src - OpenBSD base system

Age	Commit message (Collapse)	Author
2020-06-30	Remove -f (force) option.	job
	The -f option existed for some initial debugging work. Thanks Weerd for review OK claudio@
2020-06-24	Stop using rsync --delete when syncing up with the CA repos. Instead	Claudio Jeker
	use the files referenced in the manifests to build up a list of files to keep and remove anything that is not in the list after doing the full computation. OK job@ benno@
2020-05-18	Properly wait for exiting rsync processes. Since SIGCHILD is blocked	Claudio Jeker
	outside of ppoll() it is possible that multiple processes exited before waitpid is called. Because of this all childs need to be picked up and not only one. Fixes a hang seen more often now since there is a lot more repositories to sync. OK deraadt@ who came up with a very similar fix also OK job@ benno@
2020-05-14	be little bit more verbose what went wrong in mkostemp	job

2020-05-14	rpki-client no longer passes -l to rsync since it does not make sense to	Claudio Jeker
	preserve symbolic links in the repositories. From Robert Scheck < robert at fedoraproject.org >
2020-05-06	rpki-client is only interested in real files. Don't tell rsync to	Claudio Jeker
	preserve symbolic links. Instead just ignore them. OK benno@ deraadt@
2020-05-03	Use strftime() rather than ctime() to generate timestamps nicer.	Theo de Raadt
	ok job, input claudio benno
2020-05-03	Make it clear the date is in UTC.	Theo de Raadt
	ok job
2020-04-30	Reword verbose log messages to clarify what's happening	job
	OK deraadt@
2020-04-30	Place elapsed, user, and system time for processing in the comment headers.	Theo de Raadt
	ok job benno claudio
2020-04-29	json should have headers in same order	Theo de Raadt

2020-04-28	re-organize statistics printing code, to make it less verbose and	Theo de Raadt
	more readable.
2020-04-28	a blank line in the header is prettier	Theo de Raadt

2020-04-28	Print statistics as comments at the top of the files which can take	Theo de Raadt
	comments. ok claudio job
2020-04-23	Always initialize cachedir and outputdir.	Sebastian Benoit
	ok job@
2020-04-21	tweak previous;	Jason McIntyre

2020-04-20	Document the suggested interval in man page	job

2020-04-20	Strip the 'in bgpd' in the title of the rpki-client man page.	Claudio Jeker
	rpki-client is not only for bgpd (especially in the portable version). From Robert Scheck. OK job@ benno@
2020-04-18	use correct path for the default cache dir in rpki-client(8). ok claudio@	Stuart Henderson

2020-04-18	improve whitespaces in usage	Theo de Raadt

2020-04-16	remove the libcrypto cleanup before exit. Most of the functions are	Claudio Jeker
	officially deprecated and even if not exit(3) will take care of freeing all that memory anyway. Non of the functions do any cleanup beyond simple memory deallocation. OK benno@ deraadt@
2020-04-16	It is unclear why data is memcpy-ed into a char buf[2] that is used as	Claudio Jeker
	argument to ntohs(). Just memcpy to a uint16_t value and ntohs this value. Fixes possible alignment issues as reported by newer gcc compilers. OK beck@
2020-04-16	Revert last commit, this file slipped in.	Claudio Jeker

2020-04-16	Replace deprecated ERR_remove_state(0) with ERR_remove_thread_state(NULL);	Claudio Jeker
	OK tb@
2020-04-11	Avoid using libc SHA256File(), just perform the operation inline to	Theo de Raadt
	make things easier for -portable ok claudio
2020-04-11	To help -portable, use a strrchr instead of basename, since we know what	Theo de Raadt
	kinds of paths are coming in here. ok benno claudio
2020-04-11	remove a __unused attribute, it's obvious and complicates things.	Sebastian Benoit
	ok claudio@
2020-04-02	Use fopen() and BIO_new_fd() instead of BIO_new_file so that a possible	Claudio Jeker
	open error can be better logged to the operator. The cryptowarnx function logs warnings is a less optimal way (mainly because of OpenSSL error stacks). OK benno@ deraadt@
2020-04-01	Split the mft file and hash check from the mft parsing. This makes it easier	Claudio Jeker
	to check all files in a mft before failing and also the check is now done after the embedded cert was checked. This refactor was triggered because of a bug in mft_parse_econtent(). check_validity() altered rc but later failure code assumed that goto out is good enough to return an error (rc == -1) but since rc was 1 success was returned. This bug is now also fixed. Bug report and OK job@
2020-04-01	Better warning message. Show the filename of the CRL instead of the constant	Claudio Jeker
	function name. Also AKI (authority key identifier) should be capitalized and use duplicated instead of dup. There was a case where this error got hit so better make it pretty.
2020-03-30	Delay failure in mft parsing until all elements of FileAndHash have been	Claudio Jeker
	checked. This way all corrupted or missing files should show up in a single run. This should help operators to get a better idea what and how much is broken. OK benno@
2020-03-30	Check the hash and with it the presence of a file referenced in a MFT early	Claudio Jeker
	on. In case the file hash does not match or the file does not exist the full MFT is considered invalid and dropped. With this partial ROA updates based on a corrupt data set will produce less likely inconsistencies in the VRP output. With and OK job@
2020-03-27	Use the correct math to calculate how many bytes are needed for b64_pton().	Claudio Jeker
	The size is first rounded up in case where the input string length is not a multiple of 4. Reported by kristaps@
2020-03-10	Narrow the visibility of some functions and variables local to output.c	Jeremie Courreges-Anglas
	Also make the outputs table const. Based on a suggestion from claudio@, ok deraadt@ claudio@
2020-03-09	Ensure that we properly flush, close and rename temporary output files	Jeremie Courreges-Anglas
	Makes sure we don't feed an incomplete/garbage file to consumers. Input and ok claudio@ deraadt@
2020-03-09	logx->warn, we want to know why operations on output files failed	Jeremie Courreges-Anglas
	ok claudio@ deraadt@
2020-03-06	Sync manpage to new default value	job
	Thanks jca@
2020-03-06	Change default table name for BIRD to something that is more easily ↵	job
	identifable as user provided
2020-03-06	generate 3 different outputs for BIRD:	Sebastian Benoit
	- bird v1 with IPv4 routes - bird v1 with IPv6 routes - bird v2 when using command line option -B. BIRD v2 output from Robert Scheck, robert AT fedoraproject DOT org time_t cast hint from jca@, and tested by job@ ok deraadt@ claudio@
2020-02-26	ugly spaces offended me	Theo de Raadt

2020-02-24	Fix typo	job
	Thanks Robert Scheck & Kristaps Dzonsons
2020-02-11	Simplify and unify wording for the -I sourceaddr option in various places.	Theo de Raadt
	This is somewhat related to the "-b bind_addr" option some programs have, which should get some cleanup also... input florian claudio jmc
2019-12-19	wider list width to adjust for previous;	Jason McIntyre

2019-12-19	Fix output loop to not stop when the first unused output format is	Claudio Jeker
	encountered. Fixes rpki-client -j which did not produce any output before. Found by and OK job@
2019-12-19	Align man file with reality	job

2019-12-16	When rsync exits non zero because of network issues or because the	Claudio Jeker
	provided URI is bogous, rpki-client should try to work with the cache it has and not exit with an error. This should help when URI to localhost are published which happened at least 2 times already. Agreed by deraadt@ and benno@
2019-12-12	correct output option list, from Alarig Le Lay	Theo de Raadt

2019-12-06	add -d to usage();	Jason McIntyre

2019-12-06	Don't hardcode the cache directory for rpki-client. If started as root	Claudio Jeker
	rpki-client will use the defaults for cache and output directory. If not started as root users need to provide both directories as arguments. While there switch from absolute path names to relative ones. For this the parser and rsync process do a chdir(2) to the cache directory on startup. OK benno@
2019-12-05	No need to unveil(NULL, NULL) right before pledge "stdio rpath".	Theo Buehler
	From George Brown. ok benno