| Age | Commit message (Collapse) | Author |
|---|
|
fine jmc@
|
|
ok jmc@
|
|
ok jmc@
|
|
ok jmc@
|
|
ok jmc@
|
|
a lease. Will be reused in upcoming diff. No intentional behaviour
change.
|
|
|
|
no objection jmc@
|
|
bus_addr_t and bus_size_t are u_long everywhere
ok kettenis@
|
|
gcc does not like hh in kprintf and it does not make any difference due
to integer promotion rules. While there, remove some h's, too.
suggested by kettenis@
|
|
|
|
bus_space_tag_t is a pointer everywhere, except on i386, where it's an int.
Cast to long.
ok kettenis@
'Right idiom' deraadt@
|
|
This fixes a format string warning. No change to the format string is
necessary.
suggested by kettenis@
|
|
|
|
or the !SSLASM list of files applies. This allows for an arch-specific
Makefile.inc to not specify SSLASM.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if none is available. Fixes SSL/TLS and a possible fatalx() on
machines without a default RSA engine.
Thanks to Bjorn Ketelaars for reporting and testing.
ok gilles@ (for the relayd part)
|
|
This has the side effect of simplifying and reducing the differences
between the various *hci_alloc_*_chain() functions since they are the
principal place where we want to known if the transfer is a read or a
write.
|
|
|
|
inconsistancy between configured and unconfigured interfaces.
Requested by deraadt@
|
|
Submitted upstream by brad@ (and subsequently committed there).
ok jca@, mikeb@, brad@
|
|
in no IPv6 address, by appending '-inet6' to the generated hostname.<if>
file.
Less surprising to many people.
ok henning@ reyk@ beck@ rpe@
|
|
was removed from malloc.c 10 days ago.
OK from miod@
|
|
we don't need the horrible debug hack anymore that disabled privdrop
and chroot to get core dumps of privsep processes. No functional
change for the normal binary, only if it is compiled with the
non-default -DDEBUG option.
|
|
we don't need the horrible debug hack anymore that disabled privdrop
and chroot to get core dumps of privsep processes. No functional
change for the normal binary, only if it is compiled with the
non-default -DDEBUG option.
|
|
|
|
and FORK_SYSTEM as a flag to set them. This eliminates needing to
peek into other processes threads in various places. Inspired by NetBSD
ok miod@ matthew@
|
|
the /var/crash/programname/ directory, as root. For instance,
# mkdir /var/crash/bgpd/
# chmod 700 /var/crash/bgpd/ # If you skip this step, you are a moron
# sysctl kern.nosuidcoredump=3
# bgpd
# pkill -ABRT bgpd
# ls /var/crash/bgpd/
14764.core 23207.core 6423.core
Of course, in real life the idea is that you don't kill the daemon but it
crashes and you collect parallel cores. Careful you don't fill your /var.
Further tuneables are being considered.
Sorry to be picking on bgpd for this example. I've watched the "too
difficult to debug privsep code" angst for far too long.
ok guenther
|
|
is, so eliminate the check of the former and instead use the EINVAL
error for the latter. Also, consistently check for PS_EXITING
before check creds.
suggestion to split this from another diff miod@
|
|
|
|
uvm_uarea_alloc()
function name from NetBSD; arm testing by miod@
|
|
The sparcv9 BN code is not enabled, as it expects to run on a 32-bit
userland and will need to be fixed for 64-bit userland first.
|
|
Note that GCM128 Neon code is currently not built (and thus not tested), as
the current toolchain does not support Neon instructions.
|
|
will not get referenced if this condition is not met.
|
|
|
|
|
|
|
|
post-auth child. the new buffer code is more strict, and requires
buffer_init() while the old code was happy after a bzero();
originally from djm@
|
|
switch to generating them by default. prodded by deraadt and sthen
|
|
have resulted in a segfault. Also update the resulting output bytes now
that the invalid/corrupt input is detected and rejected; unless you're
using BIO_FLAGS_BASE64_NO_NL, in which case you still get a stream of
zero value bytes and no way of knowing that the data is invalid/corrupt.
|
|
handling of padding. This fixes a crash that can be triggered by feeding
base64 data followed by 64 or more padding characters, which results in a
negative output length.
This issue was reported by David Ramos, although the same bug has been
sitting in the OpenSSL RT since 2011:
https://rt.openssl.org/Ticket/Display.html?id=2608
Worse still, BIO_read seems to be completely unable to detect that the
base64 input was invalid/corrupt - in particular, enabling
BIO_FLAGS_BASE64_NO_NL results in a stream of zero value bytes rather than
no input (possibly a good replacement for /dev/null...), which could
result in nasty consequences. Prior to this fix some zero value bytes were
also injected without this flag being enabled.
The recently added base64 regress triggers and documents these issues
(and also ensures that this change retains functional behaviour).
|
|
2. Pull up the actual minor processing code into the switch that
parses it.
3. atoi is actually simpler than strtonum in this case, but check the
input beforehand so we don't get unexpected results.
4. Slightly more consistent style between various parse and check and
increment operations on salt.
ok deraadt
|
|
|
|
|
|
OK millert@
|
