summaryrefslogtreecommitdiff
path: root/distrib
AgeCommit message (Collapse)Author
2024-03-06syncTheo Buehler
2024-03-05prune clang13 libLLVM; OK sthenKlemens Nanni
2024-03-05syncTheo Buehler
2024-03-05syncTheo Buehler
2024-03-04syncTheo Buehler
2024-03-03sncTheo de Raadt
2024-03-02syncTheo de Raadt
2024-03-02sync (lh_stats.3 removal)Theo Buehler
2024-03-02sync (libressl major, gost.h removal)Theo Buehler
2024-03-02list install.img in contents where it is builtJonathan Gray
landry@ noted it wasn't in arm64 contents
2024-03-02syncTheo de Raadt
2024-02-29An empty file /var/account/acct in etc.tgz simplifies accounting.Alexander Bluhm
OK deraadt@
2024-02-24syncTheo de Raadt
2024-02-22syncTheo de Raadt
2024-02-21syncTheo de Raadt
2024-02-20+openbsd-76-fw.pubStuart Henderson
2024-02-19Avoid passphrase in temporary fileKlemens Nanni
bioctl(8) uses readpassphrase(3) RPP_REQUITE_TTY, so always pass stdin, but only use it over TTY with -s in unattended mode. Prodding afresh1 sthen "much better" sthen
2024-02-18syncTheo Buehler
2024-02-18syncTheo de Raadt
2024-02-17syncChristian Weisgerber
2024-02-17syncTheo de Raadt
2024-02-15syncTheo de Raadt
2024-02-11Enable disk encryption in unattended installationsKlemens Nanni
Interactively keeps using bioctl(8)'s own prompt, in unattended mode ask_passphrase() ensures non-empty responses or fails. Unlike user passwords, autoinstall(8) only supports plaintext passphrases: Encrypt the root disk with a (p)assphrase or (k)eydisk = passphrase New passphrase = secret Make sure to trust the install network or use a pre-configured key disk: Encrypt the root disk with a (p)assphrase or (k)eydisk = keydisk Which disk contains the key disk = sd2 Which sd2 partition is the key disk = a initial diff from Chris Narkiewicz OK afresh1 Feedback sthen
2024-02-11libexpat minor bump to 14.1Alexander Bluhm
2024-02-10grow arm64 iso media againTheo de Raadt
2024-02-08syncTheo de Raadt
2024-02-05syncTheo de Raadt
2024-02-03Add new amd64-only sysctl machdep.retpoline which says whether the cpuTheo de Raadt
requires retpoline. If 0, we should do everything in our power to avoid pure retpoline (replacing it with a simple thunk where possible), because by it's nature retpoline converts an indirect-branch into a direct branch (push to stack & ret), and therefore it is an IBT (endbr64) bypass method. This sysctl leverages guenther's decision-making logic in the kernel, which already uses codepatch to fix the kernel retpoline thunk. In my opinion, the retpoline-using logic really should be flipped; ROP execution bypassing IBT to re-enter regular control flow is more dangerous than spectre. ok kettenis
2024-01-27syncTheo de Raadt
2024-01-26partial syncTheo de Raadt
2024-01-26remove /mnt/usr/include/c++/v1 before extracting sets, it changed fromStuart Henderson
a file to a dir with the libc++ update to 16. ok deraadt phessler
2024-01-22syncTheo de Raadt
2024-01-22syncTheo Buehler
2024-01-19More files to be blessed by the clean target.Miod Vallat
2024-01-19syncTheo de Raadt
2023-12-29syncTheo Buehler
2023-12-29syncTheo de Raadt
2023-12-23Sync for perl 5.36.3Andrew Fresh
2023-12-22syncTheo de Raadt
2023-12-19Move constraints files to the etc setTheo Buehler
These are config files and once modified they should not be overwritten if they have local changes. ok deraadt job
2023-12-16syncTheo Buehler
2023-12-15For amd64 cdXX.iso and installXX.iso, create an EFI system partition imageJonathan Matthew
containing the EFI boot loaders and install it as an El Torito boot image, making the install CDs bootable in EFI mode. "looks great" deraadt@ ok mlarkin@
2023-12-13syncTheo de Raadt
2023-12-12SyncClaudio Jeker
2023-12-12syncTheo de Raadt
2023-12-12syncTheo de Raadt
2023-12-12syncTheo de Raadt
2023-12-11syncTheo de Raadt
2023-12-01syncTheo Buehler
2023-11-19syncTheo Buehler
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-26 22:05:55 +0000