summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-10-25Remove last vestige of SSL_OP_NO_SSLv3 support.Doug Hogan
No part of LibreSSL checks for this flag any longer. ok jsing@
2015-10-25Simplify ssl23_get_client_hello error handling.Doug Hogan
ssl23_get_client_hello sets type=1 on error and continues processing. It should return an error immediately to simplify things. This also allows us to start removing the last of SSL_OP_NO_SSL*. Added extra paranoia for s->version to make sure it is set properly. ok jsing@
2015-10-25Decapitalize yyparse tag name here.Vadim Zhukov
okay jmc@
2015-10-25strvis directory names in psDmitrij Czarkoff
OK stsp@
2015-10-25Simple sizes for free(9).Martin Pieuchot
ok claudio@
2015-10-25do not expose nd6 randomid's to userland via ioctl.Theo de Raadt
ok claudio mpi florian
2015-10-25Trivial rt_ifp->if_index -> rt_ifidx conversions.Martin Pieuchot
2015-10-25Sync after recent rtable_insert() change.Martin Pieuchot
2015-10-25Merge rtable_mpath_conflict() into rtable_insert().Martin Pieuchot
ok claudio@
2015-10-25IPV6_NEXTHOP is gone, remove -g option which used this.Florian Obser
kill it mpi@
2015-10-25Remove IPV6_NEXTHOP implementation. Source routing is considered to beFlorian Obser
a bad idea these days. kill it mpi@ general agreement in the network hackers room at u2k15
2015-10-25Kill unused local var, and reorder while here.Jeremie Courreges-Anglas
2015-10-25Be more consisten with rtmsgs. Always set rtm_index (even in the RTM_GETClaudio Jeker
case) and always set rtm_pid to the pid of the requestor (even in the sysctl code path). OK mpi@
2015-10-25We don't care about lack of source route support for IPv6.Jeremie Courreges-Anglas
ok sthen@ guenther@ mpi@ millert@
2015-10-25Kill IP Source Route support, unusable since 1998.Jeremie Courreges-Anglas
ok sthen@ guenther@ mpi@ millert@
2015-10-25Use the "modern" way to check if a route entry correspond to a localMartin Pieuchot
address. Fix a regression introduced when removing the lo0 hack. ok florian@
2015-10-25Do not overwrite if_rtrequest() if the driver specified it *before*Martin Pieuchot
calling if_attach().
2015-10-25arp_ifinit() is no longer needed.Martin Pieuchot
2015-10-25arp_ifinit() is no longer needed and almost dead.Martin Pieuchot
2015-10-25zap trailing whitespace;Jason McIntyre
2015-10-25tweak previous;Jason McIntyre
2015-10-25arp_ifinit() is no longer needed.Martin Pieuchot
2015-10-25ifa is no longer used.Martin Pieuchot
2015-10-25arp_ifinit() is no longer needed.Martin Pieuchot
2015-10-25Implement ping(8)'s -L option in ping6:Florian Obser
Disable the loopback, so the transmitting host doesn't see the ICMP requests. For multicast pings. OK benno@
2015-10-25arp_ifinit() is no longer needed.Martin Pieuchot
2015-10-25arp_ifinit() is no longer required.Martin Pieuchot
2015-10-25Missing initializer; spotted by coverity.Miod Vallat
2015-10-25Introduce if_rtrequest() the successor of ifa_rtrequest().Martin Pieuchot
L2 resolution depends on the protocol (encoded in the route entry) and an ``ifp''. Not having to care about an ``ifa'' makes our life easier in our MP effort. Fewer dependencies between data structures implies fewer headaches. Discussed with bluhm@, ok claudio@
2015-10-25Introduce if_rtrequest() the successor of ifa_rtrequest().Martin Pieuchot
L2 resolution depends on the protocol (encoded in the route entry) and an ``ifp''. Not having to care about an ``ifa'' makes our life easier in our MP effort. Fewer dependencies between data structures implies fewer headaches. Discussed with bluhm@, ok claudio@
2015-10-25backout; many issues remain...Theo de Raadt
2015-10-25reorder some checks in pledge_namei() in order to properly work.Sebastien Marie
mainly move read/write whitelisted paths that should be *before* checking if you have PLEDGE_WPATH. with and ok deraadt@
2015-10-25the DNS process was not discarding & redirecting stdin/out/err toTheo de Raadt
/dev/null. copy the code from the ntp engine.
2015-10-25ps(1) needs sysctl KERN_PROC_CWD exposed as well in the pledge "ps" set.Theo de Raadt
hit by czarkoff
2015-10-25The only thing that was translated into multiple languages in OpenBSDAlexander Bluhm
are the errno messages and signal names. Everything else is in English. We are not planning to translate more text. Running a mixed system with less than 1% of the text in native language makes no sense. So remove the NLS support from libc messages. The catopen(3) functions stay as they are. OK stsp@ mpi@
2015-10-25Use 'fdisk -i', instead of 'fdisk -e' with a here document ofKenneth R Westerback
'reinit;update;write;quit'. They've done the same thing for some time now. Tweaks & test from rpe@. ok rpe@ deraadt@
2015-10-25Instead of doing the the if_get() dance for rt_missmsg(), change theAlexander Bluhm
function to take an interface index. discussed with mpi@; OK claudio@
2015-10-25syncMiod Vallat
2015-10-25need "getpw" pledge; spotted by matthieuTheo de Raadt
2015-10-25route flush cannot pledge before sysctl for NET_RT_DUMP; defer the act.Theo de Raadt
issue spotted by matthieu
2015-10-25just dump the help on stdout with messing about with a pager.Ted Unangst
makes pledge much simpler. from jan stary
2015-10-25Pass output from jobs through format_expand() so they are expanded againNicholas Marriott
(this was the previous behaviour).
2015-10-25No need to declare pwd_gensalt; it's unused and gone.Antoine Jacoutot
ok tedu@
2015-10-25pledge the main usage patterns similar to arp(8). Some akkorokamuiTheo de Raadt
prevent doing this better, someone should try to refactor this more like arp... also figure out what dawn-of-ipv6 options can be removed. ok benno
2015-10-25Let's see if anyone screams about not being able to specify $TMPDIRTheo de Raadt
for their tmux sockets. (Over the years, I have seen $TMPDIR set up worse than /tmp many times, and don't know how this practice infected other parts of the system. Nothing uses tmpdir(3), nor a huge-temporary-file program like sort.) ok nicm
2015-10-25pledge bind(1), dig(1), and nslookup(1). This modifies the underlyingTheo de Raadt
ISC library to use socket(2) with the SOCK_DNS flag. As a result, the port commands are disabled (such practice is rare in the wild these days, and pretty incompatible with the DNS vs regular socket concept in pledge..) ok bluhm phessler reyk, etc
2003-01-20ISC BIND version 9.2.2rc1Jakob Schlyter
2015-10-25Use sigaction() instead of signal() to avoid pulling in unnecessaryPhilip Guenther
wrappers. To keep uses from crawling back in, mark signal() as deprecated inside libc. ok deraadt@
2015-10-25Use dprintf() instead of fprintf() in the signal handlerPhilip Guenther
2015-10-25POSIX says that you can't capture the return value of sigsetjmp().Philip Guenther
Fortunately, we don't need it as we only pass siglongjmp() a single value. ok deraadt@