/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos-keygen

  • Committer: Teddy Hogeborn
  • Date: 2016-08-06 00:53:13 UTC
  • mto: (237.7.594 trunk)
  • mto: This revision was merged to the branch mainline in revision 350.
  • Revision ID: teddy@recompile.se-20160806005313-q9n4b1b7707hnjj4
Makefile: Replace "-fsanitize=address" with "-fsanitize=leak"

The Address Sanitizer is a debugging feature, not a security feature -
it has security issues:  <http://seclists.org/oss-sec/2016/q1/363>
Therefore, it should only be used when debugging.  Replace it with
"-fsanitize=leak", which is needed since -fsanitize=address no longer
includes it implicitly.

* Makefile (DEBUG): Add "-fsanitize=address".
  (ALL_SANITIZE_OPTIONS): Replace "-fsanitize=address" with
                          "-fsanitize=leak".

Show diffs side-by-side

added added

removed removed

Lines of Context:
21
21
# Contact the authors at <mandos@recompile.se>.
22
22
23
23
 
24
 
VERSION="1.7.3"
 
24
VERSION="1.7.10"
25
25
 
26
26
KEYDIR="/etc/keys/mandos"
27
27
KEYTYPE=RSA
285
285
    esac
286
286
    
287
287
    if [ $SSH -eq 1 ]; then
288
 
        for ssh_keytype in ed25519 rsa; do
 
288
        for ssh_keytype in ecdsa-sha2-nistp256 ed25519 rsa; do
289
289
            set +e
290
290
            ssh_fingerprint="`ssh-keyscan -t $ssh_keytype localhost 2>/dev/null`"
291
291
            set -e