| Age | Commit message (Collapse) | Author |
|---|
|
|
|
libexpat. Remove obsolete header files, missed in previous commit.
|
|
- CVE-2017-9233 CVE-2016-9063 CVE-2016-5300 CVE-2016-4472 CVE-2016-0718
CVE-2015-2716 CVE-2015-1283 CVE-2012-6702 CVE-2012-0876 have been
addressed. Not all of them affect OpenBSD as we had fixes before.
- Upstream uses arc4random_buf(3) now. Delete all code for other
entropy sources to make sure to compile the correct one. Our
library already used arc4random(3) before.
- The overflow fixes in rev 1.11 and 1.12 of lib/xmlparse.c
have been commited upstream in a different way. Use the upstream
code to make maintenance easier.
- Although it should be ABI compatible, there is a new global
symbol align_limit_to_full_utf8_characters. As it is in
lib/internal.h, add a Symbols.map to restrict the export. Do not
bump the shared library version.
- Use the internal expat's siphash.h.
ports build ajacoutot@; move ahead deraadt@
|
|
event_pending, evtimer_pending, and signal_pending all write to the
timeval because that's how they tell the caller when the event is
meant to fire.
ok deraadt@ millert@ jmc@ schwarze@
|
|
just fall into the code. The .align created a FILL zone in the .init section,
which on i386 was filled with a NOP-sled, something we want to get away
from.
discussed with kettenis and tom
|
|
we can prevent libcrypto from going behind our back and trying to read
passwords from standard input (which we may not be permitted to do).
Found by jsg@ with httpd and password protected keys.
|
|
|
|
|
|
|
|
duplicating clean up code.
|
|
The certificate verification code has special cases for self-signed
certificates and without this change, self-issued certificates (which it
seems are common place with openvpn/easyrsa) were also being included in
this category.
Based on BoringSSL.
Thanks to Dale Ghent <daleg at elemental dot org> for assisting in
identifying the issue and testing this fix.
ok inoguchi@
|
|
src/lib/libc/gen/tree.c is a copy of src/sys/kern/subr_tree.c, but with
annotations for symbol visibility. changes to one should be reflected
in the other.
the malloc debug code that uses RB code is ported to RBT.
because libc provides the RBT code, procmap doesn't have to reach into
the kernel and build subr_tree.c itself now.
mild enthusiasm from many
ok guenther@
|
|
programs will build even without a make depend first.
okay tb@ millert@
|
|
|
|
|
|
|
|
Delete useless \*(Gt and \*(Lt while here.
|
|
found with mandoc -Tlint
|
|
|
|
with mandoc -Tlint. While here, delete .Tn macros.
|
|
|
|
and broken delimiter syntax; found with mandoc -Tlint
|
|
|
|
when something went wrong. This allows to monitor whether the
system is under attack and that the attack has been prevented by
OpenBSD pledge(2).
OK deraadt@ millert@ jmc@
|
|
These hints are not recognized by clang's builtin assembler.
From the corresponding amd64 change. ok visa@ kettenis@
|
|
vmd(8)'s regression.
|
|
Reported by Gregor Best.
|
|
From FreeBSD via Jan Schreiber <jes at posteo ! de>, thanks!
OK tedu, bluhm
|
|
|
|
|
|
insertion sort (when the number of elements is < 7).
|
|
ok everybody
|
|
Prodded by kettenis@ and tedu@
|
|
|
|
|
|
has many small functions without significant local storage, therefore
less tail protection from -fstack-protector-strong to prevent their use
as ROP gadgets. It is used in security contexts. Also many functions
dribble pointers onto the stack, allowing discovery of gadgets via the
fixed relative addresses, so let's randomly bias those.
ok tedu jsing
The rc script will soon need a strategy for skipping this step on
machines with poor IO performance. Or maybe do it less often? However,
I don't see many more libraries we'll do this with, these are the two
most important ones.
|
|
function calls, but instead a "class" of functions like "sigsetops".
Rename to sigaddset", and while at it improve documentation in sigprocmask(2)
to point to it.
ok tedu
|
|
|
|
|
|
Not enabled yet, it needs some SPINLOCK_SPIN_HOOK love and
some bumps.
Tested by many including sthen@ in a bulk.
ok visa@, sthen@, kettenis@, tedu@
|
|
Reported by Robert Swiecki, who found the issue using honggfuzz.
ok bcook@
|
|
From Kyle J. McKay <mackyle at gmail dot com>
|
|
Previously they would be swapped a byte at a time when sizeof(int)
!= sizeof(long). Idea from FreeBSD.
|
|
exceeds 2 lg N and add a reference to the introsort paper.
|
|
when the recursion depth reaches 2*lg(n + 1). This avoids quicksort's
quadratic behavior for pathological input without appreciably
changing the average run time.
|
|
side of the array being partitioned to save on stack space. Greater
savings can be gained by choosing recursion for the smaller side
of the partition and eliminating recursion for the larger side.
This also results in a small but measurable performance gain.
OK otto@ schwarze@
|
|
SSL_get_peer_certificate() increases the ref count whereas extra_certs
do not because SSL_get_peer_cert_chain() won't increase ref counts.
OK beck@
|
|
From "fenderq" on freenode via tj@
|
|
- document posix_memalign() does not play nice with reacallocarray(3) and
freezero(3)
|
|
sizeof(struct) not sizeof(pointer).
otto@ points out that on OpenBSD currently freezero() would have still
zeroed the entire allocation, but this is not documented behaviour and
may change in future.
ok tom@
|
