This patch is generated by coccinelle, but I reviewed it. I changed the
lpr patch to use warnc() so it has less code executing inside
PRIV_START.
I targeted if statements where it modifies errno before warn or err is
called. It checked a list of functions that are typically used in error
handlin
This diff simplifies divert_output() further by removing the csum_flag
variable and setting the checksum flag in pkthdr directly (the variable
was originally there to help with zeroing the checksum, but we've now
determined that zeroing the checksum is unnecessary so that variable
is no longer need
Thanks Bob and all the other LibreSSL hackers.
Just switched my slackware 14.1 box over to libressl instead of openssl and
it's working great so far, no problems at all.
On Fri, Jul 11, 2014 at 18:22, Bob Beck wrote:
> Ask the OpenSSH guys - if your OpenSSH portable is using RAND_BYTES,
> well it could be using egd and all other sorts of interesting things.
>
> You could try to change your link order instead to use the arc4random
> implementation from libressl - w
On Fri, 11 Jul 2014 18:12:49 -0600
Bob Beck wrote:
> You need a more recent OpenSSH. The old versions of OpenSSH did a
> foolish thing with their portable arc4random, and
> called RAND_BYTES.
>
> New OpenSSH does not do this.
I use 6.6p1 which is the latest available.
--
Hanno Böck
http://hbo
Ask the OpenSSH guys - if your OpenSSH portable is using RAND_BYTES,
well it could be using egd and all other sorts of interesting things.
You could try to change your link order instead to use the arc4random
implementation from libressl - which will work for you.
On Fri, Jul 11, 2014 at 6:19 PM
You need a more recent OpenSSH. The old versions of OpenSSH did a
foolish thing with their portable arc4random, and
called RAND_BYTES.
New OpenSSH does not do this.
On Fri, Jul 11, 2014 at 6:07 PM, Hanno Böck wrote:
> Hi,
>
> I just noted that when I recompiled openssh against libressl (both
> p
Hey Bob,
The fundamental probelm with this Matthew - is that next time, if we
do this, by the next release we will
be chasing what features we have imported from 1.0.2g and 10.2.z, and
1.0.2.qq - where does it end?
We will be continuing to add functionality in here from many sources,
and so ass
Hi,
I just noted that when I recompiled openssh against libressl (both
portable versions on linux) ssh segfaults when I try to use it.
Running it through ltrace it seems this happens when RAND_bytes is
called. I haven't debugged this in detail, but some observations:
* RAND_bytes in libressl call
On Fri, Jul 11, 2014 at 4:37 PM, Bob Beck wrote:
> The fundamental probelm with this Matthew - is that next time, if we
> do this, by the next release we will
> be chasing what features we have imported from 1.0.2g and 10.2.z, and
> 1.0.2.qq - where does it end?
It ends whenever it stops helping
The fundamental probelm with this Matthew - is that next time, if we
do this, by the next release we will
be chasing what features we have imported from 1.0.2g and 10.2.z, and
1.0.2.qq - where does it end?
We will be continuing to add functionality in here from many sources,
and so assuming we cou
On Sat, Jul 12, 2014 at 01:13, Hanno Böck wrote:
> I didn't know what egd was up until today, but reading what it is I
> completely understand that consideration. However, this breaks a number
> of packages (wget, python, ruby).
Those packages would all be better off without egd support. In the
c
On 2014/07/12 01:13, Hanno Böck wrote:
> I didn't know what egd was up until today, but reading what it is I
> completely understand that consideration. However, this breaks a number
> of packages (wget, python, ruby).
> There's probably a simple solution: Just add dummy functions that
> always re
Hi,
I hope this is the right place to post libressl-related discussions.
I'm new here.
After today's release of the portable libressl version I tried to use
it as a drop-in-replacement on a gentoo linux system. There were a
numbre of issues popping up.
A number of packages failed to compile due
> it. As expected, OPENSSL does the opposite and makes life harder for
> everyone.
Hasn't this been the OpenSSL roadmap since the very beginning?
On Sat, Jul 12, 2014 at 00:22, Piotr Sikora wrote:
> Hey Bob,
>
>> It's already fixed, so will be on the next tarball roll
>
> Thanks!
>
> I should have been more clear in my previous email, but would it be possible
> to also revert OPENSSL_VERSION_NUMBER back to 0x1000107fL (or 0x1000108fL)?
>
On Fri, Jul 11, 2014 at 3:41 PM, Bob Beck wrote:
> The OPENSSL_VERSION number is a guarantee for a certain version of the
> ABI. As we dont' provide that (in fact much
> of the ABI in LIbreSSL is "beyond" 1.0.1g, it is not accurate to use
> the old OPENSSL_VERSION. Essnentially this OPENSSL_VERSIO
> I'm worried that bogus codepaths will be taken in software that expects a
> certain openssl version - things failing to build we can cope with in ports
> easily enough, I'm more concerned about software that does build but behaves
> incorrectly at runtime.
If the software is that fragile, then I
I'm worried that bogus codepaths will be taken in software that expects a
certain openssl version - things failing to build we can cope with in ports
easily enough, I'm more concerned about software that does build but behaves
incorrectly at runtime.
And seeing as how they moved 0.0.4 revisons in 9 years, call that
0.0.05 revisions per year, they have approximately 194 years of
OpenSSL releases before the version numbering space will collide.
On Fri, Jul 11, 2014 at 4:41 PM, Bob Beck wrote:
> The OPENSSL_VERSION number is a guarantee for a c
The OPENSSL_VERSION number is a guarantee for a certain version of the
ABI. As we dont' provide that (in fact much
of the ABI in LIbreSSL is "beyond" 1.0.1g, it is not accurate to use
the old OPENSSL_VERSION. Essnentially this OPENSSL_VERSION
is "bigger than 1.0.1g"'s.
On Fri, Jul 11, 2014 at 4:
Hey Bob,
It's already fixed, so will be on the next tarball roll
Thanks!
I should have been more clear in my previous email, but would it be possible
to also revert OPENSSL_VERSION_NUMBER back to 0x1000107fL (or 0x1000108fL)?
This way LibreSSL would work as a drop-in replacement without app
Hi,
On Fri, Jul 11, 2014 at 12:21:12PM -0600, Bob Beck wrote:
> The first release of LibreSSL portable has been released. LibreSSL
> can be found in the LibreSSL directory of your favorite OpenBSD mirror.
>
> http://ftp.openbsd.org/pub/OpenBSD/LibreSSL has it, and other mirrors
sounds great!
W
On 2014/07/11 15:21, Bob Beck wrote:
> CVSROOT: /cvs
> Module name: src
> Changes by: b...@cvs.openbsd.org2014/07/11 15:21:59
>
> Modified files:
> lib/libssl/src/crypto: opensslv.h
>
> Log message:
> Provide LIBRESSL_VERSION_NUMBER for people who use such things to
> detect ve
It's already fixed, so will be on the next tarball roll
On Fri, Jul 11, 2014 at 3:07 PM, Piotr Sikora wrote:
> Hello,
>
>
>> libressl-2.0.0.tar.gz has been tested to build on various versions of
>> Linux, Solaris, Mac OSX, and FreeBSD.
>>
>> This is intended as an initial release to allow the com
Hello,
libressl-2.0.0.tar.gz has been tested to build on various versions of
Linux, Solaris, Mac OSX, and FreeBSD.
This is intended as an initial release to allow the community to start
using and providing feedback. We will be adding support for
other platforms as time and resources permit.
C
On Fri, Jul 11, 2014 at 12:21:12 -0600, Bob Beck wrote:
> The first release of LibreSSL portable has been released. LibreSSL
> can be found in the LibreSSL directory of your favorite OpenBSD mirror.
>
> http://ftp.openbsd.org/pub/OpenBSD/LibreSSL has it, and other mirrors
> will soon.
>
> libress
On 7/11/14, Theo de Raadt wrote:
> If lynx was removed from base, and only available in ports... how many of
> you would even know of it's existance and use it?
asking rhetorically?
either way, yes, I would install lynx if it wasn't in base.
I use it on a daily basis.
--patrick
On 07/11/14 20:06, Lawrence Teo wrote:
On Fri, Jul 11, 2014 at 05:46:02PM +0200, Alexander Hall wrote:
On 07/11/14 17:35, Lawrence Teo wrote:
On Fri, Jul 11, 2014 at 12:20:00PM +0200, Alexander Hall wrote:
On 07/10/14 06:30, Lawrence Teo wrote:
About a month ago, I sent a diff that allows ftp
On Fri, Jul 11, 2014 at 07:29:06PM +0200, Marc Espie wrote:
> I don't like that part. The logic is a bit wrong. Especially since
> unlink(fname) is always called for fd != -1, so I feel there should be one
> single call.
Ok
Index: usr.bin/m4/eval.c
===
The first release of LibreSSL portable has been released. LibreSSL
can be found in the LibreSSL directory of your favorite OpenBSD mirror.
http://ftp.openbsd.org/pub/OpenBSD/LibreSSL has it, and other mirrors
will soon.
libressl-2.0.0.tar.gz has been tested to build on various versions of
Linux,
On Fri, Jul 11, 2014 at 05:46:02PM +0200, Alexander Hall wrote:
> On 07/11/14 17:35, Lawrence Teo wrote:
> >On Fri, Jul 11, 2014 at 12:20:00PM +0200, Alexander Hall wrote:
> >>On 07/10/14 06:30, Lawrence Teo wrote:
> >>>About a month ago, I sent a diff that allows ftp(1) to set its
> >>>User-Agent.
On Fri, Jul 11, 2014 at 04:55:36PM +, Doug Hogan wrote:
> Index: usr.bin/m4/eval.c
> ===
> RCS file: /cvs/src/usr.bin/m4/eval.c,v
> retrieving revision 1.72
> diff -u -p -d -r1.72 eval.c
> --- usr.bin/m4/eval.c 28 Apr 2014 12:34:11
On Fri, Jul 11, 2014 at 12:19:22PM +0200, Philip Guenther wrote:
> This should call warn() before unlink() or close() to guarantee that the
> correct errno value is reported.
...
> This and several other need to save errno and use errc(), ala:
Updated patch. Updated mktemp.3 this time.
Index: b
Anyone?
On Fri, Jul 04, 2014 at 07:41:07PM +0200, Tobias Stoeckmann wrote:
> On Sun, Jun 29, 2014 at 08:40:53PM +0200, Tobias Stoeckmann wrote:
> > "cc -c" works for zaurus' cmd.c. I don't have a zaurus, so it would be
> > nice if a zaurus owner can test these changes.
>
> Got feedback from zaur
On Fri, Jul 11, 2014 at 10:27:57AM -0400, Ted Unangst wrote:
> On Fri, Jul 11, 2014 at 14:09, Florian Obser wrote:
> > usr.sbin, make sure subdirs of subdirs see usr.sbin/Makefile.inc:
> >
> > Does the same thing as lpr/pac and pppd/pppstats. I have no idea if
> > this is the right way, but it see
Hi Reyk
On 11.07.2014, at 17:29, Reyk Floeter wrote:
> On Wed, Jul 02, 2014 at 01:34:51PM +0200, Markus Gebert wrote:
>> I hope this is the right mailing list to publish a patch. If not,
>> please let me know where to place it or how I should get in contact
>> with the relayd maintainer(s).
>>
Another diff. HTTP headers have to be separated by CRLF.
Index: cgi.c
===
RCS file: /cvs/src/usr.bin/mandoc/cgi.c,v
retrieving revision 1.1
diff -u -p -r1.1 cgi.c
--- cgi.c 11 Jul 2014 15:37:22 - 1.1
+++ cgi.c 11
1. redundant null tests
2. http decode can be linear instead of (n^2) with two pointers.
