src - OpenBSD base system

Age	Commit message (Collapse)	Author
2016-07-08	Return 0 on read from PIT control port. Intel explicitly says this is not	Mike Larkin
	supported, and it looks like other emulators/hypervisors do a variety of different things here. Most return 0, but at least one might return random garbage. Returning 0 seems safest here, but leave a warning in place for the logs in case a guest VM does this.
2016-07-08	Improve crypto ordering for Encrypt-then-MAC (EtM) mode MAC algorithms.	Damien Miller
	Previously we were computing the MAC, decrypting the packet and then checking the MAC. This gave rise to the possibility of creating a side-channel oracle in the decryption step, though no such oracle has been identified. This adds a mac_check() function that computes and checks the MAC in one pass, and uses it to advance MAC checking for EtM algorithms to before payload decryption. Reported by Jean Paul Degabriele, Kenny Paterson, Torben Hansen and Martin Albrecht. feedback and ok markus@
2016-07-07	Updated the ldpd.conf man page examples	Rafael Zalamena
	The man page already contains the definition of the new neighbor-addr and neighbor-id, but the examples were outdated. Now we may have an LSR-ID that is different from its address. ok renato@
2016-07-07	Apply http://perl5.git.perl.org/perl.git/commitdiff/08e3451d7	Todd C. Miller
	This fixes a bug where XSLoader could try to load from a subdir of the cwd when called via eval. OK afresh1@
2016-07-07	sync	Theo de Raadt

2010-09-24	Perl 5.12.2 from CPAN	Todd C. Miller

2016-07-07	sync with mdocml.bsd.lv: mention httpd(8) and slowcgi(8)	Ingo Schwarze

2016-07-07	Revert previous since the libtls change has been reverted.	Joel Sing

2016-07-07	Revert previous - it introduces problems with a common privsep use case.	Joel Sing

2016-07-07	add ca cert error check and make the path configurable	Brent Cook
	from Kinichiro Inoguchi
2016-07-07	call BN_init on temporaries to avoid use-before-set warnings	Brent Cook
	ok beck@
2016-07-07	biff, mesg, vi: only consider ACCESSPERMS for setting tty mode.	Sebastien Marie
	it explicitly removes any S_ISUID\|S_ISGID\|S_ISTXT bits, instead of letting pledge(2) silenciously remove them. ok beck@ deraadt@
2016-07-07	tmux: only consider ACCESSPERMS for setting mode on socket_path.	Sebastien Marie
	it explicitly removes any S_ISUID\|S_ISGID\|S_ISTXT bits, instead of letting pledge(2) silenciously remove them. ok nicm@ beck@ deraadt@
2016-07-07	Add man page for the maxrtc(4) I2C driver.	Marcus Glocker

2016-07-07	sanity check vm create and run args earlier	Mike Larkin

2016-07-06	Now libtls is always reading cert.pem during tls_config_new().	Alexander Bluhm
	Adapt ktrace count in syslogd test.
2016-07-06	J/j is a three valued option, document and fix code to actuall support that	Otto Moerbeek
	with a little help from jmc@ for the man page bits ok jca@ and a reluctant tedu@
2016-07-06	Allow space-deliminated fields in syslog.conf in addition to	Todd C. Miller
	traditional tabs-deliminated fields. This is consistent with what FreeBSD, NetBSD and Linux do. Adapted from FreeBSD.
2016-07-06	Return EINVAL for mknod/mknodat when dev is -1 (aka VNOVAL).	Todd C. Miller
	OK beck@ tedu@
2016-07-06	Check that the given ciphers string is syntactically valid and results in	Joel Sing
	at least one matching cipher suite. ok doug@
2016-07-06	route6d spring cleanup	Jeremie Courreges-Anglas
	Various tweaks and fixes: - nuke util.h, not needed since pidfile(3) went away - nuke the rrt_same member of struct riprt, "future use" since import - mark rtdexit as __dead - nuke progname handling - fix pid handling: cache the pid after calling daemon(3) - nuke setting rtm_pid. The kernel is responsible for setting this in routing messages. - nuke the useless myseq variable ok florian@ benno@ millert@ deraadt@ renato@
2016-07-06	Remove manual file loading (now that libtls does this for us) and adjust	Joel Sing
	pledge to match. Also use tls_config_error() to provide friendlier error messages.
2016-07-06	Always load CA, key and certificate files at the time the configuration	Joel Sing
	function is called. This simplifies code and results in a single memory based code path being used to provide data to libssl. Errors that occur when accessing the specified file are now detected and propagated immediately. Since the file access now occurs when the configuration function is called, we now play nicely with privsep/pledge. ok beck@ bluhm@ doug@
2016-07-06	fix several places where calculating ticks could overflow.	Ted Unangst
	it's not enough to assign to an unsigned type because if the arithmetic overflows the compiler may decide to do anything. so change all the long long casts to uint64_t so that we start with the right type. reported by Tim Newsham of NCC. ok deraadt
2016-07-06	Move Hop-by-Hop processing into its own function ip6_hbhchcheck().	Martin Pieuchot
	This function will help splitting the IPv6 input path in two, in order to run the first part without KERNEL_LOCK() held. Tested by Hrvoje Popovski, ok bluhm@
2016-07-06	sync	Visa Hankala

