David Gwynne wrote:
> this is rough, but enough to start a discussion.
>
> this lets doas authenticate a user by talking to their ssh agent
> by specifying 'ssh-agent' on a permit line in the config. if agent
> auth fails, doas falls back to bsd auth (ie, password auth).
>
> to minimise the amoun
Michael McConville wrote:
> There was a great discussion about softdep recently:
>
> https://marc.info/?t=14216401691&r=1&w=2
>
> It needs extra memory, so the FAQ warns against its use on really old
> architectures.
>
> tedu@ described the two main deterrents:
>
> https://marc.
Kenneth R Westerback wrote:
> CAVEAT: The metadata version has changed so new volumes you create
> will not be loadable on boxes running older versions of OpenBSD.
>
> CAVEAT: You can't rebuild a volume created with *only* 512-byte
> devices onto a 4K-sector device. The volume must be created with
li...@wrant.com wrote:
> > I think the failsafe is "run su".
>
> Visudo(8) style wrapper for doas(1) that would respect the editor
> preferences... is only a suggestion, no? We're 2015 here.
and vipf after that? there are countless config files, even more dangerous
than doas.conf, that you edit a
Jeremy Evans wrote:
>
> If this is worthy of more work, the command line options can certainly
> be changed. I just used getopt(3) since it seemed like the easiest
> way to handle it.
I talked with theo about this some. I'd say it's probably too early, and may
lead us down a weird path, where ta
Manuel Giraud wrote:
> Hi,
>
> I've just shot myself in the foot after /etc/doas.conf tweaking. This
> patch adds a failsafe "permit :wheel" rule in case of syntax error. Is
> this safe enough? Should it be done elsewhere (with some kind of
> visudo)?
I think the failsafe is "run su". Since it is
Sevan Janiyan wrote:
>
>
> On 19/07/2015 15:35, Bob Beck wrote:
> > The place to solve this is in whatever is using cat for this purpose.
> > check for the file type before blindly cat'ing.
>
> Understood both your & Ted's explanation regarding cat.
> Just so it's crisp clear, ignoring cat(1), h
Sevan Janiyan wrote:
> The feature was actually added to ensure whatever cat was meant to be
> reading from was indeed a plain file and not another which could block a
> process.
> "Use cat -f to avoid denial of service attacks by people who make
> .rhosts files fifos."
> http://mail-index.netbsd.o
Reyk Floeter wrote:
> On Fri, Jul 17, 2015 at 08:20:11PM -0400, Ted Unangst wrote:
> > Florian Obser wrote:
> > > OK?
> > >
> > > diff --git httpd.conf.5 httpd.conf.5
> > > index b3eaad8..bfca29f 100644
> > > --- httpd.conf.5
> > >
Stuart Henderson wrote:
> On 2015/07/17 20:24, Ted Unangst wrote:
> > Jeremy Evans wrote:
> > > As an aside, crypt("passwd", "$2") returns ":" instead of NULL. I'm not
> > > sure if that's a security issue, but I think it is and
Ted Unangst wrote:
> Jeremy Evans wrote:
> > As an aside, crypt("passwd", "$2") returns ":" instead of NULL. I'm not
> > sure if that's a security issue, but I think it is and we should fix it.
> > I'll see if I can get a patch f
Florian Obser wrote:
> OK?
>
> diff --git httpd.conf.5 httpd.conf.5
> index b3eaad8..bfca29f 100644
> --- httpd.conf.5
> +++ httpd.conf.5
> @@ -262,6 +262,18 @@ root directory of
> .Xr httpd 8
> and defaults to
> .Pa /run/slowcgi.sock .
> +.It Ic hsts Oo Ar option Oc
> +Enable HTTP Strict Trans
Vadim Zhukov wrote:
> Ask for a password when we're going to fail() anyway, to avoid
> leaking information about available commands. The sudo(8) behaves
> the same way, FWIW.
Let's say no for now. I'm not too concerned about this leak. I'm not sure what
a user would hope to discover. Hasn't the sy
Vadim Zhukov wrote:
> 2015-07-17 1:02 GMT+03:00 Ted Unangst :
> > Vadim Zhukov wrote:
> >> The manpage recommends using absolute paths for commands, but those
> >> won't work. :) This patch makes everything not in a list of special
> >> characters to be a
Vadim Zhukov wrote:
> 2015-07-17 1:02 GMT+03:00 Ted Unangst :
> > Vadim Zhukov wrote:
> >> The manpage recommends using absolute paths for commands, but those
> >> won't work. :) This patch makes everything not in a list of special
> >> characters to be a
Vadim Zhukov wrote:
> Ask for a password when we're going to fail() anyway, to avoid
> leaking information about available commands. The sudo(8) behaves
> the same way, FWIW.
>
> okay?
i need to think about this for a bit. there's a strange interaction where if
the nopasswd option is used, you've
Vadim Zhukov wrote:
> The manpage recommends using absolute paths for commands, but those
> won't work. :) This patch makes everything not in a list of special
> characters to be a part of word; this way you can easily put
> the following in doas.conf:
>
> permit :somepeople cmd /usr/bin/mail vi
Tobias Ulmer wrote:
> As we all know, some Thinkpads have problems with their EC fan control.
> EC is not spinning up the fans to maximum speed, let alone blast mode.
> They also do not offer ACPI methods to spin the fan up.
>
> Previous diffs doing manual fan control were always rejected because
Todd C. Miller wrote:
> On Tue, 14 Jul 2015 12:55:35 -0400, "Ted Unangst" wrote:
>
> > so technically i believe this is still undefined since you're not supposed
> > to
> > look at freed pointers. an even more better fix would be to save the offset
> &g
Gregor Best wrote:
> On Tue, Jul 14, 2015 at 09:57:45AM -0600, Todd C. Miller wrote:
> > [...]
> > Shouldn't this be:
> >
> > p = (p - *store) + newstore;
> > [...]
>
> Of course, that makes way more sense. An amended patch is attached.
so technically i believe this i
David Gwynne wrote:
> this adds the current signify pub key for base to the httpd Server
> version header.
>
> as you say, the keys are small. this could help distribute it widely.
>
> here's an example of what it looks like:
>
> dlg@mild ~$ curl -I http://es45/
> HTTP/1.1 200 OK
> Connection:
Stuart Henderson wrote:
> On 2015/06/01 10:20, patrick keshishian wrote:
> > On 6/1/15, Sunil Nimmagadda wrote:
> > > On Thu, May 21, 2015 at 11:16:09PM -0400, Ted Unangst wrote:
> > >> screw ftp. just make a new util http, that just does http.
>
> Sorry, i
But why? Sharing encrypted disks between systems is probably a mistake.
Sunil Nimmagadda wrote:
> Hi,
>
> The idea is to start with the subset of ftp(1) functionality needed
> by pkg_add(1):
>
> ftp [-o output] url ...
>
> i.e., should be able to download files over HTTP(S) and FTP.
>
> This implementation works as FETCH_CMD for pkg_add(1) over HTTP(S).
>
> FTP is
Stuart Henderson wrote:
> There is a standard (required) hostname scheme, whois.nic.tld, for the
> new gTLDs. For months whois-servers.net didn't list any of the new ones,
> they are starting to catch up but are still behind,
>
> $ unbound-host sucks.whois-servers.net
> Host sucks.whois-servers.ne
kanonenvogel@gmail.com wrote:
>
> On 08 Apr 2015, at 02:31, Philip Guenther wrote:
>
> > On Tue, Apr 7, 2015 at 3:57 PM, Kanonenvogel
> > wrote:
> >> I have idea to modify falloc() function and related logic.
> >> Now, after successful faclloc call, we have half-initialized struct file
>
If we've gotten by this long without mmap, I think we can keep going a little
longer. Enabling this code would requre more testing than it's worth.
Index: btree/btree.h
===
RCS file: /cvs/src/lib/libc/db/btree/btree.h,v
retrieving re
Renato Westphal wrote:
> > +#include
> > #include
> "#include ",
> "#include ",
> If you include the stdlib header in the .y file you will end up with
> two includes for the same header in the .c file.
Looks like we're already including string.h twice. Probably makes sense
to
Martin Pieuchot wrote:
> On 26/03/15(Thu) 08:00, Ted Unangst wrote:
> > Martin Pieuchot wrote:
> > > Even our ISA Ethernet drivers can be converted to if_input(). If you
> > > still use some of these, I appreciate test reports.
> > >
> > > I'
Martin Pieuchot wrote:
> Even our ISA Ethernet drivers can be converted to if_input(). If you
> still use some of these, I appreciate test reports.
>
> I'm asking here because Miod said everybody can test them... hum hum.
>
> Alternatively, if you think some drivers can go away, I'll summon
> te
Ted Unangst wrote:
> Patches are now available to fix a variety of issues in libcrypto and libssl.
> 5.5 patch:
> http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/024_openssl.patch.sig
And I boned the instructions again.
cd /usr/src/lib/libcrypto/crypto
should be
cd
Patches are now available to fix a variety of issues in libcrypto and libssl.
For 5.6 and the forthcoming 5.7 release:
CVE-2015-0209 - Use After Free following d2i_ECPrivatekey error
CVE-2015-0286 - Segmentation fault in ASN1_TYPE_cmp
CVE-2015-0287 - ASN.1 structure reuse memory corruption
CVE-201
Timo Trinks wrote:
> Hi!
>
> At the time of writing (Thu Mar 19 11:00:12 UTC 2015) the recently
> published patch for libXfont (19_libxfont.patch.sig) for OpenBSD 5.6
> includes a typo [1]:
>
> --- /tmp/019_libxfont.patch.sig Thu Mar 19 12:03:47 2015
> +++ /tmp/019_libxfont.patch.sig_fixed
Theo de Raadt wrote:
> I have also added matching rand_uniform() and rand_buf() functions.
> Bob Beck has pointed out this allows for later audit converting a few
> "rand() % moduli" cases into rand_uniform().
> void
> +rand_buf(void *buf, size_t n)
> +int
> +rand_uniform(uint32_t upper_bound)
Patches are now available to fix buffer overflows in libXfont. This issue
affects 5.5, 5.6, and the forthcoming 5.7 release.
For more details, refer to the X.org advisory:
http://www.x.org/wiki/Development/Security/Advisory-2015-03-17/
5.5 patch:
http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/com
Ted Unangst wrote:
> The patch below includes the fix for CVE-2015-0204 as well as some other "low
> severity" fixes for similar downgrade issues relating to ECDHE.
Heads up. This patch contains a not quite backwards compatible change. We
removed support for 512 bit DH exchang
Steven McDonald wrote:
> The recent change to db_variables.c to not include sys/systm.h revealed
> a missing include that breaks kernel builds on macppc (and possibly
> other arches). The problem is that db_variables.c makes use of
> strcmp(9), which requires lib/libkern/libkern.h, and that was bei
Pascal Stumpf wrote:
> On Thu, 12 Mar 2015 15:25:48 + (UTC), Christian Weisgerber wrote:
> > On 2015-03-12, Patrik Lundin wrote:
> >
> > >===
> > > elif [ -n "$KSH_VERSION" ]; then
> > > HACKING_DIR=$(dirname "${.sh.file}")
> > >===
> >
> > .sh.file and related dot variables are a ksh93
Ted Unangst wrote:
>
> Unfortunately, our original assessment was not entirely correct. Some of the
> features exploited by FREAK were not deleted until after 5.6, although this
> was not known until testing tools became available. We've corrected libssl
> by backporting the
When CVE-2015-0204 (RSA silently downgrades to EXPORT_RSA) was announced,
it was labeled "Severity: Low". Our assessment at the time was that export
ciphers had already been removed prior to the release of 5.6, and that the
fix was not worth backporting to 5.5.
Then CVE-2015-0204 was renamed the
FreeType 2.5.5 contained more fixes for malformed font buffer overflows.
Thanks to David Coppa for extracting the necessary patches from the Ubuntu
package.
Patches are available for OpenBSD 5.5 and 5.6. The forthcoming 5.7 release
already includes FreeType 2.5.5.
http://ftp.openbsd.org/pub/OpenB
Boudewijn Dijkstra wrote:
> Op Sat, 07 Mar 2015 20:13:45 +0100 schreef David Coppa :
> > On Sat, Mar 7, 2015 at 7:28 PM, Ted Unangst wrote:
> >
> >> Or you could start with the linked Ubuntu advisory and try to discover
> >> where
> >> they hide the rel
Артур Истомин wrote:
> >
> > Moving to -current is considerably easier.
>
> So, in fact all 5.6's users sitting with vuln freetype in base now. Excellent!
Perhaps I was unclear, so here's a few suggestions, but far be it for me to
tell anyone else what to do.
You could go through FreeType's com
Martin Hecht wrote:
>
> I have tested it on a few linux platforms I have at hand:
thanks.
> PS: just let me know when you have a testing environment which makes
> this input obsolete
I don't think that will ever really happen. Even building for the same
platform, say Ubuntu 14, one test server
Boudewijn Dijkstra wrote:
> Op Wed, 04 Mar 2015 23:12:07 +0100 schreef Ted Unangst :
> > Freetype (http://www.freetype.org/) 2.5.5 was released a little while ago,
> > fixing some security vulnerabilities. Actually as I understand it, 2.5.4
> > fixed the vulns, the
Freetype (http://www.freetype.org/) 2.5.5 was released a little while ago,
fixing some security vulnerabilities. Actually as I understand it, 2.5.4
fixed the vulns, then 2.5.5 fixed the fix.
OpenBSD 5.7 will ship with 2.5.5; 5.6 shipped with 2.5.3 and is therefore
vulnerable.
The changelog for 2.
Patches are now available to fix an information leak in the XkbSetGeometry
request of X servers. For more information, see the X.org advisory.
We experienced a slight delay getting patches out, as you can see from the
date in the patch. This is a comparatively minor issue so we didn't rush
things
frantisek holop wrote:
>
> i was looking at the qsort(3) man page,
> and saw "O N lg N", etc.
>
> first i thought, maybe there should be some fancy utf8
> math parentheses around, but looking at the source, no,
> it's plain ascii.
>
> a quick search in other man pages reveals an arguably
> more
Greg Martin wrote:
> On Fri, 2015-02-20 at 15:05 -0500, Ted Unangst wrote:
> > Greg Martin wrote:
> > >
> > > I'd have to say no. There are structures used but not documented and the
> > > one line description of some of the functions could be open to
&g
Greg Martin wrote:
>
> I'd have to say no. There are structures used but not documented and the
> one line description of some of the functions could be open to
> interpretation. Sample usage is never amiss in my estimation.
I'd appreciate knowing what you found missing. I know it's pretty barren
Alexander Bluhm wrote:
> On Thu, Feb 19, 2015 at 06:31:01PM -0500, Ted Unangst wrote:
> > Maxime Villard wrote:
> > > Hi,
> > > I put here a bug among others:
> >
> > Thanks. I see two cases here where we need to pool_put the qs. Also need to
> >
Maxime Villard wrote:
> Hi,
> I put here a bug among others:
Thanks. I see two cases here where we need to pool_put the qs. Also need to
change return to break so that we release the rwlock.
Index: pf_ioctl.c
===
RCS file: /cvs/src/
Alexander Bluhm wrote:
> Anyway, libtls is locked. We can either release a broken syslogd
> over TLS implementation or commit this diff. It has the smallest
> impact of everything I have tried.
>
> ok or better idea?
ok
For after release, but since I was looking in the file...
Some of the checks in xmalloc.c are excessive. I think we've moved past the
mid-90s era when coping with various busted libcs was important for ssh (where
this file originated). I'll note that the error messages aren't particuarly
helpful i
Martin Natano wrote:
> fuse_readdir() fails to set the eofflag correctly. The consequence of
> this is, that callers of VOP_READDIR, that examine the value of the
> eofflag after the call, might be mislead about the eof status, as the
> flag hasn't been modified (and my even be uninitialized).
>
>
I have a jumbo terminal. worm(6) is cheese for approximately the first hour of
play because the worm's growth is imperceptible compared to the available
space. In theory, I could increase the start length, but that's kind of
degenerate. worm 1000 leaves you with this giant pile of worm stretching b
Jérémie Courrèges-Anglas wrote:
> Stuart Henderson writes:
>
> > On 2015/02/18 12:20, Christian Weisgerber wrote:
> >> On 2015-02-16, Jérémie Courrèges-Anglas wrote:
> >>
> >> >> - @ln -sf openssl ${DESTDIR}/usr/include/ssl
> >> >
> >> > Not ok for this part...
> >>
> >> I now have
> >>
Jérémie Courrèges-Anglas wrote:
> "Ted Unangst" writes:
>
> [...]
