openbsd
10 years ago(void) cast a snprintf() call that cannot truncate
gilles [Sat, 19 Apr 2014 16:26:23 +0000 (16:26 +0000)]
(void) cast a snprintf() call that cannot truncate

10 years agoAdd missing description for IPv6 mtudisctimeout sysctl and
logan [Sat, 19 Apr 2014 16:20:08 +0000 (16:20 +0000)]
Add missing description for IPv6 mtudisctimeout sysctl and
rework the wording for both IPv4 and IPv6.

OK from sthen@, henning@ and claudio@

10 years agoDead stores in subr_hibernate.c
mlarkin [Sat, 19 Apr 2014 16:19:07 +0000 (16:19 +0000)]
Dead stores in subr_hibernate.c

10 years agotruncation check some snprintf calls (over-cautiously in case)
deraadt [Sat, 19 Apr 2014 16:18:22 +0000 (16:18 +0000)]
truncation check some snprintf calls (over-cautiously in case)
ok jsing beck

10 years agocan't actually do this. cause unknown.
tedu [Sat, 19 Apr 2014 16:12:39 +0000 (16:12 +0000)]
can't actually do this. cause unknown.

10 years agobye bye
henning [Sat, 19 Apr 2014 16:08:14 +0000 (16:08 +0000)]
bye bye

10 years agouse "!received-on any" to absolutely ensure that we're not forwarding
henning [Sat, 19 Apr 2014 16:07:09 +0000 (16:07 +0000)]
use "!received-on any" to absolutely ensure that we're not forwarding
carp, rpc or nfs traffic in the initial ruleset active during network
startup for a short time (or a much longer time if /etc/pf.conf is
screwed up). ok phessler

10 years agodisgusting altq compat hack goes away
henning [Sat, 19 Apr 2014 16:02:17 +0000 (16:02 +0000)]
disgusting altq compat hack goes away

10 years agoaltq includes are gone
henning [Sat, 19 Apr 2014 16:01:36 +0000 (16:01 +0000)]
altq includes are gone
yes, we normally leave this for theo, but this triggered my final
"any altq bits left" check and I had to wait for a build anyway...

10 years agostop installing altq includes
henning [Sat, 19 Apr 2014 15:58:56 +0000 (15:58 +0000)]
stop installing altq includes

10 years agonow that if_snd is a proper ifqueue, this cast dies
henning [Sat, 19 Apr 2014 15:58:12 +0000 (15:58 +0000)]
now that if_snd is a proper ifqueue, this cast dies

10 years agoifnet's if_snd becomes a regular ifqueue instead of ifaltq, the need to
henning [Sat, 19 Apr 2014 15:57:25 +0000 (15:57 +0000)]
ifnet's if_snd becomes a regular ifqueue instead of ifaltq, the need to
keep ifqueue and ifaltq in sync is gone and thus the comment obsolete,
and finally there is no more need to include if_altq.h either

10 years agominus altq tentacles, plus missing IF_DROP here as well
henning [Sat, 19 Apr 2014 15:54:39 +0000 (15:54 +0000)]
minus altq tentacles, plus missing IF_DROP here as well

10 years agoTry to be clear why struct mrt_config nodes are allocated and
claudio [Sat, 19 Apr 2014 15:43:17 +0000 (15:43 +0000)]
Try to be clear why struct mrt_config nodes are allocated and
assigned to struct mrt pointers. I may need to rethink this later
but lets hope this does not confuse more people and analyzers.

10 years agoFix some serious pointer-arithmatic-magic-number-unchecked-return eyebleed
beck [Sat, 19 Apr 2014 15:37:35 +0000 (15:37 +0000)]
Fix some serious pointer-arithmatic-magic-number-unchecked-return eyebleed
that I stumbled into here and got stuck with.  If modern society can get past
selling daughters for cows, surely we can decide to write modern C code in
an "application" that is probably 3 lines of shell/python/cgi away from
talking to the internet in a lot of places.. (This file still needs a lot
more love though)
"oh god yuck" deraadt@
ok tedu@

10 years agoKNF.
jsing [Sat, 19 Apr 2014 15:30:17 +0000 (15:30 +0000)]
KNF.

