Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
171,624 Commits 606 Branches 0 Tags 3.1 GiB
Commit Graph

1233 Commits

Author SHA1 Message Date
mgrooms 879eeb1025 Fix an a typo that prevented racoon from building with hybrid enabled. 2008-07-15 02:16:58 +00:00
mgrooms 6353d50296 Update changelog which was missed in my previous commit. 2008-07-15 00:53:36 +00:00
mgrooms 8f0b3482bc Fix a conflict with the FreeBSD 8 system hexdump function. 2008-07-15 00:47:09 +00:00
tteras 56a42db6a6 Handle RESPONDER-LIFETIME notification in quick mode. 2008-07-14 05:45:15 +00:00
tteras 583275a951 Clean up notification payload handling. Handle INITIAL-CONTACT notification 
in last main mode exchange (delayed) and during quick mode exchanges.
 2008-07-14 05:40:13 +00:00
tteras 75bc4bd6cd Original patch from Atis Elsts: 
Fix a double memory free and a memory corruption (LIST_REMOVE() on
an uninserted node) in some error handling paths.
 2008-07-11 08:02:06 +00:00
tteras 7f51b6fe42 From Chong Peng: 
fix a file descriptor and memory leak on configuration file reread
 2008-07-09 12:16:50 +00:00
vanhu d20c6ed916 From Timo Teras: fix some %d to %zu (size_t values) 2008-07-02 14:46:27 +00:00
vanhu 874968c865 fixed some %d to %zu (size_t values) 2008-07-02 14:46:26 +00:00
christos a494eea816 Add an ifdef to disable the AES_CTR_MT cipher because static binaries don't 
work with -pthread, and /rescue is linked against libssh.
 2008-06-23 14:51:31 +00:00
christos 80a665de90 Add the HPN patch for ssh: 
http://www.psc.edu/networking/projects/hpn-ssh/
 2008-06-22 15:42:50 +00:00
wiz bf3ddb193b Bump date for previous. 2008-06-18 07:40:16 +00:00
mgrooms 93c1205f96 Add an admin port command to retrieve the peer certificate. Submitted by Timo Teras. 2008-06-18 07:12:04 +00:00
mgrooms c47cb1615c Add an admin port command to retrieve the peer certificate. Submitted by 
Timmo Teras.
 2008-06-18 07:12:03 +00:00
mgrooms 01e8cc1e5d Set sockets to be closed on exec to avoid potential file descriptor inheritance issues. Submitted by Timo Teras. 2008-06-18 07:04:23 +00:00
mgrooms 5d397c5ba5 Set sockets to be closed on exec to avoid potential file descriptor 
inheritance issues. Submitted by Timmo Teras.
 2008-06-18 07:04:22 +00:00
mgrooms 7598372e37 Use utility functions to evaluate and manipulate network port values. No functional changes. Submitted by Timo Teras. 2008-06-18 06:47:25 +00:00
mgrooms 2c40396f3a Use utility functions to evaluate or manipulate network port values. No 
functional changes. Submitted by Timmo Teras.
 2008-06-18 06:47:24 +00:00
mgrooms 7dac642960 Admin port code cleanup. No functional changes. Submitted by Timo Teras. 2008-06-18 06:27:49 +00:00
mgrooms 18fc645e9a Admin port code cleanup. No functional changes. Submitted by Timmo Teras. 2008-06-18 06:27:48 +00:00
mgrooms 9345b05cc4 Correct a phase2 status event. Submitted by Timo Teras. 2008-06-18 06:11:38 +00:00
mgrooms b163716d45 Correct a phase2 status event. Submitted by Timmo Teras. 2008-06-18 06:11:37 +00:00
tls f5792c6ee8 Apply patch from Darryl Miles which adjusts SSL_shutdown's behavior for 
non-blocking BIOs so that it is sane -- so that, in other words, -1 with
a meaningful library error code (WANT_READ or WANT_WRITE) is returned
when we would block for I/O.  Without this change, you have to sleep or
spin -- you can't know how to put the underlying socket in your select
or poll set.

