summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* fix leak: was double allocating kex->session_id bufferdjm2021-01-271-4/+6
|
* update comment, SMALL was split into SMALL and NOSSLsthen2021-01-271-2/+3
|
* Unveil ldapd. Follow recent precedent and elect to forego the unlinking ofrob2021-01-271-22/+15
| | | | | | | | some objects at shutdown thereby allowing for a tighter unveil. Feedbackup from deraadt@ and martijn@. OK deraadt@
* remove bogus key hack now that it's handled by libtlseric2021-01-274-291/+10
| | | | | no objection claudio@ ok tb@ jsing@
* wrap an overlong linetb2021-01-271-2/+3
|
* synctb2021-01-271-0/+1
|
* Link SSL_get_finished.3 to build.tb2021-01-271-1/+2
|
* Write SSL_get_finished() documentation from scratch.tb2021-01-271-0/+77
| | | | ok beck
* Merge SSL_set_hostflags documentation from OpenSSL 1.1.1i andtb2021-01-271-3/+20
| | | | | | add HISTORY section. This is currently ignored input next to SSL_get0_peername() and will be unignored once the symbols are made publicly visible in libssl.
* The usb configuration descriptor parameter providing the number ofmglocker2021-01-277-19/+19
| | | | | | available device interfaces is called 'bNumInterfaces'. ok phessler@, thfr@ (who provided the man page diff)
* Promote nrules/maxrules to size_t and make sure they can't overflow.millert2021-01-273-13/+14
| | | | | reallocarray(3) will fail if nmemb * size would overflow. OK tb@ martijn@
* mark up fixes; from lyndonjmc2021-01-271-4/+4
|
* word fix;jmc2021-01-271-3/+3
|
* spelling fixes;jmc2021-01-271-4/+4
|
* regenjsg2021-01-272-2/+177
|
* add some more amdgpu devicesjsg2021-01-271-1/+36
|
* Flush pending output before entering or exiting alternate screen rathernicm2021-01-271-1/+5
| | | | than leaking it, oss-fuzz issue 29959.
* this needs kex.h nowdjm2021-01-271-1/+2
|
* make ssh->kex->session_id a sshbuf instead of u_char*/size_t anddjm2021-01-2715-103/+80
| | | | | use that instead of global variables containing copies of it. feedback/ok markus@
* remove global variable used to stash compat flags and use thedjm2021-01-2714-73/+70
| | | | purpose-built ssh->compat variable instead; feedback/ok markus@
* Be consistent in not using parameter names for function prototypes.mglocker2021-01-271-5/+5
|
* Determine available address families (and monitor when this changes)florian2021-01-275-14/+126
| | | | | | | to configure libunbound accordingly. This way it no longer tries to talk to IPv6 nameservers when only IPv4 is available and vice versa. input deraadt OK kn
* do better accounting of how many msix interrupts we want to use.dlg2021-01-271-2/+8
| | | | ok jmatthew@
* these programs (with common ancestry) had a -fno-common problem relatedderaadt2021-01-2715-27/+46
| | | | | to privsep_procid. ok mortimer
* split out extern and decl for -fno-commonderaadt2021-01-272-3/+5
|
* makemap does not need a common which it does not use.deraadt2021-01-271-2/+1
|
* commons used rather than externs, fix for -fno-commonderaadt2021-01-271-3/+3
|
* fix -fno-common issues; ok mortimerderaadt2021-01-272-44/+81
|
* fix -fno-common issues; ok mortimerderaadt2021-01-273-9/+11
|
* nsd contains two yacc parsers, but predates "yacc -b". Instead aderaadt2021-01-271-0/+3
| | | | | | script renames the fields in one parser. Three additional variables (yysslim, yyssp, yystacksize) need to be renamed also. Yes it is worse than stepping out of bed on the wrong side into cat vomit.
