summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* MFC:OPENBSD_4_8djm2011-02-111-1/+7
| | | | | | | | | | | ---------------------------- revision 1.8 date: 2011/02/10 22:40:27; author: djm; state: Exp; lines: +7 -1 fix for CVE-2011-0014 "OCSP stapling vulnerability"; ok markus@ jasper@ miod@ AFAIK nothing in base uses this, though apache2 from ports may be affected. ----------------------------
* Security fix for CVE-2010-4180 as mentioned in ↵jasper2010-12-152-0/+8
| | | | | | | | | | | http://www.openssl.org/news/secadv_20101202.txt. where clients could modify the stored session cache ciphersuite and in some cases even downgrade the suite to weaker ones. This code is not enabled by default. ok djm@
* - Apply security fix for CVE-2010-3864.jasper2010-11-171-4/+14
| | | | ok djm@ deraadt@
* This commit was manufactured by cvs2git to create branch 'OPENBSD_4_8'.cvs2svn2010-07-28830-254159/+0
|
* Sync hcreate(3) with NetBSD, adding some caveats.ray2010-07-281-12/+67
| | | | OK jmc
* echo behaves differently in sh and csh, only handling C-style escapesguenther2010-07-251-3/+3
| | | | | | in the former, so switch an example that needs them to use printf instead. From bcr at freebsd.org. ok halex@
* getopt_long.c replaced getopt.c 6+ years ago; we can retireblambert2010-07-221-7/+1
| | | | | | the REPLACE_GETOPT macro, at long last ok millert@
* Document new unsetenv() error returns.naddy2010-07-061-2/+8
| | | | From Nicolas Legrand <nlegrand@ethelred.fr>; ok jmc@
* Fix the naming of interfaces and variables for rdomains and rtablesguenther2010-07-032-19/+19
| | | | | | | | | | | | and make it possible to bind sockets (including listening sockets!) to rtables and not just rdomains. This changes the name of the system calls, socket option, and ioctl. After building with this you should remove the files /usr/share/man/cat2/[gs]etrdomain.0. Since this removes the existing [gs]etrdomain() system calls, the libc major is bumped. Written by claudio@, criticized^Wcritiqued by me
* getpeereid() can now be a library routine using getsockopt() withderaadt2010-07-013-3/+158
| | | | | | | SOL_SOCKET and SO_PEERCRED, only issue being that it cannot return EFAULT for a page fault. The kernel code will soon be put into compat, and then in 10 years or so tedu will delete it. ok guenther millert
* oops. Missed this from my aes-ni commit.thib2010-07-011-3/+4
|
* AES-NI engine support for OpenSSL.thib2010-07-0120-6/+3322
| | | | | | | | | | This is code mostly picked up from upstream OpenSSL, or to be more exact a diff from David Woodhouse <dwmw2 at infradead dot org>. Remember to make includes before doing a build! no objections from djm@ OK deraadt@, reyk@ (AES is about 4.25x faster on his x201 now)
* use a union to align the dns answer buffer until gcc4 is fixedderaadt2010-06-291-5/+8
|
* Correct the target nameguenther2010-06-291-2/+2
|
* use a union to align the dns answer buffer until gcc4 is fixedderaadt2010-06-291-5/+8
|
* Make unsetenv(NULL) and unsetenv("") give EINVAL, per POSIX. ok deraadt@naddy2010-06-291-1/+5
|
* VIA xcrypt for amd64, simpler version of a diff from deraadtjsg2010-06-292-12/+38
| | | | | | | | | with suggestions from miod. The codepath doesn't seem to be called yet, this will be investigated later. looks good miod@, ok deraadt@
* Add the extendedKeyUsage flags serverAuth and clientAuth. Newer Windowsreyk2010-06-261-0/+3
| | | | | | | | version require these flags to accept the X.509 certificates from the gateway or client; I just add both flags to make it work in both cases and verified it with win7, for example when authenticating against iked. go ahead beck@
* Avoid using and end pointer since strnlen(string, -1) is legalmillert2010-06-021-4/+3
| | | | | and would otherwise result in overflowing the end pointer and cause strnlen() to return 0. OK sthen@
* strnlen regression testsmillert2010-06-022-0/+74
|
* oops - forgot to check for trailing whitespace;jmc2010-05-261-2/+2
|
* reword the 'D' dump bit to make it clear that the malloc.out file needsthib2010-05-261-4/+5
| | | | | | | to exist before exit for malloc to dump stats in it. tweaks from jmc@ ok otto@,jmc@
* Add HISTORY section, mostly for strnlen() but include strlen() formillert2010-05-241-2/+11
| | | | completeness (verified).
* remove unused variable.chl2010-05-211-2/+1
| | | | ok millert@ tedu@
* tweak previous;jmc2010-05-193-15/+13
|
* add posix_madvise, posix_memalign, strndup, and strnlen. mostly fromtedu2010-05-189-17/+270
| | | | | brad and millert, with hints from guenther, jmc, and otto I think. ok previous.
* Switch to using COMPILER_VERSION instead of USE_GCC3, allows for more flexibledrahn2010-05-101-3/+2
| | | | | | complier picking, eg supporting gcc2, gcc3, and gcc4. based on diff by Marco, with fixes from espie@. ok espie@ general mumbling of approval of others.
