadt@) ~ ping.c > simplify startup, since we know earlier which type of socket we need > ok florian (deraadt@) ~ ping.c > unbreak IPv6 source selection (florian@) ~ ping.c > Only allow standard dot notation for IPv4 addresses. > We can get rid of inet_aton(3) and use the AF independent getaddrinfo(3). > OK natano@, krw@, millert@, claudio@ (florian@) ~ ping.8 > various cleanup; ok florian (jmc@) ~ ping.c > whitespace (deraadt@) route ~ route.c > print a BFD route message. > protected with #ifdef BFD while we still figure out some of the > mechanisms. > OK mpi@ (phessler@) sysctl ~ sysctl.c > sysctl KERN_ARND is no longer used (in ports, it only occurs in fallback > paths of libevent). This interface was the first generation of what > eventually became getentropy(2) and arc4random(3) -- june 1997! > Ports scan by sthen, general agreement guenther (deraadt@) ~ sysctl.8 > kern.arandom no longer exists > from rob pierce (deraadt@) == share ============================================================= 11/14 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share man ~ man4/man4.armv7/Makefile + man4/man4.armv7/agtimer.4 + man4/man4.armv7/ampintc.4 + man4/man4.armv7/amptimer.4 + man4/man4.armv7/armliicc.4 + man4/man4.armv7/cortex.4 > add some barebones manual pages (jsg@) ~ man4/options.4 ~ man7/securelevel.7 > option INSECURE is obsolete (deraadt@) ~ man7/securelevel.7 > there's no reason to point readers to options(4) now; (jmc@) ~ man4/man4.octeon/Makefile + man4/man4.octeon/octuctl.4 > Add manual for octuctl(4); from Rafael Neves <rafael at diskless dot io>. > Tweaked by jmc@ and by me. > OK visa@ (on a previous version) and OK jmc@ and Rafael Neves (author). > MikeB@ supported the general direction. (schwarze@) ~ man9/audio.9 > Remove unused getdev() audio driver functions. (ratchov@) ~ man4/mpii.4 > mention SAS3 devices (jmatthew@) ~ man4/pvbus.4 > sort; (jmc@) ~ man4/switch.4 > Rewrite awkward phrase, pointed out by Bryan Vyhmeister, wording tweak > from me, ok jmc@ (sthen@) ~ man9/timeout.9 > Introduce a new 'softclock' thread that will be used to execute timeout > callbacks needing a process context. > The function timeout_set_proc(9) has to be used instead of timeout_set(9) > when a timeout callback needs a process context. > Note that if such a timeout is waiting, understand sleeping, for a non > negligible amount of time it might delay other timeouts needing a process > context. > dlg@ agrees with this as a temporary solution. > Manpage tweaks from jmc@ > ok kettenis@, bluhm@, mikeb@ (mpi@) ~ man3/intro.3 > Unhook sqlite3. (sthen@) ~ man5/pf.conf.5 > Specify "to" addresses in one of the examples that shows use of af-to for > inet6->inet. Without this, local network traffic (including neighbour > discovery etc) will also get translated. From Peter J. Philipp, with a > tweak to break long lines. (sthen@) ~ man9/hashinit.9 > introduce hashfree() function to free hash tables, with sizes. > ok guenther (tedu@) ~ man9/hashinit.9 > jmc noticed a chunk failed to apply. actually document hashfree. > from natano via Mathieu - (tedu@) ~ Makefile > Install the copyright notice as ${MANOWN}:${MANGRP} with ${MANMODE} and > use ${INSTALL_COPY}; chown root:wheel mandoc.db for noperm builds. > ok natano (tb@) misc ~ pcvtfonts/Makefile > Some ownership fixes for /usr/share/. > feedback and tweaks rpe > ok tb (natano@) mk ~ bsd.own.mk > Loadable kernel modules are gone. > ok millert, deraadt and tb, who sent the same diff to tech@ some time ago > (natano@) snmp ~ Makefile > Some ownership fixes for /usr/share/. > feedback and tweaks rpe > ok tb (natano@) termtypes ~ Makefile > Some ownership fixes for /usr/share/. > feedback and tweaks rpe > ok tb (natano@) == sys =============================================================== 12/14 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys arch/alpha/alpha ~ machdep.c > option INSECURE is obsolete (deraadt@) ~ db_trace.c > fix whitespace at EOL (jasper@) ~ db_trace.c > ansify function definitions > ok guenther@ millert@ (jasper@) ~ mem.c > Make a move towards ending 4 decades of kernel snooping. > Add sysctl kern.allowkmem (default 0) which controls the ability to open > /dev/mem or /dev/kmem at securelevel > 0. Over 15 years we converted 99% > of utilities in the tree to operate on sysctl-nodes (either by themselves > or via code hiding in the guts of -lkvm). > pstat -d and -v & procmap are affected and continued use of them will > require kern.allowkmem=1 in /etc/sysctl.conf. acpidump (and it's > buddy sendbug) are affected, but we'll work out a solution soon. > There will be some impact in ports. > ok kettenis guenther (deraadt@) arch/alpha/conf ~ Makefile.alpha > Add -Wno-pointer-sign to all our gcc4 architectures. > ok patrick@ (for armv7), deraadt@ (kettenis@) arch/amd64/amd64 ~ machdep.c > option INSECURE is obsolete (deraadt@) ~ vmm.c > remove an extraneous vmcs flush (mlarkin@) ~ vmm.c > refactor vmcs flush and reload into one function, and remove another > flush that wasn't needed (mlarkin@) ~ mem.c > Make a move towards ending 4 decades of kernel snooping. > Add sysctl kern.allowkmem (default 0) which controls the ability to open > /dev/mem or /dev/kmem at securelevel > 0. Over 15 years we converted 99% > of utilities in the tree to operate on sysctl-nodes (either by themselves > or via code hiding in the guts of -lkvm). > pstat -d and -v & procmap are affected and continued use of them will > require kern.allowkmem=1 in /etc/sysctl.conf. acpidump (and it's > buddy sendbug) are affected, but we'll work out a solution soon. > There will be some impact in ports. > ok kettenis guenther (deraadt@) arch/amd64/conf ~ Makefile.amd64 > Add -Wno-pointer-sign to all our gcc4 architectures. > ok patrick@ (for armv7), deraadt@ (kettenis@) arch/amd64/stand/boot ~ Makefile > Add bcrypt pbkdf support to the softraid crypto boot loader code. > Based on a diff from djm@ (jsing@) ~ conf.c > Bump boot loader versions due to bcrypt pbkdf support. (jsing@) arch/amd64/stand/cdboot ~ Makefile > Add bcrypt pbkdf support to the softraid crypto boot loader code. > Based on a diff from djm@ (jsing@) ~ conf.c > Bump boot loader versions due to bcrypt pbkdf support. (jsing@) arch/amd64/stand/efiboot ~ Makefile.common > Add bcrypt pbkdf support to the softraid crypto boot loader code. > Based on a diff from djm@ (jsing@) ~ conf.c > Bump boot loader versions due to bcrypt pbkdf support. (jsing@) arch/amd64/stand/libsa ~ biosdev.c > Fix a bug in the bounce buffer handling of BIOS disk I/O. > Currently, if a buffer crosses a 64KB boundary, a bounce buffer is > allocated, however it is assumed that this new buffer does not cross the > 64KB boundary. In the case of i386 fdboot, it just so happens that (due to > the size of fdboot and heap allocations) UFS gets allocated a 4KB buffer > that crosses a 64KB boundary, then biosd_io() allocates a bounce buffer, > which also crosses a 64KB boundary. At this point the BIOS gets grumpy and > refuses to read from the disk. > Further clean up to come from tom@. (jsing@) arch/amd64/stand/pxeboot ~ Makefile > Add bcrypt pbkdf support to the softraid crypto boot loader code. > Based on a diff from djm@ (jsing@) ~ conf.c > Bump boot loader versions due to bcrypt pbkdf support. (jsing@) arch/arm/arm ~ arm32_machdep.c > option INSECURE is obsolete (deraadt@) ~ db_trace.c > fix whitespace at EOL (jasper@) ~ db_trace.c > ansify function definitions > ok guenther@ millert@ (jasper@) ~ db_trace.c > one too many close parentheses > spotted by Markus Hennecke (jasper@) ~ bus_dma.c > Complete bus_dmamap_load_raw(9) implementation for ARM. My initial > commit did not copy the vaddr information to the map's segments. This > means non-coherent bus dma raw mappings could not be synced. > As only agp(4) and radeondrm(4) seem to make use of non-coherent raw > mappings at the moment, this bug did not cause any visible effects. > From Marius Strobl. > ok kettenis@ (patrick@) ~ bcopyinout.S ~ bus_space_notimpl.S ~ copystr.S ~ cpufunc_asm.S ~ exception.S ~ irq_dispatch.S ~ locore.S ~ sigcode.S ~ vectors.S > Modernize arm assembly in the kernel for clang. > Based on a similar diff in bitrig. > No binary change when compiled with gcc. > ok patrick@ (kettenis@) ~ arm32_machdep.c > Use "%s" to print the version string. Avoids a "format string is not a > string literal" warning from clang and matches what we do on amd64. > (kettenis@) ~ cpu.c ~ pmap7.c > Remove a couple of unsused static inline functions. Also remove a comparis > of an array to a null pointer that is always false. Found with clang. > ok jsg@ (kettenis@) ~ locore.S > If the value of r0 upon entering the kernel is zero, interpret this as the > address of the end of the symbol table. This will make it possible to get > rid of the code in the bootloader that patches up the kernel with the > updated > esym value. > ok tom@, patrick@ (kettenis@) ~ cpuswitch7.S ~ genassym.cf > Stick the thread control block pointer into a CPU register on ARMv7. > ok guenther@ (patrick@) ~ mem.c > Make a move towards ending 4 decades of kernel snooping. > Add sysctl kern.allowkmem (default 0) which controls the ability to open > /dev/mem or /dev/kmem at securelevel > 0. Over 15 years we converted 99% > of utilities in the tree to operate on sysctl-nodes (either by themselves > or via code hiding in the guts of -lkvm). > pstat -d and -v & procmap are affected and continued use of them will > require kern.allowkmem=1 in /etc/sysctl.conf. acpidump (and it's > buddy sendbug) are affected, but we'll work out a solution soon. > There will be some impact in ports. > ok kettenis guenther (deraadt@) arch/arm/conf ~ files.arm > Use a locator (named "early") to let designated drivers attach before > others. > ok patrick@, jsg@ (kettenis@) ~ files.arm > Add an implementation of __aeabi_ldivmode() and __aeabi_uldivmod(); clang > generates calls to these functions when compiling an armv7 kernel. > Code from NetBSD's unified userland+kernel implementation, with lots of > irrelevant (for us) #ifdefs removed. > ok patrick@, guenther@ (kettenis@) arch/arm/cortex ~ agtimer.c > Remove a couple of unsused static inline functions. Also remove a comparis > of an array to a null pointer that is always false. Found with clang. > ok jsg@ (kettenis@) arch/arm/include ~ asm.h ~ profile.h > Modernize arm assembly in the kernel for clang. > Based on a similar diff in bitrig. > No binary change when compiled with gcc. > ok patrick@ (kettenis@) ~ machdep.h > If the value of r0 upon entering the kernel is zero, interpret this as the > address of the end of the symbol table. This will make it possible to get > rid of the code in the bootloader that patches up the kernel with the > updated > esym value. > ok tom@, patrick@ (kettenis@) ~ pcb.h ~ proc.h ~ tcb.h > Stick the thread control block pointer into a CPU register on ARMv7. > ok guenther@ (patrick@) arch/arm/simplebus ~ simplebus.c > Use a locator (named "early") to let designated drivers attach before > others. > ok patrick@, jsg@ (kettenis@) arch/armv7/armv7 ~ armv7_machdep.c ~ armv7_start.S > If the value of r0 upon entering the kernel is zero, interpret this as the > address of the end of the symbol table. This will make it possible to get > rid of the code in the bootloader that patches up the kernel with the > updated > esym value. > ok tom@, patrick@ (kettenis@) arch/armv7/conf ~ GENERIC ~ RAMDISK > Convert imxccm(4) and imxiomuxc(4) to attach using the fdt. Use the > "early" > locator to attach them before other drivers that might need their services. > ok patrick@, jsg@ (kettenis@) ~ GENERIC ~ RAMDISK > Attach imxocotp(4) using the fdt. Since this means that imxtemp(4) > attaches > before imxocotp(4), delay reading the temperature sensor calibration > information until after imxocotp(4) attaches. (kettenis@) ~ Makefile.armv7 > Add -Wno-pointer-sign to all our gcc4 architectures. > ok patrick@ (for armv7), deraadt@ (kettenis@) arch/armv7/imx ~ files.imx ~ imx.c ~ imxccm.c ~ imxiomuxc.c > Convert imxccm(4) and imxiomuxc(4) to attach using the fdt. Use the > "early" > locator to attach them before other drivers that might need their services. > ok patrick@, jsg@ (kettenis@) ~ if_fec.c > Remove some dead code and only enable tx and rx interrupts. > ok patrick@, tom@, mikeb@ (kettenis@) ~ if_fec.c > Periodically call mii_tick() like all our other ethernet drivers that use > mii(4). Should fix the link negotiation issues that people have been > seeing. > ok jsg@, mikeb@, guenther@ (kettenis@) ~ files.imx ~ imx.c ~ imxocotp.c ~ imxtemp.c > Attach imxocotp(4) using the fdt. Since this means that imxtemp(4) > attaches > before imxocotp(4), delay reading the temperature sensor calibration > information until after imxocotp(4) attaches. (kettenis@) arch/armv7/stand/efiboot ~ conf.c ~ exec.c > Pass esym to the kernel in r0. Since u-boot passes 0 in this register, we > can easily determine