| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2020-01-28 | sort | Christian Weisgerber | |
| 2020-01-26 | try disconnecting old world boot.mac bootloader for a bit | Ted Unangst | |
| 2020-01-25 | sync rc.d/sshd with sshd proctitle change - listener has been modified to | Stuart Henderson | |
| keep command-line arguments again; ok aja@ djm@ | |||
| 2020-01-24 | regen | Martin Pieuchot | |
| 2020-01-24 | Use major 32 for dt(4). | Martin Pieuchot | |
| ok visa@, kettenis@, deraadt@ | |||
| 2020-01-24 | retire rebound etc bits to the attic | Ted Unangst | |
| 2020-01-24 | revert previous; guenther noted that the csh(1) part belongs in dot.login | Okan Demirmen | |
| because each invocation will grow the path, but that exposed an interaction with loginShell:true in our dot.Xdefaults... | |||
| 2020-01-23 | Extend PATH from login(1)/setusercontext(3) instead of overriding. | Okan Demirmen | |
| OK millert@ | |||
| 2020-01-23 | regen after adding pppac | David Gwynne | |
| 2020-01-23 | wire up pppac(4). | David Gwynne | |
| with help from claudio@ | |||
| 2020-01-22 | update pexp in rc.d/sshd to match the new setproctitle ('sshd: [listener] | Stuart Henderson | |
| 1 of 10-100 startups'). "makes sense" deraadt@ Beware if you have multiple sshd processes (e.g. on different ports) and want to restart/stop just one - with the current proctitle there's no way to distinguish between these so rc.d/rcctl will match all of them. | |||
| 2020-01-21 | regen | Martin Pieuchot | |
| 2020-01-21 | Add /dev/dt | Martin Pieuchot | |
| 2020-01-15 | 6.4 keys not needed anymore | Theo de Raadt | |
| 2020-01-15 | Do not redirect already quiet stdout for IPv6 reject routes | kn | |
| "route -q" already silences all standard output; if it still prints something, that's a bug to fix in route. OK bluhm | |||
| 2019-12-30 | don't suppress error output from running updatelocatedb | Marc Espie | |
| check that the resulting db works instead of some more specific test okay schwarze@ | |||
| 2019-12-22 | regen | Mark Kettenis | |
| 2019-12-22 | Wire up ipmi(4). | Mark Kettenis | |
| ok deraadt@ | |||
| 2019-12-21 | a few depend:-related thingies that were still in. | Marc Espie | |
| okay millert@, tb@ | |||
| 2019-12-17 | sync | Reyk Floeter | |
| 2019-12-17 | Fix fido(4) documentation link (no functional change) | Reyk Floeter | |
| 2019-12-17 | Add fido(4), a HID driver for FIDO/U2F security keys | Reyk Floeter | |
| While FIDO/U2F keys were already supported by the generic uhid(4) driver, this driver adds the first step to tighten the security of FIDO/U2F access. Specifically, users don't need read/write access to all USB/HID devices anymore and the driver also improves integration with pledge(2) and unveil(2): It is pledge-friendly because it doesn't require any ioctls to discover the device and unveil-friendly because it uses a single /dev/fido/* directory for its device nodes. It also allows to support FIDO/U2F in firefox without further weakening the "sandbox" of the browser. Firefox does not have a proper privsep design and many operations, such as U2F access, are handled directly by the main process. This means that the browser's "fat" main process needs direct read/write access to all USB HID devices, at least on other operating systems. With fido(4) we can support security keys in Firefox under OpenBSD without such a compromise. With this change, libfido2 stops using the ioctl to query the device vendor/product and just assumes "OpenBSD" "fido(4)" instead. The ioctl is still supported but there was no benefit in obtaining the vendor product or name; it also allows to use libfido2 under pledge. With feedback from deraadt@ and many others OK kettenis@ djm@ and jmc@ for the manpage bits | |||
