| Age | Commit message (Collapse) | Author |
|---|
|
go for it deraadt@
|
|
A large number of redistributed routes make ospf6d crash.
OK remi@, sthen@
|
|
regress on i386 after inoguchi moved some symbols to const.
ok inoguchi jsing deraadt
|
|
|
|
ok job, input claudio benno
|
|
ok job
|
|
Also include the group name in the general neighbor description.
Both issues reported by Patrick Velder
OK deraadt@
|
|
|
|
|
|
In compatibility mode, a TLSv1.3 server MUST send a dummy CCS message
immediately after its first handshake message. This is normally after the
ServerHello message, but it can be after the HelloRetryRequest message.
As such we accept one CCS message from the server during the handshake.
However, it turns out that in the HelloRetryRequest case, Facebook's fizz
TLSv1.3 stack sends CCS messages after both the HelloRetryRequest message
and the ServerHello message. This is unexpected and as far as I'm aware,
no other TLSv1.3 implementation does this. Unfortunately the RFC is rather
ambiguous here, which probably means it is not strictly an RFC violation.
Relax the CCS message handling to allow two dummy CCS messages during a
TLSv1.3. This makes our TLSv1.3 client work with Facebook Fizz when HRR
is triggered.
Issue discovered by inoguchi@ and investigated by tb@.
ok deraadt@ tb@
|
|
Makefile omitted by mistake from commit tJPIjljmTjZW
ok djm@ deraadt@
|
|
ok djm@ deraadt@
|
|
configure EDH-based cipher suites with Perfect Forward Secrecy (PFS)
for older clients that do not support ECDHE. Problem noticed and
initial diff by Jesper Wallin, thanks!
ok kn@
|
|
|
|
the output structures may still change but it should be a good starting
point for poeple to start playing with it.
OK benno@, job@, deraadt@
|
|
about the flags of the attribute. Part of the JSON output diff.
OK job@, benno@, deraadt@
|
|
can be changed easily. This will be used later on to add JSON output.
OK benno@, job@, deraadt@
|
|
community.
Issue reported by Steven Surdock ssurdock <at> engineered-net <dot> com
OK deraadt@ claudio@ sthen@
|
|
values only if the session is established or show it unconditonally (for
shutdown message and last notficiation error codes. Adjust show_attr()
a bit, print ORIGIN as string and add support for AID_VPN_IPv6.
General add some warning if length checks fail.
OK job@, benno@, deraadt@ as part of a bigger diff
|
|
Make it a log_debug() instead to reduce the noise seen on most full feeds.
The DFZ is currently not clean enough to properly drop AS 0 in that case.
OK job@ deraadt@
|
|
ok sthen@, deraadt@
|
|
is compared to one received via PFKEY which results in garbage.
Found by Rene Ammerlaan <rj (dot) ammerlaan (at) sungai (dot) nl>
ok patrick@
|
|
passed in when setting the RTC time instead of the global time_second.
ok mpi@
|
|
and save a bunch of redundant code.
Patch from loic AT venez.fr; ok markus@ djm@
|
|
When the DAG truncates an ISD::ADDE node, DAGCombiner may optimize it
by making an adde with smaller operands. PowerPC has i1 registers,
and may truncate an i32 adde to i1, but an i1 adde is not legal for
PowerPC, and the legalize-ops phase can't fix it. This was causing
"fatal error: error in backend: Cannot select..."
cwen@ reported the error
ok mortimer@ kettenis@ deraadt@
|
|
ok tb@
|
|
ok hackroom@
|
|
DH group (as negotiated by IKE_SA_INIT) instead of one from the configured
policy. Not doing so may result in INVALID_KE errors.
ok patrick@
|
|
amd64/arm64/armv7/i386/hppa/sparc64 and move it to the end of machdep.c.
Wrap the existing time_read and time_write hooks into something that
can be used as a todr_handle.
ok mpi@
|
|
amd64/arm64/armv7/i386/sparc64 and move it to the end of machdep.c. Rework the
actual implementation for the MC14818 compatible RTC into something that can
be used as a todr_handle just like on amd64.
ok mpi@
|
|
interact with the per-policy active/passive options.
ok kn@
|
|
ok deraadt@
|
|
|
|
error response after the file has been opened. Otherwise the source()
and sink() can become desyncronised. Reported by Daniel Goujot,
Georges-Axel Jaloyan, Ryan Lahfa, and David Naccache.
ok deraadt@ markus@
|
|
|
|
private keys using "ssh-keygen -i"; spotted by Michael Forney
|
|
were actually in the old format; fix from Michael Forney
|
|
This script was written before OpenSSH switched to new-format private
keys by default and was never updated to the change (until now)
From Michael Forney
|
|
input does not contain one; from Michael Forney
|
|
|
|
ok sthen@, patrick@
|
|
It is possible to do this by abusing the EVP_CTRL_INIT API.
Pointed out by jsing.
ok inoguchi jsing (as part of a larger diff)
|
|
reported by Gordon Bergling <gbergling at gmail dot com>
|
|
|
|
|
|
|
|
OK deraadt@
|
|
ok job benno claudio
|
|
the window (it must stay in the global set or tmux will crash). GitHub
issue 2188.
|
|
Besides making things simpler, this allows libsndio to figure out that
this is a control affecting all inputs (outputs) that needs to be
exposed.
|
