print time_t with %lld in last(1)
Index: last.c === RCS file: /cvs/src/usr.bin/last/last.c,v retrieving revision 1.39 diff -u -p -r1.39 last.c --- last.c 22 Aug 2013 04:43:40 - 1.39 +++ last.c 27 Feb 2014 13:55:22 - @@ -266,8 +266,8 @@ wtmp(void) */ if (want(bp, NO)) { if (seconds) { - snprintf(tim, sizeof tim, %ld, - (long)bp-ut_time); + snprintf(tim, sizeof tim, %lld, + (long long)bp-ut_time); } else { ct = ctime(bp-ut_time); snprintf(tim, sizeof tim, @@ -296,8 +296,8 @@ wtmp(void) !bp-ut_line[1]) { if (want(bp, NO)) { if (seconds) { - snprintf(tim, sizeof tim, %ld, - (long)bp-ut_time); + snprintf(tim, sizeof tim, %lld, + (long long)bp-ut_time); } else { ct = ctime(bp-ut_time); snprintf(tim, sizeof tim, @@ -339,8 +339,8 @@ wtmp(void) T-logout 0 { snapfound = 1; if (seconds) { - snprintf(tim, sizeof tim, %ld, - (long)bp-ut_time); + snprintf(tim, sizeof tim, %lld, + (long long)bp-ut_time); } else { ct = ctime(bp-ut_time); snprintf(tim, sizeof tim, @@ -361,8 +361,8 @@ wtmp(void) printf(- %s, crmsg); } else { if (seconds) - printf(- %ld, - (long)T-logout); + printf(- %lld, + (long long)T-logout); else printf(- %*.*s, timesize, timesize, @@ -370,7 +370,7 @@ wtmp(void) } delta = T-logout - bp-ut_time; if (seconds) - printf( (%ld)\n, (long)delta); + printf( (%lld)\n, (long long)delta); else { if (delta SECSPERDAY) printf( (%*.*s)\n,
security(8): check for nobody in /etc/ftpusers
Or should this check removed completely? Index: security === RCS file: /cvs/src/libexec/security/security,v retrieving revision 1.23 diff -u -p -r1.23 security --- security21 Mar 2013 09:37:37 - 1.23 +++ security23 Mar 2014 18:07:11 - @@ -287,11 +287,11 @@ sub check_ksh { } } -# Root and uucp should both be in /etc/ftpusers. +# nobody should be in /etc/ftpusers. sub check_ftpusers { my $filename = '/etc/ftpusers'; nag !(open my $fh, '', $filename), open: $filename: $! and return; - my %banned = qw(root 1 uucp 1); + my %banned = qw(nobody 1); while ($fh) { chomp; delete $banned{$_};
HEADS UP: librt revert
kili@ just committed a revert of the librt addition in src and corresponding patches in ports. If you've built a tree with librt, you want to # rm -f /usr/lib/librt.a This lib was added to facilitate porting software, as posix asks for it. but since it's only a stub, it was only added as a static library. No-one would approve a shared library, as that would waste space. Unfortunately, libtool (ours and gnu's) don't cope well with static-only libraries. The untested commit of librt in source broke the ports tree. Specifically, programs such as x11/vlc, multimedia/xine-lib, or lang/php would no longer build (all 3 are using mutant versions of gnu libtool). It's possible further breakage would happen, but those 3 were broken. After almost a week (!), there has been exactly zero activity to fix the breakage. No-one volunteered to do the requisite patches, and well, these ports are not exactly low profile, we need a ports tree in working condition to be able to conduct other work (such as the pending update to perl, or some other clean-up work). So for now, the librt experiment got reverted. Maybe temporarily (). If people really want it in, they had better be willing to figure out how to fix the libtool breakage first...
Re: HEADS UP: librt revert
On Sun, Mar 23, 2014 at 10:34 PM, Marc Espie es...@nerim.net wrote: kili@ just committed a revert of the librt addition in src and corresponding patches in ports. If you've built a tree with librt, you want to # rm -f /usr/lib/librt.a This lib was added to facilitate porting software, as posix asks for it. but since it's only a stub, it was only added as a static library. No-one would approve a shared library, as that would waste space. Unfortunately, libtool (ours and gnu's) don't cope well with static-only libraries. The untested commit of librt in source broke the ports tree. Specifically, programs such as x11/vlc, multimedia/xine-lib, or lang/php would no longer build (all 3 are using mutant versions of gnu libtool). It's possible further breakage would happen, but those 3 were broken. After almost a week (!), there has been exactly zero activity to fix the breakage. No-one volunteered to do the requisite patches, and well, these ports are not exactly low profile, we need a ports tree in working condition to be able to conduct other work (such as the pending update to perl, or some other clean-up work). That's very sad. I get the impression that there aren't many active developers (?) So for now, the librt experiment got reverted. Maybe temporarily (). If people really want it in, they had better be willing to figure out how to fix the libtool breakage first... -- This message is strictly personal and the opinions expressed do not represent those of my employers, either past or present.
Re: HEADS UP: librt revert
On Sun, Mar 23, 2014 at 10:46 PM, Loganaden Velvindron logana...@gmail.com wrote: On Sun, Mar 23, 2014 at 10:34 PM, Marc Espie es...@nerim.net wrote: kili@ just committed a revert of the librt addition in src and corresponding patches in ports. If you've built a tree with librt, you want to # rm -f /usr/lib/librt.a This lib was added to facilitate porting software, as posix asks for it. but since it's only a stub, it was only added as a static library. No-one would approve a shared library, as that would waste space. Unfortunately, libtool (ours and gnu's) don't cope well with static-only libraries. The untested commit of librt in source broke the ports tree. Specifically, programs such as x11/vlc, multimedia/xine-lib, or lang/php would no longer build (all 3 are using mutant versions of gnu libtool). It's possible further breakage would happen, but those 3 were broken. After almost a week (!), there has been exactly zero activity to fix the breakage. No-one volunteered to do the requisite patches, and well, these ports are not exactly low profile, we need a ports tree in working condition to be able to conduct other work (such as the pending update to perl, or some other clean-up work). That's very sad. I get the impression that there aren't many active developers (?) Sorry, this shouldn't have been sent :-( Please ignore. So for now, the librt experiment got reverted. Maybe temporarily (). If people really want it in, they had better be willing to figure out how to fix the libtool breakage first... -- This message is strictly personal and the opinions expressed do not represent those of my employers, either past or present. -- This message is strictly personal and the opinions expressed do not represent those of my employers, either past or present.