that the value passed is valid and use it to > initialize > the kernel symbol tableo. > ok tom@, patrick@ (kettenis@) arch/hppa/conf ~ Makefile.hppa > Add -Wno-pointer-sign to all our gcc4 architectures. > ok patrick@ (for armv7), deraadt@ (kettenis@) arch/hppa/gsc ~ harmony.c ~ harmonyvar.h > Remove unused getdev() audio driver functions. (ratchov@) arch/hppa/hppa ~ db_interface.c > ansify function definitions > ok guenther@ millert@ (jasper@) ~ mem.c > Make a move towards ending 4 decades of kernel snooping. > Add sysctl kern.allowkmem (default 0) which controls the ability to open > /dev/mem or /dev/kmem at securelevel > 0. Over 15 years we converted 99% > of utilities in the tree to operate on sysctl-nodes (either by themselves > or via code hiding in the guts of -lkvm). > pstat -d and -v & procmap are affected and continued use of them will > require kern.allowkmem=1 in /etc/sysctl.conf. acpidump (and it's > buddy sendbug) are affected, but we'll work out a solution soon. > There will be some impact in ports. > ok kettenis guenther (deraadt@) arch/i386/conf ~ Makefile.i386 > Add -Wno-pointer-sign to all our gcc4 architectures. > ok patrick@ (for armv7), deraadt@ (kettenis@) arch/i386/i386 ~ db_trace.c > as is done on amd64, allow using CTF to lookup the function parameters. > ok mpi@ (jasper@) ~ machdep.c > option INSECURE is obsolete (deraadt@) ~ mem.c > Make a move towards ending 4 decades of kernel snooping. > Add sysctl kern.allowkmem (default 0) which controls the ability to open > /dev/mem or /dev/kmem at securelevel > 0. Over 15 years we converted 99% > of utilities in the tree to operate on sysctl-nodes (either by themselves > or via code hiding in the guts of -lkvm). > pstat -d and -v & procmap are affected and continued use of them will > require kern.allowkmem=1 in /etc/sysctl.conf. acpidump (and it's > buddy sendbug) are affected, but we'll work out a solution soon. > There will be some impact in ports. > ok kettenis guenther (deraadt@) arch/i386/isa ~ isa_machdep.c > Fix indentation. No binary change. (jsg@) arch/i386/stand/boot ~ Makefile > Add bcrypt pbkdf support to the softraid crypto boot loader code. > Based on a diff from djm@ (jsing@) ~ conf.c > Bump boot loader versions due to bcrypt pbkdf support. (jsing@) arch/i386/stand/cdboot ~ Makefile > Add bcrypt pbkdf support to the softraid crypto boot loader code. > Based on a diff from djm@ (jsing@) ~ conf.c > Bump boot loader versions due to bcrypt pbkdf support. (jsing@) arch/i386/stand/libsa ~ biosdev.c > Fix a bug in the bounce buffer handling of BIOS disk I/O. > Currently, if a buffer crosses a 64KB boundary, a bounce buffer is > allocated, however it is assumed that this new buffer does not cross the > 64KB boundary. In the case of i386 fdboot, it just so happens that (due to > the size of fdboot and heap allocations) UFS gets allocated a 4KB buffer > that crosses a 64KB boundary, then biosd_io() allocates a bounce buffer, > which also crosses a 64KB boundary. At this point the BIOS gets grumpy and > refuses to read from the disk. > Further clean up to come from tom@. (jsing@) arch/i386/stand/pxeboot ~ Makefile > Add bcrypt pbkdf support to the softraid crypto boot loader code. > Based on a diff from djm@ (jsing@) ~ conf.c > Bump boot loader versions due to bcrypt pbkdf support. (jsing@) arch/landisk/conf ~ Makefile.landisk > Add -Wno-pointer-sign to all our gcc4 architectures. > ok patrick@ (for armv7), deraadt@ (kettenis@) arch/loongson/conf ~ Makefile.loongson > Add -Wno-pointer-sign to all our gcc4 architectures. > ok patrick@ (for armv7), deraadt@ (kettenis@) arch/luna88k/cbus ~ nec86.c ~ nec86hwvar.h > Remove unused getdev() audio driver functions. (ratchov@) arch/m88k/m88k ~ db_trace.c > ansify function definitions > ok guenther@ millert@ (jasper@) ~ mem.c > Make a move towards ending 4 decades of kernel snooping. > Add sysctl kern.allowkmem (default 0) which controls the ability to open > /dev/mem or /dev/kmem at securelevel > 0. Over 15 years we converted 99% > of utilities in the tree to operate on sysctl-nodes (either by themselves > or via code hiding in the guts of -lkvm). > pstat -d and -v & procmap are affected and continued use of them will > require kern.allowkmem=1 in /etc/sysctl.conf. acpidump (and it's > buddy sendbug) are affected, but we'll work out a solution soon. > There will be some impact in ports. > ok kettenis guenther (deraadt@) arch/macppc/conf ~ Makefile.macppc > Add -Wno-pointer-sign to all our gcc4 architectures. > ok patrick@ (for armv7), deraadt@ (kettenis@) arch/macppc/dev ~ aoa.c ~ awacs.c ~ daca.c ~ onyx.c ~ snapper.c ~ tumbler.c > Remove unused getdev() audio driver functions. (ratchov@) arch/macppc/macppc ~ machdep.c > option INSECURE is obsolete (deraadt@) ~ mem.c > Make a move towards ending 4 decades of kernel snooping. > Add sysctl kern.allowkmem (default 0) which controls the ability to open > /dev/mem or /dev/kmem at securelevel > 0. Over 15 years we converted 99% > of utilities in the tree to operate on sysctl-nodes (either by themselves > or via code hiding in the guts of -lkvm). > pstat -d and -v & procmap are affected and continued use of them will > require kern.allowkmem=1 in /etc/sysctl.conf. acpidump (and it's > buddy sendbug) are affected, but we'll work out a solution soon. > There will be some impact in ports. > ok kettenis guenther (deraadt@) arch/mips64/mips64 ~ db_machdep.c > fix whitespace at EOL (jasper@) ~ mem.c > Make a move towards ending 4 decades of kernel snooping. > Add sysctl kern.allowkmem (default 0) which controls the ability to open > /dev/mem or /dev/kmem at securelevel > 0. Over 15 years we converted 99% > of utilities in the tree to operate on sysctl-nodes (either by themselves > or via code hiding in the guts of -lkvm). > pstat -d and -v & procmap are affected and continued use of them will > require kern.allowkmem=1 in /etc/sysctl.conf. acpidump (and it's > buddy sendbug) are affected, but we'll work out a solution soon. > There will be some impact in ports. > ok kettenis guenther (deraadt@) arch/octeon/conf ~ Makefile.octeon > Add -Wno-pointer-sign to all our gcc4 architectures. > ok patrick@ (for armv7), deraadt@ (kettenis@) arch/sgi/conf ~ Makefile.sgi > Add -Wno-pointer-sign to all our gcc4 architectures. > ok patrick@ (for armv7), deraadt@ (kettenis@) arch/sgi/dev ~ mavb.c > Remove unused getdev() audio driver functions. (ratchov@) arch/sh/sh ~ mem.c > Make a move towards ending 4 