PATCH: avoid clobbering errno before err/warn
This patch is generated by coccinelle, but I reviewed it. I changed the
lpr patch to use warnc() so it has less code executing inside
PRIV_START.
I targeted if statements where it modifies errno before warn or err is
called. It checked a list of functions that are typically used in error
handling and may set errno: close, fclose, unlink, rmdir, fflush and
kill.
Index: bin/systrace/intercept.c
===
RCS file: /cvs/src/bin/systrace/intercept.c,v
retrieving revision 1.61
diff -u -p -d -r1.61 intercept.c
--- bin/systrace/intercept.c24 Apr 2014 01:57:06 - 1.61
+++ bin/systrace/intercept.c12 Jul 2014 04:27:22 -
@@ -356,22 +356,26 @@ intercept_run(int bg, int *fdp, uid_t ui
/* Setup done, restore signal handling state */
if (signal(SIGUSR1, ohandler) == SIG_ERR) {
+ int saved_errno = errno;
kill(pid, SIGKILL);
- err(1, "signal");
+ errc(1, saved_errno, "signal");
}
if (sigprocmask(SIG_SETMASK, &oset, NULL) == -1) {
+ int saved_errno = errno;
kill(pid, SIGKILL);
- err(1, "sigprocmask");
+ errc(1, saved_errno, "sigprocmask");
}
if (bg) {
if (daemon(1, 1) == -1) {
+ int saved_errno = errno;
kill(pid, SIGKILL);
- err(1, "daemon");
+ errc(1, saved_errno, "daemon");
}
if ((*fdp = intercept_open()) == -1) {
+ int saved_errno = errno;
kill(pid, SIGKILL);
- err(1, "intercept_open");
+ errc(1, saved_errno, "intercept_open");
}
}
Index: regress/lib/libc/stdio_threading/fgetln/fgetln_test.c
===
RCS file: /cvs/src/regress/lib/libc/stdio_threading/fgetln/fgetln_test.c,v
retrieving revision 1.1
diff -u -p -d -r1.1 fgetln_test.c
--- regress/lib/libc/stdio_threading/fgetln/fgetln_test.c 19 Nov 2009
08:06:06 - 1.1
+++ regress/lib/libc/stdio_threading/fgetln/fgetln_test.c 12 Jul 2014
04:29:16 -
@@ -50,11 +50,12 @@ main(void)
strlcpy(sfn, "/tmp/barnacles.", sizeof(sfn));
if ((fd = mkstemp(sfn)) == -1 ||
(sfp = fdopen(fd, "w+")) == NULL) {
+ int saved_errno = errno;
if (fd != -1) {
unlink(sfn);
close(fd);
}
- err(1, "could not open temporary file");
+ errc(1, saved_errno, "could not open temporary file");
}
for (i = 0; i < 4096 * THREAD_COUNT; i++)
Index: regress/lib/libc/stdio_threading/fgets/fgets_test.c
===
RCS file: /cvs/src/regress/lib/libc/stdio_threading/fgets/fgets_test.c,v
retrieving revision 1.1
diff -u -p -d -r1.1 fgets_test.c
--- regress/lib/libc/stdio_threading/fgets/fgets_test.c 19 Nov 2009 08:06:06
- 1.1
+++ regress/lib/libc/stdio_threading/fgets/fgets_test.c 12 Jul 2014 04:29:16
-
@@ -49,11 +49,12 @@ main(void)
strlcpy(sfn, "/tmp/barnacles.", sizeof(sfn));
if ((fd = mkstemp(sfn)) == -1 ||
(sfp = fdopen(fd, "w+")) == NULL) {
+ int saved_errno = errno;
if (fd != -1) {
unlink(sfn);
close(fd);
}
- err(1, "could not open temporary file");
+ errc(1, saved_errno, "could not open temporary file");
}
for (i = 0; i < 4096 * THREAD_COUNT; i++)
Index: regress/lib/libc/stdio_threading/fputs/fputs_test.c
===
RCS file: /cvs/src/regress/lib/libc/stdio_threading/fputs/fputs_test.c,v
retrieving revision 1.1
diff -u -p -d -r1.1 fputs_test.c
--- regress/lib/libc/stdio_threading/fputs/fputs_test.c 19 Nov 2009 08:06:06
- 1.1
+++ regress/lib/libc/stdio_threading/fputs/fputs_test.c 12 Jul 2014 04:29:16
-
@@ -46,11 +46,12 @@ main(void)
strlcpy(sfn, "/tmp/barnacles.", sizeof(sfn));
if ((fd = mkstemp(sfn)) == -1 ||
(sfp = fdopen(fd, "w+")) == NULL) {
+ int saved_errno = errno;
if (fd != -1) {
unlink(sfn);
close(fd);
}
- err(1, "could not open temporary file");
+ errc(1, saved_errno, "could not open temporary file");
}
run_threads(fputs_thread, sfp);
Index: regress/lib/libc/stdio_threading/fread/fread_test.c
===
RCS file: /cvs/src/regress/lib/libc/stdio_threading/fread/fread_test.c,v
retrieving revision 1.1
diff -
divert(4) checksum cleanup
This diff simplifies divert_output() further by removing the csum_flag
variable and setting the checksum flag in pkthdr directly (the variable
was originally there to help with zeroing the checksum, but we've now
determined that zeroing the checksum is unnecessary so that variable
is no longer needed).
I also noticed in divert_packet() that there is a in_proto_cksum_out()
call to force the protocol checksum to be calculated for outbound
packets before they are sent to userspace. This call was added in
ip_divert.c r1.9 before divert_output() gained the ability to
recalculate checksums in r1.13.
Since checksums for all packets are now recalculated on reinjection
anyway, this call is not needed any more. My divert(4) tests continue
to be successful without this call.
ok?
Index: netinet/ip_divert.c
===
RCS file: /cvs/src/sys/netinet/ip_divert.c,v
retrieving revision 1.24
diff -u -p -r1.24 ip_divert.c
--- netinet/ip_divert.c 12 Jul 2014 03:27:00 - 1.24
+++ netinet/ip_divert.c 12 Jul 2014 04:03:56 -
@@ -87,7 +87,7 @@ divert_output(struct inpcb *inp, struct
struct ifaddr *ifa;
int s, error = 0, p_hdrlen = 0, dir;
struct ip *ip;
- u_int16_t off, csum_flag = 0;
+ u_int16_t off;
m->m_pkthdr.rcvif = NULL;
m->m_nextpkt = NULL;
@@ -120,15 +120,15 @@ divert_output(struct inpcb *inp, struct
switch (ip->ip_p) {
case IPPROTO_TCP:
p_hdrlen = sizeof(struct tcphdr);
- csum_flag = M_TCP_CSUM_OUT;
+ m->m_pkthdr.csum_flags |= M_TCP_CSUM_OUT;
break;
case IPPROTO_UDP:
p_hdrlen = sizeof(struct udphdr);
- csum_flag = M_UDP_CSUM_OUT;
+ m->m_pkthdr.csum_flags |= M_UDP_CSUM_OUT;
break;
case IPPROTO_ICMP:
p_hdrlen = sizeof(struct icmp);
- csum_flag = M_ICMP_CSUM_OUT;
+ m->m_pkthdr.csum_flags |= M_ICMP_CSUM_OUT;
break;
default:
/* nothing */
@@ -137,9 +137,6 @@ divert_output(struct inpcb *inp, struct
if (p_hdrlen && m->m_pkthdr.len < off + p_hdrlen)
goto fail;
- if (csum_flag)
- m->m_pkthdr.csum_flags |= csum_flag;
-
m->m_pkthdr.pf.flags |= PF_TAG_DIVERTED_PACKET;
if (dir == PF_IN) {
@@ -227,9 +224,6 @@ divert_packet(struct mbuf *m, int dir, u
break;
}
}
- /* force checksum calculation */
- if (dir == PF_OUT)
- in_proto_cksum_out(m, NULL);
if (inp) {
sa = inp->inp_socket;
Index: netinet6/ip6_divert.c
===
RCS file: /cvs/src/sys/netinet6/ip6_divert.c,v
retrieving revision 1.25
diff -u -p -r1.25 ip6_divert.c
--- netinet6/ip6_divert.c 12 Jul 2014 03:27:00 - 1.25
+++ netinet6/ip6_divert.c 12 Jul 2014 04:03:56 -
@@ -91,7 +91,6 @@ divert6_output(struct inpcb *inp, struct
struct ifaddr *ifa;
int s, error = 0, p_hdrlen = 0, nxt = 0, off, dir;
struct ip6_hdr *ip6;
- u_int16_t csum_flag = 0;
m->m_pkthdr.rcvif = NULL;
m->m_nextpkt = NULL;
@@ -130,15 +129,15 @@ divert6_output(struct inpcb *inp, struct
switch (nxt) {
case IPPROTO_TCP:
p_hdrlen = sizeof(struct tcphdr);
- csum_flag = M_TCP_CSUM_OUT;
+ m->m_pkthdr.csum_flags |= M_TCP_CSUM_OUT;
break;
case IPPROTO_UDP:
p_hdrlen = sizeof(struct udphdr);
- csum_flag = M_UDP_CSUM_OUT;
+ m->m_pkthdr.csum_flags |= M_UDP_CSUM_OUT;
break;
case IPPROTO_ICMPV6:
p_hdrlen = sizeof(struct icmp6_hdr);
- csum_flag = M_ICMP_CSUM_OUT;
+ m->m_pkthdr.csum_flags |= M_ICMP_CSUM_OUT;
break;
default:
/* nothing */
@@ -147,9 +146,6 @@ divert6_output(struct inpcb *inp, struct
if (p_hdrlen && m->m_pkthdr.len < off + p_hdrlen)
goto fail;
- if (csum_flag)
- m->m_pkthdr.csum_flags |= csum_flag;
-
m->m_pkthdr.pf.flags |= PF_TAG_DIVERTED_PACKET;
if (dir == PF_IN) {
@@ -233,9 +229,6 @@ divert6_packet(struct mbuf *m, int dir,
break;
}
}
- /* force checksum calculation */
- if (dir == PF_OUT)
- in6_proto_cksum_out(m, NULL);
if (inp) {
sa = inp->inp_socket;
Re: First release of LibreSSL portable is available.
Thanks Bob and all the other LibreSSL hackers. Just switched my slackware 14.1 box over to libressl instead of openssl and it's working great so far, no problems at all.
Re: libressl portable and openssh portable causes segfault
On Fri, Jul 11, 2014 at 18:22, Bob Beck wrote: > Ask the OpenSSH guys - if your OpenSSH portable is using RAND_BYTES, > well it could be using egd and all other sorts of interesting things. > > You could try to change your link order instead to use the arc4random > implementation from libressl - which will work for you. The configure script for openssh should (???) pick it if you recompile, but then it won't run linked against openssl. (Does configure look for arc4random in libcrypto or just libc?) For maximum portability openssh needs to take the newly updated and ported arc4random from libressl-portable, which will then work with either openssl or libressl. Of course, that code didn't really exist much before today so that would have been hard to do. This is going to make things interesting for while.
Re: libressl portable and openssh portable causes segfault
On Fri, 11 Jul 2014 18:12:49 -0600 Bob Beck wrote: > You need a more recent OpenSSH. The old versions of OpenSSH did a > foolish thing with their portable arc4random, and > called RAND_BYTES. > > New OpenSSH does not do this. I use 6.6p1 which is the latest available. -- Hanno Böck http://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: BBB51E42 signature.asc Description: PGP signature
Re: libressl portable and openssh portable causes segfault
Ask the OpenSSH guys - if your OpenSSH portable is using RAND_BYTES, well it could be using egd and all other sorts of interesting things. You could try to change your link order instead to use the arc4random implementation from libressl - which will work for you. On Fri, Jul 11, 2014 at 6:19 PM, Hanno Böck wrote: > On Fri, 11 Jul 2014 18:12:49 -0600 > Bob Beck wrote: > >> You need a more recent OpenSSH. The old versions of OpenSSH did a >> foolish thing with their portable arc4random, and >> called RAND_BYTES. >> >> New OpenSSH does not do this. > > I use 6.6p1 which is the latest available. > > -- > Hanno Böck > http://hboeck.de/ > > mail/jabber: ha...@hboeck.de > GPG: BBB51E42
Re: libressl portable and openssh portable causes segfault
You need a more recent OpenSSH. The old versions of OpenSSH did a foolish thing with their portable arc4random, and called RAND_BYTES. New OpenSSH does not do this. On Fri, Jul 11, 2014 at 6:07 PM, Hanno Böck wrote: > Hi, > > I just noted that when I recompiled openssh against libressl (both > portable versions on linux) ssh segfaults when I try to use it. > > Running it through ltrace it seems this happens when RAND_bytes is > called. I haven't debugged this in detail, but some observations: > * RAND_bytes in libressl calls arc4random > * arc4random is a compat function both in openssh and libressl > * arc4random from openssh uses RAND_bytes > > Is there some funny recursion going on here? > > cu, > -- > Hanno Böck > http://hboeck.de/ > > mail/jabber: ha...@hboeck.de > GPG: BBB51E42
Re: cvs.openbsd.org: src
Hey Bob, The fundamental probelm with this Matthew - is that next time, if we do this, by the next release we will be chasing what features we have imported from 1.0.2g and 10.2.z, and 1.0.2.qq - where does it end? We will be continuing to add functionality in here from many sources, and so assuming we could just keep this as the 1.0.1g version number is completely wrong. If we do that we will be perpetually updating this to be "close to" whatever happens to be the orthogonal openssl. feature set, we're screwed. We'll be doing this forever, and be in a situation where it's as bad a what it is with ACPI, where the only safe thing to report as is "Windows" so we don't get screwed by the software trying to do incompatible junk. I agree that chasing OPENSSL_VERSION_NUMBER is a lost cause, but keeping it at 1.0.1g as a "common base" should work, in my opinion. For the new features, applications would test (as they do now) for: #if OPENSSL_VERSION_NUMBER >= 0x10002002L and once LibreSSL implements them (and the application wants to support it): #if OPENSSL_VERSION_NUMBER >= 0x10002002L \ || LIBRESSL_VERSION_NUMBER >= 0x20001000L instead of just breaking build, like it's happening right now. Best regards, Piotr Sikora
libressl portable and openssh portable causes segfault
Hi, I just noted that when I recompiled openssh against libressl (both portable versions on linux) ssh segfaults when I try to use it. Running it through ltrace it seems this happens when RAND_bytes is called. I haven't debugged this in detail, but some observations: * RAND_bytes in libressl calls arc4random * arc4random is a compat function both in openssh and libressl * arc4random from openssh uses RAND_bytes Is there some funny recursion going on here? cu, -- Hanno Böck http://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: BBB51E42 signature.asc Description: PGP signature
Re: CVS: cvs.openbsd.org: src
On Fri, Jul 11, 2014 at 4:37 PM, Bob Beck wrote: > The fundamental probelm with this Matthew - is that next time, if we > do this, by the next release we will > be chasing what features we have imported from 1.0.2g and 10.2.z, and > 1.0.2.qq - where does it end? It ends whenever it stops helping portability for apps that are currently written for OpenSSL. We've expressly decided to ignore any API/ABI compatibility guarantees with OpenSSL, so an OpenSSL version number is inherently just a best effort to make things easier on applications to transition from OpenSSL to LibreSSL. Clang went through this same process with code that did GCC version checks. Today Clang still claims it's GCC 4.2, but in a separate version it reveals it's Clang 3.5. Existing code that only knows to check for older versions of GCC (e.g., OpenBSD's ) continues work just fine with Clang, because it picks up all of the definitions targeted towards GCC 4.2. New code that wants to make use of features in GCC 4.7 and Clang 3.5 though needs to check for both; but even if it doesn't, if it includes fallback for older versions of GCC it should still work okay with Clang. Concrete analogy: suppose LibreSSL 2.1 and OpenSSL 1.1 both add some new feature, and an application that wants to be compatible with both wants to make use of that feature. How do they version check for its availability? Naively, it would be #if LibreSSL >= 2.1 || OpenSSL >= 1.1 but that's going to cause the application to break when compiled with older versions of LibreSSL. It would actually needs to be #if LibreSSL >= 2.1 || (!defined(LibreSSL) && OpenSSL >= 1.1) We don't gain anything by making people need to write the latter, IMO.
Re: CVS: cvs.openbsd.org: src
The fundamental probelm with this Matthew - is that next time, if we do this, by the next release we will be chasing what features we have imported from 1.0.2g and 10.2.z, and 1.0.2.qq - where does it end? We will be continuing to add functionality in here from many sources, and so assuming we could just keep this as the 1.0.1g version number is completely wrong. If we do that we will be perpetually updating this to be "close to" whatever happens to be the orthogonal openssl. feature set, we're screwed. We'll be doing this forever, and be in a situation where it's as bad a what it is with ACPI, where the only safe thing to report as is "Windows" so we don't get screwed by the software trying to do incompatible junk. Now the mistake we made this go around is to not provide a way for identifying that it is libressl. that has been corrected. On Fri, Jul 11, 2014 at 4:56 PM, Matthew Dempsky wrote: > On Fri, Jul 11, 2014 at 3:41 PM, Bob Beck wrote: >> The OPENSSL_VERSION number is a guarantee for a certain version of the >> ABI. As we dont' provide that (in fact much >> of the ABI in LIbreSSL is "beyond" 1.0.1g, it is not accurate to use >> the old OPENSSL_VERSION. Essnentially this OPENSSL_VERSION >> is "bigger than 1.0.1g"'s. > > By that argument, we won't be ABI compatible with OpenSSL 2.0 either, > so we shouldn't provide OPENSSL_VERSION at all. > > My 2c is for keeping OPENSSL_VERSION_NUMBER as the most recent OpenSSL > version that we're *mostly* API/feature compatible with, and using > LIBRESSL_VERSION_NUMBER to identify the exact LibreSSL version. By > polluting the OPENSSL_VERSION_NUMBER namespace we just make things > more difficult for downstream users that want to be compatible with > both OpenSSL and LibreSSL. > > E.g., to check for a feature that was added in OpenSSL 1.2 but isn't > present in LibreSSL, that code now needs to be > > #if OPENSSL_VERSION_NUMBER >= 1.2 && !defined(LIBRESSL_VERSION_NUMBER) > > rather than simply > > #if OPENSSL_VERSION_NUMBER >= 1.2 > > Breaking the latter just seems like making it more difficult to get > people to port their software from OpenSSL to LibreSSL.
Re: [PATCH] libressl: add dummy egd functions
On Sat, Jul 12, 2014 at 01:13, Hanno Böck wrote: > I didn't know what egd was up until today, but reading what it is I > completely understand that consideration. However, this breaks a number > of packages (wget, python, ruby). Those packages would all be better off without egd support. In the case of python and ruby I think it's pretty clearly a case of somebody just going through the header and binding to every function there is, without considering utility. Any system that actually uses egd is so hopelessly broken you are better off just turning around and walking away. No software in 2014 should be using egd; no software in 2014 should support using egd by accident.
Re: [PATCH] libressl: add dummy egd functions
On 2014/07/12 01:13, Hanno Böck wrote: > I didn't know what egd was up until today, but reading what it is I > completely understand that consideration. However, this breaks a number > of packages (wget, python, ruby). > There's probably a simple solution: Just add dummy functions that > always return -1 (which according to the docs means "egd not > available"). This is also what openssl did on archs that had no egd. If I remember correctly from m2k14 that was decided against. If you want a heads-up on some others that need to cope with this, the list also includes: dcmtk heimdal imapproxy ircd-hybrid ircd-ratbox links+, links, elinks Net::SSLeay opencm php py-openssl retawq s-nail socat stunnel xmlsec
[PATCH] libressl: add dummy egd functions
Hi,
I hope this is the right place to post libressl-related discussions.
I'm new here.
After today's release of the portable libressl version I tried to use
it as a drop-in-replacement on a gentoo linux system. There were a
numbre of issues popping up.
A number of packages failed to compile due to calls to the RAND_egd and
RAND_egd_bytes functions. I had a little twitter conversation here
https://twitter.com/hanno/status/487695463379120129
with Miod Vallat where he explained that egd isn't considered secure
and the code was therefore removed.
I didn't know what egd was up until today, but reading what it is I
completely understand that consideration. However, this breaks a number
of packages (wget, python, ruby).
There's probably a simple solution: Just add dummy functions that
always return -1 (which according to the docs means "egd not
available"). This is also what openssl did on archs that had no egd.
See attached patch.
What confused me a bit was that openssl returned 0 on RAND_egd when I
gave it a bogus parameter (according to the docs -1 should be the error
value). Maybe this is a bug in openssl.
cu,
--
Hanno Böck
http://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: BBB51E42
diff -Naur libressl-2.0.0/crypto/rand/rand_lib.c libressl-2.0.0-1/crypto/rand/rand_lib.c
--- libressl-2.0.0/crypto/rand/rand_lib.c 2014-07-11 19:41:26.0 +0200
+++ libressl-2.0.0-1/crypto/rand/rand_lib.c 2014-07-12 00:16:22.583713400 +0200
@@ -98,3 +98,15 @@
arc4random_buf(buf, num);
return 1;
}
+
+int
+RAND_egd(const char *path)
+{
+ return -1;
+}
+
+int
+RAND_egd_bytes(const char *path, int bytes)
+{
+ return -1;
+}
diff -Naur libressl-2.0.0/include/openssl/rand.h libressl-2.0.0-1/include/openssl/rand.h
--- libressl-2.0.0/include/openssl/rand.h 2014-07-11 19:41:25.0 +0200
+++ libressl-2.0.0-1/include/openssl/rand.h 2014-07-12 00:08:44.893435315 +0200
@@ -96,6 +96,8 @@
int RAND_write_file(const char *file);
const char *RAND_file_name(char *file, size_t num);
int RAND_status(void);
+int RAND_egd(const char *path);
+int RAND_egd_bytes(const char *path,int bytes);
int RAND_poll(void);
/* BEGIN ERROR CODES */
signature.asc
Description: PGP signature
Re: First release of LibreSSL portable is available.
> it. As expected, OPENSSL does the opposite and makes life harder for > everyone. Hasn't this been the OpenSSL roadmap since the very beginning?
Re: First release of LibreSSL portable is available.
On Sat, Jul 12, 2014 at 00:22, Piotr Sikora wrote: > Hey Bob, > >> It's already fixed, so will be on the next tarball roll > > Thanks! > > I should have been more clear in my previous email, but would it be possible > to also revert OPENSSL_VERSION_NUMBER back to 0x1000107fL (or 0x1000108fL)? > This way LibreSSL would work as a drop-in replacement without applications > needing to add explicit support for LibreSSL. Ideas are still bouncing around, but basically OpenSSL fucked up from the start. Instead of defining (e.g.) OPENSSL_HAS_ECDH, new versions which are compiled without it define OPENSSL_NO_ECDH and then your application code checks ifndef OPENSSL_NO_ECDH. But that test also passes on older versions that lack the feature entirely, and then the guarded code won't compile. Testing for ifdef OPENSSL_FEATURE would work with both old libraries that don't know about the feature and new libraries that don't support it. As expected, OPENSSL does the opposite and makes life harder for everyone.
Re: CVS: cvs.openbsd.org: src
On Fri, Jul 11, 2014 at 3:41 PM, Bob Beck wrote: > The OPENSSL_VERSION number is a guarantee for a certain version of the > ABI. As we dont' provide that (in fact much > of the ABI in LIbreSSL is "beyond" 1.0.1g, it is not accurate to use > the old OPENSSL_VERSION. Essnentially this OPENSSL_VERSION > is "bigger than 1.0.1g"'s. By that argument, we won't be ABI compatible with OpenSSL 2.0 either, so we shouldn't provide OPENSSL_VERSION at all. My 2c is for keeping OPENSSL_VERSION_NUMBER as the most recent OpenSSL version that we're *mostly* API/feature compatible with, and using LIBRESSL_VERSION_NUMBER to identify the exact LibreSSL version. By polluting the OPENSSL_VERSION_NUMBER namespace we just make things more difficult for downstream users that want to be compatible with both OpenSSL and LibreSSL. E.g., to check for a feature that was added in OpenSSL 1.2 but isn't present in LibreSSL, that code now needs to be #if OPENSSL_VERSION_NUMBER >= 1.2 && !defined(LIBRESSL_VERSION_NUMBER) rather than simply #if OPENSSL_VERSION_NUMBER >= 1.2 Breaking the latter just seems like making it more difficult to get people to port their software from OpenSSL to LibreSSL.
Re: CVS: cvs.openbsd.org: src
> I'm worried that bogus codepaths will be taken in software that expects a > certain openssl version - things failing to build we can cope with in ports > easily enough, I'm more concerned about software that does build but behaves > incorrectly at runtime. If the software is that fragile, then I am happy Bob, Joel, Miod, and Ted are simplifying the interface.
Re: CVS: cvs.openbsd.org: src
I'm worried that bogus codepaths will be taken in software that expects a certain openssl version - things failing to build we can cope with in ports easily enough, I'm more concerned about software that does build but behaves incorrectly at runtime.
Re: CVS: cvs.openbsd.org: src
And seeing as how they moved 0.0.4 revisons in 9 years, call that 0.0.05 revisions per year, they have approximately 194 years of OpenSSL releases before the version numbering space will collide. On Fri, Jul 11, 2014 at 4:41 PM, Bob Beck wrote: > The OPENSSL_VERSION number is a guarantee for a certain version of the > ABI. As we dont' provide that (in fact much > of the ABI in LIbreSSL is "beyond" 1.0.1g, it is not accurate to use > the old OPENSSL_VERSION. Essnentially this OPENSSL_VERSION > is "bigger than 1.0.1g"'s. > > > > On Fri, Jul 11, 2014 at 4:15 PM, Stuart Henderson > wrote: >> On 2014/07/11 15:21, Bob Beck wrote: >>> CVSROOT: /cvs >>> Module name: src >>> Changes by: b...@cvs.openbsd.org2014/07/11 15:21:59 >>> >>> Modified files: >>> lib/libssl/src/crypto: opensslv.h >>> >>> Log message: >>> Provide LIBRESSL_VERSION_NUMBER for people who use such things to >>> detect versions distinct from OPENSSL_BLAH_WOOF.. >>> ok jsing@ tedu@ deraadt@ >>> >> >> I think it would ease porting work if the old OPENSSL_VERSION_NUMBER could >> be retained and we use LIBRESSL_VERSION_NUMBER to distinguish LibreSSL >> versions.. >> >> >> dovecot-2.2.10/dovecot-2.2.10/src/login-common/ssl-proxy-openssl.c >> http://hg.dovecot.org/dovecot-2.2/file/fd0616d553b0/src/login-common/ssl-proxy-openssl.c#l130 >> 32:#if !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x1000L >> 129:#if defined(HAVE_ECDH) && OPENSSL_VERSION_NUMBER < 0x10002000L >> 1028:#if defined(HAVE_ECDH) && OPENSSL_VERSION_NUMBER < 0x10002000L >> 1041:#if OPENSSL_VERSION_NUMBER >= 0x10002000L >> 1076:#if OPENSSL_VERSION_NUMBER >= 0x00907000L >> 1156:#if defined(HAVE_ECDH) && OPENSSL_VERSION_NUMBER < 0x10002000L >> >> chromium-34.0.1847.137/chromium-34.0.1847.137/net/socket/ssl_client_socket_openssl.cc >> 54:#if OPENSSL_VERSION_NUMBER < 0x1000103fL >> ...(checking for a version of openssl other than the embedded one?) >> >> >> apache-httpd >> http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_private.h?revision=1598107&view=markup#l86 >> : #include >> : #if (OPENSSL_VERSION_NUMBER >= 0x10001000) >> : /* must be defined before including ssl.h */ >> : #define OPENSSL_NO_SSL_INTERN >> : #endif >> >> knot-dns >> https://gitlab.labs.nic.cz/labs/knot/blob/2354047b6402aa68daffe96d6f82f30f0dad1cff/src/libknot/dnssec/config.h >> : // ECDSA support requires OpenSSL version >= 1.0.1 >> : #if !defined(OPENSSL_NO_ECDSA) && OPENSSL_VERSION_NUMBER >= 0x10001000L >> : #define KNOT_ENABLE_ECDSA 1 >> : #else >> : #undef KNOT_ENABLE_ECDSA >> : #endif >>
Re: CVS: cvs.openbsd.org: src
The OPENSSL_VERSION number is a guarantee for a certain version of the ABI. As we dont' provide that (in fact much of the ABI in LIbreSSL is "beyond" 1.0.1g, it is not accurate to use the old OPENSSL_VERSION. Essnentially this OPENSSL_VERSION is "bigger than 1.0.1g"'s. On Fri, Jul 11, 2014 at 4:15 PM, Stuart Henderson wrote: > On 2014/07/11 15:21, Bob Beck wrote: >> CVSROOT: /cvs >> Module name: src >> Changes by: b...@cvs.openbsd.org2014/07/11 15:21:59 >> >> Modified files: >> lib/libssl/src/crypto: opensslv.h >> >> Log message: >> Provide LIBRESSL_VERSION_NUMBER for people who use such things to >> detect versions distinct from OPENSSL_BLAH_WOOF.. >> ok jsing@ tedu@ deraadt@ >> > > I think it would ease porting work if the old OPENSSL_VERSION_NUMBER could > be retained and we use LIBRESSL_VERSION_NUMBER to distinguish LibreSSL > versions.. > > > dovecot-2.2.10/dovecot-2.2.10/src/login-common/ssl-proxy-openssl.c > http://hg.dovecot.org/dovecot-2.2/file/fd0616d553b0/src/login-common/ssl-proxy-openssl.c#l130 > 32:#if !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x1000L > 129:#if defined(HAVE_ECDH) && OPENSSL_VERSION_NUMBER < 0x10002000L > 1028:#if defined(HAVE_ECDH) && OPENSSL_VERSION_NUMBER < 0x10002000L > 1041:#if OPENSSL_VERSION_NUMBER >= 0x10002000L > 1076:#if OPENSSL_VERSION_NUMBER >= 0x00907000L > 1156:#if defined(HAVE_ECDH) && OPENSSL_VERSION_NUMBER < 0x10002000L > > chromium-34.0.1847.137/chromium-34.0.1847.137/net/socket/ssl_client_socket_openssl.cc > 54:#if OPENSSL_VERSION_NUMBER < 0x1000103fL > ...(checking for a version of openssl other than the embedded one?) > > > apache-httpd > http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_private.h?revision=1598107&view=markup#l86 > : #include > : #if (OPENSSL_VERSION_NUMBER >= 0x10001000) > : /* must be defined before including ssl.h */ > : #define OPENSSL_NO_SSL_INTERN > : #endif > > knot-dns > https://gitlab.labs.nic.cz/labs/knot/blob/2354047b6402aa68daffe96d6f82f30f0dad1cff/src/libknot/dnssec/config.h > : // ECDSA support requires OpenSSL version >= 1.0.1 > : #if !defined(OPENSSL_NO_ECDSA) && OPENSSL_VERSION_NUMBER >= 0x10001000L > : #define KNOT_ENABLE_ECDSA 1 > : #else > : #undef KNOT_ENABLE_ECDSA > : #endif >
Re: First release of LibreSSL portable is available.
Hey Bob, It's already fixed, so will be on the next tarball roll Thanks! I should have been more clear in my previous email, but would it be possible to also revert OPENSSL_VERSION_NUMBER back to 0x1000107fL (or 0x1000108fL)? This way LibreSSL would work as a drop-in replacement without applications needing to add explicit support for LibreSSL. Right now, with OPENSSL_VERSION_NUMBER 0x2000L, existing software must change: #if OPENSSL_VERSION_NUMBER >= 0x10002000L ... #endif to: #if OPENSSL_VERSION_NUMBER >= 0x10002000L \ && !defined LIBRESSL_VERSION_NUMBER ... #endif in order to compile with LibreSSL, for no good reason. Best regards, Piotr Sikora
Re: First release of LibreSSL portable is available.
Hi, On Fri, Jul 11, 2014 at 12:21:12PM -0600, Bob Beck wrote: > The first release of LibreSSL portable has been released. LibreSSL > can be found in the LibreSSL directory of your favorite OpenBSD mirror. > > http://ftp.openbsd.org/pub/OpenBSD/LibreSSL has it, and other mirrors sounds great! Would you mind publishing checksums & stuff for that? TIA! Kind regards, --Toni++
Re: CVS: cvs.openbsd.org: src
On 2014/07/11 15:21, Bob Beck wrote: > CVSROOT: /cvs > Module name: src > Changes by: b...@cvs.openbsd.org2014/07/11 15:21:59 > > Modified files: > lib/libssl/src/crypto: opensslv.h > > Log message: > Provide LIBRESSL_VERSION_NUMBER for people who use such things to > detect versions distinct from OPENSSL_BLAH_WOOF.. > ok jsing@ tedu@ deraadt@ > I think it would ease porting work if the old OPENSSL_VERSION_NUMBER could be retained and we use LIBRESSL_VERSION_NUMBER to distinguish LibreSSL versions.. dovecot-2.2.10/dovecot-2.2.10/src/login-common/ssl-proxy-openssl.c http://hg.dovecot.org/dovecot-2.2/file/fd0616d553b0/src/login-common/ssl-proxy-openssl.c#l130 32:#if !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x1000L 129:#if defined(HAVE_ECDH) && OPENSSL_VERSION_NUMBER < 0x10002000L 1028:#if defined(HAVE_ECDH) && OPENSSL_VERSION_NUMBER < 0x10002000L 1041:#if OPENSSL_VERSION_NUMBER >= 0x10002000L 1076:#if OPENSSL_VERSION_NUMBER >= 0x00907000L 1156:#if defined(HAVE_ECDH) && OPENSSL_VERSION_NUMBER < 0x10002000L chromium-34.0.1847.137/chromium-34.0.1847.137/net/socket/ssl_client_socket_openssl.cc 54:#if OPENSSL_VERSION_NUMBER < 0x1000103fL ...(checking for a version of openssl other than the embedded one?) apache-httpd http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_private.h?revision=1598107&view=markup#l86 : #include : #if (OPENSSL_VERSION_NUMBER >= 0x10001000) : /* must be defined before including ssl.h */ : #define OPENSSL_NO_SSL_INTERN : #endif knot-dns https://gitlab.labs.nic.cz/labs/knot/blob/2354047b6402aa68daffe96d6f82f30f0dad1cff/src/libknot/dnssec/config.h : // ECDSA support requires OpenSSL version >= 1.0.1 : #if !defined(OPENSSL_NO_ECDSA) && OPENSSL_VERSION_NUMBER >= 0x10001000L : #define KNOT_ENABLE_ECDSA 1 : #else : #undef KNOT_ENABLE_ECDSA : #endif
Re: First release of LibreSSL portable is available.
It's already fixed, so will be on the next tarball roll On Fri, Jul 11, 2014 at 3:07 PM, Piotr Sikora wrote: > Hello, > > >> libressl-2.0.0.tar.gz has been tested to build on various versions of >> Linux, Solaris, Mac OSX, and FreeBSD. >> >> This is intended as an initial release to allow the community to start >> using and providing feedback. We will be adding support for >> other platforms as time and resources permit. > > > Congratulations on the first release! > > However, I have an issue with the versioning. You defined > OPENSSL_VERSION_NUMBER as 0x2000L (2.0.0) without providing any way to > differentiate between OpenSSL and LibreSSL (for example, BoringSSL provides > OPENSSL_IS_BORINGSSL). This means that applications that already support > features from OpenSSL-1.0.2 and/or OpenSSL-1.1.0 won't compile against > LibreSSL, because they see version 2.0.0, not 1.0.1 (which LibreSSL was > forked off). > > Best regards, > Piotr Sikora >
Re: First release of LibreSSL portable is available.
Hello, libressl-2.0.0.tar.gz has been tested to build on various versions of Linux, Solaris, Mac OSX, and FreeBSD. This is intended as an initial release to allow the community to start using and providing feedback. We will be adding support for other platforms as time and resources permit. Congratulations on the first release! However, I have an issue with the versioning. You defined OPENSSL_VERSION_NUMBER as 0x2000L (2.0.0) without providing any way to differentiate between OpenSSL and LibreSSL (for example, BoringSSL provides OPENSSL_IS_BORINGSSL). This means that applications that already support features from OpenSSL-1.0.2 and/or OpenSSL-1.1.0 won't compile against LibreSSL, because they see version 2.0.0, not 1.0.1 (which LibreSSL was forked off). Best regards, Piotr Sikora
Re: First release of LibreSSL portable is available.
On Fri, Jul 11, 2014 at 12:21:12 -0600, Bob Beck wrote: > The first release of LibreSSL portable has been released. LibreSSL > can be found in the LibreSSL directory of your favorite OpenBSD mirror. > > http://ftp.openbsd.org/pub/OpenBSD/LibreSSL has it, and other mirrors > will soon. > > libressl-2.0.0.tar.gz has been tested to build on various versions of > Linux, Solaris, Mac OSX, and FreeBSD. > Hello Bob, It's great to see this release from a community of developers that are dedicated to doing things right! After seeing your announcement, I immediately tried to build it on my workstation (RHEL 6.5), but it unfortunately fails: CCLD openssl ../crypto/.libs/libcrypto.so: undefined reference to `clock_gettime' collect2: ld returned 1 exit status make[1]: *** [openssl] Error 1 Setting LDFLAGS to -lrt fixes the issue. -- Iain Morgan
Re: lynx: disable old protocols
On 7/11/14, Theo de Raadt wrote: > If lynx was removed from base, and only available in ports... how many of > you would even know of it's existance and use it? asking rhetorically? either way, yes, I would install lynx if it wasn't in base. I use it on a daily basis. --patrick
Re: ftp(1) User-Agent
On 07/11/14 20:06, Lawrence Teo wrote:
On Fri, Jul 11, 2014 at 05:46:02PM +0200, Alexander Hall wrote:
On 07/11/14 17:35, Lawrence Teo wrote:
On Fri, Jul 11, 2014 at 12:20:00PM +0200, Alexander Hall wrote:
On 07/10/14 06:30, Lawrence Teo wrote:
About a month ago, I sent a diff that allows ftp(1) to set its
User-Agent.
Based on feedback from halex@ and deraadt@, I have changed it so that
the User-Agent can be set via a -U command-line option instead of an
environment variable.
I have also fixed a conflict with guenther@'s recent fetch.c commit.
Would anyone like to ok this latest version?
I was reviewing this and I couldn't help finding it unnecessarily
cumbersome.
I propose this diff (ontop on the already proposed and committed diff).
Apart from making the code simpler, this diff will change two things:
Thanks for simplifying this. The original diff used an environment
variable and for consistency with the existing code that deals with
environment variables, I implemented it within auto_fetch().
When I changed it to use a command-line option, I continued implementing
it within auto_fetch() because that was where my original code was. But
as your diff shows, that's unnecessary, so I appreciate your work in
making it less cumbersome.
I agree with your diff except for this part:
1. You may specify -U as many times as you please, using only the last
one. This is the behavious I'd expect.
What is the use case for specifying multiple -U instances and only
choosing the last one? To me that sounds like something I would
accidentally do as opposed to something I would intentionally do, so
that's why my code tried to prevent it.
Mainly because that's how I would expect any option to work. -o, just to
give one example.
hmmm.. use case:
getfile() {
ftp -U 'firefox' "$@"
}
getfile http://foo.bar/baz1
getfile http://foo.bar/baz2
getfile -U 'chrome' http://foo.bar/baz3
Ah, thanks. I most likely won't use it that way but I see the point.
Well, it was just a made up example, but it serves as an example for
having overridable parameters, possibly with specific excaptions.
OK lteo@
committed, thanks.
/Alexander
Re: PATCH: misc mkstemp and fdopen fixes
On Fri, Jul 11, 2014 at 07:29:06PM +0200, Marc Espie wrote:
> I don't like that part. The logic is a bit wrong. Especially since
> unlink(fname) is always called for fd != -1, so I feel there should be one
> single call.
Ok
Index: usr.bin/m4/eval.c
===
RCS file: /cvs/src/usr.bin/m4/eval.c,v
retrieving revision 1.72
diff -u -p -d -r1.72 eval.c
--- usr.bin/m4/eval.c 28 Apr 2014 12:34:11 - 1.72
+++ usr.bin/m4/eval.c 11 Jul 2014 18:09:31 -
@@ -817,11 +817,10 @@ dodiv(int n)
if (outfile[n] == NULL) {
char fname[] = _PATH_DIVNAME;
- if ((fd = mkstemp(fname)) < 0 ||
- (outfile[n] = fdopen(fd, "w+")) == NULL)
- err(1, "%s: cannot divert", fname);
- if (unlink(fname) == -1)
- err(1, "%s: cannot unlink", fname);
+ if ((fd = mkstemp(fname)) < 0 ||
+ unlink(fname) == -1 ||
+ (outfile[n] = fdopen(fd, "w+")) == NULL)
+ err(1, "%s: cannot divert", fname);
}
active = outfile[n];
}
First release of LibreSSL portable is available.
The first release of LibreSSL portable has been released. LibreSSL can be found in the LibreSSL directory of your favorite OpenBSD mirror. http://ftp.openbsd.org/pub/OpenBSD/LibreSSL has it, and other mirrors will soon. libressl-2.0.0.tar.gz has been tested to build on various versions of Linux, Solaris, Mac OSX, and FreeBSD. This is intended as an initial release to allow the community to start using and providing feedback. We will be adding support for other platforms as time and resources permit. As always, donations (http://www.openbsdfoundation.org/donations.html) are appreciated to assist in our efforts. Enjoy, -Bob
Re: ftp(1) User-Agent
On Fri, Jul 11, 2014 at 05:46:02PM +0200, Alexander Hall wrote:
> On 07/11/14 17:35, Lawrence Teo wrote:
> >On Fri, Jul 11, 2014 at 12:20:00PM +0200, Alexander Hall wrote:
> >>On 07/10/14 06:30, Lawrence Teo wrote:
> >>>About a month ago, I sent a diff that allows ftp(1) to set its
> >>>User-Agent.
> >>>
> >>>Based on feedback from halex@ and deraadt@, I have changed it so that
> >>>the User-Agent can be set via a -U command-line option instead of an
> >>>environment variable.
> >>>
> >>>I have also fixed a conflict with guenther@'s recent fetch.c commit.
> >>>
> >>>Would anyone like to ok this latest version?
> >>
> >>I was reviewing this and I couldn't help finding it unnecessarily
> >>cumbersome.
> >>
> >>I propose this diff (ontop on the already proposed and committed diff).
> >>Apart from making the code simpler, this diff will change two things:
> >
> >Thanks for simplifying this. The original diff used an environment
> >variable and for consistency with the existing code that deals with
> >environment variables, I implemented it within auto_fetch().
> >
> >When I changed it to use a command-line option, I continued implementing
> >it within auto_fetch() because that was where my original code was. But
> >as your diff shows, that's unnecessary, so I appreciate your work in
> >making it less cumbersome.
> >
> >I agree with your diff except for this part:
> >
> >>1. You may specify -U as many times as you please, using only the last
> >>one. This is the behavious I'd expect.
> >
> >What is the use case for specifying multiple -U instances and only
> >choosing the last one? To me that sounds like something I would
> >accidentally do as opposed to something I would intentionally do, so
> >that's why my code tried to prevent it.
>
> Mainly because that's how I would expect any option to work. -o, just to
> give one example.
>
> hmmm.. use case:
>
> getfile() {
> ftp -U 'firefox' "$@"
> }
>
> getfile http://foo.bar/baz1
> getfile http://foo.bar/baz2
>
> getfile -U 'chrome' http://foo.bar/baz3
Ah, thanks. I most likely won't use it that way but I see the point.
OK lteo@
Re: PATCH: misc mkstemp and fdopen fixes
On Fri, Jul 11, 2014 at 04:55:36PM +, Doug Hogan wrote:
> Index: usr.bin/m4/eval.c
> ===
> RCS file: /cvs/src/usr.bin/m4/eval.c,v
> retrieving revision 1.72
> diff -u -p -d -r1.72 eval.c
> --- usr.bin/m4/eval.c 28 Apr 2014 12:34:11 - 1.72
> +++ usr.bin/m4/eval.c 11 Jul 2014 16:20:25 -
> @@ -818,8 +818,12 @@ dodiv(int n)
> char fname[] = _PATH_DIVNAME;
>
> if ((fd = mkstemp(fname)) < 0 ||
> - (outfile[n] = fdopen(fd, "w+")) == NULL)
> - err(1, "%s: cannot divert", fname);
> + (outfile[n] = fdopen(fd, "w+")) == NULL) {
> + int saved_errno = errno;
> + if (fd != -1)
> + unlink(fname);
> + errc(1, saved_errno, "%s: cannot divert",
> fname);
> + }
> if (unlink(fname) == -1)
> err(1, "%s: cannot unlink", fname);
> }
I don't like that part. The logic is a bit wrong. Especially since
unlink(fname) is always called for fd != -1, so I feel there should be one
single call.
Re: PATCH: misc mkstemp and fdopen fixes
On Fri, Jul 11, 2014 at 12:19:22PM +0200, Philip Guenther wrote:
> This should call warn() before unlink() or close() to guarantee that the
> correct errno value is reported.
...
> This and several other need to save errno and use errc(), ala:
Updated patch. Updated mktemp.3 this time.
