src - OpenBSD base system

Age	Commit message (Collapse)	Author
2015-10-18	after kmem is open and setup, pledge "stdio rpath wpath cpath"	Theo de Raadt
	seems to be working. commiting to get feedback from people who crash.
2015-10-18	Collapse some strange programmer style with too much abstraction.	Theo de Raadt

2015-10-18	Use explicit_bzero() when the memory is freed directly afterward.	mmcc
	ok deraadt@
2015-10-17	make usage() less horrible	Florian Obser

2015-10-17	NUMBOOT is dead! Nuke the variables and abstractions that were used	Kenneth R Westerback
	to build boot blocks. ok miod@
2015-10-17	Implement -w maxwait now that the -w flag is free in ping6. Same	Florian Obser
	behaviour as ping(8).
2015-10-17	move -V option before -v and remove one spurious newline, now in sync	Florian Obser
	with ping. No object change.
2015-10-17	Remove left over -N and -w. Adapt wording for the link local example.	Florian Obser
	Pointed out by, input & OK jmc
2015-10-16	Remove RFC 4620 support. The RFC is experimental and this code plain	Florian Obser
	needs killing before the installed user base excedes 6. Minus 745 LOC. This is getting in the way of a merge since it has it's tentacles all over the place. OK jca@, deraadt@
2015-10-16	No longer talk about -b flag, it's gone.	Florian Obser

2015-10-16	Move -t and -w functionality to -a. Both flags are in the way for a	Florian Obser
	merge with ping(8). Let's see if we can shove every weird and special v6 functionality into -a. suggested by and OK sthen@
2015-10-16	Remove -B from EXAMPLES; reminded by jmc@	Miod Vallat

2015-10-15	Remove disklabel -B (NUMBOOT) support. All the platforms which used to need	Miod Vallat
	it are now using MI installboot for that purpose. ok krw@ deraadt@
2015-10-15	Remove some unnecessary NULL-checks before free(). Change two bzero()	mmcc
	calls on pf data to explicit_bzero(). ok mikeb@
2015-10-15	corrects pledge code for fsck_ffs and fsck_ext2fs	Sebastien Marie
	on filesystem error, fsck will try to display username of inode, resulting need of "getpw" for not SMALL version. add a missed (?) -DSMALL in distrib/special/ for fsck_ffs and fsck_ext2fs found by hard way by ajacoutot@ OK millert@
2015-10-15	A classic case for bzero() -> explicit_bzero()	mmcc
	ok deraadt@
2015-10-15	fsck_ffs has a ^T signal handler which opens /dev/tty late. Hoist that	Theo de Raadt
	opening to before the pledge, and cache the fd. looked over by millert
2015-10-14	To specify a source address ping uses -I while ping6 uses -S. Switch	Florian Obser
	ping6 -I to the ping-alike semantics. sthen@ thinks this is OK
2015-10-14	Since the fsck_* programs now only handle one filesystem, this creates	Theo de Raadt
	a point where open() and disklabel reading have completed. After that point, pledge "stdio". As a result, an fsck of a hostile partition (noone ever does that, or do they? :) is done by a program with SUBSTANTIALLY less system call exposure. ok semarie
2015-10-14	unfortunately rewritelabel() just before termination does a non-permitted	Theo de Raadt
	ioctl to rewrite the label, in support of the old-school "frag info in the disklabel" concept. disklabel folk, please come talk to me...
2015-10-14	Only accept one filesystem/device as argument for checking. Few people	Theo de Raadt
	will be calling these directly, and not for the multiple filesystem case. fsck(8) is generally the parent and will handle things. ok semarie; this change will also help a goal jsing has
2015-10-13	Remove -b flag and let ping6 set the socket buffer size automatically	Florian Obser
	like ping. Suggested by deraadt@, OK dlg
2015-10-13	can pledge "stdio" after opening device.	Theo de Raadt

2015-10-13	Pledge "stdio rpath" requests for nologin.	Doug Hogan
	ok deraadt@ "reads ok" semarie@
2015-10-12	deprecate & remove -W option; ok florian	Theo de Raadt

2015-10-12	Annotate an pretty obvious signal race... no time to fix it now.	Theo de Raadt

2015-10-12	tunefs can pledge to only use "stdio", after it has opened the device.	Theo de Raadt
	ok doug
2015-10-12	pledge "stdio" right after opening the device. The remainder is	Theo de Raadt
	is just read, write, fsync, and close. ok doug
2015-10-11	Pledge that ncheck_ffs only uses "stdio" after opening the device.	Doug Hogan
	ok deraadt@
2015-10-11	After the filesystem is opened, pledge "stdio"	Theo de Raadt
	ok doug
2015-10-11	If only displaying the disklabel (the normal thing to do against potentially	Theo de Raadt
	unknown disks...), after opening & reading the disklabel, pledge "stdio" ok doug
2015-10-11	After the disk is opened, this can pledge "stdio".	Theo de Raadt
	ok doug
2015-10-11	Prefer dprintf() over snprintf()+write()	Philip Guenther
	ok beck@ deraadt@
2015-10-10	pflogd contained the same "privsep error" as tcpdump -- assuming that	Theo de Raadt
	it can ioctl()'s against a bpf device node. Privsep that operation via a message to the parent process. Unfortunately "rpath wpath cpath" is still needed due to SIGHUP handling, but I have asked canacar the expert to look into this.
2015-10-09	Change all tame callers to namechange to pledge(2).	Theo de Raadt

2015-10-07	Note permissions for the crc32() code adapted from Hacker's Delight.	Kenneth R Westerback
	Prompted by deraadt@.
2015-10-06	fix flowsrc spec, ok florian, thx ingo!	Sebastian Benoit

2015-10-05	Remove 'landisk' from the comment about NUMBOOT archs. Only one	Kenneth R Westerback
	NUMBOOT arch is left: Vax.
2015-10-05	Remove disklabel -B support on landisk - superseded by MI installboot.	Miod Vallat

2015-10-05	Oops. Missed file in fdisk commit.	Kenneth R Westerback

2015-10-05	Tweak man page to describe newly enhanced '-g' operation.	Kenneth R Westerback

2015-10-05	Enhance '-g' to create a default GPT label in addition to the protective	Kenneth R Westerback
	MBR. If '-b' is specified an EFI System partition of the requested size is created. All remaining space is put into an OpenBSD partition. Minimal enhancement necessary for upcoming UEFI install support. Committed first to flush out any unexpected impacts on 'normal' MBR operation and install media. ok deraadt@
2015-10-04	dmesg has two modes. The normal sysctl mode, and the -M/-N kvm searcher.	Theo de Raadt
	In both cases once the relevant setup is done, it can drop to tame "stdio".
2015-10-04	Repair tame() error check to be == -1	Theo de Raadt

2015-10-03	IPv6 transport for pflow data.	Florian Obser
	Input deraadt@ Bug fix & OK benno@
2015-10-03	If we care about placing core files from SUID programs in a safe place,	Vadim Zhukov
	lets do not suggest to provoke races and use -m option of mkdir(1). ok guenther@, "don't care" deraadt@ :)
2015-10-03	ping6 is a setuid root priv-drop which holds a sockraw. we can tame it	Theo de Raadt
	substantially with "stdio inet", plus "dns" if the -n option is missing. a successful exploit against it then cannot create files, or perform a variety of other operations, as described in the tame(2) man page. ping6 is a bit trickier than ping, because it uses recvmsg() with CMSG types of IPV6_HOPOPTS, IPV6_DSTOPTS, IPV6_RTHDRDSTOPTS, IPV6_RTHDR. there is further work to do in the kernel, with claudio! work with florian a while back, which involved hoisting lots of initization code upwards. ok doug
2015-10-03	ping is a setuid root priv-drop which holds a sockraw. we can tame it	Theo de Raadt
	substantially with "stdio inet", plus "dns" if the -n option is missing. a successful exploit against it then cannot create files, or perform a variety of other operations, as described in the tame(2) man page. work with florian a while back ok doug
2015-10-02	Curve25519 is now specified in draft-ietf-ipsecme-safecurves-00 (along	Reyk Floeter
	with Curve448). And we already support it. Mention it here to update the Id when it was assigned by IANA.
2015-10-02	RFC7634 specifies ChaCha20-Poly1305 for IKEv2 and IPsec and IANA	Reyk Floeter
	assigned an official ID 28 for it. This is good news, and we should really support it as well. Just add the ID for now. Discussed with mikeb@