| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2015-11-14 | Various *syncron* -> *synchron* typos. | Miod Vallat | |
| 2015-11-14 | Cleanup from unifdef: set sact.sa_flags to SA_RESTART instead of | Todd C. Miller | |
| clearing it and then ORin in SA_RESTART. | |||
| 2015-11-14 | Remove log_it() and call syslog(3) directly using the same format: | Todd C. Miller | |
| "(username) WHAT (details)". Logs due to normal operation (e.g. crontab operations or running commands) are logged at LOG_INFO like before. Actual errors are logged at LOG_ERR, less important things are logged at LOG_WARNING OR LOG_NOTICE. Also ignore SIGHUP now that there is no log file to reopen. | |||
| 2015-11-14 | The character is an int so use %x not %hhx. | Nicholas Marriott | |
| 2010-10-01 | import OpenSSL-1.0.0a | Damien Miller | |
| 2015-11-14 | The private use area at U+E000 to U+F8FF is not very useful if it is | Nicholas Marriott | |
| width 0, make it width 1 instead. | |||
| 2015-11-14 | All these return values from utf8_* are confusing, use an enum. | Nicholas Marriott | |
| 2015-11-14 | Rename a variable in utf8_combine for consistency and use 0xfffd for | Nicholas Marriott | |
| unknown Unicode. | |||
| 2015-11-14 | Couple of assignments to remove compiler warnings. | Nicholas Marriott | |
| 2015-11-14 | Be more strict about invalid UTF-8. | Nicholas Marriott | |
| 2015-11-14 | Push stdout and stderr to clients more aggressively, and add an event to | Nicholas Marriott | |
| continue if the send fails. | |||
| 2015-11-14 | knock out obsolete mlinks for srandom and urandom; | Jason McIntyre | |
| 2015-11-14 | pci at macepcibr, not macepcbir; | Jason McIntyre | |
| 2015-11-14 | Log more of UTF-8 input. | Nicholas Marriott | |
| 2015-11-14 | sync | Theo de Raadt | |
| 2015-11-14 | regress: pledge: update SYS_kill syscall number | Sebastien Marie | |
| 2015-11-14 | Give clear directions on how to declare, PROTO_*() and DEF_*() new symbols | Philip Guenther | |
| prodded by deraadt@ | |||
| 2015-11-14 | For pledge "stdio", allow the break(2) system call which backends the brk/sbrk | Theo de Raadt | |
| library routines. The manpage declares, in bold: The brk() and sbrk() functions are historical curiosities left over from earlier days before the advent of virtual memory management. In our base tree, only one program uses these functions -- cc1 in the gcc toolset. A historical curiosity using a historical curiosity, how quaint. brk is used because precompiled c headers are not position independent. Another program which relies upon brk is emacs. Other uses of brk are EXCEEDINGLY RARE, because most software grew up and use modern practices such as malloc and mmap, thereby gaining ASLR benefits. Position independence has become an important part of mitigations. These two programs fight such improvements. Permitting brk/sbrk allows the large attack surface of cc1 to be pledged. "I would rather have cc1 pledged than purity in pledge" guenther | |||
| 2015-11-14 | Fix a missing unlock. | Mike Larkin | |
| From Stefan Kempf sn.kempf at t-online.de | |||
| 2015-11-14 | pledge "stdio inet sendfd" before entering main loop in network speaking | Theo de Raadt | |
| child. (All those I asked to test timed out before commit, so now they get to test for real...) | |||
| 2015-11-14 | update the NAME section; ok nicm schwarze | Jason McIntyre | |
| 2015-11-14 | remove the machine arch from Dt - this file gets installed on more | Jason McIntyre | |
| than one arch; ok schwarze | |||
| 2015-11-14 | remove pointless resolver(5) mlink: if you want this file, ask for | Jason McIntyre | |
| it by name (typing "man resolver" won;t get you it anyway); explicit removal urged by ingo | |||
| 2015-11-14 | these files document their config files too: adjust NAME accordingly; | Jason McIntyre | |
| ok schwarze | |||
| 2015-11-14 | the mandoc(7) mlink is useless; zapping now, at ingo's behest | Jason McIntyre | |
| 2015-11-14 | pledge("stdio", NULL) for code path that just prints the MBR or GPT. i.e. | Kenneth R Westerback | |
| when none of -i, -e or -u are specified. Prodded by deraadt@ | |||
| 2015-11-14 | If none of -i, -u or -e are specified exit immediately after the | Kenneth R Westerback | |
| MBR or GPT is printed. Do not attempt to read the MBR template file, construct an initial mbr, etc. | |||
| 2015-11-13 | vmm is i386 only for now | Theo de Raadt | |
| 2015-11-13 | No need to supplement usage() with extra messages about -b needing -i, or | Kenneth R Westerback | |
| -g needing -i. The usage() text is quite clear. usage() doesn't return so eliminate unneeded 'else'. | |||
| 2015-11-13 | No need to zero a global variable before use. | Kenneth R Westerback | |
| 2015-11-13 | Use crontab-style syslog calls in at. | Todd C. Miller | |
| Remove check_permission and just call allowed() directly. | |||
| 2015-11-13 | There's no need for at.c globals to be extern. | Todd C. Miller | |
| 2015-11-13 | Ev SHELL no longer relevant; | Jason McIntyre | |
| 2015-11-13 | pledge tcpbench, from David Hill, tweaked the -s case. | Sebastian Benoit | |
| ok deraadt@ | |||
| 2015-11-13 | remove -d from SYNOPSIS; | Jason McIntyre | |
| 2015-11-13 | Since rtable was hoisted to the top with setrtable, it should have no | Theo de Raadt | |
| bearing on the following pledge setups anymore. ok benno | |||
| 2015-11-13 | Both gcc & collect2 can pledge "stdio rpath wpath cpath proc exec". | Theo de Raadt | |
| (cc1 "toplev.c" uses brk/sbrk, so it is on hold to figure out the right direction...) ok semarie pascal | |||
| 2015-11-13 | move pledge(2) after setrtable(2), like in nc(1); | Ingo Schwarze | |
| OK deraadt@ | |||
| 2015-11-13 | pledge "stdio rpath wpath getpw inet tty" at startup. After opening | Theo de Raadt | |
| the socket and entering the main loop, pledge "stdio tty". For my next trick, I will be adding chacha20-poly1305 support. | |||
| 2015-11-13 | All setsockopt IPPROTO_IPV6 IPV6_TCLASS (v4 calls this IP_TOS) | Theo de Raadt | |
| 2015-11-13 | Use setrtable() for the entire process, rather than doing it for the | Theo de Raadt | |
| socket later. Same idea as in nc(1). | |||
| 2015-11-13 | Remove support for the debug command; noone needs setsockopt SO_DEBUG | Theo de Raadt | |
| 2015-11-13 | Delete tracefile command. Tracefiles can now only be specified at | Theo de Raadt | |
| program startup. Who uses that? Noone... ok millert | |||
| 2015-11-13 | remove support for !shell | Theo de Raadt | |
| ok millert | |||
| 2015-11-13 | Add a flag argument to flush() to stop it calling quit() on error, then | Nicholas Marriott | |
| use this from quit() to stop less blowing up the stack looping through quit()/flush() if stderr is closed (for example "less /missing 2</dev/null"). ok millert | |||
| 2015-11-13 | remove skey support | Theo de Raadt | |
| ok millert | |||
| 2015-11-13 | pledge "stdio rpath wpath cpath fattr" for both as & ld | Theo de Raadt | |
| ok semarie | |||
| 2015-11-13 | pledge "stdio rpath dns" right at the start of the servicing loop. | Theo de Raadt | |
| Commiting to gather reports. | |||
| 2015-11-13 | Log option names in fatal() for missing option. | Nicholas Marriott | |
| 2015-11-13 | sync | Theo de Raadt | |
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |