| Age | Commit message (Collapse) | Author |
|---|
|
- consistently refer to Dentry.name length with NAMELEN
- make sure whoname is null terminated
- remove useless nil check for whoname
|
|
sprint() will replace invalid utf8 sequences with U+FFFD
which caused directory reads and stats to return the wrong
filename. just strcpy the name bytes.
|
|
|
|
|
|
|
|
|
|
the dynamic input buffer resize code (fillbuf()) is broken as
the calling code assumes that memory wont relocate. instead
of trying to work out all the cases where this happens, i'm
getting rid of fillbuf() and just read the whole file into
memory in setsource().
the bug could be reproduced with something as simple as:
@{for(i in `{seq 1 10000}){echo $i ', \'; }} | cpp
|
|
|
|
|
|
X509req() and X509gen() used to leak memory, and had no way for
the caller to free the allocated certificate/certificate request
buffer returned. this is not critical as these functions are only
used in short lived rsa(2) helper programs. but i prefer to have
library routines not leak memory as one does not know in advance
where the code is going to be used.
|
|
|
|
we used to negotiate tls1.1 for client cert authentication because the
signature generation was not implemented for tls1.2. this is now fixed
and tls1.2 can be negotiated with client certs.
|
|
|
|
it optional
|
|
accidents
|
|
non-rsa ciphers, fix memory leaks in X509 code
actually verify the diffie hellman parameter signature, this
comes in two flavours. TLS1.2 uses X509 signature with a
single hash specified by the signature algorithm field in
the signature itself and pre TLS1.2 where md5+sha1 hashes
of the signed blob are pkcs1 padded and encrypted with the
rsa private key.
stop advertizing non-rsa cipher suits (DSS and ECDSA), as
we have not implmenented them.
fix some memory leaks in X509 code while we'r at it.
|
|
|
|
|
|
<hr> is handled by drawing replicated bitmap across the with of
the page.
|
|
|
|
|
|
|
|
|
|
it in libdraw
libdraw was attempting to bind '#i' and '#m' to /dev when it could not find
/dev/mouse or /dev/draw. a library shouldnt be that clever and do namespace
manipulations on behalf of the caller. so instead, we setup the graphics
environment in screenrc on boot time.
|
|
|
|
|
|
|
|
|
|
|
|
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 cipher suits
|
|
---------- Forwarded message ----------
From: Charles Forsyth <charles.forsyth@gmail.com>
Date: 13 September 2015 at 12:38
Subject: fis bug
To: erik quanstrom <quanstro@quanstro.net>
geoff spotted something similar in sdiahci.c, but it's in libfis as well:
c[Flba24] = lba >> 24;
c[Flba32] = lba >> 32;
c[Flba40] = lba >> 48;
>> 48?? should be >> 40, especially with drive sizes getting up there.
|
|
TLS1.2 requires the client to send the list of supported
signature and hash algorithm pairs. some servers will simply
reject the client hello otherwise. note that we do not implement
any dh/ecdh param signature verification.
order the cipher list to strogest first. aes128 is actually more
secure than aes256.
|
|
|
|
when /env/timezone file is missing (boot case), copy /adm/timezone/local
to /env/timezone so localtime() can correct timezone offset.
|
|
|
|
|
|
|
|
|
|
tar used to infer compression type from the filenames extension, but when
no file name is given (stdin/stdout), the -z flag was ignored and no
compression filter applied. this changes tar to assume the default
gzip compression method when z is given and no file name is specified.
|
|
|
|
(thanks qrstuv)
these functions where undocumented and unused. especially
tprivfree() was buggy missing a unlock() call. theres not
much point in supporting these functions as theres
threaddata() and procdata().
|
|
|
|
|
|
for read case
processor might bring data speculatively into the cache,
before the dma completes.
|
|
even in the read case, we need to clean the cache
so the cpu will not flush out old changes while
the hardware updates the buffer.
|
|
this generates a disk image (to be written to usb or
sdmmc card) containing 9fat partition with kernel and
a hjfs filesystem partition with the 9front distribution.
this could be easily extended to generate raspberry pi
images as well, but i have no hardware to test.
|
|
|
|
|
|
read)
|
|
|
