| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
Changes by: tedu@cvs.openbsd.org 2014/04/10 13:01:37
Piotr Sikora pointed me at a more refined diff for the buffer release
issue. Apply that version. Maybe someday upstream will wake up and then
we can have the same code.
https://rt.openssl.org/Ticket/Display.html?id=2167&user=guest&pass=guest
|
|
|
|
|
| |
cherrypick fix for CVE-2014-0160 "heartbleed" vulnerability from
OpenSSL git; ok sthen@
|
|
|
|
| |
architectures. ok miod@ djm@
|
| |
|
|
|
|
|
| |
from the openssl git (changes between openssl 1.0.1c and 1.0.1d).
ok djm@
|
| |
|
|
|
|
| |
corner cases. OK millert@.
|
| |
|
|
|
|
| |
expanded, but not enough due to precedence error. Spotted by Thorsten Glaser.
|
| |
|
|
|
|
| |
ok phessler@
|
|
|
|
| |
ok jakob
|
|
|
|
| |
ok guenther millert kettenis
|
| |
|
|
|
|
| |
text. OK deraadt@
|
| |
|
| |
|
|
|
|
|
| |
grantpt() and unlockpt() using /dev/ptm. Man pages from FreeBSD.
OK kettenis@ deraadt@ beck@ ajacoutot@ naddy@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- additional cert's from GlobalSign.
- additional cert's from VeriSign and replace existing ones with
'Signature Algorithm: md2WithRSAEncryption' with their currently
distributed sha1WithRSAEncryption versions.
- new CAs: AddTrust (root for most Comodo certificates also heavily
used in academic networks), Comodo (most of their certs are rooted in
AddTrust but TERENA use the Comodo AAA Certificate Services root
for some things so add that separately), UserTrust Network/UTN
(part of Comodo) and Starfield (part of Go Daddy).
|
|
|
|
| |
ok beck@ william@ todd@
|
|
|
|
|
|
| |
and include sha1 signatures for all certs (some were missing).
No certificate changes, this is just for consistency. ok beck@
|
|
|
|
|
|
| |
Remove intermediate GoDaddy certificate, this file should just contain roots.
ok beck@ phessler@
|
|
|
|
|
|
|
|
|
|
| |
not going to fix in order to stay compatible with legacy password data.
Nobody should use DES crypt anyway these days.
See http://www.freebsd.org/security/advisories/FreeBSD-SA-12:02.crypt.asc
for details about this bug.
Discussed with deraadt and beck about half a year ago (I'm pruning Ms
from my tree).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- sync RES_DEBUG with resolv.conf.5
- document RES_PRIMARY, but mark it unsupported (like we already do
for RES_AAAONLY)
- use the exact same text (about being enabled by default) for
RES_RECURSE as for the other two defaults
- document RES_INSECURE{1,2} - description lifted from resolv.conf.5
- document RES_NOALIASES
- mostly sync the RES_USE_EDNS0 text with resolv.conf.5
- RES_USE_DNSSEC not documented for now. something to come...
ok sthen
|
| |
|
| |
|
|
|
|
|
|
| |
or the special value of 0.
ok deraadt@ otto@
|
|
|
|
| |
ok otto@
|
|
|
|
|
|
| |
Should make coredumps from abort() easier to debug too.
ok kurt@
|
|
|
|
|
|
|
|
|
|
|
|
| |
unmapping of freed allocations without disabling chunk randomisation
like the "Freeguard" ('F') option does. Make security 'S' option
use 'U' and not 'F'.
Rationale: guarding with no chunk randomisation is great for debugging
use-after-free, but chunk randomisation offers better defence against
"heap feng shui" style attacks that depend on carefully constructing a
particular heap layout so we should leave this enabled when requesting
security options.
|
|
|
|
|
|
|
|
|
|
| |
have to go through the PLT/GOT to get at them anymore. In fact going through
the GOT now fails since we no longer have a GOT entry for OPENSSL_ia32cap_P.
Fixes the problem spotted by jasper@ and sthen@. Based on a diff from mikeb@
who did most of the actual work of tracking down the issue.
ok millert@, mikeb@
|
|
|
|
| |
Disable use of dladdr() on a.out arches, they do not provide it (yet);
|
|
|
|
| |
major cranks
|
| |
|
| |
|
|\
| |
| | |
branch.
|
| | |
|
|\ \
| | |
| | | |
branch.
|
| | | |
|
|\ \ \
| | | |
| | | | |
branch.
|
| | | | |
|
| | | |
| | | |
| | | |
| | | | |
references into a STANDARDS section;
|
| | | |
| | | |
| | | |
| | | | |
references into a STANDARDS section;
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
an empty name, NULL pointer, or a name containing an '=' character.
OK millert@, guenther@
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | | |
in working condition anymore (assuming there would be interest in running on
it).
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | | |
equal, but it is more correct)
from Michal Mazurek
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Okay otto@.
Found by Michal Mazurek <akfaew at jasminek dot net>, thanks!
|
| | | | |
|