[PATCH] Slight clarification in iked.conf(5)
The from and to values for iked seemed backwords to me and the man page example description didn't clarify it. Make it a little more specific which end the example is talking about. Tim. Index: iked.conf.5 === RCS file: /cvs/src/sbin/iked/iked.conf.5,v retrieving revision 1.38 diff -u -p -r1.38 iked.conf.5 --- iked.conf.5 28 Feb 2015 21:51:57 - 1.38 +++ iked.conf.5 5 Jul 2015 00:17:49 - @@ -831,7 +831,7 @@ or the non-standard Curve25519. Please note that the EC2N groups are considered as insecure and only provided for backwards compatibility. .Sh EXAMPLES -The first example is intended for clients connecting to +The first example is intended for a server with clients connecting to .Xr iked 8 as an IPsec gateway, or IKEv2 responder, using mutual public key authentication and additional challenge-based EAP-MSCHAPv2 password
Brainy: Use-After-Free in if_et
Hi, I put here a bug among others: -- sys/dev/pci/if_et.c - 1808if (m_defrag(m, M_DONTWAIT)) { m_freem(m); printf("%s: can't defrag TX mbuf\n", sc->sc_dev.dv_xname); error = ENOBUFS; goto back; } [...] back: if (error) { m_freem(m); *m0 = NULL; } Use-after-free with 'm'. Found by The Brainy Code Scanner. Maxime
Re: faq/current.html: Mention sudo removal
On 4 Jul 2015, at 11:16, Todd C. Miller wrote: On Sat, 04 Jul 2015 15:36:58 +0530, Hrishikesh Muruk wrote: Why is sudo being removed from base? It is pretty useful. I imagine many use sudo The version of sudo in base was 5 years old and not really maintainable. Theo has been uncomfortable with the amount of code in sudo that runs as root so there was resistance to updating it to a newer version. Moving sudo to ports means we have a more modern version available and also makes it possible to have an LDAP flavor. Sudo in base will likely be replaced either by tedu's doas or an extended su. - todd Sounds reasonable. Is there a place to read up on "does" or is that in very early stages yet? devin -- contact info: http://nacredata.com/devin Ask me about Google Apps for Work: hosting your domain-branded email, calendar and cloud storage on Google's infrastructure.
Re: faq/current.html: Mention sudo removal
On Sat, 04 Jul 2015 15:36:58 +0530, Hrishikesh Muruk wrote: > Why is sudo being removed from base? It is pretty useful. I imagine many > use sudo The version of sudo in base was 5 years old and not really maintainable. Theo has been uncomfortable with the amount of code in sudo that runs as root so there was resistance to updating it to a newer version. Moving sudo to ports means we have a more modern version available and also makes it possible to have an LDAP flavor. Sudo in base will likely be replaced either by tedu's doas or an extended su. - todd
disksort is finally dead
nothing uses any of the compat we had for disksort anymore, so that compat can be removed. ok? Index: sys/buf.h === RCS file: /cvs/src/sys/sys/buf.h,v retrieving revision 1.97 diff -u -p -r1.97 buf.h --- sys/buf.h 9 Jan 2015 05:04:22 - 1.97 +++ sys/buf.h 4 Jul 2015 11:22:23 - @@ -106,12 +106,6 @@ voidbufq_done(struct bufq *, struct b voidbufq_quiesce(void); voidbufq_restart(void); -/* disksort */ -struct bufq_disksort { - struct buf *bqd_actf; - struct buf **bqd_actb; -}; - /* fifo */ SIMPLEQ_HEAD(bufq_fifo_head, buf); struct bufq_fifo { @@ -126,7 +120,6 @@ struct bufq_nscan { /* bufq link in struct buf */ union bufq_data { - struct bufq_disksortbufq_data_disksort; struct bufq_fifobufq_data_fifo; struct bufq_nscan bufq_data_nscan; }; @@ -144,10 +137,6 @@ extern struct bio_ops { void(*io_movedeps)(struct buf *, struct buf *); int (*io_countdeps)(struct buf *, int, int); } bioops; - -/* XXX: disksort(); */ -#define b_actf b_bufq.bufq_data_disksort.bqd_actf -#define b_actb b_bufq.bufq_data_disksort.bqd_actb /* The buffer header describes an I/O operation in the kernel. */ struct buf {
Re: faq/current.html: Mention sudo removal
On Sat, Jul 04, 2015 at 03:36:58PM +0530, Hrishikesh Muruk wrote: > Why is sudo being removed from base? Because millert@ and deraadt@ decided to do so. You can read some explanations in this thread: https://marc.info/?l=openbsd-ports&m=143465998814989&w=2 and tedu@'s blog post http://www.tedunangst.com/flak/post/out-with-the-old-in-with-the-less contains some general considerations that make this seem like a good decision. Since there's a port of a modern version of sudo, no harm, no foul. Anyway, I don't think we should clutter tech@ with the discussion and lamentation of a fait accompli.
Re: faq/current.html: Mention sudo removal
Why is sudo being removed from base? It is pretty useful. I imagine many use sudo Thanks Hrishi On Saturday 4 July 2015, Steven McDonald wrote: > Hi, > > Here's a patch for current.html telling users how to handle the sudo > removal from base. > > Index: faq/current.html > === > RCS file: /cvs/www/faq/current.html,v > retrieving revision 1.614 > diff -u -p -r1.614 current.html > --- faq/current.html2 Jul 2015 05:49:04 - 1.614 > +++ faq/current.html4 Jul 2015 03:35:43 - > @@ -41,6 +41,7 @@ > 2015/06/01 - alpha switches to > secureplt > 2015/06/02 - sparc switches to PIE > 2015/06/05 - [ports] default PHP version switched > to 5.6 > +2015/07/03 - sudo has moved to ports > > > > @@ -250,6 +251,27 @@ to allow client connections to function. > # mkdir -p /var/www/etc/ssl > # cp /etc/ssl/cert.pem /var/www/etc/ssl/ > > + > +2015/07/03 - sudo has moved to ports > + > +sudo(8) has been removed from the base OS. > +The old binaries and manual pages should be removed: > + > + rm -f /usr/bin/sudo /usr/bin/sudoedit /usr/sbin/visudo > + rm -f /usr/share/man/man8/sudo.8 /usr/share/man/man8/sudoedit.8 > + rm -f /usr/share/man/man8/visudo.8 /usr/share/man/man5/sudoers.5 > + > +If you would like to continue using sudo(8), install it from packages: > + > + pkg_add sudo > + > +Otherwise, remove its configuration as well: > + > + rm -f /etc/sudoers > + > +Caution: If you rely on sudo as your primary means of gaining > +root privileges, you should install and test it from packages (taking > +care to test using /usr/local/bin/sudo) before removing the old binary. > > > > >
Re: error:0906D064:PEM routines:PEM_read_bio:bad base64
Sure > On 4 jul 2015, at 01:44, Brent Cook wrote: > > Would you be comfortable adding some extra output to the various failure > points in EVP_DecodeUpdate to see where we are bailing out?