src - OpenBSD base system

Age	Commit message (Collapse)	Author
2018-09-21	when compiled with GSSAPI support, cache supported method OIDs by	Damien Miller
	calling ssh_gssapi_prepare_supported_oids() regardless of whether GSSAPI authentication is enabled in the main config. This avoids sandbox violations for configurations that enable GSSAPI auth later, e.g. Match user djm GSSAPIAuthentication yes bz#2107; ok dtucker@
2018-09-21	In sshkey_in_file(), ignore keys that are considered for being too	Damien Miller
	short (i.e. SSH_ERR_KEY_LENGTH). These keys will not be considered to be "in the file". This allows key revocation lists to contain short keys without the entire revocation list being considered invalid. bz#2897; ok dtucker
2018-09-21	Both AS 23456 and AS 0 are reserved and can nor be used. Extend check for	Claudio Jeker
	AS 0 and adjust yyerror message to print the right number. With input and OK denis@
2018-09-21	6.5 firmware key	Stuart Henderson

2018-09-21	better yyerror messages. "syntax error" is generally not very helpful.	Claudio Jeker
	OK denis@
2018-09-21	update rtwn;	Jason McIntyre

2018-09-21	Basic testing of roa-sets.	Claudio Jeker

2018-09-21	Move setting of the PREFIXSET_FLAG_OPS higher up since prefixset_item rule	Claudio Jeker
	is now also used by roa-set. Also set the prefix operation for roa-set items to OP_NONE since that what it actually needs to be.
2018-09-21	Add some more prefix-set test cases. Mainly to test edge cases in the RB	Claudio Jeker
	tree implementation now used.
2018-09-21	Implement code to parse, print and reload roa-set tables.	Claudio Jeker
	This is sharing a lot of code with prefixset which makes all a bit easier. A roa-set is defined like this: roa-set "test2" { 1.2.3.0/24 source-as 1, 1.2.8.0/22 maxlen 24 source-as 3 } No support for acting on this data yet. Put it in deraadt@, OK benno@, input and OK denis@
2018-09-21	Treat connections with ProxyJump specified the same as ones with a	Damien Miller
	ProxyCommand set with regards to hostname canonicalisation (i.e. don't try to canonicalise the hostname unless CanonicalizeHostname is set to 'always'). Patch from Sven Wegener via bz#2896
2018-09-21	U-Boot 2018.05 and later will attempt to load a dtb for PocketBeagle if	Jonathan Gray
	the hardware is detected. Add this to the miniroot/ramdisk. requires dtb 4.18 U-Boot 2018.09 and later will load a dtb for 'SanCloud BeagleBone Enhanced' if required which will be in dtb 4.19 after linux 4.19 is released and can be added then.
2018-09-21	mention RTL8188EE support	Jonathan Matthew

2018-09-21	Add support for RTL8188EE.	Jonathan Matthew
	This needs a new firmware image, which should be added to the rtwn firmware package shortly. testing and lots of help from kevlo@ ok kevlo@ stsp@
2018-09-21	add missing braces implied by indentation	Jonathan Gray
	ok millert@ claudio@
2018-09-20	actually make CASignatureAlgorithms available as a config option	Damien Miller

2018-09-20	merge unbound 1.8.0	Stuart Henderson

2018-09-20	import unbound 1.8.0, tested by myself and benno@	Stuart Henderson

2018-09-20	As a step towards per inpcb or socket locks, remove the net lock	Alexander Bluhm
	for netstat -a. Introduce a global mutex that protects the tables and hashes for the internet PCBs. To detect detached PCB, set its inp_socket field to NULL. This has to be protected by a per PCB mutex. The protocol pointer has to be protected by the mutex as netstat uses it. Always take the kernel lock in in_pcbnotifyall() and in6_pcbnotify() before the table mutex to avoid lock ordering problems in the notify functions. OK visa@
2018-09-20	missing space after comma	Theo Buehler

2018-09-20	grow alpha and hppa media to accomodate some recent growth	Theo de Raadt

