src - OpenBSD base system

Age	Commit message (Collapse)	Author
2016-08-22	Various clean up and reorganisation of the connection info handling code.	Joel Sing
	In particular, rename tls_free_conninfo() to tls_conninfo_free() and make it a real free function. Rename tls_get_conninfo() to tls_conninfo_populate() and have it allocate the struct tls_conninfo (after freeing any existing one). ok beck@
2016-08-22	Stick with the usual 'if NULL return NULL' idiom.	Joel Sing
	ok beck@
2016-08-22	Bump TLS_API due to the addition of server side SNI functions.	Joel Sing

2016-08-22	Bump libtls minor due to the addition of symbols.	Joel Sing

2016-08-22	Provide an API that enables server side SNI support - add the ability to	Joel Sing
	provide additional keypairs (via tls_config_add_keypair_{file,mem}()) and allow the server to determine what servername the client requested (via tls_conn_servername()). ok beck@
2016-08-22	Create contexts for server side SNI - these include the additional SSL_CTX	Joel Sing
	that is required for certificate switching with libssl and the certificate itself so that we can match against the subject and SANs. Hook up the servername callback and switch to the appropriate SSL_CTX if we find a matching certificate. ok beck@
2016-08-21	bugfix: when fgetwc(3) fails, fgetwln(3) must fail as well;	Ingo Schwarze
	OK jca@ martijn@ millert@
2016-08-21	fix obvious typo in the .Dt section number	Ingo Schwarze

2016-08-20	Sync connect_wait() example with its real usage in ftp(1).	Todd C. Miller

2016-08-20	Declare all _asr_* debug functions as hidden.	Jeremie Courreges-Anglas
	Reported by & similar diff by guenther@ some time ago, ok eric@
2016-08-18	Add an EXAMPLES section that illustrates how to deal with connect(2)	Todd C. Miller
	returning EINTR. OK jung@ deraadt@
2016-08-18	Split out the TLS server SSL_CTX allocation and configuration code, so	Joel Sing
	that it can be reused to allocate the additional SSL_CTXs needed for SNI. ok reyk@
2016-08-18	Rework parts of the libtls man page for clarity. Split out the connection	Joel Sing
	information related functions under their own heading and dedup the text relating to when these functions can be called. With input from and ok jmc@
2016-08-17	% is escaped with more %, not backslash.	Ted Unangst

2016-08-17	Generate syslog warnings for %s fmt strings NULL to "(null)" conversions.	Theo de Raadt
	Over time we can repair software which performs this non-standard behaviour, and fix bugs along the way. Let's first find out how bad the situation is by deploying this in snapshots. This type of logging is possible because OpenBSD syslog_r(3) -> sendsyslog(2) is side-effect free enough to be used in the bowels of libc. ok tedu
2016-08-17	wrterror() is fatal, delete dead code; ok tom@ natano@ tedu@	Otto Moerbeek

2016-08-15	The tls_conninfo serial is also unused.	Joel Sing

2016-08-15	Group conninfo fields by connection and peer cert based information,	Joel Sing
	sort and remove unused fingerprint.
2016-08-15	Fix some style(9) issues.	Joel Sing

2016-08-15	Explicitly pass in an SSL_CTX * to the functions that operate on one,	Joel Sing
	instead of assuming that they should use the one associated with the TLS context. This allows these functions to be used with the additional SSL contexts that are needed to support server-side SNI. Also rename tls_configure_keypair() to tls_configure_ssl_keypair(), so that these functions have a common prefix. ok reyk@
2016-08-15	add a bit of spacing to previous, to keep the notes about deprecated	Jason McIntyre
	functions out the way of the main body; ok guenther
2016-08-14	Reduce qabs() and qdiv() to aliases of llabs() and lldiv().	Philip Guenther
	Merge the manual pages and call them deprecated there. ok and manpage tweak jmc@, ok natano@
2016-08-14	Refer to /etc/passwd consistently as the "legacy password file" and	Theo Buehler
	remove some references to differences between versions 6 and 7. ok jmc, millert, tedu
2016-08-13	modern interfaces should use modern speelings, so spell quad_t as int64_t.	Ted Unangst

2016-08-13	Avoid leaking memory if tls_config_set_alpn() is called multiple times	Joel Sing
	(this was in the original commit, but got reverted in the recommit).
2016-08-13	Load CA, certificate and key files into memory when the appropriate	Joel Sing
	tls_config_set_*_file() function is called. This allows us to immediately propagate useful error messages, play more nicely with privsep/pledge and have a single code path. Instead of always loading the default CA when tls_config_new() is called, defer and only load the default CA when tls_configure() is invoked, if a CA has not already been specified. ok beck@ bluhm@
2016-08-12	Bump libtls minor due to symbol additions.	Joel Sing

2016-08-12	Add ALPN support to libtls.	Joel Sing
	ok beck@ doug@
2016-08-11	Between relro and previous RWX work, the __{got,plt}_{start,end} symbols	Philip Guenther
	are no longer needed by ld.so. Move them to the m88k-specific list, as it hasn't made the jump. ok deraadt@
2016-08-10	armish handled some early-gen arm machines, which required tons of	Theo de Raadt
	workarounds. Some of them will soon stand in the way of armv7. Off to the attic you go.
2016-08-09	Expand the asynchronous connect information and move it out of	Todd C. Miller
	ERRORS and into a new second paragraph. Adapted from NetBSD. OK deraadt@ jmc@
2016-08-09	Document that connect goes async when interrupted by signal.	Todd C. Miller

2016-08-08	Look for a PT_GNU_RELRO section and, if present, mprotect that range	Philip Guenther
	instead of the [__got_start, __got_end) range. Also, instead of mprotecting the [__plt_start, __plt_end) range, just scan for sections which are both writable and executable and mprotect them to read-only. (This part was stolen from kettenis@) ok kettenis@
2016-08-07	Update the link for the getentropy(2) manual to man.openbsd.org/	Theo Buehler
	ok deraadt@
2016-08-07	Teach mips64 to pass &_DYNAMIC to _dl_boot_bind().	Philip Guenther
	mips64be testing by deraadt@
2016-08-07	alpha already calculates &_DYNAMIC for the _reloc_alpha_got() call, so	Philip Guenther
	save that and pass it to _dl_boot_bind() too
2016-08-07	Teach i386 to pass &_DYNAMIC to _dl_boot_bind()	Philip Guenther

2016-08-07	Psych: amd64 has been passing &_DYNAMIC to _dl_boot_bind() for 19 months	Philip Guenther

2016-08-07	Flip the #ifdef logic: amd64, i386, and mips64 were the only static PIE	Philip Guenther
	archs using the #else case
2016-08-07	Add XOR cookies for lr and sp. Stop saving/restoring r12 to/from the jmpbuf.	Philip Guenther
	Switch from calling obsolete sig{block,setmask} to directly using the sigprocmask syscall. ok deraadt@ kettenis@
2016-08-06	Use internal names for __errno, _memcpy, memset, and {,_}{set,long}jmp	Philip Guenther
	Eliminate pointless use of PIC_SYM() Split out DEFS.h from SYS.h like some other archs ok kettenis@ deraadt@
2016-08-05	Do not *printf %s NULL	Theo de Raadt
	ok bcook
2016-08-05	Obvious minor fixes:	Ingo Schwarze
	* Add missing .Dv, .Ev, and .Fa macros. * Delete deprecated .Tn macros. * Mark up global variable names with .Va, not with .Fa or .Li. * Mark up config file commands with .Ic, not with .Fa. * Fix HISTORY, trivial to verify from the CSRG archive CD.
2016-08-05	grammar fix;	Jason McIntyre

2016-08-05	Make RES_OPTIONS point directly to resolv.conf(5) instead of going through	Martijn van Duren
	resolver(3). OK jmc@
2016-08-02	Revert previous since it adds new symbols.	Joel Sing
	Requested by deraadt@
2016-08-01	Bump TLS_API for addition of ALPN support.	Joel Sing

2016-08-01	Add ALPN support to libtls.	Joel Sing
	ok beck@ doug@
2016-07-31	bump for LibreSSL 2.5.x	Brent Cook

2016-07-29	Fix regression introduced by patch to CVE-2016-0718: Tag names were cut off ↵	Remi Pointel
	in some cases.