summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2014-11-03correct test logic. ok guentherTed Unangst
2014-11-03Convert the logic in yyerror(). Instead of creating a temporaryAlexander Bluhm
format string, create a temporary message. OK claudio@
2014-11-03Add a blurb about "Discovered old directory in ..." in the man page.Brian Callahan
Direction/tweaks from sthen@ espie@ ok espie@
2014-11-03the man page says it is impossible to cheat, but since the shuffle isTed Unangst
lopsided, a sharp counter can detect uneven permutations. fix this by using knuth shuffle. ok mlarkin pjanzen
2014-11-03Convert the logic in yyerror(). Instead of creating a temporaryAlexander Bluhm
format string, create a temporary message. OK claudio@
2014-11-03Convert the logic in yyerror(). Instead of creating a temporaryAlexander Bluhm
format string, create a temporary message. OK deraadt@
2014-11-03Eliminate RTLD_PROTECT_PLT: ld.so is built with -Bsymbolic so thePhilip Guenther
PLT is empty/unused. On at least macppc and sparc64, ld.so's attempt to mprotect its PLT could instead hit its own allocated data and cause a segfault shortly there after. While here, take a shot at preventing the same issue with the GOT by checking for __got_start != __got_end. reproduction *with ktracing* by afresh1@ provided the key data ok miod@ deraadt@
2014-11-03only call SRTP (whatever that is) functions when the connection type isTed Unangst
DTLS (whatever that is) instead of for TLS too. ok jsing.
2014-11-03Put the socket splicing fields into a seperate struct sosplice thatAlexander Bluhm
gets only allocated when needed. This way struct socket shrinks from 472 to 392 bytes on amd64. When splicing gets active, another 88 bytes are allocated for struct sosplice. OK dlg@
2014-11-03minor cleanup of zlib code. DSO is gone. ok jsing.Ted Unangst
2014-11-03Convert the logic in yyerror(). Instead of creating a temporaryAlexander Bluhm
format string, create a temporary message. OK benno@ doug@
2014-11-03Convert the logic in yyerror(). Instead of creating a temporaryAlexander Bluhm
format string, create a temporary message. OK benno@ doug@ claudio@
2014-11-03deobfuscate by pulling le conversions up. use mallocarray.Ted Unangst
2014-11-03reduce dependency on passwd. just call bcrypt_newhash to do the dummy work.Ted Unangst
2014-11-03hoist blowfish up and use bcrypt_newhash directlyTed Unangst
2014-11-03actually use macro argument instead of shadowed variable nameTed Unangst
2014-11-03comment out no-tab-mode, since mg is currently compiled without it;Jason McIntyre
From: Kaspars Bankovskis ok lum
2014-11-03introspection feature: ${MAKEFILE_LIST} contains the list of makefilesMarc Espie
parsed. name stolen from gmake, from a suggestion from guenther@, to avoid gratuitous confusin. okay guenther@, millert@
2014-11-03Fix kernel stack overflow by preventing carp_send_ad_all() from re-entrantGerhard Roth
calls. Also, when adjusting demote counts, don't call carp_send_ad_all() for every ifgroup with a demote count of 1 but rather call it only once after adjusting the demote counts of all ifgroups. ok bluhm@ mpf@
2014-11-03Do no change the gateway of local routes for p2p interfaces.Martin Pieuchot
This change was defeating the code in rtrequest1(9) checking for route entries with the same dst/gw when the same IP address was configured on multiple interfaces. As a result, multiple local routes were created for the same address and marked as multipath. But changing their gateway to 127.0.0.1 would make them similar and impossible to remove. This would leaves entries with a stall ifa pointer as soon as the address was removed. Prevent a panic reported by todd@
2014-11-03Convert the logic in yyerror(). Instead of creating a temporaryAlexander Bluhm
format string, create a temporary message. OK deraadt@ claudio@
2014-11-03Add hooks to override native arc4random_buf on FreeBSD.Brent Cook
The FreeBSD-native arc4random_buf implementation falls back to weak sources of entropy if the sysctl fails. Remove these dangerous fallbacks by overriding locally. Unfortunately, pthread_atfork() is also broken on FreeBSD (at least 9 and 10) if a program does not link to -lthr. Callbacks registered with pthread_atfork() simply fail silently. So, it is not always possible to detect a PID wraparound. I wish we could do better. This improves arc4random_buf's safety compared to the native FreeBSD implementation. Tested on FreeBSD 9 and 10.
2014-11-03arc4random_uniform() transformation was off, resulting in badly skewedPhilip Guenther
distribution in the placement of malloc's dir_info. ok otto@ deraadt@
2014-11-03Add gcc format attributes to yyerror() in httpd.Doug Hogan
Fix a few format characters as well. ok bluhm@
2014-11-03Add gcc format attributes to more warn/error functions in parse.y files.Doug Hogan
Fix a few missing or incorrect format characters. ok claudio@
2014-11-03simple conversion from select() to poll()Theo de Raadt
2014-11-03pass size argument to free()Theo de Raadt
ok doug tedu
2014-11-03No need to immediately remove an expired lease from the list ofKenneth R Westerback
leases. It will be ignored, so let the normal cleanup in bind_lease() take care of it.
2014-11-02Unmap the hibernate hiballoc page after we are done with it.Mike Larkin
ok deraadt, kettenis
2014-11-02increment s->datalen counter in append domain code to correctly account forGilles Chehade
the data we wrote
2014-11-02rework domain append by locating either the brackets or the last componentGilles Chehade
of an address and appending domain if not already there. this works better than trying to parse addresses and render them back, while allowing us to do the append "in place" and cope nicely with multi-line addresses.
2014-11-02Pesky whitespace and spurious parenthesis.Kenneth R Westerback
2014-11-02Add a tls_connect_fds() function that allows a secure connection to beJoel Sing
established using a pair of existing file descriptors. Based on a diff/request from Jan Klemkow. Rides previous libtls rename/library bump. Discussed with tedu@.
2014-11-02syncTheo de Raadt
2014-11-02Convert the logic in yyerror(). Instead of creating a temporaryAlexander Bluhm
format string, create a temporary message. OK deraadt@
2014-11-02Fix a NULL deref when getting an actual result for an invalid hostnameEric Faurot
in gethostbyname(). Similar fix for getnetbyname(). ok deraadt@ daniel@ jca@
2014-11-02use nanosleep() instead of select(); ok jsingTheo de Raadt
2014-11-02revert, i did NOT ok this diff which bears no proof of testing in a bulk or ↵Jasper Lievisse Adriaanse
xenocara
2014-11-02Remove remnants from RC2 and SEED - there are no longer any cipher suitesJoel Sing
that use these algorithms (and SEED was removed from libcrypto some time ago). ok doug@
2014-11-02Tests for constructs such as 'foo >= a.version foo != another.version'.Jeremie Courreges-Anglas
2014-11-02localcipher is blowfish only. remove mention of ypcipher.Ted Unangst
2014-11-02be a little more vague and a little less wrong about login.confTed Unangst
2014-11-02awk script to upgrade from 4.3 passwd files is irrelevant nowTed Unangst
2014-11-02update documentation regarding localcipher onlyTed Unangst
2014-11-02tweak wording and update panic messagesTed Unangst
2014-11-02tweak free panic messages tooTed Unangst
2014-11-02tweak panic messages for consistencyTed Unangst
2014-11-02tmpfs free sizesTed Unangst
2014-11-02unnecessary malloc.h includeTed Unangst
2014-11-02make comment select() vs poll() agnosticTheo de Raadt
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-11 12:35:44 +0000