| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2013-12-04 | When we receive a /32 IP address assignment, mimick ISC DHCP by adding | Matthew Dempsky | |
| a direct route for the default gateway IP with equivalent to route add -net $gw -netmask 255.255.255.255 -cloning -iface $myip so that the subsequent route add default $gw can succeed. Magic route(8) incantation thanks to claudio. Tested successfully on Compute Engine. Committing now so additional testing/discussion can happen in-tree. Discussed with deraadt, krw, claudio. | |||
| 2013-12-04 | Oops. Missed a chunk. Give up on classless static routes if | Kenneth R Westerback | |
| size of mask is > 4 bytes. Don't keep looping on the data hoping it gets better. | |||
| 2013-12-04 | More memcpy() stylistic repairs and size checks. | Kenneth R Westerback | |
| 2013-12-04 | Be more careful to ensure memcpy'd data will fit. | Kenneth R Westerback | |
| Potential problems pointed out by matthew@. | |||
| 2013-12-04 | Use EVP_sha1 directly instead of doing the EVP_get_digestbyname lookup. | Mike Belopuhov | |
| Correct the comment while here: RFC5996 says we SHOULD use SHA1 as a hashing function for RSA Digital Signatures. Tested by and OK markus. | |||
| 2013-12-03 | never cast to sockaddr_storage, always cast to the abstract 'class' sockaddr | Markus Friedl | |
| this fixes an out-of-bounds-memcpy in pfkey_process(); ok mikeb@ | |||
| 2013-12-01 | Make ifconfig scan show the nwid, channel, and bssid for IBSS networks. | Stefan Sperling | |
| These were only shown for access points, so getting useful information about IBSS networks in the area was somewhat difficult. ok deraadt | |||
| 2013-11-28 | mark replaced flows as 'not loaded'; this can happen if both | Markus Friedl | |
| sides negotiate the same flow, but only one flow is active in the kernel; ok mikeb@ | |||
| 2013-11-28 | don't leak duplicate flows; ok mikeb@ | Markus Friedl | |
| 2013-11-28 | drop duplicate requests | Markus Friedl | |
| otherwise IKE_AUTH requests might be accepted twice, leading to TWO child-SAs with the same remote SPI, but different local SPIs, leading to corrupt child-SA tables. with & ok mikeb@ | |||
| 2013-11-28 | document sa_msgid & sa_reqid; ok mikeb@ | Markus Friedl | |
| 2013-11-28 | sa_lookup: don't compare with sh_rspi if rspi is not set | Markus Friedl | |
| otherwise this can happen: initiator retransmits SA_INIT with rspi of zero, sa_lookup for responder fails, and it creates a new SA, that cannot be inserted in the SA tree | |||
| 2013-11-28 | sa_new(): discard & free duplicate IKESAs; ok mibek@ | Markus Friedl | |
| 2013-11-28 | include hexdump in debug output only for -vvv; ok mikeb@ | Markus Friedl | |
| 2013-11-28 | support raw pubkey authentication w/o x509 certificates; | Markus Friedl | |
| mostly by Michael Cardell Widerkrantz, reyk@ and mikeb@; ok mike@ | |||
| 2013-11-25 | use u_char for buffers in yylex, for ctype calls | Sebastian Benoit | |
| found by millert@, from deraadt@ | |||
| 2013-11-25 | use u_char for buffers in yylex, for ctype calls | Sebastian Benoit | |
| found by millert@, ok deraadt@ | |||
| 2013-11-22 | Kirk was being waaaay too chummy with the compiler when he trusted | Philip Guenther | |
| it to not optimize away a comparison against NULL-1. Add (unsigned char) casts for some ctype calls. Teach fsck_ext2fs about MAXPARTITIONS, letting it operate on partitions 'i' through 'p'. ok deraadt@ millert@ otto@ | |||
| 2013-11-22 | Whole bunch of (unsigned char) casts carefully added for ctype calls. | Theo de Raadt | |
| Careful second audit by millert | |||
| 2013-11-22 | Whole bunch of (unsigned char) casts carefully added for ctype calls. | Theo de Raadt | |
| Careful second audit by millert | |||
| 2013-11-21 | Keep the flow until last IPsec SA is deleted, if the flow is shared by | YASUOKA Masahiko | |
| multiple IPsec SAs in NAT-T case. This fixes a problem that L2TP/IPsec connections are disconnected improper in case multiple Windows clients are connected from behind one NAT. ok markus | |||
