CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2019/12/19 05:04:38 Modified files: sys/dev: vscsi.c sys/dev/usb: uhid.c sys/net: switchctl.c sys/arch/sparc64/dev: vldcp.c Log message: poll handlers must return a poll(2) revents value, not errno(2) values. Some drivers have returned ENXIO (6) if the device is not available which incorrectly translates into POLLPRI|POLLOUT (2|4) in userland. Change it to POLLERR for now, but it might as well be POLLHUP. OK mpi@
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: r...@cvs.openbsd.org2019/12/17 12:27:39 Modified files: faq: current.html Log message: Mention recent usb(4), ugen(4), uhid(4), and fido(4) changes. With input from deraadt@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2019/12/17 06:18:06 Modified files: etc/etc.alpha : MAKEDEV etc/etc.amd64 : MAKEDEV etc/etc.arm64 : MAKEDEV etc/etc.armv7 : MAKEDEV etc/etc.hppa : MAKEDEV etc/etc.i386 : MAKEDEV etc/etc.landisk: MAKEDEV etc/etc.loongson: MAKEDEV etc/etc.macppc : MAKEDEV etc/etc.octeon : MAKEDEV etc/etc.sgi: MAKEDEV etc/etc.sparc64: MAKEDEV share/man/man8/man8.alpha: MAKEDEV.8 share/man/man8/man8.amd64: MAKEDEV.8 share/man/man8/man8.arm64: MAKEDEV.8 share/man/man8/man8.armv7: MAKEDEV.8 share/man/man8/man8.hppa: MAKEDEV.8 share/man/man8/man8.i386: MAKEDEV.8 share/man/man8/man8.landisk: MAKEDEV.8 share/man/man8/man8.loongson: MAKEDEV.8 share/man/man8/man8.macppc: MAKEDEV.8 share/man/man8/man8.octeon: MAKEDEV.8 share/man/man8/man8.sgi: MAKEDEV.8 share/man/man8/man8.sparc64: MAKEDEV.8 Log message: sync
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2019/12/17 06:15:17 Modified files: etc: MAKEDEV.common Log message: Fix fido(4) documentation link (no functional change)
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2019/12/17 06:08:56 Modified files: sys/dev/usb: files.usb uhid.c share/man/man4 : usb.4 sys/dev/hid: hid.h sys/sys: conf.h lib/libfido2 : Makefile lib/libfido2/src: hid_openbsd.c sys/arch/alpha/conf: GENERIC sys/arch/alpha/alpha: conf.c etc: MAKEDEV.common etc/etc.alpha : MAKEDEV.md sys/arch/amd64/conf: GENERIC sys/arch/amd64/amd64: conf.c etc/etc.amd64 : MAKEDEV.md sys/arch/arm64/conf: GENERIC sys/arch/arm64/arm64: conf.c etc/etc.arm64 : MAKEDEV.md sys/arch/arm/arm: conf.c etc/etc.armv7 : MAKEDEV.md sys/arch/armv7/conf: GENERIC sys/arch/hppa/conf: GENERIC sys/arch/hppa/hppa: conf.c etc/etc.hppa : MAKEDEV.md sys/arch/i386/conf: GENERIC sys/arch/i386/i386: conf.c etc/etc.i386 : MAKEDEV.md sys/arch/landisk/conf: GENERIC sys/arch/landisk/landisk: conf.c etc/etc.landisk: MAKEDEV.md sys/arch/loongson/conf: GENERIC sys/arch/loongson/loongson: conf.c etc/etc.loongson: MAKEDEV.md sys/arch/macppc/conf: GENERIC sys/arch/macppc/macppc: conf.c etc/etc.macppc : MAKEDEV.md sys/arch/octeon/conf: GENERIC sys/arch/octeon/octeon: conf.c etc/etc.octeon : MAKEDEV.md sys/arch/sgi/conf: GENERIC-IP27 GENERIC-IP30 GENERIC-IP32 sys/arch/sgi/sgi: conf.c etc/etc.sgi: MAKEDEV.md sys/arch/sparc64/conf: GENERIC sys/arch/sparc64/sparc64: conf.c etc/etc.sparc64: MAKEDEV.md Added files: sys/dev/usb: fido.c uhid.h share/man/man4 : fido.4 Log message: Add fido(4), a HID driver for FIDO/U2F security keys While FIDO/U2F keys were already supported by the generic uhid(4) driver, this driver adds the first step to tighten the security of FIDO/U2F access. Specifically, users don't need read/write access to all USB/HID devices anymore and the driver also improves integration with pledge(2) and unveil(2): It is pledge-friendly because it doesn't require any ioctls to discover the device and unveil-friendly because it uses a single /dev/fido/* directory for its device nodes. It also allows to support FIDO/U2F in firefox without further weakening the "sandbox" of the browser. Firefox does not have a proper privsep design and many operations, such as U2F access, are handled directly by the main process. This means that the browser's "fat" main process needs direct read/write access to all USB HID devices, at least on other operating systems. With fido(4) we can support security keys in Firefox under OpenBSD without such a compromise. With this change, libfido2 stops using the ioctl to query the device vendor/product and just assumes "OpenBSD" "fido(4)" instead. The ioctl is still supported but there was no benefit in obtaining the vendor product or name; it also allows to use libfido2 under pledge. With feedback from deraadt@ and many others OK kettenis@ djm@ and jmc@ for the manpage bits
