summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2014-05-07Fix whitespace mistakes.Paul Irofti
2014-05-07Do not segfault in makewhatis -Q if the next .SH after .SH NAMEIngo Schwarze
does not have any arguments. Crash found by nigel@ in kermit(1).
2014-05-07revert, thanks sthenTed Unangst
2014-05-07back out the previous ICMP simplifying diff, it caused livelocks.Martin Pelikan
reported by Mikolaj Kucharski, thanks! ok krw
2014-05-07try postponed requests first, so we do in-order processing; ok mikeb@Markus Friedl
2014-05-07print msgid for debugging; ok reyk & mikebMarkus Friedl
2014-05-07make authentication work with X509 certificates that don't have aMarkus Friedl
subject-altname, i.e. support IKEV2_ID_ASN1_DN correctly; feedback & ok mikeb@
2014-05-07Remove the undocumented and ineffective -F option (force hard linkIngo Schwarze
to directory). This doesn't reduce functionality but merely results in a better error message when trying to use the option, and it simplifies the code. The -f option first appeared in AT&T Version 7 UNIX (1979), and Keith Bostic renamed it to -F for 4.3BSD-Reno in 1990 because it conflicted with System V and POSIX. Meanwhile, NetBSD, FreeBSD, and DragonFly removed it, too. From Tristan Le Guern <tleguern at bouledef dot eu>. OK guenther@ krw@
2014-05-07factor out ikev2_ike_auth() (state machine; used multiple times via callbacks)Markus Friedl
from ikev2_ike_auth_recv() code (message parsing; used once); ok mikeb@
2014-05-07add additional includes from eng_cryptodev.cJonathan Gray
makes this compile with OPENSSL_NO_DEPRECATED defined. ok deraadt@
2014-05-07Remove the last hacks concerning the global list of IPv4 addresses in theMartin Pieuchot
source address selection logic. These hacks were only relevant for the NFS diskless boot code in order to pick the local broadcast address of the only configured interface. So, be explicit and set this address directly. Tested by florian@, ok henning@, beck@, chrisz@
2014-05-07Make sure to call uhidev_close() upon detach for every HID driver callingMartin Pieuchot
uhidev_open() at attach time. This plugs up to 3 xfer leaks and a buffer one. ok yuo@
2014-05-07Kill the {nd6_,}useloopback buttons, using the loopback interface forMartin Pieuchot
local traffic is not optional. ok mikeb@, stsp@, jca@
2014-05-07Remove some m->m_pkthdr.rcvif dereference to help for upcomingMartin Pieuchot
receiving pointer -> index conversion. No functional change. ok chrisz@, jca@, mikeb@, lteo@
2014-05-07Initialize struct iface by zero. Without this, npppd had used randomYASUOKA Masahiko
configuration. from Anders Berggren.
2014-05-07Fix ext2fs atime and mtime handling that I broke from an airportPhilip Guenther
lounge after n2k14. Prototype patch from zhuk@ ok zhuk@ krw@ tedu@
2014-05-07pass daemon_flags to nsd-control when used to check/reload/stop nsd,Stuart Henderson
the only useful option here is to specify an alternative config path, which must be used for these operations as well as for startup.
2014-05-07missing word in error message. ok millertTed Unangst
2014-05-07delete some crusty castsTed Unangst
2014-05-07convert calloc to use reallocarray instead. ok millertTed Unangst
2014-05-07calloc, from peter maloneTed Unangst
2014-05-07use calloc. from peter maloneTed Unangst
2014-05-07calloc is simpler. suggested by Peter Malone and halexTed Unangst
2014-05-07use calloc. from Peter MaloneTed Unangst
2014-05-07use calloc. from Peter MaloneTed Unangst
2014-05-07miod forgot about fcrypt_b.c being needed, before he went off to get hisTheo de Raadt
beauty sleep. He's probably having a nightmare about this right now.... ok tedu
2014-05-06temp variable for a bit of clarityTed Unangst
2014-05-06remove unneeded variableTed Unangst
2014-05-06When the stack protector heuristics doesn't cover a function, leaveMartynas Venckus
a little pointer-sized gap before the return value. This protects from common off-by-one type of bugs and costs nothing: the attacker won't be able to overwrite return pointer. Developed at m2k14, thanks for the hackathon!
2014-05-06factor out the safepathTed Unangst
2014-05-06be more explicit about what's a stringTed Unangst
2014-05-06Introduce -fstack-shuffle, which randomizes local stack variables.Martynas Venckus
This will make the environment more hostile and help detect bugs that depend on overrunning one variable into another, with almost no performance cost. Discussed with Theo at m2k14 hackathon. "oh god yes" tedu@, "oh nice" djm@
2014-05-06better alloc idiomTed Unangst
2014-05-06factor max message sizeTed Unangst
2014-05-06don't give people bad ideas about pool_debugTed Unangst
2014-05-06We don't really need uniform distribution for mktemp(3) so useTodd C. Miller
arc4random_buf() to avoid lots of arc4random() calls with a getpid() syscall for each one. We fetch 32 bytes of random data at a time which can handle up to 16 Xs. 16 Xs should be enough for anyone. Requested and OK deraadt@
2014-05-06small fix from mancha1. currently unused file, but no harm fixing it.Ted Unangst
2014-05-06reallocarrayTed Unangst
2014-05-06spell NULL as NULLTed Unangst
2014-05-06Make sure the stdout output is check, to confirm proper sorting.Miod Vallat
2014-05-06Assorted cleanups:Miod Vallat
- replace hardcoded sizes with sizeof() - pqueue_find() apparently used to need to keep track of the previous node when iterating, which causes its logic to be complicated. However, nowadays it only needs to iterate, so replace with a straightforward, much readable logic. - remove #if 0'ed code From ``sin'' from 2f30 dot org on tech@, thanks!
2014-05-06Add a fixed (read: non-SIGSEGV'ing) pq_test.Miod Vallat
2014-05-06Remove broken-by-design testMiod Vallat
2014-05-06Make sure PKCS7_get_octet_string() return values are checked for NULL.Miod Vallat
Reported by David Ramos (and simultaneously to OpenSSL as PR#3339). ok beck@ logan@
2014-05-06Remove the ``addressable'' argument to search_string_def(). Turned out to beMiod Vallat
a bad idea, for it causes false positives, which then can cause ICE trying to protect narrower-than-int incoming arguments, if building with -fstack-protector-all. From etoh@'s gcc 3.4 tree, unbreaks -fstack-protector-all on m88k (well, maybe not completely, but it makes it compile more files, such as pf.c which contains functions receiving uint16_t arguments pushed on the stack due to the exhaustion of caller-saved registers).
2014-05-06Sort CFLAGS, SRC and SSLASM stanzas by the directories they apply to, to makeMiod Vallat
these files similar in layout to the other md Makefile.inc; no functional change.
2014-05-06syncTheo de Raadt
2014-05-06Add brswphy(4) manual page.Paul Irofti
2014-05-06Enable brswphy(4) on the Octeon platform.Paul Irofti
Needed for proper networking on my DSR-500.
2014-05-06Add support for the Broadcom PHY found on the Octeon-based DSR-500.Paul Irofti
This is an MI driver currently targeting only the BCM53115 model, but other Broadcom devices (specially from the 53XX family) can make use of it as well. The driver currently accounts just for the CPU port. The switch is left in dumb-mode. Further advanced switch control is in the works. Parts of this was inspired by looking at the b53 driver from the OpenWrt project. Thanks! Okay miod@