| Age | Commit message (Collapse) | Author |
|---|
|
Reject responses from a remote server if sent an invalid (negative)
Content-Length. [Mark Cox]
|
|
*) Fix buffer overflow in "SSLOptions +FakeBasicAuth" implementation
if the Subject-DN in the client certificate exceeds 6KB in length.
(CVE CAN-2004-0488).
*) Handle the case of OpenSSL retry requests after interrupted system
calls during the SSL handshake phase.
*) Remove some unused functions.
|
|
timezones.
ok canacar@
|
|
we used a ststic one with OPEN_MAX entries, which is a rather arbitary limit
as OPEN_MAX is _not_ the max # of open fds we can have, but just a default
for that setting.
in the same move we have to allocate the peer_l array, basically there
for pfd-index to peer pointers to prevent peer list scans all time,
dynamiccaly to. we overallocate a little and use that reserve until we
have to realloc again later to prevent reallocs for every single control
connection or a single flapping peer.
help & ok claudio
|
|
* More robust handling of NTP error conditions (e.g. host or
service unreachable).
* Improve the detection of stale and/or spoofed NTP responses
from servers.
* Add support for getaddrinfo(3)'s multiple host support if
error conditions occur (e.g. round-robin DNS, and the first
NTP server isn't responding, try the next host in line).
* Minor formatting/code cleanup.
ok henning@
|
|
ok millert@
|
|
and simplyfy the prefix production error handling slightly
from Mr. Memleak Terminator Patrick Latifi <pat@eyeo.org>, kickass!
|
|
noticed by die tuere;
ok beck@
|
|
help from, tweaks, and ok's: dhartmei@ otto@ millert@
|
|
by using a AuthNonce secret.
CAN-2003-0987
ok henning@
|
|
could make it easier for attackers to insert those sequences into terminal
emulators containing vulnerabilities related to escape sequences.
CAN-2003-0020
ok henning@
|
|
ok drahn@ henning@
|
|
|
|
|
|
supported address familiy, keep a tailq of an arbitary number of them.
the new struct listen_addr contains the sockaddr and the fd.
this fixes quite some nasty behaviour which was a consequence of the previous
model.
looks right deraadt@, and discussed with claudio
|
|
ok jakob@, henning@
|
|
ok henning@
|
|
expiry flag. Resolves PR 3792, though not by changing code, but by
changing docs, comments and an error message or two.
ok jmc@ millert@
|
|
ok grange@
|
|
|
|
Check return values for setgid, initgroups and setuid in code we don't compile.
Print the correct filename for the at job in mail sent.
Add some #if DEBUGGING in cron.c's usage().
Set sunlen each time before using it in accept().
Don't send mail at all if MAILTO is set but empty.
|
|
|
|
The gpioctl program allows to manipulate GPIO devices pins
Quick start for the Soekris net4801 users:
# gpioctl -c 20 out pp
# gpioctl 20 1
This will turn on the red error led.
If you want to use JP5 I/O pins, just use the /dev/gpio1 device.
Quick start for the PC Engines WRAP.1C users:
# gpioctl 40
This will read the state of the button (0 means pressed).
# gpioctl -c 2 pp out
This will turn the first led on, to turn off write 1 to the pin,
it's reversed. For the second and the third leds use pins 3 and 18.
ok deraadt@
|
|
are mode 0400 too. From Walt Howard.
|
|
be logged by the subsequent block, aborting evaluation when matching.
Useful to log some daemons to dedicated files only (not polluting standard
files with their messages). ok beck@, henning@, millert@
|
|
|
|
|
|
|
|
for now, one can set the addresses to listen on
|
|
|
|
|
|
default to one IPv4 wildcard and one IPv6 wildcard one.
|
|
|
|
|
|
|
|
|
|
it is just capable of answering (s)ntp4 requests with the local time
for now.
imsg/buffer and logging framework from bgpd, ntp protocol hackery
with Alexander Guy
|
|
|
|
From FreeBSD
|
|
|
|
Alexander Guy
|
|
testing jmc todd. ok deraadt
|
|
|
|
|
|
|
|
|
|
The hotplugd daemon monitors the hotplug(4) pseudo-device, acting on
signaled events by executing the scripts in the /etc/hotplug directory.
Not linked to the build yet.
|
|
|
|
ok deraadt@
|
|
at runtime and disable said subsystems if so. helps the guys porting bgpd
to $otherBSD, and is actually the right thing to do. claudio ok
|
