summaryrefslogtreecommitdiff
path: root/libexec
AgeCommit message (Collapse)Author
2015-04-21When diff(1) finds differences, it returns an exit status of 1.Ingo Schwarze
In that particular case, refrain from printing "diff: exit code 1" because that exit status doesn't indicate an error condition. Issue noticed by and patch OK'ed by ajacoutot@. "I agree with the goal, and I suspect the diff actually achieves it" guenther@.
2015-04-18Convert many atoi() calls to strtonum(), adding range checks and failureTheo de Raadt
handling along the way. Reviews by Brendan MacDonell, Jeremy Devenport, florian, doug, millert
2015-04-14document missing argument; ok jmcTheo de Raadt
2015-04-14wrap a long lineTheo de Raadt
2015-04-14Log a more useful error message if ttyname() fails. OK deraadt@Todd C. Miller
2015-03-27In mount(8) output, do not misparse lines where fs_spec ends with theIngo Schwarze
two characters "on", which can for example happen for NFS mounts. Patch from Lauri Tirkkonen <lotheac at iki dot fi> on bugs@.
2015-03-27If /etc/passwd contains incomplete lines ending before theIngo Schwarze
home directory field, warn explicitly rather than stumbling into Perl "uninitialized value" warnings. Issue reported by Denis Lapshin <deniza at mindall dot org>. OK afresh1@
2015-03-17Eliminate use of TM_YEAR_BASE. OK guenther@ deraadt@ miod@Todd C. Miller
2015-03-15tzfile.h is an internal header that should never have been installed.Todd C. Miller
What's worse, the tzfile.h that gets installed is over 20 years old and doesn't match the real tzfile.h in libc/time. This makes the tree safe for /usr/include/tzfile.h removal. The TM_YEAR_BASE define has been moved to time.h temporarily until its usage is replaced by 1900 in the tree. Actual removal of tzfile.h is pending a ports build. Based on a diff from deraadt@
2015-03-13delete some rpc fd_set related externs which are not usedTheo de Raadt
2015-03-12Use poll(2) instead of select(2). A pointer to the struct pollfdTodd C. Miller
is embedded in each struct con so the descriptors can't get out of sync with the pfd[] array. OK deraadt@
2015-02-22Set the TLS ciphers to "compat" mode, restoring the previous behaviour.Joel Sing
2015-02-15Don't use Aq macros when <> is intended; they are not the same thing.Anthony J. Bentley
ok schwarze@
2015-02-12Change TLS_PROTOCOLS_DEFAULT to be TLSv1.2 only. Add a TLS_PROTOCOLS_ALLJoel Sing
that includes all currently supported protocols (TLSv1.0, TLSv1.1 and TLSv1.2). Change all users of libtls to use TLS_PROTOCOLS_ALL so that they maintain existing behaviour. Discussed with tedu@ and reyk@.
2015-02-08Fix cross-build. OK jsing@ miod@ guenther@ deraadt@Masao Uebayashi
2015-02-07put -G and it's args back onto one line in SYNOPSIS, to avoid having mandocJason McIntyre
split it; while here, zap trailing whitespace;
2015-02-07add STARTTLS support, using the shiny libtls.Henning Brauer
Rationale: when you publish DANE records for certificate pinning, you MUST offer TLS on the indicated service. Not offering TLS is verboten since that would re-open the door for a MitM. This is obviously fundamentally incompatible with having spamd in front of your mailservers - spamd kinda is a MitM here, but intentional and utterly valid. DANE is desirable because it allows one to not have to trust the broken SSL CA model, and, depending on the mode chosen, even show the SSL cert mafia the middle finger by not needing them at all. ok reyk jsing bob
2015-02-06Raise ELF_RANDOMIZE_LIMIT to 64K, so that programs and libraries canTheo de Raadt
legitimately use random section variables without execve failures... Because this section is not demand faulted, yield() every page during the fill otherwise the costs are charged poorly. ok tedu matthew
2015-02-06SIZE_MAX is standard, we should be using it in preference to theTodd C. Miller
obsolete SIZE_T_MAX. OK miod@ beck@
2015-01-22delete annoying white space that annoyTheo de Raadt
2015-01-21Include <netinet/in.h> before <net/pfvar.h>. In a future change whenTheo de Raadt
ports is ready, <net/pfvar.h> will stop including a pile of balony.
2015-01-20If _dl_progname exceeds half the syslog buffer, truncate it with "...",Theo de Raadt
so that the remaining information is more visible ok kettenis miod
2015-01-20Allocate a bit more memory to reduce the change of having toTodd C. Miller
realloc() which is expensive for large blacklists.
2015-01-20Add support for tracing libraries in static PIE binaries. rcrt does notTheo de Raadt
contain "LD_TRACE_LOADED_OBJECTS" support, so this gets done by calling RTLD_TRACE directly. ok guenther
2015-01-19Does not need netinet/ip_ipsp.hTheo de Raadt
2015-01-19gcc does not understand that the loop conditionally sets bsod beforeTheo de Raadt
using it, so it warns... Copy the warning silencing code from the same function in ../ld.so
2015-01-19CMASK went out of scope with the recent <sys/param.h> removal. But ohTheo de Raadt
golly gee, ftpd can handle that itself due to the glorious old practice of #ifndef #define. Remove that junk. ok guenther
2015-01-18do not require <a.out.h>Theo de Raadt
2015-01-17eliminate strcpy & strcat, by using strlcpy, strlcat or snprintf whereTheo de Raadt
suitable. ok jsg
2015-01-16<sys/param.h> to <limits.h> conversion. Verified binariesTheo de Raadt
ok millert, thanks to doug for process advice
2015-01-16Replace <sys/param.h> with <limits.h> and other less dirty headers whereTheo de Raadt
possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
2015-01-16adjust to HOST_NAME_MAX+1 & LOGIN_NAME_MAXTheo de Raadt
2015-01-15remove .Tn; from Jan Stary <hans at stare dot cz>Ingo Schwarze
2015-01-14Replace "errx(1, "malloc failed")" with "err(1, NULL)" to getTodd C. Miller
standard "Cannot allocate memory" message.
2015-01-13Move debug printf for duplicate af to correct location.Todd C. Miller
2015-01-13Remove bogus getopt.h include.Todd C. Miller
2015-01-13Fix printing of number of whitelist entries in debug mode.Todd C. Miller
2015-01-13Use address-family specific lists of addr/mask entries instead ofTodd C. Miller
a union that can store either ipv4 or ipv6. The old method used 4x as much memory as was really needed for ipv4. The spamd-setup protocol has changed from: tag;message;a/m;a/m;a/m...\n to :tag;message;af;count;a/m;a/m;a/m...[af;count;a/m;a/m;a/m]\n OK phessler@ "nice" beck@
2015-01-08Avoid a crash (free of bogus pointer) when there is a syntax errorTodd C. Miller
reading the config socket by clearing the entire blacklist struct instead of just the tag string. Also avoid holes in the blacklist array on error since the code can't cope with them. OK beck@
2014-12-30Use a 1MB realloc() increment instead of an 8KB one for the configTodd C. Miller
connection buffer. Significantly speeds up spamd-setup for lage blacklists. Also free the buffer when we are done with it so memory can be returned to the system (as it can grow quite large). OK deraadt@
2014-12-30self-relocating crt0 bits for sh, and enable static pie by default. With someMiod Vallat
archdep.h help from kettenis@
2014-12-30Clean up and optimize _dl_start a bit by using immediate addressing forMiod Vallat
the constants whenever they fit, and avoiding saving and restoring registers we don't need to preserve.
2014-12-30Fix handling of R_MIPS_REL32_64 relocations that reference a symbol.Mark Kettenis
Fixes remaining problems with static PIE on mips64.
2014-12-29Minor cleanup:Todd C. Miller
o doreply() just calls build_reply() o remove a few dead stores and useless variables o use the asprintf() return value OK deraadt@
2014-12-27Static PIE for mips64. Still something not quite right as a full make buildMark Kettenis
fails. ok kurt@
2014-12-27Make ld.so process only R_ALPHA_RELATIVE relocations during early GOTMark Kettenis
relocation in _reloc_alpha_got(), and teach RELOC_RELA() to skip R_ALPHA_NONE relocations (which are just nops used to fill out the relocation table). Handling R_ALPHA_NONE relocations will be necessary for static PIE support and it is not inconceivable that ld.so will end up with such relocations at some point. ok kurt@
2014-12-24Expand Elf_Rel relocations to include DT_JMPREL. Inspect DT_PLTREL valueKurt Miller
to determine if DT_JMPREL relocations are REL or RELA and conditionally perform DT_JMPREL in either REL or RELA as needed (idea from kettenis@). Remove unneeded i386 RELA implementation. i386 static pie working now. okay kettenis@
2014-12-22Self-relocation code for i386.Kurt Miller
2014-12-22Static PIE has been delayed for quite a while. By pushing hard with pascalTheo de Raadt
towards a wimpy (but sufficient) model, kurt and kettenis got upset enough to do it the right way, right away before we got out of hand. Bravo! We no longer need /sbin/ld.so on the new roadmap.
2014-12-22Introduce new csu0 variant for -static -pie binaries to use calledKurt Miller
rcsu0.o where the initial 'r' is for relocatable. rcsu0.o performs self-relocation on static pie binaries by calling a slightly modified copy of ld.so's _dl_boot_bind() in boot.h. The first arch implementatation is also included for amd64 where __start calls _dl_boot_bind() and then calls ___start(). Includes parts from kettenis@ to help get R_X86_64_64 relocations working and proper handling for undefined weak symbols. This is the first part of several to get static pie self-relocating binaries working. binutils, gcc and kernel changes are forthcoming to complete the solution, then per-arch implementations are needed for MD_RCRT0_START in csu. okay kettenis@ pascal@ deraadt@