wireguard-openbsd - WireGuard implementation for the OpenBSD kernel

	Commit message (Collapse)	Author	Files	Lines
2015-01-30	remove rndc (from bind) as well, ok deraadt	sthen	1	-2/+2

2015-01-30	fix a possible NULL-deref when trying to deref ifa->ifa_addr	gilles	1	-1/+3
	ok eric@
2015-01-30	Tidy up detach-client a bit.	nicm	1	-23/+26

2015-01-30	TLS connect error message has changed, adapt tests.	bluhm	4	-4/+4

2015-01-30	Don't leak incompletely cloned static lease. Should never happen	krw	1	-2/+4
	but better safe than sorry. Noted and diff from Benjamin Baier. Thanks!
2015-01-30	Make the TLS connect and accept error messages consistent.	bluhm	2	-5/+4
	OK jsing@
2015-01-30	Tweak error message to say 'realloc' since that's what's failing,	krw	1	-2/+2
	not 'malloc'.
2015-01-30	Document the syslogd certificate validation options.	bluhm	1	-3/+11
	OK jmc@
2015-01-30	Start TLS after the TCP connect has finished. Call the TLS connect	bluhm	1	-2/+3
	callback when the connected socket is writable. This avoids calling a NULL error callback. OK deraadt@
2015-01-30	Focus off needs to be sent with tty_raw, reported by Geoff Nixon.	nicm	1	-2/+2

2015-01-30	Add a ssh_config HostbasedKeyType option to control which	djm	7	-120/+245
	host public key types are tried during hostbased authentication. This may be used to prevent too many keys being sent to the server, and blowing past its MaxAuthTries limit. bz#2211 based on patch by Iain Morgan; ok markus@
2015-01-30	Fix the default interactive level to install the "default" dependencies.	espie	3	-14/+19
	Actually testing it caused me to write correct (and simpler) code...
2015-01-30	set a timeout to prevent hangs when talking to busted servers;	djm	1	-1/+2
	ok markus@
2015-01-30	remove tenex transfer support. if you still have TOPS20 machines in	tedu	7	-55/+14
	service, you'll need to stick with openbsd 5.6. bonus: remove references to ebcdic. ok deraadt
2015-01-30	Abolish struct tbl_head and replace it by an "int col" member in	schwarze	8	-89/+40
	struct tbl_cell. No functional change, minus 40 lines of code.
2015-01-30	Auditing the tbl(7) code for more NULL pointer accesses, i came out	schwarze	5	-72/+55
	empty-handed; so this is just KNF and some code simplifications, no functional change.
2015-01-30	avoid more fatal/exit in the packet.c paths that ssh-keyscan	djm	9	-114/+204
	uses; feedback and "looks good" markus@
2015-01-30	regression test for 'wildcard CA' serial/key ID revocations	djm	1	-30/+44

2015-01-30	permit KRLs that revoke certificates by serial number or key ID	djm	3	-51/+86
	without scoping to a particular CA; ok markus@
2015-01-30	missing parentheses after if in do_convert_from() broke	djm	1	-3/+3
	private key conversion from other formats some time in 2010; bz#2345 reported by jjelen AT redhat.com
2015-01-30	Make sure every layout line contains at least one cell;	schwarze	7	-14/+124
	fixing a NULL pointer access in term_tbl() that jsg@ found with afl.
2015-01-30	fix ssh protocol 1, spotted by miod@	djm	1	-9/+20

2015-01-30	correctly handle table layout lines starting with a dot	schwarze	1	-2/+2

2015-01-30	Rework vis.3 so it has standard sections.	doug	1	-38/+41
	Moved the return values from the description to a proper return values section. Broke up the description into function description followed by a subsection for the range and encoding. Replaced srclen with strlen(src) when srclen isn't an argument. Moved the common flag argument to its own paragraph. input schwarze@, input + ok jmc@
2015-01-29	reorg tbl(7) test suite	schwarze	38	-1123/+16

2015-01-29	reorg tbl(7) test suite	schwarze	41	-0/+1144

2015-01-29	remove no-op simple locks	deraadt	3	-167/+11
	tested by jsg, ok miod
2015-01-29	back bpf.c down to 1.113, from before most recent timeout changes.	tedu	1	-8/+4
	nmap is broken, as reported by kent fritz. pending further investigation, we should keep nmap working until a better fix is developed for the original problem.
2015-01-29	Correct buffer overflow in handling of pax extension headers, caught	guenther	1	-36/+81
	by the memcpy() overlap check. ok millert@ deraadt@
2015-01-29	At upgrade time delete sendmail,named,nginx,openssl binaries because	deraadt	1	-1/+5
	they may reside earlier in the path than a pkg. prompted by tedu, with halex
2015-01-29	Fix a regression that removed support for using service names instead	reyk	1	-1/+13
	of ports. It is now possible to use "listen on * port www" again. Found by ajacoutot@ OK ajacoutot@ blambert@
2015-01-29	manual SAs described in ipsec.conf(5) not ipsecctl(8);	jmc	1	-3/+3
	from paul gorman
2015-01-29	Use .Rv where appropriate, and move it to RETURN VALUES;	schwarze	10	-84/+47
	remove .Tn, and a few minor macro adjustments. Patch from Kaspars at Bankovskis dot net.
2015-01-29	Radical cleanup of COMPATIBILITY sections:	schwarze	6	-311/+92
	Remove lots of lies, dozens of irrelevant implementation details, and all references to groff versions older than 1.17. Move relevant information to the pages where it belongs, and out of mandoc(1) in particular. Add some missing general remarks to roff(7), where it fits the character and purpose of the page much better.
2015-01-28	dial the time back to about 0.1s, closer to the original targets and	tedu	1	-4/+4
	friendlier for users. requested by deraadt
2015-01-28	Add a test where the TLS handshake fails because of null ciphers.	bluhm	2	-1/+43

2015-01-28	update to new API (key_fingerprint => sshkey_fingerprint)	djm	12	-68/+81
	check sshkey_fingerprint return values; ok markus
2015-01-28	- Add PCH2 and PCH LPT to the list of chips capable of only 9K jumbos.	brad	2	-5/+13
	- Updated PBA values for the 82574 controller (20KB) and ICH9/10 with jumbos (14KB). Tested by a few on 82574, ICH9 and PCH LPT From FreeBSD
2015-01-28	Revert rtdeletemsg conversion. It was not ok'd, I misunderstood bluhm@'s	mpi	5	-40/+69
	email.
2015-01-28	avoid fatal() calls in packet code	djm	1	-3/+15
	makes ssh-keyscan more reliable against server failures ok dtucker@ markus@
2015-01-28	When comparing the LSA with the Ack, also check the age field. This	bluhm	2	-4/+18
	ensures that a LSA withdrawal is not acked by a previous update. From Florian Riehm; OK claudio@
2015-01-28	avoid fatal() calls in packet code	djm	7	-29/+54
	makes ssh-keyscan more reliable against server failures ok dtucker@ markus@
2015-01-28	Clean up eqn(7) error handling:	schwarze	8	-68/+141
	* When "define" fails, do not drop the whole equation. * Free memory after "undef". * Use standard mandoc error types instead of rolling our own. * Delete obfuscating EQN_MSG() macro. * Add function prototypes while here.
2015-01-28	revert back to initial vnodes again so we can be sure nfs likes it	tedu	1	-2/+2

2015-01-28	Test the x509 certificate validation of syslog over TLS.	bluhm	13	-11/+323

2015-01-28	If not explicitly disabled, syslogd verifies the x509 certificate	bluhm	1	-30/+60
	and hostname of the TLS server before sending any messages to it. Per default /etc/ssl/cert.pem is used as CA file. OK deraadt@
2015-01-28	* Polish tbl(7) error reporting.	schwarze	19	-64/+157
	* Do not print out macro names in tbl(7) data blocks. * Like with GNU tbl, let empty tables cause a blank line. * Avoid producing empty tables in -Tman.
2015-01-28	Remove ssl_by_mem_ctrl() and x509_mem_lookup to unbreak the build. It	reyk	1	-60/+1
	caused a conflict with a new function in LibreSSL but wasn't even used by ldapd. No functional change. OK deraadt@
2015-01-28	For now, it can't be helped that mandoc tbl(7) ignores high-level macros,	schwarze	8	-36/+35
	but stop throwing away their arguments. This fixes information loss in a handful of Xenocara manuals, at the price of a small amount of formatting noise creeping through.
2015-01-28	sync	deraadt	1	-1/+0