decades of kernel snooping. > Add sysctl kern.allowkmem (default 0) which controls the ability to open > /dev/mem or /dev/kmem at securelevel > 0. Over 15 years we converted 99% > of utilities in the tree to operate on sysctl-nodes (either by themselves > or via code hiding in the guts of -lkvm). > pstat -d and -v & procmap are affected and continued use of them will > require kern.allowkmem=1 in /etc/sysctl.conf. acpidump (and it's > buddy sendbug) are affected, but we'll work out a solution soon. > There will be some impact in ports. > ok kettenis guenther (deraadt@) arch/socppc/conf ~ Makefile.socppc > Add -Wno-pointer-sign to all our gcc4 architectures. > ok patrick@ (for armv7), deraadt@ (kettenis@) arch/socppc/socppc ~ machdep.c > option INSECURE is obsolete (deraadt@) ~ mem.c > Make a move towards ending 4 decades of kernel snooping. > Add sysctl kern.allowkmem (default 0) which controls the ability to open > /dev/mem or /dev/kmem at securelevel > 0. Over 15 years we converted 99% > of utilities in the tree to operate on sysctl-nodes (either by themselves > or via code hiding in the guts of -lkvm). > pstat -d and -v & procmap are affected and continued use of them will > require kern.allowkmem=1 in /etc/sysctl.conf. acpidump (and it's > buddy sendbug) are affected, but we'll work out a solution soon. > There will be some impact in ports. > ok kettenis guenther (deraadt@) arch/sparc64/conf ~ Makefile.sparc64 > Add -Wno-pointer-sign to all our gcc4 architectures. > ok patrick@ (for armv7), deraadt@ (kettenis@) arch/sparc64/dev ~ ce4231.c > Remove unused getdev() audio driver functions. (ratchov@) arch/sparc64/include ~ asm.h > Remove more duplicated includes > OK jca@, deraadt@ (fcambus@) arch/sparc64/sparc64 ~ machdep.c > option INSECURE is obsolete (deraadt@) ~ mem.c > Make a move towards ending 4 decades of kernel snooping. > Add sysctl kern.allowkmem (default 0) which controls the ability to open > /dev/mem or /dev/kmem at securelevel > 0. Over 15 years we converted 99% > of utilities in the tree to operate on sysctl-nodes (either by themselves > or via code hiding in the guts of -lkvm). > pstat -d and -v & procmap are affected and continued use of them will > require kern.allowkmem=1 in /etc/sysctl.conf. acpidump (and it's > buddy sendbug) are affected, but we'll work out a solution soon. > There will be some impact in ports. > ok kettenis guenther (deraadt@) arch/sparc64/stand/ofwboot ~ Makefile > Add bcrypt pbkdf support to the softraid crypto boot loader code. > Based on a diff from djm@ (jsing@) ~ vers.c > Bump boot loader versions due to bcrypt pbkdf support. (jsing@) conf ~ GENERIC > option INSECURE is obsolete (deraadt@) crypto ~ crypto.c ~ gmac.c ~ hmac.c ~ xform.c > convert bcopy to memcpy. from david hill (tedu@) ddb ~ db_ctf.c > - inline db_ctf_nsyms() into it's only caller. the value remains cached and > won't change, so there's no reason to call it again. > - remove explicit return from void function > ok mpi@ (jasper@) dev ~ audio.c ~ audio_if.h > Remove unused getdev() audio driver functions. (ratchov@) ~ rndis.h > Add a missing status define (mikeb@) ~ radio.c > Fix indentation of a break statement. No binary change. (jsg@) ~ rnd.c > Stop pushing version & cfdata into as entropy, since the contents are > known and we rely on the bootpath to prime us anyways. > This also solves the issue raised by kettenis, of version potentially > being non-word aligned > ok kettenis djm (deraadt@) ~ rnd.c > kern.arandom no longer exists > from rob pierce (deraadt@) dev/acpi ~ acpi.c ~ acpicpu.c > If the APIC table (MADT) isn't present then ci_acpi_proc_id won't be set > when acpicpu tries to attach, leading to a NULL dereference. The ACPI > processor object on the Dells where this was reported is bogus and useless > anyway so apply the same test when deciding whether to attach to processor > objects as acpicpu would when matching them to cpus. > Problem reported by Eivind Eide (xenofil (at) gmail.com) and > Johan Huldtgren (johan+openbsd-bugs (at) huldtgren.com). > Testing by Eivind Eide. > ok kettenis@ mlarkin@ (guenther@) dev/i2c ~ iatp.c > Don't compare array against null pointer; found by clang. > ok jca@, jcs@ (kettenis@) dev/ic ~ am7930var.h ~ arcofi.c ~ arcofivar.h > Remove unused getdev() audio driver functions. (ratchov@) ~ arcofi.c > Make this build again. (kettenis@) dev/isa ~ ess.c ~ gus.c ~ gusvar.h ~ pas.c ~ sb.c > Remove unused getdev() audio driver functions. (ratchov@) dev/pci ~ auacer.c ~ auglx.c ~ auich.c ~ auixp.c ~ auixpvar.h ~ autri.c ~ auvia.c ~ azalia.c ~ cmpci.c ~ cs4280.c ~ cs4281.c ~ eap.c ~ emuxki.c ~ emuxkivar.h ~ envy.c ~ esa.c ~ eso.c ~ fms.c ~ maestro.c ~ neo.c ~ sv.c ~ yds.c > Remove unused getdev() audio driver functions. (ratchov@) ~ if_iwmreg.h > Mostly cosmetic tweaks to macros involved in iwm(4) power-saving features. > Remove the unused struct iwm_powertable_cmd. Fix typos in comments. > Add macros for default power-save Tx/Rx timeout values (from iwlwifi). > (stsp@) ~ if_iwm.c > Add the BSS's basic rates to iwm's LQ command, not all the rates. > Makes the firmware use appropriate Tx rates for ACKs. (stsp@) ~ if_iwm.c > Copy the AP's actual EDCA parameters into iwm's mac context command > rather than some fixed values present in this file since r1.1. > Allows the firmware to properly time its transmissions in 11n networks. > ok sthen@ (stsp@) ~ if_iwm.c > For the keep-alive period in iwm's power command, use the DTIM period > specified by the AP, rather than the default DTIM period of our wireless > stack (which is not applicable when running as a client anyway). > And tell the firmware to disable power-saving. > ok sthen@ (stsp@) ~ if_iwm.c > Make iwm return EBUSY from its ic_ampdu_rx_start() handler and > call the functions provided by the wireless stack to accept or > refuse BA agreements depending on the status returned by firmware. > ok sthen@ (stsp@) ~ if_iwm.c ~ if_iwmvar.h > Properly support the mac context command in iwm. This was wrong in many > ways. > This commit includes style fixes as well as actual bug fixes. > Remove the global in_assoc flag from the softc. We can just pass a fixed > argument to functions to indicate whether we're already associated. > Remove in_tfsid from the softc as well. It was implicitly set to zero > and never changed. A corresponding macro already exists so use it instead. > Always copy the BSSID into the mac context command, as the Linux driver > does. > This