Re: Problem Compiling xenocara

[Matthieu Herrb]

On Tue, May 13, 2008 at 4:14 AM, Brian [EMAIL PROTECTED] wrote:
 Once I moved xenocara's source to /usr/xenocara.  I have been unable to 
 compile.  It looks like a Makefile still points to /usr/src/xenocara.


The fix is obvious: remove your obj dir first and rerun make obj.

Re: Old EmBSD docs

[Michael Dexter]

 Nonsense. Many new embedded boards have limited flash memory soldered on.

I think most of the developers are tired of seeing people shoot
themselves in the foot then show up on the list complaining about blood
loss.  Pointing out that some people might have a justification for
inflicting pain upon themselves only encourages harmful behavior.

I was incorrect about the example product. My error. However, the paradox 
remains: arguably the best routing OS available requires blood loss on the 
most cost-effective routing hardware available. Fortunately, it remains the 
best none the less and the blood loss is acceptable. Keep up the good work.

Michael.

Re: PF Congestion and state table question

[Henning Brauer]

* Jordi Espasa Clofent [EMAIL PROTECTED] [2008-05-12 09:51]:
 I'm not sure how many packets your cards can put into ipintrq in one int. 
 3000 might still be not enough. watch net.inet.ip.ifq.*, especially len. 
 teh question is wether you see bursts or constant pressure.

 Relating about that, I see:

 $ sysctl net.inet.ip.ifq
 net.inet.ip.ifq.len=0
 net.inet.ip.ifq.maxlen=1024
 net.inet.ip.ifq.drops=130998

 ?What's about net.inet.ip.ifq.len value? ?Is it this '0' a wrong value?

that's the CURRENT lenand almost always 0, becuase if it is not, we 
don't switch to userland for sysctl to show it...

 Note that net.inet.ip.ifq.maxlen=1024 means that I've 4 NICs (em (4)based) 
 in this box.

bump up.

-- 
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg  Amsterdam

Re: Originating large numbers of routes with bgpd

[Stuart Henderson]

On 2008-05-12, Peter Bristow [EMAIL PROTECTED] wrote:
OpenBSD also won't let you add routes
 where the nexthop is not locally reachable.

Doesn't nexthop qualify via help this?

 If set to bgp, bgpd(8) may use BGP routes to verify nexthops.  If
 set to default, bgpd may use the default route to verify nex-
 thops.  By default bgpd will only use static routes or routes
 added by other routing daemons like ospfd(8).

carp issue

[comfooc]

Hi,
I have:
Host1 with PCMCIA ep interface configured by:
ifconfig ep1 10.0.0.101 netmask 255.255.255.0 ;
ifconfig carp0 10.0.0.111 netmask 255.255.255.0 carpnodes
1:0,2:100 balancing ip-stealth;
Host2 with PCMCIA ep interface (not the same) configured by:
ifconfig ep1 10.0.0.102 netmask 255.255.255.0;
ifconfig carp0 10.0.0.111 netmask 255.255.255.0 carpnodes
1:100,2:0 balancing ip-stealth;
Hosts are connected by 5-port simple switch.
They both are correctly detecting states:
Host1:
state MASTER vhid 1 advskew 0
state BACKUP vhid 2 advskew 100
Host2:
state BACKUP vhid 1 advskew 100
state MASTER vhid 2 advskew 0
But:
Host1:
ping 10.0.0.102 (works)
ping 10.0.0.111 (works)

Host2:
ping 10.0.0.101 (works)
ping 10.0.0.111 (DON'T work)

I really don't know why I cant ping 10.0.0.111 from BACKUP (Host2) machine.
I've tried with switch changed to router and with all combinations of
balancing (ip,ip-stealth,ip-unicast) but none of them helped.
Please help!
Cheers.

asus eee ethernet and 4.3

[frantisek holop]

hi there,

i have just installed 4.3 on the eee.
i was looking forward to use the ethernet
connection but lii does not attach.

perhaps it was too late to include it,
but why is the man page there then?

-f
-- 
oxymoron: mobil station.

Re: PF Congestion and state table question

[Jordi Espasa Clofent]

that's the CURRENT lenand almost always 0, becuase if it is not, we 
don't switch to userland for sysctl to show it...


So, I understand it's a right value.

Note that net.inet.ip.ifq.maxlen=1024 means that I've 4 NICs (em (4)based) 
in this box.


bump up.


M I'm not sure if I'm understood you correctly. ?Do you think 
it's a lower value? ?Why?

Re: asus eee ethernet and 4.3

[Frank Brodbeck]

frantisek holop has spoken, thus:
 hi there,
 
 i have just installed 4.3 on the eee.

I'm considering buying one of those and I'd be interested on how well
4.3 is working on them or if I should wait until 4.4 is out.

TIA,
Frank.

-- 
Frank Brodbeck [EMAIL PROTECTED]

Re: asus eee ethernet and 4.3

[Stuart Henderson]

On 2008-05-13, Frank Brodbeck [EMAIL PROTECTED] wrote:
 frantisek holop has spoken, thus:
 hi there,
 
 i have just installed 4.3 on the eee.

 I'm considering buying one of those and I'd be interested on how well
 4.3 is working on them or if I should wait until 4.4 is out.

there's always -current...

Re: asus eee ethernet and 4.3

[frantisek holop]

hmm, on Tue, May 13, 2008 at 02:11:03PM +0200, Frank Brodbeck said that
 frantisek holop has spoken, thus:
  hi there,
  
  i have just installed 4.3 on the eee.
 
 I'm considering buying one of those and I'd be interested on how well
 4.3 is working on them or if I should wait until 4.4 is out.

i had some snapshots on this thing before, and lii seemed
to work.  but because at the moment i dont have realiable
internet access, i wanted to switch to release because
of the packages.  i put it on today and lii does not attach.

the tree could have been frozen for release before the
reliability patch went in, that's my only conclusion...

there were also some problems with acpi in the last snapshot
making it panic.  i have also upgraded the bios today to 910,
we'll see what changes.  but paying for every minute, at this
moment i dont have the means to download new snapshots very
often, or to make a cvs checckout.

except the wireless i think openbsd is good on this machine.
X had not problems, but i dont have lot of usage data so far.

-f
-- 
words are not food, though sometimes we must eat them.

Re: fun with ktrace, gdb, usb devices, and umsm(4)

[Stuart Henderson]

On 2008-05-13, Aaron Glenn [EMAIL PROTECTED] wrote:
 I'm trying to get my Sierra Wireless MC5720 modem to work and I'm not
 having much luck.

I don't know if this is useful or a red herring, but when this id was
added to Linux, they also added code which ensures that the device
is turned on when inserted into the system. They use it for all
devices supported by the driver, they don't match to any particular
device. http://lkml.org/lkml/2007/1/17/188

Looking at usb_control_msg details on http://tinyurl.com/539896 and
this from the above diff:

+   __u16 set_mode_dzero = 0x;
...
+   /*set mode to D0 */
+   result = usb_control_msg(serial-dev,
+   usb_rcvctrlpipe(serial-dev, 0),
+   0x00,0x40,set_mode_dzero,0,NULL,0,USB_CTRL_SET_TIMEOUT);
  `value---' | `data
request- -request type   `index

I baked the somewhat random diff below, if it doesn't help I don't
know where else to look, and if it does help count me quite surprised!
It does at least compile :)

 In a vain attempt to school myself, I've tried to ktrace and gdb my
 way into figuring out why I can't get this card to work. Doing a cu
 -l /dev/cuaU0 -swhatever ends in a hard lock.

I am no kernel wizard but if it's hanging in the kernel, that
behaviour seems reasonable. There are other ways, but the simplest
is probably to sprinkle some printf..


