| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2014-06-05 | Fix sendmail improper close-on-exec flag handling (CVE-2014-3956) | Jasper Lievisse Adriaanse | |
| From FreeBSD SA-14:11 ok millert@ | |||
| 2014-06-01 | Correct version for disabling getserbyname_r to reduce diff with upstream | Andrew Fresh | |
| OK sthen@ miod@ | |||
| 2014-05-31 | Remove now unnecessary local patch to disable usemallocwrap on m68k | Andrew Fresh | |
| Sure miod@ | |||
| 2014-05-31 | Remove unneeded patch, upstream fixed this differently in 2008 | Andrew Fresh | |
| ok sthen@ | |||
| 2014-05-29 | We now use arc4random() so PERL_RANDOM_DEVICE is no longer needed. | Philip Guenther | |
| ok afresh@ | |||
| 2014-05-29 | To get a random seed, just call arc4random() instead of reading a | Philip Guenther | |
| word from the (deprecated) /dev/arandom. This also makes it work in chroot environments. ok deraadt@ afresh@ | |||
| 2014-05-28 | finally enable writing per-commit commitid tokens to rcs ,v files | joshua stein | |
| ok deraadt@ millert@ | |||
| 2014-05-27 | Enable strong stack protector by default for GCC 3 architectures. | Martynas Venckus | |
| Miod says all architectures work with it now (thanks to his fix for the pf.c bug). | |||
| 2014-05-08 | Recognize `t' as a valid format modifier for kprintf-style format strings. | Miod Vallat | |
| 2014-05-07 | Match search_string_def() prototype change, forgotten in previous protector.[ch] | Miod Vallat | |
| commit. | |||
| 2014-05-06 | When the stack protector heuristics doesn't cover a function, leave | Martynas Venckus | |
| a little pointer-sized gap before the return value. This protects from common off-by-one type of bugs and costs nothing: the attacker won't be able to overwrite return pointer. Developed at m2k14, thanks for the hackathon! | |||
| 2014-05-06 | Introduce -fstack-shuffle, which randomizes local stack variables. | Martynas Venckus | |
| This will make the environment more hostile and help detect bugs that depend on overrunning one variable into another, with almost no performance cost. Discussed with Theo at m2k14 hackathon. "oh god yes" tedu@, "oh nice" djm@ | |||
| 2014-05-06 | Remove the ``addressable'' argument to search_string_def(). Turned out to be | Miod Vallat | |
| a bad idea, for it causes false positives, which then can cause ICE trying to protect narrower-than-int incoming arguments, if building with -fstack-protector-all. From etoh@'s gcc 3.4 tree, unbreaks -fstack-protector-all on m88k (well, maybe not completely, but it makes it compile more files, such as pf.c which contains functions receiving uint16_t arguments pushed on the stack due to the exhaustion of caller-saved registers). | |||
| 2014-05-01 | Revert 1.49 (bad merge with free dejavu) | Miod Vallat | |
| 2014-05-01 | x86-64 ABI requires arrays greater than 16 bytes to be aligned to | Martynas Venckus | |
| 16byte boundary. However, GCC 16-byte aligns arrays of >=16 BITS, not BYTES. This diff improves bug detectability for code which has local arrays of [16 .. 127] bits: in those cases SSP will now detect even 1-byte overflows. OK kettenis@. Tested in snaps for a week. | |||
| 2014-04-22 | Remove KERBEROS5 from the Makefiles (except ssh for now, where it is | Reyk Floeter | |
| already manually disabled). ok deraadt@ | |||
| 2014-04-15 | Remove workarounds for ld reaching MAXDSIZ on vax, now that MAXDSIZ is | Miod Vallat | |
| more comfortable. Reminded by brad@ | |||
| 2014-04-13 | Clean up last bits of TCP_WRAPPERS and ELF_TOOLCHAIN. | Brad Smith | |
| ok miod@ | |||
| 2014-04-12 | Bring back the fix in r1.16 of the gcc 2.95 version of protector.c - the code | Miod Vallat | |
| was present, but commented. This fixes code generation of usr.sbin/dhcpd/memory.c!new_address_range() on vax. | |||
| 2014-04-10 | Revive the fix for Perl RT bug 116441 (null dereference affecting | Matthias Kilian | |
| mod_perl). ok sthen@ millert@ | |||
| 2014-04-08 | Build libgcc without SSP. With the new SSP-strong heuristics, | Martynas Venckus | |
| _moddi3.o gets protected and landisk bootblocks got broken. Fundamentally this causes a link dependency on libc that we'll not always be able to satisfy. Spotted by deraadt@. OK matthew@, kettenis@, guenther@. | |||
| 2014-04-06 | Add the missing addressing modes for the fucomip instruction. Surprisingly, | Miod Vallat | |
| fucompi was correct. Unbreaks www/webkit on i386. ok sthen@ | |||
| 2014-04-03 | Put back 1.11, lost during the last update; unbreaks NOPIC builds. | Miod Vallat | |
| ok deraadt@ | |||
| 2014-03-30 | Change the heuristics of -fstack-protector to select to protect | Martynas Venckus | |
| additional functions --- those that have local array definitions, or have references to local frame addresses. Note that upstream uses -fstack-protector-strong and misleads people: -fstack-protector, -fstack-protector-all, -fstack-protector-strong can you tell which one is safe? Luckily, OpenBSD has its own compiler and is able to do the right thing for security: this is enabled by default, and called -fstack-protector. OK deraadt@, miod@. Tested for 3 months. | |||
| 2014-03-27 | remove gets reference. ok espie | Ted Unangst | |
| 2014-03-26 | Make perl build in a non-writable src tree | afresh1 | |
| OK millert@ deraadt@ | |||
| 2014-03-24 | Merge perl-5.18.2 plus local patches, remove old files | afresh1 | |
| OK espie@ sthen@ deraadt@ | |||
| 2014-03-24 | Import perl-5.18.2 | afresh1 | |
| OK espie@ sthen@ deraadt@ | |||
| 2010-09-24 | Perl 5.12.2 from CPAN | Todd C. Miller | |
| 2006-03-28 | perl 5.8.8 import | Todd C. Miller | |
| 2003-12-03 | perl 5.8.2 from CPAN | Todd C. Miller | |
| 2002-10-27 | stock perl 5.8.0 from CPAN | Todd C. Miller | |
| 2001-05-24 | stock perl 5.6.1 | Todd C. Miller | |
| 2000-04-06 | virgin perl 5.6.0 | Todd C. Miller | |
| 2000-04-06 | virgin perl 5.6.0 | Todd C. Miller | |
| 1999-04-29 | perl5.005_03 | Todd C. Miller | |
| 1999-04-29 | perl5.005_03 | Todd C. Miller | |
| 1999-04-29 | perl5.005_03 | Todd C. Miller | |
| 1996-08-19 | Import of Perl 5.003 into the tree. Makefile.bsd-wrapper and | Jason Downs | |
| config.sh.OpenBSD are the only local changes. | |||
| 2014-03-19 | use smtpd man pages by default. ok deraadt jmc | Ted Unangst | |
| sendmail.8 note by jmc | |||
| 2014-03-13 | Add a few more instruction patterns that are apparently needed by gcc 4.8. | Mark Kettenis | |
| Taken from binutils 2.17. ok guenther@ | |||
| 2014-03-12 | no more rmail in base; ok millert | Jason McIntyre | |
| 2014-02-17 | Having CpuSMAP and Cpu64 overlap isn't a terribly good idea. | Mark Kettenis | |
| Makes it possible to build an i386 kernel with binutils-2.17 again. ok miod@ | |||
| 2014-02-15 | install man perlinterp so you can learn all about the interpreter | Ted Unangst | |
| 2014-02-09 | Add support for i386 XSAVE family of instructions: xgetbv, xsetbv, xsave, | Philip Guenther | |
| xrstor, and xsaveopt. based on kettenis's original that did xgetbv and xsetbv ok kettenis@ | |||
| 2014-02-07 | Update to sendmail 8.14.8. This touches a lot of files due to the | Todd C. Miller | |
| Sendmail, Inc -> Proofpoint name change. See RELEASE_NOTES for actual changes. | |||
| 2014-01-24 | Catch SIGPIPE to clean up temp files | Philip Guenther | |
| ok deraadt@ | |||
| 2014-01-20 | Add strong stack protector mode for the original propolice in GCC3. | Martynas Venckus | |
| This includes additional functions to be protected --- those that have local array definitions, or have references to local frame addresses. Miod verified that this works on real hardware, and not just on the cross-compiled monster I tested this on. | |||
| 2014-01-18 | Fix the NAME section: | Ingo Schwarze | |
| One .Nm macro per name, and pass punctuation a as seperate argument. Found with mandocdb(8). OK jmc@. | |||
| 2014-01-14 | Add wcstring attribute support for Wbounded. To be used for wchar.h | Martynas Venckus | |
| which operates on element counts rather than buffer sizes. I'll start annotating headers in a few weeks, after the hackathon. OK millert@. | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |