src - OpenBSD base system

Age	Commit message (Collapse)	Author
2019-11-11	change the nmea sensor to "trusted"	Theo de Raadt

2019-11-11	move /usr and var remounting (nfs diskless case...) earlier, so that	Theo de Raadt
	unwind can be started (silently) before pf is configured (for those few weirdos who use hostnames in pf.conf...). Other unidentified concerns may be improved by this startup re-ordering, so let's give it a try. discussed with florian.
2019-11-11	update ntpd example configuration	Theo de Raadt

2019-11-10	use $(<file) instead of $(cat file) since this script uses ksh; ok ajacoutot@	Christian Weisgerber

2019-11-07	Reenable "val-log-level: 2", so that when sites have misconfigured	Stuart Henderson
	dnssec the sysadmin has some idea what's going on in logs, and "aggressive-nsec: yes", if we're using dnssec anyway we might as well get the benefits. These were both enabled last time dnssec was enabled in this sample unbound.conf. ok florian@
2019-11-07	Enable DNSSEC validation in unbound by default	job
	OK deraadt@ otto@
2019-11-06	Perform contraint validation against 9.9.9.9 and 2620:fe::fe also (which	Theo de Raadt
	avoids DNS lookups entirely, but yes this https is correctly validated) long discussions with otto, florian, and the quad9 crew.
2019-11-06	we have emergency entropy injection code in rc, for if the bootblocks and	Theo de Raadt
	other methods failed to inject/churn the rng enough. Move it up far earlier. ok naddy sthen kettenis
2019-11-05	Add a default priority of 5 for user _pbuild, this should help keeping system	solene
	responsive during packages compilation, especially on slower machines. feedback welcome from people building ports discussed with deraadt@
2019-10-25	handle aggr(4) in the same way as trunk(4)	David Gwynne
	from brad@ ok bluhm@ claudio@ deraadt@
2019-10-22	Import regenerated moduli file.	Darren Tucker

2019-10-20	regen	Mark Kettenis

2019-10-20	Add /dev/pri.	Mark Kettenis

2019-10-18	Bump datasize-cur for pbuild on mips64, to make room for modernity.	Visa Hankala
	OK deraadt@
2019-10-12	accidentally stated the MP kernel twice, leading the SHA256/SHA256.sig	Theo de Raadt
	file to contain two hashes for bsd.mp, and cause later upgrade problems spotted by afresh1
2019-10-07	sync arm64 pbuild resource limits with amd64; arm64 now builds some large	Stuart Henderson
	things and can easily exceed the previous 1.5GB limit. (obviously, as with amd64, machines with less physical RAM won't cope with building the largest ports). ok deraadt phessler millert kettenis
2019-10-07	update pkg name	Theo de Raadt

2019-10-07	correct dates	Theo de Raadt

2019-10-06	for now, only mix in sysctl hw.{uuid,serialno,sensors} to /dev/random.	Stuart Henderson
	as found the hard way by d.rauschenb@gmail on an old fujitsu siemens machine, reading all of hw (notable hw.setperf) can have unexpected side-effects. ok deraadt
2019-10-02	feed "sysctl hw" into /dev/random; a cheap way to feed in sensor data	Stuart Henderson
	as a one-shot at boot without more complex kernel work, and also includes some serial numbers/guids which may add a little more entropy e.g. for systems where /etc/random.seed may be known (e.g. cloned disk images). "why not" deraadt@
2019-09-21	Increase datasize limit for ports building on arm64 in preparation	Kurt Miller
	for enabling devel/jdk/11 there. okay phessler@
2019-09-18	Correct sysctl section is 2	solene
	ok jmc millert
2019-09-18	Add explanation about the default value of sysctl key	solene
	machdep.pwraction ok jmc millert
2019-09-15	Add ttyC4 to lost of devices to change when logging in on ttyC0 (and in	Mark Kettenis
	some cases also the serial console) such that X can use it as its VT when running without root privileges. ok jsg@, matthieu@
2019-09-09	Inform about system call memory write protection and stack mapping	Alexander Bluhm
	violations in system accounting. This will help to find missbehaving programs and possible attacks. The flags bit field is full, so recycle the PDP-11 compatibility on VAX. lastcomm(1) prints the AMAP flag as 'M'. daily(8) prints a list of affected processes. OK deraadt@
2019-09-08	Bump datasize-cur to 4Gb for pbuild class on sparc64, rust is a pig.	Landry Breuil
	ok semarie@
2019-09-07	Remove dependency on basename(1).	Antoine Jacoutot
	prodded by deraadt@ ok kn@ deraadt@ tb@
2019-08-25	space -> tabs	Antoine Jacoutot
	ok deraadt@ kn@
2019-08-19	The piggies have outgrown their pen again: Firefox 69 will no longer	Christian Weisgerber
	build in 5 GB of memory. Bump default datasize for pbuild to 6 GB. ok landry@ ajacoutot@
2019-08-19	add 6.7 syspatch key	Robert Nagy

2019-08-12	Add the rpki TAL files to the changelist including arin.tal (which is not	Claudio Jeker
	shipeed by default). OK job@ sthen@ deraadt@
2019-08-12	There is no reason why the TAL files are installed only readable by root	Claudio Jeker
	these are public files. Agreed by deraadt@ (and florian@)
2019-08-10	move to 6.6-beta	Theo de Raadt

2019-08-09	add 6.7 firmware key	Stuart Henderson

2019-08-06	oops, 6.7, spotted by tedu well in advance of it becoming an issue	Theo de Raadt

2019-08-05	6.7 packages key	Christian Weisgerber

2019-08-04	Revise the way how the octeon bootloader is built. The original	Visa Hankala
	approach was not right, and there is still room for improvement. OK deraadt@
2019-08-03	good idea to make next-generation keys available well before heading into ↵	Theo de Raadt
	release.
2019-07-28	Link octeon bootloader to the build.	Visa Hankala
	OK deraadt@
2019-07-28	Add a dedicated ramdisk entry for the octeon bootloader to reduce	Visa Hankala
	the size of the "boot" file. OK deraadt@
2019-07-27	man5/sparc64 is now required (on all arch)	Theo de Raadt

2019-07-26	standard DoT port is 853 not 953; from myportslist20190323 at nym.hush.com	Stuart Henderson

2019-07-25	Show unveil(2) violators in lastcomm(1) output and daily mail.	Alexander Bluhm
	input Janne Johansson, schwarze@; OK deraadt@ millert@
2019-07-24	Stop using reserved words in the smtpd.conf configuration examples	kmos
	in the default smtpd.conf and smtpd.conf(5) manual page. This eliminates ambiguity in our documentation examples that can cause confusion. Input and OK deraadt@ schwarze@ kn@
2019-07-17	regen	Visa Hankala

2019-07-17	Add a bootloader for octeon.	Visa Hankala
	The firmware on OCTEON machines usually does not provide an interface for accessing devices, which has made it tricky to implement an OpenBSD bootloader. To solve this device access problem, this new loader has been built on top of a small kernel. The kernel provides all the necessary devices drivers, while most of the usual bootloader logic is in a userspace program in a ramdisk. The loader program is accompanied by a special device, octboot(4). The main purpose of this device is to implement a mechanism for loading and launching kernels. The mechanism has been inspired by Linux' kexec(2) system call. The bootloader will be enabled later when it is ready for general use. Discussed with deraadt@
2019-07-15	Add tls-cert-bundle and example of using a DNS-over-TLS forwarder.	Darren Tucker
	Note that, at this time, Unbound does not re-use TLS connections (https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=4089) so the TCP and TLS handshakes will cause a disproportiate increase in latency compared to UDP. ok sthen@ florian@
2019-07-04	add server time.cloudflare.com.	Theo de Raadt
	- Cloudflare have very good adjacency (if PCH did anycast ntp, we'd use it) - As ntp input, it is great they don't leapsmear - Not all their nodes do ntp, hope they succeed at scaling that up - ntpd constrains (un-auth) ntp packets within a TLS constraint window so there is no downside (unlike pool.ntp entries which slowly decay but that's a story for another commit..) ok otto
2019-06-28	miniroot prototype disklabels should attempt to contain accurate	Theo de Raadt
	prototype information (in this case, the miniroot-building code is completely lovecraft)
2019-06-19	move tals to /etc, where they can be upgraded by a "sysupgrade" if	Theo de Raadt
	such a circumstance ever occurs. ok job