Four new OpenSSL CVE's were released today, which OpenSSL deemed to be
not of sufficient severity to warrant advance disclosure.
OpenBSD/LibreSSL is not vulnerable to two of these CVE
> On 4 Dec 2015, at 06:44, Alexandr Nedvedicky
> wrote:
>
> Hello,
>
> below is final patch I'm going to commit. Summary of changes:
> - softnettq declaration moved to net/if_var.h (by bluhm@)
> - lock order swapped: KERNEL_LOCK() goes first folllowed
> by spl (by bluhm@)
>
Michael McConville wrote:
> Stuart Henderson wrote:
> > On 2015/12/02 00:04, Michael McConville wrote:
> > > unifdef's -M option is like sed's -i option, editing in-place and
> > > saving a backup with the supplied extension.
> >
> > There is an upstream for unifdef: http://dotat.at/prog/unifdef/
Refreshed patch against HEAD appears below,
best,
Richard.
PS. Apologies for the quoted-printable encoding...looking now for an email
client capable of 7-bit...
On 10/11/2015, at 5:18 PM, Richard Procter wrote:
> This reduces tsec(4) TX interrupts by over a factor of four per interface,
> b
Thanks Ingo for your extensive review! It contains lots of valuable
input for me.
I have applied all your recommendations, they make a lot of sense.
> I would suggest to use uint32_t.
Just while applying this, I noticed that the file has a mix of the
types u_int32_t and uint32_t. I took u_int32_
Hello,
below is final patch I'm going to commit. Summary of changes:
- softnettq declaration moved to net/if_var.h (by bluhm@)
- lock order swapped: KERNEL_LOCK() goes first folllowed
by spl (by bluhm@)
- long line got fixed (by bluhm@)
- ip_insertoptions(
On Sun, 29 Nov 2015 17:45:55 +0100, Ingo Schwarze wrote:
> our wc(1) utility currently violates POSIX in two ways:
>
> 1. The -m option counts bytes instead of characters.
> The patch given below fixes that.
>
> 2. Word counting with -w only treats ASCII whitespace as word
> boundaries
On 03/12/15(Thu) 18:07, Alexandr Nedvedicky wrote:
> Hello,
>
> so after a feedback in a hackroom here is the third version of patch. The
> summary of changes is as follows:
> - ip*_send() function use softnettq to dispatch packet
> - ip*_output() functions running in ip*_send_dispatch
On Thu, Dec 03, 2015 at 06:07:41PM +0100, Alexandr Nedvedicky wrote:
> +#ifdef _KERNEL
> +extern struct taskq *softnettq;
> +#endif /* _KERNEL */
> #endif /* _NET_IF_H_ */
I think this should go to net/if_var.h
> +static void
> +ip_send_dispatch(void *cx)
> +{
Maybe you should pass
Hello,
so after a feedback in a hackroom here is the third version of patch. The
summary of changes is as follows:
- ip*_send() function use softnettq to dispatch packet
- ip*_output() functions running in ip*_send_dispatch() are protected
KERNEL_LOCK() and running at SOF
thanks, commited
Brian S. Vangsgaard(b...@avalanic.dk) on 2015.10.01 13:27:12 +0200:
> Hi,
>
> Problem:
> If a client have a state entry in the relayd anchor, and the target
> server goes down, the client will be unable to "failover" for 10 sec +
> (10 sec - elapsed time since last SLA check).
ping
On Nov 12 22:21:39, h...@stare.cz wrote:
> The -r option of newsyslog(8) removes the requirement
> that newsyslog runs as root. Would it also make sense
> to not try to send the SIGHUP to syslogd in that case?
>
> Jan
>
>
> Index: newsyslog.8
> ===
Hello,
mikeb@ found a fundamental problem in my earlier patch. The ip_send() function
was using `softnettq` (softnet task queue) to dispatch packet via ip*_output().
Doing so it's risky business as ip*_output() is not unlocked yet.
So new patch version introduces a new task: ipsendtq. The ipsend
On Thu, Dec 03, 2015 at 02:52:59PM +0100, Vincent Gross wrote:
> bluhm@ spotted one case where in_broadcast was needed.
>
> ok ?
OK bluhm@
>
> Index: sys/net/if.c
> ===
> RCS file: /cvs/src/sys/net/if.c,v
> retrieving revision 1.41
Hello,
patch below introduces ip_send() function to OpenBSD kernel. ip_send()
function takes an mbuf with packet and passes to ip_output(), which
will be running in softnet task.
the patch also changes icmp_error()/icmp6_error() to dispatch the ICMP error
responses via ip_send(), so both function
On 12/03/15 10:21, Vincent Gross wrote:
> On 12/02/15 20:06, Martin Pieuchot wrote:
>> On 02/12/15(Wed) 16:18, Vincent Gross wrote:
>>> When fed a broadcast address, ifa_ifwitaddr() returns the unicast ifa
>>> whose broadcast address match the input. This is used mainly to select
>>> ifa, and there
Hello,
OK
regards
sasha
On Thu, Dec 03, 2015 at 01:21:32PM +0100, Claudio Jeker wrote:
> This should cover the simple free calls in pf_ioctl.
>
> --
> :wq Claudio
>
> Index: pf_ioctl.c
> ===
> RCS file: /cvs/src/sys/net/pf_ioctl.
Hello,
OK
sasha
On Thu, Dec 03, 2015 at 12:29:15PM +0100, Alexander Bluhm wrote:
> On Wed, Dec 02, 2015 at 07:45:09PM +0100, Alexander Bluhm wrote:
> > Here is a new version of the diff. This is new:
>
> Now with feedback from sashan@
>
> - merge
> - no SS_ISCONNECTED check in tcp as it was b
This should cover the simple free calls in pf_ioctl.
--
:wq Claudio
Index: pf_ioctl.c
===
RCS file: /cvs/src/sys/net/pf_ioctl.c,v
retrieving revision 1.296
diff -u -p -r1.296 pf_ioctl.c
--- pf_ioctl.c 3 Dec 2015 10:34:11 -
On Thu, Dec 03, 2015 at 06:48:28AM -0500, Ted Unangst wrote:
> Cleaner this way I think.
Yes, OK bluhm@
>
>
> Index: frag6.c
> ===
> RCS file: /cvs/src/sys/netinet6/frag6.c,v
> retrieving revision 1.65
> diff -u -p -r1.65 frag6.c
>
On Thu, Dec 03, 2015 at 06:48:28AM -0500, Ted Unangst wrote:
> Cleaner this way I think.
>
ok
>
> Index: frag6.c
> ===
> RCS file: /cvs/src/sys/netinet6/frag6.c,v
> retrieving revision 1.65
> diff -u -p -r1.65 frag6.c
> --- frag6.c
This is pledge for ospfd's SE and RDE process. The parent can't be pledged
right now because of the same issue that bgpd has (carp demote).
Had to shuffle some code around (as a benefit rdomain check is no longer a
fatal error). Please test, running this on a test router and it seems to
be OK.
--
Cleaner this way I think.
Index: frag6.c
===
RCS file: /cvs/src/sys/netinet6/frag6.c,v
retrieving revision 1.65
diff -u -p -r1.65 frag6.c
--- frag6.c 22 Oct 2015 10:22:53 - 1.65
+++ frag6.c 3 Dec 2015 11:44:10 -
On Wed, Dec 02, 2015 at 07:45:09PM +0100, Alexander Bluhm wrote:
> Here is a new version of the diff. This is new:
Now with feedback from sashan@
- merge
- no SS_ISCONNECTED check in tcp as it was before
- fix the disabled call to pf_inp_lookup() in udp input
ok?
bluhm
Index: net/pf.c
===
Hi Tobias,
Tobias Stoeckmann wrote on Wed, Dec 02, 2015 at 08:54:34PM +0100:
> this patch adds a lot of input validation to libc/locale/rune.c.
Thanks for doing this work.
I consider the direction useful.
See inline for some specific questions.
I'm willing to test a final version of the patch.
On 12/03/15 09:04, Tati Chevron wrote:
> I'm trying to build the no_ada flavour of gcc 4.9 using dpb on a
> machine running 5.8-release, and it fails:
>
> # export FLAVOR=no_ada
> # dpb -D BUILD_USER=ports -D CDROM_ONLY -D FTP_ONLY -F 0 -L
> /portswork/logs -l /portswork/locks lang/gcc/4.9
>
> Fa
On Thu, Dec 03, 2015 at 09:04:54AM +, Tati Chevron wrote:
> I'm trying to build the no_ada flavour of gcc 4.9 using dpb on a
> machine running 5.8-release, and it fails:
>
> # export FLAVOR=no_ada
> # dpb -D BUILD_USER=ports -D CDROM_ONLY -D FTP_ONLY -F 0 -L /portswork/logs
> -l /portswork/lo
On Thu, Dec 03, 2015 at 10:04:39AM +0100, Martin Pieuchot wrote:
> Now that we're good, we can get rid of this pointer. Thanks to
> everybody involved in the process of replacing rt_ifp usages with
> if_get()/if_put().
>
> ok?
>
> Index: net/route.c
>
On 2.12.2015. 12:14, Jonathan Matthew wrote:
> This is mostly a backout of if_bnx.c r1.77, which introduced lists of tx
> descriptors, allocated on demand, in order to avoid allocating space per ring
> slot. These days I think we can afford a few kb of memory overhead if it
> makes the packets go
On 12/02/15 20:06, Martin Pieuchot wrote:
> On 02/12/15(Wed) 16:18, Vincent Gross wrote:
>> When fed a broadcast address, ifa_ifwitaddr() returns the unicast ifa
>> whose broadcast address match the input. This is used mainly to select
>> ifa, and there can be trouble when you have 2 ifas on the sa
Marc Espie wrote:
> On Wed, Dec 02, 2015 at 04:40:33AM -0500, Ted Unangst wrote:
> > henning points out that if you are seven levels deep when doas asks for a
> > password, it can be hard to tell who is asking for what password.
> >
> > modify the prompt to include the program name and user@host.
On Wed, Dec 02, 2015 at 04:40:33AM -0500, Ted Unangst wrote:
> henning points out that if you are seven levels deep when doas asks for a
> password, it can be hard to tell who is asking for what password.
>
> modify the prompt to include the program name and user@host.
> - if (pledge("stdio rp
Now that we're good, we can get rid of this pointer. Thanks to
everybody involved in the process of replacing rt_ifp usages with
if_get()/if_put().
ok?
Index: net/route.c
===
RCS file: /cvs/src/sys/net/route.c,v
retrieving revision
I'm trying to build the no_ada flavour of gcc 4.9 using dpb on a
machine running 5.8-release, and it fails:
# export FLAVOR=no_ada
# dpb -D BUILD_USER=ports -D CDROM_ONLY -D FTP_ONLY -F 0 -L /portswork/logs -l
/portswork/locks lang/gcc/4.9
Fatal: Unknown flavor(s) no_ada (in test/a)
(No flavor
34 matches
Mail list logo