44ed6e91de
Prefer "." for the current address and not the PPC specific "$".
2013-08-04 17:15:21 +00:00
14b0477b50
Re-check the entropy level after we call RAND_poll(), so that we do
...
not continuously suck data out of /dev/urandom if we receive a stream
of requests larger than the initial-entropy threshold (hi Roland!).
2013-07-28 14:13:29 +00:00
a5684d07dd
Use Mt for email addresses.
2013-07-20 21:39:55 +00:00
2d9f2eda4f
From Rainer Weikusat <rweikusat@mobileactivedefense.com>: Export phase1
...
remote address as Radius Calling-Station-Id.
2013-07-19 10:54:52 +00:00
a2f4868d2a
add RTM_LOSING, RTM_REDIRECT
2013-07-18 17:02:58 +00:00
4595769cee
From Sven Vermeulen <sven.vermeulen@siphos.be>: Moves ploginit() up,
...
allowing logging events from init_avc() to show up as well.
2013-07-12 13:11:50 +00:00
9e69720425
Fix violations of the sequence point rule.
2013-06-28 15:04:35 +00:00
82db4b9858
Replace consttime_bcmp/explicit_bzero by consttime_memequal/explicit_memset.
...
consttime_memequal is the same as the old consttime_bcmp.
explicit_memset is to memset as explicit_bzero was to bcmp.
Passes amd64 release and i386/ALL, but I'm sure I missed some spots,
so please let me know.
2013-06-24 04:21:19 +00:00
c59ba37534
Add an option --enable-wildcard-match to enable wildcard matching and explain
...
why we might want it and why it is a bad idea in general that's why it is
not enabled by default. ok tteras@, manu@
2013-06-20 15:41:18 +00:00
4f62ef74bd
From Paul Barker: Remove redundant memset after calloc that caused compile
...
failures with gcc 4.8 due to error: argument to 'sizeof' in 'memset' call
is the same expression as the destination; did you mean to dereference.
2013-06-18 05:39:50 +00:00
54da44c072
Accept - as stdin
...
Be nice and let the user know which file it could not open.
2013-06-14 16:29:14 +00:00
05fbc8efab
From Alexander Sbitnev <alexander.sbitnev@gmail.com>: fix admin port
...
establish-sa for tunnel mode SAs.
2013-06-03 05:49:31 +00:00
fdd5bac4fc
From Rainer Weikusat <rweikusat@mobileactivedefense.com>: Fix
...
SADB_X_EALG_CASTCBC definition to use system definition (which
differs at least on Linux).
------------------------
2013-05-23 05:42:29 +00:00
3966285084
AUTHCID is optional for the GSSAPI mechanism.
2013-05-16 13:02:12 +00:00
cdfc977bf0
principals have principles.
2013-05-14 15:33:21 +00:00
34b99be967
The previous patch didn't apply cleanly, because our code doesn't
...
use #ifdef OPENSSL_HAS_ECC.
Apply manually.
Drop now unused len variable.
2013-05-14 05:18:11 +00:00
c8fbe6c64a
use explicit_bzero instead of memset to zero memory
2013-05-10 16:39:25 +00:00
6fd620669a
remove error(1) output.
2013-05-10 16:38:47 +00:00
b1090dff8a
racoon default config is in /etc/racoon/racoon.conf
2013-05-08 20:03:02 +00:00
e976afb5c5
Identityfile warnings fixes.
...
https://bugzilla.mindrot.org/show_bug.cgi?id=2084
2013-04-29 17:59:50 +00:00
90a83642c1
restore logging behavior: don't treat user disconnect messages as errors,
...
just log them.
2013-04-25 20:10:28 +00:00
8d7f62402c
Use __dead.
2013-04-12 18:09:30 +00:00
e29eeb0057
Add __printflike.
2013-04-12 18:09:19 +00:00
f1ca729c04
Don't force pthread linkage.
2013-04-12 18:08:10 +00:00
32d6075c95
From Rainer Weikusat <rweikusat@mobileactivedefense.com>: Do not send out
...
illegal zero length MODE_CFG attributes.
2013-04-12 10:03:45 +00:00
3d2760a386
Some logging improvements.
2013-04-12 09:53:10 +00:00
ce11a51f1d
welcome to openssh-6.2
2013-03-29 16:19:44 +00:00
d2a9b9efd7
from openbsd
2013-03-29 14:52:38 +00:00
ca99397396
fix some lint on i386, noticed by Greg Troxel, thanks!
2013-03-19 01:00:16 +00:00
6641d1f9ad
Touch e_aes.c to force a rebuild with new compiler flags for AES-NI.
2013-02-18 21:20:50 +00:00
249c85457d
Fix build goo for OpenSSL AES-NI support.
...
OpenSSL now supports AES-NI in evp, not in an engine. We can now get
rid of the no longer maintained aesni engine, which was broken last
summer. Not only can OpenSSL now use AES-NI for everything it did
before we broke it last summer, but it can also use AES-NI for more
encryption modes than before, such as CTR.
Tested on amd64, both vanilla and in an i386 chroot.
ok christos
2013-02-18 21:15:25 +00:00
82e8c5f133
need bsd.own.mk
2013-02-12 20:55:37 +00:00
b261027db1
mv the MKCRYPTO protection higher; ideally should be at the top for this
2013-02-12 20:31:13 +00:00
a7c38cbf62
merge in 1.0.1e
2013-02-12 19:52:11 +00:00
5f71164a5e
Changes between 1.0.1d and 1.0.1e [11 Feb 2013]
...
*) Correct fix for CVE-2013-0169. The original didn't work on AES-NI
supporting platforms or when small records were transferred.
[Andy Polyakov, Steve Henson]
2013-02-12 19:10:49 +00:00
fdbbeac71e
remove obsolete file
2013-02-08 22:37:14 +00:00
6b8892b719
fix generation
2013-02-08 15:22:03 +00:00
e67266a84f
Change bclr 14,2 to beqlr
2013-02-08 03:05:43 +00:00
1e387e93ca
descend!
2013-02-08 01:54:20 +00:00
a6b0cd16cd
commit the new man page.
2013-02-07 17:30:08 +00:00
0e9a2dbd88
one more page
2013-02-07 16:48:28 +00:00
f496c772c6
reorg and add missing file.
2013-02-06 17:03:51 +00:00
ffecf7319c
bump and add extra file
2013-02-05 23:38:46 +00:00
523f268b9f
merge changes
2013-02-05 21:31:23 +00:00
85e90c0ff3
regen
2013-02-05 19:21:27 +00:00
44ce355adb
regen!
2013-02-05 19:18:41 +00:00
340218d9b9
import 1.0.1d for http://www.openssl.org/news/secadv_20130204.txt
2013-02-05 19:04:09 +00:00
fde1259d48
Fix source port selection
2013-02-05 11:36:17 +00:00
0849876e12
From Ian West <ian@niw.com.au>: Fix double free of the radius info on
...
config reload.
2013-02-05 06:22:29 +00:00
00e5ebee00
Pull multiple free bua fix from upstream:
...
http://git.openssl.org/gitweb/?p=openssl.git;a=patch;h=d21bf10dea6588b632a65b4fe594e04f288aad83;hp=d47c01a31a67ff4370b1883a58cabd0279752bb4
Multiple copies of the ENGINE will cause problems when it is cleaned up as
the methods are stored in static structures which will be overwritten and
freed up more than once.
Set static methods to NULL when the ENGINE is freed so it can be reloaded.
2013-02-04 01:44:47 +00:00
joerg