| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2015-02-12 | Allow constraints URL without leading path (eg. "https://www.openbsd.org"). | Reyk Floeter | |
| Fixes segfault on configuration load time, as reported by Donovan Watteau. | |||
| 2015-02-12 | add missing .Pa macros; patch from Theo Buehler <theo at math dot ethz dot ch> | Ingo Schwarze | |
| 2015-02-12 | Rename escape_uri() to url_encode() because it is the opposite of | Reyk Floeter | |
| url_decode(). No functional change. | |||
| 2015-02-12 | Allow TLS protocols to be specified via a "tls protocols" configuration | Joel Sing | |
| option. ok reyk@ | |||
| 2015-02-12 | Change TLS_PROTOCOLS_DEFAULT to be TLSv1.2 only. Add a TLS_PROTOCOLS_ALL | Joel Sing | |
| that includes all currently supported protocols (TLSv1.0, TLSv1.1 and TLSv1.2). Change all users of libtls to use TLS_PROTOCOLS_ALL so that they maintain existing behaviour. Discussed with tedu@ and reyk@. | |||
| 2015-02-12 | Use ntpd's deferred DNS resolving for constraints as well. This | Reyk Floeter | |
| allows to get constraint addresses even if network/DNS is not available at startup (or system boot). thumbs up & OK henning@ | |||
| 2015-02-12 | ber_printf_elements should return NULL if any of its parts fail. | Martin Pelikan | |
| Leave the error handling up to its callers. ok reyk | |||
| 2015-02-11 | show if we are using a transport security mechanism other than "none" | Peter Hessler | |
| OK claudio@ | |||
| 2015-02-11 | More http status codes. | Florian Obser | |
| OK benno@, reyk@ | |||
| 2015-02-11 | Replace base 10 strtol with strtonum. | Florian Obser | |
| OK krw@, tedu@, deraadt@ | |||
| 2015-02-11 | Use sizeof(u_short) in the first check since there are RT messages that | Claudio Jeker | |
| are less then sizeof(*rtm) bytes long (e.g. interface announcements). Found the hard way by phessler@ | |||
| 2015-02-11 | Use sizeof(u_short) in the first check since there are RT messages that | Claudio Jeker | |
| are less then sizeof(*rtm) bytes long (e.g. interface announcements). Found the hard way by phessler@ | |||
| 2015-02-11 | initialize a variable in case "goto done" makes us compare it | Martin Pelikan | |
| found by clang, ok henning | |||
| 2015-02-11 | Remove dead code (IMSG_HOST_DNS has been moved from the parent to | Reyk Floeter | |
| ntp_dns some years ago). OK henning@ | |||
| 2015-02-11 | YPPROC_XFR will trigger a crash, even if using it doesn't make sense. | Martin Pelikan | |
| ok deraadt miod | |||
| 2015-02-11 | use reallocarray; ok doug | Theo de Raadt | |
| 2015-02-11 | Merge in a commit from upstream.. | Brad Smith | |
| - Fix scrubber with harden-glue turned off to reject NS (and other not-address) records. ok sthen@ | |||
| 2015-02-10 | Be less chatty on constraint errors. | Reyk Floeter | |
| OK deraadt@ | |||
| 2012-03-26 | Import Unbound 1.4.16 to work on in-tree (not yet linked to the build). | Stuart Henderson | |
| These are the direct sources from NLnet Labs upstream, minus these: compat contrib libunbound/python pythonmod testcode testdata winrc ok deraadt@ jakob@ | |||
| 2015-02-10 | Keep track of the last time we scanned the leases to find expired | Kenneth R Westerback | |
| ones that needed to be booted out of the pf table process. This avoids removing the same addess over and over. Problem report and original diff from Bertrand Provost. | |||
| 2015-02-10 | pounce on a reallocarray opportunity before tedu | Theo de Raadt | |
| 2015-02-10 | Merge in a commit from upstream.. | Brad Smith | |
| - Fix validation failure in case upstream forwarder (ISC BIND) does not have the same trust anchors and decides to insert unsigned NS record in authority section. ok sthen@ | |||
| 2015-02-10 | Merge in a commit from upstream.. | Brad Smith | |
| - Fix tcp waiting list for zone transfers where the bind and connect calls fail. ok sthen@ | |||
| 2015-02-10 | tweak previous; | Jason McIntyre | |
| 2015-02-10 | Oops, I accidently reverted the two previous commits in syslog.conf.5. | Alexander Bluhm | |
| Bring back revision 1.29. | |||
| 2015-02-10 | Make error check consistent in all recvfrom(2) callbacks. | Alexander Bluhm | |
| OK henning@ | |||
| 2015-02-10 | Fix typo in previous commit. | Alexander Bluhm | |
| 2012-03-26 | Import Unbound 1.4.16 to work on in-tree (not yet linked to the build). | Stuart Henderson | |
| These are the direct sources from NLnet Labs upstream, minus these: compat contrib libunbound/python pythonmod testcode testdata winrc ok deraadt@ jakob@ | |||
| 2015-02-10 | Document that RFC 5905 (ie. NTP protocol) has a limit which will be | Theo de Raadt | |
| hit before Y2038. | |||
| 2015-02-10 | spacing | Reyk Floeter | |
| 2015-02-10 | After successfully getting a constraint from an HTTPS server, there is | Reyk Floeter | |
| no need to request it ever again. The only exception is the escalation of failed constraint checks that might lead into re-requesting the constraint time from all servers. Adjust the states accordingly. OK henning@ | |||
| 2015-02-10 | Don't show the subseconds when displaying the constraint offset. | Reyk Floeter | |
| OK henning@ deraadt@ | |||
| 2015-02-10 | Fix -d output of smaller than 64 bit values on big-endian systems. | Miod Vallat | |
| ok mpi@ tedu@ | |||
| 2015-02-10 | Remove a lie that "snmpd does not fully work yet". It works like a charm. | Reyk Floeter | |
| 2015-02-10 | Specifying the port is non-optional for (non-TLS) syslog over TCP, ok bluhm@ | Stuart Henderson | |
| 2015-02-10 | redo the tolower/string conversion, but retain itsabbr which is strangely | Ted Unangst | |
| not quite the same as strncasecmp | |||
| 2015-02-10 | More SOCK_NONBLOCK adjustments similar to the other daemons. | Claudio Jeker | |
| 2015-02-10 | Forgot the EAGAIN or EINTR check on read. | Claudio Jeker | |
| 2015-02-10 | Sync kroute code with bgpd/ospfd code regarding EAGAIN and short reads | Claudio Jeker | |
| 2015-02-10 | Sync kroute code with what we do in ospfd/bgpd (EAGAIN handling). | Claudio Jeker | |
| 2015-02-10 | Encode directory listings. | Florian Obser | |
| Problem pointed out by remco AT d-compu.dyndns.org some time ago. Input / OK reyk@ | |||
| 2015-02-10 | Move the constraints in a new section and add a preamble to explain | Reyk Floeter | |
| the functionality. Requested by henning@ OK beck@ deraadt@ | |||
| 2015-02-10 | Add support for "constraints": when configured, ntpd(8) will query the | Reyk Floeter | |
| time from HTTPS servers, by parsing the Date: header, and use the median constraint time as a boundary to verify NTP responses. This adds some level of authentication and protection against MITM attacks while preserving the accuracy of the NTP protocol; without relying on authentication options for NTP that are basically unavailable at present. This is an initial implementation and the semantics will be improved once it is in the tree. Discussed with deraadt@ and henning@ OK henning@ | |||
| 2015-02-10 | be more verbose when logging privsep errors. | Brent Cook | |
| ok phessler@ deraadt@ | |||
| 2015-02-10 | use correct formatters for s/size_t data types. | Brent Cook | |
| ok deraadt@ | |||
| 2015-02-10 | revert rev 1.12 (tolower conversion). didn't get it quite right. | Ted Unangst | |
| 2015-02-10 | move scheck.c into zic.c | Ted Unangst | |
| 2015-02-10 | Same session_socket_blockmode() changes as done to ospfd. Also do the same | Claudio Jeker | |
| kroute change (make socket non-blocking and add trigger for partial reads). | |||
| 2015-02-10 | Convert ospfd over to SOCK_CLOEXEC | SOCK_NONBLOCK and make the route | Claudio Jeker | |
| socket non-blocking. Introduce the same trigger for partial rt msgs. | |||
| 2015-02-10 | Make also the special sockets SOCK_NONBLOCK. For the routing socket add | Claudio Jeker | |
| a trigger for the case that not a full message has been read. Should not be possible but lets see if this triggers somewhen. With and OK henning@ | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |