Branch :
| Author | Commit | Date | CI | Message |
|---|---|---|---|---|
| c1a524bc | 2020-08-09 14:35:31 | Some times ago we disabled in-kernel timeout for pppx(4) related pipex(4) sessions. We did this for prevent use after free issue caused by pipex_timer(). By default "idle-timeout" is not set in npppd.conf(5) and I guess this is reason for we forgot to describe this exception in npppd.conf(5). Since it's pppx(4) related bug description was added to BUGS section of pppx(4) man page. npppd.conf(5) has this exception described in "idle-timeout" section. ok jmc@ yasuoka@ | ||
| a395eaf7 | 2020-08-08 13:39:57 | Greatly simplify snmpe_parsevarbinds. except for some minor changes in the handling of snmp_intotal{req,set}vars no functional changes intended. OK jan@ | ||
| 42858fb0 | 2020-08-07 14:04:59 | Do not hardcode the key length. | ||
| 442ef12c | 2020-08-05 13:56:06 | Get the default values for font height and width in wsfontload(8) using the WSDISPLAYIO_GETSCREENTYPE ioctl. This ensures that they always match the currently loaded font metrics. Previously, wsfontload(8) hardcoded the default height and width values for the font to be loaded as 12x22 when using framebuffer consoles, and as 8x16 when in text mode. The 12x22 value wasn't correct in case we felt back to the smaller 8x16 font for screen widths smaller than 960px, and wasn't valid anymore since we replaced Gallant 12x22 by Spleen 12x24 on all architectures but sparc64. OK jcs@, mpi@ | ||
| f41f8039 | 2020-08-03 11:05:24 | remove unused functions from Ross L Richardson <openbsd AT rlr DOT id DOT au>, Thanks ok claudio@ | ||
| b19a8c1e | 2020-08-03 10:59:53 | remove another tautology from Ross L Richardson <openbsd AT rlr DOT id DOT au>, Thanks ok claudio@ | ||
| 46b94b0c | 2020-08-03 10:58:38 | remove unused assignment from Ross L Richardson <openbsd AT rlr DOT id DOT au>, Thanks ok claudio@ | ||
| 6ab3e2c7 | 2020-08-03 10:57:21 | remove tautological condition from Ross L Richardson <openbsd AT rlr DOT id DOT au>, Thanks ok claudio@ | ||
| d8e56de2 | 2020-08-03 10:55:58 | remove dead assignments from Ross L Richardson <openbsd AT rlr DOT id DOT au>, Thanks ok claudio@ | ||
| a1610264 | 2020-07-31 09:57:38 | Replace warnc() with warnx() + strerror() since the first is less portable. Should hopefully fix an issue seen by Robert Scheck OK deraadt@ | ||
| 8e304376 | 2020-07-30 21:06:19 | Remove the unused function canonicalize_host(), it was copied from relayd. Found by Ross L Richardson, Thanks. | ||
| d818f5be | 2020-07-28 13:52:18 | -Separate out the adding of trust anchors into a separate function than what is used for adding other certificates. -Don't call X509_verify on trust anchors for no reason. -Add basic checks for TA certificate (subject can parse, cert is not expired) -Add some useful error reporting if the TA cert we fetched is no good. ok claudio@ | ||
| 3d81c3df | 2020-07-28 07:35:04 | One tiny step towards adding RRDP support in rpki-client. Extract the notify URL from the cert if it is available and pass it back to the parent process. The parent process can then use this info to load the repo via RRDP instead of rsync. OK benno@ (some long time ago) | ||
| f929d3af | 2020-07-27 14:29:45 | Fix return value check for openssl API. Do not return success if pkey is NULL. Feedback and ok cladio@ ok patrick@, tb@ | ||
| 8ae2ff80 | 2020-07-25 21:12:49 | remove unsused enum key_type, copied initialy from relays. found by Ross L Richardson, thanks! ok deraadt@ | ||
| 735d7ac9 | 2020-07-25 15:45:44 | Add a EXIT STATUS section "no objection" ajacoutot@ | ||
| d60dd69d | 2020-07-25 12:14:16 | More DESC -> DESCR; spotted by espie@ | ||
| 11680267 | 2020-07-25 12:08:17 | tyop: DESC -> DESCR ok landry@ robert@ | ||
