Re: isakmpd.policy check

2018-01-04 Thread Remi Locherer
On Thu, Jan 04, 2018 at 12:30:39PM +, Stuart Henderson wrote: > On 2018/01/04 12:47, Martin Pieuchot wrote: > > I'm not writing any isakmpd.policy(5) file. I don't know anybody sane > > we do. > > This means you trust your ipsec peers not to request an invalid flow. > That's reasonable if

Re: VMD: revise check for regular files on disks

2018-01-04 Thread Jeremie Courreges-Anglas
On Wed, Jan 03 2018, Carlos Cardenas wrote: > Howdy. > > Attached is a patch to address a TOCTOU issue with checking to > ensure disks are regular files, reported by jca@ . > > Comments? Ok? A bit late, but ok. While here, if the S_ISREG check fails there is no meaningful

Re: ksh: Fix compilation without job control

2018-01-04 Thread Jeremie Courreges-Anglas
On Thu, Jan 04 2018, Klemens Nanni wrote: > A few guards are missing, with this diff ksh compiles cleanly with JOBS > undefined. > > Found while looking for undesired changes after working on job control. > > Feedback? Looks good, ok jca@ I kinda take job control in my shell

Re: mg: extract child status with WEXITSTATUS

2018-01-04 Thread Jeremie Courreges-Anglas
On Tue, Jan 02 2018, Scott Cheloha wrote: > On Mon, Jan 01, 2018 at 09:07:25PM -0700, Todd C. Miller wrote: >> On Mon, 01 Jan 2018 19:54:07 -0600, Scott Cheloha wrote: >> >> > Hey, >> > >> > In the mg(1) *compile* buffer, currently you get incorrect >> > output like: >> >

Re: update Mesa to 17.2.6

2018-01-04 Thread Theo de Raadt
The diff below helps, and will be in snaps until the situation is resolved. > On Fri, Jan 05, 2018 at 12:38:27AM +0200, Lauri Tirkkonen wrote: > > Hi, > > > > On Mon, Nov 27 2017 20:22:30 +1100, Jonathan Gray wrote: > > > I'm interested in reports from people who saw corruption on Intel > > >

Re: update Mesa to 17.2.6

2018-01-04 Thread Theo de Raadt
> > On Mon, Nov 27 2017 20:22:30 +1100, Jonathan Gray wrote: > > > I'm interested in reports from people who saw corruption on Intel > > > graphics during the brief period when Mesa 17.1.6 was in the tree. The issue is back. x230. run xpdf on a document which large regions of black and white,

Re: relayd and PUT

2018-01-04 Thread Alexander Bluhm
On Wed, Dec 13, 2017 at 07:42:03AM +0100, Claudio Jeker wrote: > On Wed, Dec 13, 2017 at 12:25:39AM +, Rivo Nurges wrote: > > If you http PUT a "big" file through relayd, server<>relay read side > > will eventually get a EVBUFFER_TIMEOUT. Nothing comes back from the > > server until the PUT is

Re: update Mesa to 17.2.6

2018-01-04 Thread Jonathan Gray
On Fri, Jan 05, 2018 at 12:38:27AM +0200, Lauri Tirkkonen wrote: > Hi, > > On Mon, Nov 27 2017 20:22:30 +1100, Jonathan Gray wrote: > > I'm interested in reports from people who saw corruption on Intel > > graphics during the brief period when Mesa 17.1.6 was in the tree. > > Sorry for not

Re: update Mesa to 17.2.6

2018-01-04 Thread Lauri Tirkkonen
Hi, On Mon, Nov 27 2017 20:22:30 +1100, Jonathan Gray wrote: > I'm interested in reports from people who saw corruption on Intel > graphics during the brief period when Mesa 17.1.6 was in the tree. Sorry for not testing this sooner; I had forgotten about seeing this corruption previously.

ksh: Fix compilation without job control

2018-01-04 Thread Klemens Nanni
A few guards are missing, with this diff ksh compiles cleanly with JOBS undefined. Found while looking for undesired changes after working on job control. Feedback? diff --git a/bin/ksh/jobs.c b/bin/ksh/jobs.c index 53858a37d26..7e29c2f38b8 100644 --- a/bin/ksh/jobs.c +++ b/bin/ksh/jobs.c @@

Re: cross ref ocspcheck in httpd.conf(5)

2018-01-04 Thread Jason McIntyre
On Wed, Dec 20, 2017 at 08:43:35AM +0100, Paul de Weerd wrote: > I've been playing a bit with OCSP stapling in httpd and found the > documentation a bit lacking / confusing. httpd says: > > ocsp file > Specify an OCSP response to be stapled during TLS >

Re: VMD: revise check for regular files on disks

2018-01-04 Thread Mike Larkin
On Thu, Jan 04, 2018 at 07:14:54AM -0800, Carlos Cardenas wrote: > Mike Larkin wrote: > > > On Wed, Jan 03, 2018 at 08:03:56PM -0800, Carlos Cardenas wrote: > > > Howdy. > > > > > > Attached is a patch to address a TOCTOU issue with checking to > > > ensure disks are

Re: Remove useless includes

2018-01-04 Thread Claudio Jeker
On Thu, Jan 04, 2018 at 03:58:07PM +0100, Martin Pieuchot wrote: > 'struct socket' is exposed to userland via . Most of > our programs in base do not need it. Since I'm going to change the > content of this struct for MP works, I'd like to reduce the impact on > userland. > > Here's a diff to

Re: VMD: revise check for regular files on disks

2018-01-04 Thread Carlos Cardenas
Mike Larkin wrote: > On Wed, Jan 03, 2018 at 08:03:56PM -0800, Carlos Cardenas wrote: > > Howdy. > > > > Attached is a patch to address a TOCTOU issue with checking to > > ensure disks are regular files, reported by jca@ . > > > > Comments? Ok? > > > > +--+ > > Carlos >

Re: Remove useless includes

2018-01-04 Thread Mark Kettenis
> Date: Thu, 4 Jan 2018 15:58:07 +0100 > From: Martin Pieuchot > > 'struct socket' is exposed to userland via . Most of > our programs in base do not need it. Since I'm going to change the > content of this struct for MP works, I'd like to reduce the impact on > userland. >

Remove useless includes

2018-01-04 Thread Martin Pieuchot
'struct socket' is exposed to userland via . Most of our programs in base do not need it. Since I'm going to change the content of this struct for MP works, I'd like to reduce the impact on userland. Here's a diff to remove useless includes, ok? Index: sbin/mount_nfs/mount_nfs.c

Re: isakmpd.policy check

2018-01-04 Thread Stuart Henderson
On 2018/01/04 12:47, Martin Pieuchot wrote: > I'm not writing any isakmpd.policy(5) file. I don't know anybody sane > we do. This means you trust your ipsec peers not to request an invalid flow. That's reasonable if you run both ends and trust yourself not to fat-finger it but it's not really OK

isakmpd.policy check

2018-01-04 Thread Martin Pieuchot
I'm not writing any isakmpd.policy(5) file. I don't know anybody sane we do. I'd like to enforce some policy based on what I write in ipsec.conf(5)... So I don't understand why I have to pass '-K' in every of the machine I setup. If I don't specify any policy file, then I'd assume isakmpd(8)

Re: use inline functions instead of __statement

2018-01-04 Thread Joerg Sonnenberger
On Thu, Jan 04, 2018 at 09:35:36AM +1000, David Gwynne wrote: > these days you can use inline functions to get the same effect, but > it is a more obvious and standard language feature. If you want to go that way, you still should very likely mark the functions as always_inline, otherwise the

Re: Intel CPU Security Flaw Kernel Memory Leak (no microcode update) SW workarounds only

2018-01-04 Thread Tom Smyth
Hello all, there are 2 papers on the following site discussing the CPU Security Flaws https://spectreattack.com/ I hope this helps Tom Smyth

Re: [PATCH] Additional pledge(2) documentation

2018-01-04 Thread Sebastien Marie
On Thu, Jan 04, 2018 at 03:02:23AM -0600, William Orr wrote: > Hey, > > I was working on an application that uses pledge, and without diving > into the source, I found it difficult to figure out what sysctl's are > permitted at different pledge levels. > > This documents the set of different

[PATCH] Additional pledge(2) documentation

2018-01-04 Thread William Orr
Hey, I was working on an application that uses pledge, and without diving into the source, I found it difficult to figure out what sysctl's are permitted at different pledge levels. This documents the set of different sysctl ops that are allowed at different pledge levels, and adds some