Re: libressl vs openssl

[Martijn van Duren]

On Fri, 2022-01-28 at 21:18 +, Stuart Henderson wrote:
> On 2022-01-28, Laura Smith  wrote:
> > ‐‐‐ Original Message ‐‐‐
> > 
> > On Friday, January 28th, 2022 at 14:43, dansk puffer 
> >  wrote:
> > 
> > > Are there any major security differences between libressl and openssl 
> > > nowadays? From what I read the situation for openssl improved and some 
> > > Linux distros switched back to openssl again with mostly? OpenBSD 
> > > remaining to use libressl.
> > 
> > For me at least, my main beef with Libressl is that it has seemingly mostly 
> > achieved its security posture by removing functions.
> > 
> > Unfortunatley the functions removed are not obscure ones, but more common 
> > ones such as, IIRC, various very useful certificate and PKCS11 related 
> > functions.
> 
> I think you'll need to back that up with some examples. Lots of code has
> been removed but much of that is not API-affecting. In particular *common*
> ones are not removed.
> 
> Almost nothing in the ports tree uses OpenSSL. The exceptions
> are nsca-ng (PSK was removed; almost nothing uses that),
> opensmtpd-filter-dkimsign (libressl doesn't have all of the ed25519 api
> from newer openssl yet), 
> 
To be more precise, this only goes for the -ed25519 flavor. The main
flavor is compiled with libressl. For most people, ed25519 dkim
signatures aren't even interesting yet, since most verifiers out there
(including the major players last time I checked) don't even support it
yet.

> sslscan (uses a special build with some
> outdated protocols enabled so that it can scan a server to see what it's
> using), and libretls (implementation of the libtls API against OpenSSL
> backend, used for testing portable versions of some OpenBSD software).
> That's all.
> 
> There are some functions from OpenSSL 1.1+ API that haven't been added
> to LibreSSL yet, though these days many of the ones which are _actually_
> used by various software have been added.
> 
> (Besides, not adding new functions that were added to OpenSSL after
> LibreSSL was forked is not the same thing as removing functions.)
> 
> 

Re: laptop touchpad works fine for a while, then stops working

[Jonathan Thornburg]

On Fri, Jan 28, 2022 at 11:09:17PM +0100, Ulf Brosziewski wrote:
> Most likely this means it's a hardware or firmware problem.

Thanks for the diagnosis.  I guess I'll just have to live with the
problem (and hope it doesn't become more frequent).

--
-- "Jonathan Thornburg [remove color- to reply]" 
   on the west coast of Canada, eh?
   "There was of course no way of knowing whether you were being watched
at any given moment.  How often, or on what system, the Thought Police
plugged in on any individual wire was guesswork.  It was even conceivable
that they watched everybody all the time."  -- George Orwell, "1984"

Re: Behavior of sndioctl

[Yoshihiro Kawamata]

Hi, James

From: James 
Subject: Re: Behavior of sndioctl
Date: Fri, 28 Jan 2022 09:50:40 +

> Did you solve this? I'm experiencing a problem with sndioctl in
> which toggling output.mute has no effect.

My problem still hasn't been solved. It also occurs in the current
version 7.0. It may be a specification, not a problem.

> I'm able to successfully change the volume of audio from running
> programs by running `sndioctl output.level=0.XXX` but setting
> output.mute=1 does nothing and audio can still be heard.
> 
> Any ideas?

Can you try the following command with root privileges?

# mixerctl outputs.master.mute=on
# mixerctl outputs.master.mute=off

If this does not change the mute, the problem may not be with
sndioctl, but with the sound driver or audio codec hardware.

What happens if you run it on other hardware?

Yoshihiro

Re: has the definition of 'nice' changed?

[Jonathan Thornburg]

In  I wrote
> I've just noticed something odd about the scheduling of processes with
> varying 'nice' values (7.0-stable/amd64, GENERIC.MP): it appears that
> processes with 'nice 20' are given more favorable scheduling than those
> with 'nice 10', which is exactly the opposite of what I'd expect [[...]]