helps the firmware during association. > Set the firmware state to 'associated' once we've moved to RUN state > and our assoc ID is known. Earlier versions of iwm used to set the > firmware to 'associated' but this was disabled in r1.91 since it > didn't work correctly due to bugs which are now fixed. > Use live DTIM information obtained from the AP, rather than using the > default DTIM period of our wireless stack. > Check return values of functions called after moving to RUN state. > ok sthen@ (stsp@) ~ if_iwm.c > Make iwm protect the session during association more like Linux does it. > ok sthen@ (stsp@) ~ if_iwm.c > Always set the bit which allows RTS in iwm's LQ command. > This bit was only set in 11n mode previously. > ok sthen@ (stsp@) ~ if_iwm.c > Simplify assignment of sgi_ok variable in iwm_setrates(). No functional > change. (stsp@) ~ if_iwm.c > Remove some unused cruft from iwm, including a local namespace-polluting > definition of an ieee80211_tu_to_usec() macro... (stsp@) ~ drm/i915/intel_i2c.c > Assert that bus->force_bit >= 0 instead of force_bit. Found by clang. > (kettenis@) ~ ixgbe.h > Remove more duplicated includes > OK jca@, deraadt@ (fcambus@) dev/pv ~ hyperv.c ~ hypervvar.h > Add an API to hook up event counters (mikeb@) ~ if_hvn.c > Attach event counter (mikeb@) + ndis.h > Add a new NDIS header (mikeb@) ~ if_hvn.c > Switch to the new NDIS header (mikeb@) - rndisreg.h > Not needed anymore (mikeb@) ~ pvbus.c > If not set, set hw_vendor to the name of the first pvbus. > This sets hw.vendor to "OpenBSD" if running on vmm(4) because it > doesn't provide an SMBIOS. > OK mikeb@ (reyk@) ~ if_hvn.c > Specify a page size boundary for Tx segments (mikeb@) ~ if_hvn.c > Improve error handling when we fail to send the RNDIS message (mikeb@) ~ ndis.h > Fixup the NDIS_OFFLOAD_PARAMS_SIZE_6_1 definition (mikeb@) ~ if_hvn.c > Configure NDIS VLAN and MTU parameters for NVSP 2 and newer backends > (mikeb@) ~ if_hvn.c > Setup checksum offloading instead of relying on the default configuraiton > (mikeb@) ~ if_hvn.c > Rework Per Packet Info handling > Per Packet Info is an NDIS meta information embedded in the RNDIS > message to communicate various offloading and scheduling operations > with the backend. Due to various versions of NDIS supported by > Hyper-V some of the offloading features may or may not be available. > This commit brings support for IP and protocol checksum offloading > as well as initial code for hardware VLAN tagging and jumbo frames > where supported. (mikeb@) dev/sbus ~ cs4231.c > Remove unused getdev() audio driver functions. (ratchov@) dev/tc ~ bba.c > Remove unused getdev() audio driver functions. (ratchov@) dev/usb ~ usb_subr.c > Ensure that the device descriptor ``bMaxPacketSize'' value is usable > before using it as the ``wMaxPacketSize'' of the default endpoint. > This prevents host controller drivers from using incorrect value, in > particular 0, that makes ehci(4) crash. > While here do the 0xff -> 512 conversion for super speed devices. > Crash found with a facedancer21. > ok deraadt@ (mpi@) ~ uaudio.c ~ utvfu.c > Remove unused getdev() audio driver functions. (ratchov@) ~ usb_subr.c > ``bMaxPacketSize'' is reported as a power of 2 for super speed devices > as per section 4.8.2.1 of xHCI specification. > Note that we never got this correctly. > Spotted by and ok jsg@ (mpi@) ~ usb_subr.c > Correctly check for valid maximum packet size. > from jsg@ (mpi@) ~ xhci.c > Remove a hack now that the USB stack correctly set the maximum packet > size based on the device speed. > Tested by and ok jsg@, mlarkin@ (mpi@) ~ usbdevs > SierraWireless MC7455 > from Yannick Gravel, ok phessler@ (mpi@) ~ usbdevs.h ~ usbdevs_data.h > regen (mpi@) ~ umsm.c > SierraWireless MC7455. > From Yannick Gravel, ok phessler@ (mpi@) ~ usbdevs > Add Yamaha UR22 audio interface. > From Michael W. Bombardieri <mb at ii.net>, thanks! (ratchov@) ~ usbdevs.h ~ usbdevs_data.h > sync (ratchov@) ~ uaudio.c > Add quirk to allow Yamaha UR22 to attach as uaudio(4). From > Michael W. Bombardieri <mb at ii.net>. Thanks! (ratchov@) ~ dwc2/dwc2.c ~ dwc2/dwc2var.h > Remove unused functions. > ok jmatthew@, visa@ (kettenis@) isofs/udf ~ udf_vfsops.c > use hashfree in fs code. from Mathieu - > ok guenther (tedu@) kern ~ init_main.c > add missing call to db_ctf_init(). > this was part of the larger diff that was ok guenther@ mpi@, somehow I > forgot > to commit this particular piece. (jasper@) ~ kern_sysctl.c > option INSECURE is obsolete (deraadt@) ~ subr_tree.c > whitespace fixes, no functional change (dlg@) ~ uipc_socket.c > Add some spl softnet assertions that will help us to find the right > places for the upcoming network lock. This might trigger some > asserts, but we have to find the missing code paths. > OK mpi@ (bluhm@) ~ uipc_socket.c > Protect soshutdown() with splsoftnet() to define one layer where > we enter networking code. Fixes an splassert() found by David Hill. > OK mikeb@ (bluhm@) ~ kern_sysctl.c > sysctl KERN_ARND is no longer used (in ports, it only occurs in fallback > paths of libevent). This interface was the first generation of what > eventually became getentropy(2) and arc4random(3) -- june 1997! > Ports scan by sthen, general agreement guenther (deraadt@) ~ init_main.c ~ kern_timeout.c > Introduce a new 'softclock' thread that will be used to execute timeout > callbacks needing a process context. > The function timeout_set_proc(9) has to be used instead of timeout_set(9) > when a timeout callback needs a process context. > Note that if such a timeout is waiting, understand sleeping, for a non > negligible amount of time it might delay other timeouts needing a process > context. > dlg@ agrees with this as a temporary solution. > Manpage tweaks from jmc@ > ok kettenis@, bluhm@, mikeb@ (mpi@) ~ kern_subr.c > introduce hashfree() function to free hash tables, with sizes. > ok guenther (tedu@) ~ kern_descrip.c ~ kern_event.c > move knhash size to event.h, use it for hashfree. from Mathieu - > ok guenther (tedu@) ~ kern_sysctl.c > Make a move towards ending 4 decades of kernel snooping. > Add sysctl kern.allowkmem (default 0) which controls the ability to open > /dev/mem or /dev/kmem at securelevel > 0. Over 15 years we converted 99% > of utilities in the tree to operate on sysctl-nodes (either by themselves > or via code hiding in the guts of -lkvm). > pstat -d and -v & procmap are affected and continued use of them will > require