date:20150320

telnet not sending return

2015-03-20 Thread Fred


Hi,

Revision 1.29 to usr.bin/telnet/sys_bsd.c breaks telnet for me.

The issue is that return is not sent when entering a password, when 
connected by telnet to a device[1]. The patch below [3] reverts the 
change and telnet then works again.


This change does not solve the problem [2] that brought this change about.

I will see if I can work out a fix that solves both problems.

Cheers

Fred

[1] Cisco CP7940G IP Phone

[2] http://marc.info/?l=openbsd-bugs&m=142168911530356&w=2

[3]
Index: sys_bsd.c
===
RCS file: /cvs/src/usr.bin/telnet/sys_bsd.c,v
retrieving revision 1.29
diff -u -p -u -r1.29 sys_bsd.c
--- sys_bsd.c   12 Feb 2015 09:50:50 -  1.29
+++ sys_bsd.c   21 Mar 2015 00:23:35 -
@@ -310,6 +310,7 @@ TerminalNewMode(int f)
tmp_tc.c_lflag |= ICANON;
 } else {
tmp_tc.c_lflag &= ~ICANON;
+   tmp_tc.c_iflag &= ~ICRNL;
tmp_tc.c_cc[VMIN] = 1;
tmp_tc.c_cc[VTIME] = 0;
 }

'a' -> 'b' Blowfish minor change - examples

2015-03-20 Thread Raf Czlonka

Hi all,

Following the 'a' -> 'b' default Blowfish hash change[0], some examples
got updated[1], while others remained with the older minor 'a'.

Diffs below bring the remaining ones up to date.

I had also increased the rounds from old default of 6 to current 8
(where appropriate) and brought a couple of example command lines closer
to 80-character mark.

[0] 
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libc/crypt/bcrypt.c.diff?r1=1.40&r2=1.41
[1] 
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libc/crypt/crypt.3.diff?r1=1.35&r2=1.36

Regards,

Raf

Changes to 'src':

Index: share/man/man8/autoinstall.8
===
RCS file: /cvs/src/share/man/man8/autoinstall.8,v
retrieving revision 1.11
diff -u -p -r1.11 autoinstall.8
--- share/man/man8/autoinstall.823 Oct 2014 21:33:21 -  1.11
+++ share/man/man8/autoinstall.820 Mar 2015 21:58:09 -
@@ -152,7 +152,7 @@ A typical
 file will look something like this:
 .Bd -literal -offset indent
 System hostname = server1
-Password for root = $2a$14$Z4xRMg8vDpgYH...GVot3ySoj8yby
+Password for root = $2b$14$o8GT1EPT3YMNC...lB91R.MmlNkhS
 Change the default console to com0 = yes
 Which speed should com0 use = 19200
 Setup a user = puffy
Index: usr.bin/ssh/auth.c
===
RCS file: /cvs/src/usr.bin/ssh/auth.c,v
retrieving revision 1.110
diff -u -p -r1.110 auth.c
--- usr.bin/ssh/auth.c  25 Feb 2015 17:29:38 -  1.110
+++ usr.bin/ssh/auth.c  20 Mar 2015 21:58:21 -
@@ -631,7 +631,7 @@ fakepw(void)
memset(&fake, 0, sizeof(fake));
fake.pw_name = "NOUSER";
fake.pw_passwd =
-   "$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK";
+   "$2b$08$j3YTnoPe4yrFjUroXF4DxewuBlvOGEqx0rn0l48MZac28bmDQNi26";
fake.pw_gecos = "NOUSER";
fake.pw_uid = (uid_t)-1;
fake.pw_gid = (gid_t)-1;
Index: usr.sbin/adduser/adduser.8
===
RCS file: /cvs/src/usr.sbin/adduser/adduser.8,v
retrieving revision 1.43
diff -u -p -r1.43 adduser.8
--- usr.sbin/adduser/adduser.8  1 Oct 2014 09:56:36 -   1.43
+++ usr.sbin/adduser/adduser.8  20 Mar 2015 21:58:23 -
@@ -373,7 +373,7 @@ The password has been created using
 .Xr encrypt 1 :
 .Bd -literal -offset indent
 # adduser -batch falken guest,staff,beer 'Prof. Falken' \e
-$2a$06$1Sdjxjoxg4cNmT6zAxriGOLgdLXQ3HdJ2dKBbzEk68jSrO1EtLJ3C
+$2b$08$/lZQzXHzMBB1gwpIyC/5OOMyWfEvqdORroEA9/kwmoEgyOCLLd5fm
 .Ed
 .Pp
 Create user
Index: usr.sbin/smtpd/table.5
===
RCS file: /cvs/src/usr.sbin/smtpd/table.5,v
retrieving revision 1.4
diff -u -p -r1.4 table.5
--- usr.sbin/smtpd/table.5  4 Feb 2014 16:32:36 -   1.4
+++ usr.sbin/smtpd/table.5  20 Mar 2015 21:58:26 -
@@ -131,8 +131,8 @@ accept for any relay tls+auth://label@ho
 In a listener context, the credentials are a mapping of username and encrypted
 passwords:
 .Bd -literal -offset indent
-user1  $2a$06$hIJ4QfMcp.90nJwKqGbKM.MybArjHOTpEtoTV.DgLYAiThuoYmTSe
-user2  $2a$06$bwSmUOBGcZGamIfRuXGTvuTo3VLbPG9k5yeKNMBtULBhksV5KdGsK
+user1  $2b$08$fANRrzRweP9I5.wGoj4AfuYU7AHI7y.0PJw6L5pPPDAu2oTRfXv76
+user2  $2b$08$prHIlrDk19rmQr.GekyXUuLIMm0mkkjDhVTSioXxnXZHyiqP7oWc2
 .Ed
 .Pp
 The passwords are to be encrypted using the

