without -Q during the build and in weekly(8). According to tests
by many developers, makewhatis(8) takes a few minutes at most even
on slower hardware like octeon, loongson, ALIX, RPI3, Soekris,
cubox, softiron etc., and security(8) is often worse than makewhatis(8).
In case this causes excessive weekly(8) run times on even slower
(~50 MHz-class) CPUs, consider adding "MAKEWHATISARGS=-Q" to
/etc/weekly.local on machines that feel unhappy.
OK sthen@ kettenis@ millert@ deraadt@
version uses the two-way string matching algorithm and is faster
than the old implementation. With this change, ports that check
for strstr having linear complexity time strstr will no longer
replace the libc strstr with a private version.
OK deraadt@ espie@
In our privsep model, imsg is often used to transport sensitive
information between processes. But a process might free an imsg, and
reuse the memory for a different thing. iked uses some
explicit_bzero() to clean imsg-buffer but doing it in the library with
the freezero() is less error-prone and also benefits other daemons.
OK deraadt@ jsing@ claudio@
no longer has access to the content of a memmory object. It does
this by either clearing (if the object memory remains cached) or
by calling munmap(2). ok millert@, deraadt@, guenther@
install.sub which makes it easier to spot changes in the future.
- comments and formatting
- quotes on assignments are not needed (netstart)
- remove stray space in test (netstart)
- use $file variable with while-loop (netstart)
- although valid, instead of i use $i in arithmetic test (install.sub)
OK krw@, tb@
Looks good deraadt@
Instead of using the internal "vmboot", VMs will now be booted using
the external BIOS firmware in /etc/firmware/vmm-bios (which is subject
to a LGPLv3 license). Direct booting of OpenBSD kernels or
non-default BIOS images is still supported for now using the -b/boot
option that is replacing the -k/kernel option.
As requested by Theo, vmd(8) fails if neither the default BIOS is
found nor a kernel has been specified in the VM configuration. The
"vmm" BIOS has to be installed using fw_update(1), which will be done
automatically in most cases where the OpenBSD can fetch it after
install/upgrade.
OK mlarkin@
the standard realloc*() functions can leave behind. imsg buffers are
sometimes used in protocol stacks which require some secrecy, and layering
violations would be needed to resolve this issue otherwise.
Discussed with many.
machdep.lidaction=0 # do nothing
machdep.lidaction=1 # suspend
machdep.lidaction=2 # hibernate
lidsuspend is just an alias for lidaction, so if you change one, the
other one will have the same value. The plan is to remove
machdep.lidsuspend eventually when people have upgraded their
/ets/sysctl.conf.
discussed with deraadt, who came up with the new MIB name
no objections mlarkin
ok stsp halex jcs