As reported elsewhere (http://seclists.org/oss-sec/2015/q4/87 via
http://www.opennet.ru/43146), both of these errors were introduced as
part of the refactoring.
Quick glance through
http://bxr.su/o/lib/libssl/src/crypto/objects/obj_dat.c#OBJ_obj2txt
indicates that the memory leak issue was introdu
Pretty spiffy box, overall. I think some would object to the keyboard
but it seems fine to me...when I'm not using my Kinesis. ;-)
Glitches and odd points:
With it plugged into the dock and closed, I'm getting occasional mouse
jumps, mostly to the bottom right corner and usually with a button
p
On Mon, Oct 26, 2015 at 07:08:19PM +0100, Martin Pieuchot wrote:
> This rewrites the code to send an ARP reply to no use ``myaddr''. The
> goal is to get rid of the per-ifp address list iterations.
>
> Instead do two route lookups.
>
> ok?
Should the "reply:" label stay before the "if (op != AR
Stefan Sperling writes:
> On Mon, Oct 26, 2015 at 03:58:58PM -0600, Anthony J. Bentley wrote:
> > "Ted Unangst" writes:
> > > it only gets deeper and thicker...
> >
> > Indeed.
> >
> > Here's a shorter implementation. Like colorls(1), it uses wide
> > characters (only within the putname() functio
OK bluhm@
On Mon, Oct 26, 2015 at 05:24:19PM +0100, Martin Pieuchot wrote:
> Index: net/if.c
> ===
> RCS file: /cvs/src/sys/net/if.c,v
> retrieving revision 1.398
> diff -u -p -r1.398 if.c
> --- net/if.c 25 Oct 2015 21:58:04 -
On Mon, Oct 26, 2015 at 06:34:07PM +0100, Mike Belopuhov wrote:
> Rather scarce, but that's all we've been given so far.
> I can add more chacha-only test cases, but I don't believe
> that this is strictly necessary.
>
> OK?
>
I ran these test vectors and applied them to the openssl version as w
On 26 October 2015 at 23:52, Damien Miller wrote:
> On Mon, 26 Oct 2015, Mike Belopuhov wrote:
>
>> OK?
>
> Will this get the nonce right on BE systems?
>
nonce is a uint8_t array, so of course yes, it's endian agnostic because
you address memory byte by byte.
>> + /* initial counter is 1 */
On Mon, 26 Oct 2015, Mike Belopuhov wrote:
> OK?
Will this get the nonce right on BE systems?
> + /* initial counter is 1 */
> + ctx->nonce[0] = 1;
> + memcpy(ctx->nonce + CHACHA20_CTR, key + CHACHA20_KEYSIZE,
> + CHACHA20_SALT);
On Mon, Oct 26, 2015 at 06:31:08PM +0100, Mike Belopuhov wrote:
> OK?
>
see two comments below.
Otherwise OK.
> ---
> sys/crypto/cryptosoft.c | 24
> 1 file changed, 24 insertions(+)
>
> diff --git sys/crypto/cryptosoft.c sys/crypto/cryptosoft.c
> index f735c7c..2a4ab
On Mon, Oct 26, 2015 at 06:28:19PM +0100, Mike Belopuhov wrote:
> OK?
>
Are these modifications worth doing or wouldn't it be better to keep
the differences to the reference implementation as minimal as
possible? Even if we don't use the leftover bytes. I think I'd be
nice to have the same code
sure OK
On Mon, Oct 26, 2015 at 06:34:46PM +0100, Mike Belopuhov wrote:
> Only useful for dumping SAs.
>
> OK?
>
> ---
> sbin/ipsecctl/ipsecctl.h | 2 +-
> sbin/ipsecctl/parse.y| 1 +
> sbin/ipsecctl/pfkdump.c | 5 +
> 3 files changed, 7 insertions(+), 1 deletion(-)
>
> diff --git sbi
On Mon, Oct 26, 2015 at 03:58:58PM -0600, Anthony J. Bentley wrote:
> "Ted Unangst" writes:
> > it only gets deeper and thicker...
