bd01cec0Default /dev/video node to root.wheel 600 because this should not be available wide open. there should be some access model either via a group or fbtab. This will cause a decision to be made. ok millert by
deraadt2016-05-21 15:17:49 +0000
f819d841Harden TLS for ntpd constraints - stop disabling server name verification, ensure that we load the CA certificates and use tls_connect_servername() so that we can verify the server we are connecting to (even though we've already resolved the hostname). Also add additional warnings for TLS connect and TLS write failures so that we know what is happening and why. by
jsing2016-05-21 13:46:10 +0000
1b0ee9ebCopy dtb files to miniroots and install disk. Increase the ramdisk size and force long filenames on the first mount of fat 16 filesystems so this works. by
jsg2016-05-21 07:19:24 +0000
f5bf7ac0Remove obsolete caveat. OK deraadt@ by
millert2016-05-18 00:58:40 +0000
9c2b134bRemove handling of /etc/examples/ files by sysmerge(8). Getting regular messages about pkg.conf isn't really that helpful and if a big syntax change comes along well we have current.html. by
ajacoutot2016-05-14 14:44:35 +0000
72b7a145add 6.1 firmware key by
sthen2016-05-14 14:08:20 +0000
ae3bfd2aunhphenate the world: re-order -> reorder sthen does not object by
jmc2016-05-14 08:21:40 +0000
03870049another ftp:// to http:// by
tj2016-05-14 03:27:21 +0000
cd93314bswitch ftp:// mirror to http:// by
tj2016-05-14 03:25:36 +0000
dd43373bremove hppa64 port, which we never got going beyond broken single users. hppa reverse-stack gives us a valuable test case, but most developers don't have a 2nd one to proceed further with this. ok kettenis by
deraadt2016-05-11 21:52:49 +0000
de30dcfaadd OpenBSD 6.1 packages key by
naddy2016-05-11 20:33:25 +0000
27767857add openbsd 6.1 base key by
deraadt2016-05-11 18:07:00 +0000
338af733crank to 6.0-beta by
deraadt2016-05-11 18:01:33 +0000
4e4aac21Add RETURN VALUES section and .Xr to memmem(3). From Michal Mazurek <akfaew at jasminek dot net>. OK tedu@ by
schwarze2016-05-11 17:51:50 +0000
e8ef5924remove uatraps from "all" as well ok beck@ by
jsg2016-05-11 06:33:48 +0000
06344629Alas all good things come to an end. The U of A traplist is going away as the University of Alberta moves away from running a spamd fronted MX, so there is no more source for this traplist anymore. by
beck2016-05-11 05:41:13 +0000
c5e3cabcRemove sigreturn declaration and the now-unused libc syscall stub by
guenther2016-05-09 23:55:52 +0000
d325302eremove dbm.h by
tedu2016-05-07 21:58:24 +0000
fd248b5fUse a Thread Information Block in both single and multi-threaded programs. This stores errno, the cancelation flags, and related bits for each thread and is allocated by ld.so or libc.a. This is an ABI break from 5.9-stable! by
guenther2016-05-07 19:05:21 +0000
74da5f73Unconfuse things by renaming variables to match their contents. by
jsing2016-05-06 16:49:46 +0000
90ef515eshow what we're doing when reordering libraries, otherwise the text above it is "starting network", which can make you think something is broken when your machine is as slow as some of mine. by
sthen2016-05-05 21:52:16 +0000
9c293ef0listen directive may use a table for authentication, to make this work the table has to be defined BEFORE consequently move all tables in the examples to the beginning and before the listen directive to avoid tables not being found by
jung2016-05-03 18:43:45 +0000
5d0caaa4signal name should be first, fixes reload; ok deraadt@ by
otto2016-05-03 08:59:29 +0000
b2278edbRemove a vax remnant (that was really a no-op anyway). by
millert2016-05-02 12:59:24 +0000
652935dcprepare userland for removing chroot(2) from allowed syscalls under pledge(2). by
semarie2016-05-02 06:25:29 +0000
eaa15c0dDelete invocation of mailq(1) that was present for historical reasons. On a real mailserver, it's too noisy and may be a privacy concern. On a machine that's not a mailserver, it's pointless. by
schwarze2016-04-29 13:05:33 +0000
51da054bReplace /dev/bpf[0-9] with /dev/bpf and /dev/bpf0. The /dev/bpf node is unused for now, but I plan to convert all programs in base to use it in a future diff. /dev/bpf0 is for compatibility with existing binaries and is to be removed after a transition period. by
natano2016-04-28 18:17:31 +0000
89d33781Crank majors for lib{crypto,ssl,tls} due to symbol removals, symbol additions and functionality changes. by
jsing2016-04-28 17:07:07 +0000
43f35daeExperiment on matching on the daemon_user is over. It needs more work. portmap isn't happy with it as reported by naddy@ by
ajacoutot2016-04-28 09:15:16 +0000
af5c782aRevert the revert and match on the daemon_user again. We'll see if something else breaks but it's the right thing to do. by
ajacoutot2016-04-27 17:29:50 +0000
c466a808Override each and every rc.d functions to be able to match on the user. by
ajacoutot2016-04-27 17:29:08 +0000
feb88d7fWe want to run sysmerge(8) a bit earlier in the boot process so that it has a chance to update the *default* configuration of the important daemons. Factorize rc.firsttime into a run_upgrade_script() function which takes the script suffix name as an argument. i.e. run_upgrade_script sysmerge / run_upgrade_script firsttime by
ajacoutot2016-04-27 14:49:11 +0000
1ec36b20Revert matching on the daemon user for now; it breaks sndiod handling which does start as root but does not have a root master process and instead changed its uid. by
ajacoutot2016-04-27 12:58:12 +0000
9ce868a3Use 'sort -V' which is actually meant to sort version numbers. by
rpe2016-04-27 09:17:53 +0000
d9a1e1c9Bump copyright. by
ajacoutot2016-04-26 17:00:20 +0000
68ff67a5Introduce rtable(4) support to rc.subr(8). It works by adding daemon_rtable=$id in /etc/rc.conf.local. rcctl(8) support coming in a few and so are the man pages bits. by
ajacoutot2016-04-26 16:59:15 +0000
042e2ba2Re-link (only the newest) libc.so, placing the objects in a random order. with shell script assistance from rpe by
deraadt2016-04-26 14:56:14 +0000
96b30ff9Allow setenv(3) and putenv(3) to operate on a NULL environ pointer. The getenv(3) and unsetenv(3) functions already support this. This will make it easier to emulate the glibc clearenv() function in ports. Based on a diff from and OK jca@ by
millert2016-04-25 21:36:04 +0000
624c4ffcrm systrace by
tedu2016-04-25 20:39:42 +0000
10faadbaRemove the requirement that /etc/printcap must be a regular file. CUPS wants it to be a symlink, and that is probably the most common printing system. Bad idea to constantly spam everybody about that! Antoine already adjusted the file permissions in pkg/cupsd.rc rev. 1.24. by
schwarze2016-04-20 21:14:44 +0000
3d042838Don't watch unbound's dnssec root zone key, to reduce security(8) spam. ok martijn@ semarie@ matthieu@ danj@ benno@ by
sthen2016-04-20 12:41:30 +0000
1e75dc17adds iked(8) default key. by
semarie2016-04-20 08:46:14 +0000
41e193defix typo in comment; ok beck by
tj2016-04-19 20:20:24 +0000
6ff3199dtwo times a define to an inline function, from Michael McConville; ok djm@ by
otto2016-04-12 18:14:02 +0000
f99de10aPrefer _MUTEX_*LOCK over _THREAD_PRIVATE_MUTEX_*LOCK() when thread-specific data isn't necessary. by
guenther2016-04-05 04:29:21 +0000
ddedb031Document ``use after free'' error message by
otto2016-04-03 09:31:45 +0000
c47b7e1fTweak rcctl wording. by
ajacoutot2016-04-01 08:20:27 +0000
0560fa2bRename the 'faulty' list action to 'failed'; it clearer. by
ajacoutot2016-04-01 08:18:56 +0000
813a539cfor some time now mandoc has not required MLINKS to function correctly - logically complete that now by removing MLINKS from base; by
jmc2016-03-30 06:38:43 +0000
0de2b669add "outgoing-interface" to sample unbound.conf by
sthen2016-03-30 01:41:25 +0000
560ae510Don't delete the 224/4 route in netstart, unless it's being done to ensure that a -reject route can be added. Restores the ability to set an interface route before daemons are started, lost during the previous simplification. ok millert mpi by
sthen2016-03-27 20:32:42 +0000
846730a3Rename session_socket_blockmode() to session_socket_nonblockmode(), removing its second parameter and the enum() that provided the values for said parameter. by
krw2016-03-27 11:16:12 +0000
06441a2aMake it possible to get usage as a non-root user. by
ajacoutot2016-03-26 13:59:36 +0000
1832b2afHandle the rc_stop=NO => rc_restart=NO case within _rc_not_supported(). by
ajacoutot2016-03-26 09:21:24 +0000
6190820cadd include directories used by recent versions of libdrm by
jsg2016-03-20 09:33:56 +0000
1e05f2dePrepare for future ld.so/libc bump: update <tib.h> with the definitions that will be needed and make libpthread work when ld.so/libc.a provide an initial TIB. by
guenther2016-03-20 02:30:28 +0000
24d299a1Remove #ifdef __vax__ bits by
jca2016-03-17 20:55:35 +0000
71aec697properly guard to macros by
mmcc2016-03-17 17:55:33 +0000
0674b8f8remove cpp version of __sputc, since the inline version is all we have ever used. ok jsg by
deraadt2016-03-16 04:56:08 +0000
983f38a9fix word issue, as reported by hans by
jmc2016-03-14 21:36:52 +0000
193bb3ecExpose snprintf() and vsnprintf() for XPG 5. It predates C99 but still specified snprintf() and vsnprintf() based on earlier drafts. Allows snprintf() and vsnprintf() to be used when _XOPEN_SOURCE is defined as 500. OK guenther@ by
millert2016-03-14 20:43:03 +0000
32c6baecsmall step towards multiple pools: move two globls into the struct dir_info ok @stefan armani@ by
otto2016-03-14 17:20:26 +0000
34213b20environ and __progname are not declared in a public header; declare them in libc's hidden/stdlib.h instead of in each .c file that needs one by
guenther2016-03-13 18:34:21 +0000
a5418097Remove sentences in RETURN VALUES sections saying that functions with void return types 'return no value'. This is obvious and therefore unneccessary to mention. by
mmcc2016-03-12 21:31:22 +0000
8ea4845cregen generated files after MAKEDEVs commits by
espie2016-03-12 18:02:18 +0000
7917b097reflect reality (MAKEDEV can take no parms and still work) by
espie2016-03-12 17:59:27 +0000
5b221b3atweak MAKEDEV.mi to use new makedev(8) capabilities and speed it up. by
espie2016-03-12 17:58:59 +0000
4a205547We are done providing support for the vax. lots of agreement. by
deraadt2016-03-09 16:28:46 +0000
0027fc4badjust for lpd(8) top spool dir permissions change, so security(8) won't complain in the daily(8) mail. by
tb2016-03-08 00:16:47 +0000
71cb0b71Change default lpd spool directory to match the code; from Chris Bennett Add /var/spool/output/lpd to mtree(1). by
ajacoutot2016-03-05 16:24:56 +0000
4cf98f26According to RFC7231, section 7.1.1.1, the HTTP date header supports no other timezone than the fixed string "GMT". Avoid using strptime %Z, which is nonstandard and can give surprising results on other operating systems. ok deraadt@ giovanni@ bcook@ by
naddy2016-03-05 16:09:20 +0000
ec0bd9b2add proper entries for pkg_add privsep, instead of piggy-backing on _pfetch which was a "better than nothing" measure for 5.9. by
espie2016-03-05 12:31:38 +0000
f9907be0Remove option USER_LDT and everything depending on it. Remove machdep.userldt sysctl. Remove i386_[gs]et_ldt syscall stub from libi386. Remove i386_[gs]et_ldt regression test. by
naddy2016-03-03 12:41:29 +0000
4a4f45e9Update moduli file. by
dtucker2016-03-01 04:23:08 +0000
0ca58765delete the kern.emul/KERN_EMUL sysctl bits since there are no emulations left; ok millert@ deraadt@, jmc@ (man pages) by
naddy2016-02-29 19:44:07 +0000
90378d36refactor option letter parsing into a subfunction, to increase clarity about which options are turned on/off by 's' and 'S' ok tedu by
deraadt2016-02-25 00:38:51 +0000
983ea932 (tag: openntpd-5.9p1, OPENBSD_5_9)This commit was manufactured by cvs2git to create branch 'OPENBSD_5_9'. by
cvs2svn2016-02-15 17:19:58 +0000
006e7fa5 (tag: OPENBSD_5_9_BASE)This commit was manufactured by cvs2git to create tag 'OPENBSD_5_9_BASE'. by
cvs2svn2016-02-15 17:19:57 +0000
3e2b6d0fWhen the default mode on /var/log/maillog was changed to 640 the creation of maillog as part of the distribution-etc-root-var target was missed. From Nathanael Rensen by
millert2016-02-15 17:19:56 +0000
0e7c0971Remove setproctitle() for the parent process. Because rc.d(8) uses process titles (including flags) to distinguish between daemons, this makes it possible to manage multiple copies of a daemon using the normal infrastructure by symlinking rc.d scripts to a new name. ok jung@ ajacoutot@, missed in previous commit noticed after re-checking following report in bgpd. by
sthen2016-02-07 21:00:16 +0000
72f79ae7Remove setproctitle() for the parent process. Because rc.d(8) uses process titles (including flags) to distinguish between daemons, this makes it possible to manage multiple copies of a daemon using the normal infrastructure by symlinking rc.d scripts to a new name. ok jung@ ajacoutot@, missed in previous commit, problem reported by mxb/alumni/chalmers/se. by
sthen2016-02-07 20:56:48 +0000
27f8788ccompare pointer to NULL in example code by
mmcc2016-02-07 20:50:24 +0000
5e809bc8be more forceful about not using these. improvements sthen@, jmc@. okay millert@, jca@ jmc@ by
espie2016-02-05 18:09:19 +0000
55955241Fix err(3) calls after allocation failures in examples. There is long-standing consensus that err(1, NULL) is the best idiom after failure of malloc(3) and friends. Quirk in the manual noticed by tb@. by
schwarze2016-02-05 15:09:09 +0000
58c11ffaRegen by
uebayasi2016-02-05 06:30:21 +0000