OpenBSD/src WlZ2Tu9lib/libssl tls13_handshake_msg.c tls13_internal.h

   Provide a handshake message handling implementation for TLS 1.3.

   It receives handshake messages by reading and parsing data from the record
   layer. It also provides support for building and sending handshake
   messages.

   ok tb@

OpenBSD/src 5zMRxXIlib/libssl tls13_record_layer.c tls13_internal.h

   Provide an initial implementation of the TLS 1.3 record layer.

   This is entirely self-contained and knows nothing about SSL or BIO. The
   bottom of the stack is provided by wire read and write callbacks, with the
   API to the record layer primarily being via
   tls13_{read,write}_{application,handshake}_data().

   This currently lacks some functionality, however will be worked on in tree.

   ok tb@

OpenBSD/src e2VvEhcregress/lib/libssl/record recordtest.c

   Update record regress to match functionality changes.

OpenBSD/src Su6825lregress/sys/dev/kcov kcov.c Makefile

   run all tests for each supported trace mode

OpenBSD/src Jbxnr3Hshare/man/man4 kcov.4, sys/arch/amd64/conf Makefile.amd64

   Add support for a new kcov trace mode called KCOV_MODE_TRACE_CMP where
   comparison instructions and switch statements are being traced. This mode will
   be used during fuzzing to generate even more coverage. The same mode is also
   supported by FreeBSD and Linux.

   Thanks to jmc@ for improving the manual bits.

   ok bluhm@ visa@

OpenBSD/src LSkNfzTsys/dev kcov.c

   Rework conditional for clarity, no functional change.

   ok bluhm@ visa@ (as part of a larger diff)
VersionDeltaFile
1.12+2-2sys/dev/kcov.c
+2-21 files

OpenBSD/src TmX6Stslib/libssl tls13_record.c tls13_record.h

   Provide a way to get just the record header.

   Also check record size limits when reading records and setting data.

   ok tb@

OpenBSD/src 63btNgnregress/lib/libssl Makefile

   hook handshake test
VersionDeltaFile
1.35+2-1regress/lib/libssl/Makefile
+2-11 files

OpenBSD/src kU7UewZregress/lib/libssl/handshake valid_handshakes_terminate.c Makefile

   Add a simple test that verifies that every valid handshake
   sets action->handshake_complete.

OpenBSD/src whB8XHxlib/libssl tls13_handshake.c

   revert second hunk of previous that was committed by accident
VersionDeltaFile
1.14+2-2lib/libssl/tls13_handshake.c
+2-21 files

OpenBSD/src Nzbovmplib/libssl tls13_handshake.c

   Add missing prototype for tls13_handshake_active_action().

   ok jsing
VersionDeltaFile
1.13+4-2lib/libssl/tls13_handshake.c
+4-21 files

OpenBSD/src fNEgOleusr.sbin/bgpd bgpd.c

   explicitly check if the session engine exited by comparing the pid

   ok claudio@
VersionDeltaFile
1.207+13-8usr.sbin/bgpd/bgpd.c
+13-81 files

OpenBSD/src iRNKevNsys/dev/pci if_ixl.c

   implement ixl_rxrinfo, dynamically allocating the buffer to prepare for
   multiple receive rings at some point in the future.

   ok dlg@
VersionDeltaFile
1.12+30-3sys/dev/pci/if_ixl.c
+30-31 files

OpenBSD/src k8QR5g0lib/libc/sys getitimer.2

   correct the RETURN VALUES of the macros, document the HISTORY of
   the macros, and simplify one wording;
   OK millert@, tweak and OK jmc@
VersionDeltaFile
1.31+37-9lib/libc/sys/getitimer.2
+37-91 files

OpenBSD/src vSP9Tvcetc/rc.d rc.subr

   The shell will strip the quotes from daemon_flags when starting a daemon so make
   sure pexp matches the process (i.e. doesn't include the quotes).
   It's a bit hackish but it allows things like these in rc.conf.local:
   relayd_flags=-D IPS="1.2.3.4 2.3.4.5"

   And we properly end up with...
   $ grep ^pexp /var/run/rc.d/relayd
   pexp=/usr/sbin/relayd -D IPS=1.2.3.4 1.2.3.5
   ... which matches what is in the process list:
   root     14217  <snip>    0:00.01 /usr/sbin/relayd -D IPS=1.2.3.4 1.2.3.5

   There's always the possibility that we have introduced a regressions with hand
   crafted functions in rc.d scripts (mostly from packags), so watch out.

   reported by and debugged with claudio@
VersionDeltaFile
1.130+4-2etc/rc.d/rc.subr
+4-21 files

OpenBSD/src ZgPedxishare/man/man4 route.4

   AF_ROUTE is preferred over PF_ROUTE in socket() and
   setsockopt() calls.