| 2013-11-21 | Make the bit string u_char * in print_bits(). In practice we | Todd C. Miller | |
| shouldn't have chars > 127 in these but it is better not to assume this. OK deraadt@ | |||
| 2013-11-21 | Make the bit string unsigned char * in printb() and printb_status(). | Todd C. Miller | |
| In practice we shouldn't have chars > 127 in these but it is better not to assume this. OK deraadt@ | |||
| 2013-11-20 | cleanups for signed char vs ctype | Theo de Raadt | |
| ok krw | |||
| 2013-11-19 | include queue.h directly instead of relying on if.h to provide it; | Mike Belopuhov | |
| ok deraadt | |||
| 2013-11-17 | Distinguish between inteldrm and radeondrm. | Mark Kettenis | |
| ok jsg@, miod@ | |||
| 2013-11-16 | Fix msgbuf_write() usage. | Kenneth R Westerback | |
| 2013-11-15 | Include unistd.h as it is the standard location for getopt(). | Todd C. Miller | |
| 2013-11-15 | Cope with the EAGAIN API change for msgbuf_write() | Mike Belopuhov | |
| 2013-11-14 | fix parameter types for x509 routines | Theo de Raadt | |
| ok mikeb | |||
| 2013-11-14 | ignore messages for other daemons, like isakmpd does; ok mikeb | Markus Friedl | |
| 2013-11-14 | setup pfkey timer before use; ok mikeb | Markus Friedl | |
| 2013-11-14 | pass caller to ca_sslerror for better error messages; ok mikeb | Markus Friedl | |
| 2013-11-14 | verify EC points; from hshoexer; ok mikeb | Markus Friedl | |
| 2013-11-14 | not need to specify OBJDIR; ok mikeb | Markus Friedl | |
| 2013-11-14 | Add STANDARDS section to isakmpd(8). | Anthony J. Bentley | |
| tweaks/ok jmc@ | |||
| 2013-11-12 | satisfy proto requirement | Theo de Raadt | |
| 2013-11-12 | add a variety of missing prototypes | Theo de Raadt | |
| 2013-11-11 | unused variable | Theo de Raadt | |
| 2013-11-11 | oops, forgot a #ifdef AOE in last commit | Theo de Raadt | |
| 2013-11-11 | Shuffle function prototypes and extern declarations around to | Kenneth R Westerback | |
| put local functions prototypes and variables in their .c files, and cross-file functions into .h files. Prompted by deraadt@. | |||
| 2013-11-11 | incorrect %lld for an int | Theo de Raadt | |
| 2013-11-11 | Nuke 'cur_time' variable used only to assign time(NULL) to a field. | Kenneth R Westerback | |
| 2013-11-11 | Document that SO_DEBUG (-d flag) has no effect on OpenBSD. | Jeremie Courreges-Anglas | |
| Input from kettenis@, ok jmc@ | |||
| 2013-11-11 | Argh. Set 'to' address to INADDR_BROADCAST, not 'from' address, | Kenneth R Westerback | |
| when trying to send broadcast request to server. | |||
| 2013-11-11 | RFC 2131 and friends state that when renewing a lease the client | Kenneth R Westerback | |
| will begin by using unicast communications with the server, and fall back to using broadcast packets if unicast fails. We were not failing back, but instead doggedly sticking with unicast attempts until the lease expired. Instead, try unicast requests for the reboot timeout interval and then switch to using broadcast requests. Problem reported by Marc Peters and Dennis den Brok via misc@. ok dlg@ millert@ | |||
| 2013-11-10 | Don't use p_size as if it was the full partition size, and don't | Kenneth R Westerback | |
| assume the disk sector size is 512-bytes. Use DL_GETPSIZE() to get correct partition sizes and DL_SECTOBLK() to turn disk sector values into 512-byte-block values. | |||
| 2013-11-09 | Replace (int) = (size_t)(long) with (long long) = (long long) by replacing | Kenneth R Westerback | |
| atol() with strtonum() and storing value of 's' parameter in long long variable instead of an int. | |||
| 2013-11-05 | Fix ifconfig with IPv6 tunnel addresses which was broken by the | Alexander Bluhm | |
| vxlan(4) commit. found by todd@; OK reyk@ | |||
| 2013-11-05 | Replace direct references to p_size, p_offset and d_secperunit with | Kenneth R Westerback | |
| DL_[GET|SET]PSIZE(), DL_[GET|SET]POFFSET(), DL_[GET|SET]DSIZE() in order to get|set correct value that includes the high bits of the value. | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |