Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
151,450 Commits 606 Branches 0 Tags 3.1 GiB
e2a943b3df
Commit Graph

940 Commits

Author SHA1 Message Date
vanhu
e2a943b3df From Yves-Alexis Perez: struct ip -> struct iphdr for Linux 2006-09-25 17:42:08 +00:00
vanhu
0fa07a8062 struct ip -> struct iphdr for Linux 2006-09-25 17:42:07 +00:00
manu
1127a06ee3 style (mostly for testing ipsec-tools-commits@netbsd.org) 2006-09-25 05:08:52 +00:00
manu
22ddfb23b1 Fix double free, from Matthew Grooms 2006-09-25 04:49:39 +00:00
vanhu
542839bac0 credit 2006-09-21 09:43:47 +00:00
vanhu
3c6750b831 use sysdep_sa_len to make it compile on Linux 2006-09-21 09:42:08 +00:00
wiz
a7c4d7d4ac Bump date for ike_frag force. 2006-09-19 18:55:11 +00:00
wiz
a5dc6b2e53 New sentence, new line. 2006-09-19 18:54:39 +00:00
wiz
5f831f347b Remove trailing whitespace. 2006-09-19 18:53:12 +00:00
vanhu
efd02bc82c From Yves-Alexis Perez: fixes default value for encmodesv in set_proposal_from_policy() 2006-09-19 16:02:10 +00:00
vanhu
60cd4fed98 fixed default value for encmodesv in set_proposal_from_policy() 2006-09-19 16:02:09 +00:00
vanhu
51065440a5 various commits 2006-09-19 07:51:44 +00:00
vanhu
7ea7300ed8 always include some headers, as they are required even without NAT-T 2006-09-19 07:51:37 +00:00
vanhu
a2afb48bcf From Larry Baird: define SADB_X_EALG_AESCBC as SADB_X_EALG_AES if needed 2006-09-19 07:51:31 +00:00
vanhu
478aed1af7 From Larry Baird: some printf() -> plog() 2006-09-19 07:51:27 +00:00
manu
c18d9daa6a From Matthew Grooms: 
ike_frag force option to force the use of IKE on first packet exchange
(prior to peer consent)
 2006-09-18 20:32:40 +00:00
vanhu
504b73aa2f removed generated files from the CVS 2006-09-18 09:11:06 +00:00
vanhu
3992c65302 removed generated files from the CVS 2006-09-18 08:43:00 +00:00
vanhu
90cc2f12b1 removed generated files from the CVS 2006-09-18 08:13:46 +00:00
manu
f291901204 From Matthew Grooms: 
handle IKE frag used in the first packet. That should not normally happen,
as the initiator does not know yet if the responder can handle IKE frag.
However, in some setups, the first packet is too big to get through, and
assuming the peer supports IKE frag is the only way to go.

racoon should have a setting in the remote section to do taht (something
like ike_frag force)
 2006-09-18 08:05:47 +00:00
manu
5a85c00571 Trivial bugfix in RFC2407 4.6.2 conformance, from Matthew Grooms 2006-09-16 04:31:38 +00:00
manu
2b7658dc54 Fix build on Linux 2006-09-15 09:40:44 +00:00
manu
c8214a0a83 Migration of ipsec-tools to NetBSD CVS part 2: resolving the import conflicts. 
Since we previously had a release branch and we import here the HEAD of CVS,
let's assume all local changes are to be dumped. Local patches should have
been propagated upstream, anyway.
 2006-09-09 16:22:08 +00:00
manu
e3de131b63 Migrate ipsec-tools CVS to cvs.netbsd.org 2006-09-09 16:11:26 +00:00
adrianp
8d13789c5a Apply the third version of the patch from OpenSSL to address this issue. 
- Rollback the updates for rsa.h, rsa_eay.c and rsa_err.c as they were
  not necessary to address this vulnerability.
- Small update to the patch for rsa_sign.c for backward compatability so
  the same patch can be applied to 0.9.[6-9]
 2006-09-06 22:47:11 +00:00
christos
90f5d4a3e0 Apply patch-CVE-2006-4339.txt 
Daniel Bleichenbacher recently described an attack on PKCS #1 v1.5
signatures. If an RSA key with exponent 3 is used it may be possible
to forge a PKCS #1 v1.5 signature signed by that key. Implementations
may incorrectly verify the certificate if they are not checking for
excess data in the RSA exponentiation result of the signature.

