[Bug 284749] certctl: add support for generating cert.pem CAfiles
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=284749 --- Comment #12 from Michael Osipov --- > * NOOP is not obeyed Point taken. Resolved. > * Delete is, again, inconsistent Resolved. > * cat arg should be quoted Agreed. I do not understand why -B is necessary at all, I mean: Aren't "if [ $WANTCERTDESTFILE -a -e "$CERTDESTFILE" ]" + "if [ $WANTCERTDESTFILE ]" later enough? Don't touch want we aren't unstructed to touch or haven't created. == Regarding the dreaded SPLITDIR and multiple certs in one file: I do not like that at all and I told des@ already that our tool should be as close as possible to openssl-rehash for consistency and POLA. openssl-rehash will skip everything after the first certificate in a file. But this is a different dicussion. -- You are receiving this mail because: You are the assignee for the bug.
[Bug 284864] sort does case-independent sort even without -f or --ignore-case
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=284864 Bug ID: 284864 Summary: sort does case-independent sort even without -f or --ignore-case Product: Base System Version: 14.2-RELEASE Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: bin Assignee: b...@freebsd.org Reporter: w...@psr.com -- You are receiving this mail because: You are the assignee for the bug.
[Bug 284865] IPFW syntax errors in /etc/rc.firewall
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=284865
Bug ID: 284865
Summary: IPFW syntax errors in /etc/rc.firewall
Product: Base System
Version: 13.4-RELEASE
Hardware: Any
OS: Any
Status: New
Severity: Affects Many People
Priority: ---
Component: conf
Assignee: b...@freebsd.org
Reporter: ze...@zaclys.net
Hi there,
I think there are some syntax errors in /etc/rc.firewall, a missing "s" for
icmptype.
For ipv6: icmp6type instead of icmp6types
For ipv4: icmptype instead of icmptypes
~ $ grep -n -E -w "icmp6type|icmptype" /etc/rc.firewall
462:${fwcmd} add pass icmp from any to any icmptype 8
464:${fwcmd} add pass ipv6-icmp from any to any icmp6type 128,129
468:${fwcmd} add pass icmp from any to any icmptype 3,4,11
470:${fwcmd} add pass ipv6-icmp from any to any icmp6type 3
~ $ freebsd-version -kru ; uname -rms
13.4-RELEASE-p3
13.4-RELEASE-p3
13.4-RELEASE-p3
FreeBSD 13.4-RELEASE-p3 amd64
Tested on 13.4 and 14.2.
Thank you.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 282713] Process enters in STOP state and doesn't respond to any signal.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=282713 Kyle Evans changed: What|Removed |Added CC||b...@freebsd.org, ||kev...@freebsd.org Assignee|b...@freebsd.org|bnov...@freebsd.org -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug.
[Bug 282713] Process enters in STOP state and doesn't respond to any signal.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=282713 --- Comment #16 from commit-h...@freebsd.org --- A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=df436036e82b895a6233d803bc8bf14d2cfe90d7 commit df436036e82b895a6233d803bc8bf14d2cfe90d7 Author: Bojan Novković AuthorDate: 2025-01-30 15:10:04 + Commit: Bojan Novković CommitDate: 2025-02-17 16:40:34 + umtx: Don't sleep after casueword32 failure in do_sem2_wake When a casueword32 operation fails, 'do_sem2_wake' will call 'thread_check_susp' to avoid a potential livelock. However, it instructs 'thread_check_susp' to sleep while holding a previously busied umtxq key. This is explicitly discouraged by the comments in 'thread_check_susp' which state that a thread shouldn't sleep if it owns a kernel resource. Fix this by passing 'false' to 'thread_check_susp'. Reviewed by:kib PR: 282713 Differential Revision: https://reviews.freebsd.org/D48728 Sponsored by: Klara Inc. sys/kern/kern_umtx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- You are receiving this mail because: You are on the CC list for the bug.
[Bug 284863] ntpd throws "Address already in use" error with shared IP on multiple interfaces after upgrade from 14.1 to 14.2
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=284863 Bug ID: 284863 Summary: ntpd throws "Address already in use" error with shared IP on multiple interfaces after upgrade from 14.1 to 14.2 Product: Base System Version: 14.2-RELEASE Hardware: amd64 OS: Any Status: New Severity: Affects Some People Priority: --- Component: bin Assignee: b...@freebsd.org Reporter: l...@ofwilsoncreek.com After upgrading from FreeBSD 14.1 to 14.2, ntpd now fails to start with the error "Address already in use" when two or more network interfaces are configured with the same IP address. This behavior was not observed in FreeBSD 14.1 where ntpd would start without issues under the same configuration. Steps to Reproduce: 1. Configure two or more network interfaces with the same IP address on a FreeBSD 14.2 system: ifconfig_ena0="inet 10.96.16.8/20" ifconfig_tun0="inet 10.96.16.8/32" 2. Configure ntp.conf as follows: server nss.nts.umn.edu burst iburst server time.nist.gov burst iburst restrict default kod limited nomodify notrap restrict -6 default kod limited nomodify notrap restrict 127.0.0.1 restrict -6 ::1 3. Attempt to start ntpd: service ntpd start 4. Observe the error in syslog, attached below. Workaround: Specifying the interface to ntpd sidesteps the problem, for example `ntpd_flags="--interface=ena0"`. However, this is suboptimal as it requires explicit interface selection for ntpd. Configuration details: ntp.conf server nss.nts.umn.edu burst iburst server time.nist.gov burst iburst restrict default kod limited nomodify notrap restrict -6 default kod limited nomodify notrap restrict 127.0.0.1 restrict -6 ::1 Syslog: Feb 17 15:04:59 bigbrother ntpd[497]: Command line: /usr/sbin/ntpd -p /var/db/ntp/ntpd.pid -c /etc/ntp.conf -f /var/db/ntp/ntpd.drift -g Feb 17 15:04:59 bigbrother ntpd[498]: Listen and drop on 0 v6wildcard [::]:123 Feb 17 15:04:59 bigbrother ntpd[498]: Listen and drop on 1 v4wildcard 0.0.0.0:123 Feb 17 15:04:59 bigbrother ntpd[498]: Listen normally on 2 ena0 [fe80::c07:6eff:fe7f:d2f4%1]:123 Feb 17 15:04:59 bigbrother ntpd[498]: Listen normally on 3 ena0 10.96.16.8:123 Feb 17 15:04:59 bigbrother ntpd[498]: Listen normally on 4 lo0 [::1]:123 Feb 17 15:04:59 bigbrother ntpd[498]: Listen normally on 5 lo0 [fe80::1%2]:123 Feb 17 15:04:59 bigbrother kernel: pid 498 (ntpd), jid 0, uid 123: exited on signal 11 (no core dump - other error) Feb 17 15:04:59 bigbrother ntpd[498]: Listen normally on 6 lo0 127.0.0.1:123 Feb 17 15:04:59 bigbrother ntpd[498]: bind(27) AF_INET 10.96.16.8:123 flags 0x13 failed: Address already in use Feb 17 15:04:59 bigbrother ntpd[498]: unable to create socket on tun5018 (7) for 10.96.16.8:123 Feb 17 15:04:59 bigbrother ntpd[497]: daemon child died with signal 11 -- You are receiving this mail because: You are the assignee for the bug.
[Bug 284864] sort does case-independent sort even without -f or --ignore-case
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=284864
--- Comment #1 from w...@psr.com ---
/usr/bin/sort, with no options, is doing a case-independent sort.
Example: file foo containing:
1 Abcd 2
1 abcd 1
2 Abcd 1
2 abcd 2
with environment variables:
LANG=C
LC_CTYPE=iso_8859_1
MM_CHARSET=UTF-8
LC_ALL=en_US.ISO8859-1
LOCALE=C
in case any of those matter,
which I would think would sort exactly as is ('A' before 'a'), instead gets
sorted case-independently:
# sort foo
1 abcd 1
1 Abcd 2
2 Abcd 1
2 abcd 2
Unless I'm missing something, this looks wrong.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 284872] [carp] Missing byte order correction causing certain unicast announcements to have invalid destination MAC address
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=284872 Bug ID: 284872 Summary: [carp] Missing byte order correction causing certain unicast announcements to have invalid destination MAC address Product: Base System Version: 14.2-RELEASE Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: kern Assignee: b...@freebsd.org Reporter: brett.merr...@itcollective.nz sys/netinet/ip_carp.c - line 1248: if (IN_MULTICAST(sc->sc_carpaddr.s_addr)) m->m_flags |= M_MCAST; Should read: if (IN_MULTICAST(ntohl(sc->sc_carpaddr.s_addr))) m->m_flags |= M_MCAST; At present, any announcement where the peer IP address ends in .244-.239 rather than begins with 244.-239. get sent to an invalid multicast destination MAC address. eg. Frame 17: 70 bytes on wire (560 bits), 70 bytes captured (560 bits) Ethernet II, Src: Microsoft_de:ed:00 (00:15:5d:de:ed:00), Dst: IPv4mcast_28:c9:ef (01:00:5e:28:c9:ef) Internet Protocol Version 4, Src: 192.168.201.238, Dst: 192.168.201.239 Common Address Redundancy Protocol -- You are receiving this mail because: You are the assignee for the bug.
