OpenBSD src changes summary for 2016-11-06 to 2016-11-13 inclusive ==================================================================
bin/ksh distrib/sets distrib/syspatch etc/mtree/4.4BSD.dist gnu/usr.bin/cc gnu/usr.bin/perl include/Makefile lib/csu lib/libc lib/libcrypto lib/libkvm lib/libssl lib/libtls libexec/spamd regress/lib regress/sys regress/usr.bin regress/usr.sbin sbin/ifconfig share/man share/mk share/zoneinfo sys/arch/alpha/include sys/arch/amd64/amd64 sys/arch/amd64/stand sys/arch/armv7/stand/efiboot sys/arch/armv7/sunxi sys/arch/hppa/stand sys/arch/i386/stand sys/arch/landisk/stand sys/arch/loongson/conf sys/arch/loongson/include sys/arch/loongson/loongson sys/arch/loongson/stand/boot sys/arch/loongson/stand/libsa sys/arch/luna88k/stand/boot sys/arch/macppc/stand sys/arch/mips64/include sys/arch/octeon/stand/boot sys/arch/octeon/stand/libsa sys/arch/sgi/stand/boot sys/arch/sgi/stand/libsa sys/arch/socppc/stand/boot sys/arch/sparc64/sparc64 sys/arch/sparc64/stand/bootblk sys/arch/sparc64/stand/libsa sys/arch/sparc64/stand/ofwboot sys/dev sys/dev/pci sys/dev/pv sys/dev/usb sys/dev/wscons sys/kern sys/net sys/netinet sys/netinet6 sys/sys sys/ufs/ffs sys/ufs/mfs sys/uvm usr.bin/doas usr.bin/ftp usr.bin/mandoc usr.bin/nc usr.bin/netstat usr.bin/ssh usr.bin/tmux usr.sbin/bgpd usr.sbin/httpd usr.sbin/makefs usr.sbin/relayd usr.sbin/snmpd usr.sbin/switchd usr.sbin/syspatch usr.sbin/vipw == bin =============================================================== 01/13 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/bin ksh ~ sh.1 > Fix lexicographic order of shell built-ins: trap comes before true. (tb@) == distrib =========================================================== 02/13 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib sets ~ makeetcset > Pass -peam to pax(1), so ownership and permissions that were set by > etc/Makefile during 'make distribution-etc-root-var' are explicitly > honored on the build machine. > ok rpe (tb@) ~ lists/base/md.alpha ~ lists/base/md.amd64 ~ lists/base/md.armv7 ~ lists/base/md.hppa ~ lists/base/md.i386 ~ lists/base/md.landisk ~ lists/base/md.loongson ~ lists/base/md.luna88k ~ lists/base/md.macppc ~ lists/base/md.octeon ~ lists/base/md.sgi ~ lists/base/md.socppc ~ lists/base/md.sparc64 > sync (deraadt@) ~ lists/base/md.loongson ~ lists/comp/md.loongson > sync (deraadt@) ~ Makefile > Set permissions of src.db and mandoc.db explicitly to 644 so > they don't depend on the umask during make build. > ok deraadt (tb@) ~ lists/base/md.octeon ~ lists/base/md.sgi ~ lists/comp/md.octeon ~ lists/comp/md.sgi > sync (deraadt@) ~ lists/base/md.alpha ~ lists/base/md.amd64 ~ lists/base/md.armv7 ~ lists/base/md.hppa ~ lists/base/md.i386 ~ lists/base/md.landisk ~ lists/base/md.loongson ~ lists/base/md.luna88k ~ lists/base/md.macppc ~ lists/base/md.octeon ~ lists/base/md.sgi ~ lists/base/md.socppc ~ lists/base/md.sparc64 > sync (deraadt@) ~ lists/base/md.alpha ~ lists/base/md.amd64 ~ lists/base/md.armv7 ~ lists/base/md.hppa ~ lists/base/md.i386 ~ lists/base/md.landisk ~ lists/base/md.loongson ~ lists/base/md.luna88k ~ lists/base/md.macppc ~ lists/base/md.octeon ~ lists/base/md.sgi ~ lists/base/md.socppc ~ lists/base/md.sparc64 > sync (deraadt@) ~ lists/base/mi > sync (deraadt@) ~ lists/base/mi ~ lists/comp/mi > sync (deraadt@) ~ lists/comp/mi > sync (deraadt@) syspatch ~ bsd.syspatch.mk > Use https to get the patches. > Fix syspatch naming. > ok robert@ (ajacoutot@) ~ bsd.syspatch.mk > oops, OSREV -> OSrev. (ajacoutot@) == etc =============================================================== 03/13 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/etc mtree/4.4BSD.dist ~ mtree/4.4BSD.dist > Remove /usr/libdata/perl5/site_perl, it is no longer needed. > OK tb@ (millert@) == gnu =============================================================== 04/13 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/gnu usr.bin/cc ~ cc/Makefile ~ doc/Makefile ~ include/Makefile ~ libobjc/Makefile > Set the permissions of the specs file explicitly so that they don't > depend on the umask. Install headers and info files with group bin > like all the other headers and info files. > ok stefan (tb@) usr.bin/perl ~ Makefile.bsd-wrapper > Stop installing perl .ph files > It's finally time (afresh1@) ~ config.over > Remove /usr/libdata/perl5/site_perl from sitelib and sitearch, now > that we don't install .ph files we only want to search for these > under /usr/local/libdata/perl5/site_perl. OK afresh1@ (millert@) == include =========================================================== 05/13 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/include Makefile ~ Makefile > Set owners and permissions only after all headers are installed. Add the -P > flag to chown to change the symlinks themselves instead of their targets. > Also change permissions of all symlinks, so they don't depend on the umask > during make build. > ok millert (tb@) ~ Makefile > Kill the /usr/include/ssl symlink > Proposed some time ago by tedu@, builk build by ajacoutot@ (jca@) == lib =============================================================== 06/13 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib csu ~ Makefile > Use sed -i to post-process .depend. This avoids permission issues caused > by the file being created in /tmp. > tweaks and ok tb (natano@) libc ~ gen/ttyname.c > Fix a use after free error introduced in rev 1.18 by only calling > closedir() outside the loop. OK deraadt@ guenther@ markus@ (millert@) ~ string/wcscpy.3 > the referred to EXAMPLES section is now in strncpy(3); > issue reported by scott cheloha > ok otto (jmc@) libcrypto ~ man/bn.3 > add an .Xr that was missing (schwarze@) ~ x509/x509_vpm.c > use the correct function for free > ok beck@ (bcook@) ~ x509/x509_vpm.c > Commit a reminder that the default is not the default. This needs to > be revisited. > ok jsing@ (beck@) ~ x509/x509_trs.c > The upcoming x509 alt chains diff tightens the trust requirements > for certificates. This (from OpenSSL) ensures that the current > "default" behaviour remains the same. We should revisit this > later > ok jsing@ (beck@) ~ x509/x509_vfy.c > Rework X509_verify_cert to support alt chains on certificate verification, > via boringssl. > ok jsing@ miod@ (beck@) ~ curve25519/curve25519.c > adjust guards to elide unused Bi array > ok jsing@ (bcook@) ~ curve25519/curve25519.c > Avoid compiling in an unused function. > Spotted by guenther@ (jsing@) ~ asn1/a_object.c > simplify error handling in c2i_ASN1_OBJECT > ok beck@, miod@ (bcook@) ~ man/rsa.3 > delete prototypes available in other pages and add two missing .Xr links > (schwarze@) ~ man/dsa.3 > delete prototypes available in other pages and add three missing .Xr links > (schwarze@) ~ man/ASN1_OBJECT_new.3 ~ man/ASN1_STRING_length.3 ~ man/ASN1_STRING_new.3 ~ man/ASN1_STRING_print_ex.3 ~ man/ASN1_generate_nconf.3 ~ man/BF_set_key.3 ~ man/BIO.3 ~ man/BIO_ctrl.3 ~ man/BIO_f_base64.3 ~ man/BIO_f_cipher.3 ~ man/BIO_f_md.3 ~ man/BIO_f_null.3 ~ man/BIO_find_type.3 ~ man/BIO_new.3 ~ man/BIO_push.3 ~ man/BIO_read.3 ~ man/BIO_s_accept.3 ~ man/BIO_s_bio.3 ~ man/BIO_s_connect.3 ~ man/BIO_s_fd.3 ~ man/BIO_s_file.3 ~ man/BIO_s_mem.3 ~ man/BIO_s_null.3 ~ man/BIO_s_socket.3 ~ man/BIO_set_callback.3 ~ man/BIO_should_retry.3 ~ man/BN_BLINDING_new.3 ~ man/BN_CTX_new.3 ~ man/BN_CTX_start.3 ~ man/BN_add.3 ~ man/BN_add_word.3 ~ man/BN_bn2bin.3 ~ man/BN_cmp.3 ~ man/BN_copy.3 ~ man/BN_generate_prime.3 ~ man/BN_mod_inverse.3 ~ man/BN_mod_mul_montgomery.3 ~ man/BN_mod_mul_reciprocal.3 ~ man/BN_new.3 ~ man/BN_num_bytes.3 ~ man/BN_rand.3 ~ man/BN_set_bit.3 ~ man/BN_swap.3 ~ man/BN_zero.3 ~ man/BUF_MEM_new.3 ~ man/CONF_modules_free.3 ~ man/CONF_modules_load_file.3 ~ man/CRYPTO_set_ex_data.3 ~ man/CRYPTO_set_locking_callback.3 ~ man/DES_set_key.3 ~ man/DH_generate_key.3 ~ man/DH_generate_parameters.3 ~ man/DH_get_ex_new_index.3 ~ man/DH_new.3 ~ man/DH_set_method.3 ~ man/DH_size.3 ~ man/DSA_SIG_new.3 ~ man/DSA_do_sign.3 ~ man/DSA_dup_DH.3 ~ man/DSA_generate_key.3 ~ man/DSA_generate_parameters.3 ~ man/DSA_get_ex_new_index.3 ~ man/DSA_new.3 ~ man/DSA_set_method.3 ~ man/DSA_sign.3 ~ man/DSA_size.3 ~ man/ECDSA_SIG_new.3 ~ man/EC_GFp_simple_method.3 ~ man/EC_GROUP_copy.3 ~ man/EC_GROUP_new.3 ~ man/EC_KEY_new.3 ~ man/EC_POINT_add.3 ~ man/EC_POINT_new.3 ~ man/ERR.3 ~ man/ERR_GET_LIB.3 ~ man/ERR_clear_error.3 ~ man/ERR_error_string.3 ~ man/ERR_get_error.3 ~ man/ERR_load_crypto_strings.3 ~ man/ERR_load_strings.3 ~ man/ERR_print_errors.3 ~ man/ERR_put_error.3 ~ man/ERR_remove_state.3 ~ man/ERR_set_mark.3 ~ man/EVP_BytesToKey.3 ~ man/EVP_DigestInit.3 ~ man/EVP_DigestSignInit.3 ~ man/EVP_DigestVerifyInit.3 ~ man/EVP_EncryptInit.3 ~ man/EVP_OpenInit.3 ~ man/EVP_PKEY_CTX_ctrl.3 ~ man/EVP_PKEY_CTX_new.3 ~ man/EVP_PKEY_cmp.3 ~ man/EVP_PKEY_decrypt.3 ~ man/EVP_PKEY_derive.3 ~ man/EVP_PKEY_encrypt.3 ~ man/EVP_PKEY_get_default_digest.3 ~ man/EVP_PKEY_keygen.3 ~ man/EVP_PKEY_new.3 ~ man/EVP_PKEY_print_private.3 ~ man/EVP_PKEY_set1_RSA.3 ~ man/EVP_PKEY_sign.3 ~ man/EVP_PKEY_verify.3 ~ man/EVP_PKEY_verify_recover.3 ~ man/EVP_SealInit.3 ~ man/EVP_SignInit.3 ~ man/EVP_VerifyInit.3 ~ man/HMAC.3 ~ man/MD5.3 ~ man/OBJ_nid2obj.3 ~ man/OPENSSL_VERSION_NUMBER.3 ~ man/OPENSSL_config.3 ~ man/OPENSSL_load_builtin_modules.3 ~ man/OpenSSL_add_all_algorithms.3 ~ man/PEM_read_bio_PrivateKey.3 ~ man/PEM_write_bio_PKCS7_stream.3 ~ man/PKCS12_create.3 ~ man/PKCS12_parse.3 ~ man/PKCS5_PBKDF2_HMAC.3 ~ man/PKCS7_decrypt.3 ~ man/PKCS7_encrypt.3 ~ man/PKCS7_sign.3 ~ man/PKCS7_sign_add_signer.3 ~ man/PKCS7_verify.3 ~ man/RAND_add.3 ~ man/RAND_bytes.3 ~ man/RAND_cleanup.3 ~ man/RAND_load_file.3 ~ man/RAND_set_rand_method.3 ~ man/RC4.3 ~ man/RIPEMD160.3 ~ man/RSA_blinding_on.3 ~ man/RSA_check_key.3 ~ man/RSA_generate_key.3 ~ man/RSA_get_ex_new_index.3 ~ man/RSA_new.3 ~ man/RSA_padding_add_PKCS1_type_1.3 ~ man/RSA_print.3 ~ man/RSA_private_encrypt.3 ~ man/RSA_public_encrypt.3 ~ man/RSA_set_method.3 ~ man/RSA_sign.3 ~ man/RSA_sign_ASN1_OCTET_STRING.3 ~ man/RSA_size.3 ~ man/SHA1.3 ~ man/SMIME_read_PKCS7.3 ~ man/SMIME_write_PKCS7.3 ~ man/UI_new.3 ~ man/X509_NAME_ENTRY_get_object.3 ~ man/X509_NAME_add_entry_by_txt.3 ~ man/X509_NAME_get_index_by_NID.3 ~ man/X509_NAME_print_ex.3 ~ man/X509_STORE_CTX_get_error.3 ~ man/X509_STORE_CTX_get_ex_new_index.3 ~ man/X509_STORE_CTX_new.3 ~ man/X509_STORE_CTX_set_verify_cb.3 ~ man/X509_STORE_set_verify_cb_func.3 ~ man/X509_VERIFY_PARAM_set_flags.3 ~ man/X509_new.3 ~ man/X509_verify_cert.3 ~ man/bn.3 ~ man/crypto.3 ~ man/d2i_ASN1_OBJECT.3 ~ man/d2i_DHparams.3 ~ man/d2i_DSAPublicKey.3 ~ man/d2i_ECPKParameters.3 ~ man/d2i_PKCS8PrivateKey_bio.3 ~ man/d2i_RSAPublicKey.3 ~ man/d2i_X509.3 ~ man/d2i_X509_ALGOR.3 ~ man/d2i_X509_CRL.3 ~ man/d2i_X509_NAME.3 ~ man/d2i_X509_REQ.3 ~ man/d2i_X509_SIG.3 ~ man/des_read_pw.3 ~ man/dh.3 ~ man/dsa.3 ~ man/ec.3 ~ man/engine.3 ~ man/evp.3 ~ man/i2d_PKCS7_bio_stream.3 ~ man/lh_new.3 ~ man/lh_stats.3 ~ man/rsa.3 ~ man/x509.3 > first pass; ok schwarze (jmc@) ~ man/EC_KEY_new.3 ~ man/d2i_ECPKParameters.3 ~ man/dh.3 ~ man/ec.3 > delete prototypes available in other pages and add two missing .Xr links > (schwarze@) ~ man/ERR.3 > delete prototypes available in other pages and add a missing .Xr link > (schwarze@) ~ man/BIO_s_fd.3 ~ man/BIO_s_socket.3 > document BIO_set_fd() and BIO_get_fd() in one manual page, not in two; > general direction discussed yesterday with bcook@ (schwarze@) ~ man/engine.3 > document ENGINE_add_conf_module(3) in one page, not in two (schwarze@) ~ man/EC_KEY_new.3 ~ man/d2i_ECPKParameters.3 > spacing between macro args and punctuation; (jmc@) ~ man/ASN1_OBJECT_new.3 ~ man/ASN1_STRING_length.3 ~ man/ASN1_STRING_new.3 ~ man/ASN1_STRING_print_ex.3 ~ man/ASN1_generate_nconf.3 > some minor cleanup; (jmc@) ~ man/EVP_PKEY_CTX_ctrl.3 ~ man/EVP_PKEY_get_default_digest.3 > document EVP_PKEY_get_default_digest_nid(3) in one page, not in two > (schwarze@) ~ asn1/a_object.c > don't dereference a if NULL (bcook@) ~ man/engine.3 > sort SEE ALSO; (jmc@) ~ man/BF_set_key.3 > some cleanup; (jmc@) ~ man/BIO.3 ~ man/BIO_ctrl.3 ~ man/BIO_f_base64.3 ~ man/BIO_f_buffer.3 ~ man/BIO_f_cipher.3 ~ man/BIO_f_md.3 ~ man/BIO_f_null.3 ~ man/BIO_find_type.3 ~ man/BIO_new.3 ~ man/BIO_push.3 ~ man/BIO_read.3 ~ man/BIO_s_accept.3 ~ man/BIO_s_bio.3 ~ man/BIO_s_connect.3 ~ man/BIO_s_fd.3 ~ man/BIO_s_file.3 ~ man/BIO_s_mem.3 ~ man/BIO_s_null.3 ~ man/BIO_s_socket.3 ~ man/BIO_set_callback.3 ~ man/BIO_should_retry.3 > various cleanup; (jmc@) ~ curve25519/curve25519_internal.h > Use __{BEGIN,END}_HIDDEN_DECLS to avoid exporting the internal symbols > ok jsing@ (guenther@) ~ bn/bn_sqrt.c > Reduce the ternary operator abuse > ok miod@ (guenther@) ~ evp/p5_crpt.c ~ evp/p5_crpt2.c ~ pkcs12/p12_crpt.c ~ pkcs12/p12_mutl.c ~ x509v3/v3_purp.c > Stricter checks of ASN1_INTEGER to reject ASN1_NEG_INTEGER in places when > they don't make sense. > ok beck@ (miod@) ~ lhash/lhash.c > Use more homogeneous types and avoid a possible right shift by 32 in > lh_strhash(). > ok guenther@ (miod@) ~ x509/x509_lu.c > Check for stack push failure, and correctly destroy the object we failed > to push in that case. While there replace an inline version of > X509_OBJECT_free_contents() by a call to said function. > ok beck@ (miod@) ~ man/BN_BLINDING_new.3 ~ man/BN_CTX_new.3 ~ man/BN_CTX_start.3 ~ man/BN_bn2bin.3 ~ man/BN_mod_inverse.3 ~ man/BN_mod_mul_montgomery.3 ~ man/BN_mod_mul_reciprocal.3 ~ man/BN_new.3 ~ man/BN_num_bytes.3 ~ man/BN_set_negative.3 ~ man/BN_zero.3 > some cleanup; (jmc@) ~ man/ASN1_OBJECT_new.3 > Add the correct Copyright and license. > Mention that ASN1_OBJECT_free(NULL) is OK. (schwarze@) ~ man/ASN1_STRING_length.3 > Copyright and license (schwarze@) ~ man/ASN1_STRING_new.3 > Add the correct Copyright and license. > Mention that ASN1_STRING_free(NULL) is OK. > Delete the obvious statement that a void function returns no value. > (schwarze@) ~ man/ASN1_STRING_print_ex.3 ~ man/ASN1_generate_nconf.3 > Copyright and license (schwarze@) ~ man/ASN1_OBJECT_new.3 ~ man/BUF_MEM_new.3 ~ man/CONF_modules_free.3 ~ man/CONF_modules_load_file.3 ~ man/CRYPTO_set_ex_data.3 ~ man/CRYPTO_set_locking_callback.3 ~ man/DES_set_key.3 > various cleanup; (jmc@) + man/ASN1_TIME_set.3 > import from OpenSSL, > deleting ASN1_TIME_diff() which we don't have (schwarze@) ~ man/ASN1_TIME_set.3 > minor cleanup; (jmc@) ~ man/Makefile + man/ASN1_TYPE_get.3 > import ASN1_TYPE_get(3) from OpenSSL, > deleting ASN1_TYPE_unpack_sequence() and ASN1_TYPE_pack_sequence() > which we don't have (schwarze@) ~ man/BF_set_key.3 > add Copyright and license > and delete useless and incorrect sentence > "None of the functions presented here return any value." (schwarze@) ~ man/BIO_ctrl.3 > add Copyright and license, > simplify the BIO_callback_ctrl() prototype, > and change .Fn to .Xr for two functions documented elsewhere (schwarze@) ~ man/BIO_f_base64.3 > add copyright and license > and change the reference to BIO_set_flags() from .Fn to .Xr: > we do have that function and we should import the manual (schwarze@) ~ shlib_version ~ arch/amd64/Makefile.inc > Disable ec assembly for amd64 pending fixes for ssh, and bump > majors appropriately (beck@) ~ man/ASN1_TYPE_get.3 ~ man/DH_generate_key.3 ~ man/DH_generate_parameters.3 ~ man/DH_set_method.3 ~ man/DSA_set_method.3 > minor cleanup; (jmc@) ~ x509/x509_lu.c > Fix previous change to X509_STORE_add_{cert,crl} to not free the input > object in the error path - we don't own it. (miod@) libkvm ~ kvm_file2.c ~ kvm_proc.c ~ kvm_proc2.c > Split PID from TID, giving processes a PID unrelated to the TID of their > initial thread > ok jsing@ kettenis@ (guenther@) libssl ~ s3_clnt.c > remove unused variable (bcook@) ~ s3_lib.c ~ ssl_ciph.c > unifdef -m -UOPENSSL_NO_CHACHA -UOPENSSL_NO_POLY1305 > ok beck@ (jsing@) ~ s3_lib.c ~ ssl_algs.c ~ ssl_ciph.c > Remove the single IDEA cipher suite. There is no good reason to support > this. > ok beck@ bcook@ (jsing@) ~ s3_lib.c > Adjust cipher suite strengths - move MD5 to LOW, RC4 to LOW and 3DES to > MEDIUM. > ok beck@ bcook@ (jsing@) ~ s3_srvr.c > Split out the DHE and ECDHE code paths from > ssl3_send_server_key_exchange(). > ok beck@ bcook@ (jsing@) ~ s3_srvr.c > Remove pointless check - without fixed ECDH, there is only one way to reach > this code path. > ok beck@ bcook@ (jsing@) ~ s3_srvr.c > Split ssl3_get_client_key_exchange() into separate per algorithm functions. > ok beck@ (jsing@) ~ s3_cbc.c ~ ssl_locl.h ~ t1_enc.c > Remove unused SSLv3 from ssl3_cbc_record_digest_supported(). > From Markus Uhlin <markus.uhlin at bredband dot net> > ok beck@ bcooK@ (jsing@) ~ s3_cbc.c > When using an union including a type known for having strong alignment > constraints, in order to force the union to have the same constraint, > use the actual type instead of `double'. And add a comment explaining why > we > want such an alignment in there. > ok beck@ (miod@) ~ shlib_version > Disable ec assembly for amd64 pending fixes for ssh, and bump > majors appropriately (beck@) libtls ~ tls_server.c > Set the callback on the correct ssl_ctx for the SNI case, instead of > the master only. > ok jsing@ (beck@) ~ shlib_version > Disable ec assembly for amd64 pending fixes for ssh, and bump > majors appropriately (beck@) ~ tls.h ~ tls_config.c ~ tls_init.3 > Change the return value of tls_config_set_protocols() and > tls_config_set_verify_depth() from void to int. This makes them consistent > with all other tls_config_set_* functions and will allow for call time > validation to be implemented. > Rides libtls major bump. > ok beck@ (jsing@) ~ tls.h > Bump TLS_API due to recent feature additions and changes. (jsing@) == libexec =========================================================== 07/13 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/libexec spamd ~ spamd.c > Replace bzero(3) with memset(3) > OK deraadt@ (mestre@) ~ spamd.c > Remove redundant & when clearing hostname variable, as per otto@'s request > (mestre@) == regress =========================================================== 08/13 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress lib ~ libssl/client/clienttest.c > Update regress for IDEA cipher suite removal. (jsing@) sys ~ netinet/pmtu/Makefile > Use variable REMOTE_SSH to check the setup of the remote machine. > This was a copy & paste bug from another test. Found by mpi@. (bluhm@) ~ net/pf_forward/Makefile ~ net/pf_state/Makefile ~ netinet/pmtu/Makefile > Use netstat -n in target check-setup to avoid DNS timeout. > Requested by mpi@ (bluhm@) ~ net/pf_forward/Makefile > Split the pf forwarding test into more subtests to make debugging > specific failures easier. (bluhm@) ~ net/pf_forward/Makefile > Remove the path MTU workaround in the af-to tcp test. This subtest > passes without it. For ping with af-to the expected mtu is special. > Adapt although pf is still broken here and this subtest is disabled. > (bluhm@) usr.bin ~ openssl/Makefile ~ openssl/README + openssl/appstest.sh > Add regress test script for openssl command. > ok beck@ (inoguchi@) usr.sbin ~ switchd/Makefile > Fix regress after moving ofp.h to sys/net/ (reyk@) == sbin ============================================================== 09/13 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin ifconfig ~ ifconfig.c > - Declare usage() as __dead void (remaining prototypes are not declared as > static, so keep it that way for consistency) > - s/usage(1)/usage() and inside call exit(1) explicitly since all usage() > calls > always use that value (also update comment to reflect this change) > - Remove main() prototype > - s/exit/return in main() to enable SSP > Feedback from jca@ and tb@ and OK from both (with their remarks in) > (mestre@) ~ ifconfig.c > The simple UTF-16 decode routine stopped too early due to wrong calculation > of the output buffer size. Thus elements like subscriber-id, ICC-id, IMEI > were shown truncated. > Some modules report a phone number that already has the '+' prefix. > Don't add another one when printing it. > Patch from Bryan Vyhmeister > ok otto (gerhard@) == share ============================================================= 10/13 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share man ~ Makefile > Set permissions of src.db and mandoc.db explicitly to 644 so > they don't depend on the umask during make build. > ok deraadt (tb@) ~ man4/cdce.4 > update the link for communication devices; the actual document link > is quite lengthy and the original doc has been split into five parts, > so i've just linked to the man doc page; (jmc@) ~ man8/autoinstall.8 > Change the hash version string from $2a$ to $2b$. > ok rpe (tb@) ~ man8/autoinstall.8 > Improve the description of the hostname information. > OK landry@ krw@ (rpe@) mk ~ bsd.lib.mk > Use sed -i to post-process .depend. This avoids permission issues caused > by the file being created in /tmp. > tweaks and ok tb (natano@) zoneinfo ~ Makefile > Most directories in /usr/share/zoneinfo are created by zic(8), hence their > permissions are subject to the umask. Set them explicitly to a=rx. > ok millert (tb@) == sys =============================================================== 11/13 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys arch/alpha/include ~ ptrace.h > Hide FIX_SSTEP() behind #ifdef _KERNEL > ok deraadt@ (guenther@) arch/amd64/amd64 ~ vmm.c > fix debug build (mlarkin@) arch/amd64/stand ~ Makefile.inc > Do not create machine@ symlinks in obj as root during includes:, but > defer their creation to later, so that they are owned by BUILDUSER. > This eliminates the last root-owned files in obj/ from 'make build'. > In addition, place a MACHINE == hppa test in hppa/stand/Makefile.inc > to avoid creating bogus symlinks on all other archs. > joint work with & ok natano, "let's try it" deraadt (tb@) arch/armv7/stand/efiboot ~ Makefile > Do not create machine@ symlinks in obj as root during includes:, but > defer their creation to later, so that they are owned by BUILDUSER. > This eliminates the last root-owned files in obj/ from 'make build'. > In addition, place a MACHINE == hppa test in hppa/stand/Makefile.inc > to avoid creating bogus symlinks on all other archs. > joint work with & ok natano, "let's try it" deraadt (tb@) arch/armv7/sunxi ~ sxiccmu.c > Add support for sun9i-a80, the Allwinner A80. (kettenis@) ~ sxipio.c ~ sxipio_pins.h > Add support for sun9i-a80, the Allwinner A80. (kettenis@) ~ sxiccmu.c > Add support for "allwinner,sun9i-a80-mmc-clk" compatible clocks. > (kettenis@) ~ sxiccmu.c > Add a few more easy sun9i-a80 clocks. (kettenis@) ~ sxiccmu.c > Add support for "allwinner,sun9i-a80-apb1-clk" compatible clocks. > This makes the serial console work properly and makes Cubieboard4 go > multi-user. (kettenis@) arch/hppa/stand ~ Makefile.inc > Do not create machine@ symlinks in obj as root during includes:, but > defer their creation to later, so that they are owned by BUILDUSER. > This eliminates the last root-owned files in obj/ from 'make build'. > In addition, place a MACHINE == hppa test in hppa/stand/Makefile.inc > to avoid creating bogus symlinks on all other archs. > joint work with & ok natano, "let's try it" deraadt (tb@) arch/i386/stand ~ Makefile.inc > Do not create machine@ symlinks in obj as root during includes:, but > defer their creation to later, so that they are owned by BUILDUSER. > This eliminates the last root-owned files in obj/ from 'make build'. > In addition, place a MACHINE == hppa test in hppa/stand/Makefile.inc > to avoid creating bogus symlinks on all other archs. > joint work with & ok natano, "let's try it" deraadt (tb@) arch/landisk/stand ~ Makefile.inc > Do not create machine@ symlinks in obj as root during includes:, but > defer their creation to later, so that they are owned by BUILDUSER. > This eliminates the last root-owned files in obj/ from 'make build'. > In addition, place a MACHINE == hppa test in hppa/stand/Makefile.inc > to avoid creating bogus symlinks on all other archs. > joint work with & ok natano, "let's try it" deraadt (tb@) arch/loongson/conf ~ files.loongson > Add interrupt handling routines for Loongson 3A. > Feedback from miod@ (visa@) arch/loongson/include ~ intr.h + loongson3.h > Add interrupt handling routines for Loongson 3A. > Feedback from miod@ (visa@) arch/loongson/loongson + loongson3_intr.c > Add interrupt handling routines for Loongson 3A. > Feedback from miod@ (visa@) arch/loongson/stand/boot ~ Makefile.inc > Do not create machine@ symlinks in obj as root during includes:, but > defer their creation to later, so that they are owned by BUILDUSER. > This eliminates the last root-owned files in obj/ from 'make build'. > In addition, place a MACHINE == hppa test in hppa/stand/Makefile.inc > to avoid creating bogus symlinks on all other archs. > joint work with & ok natano, "let's try it" deraadt (tb@) arch/loongson/stand/libsa ~ Makefile > Do not create machine@ symlinks in obj as root during includes:, but > defer their creation to later, so that they are owned by BUILDUSER. > This eliminates the last root-owned files in obj/ from 'make build'. > In addition, place a MACHINE == hppa test in hppa/stand/Makefile.inc > to avoid creating bogus symlinks on all other archs. > joint work with & ok natano, "let's try it" deraadt (tb@) arch/luna88k/stand/boot ~ Makefile > Do not create machine@ symlinks in obj as root during includes:, but > defer their creation to later, so that they are owned by BUILDUSER. > This eliminates the last root-owned files in obj/ from 'make build'. > In addition, place a MACHINE == hppa test in hppa/stand/Makefile.inc > to avoid creating bogus symlinks on all other archs. > joint work with & ok natano, "let's try it" deraadt (tb@) arch/macppc/stand ~ Makefile.inc > Do not create machine@ symlinks in obj as root during includes:, but > defer their creation to later, so that they are owned by BUILDUSER. > This eliminates the last root-owned files in obj/ from 'make build'. > In addition, place a MACHINE == hppa test in hppa/stand/Makefile.inc > to avoid creating bogus symlinks on all other archs. > joint work with & ok natano, "let's try it" deraadt (tb@) arch/mips64/include + loongson3.h > Add interrupt handling routines for Loongson 3A. > Feedback from miod@ (visa@) arch/octeon/stand/boot ~ Makefile.inc > Do not create machine@ symlinks in obj as root during includes:, but > defer their creation to later, so that they are owned by BUILDUSER. > This eliminates the last root-owned files in obj/ from 'make build'. > In addition, place a MACHINE == hppa test in hppa/stand/Makefile.inc > to avoid creating bogus symlinks on all other archs. > joint work with & ok natano, "let's try it" deraadt (tb@) arch/octeon/stand/libsa ~ Makefile > Do not create machine@ symlinks in obj as root during includes:, but > defer their creation to later, so that they are owned by BUILDUSER. > This eliminates the last root-owned files in obj/ from 'make build'. > In addition, place a MACHINE == hppa test in hppa/stand/Makefile.inc > to avoid creating bogus symlinks on all other archs. > joint work with & ok natano, "let's try it" deraadt (tb@) arch/sgi/stand/boot ~ Makefile > Do not create machine@ symlinks in obj as root during includes:, but > defer their creation to later, so that they are owned by BUILDUSER. > This eliminates the last root-owned files in obj/ from 'make build'. > In addition, place a MACHINE == hppa test in hppa/stand/Makefile.inc > to avoid creating bogus symlinks on all other archs. > joint work with & ok natano, "let's try it" deraadt (tb@) arch/sgi/stand/libsa ~ Makefile > Do not create machine@ symlinks in obj as root during includes:, but > defer their creation to later, so that they are owned by BUILDUSER. > This eliminates the last root-owned files in obj/ from 'make build'. > In addition, place a MACHINE == hppa test in hppa/stand/Makefile.inc > to avoid creating bogus symlinks on all other archs. > joint work with & ok natano, "let's try it" deraadt (tb@) arch/socppc/stand/boot ~ Makefile > Do not create machine@ symlinks in obj as root during includes:, but > defer their creation to later, so that they are owned by BUILDUSER. > This eliminates the last root-owned files in obj/ from 'make build'. > In addition, place a MACHINE == hppa test in hppa/stand/Makefile.inc > to avoid creating bogus symlinks on all other archs. > joint work with & ok natano, "let's try it" deraadt (tb@) arch/sparc64/sparc64 ~ db_interface.c > Split PID from TID, giving processes a PID unrelated to the TID of their > initial thread > ok jsing@ kettenis@ (guenther@) arch/sparc64/stand/bootblk ~ Makefile > Do not create machine@ symlinks in obj as root during includes:, but > defer their creation to later, so that they are owned by BUILDUSER. > This eliminates the last root-owned files in obj/ from 'make build'. > In addition, place a MACHINE == hppa test in hppa/stand/Makefile.inc > to avoid creating bogus symlinks on all other archs. > joint work with & ok natano, "let's try it" deraadt (tb@) arch/sparc64/stand/libsa ~ Makefile > Do not create machine@ symlinks in obj as root during includes:, but > defer their creation to later, so that they are owned by BUILDUSER. > This eliminates the last root-owned files in obj/ from 'make build'. > In addition, place a MACHINE == hppa test in hppa/stand/Makefile.inc > to avoid creating bogus symlinks on all other archs. > joint work with & ok natano, "let's try it" deraadt (tb@) arch/sparc64/stand/ofwboot ~ Makefile > Do not create machine@ symlinks in obj as root during includes:, but > defer their creation to later, so that they are owned by BUILDUSER. > This eliminates the last root-owned files in obj/ from 'make build'. > In addition, place a MACHINE == hppa test in hppa/stand/Makefile.inc > to avoid creating bogus symlinks on all other archs. > joint work with & ok natano, "let's try it" deraadt (tb@) dev ~ audio.c > Log start/stop of DMA if AUDIO_DEBUG is defined and be less verbose > about buffer parameters. No behaviour change. (ratchov@) ~ vnd.c ~ vndioctl.h > Bump VNDNLEN from 90 to 1024 bytes, to avoid "VNDIOCSET: File name too > long" > Introduce a new ioctl for VNDIOCSET, the old ioctl will stay around for > a bit to cope with old vnconfig/mount_vnd. > ok deraadt@ (jca@) ~ vnd.c > Revert unrelated bits that snuck in previous. (jca@) dev/pci ~ mpii.c > dont issue sas config page requests against raid targets. > doing requests like that causes lockups on boot. > reported by and this fix test by simon mages (dlg@) ~ drm/drm_irq.c > Split PID from TID, giving processes a PID unrelated to the TID of their > initial thread > ok jsing@ kettenis@ (guenther@) ~ pcidevs > Apple NVMe controller (mpi@) ~ pcidevs.h ~ pcidevs_data.h > regen (mpi@) ~ nvme_pci.c > Match Apple NVMe controller by product ID, yes apple is different. > Reported and tested by gonzalo@ on a Macbookair7,1. (mpi@) dev/pv ~ hypervic.c ~ hypervicreg.h > Handle IP address information requests > This adds the last required bit of the KVP interface: providing > IP address info back to the Host on request. Normally the Host > is not specifying the address family and in this case we prefer > to report back the first IPv4 address we can find and resort to > IPv6 only when no IPv4 addresses are configured. > It also appears that the 5th version of the message format is > not publicly documented yet and IP address information request > messages differ from the 4th version so we have to take the > negotiated protocol version down a notch. (mikeb@) ~ hyperv.c > Reserve extra space for the bufring header structure (mikeb@) ~ if_hvn.c > Don't forget to set the descriptor ready flag after decapsulation (mikeb@) ~ if_hvn.c > RNDIS data command is always the same and can be reused (mikeb@) ~ if_hvn.c > Restart the IFQ transmit routine only once per interrupt (mikeb@) ~ hyperv.c > Set the reserved field to zero (mikeb@) ~ if_hvn.c > Reorder atomic operations dealing with sc_tx_avail > The atomic decrement of the number of available descriptors must > be performed before sending the RNDIS message to the hypervisor > so that packet transmit completion that may execute in parallel > won't increase the value past the maximum. (mikeb@) dev/usb ~ if_atu.c ~ if_cue.c ~ if_mos.c ~ if_otus.c ~ if_ral.c ~ if_uath.c ~ if_upgt.c ~ if_upl.c ~ if_url.c ~ uberry.c ~ udl.c ~ udsbr.c ~ uipaq.c ~ uow.c ~ usps.c > Avoid calling usbd_set_config_no() in *_attach() and let the stack do > it instead. > If anything bad happen due to a malformed descriptor it makes no sense > to try to attach a driver, and bail before probing. > This is similar to the change to avoid calling usbd_set_config_index(). > (mpi@) ~ uaudio.c > Remove dead store. From Michael W. Bombardieri <mb at ii.net>. Thanks. > (ratchov@) ~ ehci.c ~ xhci.c > Remove superfluous DMA synchronization now that the stack is doing it for > all HCs. > ok patrick@ (mpi@) ~ if_umb.c > Use the NdpIndex of the NCM header as the offset of the NCM pointer instead > of assuming tha the NCM pointer will follow immediately after the header. > Tested by Bryan Vyhmeister and Otte Moerbeek > ok otto (gerhard@) dev/wscons ~ wsdisplay.c > Split PID from TID, giving processes a PID unrelated to the TID of their > initial thread > ok jsing@ kettenis@ (guenther@) kern ~ exec_elf.c ~ init_main.c ~ kern_exit.c ~ kern_fork.c ~ kern_kthread.c ~ kern_ktrace.c ~ kern_proc.c ~ kern_prot.c ~ kern_sysctl.c ~ sys_generic.c ~ sys_process.c ~ vfs_lockf.c > Split PID from TID, giving processes a PID unrelated to the TID of their > initial thread > ok jsing@ kettenis@ (guenther@) ~ subr_pool.c > rename some types and functions to make the code easier to read. > pool_item_header is now pool_page_header. the more useful change > is pool_list is now pool_cache_item. that's what items going into > the per cpu pool caches are cast to, and they get linked together > to make a list. > the functions operating on what is now pool_cache_items have been > renamed to make it more obvious what they manipulate. (dlg@) ~ uipc_mbuf.c > Do not dereference a variable without initializing it beforehand. > Fix a typo introduced in m_pullup(9) refactoring and found the hard > way by semarie@ while testing another diff. > ok mikeb@, dlg@ (mpi@) ~ uipc_syscalls.c > Do not call splsoftnet() recursively, this won't work with a lock. > closef() on a socket will call soclose() which call splsoftnet(). So > make sure we release the IPL level first in error paths. > Found by Nils Frohberg while testing another diff. > ok mikeb@, bluhm@ (mpi@) ~ kern_sysctl.c > Export p_cpuid via sysctl for all processes; ok guenther (mikeb@) ~ kern_pledge.c > Fix typo in comment: it's vm.loadavg, not kern.loadavg. > From patrick keshishian (tb@) net ~ pfkey.c > Kill duplicated declarations. (mpi@) ~ switchofp.c > Change swofp_flow_entry_put_instructions() parameters to be like the other > validations functions so it can returns errors with code 0. While here > fix some minor details: memory leak on duplicated instructions, remove > unused goto label, fix some whitespace/tab issues. > ok reyk@ (rzalamena@) ~ switchofp.c > Remove duplicated call for splnet() inside the swofp_mp_recv_port_stats() > and swofp_mp_recv_port_desc(). We already have splnet() before calling > swofp_input(). > ok reyk@ (rzalamena@) ~ switchofp.c > Add validation for input data that we use as switch configuration, like: > OXM matchs, switch actions and switch instructions. With this validations > we don't have to rely on having a flawless controller and then we don't > need to restrict switch(4) usage with just switchd(8). > ok reyk@ (rzalamena@) ~ route.c > Use rtalloc(9) instead of ifa_ifwithnet(). > ifa_ifwithnet() checks if a given address is directly connected. This > function predates the introduction of the BSD routing table. Nowdays > we can check if the route for the given address is marked as RTF_GATEWAY. > This works on OpenBSD because we always install RTF_CONNECTED routes > for subnets a and RTF_HOST route per p2p link. > ok vgross@ (mpi@) ~ if.c ~ if_var.h > RIP ifa_ifwithnet() > ok vgross@ (mpi@) ~ if.c > No longer need radix.h (mpi@) ~ if_switch.h ~ switchctl.c > Teach switch(4) device read(2) operations to behave like a stream socket, > so the userland programs can use it without having to do any special > treatment (e.g. having to read() whole packets with just 1 call or lose > it). > This also allows userland to read more than one ofp header/payload with one > syscall. > ok mikeb@ (rzalamena@) ~ route.c > Do not call splsoftnet() recursively, this won't work with a lock. > Timers configured via rt_timer_add(9) always run at IPL_SOFTNET, so > assert that rather than calling splsoftnet(). > ok bluhm@ (mpi@) ~ switchctl.c > Simplify the switchread loop and fix the case where only first mbuf in > the chain was being read. While here rename mbuf variable and remove > unused ones. > ok mikeb@ (rzalamena@) ~ switchofp.c > Fix swofp_send_error mbuf handling so it doesn't leak mbufs and set the > proper mbuf header length. > ok mikeb@ (rzalamena@) ~ if_switch.c ~ if_switch.h ~ switchctl.c ~ switchofp.c > Add support for partial writes in switchwrite so we can use multiple > write() to write one packet. With this we also get support for writing > multiple ofp packets with a single write. > ok mikeb@ (rzalamena@) ~ if_switch.h ~ switchctl.c > Remove mutexes protection from the switchctl as they don't seem to be > doing anything for us, and remove some whitespaces from the header that > can be found near the removed lines. > ok mikeb@ (rzalamena@) netinet ~ tcp_input.c ~ tcp_timer.c > Use goto for consistently instead of splx() and return. > This will allow to have a single lock/unlock dance per timer. (mpi@) ~ if_ether.c > ARP and NDP timeouts mess with the routing table, so they need a process > context. > Convert them to timeout_set_proc(9). (mpi@) ~ ip_input.c > Only use the routing table for source address selection when processing IP > options. > Make sure the next hop is directly reachable if IPOPT_SSRR is set. > Input from and ok vgross@ (mpi@) ~ ip_icmp.c > Do not call splsoftnet() recursively, this won't work with a lock. > Timers configured via rt_timer_add(9) always run at IPL_SOFTNET, so > assert that rather than calling splsoftnet(). > ok bluhm@ (mpi@) netinet6 ~ nd6.c > ARP and NDP timeouts mess with the routing table, so they need a process > context. > Convert them to timeout_set_proc(9). (mpi@) ~ icmp6.c > Do not call splsoftnet() recursively, this won't work with a lock. > Timers configured via rt_timer_add(9) always run at IPL_SOFTNET, so > assert that rather than calling splsoftnet(). > ok bluhm@ (mpi@) sys ~ proc.h ~ selinfo.h ~ sysctl.h > Split PID from TID, giving processes a PID unrelated to the TID of their > initial thread > ok jsing@ kettenis@ (guenther@) ~ proc.h > Fix typo in comment (guenther@) ~ pool.h > rename some types and functions to make the code easier to read. > pool_item_header is now pool_page_header. the more useful change > is pool_list is now pool_cache_item. that's what items going into > the per cpu pool caches are cast to, and they get linked together > to make a list. > the functions operating on what is now pool_cache_items have been > renamed to make it more obvious what they manipulate. (dlg@) ~ ctf.h > Typo in the guard (mpi@) ufs/ffs ~ ffs_softdep.c > Split PID from TID, giving processes a PID unrelated to the TID of their > initial thread > ok jsing@ kettenis@ (guenther@) ufs/mfs ~ mfs_vfsops.c ~ mfs_vnops.c ~ mfsnode.h > Split PID from TID, giving processes a PID unrelated to the TID of their > initial thread > ok jsing@ kettenis@ (guenther@) uvm ~ uvm_map.c ~ uvm_page.c ~ uvm_page.h > Split PID from TID, giving processes a PID unrelated to the TID of their > initial thread > ok jsing@ kettenis@ (guenther@) == usr.bin =========================================================== 12/13 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin doas ~ parse.y > missing semicolon at end of rule. yacc doesn't seem to mind, though. > from Edakawa (tedu@) ftp ~ main.c > Bump ftp(1)'s cipher default from "all" to "legacy" - this really should > be "compat", but that will require further testing. > ok beck@ (jsing@) mandoc ~ tag.c > support more than one tag entry for the same search term; > general idea discussed with bcook@ during l2k16 (schwarze@) ~ tag.c > skip leading \& and \e in tags (schwarze@) ~ mdoc_term.c > generate two tag entries from list entries of the form > .It Macro tag1 ... | Macro tag2 ... > written on the TGV Toulouse-Paris (schwarze@) ~ mdoc_term.c ~ tag.c > implement tag priority 0, which will tag only keys that appear as > tag candidates exactly once, and use it for .Em and .Sy; > written on the TGV Toulouse-Paris (schwarze@) ~ mdoc_term.c > tag leading .Dv, .Li, and .No in .It; > written on the TGV Paris-Strassbourg (schwarze@) ~ mdoc_term.c > use .Fn in custom sections for tagging, in addition to in DESCRIPTION; > written on the TGV Paris-Strassbourg (schwarze@) ~ man.1 > document improved tagging functionality (schwarze@) ~ read.c > warn about trailing whitespace at the end of comments; > missing feature noticed by jmc@ (schwarze@) nc ~ nc.1 ~ netcat.c > rename tlslegacy to tlsall, and better describe what it does. > ok jsing@ (beck@) ~ nc.1 > tweak previous; (jmc@) netstat ~ inet.c > Print the route cached at the inp with netstat -P. While there, > fix a compiler warning about missing prototype. > OK claudio@ mpi@ (bluhm@) ssh ~ auth.c ~ match.c ~ servconf.c > Validate address ranges for AllowUser/DenyUsers at configuration load > time and refuse to accept bad ones. It was previously possible to > specify invalid CIDR address ranges (e.g. [email protected]/55) and these > would always match. > Thanks to Laurence Parry for a detailed bug report. ok markus (for > a previous diff version) (djm@) ~ auth.c > unbreak DenyUsers; reported by henning@ (djm@) tmux ~ cmd-run-shell.c > Do not crash with run-shell -b and no window pane available, reported by > Sergei Dyshel. (nicm@) ~ server.c > Do not execute commands for a client until it has identified, fixes > problem reported by Frank Terbeck. (nicm@) ~ cmd-run-shell.c > Apply the right fix for run -b, used the wrong diff before. (nicm@) == usr.sbin ========================================================== 13/13 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin bgpd ~ rde.c > draft-ietf-idr-optional-transitive-00 became RFC 7606 > changes from the draft to the RFC: > - PARTIAL flag is no longer considered protection > - for some attrs, a length of 0 is invalid > OK florian@ (phessler@) ~ rde_filter.c > properly check if large-community was set before > reported by Job Snijders (phessler@) ~ bgpd.8 > update reference to the RFC now numbered 7606 > reminded by jmc@ (phessler@) httpd ~ config.c ~ httpd.conf.5 ~ httpd.h ~ parse.y ~ server.c > Add OCSP stapling support to httpd > ok jsing@ bcook@ (beck@) ~ httpd.conf.5 > tweak previous; (jmc@) ~ parse.y > since ocsp stapling is optional, make sure we guard if we do not have it. > ok jsing@ (beck@) ~ server.c > conditionalize ocsp load properly > ok jsing@ (beck@) ~ server.c > Fix tcp ip ttl / minttl on IPv6 sockets. > ok florian@ (jca@) makefs ~ ffs.c ~ ffs.h > Remove unused fields from ffs_opt_t. (natano@) ~ makefs.c > pledge for "stdio rpath wpath cpath" promises since it only needs to > read/write/create files > OK natano@ and tb@, thank you both for noticing the bad indentation > (mestre@) ~ ffs.c ~ ffs.h > Add a disklabel option that creates a disklabel with the info provided > by disktab. This is one piece of the puzzle that will allow use to build > install media without vnd. > ok deraadt (natano@) ~ makefs.8 > Describe -o disklabel=name. (natano@) ~ ffs.c > Respect -Ooffset for the disklabel location. (natano@) ~ ffs.c ~ ffs.h > Remove the unused cpg field from ffs_opt_t. (natano@) ~ ffs.c > Sync bsize and fsize defaults with newfs. (natano@) ~ ffs.c ~ makefs.8 > Optimize for space by default. > ok deraadt (natano@) ~ ffs.c ~ ffs.h ~ ffs/mkfs.c > Clean up FFS option handling somewhat; no functional change. (natano@) ~ ffs.c ~ ffs.h ~ makefs.8 > Pick up the FS image size, the sector size and the bsize and fsize > parameters from the disklabel. > discussed with deraadt (natano@) relayd ~ relay.c ~ relay_udp.c > Fix tcp ip ttl / minttl on IPv6 sockets. > ok florian@ (jca@) snmpd ~ parse.y ~ snmpd.conf.5 ~ snmpd.h ~ snmpe.c ~ trap.c ~ util.c > Improve source IP address handling. > - send replies using a source address equal to the destination address > of queries, using IP_SENDSRCADDR. This help in multihomed setups and > can remove the need to explicitely configure a bind address. > - config knob to set the source address of packets sent to trap > receivers. "trap receiver" gains an optional "source-address" > setting. > Source address issues reported by Andy Lemin. ok benno@ (jca@) switchd ~ ofp13.c > Fix a small parsing error in packet-in: don't count ofp_match header bytes > when iterating over the OXMs. It only works because the last bytes are > either padding or something that looks like OXM. > ok reyk@ (rzalamena@) ~ ofp13.c > Implement support for flow-mod messages validation, this includes: > action and instructions validation. > ok reyk@ (rzalamena@) ~ ofrelay.c ~ switchd.h > Remove "workarounds" for the read and write path that were needed to > handle /dev/switch connections that didn't quite behave like TCP > connections (no support for writev, no partial reads). With > rzalamena's changes to switch(4), it now works as expected and doesn't > need any special treatment anymore. > OK rzalamena@ (reyk@) ~ ofp10.c ~ ofp_common.c ~ switchd.h > Move ofp_validate_header() into ofp_common.c. No functional change. > (reyk@) syspatch ~ syspatch.sh > Rework the cleanup trap handling using the EXIT trap; > trap 'cleanup; goes; here' EXIT > trap exit HUP INT TERM ERR FOO BAR BAZ > This makes sure the cleanup is always done (unless we exec), and > preserves the exit code, such as SIGINT => 130. > Also trap less signals. Special signals are special. > tested and OK ajacoutot@ (halex@) ~ syspatch.sh > Few fixes and consistency. (ajacoutot@) ~ syspatch.8 > Simplify. (ajacoutot@) ~ syspatch.sh > syspatch-60-001_foobar -> syspatch60-001_foobar to match base system sets > name. > Should be transparent to the early testers as long as you have the most > recent > syspatch.sh checkout from cvs(1). (ajacoutot@) ~ syspatch.sh > Create the bsd rollback kernel in create_rollback() (it is contained in > the rollback tarball anyway but that's impractical if the new bsd does > not boot ;-)). > While here, make sure /bsd actually exists before saving it. (ajacoutot@) ~ syspatch.sh > Remove redundant check. (ajacoutot@) ~ syspatch.sh > Extend mtree(8) comment. (ajacoutot@) ~ syspatch.sh > Simplify checkfs() and fix read-only/remote fs detection. (ajacoutot@) ~ syspatch.8 > Extend documentation a bit. It'll probably need some adjustments soon. > (ajacoutot@) ~ syspatch.sh > Improve the cleanup error handling to make sure the exit code is > really preserved. > Noticed by, discussed with, and fix approved tb@ (halex@) vipw ~ vipw.c > - Remove -? since parameters don't make sense for this command (but still > keep > default case to have usage() explaining that) > - Replace exit(3) with return to enable SSP (mestre@) =============================================================================== _______________________________________________ owc mailing list [email protected] http://www.squish.net/mailman/listinfo/owc
