Re: gnome, gdm problem on lenovo e14 gen2

[SP2L Tom]

Greetings.



I am experiencing exactly the same issue
although on different hardware (desktop PC):
- Motherboard AORUS B450 Pro
- CPU AMD Ryzen7 3700X 8 Core 3.59GHz
- RAM 64GB KINGSTON HyperX Predator 64GB (4x16GB CL15)

Been able to go more forward than Hrvoje reported.
Pressing alternatively F6 and F5,
whilst watching attentively the screen,
logged to Gnome, been able do achieve some actions
but that's all - generally Gnome is unusable!
Verbatim nothing is clickable.

For the time being I wotk with default fvwm...

Would be very nice to use modern
and contemporary widnow manager.



Best regards.
Tom


On 2021-05-04 13:58, Nam Nguyen wrote:

Hrvoje Popovski writes:


Problem is that when i should get login screen, gdm to ask me for user
and password, i'm getting blank grey screen ..

after moving through terminals with ctrl-alt fX, from time to time i can
get this (screenshot below)
https://kosjenka.srce.hr/~hrvoje/openbsd/gdm1.jpg
https://kosjenka.srce.hr/~hrvoje/openbsd/gdm2.jpg

in both cases, i can't click on anything in login screen ..

I'm not much of a desktop user and if someone have clue what i'm doing
wrong please tell me :)

Thanks for reporting this. I also get this with my radeon 6850 where the
screen is grey. If I switch back and forth through terminals I might
eventually get the screen to render. Nothing is clickable.

In contrast gnome works on my thinkpad x230i, which uses intel(4).




--
Ta wiadomość została sprawdzona na obecność wirusów przez oprogramowanie 
antywirusowe Avast.
https://www.avast.com/antivirus

Errors extracting ports and xenocara tarballs

[Chris Zakelj]

I'm getting an odd error trying to extract these two tarballs from 
6.9-RELEASE on a clean install.  I'm probably missing something obvious 
but don't know what.  Starting with 
https://www.openbsd.org/faq/faq5.html, I log in on the console, edit my 
non-root user, and create the directory structure:


# user mod -G wsrc czakelj
# cd /usr
# mkdir -p xenocara ports
# chgrp wsrc xenocara ports
# chmod 775 xenocara ports

So far, so good. Next I go to https://www.openbsd.org/anoncvs.html, log 
in non-root via SSH, and begin extracting:


arcbuild$ cd /usr/src
arcbuild$ tar xzf /home/czakelj/src.tar.gz
arcbuild$ tar xzf /home/czakelj/sys.tar.gz
arcbuild$ cd /usr
arcbuild$ tar xzf /home/czakelj/ports.tar.gz
tar: Access/modification time set failed on: ports: Operation not permitted

I also get that same error attempting to extract xenocara.tar.gz. 
Ideas/clues (other than "cheating" and using syspatch since I'm trying 
to learn stuff after all)?  Thanks!

Re: I can’t get veb/vport to work with vmd.

[Mike Larkin]

On Wed, May 05, 2021 at 09:04:04PM -0500, Luke Small wrote:
> There seems to be ZERO examples of using veb/vport vs bridge/vether. I am
> running 6.9 now and I substituted the bridge0 usage in vm.conf and I copied
> the hostname.vether0 into hostname.vport0 and hostname.bridge0 uses vether0
> so I used vport0 in hostname.veb0 . I used ifconfig … down for bridge0 and
> vether0 and ifconfig … up for vport0 and veb0 and ran “sh /etc/netstart
> veb0 then ran the vm of choice and it gets no internet. I reverted
> everything back and I get internet.
>
> What am I missing?
> --
> -Luke

a tcpdump and what's in your pf.conf

I can’t get veb/vport to work with vmd.

[Luke Small]

There seems to be ZERO examples of using veb/vport vs bridge/vether. I am
running 6.9 now and I substituted the bridge0 usage in vm.conf and I copied
the hostname.vether0 into hostname.vport0 and hostname.bridge0 uses vether0
so I used vport0 in hostname.veb0 . I used ifconfig … down for bridge0 and
vether0 and ifconfig … up for vport0 and veb0 and ran “sh /etc/netstart
veb0 then ran the vm of choice and it gets no internet. I reverted
everything back and I get internet.

What am I missing?
-- 
-Luke

mpv dumps core and segfaults when exiting on any video file

[Ashlen]

Usually goes something like the following after the file finishes
playing/the user exits:

$ mpv --no-config example.mkv

[ ... ]
Exiting... (End of file)
pthread_mutex_destroy on mutex with waiters!
Segmentation fault (core dumped)


Here's the backtrace.

# gdb -quiet mpv mpv.core
(no debugging symbols found)
Core was generated by `mpv'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/lib/libpthread.so.26.1...done.
Loaded symbols for /usr/lib/libpthread.so.26.1
Loaded symbols for /usr/local/bin/mpv
Reading symbols from /usr/local/lib/liblua5.1.so.5.1...done.
Loaded symbols for /usr/local/lib/liblua5.1.so.5.1
Reading symbols from /usr/lib/libm.so.10.1...done.
Loaded symbols for /usr/lib/libm.so.10.1
Reading symbols from /usr/local/lib/libcdio_paranoia.so.1.0...done.
Loaded symbols for /usr/local/lib/libcdio_paranoia.so.1.0
Reading symbols from /usr/local/lib/libcdio_cdda.so.1.0...done.
Loaded symbols for /usr/local/lib/libcdio_cdda.so.1.0
Reading symbols from /usr/local/lib/libcdio.so.1.0...done.
Loaded symbols for /usr/local/lib/libcdio.so.1.0
Reading symbols from /usr/local/lib/libiconv.so.7.0...done.
Loaded symbols for /usr/local/lib/libiconv.so.7.0
Reading symbols from /usr/local/lib/libdvdnav.so.7.2...done.
Loaded symbols for /usr/local/lib/libdvdnav.so.7.2
Reading symbols from /usr/local/lib/libdvdread.so.9.0...done.
Loaded symbols for /usr/local/lib/libdvdread.so.9.0
Reading symbols from /usr/X11R6/lib/libEGL.so.1.1...done.
Loaded symbols for /usr/X11R6/lib/libEGL.so.1.1
Reading symbols from /usr/X11R6/lib/libXdamage.so.4.0...done.
Loaded symbols for /usr/X11R6/lib/libXdamage.so.4.0
Reading symbols from /usr/X11R6/lib/libXfixes.so.6.0...done.
Loaded symbols for /usr/X11R6/lib/libXfixes.so.6.0
Reading symbols from /usr/X11R6/lib/libX11-xcb.so.2.0...done.
Loaded symbols for /usr/X11R6/lib/libX11-xcb.so.2.0
Reading symbols from /usr/X11R6/lib/libxcb-glx.so.1.1...done.
Loaded symbols for /usr/X11R6/lib/libxcb-glx.so.1.1
Reading symbols from /usr/X11R6/lib/libxcb-dri2.so.1.1...done.
Loaded symbols for /usr/X11R6/lib/libxcb-dri2.so.1.1
Reading symbols from /usr/X11R6/lib/libXxf86vm.so.6.0...done.
Loaded symbols for /usr/X11R6/lib/libXxf86vm.so.6.0
Reading symbols from /usr/X11R6/lib/libXext.so.13.0...done.
Loaded symbols for /usr/X11R6/lib/libXext.so.13.0
Reading symbols from /usr/X11R6/lib/libX11.so.17.1...done.
Loaded symbols for /usr/X11R6/lib/libX11.so.17.1
Reading symbols from /usr/X11R6/lib/libxcb.so.4.1...done.
Loaded symbols for /usr/X11R6/lib/libxcb.so.4.1
Reading symbols from /usr/X11R6/lib/libXau.so.10.0...done.
Loaded symbols for /usr/X11R6/lib/libXau.so.10.0
Reading symbols from /usr/X11R6/lib/libXdmcp.so.11.0...done.
Loaded symbols for /usr/X11R6/lib/libXdmcp.so.11.0
Reading symbols from /usr/X11R6/lib/libdrm.so.7.9...done.
Loaded symbols for /usr/X11R6/lib/libdrm.so.7.9
Reading symbols from /usr/local/lib/libavfilter.so.9.0...done.
Loaded symbols for /usr/local/lib/libavfilter.so.9.0
Reading symbols from /usr/local/lib/libswscale.so.7.0...done.
Loaded symbols for /usr/local/lib/libswscale.so.7.0
Reading symbols from /usr/local/lib/libpostproc.so.18.0...done.
Loaded symbols for /usr/local/lib/libpostproc.so.18.0
Reading symbols from /usr/local/lib/libavformat.so.21.0...done.
Loaded symbols for /usr/local/lib/libavformat.so.21.0
Reading symbols from /usr/local/lib/libavcodec.so.24.0...done.
Loaded symbols for /usr/local/lib/libavcodec.so.24.0
Reading symbols from /usr/local/lib/libavresample.so.2.0...done.
Loaded symbols for /usr/local/lib/libavresample.so.2.0
Reading symbols from /usr/local/lib/libswresample.so.3.0...done.
Loaded symbols for /usr/local/lib/libswresample.so.3.0
Reading symbols from /usr/local/lib/libavutil.so.14.0...done.
Loaded symbols for /usr/local/lib/libavutil.so.14.0
Reading symbols from /usr/X11R6/lib/libgbm.so.0.4...done.
Loaded symbols for /usr/X11R6/lib/libgbm.so.0.4
Reading symbols from /usr/local/lib/libjpeg.so.70.0...done.
Loaded symbols for /usr/local/lib/libjpeg.so.70.0
Reading symbols from /usr/local/lib/liblcms2.so.1.4...done.
Loaded symbols for /usr/local/lib/liblcms2.so.1.4
Reading symbols from /usr/local/lib/libarchive.so.11.2...done.
Loaded symbols for /usr/local/lib/libarchive.so.11.2
Reading symbols from /usr/local/lib/libass.so.3.1...done.
Loaded symbols for /usr/local/lib/libass.so.3.1
Reading symbols from /usr/X11R6/lib/libfontconfig.so.13.0...done.
Loaded symbols for /usr/X11R6/lib/libfontconfig.so.13.0
Reading symbols from /usr/lib/libexpat.so.12.0...done.
Loaded symbols for /usr/lib/libexpat.so.12.0
Reading symbols from /usr/local/lib/libharfbuzz.so.15.5...done.
Loaded symbols for /usr/local/lib/libharfbuzz.so.15.5
Reading symbols from /usr/local/lib/libgraphite2.so.2.0...done.
Loaded symbols for /usr/local/lib/libgraphite2.so.2.0
Reading symbols from /usr/local/lib/libglib-2.0.so.4201.5...done.
Loaded symbols for /usr/local/lib/libglib-2.0.so.4201.5
Reading symbols from /usr/local/lib/libintl.so.7.0...done.
Loade