Re: CVS: cvs.openbsd.org: src
On Wed, Jun 26, 2019 at 06:13:48AM -0600, Reyk Floeter wrote: > CVSROOT: /cvs > Module name: src > Changes by: r...@cvs.openbsd.org2019/06/26 06:13:48 > > Modified files: > usr.sbin/relayd: config.c relay.c relayd.c relayd.conf.5 >relayd.h > > Log message: > Add support for OCSP stapling > > Many thanks to Bruno Flueckiger who independently sent a very similar > patch. He also tested the one I'm committing that it works as > expected. > > OK tb@ > I forgot to mention: Thanks to jmc@ for input & OK on the manpage bits. Reyk
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2019/06/26 06:13:48 Modified files: usr.sbin/relayd: config.c relay.c relayd.c relayd.conf.5 relayd.h Log message: Add support for OCSP stapling Many thanks to Bruno Flueckiger who independently sent a very similar patch. He also tested the one I'm committing that it works as expected. OK tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2019/06/01 03:54:19 Modified files: usr.sbin/relayd: config.c Log message: Make sure that the IMSG_CTL_RESET message is sent immediately. This fixes an issue that might better be solved in imsg itself. The problem is that IMSG_CTL_RESET does not include an fd while the following messages (IMSG_CFG_RELAY and IMSG_CFG_RELAY_FD) do contain fds. If the receiver gets them in one buffer (via recvmsg), the first fd might be wrongly associated to the IMSG_CTL_RESET message. This is theoretically taken care of by the imsg API, so it is either a bug in relayd's API usage or in imsg itself. "sure" claudio@ as a temporary fix.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2019/05/31 09:25:57 Modified files: usr.sbin/relayd: config.c parse.y relayd.c relayd.conf.5 relayd.h Log message: Add support for SNI with new "tls keypair" option to load additional certs. Tested by many (thanks!) Feedback & OK rob@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2019/05/31 09:15:37 Modified files: usr.sbin/relayd: ca.c config.c parse.y relay.c relayd.c relayd.h Log message: Move the relay keys/certs into a separate global list and look them up by id. Moving the certs out of the relay struct will help to add multiple SNI certs. Tested by many users (thanks!) Feedback & OK rob@
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: r...@cvs.openbsd.org2019/05/29 15:44:06 Modified files: faq: current.html Log message: Changed vmctl to vmctl(8) in the link text. Pointed out by tb@
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: r...@cvs.openbsd.org2019/05/29 15:42:30 Modified files: faq: faq16.html Log message: Revert previous: The FAQ is for -stable, not for -current. I moved the vmctl syntax change into a comment for the next release. Pointed out by tb@
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: r...@cvs.openbsd.org2019/05/29 15:33:53 Modified files: faq: current.html faq16.html Log message: vmctl(8) syntax changed: command options before argument
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2019/05/29 15:32:43 Modified files: usr.sbin/vmctl : main.c vmctl.8 Log message: Change vmctl(8) syntax: command options before the disk/name/id argument. vmctl had a CLI-style syntax (bgpctl-style) for a short time but I changed it back to a more suitable getopt syntax. I replaced the CLI tokens to getopts flags but didn't consider swapping the order of command options and arguments to be more UNIX-like again ("vmctl create disk.img size 10G" simply became "vmctl create disk.img -s 10G"). This changes "create", "start", and "stop" commands to the commonly expected syntax like "vmctl create -s 10G disk.img". Requested by many OK mlarkin@ kn@ solene@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2019/05/29 05:52:56 Modified files: usr.sbin/relayd: parse.y Log message: Fix the check if a relay has been specified twice Relays cannot have the same name or listen address. If a listen address is specified multiple times, the parser expands the configuration into multiple relays automatically. OK rob@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2019/05/29 05:48:29 Modified files: usr.sbin/relayd: parse.y relay.c relayd.c relayd.h Log message: Move relay_load_*() functions into relayd.c Pass the *env as an explicit argument instead of using the global pointer: The relay_load_certfiles() function is called early before the *env is set up. This does not change anything in the current code as *env is not used by anything in the function (not even ssl_load_key() that is taking it as an argument) but it will be needed by upcoming changes for SNI. Ok rob@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2019/05/13 09:19:16 Modified files: usr.sbin/relayd: relay_http.c Log message: Add Connection: close when switching to "unlimited" reading mode. Ask the server to close the connection after the request since we don't read any further request headers. This fixes an issue with OPTIONS and optional body, as well as similar cases. Reported and tested by Rivo Nurges OK benno@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2019/05/13 03:54:07 Modified files: usr.sbin/relayd: relay.c relay_http.c relayd.h util.c Log message: Fix filter rules with "forward to" statement in persistent connections. OK bentley@ mikeb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2019/05/10 14:47:54 Modified files: distrib/miniroot: install.sub Log message: Improve error message of "Question has no answer in response file". It didn't always print the actual question so it was hard to debug problems in the autoinstall(8) script. OK florian@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2019/05/10 03:15:00 Modified files: usr.sbin/relayd: parse.y relay.c relay_http.c relayd.conf.5 relayd.h Log message: Add support for from/to in relay filter rules. For example, pass from 10.0.0.0/8 path "/hello/*" forward to Ok benno@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2019/05/08 17:22:19 Modified files: usr.sbin/relayd: http.h relay.c relay_http.c relayd.c relayd.h Log message: Fix and tweak websocket upgrade handling. - Don't expect the Connection header to equal Upgrade, it may include Upgrade - Reshuffle the code to check the Upgrade/Connection headers in one place Reported and tested by Rivo Nurges OK and input from benno@ Cvs: --
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2019/05/08 13:57:45 Modified files: usr.sbin/httpd : config.c httpd.h parse.y server_fcgi.c server_http.c Log message: spacing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/12/05 11:02:51 Modified files: sys/dev/pv : pvclock.c Log message: Correctly disable pvclock(4) on old hardware that lack a stable clock I falsely assumed that the KVM_FEATURE_CLOCKSOURCE_STABLE_BIT indicates that the actual clock values are stable, but it turned out that this isn't always the case. To detect if the clock value is stable, we now read it once in pvclock_attach() and check for the PVCLOCK_FLAG_TSC_STABLE flag. This needs further investigation. Reported and fix tested by johnw.mail at gmail.com OK chris@ phessler@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/11/26 03:39:30 Modified files: usr.sbin/vmd : vioqcow2.c vioraw.c virtio.c virtio.h vmboot.c usr.sbin/vmctl : main.c vmctl.c vmctl.h Log message: Move the {qcow2,raw} create functions from vmctl into vmd/vio{qcow2,raw}.c This way they are in the appropriate place and code can be shared with vmd. Ok ori@ mlarkin@ ccardenas@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/11/23 05:38:44 Modified files: share/man/man4 : Makefile Log message: Install pvclock(4)
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/11/23 05:37:40 Modified files: sys/arch/amd64/conf: GENERIC sys/arch/i386/conf: GENERIC sys/dev/pv : files.pv pvreg.h Added files: share/man/man4 : pvclock.4 sys/dev/pv : pvclock.c Log message: Add the pvclock(4) guest driver for paravirtual clocks This improves timekeeping on KVM guests as it runs much better than the virtualized acpihpet or acpitimer timecounters and the invtsc is not always available. Many thanks to Janne Johansson, landry@, and benno@ for testing amd64/i386. OK mlarkin@ phessler@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/11/22 10:31:11 Modified files: share/man/man4 : vxlan.4 Log message: Use em0 instead of vmx0 to clarify the parent interface example. Pointed out by Josh Grosse OK deraadt@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/11/21 05:31:47 Modified files: usr.sbin/vmd : config.c dhcp.c parse.y priv.c vm.conf.5 vmd.c vmd.h Log message: Add support for "local inet6" interfaces. ok & test ccardenas@, additional review from kn@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/11/21 02:50:19 Modified files: usr.sbin/rad : frontend.c rad.conf.5 Log message: Allow rad(8) to watch interface groups; e.g. "interface tap" in rad.conf. OK florian@, additional review from kn@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/11/20 02:06:08 Modified files: share/man/man4 : islrtc.4 pcfrtc.4 pcxrtc.4 Log message: Fix spelling of kettenis' email address "just fix" deraadt@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/11/16 12:45:40 Modified files: usr.sbin/rad : frontend.c Log message: Don't fatal if IPV6_LEAVE_GROUP fails. The underlying interface might have been destroyed or detached and rad(8) will just cope with that. OK florian@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/10/26 05:24:45 Modified files: usr.sbin/vmd : config.c Log message: I broke base images with my previous commit by missing a line. The disk path wasn't updated so vmd tried to open the derived disk image for each base over and over again. OK ori@ mlarkin@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/10/23 03:53:06 Modified files: sys/net: pf_norm.c Log message: Make pf compile without DIAGNOSTIC again OK bluhm@ kn@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/10/19 04:12:39 Modified files: usr.sbin/vmd : config.c vioqcow2.c virtio.c virtio.h vmd.h usr.sbin/vmctl : Makefile main.c vmctl.8 vmctl.c vmctl.h Log message: Add support to create and convert disk images from existing images The -i option to vmctl create (eg. vmctl create output.qcow2 -i input.img) lets you create a new image from an input file and convert it if it is a different format. This allows to convert qcow2 images from raw images, raw from qcow2, or even qcow2 from qcow2 and raw from raw to re-optimize the disk. This re-uses Ori's vioqcow2.c from vmd by reaching into it and compiling it in. The API has been adjust to be used from both vmctl and vmd accordingly. OK mlarkin@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/10/18 02:36:11 Modified files: usr.sbin/vmd : parse.y Log message: Use realpath(3) on the "boot" config option as well. This fixes code that detects if boot and the first disk are identical. OK mlarkin@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/10/15 04:35:41 Modified files: usr.sbin/vmd : config.c vmd.c vmd.h Log message: Prevent VM reboot loops by rate-limiting the interval a VM can reboot. This looping has been experienced by people who run VMs with a broken kernel or boot loader that trigger a very fast reboot loop (triple fault) of a VM that ends up using a lot of CPU and resources on the host. Some fixes in vmm(4) and vmd(8) helped to avoid such conditions but it can still occur if something is wrong in the guest VM itself. If the VM restarts after less than VM_START_RATE_SEC (6) seconds, we increment the limit counter. After VM_START_RATE_LIMIT (3) of suchs fast reboots the VM is stopped. There are only very few people who intentionally want to reboot-loop a VM very quickly (many times within a second); mostly for fuzzing. They will have to recompile and adjust the stated #defines in the code as we don't have a config option to disable it. OK mlarkin@
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: r...@cvs.openbsd.org2018/10/10 07:05:23 Modified files: . : 64.html Log message: ldap(1) has its debut in OpenBSD 6.4.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/10/10 05:46:59 Modified files: sys/netinet: ip_mroute.c sys/netinet6 : ip6_mroute.c ip6_var.h usr.sbin/snmpd : kroute.c Log message: RT_TABLEID_MAX is 255, fix places that assumed that it is less than 255. rtable 255 is a valid routing table or domain id that wasn't handled by the ip[6]_mroute code or by snmpd. The arrays in the ip[6]_mroute code where off by one and didn't allocate space for rtable 255; snmpd simply ignored rtable 255. All other places in the tree seem to handle RT_TABLEID_MAX correctly. OK florian@ benno@ henning@ deraadt@
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: r...@cvs.openbsd.org2018/10/08 13:46:26 Modified files: . : 64.html Log message: More about vmd/vmctl
