Re: lynx: disable old protocols

2014-07-11 Thread Rod Whitworth
On Thu, 10 Jul 2014 23:17:44 -0400, Daniel Dickman wrote: For some urls, lynx will invoke an external command. Turn off telnet, rlogin and tn3270 urls by defining them to false(1) as documented in the lynx manual. Gopher and NNTP are actually still being used (the former a bit sparsely, but

PATCH: missing NUL terminate after readlink() in csh

2014-07-11 Thread Doug Hogan
Csh has a section of code where it NUL terminates after a strlcpy(). Strlcpy() may read past what readlink() wrote since readlink() does not append a NUL. Index: bin/csh/dir.c === RCS file: /cvs/src/bin/csh/dir.c,v retrieving

Re: PATCH: add more malloc.conf details to malloc.3

2014-07-11 Thread Jason McIntyre
On Fri, Jul 11, 2014 at 05:46:15AM +, Doug Hogan wrote: I don't think the current man page has enough detail for what the malloc.conf settings do. Index: lib/libc/stdlib/malloc.3 === RCS file:

Re: PATCH: add more malloc.conf details to malloc.3

2014-07-11 Thread Anthony J. Bentley
On Fri, Jul 11, 2014 at 12:50 AM, Jason McIntyre j...@kerhand.co.uk wrote: On Fri, Jul 11, 2014 at 05:46:15AM +, Doug Hogan wrote: .It Cm j .Dq Don't Junk . By default, small chunks are always junked, and the first part of pages @@ -297,6 +303,7 @@ This can substantially aid in

Re: lynx: disable old protocols

2014-07-11 Thread Theo de Raadt
Pretty standard thing in several companies I do work for is to have an intranet page with http://, ssh://, telnet:// and finger:// (amazingly) links to various devices on the network. Having to read the source and escape to a shell would be somewhat worse than what I get on a base install

Re: lynx: disable old protocols

2014-07-11 Thread Theo de Raadt
I don't see a good reason to get rid of this. What is the rationale? Daniel appears to have made a mistake asking for approval on the wrong list. He's new here, take it easy on him.

Re: PATCH: add more malloc.conf details to malloc.3

2014-07-11 Thread Doug Hogan
On Fri, Jul 11, 2014 at 01:03:54AM -0600, Anthony J. Bentley wrote: In addition to what jmc said, if you document these flags they need to be marked up with the Cm macro instead of ASCII single quotes. My mistake. Fixed version: Index: lib/libc/stdlib/malloc.3

Re: PATCH: add more malloc.conf details to malloc.3

2014-07-11 Thread Theo de Raadt
I am a bit concerned. The description is trying too hard to be overly precise, and may be cumbersome for the typical reader of this page. Index: lib/libc/stdlib/malloc.3 === RCS file: /cvs/src/lib/libc/stdlib/malloc.3,v

Re: PATCH: missing NUL terminate after readlink() in csh

2014-07-11 Thread Ted Unangst
On Fri, Jul 11, 2014 at 06:31, Doug Hogan wrote: Csh has a section of code where it NUL terminates after a strlcpy(). Strlcpy() may read past what readlink() wrote since readlink() does not append a NUL. applied (and smtpd sock fix), thanks.

PATCH: fix various fdopen error handling fd leaks

2014-07-11 Thread Doug Hogan
Another patch will handle some of the fdopen error handling leaks that are combined with missing unlink calls when using mkstemp. Index: games/atc/log.c === RCS file: /cvs/src/games/atc/log.c,v retrieving revision 1.17 diff -u -p -d

Re: PATCH: fix check in smtpd/table_socketmap.c

2014-07-11 Thread Gilles Chehade
thanks, will be fixed shortly as a side note this is not built and will be removed from smtpd to be shipped as an external backend On Fri, Jul 11, 2014 at 05:39:02AM +, Doug Hogan wrote: socket() returns -1 on error. Index: usr.sbin/smtpd/table_socketmap.c

Re: lynx: disable old protocols

2014-07-11 Thread Stuart Henderson
On 2014/07/11 01:18, Theo de Raadt wrote: I too use gopher in lynx regularly, and would miss support. There is = still a surprisingly active community using gopher. (floodgap, et al.) So install a package. Should we just move lynx to packages?

Re: lynx: disable old protocols

2014-07-11 Thread Brett Mahar
On Fri, 11 Jul 2014 09:48:12 +0100 Stuart Henderson st...@openbsd.org wrote: | On 2014/07/11 01:18, Theo de Raadt wrote: | I too use gopher in lynx regularly, and would miss support. There is = | still a surprisingly active community using gopher. (floodgap, et al.) | | So install a

Re: lynx: disable old protocols

2014-07-11 Thread Stuart Henderson
On 2014/07/11 18:51, Brett Mahar wrote: On Fri, 11 Jul 2014 09:48:12 +0100 Stuart Henderson st...@openbsd.org wrote: | On 2014/07/11 01:18, Theo de Raadt wrote: | I too use gopher in lynx regularly, and would miss support. There is = | still a surprisingly active community using gopher.

Re: lynx: disable old protocols

2014-07-11 Thread Theo de Raadt
I find lynx really handy to have in base, e.g. installing on a new machine, users can just go to openbsd.org and cut and paste a pkg_path prior to installing anything, and read the faq. that is why it is in base. but someone on the list wants to visit the openbsd gopher page to get that

Re: lynx: disable old protocols

2014-07-11 Thread Theo de Raadt
If lynx was removed from base, and only available in ports... how many of you would even know of it's existance and use it?

Re: lynx: disable old protocols

2014-07-11 Thread Ted Unangst
On Fri, Jul 11, 2014 at 09:56, Stuart Henderson wrote: On 2014/07/11 18:51, Brett Mahar wrote: On Fri, 11 Jul 2014 09:48:12 +0100 Stuart Henderson st...@openbsd.org wrote: | On 2014/07/11 01:18, Theo de Raadt wrote: | I too use gopher in lynx regularly, and would miss support. There is =

sshd add back hmac-sha1

2014-07-11 Thread Ted Unangst
I think the proposal rampaging went one algorithm too far. sha1 is the best algorithm supported by many clients and it's still pretty secure. without it, a lot of clients have stopped working. temporarily alieve the pain? Index: myproposal.h

Re: lynx: disable old protocols

2014-07-11 Thread Stuart Henderson
On 2014/07/11 05:05, Ted Unangst wrote: On Fri, Jul 11, 2014 at 09:56, Stuart Henderson wrote: On 2014/07/11 18:51, Brett Mahar wrote: On Fri, 11 Jul 2014 09:48:12 +0100 Stuart Henderson st...@openbsd.org wrote: | On 2014/07/11 01:18, Theo de Raadt wrote: | I too use gopher in lynx

Re: lynx: disable old protocols

2014-07-11 Thread Paul Irofti
On Thu, Jul 10, 2014 at 11:05:45PM -0400, Daniel Dickman wrote: Patch below turns off the following ancient protocols built into lynx: bibp, finger, gopher, and news. For some urls, lynx will invoke an external command. Turn off telnet, rlogin and tn3270 urls by defining them to false(1)

PATCH: misc mkstemp and fdopen fixes

2014-07-11 Thread Doug Hogan
Index: bin/csh/dol.c === RCS file: /cvs/src/bin/csh/dol.c,v retrieving revision 1.17 diff -u -p -d -r1.17 dol.c --- bin/csh/dol.c 12 Aug 2010 02:00:27 - 1.17 +++ bin/csh/dol.c 11 Jul 2014 09:12:11 - @@ -829,7

Re: sshd add back hmac-sha1

2014-07-11 Thread Stuart Henderson
On 2014/07/11 05:32, Ted Unangst wrote: I think the proposal rampaging went one algorithm too far. sha1 is the best algorithm supported by many clients and it's still pretty secure. without it, a lot of clients have stopped working. temporarily alieve the pain? Re-adding SHA1 will fix things

Re: PATCH: misc mkstemp and fdopen fixes

2014-07-11 Thread Ville Valkonen
On 11 July 2014 12:41, Doug Hogan d...@acyclic.org wrote: Index: bin/csh/dol.c === RCS file: /cvs/src/bin/csh/dol.c,v retrieving revision 1.17 diff -u -p -d -r1.17 dol.c --- bin/csh/dol.c 12 Aug 2010 02:00:27 -

Re: PATCH: add more malloc.conf details to malloc.3

2014-07-11 Thread Jason McIntyre
On Fri, Jul 11, 2014 at 07:25:06AM +, Doug Hogan wrote: On Fri, Jul 11, 2014 at 01:03:54AM -0600, Anthony J. Bentley wrote: In addition to what jmc said, if you document these flags they need to be marked up with the Cm macro instead of ASCII single quotes. My mistake. Fixed version:

Re: PATCH: misc mkstemp and fdopen fixes

2014-07-11 Thread Philip Guenther
On Fri, Jul 11, 2014 at 11:41 AM, Doug Hogan d...@acyclic.org wrote: Index: sbin/disklabel/disklabel.c === RCS file: /cvs/src/sbin/disklabel/disklabel.c,v retrieving revision 1.195 diff -u -p -d -r1.195 disklabel.c ---

Re: ftp(1) User-Agent

2014-07-11 Thread Alexander Hall
On 07/10/14 06:30, Lawrence Teo wrote: About a month ago, I sent a diff that allows ftp(1) to set its User-Agent. Based on feedback from halex@ and deraadt@, I have changed it so that the User-Agent can be set via a -U command-line option instead of an environment variable. I have also

faster malloc in threads

2014-07-11 Thread Ted Unangst
We don't need to hold the malloc lock when making syscalls like mmap and munmap if we're just a little careful about the order of operations. This will allow other threads to concurrently allocate perhaps smaller chunks while the first thread is in the kernel. This makes a huge difference in a

Proposition

2014-07-11 Thread David Carlier
Hi all, I was wondering if a generic small geoloc lib might interest ? which can load dynamically any geo localisation library via dlopen and so on ... to get, let's say, a country code with an ip address ... can serve for some purposes (I ll use it for geolocalisation load balancing via relayd)

Re: PATCH: add more malloc.conf details to malloc.3

2014-07-11 Thread Otto Moerbeek
On Fri, Jul 11, 2014 at 01:38:23AM -0600, Theo de Raadt wrote: I am a bit concerned. The description is trying too hard to be overly precise, and may be cumbersome for the typical reader of this page. indeed, and I also dislike putting too much implementation details into a man page. Things

Re: unify some bpf code

2014-07-11 Thread Henning Brauer
* Kent R. Spillner kspill...@acm.org [2014-07-10 20:47]: I saw this was already committed, but one tiny consistency nit inline below. I'd argue it's not consistency, rather the opposite, since: - mh.mh_len = 4; + bpf_mtap_hdr(arg, (caddr_t)afh, 4, m, direction, NULL); you see this was

Re: Proposition

2014-07-11 Thread Reyk Floeter
Hi, On Fri, Jul 11, 2014 at 11:33:19AM +0100, David Carlier wrote: I was wondering if a generic small geoloc lib might interest ? which can load dynamically any geo localisation library via dlopen and so on ... to get, let's say, a country code with an ip address ... can serve for some

Re: sort(1) updates

2014-07-11 Thread Jason McIntyre
On Fri, Jul 11, 2014 at 12:25:01AM -0400, Jared Yanovich wrote: On Sun, Jul 06, 2014 at 09:03:17PM +0200, Otto Moerbeek wrote: Alternatively we could just import the FreeBSD sort(1) rewrite from 2012. Did you try to port it? I won't have time the coming weeks, I'll be on vacation.

Re: PATCH: misc mkstemp and fdopen fixes

2014-07-11 Thread Doug Hogan
On Fri, Jul 11, 2014 at 12:19:22PM +0200, Philip Guenther wrote: This should call warn() before unlink() or close() to guarantee that the correct errno value is reported. Philip, I see what you are saying. I was following the man page example in mkstemp(3) which calls warn() after

Re: Proposition

2014-07-11 Thread David Carlier
Fair point Reyk, I honestly did not think about this daemon approach ! Thanks for your inputs ! On 11 July 2014 11:59, Reyk Floeter r...@openbsd.org wrote: Hi, On Fri, Jul 11, 2014 at 11:33:19AM +0100, David Carlier wrote: I was wondering if a generic small geoloc lib might interest ?

Re: sshd add back hmac-sha1

2014-07-11 Thread Antoine Jacoutot
On Fri, Jul 11, 2014 at 05:32:20AM -0400, Ted Unangst wrote: I think the proposal rampaging went one algorithm too far. sha1 is the best algorithm supported by many clients and it's still pretty secure. without it, a lot of clients have stopped working. temporarily alieve the pain? I for one

Re: lynx: disable old protocols

2014-07-11 Thread Adam Thompson
I would know of its existence, but likely not install it. As I said, I have workarounds. I remember how bad the code was years ago, so I agree with the idea in general, but it will be a pain in the butt for me every once in a while :-(. -Adam On July 11, 2014 4:03:29 AM CDT, Theo de Raadt

Re: [PATCH] rdomain support on rc.d

2014-07-11 Thread Mike Belopuhov
On 11 July 2014 10:29, Antoine Jacoutot ajacou...@bsdfrog.org wrote: On Thu, Jul 10, 2014 at 06:51:01PM +0200, Loďc BLOT wrote: Hello all, I use rdomains to split routing domains per company and also separate administration interfaces from routing interfaces on my routers (sshd, bacula,

Re: tun TUNDOIOVEC ioctl

2014-07-11 Thread Henning Brauer
* Matthew Dempsky matt...@dempsky.org [2014-07-10 22:56]: On Thu, Jul 10, 2014 at 1:20 PM, Ted Unangst t...@tedunangst.com wrote: Thoughts? Seems kind of hacky to me, but if it results in significant performance improvements in real world uses, then I could be swayed since it's not very

Re: faster malloc in threads

2014-07-11 Thread Otto Moerbeek
On Fri, Jul 11, 2014 at 06:28:04AM -0400, Ted Unangst wrote: We don't need to hold the malloc lock when making syscalls like mmap and munmap if we're just a little careful about the order of operations. This will allow other threads to concurrently allocate perhaps smaller chunks while the

Re: lynx: disable old protocols

2014-07-11 Thread Henning Brauer
* Stuart Henderson st...@openbsd.org [2014-07-11 10:49]: Should we just move lynx to packages? hmm. having a simple text browser in base is worthwile imo. and if it is just to download sth where i don't know the exact URL. personally, I haven't used lynx for anything but http and https in...

Re: sshd add back hmac-sha1

2014-07-11 Thread Henning Brauer
* Ted Unangst t...@tedunangst.com [2014-07-11 11:32]: I think the proposal rampaging went one algorithm too far. sha1 is the best algorithm supported by many clients and it's still pretty secure. without it, a lot of clients have stopped working. temporarily alieve the pain? yes, please. --

Re: faster malloc in threads

2014-07-11 Thread Ted Unangst
On Fri, Jul 11, 2014 at 13:56, Otto Moerbeek wrote: On Fri, Jul 11, 2014 at 06:28:04AM -0400, Ted Unangst wrote: We don't need to hold the malloc lock when making syscalls like mmap and munmap if we're just a little careful about the order of operations. This will allow other threads to

Re: diff: Option to use duids in /etc/dumpdates

2014-07-11 Thread Alexander Hall
On 07/11/14 01:15, Maximilian Fillinger wrote: On 07/10/14 16:28, Alexander Hall wrote: Anyway, I worked on your diff a bit more: - keep having -U and -u separate (as discussed) - use Uflag instead of duidflag - bail out if the duid is all 0. - allow specifying the drive to dump by duid.part

Re: diff: Option to use duids in /etc/dumpdates

2014-07-11 Thread Maximilian Fillinger
On Fri, 2014-07-11 at 14:22 +0200, Alexander Hall wrote: If there are no other objections, I'd like to commit this today. Just don't forget to get rid of this + } else { fprintf(stderr, duid: %s\n, duid); } before committing.

Re: sshd add back hmac-sha1

2014-07-11 Thread Alexander Hall
On 07/11/14 11:32, Ted Unangst wrote: I think the proposal rampaging went one algorithm too far. sha1 is the best algorithm supported by many clients and it's still pretty secure. without it, a lot of clients have stopped working. temporarily alieve the pain? Naaa.. You did this just for

Re: sshd add back hmac-sha1

2014-07-11 Thread Bob Beck
yes please. On Fri, Jul 11, 2014 at 3:32 AM, Ted Unangst t...@tedunangst.com wrote: I think the proposal rampaging went one algorithm too far. sha1 is the best algorithm supported by many clients and it's still pretty secure. without it, a lot of clients have stopped working. temporarily

Re: diff: Option to use duids in /etc/dumpdates

2014-07-11 Thread Alexander Hall
On 07/11/14 14:33, Maximilian Fillinger wrote: On Fri, 2014-07-11 at 14:22 +0200, Alexander Hall wrote: If there are no other objections, I'd like to commit this today. Just don't forget to get rid of this + } else { fprintf(stderr, duid: %s\n, duid); } before committing. Hmm...

Re: [PATCH] rdomain support on rc.d

2014-07-11 Thread Todd T. Fries
Penned by Mike Belopuhov on 20140711 6:49.19, we have: | On 11 July 2014 10:29, Antoine Jacoutot ajacou...@bsdfrog.org wrote: | On Thu, Jul 10, 2014 at 06:51:01PM +0200, Loďc BLOT wrote: | Hello all, | I use rdomains to split routing domains per company and also separate | administration

Re: [PATCH] rdomain support on rc.d

2014-07-11 Thread Theo de Raadt
Penned by Mike Belopuhov on 20140711 6:49.19, we have: | On 11 July 2014 10:29, Antoine Jacoutot ajacou...@bsdfrog.org wrote: | On Thu, Jul 10, 2014 at 06:51:01PM +0200, Loďc BLOT wrote: | Hello all, | I use rdomains to split routing domains per company and also separate

Re: using -Werror-implicit-function-declaration

2014-07-11 Thread Florian Obser
usr.sbin, missing prototypes: diff --git usr.sbin/mrouted/defs.h usr.sbin/mrouted/defs.h index 4c9224a..45b060f 100644 --- usr.sbin/mrouted/defs.h +++ usr.sbin/mrouted/defs.h @@ -209,6 +209,7 @@ extern void accept_leave_message(u_int32_t src, u_int32_t dst,