   Recommended by guenther@ ok deraadt@
VersionDeltaFile
1.48+5-5share/man/man4/route.4
+5-51 files

OpenBSD/src nqUTRURgames/snake snake.c

   printing the pinball bonus in the corner is confusing when you lose.
   just let the bonus happen if it does, players will figure it out.
VersionDeltaFile
1.33+1-2games/snake/snake.c
+1-21 files

OpenBSD/src 2u10yKigames/snake snake.c

   remove some obsolete comments about deleted code
VersionDeltaFile
1.32+1-43games/snake/snake.c
+1-431 files

OpenBSD/src GwVyR1Jgames/snake snake.c

   quick fix to keep the cursor in the corner during space warp.
   less distracting this way.
VersionDeltaFile
1.31+2-1games/snake/snake.c
+2-11 files

OpenBSD/src ZbBEPxfgames/snake snake.c

   if the snake ran over the money, print the treasure instead of empty.
   bug noticed by mlarkin
VersionDeltaFile
1.30+7-3games/snake/snake.c
+7-31 files

OpenBSD/src cSVlhRwlib/libc/hash siphash.c

   use standard headers for siphash

   ok tedu@
VersionDeltaFile
1.8+3-4lib/libc/hash/siphash.c
+3-41 files

OpenBSD/src NPTclWYusr.bin/systat vmstat.c

   don't reuse global between functions; the value is wrong.
   reported by Bryan Linton
VersionDeltaFile
1.90+5-3usr.bin/systat/vmstat.c
+5-31 files

OpenBSD/src O2ActUVsys/scsi st.c sd.c

   When retiring a SCSI request, sometimes the buf's b_error value is
   forcibly set to a value. Make sure that in all those cases the B_ERROR
   flag is cleared (if b_error is being set to 0) or set (if b_error is
   being set to non-zero) appropriately.

   ok dlg@ jmatthew@
VersionDeltaFile
1.135+8-6sys/scsi/st.c
1.276+7-4sys/scsi/sd.c
1.223+6-4sys/scsi/cd.c
+21-143 files

OpenBSD/src UUh6ICslib/libc/crypt arc4random_uniform.c

   include stdint.h over sys/types.h

   ok deraadt@ tedu@

OpenBSD/src UFYtD1rlib/libssl tls13_handshake.c

   Add some internal consistency checks to the handshake state handling.

   Fix the tls13_handshake_advance_state_machine() return value, which
   inadvertantly got flipped in an earlier commit. Also move this function
   to a more suitable location.

   ok tb@
VersionDeltaFile
1.12+23-9lib/libssl/tls13_handshake.c
+23-91 files

OpenBSD/src 5DjHkSrlib/libssl ssl_tlsext.c

   TLS 1.3 clients always need to send the supported groups extension.

   A couple of cleanup/style tweaks while here.

   ok tb@
VersionDeltaFile
1.31+5-4lib/libssl/ssl_tlsext.c
+5-41 files

OpenBSD/src YY7fHlQlib/libutil imsg.h imsg_init.3

   Change imsg header definitions to use standard types.

   ok deraadt@ claudio@

OpenBSD/src mUmu3ZOsys/dev/acpi acpibtn.c

   make this look more like other pwr_action code (small_kernel)
VersionDeltaFile
1.47+12-5sys/dev/acpi/acpibtn.c
+12-51 files

OpenBSD/src xRdzp3Osbin/dhclient dhclient.c

   Don't delay signal(SIGPIPE, SIG_IGN) until go_daemon() does it. First,
   go_daemon() may not be called before the first error. Second,
   go_daemon() doesn't do anything when '-d' is specified.
VersionDeltaFile
1.619+3-1sbin/dhclient/dhclient.c
+3-11 files

OpenBSD/src D3JsXRjlib/libssl tls13_handshake.c

   Add an explicit flag to indicate a successful handshake instead
   of overloading/abusing action->sender.

   ok jsing
VersionDeltaFile
1.11+6-8lib/libssl/tls13_handshake.c
+6-81 files

OpenBSD/src dNnR98zusr.bin/ssh moduli.c

   Fix BN_is_prime_* calls in SSH, the API returns -1 on error.

   Found thanks to BoringSSL's commit 53409ee3d7595ed37da472bc73b010cd2c8a5ffd
   by David Benjamin.

   ok djm, dtucker
VersionDeltaFile
1.33+14-5usr.bin/ssh/moduli.c
+14-51 files

OpenBSD/src pedBBoMusr.bin/openssl prime.c

   Fix BN_is_prime_* calls in openssl(1), the API returns -1 on error.

   Found thanks to BoringSSL's commit 53409ee3d7595ed37da472bc73b010cd2c8a5ffd
   by David Benjamin.

   ok djm, jsing
VersionDeltaFile
1.12+8-4usr.bin/openssl/prime.c
+8-41 files

OpenBSD/src It8QUmPlib/libcrypto/bn bn_x931p.c, lib/libcrypto/dh dh_check.c

   Fix BN_is_prime_* calls in libcrypto, the API returns -1 on error.