and to 'www':

Index: faq/faq10.html
===
RCS file: /cvs/www/faq/faq10.html,v
retrieving revision 1.192
diff -u -p -r1.192 faq10.html
--- faq/faq10.html  13 Jan 2015 01:07:40 -  1.192
+++ faq/faq10.html  20 Mar 2015 22:53:06 -
@@ -422,7 +422,7 @@ not to remove the user's home directory.
 Enter login name for user to remove: testuser
 Matching password entry:
 
-testuser:$2a$07$ZWnBOsbqMJ.ducQBfsTKUe3PL97Ve1AHWJ0A4uLamniLNXLeYrEie:1002
+testuser:$2b$08$8YOnrz5IEssA1YBogoJafevLJZ7VXnNB192NIxVXE5Buc4k0sumde:1002
 :31::0:0:Test FAQ User:/home/testuser:/bin/ksh
 
 Is this the entry you wish to remove? y
@@ -493,14 +493,14 @@ Importantly, the passwords must be encry
 http://www.openbsd.org/cgi-bin/man.cgi?query=encrypt&sektion=1";>encrypt(1)
 utility.
 For example: OpenBSD's passwords by default use the Blowfish
-algorithm for 6 rounds.
+algorithm for 8 rounds.
 Here is an example to create an encrypted password to give to
 useradd(8).
 
 
-$ encrypt -p -b 6
+$ encrypt -p -b 8
 Enter string:
-$2a$06$YOdOZM3.4m6MObBXjeZtBOWArqC2.uRJZXUkOghbieIvSWXVJRzlq
+$2b$08$Uf4MnIxIS2YahDJxsW0xtun2HUTwRp4vxcaGvoHPpzDIMBg9d0ZK2
 
 
 
@@ -509,8 +509,8 @@ We will add the same user with the same 
 we added above, via adduser(8).
 
 
-# user add -p 
'$2a$06$YOdOZM3.4m6MObBXjeZtBOWArqC2.uRJZXUkOghbieIvSWXVJRzlq' -u 1002 \
--s /bin/ksh -c "Test FAQ User" -m -g guest testuser
+# user add -p 
'$2b$08$Uf4MnIxIS2YahDJxsW0xtun2HUTwRp4vxcaGvoHPpzDIMBg9d0ZK2' \
+-u 1002 -s /bin/ksh -c

Re: [PATCH] sync renice(8) with manpage and POSIX and other BSDs

2015-03-20 Thread Benjamin Baier

On Fri, 20 Mar 2015 10:35:07 -0600
"Todd C. Miller"  wrote:

> We do not typically document the historic usage.  However, in this
> case we might make an exception since the old and new syntax are
> semantically different (absolute vs. increment).
Up to you... The only thing i would push for, is
Index: renice.8
===
RCS file: /cvs/src/usr.bin/renice/renice.8,v
retrieving revision 1.23
diff -u -p -r1.23 renice.8
--- renice.823 May 2014 06:40:57 -  1.23
+++ renice.820 Mar 2015 18:33:24 -
@@ -131,7 +131,7 @@ utility is compliant with the
 specification,
 except the way in which processes are specified differs.
 .Pp
-The historical behavior of passing the increment as the first
+The historical behavior of passing the priority as the first
 argument is supported for backwards compatibility.
 .Sh HISTORY
 The

> I've adapted your diff as follows.
works for me. thanks.

>  - todd
> 
> Index: renice.c
> ===
> RCS file: /cvs/src/usr.bin/renice/renice.c,v
> retrieving revision 1.16
> diff -u -r1.16 renice.c
> --- renice.c  15 Nov 2013 22:20:04 -  1.16
> +++ renice.c  20 Mar 2015 16:29:05 -
> @@ -37,7 +37,7 @@
>  };
>  
>  int main(int, char **);
> -static int renice(struct renice_param *, struct renice_param *);
> +static int renice(struct renice_param *, struct renice_param *, int);
>  __dead void usage(void);
>  
>  int
> @@ -46,10 +46,9 @@
>   struct renice_param *params, *p;
>   struct passwd *pw;
>   int ch, type = PRIO_PROCESS;
> - int nflag = 0, pri = 0;
> + int absolute = 0, nflag = 0, pri = 0;
>   char *ep, *idstr;
>   const char *errstr;
> - long l;
>  
>   if (argc < 3)
>   usage();
> @@ -61,10 +60,15 @@
>  
>   /* Backwards compatibility: first arg may be priority. */
>   if (isdigit((unsigned char)argv[1][0]) ||
> - (argv[1][0] == '-' && isdigit((unsigned char)argv[1][1]))) {
> - argv[0] = "-n";
> - argc++;
> - argv--;
> + ((argv[1][0] == '+' || argv[1][0] == '-') &&
> + isdigit((unsigned char)argv[1][1]))) {
> + pri = (int)strtol(argv[1], &ep, 10);
> + if (*ep != '\0' || ep == argv[1]) {
> + warnx("invalid priority %s", argv[1]);
> + usage();
> + }
> + absolute = 1;
> + optind = 2;
>   }
>  
>   /*
> @@ -79,13 +83,15 @@
>   idstr = optarg;
>   break;
>   case 'n':
> - l = strtol(optarg, &ep, 10);
> + if (absolute) {
> + warnx("-n not allowed with historic 
> priority setting");
> + usage();
> + }
> + pri = (int)strtol(optarg, &ep, 10);
>   if (*ep != '\0' || ep == optarg) {
>   warnx("invalid increment %s", optarg);
>   usage();
>   }
> - pri = l > PRIO_MAX ? PRIO_MAX :
> - l < PRIO_MIN ? PRIO_MIN : (int)l;
>  
>   /* Set priority for previous entries? */
>   if (!nflag) {
> @@ -135,15 +141,15 @@
>   }
>   p++;
>   }
> - if (!nflag)
> + if (!nflag && !absolute)
>   usage();
> - exit(renice(params, p));
> + exit(renice(params, p, absolute));
>  }
>  
>  static int
> -renice(struct renice_param *p, struct renice_param *end)
> +renice(struct renice_param *p, struct renice_param *end, int absolute)
>  {
> - int old, errors = 0;
> + int new, old, errors = 0;
>  
>   for (; p < end; p++) {
>   errno = 0;
> @@ -153,13 +159,17 @@
>   errors++;
>   continue;
>   }
> - if (setpriority(p->type, p->id, p->pri) == -1) {
> + if (!absolute)
> + p->pri += old;
> + new = p->pri > PRIO_MAX ? PRIO_MAX :
> + p->pri < PRIO_MIN ? PRIO_MIN : p->pri;
> + if (setpriority(p->type, p->id, new) == -1) {
>   warn("setpriority: %d", p->id);
>   errors++;
>   continue;
>   }
>   printf("%d: old priority %d, new priority %d\n",
> - p->id, old, p->pri);
> + p->id, old, new);
>   }
>   return (errors);
>  }
>