Index: bin/csh/dol.c
===
RCS file: /cvs/src/bin/csh/dol.c,v
retrieving revision 1.17
diff -u -p -d -r1.17 dol.c
--- bin/csh/dol.c 12 Aug 2010 02:00:27 - 1.17
+++ bin/csh/dol.c 11 Jul 2014 16:20:04 -
@@ -829,7 +829,8 @@ heredoc(Char *term)
if (mkstemp(tmp) < 0)
stderror(ERR_SYSTEM, tmp, strerror(errno));
-(void) unlink(tmp);/* 0 0 inode! */
+else
+ (void) unlink(tmp); /* 0 0 inode! */
Dv[0] = term;
Dv[1] = NULL;
gflag = 0;
Index: lib/libc/stdio/mktemp.3
===
RCS file: /cvs/src/lib/libc/stdio/mktemp.3,v
retrieving revision 1.51
diff -u -p -d -r1.51 mktemp.3
--- lib/libc/stdio/mktemp.3 5 Jun 2013 03:39:23 - 1.51
+++ lib/libc/stdio/mktemp.3 11 Jul 2014 16:20:18 -
@@ -147,11 +147,11 @@ int fd;
strlcpy(sfn, "/tmp/ed.XX", sizeof(sfn));
if ((fd = mkstemp(sfn)) == -1 ||
(sfp = fdopen(fd, "w+")) == NULL) {
+ warn("%s", sfn);
if (fd != -1) {
unlink(sfn);
close(fd);
}
- warn("%s", sfn);
return (NULL);
}
return (sfp);
Index: sbin/disklabel/disklabel.c
===
RCS file: /cvs/src/sbin/disklabel/disklabel.c,v
retrieving revision 1.195
diff -u -p -d -r1.195 disklabel.c
--- sbin/disklabel/disklabel.c 5 May 2014 16:33:34 - 1.195
+++ sbin/disklabel/disklabel.c 11 Jul 2014 16:20:22 -
@@ -815,10 +815,13 @@ edit(struct disklabel *lp, int f)
FILE *fp;
u_int64_t total_sectors, starting_sector, ending_sector;
- if ((fd = mkstemp(tmpfil)) == -1 || (fp = fdopen(fd, "w")) == NULL) {
- if (fd != -1)
- close(fd);
+ if ((fd = mkstemp(tmpfil)) == -1 ||
+ (fp = fdopen(fd, "w")) == NULL) {
warn("%s", tmpfil);
+ if (fd != -1) {
+ unlink(tmpfil);
+ close(fd);
+ }
return (1);
}
display(fp, lp, 0, 1);
Index: sbin/scsi/scsi.c
===
RCS file: /cvs/src/sbin/scsi/scsi.c,v
retrieving revision 1.28
diff -u -p -d -r1.28 scsi.c
--- sbin/scsi/scsi.c12 Nov 2013 04:59:02 - 1.28
+++ sbin/scsi/scsi.c11 Jul 2014 16:20:22 -
@@ -571,8 +571,12 @@ edit_init(void)
strlcpy(edit_name, "/var/tmp/sc", sizeof edit_name);
if ((fd = mkstemp(edit_name)) == -1)
err(1, "mkstemp");
- if ( (edit_file = fdopen(fd, "w+")) == 0)
- err(1, "fdopen");
+ if ( (edit_file = fdopen(fd, "w+")) == 0) {
+ int saved_errno = errno;
+ unlink(edit_name);
+ close(fd);
+ errc(1, saved_errno, "fdopen");
+ }
edit_opened = 1;
atexit(edit_done);
Index: usr.bin/gzsig/sign.c
===
RCS file: /cvs/src/usr.bin/gzsig/sign.c,v
retrieving revision 1.13
diff -u -p -d -r1.13 sign.c
--- usr.bin/gzsig/sign.c10 Mar 2013 10:36:57 - 1.13
+++ usr.bin/gzsig/sign.c11 Jul 2014 16:20:25 -
@@ -281,6 +281,7 @@ sign(int argc, char *argv[])
if ((fout = fdopen(fd, "w")) == NULL) {
fprintf(stderr, "Error opening %s: %s\n",
tmppath, strerror(errno));
+ unlink(tmppath);
fclose(fin);
close(fd);
continue;
@@ -288,6 +289,7 @@ sign(int argc, char *argv[])
if (copy_permissions(fileno(fin), fd) < 0) {
fprintf(stderr, "Error initializing %s: %s\n",
tmppath, strerror(errno));
+ unlink(tmppath);
fclose(fin);
fclose(fout);
continue;
Index: usr.bin/htpasswd/htpasswd.c
===
RCS file: /cvs/src/usr.bin/htpasswd/htpasswd.c,v
retrieving revision 1.10
diff -u -p -d -r1.10 htpasswd.c
--- usr.bin/htpasswd/htpasswd.c 24 Mar 2014 20:33:01 - 1.10
+++ usr.bin/htpasswd/htpasswd.c 11 Jul 2014 16:20:25 -
@@ -164,8 +164,11 @@ main(int argc, char** argv)
if ((fd = mkstemp(tmpl)) == -1)
err(1, "mkstemp");
- if ((out = fdopen(fd, "w+")) == NULL)
- err(1, "cannot o
Re: boot/zboot: cmd.c merge
Anyone?
On Fri, Jul 04, 2014 at 07:41:07PM +0200, Tobias Stoeckmann wrote:
> On Sun, Jun 29, 2014 at 08:40:53PM +0200, Tobias Stoeckmann wrote:
> > "cc -c" works for zaurus' cmd.c. I don't have a zaurus, so it would be
> > nice if a zaurus owner can test these changes.
>
> Got feedback from zaurus users. The Makefile was missing another change:
> It still listed cmd.c in SRCS. Compiles for them and nobody shouted at
> me for removing "clear".
>
> Patch updated, I also incremented zboot to 2.10, after all this diff
> will zap the "clear" command.
>
> Okay?
>
> Index: arch/zaurus/stand/zboot/Makefile
> ===
> RCS file: /cvs/src/sys/arch/zaurus/stand/zboot/Makefile,v
> retrieving revision 1.13
> diff -u -p -r1.13 Makefile
> --- arch/zaurus/stand/zboot/Makefile 10 Sep 2013 21:00:26 - 1.13
> +++ arch/zaurus/stand/zboot/Makefile 4 Jul 2014 17:39:53 -
> @@ -21,7 +21,7 @@ CLEANFILES+= arm machine
> .endif
>
> # stand/boot
> -SRCS+= boot.c vars.c bootarg.c conf.c
> +SRCS+= boot.c cmd.c vars.c bootarg.c conf.c
>
> # libsa
> SRCS+= close.c closeall.c cons.c ctime.c disklabel.c dkcksum.c fstat.c
> \
> @@ -33,7 +33,7 @@ SRCS+= strcmp.c strlcpy.c strlen.c strnc
> ashrdi3.c divsi3.S divdi3.c moddi3.c qdivrem.c
>
> # local overrides and additions
> -SRCS+= alloc.c cmd.c devopen.c diskprobe.c exec.c exit.c loadfile.c \
> +SRCS+= alloc.c devopen.c diskprobe.c exec.c exit.c loadfile.c \
> machdep.c termios.c unixcons.c unixdev.c unixsys.S
>
> .PATH: ${S}/stand/boot
> Index: arch/zaurus/stand/zboot/boot.8
> ===
> RCS file: /cvs/src/sys/arch/zaurus/stand/zboot/boot.8,v
> retrieving revision 1.10
> diff -u -p -r1.10 boot.8
> --- arch/zaurus/stand/zboot/boot.827 Sep 2012 12:26:28 - 1.10
> +++ arch/zaurus/stand/zboot/boot.84 Jul 2014 17:39:53 -
> @@ -103,6 +103,12 @@ This file may contain any commands
> .Nm
> accepts at the interactive prompt.
> Though default settings usually suffice, they can be changed here.
> +.\" XXX CHECK_SKIP_CONF is not defined...
> +.\" .Pp
> +.\" .Pa boot.conf
> +.\" processing can be skipped by holding down either Control key as
> +.\" .Nm
> +.\" starts.
> .It
> The header line
> .Pp
> Index: arch/zaurus/stand/zboot/cmd.c
> ===
> RCS file: arch/zaurus/stand/zboot/cmd.c
> diff -N arch/zaurus/stand/zboot/cmd.c
> --- arch/zaurus/stand/zboot/cmd.c 21 Mar 2007 03:29:05 - 1.3
> +++ /dev/null 1 Jan 1970 00:00:00 -
> @@ -1,532 +0,0 @@
> -/* $OpenBSD: cmd.c,v 1.3 2007/03/21 03:29:05 tedu Exp $*/
> -
> -/*
> - * Copyright (c) 1997-1999 Michael Shalayeff
> - * All rights reserved.
> - *
> - * Redistribution and use in source and binary forms, with or without
> - * modification, are permitted provided that the following conditions
> - * are met:
> - * 1. Redistributions of source code must retain the above copyright
> - *notice, this list of conditions and the following disclaimer.
> - * 2. Redistributions in binary form must reproduce the above copyright
> - *notice, this list of conditions and the following disclaimer in the
> - *documentation and/or other materials provided with the distribution.
> - *
> - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
> - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
> - * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
> - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
> - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
> - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
> - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
> - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
> - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
> - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
> - * SUCH DAMAGE.
> - */
> -
> -#include
> -#include
> -
> -#ifdef REGRESS
> -#include
> -#include
> -#else
> -#include
> -#include
> -#endif
> -
> -#include
> -
> -#define CTRL(c) ((c)&0x1f)
> -
> -static int Xboot(void);
> -static int Xclear(void);
> -static int Xecho(void);
> -static int Xhelp(void);
> -static int Xls(void);
> -static int Xnop(void);
> -static int Xreboot(void);
> -static int Xstty(void);
> -static int Xtime(void);
> -#ifdef MACHINE_CMD
> -static int Xmachine(void);
> -extern const struct cmd_table MACHINE_CMD[];
> -#endif
> -extern int Xset(void);
> -extern int Xenv(void);
> -
> -extern const struct cmd_table cmd_set[];
> -const struct cmd_table cmd_table[] = {
> - {"#", CMDT_CMD, Xnop}, /* XXX must be first */
> - {"boot", CMDT_CMD, Xboot},
> - {"clear", CMDT_CMD, Xc
Re: using -Werror-implicit-function-declaration
On Fri, Jul 11, 2014 at 10:27:57AM -0400, Ted Unangst wrote: > On Fri, Jul 11, 2014 at 14:09, Florian Obser wrote: > > usr.sbin, make sure subdirs of subdirs see usr.sbin/Makefile.inc: > > > > Does the same thing as lpr/pac and pppd/pppstats. I have no idea if > > this is the right way, but it seems to work. Cluebats welcome. > > I think maybe it would be nicer to create a Makefile.inc in .. and > have that include ../../Makefile.inc in some cases? That would work > more automagically? Avoiding multiple inclusions is somewhat hard...
Re: [patch] new ssl features for relayd (more forward secrecy, renegotiation interception)
Hi Reyk
On 11.07.2014, at 17:29, Reyk Floeter wrote:
> On Wed, Jul 02, 2014 at 01:34:51PM +0200, Markus Gebert wrote:
>> I hope this is the right mailing list to publish a patch. If not,
>> please let me know where to place it or how I should get in contact
>> with the relayd maintainer(s).
>>
>> I've added some new SSL features and config options to relayd that we
>> needed at work:
>>
>> - ssl edh params "value"
>> -> allows to control the use of OpenSSL built-in DH params. With
>> them, relayd is now able to use EDH/DHE ciphers. They are the
>> only option to provide forward secrecy for older clients.
>>
>> - ssl [no] cipher-server-preference
>> -> allows the admin to control SSL_OP_CIPHER_SERVER_PREFERENCE to be
>> able to force some cipher preferences on clients (i.e. to prefer
>> ciphers that provide forward secrecy).
>>
>> - ssl [no] client-renegotiation
>> -> allows the interception of ("secure") client initiated
>> renegotioations, which are considered a risk in DDoS scenarios
>> because many CPU cycles can be burned this way on a single TCP
>> connection without an obvious way for the administrator to
>> immediately know what's happening.
>>
>>
>> The patch was originally written against the FreeBSD port of relayd, but
>> since all the changes should be easily portable to OpenBSD and it makes
>> sense to add the features upstream, I recreated the patch so that it
>> applies to OpenBSD (5.5 and CURRENT). It's only compile-tested, but the
>> changed code parts do not really differ between the platforms, so I
>> think the patch should be safe to use.
>>
>> Patch for OpenBSD 5.5:
>> http://gebert.net/share/relayd-ssl-5.5.diff
>>
>> Patch for OpenBSD CURRENT as of 2014-07-01:
>> http://gebert.net/share/relayd-ssl-current-20140701.diff
>>
>>
>> Please feel free to change any defaults I’ve chosen for the new config
>> options. They were chosen for the environmet I run relayd in and might
>> not fit your policies about introducing new features.
>>
>> Any feedback is welcome!
>>
>
> Thank you for the diff, I updated the diff and changed a few defaults
> after discussing them with jsing@. I also adjusted the grammar a
> little bit to the following style (also for ecdh):
>
> ssl edh - enable edh with the default maximum of 1024
> bits
> ssl no edh- disable edh (the default, provided for consistency)
> ssl edh params 8192 - set a non-default maximum
>
> I removed the "auto" option because providing 8192 will effectively be
> the same. I also adjusted the ecdh option accordingly:
>
> ssl ecdh - enable ecdh (the default, using prime256v1)
> ssl no ecdh - disable ecdh
> ssl ecdh curve prime256v1 - set a specific curve
>
> The other options cipher-server-preference and client-renegotiation
> make sense, but I changed it to allow "client-renegotiation" by
> default - I want to avoid too many differences to the standard SSL
> library. Please note that relayd is now developed for LibreSSL where
> more defaults might be different to OpenSSL in the future.
Thanks, the new diff looks good to me. I actually like the new grammar
style much more, I was just trying to stick close to the one ecdh used,
but if you change both, the new style makes much more sense. I expected
that you would change the default for client initiated renegotiations,
so I'm good with that too.
I have another diff, which improves the SSL error handling code in
relayd, but I want to discuss that off-list first, if that's ok with
you.
Markus
Re: tweaks for man.cgi
Another diff. HTTP headers have to be separated by CRLF.
Index: cgi.c
===
RCS file: /cvs/src/usr.bin/mandoc/cgi.c,v
retrieving revision 1.1
diff -u -p -r1.1 cgi.c
--- cgi.c 11 Jul 2014 15:37:22 - 1.1
+++ cgi.c 11 Jul 2014 16:00:56 -
@@ -310,12 +310,12 @@ resp_begin_http(int code, const char *ms
{
if (200 != code)
- printf("Status: %d %s\n", code, msg);
+ printf("Status: %d %s\r\n", code, msg);
- puts("Content-Type: text/html; charset=utf-8\n"
-"Cache-Control: no-cache\n"
-"Pragma: no-cache\n"
-"");
+ printf("Content-Type: text/html; charset=utf-8\r\n"
+"Cache-Control: no-cache\r\n"
+"Pragma: no-cache\r\n"
+"\r\n");
fflush(stdout);
}
@@ -480,12 +480,13 @@ resp_search(const struct req *req, struc
* If we have just one result, then jump there now
* without any delay.
*/
- puts("Status: 303 See Other");
+ printf("Status: 303 See Other\r\n");
printf("Location: http://%s%s/show/%s/%s?";,
httphost, scriptname, req->q.manpath, r[0].file);
http_printquery(req);
- puts("\n"
-"Content-Type: text/html; charset=utf-8\n");
+ printf("\r\n"
+"Content-Type: text/html; charset=utf-8\r\n"
+"\r\n");
return;
}
tweaks for man.cgi
1. redundant null tests
2. http decode can be linear instead of (n^2) with two pointers.
Index: cgi.c
===
RCS file: /cvs/src/usr.bin/mandoc/cgi.c,v
retrieving revision 1.1
diff -u -p -r1.1 cgi.c
--- cgi.c 11 Jul 2014 15:37:22 - 1.1
+++ cgi.c 11 Jul 2014 15:50:48 -
@@ -161,7 +161,7 @@ html_printquery(const struct req *req)
}
if (NULL != req->q.expr) {
printf("&expr=");
- html_print(req->q.expr ? req->q.expr : "");
+ html_print(req->q.expr);
}
}
@@ -280,11 +280,13 @@ static int
http_decode(char *p)
{
char hex[3];
+ char*q;
int c;
hex[2] = '\0';
- for ( ; '\0' != *p; p++) {
+ q = p;
+ for ( ; '\0' != *p; p++, q++) {
if ('%' == *p) {
if ('\0' == (hex[0] = *(p + 1)))
return(0);
@@ -295,13 +297,13 @@ http_decode(char *p)
if ('\0' == c)
return(0);
- *p = (char)c;
- memmove(p + 1, p + 3, strlen(p + 3) + 1);
+ *q = (char)c;
+ p += 2;
} else
- *p = '+' == *p ? ' ' : *p;
+ *q = '+' == *p ? ' ' : *p;
}
- *p = '\0';
+ *q = '\0';
return(1);
}
Re: ftp(1) User-Agent
On 07/11/14 17:35, Lawrence Teo wrote:
On Fri, Jul 11, 2014 at 12:20:00PM +0200, Alexander Hall wrote:
On 07/10/14 06:30, Lawrence Teo wrote:
About a month ago, I sent a diff that allows ftp(1) to set its
User-Agent.
Based on feedback from halex@ and deraadt@, I have changed it so that
the User-Agent can be set via a -U command-line option instead of an
environment variable.
I have also fixed a conflict with guenther@'s recent fetch.c commit.
Would anyone like to ok this latest version?
I was reviewing this and I couldn't help finding it unnecessarily
cumbersome.
I propose this diff (ontop on the already proposed and committed diff).
Apart from making the code simpler, this diff will change two things:
Thanks for simplifying this. The original diff used an environment
variable and for consistency with the existing code that deals with
environment variables, I implemented it within auto_fetch().
When I changed it to use a command-line option, I continued implementing
it within auto_fetch() because that was where my original code was. But
as your diff shows, that's unnecessary, so I appreciate your work in
making it less cumbersome.
I agree with your diff except for this part:
1. You may specify -U as many times as you please, using only the last
one. This is the behavious I'd expect.
What is the use case for specifying multiple -U instances and only
choosing the last one? To me that sounds like something I would
accidentally do as opposed to something I would intentionally do, so
that's why my code tried to prevent it.
Mainly because that's how I would expect any option to work. -o, just to
give one example.
hmmm.. use case:
getfile() {
ftp -U 'firefox' "$@"
}
getfile http://foo.bar/baz1
getfile http://foo.bar/baz2
getfile -U 'chrome' http://foo.bar/baz3
/Alexander
2. If you compile with -DSMALL, using -U will produce an error. This
does not follow the common, IMO questionable, practice of just
ignoring the switches. However I find it a totally reasonable
for most unavailable switches (possibly -C aside).
OK?
/Alexander
Index: fetch.c
===
RCS file: /cvs/src/usr.bin/ftp/fetch.c,v
retrieving revision 1.124
diff -u -p -r1.124 fetch.c
--- fetch.c 11 Jul 2014 03:31:52 - 1.124
+++ fetch.c 11 Jul 2014 10:18:25 -
@@ -1284,9 +1284,6 @@ auto_fetch(int argc, char *argv[], char
char *cp, *url, *host, *dir, *file, *portnum;
char *username, *pass, *pathstart;
char *ftpproxy, *httpproxy;
-#ifndef SMALL
- char *uagent = NULL;
-#endif /* !SMALL */
int rval, xargc;
volatile int argpos;
int dirhasglob, filehasglob, oautologin;
@@ -1307,13 +1304,6 @@ auto_fetch(int argc, char *argv[], char
if ((httpproxy = getenv(HTTP_PROXY)) != NULL && *httpproxy == '\0')
httpproxy = NULL;
- if (httpuseragent == NULL)
- httpuseragent = HTTP_USER_AGENT;
-#ifndef SMALL
- else
- uagent = httpuseragent;
-#endif /* !SMALL */
-
/*
* Loop through as long as there's files to fetch.
*/
@@ -1590,9 +1580,6 @@ bad_ftp_url:
}
if (connected && rval != -1)
disconnect(0, NULL);
-#ifndef SMALL
- free(uagent);
-#endif /* !SMALL */
return (rval);
}
Index: main.c
===
RCS file: /cvs/src/usr.bin/ftp/main.c,v
retrieving revision 1.88
diff -u -p -r1.88 main.c
--- main.c 11 Jul 2014 03:31:52 - 1.88
+++ main.c 11 Jul 2014 10:18:25 -
@@ -362,19 +362,17 @@ main(volatile int argc, char *argv[])
trace = 1;
break;
- case 'U':
#ifndef SMALL
- if (httpuseragent)
- errx(1, "User-Agent was already defined");
- /* Ensure that User-Agent value is in a single line. */
+ case 'U':
+ free (httpuseragent);
if (strcspn(optarg, "\r\n") != strlen(optarg))
errx(1, "Invalid User-Agent: %s.", optarg);
if (asprintf(&httpuseragent, "User-Agent: %s",
optarg) == -1)
errx(1, "Can't allocate memory for HTTP(S) "
"User-Agent");
-#endif /* !SMALL */
break;
+#endif /* !SMALL */
case 'v':
verbose = 1;
@@ -394,6 +392,8 @@ main(volatile int argc, char *argv[])
#ifndef SMALL
cookie_load();
#endif /* !SMALL */
+ if (httpuseragent == NULL)
+ httpuseragent = HTTP_USER_AGENT;
cpend = 0; /* no pending replies */
proxy = 0; /* proxy not active */
Re: ftp(1) User-Agent
On Fri, Jul 11, 2014 at 12:20:00PM +0200, Alexander Hall wrote: > On 07/10/14 06:30, Lawrence Teo wrote: > > About a month ago, I sent a diff that allows ftp(1) to set its > > User-Agent. > > > > Based on feedback from halex@ and deraadt@, I have changed it so that > > the User-Agent can be set via a -U command-line option instead of an > > environment variable. > > > > I have also fixed a conflict with guenther@'s recent fetch.c commit. > > > > Would anyone like to ok this latest version? > > I was reviewing this and I couldn't help finding it unnecessarily > cumbersome. > > I propose this diff (ontop on the already proposed and committed diff). > Apart from making the code simpler, this diff will change two things: Thanks for simplifying this. The original diff used an environment variable and for consistency with the existing code that deals with environment variables, I implemented it within auto_fetch(). When I changed it to use a command-line option, I continued implementing it within auto_fetch() because that was where my original code was. But as your diff shows, that's unnecessary, so I appreciate your work in making it less cumbersome. I agree with your diff except for this part: > 1. You may specify -U as many times as you please, using only the last >one. This is the behavious I'd expect. What is the use case for specifying multiple -U instances and only choosing the last one? To me that sounds like something I would accidentally do as opposed to something I would intentionally do, so that's why my code tried to prevent it. > 2. If you compile with -DSMALL, using -U will produce an error. This >does not follow the common, IMO questionable, practice of just >ignoring the switches. However I find it a totally reasonable >for most unavailable switches (possibly -C aside). > > OK? > > /Alexander > > > Index: fetch.c > === > RCS file: /cvs/src/usr.bin/ftp/fetch.c,v > retrieving revision 1.124 > diff -u -p -r1.124 fetch.c > --- fetch.c 11 Jul 2014 03:31:52 - 1.124 > +++ fetch.c 11 Jul 2014 10:18:25 - > @@ -1284,9 +1284,6 @@ auto_fetch(int argc, char *argv[], char > char *cp, *url, *host, *dir, *file, *portnum; > char *username, *pass, *pathstart; > char *ftpproxy, *httpproxy; > -#ifndef SMALL > - char *uagent = NULL; > -#endif /* !SMALL */ > int rval, xargc; > volatile int argpos; > int dirhasglob, filehasglob, oautologin; > @@ -1307,13 +1304,6 @@ auto_fetch(int argc, char *argv[], char > if ((httpproxy = getenv(HTTP_PROXY)) != NULL && *httpproxy == '\0') > httpproxy = NULL; > > - if (httpuseragent == NULL) > - httpuseragent = HTTP_USER_AGENT; > -#ifndef SMALL > - else > - uagent = httpuseragent; > -#endif /* !SMALL */ > - > /* >* Loop through as long as there's files to fetch. >*/ > @@ -1590,9 +1580,6 @@ bad_ftp_url: > } > if (connected && rval != -1) > disconnect(0, NULL); > -#ifndef SMALL > - free(uagent); > -#endif /* !SMALL */ > return (rval); > } > > Index: main.c > === > RCS file: /cvs/src/usr.bin/ftp/main.c,v > retrieving revision 1.88 > diff -u -p -r1.88 main.c > --- main.c11 Jul 2014 03:31:52 - 1.88 > +++ main.c11 Jul 2014 10:18:25 - > @@ -362,19 +362,17 @@ main(volatile int argc, char *argv[]) > trace = 1; > break; > > - case 'U': > #ifndef SMALL > - if (httpuseragent) > - errx(1, "User-Agent was already defined"); > - /* Ensure that User-Agent value is in a single line. */ > + case 'U': > + free (httpuseragent); > if (strcspn(optarg, "\r\n") != strlen(optarg)) > errx(1, "Invalid User-Agent: %s.", optarg); > if (asprintf(&httpuseragent, "User-Agent: %s", > optarg) == -1) > errx(1, "Can't allocate memory for HTTP(S) " > "User-Agent"); > -#endif /* !SMALL */ > break; > +#endif /* !SMALL */ > > case 'v': > verbose = 1; > @@ -394,6 +392,8 @@ main(volatile int argc, char *argv[]) > #ifndef SMALL > cookie_load(); > #endif /* !SMALL */ > + if (httpuseragent == NULL) > + httpuseragent = HTTP_USER_AGENT; > > cpend = 0; /* no pending replies */ > proxy = 0; /* proxy not active */ >
Re: [patch] new ssl features for relayd (more forward secrecy, renegotiation interception)
Hi,
On Wed, Jul 02, 2014 at 01:34:51PM +0200, Markus Gebert wrote:
> I hope this is the right mailing list to publish a patch. If not,
> please let me know where to place it or how I should get in contact
> with the relayd maintainer(s).
>
> I've added some new SSL features and config options to relayd that we
> needed at work:
>
> - ssl edh params "value"
> -> allows to control the use of OpenSSL built-in DH params. With
> them, relayd is now able to use EDH/DHE ciphers. They are the
> only option to provide forward secrecy for older clients.
>
> - ssl [no] cipher-server-preference
> -> allows the admin to control SSL_OP_CIPHER_SERVER_PREFERENCE to be
> able to force some cipher preferences on clients (i.e. to prefer
> ciphers that provide forward secrecy).
>
> - ssl [no] client-renegotiation
> -> allows the interception of ("secure") client initiated
> renegotioations, which are considered a risk in DDoS scenarios
> because many CPU cycles can be burned this way on a single TCP
> connection without an obvious way for the administrator to
> immediately know what's happening.
>
>
> The patch was originally written against the FreeBSD port of relayd, but
> since all the changes should be easily portable to OpenBSD and it makes
> sense to add the features upstream, I recreated the patch so that it
> applies to OpenBSD (5.5 and CURRENT). It's only compile-tested, but the
> changed code parts do not really differ between the platforms, so I
> think the patch should be safe to use.
>
> Patch for OpenBSD 5.5:
> http://gebert.net/share/relayd-ssl-5.5.diff
>
> Patch for OpenBSD CURRENT as of 2014-07-01:
> http://gebert.net/share/relayd-ssl-current-20140701.diff
>
>
> Please feel free to change any defaults I’ve chosen for the new config
> options. They were chosen for the environmet I run relayd in and might
> not fit your policies about introducing new features.
>
> Any feedback is welcome!
>
Thank you for the diff, I updated the diff and changed a few defaults
after discussing them with jsing@. I also adjusted the grammar a
little bit to the following style (also for ecdh):
ssl edh - enable edh with the default maximum of 1024 bits
ssl no edh - disable edh (the default, provided for consistency)
ssl edh params 8192 - set a non-default maximum
I removed the "auto" option because providing 8192 will effectively be
the same. I also adjusted the ecdh option accordingly:
ssl ecdh- enable ecdh (the default, using prime256v1)
ssl no ecdh - disable ecdh
ssl ecdh curve prime256v1 - set a specific curve
The other options cipher-server-preference and client-renegotiation
make sense, but I changed it to allow "client-renegotiation" by
default - I want to avoid too many differences to the standard SSL
library. Please note that relayd is now developed for LibreSSL where
more defaults might be different to OpenSSL in the future.
Reyk
Index: config.c
===
RCS file: /cvs/src/usr.sbin/relayd/config.c,v
retrieving revision 1.17
diff -u -p -u -p -r1.17 config.c
--- config.c11 Jul 2014 11:48:50 - 1.17
+++ config.c11 Jul 2014 15:28:21 -
@@ -118,6 +118,7 @@ config_init(struct relayd *env)
SSLCIPHERS_DEFAULT,
sizeof(env->sc_proto_default.sslciphers));
env->sc_proto_default.sslecdhcurve = SSLECDHCURVE_DEFAULT;
+ env->sc_proto_default.ssldhparams = SSLDHPARAMS_DEFAULT;
env->sc_proto_default.type = RELAY_PROTO_TCP;
(void)strlcpy(env->sc_proto_default.name, "default",
sizeof(env->sc_proto_default.name));
Index: parse.y
===
RCS file: /cvs/src/usr.sbin/relayd/parse.y,v
retrieving revision 1.185
diff -u -p -u -p -r1.185 parse.y
--- parse.y 11 Jul 2014 11:48:50 - 1.185
+++ parse.y 11 Jul 2014 15:28:22 -
@@ -167,8 +167,8 @@ typedef struct {
%token QUERYSTR REAL REDIRECT RELAY REMOVE REQUEST RESPONSE RETRY QUICK
%token RETURN ROUNDROBIN ROUTE SACK SCRIPT SEND SESSION SNMP SOCKET SPLICE
%token SSL STICKYADDR STYLE TABLE TAG TAGGED TCP TIMEOUT TO ROUTER RTLABEL
-%token TRANSPARENT TRAP UPDATES URL VIRTUAL WITH TTL RTABLE MATCH
-%token RANDOM LEASTSTATES SRCHASH KEY CERTIFICATE PASSWORD ECDH CURVE
+%token TRANSPARENT TRAP UPDATES URL VIRTUAL WITH TTL RTABLE MATCH PARAMS
+%token RANDOM LEASTSTATES SRCHASH KEY CERTIFICATE PASSWORD ECDH EDH CURVE
%token STRING
%token NUMBER
%typehostname interface table value optstring
@@ -177,6 +177,7 @@ typedef struct {
%typeoptssl optsslclient sslcache
%typeredirect_proto relay_proto match
%typeaction ruleaf key_option
+%typessldhparams sslecdhcurve
%type port
%type host
%type address
@@ -904,6 +905,7 @@
macppc tester(s) needed
Not having a macppc machine of my own anymore, I am forced to rely on the kindness of strangers. I'm looking specifically for macppc machines with the line abtn at adb? in the dmesg. If you or a loved one owns such a machine, please contact me off-list, as I have a small change to the driver that I need to test. Thanks!
Re: Re : Re: [PATCH] rdomain support on rc.d
Ok ok ok .. having the ability to specify the rdomain for the one instance of
a daemon started by /etc/rc does let other monkeying to be done from
/etc/rc.local
if desired.
Thanks,
Penned by Loïc Blot on 20140711 9:56.35, we have:
| Of course,
| I have set the fewer modification on rc.subr because cases mentionned by Todd
are more rare. I think those cases must be handled by rc.local. (but i agree
with todd concept, but his modification is too big for majority of systems).
|
| Loïc Blot,
| Ingénieur systèmes UNIX, Sécurité et Réseaux
| http://www.unix-experience.fr
|
| Theo de Raadt a écrit :
|
| >> Penned by Mike Belopuhov on 20140711 6:49.19, we have:
| >> | On 11 July 2014 10:29, Antoine Jacoutot wrote:
| >> | > On Thu, Jul 10, 2014 at 06:51:01PM +0200, Lo��c BLOT wrote:
| >> | >> Hello all,
| >> | >> I use rdomains to split routing domains per company and also separate
| >> | >> administration interfaces from routing interfaces on my routers (sshd,
| >> | >> bacula, postfix and puppetd running on a dedicated rdomain)
| >> | >>
| >> | >> Actually there is a problem with rdomains, we need to modify /etc/rc.d
| >> | >> scripts to add rdomain execution environment to the specified service.
| >> | >> If rc.subr have support to rdomains, we can let the rc.d scripts
clean.
| >> | >>
| >> | >> To resolve those rdomain issues, I created a patch and I added a new
| >> | >> variable we could use on rc.conf(.local), ${_name}_rdomain. (This
| >> | >> variable needs a signed integer and use an existing rdomain, this is
| >> | >> checked by rc.subr.
| >> | >>
| >> | >> I want to contribute to OpenBSD and I give you this patch. If you have
| >> | >> any suggestions to improve it, tell me.
| >> | >
| >> | > I don't use rdomain so someone knowledgeable should comment here.
| >> | > But it does look like a nice idea.
| >> | >
| >> |
| >> | having something like this would be really cool. in case you'll be
| >> | tweaking the code, make sure that the "route -T exec printf" check
| >> | is preserved. i would use "true" in this test however.
| >> |
| >> | as far as i can tell the daemon_rdomain bit that goes into the rc
| >> | script is fine, however i'm not quite sure how can i start two
| >> | daemons in different rdomains via rc.conf.local. looks like this
| >> | diff doesn't handle this and allows only one instance in the
| >> | ${_name}_rdomain rdomain. but sometimes you want multiple, say
| >> | sshd in rdomain 0 and 1. daemon_rdomain flag allows me to go and
| >> | create another rc.d/sshd-rdomain-1 script and stuff daemon_rdomain=1
| >> | in there. but then i'd have to add it to the pkg_scripts... this
| >> | is a minor issue that i see. perhaps ${_name}_rdomain should list
| >> | multiple values, like sshd_rdomain=0,1,2,3.
| >>
| >> multiple rdomain instances might even have different daemon_flags.
| >>
| >> I think in addition to sshd_rdomain=0,1,2,3 the patch might handle
| >> ssh_rdomain_0_flags="-C /etc/ssh/sshd_0_config". I'm guessing it
| >> makes sense to add to sshd_flags= rather than over-write it, but
| >> that's splitting hairs.
| >>
| >> I've been wondering about how to implement what you've done, and
| >> have ended up with 'route -T 3 exec /etc/rc.d/... -f' in /etc/rc.local.
| >>
| >> I like this direction.
| >
| >For crazy stuff, use /etc/rc.local
--
Todd T. Fries . http://todd.fries.net/pgp.txt . @unix2mars . github:toddfries
Re: diff: fix dhcpinform to work without lease
On Wed, 09 Jul 2014 20:40:36 +0200 (CEST)
YASUOKA Masahiko wrote:
> On Wed, 9 Jul 2014 19:08:09 +0200
> Kenneth Westerback wrote:
>> On 9 July 2014 16:26, YASUOKA Masahiko wrote:
>>> This diff fixes dhcpinform to work without lease.
>>>
>>> ok?
>>>
>>> Fix dhcpinform to work without lease.
>>>
>>> Diff from Yuuichi Someya.
>>
>> This seems to be a large chunk of code duplication. Was it not be
>> possible to have dhcpinform() create a lease and then simply call the
>> normal ack_lease() function to send out the information?
>
> Just creating a lease and calling ack_lease() doesn't comply with RFC
> 2131. So creating a fake lease and adding some "if" switches to
> ack_lease() is required. And I didn't think it's better.
I did it actually, seems better :)
How about this?
Fix DHCPINFORM not to lookup the lease database, not to fill the
yiaddr field and not to include the lease time parameters.
Index: usr.sbin/dhcpd/dhcp.c
===
RCS file: /disk/cvs/openbsd/src/usr.sbin/dhcpd/dhcp.c,v
retrieving revision 1.36
diff -u -p -r1.36 dhcp.c
--- usr.sbin/dhcpd/dhcp.c 5 Apr 2013 19:31:36 - 1.36
+++ usr.sbin/dhcpd/dhcp.c 11 Jul 2014 15:10:27 -
@@ -500,7 +500,7 @@ dhcpdecline(struct packet *packet)
void
dhcpinform(struct packet *packet)
{
- struct lease *lease;
+ struct lease lease;
struct iaddr cip;
struct subnet *subnet;
@@ -509,9 +509,17 @@ dhcpinform(struct packet *packet)
* not all clients are standards compliant.
*/
cip.len = 4;
- if (packet->raw->ciaddr.s_addr)
+ if (packet->raw->ciaddr.s_addr) {
+ if (memcmp(&packet->raw->ciaddr.s_addr,
+ packet->client_addr.iabuf, 4) == 0) {
+ note("DHCPINFORM from %s but ciaddr %s is not "
+ "consitent with actual address",
+ piaddr(packet->client_addr),
+ inet_ntoa(packet->raw->ciaddr));
+ return;
+ }
memcpy(cip.iabuf, &packet->raw->ciaddr.s_addr, 4);
- else
+ } else
memcpy(cip.iabuf, &packet->client_addr.iabuf, 4);
note("DHCPINFORM from %s", piaddr(cip));
@@ -528,28 +536,21 @@ dhcpinform(struct packet *packet)
return;
}
- lease = find_lease(packet, subnet->shared_network, 0);
- if (!lease) {
- note("DHCPINFORM packet from %s but no lease present",
- print_hw_addr(packet->raw->htype, packet->raw->hlen,
- packet->raw->chaddr));
- return;
- }
-
- /* If this subnet won't boot unknown clients, ignore the
- request. */
- if (!lease->host &&
- !lease->subnet->group->boot_unknown_clients) {
- note("Ignoring unknown client %s",
- print_hw_addr(packet->raw->htype, packet->raw->hlen,
- packet->raw->chaddr));
- } else if (lease->host && !lease->host->group->allow_booting) {
- note("Declining to boot client %s",
- lease->host->name ? lease->host->name :
- print_hw_addr(packet->raw->htype, packet->raw->hlen,
- packet->raw->chaddr));
- } else
- ack_lease(packet, lease, DHCPACK, 0);
+ /* Use a fake lease entry */
+ memset(&lease, 0, sizeof(lease));
+ lease.subnet = subnet;
+ lease.shared_network = subnet->shared_network;
+
+ if (packet->options[DHO_DHCP_CLIENT_IDENTIFIER].len)
+ lease.host = find_hosts_by_uid(
+ packet->options[DHO_DHCP_CLIENT_IDENTIFIER].data,
+ packet->options[DHO_DHCP_CLIENT_IDENTIFIER].len);
+
+ lease.starts = lease.timestamp = lease.ends = MIN_TIME;
+ lease.flags = INFORM_NOLEASE;
+ ack_lease(packet, &lease, DHCPACK, 0);
+ if (lease.state != NULL)
+ free_lease_state(lease.state, "ack_lease");
}
void
@@ -881,7 +882,7 @@ ack_lease(struct packet *packet, struct
lt.shared_network = lease->shared_network;
/* Don't call supersede_lease on a mocked-up lease. */
- if (lease->flags & STATIC_LEASE) {
+ if (lease->flags & (STATIC_LEASE | INFORM_NOLEASE)) {
/* Copy the hardware address into the static lease
structure. */
lease->hardware_addr.hlen = packet->raw->hlen;
@@ -1043,6 +1044,42 @@ ack_lease(struct packet *packet, struct
memcpy(state->from.iabuf, state->options[i]->value,
state->from.len);
}
+ /* If we used the vendor class the client specified, we
+ have to return it. */
+ if (vendor_class) {
+ i = DHO_DHCP_CLASS_IDENTIFIER;
+ state->options[i] =
+
Re: [PATCH] rdomain support on rc.d
On 2014/07/11 13:49, Mike Belopuhov wrote:
> as far as i can tell the daemon_rdomain bit that goes into the rc
> script is fine, however i'm not quite sure how can i start two
> daemons in different rdomains via rc.conf.local. looks like this
> diff doesn't handle this and allows only one instance in the
> ${_name}_rdomain rdomain. but sometimes you want multiple, say
> sshd in rdomain 0 and 1. daemon_rdomain flag allows me to go and
> create another rc.d/sshd-rdomain-1 script and stuff daemon_rdomain=1
> in there. but then i'd have to add it to the pkg_scripts... this
> is a minor issue that i see. perhaps ${_name}_rdomain should list
> multiple values, like sshd_rdomain=0,1,2,3.
When you run multiple daemons like this, you also have problems with
pexp matching.
While on the subject, currently there is no way to run the two copies
of ftp-proxy that you need to cope with v4 and v6 without a manual
rc.local entry..
Re : Re: [PATCH] rdomain support on rc.d
Of course,
I have set the fewer modification on rc.subr because cases mentionned by Todd
are more rare. I think those cases must be handled by rc.local. (but i agree
with todd concept, but his modification is too big for majority of systems).
Loïc Blot,
Ingénieur systèmes UNIX, Sécurité et Réseaux
http://www.unix-experience.fr
Theo de Raadt a écrit :
>> Penned by Mike Belopuhov on 20140711 6:49.19, we have:
>> | On 11 July 2014 10:29, Antoine Jacoutot wrote:
>> | > On Thu, Jul 10, 2014 at 06:51:01PM +0200, Lo��c BLOT wrote:
>> | >> Hello all,
>> | >> I use rdomains to split routing domains per company and also separate
>> | >> administration interfaces from routing interfaces on my routers (sshd,
>> | >> bacula, postfix and puppetd running on a dedicated rdomain)
>> | >>
>> | >> Actually there is a problem with rdomains, we need to modify /etc/rc.d
>> | >> scripts to add rdomain execution environment to the specified service.
>> | >> If rc.subr have support to rdomains, we can let the rc.d scripts clean.
>> | >>
>> | >> To resolve those rdomain issues, I created a patch and I added a new
>> | >> variable we could use on rc.conf(.local), ${_name}_rdomain. (This
>> | >> variable needs a signed integer and use an existing rdomain, this is
>> | >> checked by rc.subr.
>> | >>
>> | >> I want to contribute to OpenBSD and I give you this patch. If you have
>> | >> any suggestions to improve it, tell me.
>> | >
>> | > I don't use rdomain so someone knowledgeable should comment here.
>> | > But it does look like a nice idea.
>> | >
>> |
>> | having something like this would be really cool. in case you'll be
>> | tweaking the code, make sure that the "route -T exec printf" check
>> | is preserved. i would use "true" in this test however.
>> |
>> | as far as i can tell the daemon_rdomain bit that goes into the rc
>> | script is fine, however i'm not quite sure how can i start two
>> | daemons in different rdomains via rc.conf.local. looks like this
>> | diff doesn't handle this and allows only one instance in the
>> | ${_name}_rdomain rdomain. but sometimes you want multiple, say
>> | sshd in rdomain 0 and 1. daemon_rdomain flag allows me to go and
>> | create another rc.d/sshd-rdomain-1 script and stuff daemon_rdomain=1
>> | in there. but then i'd have to add it to the pkg_scripts... this
>> | is a minor issue that i see. perhaps ${_name}_rdomain should list
>> | multiple values, like sshd_rdomain=0,1,2,3.
>>
>> multiple rdomain instances might even have different daemon_flags.
>>
>> I think in addition to sshd_rdomain=0,1,2,3 the patch might handle
>> ssh_rdomain_0_flags="-C /etc/ssh/sshd_0_config". I'm guessing it
>> makes sense to add to sshd_flags= rather than over-write it, but
>> that's splitting hairs.
>>
>> I've been wondering about how to implement what you've done, and
>> have ended up with 'route -T 3 exec /etc/rc.d/... -f' in /etc/rc.local.
>>
>> I like this direction.
>
>For crazy stuff, use /etc/rc.local
Re: using -Werror-implicit-function-declaration
On Fri, Jul 11, 2014 at 14:09, Florian Obser wrote: > usr.sbin, make sure subdirs of subdirs see usr.sbin/Makefile.inc: > > Does the same thing as lpr/pac and pppd/pppstats. I have no idea if > this is the right way, but it seems to work. Cluebats welcome. I think maybe it would be nicer to create a Makefile.inc in .. and have that include ../../Makefile.inc in some cases? That would work more automagically?
Re: using -Werror-implicit-function-declaration
usr.sbin; enable -Werror-implicit-function-declaration: This has currently no effect on subdirs using Makefile.bsd-wrapper (bind, nginx, nsd, unbound). This is beeing worked on. With a workaround they have been tested and with the previous diffs are clean. diff --git usr.sbin/Makefile.inc usr.sbin/Makefile.inc index 65a01f8..5e0b499 100644 --- usr.sbin/Makefile.inc +++ usr.sbin/Makefile.inc @@ -1,3 +1,4 @@ # $OpenBSD: Makefile.inc,v 1.2 1997/09/21 11:43:04 deraadt Exp $ BINDIR?= /usr/sbin +COPTS+=-Werror-implicit-function-declaration -- I'm not entirely sure you are real.
Re: using -Werror-implicit-function-declaration
On Fri, Jul 11, 2014 at 14:03, Florian Obser wrote: > usr.sbin, missing prototypes: > > diff --git usr.sbin/mrouted/defs.h usr.sbin/mrouted/defs.h ok, with the provision that nobody ever ask me any mrouted questions.
Re: using -Werror-implicit-function-declaration
usr.sbin, make sure subdirs of subdirs see usr.sbin/Makefile.inc:
Does the same thing as lpr/pac and pppd/pppstats. I have no idea if
this is the right way, but it seems to work. Cluebats welcome.
diff --git usr.sbin/lpr/filters/Makefile usr.sbin/lpr/filters/Makefile
index be83507..7308625 100644
--- usr.sbin/lpr/filters/Makefile
+++ usr.sbin/lpr/filters/Makefile
@@ -5,4 +5,5 @@ PROG= lpf
NOMAN= noman
BINDIR=/usr/libexec/lpr
+.include "../../Makefile.inc"
.include
diff --git usr.sbin/lpr/lpq/Makefile usr.sbin/lpr/lpq/Makefile
index dcf9ec8..5829802 100644
--- usr.sbin/lpr/lpq/Makefile
+++ usr.sbin/lpr/lpq/Makefile
@@ -9,4 +9,5 @@ BINMODE=2555
BINDIR=/usr/bin
.PATH: ${.CURDIR}/../common_source
+.include "../../Makefile.inc"
.include
diff --git usr.sbin/lpr/lpr/Makefile usr.sbin/lpr/lpr/Makefile
index 29f2cdd..64fe2af 100644
--- usr.sbin/lpr/lpr/Makefile
+++ usr.sbin/lpr/lpr/Makefile
@@ -10,4 +10,5 @@ BINMODE=6555
BINDIR=/usr/bin
.PATH: ${.CURDIR}/../common_source
+.include "../../Makefile.inc"
.include
diff --git usr.sbin/lpr/lprm/Makefile usr.sbin/lpr/lprm/Makefile
index 556e16a..56ebd79 100644
--- usr.sbin/lpr/lprm/Makefile
+++ usr.sbin/lpr/lprm/Makefile
@@ -10,4 +10,5 @@ BINMODE=6555
BINDIR=/usr/bin
.PATH: ${.CURDIR}/../common_source
+.include "../../Makefile.inc"
.include
diff --git usr.sbin/mopd/mopa.out/Makefile usr.sbin/mopd/mopa.out/Makefile
index 6831136..5d37cea 100644
--- usr.sbin/mopd/mopa.out/Makefile
+++ usr.sbin/mopd/mopa.out/Makefile
@@ -7,4 +7,5 @@ SRCS= mopa.out.c file.c
CFLAGS+= -I${.CURDIR} -I${.CURDIR}/.. -I${.CURDIR}/../common
.PATH: ${.CURDIR}/../common
+.include "../../Makefile.inc"
.include
diff --git usr.sbin/mopd/mopchk/Makefile usr.sbin/mopd/mopchk/Makefile
index 99f0b25..64514af 100644
--- usr.sbin/mopd/mopchk/Makefile
+++ usr.sbin/mopd/mopchk/Makefile
@@ -16,4 +16,5 @@ version.c version.h: ${.CURDIR}/../common/VERSION
echo '#define VERSION_MINOR' $$2 ; } > version.h
+.include "../../Makefile.inc"
.include
diff --git usr.sbin/mopd/mopd/Makefile usr.sbin/mopd/mopd/Makefile
index 196d563..13d50ff 100644
--- usr.sbin/mopd/mopd/Makefile
+++ usr.sbin/mopd/mopd/Makefile
@@ -18,4 +18,5 @@ version.c version.h: ${.CURDIR}/../common/VERSION
echo '#define VERSION_MINOR' $$2 ; } > version.h
+.include "../../Makefile.inc"
.include
diff --git usr.sbin/mopd/mopprobe/Makefile usr.sbin/mopd/mopprobe/Makefile
index 75ba3d0..c5ae7ca 100644
--- usr.sbin/mopd/mopprobe/Makefile
+++ usr.sbin/mopd/mopprobe/Makefile
@@ -16,4 +16,5 @@ version.c version.h: ${.CURDIR}/../common/VERSION
{ echo '#define VERSION_MAJOR' $$1 ; \
echo '#define VERSION_MINOR' $$2 ; } > version.h
+.include "../../Makefile.inc"
.include
diff --git usr.sbin/mopd/moptrace/Makefile usr.sbin/mopd/moptrace/Makefile
index 187d2ea..ca0226b 100644
--- usr.sbin/mopd/moptrace/Makefile
+++ usr.sbin/mopd/moptrace/Makefile
@@ -17,5 +17,5 @@ version.c version.h: ${.CURDIR}/../common/VERSION
{ echo '#define VERSION_MAJOR' $$1 ; \
echo '#define VERSION_MINOR' $$2 ; } > version.h
-
+.include "../../Makefile.inc"
.include
diff --git usr.sbin/mopd/otherOS/Makefile usr.sbin/mopd/otherOS/Makefile
index 7278108..5cee108 100644
--- usr.sbin/mopd/otherOS/Makefile
+++ usr.sbin/mopd/otherOS/Makefile
@@ -236,3 +236,5 @@ version.c version.h: VERSION
echo '#define VERSION_MINOR' $$2 ; } > version.h
force: /tmp
+
+.include "../../Makefile.inc"
diff --git usr.sbin/npppd/npppd/Makefile usr.sbin/npppd/npppd/Makefile
index 421db5b..36affc9 100644
--- usr.sbin/npppd/npppd/Makefile
+++ usr.sbin/npppd/npppd/Makefile
@@ -49,5 +49,6 @@ CPPFLAGS+=-DPAP_DEBUG=1 -DCHAP_DEBUG=1
CPPFLAGS+= -DNPPPD_IFACE_DEBUG
.endif
+.include "../../Makefile.inc"
.include
.PATH: ${.CURDIR}/../common
diff --git usr.sbin/smtpd/makemap/Makefile usr.sbin/smtpd/makemap/Makefile
index bd89f4d..eca5025 100644
--- usr.sbin/smtpd/makemap/Makefile
+++ usr.sbin/smtpd/makemap/Makefile
@@ -27,4 +27,5 @@ SRCS+=table_proc.c
DPADD+= ${LIBUTIL} ${LIBCRYPTO} ${LIBZ}
LDADD+= -lutil -lcrypto -lz
+.include "../../Makefile.inc"
.include
diff --git usr.sbin/smtpd/smtpctl/Makefile usr.sbin/smtpd/smtpctl/Makefile
index ecaa63a..9518f55 100644
--- usr.sbin/smtpd/smtpctl/Makefile
+++ usr.sbin/smtpd/smtpctl/Makefile
@@ -25,4 +25,6 @@ SRCS+=to.c expand.c tree.c dict.c
LDADD+=-lutil -lz -lcrypto
DPADD+=${LIBUTIL} ${LIBZ} ${LIBCRYPTO}
+
+.include "../../Makefile.inc"
.include
diff --git usr.sbin/smtpd/smtpd/Makefile usr.sbin/smtpd/smtpd/Makefile
index eaea690..91643c0 100644
--- usr.sbin/smtpd/smtpd/Makefile
+++ usr.sbin/smtpd/smtpd/Makefile
@@ -49,4 +49,5 @@ CFLAGS+= -DIO_SSL
CFLAGS+= -DQUEUE_PROFILING
YFLAGS=
+.include "../../Makefile.inc"
.include
diff --git usr.sbin/smtpd/table-ldap/Makefile usr.sbin/smtpd/table-ldap/Makefile
index 1b
Re: using -Werror-implicit-function-declaration
usr.sbin, fix nsd/unbound configure
carefully checked that config.h and generated Makefiles don't change.
