4ce20b36Stop using reserved words in the smtpd.conf configuration examples in the default smtpd.conf and smtpd.conf(5) manual page. This eliminates ambiguity in our documentation examples that can cause confusion. by
kmos2019-07-24 15:31:53 +0000
08a2eabaFix comment typo; from OpenSSH Portable by
dtucker2019-07-23 12:35:22 +0000
0e407e05Add a bootloader for octeon. by
visa2019-07-17 14:36:31 +0000
b67209741) Re-resolve and re-get constraints once the clock is synced. Constraints are relative to monotime; so they shift when time is being adjusted. 2) Fix a race between SIGCHLD delivery and reading the result imsg. 3) Some cleanup: use a number to distinguish pools internally by
otto2019-07-16 14:15:40 +0000
2519f799Add tls-cert-bundle and example of using a DNS-over-TLS forwarder. Note that, at this time, Unbound does not re-use TLS connections (https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=4089) so the TCP and TLS handshakes will cause a disproportiate increase in latency compared to UDP. ok sthen@ florian@ by
dtucker2019-07-15 10:18:20 +0000
84248221Using pthread_atfork instead of __register_atfork with uClibc on noMMU by
inoguchi2019-07-11 10:37:28 +0000
ade94fedadd /usr/local/sbin. ok deraadt millert by
tedu2019-07-11 03:54:17 +0000
005e327ffix printing when the pool is specified as an IP address; reported by and ok deraadt@ by
otto2019-07-10 05:53:37 +0000
ac3128b9proper level of two messages, prompted by deraadt@ by
otto2019-07-07 19:17:40 +0000
4faedbcdSometimes ntp peers are unreliable (looking at you pool.ntp.org!) and net config can change as well. So if a peer does not respond, throw it out of the pool if it's a pool member and re-resolve to find a replacement. Hold on to good peers so we end up with a good set of peers. ok benno@ by
otto2019-07-07 07:14:57 +0000
ac61f714improve verb-tense for explaining the calling convention of __ ok guenther jmc by
deraadt2019-07-05 12:55:36 +0000
e4c1e3b4The last consumer of pre-posix realpath behaviour has stopped requiring it (sftp-server). Remove the /exists///// behaviour from here. The /nonexistant behaviour remains in the kernel and needs to be shot next. There may be ports fallout, but we doubt it. ok beck djm by
deraadt2019-07-05 05:04:26 +0000
38f50cbbadd server time.cloudflare.com. - Cloudflare have very good adjacency (if PCH did anycast ntp, we'd use it) - As ntp input, it is great they don't leapsmear - Not all their nodes do ntp, hope they succeed at scaling that up - ntpd constrains (un-auth) ntp packets within a TLS constraint window so there is no downside (unlike pool.ntp entries which slowly decay but that's a story for another commit..) ok otto by
deraadt2019-07-04 05:19:31 +0000
27174b5bForgotten va_copy/va_end; on some archs that is really needed. ok benno@ by
otto2019-07-03 05:04:19 +0000
74b2c840snprintf/vsnprintf return < 0 on error, rather than -1. by
deraadt2019-07-03 03:24:04 +0000
ae687bf5tweak previous; ok guenther by
jmc2019-06-30 17:31:39 +0000
5ecede4aDocument that getcwd() and realpath() are built on system calls that have a different calling convention than the standard function...as seen in kdump output. by
guenther2019-06-29 21:21:27 +0000
c3832ee0Actually, the C standard only guarantees that atexit(3) returns non-zero on error, so tweak previous to test "atexit(...) != 0" for portability. "OK ok ok sorry backwards" deraadt@ by
schwarze2019-06-28 14:20:40 +0000
e5e55cd6When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future. by
deraadt2019-06-28 13:32:49 +0000
a6850b89miniroot prototype disklabels should attempt to contain accurate prototype information (in this case, the miniroot-building code is completely lovecraft) by
deraadt2019-06-28 13:28:21 +0000
ebbe8d81atexit() returns -1 on failure by
deraadt2019-06-28 05:33:35 +0000
