summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2019-12-11vmd: proper concurrency control when pausing a vmpd
Removes an XXX which slept for 1s waiting for the vcpu thread to reach HLT and pause. We now define a paused and unpaused condition so that a call to pause_vm() / vmctl pause blocks till the vm really reaches a paused state. Also, detach events for devices from event loop when pausing and add them back when unpausing. This is because some callbacks call pthread_mutex_lock and if the vm is paused, it would block also causing the libevent thread to block. This would mean that we would not be able to process any IMSGs received from vmm (parent process) including a message to unpause. ok mlarkin@
2019-12-10some more corrections for documentation problems spotted by Ron FrederickDamien Miller
document certifiate private key format correct flags type for sk-ssh-ed25519@openssh.com keys
2019-12-10loading security keys into ssh-agent used the extension constraintDamien Miller
"sk-provider@openssh.com", not "sk@openssh.com"; spotted by Ron Frederick
2019-12-10add security key types to list of keys allowed to act as CAs;Damien Miller
spotted by Ron Frederick
2019-12-10when acting as a CA and using a security key as the CA key, remind theDamien Miller
user to touch they key to authorise the signature.
2019-12-10chop some unnecessary and confusing verbiage from the security keyDamien Miller
protocol description; feedback from Ron Frederick
2019-12-10Make bundled IPcomp/ESP policies work with IPSEC_LEVEL_REQUIRE.tobhe
We only install flows for IPcomp. When processing an incoming ESP SA, look for a bundled IPcomp SA and use that in the policy check. ok bluhm@
2019-12-10Just output a generic error message:Antoine Jacoutot
"Unsupported filesystem, aborting" for mfs, nfs and co.
2019-12-10If a file or directory component does not exists, realpath(3) returnsAlexander Bluhm
ENOENT. In this case, try to open(2) the path. Then a non-existing file will be created, but a missing directory component still causes an error. This fixes isakmpd(8) IKE pcap file creation. from hshoexer@
2019-12-10Make TMUX_CONF a list of files and expand leading $FOO or ~.Nicholas Marriott
2019-12-10We can receive a delete and free an SA that is referenced in sa_nextr.tobhe
Remove references when deleting the SA, otherwise we trigger a use-after-free. ok markus@
2019-12-10Print started and stopped domains alikekn
"looks better" deraadt Ok kettenis
2019-12-10Like other architectures, luna88k bootloader also needs arc4.c.Kenji Aoyama
ok guenther@, "your choice" deraadt@
2019-12-10In HTML, display straight quotes, not curly quotes, for Qq/Qo/Qc macros.Anthony J. Bentley
This is the intended behavior and already the case in terminal output. Incorrect output noticed by Eldred Habert. ok schwarze@
2019-12-10Plug two mem leaks in udp_receive() and zap unneeded allocations;Otto Moerbeek
ok florian@
2019-12-10Similar to doubting NXDOMAIN when we just switched networks we alsoFlorian Obser
need to doubt validation errors as we might find ourselves behind a captive portal. The hotspot at schiphol airport uses login.hotspotschiphol.nl: - it is NXDOMAIN on the public internet - hotspotschiphol.nl is signed and attests that login does not exist. - resolves to 1.1.1.5(!) when asking the dhcp nameservers - the dhcp nameservers pass DNSSEC records so validation works This resulted in unwind doing validation and answering SERVFAIL since the answer is bogus. Input & OK otto
2019-12-10Remove includes that are no longer neeed after tedu's simplification.Todd C. Miller
OK jca@
2019-12-10The msync interface first appeared in SunOS 4.0.Jonathan Gray
2019-12-10Adjust history text.Jonathan Gray
A fully functional mmap() system call first appeared in SunOS 4.0 and has been available since 4.4BSD. wording from and ok schwarze@ input from deraadt@
2019-12-09When loading a library, mmap(2) may fail. Then everything getsAlexander Bluhm
unmapped and ld.so tries again with different random address layout. In this case, use the new libc executable address for msyscall(2), not one from the first try. Fixes sporadic bogus syscall on i386. OK deraadt@
2019-12-09print addresses upon msyscall failure, for nowTheo de Raadt
2019-12-09Do not count up nentries in send_response() when the entry was skippedremi
because of split-horizon simple. This fixes empty response packages sent out by ripd. Adapt send_request() to follow the same layout. Input and OK claudio@
2019-12-09fix error message.remi
OK claudio@
2019-12-09iface is not used afterwards. It should have been removed in rev. 1.8.remi
OK claudio@
2019-12-09swap two fields in the filter response protocol to match order of fields inGilles Chehade
the query protocol. this difference was overlooked and is error-prone for a filter developer. bump filter protocol. when you update your smtpd, if you use filters, they'll need to be updated. spotted by Chris Ross <cross+openbsd@distal.com>
2019-12-09update to-do listTheo Buehler
2019-12-09Run Wycheproof DSA P1363 test vectors against libcrypto.Theo Buehler
2019-12-09Reinstate ftp_printf to log sent HTTP headersJeremie Courreges-Anglas
On SMALL builds ftp_printf is just a #define to avoid a size increase. ok millert@
2019-12-09typoTheo de Raadt
2019-12-09Many people have crossed the ABI, so re-enable "syscall call-from" checking.Theo de Raadt
2019-12-09rework the filtering text somewhat to condense it a little, avoid textJason McIntyre
duplication, and make the language a bit more consistent; ok gilles
2019-12-09Initialize length of uptime and trapoid for trap_agentx.Martijn van Duren
This probably needs a cleaner approach in the long run, but fixes the ober_oid_cmp for now. From gerhard_roth <at> genua <dot> de
2019-12-09improve comment for uvm_map_inentry_pc(), the underlyingTheo de Raadt
non-writeable / syscall checker.
2019-12-09update the example default config to use "from local" too; from myportslistJason McIntyre
ok gilles
2019-12-09syncTheo de Raadt
2019-12-09Move RCS Id to the top of the fileJeremie Courreges-Anglas
2019-12-09tweak -z mode verification to save the header and actually output it,Marc Espie
so that signify -zV >saved.tgz keeps the signature for later checks. Uses slightly more memory, but simplifies some processes. okay tedu@
2019-12-09always pull in if_types.h, to unbreak ramdisksTheo de Raadt
2019-12-09With NOSSL let url_get() print a nice error message for https urlsJeremie Courreges-Anglas
Input from deraadt@
2019-12-08For chunked transfers always restore the SIGINFO handler (not just on error)Jeremie Courreges-Anglas
Overlooked when shuffling the HTTP/1.1 code.
2019-12-08msyscall(2) is like kbind(2), and should be always permitted. it doesTheo de Raadt
it's own checks.
2019-12-08Limit advertised UDP payload size to 1232 bytes to prevent PMTU /Florian Obser
fragmentation issues. OK otto
2019-12-08Fully reinstate revision 1.21. Apparently, revision 1.22 (part ofTheo Buehler
the "Fix at least one cause of VMs spinning at 100% host CPU" commit) accidentally included some pieces of a different WIP. These pieces remained in the tree after the revert and caused vmd to busy loop after attaching to and detaching from a VM's console. "please commit" mlarkin
2019-12-08Various cleanup tweaks. 'return' is not a function. KNF. Whitespace,Kenneth R Westerback
Comment fixes.
2019-12-08cosmetic changes to conform to style of other existing OpenBSD code.Marc Espie
Okay jasper@
2019-12-08tweak previous;Jason McIntyre
2019-12-08small tweaks;Jason McIntyre
2019-12-08define _LIBCPP_HAS_TIMESPEC_GET and _LIBCPP_HAS_C11_FEATURESJonathan Gray
OpenBSD has timespec_get(3) and struct timespec/aligned_alloc(3). ok kettenis@ jca@
2019-12-08Reduce the max. number of frame buffers so that we can run higherMarcus Glocker
resolutions without running out of kernel memory. Tested with 1920x1080 uncompressed and mjpeg without performance degradation. ok mpi@
2019-12-08Various cleanup tweaks. 'return' is not a function. KNF. Whitespace,Kenneth R Westerback
Comment fixes.
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-03 21:44:36 +0000