summaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2016-10-08make clear the length printed is the requested lengthOtto Moerbeek
2016-10-07sort;Jason McIntyre
2016-10-07introduce a sysctl to hijack dns sockets. when set to a port number,Ted Unangst
all dns socket connections will be redirected to localhost:port. this could be a sockopt on the listening socket, but sysctl is an easier interface to work with right now. ok deraadt
2016-10-07rss limit is no longer enforced. noticed by Raimo NiskanenTed Unangst
2016-10-07grammar fix previous;Jason McIntyre
2016-10-07document "chunk canary corrupted" errorOtto Moerbeek
2016-10-07stray tabOtto Moerbeek
2016-10-07Beter implementation of chunk canaries: store size in chunk meta dataOtto Moerbeek
instead of chunk itself; does not change actual allocated size; ok tedu@
2016-10-05Fix some broken .Xr links, loosely based on a diffIngo Schwarze
from Rob Pierce <rob at 2keys dot ca>. The content of this page may also need expert attention, i suspect it may be lacking modern algorithms and over-emphasizing obsolete ones, but i dare not touch the content.
2016-10-04Use the userspace-visible thread register directly in __cerror insteadPhilip Guenther
of indirecting through __errno(). Register naming tweaks and clang testing by patrick@ and jsg@ ok kettenis@
2016-10-03Simplify code that sets up a stack frame for running .init code to be moreMark Kettenis
AEABI-like. ok tom@, jsg@
2016-10-03use the same type for buf as the return type in tls_load_fileBrent Cook
ok tedu@, noted by kinichiro
2016-10-02Add va_nlink information to struct kinfo_file (so bump the shlib minor)Philip Guenther
from Sebastien Marie
2016-10-02Check for and handle failure of HMAC_{Update,Final} or EVP_DecryptUpdate()Philip Guenther
based on openssl commit a5184a6c89ff954261e73d1e8691ab73b9b4b2d4 ok bcook@
2016-10-02Detect zero-length encrypted session data early, instead of when malloc(0)Philip Guenther
fails or the HMAC check fails. Noted independently by jsing@ and Kurt Cancemi (kurt (at) x64architecture.com) ok bcook@
2016-10-02In X509_cmp_time(), pass asn1_time_parse() the tag of the field beingPhilip Guenther
parsed so that a malformed GeneralizedTime field is recognized as an error instead of potentially being interpreted as if it was a valid UTCTime. Reported by Theofilos Petsios (theofilos (at) cs.columbia.edu) ok beck@ tedu@ jsing@
2016-09-30Make read(2) return EISDIR on directories.Jeremie Courreges-Anglas
Years ago Theo made read(2) return 0 on directories, instead of dumping the directory content. Another behavior is allowed as an extension by POSIX, returning an EISDIR error, as used on a few other systems. This behavior is deemed more useful as it helps spotting errors. This implies that it might break some setups. Ports bulk builds by ajacoutot@ and naddy@, ok millert@ bluhm@ naddy@ deraadt@
2016-09-28use the same template for describing securelevel interaction;Jason McIntyre
2016-09-28document kern.allowkmem; ok deraadtJason McIntyre
2016-09-26Now that vax has been removed, nothing defined MD_NO_CLEANUP anymore.Mark Kettenis
ok guenther@
2016-09-26sigsetmask() and sigblock() are no longer used by any setjmp implementationPhilip Guenther
so the internal hidden names are unused; switch to PROTO_DEPRECATED() and drop the DEF_WEAK()s
2016-09-24Fix matching when all of user, host and domain are specified.Todd C. Miller
OK guenther@
2016-09-23Append to CLEANFILES instead of replacing it, so libcrypto.pc isMartin Natano
deleted on make clean. ok millert
2016-09-23remove lib/libsqlite3, it has moved back to portsStuart Henderson
2016-09-23Unhook sqlite3.Stuart Henderson
2016-09-23s/alloctaed/allocated/ in commentPhilip Guenther
2014-09-29Update sqlite3 to 3.8.6. A list of changes are available here:James Turner