fzf fails if bash isn't present or FZF_DEFAULT_COMMAND isn't set

[Ashlen]

Executing fzf without bash installed or FZF_DEFAULT_COMMAND set fails
with this output:

Command failed: set -o pipefail; command find -L . -mindepth 1 \( -path '*/\.*' 
-o -fstype 'sysfs' -o -fstype 'devfs' -o..

(the output cuts off there for some reason, even when I pipe STDERR to a file).



I know of two workarounds for this problem:

1) Install bash (it isn't pulled in as a dependency).

# pkg_add bash

2) Force the FZF_DEFAULT_COMMAND variable to the value of 'defaultCommand'
in constants.go:

$ FZF_DEFAULT_COMMAND="set -o pipefail; command find -L . -mindepth 1 \\
\( -path '*/\.*' -o -fstype 'sysfs' -o -fstype 'devfs' \\
-o -fstype 'devtmpfs' -o -fstype 'proc' \) \\
-prune -o -type f -print -o -type l -print 2> /dev/null | cut -b3-" fzf



I found the defaultCommand value here:
https://github.com/junegunn/fzf/blob/764316a53d0eb60b315f0bbcd513de58ed57a876/src/constants.go#L61



$ uname -a
OpenBSD lain.lan 6.9 GENERIC.MP#473 amd64

$ dmesg
OpenBSD 6.9 (GENERIC.MP) #473: Mon Apr 19 10:40:28 MDT 2021
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 16959827968 (16174MB)
avail mem = 16430444544 (15669MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 3.1 @ 0xc7d49000 (64 entries)
bios0: vendor LENOVO version "N2HET55W (1.38 )" date 08/24/2020
bios0: LENOVO 20QDUS
acpi0 at bios0: ACPI 6.1
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP SSDT SSDT SSDT SSDT UEFI SSDT HPET APIC MCFG ECDT SSDT 
SSDT SSDT BOOT SSDT LPIT WSMT SSDT DBGP DBG2 MSDM BATB NHLT DMAR FPDT BGRT UEFI
acpi0: wakeup devices GLAN(S4) XHC_(S3) XDCI(S4) HDAS(S4) RP01(S4) PXSX(S4) 
RP02(S4) PXSX(S4) PXSX(S4) RP04(S4) PXSX(S4) RP05(S4) PXSX(S4) RP06(S4) 
PXSX(S4) RP07(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 2399 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i7-8565U CPU @ 1.80GHz, 7432.58 MHz, 06-8e-0c
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 24MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Core(TM) i7-8565U CPU @ 1.80GHz, 1425.80 MHz, 06-8e-0c
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Core(TM) i7-8565U CPU @ 1.80GHz, 1212.50 MHz, 06-8e-0c
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Core(TM) i7-8565U CPU @ 1.80GHz, 1086.90 MHz, 06-8e-0c
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 0, core 3, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 120 pins
acpimcfg0 at acpi0
acpimcfg0: addr 0xf000, bus 0-127
acpiec0 at acpi0
acpiprt0 at acpi0: bus 0

Re: Tor Relay log warning

[Theo Buehler]

On Wed, May 05, 2021 at 08:06:09AM -0300, Matheus Coelho wrote:
> Hello List!
> 
> I have a tor relay server and in version 6.9 of openbsd the log started
> showing this message:
> 
> tor_tls_finish_handshake: Bug: For some reason, wasV2Handshake didn't get
> set. Fixing that. (on Tor 0.4.5.7 )
> 
> I suspect something related to libressl according to this post:

Yes, libressl doesn't fully support the info callback that tor
relies on to set wasV2Handshake. This will be a bit tricky to fix.
I think tor will still work, but the log spam is annoying.

> https://gitlab.torproject.org/tpo/core/tor/-/issues/40128

This post conflates many different issues, most of which should be
resolved.

> 
> it makes sense?
> 
> thanks in advance.
> --
> Matheus Coelho Torres Macedo

the 6.9 release being out....

[Ed Ahlsen-Girard]

...remember that it's time to donate what would be the price of the CD
set.

-- 

Edward Ahlsen-Girard
Ft Walton Beach, FL

Re: gnome, gdm problem on lenovo e14 gen2

[Hrvoje Popovski]

On 4.5.2021. 13:58, Nam Nguyen wrote:
> Hrvoje Popovski writes:
> 
>> Problem is that when i should get login screen, gdm to ask me for user
>> and password, i'm getting blank grey screen ..
>>
>> after moving through terminals with ctrl-alt fX, from time to time i can
>> get this (screenshot below)
>> https://kosjenka.srce.hr/~hrvoje/openbsd/gdm1.jpg
>> https://kosjenka.srce.hr/~hrvoje/openbsd/gdm2.jpg
>>
>> in both cases, i can't click on anything in login screen ..
>>
>> I'm not much of a desktop user and if someone have clue what i'm doing
>> wrong please tell me :)
> 
> Thanks for reporting this. I also get this with my radeon 6850 where the
> screen is grey. If I switch back and forth through terminals I might
> eventually get the screen to render. Nothing is clickable.
> 
> In contrast gnome works on my thinkpad x230i, which uses intel(4).
> 

Yeah, I've tried whatever I knew or found on the net, but it seems to me
that gnome or gdm or something, just doesn't work on my laptop

OpenBSD 6.9-current (GENERIC.MP) #1: Wed May  5 18:44:19 CEST 2021
hrv...@e14gen2.srce.hr:/sys/arch/amd64/compile/GENERIC.MP
real mem = 7742496768 (7383MB)
avail mem = 7492403200 (7145MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 3.2 @ 0xbf913000 (62 entries)
bios0: vendor LENOVO version "R1AET36W (1.12 )" date 03/15/2021
bios0: LENOVO 20T6000TSC
acpi0 at bios0: ACPI 6.3
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP SSDT SSDT IVRS SSDT SSDT TPM2 SSDT MSDM BATB
HPET APIC MCFG SBST WSMT VFCT SSDT CRAT CDIT FPDT SSDT SSDT SSDT BGRT
UEFI SSDT SSDT
acpi0: wakeup devices GPP3(S3) GPP4(S4) GPP5(S3) XHC0(S3) XHC1(S3)
GP19(S3) LID_(S4) SLPB(S3)
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpihpet0 at acpi0: 14318180 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD Ryzen 5 4500U with Radeon Graphics, 2370.83 MHz, 17-60-01
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,IBPB,IBRS,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu0: 32KB 64b/line 8-way I-cache, 32KB 64b/line 8-way D-cache, 512KB
64b/line 8-way L2 cache
cpu0: ITLB 64 4KB entries fully associative, 64 4MB entries fully
associative
cpu0: DTLB 64 4KB entries fully associative, 64 4MB entries fully
associative
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=1.1, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: AMD Ryzen 5 4500U with Radeon Graphics, 2370.56 MHz, 17-60-01
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,IBPB,IBRS,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu1: 32KB 64b/line 8-way I-cache, 32KB 64b/line 8-way D-cache, 512KB
64b/line 8-way L2 cache
cpu1: ITLB 64 4KB entries fully associative, 64 4MB entries fully
associative
cpu1: DTLB 64 4KB entries fully associative, 64 4MB entries fully
associative
cpu1: disabling user TSC (skew=-576239375)
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 2 (application processor)
cpu2: AMD Ryzen 5 4500U with Radeon Graphics, 2370.56 MHz, 17-60-01
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,IBPB,IBRS,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu2: 32KB 64b/line 8-way I-cache, 32KB 64b/line 8-way D-cache, 512KB
64b/line 8-way L2 cache
cpu2: ITLB 64 4KB entries fully associative, 64 4MB entries fully
associative
cpu2: DTLB 64 4KB entries fully associative, 64 4MB entries fully
associative
cpu2: disabling user TSC (skew=-576239362)
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 4 (application processor)
cpu3: AMD Ryzen 5 4500U with Radeon Graphics, 2370.57 MHz, 17-60-01
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX

Trying to understand/debug caldav vs. httpd issue

[T. Ribbrock]

Hi all,

this may be a long shot, but I'm looking for someone who can give me a
few pointers (if this is better posted to another list, please let me
know as well).

TL;DR: I am running into issues with a webdav/caldav client
connecting to a Nextcloud instance running on OpenBSD httpd, so someone
with a more intimate knowledge of httpd would probably already be a
great help.

Long story:
I have Nextcloud running on my OpenBSD server and have been doing so for
several years now without any big issues. Recently, I was trying to
connect the caldav client of a SailfishOS smartphone to this Nextcloud
instance. As this was failing, I first turned to the Sailfish community,
as other caldav clients (e.g. Android ones) connect without problems.
One result is that the Sailfish-client seems to work well with other
Nextcloud-servers (typically some Apache or Nginx on Linux), so the
problem seems to lie somewhere in the interaction between this
particular type of client (Qt) and this particular webserver (httpd).

Eventually, with the help of one of the Sailfish-community members who
is actively involved with the caldav/webdav stuff, I was able to determine
that is the initial PROFIND request that already fails. He prepared a
little Qt-program for me doing a PROPFIND in the same way as the actual
client. In addition, I have created the same in Perl and I've set up a
separate test server with a clean OpenBSD 6.8 (by now upgraded to 6.9)
install and a fresh Nextcloud 20 installation so I could a) exclude any
interference with other things running on my main server and b)
experiment freely using plain http.

Using this test set-up, I was able observer the same issues as on the
main server, which boiled down to the following:
- Using the Perl testclient, the PROPFIND always works
- Using the Qt testclient, the PROPFIND (almost) always results in a
  "400 Bad Request" response from httpd, causing the PROPFIND to fail.

Using tcpdump on the test server, I was able to determine some
differences between the two test clients:

The Perl-client seems to send both http-headers and the XML-body for the
PROPFIND in one go, gets a 401 response and then re-issues the request
with authorisation (which then succeeds).

The Qt-client sends the http-headers first in one TCP-segment (I'm not
too good on terminology...). Once that has happened, httpd already sends
back the 401 - and *then* the Qt-client sends the XML-body in a second
TCP-segment, causing the "400 Bad Request" response (I presume because
httpd is expecting new headers at this point, not a content body).

What I am now trying to figure out (and I neither know the relevant
standards nor httpd well enough to do so) is whether this is something
weird on the Qt side - or on the OpenBSD/httpd side so I can eventually
provide input to the right people to hopefully get this fixed at some
point.

As mentioned above, any pointers would be greatly appreciated, as this
has been bugging me for quite some time now. I have tcpdump traces as
well as traces from httpd (which I have recompiled with debugging
enabled on the test server) which I can provide.

Thanks in advance,

Thomas

Re: fighting amplification attack --was: Re: pf: block drop not working

[Stuart Henderson]

On 2021-05-05, Axel Rau  wrote:
>> 
>> check the table name …
>
> But even with the correct table name I had to flush states to get it working.

That is expected. A state lookup is done before parsing the ruleset.
You can try clearing states with pfctl -k but there are some issues, it
doesn't always work.

> Does anyone has a script handy to update the table to black hole dns clients 
> which repeat same query with high frequency?

This is usually best dealt with in your DNS server software e.g. by using
the rrl-* configuration in NSD, see nsd.conf(5), or "rate-limit" config
section in BIND.

Re: pf: block drop not working

[John McGuigan]

I think you've used "black_hole" and "black_whole" as table names. They
should all be the same.

John

On Wed, May 5, 2021, 5:18 AM Axel Rau  wrote:

> Hi all,
>
> in pf.conf, I have at the beginning:
> - - -
> table  persist file "/etc/pf/black_hole.txt"
> block drop in quick on $red_if from  flags any
>
> fw1# pfctl -s rules  | head -3
> block drop in quick on em2 from  to any
>
> fw1# pfctl -t black_hole -T show
> . . .
>146.168.0.0/16
> . . .
>
> But responses still going out from my ns:
>
>  0800 532: x.y.z.71.53 > 146.168.163.94.443: [udp sum ok] 1- 0/13/14(490)
> (ttl 63, id 10399, len 518)
>  0800 72: 146.168.163.94.443 > x.y.z.21.53: [no udp cksum] 1+ RRSIG?
> pizzaseo.com.(30) (ttl 249, id 3922, len 58)
>  0800 532: x.y.z.21.53 > 146.168.163.94.443: [udp sum ok] 1- 0/13/14(490)
> (ttl 63, id 38336, len 518)
>  0800 72: 146.168.163.94.443 > x.y.z.171.53: [no udp cksum] 1+ RRSIG?
> pizzaseo.com.(30) (ttl 249, id 55913, len 58)
>  0800 532: x.y.z.171.53 > 146.168.163.94.443: [udp sum ok] 1- 0/13/14(490)
> (ttl 62, id 53578, len 518)
>
>
> What is wrong in my setup?
>
> Thanks, Axel
> ---
> PGP-Key: CDE74120  ☀  computing @ chaos claudius
>
>

fighting amplification attack --was: Re: pf: block drop not working

[Axel Rau]

> Am 05.05.2021 um 13:30 schrieb Tom Smyth :
> 
> black_whole vs black_hole
> 
> check the table name …

But even with the correct table name I had to flush states to get it working.

Does anyone has a script handy to update the table to black hole dns clients 
which repeat same query with high frequency?

Thanks, Axel
---
PGP-Key: CDE74120  ☀  computing @ chaos claudius



signature.asc
Description: Message signed with OpenPGP

Re: isakmpd ignoring authentication metod

[Stuart Henderson]

On 2021-05-04, Giacomo Marconi  wrote:
> Hi all
>
> I have some openbsd boxes as vpn endpoint to a Palo Alto Pa-820.
>
> In my last VPN config (unsing 6.8) I see in the logs that isakmpd is 
> expexting RSA_SIG as authentication method, while in ipsec.conf I set the psk 
> value.

This usually means that the packets seen from the other side didn't
match your configuration (possibly a wrong IP or something) and
instead were matched by the implicit default phase 1 configuration
(which is 3DES-SHA-RSA_SIG)

If that doesn't give any clues, bump up logging in isakmpd. This
set of debug levels (worked out by studying source code) enables
most logs that are possible to do without being so noisy that
they're useless.

isakmpd_flags="-Kv -D0=29 -D1=49 -D2=10 -D3=30 -D5=20 -D6=30 -D8=30 -D9=30 
-D10=20"

Sometimes looking at captured packets is useful too. For phase 1
negotiation then just watching the network interface is usually
good

tcpdump -vvs1500 -i $interface port 500 or 4500 

(For problems with phase 2 nego you often need to enable isakmpd's
cleartext IKE packet capture via the isakmpd.fifo control socket
but you aren't that far).

Re: pf: block drop not working

[Axel Rau]

> Am 05.05.2021 um 13:30 schrieb Tom Smyth  >:
> 
> black_whole vs black_hole
> 
> check the table name …

Thanks a lot!
Axel
---
PGP-Key: CDE74120  ☀  computing @ chaos claudius



signature.asc
Description: Message signed with OpenPGP

Re: pf: block drop not working

[Tom Smyth]

black_whole vs black_hole

check the table name ...

On Wed, 5 May 2021 at 12:11, Axel Rau  wrote:
>
> Hi all,
>
> in pf.conf, I have at the beginning:
> - - -
> table  persist file "/etc/pf/black_hole.txt"
> block drop in quick on $red_if from  flags any
>
> fw1# pfctl -s rules  | head -3
> block drop in quick on em2 from  to any
>
> fw1# pfctl -t black_hole -T show
> . . .
>146.168.0.0/16
> . . .
>
> But responses still going out from my ns:
>
>  0800 532: x.y.z.71.53 > 146.168.163.94.443: [udp sum ok] 1- 0/13/14(490) 
> (ttl 63, id 10399, len 518)
>  0800 72: 146.168.163.94.443 > x.y.z.21.53: [no udp cksum] 1+ RRSIG? 
> pizzaseo.com.(30) (ttl 249, id 3922, len 58)
>  0800 532: x.y.z.21.53 > 146.168.163.94.443: [udp sum ok] 1- 0/13/14(490) 
> (ttl 63, id 38336, len 518)
>  0800 72: 146.168.163.94.443 > x.y.z.171.53: [no udp cksum] 1+ RRSIG? 
> pizzaseo.com.(30) (ttl 249, id 55913, len 58)
>  0800 532: x.y.z.171.53 > 146.168.163.94.443: [udp sum ok] 1- 0/13/14(490) 
> (ttl 62, id 53578, len 518)
>
>
> What is wrong in my setup?
>
> Thanks, Axel
> ---
> PGP-Key: CDE74120computing @ chaos claudius
>


-- 
Kindest regards,
Tom Smyth.

pf: block drop not working

[Axel Rau]

Hi all,

in pf.conf, I have at the beginning:
- - -
table  persist file "/etc/pf/black_hole.txt"
block drop in quick on $red_if from  flags any

fw1# pfctl -s rules  | head -3
block drop in quick on em2 from  to any

fw1# pfctl -t black_hole -T show
. . .
   146.168.0.0/16
. . .

But responses still going out from my ns:

 0800 532: x.y.z.71.53 > 146.168.163.94.443: [udp sum ok] 1- 0/13/14(490) (ttl 
63, id 10399, len 518)
 0800 72: 146.168.163.94.443 > x.y.z.21.53: [no udp cksum] 1+ RRSIG? 
pizzaseo.com.(30) (ttl 249, id 3922, len 58)
 0800 532: x.y.z.21.53 > 146.168.163.94.443: [udp sum ok] 1- 0/13/14(490) (ttl 
63, id 38336, len 518)
 0800 72: 146.168.163.94.443 > x.y.z.171.53: [no udp cksum] 1+ RRSIG? 
pizzaseo.com.(30) (ttl 249, id 55913, len 58)
 0800 532: x.y.z.171.53 > 146.168.163.94.443: [udp sum ok] 1- 0/13/14(490) (ttl 
62, id 53578, len 518)


What is wrong in my setup?

Thanks, Axel
---
PGP-Key: CDE74120  ☀  computing @ chaos claudius



signature.asc
Description: Message signed with OpenPGP

Tor Relay log warning

[Matheus Coelho]

Hello List!

I have a tor relay server and in version 6.9 of openbsd the log started
showing this message:

tor_tls_finish_handshake: Bug: For some reason, wasV2Handshake didn't get
set. Fixing that. (on Tor 0.4.5.7 )

I suspect something related to libressl according to this post:

https://gitlab.torproject.org/tpo/core/tor/-/issues/40128

it makes sense?

thanks in advance.
--
Matheus Coelho Torres Macedo

Re: Fwd: rethinking terminal login with security in mind

[Marc Espie]

On Wed, May 05, 2021 at 01:44:24AM +0200, Alessandro Pistocchi wrote:
> Sorry, my keyboard went crazy and the message was sent incomplete.
> 
> Continuing: normally the entry of username is immediately followed by the
> password entry.
> However, if the OS is busy for any reason between the two entries,
> character echo is still on.
> If I don't notice that, I may start typing the password before the OS stops
> echoing and so I show it
> to anybody around who cares to look.
> 
> Wouldn't it be better to have a way to turn off echoing of characters as
> soon as I entered my username,
> regardless of whether the OS is busy or not?

Not really. it's your job to pay attention. Specifically, if your OS is busy
or whatever, you just need to wait until the Password: prompt gets
displayed, because echo gets turned off *before* that prompt happens.


and the actual standard interface used won't change.

See readpassphrase(3), which does already protect you against many many
problems.

Automatically enable port forwarding on ssh session to ProxyJump target

[Paul de Weerd]

Hi all,

I'm using ProxyJump with SSH to connect to a bunch of systems behind a
jumphost:

Host jump
HostName bastion.example.tld
ProxyJump none
ControlPersist 3600
DynamicForward localhost:1080

Host *
ForwardAgent yes
ProxyJump jump
AddKeysToAgent confirm 43200
CanonicalDomains example.tld
CanonicalizeHostname yes
ServerAliveInterval 5
ServerAliveCountMax 12
ControlPath ~/.ssh/master-%r@%h:%p
ControlMaster auto

This works well: when I `ssh machine`, I get prompted for the
passphrase on my key which then gets loaded into my ssh-agent as SSH
first connects to the jump host.

Subsequently, I get asked to confirm usage of the key when ssh
connects to the target `machine` behind the jump host, and I get
logged in.

However, I would also like to use the DynamicForward to `jump` to
proxy HTTP(S) traffic.  To that end I do `ssh -O forward jump`, and
the DynamicForward is enabled.

Is there a way to tell SSH to automatically enable forwarding to the
jump host, so I don't have to `ssh -O forward jump` before using the
forwarded port?

Thanks,

Paul

-- 
>[<++>-]<+++.>+++[<-->-]<.>+++[<+
+++>-]<.>++[<>-]<+.--.[-]
 http://www.weirdnet.nl/