On Thu, 10 Jul 2014 23:17:44 -0400, Daniel Dickman wrote:
For some urls, lynx will invoke an external command. Turn off telnet,
rlogin and tn3270 urls by defining them to false(1) as documented in the
lynx manual.
Gopher and NNTP are actually still being used (the former a bit
sparsely, but
Csh has a section of code where it NUL terminates after a strlcpy().
Strlcpy() may read past what readlink() wrote since readlink() does
not append a NUL.
Index: bin/csh/dir.c
===
RCS file: /cvs/src/bin/csh/dir.c,v
retrieving
On Fri, Jul 11, 2014 at 05:46:15AM +, Doug Hogan wrote:
I don't think the current man page has enough detail for what the
malloc.conf settings do.
Index: lib/libc/stdlib/malloc.3
===
RCS file:
On Fri, Jul 11, 2014 at 12:50 AM, Jason McIntyre j...@kerhand.co.uk wrote:
On Fri, Jul 11, 2014 at 05:46:15AM +, Doug Hogan wrote:
.It Cm j
.Dq Don't Junk .
By default, small chunks are always junked, and the first part of pages
@@ -297,6 +303,7 @@ This can substantially aid in
Pretty standard thing in several companies I do work for is to have an
intranet page with http://, ssh://, telnet:// and finger:// (amazingly) links
to various devices on the network. Having to read the source and escape to a
shell would be somewhat worse than what I get on a base install
I don't see a good reason to get rid of this. What is the rationale?
Daniel appears to have made a mistake asking for approval on the wrong
list. He's new here, take it easy on him.
On Fri, Jul 11, 2014 at 01:03:54AM -0600, Anthony J. Bentley wrote:
In addition to what jmc said, if you document these flags they need to
be marked up with the Cm macro instead of ASCII single quotes.
My mistake. Fixed version:
Index: lib/libc/stdlib/malloc.3
I am a bit concerned. The description is trying too hard to be overly
precise, and may be cumbersome for the typical reader of this page.
Index: lib/libc/stdlib/malloc.3
===
RCS file: /cvs/src/lib/libc/stdlib/malloc.3,v
On Fri, Jul 11, 2014 at 06:31, Doug Hogan wrote:
Csh has a section of code where it NUL terminates after a strlcpy().
Strlcpy() may read past what readlink() wrote since readlink() does
not append a NUL.
applied (and smtpd sock fix), thanks.
Another patch will handle some of the fdopen error handling leaks
that are combined with missing unlink calls when using mkstemp.
Index: games/atc/log.c
===
RCS file: /cvs/src/games/atc/log.c,v
retrieving revision 1.17
diff -u -p -d
thanks, will be fixed shortly
as a side note this is not built and will be removed from smtpd
to be shipped as an external backend
On Fri, Jul 11, 2014 at 05:39:02AM +, Doug Hogan wrote:
socket() returns -1 on error.
Index: usr.sbin/smtpd/table_socketmap.c
On 2014/07/11 01:18, Theo de Raadt wrote:
I too use gopher in lynx regularly, and would miss support. There is =
still a surprisingly active community using gopher. (floodgap, et al.)
So install a package.
Should we just move lynx to packages?
On Fri, 11 Jul 2014 09:48:12 +0100
Stuart Henderson st...@openbsd.org wrote:
| On 2014/07/11 01:18, Theo de Raadt wrote:
| I too use gopher in lynx regularly, and would miss support. There is =
| still a surprisingly active community using gopher. (floodgap, et al.)
|
| So install a
On 2014/07/11 18:51, Brett Mahar wrote:
On Fri, 11 Jul 2014 09:48:12 +0100
Stuart Henderson st...@openbsd.org wrote:
| On 2014/07/11 01:18, Theo de Raadt wrote:
| I too use gopher in lynx regularly, and would miss support. There is =
| still a surprisingly active community using gopher.
I find lynx really handy to have in base, e.g. installing on a new
machine, users can just go to openbsd.org and cut and paste a pkg_path
prior to installing anything, and read the faq.
that is why it is in base.
but someone on the list wants to visit the openbsd gopher page to get
that
If lynx was removed from base, and only available in ports... how many of
you would even know of it's existance and use it?
On Fri, Jul 11, 2014 at 09:56, Stuart Henderson wrote:
On 2014/07/11 18:51, Brett Mahar wrote:
On Fri, 11 Jul 2014 09:48:12 +0100
Stuart Henderson st...@openbsd.org wrote:
| On 2014/07/11 01:18, Theo de Raadt wrote:
| I too use gopher in lynx regularly, and would miss support. There
is =
I think the proposal rampaging went one algorithm too far. sha1 is the
best algorithm supported by many clients and it's still pretty secure.
without it, a lot of clients have stopped working. temporarily alieve
the pain?
Index: myproposal.h
On 2014/07/11 05:05, Ted Unangst wrote:
On Fri, Jul 11, 2014 at 09:56, Stuart Henderson wrote:
On 2014/07/11 18:51, Brett Mahar wrote:
On Fri, 11 Jul 2014 09:48:12 +0100
Stuart Henderson st...@openbsd.org wrote:
| On 2014/07/11 01:18, Theo de Raadt wrote:
| I too use gopher in lynx
On Thu, Jul 10, 2014 at 11:05:45PM -0400, Daniel Dickman wrote:
Patch below turns off the following ancient protocols built into lynx:
bibp, finger, gopher, and news.
For some urls, lynx will invoke an external command. Turn off telnet,
rlogin and tn3270 urls by defining them to false(1)
Index: bin/csh/dol.c
===
RCS file: /cvs/src/bin/csh/dol.c,v
retrieving revision 1.17
diff -u -p -d -r1.17 dol.c
--- bin/csh/dol.c 12 Aug 2010 02:00:27 - 1.17
+++ bin/csh/dol.c 11 Jul 2014 09:12:11 -
@@ -829,7
On 2014/07/11 05:32, Ted Unangst wrote:
I think the proposal rampaging went one algorithm too far. sha1 is the
best algorithm supported by many clients and it's still pretty secure.
without it, a lot of clients have stopped working. temporarily alieve
the pain?
Re-adding SHA1 will fix things
On 11 July 2014 12:41, Doug Hogan d...@acyclic.org wrote:
Index: bin/csh/dol.c
===
RCS file: /cvs/src/bin/csh/dol.c,v
retrieving revision 1.17
diff -u -p -d -r1.17 dol.c
--- bin/csh/dol.c 12 Aug 2010 02:00:27 -
On Fri, Jul 11, 2014 at 07:25:06AM +, Doug Hogan wrote:
On Fri, Jul 11, 2014 at 01:03:54AM -0600, Anthony J. Bentley wrote:
In addition to what jmc said, if you document these flags they need to
be marked up with the Cm macro instead of ASCII single quotes.
My mistake. Fixed version:
On Fri, Jul 11, 2014 at 11:41 AM, Doug Hogan d...@acyclic.org wrote:
Index: sbin/disklabel/disklabel.c
===
RCS file: /cvs/src/sbin/disklabel/disklabel.c,v
retrieving revision 1.195
diff -u -p -d -r1.195 disklabel.c
---
On 07/10/14 06:30, Lawrence Teo wrote:
About a month ago, I sent a diff that allows ftp(1) to set its
User-Agent.
Based on feedback from halex@ and deraadt@, I have changed it so that
the User-Agent can be set via a -U command-line option instead of an
environment variable.
I have also
We don't need to hold the malloc lock when making syscalls like mmap
and munmap if we're just a little careful about the order of
operations. This will allow other threads to concurrently allocate
perhaps smaller chunks while the first thread is in the kernel.
This makes a huge difference in a
Hi all,
I was wondering if a generic small geoloc lib might interest ? which can
load dynamically any geo localisation library via dlopen and so on ... to
get, let's say, a country code with an ip address ... can serve for some
purposes (I ll use it for geolocalisation load balancing via relayd)
On Fri, Jul 11, 2014 at 01:38:23AM -0600, Theo de Raadt wrote:
I am a bit concerned. The description is trying too hard to be overly
precise, and may be cumbersome for the typical reader of this page.
indeed, and I also dislike putting too much implementation details
into a man page. Things
* Kent R. Spillner kspill...@acm.org [2014-07-10 20:47]:
I saw this was already committed, but one tiny consistency nit inline below.
I'd argue it's not consistency, rather the opposite, since:
- mh.mh_len = 4;
+ bpf_mtap_hdr(arg, (caddr_t)afh, 4, m, direction, NULL);
you see this was
Hi,
On Fri, Jul 11, 2014 at 11:33:19AM +0100, David Carlier wrote:
I was wondering if a generic small geoloc lib might interest ? which can
load dynamically any geo localisation library via dlopen and so on ... to
get, let's say, a country code with an ip address ... can serve for some
On Fri, Jul 11, 2014 at 12:25:01AM -0400, Jared Yanovich wrote:
On Sun, Jul 06, 2014 at 09:03:17PM +0200, Otto Moerbeek wrote:
Alternatively we could just import the FreeBSD sort(1) rewrite from 2012.
Did you try to
port it? I won't have time the coming weeks, I'll be on vacation.
On Fri, Jul 11, 2014 at 12:19:22PM +0200, Philip Guenther wrote:
This should call warn() before unlink() or close() to guarantee that the
correct errno value is reported.
Philip,
I see what you are saying. I was following the man page example in
mkstemp(3) which calls warn() after
Fair point Reyk, I honestly did not think about this daemon approach !
Thanks for your inputs !
On 11 July 2014 11:59, Reyk Floeter r...@openbsd.org wrote:
Hi,
On Fri, Jul 11, 2014 at 11:33:19AM +0100, David Carlier wrote:
I was wondering if a generic small geoloc lib might interest ?
On Fri, Jul 11, 2014 at 05:32:20AM -0400, Ted Unangst wrote:
I think the proposal rampaging went one algorithm too far. sha1 is the
best algorithm supported by many clients and it's still pretty secure.
without it, a lot of clients have stopped working. temporarily alieve
the pain?
I for one
I would know of its existence, but likely not install it. As I said, I have
workarounds. I remember how bad the code was years ago, so I agree with the
idea in general, but it will be a pain in the butt for me every once in a while
:-(.
-Adam
On July 11, 2014 4:03:29 AM CDT, Theo de Raadt
On 11 July 2014 10:29, Antoine Jacoutot ajacou...@bsdfrog.org wrote:
On Thu, Jul 10, 2014 at 06:51:01PM +0200, Loďc BLOT wrote:
Hello all,
I use rdomains to split routing domains per company and also separate
administration interfaces from routing interfaces on my routers (sshd,
bacula,
* Matthew Dempsky matt...@dempsky.org [2014-07-10 22:56]:
On Thu, Jul 10, 2014 at 1:20 PM, Ted Unangst t...@tedunangst.com wrote:
Thoughts?
Seems kind of hacky to me, but if it results in significant
performance improvements in real world uses, then I could be swayed
since it's not very
On Fri, Jul 11, 2014 at 06:28:04AM -0400, Ted Unangst wrote:
We don't need to hold the malloc lock when making syscalls like mmap
and munmap if we're just a little careful about the order of
operations. This will allow other threads to concurrently allocate
perhaps smaller chunks while the
* Stuart Henderson st...@openbsd.org [2014-07-11 10:49]:
Should we just move lynx to packages?
hmm. having a simple text browser in base is worthwile imo. and if it
is just to download sth where i don't know the exact URL.
personally, I haven't used lynx for anything but http and https in...
* Ted Unangst t...@tedunangst.com [2014-07-11 11:32]:
I think the proposal rampaging went one algorithm too far. sha1 is the
best algorithm supported by many clients and it's still pretty secure.
without it, a lot of clients have stopped working. temporarily alieve
the pain?
yes, please.
--
On Fri, Jul 11, 2014 at 13:56, Otto Moerbeek wrote:
On Fri, Jul 11, 2014 at 06:28:04AM -0400, Ted Unangst wrote:
We don't need to hold the malloc lock when making syscalls like mmap
and munmap if we're just a little careful about the order of
operations. This will allow other threads to
On 07/11/14 01:15, Maximilian Fillinger wrote:
On 07/10/14 16:28, Alexander Hall wrote:
Anyway, I worked on your diff a bit more:
- keep having -U and -u separate (as discussed)
- use Uflag instead of duidflag
- bail out if the duid is all 0.
- allow specifying the drive to dump by duid.part
On Fri, 2014-07-11 at 14:22 +0200, Alexander Hall wrote:
If there are no other objections, I'd like to commit this today.
Just don't forget to get rid of this
+ } else { fprintf(stderr, duid: %s\n, duid); }
before committing.
On 07/11/14 11:32, Ted Unangst wrote:
I think the proposal rampaging went one algorithm too far. sha1 is the
best algorithm supported by many clients and it's still pretty secure.
without it, a lot of clients have stopped working. temporarily alieve
the pain?
Naaa.. You did this just for
yes please.
On Fri, Jul 11, 2014 at 3:32 AM, Ted Unangst t...@tedunangst.com wrote:
I think the proposal rampaging went one algorithm too far. sha1 is the
best algorithm supported by many clients and it's still pretty secure.
without it, a lot of clients have stopped working. temporarily
On 07/11/14 14:33, Maximilian Fillinger wrote:
On Fri, 2014-07-11 at 14:22 +0200, Alexander Hall wrote:
If there are no other objections, I'd like to commit this today.
Just don't forget to get rid of this
+ } else { fprintf(stderr, duid: %s\n, duid); }
before committing.
Hmm...
Penned by Mike Belopuhov on 20140711 6:49.19, we have:
| On 11 July 2014 10:29, Antoine Jacoutot ajacou...@bsdfrog.org wrote:
| On Thu, Jul 10, 2014 at 06:51:01PM +0200, Loďc BLOT wrote:
| Hello all,
| I use rdomains to split routing domains per company and also separate
| administration
Penned by Mike Belopuhov on 20140711 6:49.19, we have:
| On 11 July 2014 10:29, Antoine Jacoutot ajacou...@bsdfrog.org wrote:
| On Thu, Jul 10, 2014 at 06:51:01PM +0200, LoÄc BLOT wrote:
| Hello all,
| I use rdomains to split routing domains per company and also separate
usr.sbin, missing prototypes:
diff --git usr.sbin/mrouted/defs.h usr.sbin/mrouted/defs.h
index 4c9224a..45b060f 100644
--- usr.sbin/mrouted/defs.h
+++ usr.sbin/mrouted/defs.h
@@ -209,6 +209,7 @@ extern void accept_leave_message(u_int32_t src,
u_int32_t dst,
usr.sbin, fix bind configure:
Carefully checked that config.h and generated Makefiles don't change.
diff --git usr.sbin/bind/configure usr.sbin/bind/configure
index 6e280ad..db02979 100644
--- usr.sbin/bind/configure
+++ usr.sbin/bind/configure
@@ -4596,6 +4596,8 @@ cat confdefs.h
usr.sbin, fix nsd/unbound configure
carefully checked that config.h and generated Makefiles don't change.
need for _XOPEN_VERSION pointed out by guenther@
diff --git usr.sbin/nsd/configure usr.sbin/nsd/configure
index d2d28c1..c2a40e8 100644
--- usr.sbin/nsd/configure
+++ usr.sbin/nsd/configure
usr.sbin; enable -Werror-implicit-function-declaration:
This has currently no effect on subdirs using Makefile.bsd-wrapper
(bind, nginx, nsd, unbound). This is beeing worked on. With a
workaround they have been tested and with the previous diffs are
clean.
diff --git usr.sbin/Makefile.inc
On Fri, Jul 11, 2014 at 14:09, Florian Obser wrote:
usr.sbin, make sure subdirs of subdirs see usr.sbin/Makefile.inc:
Does the same thing as lpr/pac and pppd/pppstats. I have no idea if
this is the right way, but it seems to work. Cluebats welcome.
I think maybe it would be nicer to create a
Réseaux
http://www.unix-experience.fr
Theo de Raadt dera...@cvs.openbsd.org a écrit :
Penned by Mike Belopuhov on 20140711 6:49.19, we have:
| On 11 July 2014 10:29, Antoine Jacoutot ajacou...@bsdfrog.org wrote:
| On Thu, Jul 10, 2014 at 06:51:01PM +0200, Lo��c BLOT wrote:
| Hello all,
| I
On 2014/07/11 13:49, Mike Belopuhov wrote:
as far as i can tell the daemon_rdomain bit that goes into the rc
script is fine, however i'm not quite sure how can i start two
daemons in different rdomains via rc.conf.local. looks like this
diff doesn't handle this and allows only one instance in
On Wed, 09 Jul 2014 20:40:36 +0200 (CEST)
YASUOKA Masahiko yasu...@yasuoka.net wrote:
On Wed, 9 Jul 2014 19:08:09 +0200
Kenneth Westerback kwesterb...@gmail.com wrote:
On 9 July 2014 16:26, YASUOKA Masahiko yasu...@yasuoka.net wrote:
This diff fixes dhcpinform to work without lease.
ok?
Ok ok ok .. having the ability to specify the rdomain for the one instance of
a daemon started by /etc/rc does let other monkeying to be done from
/etc/rc.local
if desired.
Thanks,
Penned by Loïc Blot on 20140711 9:56.35, we have:
| Of course,
| I have set the fewer modification on rc.subr
Not having a macppc machine of my own anymore, I am forced to
rely on the kindness of strangers. I'm looking specifically
for macppc machines with the line
abtn at adb?
in the dmesg. If you or a loved one owns such a machine, please
contact me off-list, as I have a small change to the driver
Hi,
On Wed, Jul 02, 2014 at 01:34:51PM +0200, Markus Gebert wrote:
I hope this is the right mailing list to publish a patch. If not,
please let me know where to place it or how I should get in contact
with the relayd maintainer(s).
I've added some new SSL features and config options to
On Fri, Jul 11, 2014 at 12:20:00PM +0200, Alexander Hall wrote:
On 07/10/14 06:30, Lawrence Teo wrote:
About a month ago, I sent a diff that allows ftp(1) to set its
User-Agent.
Based on feedback from halex@ and deraadt@, I have changed it so that
the User-Agent can be set via a -U
On 07/11/14 17:35, Lawrence Teo wrote:
On Fri, Jul 11, 2014 at 12:20:00PM +0200, Alexander Hall wrote:
On 07/10/14 06:30, Lawrence Teo wrote:
About a month ago, I sent a diff that allows ftp(1) to set its
User-Agent.
Based on feedback from halex@ and deraadt@, I have changed it so that
the
1. redundant null tests
2. http decode can be linear instead of (n^2) with two pointers.
Index: cgi.c
===
RCS file: /cvs/src/usr.bin/mandoc/cgi.c,v
retrieving revision 1.1
diff -u -p -r1.1 cgi.c
--- cgi.c 11 Jul 2014 15:37:22
Another diff. HTTP headers have to be separated by CRLF.
Index: cgi.c
===
RCS file: /cvs/src/usr.bin/mandoc/cgi.c,v
retrieving revision 1.1
diff -u -p -r1.1 cgi.c
--- cgi.c 11 Jul 2014 15:37:22 - 1.1
+++ cgi.c 11
Hi Reyk
On 11.07.2014, at 17:29, Reyk Floeter r...@openbsd.org wrote:
On Wed, Jul 02, 2014 at 01:34:51PM +0200, Markus Gebert wrote:
I hope this is the right mailing list to publish a patch. If not,
please let me know where to place it or how I should get in contact
with the relayd
On Fri, Jul 11, 2014 at 10:27:57AM -0400, Ted Unangst wrote:
On Fri, Jul 11, 2014 at 14:09, Florian Obser wrote:
usr.sbin, make sure subdirs of subdirs see usr.sbin/Makefile.inc:
Does the same thing as lpr/pac and pppd/pppstats. I have no idea if
this is the right way, but it seems to
On Fri, Jul 11, 2014 at 12:19:22PM +0200, Philip Guenther wrote:
This should call warn() before unlink() or close() to guarantee that the
correct errno value is reported.
...
This and several other need to save errno and use errc(), ala:
Updated patch. Updated mktemp.3 this time.
Index:
On Fri, Jul 11, 2014 at 04:55:36PM +, Doug Hogan wrote:
Index: usr.bin/m4/eval.c
===
RCS file: /cvs/src/usr.bin/m4/eval.c,v
retrieving revision 1.72
diff -u -p -d -r1.72 eval.c
--- usr.bin/m4/eval.c 28 Apr 2014 12:34:11
On Fri, Jul 11, 2014 at 05:46:02PM +0200, Alexander Hall wrote:
On 07/11/14 17:35, Lawrence Teo wrote:
On Fri, Jul 11, 2014 at 12:20:00PM +0200, Alexander Hall wrote:
On 07/10/14 06:30, Lawrence Teo wrote:
About a month ago, I sent a diff that allows ftp(1) to set its
User-Agent.
Based on
The first release of LibreSSL portable has been released. LibreSSL
can be found in the LibreSSL directory of your favorite OpenBSD mirror.
http://ftp.openbsd.org/pub/OpenBSD/LibreSSL has it, and other mirrors
will soon.
libressl-2.0.0.tar.gz has been tested to build on various versions of
Linux,
On Fri, Jul 11, 2014 at 07:29:06PM +0200, Marc Espie wrote:
I don't like that part. The logic is a bit wrong. Especially since
unlink(fname) is always called for fd != -1, so I feel there should be one
single call.
Ok
Index: usr.bin/m4/eval.c
On 07/11/14 20:06, Lawrence Teo wrote:
On Fri, Jul 11, 2014 at 05:46:02PM +0200, Alexander Hall wrote:
On 07/11/14 17:35, Lawrence Teo wrote:
On Fri, Jul 11, 2014 at 12:20:00PM +0200, Alexander Hall wrote:
On 07/10/14 06:30, Lawrence Teo wrote:
About a month ago, I sent a diff that allows
On 7/11/14, Theo de Raadt dera...@cvs.openbsd.org wrote:
If lynx was removed from base, and only available in ports... how many of
you would even know of it's existance and use it?
asking rhetorically?
either way, yes, I would install lynx if it wasn't in base.
I use it on a daily basis.
On Fri, Jul 11, 2014 at 12:21:12 -0600, Bob Beck wrote:
The first release of LibreSSL portable has been released. LibreSSL
can be found in the LibreSSL directory of your favorite OpenBSD mirror.
http://ftp.openbsd.org/pub/OpenBSD/LibreSSL has it, and other mirrors
will soon.
Hello,
libressl-2.0.0.tar.gz has been tested to build on various versions of
Linux, Solaris, Mac OSX, and FreeBSD.
This is intended as an initial release to allow the community to start
using and providing feedback. We will be adding support for
other platforms as time and resources permit.
It's already fixed, so will be on the next tarball roll
On Fri, Jul 11, 2014 at 3:07 PM, Piotr Sikora piotr.sik...@frickle.com wrote:
Hello,
libressl-2.0.0.tar.gz has been tested to build on various versions of
Linux, Solaris, Mac OSX, and FreeBSD.
This is intended as an initial release to
Hi,
On Fri, Jul 11, 2014 at 12:21:12PM -0600, Bob Beck wrote:
The first release of LibreSSL portable has been released. LibreSSL
can be found in the LibreSSL directory of your favorite OpenBSD mirror.
http://ftp.openbsd.org/pub/OpenBSD/LibreSSL has it, and other mirrors
sounds great!
Hey Bob,
It's already fixed, so will be on the next tarball roll
Thanks!
I should have been more clear in my previous email, but would it be possible
to also revert OPENSSL_VERSION_NUMBER back to 0x1000107fL (or 0x1000108fL)?
This way LibreSSL would work as a drop-in replacement without
The OPENSSL_VERSION number is a guarantee for a certain version of the
ABI. As we dont' provide that (in fact much
of the ABI in LIbreSSL is beyond 1.0.1g, it is not accurate to use
the old OPENSSL_VERSION. Essnentially this OPENSSL_VERSION
is bigger than 1.0.1g's.
On Fri, Jul 11, 2014 at 4:15
I'm worried that bogus codepaths will be taken in software that expects a
certain openssl version - things failing to build we can cope with in ports
easily enough, I'm more concerned about software that does build but behaves
incorrectly at runtime.
I'm worried that bogus codepaths will be taken in software that expects a
certain openssl version - things failing to build we can cope with in ports
easily enough, I'm more concerned about software that does build but behaves
incorrectly at runtime.
If the software is that fragile, then I am
On Fri, Jul 11, 2014 at 3:41 PM, Bob Beck b...@obtuse.com wrote:
The OPENSSL_VERSION number is a guarantee for a certain version of the
ABI. As we dont' provide that (in fact much
of the ABI in LIbreSSL is beyond 1.0.1g, it is not accurate to use
the old OPENSSL_VERSION. Essnentially this
On Sat, Jul 12, 2014 at 00:22, Piotr Sikora wrote:
Hey Bob,
It's already fixed, so will be on the next tarball roll
Thanks!
I should have been more clear in my previous email, but would it be possible
to also revert OPENSSL_VERSION_NUMBER back to 0x1000107fL (or 0x1000108fL)?
This way
it. As expected, OPENSSL does the opposite and makes life harder for
everyone.
Hasn't this been the OpenSSL roadmap since the very beginning?
Hi,
I hope this is the right place to post libressl-related discussions.
I'm new here.
After today's release of the portable libressl version I tried to use
it as a drop-in-replacement on a gentoo linux system. There were a
numbre of issues popping up.
A number of packages failed to compile due
On 2014/07/12 01:13, Hanno Böck wrote:
I didn't know what egd was up until today, but reading what it is I
completely understand that consideration. However, this breaks a number
of packages (wget, python, ruby).
There's probably a simple solution: Just add dummy functions that
always return
On Sat, Jul 12, 2014 at 01:13, Hanno Böck wrote:
I didn't know what egd was up until today, but reading what it is I
completely understand that consideration. However, this breaks a number
of packages (wget, python, ruby).
Those packages would all be better off without egd support. In the
The fundamental probelm with this Matthew - is that next time, if we
do this, by the next release we will
be chasing what features we have imported from 1.0.2g and 10.2.z, and
1.0.2.qq - where does it end?
We will be continuing to add functionality in here from many sources,
and so assuming we
On Fri, Jul 11, 2014 at 4:37 PM, Bob Beck b...@obtuse.com wrote:
The fundamental probelm with this Matthew - is that next time, if we
do this, by the next release we will
be chasing what features we have imported from 1.0.2g and 10.2.z, and
1.0.2.qq - where does it end?
It ends whenever it
Hi,
I just noted that when I recompiled openssh against libressl (both
portable versions on linux) ssh segfaults when I try to use it.
Running it through ltrace it seems this happens when RAND_bytes is
called. I haven't debugged this in detail, but some observations:
* RAND_bytes in libressl
Hey Bob,
The fundamental probelm with this Matthew - is that next time, if we
do this, by the next release we will
be chasing what features we have imported from 1.0.2g and 10.2.z, and
1.0.2.qq - where does it end?
We will be continuing to add functionality in here from many sources,
and so
You need a more recent OpenSSH. The old versions of OpenSSH did a
foolish thing with their portable arc4random, and
called RAND_BYTES.
New OpenSSH does not do this.
On Fri, Jul 11, 2014 at 6:07 PM, Hanno Böck ha...@hboeck.de wrote:
Hi,
I just noted that when I recompiled openssh against
Ask the OpenSSH guys - if your OpenSSH portable is using RAND_BYTES,
well it could be using egd and all other sorts of interesting things.
You could try to change your link order instead to use the arc4random
implementation from libressl - which will work for you.
On Fri, Jul 11, 2014 at 6:19
On Fri, 11 Jul 2014 18:12:49 -0600
Bob Beck b...@obtuse.com wrote:
You need a more recent OpenSSH. The old versions of OpenSSH did a
foolish thing with their portable arc4random, and
called RAND_BYTES.
New OpenSSH does not do this.
I use 6.6p1 which is the latest available.
--
Hanno Böck
Thanks Bob and all the other LibreSSL hackers.
Just switched my slackware 14.1 box over to libressl instead of openssl and
it's working great so far, no problems at all.
This diff simplifies divert_output() further by removing the csum_flag
variable and setting the checksum flag in pkthdr directly (the variable
was originally there to help with zeroing the checksum, but we've now
determined that zeroing the checksum is unnecessary so that variable
is no longer
This patch is generated by coccinelle, but I reviewed it. I changed the
lpr patch to use warnc() so it has less code executing inside
PRIV_START.
I targeted if statements where it modifies errno before warn or err is
called. It checked a list of functions that are typically used in error
97 matches
Mail list logo