src - OpenBSD base system

Age	Commit message (Collapse)	Author
2014-07-09	remove unused, private version strings except SSL_version_str	bcook
	Also remove unused des_ver.h, which exports some of these strings, but is not installed. ok miod@ tedu@
2014-07-09	Make use of this wonderful modern C construct known as a `switch', instead of	Miod Vallat
	8-line if() tests.
2014-07-09	tedu bpf_mtap_pflog().	Henning Brauer
	now that it is a trivial wrapper around the extended bpf_mtap_hdr, we can use bpf_mtap_hdr directly. added benefit: pflog_bpfcopy doesn't need to be exported any more and can stay private to if_pflog.c ok benno bluhm reyk
2014-07-09	White spaces.	Antoine Jacoutot

2014-07-09	KNF	Miod Vallat

2014-07-09	config parser improvements:	Eric Faurot
	- fail if the same option is specified multiple times on a listener - prompt for queue encryption key after config parsing, not during. - add ip addresses to localnames table - prepare for filters
2014-07-09	Hopefully we are calculating the pkg size correctly by now;	Florian Obser
	no obj change. OK benno@
2014-07-09	We do have ICMP6_FILTER; no obj change.	Florian Obser
	OK benno@
2014-07-09	We do have SO_SNDBUF & SO_RCVBUF; no obj change.	Florian Obser
	OK benno@
2014-07-09	We do have NI_NODEADDR_FLAG_ANYCAST, no obj change.	Florian Obser
	OK benno@
2014-07-09	We do have SIGINFO; no obj change.	Florian Obser
	OK benno@
2014-07-09	We don't have IPV6_REACHCONF, no obj change after unifdef(1).	Florian Obser
	Further cleanup by hand lead to a obj change though. OK benno@
2014-07-09	Kill code commented since forever; no obj change.	Florian Obser
	OK benno@
2014-07-09	bpf code surgery / shuffling / simplification.	Henning Brauer
	the various bpf_mtap_* are very similiar, they differ in what (and to some extent how) they prepend something, and what copy function they pass to bpf_catchpacket. use an internal _bpf_mtap as "backend" for bpf_mtap and friends. extend bpf_mtap_hdr so that it covers all common cases: if dlen is 0, nothing gets prepended. copy function can be given, if NULL the default bpf_mcopy is used. adjust the existing bpf_mtap_hdr users to pass a NULL ptr for the copy fn. re-implement bpf_mtap_af as simple wrapper for bpf_mtap_hdr. re-implement bpf_mtap_ether using bpf_map_hdr re-implement bpf_mtap_pflog as trivial bpf_mtap_hdr wrapper ok bluhm benno
2014-07-09	Kill more FIPS tentacles by removing the private_AES_set_{enc,dec}rypt_key()	Miod Vallat
	internal interfaces, and promoting them to being the public AES_set_{enc,dec}rypt_key() interfaces. In non-FIPS mode, these public interfaces were directly calling the private ones. ok guenther@ jsing@
2014-07-09	Be more strict in RSA_padding_check_X931(), and thus avoid a possible	Miod Vallat
	memcpy() with a negative size. ok tedu@
2014-07-09	Remove typecasts on password_callback.	bcook
	Rather than casting password_callback to the correct function pointer signature at every call site, change it to match the signature instead. ok miod@ deraadt@ tedu@
2014-07-09	In the old days (not in this century), SSLeay 0.4.5 would create X.509 RSA	Miod Vallat
	signatures using the wrong oid for the signature type. The signature verification code has thus been modified to allow these signatures to be accepted, with a printf to stderr to notify the user something was fishy. Remove this chunk; these signatures will no longer get accepted. ok deraadt@ guenther@ jsing@ tedu@
2014-07-09	sync	Theo de Raadt

2014-07-09	Remove RSA_memory_lock(). This undocumented function sort-of serializes your	Miod Vallat
	RSA components to memory and clears them, but there is no unserializing function, so its usefulness is close to zero. A grep through the ports tree sources show that it is only present in ports embedding their own openssl copy, and never used otherwise. ok jsing@
2014-07-09	remove unused dynamic_cmd_defns_empty structure.	bcook
	ok miod@ deraadt@ guenther@
2014-07-09	need uvm/uvm_extern.h since no longer supplied below user.h	Theo de Raadt

2014-07-09	RSA_NULL used to be a compile option allowing the RSA interfaces to be	Miod Vallat
	compiled-in, with nonfunctional code, to be able to cope with the RSA patent. However, we don't use this option, and the RSA patent has expired more than 10 years ago, so just drop this piece.
2014-07-09	various fixes in experimental ldap backend and add support for mailaddr service.	Eric Faurot

2014-07-09	obvious need for systm.h, which no longer comes in from something user.h ↵	Theo de Raadt
	includes
2014-07-09	if you use sysctl, you need sysctl.h	Theo de Raadt

2014-07-09	pull in uvm/uvm_extern.h (before and) and instead pmap.h, and do not assume	Theo de Raadt
	that user.h's tentacles fetched it even earlier.
2014-07-09	KNF	Miod Vallat

2014-07-09	Set default of net.inet6.icmp6.nodeinfo to 0,	Sebastian Benoit
	disables responses to RFC4620 IPv6 Node Information Queries. ok florian henning bluhm
2014-07-09	instead of printf() use tbprintf() like elsewhere in systat.	Jasper Lievisse Adriaanse
	ok deraadt@ mpi@
2014-07-09	Fix boot -d. refreshcreds() should be called when trapping from userspace,	Philip Guenther
	but I flipped the test on i386/amd64, thus breaking kernel traps before enough proc0 bits were set up. In theory, this could have resulted in a NFS read for a page fault being done with a process's old credentials. pointed out by Patrick Wildt of bitrig
2014-07-09	Fix backtraces through _dl_bind_start by adding dwarf annotations for	Philip Guenther
	the stack adjustments/handling in the asm. Based on FreeBSD. ok kettenis@ matthew@
2014-07-09	format string should be a string literal.	bcook
	ok beck@ jsing@
2012-10-13	import OpenSSL-1.0.1c	Damien Miller

2009-04-06	import of OpenSSL 0.9.8k	Damien Miller

2014-07-09	update to lynx 2.8.8rel2, keeping local changes. primarily to get these	Daniel Dickman
	changes from 2.8.8dev.16: * fix most issues found by clang 3.2 analyze * fix most issues found by Coverity scan tested on i386, sparc64, and macppc by myself. tested on vax by miod@ (including https) helpful discussion with avsm@, sthen@ ok deraadt@
2014-07-09	downgrade more error() to debug() to better match what old authfile.c	Damien Miller
	did; suppresses spurious errors with hostbased authentication enabled
2014-07-09	more useful error message when GLOB_NOSPACE occurs;	Damien Miller
	bz#2254, patch from Orion Poplawski
2014-07-09	avoid being too smart when filling the rx ring.	David Gwynne

2014-07-09	dont try to be smart about avoiding the use of too many descriptors	David Gwynne
	when filling the rx ring. trust the hwm. problem found by sthen@
2014-07-08	sys/user.h can now be substantially gutted.	Theo de Raadt
	ok guenther
2014-07-08	Cannot find a reason for this to need machine/cpu.h	Theo de Raadt

1998-03-11	Lynx 2.8	Mats O Jansson

2014-07-08	also use inverted poison patterns, to mix things up. ok deraadt miod	Ted Unangst

2014-07-08	mention X Window System announcement.	Kirill Bychkov
	OK henning@
2014-07-08	Mark the weakened 40-bit export ciphers as invalid - no one in their right	Joel Sing
	mind should be using them. ok deraadt@ miod@
2014-07-08	update filter configuration parsing (not plugged yet)	Eric Faurot

2014-07-08	send correct imsg when enabling profiling at runtime	Eric Faurot

2014-07-08	Remove SSL_FIPS.	Joel Sing
	ok deraadt@ miod@
2014-07-08	update _POSIX2_FORT_RUN, so that sysconf(_SC_2_FORT_RUN) remains correct.	Ted Unangst
	because you care. reminded by matthew.