openbsd - A mirror of https://github.com/libressl/openbsd.git

	Commit message (Collapse)	Author	Files	Lines
2011-05-01	Pull in <string.h> for memset()	guenther	1	-1/+2

2011-05-01	Make the regress setup not assume the umask is 022	guenther	1	-3/+3

2011-04-30	Now that we use an array of u_short for the chunk bitmap change a few	otto	1	-5/+5
	1UL to 1U.
2011-04-30	More efficient scanning for free chunks while not losing any randomization;	otto	1	-21/+25
	thanks to all testers.
2011-04-29	uncomment fwprintf and wprintf tests	stsp	1	-4/+4

2011-04-27	Tweak the description of the optional parts around =. Found this in my	otto	1	-5/+7
	tree, no idea where it came from; ok millert@ jmc@
2011-04-24	Regression test for floating point format directives in wprintf.	stsp	2	-0/+223
	ok kettenis espie
2011-04-19	Fix spacing nit.	matthew	1	-3/+3
	ok jmc@
2011-04-05	Add AI_FQDN flag to getaddrinfo(3). Prompted by discussions with djm@	matthew	2	-22/+46
	about cert checking in OpenSSH. Man page wording tweaks thanks to jmc@. ok henning@, jmc@; positive feedback from djm@, ajacoutat@ Committing now to reuse guenther@'s libc minor bump instead of cranking it again, as suggested by deraadt@.
2011-04-04	Add a wcswidth man page (based on FreeBSD), and fix the implementation	stsp	3	-5/+68
	to return -1 in case of an unprintable character. ok nicm jmc
2011-03-25	back out previous commit.	beck	1	-665/+0
	"if you have checked this I am ok with it" does not mean 1) not to pay attention to breaking news after I tell you that and 2) not to get ok's from the others this had been shown to. I am absolutely not ok with thig going in with only my ok. There's a reason why we want more than one ok on important commits ok deraadt@ for the backout
2011-03-25	Add the following certs:	dhill	1	-0/+665
	DigiCert High Assurance CA-3 Go Daddy Secure Certification Authority COMODO High-Assurance Secure Server CA Equifax Secure Certificate Authority VeriSign Class 3 Public Primary Certification Authority - G5 Entrust Certification Authority - L1C Entrust.net Secure Server Certification Authority cross checked with mozilla ok beck@
2011-03-24	This script doesn't need write access to $curdir. Just check existence.	matthieu	1	-3/+3
	Fixes build on NFS src with no root access. ok jasper@
2011-03-21	tweak for clarity, ok millert@, jmc@	espie	1	-4/+4

2011-03-13	add a regress test for the vis and unvis functions. after finding one	deraadt	1	-4/+90
	bug, this then found a 2nd bug.. worked on with guenther
2011-03-06	wrong type for variable; spotted by christian.siebert@cs.tu-chemnitz.de	deraadt	1	-3/+3
	ok guenther
2011-03-05	Fix PR 6267: recheck POSIXLY_CORRECT each time getopt_long() starts a new	guenther	3	-44/+16
	argv and don't suppress the handling of leading '-' in optstring when POSIXLY_CORRECT is set. Based on patch from Eric Blake. ok and manpage update from millert@, manpage ok jmc@
2011-03-03	Remove expired certs.	dhill	1	-174/+0
	ok beck@ fgsch@
2011-03-02	Fix __cxa_finalize() so that calling __cxa_finalize(NULL) properly	matthew	1	-2/+2
	invokes handlers registered with __cxa_atexit(). "seems right" deraadt@
2011-02-12	fix from pr 6207. a bit more of an explanation: we write the correct	okan	1	-4/+18
	number of bits when connecting via a SOCKS 5 proxy over ipv6, but we also need to read the same number depending on the received address type. this issue is not noticeable with ssh's SOCKS 5 support since it always set the address type as ipv4. this fixes connections via SOCKS 5 proxies which set their address type as ipv6 when using ipv6. after review with, and ok, nicm@
2011-02-10	fix for CVE-2011-0014 "OCSP stapling vulnerability";	djm	2	-2/+14
	ok markus@ jasper@ miod@ AFAIK nothing in base uses this, though apache2 from ports may be affected.
2011-01-25	Put -I${includedir} back into Cflags so configure script tests like	naddy	1	-4/+8
	test -n "`pkg-config --cflags openssl`" don't assume that OpenSSL isn't available. ok miod@, sthen@, ajacoutot@, djm@
2011-01-24	Correctly escape a literal colon in an enclosure;	schwarze	1	-3/+3
	the \: roff escape is an optional line break.
2011-01-21	- simplify, krb5 handling is not needed.	jasper	2	-27/+8
	prompted by brad
2011-01-20	a a -> a	lum	1	-3/+3
	ok jmc@
2011-01-14	superceded -> superseded;	jmc	1	-3/+3

