The kvm_bsd.db file only needs to be readable by programs that are
setgid kmem. This is not much of an info leak since any user can read
/bsd (or in many cases download a copy), but moving forward it would
be nice to patch these leaks up one by one.
A few kmem grovelers appear to still work
On Wed, Dec 10, 2014 at 00:32, Stefan Fritsch wrote:
--- a/sys/arch/amd64/conf/GENERIC
+++ b/sys/arch/amd64/conf/GENERIC
@@ -39,6 +39,8 @@ isa0at amdpcib?
isa0 at tcpcib?
pci* at mainbus0
+paravirt0 at mainbus0
+
acpi0 at bios0
acpitimer*at acpi?
acpihpet* at
On Mon, Dec 15, 2014 at 23:55, Stefan Fritsch wrote:
Only in order to get a flags field that can be tweaked with config(8). And
to allow disable via config(8), though that could also be achieved with a
flag.
Tweaking the behavior with a flags value is necessary because hypervisors
not
On Wed, Dec 10, 2014 at 21:51, Max Fillinger wrote:
Here's a version without malloc'ing the key.
Looks like it still does?
+ if (sip_key == NULL) {
+ sip_key = malloc(SIPHASH_KEY_LENGTH);
+
This is pretty easy.
Index: lsupdate.c
===
RCS file: /cvs/src/usr.sbin/ospfd/lsupdate.c,v
retrieving revision 1.41
diff -u -p -r1.41 lsupdate.c
--- lsupdate.c 17 Jan 2013 09:06:35 - 1.41
+++ lsupdate.c 12 Dec 2014 18:53:50
On Mon, Dec 08, 2014 at 18:58, Ted Unangst wrote:
bgpd seemed like a good place to try out the new siphash functions.
Three hash tables are pretty straight forward conversions. Diff below.
Done.
rde_rib.c nexthop_hash uses hash32 for ipv6, and a simple xor hash for
ipv4. I left that alone
Three new errata to announce.
Malicious DNS servers could cause a denial of service with an endless
series of delegations. This affects named (BIND) and unbound. There is
a patch for unbound in 5.6. (unbound wasn't built in 5.5.) We don't have
patches for BIND at this time.
Missing memory
On Tue, Dec 09, 2014 at 13:38, David Carlier wrote:
-pid = atol(optarg);
+pid = (pid_t)strtonum(optarg, -1, (SHRT_MAX - 1), errstr);
+if (errstr)
+errx(1, pid: %s, errstr);
This should definitely use PID_MAX I think. (If that's not exported
On Mon, Dec 08, 2014 at 17:18, David Carlier wrote:
Following small discussion I had with tedu@ this is just small diff, just
for the sake of C standard correctness ... dropping some arithmetic
pointer with void pointers ...
Hopes it might find some interest/usefullness ...
Thanks.
Index:
On Mon, Dec 08, 2014 at 11:52, Matt Dainty wrote:
* Jonathan Gray j...@jsg.id.au [2014-12-08 08:08:19]:
Well any name that includes gpio that isn't taken should be fine.
I went with soekrisgpio(4) as there are longer driver names in the tree,
(acpithinkpad(4) seems to hold that record from
bgpd seemed like a good place to try out the new siphash functions.
Three hash tables are pretty straight forward conversions. Diff below.
rde_rib.c nexthop_hash uses hash32 for ipv6, and a simple xor hash for
ipv4. I left that alone as the diff would be more than mechanical.
red_update.c
On Tue, Dec 09, 2014 at 00:00, Jonas 'Sortie' Termansen wrote:
On 12/08/2014 09:55 PM, Theo de Raadt wrote:
Index: lib/libc/stdlib/mrand48.c
===
RCS file: /cvs/src/lib/libc/stdlib/mrand48.c,v
retrieving revision 1.3
diff -u -p
On Sat, Dec 06, 2014 at 20:15, Max Fillinger wrote:
To pass the time until siphash arrives in userland...
I'd like to suggest some changes to the manpage of SipHash24(9):
I added some more details about the intended purpose of SipHash and I
moved the recommendation to use arc4random for the
Here are some bcopy calls in kern that could be memcpy.
I also have an older diff for the uipc files, let me dust it off and
review, then I'll resend that too.
Index: exec_subr.c
===
RCS file: /cvs/src/sys/kern/exec_subr.c,v
On Thu, Dec 04, 2014 at 17:32, Dimitris Papastamos wrote:
Hi,
This is my attempt at converting bgpd to use siphash. This does
*not* link as is because the userland implementation of siphash
is currently missing.
Indeed. That should be coming in a few days. I have a diff ready.
+
The string man pages are full of not so interesting history sections.
I don't think they are helpful, and they are in some cases misleading
or incorrect.
For example:
The memmove() function first appeared in 4.3BSD-Reno.
That's arguably wrong, since it appeared in C89 which predates Reno.
After consultation with the C standard, deraadt and I have determined
that some speedups can be made the to algorithm used by rand().
Theo initially proposed seed++, but I think seed-- is less expected
and therefore makes a better random number generator.
Index: rand.c
Patches are now available for 5.5 and 5.6 which fix two kernel errata.
5.5 errata 16 and 5.6 errata 10:
Several bugs were fixed that allowed a crash from remote when an active
pipex session exists.
5.5 errata 17 and 5.6 errata 11:
An incorrect memcpy call would result in corrupted MAC addresses
Convert another md5 to sha512.
Index: in6_ifattach.c
===
RCS file: /cvs/src/sys/netinet6/in6_ifattach.c,v
retrieving revision 1.77
diff -u -p -r1.77 in6_ifattach.c
--- in6_ifattach.c 20 Nov 2014 09:55:57 - 1.77
+++
On Thu, Dec 04, 2014 at 02:17, Max Fillinger wrote:
I had a look at httpd, and it appears that it doesn't actually use
any functions defined in sys/hash.h. Same for md5.h and sha1.h in
httpd.c. After removing those includes, it compiles and runs, but I
didn't do any serious testing.
indeed.
On Mon, Dec 01, 2014 at 16:22, Elliott Hughes wrote:
this code takes minutes to run on a high-end desktop when using the
OpenBSD fread:
Yikes. Thanks for the patch. Here's a version for OpenBSD.
Index: stdio/fread.c
===
RCS
On Tue, Dec 02, 2014 at 07:47, Boris Goldberg wrote:
Hello Otto,
Tuesday, December 2, 2014, 2:14:11 AM, you wrote:
OM Cool, but your mailer mangled the diff. Here it is for current.
Thanks. How was it mangled? Looks fine in the Daily digest.
I wanted to attach a text file, but was
On Tue, Dec 02, 2014 at 11:00, Todd C. Miller wrote:
When these were originally written I wanted to avoid calling external
functions. As a result, strlcat.c in particular is hard to read.
Compilers are smarter and string functions are better these days
so using strlen and mempcy are probably
Use now preferred SipHash24 functions. This also means we shouldn't
need to hash in the value of the dirhash pointer itself, which confuses
me every time I look at it.
Index: ufs/ufs_dirhash.c
===
RCS file:
sys/hash.h provides a simple (simplistic) hash function. There are
probably better alternatives, like SipHash24. With the previous two
diffs, there are no longer any references to sys/hash.h in the kernel.
Userland, however
These should all be converted to SipHash24 to prevent bucket
A chance encounter with a surprising comment sent me on a fun trip.
# Floppy disk controller
# XXX temporarily conflicts with arc, will soon move to files.isa
First, that turns out to be referring to MIPS based ARC machines, not
the arc(4) RAID controller. Refer to arc.html on the website for
On Sat, Nov 29, 2014 at 14:02, Antoine Jacoutot wrote:
But that said, why does your pkg.conf keep returning? I don't have one on
my laptop at all, I probably removed it once after installing, but it
It returns each time I upgrade using bsd.rd.
This seems like a mistake. I like that the
On Sun, Nov 23, 2014 at 01:42, Jonas 'Sortie' Termansen wrote:
This can be easily solved if crypt_checkpass checks the hash doesn't start
with
'$' and then calls the utility crypt_hashpass directly (will need to be
visible
from outside its current translation unit), and storing the temporary
On Thu, Nov 20, 2014 at 23:16, patrick keshishian wrote:
any concern over 'u_int i' vs 'size_t len' type-mismatch?
Yes. There are a few instances where u_int is used in place of size_t.
Another instance where off_t is cast down to u_int. Even if it can't
overflow, the safer idiom is to cast
On Wed, Nov 19, 2014 at 19:46, Dave Huseby wrote:
3. Figure out a way to get a newer linker working on OpenBSD.
binutils-2.17 is in the src tree at gnu/usr.bin/binutils-2.17.