3f543536The C89 standard only requires that atexit(3) returns a non-zero value on error, so checking for -1 only is potentially non-portable. Also mention that the C89 standard does not require errno to be set. OK deraadt@ millert@ by
schwarze2019-06-27 16:30:39 +0000
c47029baAllow logging to both stderr and syslog; don't reset the log level if the log destination changes. ok claudio@ benno@ by
otto2019-06-27 15:18:42 +0000
5ad888abtweaks with help from jmc@ by
otto2019-06-20 12:20:20 +0000
56e1091dTell a bit about automatic mode; ok jmc@ by
otto2019-06-20 08:26:13 +0000
6f5c796cDo a quick DNS probe to decide to stay in the forground and attempt an (auto) settime or give up. 15s timeout is still in effect. ok florian@ by
otto2019-06-20 07:28:18 +0000
c65bc93cmove tals to /etc, where they can be upgraded by a "sysupgrade" if such a circumstance ever occurs. ok job by
deraadt2019-06-19 16:21:00 +0000
dc26ca47Remove old realpath(3), and the userland-vs-kernel realpath verification code. We now user the simple userland wrapper on top of __realpath(2). The non-POSIX behaviour still remains, that is the next component to fix. From a diff by beck, but I managed to chainsaw it a bit further. Tested in snaps for a couple of days. ok beck by
deraadt2019-06-17 03:13:17 +0000
391b2368Be more aggressive retrying dns while in settime mode. The constraint engine does not know if we're in startup mode, so use a small interval the first few times there. by
otto2019-06-16 07:36:25 +0000
a00849e3oops - missing .El in previous; by
jmc2019-06-15 17:06:46 +0000
04e84521realpath(3) doesn't use lstat(2), readlink(2), or getcwd(3) anymore, it is a thin wrapper over the syscall __readlink(2). Improve the list of possible errors. ok millert beck jmc by
deraadt2019-06-15 15:40:44 +0000
46a918abFix init of syslog for childs and teach dns process about synced state. ok benno@ by
otto2019-06-12 05:04:45 +0000
fc792ba8make 10 wsmouse devices by
jcs2019-06-11 14:48:56 +0000
0225e4f1Introducing autmatic settime mode: if some preconditions are met (booting, constraint(s) defined) set the time but only if the clock should be moved forward by more than a minute, based on ntp replies that satisfied the constraints. Tested by many; ok deraadt@ by
otto2019-06-09 08:40:54 +0000
6c1bd950grow sparc64 miniroot a little by
deraadt2019-06-08 15:49:22 +0000
340e9dcaCast bitcount to u_in64_t before bit shifting to prevent integer overflow on 32bit platforms which cause incorrect results when adding a block >=512M in size. sha1 patch from ante84 at gmail.com via openssh github, sha2 with djm@, ok tedu@ by
dtucker2019-06-07 22:56:36 +0000
03408962Switch to v02 api url. by
florian2019-06-07 08:08:30 +0000
f8c25cc1spelling/grammar fixes; from larry hynes by
jmc2019-06-02 06:46:18 +0000
dd9a9695Complete the ld.so boot cleanup: move most libc initialization from _csu_finish() to _libc_preinit(), which is an .init_array function in shared libc (and mark it INITFIRST) or a .preinit_array function in static libc, grabbing the _dl_cb callback there from ld.so. Then in _csu_finish(), invoke the dl_clean_boot() callback to free ld.so's startup bits before main() gets control. by
guenther2019-06-02 01:03:01 +0000
9d258bd6Limit maximum number of length octets to platform independent sizeof(int32_t). by
rob2019-06-01 19:40:05 +0000
11942d45Use proper algorithm for median computation; use fabs() for computing an absolute value and fix poll loop to first generate messages and then compute poll flags the write cases. This makes the timeout workaround for constraints unneeded. ok reyk@ tb@ by
otto2019-05-30 13:42:19 +0000
6d85d2cc__realpath(2) appears to have improved, so re-enable the code that checks userland-parsing vs kernel parsing, we are hoping to spot another bug.. by
deraadt2019-05-30 13:22:48 +0000
349011c6If a DBS resolve was done with the Checking Disabled flag, re-resolve with once the clock is synced. ok deraadt@ florian@ by
otto2019-05-29 18:48:33 +0000
8517992dThere are some bugs in __realpath(2) -- it isn't quite ready so disable calling it until those are fixed. by
deraadt2019-05-29 11:54:49 +0000
ee8781d9Enable the use of the kernel __realpath() system call in the libc wrapper. by
beck2019-05-28 13:08:56 +0000
fad1ff55Include pthread.h to make this header standalone (needs pthread_t and others) by
jca2019-05-28 10:33:03 +0000
89bf75c4A step in solving the bootstrap problem in a dnssec environement. If the time is wrong, we cannot validate dnssec, leading to failed DNS lookups, so we cannot adjust or set the time. Work around this by repeating a failed DNS lookup with a lookup with the DC (check disabled) bit set. ok florian@ by
otto2019-05-28 06:49:46 +0000
c7f17f46add vulkan dirs by
jsg2019-05-27 07:03:11 +0000
f5de0f5cOnly override size of chunk if we're not given the actual length. Fixes malloc_conceal...freezero with malloc options C and/or G. by
otto2019-05-23 06:43:18 +0000
5ea11244whitespace by
rob2019-05-21 13:29:44 +0000
459d3403Cleanup some residual markup from the ber.3 days. by
rob2019-05-21 12:30:07 +0000
48f8f2e8clarify that later flags modify earlier flags; triggered by a question from Jan Stary <hans at stare dot cz> on misc@; OK otto@ by
schwarze2019-05-19 15:30:21 +0000
f6ecccddadd various missing information and remove the lie that these functions would set errno; tweaks and OK jmc@; OK rob@ on the previous version by
schwarze2019-05-17 14:40:59 +0000
509ea037Add XXX to a comment. by
rob2019-05-16 21:12:33 +0000
8e14404cCorrect errno markup. Noticed by schwarze. by
rob2019-05-16 17:39:21 +0000
c39a22b8More consistently put remarks about the less useful LC_* categoties, i.e. those other than LC_CTYPE, into the CAVEATS section, and standardize wording somewhat. OK jmc@ by
schwarze2019-05-16 13:35:16 +0000
e2a13c22sort SEE ALSO; by
jmc2019-05-15 18:42:30 +0000
a870edacadd substantial amounts of missing information; OK rob@ by
schwarze2019-05-15 18:25:29 +0000
4a2c8d40Consistently make errno a .Vt by
rob2019-05-15 18:18:21 +0000
1786209ddelete two stray blank lines by
schwarze2019-05-15 16:58:56 +0000
0b504326delete some duplicate words by
schwarze2019-05-15 09:49:32 +0000
b43f7ed0Split ber.3 into logical parts. Further tweaking will be done in tree. by
rob2019-05-15 03:11:52 +0000
afee62dfMention introduction of *_conceal. by
otto2019-05-13 06:04:55 +0000
b02b4b32Enable support for the writting of BITSTRING by treating it as an OCTETSTRING. by
rob2019-05-12 20:25:10 +0000
b6f67bd0Enforce smallest number of contents octets for int (and enum). by
rob2019-05-12 20:13:08 +0000
f90a0d7aMention #include of <sys/types.h> in synopsis. by
rob2019-05-12 19:29:41 +0000
cd38a89aStop generating keys for nsd-control(8). These are unused since nsd was switched to using a local control socket by default. by
tim2019-05-12 18:52:43 +0000
cbfc8756Fail early if a (universal) primitive type identifies as constructed, or if a boolean has a contents length other than 1. by
rob2019-05-12 18:11:51 +0000
d7ff82d3Enforce minimal number of octets for tag > 30. by
rob2019-05-12 17:50:32 +0000
b3f85186In long form encoding, explicitly prohibit an initial length octet of 0xff which is reserved for future use. by
rob2019-05-12 17:42:14 +0000
51ba3e0fAdd first drm render node to list of devices to change when logging in on ttyC0. While here add drm0 to loongson and add the complete set of wscons and drm devices to arm64. by
jsg2019-05-12 15:06:58 +0000
ad393dcdThe BER API is currently used by ldap, ldapd, ldapctl, ypldap, snmpd, and snmpctl. Separate copies of ber.[ch] have existed and been maintained in sync in ldap, ldapd, ypldap and snmpd. by
rob2019-05-11 17:46:02 +0000
59654e51socppc makes an extended visit to the bigbucket. ok kettenis by
deraadt2019-05-11 07:18:15 +0000
6168298afew can remember what apm was ok deraadt@ by
benno2019-05-10 20:10:06 +0000
4e1b4d84Inroduce malloc_conceal() and calloc_conceal(). Similar to their counterparts but return memory in pages marked MAP_CONCEAL and on free() freezero() is actually called. by
otto2019-05-10 15:03:24 +0000
f0934b0eld.so boot cleanup support: - put functions and data which are only used before calling the executable's start function into their own page-aligned segments for unmapping (only done on amd64, arm64, armv7, powerpc, and sparc64 so far) - pass .init_array and .preinit_array functions an addition argument which is a callback to get a structure which includes a function that frees the boot text and data - sometimes delay doing RELRO processing: for a shared-object marked DF_1_INITFIRST do it after the object's .init_array, for the executable do it after the .preinit_array - improve test-ld.so to link against libpthread and trigger its initialization late libc changes to use this will come later by
guenther2019-05-10 13:29:21 +0000
7cd3aa0avmm(4) was removed from share/man/man8/man8.i386/MAKEDEV.8 but not the input file or MAKEDEV script itself; sync up the input file. req by jmc@ by
sthen2019-05-10 11:27:23 +0000
0a35e3bdpbuild class: bump datasize and maxproc; these should be sufficient for running a ports bulk without bumping anything else (matches what's on amd64.ports and exopi) by
ajacoutot2019-05-02 08:35:10 +0000
0eaf4262no more libFS by
matthieu2019-04-26 09:53:00 +0000
903bdc93Import regenerated moduli. by
dtucker2019-04-26 08:37:16 +0000
c66699adwe stopped making floppies a while ago by
deraadt2019-04-26 04:50:13 +0000
28c4796bmissing dots after ".%P pp"; the case of btree(3) was reported by Fabio Scotoni <fabio at esse dot ch>; also garbage collect one .Tn while here by
schwarze2019-04-23 18:13:11 +0000
c454417a63 keys no longer useful by
deraadt2019-04-14 14:57:34 +0000
09c62352create drm render node devices by
jsg2019-04-14 10:23:36 +0000
4bc43d1e (tag: OPENBSD_6_5_BASE, OPENBSD_6_5)unbreak make includes on non-clang archs after libobjc removal found the hard way by nayden@ ok deraadt@ by
jsg2019-04-06 02:56:16 +0000
0c960b60Fix hack(6). by
bentley2019-04-05 09:02:27 +0000
f50dd1a8revert previous. ifconfig errors may be interesting... to be revisited. by
tedu2019-04-01 11:39:46 +0000
a0740962Update radiusd.conf(5) man page and its example to recommend to surround words with double quote. Also fix a bug in the man page that module argument was missing for "module set". by
yasuoka2019-04-01 09:40:16 +0000
4a241ff5florian noticed unused etc/ssl/lib directory. jsing notes a release near 0.9.7a mistakenly created this incorrect directory. This was mimicked into our mtree framework in 1998, where it survived for over 20 years. ok jsing by
deraadt2019-04-01 07:21:37 +0000
3287227ecatch/hide errors from ifconfig carp in case there is no carp. ok deraadt by
tedu2019-04-01 06:59:36 +0000
0893302aadd syspatch signify key for 6.6 by
robert2019-03-25 15:40:58 +0000
211859f8In the incredibly unbelievable circumstance where _rs_init() fails to allocate pages, don't call abort() because of corefile data leakage concerns, but simply _exit(). The reasoning is _rs_init() will only fail if someone finds a way to apply specific pressure against this failure point, for the purpose of leaking information into a core which they can read. We don't need a corefile in this instance to debug that. So take this "lever" away from whoever in the future wants to do that. by
deraadt2019-03-24 17:56:54 +0000
789b166aStart in the daemon configured routing table and not in the one we're currently in. This fixes the case where one would be in a non default rdomain shell then run an rdomain 0 rc.d daemon. by
ajacoutot2019-03-21 15:10:27 +0000
324899a2escape backslashes; patch from Peter Piwowarski <peterjpiwowarski at gmail dot com> by
schwarze2019-03-20 04:02:06 +0000
1d960a6eRemove old X proto documentation directories. by
matthieu2019-03-19 21:40:16 +0000
9dcb5942Grow sgi ISO/FS media space to cope with the clang growth. by
deraadt2019-03-17 16:32:29 +0000