| Age | Commit message (Collapse) | Author |
|---|
|
Fixes CVE-2014-3470, from OpenSSL.
ok deraadt@
|
|
DTLS fragments.
Fix for CVE-2014-0195, from OpenSSL.
Reported to OpenSSL by Juri Aedla.
ok deraadt@ beck@
|
|
is unchecked, which would result in a later null pointer dereference.
While here, RSA_free, DH_free and EC_KEY_free all have implicit NULL
checks, so avoid repeating them here.
ok beck@
|
|
secret. This is an additional safeguard against early ChangeCipherSpec
handling.
From OpenSSL.
ok deraadt@
|
|
Without this an early ChangeCipherSpec message would result in session
keys being generated, along with the Finished hash for the handshake,
using an empty master secret.
For a detailed analysis see:
https://www.imperialviolet.org/2014/06/05/earlyccs.html
This is a fix for CVE-2014-0224, from OpenSSL.
This issue was reported to OpenSSL by KIKUCHI Masashi. Unfortunately the
recent OpenSSL commit was the first we were made aware of the issue.
ok deraadt@ sthen@
|
|
first, remember which failed, drop privs and then decide which sockets
are needed and close the others.
Only error out if the creation of a needed socket failed. That is it
is non-fatal if tracerouting an INET4 address and the INET6 socket
creations failed.
prodding deraadt@; OK benno@
|
|
|
|
|
|
|
|
From FreeBSD SA-14:11
ok millert@
|
|
Correctly account for this bit, otherwise we'll get the wrong result for some
inputs.
ok martynas@, daniel@
|
|
of strtonum() from millert@ sprinkled on top.
Also, we've always supported TZ for formatting dates, so say so.
ok jmc@ millert@
|
|
okay aja@, miod@ until Ingo figures things out.
(This fixes the
///sr/ports/pobj/p5-YAML-0.84/fake-amd64/usr/local/man/man3p/YAML::Loader::Base.3p: fopen: No such file or directory
style errors)
|
|
- Remove unnecessary includes
- bzero -> memset
- Better sanity checks and return value checks
- Use the tcphdr struct instead of tcpiphdr so that the program will
work even if there are IP options
- Use more conventional variable names and buffer sizes
Also add myself to the copyright.
ok deraadt@ sthen@
|
|
free()ing it, rather than in conditional code.
Also do not bother setting server_opaque_prf_input (server, not client) to
NULL in conditional code 10 lines after explicitely free()ing it and setting
it to NULL (were the developers afraid of zombie pointers?)
ok guenther@
|
|
A while back, pascal@ converted our system call stubs from using "cpp
| as" to "cc -x assembler-with-cpp", so there's no need to stay
compatible with ancient preprocessor semantics.
ok miod
|
|
(From Frantisek Boranek)
OK from miod@
|
|
vflush(9) succeed.
Problem reported by Helg Bredow.
OK sthen@
|
|
where it is feasible to do so. better safe than sorry.
|
|
since this function is optional get rid of the no-op ones.
ok ratchov@
|
|
system.
Yes, this is ugly for the moment because OpenBSD prevents you from
binding a tcp socket to broadcast address and checking for a broadcast
address is... funny! If you've ever wondered why would lead people to
write:
ina.s_addr != ia->ia_addr.sin_addr.s_addr
instead of:
ina.s_addr == ia->ia_broadaddr.sin_addr.s_addr
Well this is because all the IPv4 addresses belonging to your lo(4)
interfaces match the second idiom. Hopefully we'll get rid of this
hack soon.
ok jca@, mikeb@
|
|
byte packets" in the first line of traceroute output is the length of
the complete IP packet, fix this for traceroute6.
OK benno@
|
|
Apart from improving readability, this will help us reduce the number of
no-op functions now that some of them are optional.
ok ratchov@
|
|
OK benno@
|
|
ok blambert@, mikeb@
|
|
This is not compatible to our current schema where one kernel device
is attached per report ID of every USB HID device since the drivers
already strip the data buffers.
Fix a parsing issue reported by henning@
|
|
is not part of the address. From Remco <remco at d-compu.dyndns.org>,
thanks!
ok mpi@
|
|
use the domain specific tree initialisation method for this since that one
is multipath enabled and assumes that the radix node is part of a struct
rtentry. This code uses a different struct and so the multipath modifies
wrong fields and breaks stuff in mysterious ways.
Since we only support AF_INET here anyway simplify the code and only have
one radix_node_head pointer instead of AF_MAX ones.
Fixes NFS server issues reported by rpe@, OK rpe@, guenther@, sthen@
|
|
ok guenther
|
|
Found by Elliott @ google
ok mpi@
|
|
|
|
|
|
|
|
- \*(Gt -> >, per ingo
ok millert guenther
|
|
- even though "am i" is case insensitive, lowercase one example
for consistency
ok millert guenther
|
|
ok miod@
|
|
|
|
|
|
\*(Gt -> >, per ingo;
|
|
|
|
|
|
but we don't have collation support yet. Man bits OK jmc@
|
|
\*(Gt -> >, on ingo's advice;
|
|
an ENVIRONMENT section;
ok millert sobrado
|
|
left to the user to investigate, on guenther's advice;
ok guenther
|
|
query and ok jmc@
|
|
found while building portable OpenNTPD
ok henning@
|
|
|
|
ok krw@ kettenis@ mpi@
|
|
ok krw@ kettenis@ mpi@
|
