Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
208,218 Commits 606 Branches 0 Tags 3.1 GiB
7f5fd4a5cd
Commit Graph

2244 Commits

Author SHA1 Message Date
tteras
aa9b8479a9 From Rainer Weikusat <rweikusat@mobileactivedefense.com>: Enhance splitnet 
environment variable string value generation.
 2012-01-10 12:07:30 +00:00
wiz
59bb0b8307 Bump date for previous. 2012-01-09 15:41:21 +00:00
drochner
4fa381bcb2 allow setkey(8) set and display the ESP fragment size in the NAT-T case, 
userland part of PR kern/44952 by Wolfgang Stukenbrock, just changed
the "frag" option name to "esp_frag", for consistency to the existing
option of similar effect in racoon(8)
 2012-01-09 15:25:13 +00:00
drochner
4352041ede also pull in patches for older security problems (secadv_20110906.txt): 
-rev.21358 for CRL verification vulnerability in OpenSSL (CVE-2011-3207)
-rev.21336 for TLS ephemeral ECDH crashes in OpenSSL (CVE-2011-3210)
 2012-01-05 18:59:51 +00:00
drochner
716cca6308 pull in some patches from upstream CVS, following secadv_20120104.txt: 
-rev.21964 for DTLS Plaintext Recovery Attack (CVE-2011-4108)
-rev.21961 for Uninitialized SSL 3.0 Padding (CVE-2011-4576)
-rev.21456+21954 for Malformed RFC 3779 Data Can Cause Assertion Failures
 (CVE-2011-4577)
 (rev.21456 is not mentioned in the advisory, but there is code overlap)
-rev.21958 for SGC Restart DoS Attack (CVE-2011-4619)
-rev.21956 for Invalid GOST parameters DoS Attack (CVE-2012-0027)
 2012-01-05 17:32:02 +00:00
wiz
8d8e2b7310 Bump date for previous. 2012-01-04 16:30:50 +00:00
drochner
8fd6dadaf8 include <netipsec/ipsec.h> rather than <netinet6/ipsec.h> from userland 
where possible, for consistency and compatibility to FreeBSD
(exception: KAME specific statistics gathering in netstat(1) and systat(1))
 2012-01-04 16:09:40 +00:00
drochner
3712f81ced -consistently use "char *" for the compiled policy buffer in the 
ipsec_*_policy() functions, as it was documented and used by clients
-remove "ipsec_policy_t" which was undocumented and only present
 in the KAME version of the ipsec.h header
-misc cleanup of historical artefacts, and to remove unnecessary
 differences between KAME ans FAST_IPSEC
 2012-01-04 15:55:35 +00:00
tteras
2713c54c73 From Rainer Weikusat <rweikusat@mobileactivedefense.com>: Fix one byte too 
short memory allocation in isakmp_unity.c:splitnet_list_2str().
 2012-01-01 17:31:42 +00:00
tteras
11e30c248c From Wolfgang Schmieder <wolfgang@die-schmieders.de>: Fix default NAT-T 
port for listen { isakmp_natt } config directive.
 2012-01-01 16:14:11 +00:00
tteras
40d768bf75 From Wolfgang Schmieder <wolfgang@die-schmieders.de>: Fix various typos in 
comments and log messages. Fix default port used in copy_ph1addresses().
 2012-01-01 15:57:31 +00:00
tteras
dbe8969919 Fix myaddr_getsport() to return -1 if no suitable address is found. This is 
used in pfkey.c:pk_recvacquire() to check if IKE negotiation should be
started or not.
 2012-01-01 15:54:51 +00:00
tteras
838cfe4724 Fix the previous commit. 2012-01-01 15:44:06 +00:00
tteras
b448c51c51 From Wolfgang Schmieder <wolfgang@die-schmieders.de>: Fix memory leaks from 
configuration reading code, and clean up error handling.
 2012-01-01 15:29:28 +00:00
agc
1dafd61846 get rid of an old merge conflict which managed to creep through 2011-11-28 06:36:14 +00:00
vanhu
0a7daa593d fixed some crashes in LIST_FOREACH where current element could be removed during the loop 2011-11-17 14:41:55 +00:00
wiz
3efedf2ce7 Bump date for new tls option. 2011-11-15 19:15:58 +00:00
tteras
c7d190f034 From Vincent Bernat <bernat@luffy.cx>: TLS support for LDAP 2011-11-15 13:51:23 +00:00
tteras
84d53e8c5d From Marcelo Leitner <mleitner@redhat.com>: do not shrink pfkey socket 
buffers (if system default is larger than what we want as minimum)
 2011-11-14 13:24:04 +00:00
joerg
e7b856ae43 Unbreak MKINET6=no 2011-11-08 22:13:58 +00:00
joerg
9fa0321aa9 Separate strings correctly with ': ', not embedded NUL. Found by 
mlelstv.
