Klemens Nanni(k...@openbsd.org) on 2023.10.26 13:28:42 +:
> On Tue, Oct 24, 2023 at 09:09:21AM +0200, Peter N. M. Hansteen wrote:
> > On Tue, Oct 24, 2023 at 06:54:30AM +, Klemens Nanni wrote:
> > > - parse.y still accepting undocumented "ssl" with a warning since 2014
> > > - more "SSL/TLS
Claudio Jeker(cje...@diehard.n-r-g.com) on 2023.10.16 09:23:12 +0200:
> This diff fixes a few more things when establishing connections with
> link-local IPv6 addresses. In get_alternate_addr() the interface scope
> of the connection is recovered and then passed to the RDE. The RDE can
> then use t
Theo Buehler(t...@theobuehler.org) on 2023.10.17 09:13:15 +0200:
> On Mon, Oct 16, 2023 at 12:19:17PM +0200, Claudio Jeker wrote:
> > I dislike how log.c does all these asprintf() calls with dubious
> > workaround calls in case asprintf() fails.
>
> You're not alone.
>
> > IMO it is easier to use
.
See RFC 6480 and RFC 6811 for a description of how RPKI and BGP Prefix
Origin Validation help secure the global Internet routing system.
rpki-client was primarily developed by Kristaps Dzonsons, Claudio
Jeker, Job Snijders, Theo Buehler, Theo de Raadt and Sebastian Benoit
as part of the OpenBSD
.
See RFC 6480 and RFC 6811 for a description of how RPKI and BGP Prefix
Origin Validation help secure the global Internet routing system.
rpki-client was primarily developed by Kristaps Dzonsons, Claudio
Jeker, Job Snijders, Theo Buehler, Theo de Raadt and Sebastian Benoit
as part of the OpenBSD
.
See RFC 6480 and RFC 6811 for a description of how RPKI and BGP Prefix
Origin Validation help secure the global Internet routing system.
rpki-client was primarily developed by Kristaps Dzonsons, Claudio
Jeker, Job Snijders, Theo Buehler, Theo de Raadt and Sebastian Benoit
as part of the OpenBSD
.
See RFC 6480 and RFC 6811 for a description of how RPKI and BGP Prefix
Origin Validation help secure the global Internet routing system.
rpki-client was primarily developed by Kristaps Dzonsons, Claudio
Jeker, Job Snijders, Theo Buehler, Theo de Raadt and Sebastian Benoit
as part of the OpenBSD
.
See RFC 6480 and RFC 6811 for a description of how RPKI and BGP Prefix
Origin Validation help secure the global Internet routing system.
rpki-client was primarily developed by Kristaps Dzonsons, Claudio
Jeker, Job Snijders, Theo Buehler, Theo de Raadt and Sebastian Benoit
as part of the OpenBSD
Todd C. Miller(mill...@openbsd.org) on 2022.10.03 13:32:22 -0600:
> On Mon, 03 Oct 2022 13:27:05 -0600, "Todd C. Miller" wrote:
>
> > We did not document tzname, timezone or daylight and the rules
> > regarding pathnames was not entirely clear.
reads ok to me
> > I think it is worth mentioning t
Theo de Raadt(dera...@openbsd.org) on 2022.09.30 11:11:42 -0600:
> I'm sure there are other people have other desireable features which I
> haven't listed. For instance, could wc.c be the scaffold to use for the
> long-desired web browser to be included in OpenBSD?
Oh, it's clearly incomplete unti
.
See RFC 6480 and RFC 6811 for a description of how RPKI and BGP Prefix
Origin Validation help secure the global Internet routing system.
rpki-client was primarily developed by Kristaps Dzonsons, Claudio
Jeker, Job Snijders, Theo Buehler, Theo de Raadt and Sebastian Benoit
as part of the OpenBSD
Claudio Jeker(cje...@diehard.n-r-g.com) on 2022.09.02 22:02:33 +0200:
> Lets try to finish work by stopping all syncs and fall back to what we
> have in cache after 7/8 of the timeout (timeout - 1/2 repo_timeout).
> This way we still have 1/8 of time to finish the calculation and produce
> output.
that was meant to be an ok :)
Sebastian Benoit(be...@openbsd.org) on 2022.09.02 22:04:41 +0200:
> Alexander Bluhm(alexander.bl...@gmx.net) on 2022.09.02 20:38:04 +0200:
> > Hi,
> >
> > Due to the KAME scope address hack, the link-local all nodes and
> > routers IPv
Alexander Bluhm(alexander.bl...@gmx.net) on 2022.09.02 20:38:04 +0200:
> Hi,
>
> Due to the KAME scope address hack, the link-local all nodes and
> routers IPv6 addresses cannot be const. So move memory from data
> to stack to make variables MP safe.
>
> ok?
>
> bluhm
>
> Index: netinet6/mld6.
Claudio Jeker(cje...@diehard.n-r-g.com) on 2022.09.02 19:55:28 +0200:
> We want to be able to abort RRDP syncs. Now the problem is that depending
> on the state the abort request is more or less complex. What needs to be
> avoided is that a message received after the corresponding RRDP session
> wa
Stuart Henderson(s...@spacehopper.org) on 2022.09.02 12:16:06 +0100:
> On 2022/09/02 11:25, Sebastian Benoit wrote:
> > > > > Sep 2 06:39:58 x1c unbound: [14264:0] notice: Restart of unbound
> > > > > 1.16.0.
> > > > > Sep 2 06:39
Mikolaj Kucharski(miko...@kucharski.name) on 2022.09.02 08:07:01 +:
> On Fri, Sep 02, 2022 at 09:53:54AM +0200, Sebastian Benoit wrote:
> > Mikolaj Kucharski(miko...@kucharski.name) on 2022.09.02 06:47:00 +:
> > > Hi,
> > >
> > > I have a question
Mikolaj Kucharski(miko...@kucharski.name) on 2022.09.02 06:47:00 +:
> Hi,
>
> I have a question, could or should unbound in base be delivered with:
>
> # cat /etc/login.conf.d/unbound
> unbound:\
> :openfiles-cur=4096:\
> :openfiles-max=8192:\
> :tc=daemon:
>
> or the
thanks, commited!
Florian Obser(flor...@openbsd.org) on 2022.09.02 08:08:09 +0200:
> This diff is correct and the use-case makes sense to me.
> OK florian
>
>
> On 2022-09-01 21:30 +01, Ben Fuller wrote:
> > On Thu, Sep 01, 2022 at 21:22:13 +0100, Ben Fuller wrote:
> >> On Thu, Sep 01, 2022 at
Job Snijders(j...@openbsd.org) on 2022.09.01 03:37:59 +:
> Dear all,
>
> Some ps(1) implementations have an '-d' ('descendancy') option. Through
> ASCII art parent/child process relationships are grouped and displayed.
> Here is an example:
>
> $ ps ad -O ppid,user
> PID PPID USER
Claudio Jeker(cje...@diehard.n-r-g.com) on 2022.09.01 12:04:03 +0200:
> Convert the rde_peer hash table to an RB tree. This is a bit more complex
> because rde_peer list is used in a lot of places. As a bonus use
> peer_foreach in mrt.c to write the table v2 peer header (this needs a
> special call
ok
Claudio Jeker(cje...@diehard.n-r-g.com) on 2022.09.01 12:48:32 +0200:
> bgpd no longer needs siphash.h and also remove a hash member and a
> prototype which are now unused.
>
> --
> :wq Claudio
>
> Index: rde.h
> ===
> RCS file:
Claudio Jeker(cje...@diehard.n-r-g.com) on 2022.08.31 13:56:18 +0200:
> Like all other hash tables use an RB tree instead.
> Again the calculation of the hash can be skipped because the compare
> function is probably fast enough.
that sentence does parse, but i am semantically challenged by it.
d
ok
Claudio Jeker(cje...@diehard.n-r-g.com) on 2022.08.30 22:54:43 +0200:
> Currently if bgpd takes a long time to re-evaluate all prefixes because of
> a ROA change a second update can come in before the first is processed.
> This is not good. So add a barrier to only run one rde_roa_softreconfig
ok?
diff --git sys/net/pf_lb.c sys/net/pf_lb.c
index 588115cbff7..905af42e463 100644
--- sys/net/pf_lb.c
+++ sys/net/pf_lb.c
@@ -519,13 +519,18 @@ pf_map_addr(sa_family_t af, struct pf_rule *r, struct
pf_addr *saddr,
* fall back to POOL_NONE if there is a single host
Claudio Jeker(cje...@diehard.n-r-g.com) on 2022.08.30 19:11:15 +0200:
> I'm on a mission to remove the hash tables :)
>
> This one is for struct nexthop. Hopefully it makes nexthop_get a bit
> better.
ok, but one __func__ below
>
> --
> :wq Claudio
>
> Index: rde.c
> =
ptype is never used.
ok?
diff --git sys/dev/pci/if_ix.c sys/dev/pci/if_ix.c
index cb233034d23..72a221b97d9 100644
--- sys/dev/pci/if_ix.c
+++ sys/dev/pci/if_ix.c
@@ -148,7 +148,7 @@ voidixgbe_enable_intr(struct ix_softc *);
void ixgbe_disable_intr(struct ix_softc *);
intixgbe_txeof
The manpage is correct here.
Routing tables (rtable) and routing domains (rdomain) are intermingled in
that a rdomain has at least one rtable (with the same ID). But it can have
multiple rtables, see rtable(4).
There are 2 settings that can be configured:
* the tunnel interfaces' rdomain, keywor
and RFC 6811 for a description of how RPKI and BGP Prefix
Origin Validation help secure the global Internet routing system.
rpki-client was primarily developed by Kristaps Dzonsons, Claudio
Jeker, Job Snijders, Theo Buehler, Theo de Raadt and Sebastian Benoit
as part of the OpenBSD Project.
This
Syspatch syspatch71-001_wifi has been retracted.
A mistake was made in generating the syspatch(8) binary update
syspatch71-001_wifi for this errata. This causes problems installing future
binary updates and reverting the syspatch. Because of this, the syspatch has
been retracted until the issue is
Claudio Jeker(cje...@diehard.n-r-g.com) on 2022.04.20 15:12:57 +0200:
> On Wed, Apr 20, 2022 at 03:00:15PM +0200, Theo Buehler wrote:
> > Found this when looking at the timezone issue a couple of weeks back and
> > then forgot about it:
> >
> > This setenv() + localtime() looks like a hack to me a
Origin Validation help secure the Internet's global routing system.
rpki-client was primarily developed by Kristaps Dzonsons, Claudio
Jeker, Job Snijders, Theo Buehler, Theo de Raadt and Sebastian Benoit
as part of the OpenBSD Project.
This release includes the following changes to the pre
Origin Validation help secure the Internet's global routing system.
rpki-client was primarily developed by Kristaps Dzonsons, Claudio
Jeker, Job Snijders, Theo Buehler, Theo de Raadt and Sebastian Benoit
as part of the OpenBSD Project.
This release includes the following changes to the pre
lobal routing system.
rpki-client was primarily developed by Kristaps Dzonsons, Claudio
Jeker, Job Snijders, Theo Buehler, Theo de Raadt and Sebastian Benoit
as part of the OpenBSD Project.
This release includes the following changes to the previous release:
- Enforce the correct namespace of
Claudio Jeker(cje...@diehard.n-r-g.com) on 2022.01.26 11:54:41 +0100:
> On Wed, Jan 26, 2022 at 11:43:25AM +0100, Theo Buehler wrote:
> > On Wed, Jan 26, 2022 at 10:06:37AM +0100, Claudio Jeker wrote:
> > > This diff removes the valid/ subdir in favor of a more direct directory
> > > layout for all
Martijn van Duren(openbsd+t...@list.imperialat.at) on 2022.01.20 22:53:06 +0100:
> There's a missing NULL check in appl_response(). This should only happenwhen
> a backend is misbehaving, so I only managed to find this because
> I'm actively bashing it right now. This should make us a little more
Claudio Jeker(cje...@diehard.n-r-g.com) on 2022.01.04 16:15:56 +0100:
> This is another diff on the way to having a validated repo.
> Pass the filename of the entity which was parsed back to the parent.