kern.allowkmem=1 in /etc/sysctl.conf. acpidump (and it's > buddy sendbug) are affected, but we'll work out a solution soon. > There will be some impact in ports. > ok kettenis guenther (deraadt@) lib/libkern ~ arch/arm/divsi3.S > Add aeabi aliases. > ok guenther@, patrick@ (kettenis@) + arch/arm/__aeabi_ldivmod.S + arch/arm/__aeabi_uldivmod.S > Add an implementation of __aeabi_ldivmode() and __aeabi_uldivmod(); clang > generates calls to these functions when compiling an armv7 kernel. > Code from NetBSD's unified userland+kernel implementation, with lots of > irrelevant (for us) #ifdefs removed. > ok patrick@, guenther@ (kettenis@) lib/libsa ~ cread.c > Correctly handle short read()s in the libsa gzip handling lseek(). Also > avoid masking the errno from a failed read(). > ok guenther@ tom@ (jsing@) ~ softraid.c > Add bcrypt pbkdf support to the softraid crypto boot loader code. > Based on a diff from djm@ (jsing@) miscfs/fifofs ~ fifo_vnops.c > Fifo did work around the socket layer. Better call soconnect2() > instead of unp_connect2(). This adds the missing splsoftnet(). > Require that socantsendmore() and socantrcvmore() in uipc_socket2.c > should be called with splsoftnet(). > Found by David Hill; OK mikeb@ (bluhm@) net ~ switchofp.c > Fix compilation by replacing old m_copym2() usage with the newer > m_dup_pkt(). While at it: fix comment and use m_dup_pkt() to align > packets instead of swofp_mbuf_align(). > ok mikeb@, yasuoka@ (rzalamena@) ~ bfd.c > apply the canary to the correct variable (phessler@) ~ bfd.c ~ bfd.h > once again, fix the bfd state-machine. this time, tested against a > juniper which rolled through several states during testing > (up->admindown->up->timeout->up) (phessler@) ~ bfd.c > remove a bunch of noisy implementation-helper printfs (phessler@) ~ bfd.c > send a nice diagnostic reason when we destroy all bfd interfaces (reboot) > (phessler@) ~ bfd.c > do a better job of setting "last state" (phessler@) ~ bfd.c > sigh, correct typo (phessler@) ~ switchofp.c > Replace duplicated VLAN injection code with the standard vlan_inject() > function. > ok goda@ (rzalamena@) ~ bfd.h > we will also want the echo timing paramater (phessler@) ~ bridgestp.c > Use splsoftassert() together with IPL_SOFTNET. On alpha and m88k > it is defined differently than splassert(IPL_SOFTNET). No binary > change on amd64. > OK mpi@ (bluhm@) ~ if.c > Create and destroy cloneable interfaces under splsoftnet > With and ok mpi, tested by David Hill and tb@, thanks! (mikeb@) ~ bfd.c > sprinkle some splsoftnet around sosocket and our soon-to-be-rtmsg locations > (phessler@) ~ bfd.c > little bit of whitespace (phessler@) ~ bfd.c > properly set our state to down when we initially create the session. > while here, fix the diag code for route-down (phessler@) ~ if_mpe.c ~ if_mpw.c ~ if_pfsync.c > Remove recursive splsoftnet() calls, from David Hill. (mpi@) ~ pf.c > Fix indentation. No binary change. (jsg@) ~ if.c > Raise spl level to IPL_SOFTNET before calling rt_ifmsg(). > From dhill@, found the hardway by semarie@ (mpi@) ~ bfd.c > remove splsoftnet around the socket functions. if they need it, they > will call it themselves. > also ensure that bfdclear is protected by softnet. > requested by claudio@ and mpi@ (phessler@) ~ bfd.c > only set the diag code when we we decide to fail it, not when the first > problem is seen (phessler@) ~ bfd.c > based on a more careful reading of the spec, we're not allowed to make > decisions on what the "my discriminator" value is from our neighbor. we > should only copy it and send it back. (phessler@) ~ bfd.c > since the kernel ticks are every 10ms, bump our minimum up a little bit. > make it harder to overload the kernel (phessler@) ~ route.h ~ rtsock.c > a route message for BFD, so we can notify userland about the status. > currently used on state-transitions. > OK mpi@ (phessler@) ~ bfd.c > a route message for BFD, so we can notify userland about the status. > currently used on state-transitions. > OK mpi@ (phessler@) net80211 ~ ieee80211_input.c ~ ieee80211_node.h > Parse the DTIM count and period advertised in beacons and store them > in the node structure. This should be useful for iwm(4) in the future. > ok phessler@ (stsp@) ~ ieee80211_input.c ~ ieee80211_node.h ~ ieee80211_proto.h > When processing an ADDBA request, iwm(4) runs a task which sends a > command to the firmware and waits for confirmation. This command can > fail and there was no way we could recover from such an error. > Allow drivers to return EBUSY from their ic_ampdu_rx_start() handler to > tell the stack not to send a confirmation just yet. The stack provides > functions which the driver can call to accept or refuse the request. > There is no functional change yet. This just shuffles code around so > drivers may insert themselves into the process. > ok mpi@ (stsp@) netinet ~ tcp_input.c > For incomming connections keep the TF_NOPUSH flag if TCP_NOPUSH was > set on the listen socket. > From David Hill; OK vgross@ (bluhm@) ~ ip_ah.c ~ ip_esp.c ~ ip_ipsp.c > convert bcopy to memcpy. from david hill. (tedu@) ~ ip_ipsp.c > Sprinkle splsoftnets in TDB timeout callbacks; ok bluhm (mikeb@) ~ ip_input.c > Fix indentation. No binary change. > ok mpi@ (jsg@) ~ ip_ecn.c ~ ip_ether.c ~ ip_ipcomp.c ~ tcp_subr.c ~ tcp_timer.c ~ tcp_usrreq.c > ANSIfy netinet/; from David Hill (naddy@) ~ ip_mroute.c > use hashfree. from Mathieu - > ok guenther (tedu@) netinet6 ~ ip6_output.c ~ raw_ip6.c > convert bcopy to memcpy. from david hill. ok jca (tedu@) nfs ~ nfs_serv.c > Fix nfsrv_symlink() indentation. No binary change. > ok mpi@ deraadt@ (jsg@) ntfs ~ ntfs_ihash.c > use hashfree in fs code. from Mathieu - > ok guenther (tedu@) sys ~ termios.h > Remove duplicated includes in stdlib.h and termios.h > OK guenther@ (fcambus@) ~ rwlock.h > Sprinkle some #ifdef _KERNEL, autumn is here. > ok dlg@ (mpi@) ~ rwlock.h > straighten the chairs (dlg@) ~ sysctl.h > sysctl KERN_ARND is no longer used (in ports, it only occurs in fallback > paths of libevent). This interface was the first generation of what > eventually became getentropy(2) and arc4random(3) -- june 1997! > Ports scan by sthen, general agreement guenther (deraadt@) ~ timeout.h > Introduce a new 'softclock' thread that will be used to execute timeout > callbacks needing a process context. > The function timeout_set_proc(9) has to be used instead of timeout_set(9) > when a timeout callback needs a process context. > Note