| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
| |
|
|
|
|
|
|
| |
available here: http://sqlite.org/changes.html
Tested in bulk by aja@. ok landry@
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
ports using existing file descriptors.
|
| |
|
|
|
|
| |
millert@
|
| |
|
| |
|
|
|
|
| |
ok tb@
|
|
|
|
|
|
| |
sixteen years.
ok millert@, tb@, sthen@
|
| |
|
| |
|
|
|
|
|
|
| |
NetBSD also turn off this piece of code.
ok tb@
|
|
|
|
|
|
|
|
|
|
|
| |
csqrt(conj(z)) == conj(csqrt(z))
Before
csqrt(-4.0 + -0.0i) = 0.0 + 2.0j
but should be
csqrt(-4.0 + -0.0i) = 0.0 - 2.0j
ok tb@, also discussed with daniel@
|
|
|
|
|
|
|
|
|
| |
This is slightly less robust, but RAND_MAX must be one below a power
of two in both variants anyway.
Based on a suggestion by Matthew Martin.
ok tedu@
|
|
|
|
|
|
|
|
|
|
|
|
| |
of deferring until the dispatch loop. kqueue support for various types
of files and filesystems has been historically incomplete, and kevent
handles this condition by returning an error. the libevent dispatch
loop has no way to recover from this error and fails catastrophically,
bringing down the entire process because one file went bad.
now, instead of all that happending, event_add will return an error. the
application can choose to handle or ignore this error, but at least the
band will play on.
ok nicm
|
| |
|
|
|
|
|
|
| |
with inputs from jmc@
ok jmc@ deraadt@
|
|
|
|
|
|
|
|
| |
any file indicated by an environment variable" feature inside the
resolver is incompatible with what pledge "dns" is trying to be. It is
a misguided "feature" added way back in history which almost noone uses,
but everyone has to assume the risk from.
ok eric florian kettenis
|
|
|
|
|
|
| |
enforce it for mkfifo(2) and mknod(2) (with "dpath" promise).
ok deraadt@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Authority" (serial 3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be) root
certificate from cert.pem. ok rpe@
Symantec/VeriSign say "Browsers/root store operators are encouraged to
remove/untrust this root from their root stores" and "hasn't been used to
generate new certificates in several years, and will now be repurposed to
provide transition support for some of our enterprise customers' legacy,
non-public applications" (https://www.symantec.com/page.jsp?id=roots,
http://www.scmagazine.com/google-will-remove-trust-of-symantecs-pca3-g1-certificate/article/459688/).
Also see
https://knowledge.symantec.com/support/ssl-certificates-support/index?page=content&id=ALERT1941
https://googleonlinesecurity.blogspot.co.uk/2015/12/proactive-measures-in-digital.html
|
| |
|
|
|
|
|
|
|
|
| |
remove in libkeynote, but I'm doing it in small chunks so I don't slip
up.
Previously discussed and approved on the lists, although I backed off
after making a dumb mistake in a mega-diff.
|
|
|
|
| |
ok guenther@
|
|
|
|
| |
ok guenther@
|
|
|
|
| |
ok guenther@
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
ok bcook@
|
|
|
|
| |
ok bcook@
|
|
|
|
| |
ok bcook@
|
| |
|
| |
|
| |
|
|
|
|
| |
reported by Jeunder Yu
|
|
|
|
| |
report from Jeunder Yu
|
|
|
|
| |
ok jsing@, deraadt@, beck@
|
|
|
|
|
|
|
|
|
|
|
| |
The recently-added EVP_aead_chacha20_poly1305_ietf() function, which implements
informational RFC 7539, "ChaCha20 and Poly1305 for IETF Protocols", needs a
64-bit counter to avoid truncation on 32-bit platforms.
The existing TLS ChaCha20-Poly1305 ciphersuite is not impacted by this, but
making this change requires an ABI bump.
ok jsing@, "Looks sane" beck@
|
|
|
|
|
| |
From Craig Rodrigues.
ok tedu@
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. Optionally add random "canaries" to the end of an allocation. This
requires increasing the internal size of the allocation slightly, which
probably results in a large effective increase with current power of two
sizing. Therefore, this option is only enabled via 'C'.
2. When writing junk (0xdf) to freed chunks (current default behavior),
check that the junk is still intact when finally freeing the delayed chunk
to catch some potential use after free. This should be pretty cheap so
there's no option to control it separately.
ok deraadt tb
|
|
|
|
|
|
|
|
| |
instead of trying to allocate "just enough" memory based on the size of the
file (which is mostly comments, in fact), allocate memory on demand.
i.e., save memory by wasting it. also be a little stricter about parsing.
after discussion with tobias. (with a bug fix from patrick keshishian)
descended from bug glibc bug 18660 via tobias.
|
|
|
|
|
|
|
| |
In some cases sites signed by this are covered by the old "AddTrust External
CA Root" that we already had, but that depends on the site sending a fairly
large chain of intermediate certificates which most aren't doing (because
there's no need because this newer one is in browser stores..).
|
|
|
|
|
|
| |
This enables ENGINE_get_digest to work again with SHA1.
noted by NARUSE, Yui, @nurse from github
|
|
|
|
|
|
|
|
| |
just the dynamic tags are needed instead of reusing the generic elf_object_t
structure.
testing and feedback from miod@
ok kettenis@
|
|
|
|
| |
with input by and ok schwarze@
|