| a0b034c4 | 2020-07-24 16:40:47 | fix sentence grammar in AUTHORS; | ||
| f5b217e8 | 2020-07-24 16:33:42 | make it a bit clearer that -p is a path to a package repository, not just a regular file path; patient explanation (neccessary) and eventual ok espie | ||
| 97f343bd | 2020-07-23 14:34:55 | Fix strlcpy() usage. The size argument should be the full size of the buffer, not the number of bytes to copy. The strlcpy() return value should be checked to verify that truncation did not occur. OK florian@ | ||
| ac5517e4 | 2020-07-23 13:54:07 | Update to 4.3.2. | ||
| 29688a32 | 2020-07-22 15:33:49 | sensorsd(8) reported an unveil failure due to chdir / . Call chdir(2) before unveil(2). Use absolute config path after chdir, also necessary for SIGHUP. /etc/sensorsd.conf.db must be unveiled, cgetent(3) tries to open it. OK beck@ | ||
| d160f728 | 2020-07-22 05:06:38 | force long-names on msdos filenames, so that folk can see pretty names later. ok kettenis gkoehler | ||
| 5157c9d7 | 2020-07-21 01:09:03 | Avoid integer underflow due to tiny snaplen For DLT_NULL and DLT_LOOP interfaces, print-null.c passes `caplen - NULL_HDRLEN' as length to default_print() which takes an unsigned integer, hence if caplen is smaller than the header itself (four octets), this difference wraps around. Exit early in such cases and print the expected truncation marker "[|null]" instead. Feedback OK dlg | ||
| b2f1acdf | 2020-07-20 14:09:24 | Add a new column to wsfontload -l output, to report the number of characters contained in a loaded font. It's especially useful with user loaded fonts as they can contain more than 256 characters. OK sthen@ | ||
| bea29582 | 2020-07-20 02:24:24 | Remove unused variable "caplen" No object change. | ||
| 86850af8 | 2020-07-19 15:23:08 | Should use ufs_args here after all. While here, make messages more correct. | ||
| a1ee4d86 | 2020-07-18 16:42:00 | use correct structure for mounting, duh ok visa kettenis | ||
| 45126b27 | 2020-07-18 15:28:38 | Create grub.cfg file as required ok kettenis | ||
| dee18dcc | 2020-07-18 14:08:07 | set -/+o pipefail around the magic loop in ls_missing() so that we can properly error out if ftp(1) or tar(1) fails; this happened to swarte@ a few months (something to do with /home on NFS without -maproot IIRC). Check that the signature file is at least 3 lines long (meaning that it contains at least 1 syspatch) before entering the magic loop otherwise `grep -q' will abort the script due to pipefail. While here, revove a useless use of sort(1). | ||
| c25120af | 2020-07-17 08:03:56 | Add powerpc64 support; straight copy from octeon. ok deraadt@ | ||
| e44adad9 | 2020-07-15 22:46:51 | powerpc64 has the sysctl's for power control, so it can use the apmd/apm combo for -L/-H and such. (it gets all the rest of the mess too) ok kettenis | ||
| 1a802015 | 2020-07-15 14:47:41 | Remove unused variables | ||
| 9c84395d | 2020-07-11 14:52:14 | Implement linear and power-of-two histograms: hist() and lhist() keywords. This is built on top of maps which are currently built on top of RB-trees. Improvements are welcome! For example the use of a hashing table as pointed by espie@. The following one-liner produce an histogram of power-of-two values returned by the read(2) syscall: btrace 'syscall:read:return { @bytes = hist(retval); }' ^C @bytes: [0] 19 |@@@@@@@@@@@@@@@@@@@@@@@@@@ | [1] 26 |@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ | [1, 2) 1 |@ | [2, 4) 13 |@@@@@@@@@@@@@@@@@@ | [4, 8) 4 |@@@@@ | [8, 16) 3 |@@@@ | [16, 32) 1 |@ | [32, 64) 8 |@@@@@@@@@@@ | [64, 128) 14 |@@@@@@@@@@@@@@@@@@@ | [128, 256) 7 |@@@@@@@@@ | [256, 512) 37 |@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@| [512, 1K) 1 |@ | [1K, 2K) 10 |@@@@@@@@@@@@@@ | [2K, 4K) 11 |@@@@@@@@@@@@@@@ | [8K, 16K) 1 |@ | | ||
| 512df21d | 2020-07-04 18:30:46 | Our old ksh(1) bug where eval()uating a || compound list would terminate the shell has been fixed by benno@; remove workaround. ok naddy@ | ||
| 474af46f | 2020-07-04 14:08:27 | Small XXX. | ||
| 405649c2 | 2020-07-04 10:16:15 | Print the correct register for syscall return value. While here make it possible to store syscall return values in maps. | ||
| e9c69d2b | 2020-07-03 17:58:09 | Increment line number when skipping multi-line comments. | ||
| 0994484c | 2020-07-01 16:41:43 | Allow hrStorageSize and hrStorageUsed to cope with sizes larger then INT32_MAX by increasing the hrStorageAllocationUnits value until they fit. Original patch from Johan Huldtgren (johan+openbsd-tech <at> huldtgren <dot> com) OK sthen@ | ||
| 0cad9ced | 2020-07-01 13:00:51 | Remove control socket reference | ||
| 05f78f28 | 2020-07-01 06:47:18 | Remove references to snmpd(8) now that agentx support has been removed. Prodded by and OK jmc@ | ||
| 62153df3 | 2020-06-30 17:11:49 | Remove agentx and control socket support. snmpctl has been removed two releases ago, which makes the control interface obsolete. agentx support has always been quirky at best, but got completely broken with the BER_MAX_OID_LEN increase in ber.h. This change resulted in the oid length on the snmp side being left uninitialized because of size difference, resulting in weird behaviour. No one reported the breakage, even after 6.7 was released. This change requires users to remove the socket keyword from their snmpd.conf. OK denis@ | ||
| 0d0fa0ed | 2020-06-30 16:59:38 | Allow relayd to compile without reaching back into snmpd directory for agentx header. OK denis@ | ||
| 91da860a | 2020-06-30 12:52:44 | Remove -f (force) option. The -f option existed for some initial debugging work. Thanks Weerd for review OK claudio@ | ||
| 1f4256da | 2020-06-29 18:25:26 | Fix "init-system" with multiple PCIe root complexes Contrary to other (single CPU) machines, the Oracle SPARC T4-2 machines come with two CPUs/two PCIe root complexes instead of one. ldomctl already accounts for this and interates over them but lacked a skip condition when iterating over subdevices to avoid linking devices in one complex to those in another. This fixes a NULL dereference in "init-system" on T4-2 machines and makes it produce working machine descriptions (.md files). Testing and confirmation on a T4-1 that single PCIe root complex machines still produce identical MDs with this from tracey, thanks! Reminded by a report on bugs@ from Kokuma who also confirmed this fix on their T4-2. | ||
| ae0acb23 | 2020-06-29 17:58:58 | Reject vdisk, vnet and iodevice parameters for primary domain In analogy to guest domains requiring vcpu, memory and at least one bootable device (vdisk, vnet or iodevice), the primary domain must not be configured with vdisk, vnet or iodevice parameters; it does not make sense to provide virtual disks or interfaces to it and PCIe devices not assigned to guest domains automatically end up in the primary domain. ldom.conf(5) also documents those explicitly for guest domains only. OK tracey | ||
| 83fd2a22 | 2020-06-29 15:34:07 | Build on powerpc64. | ||
| 3bf4b771 | 2020-06-28 19:11:53 | Fix build error ok tb | ||
| 08fd0ce3 | 2020-06-28 16:52:45 | vmd(8): Eliminate libevent state corruption libevent functions for com, pic and rtc are now only called on event_thread. vcpu exit handlers send messages on a dev pipe and callbacks on these events do the event management (event_add, evtimer_add, etc). Previously, libevent state was mutated by two threads, event_thread, that runs all the callbacks and the vcpu thread when running exit handlers. This could have lead to libevent state corruption. Patch from Dave Voutila <dave@sisu.io> ok claudio@ tested by abieber@ and brynet@ | ||
| e1715668 | 2020-06-28 15:25:22 | obviously powerpc64 will want pcidump | ||
| a284d5af | 2020-06-27 15:35:27 | convert macppc, octeon, and loongson to use MI installboot, removing special case scripting in install.md. (macppc still requires manual steps for HFS bootmode) tested by krw, visa, gkoehler | ||
| dbf2cc62 | 2020-06-27 07:24:42 | Replace TAILQ concatenation loop with TAILQ_CONCAT OK claudio@ | ||
| 61b37dc2 | 2020-06-26 19:06:52 | Replace SIMPLEQ concatenation loop with SIMPLEQ_CONCAT OK florian@, millert@, kn@ | ||
| a12804d6 | 2020-06-26 19:04:38 | Replace SIMPLEQ concatenation loop with SIMPLEQ_CONCAT OK florian@, millert@, kn@ | ||
| 4bf8a5d4 | 2020-06-26 19:00:08 | Replace SIMPLEQ concatenation loops with SIMPLEQ_CONCAT As a result *ra_rdnss and *ra_dnssl are not used any more, and can be removed. While here remove spurious space. OK florian@, millert@ | ||
| 74f3d152 | 2020-06-24 14:39:21 | Stop using rsync --delete when syncing up with the CA repos. Instead use the files referenced in the manifests to build up a list of files to keep and remove anything that is not in the list after doing the full computation. OK job@ benno@ | ||
| bf448d9d | 2020-06-24 07:20:47 | Using the "ldaps" or "tls" keywords in ldapd.conf currently enables all protocols and ciphers. So you get a TLS server speaking TLSv1.0 and supporting cipher suites with RC4 and 3DES encryption, all of which should be considered broken. There is no way of disabling TLSv1.0 and TLSv1.1 in ldapd. All this is also not very clearly called out in the documentation. This commit switches the defaults to using the libtls defaults for both protocols and ciphers. If compatibility with the insecure legacy protocols and ciphers is needed, use the "legacy" keyword before "tls" or "ldaps" in ldapd.conf. tested by abieber. inoguchi agrees with the direction. ok beck | ||
| 7e30acb4 | 2020-06-22 18:18:20 | Remove unused variable | ||
| b0e92afd | 2020-06-22 15:09:34 | On my previous commit I made the wrong assumption that the control socket was being unlink(2)ed from the main proc so I removed "cpath" from the pledge(2) on the ldpe proc but actually the socket was unlink(2)ed from here, this means the daemon would crash on exit due to pledge(2) not having "cpath" permissions anymore. Finish the job by just not deleting the socket at all during control_cleanup(), which keeps the control program still working without issues but more importantly prevents the crash during exit, sorry about that. Crash reported by wlund at iki.fi OK deraadt@ claudio@ remi@ | ||
| 89643495 | 2020-06-22 13:21:29 | add missing .Pp | ||
| 2579caaf | 2020-06-22 13:14:47 | Fix "the symbol HZ is undefined" yacc warning OK mpi | ||
| b4cf6692 | 2020-06-22 09:28:04 | Install npppd.conf(5) with mode 0600 instead of 0640. npppd.conf(5) can store radius passwords and nothing requires it to be group readable. ok yasuoka@ | ||
| b4844efe | 2020-06-22 06:11:34 | When the main process exits, it closes the pipe so a read 0 occurs. Move log level to debug for that case and while there correct the string, we're reding, not writing. | ||
| 4b96984b | 2020-06-22 05:54:26 | a first cut at requesting and parsing vpd info. reading vpd stuff is useful when you're trying to get support information about a pci device, eg, if you want a serial number, or firmware versions, or specific part name or number, it's likely available via vpd. also, im sick of having the diff in my tree. this relies on the new PCIOCGETVPD ioctl i just committed to the kernel. it's a very quick and dirty implementation, hopefully someone will pick it up and polish it a bit. tested by hrvoje popovski on a variety of cards ok jmatthew@ | ||