> With this we can move the filepath_add() call from entity_write_req()
> to entity_process(). A
Claudio Jeker(cje...@diehard.n-r-g.com) on 2022.01.04 16:05:57 +0100:
> Currently running rpki-client -n with an up to date repo results in the
> loss of around 25% of ROAs. The reason is that most of apnic fails since
> they decided it is a glorious idea to put two rsync repos into one rrdp
> rep
Claudio Jeker(cje...@diehard.n-r-g.com) on 2022.01.04 14:12:02 +0100:
> On Tue, Jan 04, 2022 at 10:58:41AM +0100, Claudio Jeker wrote:
> > This are obvious and easy to fix unused but set variables.
> > There are more in vioscsi.c but those are actually used if compiled with
> > DEBUG set.
>
> The
Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.12.28 16:57:48 +0100:
> This re-shuffles struct entity a bit and removes the unneeded has_data
> indicator. Both data and datasz are not null when data is present and null
> when there is no data. With this in mind the code becomes simpler.
>
ok ben
Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.12.03 16:45:48 +0100:
> Currently ta, rrdp and rsync repositories use different functions to build
> their base path. This diff changes this so that all can use the same
> function.
>
> This is a first step to introduce a common validated repository.
Job Snijders(j...@openbsd.org) on 2021.11.25 16:13:51 +:
> It might be advantageous to permit operators to optionally specify the
> maximum number of publication points with which rpki-client will
> synchronize.
>
> For example: "doas rpki-client -m 1 -t /etc/rpki/ripe.tal" has as effect
> tha
Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.11.25 12:30:31 +0100:
> This add an RRDP regress test that checks basic operation.
> It checks some valid notification, snapshot and delta XML.
> There are also two XML attacks included (billion laughs and XXE).
> More bad XML files should be added.
>
If there is no obvious reason (i.e. be different because you need it for a
specific feature) why not to use the same host*() function as other parse.y?
it would be better to stay in sync with otehrr daemons. That way if there is
an issue in one daemon, we can fix it in all of them.
Or, to turn the
Theo de Raadt(dera...@openbsd.org) on 2021.11.10 09:46:32 -0700:
> Sebastien Marie wrote:
>
> > I just wonder about the system behaviour after building a new kernel
> > and rebooting to build userland: RTP_PROPOSAL_SOLICIT is changed and
> > kernel/userland will mismatch.
> >
> > But UMB proposa
lobal routing system.
rpki-client was primarily developed by Kristaps Dzonsons, Claudio
Jeker, Job Snijders, Theo Buehler, Theo de Raadt and Sebastian Benoit
as part of the OpenBSD Project.
This release includes the following changes to the previous release:
* Make rpki-client more resilient rega
An errata patch for rpki-client has been released for OpenBSD 6.9 and
OpenBSD 7.0.
rpki-client(8) should handle CA misbehaviours as soft-errors.
Binary updates for the amd64, i386 and arm64 platform are available
via the syspatch utility. Source code patches can be found on the
respective errata
Theo de Raadt(dera...@openbsd.org) on 2021.11.05 08:24:21 -0600:
> prx wrote:
>
> > I think this remark should be placed into perspective.
> >
> > When a file is requested, its gzipped version is send if :
> > * The client ask for it with appropriate header.
> > * The server admin configured ht
Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.11.05 15:26:57 +0100:
> On Wed, Nov 03, 2021 at 12:58:17PM +0100, Claudio Jeker wrote:
> > In one place this is already done but this makes sure we show the bad
> > attribute in all cases where a non conforming attribute is found.
>
> Found another b
Ingo Schwarze(schwa...@usta.de) on 2021.11.05 14:37:15 +0100:
> Hi Theo,
>
> Theo de Raadt wrote on Thu, Nov 04, 2021 at 08:27:47AM -0600:
> > prx wrote:
> >> On 2021/11/04 14:21, prx wrote:
>
> >>> The attached patch add support for static gzip compression.
> >>>
> >>> In other words, if a cli
Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.11.05 09:18:15 +0100:
> Noticed the other day. The ip addr arrays and as number array are
> marshalled element by element which is not very efficent.
