Displaying 1 50 of 510,195 commits (0.022s)

OpenBSD — usr.sbin/traceroute6 traceroute6.c

    Structure wait_for_reply() loop like traceroute, thereby moving the
    loop body one indent layer up.
    OK benno@
Delta File
+22 -23 usr.sbin/traceroute6/traceroute6.c
+22 -23 1 file

OpenBSD — usr.sbin/traceroute traceroute.c

    move cast from packet to ip up to avoid casts in print()
    OK benno@
Delta File
+4 -5 usr.sbin/traceroute/traceroute.c
+4 -5 1 file

OpenBSD — usr.sbin/traceroute6 traceroute6.c

    move ICMP6 code parsing to function
    OK benno@
Delta File
+36 -29 usr.sbin/traceroute6/traceroute6.c
+36 -29 1 file

OpenBSD — usr.sbin/traceroute traceroute.c

    move ICMP code parsing to function
    OK benno@
Delta File
+69 -63 usr.sbin/traceroute/traceroute.c
+69 -63 1 file

OpenBSD — usr.sbin/traceroute6 traceroute6.c

    sync to traceroute:
    * s/Dst/to/
    * s/Src/from/
    * drop Rcv
    OK benno@
Delta File
+21 -22 usr.sbin/traceroute6/traceroute6.c
+21 -22 1 file

OpenBSD — usr.sbin/traceroute traceroute.c traceroute.8

    If -s is not given do a dummy connect to get outgoing ip,
    unconditionally try to bind to this ip and get a source port for udp
    this way, like traceroute6 is doing.  This means you can no longer
    traceroute from IPs not present on the system. (There are probably
    better tools if you want to send traffic from spoofed IPs.)
    OK benno@
Delta File
+44 -9 usr.sbin/traceroute/traceroute.c
+4 -5 usr.sbin/traceroute/traceroute.8
+48 -14 2 files

OpenBSD — usr.sbin/relayd log.c

    fix previous
Delta File
+2 -2 usr.sbin/relayd/log.c
+2 -2 1 file

OpenBSD — usr.sbin/traceroute6 traceroute6.c

    Sync to tracroute: don't print source IP if -s is not given
    OK benno@ (who wants it back in some form after the merge)
Delta File
+2 -8 usr.sbin/traceroute6/traceroute6.c
+2 -8 1 file

OpenBSD — lib/libssl/src/crypto/asn1 tasn_dec.c

    guenther would prefer more separation
Delta File
+2 -0 lib/libssl/src/crypto/asn1/tasn_dec.c
+2 -0 1 file

OpenBSD — usr.sbin/relayd ca.c log.c

    spacing
Delta File
+22 -24 usr.sbin/relayd/ca.c
+2 -2 usr.sbin/relayd/log.c
+24 -26 2 files

OpenBSD — usr.sbin/traceroute6 traceroute6.c

    Sync to tracroute: handle "time exceeded in transit" before the
    switch and add a default case.
    OK benno@
Delta File
+9 -1 usr.sbin/traceroute6/traceroute6.c
+9 -1 1 file

OpenBSD — usr.sbin/traceroute traceroute.c

    sync packet_ok signature to traceroute6
    OK benno@
Delta File
+6 -4 usr.sbin/traceroute/traceroute.c
+6 -4 1 file

OpenBSD — usr.sbin/traceroute6 traceroute6.c

    sync to traceroute: s/opacket/packetdata/
    OK lteo@, benno@
Delta File
+7 -7 usr.sbin/traceroute6/traceroute6.c
+7 -7 1 file

OpenBSD — usr.sbin/traceroute6 traceroute6.c

    Embed struct tv32 into struct opacket like traceroute.
    This changes the data part of an icmp6 paket, before it only
    contained the timestamp, now it contains a whole struct opacket.
    Shouldn't be an issue as nobody looks at this data anyway.
    OK benno@
Delta File
+14 -22 usr.sbin/traceroute6/traceroute6.c
+14 -22 1 file

OpenBSD — libexec/rshd rshd.c rshd.8

    Malak: I think we made the merchant angry.
    Conan: Are you surprised?
    Malak: But we didn't steal everything he had!
    Conan: We didn't have time.
Delta File
+0 -579 libexec/rshd/rshd.c
+0 -220 libexec/rshd/rshd.8
+0 -8 libexec/rshd/Makefile
+0 -807 3 files

OpenBSD — usr.sbin/traceroute traceroute.c, usr.sbin/traceroute6 traceroute6.c

    Factor out build_probe{4,6} from send_probe; now send_probe is
    AF independent. While there define outpacket as u_char and
    cast as needed in traceroute6.
    OK benno@
Delta File
+31 -13 usr.sbin/traceroute6/traceroute6.c
+23 -8 usr.sbin/traceroute/traceroute.c
+54 -21 2 files

OpenBSD — distrib/sets/lists/base md.alpha md.amd64

    sync
Delta File
+1 -1 distrib/sets/lists/base/md.alpha
+1 -1 distrib/sets/lists/base/md.amd64
+1 -1 distrib/sets/lists/base/md.armish
+1 -1 distrib/sets/lists/base/md.armv7
+1 -1 distrib/sets/lists/base/md.aviion
+1 -1 distrib/sets/lists/base/md.hppa
+12 -12 12 files not shown
+18 -18 18 files

OpenBSD — libexec Makefile

    millert said i can kill rshd
Delta File
+2 -2 libexec/Makefile
+2 -2 1 file

OpenBSD — lib/libcrypto/crypto shlib_version

    we need to crank
Delta File
+1 -1 lib/libcrypto/crypto/shlib_version
+1 -1 1 file

OpenBSD — usr.sbin/relayd ca.c

    Fix SSL client-only mode when no RSA private key is needed.
    
    Found by andre@ with the args-ssl-server.pl regress test.
    
    ok andre@
Delta File
+17 -12 usr.sbin/relayd/ca.c
+17 -12 1 file

OpenBSD — lib/libssl/src/crypto uid.c o_str.c

    remove include files not needed
Delta File
+2 -16 lib/libssl/src/crypto/uid.c
+0 -1 lib/libssl/src/crypto/o_str.c
+2 -17 2 files

OpenBSD — lib/libssl/src/doc/apps s_client.pod

    Document support for "openssl s_client -starttls lmtp"
Delta File
+1 -1 lib/libssl/src/doc/apps/s_client.pod
+1 -1 1 file

OpenBSD — lib/libssl/src/apps s_client.c s_server.c, lib/libssl/src/doc/ssl SSL_CTX_set_options.pod

    Finish zapping SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION usage; only keep
    the #define for compat, but document that it's a no-op now.  Also, neuter
    the -legacy_renegotiation option to "openssl s_{client,server}"
    
    ok beck@
Delta File
+8 -14 lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod
+8 -5 lib/libssl/src/apps/s_client.c
+1 -2 lib/libssl/src/apps/s_server.c
+1 -2 lib/libssl/src/ssl/s3_pkt.c
+18 -23 4 files

OpenBSD — lib/libssl/src/apps apps.c, lib/libssl/src/crypto/conf conf_mod.c

    use the portable construct around asprintf; pointed out by halex
Delta File
+2 -1 lib/libssl/src/apps/apps.c
+2 -1 lib/libssl/src/crypto/conf/conf_mod.c
+4 -2 2 files

OpenBSD — sys/net if_tun.c

    reaching into altq outside #ifdef ALTQ is bad, mmkay? ok claudio
Delta File
+1 -6 sys/net/if_tun.c
+1 -6 1 file

OpenBSD — sys/netinet tcp_subr.c

    tcp_respond: let the stack worry about the cksum instead of doing it
    manually, ok naddy (in january)
Delta File
+3 -16 sys/netinet/tcp_subr.c
+3 -16 1 file

OpenBSD — sys/net pf.c

    pf_send_tcp: ask the stack to do the cksum instead of doing it manually
    ok benno lteo naddy (back in january)
Delta File
+11 -23 sys/net/pf.c
+11 -23 1 file

OpenBSD — lib/csu/sh md_init.h, lib/libarch/alpha io.c bwx.c

    It's been a quarter century: we can assume volatile is present with that name.
Delta File
+39 -39 lib/libm/arch/amd64/fenv.c
+39 -39 lib/libm/arch/i387/fenv.c
+26 -26 lib/libm/arch/m88k/fenv.c
+22 -22 lib/libm/arch/mips64/fenv.c
+22 -22 lib/libm/arch/hppa64/fenv.c
+22 -22 lib/libm/arch/hppa/fenv.c
+222 -222 51 files not shown
+392 -392 57 files

OpenBSD — lib/libssl/src/crypto/asn1 tasn_dec.c

    Some dude named Tavis Ormandy reported a bug which has gone unfixed.
    http://marc.info/?l=openssl-users&m=138014120223264&w=2
    Arguably a doc bug, but we argue not. If you parse a new cert into memory
    occupied by a previously verified cert, the new cert will inherit that
    state, bypassing future verification checks. To avoid this, we will always
    start fresh with a new object.
    
    grudging ok from guenther, after i threatened to make him read the code yet
    again. "that ok was way more painful and tiring then it should have been"
Delta File
+5 -0 lib/libssl/src/crypto/asn1/tasn_dec.c
+5 -0 1 file

OpenBSD — sys/dev/ic dc.c

    reaching into altq unconditionally (and w/o ifdef ALTQ) is bad, mmkay?
Delta File
+1 -5 sys/dev/ic/dc.c
+1 -5 1 file

OpenBSD — usr.sbin/openssl Makefile

    since e_os.h is dead, and e_os2.h is installed, we can fetch from there.
    This means we don't need the reach-around anymore.
Delta File
+2 -8 usr.sbin/openssl/Makefile
+2 -8 1 file

OpenBSD — regress/sys/arch/hppa/probe probe.c, regress/sys/arch/hppa/sfuid sfuid.c

    It's been a quarter century: we can assume volatile is present with that name.
Delta File
+11 -11 regress/sys/arch/i386/ldt/testldt.c
+5 -5 regress/sys/arch/hppa/probe/probe.c
+4 -4 regress/sys/arch/sparc64/emul-popc/simm/simm13.c
+3 -3 regress/sys/kern/noexec/noexec.c
+2 -2 regress/sys/arch/hppa/sfuid/sfuid.c
+2 -2 regress/sys/arch/m88k/usertrap/trap.c
+27 -27 6 files

OpenBSD — lib/libssl/src e_os.h, lib/libssl/src/apps s_cb.c s_socket.c

    Put the final pieces from e_os.h in the required places, and remove it.
    "dance on it's grave" says beck
    ok guenther beck
Delta File
+0 -78 lib/libssl/src/e_os.h
+2 -22 lib/libssl/src/crypto/bio/bss_dgram.c
+1 -12 lib/libssl/src/crypto/bio/b_sock.c
+0 -12 lib/libssl/src/apps/s_cb.c
+1 -11 lib/libssl/src/apps/s_socket.c
+2 -5 lib/libssl/src/apps/apps.h
+0 -15 10 files not shown
+6 -155 16 files

OpenBSD — regress/etc/MAKEDEV Makefile

    cut altq here
Delta File
+2 -2 regress/etc/MAKEDEV/Makefile
+2 -2 1 file

OpenBSD — lib/libssl/src/crypto/asn1 tasn_dec.c

    blank lines between decls and code
Delta File
+5 -0 lib/libssl/src/crypto/asn1/tasn_dec.c
+5 -0 1 file

OpenBSD — usr.sbin/relayd ca.c

    The RSA_FLAG_SIGN_VER is not yet supported and the current code uses
    the rsa_priv_enc() and rsa_pub_dec() callbacks for sign and verify
    operations.
    
    A tale from OpenSSL's rsa.h:
    
      New sign and verify functions: some libraries don't allow arbitrary
      data to be signed/verified: this allows them to be used. Note: for
      this to work the RSA_public_decrypt() and RSA_private_encrypt() should
      *NOT* be used RSA_sign(), RSA_verify() should be used instead. Note:
      for backwards compatibility this functionality is only enabled if the
      RSA_FLAG_SIGN_VER option is set in 'flags'.
    
    In OpenSSL, RSA engines should provide the rsa_sign() and rsa_verify()
    callbacks and this should be the default.  By the "default" is
    disabled by default and RSA engines that provide extra sign and verify
    callbacks have to set the non-default RSA_FLAG_SIGN_VER flag.  This is
    not used by OpenSSL's own RSA code and was only set by two non-default
    RSA engines: IBM 4758 and Windows CAPI - both of them got removed from
    our library.  And btw., this comment about the new non-default default
    was added in 1999.
    
    Thanks to Piotr Sikora, who pointed out that I didn't handle the
    sign/verify case.
Delta File
+4 -1 usr.sbin/relayd/ca.c
+4 -1 1 file

OpenBSD — usr.bin/mg theo.c

    We should probably thank OpenSSL.
    They gave Theo another chance to be happy.
Delta File
+2 -1 usr.bin/mg/theo.c
+2 -1 1 file

OpenBSD — lib/libssl/src/apps CA.sh tsget, lib/libssl/src/apps/demoCA index.txt cacert.pem

    These files were never installed in the past, and are not generally
    used.  They can go away.
    ok guenther reyk
Delta File
+0 -198 lib/libssl/src/apps/CA.sh
+0 -196 lib/libssl/src/apps/tsget
+0 -189 lib/libssl/src/apps/CA.pl.in
+0 -104 lib/libssl/src/apps/progs.pl
+0 -101 lib/libssl/src/apps/rsa8192.pem
+0 -52 lib/libssl/src/apps/server2.pem
+0 -625 39 files not shown
+0 -1,465 45 files

OpenBSD — usr.sbin/relayd ca.c ssl.c

    Introduce privsep for private keys:
    
    - Move RSA private keys to a new separate process instead of copying
    them to the relays.  A custom RSA engine is used by the SSL/TLS code
    of the relay processes to send RSA private key encryption/decryption
    (also used for sign/verify) requests to the new "ca" processes instead
    of operating on the private key directly.
    
    - Each relay process gets its own related ca process.  Setting
    "prefork 5" in the config file will spawn 10 processes (5 relay, 5
    ca).  This diff also reduces the default number of relay processes
    from 5 to 3 which should be suitable in most installations without a
    very heavy load.
    
    - Don't keep text versions of the keys in memory, parse them once and
    keep the binary representation.  This might still be the case in
    OpenSSL's internals but will be fixed in the library.
    
    This diff doesn't prevent something like "heartbleed" but adds an
    additional mitigation to prevent leakage of the private keys from the
    processes doing SSL/TLS.
    
    With feedback from many
    ok benno@
Delta File
+431 -0 usr.sbin/relayd/ca.c
+69 -14 usr.sbin/relayd/ssl.c
+54 -12 usr.sbin/relayd/relayd.c
+39 -21 usr.sbin/relayd/config.c
+29 -6 usr.sbin/relayd/relayd.h
+1 -33 usr.sbin/relayd/ssl_privsep.c
+28 -13 3 files not shown
+651 -99 9 files

OpenBSD — lib/libssl/src/apps apps.c

    Use asprintf() for generating path, instead of multiple
    return-value-not-checked strlcpy and strlcat
Delta File
+1 -7 lib/libssl/src/apps/apps.c
+1 -7 1 file

OpenBSD — lib/libssl/src/crypto/conf conf_mod.c

    in CONF_get1_default_config_file(), don't calculate a buffer size,
    malloc it, do unbounded strlcpy's to it... but instead of asnprintf.
    While there, let's put a '/' between the two path components!  Wonder
    how old that bug is..
    ok guenther
Delta File
+5 -15 lib/libssl/src/crypto/conf/conf_mod.c
+5 -15 1 file

OpenBSD — sys/nfs nfs_socket.c

    If somebody else is already processing the RPC requests on a stream socket,
    don't panic, but just return.
    
    tested by nicm@
    ok tedu@
Delta File
+2 -2 sys/nfs/nfs_socket.c
+2 -2 1 file

OpenBSD — lib/libssl/src/crypto/asn1 ameth_lib.c

    More KNF.
Delta File
+80 -76 lib/libssl/src/crypto/asn1/ameth_lib.c
+80 -76 1 file

OpenBSD — lib/libcrypto/crypto Makefile, lib/libssl/src/crypto/rand rand_lib.c rand_unix.c

    another round of chemo for the RAND code to provide clarity.
    ok deraadt
Delta File
+79 -159 lib/libssl/src/crypto/rand/rand_lib.c
+0 -121 lib/libssl/src/crypto/rand/rand_unix.c
+6 -47 lib/libssl/src/crypto/rand/randfile.c
+0 -52 lib/libssl/src/crypto/rand/rc4_rand.c
+2 -3 lib/libcrypto/crypto/Makefile
+87 -382 5 files

OpenBSD — lib/libssl/src/crypto/asn1 t_x509.c t_req.c

    More KNF.
Delta File
+264 -205 lib/libssl/src/crypto/asn1/t_x509.c
+121 -99 lib/libssl/src/crypto/asn1/t_req.c
+36 -32 lib/libssl/src/crypto/asn1/t_crl.c
+37 -31 lib/libssl/src/crypto/asn1/t_pkey.c
+33 -25 lib/libssl/src/crypto/asn1/t_x509a.c
+24 -15 lib/libssl/src/crypto/asn1/t_bitst.c
+20 -18 lib/libssl/src/crypto/asn1/t_spki.c
+535 -425 7 files

OpenBSD — lib/libcrypto/crypto Makefile, lib/libssl/src/apps app_rand.c

    egd support is too dangerous to leave where somebody might find it.
    ok deraadt.
Delta File
+0 -110 lib/libssl/src/crypto/rand/rand_egd.c
+2 -16 lib/libssl/src/apps/app_rand.c
+2 -2 lib/libcrypto/crypto/Makefile
+0 -3 lib/libssl/src/crypto/rand/rand.h
+4 -131 4 files

OpenBSD — lib/libssl/src/crypto/asn1 tasn_dec.c tasn_prn.c

    More KNF.
Delta File
+195 -197 lib/libssl/src/crypto/asn1/tasn_dec.c
+116 -106 lib/libssl/src/crypto/asn1/tasn_prn.c
+85 -74 lib/libssl/src/crypto/asn1/tasn_enc.c
+50 -40 lib/libssl/src/crypto/asn1/tasn_new.c
+42 -26 lib/libssl/src/crypto/asn1/tasn_utl.c
+21 -16 lib/libssl/src/crypto/asn1/tasn_fre.c
+5 -5 lib/libssl/src/crypto/asn1/tasn_typ.c
+514 -464 7 files

OpenBSD — usr.sbin/relayd proc.c relayd.h

    The proc.c code sets up some socketpair for the communication between
    different privsep processes.  The implementation is using
    multi-dimensional arrays and and some complicated process to process
    relations.  This is the first attempt of cleaning it up and to allow
    N:N communications for the upcoming "CA" processes.
    
    Discussed with some, but nobody dared to comment on the code.
Delta File
+38 -22 usr.sbin/relayd/proc.c
+3 -1 usr.sbin/relayd/relayd.h
+41 -23 2 files

OpenBSD — sys/arch/alpha/alpha trap.c, sys/arch/amd64/amd64 trap.c

    Have each thread keeps its own (counted!) reference to the process's ucreds
    to avoid possible use-after-free references when swapping ids in threaded
    processes.  "Do I have the right creds?" checks are always made with the
    threads creds.
    
    Inspired by FreeBSD and NetBSD
    "right time" deraadt@
Delta File
+281 -114 sys/kern/kern_prot.c
+48 -86 sys/dev/systrace.c
+14 -2 sys/kern/kern_exec.c
+13 -2 sys/sys/proc.h
+8 -7 sys/kern/kern_sig.c
+3 -3 sys/sys/cdefs.h
+60 -24 19 files not shown
+427 -238 25 files

OpenBSD — share/man/man7 hier.7

    no more altq hier^Where either
Delta File
+2 -5 share/man/man7/hier.7
+2 -5 1 file