Re: using -Werror-implicit-function-declaration

2014-07-11 Thread Florian Obser
usr.sbin, fix bind configure: Carefully checked that config.h and generated Makefiles don't change. diff --git usr.sbin/bind/configure usr.sbin/bind/configure index 6e280ad..db02979 100644 --- usr.sbin/bind/configure +++ usr.sbin/bind/configure @@ -4596,6 +4596,8 @@ cat confdefs.h

Re: using -Werror-implicit-function-declaration

2014-07-11 Thread Florian Obser
usr.sbin, fix nsd/unbound configure carefully checked that config.h and generated Makefiles don't change. need for _XOPEN_VERSION pointed out by guenther@ diff --git usr.sbin/nsd/configure usr.sbin/nsd/configure index d2d28c1..c2a40e8 100644 --- usr.sbin/nsd/configure +++ usr.sbin/nsd/configure

Re: using -Werror-implicit-function-declaration

2014-07-11 Thread Florian Obser
usr.sbin; enable -Werror-implicit-function-declaration: This has currently no effect on subdirs using Makefile.bsd-wrapper (bind, nginx, nsd, unbound). This is beeing worked on. With a workaround they have been tested and with the previous diffs are clean. diff --git usr.sbin/Makefile.inc

Re: using -Werror-implicit-function-declaration

2014-07-11 Thread Ted Unangst
On Fri, Jul 11, 2014 at 14:09, Florian Obser wrote: usr.sbin, make sure subdirs of subdirs see usr.sbin/Makefile.inc: Does the same thing as lpr/pac and pppd/pppstats. I have no idea if this is the right way, but it seems to work. Cluebats welcome. I think maybe it would be nicer to create a

Re : Re: [PATCH] rdomain support on rc.d

2014-07-11 Thread Loïc Blot
Réseaux http://www.unix-experience.fr Theo de Raadt dera...@cvs.openbsd.org a écrit : Penned by Mike Belopuhov on 20140711  6:49.19, we have: | On 11 July 2014 10:29, Antoine Jacoutot ajacou...@bsdfrog.org wrote: | On Thu, Jul 10, 2014 at 06:51:01PM +0200, Lo��c BLOT wrote: | Hello all, | I

Re: [PATCH] rdomain support on rc.d

2014-07-11 Thread Stuart Henderson
On 2014/07/11 13:49, Mike Belopuhov wrote: as far as i can tell the daemon_rdomain bit that goes into the rc script is fine, however i'm not quite sure how can i start two daemons in different rdomains via rc.conf.local. looks like this diff doesn't handle this and allows only one instance in

Re: diff: fix dhcpinform to work without lease

2014-07-11 Thread YASUOKA Masahiko
On Wed, 09 Jul 2014 20:40:36 +0200 (CEST) YASUOKA Masahiko yasu...@yasuoka.net wrote: On Wed, 9 Jul 2014 19:08:09 +0200 Kenneth Westerback kwesterb...@gmail.com wrote: On 9 July 2014 16:26, YASUOKA Masahiko yasu...@yasuoka.net wrote: This diff fixes dhcpinform to work without lease. ok?

Re: Re : Re: [PATCH] rdomain support on rc.d

2014-07-11 Thread Todd T. Fries
Ok ok ok .. having the ability to specify the rdomain for the one instance of a daemon started by /etc/rc does let other monkeying to be done from /etc/rc.local if desired. Thanks, Penned by Loïc Blot on 20140711 9:56.35, we have: | Of course, | I have set the fewer modification on rc.subr

macppc tester(s) needed

2014-07-11 Thread Bret Lambert
Not having a macppc machine of my own anymore, I am forced to rely on the kindness of strangers. I'm looking specifically for macppc machines with the line abtn at adb? in the dmesg. If you or a loved one owns such a machine, please contact me off-list, as I have a small change to the driver

Re: [patch] new ssl features for relayd (more forward secrecy, renegotiation interception)

2014-07-11 Thread Reyk Floeter
Hi, On Wed, Jul 02, 2014 at 01:34:51PM +0200, Markus Gebert wrote: I hope this is the right mailing list to publish a patch. If not, please let me know where to place it or how I should get in contact with the relayd maintainer(s). I've added some new SSL features and config options to

Re: ftp(1) User-Agent

2014-07-11 Thread Lawrence Teo
On Fri, Jul 11, 2014 at 12:20:00PM +0200, Alexander Hall wrote: On 07/10/14 06:30, Lawrence Teo wrote: About a month ago, I sent a diff that allows ftp(1) to set its User-Agent. Based on feedback from halex@ and deraadt@, I have changed it so that the User-Agent can be set via a -U

Re: ftp(1) User-Agent

2014-07-11 Thread Alexander Hall
On 07/11/14 17:35, Lawrence Teo wrote: On Fri, Jul 11, 2014 at 12:20:00PM +0200, Alexander Hall wrote: On 07/10/14 06:30, Lawrence Teo wrote: About a month ago, I sent a diff that allows ftp(1) to set its User-Agent. Based on feedback from halex@ and deraadt@, I have changed it so that the

tweaks for man.cgi

2014-07-11 Thread Ted Unangst
1. redundant null tests 2. http decode can be linear instead of (n^2) with two pointers. Index: cgi.c === RCS file: /cvs/src/usr.bin/mandoc/cgi.c,v retrieving revision 1.1 diff -u -p -r1.1 cgi.c --- cgi.c 11 Jul 2014 15:37:22

Re: tweaks for man.cgi

2014-07-11 Thread Ted Unangst
Another diff. HTTP headers have to be separated by CRLF. Index: cgi.c === RCS file: /cvs/src/usr.bin/mandoc/cgi.c,v retrieving revision 1.1 diff -u -p -r1.1 cgi.c --- cgi.c 11 Jul 2014 15:37:22 - 1.1 +++ cgi.c 11

Re: [patch] new ssl features for relayd (more forward secrecy, renegotiation interception)

2014-07-11 Thread Markus Gebert
Hi Reyk On 11.07.2014, at 17:29, Reyk Floeter r...@openbsd.org wrote: On Wed, Jul 02, 2014 at 01:34:51PM +0200, Markus Gebert wrote: I hope this is the right mailing list to publish a patch. If not, please let me know where to place it or how I should get in contact with the relayd

Re: using -Werror-implicit-function-declaration

2014-07-11 Thread Marc Espie
On Fri, Jul 11, 2014 at 10:27:57AM -0400, Ted Unangst wrote: On Fri, Jul 11, 2014 at 14:09, Florian Obser wrote: usr.sbin, make sure subdirs of subdirs see usr.sbin/Makefile.inc: Does the same thing as lpr/pac and pppd/pppstats. I have no idea if this is the right way, but it seems to

Re: PATCH: misc mkstemp and fdopen fixes

2014-07-11 Thread Doug Hogan
On Fri, Jul 11, 2014 at 12:19:22PM +0200, Philip Guenther wrote: This should call warn() before unlink() or close() to guarantee that the correct errno value is reported. ... This and several other need to save errno and use errc(), ala: Updated patch. Updated mktemp.3 this time. Index:

Re: PATCH: misc mkstemp and fdopen fixes

2014-07-11 Thread Marc Espie
On Fri, Jul 11, 2014 at 04:55:36PM +, Doug Hogan wrote: Index: usr.bin/m4/eval.c === RCS file: /cvs/src/usr.bin/m4/eval.c,v retrieving revision 1.72 diff -u -p -d -r1.72 eval.c --- usr.bin/m4/eval.c 28 Apr 2014 12:34:11

Re: ftp(1) User-Agent

2014-07-11 Thread Lawrence Teo
On Fri, Jul 11, 2014 at 05:46:02PM +0200, Alexander Hall wrote: On 07/11/14 17:35, Lawrence Teo wrote: On Fri, Jul 11, 2014 at 12:20:00PM +0200, Alexander Hall wrote: On 07/10/14 06:30, Lawrence Teo wrote: About a month ago, I sent a diff that allows ftp(1) to set its User-Agent. Based on

First release of LibreSSL portable is available.

2014-07-11 Thread Bob Beck
The first release of LibreSSL portable has been released. LibreSSL can be found in the LibreSSL directory of your favorite OpenBSD mirror. http://ftp.openbsd.org/pub/OpenBSD/LibreSSL has it, and other mirrors will soon. libressl-2.0.0.tar.gz has been tested to build on various versions of Linux,

Re: PATCH: misc mkstemp and fdopen fixes

2014-07-11 Thread Doug Hogan
On Fri, Jul 11, 2014 at 07:29:06PM +0200, Marc Espie wrote: I don't like that part. The logic is a bit wrong. Especially since unlink(fname) is always called for fd != -1, so I feel there should be one single call. Ok Index: usr.bin/m4/eval.c

Re: ftp(1) User-Agent

2014-07-11 Thread Alexander Hall
On 07/11/14 20:06, Lawrence Teo wrote: On Fri, Jul 11, 2014 at 05:46:02PM +0200, Alexander Hall wrote: On 07/11/14 17:35, Lawrence Teo wrote: On Fri, Jul 11, 2014 at 12:20:00PM +0200, Alexander Hall wrote: On 07/10/14 06:30, Lawrence Teo wrote: About a month ago, I sent a diff that allows

Re: lynx: disable old protocols

2014-07-11 Thread patrick keshishian
On 7/11/14, Theo de Raadt dera...@cvs.openbsd.org wrote: If lynx was removed from base, and only available in ports... how many of you would even know of it's existance and use it? asking rhetorically? either way, yes, I would install lynx if it wasn't in base. I use it on a daily basis.