| 3862707a | 2020-06-21 20:36:07 | vmd(8): fix ns8250 lockup due to race condition Inject a pending interrupt even if the rcv_pending flag is set to avoid the endless EV_READ loop where a byte lingers read to be read but the vcpu never gets the interrupt to read it. (e.g. the result of spamming RETURN via the serial console) Also, protect com ratelimit handler with mutexes to avoid corruption of the device state. These changes help preventing linux vm crashes when the return key is held on boot. Discovered by and patch from Dave Voutila <dave@sisu.io> ok tb@ | ||
| 2338d7fc | 2020-06-21 07:14:17 | Add RCS marker | ||
| 03d04743 | 2020-06-21 05:00:17 | wire the wireguard packet printer into tcpdump. from Matt Dunwoodie and Jason A. Donenfeld | ||
| 22b46301 | 2020-06-21 04:58:52 | don't claim packets as wg if there's not enough captured bytes to read. | ||
| 7e0f8616 | 2020-06-21 04:54:59 | cope with a truncated capture of a packet. this avoids reading invalid mem. | ||
| 96cf6233 | 2020-06-21 04:45:33 | add a printer for wireguard messages, but not hooked up just yet. from Matt Dunwoodie and Jason A. Donenfeld | ||
| fb49df2d | 2020-06-18 10:26:53 | Apply rules to the number of events returned by the last read(2). Fix a corner case where old events could be re-evaluated. From Yuichiro NAITO. | ||
| 0ba256e3 | 2020-06-17 16:29:02 | We are no longer using the "keep" file as a flag. Pointed out by Martin Vahlensieck, thanks! | ||
| d1d2907d | 2020-06-16 08:46:03 | vmd(8): backout previous commit to ns8250.c as it reintroduced the bug where the vm would get stuck if disconnected from console and get unstuck once console is attached. Spotted by tb@ | ||
| 234862b9 | 2020-06-16 06:23:51 | vmd(8): fix ns8250 lockup due to race condition Inject pending interrupt if com has receive pending. This was previously accidently checked in with an unrelated change by Mike Larkin and was backed out as it didn't fix the intended problem. Also, protect com ratelimit handler with mutexes to avoid corruption of the device state. These changes help preventing linux vm crashes when the return key is held on boot. Discovered by and patch from Dave Voutila <dave@sisu.io> | ||
| 123a8328 | 2020-06-13 07:03:13 | remove the reference to tun(4), as suggested by kaya saman, and advised by dlg; | ||
| 452410f5 | 2020-06-10 17:44:44 | Cast imsg->data to char pointer to silence GCC warning warning: format '%s' expects type 'char *', but argument 2 has type 'void *' Seen on sparc64. OK tobhe | ||
| 17fabd8f | 2020-06-09 20:16:12 | Show a message while pkg_add updates the font cache. This occurs at the end of an install and can take quite a while if you have certain fonts installed. Before this change the cursor was left at an empty line. tweak/ok espie@ | ||
| da8a8f6b | 2020-06-09 06:35:17 | set TLS SNI when relaying to host ok beck@ "looks reasonable" millert@ | ||
| eda8c420 | 2020-06-09 02:39:27 | Prepare buffer for both receive and transmit side so that a client can use them separately. Actually a version of CISCO does and expects the peer does the same. Also fix some typos. | ||
| 9de342e3 | 2020-06-08 19:17:12 | Provide clear errors when trying to install oversized boot loader sparc64 installboot(8) on softraid(4) with too large files, e.g. unstripped builds, fails poorly with "installboot: softraid installboot failed". This is due to the BIOCINSTALLBOOT ioctl(2) returing the default EINVAL rather than using softraid's sr_error() interface properly; additionally, installboot does not check for such message from the bio(4) layer. Make the kernel generate "boot block too large" and "boot loader too large" messages for softraid devices and have installboot act upon them analogous to bioctl(8), by adapting its bio_status() into the new sr_status() helper. Input, reminder to look at bioctl, same kernel diff from, OK jsing | ||