2011-01-09	Minor tweaks to nc(1) man page and usage.	jeremy	2	-16/+23
	OK jmc@, nicm@, tedu@
2011-01-08	Enable unix datagram support by treating ENOBUFS like EAGAIN.	jeremy	1	-2/+2
	Separate commit requested by deraadt@. OK nicm@
2011-01-08	Support unix domain sockets in nc(1) with -Uu.	jeremy	2	-25/+83
	Previously, using -U with -u was an error that was not documented in the man page. Now it will use a unix socket in datagram mode. Bidirectional unix datagram communication requires a socket at both ends, so in client mode (without -l), a temporary socket is created so that responses from the server can be received. If -s is specified with -U and -u, it specifies the location of the temporary socket to create. This was mostly written way back in 2007. Since then, various improvements implemented based on suggestions from guenther@, tedu@, and nicm@. Man page help from nicm@ and jmc@. Unix datagram support requires a small change to atomicio.c in order to function correctly, this will be committed separately shortly. OK nicm@
2011-01-07	Remove an extraneous return statement with the wrong return value.	millert	1	-8/+6
	Fix some gcc warnings.
2011-01-03	- adjust krb5 directories	jasper	1	-8/+5
	- zap a trailing tab
2010-12-28	- ensure ${DESTDIR}/usr/lib/pkgconfig/ as running make distrib-dirs is not	jasper	1	-2/+3
	common/encouraged practice
2010-12-28	- generate and install pkg-config files for openssl, which more and more	jasper	2	-1/+122
	projects depend on being present (e.g. various ports). as discussed with various porters in a hungarian spa help/feedback from ingo@ and also OK halex@ no objections from djm@
2010-12-22	remove comment that hasn't been true for quite a while now;	otto	1	-6/+1
	ok deraadt@ djm@
2010-12-16	avoid pointer arithmetic on void *	dhill	1	-5/+5
	tested for a while by me. ok otto@
2010-12-16	move CRYPTO_VIAC3_MAX out of cryptodev.h and into the only	jsg	2	-0/+4
	file it will be used from. requested by/ok mikeb@
2010-12-16	The VIA ciphers are added to an array of CRYPTO_ALGORITHM_MAX length	jsg	2	-4/+4
	which should have been declared as CRYPTO_ALGORITHM_MAX + 1, fix this and reserve enough space for the VIA additions as well. ok/comments from mikeb & deraadt
2010-12-15	Security fix for CVE-2010-4180 as mentioned in ↵	jasper	4	-0/+16
	http://www.openssl.org/news/secadv_20101202.txt. where clients could modify the stored session cache ciphersuite and in some cases even downgrade the suite to weaker ones. This code is not enabled by default. ok djm@
2010-12-12	overriden -> overridden;	jmc	1	-4/+4

2010-11-30	involes -> involves; from Carlos Alberto Pereira Gomes	jmc	1	-1/+1

2010-11-17	- Apply security fix for CVE-2010-3864 (+commit 19998 which fixes the fix).	jasper	2	-36/+84
	ok djm@ deraadt@
2010-10-28	remove skipjack and cast from the libc; ok deraadt	mikeb	3	-1053/+2

2010-10-21	print the pointer value that caused the error (if available); ok	otto	1	-47/+54
	deraadt@ nicm@ (on an earlier version)
2010-10-18	Disable use of dladdr() on a.out arches, they do not provide it (yet); ok djm@	miod	2	-2/+2

2010-10-17	various tweaks for consistency;	jmc	1	-92/+62

2010-10-15	use standard list width;	jmc	1	-29/+29

2010-10-15	nicer formatting for the various synopses;	jmc	1	-276/+344

2010-10-15	document "openssl ts";	jmc	1	-4/+629

2010-10-14	probabalistic -> probabilistic; from naddy	jmc	1	-2/+2

2010-10-14	for openssl prime, note that results are probabalistic; from djm	jmc	1	-2/+5