| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2015-10-22 | Drop historical comment and an old '#if notyet'. | Martin Pieuchot | |
| 2015-10-22 | Kill link_rtrequest(), introduce in 1990 to "fix" the result | Martin Pieuchot | |
| of rt_getifa() when adding link level route from outside the kernel. ok claudio@ | |||
| 2015-10-22 | Use only one refcounting mechanism for route entries. | Martin Pieuchot | |
| ok bluhm@, dlg@, claudio@ | |||
| 2015-10-22 | Only check for rt_ifp now that it is alays the same as rt_ifa->ifa_ifp. | Martin Pieuchot | |
| ok millert@, bluhm@ | |||
| 2015-10-22 | Make sure that the address matching the key (destination) of a route | Martin Pieuchot | |
| entry is attached to this entry. ok phessler@, bluhm@ | |||
| 2015-10-22 | Use rt_ifp instead of rt_ifa->ifa_ifp. | Martin Pieuchot | |
| ok bluhm@ | |||
| 2015-10-22 | Kill dead code, ifa is specified and won't change. | Martin Pieuchot | |
| ok bluhm@ | |||
| 2015-10-22 | iked hereby pledges that it will run with restricted system | Reyk Floeter | |
| operations. This adds pledge(2) too all processes, including the iked parent process; the existing privsep design has been improved for better pledgeability. There haven't been any serious problems as it was already sane (eg. by receiving the PFKEYv2 and UDP sockets via fd passing). The control socket moved to an independent process to remove some abilities from the cert process. Committed in agreement with many but nobody was brave enough to OK it. Better testing will happen with having it in the tree. "It's the truth" deraadt@ "Let's see what happens" benno@ | |||
| 2015-10-22 | Add a regress test for if_indextoname() and if_nametoindex() | Claudio Jeker | |
| 2015-10-22 | Another change that is needed to restore the previous behaviour of | Joel Sing | |
| ASN1_{GENERALIZED,UTC}TIME_set_string(), which allows it to be called with a NULL pointer. ok beck@ | |||
| 2015-10-22 | Inspired by satosin(), use inline functions to convert sockaddr dl. | Alexander Bluhm | |
| Instead of casts they check wether the incoming object has the expected type. So introduce satosdl() and sdltosa() in the kernel. OK mpi@ | |||
| 2015-10-22 | Final removal of EXTERN. | mmcc | |
| ok nicm@ | |||
| 2015-10-22 | Stop linking iked -static: It was inherited from isakmpd that is | Reyk Floeter | |
| -static for NFS-over-IPsec that might mount the libraries after /usr. The benefit of linking iked dynamic outweighs the historic reason, eg. to get full address space randomization and to benefit from libcrypto updates, so we turn it into a dynamic binary. OK deraadt@ naddy@ | |||
| 2015-10-22 | Restore previous behaviour and allow | Joel Sing | |
| ASN1_{GENERALIZED,UTC,}TIME_set_string() to be called with a NULL pointer. Found the hard way by @kinichiro on github. ok beck@ | |||
| 2015-10-22 | Add pledge(2) to some binutils that handle untrusted data. Most can do with | Pascal Stumpf | |
| "stdio rpath", while objdump(1) also needs "tmppath" for objdump -i. ok deraadt@, comments sthen@ kettenis@ | |||
| 2015-10-22 | Extend tests to call ASN1_{GENERALIZED,UTC,}TIME_set_string() with a NULL | Joel Sing | |
| pointer - because, you know, you might want to set a string on a NULL object. The previous implementation apparently allowed this as a way of testing if the string was valid... probably because the *_check() functions are only useable after the string has already been set. | |||
| 2015-10-22 | Fix case where we wanted to test ASN1_TIME_set_string() but were testing | Joel Sing | |
| ASN1_UTCTIME_set_string() twice instead. | |||
| 2015-10-22 | Fix case where we wanted to test ASN1_TIME_set_string() but were testing | Joel Sing | |
| ASN1_UTCTIME_set_string() twice instead. | |||
| 2015-10-22 | Do not pass an ``ia'' just to dereference ``ia_ifp''. | Martin Pieuchot | |
| ok claudio@, bluhm@, jsg@ | |||
