40c1d583Almost all terminals now support hardware tabs so default to OXTABS off. by
nicm2019-03-12 11:01:25 +0000
8dd75e95install*.{fs,iso} get larger due to clang library changes by
deraadt2019-03-05 23:26:54 +0000
3997acf0Build and install a shared libLLVM, llvm-config and llvm includes. This is required to build the radeonsi Mesa driver. by
jsg2019-03-05 09:44:38 +0000
aecebb60crank to 6.5-beta by
deraadt2019-02-26 22:24:41 +0000
56c657abRemove -S from install commands by
kn2019-02-24 12:57:14 +0000
eec686b4Simplify NFS check in reorder_libs() by
kn2019-02-19 20:41:52 +0000
016b6fbasync staff datasize-cur with default ok deraadt@ by
jsg2019-02-19 01:51:31 +0000
247cc879(unsigned) means (unsigned int) which on ptrdiff_t or size_t or other larger types really is a range reduction... Almost any cast to (unsigned) is a bug. ok millert tb benno by
deraadt2019-02-13 22:57:08 +0000
152dd45eWe no longer need /etc/unwind OK sthen by
florian2019-02-11 13:39:32 +0000
e87b8b02Since the new trust anchor format no longer contains constantly changing timestamps we can track it in /etc/changelist. OK sthen by
florian2019-02-11 13:39:13 +0000
0cc8c5b6Revert previous. requested by deraadt@ by
matthieu2019-02-10 23:09:25 +0000
5bb816ddRemove old X proto documentation directories by
matthieu2019-02-10 09:01:50 +0000
53854900crank limits because of mesa by
deraadt2019-02-10 01:50:21 +0000
bb213c52No need to run unbound-anchor anymore. Unwind(8) handles the bootstrap correctly itself now. At leat considering the end of life times of OpenBSD releases and the speed at which the root key signing key (KSK) rolls. by
florian2019-02-07 17:54:01 +0000
63be10556.6 firmware key by
sthen2019-02-05 23:56:38 +0000
4dd56aea6.6 packages key by
naddy2019-02-05 18:32:17 +0000
4228ba22Add an example unwind.conf. by
florian2019-02-05 16:23:58 +0000
596fccc0sets grew a little, install*.* need to also by
deraadt2019-02-05 01:40:40 +0000
e71f85b8enable libelf by
jsg2019-02-04 23:23:18 +0000
c57677aeadd a pthread_get_name_np to match pthread_set_name_np. could be useful in ports. initial diff by David Carlier some time ago. ok jca by
tedu2019-02-04 17:18:08 +0000
36eed43eMake gl_pathc, gl_matchc and gl_offs size_t in glob_t to match POSIX. This requires a libc major version bump. OK deraadt@ by
millert2019-02-04 16:45:40 +0000
fb590c39add 6.6 base key by
deraadt2019-02-03 22:22:00 +0000
4d455d5ecrank datasize, because mesa is a pig by
deraadt2019-02-03 00:25:14 +0000
890f0a54add /etc/unwind.conf in changelist(5) by
semarie2019-01-29 10:49:45 +0000
b72281a2Add domain-s also known as DNS over TLS (DoT) by
danj2019-01-27 20:35:06 +0000
5d0816b2Create /etc/unwind. re-commit now that snapshots are over the bump. OK deraadt by
florian2019-01-27 16:11:55 +0000
b7f2b7ferevert for now, sysmerge needs to create the group first. found the hard way by deraadt by
florian2019-01-26 12:09:39 +0000
1f4029ccrc(8) bits for unwind(8); OK deraadt by
florian2019-01-26 10:59:07 +0000
3b58b6d2create /etc/unwind; OK deraadt by
florian2019-01-26 10:58:32 +0000
f65e7516add _unwind user; OK deraadt by
florian2019-01-26 10:58:05 +0000
47165904I am retiring my old email address; replace it with my OpenBSD one. by
millert2019-01-25 00:19:26 +0000
774eb287Bump default datasize on arm64 to 768M to prepare for building clang 7. by
kettenis2019-01-24 13:14:10 +0000
4c4f6297Drop the ttyflags message. suggested by and ok deraadt@ ("I think we never hang there anymore") by
ajacoutot2019-01-24 05:14:02 +0000
33ce6163sort sections, and add a missing verb to the EXAMPLES text; by
jmc2019-01-22 06:49:17 +0000
182eee27Wrap long line by
otto2019-01-22 06:44:46 +0000
c368190ea few tweaks by
tedu2019-01-21 20:43:27 +0000
fc3af0bdAdd example showing a proper comparison function, as many examples show the wrong idiom. ok tedu@ but probably needs some tweakin by
otto2019-01-21 20:34:14 +0000
37b88a44Improve logging for TLS certificate validity checking. by
jsing2019-01-21 11:08:37 +0000
64715c5aExplicitly check timegm() return value. by
jsing2019-01-21 11:05:41 +0000
ec351717Perform manual validity checking of the X.509 certificate for constraints. by
jsing2019-01-21 08:38:22 +0000
a183799aUse ${rcexec} in rc_pre to do the config testing. This allows to specify macros with spaces in them. With and OK ajacoutot by
claudio2019-01-21 01:41:16 +0000
ec350798untabify by
matthieu2019-01-20 17:56:55 +0000
c42a3c58New doc directories for xorgproto by
matthieu2019-01-20 17:51:55 +0000
7a31e618Don't use *a - *b as compare idiom, it does not work as expected for anything larger than an int. ok jca@ rsadowski@ by
otto2019-01-20 16:40:42 +0000
700af1feThe shell will strip the quotes from daemon_flags when starting a daemon so make sure pexp matches the process (i.e. doesn't include the quotes). It's a bit hackish but it allows things like these in rc.conf.local: relayd_flags=-D IPS="1.2.3.4 2.3.4.5" by
ajacoutot2019-01-20 04:52:07 +0000
8d357258use standard headers for siphash by
bcook2019-01-20 03:53:47 +0000
63b25462include stdint.h over sys/types.h by
bcook2019-01-20 02:59:07 +0000
101f48a3Change imsg header definitions to use standard types. by
bcook2019-01-20 02:50:03 +0000
7aedc771document pwraction in the example file by
tedu2019-01-19 20:50:38 +0000
2a66f804Clean-up unused directories by
matthieu2019-01-19 13:27:49 +0000
eb86dc68Improve the description of locale dependency: * mention LC_COLLATE; * clarify that all these functions are infested, including the *_l() versions; * avoid ENVIRONMENT, these functions don't inspect it; * and point to the C library functions that change the locale. OK millert@ by
schwarze2019-01-18 07:43:36 +0000
f3824ccfReplace the vague, incorrect, and confusing BUGS sections with CAVEATS clearly stating which arguments have to be avoided, and mention the header files defining the constants required for the checks. Feedback and OK guenther@, OK bluhm@. by
schwarze2019-01-18 07:32:17 +0000
0eac8574For all functions known to be infected by LC_NUMERIC, add short CAVEATS pointing to the new CAVEATS section in setlocale(3). Make those in wprintf(3) and wscanf(3) more concise since duplicate information is a bad idea. Incompleteness of information originally pointed out by millert@. OK millert@ by
schwarze2019-01-16 12:55:49 +0000
df4fda17Calling llabs(LLONG_MIN) is undefined behavior, llvm 7.0.1 does not work with our old code. In fmt_scaled() move the check before calling llabs(). found by regress/lib/libutil/fmt_scaled; OK deraadt@ millert@ tedu@ by
bluhm2019-01-14 23:52:06 +0000
ea28228bPrevent multiple ntpds from tripping over each other. This brings over the logic from bgpd & ospfd. Input & OK deraadt by
florian2019-01-14 16:30:21 +0000
2393c3e3There are cases where a program doing dns requests wants to set the Checking Disabled flag. Introduce a RES flag to do so. ok krw@ deraadt@ eric@ by
otto2019-01-14 06:23:06 +0000
fd20867aUse acpidump -q to avoid message about ACPI information not being found. Many arm64 systems use device trees instead of ACPI and acpidump is expectected to fail on those systems. And vmm(4) doesn't provide ACPI information either. by
kettenis2019-01-12 17:05:00 +0000
651232baMove default numer of pools in the multi-threaded case to 8. Various tests by me and others indicate that it is the optimum. by
otto2019-01-10 18:47:05 +0000
47f8437fMake the "not my pool" searching loop a tiny bit smarter, while making the number of pools variable. Do not document the malloc conf settings atm, don't know yet if they will stay. Thanks to all the testers. ok deraadt@ by
otto2019-01-10 18:45:33 +0000
c20bdc02Move acme-client.conf to examples. Since we no longer store the agreement url in here we no longer need to updated it all the time. OK deraadt by
florian2019-01-08 07:14:10 +0000
b233898elog dns failures, even if temporary. ok benno by
tedu2019-01-07 20:33:40 +0000
fd3a2c696.2 keys no longer required by
deraadt2018-12-20 15:57:14 +0000
6b3ba4e5Remove control-use-cert. It is ignored for local sockets (since unbound 1.7.3). by
tim2018-12-16 20:41:30 +0000
dc864559 (OPENBSD_6_3)Backport getentropy changes from deraadt@ on MAIN by
bcook2018-12-15 15:10:53 +0000
ea887211 (OPENBSD_6_4)Backport getentropy changes from deraadt@ on MAIN by
bcook2018-12-15 15:10:12 +0000
090b271fadd commented-out "val-log-level: 2" next to the uncommentable line to enable dnssec validation, it's really useful for debug by
sthen2018-12-12 23:20:38 +0000
51db86f8the world is not ready for dnssec enabled by default by
florian2018-12-11 19:16:36 +0000
5a39d2d3remove qname-minimisation from sample config, this was turned on by default upstream in 1.7.2 (picked up by us with the update to 1.7.3). by
sthen2018-12-10 16:46:03 +0000
f876cbdeImprove speed for the multi-threaded case by reducing lock contention. tested by many; ok florian@ by
otto2018-12-10 07:57:49 +0000
dcc9f7ddstyle; OK otto by
florian2018-12-09 11:32:02 +0000
d82b8d14Remove public resolver IP addresses, just provide a neutral "documentation prefix" address instead - there are so many available with varying policies that this isn't a good place to list them (and might imply some kind of recommendation which is not intended). by
sthen2018-12-07 11:54:04 +0000
bd228d0eEnable DNSSEC validation. Requested by & OK claudio Input & OK sthen OK job, solene Various commenting that they run with validation since a long time without issues. by
florian2018-12-07 09:21:08 +0000
2c7f023eremove a stray line accidentally left behind in rev. 1.120; patch from Hiltjo Posthuma <hiltjo at codemadness dot org> by
schwarze2018-12-05 17:11:59 +0000
d1794e48update for libtls default cert changes. bonus: this exposed a few missing const qualifiers. by
tedu2018-11-29 14:25:07 +0000
bb2903adRefactor "find the right pool" code into a function. ok djm@ tb@ by
otto2018-11-27 17:29:55 +0000
9091da2bOur *int_fast{8,16}_t types are int/unsigned int, so SCN*FAST{8,16} shouldn't include 'hh' or 'h'. by
guenther2018-11-22 21:20:38 +0000
a53bba0ffold the contents of malloc.conf.5 into malloc.3 and sysctl.2, now that there is essentially no malloc.conf; by
jmc2018-11-21 09:22:58 +0000
1bb7064eIntroducing malloc_usable_size() was a mistake. While some other libs have it, it is a function that is considered harmful, so: by
otto2018-11-21 06:57:04 +0000
cc1a839bSaw a mention somewhere a while back that the gotdata() function in here could creates non-uniformity since very short fetches of 0 would be excluded. blocks of 0 are just as random as any other data, including blocks of 4 4 4.. This is a misguided attempt to identify errors from the entropy churn/gather code doesn't make sense, errors don't happen. ok bcook by
deraadt2018-11-20 08:04:28 +0000
c0572c73Fix compilation on alpha, where DEF_WEAK() really must be paired with PROTO_NORMAL(). Problem noted by deraadt@ by
guenther2018-11-19 22:50:24 +0000
ed5636e7Implement malloc_usable_size(); ok millert@ deraadt@ and jmc@ for the man page by
otto2018-11-18 16:15:18 +0000
f5aa4613add the missing space. in the future, should mail -f the file to ensure it is correct format by
deraadt2018-11-17 23:48:22 +0000
8cff13e0make the bogon set competely or-longer, rather than having to manage it or-longer at useage time. ok job benno by
deraadt2018-11-17 17:22:38 +0000
8a3b0b47Grow sgi iso to make room for clang. by
visa2018-11-13 06:24:36 +0000
0f57426ezap last remains of malloc.conf; prompted by and ok jmc@ by
otto2018-11-08 05:58:21 +0000
3fab6cbbUse TLS_CA_CERT_FILE instead of a separate define. by
jsing2018-11-06 20:41:36 +0000
d64a9a14rm FILES section; prompted by Janne Johansson by
otto2018-11-06 12:02:30 +0000
da412297Use the new vm.malloc_conf sysctl; ok millert@ deraadt@ by
otto2018-11-06 08:01:43 +0000
e4341e95Implement C11's aligned_alloc(3). ok guenther@ by
otto2018-11-05 08:23:40 +0000
cf2ba9bdBe stricter with TLS configuration for ntpd constraints. by
jsing2018-11-05 00:13:36 +0000
6d2498c2- odd condition/test in PF lexer (and other lexers too) by
sashan2018-11-01 00:18:44 +0000
70ef7356Import new moduli. by
dtucker2018-10-31 11:20:04 +0000
b3884fa7Add C11's timespec_get(3); minor bump for libc. by
guenther2018-10-30 16:28:42 +0000
53f81e16Revert previous (for now). semarie found a few regressions with daemon that will fail if cwd is not accessible. by
ajacoutot2018-10-29 07:55:40 +0000
66e9a376Change the way we call su(1) in rcexec: - drop `-'l' to prevent simulating a full login and running /root/.profile (prodded by a mail from J Greely) - use `-m' to preserve the environment because we now set HOME to "/" like /etc/rc does; note that we now also clear the environment using `env -i' before running su(1) which leaves us with only HOME, PATH and SHELL by
ajacoutot2018-10-16 07:07:05 +0000
085b73b9 (tag: OPENBSD_6_4_BASE)As per POSIX, when str{,r}chr is comparing it should convert c to a char. by
martijn2018-10-01 06:37:37 +0000
8658c763Add vmctl stop -a [-fw] option to stop or terminate all running VMs. by
reyk2018-09-27 17:15:36 +0000
c1931faaexplicitly mention local processes; from geoff hill ok nicm by
jmc2018-09-26 09:22:52 +0000
12e0bd39add 6.5 syspatch public key by
robert2018-09-23 03:54:47 +0000
fe7658f56.5 firmware key by
sthen2018-09-21 08:17:04 +0000