10 years agosync
deraadt [Sat, 19 Apr 2014 15:29:35 +0000 (15:29 +0000)]
sync

10 years agoRepair some indent to be more KNF, and break instead of fallthrough to
deraadt [Sat, 19 Apr 2014 15:27:10 +0000 (15:27 +0000)]
Repair some indent to be more KNF, and break instead of fallthrough to
default which does break

10 years agoone small tweak to avoid ever going off the end of a string.
tedu [Sat, 19 Apr 2014 15:19:20 +0000 (15:19 +0000)]
one small tweak to avoid ever going off the end of a string.

10 years agoimproved checking for invalid hashes. from solar designer
tedu [Sat, 19 Apr 2014 15:17:59 +0000 (15:17 +0000)]
improved checking for invalid hashes. from solar designer

10 years agoOnce great men lived here... giants... gods... once, but long ago.
tedu [Sat, 19 Apr 2014 14:58:50 +0000 (14:58 +0000)]
Once great men lived here... giants... gods... once, but long ago.

10 years agothe valkyries have come for rsh as well
tedu [Sat, 19 Apr 2014 14:56:17 +0000 (14:56 +0000)]
the valkyries have come for rsh as well

10 years agoDelete futile calls to RAND_seed. ok djm
tedu [Sat, 19 Apr 2014 14:53:48 +0000 (14:53 +0000)]
Delete futile calls to RAND_seed. ok djm

10 years agosigh, another driver fiddling with altq outside #ifdef ALTQ
henning [Sat, 19 Apr 2014 14:47:51 +0000 (14:47 +0000)]
sigh, another driver fiddling with altq outside #ifdef ALTQ

10 years agokill altq bits here as well
henning [Sat, 19 Apr 2014 14:39:26 +0000 (14:39 +0000)]
kill altq bits here as well

10 years ago(void) cast strlcpy() call that uses truncation as part of its parsing
gilles [Sat, 19 Apr 2014 14:37:45 +0000 (14:37 +0000)]
(void) cast strlcpy() call that uses truncation as part of its parsing
logic to extract at most sizeof buf - 1 bytes from source

10 years agoMore KNF.
jsing [Sat, 19 Apr 2014 14:36:35 +0000 (14:36 +0000)]
More KNF.

10 years ago(void) cast a strlcpy that cannot truncate
gilles [Sat, 19 Apr 2014 14:32:03 +0000 (14:32 +0000)]
(void) cast a strlcpy that cannot truncate

10 years ago(void) cast strlcpy/strlcat/snprintf calls that cannot truncate
gilles [Sat, 19 Apr 2014 14:27:29 +0000 (14:27 +0000)]
(void) cast strlcpy/strlcat/snprintf calls that cannot truncate

10 years agoremove altq bits here, too
henning [Sat, 19 Apr 2014 14:22:32 +0000 (14:22 +0000)]
remove altq bits here, too
(i was convinced i committed that yesterday already, hrm)

10 years ago(void) cast strlcpy() calls that cannot truncate
gilles [Sat, 19 Apr 2014 14:21:26 +0000 (14:21 +0000)]
(void) cast strlcpy() calls that cannot truncate

10 years ago(void) cast strlcat() and snprintf() that cannot truncate
gilles [Sat, 19 Apr 2014 14:19:17 +0000 (14:19 +0000)]
(void) cast strlcat() and snprintf() that cannot truncate

be a bit more strict with an strlcat() truncation by causing it to fail in
table_create() instead of later in parse.y - in both cases, this would
cause smtpd to fatal() at startup if a table has a config file too large

10 years ago(void) cast strlcpy() calls that cannot truncate
gilles [Sat, 19 Apr 2014 14:11:55 +0000 (14:11 +0000)]
(void) cast strlcpy() calls that cannot truncate

10 years ago(void) cast a snprintf() call that can't possibly truncate unless we
gilles [Sat, 19 Apr 2014 14:09:19 +0000 (14:09 +0000)]
(void) cast a snprintf() call that can't possibly truncate unless we
suddenly supported a cipher with a name that's > 200 bytes long ...
... in which case harmless truncation would occur and we'd have to
readjust our buffer

10 years agoFix display of destination IP when host is an IP address.
florian [Sat, 19 Apr 2014 14:06:10 +0000 (14:06 +0000)]
Fix display of destination IP when host is an IP address.
Pointed out by and OK benno@

10 years ago(void) cast snprintf calls that cannot truncate
gilles [Sat, 19 Apr 2014 14:00:45 +0000 (14:00 +0000)]
(void) cast snprintf calls that cannot truncate

10 years ago(void) cast a strlcpy() that cannot truncate
gilles [Sat, 19 Apr 2014 13:57:17 +0000 (13:57 +0000)]
(void) cast a strlcpy() that cannot truncate
(void) cast a few snprintf()/strlcat() that cannot truncate and that would
be harmless if they could

10 years ago(cast) void two strlcpy() and a snprintf() that cannot truncate
gilles [Sat, 19 Apr 2014 13:52:49 +0000 (13:52 +0000)]
(cast) void two strlcpy() and a snprintf() that cannot truncate

10 years ago(void) cast strlcpy/strlcat/snprintf calls that cannot truncate (and would
gilles [Sat, 19 Apr 2014 13:51:24 +0000 (13:51 +0000)]
(void) cast strlcpy/strlcat/snprintf calls that cannot truncate (and would
       be harmless in this case if they could)

10 years agokill a stray \
deraadt [Sat, 19 Apr 2014 13:51:05 +0000 (13:51 +0000)]
kill a stray \

10 years ago(void) cast strlcpy/strlcat/snprintf that cannot truncate
gilles [Sat, 19 Apr 2014 13:48:57 +0000 (13:48 +0000)]
(void) cast strlcpy/strlcat/snprintf that cannot truncate

10 years ago(void) cast strlcpy() and snprintf() that cannot truncate
gilles [Sat, 19 Apr 2014 13:40:24 +0000 (13:40 +0000)]
(void) cast strlcpy() and snprintf() that cannot truncate

10 years ago(void) cast snprintf() and strlcat() calls that cannot truncate
gilles [Sat, 19 Apr 2014 13:35:51 +0000 (13:35 +0000)]
(void) cast snprintf() and strlcat() calls that cannot truncate

10 years ago(void) cast strlcpy() / strlcat() / snprintf() that cannot truncate
gilles [Sat, 19 Apr 2014 13:32:07 +0000 (13:32 +0000)]
(void) cast strlcpy() / strlcat() / snprintf() that cannot truncate

(void) cast a few calls that are ok to truncate because they are not used
in anything critical / unsafe, but just to make some debug/info logs a bit
more informative

10 years agoLacking a proof that--for this implementation--exposure of Montgomery
guenther [Sat, 19 Apr 2014 13:31:24 +0000 (13:31 +0000)]
Lacking a proof that--for this implementation--exposure of Montgomery
multiplication or RSA blinding parameters doesn't permit retroactive
timing analysis of the secrets, we'll do the stupidly cheap thing and
cleanse them before freeing them.

ok deraadt@

10 years agoMore KNF.
jsing [Sat, 19 Apr 2014 13:29:11 +0000 (13:29 +0000)]
More KNF.

10 years ago(void) cast some strlcat() calls that cannot truncate
gilles [Sat, 19 Apr 2014 13:18:14 +0000 (13:18 +0000)]
(void) cast some strlcat() calls that cannot truncate
add a few fatalx() calls at places where it shouldn't fail, we'll assess
which one may be relaxed later as this code is not finished nor plugged
yet.

10 years agoRemove hacky workaround for Cray T3E.
deraadt [Sat, 19 Apr 2014 13:13:01 +0000 (13:13 +0000)]
Remove hacky workaround for Cray T3E.
ok guenther

10 years agoMore KNF.
jsing [Sat, 19 Apr 2014 13:11:41 +0000 (13:11 +0000)]
More KNF.

10 years agooops, typo got into change
deraadt [Sat, 19 Apr 2014 13:09:11 +0000 (13:09 +0000)]
oops, typo got into change

10 years agoadd missing checks to strlcpy() when copying envelope "destination" buffer
gilles [Sat, 19 Apr 2014 13:07:56 +0000 (13:07 +0000)]
add missing checks to strlcpy() when copying envelope "destination" buffer
to the mda delivery buffer. we should never hit these unless we mistakenly
change the value of a define, better be safe than sorry.

(void) cast strlcpy/strlcat that cannot truncate or that we know and want
to truncate rather than lose (informative data not used by smtpd but
intended to help the human reading the log)

10 years agoshrink pf by 445 lines.
henning [Sat, 19 Apr 2014 12:59:53 +0000 (12:59 +0000)]
shrink pf by 445 lines.
while there, get rid of the altq ioctls and assciated now obsolete code

10 years agowhen receiving mail for user+tag@ and maildir is setup, we create a .tag
gilles [Sat, 19 Apr 2014 12:55:23 +0000 (12:55 +0000)]
when receiving mail for user+tag@ and maildir is setup, we create a .tag
subdirectory in the maildir, add missing check to strlcat() so that if path
with .tag exceeds SMTPD_MAXPATHLEN we fail instead of creating a .tag dir
that's truncated.

