mischief/openbsd-src
1
0
Fork 0
mirror of https://github.com/openbsd/src.git synced 2024-12-21 23:18:00 -08:00
Code
237,195 Commits 1 Branch 0 Tags 805 MiB
master
Commit Graph

5624 Commits

Author SHA1 Message Date
jca
7dd88e41b8 ld.lld now needs 9GB of ram to link firefox/libxul.so on riscv64 2024-12-21 14:12:45 +00:00
claudio
4cf1cdd067 Make the example bgpd.conf work with 4byte ASN out of the box. 
Use local-as in community and large-community stanzas since that will
be expanded at runtime. For communities that only work with 2byte ASN
the filter will never match (or nothing will be set / deleted) since
a 4byte ASN can never match.

We want an bgpd.conf example ruleset that is sensible, works and is a
good starting point for beginners. In other words we should not add
traps to the config.

OK deraadt@ job@
 2024-12-18 16:00:26 +00:00
sthen
52e728d076 use kmem(4) instead of "all memory" which has more information about 
what exactly is allowed, and specifically refers to allowkmem (and that
it permits both /dev/mem and /dev/kmem). discussed with deraadt
 2024-12-04 13:16:26 +00:00
sthen
9b8b48b50a Mention kern.allowdt and kern.allowkmem in examples/sysctl.conf. 
From espie, ok claudio mpi
 2024-12-04 10:14:14 +00:00
kmos
ca433cef96 Bump datasize-cur for the pbuild user on sparc64 so that we can 
build llvm 18.

ok sthen
 2024-12-04 06:01:23 +00:00
dtucker
f651b06a4c Import regenerated moduli. 2024-11-29 00:13:36 +00:00
robert
ececade9f9 add the build user to the build login class now that enough time has passed 
since the addition of that class

ok deraadt@
 2024-11-02 16:55:44 +00:00
job
bb54ed3d7c Update APNIC trust anchor constraints 
The IANA IPv6 Global Unicast Address Assignments registry has been
updated to reflect the allocation of the following block to APNIC:

2410::/12 APNIC 2024-11-01

the registry is at:
https://www.iana.org/assignments/ipv6-unicast-address-assignments/

OK sthen@
 2024-11-02 09:43:12 +00:00
kn
9923fb3990 track dhcp6leased uuid; OK florian 2024-10-31 22:14:04 +00:00
volker
1b590ae1b8 Include cdXX.iso in MDEXT on arm64 
ok deraadt@
 2024-10-29 21:03:09 +00:00
lucas
91e742ee26 rc: Use the correct path to sshd-auth's relink kit 
From Josiah Frentsos <jfrent AT tilde.team>

OK tb
 2024-10-22 22:23:21 +00:00
deraadt
a5ae96e343 grow i386 media a bit 2024-10-15 00:08:27 +00:00
deraadt
115810f983 sshd-auth also has a relink kit 2024-10-14 02:46:50 +00:00
robert
ce178b8520 introduce a new build class to be used by the build user 
this class will be required for the upcoming llvm update
that requires bumped datasize because of llvm-tblgen

ok deraadt@
 2024-10-12 07:36:52 +00:00
kn
35fe2a76d8 Get trust anchor via unbound-checkconf(8) 
This tool knows our default config path and '-o auto-trust-anchor-file'
prints the actually set path, if any, regardless of whether exists.

Use that to generate it rather than a best-effort grep/hardcoded path.

OK sthen
 2024-10-09 15:42:56 +00:00
deraadt
a69ebb35ba change release date 2024-09-30 14:31:56 +00:00
kn
4f37b6d834 sync synopsis and usage, sort commands, fix their spacing 
OK input lucas
 2024-09-29 14:36:13 +00:00
kn
957905706c Replace &&' with if' for proper $? handling; OK lucas 
iked and isakmpd guard against themselves with "return 0" as rc.subr(8)
checks rc_pre()'s return code and aborts daemo start iff non-zero, but
that isn't needed if we use ksh properly.
 2024-09-23 20:54:01 +00:00
kn
2dcab2a61d zap redundant "|| return 1"; OK lucas 
unbound-checkconf(8) itself exits 1 on error already.
 2024-09-23 20:44:24 +00:00
deraadt
ee503ce922 back to previous plan 2024-09-18 11:29:55 +00:00
deraadt
39dae5665d adjust date 2024-09-18 02:43:54 +00:00
bluhm
88baa31612 regen 2024-09-03 09:36:12 +00:00
bluhm
48fdf972e3 For AMD SEV create /dev/psp. 
To call ioctl(2) for the platform security processor (PSP), vmd(8)
needs a device file.  It is currently linked to the cryptographic
co-processor ccp(4).  We may split this into a separate psp(4)
device.

