Re: __cxa_thread_atexit

On Mon, 4 Dec 2017, Mark Kettenis wrote: > The ld.so bits have been committed last week. So here is a new version > of the diff. This version exports __cxa_thread_atexit_impl such that > gcc picks up our implementation. __cxa_thread_atexit becomes a weak > alias such that static linking

Re: dc(1); fix 0Z

On Sun, 03 Dec 2017 12:25:15 +, Philippe Meunier wrote: > kshe wrote: > >Also, the manual defines the length of a number as its number of digits, > >so perhaps it should be precised that zero is considered to have no > >digits, which might not be obvious to everyone. > > Am I the only who

Re: ddb: show panic on page fault

> Date: Mon, 4 Dec 2017 11:24:36 +0200 > From: Paul Irofti > > On Sun, Nov 05, 2017 at 02:48:59AM +0200, Paul Irofti wrote: > > On Sun, Nov 05, 2017 at 01:43:35AM +0100, Mark Kettenis wrote: > > > > Date: Sat, 4 Nov 2017 18:51:34 +0100 > > > > From: Martin Pieuchot

Re: pf neighbor discovery hop limit

On Mon, Dec 04, 2017 at 08:23:26PM +, Job Snijders wrote: > On Mon, Dec 04, 2017 at 02:55:16PM +0100, Alexander Bluhm wrote: > > RFC 4861 requires that all neighbor discovery packets have 255 in > > their IPv6 header hop limit field. Let pf drop neighbor solicitation, > > neighbor

Re: iked: parse more than one proposal

On Mon, Dec 04, 2017 at 09:23:17PM +0100, Patrick Wildt wrote: > Hi, > > this diff changes our SA payload parser to parse more than the first > proposal. This allows us to select one of the peer's proposals (and not > only the first). The xforms parser calls itself recursively without > limits,

Re: pf neighbor discovery hop limit

On Mon, Dec 04, 2017 at 02:55:16PM +0100, Alexander Bluhm wrote: > RFC 4861 requires that all neighbor discovery packets have 255 in > their IPv6 header hop limit field. Let pf drop neighbor solicitation, > neighbor advertisement, router solicitation, router advertisement, > and redirect ICMP6

iked: parse more than one proposal

Hi, this diff changes our SA payload parser to parse more than the first proposal. This allows us to select one of the peer's proposals (and not only the first). The xforms parser calls itself recursively without limits, which I'm not sure is a good idea. This diff uses a do {} while for the

__cxa_thread_atexit

The ld.so bits have been committed last week. So here is a new version of the diff. This version exports __cxa_thread_atexit_impl such that gcc picks up our implementation. __cxa_thread_atexit becomes a weak alias such that static linking succeeds. I rebuilt the gcc 4.9 port with this diff and

Re: ddb(4) userland trace and SMAP

On Mon, Dec 04, 2017 at 12:24:00PM +0100, Martin Pieuchot wrote: > Since SMAP is enabled ddb(4)'s 'trace /u' and 'trace /p' for a userland > processes result, as expected, in page faults. > > Diff below disable SMAP for the duration of the command. This allows us > to see any possible frame

Re: pf neighbor discovery hop limit

Hello, On Mon, Dec 04, 2017 at 02:55:16PM +0100, Alexander Bluhm wrote: > Hi, > > RFC 4861 requires that all neighbor discovery packets have 255 in > their IPv6 header hop limit field. Let pf drop neighbor solicitation, > neighbor advertisement, router solicitation, router advertisement, > and

Re: mess with regression tests

On Mon, Dec 04, 2017 at 04:56:49PM +0100, Sebastian Benoit wrote: > > connected to the Makefile in a source directory, tests looks broken. > > > > - lib/libexpat/tests/ > > (2), but regress/lib/libexpat exists I update the libexpat tests together with libexpat sources, so they reside in

Re: Reported problem: postfix, libressl 2.6.x, DHE-RSA-AES256-SHA

On 12/04/17 17:39, Giovanni Bechis wrote: > On 12/04/17 17:27, Joel Sing wrote: >> On Monday 04 December 2017 13:19:41 Giovanni Bechis wrote: >>> On 11/10/17 17:46, Joel Sing wrote: >>> [...] >>> I suspect this is going to be difficult to track down without being able to see what is on

Re: Reported problem: postfix, libressl 2.6.x, DHE-RSA-AES256-SHA

On 12/04/17 17:27, Joel Sing wrote: > On Monday 04 December 2017 13:19:41 Giovanni Bechis wrote: >> On 11/10/17 17:46, Joel Sing wrote: >> [...] >> >>> I suspect this is going to be difficult to track down without being able >>> to see what is on the wire (tcpdump or 'smtpd_tls_loglevel = 3' in

Re: Reported problem: postfix, libressl 2.6.x, DHE-RSA-AES256-SHA

On Monday 04 December 2017 13:19:41 Giovanni Bechis wrote: > On 11/10/17 17:46, Joel Sing wrote: > [...] > > > I suspect this is going to be difficult to track down without being able > > to see what is on the wire (tcpdump or 'smtpd_tls_loglevel = 3' in > > postfix) or being able to

Re: pf neighbor discovery hop limit

Alexander Bluhm(alexander.bl...@gmx.net) on 2017.12.04 14:55:16 +0100: > Hi, > > RFC 4861 requires that all neighbor discovery packets have 255 in > their IPv6 header hop limit field. Let pf drop neighbor solicitation, > neighbor advertisement, router solicitation, router advertisement, > and

Re: mess with regression tests

Sergey Bronnikov(serg...@bronevichok.ru) on 2017.12.02 15:31:21 +0300: > Hello, > > openbsd has a regression testuite in a base tree. Testset for each > component is in a separate directory, Makefiles for each testsuite uses > bsd.regress.mk framework and connected to the root Makefile. So it is

Re: Reported problem: postfix, libressl 2.6.x, DHE-RSA-AES256-SHA

On Monday 04 December 2017 15:54:35 Giovanni Bechis wrote: > On 12/04/17 13:19, Giovanni Bechis wrote: > > On 11/10/17 17:46, Joel Sing wrote: > > [...] > > > >> I suspect this is going to be difficult to track down without being able > >> to see what is on the wire (tcpdump or

Re: Reported problem: postfix, libressl 2.6.x, DHE-RSA-AES256-SHA

On 12/04/17 13:19, Giovanni Bechis wrote: > On 11/10/17 17:46, Joel Sing wrote: > [...] >> I suspect this is going to be difficult to track down without being able to >> see >> what is on the wire (tcpdump or 'smtpd_tls_loglevel = 3' in postfix) or being >> able to reproduce/trigger TLS sessions

sb_flags vs sb_flagsintr

Diff below change the usage of `sb_flags' and `sb_flagsintr'. The former will be protected by the socket lock while the latter will be using atomic operations. - SB_SPLICE and SB_WAIT are always manipulated with solock() held, so move them to sb_flags. - SB_SEL is also in the same case,

pf neighbor discovery hop limit

Hi, RFC 4861 requires that all neighbor discovery packets have 255 in their IPv6 header hop limit field. Let pf drop neighbor solicitation, neighbor advertisement, router solicitation, router advertisement, and redirect ICMP6 packets that do not comply. This enforces that bogus packets cannot

Re: [patch] upon install of new operating system version, do not set root password to empty string

On Sun, Dec 03, 2017 at 08:31:34AM +, Robert Peichaer wrote: > This is the exact code, that is already in install.sub. > So I don't understand this proposal. > > -- > -=[rpe]=- It's a joke diff only Mac users would have the capacity to understand. See

Re: [patch] upon install of new operating system version, do not set root password to empty string

2017-11-28 21:59 GMT-02:00 Ian Sutton : > This is a highly theoretical and experimental mitigation which stops the > root password on newly upgraded/installed systems from being an empty > string. The thinking is that by not shipping an operating system with a > known root password,

Re: Reported problem: postfix, libressl 2.6.x, DHE-RSA-AES256-SHA

On 11/10/17 17:46, Joel Sing wrote: [...] > I suspect this is going to be difficult to track down without being able to > see > what is on the wire (tcpdump or 'smtpd_tls_loglevel = 3' in postfix) or being > able to reproduce/trigger TLS sessions from the client. > postfix log file with

ddb(4) userland trace and SMAP

Since SMAP is enabled ddb(4)'s 'trace /u' and 'trace /p' for a userland processes result, as expected, in page faults. Diff below disable SMAP for the duration of the command. This allows us to see any possible frame corruption. ok? Index: arch/amd64/amd64/db_trace.c

dc(1): global context

Hi, Separately allocating a new BN_CTX every time one is needed seems to be missing the point of this object, which is meant to be shared across as many function calls as possible. At the cost of a slight increase in average memory consumption, enabling such sharing by declaring a single global

Re: ddb: show panic on page fault

On Sun, Nov 05, 2017 at 02:48:59AM +0200, Paul Irofti wrote: > On Sun, Nov 05, 2017 at 01:43:35AM +0100, Mark Kettenis wrote: > > > Date: Sat, 4 Nov 2017 18:51:34 +0100 > > > From: Martin Pieuchot > > > > > > On 04/11/17(Sat) 17:20, Paul Irofti wrote: > > > > Hi, > > > > > > >