Age | Commit message (Collapse) | Author |
|
|
|
|
|
ok kn@ deraadt@
|
|
|
|
OK deraadt@ mpi@ claudio@ miod@
|
|
the architecture and set the bgpd class' datasize to either 16G or 1G
ok sthen@ and discussed with many
|
|
- capitalise RADIUS when referring to the protocol
- remove tis
from raf czlonka
ok sthen ajacoutot
|
|
|
|
|
|
Addresses a stack exhaustion issue with llvm11 and a small number of ports.
ok kettenis@
|
|
|
|
from miod
|
|
|
|
This includes ujoy_hid_is_collection() to work around limitations of
hid_is_collection() until this can be combined without fallout.
input, testing with 8bitdo controller, and ok brynet@
PS4 controller testing, fix for hid_is_collection, and ok mglocker@
|
|
of file descriptors while running a busy desktop
the xenodm login class expands the records from the daemon login class
ok aja@, deraadt@, kettenis@, sthen@
|
|
|
|
it's only accessible to root:wheel.
ok deraadt@
|
|
but additionally have a bootblock in the first 8K (since UFS does not use that
space). There are some UEFI direct-from-internet bootloaders that require
the name *.img. So this makes things more convenient for those, while keeping
it consistant in all architectures.
ok kettenis beck kn
|
|
|
|
ok deraadt
|
|
|
|
|
|
ok visa@, kettenis@, deraadt@
|
|
|
|
with help from claudio@
|
|
|
|
While FIDO/U2F keys were already supported by the generic uhid(4)
driver, this driver adds the first step to tighten the security of
FIDO/U2F access. Specifically, users don't need read/write access to
all USB/HID devices anymore and the driver also improves integration
with pledge(2) and unveil(2): It is pledge-friendly because it doesn't
require any ioctls to discover the device and unveil-friendly because
it uses a single /dev/fido/* directory for its device nodes.
It also allows to support FIDO/U2F in firefox without further
weakening the "sandbox" of the browser. Firefox does not have a
proper privsep design and many operations, such as U2F access, are
handled directly by the main process. This means that the browser's
"fat" main process needs direct read/write access to all USB HID
devices, at least on other operating systems. With fido(4) we can
support security keys in Firefox under OpenBSD without such a
compromise.
With this change, libfido2 stops using the ioctl to query the device
vendor/product and just assumes "OpenBSD" "fido(4)" instead. The
ioctl is still supported but there was no benefit in obtaining the
vendor product or name; it also allows to use libfido2 under pledge.
With feedback from deraadt@ and many others
OK kettenis@ djm@ and jmc@ for the manpage bits
|
|
|
|
responsive during packages compilation, especially on slower machines.
feedback welcome from people building ports
discussed with deraadt@
|
|
some cases also the serial console) such that X can use it as its VT
when running without root privileges.
ok jsg@, matthieu@
|
|
|
|
|
|
ok deraadt@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
raising openfiles-cur above the implicit -max value (1024 on at least the
common arch) results in the setting not being applied at all.
Earlier version OK tom@ danj@ ajacoutot@ benno@ krw@ beck@, suggestion about
openfiles= from millert@ - changes in this version are to use 1024 for -max
rather than 512 to avoid changing the existing hard limit, and just use
openfiles= for bgpd/unbound where max and cur are the same value.
|
|
|
|
|
|
|
|
|
|
|
|
While here, also remove two forgotten descriptions for long obsolete
devices.
|
|
|
|
ok deraadt@ yasuoka@ reyk@
|
|
|