that if such a timeout is waiting, understand sleeping, for a non > negligible amount of time it might delay other timeouts needing a process > context. > dlg@ agrees with this as a temporary solution. > Manpage tweaks from jmc@ > ok kettenis@, bluhm@, mikeb@ (mpi@) ~ systm.h > introduce hashfree() function to free hash tables, with sizes. > ok guenther (tedu@) ~ event.h > move knhash size to event.h, use it for hashfree. from Mathieu - > ok guenther (tedu@) ~ sysctl.h > Make a move towards ending 4 decades of kernel snooping. > Add sysctl kern.allowkmem (default 0) which controls the ability to open > /dev/mem or /dev/kmem at securelevel > 0. Over 15 years we converted 99% > of utilities in the tree to operate on sysctl-nodes (either by themselves > or via code hiding in the guts of -lkvm). > pstat -d and -v & procmap are affected and continued use of them will > require kern.allowkmem=1 in /etc/sysctl.conf. acpidump (and it's > buddy sendbug) are affected, but we'll work out a solution soon. > There will be some impact in ports. > ok kettenis guenther (deraadt@) tmpfs ~ tmpfs_subr.c > Fix indentation. No binary change. (jsg@) uvm ~ uvm_aobj.c > use hashfree for aobj hashes. from Mathieu - > ok guenther (tedu@) == usr.bin =========================================================== 13/14 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin usr.bin ~ Makefile > Unhook sqlite3. (sthen@) aucat ~ dsp.c > Fix many typos, from Michael W. Bombardieri <mb at ii.net>, thanks > (ratchov@) gprof ~ gprof.1 > fix the signposting for -EeFf by partially rewriting the descriptions; > diff from guenther, tweaked by me; > ok guenther (jmc@) mandoc ~ main.c > Make sure an output device is allocated before calling terminal_sepline(), > fixing a NULL pointer access that happened when the first of multiple pages > shown was preformatted, as in "man -a groff troff". > Crash reported by <jmates at ee dot washington dot edu> on bugs@, thanks! > (schwarze@) ~ main.c > We cannot use fputs(3) in passthrough() because the stdout stream > might be in stdio wide orientation due to prior formatting of an > unformatted manual in man -aTutf8 mode. So for now, use fflush(3) > followed by unbuffered write(2) instead. Fixes output corruption > on glibc discovered on Linux while testing a diff to fix a loosely > related bug reported by <jmates at ee dot washington dot edu>. > I detest the concept of stdio stream orientation. One day, i will > rewrite term_ascii.c to always use narrow streams, even in UTF-8 > output mode. But that's too much work for today. (schwarze@) openssl ~ openssl.1 > shorten verify; (jmc@) ~ openssl.1 > put the spkac section in the right place; (jmc@) ~ openssl.1 > shorten the verify error list; (jmc@) ~ openssl.1 > shorten version; (jmc@) ~ openssl.1 > shorten x509; (jmc@) ~ openssl.1 > some minor cleanup; (jmc@) ~ openssl.1 > trim STANDARDS; ok jsing (jmc@) renice ~ renice.c > Replace an exit(3) call in main() with a return to enable the stack > protector. > From Rafael Neves (bluhm@) signify ~ signify.1 > use a shell glob wildcard, that's clearer than an out of scope variable > (tedu@) sqlite3 - Makefile - shell.c - sqlite3.1 > remove usr.bin/sqlite3, it has moved back to ports (sthen@) ssh ~ channels.c ~ sshconnect1.c > Replace two more arc4random() loops with arc4random_buf(). > tweaks and ok dtucker > ok deraadt (natano@) ~ kex.c ~ packet.c > move inbound NEWKEYS handling to kex layer; otherwise early NEWKEYS causes > NULL deref; found by Robert Swiecki/honggfuzz; fixed with & ok djm@ > (markus@) ~ auth2-pubkey.c ~ sshd_config.5 > add a way for principals command to get see key ID and serial too (djm@) ~ match.c ~ addrmatch.c > Revert two recent changes to negated address matching. The new > behaviour offers unintuitive surprises. We'll find a better way > to deal with single negated matches. > match.c 1.31: > > fix matching for pattern lists that contain a single negated match, > > e.g. "Host !example" > > > > report and patch from Robin Becker. bz#1918 ok dtucker@ > addrmatch.c 1.11: > > fix negated address matching where the address list consists of a > > single negated match, e.g. "Match addr !192.20.0.1" > > > > Report and patch from Jakub Jelen. bz#2397 ok dtucker@ (djm@) ~ auth2-pubkey.c > cast uint64_t for printf (djm@) ~ kex.c > correctly return errors from kex_send_ext_info(). Fix from Sami Farin > via https://github.com/openssh/openssh-portable/pull/50 (djm@) ~ sshconnect2.c > If ssh receives a PACKET_DISCONNECT during userauth it will cause > ssh_dispatch_run(DISPATCH_BLOCK, ...) to return without the session > being authenticated. Check for this and exit if necessary. ok djm@ > (dtucker@) ~ kex.c ~ myproposal.h > support plain curve25519-sha256 KEX algorithm now that it is > approaching standardisation (same algorithm is currently supported > as [email protected]) (djm@) ~ sshd_config.5 ~ ssh_config.5 > mention curve25519-sha256 KEX (djm@) ~ sshd_config.5 > organise the token stuff into a separate section; > ok markus for an earlier version of the diff > ok/tweaks djm (jmc@) ~ kex.h > missing bit from previous commit (djm@) tcpbench ~ tcpbench.c > Add OpenBSD RCS id. (bluhm@) ~ tcpbench.1 > Document the dependency on sysctl kern.allowkmem > ok tb (deraadt@) yacc ~ output.c > Fix bad indentation. One already existed in 1.20, one introduced in 1.21; > ok tedu@ (otto@) == usr.sbin ========================================================== 14/14 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin acme-client ~ Makefile ~ main.c + acme-client.conf.5 + parse.h + parse.y > add a config file parser to acme-client (unused at the moment, so that > it can be worked on in the tree). > ok florian@ deraadt@ (benno@) ~ acme-client.conf.5 > tweak previous; (jmc@) ~ parse.y > reoorder includes, > noticed by & ok florian@ (benno@) ~ http.c > Remove more backwards compat for unsupported OpenBSD releases. (jsing@) ~ http.c > Both tls_free() and tls_config_free() are safe to call with NULL. (jsing@) ~ http.c > The file descriptor needs to be closed in both the TLS and non-TLS case, > so make it a common/shared code path. (jsing@) acpidump ~ acpidump.8 > Make a move towards ending 4 decades of kernel snooping. > Add sysctl kern.allowkmem (default 0) which controls the ability to open > /dev/mem or /dev/kmem at securelevel > 0. Over 15 years we converted 99% > of utilities in the tree to operate on sysctl-nodes (either by themselves > or via code hiding in the guts of -lkvm). > pstat -d and -v & procmap are affected and continued use of them will > require kern.allowkmem=1 in /etc/sysctl.conf. acpidump (and it's > buddy sendbug) are affected, but we'll work out a solution soon. > There will be some impact in ports. > ok kettenis guenther (deraadt@) kgmon ~ kgmon.8 > Document the dependency on sysctl kern.allowkmem > ok tb (deraadt@) npppd ~ common/radish.h > Remove the use of cast. It is unnecessary and potentially problematic. > input semarie > ok deraadt (yasuoka@) procmap ~ procmap.1 > Make a move towards ending 4 decades of kernel snooping. > Add sysctl kern.allowkmem (default 0) which controls the ability to open > /dev/mem or /dev/kmem at securelevel > 0. Over 15 years we converted 99% > of utilities in the tree to operate on sysctl-nodes (either by themselves > or via code hiding in the guts of -lkvm). > pstat -d and -v & procmap are affected and continued use of them will > require kern.allowkmem=1 in /etc/sysctl.conf. acpidump (and it's > buddy sendbug) are affected, but we'll work out a solution soon. > There will be some impact in ports. > ok kettenis guenther (deraadt@) pstat ~ pstat.c > Fix pstat -ft. In presence of the -f flag, a logic error in ttymode() > leads to entering codepaths that try to work with only partially > initialized kvm structures -- with unsurprising outcomes. > Problem found by Rob Pierce, ok deraadt (tb@) ~ pstat.c > Add pledge support to pstat > The filemode(), ttymode() and vnodemode() functions can be split into two > pieces. The *_prep() piece must be hoisted to before pledge and the rest > can run under pledge "stdio rpath vminfo". The magic block that decides > which ones of the *_prep() pieces must be run with which combination of > command line switches is quite impressive. > Patch from Rob Pierce, thanks! > ok deraadt (tb@) ~ pstat.8 > Make a move towards ending 4 decades of kernel snooping. > Add sysctl kern.allowkmem (default 0) which controls the ability to open > /dev/mem or /dev/kmem at securelevel > 0. Over 15 years we converted 99% > of utilities in the tree to operate on sysctl-nodes (either by themselves > or via code hiding in the guts of -lkvm). > pstat -d and -v & procmap are affected and continued use of them will > require kern.allowkmem=1 in /etc/sysctl.conf. acpidump (and it's > buddy sendbug) are affected, but we'll work out a solution soon. > There will be some impact in ports. > ok kettenis guenther (deraadt@) radiusd ~ radiusd.8 > some fixes from rob pierce; ok yasuoka (jmc@) relayd ~ relay.c > correct invalid use of sizeof > ok krw@ millert@ claudio@ (jsg@) ~ relay.c > Change function arguments from "unsigned char keyname[16]" to > "unsigned char *keyname" to make it clear that an array size can not > be inferred. Suggested by millert@ (jsg@) ~ relay.c > use sizeof instead of constant 16 in function calls > suggested by and ok reyk@ (jsg@) rtadvd ~ rtadvd.c > Use the correct local variable to get address & prefixlen in routing > messages > This currently has no effect because route sockets are datagram > (PR_ATOMIC) sockets, so we only get one message at a time. This means > that the parsing code could be simplified. route(4) sockets cluebat > from claudio@ (jca@) ~ rtadvd.c > Use a properly aligned buffer (malloc'd, not on stack) to get routing > messages. > This fixes rtadvd on (at least) armv7. Problem reported and fix tested > by Martin Brandenburg. (jca@) ~ config.c ~ rtadvd.h > Interval calculations are perfectly fine with ints. > OK jca@ (florian@) ~ config.c ~ rtadvd.h > consistently use MAX_ prefix > OK jca (florian@) snmpd ~ snmpd.h > Remove more duplicated includes > OK jca@, deraadt@ (fcambus@) switchd ~ proc.c ~ proc.h ~ switch.c > Kill p_env from proc.c. The p_env variable was not being used seriously and > it was always a copy of ps->ps_env. > You might access the env variable now with: p->p_ps->ps_env. > ok reyk@ (rzalamena@) ~ proc.c > Fix 'const char *' qualifier removal warning by casting it out with > uintptr_t. It is safe here to pass a 'const' to exec*(). > improved by and ok millert@ (rzalamena@) ~ switchd.c > Unbreak logging for children process in switchd(8). log_init/verbose() > must be called before proc_init() otherwise child process won't have this > configured. > ok reyk@ (rzalamena@) ~ imsg_util.c > It is ok to call free() on NULL pointers. > ok reyk@ (rzalamena@) ~ switchd.8 ~ switchd.c > Correct the flag listing for switchd(8) and add a files section for the > configuration file. Sync usage() with the result. > With feedback from and ok jmc@ (jsg@) syslogd ~ syslogd.8 ~ syslogd.c > Add an option to give syslogd a server CA that is used to validate > client certificates. This prevent that malicious clients can send > fake messages. > OK deraadt@ (bluhm@) ~ syslogd.8 > tweak previous; (jmc@) ~ syslogd.8 > Improve syslogd(8) man page. > Written together with jmc@ (bluhm@) ~ syslogd.c > With the new large socket buffer sizes, syslogd could use more mbufs > for TCP or TLS connections than before. It makes no sense to buffer > messages in kernel, the dynamic limit there makes testing the dropped > message statistics unreliable. Syslog has no high performance > requirements, so limit all TCP socket buffers to 64 KB. > OK henning@ deraadt@ (bluhm@) ~ syslogd.8 ~ syslogd.c > Document certificate handling in syslogd(8) man page. > Written together with jmc@ (bluhm@) ~ syslogd.8 > Add some more improvements from jmc@ to syslogd(8). (bluhm@) ~ syslogd.8 > Revert a wording change. Requested by jmc@ (bluhm@) ~ syslogd.8 > improve DESCRIPTION; > from bluhm and myself (jmc@) ~ syslogd.8 > sort FILES; (jmc@) sysmerge ~ sysmerge.sh > Make sure we don't have conflicting UIDs/GIDs when adding user/group. > reported by florian@ (ajacoutot@) tftp-proxy ~ tftp-proxy.8 > the pf.conf sample should refer to group _tftp_proxy, not proxy; > from joel knight (jmc@) traceroute ~ traceroute.c > Only allow standard dot notation for IPv4 addresses as target. > We can get rid of inet_aton(3) and use the AF independent getaddrinfo(3). > OK natano@, krw@, millert@, claudio@ (florian@) trpt ~ trpt.8 > Document the dependency on sysctl kern.allowkmem > ok tb (deraadt@) ypserv ~ mkalias/mkalias.c > include time.h for time() (jsg@) =============================================================================== _______________________________________________ owc mailing list [email protected] http://www.squish.net/mailman/listinfo/owc
