| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2015-10-29 | Also need exec to run the editor of course. | Todd C. Miller | |
| 2015-10-29 | crontab needs "proc" for fork(2) | Todd C. Miller | |
| 2015-10-29 | Use stravis(3) instead of a homegrown vis-like function. | Todd C. Miller | |
| OK nicm@ | |||
| 2015-10-29 | remove unused variables | Todd C. Miller | |
| 2015-10-29 | Convert env_get() into env_find() similar to __findenv() in libc. | Todd C. Miller | |
| Use env_find() in both env_get() and env_set() to find a var in envp. Remove now-unused strcmp_until() function. | |||
| 2015-10-29 | Remove useless FACILITY define and use LOG_CRON directly. | Todd C. Miller | |
| Remove unneeded limits.h include. | |||
| 2015-10-29 | put timeout nullification in correct spot | Ted Unangst | |
| 2015-10-29 | be a little more precise about checking filters | Ted Unangst | |
| 2015-10-29 | refold a few lines | Ted Unangst | |
| 2015-10-29 | collect some cool stats and print them out with SIGUSR1 | Ted Unangst | |
| 2015-10-29 | Implement smtpctl discover <evpid|msgid>. | Sunil Nimmagadda | |
| discover subcommand schedules envelopes manually moved to the queue. It triggers a queue walk searching for envelopes with the given id, schedules them and informs the user number of envelopes scheduled. Admins no longer would need to restart the daemon to discover manually moved messages. Ok gilles@ | |||
| 2015-10-29 | rdate is a classic "run as root, talk to internet for a while doing | Theo de Raadt | |
| crazy packet parsing, then do something requiring privilege at the end" program. Simplistic pledge would be "stdio rpath wpath inet dns settime", which is not very useful. Imagine if it was exploited? It could still change your time backwards or write to your passwd file - game over. However the pledge "categorization" is educational, and quickly leads to a priv-sep solution of sorts. Create a pipe and fork. child pledges "stdio inet dns", and talks the time protocols, then writes error message + timeinfo to the pipe. parent pledges "stdio rpath wpath settime" and reads error message/timeinfo from pipe. If error message, spit it out. Otherwise handle the time, then pledge "stdio rpath", and finally report how the time was adjusted. A bit more complicated. Now observe that the pledges help test if it is right... (Now that privsep processing is in place, the child could be modified to chroot + change to a different uid... problem is: which uid..) ok millert | |||
| 2015-10-29 | Almost assuredly no longer needs pledge "route" | Theo de Raadt | |
| 2015-10-28 | impose some limit on the cache size as well. | Ted Unangst | |
| 2015-10-28 | if accept() fails due to fd exhaustion, stop accepting for one second. | Ted Unangst | |
| should only happen for ENFILE, but check for EMFILE too. | |||
| 2015-10-28 | Backout the backout of installboot softraid non-gpt case fix. | Stefan Sperling | |
| krw and I crossed streams | |||
| 2015-10-28 | bug in the request tree code: requests were being added to the tree before | Ted Unangst | |
| the socket (the key) was being set. move the enqueue code later, and fix freerequest to only dequeue if socket is set. | |||
| 2015-10-28 | twiddle with rlimit to give us a few more files. use rlimit as a hint as | Ted Unangst | |
| to how many requests to allow open at once. start closing old ones as we approach the limit, which means we track the number of outstanding requests (and count tcp as two). also rename tcp "phase" to tcp, and use it as a more direct indicator. | |||
| 2015-10-28 | pledge | Theo de Raadt | |
| ok millert | |||
| 2015-10-28 | Revert GPT change. Breaks non-GPT install/upgrade. | Kenneth R Westerback | |
| Found the hard way by reyk@ | |||
| 2015-10-28 | add pledge to main process, though it needs a few more options | Ted Unangst | |
| 2015-10-28 | use an rb tree for the cache too. modelled after the reqtree. | Ted Unangst | |
| 2015-10-28 | In sr_install_bootblk for i386, don't clobber 'part' in non-GPT case. | Stefan Sperling | |
| Found the hard way by reyk@. stupid mistake stsp@ ok reyk@ | |||
| 2015-10-28 | use an rb tree for finding requests. from Dimitris Papastamos | Ted Unangst | |
| 2015-10-28 | Remove a few more NULL-checks before free. | mmcc | |
| 2015-10-28 | While I'm in here, drop a NULL-check before free. | mmcc | |
| 2015-10-28 | masquerade and senders map require being able to lookup mailaddr structures | Gilles Chehade | |
| in tables, prepare for such features by bringing the helpers + smtpd.h part ok millert@ | |||
| 2015-10-28 | Remove support for lpd.pid file. OK deraadt@ | Todd C. Miller | |
| 2015-10-28 | pcap_stat fields are unsigned, print them as such | Jeremie Courreges-Anglas | |
| Patch from Kevin Reay. | |||
| 2015-10-28 | By hoisting sysctl hw.cpuspeed towards the top, it is possible to | Theo de Raadt | |
| pledge "stdio rpath wpath cpath unix". I wonder what we can do in apmd... | |||
| 2015-10-28 | Remove linkmtu and maxmtu from struct nd_ifinfo. IN6_LINKMTU can now | Florian Obser | |
| die and ifp->if_mtu is the one true mtu. Suggested by and OK mpi@ | |||
| 2015-10-28 | pid removal; from jan stary | Jason McIntyre | |
| 2015-10-28 | various macro fixes; | Jason McIntyre | |
| 2015-10-28 | remove old check on username length that simply makes no sense nowadays | Gilles Chehade | |
| ok millert@ sunil@ | |||
| 2015-10-28 | dns_lookup_host() needs to remove brackets and IPv6: prefix when receiving | Gilles Chehade | |
| a text representation otherwise getaddrinfo_async() will choke ok eric@ | |||
| 2015-10-28 | aliases support resolving to maildir:/path | Gilles Chehade | |
| ok sunil@ millert@ | |||
| 2015-10-28 | Remove dead code. | Sunil Nimmagadda | |
| Ok jung@ gilles@ | |||
| 2015-10-27 | add a rcpt-to parameter to be able to use the original (probably expanded) | Joerg Jung | |
| RCPT TO within LMTP sessions ok gilles eric | |||
| 2015-10-27 | delivery lmtp gets fed with a message file as input which is guaranted to have | Joerg Jung | |
| \n-terminated lines, so no need to strip \r here also remove an unneeded len assignment while here discussed with and ok gilles | |||
| 2015-10-27 | enqueue pledge: getmailname() needs dns, ~/dead.letter needs cpath/wpath | Gilles Chehade | |
| ok jung@, ok millert@ | |||
| 2015-10-27 | aliases_virtual_check() has been unneeded for a while | Gilles Chehade | |
| ok jung@, ok sunil@, ok millert@ | |||
| 2015-10-27 | calloc -> malloc when the memory is immediately overwritten with memcpy. | mmcc | |
| ok claudio@ | |||
| 2015-10-27 | Use AF_UNIX instead of AF_LOCAL. | Todd C. Miller | |
| 2015-10-27 | Fix manpage for empty pidfile. Pointed out by millert@ | Stuart Henderson | |
| 2015-10-27 | Don't use a pidfile in unbound by default. Retain the ability in unbound.conf | Stuart Henderson | |
| to set one if needed. ok millert@ | |||
| 2015-10-27 | Remove wrong line. | Renato Westphal | |
| 2015-10-27 | change cipher-server-preference to be on by default. It can be disabled with | Sebastian Benoit | |
| no cipher-server-preference this makes more clients select ciphers with pfs. requested and ok by reyk@ | |||
| 2015-10-27 | Consistency in error messages. | Jeremie Courreges-Anglas | |
| No functional change. | |||
| 2015-10-27 | Fix nsd and unbound's error checking with SSL_CTX_set_options(). | Doug Hogan | |
| LibreSSL, BoringSSL and OpenSSL have all been redefining SSL_OP_* flags to be 0 when support is removed. This breaks the error checking that nsd and unbound were doing. It should check against the flag value itself to allow for 0. input deraadt@, jsing@ tweak + ok miod@, guenther@ | |||
| 2015-10-27 | tweak previous; | Jason McIntyre | |
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |