Re: Mariabackup core dump

[Vincent Hoffman-Kazlauskas]

On 20/04/2021 18:34, Kurt Jaeger wrote:
> Hi!
> 
>> 
>>
>> This was posted 3 years ago, and I am having the identical issue. From what 
>> I can see on that page, no activity has taken place. Anyone have any ideas?
>>
>> (It does seem to work fine if you give the full path, but needless to say, 
>> I'm slightly concerned about that error)
> 
> Which version of FreeBSD and which version of mariadb can reproduce this ?
> 
I'd forgotten about this but I can easily reproduce it too.

FreeBSD 12.2
($18:57:32 <~>$) 1
root@copia # /usr/local/bin/mariabackup -v
/usr/local/bin/mariabackup based on MariaDB server 10.4.18-MariaDB
FreeBSD12.2 (amd64)
($18:57:37 <~>$) 0
root@copia # mariabackup -v
Segmentation fault (core dumped)
($18:57:49 <~>$) 139
root@copia # uname -v
FreeBSD 12.2-RELEASE-p3 GENERIC
($18:58:47 <~>$) 0
root@copia #

FreeBSD 11.4
root@banshee # /usr/local/bin/mariabackup -v
/usr/local/bin/mariabackup based on MariaDB server 10.4.18-MariaDB
FreeBSD11.4 (amd64)
($19:00:06 <~>$) 0
root@banshee # mariabackup -v
Segmentation fault (core dumped)
($19:00:13 <~>$) 139
root@banshee # uname -v
FreeBSD 11.4-RELEASE-p8 #0: Tue Feb 23 09:04:22 UTC 2021
r...@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC
($19:00:17 <~>$) 0


Built using poudriere

root@bsdpkgbuild:/usr/local/etc/poudriere.d/options # cat
databases_mariadb104-server/options
# This file is auto-generated by 'make config'.
# Options for mariadb104-server-10.4.6_1
_OPTIONS_READ=mariadb104-server-10.4.6_1
_FILE_COMPLETE_OPTIONS_LIST=AWS_KMS CONNECT_EXTRA DOCS WSREP GSSAPI_BASE
GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE LZ4 LZO SNAPPY ZSTD INNOBASE
MROONGA OQGRAPH ROCKSDB SPHINX SPIDER TOKUDB ZMQ MSGPACK
OPTIONS_FILE_UNSET+=AWS_KMS
OPTIONS_FILE_SET+=CONNECT_EXTRA
OPTIONS_FILE_SET+=DOCS
OPTIONS_FILE_SET+=WSREP
OPTIONS_FILE_UNSET+=GSSAPI_BASE
OPTIONS_FILE_UNSET+=GSSAPI_HEIMDAL
OPTIONS_FILE_UNSET+=GSSAPI_MIT
OPTIONS_FILE_SET+=GSSAPI_NONE
OPTIONS_FILE_SET+=LZ4
OPTIONS_FILE_UNSET+=LZO
OPTIONS_FILE_UNSET+=SNAPPY
OPTIONS_FILE_UNSET+=ZSTD
OPTIONS_FILE_SET+=INNOBASE
OPTIONS_FILE_UNSET+=MROONGA
OPTIONS_FILE_UNSET+=OQGRAPH
OPTIONS_FILE_UNSET+=ROCKSDB
OPTIONS_FILE_SET+=SPHINX
OPTIONS_FILE_SET+=SPIDER
OPTIONS_FILE_UNSET+=TOKUDB
OPTIONS_FILE_UNSET+=ZMQ
OPTIONS_FILE_UNSET+=MSGPACK


root@bsdpkgbuild:/usr/local/etc/poudriere.d/options # cat
databases_mariadb104-client/options
# This file is auto-generated by 'make config'.
# Options for mariadb104-client-10.4.6_1
_OPTIONS_READ=mariadb104-client-10.4.6_1
_FILE_COMPLETE_OPTIONS_LIST= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT
GSSAPI_NONE
OPTIONS_FILE_UNSET+=GSSAPI_BASE
OPTIONS_FILE_UNSET+=GSSAPI_HEIMDAL
OPTIONS_FILE_UNSET+=GSSAPI_MIT
OPTIONS_FILE_SET+=GSSAPI_NONE

Regards,
Vince
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: Exim 4.94 Taint issues

[Vincent Hoffman-Kazlauskas]

On 18/07/2020 02:34, The Doctor via freebsd-ports wrote:
> Trying Exim 4.94 and I am getting
> 
>





'/var/mail/doctor' (file or directory name for local_delivery transport)
not permitted
> 2020-07-17 19:30:09.145 [9601] 1jwbdm-00026Z-H4 == doc...@doctor.nl2k.ab.ca 
> R=localuser T=local_delivery defer (-1) DT=0.001s: Tainted '/var/mail/doctor' 
> (file or directory name for local_delivery transport) not permitted
> 2020-07-17 19:30:09.151 [9603] 1jwbcO-0001zD-9p == doc...@doctor.nl2k.ab.ca 
> R=localuser T=local_delivery defer (-1) DT=0.001s: Tainted '/var/mail/doctor' 
> (file or directory name for local_delivery transport) not permitted
> 2020-07-17 19:30:09.228 [9608] 1jwbdQ-00023D-Cx == doc...@nk.ca R=localuser 
> T=local_delivery defer (-1) DT=0.001s: Tainted '/var/mail/doctor' (file or 
> directory name for local_delivery transport) not permitted
> 
> Why is this happening?
> 
At a guess related to
https://github.com/Exim/exim/blob/master/src/README.UPDATING#L29


https://bugzilla.redhat.com/show_bug.cgi?id=1848926 had a reasonable
discussion with more links.

Regards,
Vince
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: Removal of www/apache22

[Vincent Hoffman-Kazlauskas]

On 27/03/2018 13:52, Bernard Spil wrote:
> Hi all,
> 
> Just noticed that the Apache project has removed the patches they had
> for 2.2.34.
> 
>     http://www.apache.org/dist/httpd/patches/apply_to_2.2.34/
> 
> Combined with the security update of 2.4 branch to 2.4.33 leads me to
> believe that Apache 2.2 is now vulnerable and no patches will be provided.
> 
> If someone wishes to step up and get patches for 2.2 from e.g. RedHat,
> we may be able to keep the port alive for a bit longer. If no one steps
> up, I see no other way forward than to delete the port as indicated by
> the DEPRECATED variable and expiration date 2017-07-01 since July 2016.
> 

While I agree that apache 2.2 is now firmly dead, they moved the patches
for 2.2.34 to
https://archive.apache.org/dist/httpd/patches/apply_to_2.2.34/ , however
no new patches for the recent CVEs were added.


Vince



> Cheers,
> 
> Bernard.
> ___
> freebsd-ports@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-ports
> To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: Exim and CVE-2018-6789

[Vincent Hoffman-Kazlauskas]

On 07/03/2018 20:13, Bob Willcox wrote:
> Hi All,
> 
> What is the status of FreeBSD's exim port regarding the CVE-2018-6789
> vulnerability?  Has it been fixed or is the fix in the works?
> 
> Thanks,
> Bob
> 

According to exim.org CVE-2018-6789 was fixed in 4.90.1. The port
version is 4.90.1 so yes it should be fixed.
see https://www.freshports.org/mail/exim/ for a handy overview.
Looks like the quarterly pkg repo is also up to date from a quick glance.


Vince
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: net/viamillipede seeks commiter

[Vincent Hoffman-Kazlauskas]

On 07/03/2018 20:37, Vincent Hoffman-Kazlauskas wrote:
> 
> 
> On 07/03/2018 17:08, Ash Gokhale wrote:
>> On Wed, Mar 7, 2018 at 6:51 AM, Kurt Jaeger <p...@opsec.eu> wrote:
>>
>>> Hi!
>>>
>>>>> I've made peace with poudriere  in 10.4, 11.1 and 12 current jails with
>>>>> USES= uidfix, and also fixed the spurious pthreads cast that was
>>> choking
>>>>> gcc.  Would you  all try it again please?
>>>>> https://github.com/agokhale/freebsd-port-net-viamillipede/
>>> commits/master
>>>>
>>>> I've tested it on 10.3-i386, same build error as before. Maybe
>>>> the problem happens with 10.3, but not with 10.4. I'll retest with 10.4.
>>>
>>> Yes, builds with 10.4, fails with 10.3.
>>>
>>> --
>>> p...@opsec.eu+49 171 3101372 2 years to
>>> go !
>>>
>>
>>
>>
>> mat@'s feedback accepted,
>>
>> This is the error  from 10.3 release via poudriere jail:
>>
>> ===
>> ===>  Building for viamillipede-0.7
>> make[1]: "/usr/share/mk/bsd.own.mk" line 505: MK_DEBUG_FILES can't be set
>> by a user.
>> *** Error code 1
>>
>>
>> I'm not sure where to go from this; can I fence the port to build only on
>> 10.4+ ?
>>
>> I'll poke around in the jail for clues.
> 
> 
> Been a while but I think its something like
> 
> Something like this in the makefile
> 
> .if ${OSVERSION} > 1004000
> BROKEN=   Needs features from at least 10.4
> .endif
> 
> 
Doh
.if ${OSVERSION} < 1004000

of course.

> 
> Vince
> 
>> ___
>> freebsd-ports@freebsd.org mailing list
>> https://lists.freebsd.org/mailman/listinfo/freebsd-ports
>> To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
>>
> ___
> freebsd-ports@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-ports
> To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
> 
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: net/viamillipede seeks commiter

[Vincent Hoffman-Kazlauskas]

On 07/03/2018 17:08, Ash Gokhale wrote:
> On Wed, Mar 7, 2018 at 6:51 AM, Kurt Jaeger  wrote:
> 
>> Hi!
>>
 I've made peace with poudriere  in 10.4, 11.1 and 12 current jails with
 USES= uidfix, and also fixed the spurious pthreads cast that was
>> choking
 gcc.  Would you  all try it again please?
 https://github.com/agokhale/freebsd-port-net-viamillipede/
>> commits/master
>>>
>>> I've tested it on 10.3-i386, same build error as before. Maybe
>>> the problem happens with 10.3, but not with 10.4. I'll retest with 10.4.
>>
>> Yes, builds with 10.4, fails with 10.3.
>>
>> --
>> p...@opsec.eu+49 171 3101372 2 years to
>> go !
>>
> 
> 
> 
> mat@'s feedback accepted,
> 
> This is the error  from 10.3 release via poudriere jail:
> 
> ===
> ===>  Building for viamillipede-0.7
> make[1]: "/usr/share/mk/bsd.own.mk" line 505: MK_DEBUG_FILES can't be set
> by a user.
> *** Error code 1
> 
> 
> I'm not sure where to go from this; can I fence the port to build only on
> 10.4+ ?
> 
> I'll poke around in the jail for clues.


Been a while but I think its something like

Something like this in the makefile

.if ${OSVERSION} > 1004000
BROKEN= Needs features from at least 10.4
.endif



Vince

> ___
> freebsd-ports@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-ports
> To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
> 
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: pkg audit -F - insufficient privileges

[Vincent Hoffman-Kazlauskas]

On 21/10/2016 16:24, Walter Schwarzenfeld wrote:
> |chmod 755 /var/db/pkg solved it.
> |
Possibly this is to do with the

"Update to 1.9.0

- Drop privileges in many commands
- Drop privileges when fetching a file"

Possibly dropping privs to early?

I found that my lazy pf rule to only allow root to have http outbound
connections broke remote updates with the upgrade to the 1.9.x version,
which I suspect to be related to the privilege dropping as an explicit
allow http to my update server fixed it.

Vince

> ___
> freebsd-ports@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-ports
> To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: Updating "wfimgr"

[Vincent Hoffman-Kazlauskas]

On 21/10/2016 11:17, Gerard Seibert wrote:
> Unless I am in error, the "net-mgmt/wifimgr" port is based on the
> "NetworkManager" program. That program has been updated to version
> 1.4.2 . Is it possible
> to update the ports version from 1.11 to the latest stable version?
> 
I think you are confused, wifimgr is
http://opal.com/freebsd/ports/net-mgmt/wifimgr/ no relation to
networkmanager (still linux only) as far as I know.

Vince
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: freebsd-update and portsnap users still at risk of compromise

[Vincent Hoffman-Kazlauskas]

For those not on freebsd-announce (or reddit or anywhere else it got posted)

"FreeBSD Core statement on recent freebsd-update and related
vulnerabilities"
https://lists.freebsd.org/pipermail/freebsd-announce/2016-August/001739.html



Vince

On 11/08/2016 05:22, Julian Elischer wrote:
> On 11/08/2016 1:11 AM, Mail Lists via freebsd-security wrote:
>>
>>
>> sorry but this is blabla and does not come even near to answering the
>> real problem:
>>
>> It appears that freebsd and the US-government is more connected that
>> some of us might like:
>>
>> Not publishing security issues concerning update mechanisms - we all
>> can think WHY freebsd is not eager on this one.
>>
>> Just my thoughts...
> 
> this has been in discussion a lot in private circles within FreeBSD.
> It's not being ignored and a "correct" patch is being developed.
> 
> from one email I will quote just a small part..
> ===
> 
> As of yet, [the] patches for the libarchive vulnerabilities have not
> been released
> upstream to be pulled into FreeBSD. In the meantime, HardenedBSD has
> created
> patches for some of the libarchive vulnerabilities, the first[3] is being
> considered for inclusion in FreeBSD, at least until a complete fix is
> committed upstream, however the second[4] is considered too brute-force and
> will not be committed as-is. Once the patches are in FreeBSD and updated
> binaries are available, a Security Advisory will be issued.
> 
> ===
> so expect something soon.
> I will go on to say that the threat does need to come from an advanced
> MITM actor,
> though that does not make it a non threat..
> 
>>
>>
>>> Tuesday, August  9, 2016 8:21 PM UTC from Matthew Donovan
>>> :
>>>
>>> You mean operating system as distribution is a Linux term. There's
>>> not much
>>> different between HARDENEDBSD and FreeBSD besides that HardenedBSD fixes
>>> vulnerabilities and has a an excellent ASLR system compared to the
>>> proposed
>>> one for FreeBSD.
>>>
>>> On Aug 9, 2016 3:10 PM, "Roger Marquis" < marq...@roble.com > wrote:
>>>
 Timely update via Hackernews:

   >>> y-update-libarchive>

 Note in particular:

   "FreeBSD is still vulnerable to the portsnap, freebsd-update,
 bspatch,
   and libarchive vulnerabilities."

 Not sure why the portsec team has not commented or published an
 advisory
 (possibly because the freebsd list spam filters are so bad that
 subscriptions are being blocked) but from where I sit it seems that
 those exposed should consider:

   cd /usr/ports
   svn{lite} co  https://svn.FreeBSD.org/ports/head /usr/ports
   make index
   rm -rf /usr/sbin/portsnap /var/db/portsnap/*

 I'd also be interested in hearing from hardenedbsd users regarding the
 pros and cons of cutting over to that distribution.

 Roger



 On 2016-07-29 09:00, Julian Elischer wrote:
>> not sure if you've been contacted privately, but  I believe the
>> answer is
>> "we're working on it"
>>
> My concerns are as follows:
>
> 1. This is already out there, and FreeBSD users haven't been
> alerted that
> they should avoid running freebsd-update/portsnap until the
> problems are
> fixed.
>
> 2. There was no mention in the bspatch advisory that running
> freebsd-update to "fix" bspatch would expose systems to MITM
> attackers who
> are apparently already in operation.
>
> 3. Strangely, the "fix" in the advisory is incomplete and still
> permits
> heap corruption, even though a more complete fix is available. That's
> what prompted my post. If FreeBSD learned of the problem from the same
> source document we all did, which seems likely given the coincidental
> timing of an advisory for a little-known utility a week or two
> after that
> source document appeared, then surely FreeBSD had the complete fix
> available.
>
> ___
   freebsd-ports@freebsd.org mailing list
   https://lists.freebsd.org/mailman/listinfo/freebsd-ports
 To unsubscribe, send any mail to "
 freebsd-ports-unsubscr...@freebsd.org "

>>> ___
>>> freebsd-secur...@freebsd.org mailing list
>>> https://lists.freebsd.org/mailman/listinfo/freebsd-security
>>> To unsubscribe, send any mail to "
>>> freebsd-security-unsubscr...@freebsd.org "
>>
>> Best regards,
>> Mail Lists
>> mli...@mail.ru
>> ___
>> freebsd-secur...@freebsd.org mailing list
>> https://lists.freebsd.org/mailman/listinfo/freebsd-security
>> To unsubscribe, send any mail to
>> "freebsd-security-unsubscr...@freebsd.org"
>>
> 
> ___
> freebsd-ports@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-ports
> To unsubscribe, send any mail to 

Re: old ports/packages

[Vincent Hoffman-Kazlauskas]

On 31/05/2016 14:17, Torsten Zuehlsdorff wrote:
> On 04.05.2016 19:17, Grzegorz Junka wrote:
> 
> Please excuse my late answer. I was right into vacation and need to
> handle some work right afterwards.
> 
 What you cannot do is create old-style packages from a new ports
 tree. This is because the ports infrastructure has been changing
 since pkg_install was deprecated, and pkg_install simply will not
 work with the current ports tree (and, as I understand it, cannot
 practically be modified in order to work with it).
>>>
>>> You are mostly correct. It is possible to modify and old ports-tree to
>>> get the new software in. I have at least two customer paying me for
>>> exact this work. But to be fair: it is no fun and harder with every
>>> new release :D
>>>
>>> I suppose what some customer need is an LTS version. Missing one is a
>>> show stopper for FreeBSD usage in many firms i talked to. I do not
>>> think this is a good idea from a technical point - but firms are slow
>>> and want stability.
>>
>> LTS of the base system or ports? The base system is already quite well
>> supported long-term.
> 
> This is a very good question, because it is not that clear. But let me
> state right here: No, the base system has not a good long-term support!
> 
> Yes, we have 2 years for the latest release, but 2 years seems to be
> very short for firms. Often they want 5 years.
> 
> And you are forced to update. You can't stay on say 10.1 or 10.2 because
> the support will end 2016. Which is short, because 10.2 was released in
> august 2015. This is only one and a half year.


To be fair the support is last release + 2 years, supporting a minor
version for more than 2 years seems unreasonable, compare to say redhat
a major commercial vendor. They provide up to 10 years sure but for a
major version ie 6 not a minor version ie 6.1. In fact their policy
page(1*) says "Under a Red Hat Enterprise Linux subscription, all
available RHSAs and RHBAs are provided for the current active minor
release until the availability of the next minor release" and that if
you want a minor release supported for longer you pay more and even then
its only approx 2 years, (example 6.7 (released 2015-07-22) ends July
31, 2017)
So far for me updating freebsd minor releases has been much the same
experience as upgrading Centos/RHEL minor releases.



Vince

(1*)
https://access.redhat.com/support/policy/updates/errata#Extended_Update_Support

> 
> Also on same points base system and ports are tied together. There were
> already changes in ports-tree which renders him unavailable for a older
> release just a couple of days after the version becomes unsupported.
> 
>> In this particular case it's probably not ports per
>> se but more the package manager? Because ports are not really FreeBSD's,
>> they are separate applications, each one of which is supported as long
>> as its author is willing to do so.
> 
> Yes - but the infrastructure changes. The ports are not really FreeBSD,
> the ports-tree is.
> 
>> Unless you mean the model adopted by some Linux companies, namely taking
>> the ports tree, freezing applications at some specific versions, and
>> only apply security and critical bug fixes to those applications? That
>> would mean creating and maintaining sources for all applications listed
>> in ports, rather than the ports tree itself! And that would be quite a
>> task considering that many applications have multiple configurable
>> compilation options. Not sure if it would be worth the effort if most
>> companies only need a limited set of applications from the whole tree.
>> On the other hand, if that was done then you would be left with no
>> work :)
> 
> Like i said: LTS is not a good idea from a technical point. But a
> missing LTS version is a main problem when trying to convince firms to
> change to FreeBSD.
> 
> Greetings,
> Torsten
> ___
> freebsd-ports@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-ports
> To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
> 
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"