12 дек. 2014 г. 8:04 пользователь "Theo de Raadt"
написал:
>
> In all of these code blocks are a well-known piece of information
> (same time on your machine as everywhere else) is being used to seed a
> deterministic number generator.
>
> At some later point, deterministic numbers are taken out u
Hi,
the code for temporary file handling in patch is currently rather poor,
leaving possibilities for race conditions while patching files. Granted,
there is a bug in patch that makes it rather hard to be successfully
exploited as long as /tmp is on its own partition (which is basically
always tr
Theo de Raadt wrote:
> In all of these code blocks are a well-known piece of information
> (same time on your machine as everywhere else) is being used to seed a
> deterministic number generator.
>
> At some later point, deterministic numbers are taken out using rand(),
> random(), drand48(), lr
On Sat, Dec 13, 2014 at 10:57:42AM -0500, Daniel Dickman wrote:
> > - (*t == 'a' || *t == 'c' || *t == 'd' || *t == 'i' || *t
> > == 's')) {
> > + strchr("acdis", *t) != NULL) {
>
>
> doesn't this change the semantics slightly? i haven't looked at the
> contex
Hi,
patch accepts arbitrary ed commands after encountering "s". The "s"
ed command does not expect any further input, which makes it a one line
command like "d". Yet, patch sends any lines until "." unchecked to ed
through its pipe, allowing command execution.
Example:
$ ls
ed.diff
$ cat ed.di
On Fri, Dec 12, 2014 at 12:57:08PM -0500, Ted Unangst wrote:
> On Wed, Dec 10, 2014 at 21:51, Max Fillinger wrote:
> > Here's a version without malloc'ing the key.
>
> Looks like it still does?
Yes, I managed to just repost the previous diff...at least the thing is
in more competent hands now.
On Saturday 2014-12-13 00:08, Brent Cook wrote:
>> On Dec 12, 2014, at 5:04 PM, Jan Engelhardt wrote:
>>
>> To solve that, simply add
>>
>> libcrypto_la_LDFLAGS = -no-undefined
>> [same for libssl,libtls]
>>
>> Without this, the DLLs won't be produced.
>
>Thanks for the hint, will do!
Hi Kaspars,
Kaspars Bankovskis wrote on Fri, Dec 12, 2014 at 03:55:55PM +0200:
> .In and .An macro fixes
Committed that part, thanks.
Ingo
