Re: patch unveil fail

2023-10-25 Thread Florian Obser
reads correct, OK florian On 2023-10-25 13:38 +02, Alexander Bluhm wrote: > Hi, > > Since 7.4 patch(1) does not work if an explicit patchfile is given on > command line. > > https://marc.info/?l=openbsd-cvs&m=168941770509379&w=2 > > root@ot14:.../~# patch /usr/src/usr.bin/patch/patch.c patch-unve

Re: relayd does not delete control socket on shutdown

2023-10-21 Thread Florian Obser
On 2023-10-21 14:49 +03, Kapetanakis Giannis wrote: > Rev 1.140 by florian@ seems to have changed that. > > Do not try to unlink the control socket in an unprivileged child > process on shutdown. > Found while working ontame(2) . > OK benno@ > Which was 8 years ago

Re: sysupgrade: omit default sets answer

2023-09-29 Thread Florian Obser
On 2023-09-29 14:41 UTC, Klemens Nanni wrote: > The response file contains only to non-defaults, except for > Set name(s)? (or 'abort' or 'done') [done] done > > which is the hardcoded default since 2009: > ask "Set name(s)? (or 'abort' or 'done')" done > > We pass it since r1.

Re: patch: partially fix interactive mode

2023-07-19 Thread Florian Obser
OK florian On 2023-07-19 13:17 +02, Theo Buehler wrote: > The addition of unveil broke interactive mode since ask() assumes the > default answer if it fails to open _PATH_TTY. Questions are only asked > if neither force nor batch mode is activated, so condition on those. > > It seams cleaner to d

Re: Remove ENGINE use from relayd

2023-07-13 Thread Florian Obser
I for one welcome our new relayd maintainer!

patch(1): don't run off the end in num_components.

2023-07-12 Thread Florian Obser
Found with afl, if path ends in '/', num_components will run off the end of the string. OK? (this is on top of tb's fix on bugs but should be independent and not cause conflicts.) diff --git pch.c pch.c index 63543a609fb..8c58dc9ffe5 100644 --- pch.c +++ pch.c @@ -1484,7 +1484,8 @@ num_component

patch(1): basename(3) can fail

2023-07-12 Thread Florian Obser
So I was sufficiently bored during breakfast and decided to run afl against patch... basename(3) can fail thusly: ERRORS The following error codes may be set in errno: [ENAMETOOLONG] The path component to be returned was larger than PATH_MAX. and then strlen

Re: httpd: use the host name in SERVER_NAME

2023-06-30 Thread Florian Obser
On 2023-06-30 10:46 +02, Omar Polo wrote: > On 2023/06/29 23:43:25 +0200, Omar Polo wrote: >> On 2023/06/29 19:55:52 +0200, Florian Obser wrote: >> > I'm worried that we pass un-sanitized input through to fcgi. >> > Of course we are passing *a lot* of un-sanitize

Re: httpd: use the host name in SERVER_NAME

2023-06-29 Thread Florian Obser
On 2023-06-19 18:27 +02, Omar Polo wrote: > currently httpd uses the name specified in the config `server' block > which is not guaranteed to be a valid hostname. > > quoting rfc3875: > >The SERVER_NAME variable MUST be set to the name of the server host >to which the client request is dir

Re: relayd: fix route handling for IPv6

2023-06-29 Thread Florian Obser
On 2023-06-29 15:03 +02, Claudio Jeker wrote: > Once again struct sockaddr_in6 causes 64bit systems to cry. This time in > relayd. You can not statically setup a route message and think it will > work. All our routing daemons switched to iov for building the route > message out of various componen

acme-client(8): preliminary support for HiCA

2023-06-08 Thread Florian Obser
OK? p.s. I'm currently busy writing an ISC licensed bash in rust to safely support HiCA. So this might take a while... diff --git http.c http.c index b7cead5fb2d..a644769ddd1 100644 --- http.c +++ http.c @@ -335,14 +335,14 @@ http_open(const struct http *http, int headreq, const void *p, size_

nsd 4.7.0

2023-06-07 Thread Florian Obser
tests, OKs? diff --git Makefile.bsd-wrapper Makefile.bsd-wrapper index f5042fc31b4..72ad47b382f 100644 --- Makefile.bsd-wrapper +++ Makefile.bsd-wrapper @@ -21,8 +21,7 @@ CONFIGURE_OPTS= --prefix=/usr \ --with-xfrdir=${CHROOTDIR}/run/xfr \ --with-xfrdfile=${CH

Re: Installer: use $(

2023-05-24 Thread Florian Obser
makes sense to me, OK florian fwiw On 2023-05-24 08:05 -06, Todd C. Miller wrote: > On Tue, 23 May 2023 22:22:04 -, Klemens Nanni wrote: > >> I'm pointing this out because the error message we'd get provides less >> information with your diff: >> >> $ echo $(cat /nope) 2>/dev/null >>

Re: remove net.inet6.ip6.soiikey from userland

2023-05-20 Thread Florian Obser
On 2023-05-20 19:37 +02, Paul de Weerd wrote: > On Sat, May 20, 2023 at 05:33:11PM +0200, Florian Obser wrote: > | In case this turns out to be useful for unlocking work in the kernel. > | > | It's a minimum diff, if we want to go this way we probably want to move > | i

remove net.inet6.ip6.soiikey from userland

2023-05-20 Thread Florian Obser
In case this turns out to be useful for unlocking work in the kernel. It's a minimum diff, if we want to go this way we probably want to move init_soiikey() to the engine process and stop bouncing through the main process when an interface changes. This changes behaviour: in -current we can chang

Re: Unlock ip6_sysctl()

2023-05-18 Thread Florian Obser
On 2023-05-18 00:14 +02, Alexander Bluhm wrote: > And why is this ip6_soiikey in the kernel anyway? I guess it is > from a time when address configuration was done in the kernel. > Could slaacd(8) just read /etc/soii.key? Originally we implemented RFC 7217 for link-local addresses, too. The valu

Re: acme-client.conf example: more explicit clue to test with staging server

2023-05-09 Thread Florian Obser
We put *a lot* of work in so that a simple search & replace of example.com in acme-client.conf and httpd.conf examples would give a working configuration. So I would object to the previous diff. I'm not convinced this one will help(*) but no objection from me either. *) People don't read, we al

unwind(8): fix (some?) bad packet log messages

2023-04-15 Thread Florian Obser
s_buffer. I'm cautiously optimistic that those errors are also caught by this diff because rcode might just be set correctly. OK? commit c25ea4620c5ed21a5d12556fafba1f1ac22842e3 Author: Florian Obser Date: Sat Apr 15 11:41:42 2023 +0200 Improve asr error handling. When an ups

Re: fix iwm/iwx updatechan callbacks

2023-04-13 Thread Florian Obser
On 2023-04-12 23:27 +02, Stefan Sperling wrote: > The iwm_updatechan and iwx_updatechan callbacks are not reachable > because they were never wired up. Only the iwn driver already has > this callback pointer set as intended. > > With the patch below iwm/iwx should get triggered when an AP switches

Re: delete pltime and vltime

2023-04-12 Thread Florian Obser
On 2023-04-12 20:13 +09, Masato Asou wrote: > Hi, > > SIOCSIFALIFETIME_IN6 has been removed from sys/netinet6/in6_var.h with > the following commit: > > commit f487585d711456156cf95432fac5a11ff78440c8 > Author: stefan > Date: Sun Feb 28 07:15:34 2016 + > > Remove SIOCSIFALIFETIME_IN6 io

Re: cleanup vmm_start_vm, simplifying fd cleanup

2023-04-07 Thread Florian Obser
On 2023-04-07 10:51 -04, Dave Voutila wrote: > In vmd, the vmm process forks to create the resulting vm process. After > this fork, the vmm parent process closes all the file descriptors > pointing to the vm's devices (cdrom, kernel, disks, nics, etc.). > > The logic was a bit funky, so this chang

Re: dhcpleased, slaacd, unwind: Pass arguments to shutdown(2) in the right order

2023-02-14 Thread Florian Obser
Oopsie. OK florian On 2023-02-14 17:30 -05, Josiah Frentsos wrote: > Index: dhcpleased/dhcpleased.c > === > RCS file: /cvs/src/sbin/dhcpleased/dhcpleased.c,v > retrieving revision 1.28 > diff -u -p -r1.28 dhcpleased.c > --- dhcplea

Re: refactor mbuf parsing on driver level

2023-02-06 Thread Florian Obser
On 2023-02-07 01:35 +01, Alexander Bluhm wrote: > On Tue, Jan 31, 2023 at 11:32:44PM +0100, Jan Klemkow wrote: >> On Tue, Jan 31, 2023 at 09:12:51PM +0100, Christian Weisgerber wrote: >> > > - Check if the mbuf is large enough for an ether header. > >> if (m == NULL || m->m_len - hoff < sizeof(*e

Re: bgpd vs gcc4

2023-01-05 Thread Florian Obser
On 2023-01-05 11:09 +01, Theo Buehler wrote: > On Thu, Jan 05, 2023 at 11:03:04AM +0100, Claudio Jeker wrote: >> gcc4 does not really support C99 initalizers. It works most of the time >> but fails for more complex structs. Just fall back to memset() here. > > deraadt used { {0} } in kr_send_depen

Re: vmctl: use a space rather than tab in usage

2022-12-30 Thread Florian Obser
On 2022-12-30 15:06 +01, David Demelier wrote: > On Fri, 2022-12-30 at 14:50 +0100, Florian Obser wrote: >> That seems reasonable. This might be the full list, do you want to do >> all? >> >> usr.bin/htpasswd/htpasswd.c:fprintf(stderr, "usage:\t%s [file] >&

Re: vmctl: use a space rather than tab in usage

2022-12-30 Thread Florian Obser
That seems reasonable. This might be the full list, do you want to do all? usr.bin/htpasswd/htpasswd.c:fprintf(stderr, "usage:\t%s [file] login\n", __progname); usr.sbin/installboot/installboot.c: fprintf(stderr, "usage:\t%1$s [-nv] [-r root] disk [stage1%2$s]\n" usr.sbin/ldomctl/ldomctl

units(1): support personal library

2022-12-24 Thread Florian Obser
This is at least supported by FreeBSD's units(1) as well as by systemd/Linux. With a personal library like this: $ cat ~/units.lib assload 8 stone butt2 hogshead buttload6 seams solarmass 1.98847e30 kg I can convert my mass into more convenient units: $ units -f

Re: acme-client: parsing X509V3_EXT_print output is offensive

2022-12-16 Thread Florian Obser
On 2022-12-15 20:08 +01, Theo Buehler wrote: > I would appreciate some testing by people who actually use acme-client > with multiple SANs. The diff works for me and should not change any > important behavior. > > When I learned about CVE-2021-44532 in node, I was horrified, but oh, > well, it was

Re: lladdr support for netstart/hostname.if

2022-11-22 Thread Florian Obser
On 2022-11-22 18:06 +10, David Gwynne wrote: > > There are a few things to keep in mind if we're going to use lladdrs like > this. > > vlan interfaces start with their lladdr as 00:00:00:00:00:00 and then assume > the lladdr of the parent interface when that is configured. > > Clonable devices (

unit(1): Sur l’extension de la liste des préfixes du SI

2022-11-18 Thread Florian Obser
See page 6 of https://www.bipm.org/documents/20126/77765681/Resolutions-2022.pdf/281f3160-fc56-3e63-dbf7-77b76500990f OK? diff --git usr.bin/units/units.lib usr.bin/units/units.lib index c50011dcbc8..fb61ae63dc4 100644 --- usr.bin/units/units.lib +++ usr.bin/units/units.lib @@ -13,6 +13,8 @@ erla

Re: fix Ipv6 link local address assignment

2022-11-15 Thread Florian Obser
On 2022-11-15 19:21 +01, Claudio Jeker wrote: > My last commit to in6_ifattach() broke a few regress tests. > The problem is that 'ifconfig tun0 inet6 eui64' no longer works. > Now I thought it would if called explicitly but no. > So lets peddal back a bit and assign link-local addresses on all in

Re: netstart: wait for autoconf on RUNNING interfaces only

2022-11-11 Thread Florian Obser
On 2022-11-11 20:15 UTC, Klemens Nanni wrote: > On Fri, Nov 11, 2022 at 07:00:27PM +0000, Florian Obser wrote: >> On 2022-11-11 16:55 UTC, Klemens Nanni wrote: >> > Only /etc/hostname.athn0 contains autoconf on my X230. >> > >> > When the hardware switch

Re: netstart: wait for autoconf on RUNNING interfaces only

2022-11-11 Thread Florian Obser
On 2022-11-11 16:55 UTC, Klemens Nanni wrote: > Only /etc/hostname.athn0 contains autoconf on my X230. > > When the hardware switch turned off, netstart still waits 10 seconds: > > $ ifconfig athn0 > athn0: > flags=a48803 > mtu 1500 > lladdr 04:f0:21:30:37:de >

Re: ftp: strnvis redirect uri

2022-11-09 Thread Florian Obser
200 might be a bit short for an URL, no? On 2022-11-09 16:34 +01, Claudio Jeker wrote: > The redirect URI is untrusted input so strnvis it first before printing > it. > > -- > :wq Claudio > > Index: fetch.c > === > RCS file: /cvs/sr

Re: route(8) example for "out of prefix" default gateway

2022-11-09 Thread Florian Obser
OK florian On 9 November 2022 07:37:50 GMT, Stuart Henderson wrote: >Seems some hosting providers have annoying "out of prefix" >default gateways whuch are painful to configure >(https://marc.info/?t=16678224225&r=1&w=2), should >we give a pointer in route(8)? > >Index: route.8 >

Re: rad(8): Implement RFC 8781 PREF64 router advertisement option.

2022-10-15 Thread Florian Obser
On 2022-10-15 13:00 +02, Florian Obser wrote: > With this clients can learn the presence and used prefix for Network > Address and Protocol Translation between IPv6 and IPv4 (NAT64). > > Apparently there is support in mobile devices as well as in macOS. > > This option, together

rad(8): Implement RFC 8781 PREF64 router advertisement option.

2022-10-15 Thread Florian Obser
With this clients can learn the presence and used prefix for Network Address and Protocol Translation between IPv6 and IPv4 (NAT64). Apparently there is support in mobile devices as well as in macOS. This option, together with the the dhcp "IPv6-only preferred" option (108) enables the Customer-s

Re: mg: add zap-to-char and zap-up-to-char

2022-10-13 Thread Florian Obser
On 2022-10-13 12:16 +02, Omar Polo wrote: > small quality-of-life addition. GNU Emacs has zap-to-char bound by to > M-z and zap-up-to-char unbound; i'm unsure how closely we want to > follow emacs here, IMHO zap-up-to-char is way more useful than > zap-to-char and so i opted to bound M-z to zap-u

Re: sysupgrade: exit 1 instead of exit 0 when ending early

2022-10-07 Thread Florian Obser
On 2022-10-07 14:39 -04, Josh Grosse wrote: > For ease of running sysupgrade from within a script. > > diff --git a/usr.sbin/sysupgrade/sysupgrade.sh > b/usr.sbin/sysupgrade/sysupgrade.sh > index d80ff127ffa..ce5800093c9 100644 > --- a/usr.sbin/sysupgrade/sysupgrade.sh > +++ b/usr.sbin/sysupgrade

Re: acme-client: allow newlines in alternative names

2022-10-05 Thread Florian Obser
Makes sense to me, OK florian Please wait a day or two in case there are objections. On 2022-10-05 09:28 +02, Omar Polo wrote: > just a small scratch to itch; i'd prefer if i could split the > alternative names in multiple lines without using \ > > so, now one should be able to write > > domain

Re: Remove some unnecessary setproctitle(3) format strings

2022-09-27 Thread Florian Obser
On 2022-09-27 09:26 +02, Martijn van Duren wrote: > The caveats section talks about "user-supplied data". These string are > constant and don't contain any '%'. Most other daemons in base use the > setproctitle("title"); format as well. It's not that clear cut, snmpd(8), a daemon you might be fam

Re: grdc: show timezone when TZ is set

2022-09-23 Thread Florian Obser
deraadt objected to the time zone validation. I don't care about the feature and I agree with the point that I shouldn't do it because there is no API for it. I don't even know where the time zone files are. To make this all more symmetric always print tm_zone, even if TZ is not set. OK? diff --

Re: grdc: show timezone when TZ is set

2022-09-23 Thread Florian Obser
So, with the tzset(3) restriction in place I'd like to fix grdc, because what we currently have is wrong: There are time zones that have minute offsets, display those correctly. Pointed out by pjanzen@. To display the offset, use ISO 8601, as suggested by David Goerger. Take a guess if tzset(3) w

Re: sysupgrade - Reading from socket: Undefined error: 0

2022-09-19 Thread Florian Obser
On 2022-09-19 22:27 +02, Hrvoje Popovski wrote: > Hi all, > > when doing sysupgrade few minutes ago on multiple machines i'm getting > error in subject > > smc24# sysupgrade -s > Fetching from https://cdn.openbsd.org/pub/OpenBSD/snapshots/amd64/ > SHA256.sig 100% |***

Re: grdc: show timezone when TZ is set

2022-09-18 Thread Florian Obser
I'm happy with that, let's do this then - fix the offset calculation - output tm->tm_zone in addition to TZ to be able to spot typos. OK? diff --git grdc.c grdc.c index 66e5eee79e6..05b1ff1ea87 100644 --- grdc.c +++ grdc.c @@ -185,9 +185,12 @@ main(int argc, char *argv[])

Re: grdc: show timezone when TZ is set

2022-09-18 Thread Florian Obser
On 2022-09-18 01:55 -04, Paul Janzen wrote: > The recent change to grdc(6), to display additional information if TZ is > set, has a few issues. > > 1. Time zone offset incorrectly reported in Newfoundland. > > Some time zones have offsets of 30 or 45 minutes. The displayed time > offset is curre

Re: grdc: show timezone when TZ is set

2022-09-17 Thread Florian Obser
On 2022-09-17 08:42 UTC, Klemens Nanni wrote: > On Sat, Sep 17, 2022 at 09:40:27AM +0200, Florian Obser wrote: >> On 2021-10-24 03:06 +02, James Russell Stickney wrote: >> > I recently found myself wanting to moniter local time from a number of >> > locations around

Re: grdc: show timezone when TZ is set

2022-09-17 Thread Florian Obser
On 2021-10-24 03:06 +02, James Russell Stickney wrote: > I recently found myself wanting to moniter local time from a number of > locations around the world. > Setting the TZ environment variable on grdc did a wonderfull job at this. > At which point, I wanted to know which clock was showing what

Re: httpd: overwrite rather than error for duplicate type entries

2022-09-01 Thread Florian Obser
This diff is correct and the use-case makes sense to me. OK florian On 2022-09-01 21:30 +01, Ben Fuller wrote: > On Thu, Sep 01, 2022 at 21:22:13 +0100, Ben Fuller wrote: >> On Thu, Sep 01, 2022 at 21:44:34 +0200, Florian Obser wrote: >> > Pretty sure this doesn't comp

Re: httpd: overwrite rather than error for duplicate type entries

2022-09-01 Thread Florian Obser
Pretty sure this doesn't compile. If it were to compile it would leak memory. On 1 September 2022 20:32:55 CEST, Ben Fuller wrote: >Hi, > >In my httpd.conf, I include /usr/share/misc/mime.types but also want to >define a few of my own type rules: in particular, I wanted to use > >text/"plain;

Re: ps(1): add -d (descendancy) option to display parent/child process relationships

2022-09-01 Thread Florian Obser
On 2022-09-01 09:55 -06, "Theo de Raadt" wrote: > Job Snijders wrote: > >> On Thu, Sep 01, 2022 at 03:14:40PM +0200, Martin Schröder wrote: >> > Am Do., 1. Sept. 2022 um 05:38 Uhr schrieb Job Snijders : >> > > Some ps(1) implementations have an '-d' ('descendancy') option. Through >> > > ASCII ar

Re: dhcpleased.8: add lease files to FILES

2022-08-28 Thread Florian Obser
On 2022-08-18 20:34 UTC, Klemens Nanni wrote: > On Thu, Aug 18, 2022 at 08:53:51PM +0100, Jason McIntyre wrote: >> On Thu, Aug 18, 2022 at 07:29:42PM +, Klemens Nanni wrote: >> > There is dhcpleasectl(8) -l but that only works for currently >> > configured leases/interfaces and does not print

Re: slowcgi, httpd and fastcgi abnormal termination

2022-08-11 Thread Florian Obser
On 2022-08-11 11:39 +02, Claudio Jeker wrote: > On Wed, Aug 10, 2022 at 09:45:44PM +0200, Omar Polo wrote: >> On 2022/08/10 15:07:15 +0200, Claudio Jeker wrote: >> > On Sun, Aug 07, 2022 at 11:10:22AM +0200, Omar Polo wrote: >> > Should slowcgi kill the command if SCRIPT_DONE is not set? >> >> R

Re: nd6: Rename is_newentry to newentry

2022-08-04 Thread Florian Obser
On 2022-08-04 14:21 UTC, Klemens Nanni wrote: > This matches the extensive comments and schema for related variables. > No functional change. are you planning to work on ND, or is this just shuffing of deck chairs? When I rewrote source address selection it was worthwhile that blame worked to fi

slaacd(8): delete autoconf or temporary address on interface flag removal

2022-07-23 Thread Florian Obser
I just fixed the case where autoconf and temporary addresses stayed behind when the interface no longer has inet6 autoconf and inet6 temporary. This deletes addresses when one removes the temporary or autoconf flag but the other one is still set. OK? (This needs rev 1.82 of engine.c to work corre

Re: nd6: Zap nd6_recalc_reachtm_interval indirection

2022-07-22 Thread Florian Obser
On 2022-07-22 14:27 +02, Claudio Jeker wrote: > On Fri, Jul 22, 2022 at 12:18:34PM +, Klemens Nanni wrote: >> Only used once, so use the macro directly like ND6_SLOWTIMER_INTERVAL >> is used in many places. >> >> OK? > > Is that a value that should be adjustable? I don't think so, this is th

Re: Remove support for CH and HS classes from dig(1)

2022-07-18 Thread Florian Obser
On 2022-07-18 14:52 +01, Ricardo Mestre wrote: > Hi, > > I'm too young to ever know there were other types of networks still supported > by > dig(1), but it seems it's a thing. Found while reading [0]. > > Realistically speaking do we want to keep supporting these kind of ancient > networks on ou

Re: dhcpleased(8): close unneeded bpf FDs

2022-07-13 Thread Florian Obser
On 2022-07-12 14:35 +02, Florian Obser wrote: > When the autoconf flag flaps around we might end up with multiple bpf > FDs in flight. Things then get confusing. The kernel tells us we can > read from the bpf FD but the data is actually "on the other FD", so > read(2) re

dhcpleased(8): close unneeded bpf FDs

2022-07-12 Thread Florian Obser
When the autoconf flag flaps around we might end up with multiple bpf FDs in flight. Things then get confusing. The kernel tells us we can read from the bpf FD but the data is actually "on the other FD", so read(2) returns 0. Found the hard way by, and patiently debugged with weerd@ One way to tr

Re: dig(1): SVCB and HTTPS RR types

2022-07-02 Thread Florian Obser
anyone? On 2022-06-25 13:15 +02, Florian Obser wrote: > See https://datatracker.ietf.org/doc/draft-ietf-dnsop-svcb-https/ > > $ ./obj/dig @8.8.8.8 +norec _dns.resolver.arpa svcb > > ; <<>> dig 9.10.8-P1 <<>> @8.8.8.8 +norec _dns.resolver.arpa svcb > ;

Re: slaacd(8): state machine rewrite, improved roaming support

2022-07-01 Thread Florian Obser
this one works better on real wifi, which can transition down -> down diff --git engine.c engine.c index db6d619abf1..4703c3ec7c7 100644 --- engine.c +++ engine.c @@ -100,23 +100,13 @@ enum if_state { IF_DOWN, - IF_DELAY, - IF_PROBE, - IF_IDLE, - IF_DEAD, -}; - -

nsd 4.6.0

2022-06-30 Thread Florian Obser
OK? diff --git Makefile.in Makefile.in index b6b7eb37570..96d0784f610 100644 --- Makefile.in +++ Makefile.in @@ -81,13 +81,13 @@ MANUALS=nsd.8 nsd-checkconf.8 nsd-checkzone.8 nsd-control.8 nsd.conf.5 COMMON_OBJ=answer.o axfr.o ixfr.o ixfrcreate.o buffer.o configlexer.o configparser.o dname.o

slaacd(8): state machine rewrite, improved roaming support

2022-06-29 Thread Florian Obser
This rewrite was inspired by what we learned in dhcpleased. I find state_transition / timeout split easier to reason about. This also fixes a bunch of bugs, like remove stale IPs / routes / DNS servers when moving from one IPv6 enabled network to another. Tests, comments, OKs? diff --git engine.

Re: snmpd(8): Add rudimentary AgentX support

2022-06-27 Thread Florian Obser
On 2022-06-27 13:32 +02, Martijn van Duren wrote: > For the group-id I went with 92, which was used by _rtadvd. It's one up > from _snmpd and has been used previously by _rtadvd, which should make > it the perfect candidate. According to florian rtadvd never stored > anything on disk and chances

dig(1): no trust

2022-06-26 Thread Florian Obser
A day without a removal diff for dig is a sad day, let's have a happy day! OK? diff --git lib/dns/include/dns/rdataset.h lib/dns/include/dns/rdataset.h index 785821dabf2..26003cfaad4 100644 --- lib/dns/include/dns/rdataset.h +++ lib/dns/include/dns/rdataset.h @@ -86,7 +86,6 @@ struct dns_rdataset

dig(1): SVCB and HTTPS RR types

2022-06-25 Thread Florian Obser
uot;, target)); case 63: return (isc_str_tobuffer("ZONEMD", target)); + case 64: + return (isc_str_tobuffer("SVCB", target)); + case 65: + return (isc_str_tobuffer("HTTPS", target)); case 99:

dig(1): remove unused DNS_RDATASETATTR defines

2022-06-25 Thread Florian Obser
OK? diff --git lib/dns/include/dns/rdataset.h lib/dns/include/dns/rdataset.h index a2e86b62055..e2c453adc81 100644 --- lib/dns/include/dns/rdataset.h +++ lib/dns/include/dns/rdataset.h @@ -67,46 +67,6 @@ typedef struct dns_rdatasetmethods { void(*clone)(dns_rdataset_t *

dig(1): remove order and order_args

2022-06-25 Thread Florian Obser
We do not order RRsets and we are not interested in partial RRsets. OK? diff --git lib/dns/include/dns/message.h lib/dns/include/dns/message.h index a70720eee39..7f547411bf0 100644 --- lib/dns/include/dns/message.h +++ lib/dns/include/dns/message.h @@ -226,9 +226,6 @@ struct dns_message {

improve unwind memory usage

2022-06-19 Thread Florian Obser
Some time ago (it has been years actually), Otto instrumented malloc(3) to see where unwind is using a lot of memory when it's just sitting there. One of the remaining areas is struct config_file with its member outgoing_avail_ports: if(!(cfg->outgoing_avail_ports = (int*)calloc(65536, siz

Re: [PATCH] adds -t timeout to slowcgi

2022-06-11 Thread Florian Obser
On 2022-06-10 04:27 -07, Alfred Morgan wrote: >> The connection to upstream (e.g. httpd) is closed so the client gets a 500 >> error. > > Hmm, this isn't my experience. Possibly a slowcgi bug? My clients were > getting no response, e.g.: > curl: (52) Empty reply from server > >> But the script ke

Re: [PATCH] adds -t timeout to slowcgi

2022-06-09 Thread Florian Obser
On 2022-06-09 01:36 -07, Alfred Morgan wrote: > I think this got missed on misc@ when I posted on 5/24. I'm now > reposting here in tech@ with the [PATCH] subject tag. > > Index: usr.sbin/slowcgi/slowcgi.8 > === > RCS file: /cvs/src/u

Re: httpd: add include_dir keyword

2022-06-02 Thread Florian Obser
On 2022-06-02 11:04 +02, qorg11 wrote: > This patch addes the "inlcude_dir" keyword for httpd.conf. Which works > just like "include" but it includes all the files in a directory, for > example: include "/etc/httpd.d" > > The diff file is attatched. I don't think we want this functionality. More

Re: acme-client: check token names

2022-05-05 Thread Florian Obser
On 2022-05-04 13:21 +0430, Ali Farzanrad wrote: > OK, I've tested following diff on my own domain and it works. > I did 2 modifications: > > 1. I explicitly call setlocate with "C" to ensure C locale, I came to the conclusion that it's best to call setlocale in first thing in main, that's what o

Re: acme-client: check token names

2022-05-03 Thread Florian Obser
On 2022-05-03 17:41 +0430, Ali Farzanrad wrote: > > Hi Florian, > > Yes, I read the RFC, it should work, but I couldn't test it yet, because > my domain manager is a little lazy (I've registeret 2 subdomains for my > domain, but it is not listed in name servers yet). I'll probably test > it tomor

Re: acme-client: check token names

2022-05-03 Thread Florian Obser
On 2022-05-02 03:04 +0430, Ali Farzanrad wrote: > Hi tech@, > > I know that acme-client is unveiled properly, but isn't it better to > check token names? Nice catch, the token is untrusted input. We should validate this differently though. RFC 8555, 8.5 HTTP Challenge: token (required, strin

