Re: ktrace: Following symlinks
On Thu, Jun 29, 2017 at 10:42 PM, Klemens Nanni wrote: > On Thu, Jun 29, 2017 at 09:50:25PM -0700, Philip Guenther wrote: >> >> On Thu, Jun 22, 2017 at 7:17 PM, Klemens Nanni wrote: >>> >>> So I just wrapped my head around vfs(9) with regard to making ktrace >>> following symlinks again, however I don't quite understand what problems >>> may occur when doing so. May anyone enlighten me on this? >> >> >> IMHO, it makes more sense to add fktrace(2) aka NetBSD where an open >> fd is passed in. > > To have a more generic interface? Yes. ktrace -f - some_command | kdump Hmm, I wonder what happens if the fd involved is a pipe to the process being traced and if that will deadlock the kernel. Uh, hmm, could that happen as well with your suggestion to support FIFO if the traced process is the only reader, ala: mkfifio kt ktrace -f kt kdump -f /dev/stdin < kt ? It's okay if that just blocks, but it's not okay if it blocks processes that aren't being traced or if it eats the CPU. (VREG vnodes are exactly what the kernel can write to without having to worry about looping internally or userspace blocking it for arbitrary lengths of time. Well, at least if we ignore FUSE, which is basically ignored for this sort of discussion anyway, being a security nightmare. Anyone tried to ktrace a fuse-serving process, directing the ktrace to the fuse'd filesystem? Same question applies to acct() to a fuse'd filesystem, but at least that's root-only.) > Why not letting ktrace(2) handle this just like it already does for regular > files? *If* if it's safe (see above for an *example* consideration), then fd / struct file base access is much more general than filename / vnode based access. ktrace(1) *always* open()s the target filename, so would arguably remove a TOCTOU. Philip Guenther
Re: Fix compilation warning/error when using ACPIVIDEO_DEBUG
On Wed, Jun 28, 2017 at 10:13:25PM +0200, Fasse wrote:
> When building OpenBSD with the ACPIVIDEO_DEBUG option set the
> compilation fails:
>
> cc1: warnings being treated as errors
> /usr/src/sys/dev/acpi/acpivideo.c: In function 'acpivideo_set_policy':
> /usr/src/sys/dev/acpi/acpivideo.c:136: warning: format '%X' expects type
> 'unsigned int', but argument 3 has type 'int64_t'
> /usr/src/sys/dev/acpi/acpivideo.c:136: error: expected expression before '/'
> token
> *** Error 1 in /usr/src/sys/arch/amd64/compile/CUSTOM (Makefile:960
> 'acpivideo.o')
>
>
> The return type of aml_val2int (AML_EVALNODE(9)) is int64_t.
> The 'patch' below switches to the format specifier %lld. According to
> C99 long long must be at least 64 bit wide so it should be fine!?
> Otherwise, and PRId64 might be an option. However, quickly
> searching the src-tree reveals PRId64 is seldom used.
>
>
> Index: src/sys/dev/acpi/acpivideo.c
> ===
> RCS file: /cvs/src/sys/dev/acpi/acpivideo.c,v
> retrieving revision 1.10
> diff -u -p -u -r1.10 acpivideo.c
> --- src/sys/dev/acpi/acpivideo.c 14 Mar 2015 03:38:47 - 1.10
> +++ src/sys/dev/acpi/acpivideo.c 28 Jun 2017 18:39:48 -
> @@ -132,7 +132,7 @@ acpivideo_set_policy(struct acpivideo_so
> args.type = AML_OBJTYPE_INTEGER;
>
> aml_evalname(sc->sc_acpi, sc->sc_devnode, "_DOS", 1, &args, &res);
> - DPRINTF(("%s: set policy to %X\n", DEVNAME(sc), aml_val2int(&res)));
> + DPRINTF(("%s: set policy to %lld\n", DEVNAME(sc), aml_val2int(&res)));
>
> aml_freevalue(&res);
> }
>
thanks. fixed.
Re: ktrace: Following symlinks
On Thu, Jun 29, 2017 at 09:50:25PM -0700, Philip Guenther wrote: On Thu, Jun 22, 2017 at 7:17 PM, Klemens Nanni wrote: So I just wrapped my head around vfs(9) with regard to making ktrace following symlinks again, however I don't quite understand what problems may occur when doing so. May anyone enlighten me on this? IMHO, it makes more sense to add fktrace(2) aka NetBSD where an open fd is passed in. To have a more generic interface? Why not letting ktrace(2) handle this just like it already does for regular files?
Re: ktrace: Following symlinks
On Thu, Jun 22, 2017 at 7:17 PM, Klemens Nanni wrote: > So I just wrapped my head around vfs(9) with regard to making ktrace > following symlinks again, however I don't quite understand what problems > may occur when doing so. May anyone enlighten me on this? IMHO, it makes more sense to add fktrace(2) aka NetBSD where an open fd is passed in. Philip Guenther
Re: proposal: syspatch -v
> Peter Piwowarski wrote: > > At present, what exactly was patched is not immediately obvious from > > syspatch output, which could be annoying for administrators who want to > > take some action based on what was changed (restart daemons linked to > > patched libraries, etc). Could a -v option for syspatch (patch below), > > causing it to print a message for each altered file, be a good idea? > > Alternatively, perhaps there could be a hint, either in syspatch's > > output or in the FAQ/manpage, that administrators should consider > > reading each source patch to get an idea of what changed. > > you add one -v option, they show up everywhere. :) > > there was a little discussion a while ago with some developers, and i think > the consensus was we could print a little hint about what changed, every time. > or maybe we decided not to print anything? there was also the idea that > syspatch is meant to help automate patching, but you should still read the > patch and understand it. yes, that is essentially what we decided. if we add the tooling to supply less-detailed information here, we are covering up for people's shortcomings of not reading the errata and patch. i'd like to mention that when 6.2 comes around, this will be handling the linkkit in /usr/share/compile/GENERIC*, and the number of files in a kernel patch will get larger. It is unlikely you will want to see that.