2016-07-06	clarify a comment about memory regions	Mike Larkin

2016-07-06	Use fstatat() to avoid path surgery.	Philip Guenther
	bug catching and ok millert@
2016-07-06	Correctly handle an EOF that occurs prior to the TLS handshake completing.	Joel Sing
	Reported by Vasily Kolobkov, based on a diff from Marko Kreen. ok beck@
2016-07-05	Some new tests related to bin/cat.c rev. 1.25,	Ingo Schwarze
	from Sevan Janiyan <venture37 at geeklan dot co dot uk>.
2016-07-05	Improve the tracking functions in wsmouse.	Ulf Brosziewski
	ok mpi@
2016-07-05	sync	Theo de Raadt

2016-07-05	Update to tzdata2016f from from ftp.iana.org.	Todd C. Miller

2016-07-05	Remove kern.random remnants; OK deraadt@	Tim van der Molen

2016-07-05	Move to svc_getreq_poll/svc_pollfd.	Jeremie Courreges-Anglas
	Stop using select to avoid the weird workarounds for fd_set size. Also replace calloc with reallocarray. Prompted by a mail by Miod, cluebat from guenther@. ok millert@, prodding deraadt@
2016-07-05	Remove debug code that slipped in.	Visa Hankala

2016-07-05	Build eeprom(8) on octeon.	Visa Hankala
	ok kettenis@ deraadt@ jasper@
2016-07-05	regen	Visa Hankala

2016-07-05	Add /dev/openprom.	Visa Hankala
	ok kettenis@ deraadt@ jasper@
2016-07-05	Add openprom(4) for octeon.	Visa Hankala
	ok kettenis@ deraadt@ jasper@
2016-07-05	Hook up the pcfrtc(4) manual; OK kettenis@	Tim van der Molen

2016-07-05	Expand IN6_IFF_NOTREADY, ok bluhm@	Martin Pieuchot

2016-07-05	sync	Stuart Henderson

2016-07-05	Do not use ``rt_addr'' in in{6,}_selectsrc() it doesn't work with magic	Martin Pieuchot
	addresses set on p2p interfaces. Found the hardway by naddy@
2016-07-05	Modify code added in rev 1.30 to use the correct variable instead of a	Jonathan Gray
	different uninitialised one. ok martijn@
2016-07-05	remove extra assignment of s from 1.11, fix regression test	Brent Cook

2016-07-05	remove unneeded duplicate call - spotted by jsing@	Bob Beck

2016-07-05	On systems where we do not have BN_ULLONG defined (most 64-bit systems),	Brent Cook
	BN_mod_word() can return incorrect results if the supplied modulus is too big, so we need to fall back to BN_div_word. Now that BN_mod_word may fail, handle errors properly update the man page. Thanks to Brian Smith for pointing out these fixes from BoringSSL: https://boringssl.googlesource.com/boringssl/+/67cb49d045f04973ddba0f92fe8a8ad483c7da89 https://boringssl.googlesource.com/boringssl/+/44bedc348d9491e63c7ed1438db100a4b8a830be ok beck@
2016-07-05	Missed a reference to dl_prebind.h	Philip Guenther
	problem noted by Andrew Ngo (andrew.ngo (at) gmail.com)
2016-07-05	remove some casts that aren't necessary.	Ted Unangst