Index: cgi.c
===
RCS file: /cvs/src/usr.bin/mandoc/cgi.c,v
retrieving revision 1.1
diff -u -p -r1.1 cgi.c
--- cgi.c 11 Jul 2014 15:37:22 -
On 07/11/14 17:35, Lawrence Teo wrote:
On Fri, Jul 11, 2014 at 12:20:00PM +0200, Alexander Hall wrote:
On 07/10/14 06:30, Lawrence Teo wrote:
About a month ago, I sent a diff that allows ftp(1) to set its
User-Agent.
Based on feedback from halex@ and deraadt@, I have changed it so that
the Use
On Fri, Jul 11, 2014 at 12:20:00PM +0200, Alexander Hall wrote:
> On 07/10/14 06:30, Lawrence Teo wrote:
> > About a month ago, I sent a diff that allows ftp(1) to set its
> > User-Agent.
> >
> > Based on feedback from halex@ and deraadt@, I have changed it so that
> > the User-Agent can be set vi
Hi,
On Wed, Jul 02, 2014 at 01:34:51PM +0200, Markus Gebert wrote:
> I hope this is the right mailing list to publish a patch. If not,
> please let me know where to place it or how I should get in contact
> with the relayd maintainer(s).
>
> I've added some new SSL features and config options to
Not having a macppc machine of my own anymore, I am forced to
rely on the kindness of strangers. I'm looking specifically
for macppc machines with the line
abtn at adb?
in the dmesg. If you or a loved one owns such a machine, please
contact me off-list, as I have a small change to the driver
that
Ok ok ok .. having the ability to specify the rdomain for the one instance of
a daemon started by /etc/rc does let other monkeying to be done from
/etc/rc.local
if desired.
Thanks,
Penned by Loïc Blot on 20140711 9:56.35, we have:
| Of course,
| I have set the fewer modification on rc.subr
On Wed, 09 Jul 2014 20:40:36 +0200 (CEST)
YASUOKA Masahiko wrote:
> On Wed, 9 Jul 2014 19:08:09 +0200
> Kenneth Westerback wrote:
>> On 9 July 2014 16:26, YASUOKA Masahiko wrote:
>>> This diff fixes dhcpinform to work without lease.
>>>
>>> ok?
>>>
>>> Fix dhcpinform to work without lease.
>>>
On 2014/07/11 13:49, Mike Belopuhov wrote:
> as far as i can tell the daemon_rdomain bit that goes into the rc
> script is fine, however i'm not quite sure how can i start two
> daemons in different rdomains via rc.conf.local. looks like this
> diff doesn't handle this and allows only one instance
Réseaux
http://www.unix-experience.fr
Theo de Raadt a écrit :
>> Penned by Mike Belopuhov on 20140711 6:49.19, we have:
>> | On 11 July 2014 10:29, Antoine Jacoutot wrote:
>> | > On Thu, Jul 10, 2014 at 06:51:01PM +0200, Lo��c BLOT wrote:
>> | >> Hello all,
>&g
On Fri, Jul 11, 2014 at 14:09, Florian Obser wrote:
> usr.sbin, make sure subdirs of subdirs see usr.sbin/Makefile.inc:
>
> Does the same thing as lpr/pac and pppd/pppstats. I have no idea if
> this is the right way, but it seems to work. Cluebats welcome.
