CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: mart...@cvs.openbsd.org 2021/01/21 23:37:13 Modified files: faq: current.html Log message: Document recent traphandler changes. OK rob@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mart...@cvs.openbsd.org 2021/01/21 23:35:26 Modified files: regress/usr.sbin/snmpd: snmpd.sh Log message: Adjust for traphandler process removal commit. OK denis@, rob@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mart...@cvs.openbsd.org 2021/01/21 23:33:27 Modified files: usr.sbin/snmpd : parse.y snmpd.c snmpd.conf.5 snmpd.h snmpe.c traphandler.c Log message: Remove the traphandler process, which was nothing more then a sham. It did nothing more then receive a message over UDP, do some basic ber and ASN.1 parsing and forward the packet to the parent process. snmpe can do/does the same thing but with a far more thorough ASN.1 validation. Because we move trap receiving to snmpe we get trap over tcp for free. However, to make sure that a normal snmp port doesn't automatically start handling traps a new set of "listen on" flags are introduced: read, write, and notify. To enable trap handling either let snmpd listen on port 162 without flags, or add the notify flag. Only a flag without port results in listening on port 162. To keep current behaviour copy all UDP-based "listen on" lines without port and add the notify keyword: listen on 127.0.0.1 port 666 becomes listen on 127.0.0.1 port 666 listen on 127.0.0.1 notify This change also enforces snmpd to honor trap community on receiving a trap, where previously no community was checked before handling a packet. OK denis@, rob@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2021/01/21 20:20:56 Modified files: lib/libutil: ber.c Log message: Valid integer and enumerated types always have non-zero length. Perform check to ensure we avoid a possible (undefined) negative shift. Found with clang static analyzer. Tweaked and OK martijn@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2021/01/21 19:46:40 Modified files: usr.bin/ssh: ssh.1 Log message: PubkeyAcceptedKeyTypes->PubkeyAcceptedAlgorithms here too.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2021/01/21 19:44:58 Modified files: usr.bin/ssh: auth2-pubkey.c monitor.c readconf.c readconf.h scp.1 servconf.c servconf.h sftp.1 ssh.c ssh_config.5 sshconnect2.c sshd_config.5 Log message: Rename PubkeyAcceptedKeyTypes keyword to PubkeyAcceptedAlgorithms. While the two were originally equivalent, this actually specifies the signature algorithms that are accepted. Some key types (eg RSA) can be used by multiple algorithms (eg ssh-rsa, rsa-sha2-512) so the old name is becoming increasingly misleading. The old name is retained as an alias. Prompted by bz#3253, help & ok djm@, man page help jmc@
CVS: cvs.openbsd.org: xenocara
CVSROOT:/cvs Module name:xenocara Changes by: j...@cvs.openbsd.org2021/01/21 15:46:18 Modified files: xserver/os : access.c Log message: Safer workaround for the "kame hack": only override sin6_scope_id if zero The assumption is that if sin6_scope_id is set, then the interface index is no longer embedded in the address. ok claudio@ matthieu@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: e...@cvs.openbsd.org2021/01/21 15:03:25 Modified files: lib/libtls : tls_config.c Log message: when using fake keys, skip the private key check ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: e...@cvs.openbsd.org2021/01/21 15:02:17 Modified files: lib/libtls : tls.c Log message: return -1 on error for consistency ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mill...@cvs.openbsd.org 2021/01/21 13:08:18 Modified files: games/canfield/canfield: canfield.c Log message: Ignore special keys returned by the curses getch() function. Prevents canfield from suspending itself when you resize the window. Canfield is not prepared to deal with anything other than normal characters so just ignore them. OK tb@ pjanzen@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: flor...@cvs.openbsd.org 2021/01/21 12:12:13 Modified files: usr.sbin/ndp : Makefile ndp.c Removed files: usr.sbin/ndp : gmt2local.c gmt2local.h Log message: ndp only deals with current localtime. Print time with subsecond resolution in a less roundabout way. OK phessler, bluhm
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: e...@cvs.openbsd.org2021/01/21 12:11:39 Modified files: distrib/sets/lists/base: mi Log message: sync for libtls bump
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: e...@cvs.openbsd.org2021/01/21 12:09:43 Modified files: lib/libtls : shlib_version Log message: minor bump after symbol addition
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: e...@cvs.openbsd.org2021/01/21 12:09:10 Modified files: lib/libtls : Symbols.list tls.c tls_config.c tls_internal.h Log message: Allow setting a keypair on a tls context without specifying the private key, and fake it internally with the certificate public key instead. It makes it easier for privsep engines like relayd that don't have to use bogus keys anymore. ok beck@ tb@ jsing@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2021/01/21 11:48:57 Modified files: lib/libssl : d1_lib.c ssl_locl.h Log message: Mop up unused dtls1_build_sequence_number() function.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2021/01/21 10:02:37 Modified files: regress/sys/kern/pledge/sockopt: Makefile Log message: Pledge violation for SO_RTABLE prints "wroute" now. Adapt test.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: to...@cvs.openbsd.org 2021/01/21 09:50:46 Modified files: sbin/iked : ikev2.c Log message: Handle NO_PROPOSAL_CHOSEN for CREATE_CHILD_SA. ok markus@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: to...@cvs.openbsd.org 2021/01/21 09:46:47 Modified files: sbin/iked : config.c iked.h ikev2.c Log message: Add support for INVALID_KE_PAYLOAD in CREATE_CHILD_SA exchange. In the case of an invalid KE error, retry CREATE_CHILD_SA exchange with different group instead of restarting the full IKE handshake. ok markus@
Re: CVS: cvs.openbsd.org: src
On Thu, Jan 21, 2021 at 05:52:58AM -0700, Theo de Raadt wrote: > I disagree, and believe it was correct as-is. > > smtpd is not the only program that handles this file. There are > likely other programs beyond sendmail, too. > ok, i have undone it, jmc > Jason McIntyre wrote: > > > CVSROOT:/cvs > > Module name:src > > Changes by: j...@cvs.openbsd.org2021/01/21 05:43:30 > > > > Modified files: > > usr.bin/vacation: vacation.1 > > > > Log message: > > remove an unneccessary escape; from martin vahlensieck > > ok gilles > > > > while, there, zap an unneccessary Tn; > > >
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2021/01/21 06:19:58 Modified files: usr.bin/vacation: vacation.1 Log message: revert previous after complaints from sthen and deraadt;
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: m...@cvs.openbsd.org2021/01/21 06:19:25 Modified files: usr.sbin/btrace: btrace.c map.c Log message: Make it possible to convert map arguments to long and insert nsecs in maps. Necessary to measure latency, example below to better understand the kqueue select(2) regression: syscall:select:entry { @start[pid] = nsecs; } syscall:select:return { @usecs = hist((nsecs - @start[pid]) / 1000); }
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: m...@cvs.openbsd.org2021/01/21 06:18:08 Modified files: sys/netinet: ip_carp.c Log message: carp(4): convert ifunit() to if_unit(9) ok dlg@ bluhm@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: m...@cvs.openbsd.org2021/01/21 06:17:13 Modified files: sys/net: if_vlan.c Log message: vlan(4): convert ifunit() to if_unit(9) ok dlg@ kn@
Re: CVS: cvs.openbsd.org: src
I disagree, and believe it was correct as-is. smtpd is not the only program that handles this file. There are likely other programs beyond sendmail, too. Jason McIntyre wrote: > CVSROOT: /cvs > Module name: src > Changes by: j...@cvs.openbsd.org2021/01/21 05:43:30 > > Modified files: > usr.bin/vacation: vacation.1 > > Log message: > remove an unneccessary escape; from martin vahlensieck > ok gilles > > while, there, zap an unneccessary Tn; >
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2021/01/21 05:43:30 Modified files: usr.bin/vacation: vacation.1 Log message: remove an unneccessary escape; from martin vahlensieck ok gilles while, there, zap an unneccessary Tn;
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2021/01/21 05:33:14 Modified files: sys/net: bpf.c bpfdesc.h Log message: let vfs keep track of nonblocking state for us. ok claudio@ mvs@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: ke...@cvs.openbsd.org 2021/01/21 04:05:38 Modified files: share/man/man4 : ifmedia.4 Log message: Document IFM_2500_T media type. ok claudio@ jmc@ sthen@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: st...@cvs.openbsd.org 2021/01/21 03:31:57 Modified files: usr.sbin/unbound/services: outside_network.c Log message: Backport "Squelch udp connect 'no route to host' errors" from upstream. Problem reported and diff tested by danj@ >From 5906811ff19f005110b2edbda5aa144ad5fa05b1 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Tue, 1 Dec 2020 09:09:13 +0100 Subject: [PATCH] - Fix #358: Squelch udp connect 'no route to host' errors on low verbosity.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: k...@cvs.openbsd.org2021/01/21 01:13:59 Modified files: usr.bin/doas : doas.c Log message: Revert r1.87 "Pledge before authentication when possible" Someone reported to me that ''This breaks ansible managed machines where "persist" isn't used. There i get /bsd: doas[49341]: pledge "proc", syscall 2 Using "persist", everything is fine.''