Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
177,971 Commits 606 Branches 0 Tags 3.1 GiB
ac97beab45
Commit Graph

1331 Commits

Author SHA1 Message Date
vanhu
3a74e20575 Set up a default value for Mode Config Pool size if pool address specified but pool size not specified 2008-11-27 15:04:21 +00:00
vanhu
054e0e851d Fixed pool resizing 2008-11-27 15:04:16 +00:00
tteras
f863fa40c3 From Arnaud Ebalard: 
Remove MAXNESTEDSA weirdness. It's probably meant for bundle support which
is not done. When someone actually writes bundle support, the nested SA
stuff would probably be reworked too anyway.
 2008-11-27 11:08:48 +00:00
tteras
1c6c2a3356 From: Matthew Krenzer 
Ability to set pfkey socket buffer size via configuration file directive.
(Indentation and minor fixes by me.)
 2008-11-27 10:53:48 +00:00
bad
e564489300 Document my changes from 2008-11-08 and today. 2008-11-25 22:39:20 +00:00
bad
f798cbf18b Avoid using MSG_NOSIGNAL as it is not available everywhere. 
Ignore SIGPIPE instead.
 2008-11-25 22:38:31 +00:00
bad
d9c51cbeae Ignore unspecified and looback addresses. Ignoring unspecified addresses 
prevents racoon from trying to bind to the wildcard address and specific
addresses simultaneously after e.g. dhclient has changed an interface's
address to 0.0.0.0.
 2008-11-25 22:00:15 +00:00
bad
e7c2314bc8 RTM_DELETE and RTM_IFINFO don't carry info for added or deleted addresses. 
Ignore them silently.
 2008-11-25 21:54:05 +00:00
bad
6db1040de3 Ignoring an unsuitable address is not an error. Therefore log it as 
informational.
Make it clear from the log message that a route message is not interesting.
 2008-11-25 21:50:47 +00:00
bad
220cbdde75 Use insmyaddr() instead of open coding it. 2008-11-25 21:46:12 +00:00
bad
b8d42d186b Do not return erroneously from isakmp_open() when setting IPV6_USE_MIN_MTU 
fails.
 2008-11-25 21:42:36 +00:00
bad
667107700d Keep myaddr.sock at -1 when no socket is opened. 2008-11-25 21:37:11 +00:00
bad
96020e15cb Preserve owner and permissions of original /etc/resolv.conf. 
Ensure that new /etc/resolv.conf isn't group or world writable.
 2008-11-08 13:41:09 +00:00
bad
447613dc6a Print and check INTERNAL_NETMASK4. 2008-11-08 13:38:46 +00:00
bad
aabe06ab2f Make the handling of NAT-T SPD entries automatic. 2008-11-08 13:36:35 +00:00
bad
5a8370eefd Ensure that the determination of the default gateway and the corresponding 
interface don't get confused by multiple, possibly non-IPv4  default routes.
Bring the NetBSD case of deleting the VPN routes and address in line with
the Linux case and delete the address after deleting the VPN routes.
 2008-11-08 13:31:23 +00:00
wiz
a4814aed6a The escape sequence for a backslash is "\e". 2008-11-07 16:51:27 +00:00
reed
a455765d91 Use line continuation for an example. It was too wide for my output 
so was cropped.

Already shared upstream and was told (in September) will be in next
major release.
 2008-11-07 15:50:38 +00:00
vanhu
33dafe234f fixed delsainfo() to avoid a crash when iddst's value is SAINFO_CLIENTADDR 2008-11-06 14:12:28 +00:00
tteras
66f152db75 Add ChangeLog entry about S.P.Zeidler's commit. Fix my name in one place. 2008-11-01 06:55:10 +00:00
spz
334414e667 Changes to ipsecdoi_id2str(): 
struct sockaddr -> struct sockaddr_storage fixes a stack overflow