Re: [PATCH] sync renice(8) with manpage and POSIX and other BSDs

2015-03-20 Thread Todd C. Miller

We do not typically document the historic usage.  However, in this
case we might make an exception since the old and new syntax are
semantically different (absolute vs. increment).  I've adapted your
diff as follows.

 - todd

Index: renice.c
===
RCS file: /cvs/src/usr.bin/renice/renice.c,v
retrieving revision 1.16
diff -u -r1.16 renice.c
--- renice.c15 Nov 2013 22:20:04 -  1.16
+++ renice.c20 Mar 2015 16:29:05 -
@@ -37,7 +37,7 @@
 };
 
 int main(int, char **);
-static int renice(struct renice_param *, struct renice_param *);
+static int renice(struct renice_param *, struct renice_param *, int);
 __dead void usage(void);
 
 int
@@ -46,10 +46,9 @@
struct renice_param *params, *p;
struct passwd *pw;
int ch, type = PRIO_PROCESS;
-   int nflag = 0, pri = 0;
+   int absolute = 0, nflag = 0, pri = 0;
char *ep, *idstr;
const char *errstr;
-   long l;
 
if (argc < 3)
usage();
@@ -61,10 +60,15 @@
 
/* Backwards compatibility: first arg may be priority. */
if (isdigit((unsigned char)argv[1][0]) ||
-   (argv[1][0] == '-' && isdigit((unsigned char)argv[1][1]))) {
-   argv[0] = "-n";
-   argc++;
-   argv--;
+   ((argv[1][0] == '+' || argv[1][0] == '-') &&
+   isdigit((unsigned char)argv[1][1]))) {
+   pri = (int)strtol(argv[1], &ep, 10);
+   if (*ep != '\0' || ep == argv[1]) {
+   warnx("invalid priority %s", argv[1]);
+   usage();
+   }
+   absolute = 1;
+   optind = 2;
}
 
/*
@@ -79,13 +83,15 @@
idstr = optarg;
break;
case 'n':
-   l = strtol(optarg, &ep, 10);
+   if (absolute) {
+   warnx("-n not allowed with historic 
priority setting");
+   usage();
+   }
+   pri = (int)strtol(optarg, &ep, 10);
if (*ep != '\0' || ep == optarg) {
warnx("invalid increment %s", optarg);
usage();
}
-   pri = l > PRIO_MAX ? PRIO_MAX :
-   l < PRIO_MIN ? PRIO_MIN : (int)l;
 
/* Set priority for previous entries? */
if (!nflag) {
@@ -135,15 +141,15 @@
}
p++;
}
-   if (!nflag)
+   if (!nflag && !absolute)
usage();
-   exit(renice(params, p));
+   exit(renice(params, p, absolute));
 }
 
 static int
-renice(struct renice_param *p, struct renice_param *end)
+renice(struct renice_param *p, struct renice_param *end, int absolute)
 {
-   int old, errors = 0;
+   int new, old, errors = 0;
 
for (; p < end; p++) {
errno = 0;
@@ -153,13 +159,17 @@
errors++;
continue;
}
-   if (setpriority(p->type, p->id, p->pri) == -1) {
+   if (!absolute)
+   p->pri += old;
+   new = p->pri > PRIO_MAX ? PRIO_MAX :
+   p->pri < PRIO_MIN ? PRIO_MIN : p->pri;
+   if (setpriority(p->type, p->id, new) == -1) {
warn("setpriority: %d", p->id);
errors++;
continue;
}
printf("%d: old priority %d, new priority %d\n",
-   p->id, old, p->pri);
+   p->id, old, new);
}
return (errors);
 }

[PATCH] sync renice(8) with manpage and POSIX and other BSDs

2015-03-20 Thread Benjamin Baier

Hello tech@,
this bugs me for a while now, so I'm sendig this diff in for consideration.
Brings renice(8) manpage and code and POSIX definition more in sync by:
- makeing the code increment the priority instead of setting it when -n is used.
- documenting the backwards compatible "set priority" option
- makeing "set priority" and -n mutually exclusive
- makeing "set priority" accept "+10" as a valid priority

Also this brings OpenBSD's renice more in sync with other BSDs.