It's not enabled because it doesn't always work right, but at one
point there was a plan to switch to it precisely
[on behalf of reyk]
Many people want to test the new httpd in OpenBSD 5.6; so we decided
to provide various improvements from -current for 5.6.
See the description below for more details.
untrusted comment: signature from openbsd 5.6 base private key
On Thu, Nov 20, 2014 at 19:29, Jonas 'Sortie' Termansen wrote:
Hi,
The flak blog just had an interesting post about why the old crypt()
interface
should be replaced, and on the new crypt_newhash() and crypt_checkpass() that
were added to OpenBSD. I would like to see this API become portable
On Thu, Nov 20, 2014 at 20:22, Ted Unangst wrote:
So far only passwd uses the new function; it is still easy for me to
change the interface. (The only constraint being that I need to
coordinate library changes with other developments so it may not be an
immediate change.)
Sneaking the change
The sys/file.h include is likely not the correct include for any
userland code. Most cases it's unneeded; in other cases fcntl.h is the
correct header.
Index: bin/ed/buf.c
===
RCS file: /cvs/src/bin/ed/buf.c,v
retrieving revision
iked includes a few mschap functions that it doesn't use. smaller,
cleaner, better without them.
Another copy of this code lives in npppd, though the required
functions there are slightly different. (The chap_ms.c file in pppd is
entirely different.)
Index: chap_ms.c
Due to a bug in the libc asr resolver, querying an invalid hostname can
cause a crash. Patches are available for 5.5 and 5.6.
untrusted comment: signature from openbsd 5.6 base private key
RWR0EANmo9nqhl31oIXbJYtUWXNHHNzHGhJ+v2XZAAlwH5TwYDkTp2NHqjhnrJayp37glapQejDsm/LDGm1M5bnpkmHh7FGNGQ4=
On Mon, Nov 17, 2014 at 20:01, Mark Kettenis wrote:
Date: Sun, 16 Nov 2014 19:10:41 -0500
From: Ted Unangst t...@tedunangst.com
The historic copystr API is like copyinstr/copyoutstr but only for
kernel strings. A much more familiar API is strlcpy.
This converts three examples in kern.
One
On Mon, Nov 17, 2014 at 11:24, Tobias Stoeckmann wrote:
On Sun, Nov 16, 2014 at 06:38:24PM -0500, Ted Unangst wrote:
Not sure how I ended up reading this file, but all the redundant
strlen calls make me twitchy.
I agree, but have you considered the other parser.c files with
match_token
On Tue, Nov 18, 2014 at 11:06, David Gwynne wrote:
+#include dev/rndvar.h
Sorry to interrupt :), but I think it's become clear that rndvar.h is
the wrong header for arc4random() to live in.
The diff below moves it to systm.h and fixes the two files that didn't
compile.
Index: dev/rndvar.h
On Sat, Nov 15, 2014 at 18:42, Nicolas Bedos wrote:
In usr.bin/locate/locate/locate.c and util.c the variable dbv is defined
as a pointer to char * and is used to access the path to every database
provided to locate. E.g. when running
locate -d /path/to/db1 -d /path/to/db2 -d /path/to/db3 *
On Fri, Nov 14, 2014 at 21:16, Martin Natano wrote:
nitems() from sys/param.h works just fine.
See diff below; no binary change.
Thanks for all the diffs, applied the other three.
I'm not sure what our current policy is on nitems in userland. For a
while we were trying to avoid it, and then
On Fri, Nov 14, 2014 at 20:29, Kamil Rytarowski wrote:
Hello,
I'm a user of mg(1) and I'm not a user of OpenBSD.
According to known resources mg(1) [1] is currently maintained
in OpenBSD's tree.
As maintaining local patches or forking mg(1) for plain compatibility
is doubtful, I'm
the output is easier to interpret and check if it's sorted.
Index: ifconfig.c
===
RCS file: /cvs/src/sbin/ifconfig/ifconfig.c,v
retrieving revision 1.287
diff -u -p -r1.287 ifconfig.c
--- ifconfig.c 12 Jul 2014 19:58:17 -
On Sun, Nov 09, 2014 at 23:44, Nick Holland wrote:
own. You will have a lot of testing to do. You will note that while
deleting rwhod was undoubtedly exciting for developers, actually putting
it on current.html -- so I could put it on upgrade56.html -- was not
nearly as much fun and never
On Mon, Nov 10, 2014 at 13:51, Anthony J. Bentley wrote:
Martin Natano writes:
Index: common/recover.c
===
RCS file: /cvs/src/usr.bin/vi/common/recover.c,v
retrieving revision 1.15
diff -u -r1.15 recover.c
--- common/recover.c
don't back down quite so quick. let the system be idle for 5 ticks
before clocking down.
Index: sched_bsd.c
===
RCS file: /cvs/src/sys/kern/sched_bsd.c,v
retrieving revision 1.38
diff -u -p -r1.38 sched_bsd.c
--- sched_bsd.c 3 Nov
On Wed, Nov 05, 2014 at 09:38, David Gwynne wrote:
On 30 Oct 2014, at 07:52, Ted Unangst t...@tedunangst.com wrote:
On Wed, Oct 29, 2014 at 07:25, David Gwynne wrote:
i dunno. im fine with either removing colouring altogether or setting it
from something else completely. i just want
On Tue, Oct 28, 2014 at 16:49, David Gwynne wrote:
when i shuffled the locking in pools around, page colouring was
left behind.
page colouring is where you offset items within a page if you have
enough slack space. the previous implementation simply incremented
the colour so each new page
On Sat, Nov 01, 2014 at 22:45, Ted Unangst wrote:
Pull out a few common subexpressions. I think this makes the code
easier to read. Some byte swaps are left, when they are only used once.
Then use mallocarray for bounds checking.
Also observe the following:
+ if (ghsize
Use knuth shuffle instead of silly shuffle.
Index: canfield.c
===
RCS file: /cvs/src/games/canfield/canfield/canfield.c,v
retrieving revision 1.13
diff -u -p -r1.13 canfield.c
--- canfield.c 29 Aug 2013 20:22:11 - 1.13
+++
First, don't truncate long lines (at least when read from stdin).
Continue printing more cards as necessary.
Second, this fixes a crash on invalid input. Now you can generate a
series of random cards by running cat /dev/random | bcd
Index: bcd.c
several kernel files have a dependency on unistd.h but fail to include
it. (indirect include through file.h, which i'd like to eliminate.)
if you need the file, include it.
and udf_subr.c at least is one file that doesn't need unistd.h
for reference, here's the sys/file.h diff, then the big .c
5.6 is out, rejoice! This means we're going to start emailing patches
for 5.6 instead of 5.5, though of course 5.5 patches will be available
via the website. It also means 5.4 has officially been retired and
won't be receiving any more patches.
When upgrading, take a moment to review the 5.6
On Sat, Nov 01, 2014 at 00:26, Joel Sing wrote:
On Fri, 31 Oct 2014, Ted Unangst wrote:
Don't need BUF_ and its NULL arg handling here.
Looks like you need to cvs up... beck@ nuked these and put BUF_strdup()
under
LIBRESSL_INTERNAL about two weeks ago. He missed the comment (second chunk
On Fri, Oct 31, 2014 at 10:24, Matt Markfort wrote:
I have made these recent changes to my personal code base of the
OpenBSD_5_4-release kernel, and it may be useful to commit to -current.
I found the information here for the ATHEROS UB94 USB 802.11a/b/g/n
adapter, and I have tested it with
On Mon, Oct 13, 2014 at 15:02, Arne Becker wrote:
OK, no more fiddling with O_NONBLOCK.
New diff below, tested with tcpbench and file transfers.
I think this is good. Thanks, committed. We'll let it sit for a while
and then see what if any changes need to take place on the buffer
side. Maybe
kern files, easy fixes.
Index: kern_sensors.c
===
RCS file: /cvs/src/sys/kern/kern_sensors.c,v
retrieving revision 1.29
diff -u -p -r1.29 kern_sensors.c
--- kern_sensors.c 14 Sep 2014 14:17:25 - 1.29
+++ kern_sensors.c
On Thu, Oct 30, 2014 at 22:10, Alexander Bluhm wrote:
+
+ /* Avoid user land starvation. */
+ yield();
I think this is the responsibility of the taskq thread, not the
individual task.
Regarding the second pool diff, that looks very reasonable. Quite a
savings for a feature many
Remove a few bits of junk, mostly support for dso loading of zlib
which i suspect is fully dead.
Index: c_rle.c
===
RCS file: /cvs/src/lib/libssl/src/crypto/comp/c_rle.c,v
retrieving revision 1.7
diff -u -p -r1.7 c_rle.c
--- c_rle.c
Don't need BUF_ and its NULL arg handling here.
Index: x509/x509_trs.c
===
RCS file: /cvs/src/lib/libssl/src/crypto/x509/x509_trs.c,v
retrieving revision 1.16
diff -u -p -r1.16 x509_trs.c
--- x509/x509_trs.c 28 Sep 2014 10:52:59
On Wed, Oct 29, 2014 at 07:25, David Gwynne wrote:
if you want it to go fast, it would make more sense to set the item
alignment in pool_init to the size of the cacheline. colouring would then
become irrelevant from a speed perspective.
There's some sense to this. Like round everything to
On Wed, Oct 29, 2014 at 07:25, David Gwynne wrote:
i dunno. im fine with either removing colouring altogether or setting it
from something else completely. i just want a decision to be made cos
right now ph_color isnt set, which is a bug.
there. i fixed it.
Index: kern/subr_pool.c
On Tue, Oct 28, 2014 at 04:42, Abel Abraham Camarillo Ojeda wrote:
$ while sleep 1; do date; done
Tue Oct 28 04:34:04 CST 2014
Tue Oct 28 04:34:06 CST 2014
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Xeon(R) CPU X3210 @ 2.13GHz, 2133.68 MHz
One normal CPU.
cpu0: apic clock
On Tue, Oct 28, 2014 at 16:49, David Gwynne wrote:
when i shuffled the locking in pools around, page colouring was
left behind.
page colouring is where you offset items within a page if you have
enough slack space. the previous implementation simply incremented
the colour so each new page
On Thu, Oct 23, 2014 at 15:16, Dimitris Papastamos wrote:
Hi everyone,
This is my attempt to add libc wrappers for mkfifo() and
mkfifoat() using mknodat().
Is there a reason? This would seem to do nothing except complicate the
interpretation of ktrace.
On Wed, Oct 22, 2014 at 16:07, Michael B. Trausch wrote:
I have done a very ugly port that builds and works in the few
scenarios that I've tested with, but it's not complete as some
features (mostly the ones that allow disabling at compile time) need
more work to finish porting.
I think the
This patch disables the SSLv3 protocol for the forthcoming 5.6 release.
untrusted comment: signature from openbsd 5.6 base private key
RWR0EANmo9nqhqNRnZqpfGyXZORy+gN++chhlgejO0bmLmp81bJL1+Dhl3iP0bL1NnRopcGECX4QoUbsCCcnMOxkXAYeMYkmMgw=
OpenBSD 5.6 errata 5, Oct 20, 2014
This patch disables the
Patches are now available to fix two remotely triggerable memory leaks
in the OpenSSL libssl library. This issue affects 5.4 and 5.5. These
issues were originally fixed in forthcoming 5.6 release (it's not
affected).
The patch for 5.5 follows.
untrusted comment: signature from openbsd 5.5 base
On Sun, Oct 05, 2014 at 19:42, Martin Natano wrote:
Let's make tree.h conform to style(9).
Index: tree.h
===
RCS file: /cvs/src/sys/sys/tree.h,v
retrieving revision 1.13
diff -u -r1.13 tree.h
--- tree.h9 Jul 2011 00:19:45
On Fri, Oct 03, 2014 at 20:33, Martin Natano wrote:
fusefs_quotactl() unconditionally returns zero, despite fusefs not
supporting quotas. I think it should return EOPNOTSUPP. At least that
is what cd9660, udf, fuse, msdosfs, tmpfs and nfs do.
cheers,
natano
--- fuse_vfsops.c.orig
On Tue, Sep 30, 2014 at 14:18, Stefan Sperling wrote:
If you are bringing an interface up, you're telling the kernel
that you want link on it. Of course, we could stop connecting
to the strongest open network and always require users to type
an nwid before they get link. But that can be
This issue also affects 5.4, 5.5 and 5.6. Patches available in the
respective directories.
5.5 patch follows.
http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/011_nginx.patch.sig
untrusted comment: signature from openbsd 5.5 base secret key
On Sun, Sep 21, 2014 at 16:20, Mark Kettenis wrote:
Date: Sat, 20 Sep 2014 12:34:42 -0700
From: Philip Guenther guent...@gmail.com
On Sat, Sep 20, 2014 at 11:28 AM, Mark Kettenis
mark.kette...@xs4all.nl wrote:
Date: Sat, 20 Sep 2014 18:15:31 +
From: Miod Vallat m...@online.fr
On Thu, Sep 18, 2014 at 13:03, Matti Karnaattu wrote:
No, it just shouldn't be present when a conforming environment is
requested. I've fixed unistd.h. to exclude it when you ask for an
XSI conforming environment by building with _XOPEN_SOURCE defined.
(Not sure what about signal.h you're
On Tue, Sep 16, 2014 at 21:51, David Gwynne wrote:
if you have more than 8 cpus, combine the cpu lines by default.
ok?
very nice.
On Fri, Sep 12, 2014 at 20:04, Ted Unangst wrote:
The neverending slog towards greatness continues.
Index: ressl.c
===
RCS file: /cvs/src/lib/libressl/ressl.c,v
retrieving revision 1.12
diff -u -p -r1.12 ressl.c
--- ressl.c 15
This doesn't change a whole lot, but I'd like to start using the new
bcrypt api where feasible and move away from the crypt wrappers.
Index: encrypt.c
===
RCS file: /cvs/src/usr.bin/encrypt/encrypt.c,v
retrieving revision 1.32
diff
On Wed, Sep 17, 2014 at 01:12, Matti Karnaattu wrote:
Hi,
I found that OpenBSD setpgrp is not POSIX compliant, so I write test and
make diff to fix issue.
Very nice.
http://pubs.opengroup.org/onlinepubs/009695399/functions/setpgrp.html
This change removes obsolete setpgrp, and
On Mon, Sep 15, 2014 at 20:17, Max Fillinger wrote:
Not really an important issue, but here's a diff to bring the comments
in rnd.c more up to date. In particular:
- The PRNG uses ChaCha20 instead of RC4
- The first few bytes are not thrown away anymore
- The comments list ways to access
On Fri, Sep 12, 2014 at 09:39, Kent R. Spillner wrote:
On Fri, Sep 12, 2014 at 12:38:07AM -0700, Doug Hogan wrote:
Hmm this doesn't look right to me. ressl_config is not allocated the
same way as the other variables. The other variables such as ssl,
sslhost, etc are local to that function
On Sat, Sep 13, 2014 at 04:13, Joel Sing wrote:
I'm not convinced that we should be doing this with the *_mem() functions,
as
there is a benefit to the client owning this memory. Currently, in httpd the
public/private key is removed as soon as ressl_configure() is called.
Obviously libssl
On Wed, Sep 10, 2014 at 16:38, Ted Unangst wrote:
On Fri, Aug 15, 2014 at 13:06, Ted Unangst wrote:
Instead, ressl should copy all parameters as necessary and
free them. This does introduce an error case into formerly void
functions, but I think that's ok. The alternative would be to use
On Fri, Aug 15, 2014 at 13:06, Ted Unangst wrote:
Instead, ressl should copy all parameters as necessary and
free them. This does introduce an error case into formerly void
functions, but I think that's ok. The alternative would be to use
fixed arrays inside ressl_config, but that seems much
On Mon, Sep 01, 2014 at 14:03, Jonathan Gray wrote:
This adds support for using the SVR4/glibc word delimeters
in regcomp as an extension to what posix requires.
We already have [[::]] and [[::]] as extensions, apparently
from 'Henry Spencer's Alpha 3.0 regex release' back in 1993.
But
This diff is incomplete, but shows the direction I'm headed.
The current config struct keeps a pointer to various strings (ca file,
etc.). This causes (or will cause) two kinds of trouble.
1. error prone. it's reasonable to create a ca file path by
snprintf into a stack buffer. when that buffer
On Sun, Aug 10, 2014 at 11:38, Nicholas Wilson wrote:
Maybe this is a silly question - but where is the code for the portable
version checked in? I think I understand the development model from working
with OpenSSH dev, but surely the portable compat files must be kept in
version control
Some fixes from OpenSSL 1.0.1i have been backported to 5.5 and 5.4.
See http://www.openbsd.org/errata55.html
untrusted comment: signature from openbsd 5.5 base secret key
RWRGy8gxk9N930/jzqCCFMfSCKMjKDSYrXSKPhnGlL2r21nCGEPw+wOEDXpQC6Zispe8gewI7duy5T76oRpvWFGyzsYxl6pWfAc=
OpenBSD 5.5 errata 10,
http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/009_dhcp.patch.sig
untrusted comment: signature from openbsd 5.5 base secret key
RWRGy8gxk9N93/QG6Y9kGPe+DHW4eR6ZbsfLTCXCXAsEwTnx4m/bIm9T9tYjw38rAbRiQWSkDgUvlmxRil/j/ML/4NCynGtfbgU=
OpenBSD 5.5 errata 9, June 30, 2014: Packets with illegal
On Thu, Jul 31, 2014 at 18:10, Remco wrote:
Fritjof Bornebusch wrote:
Hi tech,
there is an unnecessary NULL check before calling free.
fritjof
Index: xmalloc.c
===
RCS file: /cvs/src/usr.bin/rcs/xmalloc.c,v
retrieving
On Wed, Jul 30, 2014 at 23:31, Dmitry Eremin-Solenikov wrote:
Hello,
I have spotted a problem with the patch of crypto/evp/encode.c done by
jsing on May 3.
Sometimes decoding of base64 will fail. For example the attached file
will fail decodiding
(and produce an empty output):
On Wed, Jul 23, 2014 at 10:20, Hanno Böck wrote:
Hi,
Quick background: Some router firmwares from F5 have a bug that they
fail if the SSL handshake is between 256 and 511 bytes.
Following up that openssl and other major ssl implementations
introduced a TLS padding extension that does
On Tue, Jul 22, 2014 at 21:21, Doug Hogan wrote:
On Tue, Jul 22, 2014 at 02:51:17AM -0400, Jean-Philippe Ouellet wrote:
That is misleading in the M_CANFAIL case.
I'm not terribly good at wording things, but I suggest something
more like this instead:
Hmm I think it's only misleading in the
On Wed, Jul 23, 2014 at 00:02, Mark Kettenis wrote:
Hmm, I believe, quite strongly, that we should always panic when a
arithmetic overflow is detected.
The M_CANFAIL flag is really there to allow for failure in certain
low-memory conditions, not to recover from programming bugs.
The
Was just investigating a little issue with a long running (stuck)
process. I logged in at 9:20PM:
10002 0.0 0.0 3740 2420 ?? S 9:20PM0:00.02 sshd
So you can imagine my surprise to see a cron job running in the future:
24292 0.0 0.0 776 616 ?? Is 9:25PM0:08.51
On Tue, Jul 15, 2014 at 12:38, Christian Weisgerber wrote:
The reason the Soekris net6501 has hw.ncpufound=1 in bsd.rd is
stupid. The net6501 has MP BIOS, but not ACPI. Only the GENERIC
(thus also GENERIC.MP) and RAMDISK kernels on amd64 and i386 include
mpbios(4), RAMDISK_CD doesn't.
Is
On Sat, Jul 12, 2014 at 21:43, Shawn K. Quinn wrote:
For now, I'm going to make sure my Lynx still has full functionality if
I have to manually unfuck the Makefile myself everytime after I update
my sources. In the future? Maybe I (and the other users who actually
give a shit about having
On Sun, Jul 13, 2014 at 01:52, William Orr wrote:
Hey,
I sent a patch similar to this almost a month ago with no response.
Feedback? Interest?
Yes.
- num = strtoul(val, expr, 0);
- if (num == SIZE_T_MAX) /* Overflow. */
+ while (isspace(vp[0]))
+
1. md5crypt isn't support anymore
2. if you want des passwords, go use vipw
I kept auto and blowfish instead of just hard coding blowfish because
there's some bits that allow fiddling with the salt. (that needs
improvement too, but not this diff)
Index: adduser.perl
We have to support a seed, but if we don't start with one, use
arc4random() instead.
This also makes the linker warnings a little nicer and more localized:
update.o(.text+0xbfd): In function `setseed':
: warning: srandom() seed choices are invariably poor
update.o(.text+0x259): In function
If the user calls srandomdev(), they are asking for an unpredictable
sequence, even one that could not normally be produced. So give them
one. Use arc4random in that case.
Index: stdlib/random.c
===
RCS file:
901 - 1000 of 1656 matches
Mail list logo