* shuffle externs (and definitions) around to satisfy -fno-commonderaadt2021-01-275-88/+224
| | | | ok mortimer
* have pf_route{,6} clear the pf_pdesc mbuf ref early for route-to/reply-to.dlg2021-01-271-5/+3
| | | | | | | | | | | | | | | | pf_route and pf_route6 are called to take over delivery of the packet with route-to and reply-to instead of letting it get processed normally. for the dup-to handling, it copies the mbuf but leaves the original mbuf in place. pf_route takes over the packet by clearing the mbuf pointer in the pf_pdesc struct. this diff moves the clearing of that pointer to the start of the function, rather than checking for dup-to again on the way out of the function. i think this is better because it means that it's more robust in the face of future code changes. even if that's not true, it's still shorter code in a forwarding path. ok sashan@ jmatthew@
* don't run copies of packets made by dup-to through pf_test.dlg2021-01-271-3/+3
| | | | | | | | | | | | | | dup-to is kind of like what you do with a span port, but is a bit more fine grained. it copies packets in a connection out an interface so that connection can be monitored. it doesnt make sense for pf to see the copied packets and try to match or create new states for them either. at best it needs config to stop pf seeing the copies (eg, set skip on $dup_to_tgt_if). at worst it breaks the connections you're monitoring because the states in pf get confused. found while discussing larger route-to changes on tech@. ok bluhm@ sashan@
* kqueue: Fix termination assertvisa2021-01-271-2/+12
| | | | | | | | | | | | When a kqueue file is closed, the kqueue can still have threads scanning it. Consequently, kqueue_terminate() can see scan markers in the event queue. These markers are removed when the scanning threads leave the kqueue. Take this into account when checking the queue's state, to avoid a panic when kqueue is closed from under a thread. OK anton@ Reported-by: syzbot+757c60a2aa1125137cce@syzkaller.appspotmail.com
* satisfy -fno-common by duplicating deck chairs as requiredderaadt2021-01-272-39/+112
| | | | ok mortimer millert
* satisfy -fno-commonderaadt2021-01-272-29/+21
| | | | similar to the approach used by mortimer
* Logical not bitwise or. ok djm@dtucker2021-01-271-2/+2
|
* Add support for RSA-PSS PKCS1 signatures. Don't enable them bytobhe2021-01-262-19/+23
| | | | | | default for now because of interoperability issues. ok patrick@
* Recognize Apple Icestorm cores.kettenis2021-01-261-1/+10
|
* Fix build with -fno-common. OK deraadt@millert2021-01-261-4/+1
|
* Rewrap a comment line to fit into 80 columns.tb2021-01-261-3/+3
|
* zap a tabtb2021-01-261-2/+2
|
* Prepare to provide SSL_set_hostflags()tb2021-01-262-2/+9
| | | | | | | | Yet another one of these X509_VERIFY_PARAM reacharounds into libcrypto. Recently found in imapfilter, also used elsewhere. Will be made publicly visible with the next minor bump. ok jsing
* one variable was common, fixing what I can.deraadt2021-01-262-4/+4
| | | | (the portable code in here is not in great shape, and I am ignoring it)
* satisfy -fno-common, by (1) copying all the variable decls fromderaadt2021-01-262-46/+87
| | | | | | indent_globs.h to indent.c, and (2) changing all the same decls in indent_globs.h to be extern ok mortimer
* satisfy -fno-common, by (1) copying all the variable decls fromderaadt2021-01-262-29/+58
| | | | | | indent_globs.h to indent.c, and (2) changing all the same decls in indent_globs.h to be extern ok mortimer
* sockb variable is unused (and even worse, was common unused)deraadt2021-01-262-5/+2
|
* satisfy -fno-common, by (1) copying all the variable decls fromderaadt2021-01-262-42/+94
| | | | | | indent_globs.h to indent.c, and (2) changing all the same decls in indent_globs.h to be extern ok mortimer
* satisfy -fno-common, by (1) copying all the variable decls fromderaadt2021-01-262-67/+191
| | | | | | indent_globs.h to indent.c, and (2) changing all the same decls in indent_globs.h to be extern ok mortimer
* satisfy -fno-common by repairing one enum declderaadt2021-01-262-3/+5
| | | | ok mortimer
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.