Index: umsm.c
===
RCS file: /cvs/src/sys/dev/usb/umsm.c,v
retrieving revision 1.25
diff -u -p -r1.25 umsm.c
--- umsm.c  12 May 2008 12:24:43 -  1.25
+++ umsm.c  13 May 2008 12:15:04 -
@@ -45,11 +45,14 @@ int umsmdebug = 1;
 
 #define DPRINTF(x) DPRINTFN(0, x)
 
-
 #define UMSMBUFSZ  4096
 #defineUMSM_INTR_INTERVAL  100 /* ms */
+
 #define E220_MODE_CHANGE_REQUEST 0x2
 
+#define UMSM_SET_POWER_REQUEST 0x0
+#define UMSM_POWER_MODE_D0 0x
+
 int umsm_match(struct device *, void *, void *); 
 void umsm_attach(struct device *, struct device *, void *); 
 int umsm_detach(struct device *, int); 
@@ -61,6 +64,7 @@ void umsm_intr(usbd_xfer_handle, usbd_pr
 void umsm_get_status(void *, int, u_char *, u_char *);
 
 usbd_status umsm_e220_changemode(usbd_device_handle);
+usbd_status umsm_set_power_dzero(usbd_device_handle);
 
 struct umsm_softc {
struct devicesc_dev;
@@ -180,6 +184,7 @@ umsm_attach(struct device *parent, struc
sc-sc_udev = uaa-device;
sc-sc_iface = uaa-iface;
 
+   umsm_set_power_dzero(uaa-device);
id = usbd_get_interface_descriptor(sc-sc_iface);
 
if (id == NULL || id-bInterfaceClass == UICLASS_MASS) {
@@ -391,6 +396,25 @@ umsm_e220_changemode(usbd_device_handle 
 
err = usbd_do_request(dev, req, 0);
if (err) 
+   return (EIO);
+
+   return (0);
+}
+
+usbd_status
+umsm_set_power_dzero(usbd_device_handle dev)
+{
+   usb_device_request_t req;
+   usbd_status err;
+
+   req.bmRequestType = UT_VENDOR;
+   req.bRequest = UMSM_SET_POWER_REQUEST;
+   USETW(req.wValue, UMSM_POWER_MODE_D0);
+   USETW(req.wIndex, 0);
+   USETW(req.wLength, 0);
+
+   err = usbd_do_request(dev, req, 0);
+   if (err)
return (EIO);
 
return (0);

Re: Error in fdisk(8) documentation

[Jason McIntyre]

On Sun, May 11, 2008 at 08:33:42PM -0500, Adam Patterson wrote:
 In the fdisk(8) manpage you will see the following table.
 
 #: idC   H  S -C   H  S [   start:  size   ]
 -
 0: 040   1  1 -  170   0 63 [  63: 2570462 ] DOS FAT-16
 1: 000   0  0 -0   0  0 [   0:   0 ] unused
 2: 000   0  0 -0   0  0 [   0:   0 ] unused
 *3: A6  170   1  1 - 5167 239 63 [ 2570463:75569697 ] OpenBSD
 
 For a first timer, reading this manpage during installation I think that 
 this partition scheme would confuse them.
 
 The start of #3 should actually be 2570462+63. The size of #0 plus the 
 start point.
 
 You can see the proper behavior in the following table from FAQ (14.2).
 
 Starting   Ending   LBA Info:
 #: idC   H  S -C   H  S [   start:  size   ]
 
 *0: A63   0  1 -  552 254 63 [   48195: 8835750 ] OpenBSD 
 1: 120   1  1 -2 254 63 [  63:   48132 ] Compaq Diag.
 2: 000   0  0 -0   0  0 [   0:   0 ] unused  
 3: 000   0  0 -0   0  0 [   0:   0 ] unused   
 
 
 If I'm blatantly missing something please let me know, but I believe this 
 is a bug.
 Thanks. 
 .adam.

thanks, we've just fixed this.
jmc

1 cartouche achetée = 1 cadeau offert

[Toner Services]

 Si ce message ne s'affiche pas correctement, vous pouvez le visualiser
en suivant ce lien. [IMAGE]

En vertu de la loi n78-17 du 6 janvier 1978, vous disposez d'un droit
d'acchs et de rectification des donnes vous concernant ainsi qu'un droit
d'opposition que vous pouvez faire valoir tout moment. Pour cela si vous
ne souhaitez plus recevoir de mails de notre part veuillez : Cliquez ici

Re: PF Congestion and state table question

[Henning Brauer]

* Jordi Espasa Clofent [EMAIL PROTECTED] [2008-05-13 14:07]:
 that's the CURRENT lenand almost always 0, becuase if it is not, we don't 
 switch to userland for sysctl to show it...

 So, I understand it's a right value.

 Note that net.inet.ip.ifq.maxlen=1024 means that I've 4 NICs (em 
 (4)based) in this box.
 bump up.

 M I'm not sure if I'm understood you correctly. ?Do you think it's 
 a lower value? ?Why?

go higher. because it's good for you :)

-- 
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg  Amsterdam

Re: Problem Compiling xenocara

[Brian]

--- On Mon, 5/12/08, Philippe Meunier [EMAIL PROTECTED] wrote:


 
 Any suggestions for what I can do fix this problem?
 
 rm -rf /usr/xobj/*
 cd /usr/xenocara
 make bootstrap
 make obj
 make build
 
 Works for me.  The first step is what you missed, I think.

Thanks.  I was skipping the first step.

Brian

Dell Power Edge 1950 SAS Raid1 'sd0: not queued: error 5'

[Claer]

Hi list,

Today one of our first Dell 1950 crashed in a strange way. I asked non
IT people to restart it that's why I dont have console traces of the
problem.

Before the server became unresponsitive, I could see this in
/var/log/messages :

May 11 04:50:55 fw1 /bsd: sd0: not queued, error 5
May 11 04:51:26 fw1 last message repeated 89 times
May 11 04:51:26 fw1 last message repeated 34 times

Googling for sd0: not queued, error 5 I found a thread with a similar
log. http://readlist.com/lists/openbsd.org/misc/11/56564.html

It seems the problem is not fixed for the release installed on this
firewall (4.1). It's the first time in around 1 year that I got this
problem.
During the problem, telnet server 22 opened and closed the connection
without displaying ssh banner. The network stack was still running
and the carp interfaces did not change to BACKUP mode.

As this firewall is used for tests it did not impact any users
(exept myself ;)) but permits to run debug commands if suggested.
I'll update the perc firmware as mentionned on the thread posted above.
The server will be upgraded soon to 4.3 too.

Any  help on how to avoid this problem is welcome.


Claer

dmeg :

