summaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2009-02-09ignore evironment variables if the program is setuid or setgidAlexandre Ratchov
explained by deraadt, ok miod, ok millert
2009-02-04update the default socket paths, to reflect recent aucat changesAlexandre Ratchov
2009-02-04Tag ELF shared libraries as OpenBSD.Mark Kettenis
ok kurt@, drahn@, miod@
2009-02-04explain that it's ok if we get a slightly different rate thanAlexandre Ratchov
the one we asked for, from Thomas Pfaff <tpfaff(at)tp76.info> with tweaks from jmc@
2009-02-04Programs have no direct access do the device file descriptor. So, ifAlexandre Ratchov
the programs calls execvp(2), the new image can't use the device, which stays open, so other programs get EBUSY. Set the close-on-exec flag to avoid this. ok jakemsr
2009-02-03in server mode, create /tmp/aucat-userid/ directory withAlexandre Ratchov
permissions 0700, and create sockets in it. This prevents one local user to eavesdrop or disturb audio programs of other users. if you're using the ``-s socket'' option with an absolute path as argument, please update it to use a socket name. requested by many, bits from jakemsr and otto ok jakemsr
2009-01-31fix typoPierre-Yves Ritschard
ok jmc@
2009-01-30Change section: we're talking about the symlink system call, not thePhilip Guenthe
generic symlink info ok jmc@
2009-01-30tweak previous;Jason McIntyre
2009-01-30missing ssl_sock_init() call in init_client() (used byDamien Miller
"openssl s_client"), fix an unlikely memory leak
2009-01-30remove some gratuitous changes that do nothing other than inreaseDamien Miller
the size of the diff against openssl mainline
2009-01-29Update to reflect renaming of the st_[acm]timespec members to st_[acm]timPhilip Guenthe
per the POSIX 1003.1-2008 spec. Also, tweak the information about what system calls hit which timestamps ok jmc@
2009-01-29from Yoshihiko Sarumaru, freebsd pr #76333: fseek(3) can clear EOF too;Jason McIntyre
ok millert
2009-01-21fix bugs section: clarify that sio_start() and sio_stop() shouldAlexandre Ratchov
not be used if blocking is not desirable.
2009-01-21explain what ``frame'' does meanAlexandre Ratchov
from Thomas Pfaff <tpfaff(at)tp76.info>, thanks! ok jmc
2009-01-21All operation on live kernels uses sysctl interface, there is no reason toMiod Vallat
access the swap area. Change kvm_open() to no longer require a swap area, and to not consider failure to open() it as fatal. Post-mortem analysis would need an image of the swap area at the time of the crash, anyway.
2009-01-21make declarations "C" to allow c++ code to compileAlexandre Ratchov
discussed with espie@, ok jakemsr@ and millert@
2009-01-17cleanup: remove prototypes of inexistent functions, move few privateAlexandre Ratchov
functions into private header file. suggested by espie@
2009-01-15Remove support for kerb4 '.' instance separator, kerb4 is dead. OK jacekm@Todd C. Miller
2009-01-14Re-enable pie support on macppc (still off by default but usableKurt Miller
again). Due to the way executable sections are loaded by the kernel, a one page .got section with the blrl instruction may be in the data cache and not flushed causing random crashes upon process startup. Flush the data cache before ___start() jumps there. Also mprotect the .got section to be read/exec instead of read/write/exec. ld.so knows how to cope and static binaries don't write to .got. written by and okay drahn@
2009-01-13Man page for wcstof(3), wcstod(3) and wcstold(3).Mark Kettenis
2009-01-13Crank minor because of addition of wcsto* functions.Mark Kettenis
2009-01-13Add wcstof(3) and wcstold(3).Mark Kettenis
ok miod@
2009-01-13Add wcstoimax(3) and wcstoumax(3).Mark Kettenis
ok miod@
2009-01-12replace s/routine/function/, as other manuals doAlexandre Ratchov
from Thomas Pfaff <tpfaff(at)tp76.info>, thanks! ok jmc@
2009-01-12convert a strdup (into a purpose-allocated buffer) in libcrypto to aDamien Miller
memcpy to avoid linker deprecation warnings; pointed out by dkrause@
2009-01-10make all private functions staticAlexandre Ratchov
2009-01-10The process number is longer used to replace trailing 'Xs'.Tobias Stoeckmann
ok jmc, millert
2009-01-09openssl-0.9.8j enables RFC3546 TLS extensions by default (e.g. the veryDamien Miller
useful "server name indication" that allows multihomed TLS server), so remove the #define to disable it here
2009-01-09adjust Makefile and crank major for openssl-0.9.8jDamien Miller
2009-01-09resolve conflictsDamien Miller
2009-01-09import openssl-0.9.8jDamien Miller
2009-01-08oops, i messed up tim's patch; correction from Tim van der MolenJason McIntyre
2009-01-08Add a missing MLINK for BIO_new_socket.Owain Ainsworth
Noticed by blambert@. Ok jmc@.
2009-01-08a little macro cleanup; from Tim van der MolenJason McIntyre
2009-01-05import openssl-0.9.8jDamien Miller
2009-01-05update to openssl-0.9.8i; tested by several, especially krw@Damien Miller
2009-01-03reintroduce extra malloc protections, but avoiding the use ofDamien Miller
PAGE_(SIZE|SHIFT|MASK) defines that evaluate to variables on the sparc architecture; ok otto@ tested on my reanimated ss20
2009-01-02Sync _kvm_kvatop with existing pmap code: handle direct mappings andMiod Vallat
level 2 large pages.
2008-12-31PAGE_SIZE is not a valid symbol to use in that way. In particular,Theo de Raadt
on sparc, it expands to something that just plain does not work, because the page size can be variable. Sorry we didn't spot this before. Backing it all out to allow sparc to build; please find a different way to fix it.
2008-12-30Remove mprotecting of struct dir_info introduced in previous commitDamien Miller
(MALLOC_OPTIONS=L). It was too slow to turn on by default, and we don't do optional security. requested by deraadt@ grumbling ok otto@
2008-12-29extra paranoia for malloc(3):Damien Miller
Move all runtime options into a structure that is made read-only (via mprotect) after initialisation to protect against attacks that overwrite options to turn off malloc protections (e.g. use-after-free) Allocate the main bookkeeping data (struct dir_info) using mmap(), thereby giving it an unpredictable address. Place a PROT_NONE guard page on either side to further frustrate attacks on it. Add a new 'L' option that maps struct dir_info PROT_NONE except when in the allocator code itself. Makes attacks on it basically impossible. feedback tedu deraadt otto canacar ok otto
2008-12-27Fix file descriptor leak in fts_children(); okay dhill@, millert@,Pedro Martelletto
tedu@, thib@.
2008-12-27when polling aucat(1) socket, don't set the POLLIN bit if weAlexandre Ratchov
don't expect messages. Avoids busy loops in programs calling poll(2) on a stopped device.
2008-12-27when using the aucat(1) backend, don't mask the POLLHUP bitAlexandre Ratchov
even if the device is not started yet. This way, if the server is killed programs can notice it.
2008-12-23repair the ARC4 story; ok jmc djm millertTheo de Raadt
2008-12-23ddb.console does not override machdep.kbdreset, so don't say it does;Jason McIntyre
2008-12-22document yp_maplist(); from Ingo SchwarzeJason McIntyre
ok deraadt
2008-12-22The example for detecting malicious PTR records could be easily misinterpreted.Jacek Masiulaniec
Make it less ambiguous; ok gilles@ claudio@
2008-12-22Let this compile with gcc 2.Miod Vallat