| 3f87ca5f | 2020-06-07 13:29:52 | whitespace | ||
| 7f1c0488 | 2020-06-07 13:28:17 | Swap arguments of calloc(3). While it doesn't matter for calloc, it's easier on the eyes to always list the number of elements first and then the size. From Donovan Watteau ( contrib AT dwatteau.fr), Thanks! | ||
| 1185c690 | 2020-06-05 19:50:59 | Remove redundant code Reported by Prof. Dr. Steffen Wendzel <wendzel @ hs-worms . de>, thanks! OK martijn@ sthen@ | ||
| c27ed0a7 | 2020-06-02 14:41:37 | remove useless redirections okay tb@, florian@ | ||
| 7ed870dc | 2020-06-02 14:41:13 | less convoluted Makefile, removes useless redirections okay tb@, florian@ | ||
| d8fe1c91 | 2020-06-01 05:21:30 | Run lmtp deliveries as SMTPD_USER instead of the recipient user. ok millert@ | ||
| 692b40d2 | 2020-05-28 20:38:21 | Enable building wsmoused on arm64 and armv7. OK deraadt@, kettenis@ | ||
| 177234f7 | 2020-05-28 20:33:50 | Enable building wsfontload on arm64 and armv7. OK deraadt@, kettenis@ | ||
| 725b3260 | 2020-05-27 09:03:56 | Remove unneeded <stddef.h> | ||
| 7454d7ca | 2020-05-25 10:38:32 | When DNS lookup of an UDP loghost failed, syslogd(8) did close the UDP sockets for sending messages. Keep the sockets open if the config allows to send UDP. Then they can be used to send if DNS is working during the next SIGHUP. bug reported and fix tested by sven falempin; OK millert@ | ||
| a2ead979 | 2020-05-24 22:08:54 | Make "init-system -n" check vcpu and memory constraints Second attempt after config.c revision 1.37, this time merely delay the "-n" test until after constraint checks have been performed such that the PRI is still read, as required in order to get the total number of VCPUs and memory. OK kmos who also tested this | ||
| b5073d68 | 2020-05-24 22:00:45 | msg | ||
| c76b35d7 | 2020-05-24 16:47:43 | Relax the filename checks to allow dashes as well. Starting with OpenBSD 6.9, we can use less awkward filenames. Initial diff by deraadt, ok aja | ||
| 8efa5877 | 2020-05-23 13:19:13 | Typofix | ||
| da59641d | 2020-05-23 13:06:33 | Fail on duplicate vcpu, memory or iodevice parameters Domains get to define their cores and memory only once unlike vnet, vdisk and variable parameters of which it makes sense to have more than one; iodevices are unique my design and may only be assigned once. OK kettenis | ||
| 3247d7f3 | 2020-05-22 21:54:20 | Revert previous Total vcpu and memory are read from the PRI so constraint checks must not be done before that, noted by kettenis. The fact that "total_cpus" as a global variable (initialized with zero) is always smaller than the total number of configured vcpus and the fact that I only tested a negative example without a positive one made me jump the trigger, sorry. | ||
| e139c7ff | 2020-05-22 21:40:16 | Make "init-system -n" check vcpu and memory constraints kmos noted that "-n" wouldn't bark at overallocation, only running without it would do so. Hoit setup code and delay the noaction bailout just after constraint checks such that they're always done. OK kmos | ||
| 8643c0ed | 2020-05-22 07:18:17 | Use the simpler HTML5 idiom to declare charset in autogenerated pages. This came from a suggestion by Andras Farkas to replace use of XHTML self-closing tags. ok cwen@ danj@ florian@ | ||
| 671d2f92 | 2020-05-21 15:38:05 | Correct getsockname(2)/getpeername(2) usage. Fixes an uninitialized variable and a potential stack overflow with IPv6 connections. From Leah Neukirchen; OK eric@ deraadt@ |