Skip to content
Permalink
Tree: 8de5712f04
Commits on Jan 22, 2019
  1. flense more trailing whitespace

    phessler
    phessler committed Jan 22, 2019
  2. Increase max mtu to match the linux driver; tested against ixl, which…

    jmatthew committed Jan 22, 2019
    … can
    
    go larger still.
  3. Increase hardmtu to the maximum according to the datasheet and set th…

    jmatthew committed Jan 22, 2019
    …e rx
    
    packet size limit to match so jumbos actually work.  Larger packets are
    split across multiple buffers on the ring, so the buffers themselves stay
    the same size.
    
    ok dlg@
  4. remove trailing whitespace in the Laptop Package part of the license …

    phessler
    phessler committed Jan 22, 2019
    …text.
    
    no words or punctation were modified.
  5. sync

    botovq committed Jan 22, 2019
  6. Document SSL_get1_supported_ciphers(3) and SSL_get_client_ciphers(3).

    botovq committed Jan 22, 2019
    The text comes from OpenSSL, where it was still published under a
    free license.
    
    from schwarze
  7. Add a re-implementation of SSL_get1_supported_ciphers().

    botovq committed Jan 22, 2019
    Part of OpenSSL 1.1 API (pre-licence-change).
    
    input schwarze
    ok jsing
  8. Provide SSL_get_client_ciphers().

    botovq committed Jan 22, 2019
    Part of OpenSSL 1.1 API, pre-licence change.
    
    ok jsing
  9. Add missing symbols from the EC_KEY_METHOD port.

    botovq committed Jan 22, 2019
    Reported by bcook and sthen
  10. #ifdef video junk as required.

    deraadt
    deraadt committed Jan 22, 2019
  11. add support for xchacha20 and xchacha20-poly1305

    dlg
    dlg committed Jan 22, 2019
    xchacha is a chacha stream that allows for an extended nonce, which
    in turn makes it feasible to use random nonces.
    
    ok tb@
  12. Point people to ipcomp(4) instead of ipsecctl(8) for

    ajacoutot committed Jan 22, 2019
    net.inet.ipcomp.enable.
    
    ok deraadt@ bluhm@
Commits on Jan 21, 2019
  1. Warn user to reboot the machine when a new kernel is installed and le…

    ajacoutot committed Jan 21, 2019
    …t him know
    
    where to look on the local machine for errata (/var/syspatch) so one can decide
    if a reboot is needed.
    
    ok Theos (tb@ deraadt@)
  2. select(2), pselect(2), poll(2), ppoll(2): Support full timeout range.

    skotchandsoda committed Jan 21, 2019
    Remove the arbitrary and undocumented 24hr limits for timeouts from these
    interfaces.  To do so, loop tsleep(9) to chip away at timeouts larger than
    what tsleep(9) can handle in one call.
    
    Use timerisvalid(3)/timespecisvalid() for input validation instead of
    itimerfix()/timespecfix() to avoid the 100 million second upper bounds
    those functions introduce.
    
    POSIX requires support for timeouts of at least 31 days for select(2) and
    pselect(2), so these changes make our implementation more compliant.
    
    Other improvements here include better variable names for the time stuff
    and more consolidated timeout logic with less backwards goto jumping, all
    of which made dopselect() and doppoll() a bear to read.
    
    Naming improvements prompted by tedu@ in a prior patch for nanosleep(2).
    With input from deraadt@.  Validation bug spotted by matthew@ in an earlier
    version.
    
    ok visa@
  3. lenght -> length

    jonathangray committed Jan 21, 2019
  4. lenght -> length

    jonathangray committed Jan 21, 2019
  5. Add a -J option as a shortcut for -o Proxyjump= to scp(1) and sftp(1)

    botovq committed Jan 21, 2019
    to match ssh(1)'s interface.
    
    ok djm
  6. switch sntrup implementation source from supercop to libpqcrypto;

    djmdjm committed Jan 21, 2019
    the latter is almost identical but doesn't rely on signed underflow
    to implement an optimised integer sort; from markus@
  7. sometimes we don't call unveil_add, which means memory allocated by n…

    tedu
    tedu committed Jan 21, 2019
    …amei
    
    doesn't get freed. move the free calls into the same function as namei.
    fixed bug report from Dariusz Sendkowski
    ok beck
  8. a few tweaks

    tedu
    tedu committed Jan 21, 2019
  9. Add example showing a proper comparison function, as many examples show

    omoerbeek committed Jan 21, 2019
    the wrong idiom. ok tedu@ but probably needs some tweakin
  10. Document 'video' promise.

    landryb committed Jan 21, 2019
    looks fine to jmc@
  11. Add "video" promise.

    landryb committed Jan 21, 2019
    Allows a subset of ioctls on video(4) devices, subset selected from
    video(1) and firefox webrtc implementation.
    
    ok semarie@ deraadt@
  12. Introduce a dedicated entry point data structure for file locks. This…

    anton
    anton committed Jan 21, 2019
    … new data
    
    structure allows for better tracking of pending lock operations which is
    essential in order to prevent a use-after-free once the underlying vnode is
    gone.
    
    Inspired by the lockf implementation in FreeBSD.
    
    ok visa@
    
    Reported-by: syzbot+d5540a236382f50f1dac@syzkaller.appspotmail.com
  13. Move ssl_cipher_list_to_bytes() and ssl_bytes_to_cipher_list() to

    botovq committed Jan 21, 2019
    a more appropriately licenced file.  jsing and doug have rewritten
    these functions (including the comments) over the past years.
    
    ok jsing
  14. Provide the initial TLSv1.3 client implementation.

    4a6f656c committed Jan 21, 2019
    Move tls13_connect() to a new tls13_client.c file and provide a legacy
    wrapper to it, which allocates a struct tls_ctx if necessary. Also move
    tls13_client_hello_send() to tls13_client.c and actual implement the
    building of a client hello.
    
    ok tb@
Older
You can’t perform that action at this time.