For non-linklocal addresses the value in 'scope' is garbage and gets
set to zero instead.
 2008-10-29 18:49:45 +00:00
tteras
0c1f013cc5 Fix commit dates to reflect reality. 2008-10-28 19:03:27 +00:00
hubertf
11236c9878 Make sshd find the xauth program, even with the new /usr/X11R7. 
OK'd by christos@
 2008-10-27 08:27:04 +00:00
tteras
ed890caaae From Arnaud Ebalard: 
Add missing return to error path
 2008-10-27 06:27:05 +00:00
tteras
3ff331469e From Francis Dupont (sent by Arnaud Ebalard): 
recognize RTM_IFANNOUNCE
 2008-10-27 06:24:27 +00:00
tteras
a06fc42a2e From Arnaud Ebalard: 
Fix indentation issues for readability
 2008-10-27 06:21:29 +00:00
tteras
b186d55b63 From Arnaud Ebalard: 
initfds() needs to be called only if monitored file descriptor numbers
have changed
 2008-10-27 06:18:08 +00:00
tteras
38962f77a8 From Arnaud Ebalard: 
Remove duplicate declaration
 2008-10-27 06:14:04 +00:00
adrianp
1e802db977 Pull in a fix from the OpenSSL CVS: 
http://cvs.openssl.org/filediff?f=openssl/crypto/x509/x509_att.c&v1=1.14&v2=1.15
This should fix PR #39767 opened by Wolfgang Solfrank
 2008-10-25 12:11:47 +00:00
tteras
ede27c75ad From Krzysztof Piotr Oledzki <olel@ans.pl>: 
Revert parts of 2008-08-06 commit; the problem those changes address are
already handled in a sensible way by Cyrus Rahman's patch from 2008-03-06.
 2008-10-23 10:56:10 +00:00
apb
96230fab84 Use ${TOOL_AWK} instead of ${AWK} or plain "awk" in make commands. 
Pass AWK=${TOOL_AWK:Q} to shell scripts that use awk.
 2008-10-19 22:05:19 +00:00
tteras
ab610e81be Fix a spelling mistake in changelog 2008-10-09 16:44:31 +00:00
tteras
52d4b7db25 From Arnaud Ebalard: remove unnecessary unbindph12() call which is now done in remph2() 2008-10-09 15:53:12 +00:00
tteras
c724d51982 From Arnoud Ebalard <arno@natisbad.org>: 
remove unnecessary unbindph12() call which is now done also in remph2()
 2008-10-09 15:53:11 +00:00
vanhu
105e5049b7 Fixed resending mechanism to have non-ESP marker for retransmitted packets 2008-09-25 09:34:13 +00:00
wiz
e829b0a440 New sentence, new line. 2008-09-19 17:33:24 +00:00
tteras
d1a09d5477 Implement ISAKMP SA rekeying configurable with rekey {on|off|force} option 
in remote conf.
 2008-09-19 11:14:49 +00:00
tteras
fbf62026bb Change struct sched to be allocated be the caller to avoid some memory 
allocations. Optimize scheduling algorithm to not scan all entries in
the main loop.
 2008-09-19 11:01:08 +00:00
christos
7a75c9a543 PR/39233: Taylor R Campbeel: OpenSSH fails to initialize tun(4) tunnels 
correctly.
 2008-09-17 15:45:50 +00:00
vanhu
b383a5b3e4 Fixed port match in purge_ipsec_spi() when NAT-T enabled and trying to purge non NAT-T SAs 2008-09-17 12:39:07 +00:00
vanhu
954f7757c0 Some calls to set_port() were not correctly updated in the previous commit 2008-09-09 11:50:42 +00:00
vanhu
a20b313ea8 From Tomas Mraz: Duplicate addresses in pk_sendxxx functions, as they may be altered for NAT-T stuff. 2008-09-03 16:08:26 +00:00
vanhu
4ead39ef24 Duplicate addresses in pk_sendxxx functions, as they may be altered for NAT-T stuff 2008-09-03 16:08:25 +00:00
tteras
dbd3f137ba - Fix reloading of SPD (Linux satype check, handling of SPD dump responses) 
- Remove some spurious error log message from extract_port()
 2008-09-03 09:57:28 +00:00
lukem
b926b61a73 Comment out __RCSID; this is a host tool and we don't need the Id in the binary. 
Fixes cross-build issue on RHEL5-like Linux.

Arguably we shouldn't even #include <config.h> because that's been created
for the NetBSD target and not the (possibly non-NetBSD) host system,
but that hasn't caused problems so far so I'll leave it for now.
 2008-09-03 07:10:55 +00:00
gmcgarry
dc1f2ff2f9 Eliminate gcc-specific feature of empty structures. 2008-08-29 00:31:37 +00:00
gmcgarry
f3a85cb801 Eliminate superfluous semicolon. 2008-08-29 00:31:00 +00:00
gmcgarry
b4e2d1afdf Eliminate gcc-specific feature of unnamed structures added recently. 2008-08-29 00:30:15 +00:00
vanhu
163d7169c0 From Krzysztof Piotr Oledzki: Remove ph1handler if we received an invalid first exchange from initiator. 2008-08-12 12:45:55 +00:00
vanhu
32468f64a1 Remove ph1handler if we received an invalid first exchange from initiator 2008-08-12 12:45:54 +00:00
tteras
191869cf2a From Krzysztof Piotr Oledzki: 
Make privileged process exit if unprivileged process is terminated and
some spelling fixes.
 2008-08-06 19:14:28 +00:00
simonb
5a3c2f6809 Revert the HPN changes that added verbose "Max throughput" summary 
after scp(1) finishes.
 2008-08-05 14:13:34 +00:00
veego
cca63e16c3 Restore .hx support for avoiding unneeded regeneration of header files 
Fix PR lib/39185

Partly restore the changes which were removed during the Heimdal 1.1 update:
src/lib/libasn1/Makefile 1.28 -> 1.29
src/lib/libhdb/Makefile 1.21 -> 1.22
src/crypto/dist/heimdal/lib/asn1/gen.c 1.8 -> 1.9

Add .hx support in 'new' heimdal libraries:
src/lib/libgssapi/Makefile
src/lib/libhx509/Makefile

Add a new entry in doc/HACKS for this changes.
 2008-08-03 07:16:58 +00:00
mgrooms
9ef0a25aeb Add some missing ifdefs required for non-radius enabled builds. 2008-07-23 17:36:00 +00:00
tteras
4521811287 Do not use GNU make specific extension. 2008-07-23 13:53:08 +00:00
tteras
28aa26f3de Do flex/bison invocation in a more standard way, and keep the generated 
files in the dist tarball.
 2008-07-23 09:06:51 +00:00
vanhu
826c52702d From Kohki Ohhira: fix some memory leaks, when malloc fails or when peer sends invalid proposal. 2008-07-22 13:25:18 +00:00
vanhu
754d7776f7 fixed some memory leaks, when malloc fails or when peer sends invalid proposals 2008-07-22 13:25:17 +00:00
mgrooms
fd9755072f Add an optional radius configuration section to the racoon.conf file. This 
is similar to the the LDAP configuration section and overrides settings in
the system radius configuration file.
 2008-07-22 01:30:02 +00:00
tron
0cc0bec23e Correct typo to fix the build. 2008-07-21 09:43:03 +00:00
tteras
ca3b7c5a9f Separate generic vendor id handling to a new function and use it. 2008-07-21 06:26:06 +00:00
tteras
7a1c3cb1b8 Do not set default gss id if xauth is used, otherwise gss-id attribute 
might be sent even if it was not requested.
 2008-07-21 06:24:29 +00:00
mgrooms
879eeb1025 Fix an a typo that prevented racoon from building with hybrid enabled. 2008-07-15 02:16:58 +00:00
mgrooms
6353d50296 Update changelog which was missed in my previous commit. 2008-07-15 00:53:36 +00:00
mgrooms
8f0b3482bc Fix a conflict with the FreeBSD 8 system hexdump function. 2008-07-15 00:47:09 +00:00
tteras
56a42db6a6 Handle RESPONDER-LIFETIME notification in quick mode. 2008-07-14 05:45:15 +00:00
tteras
583275a951 Clean up notification payload handling. Handle INITIAL-CONTACT notification 
in last main mode exchange (delayed) and during quick mode exchanges.
 2008-07-14 05:40:13 +00:00
tteras
75bc4bd6cd Original patch from Atis Elsts: 
Fix a double memory free and a memory corruption (LIST_REMOVE() on
an uninserted node) in some error handling paths.
 2008-07-11 08:02:06 +00:00
tteras
7f51b6fe42 From Chong Peng: 
fix a file descriptor and memory leak on configuration file reread
 2008-07-09 12:16:50 +00:00
vanhu
d20c6ed916 From Timo Teras: fix some %d to %zu (size_t values) 2008-07-02 14:46:27 +00:00
vanhu
874968c865 fixed some %d to %zu (size_t values) 2008-07-02 14:46:26 +00:00
christos
a494eea816 Add an ifdef to disable the AES_CTR_MT cipher because static binaries don't 
work with -pthread, and /rescue is linked against libssh.
 2008-06-23 14:51:31 +00:00
christos
80a665de90 Add the HPN patch for ssh: 
http://www.psc.edu/networking/projects/hpn-ssh/
 2008-06-22 15:42:50 +00:00
wiz
bf3ddb193b Bump date for previous. 2008-06-18 07:40:16 +00:00
mgrooms
93c1205f96 Add an admin port command to retrieve the peer certificate. Submitted by Timo Teras. 2008-06-18 07:12:04 +00:00
mgrooms
c47cb1615c Add an admin port command to retrieve the peer certificate. Submitted by 
Timmo Teras.
 2008-06-18 07:12:03 +00:00
mgrooms
01e8cc1e5d Set sockets to be closed on exec to avoid potential file descriptor inheritance issues. Submitted by Timo Teras. 2008-06-18 07:04:23 +00:00
mgrooms
5d397c5ba5 Set sockets to be closed on exec to avoid potential file descriptor 
inheritance issues. Submitted by Timmo Teras.
 2008-06-18 07:04:22 +00:00
mgrooms
7598372e37 Use utility functions to evaluate and manipulate network port values. No functional changes. Submitted by Timo Teras. 2008-06-18 06:47:25 +00:00
mgrooms
2c40396f3a Use utility functions to evaluate or manipulate network port values. No 
functional changes. Submitted by Timmo Teras.
 2008-06-18 06:47:24 +00:00
mgrooms
7dac642960 Admin port code cleanup. No functional changes. Submitted by Timo Teras. 2008-06-18 06:27:49 +00:00
mgrooms
18fc645e9a Admin port code cleanup. No functional changes. Submitted by Timmo Teras. 2008-06-18 06:27:48 +00:00
mgrooms
9345b05cc4 Correct a phase2 status event. Submitted by Timo Teras. 2008-06-18 06:11:38 +00:00
mgrooms
b163716d45 Correct a phase2 status event. Submitted by Timmo Teras. 2008-06-18 06:11:37 +00:00
tls
f5792c6ee8 Apply patch from Darryl Miles which adjusts SSL_shutdown's behavior for 
non-blocking BIOs so that it is sane -- so that, in other words, -1 with
a meaningful library error code (WANT_READ or WANT_WRITE) is returned
when we would block for I/O.  Without this change, you have to sleep or
spin -- you can't know how to put the underlying socket in your select
or poll set.

Patch from http://marc.info/?l=openssl-dev&m=115154030723033&w=2 and
rationale at http://marc.info/?l=openssl-dev&m=115153998821797&w=2 where
sadly they were overlooked by the OpenSSL team for some time.  It is hoped
that now that we've brought this change to their attention they will
integrate it into their sources and we can lose the local change in
NetBSD.
 2008-06-10 19:45:00 +00:00
tonnerre
31197b7671 Fix two Denial of Service vulnerabilities in OpenSSL: 
- Fix flaw if server key exchange message is omitted from a TLS handshake
   which could lead to a silent crash.
 - Fix double free in TLS server name extensions which could lead to a
   remote crash.

Fixes CVE-2008-1672.
 2008-06-05 15:30:10 +00:00
christos
90318d80f4 PR/38728: Tomoyuki Okazaki: Enable Camellia 2008-05-26 16:39:45 +00:00
christos
a41e5a83be Add coverity alloc comment. 2008-05-24 20:07:00 +00:00
christos
cfb67f710f add a coverity alloc comment. 2008-05-24 20:05:52 +00:00
christos
e520f14ae6 Coverity CID 5003: Fix memory leak. 2008-05-24 20:00:07 +00:00
christos
e3ee1b22da Coverity CID 5004: Fix double free. 2008-05-24 19:58:01 +00:00
christos
78dc0fbbfc Add a coverity alloc comment. 2008-05-24 19:54:43 +00:00
christos
13ebcc71fb Add a coverity alloc comment 2008-05-24 19:52:36 +00:00
christos
c2e438738f Coverity CID 5007: Avoid double free. 2008-05-24 19:48:27 +00:00
christos
677bd71b1f Add a coverity allocation comment. 2008-05-24 19:46:32 +00:00
christos
66009f62a3 Coverity CID 5010: Avoid buf[-1] = '\0' on error. 2008-05-24 19:32:28 +00:00
christos
aa3b40a116 Coverity CID 5018: Fix double frees. 2008-05-24 18:39:40 +00:00
christos
b6c10a6fe5 avoid using free_func as an argument because it is already a typedef. 2008-05-10 16:52:05 +00:00
christos
33d34d249c fix version string 2008-05-09 22:10:19 +00:00
christos
2149db96e3 resolve conflicts 2008-05-09 21:49:39 +00:00