I think maybe it would be nicer to creat
usr.sbin; enable -Werror-implicit-function-declaration:
This has currently no effect on subdirs using Makefile.bsd-wrapper
(bind, nginx, nsd, unbound). This is beeing worked on. With a
workaround they have been tested and with the previous diffs are
clean.
diff --git usr.sbin/Makefile.inc usr.sbi
On Fri, Jul 11, 2014 at 14:03, Florian Obser wrote:
> usr.sbin, missing prototypes:
>
> diff --git usr.sbin/mrouted/defs.h usr.sbin/mrouted/defs.h
ok, with the provision that nobody ever ask me any mrouted questions.
usr.sbin, make sure subdirs of subdirs see usr.sbin/Makefile.inc:
Does the same thing as lpr/pac and pppd/pppstats. I have no idea if
this is the right way, but it seems to work. Cluebats welcome.
diff --git usr.sbin/lpr/filters/Makefile usr.sbin/lpr/filters/Makefile
index be83507..7308625 100644
usr.sbin, fix nsd/unbound configure
carefully checked that config.h and generated Makefiles don't change.
need for _XOPEN_VERSION pointed out by guenther@
diff --git usr.sbin/nsd/configure usr.sbin/nsd/configure
index d2d28c1..c2a40e8 100644
--- usr.sbin/nsd/configure
+++ usr.sbin/nsd/configure
@
usr.sbin, fix bind configure:
Carefully checked that config.h and generated Makefiles don't change.
diff --git usr.sbin/bind/configure usr.sbin/bind/configure
index 6e280ad..db02979 100644
--- usr.sbin/bind/configure
+++ usr.sbin/bind/configure
@@ -4596,6 +4596,8 @@ cat confdefs.h >>conftest.$ac_e
usr.sbin, missing prototypes:
diff --git usr.sbin/mrouted/defs.h usr.sbin/mrouted/defs.h
index 4c9224a..45b060f 100644
--- usr.sbin/mrouted/defs.h
+++ usr.sbin/mrouted/defs.h
@@ -209,6 +209,7 @@ extern void accept_leave_message(u_int32_t src,
u_int32_t dst,
u_i
> Penned by Mike Belopuhov on 20140711 6:49.19, we have:
> | On 11 July 2014 10:29, Antoine Jacoutot wrote:
> | > On Thu, Jul 10, 2014 at 06:51:01PM +0200, LoÄc BLOT wrote:
> | >> Hello all,
> | >> I use rdomains to split routing domains per company and also
Penned by Mike Belopuhov on 20140711 6:49.19, we have:
| On 11 July 2014 10:29, Antoine Jacoutot wrote:
| > On Thu, Jul 10, 2014 at 06:51:01PM +0200, Loďc BLOT wrote:
| >> Hello all,
| >> I use rdomains to split routing domains per company and also separate
| >> administr
On 07/11/14 14:33, Maximilian Fillinger wrote:
> On Fri, 2014-07-11 at 14:22 +0200, Alexander Hall wrote:
>> If there are no other objections, I'd like to commit this today.
>
> Just don't forget to get rid of this
>> + } else { fprintf(stderr, "duid: %s\n", duid); }
> before committing.
>
yes please.
On Fri, Jul 11, 2014 at 3:32 AM, Ted Unangst wrote:
> I think the proposal rampaging went one algorithm too far. sha1 is the
> best algorithm supported by many clients and it's still pretty secure.
> without it, a lot of clients have stopped working. temporarily alieve
> the pain?
>
>
On 07/11/14 11:32, Ted Unangst wrote:
I think the proposal rampaging went one algorithm too far. sha1 is the
best algorithm supported by many clients and it's still pretty secure.
without it, a lot of clients have stopped working. temporarily alieve
the pain?
Naaa.. You did this just for me
On Fri, 2014-07-11 at 14:22 +0200, Alexander Hall wrote:
> If there are no other objections, I'd like to commit this today.
Just don't forget to get rid of this
> + } else { fprintf(stderr, "duid: %s\n", duid); }
before committing.
On 07/11/14 01:15, Maximilian Fillinger wrote:
On 07/10/14 16:28, Alexander Hall wrote:
Anyway, I worked on your diff a bit more:
- keep having -U and -u separate (as discussed)
- use Uflag instead of duidflag
- bail out if the duid is all 0.