2018-09-20	vmm(4): Clear the guest MWAITX/MONITORX extended CPUID feature bit,	Bryan Steele
	like we already do for MWAIT/MONITOR. Also match Intel here by not exposing the SVM capability to AMD guests. Allows Linux guests to boot in vmd(8) on Ryzen CPUs. ok mlarkin@
2018-09-20	add missing explanation about daemon_variables removed when disabling a pkg	solene
	script ok aja@ jca@
2018-09-20	add missing braces implied by indentation	Jonathan Gray
	ok millert@
2018-09-20	add missing braces implied by indentation	Jonathan Gray
	ok millert@ mpi@
2018-09-20	Adjust unittests to the adjustments done to the as_set code.	Claudio Jeker
	OK benno@
2018-09-20	as_set_match() changed again, so adjust it here too.	Claudio Jeker
	OK benno@
2018-09-20	Split up as_set into a set_table and an as_set. The first is what does	Claudio Jeker
	the lookup and will now also be used in roa-set tries. The as_set is glue to add the name and dirty flag. Add an accessor to get the set data so that the imsg sending and printing can be moved into the right places. This is done mainly because roa-sets need similar but slightly different versions and making the code more generic is the best way fixing this. OK benno@
2018-09-20	fix indentation	Jonathan Gray
	ok krw@ millert@
2018-09-20	properly handle credentials and fix auth in smtp(1)	Eric Faurot
	ok gilles@
2018-09-20	fix indentation	Jonathan Gray
	ok krw@ millert@
2018-09-20	whitespace cleanup, ok claudio@	Sebastian Benoit

2018-09-20	fix indentation	Eric Faurot

2018-09-20	Import updated moduli.	Darren Tucker

2018-09-20	Sort order changed because an RB tree is now used for prefixsets.	Claudio Jeker

2018-09-20	Switch prefixset to an RB_TREE instead of a SIMPLEQ. This allows to trigger	Claudio Jeker
	on duplicates (which are only reported) but is needed as a preparation step for roa-sets. OK benno@ denis@
2018-09-20	Fix the empty aspath segments check. seg_size is never 0, this needs to use	Claudio Jeker
	seg_len instead. Since seg_len is known early move the check up. Found while hunting for the other bug in aspath_verify.
2018-09-20	Fix an out of bound read that could crash the RDE because it touched	Claudio Jeker
	unallocated memory while looking for AS 0. Found by and debugged with Aaron A. Glenn. Thanks a lot.
2018-09-20	reorder CASignatureAlgorithms, and add them to the various -o lists;	Jason McIntyre
	ok djm
2018-09-20	fix "ssh -Q sig" to show correct signature algorithm list (it was	Damien Miller
	erroneously showing certificate algorithms); prompted by markus@
2018-09-20	add CASignatureAlgorithms option for the client, allowing it to specify	Damien Miller
	which signature algorithms may be used by CAs when signing certificates. Useful if you want to ban RSA/SHA1; ok markus@
2018-09-20	Add sshd_config CASignatureAlgorithms option to allow control over	Damien Miller
	which signature algorithms a CA may use when signing certificates. In particular, this allows a sshd to ban certificates signed with RSA/SHA1. ok markus@
2018-09-20	fix a memory leak in ihidev_hid_command()	Jonathan Gray
	ok claudio@
2018-09-19	If getcwd() fails in dinit(), the stat buffer 'swd' is used	Todd C. Miller
	uninitialized by the else clause. Since it is used in both clauses we should perform the stat before the if(). However, fixing this causes 'cp' to be unitialized in some case so initialize cp to NULL and move the "cp == NULL" check out of the first if() clause now that it can be true in either case. OK miko@ deraadt@
2018-09-19	Fix last commit, I made one of the changes to the wrong line.	Todd C. Miller
	Noticed by martijn@
2018-09-19	Update disklabel(8) man page with the new 5G minimum for /usr/obj.	Alexander Bluhm
	Remove Tn macro to make mandoc lint happy. requested by jmc@
2018-09-19	fix message to reflect "rmidi" is the expected string; ok ratchov@	miko

2018-09-19	Compare against NULL, not '\0' for pointers. Quiets a warning on	Todd C. Miller
	newer gcc.
2018-09-19	sys/stat.h not needed here; ok ratchov@	miko

2018-09-19	Always call bridge_iflist `bif'.	Martin Pieuchot
	ok bluhm@, visa@