(void) cast strlcpy()/strlcat() that cannot truncate

10 years agoMore KNF.
jsing [Sat, 19 Apr 2014 12:51:01 +0000 (12:51 +0000)]
More KNF.

10 years ago(void) cast strlcat(), they can't truncate
gilles [Sat, 19 Apr 2014 12:48:54 +0000 (12:48 +0000)]
(void) cast strlcat(), they can't truncate

10 years agounchecked strlcat() call in expand_to_text() may cause aliases expansion to
gilles [Sat, 19 Apr 2014 12:43:19 +0000 (12:43 +0000)]
unchecked strlcat() call in expand_to_text() may cause aliases expansion to
fail later, make it fail early.

(void) cast other calls, they are detected and handled correctly later

10 years agoAdd missing man page descriptions for the following IPv6 sysctls:
logan [Sat, 19 Apr 2014 12:42:50 +0000 (12:42 +0000)]
Add missing man page descriptions for the following IPv6 sysctls:

-maxdynroutes
-maxifprefixes
-maxifdefrouters
-neighborgcthresh

OK from sthen@, claudio@ and henning@

10 years agomalloc + strlcpy -> strdup
deraadt [Sat, 19 Apr 2014 12:36:03 +0000 (12:36 +0000)]
malloc + strlcpy -> strdup

10 years ago(void) cast strlcpy(), it cannot truncate
gilles [Sat, 19 Apr 2014 12:30:54 +0000 (12:30 +0000)]
(void) cast strlcpy(), it cannot truncate
(void) cast strlcat(), they are detected and handled later

10 years agoremove the altq enable/attach and disable/detach bits
henning [Sat, 19 Apr 2014 12:27:59 +0000 (12:27 +0000)]
remove the altq enable/attach and disable/detach bits

10 years agobye bye altq bits
henning [Sat, 19 Apr 2014 12:27:06 +0000 (12:27 +0000)]
bye bye altq bits

10 years ago(void) cast this strlcpy(), it cannot truncate
gilles [Sat, 19 Apr 2014 12:26:15 +0000 (12:26 +0000)]
(void) cast this strlcpy(), it cannot truncate

10 years agoanother questionable "optimization": de used tulip_ifstart_one instead
henning [Sat, 19 Apr 2014 12:25:03 +0000 (12:25 +0000)]
another questionable "optimization": de used tulip_ifstart_one instead
of tulip_ifstart if the sendqueue was empty, but only if altq wasn't
compiled in (i. e., that's a _compile time_ decision and not based on
wether altq was actually used).
just use tulip_ifstart all the time, as before in our regular kernels.
kill tulip_ifstart_one completely.
makes sense to sthen

10 years agounifdef ENOTDIR, everyone has it
deraadt [Sat, 19 Apr 2014 12:22:37 +0000 (12:22 +0000)]
unifdef ENOTDIR, everyone has it

10 years agoremove very questionable altq "optimization" - claudio and I can't
henning [Sat, 19 Apr 2014 12:18:35 +0000 (12:18 +0000)]
remove very questionable altq "optimization" - claudio and I can't
convince ourselves that that was right to begin with. anyway, begone.

10 years agoall I wanted to do is removing the altq special casing, but then it turned
henning [Sat, 19 Apr 2014 12:12:02 +0000 (12:12 +0000)]
all I wanted to do is removing the altq special casing, but then it turned
out the entire codepath is unreachable. glad I'm not our ppp maintainer, he
has work to do.
kill that unreachable code, with & ok claudio

10 years agoremove altq special casing.
henning [Sat, 19 Apr 2014 12:08:10 +0000 (12:08 +0000)]
remove altq special casing.
big WTF regarding the fastq use there while verifying w/ claudio, but
that's for the ppp maintainer and unrelated

10 years agoDon't panic if we're trying to disestablish an MSI but the hardware is gone.
kettenis [Sat, 19 Apr 2014 11:53:42 +0000 (11:53 +0000)]
Don't panic if we're trying to disestablish an MSI but the hardware is gone.