Re: proposal: syspatch -v
Peter Piwowarski wrote: > At present, what exactly was patched is not immediately obvious from > syspatch output, which could be annoying for administrators who want to > take some action based on what was changed (restart daemons linked to > patched libraries, etc). Could a -v option for syspatch (patch below), > causing it to print a message for each altered file, be a good idea? > Alternatively, perhaps there could be a hint, either in syspatch's > output or in the FAQ/manpage, that administrators should consider > reading each source patch to get an idea of what changed. you add one -v option, they show up everywhere. :) there was a little discussion a while ago with some developers, and i think the consensus was we could print a little hint about what changed, every time. or maybe we decided not to print anything? there was also the idea that syspatch is meant to help automate patching, but you should still read the patch and understand it. the question would be if adding an optional argument to syspatch is the best way to solve this. if this information is important, it shouldn't be optional. and/or, is a list of names really the important information you want.
Re: [patch] security(8) and spamd blacklist
On Thu, Jun 29, 2017 at 10:06:56PM +0100, Stuart Henderson wrote: > On 2017/06/29 21:37, Fritjof Bornebusch wrote: > > Hi, > > > > security(8) iterates over /var/mail and check is the files belong to the > > owner of the same name. So far so good, but spamd.conf.5 says: > > > > override:\ > > :white:\ > > :method=file:\ > > :file=/var/mail/override.txt: > > > > myblack:\ > > :black:\ > > :msg=/var/mail/myblackmsg.txt:\ > > :method=file:\ > > :file=/var/mail/myblack.txt: > > > > so the user *black.txt* and/or *override.txt* are assumed to exist > > by security(8). As it says: > > > > Checking mailbox ownership. > > user myblack.txt mailbox is owned by _spamd > > > > The following diff documents this in the manpage of spamd.conf(5) by > > changing the path to /var/mail/_spamd/. > > > > I thought about changing security(8) to fix this, but _spamd is the name > > of the user, so it does whats it's supposed to do. > > Wouldn't something like /etc/mail be better for these examples? > > It seems contradictory to hier(7) to have anything other than user mailboxes > in /var/mail (even if it's just an example in the manual). > Good point. Index: spamd.conf.5 === RCS file: /cvs/src/share/man/man5/spamd.conf.5,v retrieving revision 1.19 diff -u -p -r1.19 spamd.conf.5 --- spamd.conf.516 Mar 2017 15:09:32 - 1.19 +++ spamd.conf.529 Jun 2017 21:24:02 - @@ -65,13 +65,13 @@ nixspam:\e override:\e :white:\e :method=file:\e - :file=/var/mail/override.txt: + :file=/etc/mail/override.txt: myblack:\e :black:\e - :msg=/var/mail/myblackmsg.txt:\e + :msg=/etc/mail/myblackmsg.txt:\e :method=file:\e - :file=/var/mail/myblack.txt: + :file=/etc/mail/myblack.txt: .Ed .Pp The default configuration file must include the entry
fix relayd dns protocol
Hi!
config_setrelay>relay_privinit>relay_udp_privinit doesn't set env
since env isn't set in relay.c yet, causing dns relay to SIGSEGV
in relay_udp_server. Move setting env to relay_udp_init.
Rivo
Index: usr.sbin/relayd/relay.c
===
RCS file: /cvs/src/usr.sbin/relayd/relay.c,v
retrieving revision 1.221
diff -u -p -r1.221 relay.c
--- usr.sbin/relayd/relay.c 28 May 2017 10:39:15 - 1.221
+++ usr.sbin/relayd/relay.c 29 Jun 2017 20:58:08 -
@@ -285,7 +285,7 @@ relay_privinit(struct relay *rlay)
switch (rlay->rl_proto->type) {
case RELAY_PROTO_DNS:
- relay_udp_privinit(env, rlay);
+ relay_udp_privinit(rlay);
break;
case RELAY_PROTO_TCP:
break;
@@ -445,7 +445,7 @@ relay_launch(void)
switch (rlay->rl_proto->type) {
case RELAY_PROTO_DNS:
- relay_udp_init(rlay);
+ relay_udp_init(env, rlay);
break;
case RELAY_PROTO_TCP:
case RELAY_PROTO_HTTP:
Index: usr.sbin/relayd/relay_udp.c
===
RCS file: /cvs/src/usr.sbin/relayd/relay_udp.c,v
retrieving revision 1.46
diff -u -p -r1.46 relay_udp.c
--- usr.sbin/relayd/relay_udp.c 28 May 2017 10:39:15 - 1.46
+++ usr.sbin/relayd/relay_udp.c 29 Jun 2017 20:58:08 -
@@ -58,20 +58,20 @@ void relay_dns_result(struct rsession
int relay_dns_cmp(struct rsession *, struct rsession *);
void
-relay_udp_privinit(struct relayd *x_env, struct relay *rlay)
+relay_udp_privinit(struct relay *rlay)
{
- if (env == NULL)
- env = x_env;
-
if (rlay->rl_conf.flags & F_TLS)
fatalx("tls over udp is not supported");
rlay->rl_conf.flags |= F_UDP;
}
void
-relay_udp_init(struct relay *rlay)
+relay_udp_init(struct relayd *x_env, struct relay *rlay)
{
struct protocol *proto = rlay->rl_proto;
+
+ if (env == NULL)
+ env = x_env;
switch (proto->type) {
case RELAY_PROTO_DNS:
Index: usr.sbin/relayd/relayd.h
===
RCS file: /cvs/src/usr.sbin/relayd/relayd.h,v
retrieving revision 1.240
diff -u -p -r1.240 relayd.h
--- usr.sbin/relayd/relayd.h27 May 2017 08:33:25 - 1.240
+++ usr.sbin/relayd/relayd.h29 Jun 2017 20:58:08 -
@@ -1218,8 +1218,8 @@ intrelay_httpdesc_init(struct ctl_rela
ssize_t relay_http_time(time_t, char *, size_t);
/* relay_udp.c */
-voidrelay_udp_privinit(struct relayd *, struct relay *);
-voidrelay_udp_init(struct relay *);
+voidrelay_udp_privinit(struct relay *);
+voidrelay_udp_init(struct relayd *, struct relay *);
int relay_udp_bind(struct sockaddr_storage *, in_port_t,
struct protocol *);
voidrelay_udp_server(int, short, void *);
Re: [patch] security(8) and spamd blacklist
On 2017/06/29 21:37, Fritjof Bornebusch wrote: > Hi, > > security(8) iterates over /var/mail and check is the files belong to the > owner of the same name. So far so good, but spamd.conf.5 says: > > override:\ > :white:\ > :method=file:\ > :file=/var/mail/override.txt: > > myblack:\ > :black:\ > :msg=/var/mail/myblackmsg.txt:\ > :method=file:\ > :file=/var/mail/myblack.txt: > > so the user *black.txt* and/or *override.txt* are assumed to exist > by security(8). As it says: > > Checking mailbox ownership. > user myblack.txt mailbox is owned by _spamd > > The following diff documents this in the manpage of spamd.conf(5) by > changing the path to /var/mail/_spamd/. > > I thought about changing security(8) to fix this, but _spamd is the name > of the user, so it does whats it's supposed to do. Wouldn't something like /etc/mail be better for these examples? It seems contradictory to hier(7) to have anything other than user mailboxes in /var/mail (even if it's just an example in the manual).
csh(1): remove size parameter from tenex()
Hi,
Both the old (prior getting rid of TIOCSTI) and the new implementation
of tenex() makes assumptions about the capacity of the input buffer
without respect to the inputline_size parameter. A more correct handling
would be to set `cl.size = MIN(BUFSIZ, inputline_size)` but since
tenex() only has one call-site I would prefer getting rid of the
parameter.
Comments? OK?
Index: extern.h
===
RCS file: /cvs/src/bin/csh/extern.h,v
retrieving revision 1.25
diff -u -p -r1.25 extern.h
--- extern.h26 Dec 2015 13:48:38 - 1.25
+++ extern.h29 Jun 2017 20:21:47 -
@@ -98,7 +98,7 @@ int exp0(Char ***, bool);
/*
* file.c
*/
-inttenex(Char *, int);
+inttenex(Char *);
/*
* func.c
Index: file.c
===
RCS file: /cvs/src/bin/csh/file.c,v
retrieving revision 1.30
diff -u -p -r1.30 file.c
--- file.c 29 Jun 2017 04:23:12 - 1.30
+++ file.c 29 Jun 2017 20:21:47 -
@@ -745,7 +745,7 @@ is_suffix(Char *check, Char *template)
}
int
-tenex(Char *inputline, int inputline_size)
+tenex(Char *inputline)
{
static struct {
int (*fn)(struct cmdline *, int);
Index: lex.c
===
RCS file: /cvs/src/bin/csh/lex.c,v
retrieving revision 1.24
diff -u -p -r1.24 lex.c
--- lex.c 23 Jan 2017 04:53:15 - 1.24
+++ lex.c 29 Jun 2017 20:21:48 -
@@ -1429,7 +1429,7 @@ again:
roomleft = BUFSIZ - off;
for (;;) {
if (filec && intty) {
- c = numleft ? numleft : tenex(ttyline, BUFSIZ);
+ c = numleft ? numleft : tenex(ttyline);
if (c > roomleft) {
/* start with fresh buffer */
feobp = fseekp = fblocks * BUFSIZ;
[patch] security(8) and spamd blacklist
Hi, security(8) iterates over /var/mail and check is the files belong to the owner of the same name. So far so good, but spamd.conf.5 says: override:\ :white:\ :method=file:\ :file=/var/mail/override.txt: myblack:\ :black:\ :msg=/var/mail/myblackmsg.txt:\ :method=file:\ :file=/var/mail/myblack.txt: so the user *black.txt* and/or *override.txt* are assumed to exist by security(8). As it says: Checking mailbox ownership. user myblack.txt mailbox is owned by _spamd The following diff documents this in the manpage of spamd.conf(5) by changing the path to /var/mail/_spamd/. I thought about changing security(8) to fix this, but _spamd is the name of the user, so it does whats it's supposed to do. Comments? Because the notification above is very annoying. --f. Index: spamd.conf.5 === RCS file: /cvs/src/share/man/man5/spamd.conf.5,v retrieving revision 1.19 diff -u -p -r1.19 spamd.conf.5 --- spamd.conf.516 Mar 2017 15:09:32 - 1.19 +++ spamd.conf.529 Jun 2017 19:30:27 - @@ -65,13 +65,13 @@ nixspam:\e override:\e :white:\e :method=file:\e - :file=/var/mail/override.txt: + :file=/var/mail/_spamd/override.txt: myblack:\e :black:\e - :msg=/var/mail/myblackmsg.txt:\e + :msg=/var/mail/_spamd/myblackmsg.txt:\e :method=file:\e - :file=/var/mail/myblack.txt: + :file=/var/mail/_spamd/myblack.txt: .Ed .Pp The default configuration file must include the entry
magic.5: Add missing types
While reading file(1)'s code in #openbsd-daily mulander noted that the 'name' and 'use' types were missing from magic(5). I'm not entirely sure yet whether this is complete, so here's what I did: magic(5) provided by devel/magic documents version 5.31 while base's magic(5) is at 4.24. Here are the types found in 5.31 but not ours as well as those of the missing ones that are actually implemented but undocumented as of now: $ grep -i "TYPE_($(grep -F 'It Dv' $(man -w magic) | cut -d' ' -f3 | sort | uniq -u | paste -sd\| - | tee /dev/stderr))" magic.h beid3|beqwdate|clear|indirect|leid3|leqwdate|name|qwdate|use MAGIC_TYPE_CLEAR, MAGIC_TYPE_NAME, MAGIC_TYPE_USE, What about the current version being 4.21? We're clearly ahead of this, it seems magic(5) wasn't updated when nicm@ reimplemented things. This patch documents the respective types. Feedback/OK? Index: magic.5 === RCS file: /cvs/src/usr.bin/file/magic.5,v retrieving revision 1.17 diff -u -p -r1.17 magic.5 --- magic.5 24 Apr 2016 07:02:07 - 1.17 +++ magic.5 29 Jun 2017 17:41:56 - @@ -218,6 +218,31 @@ This is intended to be used with the tes .Em x (which is always true) and a message that is to be used if there are no other matches. +.It Dv clear +This test is always true and clears the match flag for that continuation +level. +It is intended to be used with the default test. +.It Dv name +Define a +.Dq named +magic instance that can be called from another +.Dv use +magic entry, like a subroutine call. +Named instance direct magic offsets are relative to the offset of the +previous matched entry, but indirect offsets are relative to the +beginning of the file as usual. +Named magic entries always match. +.It Dv use +Recursively call the named magic starting from the current offset. +If the name of the referenced begins with a +.Dv ^ +then the endianness of the magic is switched; if the magic mentioned +.Dv leshort +for example, +it is treated as +.Dv beshort +and vice versa. +This is useful to avoid duplicating the rules for different endianness. .El .Pp Each top-level magic pattern (see below for an explanation of levels)
proposal: syspatch -v
At present, what exactly was patched is not immediately obvious from
syspatch output, which could be annoying for administrators who want to
take some action based on what was changed (restart daemons linked to
patched libraries, etc). Could a -v option for syspatch (patch below),
causing it to print a message for each altered file, be a good idea?
