| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2019-12-04 | Attempt to smear out stampedes on the RPKI rsync servers | job | |
| OK claudio@ benno@ | |||
| 2019-12-02 | sync names | Theo de Raadt | |
| 2019-12-01 | grow i386 cd ramdisk a little bit | Theo de Raadt | |
| 2019-11-30 | Tweak rpki-client to create all 4 output file formats from a single | Theo de Raadt | |
| compute, based upon flags. OpenBGPD compatible format by default if no options, to integrate with bgpd.conf and bgpctl reload. Adapt mtree and stuff. This will receive further refactoring... ok benno job | |||
| 2019-11-29 | Uncomment a single line in root's crontab to run rpki-client and reload | Theo de Raadt | |
| bpgd configuration, which enables Enterprise-Ready Industry-Leading-by-Example RPKI ROA filtering on your OpenBGP edge. Arguments remain about how often to run this operation, for now we propose 9AM when people who can fix their shit are in the office. ok claudio benno | |||
| 2019-11-29 | Import /var/db/rpki-client/roa and filter | Theo de Raadt | |
| discussed at length with claudio and benno | |||
| 2019-11-29 | add /var/cache/rpki-client, ok deraadt@ | Sebastian Benoit | |
| 2019-11-29 | create a var/db/rpki-client/roa file with correct ownership so that | Theo de Raadt | |
| rpki-client(8) can deal with it (some upcoming changes...) | |||
| 2019-11-29 | create var/db/rpki-client directory with correct mode | Theo de Raadt | |
| 2019-11-27 | Nuke http captive portal detection; something better is coming. | Florian Obser | |
| OK otto | |||
| 2019-11-26 | make implicit "listen on socket" explicit, the default config no longer has | Gilles Chehade | |
| any implicit behavior ok eric@, kn@ | |||
| 2019-11-25 | use explicit from notation in default config | Gilles Chehade | |
| ok eric@ | |||
| 2019-11-22 | sndiod(8) reopens audio interfaces on SIGHUP, which makes a lot of sense | Claudio Jeker | |
| when -F is used. Because of this allow rc.d script to reload sndiod. OK kn ratchov aja | |||
| 2019-11-15 | fix the spelling of rpki, as noted by jmc@ | Sebastian Benoit | |
| 2019-11-15 | grow an install media | Theo de Raadt | |
| 2019-11-14 | uid/gid 70 is _rpki-client for privdrop; ok benno | Theo de Raadt | |
| 2019-11-11 | change the nmea sensor to "trusted" | Theo de Raadt | |
| 2019-11-11 | move /usr and var remounting (nfs diskless case...) earlier, so that | Theo de Raadt | |
| unwind can be started (silently) before pf is configured (for those few weirdos who use hostnames in pf.conf...). Other unidentified concerns may be improved by this startup re-ordering, so let's give it a try. discussed with florian. | |||
| 2019-11-11 | update ntpd example configuration | Theo de Raadt | |
| 2019-11-10 | use $(<file) instead of $(cat file) since this script uses ksh; ok ajacoutot@ | Christian Weisgerber | |
| 2019-11-07 | Reenable "val-log-level: 2", so that when sites have misconfigured | Stuart Henderson | |
| dnssec the sysadmin has some idea what's going on in logs, and "aggressive-nsec: yes", if we're using dnssec anyway we might as well get the benefits. These were both enabled last time dnssec was enabled in this sample unbound.conf. ok florian@ | |||
| 2019-11-07 | Enable DNSSEC validation in unbound by default | job | |
| OK deraadt@ otto@ | |||
| 2019-11-06 | Perform contraint validation against 9.9.9.9 and 2620:fe::fe also (which | Theo de Raadt | |
| avoids DNS lookups entirely, but yes this https is correctly validated) long discussions with otto, florian, and the quad9 crew. | |||
| 2019-11-06 | we have emergency entropy injection code in rc, for if the bootblocks and | Theo de Raadt | |
| other methods failed to inject/churn the rng enough. Move it up far earlier. ok naddy sthen kettenis | |||
| 2019-11-05 | Add a default priority of 5 for user _pbuild, this should help keeping system | solene | |
| responsive during packages compilation, especially on slower machines. feedback welcome from people building ports discussed with deraadt@ | |||
| 2019-10-25 | handle aggr(4) in the same way as trunk(4) | David Gwynne | |
| from brad@ ok bluhm@ claudio@ deraadt@ | |||
| 2019-10-22 | Import regenerated moduli file. | Darren Tucker | |
| 2019-10-20 | regen | Mark Kettenis | |
| 2019-10-20 | Add /dev/pri. | Mark Kettenis | |
| 2019-10-18 | Bump datasize-cur for pbuild on mips64, to make room for modernity. | Visa Hankala | |
| OK deraadt@ | |||
| 2019-10-12 | accidentally stated the MP kernel twice, leading the SHA256/SHA256.sig | Theo de Raadt | |
| file to contain two hashes for bsd.mp, and cause later upgrade problems spotted by afresh1 | |||
| 2019-10-07 | sync arm64 pbuild resource limits with amd64; arm64 now builds some large | Stuart Henderson | |
| things and can easily exceed the previous 1.5GB limit. (obviously, as with amd64, machines with less physical RAM won't cope with building the largest ports). ok deraadt phessler millert kettenis | |||
| 2019-10-07 | update pkg name | Theo de Raadt | |
| 2019-10-07 | correct dates | Theo de Raadt | |
| 2019-10-06 | for now, only mix in sysctl hw.{uuid,serialno,sensors} to /dev/random. | Stuart Henderson | |
| as found the hard way by d.rauschenb@gmail on an old fujitsu siemens machine, reading all of hw (notable hw.setperf) can have unexpected side-effects. ok deraadt | |||
| 2019-10-02 | feed "sysctl hw" into /dev/random; a cheap way to feed in sensor data | Stuart Henderson | |
| as a one-shot at boot without more complex kernel work, and also includes some serial numbers/guids which may add a little more entropy e.g. for systems where /etc/random.seed may be known (e.g. cloned disk images). "why not" deraadt@ | |||
| 2019-09-21 | Increase datasize limit for ports building on arm64 in preparation | Kurt Miller | |
| for enabling devel/jdk/11 there. okay phessler@ | |||
| 2019-09-18 | Correct sysctl section is 2 | solene | |
| ok jmc millert | |||
| 2019-09-18 | Add explanation about the default value of sysctl key | solene | |
| machdep.pwraction ok jmc millert | |||
| 2019-09-15 | Add ttyC4 to lost of devices to change when logging in on ttyC0 (and in | Mark Kettenis | |
| some cases also the serial console) such that X can use it as its VT when running without root privileges. ok jsg@, matthieu@ | |||
| 2019-09-09 | Inform about system call memory write protection and stack mapping | Alexander Bluhm | |
| violations in system accounting. This will help to find missbehaving programs and possible attacks. The flags bit field is full, so recycle the PDP-11 compatibility on VAX. lastcomm(1) prints the AMAP flag as 'M'. daily(8) prints a list of affected processes. OK deraadt@ | |||
| 2019-09-08 | Bump datasize-cur to 4Gb for pbuild class on sparc64, rust is a pig. | Landry Breuil | |
| ok semarie@ | |||
| 2019-09-07 | Remove dependency on basename(1). | Antoine Jacoutot | |
| prodded by deraadt@ ok kn@ deraadt@ tb@ | |||
| 2019-08-25 | space -> tabs | Antoine Jacoutot | |
| ok deraadt@ kn@ | |||
| 2019-08-19 | The piggies have outgrown their pen again: Firefox 69 will no longer | Christian Weisgerber | |
| build in 5 GB of memory. Bump default datasize for pbuild to 6 GB. ok landry@ ajacoutot@ | |||
| 2019-08-19 | add 6.7 syspatch key | Robert Nagy | |
| 2019-08-12 | Add the rpki TAL files to the changelist including arin.tal (which is not | Claudio Jeker | |
| shipeed by default). OK job@ sthen@ deraadt@ | |||
| 2019-08-12 | There is no reason why the TAL files are installed only readable by root | Claudio Jeker | |
| these are public files. Agreed by deraadt@ (and florian@) | |||
| 2019-08-10 | move to 6.6-beta | Theo de Raadt | |
| 2019-08-09 | add 6.7 firmware key | Stuart Henderson | |
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |