The getenv(3) and unsetenv(3) functions already support this.
This will make it easier to emulate the glibc clearenv() function in ports.
Based on a diff from and OK jca@
correctly - logically complete that now by removing MLINKS from base;
authors need only to ensure there is an entry in NAME for any function/
util being added. MLINKS will still work, and remain for perl to ease
upgrades;
ok nicm (curses) bcook (ssl)
ok schwarze, who provided a lot of feedback and assistance
ok tb natano jung
void return types 'return no value'. This is obvious and therefore
unneccessary to mention.
We spare rewind(3)'s sentence because espie@ pointed out that it's a
warning - the function masks a potential error.
This commit also adds a sentence to X509_free clarifying that it's
NULL-safe. This bit was discussed with doug@.
ok martijn@, sentiment supported by schwarze@
The 'A' option elevated warnings to errors, and has been the default for some
time. Then warnings were effectively eliminated in favor of everything
being an error, but then the 'a' flag turned real errors into warnings!
Remove the 'a' option entirely. You shouldn't have used it anyway.
ok tb tdeval
Work around this particular case by reseeding whenever pid=1, but as guenther@
notes, directly calling clone(2), and then forking to match another pid,
provides other ways to bypass new process detection on Linux.
Hopefully at some point Linux implements something like MAP_INHERIT_ZERO, and
does not invent a corresponding mechanism to subvert it.
Noted by Sebastian Krahmer and the opmsg team.
See http://stealth.openwall.net/crypto/randup.c for a test program.
ok beck@
if the data is needed. Use O_CLOEXEC on the internal fd as MT paranoia.
Fix cast in offset calculation; delete register keyword;
prefer memset() over bzero()
ok millert@
1. Optionally add random "canaries" to the end of an allocation. This
requires increasing the internal size of the allocation slightly, which
probably results in a large effective increase with current power of two
sizing. Therefore, this option is only enabled via 'C'.
2. When writing junk (0xdf) to freed chunks (current default behavior),
check that the junk is still intact when finally freeing the delayed chunk
to catch some potential use after free. This should be pretty cheap so
there's no option to control it separately.
ok deraadt tb
stubs for the executable from crtbegin.o into libc, which lets them be
excluded from static links that don't use them.
For this, drop the normal crt{begin,end}S.o from libc.so: the .init and .fini
sections for libc aren't called at the right times anyway, so it's good that
they're unused. libc.so just needs __guard_local and the .note.openbsd.ident
section, so add them to stack_protector.c for now (this will be improved)
"good time" deraadt@
millert