Re: NTP

On Fri, Dec 19, 2014 at 8:22 PM, Theo de Raadt dera...@cvs.openbsd.org wrote: whereas ntp.org's codebase is reportedly 100,000 lines of unknown or largely unused code That made me curious. Is it that bloated? $ for i in $(find . -name *.[ch]); do cat $i allcode; done $ egrep -v

Re: httpd: redirect to https, or www, or non-www

On Tue, Dec 23, 2014 at 12:44 PM, Carlin Bingham c...@viennan.net wrote: ngninx and apache support url rewriting, letting you redirect from arbitrary urls with pattern matching. In my experience the primary uses for this are to redirect from http to https or to remove/add www in the hostname,

Patch for mail(1) man page

Just a small patch to document the '=' command. Tim. Index: mail.1 === RCS file: /cvs/src/usr.bin/mail/mail.1,v retrieving revision 1.70 diff -u -p -r1.70 mail.1 --- mail.1 16 Dec 2014 18:37:17 - 1.70 +++ mail.1 3

Re: Flag to set from address in mail(1)

trondd tro...@gmail.com wrote: Nathanael Rensen nathan...@list.polymorpheus.com wrote: On Wed, 07 Jan 2015 14:31:13 -0700, Todd C. Miller wrote: Here's a version that does not rely on non-standard sendmail -t behavior. - todd Much better. Works well for me, thanks

Re: Flag to set from address in mail(1)

I like this better. But I still want the set from=XXX in .mailrc and of course the manpage. I would like to have this option. The diff doesn't work, however. If you reply to a message, it messes up the header and replyall will crash. set from=tro...@gmail.com set ... from

Re: Flag to set from address in mail(1)

Sorry, my fault. Try the diff below. Nathanael Yup, this works! Now I can filter by sender in smptd to use the right SMTP server. Thanks. Tim.

Re: Flag to set from address in mail(1)

Nathanael Rensen nathan...@list.polymorpheus.com wrote: On Wed, 07 Jan 2015 14:31:13 -0700, Todd C. Miller wrote: Here's a version that does not rely on non-standard sendmail -t behavior. - todd Much better. Works well for me, thanks. Nathanael Awesome. Working here, too.

Re: libtls documentation

libtls? What are you trying to do with it? There are several examples in the OpenBSD source code (relayd, ftp), but if you are compiling for linux, maybe you aren't an obsd user with the code handy. I incorporated it into links+ (links2):

Mention pkg-readmes in FAQ

Seems like I see a lot of people who don't know about pkg-readmes and it was a long time before I knew about them, too. Note their existence in the package/ports FAQ. Tim. === RCS file: /cvs/www/faq/faq15.html,v retrieving revision

[PATCH] relayd.conf man page confusion

Fix a contradiction in the relayd.conf man page in the Protocols, tls section. The definition of TLS client and server is the opposite of what is stated in the forward and listen on descriptions, and the TLS Relays section. Tim. Index: relayd.conf.5

Re: chroot: add -c to use login class with -u

On Mon, May 18, 2015 6:30 pm, Todd C. Miller wrote: Currently, chroot -u doesn't use the settings in /etc/login.conf. Nice. I was missing this option. Open questions: 1) Should this just be default behavior with -u? Are there cases when you would *not* want to set the priority and

Re: httpd rewrites with Lua's pattern matching

On Sun, June 21, 2015 10:01 am, Reyk Floeter wrote: location match '^/page/(%d+)' { block return 302 /index.cgi?page=%1' } So I was playing with the below config, then figured out it's not coded to capture on 'server match'. I want to redirect anything I get

Re: httpd rewrites with Lua's pattern matching

On Tue, June 23, 2015 11:28 am, Reyk Floeter wrote: It is just not done yet. As I said, we're improving the interface. But this doesn't affect the initial implementation itself. Reyk Ok, thanks. I think I have a 'location match' use case I can play with, too. Tim.

[PATCH] Slight clarification in iked.conf(5)

The from and to values for iked seemed backwords to me and the man page example description didn't clarify it. Make it a little more specific which end the example is talking about. Tim. Index: iked.conf.5 === RCS file:

Re: doas -s as a login shell

On Sun, August 9, 2015 11:24 pm, Philip Guenther wrote: If you're asking for sudo's -i option, sorry, we're out of option space in doas. sudo is over there -- ports Philip Guenther That's fair. It's easy enough to work around. Tim.

doas -s as a login shell

Was it a choice to not have 'doas -s' launch the shell as a login shell? Doing so reloads profiles preserving aliases and prompt variables. If a user is allowed to run the shell, the user can source the profile anyway, so this is just a convenience. Is there a security risk I'm missing?

Re: [patch] Remove archaic manual sizing from dump(8)

On 2015-07-24 19:15, Michael McConville wrote: I removed it because I wasn't sure whether the project liked placebo legacy flags. Should I replace it? For reference: When -U was removed it was removed. http://marc.info/?t=14280712873r=1w=2 Tim.

Re: Another lock(1) pledge tweak

Whoops. I meant lock(1) in the subject. I guess making a patch put the word patch into my head. On Thu, October 15, 2015 9:25 pm, trondd wrote: > Is it safer to drop the recently added proc and exec pledges if the > arguments are not chosen which need them? > > I

Another patch(1) pledge tweak

Is it safer to drop the recently added proc and exec pledges if the arguments are not chosen which need them? Index: lock.c === RCS file: /cvs/src/usr.bin/lock/lock.c,v retrieving revision 1.32 diff -u -p -r1.32 lock.c --- lock.c

smtpd needs to pledge unix for lmtp socket delivery

smtpd needs to pledge unix to support delivery_backend_lmtp to a socket. Config example: accept for domain "mydomain.com" alias deliver to lmtp "/var/dovecot/lmtp" Tim. Index: smtpd.c === RCS file:

Re: smtpd needs to pledge unix for lmtp socket delivery

On Sat, October 17, 2015 12:59 pm, trondd wrote: > > smtpd needs to pledge unix to support delivery_backend_lmtp to a socket. > And now that I am getting email, I see this was fixed just minutes after I had updated my cvs checkout. :) Carry on. Tim.

Re: Using tame() in userland

On 2015-08-29 06:05, Steven McDonald wrote: I think chmod fits in the cannot be tamed category. tame(2) says of chmod(2) and friends: Setuid/setgid bits do not work, nor can the user or group be changed on a file. This breaks 'chmod u+s'. I ran into this when building Xenocara.

Re: Changes to network memory allocation/reporting?

On Thu, September 3, 2015 6:35 am, Martin Pieuchot wrote: > > This is a side effect of the *8 pool change. Diff below fixes it, ok? > I can confirm the patch applies and fixes the numbers. Can't speak to the accuracy of the math, though. Tim.

Changes to network memory allocation/reporting?

I just noticed on my -current systems, memory reporting from netstat -m seems to show that memory is overcommited. $ netstat -m 535 mbufs in use: 289 mbufs allocated to data 8 mbufs allocated to packet headers 238 mbufs allocated to socket names and addresses

[PATCH] vmm(4) manpage missed the vmctl rename

Update manpage reference from vmmctl(8) to vmctl(8) Tim. Index: vmm.4 === RCS file: /cvs/src/share/man/man4/man4.amd64/vmm.4,v retrieving revision 1.3 diff -u -p -r1.3 vmm.4 --- vmm.4 13 Nov 2015 07:55:37 - 1.3 +++

Allow device/fifo creation with zipped archives

As brought up on misc@ pax doesn't allow creation of devices or fifos without the p flag, however this is only when the archive is not compressed. If you compress the archive, you can create them upon decompression/unarchiving. Since dpath was added to allow creation of devices in the pledge

[PATCH] www - Missing body tags and footer color

Add some missing body tags using the standard colors. Also set the background color in the footer table cell on the main page. Tim. Index: crypto.html === RCS file: /cvs/www/crypto.html,v retrieving revision 1.149 diff -u -p -r1.149

Re: sendbug subject

On Sun, May 15, 2016 1:22 pm, Juan Francisco Cantero Hurtado wrote: > On Sun, May 15, 2016 at 06:43:16PM +0200, Jeremie Courreges-Anglas wrote: >> "Ted Unangst" writes: >> >> > i'm tired of seeing bug reports with no subject. i also get a fair bit >> of spam >> > with no

Re: Add a "random" target to bsd.regress.mk

On Sat, March 18, 2017 6:42 pm, Scott Cheloha wrote: > In general, a test can put your system into a state that allows a > subsequent test to pass when it would have otherwise failed. > > > Any takers? Thoughts? > If such a bug is revealed, how does someone rerun the tests in the same order

httpd ranges are not liked by freshclam

I have an OpenBSD httpd(8) web server hosting security/clamav main.cvd and daily.cvd files. Upon upgrading to 6.1, freshclam can no longer successfully fetch the cvd files. Freshclam does a request for the first 512 bytes of the files to check the dates in their header. Then pulls the rest of