>
> Indeed.
>
> Here's a shorter implementation. Like colorls(1), it uses wide
> characters (only within the putname() function) but is slightly cleaned
> up and simp
"Ted Unangst" writes:
> it only gets deeper and thicker...
Indeed.
Here's a shorter implementation. Like colorls(1), it uses wide
characters (only within the putname() function) but is slightly cleaned
up and simplified.
Index: ls.c
==
On 2015/10/26 17:41, Mariano Baragiola wrote:
> Hello, support for RTL8188CE was added with rtwn(4) on 5.8.
>
> Here's the small diff. First time patching myself, so forgive me if
> something wrong.
>
>
> Index: www/faq/faq6.html
>
2015-10-26 21:55 GMT+01:00 Christian Weisgerber :
> Remove the profiling and debugging ifdefs. Most of this is for
> instrumenting the expression evaluator and has been in place for
> 35 years. I think we're done debugging.
>
> ok?
okay zhuk@
--
WBR,
Vadim Zhukov
Remove the profiling and debugging ifdefs. Most of this is for
instrumenting the expression evaluator and has been in place for
35 years. I think we're done debugging.
ok?
diff -uNrp -xCVS csh,3/Makefile csh/Makefile
--- csh,3/Makefile Mon Oct 26 17:40:17 2015
+++ csh/MakefileMon O
> Comments / oks?
Looks much cleaner, okay for me.
Hello, support for RTL8188CE was added with rtwn(4) on 5.8.
Here's the small diff. First time patching myself, so forgive me if
something wrong.
Index: www/faq/faq6.html
===
RCS file: /cvs/www/faq/faq6.html,v
retrieving revision
This is an improved revision of my earlier patch.
It now validates the junk data in the delayed_chunks array in an atexit handler
too, rather than just when allocations are swapped out.
It will now catch this simple UAF 100% of the time:
#include
#include
int main(void) {
size_t i;
char *
Thanks to Michael sed has moved from an error-prone custom err()
function to error(). Here's a cleanup for the arguments you can pass to
error().
- some calls to err(1, ...) - as in err(3) - had crept in. But
misc.c:err() did exit right away if you passed it 1 - despite the
misleading comme
On Mon, Oct 26, 2015 at 06:35:23PM +0100, Mike Belopuhov wrote:
> OK?
>
You missed the manpage bits in CRYPTO TRANSFORMS.
Otherwise OK.
> ---
> sbin/iked/parse.y | 2 ++
> sbin/iked/pfkey.c | 1 +
> 2 files changed, 3 insertions(+)
>
> diff --git sbin/iked/parse.y sbin/iked/parse.y
> index 14
On Mon, Oct 26, 2015 at 06:27:19PM +0100, Mike Belopuhov wrote:
> Kernel version lost the counter argument to chacha_ivsetup that I'll
> need for Chacha20 use in the IPsec stack.
>
> This change is a NO-OP.
>
> OK?
>
Looks OK and matches the version in ssh.
btw., why are we using this header f
According to miod@, partition name is allowed to have spaces. Thus,
and after reading the code, I suspect the following correction in
the manual page is needed. The "create partition" and "rename
partition" commands share the same name extracting code, so those
should have the same behaviour.
So I
This diff does two things.
First it changes ip_ours() to no longer rely on ``rt_ifa''. The problem
here is that the route entry reference acts as a proxy for ``ia''. So
you cannot dereference ``ia'' *after* calling rtfree(9). I find this
very error prone, so I rewrote the function to not use ``
If you build route6d with -Wshadow, you'll notice lots of warnings like
this one:
/usr/src/usr.sbin/route6d/route6d.c: In function 'riprecv':
/usr/src/usr.sbin/route6d/route6d.c:970: warning: declaration of 'np' shadows a
global declaration
/usr/src/usr.sbin/route6d/route6d.c:629: warning: shado
This rewrites the code to send an ARP reply to no use ``myaddr''. The
goal is to get rid of the per-ifp address list iterations.