Re: ssh-keygen(1): resident fido2 keys

2022-05-01 Thread Florian Obser
On 2022-05-01 14:43 +02, Christian Weisgerber wrote: > Florian Obser: > >> Sounds reasonable, this adds the FIDO section and moves the -O bits in. >> The wording is inspired by / copied from the 8.2 release notes and the >> CERTIFICATES section. > > I think

Re: ssh-keygen(1): resident fido2 keys

2022-04-30 Thread Florian Obser
On 2022-04-29 19:24 +01, Jason McIntyre wrote: > what we probably want is a simple overview of these devices in > DESCRIPTION. but that's not simple. the page is already a bruiser. i > mean, it discusses what constitues a good password/phrase! where to go > from there? > > i note that the other c

dhcpleased(8): be more lenient with host name and domain name options

2022-04-30 Thread Florian Obser
As found by n18fuhtm AT tutanota.com there are dhcp servers that send a domain name option with length 1 and a single \0. We strip trailing \0 and then end up with length 0. This is a protocol violation, the minimum length for domain name option is 1, and we ignore the lease. So we are not going t

ssh-keygen(1): resident fido2 keys

2022-04-29 Thread Florian Obser
So I got a yubikey and I wanted to try fido2 with ssh. I was a bit unsure on how to generate a key (hint: it's just ssh-keygen -t ed25519-sk). So I went and ask the Internet. I ran into some page that suggested that you need to give a ton of options to ssh-keygen, including -o resident without expl

Re: dhcpleased: Don’t set option 12 if host name is empty

2022-04-25 Thread Florian Obser
On 2022-04-24 20:01 +02, Ibrahim Khalifa wrote: > Hi, > > I ran into an issue with dhcpleased when trying to do pxeboot and automatic > installation when using DHCP Relay on Cisco ASA. > > The problem is when dhcpleased starts for the first time after bsd.rd > is loaded there is no hostname set f

Re: pf igmp icmp6 multicast router alert

2022-04-21 Thread Florian Obser
On 2022-04-21 21:10 +02, Alexander Bluhm wrote: > On Thu, Apr 21, 2022 at 08:56:07PM +0200, Otto Moerbeek wrote: >> > Currently it allows all options. Should I make it specific to >> > router alert with IGMP or ICMP6? >> >> To me it looks like the icmp6 case already is limited to MLD? > > The qu

rad(8): rate limit solicited router advertisements

2022-03-22 Thread Florian Obser
Rate limit router advertisements according to RFC 4861 6.2.6. In all cases, Router Advertisements sent in response to a Router Solicitation MUST be delayed by a random time between 0 and MAX_RA_DELAY_TIME seconds. (If a single advertisement is sent in response to multiple solicitations

Re: initial 11ac support for iwm(4)

2022-03-17 Thread Florian Obser
Still works fine on 9260. While playing around with this I noticed something else which is probably not a regression: I have two SSIDs, "normal" and NAT64, they are on the same AP and just come out on different vlans, they use the same channel. They are also on 2.4GHz. Switching between them wit

Re: initial 11ac support for iwm(4)

2022-03-16 Thread Florian Obser
This works fine on iwm0 at pci1 dev 0 function 0 "Intel Dual Band Wireless-AC 9260" rev 0x29, msix iwm0: hw rev 0x320, fw ver 46.4e1ceb39.0 and iwm0 at pci2 dev 0 function 0 "Intel AC 7260" rev 0x83, msi iwm0: hw rev 0x140, fw ver 17.3216344376.0 against UniFi UAP-AC-SHD and UAP-AC-Pro. I have

nsd 4.4.0

2022-03-14 Thread Florian Obser
Tests, OKs? diff --git usr.sbin/nsd/Makefile.in usr.sbin/nsd/Makefile.in index 8aa40269f2a..e28fc47cd32 100644 --- usr.sbin/nsd/Makefile.in +++ usr.sbin/nsd/Makefile.in @@ -586,7 +586,7 @@ cutest_udb.o: $(srcdir)/tpkg/cutest/cutest_udb.c config.h $(srcdir)/tpkg/cutest/ cutest_udbrad.o: $(srcdir)

Re: unwind(8): simplify query parsing

2022-03-13 Thread Florian Obser
anyone? On 2022-03-03 19:57 +01, Florian Obser wrote: > parse_packet() is used by unbound(8) to parse response packets, not > queries. There is no need to do all this work just to get access to > the query id and flags. This is what unbound(8) is doing. > > OK? > >

unwind(8): simplify query parsing

2022-03-03 Thread Florian Obser
parse_packet() is used by unbound(8) to parse response packets, not queries. There is no need to do all this work just to get access to the query id and flags. This is what unbound(8) is doing. OK? diff --git frontend.c frontend.c index 6316231f4bf..ac53fc01ef1 100644 --- frontend.c +++ frontend.

