| Age | Commit message (Collapse) | Author |
|---|
|
ASN1_time_parse() was useful while OpenSSL didn't have something sort of
equivalent, but now they do. Let's retire ASN1_time_parse() to internal.
This will require some patching in ports, but shrug.
ok beck
|
|
ok beck
|
|
Like in libtls, we use ASN1_GENERALIZEDTIME_check() to ensure we actually
have a GeneralizedTime.
ok beck
|
|
Suggested by jsing@, ok tb@
|
|
|
|
This one is slightly annoying since ASN1_TIME_to_tm(3) doesn't provide a
direct check for a GeneralizedTime, so call ASN1_GENERALIZEDTIME_check()
as well. This means LibreSSL parses the time twice. Shrug.
ok beck
|
|
During r2k22 ported some of the missing OpenSSL ASN.1 time API. This is
a step towards removing the dependency of libtls on ASN1_time_parse().
The latter grew a dependency on CBS/CBB, and thus the choice is to pull
in all this code or to use a no longer maintained version of the API.
Both options are unappealing.
ok beck
|
|
timegm(3) is not available on some operating systems we support in
portable. We currently use musl's implementation, for which gcc-13
decided to emit warnings (which seem incorrect in general and are
irrelevant in this case anyway). Instead of patching this up and
diverge from upstream, we can avoid reports about compiler warnings
by simply not depending on this function.
Rework the caching of notBefore and notAfter by replacing timegm(3)
with asn1_time_tm_to_time_t(3). Also make this API properly error
checkable since at the time x509v3_cache_extensions(3) is called,
nothing is known about the cert, in particular not whether it isn't
malformed one way or the other.
suggested by and ok beck
|
|
|
|
the original varbindlist's index. In the case of a GetBulkRequest this
must never be larger than the length of the original varbindlist.
OK tb@
|
|
ok plus various improvements to the text by tb@
|
|
ok robert@
|
|
This fixes a potential uninitialized use of 'limits' in sftp_init() if
sftp_get_limits() returned early because of an unexpected message type.
ok djm@
|
|
|
|
OK mvs@ jca@
|
|
Reported by jsing@
|
|
|
|
fat. This includes all the o_flags member related defines.
if it compiles ship it/OK tb@
|
|
out of snmpd.h, which aren't used outside of smi.c
OK tb@
|
|
fancy is using it, we can simply rely on ober_oid_cmp().
OK tb@
|
|
OK tb@
|
|
won't have to rely on error-prone smi_oidlen.
OK tb@
|
|
create the struct oid and let parse.y supply the arguments.
OK tb@
|
|
ober_oid_cmp() directly.
OK tb@
|
|
benefit. Remove it and the last consumer of smi_foreach().
OK tb@
|
|
scalar .0 ourselves.
OK tb@
|
|
all the symbol lists
|
|
as ntpd. ok deraadt@
|
|
In rtalloc() and rtalloc_mpath() declare the parameter dst as const
sockaddr. This makes MP safe route lookup easier as the destination
address is definitely not modified during the operation. Array
rti_info, the central data structure with addresses for route
matching, contains constant sockaddr now.
OK mvs@ dlg@
|
|
|
|
|
|
The actual headers list still needs to be fixed on !(amd64)
|
|
|
|
|
|
|
|
ok deraadt@
|
|
BTI and PAC again by default on OpenBSD.
ok robert@
|
|
The rti_info array is used to describe routes that should be found
by lookup. Modifying the addreses in it is not a good idea. There
were places where rtm_xaddrs() tried to fix the address family
instead of validating it. Replace the modification with a check
and error out with EAFNOSUPPORT on failure. Route labels always
have AF_UNSPEC and the other types are not used anyway.
OK kn@
|
|
application_legacy.c companion.
OK tb@
|
|
get registered under their own backend name, so that they can't overlap
with the internal regions. This removes the last consumer of mps.c
OK tb@
|
|
pointed out by bluhm@
|
|
the rtable which should be serialised to ensure they're consistent.
unfortunately, rt_setgate is called from the network stack while it's
only holding shared NET_LOCK.
this uses the [X] protections as described in route.h to serialise the
changes, and reworks the code to try and keep enough stuff linked up
properly during the changes that it will still work if another cpu is
still using the rtentry structs while they still have shared net lock.
tested by and ok bluhm@
|
|
from dhill@
|
|
user to generate the AMDGPU includes in llvm-16
discussed with deraadt@
|
|
so instead of shipping the file internally, let's generate it and
install it with the rest of the headers; unbreaks xenocara build
|
|
ok dlg@
|
|
llvm-13
|
|
ok tb@
|
|
|
|
Mostly a dummy commit so that the last llvm commit ends up in the git export.
(No idea whether it's actually/still needed but it can't hurt.)
|