OpenBSD 4.1-stable (GENERIC) #1: Fri Aug 17 23:55:00 CEST 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Xeon(R) CPU 5110 @ 1.60GHz (GenuineIntel 686-class)
1.60 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,TM2,CX16,xTPR
real mem  = 1072955392 (1047808K)
avail mem = 971632640 (948860K)
using 4278 buffers containing 53772288 bytes (52512K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+ BIOS, date 03/26/07, BIOS32 rev. 0 @ 0xffe90,
SMBIOS rev. 2.4 @ 0x3ffbc000 (62 entries)
bios0: Dell Inc. PowerEdge 1950
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfaa60/368 (21 entries)
pcibios0: PCI Interrupt Router at 000:31:0 (Intel 6321ESB LPC rev
0x00)
pcibios0: PCI bus #22 is the last bus
bios0: ROM list: 0xc/0x9000! 0xc9000/0x1000 0xca000/0x1800
0xcb800/0x5200 0xec000/0x4000!
acpi at mainbus0 not configured
ipmi0 at mainbus0: version 2.0 interface KCS iobase 0xca8/8 spacing 4
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 Intel 5000X Host rev 0x12
ppb0 at pci0 dev 2 function 0 Intel 5000 PCIE rev 0x12
pci1 at ppb0 bus 6
ppb1 at pci1 dev 0 function 0 Intel 6321ESB PCIE rev 0x01
pci2 at ppb1 bus 7
ppb2 at pci2 dev 0 function 0 Intel 6321ESB PCIE rev 0x01
pci3 at ppb2 bus 8
ppb3 at pci3 dev 0 function 0 ServerWorks PCIE-PCIX rev 0xc3
pci4 at ppb3 bus 9
bnx0 at pci4 dev 0 function 0 Broadcom BCM5708 rev 0x12: irq 5
ppb4 at pci2 dev 1 function 0 Intel 6321ESB PCIE rev 0x01
pci5 at ppb4 bus 10
ppb5 at pci1 dev 0 function 3 Intel 6321ESB PCIE-PCIX rev 0x01
pci6 at ppb5 bus 11
ppb6 at pci0 dev 3 function 0 Intel 5000 PCIE rev 0x12
pci7 at ppb6 bus 1
ppb7 at pci7 dev 0 function 0 Intel IOP333 PCIE-PCIX rev 0x00
pci8 at ppb7 bus 2
mfi0 at pci8 dev 14 function 0 Dell PERC 5 rev 0x00: irq 6
mfi0: logical drives 1, version 5.1.1-0040, 256MB RAM
scsibus0 at mfi0: 1 targets
sd0 at scsibus0 targ 0 lun 0: DELL, PERC 5/i, 1.03 SCSI3 0/direct
fixed
sd0: 69376MB, 69376 cyl, 64 head, 32 sec, 512 bytes/sec, 142082048 sec
total
ppb8 at pci7 dev 0 function 2 Intel IOP333 PCIE-PCIX rev 0x00
pci9 at ppb8 bus 3
ppb9 at pci0 dev 4 function 0 Intel 5000 PCIE rev 0x12
pci10 at ppb9 bus 12
ppb10 at pci10 dev 0 function 0 vendor IDT, unknown product 0x8018 rev
0x04
pci11 at ppb10 bus 13
ppb11 at pci11 dev 0 function 0 vendor IDT, unknown product 0x8018 rev
0x04
pci12 at ppb11 bus 14
em0 at pci12 dev 0 function 0 Intel PRO/1000 QP (82571EB) rev 0x06:
irq 5, address 00:15:17:3e:c8:dc
em1 at pci12 dev 0 function 1 Intel PRO/1000 QP (82571EB) rev 0x06:
irq 11, address 00:15:17:3e:c8:dd
ppb12 at pci11 dev 1 function 0 vendor IDT, unknown product 0x8018 rev
0x04
pci13 at ppb12 bus 15
em2 at pci13 dev 0 function 0 Intel PRO/1000 QP (82571EB) rev 0x06:
irq 11, address 00:15:17:3e:c8:de
em3 at pci13 dev 0 function 1 Intel PRO/1000 QP (82571EB) rev 0x06:
irq 6, address 00:15:17:3e:c8:df
ppb13 at pci0 dev 5 function 0 Intel 5000 PCIE rev 0x12
pci14 at ppb13 bus 16
ppb14 at pci0 dev 6 function 0 Intel 5000 PCIE rev 0x12
pci15 at ppb14 bus 17
ppb15 at pci15 dev 0 function 0 vendor IDT, unknown product 0x8018 rev
0x04
pci16 at ppb15 bus 18
ppb16 at pci16 dev 0 function 0 vendor IDT, unknown product 0x8018 rev
0x04
pci17 at ppb16 bus 19
em4 at pci17 dev 0 function 0 Intel PRO/1000 QP (82571EB) rev 0x06:
irq 5, address 00:15:17:3e:c6:0c
em5 at pci17 dev 0 function 1 Intel PRO/1000 QP (82571EB) rev 0x06:
irq 11, address 00:15:17:3e:c6:0d
ppb17 at pci16 dev 1 function 0 vendor IDT, unknown product 0x8018 rev
0x04
pci18 at ppb17 bus 20
em6 at pci18 dev 0 function 0 Intel PRO/1000 QP (82571EB) rev 0x06:
irq 11, address 00:15:17:3e:c6:0e
em7 at pci18 dev 0 

Debian libssl security (OpenSSH safe?)

[Juan Miscaro]

I guess everyone by now has heard about the very serious libssl
vulnerability on Debian/Ubuntu?

Just making sure that the source is safe, thanks.

/juan

pf problem with large table on -current

[Chris Smith]

Hello,

I'm trying to use a large table stored in a file with pf on -current but 
on system reboot pf chokes with Cannot Allocate Memory. However, once 
the system is running (and unfortunately for some reason I cannot ssh 
in when this happens so I have to be in front of it) I can load the 
table manually: pfctl -t pspblock -T add -f /etc/pspblockfile, and it 
also works if I first do pfctl -O -f /etc/pf.conf followed 
by pfctl -f /etc/conf. The table has roughly 22 addresses and 
I've upped table-entries hard limit to 50. Almost seems that pf is 
trying to load the table before changing the hard limit, but I have 
seen, on occasion pfctl -f /etc/pf.conf fail (cannot allocate memory) 
after it has already successfully executed.

There is fail logged in pfrkentry:
==
pfrkentry156  10993881   874541 17296 0 17296 17296 0 
19231 8648
==

System arch is i386 with 128MB memory. Would more memory solve the 
problem?

Thanks for any assistance.
-- 
Chris

Re: Debian libssl security (OpenSSH safe?)

[Sean Malloy]

On Tue, May 13, 2008 at 11:37:38AM -0400, Juan Miscaro wrote:
 I guess everyone by now has heard about the very serious libssl
 vulnerability on Debian/Ubuntu?
 
 Just making sure that the source is safe, thanks.
 
 /juan

Here is a quote from the official Debian Security announcement,
DSA-1571 http://www.debian.org/security/2008/dsa-1571.

This is a Debian-specific vulnerability which does not affect other
operating systems which are not based on Debian. However, other systems
can be indirectly affected if weak keys are imported into them.

-- 
Sean Malloy
www.spmalloy.com

Re: re(4) Devices Cannot do VLANs?

[Insan Praja SW]

On Tue, 13 May 2008 03:36:16 +0700, Brad [EMAIL PROTECTED] wrote:


Try out the attached patch which has already been commited to -current
which fixes the hardware VLAN tagging. Get back to me with the results  
and

I can get this commited to the 4.3/4.2 -stable branches.


Hi Brad,
I just applied the patch you send me, and it works. Right now I'm able to  
ssh, sftp, browsing through vlan interface.

Thanks,



Insan
--
insandotpraja(at)gmaildotcom

# netstat -ni
NameMtu   Network Address  Ipkts IerrsOpkts Oerrs  
Colls
lo0 33168 Link   21369 021369  
0 0
lo0 33168 127/8   127.0.0.121369 021369  
0 0
lo0 33168 ::1/128 ::1  21369 021369  
0 0
lo0 33168 fe80::%lo0/ fe80::1%lo0  21369 021369  
0 0
fxp01500  Link  00:04:ac:56:97:a2   135570 0   157110  
0 0
fxp01500  fe80::%fxp0 fe80::204:acff:fe   135570 0   157110  
0 0
fxp11500  Link  00:08:c7:aa:ee:0c0 00  
0 0
fxp11500  fe80::%fxp1 fe80::208:c7ff:fe0 00  
0 0
re0 1500  Link  00:1a:4d:6f:b4:52   683967 0   351625  
0 0
re0 1500  fe80::%re0/ fe80::21a:4dff:fe   683967 0   351625  
0 0
enc0*   1536  Link   0 00  
0 0
pfsync0 1460  Link   0 00  
0 0
pflog0  33168 Link   0 00  
0 0
vlan111 1500  Link  00:1a:4d:6f:b4:52 1959 0 2327  
0 0
vlan111 1500  fe80::%vlan fe80::21a:4dff:fe 1959 0 2327  
0 0
vlan111 1500  10.10.10/24 10.10.10.108  1959 0 2327  
0 0
vlan2   1500  Link  00:1a:4d:6f:b4:52   681924 0   349251  
0 0
vlan2   1500  fe80::%vlan fe80::21a:4ghi:kl   681924 0   349251  
0 0
vlan2   1500  abc.def.gh/ abc.def.ghi.jkl 681924 0   349251  
0 0

Re: asus eee ethernet and 4.3

[Travers Buda]

* frantisek holop [EMAIL PROTECTED] [2008-05-13 13:07:08]:

 hi there,
 
 i have just installed 4.3 on the eee.
 i was looking forward to use the ethernet
 connection but lii does not attach.
 
 perhaps it was too late to include it,
 but why is the man page there then?
 
 -f
 -- 
 oxymoron: mobil station.
 
 

See 
http://www.openbsd.org/i386-laptop.html

-- 
Travers Buda

Re: Debian libssl security (OpenSSH safe?)

[Marc Espie]

On Tue, May 13, 2008 at 11:14:59AM -0500, Sean Malloy wrote:
 On Tue, May 13, 2008 at 11:37:38AM -0400, Juan Miscaro wrote:
  I guess everyone by now has heard about the very serious libssl
  vulnerability on Debian/Ubuntu?
  
  Just making sure that the source is safe, thanks.
  
  /juan
 
 Here is a quote from the official Debian Security announcement,
 DSA-1571 http://www.debian.org/security/2008/dsa-1571.
 
 This is a Debian-specific vulnerability which does not affect other
 operating systems which are not based on Debian. However, other systems
 can be indirectly affected if weak keys are imported into them.

More details show that someone seriously fucked up in debian.

Trusting automated reporting tools like valgrind is fairly dangerous.

I'm saddened that people still don't learn.

`but this is a serious security warning. This MUST be fixed, valgrind canNOT
be wrong.'

duh... well, it can, like every tool out there that understands the
source only so far... better than some humans, granted, but hopefully
not better (yet) than the people who write serious software...

Re: Debian libssl security (OpenSSH safe?)

[Marc Espie]

On Tue, May 13, 2008 at 09:41:00PM +0400, B A wrote:
 Can't find relation between bug in openssl deb package and valgring.
 There is no such info in the original link as I see (DSA-1571-1).
 Cold you be more specific and informative?
 Thank you.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=363516

Re: Debian libssl security (OpenSSH safe?)

[B A]

Yes. Not good idea to modify sources just for satisfying automatic testings 
tool.

Good lesson!



13.05.08, 21:53, Marc Espie [EMAIL PROTECTED]:



 On Tue, May 13, 2008 at 09:41:00PM +0400, B A wrote:

  Can't find relation between bug in openssl deb package and valgring.

  There is no such info in the original link as I see (DSA-1571-1).

  Cold you be more specific and informative?

  Thank you.

 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=363516

donation: mini pci wireless card

[Adam Patterson]

I have a Gigabyte GN-WI01GS (mini pci wireless card) that is supported 
by ral(4).


I purchased this as a replacement for my shitty iwi(4) card that came in 
my Thinkpad X41T. Unfortunately the tpwireless doesnt work with the X41 
series. I've already ordered a pcmcia card instead and figured I could 
donate this card to any developer that needs it.


My original ideas was to give to someone interested in adding support 
for more blocked centrino machines to tpwireless, but I'd be happy to 
give it to any dev who just needs it.


If you aren't too far across the world, I'll even pay for shipping.

.adam.

Please .Do not neglect this mail,13/05/2008,,

[Engr. Abubakar Lawal Yaradua.]

Please, Do not neglect this mail
 
I am Engr. Abubakar Lawal Yaradua, The Group Managing Director of the Nigerian 
National Petroleum Corporation (NNPC),  By virtue of my position I can 
influence the issuance of the Bonny Light Crude Oil Allocation without having 
to pay for it. We will only pay the cost of the crude oil after we have sold 
it. Our own gain will be the commission which we will make from the sale of the 
product.
 
I am making this contact to you to seek your co-operation so that we can work 
together as partners to actualize the above goal. I cannot do it directly 
because issuing the crude oil allocation to myself will mean using my office 
for personal interest. That will expose me to prosecution as the law here does 
not permit that.
 
The allocation that will be issued to you is confirmable at Lloyds of London 
and also on Shell Screen. These are the two bodies that confirm crude oil 
transaction in the world. The confirmation will make every buyer see that the 
transaction is real and that you have legal right over the allocation.
 
If you are interested in this business please, get back to me so that I can 
brief you more.
 
Regards.
Engr. Abubakar Lawal Yaradua.

Re: Debian libssl security (OpenSSH safe?)

[B A]

Can't find relation between bug in openssl deb package and valgring.

There is no such info in the original link as I see (DSA-1571-1).

Cold you be more specific and informative?

Thank you.



13.05.08, 21:00, Marc Espie [EMAIL PROTECTED]:



 More details show that someone seriously fucked up in debian.

 Trusting automated reporting tools like valgrind is fairly dangerous.

 I'm saddened that people still don't learn.

 `but this is a serious security warning. This MUST be fixed, valgrind canNOT

 be wrong.'

 duh... well, it can, like every tool out there that understands the

 source only so far... better than some humans, granted, but hopefully

 not better (yet) than the people who write serious software...

security fixes for packages

[LEFIEUX Morgan]

Hi,

i was looking at this page http://www.openbsd.org/pkg-stable.html and 
would like to know why there is no security fixes for packages after 4.1 
release ?


Thanks.

Comete

wd1(pciide0:1:0): timeout with 1 GB CF card

[Daniel Polak]

I have a system with an IDE hard disk and CF-IDE adapter.
The CF-IDE adapter works fine with CF cards of 512 MB capacity and less.
As time goes by smaller capacity cards become more difficult to find so 
I bought several 1 GB Kingston CF cards.


However these CF cards don't seem to work (on OpenBSD 4.3 stable). I 
tried three empty 1 GB Kingston CF cards and they all prevent the system 
from getting past loading the kernel.

I went back to a smaller card and then everything is fine.

The error message is
type: ata
c_bcount: 512
c_skip: 0
pciide0:1:0: bus-master DMA error: missing interrupt, status=0x21


This is the dmesg:
OpenBSD 4.3 (GENERIC) #0: Sat May  3 18:58:41 CEST 2008
   [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) 4 CPU 2.40GHz (GenuineIntel 686-class) 2.40 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID,xTPR

real mem  = 401944576 (383MB)
avail mem = 380342272 (362MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 10/05/04, BIOS32 rev. 0 @ 0xfda74, 
SMBIOS rev. 2.3 @ 0xf0e80 (62 entries)
bios0: vendor Intel Corp. version WD84510A.86B.0020.P12.0410052327 
date 10/05/2004

bios0: Intel Corporation S845WD1-E
acpi0 at bios0: rev 0
acpi0: tables DSDT FACP APIC SSDT
acpi0: wakeup devices PBTN(S4) SLPB(S4) PCI1(S4) UAR1(S4) USB_(S3) 
USB2(S3) AC9_(S4) SMB_(S4)

acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 2 (PCI1)
acpicpu0 at acpi0
acpibtn0 at acpi0: PBTN
acpibtn1 at acpi0: SLPB
bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 0xc9000/0x1000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 Intel 82845 Host rev 0x11
agp0 at pchb0: aperture at 0xf800, size 0x400
ppb0 at pci0 dev 1 function 0 Intel 82845 AGP rev 0x11
pci1 at ppb0 bus 1
ppb1 at pci0 dev 30 function 0 Intel 82801BA Hub-to-PCI rev 0x05
pci2 at ppb1 bus 2
em0 at pci2 dev 11 function 0 Intel PRO/1000MT (82546GB) rev 0x03: irq 
9, address 00:04:23:b6:e7:9c
em1 at pci2 dev 11 function 1 Intel PRO/1000MT (82546GB) rev 0x03: irq 
10, address 00:04:23:b6:e7:9d
fxp0 at pci2 dev 12 function 0 Intel 8255x rev 0x0d, i82550: irq 11, 
address 00:07:e9:91:03:4f

inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4
fxp1 at pci2 dev 13 function 0 Intel 8255x rev 0x0d, i82550: irq 11, 
address 00:07:e9:91:03:50

inphy1 at fxp1 phy 1: i82555 10/100 PHY, rev. 4
vga1 at pci2 dev 15 function 0 ATI Rage XL rev 0x27
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ichpcib0 at pci0 dev 31 function 0 Intel 82801BA LPC rev 0x05
pciide0 at pci0 dev 31 function 1 Intel 82801BA IDE rev 0x05: DMA, 
channel 0 wired to compatibility, channel 1 wired to compatibility

wd0 at pciide0 channel 0 drive 0: ST340014A
wd0: 16-sector PIO, LBA48, 38134MB, 78099824 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 ignored (disabled)
uhci0 at pci0 dev 31 function 2 Intel 82801BA USB rev 0x05: irq 11
ichiic0 at pci0 dev 31 function 3 Intel 82801BA SMBus rev 0x05: irq 10
iic0 at ichiic0
adt0 at iic0 addr 0x2e: lm85 rev 0x60
spdmem0 at iic0 addr 0x50: 128MB DDR SDRAM ECC PC2100CL2.5
spdmem1 at iic0 addr 0x51: 256MB DDR SDRAM ECC PC2100CL2.5
uhci1 at pci0 dev 31 function 4 Intel 82801BA USB rev 0x05: irq 9
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pmsi0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pmsi0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
usb0 at uhci0: USB revision 1.0
uhub0 at usb0 Intel UHCI root hub rev 1.00/1.00 addr 1
usb1 at uhci1: USB revision 1.0
uhub1 at usb1 Intel UHCI root hub rev 1.00/1.00 addr 1
biomask ef65 netmask ef65 ttymask ffe7
mtrr: Pentium Pro MTRR support
softraid0 at root
root on wd0a swap on wd0b dump on wd0b


Do you think the problem is with the CF cards, with the CF-IDE adapter 
or with something in the OpenBSD 4.3 kernel?


Daniel

Re: wd1(pciide0:1:0): timeout with 1 GB CF card

[Stuart Henderson]

On 2008-05-13, Daniel Polak [EMAIL PROTECTED] wrote:
 I have a system with an IDE hard disk and CF-IDE adapter.
 The CF-IDE adapter works fine with CF cards of 512 MB capacity and less.
 As time goes by smaller capacity cards become more difficult to find so 
 I bought several 1 GB Kingston CF cards.

 However these CF cards don't seem to work (on OpenBSD 4.3 stable). I 
 tried three empty 1 GB Kingston CF cards and they all prevent the system 
 from getting past loading the kernel.
 I went back to a smaller card and then everything is fine.

 The error message is
 type: ata
 c_bcount: 512
 c_skip: 0
 pciide0:1:0: bus-master DMA error: missing interrupt, status=0x21

Your card supports DMAs, but your adapter doesn't wire the required line.
This was a later addition to the CF spec, you can disable DMA with flags
to wd(4).

See http://lists.soekris.com/pipermail/soekris-tech/2007-May/012083.html

Re: security fixes for packages

[Stijn]

Check the archives. This question has been answered already several times.

Here's an answer from Nick Holland on such a question:
http://marc.info/?l=openbsd-miscm=119931837024703w=2

BR,
Stijn

LEFIEUX Morgan wrote:

Hi,

i was looking at this page http://www.openbsd.org/pkg-stable.html and 
would like to know why there is no security fixes for packages after 
4.1 release ?


Thanks.

Comete

Re: wd1(pciide0:1:0): timeout with 1 GB CF card

[Daniel Polak]

 Original message from Stuart Henderson at 13-5-2008 22:15

On 2008-05-13, Daniel Polak [EMAIL PROTECTED] wrote:
  

I have a system with an IDE hard disk and CF-IDE adapter.
The CF-IDE adapter works fine with CF cards of 512 MB capacity and less.
As time goes by smaller capacity cards become more difficult to find so 
I bought several 1 GB Kingston CF cards.


However these CF cards don't seem to work (on OpenBSD 4.3 stable). I 
tried three empty 1 GB Kingston CF cards and they all prevent the system 
from getting past loading the kernel.

I went back to a smaller card and then everything is fine.

The error message is
type: ata
c_bcount: 512
c_skip: 0
pciide0:1:0: bus-master DMA error: missing interrupt, status=0x21



Your card supports DMAs, but your adapter doesn't wire the required line.
This was a later addition to the CF spec, you can disable DMA with flags
to wd(4).

See http://lists.soekris.com/pipermail/soekris-tech/2007-May/012083.html
  

Thanks that looks like the cause of my problem!
Only thing is that I have probably have many CF-IDE adapters like this 
and I'd need to use a custom kernel from now on or find enough of the 
older Kingston CF/512 cards that do work.


Daniel

Re: security fixes for packages

[Unix Fan]

LEFIEUX Morgan wrote:

 i was looking at this page http://www.openbsd.org/pkg-stable.html and 

 would like to know why there is no security fixes for packages after 4.1 

 release ?



The developers don't care about your security.



This topic has been done to death, developer incompetence was identified as the 
cause.



Move on..



Movie time! :-)







-Nix Fan.

Re: security fixes for packages

[Comète]

Ok, so does it mean that -stable or -release are useless ??? and people 
buy useless CDs every 6 monthes ? I can't believe it.

I really don't understand why these fixes are not provided anymore.

i don't want to go back to Debian... ;)

Stijn a icrit :

Check the archives. This question has been answered already several times.

Here's an answer from Nick Holland on such a question:
http://marc.info/?l=openbsd-miscm=119931837024703w=2

BR,
Stijn

LEFIEUX Morgan wrote:

Hi,

i was looking at this page http://www.openbsd.org/pkg-stable.html and 
would like to know why there is no security fixes for packages after 
4.1 release ?


Thanks.

Comete

Re: security fixes for packages

[Benoit Chesneau]

On Tue, May 13, 2008 at 11:07 PM, Unix Fan [EMAIL PROTECTED] wrote:
 LEFIEUX Morgan wrote:

   i was looking at this page http://www.openbsd.org/pkg-stable.html and

   would like to know why there is no security fixes for packages after 4.1

   release ?



  The developers don't care about your security.



  This topic has been done to death, developer incompetence was identified as
the cause.



  Move on..



  Movie time! :-)

don't lost your time with movie, update packages.


- benont

Re: security fixes for packages

[Ted Unangst]

On May 13, 2008, at 5:07 PM, ComC(te [EMAIL PROTECTED] wrote:


Ok, so does it mean that -stable or -release are useless ??? and
people buy useless CDs every 6 monthes ? I can't believe it.
I really don't understand why these fixes are not provided anymore.


Keep reading Nick's email until you do.




i don't want to go back to Debian... ;)


Don't worry. It's secure now.





Stijn a icrit :

Check the archives. This question has been answered already several
times.
Here's an answer from Nick Holland on such a question:
http://marc.info/?l=openbsd-miscm=119931837024703w=2
BR,
Stijn
LEFIEUX Morgan wrote:

Hi,

i was looking at this page http://www.openbsd.org/pkg-stable.html
and would like to know why there is no security fixes for packages
after 4.1 release ?

Thanks.

Comete

ipsec home network to colo server

[Lord Sporkton]

I am trying to set up a ipsec link between my home network(private ip
network behind dynamic public ip)
and my colo server(single public static ip). I was a bit unclear on
how to set up a tunnel between a static
and dynamic ip

interesting traffic:
208.70.72.13 - 10.0.0.0/16


My sad seems to set up ok, however afterward i get no flows and can not pass
data, ive checked out logs, and ipsecctl -m, but see nothing of use.

Below is data i believe relevant, if anything else is requested i will
do my best to post it back in a timely fashion
thank you


colo server:

# uname -a
OpenBSD angie.sporkton.com 4.3 GENERIC#846 i386
# cat /etc/ipsec.conf

ike passive from 208.70.72.13 to 10.0.0.0/16 \
aggressive auth hmac-sha1 enc 3des group modp1024   \
quick auth hmac-sha1 enc 3des \
srcid angie.sporkton.com dstid fire.sporkton.com \
psk password
# ipsecctl -sa
FLOWS:
No flows

SAD:
esp tunnel from 67.159.171.204 to 208.70.72.13 spi 0x26974f0d auth
hmac-sha1 enc 3des-cbc
esp tunnel from 208.70.72.13 to 67.159.171.204 spi 0xeac5bef2 auth
hmac-sha1 enc 3des-cbc
#

ipsecctl -m output:

sadb_getspi: satype esp vers 2 len 10 seq 9 pid 7557
address_src: 67.159.171.204
address_dst: 208.70.72.13
spirange: min 0x0100 max 0x
sadb_getspi: satype esp vers 2 len 10 seq 9 pid 7557
sa: spi 0x581ea1f0 auth none enc none
state mature replay 0 flags 0
address_src: 67.159.171.204
address_dst: 208.70.72.13
sadb_add: satype esp vers 2 len 50 seq 10 pid 7557
sa: spi 0xe4968f00 auth hmac-sha1 enc 3des-cbc
state mature replay 16 flags 4
lifetime_hard: alloc 0 bytes 0 add 1200 first 0
lifetime_soft: alloc 0 bytes 0 add 1080 first 0
address_src: 208.70.72.13
address_dst: 67.159.171.204
key_auth: bits 160: e7ee5eafe49c95cafc506ba1ba6c174a584e4859
key_encrypt: bits 192: 65c174f84e389d2022ffbf9c1f152348d7b7f708ef757014
identity_src: type fqdn id 0: angie.sporkton.com
identity_dst: type fqdn id 0: fire.sporkton.com
src_mask: 255.255.255.255
dst_mask: 255.255.0.0
protocol: proto 0 flags 0
flow_type: type unknown direction out
src_flow: 208.70.72.13
dst_flow: 10.0.0.0
sadb_add: satype esp vers 2 len 42 seq 10 pid 7557
sa: spi 0xe4968f00 auth hmac-sha1 enc 3des-cbc
state mature replay 16 flags 4
lifetime_hard: alloc 0 bytes 0 add 1200 first 0
lifetime_soft: alloc 0 bytes 0 add 1080 first 0
address_src: 208.70.72.13
address_dst: 67.159.171.204
identity_src: type fqdn id 0: angie.sporkton.com
identity_dst: type fqdn id 0: fire.sporkton.com
src_mask: 255.255.255.255
dst_mask: 255.255.0.0
protocol: proto 0 flags 0
flow_type: type unknown direction out
src_flow: 208.70.72.13
dst_flow: 10.0.0.0
sadb_update: satype esp vers 2 len 50 seq 11 pid 7557
sa: spi 0x581ea1f0 auth hmac-sha1 enc 3des-cbc
state mature replay 16 flags 4
lifetime_hard: alloc 0 bytes 0 add 1200 first 0
lifetime_soft: alloc 0 bytes 0 add 1080 first 0
address_src: 67.159.171.204
address_dst: 208.70.72.13
key_auth: bits 160: c2beffabe156d0dbaca586e730694a4ff3cc4ef5
key_encrypt: bits 192: 496cd320b35638d36dd8f899b8ce76c150840092db466715
identity_src: type fqdn id 0: fire.sporkton.com
identity_dst: type fqdn id 0: angie.sporkton.com
src_mask: 255.255.0.0
dst_mask: 255.255.255.255
protocol: proto 0 flags 0
flow_type: type unknown direction in
src_flow: 10.0.0.0
dst_flow: 208.70.72.13
sadb_update: satype esp vers 2 len 42 seq 11 pid 7557
sa: spi 0x581ea1f0 auth hmac-sha1 enc 3des-cbc
state mature replay 16 flags 4
lifetime_hard: alloc 0 bytes 0 add 1200 first 0
lifetime_soft: alloc 0 bytes 0 add 1080 first 0
address_src: 67.159.171.204
address_dst: 208.70.72.13
identity_src: type fqdn id 0: fire.sporkton.com
identity_dst: type fqdn id 0: angie.sporkton.com
src_mask: 255.255.0.0
dst_mask: 255.255.255.255
protocol: proto 0 flags 0
flow_type: type unknown direction in
src_flow: 10.0.0.0
dst_flow: 208.70.72.13



Home firewall:

# uname -a
OpenBSD fire.sporkton.com 4.3 GENERIC#698 i386
# cat /etc/ipsec.conf
ike from 10.0.0.0/16 to 208.70.72.13 peer 208.70.72.13 \
aggressive auth hmac-sha1 enc 3des group modp1024 \
quick auth hmac-sha1 enc 3des \
srcid fire.sporkton.com dstid angie.sporkton.com \
psk password
# ipsecctl -sa
FLOWS:
No flows

SAD:
esp tunnel from 67.159.171.204 to 208.70.72.13 spi 0x26974f0d auth
hmac-sha1 enc 3des-cbc
esp tunnel from 208.70.72.13 to 67.159.171.204 spi 0xeac5bef2 auth
hmac-sha1 enc 3des-cbc
#


ipsecctl -m output:

More details show that someone seriously fucked up in debian. [Was: Re: Debian libssl security (OpenSSH safe?)]

[chefren]

On 5/13/08 7:08 PM, Marc Espie wrote:


More details show that someone seriously fucked up in debian.


Well, this Kurt has seriously asked for details on the relevant 
openssl-dev list:


http://marc.info/?l=openssl-devm=114651085826293w=2


And see what arrogant as usual Ben Laurie states:

http://www.links.org/?p=327

they should contribute their patches upstream to the package 
maintainers. Had Debian done this in this case, we (the OpenSSL Team) 
would have fallen about laughing, and once we had got our breath back, 
told them what a terrible idea this was.



Kurt has clearly done so, and I know personally of another totally 
ignored patch from our company and I have heard in the past about 
OpenBSD people trying to send patches to OpenSSL maintainers to no avail.


The OpenSSL maintainers have proven not to read their mail, they aren't 
interested in cleaning up their big mess.



Laurie also states never fix a bug you dont understand and this 
OpenSSL hero seems to forget that something that seems smart and OK 
now and here can be plain bad and ugly when looked at with some more 
distance or knowledge.


His Adding uninitialised memory to it can do no harm and might do some 
good, which is why we do it. is pure arrogant and shortsighted shit to me.


+++chefren

Re: security fixes for packages

[Daniel Ouellet]

Comhte wrote:
Ok, so does it mean that -stable or -release are useless ??? and people 
buy useless CDs every 6 monthes ? I can't believe it.

I really don't understand why these fixes are not provided anymore.


Then do something about it and start contributing too. May be you will 
see how painful this is to do when you will actually do something like 
that and then have big mouth clueless guys like you acting like you do 
now complaining about your freely given time to the project and 
thankless users like you.


They give you their time and you have the guts to complain and asked 
them to do more then they already do freely and on their own time!? No 
wonder that they do less and less in some special cases like this.


Keep complaining and may be one day it will simply not be available at 
all anymore. Then what will you do... Apologies then?



i don't want to go back to Debian... ;)


No one stop you by the way and I am sure you will not be miss either 
with your ungrateful attitude.


With all due respect, you should think before you write this one, really.

It is given free out of goodwill to you and you think you deserved more?

Regards,

Daniel

Re: security fixes for packages

[Daniel Ouellet]

Unix Fan wrote:

LEFIEUX Morgan wrote:
i was looking at this page http://www.openbsd.org/pkg-stable.html and 
would like to know why there is no security fixes for packages after 4.1 
release ?


The developers don't care about your security.


They do. Just run current.


This topic has been done to death, developer incompetence was identified as the 
cause.


And when was your last competent patch provided.

I bet you give your free time on regular basic to help the project right?


Move on..


Yes, please move on to Debian may be too.

Best,

Daniel

FTP Access problem?

[Chris Bennett]

I just found the following doing ps -auxw:

root 10526  0.0  0.2   500  1052 ??  S  6:19PM0:00.01 ftpd: 
zeus.eanet.cz: [priv pre-auth] (ftpd)
_ftp 10361  0.0  0.2   504   924 ??  S  6:19PM0:00.00 ftpd: 
zeus.eanet.cz: connected: USER admin (ftpd)
root 27896  0.0  0.2   500  1052 ??  S  6:19PM0:00.01 ftpd: 
zeus.eanet.cz: [priv pre-auth] (ftpd)
_ftp   253  0.0  0.2   504   928 ??  S  6:19PM0:00.00 ftpd: 
zeus.eanet.cz: connected: USER admin (ftpd)


What should I make of this? I immediately killed ftpd. Is this a 
successful break-in or just an attempt?

I will be carefully looking around the system right now.
Chris

Re: Dell Power Edge 1950 SAS Raid1 'sd0: not queued: error 5'

[David Gwynne]

i believe this has been fixed with revision 1.80 of src/sys/dev/ic/ 
mfi.c. could you please try -current (or at least 4.3) and see if the  
problem persists?


dlg

On 14/05/2008, at 1:10 AM, Claer wrote:


Hi list,

Today one of our first Dell 1950 crashed in a strange way. I asked non
IT people to restart it that's why I dont have console traces of the
problem.

Before the server became unresponsitive, I could see this in
/var/log/messages :

May 11 04:50:55 fw1 /bsd: sd0: not queued, error 5
May 11 04:51:26 fw1 last message repeated 89 times
May 11 04:51:26 fw1 last message repeated 34 times

Googling for sd0: not queued, error 5 I found a thread with a  
similar

log. http://readlist.com/lists/openbsd.org/misc/11/56564.html

It seems the problem is not fixed for the release installed on this
firewall (4.1). It's the first time in around 1 year that I got this
problem.
During the problem, telnet server 22 opened and closed the  
connection

without displaying ssh banner. The network stack was still running
and the carp interfaces did not change to BACKUP mode.

As this firewall is used for tests it did not impact any users
(exept myself ;)) but permits to run debug commands if suggested.
I'll update the perc firmware as mentionned on the thread posted  
above.

The server will be upgraded soon to 4.3 too.

Any  help on how to avoid this problem is welcome.


Claer

dmeg :

OpenBSD 4.1-stable (GENERIC) #1: Fri Aug 17 23:55:00 CEST 2007
   [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Xeon(R) CPU 5110 @ 1.60GHz (GenuineIntel 686-class)
1.60 GHz
cpu0:
FPU 
,V86 
,DE 
,PSE 
,TSC 
,MSR 
,PAE 
,MCE 
,CX8 
,APIC 
,SEP 
,MTRR 
,PGE 
,MCA 
,CMOV 
,PAT 
,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS- 
CPL,VMX,TM2,CX16,xTPR

real mem  = 1072955392 (1047808K)
avail mem = 971632640 (948860K)
using 4278 buffers containing 53772288 bytes (52512K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+ BIOS, date 03/26/07, BIOS32 rev. 0 @  
0xffe90,

SMBIOS rev. 2.4 @ 0x3ffbc000 (62 entries)
bios0: Dell Inc. PowerEdge 1950
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfaa60/368 (21 entries)
pcibios0: PCI Interrupt Router at 000:31:0 (Intel 6321ESB LPC rev
0x00)
pcibios0: PCI bus #22 is the last bus
bios0: ROM list: 0xc/0x9000! 0xc9000/0x1000 0xca000/0x1800
0xcb800/0x5200 0xec000/0x4000!
acpi at mainbus0 not configured
ipmi0 at mainbus0: version 2.0 interface KCS iobase 0xca8/8 spacing 4
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 Intel 5000X Host rev 0x12
ppb0 at pci0 dev 2 function 0 Intel 5000 PCIE rev 0x12
pci1 at ppb0 bus 6
ppb1 at pci1 dev 0 function 0 Intel 6321ESB PCIE rev 0x01
pci2 at ppb1 bus 7
ppb2 at pci2 dev 0 function 0 Intel 6321ESB PCIE rev 0x01
pci3 at ppb2 bus 8
ppb3 at pci3 dev 0 function 0 ServerWorks PCIE-PCIX rev 0xc3
pci4 at ppb3 bus 9
bnx0 at pci4 dev 0 function 0 Broadcom BCM5708 rev 0x12: irq 5
ppb4 at pci2 dev 1 function 0 Intel 6321ESB PCIE rev 0x01
pci5 at ppb4 bus 10
ppb5 at pci1 dev 0 function 3 Intel 6321ESB PCIE-PCIX rev 0x01
pci6 at ppb5 bus 11
ppb6 at pci0 dev 3 function 0 Intel 5000 PCIE rev 0x12
pci7 at ppb6 bus 1
ppb7 at pci7 dev 0 function 0 Intel IOP333 PCIE-PCIX rev 0x00
pci8 at ppb7 bus 2
mfi0 at pci8 dev 14 function 0 Dell PERC 5 rev 0x00: irq 6
mfi0: logical drives 1, version 5.1.1-0040, 256MB RAM
scsibus0 at mfi0: 1 targets
sd0 at scsibus0 targ 0 lun 0: DELL, PERC 5/i, 1.03 SCSI3 0/direct
fixed
sd0: 69376MB, 69376 cyl, 64 head, 32 sec, 512 bytes/sec, 142082048 sec
total
ppb8 at pci7 dev 0 function 2 Intel IOP333 PCIE-PCIX rev 0x00
pci9 at ppb8 bus 3
ppb9 at pci0 dev 4 function 0 Intel 5000 PCIE rev 0x12
pci10 at ppb9 bus 12
ppb10 at pci10 dev 0 function 0 vendor IDT, unknown product 0x8018  
rev

0x04
pci11 at ppb10 bus 13
ppb11 at pci11 dev 0 function 0 vendor IDT, unknown product 0x8018  
rev

0x04
pci12 at ppb11 bus 14
em0 at pci12 dev 0 function 0 Intel PRO/1000 QP (82571EB) rev 0x06:
irq 5, address 00:15:17:3e:c8:dc
em1 at pci12 dev 0 function 1 Intel PRO/1000 QP (82571EB) rev 0x06:
irq 11, address 00:15:17:3e:c8:dd
ppb12 at pci11 dev 1 function 0 vendor IDT, unknown product 0x8018  
rev

0x04
pci13 at ppb12 bus 15
em2 at pci13 dev 0 function 0 Intel PRO/1000 QP (82571EB) rev 0x06:
irq 11, address 00:15:17:3e:c8:de
em3 at pci13 dev 0 function 1 Intel PRO/1000 QP (82571EB) rev 0x06:
irq 6, address 00:15:17:3e:c8:df
ppb13 at pci0 dev 5 function 0 Intel 5000 PCIE rev 0x12
pci14 at ppb13 bus 16
ppb14 at pci0 dev 6 function 0 Intel 5000 PCIE rev 0x12
pci15 at ppb14 bus 17
ppb15 at pci15 dev 0 function 0 vendor IDT, unknown product 0x8018  
rev

0x04
pci16 at ppb15 bus 18
ppb16 at pci16 dev 0 function 0 vendor IDT, unknown product 0x8018  
rev

0x04
pci17 at ppb16 bus 19
em4 at pci17 dev 0 function 0 Intel PRO/1000 QP (82571EB) rev 0x06:
irq 5, address 00:15:17:3e:c6:0c
em5 at pci17 dev 0 function 1 Intel PRO/1000 QP (82571EB) 

Re: FTP Access problem?

[Chris Bennett]

OK,
I figured this out for myself. Wasn't sure which logfile to look at. Is 
in /var/log/xferlog. So this is what an access attempt looks like.

Sorry for the noise.
Chris

Chris Bennett wrote:

I just found the following doing ps -auxw:

root 10526  0.0  0.2   500  1052 ??  S  6:19PM0:00.01 
ftpd: zeus.eanet.cz: [priv pre-auth] (ftpd)
_ftp 10361  0.0  0.2   504   924 ??  S  6:19PM0:00.00 
ftpd: zeus.eanet.cz: connected: USER admin (ftpd)
root 27896  0.0  0.2   500  1052 ??  S  6:19PM0:00.01 
ftpd: zeus.eanet.cz: [priv pre-auth] (ftpd)
_ftp   253  0.0  0.2   504   928 ??  S  6:19PM0:00.00 
ftpd: zeus.eanet.cz: connected: USER admin (ftpd)


What should I make of this? I immediately killed ftpd. Is this a 
successful break-in or just an attempt?

I will be carefully looking around the system right now.
Chris

Re: fun with ktrace, gdb, usb devices, and umsm(4)

[Aaron Glenn]

On Tue, May 13, 2008 at 5:56 AM, Stuart Henderson [EMAIL PROTECTED] wrote:

  I don't know if this is useful or a red herring, but when this id was
  added to Linux, they also added code which ensures that the device
  is turned on when inserted into the system. They use it for all
  devices supported by the driver, they don't match to any particular
  device. http://lkml.org/lkml/2007/1/17/188

  Looking at usb_control_msg details on http://tinyurl.com/539896 and
  this from the above diff:

  +   __u16 set_mode_dzero = 0x;
  ...
  +   /*set mode to D0 */
  +   result = usb_control_msg(serial-dev,
  +   usb_rcvctrlpipe(serial-dev, 0),
  +   
 0x00,0x40,set_mode_dzero,0,NULL,0,USB_CTRL_SET_TIMEOUT);
   `value---' | `data
 request- -request type   `index

  I baked the somewhat random diff below, if it doesn't help I don't
  know where else to look, and if it does help count me quite surprised!
  It does at least compile :)

It might? I'm not quite sure how it works (haha, there's the first
problem, right?); however it is embedded in the machine...however it
does need to be turned on. At least, thats how the VZAccess Manager
software in Windows works (the power light for the modem is off when
disconnected). I'll definitely try it out.


   In a vain attempt to school myself, I've tried to ktrace and gdb my
   way into figuring out why I can't get this card to work. Doing a cu
   -l /dev/cuaU0 -swhatever ends in a hard lock.

  I am no kernel wizard but if it's hanging in the kernel, that
  behaviour seems reasonable. There are other ways, but the simplest
  is probably to sprinkle some printf..

Well that's my ultimate question -- how do I debug this? And in this
case, if it is a sprinkling of printf, where do they go? I'm trying to
do this with as minimal hand holding as possible -- really want to
learn this stuff. I can only read usb(4) so many times.


  Index: umsm.c
  ===
  RCS file: /cvs/src/sys/dev/usb/umsm.c,v
  retrieving revision 1.25
  diff -u -p -r1.25 umsm.c
  --- umsm.c  12 May 2008 12:24:43 -  1.25
  +++ umsm.c  13 May 2008 12:15:04 -
  @@ -45,11 +45,14 @@ int umsmdebug = 1;

   #define DPRINTF(x) DPRINTFN(0, x)

  -
   #define UMSMBUFSZ  4096
   #defineUMSM_INTR_INTERVAL  100 /* ms */
  +
   #define E220_MODE_CHANGE_REQUEST 0x2

  +#define UMSM_SET_POWER_REQUEST 0x0
  +#define UMSM_POWER_MODE_D0 0x
  +
   int umsm_match(struct device *, void *, void *);
   void umsm_attach(struct device *, struct device *, void *);
   int umsm_detach(struct device *, int);
  @@ -61,6 +64,7 @@ void umsm_intr(usbd_xfer_handle, usbd_pr
   void umsm_get_status(void *, int, u_char *, u_char *);

   usbd_status umsm_e220_changemode(usbd_device_handle);
  +usbd_status umsm_set_power_dzero(usbd_device_handle);

   struct umsm_softc {
 struct devicesc_dev;
  @@ -180,6 +184,7 @@ umsm_attach(struct device *parent, struc
 sc-sc_udev = uaa-device;
 sc-sc_iface = uaa-iface;

  +   umsm_set_power_dzero(uaa-device);
 id = usbd_get_interface_descriptor(sc-sc_iface);

 if (id == NULL || id-bInterfaceClass == UICLASS_MASS) {
  @@ -391,6 +396,25 @@ umsm_e220_changemode(usbd_device_handle

 err = usbd_do_request(dev, req, 0);
 if (err)
  +   return (EIO);
  +
  +   return (0);
  +}
  +
  +usbd_status
  +umsm_set_power_dzero(usbd_device_handle dev)
  +{
  +   usb_device_request_t req;
  +   usbd_status err;
  +
  +   req.bmRequestType = UT_VENDOR;
  +   req.bRequest = UMSM_SET_POWER_REQUEST;
  +   USETW(req.wValue, UMSM_POWER_MODE_D0);
  +   USETW(req.wIndex, 0);
  +   USETW(req.wLength, 0);
  +
  +   err = usbd_do_request(dev, req, 0);
  +   if (err)
 return (EIO);

 return (0);

Appreciate it -- I'll try it out.


aaron.glenn

All memory not recognized (4GB) - AMD64 Snapshot, Macbook 3,1

[alemao]

Hi,

I installed OpenBSD/amd64 snapshot on a Macbook 3,1 (Late 2007).
It recognizes both processors but not all memory (3GB instead of 4).
There's something i can do?

Thanks,

OpenBSD 4.3-current (GENERIC.MP) #1660: Fri May  2 03:17:51 MDT 2008
[EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 3184078848 (3036MB)
avail mem = 3076120576 (2933MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe (43 entries)
bios0: vendor Apple Inc. version MB31.88Z.008E.B02.0803051832 date 03/05/08
bios0: Apple Inc. MacBook3,1
acpi0 at bios0: rev 0
acpi0: tables DSDT FACP HPET APIC MCFG ASF! SBST ECDT SSDT SSDT SSDT SSDT SSDT
acpi0: wakeup devices ADP1(S3) LID0(S3) ARPT(S3) GIGE(S3) UHC1(S3)
UHC2(S3) UHC3(S3) UHC4(S3) UHC5(S3) EHC1(S3) EHC2(S3) EC__(S3)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz, 1995.38 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR,NXE,LONG
cpu0: 4MB 64b/line 16-way L2 cache
cpu0: apic clock running at 199MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz, 1995.00 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR,NXE,LONG
cpu1: 4MB 64b/line 16-way L2 cache
ioapic0 at mainbus0 apid 1 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 1
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 2 (RP05)
acpiprt2 at acpi0: bus 3 (RP06)
acpiprt3 at acpi0: bus 4 (PCIB)
acpiec0 at acpi0
acpicpu0 at acpi0: C3, C2
acpicpu1 at acpi0: C3, C2
acpiac0 at acpi0: AC unit offline
acpibtn0 at acpi0: LID0
acpibtn1 at acpi0: PWRB
acpibtn2 at acpi0: SLPB
acpibat0 at acpi0: BAT0 model AS type LI oem DP
cpu0: unknown Enhanced SpeedStep CPU, msr 0x06170a2b06000a2b
cpu0: using only highest and lowest power states
cpu0: Enhanced SpeedStep 2000 MHz (1388 mV): speeds: 2000, 1200 MHz
pci0 at mainbus0 bus 0: configuration mode 1
pchb0 at pci0 dev 0 function 0 Intel GM965 Host rev 0x03
vga1 at pci0 dev 2 function 0 Intel GM965 Video rev 0x03
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
agp0 at vga1: aperture at 0xc000, size 0x1000
Intel GM965 Video rev 0x03 at pci0 dev 2 function 1 not configured
uhci0 at pci0 dev 26 function 0 Intel 82801H USB rev 0x03: apic 1
int 20 (irq 10)
uhci1 at pci0 dev 26 function 1 Intel 82801H USB rev 0x03: apic 1
int 16 (irq 11)
ehci0 at pci0 dev 26 function 7 Intel 82801H USB rev 0x03: apic 1
int 21 (irq 9)
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1
azalia0 at pci0 dev 27 function 0 Intel 82801H HD Audio rev 0x03:
apic 1 int 20 (irq 10)
azalia0: codec[s]: Realtek/0x0885
audio0 at azalia0
ppb0 at pci0 dev 28 function 0 Intel 82801H PCIE rev 0x03: apic 1
int 16 (irq 255)
pci1 at ppb0 bus 1
ppb1 at pci0 dev 28 function 4 Intel 82801H PCIE rev 0x03: apic 1
int 16 (irq 255)
pci2 at ppb1 bus 2
Broadcom BCM4328 rev 0x03 at pci2 dev 0 function 0 not configured
ppb2 at pci0 dev 28 function 5 Intel 82801H PCIE rev 0x03: apic 1
int 17 (irq 255)
pci3 at ppb2 bus 3
mskc0 at pci3 dev 0 function 0 Marvell Yukon 88E8058 rev 0x13,
Yukon-2 EC Ultra (0x3): apic 1 int 17 (irq 7)
msk0 at mskc0 port A: address 00:1b:63:ac:a3:ca
eephy0 at msk0 phy 0: Marvell 88E1149 Gigabit PHY, rev. 1
uhci2 at pci0 dev 29 function 0 Intel 82801H USB rev 0x03: apic 1
int 16 (irq 11)
uhci3 at pci0 dev 29 function 1 Intel 82801H USB rev 0x03: apic 1
int 18 (irq 5)
uhci4 at pci0 dev 29 function 2 Intel 82801H USB rev 0x03: apic 1
int 21 (irq 9)
ehci1 at pci0 dev 29 function 7 Intel 82801H USB rev 0x03: apic 1
int 20 (irq 10)
usb1 at ehci1: USB revision 2.0
uhub1 at usb1 Intel EHCI root hub rev 2.00/1.00 addr 1
ppb3 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0xf3
pci4 at ppb3 bus 4
ATT/Lucent FW322 1394 rev 0x61 at pci4 dev 3 function 0 not configured
pcib0 at pci0 dev 31 function 0 Intel 82801HBM LPC rev 0x03
pciide0 at pci0 dev 31 function 1 Intel 82801HBM IDE rev 0x03: DMA,
channel 0 configured to compatibility, channel 1 configured to
compatibility
atapiscsi0 at pciide0 channel 0 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: MATSHITA, CD-RW CW-8221, GA0K ATAPI
5/cdrom removable
cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 disabled (no drives)
pciide1 at pci0 dev 31 function 2 Intel 82801HBM SATA rev 0x03: DMA,
channel 0 configured to native-PCI, channel 1 configured to native-PCI
pciide1: using apic 1 int 18 (irq 5) for native-PCI interrupt
wd0 at pciide1 channel 0 drive 0: Hitachi HTS542580K9SA00
wd0: 16-sector PIO, LBA48, 76319MB, 

Re: security fixes for packages

[Fabio Almeida]

I've used OpenBSD-RELEASE +patches a long time on my Desktop, and
servers of course...
Besides the fact that inevitable, after some time a couple of software
gets outdated, I feel a lot more secure with my outdated OpenBSD than
with any Linux out there on the bleeding edge of software versions.

I've no intention to blame Linux since I'm a Linux user too, but
OpenBSD is OpenBSD the others are others...

And after all, you have the option to download Firefox or whatever
software sources an build it yourself, it's not that hard.

If you are concerned of having the latest version of everything you
can try Gentoo Linux, I'm sure noone here will blame you, it's your
choice.

Among all, I just prefer OpenBSD, and every night I prey the Lord to
bless OpenBSD developers

Fabio Almeida