In ,
Otto Moerbeek replied
> Are youre processes multithreaded?? Check with top -H.

I apologise for the long delay in followup (unrelated work crises).

No, they're not multithreaded -- they're all instances of a (the same)
single-threaded "number-crunching" code written in C++ (compiled by
clang 11.1.0 from ports).  Here's the first part of the output of
'top -H -s -i -s1' for another set of such processes I have running
right now:

398 threads: 4 running, 390 idle, 4 on processor   up 21:36
CPU0:  0.0% user, 96.0% nice,  0.0% sys,  0.0% spin,  4.0% intr,  0.0% idle
CPU1:  0.0% user,  100% nice,  0.0% sys,  0.0% spin,  0.0% intr,  0.0% idle
CPU2:  1.0% user, 99.0% nice,  0.0% sys,  0.0% spin,  0.0% intr,  0.0% idle
CPU3:  0.0% user,  100% nice,  0.0% sys,  0.0% spin,  0.0% intr,  0.0% idle
Memory: Real: 2841M/8293M act/tot Free: 7195M Cache: 4179M Swap: 0K/34G

  PID  TID PRI NICE  SIZE   RES STATE WAIT  TIMECPU COMMAND
88761   356466  84   10   21M   24M onproc/3  -16:36 99.02% smp-O3
87643   189282 104   20   39M   42M run/2 -14:38 98.93% smp-O3
 4015   151196 104   20   40M   43M onproc/0  - 4:47 51.27% smp-O3
92541   618295  84   10   22M   24M run/1 - 4:48 49.85% smp-O3
26221   169495  84   10   21M   24M onproc/1  - 9:55 49.17% smp-O3
 7827   115940 104   20   39M   42M run/0 -11:45 47.31% smp-O3
61507   342772   20   41M   87M sleep/0   poll  9:42  0.05% Xorg
61507   413182   20   41M   87M sleep/2   poll  0:29  0.05% Xorg

In this case I have 6 CPU-bound processes, 3 smaller ones started with
'nice -n 10 ...' and 3 larger ones started with 'nice -n 20', all running
on a 4-core machine.  I would have expected the three nice-10 processes
to get more CPU than the three nice-20 proesses, but clearly that's not
what's happening.

Looking at 'iostat 5' I see that I/O is pretty low (around 0.5 MB/s or
less).

I wonder if NaN handling might be causing kernel traps which change
the scheduling priority?

--
-- "Jonathan Thornburg [remove color- to reply]" 
   on the west coast of Canada, eh?
   "There was of course no way of knowing whether you were being watched
at any given moment.  How often, or on what system, the Thought Police
plugged in on any individual wire was guesswork.  It was even conceivable
that they watched everybody all the time."  -- George Orwell, "1984"

Re: libressl vs openssl

[Brian Brombacher]

> On Jan 28, 2022, at 11:53 AM, Laura Smith 
>  wrote:
> 
> ‐‐‐ Original Message ‐‐‐
> 
>> On Friday, January 28th, 2022 at 14:43, dansk puffer 
>>  wrote:
>> 
>> Are there any major security differences between libressl and openssl 
>> nowadays? From what I read the situation for openssl improved and some Linux 
>> distros switched back to openssl again with mostly? OpenBSD remaining to use 
>> libressl.
> 
> For me at least, my main beef with Libressl is that it has seemingly mostly 
> achieved its security posture by removing functions.
> 
> Unfortunatley the functions removed are not obscure ones, but more common 
> ones such as, IIRC, various very useful certificate and PKCS11 related 
> functions.
> 

Not to be rude, but you obviously don’t know anything about how code security 
works.

The less code surface area that attackers have to play with, the safer you are. 
 It is mathematically proven.

Now, removing code that had known quality and cultural SDLC issues that prevent 
the code from being secure, yes, I’m absolutely for removing that crap from the 
face of the earth.

