e454b33fProvide the "machdep.lidsuspend" sysctl on Loongson. by
fcambus2016-12-16 12:01:19 +0000
80b83ea5Do not lose the default route when netstart(8) is run a second time on the interface pointed to by the default route. by
mpi2016-12-06 14:01:43 +0000
19841ef1Use the stack to hold the constraint child process variables instead of using the heap. by
rzalamena2016-12-05 10:41:33 +0000
39fc6c9aRemove unused variable which was leaking memory, and while here remove 2 other variables that were also never used by
mestre2016-12-01 16:24:48 +0000
48262ad3Increase default datasize limit from 512M to 768M on amd64. This allows to build xenocara with extra options in malloc.conf. OK deraadt@ by
bluhm2016-11-25 21:51:29 +0000
09f6d62cFix up some permissions in RELEASEDIR and /var/sysmerge. by
tb2016-11-20 11:00:19 +0000
9ee6e93fEnable builds with a dedicated user that cannot elevate privileges or write to /usr/src or /usr/xenocara. by
tb2016-11-19 14:20:58 +0000
3a8e3084Introduce the build user and the wobj group that will soon be used as defaults for building the system from source. by
tb2016-11-15 20:44:40 +0000
05dca7e1the referred to EXAMPLES section is now in strncpy(3); issue reported by scott cheloha by
jmc2016-11-12 08:58:43 +0000
9c2475e3Kill the /usr/include/ssl symlink by
jca2016-11-12 03:04:27 +0000
05fef1fbRemove /usr/libdata/perl5/site_perl, it is no longer needed. OK tb@ by
millert2016-11-09 17:04:34 +0000
a1c8575cSet owners and permissions only after all headers are installed. Add the -P flag to chown to change the symlinks themselves instead of their targets. Also change permissions of all symlinks, so they don't depend on the umask during make build. by
tb2016-11-08 19:56:56 +0000
f64ac427Remove the obj, xobj and src directories from the base set. The installer will create these directories during install. So local setups will not get overwritten during upgrades. by
rpe2016-11-05 09:14:37 +0000
099c1cfdMALLOC_STATS tweaks, by default not compiled in by
otto2016-11-04 09:11:20 +0000
a197637fsmall tweak to also check canaries if F is in effect by
otto2016-11-03 18:51:49 +0000
3ba1fb54Add the -d flag to the update command, so directories are created with 'cvs up'. Prompted by a question by patrick keshishian, diff by Raf Czlonka. by
tb2016-10-31 20:50:11 +0000
8119a345remove some old option letters and also make P non-settable. It has been the default for ages, and I see no valid reason to be able to disable it. ok natano@ by
otto2016-10-31 10:06:56 +0000
ae5357c6Pages in the malloc cache are either reused quickly or unmapped quickly. In both cases it does not make sense to set hints on them. So remove that option, which is just a remainder of old times when malloc used to hold on to pages. ok stefan@ by
otto2016-10-28 17:03:22 +0000
992807bc- fix MALLOC_STATS compile - redundant cast is redundant by
otto2016-10-22 14:27:19 +0000
03ffdf00fix some void * arithmetic by casting by
otto2016-10-21 15:39:31 +0000
1255da53and recommit with fixed GC by
otto2016-10-21 06:55:09 +0000
5d783eccbackout for now; flag combination GC is not ok by
otto2016-10-20 11:29:34 +0000
1a2414b3avoid sentence splicing; by
jmc2016-10-20 08:03:15 +0000
e2ace002canary corruption message changed a bit by
otto2016-10-20 05:49:59 +0000
5656d7bfAlso place canaries in > page sized objects (if C is in effect); ok tb@ by
otto2016-10-20 05:38:41 +0000
356150aaRemove the save_errno dance inside strerror_r(3). It is from the time when we had national language support. OK millert@ by
bluhm2016-10-19 16:26:16 +0000
f8b06a2bCheck for EAGAIN on imsg_flush() return otherwise we might be failing to send message to the child process. Do like we learned in httpd(8). by
rzalamena2016-10-18 22:05:47 +0000
f3735931Save the constraint process pid by getting the start_child() return value, this should fix the problem with random ntpd(8) deaths. by
rzalamena2016-10-18 21:57:19 +0000
e3a9a693Move libcrypto, librpcsvc and gnu/usr.bin/cc/include from RDIRS to PRDIRS, and add prereq targets, so some header files are generated by BUILDUSER during 'make prereq' instead of by root during 'make includes'. by
tb2016-10-16 19:28:44 +0000
741ef92dRoll back uintptr_t cast changes after discussions with tedu, otto and others. by
dtucker2016-10-16 17:37:39 +0000
71af4d5fWrap _malloc_init() so internal calls go directly by
guenther2016-10-15 18:24:40 +0000
fa0722f3zap trailing whitespace; by
jmc2016-10-15 12:33:22 +0000
b6f412beBuild the bundle of GENERIC* kernels in using the new compile metods, and de-escalate to $BUILDUSER. Much help from natano and tb. by
deraadt2016-10-14 18:45:12 +0000
db6e1f03Cast pointers to uintptr_t to avoid potential signedness errors. Based on patch from yuanjie.huang at windriver.com via OpenSSH bz#2608, with & ok millert, ok deraadt. by
dtucker2016-10-14 18:19:04 +0000
c00ceb220xd0 -> 0xdb; ok deraadt@ millert@ tedu@ by
otto2016-10-14 17:33:36 +0000
138484b6copy updated log.c from vmd: for correctness, save errno when doing additional actions before printing it. OK rzalamena@ by
reyk2016-10-12 11:57:31 +0000
8b706cc4optimize canary code a bit by storing offset of sizes table instead of recomputing it all the time by
otto2016-10-12 07:36:38 +0000
0fd38ba8Fixup the example for msgbuf_write() and imsg_read() to check the error cases for -1 and 0 explicitly (it initially only checked for -1, I updated it to also check for 0, and rzalamena@ figured out that 0 has to be checked in a differently). by
reyk2016-10-10 17:15:30 +0000
9cfffa37Remove check for RELEASEDIR permissions, there are usecases where other filesystem permissions are required. by
natano2016-10-09 20:55:16 +0000
99f46803Check that DESTDIR is on a noperm filesystem that's properly locked down and enforce reasonable permissions for RELEASEDIR. by
natano2016-10-09 14:23:10 +0000
1ae413d0make clear the length printed is the requested length by
otto2016-10-08 12:56:18 +0000
0bf1053duse better uid/gid for _switchd by
deraadt2016-10-07 15:01:30 +0000
ede92497grammar fix previous; by
jmc2016-10-07 14:43:13 +0000
41daf655document "chunk canary corrupted" error by
otto2016-10-07 12:59:04 +0000
3eeb2e7bstray tab by
otto2016-10-07 05:55:37 +0000
2c67f40dBeter implementation of chunk canaries: store size in chunk meta data instead of chunk itself; does not change actual allocated size; ok tedu@ by
otto2016-10-07 05:54:35 +0000
bc56bde8first set -max limit, then -cur, otherwise if -cur si higher than the current max, it won't be set. noted by Evgeny Grin; ok millert@ by
otto2016-10-07 05:47:24 +0000
42edcd1aAdd _switchd by
reyk2016-10-06 20:25:02 +0000
9e0f5892Add switchd by
reyk2016-10-06 20:20:41 +0000
b2bce7dbMove vmd down as VMs might need the host's dhcpd, httpd etc. on startup. by
reyk2016-10-06 19:32:23 +0000
78234d86Print the root check error message to stderr. While there add the name of the target to the message to be more descriptive. by
natano2016-10-06 18:56:17 +0000
c2efbb75Build kernels as root for now. Otherwise we run into permission issues when the source tree is not owned by ${BUILDUSER}. by
natano2016-10-06 15:37:42 +0000
3ed07628conditionally create obj & xobj same way that src is handled ok natano by
deraadt2016-10-05 21:40:01 +0000
609593cdChange switch "wireless" to another example - bridging from VM to wireless in station mode is not supported. by
reyk2016-10-05 18:01:52 +0000
e46707e6De-escalate to an unprivileged users during 'make build' and 'make release'. by
natano2016-10-05 18:00:41 +0000
3cf60d99Add support for enhanced networking configuration and virtual switches. See vm.conf(5) for more details. by
reyk2016-10-05 17:30:13 +0000
6e7bb827stop supporting SUDO builds. Something better is coming, so let's align everyone who is using SUDO builds towards the new strategy. ok natano by
deraadt2016-10-04 16:54:31 +0000
c82eb97eFix a possible bug that will happen with dup2() when oldd == newd. In that case the dup2() would fail silently and the descriptor would remain with the CLOEXEC flag causing the exec*()d child process to have unexpected behavior. by
rzalamena2016-10-03 12:30:43 +0000
a74bbb49Run acpidump(8) at system startup and store ACPI tables in the /var/db/acpi directory. Later sendbug(1) will use this data in bug reports. That directory is created by mtree. by
rpe2016-09-27 20:18:34 +0000
fde1b1ebDelay switch(4) interface start up so it can attach virtual interfaces like vether(4). by
rzalamena2016-09-27 09:19:11 +0000
b0402396Add unprivileged user for traceroute. Input deraadt@ OK benno@, sthen@ by
florian2016-09-27 05:31:37 +0000
4c66ab65Teach ntpd(8) constraint process to use exec*() instead of just forking, with this change we get the pledge() ability back to the parent process. by
rzalamena2016-09-26 17:17:01 +0000
4e462f2eTeach ntpd(8) how to use socket status to shutdown the daemon. While at it, remove some verbose shutdown messages that we had before with pipe close. by
rzalamena2016-09-26 16:55:02 +0000
2334a0c4Add _ping user/group. OK natano on a previous diff which used a different uid/gid. naddy@ pointed out that uid/gid was already taken on "important" systems. Turns out we cannot easily recycle freed up uids/gids so settle on 51. by
florian2016-09-26 16:39:51 +0000
602fe812Add /etc/acme-client.conf to mtree/special and changelist. by
ajacoutot2016-09-26 06:51:23 +0000
aec1cfb6Unhook sqlite3. by
sthen2016-09-23 09:18:05 +0000
3a32ce7cthe account key(s) live in /etc/acme; OK benno@ by
florian2016-09-21 13:18:03 +0000
1a1f277cDelete casts to off_t and size_t that are implied by assignments or prototypes. Ditto for some of the char* and void* casts too. by
guenther2016-09-21 04:38:57 +0000
813db82eRemove duplicated includes in stdlib.h and termios.h by
fcambus2016-09-20 21:10:22 +0000
4309688dAdd dl_unwind_find_exidx prototype. by
kettenis2016-09-20 18:24:55 +0000
b52328defix build by
deraadt2016-09-18 21:47:19 +0000
98c57089add a config file parser to acme-client (unused at the moment, so that it can be worked on in the tree). ok florian@ deraadt@ by
benno2016-09-18 20:18:25 +0000
814803d9move page junking tp unmap(), right before we stick the region in the cache; ok tedu@ by
otto2016-09-18 13:46:28 +0000
8ce39310pathnames for cert and key files need to be quoted. by
tj2016-09-17 20:05:59 +0000
487822caadd example certificate and key files generated with acme-client. by
tj2016-09-17 15:04:15 +0000
3a5d0b50Do the same with less code. by
rpe2016-09-14 18:34:51 +0000
1305c0d5Teach ntpd(8) how to fork+exec. by
rzalamena2016-09-14 13:20:16 +0000
5ec8dcbaAdd clarifications ("comments") to three places where it wasn't obvious why it is implemented this way. The whole idea of constraints is to isolate them as much as possible, in a semi-paranoid way. by
reyk2016-09-14 09:26:10 +0000
d7b0c49bFix copyright disclaimer in util.c. by
reyk2016-09-14 08:24:08 +0000
06d7c247proxy uid/gid was split up for seperate purposes; it can go away now. by
deraadt2016-09-13 15:38:17 +0000
8d9d3289Don't declare select() in <unistd.h> by
guenther2016-09-12 19:36:26 +0000
11f3477fChange the (unused) restimespec member of __res_state from a timespec to a local equivalent to eliminate a dependency on <sys/time.h> being included by
guenther2016-09-12 19:35:31 +0000
fdcee9a4cua/tty nodes only need group dialer, the initial uid does not matter much -- and "uucp" is just stupid in 2016. ok rpe by
deraadt2016-09-11 19:59:54 +0000
544096f8Set owner for /etc/{passwd,pwd.db,spwd.db} and /var/sysmerge/etcsum. from rpe by
natano2016-09-11 19:44:32 +0000
d91cf0efAdd a few directories missed in the past by
matthieu2016-09-11 14:05:04 +0000
6b2e1028The /etc/{localtime,rmt}, /var/tmp and /sys symlinks and the etc tarball should be owned by root. by
natano2016-09-11 06:51:17 +0000
843be9aeextra spaces by
deraadt2016-09-11 03:06:31 +0000
a730e307Unbreak ksh.kshrc by using a MI way of finding out the console device name. by
rpe2016-09-10 12:50:20 +0000
28d5c57fSimplify setting the USER and UID variables. While here, convert `` to $(). by
rpe2016-09-10 09:44:49 +0000
f9cc010bRemove remnants of rlogin, it's long gone (2002). by
rpe2016-09-10 08:42:06 +0000
bd8116bbIdentation by
rpe2016-09-10 08:00:12 +0000
ce3e7d72print a clear error message when not ran as root instead of just falling through and try whatever it can do with the invoking user's perms by
jasper2016-09-09 19:48:16 +0000
4c5bec12Move the 10 (!) defintions of NULL to their own mini header file and update the NULL definition for C++11. OK deraadt@ guenther@ kettenis@ by
millert2016-09-09 18:12:37 +0000
0ba52eebConvert [] to ksh style [[]] tests. Based on a diff from Anthony Coulter. by
rpe2016-09-09 16:25:37 +0000