Age | Commit message (Collapse) | Author |
|
|
|
does not have any arguments. Crash found by nigel@ in kermit(1).
|
|
|
|
reported by Mikolaj Kucharski, thanks!
ok krw
|
|
|
|
|
|
subject-altname, i.e. support IKEV2_ID_ASN1_DN correctly;
feedback & ok mikeb@
|
|
to directory). This doesn't reduce functionality but merely results
in a better error message when trying to use the option,
and it simplifies the code.
The -f option first appeared in AT&T Version 7 UNIX (1979), and Keith
Bostic renamed it to -F for 4.3BSD-Reno in 1990 because it conflicted
with System V and POSIX. Meanwhile, NetBSD, FreeBSD, and DragonFly
removed it, too.
From Tristan Le Guern <tleguern at bouledef dot eu>.
OK guenther@ krw@
|
|
from ikev2_ike_auth_recv() code (message parsing; used once); ok mikeb@
|
|
makes this compile with OPENSSL_NO_DEPRECATED defined.
ok deraadt@
|
|
source address selection logic.
These hacks were only relevant for the NFS diskless boot code in order to
pick the local broadcast address of the only configured interface. So, be
explicit and set this address directly.
Tested by florian@, ok henning@, beck@, chrisz@
|
|
uhidev_open() at attach time. This plugs up to 3 xfer leaks and a buffer
one.
ok yuo@
|
|
local traffic is not optional.
ok mikeb@, stsp@, jca@
|
|
receiving pointer -> index conversion. No functional change.
ok chrisz@, jca@, mikeb@, lteo@
|
|
configuration.
from Anders Berggren.
|
|
lounge after n2k14.
Prototype patch from zhuk@
ok zhuk@ krw@ tedu@
|
|
the only useful option here is to specify an alternative config path,
which must be used for these operations as well as for startup.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
beauty sleep. He's probably having a nightmare about this right now....
ok tedu
|
|
|
|
|
|
a little pointer-sized gap before the return value. This protects
from common off-by-one type of bugs and costs nothing: the attacker
won't be able to overwrite return pointer. Developed at m2k14,
thanks for the hackathon!
|
|
|
|
|
|
This will make the environment more hostile and help detect bugs
that depend on overrunning one variable into another, with almost
no performance cost.
Discussed with Theo at m2k14 hackathon. "oh god yes" tedu@, "oh nice" djm@
|
|
|
|
|
|
|
|
arc4random_buf() to avoid lots of arc4random() calls with a getpid()
syscall for each one. We fetch 32 bytes of random data at a time
which can handle up to 16 Xs. 16 Xs should be enough for anyone.
Requested and OK deraadt@
|
|
|
|
|
|
|
|
|
|
- replace hardcoded sizes with sizeof()
- pqueue_find() apparently used to need to keep track of the previous node
when iterating, which causes its logic to be complicated. However, nowadays
it only needs to iterate, so replace with a straightforward, much
readable logic.
- remove #if 0'ed code
From ``sin'' from 2f30 dot org on tech@, thanks!
|
|
|
|
|
|
Reported by David Ramos (and simultaneously to OpenSSL as PR#3339).
ok beck@ logan@
|
|
a bad idea, for it causes false positives, which then can cause ICE trying
to protect narrower-than-int incoming arguments, if building with
-fstack-protector-all.
From etoh@'s gcc 3.4 tree, unbreaks -fstack-protector-all on m88k (well, maybe
not completely, but it makes it compile more files, such as pf.c which contains
functions receiving uint16_t arguments pushed on the stack due to the
exhaustion of caller-saved registers).
|
|
these files similar in layout to the other md Makefile.inc; no functional
change.
|
|
|
|
|
|
Needed for proper networking on my DSR-500.
|
|
This is an MI driver currently targeting only the BCM53115 model,
but other Broadcom devices (specially from the 53XX family) can make use
of it as well.
The driver currently accounts just for the CPU port. The switch is left
in dumb-mode. Further advanced switch control is in the works.
Parts of this was inspired by looking at the b53 driver from the
OpenWrt project. Thanks!
Okay miod@
|