guest - flak

openbsd changes of note 627

The hackers, they thonned.

We are no longer processing router advertisements in the kernel. We are no longer generating privacy addresses in the kernel. Remove knob and always do neighbor unreachable detection.

Cleanups, rewrites, refinements, and more in the ssl code.

Expose TSC to vmm guest.

Power off all azalia codecs on shutdown to eliminate static noise in speakers or headphones on reboot.

Unlink unused libobjc. If you need objective C support, turn to ports.

Clean up the EC key/curve configuration handling. We no longer support ECDH and ECDHE can be disabled by removing ECDHE ciphers from the cipher list. As such, permanently enable automatic EC curve selection and generation, effectively disabling all of the configuration knobs.

Make rw_enter() always succeed after a panic, preventing deadlocks trying to reboot.

With a CTF kernel, DDB’s print command will now pretty-print symbols.

Start rewriting TLS extension handling code. I think the goal is to reduce the weirdness in the code, though I’m not sure how much weirdness can be removed from the TLS extensions themselves.

Import ctfconv, a tool for generating CTF data section (SUNW_ctf) based on DWARF information. Also includes ctfstrip.

Have ksh check for old history files and ignore them instead of printing lots of errors.

Stop checking the RTC diagnostic status to avoid useless error reports.

Further explore the possible device namespace by adding rkdwusb.

Add -N option to pfctl to disable name resolution.

Add fktrace syscall. Just like ktrace, but takes a file descriptor.

Add -l option to netstat to only show listening sockets.

Update to unbound 1.6.4.

Disable ultra low power mode for em since the hardware sometimes fails to initialize.

Ignore unknown ACPI events on ThinkPads by default since they keep adding more.

Remove NPN support from libssl. ALPN is the real deal.

Improve AHCI hibernate writeout performance by doing smaller delays between each I/O. With a fast disk, this is potentially several times faster.

Fix some deadlocks and other errors in the iwm timing and locking code.

One of my favorite workarounds finally bites the dust. Remove support for the TLS padding extension. This was added as a workaround for broken F5 TLS termination, which then created issues talking to broken IronPorts. The size of the padding is hardcoded so it cannot be used in any generic sense.

LibreSSL libraries compile without warnings with clang. Add -Werror to keep it that way.

New flag PR_RWLOCK for pool_init makes the pool use rwlocks instead of mutexes. This could use a bit of explanation since it’s kind of a bugfix via indirect side effect. Currently, one must use a mutex without an IPL (interrupt protection level) with some care. If an interrupt occurs, it will try to acquire the global kernel lock; meanwhile if another processor has the global lock and is trying to acquire the mutex, that will deadlock. This can be resolved by raising the IPL of the mutex, however we don’t want to do that unnecessarily for a mutex that’s never used in interrupt context, which includes a great many pools. An rwlock can be safely nested with the global mutex because if entering the rwlock fails, the global lock will be released. In short, the primary property of rwlocks, the fact that they sleep, isn’t really what we’re after but rather the side effect that sleeping releases the global lock. Fun, right?

Update to mesa 17.1.6.

Update to perl 5.24.2.

Add improvements to the DWARF frame unwinder to support xorguard. Whatever that is.

Add the amdisplay and nxphdmi drivers. Video comes to arm.

Strip out -I/usr/include and -L/usr/lib from the --cflags/--libs output in pkg-config to match other implementations and make ports happy.

Copy files from librthread to libc in preparation for moving some thread functionality into libc. This will solve a number of problems. Notbably, by having basic mutex support in libc, other libraries can also use mutexes internally without requiring everything to link with libpthread.

Remove an unnecessary check in ksh’s afree function to speed up large history files.

Add some random bias to the top of each kernel stack.

Make dwiic attach its ACPI parent dependencies. This change makes the Asus E200HA keyboard work. Mark them as attached so we don’t attach them again.

Add an entry to dmesg if pairwise WPA keys arrive unexpectedly to see if anybody is attempting replay attacks in the wild.

Implement counter clockwise rotation for rasops consoles. Rotate if width < height.

Add support for compressed fonts in the kernel. Backout since it wasn’t tested on ramdisks, which is ironically where the code is most useful.

Update to fontconfig 2.12.4.

Crank to 6.2-beta.

Posted 2017-08-28 16:12:55 by tedu Updated: 2017-08-28 16:12:55
Tagged: openbsd