Re: NEW: comms/gnuradio

2016-09-09 Thread noah pugsley 
On Fri, Sep 9, 2016 at 7:53 AM, Aaron Poffenberger 
wrote:

> Hello ports@,
>
> Here is a new port : comms/gnuradio
>
> Tested on: amd64.
>
> From DESCR:
>
> GNU Radio is a software development toolkit that provides signal processing
> blocks to implement software radios. It can be used with readily-available
> low-cost external RF hardware to create software-defined radios, or
> without hardware in a simulation-like environment. It is widely used in
> hobbyist, academic and commercial environments to support both wireless
> communications research and real-world radio systems.
>
> 
>
> This port is based on commits to openbsd-wip by sthen@, bentley@ and
> Aaron Bieber.
>
> I've updated the port to the latest from gnuradio (3.7.10.1).
>
> This port of gnuradio is first in a series of ports and updates to get
> the key SDR projects working on OpenBSD. I have an update for rtl-sdr
> I'll send shortly. gr-osmosdr is almost ready. I'll follow that with
> gqrx.
>
> If anyone is already working on those, please let me know.
>
> N.B., SDR on OpenBSD may require more work to be fully functional.
> sthen@ pointed out to me that our libusb doesn't support async yet.
> Still, having the software and drivers available may help in that
> regard.
>
> Cheers,
> Aaron
>

Very excited to see this. Thank you.

NEW: comms/dump1090

2016-09-09 Thread Giannis Tsaraias 
Hello.

Recently got my hands on an RTL-SDR dongle and I've been using dump1090 to track
aircrafts flying nearby.

DESCR:
dump1090 is an ADS-B Mode S decoder specifically designed for RTLSDR devices.
Currently detected aircrafts can be displayed on the terminal or on Google Maps
using an embedded HTTP server. Raw data can be sent to and received from other
clients.

OK to import? Comments?


dump1090.tar.gz
Description: application/tar-gz

CVS: cvs.openbsd.org: ports

2016-09-09 Thread Pascal Stumpf 
CVSROOT:/cvs
Module name:ports
Changes by: pas...@cvs.openbsd.org  2016/09/09 14:51:03

Modified files:
lang/gcc/6 : Makefile 
lang/gcc/6/patches: patch-gcc_config_arm_openbsd_h 
patch-gcc_config_gcc 
patch-libgcc_config_host 
lang/gcc/6/pkg : PFRAG.arm-main PLIST-java PLIST-main 
Added files:
lang/gcc/6/patches: patch-gcc_common_config_arm_arm-common_c 
patch-gcc_config_arm_openbsd1_h 
patch-libgcc_config_arm_bpabi_S 
patch-libgcc_config_arm_ieee754-df_S 
patch-libgcc_config_arm_t-openbsd 
patch-libgcc_config_arm_unwind-arm_h 

Log message:
ONLY_FOR_ARCHS+=arm

CVS: cvs.openbsd.org: ports

2016-09-09 Thread Antoine Jacoutot 
CVSROOT:/cvs
Module name:ports
Changes by: ajacou...@cvs.openbsd.org   2016/09/09 14:35:19

Modified files:
x11/gtk+2  : Makefile distinfo 
x11/gtk+2/patches: patch-gtk_Makefile_in 
x11/gtk+2/pkg  : PLIST-main 

Log message:
Update to gtk+2-2.24.31.
- drop the gettext MODULE

Re: UPDATE: comms/rtl-sdr

2016-09-09 Thread Stuart Henderson 
On 2016/09/09 10:19, Aaron Poffenberger wrote:
> Hello ports@,
> 
> Here is an upate to: comms/rtl-sdr
> 
> Tested on: amd64 and bog-standard rtl-sdr device.
> 
> 
> 
> To build gr-osmosdr we need the newer version of rtl-sdr (mostly
> definitions for newer devices). Upstream have not released a new
> version since 2014. I've changed the Makefile to pull from a specific
> github commit.
> 
> Cheers,
> Aaron
> 
> Index: Makefile
> ===
> RCS file: /cvs/ports/comms/rtl-sdr/Makefile,v
> retrieving revision 1.4
> diff -u -p -u -r1.4 Makefile
> --- Makefile  4 Mar 2016 10:11:21 -   1.4
> +++ Makefile  17 Aug 2016 19:11:39 -
> @@ -2,8 +2,12 @@
>  
>  COMMENT= software to turn RTL2832U into an SDR
>  
> -DISTNAME=rtl-sdr-0.20130412
> -REVISION=1
> +DISTNAME=rtl-sdr-0.20150516
> +REVISION=0

Remove REVISION

> +GH_ACCOUNT = steve-m
> +GH_PROJECT = librtlsdr
> +GH_COMMIT =  8b4d755ba1b889510fba30f627ee08736203070d
>  
>  SHARED_LIBS= rtlsdr 0.0

Check if ABI changed and decide whether to bump minor,
major or none - http://www.openbsd.org/faq/ports/specialtopics.html#SharedLibs

> @@ -17,9 +21,6 @@ MAINTAINER= Stuart Henderson   PERMIT_PACKAGE_CDROM=Yes
>  
>  WANTLIB += c m pthread usb-1.0
> -
> -# http://cgit.osmocom.org/rtl-sdr
> -MASTER_SITES=http://spacehopper.org/mirrors/
>  
>  MODULES= devel/cmake
>  LIB_DEPENDS= devel/libusb1
> Index: distinfo
> ===
> RCS file: /cvs/ports/comms/rtl-sdr/distinfo,v
> retrieving revision 1.1.1.1
> diff -u -p -u -r1.1.1.1 distinfo
> --- distinfo  21 Apr 2013 11:45:08 -  1.1.1.1
> +++ distinfo  17 Aug 2016 18:11:42 -
> @@ -1,2 +1,2 @@
> -SHA256 (rtl-sdr-0.20130412.tar.gz) = 
> yziYeP445KTe5VWGCLV2QSRNjTryKrgk/qvSJyCdGKU=
> -SIZE (rtl-sdr-0.20130412.tar.gz) = 112343
> +SHA256 (rtl-sdr-0.20150516.tar.gz) = 
> mwtz0Gn5ogxsS+tIB0xVvdFRuR7/c8vHcPMVfqlFxt4=
> +SIZE (rtl-sdr-0.20150516.tar.gz) = 118734
> Index: patches/patch-src_CMakeLists_txt
> ===
> RCS file: /cvs/ports/comms/rtl-sdr/patches/patch-src_CMakeLists_txt,v
> retrieving revision 1.1.1.1
> diff -u -p -u -r1.1.1.1 patch-src_CMakeLists_txt
> --- patches/patch-src_CMakeLists_txt  21 Apr 2013 11:45:08 -  1.1.1.1
> +++ patches/patch-src_CMakeLists_txt  17 Aug 2016 19:08:36 -
> @@ -1,16 +1,15 @@
> -$OpenBSD: patch-src_CMakeLists_txt,v 1.1.1.1 2013/04/21 11:45:08 sthen Exp $
>  src/CMakeLists.txt.orig  Fri Apr 12 21:51:14 2013
> -+++ src/CMakeLists.txt   Sun Apr 21 12:17:27 2013
> -@@ -101,12 +101,17 @@ target_link_libraries(rtl_adsb rtlsdr_shared
> - if(UNIX)
> +$OpenBSD$
> +--- src/CMakeLists.txt.orig  Fri May 15 17:48:37 2015
>  src/CMakeLists.txt   Wed Aug 17 14:07:14 2016
> +@@ -125,11 +125,16 @@ if(UNIX)
>   target_link_libraries(rtl_fm m)
>   target_link_libraries(rtl_adsb m)
> + target_link_libraries(rtl_power m)
>  -if(APPLE)
>  -target_link_libraries(rtl_test m)
>  -else()
>  -target_link_libraries(rtl_test m rt)
>  -endif()
> --endif()
>  +
>  +include(CheckFunctionExists)
>  +check_function_exists(clock_gettime LIBRT_LIBC_HAS_CLOCK_GETTIME)
> @@ -21,7 +20,6 @@ $OpenBSD: patch-src_CMakeLists_txt,v 1.1
>  +endif(LIBRT_LIBC_HAS_CLOCK_GETTIME)
>  +
>  +target_link_libraries(rtl_test m ${LIBRT_LIBRARIES})
> -+endif(UNIX)
> + endif()
>   
>   if(WIN32)
> - target_link_libraries(rtl_sdr libgetopt_static)
> Index: patches/patch-src_librtlsdr_c
> ===
> RCS file: /cvs/ports/comms/rtl-sdr/patches/patch-src_librtlsdr_c,v
> retrieving revision 1.1.1.1
> diff -u -p -u -r1.1.1.1 patch-src_librtlsdr_c
> --- patches/patch-src_librtlsdr_c 21 Apr 2013 11:45:08 -  1.1.1.1
> +++ patches/patch-src_librtlsdr_c 17 Aug 2016 19:07:45 -
> @@ -1,7 +1,7 @@
> -$OpenBSD: patch-src_librtlsdr_c,v 1.1.1.1 2013/04/21 11:45:08 sthen Exp $
>  src/librtlsdr.c.orig Sat Apr 13 15:00:44 2013
> -+++ src/librtlsdr.c  Sat Apr 13 15:00:50 2013
> -@@ -1340,10 +1340,12 @@ int rtlsdr_open(rtlsdr_dev_t **out_dev, uint32_t 
> index
> +$OpenBSD$
> +--- src/librtlsdr.c.orig Fri May 15 17:48:37 2015
>  src/librtlsdr.c  Wed Aug 17 13:11:47 2016
> +@@ -1476,10 +1476,12 @@ int rtlsdr_open(rtlsdr_dev_t **out_dev, uint32_t 
> index
>   r = libusb_open(device, >devh);
>   if (r < 0) {
>   libusb_free_device_list(list, 1);
> Index: pkg/PLIST
> ===
> RCS file: /cvs/ports/comms/rtl-sdr/pkg/PLIST,v
> retrieving revision 1.3
> diff -u -p -u -r1.3 PLIST
> --- pkg/PLIST 22 May 2015 11:31:11 -  1.3
> +++ pkg/PLIST 17 Aug 2016 19:08:59 -
> @@ -1,6 +1,7 @@
>  @comment $OpenBSD: PLIST,v 1.3 2015/05/22 11:31:11 ajacoutot Exp $
>  @bin bin/rtl_eeprom
>  @bin bin/rtl_fm
> +@bin bin/rtl_power

Re: Samba as DC on OpenBSD 6.0 is unusable :(

2016-09-09 Thread Jeremie Courreges-Anglas 
Jeremie Courreges-Anglas  writes:

> Ian McWilliam  writes:
>
>> Revision 1.219 / (download) - annotate - [select for diffs], Tue Apr 12 
>> 17:42:09 2016 UTC (4 months, 3 weeks ago) by jca 
>>
>> Update to samba-4.3.6
>>
>> i386 build by danj@, ok sthen@
>>
>> The changelog between 4.1.23 and 4.3.6 is too big to be described here.
>> The point of updating now is that 4.1.x won't receive updates for the
>> freshly published security advisories.  samba-4.3.8 will follow.
>
> This is indeed the commit that introduced the regression.
>
>>
>>  --without-acl-support \
>>
>> Was introduced in the 4.3.6 update just before the big Samba security update 
>> for
>>
>> CVE-2015-5370 (Multiple errors in DCE-RPC code)
>> CVE-2016-2110 (Man in the middle attacks possible with NTLMSSP)
>> CVE-2016-2111 (NETLOGON Spoofing Vulnerability)
>> CVE-2016-2112 (LDAP client and server don't enforce integrity)
>> CVE-2016-2113 (Missing TLS certificate validation)
>> CVE-2016-2114 ("server signing = mandatory" not enforced)
>> CVE-2016-2115 (SMB IPC traffic is not integrity protected)
>> CVE-2016-2118 (SAMR and LSA man in the middle attacks possible)
>>
>> Now to work out the implications of re-enabling it.
>
> It's not directly related to ACLs.  The root cause if that I stopped
> telling the build system to build ntvfs support, by
> removing --enable-selftest.  The ntvfs code was supposedly disabled by
> default last year for production builds.  The funny thing is that it
> doesn't show obvious problems at runtime, only at provisioning time.
>
> The fix below makes samba.is_ntvfs_fileserver_built() return True, and
> makes --use-ntvfs visible again in samba-tool domain provision.  There
> are other problems later.

So this enables provisioning.

But then, if you try to start samba_ad_dc with the produced smb.conf,
samba fails to start the 'smb' process, since it is not registered.
Which means that source4/smb_server/service_smb.c is not baked in, even
after adding --with-ntvfs-fileserver.

Now, what happens if we just use the default "server services" and
"dcerpc endpoint servers"?  Just comment those lines in the config, and
samba_ad_dc will start.

testparm -s says:

# Global parameters
[global]
realm = [redacted]
workgroup = [redacted]
dns forwarder = [redacted]
passdb backend = samba_dsdb
server role = active directory domain controller
rpc_server:tcpip = no
rpc_daemon:spoolssd = embedded
rpc_server:spoolss = embedded
rpc_server:winreg = embedded
rpc_server:ntsvcs = embedded
rpc_server:eventlog = embedded
rpc_server:srvsvc = embedded
rpc_server:svcctl = embedded
rpc_server:default = external
winbindd:use external pipes = true
posix:eadb = /var/samba/private/eadb.tdb
idmap config * : backend = tdb
map archive = No
map readonly = no
store dos attributes = Yes
vfs objects = dfs_samba4 acl_xattr posix_eadb

So samba automatically falls back to the appropriate vfs objects: ACLs
stored as extended attributes and extended attributes stored in tdb.
Which is pretty much what I discussed with upstream last year.  Wheee.

  $ pstree -p 93971
  -+= 1 root /sbin/init
   \-+= 93971 root /usr/local/sbin/samba -D
 |-+- 50774 root samba: task[s3fs_parent] (samba)
 | \-+= 47005 root /usr/local/sbin/smbd -D --option=server role 
check:inhibit=yes --foreground
 |   |--- 64933 root /usr/local/sbin/smbd -D --option=server role 
check:inhibit=yes --foreground
 |   |--- 73574 root /usr/local/sbin/smbd -D --option=server role 
check:inhibit=yes --foreground
 |   \--- 39362 root /usr/local/sbin/smbd -D --option=server role 
check:inhibit=yes --foreground
 |--- 42408 root samba: task[dcesrv] (samba)
 |--- 45857 root samba: task wrepl server_id[45857] (samba)
 |--- 05959 root samba: task[nbtd] (samba)
 |--- 88699 root samba: task[ldapsrv] (samba)
 |--- 83860 root samba: task[cldapd] (samba)
 |--- 72241 root samba: task[kdc] (samba)
 |--- 75053 root samba: task[dreplsrv] (samba)
 |-+- 31725 root samba: task[winbindd_parent] (samba)
 | \-+= 46653 root /usr/local/sbin/winbindd -D --option=server role 
check:inhibit=yes --foreground
 |   \--- 85593 root /usr/local/sbin/winbindd -D --option=server role 
check:inhibit=yes --foreground
 |--- 37747 root samba: task[ntp_signd] (samba)
 |--- 70158 root samba: task[kccsrv] (samba)
 |--- 50086 root samba: task[dns] (samba)
 \--- 63568 root samba: task[dnsupdate] (samba)

I have no windows machine at hand, so AD setup reports welcome.

-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

UPDATE: comms/rtl-sdr

2016-09-09 Thread Aaron Poffenberger 
Hello ports@,

Here is an upate to: comms/rtl-sdr

Tested on: amd64 and bog-standard rtl-sdr device.



To build gr-osmosdr we need the newer version of rtl-sdr (mostly
definitions for newer devices). Upstream have not released a new
version since 2014. I've changed the Makefile to pull from a specific
github commit.

Cheers,
Aaron

Index: Makefile
===
RCS file: /cvs/ports/comms/rtl-sdr/Makefile,v
retrieving revision 1.4
diff -u -p -u -r1.4 Makefile
--- Makefile4 Mar 2016 10:11:21 -   1.4
+++ Makefile17 Aug 2016 19:11:39 -
@@ -2,8 +2,12 @@
 
 COMMENT=   software to turn RTL2832U into an SDR
 
-DISTNAME=  rtl-sdr-0.20130412
-REVISION=  1
+DISTNAME=  rtl-sdr-0.20150516
+REVISION=  0
+
+GH_ACCOUNT =   steve-m
+GH_PROJECT =   librtlsdr
+GH_COMMIT =8b4d755ba1b889510fba30f627ee08736203070d
 
 SHARED_LIBS=   rtlsdr 0.0
 
@@ -17,9 +21,6 @@ MAINTAINER=   Stuart Henderson devh);
if (r < 0) {
libusb_free_device_list(list, 1);
Index: pkg/PLIST
===
RCS file: /cvs/ports/comms/rtl-sdr/pkg/PLIST,v
retrieving revision 1.3
diff -u -p -u -r1.3 PLIST
--- pkg/PLIST   22 May 2015 11:31:11 -  1.3
+++ pkg/PLIST   17 Aug 2016 19:08:59 -
@@ -1,6 +1,7 @@
 @comment $OpenBSD: PLIST,v 1.3 2015/05/22 11:31:11 ajacoutot Exp $
 @bin bin/rtl_eeprom
 @bin bin/rtl_fm
+@bin bin/rtl_power
 @bin bin/rtl_sdr
 @bin bin/rtl_test
 include/rtl-sdr.h

CVS: cvs.openbsd.org: ports

2016-09-09 Thread David Coppa 
CVSROOT:/cvs
Module name:ports
Changes by: dco...@cvs.openbsd.org  2016/09/09 08:57:33

Modified files:
security/opensc: Makefile 
security/opensc/patches: patch-src_tools_pkcs15-tool_c 

Log message:
Make pkcs15-tool --dump object formatting consistent
(upstream git commit 678f2bb1a65e5848dffc995f63e81d1f8092352f)

NEW: comms/gnuradio

2016-09-09 Thread Aaron Poffenberger 
Hello ports@,

Here is a new port : comms/gnuradio

Tested on: amd64.

>From DESCR:

GNU Radio is a software development toolkit that provides signal processing
blocks to implement software radios. It can be used with readily-available
low-cost external RF hardware to create software-defined radios, or
without hardware in a simulation-like environment. It is widely used in
hobbyist, academic and commercial environments to support both wireless
communications research and real-world radio systems.



This port is based on commits to openbsd-wip by sthen@, bentley@ and
Aaron Bieber.

I've updated the port to the latest from gnuradio (3.7.10.1).

This port of gnuradio is first in a series of ports and updates to get
the key SDR projects working on OpenBSD. I have an update for rtl-sdr
I'll send shortly. gr-osmosdr is almost ready. I'll follow that with
gqrx.

If anyone is already working on those, please let me know.

N.B., SDR on OpenBSD may require more work to be fully functional.
sthen@ pointed out to me that our libusb doesn't support async yet.
Still, having the software and drivers available may help in that
regard.

Cheers,
Aaron


gnuradio-3.7.10.1.tgz
Description: application/tar-gz

CVS: cvs.openbsd.org: ports

2016-09-09 Thread Jasper Lievisse Adriaanse 
CVSROOT:/cvs
Module name:ports
Changes by: jas...@cvs.openbsd.org  2016/09/09 06:24:45

Modified files:
devel/ctftools : Makefile 

Log message:
force LDEP on the fixed libdwarf

CVS: cvs.openbsd.org: ports

2016-09-09 Thread Jasper Lievisse Adriaanse 
CVSROOT:/cvs
Module name:ports
Changes by: jas...@cvs.openbsd.org  2016/09/09 06:25:07

Modified files:
devel/libdwarf : Makefile 

Log message:
might as well take maintainership

CVS: cvs.openbsd.org: ports

2016-09-09 Thread Jasper Lievisse Adriaanse 
CVSROOT:/cvs
Module name:ports
Changes by: jas...@cvs.openbsd.org  2016/09/09 06:20:14

Modified files:
devel/libdwarf : Makefile 
Added files:
devel/libdwarf/patches: patch-libdwarf_configure 
patch-libdwarf_dwarf_elf_access_c 

Log message:
fix some subtle breakage which manifested itself in a various ways of
ctfconvert (libdwarf) being unable to determine the relocation size
and not recognizing Elf64. this also unbreaks dwarfdump.

the 6th stage of debugging is strong with this one

Re: openvpn-2.3.11 segfaults, error "Too many levels of symbolic links"

2016-09-09 Thread Theo Buehler 
On Fri, Sep 09, 2016 at 04:17:37AM -0400, Jiri B wrote:
> Hi,
> 
> I use same openvpn config for long time but it seems recent updates (base, 
> packages)
> caused openvpn to segfault after a route add error.
> 
> Any help would be appreciated.
> 

Recent changes to libcrypto were responsible for some fallout. The
offending changes were backed out and this should be fixed with r1.35 of
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libcrypto/evp/evp_enc.c

CVSROOT:/cvs
Module name:src
Changes by: bc...@cvs.openbsd.org   2016/09/08 18:03:22

Modified files:
lib/libcrypto/evp: evp_enc.c 

Log message:
back out calls to EVP_CIPHER_CTX_cleanup() in EVP_Cipher/Encrypt/DecryptFinal

Software that refers to ctx after calling Final breaks with these changes.
revert parts of 1.31 and 1.32

Re: Samba as DC on OpenBSD 6.0 is unusable :(

2016-09-09 Thread Jeremie Courreges-Anglas 
Ian McWilliam  writes:

> Revision 1.219 / (download) - annotate - [select for diffs], Tue Apr 12 
> 17:42:09 2016 UTC (4 months, 3 weeks ago) by jca 
>
> Update to samba-4.3.6
>
> i386 build by danj@, ok sthen@
>
> The changelog between 4.1.23 and 4.3.6 is too big to be described here.
> The point of updating now is that 4.1.x won't receive updates for the
> freshly published security advisories.  samba-4.3.8 will follow.

This is indeed the commit that introduced the regression.

>
>  --without-acl-support \
>
> Was introduced in the 4.3.6 update just before the big Samba security update 
> for
>
> CVE-2015-5370 (Multiple errors in DCE-RPC code)
> CVE-2016-2110 (Man in the middle attacks possible with NTLMSSP)
> CVE-2016-2111 (NETLOGON Spoofing Vulnerability)
> CVE-2016-2112 (LDAP client and server don't enforce integrity)
> CVE-2016-2113 (Missing TLS certificate validation)
> CVE-2016-2114 ("server signing = mandatory" not enforced)
> CVE-2016-2115 (SMB IPC traffic is not integrity protected)
> CVE-2016-2118 (SAMR and LSA man in the middle attacks possible)
>
> Now to work out the implications of re-enabling it.

It's not directly related to ACLs.  The root cause if that I stopped
telling the build system to build ntvfs support, by
removing --enable-selftest.  The ntvfs code was supposedly disabled by
default last year for production builds.  The funny thing is that it
doesn't show obvious problems at runtime, only at provisioning time.

The fix below makes samba.is_ntvfs_fileserver_built() return True, and
makes --use-ntvfs visible again in samba-tool domain provision.  There
are other problems later.


Index: Makefile
===
RCS file: /cvs/ports/net/samba/Makefile,v
retrieving revision 1.227
diff -u -p -r1.227 Makefile
--- Makefile8 Jul 2016 18:39:50 -   1.227
+++ Makefile9 Sep 2016 07:09:17 -
@@ -15,6 +15,7 @@ PKGNAME-tevent =  tevent-${TEVENT_V}
 PKGNAME-util = samba-util-${VERSION}
 PKGNAME-docs = samba-docs-${VERSION}
 
+REVISION-main =0
 REVISION-ldb = 0
 REVISION-tevent =  0
 
@@ -159,7 +160,8 @@ CONFIGURE_ARGS =--enable-fhs \
--without-regedit \
--without-acl-support \
--without-libarchive \
-   --disable-rpath
+   --disable-rpath \
+   --with-ntvfs-fileserver
 
 # XXX Remember to remove --enable-developer, it prints passwords in logs.
 #CONFIGURE_ARGS += --enable-developer


-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Re: Samba as DC on OpenBSD 6.0 is unusable :(

2016-09-09 Thread Jeremie Courreges-Anglas 
Jiri B  writes:

> On Fri, Sep 09, 2016 at 08:53:20AM +0300, kasak wrote:
>
>> I think, if Theo says that we don't need acl, than we don't need acl. He
>> knows better. Keeping things simple is very secure and this is good!
>> I am very thankful to you for maintaining samba on OpenBSD! Undoubtedly ,
>> OpenBSD is now best of all OS, and fresh port of samba is what we really
>> need!
>
> But missing extattr/xattr supports is not only about ACLs, extended filesystem
> attributes are used also for other things. For example both Ceph FS and
> glusterfs keep their metadata in extended attributes, thus without this you
> cannot port such filesystems to OpenBSD :/

If the samba project can store extended attributes and ACLs "out of band"
(in tdb databases) then surely other projects can do the same.  Sadly,
even with samba, this is not what people run in production on other
OSes.  We're alone here (well, afaik).

-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

CVS: cvs.openbsd.org: ports

2016-09-09 Thread Sebastian Reitenbach 
CVSROOT:/cvs
Module name:ports
Changes by: sebas...@cvs.openbsd.org2016/09/09 04:46:15

Modified files:
sysutils/ruby-r10k: Makefile distinfo 
sysutils/ruby-r10k/pkg: PLIST 

Log message:
Update to 2.4.3, now with gettext/locale support.

OK jasper@

CVS: cvs.openbsd.org: ports

2016-09-09 Thread Sebastian Reitenbach 
CVSROOT:/cvs
Module name:ports
Changes by: sebas...@cvs.openbsd.org2016/09/09 04:44:18

Modified files:
devel/ruby-semantic_puppet: Makefile distinfo 
devel/ruby-semantic_puppet/pkg: PLIST 

Log message:
Update to 0.1.4

now needs the freshly installed ruby-gettext-setup

OK jasper@

CVS: cvs.openbsd.org: ports

2016-09-09 Thread Sebastian Reitenbach 
CVSROOT:/cvs
Module name:ports
Changes by: sebas...@cvs.openbsd.org2016/09/09 04:43:21

Modified files:
devel/ruby-puppet_forge: Makefile distinfo 
devel/ruby-puppet_forge/pkg: PLIST 

Log message:
Update to 2.2.2

now needs to freshly imported ruby-gettext-setup

OK jasper@

CVS: cvs.openbsd.org: ports

2016-09-09 Thread Sebastian Reitenbach 
CVSROOT:/cvs
Module name:ports
Changes by: sebas...@cvs.openbsd.org2016/09/09 04:42:13

Modified files:
devel/ruby-safe_yaml: Makefile distinfo 
devel/ruby-safe_yaml/pkg: PLIST 

Log message:
Update to 1.0.4

soon be used by r10k

OK jasper@

CVS: cvs.openbsd.org: ports

2016-09-09 Thread Sebastian Reitenbach 
CVSROOT:/cvs
Module name:ports
Changes by: sebas...@cvs.openbsd.org2016/09/09 04:40:41

Modified files:
devel  : Makefile 

Log message:
+ ruby-fast_gettext
+ ruby-gettext-setup

CVS: cvs.openbsd.org: ports

2016-09-09 Thread Sebastian Reitenbach 
CVSROOT:/cvs
Module name:ports
Changes by: sebas...@cvs.openbsd.org2016/09/09 04:37:00

Log message:
import ruby-gettext-setup

A Ruby gem that configures gettext for internationalization.

soon needed by r10k update.

OK jasper@

Status:

Vendor Tag: sebastia
Release Tags:   sebastia_20160909

N ports/devel/ruby-gettext-setup/distinfo
N ports/devel/ruby-gettext-setup/Makefile
N ports/devel/ruby-gettext-setup/pkg/PLIST
N ports/devel/ruby-gettext-setup/pkg/DESCR

No conflicts created by this import

CVS: cvs.openbsd.org: ports

2016-09-09 Thread Sebastian Reitenbach 
CVSROOT:/cvs
Module name:ports
Changes by: sebas...@cvs.openbsd.org2016/09/09 04:35:50

Log message:
import ruby-fast_gettext

A simple, fast, memory-efficient and threadsafe implementation of
GetText.

soon needed by r10k update

OK jasper@

Status:

Vendor Tag: sebastia
Release Tags:   sebastia_20160909

N ports/devel/ruby-fast_gettext/distinfo
N ports/devel/ruby-fast_gettext/Makefile
N ports/devel/ruby-fast_gettext/pkg/PLIST
N ports/devel/ruby-fast_gettext/pkg/DESCR

No conflicts created by this import

CVS: cvs.openbsd.org: ports

2016-09-09 Thread Sebastian Reitenbach 
CVSROOT:/cvs
Module name:ports
Changes by: sebas...@cvs.openbsd.org2016/09/09 04:32:40

Modified files:
devel/ruby-gettext: Makefile distinfo 
devel/ruby-gettext/pkg: PLIST 

Log message:
Update to 3.2.2, soon be needed by r10k update

OK jasper@

CVS: cvs.openbsd.org: ports

2016-09-09 Thread Sebastian Reitenbach 
CVSROOT:/cvs
Module name:ports
Changes by: sebas...@cvs.openbsd.org2016/09/09 04:31:50

Modified files:
textproc   : Makefile 

Log message:
+ ruby-text

CVS: cvs.openbsd.org: ports

2016-09-09 Thread Sebastian Reitenbach 
CVSROOT:/cvs
Module name:ports
Changes by: sebas...@cvs.openbsd.org2016/09/09 04:30:20

Log message:
Import ruby-text:

A collection of text algorithms: Levenshtein, Soundex, Metaphone, Double
Metaphone, Porter Stemming.

needed by the ruby-gettext update.

OK jasper@

Status:

Vendor Tag: sebastia
Release Tags:   sebastia_20160909

N ports/textproc/ruby-text/Makefile
N ports/textproc/ruby-text/distinfo
N ports/textproc/ruby-text/pkg/DESCR
N ports/textproc/ruby-text/pkg/PLIST

No conflicts created by this import

CVS: cvs.openbsd.org: ports

2016-09-09 Thread Sebastian Reitenbach 
CVSROOT:/cvs
Module name:ports
Changes by: sebas...@cvs.openbsd.org2016/09/09 04:27:46

Modified files:
devel/ruby-locale: Makefile distinfo 
devel/ruby-locale/pkg: DESCR PLIST 

Log message:
Update to 2.1.2, soon be needed by r10k update

OK jasper@

Re: openvpn-2.3.11 segfaults, error "Too many levels of symbolic links"

2016-09-09 Thread Jiri B 
~~~
#0  0x193e5bfa2973 in EVP_CIPHER_CTX_iv_length (ctx=0x193e57d3c800) at 
/usr/src/lib/libcrypto/evp/evp_lib.c:244
No locals.
#1  0x193c57809f58 in cipher_ctx_iv_length (ctx=0x193e57d3c800) at 
/home/jirib/openbsd/pobj/openvpn-2.3.11/openvpn-2.3.11/src/openvpn/crypto_openssl.c:606
No locals.
#2  0x193c57804fa6 in openvpn_encrypt (buf=0x7f7e26c0, work={capacity = 
1504, offset = 0, len = 0, data = 0x193ea7808000 ""}, opt=0x7f7e25e0, 
frame=0x7f7e2458) at 
/home/jirib/openbsd/pobj/openvpn-2.3.11/openvpn-2.3.11/src/openvpn/crypto.c:102
iv_buf = "\001\000\000\000\b\000\000\000��S��\233� "
iv_size = 6462
cipher_kt = (const cipher_kt_t *) 0x193ea78064f8
outlen = -1484758720
ctx = (struct key_ctx *) 0x193ea7806548
gc = {list = 0x0}
#3  0x193c5780e692 in encrypt_sign (c=0x7f7e1c20, comp_frag=true) at 
/home/jirib/openbsd/pobj/openvpn-2.3.11/openvpn-2.3.11/src/openvpn/forward.c:475
b = (struct context_buffers *) 0x193e8b961200
orig_buf = (const uint8_t *) 0x193ea780b800 ""
#4  0x193c5785840b in check_ping_send_dowork (c=0x7f7e1c20) at 
/home/jirib/openbsd/pobj/openvpn-2.3.11/openvpn-2.3.11/src/openvpn/ping.c:94
No locals.
#5  0x193c5780ee9d in check_ping_send (c=0x7f7e1c20) at ping-inline.h:56
No locals.
#6  0x193c5780e9f2 in process_coarse_timers (c=0x7f7e1c20) at 
/home/jirib/openbsd/pobj/openvpn-2.3.11/openvpn-2.3.11/src/openvpn/forward.c:565
No locals.
#7  0x193c5780eeec in check_coarse_timers_dowork (c=0x7f7e1c20) at 
/home/jirib/openbsd/pobj/openvpn-2.3.11/openvpn-2.3.11/src/openvpn/forward.c:574
save = {tv_sec = 604800, tv_usec = 0}
#8  0x193c578117b1 in check_coarse_timers (c=0x7f7e1c20) at 
/home/jirib/openbsd/pobj/openvpn-2.3.11/openvpn-2.3.11/src/openvpn/forward.c:589
local_now = 1473413910
#9  0x193c57811723 in pre_select (c=0x7f7e1c20) at 
/home/jirib/openbsd/pobj/openvpn-2.3.11/openvpn-2.3.11/src/openvpn/forward.c:1327
No locals.
#10 0x193c5783a644 in tunnel_point_to_point (c=0x7f7e1c20) at 
/home/jirib/openbsd/pobj/openvpn-2.3.11/openvpn-2.3.11/src/openvpn/openvpn.c:80
No locals.
#11 0x193c5783aa8b in openvpn_main (argc=3, argv=0x7f7e2938) at 
/home/jirib/openbsd/pobj/openvpn-2.3.11/openvpn-2.3.11/src/openvpn/openvpn.c:270
c = {options = {gc = {list = 0x193e71e75440}, gc_owned = true, config = 
0x7f7e2a49 "/etc/openvpn/ovpn-brq-udp-x86_64.conf", mode = 0, 
forward_compatible = false, ignore_unknown_option = 0x0, persist_config = 
false, persist_mode = 0, key_pass_file = 0x0, show_ciphers = false, 
show_digests = false, show_engines = false, show_tls_ciphers = false, genkey = 
false, ce = {proto = 1, local_port = 0, local_port_defined = false, remote_port 
= 443, local = 0x0, remote = 0x193e680499c8 "", remote_float = 
false, bind_defined = false, bind_local = false, connect_retry_seconds = 5, 
connect_retry_defined = false, connect_retry_max = 0, connect_timeout = 10, 
connect_timeout_defined = false, http_proxy_options = 0x0, socks_proxy_server = 
0x0, socks_proxy_port = 0, socks_proxy_authfile = 0x0, socks_proxy_retry = 
false, tun_mtu = 1360, tun_mtu_defined = true, tun_mtu_extra = 0, 
tun_mtu_extra_defined = false, link_mtu = 1500, link_mtu_defined = false, 
mtu_discover_type = -1, fragment = 0, mssfix = 1450, mssfix_default = false, 
explicit_exit_notification = 3, flags = 0}, remote_ip_hint = 0x0, 
connection_list = 0x0, remote_list = 0x193f07133808, force_connection_list = 
false, http_proxy_override = 0x0, rh_store = 0x0, remote_random = false, 
ipchange = 0x0, dev = 0x193f459ab1e8 "tun", dev_type = 0x0, dev_node = 0x0, 
lladdr = 0x0, topology = 3, ifconfig_local = 0x193ef49038c8 "10.40.204.156", 
ifconfig_remote_netmask = 0x193e71e75448 "255.255.252.0", ifconfig_ipv6_local = 
0x0, ifconfig_ipv6_netbits = 0, ifconfig_ipv6_remote = 0x0, ifconfig_noexec = 
false, ifconfig_nowarn = false, shaper = 0, proto_force = -1, mtu_test = false, 
mlock = false, keepalive_ping = 0, keepalive_timeout = 0, inactivity_timeout = 
0, inactivity_minimum_bytes = 0, ping_send_timeout = 30, ping_rec_timeout = 
600, ping_timer_remote = false, tun_ipv6 = false, ping_rec_timeout_action = 1, 
persist_tun = true, persist_local_ip = false, persist_remote_ip = false, 
persist_key = true, passtos = false, resolve_retry_seconds = 10, 
tuntap_options = {dummy = 0}, username = 0x193e68049be8 "_openvpn", groupname = 
0x193e68049c08 "_openvpn", chroot_dir = 0x0, cd_dir = 0x193edecc2ee8 
"/etc/openvpn", writepid = 0x0, up_script = 0x193e7cd25188 
"/etc/openvpn/ovpn-brq-udp-client.up", down_script = 0x0, user_script_used = 
true, down_pre = false, up_delay = false, up_restart = false, daemon = false, 
remap_sigusr1 = 0, inetd = 0, log = false, suppress_timestamps = false, nice = 
0, verbosity = 3, mute = 0, gremlin = 0, status_file = 0x193f08d54548 
"/tmp/ovpn-brq-upd.status", status_file_version = 3, status_file_update_freq = 
60,

CVS: cvs.openbsd.org: ports

2016-09-09 Thread David Coppa 
CVSROOT:/cvs
Module name:ports
Changes by: dco...@cvs.openbsd.org  2016/09/09 03:47:43

Modified files:
x11/kde-applications/gpgmepp: Makefile 

Log message:
Add missing rdep on devel/boost to unbreak bulk builds.

>From Caspar Schutijser

textproc/groff build system fix (maintainer patch)

2016-09-09 Thread Ingo Schwarze 
Hi,

it appears that sometimes, the textproc/groff build can fail during
the fake stage because make(1) thinks that some directories it has
to enter to install to the fake area are already "up to date", which
of course makes no sense during fake.  Jerome Ibanes  has seen this on 6.0-release:

  ===>  Faking installation for groff-1.22.3p2
  [...]
  test -z "R I B BI DESC"  || for f in ""R I B BI DESC; do  rm -f 
/usr/ports/pobj/groff-1.22.3/fake-sparc64/usr/local/share/groff/1.22.3/font/devutf8/$f;
 if test - f $f; then  /usr/ports/pobj/groff-1.22.3/bin/install -c -m 644 $f 
/usr/ports/pobj/groff-1.22.3/fake-sparc64/usr/local/share/groff/1.22.3/font/devutf8/$f;
 else /usr/ports/pobj/groff-1.22.3/bin/install -c  -m 644 ./$f 
/usr/ports/pobj/groff-1.22.3/fake-sparc64/usr/local/share/groff/1.22.3/font/devutf8/$f;
 fi; done
  [...]
  `src/utils/afmtodit' is up to date.
  `font/devpdf' is up to date.
  [...]
  ===>  Building package for groff-1.22.3p2
  Create /usr/ports/packages/sparc64/all/groff-1.22.3p2.tgz
  [...]
  Error: /usr/ports/pobj/groff-1.22.3/fake-sparc64/usr/local/bin/afmtodit
 does not exist
  Error: /usr/ports/pobj/groff-1.22.3/fake-sparc64/usr/local/bin/chem
 does not exist
  [...]

Even though i did not manage to reproduce, from code inspection,
it is obvious that this may in principle happen:  $(ALLDIRS) are
marked .PHONY, but $(OTHERDIRS) are not.  So i'd like to commit the
following patch.  Jerome confirmed that it resolves the issue for
him.

Where this patch is needed, the package did not build at all, and
where it isn't, it doesn't change package content, so no bump is
needed.  The patch was regenerated with update-patches, so it
contains some trivial changes, too.

OK to commit?

Reporting upstream is not needed because in the -current version,
which will be the basis of the next upstream release, upstream
completely changed the build system, switching to automake.

Yours,
  Ingo


Index: patches/patch-Makefile_in
===
RCS file: /cvs/ports/textproc/groff/patches/patch-Makefile_in,v
retrieving revision 1.6
diff -u -p -r1.6 patch-Makefile_in
--- patches/patch-Makefile_in   7 Nov 2014 17:10:36 -   1.6
+++ patches/patch-Makefile_in   9 Sep 2016 09:31:25 -
@@ -1,8 +1,10 @@
 $OpenBSD: patch-Makefile_in,v 1.6 2014/11/07 17:10:36 schwarze Exp $
 chunk 1: Install preformatted manuals, not source pages (local change).
-chunk 2: src/devices/gropdf depends on arch/misc (to be submitted upstream).
+chunk 2: src/devices/gropdf depends on arch/misc.
+chunk 3: avoid bogus "is up to date" during fake.
+Regarding chunks 2 & 3, current upstream code is completely different now.
 --- Makefile.in.orig   Tue Nov  4 09:38:35 2014
-+++ Makefile.inFri Nov  7 17:30:00 2014
 Makefile.inThu Sep  8 22:27:19 2016
 @@ -253,15 +253,15 @@ manroot=$(mandir)
  
  # `man1ext' is the man section for user commands.
@@ -22,12 +24,21 @@ chunk 2: src/devices/gropdf depends on a
  
  # `dist' target is disallowed in some `configure' combinations.
  doc_dist_target_ok=@doc_dist_target_ok@
-@@ -895,6 +895,8 @@ $(GNULIBDIRS): FORCE
-   || eval $$srcdir/configure "$$args" --srcdir=$$srcdir; \
+@@ -896,6 +896,8 @@ $(GNULIBDIRS): FORCE
  $(MAKE) ACLOCAL=: AUTOCONF=: AUTOHEADER=: AUTOMAKE=: $(do) ;; \
esac
-+
-+$(SHPROGDIRS): $(PROGDEPDIRS)
  
++$(SHPROGDIRS): $(PROGDEPDIRS)
++
  $(OTHERDIRS): $(PROGDEPDIRS) $(CCPROGDIRS) $(CPROGDIRS) $(SHPROGDIRS)
  
+ $(INCDIRS) $(PROGDEPDIRS) $(SHPROGDIRS) $(OTHERDIRS): FORCE
+@@ -964,7 +966,7 @@ dist:
+ # refer lookbib indxbib lkbib: libbib
+ # $(LIBDIRS) $(PROGDIRS): include
+ 
+-.PHONY: $(ALLDIRS) dot $(TARGETS) FORCE
++.PHONY: $(ALLDIRS) $(OTHERDIRS) dot $(TARGETS) FORCE
+ 
+ # Create a Makefile in $(subdir).  This is useful for development since it
+ # avoids running make recursively.

Re: Samba as DC on OpenBSD 6.0 is unusable :(

2016-09-09 Thread Jiri B 
On Fri, Sep 09, 2016 at 08:53:20AM +0300, kasak wrote:

> I think, if Theo says that we don't need acl, than we don't need acl. He
> knows better. Keeping things simple is very secure and this is good!
> I am very thankful to you for maintaining samba on OpenBSD! Undoubtedly ,
> OpenBSD is now best of all OS, and fresh port of samba is what we really
> need!

But missing extattr/xattr supports is not only about ACLs, extended filesystem
attributes are used also for other things. For example both Ceph FS and
glusterfs keep their metadata in extended attributes, thus without this you
cannot port such filesystems to OpenBSD :/

j.

openvpn-2.3.11 segfaults, error "Too many levels of symbolic links"

2016-09-09 Thread Jiri B 
Hi,

I use same openvpn config for long time but it seems recent updates (base, 
packages)
caused openvpn to segfault after a route add error.

Any help would be appreciated.

j.

openvpn-2.3.11
OpenBSD 6.0-current (GENERIC.MP) #2421: Mon Sep  5 07:50:28 MDT 2016

~~~
# openvpn --config /etc/openvpn/ovpn-brq-udp-x86_64.conf
Fri Sep  9 09:53:55 2016 OpenVPN 2.3.11 x86_64-unknown-openbsd6.0 [SSL 
(OpenSSL)] [LZO] [MH] [IPv6] built on Sep  3 2016
Fri Sep  9 09:53:55 2016 library versions: LibreSSL 2.5.0, LZO 2.09
Enter Auth Username:jbelka
Enter Auth Password:
Fri Sep  9 09:54:09 2016 WARNING: No server certificate verification method has 
been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Fri Sep  9 09:54:09 2016 NOTE: the current --script-security setting may allow 
this configuration to call user-defined scripts
Fri Sep  9 09:54:09 2016 PLUGIN_INIT: POST 
/usr/local/lib/openvpn/plugins/openvpn-plugin-down-root.so 
'[/usr/local/lib/openvpn/plugins/openvpn-plugin-down-root.so] 
[/etc/openvpn/ovpn-brq-udp-client.down]' intercepted=PLUGIN_UP|PLUGIN_DOWN
Fri Sep  9 09:54:09 2016 WARNING: normally if you use --mssfix and/or 
--fragment, you should also set --tun-mtu 1500 (currently it is 1360)
Fri Sep  9 09:54:09 2016 Socket Buffers: R=[41600->41600] S=[9216->9216]
Fri Sep  9 09:54:09 2016 NOTE: UID/GID downgrade will be delayed because of 
--client, --pull, or --up-delay
Fri Sep  9 09:54:09 2016 UDPv4 link local: [undef]
Fri Sep  9 09:54:09 2016 UDPv4 link remote: [AF_INET]:443
Fri Sep  9 09:54:09 2016 TLS: Initial packet from [AF_INET]:443, 
sid=75faf7af 81d7f0cc
Fri Sep  9 09:54:13 2016 VERIFY OK: depth=1, C=US, ST=North Carolina, 
L=Raleigh, O=Example, Inc., OU=IS, CN=Example IS CA, 
emailAddress=sysadmin-...@example.com
Fri Sep  9 09:54:13 2016 VERIFY OK: depth=0, C=US, ST=North Carolina, 
O=Example, Inc., OU=Information Technology, CN=ovpn-brq.example.com, 
emailAddress=serviced...@example.com
Fri Sep  9 09:54:17 2016 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized 
with 256 bit key
Fri Sep  9 09:54:17 2016 Data Channel Encrypt: Using 160 bit message hash 
'SHA1' for HMAC authentication
Fri Sep  9 09:54:17 2016 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized 
with 256 bit key
Fri Sep  9 09:54:17 2016 Data Channel Decrypt: Using 160 bit message hash 
'SHA1' for HMAC authentication
Fri Sep  9 09:54:17 2016 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 
DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Fri Sep  9 09:54:17 2016 [ovpn-brq.example.com] Peer Connection Initiated with 
[AF_INET]:443
Fri Sep  9 09:54:19 2016 SENT CONTROL [ovpn-brq.example.com]: 'PUSH_REQUEST' 
(status=1)
Fri Sep  9 09:54:19 2016 PUSH: Received control message: 
'PUSH_REPLY,route-gateway 10.40.204.1,route 10.0.0.0 255.0.0.0,dhcp-option DNS 
10.38.5.26,dhcp-option DNS 10.35.255.14,dhcp-option DOMAIN example.com,ping 
30,ping-exit 600,explicit-exit-notify 3,topology subnet,ifconfig 10.40.204.138 
255.255.252.0'
Fri Sep  9 09:54:19 2016 OPTIONS IMPORT: timers and/or timeouts modified
Fri Sep  9 09:54:19 2016 OPTIONS IMPORT: explicit notify parm(s) modified
Fri Sep  9 09:54:19 2016 OPTIONS IMPORT: --ifconfig/up options modified
Fri Sep  9 09:54:19 2016 OPTIONS IMPORT: route options modified
Fri Sep  9 09:54:19 2016 OPTIONS IMPORT: route-related options modified
Fri Sep  9 09:54:19 2016 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option 
options modified
Fri Sep  9 09:54:19 2016 ROUTE_GATEWAY 192.168.100.1
Fri Sep  9 09:54:19 2016 TUN/TAP device /dev/tun0 opened
Fri Sep  9 09:54:19 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Fri Sep  9 09:54:19 2016 /sbin/ifconfig tun0 10.40.204.138 10.40.204.138 mtu 
1360 netmask 255.255.252.0 up
Fri Sep  9 09:54:20 2016 /sbin/route add -net 10.40.204.0 10.40.204.138 
-netmask 255.255.252.0
add net 10.40.204.0: gateway 10.40.204.138
Fri Sep  9 09:54:20 2016 PLUGIN_CALL: POST 
/usr/local/lib/openvpn/plugins/openvpn-plugin-down-root.so/PLUGIN_UP status=0
Fri Sep  9 09:54:20 2016 /etc/openvpn/ovpn-brq-udp-client.up tun0 1360 1417 
10.40.204.138 255.255.252.0 init
OpenVPN run:
Opening socket /var/pdnsd/pdnsd.status
Succeeded
Fri Sep  9 09:54:20 2016 /sbin/route add -net 10.0.0.0 10.40.204.1 -netmask 
255.0.0.0
add net 10.0.0.0: gateway 10.40.204.1: Too many levels of symbolic links
Fri Sep  9 09:54:20 2016 ERROR: OpenBSD/NetBSD route add command failed: 
external program exited with error status: 1
Fri Sep  9 09:54:20 2016 GID set to _openvpn
Fri Sep  9 09:54:20 2016 UID set to _openvpn
Fri Sep  9 09:54:20 2016 Initialization Sequence Completed
Segmentation fault
~~~

dmesg

~~~
OpenBSD 6.0-current (GENERIC.MP) #2421: Mon Sep  5 07:50:28 MDT 2016
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 12540866560 (11959MB)
avail mem = 12156301312 (11593MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xdcd3d000 (62 entries)
bios0: vendor LENOVO version "GJET79WW (2.29 )" date 09/03/2014

CVS: cvs.openbsd.org: ports

2016-09-09 Thread Antoine Jacoutot 
CVSROOT:/cvs
Module name:ports
Changes by: ajacou...@cvs.openbsd.org   2016/09/09 01:30:44

Modified files:
sysutils/awscli: Makefile distinfo 

Log message:
Update to awscli-1.10.63.

CVS: cvs.openbsd.org: ports

2016-09-09 Thread Antoine Jacoutot 
CVSROOT:/cvs
Module name:ports
Changes by: ajacou...@cvs.openbsd.org   2016/09/09 01:30:28

Modified files:
net/py-botocore: Makefile distinfo 

Log message:
Update to py-botocore-1.4.53.

CVS: cvs.openbsd.org: ports

2016-09-09 Thread Antoine Jacoutot 
CVSROOT:/cvs
Module name:ports
Changes by: ajacou...@cvs.openbsd.org   2016/09/09 01:25:51

Modified files:
security/gnutls: Tag: OPENBSD_6_0 Makefile distinfo 

Log message:
SECURITY update to gnutls-3.4.15.
- GnuTLS-SA-2016-3
- http://lists.gnutls.org/pipermail/gnutls-devel/2016-September/008146.html

CVS: cvs.openbsd.org: ports

2016-09-09 Thread Antoine Jacoutot 
CVSROOT:/cvs
Module name:ports
Changes by: ajacou...@cvs.openbsd.org   2016/09/09 01:24:48

Modified files:
security/gnutls: Makefile distinfo 

Log message:
SECURITY update to gnutls-3.4.15.
- GnuTLS-SA-2016-3
- http://lists.gnutls.org/pipermail/gnutls-devel/2016-September/008146.html

CVS: cvs.openbsd.org: ports

2016-09-09 Thread Jasper Lievisse Adriaanse 
CVSROOT:/cvs
Module name:ports
Changes by: jas...@cvs.openbsd.org  2016/09/09 00:41:25

Modified files:
misc/portroach : Makefile 
Added files:
misc/portroach/patches: patch-Portroach_SiteHandler_GitHub_pm 

Log message:
apply patch from upstream "try harder to make sense of github"

reminded by juanfra@

Re: Samba as DC on OpenBSD 6.0 is unusable :(

2016-09-09 Thread Ian McWilliam 
Revision 1.219 / (download) - annotate - [select for diffs], Tue Apr 12 
17:42:09 2016 UTC (4 months, 3 weeks ago) by jca 

Update to samba-4.3.6

i386 build by danj@, ok sthen@

The changelog between 4.1.23 and 4.3.6 is too big to be described here.
The point of updating now is that 4.1.x won't receive updates for the
freshly published security advisories.  samba-4.3.8 will follow.


 --without-acl-support \

Was introduced in the 4.3.6 update just before the big Samba security update for

CVE-2015-5370 (Multiple errors in DCE-RPC code)
CVE-2016-2110 (Man in the middle attacks possible with NTLMSSP)
CVE-2016-2111 (NETLOGON Spoofing Vulnerability)
CVE-2016-2112 (LDAP client and server don't enforce integrity)
CVE-2016-2113 (Missing TLS certificate validation)
CVE-2016-2114 ("server signing = mandatory" not enforced)
CVE-2016-2115 (SMB IPC traffic is not integrity protected)
CVE-2016-2118 (SAMR and LSA man in the middle attacks possible)

Now to work out the implications of re-enabling it.


Ian McWilliam


From: owner-po...@openbsd.org [owner-po...@openbsd.org] on behalf of kasak 
[ka...@kasakoff.net]
Sent: Friday, 9 September 2016 3:54 PM
Cc: ports@openbsd.org
Subject: Re: Samba as DC on OpenBSD 6.0 is unusable :(

09.09.2016 02:48, Ian McWilliam пишет:
> Have you tried
>
> vfs objects = xattr_tdb
>
> This will use a tdb database for storing extended attributes.
>
>
> Ian McWilliam
>
> 
> From: owner-po...@openbsd.org [owner-po...@openbsd.org] on behalf of Jeremie 
> Courreges-Anglas [j...@wxcvbn.org]
> Sent: Friday, 9 September 2016 7:01 AM
> To: kasak
> Cc: ports@openbsd.org
> Subject: Re: Samba as DC on OpenBSD 6.0 is unusable :(
>
> samba port maintainer here,
>
> kasak  writes:
>
>> Maybe I am doing something wrong ?
>>
>> I have tried to provision domain and got error that samba was compiled
>> without acl support.
>>
>> On some forums I found advice to use "--use-ntvfs" option when provisioning.
>>
>> But it appeared that samba-tool doesn't know about this option:
>>
>> $ doas samba-tool domain provision --use-ntvfs
>> Usage: samba-tool domain provision [options]
>>
>> samba-tool domain provision: error: no such option: --use-ntvfs
>>
>> I think this option was deprecated in new versions of samba, but i was
>> not able to find information about it.
> No idea what went wrong in the last updates.  IIUC it's just a matter of
> fixing domain provisioning, which used to work fine.  I'll take a look
> at this soon(tm).
>
>> So, is it really possible to use OpenBSD as a DC?
> Everything is possible, but our lack of ACLs and extended attributes
> make OpenBSD a poor choice for samba, even if upstream supports backends
> that don't suffer these limitations.  From my POV, net/samba is here
> first for simple file sharing and client libraries support.
>
> --
> jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE
>
It did not help