/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to debian/mandos-client.README.Debian

  • Committer: Teddy Hogeborn
  • Date: 2016-08-06 00:53:13 UTC
  • Revision ID: teddy@recompile.se-20160806005313-q9n4b1b7707hnjj4
Makefile: Replace "-fsanitize=address" with "-fsanitize=leak"

The Address Sanitizer is a debugging feature, not a security feature -
it has security issues:  <http://seclists.org/oss-sec/2016/q1/363>
Therefore, it should only be used when debugging.  Replace it with
"-fsanitize=leak", which is needed since -fsanitize=address no longer
includes it implicitly.

* Makefile (DEBUG): Add "-fsanitize=address".
  (ALL_SANITIZE_OPTIONS): Replace "-fsanitize=address" with
                          "-fsanitize=leak".

Show diffs side-by-side

added added

removed removed

Lines of Context:
25
25
        /usr/lib/$(dpkg-architecture -qDEB_HOST_MULTIARCH \
26
26
        )/mandos/plugins.d/mandos-client \
27
27
                --pubkey=/etc/keys/mandos/pubkey.txt \
28
 
                --seckey=/etc/keys/mandos/seckey.txt \
29
 
                --tls-privkey=/etc/keys/mandos/tls-privkey.pem \
30
 
                --tls-pubkey=/etc/keys/mandos/tls-pubkey.pem; echo
 
28
                --seckey=/etc/keys/mandos/seckey.txt; echo
31
29
  
32
30
  This command should retrieve the password from the server, decrypt
33
31
  it, and output it to standard output.  There it can be verified to
108
106
  policy or other reasons, simply replace the existing dhparams.pem
109
107
  file and update the initital RAM disk image.
110
108
 
111
 
 -- Teddy Hogeborn <teddy@recompile.se>, Sat,  9 Feb 2019 15:08:04 +0100
 
109
 -- Teddy Hogeborn <teddy@recompile.se>, Tue, 21 Jun 2016 21:43:49 +0200