Re: cwm(1): Enable numpad Enter on menus
On Sat 2016.08.27 at 23:53 -0300, Henrique N. Lengler wrote: > > Hi, > > > > This is a tiny patch to enable the use of numpad Enter key on cwm menus. > > > > Regards, > > > > Henrique N. Lengler > > No intention to apply this? > > Numpad enter key is is recognized by every program on openbsd base and > xenocara, > so this would keep consistency. Anyway it is only one line. Applied; thank you!
Re: add option for disabling TLS session tickets to libttls
On 08/22/16 08:17, Claudio Jeker wrote: On Sun, Aug 21, 2016 at 02:25:15PM -0400, Ted Unangst wrote: Andreas Bartelt wrote: Since the use of TLS session tickets potentially interferes with forward secrecy on a per-session basis, I'd personally prefer an opt-in in libtls as well as in httpd with regard to its usage. However, such a semantic change would not be transparent. Any opinions on this? Defaulting to off makes sense to me. It's the marginally safer option and at small scale probably not a performance concern. But if the default results in 900 "tutorials" telling people to turn it back on because web scale, then all we've done is make things difficult. While I agree it is important to turn them on for HTTP servers or any other protocol that does a lot of reconnects. This should also include the magic to make them work accross multiple processes (see my relayd diff for that -- which uses the libssl callback madness though). Without tickets the full TLS handshake will be made for every reconnect which is a common mode of operation for HTTP. Also I think tickets are a bit saver than the session cache (which AFAIK is also default on for servers) and probably the fallback mode. Client side tickets should be enabled since they are just pass along to the next connect without processing them. here's another diff which also adds enable/disable functions with regard to TLS session resumption. Although this mechanism is technically not a TLS extension, it is also optional and basically provides the same functionality as the TLS session ticket extension. This diff is transparent to the current behaviour of libtls, i.e., it enables session tickets as well as session resumption by default. As I already said, I personally don't like the current default. In particular, I don't like the lack of key management for TLS tickets which always has to be done manually (see Claudio's relayd patch on tech@). If things go wrong, the corresponding damage might be pretty high on long-running TLS servers. I suppose further API functions should be added for explicitly configuring session resumption and session ticket parameters. During testing, I've also noticed that the session resumption mechanism currently doesn't work reliably. It always seems to fail at the first session resumption attempt, and it works with unpredictable reliability afterwards. I didn't look at the corresponding code in libssl yet. OK? Index: src/lib/libtls/tls.h === RCS file: /cvs/src/lib/libtls/tls.h,v retrieving revision 1.35 diff -u -p -u -r1.35 tls.h --- src/lib/libtls/tls.h 22 Aug 2016 14:58:26 - 1.35 +++ src/lib/libtls/tls.h 28 Aug 2016 10:35:31 - @@ -41,6 +41,10 @@ extern "C" { #define TLS_WANT_POLLIN -2 #define TLS_WANT_POLLOUT -3 +/* TLS extensions and other optional mechanisms */ +#define TLS_SESSION_RESUMPTION 0x0001L +#define TLS_SESSION_TICKETS 0x0002L + struct tls; struct tls_config; @@ -78,6 +82,12 @@ int tls_config_set_keypair_mem(struct tl size_t _cert_len, const uint8_t *_key, size_t _key_len); void tls_config_set_protocols(struct tls_config *_config, uint32_t _protocols); void tls_config_set_verify_depth(struct tls_config *_config, int _verify_depth); + +void tls_config_enable_session_resumption(struct tls_config *_config); +void