Re: First release of LibreSSL portable is available.

2014-07-11 Thread Iain Morgan
On Fri, Jul 11, 2014 at 12:21:12 -0600, Bob Beck wrote: The first release of LibreSSL portable has been released. LibreSSL can be found in the LibreSSL directory of your favorite OpenBSD mirror. http://ftp.openbsd.org/pub/OpenBSD/LibreSSL has it, and other mirrors will soon.

Re: First release of LibreSSL portable is available.

2014-07-11 Thread Piotr Sikora
Hello, libressl-2.0.0.tar.gz has been tested to build on various versions of Linux, Solaris, Mac OSX, and FreeBSD. This is intended as an initial release to allow the community to start using and providing feedback. We will be adding support for other platforms as time and resources permit.

Re: First release of LibreSSL portable is available.

2014-07-11 Thread Bob Beck
It's already fixed, so will be on the next tarball roll On Fri, Jul 11, 2014 at 3:07 PM, Piotr Sikora piotr.sik...@frickle.com wrote: Hello, libressl-2.0.0.tar.gz has been tested to build on various versions of Linux, Solaris, Mac OSX, and FreeBSD. This is intended as an initial release to

Re: CVS: cvs.openbsd.org: src

2014-07-11 Thread Stuart Henderson
On 2014/07/11 15:21, Bob Beck wrote: CVSROOT: /cvs Module name: src Changes by: b...@cvs.openbsd.org2014/07/11 15:21:59 Modified files: lib/libssl/src/crypto: opensslv.h Log message: Provide LIBRESSL_VERSION_NUMBER for people who use such things to detect versions

Re: First release of LibreSSL portable is available.

2014-07-11 Thread Toni Mueller
Hi, On Fri, Jul 11, 2014 at 12:21:12PM -0600, Bob Beck wrote: The first release of LibreSSL portable has been released. LibreSSL can be found in the LibreSSL directory of your favorite OpenBSD mirror. http://ftp.openbsd.org/pub/OpenBSD/LibreSSL has it, and other mirrors sounds great!

Re: First release of LibreSSL portable is available.

2014-07-11 Thread Piotr Sikora
Hey Bob, It's already fixed, so will be on the next tarball roll Thanks! I should have been more clear in my previous email, but would it be possible to also revert OPENSSL_VERSION_NUMBER back to 0x1000107fL (or 0x1000108fL)? This way LibreSSL would work as a drop-in replacement without

Re: CVS: cvs.openbsd.org: src

2014-07-11 Thread Bob Beck
The OPENSSL_VERSION number is a guarantee for a certain version of the ABI. As we dont' provide that (in fact much of the ABI in LIbreSSL is beyond 1.0.1g, it is not accurate to use the old OPENSSL_VERSION. Essnentially this OPENSSL_VERSION is bigger than 1.0.1g's. On Fri, Jul 11, 2014 at 4:15

Re: CVS: cvs.openbsd.org: src

2014-07-11 Thread Bob Beck
And seeing as how they moved 0.0.4 revisons in 9 years, call that 0.0.05 revisions per year, they have approximately 194 years of OpenSSL releases before the version numbering space will collide. On Fri, Jul 11, 2014 at 4:41 PM, Bob Beck b...@obtuse.com wrote: The OPENSSL_VERSION number is a

Re: CVS: cvs.openbsd.org: src

2014-07-11 Thread Stuart Henderson
I'm worried that bogus codepaths will be taken in software that expects a certain openssl version - things failing to build we can cope with in ports easily enough, I'm more concerned about software that does build but behaves incorrectly at runtime.

Re: CVS: cvs.openbsd.org: src

2014-07-11 Thread Theo de Raadt
I'm worried that bogus codepaths will be taken in software that expects a certain openssl version - things failing to build we can cope with in ports easily enough, I'm more concerned about software that does build but behaves incorrectly at runtime. If the software is that fragile, then I am

Re: CVS: cvs.openbsd.org: src

2014-07-11 Thread Matthew Dempsky
On Fri, Jul 11, 2014 at 3:41 PM, Bob Beck b...@obtuse.com wrote: The OPENSSL_VERSION number is a guarantee for a certain version of the ABI. As we dont' provide that (in fact much of the ABI in LIbreSSL is beyond 1.0.1g, it is not accurate to use the old OPENSSL_VERSION. Essnentially this

Re: First release of LibreSSL portable is available.

2014-07-11 Thread Ted Unangst
On Sat, Jul 12, 2014 at 00:22, Piotr Sikora wrote: Hey Bob, It's already fixed, so will be on the next tarball roll Thanks! I should have been more clear in my previous email, but would it be possible to also revert OPENSSL_VERSION_NUMBER back to 0x1000107fL (or 0x1000108fL)? This way

Re: First release of LibreSSL portable is available.

2014-07-11 Thread Miod Vallat
it. As expected, OPENSSL does the opposite and makes life harder for everyone. Hasn't this been the OpenSSL roadmap since the very beginning?

[PATCH] libressl: add dummy egd functions

2014-07-11 Thread Hanno Böck
Hi, I hope this is the right place to post libressl-related discussions. I'm new here. After today's release of the portable libressl version I tried to use it as a drop-in-replacement on a gentoo linux system. There were a numbre of issues popping up. A number of packages failed to compile due

Re: [PATCH] libressl: add dummy egd functions

2014-07-11 Thread Stuart Henderson
On 2014/07/12 01:13, Hanno Böck wrote: I didn't know what egd was up until today, but reading what it is I completely understand that consideration. However, this breaks a number of packages (wget, python, ruby). There's probably a simple solution: Just add dummy functions that always return

Re: [PATCH] libressl: add dummy egd functions

2014-07-11 Thread Ted Unangst
On Sat, Jul 12, 2014 at 01:13, Hanno Böck wrote: I didn't know what egd was up until today, but reading what it is I completely understand that consideration. However, this breaks a number of packages (wget, python, ruby). Those packages would all be better off without egd support. In the

Re: CVS: cvs.openbsd.org: src

2014-07-11 Thread Bob Beck
The fundamental probelm with this Matthew - is that next time, if we do this, by the next release we will be chasing what features we have imported from 1.0.2g and 10.2.z, and 1.0.2.qq - where does it end? We will be continuing to add functionality in here from many sources, and so assuming we

Re: CVS: cvs.openbsd.org: src

2014-07-11 Thread Matthew Dempsky
On Fri, Jul 11, 2014 at 4:37 PM, Bob Beck b...@obtuse.com wrote: The fundamental probelm with this Matthew - is that next time, if we do this, by the next release we will be chasing what features we have imported from 1.0.2g and 10.2.z, and 1.0.2.qq - where does it end? It ends whenever it

libressl portable and openssh portable causes segfault

2014-07-11 Thread Hanno Böck
Hi, I just noted that when I recompiled openssh against libressl (both portable versions on linux) ssh segfaults when I try to use it. Running it through ltrace it seems this happens when RAND_bytes is called. I haven't debugged this in detail, but some observations: * RAND_bytes in libressl

Re: cvs.openbsd.org: src

2014-07-11 Thread Piotr Sikora
Hey Bob, The fundamental probelm with this Matthew - is that next time, if we do this, by the next release we will be chasing what features we have imported from 1.0.2g and 10.2.z, and 1.0.2.qq - where does it end? We will be continuing to add functionality in here from many sources, and so

Re: libressl portable and openssh portable causes segfault

2014-07-11 Thread Bob Beck
You need a more recent OpenSSH. The old versions of OpenSSH did a foolish thing with their portable arc4random, and called RAND_BYTES. New OpenSSH does not do this. On Fri, Jul 11, 2014 at 6:07 PM, Hanno Böck ha...@hboeck.de wrote: Hi, I just noted that when I recompiled openssh against

Re: libressl portable and openssh portable causes segfault

2014-07-11 Thread Bob Beck
Ask the OpenSSH guys - if your OpenSSH portable is using RAND_BYTES, well it could be using egd and all other sorts of interesting things. You could try to change your link order instead to use the arc4random implementation from libressl - which will work for you. On Fri, Jul 11, 2014 at 6:19

Re: libressl portable and openssh portable causes segfault

2014-07-11 Thread Hanno Böck
On Fri, 11 Jul 2014 18:12:49 -0600 Bob Beck b...@obtuse.com wrote: You need a more recent OpenSSH. The old versions of OpenSSH did a foolish thing with their portable arc4random, and called RAND_BYTES. New OpenSSH does not do this. I use 6.6p1 which is the latest available. -- Hanno Böck

Re: First release of LibreSSL portable is available.

2014-07-11 Thread tekk
Thanks Bob and all the other LibreSSL hackers. Just switched my slackware 14.1 box over to libressl instead of openssl and it's working great so far, no problems at all.

divert(4) checksum cleanup

2014-07-11 Thread Lawrence Teo
This diff simplifies divert_output() further by removing the csum_flag variable and setting the checksum flag in pkthdr directly (the variable was originally there to help with zeroing the checksum, but we've now determined that zeroing the checksum is unnecessary so that variable is no longer

PATCH: avoid clobbering errno before err/warn

2014-07-11 Thread Doug Hogan
This patch is generated by coccinelle, but I reviewed it. I changed the lpr patch to use warnc() so it has less code executing inside PRIV_START. I targeted if statements where it modifies errno before warn or err is called. It checked a list of functions that are typically used in error