Instead do two route lookups.
ok?
Index: netinet/if_ether.c
===
RCS file: /cvs/src/sys/netinet/if_ethe
Rather scarce, but that's all we've been given so far.
I can add more chacha-only test cases, but I don't believe
that this is strictly necessary.
OK?
---
regress/sys/crypto/Makefile | 1 +
regress/sys/crypto/chachapoly/Makefile | 26 ++
regress/sys/crypto/chachap
OK?
---
sys/crypto/chachapoly.c | 94 +
sys/crypto/chachapoly.h | 57 ++
2 files changed, 151 insertions(+)
create mode 100644 sys/crypto/chachapoly.c
create mode 100644 sys/crypto/chachapoly.h
diff --git sys/crypto/ch
OK?
---
sys/net/pfkeyv2.h | 6 --
sys/net/pfkeyv2_convert.c | 8
sys/netinet/ip_esp.c | 20 ++--
3 files changed, 30 insertions(+), 4 deletions(-)
diff --git sys/net/pfkeyv2.h sys/net/pfkeyv2.h
index 3d08bd3..97d95e2 100644
--- sys/net/pfkeyv2.h
+++ sy
OK?
---
sys/conf/files | 2 ++
sys/crypto/cryptodev.h | 9 ++---
sys/crypto/xform.c | 21 +
sys/crypto/xform.h | 2 ++
4 files changed, 31 insertions(+), 3 deletions(-)
diff --git sys/conf/files sys/conf/files
index 04c3ff7..40cceab 100644
--- sys/conf/
OK?
---
sbin/iked/parse.y | 2 ++
sbin/iked/pfkey.c | 1 +
2 files changed, 3 insertions(+)
diff --git sbin/iked/parse.y sbin/iked/parse.y
index 14ff9ef..94489f9 100644
--- sbin/iked/parse.y
+++ sbin/iked/parse.y
@@ -192,10 +192,12 @@ const struct ipsec_xf ipsecencxfs[] = {
{ "aes-128-gm
OK?
---
sys/crypto/cryptosoft.c | 24
1 file changed, 24 insertions(+)
diff --git sys/crypto/cryptosoft.c sys/crypto/cryptosoft.c
index f735c7c..2a4abce 100644
--- sys/crypto/cryptosoft.c
+++ sys/crypto/cryptosoft.c
@@ -511,18 +511,20 @@ swcr_authenc(struct cryptop *crp)
Only useful for dumping SAs.
OK?
---
sbin/ipsecctl/ipsecctl.h | 2 +-
sbin/ipsecctl/parse.y| 1 +
sbin/ipsecctl/pfkdump.c | 5 +
3 files changed, 7 insertions(+), 1 deletion(-)
diff --git sbin/ipsecctl/ipsecctl.h sbin/ipsecctl/ipsecctl.h
index f95440e..51d0665 100644
--- sbin/ipsecctl/
OK?
---
sys/crypto/poly1305.c | 209 ++
sys/crypto/poly1305.h | 23 ++
2 files changed, 232 insertions(+)
create mode 100644 sys/crypto/poly1305.c
create mode 100644 sys/crypto/poly1305.h
diff --git sys/crypto/poly1305.c sys/crypto/poly1305.
On Mon, 26 Oct 2015 18:07:43 +0100, Vadim Zhukov wrote:
> Running "repquota -a /" is silly, so lets behave the same way other
> utilities do. Okay?
OK millert@
- todd
Kernel version lost the counter argument to chacha_ivsetup that I'll
need for Chacha20 use in the IPsec stack.
This change is a NO-OP.
OK?
---
sys/crypto/chacha_private.h | 8
sys/crypto/xform.c | 1 +
sys/dev/rnd.c | 8
3 files changed, 9 insertions(+),
Running "repquota -a /" is silly, so lets behave the same way other
utilities do. Okay?
