summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--VERSION2
-rw-r--r--compat/getentropy_freebsd.c6
-rw-r--r--compat/getentropy_netbsd.c6
-rw-r--r--compat/getentropy_win.c27
-rw-r--r--m4/check-os-options.m42
-rw-r--r--man/Makefile.am36
6 files changed, 15 insertions, 64 deletions
diff --git a/VERSION b/VERSION
index 19ef286..8fe1da8 100644
--- a/VERSION
+++ b/VERSION
@@ -1,2 +1,2 @@
-3.2.2
+3.3.0
 
diff --git a/compat/getentropy_freebsd.c b/compat/getentropy_freebsd.c
index 30cd68e..ea90ffe 100644
--- a/compat/getentropy_freebsd.c
+++ b/compat/getentropy_freebsd.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: getentropy_freebsd.c,v 1.3 2016/08/07 03:27:21 tb Exp $	*/
+/*	$OpenBSD: getentropy_freebsd.c,v 1.4 2020/10/12 22:08:33 deraadt Exp $	*/
 
 /*
  * Copyright (c) 2014 Pawel Jakub Dawidek <pjd@FreeBSD.org>
@@ -32,11 +32,9 @@
 static size_t
 getentropy_sysctl(u_char *buf, size_t size)
 {
-	int mib[2];
+	const int mib[2] = { CTL_KERN, KERN_ARND };
 	size_t len, done;
 
-	mib[0] = CTL_KERN;
-	mib[1] = KERN_ARND;
 	done = 0;
 
 	do {
diff --git a/compat/getentropy_netbsd.c b/compat/getentropy_netbsd.c
index 45d68c9..5dc8959 100644
--- a/compat/getentropy_netbsd.c
+++ b/compat/getentropy_netbsd.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: getentropy_netbsd.c,v 1.3 2016/08/07 03:27:21 tb Exp $	*/
+/*	$OpenBSD: getentropy_netbsd.c,v 1.4 2020/10/12 22:08:33 deraadt Exp $	*/
 
 /*
  * Copyright (c) 2014 Pawel Jakub Dawidek <pjd@FreeBSD.org>
@@ -32,11 +32,9 @@
 static size_t
 getentropy_sysctl(u_char *buf, size_t size)
 {
-	int mib[2];
+	const int mib[2] = { CTL_KERN, KERN_ARND };
 	size_t len, done;
 
-	mib[0] = CTL_KERN;
-	mib[1] = KERN_ARND;
 	done = 0;
 
 	do {
diff --git a/compat/getentropy_win.c b/compat/getentropy_win.c
index 2abeb27..64514b3 100644
--- a/compat/getentropy_win.c
+++ b/compat/getentropy_win.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: getentropy_win.c,v 1.5 2016/08/07 03:27:21 tb Exp $	*/
+/*	$OpenBSD: getentropy_win.c,v 1.6 2020/11/11 10:41:24 bcook Exp $	*/
 
 /*
  * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org> 
@@ -21,39 +21,30 @@
  */
 
 #include <windows.h>
+#include <bcrypt.h>
 #include <errno.h>
 #include <stdint.h>
 #include <sys/types.h>
-#include <wincrypt.h>
-#include <process.h>
 
 int	getentropy(void *buf, size_t len);
 
 /*
- * On Windows, CryptGenRandom is supposed to be a well-seeded
- * cryptographically strong random number generator.
+ * On Windows, BCryptGenRandom with BCRYPT_USE_SYSTEM_PREFERRED_RNG is supposed
+ * to be a well-seeded, cryptographically strong random number generator.
+ * https://docs.microsoft.com/en-us/windows/win32/api/bcrypt/nf-bcrypt-bcryptgenrandom
  */
 int
 getentropy(void *buf, size_t len)
 {
-	HCRYPTPROV provider;
-
 	if (len > 256) {
 		errno = EIO;
 		return (-1);
 	}
 
-	if (CryptAcquireContext(&provider, NULL, NULL, PROV_RSA_FULL,
-	    CRYPT_VERIFYCONTEXT) == 0)
-		goto fail;
-	if (CryptGenRandom(provider, len, buf) == 0) {
-		CryptReleaseContext(provider, 0);
-		goto fail;
+	if (FAILED(BCryptGenRandom(NULL, buf, len, BCRYPT_USE_SYSTEM_PREFERRED_RNG))) {
+		errno = EIO;
+		return (-1);
 	}
-	CryptReleaseContext(provider, 0);
-	return (0);
 
-fail:
-	errno = EIO;
-	return (-1);
+	return (0);
 }
diff --git a/m4/check-os-options.m4 b/m4/check-os-options.m4
index 8241aee..c014efb 100644
--- a/m4/check-os-options.m4
+++ b/m4/check-os-options.m4
@@ -112,7 +112,7 @@ char buf[1]; getentropy(buf, 1);
 		CPPFLAGS="$CPPFLAGS -D_REENTRANT -D_POSIX_THREAD_SAFE_FUNCTIONS"
 		CPPFLAGS="$CPPFLAGS -DWIN32_LEAN_AND_MEAN -D_WIN32_WINNT=0x0600"
 		CPPFLAGS="$CPPFLAGS"
-		AC_SUBST([PLATFORM_LDADD], ['-lws2_32'])
+		AC_SUBST([PLATFORM_LDADD], ['-lws2_32 -lbcrypt'])
 		;;
 	*solaris*)
 		HOST_OS=solaris
diff --git a/man/Makefile.am b/man/Makefile.am
index c2f2697..ad840b6 100644
--- a/man/Makefile.am
+++ b/man/Makefile.am
@@ -2282,14 +2282,6 @@ install-data-hook:
 	ln -sf "SSL_num_renegotiations.3" "$(DESTDIR)$(mandir)/man3/SSL_clear_num_renegotiations.3"
 	ln -sf "SSL_num_renegotiations.3" "$(DESTDIR)$(mandir)/man3/SSL_total_renegotiations.3"
 	ln -sf "SSL_read.3" "$(DESTDIR)$(mandir)/man3/SSL_peek.3"
-	ln -sf "SSL_read_early_data.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_max_early_data.3"
-	ln -sf "SSL_read_early_data.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_max_early_data.3"
-	ln -sf "SSL_read_early_data.3" "$(DESTDIR)$(mandir)/man3/SSL_SESSION_get_max_early_data.3"
-	ln -sf "SSL_read_early_data.3" "$(DESTDIR)$(mandir)/man3/SSL_SESSION_set_max_early_data.3"
-	ln -sf "SSL_read_early_data.3" "$(DESTDIR)$(mandir)/man3/SSL_get_early_data_status.3"
-	ln -sf "SSL_read_early_data.3" "$(DESTDIR)$(mandir)/man3/SSL_get_max_early_data.3"
-	ln -sf "SSL_read_early_data.3" "$(DESTDIR)$(mandir)/man3/SSL_set_max_early_data.3"
-	ln -sf "SSL_read_early_data.3" "$(DESTDIR)$(mandir)/man3/SSL_write_early_data.3"
 	ln -sf "SSL_renegotiate.3" "$(DESTDIR)$(mandir)/man3/SSL_renegotiate_abbreviated.3"
 	ln -sf "SSL_renegotiate.3" "$(DESTDIR)$(mandir)/man3/SSL_renegotiate_pending.3"
 	ln -sf "SSL_rstate_string.3" "$(DESTDIR)$(mandir)/man3/SSL_rstate_string_long.3"
@@ -3101,16 +3093,6 @@ install-data-hook:
 	ln -sf "tls_read.3" "$(DESTDIR)$(mandir)/man3/tls_handshake.3"
 	ln -sf "tls_read.3" "$(DESTDIR)$(mandir)/man3/tls_reset.3"
 	ln -sf "tls_read.3" "$(DESTDIR)$(mandir)/man3/tls_write.3"
-	ln -sf "x509_verify.3" "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_chain.3"
-	ln -sf "x509_verify.3" "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_error_depth.3"
-	ln -sf "x509_verify.3" "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_error_string.3"
-	ln -sf "x509_verify.3" "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_free.3"
-	ln -sf "x509_verify.3" "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_new.3"
-	ln -sf "x509_verify.3" "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_set_intermediates.3"
-	ln -sf "x509_verify.3" "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_set_max_chains.3"
-	ln -sf "x509_verify.3" "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_set_max_depth.3"
-	ln -sf "x509_verify.3" "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_set_max_signatures.3"
-	ln -sf "x509_verify.3" "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_set_purpose.3"
 
 uninstall-local:
 	-rm -f "$(DESTDIR)$(mandir)/man3/ACCESS_DESCRIPTION_free.3"
@@ -4903,14 +4885,6 @@ uninstall-local:
 	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_clear_num_renegotiations.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_total_renegotiations.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_peek.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_max_early_data.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_max_early_data.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_SESSION_get_max_early_data.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_SESSION_set_max_early_data.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_early_data_status.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_max_early_data.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_max_early_data.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_write_early_data.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_renegotiate_abbreviated.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_renegotiate_pending.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_rstate_string_long.3"
@@ -5722,13 +5696,3 @@ uninstall-local:
 	-rm -f "$(DESTDIR)$(mandir)/man3/tls_handshake.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/tls_reset.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/tls_write.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_chain.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_error_depth.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_error_string.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_free.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_new.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_set_intermediates.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_set_max_chains.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_set_max_depth.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_set_max_signatures.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_set_purpose.3"
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-04-05 14:22:27 +0000
argument to get_cached_commit_buffer (3ce85f7e5a41116145179f0fae2ce6d86558d099) * commit: add repository argument to lookup_commit_reference (2122f6754c93be8f02bfb5704ed96c88fc9837a8) * object: add repository argument to parse_object (109cd76dd3467bd05f8d2145b857006649741d5c) * tag: add repository argument to deref_tag (a74093da5ed601a09fa158e5ba6f6f14c1142a3e) * tag: add repository argument to lookup_tag (ce71efb713f97f476a2d2ab541a0c73f684a5db3) * tree: add repository argument to lookup_tree (f86bcc7b2ce6cad68ba1a48a528e380c6126705e) * archive.c: avoid access to the_index (b612ee202a48f129f81f8f6a5af6cf71d1a9caef) * for_each_*_object: move declarations to object-store.h (0889aae1cd18c1804ba01c1a4229e516dfb9fe9b) Signed-off-by: Christian Hesse <mail@eworm.de> 2018-09-11ui-ssdiff: ban strcat()Christian Hesse Git upstream bans strcat() with commit: banned.h: mark strcat() as banned 1b11b64b815db62f93a04242e4aed5687a448748 Signed-off-by: Christian Hesse <mail@eworm.de> 2018-09-11ui-ssdiff: ban strncpy()Christian Hesse Git upstream bans strncpy() with commit: banned.h: mark strncpy() as banned e488b7aba743d23b830d239dcc33d9ca0745a9ad Signed-off-by: Christian Hesse <mail@eworm.de> 2018-09-11ui-shared: ban strcat()Christian Hesse Git upstream bans strcat() with commit: banned.h: mark strcat() as banned 1b11b64b815db62f93a04242e4aed5687a448748 To avoid compiler warnings from gcc 8.1.x we get the hard way. Signed-off-by: Christian Hesse <mail@eworm.de> 2018-09-11ui-patch: ban sprintf()Christian Hesse Git upstream bans sprintf() with commit: banned.h: mark sprintf() as banned cc8fdaee1eeaf05d8dd55ff11f111b815f673c58 Signed-off-by: Christian Hesse <mail@eworm.de> 2018-09-11ui-log: ban strncpy()Christian Hesse Git upstream bans strncpy() with commit: banned.h: mark strncpy() as banned e488b7aba743d23b830d239dcc33d9ca0745a9ad Signed-off-by: Christian Hesse <mail@eworm.de> 2018-09-11ui-log: ban strcpy()Christian Hesse Git upstream bans strcpy() with commit: automatically ban strcpy() c8af66ab8ad7cd78557f0f9f5ef6a52fd46ee6dd Signed-off-by: Christian Hesse <mail@eworm.de> 2018-09-11parsing: ban sprintf()Christian Hesse Git upstream bans sprintf() with commit: banned.h: mark sprintf() as banned cc8fdaee1eeaf05d8dd55ff11f111b815f673c58 Signed-off-by: Christian Hesse <mail@eworm.de> 2018-09-11parsing: ban strncpy()Christian Hesse Git upstream bans strncpy() with commit: banned.h: mark strncpy() as banned e488b7aba743d23b830d239dcc33d9ca0745a9ad Signed-off-by: Christian Hesse <mail@eworm.de> 2018-08-28filters: generate anchor links from markdownChristian Hesse This makes the markdown filter generate anchor links for headings. Signed-off-by: Christian Hesse <mail@eworm.de> Tested-by: jean-christophe manciot <actionmystique@gmail.com> 2018-08-03Bump version.Jason A. Donenfeld Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2018-08-03clone: fix directory traversalJason A. Donenfeld This was introduced in the initial version of this code, way back when in 2008. $ curl http://127.0.0.1/cgit/repo/objects/?path=../../../../../../../../../etc/passwd root:x:0:0:root:/root:/bin/sh ... Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Reported-by: Jann Horn <jannh@google.com> 2018-08-03config: record repo.snapshot-prefix in the per-repo configKonstantin Ryabitsev