job
3cf6b014d3
Enable DNSSEC validation in unbound by default
OK deraadt@ otto@
5 years ago
deraadt
daf113ff2d
Perform contraint validation against 9.9.9.9 and 2620:fe::fe also (which
avoids DNS lookups entirely, but yes this https is correctly validated)
long discussions with otto, florian, and the quad9 crew.
5 years ago
deraadt
66480e8a82
we have emergency entropy injection code in rc, for if the bootblocks and
other methods failed to inject/churn the rng enough. Move it up far earlier.
ok naddy sthen kettenis
5 years ago
otto
df4870ab11
Allow the singular constraint clause to list multiple addresses;
ok deraadt@
5 years ago
solene
d7926a2681
Add a default priority of 5 for user _pbuild, this should help keeping system
responsive during packages compilation, especially on slower machines.
feedback welcome from people building ports
discussed with deraadt@
5 years ago
dlg
9fe746fb2f
handle aggr(4) in the same way as trunk(4)
from brad@
ok bluhm@ claudio@ deraadt@
5 years ago
tb
f189080779
Adjust whitespace, so Ta macros are aligned vertically as already done in
ober_add_string.3 and as it was before the ber -> ober rename.
5 years ago
tb
c7e739d82b
The ber_* namespace is used by liblber since time immemorial,
so move our BER API to the unused ober_* prefix to avoid some
breakage in ports.
Problem diagnosed by jmatthew with ber_free() in samba, but
there are many others as pointed out by sthen.
tests & ok rob
ok sthen (who had an almost identical diff for libutil)
"go head hit it" deraadt
5 years ago
otto
195fd275f8
Allow the caller of asr functions to create and use a specific context.
Diff from eric@ and florian@, commiting on their behalf since they are absent
and we want to ride the minor shlib bump.
5 years ago
dtucker
1f9a1ea27c
Import regenerated moduli file.
5 years ago
kettenis
e48267860e
regen
5 years ago
kettenis
45e6f43007
Add /dev/pri.
5 years ago
visa
2a4a6ba595
Bump datasize-cur for pbuild on mips64, to make room for modernity.
OK deraadt@
5 years ago
deraadt
ff0931075f
accidentally stated the MP kernel twice, leading the SHA256/SHA256.sig
file to contain two hashes for bsd.mp, and cause later upgrade problems
spotted by afresh1
5 years ago
sthen
f7815ee9e1
sync arm64 pbuild resource limits with amd64; arm64 now builds some large
things and can easily exceed the previous 1.5GB limit.
(obviously, as with amd64, machines with less physical RAM won't cope with
building the largest ports).
ok deraadt phessler millert kettenis
5 years ago
deraadt
38098b4a51
update pkg name
5 years ago
deraadt
7fde5f36e9
correct dates
5 years ago
sthen
558edf9f75
for now, only mix in sysctl hw.{uuid,serialno,sensors} to /dev/random.
as found the hard way by d.rauschenb@gmail on an old fujitsu siemens
machine, reading all of hw (notable hw.setperf) can have unexpected
side-effects. ok deraadt
5 years ago
sthen
4b1cb37955
feed "sysctl hw" into /dev/random; a cheap way to feed in sensor data
as a one-shot at boot without more complex kernel work, and also includes
some serial numbers/guids which may add a little more entropy e.g. for
systems where /etc/random.seed may be known (e.g. cloned disk images).
"why not" deraadt@
5 years ago
jmc
27c779ffdc
zap trailing whitespace;
5 years ago
deraadt
14f0af3230
Xr random 4 in a better way
5 years ago
kurt
8b4c98a624
Increase datasize limit for ports building on arm64 in preparation
for enabling devel/jdk/11 there.
okay phessler@
5 years ago
solene
c85a255eb5
Correct sysctl section is 2
ok jmc millert
5 years ago
solene
57ef32f536
Add explanation about the default value of sysctl key
machdep.pwraction
ok jmc millert
5 years ago
kettenis
867432ecbc
Add ttyC4 to lost of devices to change when logging in on ttyC0 (and in
some cases also the serial console) such that X can use it as its VT
when running without root privileges.
ok jsg@, matthieu@
5 years ago
otto
a6ca81a5e7
Add comment line saying S is described vaguely on purpose.
Prompted by guenther@
5 years ago
bluhm
ca8d24bbae
Inform about system call memory write protection and stack mapping
violations in system accounting. This will help to find missbehaving
programs and possible attacks. The flags bit field is full, so
recycle the PDP-11 compatibility on VAX. lastcomm(1) prints the
AMAP flag as 'M'. daily(8) prints a list of affected processes.
OK deraadt@
5 years ago
landry
e7559cd1c1
Bump datasize-cur to 4Gb for pbuild class on sparc64, rust is a pig.
ok semarie@
5 years ago
ajacoutot
235460ceeb
Remove dependency on basename(1).
prodded by deraadt@
ok kn@ deraadt@ tb@
5 years ago
deraadt
e5fd32babd
name these manual pages by the primary function, for instance there
is no function called md5()
as discussed with jmc
5 years ago
deraadt
855ec93ea1
adapt to bitstring(3) renaming, and look at that bit_ffs(3) is the actual
name we want to Xr...
ok jmc
5 years ago
deraadt
fd9d083e20
uucplock(3) is incorrectly named in some places, it is actually uu_lock(3)
(more unclear is if anything in ports uses this, as our base no longer does)
5 years ago
ajacoutot
7635e56a53
space -> tabs
ok deraadt@ kn@
5 years ago
naddy
a37f46cb0f
The piggies have outgrown their pen again: Firefox 69 will no longer
build in 5 GB of memory. Bump default datasize for pbuild to 6 GB.
ok landry@ ajacoutot@
5 years ago
robert
103e227af2
add 6.7 syspatch key
5 years ago
martijn
742a87c636
Revert previous. There were some users of the quirky behaviour that were
missed during code scan.
5 years ago
martijn
9a09cc0ee9
Fix argument list for ber_set_writecallback
OK claudio@
5 years ago
jmc
f057789eb2
wonky comma;
5 years ago
martijn
e78f6151d9
Document that ber_scanf_elements' 'p' and 't' attribute don't eat the
current ber element.
OK claudio@
Seems sensible to deraadt@
5 years ago
martijn
8eab0e4153
Make ber_scanf_elements's 'e' attribute eat the element.
Right now all consumers use 'e' at the end of the list, so no regressions
should be introduced.
OK claudio@
Seems sensible to deraadt@
5 years ago
martijn
89ee3aeaf4
Make sure that ber in ber_scanf_elements is not NULL before parsing format
where ber is utilized. This also allows us to remove the ber->be_next
check, which can cause weird behaviour, because a NULL be_next would result
in parsing the last element twice.
OK claudio@ on previous version
OK rob@
5 years ago
claudio
f4aac30e57
Add the rpki TAL files to the changelist including arin.tal (which is not
shipeed by default).
OK job@ sthen@ deraadt@
5 years ago
claudio
45aad3ccd7
There is no reason why the TAL files are installed only readable by root
these are public files.
Agreed by deraadt@ (and florian@)
5 years ago
deraadt
61f4f28d97
move to 6.6-beta
5 years ago
sthen
f8833a6615
add 6.7 firmware key
5 years ago
deraadt
0d8734e4f4
oops, 6.7, spotted by tedu well in advance of it becoming an issue
5 years ago
naddy
2731923d04
6.7 packages key
5 years ago
martijn
738a1a7927
Don't use a 0 element to determine the end of an OID when comparing two
OIDS. This can result in false equality matches.
OK claudio@
5 years ago
martijn
0802062d3c
There's no reason why the first digit of an OID can't be 0.
OK claudio@
"Good find" deraadt@
5 years ago
visa
d3a8345c48
Revise the way how the octeon bootloader is built. The original
approach was not right, and there is still room for improvement.
OK deraadt@
5 years ago