>
> >> > So let's return to the top. What does "PD KSH" in KSH_VERSION mean? What
> >> > does
> >> > one do differently if that string is present or mi
Jérémie Courrèges-Anglas wrote:
> "Ted Unangst" writes:
>
> > Jérémie Courrèges-Anglas wrote:
> >> Tristan Le Guern writes:
> >>
> >> > On 02/16/2015 05:22 PM, Todd C. Miller wrote:
> >> >> There are scripts that use KSH_VER
Jérémie Courrèges-Anglas wrote:
> Tristan Le Guern writes:
>
> > On 02/16/2015 05:22 PM, Todd C. Miller wrote:
> >> There are scripts that use KSH_VERSION to determine whether they
> >> are being run under ksh or a Bourne shell. That seems like a
> >> reasonable thing to do. I don't really care
It's sometimes helpful to run ftp -o - http://somwhat/ for debugging
purposes, but the progress bar gets in the way and makes it ugly. Even with -V
to disable verbose, it still prints progress. Add -M (complement of -m) to
always turn off progress.
Index: ftp.1
===
Alexander Bluhm wrote:
> I have tried to download the 227 MB install56.iso from httpd. It
> is very slow and fails after half the data. There is a copied
> buffer in server_tls_writecb() to workaround the pending write.
> Without that httpd works.
>
> The ftp client does not check for parital wr
Damien Miller wrote:
> On Sun, 15 Feb 2015, Ted Unangst wrote:
>
> > ksh (and sh) have a version string embedded in them:
> > @(#)PD KSH v5.2.14 99/07/13.2
> >
> > This is clearly a lie. We've added, removed, and fixed bugs and features
> > since
>
Stuart Henderson wrote:
> > > - @ln -sf openssl ${DESTDIR}/usr/include/ssl
> >
> > Not ok for this part...
>
> ack, this is highly likely to break ports.
>
? If we don't delete it, we don't have to create it. It's still going to be
there.
Is there some mtree magic we're missing? This seems the
This was driving me nuts. Every time you run make includes, it blows away
/usr/include/openssl, which means all of libcrypto, etc. get marked as stale
and require rebuilding. So much waste.
This makefile rule (which is silent, btw, arr) showed up 11 years ago
to facilitate renaming /usr/in
ksh (and sh) have a version string embedded in them:
@(#)PD KSH v5.2.14 99/07/13.2
This is clearly a lie. We've added, removed, and fixed bugs and features since
then. I first noticed the lie in the man page, then saw that it's also
exported via the environment and other places.
Instead of trying
Anthony J. Bentley wrote:
> "Ted Unangst" writes:
> > The mandoc chars.in though says that for unicode, it should output these
> > fanc
> > y
> > "mathematical left angle bracket" and "mathematical right angle bracket"
> > characters.
In trying to set man up to use my current terminal width $(($COLUMNS-2)) I
discovered that COLUMNS isn't exported to subshells. mandoc itself seems to go
crazy when run with -O width=-2.
Clamp width and indent settings to sensible values. I wasn't sure how to
handle errors, so they're just ignored
The .Aq macro quotes a word with surrounding brackets. This is used a
few places. Lots of man pages quote email addresses. spamd(8) quotes the
pf table name. compress(3) quotes the path.
The mandoc chars.in though says that for unicode, it should output these fancy
"mathematical left angle brac
Alexander Bluhm wrote:
> On Thu, Feb 12, 2015 at 08:34:23PM +0100, Alexander Bluhm wrote:
> > On Wed, Feb 11, 2015 at 11:30:03PM -0500, Ted Unangst wrote:
> > > Ted Unangst wrote:
> > > > Alexander Bluhm wrote:
> > > > > Hi,
> > > > >
These functions turned up in my grep for bcmp. There are already perfectly
good cmp functions written for qsort, but then different versions were written
which (ab)use the fact that bsearch doesn't strictly require the key type to
be the same as the element type. Nevertheless, I think it's clearer
Convert bcmp to memcmp.
Index: bin/ksh/emacs.c
===
RCS file: /cvs/src/bin/ksh/emacs.c,v
retrieving revision 1.48
diff -u -p -r1.48 emacs.c
--- bin/ksh/emacs.c 17 Dec 2013 16:37:05 - 1.48
+++ bin/ksh/emacs.c 13 Feb 20
We only need to check for expansion strings if there's at least one $. Once we
find a $, we only need to scan from that point forward for the replacement as
well. Similar changes would then apply to httpd as well. We could also apply
the same trick recursively to the remaining strstr calls, but I d
Ted Unangst wrote:
> Alexander Bluhm wrote:
> > Hi,
> >
> > During testing syslogd I got some strange error messages from libtls:
> > syslogd: loghost "@tls://localhost:15878" connection error: write failed:
> > error:1409F07F:SSL routines:SSL3_WRITE_P
Alexander Bluhm wrote:
> Hi,
>
> During testing syslogd I got some strange error messages from libtls:
> syslogd: loghost "@tls://localhost:15878" connection error: write failed:
> error:1409F07F:SSL routines:SSL3_WRITE_PENDING:bad write retry
>
> I found out that after an SSL_ERROR_WANT_WRITE,
Brent Cook wrote:
>
> > On Feb 10, 2015, at 9:37 AM, Todd C. Miller
> > wrote:
> >
> > On Mon, 09 Feb 2015 22:32:55 -0600, Brent Cook wrote:
> >
> >> Pretty trivial conversion. ok?
> >
> > OK but size_t should be printed %zu (%zd is ssize_t).
> >
> > - todd
> >
>
> If I had known I would g
nux compat enabled.
Sebastian Rother wrote:
> On 08.02.2015 02:47, Ted Unangst wrote:
> > I received an inquiry about our errata process, so I'd thought clarify our
> > policy for the community.
> >
>
> Yes, and I stand FIRM to this...
> I please you to for
Martijn van Duren wrote:
> Since I saw another commit to src in regards to boolean flags, I thought
> I'd give this one another ping.
Thanks. One change.
> > Index: log.c
> > ===
> > RCS file: /cvs/src/usr.sbin/snmpd/log.c,v
> > ret
I received an inquiry about our errata process, so I'd thought clarify our
policy for the community.
We don't have a rigid set of rules determining which fixes qualify for
backported fixes, but we consider the following criteria. Patches are rare, so
it's important that we retain some flexibility
Maxime Villard wrote:
> FWIW, it would be wise to propagate the fix to the stable branch(es).
>
> I guess people use compat-linux.
We've decided not to release patches for this. It's not on by default (and
i386 only) and as far as we know, mostly used for client machines. i.e., you
can crash your
sven falempin wrote:
>
> Dear Tech@openbsd.org
in the future, it's not really necessary to quote the entire diff.
>
>
> Most of TLS client got a few parameters like :
>
> CRL,CA,and Client Certificat
>
> Just look at < Document how to send syslog messages over TCP or TLS. >
> (because this T
On Fri, Jan 30, 2015 at 15:57, Todd C. Miller wrote:
> On Fri, 30 Jan 2015 22:55:06 +0100, Alexander Bluhm wrote:
>
>> sosetopt() calls m_free() and then it is called again. So it is a
>> double free.
>
> Whoops, I didn't notice that the non-error case also falls thought
> to the "bad" label. W
On Sat, Jan 31, 2015 at 00:24, Ville Valkonen wrote:
> Hello Mike and Max,
>
> my work laptop is running Windows and on there one must press power button
> to wake up the machine. If I connect the dots right, current behaviour was
> implemented to prevent a "hot bag" problem. Mimicking the Windows
On Fri, Jan 30, 2015 at 22:55, Alexander Bluhm wrote:
> On Fri, Jan 30, 2015 at 02:34:42PM -0700, Todd C. Miller wrote:
>> I think the simplest fix is to just move the m_free to the bad:
>> label.
>
> sosetopt() calls m_free() and then it is called again. So it is a
> double free.
>
> I would mo
Often, when I want to type "systat vmstat" I get confused and type
"vmstat systat". To my surprise, this actually works.
Two things to fix. First, if a drive name is not found, stop and print
an error. Don't ignore it. Second, finish converting atoi to strtonum.
Index: vmstat.c
==
On Sat, Jan 24, 2015 at 20:40, Alexander Bluhm wrote:
> On Thu, Jan 22, 2015 at 12:54:46AM +0100, Alexander Bluhm wrote:
>> With this diff, syslogd verifies the x509 certificate of the TLS
>> server before sending any messages to it.
>>
>> Note that you also need Reyk's extensions to libtls and lib
On Thu, Jan 22, 2015 at 20:16, Ted Unangst wrote:
> This diff is mechanical in nature. Later I will fix the bugs it reveals:
>
> - while ((status = load_env(envstr, file)) >= OK) {
> + while ((status = load_env(envstr, file)) >= 0) {
> switch (status) {
>
remove the OK and ERR macros. They obfuscate the code and don't
help legibility. (unix system calls use 0 for ok, but hundreds of
other projects use 1 to indicate success.) Despite the name, many
system calls (e.g., open) also return not OK values for success.
It also cleans up some weird code lik
On Wed, Jan 21, 2015 at 12:04, Martin Pieuchot wrote:
> Hello Elliott,
>
> On 20/01/15(Tue) 16:15, enh wrote:
>> that patch wasn't setting the _flags right on error or eof.
>
> Thanks! Below is a version of your diff with some tweaks to match the
> recent changes done in -current.
fwiw, I think
On Tue, Jan 20, 2015 at 14:46, STeve Andre' wrote:
> Two questions:
>
> Is this a per process limit, or system, or per boot?
>
> Wouldn't FFS implode with even the 308M file limit, let alone 2
> gigafiles?
It is not the number of tmp files one can create. It is the number of
tmp file *names* t
Since we're poking at shutdown, I think it should parse years with a
century so that conscientious sysadmins can specify unambiguous dates.
Note that specifying dates past 2038 doesn't work (with or without this
diff) because the sleep code is not y2k38 safe.
Index: shutdown.8
===
On Tue, Jan 20, 2015 at 09:35, Jason McIntyre wrote:
> still, i think your diff doesn;t go far enough...almost all the
> spellings of "centre" are in man7. and in roff-related pages at that:
> mdoc(7), mandoc_char(7), roff(7), tbl(7), and eqn(7). therefore i
> suggest you should change all these p
Some people may be partial to "centre", but considering the
macros described are spelled "center", I think it's best to reduce
dissonance.
Index: mdoc.7
===
RCS file: /cvs/src/share/man/man7/mdoc.7,v
retrieving revision 1.129
diff -u
Since everybody is having so much fun moving various MAX defines
around, I thought I'd find one to play with.
The C standard says TMP_MAX should be the number of filenames tmpnam()
can create. Our current define is very old, and reflects an outdated
implementation. The correct number is pretty gig
On Mon, Jan 19, 2015 at 11:28, David Gwynne wrote:
>> if you're interested in seeing the effect of freeing at different
>> intervals, you could try the diff below. it adds kern.pool.wait_free
>> and kern.pool.wait_gc tunables so you can set how long a page has
>> to be idle before a pool_put and t
"Remember to set tenex mode when transferring binary files from this
machine."
Just a little cleanup. Unfortunately, my TOPS20 system isn't running
at the moment, so I wasn't able to fully test this...
bonus: this diff also removes references to ebcdic.
Index: cmds.c
Improve wording in alloca.
1. it's not a bug; it's a caveat.
2. "slightly unsafe" gives me the willies.
3. nobody knows what "large unbounded allocations" are.
4. one .Xr to malloc should suffice
Index: alloca.3
===
RCS file: /cvs/src
On Fri, Jan 16, 2015 at 21:43, Miod Vallat wrote:
>> Floating point constants default to double precision and can be made
>> single precision with a 'f' or 'F' suffix or long double precision
>> with 'l' or 'L'.
>>
>> It turns out indent only knows about 'u'/'U' and 'l'/'L' suffixes and
>> will add
On Fri, Jan 16, 2015 at 01:46, Alexander Bluhm wrote:
> Hi,
>
> This diff enables sending syslog messages over TLS.
>
> To implement the buffer layer, I have copied evbuffer.c from libevent
> and changed TCP to TLS where necessary. This way I made a buffertls
> wrapper around bufferevent. This
On Thu, Jan 15, 2015 at 15:11, Ted Unangst wrote:
> Almost of the entirety of des.h is useless userland prototypes (some for
> perl5!). There's also some junk that can be excised from des_locl.h.
> Then the two or three things that matter can simply be put in
> des_locl.h and
801 - 900 of 1831 matches
Mail list logo
