src - OpenBSD base system

Age	Commit message (Collapse)	Author
2015-10-05	Remove 'landisk' from the comment about NUMBOOT archs. Only one	Kenneth R Westerback
	NUMBOOT arch is left: Vax.
2015-10-05	Remove disklabel -B support on landisk - superseded by MI installboot.	Miod Vallat

2015-10-05	Oops. Missed file in fdisk commit.	Kenneth R Westerback

2015-10-05	Tweak man page to describe newly enhanced '-g' operation.	Kenneth R Westerback

2015-10-05	Enhance '-g' to create a default GPT label in addition to the protective	Kenneth R Westerback
	MBR. If '-b' is specified an EFI System partition of the requested size is created. All remaining space is put into an OpenBSD partition. Minimal enhancement necessary for upcoming UEFI install support. Committed first to flush out any unexpected impacts on 'normal' MBR operation and install media. ok deraadt@
2015-10-04	dmesg has two modes. The normal sysctl mode, and the -M/-N kvm searcher.	Theo de Raadt
	In both cases once the relevant setup is done, it can drop to tame "stdio".
2015-10-04	Repair tame() error check to be == -1	Theo de Raadt

2015-10-03	IPv6 transport for pflow data.	Florian Obser
	Input deraadt@ Bug fix & OK benno@
2015-10-03	If we care about placing core files from SUID programs in a safe place,	Vadim Zhukov
	lets do not suggest to provoke races and use -m option of mkdir(1). ok guenther@, "don't care" deraadt@ :)
2015-10-03	ping6 is a setuid root priv-drop which holds a sockraw. we can tame it	Theo de Raadt
	substantially with "stdio inet", plus "dns" if the -n option is missing. a successful exploit against it then cannot create files, or perform a variety of other operations, as described in the tame(2) man page. ping6 is a bit trickier than ping, because it uses recvmsg() with CMSG types of IPV6_HOPOPTS, IPV6_DSTOPTS, IPV6_RTHDRDSTOPTS, IPV6_RTHDR. there is further work to do in the kernel, with claudio! work with florian a while back, which involved hoisting lots of initization code upwards. ok doug
2015-10-03	ping is a setuid root priv-drop which holds a sockraw. we can tame it	Theo de Raadt
	substantially with "stdio inet", plus "dns" if the -n option is missing. a successful exploit against it then cannot create files, or perform a variety of other operations, as described in the tame(2) man page. work with florian a while back ok doug
2015-10-02	Curve25519 is now specified in draft-ietf-ipsecme-safecurves-00 (along	Reyk Floeter
	with Curve448). And we already support it. Mention it here to update the Id when it was assigned by IANA.
2015-10-02	RFC7634 specifies ChaCha20-Poly1305 for IKEv2 and IPsec and IANA	Reyk Floeter
	assigned an official ID 28 for it. This is good news, and we should really support it as well. Just add the ID for now. Discussed with mikeb@
2015-10-02	Remove MD5 from the default proposals. At least SHA1 seems to be the	Reyk Floeter
	minimum out there. Even El Capitan announces 3DES and SHA1 instead of MD5. OK mikeb@
2015-10-02	If the policy certreqtype is 0, use the global one instead.	Reyk Floeter
	This fixes EAP (user-based auth) with IKEv2 in El Capitan. OK mikeb@
2015-10-02	Make 'pfctl -s all' show queues. pfctl(8) says it does, and 5.4	Kenneth R Westerback
	pfctl(8) did for the old queues. ok sashan@ sthen@
2015-10-02	oh no, a KERBEROS lefover; from Ilya Kaliman	Theo de Raadt

2015-10-01	Don't reject an "empty" CERTREQ (one with no CA hashes), instead treat it as	Stuart Henderson
	if no CERTREQ were received. In conjunction with the previous iOS9 interop fix, this may fix an interop problem seen by Denis Lapshin with BlackBerry OS 10.3.1 and one of a number with firebrick.co.uk's IKEv2 implementation diagnosed by their developer Cliff Hones. ok reyk@
2015-10-01	Fix interoperability with Apple iOS9: If we don't get a (valid)	Reyk Floeter
	CERTREQ but a CERT, respond with a local CERT that was selected based on our own policy instead of leaving it out. This seems to be valid with the RFC that makes the CERTREQ optional and allows to ignore it or to apply an own policy. OK mikeb@ sthen@
2015-09-30	remove old self-kill() in the signal handler. must predate the	Theo de Raadt
	signal handler audit. found while adapting ping6 to tame. ok kettenis
2015-09-29	Delete the final, inscrutable NOSTRICT and VARARGS lint comments	Philip Guenther
	ok millert@
2015-09-27	Mark ask() as printf-like; split up a pwarn() with variable number of specifiers	Philip Guenther
	ok beck@ millert@
2015-09-27	lint is dead: delete the trivial uses of /* VARARGS[0-9]+ */	Philip Guenther
	(others require more care)
2015-09-25	there's no need to keep init secret these days, and the (unused)	Ted Unangst
	immutable flags would just be a pita. remove custom bin mode.
2015-09-25	drop useless .Xo and .Bk, and shorten by avoiding some .Sm	Ingo Schwarze

2015-09-24	Remove hppa/hppa64 from comment about NUMBOOT > 0 architectures.	Kenneth R Westerback

2015-09-24	Expunge VAX SMD special handling that tried to fill up the last	Kenneth R Westerback
	cylinder of the disk with extra copies of the boot blocks and disklabel. There are no plans to ever support the native SMD controllers that would find this useful. ok miod@
2015-09-24	hppa/hppa64 use installboot(8) now, not -B/-b.	Kenneth R Westerback
	Only vax and landisk left using -B/-b. ok jsing@ miod@
2015-09-16	Some cleanup from dhill AT mindcry.org, thanks!	Florian Obser
	- remove unused defines - use socklen_t for getnameinfo no object change
2015-09-15	update spacing in usage(); reminded by jmc@	Ingo Schwarze

2015-09-15	fix markup of the -t argument	Ingo Schwarze

2015-09-12	obvious macros fixes:	Ingo Schwarze
	* use .Cm for fixed argument strings * properly use .Ar on individual arguments * drop redundant .Bk
2015-09-12	typo that breaks the build	Christian Weisgerber

2015-09-12	Avoid out of boundary access on invalid or short packet reads.	Tobias Stoeckmann
	ok florian@
2015-09-11	Remove RTF_XRESOLVE support.	Martin Pieuchot

2015-09-11	In `ifconfig media` output, stop advertising media with fixed data	Stefan Sperling
	rates on wireless interfaces. They are not needed by mere mortals. ok phessler miod kettenis deraadt mpi
2015-09-11	Fix ifconfig for ifmedia64.	Stefan Sperling

2015-09-10	use .In rather than .Fd #include	Ingo Schwarze

2015-09-10	avoid divide by zero; from Michael McConville	Theo de Raadt

2015-09-10	reduce .Nd to one line and kill .Tn while here	Ingo Schwarze

2015-09-09	In the flag command description, mention that a bootable partition	Theo de Raadt
	is marked with '*' due to comments from sthen and kettenis
2015-09-09	remove 3 paragraphs of useless information at the start, and replace	Theo de Raadt
	with the simple facts a user needs. ok kettenis krw
2015-09-09	Cleanup the iov handling in ping6. Use the global iov instead of a local	Claudio Jeker
	version which is then added to a global struct msghdr. Issue found by Michael McConville. OK florian@ tobias@
2015-09-09	No need to check !xxboot inside a 'if (!xxboot) ...' block.	Kenneth R Westerback
	ok otto@ deraadt@
2015-09-08	Correct strsep() usage to free() correct string. Spotted by and	Kenneth R Westerback
	original diff from Michael McConville via tech@. Thanks! ok millert@ beck@ guenther@ jca@
2015-09-08	Avoid a SIGSEGV with FGJ malloc.conf flags when a template is used.	Todd C. Miller
	Found by jsg@. OK jsg@ deraadt@
2015-09-06	correct a mistake in my previous commit;	Jason McIntyre

2015-09-05	snprintf+write --> dprintf	Philip Guenther
	ok deraadt@
2015-09-05	Some whitespace bulking out a diff unnecessarily.	Kenneth R Westerback

2015-09-04	shuffle -b into place; while there, do some general tidy up	Jason McIntyre
	of SYNOPSIS and usage();