| Age | Commit message (Collapse) | Author |
|---|
|
OK jmc@ jasper@
|
|
Several functions that need to be redefined for a Windows port are right
in the middle of other code that is relatively portable. This patch
isolates the functions that need Windows-specific implementations so
they can be built conditionally in the portable tree.
ok jsing@ deraadt@
|
|
ok jsing@ deraadt@
|
|
EC_POINT_point2oct so that later allocation does not overflow
with miod
|
|
ok miod
|
|
from OpenSSL HEAD via Thomas Jakobi.
|
|
|
|
it at all, not even occasionally, because there is no sustainable
way (and even less any portable way) to maintain the list of library
names. Besides, without such a list, even the formatting looks bad.
OK jmc@ bentley@
|
|
|
|
|
|
|
|
it is assigned to the saved ID even if no new effective ID is given,
but the existing effective ID differs from the saved ID.
Update STANDARDS and purge the redundant CAVEATS section.
OK millert@ jmc@, no objections from tedu@
|
|
|
|
im going to delete support for it from mandoc(1)
|
|
The former is not used anywhere in NetBSD, FreeBSD, or DragonFly
and not supported by groff, so i'm going to delete it from mandoc(1).
We don't need two macros for the same thing.
|
|
|
|
from <kaspars at bankovskis dot net>, minimally tweaked by me;
ok guenther@ jmc@
|
|
(potentially) MD versions (function dependent, not filename dependent)
split out memcpy/memmove/bcopy and strchr/index/strrchr/rindex
Bring back amd64 .S versions
And the final touch: switch all architectures temporarily to MI
memcpy.c, which contains syslog + abort for overlapping copies. A nice
harsh undefined behaviour. We will clean the entire userland of the
remaining issues in this catagory, then switch to the optimised memcpy
which skips the memmove check.
I tried to cut this change into pieces, but testing each sub-step on
every architecture is too time consuming and mindnumbing.
ok miod
|
|
NetBSD.
|
|
|
|
escape it when it appears on a macro line.
|
|
found because the groff_mdoc(7) macros warn about it.
|
|
ssl3_send_client_key_exchange(), rather than checking it in the key
exchange algorithm specific code.
ok beck@ miod@
|
|
Reported by Felix Groebert of the Google Security Team.
ok beck@ miod@
|
|
crafted server response used in conjunction with an anonymous DH or
anonymous ECDH ciphersuite.
Fixes CVE-2014-3510, which is effectively a repeat of CVE-2014-3470 in
copied code.
Reported by Felix Groebert of the Google Security Team.
ok beck@ miod@
|
|
|
|
ok beck@ tedu@ miod@ guenther@ doug@ deraadt@
|
|
ok beck@ tedu@ miod@
|
|
Remove the remaining random casts on optval. Fixups for this can be handled by
the portability layer all in once place.
Remove remaining fake socklen_t unions, though beck@ points out that this also
removes support for socklen_t changing its length at runtime. RIP.
ok tedu@ beck@ miod@ deraadt@
|
|
ok beck@ miod@ tedu@ deraadt@
|
|
|
|
|
|
that it returns an error for invalid mode which matches our behavior.
OK jmc@ deraadt@
|
|
|
|
Remove the bug about rand() being faster.
Add a bug about historical implementations seeding very poorly.
|
|
the same text from random.3.
|
|
should be used in new code.
|
|
entries.
|
|
|
|
|
|
|
|
better to find one instead of continuing to mangle this mess.
|
|
only doing what's needed for crypt_hashpass. sigh.
|
|
write out a hash. also simplify writing out the hash.
|
|
|
|
------------------------------------------------------------------------
r246641 | jilles | 2013-02-10 15:09:15 -0800 (Sun, 10 Feb 2013) | 8 lines
fts: Use O_DIRECTORY when opening name that might be changed by attacker.
There are uncommon cases where fts_safe_changedir() may be called with a
non-NULL name that is not "..". Do not block or worse if an attacker put (a
(symlink to) a fifo or device where a directory used to be.
MFC after: 1 week
------------------------------------------------------------------------
r241010 | jilles | 2012-09-27 15:05:54 -0700 (Thu, 27 Sep 2012) | 9 lines
libc/fts: Use O_CLOEXEC for internal file descriptors.
Because fts keeps internal file descriptors open across calls, making such
descriptors close-on-exec helps not only multi-threaded applications but
also single-threaded applications.
In particular, this prevents passing a temporary file descriptor for saving
the current directory to processes created via find -exec.
------------------------------------------------------------------------
ports scan for possible O_CLOEXEC affected programs by sthen@
ok millert@
|
|
|
|
|
|
|
|
|