need for _XOPEN_VERSION pointed out by guenther@
diff --git usr.sbin/nsd/configure usr.sbin/nsd/configure
index d2d28c1..c2a40e8 100644
--- usr.sbin/nsd/configure
+++ usr.sbin/nsd/configure
@@ -6117,6 +6117,7 @@ else
/* end confdefs.h. */
#define _XOPEN_SOURCE
+#define _XOPEN_VERSION 4
#include
int main(void) { struct tm tm; char *res;
res = strptime("20070207111842", "%Y%m%d%H%M%S", &tm);
diff --git usr.sbin/unbound/configure usr.sbin/unbound/configure
index e540ec0..336c955 100644
--- usr.sbin/unbound/configure
+++ usr.sbin/unbound/configure
@@ -15119,6 +15119,7 @@ else
/* end confdefs.h. */
#define _XOPEN_SOURCE
+#define _XOPEN_VERSION 4
#include
int main(void) { struct tm tm; char *res;
res = strptime("2010-07-15T00:00:00+00:00",
"%t%Y%t-%t%m%t-%t%d%tT%t%H%t:%t%M%t:%t%S%t", &tm);
--
I'm not entirely sure you are real.
Re: using -Werror-implicit-function-declaration
usr.sbin, fix bind configure:
Carefully checked that config.h and generated Makefiles don't change.
diff --git usr.sbin/bind/configure usr.sbin/bind/configure
index 6e280ad..db02979 100644
--- usr.sbin/bind/configure
+++ usr.sbin/bind/configure
@@ -4596,6 +4596,8 @@ cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
+int foo1();
+
int
main ()
{
@@ -5697,6 +5699,7 @@ cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
#include
+#include
int
main ()
{
@@ -5738,6 +5741,7 @@ cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
#include
+#include
int
main ()
@@ -26856,6 +26860,8 @@ cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
#include
+#include
+#include
main() {
long long int j = 0;
char buf[100];
@@ -28439,6 +28445,7 @@ cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
+#include
main() {
exit((sizeof(void *) == 8) ? 0 : 1);
}
--
I'm not entirely sure you are real.
Re: using -Werror-implicit-function-declaration
usr.sbin, missing prototypes: diff --git usr.sbin/mrouted/defs.h usr.sbin/mrouted/defs.h index 4c9224a..45b060f 100644 --- usr.sbin/mrouted/defs.h +++ usr.sbin/mrouted/defs.h @@ -209,6 +209,7 @@ extern void accept_leave_message(u_int32_t src, u_int32_t dst, u_int32_t group); extern voidaccept_membership_query(u_int32_t src, u_int32_t dst, u_int32_t group, int tmo); +extern voidinit_installvifs(void); /* config.c */ extern voidconfig_vifs_from_kernel(void); @@ -223,6 +224,8 @@ extern char * inet_fmt(u_int32_t addr, char *s); extern char * inet_fmts(u_int32_t addr, u_int32_t mask, char *s); extern u_int32_t inet_parse(char *s); extern int inet_cksum(u_int16_t *addr, u_int len); +extern int inet_valid_host(u_int32_t naddr); +extern int inet_valid_mask(u_int32_t mask); /* prune.c */ extern unsignedkroutes; -- I'm not entirely sure you are real.
Re: [PATCH] rdomain support on rc.d
> Penned by Mike Belopuhov on 20140711 6:49.19, we have:
> | On 11 July 2014 10:29, Antoine Jacoutot wrote:
> | > On Thu, Jul 10, 2014 at 06:51:01PM +0200, LoÄc BLOT wrote:
> | >> Hello all,
> | >> I use rdomains to split routing domains per company and also separate
> | >> administration interfaces from routing interfaces on my routers (sshd,
> | >> bacula, postfix and puppetd running on a dedicated rdomain)
> | >>
> | >> Actually there is a problem with rdomains, we need to modify /etc/rc.d
> | >> scripts to add rdomain execution environment to the specified service.
> | >> If rc.subr have support to rdomains, we can let the rc.d scripts clean.
> | >>
> | >> To resolve those rdomain issues, I created a patch and I added a new
> | >> variable we could use on rc.conf(.local), ${_name}_rdomain. (This
> | >> variable needs a signed integer and use an existing rdomain, this is
> | >> checked by rc.subr.
> | >>
> | >> I want to contribute to OpenBSD and I give you this patch. If you have
> | >> any suggestions to improve it, tell me.
> | >
> | > I don't use rdomain so someone knowledgeable should comment here.
> | > But it does look like a nice idea.
> | >
> |
> | having something like this would be really cool. in case you'll be
> | tweaking the code, make sure that the "route -T exec printf" check
> | is preserved. i would use "true" in this test however.
> |
> | as far as i can tell the daemon_rdomain bit that goes into the rc
> | script is fine, however i'm not quite sure how can i start two
> | daemons in different rdomains via rc.conf.local. looks like this
> | diff doesn't handle this and allows only one instance in the
> | ${_name}_rdomain rdomain. but sometimes you want multiple, say
> | sshd in rdomain 0 and 1. daemon_rdomain flag allows me to go and
> | create another rc.d/sshd-rdomain-1 script and stuff daemon_rdomain=1
> | in there. but then i'd have to add it to the pkg_scripts... this
> | is a minor issue that i see. perhaps ${_name}_rdomain should list
> | multiple values, like sshd_rdomain=0,1,2,3.
>
> multiple rdomain instances might even have different daemon_flags.
>
> I think in addition to sshd_rdomain=0,1,2,3 the patch might handle
> ssh_rdomain_0_flags="-C /etc/ssh/sshd_0_config". I'm guessing it
> makes sense to add to sshd_flags= rather than over-write it, but
> that's splitting hairs.
>
> I've been wondering about how to implement what you've done, and
> have ended up with 'route -T 3 exec /etc/rc.d/... -f' in /etc/rc.local.
>
> I like this direction.
For crazy stuff, use /etc/rc.local
Re: [PATCH] rdomain support on rc.d
Penned by Mike Belopuhov on 20140711 6:49.19, we have:
| On 11 July 2014 10:29, Antoine Jacoutot wrote:
| > On Thu, Jul 10, 2014 at 06:51:01PM +0200, Loďc BLOT wrote:
| >> Hello all,
| >> I use rdomains to split routing domains per company and also separate
| >> administration interfaces from routing interfaces on my routers (sshd,
| >> bacula, postfix and puppetd running on a dedicated rdomain)
| >>
| >> Actually there is a problem with rdomains, we need to modify /etc/rc.d
| >> scripts to add rdomain execution environment to the specified service.
| >> If rc.subr have support to rdomains, we can let the rc.d scripts clean.
| >>
| >> To resolve those rdomain issues, I created a patch and I added a new
| >> variable we could use on rc.conf(.local), ${_name}_rdomain. (This
| >> variable needs a signed integer and use an existing rdomain, this is
| >> checked by rc.subr.
| >>
| >> I want to contribute to OpenBSD and I give you this patch. If you have
| >> any suggestions to improve it, tell me.
| >
| > I don't use rdomain so someone knowledgeable should comment here.
| > But it does look like a nice idea.
| >
|
| having something like this would be really cool. in case you'll be
| tweaking the code, make sure that the "route -T exec printf" check
| is preserved. i would use "true" in this test however.
|
| as far as i can tell the daemon_rdomain bit that goes into the rc
| script is fine, however i'm not quite sure how can i start two
| daemons in different rdomains via rc.conf.local. looks like this
| diff doesn't handle this and allows only one instance in the
| ${_name}_rdomain rdomain. but sometimes you want multiple, say
| sshd in rdomain 0 and 1. daemon_rdomain flag allows me to go and
| create another rc.d/sshd-rdomain-1 script and stuff daemon_rdomain=1
| in there. but then i'd have to add it to the pkg_scripts... this
| is a minor issue that i see. perhaps ${_name}_rdomain should list
| multiple values, like sshd_rdomain=0,1,2,3.
multiple rdomain instances might even have different daemon_flags.
I think in addition to sshd_rdomain=0,1,2,3 the patch might handle
ssh_rdomain_0_flags="-C /etc/ssh/sshd_0_config". I'm guessing it
makes sense to add to sshd_flags= rather than over-write it, but
that's splitting hairs.
I've been wondering about how to implement what you've done, and
have ended up with 'route -T 3 exec /etc/rc.d/... -f' in /etc/rc.local.
I like this direction.
Thanks,
--
Todd T. Fries . http://todd.fries.net/pgp.txt . @unix2mars . github:toddfries
Re: diff: Option to use duids in /etc/dumpdates
On 07/11/14 14:33, Maximilian Fillinger wrote:
> On Fri, 2014-07-11 at 14:22 +0200, Alexander Hall wrote:
>> If there are no other objections, I'd like to commit this today.
>
> Just don't forget to get rid of this
>> + } else { fprintf(stderr, "duid: %s\n", duid); }
> before committing.
>
Hmm... You've got a point there... :-P
Still looking for OK's.
/Alexander
Index: include/protocols/dumprestore.h
===
RCS file: /cvs/src/include/protocols/dumprestore.h,v
retrieving revision 1.9
diff -u -p -r1.9 dumprestore.h
--- include/protocols/dumprestore.h 15 Dec 2009 13:11:42 - 1.9
+++ include/protocols/dumprestore.h 11 Jul 2014 13:16:41 -
@@ -152,8 +152,8 @@ union u_spcl {
#define DR_NEWHEADER 0x0001 /* new format tape header */
#define DR_NEWINODEFMT 0x0002 /* new format inodes on tape */
-#defineDUMPOUTFMT "%-16s %c %s" /* for printf */
+#defineDUMPOUTFMT "%-18s %c %s" /* for printf */
/* name, level, ctime(date) */
-#defineDUMPINFMT "%16s %c %[^\n]\n" /* inverse for scanf */
+#defineDUMPINFMT "%18s %c %[^\n]\n" /* inverse for scanf */
#endif /* !_PROTOCOLS_DUMPRESTORE_H_ */
Index: sbin/dump/Makefile
===
RCS file: /cvs/src/sbin/dump/Makefile,v
retrieving revision 1.11
diff -u -p -r1.11 Makefile
--- sbin/dump/Makefile 6 Jan 2013 21:59:28 - 1.11
+++ sbin/dump/Makefile 11 Jul 2014 13:16:41 -
@@ -14,6 +14,8 @@
PROG= dump
LINKS= ${BINDIR}/dump ${BINDIR}/rdump
CFLAGS+=-DRDUMP
+DPADD+=${LIBUTIL}
+LDADD+=-lutil
SRCS= itime.c main.c optr.c dumprmt.c tape.c traverse.c
MAN= dump.8
MLINKS+=dump.8 rdump.8
Index: sbin/dump/dump.8
===
RCS file: /cvs/src/sbin/dump/dump.8,v
retrieving revision 1.46
diff -u -p -r1.46 dump.8
--- sbin/dump/dump.830 May 2014 20:48:21 - 1.46
+++ sbin/dump/dump.811 Jul 2014 13:16:41 -
@@ -40,7 +40,7 @@
.Sh SYNOPSIS
.Nm dump
.Bk -words
-.Op Fl 0123456789acnSuWw
+.Op Fl 0123456789acnSUuWw
.Op Fl B Ar records
.Op Fl b Ar blocksize
.Op Fl d Ar density
@@ -229,6 +229,13 @@ The
flag is mutually exclusive from the
.Fl u
flag.
+.It Fl U
+Use the
+.Xr disklabel 8
+UID instead of the device name when updating
+.Pa /etc/dumpdates
+and when searching for the date of the latest
+lower-level dump.
.It Fl u
Update the file
.Pa /etc/dumpdates
Index: sbin/dump/dump.h
===
RCS file: /cvs/src/sbin/dump/dump.h,v
retrieving revision 1.20
diff -u -p -r1.20 dump.h
--- sbin/dump/dump.h13 Jun 2014 20:43:06 - 1.20
+++ sbin/dump/dump.h11 Jul 2014 13:16:41 -
@@ -56,9 +56,11 @@ char *disk; /* name of the disk file */
char *tape; /* name of the tape file */
char *dumpdates; /* name of the file containing dump date information*/
char *temp; /* name of the file for doing rewrite of dumpdates */
+char *duid; /* duid of the disk being dumped */
char lastlevel; /* dump level of previous dump */
char level; /* dump level of this dump */
intuflag; /* update flag */
+intUflag; /* use duids in dumpdates flag */
intdiskfd; /* disk file descriptor */
inttapefd; /* tape file descriptor */
intpipeout;/* true => output to standard output */
Index: sbin/dump/itime.c
===
RCS file: /cvs/src/sbin/dump/itime.c,v
retrieving revision 1.17
diff -u -p -r1.17 itime.c
--- sbin/dump/itime.c 27 Oct 2009 23:59:32 - 1.17
+++ sbin/dump/itime.c 11 Jul 2014 13:16:41 -
@@ -124,7 +124,7 @@ getdumptime(void)
int i;
char *fname;
- fname = disk;
+ fname = Uflag ? duid : disk;
#ifdef FDEBUG
msg("Looking for name %s in dumpdates = %s for level = %c\n",
fname, dumpdates, level);
@@ -164,7 +164,7 @@ putdumptime(void)
quit("cannot rewrite %s: %s\n", dumpdates, strerror(errno));
fd = fileno(df);
(void) flock(fd, LOCK_EX);
- fname = disk;
+ fname = Uflag ? duid : disk;
free((char *)ddatev);
ddatev = 0;
nddates = 0;
Index: sbin/dump/main.c
===
RCS file: /cvs/src/sbin/dump/main.c,v
retrieving revision 1.51
diff -u -p -r1.51 main.c
--- sbin/dump/main.c13 Jun 2014 20:43:06 - 1.51
+++ sbin/dump/main.c11 Jul 2014 13:16:41 -
@@ -54,6 +54,7 @@
#include
#include
#include
+#include
#include "dump.h"
#include "pathnames.h"
@@ -94,8 +95,9 @@ main(int argc, char *argv[])
ino_t maxino;
time_t t;
int dirlist;
- ch
Re: sshd add back hmac-sha1
yes please. On Fri, Jul 11, 2014 at 3:32 AM, Ted Unangst wrote: > I think the proposal rampaging went one algorithm too far. sha1 is the > best algorithm supported by many clients and it's still pretty secure. > without it, a lot of clients have stopped working. temporarily alieve > the pain? > > > Index: myproposal.h > === > RCS file: /cvs/src/usr.bin/ssh/myproposal.h,v > retrieving revision 1.40 > diff -u -p -r1.40 myproposal.h > --- myproposal.h30 Apr 2014 19:07:48 - 1.40 > +++ myproposal.h11 Jul 2014 09:31:21 - > @@ -69,19 +69,19 @@ > "umac-128-...@openssh.com," \ > "hmac-sha2-256-...@openssh.com," \ > "hmac-sha2-512-...@openssh.com," \ > + "hmac-sha1-...@openssh.com," \ > "umac...@openssh.com," \ > "umac-...@openssh.com," \ > "hmac-sha2-256," \ > - "hmac-sha2-512" \ > + "hmac-sha2-512," \ > + "hmac-sha1" > > #define KEX_CLIENT_MAC KEX_SERVER_MAC "," \ > "hmac-md5-...@openssh.com," \ > - "hmac-sha1-...@openssh.com," \ > "hmac-ripemd160-...@openssh.com," \ > "hmac-sha1-96-...@openssh.com," \ > "hmac-md5-96-...@openssh.com," \ > "hmac-md5," \ > - "hmac-sha1," \ > "hmac-ripemd160," \ > "hmac-ripemd...@openssh.com," \ > "hmac-sha1-96," \ > @@ -102,16 +102,16 @@ > "umac-128-...@openssh.com," \ > "hmac-sha2-256-...@openssh.com," \ > "hmac-sha2-512-...@openssh.com," \ > + "hmac-sha1-...@openssh.com," \ > "umac...@openssh.com," \ > "umac-...@openssh.com," \ > "hmac-sha2-256," \ > - "hmac-sha2-512" > + "hmac-sha2-512," \ > + "hmac-sha1" > > #define KEX_CLIENT_KEX KEX_SERVER_KEX > #defineKEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT > -#define KEX_CLIENT_MAC KEX_SERVER_MAC "," \ > - "hmac-sha1-...@openssh.com," \ > - "hmac-sha1" > +#define KEX_CLIENT_MAC KEX_SERVER_MAC > > #endif /* WITH_OPENSSL */ > >
Re: sshd add back hmac-sha1
On 07/11/14 11:32, Ted Unangst wrote: I think the proposal rampaging went one algorithm too far. sha1 is the best algorithm supported by many clients and it's still pretty secure. without it, a lot of clients have stopped working. temporarily alieve the pain? Naaa.. You did this just for me? I'd love taking out the specials from my sshd_config... :-) /Alexander
Re: diff: Option to use duids in /etc/dumpdates
On Fri, 2014-07-11 at 14:22 +0200, Alexander Hall wrote:
> If there are no other objections, I'd like to commit this today.
Just don't forget to get rid of this
> + } else { fprintf(stderr, "duid: %s\n", duid); }
before committing.
Re: diff: Option to use duids in /etc/dumpdates
On 07/11/14 01:15, Maximilian Fillinger wrote:
On 07/10/14 16:28, Alexander Hall wrote:
Anyway, I worked on your diff a bit more:
- keep having -U and -u separate (as discussed)
- use Uflag instead of duidflag
- bail out if the duid is all 0.
- allow specifying the drive to dump by . on the
command line. Subject to race conditions, but no more than the
current code.
Do you think this makes sense, and can you please test if this works
for you?
Works for me. I think it's good, but I'd suggest some more changes:
- if the user already gives us the duid, don't read the disklabel
I suspect you mean the opposite, i.e. don't opendev() unless isduid().
What's the point? I'd rather leave that to opendev.
- added messages regarding duid-handling
We usually just accept the input. I don't think any other DUID handling
program does that.
The device being dumped is already printed in the output.
A new diff for main.c follows below.
In the new diff, we only use opendev when isduid returns true,
so I think we could replace it with diskmap(4), but I don't feel like
figuring that out right now. Also, should we abort if the user
specifies an all-zero duid on the command line?
Would an all-zero DUID match a disk with an all-zero DUID? If so, I'd
say that's questionable behaviour of diskmap(4), if anything.
No offence, but I don't think these changes add value to the diff.
If there are no other objections, I'd like to commit this today.
OK's please?
/Alexander
===
RCS file: sbin/dump/RCS/main.c,v
retrieving revision 1.1
retrieving revision 1.4
diff -u -p -r1.1 -r1.4
--- sbin/dump/main.c2014/06/24 21:35:37 1.1
+++ sbin/dump/main.c2014/07/10 23:41:03 1.4
@@ -54,6 +54,7 @@
#include
#include
#include
+#include
#include "dump.h"
#include "pathnames.h"
@@ -94,8 +95,9 @@ main(int argc, char *argv[])
ino_t maxino;
time_t t;
int dirlist;
- char *toplevel, *str, *mount_point = NULL;
+ char *toplevel, *str, *mount_point = NULL, *realpath;
int just_estimate = 0;
+ u_int64_t zero_uid = 0;
spcl.c_date = (int64_t)time(NULL);
@@ -112,7 +114,7 @@ main(int argc, char *argv[])
usage();
obsolete(&argc, &argv);
- while ((ch = getopt(argc, argv, "0123456789aB:b:cd:f:h:ns:ST:uWw")) !=
-1)
+ while ((ch = getopt(argc, argv, "0123456789aB:b:cd:f:h:ns:ST:UuWw")) !=
-1)
switch (ch) {
/* dump level */
case '0': case '1': case '2': case '3': case '4':
@@ -180,6 +182,10 @@ main(int argc, char *argv[])
lastlevel = '?';
break;
+ case 'U':
+ Uflag = 1; /* use duids */
+ break;
+
case 'u': /* update /etc/dumpdates */
uflag = 1;
break;
@@ -213,6 +219,18 @@ main(int argc, char *argv[])
for (i = 0; i < argc; i++) {
struct stat sb;
+ /* Convert potential duid into a device name */
+ if (isduid(argv[i], 0) && (diskfd = opendev(argv[i],
+ O_RDONLY | O_NOFOLLOW, 0, &realpath)) >= 0) {
+ duid = argv[i];
+ argv[i] = strdup(realpath);
+ if (argv[i] == NULL) {
+ msg("Cannot malloc realpath\n");
+ exit(X_STARTUP);
+ }
+ (void)close(diskfd);
+ msg("DUID %s maps to %s\n", duid, realpath);
+ }
if (lstat(argv[i], &sb) == -1) {
msg("Cannot lstat %s: %s\n", argv[i], strerror(errno));
exit(X_STARTUP);
@@ -370,6 +388,28 @@ main(int argc, char *argv[])
(void)gethostname(spcl.c_host, sizeof(spcl.c_host));
spcl.c_level = level - '0';
spcl.c_type = TS_TAPE;
+
+ if ((diskfd = open(disk, O_RDONLY)) < 0) {
+ msg("Cannot open %s\n", disk);
+ exit(X_STARTUP);
+ }
+ if (Uflag && duid == NULL) {
+ if (ioctl(diskfd, DIOCGDINFO, (char *)&lab) < 0)
+ err(1, "ioctl (DIOCGDINFO)");
+ if (memcmp(lab.d_uid, &zero_uid, sizeof(lab.d_uid)) == 0) {
+ msg("Cannot find DUID of disk %s\n", disk);
+ exit(X_STARTUP);
+ }
+ if (asprintf(&duid,
+ "%02hhx%02hhx%02hhx%02hhx%02hhx%02hhx%02hhx%02hhx.%c",
+ lab.d_uid[0], lab.d_uid[1], lab.d_uid[2], lab.d_uid[3],
+ lab.d_uid[4], lab.d_uid[5], lab.d_uid[6], lab.d_uid[7],
+ disk[strlen(disk)-1]) == -1) {
+ msg("Cannot malloc duid\n");
+ exit(X_STARTUP);
+
Re: faster malloc in threads
On Fri, Jul 11, 2014 at 13:56, Otto Moerbeek wrote:
> On Fri, Jul 11, 2014 at 06:28:04AM -0400, Ted Unangst wrote:
>
>> We don't need to hold the malloc lock when making syscalls like mmap
>> and munmap if we're just a little careful about the order of
>> operations. This will allow other threads to concurrently allocate
>> perhaps smaller chunks while the first thread is in the kernel.
>>
>> This makes a huge difference in a simple benchmark that allocates
>> chunks in one thread and pages in a second thread. The chunk thread
>> finishes almost immediately, instead of contending for the lock and
>> running as slowly as the page thread. Admittedly contrived benchmark,
>> but the changes are very simple so I think it's worth it.
>>
>> There are some other possibly expensive operations to tweak, but this
>> covers the smallest, simplest sections.
>
> I very much like the idea, athough it is tricky.
>
> The realloc case is seems wrong: if the hash table is extended during
> during MQUERY/MMAPA, r points to garbage and the r->size assignment is
> wrong.
>
> I also think there's one simple case that can be added: the MMAP call
> at the bottom of map().
thank you. agreed.
Index: stdlib/malloc.c
===
RCS file: /cvs/src/lib/libc/stdlib/malloc.c,v
retrieving revision 1.170
diff -u -p -r1.170 malloc.c
--- stdlib/malloc.c 9 Jul 2014 19:11:00 - 1.170
+++ stdlib/malloc.c 11 Jul 2014 12:09:28 -
@@ -93,6 +93,15 @@
#define MQUERY(a, sz) mquery((a), (size_t)(sz), PROT_READ | PROT_WRITE, \
MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, (off_t)0)
+#define KERNENTER() if (__isthreaded) do { \
+ malloc_active--; \
+ _MALLOC_UNLOCK(); \
+} while (0)
+#define KERNEXIT() if (__isthreaded) do { \
+ _MALLOC_LOCK(); \
+ malloc_active++; \
+} while (0)
+
struct region_info {
void *p;/* page; low bits used to mark chunks */
uintptr_t size; /* size for pages, or chunk_info pointer */
@@ -312,7 +321,10 @@ unmap(struct dir_info *d, void *p, size_
}
if (psz > mopts.malloc_cache) {
- if (munmap(p, sz))
+ KERNENTER();
+ i = munmap(p, sz);
+ KERNEXIT();
+ if (i)
wrterror("munmap", p);
STATS_SUB(d->malloc_used, sz);
return;
@@ -396,7 +408,9 @@ map(struct dir_info *d, size_t sz, int z
return MAP_FAILED;
}
if (psz > d->free_regions_size) {
+ KERNENTER();
p = MMAP(sz);
+ KERNEXIT();
if (p != MAP_FAILED)
STATS_ADD(d->malloc_used, sz);
/* zero fill not needed */
@@ -408,18 +422,20 @@ map(struct dir_info *d, size_t sz, int z
if (r->p != NULL) {
if (r->size == psz) {
p = r->p;
+ r->p = NULL;
+ r->size = 0;
+ d->free_regions_size -= psz;
+ KERNENTER();
if (mopts.malloc_freeunmap)
mprotect(p, sz, PROT_READ | PROT_WRITE);
if (mopts.malloc_hint)
madvise(p, sz, MADV_NORMAL);
- r->p = NULL;
- r->size = 0;
- d->free_regions_size -= psz;
if (zero_fill)
memset(p, 0, sz);
else if (mopts.malloc_junk == 2 &&
mopts.malloc_freeunmap)
memset(p, SOME_FREEJUNK, sz);
+ KERNEXIT();
return p;
} else if (r->size > psz)
big = r;
@@ -440,7 +456,9 @@ map(struct dir_info *d, size_t sz, int z
memset(p, SOME_FREEJUNK, sz);
return p;
}
+ KERNENTER();
p = MMAP(sz);
+ KERNEXIT();
if (p != MAP_FAILED)
STATS_ADD(d->malloc_used, sz);
if (d->free_regions_size > mopts.malloc_cache)
Re: sshd add back hmac-sha1
* Ted Unangst [2014-07-11 11:32]: > I think the proposal rampaging went one algorithm too far. sha1 is the > best algorithm supported by many clients and it's still pretty secure. > without it, a lot of clients have stopped working. temporarily alieve > the pain? yes, please. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
Re: lynx: disable old protocols
* Paul Irofti [2014-07-11 11:40]: > No, gopher can't go! just do pkg_gyp gopher to get over it. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
Re: lynx: disable old protocols
* Stuart Henderson [2014-07-11 10:49]: > Should we just move lynx to packages? hmm. having a simple text browser in base is worthwile imo. and if it is just to download sth where i don't know the exact URL. personally, I haven't used lynx for anything but http and https in... what, a decade? -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
Re: faster malloc in threads
On Fri, Jul 11, 2014 at 06:28:04AM -0400, Ted Unangst wrote:
> We don't need to hold the malloc lock when making syscalls like mmap
> and munmap if we're just a little careful about the order of
> operations. This will allow other threads to concurrently allocate
> perhaps smaller chunks while the first thread is in the kernel.
>
> This makes a huge difference in a simple benchmark that allocates
> chunks in one thread and pages in a second thread. The chunk thread
> finishes almost immediately, instead of contending for the lock and
> running as slowly as the page thread. Admittedly contrived benchmark,
> but the changes are very simple so I think it's worth it.
>
> There are some other possibly expensive operations to tweak, but this
> covers the smallest, simplest sections.
I very much like the idea, athough it is tricky.
The realloc case is seems wrong: if the hash table is extended during
during MQUERY/MMAPA, r points to garbage and the r->size assignment is
wrong.
I also think there's one simple case that can be added: the MMAP call
at the bottom of map().
-Otto
>
> Index: malloc.c
> ===
> RCS file: /cvs/src/lib/libc/stdlib/malloc.c,v
> retrieving revision 1.170
> diff -u -p -r1.170 malloc.c
> --- malloc.c 9 Jul 2014 19:11:00 - 1.170
> +++ malloc.c 11 Jul 2014 10:23:10 -
> @@ -93,6 +93,15 @@
> #define MQUERY(a, sz)mquery((a), (size_t)(sz), PROT_READ |
> PROT_WRITE, \
> MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, (off_t)0)
>
> +#define KERNENTER() if (__isthreaded) do { \
> + malloc_active--; \
> + _MALLOC_UNLOCK(); \
> +} while (0)
> +#define KERNEXIT() if (__isthreaded) do { \
> + _MALLOC_LOCK(); \
> + malloc_active++; \
> +} while (0)
> +
> struct region_info {
> void *p;/* page; low bits used to mark chunks */
> uintptr_t size; /* size for pages, or chunk_info pointer */
> @@ -312,7 +321,10 @@ unmap(struct dir_info *d, void *p, size_
> }
>
> if (psz > mopts.malloc_cache) {
> - if (munmap(p, sz))
> + KERNENTER();
> + i = munmap(p, sz);
> + KERNEXIT();
> + if (i)
> wrterror("munmap", p);
> STATS_SUB(d->malloc_used, sz);
> return;
> @@ -396,7 +408,9 @@ map(struct dir_info *d, size_t sz, int z
> return MAP_FAILED;
> }
> if (psz > d->free_regions_size) {
> + KERNENTER();
> p = MMAP(sz);
> + KERNEXIT();
> if (p != MAP_FAILED)
> STATS_ADD(d->malloc_used, sz);
> /* zero fill not needed */
> @@ -408,18 +422,20 @@ map(struct dir_info *d, size_t sz, int z
> if (r->p != NULL) {
> if (r->size == psz) {
> p = r->p;
> + r->p = NULL;
> + r->size = 0;
> + d->free_regions_size -= psz;
> + KERNENTER();
> if (mopts.malloc_freeunmap)
> mprotect(p, sz, PROT_READ | PROT_WRITE);
> if (mopts.malloc_hint)
> madvise(p, sz, MADV_NORMAL);
> - r->p = NULL;
> - r->size = 0;
> - d->free_regions_size -= psz;
> if (zero_fill)
> memset(p, 0, sz);
> else if (mopts.malloc_junk == 2 &&
> mopts.malloc_freeunmap)
> memset(p, SOME_FREEJUNK, sz);
> + KERNEXIT();
> return p;
> } else if (r->size > psz)
> big = r;
> @@ -1317,11 +1333,13 @@ orealloc(void *p, size_t newsz, void *f)
>
> STATS_INC(pool->cheap_realloc_tries);
> zapcacheregion(pool, hint, needed);
> + KERNENTER();
> q = MQUERY(hint, needed);
> if (q == hint)
> q = MMAPA(hint, needed);
> else
> q = MAP_FAILED;
> + KERNEXIT();
> if (q == hint) {
> STATS_ADD(pool->malloc_used, needed);
> if (mopts.malloc_junk == 2)
>
Re: tun TUNDOIOVEC ioctl
* Matthew Dempsky [2014-07-10 22:56]: > On Thu, Jul 10, 2014 at 1:20 PM, Ted Unangst wrote: > > Thoughts? > > Seems kind of hacky to me, but if it results in significant > performance improvements in real world uses, then I could be swayed > since it's not very intrusive either. indeed. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
Re: [PATCH] rdomain support on rc.d
On 11 July 2014 10:29, Antoine Jacoutot wrote:
> On Thu, Jul 10, 2014 at 06:51:01PM +0200, Loďc BLOT wrote:
>> Hello all,
>> I use rdomains to split routing domains per company and also separate
>> administration interfaces from routing interfaces on my routers (sshd,
>> bacula, postfix and puppetd running on a dedicated rdomain)
>>
>> Actually there is a problem with rdomains, we need to modify /etc/rc.d
>> scripts to add rdomain execution environment to the specified service.
>> If rc.subr have support to rdomains, we can let the rc.d scripts clean.
>>
>> To resolve those rdomain issues, I created a patch and I added a new
>> variable we could use on rc.conf(.local), ${_name}_rdomain. (This
>> variable needs a signed integer and use an existing rdomain, this is
>> checked by rc.subr.
>>
>> I want to contribute to OpenBSD and I give you this patch. If you have
>> any suggestions to improve it, tell me.
>
> I don't use rdomain so someone knowledgeable should comment here.
> But it does look like a nice idea.
>
having something like this would be really cool. in case you'll be
tweaking the code, make sure that the "route -T exec printf" check
is preserved. i would use "true" in this test however.
as far as i can tell the daemon_rdomain bit that goes into the rc
script is fine, however i'm not quite sure how can i start two
daemons in different rdomains via rc.conf.local. looks like this
diff doesn't handle this and allows only one instance in the
${_name}_rdomain rdomain. but sometimes you want multiple, say
sshd in rdomain 0 and 1. daemon_rdomain flag allows me to go and
create another rc.d/sshd-rdomain-1 script and stuff daemon_rdomain=1
in there. but then i'd have to add it to the pkg_scripts... this
is a minor issue that i see. perhaps ${_name}_rdomain should list
multiple values, like sshd_rdomain=0,1,2,3.
Re: lynx: disable old protocols
I would know of its existence, but likely not install it. As I said, I have workarounds. I remember how bad the code was years ago, so I agree with the idea in general, but it will be a pain in the butt for me every once in a while :-(. -Adam On July 11, 2014 4:03:29 AM CDT, Theo de Raadt wrote: >If lynx was removed from base, and only available in ports... how many >of >you would even know of it's existance and use it? -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Re: sshd add back hmac-sha1
On Fri, Jul 11, 2014 at 05:32:20AM -0400, Ted Unangst wrote: > I think the proposal rampaging went one algorithm too far. sha1 is the > best algorithm supported by many clients and it's still pretty secure. > without it, a lot of clients have stopped working. temporarily alieve > the pain? I for one would very much welcome this > Index: myproposal.h > === > RCS file: /cvs/src/usr.bin/ssh/myproposal.h,v > retrieving revision 1.40 > diff -u -p -r1.40 myproposal.h > --- myproposal.h 30 Apr 2014 19:07:48 - 1.40 > +++ myproposal.h 11 Jul 2014 09:31:21 - > @@ -69,19 +69,19 @@ > "umac-128-...@openssh.com," \ > "hmac-sha2-256-...@openssh.com," \ > "hmac-sha2-512-...@openssh.com," \ > + "hmac-sha1-...@openssh.com," \ > "umac...@openssh.com," \ > "umac-...@openssh.com," \ > "hmac-sha2-256," \ > - "hmac-sha2-512" \ > + "hmac-sha2-512," \ > + "hmac-sha1" > > #define KEX_CLIENT_MAC KEX_SERVER_MAC "," \ > "hmac-md5-...@openssh.com," \ > - "hmac-sha1-...@openssh.com," \ > "hmac-ripemd160-...@openssh.com," \ > "hmac-sha1-96-...@openssh.com," \ > "hmac-md5-96-...@openssh.com," \ > "hmac-md5," \ > - "hmac-sha1," \ > "hmac-ripemd160," \ > "hmac-ripemd...@openssh.com," \ > "hmac-sha1-96," \ > @@ -102,16 +102,16 @@ > "umac-128-...@openssh.com," \ > "hmac-sha2-256-...@openssh.com," \ > "hmac-sha2-512-...@openssh.com," \ > + "hmac-sha1-...@openssh.com," \ > "umac...@openssh.com," \ > "umac-...@openssh.com," \ > "hmac-sha2-256," \ > - "hmac-sha2-512" > + "hmac-sha2-512," \ > + "hmac-sha1" > > #define KEX_CLIENT_KEX KEX_SERVER_KEX > #define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT > -#define KEX_CLIENT_MAC KEX_SERVER_MAC "," \ > - "hmac-sha1-...@openssh.com," \ > - "hmac-sha1" > +#define KEX_CLIENT_MAC KEX_SERVER_MAC > > #endif /* WITH_OPENSSL */ > > -- Antoine
Re: Proposition
Fair point Reyk, I honestly did not think about this daemon approach ! Thanks for your inputs ! On 11 July 2014 11:59, Reyk Floeter wrote: > Hi, > > On Fri, Jul 11, 2014 at 11:33:19AM +0100, David Carlier wrote: > > I was wondering if a generic small geoloc lib might interest ? which can > > load dynamically any geo localisation library via dlopen and so on ... to > > get, let's say, a country code with an ip address ... can serve for some > > purposes (I ll use it for geolocalisation load balancing via relayd) ... > > > > I would not support plugins or a dlopen() approach in relayd. And > doing dlopen in an external library isn't very nice either. > > So what information would relayd need for geolocalisation? Do you > have more details about the concepts? You could run your > geolocalisation service as a daemon itself and let relayd connect via > a UNIX socket to query the required information. > > In relayd, the "query an external tool via the socket to get the > destination" could be fairly generic and doesn't even have to be > geolocalisation- specific. It could be configured as part of the new > filter rules that I committed yesterday. > > Reyk >
Re: PATCH: misc mkstemp and fdopen fixes
On Fri, Jul 11, 2014 at 12:19:22PM +0200, Philip Guenther wrote: > This should call warn() before unlink() or close() to guarantee that the > correct errno value is reported. Philip, I see what you are saying. I was following the man page example in mkstemp(3) which calls warn() after unlink/close. I'll update the patch. I see a number of places in the tree which call warn like the man page example. I'll submit a patch to fix those too. Thanks!
Re: sort(1) updates
On Fri, Jul 11, 2014 at 12:25:01AM -0400, Jared Yanovich wrote: > On Sun, Jul 06, 2014 at 09:03:17PM +0200, Otto Moerbeek wrote: > > > > Alternatively we could just import the FreeBSD sort(1) rewrite from 2012. > > > > Did you try to > > port it? I won't have time the coming weeks, I'll be on vacation. > > Have fun! When you get back, some notes: > > - there is a lot of fluff that I would guess is there simply for GNU sort(1) >compatibility, like -M (month sort) and -V (version number sort). > > - this version retains the parallel support (pthreads) > > - I retained the original -R (record separator) support instead of -R >for random > > Some of the tests in our regress appear to be wrong (specifically the -b tests > but also a few others). Other than that, this new sort is faster against a > few > quick workloads I whipped up. Completes system 'make build' on amd64. > i do not think that we should just slap in freebsd's page willy nilly (which i presume is what's happening here). i know that makes things nice and easy for you, but i want to see a diff that just documents any changes to current behaviour. then we can look at updating bits of it where you think the freebsd text is better than ours. jmc > Index: sort.1 > === > RCS file: /cvs/src/usr.bin/sort/sort.1,v > retrieving revision 1.40 > diff -u -p -r1.40 sort.1 > --- sort.124 Aug 2013 22:18:05 - 1.40 > +++ sort.111 Jul 2014 04:07:07 - > @@ -1,4 +1,5 @@ > -.\" $OpenBSD: sort.1,v 1.40 2013/08/24 22:18:05 jmc Exp $ > +.\" $OpenBSD: sort.1,v 1.31 2007/08/21 21:22:37 millert Exp $ > +.\" $FreeBSD: head/usr.bin/sort/sort.1.in 264918 2014-04-25 15:27:19Z > bdrewery $ > .\" > .\" Copyright (c) 1991, 1993 > .\" The Regents of the University of California. All rights reserved. > @@ -32,44 +33,46 @@ > .\" > .\" @(#)sort.1 8.1 (Berkeley) 6/6/93 > .\" > -.Dd $Mdocdate: August 24 2013 $ > +.Dd $Mdocdate$ > .Dt SORT 1 > .Os > .Sh NAME > .Nm sort > -.Nd sort, merge, or sequence check text files > +.Nd sort, merge, or sequence check text and binary files > .Sh SYNOPSIS > .Nm sort > -.Op Fl bCcdfHimnrsuz > +.Op Fl bCcdfghiMmnRrsuVz > .Sm off > .Op Fl k\ \& Ar field1 Op , Ar field2 > .Sm on > .Op Fl o Ar output > -.Op Fl R Ar char > -.Bk -words > +.Op Fl R Ar record-separator > +.Op Fl S Ar memsize > .Op Fl T Ar dir > -.Ek > .Op Fl t Ar char > -.Op Ar > +.Op Ar file ... > .Sh DESCRIPTION > The > .Nm > -utility sorts text files by lines, > -operating in one of three modes: sort, merge, or check. > -In sort mode, the specified files are combined and sorted > -by line. > -Merge mode is the same as sort mode except that the input > -files are assumed to be pre-sorted. > -In check mode, a single input file is checked to ensure that > -it is correctly sorted. > -.Pp > -Comparisons are based on one or more sort keys extracted > -from each line of input, and are performed lexicographically. > +utility sorts text and binary files by lines. > +A line is a record separated from the subsequent record by a > +newline (default) or NUL > +.Sq \e0 > +character > +.Po Fl z > +option > +.Pc . > +A record can contain any printable or unprintable characters. > +Comparisons are based on one or more sort keys extracted from > +each line of input, and are performed lexicographically, > +according to the current locale's collating rules and the > +specified command-line options that can tune the actual > +sorting behavior. > By default, if keys are not given, > .Nm > -regards each input line as a single field. > +uses entire lines for comparison. > .Pp > -The options are as follows: > +The command line options are as follows: > .Bl -tag -width Ds > .It Fl C > Check that the single input file is sorted. > @@ -82,123 +85,159 @@ but additionally write a message to > .Em stderr > if the input file is not sorted. > .It Fl m > -Merge only; the input files are assumed to be pre-sorted. > -This option is overridden by the > -.Fl C > -or > -.Fl c > -options, > -if they are also present. > +Merge only. > +The input files are assumed to be pre-sorted. > +If they are not sorted the output order is undefined. > .It Fl o Ar output > -The argument given is the name of an > +Print the output to the > .Ar output > -file to be used instead of the standard output. > -This file can be the same as one of the input files. > -.It Fl T Ar dir > +file instead of the standard output. > +.It Fl S Ar size > Use > -.Ar dir > -as the directory for temporary files. > -The default is the contents of the environment variable > +.Ar size > +for the maximum size of the memory buffer. > +Size modifiers %,b,K,M,G,T,P,E,Z,Y can be used. > +If a memory limit is not explicitly specified, > +.Nm > +takes up to about 90% of available memory. > +If the file size is too big to fit into the memory buffer, > +the temporary disk files are used to perform the sorting. > +.It Fl T Ar
Re: Proposition
Hi, On Fri, Jul 11, 2014 at 11:33:19AM +0100, David Carlier wrote: > I was wondering if a generic small geoloc lib might interest ? which can > load dynamically any geo localisation library via dlopen and so on ... to > get, let's say, a country code with an ip address ... can serve for some > purposes (I ll use it for geolocalisation load balancing via relayd) ... > I would not support plugins or a dlopen() approach in relayd. And doing dlopen in an external library isn't very nice either. So what information would relayd need for geolocalisation? Do you have more details about the concepts? You could run your geolocalisation service as a daemon itself and let relayd connect via a UNIX socket to query the required information. In relayd, the "query an external tool via the socket to get the destination" could be fairly generic and doesn't even have to be geolocalisation- specific. It could be configured as part of the new filter rules that I committed yesterday. Reyk
Re: unify some bpf code
* Kent R. Spillner [2014-07-10 20:47]: > I saw this was already committed, but one tiny consistency nit inline below. I'd argue it's not consistency, rather the opposite, since: > > - mh.mh_len = 4; > > + bpf_mtap_hdr(arg, (caddr_t)&afh, 4, m, direction, NULL); you see this was very mechanic. however: > I realize this is kind of obvious because afh is declared immediately before > this, but to me that 4 looks out of place. Perhaps sizeof(afh) would be > better? I could not agree more. i'll commit it as soon as I find a tree in my forest that has a clean bpf.c :o -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
Re: PATCH: add more malloc.conf details to malloc.3
On Fri, Jul 11, 2014 at 01:38:23AM -0600, Theo de Raadt wrote: > I am a bit concerned. The description is trying too hard to be overly > precise, and may be cumbersome for the typical reader of this page. indeed, and I also dislike putting too much implementation details into a man page. Things might change and if you are really interested, read the code. -Otto > > > Index: lib/libc/stdlib/malloc.3 > > === > > RCS file: /cvs/src/lib/libc/stdlib/malloc.3,v > > retrieving revision 1.78 > > diff -u -p -d -r1.78 malloc.3 > > --- lib/libc/stdlib/malloc.31 May 2014 18:41:59 - 1.78 > > +++ lib/libc/stdlib/malloc.311 Jul 2014 07:19:27 - > > @@ -220,10 +220,23 @@ Malloc will first look for a symbolic li > > .Pa /etc/malloc.conf > > and next check the environment for a variable called > > .Ev MALLOC_OPTIONS > > +(if not > > +.Xr issetugid 2 ) > > and finally for the global variable > > .Va malloc_options > > and scan them for flags in that order. > > Flags are single letters, uppercase means on, lowercase means off. > > +.Pp > > +The default flags are > > +.Cm A > > +and > > +.Cm P , > > +small chunks are always junked, and the first > > +part of the pages is junked after free. > > +The default junk behavior does not correspond to > > +.Cm j > > +or > > +.Cm J . > > .Bl -tag -width indent > > .It Cm A > > .Dq Abort . > > @@ -271,6 +284,7 @@ Currently junk is bytes of 0xd0 when all > > .Dq Duh . > > \&:-) > > Freed chunks are filled with 0xdf. > > +This performs more junking than by default. > > .It Cm j > > .Dq Don't Junk . > > By default, small chunks are always junked, and the first part of pages > > @@ -297,6 +311,11 @@ This can substantially aid in compacting > > .\"Consult the source for this one. > > .It Cm S > > Enable all options suitable for security auditing. > > +This currently enables flags > > +.Cm U , > > +.Cm J , > > +.Cm G > > +and sets the free cache page size to 0. > > .It Cm U > > .Dq Free unmap . > > Enable use after free protection for larger allocations. > >
Proposition
Hi all, I was wondering if a generic small geoloc lib might interest ? which can load dynamically any geo localisation library via dlopen and so on ... to get, let's say, a country code with an ip address ... can serve for some purposes (I ll use it for geolocalisation load balancing via relayd) ... Kind regards. David CARLIER dotMobi / Afilias Technologies
faster malloc in threads
We don't need to hold the malloc lock when making syscalls like mmap
and munmap if we're just a little careful about the order of
operations. This will allow other threads to concurrently allocate
perhaps smaller chunks while the first thread is in the kernel.
This makes a huge difference in a simple benchmark that allocates
chunks in one thread and pages in a second thread. The chunk thread
finishes almost immediately, instead of contending for the lock and
running as slowly as the page thread. Admittedly contrived benchmark,
but the changes are very simple so I think it's worth it.
There are some other possibly expensive operations to tweak, but this
covers the smallest, simplest sections.
Index: malloc.c
===
RCS file: /cvs/src/lib/libc/stdlib/malloc.c,v
retrieving revision 1.170
diff -u -p -r1.170 malloc.c
--- malloc.c9 Jul 2014 19:11:00 - 1.170
+++ malloc.c11 Jul 2014 10:23:10 -
@@ -93,6 +93,15 @@
#define MQUERY(a, sz) mquery((a), (size_t)(sz), PROT_READ | PROT_WRITE, \
MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, (off_t)0)
+#define KERNENTER() if (__isthreaded) do { \
+ malloc_active--; \
+ _MALLOC_UNLOCK(); \
+} while (0)
+#define KERNEXIT() if (__isthreaded) do { \
+ _MALLOC_LOCK(); \
+ malloc_active++; \
+} while (0)
+
struct region_info {
void *p;/* page; low bits used to mark chunks */
uintptr_t size; /* size for pages, or chunk_info pointer */
@@ -312,7 +321,10 @@ unmap(struct dir_info *d, void *p, size_
}
if (psz > mopts.malloc_cache) {
- if (munmap(p, sz))
+ KERNENTER();
+ i = munmap(p, sz);
+ KERNEXIT();
+ if (i)
wrterror("munmap", p);
STATS_SUB(d->malloc_used, sz);
return;
@@ -396,7 +408,9 @@ map(struct dir_info *d, size_t sz, int z
return MAP_FAILED;
}
if (psz > d->free_regions_size) {
+ KERNENTER();
p = MMAP(sz);
+ KERNEXIT();
if (p != MAP_FAILED)
STATS_ADD(d->malloc_used, sz);
/* zero fill not needed */
@@ -408,18 +422,20 @@ map(struct dir_info *d, size_t sz, int z
if (r->p != NULL) {
if (r->size == psz) {
p = r->p;
+ r->p = NULL;
+ r->size = 0;
+ d->free_regions_size -= psz;
+ KERNENTER();
if (mopts.malloc_freeunmap)
mprotect(p, sz, PROT_READ | PROT_WRITE);
if (mopts.malloc_hint)
madvise(p, sz, MADV_NORMAL);
- r->p = NULL;
- r->size = 0;
- d->free_regions_size -= psz;
if (zero_fill)
memset(p, 0, sz);
else if (mopts.malloc_junk == 2 &&
mopts.malloc_freeunmap)
memset(p, SOME_FREEJUNK, sz);
+ KERNEXIT();
return p;
} else if (r->size > psz)
big = r;
@@ -1317,11 +1333,13 @@ orealloc(void *p, size_t newsz, void *f)
STATS_INC(pool->cheap_realloc_tries);
zapcacheregion(pool, hint, needed);
+ KERNENTER();
q = MQUERY(hint, needed);
if (q == hint)
q = MMAPA(hint, needed);
else
q = MAP_FAILED;
+ KERNEXIT();
if (q == hint) {
STATS_ADD(pool->malloc_used, needed);
if (mopts.malloc_junk == 2)
Re: ftp(1) User-Agent
On 07/10/14 06:30, Lawrence Teo wrote: > About a month ago, I sent a diff that allows ftp(1) to set its > User-Agent. > > Based on feedback from halex@ and deraadt@, I have changed it so that > the User-Agent can be set via a -U command-line option instead of an > environment variable. > > I have also fixed a conflict with guenther@'s recent fetch.c commit. > > Would anyone like to ok this latest version? I was reviewing this and I couldn't help finding it unnecessarily cumbersome. I propose this diff (ontop on the already proposed and committed diff). Apart from making the code simpler, this diff will change two things: 1. You may specify -U as many times as you please, using only the last one. This is the behavious I'd expect. 2. If you compile with -DSMALL, using -U will produce an error. This does not follow the common, IMO questionable, practice of just ignoring the switches. However I find it a totally reasonable for most unavailable switches (possibly -C aside). OK? /Alexander Index: fetch.c === RCS file: /cvs/src/usr.bin/ftp/fetch.c,v retrieving revision 1.124 diff -u -p -r1.124 fetch.c --- fetch.c 11 Jul 2014 03:31:52 - 1.124 +++ fetch.c 11 Jul 2014 10:18:25 - @@ -1284,9 +1284,6 @@ auto_fetch(int argc, char *argv[], char char *cp, *url, *host, *dir, *file, *portnum; char *username, *pass, *pathstart; char *ftpproxy, *httpproxy; -#ifndef SMALL - char *uagent = NULL; -#endif /* !SMALL */ int rval, xargc; volatile int argpos; int dirhasglob, filehasglob, oautologin; @@ -1307,13 +1304,6 @@ auto_fetch(int argc, char *argv[], char if ((httpproxy = getenv(HTTP_PROXY)) != NULL && *httpproxy == '\0') httpproxy = NULL; - if (httpuseragent == NULL) - httpuseragent = HTTP_USER_AGENT; -#ifndef SMALL - else - uagent = httpuseragent; -#endif /* !SMALL */ - /* * Loop through as long as there's files to fetch. */ @@ -1590,9 +1580,6 @@ bad_ftp_url: } if (connected && rval != -1) disconnect(0, NULL); -#ifndef SMALL - free(uagent); -#endif /* !SMALL */ return (rval); } Index: main.c === RCS file: /cvs/src/usr.bin/ftp/main.c,v retrieving revision 1.88 diff -u -p -r1.88 main.c --- main.c 11 Jul 2014 03:31:52 - 1.88 +++ main.c 11 Jul 2014 10:18:25 - @@ -362,19 +362,17 @@ main(volatile int argc, char *argv[]) trace = 1; break; - case 'U': #ifndef SMALL - if (httpuseragent) - errx(1, "User-Agent was already defined"); - /* Ensure that User-Agent value is in a single line. */ + case 'U': + free (httpuseragent); if (strcspn(optarg, "\r\n") != strlen(optarg)) errx(1, "Invalid User-Agent: %s.", optarg); if (asprintf(&httpuseragent, "User-Agent: %s", optarg) == -1) errx(1, "Can't allocate memory for HTTP(S) " "User-Agent"); -#endif /* !SMALL */ break; +#endif /* !SMALL */ case 'v': verbose = 1; @@ -394,6 +392,8 @@ main(volatile int argc, char *argv[]) #ifndef SMALL cookie_load(); #endif /* !SMALL */ + if (httpuseragent == NULL) + httpuseragent = HTTP_USER_AGENT; cpend = 0; /* no pending replies */ proxy = 0; /* proxy not active */
Re: PATCH: misc mkstemp and fdopen fixes
On Fri, Jul 11, 2014 at 11:41 AM, Doug Hogan wrote:
> Index: sbin/disklabel/disklabel.c
> ===
> RCS file: /cvs/src/sbin/disklabel/disklabel.c,v
> retrieving revision 1.195
> diff -u -p -d -r1.195 disklabel.c
> --- sbin/disklabel/disklabel.c 5 May 2014 16:33:34 - 1.195
> +++ sbin/disklabel/disklabel.c 11 Jul 2014 09:13:43 -
> @@ -815,9 +815,12 @@ edit(struct disklabel *lp, int f)
> FILE *fp;
> u_int64_t total_sectors, starting_sector, ending_sector;
>
> - if ((fd = mkstemp(tmpfil)) == -1 || (fp = fdopen(fd, "w")) ==
> NULL) {
> - if (fd != -1)
> + if ((fd = mkstemp(tmpfil)) == -1 ||
> + (fp = fdopen(fd, "w")) == NULL) {
> + if (fd != -1) {
> + unlink(tmpfil);
> close(fd);
> + }
> warn("%s", tmpfil);
>
This should call warn() before unlink() or close() to guarantee that the
correct errno value is reported.
> - if ( (edit_file = fdopen(fd, "w+")) == 0)
> + if ( (edit_file = fdopen(fd, "w+")) == 0) {
> + unlink(edit_name);
> + close(fd);
> err(1, "fdopen");
> + }
>
This and several other need to save errno and use errc(), ala:
if ( (edit_file = fdopen(fd, "w+")) == 0) {
int saved_errno = errno;
unlink(edit_name);
close(fd);
errc(1, saved_errno, "fdopen");
}
Philip Guenther
Re: PATCH: add more malloc.conf details to malloc.3
On Fri, Jul 11, 2014 at 07:25:06AM +, Doug Hogan wrote: > On Fri, Jul 11, 2014 at 01:03:54AM -0600, Anthony J. Bentley wrote: > > In addition to what jmc said, if you document these flags they need to > > be marked up with the Cm macro instead of ASCII single quotes. > > My mistake. Fixed version: > > > Index: lib/libc/stdlib/malloc.3 > === > RCS file: /cvs/src/lib/libc/stdlib/malloc.3,v > retrieving revision 1.78 > diff -u -p -d -r1.78 malloc.3 > --- lib/libc/stdlib/malloc.3 1 May 2014 18:41:59 - 1.78 > +++ lib/libc/stdlib/malloc.3 11 Jul 2014 07:19:27 - > @@ -220,10 +220,23 @@ Malloc will first look for a symbolic li > .Pa /etc/malloc.conf > and next check the environment for a variable called > .Ev MALLOC_OPTIONS > +(if not > +.Xr issetugid 2 ) > and finally for the global variable > .Va malloc_options > and scan them for flags in that order. > Flags are single letters, uppercase means on, lowercase means off. > +.Pp > +The default flags are > +.Cm A > +and > +.Cm P , you could keep that briefer by using: ...are .Cm AP , > +small chunks are always junked, and the first > +part of the pages is junked after free. > +The default junk behavior does not correspond to > +.Cm j > +or > +.Cm J . > .Bl -tag -width indent > .It Cm A > .Dq Abort . > @@ -271,6 +284,7 @@ Currently junk is bytes of 0xd0 when all > .Dq Duh . > \&:-) > Freed chunks are filled with 0xdf. > +This performs more junking than by default. > .It Cm j > .Dq Don't Junk . > By default, small chunks are always junked, and the first part of pages > @@ -297,6 +311,11 @@ This can substantially aid in compacting > .\"Consult the source for this one. > .It Cm S > Enable all options suitable for security auditing. > +This currently enables flags > +.Cm U , > +.Cm J , > +.Cm G here too. > +and sets the free cache page size to 0. > .It Cm U > .Dq Free unmap . > Enable use after free protection for larger allocations. > jmc
Re: PATCH: misc mkstemp and fdopen fixes
On 11 July 2014 12:41, Doug Hogan wrote:
>
> Index: bin/csh/dol.c
> ===
> RCS file: /cvs/src/bin/csh/dol.c,v
> retrieving revision 1.17
> diff -u -p -d -r1.17 dol.c
> --- bin/csh/dol.c 12 Aug 2010 02:00:27 - 1.17
> +++ bin/csh/dol.c 11 Jul 2014 09:12:11 -
> @@ -829,7 +829,8 @@ heredoc(Char *term)
>
> if (mkstemp(tmp) < 0)
> stderror(ERR_SYSTEM, tmp, strerror(errno));
> -(void) unlink(tmp);/* 0 0 inode! */
> +else
> + (void) unlink(tmp); /* 0 0 inode! */
> Dv[0] = term;
> Dv[1] = NULL;
> gflag = 0;
> Index: sbin/disklabel/disklabel.c
> ===
> RCS file: /cvs/src/sbin/disklabel/disklabel.c,v
> retrieving revision 1.195
> diff -u -p -d -r1.195 disklabel.c
> --- sbin/disklabel/disklabel.c 5 May 2014 16:33:34 - 1.195
> +++ sbin/disklabel/disklabel.c 11 Jul 2014 09:13:43 -
> @@ -815,9 +815,12 @@ edit(struct disklabel *lp, int f)
> FILE *fp;
> u_int64_t total_sectors, starting_sector, ending_sector;
>
> - if ((fd = mkstemp(tmpfil)) == -1 || (fp = fdopen(fd, "w")) == NULL) {
> - if (fd != -1)
> + if ((fd = mkstemp(tmpfil)) == -1 ||
> + (fp = fdopen(fd, "w")) == NULL) {
> + if (fd != -1) {
> + unlink(tmpfil);
> close(fd);
> + }
> warn("%s", tmpfil);
> return (1);
> }
> Index: sbin/scsi/scsi.c
> ===
> RCS file: /cvs/src/sbin/scsi/scsi.c,v
> retrieving revision 1.28
> diff -u -p -d -r1.28 scsi.c
> --- sbin/scsi/scsi.c12 Nov 2013 04:59:02 - 1.28
> +++ sbin/scsi/scsi.c11 Jul 2014 09:13:44 -
> @@ -571,8 +571,11 @@ edit_init(void)
> strlcpy(edit_name, "/var/tmp/sc", sizeof edit_name);
> if ((fd = mkstemp(edit_name)) == -1)
> err(1, "mkstemp");
> - if ( (edit_file = fdopen(fd, "w+")) == 0)
> + if ( (edit_file = fdopen(fd, "w+")) == 0) {
> + unlink(edit_name);
> + close(fd);
> err(1, "fdopen");
> + }
> edit_opened = 1;
>
> atexit(edit_done);
> Index: usr.bin/gzsig/sign.c
> ===
> RCS file: /cvs/src/usr.bin/gzsig/sign.c,v
> retrieving revision 1.13
> diff -u -p -d -r1.13 sign.c
> --- usr.bin/gzsig/sign.c10 Mar 2013 10:36:57 - 1.13
> +++ usr.bin/gzsig/sign.c11 Jul 2014 09:14:10 -
> @@ -281,6 +281,7 @@ sign(int argc, char *argv[])
> if ((fout = fdopen(fd, "w")) == NULL) {
> fprintf(stderr, "Error opening %s: %s\n",
> tmppath, strerror(errno));
> + unlink(tmppath);
> fclose(fin);
> close(fd);
> continue;
> @@ -288,6 +289,7 @@ sign(int argc, char *argv[])
> if (copy_permissions(fileno(fin), fd) < 0) {
> fprintf(stderr, "Error initializing %s: %s\n",
> tmppath, strerror(errno));
> + unlink(tmppath);
> fclose(fin);
> fclose(fout);
> continue;
> Index: usr.bin/htpasswd/htpasswd.c
> ===
> RCS file: /cvs/src/usr.bin/htpasswd/htpasswd.c,v
> retrieving revision 1.10
> diff -u -p -d -r1.10 htpasswd.c
> --- usr.bin/htpasswd/htpasswd.c 24 Mar 2014 20:33:01 - 1.10
> +++ usr.bin/htpasswd/htpasswd.c 11 Jul 2014 09:14:10 -
> @@ -164,8 +164,10 @@ main(int argc, char** argv)
> if ((fd = mkstemp(tmpl)) == -1)
> err(1, "mkstemp");
>
> - if ((out = fdopen(fd, "w+")) == NULL)
> + if ((out = fdopen(fd, "w+")) == NULL) {
> + unlink(tmpl);
> err(1, "cannot open tempfile");
> + }
>
> while ((linelen = getline(&line, &linesize, in))
> != -1) {
> Index: usr.bin/m4/eval.c
> ===
> RCS file: /cvs/src/usr.bin/m4/eval.c,v
> retrieving revision 1.72
> diff -u -p -d -r1.72 eval.c
> --- usr.bin/m4/eval.c 28 Apr 2014 12:34:11 - 1.72
> +++ usr.bin/m4/eval.c 11 Jul 2014 09:14:11 -
> @@ -818,8 +818,11 @@ dodiv(int n)
> char fname[] = _PATH_DIVNAME;
>
> if ((fd = mkstemp(fname)) < 0 ||
> - (outfile[n] = fdopen(fd, "w+")) == NULL)
> + (outfile[n] = fdopen(fd, "w+")) == NULL) {
> +
Re: sshd add back hmac-sha1
On 2014/07/11 05:32, Ted Unangst wrote: > I think the proposal rampaging went one algorithm too far. sha1 is the > best algorithm supported by many clients and it's still pretty secure. > without it, a lot of clients have stopped working. temporarily alieve > the pain? Re-adding SHA1 will fix things for a lot of clients. There are still some clients which only support CBC modes, but those are usually much older, I don't think we need to worry about them so much. > > Index: myproposal.h > === > RCS file: /cvs/src/usr.bin/ssh/myproposal.h,v > retrieving revision 1.40 > diff -u -p -r1.40 myproposal.h > --- myproposal.h 30 Apr 2014 19:07:48 - 1.40 > +++ myproposal.h 11 Jul 2014 09:31:21 - > @@ -69,19 +69,19 @@ > "umac-128-...@openssh.com," \ > "hmac-sha2-256-...@openssh.com," \ > "hmac-sha2-512-...@openssh.com," \ > + "hmac-sha1-...@openssh.com," \ > "umac...@openssh.com," \ > "umac-...@openssh.com," \ > "hmac-sha2-256," \ > - "hmac-sha2-512" \ > + "hmac-sha2-512," \ > + "hmac-sha1" > > #define KEX_CLIENT_MAC KEX_SERVER_MAC "," \ > "hmac-md5-...@openssh.com," \ > - "hmac-sha1-...@openssh.com," \ > "hmac-ripemd160-...@openssh.com," \ > "hmac-sha1-96-...@openssh.com," \ > "hmac-md5-96-...@openssh.com," \ > "hmac-md5," \ > - "hmac-sha1," \ > "hmac-ripemd160," \ > "hmac-ripemd...@openssh.com," \ > "hmac-sha1-96," \ > @@ -102,16 +102,16 @@ > "umac-128-...@openssh.com," \ > "hmac-sha2-256-...@openssh.com," \ > "hmac-sha2-512-...@openssh.com," \ > + "hmac-sha1-...@openssh.com," \ > "umac...@openssh.com," \ > "umac-...@openssh.com," \ > "hmac-sha2-256," \ > - "hmac-sha2-512" > + "hmac-sha2-512," \ > + "hmac-sha1" > > #define KEX_CLIENT_KEX KEX_SERVER_KEX > #define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT > -#define KEX_CLIENT_MAC KEX_SERVER_MAC "," \ > - "hmac-sha1-...@openssh.com," \ > - "hmac-sha1" > +#define KEX_CLIENT_MAC KEX_SERVER_MAC > > #endif /* WITH_OPENSSL */ > >
PATCH: misc mkstemp and fdopen fixes
Index: bin/csh/dol.c
===
RCS file: /cvs/src/bin/csh/dol.c,v
retrieving revision 1.17
diff -u -p -d -r1.17 dol.c
--- bin/csh/dol.c 12 Aug 2010 02:00:27 - 1.17
+++ bin/csh/dol.c 11 Jul 2014 09:12:11 -
@@ -829,7 +829,8 @@ heredoc(Char *term)
if (mkstemp(tmp) < 0)
stderror(ERR_SYSTEM, tmp, strerror(errno));
-(void) unlink(tmp);/* 0 0 inode! */
+else
+ (void) unlink(tmp); /* 0 0 inode! */
Dv[0] = term;
Dv[1] = NULL;
gflag = 0;
Index: sbin/disklabel/disklabel.c
===
RCS file: /cvs/src/sbin/disklabel/disklabel.c,v
retrieving revision 1.195
diff -u -p -d -r1.195 disklabel.c
--- sbin/disklabel/disklabel.c 5 May 2014 16:33:34 - 1.195
+++ sbin/disklabel/disklabel.c 11 Jul 2014 09:13:43 -
@@ -815,9 +815,12 @@ edit(struct disklabel *lp, int f)
FILE *fp;
u_int64_t total_sectors, starting_sector, ending_sector;
- if ((fd = mkstemp(tmpfil)) == -1 || (fp = fdopen(fd, "w")) == NULL) {
- if (fd != -1)
+ if ((fd = mkstemp(tmpfil)) == -1 ||
+ (fp = fdopen(fd, "w")) == NULL) {
+ if (fd != -1) {
+ unlink(tmpfil);
close(fd);
+ }
warn("%s", tmpfil);
return (1);
}
Index: sbin/scsi/scsi.c
===
RCS file: /cvs/src/sbin/scsi/scsi.c,v
retrieving revision 1.28
diff -u -p -d -r1.28 scsi.c
--- sbin/scsi/scsi.c12 Nov 2013 04:59:02 - 1.28
+++ sbin/scsi/scsi.c11 Jul 2014 09:13:44 -
@@ -571,8 +571,11 @@ edit_init(void)
strlcpy(edit_name, "/var/tmp/sc", sizeof edit_name);
if ((fd = mkstemp(edit_name)) == -1)
err(1, "mkstemp");
- if ( (edit_file = fdopen(fd, "w+")) == 0)
+ if ( (edit_file = fdopen(fd, "w+")) == 0) {
+ unlink(edit_name);
+ close(fd);
err(1, "fdopen");
+ }
edit_opened = 1;
atexit(edit_done);
Index: usr.bin/gzsig/sign.c
===
RCS file: /cvs/src/usr.bin/gzsig/sign.c,v
retrieving revision 1.13
diff -u -p -d -r1.13 sign.c
--- usr.bin/gzsig/sign.c10 Mar 2013 10:36:57 - 1.13
+++ usr.bin/gzsig/sign.c11 Jul 2014 09:14:10 -
@@ -281,6 +281,7 @@ sign(int argc, char *argv[])
if ((fout = fdopen(fd, "w")) == NULL) {
fprintf(stderr, "Error opening %s: %s\n",
tmppath, strerror(errno));
+ unlink(tmppath);
fclose(fin);
close(fd);
continue;
@@ -288,6 +289,7 @@ sign(int argc, char *argv[])
if (copy_permissions(fileno(fin), fd) < 0) {
fprintf(stderr, "Error initializing %s: %s\n",
tmppath, strerror(errno));
+ unlink(tmppath);
fclose(fin);
fclose(fout);
continue;
Index: usr.bin/htpasswd/htpasswd.c
===
RCS file: /cvs/src/usr.bin/htpasswd/htpasswd.c,v
retrieving revision 1.10
diff -u -p -d -r1.10 htpasswd.c
--- usr.bin/htpasswd/htpasswd.c 24 Mar 2014 20:33:01 - 1.10
+++ usr.bin/htpasswd/htpasswd.c 11 Jul 2014 09:14:10 -
@@ -164,8 +164,10 @@ main(int argc, char** argv)
if ((fd = mkstemp(tmpl)) == -1)
err(1, "mkstemp");
- if ((out = fdopen(fd, "w+")) == NULL)
+ if ((out = fdopen(fd, "w+")) == NULL) {
+ unlink(tmpl);
err(1, "cannot open tempfile");
+ }
while ((linelen = getline(&line, &linesize, in))
!= -1) {
Index: usr.bin/m4/eval.c
===
RCS file: /cvs/src/usr.bin/m4/eval.c,v
retrieving revision 1.72
diff -u -p -d -r1.72 eval.c
--- usr.bin/m4/eval.c 28 Apr 2014 12:34:11 - 1.72
+++ usr.bin/m4/eval.c 11 Jul 2014 09:14:11 -
@@ -818,8 +818,11 @@ dodiv(int n)
char fname[] = _PATH_DIVNAME;
if ((fd = mkstemp(fname)) < 0 ||
- (outfile[n] = fdopen(fd, "w+")) == NULL)
+ (outfile[n] = fdopen(fd, "w+")) == NULL) {
+ if (fd != -1)
+ unlink(fname);
err(1, "%s: cannot divert", fname);
+ }
if (unlink(fname) == -1)
err(1, "%s: cannot unlink", fnam
Re: lynx: disable old protocols
On Thu, Jul 10, 2014 at 11:05:45PM -0400, Daniel Dickman wrote:
> Patch below turns off the following ancient protocols built into lynx:
> bibp, finger, gopher, and news.
>
> For some urls, lynx will invoke an external command. Turn off telnet,
> rlogin and tn3270 urls by defining them to false(1) as documented in the
> lynx manual.
>
> Finally, turn off the file editor which can be accessed with "g."
> using the --disable-dired switch.
>
> ok to commit?
No, gopher can't go!
>
> Index: Makefile.bsd-wrapper
> ===
> RCS file: /home/cvs/src/gnu/usr.bin/lynx/Makefile.bsd-wrapper,v
> retrieving revision 1.24
> diff -u -p -u -r1.24 Makefile.bsd-wrapper
> --- Makefile.bsd-wrapper 15 Apr 2014 20:55:42 - 1.24
> +++ Makefile.bsd-wrapper 11 Jul 2014 02:47:31 -
> @@ -5,7 +5,10 @@ CLEANFILES+= lynx.1
> DPADD= ${LIBSSL} ${LIBCRYPTO}
>
> GNUCFLAGS= CC="${CC}" CFLAGS="${CFLAGS} ${COPTS} ${OPT}"
> LDFLAGS="${LDFLAGS}"
> -CONFIGURE_ARGS= --with-ssl=/usr --enable-widec --enable-ipv6 --enable-debug
> +CONFIGURE_ARGS= --with-ssl=/usr --enable-widec --enable-ipv6 --enable-debug \
> + --disable-bibp-urls --disable-finger --disable-gopher
> --disable-news \
> + --disable-dired
> +
> HTMLDIR= /usr/share/doc/html
> HELPFILES= keystrokes/alt_edit_help.html keystrokes/bookmark_help.html \
> keystrokes/cookie_help.html keystrokes/dired_help.html \
> @@ -39,12 +42,18 @@ config: .FORCE
> PATH="/bin:/usr/bin:/sbin:/usr/sbin" \
> ${GNUCFLAGS} \
> INSTALL_PROGRAM="${INSTALL} ${INSTALL_COPY} ${INSTALL_STRIP}" \
> + TELNET=/usr/bin/false \
> + RLOGIN=/usr/bin/false \
> + TN3270=/usr/bin/false \
> sh ${.CURDIR}/configure --prefix=/usr --sysconfdir=/etc
> --disable-color-style ${CONFIGURE_ARGS}
>
> config.status:
> PATH="/bin:/usr/bin:/sbin:/usr/sbin" \
> ${GNUCFLAGS} \
> INSTALL_PROGRAM="${INSTALL} ${INSTALL_COPY} ${INSTALL_STRIP}" \
> + TELNET=/usr/bin/false \
> + RLOGIN=/usr/bin/false \
> + TN3270=/usr/bin/false \
> sh ${.CURDIR}/configure --prefix=/usr --sysconfdir=/etc
> --disable-color-style ${CONFIGURE_ARGS} ${CF}
>
> lynx.1: ${.CURDIR}/lynx.man
>
Re: lynx: disable old protocols
On 2014/07/11 05:05, Ted Unangst wrote: > On Fri, Jul 11, 2014 at 09:56, Stuart Henderson wrote: > > On 2014/07/11 18:51, Brett Mahar wrote: > >> On Fri, 11 Jul 2014 09:48:12 +0100 > >> Stuart Henderson wrote: > >> > >> | On 2014/07/11 01:18, Theo de Raadt wrote: > >> | > > I too use gopher in lynx regularly, and would miss support. There > > is = > >> | > > still a surprisingly active community using gopher. (floodgap, et > > al.) > >> | > > >> | > So install a package. > >> | > >> | Should we just move lynx to packages? > >> | > >> > >> I find lynx really handy to have in base, e.g. installing on a new > > machine, users can just go to openbsd.org and cut and paste a pkg_path > > prior to installing anything, and read the faq. > >> > >> Using openbsd for the first time would have been a lot more painful > > without a browser in base. > >> > > > > Thing is, if we need another version of lynx in packages to support > > gopher, having one in base as well just gets confusing.. > > No more than many versions of gcc in base and ports, I think. We could > call it elynx. :) Yes, that's confusing too, especially with nginx. > We have documentation in html format, so I think we need a basic text > browser in base to view it. BIND, Lynx itself, Sendmail milters, ncurses.
sshd add back hmac-sha1
I think the proposal rampaging went one algorithm too far. sha1 is the best algorithm supported by many clients and it's still pretty secure. without it, a lot of clients have stopped working. temporarily alieve the pain? Index: myproposal.h === RCS file: /cvs/src/usr.bin/ssh/myproposal.h,v retrieving revision 1.40 diff -u -p -r1.40 myproposal.h --- myproposal.h30 Apr 2014 19:07:48 - 1.40 +++ myproposal.h11 Jul 2014 09:31:21 - @@ -69,19 +69,19 @@ "umac-128-...@openssh.com," \ "hmac-sha2-256-...@openssh.com," \ "hmac-sha2-512-...@openssh.com," \ + "hmac-sha1-...@openssh.com," \ "umac...@openssh.com," \ "umac-...@openssh.com," \ "hmac-sha2-256," \ - "hmac-sha2-512" \ + "hmac-sha2-512," \ + "hmac-sha1" #define KEX_CLIENT_MAC KEX_SERVER_MAC "," \ "hmac-md5-...@openssh.com," \ - "hmac-sha1-...@openssh.com," \ "hmac-ripemd160-...@openssh.com," \ "hmac-sha1-96-...@openssh.com," \ "hmac-md5-96-...@openssh.com," \ "hmac-md5," \ - "hmac-sha1," \ "hmac-ripemd160," \ "hmac-ripemd...@openssh.com," \ "hmac-sha1-96," \ @@ -102,16 +102,16 @@ "umac-128-...@openssh.com," \ "hmac-sha2-256-...@openssh.com," \ "hmac-sha2-512-...@openssh.com," \ + "hmac-sha1-...@openssh.com," \ "umac...@openssh.com," \ "umac-...@openssh.com," \ "hmac-sha2-256," \ - "hmac-sha2-512" + "hmac-sha2-512," \ + "hmac-sha1" #define KEX_CLIENT_KEX KEX_SERVER_KEX #defineKEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT -#define KEX_CLIENT_MAC KEX_SERVER_MAC "," \ - "hmac-sha1-...@openssh.com," \ - "hmac-sha1" +#define KEX_CLIENT_MAC KEX_SERVER_MAC #endif /* WITH_OPENSSL */
Re: lynx: disable old protocols
On Fri, Jul 11, 2014 at 09:56, Stuart Henderson wrote: > On 2014/07/11 18:51, Brett Mahar wrote: >> On Fri, 11 Jul 2014 09:48:12 +0100 >> Stuart Henderson wrote: >> >> | On 2014/07/11 01:18, Theo de Raadt wrote: >> | > > I too use gopher in lynx regularly, and would miss support. There > is = >> | > > still a surprisingly active community using gopher. (floodgap, et > al.) >> | > >> | > So install a package. >> | >> | Should we just move lynx to packages? >> | >> >> I find lynx really handy to have in base, e.g. installing on a new > machine, users can just go to openbsd.org and cut and paste a pkg_path > prior to installing anything, and read the faq. >> >> Using openbsd for the first time would have been a lot more painful > without a browser in base. >> > > Thing is, if we need another version of lynx in packages to support > gopher, having one in base as well just gets confusing.. No more than many versions of gcc in base and ports, I think. We could call it elynx. :) We have documentation in html format, so I think we need a basic text browser in base to view it.
Re: lynx: disable old protocols
If lynx was removed from base, and only available in ports... how many of you would even know of it's existance and use it?
Re: lynx: disable old protocols
> Everytime someone (it is Daniel this time) tries to avert risk in even a > minor way, the peanut gallery rises up with "I want the whole pig in base". > > Daniel is doing the right thing. Fully loaded lynx can be in the ports tree > too, and we can keep track of the download statistics to see both users who > download it every year... Not to mention there are already alternatives for console-based browsers in ports. I am all for stripping base lynx to the minimum. -- Antoine
Re: lynx: disable old protocols
> I find lynx really handy to have in base, e.g. installing on a new > machine, users can just go to openbsd.org and cut and paste a pkg_path > prior to installing anything, and read the faq. that is why it is in base. but someone on the list wants to visit the openbsd gopher page to get that information. crazy people -- you are bat shit crazy.
Re: lynx: disable old protocols
>On 2014/07/11 01:18, Theo de Raadt wrote: >> > I too use gopher in lynx regularly, and would miss support. There is = >> > still a surprisingly active community using gopher. (floodgap, et al.) >> >> So install a package. > >Should we just move lynx to packages? It is nice to have something in base. Moving it to packages would create some strong inconviences in tough spots. The problem is that there isn't a web client which meets the criteria of minimal small trying to be safe code Everytime someone (it is Daniel this time) tries to avert risk in even a minor way, the peanut gallery rises up with "I want the whole pig in base". Daniel is doing the right thing. Fully loaded lynx can be in the ports tree too, and we can keep track of the download statistics to see both users who download it every year...
Re: lynx: disable old protocols
On 2014/07/11 18:51, Brett Mahar wrote: > On Fri, 11 Jul 2014 09:48:12 +0100 > Stuart Henderson wrote: > > | On 2014/07/11 01:18, Theo de Raadt wrote: > | > > I too use gopher in lynx regularly, and would miss support. There is = > | > > still a surprisingly active community using gopher. (floodgap, et al.) > | > > | > So install a package. > | > | Should we just move lynx to packages? > | > > I find lynx really handy to have in base, e.g. installing on a new machine, > users can just go to openbsd.org and cut and paste a pkg_path prior to > installing anything, and read the faq. > > Using openbsd for the first time would have been a lot more painful without a > browser in base. > Thing is, if we need another version of lynx in packages to support gopher, having one in base as well just gets confusing..
Re: lynx: disable old protocols
On Fri, 11 Jul 2014 09:48:12 +0100 Stuart Henderson wrote: | On 2014/07/11 01:18, Theo de Raadt wrote: | > > I too use gopher in lynx regularly, and would miss support. There is = | > > still a surprisingly active community using gopher. (floodgap, et al.) | > | > So install a package. | | Should we just move lynx to packages? | I find lynx really handy to have in base, e.g. installing on a new machine, users can just go to openbsd.org and cut and paste a pkg_path prior to installing anything, and read the faq. Using openbsd for the first time would have been a lot more painful without a browser in base.
Re: lynx: disable old protocols
On 2014/07/11 01:18, Theo de Raadt wrote: > > I too use gopher in lynx regularly, and would miss support. There is = > > still a surprisingly active community using gopher. (floodgap, et al.) > > So install a package. Should we just move lynx to packages?
Re: [PATCH] rdomain support on rc.d
On Thu, Jul 10, 2014 at 06:51:01PM +0200, Loïc BLOT wrote:
> Hello all,
> I use rdomains to split routing domains per company and also separate
> administration interfaces from routing interfaces on my routers (sshd,
> bacula, postfix and puppetd running on a dedicated rdomain)
>
> Actually there is a problem with rdomains, we need to modify /etc/rc.d
> scripts to add rdomain execution environment to the specified service.
> If rc.subr have support to rdomains, we can let the rc.d scripts clean.
>
> To resolve those rdomain issues, I created a patch and I added a new
> variable we could use on rc.conf(.local), ${_name}_rdomain. (This
> variable needs a signed integer and use an existing rdomain, this is
> checked by rc.subr.
>
> I want to contribute to OpenBSD and I give you this patch. If you have
> any suggestions to improve it, tell me.
I don't use rdomain so someone knowledgeable should comment here.
But it does look like a nice idea.
> --- /etc/rc.d/rc.subr.orig Thu Jul 10 17:34:18 2014
> +++ /etc/rc.d/rc.subr Thu Jul 10 18:36:19 2014
> @@ -54,7 +54,7 @@
> }
>
> rc_start() {
> - ${rcexec} "${daemon} ${daemon_flags} ${_bg}"
> + ${rcexec} "${_rdomain_cmd} ${daemon} ${daemon_flags} ${_bg}"
> }
>
> rc_check() {
> @@ -105,7 +105,7 @@
> }
>
> rc_cmd() {
> - local _bg _n
> + local _bg _n _rdomain_cmd
>
> [ "$(id -u)" -eq 0 ] || \
> [ X"${rc_usercheck}" != X"NO" -a X"$1" = "Xcheck" ] || \
> @@ -134,6 +134,21 @@
> rc_err "$0: need -f to force $1 since
> ${_name}_flags=NO"
> exit 1
> fi
> +
> + printf '%d' ${daemon_rdomain} 1>/dev/null 2>&1
> + if [ ! "$?" -eq "0" ] || [ "${daemon_rdomain}" -lt "0"
> ]; then
> + rc_err "$0: ${_name}_rdomain must be numeric and
> signed. Found ${_name}_rdomain=${daemon_rdomain}"
> + exit 1
> + fi
> +
> + /sbin/route -T${daemon_rdomain} exec printf ''
> 1>/dev/null 2>&1
> + if [ ! "$?" -eq "0" ]; then
> + rc_err "$0: rdomain ${daemon_rdomain} doesn't
> exists."
> + exit 1
> + fi
> +
> + _rdomain_cmd="$(printf '/sbin/route -T%d exec'
> ${daemon_rdomain})"
> +
> [ -z "${INRC}" ] && rc_do rc_check && exit 0
> echo $_n "${INRC:+ }${_name}"
> while true; do # no real loop, only needed to break
> @@ -203,22 +218,25 @@
>
> eval _rcflags=\${${_name}_flags}
> eval _rcuser=\${${_name}_user}
> +eval _rcrdomain=\${${_name}_rdomain}
>
> getcap -f /etc/login.conf ${_name} 1>/dev/null 2>&1 && \
> daemon_class=${_name}
>
> [ -z "${daemon_class}" ] && daemon_class=daemon
> [ -z "${daemon_user}" ] && daemon_user=root
> +[ -z "${daemon_rdomain}" ] && daemon_rdomain=0
>
> [ -n "${_RC_FORCE}" ] && [ X"${_rcflags}" = X"NO" ] && unset _rcflags
> [ -n "${_rcflags}" ] && daemon_flags=${_rcflags}
> [ -n "${_rcuser}" ] && daemon_user=${_rcuser}
> +[ -n "${_rcrdomain}" ] && daemon_rdomain=${_rcrdomain}
>
> # sanitize
> daemon_flags=$(printf ' %s' ${daemon_flags})
> daemon_flags=${daemon_flags## }
> readonly daemon_class
> -unset _rcflags _rcuser
> +unset _rcflags _rcuser _rcrdomain
>
> pexp="${daemon}${daemon_flags:+ ${daemon_flags}}"
> rcexec="su -l -c ${daemon_class} -s /bin/sh ${daemon_user} -c"
>
> --
> Best regards,
> Loïc BLOT,
> UNIX systems, security and network engineer
> http://www.unix-experience.fr
>
>
>
>
>
--
Antoine
Re: PATCH: fix check in smtpd/table_socketmap.c
thanks, will be fixed shortly
as a side note this is not built and will be removed from smtpd
to be shipped as an external backend
On Fri, Jul 11, 2014 at 05:39:02AM +, Doug Hogan wrote:
> socket() returns -1 on error.
>
>
> Index: usr.sbin/smtpd/table_socketmap.c
> ===
> RCS file: /cvs/src/usr.sbin/smtpd/table_socketmap.c,v
> retrieving revision 1.4
> diff -u -p -d -r1.4 table_socketmap.c
> --- usr.sbin/smtpd/table_socketmap.c 8 Jul 2014 13:49:09 - 1.4
> +++ usr.sbin/smtpd/table_socketmap.c 11 Jul 2014 04:29:33 -
> @@ -125,7 +125,7 @@ table_socketmap_connect(const char *s)
> return 1;
>
> err:
> - if (sock) {
> + if (sock != -1) {
> close(sock);
> sock = -1;
> }
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
PATCH: fix various fdopen error handling fd leaks
Another patch will handle some of the fdopen error handling leaks
that are combined with missing unlink calls when using mkstemp.
Index: games/atc/log.c
===
RCS file: /cvs/src/games/atc/log.c,v
retrieving revision 1.17
diff -u -p -d -r1.17 log.c
--- games/atc/log.c 27 Oct 2009 23:59:23 - 1.17
+++ games/atc/log.c 11 Jul 2014 07:41:36 -
@@ -109,6 +109,7 @@ open_score_file(void)
score_fp = fdopen(score_fd, "r+");
if (score_fp == NULL) {
perror(_PATH_SCORE);
+ close(score_fd);
return (-1);
}
umask(old_mode);
Index: sbin/isakmpd/ike_auth.c
===
RCS file: /cvs/src/sbin/isakmpd/ike_auth.c,v
retrieving revision 1.110
diff -u -p -d -r1.110 ike_auth.c
--- sbin/isakmpd/ike_auth.c 16 Apr 2007 13:01:39 - 1.110
+++ sbin/isakmpd/ike_auth.c 11 Jul 2014 07:41:36 -
@@ -299,12 +299,14 @@ ignorekeynote:
if (check_file_secrecy_fd(fd, keyfile, &fsize)) {
free(privkeyfile);
+ close(fd);
return 0;
}
if ((keyfp = fdopen(fd, "r")) == NULL) {
log_print("ike_auth_get_key: fdopen failed");
free(privkeyfile);
+ close(fd);
return 0;
}
#if SSLEAY_VERSION_NUMBER >= 0x00904100L
Index: usr.bin/finger/net.c
===
RCS file: /cvs/src/usr.bin/finger/net.c,v
retrieving revision 1.12
diff -u -p -d -r1.12 net.c
--- usr.bin/finger/net.c27 Oct 2009 23:59:38 - 1.12
+++ usr.bin/finger/net.c11 Jul 2014 07:41:36 -
@@ -141,5 +141,8 @@ netfinger(name)
}
if (lastc != '\n')
putchar('\n');
- (void)fclose(fp);
+ if (fp == NULL)
+ (void)close(s);
+ else
+ (void)fclose(fp);
}
Index: usr.bin/mandoc/mandocdb.c
===
RCS file: /cvs/src/usr.bin/mandoc/mandocdb.c,v
retrieving revision 1.111
diff -u -p -d -r1.111 mandocdb.c
--- usr.bin/mandoc/mandocdb.c 21 Jun 2014 16:17:56 - 1.111
+++ usr.bin/mandoc/mandocdb.c 11 Jul 2014 07:41:37 -
@@ -1320,6 +1320,8 @@ parse_cat(struct mpage *mpage, int fd)
fopen(mpage->mlinks->file, "r") :
fdopen(fd, "r");
if (NULL == stream) {
+ if (-1 != fd)
+ close(fd);
if (warnings)
say(mpage->mlinks->file, "&fopen");
return;
Index: usr.bin/ssh/ssh-keygen.c
===
RCS file: /cvs/src/usr.bin/ssh/ssh-keygen.c,v
retrieving revision 1.249
diff -u -p -d -r1.249 ssh-keygen.c
--- usr.bin/ssh/ssh-keygen.c3 Jul 2014 03:47:27 - 1.249
+++ usr.bin/ssh/ssh-keygen.c11 Jul 2014 07:41:37 -
@@ -953,12 +953,14 @@ do_gen_all_hostkeys(struct passwd *pw)
f = fdopen(fd, "w");
if (f == NULL) {
printf("fdopen %s failed\n", identity_file);
+ close(fd);
key_free(public);
first = 0;
continue;
}
if (!key_write(public, f)) {
fprintf(stderr, "write key failed\n");
+ fclose(f);
key_free(public);
first = 0;
continue;
Index: usr.bin/uudecode/uudecode.c
===
RCS file: /cvs/src/usr.bin/uudecode/uudecode.c,v
retrieving revision 1.19
diff -u -p -d -r1.19 uudecode.c
--- usr.bin/uudecode/uudecode.c 20 May 2014 01:25:23 - 1.19
+++ usr.bin/uudecode/uudecode.c 11 Jul 2014 07:41:37 -
@@ -290,6 +290,8 @@ decode2(void)
if ((fd = open(outfile, flags, mode)) < 0 ||
(outfp = fdopen(fd, "w")) == NULL) {
warn("%s: %s", infile, outfile);
+ if (fd != -1)
+ close(fd);
return (1);
}
}
Index: usr.sbin/lpr/lpd/printjob.c
===
RCS file: /cvs/src/usr.sbin/lpr/lpd/printjob.c,v
retrieving revision 1.52
diff -u -p -d -r1.52 printjob.c
--- usr.sbin/lpr/lpd/printjob.c 7 Feb 2014 23:06:21 - 1.52
+++ usr.sbin/lpr/lpd/printjob.c 11 Jul 2014 07:41:38 -
@@ -804,8 +804,12 @@ sendit(char *file)
/* open control file */
fd = safe_open(file, O_RDONLY|O_NOFOLLOW, 0);
- if (fd < 0 || (cfp = fdopen(fd, "r")) == NULL)
+ if (fd < 0 || (cfp = fdopen(fd, "r")) ==
Re: PATCH: missing NUL terminate after readlink() in csh
On Fri, Jul 11, 2014 at 06:31, Doug Hogan wrote: > Csh has a section of code where it NUL terminates after a strlcpy(). > Strlcpy() may read past what readlink() wrote since readlink() does > not append a NUL. applied (and smtpd sock fix), thanks.
Re: PATCH: add more malloc.conf details to malloc.3
I am a bit concerned. The description is trying too hard to be overly precise, and may be cumbersome for the typical reader of this page. > Index: lib/libc/stdlib/malloc.3 > === > RCS file: /cvs/src/lib/libc/stdlib/malloc.3,v > retrieving revision 1.78 > diff -u -p -d -r1.78 malloc.3 > --- lib/libc/stdlib/malloc.3 1 May 2014 18:41:59 - 1.78 > +++ lib/libc/stdlib/malloc.3 11 Jul 2014 07:19:27 - > @@ -220,10 +220,23 @@ Malloc will first look for a symbolic li > .Pa /etc/malloc.conf > and next check the environment for a variable called > .Ev MALLOC_OPTIONS > +(if not > +.Xr issetugid 2 ) > and finally for the global variable > .Va malloc_options > and scan them for flags in that order. > Flags are single letters, uppercase means on, lowercase means off. > +.Pp > +The default flags are > +.Cm A > +and > +.Cm P , > +small chunks are always junked, and the first > +part of the pages is junked after free. > +The default junk behavior does not correspond to > +.Cm j > +or > +.Cm J . > .Bl -tag -width indent > .It Cm A > .Dq Abort . > @@ -271,6 +284,7 @@ Currently junk is bytes of 0xd0 when all > .Dq Duh . > \&:-) > Freed chunks are filled with 0xdf. > +This performs more junking than by default. > .It Cm j > .Dq Don't Junk . > By default, small chunks are always junked, and the first part of pages > @@ -297,6 +311,11 @@ This can substantially aid in compacting > .\"Consult the source for this one. > .It Cm S > Enable all options suitable for security auditing. > +This currently enables flags > +.Cm U , > +.Cm J , > +.Cm G > +and sets the free cache page size to 0. > .It Cm U > .Dq Free unmap . > Enable use after free protection for larger allocations. >