Re: HEADS UP: librt revert
On Sun, Mar 23, 2014 at 10:46:08PM +0400, Loganaden Velvindron wrote: On Sun, Mar 23, 2014 at 10:34 PM, Marc Espie es...@nerim.net wrote: kili@ just committed a revert of the librt addition in src and corresponding patches in ports. If you've built a tree with librt, you want to # rm -f /usr/lib/librt.a This lib was added to facilitate porting software, as posix asks for it. but since it's only a stub, it was only added as a static library. No-one would approve a shared library, as that would waste space. Unfortunately, libtool (ours and gnu's) don't cope well with static-only libraries. The untested commit of librt in source broke the ports tree. Specifically, programs such as x11/vlc, multimedia/xine-lib, or lang/php would no longer build (all 3 are using mutant versions of gnu libtool). It's possible further breakage would happen, but those 3 were broken. After almost a week (!), there has been exactly zero activity to fix the breakage. No-one volunteered to do the requisite patches, and well, these ports are not exactly low profile, we need a ports tree in working condition to be able to conduct other work (such as the pending update to perl, or some other clean-up work). That's very sad. I get the impression that there aren't many active developers (?) No, it's more a question of people being busy with other things at times. There is a flurry of important activity in preparation for various things. It's one of those times when having a tree that works is important. A week is an fairly long time for the tree to stay broken, in OpenBSD terms. The revert is a pain, but much less pain than figuring out what to do to get the affected ports to build again in a clean fashion. And again, the concerned people were not available to do timely fixes. As for myself, for instance, I'm busy with perl 5.18, and there are some interesting new features (randomization of the hash function) that have exposed other interesting problems in our libtool... you can't wage a war on several fronts. The librt breakage was fairly distracting for a group of people that are working on other stuff. After a while, you just have to do something that lets the tree build.
to fault or not to fault
Our vm system has some optimization logic which, when servicing a page fault, attempts to fault the neighbouring pages, if this is expected to speed things up on the long term. That logic is controlled by the madvise() state of the memory area being faulted in, with the defaults being that device mappings (being mmap'ed) use MADV_RANDOM, while other mappings (such as binaries being faulted in on-demand) use MADV_NORMAL. The current logic is borrowed from FreeBSD, about 15 years ago, and goes like this: - for MADV_RANDOM areas, do not try to fault any other page. - for MADV_NORMAL areas, try to fault the 3 preceding pages and the 4 following pages. - for MADV_SEQUENTIAL areas (which do not exist unless explicit madvise() calls are performed), try to fault the 8 preceding pages and the 7 following pages. These values were choosen because they seemed to work best, back when FreeBSD was only running on i386 systems, with 4KB pages. However, OpenBSD runs on many platforms, some of which use 8KB and 16KB pages. Keeping these fixed numbers causes a lot of disk I/O on large page platforms. The following diff builds the numbers of neighbouring pages to be faulted at run-time, depending upon the actual page size, to achieve the same *sizes* being faulted, rather than the same *number of pages*. This has little-to-no measurable effect on recent systems (because most operations are cpu bound rather than i/o bound). I am undecided whether this is worth doing - unless maybe except for getting rid of a KASSERT() in a frequently run code path. However, this could be a start towards better finetuning (especially on some older platforms, such as luna88k, which lack a DMA controller and where every I/O is expensive). Comments? Index: uvm_fault.c === RCS file: /cvs/src/sys/uvm/uvm_fault.c,v retrieving revision 1.69 diff -u -p -r1.69 uvm_fault.c --- uvm_fault.c 30 May 2013 18:02:04 - 1.69 +++ uvm_fault.c 22 Mar 2014 21:32:19 - @@ -152,22 +152,15 @@ */ struct uvm_advice { - int advice; int nback; int nforw; }; /* - * page range array: - * note: index in array must match advice value - * XXX: borrowed numbers from freebsd. do they work well for us? + * page range array: set up in uvmfault_init(). */ -static struct uvm_advice uvmadvice[] = { - { MADV_NORMAL, 3, 4 }, - { MADV_RANDOM, 0, 0 }, - { MADV_SEQUENTIAL, 8, 7}, -}; +static struct uvm_advice uvmadvice[UVM_ADV_MASK + 1]; #define UVM_MAXRANGE 16/* must be max() of nback+nforw+1 */ @@ -220,6 +213,32 @@ uvmfault_anonflush(struct vm_anon **anon */ /* + * uvmfault_init: compute proper values for the uvmadvice[] array. + */ + +void +uvmfault_init() +{ + int npages; + + if (uvmexp.pageshift = 14) { + npages = 1 (14 - uvmexp.pageshift); + KASSERT(npages = UVM_MAXRANGE / 2); + + uvmadvice[UVM_ADV_NORMAL].nforw = npages; + uvmadvice[UVM_ADV_NORMAL].nback = npages - 1; + } + + if (uvmexp.pageshift = 15) { + npages = 1 (15 - uvmexp.pageshift); + KASSERT(npages = UVM_MAXRANGE / 2); + + uvmadvice[UVM_ADV_SEQUENTIAL].nforw = npages - 1; + uvmadvice[UVM_ADV_SEQUENTIAL].nback = npages; + } +} + +/* * uvmfault_amapcopy: clear needs_copy in a map. * * = if we are out of RAM we sleep (waiting for more) @@ -687,8 +706,6 @@ ReFault: if (narrow == FALSE) { /* wide fault (!narrow) */ - KASSERT(uvmadvice[ufi.entry-advice].advice == -ufi.entry-advice); nback = min(uvmadvice[ufi.entry-advice].nback, (ufi.orig_rvaddr - ufi.entry-start) PAGE_SHIFT); startva = ufi.orig_rvaddr - (nback PAGE_SHIFT); Index: uvm_fault.h === RCS file: /cvs/src/sys/uvm/uvm_fault.h,v retrieving revision 1.13 diff -u -p -r1.13 uvm_fault.h --- uvm_fault.h 25 Mar 2009 20:00:18 - 1.13 +++ uvm_fault.h 22 Mar 2014 21:32:20 - @@ -72,6 +72,7 @@ struct uvm_faultinfo { * fault prototypes */ +void uvmfault_init(void); boolean_t uvmfault_lookup(struct uvm_faultinfo *, boolean_t); boolean_t uvmfault_relock(struct uvm_faultinfo *); Index: uvm_init.c === RCS file: /cvs/src/sys/uvm/uvm_init.c,v retrieving revision 1.30 diff -u -p -r1.30 uvm_init.c --- uvm_init.c 15 Mar 2012 17:52:28 - 1.30 +++ uvm_init.c 22 Mar 2014 21:32:20 - @@ -114,6 +114,12 @@ uvm_init(void) uvm_km_init(kvm_start, kvm_end); /* +* step 4.5: init (tune) the fault recovery code. +*/ + + uvmfault_init(); + + /* * step 5: init the pmap module. the pmap module is free to allocate * memory for its
Re: to fault or not to fault
On Sun, Mar 23, 2014 at 19:45, Miod Vallat wrote: The current logic is borrowed from FreeBSD, about 15 years ago, and goes like this: - for MADV_RANDOM areas, do not try to fault any other page. - for MADV_NORMAL areas, try to fault the 3 preceding pages and the 4 following pages. - for MADV_SEQUENTIAL areas (which do not exist unless explicit madvise() calls are performed), try to fault the 8 preceding pages and the 7 following pages. Back faulting, particularly in the case of sequential advice, seems strange. But we can fiddle with that later. + if (uvmexp.pageshift = 14) { + npages = 1 (14 - uvmexp.pageshift); + KASSERT(npages = UVM_MAXRANGE / 2); + + uvmadvice[UVM_ADV_NORMAL].nforw = npages; + uvmadvice[UVM_ADV_NORMAL].nback = npages - 1; + } + + if (uvmexp.pageshift = 15) { + npages = 1 (15 - uvmexp.pageshift); + KASSERT(npages = UVM_MAXRANGE / 2); + + uvmadvice[UVM_ADV_SEQUENTIAL].nforw = npages - 1; + uvmadvice[UVM_ADV_SEQUENTIAL].nback = npages; + } +} These calculations strike me as weird. Also, I think there's a bug. nback should always be the -1 value, right? Oh, wait, it was like that. Even stranger. The following would be much more clear to me. The point is to fault in a constant amount of data in bytes, no? Make that explicit. uvmadvice[NORMAL].nforw = 16384 / PAGESIZE; uvmadvice[NORMAL].nback = 12288 / PAGESIZE; uvmadvice[SEQ].nforw = 32768 / PAGESIZE; uvmadvice[SEQ].nback = 28672 / PAGESIZE; That replicates the existing code, more or less.
Re: to fault or not to fault
These calculations strike me as weird. Also, I think there's a bug. nback should always be the -1 value, right? Oh, wait, it was like that. Even stranger. I think the nback = 8 nforw = 7 was a bug, to begin with, but this diff attempts to first reach a status quo, for 4KB page size platforms. Changing this to nback = 7 nforw = 8 (assuming this is indeed the right thing to do) would be a second step. The following would be much more clear to me. The point is to fault in a constant amount of data in bytes, no? Make that explicit. uvmadvice[NORMAL].nforw = 16384 / PAGESIZE; uvmadvice[NORMAL].nback = 12288 / PAGESIZE; uvmadvice[SEQ].nforw = 32768 / PAGESIZE; uvmadvice[SEQ].nback = 28672 / PAGESIZE; That replicates the existing code, more or less. Except that 1. this is ugly unless you express the values in hex, as noone can spot these are multiples of 4096 in decimal, and 2. I think it is more important to make clear that nback == nforw - 1 (or + 1 in the SEQ case), regardless of the page size (unless page sizes are so huge both values are zero).
Re: to fault or not to fault
On Sun, Mar 23, 2014 at 20:10, Miod Vallat wrote: Except that 1. this is ugly unless you express the values in hex, as noone can spot these are multiples of 4096 in decimal, and 2. I think it is more important to make clear that nback == nforw - 1 (or + 1 in the SEQ case), regardless of the page size (unless page sizes are so huge both values are zero). Oh, I reached the opposite conclusion. :) Regardless of page size, the amount (in bytes) to be read should be the same. The tight coupling is not a feature. Your diff actually makes future tuning more difficult, imo, but given that nobody has appeared to care and it makes your computer better, I won't object too strenuously.
remove ftpd/sshd libwrap support
This removes libwrap support from ftpd and sshd. Index: libexec/ftpd/Makefile === RCS file: /cvs/src/libexec/ftpd/Makefile,v retrieving revision 1.24 diff -u -p -r1.24 Makefile --- libexec/ftpd/Makefile 15 Jun 2005 16:13:27 - 1.24 +++ libexec/ftpd/Makefile 23 Mar 2014 21:27:13 - @@ -24,10 +24,4 @@ CPPFLAGS+=-DINET6 LDADD+=-lutil DPADD+=${LIBUTIL} -.if (${TCP_WRAPPERS:L} == yes) -CFLAGS+=-DTCPWRAPPERS -LDADD+=-lwrap -DPADD+=${LIBWRAP} -.endif - .include bsd.prog.mk Index: libexec/ftpd/ftpd.c === RCS file: /cvs/src/libexec/ftpd/ftpd.c,v retrieving revision 1.202 diff -u -p -r1.202 ftpd.c --- libexec/ftpd/ftpd.c 17 Mar 2014 23:23:37 - 1.202 +++ libexec/ftpd/ftpd.c 23 Mar 2014 21:27:53 - @@ -101,10 +101,6 @@ #include utmp.h #include poll.h -#if defined(TCPWRAPPERS) -#include tcpd.h -#endif /* TCPWRAPPERS */ - #include pathnames.h #include monitor.h #include extern.h @@ -169,11 +165,6 @@ static login_cap_t *lc; static auth_session_t *as; static volatile sig_atomic_t recvurg; -#if defined(TCPWRAPPERS) -intallow_severity = LOG_INFO; -intdeny_severity = LOG_NOTICE; -#endif /* TCPWRAPPERS */ - int epsvall = 0; /* @@ -229,9 +220,6 @@ static int send_data(FILE *, FILE *, of static struct passwd * sgetpwnam(char *, struct passwd *); static void reapchild(int); -#if defined(TCPWRAPPERS) -static int check_host(struct sockaddr *); -#endif /* TCPWRAPPERS */ static void usage(void); voidlogxfer(char *, off_t, time_t); @@ -530,11 +518,6 @@ main(int argc, char *argv[]) (void)dup2(fd, STDOUT_FILENO); for (i = 0; i n; i++) close(fds[i]); -#if defined(TCPWRAPPERS) - /* ..in the child. */ - if (!check_host((struct sockaddr *)his_addr)) - exit(1); -#endif /* TCPWRAPPERS */ } else { addrlen = sizeof(his_addr); if (getpeername(0, (struct sockaddr *)his_addr, @@ -2890,37 +2873,6 @@ set_slave_signals(void) syslog(LOG_ERR, fcntl F_SETOWN: %m); #endif } - -#if defined(TCPWRAPPERS) -static int -check_host(struct sockaddr *sa) -{ - struct sockaddr_in *sin; - struct hostent *hp; - char *addr; - - if (sa-sa_family != AF_INET) - return 1; /*XXX*/ - - sin = (struct sockaddr_in *)sa; - hp = gethostbyaddr((char *)sin-sin_addr, - sizeof(struct in_addr), AF_INET); - addr = inet_ntoa(sin-sin_addr); - if (hp) { - if (!hosts_ctl(ftpd, hp-h_name, addr, STRING_UNKNOWN)) { - syslog(LOG_NOTICE, tcpwrappers rejected: %s [%s], - hp-h_name, addr); - return (0); - } - } else { - if (!hosts_ctl(ftpd, STRING_UNKNOWN, addr, STRING_UNKNOWN)) { - syslog(LOG_NOTICE, tcpwrappers rejected: [%s], addr); - return (0); - } - } - return (1); -} -#endif /* TCPWRAPPERS */ /* * Allocate space and return a copy of the specified dir. Index: usr.bin/ssh/sshd.8 === RCS file: /cvs/src/usr.bin/ssh/sshd.8,v retrieving revision 1.273 diff -u -p -r1.273 sshd.8 --- usr.bin/ssh/sshd.8 7 Dec 2013 11:58:46 - 1.273 +++ usr.bin/ssh/sshd.8 23 Mar 2014 21:29:30 - @@ -824,12 +824,6 @@ the user's home directory becomes access This file should be writable only by the user, and need not be readable by anyone else. .Pp -.It Pa /etc/hosts.allow -.It Pa /etc/hosts.deny -Access controls that should be enforced by tcp-wrappers are defined here. -Further details are described in -.Xr hosts_access 5 . -.Pp .It Pa /etc/hosts.equiv This file is for host-based authentication (see .Xr ssh 1 ) . @@ -933,7 +927,6 @@ The content of this file is not sensitiv .Xr ssh-keygen 1 , .Xr ssh-keyscan 1 , .Xr chroot 2 , -.Xr hosts_access 5 , .Xr login.conf 5 , .Xr moduli 5 , .Xr sshd_config 5 , Index: usr.bin/ssh/sshd.c === RCS file: /cvs/src/usr.bin/ssh/sshd.c,v retrieving revision 1.420 diff -u -p -r1.420 sshd.c --- usr.bin/ssh/sshd.c 26 Feb 2014 21:53:37 - 1.420 +++ usr.bin/ssh/sshd.c 23 Mar 2014 21:28:56 - @@ -106,13 +106,6 @@ #include ssh-sandbox.h #include version.h -#ifdef LIBWRAP -#include tcpd.h -#include syslog.h -int allow_severity = LOG_INFO; -int deny_severity = LOG_WARNING; -#endif /* LIBWRAP */ - #ifndef O_NOCTTY #define O_NOCTTY 0 #endif @@ -1918,23 +1911,6 @@ main(int ac, char **av) * the socket goes away. */ remote_ip = get_remote_ipaddr(); - -#ifdef LIBWRAP - /* Check whether logins are
Re: HEADS UP: librt revert
On 03/23/14 14:34, Marc Espie wrote: kili@ just committed a revert of the librt addition in src and corresponding patches in ports. If you've built a tree with librt, you want to # rm -f /usr/lib/librt.a Shouldn't that be librt*a to get rid of librt_p.a too? --STeve Andre'
Re: HEADS UP: librt revert
On Sun, Mar 23, 2014 at 05:05:06PM -0400, STeve Andre' wrote: On 03/23/14 14:34, Marc Espie wrote: kili@ just committed a revert of the librt addition in src and corresponding patches in ports. If you've built a tree with librt, you want to # rm -f /usr/lib/librt.a Shouldn't that be librt*a to get rid of librt_p.a too? Yep, it should. Though it's less likely to cause issues...
Re: security(8): check for nobody in /etc/ftpusers
Hi Arto, Arto Jonsson wrote on Sun, Mar 23, 2014 at 08:09:02PM +0200: Or should this check removed completely? Yes, and Gleydson Soares has Andrew's and my OK for removing check_ftpusers() completely. I don't think checking for nobody is needed. Hopefully, nobody will have no password set up, anyway. Yours, Ingo Index: security === RCS file: /cvs/src/libexec/security/security,v retrieving revision 1.23 diff -u -p -r1.23 security --- security 21 Mar 2013 09:37:37 - 1.23 +++ security 23 Mar 2014 18:07:11 - @@ -287,11 +287,11 @@ sub check_ksh { } } -# Root and uucp should both be in /etc/ftpusers. +# nobody should be in /etc/ftpusers. sub check_ftpusers { my $filename = '/etc/ftpusers'; nag !(open my $fh, '', $filename), open: $filename: $! and return; - my %banned = qw(root 1 uucp 1); + my %banned = qw(nobody 1); while ($fh) { chomp; delete $banned{$_};
Re: Unbound in base, yes, what about ldns?
moved from misc to tech On 2014/03/23 18:09, Chris Smith wrote: On Thu, Mar 20, 2014 at 7:39 PM, Stuart Henderson s...@spacehopper.org wrote: You can uninstall the package if you don't need it, or you can keep it if you do need it (for example, for drill or the ldns-* tools). How about this line added to rc.conf.local when using the package: syslogd_flags=${syslogd_flags} -a /var/unbound/dev/log Is it still needed or should it be removed? Thanks, Chris I was waiting to be sure about this before adding an extra log socket in the jail. Unbound opens /dev/log pre-chroot, so under normal conditions this is not necessary, *however* if syslogd is restarted, the old socket is no longer valid, so Unbound stops logging. So I think yes we should have this. Of course now this is in base, it needs to be in syslogd's startup script rather than a local addition, so you can remove it from rc.conf.local. Index: rc.d/syslogd === RCS file: /cvs/src/etc/rc.d/syslogd,v retrieving revision 1.2 diff -u -p -r1.2 syslogd --- rc.d/syslogd15 Mar 2014 00:59:50 - 1.2 +++ rc.d/syslogd23 Mar 2014 22:18:05 - @@ -15,6 +15,8 @@ rc_pre() { daemon_flags=${daemon_flags} -a /var/named/dev/log [ X${nsd_flags} != XNO ] rm -f /var/nsd/dev/log \ daemon_flags=${daemon_flags} -a /var/nsd/dev/log + [ X${unbound_flags} != XNO ] rm -f /var/unbound/dev/log \ + daemon_flags=${daemon_flags} -a /var/unbound/dev/log [ -d /var/empty ] rm -f /var/empty/dev/log \ mkdir -p -m 0555 /var/empty/dev \ daemon_flags=${daemon_flags} -a /var/empty/dev/log Index: mtree/4.4BSD.dist === RCS file: /cvs/src/etc/mtree/4.4BSD.dist,v retrieving revision 1.245 diff -u -p -r1.245 4.4BSD.dist --- mtree/4.4BSD.dist 21 Mar 2014 00:23:15 - 1.245 +++ mtree/4.4BSD.dist 23 Mar 2014 22:18:05 - @@ -1357,6 +1357,11 @@ vi.recovermode=01777 # ./var/unbound unbound +# ./var/unbound/dev +devuname=root gname=wheel mode=0755 +# ./var/unbound/dev +.. + # ./var/unbound/etc etcuname=root gname=wheel mode=0755 # ./var/unbound/etc
dd gigabytes
A gigabyte is like a megabyte, except it's bigger and better. This adds support for g/G suffixes. It also updates and corrects the comments in the source. Also move the goto label out of the if. Index: args.c === RCS file: /cvs/src/bin/dd/args.c,v retrieving revision 1.22 diff -u -p -r1.22 args.c --- args.c 12 Feb 2014 01:18:36 - 1.22 +++ args.c 23 Mar 2014 22:16:58 - @@ -312,13 +312,12 @@ f_conv(char *arg) /* * Convert an expression of the following forms to a size_t - * 1) A positive decimal number. - * 2) A positive decimal number followed by a b (mult by 512). - * 3) A positive decimal number followed by a k (mult by 1024). - * 4) A positive decimal number followed by a m (mult by 1048576). - * 5) A positive decimal number followed by a w (mult by sizeof int) - * 6) Two or more positive decimal numbers (with/without k,b or w). - *separated by x (also * for backwards compatibility), specifying + * 1) A positive decimal number, optionally followed by + * b - multiply by 512. + * k, m or g - multply by 1024 each. + * w - multiply by sizeof int + * 2) Two or more of the above, separated by x + *(or * for backwards compatibility), specifying *the product of the indicated values. */ static size_t @@ -341,18 +340,24 @@ get_bsz(char *val) goto erange; ++expr; break; - case 'k': - case 'K': + case 'g': + case 'G': t = num; num *= 1024; if (t num) goto erange; - ++expr; - break; + /* fallthrough */ case 'm': case 'M': t = num; - num *= 1048576; + num *= 1024; + if (t num) + goto erange; + /* fallthrough */ + case 'k': + case 'K': + t = num; + num *= 1024; if (t num) goto erange; ++expr; @@ -374,23 +379,24 @@ get_bsz(char *val) t = num; num *= get_bsz(expr + 1); if (t num) -erange:errx(1, %s: %s, oper, strerror(ERANGE)); + goto erange; break; default: errx(1, %s: illegal numeric value, oper); } return (num); +erange: + errx(1, %s: %s, oper, strerror(ERANGE)); } /* * Convert an expression of the following forms to an off_t - * 1) A positive decimal number. - * 2) A positive decimal number followed by a b (mult by 512). - * 3) A positive decimal number followed by a k (mult by 1024). - * 4) A positive decimal number followed by a m (mult by 1048576). - * 5) A positive decimal number followed by a w (mult by sizeof int) - * 6) Two or more positive decimal numbers (with/without k,b or w). - *separated by x (also * for backwards compatibility), specifying + * 1) A positive decimal number, optionally followed by + * b - multiply by 512. + * k, m or g - multply by 1024 each. + * w - multiply by sizeof int + * 2) Two or more of the above, separated by x + *(or * for backwards compatibility), specifying *the product of the indicated values. */ static off_t @@ -413,18 +419,24 @@ get_off(char *val) goto erange; ++expr; break; - case 'k': - case 'K': + case 'g': + case 'G': t = num; num *= 1024; if (t num) goto erange; - ++expr; - break; + /* fallthrough */ case 'm': case 'M': t = num; - num *= 1048576; + num *= 1024; + if (t num) + goto erange; + /* fallthrough */ + case 'k': + case 'K': + t = num; + num *= 1024; if (t num) goto erange; ++expr; @@ -446,10 +458,12 @@ get_off(char *val) t = num; num *= get_off(expr + 1); if (t num) -erange:errx(1, %s: %s, oper, strerror(ERANGE)); + goto erange; break; default: errx(1, %s: illegal numeric value, oper); } return (num); +erange: + errx(1, %s: %s, oper, strerror(ERANGE)); } Index: dd.1 === RCS file:
Fix sendbug(1) link
Hi tech@ -- About a week and a half ago, this commit: http://marc.info/?l=openbsd-cvsm=139452134505276w=2 removed the query-pr.html page. sendbug(1) needs updating to reflect this, diff below. OK? ~Brian Index: sendbug.1 === RCS file: /cvs/src/usr.bin/sendbug/sendbug.1,v retrieving revision 1.23 diff -u -p -r1.23 sendbug.1 --- sendbug.116 Jul 2013 00:07:52 -1.23 +++ sendbug.123 Mar 2014 22:06:15 - @@ -56,7 +56,7 @@ should keep the same mail subject. The status of bug reports can be followed by checking the .Mt b...@openbsd.org mailing list archive available at -.Lk http://www.openbsd.org/query-pr.html . +.Lk http://www.openbsd.org/mail.html . .Pp The options are as follows: .Bl -tag -width Ds
Re: dd gigabytes
Fine with me. dd is often used in portable scripts. Do we need to document this as an extension, or has it already arrived in other implimentations? A gigabyte is like a megabyte, except it's bigger and better. This adds support for g/G suffixes. It also updates and corrects the comments in the source. Also move the goto label out of the if. Index: args.c === RCS file: /cvs/src/bin/dd/args.c,v retrieving revision 1.22 diff -u -p -r1.22 args.c --- args.c12 Feb 2014 01:18:36 - 1.22 +++ args.c23 Mar 2014 22:16:58 - @@ -312,13 +312,12 @@ f_conv(char *arg) /* * Convert an expression of the following forms to a size_t - * 1) A positive decimal number. - * 2) A positive decimal number followed by a b (mult by 512). - * 3) A positive decimal number followed by a k (mult by 1024). - * 4) A positive decimal number followed by a m (mult by 1048576). - * 5) A positive decimal number followed by a w (mult by sizeof int) - * 6) Two or more positive decimal numbers (with/without k,b or w). - * separated by x (also * for backwards compatibility), specifying + * 1) A positive decimal number, optionally followed by + * b - multiply by 512. + * k, m or g - multply by 1024 each. + * w - multiply by sizeof int + * 2) Two or more of the above, separated by x + * (or * for backwards compatibility), specifying * the product of the indicated values. */ static size_t @@ -341,18 +340,24 @@ get_bsz(char *val) goto erange; ++expr; break; - case 'k': - case 'K': + case 'g': + case 'G': t = num; num *= 1024; if (t num) goto erange; - ++expr; - break; + /* fallthrough */ case 'm': case 'M': t = num; - num *= 1048576; + num *= 1024; + if (t num) + goto erange; + /* fallthrough */ + case 'k': + case 'K': + t = num; + num *= 1024; if (t num) goto erange; ++expr; @@ -374,23 +379,24 @@ get_bsz(char *val) t = num; num *= get_bsz(expr + 1); if (t num) -erange: errx(1, %s: %s, oper, strerror(ERANGE)); + goto erange; break; default: errx(1, %s: illegal numeric value, oper); } return (num); +erange: + errx(1, %s: %s, oper, strerror(ERANGE)); } /* * Convert an expression of the following forms to an off_t - * 1) A positive decimal number. - * 2) A positive decimal number followed by a b (mult by 512). - * 3) A positive decimal number followed by a k (mult by 1024). - * 4) A positive decimal number followed by a m (mult by 1048576). - * 5) A positive decimal number followed by a w (mult by sizeof int) - * 6) Two or more positive decimal numbers (with/without k,b or w). - * separated by x (also * for backwards compatibility), specifying + * 1) A positive decimal number, optionally followed by + * b - multiply by 512. + * k, m or g - multply by 1024 each. + * w - multiply by sizeof int + * 2) Two or more of the above, separated by x + * (or * for backwards compatibility), specifying * the product of the indicated values. */ static off_t @@ -413,18 +419,24 @@ get_off(char *val) goto erange; ++expr; break; - case 'k': - case 'K': + case 'g': + case 'G': t = num; num *= 1024; if (t num) goto erange; - ++expr; - break; + /* fallthrough */ case 'm': case 'M': t = num; - num *= 1048576; + num *= 1024; + if (t num) + goto erange; + /* fallthrough */ + case 'k': + case 'K': + t = num; + num *= 1024; if (t num) goto erange; ++expr; @@ -446,10 +458,12 @@ get_off(char *val) t = num; num *= get_off(expr + 1); if (t num) -erange: errx(1, %s: %s, oper, strerror(ERANGE)); + goto erange; break; default: errx(1, %s: illegal numeric value, oper); } return (num); +erange: + errx(1, %s: %s, oper, strerror(ERANGE)); } Index: dd.1
Re: Unbound in base, yes, what about ldns?
I was waiting to be sure about this before adding an extra log socket in the jail. Unbound opens /dev/log pre-chroot, so under normal conditions this is not necessary, *however* if syslogd is restarted, the old socket is no longer valid, so Unbound stops logging. So I think yes we should have this. Of course now this is in base, it needs to be in syslogd's startup script rather than a local addition, so you can remove it from rc.conf.local. Seems sensible. We've done this in other software, though generally I think they end up always opening the one inside the jail, even upfront. Index: rc.d/syslogd === RCS file: /cvs/src/etc/rc.d/syslogd,v retrieving revision 1.2 diff -u -p -r1.2 syslogd --- rc.d/syslogd 15 Mar 2014 00:59:50 - 1.2 +++ rc.d/syslogd 23 Mar 2014 22:18:05 - @@ -15,6 +15,8 @@ rc_pre() { daemon_flags=${daemon_flags} -a /var/named/dev/log [ X${nsd_flags} != XNO ] rm -f /var/nsd/dev/log \ daemon_flags=${daemon_flags} -a /var/nsd/dev/log + [ X${unbound_flags} != XNO ] rm -f /var/unbound/dev/log \ + daemon_flags=${daemon_flags} -a /var/unbound/dev/log [ -d /var/empty ] rm -f /var/empty/dev/log \ mkdir -p -m 0555 /var/empty/dev \ daemon_flags=${daemon_flags} -a /var/empty/dev/log Index: mtree/4.4BSD.dist === RCS file: /cvs/src/etc/mtree/4.4BSD.dist,v retrieving revision 1.245 diff -u -p -r1.245 4.4BSD.dist --- mtree/4.4BSD.dist 21 Mar 2014 00:23:15 - 1.245 +++ mtree/4.4BSD.dist 23 Mar 2014 22:18:05 - @@ -1357,6 +1357,11 @@ vi.recover mode=01777 # ./var/unbound unbound +# ./var/unbound/dev +dev uname=root gname=wheel mode=0755 +# ./var/unbound/dev +.. + # ./var/unbound/etc etc uname=root gname=wheel mode=0755 # ./var/unbound/etc
bcrypt base64
The base64 functions in bcrypt.c are a little special. They can't be easily converted to using the normal b64_pton functions because bcrypt doesn't support == padding. Here's a diff that does make a few improvements. Better function argument types. size_t, const where appropriate, and leave char * data as a char *. And add a return value, though we're not checking it yet. Index: bcrypt.c === RCS file: /cvs/src/lib/libc/crypt/bcrypt.c,v retrieving revision 1.36 diff -u -p -r1.36 bcrypt.c --- bcrypt.c24 Mar 2014 00:00:29 - 1.36 +++ bcrypt.c24 Mar 2014 00:44:22 - @@ -52,8 +52,8 @@ char *bcrypt_gensalt(u_int8_t); -static void encode_base64(u_int8_t *, u_int8_t *, u_int16_t); -static void decode_base64(u_int8_t *, u_int16_t, u_int8_t *); +static int encode_base64(char *, const u_int8_t *, size_t); +static int decode_base64(u_int8_t *, size_t, const char *); /* * Generates a salt for this version of crypt. @@ -74,7 +74,7 @@ bcrypt_initsalt(int log_rounds, uint8_t log_rounds = 31; snprintf(salt, saltbuflen, $2a$%2.2u$, log_rounds); - encode_base64((uint8_t *)salt + 7, csalt, sizeof(csalt)); + encode_base64(salt + 7, csalt, sizeof(csalt)); return 0; } @@ -141,7 +141,7 @@ bcrypt_hashpass(const char *key, const c return -1; /* We dont want the base64 salt but the raw data */ - decode_base64(csalt, BCRYPT_MAXSALT, (u_int8_t *) salt); + decode_base64(csalt, BCRYPT_MAXSALT, salt); salt_len = BCRYPT_MAXSALT; if (minor = 'a') key_len = (u_int8_t)(strlen(key) + (minor = 'a' ? 1 : 0)); @@ -194,8 +194,8 @@ bcrypt_hashpass(const char *key, const c snprintf(encrypted + i, 4, %2.2u$, logr); - encode_base64((u_int8_t *) encrypted + i + 3, csalt, BCRYPT_MAXSALT); - encode_base64((u_int8_t *) encrypted + strlen(encrypted), ciphertext, + encode_base64(encrypted + i + 3, csalt, BCRYPT_MAXSALT); + encode_base64(encrypted + strlen(encrypted), ciphertext, 4 * BCRYPT_BLOCKS - 1); memset(state, 0, sizeof(state)); memset(ciphertext, 0, sizeof(ciphertext)); @@ -260,19 +260,23 @@ const static u_int8_t index_64[128] = { }; #define CHAR64(c) ( (c) 127 ? 255 : index_64[(c)]) -static void -decode_base64(u_int8_t *buffer, u_int16_t len, u_int8_t *data) +/* + * read buflen (after decoding) bytes of data from b64data + */ +static int +decode_base64(u_int8_t *buffer, size_t len, const char *b64data) { u_int8_t *bp = buffer; - u_int8_t *p = data; + const u_int8_t *p = b64data; u_int8_t c1, c2, c3, c4; + while (bp buffer + len) { c1 = CHAR64(*p); c2 = CHAR64(*(p + 1)); /* Invalid data */ if (c1 == 255 || c2 == 255) - break; + return -1; *bp++ = (c1 2) | ((c2 0x30) 4); if (bp = buffer + len) @@ -293,14 +297,20 @@ decode_base64(u_int8_t *buffer, u_int16_ p += 4; } + return 0; } -static void -encode_base64(u_int8_t *buffer, u_int8_t *data, u_int16_t len) +/* + * Turn len bytes of data into base64 encoded data. + * This works without = padding. + */ +static int +encode_base64(char *b64buffer, const u_int8_t *data, size_t len) { - u_int8_t *bp = buffer; - u_int8_t *p = data; + u_int8_t *bp = b64buffer; + const u_int8_t *p = data; u_int8_t c1, c2; + while (p data + len) { c1 = *p++; *bp++ = Base64Code[(c1 2)]; @@ -323,6 +333,7 @@ encode_base64(u_int8_t *buffer, u_int8_t *bp++ = Base64Code[c2 0x3f]; } *bp = '\0'; + return 0; } /*
Re: dd gigabytes
GNU dd definitely has it (along with the wholly-expected proliferation of other useless units). It's definitely not called for by POSIX. IIRC, Solaris supports some units but not others. HPUX doesn't support any units at all. Don't know what other BSDs or AIX support. -Adam On March 23, 2014 6:20:29 PM CDT, Theo de Raadt dera...@cvs.openbsd.org wrote: Fine with me. dd is often used in portable scripts. Do we need to document this as an extension, or has it already arrived in other implimentations? A gigabyte is like a megabyte, except it's bigger and better. This adds support for g/G suffixes. It also updates and corrects the comments in the source. Also move the goto label out of the if. Index: args.c === RCS file: /cvs/src/bin/dd/args.c,v retrieving revision 1.22 diff -u -p -r1.22 args.c --- args.c 12 Feb 2014 01:18:36 - 1.22 +++ args.c 23 Mar 2014 22:16:58 - @@ -312,13 +312,12 @@ f_conv(char *arg) /* * Convert an expression of the following forms to a size_t - * 1) A positive decimal number. - * 2) A positive decimal number followed by a b (mult by 512). - * 3) A positive decimal number followed by a k (mult by 1024). - * 4) A positive decimal number followed by a m (mult by 1048576). - * 5) A positive decimal number followed by a w (mult by sizeof int) - * 6) Two or more positive decimal numbers (with/without k,b or w). - * separated by x (also * for backwards compatibility), specifying + * 1) A positive decimal number, optionally followed by + * b - multiply by 512. + * k, m or g - multply by 1024 each. + * w - multiply by sizeof int + * 2) Two or more of the above, separated by x + * (or * for backwards compatibility), specifying * the product of the indicated values. */ static size_t @@ -341,18 +340,24 @@ get_bsz(char *val) goto erange; ++expr; break; -case 'k': -case 'K': +case 'g': +case 'G': t = num; num *= 1024; if (t num) goto erange; -++expr; -break; +/* fallthrough */ case 'm': case 'M': t = num; -num *= 1048576; +num *= 1024; +if (t num) +goto erange; +/* fallthrough */ +case 'k': +case 'K': +t = num; +num *= 1024; if (t num) goto erange; ++expr; @@ -374,23 +379,24 @@ get_bsz(char *val) t = num; num *= get_bsz(expr + 1); if (t num) -erange: errx(1, %s: %s, oper, strerror(ERANGE)); +goto erange; break; default: errx(1, %s: illegal numeric value, oper); } return (num); +erange: +errx(1, %s: %s, oper, strerror(ERANGE)); } /* * Convert an expression of the following forms to an off_t - * 1) A positive decimal number. - * 2) A positive decimal number followed by a b (mult by 512). - * 3) A positive decimal number followed by a k (mult by 1024). - * 4) A positive decimal number followed by a m (mult by 1048576). - * 5) A positive decimal number followed by a w (mult by sizeof int) - * 6) Two or more positive decimal numbers (with/without k,b or w). - * separated by x (also * for backwards compatibility), specifying + * 1) A positive decimal number, optionally followed by + * b - multiply by 512. + * k, m or g - multply by 1024 each. + * w - multiply by sizeof int + * 2) Two or more of the above, separated by x + * (or * for backwards compatibility), specifying * the product of the indicated values. */ static off_t @@ -413,18 +419,24 @@ get_off(char *val) goto erange; ++expr; break; -case 'k': -case 'K': +case 'g': +case 'G': t = num; num *= 1024; if (t num) goto erange; -++expr; -break; +/* fallthrough */ case 'm': case 'M': t = num; -num *= 1048576; +num *= 1024; +if (t num) +goto erange; +/* fallthrough */ +case 'k': +case 'K': +t = num; +num *= 1024; if (t num) goto erange; ++expr; @@ -446,10 +458,12 @@ get_off(char *val) t = num; num *= get_off(expr + 1); if (t num) -erange: errx(1, %s: %s, oper, strerror(ERANGE)); +
Re: dd gigabytes
Freebsd: If the number ends with a ``b'', ``k'', ``m'', ``g'', or ``w'', the number is multiplied by 512, 1024 (1K), 1048576 (1M), 1073741824 (1G) or the number of bytes in an integer, respectively. NetBSD: Where sizes are specified, a decimal number of bytes is expected. Two or more numbers may be separated by an ``x'' to indicate a product. Each number may have one of the following optional suffixes: bBlock; multiply by 512 kKibi; multiply by 1024 (1 KiB) mMebi; multiply by 1048576 (1 MiB) gGibi; multiply by 1073741824 (1 GiB) tTebi; multiply by 1099511627776 (1 TiB) wWord; multiply by the number of bytes in an integer On Sun, Mar 23, 2014 at 9:01 PM, Adam Thompson athom...@athompso.net wrote: GNU dd definitely has it (along with the wholly-expected proliferation of other useless units). It's definitely not called for by POSIX. IIRC, Solaris supports some units but not others. HPUX doesn't support any units at all. Don't know what other BSDs or AIX support. -Adam On March 23, 2014 6:20:29 PM CDT, Theo de Raadt dera...@cvs.openbsd.org wrote: Fine with me. dd is often used in portable scripts. Do we need to document this as an extension, or has it already arrived in other implimentations? A gigabyte is like a megabyte, except it's bigger and better. This adds support for g/G suffixes. It also updates and corrects the comments in the source. Also move the goto label out of the if. Index: args.c === RCS file: /cvs/src/bin/dd/args.c,v retrieving revision 1.22 diff -u -p -r1.22 args.c --- args.c 12 Feb 2014 01:18:36 - 1.22 +++ args.c 23 Mar 2014 22:16:58 - @@ -312,13 +312,12 @@ f_conv(char *arg) /* * Convert an expression of the following forms to a size_t - * 1) A positive decimal number. - * 2) A positive decimal number followed by a b (mult by 512). - * 3) A positive decimal number followed by a k (mult by 1024). - * 4) A positive decimal number followed by a m (mult by 1048576). - * 5) A positive decimal number followed by a w (mult by sizeof int) - * 6) Two or more positive decimal numbers (with/without k,b or w). - * separated by x (also * for backwards compatibility), specifying + * 1) A positive decimal number, optionally followed by + * b - multiply by 512. + * k, m or g - multply by 1024 each. + * w - multiply by sizeof int + * 2) Two or more of the above, separated by x + * (or * for backwards compatibility), specifying * the product of the indicated values. */ static size_t @@ -341,18 +340,24 @@ get_bsz(char *val) goto erange; ++expr; break; -case 'k': -case 'K': +case 'g': +case 'G': t = num; num *= 1024; if (t num) goto erange; -++expr; -break; +/* fallthrough */ case 'm': case 'M': t = num; -num *= 1048576; +num *= 1024; +if (t num) +goto erange; +/* fallthrough */ +case 'k': +case 'K': +t = num; +num *= 1024; if (t num) goto erange; ++expr; @@ -374,23 +379,24 @@ get_bsz(char *val) t = num; num *= get_bsz(expr + 1); if (t num) -erange: errx(1, %s: %s, oper, strerror(ERANGE)); +goto erange; break; default: errx(1, %s: illegal numeric value, oper); } return (num); +erange: +errx(1, %s: %s, oper, strerror(ERANGE)); } /* * Convert an expression of the following forms to an off_t - * 1) A positive decimal number. - * 2) A positive decimal number followed by a b (mult by 512). - * 3) A positive decimal number followed by a k (mult by 1024). - * 4) A positive decimal number followed by a m (mult by 1048576). - * 5) A positive decimal number followed by a w (mult by sizeof int) - * 6) Two or more positive decimal numbers (with/without k,b or w). - * separated by x (also * for backwards compatibility), specifying + * 1) A positive decimal number, optionally followed by + * b - multiply by 512. + * k, m or g - multply by 1024 each. + * w - multiply by sizeof int + * 2) Two or more of the above, separated by x + * (or * for backwards compatibility), specifying * the product of the indicated values. */ static off_t @@ -413,18 +419,24 @@ get_off(char *val) goto erange; ++expr; break; -case 'k': -case 'K': +case 'g': +
Re: the pshared situation
On Wed, Mar 19, 2014 at 3:40 PM, Ted Unangst t...@tedunangst.com wrote: ... If we're going to do this, I think we need to do it the right way. 1. Export opaque storage types, as in typedef struct _sem_storage { char payload[64]; } sem_t; Then librthread will be able to add and shuffle fields inside the struct as necessary. It better be an array of long and not char. Or maybe it'll need to have an explicit __align() with an MD argument (thank you, hppa). Philip
Re: the pshared situation
On Wed, Mar 19, 2014 at 3:40 PM, Ted Unangst t...@tedunangst.com wrote: ... If we're going to do this, I think we need to do it the right way. 1. Export opaque storage types, as in typedef struct _sem_storage { char payload[64]; } sem_t; Then librthread will be able to add and shuffle fields inside the struct as necessary. It better be an array of long and not char. Or maybe it'll need to have an explicit __align() with an MD argument (thank you, hppa). Yes, indeed, if you put a mutex in there (for hppa) you will want much better alignment, if you ever wish to statically declare it.