Age | Commit message (Collapse) | Author |
|
|
|
This was proposed by Emil Velikov to simplify libdrm and will remove the
need for some patches in ports.
/dev/drm0 -> /dev/dri/card0
/dev/drmR128 -> /dev/dri/renderD128
The previous names will remain for a period of time and will later be
removed. Major and minor numbers remain the same.
libdrm will not be changed to use the new names until known privsep
and sandbox use has been updated to allow the new names.
ok deraadt@
|
|
|
|
This includes ujoy_hid_is_collection() to work around limitations of
hid_is_collection() until this can be combined without fallout.
input, testing with 8bitdo controller, and ok brynet@
PS4 controller testing, fix for hid_is_collection, and ok mglocker@
|
|
require more than 768M to build itself.
|
|
of file descriptors while running a busy desktop
the xenodm login class expands the records from the daemon login class
ok aja@, deraadt@, kettenis@, sthen@
|
|
|
|
|
|
|
|
it's only accessible to root:wheel.
ok deraadt@
|
|
ok deraadt@
|
|
|
|
We used to have different numbers of blowfish rounds between the
default and daemon classes in login.conf. On Jun 26, 2016, tedu
committed "upgrade selected login.conf to use auto rounds for bcrypt"
for amd64, sparc64, i386, and maccpc.
Since the class daemon inherits from the default class, the
:localcipher=blowfish,a:\
is a duplicate.
ok millert@ deraadt@ sthen@
|
|
but additionally have a bootblock in the first 8K (since UFS does not use that
space). There are some UEFI direct-from-internet bootloaders that require
the name *.img. So this makes things more convenient for those, while keeping
it consistant in all architectures.
ok kettenis beck kn
|
|
ok deraadt
|
|
|
|
ok deraadt@
|
|
|
|
with help from claudio@
|
|
|
|
|
|
|
|
While FIDO/U2F keys were already supported by the generic uhid(4)
driver, this driver adds the first step to tighten the security of
FIDO/U2F access. Specifically, users don't need read/write access to
all USB/HID devices anymore and the driver also improves integration
with pledge(2) and unveil(2): It is pledge-friendly because it doesn't
require any ioctls to discover the device and unveil-friendly because
it uses a single /dev/fido/* directory for its device nodes.
It also allows to support FIDO/U2F in firefox without further
weakening the "sandbox" of the browser. Firefox does not have a
proper privsep design and many operations, such as U2F access, are
handled directly by the main process. This means that the browser's
"fat" main process needs direct read/write access to all USB HID
devices, at least on other operating systems. With fido(4) we can
support security keys in Firefox under OpenBSD without such a
compromise.
With this change, libfido2 stops using the ioctl to query the device
vendor/product and just assumes "OpenBSD" "fido(4)" instead. The
ioctl is still supported but there was no benefit in obtaining the
vendor product or name; it also allows to use libfido2 under pledge.
With feedback from deraadt@ and many others
OK kettenis@ djm@ and jmc@ for the manpage bits
|
|
|
|
|
|
|
|
|
|
responsive during packages compilation, especially on slower machines.
feedback welcome from people building ports
discussed with deraadt@
|
|
machdep.pwraction
ok jmc millert
|
|
some cases also the serial console) such that X can use it as its VT
when running without root privileges.
ok jsg@, matthieu@
|
|
build in 5 GB of memory. Bump default datasize for pbuild to 6 GB.
ok landry@ ajacoutot@
|
|
|
|
|
|
on ttyC0. While here add drm0 to loongson and add the complete set of
wscons and drm devices to arm64.
ok kettenis@
|
|
running a ports bulk without bumping anything else
(matches what's on amd64.ports and exopi)
ok sthen@ phessler@ espie@ naddy@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
with the syzkaller kernel fuzzer. So far, 8 distinct panics have been found and
fixed. This effort will continue.
kcov is limited to architectures using Clang as their default compiler and is
not enabled by default.
With help from mpi@, thanks!
ok kettenis@ mpi@ visa@
|
|
|
|
|
|
|
|
|
|
Size problem noted by me, correct fix from deraadt@
|
|
Prepare the install*.fs files for this growth.
|
|
|
|
machdep.lidaction=0 # do nothing
machdep.lidaction=1 # suspend
machdep.lidaction=2 # hibernate
lidsuspend is just an alias for lidaction, so if you change one, the
other one will have the same value. The plan is to remove
machdep.lidsuspend eventually when people have upgraded their
/ets/sysctl.conf.
discussed with deraadt, who came up with the new MIB name
no objections mlarkin
ok stsp halex jcs
|