| 2019-12-14 | Fix comment: vmctl command options come before arguments | kn | |
| 2019-12-14 | sync | Theo de Raadt | |
| 2019-12-14 | usb devices nodes have been excesively permissive. | Theo de Raadt | |
| repair that. | |||
| 2019-12-13 | sync | Theo de Raadt | |
| 2019-12-13 | gpr(4) goes away | Theo de Raadt | |
| 2019-12-04 | Insert missing && | job | |
| OK claudio@ | |||
| 2019-12-04 | Attempt to smear out stampedes on the RPKI rsync servers | job | |
| OK claudio@ benno@ | |||
| 2019-12-02 | sync names | Theo de Raadt | |
| 2019-12-01 | grow i386 cd ramdisk a little bit | Theo de Raadt | |
| 2019-11-30 | Tweak rpki-client to create all 4 output file formats from a single | Theo de Raadt | |
| compute, based upon flags. OpenBGPD compatible format by default if no options, to integrate with bgpd.conf and bgpctl reload. Adapt mtree and stuff. This will receive further refactoring... ok benno job | |||
| 2019-11-29 | Uncomment a single line in root's crontab to run rpki-client and reload | Theo de Raadt | |
| bpgd configuration, which enables Enterprise-Ready Industry-Leading-by-Example RPKI ROA filtering on your OpenBGP edge. Arguments remain about how often to run this operation, for now we propose 9AM when people who can fix their shit are in the office. ok claudio benno | |||
| 2019-11-29 | Import /var/db/rpki-client/roa and filter | Theo de Raadt | |
| discussed at length with claudio and benno | |||
| 2019-11-29 | add /var/cache/rpki-client, ok deraadt@ | Sebastian Benoit | |
| 2019-11-29 | create a var/db/rpki-client/roa file with correct ownership so that | Theo de Raadt | |
| rpki-client(8) can deal with it (some upcoming changes...) | |||
| 2019-11-29 | create var/db/rpki-client directory with correct mode | Theo de Raadt | |
| 2019-11-27 | Nuke http captive portal detection; something better is coming. | Florian Obser | |
| OK otto | |||
| 2019-11-26 | make implicit "listen on socket" explicit, the default config no longer has | Gilles Chehade | |
| any implicit behavior ok eric@, kn@ | |||
| 2019-11-25 | use explicit from notation in default config | Gilles Chehade | |
| ok eric@ | |||
| 2019-11-22 | sndiod(8) reopens audio interfaces on SIGHUP, which makes a lot of sense | Claudio Jeker | |
| when -F is used. Because of this allow rc.d script to reload sndiod. OK kn ratchov aja | |||
| 2019-11-15 | fix the spelling of rpki, as noted by jmc@ | Sebastian Benoit | |
| 2019-11-15 | grow an install media | Theo de Raadt | |
| 2019-11-14 | uid/gid 70 is _rpki-client for privdrop; ok benno | Theo de Raadt | |
| 2019-11-11 | change the nmea sensor to "trusted" | Theo de Raadt | |
| 2019-11-11 | move /usr and var remounting (nfs diskless case...) earlier, so that | Theo de Raadt | |
| unwind can be started (silently) before pf is configured (for those few weirdos who use hostnames in pf.conf...). Other unidentified concerns may be improved by this startup re-ordering, so let's give it a try. discussed with florian. | |||
| 2019-11-11 | update ntpd example configuration | Theo de Raadt | |
| 2019-11-10 | use $(<file) instead of $(cat file) since this script uses ksh; ok ajacoutot@ | Christian Weisgerber | |
| 2019-11-07 | Reenable "val-log-level: 2", so that when sites have misconfigured | Stuart Henderson | |
| dnssec the sysadmin has some idea what's going on in logs, and "aggressive-nsec: yes", if we're using dnssec anyway we might as well get the benefits. These were both enabled last time dnssec was enabled in this sample unbound.conf. ok florian@ | |||
| 2019-11-07 | Enable DNSSEC validation in unbound by default | job | |
| OK deraadt@ otto@ | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |