src - OpenBSD base system

Age	Commit message (Collapse)	Author
2018-01-05	@libset is going to be part of the dependency information.	Marc Espie

2018-01-05	Use log_warnx() in places where errno is irrelevant.	Jeremie Courreges-Anglas
	ok mlarkin@ ccardenas@
2018-01-05	Remove useless <sys/socketvar.h> includes.	Martin Pieuchot
	ok kettenis@, visa@, claudio@, deraadt@
2018-01-04	from paul de weerd: provide a more helpful Xr to ocspcheck, and note	Jason McIntyre
	that the path to "file" is not relative to the chroot;
2018-01-04	Address TOCTOU issue with checking to ensure disks are regular files.	ccardenas
	Reported by jca@. Ok mlarkin@ and deraadt@
2018-01-03	Add support for IPv6 over MPLS pseudowire aka mpw(4)	denis
	OK claudio@ jca@
2018-01-03	Use crypt_checkpass(3) instead of crypt(3).	Sunil Nimmagadda
	Based on a diff from Edgar Pettijohn. Ok gilles@ eric@
2018-01-03	pretty up the "start" command;	Jason McIntyre

2018-01-03	Add initial CD-ROM support to VMD via vioscsi.	ccardenas
	* Adds 'cdrom' keyword to vm.conf(5) and '-r' to vmctl(8) * Support various sized ISOs (Limitation of 4G ISOs on Linux guests) * Known working guests: OpenBSD (primary), Alpine Linux (primary), CentOS 6 (secondary), Ubuntu 17.10 (secondary). NOTE: Secondary indicates some issue(s) preventing full/reliable functionality outside the scope of the vioscsi work. * If the attached disks are non-bootable (i.e. empty), SeaBIOS (vmd's default BIOS) will boot from CD-ROM. ok mlarkin@, jca@
2018-01-02	we haven't updated the version in a while despite many commits which is	Gilles Chehade
	confusing for people running the portable version
2018-01-02	Stop assuming <sys/file.h> will pull in fcntl.h when _KERNEL is defined.	Philip Guenther
	ok millert@ sthen@
2018-01-01	RSA_private_{en,de}crypt() can fail and will return -1 in that case.	Claudio Jeker
	Check for this in the ca process and return a valid answer to the relay process. This fixes rsae_send_imsg poll timeouts blocking relay processes as seen by Mischa Peters and myself. OK benno@
2018-01-01	placeholder for new keyword that doesn't do anything yet, so that when it	Marc Espie
	gets used, tools already know about it a bit. (meant to simplify wantlib updates down the line)
2017-12-30	get_date(), from getdate.y, was last used in the sparc support, so zap it	Philip Guenther
	ok kettenis@
2017-12-29	Prevent syspatch from running and throw an error out if reorder_kernel is	Antoine Jacoutot
	running. This is to prevent syspatch from installing new kernel object files while reordering is in progress (typically after an install/upgrade on slow machines). req. by and OK sthen@
2017-12-27	log specific error when connect() fails.	Sebastian Benoit
	ok claudio@, feedback bluhm@
2017-12-23	As we only use the .tv_sec field, simplify gettimeofday(2) -> time(3).	cheloha
	ok tb@ jca@
2017-12-23	the trick to get signal names requires skipping over POSIX stuff we don't	Marc Espie
	have now. as seen by landry@
2017-12-21	typo;	Jason McIntyre

2017-12-21	Close the right file descriptor and clean up the tls context in aldap_close().	Jonathan Matthew
	ok zhuk@ deraadt@
2017-12-18	always initialize the hce_launch_checks event timer.	Sebastian Benoit
	Fixes a crash when poll is run without any checks. Found and fixed by Hiltjo Posthuma (hiltjo -AT- codemadness -DOT- org). ok claudio@
2017-12-18	Add the CLOCK_BOOTTIME clockid for use with clock_gettime(2)	cheloha
	and put it to use in userspace in lieu of the kern.boottime sysctl. Its absolute value is the time that has elapsed since the system booted, i.e., the system uptime. Use in top(1), w(1), and snmpd(8) eliminates a race with settimeofday(2), adjtime(2), etc. inherent to deriving the system uptime via the kern.boottime sysctl. Product of a great deal of discussion/revision with jca@, tb@, and guenther@. ok tb@ jca@ guenther@ dlg@ mlarkin@ tom@
2017-12-14	set Location header for 307 and 308 status codes	Sebastian Benoit
	ok sthen@ phessler@
2017-12-08	Convert snprintf+write into dprintf. It is simply easier to read, and	Theo de Raadt
	provides retry on short-write file descriptors. ok florian, previous versions seen by millert
2017-12-07	Now that we have RB_NFIND, the canacar's trick with RB_INSERT+RB_NEXT	Vadim Zhukov
	is not needed anymore. okay jmatthew@
2017-12-07	client_addr_init() never fails and its return value is never checked,	Vadim Zhukov
	so just make it void. okay jmatthew@
2017-12-07	Fix a potential fd leak in client_aldap_open().	Vadim Zhukov
	okay jmatthew@
2017-12-06	Make vmd respect owner when starting non-disabled vms.	Aaron Bieber
	OK pd@, benno@
2017-12-02	switching to _pbuild is tricky, you can't take it back.	Marc Espie
	in particular, disable future PORTS_PRIVSEP mechanisms under pkg_create, because we should already be running as _pbuild by this point.
2017-12-01	Avoid using an uninitialized variable.	Visa Hankala
	Found by gcc. OK jca@
2017-11-30	When performing vmctl reload and a previously configured vm is running,	ccardenas
	exit with an EALREADY vs EPERM. ok mlarkin@
2017-11-29	vmd(8): fix broken IRR bit setting for the slave PIC. Noticed by claudio	Mike Larkin
	when he tried to make a vm with 4 network interfaces. ok claudio
2017-11-29	fix double dot;	Jason McIntyre

2017-11-29	add -i to SYNOPSIS/usage() and sundry tweaks;	Jason McIntyre
	ok beck
2017-11-29	Insert MPLS VPN routes with the RTF_GATEWAY flag cleared. mpe(4) is now	Claudio Jeker
	expecting this and will use the route gateway and the mpls label to forward packets. This plus the other diffs to if_mpe.c and route.c should fix L3 MPLS VPNs. Problem reported by henning@
2017-11-29	Don't do OCSP stapling only if the staple file is 0 length.	Bob Beck
	This allows something external (like ocspcheck) to disable the stapling deliberatly if it can not retreive a valid staple by truncating the staple file to indicate "do not provide a staple", while the file not existin will still be treated as a configuration error ok claudio@ florian@, and prompted by @jsing
2017-11-29	add options to specify the control socket in relayd and relayctl.	Sebastian Benoit
	From Kapetanakis Giannis, thanks. ok claudio@
2017-11-29	make vmm(4) less responsible for initial register state, preferring to let	Mike Larkin
	usermode daemons handle that. ok pd@
2017-11-28	fix some spelling errors in a few comments	Mike Larkin

2017-11-28	Add option -i to allow oscpcheck to be used to validate an on-disk staple	Bob Beck
	ok claudio@ benno@
2017-11-28	One less lie in comments	Claudio Jeker

2017-11-28	tweak previous;	Jason McIntyre

2017-11-28	Introduce relay_reset_event() which closes and resets a relay connection.	Claudio Jeker
	Currently this is only used by relay_close() but will be needed in near future. OK benno@
2017-11-28	In TLS inspection mode we also need to keep the server tls object around.	Claudio Jeker
	For this we need to add an additional pointer to the ctl_relay_event. Diff from Petri Mikkila (pmikkila at gmail) OK benno@
2017-11-28	Disable oscp stapling on invalid staple, rather than failing to start.	Bob Beck
	ok claudio@ florian@
2017-11-28	relay_load_fd() is no longer clobering errno in the error case so use	Claudio Jeker
	fatal() instead of fatalx()
2017-11-28	Add space between to and read like in other DPRINTFs.	Claudio Jeker

2017-11-27	Change the ecdhe curve configuration to the same way httpd is doing it.	Claudio Jeker
	This removes 'no ecdh' and renames 'ecdh curve auto' to ecdhe default. The code uses now tls_config_set_ecdhecurves(3) so it is possible to specify multiple curves now. If people specified curves in their config they need to adjust their config now. OK beck@
2017-11-27	Make ca_launch error messages unique.	Alexander Bluhm
	OK claudio@
2017-11-27	lseek/read is racy when there is multiple consumers. Use pread instead.	Claudio Jeker
	Solves the startup issues seen by bluhm@. pread idea from guenther@. While there save the errno in the error case. OK bluhm@