tls_config_enable_session_tickets(struct tls_config *_config); + +void tls_config_disable_session_resumption(struct tls_config *_config); +void tls_config_disable_session_tickets(struct tls_config *_config); void tls_config_prefer_ciphers_client(struct tls_config *_config); void tls_config_prefer_ciphers_server(struct tls_config *_config); Index: src/lib/libtls/tls_config.c === RCS file: /cvs/src/lib/libtls/tls_config.c,v retrieving revision 1.28 diff -u -p -u -r1.28 tls_config.c --- src/lib/libtls/tls_config.c 22 Aug 2016 14:55:59 - 1.28 +++ src/lib/libtls/tls_config.c 28 Aug 2016 10:35:32 - @@ -193,6 +193,9 @@ tls_config_new(void) tls_config_set_protocols(config, TLS_PROTOCOLS_DEFAULT); tls_config_set_verify_depth(config, 6); + tls_config_enable_session_resumption(config); + tls_config_enable_session_tickets(config); + tls_config_prefer_ciphers_server(config); tls_config_verify(config); @@ -580,6 +583,30 @@ void tls_config_set_verify_depth(struct tls_config *config, int verify_depth) { config->verify_depth = verify_depth; +} + +void +tls_config_enable_session_resumption(struct tls_config *config) +{ + config->tls_extensions |= TLS_SESSION_RESUMPTION; +} + +void +tls_config_enable_session_tickets(struct tls_config *config) +{ + config->tls_extensions |= TLS_SESSION_TICKETS; +} + +void +tls_config_disable_session_resumption(struct tls_config *config) +{ + config->tls_extensions &= ~TLS_SESSION_RESUMPTION; +} + +void +tls_config_disable_session_tickets(struct tls_config *config) +{ +
Re: cwm(1): Enable numpad Enter on menus
On 2016 Aug 27 (Sat) at 23:53:14 -0300 (-0300), Henrique N. Lengler wrote: :> Hi, :> :> This is a tiny patch to enable the use of numpad Enter key on cwm menus. :> :> Regards, :> :> Henrique N. Lengler : :No intention to apply this? : :Numpad enter key is is recognized by every program on openbsd base and xenocara, :so this would keep consistency. Anyway it is only one line. OK :Index: menu.c :=== :RCS file: /cvs/xenocara/app/cwm/menu.c,v :retrieving revision 1.90 :diff -u -p -r1.90 menu.c :--- menu.c 28 Apr 2016 16:28:38 - 1.90 :+++ menu.c 17 Aug 2016 19:14:06 - :@@ -523,6 +523,7 @@ menu_keycode(XKeyEvent *ev, enum ctltype : case XK_BackSpace: : *ctl = CTL_ERASEONE; : break; :+ case XK_KP_Enter: : case XK_Return: : *ctl = CTL_RETURN; : break; -- If you're not part of the solution, you're part of the precipitate.
Re: nsd 4.1.11
On Tue, Aug 16, 2016 at 07:00:39PM +, Florian Obser wrote: > OK? > anyone? diff --git buffer.h buffer.h index bee7d8b..9e17bc9 100644 --- buffer.h +++ buffer.h @@ -315,6 +315,20 @@ buffer_write_u32(buffer_type *buffer, uint32_t data) } static inline void +buffer_write_u64_at(buffer_type *buffer, size_t at, uint64_t data) +{ + assert(buffer_available_at(buffer, at, sizeof(data))); + write_uint64(buffer->_data + at, data); +} + +static inline void +buffer_write_u64(buffer_type *buffer, uint64_t data) +{ + buffer_write_u64_at(buffer, buffer->_position, data); + buffer->_position += sizeof(data); +} + +static inline void buffer_read_at(buffer_type *buffer, size_t at, void *data, size_t count) { assert(buffer_available_at(buffer, at, count)); @@ -373,6 +387,21 @@ buffer_read_u32(buffer_type *buffer) return result; } +static inline uint64_t +buffer_read_u64_at(buffer_type *buffer, size_t at) +{ + assert(buffer_available_at(buffer, at, sizeof(uint64_t))); + return read_uint64(buffer->_data + at); +} + +static inline uint64_t +buffer_read_u64(buffer_type *buffer) +{ + uint64_t result = buffer_read_u64_at(buffer, buffer->_position); + buffer->_position += sizeof(uint64_t); + return result; +} + /* * Print to the buffer, increasing the capacity if required using * buffer_reserve(). The buffer's position is set to the terminating diff --git configlexer.lex configlexer.lex index 113fa22..d536352 100644 --- configlexer.lex +++ configlexer.lex @@ -236,6 +236,7 @@ zone{COLON} { LEXOUT(("v(%s) ", yytext)); return VAR_ZONE;} zonefile{COLON}{ LEXOUT(("v(%s) ", yytext)); return VAR_ZONEFILE;} zonestats{COLON} { LEXOUT(("v(%s) ", yytext)); return VAR_ZONESTATS;} allow-notify{COLON}{ LEXOUT(("v(%s) ", yytext)); return VAR_ALLOW_NOTIFY;} +size-limit-xfr{COLON} { LEXOUT(("v(%s) ", yytext)); return VAR_SIZE_LIMIT_XFR;} request-xfr{COLON} { LEXOUT(("v(%s) ", yytext)); return VAR_REQUEST_XFR;} notify{COLON} { LEXOUT(("v(%s) ", yytext)); return VAR_NOTIFY;} notify-retry{COLON}{ LEXOUT(("v(%s) ", yytext)); return VAR_NOTIFY_RETRY;} @@ -268,6 +269,10 @@ zonefiles-check{COLON} { LEXOUT(("v(%s) ", yytext)); return VAR_ZONEFILES_CHECK; zonefiles-write{COLON} { LEXOUT(("v(%s) ", yytext)); return VAR_ZONEFILES_WRITE;} log-time-ascii{COLON} { LEXOUT(("v(%s) ", yytext)); return VAR_LOG_TIME_ASCII;} round-robin{COLON} { LEXOUT(("v(%s) ", yytext)); return VAR_ROUND_ROBIN;} +max-refresh-time{COLON}{ LEXOUT(("v(%s) ", yytext)); return VAR_MAX_REFRESH_TIME;} +min-refresh-time{COLON}{ LEXOUT(("v(%s) ", yytext)); return VAR_MIN_REFRESH_TIME;} +max-retry-time{COLON} { LEXOUT(("v(%s) ", yytext)); return VAR_MAX_RETRY_TIME;} +min-retry-time{COLON} { LEXOUT(("v(%s) ", yytext)); return VAR_MIN_RETRY_TIME;} {NEWLINE} { LEXOUT(("NL\n")); cfg_parser->line++;} /* Quoted strings. Strip leading and ending quotes */ diff --git configparser.y configparser.y index 1d824d1..9089665 100644 --- configparser.y +++ configparser.y @@ -54,7 +54,7 @@ extern config_parser_state_t* cfg_parser; %token VAR_TCP_MSS VAR_OUTGOING_TCP_MSS VAR_IP_FREEBIND %token VAR_ZONEFILE %token VAR_ZONE -%token VAR_ALLOW_NOTIFY VAR_REQUEST_XFR VAR_NOTIFY VAR_PROVIDE_XFR +%token VAR_ALLOW_NOTIFY VAR_REQUEST_XFR VAR_NOTIFY VAR_PROVIDE_XFR VAR_SIZE_LIMIT_XFR %token VAR_NOTIFY_RETRY VAR_OUTGOING_INTERFACE VAR_ALLOW_AXFR_FALLBACK %token VAR_KEY %token VAR_ALGORITHM VAR_SECRET @@ -69,6 +69,8 @@ extern config_parser_state_t* cfg_parser; %token VAR_RRL_WHITELIST_RATELIMIT VAR_RRL_WHITELIST %token VAR_ZONEFILES_CHECK VAR_ZONEFILES_WRITE VAR_LOG_TIME_ASCII %token VAR_ROUND_ROBIN VAR_ZONESTATS VAR_REUSEPORT VAR_VERSION +%token VAR_MAX_REFRESH_TIME VAR_MIN_REFRESH_TIME +%token VAR_MAX_RETRY_TIME VAR_MIN_RETRY_TIME %% toplevelvars: /* empty */ | toplevelvars toplevelvar ; @@ -598,7 +600,9 @@ content_pattern: pattern_name | zone_config_item; zone_config_item: zone_zonefile | zone_allow_notify | zone_request_xfr | zone_notify | zone_notify_retry | zone_provide_xfr | zone_outgoing_interface | zone_allow_axfr_fallback | include_pattern | - zone_rrl_whitelist | zone_zonestats; + zone_rrl_whitelist | zone_zonestats | zone_max_refresh_time | + zone_min_refresh_time | zone_max_retry_time | zone_min_retry_time | + zone_size_limit_xfr; pattern_name: VAR_NAME STRING { OUTYY(("P(pattern_name:%s)\n", $2)); @@ -714,6 +718,14 @@ zone_request_xfr: VAR_REQUEST_XFR zone_request_xfr_data { } ; +zone_size_limit_xfr: VAR_SIZE_LIMIT_XFR STRING + { + OUTYY(("P(size_limit_xfr:%s)\n", $2)); + if(atoll($2) < 0) + yyerror("number >= 0 expected"); + else cfg_parser->current_pattern->size_limit_xfr = atoll($2); + } + ;
Re: ld.so: remove unused syscall stubs
> Date: Sat, 27 Aug 2016 21:14:20 -0700 > From: Philip Guenther> > _dl_gettimeofday() was used by the prebind code, which was recently > removed. > > _dl_lstat() was only used by _dl_realpath(), which no longer needs it. > > ok? ok kettenis@ > Index: alpha/ldasm.S > === > RCS file: /cvs/src/libexec/ld.so/alpha/ldasm.S,v > retrieving revision 1.36 > diff -u -p -r1.36 ldasm.S > --- alpha/ldasm.S 7 Aug 2016 03:05:23 - 1.36 > +++ alpha/ldasm.S 28 Aug 2016 04:12:17 - > @@ -316,10 +316,8 @@ DL_SYSCALL(getdents) > DL_SYSCALL(getentropy) > DL_SYSCALL(sendsyslog) > DL_SYSCALL(pledge) > -DL_SYSCALL(gettimeofday) > DL_SYSCALL_NOERR(issetugid) > DL_SYSCALL_NOERR(getthrid) > -DL_SYSCALL(lstat) > DL_SYSCALL(mprotect) > DL_SYSCALL(munmap) > DL_SYSCALL(open) > Index: alpha/syscall.h > === > RCS file: /cvs/src/libexec/ld.so/alpha/syscall.h,v > retrieving revision 1.34 > diff -u -p -r1.34 syscall.h > --- alpha/syscall.h 4 Jul 2016 21:15:06 - 1.34 > +++ alpha/syscall.h 28 Aug 2016 04:12:17 - > @@ -51,10 +51,8 @@ int_dl_fstat(int, struct stat *); > ssize_t _dl_getdents(int, char *, size_t); > long _dl__syscall(quad_t, ...); > int _dl_sysctl(const int *, u_int, void *, size_t *, void *, size_t); > -int _dl_gettimeofday(struct timeval *, struct timezone *); > ssize_t _dl_readlink(const char *, char *, size_t); > int _dl_pledge(const char *, const char **); > -int _dl_lstat(const char *, struct stat *); > int _dl_getcwd(char *, size_t); > int _dl_utrace(const char *, const void *, size_t); > int _dl_getentropy(char *, size_t); > Index: amd64/ldasm.S > === > RCS file: /cvs/src/libexec/ld.so/amd64/ldasm.S,v > retrieving revision 1.24 > diff -u -p -r1.24 ldasm.S > --- amd64/ldasm.S 7 May 2016 19:05:23 - 1.24 > +++ amd64/ldasm.S 28 Aug 2016 04:12:17 - > @@ -91,10 +91,8 @@ DL_SYSCALL(getthrid) > DL_SYSCALL(getdents) > DL_SYSCALL(mprotect) > DL_SYSCALL(munmap) > -DL_SYSCALL(gettimeofday) > DL_SYSCALL(exit) > DL_SYSCALL(readlink) > -DL_SYSCALL(lstat) > DL_SYSCALL(utrace) > DL_SYSCALL(getentropy) > DL_SYSCALL(sendsyslog) > Index: amd64/syscall.h > === > RCS file: /cvs/src/libexec/ld.so/amd64/syscall.h,v > retrieving revision 1.22 > diff -u -p -r1.22 syscall.h > --- amd64/syscall.h 4 Jul 2016 21:15:06 - 1.22 > +++ amd64/syscall.h 28 Aug 2016 04:12:18 - > @@ -51,10 +51,8 @@ ssize_t_dl_read(int, const char *, size > int _dl_fstat(int, struct stat *); > ssize_t _dl_getdents(int, char *, size_t); > int _dl_sysctl(const int *, u_int, void *, size_t *, void *, size_t); > -int _dl_gettimeofday(struct timeval *, struct timezone *); > ssize_t _dl_readlink(const char *, char *, size_t); > int _dl_pledge(const char *, const char **); > -int _dl_lstat(const char *, struct stat *); > int _dl_getcwd(char *, size_t); > int _dl_utrace(const char *, const void *, size_t); > int _dl_getentropy(char *, size_t); > Index: arm/ldasm.S > === > RCS file: /cvs/src/libexec/ld.so/arm/ldasm.S,v > retrieving revision 1.23 > diff -u -p -r1.23 ldasm.S > --- arm/ldasm.S 9 Aug 2016 03:58:35 - 1.23 > +++ arm/ldasm.S 28 Aug 2016 04:12:18 - > @@ -126,9 +126,7 @@ DL_SYSCALL(open) > DL_SYSCALL(read) > DL_SYSCALL(write) > DL_SYSCALL(fstat) > -DL_SYSCALL(gettimeofday) > DL_SYSCALL(readlink) > -DL_SYSCALL(lstat) > DL_SYSCALL(utrace) > DL_SYSCALL(getentropy) > DL_SYSCALL(sendsyslog) > Index: arm/syscall.h > === > RCS file: /cvs/src/libexec/ld.so/arm/syscall.h,v > retrieving revision 1.22 > diff -u -p -r1.22 syscall.h > --- arm/syscall.h 4 Jul 2016 21:15:06 - 1.22 > +++ arm/syscall.h 28 Aug 2016 04:12:18 - > @@ -51,10 +51,8 @@ ssize_t_dl_read(int, const char *, size > int _dl_fstat(int, struct stat *); > ssize_t _dl_getdents(int, char *, size_t); > int _dl_sysctl(const int *, u_int, void *, size_t *, void *, size_t); > -int _dl_gettimeofday(struct timeval *, struct timezone *); > ssize_t _dl_readlink(const char *, char *, size_t); > int _dl_pledge(const char *, const char **); > -int _dl_lstat(const char *, struct stat *); > int _dl_getcwd(char *, size_t); > int _dl_utrace(const char *, const void *, size_t); > int _dl_getentropy(char *, size_t); > Index: hppa/ldasm.S > === > RCS file: /cvs/src/libexec/ld.so/hppa/ldasm.S,v > retrieving revision 1.21 > diff -u -p -r1.21 ldasm.S > --- hppa/ldasm.S 7 May 2016 19:05:23 - 1.21 > +++ hppa/ldasm.S 28 Aug 2016