Re: [PATCH] httpd initialize kv structs on stack

2022-03-02 Thread Florian Obser
On 2022-03-01 10:22 -08, j...@bitminer.ca wrote: > Looking at the gz option, I noticed some kv structs allocated on > stack but not fully initialized. Nice catch. > > This patches initializes the kv struct to avoid randomly getting > KV_GLAG_GLOBBING in kv_find depending on stack contents, whenev

Re: unwind(8): use parse_edns_from_pkt

2022-03-01 Thread Florian Obser
anyone had a chance to test this? On 2022-02-24 18:38 +01, Florian Obser wrote: > Upstream renamed parse_extract_edns to > parse_extract_edns_from_response_msg and parse_edns_from_pkt to > parse_edns_from_query_pkt in the upcomming libunbound 1.15.0 > update. Both funktions work equa

Re: sysupgrade(8): Pick correct firmware directory

2022-02-28 Thread Florian Obser
On 2022-02-28 06:30 -08, Andrew Hewus Fresh wrote: > On Mon, Feb 28, 2022 at 08:27:13AM +0100, Florian Obser wrote: >> On 2022-02-27 21:33 -08, Andrew Hewus Fresh >> wrote: >> > So, sdk@ noticed that sysupgrade didn't get updated for the new logic in >> > t

Re: sysupgrade(8): Pick correct firmware directory

2022-02-27 Thread Florian Obser
On 2022-02-27 21:33 -08, Andrew Hewus Fresh wrote: > So, sdk@ noticed that sysupgrade didn't get updated for the new logic in > the firmware directories. Specifically that the only time we use > "snapshots" directory is with -current. The rest of the time, including > during -beta we use the ve

unwind(8): use parse_edns_from_pkt

2022-02-24 Thread Florian Obser
Upstream renamed parse_extract_edns to parse_extract_edns_from_response_msg and parse_edns_from_pkt to parse_edns_from_query_pkt in the upcomming libunbound 1.15.0 update. Both funktions work equally well for us but it would look weird to use the "from_response_msg" function on the query so switc

[Wolf] [PATCH] Move warnx into correct place

2022-02-22 Thread Florian Obser
OK florian Start of forwarded message From: Wolf To: m...@openbsd.org Cc: Wolf Subject: [PATCH] Move warnx into correct place Date: Sun, 20 Feb 2022 15:10:16 +0100 Original location caused the line to be printed every time for ec keys. I suspect copy&

Re: ping icmp ident collisions

2022-02-18 Thread Florian Obser
On 2022-02-18 12:17 +10, Jonathan Matthew wrote: > The only thing ping uses to determine whether a received icmp echo reply > packet is a > response to one of its requests is the 16 bit icmp ident field. If you ping > enough > stuff at the same time, eventually you'll have two concurrent pings

Re: dhcpleased(8) vs. microsoft dhcp server

2022-02-15 Thread Florian Obser
On 2022-02-15 12:07 -07, "Todd C. Miller" wrote: > On Tue, 15 Feb 2022 20:01:52 +0100, Florian Obser wrote: > > I think you need that to be: > > /* MUST delete trailing NUL, per RFC 2132 */ > slen = dho_len; > while (slen > 0 &&

dhcpleased(8) vs. microsoft dhcp server

2022-02-15 Thread Florian Obser
Jan reported that the microsoft dhcp server sends the domain name option as a C string (i.e. NUL terminated) on-wire. This then ends up in /var/db/dhcpleased/$IF as e.g. domain-name: example.com\^@ which the installer uses to form /etc/myname which then later on smtpd complains about. I'm fresh

Re: adding MIME type for XSLT

2022-02-12 Thread Florian Obser
On 2022-02-11 21:51 UTC, Stuart Henderson wrote: > On 2022/02/11 11:19, Florian Obser wrote: >> I'm wondering if we need to sync, unfortunately the two files are >> not diffable :/ > > easy enough to transform, and the extensions and mimetypes are basically > in s

Re: adding MIME type for XSLT

2022-02-11 Thread Florian Obser
On 2022-02-11 02:29 -07, "Anthony J. Bentley" wrote: > Jesse Alama writes: >> XSLT is a well-established XML-based language for stylesheets. It has been ar >> ound since the late 90s; the most recent version was finalized in 2017 (see >> https://www.w3.org/TR/xslt-30/). The mime.types file bundl

Re: IPv6 privacy extensions

2022-01-24 Thread Florian Obser
On 2022-01-24 00:17 +01, Marcel Logen <33327110-0...@ybtra.de> wrote: > Hello, > > since ca. April 2021 I see, that (after boot) no new IPv6 > temporary adresses are created after 900 seconds (15 min). > > The pltime decreases to 900 and then gets a value of 1800. > No new temporary address is

Re: slaacd(8): router lifetime zero vs. prefixes

2022-01-01 Thread Florian Obser
ping On 2021-12-27 17:01 +01, Florian Obser wrote: > Prefix life time is independent from router life time. > Form an IPv6 address even if the router announcing the prefix isn't a > default router. > Problem reported by mgraves AT brainfat.net on misc > > OK? > >

  1   2   3   4   5   6   7   8   9   >