Age | Commit message (Collapse) | Author | |
---|---|---|---|
2015-10-23 | With new pledge "ps" and "vminfo" requests, ps/top/w become possible. | Theo de Raadt | |
2015-10-23 | there's an extra argument to soreceive now. | David Gwynne | |
found by teary students. | |||
2015-10-23 | pass the right sizes to free. | David Gwynne | |
2015-10-23 | Update expected group sizes to match recent code changes. | Darren Tucker | |
2015-10-23 | inline the hfsc_active TAILQ. | David Gwynne | |
make cl_actc in hfsc_class a TAILQ rather than a pointer to a TAILQ that gets allocated seaprately. | |||
2015-10-23 | include err.h for err() calls added with recent pledge commits. | Jonathan Gray | |
2015-10-23 | inline the hif_eligible TAILQ. | David Gwynne | |
make hif_eligible in hfsc_if a TAILQ rather than a pointer to a TAILQ that gets allocated separately. "look ma, i saved 4 or 8 bytes" | |||
2015-10-23 | Remove two comments listing functionless files. Trivial, no functional | mmcc | |
change. | |||
2015-10-23 | counting packets in hif_packets in hfsc_if is redundant. | David Gwynne | |
the ifqueue struct has the same information, and hif_packets is never read separately. trim it. | |||
2015-10-23 | tweak the vnetid so it can be optional and therefore cleared/deleted. | David Gwynne | |
the abstract vnetid is promoted to a uin32_t, and adds a SIOCDVNETID ioctl so it can be cleared. this is all because i set an assignment on implementing a virtual network interface and the students got confused when vnetid 0 didnt show up in ifconfig output. the vnetid in the vxlan(4) protocol is optional, but the current code confuses 0 with no vnetid being set. this makes it clear. ok reyk@ who also simplified my diff | |||
2015-10-23 | proto.h contains many function prototypes. It's apparently separate from | mmcc | |
sh.h because the pdksh devs used a prototype generator (last run in 1992). Merging it into sh.h makes things clearer. ok nicm@ | |||
2015-10-23 | Add 3 new pledge requests. "ps" exposes enough sysctl information for | Theo de Raadt | |
ps-style programs (there are quite a few in the tree, including tmux). "vminfo" exposes a bit more system operation information, which many observation programs want (such as top). settime allows setting the system time, and will be used to pledge-protect the last ntpd process. | |||
2015-10-23 | remove the pointer from hfsc_class structs back to hfsc_if. | David Gwynne | |
you get to hfsc_class via a hfsc_if, so just pass the hfsc_if around on the stack when we need it rather than following the pointer back. most of this change is passing the hif on the stack. ok mpi@ henning@ | |||
2015-10-23 | correct precedence; from Ilya Kaliman | Theo de Raadt | |
2015-10-23 | Allow hw.ncpu sysctl (a few reasons showed up in my mailbox rapidly..) | Theo de Raadt | |
2015-10-23 | crank libc major | Theo de Raadt | |
2015-10-23 | Remove dnssocket() and dnsconnect(), since we decided to use a SOCK_DNS | Theo de Raadt | |
flag instead. ok guenther tedu semarie | |||
2015-10-23 | Switch to using SOCK_DNS flag, rather than the dnssocket() and | Theo de Raadt | |
dnssonnect() calls. Be a bit careful crossing over this, need a kernel no older than Monday. ok guenther tedu semarie | |||
2015-10-23 | replace pointer arithmetic and casts with offsetof | Jonathan Gray | |
ok mpi@ bluhm@ | |||
2015-10-23 | replace pointer arithmetic and casts with offsetof | Jonathan Gray | |
ok dlg@ krw@ | |||
2015-10-22 | Add pledge support to login_yubikey. Much feedback and OK millert@ | Brandon Mercer | |
2015-10-22 | Cast ctype function arguments to unsigned char. | mmcc | |
ok guenther@ | |||
2015-10-22 | Fix some bugs in the handling of the RTM_GET and RTM_CHANGE messages | Renato Westphal | |
found when running eigrpd(8) and ldpd(8) together. | |||
2015-10-22 | document tid keyword. | Sebastian Benoit | |
found with and ok bluhm@ | |||
2015-10-22 | use the new function man_validate() here, too | Ingo Schwarze | |
2015-10-22 | move man(7) validation into the dedicated validation phase, too | Ingo Schwarze | |
2015-10-22 | If no output device was allocated because no file wanted to produce output, | Ingo Schwarze | |
refrain from dereferencing a NULL pointer during final deallocation. Fixing a recent regression reported by czarkoff@ | |||
2015-10-22 | Build boot blocks with -msmall-data -msmall-text. | Miod Vallat | |
2015-10-22 | Drop historical comment and an old '#if notyet'. | Martin Pieuchot | |
2015-10-22 | Kill link_rtrequest(), introduce in 1990 to "fix" the result | Martin Pieuchot | |
of rt_getifa() when adding link level route from outside the kernel. ok claudio@ | |||
2015-10-22 | Use only one refcounting mechanism for route entries. | Martin Pieuchot | |
ok bluhm@, dlg@, claudio@ | |||
2015-10-22 | Only check for rt_ifp now that it is alays the same as rt_ifa->ifa_ifp. | Martin Pieuchot | |
ok millert@, bluhm@ | |||
2015-10-22 | Make sure that the address matching the key (destination) of a route | Martin Pieuchot | |
entry is attached to this entry. ok phessler@, bluhm@ | |||
2015-10-22 | Use rt_ifp instead of rt_ifa->ifa_ifp. | Martin Pieuchot | |
ok bluhm@ | |||
2015-10-22 | Kill dead code, ifa is specified and won't change. | Martin Pieuchot | |
ok bluhm@ | |||
2015-10-22 | iked hereby pledges that it will run with restricted system | Reyk Floeter | |
operations. This adds pledge(2) too all processes, including the iked parent process; the existing privsep design has been improved for better pledgeability. There haven't been any serious problems as it was already sane (eg. by receiving the PFKEYv2 and UDP sockets via fd passing). The control socket moved to an independent process to remove some abilities from the cert process. Committed in agreement with many but nobody was brave enough to OK it. Better testing will happen with having it in the tree. "It's the truth" deraadt@ "Let's see what happens" benno@ | |||
2015-10-22 | Add a regress test for if_indextoname() and if_nametoindex() | Claudio Jeker | |
2015-10-22 | Another change that is needed to restore the previous behaviour of | Joel Sing | |
ASN1_{GENERALIZED,UTC}TIME_set_string(), which allows it to be called with a NULL pointer. ok beck@ | |||
2015-10-22 | Inspired by satosin(), use inline functions to convert sockaddr dl. | Alexander Bluhm | |
Instead of casts they check wether the incoming object has the expected type. So introduce satosdl() and sdltosa() in the kernel. OK mpi@ | |||
2015-10-22 | Final removal of EXTERN. | mmcc | |
ok nicm@ | |||
2015-10-22 | Stop linking iked -static: It was inherited from isakmpd that is | Reyk Floeter | |
-static for NFS-over-IPsec that might mount the libraries after /usr. The benefit of linking iked dynamic outweighs the historic reason, eg. to get full address space randomization and to benefit from libcrypto updates, so we turn it into a dynamic binary. OK deraadt@ naddy@ | |||
2015-10-22 | Restore previous behaviour and allow | Joel Sing | |
ASN1_{GENERALIZED,UTC,}TIME_set_string() to be called with a NULL pointer. Found the hard way by @kinichiro on github. ok beck@ | |||
2015-10-22 | Add pledge(2) to some binutils that handle untrusted data. Most can do with | Pascal Stumpf | |
"stdio rpath", while objdump(1) also needs "tmppath" for objdump -i. ok deraadt@, comments sthen@ kettenis@ | |||
2015-10-22 | Extend tests to call ASN1_{GENERALIZED,UTC,}TIME_set_string() with a NULL | Joel Sing | |
pointer - because, you know, you might want to set a string on a NULL object. The previous implementation apparently allowed this as a way of testing if the string was valid... probably because the *_check() functions are only useable after the string has already been set. | |||
2015-10-22 | Fix case where we wanted to test ASN1_TIME_set_string() but were testing | Joel Sing | |
ASN1_UTCTIME_set_string() twice instead. | |||
2015-10-22 | Fix case where we wanted to test ASN1_TIME_set_string() but were testing | Joel Sing | |
ASN1_UTCTIME_set_string() twice instead. | |||
2015-10-22 | Do not pass an ``ia'' just to dereference ``ia_ifp''. | Martin Pieuchot | |
ok claudio@, bluhm@, jsg@ | |||
2015-10-22 | Revert revision 1.282: | Reyk Floeter | |
"Allow for empty blocks for peers. While this is bad style for permant use, this is very nice to temporarily disable a peer option." This broke the grammar by introducing shift/reduce errors. OK phessler@ | |||
2015-10-22 | use crypt_checkpass("password", NULL) to fake a login instead of bcrypt | Ted Unangst | |
2015-10-22 | use crypt_checkpass to check password | Ted Unangst | |