summaryrefslogtreecommitdiffstats
path: root/lib (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* remove a few NULL-checks before free()mmcc2015-12-231-13/+7
|
* Update sqlite3 to 3.9.2. Bump major, regen .pc and header. Changesjturner2015-12-2380-2053/+4150
| | | | | | available here: http://sqlite.org/changes.html Tested in bulk by aja@. ok landry@
* assign pointer NULL rather than 0mmcc2015-12-232-4/+4
|
* assign pointer to NULL rather than 0mmcc2015-12-232-4/+4
|
* remove NULL-checks before free()mmcc2015-12-225-27/+19
|
* initialize a pointer to NULL rather than 0mmcc2015-12-222-4/+4
|
* Expose internal functions necessary to open audio devices and midiratchov2015-12-203-7/+19
| | | | ports using existing file descriptors.
* Clean up a condition. No functional change. ok tb@mmcc2015-12-201-4/+2
|
* gethostbyname2() and gethostbyaddr() need <sys/socket.h>; discussed withtim2015-12-191-6/+8
| | | | millert@
* Style cleanup and removal of needless casts. ok tb@mmcc2015-12-191-41/+31
|
* Remove NULL-checks before free(). ok tb@mmcc2015-12-199-52/+30
|
* More style improvement and removal of NULL/allocation casts.mmcc2015-12-192-47/+26
| | | | ok tb@
* Remove code for unimplemented ElGamel support that's been disabled formmcc2015-12-181-20/+1
| | | | | | sixteen years. ok millert@, tb@, sthen@
* A few more NULL casts and style tweaks. No functional change.mmcc2015-12-181-20/+16
|
* Cleanup and modernization. No functional change. Discussed with halex@.mmcc2015-12-181-51/+34
|
* Fix wrong answer if the imaginary part is zero.shadchin2015-12-183-3/+9
| | | | | | NetBSD also turn off this piece of code. ok tb@
* Fix behavior csqrt, should beshadchin2015-12-183-6/+6
| | | | | | | | | | | csqrt(conj(z)) == conj(csqrt(z)) Before csqrt(-4.0 + -0.0i) = 0.0 + 2.0j but should be csqrt(-4.0 + -0.0i) = 0.0 - 2.0j ok tb@, also discussed with daniel@
* Simplify return call of rand() and rand_r() to make it easier to read.tb2015-12-181-2/+2
| | | | | | | | | This is slightly less robust, but RAND_MAX must be one below a power of two in both variants anyway. Based on a suggestion by Matthew Martin. ok tedu@
* change the kqueue backend to call kevent() as events are added insteadtedu2015-12-161-65/+6
| | | | | | | | | | | | of deferring until the dispatch loop. kqueue support for various types of files and filesystems has been historically incomplete, and kevent handles this condition by returning an error. the libevent dispatch loop has no way to recover from this error and fails catastrophically, bringing down the entire process because one file went bad. now, instead of all that happending, event_add will return an error. the application can choose to handle or ignore this error, but at least the band will play on. ok nicm
* tweak previous;jmc2015-12-162-4/+5
|
* documents pledge(2) "dpath" promisesemarie2015-12-161-1/+6
| | | | | | with inputs from jmc@ ok jmc@ deraadt@
* Remove support for HOSTALIASES from the resolver. This "open and parsederaadt2015-12-167-81/+13
| | | | | | | | any file indicated by an environment variable" feature inside the resolver is incompatible with what pledge "dns" is trying to be. It is a misguided "feature" added way back in history which almost noone uses, but everyone has to assume the risk from. ok eric florian kettenis
* in pledged process, setuid/setgid/sticky bits should be ignored.semarie2015-12-161-2/+4
| | | | | | enforce it for mkfifo(2) and mknod(2) (with "dpath" promise). ok deraadt@
* Remove "C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certificationsthen2015-12-151-49/+0
| | | | | | | | | | | | | | | | | Authority" (serial 3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be) root certificate from cert.pem. ok rpe@ Symantec/VeriSign say "Browsers/root store operators are encouraged to remove/untrust this root from their root stores" and "hasn't been used to generate new certificates in several years, and will now be repurposed to provide transition support for some of our enterprise customers' legacy, non-public applications" (https://www.symantec.com/page.jsp?id=roots, http://www.scmagazine.com/google-will-remove-trust-of-symantecs-pca3-g1-certificate/article/459688/). Also see https://knowledge.symantec.com/support/ssl-certificates-support/index?page=content&id=ALERT1941 https://googleonlinesecurity.blogspot.co.uk/2015/12/proactive-measures-in-digital.html
* Remove more needless casts of NULL and allocations.mmcc2015-12-141-46/+35
|
* Remove casts of allocations and NULL. There are a *ton* of these tommcc2015-12-141-23/+19
| | | | | | | | remove in libkeynote, but I'm doing it in small chunks so I don't slip up. Previously discussed and approved on the lists, although I backed off after making a dumb mistake in a mega-diff.
* initialize ext_len to 0.beck2015-12-142-4/+12
| | | | ok guenther@
* initialize ok to 0beck2015-12-142-4/+4
| | | | ok guenther@
* initialize md_len to 0 for readability to quell warnings.beck2015-12-142-6/+6
| | | | ok guenther@
* Remove NULL-checks before free().mmcc2015-12-142-14/+8
|
* s/begining/beginning/gmmcc2015-12-142-4/+4
|
* decipher comment. ok bcook@mmcc2015-12-122-4/+4
|
* Remove calloc cast, give sizeof parens. No functional change.mmcc2015-12-121-2/+2
|
* move initialization of buf up to quell warnings and make it obvious the err case is ok.beck2015-12-122-8/+10
| | | | ok bcook@
* prevent possibly use of uninitialized variablebeck2015-12-122-4/+4
| | | | ok bcook@
* make the counter a size_t as well, which quells a warning on visual studio 2015beck2015-12-122-4/+6
| | | | ok bcook@
* Libraries should not print to stderr, ok tedu beck deraadtnicm2015-12-111-22/+1
|
* "the the" -> "the" in commentmmcc2015-12-111-2/+2
|
* tiny sanity check on file sizetedu2015-12-101-1/+3
|
* use geteuid to make it easier for root to communicate.tedu2015-12-101-2/+2
| | | | reported by Jeunder Yu
* use geteuid to allow root to communicate with others.tedu2015-12-101-2/+2
| | | | report from Jeunder Yu
* bump the major for libcrypto/ssl/tls for a CRYPTO_chacha_20 ABI changebcook2015-12-095-10/+10
| | | | ok jsing@, deraadt@, beck@
* Change the counter argument for CRYPTO_chacha_20 to be 64-bits on all platforms.bcook2015-12-094-10/+12
| | | | | | | | | | | The recently-added EVP_aead_chacha20_poly1305_ietf() function, which implements informational RFC 7539, "ChaCha20 and Poly1305 for IETF Protocols", needs a 64-bit counter to avoid truncation on 32-bit platforms. The existing TLS ChaCha20-Poly1305 ciphersuite is not impacted by this, but making this change requires an ABI bump. ok jsing@, "Looks sane" beck@
* Add a cast to silence a compiler warning by clang on FreeBSD.tb2015-12-091-2/+2
| | | | | From Craig Rodrigues. ok tedu@
* Integrate two patches originally from Daniel Micay.tedu2015-12-091-8/+76
| | | | | | | | | | | | 1. Optionally add random "canaries" to the end of an allocation. This requires increasing the internal size of the allocation slightly, which probably results in a large effective increase with current power of two sizing. Therefore, this option is only enabled via 'C'. 2. When writing junk (0xdf) to freed chunks (current default behavior), check that the junk is still intact when finally freeing the delayed chunk to catch some potential use after free. This should be pretty cheap so there's no option to control it separately. ok deraadt tb
* rewrite guts of getusershell() to avoid possibility of overflow.tedu2015-12-081-41/+45
| | | | | | | | instead of trying to allocate "just enough" memory based on the size of the file (which is mostly comments, in fact), allocate memory on demand. i.e., save memory by wasting it. also be a little stricter about parsing. after discussion with tobias. (with a bug fix from patrick keshishian) descended from bug glibc bug 18660 via tobias.
* Add root certificate for COMODO RSA Certification Authority, ok beck@sthen2015-12-071-0/+122
| | | | | | | In some cases sites signed by this are covered by the old "AddTrust External CA Root" that we already had, but that depends on the site sending a fairly large chain of intermediate certificates which most aren't doing (because there's no need because this newer one is in browser stores..).
* Remove SHA0 check, as we did in v1.21 of sha.h.bcook2015-12-072-4/+4
| | | | | | This enables ENGINE_get_digest to work again with SHA1. noted by NARUSE, Yui, @nurse from github
* Simplify the relocation code for the ld.so bootstrap and static pie: trackguenther2015-12-061-132/+71
| | | | | | | | just the dynamic tags are needed instead of reusing the generic elf_object_t structure. testing and feedback from miod@ ok kettenis@
* Validate input files to prevent out of boundary accesses.tobias2015-12-061-63/+80
| | | | with input by and ok schwarze@