from hshoexer@; input jsg@
 2024-09-03 09:35:46 +00:00
claudio
d2e81d5165 draft-ietf-v6ops-rfc3849-update turned into RFC9637, adjust comment 2024-08-29 12:58:57 +00:00
deraadt
c19afa0950 calendars are so hard 2024-08-26 22:54:21 +00:00
dtucker
39cd50f5fe Import regenerated moduli. 2024-08-21 07:06:27 +00:00
robert
74154050e2 add 7.7 syspatch pubkey 2024-08-16 06:42:21 +00:00
sthen
2d33a48fba add 77-fw pubkey 2024-08-15 10:25:25 +00:00
matthieu
9e0435787d xkbcomp 1.7.0 moved its data files from lib/X11 to share/X11 2024-08-12 19:40:17 +00:00
naddy
6d453ff9e2 7.7 packages key 2024-08-09 14:57:06 +00:00
deraadt
90885033f1 old keys can go away 2024-08-07 23:03:24 +00:00
deraadt
67c00f1761 add 7.7 base key 2024-08-07 23:02:48 +00:00
deraadt
64c8f75261 crank to 7.6-beta, release date is vague 2024-08-07 15:59:24 +00:00
phessler
ba9b1da2e5 bump datasize for armv7's pbuild user, some software has grown over the years 
OK jca@
 2024-08-04 20:06:04 +00:00
job
4efb5f0ac3 Add 5f00::/16 segment routing SRv6 SIDs prefix to example bogon list 
"In SRv6, SR source nodes initiate packets with a segment identifier in
the Destination Address of the IPv6 header, and SR segment endpoint
nodes process a local segment present in the Destination Address of an
IPv6 header."

https://www.iana.org/assignments/iana-ipv6-special-registry/
https://datatracker.ietf.org/doc/html/draft-ietf-6man-sids

OK phessler@
 2024-07-24 19:28:37 +00:00
job
76917c93c1 3fff::/20 has been set aside as an additional documentation prefix 
Per https://www.iana.org/assignments/iana-ipv6-special-registry/
and https://datatracker.ietf.org/doc/html/draft-ietf-v6ops-rfc3849-update

OK phessler@ claudio@
 2024-07-24 18:56:57 +00:00
matthieu
a6b235b61f Add /usr/X11R6/include/va. ok tb@ 2024-07-14 09:39:15 +00:00
florian
a523645be4 Recommend veb(4) instead of bridge(4). 
bridge(4) has weird interactions with traffic crossing the bridge.

Missing change after updating the faq pointed out by ajacoutot
OK dv
 2024-07-12 12:35:32 +00:00
bket
ec5358abcd Revert "Make daily(8) reporting services that are running" 
Stop daily(8) mails with false information on rogue services.

OK florian@, solene@
 2024-07-04 05:06:58 +00:00
deraadt
0fbf39a0b5 delete dhclient(8). ipv4 dhcp leases have been acquired by the 
always-running-in-background dhcpleased(8) for a while, which is
activated per-interface with "ifconfig $if autoconf', or
"ifconfig $if inet autoconf", or with "inet autoconf" in /etc/hostname.$if
dhclient(8) has done execve(3) of ifconfig(8) to handle this for a while,
so everyone has moved to the dhcpleased(8) method
ok florian
 2024-06-30 17:30:52 +00:00
landry
bb7daed899 services: add matrix-fed tcp port 8448 
registered at IANA since last august for Matrix Federation Protocol
https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?search=8448

ok djm@ solene@
 2024-06-04 18:13:23 +00:00
florian
28d450f002 Track changes to dhcp6leased.conf 
looks correct to deraadt
 2024-06-03 10:07:27 +00:00
florian
060ceba535 etc bits for dhcp6leased 
looks correct to deraadt
 2024-06-03 10:06:35 +00:00
florian
b32d40bd43 user, group & /var/db/dhcp6leased for dhcpleased(8) 
typo spotted by ccappuc
Input & OK deraadt
 2024-06-02 12:32:33 +00:00
sthen
ae8ed1c144 sem_open() uses /tmp/*.sem files. Exclude them from /tmp daily cleanup 
like is already done for /tmp/*.shm used by libc.

ok millert@ tb@, same diff landry@
 2024-05-30 14:29:05 +00:00
deraadt
821b7f42cc run the sshd-session link kit also 2024-05-17 00:33:43 +00:00
solene
068b29caf4 Make daily(8) reporting services that are running 
but not enabled in rc.conf.local(8)

wording by jmc@
ok schwarze@ florian@
 2024-05-16 11:33:59 +00:00
jmc
e9beec88f8 - for pwraction, point to acpibtn(4) 
- for lidaction, document the value 0
- for lidaction, adjust the description to a format similar
to that of pwraction

ok kettenis deraadt
 2024-05-08 15:30:26 +00:00
job
e81b35ef0f Sync RPKI Trust Anchor constraints to nro-delegated-stats 
Turns out that registry at https://www.iana.org/assignments/as-numbers/as-numbers.xml
is an incomplete one, where only 'new' assignments are listed. In the
past this registry used to list all ASNs, but the RIRs asked IANA to
revert to not being very detailed...

There is another source of truth, the 'nro-delegated-stats' file at
https://ftp.ripe.net/pub/stats/ripencc/nro-stats/latest/nro-delegated-stats
this is updated daily and composed of information from each RIR.

Summary of changes:

* LACNIC manages a more ASNs than previously known:
  - allow those ASNs for LACNIC
  - deny those for RIPE, APNIC, ARIN

* AFRINIC's allow list was good (compared to nro-delegated-stats), but the
  full set of AfriNIC ASNs wasn't denylisted for RIPE, ARIN, APNIC.

OK tb@
 2024-04-17 14:31:59 +00:00
kettenis
5ee01a3f85 Remove the "cubie" miniroot. There are far more popular armv7 boards 
with Allwinner SoCs and the presence of this particular miniroot is making
it hard to update U-Boot.

ok jsg@
 2024-04-09 11:13:51 +00:00