| Age | Commit message (Collapse) | Author |
|---|
|
ok henning
|
|
markers.
no binary changes
|
|
Add OpenBSD cvs markers.
No binary changes.
|
|
|
|
no binary changes.
|
|
"yes, let it rot in the attic" claudio
|
|
no binary changes.
|
|
No binary changes.
|
|
Suggested by djm a while ago. No binary changes.
|
|
Documentation corrections and spelling by jmc.
|
|
no options are given on the commandline, it is set to PF_INET.
The configuration file parser did not use this variable in all cases, but
used PF_UNSPEC for getaddrinfo/getnameinfo, leading to bogus error messages
in some cases (but httpd operated as expected). Use the global variable
instead of the hardcode PF_UNSPEC in the cases.
Add a new commandline flag, -U, to set the default address family to
PF_UNSPEC for ambigous directives.
Discussed with sthen.
|
|
not tested on them. Older gcc's require decl before code, and this
is supposed to be portable code in that sense.
|
|
ok (some time ago) jmc@
|
|
no binary change.
|
|
|
|
no binary changes.
|
|
no binary changes.
|
|
no binary change.
|
|
Suggested by henning.
|
|
|
|
to merge from upstream, we can safely sanitize the code and hopefully
the build system.
Discussed with and feedback from sthen, todd, dlg and henning.
no binary changes.
|
|
|
|
existing installations. See the documentation for the IPv6 related
configuration.
This changes the module ABI since addresses are now struct addrinfo.
This has been tested by many people and run on production machines
for several months.
feedback many, ok todd
|
|
|
|
|
|
Use arc4random_uniform() when the desired random number upper bound
is not a power of two
ok deraadt@ millert@
|
|
ok henning
|
|
does an unsigned comparison and read() can return -1. Use '!=' instead
of '<' since read() can't return more than 'sizeof Y'. Not perfect
(that would require a separate test for -1) but a very common usage.
ok henning@
|
|
A flaw was found in the mod_status module. On sites where mod_status
is enabled and the status pages were publicly accessible, a cross-site
scripting attack is possible. Note that the server-status page is
not enabled by default and it is best practice to not make this
publicly available.
Fix mod_imap XSS CVE-2007-5000:
A flaw was found in the mod_imap module. On sites where mod_imap
is enabled and an imagemap file is publicly available, a cross-site
scripting attack is possible.
ok miod@
|
|
Matthew Mulrooney <openbsd-2008.01.07@fm.beyonddata.net>
|
|
|
|
or -T option is specified, which is only going to do a syntax check on
the config file(s)
ok henning@, deraadt@
|
|
|
|
and include *.conf files from the modules directory by default.
The modules.sample directory will be used by some ports to place their
configuration files.
ok deraadt@, jsign@
|
|
|
|
tech@ by Jung.
|
|
ok pyr@, ray@, millert@, moritz@, chl@
|
|
From: Alex Holst <a@mongers.org>
|
|
of open filedescriptors (like RLimitNPROC for the number of processes).
ok ckuethe, "no objection" henning
|
|
The Apache HTTP server did not verify that a process was an Apache child
process before sending it signals. A local attacker with the ability to
run scripts on the HTTP server could manipulate the scoreboard and cause
arbitrary processes to be terminated which could lead to a denial of
service.
ok miod@ (who also noticed to protect reclaim_child_processes); henning@;
djm@
|
|
A flaw was found in the mod_status module. On sites where the
server-status page is publicly accessible and ExtendedStatus is enabled
this could lead to a cross-site scripting attack. Note that the
server-status page is not enabled by default and it is best practice to
not make this publicly available.
ok miod@, henning@
|
|
PR5549, From: veins@evilkittens.org
|
|
overflow in SSL session id parsing (by reaching a negative size arg)
ok henning
|
|
|
|
|
|
|
|
This unbreaks some configuration scripts.
ok henning@, xsa@, espie@
|
|
noticed by Igor Sobrado
ok henning
|
|
|
|
programs.
prompted by deraadt@ and cloder@, ok cloder@, henning@, xsa@
|