- allow specifying the drive to dump by . on the
On Fri, Jul 11, 2014 at 13:56, Otto Moerbeek wrote:
> On Fri, Jul 11, 2014 at 06:28:04AM -0400, Ted Unangst wrote:
>
>> We don't need to hold the malloc lock when making syscalls like mmap
>> and munmap if we're just a little careful about the order of
>> operations. This will allow other threads
* Ted Unangst [2014-07-11 11:32]:
> I think the proposal rampaging went one algorithm too far. sha1 is the
> best algorithm supported by many clients and it's still pretty secure.
> without it, a lot of clients have stopped working. temporarily alieve
> the pain?
yes, please.
--
Henning Brauer,
* Paul Irofti [2014-07-11 11:40]:
> No, gopher can't go!
just do
pkg_gyp gopher
to get over it.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Managed
Henning
* Stuart Henderson [2014-07-11 10:49]:
> Should we just move lynx to packages?
hmm. having a simple text browser in base is worthwile imo. and if it
is just to download sth where i don't know the exact URL.
personally, I haven't used lynx for anything but http and https in...
what, a decade?
--
On Fri, Jul 11, 2014 at 06:28:04AM -0400, Ted Unangst wrote:
> We don't need to hold the malloc lock when making syscalls like mmap
> and munmap if we're just a little careful about the order of
> operations. This will allow other threads to concurrently allocate
> perhaps smaller chunks while the
* Matthew Dempsky [2014-07-10 22:56]:
> On Thu, Jul 10, 2014 at 1:20 PM, Ted Unangst wrote:
> > Thoughts?
>
> Seems kind of hacky to me, but if it results in significant
> performance improvements in real world uses, then I could be swayed
> since it's not very intrusive either.
indeed.
--
He
On 11 July 2014 10:29, Antoine Jacoutot wrote:
> On Thu, Jul 10, 2014 at 06:51:01PM +0200, Loďc BLOT wrote:
>> Hello all,
>> I use rdomains to split routing domains per company and also separate
>> administration interfaces from routing interfaces on my routers (sshd,
>> bacula, postfix and puppet
I would know of its existence, but likely not install it. As I said, I have
workarounds. I remember how bad the code was years ago, so I agree with the
idea in general, but it will be a pain in the butt for me every once in a while
:-(.
-Adam
On July 11, 2014 4:03:29 AM CDT, Theo de Raadt wr
On Fri, Jul 11, 2014 at 05:32:20AM -0400, Ted Unangst wrote:
> I think the proposal rampaging went one algorithm too far. sha1 is the
> best algorithm supported by many clients and it's still pretty secure.
> without it, a lot of clients have stopped working. temporarily alieve
> the pain?
I for o
Fair point Reyk, I honestly did not think about this daemon approach !
Thanks for your inputs !
On 11 July 2014 11:59, Reyk Floeter wrote:
> Hi,
>
> On Fri, Jul 11, 2014 at 11:33:19AM +0100, David Carlier wrote:
> > I was wondering if a generic small geoloc lib might interest ? which can
> > l
On Fri, Jul 11, 2014 at 12:19:22PM +0200, Philip Guenther wrote:
> This should call warn() before unlink() or close() to guarantee that the
> correct errno value is reported.
Philip,
I see what you are saying. I was following the man page example in
mkstemp(3) which calls warn() after unlink/clo
On Fri, Jul 11, 2014 at 12:25:01AM -0400, Jared Yanovich wrote:
> On Sun, Jul 06, 2014 at 09:03:17PM +0200, Otto Moerbeek wrote:
>
> > > Alternatively we could just import the FreeBSD sort(1) rewrite from 2012.
> >
> > Did you try to
> > port it? I won't have time the coming weeks, I'll be on vac
Hi,
On Fri, Jul 11, 2014 at 11:33:19AM +0100, David Carlier wrote:
> I was wondering if a generic small geoloc lib might interest ? which can
> load dynamically any geo localisation library via dlopen and so on ... to
> get, let's say, a country code with an ip address ... can serve for some
> pur
* Kent R. Spillner [2014-07-10 20:47]:
> I saw this was already committed, but one tiny consistency nit inline below.
I'd argue it's not consistency, rather the opposite, since:
> > - mh.mh_len = 4;
> > + bpf_mtap_hdr(arg, (caddr_t)&afh, 4, m, direction, NULL);
you see this was very mechani
On Fri, Jul 11, 2014 at 01:38:23AM -0600, Theo de Raadt wrote:
> I am a bit concerned. The description is trying too hard to be overly
> precise, and may be cumbersome for the typical reader of this page.
indeed, and I also dislike putting too much implementation details
into a man page. Things
Hi all,
I was wondering if a generic small geoloc lib might interest ? which can
load dynamically any geo localisation library via dlopen and so on ... to
get, let's say, a country code with an ip address ... can serve for some
purposes (I ll use it for geolocalisation load balancing via relayd) .
We don't need to hold the malloc lock when making syscalls like mmap
and munmap if we're just a little careful about the order of
operations. This will allow other threads to concurrently allocate
perhaps smaller chunks while the first thread is in the kernel.
This makes a huge difference in a sim
On 07/10/14 06:30, Lawrence Teo wrote:
> About a month ago, I sent a diff that allows ftp(1) to set its
> User-Agent.
>
> Based on feedback from halex@ and deraadt@, I have changed it so that
> the User-Agent can be set via a -U command-line option instead of an
> environment variable.
>
> I have
On Fri, Jul 11, 2014 at 11:41 AM, Doug Hogan wrote:
> Index: sbin/disklabel/disklabel.c
> ===
> RCS file: /cvs/src/sbin/disklabel/disklabel.c,v
> retrieving revision 1.195
> diff -u -p -d -r1.195 disklabel.c
> --- sbin/disklabel/disk
On Fri, Jul 11, 2014 at 07:25:06AM +, Doug Hogan wrote:
> On Fri, Jul 11, 2014 at 01:03:54AM -0600, Anthony J. Bentley wrote:
> > In addition to what jmc said, if you document these flags they need to
> > be marked up with the Cm macro instead of ASCII single quotes.
>
> My mistake. Fixed ver
On 11 July 2014 12:41, Doug Hogan wrote:
>
> Index: bin/csh/dol.c
> ===
> RCS file: /cvs/src/bin/csh/dol.c,v
> retrieving revision 1.17
> diff -u -p -d -r1.17 dol.c
> --- bin/csh/dol.c 12 Aug 2010 02:00:27 - 1.17
> +++
On 2014/07/11 05:32, Ted Unangst wrote:
> I think the proposal rampaging went one algorithm too far. sha1 is the
> best algorithm supported by many clients and it's still pretty secure.
> without it, a lot of clients have stopped working. temporarily alieve
> the pain?
Re-adding SHA1 will fix thin
Index: bin/csh/dol.c
===
RCS file: /cvs/src/bin/csh/dol.c,v
retrieving revision 1.17
diff -u -p -d -r1.17 dol.c
--- bin/csh/dol.c 12 Aug 2010 02:00:27 - 1.17
+++ bin/csh/dol.c 11 Jul 2014 09:12:11 -
@@ -829,7
On Thu, Jul 10, 2014 at 11:05:45PM -0400, Daniel Dickman wrote:
> Patch below turns off the following ancient protocols built into lynx:
> bibp, finger, gopher, and news.
>
> For some urls, lynx will invoke an external command. Turn off telnet,
> rlogin and tn3270 urls by defining them to false(
On 2014/07/11 05:05, Ted Unangst wrote:
> On Fri, Jul 11, 2014 at 09:56, Stuart Henderson wrote:
> > On 2014/07/11 18:51, Brett Mahar wrote:
> >> On Fri, 11 Jul 2014 09:48:12 +0100
> >> Stuart Henderson wrote:
> >>
> >> | On 2014/07/11 01:18, Theo de Raadt wrote:
> >> | > > I too use gopher in lyn
I think the proposal rampaging went one algorithm too far. sha1 is the
best algorithm supported by many clients and it's still pretty secure.
without it, a lot of clients have stopped working. temporarily alieve
the pain?
