Age | Commit message (Collapse) | Author |
|
two characters "on", which can for example happen for NFS mounts.
Patch from Lauri Tirkkonen <lotheac at iki dot fi> on bugs@.
|
|
home directory field, warn explicitly rather than stumbling
into Perl "uninitialized value" warnings.
Issue reported by Denis Lapshin <deniza at mindall dot org>.
OK afresh1@
|
|
|
|
What's worse, the tzfile.h that gets installed is over 20 years old
and doesn't match the real tzfile.h in libc/time. This makes the
tree safe for /usr/include/tzfile.h removal. The TM_YEAR_BASE
define has been moved to time.h temporarily until its usage is
replaced by 1900 in the tree. Actual removal of tzfile.h is pending
a ports build. Based on a diff from deraadt@
|
|
|
|
is embedded in each struct con so the descriptors can't get out of
sync with the pfd[] array. OK deraadt@
|
|
|
|
ok schwarze@
|
|
that includes all currently supported protocols (TLSv1.0, TLSv1.1 and
TLSv1.2). Change all users of libtls to use TLS_PROTOCOLS_ALL so that they
maintain existing behaviour.
Discussed with tedu@ and reyk@.
|
|
|
|
split it; while here, zap trailing whitespace;
|
|
Rationale: when you publish DANE records for certificate pinning, you MUST
offer TLS on the indicated service. Not offering TLS is verboten since
that would re-open the door for a MitM. This is obviously fundamentally
incompatible with having spamd in front of your mailservers - spamd kinda
is a MitM here, but intentional and utterly valid.
DANE is desirable because it allows one to not have to trust the broken
SSL CA model, and, depending on the mode chosen, even show the SSL cert
mafia the middle finger by not needing them at all.
ok reyk jsing bob
|
|
legitimately use random section variables without execve failures...
Because this section is not demand faulted, yield() every page during
the fill otherwise the costs are charged poorly.
ok tedu matthew
|
|
obsolete SIZE_T_MAX. OK miod@ beck@
|
|
|
|
ports is ready, <net/pfvar.h> will stop including a pile of balony.
|
|
so that the remaining information is more visible
ok kettenis miod
|
|
realloc() which is expensive for large blacklists.
|
|
contain "LD_TRACE_LOADED_OBJECTS" support, so this gets done by calling
RTLD_TRACE directly.
ok guenther
|
|
|
|
using it, so it warns... Copy the warning silencing code from the
same function in ../ld.so
|
|
golly gee, ftpd can handle that itself due to the glorious old practice
of #ifndef #define. Remove that junk.
ok guenther
|
|
|
|
suitable.
ok jsg
|
|
ok millert, thanks to doug for process advice
|
|
possible. Annotate <sys/param.h> lines with their current reasons. Switch
to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change
MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where
sensible to avoid pulling in the pollution. These are the files confirmed
through binary verification.
ok guenther, millert, doug (helped with the verification protocol)
|
|
|
|
|
|
standard "Cannot allocate memory" message.
|
|
|
|
|
|
|
|
a union that can store either ipv4 or ipv6. The old method used
4x as much memory as was really needed for ipv4. The spamd-setup
protocol has changed from: tag;message;a/m;a/m;a/m...\n
to :tag;message;af;count;a/m;a/m;a/m...[af;count;a/m;a/m;a/m]\n
OK phessler@ "nice" beck@
|
|
reading the config socket by clearing the entire blacklist struct
instead of just the tag string. Also avoid holes in the blacklist
array on error since the code can't cope with them. OK beck@
|
|
connection buffer. Significantly speeds up spamd-setup for lage
blacklists. Also free the buffer when we are done with it so memory
can be returned to the system (as it can grow quite large).
OK deraadt@
|
|
archdep.h help from kettenis@
|
|
the constants whenever they fit, and avoiding saving and restoring
registers we don't need to preserve.
|
|
Fixes remaining problems with static PIE on mips64.
|
|
o doreply() just calls build_reply()
o remove a few dead stores and useless variables
o use the asprintf() return value
OK deraadt@
|
|
fails.
ok kurt@
|
|
relocation in _reloc_alpha_got(), and teach RELOC_RELA() to skip R_ALPHA_NONE
relocations (which are just nops used to fill out the relocation table).
Handling R_ALPHA_NONE relocations will be necessary for static PIE support
and it is not inconceivable that ld.so will end up with such relocations
at some point.
ok kurt@
|
|
to determine if DT_JMPREL relocations are REL or RELA and conditionally
perform DT_JMPREL in either REL or RELA as needed (idea from kettenis@).
Remove unneeded i386 RELA implementation. i386 static pie working now.
okay kettenis@
|
|
|
|
towards a wimpy (but sufficient) model, kurt and kettenis got upset enough
to do it the right way, right away before we got out of hand. Bravo!
We no longer need /sbin/ld.so on the new roadmap.
|
|
rcsu0.o where the initial 'r' is for relocatable. rcsu0.o performs
self-relocation on static pie binaries by calling a slightly modified
copy of ld.so's _dl_boot_bind() in boot.h.
The first arch implementatation is also included for amd64 where
__start calls _dl_boot_bind() and then calls ___start(). Includes
parts from kettenis@ to help get R_X86_64_64 relocations working
and proper handling for undefined weak symbols.
This is the first part of several to get static pie self-relocating
binaries working. binutils, gcc and kernel changes are forthcoming
to complete the solution, then per-arch implementations are needed
for MD_RCRT0_START in csu.
okay kettenis@ pascal@ deraadt@
|
|
|
|
|
|
PIE possible.
ok deraadt@ tedu@
|
|
relocations, but will always call public symbols through the library's PLT.
|
|
|