   From BoringSSL's commit 53409ee3d7595ed37da472bc73b010cd2c8a5ffd
   by David Benjamin.

   ok djm, jsing

OpenBSD/src w7yx0Z8sys/dev/pci if_ixl.c

   Handle link state change interrupts by issuing IXL_AQ_OP_PHY_LINK_STATUS
   to the admin queue.  We don't need to wait for or process the reply,
   because the existing admin reply queue processing already does it.

   ok dlg@
VersionDeltaFile
1.11+42-9sys/dev/pci/if_ixl.c
+42-91 files

OpenBSD/src R9YNvBXsys/kern kern_tc.c

   Serialize tc_windup() calls and modification of some timehands members.

   If a user thread from e.g. clock_settime(2) is in the midst of changing
   the boottime or calling tc_windup() when it is interrupted by hardclock(9),
   the timehands could be left in a damaged state.

   So protect tc_windup() calls with a mutex, timecounter_mtx.  hardclock(9)
   merely attempts to enter the mutex instead of spinning because it cannot
   afford to wait around.  In practice hardclock(9) will skip tc_windup() very
   rarely, and when it does skip there aren't any negative effects because the
   skip indicates that a user thread is already calling, or about to call,
   tc_windup() anyway.

   Based on FreeBSD r303387 and NetBSD sys/kern/kern_tc.c,v1.30

   Discussed with mpi@ and visa@.  Tons of nice technical detail about
   lockless reads from visa@.

   OK visa@
VersionDeltaFile
1.36+20-4sys/kern/kern_tc.c
+20-41 files

OpenBSD/src KF2FPURusr.bin/ssh dh.h

   DH-GEX min value is now specified in RFC8270.  ok djm@
VersionDeltaFile
1.17+2-2usr.bin/ssh/dh.h
+2-21 files

OpenBSD/src dcjBrwJsys/arch/amd64/amd64 vmm.c

   Use rdmsr_safe in svm_handle_msr

   Avoid reading possibly missing MSRs

   ok guenther@
VersionDeltaFile
1.224+12-4sys/arch/amd64/amd64/vmm.c
+12-41 files

OpenBSD/src kPmfIjVsys/arch/amd64/amd64 locore.S vector.S, sys/arch/amd64/include cpufunc.h

   Implement rdmsr_safe

   rdmsr_safe is used when reading potentially missing MSRs, to avoid
   triggering #GPs in the kernel.

   ok guenther

OpenBSD/src LZ187HWsys/dev/acpi acpi.c

   fix SMALL_KERNEL build after changes in rev 1.361
   reported by naddy@ ok deraadt@
VersionDeltaFile
1.362+3-1sys/dev/acpi/acpi.c
+3-11 files

OpenBSD/src o2rgqilusr.bin/ssh serverloop.c

   fix error in refactor: use ssh_packet_disconnect() instead of
   sshpkt_error(). The first one logs the error and exits (what we want)
   instead of just logging and blundering on.
VersionDeltaFile
1.213+6-4usr.bin/ssh/serverloop.c
+6-41 files

OpenBSD/src QAeEowwshare/man/man4 simplefb.4

   typo: "wsdisplay* at simlefb?" -> "wsdisplay* at simplefb?"
VersionDeltaFile
1.2+3-3share/man/man4/simplefb.4
+3-31 files

OpenBSD/src SszKJYAusr.bin/ssh dispatch.h Makefile.inc

   remove last traces of old packet API!

   with & ok markus@

OpenBSD/src K4STdvFusr.bin/ssh sshd.c ssh_api.c

   remove last references to active_state

   with & ok markus@

OpenBSD/src nK0vxTtusr.bin/ssh monitor.c monitor.h

   convert monitor.c to new packet API

   with & ok markus@

OpenBSD/src 0w6504Yusr.bin/ssh sshd.c

   convert sshd.c to new packet API

   with & ok markus@
VersionDeltaFile
1.525+39-30usr.bin/ssh/sshd.c
+39-301 files

OpenBSD/src QqGPqwRusr.bin/ssh session.c

   convert session.c to new packet API

   with & ok markus@
VersionDeltaFile
1.312+84-60usr.bin/ssh/session.c
+84-601 files

OpenBSD/src wBJDg5Xusr.bin/ssh auth.c auth.h

   convert auth.c to new packet API

   with & ok markus@

OpenBSD/src c0PMnKRusr.bin/ssh serverloop.c

   convert serverloop.c to new packet API

   with & ok markus@
VersionDeltaFile
1.211+205-153usr.bin/ssh/serverloop.c
+205-1531 files

OpenBSD/src QDWWOeEusr.bin/ssh sshconnect2.c

   convert the remainder of sshconnect2.c to new packet API

   with & ok markus@
VersionDeltaFile
1.295+46-49usr.bin/ssh/sshconnect2.c
+46-491 files

OpenBSD/src VZ2wPoJusr.bin/ssh clientloop.c

   convert the remainder of clientloop.c to new packet API

   with & ok markus@
VersionDeltaFile
1.321+31-34usr.bin/ssh/clientloop.c
+31-341 files