[PATCH] Slight clarification in iked.conf(5)
The from and to values for iked seemed backwords to me and the man page example description didn't clarify it. Make it a little more specific which end the example is talking about. Tim. Index: iked.conf.5 === RCS file: /cvs/src/sbin/iked/iked.conf.5,v retrieving revision 1.38 diff -u -p -r1.38 iked.conf.5 --- iked.conf.5 28 Feb 2015 21:51:57 - 1.38 +++ iked.conf.5 5 Jul 2015 00:17:49 - @@ -831,7 +831,7 @@ or the non-standard Curve25519. Please note that the EC2N groups are considered as insecure and only provided for backwards compatibility. .Sh EXAMPLES -The first example is intended for clients connecting to +The first example is intended for a server with clients connecting to .Xr iked 8 as an IPsec gateway, or IKEv2 responder, using mutual public key authentication and additional challenge-based EAP-MSCHAPv2 password
Brainy: Use-After-Free in if_et
Hi,
I put here a bug among others:
-- sys/dev/pci/if_et.c -
1808if (m_defrag(m, M_DONTWAIT)) {
m_freem(m);
printf("%s: can't defrag TX mbuf\n",
sc->sc_dev.dv_xname);
error = ENOBUFS;
goto back;
}
[...]
back:
if (error) {
m_freem(m);
*m0 = NULL;
}
Use-after-free with 'm'.
Found by The Brainy Code Scanner.
Maxime
Re: faq/current.html: Mention sudo removal
On 4 Jul 2015, at 11:16, Todd C. Miller wrote: On Sat, 04 Jul 2015 15:36:58 +0530, Hrishikesh Muruk wrote: Why is sudo being removed from base? It is pretty useful. I imagine many use sudo The version of sudo in base was 5 years old and not really maintainable. Theo has been uncomfortable with the amount of code in sudo that runs as root so there was resistance to updating it to a newer version. Moving sudo to ports means we have a more modern version available and also makes it possible to have an LDAP flavor. Sudo in base will likely be replaced either by tedu's doas or an extended su. - todd Sounds reasonable. Is there a place to read up on "does" or is that in very early stages yet? devin -- contact info: http://nacredata.com/devin Ask me about Google Apps for Work: hosting your domain-branded email, calendar and cloud storage on Google's infrastructure.
Re: faq/current.html: Mention sudo removal
On Sat, 04 Jul 2015 15:36:58 +0530, Hrishikesh Muruk wrote: > Why is sudo being removed from base? It is pretty useful. I imagine many > use sudo The version of sudo in base was 5 years old and not really maintainable. Theo has been uncomfortable with the amount of code in sudo that runs as root so there was resistance to updating it to a newer version. Moving sudo to ports means we have a more modern version available and also makes it possible to have an LDAP flavor. Sudo in base will likely be replaced either by tedu's doas or an extended su. - todd
disksort is finally dead
nothing uses any of the compat we had for disksort anymore, so that
compat can be removed.
ok?
Index: sys/buf.h
===
RCS file: /cvs/src/sys/sys/buf.h,v
retrieving revision 1.97
diff -u -p -r1.97 buf.h
--- sys/buf.h 9 Jan 2015 05:04:22 - 1.97
+++ sys/buf.h 4 Jul 2015 11:22:23 -
@@ -106,12 +106,6 @@ voidbufq_done(struct bufq *, struct b
voidbufq_quiesce(void);
voidbufq_restart(void);
-/* disksort */
-struct bufq_disksort {
- struct buf *bqd_actf;
- struct buf **bqd_actb;
-};
-
/* fifo */
SIMPLEQ_HEAD(bufq_fifo_head, buf);
struct bufq_fifo {
@@ -126,7 +120,6 @@ struct bufq_nscan {
/* bufq link in struct buf */
union bufq_data {
- struct bufq_disksortbufq_data_disksort;
struct bufq_fifobufq_data_fifo;
struct bufq_nscan bufq_data_nscan;
};
@@ -144,10 +137,6 @@ extern struct bio_ops {
void(*io_movedeps)(struct buf *, struct buf *);
int (*io_countdeps)(struct buf *, int, int);
} bioops;
-
-/* XXX: disksort(); */
-#define b_actf b_bufq.bufq_data_disksort.bqd_actf
-#define b_actb b_bufq.bufq_data_disksort.bqd_actb
/* The buffer header describes an I/O operation in the kernel. */
struct buf {
Re: faq/current.html: Mention sudo removal
On Sat, Jul 04, 2015 at 03:36:58PM +0530, Hrishikesh Muruk wrote: > Why is sudo being removed from base? Because millert@ and deraadt@ decided to do so. You can read some explanations in this thread: https://marc.info/?l=openbsd-ports&m=143465998814989&w=2 and tedu@'s blog post http://www.tedunangst.com/flak/post/out-with-the-old-in-with-the-less contains some general considerations that make this seem like a good decision. Since there's a port of a modern version of sudo, no harm, no foul. Anyway, I don't think we should clutter tech@ with the discussion and lamentation of a fait accompli.
Re: faq/current.html: Mention sudo removal
Why is sudo being removed from base? It is pretty useful. I imagine many use sudo Thanks Hrishi On Saturday 4 July 2015, Steven McDonald wrote: > Hi, > > Here's a patch for current.html telling users how to handle the sudo > removal from base. > > Index: faq/current.html > === > RCS file: /cvs/www/faq/current.html,v > retrieving revision 1.614 > diff -u -p -r1.614 current.html > --- faq/current.html2 Jul 2015 05:49:04 - 1.614 > +++ faq/current.html4 Jul 2015 03:35:43 - > @@ -41,6 +41,7 @@ > 2015/06/01 - alpha switches to > secureplt > 2015/06/02 - sparc switches to PIE > 2015/06/05 - [ports] default PHP version switched > to 5.6 > +2015/07/03 - sudo has moved to ports > > > > @@ -250,6 +251,27 @@ to allow client connections to function. > # mkdir -p /var/www/etc/ssl > # cp /etc/ssl/cert.pem /var/www/etc/ssl/ > > + > +2015/07/03 - sudo has moved to ports > + > +sudo(8) has been removed from the base OS. > +The old binaries and manual pages should be removed: > + > + rm -f /usr/bin/sudo /usr/bin/sudoedit /usr/sbin/visudo > + rm -f /usr/share/man/man8/sudo.8 /usr/share/man/man8/sudoedit.8 > + rm -f /usr/share/man/man8/visudo.8 /usr/share/man/man5/sudoers.5 > + > +If you would like to continue using sudo(8), install it from packages: > + > + pkg_add sudo > + > +Otherwise, remove its configuration as well: > + > + rm -f /etc/sudoers > + > +Caution: If you rely on sudo as your primary means of gaining > +root privileges, you should install and test it from packages (taking > +care to test using /usr/local/bin/sudo) before removing the old binary. > > > > >
Re: error:0906D064:PEM routines:PEM_read_bio:bad base64
Sure > On 4 jul 2015, at 01:44, Brent Cook wrote: > > Would you be comfortable adding some extra output to the various failure > points in EVP_DecodeUpdate to see where we are bailing out?
