933287a1grow alpha and hppa media to accomodate some recent growth by
deraadt2018-09-20 15:19:38 +0000
d836cee7Import updated moduli. by
dtucker2018-09-20 08:07:03 +0000
af42cd756.5 packages key by
naddy2018-09-18 19:15:40 +0000
7907c39d6.5 base key by
deraadt2018-09-18 18:48:16 +0000
bb40e30dgrow arm64 ramdisk by
deraadt2018-09-18 13:45:09 +0000
15d69843Add uid_from_user() and gid_from_group(), derived from pax's cache.c. It replaces the existing pwcache.c functions user_from_uid(3) and group_from_gid(3) with the pax equivalents. Adapted from NetBSD (mycroft) changes from our own pax's cache.c. OK guenther@ by
millert2018-09-13 12:31:15 +0000
9a9b5e27Adjust the config to -current bgpd which makes it a lot more readable. OK phessler@ by
claudio2018-09-10 09:10:36 +0000
f1efffb1update example bgpd.conf to use new config language features: network prefix-set ... and filters with prefix-set ... or-longer. ok claudio@ by
benno2018-09-09 12:49:44 +0000
0f8c7571Remove optional commas from example config. In the future these optional commas may become a syntax error. by
claudio2018-09-08 08:00:21 +0000
183780a9Make host_*() AF-agnostic by
kn2018-09-07 20:31:39 +0000
48ecc076the main process must chdir to /, since it cannot have daemon() do the job at startup. After much anguish I accept dlg's solution of chdir for the problem ("starting ntpd on a filesystem I want to unmount"), but we cannot change the main-process daemon() call. Why? Because the ntpd privsep design predates more modern designs where the config file is parsed once, and configuration marshalled to the fork+exec children. Instead each ntpd process re-parses the config, and if we chdir before fork+exec startup, it will move the basedir causing -f "relativepath" to fail. by
deraadt2018-08-31 18:45:02 +0000
2c5c64d7Add more uhid devices, 8 total by
jcs2018-08-31 02:32:29 +0000
93b9d6f2Historically /etc/netstart (and the equivalent code in the install script) did 'ifconfig <if> down' before starting dhclient(8). This was a way of ensuring old running copies of dhclient were killed before a new one started. Current dhclient does not need this assist, so change "ifconfig <if> down" to "ifconfig <if> up" pending further script optimizations. by
krw2018-08-29 11:30:48 +0000
f224b1cfUnclutter bgpd.conf example config file by
job2018-08-28 17:52:16 +0000
2a16acacAdd kcov(4), a kernel code coverage tracing driver. It's used in conjunction with the syzkaller kernel fuzzer. So far, 8 distinct panics have been found and fixed. This effort will continue. by
anton2018-08-19 11:42:33 +0000
e5b260c6Switch nsd control socket from localhost to a unix domain socket. OK sthen by
florian2018-08-16 17:59:12 +0000
1bc01393The zoneinfo directories can be mode 755 just like everything else. OK deraadt@ by
millert2018-08-16 17:40:54 +0000
6cbfee9edon't need 61 keys anymore by
deraadt2018-08-11 15:43:44 +0000
5ed5d3cbcrank to 6.4-beta by
deraadt2018-08-10 20:27:01 +0000
68d7aa06delete volatile intended to silence whiny old compilers around vfork. This variable is only used in the parent context so there is no issue. ok kettenis by
deraadt2018-08-10 17:03:26 +0000
a27b8724ntpd unveils the cert.pem "r" file (which is passed-over-socket to the constraints process), and /usr/sbin/ntpd "x" to perform fork+exec operations. by
deraadt2018-08-08 22:56:42 +0000
48e89086Similar to the ldpd.conf change don't use a macro of the secret. Macros get sometimes logged so we should not encurage to use them for sensitive data. by
claudio2018-08-07 07:06:20 +0000
b0cdc9a1Correct example file since reserved words cannot be used as macros. Not only that, the macro used was password and if we changed it to something like pass="secret" it would log it if the daemon was ran in verbose mode. by
mestre2018-08-06 17:26:31 +0000
7b9d9ca1Revert back previous commit, we have decided that socket files don't cause any harm if not deleted after the daemon is shutdown and at the same time we also tackle another attack surface by not allowing the program to create/delete any more files (by removing "cpath" promise from pledge(2)). by
mestre2018-08-04 11:07:14 +0000
b448df25ntpd(8) has logic in place to delete its control socket on shutdown, but it currently doesn't call the function control_cleanup to do so. The solution is to simply call that function just before the program quits. by
mestre2018-08-02 13:05:34 +0000
f5de1229Add _PATH_AUTHPROGDIR = "/usr/libexec/auth", this path will be used to unveil. Unfortunately the auth subsystem uses _PATH_AUTHPROG = "/usr/libexec/auth/login_", which it auth-program is appended to -- a rather gross idea which now shows lack of wisdom. by
deraadt2018-07-29 19:40:41 +0000
bea64d8eRemove unused /dev/audio and /dev/audioctl symlinks. by
ratchov2018-07-28 08:09:50 +0000
653c436bs/resolver/nameserver/ to match parse.y -r1.4 by
jasper2018-07-25 05:11:49 +0000
a12a085fadd rad.conf example by
jasper2018-07-24 18:15:31 +0000
b3865995add _rad user OK tb, claudio by
florian2018-07-23 14:15:14 +0000
4c381664Remove rtadvd(8) rc script. by
florian2018-07-23 12:05:50 +0000
86afacfeRemove rtadvd(8) leftovers in etc. OK deraadt, phessler by
florian2018-07-23 11:57:17 +0000
3edf9087It's time to switch to rad(8); tested by many. Unhook rtadvd from build. OK deraadt, phessler by
florian2018-07-23 11:56:02 +0000
f305d195It's time to switch to rad(8); tested by many. Remove rtadvd(8) from rc(8). OK deraadt, phessler by
florian2018-07-23 11:54:49 +0000
e58d5815document method=https, and use it in the example config; from lauri tirkkonen; by
jmc2018-07-22 17:09:43 +0000
19c0bfe3revert previous, something isn't quite right as clients see ntpd as unsynced. reported by naddy, also seen by me (I noticed because monitoring-plugins check_ntp complained). ok claudio henning by
sthen2018-07-19 10:20:09 +0000
0ded5800Unveiling unveil(2). This brings unveil into the tree, disabled by default - Currently this will return EPERM on all attempts to use it until we are fully certain it is ready for people to start using, but this now allows for others to do more tweaking and experimentation. by
beck2018-07-13 09:25:22 +0000
50ad58deadd rad.conf; from semarie; tweak & OK tb by
florian2018-07-13 06:56:59 +0000
8dc6551fif we couldn't update the clock for ~1h due to lack of data from peers and sensors, mark us unsynced again. ok reyk krw, pt out / discussion / help naddy by
henning2018-07-12 19:31:05 +0000
2aa7a260rc(8) infrastructure for rad by
florian2018-07-12 08:20:36 +0000
fabfc282Add _rad user and group for rad(8). This recycles the _btd uid/gid that have been removed in 2013. Discussed in the hackroom. by
florian2018-07-12 08:17:27 +0000
c67ac505Explicitly call "/etc/rc.d/vmd stop". This issues graceful shutdown commands to running VMs (at least for OpenBSD ones), but the stop routine for system daemons is not usually called at shutdown. by
sthen2018-07-11 21:49:37 +0000
f5786aedAdd -w option to vmctl stop to wait for completion of VM termination. by
reyk2018-07-11 13:19:47 +0000
cd73602eDon't hide errors when IPv6 forwarding is not enabled. OK(failed) phessler OK deraadt by
florian2018-07-11 08:31:48 +0000