| 2015-10-22 | Revert revision 1.282: | Reyk Floeter | |
| "Allow for empty blocks for peers. While this is bad style for permant use, this is very nice to temporarily disable a peer option." This broke the grammar by introducing shift/reduce errors. OK phessler@ | |||
| 2015-10-22 | use crypt_checkpass("password", NULL) to fake a login instead of bcrypt | Ted Unangst | |
| 2015-10-22 | use crypt_checkpass to check password | Ted Unangst | |
| 2015-10-22 | copying of the environment can be done later, as the user running | Ted Unangst | |
| 2015-10-22 | pledge "abort" left behind accidentally | Theo de Raadt | |
| 2015-10-22 | use crypt_checkpass instead of doing things the hard way with crypt. | Ted Unangst | |
| 2015-10-22 | setlocale() before pledge()... until we learn more | Theo de Raadt | |
| 2015-10-22 | remove some horrible iwm typedefs | Jonathan Gray | |
| ok stsp@ | |||
| 2015-10-22 | If the pane is still on all_window_panes but not actually connected to | Nicholas Marriott | |
| window or session (which can happen if it is killed during a command sequence and something else has a reference), fall back to the best effort. Fixes "tmux killw\; detach" for Rudis Muiznieks. | |||
| 2015-10-22 | Unzoom before -LRUD, reported by Andy Weidenbaum. | Nicholas Marriott | |
| 2015-10-22 | If we receive an empty route message, log it and ignore it. Happens | Peter Hessler | |
| occasionally on FreeBSD. from Melissa Jenkins OK claudio@, florian@, benno@ | |||
| 2015-10-22 | fix company name. | Igor Sobrado | |
| ok jmc@ | |||
| 2015-10-22 | fix spelling mess. | Igor Sobrado | |
| ok jmc@ | |||
| 2015-10-22 | improve indentation in list block. | Igor Sobrado | |
| ok jmc@ | |||
| 2015-10-22 | fix typo in unit of time. | Igor Sobrado | |
| ok jmc@ | |||
| 2015-10-22 | Further study shows "route" should allow all address families in NET_RT_DUMP | Theo de Raadt | |
| With benno | |||
| 2015-10-22 | typo. | Igor Sobrado | |
| ok jmc@ | |||
| 2015-10-22 | Log identify messages. | Nicholas Marriott | |
| 2015-10-22 | This should not be changed. | Nicholas Marriott | |
| 2011-04-24 | Here comes the easter bunnytils 2.17 (the last version released against a | Miod Vallat | |
| licence mere mortals can understand the terms of); will be connected to the build on an arch-by-arch basis. Testsuites and generated files have been intentionnaly omitted from this import. Peer pressure and ok from at least drahn@ pirofti@ deraadt@ | |||
| 2015-10-22 | Do not dereference ``ifa_ifp'' when we already have an ``ifp'' pointer. | Martin Pieuchot | |
| 2015-10-22 | Rename shutdown to exit. | Nicholas Marriott | |
| 2015-10-22 | The eigrpe process also needs to pledge "cpath" for unlinking the | Renato Westphal | |
| control socket. | |||
| 2015-10-22 | After some consideration, simply allow TIOCSCTTY in the "tty" pledge. | Theo de Raadt | |
| Discussion with nicm. | |||
| 2015-10-22 | Do not dereference ``ia_ifp'' when we already have an ``ifp'' pointer. | Martin Pieuchot | |
| 2015-10-22 | Use rt_ifp as intended. | Martin Pieuchot | |
| During s2k15 we fixed this ugly 20+ years loopback hack of having a rt_ifp different than rt_ifa->ifa_ifp. ok millert@, bluhm@ | |||
| 2015-10-22 | Kill dead code missed in per-ifp counter removal. | Martin Pieuchot | |
| ok millert@, bluhm@ | |||
| 2015-10-22 | document "id" request; from Gregor Best | Theo de Raadt | |
| 2015-10-22 | delivery to maildir needs pledge fattr | Gilles Chehade | |
| from Gregor Best <gbe@unobtanium.de> | |||
| 2015-10-22 | halex removed the -p restriction, so do not document it; | Jason McIntyre | |
| from kirill bychkov | |||
| 2015-10-22 | at present the setpriority() syscall is considered fairly low risk and | Theo de Raadt | |
| placed in pledge "proc". pledge "stdio getpw proc", from Theo Buehler | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |