Hi,
This is the second of the OpenSSH key revocation list (KRL) diffs.
This one refactors KRL parsing, and particularly signature verification.
It splits the KRL parsing logic into three phases: signature
verification, key trust verification and everything else. The idea is
to make this easier
Hi,
This is another OpenSSH key revocation list (KRL) change: to support KRL
signing and verification in ssh-keygen(1).
The KRL format has supported signing of KRLs and verification of KRL
signatures for a long time, but there is currently no way to generate a
signed KRL or check the signature
Hi,
The final OpenSSH key revocation list (KRL) diff for now :)
This extends the existing krl.sh regression test to exercise signing and
verification. (This depends on the last two diffs)
ok?
Index: krl.sh
===
RCS file:
On Mon, Jan 16, 2023 at 08:57:25AM -0700, Theo de Raadt wrote:
> I propose to relink sshd on every boot, before it gets started.
>
> This is like kernel, libc.so, libcrypto, and ld.so relinking.
>
> The sshd design self-protects itself quite well, but this kind of
> address space secrecy is
I propose to relink sshd on every boot, before it gets started.
This is like kernel, libc.so, libcrypto, and ld.so relinking.
The sshd design self-protects itself quite well, but this kind of
address space secrecy is still a good addition.
Since the sshd binary becomes unique on every openbsd
For this xonly work, we are having to one-by-one find .S files that
are putting data tables into the .text segment
I am hoping to find someone who can do c++ well enough, and maybe
has some familiarity with the clang code, to add a warning message
for this
if a .long, .quad, .byte are placed
Hi folks,
I'm writing manual pages for the libevent variant bundled with OpenBSD,
this is a documentation project that I started in something like 2012
but got pulled away from due to life circumstances. I've returned to
it after reading an old Things to Do - *urgent* list I left in a binder
over
SYNOPSIS and usage say [NAME=value] while multiple assigments are fine:
$ make -p FOO=1 BAR=2 | grep -e^FOO -e^BAR
BAR = 2
FOO = 1
I'm sure ports(7) wouldn't work if only one was accepted, hence it suprises
me that none of the BSDs document it
On Tue, Jan 17, 2023 at 04:12:10PM +1100, Jonathan Gray wrote:
> AMD Elan SC520 (found on soekris net45xx) has a 486 class processor
> We require at least a 586/pentium class processor
>
if you do, there's a little cleanup:
/usr/src/share/man/man4/gpio.4:.Cd "gpio* at elansc?" Pq i386
On Mon, Jan 16, 2023 at 10:03:03PM +, Klemens Nanni wrote:
> SYNOPSIS and usage say [NAME=value] while multiple assigments are fine:
>
> $ make -p FOO=1 BAR=2 | grep -e^FOO -e^BAR
> BAR = 2
> FOO = 1
>
> I'm sure ports(7) wouldn't work if only one
AMD Elan SC520 (found on soekris net45xx) has a 486 class processor
We require at least a 586/pentium class processor
diff --git share/man/man4/man4.i386/Makefile share/man/man4/man4.i386/Makefile
index 3fae7fbbe42..55d52939e28 100644
--- share/man/man4/man4.i386/Makefile
+++
11 matches
Mail list logo