Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
209,676 Commits 606 Branches 0 Tags 3.1 GiB
36a4733e75
Commit Graph

724 Commits

Author SHA1 Message Date
tls
36a4733e75 Fix applications that call RAND_bytes() before any other RAND function. 
Last change was...a bit too simple.
 2012-03-07 10:17:47 +00:00
tls
48b3ca7292 Patch OpenSSL RNG to allow explicit initial seeding. Patch OpenSSH to 
explicitly seed the OpenSSL RNG in each new process rather than letting
it repeatedly open /dev/urandom to reseed, which depletes entropy severely.

Note that the OpenSSH part of this fix works better on NetBSD than it would
on many other platforms because on NetBSD, if you don't reopen /dev/urandom,
repeated reads don't deplete entropy.  On other platforms, some other
approach might be required.

Note also that this problem does not arise on OpenBSD because OpenBSD seems
to have patched OpenSSL to seed the RAND functions from arc4random()!  That
seems dangerous, so I am not taking that approach here.
 2012-03-05 20:13:36 +00:00
christos
94fcde8eaf Fix compilation: 
kill PGP_ERROR() and make everything use a format.
XXX: Fixme to use __VA_ARGS__ instead of the silly PGP_ERROR_N() macros.
 2012-03-05 02:20:18 +00:00
agc
ddccfadc5f Use %s for the format string, as pointed out by joerg in the diff for 
__printflike attributions (on tech-userlevel, March 1st 2012).
 2012-03-04 19:52:02 +00:00
drochner
582e7c9a93 apply upstream rev.22146: Tolerate bad MIME headers in parser. 
avoids possible NULL dereference (CVE-2006-7248)
 2012-02-28 17:23:58 +00:00
agc
1ce8f15ce5 Add the --trusted-keys argument to netpgpkeys(1) to print out PGP ids in a 
machine-readable manner.
 2012-02-22 06:58:54 +00:00
agc
c636a2b399 re-order the fields that we print out in the pgp_sprint_pubkey() function 
to be more usual.

print out the name from within pgp_sprint_pubkey() rather than tagging it
onto the end of the output from the function.
 2012-02-22 06:29:40 +00:00
christos
2552839412 Add configuration glue 2012-01-28 16:05:20 +00:00
christos
5936836493 Add build glue: no pkcs11 yes. 2012-01-28 16:04:12 +00:00
christos
a3508f9e3b remove stray .TP 2012-01-28 16:03:46 +00:00
christos
def4b137e5 we don't have -ldl 2012-01-28 03:05:53 +00:00
christos
9571548fef handle ctype lossage 2012-01-28 03:04:27 +00:00
christos
431955c163 import tpm-tools from sourceforge 2012-01-28 02:56:55 +00:00
christos
125dcfd019 add libtcs 2012-01-28 02:51:19 +00:00
christos
03a31f348d add build glue 2012-01-28 02:15:25 +00:00
christos
6af45b0d65 we only have <sys/endian.h> not <endian.h> 2012-01-28 02:11:18 +00:00
christos
ed30c0ec40 add && defined(__NetBSD__) 2012-01-28 02:10:12 +00:00
christos
2134a889e1 - add && defined(__NetBSS__) where appropriate. 
- we don't have <endian.h>, perhaps we should?
 2012-01-28 02:09:08 +00:00
christos
8c24f147ac add && defined(__NetBSD__) 2012-01-28 02:08:11 +00:00
christos
0924657c8e cast to long the thread id before printing 2012-01-28 02:06:51 +00:00
christos
6a35549fad add && defined(__NetBSD__) where appropriate 2012-01-28 02:05:55 +00:00
christos
139fa20f38 don't inline functions whose body is not visible in all places used. 2012-01-28 02:03:41 +00:00
christos
5a1e8d4ef0 we want our role accounts to start with _ 2012-01-28 02:00:51 +00:00
christos
77931e2b39 remove erroneous extra .TP 2012-01-28 01:58:25 +00:00
christos
2d5f7628c5 import trousers 0.3.8 from sourceforge. 
TrouSerS is the open-source TCG Software Stack
 2012-01-28 01:35:04 +00:00
christos
3cbaf51ab7 description of cpl 2012-01-28 01:30:42 +00:00
drochner
2d831187ff pull in rev.22050 from upstream CVS, following secadv_20120118.txt: 
Fix for DTLS DoS issue introduced by fix for CVE-2011-4108 (CVE-2012-0050)
 2012-01-18 20:08:49 +00:00
drochner
4352041ede also pull in patches for older security problems (secadv_20110906.txt): 
-rev.21358 for CRL verification vulnerability in OpenSSL (CVE-2011-3207)
-rev.21336 for TLS ephemeral ECDH crashes in OpenSSL (CVE-2011-3210)
 2012-01-05 18:59:51 +00:00
drochner
716cca6308 pull in some patches from upstream CVS, following secadv_20120104.txt: 
-rev.21964 for DTLS Plaintext Recovery Attack (CVE-2011-4108)
-rev.21961 for Uninitialized SSL 3.0 Padding (CVE-2011-4576)
-rev.21456+21954 for Malformed RFC 3779 Data Can Cause Assertion Failures
 (CVE-2011-4577)
 (rev.21456 is not mentioned in the advisory, but there is code overlap)
-rev.21958 for SGC Restart DoS Attack (CVE-2011-4619)
-rev.21956 for Invalid GOST parameters DoS Attack (CVE-2012-0027)
 2012-01-05 17:32:02 +00:00
agc
1dafd61846 get rid of an old merge conflict which managed to creep through 2011-11-28 06:36:14 +00:00
joerg
e7b856ae43 Unbreak MKINET6=no 2011-11-08 22:13:58 +00:00
joerg
9fa0321aa9 Separate strings correctly with ': ', not embedded NUL. Found by 
mlelstv.
 2011-11-04 11:54:46 +00:00
christos
eaa3f157e9 Put back support for non PIC. 2011-10-21 17:57:45 +00:00
chs
ed58cde6e4 add PIC support. 2011-10-21 15:08:41 +00:00
plunky
f65a48c2ec max WARNS is 4 2011-10-13 17:23:28 +00:00
christos
002b0b4308 use cleantags 2011-10-08 19:30:02 +00:00
wiz
6b97660a0d Sort sections. 2011-09-23 16:22:00 +00:00
jruoho
008d0db94d Also note /etc/saslc.d. 2011-09-23 15:24:35 +00:00
jruoho
ce1c27eb07 Build and install MLINKS for the libsaslc(3) functions. 2011-09-23 15:17:31 +00:00
joerg
a85aba86f0 Use __dead. 2011-09-16 15:36:18 +00:00
joerg
6a878ae49f Reapply formatting cleanup 2011-09-16 15:36:00 +00:00
christos
6f47b6603c merge openssh-5.9 2011-09-07 17:49:19 +00:00
christos
7c6477cfd2 new openssh: 
See http://www.openssh.com/txt/release-5.9
 2011-09-06 20:17:08 +00:00
christos
c708dfc2ea some stuff got removed in 5.9 2011-09-06 20:14:35 +00:00
joerg
90ee948ed8 Use __dead 2011-08-29 21:08:54 +00:00
elric
9f9617f826 Change the location of version.h from the old Heimdal srcs to the 
new srcs.
 2011-08-28 11:20:16 +00:00
elric
1ea30656a2 Change the location of version.h from the old Heimdal srcs to the 
new srcs.
 2011-08-28 10:28:35 +00:00
joerg
5cfa560df9 Avoid using non-literal format strings and optimizing code a bit at the 
same time.
 2011-08-25 15:37:00 +00:00
joerg
cc096ecebe msg.c uses non-literal format strings 2011-08-25 15:30:54 +00:00
elric
0a56de1dcb This file should not have been imported. 2011-08-25 00:25:47 +00:00