[Bug 258414] libblacklist: BLACKLIST_BAD_USER does nothing
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=258414 Jose Luis Duran changed: What|Removed |Added CC||jldu...@freebsd.org --- Comment #1 from Jose Luis Duran --- Related upstream commit: https://github.com/zoulasc/blocklist/commit/ddf6d710c70ee3c637d63477b1a88726713fae3a -- You are receiving this mail because: You are the assignee for the bug.
[Bug 284865] IPFW syntax errors in /etc/rc.firewall
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=284865 Mark Linimon changed: What|Removed |Added Assignee|b...@freebsd.org|r...@freebsd.org -- You are receiving this mail because: You are the assignee for the bug.
[Bug 254300] loader prompt echoes one of [/|\] instead of typed character on serial console
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254300 Jose Luis Duran changed: What|Removed |Added CC||jldu...@freebsd.org --- Comment #5 from Jose Luis Duran --- (In reply to Felix Palmen from comment #4) I think what happens is, the twiddle is just displaying its progress. To check if this theory is correct, would you mind disabling it: echo 'module_verbose="1"' >> /boot/loader.conf Another workaround could be to increase the twiddle_divisor. -- You are receiving this mail because: You are the assignee for the bug.
[Bug 284872] [carp] Missing byte order correction causing certain unicast announcements to have invalid destination MAC address
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=284872 --- Comment #1 from Franco Fichtner --- Nice find. There appear to be two instances of this problem: % git grep -n IN_MULTICAST sys/netinet/ip_carp.c | grep -v ntohl sys/netinet/ip_carp.c:858: multicast = IN_MULTICAST(sc->sc_carpaddr.s_addr); sys/netinet/ip_carp.c:1248: if (IN_MULTICAST(sc->sc_carpaddr.s_addr)) -- You are receiving this mail because: You are the assignee for the bug.
[Bug 284863] ntpd throws "Address already in use" error with shared IP on multiple interfaces after upgrade from 14.1 to 14.2
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=284863 Mark Linimon changed: What|Removed |Added Keywords||regression -- You are receiving this mail because: You are the assignee for the bug.
[Bug 284551] [wlan] [run] packet loss on ralink in ap mode
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=284551 Mark Linimon changed: What|Removed |Added Component|kern|wireless Assignee|b...@freebsd.org|wirel...@freebsd.org -- You are receiving this mail because: You are the assignee for the bug.
[Bug 284749] certctl: add support for generating cert.pem CAfiles
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=284749 --- Comment #13 from Jordan Morningstar --- (In reply to Michael Osipov from comment #12) * I do not understand why -B is necessary at all "Aren't "if [ $WANTCERTDESTFILE -a -e "$CERTDESTFILE" ]" + "if [ $WANTCERTDESTFILE ]" later enough?" No, it isn't. WANTCERTDESTFILE is ternary * Don't touch want we aren't unstructed to touch or haven't created. That's what the script does. -b and -B are the instructions for the two cases where we want it to "touch" things If it would help, I can write out a more complete explanation of the design considerations -- You are receiving this mail because: You are the assignee for the bug.
[Bug 284866] pf: state-policy if-bound breaks ICMPv6 error delivery
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=284866 Lexi Winter changed: What|Removed |Added Assignee|b...@freebsd.org|p...@freebsd.org -- You are receiving this mail because: You are the assignee for the bug.
[Bug 284866] pf: state-policy if-bound breaks ICMPv6 error delivery
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=284866 Bug ID: 284866 Summary: pf: state-policy if-bound breaks ICMPv6 error delivery Product: Base System Version: 15.0-CURRENT Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: b...@freebsd.org Reporter: l...@hemlock.eden.le-fay.org interface configuration: --o<-- cxl3: flags=1008843 metric 0 mtu 1500 options=6ec07bb ether 00:07:43:3f:e7:78 inet 81.2.96.162/28 broadcast 81.2.96.175 inet6 fe80::207:43ff:fe3f:e778%cxl3/64 scopeid 0x4 inet6 2001:8b0:aab5:c401::1:5/64 inet6 fd5b:a83:b06b:c401::1:5/64 media: Ethernet 10Gbase-Twinax status: active nd6 options=21 --o<-- pf.conf: --o<-- set skip on lo set reassemble yes set state-policy floating block return in log block return in quick proto tcp flags /S pass out # + a few 'pass in on cxl3 ...' rules for services --o<-- with state-policy floating, traceroute works: # traceroute6 -I ns1.burble.dn42 traceroute6 to ns1.burble.dn42 (fd42:4242:2601:ac53::1) from fd5b:a83:b06b:c401::1:5, 64 hops max, 20 byte packets 1 vlan401.core-1.inet.eden.le-fay.dn42 (fd5b:a83:b06b:c401::1) 0.219 ms 0.144 ms 0.136 ms 2 ix0-3004.willow.eden.le-fay.org (2001:8b0:aab5:3004::2) 0.139 ms 0.081 ms 0.073 ms 3 yarrow.eden.le-fay.dn42 (fd5b:a83:b06b:10::1) 6.846 ms 7.246 ms 6.996 ms 4 uk-lon1.burble.dn42 (fd42:4242:2601:35::1) 8.576 ms 8.873 ms 8.756 ms 5 ns1.burble.dn42 (fd42:4242:2601:ac53::1) 8.445 ms 8.829 ms 8.325 ms with state-policy if-bound, traceroute doesn't work: # traceroute6 -I ns1.burble.dn42 traceroute6 to ns1.burble.dn42 (fd42:4242:2601:ac53::1) from fd5b:a83:b06b:c401::1:5, 64 hops max, 20 byte packets 1 * * * 2 * * * because the ICMP errors are blocked by pf: 21:53:39.119122 rule 0/0(match): block in on cxl3: fd5b:a83:b06b:c401::1 > fd5b:a83:b06b:c401::1:5: ICMP6, time exceeded in-transit for fd42:4242:2601:ac53::1, length 68 21:53:44.174904 rule 0/0(match): block in on cxl3: fd5b:a83:b06b:c401::1 > fd5b:a83:b06b:c401::1:5: ICMP6, time exceeded in-transit for fd42:4242:2601:ac53::1, length 68 21:53:49.724459 rule 0/0(match): block in on cxl3: fd5b:a83:b06b:c401::1 > fd5b:a83:b06b:c401::1:5: ICMP6, time exceeded in-transit for fd42:4242:2601:ac53::1, length 68 21:53:54.846427 rule 0/0(match): block in on cxl3: 2001:8b0:aab5:3004::2 > fd5b:a83:b06b:c401::1:5: ICMP6, time exceeded in-transit for fd42:4242:2601:ac53::1, length 68 21:54:00.869729 rule 0/0(match): block in on cxl3: 2001:8b0:aab5:3004::2 > fd5b:a83:b06b:c401::1:5: ICMP6, time exceeded in-transit for fd42:4242:2601:ac53::1, length 68 21:54:06.568530 rule 0/0(match): block in on cxl3: 2001:8b0:aab5:3004::2 > fd5b:a83:b06b:c401::1:5: ICMP6, time exceeded in-transit for fd42:4242:2601:ac53::1, length 68 using src f5aff1871d3273b3cd3621ea5d3e37cdd807e66f on amd64, pf is statically compiler with PF_DEFAULT_TO_DROP. -- You are receiving this mail because: You are the assignee for the bug.
[Bug 284749] certctl: add support for generating cert.pem CAfiles
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=284749 --- Comment #11 from Michael Osipov --- Looking through the latest patch, we should discuss the manpage when the code does not require any more changes. -- You are receiving this mail because: You are the assignee for the bug.
