Age | Commit message (Collapse) | Author |
|
members to 64bit types. Assign new syscall numbers for (almost
all) the syscalls that involve the affected types, including anything
with time_t, timeval, itimerval, timespec, rusage, dirent, stat,
or kevent arguments. Add a d_off member to struct dirent and replace
getdirentries() with getdents(), thus immensely simplifying and
accelerating telldir/seekdir. Build perl with -DBIG_TIME.
Bump the major on every single base library: the compat bits included
here are only good enough to make the transition; the T32 compat
option will be burned as soon as we've reached the new world are
are happy with the snapshots for all architectures.
DANGER: ABI incompatibility. Updating to this kernel requires extra
work or you won't be able to login: install a snapshot instead.
Much assistance in fixing userland issues from deraadt@ and tedu@
and build assistance from todd@ and otto@
|
|
|
|
|
|
hyphen in their official programming guide sometime between 2003 and
2005, and Clang's integrated assembler does not support hyphenated
mnemonics.
ok jsg, deraadt
|
|
from the openssl git (changes between openssl 1.0.1c and 1.0.1d).
ok djm@
|
|
|
|
|
|
- additional cert's from GlobalSign.
- additional cert's from VeriSign and replace existing ones with
'Signature Algorithm: md2WithRSAEncryption' with their currently
distributed sha1WithRSAEncryption versions.
- new CAs: AddTrust (root for most Comodo certificates also heavily
used in academic networks), Comodo (most of their certs are rooted in
AddTrust but TERENA use the Comodo AAA Certificate Services root
for some things so add that separately), UserTrust Network/UTN
(part of Comodo) and Starfield (part of Go Daddy).
|
|
ok beck@ william@ todd@
|
|
and include sha1 signatures for all certs (some were missing).
No certificate changes, this is just for consistency. ok beck@
|
|
Remove intermediate GoDaddy certificate, this file should just contain roots.
ok beck@ phessler@
|
|
have to go through the PLT/GOT to get at them anymore. In fact going through
the GOT now fails since we no longer have a GOT entry for OPENSSL_ia32cap_P.
Fixes the problem spotted by jasper@ and sthen@. Based on a diff from mikeb@
who did most of the actual work of tracking down the issue.
ok millert@, mikeb@
|
|
Disable use of dladdr() on a.out arches, they do not provide it (yet);
|
|
major cranks
|
|
|
|
|
|
|
|
and __PIC__ defines. Makes things easier for PIE.
ok djm@
|
|
ok guenther@
|
|
jmc@ noticed this in the manpage while updating it, but it applies here too.
|
|
Brad, jasper and naddy helped with test builds, fixing ports, etc.
|
|
ok miod@ deraadt@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Configure script.
ok deraadt@
|
|
Allows https checkouts from github to work.
- Add digicert's other root certs.
Fingerprints carefully checked against those in the built-in roots
supplied with Mozilla.
ok dcoppa@ jcs@
|
|
Small test by marco@ and md5 /usr/lib/libcrypto.so.19.0 agrees.
|
|
build on i386. This enables SSE2 optimizations for bignum multiplications,
Montgomery multiplications and sha512.
This speeds up Diffie-Hellman operations in isakmpd and iked quite
a bit. OK djm@, markus@, mikeb@
|
|
discussed with lots of people, tested by naddy@,
"move fast" deraadt@
|
|
DigiCert High Assurance CA-3
Go Daddy Secure Certification Authority/serialNumber=07969287
Equifax Secure Certificate Authority
VeriSign Class 3 Public Primary Certification Authority - G5
Entrust Certification Authority - L1C
Entrust.net Secure Server Certification Authority
ok mikeb@ beck@ fgsch@
constant prodding by marco@
|
|
months since it was introduced so it's safe to assume people have this dir now.
ok deraadt@
|
|
the openssl and libz versions:
- use a generic ${lib_version}
- define ${version_file} to look run ${version_re} on to
acquire the library version.
- add license
- remove unused -k flag
no change in generated files
ok sthen@
|
|
ok sthen@
|
|
"if you have checked this I am ok with it" does not mean
1) not to pay attention to breaking news after I tell you that and
2) not to get ok's from the others this had been shown to.
I am absolutely not ok with thig going in with only *my* ok. There's a reason why we want more than one ok on important commits
ok deraadt@ for the backout
|
|
DigiCert High Assurance CA-3
Go Daddy Secure Certification Authority
COMODO High-Assurance Secure Server CA
Equifax Secure Certificate Authority
VeriSign Class 3 Public Primary Certification Authority - G5
Entrust Certification Authority - L1C
Entrust.net Secure Server Certification Authority
cross checked with mozilla
ok beck@
|
|
Fixes build on NFS src with no root access. ok jasper@
|
|
ok beck@ fgsch@
|
|
ok markus@ jasper@ miod@
AFAIK nothing in base uses this, though apache2 from ports may be affected.
|
|
test -n "`pkg-config --cflags openssl`"
don't assume that OpenSSL isn't available.
ok miod@, sthen@, ajacoutot@, djm@
|
|
prompted by brad
|
|
- zap a trailing tab
|
|
common/encouraged practice
|
|
projects depend on being present (e.g. various ports).
as discussed with various porters in a hungarian spa
help/feedback from ingo@ and also OK halex@
no objections from djm@
|
|
file it will be used from.
requested by/ok mikeb@
|
|
which should have been declared as CRYPTO_ALGORITHM_MAX + 1,
fix this and reserve enough space for the VIA additions as well.
ok/comments from mikeb & deraadt
|
|
http://www.openssl.org/news/secadv_20101202.txt.
where clients could modify the stored session
cache ciphersuite and in some cases even downgrade the suite to weaker ones.
This code is not enabled by default.
ok djm@
|