--
WBR,
Vadim Zhukov
Index: repquota.8
===
RCS file: /cvs/src/usr.sbin/repquota/repquota.8,v
retrieving revision 1.10
diff -u -p -r1.10 repquo
Clean up miscellaneous small stuff:
* unifdef lint
* unifdef S_IFLNK, S_ISFIFO, S_ISLNK, S_ISSOCK, O_APPEND
* unif(def) 0, NOTUSED, notdef -- untouched since original import
* unifdef IIASA
No binary changes.
ok?
Index: csh.c
===
RCS
Theo de Raadt wrote:
> > Not sure how people feel about these annotations. This is a pretty
> > classic use case, though.
>
> No, the classic case is when the condition is a single variable,
> rather than a condition "always true && rarely true".
It wraps the whole condition, right? There are man
Philip Guenther wrote:
> On Mon, Oct 26, 2015 at 8:46 AM, Michael McConville wrote:
> > We have a pretty strong guarantee that it can only happen once per
> > process...
> ...
> > --- sys/sys/syscall_mi.h9 Oct 2015 01:17:18 - 1.11
> > +++ sys/sys/syscall_mi.h26 Oct 2015 1
> Not sure how people feel about these annotations. This is a pretty
> classic use case, though.
No, the classic case is when the condition is a single variable, rather
than a condition "always true && rarely true".
Michael McConville wrote:
> Ted Unangst wrote:
> > Michael McConville wrote:
> > > We have a pretty strong guarantee that it can only happen once per
> > > process...
> >
> > I don't think this really matters. What does it do to the assmembly,
> > and how does that make things faster?
>
> It lets
Ted Unangst wrote:
> Michael McConville wrote:
> > We have a pretty strong guarantee that it can only happen once per
> > process...
>
> I don't think this really matters. What does it do to the assmembly,
> and how does that make things faster?
It lets the compiler know that the body is very unl
Philip Guenther wrote:
> On Mon, Oct 26, 2015 at 9:05 AM, Ted Unangst wrote:
> > Philip Guenther wrote:
> >> On Mon, Oct 26, 2015 at 6:47 AM, Ted Unangst wrote:
> >> > Old bug in pwcache functions. Calling setpassent(1) to keep the passwd
> >> > database open is a surprising abstraction violation
On Mon, 26 Oct 2015 09:19:20 -0700, Philip Guenther wrote:
> Ah, I missed fixing that before. How's this?
Looks fine to me, though I wonder whether other systems leak the fd.
- todd
> On Mon, Oct 26, 2015 at 8:46 AM, Michael McConville wrote:
> > We have a pretty strong guarantee that it can only happen once per
> > process...
> ...
> > --- sys/sys/syscall_mi.h9 Oct 2015 01:17:18 - 1.11
> > +++ sys/sys/syscall_mi.h26 Oct 2015 15:13:44 -
> > @@ -7
On Mon, Oct 26, 2015 at 9:05 AM, Ted Unangst wrote:
> Philip Guenther wrote:
>> On Mon, Oct 26, 2015 at 6:47 AM, Ted Unangst wrote:
>> > Old bug in pwcache functions. Calling setpassent(1) to keep the passwd
>> > database open is a surprising abstraction violation for the caller of
>> > user_from
Index: net/if.c
===
RCS file: /cvs/src/sys/net/if.c,v
retrieving revision 1.398
diff -u -p -r1.398 if.c
--- net/if.c25 Oct 2015 21:58:04 - 1.398
+++ net/if.c26 Oct 2015 16:02:06 -
@@ -2341,6 +2341,7 @@ if_group_rou
On Mon, 26 Oct 2015 12:07:33 -0400, "Ted Unangst" wrote:
> Todd C. Miller wrote:
> > On Mon, 26 Oct 2015 11:39:48 -0400, "Ted Unangst" wrote:
> >
> > > This improves the cache. Basically, it's kind of like four way
> > > associative now, with LRU replacement. Also we can cache nameless
> > > entr
On Mon, Oct 26, 2015 at 8:46 AM, Michael McConville wrote:
> We have a pretty strong guarantee that it can only happen once per
> process...
...
> --- sys/sys/syscall_mi.h9 Oct 2015 01:17:18 - 1.11
> +++ sys/sys/syscall_mi.h26 Oct 2015 15:13:44 -
> @@ -72,7 +72,8 @@ m
Philip Guenther wrote:
> On Mon, Oct 26, 2015 at 6:47 AM, Ted Unangst wrote:
> > Old bug in pwcache functions. Calling setpassent(1) to keep the passwd
> > database open is a surprising abstraction violation for the caller of
> > user_from_uid. Now it has a file descriptor it must close before exe
On Mon, 26 Oct 2015 11:39:48 -0400, "Ted Unangst" wrote:
> This improves the cache. Basically, it's kind of like four way
> associative now, with LRU replacement. Also we can cache nameless
> entries instead of going back to getpwuid every time.
Shouldn't those memcpy() be memmove()?
- todd
Todd C. Miller wrote:
> On Mon, 26 Oct 2015 11:39:48 -0400, "Ted Unangst" wrote:
>
> > This improves the cache. Basically, it's kind of like four way
> > associative now, with LRU replacement. Also we can cache nameless
> > entries instead of going back to getpwuid every time.
>
> Shouldn't those
This removes the
#define Strfoo() s_strfoo()
redirection and moves everything directly to Strfoo(). Purely
mechanical.
ok?
diff -uNrp csh-/csh.h csh/csh.h
--- csh-/csh.h Mon Oct 26 16:06:19 2015
+++ csh/csh.h Mon Oct 26 16:49:21 2015
@@ -458,22 +458,6 @@ CharHIST;
On Mon, 26 Oct 2015 16:35:51 +0100, Christian Weisgerber wrote:
> Clean up cruft made visible by the unifdefing:
> * remove setlocale() calls
> * remove write-only variable AsciiOnly
> * remove now unused string constants STRLANG, STRLC_CTYPE
> * remove hardcoded support for ISO8859-1
OK.
- to
On Mon, Oct 26, 2015 at 6:47 AM, Ted Unangst wrote:
> Old bug in pwcache functions. Calling setpassent(1) to keep the passwd
> database open is a surprising abstraction violation for the caller of
> user_from_uid. Now it has a file descriptor it must close before exec by
> calling endpwent(), but
On Mon, 26 Oct 2015 09:47:59 -0400, "Ted Unangst" wrote:
> Simplest fix is to just leave the database closed. The point of the cache is
> to avoid calling getpwuid() at all, so we shouldn't worry about the
> performance of that call so much. Now, the cache is rather stupid, and we can
> fix that t
Michael McConville wrote:
> We have a pretty strong guarantee that it can only happen once per
> process...
I don't think this really matters. What does it do to the assmembly, and how
does that make things faster?
This improves the cache. Basically, it's kind of like four way associative
now, with LRU replacement. Also we can cache nameless entries instead of going
back to getpwuid every time.
Index: gen/pwcache.c
===
RCS file: /cvs/src/lib/lib
Clean up cruft made visible by the unifdefing:
* remove setlocale() calls
* remove write-only variable AsciiOnly
* remove now unused string constants STRLANG, STRLC_CTYPE
* remove hardcoded support for ISO8859-1
OK?
Index: char.c
==
ospfd has some issues with self-originated networks and building summary
entries for those in case the router is an ABR (area border router).
This diff should hopefully fix all of the troubles. It changes a bit the
way we do nexthop calculation in the SPF/rib calculation to make sure we
handle self
We have a pretty strong guarantee that it can only happen once per
process...
Index: sys/sys/syscall_mi.h
===
RCS file: /cvs/src/sys/sys/syscall_mi.h,v
retrieving revision 1.11
diff -u -p -r1.11 syscall_mi.h
--- sys/sys/syscall_mi.h
While I'm in here:
Index: sys/lib/libsa/net.c
===
RCS file: /cvs/src/sys/lib/libsa/net.c,v
retrieving revision 1.19
diff -u -p -r1.19 net.c
--- sys/lib/libsa/net.c 26 Oct 2015 02:33:07 - 1.19
+++ sys/lib/libsa/net.c 26 Oct 2
Old bug in pwcache functions. Calling setpassent(1) to keep the passwd
database open is a surprising abstraction violation for the caller of
user_from_uid. Now it has a file descriptor it must close before exec by
calling endpwent(), but this fact is not mentioned. (find is affected by this,
for ex
On Sat, Oct 24, 2015 at 10:44 AM, Stefan Sperling wrote:
> On Sat, Oct 24, 2015 at 04:07:59PM +0200, Alexander Bluhm wrote:
> > Hi,
> >
> > The only thing that is translated into multiple languages in OpenBSD
> > are the errno messages and signal names. Everything else is in
> > English. We are
On 10/24/15 06:46, Reyk Floeter wrote:
vether doesn't help as it is not transmitting any traffic.
in other words, "vether is a bridge endpoint" "pair is a bridge link"
This may be a dead topic, but doesn't bridge_output() transmit for
vether(4)?
Or am I missing the point entirely?
pair(4) do
> On 10/24/15 06:46, Reyk Floeter wrote:
> > vether doesn't help as it is not transmitting any traffic.
> > in other words, "vether is a bridge endpoint" "pair is a bridge link"
> This may be a dead topic, but doesn't bridge_output() transmit for
> vether(4)?
> Or am I missing the point entirely?
On Oct 24 23:48:01, mark.kette...@xs4all.nl wrote:
> The diff below makes inteldrm(4) attach directly to pci(4) instead of
> vga(1). Because inteldrm(4) depends on intagp(4), this also make
> intagp(4) a child of inteldrm(4). Ultimately I'd like to integrate
> intagp(4) into inteldrm(4), but that
On 26/10/15(Mon) 10:45, Vincent Gross wrote:
> regress/sys/net/rdomains still passes with this diff.
MP is hard! Let me comment on your diff, you're taking the right
direction.
> Index: net/if.c
> ===
> RCS file: /cvs/src/sys/net/if
when i run top, i think uptime would be interesting info to include. there's
some space on the second line under the hostname and time. i tried to squeeze
it on the first line, but there isn't much room with 80 columns.
Index: display.c
regress/sys/net/rdomains still passes with this diff.
Ok ?
Index: net/if.c
===
RCS file: /cvs/src/sys/net/if.c,v
retrieving revision 1.398
diff -u -p -r1.398 if.c
--- net/if.c25 Oct 2015 21:58:04 - 1.398
+++ net/if.c
does anyone use rip6query?
we don't have a ripquery
I cannot imagine the use for this too. Either you are using rip6
protocol, or you aren't. Does this perhaps still exist because
route6d isn't like our other daemons with a "fib-update" mode?
> Jérémie Courrèges-Anglas wrote:
> > Michael McConville writes:
> > > It looks like it can be pretty easily replaced with calls to err(3),
> > > errx(3), warn(3), warnx(3), etc.
> >
> > Not sure about this, you'd have to repeat the same code over and over to
> > print the line number and file
> Damien Miller wrote:
> > rather than scattering hacks in each program that needs to
> > output utf8 to the console, how about making something
> > for libutil that they all can use?
>
> Yes, that is certainly the plan, but I think it's easier to see what's needed
> if we convert a few programs f
Damien Miller wrote:
> rather than scattering hacks in each program that needs to
> output utf8 to the console, how about making something
> for libutil that they all can use?
Yes, that is certainly the plan, but I think it's easier to see what's needed
if we convert a few programs first to identi
rather than scattering hacks in each program that needs to
output utf8 to the console, how about making something
for libutil that they all can use?
On Sun, 25 Oct 2015, Ted Unangst wrote:
> it only gets deeper and thicker...
>
> this decodes chars and prints ? for bytes it doesn't like, as well
76 matches
Mail list logo
