| Age | Commit message (Collapse) | Author |
|---|
|
We know when pltime or vltime decrease to zero. Run nd6_expire then.
Input & OK mpi, bluhm
|
|
truncate the length of a syslog message to 8192 bytes. Use one
global define LOG_MAXLINE for all of them.
OK deraadt@ millert@
|
|
conp in syslog(3) is unused. Remove dead code.
OK jca@ deraadt@
|
|
change _ctype_, _tolower_tab_, and _toupper_tab_.
No functional change.
Suggested by and OK kettenis@
|
|
OK deraadt@
|
|
ok mlarkin@
|
|
clang on that platform.
ok millert@
|
|
than .Fn for it, it is documented sigblock(3) as noticed by jmc@;
some minor typo and punctuation cleanup while here;
OK jmc@
|
|
found with regress/usr.bin/mandoc/db/dbm_dump;
OK jmc@
|
|
isn't the same size on all our architectures and should only be used for
spin locks.
ok visa@, mpi@
|
|
from carlos cardenas
|
|
|
|
|
|
This work was sparked by the topic posted on hn by wuch. I am still not
sure that this fixes the defect he claims to have observed because I was
not able to create a proper regress test for it to manifest.
To that end, a proof of concept is more than welcomed!
Thank you for the report!
Discussed with and OK kettenis@, tedu@.
|
|
"equality comparison with extraneous parentheses
[-Wparentheses-equality]" clang warning.
OK deraadt, kettenis
|
|
flag when compiling with gcc3.
ok espie@
|
|
based upon input being used unsafely (they are safe)
ok millert kettenis
|
|
then strays off the path to exec(). one common manifestation of this
problem occurs in pthread_join(), so we can add a little check there.
first person to hit this in real life gets to change the error message.
|
|
never get NUL-terminated and cause read buffer overruns.
This fixes for example segfaults in sftp(1) that could be triggered
by typing in an extremely long string (more than one line - the longer,
the likelier to crash), then hitting backspace once.
Problem reported and patch OK'ed by sthen@.
|
|
tricky, especially since the manpage is full of lies.
Try to make readers think twice before using them.
With oks and help from schwarze@, tedu@, sthen@, jmc@
|
|
tlsext_sni_serverhello_parse(). This also adds a check to ensure that
if we have an existing session, the name matches what we specified via
SNI.
ok doug@
|
|
and the new extension framework.
Feedback from doug@
ok inoguchi@
|
|
Missed in the original commit.
|
|
ok schwarze@
|
|
|
|
|
|
|
|
according to POSIX. Bring regression test and kernel in line for
amd64 and i386. Other architectures have to follow.
OK deraadt@ kettenis@
|
|
Change FMT_SIZE to 1024+1 for consistency. Do not loop over the
format string if there is no output space left.
OK deraadt@ millert@
|
|
no objections deraadt@
|
|
|
|
Do the same in sendsyslog(2) and document the behavior.
reported by Ilja Van Sprundel; OK millert@ deraadt@
|
|
Introduce a TLS extension handling framework that has per-extension type
functions to determine if an extension is needed, to build the extension
data and parse the extension data. This is somewhat analogous to BoringSSL,
however these build and parse functions are intentionally symetrical. The
framework is hooked into the existing TLS handling code in such a way that
we can gradual convert the extension handling code.
Convert the TLS Server Name Indication extension to the new framework,
while rewriting it to use CBB/CBS and be more strict in the process.
Discussed with beck@
ok inoguchi@
|
|
Reported by <dravion at ht-foss dot net>
|
|
longer tracks prefixes or default routers from router advertisements.
Pointed out by jmc.
ports tree grepping sthen, who only found nsh
OK mpi, sthen
|
|
this has no effect except to make ktrace output prettier.
ok bluhm mpi
|
|
okay millert@
|
|
definite value in the size == 0 case
|
|
ok jmc@ visa@
|
|
okay millert@
(forgot the obvious scanner.l tweak in my diff)
|
|
what the reader is using.
|
|
is not initialized. Problem spotted by Carlin Bingham; ok phessler@ tedu@
|
|
Based on a diff from Jack Burton <jack at saosce dot com dot au>, thanks!
|
|
|
|
enable CRL checking for the full certificate chain.
Based on a diff from Jack Burton <jack at saosce dot com dot au>, thanks!
Discussed with beck@
|
|
prefix if the character following it is a valid hex char. The C99
standard is clear that given the string "0xy" zero should be returned
and endptr set to point to the "x". OK deraadt@ espie@
|
|
|
|
on i386 and allows to compile the C++ test. Upstream dropped the
ULL in an insufficient attempt to make the siphash code C89 compatible.
Their fix will be more complicated.
No binary change.
|
|
exported symbols to the indended API. We do not need a Symbols.map
anymore. Major library bump is necessary as some internal functions
vanish from the ABI.
Discussed upstream with Sebastian Pipping; ports bulk build ajacoutot@;
OK deraadt@
|
|
TLS Server Name extension, however seemingly several clients (including
Python, Ruby and Safari) violate the RFC. Given that this is a fairly
widespread issue, if we receive a TLS Server Name extension that contains
an IP literal, pretend that we did not receive the extension rather than
causing a handshake failure.
Issue raised by jsg@
ok jsg@
|
