Re: Is nVidia ION 2 compatible with Openbsd 7.2?

[Claus Assmann]

> Have trouble to make my Xorg work with a decent speed.
> The machine has nVidia ION 2 graphics card which has a GT218 GPU.

AFAIR nVidia cards are not well supported by Xorg anymore - you
might want to search the mailing list archive for details.

I bought some (used/old) ATi cards instead, e.g.,
ATI Radeon HD 7350, HD 3450, X1550
which work fairly well (at least for my purposes).

-- 
Address is valid for this mailing list only, please do not reply
to it directly, but to the list.

Re: Use daily(8), weekly(8), or monthly(8) but read less mail

[Claus Assmann]

On Sun, Dec 25, 2022, Ibsen S Ripsbusker wrote:

> ... want
> to read reports only when something failed?

Use a mail filter.

#!/bin/sh
# filter (in)security mails:
# if it's only this: return 1 which causes the mail to be discarded
egrep -v '^(Running security|Checking the /etc/master.passwd file)' "$@"

-- 
Address is valid for this mailing list only, please do not reply
to it directly, but to the list.

Re: some graphics (firmware?) problems

[Claus Assmann]

On Mon, Feb 21, 2022, Jonathan Gray wrote:

> No, it is not firmware.  But I'd need to see a dmesg with inteldrm
> enabled to comment further.  In -current there is a different version of

That should be this one:

OpenBSD 7.0 (GENERIC) #224: Thu Sep 30 14:13:34 MDT 2021
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC
real mem = 4200103936 (4005MB)
avail mem = 4056879104 (3868MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe3c30 (38 entries)
bios0: vendor Intel Corp. version "CO96510J.86A.5773.2007.0206.0046" date 
02/06/2007
bios0: Intel Corporation DQ965GF
acpi0 at bios0: ACPI 1.0
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC WDDT MCFG ASF! SSDT SSDT SSDT SSDT SSDT TCPA
acpi0: wakeup devices SLPB(S4) P32_(S4) ILAN(S4) PEGP(S4) PEX0(S4) PEX1(S4) 
PEX2(S4) PEX3(S4) PEX4(S4) PEX5(S4) UHC1(S3) UHC2(S3) UHC3(S3) UHC4(S3) 
EHCI(S3) EHC2(S3) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz, 2397.96 MHz, 06-0f-06
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG,LAHF,PERF,SENSOR,MELTDOWN
cpu0: 4MB 64b/line 16-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 266MHz
cpu0: mwait min=64, max=64, C-substates=0.2, IBE
cpu at mainbus0: not configured
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins, remapped
acpimcfg0 at acpi0
acpimcfg0: addr 0xf000, bus 0-127
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 6 (P32_)
acpiprt2 at acpi0: bus 1 (PEX0)
acpiprt3 at acpi0: bus 2 (PEX1)
acpiprt4 at acpi0: bus 3 (PEX2)
acpiprt5 at acpi0: bus 4 (PEX3)
acpiprt6 at acpi0: bus 5 (PEX4)
acpiprt7 at acpi0: bus -1 (PEX5)
acpibtn0 at acpi0: SLPB
acpipci0 at acpi0 PCI0
acpicmos0 at acpi0
"PNP0003" at acpi0 not configured
acpicpu0 at acpi0: C1(@1 halt!), PSS
cpu0: Enhanced SpeedStep 2397 MHz: speeds: 2394, 1596 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel 82Q965 Host" rev 0x02
inteldrm0 at pci0 dev 2 function 0 "Intel 82Q965 Video" rev 0x02
drm0 at inteldrm0
intagp0 at inteldrm0
agp0 at intagp0: aperture at 0xd000, size 0x1000
inteldrm0: apic 2 int 16, I965G, gen 4
"Intel 82Q965 HECI" rev 0x02 at pci0 dev 3 function 0 not configured
pciide0 at pci0 dev 3 function 2 "Intel 82Q965 PT IDER" rev 0x02: DMA 
(unsupported), channel 0 wired to native-PCI, channel 1 wired to native-PCI
pciide0: using apic 2 int 18 for native-PCI interrupt
pciide0: channel 0 ignored (not responding; disabled or no drives?)
pciide0: channel 1 ignored (not responding; disabled or no drives?)
puc0 at pci0 dev 3 function 3 "Intel 82Q965 KT" rev 0x02: ports: 16 com
com4 at puc0 port 0 apic 2 int 17: ns16550a, 16 byte fifo
com4: probed fifo depth: 15 bytes
em0 at pci0 dev 25 function 0 "Intel ICH8 IGP AMT" rev 0x02: apic 2 int 20, 
address 00:19:d1:60:86:04
uhci0 at pci0 dev 26 function 0 "Intel 82801H USB" rev 0x02: apic 2 int 16
uhci1 at pci0 dev 26 function 1 "Intel 82801H USB" rev 0x02: apic 2 int 21
ehci0 at pci0 dev 26 function 7 "Intel 82801H USB" rev 0x02: apic 2 int 18
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00 
addr 1
azalia0 at pci0 dev 27 function 0 "Intel 82801H HD Audio" rev 0x02: apic 2 int 
22
azalia0: codecs: Sigmatel STAC9227X
audio0 at azalia0
ppb0 at pci0 dev 28 function 0 "Intel 82801H PCIE" rev 0x02: apic 2 int 17
pci1 at ppb0 bus 1
ppb1 at pci0 dev 28 function 1 "Intel 82801H PCIE" rev 0x02: apic 2 int 16
pci2 at ppb1 bus 2
pciide1 at pci2 dev 0 function 0 "Marvell 88SE6101 IDE" rev 0xb1: DMA 
(unsupported), channel 0 configured to native-PCI, channel 1 configured to 
native-PCI
pciide1: using apic 2 int 17 for native-PCI interrupt
pciide1: channel 0 ignored (not responding; disabled or no drives?)
pciide1: channel 1 ignored (not responding; disabled or no drives?)
ppb2 at pci0 dev 28 function 2 "Intel 82801H PCIE" rev 0x02: apic 2 int 18
pci3 at ppb2 bus 3
ppb3 at pci0 dev 28 function 3 "Intel 82801H PCIE" rev 0x02: apic 2 int 19
pci4 at ppb3 bus 4
ppb4 at pci0 dev 28 function 4 "Intel 82801H PCIE" rev 0x02: apic 2 int 17
pci5 at ppb4 bus 5
uhci2 at pci0 dev 29 function 0 "Intel 82801H USB" rev 0x02: apic 2 int 23
uhci3 at pci0 dev 29 function 1 "Intel 82801H USB" rev 0x02: apic 2 int 19
uhci4 at pci0 dev 29 function 2 "Intel 82801H USB" rev 0x02: apic 2 int 18
ehci1 at pci0 dev 29 function 7 "Intel 82801H USB" rev 0x02: apic 2 int 23
usb1 at ehci1: USB revision 2.0
uhub1 at usb1 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00 
addr 1
ppb5 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0xf2
pci6 at ppb5 bus 6
re0 at pci6 

some graphics (firmware?) problems

[Claus Assmann]

Yesterday the monitor on my OpenBSD 7.0 box went blank twice while
using firefox. Later on I found these entries in the log:

Feb 19 10:17:38 vxrs /bsd: drm:pid11842:intel_gt_reset *NOTICE* [drm] Resetting 
chip for context closure in firefox<11842>
Feb 19 11:06:10 vxrs /bsd: drm:pid1527:intel_gt_reset *NOTICE* [drm] Resetting 
chip for context closure in firefox<1527>

According to some posting the firmware has to be updated, but AFAICT
that requires to update the OS to a snapshot (i.e., I cannot install
the newer firmware on 7.0 and expect it to work?), hence it's not a
good solution for me right now.

Instead I added an ATI Radeon HD3450 256MB Dual DVI graphics card,
but that didn't work so well either.

radeondrm0: RV620
drm:pid0:r600_init *ERROR* Expecting atombios for R600 GPU
drm:pid0:radeondrm_attachhook *ERROR* Fatal error during GPU init
[TTM] Memory type 2 has not been initialized
drm0 detached
radeondrm0 detached
and hence X didn't find the right driver (?).
There was something in the archives about this back in 2019:
  xserver problem with 1.19.7->1.20.5
so this doesn't seem to apply to OpenBSD 7.0 (Xorg 1.20.13)?

I guess that card is not supported (at all)?


dmesg and Xorg log follow (the latter has been shortened because
it was very long, there does not seem to be anything relevant to
this problem after the last "EE").

==
OpenBSD 7.0 (GENERIC) #224: Thu Sep 30 14:13:34 MDT 2021
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC
real mem = 4208492544 (4013MB)
avail mem = 4065021952 (3876MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe3c30 (38 entries)
bios0: vendor Intel Corp. version "CO96510J.86A.5773.2007.0206.0046" date 
02/06/2007
bios0: Intel Corporation DQ965GF
acpi0 at bios0: ACPI 1.0
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC WDDT MCFG ASF! SSDT SSDT SSDT SSDT SSDT TCPA
acpi0: wakeup devices SLPB(S4) P32_(S4) ILAN(S4) PEGP(S4) PEX0(S4) PEX1(S4) 
PEX2(S4) PEX3(S4) PEX4(S4) PEX5(S4) UHC1(S3) UHC2(S3) UHC3(S3) UHC4(S3) 
EHCI(S3) EHC2(S3) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz, 2397.94 MHz, 06-0f-06
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG,LAHF,PERF,SENSOR,MELTDOWN
cpu0: 4MB 64b/line 16-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 266MHz
cpu0: mwait min=64, max=64, C-substates=0.2, IBE
cpu at mainbus0: not configured
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins, remapped
acpimcfg0 at acpi0
acpimcfg0: addr 0xf000, bus 0-127
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 7 (P32_)
acpiprt2 at acpi0: bus 2 (PEX0)
acpiprt3 at acpi0: bus 3 (PEX1)
acpiprt4 at acpi0: bus 4 (PEX2)
acpiprt5 at acpi0: bus 5 (PEX3)
acpiprt6 at acpi0: bus 6 (PEX4)
acpiprt7 at acpi0: bus -1 (PEX5)
acpibtn0 at acpi0: SLPB
acpipci0 at acpi0 PCI0
acpicmos0 at acpi0
"PNP0003" at acpi0 not configured
acpicpu0 at acpi0: C1(@1 halt!), PSS
cpu0: Enhanced SpeedStep 2397 MHz: speeds: 2394, 1596 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel 82Q965 Host" rev 0x02
ppb0 at pci0 dev 1 function 0 "Intel 82Q965 PCIE" rev 0x02: apic 2 int 16
pci1 at ppb0 bus 1
1:0:0: rom address conflict 0xfffe/0x2
radeondrm0 at pci1 dev 0 function 0 "ATI Radeon HD 3450" rev 0x00
drm0 at radeondrm0
radeondrm0: apic 2 int 16
azalia0 at pci1 dev 0 function 1 "ATI Radeon HD 34xx HD Audio" rev 0x00: apic 2 
int 17
azalia0: no supported codecs
"Intel 82Q965 HECI" rev 0x02 at pci0 dev 3 function 0 not configured
pciide0 at pci0 dev 3 function 2 "Intel 82Q965 PT IDER" rev 0x02: DMA 
(unsupported), channel 0 wired to native-PCI, channel 1 wired to native-PCI
pciide0: using apic 2 int 18 for native-PCI interrupt
pciide0: channel 0 ignored (not responding; disabled or no drives?)
pciide0: channel 1 ignored (not responding; disabled or no drives?)
puc0 at pci0 dev 3 function 3 "Intel 82Q965 KT" rev 0x02: ports: 16 com
com4 at puc0 port 0 apic 2 int 17: ns16550a, 16 byte fifo
com4: probed fifo depth: 15 bytes
em0 at pci0 dev 25 function 0 "Intel ICH8 IGP AMT" rev 0x02: apic 2 int 20, 
address 00:19:d1:60:86:04
uhci0 at pci0 dev 26 function 0 "Intel 82801H USB" rev 0x02: apic 2 int 16
uhci1 at pci0 dev 26 function 1 "Intel 82801H USB" rev 0x02: apic 2 int 21
ehci0 at pci0 dev 26 function 7 "Intel 82801H USB" rev 0x02: apic 2 int 18
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00 
addr 1
azalia1 at pci0 dev 27 function 0 "Intel 82801H HD Audio" rev 0x02: apic 2 int 
22

Re: rspamd and empty "mail from" header

[Claus Assmann]

On Fri, Feb 18, 2022, kasak wrote:

> But, is this correct behavior of "mail from" header? Maybe the header

What is a ``"mail from" header''?
Do you mean the mail header
From: 
or are you referring to the SMTP MAIL command
MAIL From:

> should have "<>" in it?

You can check the fine RFCs (e.g., 5322 for headers, 5321 for SMTP)
-- AFAICT an empty address is not valid for the "From:" header
and certainly not for the MAIL command.

-- 
Address is valid for this mailing list only, please do not reply
to it directly, but to the list.

Re: How to properly set up OpenMDNS

[Claus Assmann]

> > 2. I was trying to set up a LAN-only smtpd server on OpenBSD, but 
> > sendmail on my mac doesn't seem to be able to resolve OpenBSD's name

> I guess that sendmail is probably doing DNS lookups directly rather
> than hostname lookups so probably not converted to MDNS.

sendmail requires DNS for MX lookups (which can be disabled), but
otherwise it can be configured to use different services.

See
   2.5.  The Service Switch
in doc/op.*

-- 
Address is valid for this mailing list only, please do not reply
to that address, but to the list.

Re: route one port via a specific host (both directions)

[Claus Assmann]

On Fri, Dec 10, 2021, Michael Hekeler wrote:
> Am 10.12.21 08:49 schrieb Claus Assmann:
> > I am trying to run an SMTP server on a dynamic IP address

> Running a smtp server on dynamic IP is just asking for troubles.

That's why I want to run the server behind a static IP -- as my
mail explained...

-- 
Address is valid for this mailing list only, please do not reply
to it directly, but to the list.

route one port via a specific host (both directions)

[Claus Assmann]

I am trying to run an SMTP server on a dynamic IP address
(and maybe other services later on, e.g., DNS or HTTP)

For this, I would like to redirect traffic via a host (STATIC) which
has a static IP address to/from the host (DYNAMIC) with the dynamic IP
address.

To route the port incoming it seems I can use:
DYNAMIC$ ssh -o ExitOnForwardFailure=yes -N -R 25:localhost:25 STATIC

This also has the advantage that the routing is only active
as long as DYNAMIC is up and running with the same IP.

So far I haven't found a way to route outgoing SMTP from DYNAMIC
via STATIC; I don't want to send mail directly from DYNAMIC as many
MTAs block traffic from dynamic IPs.

What is a good way to do this?
Could route with -T table option or
one of pf features rdr-to or nat-to be used?
Since DYNAMIC is behind some gateway and has only a local IP address
provided by DHCP this doesn't seem to be possible?
Moreover, the routing needs to be disabled whenever DYNAMIC is
"down" (to avoid potential abuse by whatever host is getting the
IP address DYNAMIC had).

I hope this makes sense - maybe I'm missing some simple solution?

PS: I could use SMTP relaying: run an MTA on STATIC but then the
mail could get queued there (which I want to avoid for many reasons).
-- 
Address is valid for this mailing list only, please do not reply
to it directly, but to the list.

Re: cd*.iso reboot loop (vultr, Skylake AVX MDS)

[Claus Assmann]

Just in case someone is wondering: vultr moved the VM to a different
server, the system is up and running again.
BTW: I guess I can ignore this:
fd0 at fdc0 drive 1: density unknown


OpenBSD 6.9 (GENERIC) #464: Mon Apr 19 10:28:56 MDT 2021
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC
real mem = 1056813056 (1007MB)
avail mem = 1009561600 (962MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xf5940 (9 entries)
bios0: vendor Vultr
bios0: Vultr VC2
acpi0 at bios0: ACPI 1.0
acpi0: sleep states S3 S4 S5
acpi0: tables DSDT FACP APIC HPET WAET
acpi0: wakeup devices
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Virtual CPU 6db7dc0e7704, 2993.33 MHz, 06-5e-03
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,PCLMUL,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,RDTSCP,LONG,LAHF,ABM,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,IBRS,IBPB,SSBD,ARAT,XSAVEOPT,MELTDOWN
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 
16-way L2 cache
cpu0: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
cpu0: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 1000MHz
ioapic0 at mainbus0: apid 0 pa 0xfec0, version 11, 24 pins
acpihpet0 at acpi0: 1 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
"ACPI0006" at acpi0 not configured
acpipci0 at acpi0 PCI0
acpicmos0 at acpi0
"PNP0A06" at acpi0 not configured
"PNP0A06" at acpi0 not configured
"PNP0A06" at acpi0 not configured
"QEMU0002" at acpi0 not configured
"ACPI0010" at acpi0 not configured
acpicpu0 at acpi0: C1(@1 halt!)
cpu0: using Skylake AVX MDS workaround
pvbus0 at mainbus0: KVM
pvclock0 at pvbus0
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02
pcib0 at pci0 dev 1 function 0 "Intel 82371SB ISA" rev 0x00
pciide0 at pci0 dev 1 function 1 "Intel 82371SB IDE" rev 0x00: DMA, channel 0 
wired to compatibility, channel 1 wired to compatibility
pciide0: channel 0 disabled (no drives)
atapiscsi0 at pciide0 channel 1 drive 0
scsibus1 at atapiscsi0: 2 targets
cd0 at scsibus1 targ 0 lun 0:  removable
cd0(pciide0:1:0): using PIO mode 4, DMA mode 2
uhci0 at pci0 dev 1 function 2 "Intel 82371SB USB" rev 0x01: apic 0 int 11
piixpm0 at pci0 dev 1 function 3 "Intel 82371AB Power" rev 0x03: apic 0 int 9
iic0 at piixpm0
vga1 at pci0 dev 2 function 0 "Cirrus Logic CL-GD5446" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
virtio0 at pci0 dev 3 function 0 "Qumranet Virtio Network" rev 0x00
vio0 at virtio0: address 56:00:03:1a:c3:11
virtio0: msix shared
virtio1 at pci0 dev 4 function 0 "Qumranet Virtio Storage" rev 0x00
vioblk0 at virtio1
scsibus2 at vioblk0: 1 targets
sd0 at scsibus2 targ 0 lun 0: 
sd0: 25600MB, 512 bytes/sector, 52428800 sectors
virtio1: msix shared
virtio2 at pci0 dev 5 function 0 "Qumranet Virtio Memory Balloon" rev 0x00
viomb0 at virtio2
virtio2: apic 0 int 10
virtio3 at pci0 dev 6 function 0 "Qumranet Virtio RNG" rev 0x00
viornd0 at virtio3
virtio3: apic 0 int 10
isa0 at pcib0
isadma0 at isa0
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
usb0 at uhci0: USB revision 1.0
uhub0 at usb0 configuration 1 interface 0 "Intel UHCI root hub" rev 1.00/1.00 
addr 1
uhidev0 at uhub0 port 1 configuration 1 interface 0 "QEMU QEMU USB Tablet" rev 
2.00/0.00 addr 2
uhidev0: iclass 3/0
ums0 at uhidev0: 3 buttons, Z dir
wsmouse1 at ums0 mux 0
vscsi0 at root
scsibus3 at vscsi0: 256 targets
softraid0 at root
scsibus4 at softraid0: 256 targets
root on sd0a (6bd47bbc8137acde.a) swap on sd0b dump on sd0b
fd0 at fdc0 drive 1: density unknown

-- 
Address is valid for this mailing list only, please do not reply
to it direcly, but to the list.

cd*.iso reboot loop (vultr, Skylake AVX MDS)

[Claus Assmann]

My vultr OpenBSD 6.8 instance crashed and when it tried to reboot it
failed at:

root on sd0a (...)
WARNING: / was not properly unmounted
kernel: privileged instruction fault trap, code=0
mds_handler_skl_avx+0x33:  clflush __ALIGN_SIZE+0x500(%rid,%rax,8)


I tried to boot from cd{68,69,70}iso but all of them "fail", i.e.,
they start to boot, show some messages, and then get to the boot
prompt again. Unfortunately the screen is cleared so I'm not sure
what the last message was, but it seems to be similar as above.

Unfortunately I don't have a previous dmesg from the system but I
have a different vultr instance which runs fine (see dmesg below)

I noticed at least one difference however:
the crashing system shows
Using Skylake AVX MDS workaround
which might be something related to the function mentioned above?

Is this workaround something that could be turned off to see whether
it causes the problem?
The weird thing is that OpenBSD 6.8 was installed fine
(11 months ago), so I don't understand why this problem happens now
(could vultr have changed something in the underlying system?)



OpenBSD 7.0 (GENERIC) #224: Thu Sep 30 14:13:34 MDT 2021
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC
real mem = 1056817152 (1007MB)
avail mem = 1008914432 (962MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xf5950 (9 entries)
bios0: vendor Vultr
bios0: Vultr VC2
acpi0 at bios0: ACPI 3.0
acpi0: sleep states S3 S4 S5
acpi0: tables DSDT FACP APIC HPET MCFG WAET
acpi0: wakeup devices
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel Core Processor (Broadwell, no TSX, IBRS), 2394.77 MHz, 06-3d-02
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,PCLMUL,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,RDTSCP,LONG,LAHF,ABM,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,IBRS,IBPB,SSBD,ARAT,XSAVEOPT,MELTDOWN
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 
16-way L2 cache
cpu0: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
cpu0: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 1000MHz
ioapic0 at mainbus0: apid 0 pa 0xfec0, version 11, 24 pins
acpihpet0 at acpi0: 1 Hz
acpimcfg0 at acpi0
acpimcfg0: addr 0xb000, bus 0-255
acpiprt0 at acpi0: bus 0 (PCI0)
"ACPI0006" at acpi0 not configured
acpipci0 at acpi0 PCI0: 0x 0x0011 0x0001
acpicmos0 at acpi0
"PNP0A06" at acpi0 not configured
"PNP0A06" at acpi0 not configured
"QEMU0002" at acpi0 not configured
"ACPI0010" at acpi0 not configured
acpicpu0 at acpi0: C1(@1 halt!)
cpu0: using Broadwell MDS workaround
pvbus0 at mainbus0: KVM
pvclock0 at pvbus0
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel 82G33 Host" rev 0x00
vga1 at pci0 dev 1 function 0 "Cirrus Logic CL-GD5446" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ppb0 at pci0 dev 2 function 0 vendor "Red Hat", unknown product 0x000c rev 
0x00: apic 0 int 22
pci1 at ppb0 bus 1
virtio0 at pci1 dev 0 function 0 "Qumranet Virtio 1.x Network" rev 0x01
vio0 at virtio0: address 56:00:03:98:50:6e
virtio0: msix shared
ppb1 at pci0 dev 2 function 1 vendor "Red Hat", unknown product 0x000c rev 
0x00: apic 0 int 22
pci2 at ppb1 bus 2
xhci0 at pci2 dev 0 function 0 vendor "Red Hat", unknown product 0x000d rev 
0x01: apic 0 int 22, xHCI 0.0
usb0 at xhci0: USB revision 3.0
uhub0 at usb0 configuration 1 interface 0 "Red Hat xHCI root hub" rev 3.00/1.00 
addr 1
ppb2 at pci0 dev 2 function 2 vendor "Red Hat", unknown product 0x000c rev 
0x00: apic 0 int 22
pci3 at ppb2 bus 3
virtio1 at pci3 dev 0 function 0 "Qumranet Virtio 1.x Storage" rev 0x01
vioblk0 at virtio1
scsibus1 at vioblk0: 1 targets
sd0 at scsibus1 targ 0 lun 0: 
sd0: 25600MB, 512 bytes/sector, 52428800 sectors
virtio1: msix shared
ppb3 at pci0 dev 2 function 3 vendor "Red Hat", unknown product 0x000c rev 
0x00: apic 0 int 22
pci4 at ppb3 bus 4
virtio2 at pci4 dev 0 function 0 vendor "Qumranet", unknown product 0x1045 rev 
0x01
viomb0 at virtio2
virtio2: apic 0 int 22
ppb4 at pci0 dev 2 function 4 vendor "Red Hat", unknown product 0x000c rev 
0x00: apic 0 int 22
pci5 at ppb4 bus 5
virtio3 at pci5 dev 0 function 0 "Qumranet Virtio 1.x RNG" rev 0x01
viornd0 at virtio3
virtio3: apic 0 int 22
ppb5 at pci0 dev 2 function 5 vendor "Red Hat", unknown product 0x000c rev 
0x00: apic 0 int 22
pci6 at ppb5 bus 6
ppb6 at pci0 dev 2 function 6 vendor "Red Hat", unknown product 0x000c rev 
0x00: apic 0 int 22
pci7 at ppb6 bus 7
ppb7 at pci0 dev 2 function 7 vendor "Red Hat", unknown product 0x000c 

nvidia graphics cards: one ok, two slow: how to determine for others?

[Claus Assmann]

The graphics card in my PC broke (no "signal" after a few minutes)
It is an NVIDIA GeForce 7100 GS. I replaced it with an NVIDIA
GeForce GT 240 which I found in my "stock". But with this card I
get the very slow scrolling under X again (which I posted about
with a different card before: NVIDIA GeForce 8500 GT).
So this is a bit confusing: why is a GeForce 7100 GS fine, while
the other two are "bad"?
I know I should buy an ATI card, but that's not available here.
I could get a Geforce GT 710 2GB but without knowing whether
it will be another "slow scrolling" card I don't want to waste
100 EUR (!) on it. Does someone have experience with this card?

It seems buying a "new" PC is also not a good option right now
(barely anything is available or only with very high prices).

-- 
Address is valid for this mailing list only, please do not reply
to it direcly, but to the list.

Re: cannot boot from SSD

[Claus Assmann]

Thanks for the details; I overwrote the mbr using

dd of=/dev/rsd0c if=/usr/mdec/mbr bs=512 count=1

and then used fdisk to reinstall the OpenBSD partition to the
values I used before - and now the system can boot from the ssd.

Thank you very much for the help!

-- 
Address is valid for this mailing list only, please do not reply
to it direcly, but to the list.

Re: cannot boot from SSD

[Claus Assmann]

On Mon, Oct 25, 2021, Crystal Kolipe wrote:

> Can you provide the output of the atactl identify command for this unit?

Thanks for the reply; below is the output from atactl identify,
fdisk, and disklabel. The disk can be mounted without a problem
and -- based on a brief look -- has the installed content.
Is there some simple way to check that the boot loader is installed
on the disk (besides trying to read some sectors using od or something
similar?)

# atactl sd0 identify
Model: KINGSTON SA400S37240G, Rev: S1Z40102, Serial #: 50026B7380B702FF
Device type: ATA, fixed
Cylinders: 16383, heads: 16, sec/track: 63, total sectors: 468862128
Device capabilities:
ATA standby timer values
IORDY operation
IORDY disabling
Device supports the following standards:
ATA-3 ATA-4 ATA-5 ATA-6 ATA-7 ATA-8 ATA-9 ATA-10 
Master password revision code 0xfffe
Device supports the following command sets:
NOP command
READ BUFFER command
WRITE BUFFER command
Host Protected Area feature set
Read look-ahead
Write cache
Power Management feature set
Security Mode feature set
SMART feature set
Flush Cache Ext command
Flush Cache command
48bit address feature set
Advanced Power Management feature set
DOWNLOAD MICROCODE command
Device has enabled the following command sets/features:
NOP command
READ BUFFER command
WRITE BUFFER command
Host Protected Area feature set
Read look-ahead
Write cache
Power Management feature set
SMART feature set
Flush Cache Ext command
Flush Cache command
48bit address feature set
DOWNLOAD MICROCODE command

$ fdisk sd0
Disk: sd0   geometry: 29185/255/63 [468862128 Sectors]
Offset: 0   Signature: 0xAA55
Starting Ending LBA Info:
 #: id  C   H   S -  C   H   S [   start:size ]
---
 0: BF  0   1   2 -  14592 254  63 [  64:   234436481 ] Solaris 
 1: 00  0   0   0 -  0   0   0 [   0:   0 ] unused  
 2: 00  0   0   0 -  0   0   0 [   0:   0 ] unused  
*3: A6  14593   0   1 -  29184 254  63 [   234436545:   234420480 ] OpenBSD 

$ disklabel sd0
# /dev/rsd0c:
type: SCSI
disk: SCSI disk
label: KINGSTON SA400S3
duid: 2c155e5bcc7344d0
flags:
bytes/sector: 512
sectors/track: 63
tracks/cylinder: 255
sectors/cylinder: 16065
cylinders: 29185
total sectors: 468862128
boundstart: 234436545
boundend: 468857025
drivedata: 0 

16 partitions:
#size   offset  fstype [fsize bsize   cpg]
  a:  2097151234436545  4.2BSD   2048 16384 12960 
  b: 17267584236533696swap
  c:4688621280  unused
  d:  8388608253801280  4.2BSD   2048 16384 12960 
  e: 27767872262189888  4.2BSD   2048 16384 12960 
  f: 12582912289957760  4.2BSD   2048 16384 12960 
  g:  2097152302540672  4.2BSD   2048 16384 12960 
  h: 33947968304637824  4.2BSD   2048 16384 12960 
  i:234436481   64 unknown
  j:  4194304338585792  4.2BSD   2048 16384 12960 
  k: 12582912342780096  4.2BSD   2048 16384 12960 
  l:113494016355363008  4.2BSD   2048 16384 12960 

-- 
Address is valid for this mailing list only, please do not reply
to it direcly, but to the list.

cannot boot from SSD

[Claus Assmann]

I installed OpenBSD 7.0 via miniroot70.img from a USB stick on a
Kingston SA400S3 SSD but unfortunately the machine does not boot
from it (there is just a blinking cursor at the top of console).
The SSD is connected via SATA (see below) so I hoped the machine
(see dmesg) could boot from it.  Is this a problem between the HW
(BIOS?) and the SSD or something I need to do differently with the
OpenBSD install?  My next step is probably to find a "small" HD and
install OpenBSD there but then change fstab to use the SSD.
An alternative might be to change the root device, but it seems
there is no way to do this automatically?

boot(8):
 boot [[device:]image] [-acds]
..
  -a   Causes the kernel to ask for the root device to use.

but I don't see an option to set the root device via boot.conf;
moreover, when I tried this the system does not accept any input
from the USB keyboard -- even though it shows the keyboard as being
recognized just a few line above the prompt.

(Yes, I know the system is a bit old - but it's not even 12 years :-)

OpenBSD 6.8 (GENERIC.MP) #4: Mon Jan 11 10:35:56 MST 2021

r...@syspatch-68-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 8572567552 (8175MB)
avail mem = 8297721856 (7913MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.5 @ 0x9f000 (64 entries)
bios0: vendor American Megatrends Inc. version "1007" date 03/25/2010
bios0: ASUSTeK Computer INC. M4A88TD-M
acpi0 at bios0: ACPI 3.0
acpi0: sleep states S0 S1 S3 S4 S5
acpi0: tables DSDT FACP APIC MCFG OEMB HPET SSDT
acpi0: wakeup devices PCE2(S4) PCE3(S4) PCE5(S4) PCE6(S4) PCE7(S4) PCE9(S4) 
PCEA(S4) RLAN(S4) SBAZ(S4) P0PC(S4) GEC_(S4) UHC1(S4) UHC2(S4) USB3(S4) 
UHC4(S4) USB5(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD Phenom(tm) II X6 1055T Processor, 2812.88 MHz, 10-0a-00
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,ITSC
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 
16-way L2 cache, 6MB 64b/line 48-way L3 cache
cpu0: ITLB 32 4KB entries fully associative, 16 4MB entries fully associative
cpu0: DTLB 48 4KB entries fully associative, 48 4MB entries fully associative
cpu0: AMD erratum 721 detected and fixed
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 200MHz
cpu0: mwait min=64, max=64, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: AMD Phenom(tm) II X6 1055T Processor, 2812.46 MHz, 10-0a-00
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,ITSC
cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 
16-way L2 cache, 6MB 64b/line 48-way L3 cache
cpu1: ITLB 32 4KB entries fully associative, 16 4MB entries fully associative
cpu1: DTLB 48 4KB entries fully associative, 48 4MB entries fully associative
cpu1: AMD erratum 721 detected and fixed
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 2 (application processor)
cpu2: AMD Phenom(tm) II X6 1055T Processor, 2812.46 MHz, 10-0a-00
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,ITSC
cpu2: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 
16-way L2 cache, 6MB 64b/line 48-way L3 cache
cpu2: ITLB 32 4KB entries fully associative, 16 4MB entries fully associative
cpu2: DTLB 48 4KB entries fully associative, 48 4MB entries fully associative
cpu2: AMD erratum 721 detected and fixed
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 3 (application processor)
cpu3: AMD Phenom(tm) II X6 1055T Processor, 2812.46 MHz, 10-0a-00
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,ITSC
cpu3: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 
16-way L2 cache, 6MB 64b/line 48-way L3 cache
cpu3: ITLB 32 4KB entries fully associative, 16 4MB entries fully associative
cpu3: DTLB 48 4KB entries fully associative, 48 4MB entries fully associative
cpu3: AMD erratum 721 detected and fixed
cpu3: smt 0, core 3, package 0
cpu4 at mainbus0: apid 4 (application processor)
cpu4: AMD Phenom(tm) II X6 1055T 

Re: wait returns 127 for existing process?

[Claus Assmann]

On Sun, Aug 15, 2021, Andreas Kusalananda Khri wrote:

> wait returns 127 if the process is not a child of the current shell.
> Is it a child process of the current shell?  If so, does it install a

Yes, indirectly via 2-3 sh scripts.

> signal handler for the HUP signal?

Yes, the "usual" one for a multi-threaded process: one thread which
handles signals and sends a single byte via a pipe to another thread
which then (hopefully) does the appropriate thing.

So it seems better to use kill -0 PID to see whether the process
still exists.

-- 
Address is valid for this mailing list only, please do not reply
to it direcly, but to the list.

wait returns 127 for existing process?

[Claus Assmann]

I must misunderstand something about wait (sh command), but I'm not
sure what: why does wait return 127 for an existing process?

$ PM=31309;kill -HUP $PM; echo $?; ps -p $PM; wait $PM; echo $?; ps -p $PM
0 
  PID TT  STATTIME COMMAND
31309 p0  S0:00.03 ../libpmilter/t-pmilter-1 -r m=550
127
  PID TT  STATTIME COMMAND
31309 p0  S0:00.03 ../libpmilter/t-pmilter-1 -r m=550
$ wait $PM; echo $?
127
$ kill -0 $PM;echo $?
0

(OpenBSD 6.8)

I guess the (multi-threaded) process is in some "weird" state?


PS: it seems I can't attach a debugger either:
$ egdb -p $PM ../libpmilter/t-pmilter-0
GNU gdb (GDB) 7.12.1
...
Reading symbols from ../libpmilter/t-pmilter-0...done.
Attaching to program: /home/ca/sm-9/openbsd-111/libpmilter/t-pmilter-0, process 
31309
ptrace: Operation not permitted.

PPS: the problem is extremely hard to reproduce: running the single
functional test never causes the problem, so far it happens only
if many other tests have been run before (which takes almost 2 hours).

-- 
Address is valid for this mailing list only, please do not reply
to it direcly, but to the list.

Re: sshd: no IP address in error msg?

[Claus Assmann]

On Wed, Mar 17, 2021, Darren Tucker wrote:

[[...]]
> standardized logging that should include the source address and port:

Thanks for the reply - unfortunately I missed that in the source
code , so I checked the logs on a newer OS version and it shows
the IP as you wrote. Sorry for the noise.

sshd: no IP address in error msg?

[Claus Assmann]

My authlog file contains entries like this:
sshd[89023]: error: kex_exchange_identification: banner line contains invalid 
characters
but I can't find the IP address of the host which triggered this
by looking for more log entries of sshd with the same pid.

Would it make sense to add ssh_remote_ipaddr(ssh) to those error_f()
calls in kex_exchange_identification() to identify the client?
That might be useful to block repeated offenders via pf.

-- 
Address is valid for this mailing list only, please do not reply
to it direcly, but to the list.

Re: very slow scrolling in xterm

[Claus Assmann]

On Sun, Dec 20, 2020, Matthieu Herrb wrote:

> You could try to enable shadowFB support through a minimal xorg.conf
> like that :
...

I tried that: unfortunately it does not make a change.

> I think the XAA retirement happened earlier than that but I didn't dig

You are right, I misremembered - I found a disk with 6.6 and the
same problem happens with that.  I haven't found some other (non
nVidia) graphic card yet, so for now I'm using a different computer
with an ATI card.

Thanks for the help.
-- 
Address is valid for this mailing list only, please do not reply
to it direcly, but to the list.

Re: very slow scrolling in xterm

[Claus Assmann]

On Sun, Dec 20, 2020, Nick Holland wrote:

> In fact, that machine is loaded with nvidia hw.  If you fixed
> the video, I suspect you will slam into other walls shortly after.

I know it's a "slow" computer (1) by todays standards, but the only
annoying thing is the slow scrolling (hit return, and watch as the
entire xterm content moves up one line before it displays the next
line). Everything else is "good enough" for software development
(it might take longer to compile stuff, but that doesn't matter
much to me - running the regression test suite takes the largest
amount of time).

> If you really want a dab of perfume on this pig, try a cheap ATI
> video card in whatever slots you have available in it.  However, once

Ok, I'll take a look at my other "collector items" to see if I
can find something that fits.

> I'm a tad bit curious about your implying the X performance got bad
> after 6.6...did this thing really not suck in 6.6 and before?  Maybe

Scrolling was just fine "back then": no visible delays - from
probably 5.3 up to 6.6 (AFAIR).

> there was regression in old nvidia hw with newer nvidia support?

I looked at the 6.7 release notes, but couldn't find anything obvious.
Maybe it is "hidden" in the "upgrade some X SW" entries?

Footnote:
(1) before 6.7 it was much faster/nicer to work with than the
"fancy" high-end Mac laptop that I have to use for work.
-- 
Address is valid for this mailing list only, please do not reply
to it direcly, but to the list.

very slow scrolling in xterm

[Claus Assmann]

On one machine the scrolling in an xterm is very slow since the upgrade
to 6.7 and also in 6.8.
Now that I want to use this machine a bit more I'm wondering what
settings can be used to avoid that problem.
dmesg and Xorg log are (hopefully) attached, what other info could
help to track down the problem?

These .Xdefaults settings haven't changed for many years:
XTerm*saveLines:2000
XTerm*scrollKey:on
XTerm*VT100.Translations:   #overrideF4:secure()\n\
XTerm*ttyModes: erase \177
XTerm*background:   white
XTerm.WaitForMap:   True
XTerm*CharClass:33:48,37:48,45-46:48,64:48
XTerm*pointerShape: top_left_arrow
XTerm.reverseWrap:  True
XTerm.utmpInhibit:  True
XTerm*scrollBar:False
XTerm*font: fixed
XTerm*borderWidth:  3
XTerm*border  red:  
XTerm*internalBorder:   2
XTerm*jumpScroll:   on
XTerm*logInhibit:   on
XTerm*statusLine:   on
XTerm*visualBell:   on

-- 
Address is valid for this mailing list only, please do not reply
to it direcly, but to the list.
[   488.845] (--) checkDevMem: using aperture driver /dev/xf86
[   488.886] (--) Using wscons driver on /dev/ttyC4
[   488.948] 
X.Org X Server 1.20.8
X Protocol Version 11, Revision 0
[   488.949] Build Operating System: OpenBSD 6.8 amd64 
[   488.949] Current Operating System: OpenBSD neec.esmtp.org 6.8 GENERIC.MP#2 
amd64
[   488.950] Build Date: 24 November 2020  06:57:35AM
[   488.950]  
[   488.950] Current version of pixman: 0.38.4
[   488.950]Before reporting problems, check http://wiki.x.org
to make sure that you have the latest version.
[   488.950] Markers: (--) probed, (**) from config file, (==) default setting,
(++) from command line, (!!) notice, (II) informational,
(WW) warning, (EE) error, (NI) not implemented, (??) unknown.
[   488.950] (==) Log file: "/var/log/Xorg.0.log", Time: Sat Dec 19 18:47:12 
2020
[   488.955] (==) Using config file: "/etc/X11/xorg.conf"
[   488.955] (==) Using system config directory 
"/usr/X11R6/share/X11/xorg.conf.d"
[   488.977] (==) No Layout section.  Using the first Screen section.
[   488.977] (==) No screen section available. Using defaults.
[   488.977] (**) |-->Screen "Default Screen Section" (0)
[   488.977] (**) |   |-->Monitor ""
[   488.979] (==) No monitor specified for screen "Default Screen Section".
Using a default monitor configuration.
[   488.979] (==) Automatically adding devices
[   488.979] (==) Automatically enabling devices
[   488.979] (==) Not automatically adding GPU devices
[   488.979] (==) Max clients allowed: 256, resource mask: 0x1f
[   488.979] (WW) The directory "/usr/local/share/ghostscript/fonts" does not 
exist.
[   488.979]Entry deleted from font path.
[   488.980] (**) FontPath set to:
/usr/X11R6/lib/X11/fonts/misc/,
/usr/X11R6/lib/X11/fonts/TTF/,
/usr/X11R6/lib/X11/fonts/Type1/,
/usr/X11R6/lib/X11/fonts/75dpi/,
/usr/X11R6/lib/X11/fonts/100dpi/,
/usr/local/lib/X11/fonts/local/,
/usr/X11R6/lib/X11/fonts/misc/,
/usr/X11R6/lib/X11/fonts/TTF/,
/usr/X11R6/lib/X11/fonts/OTF/,
/usr/X11R6/lib/X11/fonts/Type1/,
/usr/X11R6/lib/X11/fonts/100dpi/,
/usr/X11R6/lib/X11/fonts/75dpi/
[   488.980] (**) ModulePath set to "/usr/X11R6/lib/modules"
[   488.980] (II) The server relies on wscons to provide the list of input 
devices.
If no devices become available, reconfigure wscons or disable 
AutoAddDevices.
[   488.980] (II) Loader magic: 0xc2c9f625940
[   488.980] (II) Module ABI versions:
[   488.980]X.Org ANSI C Emulation: 0.4
[   488.980]X.Org Video Driver: 24.1
[   488.980]X.Org XInput driver : 24.1
[   488.980]X.Org Server Extension : 10.0
[   488.980] (--) PCI:*(3@0:0:0) 10de:0421:1682:230b rev 161, Mem @ 
0xf800/16777216, 0xc000/536870912, 0xf600/33554432, I/O @ 
0xbc00/128
[   488.980] (II) LoadModule: "glx"
[   489.021] (II) Loading /usr/X11R6/lib/modules/extensions/libglx.so
[   489.087] (II) Module glx: vendor="X.Org Foundation"
[   489.087]compiled for 1.20.8, module version = 1.0.0
[   489.087]ABI class: X.Org Server Extension, version 10.0
[   489.097] (==) Matched nv as autoconfigured driver 0
[   489.097] (==) Matched vesa as autoconfigured driver 1
[   489.097] (==) Assigned the driver to the xf86ConfigLayout
[   489.097] (II) LoadModule: "nv"
[   489.098] (II) Loading /usr/X11R6/lib/modules/drivers/nv_drv.so
[   489.121] (II) Module nv: vendor="X.Org Foundation"
[   489.121]compiled for 1.20.8, module version = 2.1.21
[   489.121]Module class: X.Org Video Driver
[   489.121]ABI class: X.Org Video Driver, version 24.1
[   489.121] (II) LoadModule: "vesa"
[   489.123] (II) Loading /usr/X11R6/lib/modules/drivers/vesa_drv.so
[   

Re: openssl s_client gives "called a function you should not call"

[Claus Assmann]

On Thu, Nov 12, 2020, Paul de Weerd wrote:

> $ openssl s_client -starttls smtp -connect localhost:587

> RCPT TO: 
  ^ = RENEGOTIATING

and the syntax is wrong too: NO space after colon, see the fine RFCs.

openssl(1):
 When used interactively (which means neither -quiet nor -ign_eof have  
 been given), the session will be renegotiated if the line begins with an
 R; if the line begins with a Q or if end of file is reached, the
 connection will be closed down.


Use
rcpt to:

-- 
Address is valid for this mailing list only, please do not reply
to it direcly, but to the list.

Re: strange SMTP interaction with mail.openbsd.org ?

[Claus Assmann]

On Fri, Sep 11, 2020, Leen Besselink wrote:

> I waited longer now and CHUNKING is not in the EHLO banner, but I do see
> QUiT again without sending any emails.

> So even though I had turned it off and on a couple of times, it was probably
> just a coincidence.

Did you get an answer from postmaster@?

It would be interesting to know what is going on.

-- 
Address is valid for this mailing list only, please do not reply
to it direcly, but to the list.

Re: strange SMTP interaction with mail.openbsd.org ?

[Claus Assmann]

On Mon, Sep 07, 2020, Leen Besselink wrote:

> So I just got confirmation, when CHUNKING is in the EHLO then it will do
> STARTTLS, but after a second EHLO it will notice the CHUNKING and just QUIT.

Interesting... but unfortunately that's not the problem I am seeing
- my server does not offer CHUNKING and the "drops" seem to be random
(maybe some artifact of the scheduling in smtpd?)

-- 
Address is valid for this mailing list only, please do not reply
to it direcly, but to the list.

Re: strange SMTP interaction with mail.openbsd.org ?

[Claus Assmann]

On Sun, Sep 06, 2020, Leen Besselink wrote:

> So I was checking the logs and I saw mail.openbsd.org connected and
> disconnected but strange enough did not deliver any mail:

I noticed something similar and asked on misc at opensmtpd.org

  Date: Sat, 16 May 2020 12:20:35 +0200
  Subject: design or error: no transaction started by opensmtpd
  Message-ID: <20200516102035.ga45...@kiel.esmtp.org>

but nobody replied.

-- 
Address is valid for this mailing list only, please do not reply
to it direcly, but to the list.

Re: secure MTA

[Claus Assmann]

On Wed, Apr 08, 2020, Kevin Chadwick wrote:

> You missed some out. I assume on purpose.

Wrong "assumption"; I did it to keep it short -- I included the
info how someone could find the details.

> So it does require internal users to make an action and a MITM or outbound
> connection to an attacker controlled server and not an incoming connection...

Yes, it requires you to send mail according to the exploit that was
posted. I did not try it myself and I did not see a followup stating
"this does not work". So if that example does not work, maybe someone
can clarify?

> Qualsys chose to call that remote, at a stretch. Either way, it does not 
> change

It seems to be similar to "if you visit a compromised website"...
Anyway, it doesn't seem to be productive to argue terminology etc,
hence: sorry for the interruption and I stop now.

-
Address is valid for this mailing list only, please do not reply
to it direcly, but to the list.

Re: secure MTA (was: news from ...)

[Claus Assmann]

On Wed, Apr 08, 2020, Kevin Chadwick wrote:

> OpenSMTPD does not listen to the internet, by default and even if you do set 
> it

From: Qualys Security Advisory 
To: oss-secur...@lists.openwall.com
Message-ID: <20200224184538.GF17396@localhost.localdomain>

- Client-side exploitation: This vulnerability is remotely exploitable
  in OpenSMTPD's (and hence OpenBSD's) default configuration. Although
  ^^^

> Is it hard to write a secure mail server, sure. Look at exims bugs.
[Is that like saying:
 "Is it hard to write a secure OS, sure. Look at Linux bugs."?
]

How about qmail (or postfix)?  (and some other barely known MTA)

-- 
Address is valid for this mailing list only, please do not reply
to it direcly, but to the list.

Re: mutt can't sent smtps after upgrade to 6.7-beta

[Claus Assmann]

On Tue, Apr 07, 2020, Vitaliy Makkoveev wrote:

> send mail via yahoo's smtps. Error is "SSL failed: error:1404B3F2:SSL
> routines:ST_CONNECT:sslv3 alert unexpected message". mutt on this machine

> set smtp_url = 'smtps://lo...@smtp.mail.yahoo.com:465/'

Try to reproduce the problem using the openssl command and turn on
various debug option to get more info, something like:

openssl s_client -connect smtp.mail.yahoo.com:465 -state -debug -crlf 
-tlsextdebug -showcerts


That will hopefully show where the problem is, e.g., TLS protocol,
cipher suite, certs, ...

-- 
Address is valid for this mailing list only, please do not reply
to it direcly, but to the list.

dn_skipname() not docoumented?

[Claus Assmann]

Is there no man page for dn_skipname() on purpose or is it an
oversight?

I found it on FreeBSD:

RESOLVER(3)FreeBSD Library Functions ManualRESOLVER(3)
 int
 dn_skipname(const u_char *comp_dn, const u_char *eom);
DESCRIPTION
 The dn_skipname() function skips over a compressed domain name, which
 starts at a location pointed to by comp_dn.  The compressed name is
 contained in a query or reply message; eom is a pointer to the end of the
 message.  The size of compressed name is returned or -1 if there was an
 error.

Re: USB printer?

[Claus Assmann]

I got a 
HP DeskJet 2630
printer and connected it via usb
I tried to use it "directly", i.e., /etc/printcap:
usb:lp=/dev/ulpt0:sd=/var/spool/output/usb:sf:sh:tr=^D:
as mentioned in the original mail

but this results in an "output error" after I started lpd
and used
lpr doc.ps

 ulpt0 at uhub0 port 4 configuration 1 interface 1 "HP DeskJet 2600 series" rev 
2.00/1.00 addr 2
 ulpt0: using bi-directional mode
 ugen0 at uhub0 port 4 configuration 1 "HP DeskJet 2600 series" rev 2.00/1.00 
addr 2
 ulpt0: output error

I didn't try to set up cups or similar stuff as that seems
to be overkill for my simple use case and probably results
in the same USB error?
If someone has this kind of printer connected via USB: I am
interested in the config.

Thanks.

PS: full dmesg attached in case it provides some info about the USB
problem - hopefully it isn't stripped by the mailing list software;
here's at least some USB info:

uhci0 at pci0 dev 26 function 0 "Intel 82801H USB" rev 0x02: apic 2 int 16
uhci1 at pci0 dev 26 function 1 "Intel 82801H USB" rev 0x02: apic 2 int 21
ehci0 at pci0 dev 26 function 7 "Intel 82801H USB" rev 0x02: apic 2 int 18
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00 
addr 1

-- 
Address is valid for this mailing list only, please do not reply
to it direcly, but to the list.

suggestions for USB printer (maybe even with scanner)?

[Claus Assmann]

I need to buy a printer to connect to one of my OpenBSD machines
and I prefer a USB connection (as I don't control the network at
my current place).  Can I just buy any USB printer or are there
printers which do not work with OpenBSD? If so, what do I need
to check / avoid?

Any suggestion for something "cheap" (to print just a few documents
as needed)? I never had to buy a printer before, so I'm not familiar
with this area -- if possible I would like to get a printer/scanner
but I have no idea what I can buy locally :-(
A HP laserjet (which was a gift but broke today) worked only with
one of my OpenBSD machines which seemingly was related to the USB
HW, using a printcap entry like this:
usb:lp=/dev/ulpt0:sd=/var/spool/output/usb:sf:sh:tr=^D:

-- 
Address is valid for this mailing list only, please do not reply
to it direcly, but to the list.

Re: DNS lookups on a different port for testing?

[Claus Assmann]

On Thu, Jan 23, 2020, Stuart Henderson wrote:
> On 2020-01-22, Claus Assmann  wrote:
> > The functional tests for sendmail use ldns-testns as DNS server
> > which provides specific test data and error behaviours.
> > It runs on a port  > 1024 to avoid requiring root access.

> For the libbind port, to avoid the conflict with libc/asr, those two
> symbols are renamed. You need to set cpp flags to make sure you're
> getting the version of resolv.h from /usr/local/include *not* the one in
> /usr/include.

With these flags (CPP/LD):
-I/usr/local/include/bind
-L/usr/local/bind/libbind -lbind
and a little bit more hacking of the code
(only to call res_init() in the "right" place)
this work!

Thank you, now I can continue to use my OpenBSD
machine for testing the DANE code in sm8.

-- 
Address is valid for this mailing list only, please do not reply
to it direcly, but to the list.

DNS lookups on a different port for testing?

[Claus Assmann]

The functional tests for sendmail use ldns-testns as DNS server
which provides specific test data and error behaviours.
It runs on a port  > 1024 to avoid requiring root access.
There's code in sendmail to set the IP and port for a NS:
_res.nsaddr_list[0].sin_family = AF_INET;
_res.nsaddr_list[0].sin_addr = *ns;
_res.nsaddr_list[0].sin_port = htons(port);
_res.nscount = 1;
but this does not work (anymore) on OpenBSD -- AFAICT the
resolver implementation (asr?) has a hardcoded port (53).
Is there some way to set a different port for testing?  I also tried
to link sendmail against libbind but then it fails during executtion:

sendmail:/usr/lib/libc.so.95.0: ../sendmail/sendmail : WARNING: 
symbol(__p_type_syms) size mismatch, relink your program
sendmail:/usr/lib/libc.so.95.0: ../sendmail/sendmail : WARNING: symbol(_res) 
size mismatch, relink your program
fill_fd: before readcf: fd 0 not open: Bad file descriptor

Any (simple?) suggestion to get this working on OpenBSD (just for
functional testing)?

-- 
Address is valid for this mailing list only, please do not reply
to it direcly, but to the list.

Re: Request for recommendation - encryption and signature for file backup

[Claus Assmann]

Maybe duplicity? It's available as package (not sure
whether it does signing).

-- 
Address is valid for this mailing list only.

Re: regression tests (was: OpenBSD Errata: December 11th, 2019 (ldso))

[Claus Assmann]

On Sat, Dec 14, 2019, Frank Beuth wrote:

> OpenBSD doesn't have unit tests (or if they are, they're not in the main

Hmm, what about src/regress/ ?
You are probably welcome to contribute tests :-)

-- 
Address is valid for this mailing list only.

Re: [sh] Single quote in comment within subshell buggy

[Claus Assmann]

On Sat, Dec 14, 2019, Richard Ulmer wrote:

> foo=$(
>   # It's bar:
>   echo bar
> )
> echo $foo

Because I was curious I just tested it on a FreeBSD 11.2 box:
no error with /bin/sh and /bin/ksh.

-- 
Address is valid for this mailing list only.

Re: Disabling laptop display & turning off suspend on lid close

[Claus Assmann]

On Fri, Nov 22, 2019, Unicorn wrote:

> Still would like to know how to turn the display off, have not figured
> that out yet ;)

man xset

Not sure if this is what you want (yes, it's ugly):

#!/bin/sh
if test $# -ge 1
then
  TO=$1
else
  TO=300
fi
xset s $TO
xset s blank
if test $# -lt 1
then
xset dpms 500 660 900
fi

-- 
Address is valid for this mailing list only.

Re: fw_update long timeout, how to specify mirror

[Claus Assmann]

Tommy Nevtelen  wrote:

> I have some systems without access to the Internets and with internal
> mirrors for packages and fw_update packages. But when openbsd does a
> sysupgrade or a new install it runs fw_update against
> firmware.openbsd.org. The problem here is that it will hang until the

Maybe map firmware.openbsd.org to your internal mirror?
How to do that depends on your DNS setup.

-- 
Address is valid for this mailing list only.

Re: Host Header Redirection on openbsd.org

[Claus Assmann]

On Mon, Aug 05, 2019, Marc Espie wrote:
> [[...]] the same useless mp4 video.

Maybe it is/contains an (attempt of an) exploit?

-- 
Address is valid for this mailing list only.

Re: gdb: DW_TAG_ (abbrev = 85, offset = 20161909)

[Claus Assmann]

On Sun, Feb 10, 2019, Ted Unangst wrote:
> Claus Assmann wrote:
> > Any suggestion how I can debug that program?  (it's huge and written
> > in C++ with which I am not familiar anyway :-(

> You want egdb from ports, especially for anything c++. (pkg_add gdb)

Thanks, that seems to work (sorry for the long delay to reply, I
had to (re)install OpenBSD 6.4 due to a disk failure before I
could try this).

-- 
Address is valid for this mailing list only.

gdb: DW_TAG_ (abbrev = 85, offset = 20161909)

[Claus Assmann]

I'm trying to debug a core dump from GoldenCheetah which has been
compiled with clang++ on OpenBSD 6.4 amd64.

gdb fails like this:
$ gdb /usr/local/bin/GoldenCheetah GoldenCheetah.core
GNU gdb 6.3
...
[[loading lots of shared (qt) libraries]]
...
Loaded symbols for /usr/local/lib/libwebpdemux.so.2.0
Die: DW_TAG_ (abbrev = 85, offset = 20161909)
has children: FALSE
attributes:
DW_AT_type (DW_FORM_ref4) constant ref: 20155712 (adjusted)
Dwarf Error: Cannot find type of die [in module /usr/local/bin/GoldenCheetah]
Die: DW_TAG_ (abbrev = 85, offset = 20161909)
has children: FALSE
attributes:
DW_AT_type (DW_FORM_ref4) constant ref: 20155712 (adjusted)
Dwarf Error: Cannot find type of die [in module /usr/local/bin/GoldenCheetah]


and lldb crashes:
$ lldb -c GoldenCheetah.core /usr/local/bin/GoldenCheetah
(lldb) target create "/usr/local/bin/GoldenCheetah" --core "GoldenCheetah.core"
Bus error

/var/log/messages shows:
/bsd: coredump of lldb(5642), write failed: errno 14


Any suggestion how I can debug that program?  (it's huge and written
in C++ with which I am not familiar anyway :-(


-- 
Address is valid for this mailing list only.

Re: amd64 snap (1546747502) hangs after cpu1 at mainbus0: apid 1 (application processor)

[Claus Assmann]

On Mon, Jan 07, 2019, Christer Solskogen wrote:

> I got this as well, it was fixed in the next snap.

Yes, the next snapshot didn't exhibit the problem.
Thanks for the replies.

-- 
Address is valid for this mailing list only.

amd64 snap (1546747502) hangs after cpu1 at mainbus0: apid 1 (application processor)

[Claus Assmann]

I'm probably doing something wrong, but anyway: I've (auto)installed
the current amd64 snapshot:
Build date: 1546747502 - Sun Jan  6 04:05:02 UTC 2019
however, after rebooting it hangs at:

...
cpu0: apic clock running at 200MHz
cpu0: mwait min=64, max=64, IBE
cpu1 at mainbus0: apid 1 (application processor)


amd64 6.4 release boots fine (and seems to run fine too, I only
just installed it), here's the dmesg:


OpenBSD 6.4 (GENERIC.MP) #364: Thu Oct 11 13:30:23 MDT 2018
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 8572567552 (8175MB)
avail mem = 8303484928 (7918MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.5 @ 0x9f000 (64 entries)
bios0: vendor American Megatrends Inc. version "1007" date 03/25/2010
bios0: ASUSTeK Computer INC. M4A88TD-M
acpi0 at bios0: rev 2
acpi0: sleep states S0 S1 S3 S4 S5
acpi0: tables DSDT FACP APIC MCFG OEMB HPET SSDT
acpi0: wakeup devices PCE2(S4) PCE3(S4) PCE5(S4) PCE6(S4) PCE7(S4) PCE9(S4) 
PCEA(S4) RLAN(S4) SBAZ(S4) P0PC(S4) GEC_(S4) UHC1(S4) UHC2(S4) USB3(S4) 
UHC4(S4) USB5(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD Phenom(tm) II X6 1055T Processor, 2812.81 MHz, 10-0a-00
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,ITSC
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 
16-way L2 cache, 6MB 64b/line 48-way L3 cache
cpu0: ITLB 32 4KB entries fully associative, 16 4MB entries fully associative
cpu0: DTLB 48 4KB entries fully associative, 48 4MB entries fully associative
cpu0: AMD erratum 721 detected and fixed
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 200MHz
cpu0: mwait min=64, max=64, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: AMD Phenom(tm) II X6 1055T Processor, 2812.47 MHz, 10-0a-00
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,ITSC
cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 
16-way L2 cache, 6MB 64b/line 48-way L3 cache
cpu1: ITLB 32 4KB entries fully associative, 16 4MB entries fully associative
cpu1: DTLB 48 4KB entries fully associative, 48 4MB entries fully associative
cpu1: AMD erratum 721 detected and fixed
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 2 (application processor)
cpu2: AMD Phenom(tm) II X6 1055T Processor, 2812.47 MHz, 10-0a-00
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,ITSC
cpu2: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 
16-way L2 cache, 6MB 64b/line 48-way L3 cache
cpu2: ITLB 32 4KB entries fully associative, 16 4MB entries fully associative
cpu2: DTLB 48 4KB entries fully associative, 48 4MB entries fully associative
cpu2: AMD erratum 721 detected and fixed
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 3 (application processor)
cpu3: AMD Phenom(tm) II X6 1055T Processor, 2812.47 MHz, 10-0a-00
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,ITSC
cpu3: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 
16-way L2 cache, 6MB 64b/line 48-way L3 cache
cpu3: ITLB 32 4KB entries fully associative, 16 4MB entries fully associative
cpu3: DTLB 48 4KB entries fully associative, 48 4MB entries fully associative
cpu3: AMD erratum 721 detected and fixed
cpu3: smt 0, core 3, package 0
cpu4 at mainbus0: apid 4 (application processor)
cpu4: AMD Phenom(tm) II X6 1055T Processor, 2812.47 MHz, 10-0a-00
cpu4: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,ITSC
cpu4: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 
16-way L2 cache, 6MB 64b/line 48-way L3 cache
cpu4: ITLB 32 4KB entries fully associative, 16 4MB entries fully associative
cpu4: DTLB 48 4KB entries fully associative, 48 4MB entries fully associative
cpu4: AMD erratum 721 detected and fixed
cpu4: smt 0, core 4, package 0
cpu5 at mainbus0: apid 5 (application processor)

Re: statethreads crashes in ld on 6.4

[Claus Assmann]

On Tue, Dec 04, 2018, Otto Moerbeek wrote:

> malloc(3) uses mmap without MAP_STACK flag, so you'll end up with memory
> not marked MAP_STACK in both cases.

Thanks for the information.

> Define MALLOC_STACK and add MAP_STACK to the flags,

You mean "undefine MALLOC_STACK", right? I don't see a way (in the
man page) to add MAP_STACK to malloc(2) memory, but I might be
missing something (again).

statethreads works when adding MAP_STACK:

...
#if defined (MAP_STACK)
  mmap_flags |= MAP_STACK;
#endif
  vaddr = mmap(NULL, size, PROT_READ | PROT_WRITE, mmap_flags, zero_fd, 0);


Thanks!

-- 
Address is valid for this mailing list only.

Re: statethreads crashes in ld on 6.4

[Claus Assmann]

On Mon, Dec 03, 2018, Philip Guenther wrote:

[thanks for the analysis/explanation!]

> And now this kbind() call blows up: the address is not on the original 
> thread's stack but in one of those mmap()s...but those mmap()s were not 
> marked as stacks by including MAP_STACK.  To quote the "Security 
> improvements" section of https://www.openbsd.org/64.html

> * Implemented MAP_STACK option for mmap(2). At pagefaults and
>   syscalls the kernel will check that the stack pointer points
>   to MAP_STACK memory, which mitigates against attacks using
>   stack pivots.

Hmm, I read that and it seems I misunderstood it -- I will give
this a try.
However, here's the weird part: there's a compile time switch not
to use mmap(2) but malloc(2) and I selected that option in one of
my test because of that note: that version also crashed, hence I
was under the impression that MAP_STACK couldn't be the problem.


static char *_st_new_stk_segment(int size)
{
#ifdef MALLOC_STACK
  void *vaddr = malloc(size);
#else
  int mmap_flags = MAP_PRIVATE;
  void *vaddr;

  mmap_flags |= MAP_ANON;
  vaddr = mmap(NULL, size, PROT_READ | PROT_WRITE, mmap_flags, zero_fd, 0);
  if (vaddr == (void *)MAP_FAILED)
return NULL;
#endif /* MALLOC_STACK */
  return (char *)vaddr;
}

Re: statethreads crashes in ld on 6.4

[Claus Assmann]

On Sun, Dec 02, 2018, Philip Guenther wrote:

> Since ld.so is relinked on each boot, just an address doesn't really show
> what died.  The disassembly up to that address would help.
> More important is knowing what signal killed the process.  ktracing it and
> seeing what the syscalls leading up to signal were (and what extra info was
> in the signal) tells a lot.


Here's the dissambler output and the ktrace output follows.
Unfortunately I don't know enough about this to figure out
what is wrong, hopefully someone else can (or tell me which
other information is still needed). TIA!

$ gdb server server.core
GNU gdb 6.3
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "amd64-unknown-openbsd6.4"...
Core was generated by `server'.
Program terminated with signal 11, Segmentation fault.
Loaded symbols for /home/ca/sm-9/obj.OpenBSD/statethreads/examples/server
Reading symbols from /usr/lib/libc.so.92.5...done.
Loaded symbols for /usr/lib/libc.so.92.5
Reading symbols from /usr/libexec/ld.so...done.
Loaded symbols for /usr/libexec/ld.so
#0  0x0987baf0d488 in _dl_bind (object=0x987f117d800, index=Variable 
"index" is not available.
) from /usr/libexec/ld.so
(gdb) where
#0  0x0987baf0d488 in _dl_bind (object=0x987f117d800, index=Variable 
"index" is not available.
) from /usr/libexec/ld.so
#1  0x0987baf0681d in _dl_bind_start () at 
/usr/src/libexec/ld.so/amd64/ldasm.S:108
#2  0x0985b8e06618 in st_accept (fd=0x9885b802800, addr=0x98840217db0, 
addrlen=0x98840217dac, 
timeout=18446744073709551615) at ../../mta/statethreads/io.c:258
#3  0x0985b8e02928 in handle_connections (arg=0x0) at 
../../../mta/statethreads/examples/server.c:880
#4  0x0985b8e0449f in _st_thread_main () at 
../../mta/statethreads/sched.c:329
#5  0x0985b8e03f05 in st_thread_create (start=0x36a12ea863f81b25, arg=0x0, 
joinable=2440, stk_size=230505664)
at ../../mta/statethreads/sched.c:593
#6  0x0985b8e01e38 in start_threads () at 
../../../mta/statethreads/examples/server.c:855
#7  0x0985b8e00b17 in main (argc=5, argv=0x7f7fa468) at 
../../../mta/statethreads/examples/server.c:266
Current language:  auto; currently minimal
(gdb) disassemble
Dump of assembler code for function _dl_bind:
0x0987baf0d3c0 <_dl_bind+0>:mov2112049(%rip),%r11# 
0x987bb110df8 <__retguard_3683>
0x0987baf0d3c7 <_dl_bind+7>:xor(%rsp),%r11
0x0987baf0d3cb <_dl_bind+11>:   push   %rbp
0x0987baf0d3cc <_dl_bind+12>:   mov%rsp,%rbp
0x0987baf0d3cf <_dl_bind+15>:   push   %r11
0x0987baf0d3d1 <_dl_bind+17>:   push   %r15
0x0987baf0d3d3 <_dl_bind+19>:   push   %r14
0x0987baf0d3d5 <_dl_bind+21>:   push   %r13
0x0987baf0d3d7 <_dl_bind+23>:   push   %r12
0x0987baf0d3d9 <_dl_bind+25>:   push   %rbx
0x0987baf0d3da <_dl_bind+26>:   sub$0x30,%rsp
0x0987baf0d3de <_dl_bind+30>:   mov%rdi,%r15
0x0987baf0d3e1 <_dl_bind+33>:   mov2112032(%rip),%rax# 
0x987bb110e08 <__guard_local>
0x0987baf0d3e8 <_dl_bind+40>:   mov%rax,0xffc8(%rbp)
0x0987baf0d3ec <_dl_bind+44>:   mov2111981(%rip),%r14# 
0x987bb110de0 
0x0987baf0d3f3 <_dl_bind+51>:   mov0x70(%r15),%rax
0x0987baf0d3f7 <_dl_bind+55>:   mov0xf8(%r15),%r13
0x0987baf0d3fe <_dl_bind+62>:   movslq %esi,%rcx
0x0987baf0d401 <_dl_bind+65>:   lea(%rcx,%rcx,2),%rbx
0x0987baf0d405 <_dl_bind+69>:   mov0xc(%r13,%rbx,8),%ecx
0x0987baf0d40a <_dl_bind+74>:   lea(%rcx,%rcx,2),%rdx
0x0987baf0d40e <_dl_bind+78>:   lea(%rax,%rdx,8),%rcx
0x0987baf0d412 <_dl_bind+82>:   mov(%rax,%rdx,8),%r12d
0x0987baf0d416 <_dl_bind+86>:   add0x68(%r15),%r12
0x0987baf0d41a <_dl_bind+90>:   movq   $0x0,0xffc0(%rbp)
0x0987baf0d422 <_dl_bind+98>:   lea0xffc0(%rbp),%rsi
0x0987baf0d426 <_dl_bind+102>:  lea0xffb8(%rbp),%r9
0x0987baf0d42a <_dl_bind+106>:  mov$0x30,%edx
0x0987baf0d42f <_dl_bind+111>:  mov%r12,%rdi
0x0987baf0d432 <_dl_bind+114>:  mov%r15,%r8
0x0987baf0d435 <_dl_bind+117>:  callq  0x987baf07e60 <_dl_find_symbol>
0x0987baf0d43a <_dl_bind+122>:  mov0xffc0(%rbp),%rcx
0x0987baf0d43e <_dl_bind+126>:  test   %rcx,%rcx
0x0987baf0d441 <_dl_bind+129>:  je 0x987baf0d4c7 <_dl_bind+263>
0x0987baf0d447 <_dl_bind+135>:  add0x8(%rcx),%rax
0x0987baf0d44b <_dl_bind+139>:  add0x10(%r13,%rbx,8),%rax
0x0987baf0d450 <_dl_bind+144>:  mov%rax,0xffb0(%rbp)

Re: statethreads crashes in ld on 6.4

[Claus Assmann]

On Sun, Dec 02, 2018, Edgar Pettijohn wrote:
> Sorry just saw it came with some examples. Testing with the `lookupdns' 
> program
> ended with a Bus error (core dumped). Here is gdb output:

You might want to download MeTA1 and use its statethreads version,
I'm not sure all of my fixes made it back into the distribution.

Re: statethreads crashes in ld on 6.4

[Claus Assmann]

Thanks for the replies! Here's an update what I tried so far
-- I will follow the suggestions next.

About the
- signal: it's "segmentation violation".
- syscall: it's accept(2): st_accept invokes that function.

--
I checked setjmp: no change from 6.3 to 6.4 (cvs diff, comparing
files, etc), and also looked at the current version (4.20) of nspr
(statethreads started out from nspr AFAIR): it has the same definitions
wrt stack layout and no "recent" changes.

--
I found this which might be relevant:
  * RETGUARD is a replacement for the stack-protector which uses a
per-function random cookie (located in the ELF .openbsd.randomdata
section) to consistency check the return address on the stack.
but turning it off using -fno-ret-protector did not help.

--
Next I tried static linking (because the crash happened in the
dynamic linker): that did not help either
$ ldd server
server:
StartEnd  Type  Open Ref GrpRef Name
0b09cff7b000 0b09d01d9000 dlib  10   0  
/home/ca/sm-9/obj.OpenBSD/statethreads/examples/server
$ ./server -l. -b localhost:1234 -a -i
[02/Dec/2018:08:51:23] INFO: process 0 (pid 97666): configuration loaded
[02/Dec/2018:08:51:23] INFO: process 0 (pid 97666): starting 8 threads on 
localhost:1234
Segmentation fault (core dumped) 

neec.esmtp.org$ gdb server{,.core}
GNU gdb 6.3
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "amd64-unknown-openbsd6.4"...
Core was generated by `server'.
Program terminated with signal 11, Segmentation fault.
#0  0x104bd8b1190a in ?? ()
(gdb) where
#0  0x104bd8b1190a in ?? ()
#1  0x104bd8b118be in ?? ()
#2  0x7f7be5f8 in ?? ()
#3  0xda20e8d18db78ebb in ?? ()
#4  0x104e53b14d70 in ?? ()
#5  0x104bd8b0590b in ?? ()
#6  0x in ?? ()
(gdb) quit

--
I also tried whether this could be a problem:
  The Retpoline mitigation against Spectre Variant 2 has been enabled
  in clang(1) and in assembly files on amd64 and i386.
but using -mno-retpoline did not help either.

statethreads crashes in ld on 6.4

[Claus Assmann]

statethreads (http://state-threads.sourceforge.net/) crashes on
OpenBSD 6.4/amd64 (release) with an error in ld (see below); it
works fine on previous OpenBSD versions.  Do I have to set some
"special" cc/ld options to make this work? Or are patches to
statehreads required (there doesn't seem to be a port for it,
otherwise I would try that)?

#0  0x0c0b0980db08 in _dl_bind (object=0xc0a85cff400, index=)
   from /usr/libexec/ld.so
(gdb) where
#0  0x0c0b0980db08 in _dl_bind (object=0xc0a85cff400, index=)
   from /usr/libexec/ld.so
#1  0x0c0b098080dd in _dl_bind_start ()
at /usr/src/libexec/ld.so/amd64/ldasm.S:108
#2  0x0c08448058bc in st_accept (fd=0xc0a634981c0, addr=0xc0ae5a31dd0, 
addrlen=0xc0ae5a31dcc, timeout=18446744073709551615)
at ../../mta/statethreads/io.c:258
#3  0x0c0844802928 in handle_connections (arg=0x0)
at ../../../mta/statethreads/examples/server.c:880
#4  0x0c0844803e4a in st_thread_create (start=0, arg=)
at ../../mta/statethreads/sched.c:329
#5  0x0c0844801e38 in start_threads ()
at ../../../mta/statethreads/examples/server.c:855
#6  0x0c0844800b17 in main (argc=6, argv=0x7f7d4ec8)
at ../../../mta/statethreads/examples/server.c:266
(gdb) print *object
$2 = {obj_base = 13229648510976, load_name = 0xc0b0ee98d90 "./server", 
  load_dyn = 0xc0844a0dbc8, next = 0xc0a4aacb800, prev = 0x0, 
  load_base = 13229648510976, load_list = 0xc0a64e9c400, load_size = 2158592, 
  Dyn = {info = 0xc0a85cff440, u = {null = 0, needed = 1, pltrelsz = 1872, 
  pltgot = 0xc0844a0dd28, hash = 0xc0844908960, strtab = 0xc0844909650 "", 
  symtab = 0xc0844908c90, rela = 0xc0844909940, relasz = 1152, 
  relaent = 24, strsz = 748, syment = 24, init = 0, fini = 0, 
  soname = 0x0, rpath = 0x0, symbolic = 0, rel = 0x0, relsz = 0, 
  relent = 0, pltrel = 7, debug = 0, textrel = 0, jmprel = 13229649599936, 
  bind_now = 0, init_array = 0x0, fini_array = 0x0, init_arraysz = 0, 
  fini_arraysz = 0, runpath = 0x0, flags = 0, encoding = 0, 
  preinit_array = 0x0, preinit_arraysz = 0}}, relacount = 45, 
  relcount = 0, status = 5, phdrp = 0xc0844800040, phdrc = 10, obj_type = 2, 
  obj_flags = 2, buckets = 0xc0844908968, nbuckets = 97, 
  chains = 0xc0844908aec, nchains = 104, dynamic = 0x0, child_list = {
tqh_first = 0xc0ab8651740, tqh_last = 0xc0ab8651740}, grpsym_list = {
tqh_first = 0xc0aab280e40, tqh_last = 0xc0ad21a8bc0}, grpref_list = {
tqh_first = 0x0, tqh_last = 0xc0a85cff5c8}, refcount = 0, opencount = 1, 
  grprefcount = 0, load_object = 0xc0a85cff400, sod = {
sod_name = 13240289961776, sod_library = 0, sod_reserved = 0, 
sod_major = 0, sod_minor = 0, sod_next = 0}, dev = 0, inode = 0, 
  tls_fsize = 0, tls_msize = 0, tls_align = 0, tls_static_data = 0x0, 
  tls_offset = 0, relro_addr = 13229650663352, relro_size = 2120, 
  grpsym_gen = 0, rpath = 0x0, runpath = 0x0, traced = 0}


$ ldd server
server:
StartEnd  Type  Open Ref GrpRef Name
004e8ca0 004e8cc0f000 exe   10   0  server
0051672ec000 0051675db000 rlib  01   0  
/usr/lib/libc.so.92.5
00518340 00518340 ld.so 01   0  
/usr/libexec/ld.so

ld doesn't seem to be mentioned in errata64.html, so I guess there's
no relevant change for it.

The test program (as well as statethreds) is part of MeTA1 in case
someone can take a look at it.

Re: boot> does not "time out" after failed PXE boot

[Claus Assmann]

On Tue, Oct 03, 2017, Alexander Hall wrote:
> Unless I'm mistaken, Claus refers to things that happen prior to the
> boot prompt appearing the first time.

Yes. It's the boot order in the BIOS, i.e., it tries PXE boot before
the HD (i.e., before the ">boot" prompt even shows up).

> Once the boot prompt does up,
> I'd expect at least one attempt.

Me too.

Does it fail because I pressed the ESC key to abort the PXE boot
and the ">boot" prompt considers that keystroke as some kind of
input?

> Claus, do you by any chance have anything fancy in /etc/boot.conf?

No, that file doesn't exist on the laptop.

boot> does not "time out" after failed PXE boot

[Claus Assmann]

After a failed/aborted PXE boot (e.g., hitting a key or no network)
a laptop is "hanging" at the (OpenBSD 6.2 snapshot)
>boot
prompt which normally (AFAICT) times out and just boots after a few
seconds (from disk); it boots fine after hitting "Return".

Can someone please clarify if this is known/expected behaviour or
a problem with the software or the hardware?

dmesg from the laptop (running a recent snapshot)

OpenBSD 6.2 (GENERIC.MP) #123: Sat Sep 30 22:51:56 MDT 2017
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 8495951872 (8102MB)
avail mem = 8231452672 (7850MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xf2440 (67 entries)
bios0: vendor Dell Inc. version "A12" date 05/09/2012
bios0: Dell Inc. Latitude E6510
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC TCPA MCFG HPET BOOT SLIC SSDT
acpi0: wakeup devices AGP_(S4) P0P1(S4) HDEF(S4) PXSX(S4) RP01(S4) PXSX(S4) 
RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) RP04(S4) PXSX(S4) RP05(S4) PXSX(S4) 
RP07(S4) PXSX(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i7 CPU M 620 @ 2.67GHz, 2660.43 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,AES,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: TSC frequency 2660428950 Hz
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 132MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1, IBE
cpu1 at mainbus0: apid 4 (application processor)
cpu1: Intel(R) Core(TM) i7 CPU M 620 @ 2.67GHz, 2659.99 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,AES,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 2, package 0
cpu2 at mainbus0: apid 1 (application processor)
cpu2: Intel(R) Core(TM) i7 CPU M 620 @ 2.67GHz, 2659.99 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,AES,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 1, core 0, package 0
cpu3 at mainbus0: apid 5 (application processor)
cpu3: Intel(R) Core(TM) i7 CPU M 620 @ 2.67GHz, 2659.99 MHz
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,AES,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 1, core 2, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
acpimcfg0 at acpi0 addr 0xf800, bus 0-63
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (AGP_)
acpiprt2 at acpi0: bus 10 (P0P1)
acpiprt3 at acpi0: bus 1 (RP01)
acpiprt4 at acpi0: bus -1 (RP02)
acpiprt5 at acpi0: bus 2 (RP03)
acpiprt6 at acpi0: bus 4 (RP04)
acpiprt7 at acpi0: bus -1 (RP05)
acpiprt8 at acpi0: bus -1 (RP07)
acpiprt9 at acpi0: bus -1 (RP08)
acpiprt10 at acpi0: bus -1 (PEG3)
acpiprt11 at acpi0: bus -1 (PEG5)
acpiec0 at acpi0
acpicpu0 at acpi0: C3(350@245 mwait.3@0x20), C2(500@205 mwait.3@0x10), 
C1(1000@3 mwait.1), PSS
acpicpu1 at acpi0: C3(350@245 mwait.3@0x20), C2(500@205 mwait.3@0x10), 
C1(1000@3 mwait.1), PSS
acpicpu2 at acpi0: C3(350@245 mwait.3@0x20), C2(500@205 mwait.3@0x10), 
C1(1000@3 mwait.1), PSS
acpicpu3 at acpi0: C3(350@245 mwait.3@0x20), C2(500@205 mwait.3@0x10), 
C1(1000@3 mwait.1), PSS
"PNP0401" at acpi0 not configured
"DLL040B" at acpi0 not configured
"SMO8800" at acpi0 not configured
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: PBTN
acpibtn2 at acpi0: SBTN
acpiac0 at acpi0: AC unit offline
acpibat0 at acpi0: BAT0 model "DELL RG04908" serial 7861 type LION oem "Sanyo"
acpibat1 at acpi0: BAT1 not present
"*pnp0c14" at acpi0 not configured
acpivideo0 at acpi0: VID_
acpivideo1 at acpi0: VID_
acpivideo2 at acpi0: VID_
acpivout0 at acpivideo2: LCD_
cpu0: Enhanced SpeedStep 2660 MHz: speeds: 2667, 2666, 2533, 2399, 2266, 2133, 
1999, 1866, 1733, 1599, 1466, 1333, 1199 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel Core Host" rev 0x02
inteldrm0 at pci0 dev 2 function 0 "Intel HD Graphics" rev 0x02
drm0 at inteldrm0
intagp0 at inteldrm0
agp0 at intagp0: aperture at 0xe000, size 0x1000
inteldrm0: msi
inteldrm0: 1920x1080, 32bpp
wsdisplay0 at inteldrm0 mux 1: 

Re: Minor error in strftime man page

[Claus Assmann]

On Tue, Apr 18, 2017, Hrishikesh Muruk wrote:

> http://man.openbsd.org/man3/strftime.3

> The there are two definitions for the %I option

Nope. Use an editor and search for
%I
and you'll find only one. The other is 'l' (0x6c)

Maybe you need a better font?

Re: OpenBSD to Dell Latitude E6510

[Claus Assmann]

On Tue, Mar 28, 2017, Majern??ek ?tefan wrote:

> Is it possible install openbsd to notebook dell latitude E6510?

Yes.

An old install:

OpenBSD 5.6 (GENERIC.MP) #333: Fri Aug  8 00:20:21 MDT 2014
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
RTC BIOS diagnostic error 30
real mem = 8495951872 (8102MB)
avail mem = 8261009408 (7878MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xf2440 (67 entries)
bios0: vendor Dell Inc. version "A12" date 05/09/2012
bios0: Dell Inc. Latitude E6510
...

I don't have a dmesg from 6.0 available right now.

Re: qt 5.8.0 on OpenBSD 6.0 snapshot

[Claus Assmann]

Here's an update on this:

> eg++ -c -pipe -O2 -fPIC -std=c++1y -fvisibility=hidden
...
> -I/usr/X11R6/include -I/usr/X11R6/include/freetype2 -isystem /usr/include
> -isystem /usr/local/include -I../../../mkspecs/openbsd-g++ -o
> .obj/qbasicfontdatabase.o basic/qbasicfontdatabase.cpp
> In file included from
> /usr/local/lib/gcc/x86_64-unknown-openbsd6.0/4.9.3/include/x86intrin.h:29:0,
...
> ../../../include/QtGui/5.8.0/QtGui/qpa/qplatformfontdatabase.h:1,
>  from basic/qbasicfontdatabase_p.h:54,
>  from basic/qbasicfontdatabase.cpp:40:
> /usr/include/mmintrin.h: In function '__m64 _mm_add_si64(__m64, __m64)':

I installed a recent amd64 snapshot (02-28) and noticed
two mmintrin.h files on that system (after pkg_add g++-4.9.4p3)
in /usr/include/ (as seen in the error msg)
but also in /usr/local/lib/gcc/x86_64-unknown-openbsd6.0/4.9.4/include/
(from eg++)

By hacking the Makefiles where a mmintrin.h related error happens
the compilation of those files actually succeeds:

GI=/usr/local/lib/gcc/x86_64-unknown-openbsd6.0/4.9.4/include
INCPATH   = -I. -I../../../include -I../../../include/QtFontDatabaseSupport 
-I../../../include/QtFontDatabaseSupport/5.8.0 
-I../../../include/QtFontDatabaseSupport/5.8.0/QtFontDatabaseSupport 
-I../../../include/QtGui/5.8.0 -I../../../include/QtGui/5.8.0/QtGui 
-I../../../include/QtCore/5.8.0 -I../../../include/QtCore/5.8.0/QtCore 
-I../../../include/QtGui -I../../../include/QtCore -I.moc -I/usr/X11R6/include 
-I/usr/X11R6/include/libdrm -I/usr/X11R6/include/freetype2 -I/usr/X11R6/include 
-I/usr/X11R6/include/freetype2 -isystem $(GI) -isystem /usr/include -isystem 
/usr/local/include -I../../../mkspecs/openbsd-g++

That is, add GI=... and change INCPATH to include the eg++ location:
:.s;-isystem /;-isystem $(GI) &;

Is this a problem with
- qmake generating a wrong INCPATH (-isystem /usr/include etc)
- or eg++ not using its own include directory first
(- or something else)
?

Re: qt 5.8.0 on OpenBSD 6.0: compilation fails

[Claus Assmann]

On Tue, Feb 21, 2017, Stuart Henderson wrote:

> Some of the patches may be sane to upstream (or are backported and

Well, since the Qt source code comes with OpenBSD "support" [1] I
hoped it would at least compile without errors "out of the box".

[1] for example, qtbase/mkspecs/openbsd-g++/qmake.conf sets the
C++ compiler to eg++ and explicitly mentions OpenBSD 6.0.

Re: qt 5.8.0 on OpenBSD 6.0: compilation fails

[Claus Assmann]

On Tue, Feb 21, 2017, Rafael Sadowski wrote:

> You will not be happy with these plan. Not without reason there is only
> Qt 5.6 in -current. It is a hard piece of work for example see the patch
> set onyl for qt core:

Thanks, somehow the cvs checkout for ports/x11/qt5 on my system
didn't include all those subdirectories (wrong cvs command?),
so when I looked there I only found an empty ports/x11/qt5/patches/
directory...

Too bad Qt didn't (doesn't?) integrate those patches :-(

qt 5.8.0 on OpenBSD 6.0: compilation fails

[Claus Assmann]

(should this be asked on -ports?)

Maybe someone can give me a hint how to compile qt 5.8.0 on
OpenBSD 6.0 (amd64)? (I would like to install it for some other
SW which needs at least qt 5.7, but the pkg is 5.5).

Currently I'm stuck at this:

eg++ -c -pipe -O2 -fPIC -std=c++1y -fvisibility=hidden
-fvisibility-inlines-hidden -fno-exceptions -Wall -W -Wvla -pthread
-DQT_NO_CAST_FROM_ASCII -DQT_BUILD_FONTDATABASE_SUPPORT_LIB -DQT_BUILDING_QT
-DQT_NO_CAST_TO_ASCII -DQT_ASCII_CAST_WARNINGS -DQT_MOC_COMPAT
-DQT_USE_QSTRINGBUILDER -DQT_DEPRECATED_WARNINGS
-DQT_DISABLE_DEPRECATED_BEFORE=0x05 -DQT_NO_EXCEPTIONS
-D_LARGEFILE64_SOURCE -D_LARGEFILE_SOURCE -DQT_NO_DEBUG -DQT_GUI_LIB
-DQT_CORE_LIB -I. -I../../../include -I../../../include/QtFontDatabaseSupport
-I../../../include/QtFontDatabaseSupport/5.8.0
-I../../../include/QtFontDatabaseSupport/5.8.0/QtFontDatabaseSupport
-I../../../include/QtGui/5.8.0 -I../../../include/QtGui/5.8.0/QtGui
-I../../../include/QtCore/5.8.0 -I../../../include/QtCore/5.8.0/QtCore
-I../../../include/QtGui -I../../../include/QtCore -I.moc -I/usr/X11R6/include
-I/usr/X11R6/include/libdrm -I/usr/X11R6/include/freetype2
-I/usr/X11R6/include -I/usr/X11R6/include/freetype2 -isystem /usr/include
-isystem /usr/local/include -I../../../mkspecs/openbsd-g++ -o
.obj/qbasicfontdatabase.o basic/qbasicfontdatabase.cpp
In file included from
/usr/local/lib/gcc/x86_64-unknown-openbsd6.0/4.9.3/include/x86intrin.h:29:0,
 from
/usr/local/include/c++/4.9.3/x86_64-unknown-openbsd6.0/bits/opt_random.h:33,
 from /usr/local/include/c++/4.9.3/random:50,
 from /usr/local/include/c++/4.9.3/bits/stl_algo.h:66,
 from /usr/local/include/c++/4.9.3/algorithm:62,
 from
../../../include/QtCore/../../src/corelib/global/qglobal.h:108,
 from ../../../include/QtCore/qglobal.h:1,
 from
../../../include/QtGui/../../src/gui/kernel/qtguiglobal.h:43,
 from ../../../include/QtGui/qtguiglobal.h:1,
 from
../../../include/QtGui/5.8.0/QtGui/qpa/../../../../../src/gui/text/qplatformf
ontdatabase.h:52,
 from
../../../include/QtGui/5.8.0/QtGui/qpa/qplatformfontdatabase.h:1,
 from basic/qbasicfontdatabase_p.h:54,
 from basic/qbasicfontdatabase.cpp:40:
/usr/include/mmintrin.h: In function '__m64 _mm_add_si64(__m64, __m64)':
/usr/include/mmintrin.h:312:72: error: cannot convert 'long long int' to
'__vector(1) long long int' for argument '1' to '__vector(1) long long int
__builtin_ia32_paddq(__vector(1) long long int, __vector(1) long long int)'
   return (__m64) __builtin_ia32_paddq ((long long)__m1, (long long)__m2);
^
[rest of the error message is below]

that particular code is inside:
#ifdef __SSE2__


According to dmesg the CPU supports this:
cpu0: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz, 2397.95 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM
2,SSSE3,CX16,xTPR,PDCM,NXE,LONG,LAHF,PERF,SENSOR


Is that some error in eg++ (all software installed from pkg)?
How can this be fixed/avoided?


Here's the rest of the error message:

/usr/include/mmintrin.h: In function '__m64 _mm_sub_si64(__m64, __m64)':
/usr/include/mmintrin.h:416:72: error: cannot convert 'long long int' to
'__vector(1) long long int' for argument '1' to '__vector(1) long long int
__builtin_ia32_psubq(__vector(1) long long int, __vector(1) long long int)'
   return (__m64) __builtin_ia32_psubq ((long long)__m1, (long long)__m2);
^
/usr/include/mmintrin.h: In function '__m64 _mm_sll_pi16(__m64, __m64)':
/usr/include/mmintrin.h:523:71: error: cannot convert 'long long int' to
'__vector(4) short int' for argument '2' to '__vector(4) short int
__builtin_ia32_psllw(__vector(4) short int, __vector(4) short int)'
   return (__m64) __builtin_ia32_psllw ((__v4hi)__m, (long long)__count);
   ^
/usr/include/mmintrin.h: In function '__m64 _mm_slli_pi16(__m64, int)':
/usr/include/mmintrin.h:535:60: error: cannot convert 'int' to '__vector(4)
short int' for argument '2' to '__vector(4) short int
__builtin_ia32_psllw(__vector(4) short int, __vector(4) short int)'
   return (__m64) __builtin_ia32_psllw ((__v4hi)__m, __count);
^
/usr/include/mmintrin.h: In function '__m64 _mm_sll_pi32(__m64, __m64)':
/usr/include/mmintrin.h:548:71: error: cannot convert 'long long int' to
'__vector(2) int' for argument '2' to '__vector(2) int
__builtin_ia32_pslld(__vector(2) int, __vector(2) int)'
   return (__m64) __builtin_ia32_pslld ((__v2si)__m, (long long)__count);
   

Re: How to detect this kind of attacks (MTA: Invalid RCPT)

[Claus Assmann]

On Sat, Nov 26, 2016, Walter Alejandro Iglesias wrote:

> Is there a way to detect on the fly spam attacks like the pasted below
> (maillog)?  It seems pf max-src-conn-rate takes in care only the

Check the docs for your MTA.

> Nov 26 05:59:46 server smtpd[55880]: 3bcc430eee258cd7 smtp 
> event=failed-command address=119.141.24.19 host=119.141.24.19 command="RCPT 
> TO:" result="550 Invalid recipient"
[[ many times ]]

For example:
sendmail 8:
# limit the rate recipients per SMTP envelope are accepted
# once the threshold number of recipients have been rejected
BadRcptThrottle
BadRcptShutdown

MeTA1:
invalid_addresses_per_session_max: maximum number of invalid, e.g.,
 unknown, RCPT addresses per session accepted by server. After this
 limit is reached the connection is terminated with an 421 error.

Re: autoinstall (eg: disklabel -T) doesn't support templates that specify partition sizes in sectors?

[Claus Assmann]

On Thu, Oct 06, 2016, Erling Westenvik wrote:

[I'm only replying because I ran into a problem in this area and
posted a patch suggestion to the tech list; a different fix was
applied after some discussion.]

> templates, I was a little surprised to find that disklabel(8) apparently
> does not support specifying partition sizes givin in sectors, only in
...
> or megabytes. But I got curious as to why templates cannot be specified
> in sectors?

Just a guess: maybe because nobody needed it (so far)?

apply_unit() in src/sbin/disklabel/editor.c might be something you
want to look at and provide a patch? If a developer considers it
interesting/important enough, it might get into the tree.

Re: DMARC and misc@ (and likely other OpenBSD lists)

[Claus Assmann]

> If the OpenBSD list admins are reading this: would it be possible to
> make a similar change in the OpenBSD mailing list configuration?

Please don't.

Those people who break e-mail for some (imaginary?) "gain" should
deal with the problems themselves instead of forcing others to make
changes.

Re: sendmail mx question

[Claus Assmann]

> so the real smtp has the lower number but higher priority but like I said my
> sendmail always ends up with shit.example.not.nz.

What does "sendmail always ends up with shit.example.not.nz." mean?

Of course sendmail tries the secondary MX after trying the main MX.

Still no real data/logs/output of a verbose queue run for the domain/...

-- 
Note: I will most likely not reply to mails that
- use HTML
- top post
- quote more than necessary

Re: sendmail mx question

[Claus Assmann]

On Tue, Apr 05, 2016, Craig Skinner wrote:

> 1 shit.example.not.nz. # <<--- always defering server
> 2 smtp.example.not.nz. # <<--- real server

> Your server connects to 'shit.example.not.nz', which defers the mail,
> telling your server to try again later. So,. your server tries again
> later!!! It has no need to try the backup MX machine, it got told to try

Really?

Which MTA does that?
sendmail 8.x?


Well, it would be nice if the OP provides some real info, but since
he didn't do that, I didn't reply...

USB: panic: uvm_fault(0xd6bfac8c, 0x4e000, 0, 1)

[Claus Assmann]

On Sat, Mar 12, 2016, Claus Assmann wrote:
> I have this USB ANT+ stick
> "Dynastream Innovations ANT USBStick2" rev 2.00/1.00 addr 2

I updated that laptop to the 2016-03-10 i386 snapshot and got it
to "work", i.e., the data was read for about 40m then the system
crashed (and I lost the data for yet another workout)

Here's a partial transcript:

uvm_fault(0xd6bfac8c, 0x4e000, 0, 1) -> e
page fault trap, code=0
Stopped at usb_allocmem+0x15d:  cmpl %ebx,0(%eax)
usb_allocmem() at usb_allocmem+0x15d

usbd_transfer +0x6a
usbd_do_request_flags
usbd_do_request
usbd_clear_endpoint_stall
ugen_do_read
ugenread
spec_read
VOP_READ
vn_read
dofileready
sys_read
syscall +0x201

Not sure if this is sufficient for someone to figure out
what might be wrong, sorry.

usb_interrupt_write: can't open /dev/ugen1.01 for bulk read: Device not configured

[Claus Assmann]

I have this USB ANT+ stick
"Dynastream Innovations ANT USBStick2" rev 2.00/1.00 addr 2
which works "ok" under OpenBSD 5.2 in conjunction with libusb-0.1.12
in Golden Cheetah on a Dell laptop.
Unfortunately that laptop hangs after 5-25 minutes of using this
(most likely a HW problem: the fan doesn't seem to run fast enough?),
so I installed OpenBSD 5.8 on a similar Dell laptop (D505).
However, I can't compile libusb-0.1.12 there (several conflicts with
/usr/include/dev/usb/usb.h), so I tried the packages
libusb-compat-0.1.5p0 and libusb1-1.0.9p9.
Even though the program recognizes the USB stick, it isn't able to actually
use it. It produces errors like this:

usb_set_altinterface Error:  could not set alt intf 0/0: Invalid argument
usb_interrupt_write Error writing [ -6 ]:  can't open /dev/ugen1.01 for bulk 
read: Device not configured
usb_interrupt_write Error writing [ -6 ]:  can't open /dev/ugen1.01 for bulk 
read: Device not configured
ANT device reset was not acknowledged !...try again

last 3 entries repeated severat times, then:

** CLOSING CHANNEL 0 **
usb_interrupt_write Error writing [ -6 ]:  can't open /dev/ugen1.01 for bulk 
read: Device not configured
usb_interrupt_write Error writing [ -6 ]:  can't open /dev/ugen1.01 for bulk 
read: Device not configured
lost info for channel 0
** OPENING CHANNEL 0 **
0 type= 1 device type= 120 freq= 57
usb_interrupt_write Error writing [ -6 ]:  can't open /dev/ugen1.01 for bulk 
read: Device not configured
usb_interrupt_write Error writing [ -6 ]:  can't open /dev/ugen1.01 for bulk 
read: Device not configured
0 assign channel type RX

and so on...

I have two more computers with OpenBSD, but both of them crash
when I insert any USB stick, so I'm basically out of HW for testing.

I could "downgrade" the OpenBSD 5.8 box to something older (on which
libusb-0.1.12 can be compiled?) but before I do that I would like
to know whether there are "better" approaches to resolve the problem.
For example, is this some known problem that might be fixed in a
recent(?) snapshot?

PS: dmesg for the system:
OpenBSD 5.8 (GENERIC) #1066: Sun Aug 16 02:33:00 MDT 2015
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) M processor 1.60GHz ("GenuineIntel" 686-class) 1.60 
GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,PBE,EST,TM2,PERF
real mem  = 1071833088 (1022MB)
avail mem = 1038008320 (989MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: date 01/28/05, BIOS32 rev. 0 @ 0xffe90, SMBIOS rev. 2.3 @ 
0xf8ce0 (61 entries)
bios0: vendor Dell Inc. version "A08" date 01/28/2005
bios0: Dell Inc. Latitude D505
acpi0 at bios0: rev 0
acpi0: sleep states S0 S1 S3 S4 S5
acpi0: tables DSDT FACP
acpi0: wakeup devices LID_(S3) PBTN(S4) PCI0(S3) USB0(S1) CH1_(S1) USB1(S1) 
USB2(S1) USB3(S1) MODM(S3) PCIE(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (PCIE)
acpicpu0 at acpi0
C1: unknown FFH vendor 8: !C3(100@185 io@0x816), !C3(250@85 io@0x815), 
!C2(500@1 io@0x814), C1(@1 halt!), PSS
acpitz0 at acpi0: critical temperature is 101 degC
acpiac0 at acpi0: AC unit online
acpibat0 at acpi0: BAT0 model "DELL Y13385" serial 88 type LION oem "Sanyo"
acpibat1 at acpi0: BAT1 not present
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: PBTN
acpibtn2 at acpi0: SBTN
acpidock0 at acpi0: GDCK not docked (0)
acpivideo0 at acpi0: VID_
acpivideo1 at acpi0: VID2
bios0: ROM list: 0xc/0xd800! 0xcd800/0x800 0xce000/0x800 0xce800/0x800 
0xcf000/0x800 0xcf800/0x800
cpu0 at mainbus0: (uniprocessor)
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: Enhanced SpeedStep 1599 MHz: speeds: 1600, 1600, 1600, 1400, 1200, 1000, 
800, 600 MHz
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 "Intel 82855GM Host" rev 0x02
"Intel 82855GM Memory" rev 0x02 at pci0 dev 0 function 1 not configured
"Intel 82855GM Config" rev 0x02 at pci0 dev 0 function 3 not configured
vga1 at pci0 dev 2 function 0 "Intel 82855GM Video" rev 0x02
intagp0 at vga1
agp0 at intagp0: aperture at 0xf000, size 0x800
inteldrm0 at vga1
drm0 at inteldrm0
composite sync not supported
composite sync not supported
drm: fixme: max PWM is zero
wrong connector dpms state
active connector not linked to encoder
encoder->connectors_active not set
encoder not enabled
WARNING !encoder->base.crtc failed at 
../../../../dev/pci/drm/i915/intel_display.c:3887
inteldrm0: 1400x1050
wsdisplay0 at vga1 mux 1: console (std, vt100 emulation)
wsdisplay0: screen 1-5 added (std, vt100 emulation)
"Intel 82855GM Video" rev 0x02 at pci0 dev 2 function 1 not configured
uhci0 at pci0 dev 29 function 0 "Intel 82801DB USB" rev 0x01: irq 11
uhci1 at pci0 dev 29 function 1 "Intel 82801DB USB" rev 0x01: irq 11
uhci2 at pci0 dev 29 function 2 "Intel 82801DB USB" rev 0x01: irq 11
ehci0 at pci0 dev 29 function 7 "Intel 82801DB USB" rev 0x01: irq 11
usb0 at 

Re: piping stderr to tee log (so I can have my log and watch it, too)

[Claus Assmann]

On Mon, Jan 18, 2016, Joel Rees wrote:

>cd /usr/src && cvs -d$CVSROOT up -Pd | tee /var/log/build/cvssrc.log

> except the 2>&1 is, I think the book says, too late to collect both

Which book?

> output streams into buildsys.log .

cd /usr/src && cvs -d$CVSROOT up -Pd 2>&1 | tee /var/log/build/cvssrc.log

Re: dual separator?

[Claus Assmann]

On Fri, Aug 22, 2014, Adam Thompson wrote:
 I have a large number of email tags, but use both + and - as a
 separator.
 So far, I'm entering all the - ones into aliases; is there a better way to
 do this?
 In postfix, I was able to use a regex to manipulate incoming addresses to

Hmm, it might be help to answer your question if you tell us which MTA
you are using... (or you could switch to postfix...)

Re: SMTP syntax (was: Content Filtering in smtpd(8) with amavisd-new)

[Claus Assmann]

On Wed, Feb 26, 2014, Aaron Poffenberger wrote:

 I tried that. If you telnet into smtpd to manually send an email and set
 rcpt to: user you will receive a 553 Recipient address syntax

That's invalid even if you gave a proper address.

RFC 5321:

  RCPT TO:forward-path [ SP rcpt-parameters ] CRLF
...
   Since it has been a common source of errors, it is worth noting that
   spaces are not permitted on either side of the colon following FROM
   in the MAIL command or TO in the RCPT command.  The syntax is exactly
   as given above.

Re: Strange STARTTLS issue

[Claus Assmann]

On Thu, Sep 12, 2013, John Hynes wrote:

 openssl s_client -starttls smtp -connect mail.dean.edu:25
 
 ...from any of my OpenBSD 5.3 hosts, I get the same response:

 CONNECTED(0003)
 12556912661392:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
 failure:/usr/src/lib/libssl/ssl/../src/ssl/s23_lib.c:177:

Add -no_tls1_2 to your call.

If that works, add some options to sendmail to make SSL_OP_NO_TLSv1_2
available:

diff -ru sendmail-8.14.7/sendmail/readcf.c sendmail-8.14.7-new/sendmail/readcf.c
--- sendmail-8.14.7/sendmail/readcf.c   2013-03-15 17:54:12.0 +
+++ sendmail-8.14.7-new/sendmail/readcf.c   2013-06-24 14:26:01.0 
+0100
@@ -2303,13 +2303,16 @@
longsslopt_bits;/* bits to set/clear */
 } SSL_Option[] =
 {
-/* these are turned on by default */
+/* Bugs (and some others) are turned on by default */
 #ifdef SSL_OP_MICROSOFT_SESS_ID_BUG
{ SSL_OP_MICROSOFT_SESS_ID_BUG,   SSL_OP_MICROSOFT_SESS_ID_BUG
},
 #endif
 #ifdef SSL_OP_NETSCAPE_CHALLENGE_BUG
{ SSL_OP_NETSCAPE_CHALLENGE_BUG,  SSL_OP_NETSCAPE_CHALLENGE_BUG   
},
 #endif
+#ifdef SSL_OP_LEGACY_SERVER_CONNECT 
+   { SSL_OP_LEGACY_SERVER_CONNECT,   SSL_OP_LEGACY_SERVER_CONNECT
},
+#endif
 #ifdef SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
{ SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG,
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG },
 #endif
@@ -2346,9 +2349,18 @@
 #ifdef SSL_OP_NO_TICKET
{ SSL_OP_NO_TICKET,   SSL_OP_NO_TICKET},
 #endif
+#ifdef SSL_OP_CISCO_ANYCONNECT
+   { SSL_OP_CISCO_ANYCONNECT,SSL_OP_CISCO_ANYCONNECT },
+#endif
 #ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
{ SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION,  
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION   },
 #endif
+#ifdef SSL_OP_NO_COMPRESSION
+   { SSL_OP_NO_COMPRESSION,  SSL_OP_NO_COMPRESSION   },
+#endif
+#ifdef SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
+   { SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION,   
SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION},
+#endif
 #ifdef SSL_OP_SINGLE_ECDH_USE
{ SSL_OP_SINGLE_ECDH_USE, SSL_OP_SINGLE_ECDH_USE  },
 #endif
@@ -2373,6 +2385,12 @@
 #ifdef SSL_OP_NO_TLSv1
{ SSL_OP_NO_TLSv1,SSL_OP_NO_TLSv1 },
 #endif
+#ifdef SSL_OP_NO_TLSv1_2
+   { SSL_OP_NO_TLSv1_2,  SSL_OP_NO_TLSv1_2   },
+#endif
+#ifdef SSL_OP_NO_TLSv1_1
+   { SSL_OP_NO_TLSv1_1,  SSL_OP_NO_TLSv1_1   },
+#endif
 #ifdef SSL_OP_PKCS1_CHECK_1
{ SSL_OP_PKCS1_CHECK_1,   SSL_OP_PKCS1_CHECK_1},
 #endif
@@ -2385,6 +2403,9 @@
 #ifdef SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
{ SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG, 
SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG  },
 #endif
+#ifdef SSL_OP_CRYPTOPRO_TLSEXT_BUG
+   { SSL_OP_CRYPTOPRO_TLSEXT_BUG,SSL_OP_CRYPTOPRO_TLSEXT_BUG 
},
+#endif
{ NULL, 0   }
 };
 #endif /* STARTTLS  _FFR_TLS_1 */

starttls.8 clarification attempt

[Claus Assmann]

I just pointed someone to the starttls man page and noticed
some things that are wrong or don't make much sense:

The first entry is missing a tag. I don't understand:
force string verification depths to at least 80 bits
string - strong maybe?
But depths to at least 80 bits doesn't make much sense to me.

cf/README states:
VERIFY:bits verification must have succeeded and ${cipher_bits} must
be greater than or equal bits.
ENCR:bits   ${cipher_bits} must be greater than or equal bits.

So here's a suggested patch (also increasing the strength, as 112/80
isn't considered strong).

--- starttls.8- Sun Oct 14 09:46:56 2012
+++ starttls.8  Sun Oct 14 09:49:37 2012
@@ -319,13 +319,13 @@
 Here are a few example entries that illustrate these features, and
 the role based granularity as well:
 .Pp
-Force strong (112-bit) encryption for communications for this server:
+Force strong (256-bit) encryption for communications for this server:
 .Pp
-.Dl server1.example.netENCR:112
+.Dl TLS_Srv:server1.example.netENCR:256
 .Pp
-For a TLS client, force string verification depths to at least 80 bits:
+For a TLS client, force encryption with least 128 bits and also verification:
 .Pp
-.Dl TLS_Clt:desktop.example.net VERIFY:80
+.Dl TLS_Clt:desktop.example.net VERIFY:128
 .Pp
 Much more complicated access maps are possible, and error conditions (such
 as permanent or temporary, PERM+ or TEMP+) can be set on the basis of

uhub6: port 3, set config at addr 2 failed

[Claus Assmann]

When I connect a Polar USB reader (interface to a Polar HRM) to a
machine running OpenBSD 5.2 current (see dmesg below), I get the
following errors (I tried different USB slots just in case some
cabling would be bad):

uhub6: port 3, set config at addr 2 failed
uhub6: device problem, disabling port 3
uhub6: port 4, set config at addr 2 failed
uhub6: device problem, disabling port 4
uhub6: port 3, set config at addr 2 failed
uhub6: device problem, disabling port 3

and the program to read data from the device doesn't find it.
Is this a problem in the OS itself? Any suggestion whether this
can be fixed?


Currently I'm using an old laptop running SuSE 9.3 where the device
is detected properly:
suse93 kernel: usb 2-1: new low speed USB device using uhci_hcd and address 3
suse93 kernel: usb 2-1: USB disconnect, address 3

and the program (s710d) recognizes the device:
Found Polar USB interface Vendor 0x0da4, ProdID 0x0001


Here's the dmesg for the machine:
OpenBSD 5.2-current (GENERIC.MP) #25: Tue Sep 11 11:51:08 MDT 2012
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 8587247616 (8189MB)
avail mem = 8336228352 (7950MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.5 @ 0x9f000 (64 entries)
bios0: vendor American Megatrends Inc. version 1007 date 03/25/2010
bios0: ASUSTeK Computer INC. M4A88TD-M
acpi0 at bios0: rev 2
acpi0: sleep states S0 S1 S3 S4 S5
acpi0: tables DSDT FACP APIC MCFG OEMB HPET SSDT
acpi0: wakeup devices PCE2(S4) PCE3(S4) PCE5(S4) PCE6(S4) PCE7(S4) PCE9(S4) 
PCEA(S4) RLAN(S4) SBAZ(S4) P0PC(S4) GEC_(S4) UHC1(S4) UHC2(S4) USB3(S4) 
UHC4(S4) USB5(S4) UHC6(S4) UHC7(S4) PS2M(S4) PS2K(S4) UAR1(S4)
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD Phenom(tm) II X6 1055T Processor, 2812.80 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 
16-way L2 cache, 6MB 64b/line 48-way L3 cache
cpu0: ITLB 32 4KB entries fully associative, 16 4MB entries fully associative
cpu0: DTLB 48 4KB entries fully associative, 48 4MB entries fully associative
cpu0: AMD erratum 721 detected and fixed
cpu0: apic clock running at 200MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: AMD Phenom(tm) II X6 1055T Processor, 2812.48 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT
cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 
16-way L2 cache, 6MB 64b/line 48-way L3 cache
cpu1: ITLB 32 4KB entries fully associative, 16 4MB entries fully associative
cpu1: DTLB 48 4KB entries fully associative, 48 4MB entries fully associative
cpu1: AMD erratum 721 detected and fixed
cpu2 at mainbus0: apid 2 (application processor)
cpu2: AMD Phenom(tm) II X6 1055T Processor, 2812.48 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT
cpu2: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 
16-way L2 cache, 6MB 64b/line 48-way L3 cache
cpu2: ITLB 32 4KB entries fully associative, 16 4MB entries fully associative
cpu2: DTLB 48 4KB entries fully associative, 48 4MB entries fully associative
cpu2: AMD erratum 721 detected and fixed
cpu3 at mainbus0: apid 3 (application processor)
cpu3: AMD Phenom(tm) II X6 1055T Processor, 2812.49 MHz
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT
cpu3: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 
16-way L2 cache, 6MB 64b/line 48-way L3 cache
cpu3: ITLB 32 4KB entries fully associative, 16 4MB entries fully associative
cpu3: DTLB 48 4KB entries fully associative, 48 4MB entries fully associative
cpu3: AMD erratum 721 detected and fixed
cpu4 at mainbus0: apid 4 (application processor)
cpu4: AMD Phenom(tm) II X6 1055T Processor, 2812.49 MHz
cpu4: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT
cpu4: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 
16-way L2 cache, 6MB 64b/line 48-way L3 cache
cpu4: ITLB 32 4KB entries fully associative, 16 4MB entries fully associative
cpu4: DTLB 48 4KB 

Re: patch for the afterboot.8 man page

[Claus Assmann]

On Thu, Jul 26, 2012, John Long wrote:

 Third time's the charm?

No.  If you take a look at the file, you'll see that each new
sentence starts at a new line. That's what someone was trying to
tell you before... (this convention makes diffs simpler).

Re: ksh's HISTFILE

[Claus Assmann]

On Tue, Mar 13, 2012, Hugo Villeneuve wrote:
 On Mon, Mar 12, 2012 at 01:03:54PM +0200, lilit-aibolit wrote:

  export HISTFILE=~/.sh_history

 Because last time I tried, it was unusable if you ran more than two
 session concurently, as both shell would use the same file directly

Maybe try something like this?

HISTFILE=${HOME%/}/.ksh_hist.$$

Re: Unbound in base

[Claus Assmann]

On Tue, Feb 14, 2012, Vitali wrote:
 On Tue, Feb 14, 2012 at 10:09 AM, Peter van Oord van der Vlies

  Why replacing bind ?

 https://www.isc.org/software/bind/advisories/cve-2012-1033

Bad CVE choice...
That's a design issue in DNS, not a vulnerability in BIND.

And if you want to throw CVEs around:
Unbound VU#209659 CVE-2011-4528
   Unbound denial of service vulnerabilities from nonstandard
   redirection and denial of existence

But at least it seems to have less problems than bind(?)

Re: sendmail TLS errors

[Claus Assmann]

On Sat, Jan 28, 2012, Peter Fraser wrote:

 It would have been nice if sendmail falls back to a none TLS connection if the
 handshake occurs.

See the RFC about STARTTLS why this isn't possible within a single
session.  Hence the MTA would have to remember that TLS failed
before and not try it in a subsequent session. That's not exactly
trivial with sm8: the information has to be stored somewhere, there
has to be some decision which kind of errors actually cause avoiding
TLS, how often an error should occur before doing so, when an error
condition should time out, etc. All of this has to work together
with any TLS related requirements specified in the access map and
other delivery decisions.

Re: Sendmail listens on *:465 when it is not supposed to!

[Claus Assmann]

On Sun, May 15, 2011, Michael Sioutis wrote:

 # DAEMON_OPTIONS(`Family=inet, Port=465, Name=MTA-SSL, M=s')dnl (---
 Yes, a comment!)

 beginning with # and I thought these would be treated as comments as well.

The fine documentation (cf/README) says:

One word of warning:  M4 macros are expanded even in lines that appear
to be comments.  For example, if you have

# See FEATURE(`foo') above

it will not do what you expect, because the FEATURE(`foo') will be
expanded.  This also applies to 


Place dnl at the begin:

dnl DAEMON_OPTIONS(`Family=inet, Port=465, Name=MTA-SSL, M=s')

See m4(1)

SSD with firmware upgrade under OpenBSD

[Claus Assmann]

I was about to buy an OCZ Vertex 2 SSD when I read that firmware
updates for that kind of SSD require some M$ Windows version.  Is
someone using SSDs with a high IOPS rate (the Sandforce controller
claims 45-50 kIOPS) which can be updated under some freely available
software? I would like to try an SSD as mail queue FS etc.

Re: (mailx) How can I alter From header

[Claus Assmann]

On Mon, Oct 25, 2010, Dmitrij Czarkoff wrote:

 /etc/mail/genericstable (hashed with sudo make at /etc/mail):
 
 ddc czark...@gmail.com
 d...@ao531h.bedova czark...@gmail.com

The documentation (cf/README) states:
genericstable   This feature will cause unqualified addresses (i.e., without
a domain) and addresses with a domain listed in class {G}
to be looked up in a map and turned into another (generic)
form, which can change both the domain name and the user name.
Notice: if you use an MSP (as it is default starting with
8.12), the MTA will only receive qualified addresses from the
MSP (as required by the RFCs).  Hence you need to add your
domain to class {G}.

Run sendmail in test mode:

sendmail -bt
?
$={G}
/map generics d...@ao531h.bedova
/tryflags ES
/try esmtp d...@ao531h.bedova

Re: (mailx) How can I alter From header

[Claus Assmann]

On Mon, Oct 25, 2010, Dmitrij Czarkoff wrote:

 /var/log/maillog:

 from=d...@ao531h.bedova, size=562, nrcpts=1, proto=ESMTP,
 relay=localhost [127.0.0.1]

 Oct 25 01:55:02 ao531h smtpd[24195]: 1287964495.exbcVgC3ABHbm9B9:
 ^ ^^^
 to=czark...@gmail.com, delay=7, relay=fx-in-f27.1e100.net
 [74.125.39.27], stat=Sent (2.0.0 OK 1287964502 16si5842589fal.19)

Hmm, you aren't running sendmail 8, you run smtpd as your MTA, right?
Then changing the sm8 configuration won't help much.

Re: 4.7 smtpd 500 Pipelining unsupported

[Claus Assmann]

On Fri, Sep 24, 2010, Mr. Roboto wrote:

[Sorry, I can't resist...]

 MAIL FROM: i...@example.net

Syntax error: space after colon is invalid.

 RCPT TO: al...@ipv6.example.org

Same here.

Re: cvsync problem: no update since 2010-09-09

[Claus Assmann]

I got some replies off list (thanks!) which suggested that servers
outside the USA work. So I tried anoncvs.comstyle.com and that
updated my local copy fine (and download a 145MB history file).
Today I switched back to anoncvs3.usa.openbsd.org and this one seems
to work now again (but the history file in CVSROOT/ is gone...)

cvsync problem: no update since 2010-09-09

[Claus Assmann]

It seems I don't get updates to the OpenBSD cvs tree anymore since
2010-09-09. Back then it ran fine:
Connecting to anoncvs3.usa.openbsd.org port 
Connected to 192.43.244.161 port 
Running...
Updating (collection openbsd/rcs)   
 Update CVSROOT/ChangeLog
 Edit ports/cad/gerbv/Makefile,v
 [[... many more file ...]]
 Edit www/plus48.html,v
 Edit www/translation.html,v
Done (collection openbsd/rcs)
Finished successfully

Since then I only get:
$ cvsync -c /home/ca/OpenBSD/etc/cvsync.conf -4 -v
Parsing a file /home/ca/OpenBSD/etc/cvsync.conf...
Connecting to anoncvs.usa.openbsd.org port 
Connected to 149.20.54.217 port  
Protocol: 0.24
Hash: MD5
Exchanging collection list...
 collection name openbsd release rcs umask 002
Compression: zlib
Trying to establish the multiplexed channel...
Running...
Updating (collection openbsd/rcs)
Done (collection openbsd/rcs)
Finished successfully
Total time: 112.468 sec

I tried different servers:
config {
  #hostname anoncvs3.usa.openbsd.org
  hostname anoncvs.usa.openbsd.org
  #hostname cvsync.csociety.org
  compress
  collection {
name openbsd release rcs
prefix /home/ca/OpenBSD/cvs
umask 002
  }
}

but still no changes. For example, www/48.html is at 1.5 in my cvs
copy, but according to cvsweb it is at 1.9.

What am I doing wrong?

Re: SMTP syntax (was: MTA choice)

[Claus Assmann]

On Wed, Aug 18, 2010, Peter J. Philipp wrote:

 mail from: p...@solarscale.de

Syntax error. The RFCs do not allow a space after the colon.

 rcpt to: secur...@solarscale.de

same here.

It's fascinating how some broken software caused other software to
deal with that kind of garbage and almost every new MTA has to
implement those hacks to be backward compatible.

Re: MeTA1 (was: MTA choice)

[Claus Assmann]

On Wed, Aug 18, 2010, Gregory Edigarov wrote:

 Meta1, which is viewed by some as a sendmail made right is still in
 very deep pre-alpha state... what a pity.   

Despite being called pre-alpha MeTA1 runs without problems
for years at various sites.  It's in pre-alpha to make my
life easier: I can make changes without offering backward
compatibility. While I try to avoid that, it reduces my
workload if those changes are deemed necessary (however, I
provided scripts/instructions for upgrading each time this
happened).

Alternatively, I could just go through the release process to make
MeTA1-1.0.0 available and then start MeTA1-2.0.PreAlpha0, but I'm
not sure whether that's the right thing to do.

Do quote the MeTA1 docs:

PreAlpha: This means the software is not feature complete and hence
might be missing some functionality that is considered important
by different users.  Additionally, there might be no compatibility
in data structures stored on disk between different pre-alpha
versions, e.g., when upgrading from PreAlpha16 to PreAlpha17 the
main queue format may have changed without checks in the software
for this.  Hence old queues must be drained before upgrading.
Moreover, the protocols used for communication between MeTA1 modules
may have changed without providing backward compatibility, therefore
modules from different releases must not be used together.  Such
incompatibilities are usually stated in the list of changes.

Re: Rejected messages

[Claus Assmann]

On Wed, Jul 21, 2010, Vijay Sankar wrote:

 Increasingly, we are getting email messages with headers that
 include msgid that look like the following:

 msgid=de444eb9-5677-47a9-9a51-4b86b5f09cee

Complain to the sender and tell them to fix their garbage
that violates the RFCs (2822, 5322):

msg-id  =   [CFWS]  id-left @ id-right  [CFWS]

 SCheckMessageId
 R $+ $@ OK
 R$* $#error $: 553 Header Error

 be appropriate?

In that case you may as well remove the whole check.

Re: no Chroot in Match Block of sshd?

[Claus Assmann]

On Fri, Jul 02, 2010, Devin Ceartas wrote:
 /etc/ssh/sshd_config: line 119: Bad configuration option:
 ChrootDirecotry
 ^^
 /etc/ssh/sshd_config line 119: Directive 'ChrootDirecotry' is not
 allowed within a Match block
 
 I KNOW I've done this in the recent past. When/why did it change??

Maybe it works if you spell it correctly?
ChrootDirectory

Re: Sendmail performance and OpenBSD

[Claus Assmann]

On Tue, May 11, 2010, Steve Shockley wrote:

 I also ran Jeff Ross' first dd test:

Sorry, but that's almost completely irrelevant for an MTA.  The
important part for an MTA is IOPs. An MTA has to open/write/close/sync
queue files at a high rate, which means the number of FS meta
operations is important. You can look at postfix's fsstone, or the
perf/ subdirectory of the MeTA1 distribution for test programs.
Unfortunately OpenBSD's FS isn't the fastest for this kind of
operations but it is more than fast enough for your requirements
(unless something is wrong with the disk driver or your setup).

You might want get Nick Christenson's book about sendmail performance
tuning (http://www.jetcafe.org/npc/book/sendmail/) for a lot of insight.

Re: Sendmail performance and OpenBSD

[Claus Assmann]

On Sun, May 09, 2010, Steve Shockley wrote:
 A few days ago, I had an old Windows box that worked as an inbound
 mail relay start to fail, so I figured I'd replace it with two
 OpenBSD boxes in a CARP pool.

Oops... usually you replace 10 windows boxes with a single Unix server...

 The site gets about 30-40k messages per day.  During periods of
 heavy load, the load average would occasionally spike over 12, and

Hmm, this isn't Linux, so disk I/O isn't counted, right?  Anyway,
the default is probably not a good value.  Moreover, LA isn't really
useful (as you know), e.g., I run a multi-threaded MTA, hence LA
is never higher than 5 (the number of processes that are involved).

 working a lot harder than I'd expect.  For reference, the Windows
 box I replaced was a DL380 G2, with a single P3-1.4 and 256mb RAM,
 and it was running a commercial antivirus product based on Sendmail.

Sendmail for NT? AFAIR that product is able to relay 1-2 (or was
it 4?) messages/second. sendmail 8 itself (just the MTA on a Unix box
with a disk subsystem that has a battery-backed cache) is able to
relay about 500 msgs/s (depending on CPU, RAM, network I/O capacity,
etc of course, and - most important - DeliveryMode).

 What can I do to diagnose the performance bottleneck?  The CPU is
 mostly idle.

So what drives the load up? Do you run several milters on the
machine (each of which shouldn't contribute more than 1 to LA
as those are multi-threaded)?

PS: you might want to run some of those disk I/O benchmarks
to determine the number of IOPs your system can provide.

cat0/tr.0 broken?

[Claus Assmann]

Are formatting problems in the man pages currently expected due to
the change to mandoc or should those be reported as bugs?  I installed
a snapshot form 2010-04-02 and saw this layout (same for 2010-04-05
http://obsd.cec.mtu.edu/pub/OpenBSD/snapshots/i386/man47.tgz)

./usr/share/man/cat1/tr.0

. All classes may be used in . .Ar string1, . and in . .Ar
string2 . when both the . .Fl d . and . .Fl s . options
are specified.  . Otherwise, only the classes ``upper'' and
``lower'' may be used in . .Ar string2 . and then only when
the corresponding class (``upper'' for ``lower'' . and vice-
versa) is specified in the same relative position in . .Ar
string1.  . .Pp With the exception of the ``upper'' and



fgrep .Ar ./usr/share/man/cat?/*
shows only tr.0 to be affected (I didn't check for the other
formatting directives).

Re: cat1/sh.0: formatting problem (was: cat0/tr.0 broken?)

[Claus Assmann]

On Mon, Apr 05, 2010, Marc Espie wrote:

 This should indeed be reported, thanks.

ok, here's something that doesn't look right (hmm, I should
probably file a bug?)

man sh (snapshot i386 from today):

 The following forms of parameter substitution can also be used:

 Pf ${#name}
 The number of positional parameters if name is `*', `@', or not
 specified; otherwise the length of the string value of parameter
 name.

 Pf ${#name[*]}
 Pf ${#na...@]}
 The number of elements in the array name.


on an older system (4.6):

 The following forms of parameter substitution can also be used:

 ${#name}
 The number of positional parameters if name is `*', `@', or not
 specified; otherwise the length of the string value of parameter
 name.

 ${#name[*]}
 ${#na...@]}
 The number of elements in the array name.

Re: no hostname in mails sent with smtpd in a crontab

[Claus Assmann]

On Thu, Oct 15, 2009, Jacek Masiulaniec wrote:

 smtpd currently does no content inspection.  However, even the most
 basic SMTP implementation needs to parse message content, eg.  to
 add missing domainpart to From:, add missing Date: or Message-Id:
 or to strip Return-Path:.  So, we need to come up with a solution
 that will cater for all these cases, and possibly more.

You need that only in an MSA, not in an MTA. My MTA package doesn't
offer that either, that's why it uses some other software as MSA
which adds all the required headers if they are missing (a decent
MUA doesn't need any fixups, but you can't rely on that as there
are obviously other programs that submit mail).

Re: VHS transfer on OpenBSD

[Claus Assmann]

On Mon, Aug 17, 2009, Chris Bennett wrote:

 As I understand, there is No Audio support for bktr, just video.

Your understanding is wrong, audio and video work just fine.

xkb: how to map Shift-Backspace to '|'?

[Claus Assmann]

As xmodmap doesn't work anymore, I'm trying to switch to xkb.
I hacked /etc/X11/xkb/symbols/us to make the laptop keyboard
more like a Unix keyboard:

--- us- Mon Jul 20 14:56:22 2009
+++ us  Mon Jul 20 15:09:41 2009
@@ -334,10 +334,18 @@
 key RWIN {   [   Multi_key   ]   };
 };
 
-// defintion which includes both the Windows95 keyboards _and_
+// definition which includes both the Windows95 keyboards _and_
 // the extra key on most European keyboards.
 xkb_symbols pc105 {
 include us(pc104)
+
+key ESC  { [ grave,  asciitilde  ] };
+key TLDE { [Escape,  asciitilde  ] };
+override key BKSP { [ backslash, bar ]   };
+// key BKSP { [ backslash,   bar ]   };
+key BKSL { [ BackSpace,  bar ]   };
+key RALT { [ grave,  asciitilde  ] };
+
 key LSGT { [  less,greater   ] };
 };
 xkb_symbols pc105euro {


This works reasonably well except for Shift-Backspace: it produces
'\' not '|'. Is there some trick to get the desired result?

PS: I tried it also without override (which I took from the apple
file), but that doesn't work either.

xmodmap and Xkeyboard interaction

[Claus Assmann]

I have a problem with xmodmap on an OpeBSD 4.4 installation
(Dell Latitude D830).  My .xmodmap file looks like this:

remove Lock = Caps_Lock
keysym Caps_Lock = Control_L
add Control = Control_L
keycode  22 = backslash bar
keycode  51 = BackSpace BackSpace Delete underscore
keycode  49 = Escape asciitilde grave bar
keycode  113 = grave asciitilde
pointer = 1 2 3

That is, besides the usual Caps/Ctrl swap I also swap Backspace
and \| as well as some other keys. This worked fine in old
OpenBSD (X) versions. In an earlier OpenBSD version I first noticed
that Shift Backspace does not produce | but \.  After some
hacking I found that I could make it work again by using

Section ServerFlags
Option  XkbDisabletrue
EndSection

in /etc/X11/xorg.conf.  Trying the same trick in 4.4 does not
work at all, several things break, including function keys,
key repetition, etc.

Question: is there a way to make xmodmap work for Shift-Backspace
properly?

If not, do I need to use XKEYBOARD or is there a simpler way to
achieve my keyboard remapping goals (so it looks like a standard
UNIX keyboard)?

Re: sendmail STARTTLS

[Claus Assmann]

On Thu, Jul 10, 2008, GVG GVG wrote:

 -rw-r--r--  1 root  wheel  1679 Jun 23 17:04 key.pem
  ^  ^

 and in the mail_log there is nothing recorded! No errors or warnings!

1. man starttls (and see the referenced website).
2. increase the LogLevel (even though those errors should be logged
at the default level.)

Re: sendmail STARTTLS

[Claus Assmann]

On Thu, Jul 10, 2008, GVG GVG wrote:

 I first have to excuse myself cause I claimed that there were no errors in
 the log file!
 
 Well, there was no debugging output enabled. Now I did that with '-d0-17.4'
 flags!

You do NOT need to enable debugging to get logging...

 Still I don't see anything weird in there! I don't know if you can provide
 with an example of such an error or warning?

STARTTLS=server: file /etc/mail/smkey.pem unsafe: Group readable file

Either you aren't running sendmail or you broke logging...

Re: 4.3 Beta: no sound

[Claus Assmann]

On Sat, Mar 01, 2008, Jacob Meuser wrote:

  Selected audio codec: [mp3] afm: mp3lib (mp3lib MPEG layer-2, layer-3)
  ==
  AO: [null] 32000Hz 2ch s16le (2 bytes per sample)
    does that mean no driver?

 try with mplayer -ao sun ...

That's not available:

$ mplayer -ao help
MPlayer 1.0rc2-3.3.5 (C) 2000-2007 MPlayer Team
CPU: AMD Athlon(tm) 64 Processor 3000+ (Family: 15, Model: 4, Stepping: 8)
CPUflags:  MMX: 1 MMX2: 1 3DNow: 1 3DNow2: 1 SSE: 1 SSE2: 1
Compiled for x86 CPU with extensions: MMX MMX2 3DNow 3DNowEx SSE SSE2
Available audio output drivers:
mpegpes Mpeg-PES audio output
nullNull audio output
pcm RAW PCM/WAVE file writer audio output


.mplayer/config only contains:
# Write your default config options here!


I've compiled mplayer from source and then it plays sound (it offers
more audio options).

Thanks!

Re: 4.3 Beta: no sound

[Claus Assmann]

[Thanks for all the answers!]

On Sat, Mar 01, 2008, Jacob Meuser wrote:
 are you speakers plugged into the line-out jack?  these used to only
 kinda play on the mic jack.  the line-out jack should be working fine

According to the docs I found I only tried out and mic, never
in. It works in the in plug which probably means I was looking
at the wrong docs (I have 6 PCs standing around).

However, mplayer still doesn't generate sound, the other programs
(mpg123, xine, vlc) do. Here's the mplayer output:

Opening audio decoder: [mp3lib] MPEG layer-2, layer-3
AUDIO: 32000 Hz, 2 ch, s16le, 32.0 kbit/3.12% (ratio: 4000-128000)
ID_AUDIO_BITRATE=32000
ID_AUDIO_RATE=32000
ID_AUDIO_NCH=2
Selected audio codec: [mp3] afm: mp3lib (mp3lib MPEG layer-2, layer-3)
==
AO: [null] 32000Hz 2ch s16le (2 bytes per sample)
  does that mean no driver?

Should I compile it myself with different a flavor?  (I downloaded
the snapshot packages and installed them).

4.3 Beta: no sound

[Claus Assmann]

I've upgraded one machine to 4.3 Beta (2008-02-23, i386, dmesg
below) and there is no audio anymore (it used to work with 3.8). I
tried to cat an audio file directly to the device:

$ file gong.au
gong.au: Sun/NeXT audio data: 8-bit ISDN u-law, mono, 8000 Hz
$ cat gong.au  /dev/audio
$ cat gong.au  /dev/sound


and mpg123 (playing song36.mp3 with various options),
and mplayer, xine, vlc to play some DVDs: video is shown (even though
mplayer is jerky), but no audio.

What can I check next?

$ mixerctl
outputs.master=199,199
outputs.master.mute=off
outputs.mono=255
outputs.mono.mute=off
outputs.mono.source=mixerout
outputs.headphones=255,255
outputs.headphones.mute=off
outputs.surround=255,255
outputs.surround.mute=off
outputs.center=255
outputs.center.mute=off
outputs.lfe=255
outputs.lfe.mute=off
inputs.speaker=255
inputs.speaker.mute=off
inputs.phone=191
inputs.phone.mute=off
inputs.mic=191
inputs.mic.mute=off
inputs.mic.preamp=off
inputs.mic.source=mic0
inputs.line=191,191
inputs.line.mute=off
inputs.cd=191,191
inputs.cd.mute=off
inputs.video=255,255
inputs.video.mute=off
inputs.aux=191,191
inputs.aux.mute=off
inputs.dac=191,191
inputs.dac.mute=off
record.source=mic
record.volume=255,255
record.volume.mute=off
outputs.extamp=off
# I turned off all mute fields as stated in the FAQ.


OpenBSD 4.3-beta (GENERIC) #663: Sat Feb 23 17:30:07 MST 2008
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: AMD Athlon(tm) 64 Processor 3000+ (AuthenticAMD 686-class, 512KB L2
cache) 2.01 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,MMX,FXSR,SSE,SSE2
cpu0: AMD errata 89, 97 present, BIOS upgrade may be required
real mem  = 535588864 (510MB)
avail mem = 509964288 (486MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 05/04/04, BIOS32 rev. 0 @ 0xf0010,
SMBIOS rev. 2.3 @ 0xf0520 (65 entries)
bios0: vendor American Megatrends Inc. version 1003.001 date 05/04/2004
bios0: ASUSTeK Computer Inc. K8VB
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
acpi at bios0 function 0x0 not configured
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf5cf0/224 (12 entries)
pcibios0: PCI Interrupt Router at 000:17:0 (VIA VT8237 ISA rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc/0xc000 0xcc000/0x4000!
cpu0 at mainbus0
cpu0: Cool'n'Quiet K8 2003 MHz: speeds: 2000 1800 800 MHz
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 VIA K8HTB Host rev 0x01
agp0 at pchb0: v3, aperture at 0xf800, size 0xf00
ppb0 at pci0 dev 1 function 0 VIA K8HTB AGP rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 ATI Radeon VE QY rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
skc0 at pci0 dev 10 function 0 Marvell Yukon 88E8001/8003/8010 rev 0x13,
Yukon Lite rev. A3 (0x7): irq 10
sk0 at skc0 port A: address 00:0e:a6:8e:fc:54
eephy0 at sk0 phy 0: Marvell 88E1011 Gigabit PHY, rev. 5
pciide0 at pci0 dev 15 function 0 VIA VT6420 SATA rev 0x80: DMA
pciide0: using irq 10 for native-PCI interrupt
wd0 at pciide0 channel 0 drive 0: ST3300831AS
wd0: 16-sector PIO, LBA48, 286168MB, 586072368 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
wd1 at pciide0 channel 1 drive 0: ST3300831AS
wd1: 16-sector PIO, LBA48, 286168MB, 586072368 sectors
wd1(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 5
pciide1 at pci0 dev 15 function 1 VIA VT82C571 IDE rev 0x06: ATA133, channel
0 configured to compatibility, channel 1 configured to compatibility
wd2 at pciide1 channel 0 drive 0: ST3650640A
wd2: 16-sector PIO, LBA48, 620018MB, 1269798768 sectors
wd3 at pciide1 channel 0 drive 1: ST3750640A
wd3: 16-sector PIO, LBA48, 715404MB, 1465149168 sectors
wd2(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5
wd3(pciide1:0:1): using PIO mode 4, Ultra-DMA mode 5
atapiscsi0 at pciide1 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: IDE, DVD-ROM 16X, 7.50 SCSI0 5/cdrom
removable
cd0(pciide1:1:0): using PIO mode 4, Ultra-DMA mode 2
uhci0 at pci0 dev 16 function 0 VIA VT83C572 USB rev 0x81: irq 11
uhci1 at pci0 dev 16 function 1 VIA VT83C572 USB rev 0x81: irq 11
uhci2 at pci0 dev 16 function 2 VIA VT83C572 USB rev 0x81: irq 10
uhci3 at pci0 dev 16 function 3 VIA VT83C572 USB rev 0x81: irq 10
ehci0 at pci0 dev 16 function 4 VIA VT6202 USB rev 0x86: irq 5
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 VIA EHCI root hub rev 2.00/1.00 addr 1
viapm0 at pci0 dev 17 function 0 VIA VT8237 ISA rev 0x00
iic0 at viapm0
iic0: addr 0x4a 00=1f 01=03 02=7f 03=07 05=30 06=c0 07=90 08=1f 09=03 0a=7f
0b=07 0d=30 0e=c0 0f=90 10=1f 11=03 12=7f 13=07 15=30 16=c0 17=90 18=1f 19=03
1a=7f 1b=07 1d=30 1e=c0 1f=90 20=1f 21=03 22=7f 23=07 25=30 26=c0 27=90 28=1f
29=03 2a=7f 2b=07 2d=30 2e=c0 2f=90 30=1f 31=03 32=7f 33=07 35=30 36=c0 37=90
38=1f 39=03 3a=7f 3b=07 3d=30 3e=c0 3f=90 40=1f 41=03 42=7f 43=07 

Re: Code signing in OpenBSD

[Claus Assmann]

On Wed, Dec 05, 2007, STeve Andre' wrote:

 Yes, one can dismiss the benefits.  Think about what an MD5 (or any
 other cyptographic) checksum means.  If the OpenBSD site publishes
 that list, how does something more complicated help?

 Answer: it doesn't.

Wrong.

If someone cracks a website, then he can put up a modified binary
and a modified MD5 checksum. Creating a (digital) signature (with
the right key) is significantly more complex.

Using CDs to distribute the code make the attack of course rather
complicated.

Someone actually did the former with sendmail.org (to distribute a
version of sendmail with a backdoor).  The problem was only noted
because users checked the (digital) signature.

Re: Code signing in OpenBSD

[Claus Assmann]

On Wed, Dec 05, 2007, STeve Andre' wrote:
 On Wednesday 05 December 2007 18:22:19 Claus Assmann wrote:

  Someone actually did the former with sendmail.org (to distribute a
  version of sendmail with a backdoor).  The problem was only noted
  because users checked the (digital) signature.

 You know, you're descending into a recursive loop of if, if, if... and
 it never ends.  OF COURSE if someone breaks into the site they could
 do things--once you've lost control of your site all bets are off.  I dare
   

Hmm, did you read what I wrote?

The breakin was detected due to the digital signature.


Anyway, it's obviously up to the OpenBSD developers what they do.