 2011-11-04 11:54:46 +00:00
christos
eaa3f157e9 Put back support for non PIC. 2011-10-21 17:57:45 +00:00
chs
ed58cde6e4 add PIC support. 2011-10-21 15:08:41 +00:00
plunky
f65a48c2ec max WARNS is 4 2011-10-13 17:23:28 +00:00
tteras
a09a6d0cd5 From Rainer Weikusat <rweikusat@mobileactivedefense.com>: Release unused 
phase2 of passive remotes after acquire.
 2011-10-11 14:50:15 +00:00
tteras
4c2f40f96a From Wolfgang Schmieder <wolfgang.schmieder@honeywell.com>: setup phase1 
port properly.
 2011-10-11 14:37:17 +00:00
christos
002b0b4308 use cleantags 2011-10-08 19:30:02 +00:00
wiz
6b97660a0d Sort sections. 2011-09-23 16:22:00 +00:00
jruoho
008d0db94d Also note /etc/saslc.d. 2011-09-23 15:24:35 +00:00
jruoho
ce1c27eb07 Build and install MLINKS for the libsaslc(3) functions. 2011-09-23 15:17:31 +00:00
joerg
a85aba86f0 Use __dead. 2011-09-16 15:36:18 +00:00
joerg
6a878ae49f Reapply formatting cleanup 2011-09-16 15:36:00 +00:00
christos
6f47b6603c merge openssh-5.9 2011-09-07 17:49:19 +00:00
christos
7c6477cfd2 new openssh: 
See http://www.openssh.com/txt/release-5.9
 2011-09-06 20:17:08 +00:00
christos
c708dfc2ea some stuff got removed in 5.9 2011-09-06 20:14:35 +00:00
joerg
90ee948ed8 Use __dead 2011-08-29 21:08:54 +00:00
elric
95bd2d4a1e Remove crypto/dist/heimdal and its associated build infrastructure as 
it has been replaced by crypto/external/bsd/heimdal.
 2011-08-28 16:21:57 +00:00
elric
9f9617f826 Change the location of version.h from the old Heimdal srcs to the 
new srcs.
 2011-08-28 11:20:16 +00:00
elric
1ea30656a2 Change the location of version.h from the old Heimdal srcs to the 
new srcs.
 2011-08-28 10:28:35 +00:00
joerg
5cfa560df9 Avoid using non-literal format strings and optimizing code a bit at the 
same time.
 2011-08-25 15:37:00 +00:00
joerg
cc096ecebe msg.c uses non-literal format strings 2011-08-25 15:30:54 +00:00
elric
0a56de1dcb This file should not have been imported. 2011-08-25 00:25:47 +00:00
dholland
84c562e368 Previous here required stdint.h. 2011-08-22 00:24:42 +00:00
tteras
cbb586e05f Allow inherited remote blocks without additional remote statements to 
be specified in a simpler way. patch by Roman Hoog Antink <rha@open.ch>
 2011-08-19 05:36:47 +00:00
christos
5434bb1cbb Remove gcc-4.5 hacks. I must have fixed them in a different pass. 2011-08-17 05:32:09 +00:00
christos
5573cb4a88 remove gcc-4.5 hacks; gcc-4.5 does not like fileno() to be unchecked, and 
produces an unhelpful out of bounds array warning, so check it.
 2011-08-17 05:30:01 +00:00
christos
0a61f86410 undo junk committed. 2011-08-16 09:43:03 +00:00
christos
6c83058fe2 kill non-literal format strings or document them. 2011-08-16 09:42:21 +00:00
christos
4e1d834d15 add extra cast for systems where sizeof(time_t) < sizeof(intmax_t) 2011-08-16 02:59:00 +00:00
elric
51efa0609e We shouldn't cast client_time to (intmax_t) because it is a char * not 
an integer.
 2011-08-16 01:14:57 +00:00