Alternatively, perhaps there could be a hint, either in syspatch's
output or in the FAQ/manpage, that administrators should consider
reading each source patch to get an idea of what changed.
Note that the below patch will print a notice for each new or altered
file, including the archived source patches. I think that's a feature,
in that it calls attention to their presence.
Index: syspatch.8
===
RCS file: /cvs/src/usr.sbin/syspatch/syspatch.8,v
retrieving revision 1.18
diff -u -p -r1.18 syspatch.8
--- syspatch.8 9 May 2017 12:23:04 - 1.18
+++ syspatch.8 29 Jun 2017 16:56:12 -
@@ -14,7 +14,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
SOFTWARE. .\"
-.Dd $Mdocdate: May 9 2017 $
+.Dd $Mdocdate: Jun 29 2017 $
.Dt SYSPATCH 8
.Os
.Sh NAME
@@ -22,7 +22,7 @@
.Nd manage base system binary patches
.Sh SYNOPSIS
.Nm syspatch
-.Op Fl c | l | R | r
+.Op Fl c | l | R | r | v
.Sh DESCRIPTION
.Nm
is a utility to fetch, verify, install and revert
@@ -50,6 +50,8 @@ List installed patches.
Revert all patches.
.It Fl r
Revert the most recently installed patch.
+.It Fl v
+Verbose mode; print a message for each new or modified file.
.El
.Sh FILES
.Bl -tag -width "/bsd.syspatch${OSrev}" -compact
Index: syspatch.sh
===
RCS file: /cvs/src/usr.sbin/syspatch/syspatch.sh,v
retrieving revision 1.114
diff -u -p -r1.114 syspatch.sh
--- syspatch.sh 9 Jun 2017 07:37:38 - 1.114
+++ syspatch.sh 29 Jun 2017 16:56:12 -
@@ -26,7 +26,7 @@ sp_err()
usage()
{
- sp_err "usage: ${0##*/} [-c | -l | -R | -r]"
+ sp_err "usage: ${0##*/} [-c | -l | -R | -r | -v]"
}
apply_patch()
@@ -163,6 +163,8 @@ install_file()
eval $(stat -f "_fmode=%OMp%OLp _fown=%Su _fgrp=%Sg" ${_src})
+ [[ ${_VERBOSE} ]] && echo "installing new/changed file ${_dst}"
+
install -DFSp -m ${_fmode} -o ${_fown} -g ${_fgrp} ${_src}
${_dst}}
@@ -175,6 +177,8 @@ install_kernel()
[[ ${_kern##*/} == bsd ]] && _bsd=bsd.sp || _bsd=bsd
fi
+ [[ ${_VERBOSE} ]] && echo "replacing kernel with ${_kern##*/}"
+
install -FSp ${_kern} /${_bsd:-${_kern##*/}}
}
@@ -308,12 +312,13 @@ readonly _BSDMP _KERNV _MIRROR _OSrev _P
trap 'set +e; rm -rf "${_TMP}"' EXIT
trap exit HUP INT TERM
-while getopts clRr arg; do
+while getopts clRrv arg; do
case ${arg} in
c) ls_missing ;;
l) ls_installed ;;
R) while [[ -n $(ls_installed) ]]; do rollback_patch; done ;;
r) rollback_patch ;;
+ v) _VERBOSE=yes ;;
*) usage ;;
esac
done
Re: no-depends for real, the juicy part
On Wed, Jun 28, 2017 at 04:59:37PM +0200, Marc Espie wrote:
> This is the actual patch that more or less neuters depends.
>
> So this gets rid of all internals for depend/beforedepend/afterdepend.
>
> NOTE that this does not *remove* the 'make depend' stage, just it won't do
> anything except for a few select parts (old gcc3 and mesa in particular
> depend on it).
>
> (aoyama-san, luna88k should be happy with this, hopefully)
>
> bsd.prog.mk and bsd.lib.mk both use -MD -MP, they both add to DEPS,
> and bsd.dep.mk sincludes all the *.d files declared in DEPS.
>
> The rest is there to cope with some funny aspects of our makefiles and
> compilers.
>
> - both gcc and clang need some extra-handholding when using -MD -MP for
> asm files. They do need to be told where to put the result with -MF,
> otherwise, they *will* just do the depends part, and not the actual compile.
>
> - all "behind the scene" targets that do some intermediate compiles need
> some adjustment. Specifically, yacc and lex rules use some extra sed to
> get the actual target in the .d file. And lib rules always go thru some
> intermediate stage.
>
> - like for "old-style" depends, all the .o/.po/.so/.do... targets in lib
> end up generating one single .d, with all the targets jumbled together,
> which is then moved atomically to its resting place using mv.
>
> - final trick: .S rules in bsd.prog.mk are only defined if bsd.lib.mk
> didn't already define it.
>
>
> This code has been run thru build, release, xenocara, and ports for a
> while now...
>
> It should be at least as accurate at generating depends on-the-fly as
> the old code was generating depend in one-go (and this code DOES generate
> depends in clang without any extra mechanism needed).
>
>
> Variable names and details are open to discussion, but this should be
> in good enough shape for okays.
Updated patch.
- krw@ noticed a problem in games/hack, which I didn't run into
somehow. Randomized build order and timings, all that...
- tb@ noticed lib *.d files didn't get cleaned, which is actually a deeper
problem; I mixed up several generations of patches, so the DEPS definition
in bsd.lib.mk is not the right one, missing a :R... and libs were missing
proper depends.
- I added .depend to the list of CLEANFILES to simplify the transition
to the new style.
I should say this one is final, but with Murphy's help, that probably means
I'll find a bug in the next ten minutes.
Index: share/mk/bsd.dep.mk
===
RCS file: /cvs/src/share/mk/bsd.dep.mk,v
retrieving revision 1.15
diff -u -p -r1.15 bsd.dep.mk
--- share/mk/bsd.dep.mk 16 Jun 2017 10:20:52 - 1.15
+++ share/mk/bsd.dep.mk 29 Jun 2017 15:03:08 -
@@ -1,42 +1,22 @@
# $OpenBSD: bsd.dep.mk,v 1.15 2017/06/16 10:20:52 espie Exp $
# $NetBSD: bsd.dep.mk,v 1.12 1995/09/27 01:15:09 christos Exp $
-# some of the rules involve .h sources, so remove them from mkdep line
-.if !target(depend)
-depend: beforedepend .depend realdepend afterdepend
-.ORDER: beforedepend .depend realdepend afterdepend
-realdepend: _SUBDIRUSE
-
-. if defined(SRCS) && !empty(SRCS)
-.depend: ${SRCS} ${_LEXINTM} ${_YACCINTM}
- @rm -f .depend
- @files="${.ALLSRC:M*.s} ${.ALLSRC:M*.S}"; \
- if [ "$$files" != " " ]; then \
- echo mkdep -a ${MKDEP} ${CFLAGS:M-std=*} ${CFLAGS:M-[ID]*}
${CPPFLAGS} ${AINC} $$files;\
- mkdep -a ${MKDEP} ${CFLAGS:M-std=*} ${CFLAGS:M-[ID]*} ${CPPFLAGS}
${AINC} $$files; \
- fi
- @files="${.ALLSRC:M*.c}"; \
- if [ "$$files" != "" ]; then \
- echo mkdep -a ${MKDEP} ${CFLAGS:M-std=*} ${CFLAGS:M-[ID]*}
${CPPFLAGS} $$files; \
- mkdep -a ${MKDEP} ${CFLAGS:M-[ID]*} ${CPPFLAGS} $$files; \
- fi
- @files="${.ALLSRC:M*.cc} ${.ALLSRC:M*.C} ${.ALLSRC:M*.cpp}"; \
- files="$$files ${.ALLSRC:M*.cxx}"; \
- if [ "$$files" != " " ]; then \
- echo CC=${CXX:Q} mkdep -a ${MKDEP} ${CXXFLAGS:M-std=*}
${CXXFLAGS:M-[ID]*} ${CPPFLAGS} $$files; \
- CC=${CXX:Q} mkdep -a ${MKDEP} ${CXXFLAGS:M-std=*} ${CXXFLAGS:M-[ID]*}
${CPPFLAGS} $$files; \
- fi
-. else
-.depend:
-. endif
-. if !target(beforedepend)
-beforedepend:
-. endif
-. if !target(afterdepend)
-afterdepend:
-. endif
+depend:
+ @:
+
+# relies on DEPS defined by bsd.lib.mk and bsd.prog.mk
+.if defined(DEPS) && !empty(DEPS)
+. for o in ${DEPS}
+ sinclude $o
+. endfor
.endif
+CFLAGS += -MD -MP
+CXXFLAGS += -MD -MP
+
+# libraries need some special love
+DFLAGS = -MT $*.o -MT $*.po -MT $*.so -MT $*.do
+
.if !target(tags)
. if defined(SRCS)
tags: ${SRCS} _SUBDIRUSE
@@ -47,16 +27,10 @@ tags:
. endif
.endif
-.if defined(SRCS)
-cleandir: cleandepend
-cleandepend:
- rm -f .depend ${.CURDIR}/tags
-.endif
+CLEANFILES += ${DEPS} .depend
BUILDFIRST ?=
BUILDAFTER ?=
.if !empty(BUILDFIRST) && !empty(BUILDAFTER)
${BUILDAFTER}: ${BUILDFIRST}
.endif
-
-.PHONY: beforedepend d
ip6_forward pf rtable change
Hi, In OpenBSD 6.0 we had the check (ip6_forward_rt.ro_tableid != m->m_pkthdr.ph_rtableid) after going to reroute in ip6_forward(). As this was lost during refactoring, now the old route is used after pf has changed the routing table. Solution is to reset the route, then it is not valid and will be reallocated. ok? bluhm Index: netinet6/ip6_forward.c === RCS file: /data/mirror/openbsd/cvs/src/sys/netinet6/ip6_forward.c,v retrieving revision 1.94 diff -u -p -r1.94 ip6_forward.c --- netinet6/ip6_forward.c 5 Feb 2017 16:04:14 - 1.94 +++ netinet6/ip6_forward.c 29 Jun 2017 14:33:28 - @@ -298,6 +298,8 @@ reroute: /* tag as generated to skip over pf_test on rerun */ m->m_pkthdr.pf.flags |= PF_TAG_GENERATED; srcrt = 1; + rtfree(rt); + rt = NULL; if_put(ifp); ifp = NULL; goto reroute;
Re: dig(1) doesn't play well with rebound(8)
nslookup also seems to get a little upset with rebound.
On 29 June 2017 at 13:13, Edgar Pettijohn wrote:
> I played with it but kept getting segfaults. So moved my version with a
> command line option to /use/local. I guess Im the only person using rebound
> and dig.
>
> Sent from BlueMail
>
> On Jun 29, 2017, 4:13 AM, at 4:13 AM, Theo Buehler
> wrote:
> >On Fri, May 26, 2017 at 08:08:08AM -0400, Ted Unangst wrote:
> >> Edgar Pettijohn wrote:
> >> > This may not be the best way to handle this, but it was the first
> >fix to
> >> > come to mind. Not sure where to put this in the manual or if its
> >even
> >> > worth documenting. Thoughts?
