| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Userland code compiled in a normal fashion picks up the htonl(),
htons(), ntohl(), ntohs() macros implemented by endian.h. The
functions in libc are effectively unused. Keep the MI functions
in case something looks for the symbols in libc or plays games
with #undef, but change them to wrap the implementation from
endian.h.
tweaks suggested by claudio@, ok miod@
|
|
|
|
| |
ok deraadt@ jmc@
|
| |
|
|
|
|
| |
Originally from djm@. OK deraadt@ florian@ bluhm@
|
|
|
|
|
| |
any changes not taken noted on tech, but chiefly here i did not take the
cancelation - cancellation changes;
|
|
|
|
|
|
|
| |
uppercase.
While here use the correct idiom of casting to unsigned char.
OK millert, farewell to ultrix deraadt
|
|
|
|
|
|
| |
from josiah frentsos, tweaked by schwarze
ok schwarze
|
| |
|
|
|
|
|
|
|
| |
Use a temporary variable to store the number of bytes to be copied
(size_t) and also use it as the memcpy(3) length. Previously we
copied "size" bytes instead of just the necessary number.
OK claudio@ tb@
|
|
|
|
|
|
|
| |
jmc@ dislikes a comma before "then" in a conditional, so leave those
untouched.
ok jmc@
|
|
|
|
| |
ok jmc@ schwarze@
|
| |
|
|
|
|
| |
ok florian@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
libc can't do DNSSEC validation but it can ask a "security-aware"
resolver to do so. Let's send queries with the AD flag set when
appropriate, and let applications look at the AD flag in responses in
a safe way, ie clear the AD flag if the resolvers aren't trusted.
By default we only trust resolvers if resolv.conf(5) only lists name
servers on localhost - the obvious candidates being unwind(8) and
unbound(8). For non-localhost resolvers, an admin who trusts *all the
name servers* listed in resolv.conf(5) *and the network path leading to
them* can annotate this with "options trust-ad".
AD flag processing gives ssh -o VerifyHostkeyDNS=Yes a chance to fetch
SSHFP records in a secure manner, and tightens the situation for other
applications, eg those using RES_USE_DNSSEC for DANE. It should be
noted that postfix currently assumes trusted name servers by default and
forces RES_TRUSTAD if available.
RES_TRUSTAD and "options trust-ad" were first introduced in glibc by
Florian Weimer. Florian Obser (florian@) contributed various
improvements, fixed a bug and added automatic trust for name servers on
localhost.
ok florian@ phessler@
|
|
|
|
| |
Dunno why this ended up here, cvs is always full of surprises.
|
|
|
|
|
|
| |
Apparently spotted by mortimer@ while working on clang 13 and amd64.
No actual change on sparc64 as this architecture still uses ld.bfd.
ok kettenis@
|
|
|
|
| |
ok mpi@ deraadt@
|
|
|
|
| |
removed and the former is still needed, as pointed out by kettenis
|
| |
|
|
|
|
|
|
|
|
|
| |
portability annoyance since not all systems have u_char. Remove
the now unused includes sys/types.h and stdio.h.
u_char diff from Jonas Termansen
ok deraadt
|
| |
|
|
|
|
|
| |
to the list. While here remove some of the headers from inet_net_ntop(3)
for balance.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
too small in the AF_INET6 case.
Spotted by Brad House (brad AT brad-house.com) with the c-ares
regression test.
The man page says
Caution: The dst field should be zeroed before calling inet_net_pton() as
the function will only fill the number of bytes necessary to encode the
network number in network byte order.
Which seems to suggest that the function should work if the passed in
storage is big enough to hold the prefix, which might be smaller than
sizeof(in6_addr).
Input & OK tb
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This diff exposes parts of clock_gettime(2) and gettimeofday(2) to
userland via libc eliberating processes from the need for a context
switch everytime they want to count the passage of time.
If a timecounter clock can be exposed to userland than it needs to set
its tc_user member to a non-zero value. Tested with one or multiple
counters per architecture.
The timing data is shared through a pointer found in the new ELF
auxiliary vector AUX_openbsd_timekeep containing timehands information
that is frequently updated by the kernel.
Timing differences between the last kernel update and the current time
are adjusted in userland by the tc_get_timecount() function inside the
MD usertc.c file.
This permits a much more responsive environment, quite visible in
browsers, office programs and gaming (apparently one is are able to fly
in Minecraft now).
Tested by robert@, sthen@, naddy@, kmos@, phessler@, and many others!
OK from at least kettenis@, cheloha@, naddy@, sthen@
|
|
|
|
| |
Suggested by Evan Silberman, confirmed by jmc@
|
|
|
|
| |
Suggested by eric@, input from deraadt@, ok deraadt@ eric@
|
|
|
|
|
|
|
|
|
|
| |
The previous wording implied this option does nothing, which is wrong.
This option does affect the way gethostbyname(3) works on OpenBSD
(return IPv6 addresses if available). On some systems, it also
introduces IPv4-mapped IPv6 addresses, a "feature" that we don't
support.
ok deraadt@ eric@
|
|
|
|
| |
ok tedu
|
| |
|
| |
|
|
|
|
|
| |
and correct Xr.
ok jmc
|
| |
|
|
|
|
|
|
| |
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.
|
|
|
|
|
| |
-1 to mark failure, not arbitrary values < 0. I believe manual pages
should follow the described contract precisely and accurately.
|
|
|
|
|
| |
jmc@ noticed that the text wasn't completely clear;
OK jmc@
|
| |
|
| |
|
|
|
|
|
| |
Checking Disabled flag. Introduce a RES flag to do so. ok krw@
deraadt@ eric@
|
|
|
|
|
|
|
|
| |
effectively use pledge(2) in some programs.
approval from many, thanks!
idea by & ok deraadt@
|
|
|
|
| |
ok benno
|
| |
|
| |
|
|
|
|
|
|
| |
and reference gethostby*(3) and /etc/hosts instead.
Say that setnetent(3), getnetent(3), and endnetent(3) now do nothing.
With feedback from guenther and significant help from deraadt@.
|
|
|
|
|
|
| |
While here, stop implying plans to support additional address
families in the future, and do not call gethostbyname2(3) "advanced".
OK deraadt@ guenther@
|
|
|
|
|
|
| |
getnetent(3), and endnetent(3) do nothing, just like sethostent(3),
gethostent(3), and endhostent(3) years ago.
OK deraadt@ guenther@
|
| |
|
|
|
|
|
| |
POSIX functions) and turn the weird DIAGNOSTICS section into a normal
RETURN VALUES section while here.
|