tested by & ok mlarkin@

10 years agoWe'll interpret a (void) cast on snprintf() to mean it's been verified that
guenther [Sat, 19 Apr 2014 11:43:07 +0000 (11:43 +0000)]
We'll interpret a (void) cast on snprintf() to mean it's been verified that
truncation is either desirable, not an issue, or is detected and handled later

ok deraadt@

10 years agothese strlcpy can't truncate, the copy is from a buffer to a buffer of same
gilles [Sat, 19 Apr 2014 11:41:49 +0000 (11:41 +0000)]
these strlcpy can't truncate, the copy is from a buffer to a buffer of same
size and the first buffer handles the truncation already

10 years agobye bye
henning [Sat, 19 Apr 2014 11:38:13 +0000 (11:38 +0000)]
bye bye

10 years agocast (void) this strlcpy(), it can't fail copying a small constant string
gilles [Sat, 19 Apr 2014 11:31:06 +0000 (11:31 +0000)]
cast (void) this strlcpy(), it can't fail copying a small constant string
into a much larger buffer

10 years agoUse somewhat harsher language and better examples; demonstrate that
deraadt [Sat, 19 Apr 2014 11:30:40 +0000 (11:30 +0000)]
Use somewhat harsher language and better examples; demonstrate that
non-dangerous use functions is difficult.
ok guenther

10 years agowhen copying socket path, check that we didnt truncate it which would cause
gilles [Sat, 19 Apr 2014 11:29:06 +0000 (11:29 +0000)]
when copying socket path, check that we didnt truncate it which would cause
the following connect() to fail.

10 years agothe altq versions of the IFQ_* macros can finally go. chances of this
henning [Sat, 19 Apr 2014 11:26:10 +0000 (11:26 +0000)]
the altq versions of the IFQ_* macros can finally go. chances of this
file becoming readable increase.

10 years agoDemonstrate correct usage of snprintf (regarding overflow detection)
deraadt [Sat, 19 Apr 2014 11:21:15 +0000 (11:21 +0000)]
Demonstrate correct usage of snprintf (regarding overflow detection)
ok guenther

10 years agoSplit inet(3) into three pages by decade: 1980s -> inet_lnaof(3),
guenther [Sat, 19 Apr 2014 11:18:01 +0000 (11:18 +0000)]
Split inet(3) into three pages by decade: 1980s -> inet_lnaof(3),
1990s -> inet_addr(3), 2000s and beyond -> inet_ntop(3).

ok tedu@ (who also noted the timeline) deraadt@ jmc@

10 years agoit's ok for strlcpy to fail here though it can't, cast void
gilles [Sat, 19 Apr 2014 11:17:14 +0000 (11:17 +0000)]
it's ok for strlcpy to fail here though it can't, cast void

10 years agoegd is gone
deraadt [Sat, 19 Apr 2014 11:15:37 +0000 (11:15 +0000)]
egd is gone

10 years ago /*
henning [Sat, 19 Apr 2014 11:01:37 +0000 (11:01 +0000)]
   /*
        * altq for loop is just for debugging.
        * only used when called for loop interface (not for
        * a simplex interface).
        */
bye bye!

10 years agoThe internal ssl2_* functions and variables are gone
guenther [Sat, 19 Apr 2014 10:59:54 +0000 (10:59 +0000)]
The internal ssl2_* functions and variables are gone

10 years agoMore KNF.
jsing [Sat, 19 Apr 2014 10:54:26 +0000 (10:54 +0000)]
More KNF.

10 years agoAdd SSL_OP_NO_TLSv1_1 and SSL_OP_NO_TLSv1_2
guenther [Sat, 19 Apr 2014 10:51:37 +0000 (10:51 +0000)]
Add SSL_OP_NO_TLSv1_1 and SSL_OP_NO_TLSv1_2
Document that SSL_OP_NO_SSLv2 is a no-op now

10 years ago-option ALTQ
henning [Sat, 19 Apr 2014 10:07:44 +0000 (10:07 +0000)]
-option ALTQ
ALTQ has served us well for years and was extremely important not just for
us, but for the entire bandwidth management arena. Back when we got altq,
the subject was not yet well researched and understood, which is why altq
is the framework with pluggable schedulers it is. Kenjiro Cho (kjc@) did an
amazing job there.
Now, more than 10 years later, we do have a good understanding and can use
a simpler framework with just one priority queueing and one bandwidth
shaping mechanism each - the new queueing subsystem. Last not least because
it is incredibly painful to maintain both in parallel, it is time for altq
to depart. Farewell, thanks for many years of good service. Everybody
using any form of "not just fifo" queueing owes Kenjiro a lot. At least
buy him a beer when you meet him.
And, allow me this personal note, thanks Kenjiro, working with you on the
topic has always been a great pleasure and I learned a lot from you. Thanks!

10 years agouse an appropriate name for this variable.
sobrado [Sat, 19 Apr 2014 09:28:20 +0000 (09:28 +0000)]
use an appropriate name for this variable.

ok millert@

10 years agodo not mark od(1) as deprecated.
sobrado [Sat, 19 Apr 2014 09:24:28 +0000 (09:24 +0000)]
do not mark od(1) as deprecated.

ok jmc@, millert@

10 years agoMore KNF and style consistency tweaks
guenther [Sat, 19 Apr 2014 08:52:32 +0000 (08:52 +0000)]
More KNF and style consistency tweaks

10 years agotiny fix: Remove duplicate rows, they appeared after importing less 444
shadchin [Sat, 19 Apr 2014 07:28:00 +0000 (07:28 +0000)]
tiny fix: Remove duplicate rows, they appeared after importing less 444
suggested Daniel Dickman

10 years agoMore KNF.
jsing [Sat, 19 Apr 2014 07:20:59 +0000 (07:20 +0000)]
More KNF.

10 years agoMore KNF.
jsing [Sat, 19 Apr 2014 06:43:34 +0000 (06:43 +0000)]
More KNF.

10 years agoMore KNF.
jsing [Sat, 19 Apr 2014 06:15:56 +0000 (06:15 +0000)]
More KNF.

10 years agomissing wildcard; pointed out by naddy@
djm [Sat, 19 Apr 2014 05:54:59 +0000 (05:54 +0000)]
missing wildcard; pointed out by naddy@

10 years agomove scsi_xs_put after checks that use fields in the xs
jmatthew [Sat, 19 Apr 2014 05:05:43 +0000 (05:05 +0000)]
move scsi_xs_put after checks that use fields in the xs

ok dlg@

10 years agoimplement emc_mpath_checksense() according to what my cx500 throws.
dlg [Sat, 19 Apr 2014 05:00:06 +0000 (05:00 +0000)]
implement emc_mpath_checksense() according to what my cx500 throws.

tested by jmatthew@

10 years agoTwo minor tweaks regarding the fallback from -u/-d to default mode:
schwarze [Sat, 19 Apr 2014 02:55:44 +0000 (02:55 +0000)]
Two minor tweaks regarding the fallback from -u/-d to default mode:
(1) Use all files found on the command line, but do *not* use all stray
files found during fallback tree recursion.
(2) If the fallback works, call that success, i.e. exit(0).
As pointed out by naddy@, the latter is required for ports' happiness.

10 years agoProperly handle symlinks (hardlinks and .so only files were already ok):
schwarze [Sat, 19 Apr 2014 02:29:12 +0000 (02:29 +0000)]
Properly handle symlinks (hardlinks and .so only files were already ok):
Use the file name of the symlink but the inode number of the file pointed to,
such that we get multiple mlinks records but not multiple mpages records.
Also make sure they do not point outside the tree we are processing.

Issue found by kili@ in desktop-file-edit(1), thanks!

10 years agouse intrinsic strlcpy and strlcat everywhere so we only have one set of
beck [Sat, 19 Apr 2014 00:41:37 +0000 (00:41 +0000)]
use intrinsic strlcpy and strlcat everywhere so we only have one set of
funcitons to check for incorrect use. keep BUF_strlcpy and BUF_strlcat
for API comptibility only.
ok tedu@

10 years agoOpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections
djm [Fri, 18 Apr 2014 23:52:25 +0000 (23:52 +0000)]
OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections
using the curve25519-sha256@libssh.org KEX exchange method to fail
when connecting with something that implements the spec properly.

Disable this KEX method when speaking to one of the affected
versions.

reported by Aris Adamantiadis; ok markus@

10 years agoOPENSSL_gmtime() is really just gmtime_r(); ok guenther
deraadt [Fri, 18 Apr 2014 23:42:00 +0000 (23:42 +0000)]
OPENSSL_gmtime() is really just gmtime_r(); ok guenther

10 years agosync
deraadt [Fri, 18 Apr 2014 23:19:01 +0000 (23:19 +0000)]
sync