Re: httpd ranges are not liked by freshclam

On Tue, April 18, 2017 3:46 pm, Reyk Floeter wrote: > >> Am 18.04.2017 um 20:53 schrieb trondd <tro...@kagu-tsuchi.com>: >> >> I have an OpenBSD httpd(8) web server hosting security/clamav main.cvd >> and >> daily.cvd files. Upon upgrading to 6.1, freshc

Re: Syspatch not clearing needed free space counter

On Thu, August 3, 2017 1:09 pm, Stuart Henderson wrote: > On 2017/08/03 09:55, trondd wrote: >> I noticed, when applying multiple patches, I would eventually be told I >> was out of space on /. There was about 60M free which is plenty for a >> kernel and a copy. Rerunning

[PATCH] Syspatch not clearing needed free space counter

Stuart Henderson wrote: > Ah, perhaps the change to disk behaviour wasn't reflected in calculations > then.. I got it figured out. In the checkfs function, the 'eval $(stat...)' command stores a list of disk devices and creates a variable named for each device to store

Syspatch not clearing needed free space counter

I noticed, when applying multiple patches, I would eventually be told I was out of space on /. There was about 60M free which is plenty for a kernel and a copy. Rerunning syspatch would allow it to continue for a another handful of patches. Mucking about in checkfs(), it seems that the value of

RTM_DESYNC when starting network

Just updated my -current VM hosted in VMware Fusion. Upon reboot, I got an em0: RTM_DESYNC and the boot process hung. After a couple forced reboots, I figured out that if I "Disconnect Network Adapter" then reconnect it, booting will continue with the DHCP exchange and all seems to work fine.

Re: RTM_DESYNC when starting network

On Thu, October 12, 2017 10:36 am, Martin Pieuchot wrote: > On 12/10/17(Thu) 10:33, trondd wrote: >> Just updated my -current VM hosted in VMware Fusion. Upon reboot, I got >> an em0: RTM_DESYNC and the boot process hung. After a couple forced >> reboots, I figured out

Wrong rule number in pflog with anchors

If you have an anchor in your pf ruleset, a packet that matches a rule with a log directive will reflect the rule number of the last anchor definition instead of the rule that caused the logging. My first rule in pf.conf is 'block log (all) all'. In 6.1, packets matching the block rule will show

Re: Wrong rule number in pflog with anchors

"trondd" <tro...@kagu-tsuchi.com> wrote: > If you have an anchor in your pf ruleset, a packet that matches a rule > with a log directive will reflect the rule number of the last anchor > definition instead of the rule that caused the logging. > > My first rule in

Propagate http_proxy from installer to rc.firsttime

If you need to use a proxy to fetch the base sets, you'll likely need it when you reboot in order for fw_update and syspatch to work. It's helpful for fw_update especially as it has a painfully long timeout. If the http_proxy was set, simply pass it on to rc.firsttime so you have it a reboot,

Re: Propagate http_proxy from installer to rc.firsttime

trondd <tro...@kagu-tsuchi.com> wrote: > If you need to use a proxy to fetch the base sets, you'll likely need > it when you reboot in order for fw_update and syspatch to work. It's > helpful for fw_update especially as it has a painfully long timeout. > > If the http_proxy

Fix for vi(1) manpage Visual command

The manpage for vi(1) has a small error for the :Visual/:visual command. The 'V' can be capital or lowercase, followed by an 'i' and optionally 'sual'. But the manpage shows the command as [Vi]i[sual] instead of [Vv]i[sual]. The usage text in vi confirms the correct syntax (as does the roff

Re: Fix for vi(1) manpage Visual command

On Sat, February 3, 2018 4:28 pm, Ingo Schwarze wrote: > >> a good way to do it without adding verbiage would be to not document it! >> if it really is a crappy quirk, let's just leave it out then. > > I actually like that idea, it makes the long list of EX COMMANDS > a bit simpler, making the

Re: regression in pflog output

On Thu, February 8, 2018 11:24 am, Alexandr Nedvedicky wrote: > Hello, > > Matthias Pitzl discovered a regression introduced by my earlier commit > [1]. > Matthias has noticed the pflogd output changes for ruleset here: > 8<---8<---8<--8< >

Re: httpd ranges are not liked by freshclam

Bringing this back up from the depths. I kept rolling back to older httpd code and forgetting about this :( I still see this issue in 6.3 A new packet cap look the same. On Tue, April 18, 2017 4:23 pm, trondd wrote: > On Tue, April 18, 2017 3:46 pm, Reyk Floeter wrote: >> >>>

Re: httpd socket leak - Re: httpd ranges are not liked by freshclam

On Thu, April 5, 2018 2:59 am, Florian Obser wrote: > > this fixes it for me, instead of goto done we could also set > clt->clt_done = 1; but at this point it means the same, I think... > > diff --git server_http.c server_http.c > index 414e297f082..53e78b62f31 100644 > --- server_http.c > +++

Fix descriptions of smtps vs smtp+tls in smtpd.conf.5

Unless I'm confused, it seems the description of the smarthosts smtps and smtp+tls are revered in the smtpd.conf man page. My log seemed to back this up. When using smtp+tls, which the man page said uses STARTTLS but seems to actually use TLS which my ISP does not: Oct 21 21:42:58 ember

Re: Fix descriptions of smtps vs smtp+tls in smtpd.conf.5

On Thu, October 25, 2018 2:24 am, Raf Czlonka wrote: > On Thu, Oct 25, 2018 at 07:11:47AM BST, Gilles Chehade wrote: >> >> smtpd will _always_ display a 'starttls' log line when the TLS channel >> starts, >> disregarding if TLS was started at connect time (smtps) or within the >> protocol >>

Re: pledge xenodm

On Sat, November 3, 2018 7:16 am, Ricardo Mestre wrote: > prodded by deraadt@, here's a rebased diff on xenocara's source root directory, > usually /usr/xenocara. I'm using DisplayManager*autoLogin in xenodm-config and starting xenodm as desired (not at boot) and it logs me in the first time but

Re: sysupgrade(8) and http_proxy

Anthony Coulter wrote: > Hello @tech, > > When I manually upgrade OpenBSD using bsd.rd, I have to set http_proxy > to fetch the file sets. When I reboot after installing, fw_update > succeeds because theinstall script was clever enough to export > http_proxy in /etc/rc.firsttime. > >

Re: sysupgrade(8) and http_proxy

On Sun, November 3, 2019 12:02 pm, trondd wrote: > On Sun, November 3, 2019 6:27 am, Florian Obser wrote: >> On Sun, Nov 03, 2019 at 12:21:59PM +0100, Antoine Jacoutot wrote: >>> On Sun, Nov 03, 2019 at 12:16:56PM +0100, Florian Obser wrote: >>> > I like it, if som

Re: sysupgrade(8) and http_proxy

Steffen Nurpmeso wrote: > trondd wrote in <49f29107642e86c17283b0582a9f09f4.squir...@mail.kagu-tsu\ > chi.com>: > |On Sun, November 3, 2019 12:02 pm, trondd wrote: > |> On Sun, November 3, 2019 6:27 am, Florian Obser wrote: > |>> On Sun, Nov 03, 2019 at 12:2

Re: sysupgrade(8) and http_proxy

f tools in rc.firsttime requires internet access regardless of set installation method. I don't know that much of a change is desired, though. Tim. >> >> >> > >> > On Fri, Nov 01, 2019 at 09:37:04PM -0400, trondd wrote: >> > > Anthony Coulter wrote

Re: $pexp in re.subr(8)

On Thu, August 6, 2020 9:12 pm, Thomas Levine wrote: > The present patch changes the rc.subr(8) manual page to match > the implementation. > > The current manual page for rc.subr(8) says that $pexp is "A regular > expression to be passed to pgrep(1) in order to find the desired process > or to be

Improve vi(1) recovery

While investigating an occasional crash when recovering a file with 'vi -r' after a power failure, I noticed that the recovery files are actually never updated during an editing session. The recovery files are created upon initial modification of the file which saves the state of the file at

Re: Improve vi(1) recovery

trondd wrote: > > While investigating an occasional crash when recovering a file with 'vi -r' > after a power failure, I noticed that the recovery files are actually never > updated during an editing session. The recovery files are created upon > initial modification of the f

Re: [patch] update xterm to version 363

On Fri, January 1, 2021 11:29 am, Matthieu Herrb wrote: > Hi, > > the attached patch updates xterm to version 363 (from 351) > > Changelog can be found here: > https://invisible-island.net/xterm/xterm.log.html > > To test, apply the patch in ${XSRCDIR}/app/xterm and rebuild xterm : > > cd

Attempt to fix phantasia(6) game files

Phantasia was one of the games broken by removal of setgid. But it has another problem that led me to start rummaging around in the code. The games set in the releases includes pre-generated world files which get installed when you upgrade the OS which overwrite any existing game files. So

