| Age | Commit message (Collapse) | Author |
|---|
|
and more concise.
* Correct the description of the return values of DH_set_method(3)
and DSA_set_method(3).
* Stop referencing engine(3).
|
|
* Add three missing const qualifiers to function prototypes.
* Correct the argument type of RSA_new_method(3).
* Remove duplicate decsription of RSA_flags(3) and RSA_new_method(3).
* Make the description of method selection simpler, more precise,
and more concise.
* Correct description of the return value of RSA_set_method(3).
* Stop referencing engine(3).
|
|
the brk area anyway.
- Use a larger hint bound to spread the allocations more for the 32-bit case
- Simplified the overy abstracted brs/stack allocator and switch of
guard pages for the brk case. This allows i386 some extra space,
depending on memory usage patterns.
- Reduce brk area on i386 to give the rnd space more room
ok stefan@ sthen@
|
|
Other parts of uvm/pmap check for proper prot flags
already. This fixes the qemu startup problems that
semarie@ reported on tech@.
|
|
Ensures that the olatch decrements uniformly, independent of system
wall clock jumps.
While here, roll the olatch computation in i8253_do_readback() into
a loop, and leverage the timespec macros in sys/time.h. Both make the
code a lot more readable.
ok mlarkin@
|
|
the Listen-on directive in isakmpd.conf(5). This directive can be necessary
in multi-homed situations, and if isakmpd(8) is used with carp(4).
ok sthen@ mpi@
|
|
- Use vput(9) instead of vrele(9) when a "locked" node is returned
by nfs_nget().
- Make sure VN_KNOTE() is always called with a valid reference.
- Add a missing PDIRUNLOCK in nfs_lookup()
These changes are mostly noops as long as nfs_lock()/unlock() do
nothing.
Tested by bluhm@, visa@ and myself.
ok visa@
|
|
Don't use the standard pmap PTE functions to manipulate EPT PTEs. This
occasionally caused VMs to fail after random amounts of time due to
loading the pmap on the CPU and the processor updating A/D bits (which
are reserved bits in EPT). This ultimately manifested itself as errors
from vmd ("vcpu X run ioctl failed".)
tested by many, on different types of HW, no regressions noted
|
|
version numbers since they choke on them under some circumstances.
https://twistedmatrix.com/trac/ticket/9422 via Colin Watson
Newer Conch versions have a version number in their ident string and
handle debug messages okay. https://twistedmatrix.com/trac/ticket/9424
|
|
|
|
|
|
The implementation tries to allocate sufficient memory to match the size of
the microcode file and will blow the boot loader heap when loading a larger
microcode file. This has been causing "heap full" errors at boot on some
machines.
Diagnosed with deraadt@
|
|
|
|
covering the remaining functions that were documented in engine(3),
except for seven functions that are completely pointless and that
were merely listed but not really documented.
|
|
frequency of 125Mhz, and have a unique sleep register. A custom
interrupt handler is setup in puc for these ports so it can check a
register which reports which ports triggered the interrupt, rather
than having to run comintr for every port every time.
ok mlarkin deraadt
|
|
|
|
This implements RFC 3430, with the exception of processing multiple
incoming requests in parallel (Section 2.1). This required too much
code and is optional anyway.
Initial review by reyk@, very thorough reviews by jca@. Thanks!
OK jca@, gerhard@
|
|
covering 60% of the documented functions). The old, abominable
engine(3) manual page shall die soon.
|
|
allow for custom frequencies not a multiple of COM_FREQ
ok deraadt
|
|
|
|
set to HOST_DOWN.
Noticed and fixed by Rivo Nurges <Rivo DOT Nurges AT smit DOT ee>
ok and reminder florian@
|
|
|
|
|
|
* RT #131844: [CVE-2018-6913] heap-buffer-overflow in S_pack_rec
Reported by GwanYeong Kim, fixed by Tony Cook.
* RT #132063: [CVE-2018-6798] Heap-buffer-overflow in
Perl__byte_dump_string (utf8.c)
Reported by Nguyen Duc Manh, fixed by Karl Williamson, Yves Orton, and
Tony Cook.
* RT #132227: [CVE-2018-6797] heap-buffer-overflow (WRITE of size 1) in
S_regatom (regcomp.c)
Reported by Brian Carpenter, fixed by Yves Orton, Karl Williamson, and
Tony Cook.
