Re: cvs tag usage
free...@edvax.de wrote: If you are interested in the bleeding edge of FreeBSD's development, you follow RELENG_7. This will then deliver the -CURRENT branch to you with all modifications. It may happen that a -CURRENT of today doesn't compile, but tomorrow, it will do. It's considered to be the experimental branch where changes can appear and disappear. Hello, I think you are confusing RELENG_7 with . (as the CVS tag says) or HEAD. RELENG_7 will deliver 7-STABLE, not CURRENT. CURRENT is the bleeding edge. Also: You follow the -STABLE branch of FreeBSD 7.2 and will always get the latest *stable* 7.2 sources, but won't reach 7.3 with this setting. That's not quite right. 7.3 is just a point along the 7-STABLE path. For example, if you tracked STABLE via RELENG_7 starting with, say, FreeBSD 7.1, your system would have run 7.2 at some point, and then beyond it. Tracking STABLE isn't like using CVSup or Csup to reach RELENG_7_2_0 or RELENG_7_2, but you eventually get the 7.2 functionality by tracking RELENG_7. For example, start with 7.1 from CD: fbsd71toS# uname -a FreeBSD fbsd71toS.taosecurity.com 7.1-RELEASE FreeBSD 7.1-RELEASE #0: Thu Jan 1 14:37:25 UTC 2009 r...@logan.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 After Csup to RELENG_7, you get fbsd71toS# uname -a FreeBSD fbsd71toS.taosecurity.com 7.2-STABLE FreeBSD 7.2-STABLE #0: Sat Aug 22 23:02:30 EDT 2009 r...@fbsd71tos.taosecurity.com:/usr/obj/usr/src/sys/FREEBSD7 i386 As you can see, it's not theoretical -- I ran this test this weekend. :) Thank you, Richard ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: freebsd-update defaults and restrictions
Gayn Winters wrote: Bejtlich states that the KEY and the URL in the .conf file are cooked to get updates from Colin's site, and to use the sample file if you trust [Colin] to securely build binary updates for you to blindly install ... Aside from Bejtlich's obvious tongue-in-cheek negativity (they are both security guys after all, and Colin is the FreeBSD security officer), are there other possible sites for updates? Hello, If you take a look at the text you're quoting, you'll notice that it's output from installing freebsd-update. I did not need to apply any obvious tongue-in-cheek negativity in my article -- those are Colin's words! I have the utmost respect for Colin; he's been very helpful in the community. Also, when I wrote the original article (Dec 04), Colin was not the security officer. That didn't happen until Aug 05, which is still after the date on the current article (Apr 05). For the latest info, you might like to read my article published in the Feb 06 Sys Admin magazine on Keeping FreeBSD Up-to-Date. To your questions -- I don't know of any sites beyond Colin's that provide updates at this time. If we see freebsd-update moved into the base system, I expect to see freebsd.org mirrors carrying them. It would be nice to have updates for non-i386 platforms, too. I defer to Colin for your other queries. Sincerely, Richard ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Answers: Keeping FreeBSD Applications Up-To-Date
Three weeks ago I posted notification of my article Keeping FreeBSD Up-To-Date. Today I am happy to announce the publication at TaoSecurity.com of Keeping FreeBSD Applications Up-To-Date: http://www.taosecurity.com/keeping_freebsd_applications_up-to-date.html The new article takes the same case-based approach I used in the first paper. The article's sections include: - Introduction - Installation Using Source Code - Installation Using the FreeBSD Ports Tree - Installation Using Precompiled Packages - Updating Applications Installed from Source Code - Updating Packages by Deletion and Addition - Updating the Ports Tree, Part 1 - Manually Updating a Package Using the Ports Tree - Updating Packages with Portupgrade, Part 1 - Updating Packages with Portupgrade, Part 2 - Updating the Ports Tree, Part 2 - My Common Package Update Process - Creating Packages on One System and Installing Them Elsewhere - Addressing Security Issues in Packages - Conclusion - Acknowledgements - References Sections show commands to run, explanations of what they do, sample output, applications versions, and pros and cons of each upgrade method. Please send feedback to taosecurity at gmail dot com. Thank you, Richard Bejtlich ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Answers: Keeping FreeBSD Applications Up-To-Date
On Fri, 24 Dec 2004 23:00:25 +0100, Jorn Argelo [EMAIL PROTECTED] wrote: Hi Richard, It looks good. However, it would be nice if you actually wrapped the text to make it readable. Hi Jorn, I realized I missed a closing tag when I posted the file. It should render properly now. Thank you for your feedback! Richard ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Answers: Keeping FreeBSD Up-To-Date
Here's (hopefully) some answers for once, rather than more questions! I am happy to announce the publication at TaoSecurity.com of 'Keeping FreeBSD Up-To-Date': http://www.taosecurity.com/keeping_freebsd_up-to-date.html I wrote this article to answer questions I've received over the past few months on how to apply security fixes to a FreeBSD system. While the official Handbook is excellent, I thought a case-study approach would be enlightening for some readers. I thought it would be interesting to see a box begin life as FreeBSD 5.2.1 RELEASE, and then progress through a variety of security fixes applied in different ways. The article's sections include: - Introduction - FreeBSD Versions - Learning About Security Issues - Starting with the Installation - Binary OS and Userland Updates with FreeBSD Update - Applying Kernel Patches Manually - Applying Userland Patches Manually, Part 1 - Applying Userland Patches Manually, Part 2 - CVSup to 5_2 Security Branch - Beyond the Security Branch - STABLE: The End of the Line - The Next STABLE - Conclusion - Acknowledgements - References Sections show commands to run, explanations of what they do, sample output, uname versions, and pros and cons of each upgrade method. Please send feedback to taosecurity at gmail dot com. Thank you, Richard Bejtlich ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
USB 2.0 reporting 1.000MB/s transfers?
Hello, I am troubleshooting a Plextor 708UF DVD burner[0] on FreeBSD CURRENT: neely:/home/richard$ uname -a FreeBSD neely.taosecurity.com 5.2-CURRENT FreeBSD 5.2-CURRENT #1: Sat Jun 5 20:35:43 EDT 2004 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/neely i386 The box is a Shuttle SB52G2[1] with built-in USB 2.0 ports and an Adaptec DuoConnect FireWire/USB 2.0 PCI adapter.[2] dmesg reports it as NEC uPD 9210 USB controller. My entire dmesg and kernel config output are below, but I seem to only get 1 MB/s as reported by dmesg: cd1 at sbp0 bus 0 target 0 lun 0 cd1: PLEXTOR DVDR PX-708A 1.06 Removable CD-ROM SCSI-0 device cd1: 50.000MB/s transfers cd1: Attempt to query device size failed: NOT READY, Medium not present - tray closed The kernel has ehci compiled into it. Any ideas? Hopefully I missed something obvious. Thank you, Richard [0] http://www.plextor.com/english/products/708UF.html [1] http://us.shuttle.com/specs2.asp?pro_id=264 [2] http://www.adaptec.com/worldwide/product/proddetail.html?sess=nolanguage=English+USprodkey=AUA-3020cat=%2fTechnology%2fUSB%2fUSB+%26+FireWire+Combo+Cards entire dmesg output: Copyright (c) 1992-2004 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 5.2-CURRENT #1: Sat Jun 5 20:35:43 EDT 2004 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/neely Preloaded elf kernel /boot/kernel/kernel at 0xc0953000. Preloaded elf module /boot/kernel/acpi.ko at 0xc09531f4. Timecounter i8254 frequency 1193182 Hz quality 0 CPU: Intel(R) Celeron(R) CPU 2.00GHz (1996.60-MHz 686-class CPU) Origin = GenuineIntel Id = 0xf27 Stepping = 7 Features=0xbfebfbffFPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CM OV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE real memory = 528416768 (503 MB) avail memory = 507400192 (483 MB) random: entropy source, Software, Yarrow Pentium Pro MTRR support enabled npx0: [FAST] npx0: math processor on motherboard npx0: INT 16 interface acpi0: IntelR AWRDACPI on motherboard acpi0: [GIANT-LOCKED] pcibios: BIOS version 2.10 acpi0: Power Button (fixed) Timecounter ACPI-fast frequency 3579545 Hz quality 1000 acpi_timer0: 24-bit timer at 3.579545MHz port 0x408-0x40b on acpi0 cpu0: ACPI CPU on acpi0 acpi_tz0: Thermal Zone on acpi0 acpi_button0: Power Button on acpi0 pcib0: ACPI Host-PCI bridge port 0xcf8-0xcff on acpi0 pci0: ACPI PCI bus on pcib0 pcib0: slot 2 INTA is routed to irq 11 pcib0: slot 29 INTA is routed to irq 11 pcib0: slot 29 INTB is routed to irq 5 pcib0: slot 29 INTC is routed to irq 10 pcib0: slot 29 INTD is routed to irq 9 pcib0: slot 31 INTB is routed to irq 9 pcib0: slot 31 INTB is routed to irq 9 agp0: Intel 82845G (845G GMCH) SVGA controller mem 0xe820-0xe827,0xe000 -0xe7ff irq 11 at device 2.0 on pci0 agp0: detected 8060k stolen memory agp0: aperture size is 128M uhci0: Intel 82801DB (ICH4) USB controller USB-A port 0xd800-0xd81f irq 11 at device 29.0 on pci0 uhci0: [GIANT-LOCKED] usb0: Intel 82801DB (ICH4) USB controller USB-A on uhci0 usb0: USB revision 1.0 uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1: Intel 82801DB (ICH4) USB controller USB-B port 0xd000-0xd01f irq 5 at device 29.1 on pci0 uhci1: [GIANT-LOCKED] usb1: Intel 82801DB (ICH4) USB controller USB-B on uhci1 usb1: USB revision 1.0 uhub1: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2: Intel 82801DB (ICH4) USB controller USB-C port 0xd400-0xd41f irq 10 at device 29.2 on pci0 uhci2: [GIANT-LOCKED] usb2: Intel 82801DB (ICH4) USB controller USB-C on uhci2 usb2: USB revision 1.0 uhub2: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered ehci0: EHCI (generic) USB 2.0 controller mem 0xe828-0xe82803ff irq 9 at device 29.7 on pci0 ehci0: [GIANT-LOCKED] ehci_pci_attach: companion usb0 ehci_pci_attach: companion usb1 ehci_pci_attach: companion usb2 usb3: EHCI version 1.0 usb3: companion controllers, 2 ports each: usb0 usb1 usb2 usb3: EHCI (generic) USB 2.0 controller on ehci0 usb3: USB revision 2.0 uhub3: Intel EHCI root hub, class 9/0, rev 2.00/1.00, addr 1 uhub3: 6 ports with 6 removable, self powered pcib1: ACPI PCI-PCI bridge at device 30.0 on pci0 pci1: ACPI PCI bus on pcib1 pcib1: slot 9 INTA is routed to irq 5 pcib1: slot 10 INTA is routed to irq 10 pcib2: PCI-PCI bridge at device 5.0 on pci1 pci2: PCI bus on pcib2 pcib1: slot 5 INTA is routed to irq 9 pcib2: slot 8 INTA is routed to irq 9 pcib1: slot 5 INTB is routed to irq 10 pcib2: slot 8 INTB is routed to irq 10 pcib1: slot 5 INTC is routed to irq 5 pcib2: slot 8 INTC is routed to irq 5 pcib1: slot 5 INTA is routed to irq 9 pcib2: slot 12 INTA is routed to irq 9 ohci0: NEC uPD 9210 USB controller mem 0xe8007000-0xe8007fff irq 9 at device 8.0 on pci2 ohci0: [GIANT-LOCKED] usb4: OHCI
Correction: USB 2.0 reporting 1.000MB/s transfers?
Hello, I included the wrong dmesg snippet in my original post. When I showed the following, I used an excerpt for the DVD burner connected via _FireWire_: -- cd1 at sbp0 bus 0 target 0 lun 0 cd1: PLEXTOR DVDR PX-708A 1.06 Removable CD-ROM SCSI-0 device cd1: 50.000MB/s transfers cd1: Attempt to query device size failed: NOT READY, Medium not present - tray closed -- As the complete dmesg from the first post showed, with _USB_ I only get 1.000MB/s: cd2 at umass-sim0 bus 0 target 0 lun 0 cd2: PLEXTOR DVDR PX-708A 1.06 Removable CD-ROM SCSI-0 device cd2: 1.000MB/s transfers cd2: Attempt to query device size failed: NOT READY, Medium not present - tray closed Sorry for the confusion! Thank you, Richard __ Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger. http://messenger.yahoo.com/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Install gettext-0.12.1 and gettext-0.13 simultaneously?
Hello, I have a question on resolving port dependencies. I have several tools installed which depend on gettext-0.13: ORBit-0.5.17_1 bison-1.75_1 ethereal-0.10.0a_1 fvwm-themes-0.6.1_1 gmake-3.80_1 gtk-1.2.10_10 mozilla-1.6_1,2 openoffice-1.1.0_1 popt-1.6.4_1 rpm-3.0.6_8 wget-1.8.2_5 I am trying to install /usr/ports/net/wistumbler2 but it needs gettext-0.12.1: === Installing for gettext-0.12.1 === gettext-0.12.1 conflicts with installed package(s): gettext-0.13 They install files into the same place. Please remove them first with pkg_delete(1). *** Error code 1 Stop in /usr/ports/devel/gettext-old. *** Error code 1 Stop in /usr/ports/devel/glib20. *** Error code 1 Stop in /usr/ports/net/wistumbler2. I've encountered the same with /usr/ports/games/freeciv-gtk2. How do I deal with this conflict? Do I tell one of the ports to install elsewhere? If so, how, and how do I let ports with dependencies know where to look? Thank you, Richard http://www.taosecurity.com Ref: orr# uname -a FreeBSD orr.taosecurity.com 5.2-RELEASE FreeBSD 5.2-RELEASE #0: Sun Jan 11 04:21:45 GMT 2004 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC i386 orr# ls -al /usr/ports/INDEX* -rw-r--r-- 1 root wheel 4539444 Jan 21 13:14 /usr/ports/INDEX -rw-r--r-- 1 root wheel 4726008 Jan 23 23:07 /usr/ports/INDEX-5 -rw-r--r-- 1 root wheel 9904128 Jan 23 23:07 /usr/ports/INDEX.db __ Do you Yahoo!? Yahoo! SiteBuilder - Free web site building tool. Try it! http://webhosting.yahoo.com/ps/sb/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Dynamic DNS Updates
Hello Evan, If you decide to use a provider like dyndns.org, you can use the ipcheck port (http://ipcheck.sf.net) to keep your IP address and hostname in sync. Sincerely, Richard Bejtlich http://www.taosecurity.com __ Do you Yahoo!? Free Pop-Up Blocker - Get it now http://companion.yahoo.com/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Networking Questions
Hello Bryan Cassidy, You might save yourself some trouble by buying a very cheap ready-to-go appliance router like the NR041 for $32.99 from Buy.com: http://www.buy.com/retail/product_jump.asp?sku=10329936SearchEngine=yaSearchTerm=10329936Type=1103Category=Compdcaid=17194 I carry one to client sites as it's no bigger than a standard 4 port hub. (I build and use my own FreeBSD gateways at home.) I think you might prefer using a dedicated device until you're more comfortable with networking. Sincerely, Richard Bejtlich http://taosecurity.com __ Do you Yahoo!? Free Pop-Up Blocker - Get it now http://companion.yahoo.com/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]