e2fe99ce62
Use the correct constant.
...
From FreeBSD via Henning Petersen in PR 46005.
2012-02-13 13:03:06 +00:00
2552839412
Add configuration glue
2012-01-28 16:05:20 +00:00
5936836493
Add build glue: no pkcs11 yes.
2012-01-28 16:04:12 +00:00
a3508f9e3b
remove stray .TP
2012-01-28 16:03:46 +00:00
def4b137e5
we don't have -ldl
2012-01-28 03:05:53 +00:00
9571548fef
handle ctype lossage
2012-01-28 03:04:27 +00:00
431955c163
import tpm-tools from sourceforge
2012-01-28 02:56:55 +00:00
125dcfd019
add libtcs
2012-01-28 02:51:19 +00:00
03a31f348d
add build glue
2012-01-28 02:15:25 +00:00
6af45b0d65
we only have <sys/endian.h> not <endian.h>
2012-01-28 02:11:18 +00:00
ed30c0ec40
add && defined(__NetBSD__)
2012-01-28 02:10:12 +00:00
2134a889e1
- add && defined(__NetBSS__) where appropriate.
...
- we don't have <endian.h>, perhaps we should?
2012-01-28 02:09:08 +00:00
8c24f147ac
add && defined(__NetBSD__)
2012-01-28 02:08:11 +00:00
0924657c8e
cast to long the thread id before printing
2012-01-28 02:06:51 +00:00
6a35549fad
add && defined(__NetBSD__) where appropriate
2012-01-28 02:05:55 +00:00
139fa20f38
don't inline functions whose body is not visible in all places used.
2012-01-28 02:03:41 +00:00
5a1e8d4ef0
we want our role accounts to start with _
2012-01-28 02:00:51 +00:00
77931e2b39
remove erroneous extra .TP
2012-01-28 01:58:25 +00:00
2d5f7628c5
import trousers 0.3.8 from sourceforge.
...
TrouSerS is the open-source TCG Software Stack
2012-01-28 01:35:04 +00:00
3cbaf51ab7
description of cpl
2012-01-28 01:30:42 +00:00
71a175ae1b
Bump date for previous.
2012-01-26 21:54:26 +00:00
c51fcdeec7
also mention the aes-gcm ESP variants
2012-01-26 21:11:27 +00:00
2d831187ff
pull in rev.22050 from upstream CVS, following secadv_20120118.txt:
...
Fix for DTLS DoS issue introduced by fix for CVE-2011-4108 (CVE-2012-0050)
2012-01-18 20:08:49 +00:00
aa9b8479a9
From Rainer Weikusat <rweikusat@mobileactivedefense.com>: Enhance splitnet
...
environment variable string value generation.
2012-01-10 12:07:30 +00:00
59bb0b8307
Bump date for previous.
2012-01-09 15:41:21 +00:00
4fa381bcb2
allow setkey(8) set and display the ESP fragment size in the NAT-T case,
...
userland part of PR kern/44952 by Wolfgang Stukenbrock, just changed
the "frag" option name to "esp_frag", for consistency to the existing
option of similar effect in racoon(8)
2012-01-09 15:25:13 +00:00
4352041ede
also pull in patches for older security problems (secadv_20110906.txt):
...
-rev.21358 for CRL verification vulnerability in OpenSSL (CVE-2011-3207)
-rev.21336 for TLS ephemeral ECDH crashes in OpenSSL (CVE-2011-3210)
2012-01-05 18:59:51 +00:00
716cca6308
pull in some patches from upstream CVS, following secadv_20120104.txt:
...
-rev.21964 for DTLS Plaintext Recovery Attack (CVE-2011-4108)
-rev.21961 for Uninitialized SSL 3.0 Padding (CVE-2011-4576)
-rev.21456+21954 for Malformed RFC 3779 Data Can Cause Assertion Failures
(CVE-2011-4577)
(rev.21456 is not mentioned in the advisory, but there is code overlap)
-rev.21958 for SGC Restart DoS Attack (CVE-2011-4619)
-rev.21956 for Invalid GOST parameters DoS Attack (CVE-2012-0027)
2012-01-05 17:32:02 +00:00
8d8e2b7310
Bump date for previous.
2012-01-04 16:30:50 +00:00
8fd6dadaf8
include <netipsec/ipsec.h> rather than <netinet6/ipsec.h> from userland
...
where possible, for consistency and compatibility to FreeBSD
(exception: KAME specific statistics gathering in netstat(1) and systat(1))
2012-01-04 16:09:40 +00:00
3712f81ced
-consistently use "char *" for the compiled policy buffer in the
...
ipsec_*_policy() functions, as it was documented and used by clients
-remove "ipsec_policy_t" which was undocumented and only present
in the KAME version of the ipsec.h header
-misc cleanup of historical artefacts, and to remove unnecessary
differences between KAME ans FAST_IPSEC
2012-01-04 15:55:35 +00:00
2713c54c73
From Rainer Weikusat <rweikusat@mobileactivedefense.com>: Fix one byte too
...
short memory allocation in isakmp_unity.c:splitnet_list_2str().
2012-01-01 17:31:42 +00:00
11e30c248c
From Wolfgang Schmieder <wolfgang@die-schmieders.de>: Fix default NAT-T
...
port for listen { isakmp_natt } config directive.
2012-01-01 16:14:11 +00:00
40d768bf75
From Wolfgang Schmieder <wolfgang@die-schmieders.de>: Fix various typos in
...
comments and log messages. Fix default port used in copy_ph1addresses().
2012-01-01 15:57:31 +00:00
dbe8969919
Fix myaddr_getsport() to return -1 if no suitable address is found. This is
...
used in pfkey.c:pk_recvacquire() to check if IKE negotiation should be
started or not.
2012-01-01 15:54:51 +00:00
838cfe4724
Fix the previous commit.
2012-01-01 15:44:06 +00:00
b448c51c51
From Wolfgang Schmieder <wolfgang@die-schmieders.de>: Fix memory leaks from
...
configuration reading code, and clean up error handling.
2012-01-01 15:29:28 +00:00
1dafd61846
get rid of an old merge conflict which managed to creep through
2011-11-28 06:36:14 +00:00
0a7daa593d
fixed some crashes in LIST_FOREACH where current element could be removed during the loop
2011-11-17 14:41:55 +00:00
3efedf2ce7
Bump date for new tls option.
2011-11-15 19:15:58 +00:00
c7d190f034
From Vincent Bernat <bernat@luffy.cx>: TLS support for LDAP
2011-11-15 13:51:23 +00:00
84d53e8c5d
From Marcelo Leitner <mleitner@redhat.com>: do not shrink pfkey socket
...
buffers (if system default is larger than what we want as minimum)
2011-11-14 13:24:04 +00:00
e7b856ae43
Unbreak MKINET6=no
2011-11-08 22:13:58 +00:00
9fa0321aa9
Separate strings correctly with ': ', not embedded NUL. Found by
...
mlelstv.
2011-11-04 11:54:46 +00:00
eaa3f157e9
Put back support for non PIC.
2011-10-21 17:57:45 +00:00
ed58cde6e4
add PIC support.
2011-10-21 15:08:41 +00:00
f65a48c2ec
max WARNS is 4
2011-10-13 17:23:28 +00:00
a09a6d0cd5
From Rainer Weikusat <rweikusat@mobileactivedefense.com>: Release unused
...
phase2 of passive remotes after acquire.
2011-10-11 14:50:15 +00:00
4c2f40f96a
From Wolfgang Schmieder <wolfgang.schmieder@honeywell.com>: setup phase1
...
port properly.
2011-10-11 14:37:17 +00:00
002b0b4308
use cleantags
2011-10-08 19:30:02 +00:00
wiz