Since there are CAs using exponent 3 in wide use, and PKCS #1 v1.5 is
used in X.509 certificates, all software that uses OpenSSL to verify
X.509 certificates is potentially vulnerable, as well as any other use
of PKCS #1 v1.5. This includes software that uses OpenSSL for SSL or
TLS.
 2006-09-05 12:24:08 +00:00
wiz
85f4c6eabf Pull over OpenBSD v1.97, forwarded by jmc@openbsd: 
avoid confusing wording in HashKnownHosts:

originally spotted by alan amesbury;
ok deraadt
 2006-08-10 00:34:32 +00:00
dogcow
444e690921 Remove various dotfiles that wandered their way in. 2006-06-18 08:59:39 +00:00
ginsbach
a697e6653a Adapt to new return value from socket(2) for an unsupported 
protocol/address family.
 2006-06-14 15:36:00 +00:00
christos
ed56312e8a resolve conflicts. 2006-06-03 01:50:19 +00:00
christos
387e0d89ab ftp www.openssl.org 2006-06-03 01:43:51 +00:00
christos
b8b11c345a ftp www.openssl.org 2006-06-03 01:39:48 +00:00
oster
4f500646a9 Add a missing ')' to fix the example code. Already fixed in openssl upstream. 2006-05-24 16:44:34 +00:00
christos
d46617757a XXX: GCC uninitialized variable 2006-05-14 02:40:03 +00:00
christos
b943fcf792 XXX: GCC uninitialized variables 2006-05-14 02:17:32 +00:00
mrg
f8418c0954 use socklen_t where appropriate. 2006-05-11 11:54:14 +00:00
mrg
54e9f4ccbc wait_until_can_do_something() wants u_int * for it's 4th argument. 2006-05-11 09:27:06 +00:00
mrg
965a873335 avoid lvalue casts. 2006-05-11 00:05:45 +00:00
mrg
4d2c417597 quell GCC 4.1 uninitialised variable warnings. 
XXX: we should audit the tree for which old ones are no longer needed
after getting the older compilers out of the tree..
 2006-05-11 00:04:07 +00:00
mrg
084c052803 quell GCC 4.1 uninitialised variable warnings. 
XXX: we should audit the tree for which old ones are no longer needed
after getting the older compilers out of the tree..
 2006-05-10 21:53:14 +00:00
mrg
0c37c63edc change (mostly) int to socklen_t. GCC 4 doesn't like that int and 
socklen_t are different signness.
 2006-05-09 20:18:05 +00:00
tsutsui
4cd8515cfc Add a NetBSD RCS ID. 2006-04-15 13:43:11 +00:00
wiz
83620ded04 Remove references to KerberosIV. 2006-03-23 19:58:03 +00:00
elad
504a2dd02c Pull in from djm@OpenBSD: 
remove IV support from the CRC attack detector, OpenSSH has never used
it - it only applied to IDEA-CFB, which we don't support.

Thanks to deraadt@OpenBSD for looking into this one.
 2006-03-22 23:04:39 +00:00
christos
e13746b11b Fix krb4 compilation (although krb4 is removed, this leaves the code compiling) 2006-03-21 00:01:29 +00:00
elad
dc4926056e plug leak, coverity cid 2014. 2006-03-20 16:42:34 +00:00
elad
204152ace9 plug leak, coverity cid 2027. 2006-03-20 16:41:46 +00:00
elad
04b503af06 plug leaks, coverity cids 2030, 2031. 2006-03-20 16:40:25 +00:00
elad
3a008ccc30 plug leak, coverity cid 2019. 2006-03-20 16:39:05 +00:00
elad
9266948705 plug leaks, coverity cids 2012, 2013. 2006-03-20 16:36:31 +00:00