* * add #includes to pull in missing prototypes, as pointed out by gcc4naddy2010-05-088-7/+9
| | | | | | * fix CFLAGS syntax for make depend ok blambert@
* Do not return success when the IPv6 address has a :: and 8 hex sections.claudio2010-05-061-3/+4
| | | | | | ::1:2:3:4:5:6:7:8 for example. PR 6277, fix by Jun KAWAI (kwj at vlax net) OK henning, gilles, jsing (who also reminded me to remove the now wrong comment about superfluous ::)
* When running in pic mode we don't have enough general registers for alljsg2010-05-032-2/+2
| | | | | | | | | | | | the xcrypt inputs, hence the dance which is done to make this work. The constraint for the key however was "mr" which is both from memory and from a general register, it seems gcc3 went with the former and gcc4 went with the later in the pic case, so change the constraint for the key to just "m" which gives us more efficient code that both gcc3 and gcc4 are happy with. ok kettenis@
* The openssl command line tool treats the non-null terminated bufferderaadt2010-04-201-1/+1
| | | | | | | "mbuf" as a C string when using the pop3 s_client feature. This causes a segmentation fault with malloc.conf option "J" set when BIO_printf() runs off the end of the buffer. The following patch fixes PR 6282 from Matthew Haub (asked to submit upstream), ok djm
* Bump the default buffer sizes to be larger than default MTUs, from Jannicm2010-04-201-5/+5
| | | | | | Zeleny. ok djm
* Allocate the port number properly (don't allocate space then ignore it),nicm2010-04-202-12/+11
| | | | | | and use %zu for size_t. ok djm
* Security fix for CVE-2010-0740jasper2010-04-142-6/+8
| | | | | | | | | "In TLS connections, certain incorrectly formatted records can cause an OpenSSL client or server to crash due to a read attempt at NULL." http://openssl.org/news/secadv_20100324.txt ok deraadt@ djm@ sthen@
* - nuke some unneeded Pp; from kristapsjmc2010-04-071-6/+3
| | | | - small tweak while here
* Build all manual pages in base with mandoc(1) instead of groff,schwarze2010-04-031-3/+3
| | | | | | excepting the tbl(1) pages, which are less than twenty. "commit the diff that enables it, now" deraadt@
* WARNINGS -> CAVEATS, and a little neccessary cleanup;jmc2010-04-012-24/+24
|
* Modify example not to use an assignment in the if statement. We shouldn'tkettenis2010-03-241-3/+4
| | | | | | teach people bad habits! ok krw@, jmc@, dlg@, thib@
* It's unsetenv() that doesn't like `=' in the argument, not putenv().kili2010-03-101-3/+3
| | | | ok millert@
* cherrypick patch from OpenSSL 0.9.8m:djm2010-03-047-14/+20
| | | | | *) Always check bn_wexpend() return values for failure. (CVE-2009-3245) [Martin Olsson, Neel Mehta]
* Fix the atelnet() function, which was wrong in several ways.nicm2010-02-271-13/+13
| | | | | | Pointed out by obsd at happyjack.org, fix based on a diff from kili@. ok deraadt
* Fix the worst among the fatal block-nesting issues we have in our tree,schwarze2010-02-231-4/+4
| | | | | | | | | | | | in the end simply changing Oo Xo Oo Oc Oc Xc to Oo Xo Oo Oc Xc Oc. I tried five different variants without the Xo/Xc, because there is no real reason why Xo/Xc should be needed here, and two additional variants with Xo/Xc that look more pretty than what i'm now committing. All seven alternatives work both with mandoc and groff 1.20.1, but all seven trigger various different bugs in our old groff, and we still need to remain compatible with our old groff right now. ok jmc@ sobrado@
* Our groff does not handle all cases of nested displays properly, soschwarze2010-02-181-6/+6
| | | | | | | | resolve the contradiction in the manual whether it's allowed or not in favour of "not allowed" for now, shelving my diff to support nested displays in mandoc(1) for later consideration. Found by and unbreaking the build with mandoc(1). Feedback and OK jmc@
* Sync with current state of the tree.miod2010-02-141-2/+2
|
* Test mkstemps() tooguenther2010-02-111-26/+87
|
* Add a regression suite for mkstemp(), verifying that it neither overrunsguenther2010-02-113-2/+116
| | | | | | no underruns the supplied template buffer, that it can generate names that don't contain any X's, and that all open() calls that pass O_CREAT also pass O_EXCL
* Use size_t in appropriate places; fixes sorting of big arrays;otto2010-02-081-9/+10
| | | | | after the diff was written, I made it similar to the freebsd fix of the same code; pr6287 ok millert@ guenther@
* use size_t to index arrays; avoids big array bugs; ok millert@ guenther@otto2010-02-081-1/+1
|
* Use MACHINE_CPU instead of MACHINE_ARCH to pick the correct machine dependentmiod2010-02-035-23/+25
| | | | | | | files or directories when applicable. The inspiration and name of MACHINE_CPU come from NetBSD, although the way to provide it to Makefiles is completely different. ok kettenis@
* add a fix from OpenSSL CVS for SA38200.jasper2010-01-312-20/+14
| | | | | | | | "Modify compression code so it avoids using ex_data free functions. This stops applications that call CRYPTO_free_all_ex_data() prematurely leaking memory." looks ok to markus@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-15 21:32:38 +0000