f8ee3daewe were refering to 10k states by default here as well, pt out by claudio by
henning2018-07-10 19:28:35 +0000
b977896dNo need to mention which memory allocation entry point failed (malloc, calloc or strdup), we just need to log that we ran out of memory in a particular function. by
krw2018-07-09 12:05:11 +0000
4e809e85netstart is used during system start, but also interactively. Show proper error message if a regular user executes netstart. Only do the privilege check if the id binary is available, which might not be the case during diskless system startup. by
tb2018-07-08 20:10:26 +0000
81de9046Be consistent in warn() and log_warn() usage when running out of memory. by
krw2018-07-08 17:15:07 +0000
8efe1f21list the ports for gre in udp, as per rfc8086 and iana assignments. by
dlg2018-07-03 23:52:27 +0000
ceb98dc2a mirror URLs -> a mirror URL by
tb2018-06-27 03:24:33 +0000
960aed94Add 6to4 anycast prefixes to bogon filter by
job2018-06-21 15:57:04 +0000
e563c271Rename httpd.conf "root strip" option to "request strip". by
reyk2018-06-13 15:08:24 +0000
c5da7cc2Adjust example after the announce (all|self|...) change. Adjust filters and comment them to explain the basic operation. Use large-community and a prefix-set to ensure no bad prefixes are leaked to eBGP speakers. With and OK job@ by
claudio2018-06-13 09:44:57 +0000
a901c544prepare for dri3proto by
matthieu2018-06-07 21:23:44 +0000
4706701eremove "from local" (the default) from one of the match rules: the line immediately above also uses this notation, it's shorter, and it keeps two examples in the man page which claim to be the same as the default config (but with exceptions) in sync; by
jmc2018-06-04 21:10:58 +0000
45e07ff6The open POSIX test suite reveals that sigpause(int sigmask) from 4.2 BSD takes a signal mask as argument while POSIX sigpause(int sig) expects a single signal. Do not expose our traditional BSD sigpause(3) to XPG/POSIX sources. OK guenther@ by
bluhm2018-05-30 13:20:38 +0000
d2be86d3update default config to new grammar by
gilles2018-05-24 11:40:17 +0000
5eee69a2Put commented minimal-reponses and refuse-any defaults into nsd.conf so that the changed default will be pointed out to the admin by sysmerge. by
florian2018-05-18 05:15:33 +0000
0b3d8e1fRemove default ls -C alias. by
mpf2018-05-16 14:01:41 +0000
468ab017constrain fractional part to [0-9] (less confusing to static analysis); ok ian@ by
djm2018-05-14 04:39:04 +0000
04aba995don't put options in here that should not be needed in the majority of cases and will just be copied by users without thinking. ok claudio@ by
benno2018-05-06 20:56:55 +0000
9bce2fbaAdd std.1500000 entry, mostly because of firmware constraints on various Rockchip ARM SoCs. by
kettenis2018-05-02 21:06:14 +0000
f814382eAdd a missing header when compiling with -DDEBUG by
denis2018-04-30 07:44:56 +0000
369994e7stop installing /etc/networks, it is now unused; OK deraadt@ tb@ by
schwarze2018-04-29 11:17:02 +0000
728f4955Add a proper usage() function. by
rpe2018-04-28 22:38:32 +0000
c930cc9espaces->tab ok kettenis@+florian@'s OCD by
ajacoutot2018-04-13 08:24:38 +0000
b45fb6b0"listen on * port 80" means all v4 and v6 addresses these days. OK benno by
florian2018-04-11 15:51:50 +0000
dbc5faf4sys/uio.h is not used anymore by
otto2018-04-07 09:57:08 +0000
376907d6adapt armv7 manual pages for arm64 by
jsg2018-04-04 14:21:26 +0000
8324e3eaImport regenerated moduli file. by
dtucker2018-04-03 02:14:08 +0000
79b103c9fix MALLOC_STATS; spotted by and ok semarie@ by
otto2018-03-30 07:23:15 +0000
7e2a5e7eAdd aggressive-nsec example block. While here, qname minimisation is an RFC since some time. by
florian2018-03-29 20:40:22 +0000
8b1b18f8 (tag: OPENBSD_6_3_BASE)probably the correct date by
deraadt2018-03-23 15:45:56 +0000
26292f37Provide an example httpd.conf that's actually useful. With & OK deraadt input sthen looks better to beck OK benno by
florian2018-03-23 11:36:41 +0000
c9a2eca5Since a while relayd switched from the TLS session cache to using only TLS session tickets instead. Adjust example relayd.conf file. From Matt Schwartz, reminded by jmc@ OK deraadt@ by
claudio2018-03-23 09:55:06 +0000
7a2dbe74Consistently spell "IPsec" in comments and debug outputs. by
mpi2018-03-16 12:31:09 +0000
fda1a6edadd syspatch public keys for 6.3 and 6.4 by
robert2018-03-15 11:15:58 +0000
f3a21c72remove 6.0 keys by
tj2018-03-14 17:16:57 +0000
becf8cefensure SYS_getrandom and GRND_NONBLOCK are both defined before using getrandom(2) by
bcook2018-03-13 22:53:28 +0000
d9ddac82Implement sicos(3), sincosf(3) and sincosl(3). These functions are common extensions and modern compilers (such as clang) will use them to optimize separate calculations of sine and cosine. by
kettenis2018-03-10 20:52:58 +0000
d6aeb761use _ALIGN() which is uhm a bit OpenBSD-specific, but it means we don't need to use sys/param.h at all, guess which one i believe is greater namespace polution ok otto by
deraadt2018-03-06 14:28:01 +0000
02c27180Use _MAX_PAGE_SHIFT, rather than #ifdef mips64 ok guenther kettenis by
deraadt2018-03-05 01:32:32 +0000
04e34b82#define _MAX_PAGE_SHIFT in MD _types.h as the maximum pagesize an arch needs (looking at you sgi, but others required this before). This is for the circumstances we need pagesize known at compile time, not getpagesize() runtime. Use it for malloc storage sizes, for shm, and to set pthread stack default sizes. The stack sizes were a mess, and pushing them towards page-aligned is healthy move (which will also be needed by the coming stack register checker) ok guenther kettenis, discussion with stefan by
deraadt2018-03-05 01:15:26 +0000
4f90eb97when -n is used, no need to spit out "Missing parameters." before displaying usage(); by
jmc2018-03-04 10:12:26 +0000
ef55c3f3Lowercase 'usage' and group -n with interface in it. From jmc@, ok tb@ by
landry2018-03-03 07:34:19 +0000
cfb5baa4OpenBSD 6.4 packages key by
naddy2018-03-01 18:45:57 +0000
4412da1copenbsd 6.4 base key by
deraadt2018-03-01 18:06:07 +0000
5543d472add 6.4 firmware key by
sthen2018-03-01 07:57:06 +0000
e36f1b60move to 6.3-beta by
deraadt2018-02-28 14:56:46 +0000
e36efedcTweak comments. by
rpe2018-02-21 19:57:21 +0000
85b83fc0add bsd.mp by
jsg2018-02-21 00:43:03 +0000
7299a2f2Call "vmctl stop" on each VM at shutdown, for OpenBSD guests this means they are signalled to shutdown cleanly. Wait for each to finish to avoid too much busy work at once; this may need revising if it turns out to be too slow with a larger number of VMs (e.g. signal/delay/signal/delay/... then wait for shutdowns), but let's avoid making it more complex unless we know it's needed. by
sthen2018-02-20 10:12:14 +0000
0b914515Write warning/error messages to stderr and end them with a fullstop. by
rpe2018-02-19 23:42:29 +0000
988ee6a0- use specific patterns when looping over /etc/hostname.if files to skip backup or temp files. - test if the patterns matched actual files - warn if ifcreate() fails on an interface and continue with the subsequent interfaces in the list instead of return'ing by
rpe2018-02-19 21:47:43 +0000
775ea3cbzap *_path() functions by
kn2018-02-18 21:48:00 +0000