If nobody else joins us, who gives a shit.

radeondrm / radeon 8570

[Chris Cappuccio]

is anyone trying to use an older radeondrm card with current?

i just moved my SSDs into an amd64 box with a radeon 8570 card and everything 
seems to work, glxgears works fast...

...until i start firefox or chrome, and pull up, say, youtube's 
video-image-laden front page, then the browser window mostly freezes up and 
responds extremely slowly, also after this point glxgears barely runs at all, 
it claims a 4 frames per second but is more like 4 seconds per frame, even 
after firefox is stopped

OpenBSD 7.0-current (GENERIC.MP) #287: Tue Jan 25 01:38:55 MST 2022
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 137342574592 (130980MB)
avail mem = 133162971136 (126994MB)
random: boothowto does not indicate good seed
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xcbacc018 (128 entries)
bios0: vendor Hewlett-Packard version "J63 v03.50" date 08/14/2013
bios0: Hewlett-Packard HP Z820 Workstation
acpi0 at bios0: ACPI 5.0
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC FPDT MCFG SRAT SLIT HPET SSDT SLIC SSDT SSDT ASF! 
TCPA IFEU
acpi0: wakeup devices PS2K(S3) UAR1(S3) BR20(S4) EUSB(S4) USBE(S4) GBE_(S4) 
NP1B(S4) NPE2(S4) NPE3(S4
) PEX1(S4) PEX2(S4) PEX4(S4) NPE2(S4) NPE3(S4) PWRB(S3)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Xeon(R) CPU E5-2667 0 @ 2.90GHz, 2893.42 MHz, 06-2d-07
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR
,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA
,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Xeon(R) CPU E5-2667 0 @ 2.90GHz, 2893.04 MHz, 06-2d-07
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Xeon(R) CPU E5-2667 0 @ 2.90GHz, 2893.04 MHz, 06-2d-07
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Xeon(R) CPU E5-2667 0 @ 2.90GHz, 2893.04 MHz, 06-2d-07
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 0, core 3, package 0
cpu4 at mainbus0: apid 8 (application processor)
cpu4: Intel(R) Xeon(R) CPU E5-2667 0 @ 2.90GHz, 2893.04 MHz, 06-2d-07
cpu4: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu4: 256KB 64b/line 8-way L2 cache
cpu4: smt 0, core 4, package 0
cpu5 at mainbus0: apid 10 (application processor)
cpu5: Intel(R) Xeon(R) CPU E5-2667 0 @ 2.90GHz, 2893.04 MHz, 06-2d-07
cpu5: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu5: 256KB 64b/line 8-way L2 cache
cpu5: smt 0, core 5, package 0
cpu6 at mainbus0: apid 32 (application processor)
cpu6: Intel(R) Xeon(R) CPU E5-2667 0 @ 2.90GHz, 2893.04 MHz, 06-2d-07
cpu6: 

Re: laptop touchpad works fine for a while, then stops working

[Ulf Brosziewski]

Moving a finger in circles on the touchpad produced these log lines?  If
that's the case, they match your description of the problem: they report
a contact that hardly ever moves, with only minimal changes of its position.
Every now and then a second contact is reported, and only once, after a
change of the contact count, a short and fast vertical movement (it might
be the only sequence without stale position data, and if the contact count
is 2, such a case may trigger scroll events).  Only pressure values are
reported regularly.

Most likely this means it's a hardware or firmware problem.


On 1/28/22 09:41, Jonathan Thornburg wrote:
> In , I wrote
>> I'm having a problem with my laptop touchpad under X (7.0-stable/amd64,
>> GENERIC.MP, Lenovo Thinkpad T580, full dmesg and Xorg.0.log given below):
>> When X is first started or restarted the touchpad is fine, but after X
>> has been running for "a while" (anywhere from 2 hours to some days),
>> the touchpad will suddenly stop working. [[...]]
> 
> In ,
> Ulf Brosziewski replied
>> When the touchpad stops working, you could enable wsmouse logging, make
>> one or two movements on the touchpad, and extract and post the relevant
>> part of /var/log/messages.  [[...]]
> 
> The problem has just re-occured (after almost 3 weeks with no occurences;
> at the time I previously wrote to misc@ it had been occuring ~daily)
> and after some fumbling around I was able to enable wsmouse logging
> as Ulf suggested.  After various mouse movements (mostly moving my
> finger around the touchpad in large circles) I restarted the X server
> (Ctrl/Alt/Backspace) but this failed to restore a working touchpad,
> nor did restarting the X server again, so eventually I copied
> /var/log/messages to a spool directory and rebooted.
> 
> Here's the tail (last 705 lines) of the copied /var/log/messages.
> 
> Jan 27 23:55:24 gold apmd: system resumed from sleep
> Jan 27 23:55:24 gold apmd: battery status: high. external power status: 
> connected. estimated battery life 88%
> Jan 28 00:14:20 gold /bsd: [wsmouse0-ev][0732] 11:37 18:0
> Jan 28 00:14:20 gold /bsd: [wsmouse0-in][0752] abs:1932,1163
> Jan 28 00:14:20 gold /bsd: [wsmouse0-ev][0752] 8:1932 9:1163 18:0
> Jan 28 00:14:20 gold /bsd: [wsmouse0-ev][0792] 11:36 18:0
> Jan 28 00:14:20 gold /bsd: [wsmouse0-ev][0812] 11:37 18:0
> Jan 28 00:14:20 gold /bsd: [wsmouse0-ev][0832] 11:36 18:0
> Jan 28 00:14:20 gold /bsd: [wsmouse0-ev][0842] 11:38 18:0
> Jan 28 00:14:20 gold /bsd: [wsmouse0-ev][0852] 11:36 18:0
> Jan 28 00:14:20 gold /bsd: [wsmouse0-ev][0862] 11:37 18:0
> Jan 28 00:14:20 gold /bsd: [wsmouse0-ev][0872] 11:36 18:0
> Jan 28 00:14:20 gold /bsd: [wsmouse0-ev][0892] 11:37 18:0
> Jan 28 00:14:20 gold /bsd: [wsmouse0-ev][0902] 11:40 18:0
> Jan 28 00:14:20 gold /bsd: [wsmouse0-ev][0912] 11:36 18:0
> Jan 28 00:14:20 gold /bsd: [wsmouse0-ev][0922] 11:38 18:0
> Jan 28 00:14:20 gold /bsd: [wsmouse0-ev][0942] 11:37 18:0
> Jan 28 00:14:20 gold /bsd: [wsmouse0-ev][0952] 11:36 18:0
> Jan 28 00:14:20 gold /bsd: [wsmouse0-ev][0962] 11:37 18:0
> Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][0982] 11:36 18:0
> Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1012] 11:38 18:0
> Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1022] 11:37 18:0
> Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1032] 11:36 18:0
> Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1042] 11:37 18:0
> Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1062] 11:35 18:0
> Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1072] 11:36 18:0
> Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1082] 11:35 18:0
> Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1092] 11:36 18:0
> Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1112] 11:37 18:0
> Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1132] 11:36 18:0
> Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1142] 11:37 18:0
> Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1162] 11:36 18:0
> Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1172] 11:37 18:0
> Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1182] 11:36 18:0
> Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1192] 11:35 18:0
> Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1202] 11:37 18:0
> Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1222] 11:36 18:0
> Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1232] 11:35 18:0
> Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1242] 11:37 18:0
> Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1252] 11:36 18:0
> Jan 28 00:14:21 gold /bsd: [wsmouse0-in][1272] abs:1934,1162
> Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1272] 8:1934 9:1162 11:35 18:0
> Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1282] 11:36 18:0
> Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1292] 11:35 18:0
> Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1302] 11:36 18:0
> Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1312] 11:35 18:0
> Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1342] 11:36 18:0
> Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1352] 11:35 18:0
> Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1362] 11:36 18:0
> Jan 28 00:14:21 

Re: libressl vs openssl

[Stuart Henderson]

On 2022-01-28, Laura Smith  wrote:
> ‐‐‐ Original Message ‐‐‐
>
> On Friday, January 28th, 2022 at 14:43, dansk puffer 
>  wrote:
>
>> Are there any major security differences between libressl and openssl 
>> nowadays? From what I read the situation for openssl improved and some Linux 
>> distros switched back to openssl again with mostly? OpenBSD remaining to use 
>> libressl.
>
> For me at least, my main beef with Libressl is that it has seemingly mostly 
> achieved its security posture by removing functions.
>
> Unfortunatley the functions removed are not obscure ones, but more common 
> ones such as, IIRC, various very useful certificate and PKCS11 related 
> functions.

I think you'll need to back that up with some examples. Lots of code has
been removed but much of that is not API-affecting. In particular *common*
ones are not removed.

Almost nothing in the ports tree uses OpenSSL. The exceptions
are nsca-ng (PSK was removed; almost nothing uses that),
opensmtpd-filter-dkimsign (libressl doesn't have all of the ed25519 api
from newer openssl yet), sslscan (uses a special build with some
outdated protocols enabled so that it can scan a server to see what it's
using), and libretls (implementation of the libtls API against OpenSSL
backend, used for testing portable versions of some OpenBSD software).
That's all.

There are some functions from OpenSSL 1.1+ API that haven't been added
to LibreSSL yet, though these days many of the ones which are _actually_
used by various software have been added.

(Besides, not adding new functions that were added to OpenSSL after
LibreSSL was forked is not the same thing as removing functions.)

Re: libressl vs openssl

[Amelia A Lewis]

On Fri, 28 Jan 2022 14:43:04 +, dansk puffer wrote:
> Are there any major security differences between libressl and openssl 
> nowadays? From what I read the situation for openssl improved and 
> some Linux distros switched back to openssl again with mostly? 
> OpenBSD remaining to use libressl.

Hmm. How could one know?

https://www.cvedetails.com/product/383/Openssl-Openssl.html?vendor_id=217
https://www.cvedetails.com/product/30688/Openbsd-Libressl.html?vendor_id=97

That's not the only place one could look, but it does seem a useful 
starting point. OpenSSL clearly has made improvements: they're in 
single-digit reports each year after 2017.

Amy!
-- 
Amelia A. Lewisamyzing {at} talsever.com
It's is not, it isn't ain't, and it's it's, not its, if you mean it is.
If you don't, it's its.  Then too, it's hers.  It isn't her's. It isn't
our's either.  It's ours, and likewise yours and theirs.
--OUP Edpress News

Re: libressl vs openssl

[Brian Brombacher]

> On Jan 28, 2022, at 9:46 AM, dansk puffer  wrote:
> 
> Are there any major security differences between libressl and openssl 
> nowadays? From what I read the situation for openssl improved and some Linux 
> distros switched back to openssl again with mostly? OpenBSD remaining to use 
> libressl.

I’m not sure you can fix cultural software quality issues in 2 years, but ok.

libressl vs openssl

[dansk puffer]

Are there any major security differences between libressl and openssl nowadays? 
From what I read the situation for openssl improved and some Linux distros 
switched back to openssl again with mostly? OpenBSD remaining to use libressl.

Re: laptop touchpad works fine for a while, then stops working

[Jonathan Thornburg]

In , I wrote
> I'm having a problem with my laptop touchpad under X (7.0-stable/amd64,
> GENERIC.MP, Lenovo Thinkpad T580, full dmesg and Xorg.0.log given below):
> When X is first started or restarted the touchpad is fine, but after X
> has been running for "a while" (anywhere from 2 hours to some days),
> the touchpad will suddenly stop working. [[...]]

In ,
Ulf Brosziewski replied
> When the touchpad stops working, you could enable wsmouse logging, make
> one or two movements on the touchpad, and extract and post the relevant
> part of /var/log/messages.  [[...]]

The problem has just re-occured (after almost 3 weeks with no occurences;
at the time I previously wrote to misc@ it had been occuring ~daily)
and after some fumbling around I was able to enable wsmouse logging
as Ulf suggested.  After various mouse movements (mostly moving my
finger around the touchpad in large circles) I restarted the X server
(Ctrl/Alt/Backspace) but this failed to restore a working touchpad,
nor did restarting the X server again, so eventually I copied
/var/log/messages to a spool directory and rebooted.

Here's the tail (last 705 lines) of the copied /var/log/messages.

Jan 27 23:55:24 gold apmd: system resumed from sleep
Jan 27 23:55:24 gold apmd: battery status: high. external power status: 
connected. estimated battery life 88%
Jan 28 00:14:20 gold /bsd: [wsmouse0-ev][0732] 11:37 18:0
Jan 28 00:14:20 gold /bsd: [wsmouse0-in][0752] abs:1932,1163
Jan 28 00:14:20 gold /bsd: [wsmouse0-ev][0752] 8:1932 9:1163 18:0
Jan 28 00:14:20 gold /bsd: [wsmouse0-ev][0792] 11:36 18:0
Jan 28 00:14:20 gold /bsd: [wsmouse0-ev][0812] 11:37 18:0
Jan 28 00:14:20 gold /bsd: [wsmouse0-ev][0832] 11:36 18:0
Jan 28 00:14:20 gold /bsd: [wsmouse0-ev][0842] 11:38 18:0
Jan 28 00:14:20 gold /bsd: [wsmouse0-ev][0852] 11:36 18:0
Jan 28 00:14:20 gold /bsd: [wsmouse0-ev][0862] 11:37 18:0
Jan 28 00:14:20 gold /bsd: [wsmouse0-ev][0872] 11:36 18:0
Jan 28 00:14:20 gold /bsd: [wsmouse0-ev][0892] 11:37 18:0
Jan 28 00:14:20 gold /bsd: [wsmouse0-ev][0902] 11:40 18:0
Jan 28 00:14:20 gold /bsd: [wsmouse0-ev][0912] 11:36 18:0
Jan 28 00:14:20 gold /bsd: [wsmouse0-ev][0922] 11:38 18:0
Jan 28 00:14:20 gold /bsd: [wsmouse0-ev][0942] 11:37 18:0
Jan 28 00:14:20 gold /bsd: [wsmouse0-ev][0952] 11:36 18:0
Jan 28 00:14:20 gold /bsd: [wsmouse0-ev][0962] 11:37 18:0
Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][0982] 11:36 18:0
Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1012] 11:38 18:0
Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1022] 11:37 18:0
Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1032] 11:36 18:0
Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1042] 11:37 18:0
Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1062] 11:35 18:0
Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1072] 11:36 18:0
Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1082] 11:35 18:0
Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1092] 11:36 18:0
Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1112] 11:37 18:0
Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1132] 11:36 18:0
Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1142] 11:37 18:0
Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1162] 11:36 18:0
Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1172] 11:37 18:0
Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1182] 11:36 18:0
Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1192] 11:35 18:0
Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1202] 11:37 18:0
Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1222] 11:36 18:0
Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1232] 11:35 18:0
Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1242] 11:37 18:0
Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1252] 11:36 18:0
Jan 28 00:14:21 gold /bsd: [wsmouse0-in][1272] abs:1934,1162
Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1272] 8:1934 9:1162 11:35 18:0
Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1282] 11:36 18:0
Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1292] 11:35 18:0
Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1302] 11:36 18:0
Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1312] 11:35 18:0
Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1342] 11:36 18:0
Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1352] 11:35 18:0
Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1362] 11:36 18:0
Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1422] 11:35 18:0
Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1472] 11:36 18:0
Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1502] 11:37 18:0
Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1512] 11:36 18:0
Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1522] 11:35 18:0
Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1562] 11:36 18:0
Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1602] 11:35 18:0
Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1612] 11:36 18:0
Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1722] 11:35 18:0
Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1732] 11:36 18:0
Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1742] 11:35 18:0
Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1772] 11:36 18:0
Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1802] 11:35 18:0
Jan 28 00:14:21 gold /bsd: [wsmouse0-ev][1812]