Re: Improve vi(1) recovery

trondd wrote: > trondd wrote: > > > trondd wrote: > > > > > > > > While investigating an occasional crash when recovering a file with 'vi > > > -r' > > > after a power failure, I noticed that the recovery files are actuall

Copy/paste fix in phantasia(6)

Looks like we picked up some extra loopty loops during an update from NetBSD back in 1998. I sanity checked against NetBSD to make sure this matches their source. Tim. Index: io.c === RCS file: /cvs/src/games/phantasia/io.c,v

Re: re-enable A-MSDU support with iwm(4) and iwx(4) fixed

Stefan Sperling wrote: > This patch adds A-MSDU rx offloading support for both iwm(4) and iwx(4) > and re-enables net80211's software A-MSDU Rx support for all 11n drivers. > > Meaning iwn(4) and athn(4) will also be receiving A-MSDUs again. > This feature has been turned off since July 2019: >

Re: update xterm to version 367

Matthieu Herrb wrote: > On Sat, Mar 27, 2021 at 10:22:15AM +0100, Matthieu Herrb wrote: > > Patch #367 - 2021/03/26 > > > > ok ? comments ? > > Hi, > > I could use some actual test results. I'd like to commit the update. > > -- > Matthieu Herrb Sorry, had this

Re: iwm(4) A-MSDU support

Stefan Sperling wrote: > This patch attempts to add support for receiving A-MSDUs to iwm(4). > If you are using iwm(4) then please run with this patch and let me > know if it causes regressions. Thanks! > > ACHTUNG: This patch breaks iwx(4)! Don't use it there! For this reason, > the patch can

Re: Improve vi(1) recovery

trondd wrote: > trondd wrote: > > > > > While investigating an occasional crash when recovering a file with 'vi -r' > > after a power failure, I noticed that the recovery files are actually never > > updated during an editing session. The recovery file

Atomic signal flags for vi(1)

"Theo de Raadt" wrote: > +h_alrm(int signo) > +{ > + GLOBAL_CLP; > + > + F_SET(clp, CL_SIGALRM); > > F_SET is |=, which is not atomic. > > This is unsafe. Safe signal handlers need to make single stores to > atomic-sized variables, which tend to be int-sized, easier to declare >

Re: Improve vi(1) recovery

I've switched this to using alarm(3) instead of setitimer(2) which is a little simpler in the code but most of the changes are just vi event handling boilderplate. There is very little new functional code. Original investigation write-up follows. Have had quite a bit of user feedback and

Re: Atomic signal flags for vi(1)

Ingo Schwarze wrote: > Hi, > > Ingo Schwarze wrote on Wed, Sep 01, 2021 at 04:38:51PM +0200: > > > Note that the h_hup() and h_term() signal handlers are still unsafe > > after this commit because they also set the "killersig" (how fitting!) > > field in a global struct. > > I like it when

Fix vi(1) recovery - new method

This is a new attempt at fixing vi(1) recovery by actually writing to the recovery file. Previously I restored the SIGALRM method that was deleted in the 90's but wondered if that was still the best way to handle this. Checking and syncing to the recovery every 2 minutes seems arbitrary and

Re: update xterm to version 369

On Tue Oct 12, 2021 at 2:08 PM EDT, Matthieu Herrb wrote: > Hi, > > The patch below updates xterm to version 369. Please test and report > failures especially if you rely on some obscure feature... > > Changes: > > Patch #369 - 2021/09/21 > > * modify run-tic.sh to work around bug in development

Re: Fix vi(1) recovery - new method

Any feedback, direction, or suggestions? I'd like to see something get in as the current situation not only doesn't recover unsaved work but it sets a user up to potentially lose saved work, too. Tim. trondd wrote: > This is a new attempt at fixing vi(1) recovery by actually writ

Re: Fix vi(1) recovery - new method

segfault and half the original file > disappearing, although that was infrequent before so could just be luck. > > User experience with this patch is improved in my opinion, I'd like to > see it go in, so OK afresh1@ > > On Sat, Oct 09, 2021 at 08:26:13PM -0400, trondd wrote

Re: Fix vi(1) - recovery is a lie

without data lose or a crash during recovery. Tim. trondd wrote: > Any other dev interested in fixing this? Feedback, suggestions, review? > > Tim. > > Andrew Hewus Fresh wrote: > > > In my quick test, this works a lot better than what we have now. At > > lea