Index: renice.8
===
RCS file: /cvs/src/usr.bin/renice/renice.8,v
retrieving revision 1.23
diff -u -p -r1.23 renice.8
--- renice.823 May 2014 06:40:57 -  1.23
+++ renice.820 Mar 2015 12:31:43 -
@@ -37,6 +37,20 @@
 .Nd alter priority of running processes
 .Sh SYNOPSIS
 .Nm renice
+.Ar priority
+.Oo
+.Op Fl g
+.Ar pgrp ...
+.Oc
+.Oo
+.Op Fl p
+.Ar pid ...
+.Oc
+.Oo
+.Op Fl u
+.Ar user ...
+.Oc
+.Nm renice
 .Fl n Ar increment
 .Oo
 .Op Fl g
@@ -131,7 +145,7 @@ utility is compliant with the
 specification,
 except the way in which processes are specified differs.
 .Pp
-The historical behavior of passing the increment as the first
+The historical behavior of passing the priority as the first
 argument is supported for backwards compatibility.
 .Sh HISTORY
 The
Index: renice.c
===
RCS file: /cvs/src/usr.bin/renice/renice.c,v
retrieving revision 1.16
diff -u -p -r1.16 renice.c
--- renice.c15 Nov 2013 22:20:04 -  1.16
+++ renice.c20 Mar 2015 12:39:55 -
@@ -37,7 +37,7 @@ struct renice_param {
 };
 
 int main(int, char **);
-static int renice(struct renice_param *, struct renice_param *);
+static int renice(struct renice_param *, struct renice_param *, int);
 __dead void usage(void);
 
 int
@@ -46,7 +46,7 @@ main(int argc, char **argv)
struct renice_param *params, *p;
struct passwd *pw;
int ch, type = PRIO_PROCESS;
-   int nflag = 0, pri = 0;
+   int nflag = 0, pri = 0, set_pri_flag = 0;
char *ep, *idstr;
const char *errstr;
long l;
@@ -61,7 +61,9 @@ main(int argc, char **argv)
 
/* Backwards compatibility: first arg may be priority. */
if (isdigit((unsigned char)argv[1][0]) ||
-   (argv[1][0] == '-' && isdigit((unsigned char)argv[1][1]))) {
+   (argv[1][0] == '-' && isdigit((unsigned char)argv[1][1])) ||
+   (argv[1][0] == '+' && isdigit((unsigned char)argv[1][1]))) {
+   set_pri_flag = 1;
argv[0] = "-n";
argc++;
argv--;
@@ -79,6 +81,10 @@ main(int argc, char **argv)
idstr = optarg;
break;
case 'n':
+   if (set_pri_flag && nflag) {
+   warnx("-n not allowed when setting 
priority");
+   usage();
+   }
l = strtol(optarg, &ep, 10);
if (*ep != '\0' || ep == optarg) {
warnx("invalid increment %s", optarg);
@@ -137,11 +143,11 @@ main(int argc, char **argv)
}
if (!nflag)
usage();
-   exit(renice(params, p));
+   exit(renice(params, p, set_pri_flag));
 }
 
 static int
-renice(struct renice_param *p, struct renice_param *end)
+renice(struct renice_param *p, struct renice_param *end, int set_priority_flag)
 {
int old, errors = 0;
 
@@ -153,6 +159,12 @@ renice(struct renice_param *p, struct re
errors++;
continue;
}
+   if (!set_priority_flag) {
+   /* increment instead of set priority */ 
+   p->pri = old + p->pri;
+   p->pri = p->pri > PRIO_MAX ? PRIO_MAX :
+   p->pri < PRIO_MIN ? PRIO_MIN : p->pri;
+   }
if (setpriority(p->type, p->id, p->pri) == -1) {
warn("setpriority: %d", p->id);
errors++;
@@ -167,7 +179,9 @@ renice(struct renice_param *p, struct re
 __dead void
 usage(void)
 {
-   fprintf(stderr, "usage: renice -n increment [[-g] pgrp ...] "
+   fprintf(stderr, "usage: renice priority [[-g] pgrp ...] "
+   "[[-p] pid ...] [[-u] user ...]\n");
+   fprintf(stderr, "   renice -n increment [[-g] pgrp ...] "
"[[-p] pid ...] [[-u] user ...]\n");
exit(1);
 }

Re: ath(4): fix WEP/WPA with AR5211

2015-03-20 Thread Reyk Floeter

OK

> On 20.03.2015, at 17:40, Stefan Sperling  wrote:
> 
> At EuroBSDCon last year Mike Larkin gave me an AR5211 ath(4) device
> which fails at WEP/WPA. For every encrypted frame it sends, a decryption
> failure shows up in netstat -W on the AP.
> 
> This diff ports a chunk from the AR5212 code which disables hardware
> WEP key table entries. This fixes the issue for me. Note that ath(4)
> uses software encryption/decryption for WEP/WPA.
> 
> ok?
> 
> Thanks for the card, Mike!
> 
> Index: ar5211.c
> ===
> RCS file: /cvs/src/sys/dev/ic/ar5211.c,v
> retrieving revision 1.46
> diff -u -p -r1.46 ar5211.c
> --- ar5211.c  12 Jul 2014 18:48:17 -  1.46
> +++ ar5211.c  20 Mar 2015 08:27:46 -
> @@ -1933,6 +1933,10 @@ ar5k_ar5211_reset_key(struct ath_hal *ha
>   for (i = 0; i < AR5K_AR5211_KEYCACHE_SIZE; i++)
>   AR5K_REG_WRITE(AR5K_AR5211_KEYTABLE_OFF(entry, i), 0);
> 
> + /* Set NULL encryption */
> + AR5K_REG_WRITE(AR5K_AR5211_KEYTABLE_TYPE(entry),
> + AR5K_AR5211_KEYTABLE_TYPE_NULL);
> +
>   return (AH_FALSE);
> }
> 
>

ath(4): fix WEP/WPA with AR5211

2015-03-20 Thread Stefan Sperling

At EuroBSDCon last year Mike Larkin gave me an AR5211 ath(4) device
which fails at WEP/WPA. For every encrypted frame it sends, a decryption
failure shows up in netstat -W on the AP.

This diff ports a chunk from the AR5212 code which disables hardware
WEP key table entries. This fixes the issue for me. Note that ath(4)
uses software encryption/decryption for WEP/WPA.

ok?

Thanks for the card, Mike!

Index: ar5211.c
===
RCS file: /cvs/src/sys/dev/ic/ar5211.c,v
retrieving revision 1.46
diff -u -p -r1.46 ar5211.c
--- ar5211.c12 Jul 2014 18:48:17 -  1.46
+++ ar5211.c20 Mar 2015 08:27:46 -
@@ -1933,6 +1933,10 @@ ar5k_ar5211_reset_key(struct ath_hal *ha
for (i = 0; i < AR5K_AR5211_KEYCACHE_SIZE; i++)
AR5K_REG_WRITE(AR5K_AR5211_KEYTABLE_OFF(entry, i), 0);
 
+   /* Set NULL encryption */
+   AR5K_REG_WRITE(AR5K_AR5211_KEYTABLE_TYPE(entry),
+   AR5K_AR5211_KEYTABLE_TYPE_NULL);
+
return (AH_FALSE);
 }

telnet not sending return

'a' -> 'b' Blowfish minor change - examples

Re: [PATCH] sync renice(8) with manpage and POSIX and other BSDs

Re: [PATCH] sync renice(8) with manpage and POSIX and other BSDs

[PATCH] sync renice(8) with manpage and POSIX and other BSDs

Re: ath(4): fix WEP/WPA with AR5211

ath(4): fix WEP/WPA with AR5211

7 matches

Site Navigation

Mail list logo

Footer information