http://sqlite.org/releaselog/3_8_6.html. Tested in a bulk and ok landry@
2014-03-24Update sqlite to 3.8.4. A list of changes are available here:James Turner
http://sqlite.org/changes.html. Tested in a bulk and ok landry@
2013-09-21Update sqlite to 3.8.0.2. A list of changes are available here:James Turner
http://sqlite.org/changes.html. Tested in a bulk and ok landry@ ok espie@
2013-06-09Update to sqlite 3.7.17.Landry Breuil
See for changes: http://www.sqlite.org/releaselog/3_7_16.html http://www.sqlite.org/releaselog/3_7_16_1.html http://www.sqlite.org/releaselog/3_7_16_2.html http://www.sqlite.org/releaselog/3_7_17.html tested by sebastia@ on vax & sparc, by myself on hppa/amd64/sparc64/sgi/i386/macppc. looks ok to espie@ (a lot of kittens died during the preparation of this cvs import)
2013-03-18update to 3.7.15.2, tested by landry@/miod@Marc Espie
2012-11-29minor update to 3.7.14.1Marc Espie
2012-06-22import 3.7.13Marc Espie
okay jasper@
2012-05-22import sqlite 3.7.12 (tested by landry@)Marc Espie
2012-04-14sqlite 3.7.11 library, vendor sourcesMarc Espie
2016-09-22Simplify mips64 GOTSYM bits to eliminate a couple temp filesPhilip Guenther
Remove extra file truncation that the at-start bits rendered superfluous
2016-09-22Add copyrightPhilip Guenther
2016-09-22Switch from calling obsolete sig{block,setmask} to directly using thePhilip Guenther
sigprocmask syscall. abort() can't return, so simplify the call, and use the internal name to avoid the PLT. no-return observation by Miod Vallat, testing by aoyama@
2016-09-22m88k switched to RELROPhilip Guenther
2016-09-22Simplify __cerror now that %r27 is always the TCB pointer.Philip Guenther
Don't need a PLT relocation for __cerror. Move macros for doing internal aliases in ASM from SYS.h to DEFS.h __cerror tweaks by Miod Vallat, testing by aoyama@
2016-09-22Improve on code from the previous commit.Joel Sing
ok bcook@
2016-09-22Avoid unbounded memory growth, which can be triggered by a clientJoel Sing
repeatedly renegotiating and sending OCSP Status Request TLS extensions. Fix based on OpenSSL.
2016-09-22Check for packet with truncated DTLS cookie.Philip Guenther
Flip pointer comparison logic to avoid beyond-end-of-buffer pointers to make it less likely a compiler will decide to screw you. Based on parts of openssl commits 6f35f6deb5ca7daebe289f86477e061ce3ee5f46 and 89c2720298f875ac80777da2da88a64859775898 ok jsing@
2016-09-22Improve ticket validity checking when tlsext_ticket_key_cb() callbackPhilip Guenther
chooses a different HMAC algorithm. Avert memory leaks if the callback preps the HMAC in some way. Based on openssl commit 1bbe48ab149893a78bf99c8eb8895c928900a16f but retaining a pre-callback length check to guarantee the callback is provided the buffer that the API claims. ok bcook@ jsing@
2016-09-22revert documentation update for the clearning behavior we already revertedBrent Cook
2016-09-21no more KERN_ARND; ok deraadtJason McIntyre
2016-09-21Delete casts to off_t and size_t that are implied by assignmentsPhilip Guenther
or prototypes. Ditto for some of the char* and void* casts too. verified no change to instructions on ILP32 (i386) and LP64 (amd64) ok natano@ abluhm@ deraadt@ millert@
2016-09-20When _LIBUNWIND_ARM_EHABI is defined, include <link.h> to get theMark Kettenis
dl_unwind_find_exidx prototype. ok guenther@
2016-09-20Add $OpenBSD tagPhilip Guenther
2016-09-20Avoid selecting weak digests for (EC)DH when using SNI.Brent Cook
from OpenSSL: SSL_set_SSL_CTX is normally called for SNI after ClientHello has received and the digest to use for each certificate has been decided. The original ssl->cert contains the negotiated digests and is now copied to the new ssl->cert. noted by David Benjamin and Kinichiro Inoguchi