dtucker
6511e43ef2
Update moduli file.
8 years ago
deraadt
4589832ab3
armish handled some early-gen arm machines, which required tons of
workarounds. Some of them will soon stand in the way of armv7.
Off to the attic you go.
8 years ago
halex
b21b9aedfb
remove pointless csh placeholder files from /etc
ok jung@ (some time ago) phessler@
8 years ago
tb
646f43cf69
Update the link for the getentropy(2) manual to man.openbsd.org/
ok deraadt@
8 years ago
deraadt
80f42a4c1a
old keys no longer needed
8 years ago
tedu
2fe63f9197
RMD160Update actually takes size_t length
8 years ago
sthen
c4ad6d94b8
add new mirror in Lithuania to examples/pkg.conf, ok deraadt
8 years ago
mpi
3e03e0cf65
Do not consider tap(4) a special interface and start if before other
pseudo-interfaces.
This unbreak vlan(4) on top of tap(4) since the refactoring to turn it
MP-safe.
ok claudio@, deraadt@
8 years ago
millert
752f10f777
sync
8 years ago
jca
1adc3fff12
Fix example: long long should be print with %lld
8 years ago
jsing
9801e4d851
Adjust existing tls_config_set_cipher() callers for TLS cipher group
changes - map the previous configuration to the equivalent in the new
groups. This will be revisited post release.
Discussed with beck@
8 years ago
rpe
cf653ce28f
Fix detection of /usr/lib on NFS.
Found by Frank Scheiner, thanks for reporting this.
OK krw, halex
'cool' deraadt
8 years ago
otto
48a1ebbb9c
J/j is a three valued option, document and fix code to actuall support that
with a little help from jmc@ for the man page bits
ok jca@ and a reluctant tedu@
8 years ago
visa
fa4e261523
regen
8 years ago
visa
728932b46a
Add /dev/openprom.
ok kettenis@ deraadt@ jasper@
8 years ago
sthen
5db6aec468
sync
8 years ago
bcook
468bf1902b
Tighten behavior of _rs_allocate failure for portable arc4random implementations.
In the event of a failure in _rs_allocate for rsx, we still have a reference to
freed memory for rs on return. Not a huge deal since we subsequently abort in
_rs_init, but it looks strange on its own.
ok deraadt@
8 years ago
bcook
3b2b99d5ea
Tighten behavior of _rs_allocate on Windows.
For Windows, we are simply using calloc, which has two annoyances:
the memory has more permissions than needed by default, and it comes
from the process heap, which looks like a memory leak since this memory
is rightfully never freed.
This switches _rs_alloc on Windows to use VirtualAlloc, which restricts the
memory to READ|WRITE and keeps the memory out of the process heap.
ok deraadt@
8 years ago
otto
4e61a98ad4
adapt S option: add C, rm F (not relevant with 0 cache and disables
chunk rnd), rm P: is default
8 years ago
tb
071457b57b
Back out previous; otto saw a potential race that could lead to a
double unmap and I experienced a much more unstable firefox.
discussed with otto on icb
8 years ago
tedu
86a8b4eb22
defer munmap to after unlocking malloc. this can (unfortunately) be an
expensive syscall, and we don't want to tie up other threads. there's no
need to hold the lock, so defer it to afterwards.
from Michael McConville
ok deraadt
8 years ago
tedu
81f4b4678c
increase the minimum for auto rounds to 6. that was the previous low bound
for login.conf, and we don't want to go lower.
8 years ago
tedu
80896da37f
upgrade selected login.conf to use auto rounds for bcrypt. the installer
already does this, so we don't want to go backwards on password changes.
ok krw
8 years ago
renato
c68642e233
The ldpd(8) sample config was terribly outdated. Passive interfaces,
for example, were removed in 2013 because they don't make sense in ldpd.
ok deraadt
8 years ago
benno
caa98a6441
Add operators =, !=, - (range), >< (exclsive range) to the as-path
filters (AS, peer-as, source-as, transit-as).
Add a use case (block illegal AS numbers) to the bgpd.conf example.
feedback from claudio, sthen, florian,
ok florian@ phessler@
8 years ago
millert
c3b677fe8e
Fix typo; the period should be outside the parens. From Michael McConville
8 years ago
sthen
de4705a064
Remove dead 2004 link to list of blacklists, from Sevan Janiyan.
Point at wikipedia's list of blacklists instead, some are DNS-only but there
are a few rsyncable ones in there (including a good commercial one and some
free ones).
8 years ago
tedu
44d09455c2
increase permitted sizes for daemon and messages. i overflow them too
frequently for my taste, and disk is cheap.
ok deraadt millert
8 years ago
deraadt
4bee7f5ac6
ntpd is too aggressive about retrying constraint connections. This
became more visible recently because a log_debug was changed to
log_warnx. Change it back for now.
ok jsing
8 years ago
guenther
f143152775
The icdb magic number doesn't need to be visible to static links
ok tedu@
8 years ago
guenther
152532fde6
Stop publicly declaring _yp_dobind() and struct dom_binding, closing out
a rant Theo wrote 24 years ago. Mark __ypexclude_{add,is,free}() as hidden
"get off my lawn!" deraadt@
8 years ago
guenther
05aa77af36
Remove dead support for changing BDB hash algorithm and cache of alternatives
ok natano@ millert@ deraadt@
8 years ago
rpe
44084ed262
Improve error handling in reorder_libs()
- run commands in subshell only if mktemp is successful
- on error just leave the for-loop but set _error=true
- cleanup tmpdirs afterwards
- set _error=true if the ro remount fails
- print appropriate final message depending on $_error
positive feedback from deraadt
OK krw
8 years ago
jsg
009e76db36
Stop building u-boot kernel and ramdisk images. The kernel make targets
are left for now but umg files are no longer built when building
releases.
8 years ago
jsg
bb5a180dba
use efiboot in armv7 miniroot images
8 years ago
rpe
a9d4e3917f
No need to show the messages if we skip in case of /usr/lib on nfs.
OK deraadt
8 years ago
rpe
abe8fc7dec
Add function comments.
OK sthen, deraadt
8 years ago
sthen
fcaae36016
sync
8 years ago
millert
c0459b49c2
The destination string is declared as "s" but referred to as "dst"
in some cases. Be consistent and use "dst" everywhere like for
strlcat(3) and strncat(3). From Tim Kuijsten.
8 years ago
deraadt
7476261c0f
whitespace found during review
8 years ago
rpe
ccb9a956d9
- rename rebuildlibs() to reorder_libs()
- move the info message inside the function
- skip reordering if /usr/lib is on a nfs mounted filesystem
- temporarily remount rw if /usr/lib is on a ro ffs file-system
OK deraadt
8 years ago
jsg
8f15975cee
build armv7 efiboot
8 years ago
guenther
4b745529b1
Stop supporting longjmperror(); it's not used, not portable, and the checks
longjmp performs can't really be relied upon, even after we got rid of the
false positives...
ok millert@ deraadt@
8 years ago
guenther
9593ae6355
Remove iruserok(_sa)? and __ivaliduser(sa)?
ok millert@ deraadt@
8 years ago
rpe
ae5d625a40
Use the -F flag of install(1) to ensure the file's content is flushed to disk.
OK deraadt
8 years ago
kettenis
e9f0d71a51
regen
8 years ago
deraadt
dfd33a5d62
sync
8 years ago
kettenis
d952fb61c7
Add /dev/openprom.
8 years ago
deraadt
cae8144a00
sync
8 years ago
deraadt
bd01cec02c
Default /dev/video node to root.wheel 600 because this should not be
available wide open. there should be some access model either via a
group or fbtab. This will cause a decision to be made.
ok millert
8 years ago