src - OpenBSD base system

Age	Commit message (Collapse)	Author
2016-09-03	A commented block starts with	Theo de Raadt
	# If you have ElectricFence available, you can spot abuses of the heap." Or, uhm you can simply use our malloc.
2016-09-02	move links from http to https://www.openbsd.org/	Theo Buehler
	ok beck
2016-08-26	Pull in <sys/select.h> for fd_set	Philip Guenther
	ok deraadt@
2016-04-04	Fix memory leak. Call proto_free() always to free proto.	YASUOKA Masahiko
	Diff from Yuuichi Someya. ok reyk markus
2016-04-02	Another use for fcntl() and thus of the superfluous 3rd parameter	Kenneth R Westerback
	is when sanitising standard fd's before calling daemon(). Use a tweaked version of the ssh(1) function in all three places found using fcntl() this way. ok jca@ beck@
2016-03-16	More "(<blah> *)0" -> NULL, avoiding any stdarg functions.	Kenneth R Westerback
	Feedback millert@ kettenis@
2016-03-10	Don't retransmit responses for unauthenticated messages.	YASUOKA Masahiko
	Base on diff from Yuuichi Someya ok markus reyk mikeb
2016-03-05	fix steps for cert creation;	Jason McIntyre
	issue reported by igor.kos (temporary) fix entirely provided by sthen
2016-02-29	Print ssize_t with %zd; ok deraadt@ mmcc@	Jeremie Courreges-Anglas

2016-01-11	typo fix; from julian hsiao	Jason McIntyre

2016-01-08	tweak; from julian hsiao	Jason McIntyre

2015-12-10	Remove NULL-checks before free(). ok tb@	mmcc

2015-12-09	Remove plain DES encryption from IPsec.	Christian Weisgerber
	DES is insecure since brute force attacks are practical due to its short key length. This removes support for DES-CBC encryption in ESP and in IKE main and quick mode from the kernel, isakmpd(8), ipsecctl(8), and iked(8). ok mikeb@
2015-10-15	A classic case for bzero() -> explicit_bzero()	mmcc
	ok deraadt@
2015-09-25	drop useless .Xo and .Bk, and shorten by avoiding some .Sm	Ingo Schwarze

2015-08-20	Do not cast a size_t to (unsigned long) to pass it as an argument to malloc.	Theo de Raadt
	Like really, who does??!
2015-08-20	<stdlib.h> is included, so do not need to cast result from	Theo de Raadt
	malloc, calloc, realloc* ok krw millert
2015-06-03	Do not assume that asprintf() clears the pointer on failure, which	Todd C. Miller
	is non-portable. Also add missing asprintf() return value checks. OK deraadt@ guenther@ doug@
2015-04-21	No need to do "size = (size_t)sb.st_size" both before and after	Jonathan Gray
	a fstat() call. ok mikeb@ markus@
2015-04-20	Log if we refuse to continue the exchange when another one that corresponds	Mike Belopuhov
	to the same policy is already active. OK markus, hshoexer
2015-04-17	Remove unsupported SADB_X_IDENTTYPE_CONNECTION; OK markus, hshoexer	Mike Belopuhov

2015-04-14	Remove support for storing credentials and auth information in the kernel.	Mike Belopuhov
	This code is largely unfinished and is not used for anything. The change leaves identities as only objects referenced by ipsec_ref structure and their handling requires some changes to support more advanced matching of IPsec connections. No objections from reyk and hshoexer, with and OK markus.
2015-03-26	Remove bits of unfinished IPsec proxy support. DNS' KX records, anyone?	Mike Belopuhov
	ok markus, hshoexer
2015-02-15	convert bcmp to memcmp	Ted Unangst
	ok doug millert miod
2015-02-07	When getopt processing flags, many should be flag=1 instead of flag++	Theo de Raadt
	ok tedu miod
2015-01-16	Arguments are just ".Ar", not ".Brq Ar" or even ".Ns { Ns Ar ... Ns }".	Ingo Schwarze
	The .Ar macro already causes distinctive formatting in a standard way, so there is no need for additional braces. This also fixes the only mandoc warning in src/sbin.
2015-01-16	Tweak previous: Do not put punctuation on its own line, put it at the end	Ingo Schwarze
	of the preceding macro line; no output change with mandoc, fixes output with groff. Also, if you want spacing back after .Sm off, do not add an argument containing a blank character, simply rely on .Sm on.
2015-01-16	Clean up macros in isakmpd(8).	Anthony J. Bentley
	- Fix mandoc warnings ("WARNING: skipping empty macro: No") - Mark up arguments with Ar, not Aq Ic - Mark up pathnames with Pa ok jmc@
2015-01-16	Replace <sys/param.h> with <limits.h> and other less dirty headers where	Theo de Raadt
	possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
2015-01-13	-/* Backwards compatibility. */	Theo de Raadt
	-#ifndef NI_MAXHOST -#define NI_MAXHOST 1025 -#endif Disappointing.
2014-12-01	memcpy abort found an overlap. from dsp at 2f30. ok deraadt	Ted Unangst

2014-11-19	Nuke yet more obvious #include duplications.	Kenneth R Westerback
	ok deraadt@
2014-10-29	convert simple cases of select() to poll()	Theo de Raadt
	ok doug
2014-10-25	Remove unnecessary netinet/in_systm.h include.	Lawrence Teo
	ok millert@
2014-10-22	Fix error reporting when reallocarray() fails. OK miod@	Todd C. Miller

2014-10-18	Convert malloc() with a size var using multiplication to reallocarray().	Doug Hogan
	Avoid assigning the size unless reallocarray() succeeds to avoid overflow. ok deraadt@
2014-10-12	DH_compute_key() returns -1 on error but this was not	Jonathan Gray
	handled by testing the result with a negation. Ralf Horstmann discovered iked would segfault when connecting from Strongswan on Android because of this and supplied the patch to fix the problem. ok reyk@
2014-10-09	obvious reallocarray() conversions	Theo de Raadt

2014-08-25	Sync dh.[ch] from iked. The files are identical, so any change in	Reyk Floeter
	either iked or isakmpd should be synced to the other daemon. The previous changes from iked include: plug two memory leaks, verify EC points and add the Brainpool curves. All tests in regress/sbin/isakmpd/dh passed OKAY. ok markus@ mikeb@
2014-08-25	Fix a few fd leaks in isakmpd.	Doug Hogan
	The latter close is from a sweep of the tree looking for fdopen problems. While reviewing the patch, gerhard@ fixed another leak. ok gerhard@
2014-08-23	Fix double free in ike_auth.c	doug
	ok jca@
2014-08-22	fix memory leak in isakmpd	doug
	ok gerhard@ (also corrected first version)
2014-07-11	add additional includes required to build with -DOPENSSL_NO_DEPRECATED	Jonathan Gray

2014-05-01	Correct a test for X509_get_notAfter() failing or returning	Jonathan Gray
	an unsupported time type when passing data to keynote. Problem introduced by angelos in 1.41 though the code has been reformatted a few times since then. ok otto@ miod@
2014-03-11	For CA generation, go back to using a two-step procedure to create a CSR and	Stuart Henderson
	then self-sign it rather than using the "openssl req" shortcut. This allows us to specify -extfile and thus set the correct certificate extensions so that stricter SSL implementations will trust this as a CA cert, and matches how things are done in ssl(8). This is basically a partial revert of r1.77. Researched by chrisz@, tweak/ok jmc@ ok beck@
2014-03-07	If allocation of 'id' fails, don't try to deref it after 'goto fail'.	Gerhard Roth
	ok millert@
2014-01-23	Remove a mid-layer which acts like arc4random isn't fairly standard.	Theo de Raadt
	ok mikeb
2014-01-22	regrand can die, from millert	Theo de Raadt

2014-01-22	improve randomization. remove some junk debugging features that are	Theo de Raadt
	fundamentally broken. ok jsing mikeb
2013-11-22	Whole bunch of (unsigned char) casts carefully added for ctype calls.	Theo de Raadt
	Careful second audit by millert