Patch from http://marc.info/?l=openssl-dev&m=115154030723033&w=2 and
rationale at http://marc.info/?l=openssl-dev&m=115153998821797&w=2 where
sadly they were overlooked by the OpenSSL team for some time.  It is hoped
that now that we've brought this change to their attention they will
integrate it into their sources and we can lose the local change in
NetBSD.
 2008-06-10 19:45:00 +00:00
tonnerre 31197b7671 Fix two Denial of Service vulnerabilities in OpenSSL: 
- Fix flaw if server key exchange message is omitted from a TLS handshake
   which could lead to a silent crash.
 - Fix double free in TLS server name extensions which could lead to a
   remote crash.

Fixes CVE-2008-1672.
 2008-06-05 15:30:10 +00:00
christos 90318d80f4 PR/38728: Tomoyuki Okazaki: Enable Camellia 2008-05-26 16:39:45 +00:00
christos a41e5a83be Add coverity alloc comment. 2008-05-24 20:07:00 +00:00
christos cfb67f710f add a coverity alloc comment. 2008-05-24 20:05:52 +00:00
christos e520f14ae6 Coverity CID 5003: Fix memory leak. 2008-05-24 20:00:07 +00:00
christos e3ee1b22da Coverity CID 5004: Fix double free. 2008-05-24 19:58:01 +00:00
christos 78dc0fbbfc Add a coverity alloc comment. 2008-05-24 19:54:43 +00:00
christos 13ebcc71fb Add a coverity alloc comment 2008-05-24 19:52:36 +00:00
christos c2e438738f Coverity CID 5007: Avoid double free. 2008-05-24 19:48:27 +00:00
christos 677bd71b1f Add a coverity allocation comment. 2008-05-24 19:46:32 +00:00
christos 66009f62a3 Coverity CID 5010: Avoid buf[-1] = '\0' on error. 2008-05-24 19:32:28 +00:00
christos aa3b40a116 Coverity CID 5018: Fix double frees. 2008-05-24 18:39:40 +00:00
christos b6c10a6fe5 avoid using free_func as an argument because it is already a typedef. 2008-05-10 16:52:05 +00:00
christos 33d34d249c fix version string 2008-05-09 22:10:19 +00:00
christos 2149db96e3 resolve conflicts 2008-05-09 21:49:39 +00:00
christos b69a53abf2 import today's snapshot! Hi <tls> 2008-05-09 21:34:04 +00:00
manu 2a499f37b6 From Christian Hohnstaedt: allow out of tree building 2008-05-08 12:24:50 +00:00
martin 11a6dbe728 Convert TNF licenses to new 2 clause variant 2008-04-30 13:10:46 +00:00
martin ce099b4099 Remove clause 3 and 4 from TNF licenses 2008-04-28 20:22:51 +00:00
jmmv 098f566eb9 Do as in revision 1.26 of sshd_config: add a sample, commented-out line 
for X.org's xauth.
 2008-04-25 15:01:45 +00:00
vanhu ed9bfcd9c2 From Timo Teras: extract port numbers from SADB_X_EXT_NAT_T[SD]PORT if present in purge_ipsec_spi(). 2008-04-25 14:41:18 +00:00
vanhu c6898eabf6 extract ports information from SADB_X_EXT_NAT_T_[SD]PORT if present in purge_ipsec_spi() 2008-04-25 14:41:17 +00:00
martin 795befa36d namespace police to make it buildable (no, it still does not work), 
add rcsid.
 2008-04-20 15:01:14 +00:00
martin 41de77d985 Sync SCM_RIGHTS passing code with the version used in racoon (i.e. 
set message header and controll message size to the same value again)
 2008-04-19 22:15:30 +00:00
christos 57a7ea54be for symmetry set controllen the same way we set it on the receiving side. 2008-04-13 21:45:19 +00:00
christos 03409c55d7 Don't use variable size allocation on the stack. 2008-04-13 21:44:14 +00:00
adrianp c09e4a3a8c Fix for CVE-2007-3108 
The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and
earlier does not properly perform Montgomery multiplication, which might
allow local users to conduct a side-channel attack and retrieve RSA
private keys.
 2008-04-10 14:19:59 +00:00