> >>
> >> I think this is a better fix. the user shouldn't worry about such
> >things. at
> >> least until a better path forward is determined.
> >
> >Are there any plans to revisit this?
> >
> >>
> >> Index: bin/dig/dighost.c
> >> ===
> >> RCS file: /cvs/src/usr.sbin/bind/bin/dig/dighost.c,v
> >> retrieving revision 1.15
> >> diff -u -p -r1.15 dighost.c
> >> --- bin/dig/dighost.c 28 Sep 2015 15:55:54 - 1.15
> >> +++ bin/dig/dighost.c 26 May 2017 12:03:53 -
> >> @@ -34,6 +34,8 @@
> >> #include
> >> #include
> >>
> >> +#include
> >> +
> >> #ifdef HAVE_LOCALE_H
> >> #include
> >> #endif
> >> @@ -2778,6 +2780,15 @@ recv_done(isc_task_t *task, isc_event_t
> >> isc_region_t r;
> >> isc_buffer_t *buf = NULL;
> >> #endif
> >> + static int checked_jackport;
> >> + static int jackport;
> >> +
> >> + if (!checked_jackport) {
> >> + int dnsjacking[2] = { CTL_KERN, KERN_DNSJACKPORT };
> >> + size_t portlen = sizeof(jackport);
> >> + sysctl(dnsjacking, 2, &jackport, &portlen, NULL, 0);
> >> + checked_jackport = 1;
> >> + }
> >>
> >> UNUSED(task);
> >> INSIST(!free_now);
> >> @@ -2854,6 +2865,7 @@ recv_done(isc_task_t *task, isc_event_t
> >> * sent to 0.0.0.0, :: or to a multicast addresses.
> >> * XXXMPA broadcast needs to be handled here as well.
> >> */
> >> + if (jackport == 0)
> >> if ((!isc_sockaddr_eqaddr(&query->sockaddr, &any) &&
> >> !isc_sockaddr_ismulticast(&query->sockaddr)) ||
> >> isc_sockaddr_getport(&query->sockaddr) !=
> >>
>
--
Regards,
--
Rui Ribeiro
Senior Linux Architect and Network Administrator
ISCTE-IUL
https://www.linkedin.com/pub/rui-ribeiro/16/ab8/434
Re: dig(1) doesn't play well with rebound(8)
I played with it but kept getting segfaults. So moved my version with a command
line option to /use/local. I guess Im the only person using rebound and dig.
Sent from BlueMail
On Jun 29, 2017, 4:13 AM, at 4:13 AM, Theo Buehler wrote:
>On Fri, May 26, 2017 at 08:08:08AM -0400, Ted Unangst wrote:
>> Edgar Pettijohn wrote:
>> > This may not be the best way to handle this, but it was the first
>fix to
>> > come to mind. Not sure where to put this in the manual or if its
>even
>> > worth documenting. Thoughts?
>>
>> I think this is a better fix. the user shouldn't worry about such
>things. at
>> least until a better path forward is determined.
>
>Are there any plans to revisit this?
>
>>
>> Index: bin/dig/dighost.c
>> ===
>> RCS file: /cvs/src/usr.sbin/bind/bin/dig/dighost.c,v
>> retrieving revision 1.15
>> diff -u -p -r1.15 dighost.c
>> --- bin/dig/dighost.c 28 Sep 2015 15:55:54 - 1.15
>> +++ bin/dig/dighost.c 26 May 2017 12:03:53 -
>> @@ -34,6 +34,8 @@
>> #include
>> #include
>>
>> +#include
>> +
>> #ifdef HAVE_LOCALE_H
>> #include
>> #endif
>> @@ -2778,6 +2780,15 @@ recv_done(isc_task_t *task, isc_event_t
>> isc_region_t r;
>> isc_buffer_t *buf = NULL;
>> #endif
>> + static int checked_jackport;
>> + static int jackport;
>> +
>> + if (!checked_jackport) {
>> + int dnsjacking[2] = { CTL_KERN, KERN_DNSJACKPORT };
>> + size_t portlen = sizeof(jackport);
>> + sysctl(dnsjacking, 2, &jackport, &portlen, NULL, 0);
>> + checked_jackport = 1;
>> + }
>>
>> UNUSED(task);
>> INSIST(!free_now);
>> @@ -2854,6 +2865,7 @@ recv_done(isc_task_t *task, isc_event_t
>> * sent to 0.0.0.0, :: or to a multicast addresses.
>> * XXXMPA broadcast needs to be handled here as well.
>> */
>> + if (jackport == 0)
>> if ((!isc_sockaddr_eqaddr(&query->sockaddr, &any) &&
>> !isc_sockaddr_ismulticast(&query->sockaddr)) ||
>> isc_sockaddr_getport(&query->sockaddr) !=
>>
Re: dig(1) doesn't play well with rebound(8)
On Fri, May 26, 2017 at 08:08:08AM -0400, Ted Unangst wrote:
> Edgar Pettijohn wrote:
> > This may not be the best way to handle this, but it was the first fix to
> > come to mind. Not sure where to put this in the manual or if its even
> > worth documenting. Thoughts?
>
> I think this is a better fix. the user shouldn't worry about such things. at
> least until a better path forward is determined.
Are there any plans to revisit this?
>
> Index: bin/dig/dighost.c
> ===
> RCS file: /cvs/src/usr.sbin/bind/bin/dig/dighost.c,v
> retrieving revision 1.15
> diff -u -p -r1.15 dighost.c
> --- bin/dig/dighost.c 28 Sep 2015 15:55:54 - 1.15
> +++ bin/dig/dighost.c 26 May 2017 12:03:53 -
> @@ -34,6 +34,8 @@
> #include
> #include
>
> +#include
> +
> #ifdef HAVE_LOCALE_H
> #include
> #endif
> @@ -2778,6 +2780,15 @@ recv_done(isc_task_t *task, isc_event_t
> isc_region_t r;
> isc_buffer_t *buf = NULL;
> #endif
> + static int checked_jackport;
> + static int jackport;
> +
> + if (!checked_jackport) {
> + int dnsjacking[2] = { CTL_KERN, KERN_DNSJACKPORT };
> + size_t portlen = sizeof(jackport);
> + sysctl(dnsjacking, 2, &jackport, &portlen, NULL, 0);
> + checked_jackport = 1;
> + }
>
> UNUSED(task);
> INSIST(!free_now);
> @@ -2854,6 +2865,7 @@ recv_done(isc_task_t *task, isc_event_t
> * sent to 0.0.0.0, :: or to a multicast addresses.
> * XXXMPA broadcast needs to be handled here as well.
> */
> + if (jackport == 0)
> if ((!isc_sockaddr_eqaddr(&query->sockaddr, &any) &&
> !isc_sockaddr_ismulticast(&query->sockaddr)) ||
> isc_sockaddr_getport(&query->sockaddr) !=
>
Re: unbound 1.6.4
On 2017/06/27 14:58, Stuart Henderson wrote:
> If anyone's interested in newer unbound, I have an initial diff, it's
> 750K all-in (we are currently on 1.6.1 so there are a few releases worth
> of changes) so I won't send it inline, it's at
> https://junkpile.org/unbound-1.6.4.diff
>
I had a segfault with this after running for a while but only had a
truncated coredump ("write failed: errno 14" which is EFAULT). Now
running it under gdb to see if I can catch anything, if anyone else
can do the same that might be useful.
mfi(4): Make "bioctl -R" work after hot swapping
Hi tech@,
Currently "bioctl -R" works only if disk state is "Offline" (set by
"bioctl -O") and it doesn't work for "Failed" disk.
To make it work with hot swapped disk, report unused ("unconfigured" in
MegaRAID) disk to userland, and handle it properly when rebuilding.
Notes about implementation
mfi_ioctl_disk():
to check if disk is missing, mar_pd_state in struct mfi_array shouldn't
be used. when disk is missing, it reports MFI_PD_UNCONFIG_GOOD(0x00)
which shouldn't be right. instead, check if mar_pd.mfp_id is 0x as
same as mfiutil(8) on FreeBSD.
if there is unused (MFI_PD_UNCONFIG_GOOD or MFI_PD_UNCONFIG_BAD) disk
(i.e. after hot swapping), report it to userland as "Unused" instead of
"Failed" disk.
mfi_ioctl_setstate():
to use unused disk for rebuilding, disk state must be "uncofigured good",
and must not be "foreign". then, disk must be set as global hot spare.
new functions, mfi_makegood() and mfi_makespare(), handle it before
rebuilding.
if disk state is "Offline", handle it as same as before.
rename following variables (cosmetic change),
struct mfi_pd_details *info -> struct mfi_pd_details *pd
struct mfi_pd_list*pd -> struct mfi_pd_list*pl
Index: sys/dev/ic/mfi.c
===
RCS file: /cvs/src/sys/dev/ic/mfi.c,v
retrieving revision 1.167
diff -u -p -r1.167 mfi.c
--- sys/dev/ic/mfi.c2 Feb 2017 03:47:41 - 1.167
+++ sys/dev/ic/mfi.c29 Jun 2017 08:05:23 -
@@ -1791,11 +1791,12 @@ mfi_ioctl_disk(struct mfi_softc *sc, str
struct mfi_array*ar;
struct mfi_ld_cfg *ld;
struct mfi_pd_details *pd;
+ struct mfi_pd_list *pl;
struct mfi_pd_progress *mfp;
struct mfi_progress *mp;
struct scsi_inquiry_data *inqbuf;
charvend[8+16+4+1], *vendp;
- int rv = EINVAL;
+ int i, rv = EINVAL;
int arr, vol, disk, span;
union mfi_mbox mbox;
@@ -1811,6 +1812,7 @@ mfi_ioctl_disk(struct mfi_softc *sc, str
cfg = sc->sc_cfg;
pd = malloc(sizeof *pd, M_DEVBUF, M_WAITOK);
+ pl = malloc(sizeof *pl, M_DEVBUF, M_WAITOK);
ar = cfg->mfc_array;
vol = bd->bd_volid;
@@ -1834,13 +1836,53 @@ mfi_ioctl_disk(struct mfi_softc *sc, str
/* offset disk into pd list */
disk = bd->bd_diskid % ld[vol].mlc_parm.mpa_no_drv_per_span;
- bd->bd_target = ar[arr].pd[disk].mar_enc_slot;
+
+ if (ar[arr].pd[disk].mar_pd.mfp_id == 0xU) {
+ /* disk is missing but succeed command */
+ bd->bd_status = BIOC_SDFAILED;
+ rv = 0;
+
+ /* try to find an unused disk for the target to rebuild */
+ if (mfi_mgmt(sc, MR_DCMD_PD_GET_LIST, MFI_DATA_IN, sizeof *pl,
+ pl, NULL))
+ goto freeme;
+
+ for (i = 0; i < pl->mpl_no_pd; i++) {
+ if (pl->mpl_address[i].mpa_scsi_type != 0)
+ continue;
+
+ memset(&mbox, 0, sizeof(mbox));
+ mbox.s[0] = pl->mpl_address[i].mpa_pd_id;
+ if (mfi_mgmt(sc, MR_DCMD_PD_GET_INFO, MFI_DATA_IN,
+ sizeof *pd, pd, &mbox))
+ continue;
+
+ if (pd->mpd_fw_state == MFI_PD_UNCONFIG_GOOD ||
+ pd->mpd_fw_state == MFI_PD_UNCONFIG_BAD)
+ break;
+ }
+
+ if (i == pl->mpl_no_pd)
+ goto freeme;
+ } else {
+ memset(&mbox, 0, sizeof(mbox));
+ mbox.s[0] = ar[arr].pd[disk].mar_pd.mfp_id;
+ if ((rv = mfi_mgmt(sc, MR_DCMD_PD_GET_INFO, MFI_DATA_IN,
+ sizeof *pd, pd, &mbox))) {
+ bd->bd_status = BIOC_SDINVALID;
+ goto freeme;
+ }
+ }
+
+ /* get the remaining fields */
+ bd->bd_channel = pd->mpd_enc_idx;
+ bd->bd_target = pd->mpd_enc_slot;
/* get status */
- switch (ar[arr].pd[disk].mar_pd_state){
+ switch (pd->mpd_fw_state){
case MFI_PD_UNCONFIG_GOOD:
- case MFI_PD_FAILED:
- bd->bd_status = BIOC_SDFAILED;
+ case MFI_PD_UNCONFIG_BAD:
+ bd->bd_status = BIOC_SDUNUSED;
break;
case MFI_PD_HOTSPARE: /* XXX dedicated hotspare part of array? */
@@ -1851,6 +1893,10 @@ mfi_ioctl_disk(struct mfi_softc *sc, str
bd->bd_status = BIOC_SDOFFLINE;
break;
+ case MFI_PD_FAILED:
+ bd->bd_status = BIOC_SDFAILED;
+ break;
+
case MFI_PD_REBUILD:
bd->bd_status = BIOC_SDREBUILD;
break;
@@ -1859,27 +1905,15 @@ mfi_ioctl_disk(struct mfi_softc *sc, str
vi(1): remove stub settings
Hi,
>From vi(1):
lisp [off]
(...) This option is not yet implemented.
modelines, modeline [off]
(...) This option will never be implemented.
optimize, opt [on]
(...) This option is not yet implemented
redraw, re [off]
(...) This option is not yet implemented.
slowopen, slow [off]
(...) This option is not yet implemented.
sourceany [off]
(...) This option will never be implemented.
The vi manual is long enough. It doesn't seem very helpful to keep stubs
that have been stubs for 20 years.
ok?
Index: common/main.c
===
RCS file: /cvs/src/usr.bin/vi/common/main.c,v
retrieving revision 1.39
diff -u -p -r1.39 main.c
--- common/main.c 18 Apr 2017 01:45:35 - 1.39
+++ common/main.c 23 Jun 2017 07:04:55 -
@@ -52,7 +52,7 @@ editor(GS *gp, int argc, char *argv[])
SCR *sp;
size_t len;
u_int flags;
- int ch, flagchk, lflag, secure, startup, readonly, rval, silent;
+ int ch, flagchk, secure, startup, readonly, rval, silent;
char *tag_f, *wsizearg, path[256];
static const char *optstr[3] = {
@@ -114,7 +114,7 @@ editor(GS *gp, int argc, char *argv[])
/* Parse the arguments. */
flagchk = '\0';
tag_f = wsizearg = NULL;
- lflag = secure = silent = 0;
+ secure = silent = 0;
startup = 1;
/* Set the file snapshot flag. */
@@ -163,9 +163,6 @@ editor(GS *gp, int argc, char *argv[])
case 'F': /* No snapshot. */
F_CLR(gp, G_SNAPSHOT);
break;
- case 'l': /* Set lisp, showmatch options. */
- lflag = 1;
- break;
case 'R': /* Readonly. */
readonly = 1;
break;
@@ -260,11 +257,7 @@ editor(GS *gp, int argc, char *argv[])
goto err;
{ int oargs[5], *oargp = oargs;
- if (lflag) {/* Command-line options. */
- *oargp++ = O_LISP;
- *oargp++ = O_SHOWMATCH;
- }
- if (readonly)
+ if (readonly) /* Command-line options. */
*oargp++ = O_READONLY;
if (secure)
*oargp++ = O_SECURE;
Index: common/options.c
===
RCS file: /cvs/src/usr.bin/vi/common/options.c,v
retrieving revision 1.23
diff -u -p -r1.23 options.c
--- common/options.c18 Apr 2017 01:45:35 - 1.23
+++ common/options.c23 Jun 2017 07:04:55 -
@@ -89,12 +89,6 @@ OPTLIST const optlist[] = {
{"leftright", f_reformat, OPT_0BOOL, 0},
/* O_LINES 4.4BSD */
{"lines", f_lines,OPT_NUM,OPT_NOSAVE},
-/* O_LISP 4BSD
- * XXX
- * When the lisp option is implemented, delete the OPT_NOSAVE flag,
- * so that :mkexrc dumps it.
- */
- {"lisp",f_lisp, OPT_0BOOL, OPT_NOSAVE},
/* O_LIST 4BSD */
{"list",f_reformat, OPT_0BOOL, 0},
/* O_LOCKFILES 4.4BSD
@@ -109,15 +103,6 @@ OPTLIST const optlist[] = {
{"matchtime", NULL, OPT_NUM,0},
/* O_MESG 4BSD */
{"mesg",NULL, OPT_1BOOL, 0},
-/* O_MODELINE 4BSD
- * !!!
- * This has been documented in historical systems as both "modeline"
- * and as "modelines". Regardless of the name, this option represents
- * a security problem of mammoth proportions, not to mention a stunning
- * example of what your intro CS professor referred to as the perils of
- * mixing code and data. Don't add it, or I will kill you.
- */
- {"modeline",NULL, OPT_0BOOL, OPT_NOSET},
/* O_NOPRINT 4.4BSD */
{"noprint", f_print,OPT_STR,OPT_EARLYSET},
/* O_NUMBER4BSD */
@@ -126,8 +111,6 @@ OPTLIST const optlist[] = {
{"octal", f_print,OPT_0BOOL, OPT_EARLYSET},
/* O_OPEN 4BSD */
{"open",NULL, OPT_1BOOL, 0},
-/* O_OPTIMIZE 4BSD */
- {"optimize",NULL, OPT_1BOOL, 0},
/* O_PARAGRAPHS4BSD */
{"paragraphs", f_paragraph,OPT_STR,0},
/* O_PATH4.4BSD */
@@ -140,8 +123,6 @@ OPTLIST const optlist[] = {
{"readonly",f_readonly, OPT_0BOOL, OPT_ALWAYS},
/* O_RECDIR 4.4BSD */
{"recdir", NULL, OPT_STR,0},
-/* O_REDRAW4BSD */
- {"redraw", NULL, OPT_0BOOL, 0},
/* O_REMAP 4BSD */
{"remap", NULL, OPT_1BOOL, 0},
/* O_REPORT4BSD */
@@ -168,17 +149,6 @@ OPTLIST const optlist[] = {
{"showmo