Many thanks to deraadt@ tj@ bluhm@ tb@ robert@
|
|
to accept a NULL argument. Document that.
While here, make the related sentences more precise and less verbose.
Tweaks and OK tb@.
|
|
simplifies the caller side.
tested by & ok inoguchi; discussed with schwarze
|
|
OpenSSL commit 7c96dbcdab9 by Rich Salz.
This cleans up the caller side quite a bit and reduces the number of
lines enclosed in #ifndef OPENSSL_NO_ENGINE. codesearch.debian.net
shows that almost nothing checks the return value of ENGINE_finish().
While there, replace a few nearby 'if (!ptr)' with 'if (ptr == NULL)'.
ok jsing, tested by & ok inoguchi
|
|
ok deraadt, kettenis
|
|
"Regress is always open for commits" @deraadt
|
|
on terminals narrower than 79 columns and the default -Oindent on
terminals narrower than 66 columns.
Requested by and feedback from pirofti@;
mpi@ and juanfra@ also like the general direction.
|
|
selected UTF-8, not some other multibyte locale. This obviously
makes no difference on OpenBSD but improves portability.
Issue reported by <Nakayama at NetBSD> via wiz@.
|
|
Keeps $SECONDS advancing uniformly and independent of wall clock jumps.
ok jca@
|
|
Ok ccardenas@
|
|
in full HTML output, but not with -Ofragment, e.g. in man.cgi(8);
suggested by Thomas Klausner <wiz at NetBSD>
|
|
different effective user, i.e. when invoced via su and
backup-to-home-directory is enabled.
Problem pointed out and diff provied by Lucas Gabriel Vuotto
<lvuotto92 () gmail ! com>, thanks!
Subsequently slacked on for nearly a year by yours truly.
Then remembered when Han Boetes <hboetes () gmail ! com> came up with
a similar diff because of a problem report by Mark Willson where it
turned out that getlogin(2) is not very portable.
OK tb
|
|
No objections from henning, OK visa
|
|
ok kettenis@+florian@'s OCD
|
|
diff from fukaumi at soum.co.jp.
ok deraadt mpi
|
|
patch from Thomas Kuthan in bz2719; ok dtucker@
|
|
This establishes a minimum time for each failed authentication
attempt (5ms) and adds a per-user constant derived from a host
secret (0-4ms). Based on work by joona.kannisto at tut.fi, ok
markus@ djm@.
|
|
Implement MAP_STACK option for mmap(). Synchronous faults (pagefault and
syscall) confirm the stack register points at MAP_STACK memory, otherwise
SIGSEGV is delivered. sigaltstack() and pthread_attr_setstack() are modified
to create a MAP_STACK sub-region which satisfies alignment requirements.
Observe that MAP_STACK can only be set/cleared by mmap(), which zeroes the
contents of the region -- there is no mprotect() equivalent operation, so
there is no MAP_STACK-adding gadget.
This opportunistic software-emulation of a stack protection bit makes
stack-pivot operations during ROPchain fragile (kind of like removing a
tool from the toolbox).
original discussion with tedu, uvm work by stefan, testing by mortimer
|
|
syscall) confirm the stack register points at MAP_STACK memory, otherwise
SIGSEGV is delivered. sigaltstack() and pthread_attr_setstack() are modified
to create a MAP_STACK sub-region which satisfies alignment requirements.
Observe that MAP_STACK can only be set/cleared by mmap(), which zeroes the
contents of the region -- there is no mprotect() equivalent operation, so
there is no MAP_STACK-adding gadget.
This opportunistic software-emulation of a stack protection bit makes
stack-pivot operations during ROPchain fragile (kind of like removing a
tool from the toolbox).
original discussion with tedu, uvm work by stefan, testing by mortimer
ok kettenis
|
|
by my mistake.
Pointed out by Christian Ludwig. Thank you!
|
|
was used to compile and object
ok kettenis@
|
|
calling FRELE(9) in finishdup().
Update comments accordingly.
ok bluhm@, visa@
|
|
dupfdopen().
ok bluhm@, visa@
|
|
The sequence of packets and combination of flags depends on timing.
|
|
|
|
syslogd to shutdown. So the test could miss some log messages.
|
|
SSL_OP_TLS_ROLLBACK_BUG to no longer have any effect.
Update the manual page.
|