> All the data is in one big blob of memory so just use the basic io
> operations for a memory blob a
Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.11.04 18:31:54 +0100:
> There is this bit in parser.c
> X509_free(x509); // needed? XXX
>
> As tb@ properly noted this X509_free() is needed because the cert_parse()
> returns an up referenced x509 pointer back.
>
> I moved the X509_free() so
Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.11.04 18:43:10 +0100:
> On Thu, Nov 04, 2021 at 11:27:46AM -0600, Theo de Raadt wrote:
> > Claudio Jeker wrote:
> >
> > > This diff replaces the errx() call in the poll fd check with warnings plus
> > > an exit of the main event loop. It also prints
Theo de Raadt(dera...@openbsd.org) on 2021.11.04 08:53:13 -0600:
> Stuart Henderson wrote:
>
> > In some ways it would be better if it *did* compress on the fly, as then
> > you don't have so much to consider with the effect on block/match rules,
> > whether a request is passed to a fastcgi handl
Remi Locherer(remi.loche...@relo.ch) on 2021.11.03 22:23:44 +0100:
> On Tue, Nov 02, 2021 at 05:27:11PM +, Stuart Henderson wrote:
> > I've recently started seeing a number of flaps with ospfd/ospf6d
> > with invalid seq nums / "seq num mismatch, bad flags" logged.
> > Not quite sure what's goi
An errata patch for the kernel has been released for OpenBSD 6.9 and
OpenBSD 7.0.
The kernel could leak memory when closing unix sockets.
Binary updates for the amd64, i386 and arm64 platform are available
via the syspatch utility. Source code patches can be found on the
respective errata page:
lobal routing system.
rpki-client was primarily developed by Kristaps Dzonsons, Claudio
Jeker, Job Snijders, Theo Buehler, Theo de Raadt and Sebastian Benoit
as part of the OpenBSD Project.
This release includes the following changes to the previous release:
* Added support for validating BGPsec R
An errata patch for the kernel has been released for OpenBSD 6.9 and
OpenBSD 7.0.
Opening /dev/bpf too quickly too often could lead to a kernel crash.
Binary updates for the amd64, i386 and arm64 platform are available
via the syspatch utility. Source code patches can be found on the
respective
An errata patch for nsd(8) has been released for OpenBSD 7.0.
In certain configurations, nsd can be crashed remotely.
Binary updates for the amd64, i386 and arm64 platform are available
via the syspatch utility. Source code patches can be found on the
respective errata page:
https
David Gwynne(da...@gwynne.id.au) on 2021.10.29 07:02:14 +1000:
> On Thu, Oct 28, 2021 at 03:43:11PM +0100, Jason McIntyre wrote:
> > On Thu, Oct 28, 2021 at 04:53:39PM +1000, David Gwynne wrote:
> > >
> > >
> > > > On 28 Oct 2021, at 15:35, Jason McIntyre wrote:
> > > >
> > > > On Thu, Oct 28,
Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.10.28 17:36:27 +0200:
> This diff should implement --max-size and --min-size almost equivalent to
> GNU rsync. I decided to use scan_scaled() instead of building something
> new that handles all the extra bits GNU rsync has.
> The remote rsync process
Solene Rapenne(sol...@perso.pw) on 2021.10.26 21:18:30 +0200:
> I tried to figure out how to use veb interfaces but the man page
> wasn't obvious in regards to the "vport" thing. It turns out it's
> a kind of interface that can be created with ifconfig.
>
> I think we should make this clearer.
>
Klemens Nanni(k...@openbsd.org) on 2021.10.26 15:30:17 +:
> On Tue, Oct 26, 2021 at 04:06:20PM +0100, Jason McIntyre wrote:
> > On Tue, Oct 26, 2021 at 08:57:40AM -0600, Theo de Raadt wrote:
> > > Jason McIntyre wrote:
> > >
> > > > On Tue, Oct 26, 2021 at 12:21:52PM +, Klemens Nanni wrot
ok
Martijn van Duren(openbsd+t...@list.imperialat.at) on 2021.10.21 08:45:51 +0100:
> ping
>
> On Sun, 2021-09-26 at 10:22 +0200, Martijn van Duren wrote:
> > ober_get_nstring writes a pointer to buf and does not overwrite the
> > content of buf itself. So pushing an array in there will result in
commited,
Thanks for reporting and this and the patches, and sorry for the delay.
/Benno
Sebastian Benoit(be...@openbsd.org) on 2021.10.23 22:22:10 +0200:
> Jonathon Fletcher(jonathon.fletc...@gmail.com) on 2021.10.19 14:26:51 -0700:
> > On Sun, May 02, 2021 at 11:05:16AM -0700,
Jonathon Fletcher(jonathon.fletc...@gmail.com) on 2021.10.19 14:26:51 -0700:
> On Sun, May 02, 2021 at 11:05:16AM -0700, Jonathon Fletcher wrote:
> > On Sun, Mar 07, 2021 at 06:22:04PM -0800, Jonathon Fletcher wrote:
> > > On Sun, Mar 07, 2021 at 06:46:33PM +0100, Marcus MERIGHI wrote:
> > > > Hell
ok benno@
Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.10.23 14:20:19 +0200:
> This diff changes the io read functions to work on ibufs.
> With this the poll loops will consume data with io_buf_read() until a full
> message is received and then that message is processed. Thanks to this
> the pr
differentiate the third 413 from the other two in httpd.
ok?
diff --git usr.sbin/httpd/server_http.c usr.sbin/httpd/server_http.c
index 153829f4201..bf3fae05414 100644
--- usr.sbin/httpd/server_http.c
+++ usr.sbin/httpd/server_http.c
@@ -1406,7 +1406,7 @@ server_response(struct httpd *httpd, stru
Ross L Richardson(open...@rlr.id.au) on 2021.10.09 21:40:50 +1100:
> This relates to the earlier messages I sent to bugs@ in:
> https://marc.info/?t=16330937691&r=1&w=2
>
> RFC 7231 [HTTP/1.1] section 4.3.2. "HEAD" states:
> The HEAD method is identical to GET except that the serve
Stuart Henderson(s...@spacehopper.org) on 2021.10.22 12:55:20 +0100:
> On 2021/10/22 11:25, Jan Klemkow wrote:
> > this diff add hardware checksum offloading for the receive path of
> > ixl(4) interfaces.
>
> Would be good to have this tested with NFS if anyone has a way to do so.
> nics are proba
see the "if (csc == NULL)" error case below.
otherwise ok
Theo Buehler(t...@theobuehler.org) on 2021.10.21 13:45:43 +0200:
> On Thu, Oct 21, 2021 at 01:05:18PM +0200, Theo Buehler wrote:
> > This is the first of two diffs to prepare isakmpd for upcoming libcrypto
> > changes. X509_EXTENSION will
Theo Buehler(t...@theobuehler.org) on 2021.10.21 13:05:18 +0200:
> This is the first of two diffs to prepare isakmpd for upcoming libcrypto
> changes. X509_EXTENSION will become opaque so we need to use an accessor.
> I decided to leave accesses into ASN1_OCTET_STRING as they are for
> readability
Theo Buehler(t...@theobuehler.org) on 2021.10.13 13:55:14 +0200:
> In an upcoming libcrypto bump, we will make a few structs in libcrypto
> opaque. This needs a small change in acme-client. Fetch the extension
> stack using X509_get0_extensions() and iterate using the stack API.
> Note that sk_*_n
Christian Weisgerber(na...@mips.inka.de) on 2021.10.12 12:49:24 +0200:
> Christian Weisgerber:
>
> > Here's another attempt, incorporating millert's feedback and adding
> > a few more casts:
>
> Any interest in this or not worth the churn and I should drop it?
i think it should go in.
ok benno@
abyx...@mnetic.ch(abyx...@mnetic.ch) on 2021.10.01 09:56:32 -0400:
> On Fri, Oct 1, 2021, at 09:44, Stuart Henderson wrote:
> > On 2021/10/01 14:43, Stuart Henderson wrote:
> >> On 2021/10/01 09:29, abyx...@mnetic.ch wrote:
> >> > I'm getting a daily crash (call to fatalx). No clue what triggers it
An errata patch for LibreSSL has been released for OpenBSD 6.8 and
OpenBSD 6.9.
Compensate for the expiry of the DST Root X3 certificate. The use of an
unnecessary expired certificate in certificate chains can cause validation
errors.
Binary updates for the amd64, i386 and arm64 platform are ava
An errata patch for LibreSSL has been released for OpenBSD 6.8 and
OpenBSD 6.9.
A stack overread could occur when checking X.509 name constraints.
Binary updates for the amd64, i386 and arm64 platform are available
via the syspatch utility. Source code patches can be found on the
respective erra
An errata patch for sshd(8) has been released for OpenBSD 6.8 and
OpenBSD 6.9.
sshd(8) from OpenSSH 6.2 (OpenBSD 5.3) through 8.7 (OpenBSD 6.9) failed to
correctly initialise supplemental groups when executing an
AuthorizedKeysCommand or AuthorizedPrincipalsCommand, where a
AuthorizedKeysC
Internet's global routing system.
rpki-client was primarily developed by Kristaps Dzonsons, Claudio
Jeker, Job Snijders, Theo Buehler, Theo de Raadt and Sebastian Benoit
as part of the OpenBSD Project.
This release includes the following changes to the previous release:
* Improve the HTTP client
Tobias Stoeckmann(tob...@stoeckmann.org) on 2021.09.21 22:23:55 +0200:
> Hi,
>
> upstream (greenwood) less has disabled history file support for secure
> mode, i.e. LESSSECURE=1: https://github.com/gwsw/less/pull/201
>
> The problem was about permanent marks for which we do not have support
> any
Alexander Bluhm(alexander.bl...@gmx.net) on 2021.09.21 22:34:09 +0200:
> On Mon, Sep 20, 2021 at 03:54:58PM +0200, Landry Breuil wrote:
> > did i screwup something somewhere in my config and there's a better way
> > for that ?
>
> This was changed in February. No more interface, but gateway
> add
ok
Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.09.10 12:09:47 +0200:
> On Thu, Sep 09, 2021 at 09:18:04AM -0600, Bob Beck wrote:
> >
> > ok beck@
> >
> > On Thu, Sep 09, 2021 at 09:35:51AM +0200, Claudio Jeker wrote:
> > > While Connection: keep-alive should be the default it seems that at
Tobias Heider(tobias.hei...@stusta.de) on 2021.09.04 12:39:26 +0200:
> Here's an updated diff including the man page bits.
I don't want to bikeshed the manpage. The code is ok benno@ :)
> Looking at pf.conf(5)
> and ipsec.conf(5), there does not really seem to be a standard way to document
> whic
Florian Obser(flor...@openbsd.org) on 2021.09.03 11:32:42 +0200:
> On 2021-09-03 10:38 +02, Claudio Jeker wrote:
> > On Fri, Sep 03, 2021 at 10:12:57AM +0200, Sebastian Benoit wrote:
> >> Tobias Heider(tobias.hei...@stusta.de) on 2021.09
Tobias Heider(tobias.hei...@stusta.de) on 2021.09.02 15:39:46 +0200:
> The diff below makes iked accept a list of protocols for the "proto" config
> option in iked.conf(5).
> This would allow us to have a single policy with "proto { ipencap, ipv6 }"
> to secure a gif(4) tunnel, instead of requiring
Sebastian Benoit(be...@openbsd.org) on 2021.09.02 21:41:15 +0200:
> Florian Obser(flor...@openbsd.org) on 2021.09.02 14:04:22 +0200:
> > On 2021-09-02 12:26 +02, Sebastian Benoit wrote:
> > > Raf Czlonka(rczlo...@gmail.com) on 2021.09.02 10:51:19 +0100:
> > >> Ping.
Florian Obser(flor...@openbsd.org) on 2021.09.02 14:04:22 +0200:
> On 2021-09-02 12:26 +02, Sebastian Benoit wrote:
> > Raf Czlonka(rczlo...@gmail.com) on 2021.09.02 10:51:19 +0100:
> >> Ping.
> >>
> >> On Mon, May 24, 2021 at 05:06:08PM BST, Raf Czlonka wrote
Raf Czlonka(rczlo...@gmail.com) on 2021.09.02 10:51:19 +0100:
> Ping.
>
> On Mon, May 24, 2021 at 05:06:08PM BST, Raf Czlonka wrote:
> > Ping.
> >
> > On Sun, May 09, 2021 at 01:07:15PM BST, Raf Czlonka wrote:
> > > Hello,
> > >
> > > This is both a general question and specific example of remov
ok
Martijn van Duren(openbsd+t...@list.imperialat.at) on 2021.09.02 11:05:24 +0200:
> On Thu, 2021-09-02 at 08:56 +, Job Snijders wrote:
> > On Thu, Sep 02, 2021 at 07:23:26AM +0100, Jason McIntyre wrote:
> > > > .Ar time
> > > > -can be integer or decimal numbers.
> > > > +are positive int
Theo de Raadt(dera...@openbsd.org) on 2021.08.31 11:09:22 -0600:
> I don't understand -- why would people edit this file?
>
> If this list is in argv, it will be difficult to identify targets using
> ps, because the hostname is way at the end.
Yes.
If we worry about people touching it, rpki-clie
Martijn van Duren(openbsd+t...@list.imperialat.at) on 2021.08.30 12:50:23 +0200:
> Via "relayctl reload" agentx can be enabled, disabled, but if it's
> enabled->disabled->enabled the final enable won't work because we
> never reset the sa.
>
> Also add an extra guard so that we don't accidentally
Stefan Sperling(s...@stsp.name) on 2021.08.25 22:02:02 +0200:
> On Wed, Aug 25, 2021 at 08:13:26PM +0200, Florian Obser wrote:
> > On 2021-08-25 18:02 +01, Stuart Henderson wrote:
> > > Trying to announce a network on a wg(4) interface via ospf6d, just
> > > using passive to pick up the prefix, i.
commited, thanks
Emil Engler(m...@emilengler.com) on 2021.08.24 08:52:57 +0200:
> While auditing acme-client(1) I have noticed that the source code still
> makes references to curl.
>
> Apparently acme-client(1) used curl for HTTP transfers up until this
> commit:
> https://github.com/kristapsdz/
Florian Obser(flor...@openbsd.org) on 2021.08.23 20:30:07 +0200:
> So I was playing with a usb network adapter and noticed that dhcpleased
> and slaacd would hold on to them when I unplugged them.
don't do that :P
> They would be listed as "unknown" because we can't find the if_name for
> the if_
An errata patch for LibreSSL has been released for OpenBSD 6.8 and
OpenBSD 6.9.
Printing a certificate can result in a crash in X509_CERT_AUX_print().
Binary updates for the amd64, i386 and arm64 platform are available
via the syspatch utility. Source code patches can be found on the
respective
Jason McIntyre(j...@kerhand.co.uk) on 2021.08.16 12:02:13 +0100:
> when i wrote my mail, i failed to understand that "overrides earlier"
> was really just another way of saying "mutually exclusive". i don;t find
> it as clear, and i don;t hugely like it, but i guess it's just my
> preference.
Not
An errata patch for perl has been released for OpenBSD 6.9.
perl(1) Encode (3p) loads a module from an incorrect relative path.
Binary updates for the amd64, i386 and arm64 platform are available
via the syspatch utility. Source code patches can be found on the
respective errata page:
https:/
An errata patch for the kernel has been released for OpenBSD 6.8 and
OpenBSD 6.9.
In a specific configuration, wg(4) leaked mbufs.
Binary updates for the amd64, i386 and arm64 platform are available
via the syspatch utility. Source code patches can be found on the
respective errata page:
http
Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.08.04 17:55:45 +0200:
> On Fri, Jul 30, 2021 at 12:02:12PM +0200, Claudio Jeker wrote:
> > This diff implements the bit to support the receive side of
> > RFC7911 - Advertisement of Multiple Paths in BGP.
> >
> > I did some basic tests and it works f
An errata patch for the kernel on the sparc64 architecture has been
released for OpenBSD 6.8 and OpenBSD 6.9.
On sparc64, a missaligned address could trigger a kernel assert and
panic the kernel.
Source code patches can be found on the respective errata pages:
https://www.openbsd.org/errata68.
1 - 100 of 763 matches
Mail list logo