Index: myproposal.h
===
On Fri, Jul 11, 2014 at 09:56, Stuart Henderson wrote:
> On 2014/07/11 18:51, Brett Mahar wrote:
>> On Fri, 11 Jul 2014 09:48:12 +0100
>> Stuart Henderson wrote:
>>
>> | On 2014/07/11 01:18, Theo de Raadt wrote:
>> | > > I too use gopher in lynx regularly, and would miss support. There
> is =
>> |
If lynx was removed from base, and only available in ports... how many of
you would even know of it's existance and use it?
> Everytime someone (it is Daniel this time) tries to avert risk in even a
> minor way, the peanut gallery rises up with "I want the whole pig in base".
>
> Daniel is doing the right thing. Fully loaded lynx can be in the ports tree
> too, and we can keep track of the download statistics to see b
> I find lynx really handy to have in base, e.g. installing on a new
> machine, users can just go to openbsd.org and cut and paste a pkg_path
> prior to installing anything, and read the faq.
that is why it is in base.
but someone on the list wants to visit the openbsd gopher page to get
that inf
>On 2014/07/11 01:18, Theo de Raadt wrote:
>> > I too use gopher in lynx regularly, and would miss support. There is =
>> > still a surprisingly active community using gopher. (floodgap, et al.)
>>
>> So install a package.
>
>Should we just move lynx to packages?
It is nice to have something in b
On 2014/07/11 18:51, Brett Mahar wrote:
> On Fri, 11 Jul 2014 09:48:12 +0100
> Stuart Henderson wrote:
>
> | On 2014/07/11 01:18, Theo de Raadt wrote:
> | > > I too use gopher in lynx regularly, and would miss support. There is =
> | > > still a surprisingly active community using gopher. (floodg
On Fri, 11 Jul 2014 09:48:12 +0100
Stuart Henderson wrote:
| On 2014/07/11 01:18, Theo de Raadt wrote:
| > > I too use gopher in lynx regularly, and would miss support. There is =
| > > still a surprisingly active community using gopher. (floodgap, et al.)
| >
| > So install a package.
|
| Shou
On 2014/07/11 01:18, Theo de Raadt wrote:
> > I too use gopher in lynx regularly, and would miss support. There is =
> > still a surprisingly active community using gopher. (floodgap, et al.)
>
> So install a package.
Should we just move lynx to packages?
On Thu, Jul 10, 2014 at 06:51:01PM +0200, Loïc BLOT wrote:
> Hello all,
> I use rdomains to split routing domains per company and also separate
> administration interfaces from routing interfaces on my routers (sshd,
> bacula, postfix and puppetd running on a dedicated rdomain)
>
> Actually there
thanks, will be fixed shortly
as a side note this is not built and will be removed from smtpd
to be shipped as an external backend
On Fri, Jul 11, 2014 at 05:39:02AM +, Doug Hogan wrote:
> socket() returns -1 on error.
>
>
> Index: usr.sbin/smtpd/table_socketmap.c
> ===
Another patch will handle some of the fdopen error handling leaks
that are combined with missing unlink calls when using mkstemp.
Index: games/atc/log.c
===
RCS file: /cvs/src/games/atc/log.c,v
retrieving revision 1.17
diff -u -p -d
On Fri, Jul 11, 2014 at 06:31, Doug Hogan wrote:
> Csh has a section of code where it NUL terminates after a strlcpy().
> Strlcpy() may read past what readlink() wrote since readlink() does
> not append a NUL.
applied (and smtpd sock fix), thanks.
I am a bit concerned. The description is trying too hard to be overly
precise, and may be cumbersome for the typical reader of this page.
> Index: lib/libc/stdlib/malloc.3
> ===
> RCS file: /cvs/src/lib/libc/stdlib/malloc.3,v
> retri
1 - 100 of 105 matches
Mail list logo
