On Sun, Jun 23, 2019 at 04:18:29PM +0100, David CARLIER wrote:
> Here the changeling
> https://botan.randombit.net/news.html#version-2-10-0-2019-03-30
The problem with this update is that they added pledge(2) in a wrong
way. So I hesitated to update the port.
They ignore pledge "error" instead of dying, so they do not see the
bugs.
They use mlock()/munlock() which is not allowed with pledge. In a
TLS server error condition they call munlock() which is denied.
This has not much impact as pledge(2) is only used very little in
their command line tool and not in the library. But this has to
be discussed with upstream. I just did not find time to do it.
> which underwent a certain amount of internal code rewrite, justifying
> the shared libs bump.
This is C++, there the ABI is almost never stable. I bump it every
time.
bluhm
No comments:
Post a Comment