summaryrefslogtreecommitdiff
path: root/src/lib (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* | | | The openssl command line tool treats the non-null terminated bufferderaadt2010-04-201-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | "mbuf" as a C string when using the pop3 s_client feature. This causes a segmentation fault with malloc.conf option "J" set when BIO_printf() runs off the end of the buffer. The following patch fixes PR 6282 from Matthew Haub (asked to submit upstream), ok djm
* | | | Security fix for CVE-2010-0740jasper2010-04-142-6/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | "In TLS connections, certain incorrectly formatted records can cause an OpenSSL client or server to crash due to a read attempt at NULL." http://openssl.org/news/secadv_20100324.txt ok deraadt@ djm@ sthen@
* | | | - nuke some unneeded Pp; from kristapsjmc2010-04-071-6/+3
| | | | | | | | | | | | | | | | - small tweak while here
* | | | Build all manual pages in base with mandoc(1) instead of groff,schwarze2010-04-031-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | excepting the tbl(1) pages, which are less than twenty. "commit the diff that enables it, now" deraadt@
* | | | WARNINGS -> CAVEATS, and a little neccessary cleanup;jmc2010-04-012-24/+24
| | | |
* | | | Modify example not to use an assignment in the if statement. We shouldn'tkettenis2010-03-241-3/+4
| | | | | | | | | | | | | | | | | | | | | | | | teach people bad habits! ok krw@, jmc@, dlg@, thib@
* | | | It's unsetenv() that doesn't like `=' in the argument, not putenv().kili2010-03-101-3/+3
| | | | | | | | | | | | | | | | ok millert@
* | | | cherrypick patch from OpenSSL 0.9.8m:djm2010-03-047-14/+20
| | | | | | | | | | | | | | | | | | | | *) Always check bn_wexpend() return values for failure. (CVE-2009-3245) [Martin Olsson, Neel Mehta]
* | | | Use size_t in appropriate places; fixes sorting of big arrays;otto2010-02-081-9/+10
| | | | | | | | | | | | | | | | | | | | after the diff was written, I made it similar to the freebsd fix of the same code; pr6287 ok millert@ guenther@
* | | | use size_t to index arrays; avoids big array bugs; ok millert@ guenther@otto2010-02-081-1/+1
| | | |
* | | | Use MACHINE_CPU instead of MACHINE_ARCH to pick the correct machine dependentmiod2010-02-035-23/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | files or directories when applicable. The inspiration and name of MACHINE_CPU come from NetBSD, although the way to provide it to Makefiles is completely different. ok kettenis@
* | | | add a fix from OpenSSL CVS for SA38200.jasper2010-01-312-20/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | "Modify compression code so it avoids using ex_data free functions. This stops applications that call CRYPTO_free_all_ex_data() prematurely leaking memory." looks ok to markus@
* | | | stucture -> structure;jmc2010-01-251-3/+3
| | | |
* | | | New options 'S', as a shorthand for the options most suitable as anotto2010-01-132-3/+9
| | | | | | | | | | | | | | | | extra safeguard (FGJ). Idea from deraadt@; ok deraadt@ dlg@
* | | | new ipsca root.dlg2009-12-311-0/+108
| | | |
* | | | ipsca has expireddlg2009-12-311-51/+0
| | | |
* | | | replace a few remaining UNIX terms with .Ux macros; this diffsobrado2009-12-291-4/+4
| | | | | | | | | | | | | | | | completes the changes from Oct 22.
* | | | save calls to arc4random() by using a nibble at a time; not becauseotto2009-12-161-24/+27
| | | | | | | | | | | | | | | | | | | | arc4random() is slow, but it induces getpid() calls; also saves a bit on stirring efforts
* | | | No point in refreshing the pid from inside arc4_stir() when thatguenther2009-12-151-6/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | doesn't test it, so factor out the two places that test it into a routine and do the refreshing there. With this, arch4random_buf() doesn't trigger superfluous calls to getpid() when filling large buffers. ok deraadt@, "looks nicer indeed" otto@
* | | | plug a memory leak; found by parfait, ok djmderaadt2009-12-111-0/+2
| | | |
* | | | Make userland malloc use __LDPGSZ granularity on mips, regardless of themiod2009-12-071-1/+3
| | | | | | | | | | | | | | | | actual kernel page size.
* | | | missing word;jmc2009-12-051-3/+3
| | | | | | | | | | | | | | | | from trhodes@freebsd, r200095;
* | | | Switch the chunk_info lists to doubly-linked lists and use the queueotto2009-11-271-51/+34
| | | | | | | | | | | | | | | | | | | | | | | | macros for them. Avoids walking the lists and greatly enhances speed of freeing chunks in reverse or random order at the cost of a little space. Suggested by Fabien Romano and Jonathan Armani; ok djm@
* | | | Don't forget to fill region from the cache with junk if needed in one case;otto2009-11-271-1/+3
| | | | | | | | | | | | | | | | from Fabien Romano and Jonathan Armani
* | | | No need to clear a mmapped region; from Fabien Romano and Jonathanotto2009-11-271-2/+1
| | | | | | | | | | | | | | | | Armani
* | | | More shrinkage, a bit for ramdisks but mostly for static binaries:guenther2009-11-185-392/+445
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - wrap with #ifndef NO_LOG_BAD_DNS_RESPONSES libc code that uses p_class() and p_type() for diagnostics, then add that define to libstub to avoid pulling in res_debug_syms.o - split rcmd() and ruserok() into separate files, as nothing uses both - split readdir_r() to its own file - split syslog_r() from syslog(), as the latter needs localtime(); many binaries no longer need to pull in all the time code after this; switch from usleep() to nanosleep() while we're at it (The profit of analysis of -Wl,-M,--cref output) Chops 888kB from /bin and /sbin on i386 ok deraadt@, miod@
* | | | pull Ben Lauries blind prefix injection fix for CVE-2009-3555 frommarkus2009-11-1010-12/+40
| | | | | | | | | | | | | | | | openssl 0.9.8l; crank minor version; ok djm@ deraadt@; initially from jsg@
* | | | permit -DMALLOC_STATS to compile againtodd2009-11-021-2/+2
| | | | | | | | | | | | | | | | | | | | noticed by Jonathan Armani & Fabien Romano ugh+ok otto@
* | | | s/Mhz/MHz/, MHz is a multiple of the SI unit hertz (whose symbol is Hz).sobrado2009-10-314-8/+8
| | | |
* | | | rcsid[] and sccsid[] and copyright[] are essentially unmaintained (andderaadt2009-10-271-5/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | unmaintainable). these days, people use source. these id's do not provide any benefit, and do hurt the small install media (the 33,000 line diff is essentially mechanical) ok with the idea millert, ok dms
* | | | Check mmap return value against MAP_FAILED not NULL.pirofti2009-10-201-2/+2
| | | | | | | | | | | | | | | | Okay deraadt@, otto@.
* | | | teach gdtoa & its subroutines that malloc can fail; in which casemartynas2009-10-162-2/+6
| | | | | | | | | | | | | | | | | | | | | | | | ecvt, fcvt, gcvt, *printf, strtof, strtod, strtold act per ieee 1003.1. after these massive changes, remove unused files which would not work now. reported by Maksymilian Arciemowicz; ok theo
* | | | another cert that makes godaddy.com and launchpad.net (among others) happy.fgsch2009-10-121-0/+51
| | | | | | | | | | | | | | | | | | | | found by Guillaume Protet (guillaume dot protet at mortheres dot info) while testing bzr update. deraadt@ ok
* | | | rewrite the history section, prompted by Paul Stoeber; ok deraadt@ jmc@otto2009-10-101-25/+28
| | | |
* | | | make getaddrinfo(3) accept numeric servname when ai_socktype is notfgsch2009-09-021-4/+2
| | | | | | | | | | | | | | | | | | | | specified in hint or hints is NULL. claudio@ ok
* | | | various MLINK fixes from Alan R. S. Bueno;jmc2009-08-131-3/+3
| | | |
* | | | remove expired certificates and add startcom ltd.fgsch2009-08-081-839/+148
| | | | | | | | | | | | | | | | beck@ ok
* | | | pull string for memcpy; ok hshoexer@martynas2009-08-072-2/+4
| | | |
* | | | promote correct style for error checkingeric2009-07-091-7/+7
| | | | | | | | | | | | | | | | ok tedu@ deraadt@ krw@
* | | | abs conforms c99 -> imaxabs conforms c99. ok millert@martynas2009-06-211-3/+3
| | | |
* | | | quieten compiler by converting pointers to uintptr_t before truncating themderaadt2009-06-081-5/+5
| | | | | | | | | | | | | | | | | | | | to u_int32_t to do integer math with (in a situation where that is legit) ok otto millert
* | | | compare and shift buffer against a fixed length not strlen derived values.pyr2009-06-051-6/+6
| | | | | | | | | | | | | | | | ok otto@
* | | | simplify the 'family' option parser and make it more evident what we'repyr2009-06-042-25/+18
| | | | | | | | | | | | | | | | | | | | | | | | now doing. ok deraadt@
* | | | Don't assume that we can overwrite strings in the environment.millert2009-06-041-1/+3
| | | | | | | | | | | | | | | | | | | | Someone may have passed a read-only string to putenv() (I'm looking at you cron!).
* | | | Add a resolv.conf option to specify the order in which getaddrinfopyr2009-06-042-8/+63
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | PF_UNSPEC queries are made. While there change the default from inet6 first then inet4 to inet4 first then inet6, this prevents the many people with IPv4 only connectivity from constantly trying to contact IPv6 addresses, and also unbreaks many ports who don't use getaddrinfo right. ok deraadt@, plenty of cheering in the room wrt the idea, not loud enough complaining from the v6 crowd.
* | | | Make putenv(), setenv() and unsetenv() standards compliant. Themillert2009-06-035-86/+117
| | | | | | | | | | | | | | | | | | | | | | | | standard explicitly disallows passing setenv a name with a '=' in it but historic BSD behavior is to allow this but to ignore the '=' and anything after it.
* | | | - define EAI_OVERFLOW, as per IEEE Std 1003.1-2001(Interpretation #13)jasper2009-06-022-3/+7
| | | | | | | | | | | | | | | | hint from claudio@, ok millert@
* | | | add ipsCA as a valid authority.dlg2009-05-251-0/+51
| | | | | | | | | | | | | | | | ok beck@
* | | | Document AI_NUMERICSERV; feedback and ok millert@jacekm2009-05-061-2/+9
| | | |
* | | | document that no leading whitespace is permitted between the option andokan2009-04-121-3/+5
| | | | | | | | | | | | | | | | | | | | | | | | argument if the argument is deemed to be optional ('::'). feedback and ok jmc@ and millert@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-04 06:34:52 +0000