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/10/08 10:32:01 Modified files: usr.sbin/vmd : config.c vioqcow2.c vioraw.c virtio.c virtio.h vm.c vmboot.c vmd.c vmd.h vmm.c usr.sbin/vmctl : main.c vmctl.8 vmctl.c vmctl.h regress/usr.sbin/vmd/diskfmt: Makefile vioscribble.c Log message: Add support for qcow2 base images (external snapshots). This works is from Ori Bernstein, committing on his behalf: Add support to vmd for external snapshots. That is, snapshots that are derived from a base image. Data lookups start in the derived image, and if the derived image does not contain some data, the search proceeds ot the base image. Multiple derived images may exist off of a single base image. A limitation of this format is that modifying the base image will corrupt the derived image. This change also adds support for creating disk derived disk images to vmctl. To use it: vmctl create derived.qcow2 -s 16G -b base.qcow2 >From Ori Bernstein OK mlarkin@ reyk@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/10/05 06:54:57 Modified files: usr.sbin/vmctl : main.c Log message: Setting getopt optreset to 1 needs an additional reset of optind to 1. OK millert@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/10/02 10:42:38 Modified files: usr.sbin/vmctl : vmctl.c Log message: Fix potential rounding errors when calculating the qcow2 l1 and ref tables sizes OK ccardenas@ mlarkin@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/10/01 11:34:56 Modified files: usr.sbin/vmd : vioqcow2.c Log message: Fix potential double-free in error path qc2_open() calls qc2_close() on error which already frees diskp. OK ccardenas@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/10/01 03:31:15 Modified files: usr.sbin/vmctl : main.c vmctl.8 vmctl.h usr.sbin/vmd : parse.y vioqcow2.c vm.conf.5 vmd.h Log message: Try to derive the qcow2 file format from an image file automatically. This makes the "-d qcow2:" and "format qcow" arguments optional as vmctl and vmd will read the magic bytes at the beginning of a file to guess if it is a raw or a qcow image file. The "vmctl create" command has been changed by removing the -f qcow2 option and replacing it with the same syntax as -d: "vmctl create qcow2:foo.img". In a slightly ununixy but intended way, the create command now also considers the file extension for the format as "vmctl create foo.qcow2" creates a qcow2 disk and not a raw image file. Ok mlarkin@ (and ccardenas@ on an earlier version of the diff)
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/09/28 06:35:32 Modified files: usr.sbin/vmd : vioqcow2.c vioraw.c virtio.c virtio.h vm.c vmboot.c vmd.h Log message: Support vmd-internal's vmboot with qcow2 disk images. OK mlarkin@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/09/28 02:29:06 Modified files: usr.sbin/vmd : vioqcow2.c Log message: Compress qcow2 open debug messages into a single line Please avoid tabs and excessive multi-line information with log_debug as it also goes to syslog. No functional change.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/09/28 02:23:43 Modified files: usr.sbin/vmd : vmd.c Log message: Fix copy-pasto to use maxmem instead of maxcpu Reported by Greg Steuck OK mlarkin@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/09/27 11:15:36 Modified files: etc/rc.d : vmd usr.sbin/vmctl : main.c vmctl.8 vmctl.c vmctl.h Log message: Add vmctl stop -a [-fw] option to stop or terminate all running VMs. This is also be used to simplify the vmd rc stop script. OK mlarkin@ ccardenas@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/09/19 05:28:02 Modified files: usr.sbin/relayd: ca.c relay.c Log message: Do not abort when the ca privenc runs into a timeout. OK claudio@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/08/29 01:50:16 Modified files: usr.bin/mg : def.h funmap.c line.c mg.1 Log message: Add set-case-replaced to toggle case-preserving replace on or off. By default, replacing "foo" with "bar" turns "FOO" into "BAR". With case-replace turned off, "FOO" will turn into "bar". OK florian@ tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/08/23 00:04:53 Modified files: usr.sbin/vmctl : vmctl.c Log message: Allow to boot CDROM-only VMs. Pointed out by Jon Williams OK mlarkin@ kn@ ccardenas@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/08/07 08:49:05 Modified files: usr.sbin/vmd : config.c Log message: Post-g2k18 fix: unbreak the optional vmd-internal vmboot loader. The new vm_checkaccess() call didn't account for the vmboot case. OK ccardenas@ mikeb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/08/07 05:28:29 Modified files: usr.sbin/vmd : config.c Log message: Fix paste error in "no read access to" debug message, tweak messages. Found by mikeb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/07/15 08:42:04 Modified files: usr.sbin/vmd : vioscsi.c Log message: Revert unrelated change to vioscsi.c (I had this in my tree to silence vioscsi.c log_debug, but Carlos already has a better diff for that)
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/07/15 08:36:54 Modified files: usr.sbin/vmd : config.c proc.h vioscsi.c vmd.c vmd.h Log message: Track resources and enforce cpu/memory/interface limits for non-root users. The limits are currently hard-coded and undocumented (4 CPUs/VMs, 2G memory, 8 interfaces) but will be configurable in an upcoming diff. These limits are tracked in total usage; for example, a user will be able to run up to 4 VMs with 512M of memory or a single VM with 2G. OK ccardenas@ mlarkin@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/07/13 04:26:57 Modified files: usr.sbin/vmd : config.c vmd.c vmd.h Log message: Check the disk/kernel/cdrom file permissions after openening the fd. This prevents time of TOCTOU attacks for instances. OK mlarkin@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/07/13 02:42:49 Modified files: usr.sbin/vmd : control.c parse.y vm.conf.5 vmd.c vmd.h vmm.c Log message: Add "allow instance" option. This allows users to create VM instances and change desired options, for example a user can be allowed to run a VM with all the pre-configured options but specify an own disk image. (mlarkin@ was fine with iterating over it) OK ccardenas@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/07/12 08:53:37 Modified files: usr.sbin/vmctl : main.c Log message: The vmctl start -I option was changed to -t. I committed the manpage but accidentally forgot the main.c part. OK ccardenas@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/07/12 06:04:49 Modified files: usr.sbin/vmd : parse.y vm.conf.5 vmd.c vmd.h vmm.c usr.sbin/vmctl : main.c vmctl.8 vmctl.c vmctl.h Log message: Allow to use configured/running VMs as templates for other VM instances. This introduces new grammar and the -t optional in vmctl start. (For now, only root can create VM instances; but it is planned to allow users to create their own VMs based on permissions and quota.) OK ccardenas@ mlarkin@ jmc@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/07/11 15:29:05 Modified files: usr.sbin/vmctl : vmctl.c Log message: check string lengths in vm_start
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/07/11 10:43:24 Modified files: usr.sbin/vmd : parse.y Log message: sort tokens
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/07/11 10:37:31 Modified files: usr.sbin/vmd : vmd.c Log message: style - indent each case statement in a switch.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/07/11 07:19:47 Modified files: etc/rc.d : vmd usr.sbin/vmd : config.c control.c vmd.c vmd.h vmm.c usr.sbin/vmctl : main.c vmctl.8 vmctl.c vmctl.h Log message: Add -w option to vmctl stop to wait for completion of VM termination. Use it in /etc/rc.d/vmd accordingly. OK sthen@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/07/11 04:31:45 Modified files: usr.sbin/vmd : vmd.c Log message: Rename function to vmd_check_vmh
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/07/11 03:35:44 Modified files: usr.sbin/vmctl : main.c vmctl.8 vmctl.c vmctl.h usr.sbin/vmd : control.c vmd.c vmd.h vmm.c Log message: Add -f option to vmctl stop to forcefully kill a VM. This also fixes a bug in vmm_sighdlr where it might have missed forwarding the TERMINATE_EVENT to the vmd parent after a VM child died, leading to an abandoned VM in the vmd parent process. OK ccardenas@ mlarkin@ benno@ kn@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/07/10 15:12:20 Modified files: usr.sbin/vmd : vmd.c Log message: style (single-line ifs don't need braces)
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/07/10 14:52:51 Modified files: usr.sbin/vmd : vmm.c Log message: Return the VM pid to the vmd parent. This pid field already existed in the result but wasn't filled in by the vmm process. No functional change.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/07/10 14:46:50 Modified files: usr.sbin/vmd : control.c Log message: Remove a debug message
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/07/10 14:43:15 Modified files: usr.sbin/vmd : pci.c vioscsi.c vmd.c vmd.h vmm.c Log message: vmd already had DEBUG/DPRINTF, there is no need for VMD_DEBUG/dprintf Replace all occurences of dprintf with DPRINTF (defined in proc.h).
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/07/10 10:15:51 Modified files: usr.sbin/vmd : config.c vmd.c vmd.h vmm.c Log message: Tweak debug log messages - Turn tracing messages into DPRINTF (only compiled with DEBUG). - Pass __func__ to vm_stop and vm_remove: this way we can track who called the function in the async context. It replaces the manual log_debug in front of each vm_stop/vm_remove. This debug logging trick can be removed in the future once we are more confident about it. OK ccardenas@ mlarkin@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/06/26 04:00:08 Modified files: usr.sbin/vmd : control.c parse.y proc.h vm.conf.5 vmd.c vmd.h Log message: Add "socket owner" to allow changing the owner of the vmd control socket. This allows to open vmctl control or console access to other users that are not in group wheel. Access for non-root users still defaults to read-only actions unless you change the owner (user/group) of each individual VM. Requested by Mischa Peters OK mlarkin@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/06/26 03:47:20 Modified files: usr.bin/ldap : ldap.1 ldapclient.c Log message: Allow to read the password from a file with -y Pointed out by Tim Chase OK rob@ gsoares@ jmc@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/06/21 04:37:00 Modified files: usr.sbin/ypldap: aldap.c aldap.h Log message: Sync aldap from ldap(1). This also fixes the _url functions that was previously #ifdef'ed out. OK claudio@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/06/21 02:27:35 Modified files: usr.bin/ldap : aldap.c Log message: Fix DEBUG message
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/06/20 10:43:05 Modified files: usr.sbin/httpd : config.c httpd.conf.5 httpd.h parse.y server_http.c Log message: Add support for simple one-off internal rewrites. For example: location match "/page/(%d+)/.*" { request rewrite "/static/index.php?id=%1&$QUERY_STRING" } Requested by many. Ok benno@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/06/20 03:20:51 Modified files: usr.sbin/snmpd : mib.h Log message: Add bsws and arcaTrust PENs
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/06/19 12:15:01 Modified files: usr.sbin/vmd : config.c Log message: print process name in debug message
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/06/19 11:13:50 Modified files: usr.sbin/vmctl : vmctl.c Log message: knf
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/06/19 11:12:34 Modified files: usr.sbin/vmd : config.c i8253.c i8259.c ns8250.c parse.y pci.c task.c vioscsi.c virtio.c vm.c vmd.c Log message: knf
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/06/19 08:01:16 Modified files: usr.bin: Makefile Log message: Enable ldap(1) in the build. OK deraadt@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/06/15 11:17:40 Modified files: usr.sbin/httpd : httpd.conf.5 Log message: Something went wrong - the strip option was documented twice. Found by Mischa Peters, thanks
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/06/15 06:36:05 Modified files: usr.sbin/httpd : server_file.c server_http.c Log message: Fix 304 Not Modified response: don't send a body, use the correct MIME type. Reported by Hidvegi Gabor gaborca websivision hu Fix found by anton@ OK anton@
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: r...@cvs.openbsd.org2018/06/13 12:24:24 Modified files: faq: current.html Log message: duplicate label r20180613 (bgpd, httpd), rename the 2nd to r20180613b
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/06/13 09:51:08 Modified files: usr.bin/ldap : ldap.1 Log message: Update AuthorizedKeysCommand example: only match ^sshPublicKey: lines.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/06/13 09:45:58 Log message: Import ldap(1), a simple ldap search client. We have an ldapd(8) server and ypldap in base, so it makes sense to have a simple LDAP client without depending on the OpenLDAP package. This tool can be used in an ssh(1) AuthorizedKeysCommand script. With feedback from many including millert@ schwarze@ gilles@ dlg@ jsing@ OK deraadt@ Status: Vendor Tag: reyk Release Tags: ldap_20180613 N src/usr.bin/ldap/Makefile N src/usr.bin/ldap/aldap.c N src/usr.bin/ldap/aldap.h N src/usr.bin/ldap/ber.c N src/usr.bin/ldap/ber.h N src/usr.bin/ldap/ldap.1 N src/usr.bin/ldap/ldapclient.c N src/usr.bin/ldap/log.c N src/usr.bin/ldap/log.h No conflicts created by this import
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: r...@cvs.openbsd.org2018/06/13 09:11:22 Modified files: faq: current.html Log message: httpd.conf(5) grammar changed: 'root strip' is now 'request strip'. OK claudio@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/06/13 09:08:24 Modified files: etc/examples : httpd.conf usr.sbin/acme-client: acme-client.1 acme-client.conf.5 regress/usr.sbin/acme-client: httpd.conf usr.sbin/httpd : httpd.conf.5 parse.y Log message: Rename httpd.conf "root strip" option to "request strip". "root strip" was semantically incorrect and did cause some confusion as it never stripped the root but the client's request path. Discussed with many. Heads up: this is a grammar change that also affects acme-client(1) configurations (see current.html). OK claudio@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/06/13 09:02:09 Modified files: libexec/login_passwd: common.h login.c login_passwd.c Log message: Call pledge(2) earlier before opening the auth channel and readpassphrase() Before this change, only the password validation was pledged, now it also includes some more code including the "Password:" prompt. To pledge the code earlier, the getpwnam_shadow() had to be moved up - it works under "getpw" but it does not return the actual password hash under pledge. This also works with yp(ldap). OK deraadt@ tb@ brynet@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/06/13 08:54:42 Modified files: libexec/login_passwd: Makefile common.h login.c Log message: Remove #ifdef PASSWD, it was always enabled and is a leftover from krb5 days. No other uses of -DPASSWD were found in the tree. OK deraadt@ tb@ brynet@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/06/11 06:12:51 Modified files: usr.sbin/httpd : httpd.conf.5 server_http.c Log message: The http_query is already url_encoded; don't encode it twice. This fixes a bug in the macros and log file handler that double-encoded the query. This does not change FCGI as it was already handling the query correctly. Additional verification of the QUERY_STRING should be implemented as well. OK claudio@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/05/23 13:02:50 Modified files: usr.sbin/httpd : httpd.conf.5 Log message: Forgot to revert another "port 80" Pointed out by jmc@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/05/23 08:49:08 Modified files: sys/tmpfs : tmpfs_vnops.c Log message: Fix build without DIAGNOSTIC, ok mikeb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/05/18 09:20:46 Modified files: usr.sbin/httpd : parse.y Log message: Move LISTEN ON {} code into a function listen_on(). No functional change, but it makes it easier to deal with the grammar.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/05/18 09:04:07 Modified files: usr.sbin/httpd : httpd.conf.5 Log message: Revert manpage description as well
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/05/18 08:24:26 Modified files: usr.sbin/httpd : httpd.conf.5 parse.y Log message: Revert previous: it introduced a shift/reduce conflict in the grammar.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/05/18 08:07:46 Modified files: usr.sbin/httpd : httpd.conf.5 parse.y Log message: Allow to omit the listen port configuration. Default to port 80, tls port 443. OK florian@ jmc@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/05/18 06:36:30 Modified files: usr.sbin/ldapd : ldapd.conf.5 parse.y search.c Log message: Add support for attribute filter rules on search/read operations. OK jmatthew@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/05/16 07:19:00 Modified files: sys/netinet: ip_ipsp.c ip_spd.c sys/net: pfkeyv2.c Log message: Fix kernel builds without IPSEC. OK mikeb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/05/16 04:08:47 Modified files: usr.sbin/ldapd : search.c Log message: Fix the client search request time and size limits. ldapd failed when the specified limits were reached instead of exceeded. This fixes search queries that define such a limit, for example with "ldapsearch -z 1". Thanks to Christophe Simon for the bug report, analysis, and fix! OK jmatthew@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: r...@cvs.openbsd.org2018/05/15 09:54:51 Modified files: usr.sbin/snmpd : snmpd.conf.5 Log message: The snmpd.conf file is divided into four (not three) main sections. >From Steve Arntzen