/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to TODO

  • Committer: Teddy Hogeborn
  • Date: 2016-08-06 00:53:13 UTC
  • mto: (237.7.594 trunk)
  • mto: This revision was merged to the branch mainline in revision 350.
  • Revision ID: teddy@recompile.se-20160806005313-q9n4b1b7707hnjj4
Makefile: Replace "-fsanitize=address" with "-fsanitize=leak"

The Address Sanitizer is a debugging feature, not a security feature -
it has security issues:  <http://seclists.org/oss-sec/2016/q1/363>
Therefore, it should only be used when debugging.  Replace it with
"-fsanitize=leak", which is needed since -fsanitize=address no longer
includes it implicitly.

* Makefile (DEBUG): Add "-fsanitize=address".
  (ALL_SANITIZE_OPTIONS): Replace "-fsanitize=address" with
                          "-fsanitize=leak".

Show diffs side-by-side

added added

removed removed

Lines of Context:
119
119
 
120
120
* [[http://www.undeadly.org/cgi?action=article&sid=20110530221728][OpenBSD]]
121
121
 
122
 
* TODO Use raw public keys (RFC 7250) for TLS communications              :2:
123
 
** Support for this is planned for GnuTLS version 3.6
124
 
   https://gitlab.com/gnutls/gnutls/issues/26
125
 
** Rationale
126
 
*** The client key is used both for communication and encryption
127
 
    Using raw keys in GnuTLS instead uses separate keys for
128
 
    communication and password decryption.
129
 
*** GnuTLS 3.5.9 has deprecated the OpenPGP functions
130
 
    The functions are still available, but deprecated:
131
 
    https://gitlab.com/gnutls/gnutls/issues/102
132
 
 
133
122
 
134
123
#+STARTUP: showall