src - OpenBSD base system

Age	Commit message (Collapse)	Author
2016-10-07	introduce a sysctl to hijack dns sockets. when set to a port number,	Ted Unangst
	all dns socket connections will be redirected to localhost:port. this could be a sockopt on the listening socket, but sysctl is an easier interface to work with right now. ok deraadt
2016-10-07	rss limit is no longer enforced. noticed by Raimo Niskanen	Ted Unangst

2016-10-07	grammar fix previous;	Jason McIntyre

2016-10-07	document "chunk canary corrupted" error	Otto Moerbeek

2016-10-07	stray tab	Otto Moerbeek

2016-10-07	Beter implementation of chunk canaries: store size in chunk meta data	Otto Moerbeek
	instead of chunk itself; does not change actual allocated size; ok tedu@
2016-10-05	Fix some broken .Xr links, loosely based on a diff	Ingo Schwarze
	from Rob Pierce <rob at 2keys dot ca>. The content of this page may also need expert attention, i suspect it may be lacking modern algorithms and over-emphasizing obsolete ones, but i dare not touch the content.
2016-10-04	Use the userspace-visible thread register directly in __cerror instead	Philip Guenther
	of indirecting through __errno(). Register naming tweaks and clang testing by patrick@ and jsg@ ok kettenis@
2016-10-03	Simplify code that sets up a stack frame for running .init code to be more	Mark Kettenis
	AEABI-like. ok tom@, jsg@
2016-10-03	use the same type for buf as the return type in tls_load_file	Brent Cook
	ok tedu@, noted by kinichiro
2016-10-02	Add va_nlink information to struct kinfo_file (so bump the shlib minor)	Philip Guenther
	from Sebastien Marie
2016-10-02	Check for and handle failure of HMAC_{Update,Final} or EVP_DecryptUpdate()	Philip Guenther
	based on openssl commit a5184a6c89ff954261e73d1e8691ab73b9b4b2d4 ok bcook@
2016-10-02	Detect zero-length encrypted session data early, instead of when malloc(0)	Philip Guenther
	fails or the HMAC check fails. Noted independently by jsing@ and Kurt Cancemi (kurt (at) x64architecture.com) ok bcook@
2016-10-02	In X509_cmp_time(), pass asn1_time_parse() the tag of the field being	Philip Guenther
	parsed so that a malformed GeneralizedTime field is recognized as an error instead of potentially being interpreted as if it was a valid UTCTime. Reported by Theofilos Petsios (theofilos (at) cs.columbia.edu) ok beck@ tedu@ jsing@
2016-09-30	Make read(2) return EISDIR on directories.	Jeremie Courreges-Anglas
	Years ago Theo made read(2) return 0 on directories, instead of dumping the directory content. Another behavior is allowed as an extension by POSIX, returning an EISDIR error, as used on a few other systems. This behavior is deemed more useful as it helps spotting errors. This implies that it might break some setups. Ports bulk builds by ajacoutot@ and naddy@, ok millert@ bluhm@ naddy@ deraadt@
2016-09-28	use the same template for describing securelevel interaction;	Jason McIntyre

2016-09-28	document kern.allowkmem; ok deraadt	Jason McIntyre

2016-09-26	Now that vax has been removed, nothing defined MD_NO_CLEANUP anymore.	Mark Kettenis
	ok guenther@
2016-09-26	sigsetmask() and sigblock() are no longer used by any setjmp implementation	Philip Guenther
	so the internal hidden names are unused; switch to PROTO_DEPRECATED() and drop the DEF_WEAK()s
2016-09-24	Fix matching when all of user, host and domain are specified.	Todd C. Miller
	OK guenther@
2016-09-23	Append to CLEANFILES instead of replacing it, so libcrypto.pc is	Martin Natano
	deleted on make clean. ok millert
2016-09-23	remove lib/libsqlite3, it has moved back to ports	Stuart Henderson

2016-09-23	Unhook sqlite3.	Stuart Henderson

2016-09-23	s/alloctaed/allocated/ in comment	Philip Guenther

2014-09-29	Update sqlite3 to 3.8.6. A list of changes are available here:	James Turner
	http://sqlite.org/releaselog/3_8_6.html. Tested in a bulk and ok landry@
2014-03-24	Update sqlite to 3.8.4. A list of changes are available here:	James Turner
	http://sqlite.org/changes.html. Tested in a bulk and ok landry@
2013-09-21	Update sqlite to 3.8.0.2. A list of changes are available here:	James Turner
	http://sqlite.org/changes.html. Tested in a bulk and ok landry@ ok espie@
2013-06-09	Update to sqlite 3.7.17.	Landry Breuil
	See for changes: http://www.sqlite.org/releaselog/3_7_16.html http://www.sqlite.org/releaselog/3_7_16_1.html http://www.sqlite.org/releaselog/3_7_16_2.html http://www.sqlite.org/releaselog/3_7_17.html tested by sebastia@ on vax & sparc, by myself on hppa/amd64/sparc64/sgi/i386/macppc. looks ok to espie@ (a lot of kittens died during the preparation of this cvs import)
2013-03-18	update to 3.7.15.2, tested by landry@/miod@	Marc Espie

2012-11-29	minor update to 3.7.14.1	Marc Espie

2012-06-22	import 3.7.13	Marc Espie
	okay jasper@
2012-05-22	import sqlite 3.7.12 (tested by landry@)	Marc Espie

2012-04-14	sqlite 3.7.11 library, vendor sources	Marc Espie

2016-09-22	Simplify mips64 GOTSYM bits to eliminate a couple temp files	Philip Guenther
	Remove extra file truncation that the at-start bits rendered superfluous
2016-09-22	Add copyright	Philip Guenther

2016-09-22	Switch from calling obsolete sig{block,setmask} to directly using the	Philip Guenther
	sigprocmask syscall. abort() can't return, so simplify the call, and use the internal name to avoid the PLT. no-return observation by Miod Vallat, testing by aoyama@
2016-09-22	m88k switched to RELRO	Philip Guenther

2016-09-22	Simplify __cerror now that %r27 is always the TCB pointer.	Philip Guenther
	Don't need a PLT relocation for __cerror. Move macros for doing internal aliases in ASM from SYS.h to DEFS.h __cerror tweaks by Miod Vallat, testing by aoyama@
2016-09-22	Improve on code from the previous commit.	Joel Sing
	ok bcook@
2016-09-22	Avoid unbounded memory growth, which can be triggered by a client	Joel Sing
	repeatedly renegotiating and sending OCSP Status Request TLS extensions. Fix based on OpenSSL.
2016-09-22	Check for packet with truncated DTLS cookie.	Philip Guenther
	Flip pointer comparison logic to avoid beyond-end-of-buffer pointers to make it less likely a compiler will decide to screw you. Based on parts of openssl commits 6f35f6deb5ca7daebe289f86477e061ce3ee5f46 and 89c2720298f875ac80777da2da88a64859775898 ok jsing@
2016-09-22	Improve ticket validity checking when tlsext_ticket_key_cb() callback	Philip Guenther
	chooses a different HMAC algorithm. Avert memory leaks if the callback preps the HMAC in some way. Based on openssl commit 1bbe48ab149893a78bf99c8eb8895c928900a16f but retaining a pre-callback length check to guarantee the callback is provided the buffer that the API claims. ok bcook@ jsing@
2016-09-22	revert documentation update for the clearning behavior we already reverted	Brent Cook

2016-09-21	no more KERN_ARND; ok deraadt	Jason McIntyre

2016-09-21	Delete casts to off_t and size_t that are implied by assignments	Philip Guenther
	or prototypes. Ditto for some of the char* and void* casts too. verified no change to instructions on ILP32 (i386) and LP64 (amd64) ok natano@ abluhm@ deraadt@ millert@
2016-09-20	When _LIBUNWIND_ARM_EHABI is defined, include <link.h> to get the	Mark Kettenis
	dl_unwind_find_exidx prototype. ok guenther@
2016-09-20	Add $OpenBSD tag	Philip Guenther

2016-09-20	Avoid selecting weak digests for (EC)DH when using SNI.	Brent Cook
	from OpenSSL: SSL_set_SSL_CTX is normally called for SNI after ClientHello has received and the digest to use for each certificate has been decided. The original ssl->cert contains the negotiated digests and is now copied to the new ssl->cert. noted by David Benjamin and Kinichiro Inoguchi
2016-09-20	Add check_sym, a utility for checking shared libraries for symbol changes	Philip Guenther
	that may require version bumps...or fixing. Details in comments at the top of the script. ok mpi@ millert@ deraadt@
2016-09-19	We don't need cross-unwinding support,	Mark Kettenis
	ok patrick@, tom@