| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
per-driver pool(9) instead.
With inputs from mikeb@
|
|
ok gilles@
|
|
This was a local change that was only enabled when the LESS_IS_MORE
environment variable was set and not when invoked as "more".
OK shadchin@ jmc@
|
|
interface, I suggest you have a look at the link-layer sockaddr
interface:
/*
* A Link-Level Sockaddr may specify the interface in one of two
* ways: either by means of a system-provided index number (computed
* anew and possibly differently on every reboot), or by a human-readable
* string such as "il0" (for managerial convenience).
[...]
*/
ifa_ifwithnet() was not only checking for the sdl_index in order
to get the corresponding ifp for AF_LINK sockaddr, it was also
iterating over all the addresses on your system! But in this
case, the `address' field of "struct sockaddr_dl" is an interface
name set by link_addr(3).
How can this work? Well because the kernel allocates an empty
`netmask' field for each interface's lladdr, so that you can
abuse a network comparison function to reimplement strcmp(3)...
So when the userland does not specify an interface index, try
harder to see if it passed an ifp name, but at least be explicit
and use ifunit().
Found the hard way by/ok sthen@
|
|
been verified; with & ok mikeb@
|
|
ok gilles@
|
|
context once. Simplify the code path by moving the loading from three
different places into ssl_ctx_create():
ok gilles@
|
|
ok beck@, miod@
|
|
ok bmercer@
|
|
oks from a bunch of people
|
|
versus supported sensors table filtering.
discussed with and ok mpi@
|
|
This is a getaddrinfo() flag that is defined thusly in RFC 3493:
If the AI_ADDRCONFIG flag is specified, IPv4 addresses shall be
returned only if an IPv4 address is configured on the local system,
and IPv6 addresses shall be returned only if an IPv6 address is
configured on the local system. The loopback address is not
considered for this case as valid as a configured address.
For example, when using the DNS, a query for AAAA records should
occur only if the node has at least one IPv6 address configured
(other than IPv6 loopback) and a query for A records should occur
only if the node has at least one IPv4 address configured (other
than the IPv4 loopback).
The flag is set by default when hints is NULL.
ok Eric Faurot, Jason McIntyre
|
|
Also check for _LP64 rather than __arch64__ (the former being more reliable
than __LP64__ or __arch64__) to tell 64-bit int platforms apart from 32-bit
int platforms.
Loosely based upon a diff from Martijn van Duren on tech@
|
|
Pointed out by LLVM.
fd.c:1378:29: error: if statement has empty body [-Werror,-Wempty-body]
ok miod@
|
|
http://marc.info/?l=openssl-dev&m=139779977532459&w=2
ok miod
|
|
but disabling attack mitigations is not safe. 0.9.6d contained a
workaround for an attack against CBC modes. 0.9.6e disabled it by default
because "some" implementations couldn't handle empty fragments. 12 years
have passed. Does anybody still care? Let's find out.
ok miod
|
|
Gebruiker Schoot.
|
|
|
|
toolchain creates them. This lets nm -w correctly return 0 for valid archives.
ok jasper@ deraadt@
|
|
|
|
|
|
|
|
ok tedu@
|
|
ping6 to ping by me without thinking clearly.
pointed out by deraadt@
OK jca@
|
|
from Helg Bredow, thanks!
input/OK reyk@
|
|
ok reyk@
|
|
|
|
With help from blambert@ and sthen@, tested by sthen@, benno@
and myself; ok blambert
|
|
|
|
|
|
|
|
payloads.
ok sthen@ krw@
|
|
Software is never "finished" but the implementation has matured enough
to drop the disclaimer about using it in production networks.
Thanks to markus@, mikeb@ and Hans-Joerg Hoexer for their significant
and ongoing work on improving iked(8).
Removal prompted by sthen@ and many others.
|
|
for hardware to set a ready bit actually delays.
ok krw@ deraadt@ 'sounds correct' miod@
|
|
|
|
snmp trap handler
|
|
callers that futzing with it will futz with the actual buffer
contents
|
|
report the error, close the database, and return failure from dbopen(),
such that the main program can recover and rebuild the database.
As noticed by stsp@, this can happen when database files are
accessible, but corrupt or in the wrong format, which will now
automatically be repaired.
Besides, use a safer idiom after sqlite3_open*() failure that also
handles out-of-memory situations correctly, and do not forget to
close the database after CREATE TABLE failure.
|
|
matches the architecture name required for man -S and apropos -S.
Adjust the case of LUNA68K to match the case of LUNA88K.
ok aoyama@
|
|
|
|
|
|
|
|
avoid unreadable/unmaintainable constructs like that:
const EVP_PKEY_ASN1_METHOD cmac_asn1_meth =
{
EVP_PKEY_CMAC,
EVP_PKEY_CMAC,
0,
"CMAC",
"OpenSSL CMAC method",
0,0,0,0,
0,0,0,
cmac_size,
0,
0,0,0,0,0,0,0,
cmac_key_free,
0,
0,0
};
ok matthew@ deraadt@
|
|
No functional change.
|
|
redefine OPENSSL_EXTERN from `extern' to `extern'.
|
|
declaration to pass -Wextra, should we want to add it to CFLAGS.
No binary change.
|
|
Before, libtool first searched all directories for .la files, and if
search failed, switched to actual libraries (.so/.a). But the correct way
is to check each directory first for .la, then for .so/.a.
The problem was reported by ajacoutot@ who verified that the patch fixes
his case and okay'ed the initial diff. And jasper@'s bulk uncovered a bug
which is fixed now (verified by another bulk).
|
|
|
