| Age | Commit message (Collapse) | Author |
|---|
|
|
|
builtin delivery_maildir backend, + makefiles, not linked to build yet
ok eric@, sunil@
|
|
builtin delivery_file + set of makefiles, not linked to build
ok sunil@, eric@
|
|
|
|
builtin delivery_lmtp.c
ok sunil@, jung@
|
|
found by jsg@, fixed by phessler@ and strsep() by me.
fix memory leak jsg@
ok jsg@ phessler@
|
|
log_warn(). Zap a couple of explicit 'syslog()' calls.
|
|
log_warn(). Zap a couple of explicit 'syslog()' calls.
|
|
|
|
|
|
|
|
fatalx() -> fatal() and even a couple of fprintf(stderr) -> log_warn().
|
|
|
|
ok benno@
|
|
ok benno@
|
|
vmm VMs don't support powerdown - no ACPI or power management - so we
use a trick to issue a reboot and just don't reset after the triple
fault. This worked before but was broken with the previous fix to
pvbus_shutdown() - move the trick to vmd instead.
OK mlarkin@
|
|
install). While here, match the installer output a bit more:
Get/Verify ...
Installing ...
prodded by a mail exchange with "bytevolcano"
discussed with robert@ sthen@
ok robert@
|
|
"Administrative Shutdown" or "Administrative Reset"
patch submitted by Job Snijders, thanks!
|
|
causing the flag not to be propagated down to the listener
ok eric@
|
|
accept ! authenticated [...]
ok sunil@, jung@
|
|
reported by ZHANG Huangbin (zhb (at) iredmail.org)
fix by Robert Klein (roklein (at) roklein.de)
|
|
with standard daemon log.[ch].
ok mpi@
|
|
that stem". needed later for new fancy stuff in check-lib-depends
okay sthen@
|
|
Storage defined in assembly code often doesn't define its type and size,
thus the nlist interface can't present it as N_DATA. Instead of fixing
all the assembly by adding .type pseudo ops, work around the problem in
pstat. Let's hope that allowing N_COMM is sufficient. This makes
''pstat -d u cpuid_level'' useful.
Reported by mikeb@, "looks sane" mikeb@ guenther@
|
|
When a read timeout is reached, the code also has to check if there is
already anything in the input buffer and verify it again. This fixes
relayd and relayctl to show "send/expect failed" instead of "tcp read
timeout".
Found by Michael W. Lucas (while working on the Relayd Mastery book).
Thanks.
OK benno@
|
|
|
|
|
|
Make sure that the beginning of a new request starts with an
alphabetic character. This is a quick way to detect non-ASCII
requests (eg. TLS on port 80). The full validation of the request
method is done once the input line is read.
Make sure that non-terminated lines do not exceed the
SERVER_MAXHEADERLENGTH which is 8k. As the current read watermark is
set to 64k, this means that the limit check is triggered after max.
64k of input, depending on the TCP read buffer.
OK benno@ jsing@
|
|
|
|
see old-style signatures. Clue for people trying pkg_add -current against
6.0 or earlier.
|
|
magic for packages location...). Fairly straightforward
if pkg.conf defines installpath=, it takes precedence
(manual trumps automatic)
to be fully documented once the dust settles.
okay aja@
|
|
|
|
to the new bcrypt version $2b$ and use more rounds. Prof. Falken's password
is much safer now. Found thanks to a problem report by John McGuigan.
ok beck
|
|
not update it during upgrades anymore. pkg_add(1) will soon use the
installurl file as primary source to find the package repository.
OK espie@, tb@
|
|
This ensures, that a trailing whitespace does not break pkg_add.
OK espie@
|
|
tb@ was initially concerned about next-server but there were more
similar occurrences. Simple solution - "hostname" - proposed by jmc@
ok from both
|
|
ok gilles@
|
|
|
|
instead pull in <netinet/in.h> or <arpa/inet.h> when those are needed.
ok florian@ beck@ millert@
|
|
before other includes per style(9) while we're here.
ok florian@ bcook@ jsing@ beck@
|
|
Tested & OK jung@
|
|
It is rarely needed and imposes a light DoS risk. LibreSSL's libssl
allows to turn it off with a simple SSL_OP_NO_CLIENT_RENEGOTIATION
option instead of the complicated implementation that was used before.
It now turns it off completely instead of allowing one initial
client-initiated renegotiation.
It can still be enabled with "tls client-renegotiation".
ok benno@ beck@ jsing@
|
|
don't have EAI_NODATA, so make this easier for people
from bernard spill
|
|
when signing the certificates by the local CA. This can make things easier if
you want to take a CSR from ikectl to another CA for signing, they often copy
extensions from the request. ok reyk@
|
|
OPENBSD-SENSORS-MIB, % is the unit for this value and is already present
in sensorUnits, and it's harder for NMS to parse "100.00%" as a number.
From Joel Knight.
|
|
using keypair_ocsp..
ok reyk@
|
|
|
|
added associated to a keypair used for SNI, and are usable for more than
just the "main" certificate. Modify httpd to use this.
Bump libtls minor.
ok jsing@
|
|
The previous implementation loaded all the output into a single output
buffer and used its size to determine the Content-Length of the body.
The new implementation calculates the body length first and writes the
individual ranges in an async way using the bufferevent mechanism.
This prevents httpd from using too much memory and applies the
watermark and throttling mechanisms to range requests.
Problem reported by Pierre Kim (pierre.kim.sec at gmail.com)
OK benno@ sunil@
|
|
Introduce a new variable clt_headersdone in the async HTTP parser.
OK sunil@ benno@
|
