On 2023-01-04 6:59 PM, grarpamp wrote:
looks like the "make delete-old-libs" has deleted that lib pam_opie.so.6
and now I cannot pass the login prompt
says the error "pam_opie.so: not found
how can I get it back? I tried everything and nothing brought it back
commit 0aa2700123e22c2b0a977375
On Mon, Aug 6, 2018 at 4:38 PM Rob Sargent via freebsd-security
wrote:
>
> Did you forget to increment version# on purpose?? Should have changed p9 to
> p10 ?
The version was bumped here:
https://svnweb.freebsd.org/base/releng/10.4/sys/conf/newvers.sh?r1=71&r2=337395
But since the bump it
On Wed, Nov 29, 2017 at 9:51 AM, George L. Yermulnik wrote:
> Hello!
>
> On Wed, 29 Nov 2017 at 06:15:59 (+), FreeBSD Security Advisories wrote:
>
> [...]
>> 3) To update your vulnerable system via a source code patch:
>
>> The following patches have been verified to apply to the applicable
>>
We will soon (this Tuesday) issue another SA that would be used as a
vehicle to deliver a new EoL date to 11.0, but since it's EoL is
really close, please consider upgrading to 11.1-RELEASE at your
earliest convenience.
On Mon, Nov 20, 2017 at 10:36 PM, Franco Fichtner wrote:
>
>> On 21. Nov 2017
advisories, and responded outside
researchers in a timely manner.
Thank you for all the support and bug reports you've provided over the
years, and please join me in welcoming Gordon to his new role.
Cheers,
--
Xin Li https://www.delphij.net
Security Officer Emeritus, FreeBSD | The power to serv
On Wed, May 31, 2017 at 9:23 AM, Steve Wills wrote:
> Hi,
>
> On 05/28/2017 19:16, Marius Strobl wrote:
>> Hi,
>>
>> below follows the initial draft of the FreeBSD 10.4-RELEASE release
>> cycle schedule, planned to start on July 28, 2017.
>
> [snip]
>
>> RELEASE announcement:October 3, 2017
>
On Wed, Mar 15, 2017 at 1:13 PM, Andrey Chernov wrote:
> On 15.03.2017 16:06, Steven Chamberlain wrote:
>> Also it is great to see INHERIT_ZERO was added to mmap(2)!
>
> It is not so great. For a program which forks very often zeroing even
> one page will be slowdown. It will be better and faster
They are not compatible:
https://abi-laboratory.pro/tracker/timeline/openssl/
(3 missing symbols needs to be fixed, and we need to verify if the result
is still compatible; the usage of these missing symbols should be quite
rare, though).
On Thu, Jan 26, 2017 at 1:48 PM, Oliver Pinter <
oliver.pi
On 1/6/17 07:36, Miroslav Lachman wrote:
> Miroslav Lachman wrote on 2017/01/03 14:11:
>> Security entries for base are in VuXML for some time so we are checking
>> it periodically. Now we have an alert for base sshd in 10.3-p14 and -15
>> too.
>>
>> # pkg audit FreeBSD-10.3_15
>> FreeBSD-10.3_15
t;> |releng/11.0|11.0-RELEASE|Standard|October 10, 2016|11.1-RELEASE + 3 months|
>> +--+-------+
>>
[...]
> Hi Xin Li,
>
> Happy new year.
Happy new year!
> Just a heads up that I believe there was an erro
The issue was originally reported to us as affecting OpenSSH 6.8+
(reference: RedHat bugtracker
https://bugzilla.redhat.com/show_bug.cgi?id=1384860), and therefore
9.3, 10.1 and 10.2 were not believed to be affected, so the "Affects:
All supported versions of FreeBSD" was a mistake in the original
It's unprivileged local DoS (if it's root DoS then we normally don't).
On Tue, Oct 25, 2016 at 9:27 PM, Pawel Jakub Dawidek wrote:
> Hi guys,
>
> since when do we publish security advisories for local DoSes?
>
> On Tue, Oct 25, 2016 at 05:36:41PM +, FreeBSD Security Advisories wrote:
>> -
On 8/23/16 14:23, Gerhard Schmidt wrote:
> Is an outdated (EOL) port a vulnerability? I don't think so. It's a
> possible vulnerability, but not a real one.
Do you have an exact VuXML ID? I don't think vuxml actually warns about
EoL'ed software, and it's likely that you have an actual issue, an
On 4/29/16 04:13, ga...@zahemszky.hu wrote:
>> 2) To update your vulnerable system via a binary patch:
>>
>> Systems running a RELEASE version of FreeBSD on the i386 or amd64
>> platforms can be updated via the freebsd-update(8) utility:
>>
>> # freebsd-update fetch
>> # freebsd-update install
>
/lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
--
Xin LI https://www.delphij.net/
FreeBSD - The Power to Serve! Live free or die
___
freebsd-security@freeb
s://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
--
Xin LI https://www.delphij.net/
FreeBSD - The Power to Serve! Live free or die
___
freebsd-security@fr
On 09/30/15 13:13, Xin Li wrote:
> On 09/30/15 13:03, Robert Blayzor wrote:
>> On Sep 30, 2015, at 3:54 PM, Xin Li wrote:
>>>
>>> Can you make this change and see if it helps?
&g
On 09/30/15 13:03, Robert Blayzor wrote:
> On Sep 30, 2015, at 3:54 PM, Xin Li wrote:
>>
>> Can you make this change and see if it helps?
>>
>> Index: rpcb_svc_com.c
>> ===
>>
, const struct netbuf *src)
{
- assert(dst->buf == NULL);
+ assert(dst->len == 0 || dst->buf == NULL);
if ((dst->buf = malloc(src->len)) == NULL)
return (FALSE);
Cheers,
--
Xin LI https://www.delphij.net/
FreeBSD - The Power to Serve!
On 09/30/15 12:22, Robert Blayzor wrote:
> On Sep 30, 2015, at 3:10 PM, Xin Li wrote:
>>> Was this regression tested or missing more info? After updating and
>>> rebooting seeing a ton of problems with rpcbind core dumping at start..
>>> lock manager fails to s
On 09/30/15 12:12, Robert Blayzor wrote:
> On Sep 30, 2015, at 3:10 PM, Xin Li wrote:
>>
>> Will it be possible for you to get a backtrace from the coredump?
>>
>> Cheers,
>
>
> GNU gdb 6.1.1 [FreeBSD]
> Copyright 2004 Free Software Foundation, Inc.
>
om the coredump?
Cheers,
--
Xin LI https://www.delphij.net/
FreeBSD - The Power to Serve! Live free or die
signature.asc
Description: OpenPGP digital signature
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
(Bcc'ed some unnamed patch authors so they can correct me if I was wrong
).
On 07/23/15 13:48, Slawa Olhovchenkov wrote:
> On Thu, Jul 23, 2015 at 12:29:57PM -0700, Xin Li wrote:
>
>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA51
if (int($NF) > 100) print "tcpdrop "
>> $4 " " $5 }'
>>
>> The system administrator can then run the generated script as a
>> temporary measure. Please refer to the tcpdump(8) manual page
>> for additional information.
>
> It should
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 07/22/15 06:18, Slawa Olhovchenkov wrote:
> On Wed, Jul 22, 2015 at 02:57:46AM +, FreeBSD Security
> Advisories wrote:
>
> This is correspondent to kern/25986? Or kern/25986 is different
> bug?
I think it's the same bug
really not configure the system with password
based authentication for SSH anyways: even with this specific issue
resolved, there are still be other ways to help brute forcing password
over wire.
Cheers,
- --
Xin LI https://www.delphij.net/
FreeBSD - The Power to Serve!
orrow.
Additionally we are considering issuing another EN for all supported
releases at a later time to do a full upgrade after the current batch
of -STABLE OpenSSL upgrades gets enough exposure.
Cheers,
- --
Xin LI https://www.delphij.net/
FreeBSD - The Power to Serve! L
committers who have made
commits in the ports tree in the last 90 days.
Cheers,
- --
Xin LI https://www.delphij.net/
FreeBSD - The Power to Serve! Live free or die
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.1.4 (FreeBSD)
iQIcBAEBCgAGBQJVdi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
On 5/23/15 09:14, Jason Unovitch wrote:
> On Sat, May 23, 2015 at 11:30 AM, Roger Marquis
> wrote:
>> If you find a vulnerability such as a new CVE or mailing list
>> announcement please send it to the port maintainer and
>> as quickly as po
nally find Qualys SSL Labs' SSL/TLS Deployment Best Practices a
good reading, by the way. It can be found at:
https://www.ssllabs.com/projects/best-practices/
Cheers,
- --
Xin LI https://www.delphij.net/
FreeBSD - The Power to Serve! Live free or die
-BEGIN PGP SIG
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
Please be advised that we have noticed some issues with
SA-15:06.openssl and are actively working on validating the fix. A
copy of draft errata patches is attached.
My apologies for this mess. Revised advisories would be announced
once we hav
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 03/19/15 15:18, l...@lena.kiev.ua wrote:
>> No workaround is available.
>
> Isn't using OpenSSL from ports a workaround?
Not really as that does not solve problem for applications shipped
with base system.
Cheers,
- --
On 3/10/15 23:57, Julian Elischer wrote:
> [sorry for reposting but the original copy I got back had been truncated]
>
> libssl has a new "feature"
> implemented by:
> crypto/openssl/ssl/t1_lib.c
>
> 672 /* Add padding to workaround bugs in F5 terminators.
> 673 * See h
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 2/24/15 23:36, Bartek Rutkowski wrote:
> Seems like freebsd-update is throwing some error:
>
> root@04-dev:~ # freebsd-update install Installing
> updates...install: ///usr/src/crypto/openssl/util/mkbuildinf.pl: No
> such file or directory done
ulnerable ?
No -- we should have mentioned that too. For GENERIC kernel however
SCTP is compiled in.
Cheers,
- --
Xin LI https://www.delphij.net/
FreeBSD - The Power to Serve! Live free or die
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.1.1 (FreeBSD)
iQIcBAEBCgAGBQJU
hours ago and should have
> been visible within a few minutes of the commit. I will ask
> doceng@ to investigate.
According to Glen it's caused by a libxml2 bug. He have reverted the
recent upgrade on w.f.o and it fixed the problem, thanks for reporting!
Cheers,
- --
Xin LI
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 9/16/14 9:34 PM, n j wrote:
>> VII. References
>>
>> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0230>
>>
>
>>
> 2004? Wow, that's an old one.
This is an old, generic issue that didn't affect FreeBSD at the time
in 2004, and the issu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 9/16/14 6:19 PM, Steven Chamberlain wrote:
> Hi,
>
> On 16/09/14 11:14, FreeBSD Security Advisories wrote:
>> An attacker who has the ability to spoof IP traffic can tear down
>> a TCP connection by sending only 2 packets, if they know both TCP
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 9/16/14 8:48 PM, Andriy Gapon wrote:
> On 16/09/2014 13:14, FreeBSD Security Advisories wrote:
>> =
>>
>>
FreeBSD-SA-14:19.tcpSecu
ll new a symlink; on deinstall, if
/usr/share/misc/ca-root-freebsd.pem exists, replace the symlink with a
symlink to there, or remove if the file does not exist.
Comments/objections?
Cheers,
- --
Xin LI https://www.delphij.net/
FreeBSD - The Power to Serve! Live free or die
-B
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 6/5/14, 8:09 AM, Jappe Reuling wrote:
> Hi,
>
> One, my appologies if it's a stupid one, question: the advisory is
> for DTLS, hence UDP TLS, right?
DTLS should work with SCTP as well but most applications uses DTLS
with UDP.
Please note that
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 6/5/14, 7:14 AM, Karl Pielorz wrote:
>
>
> --On 05 June 2014 13:16 + FreeBSD Security Advisories
> wrote:
>
>> # cd /usr/src # patch < /path/to/patch
>>
>> c) Recompile the operating system using buildworld and
>> installworld as describ
nbound IP fragments is generally a good safety measure, but
keep in mind that doing so could break certain applications that do
require it (e.g. don't be surprised if some user behind several layers
of firewalls see blank pages from your website) and that needs to be
taken into considera
they
provide TCP service.
(b) I'm not 100% sure on ipfw details (haven't used it for ~10 years
now) but IP fragmentation itself have nothing to do with this issue
since it's a different layer. Assuming you can't do TCP reassemble
with ipfw, it's still a problem.
Cheers,
-
> Just looked at this, 8.1 and 7.x don't have the optimisation using
> the stack so they are unaffected.
Yes. The affected code was introduced in r226113 (Oct 7, 2011).
Note that the original change is not an "optimization" but a fix to
prevent a denial of service sit
t boxes used as routers - that just forward the traffic
> (and again, offer no TCP services directly themselves)?
Routers themselves are not affected assuming that they merely forwards
the traffic.
Cheers,
- --
Xin LI https://www.delphij.net/
FreeBSD - The Power to S
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 04/30/14 12:26, olli hauer wrote:
> Hi Xin LI,
>
> I've seen a strange behavior on 8.4, 9.2 and 10 systems.
>
> After fetching, installing the update + reboot a second
> freebsd-update will always pulls the following
the operating system using buildworld and installworld
> as described in
> http://www.FreeBSD.org/handbook/makeworld.html>."
Urgh I can't believe I made the same mistake twice.
I have tweaked our template to prevent this from happening again,
thanks for pointing this out.
Cheers,
- --
UNPRIVILEGED knob set.
Will there be any lost functionality with that knob set? (I don't use
net-snmp myself) If there is no lost functional, I think it's
sensible to hard wire that option -- giving access to /dev/[k]mem
makes me feel quite nervous, especially for network facing d
ted behavior.
The reason is that /dev/mem provides an interface to physical memory,
this would have defeated the purpose of doing jails by definition.
It would be interesting to find out if we could teach net-snmpd to use
alternative methods to access data it needs, e.g. via sysctl I think?
Not
xx_devfs_enable="YES"
> jail_xxx_devfs_ruleset="devfsrules_jail"
>
> If jail_xxx_devfs_enable is set to NO, would there be a problem? I
> thought you always had to set jail_xxx_devfs_ruleset when enabling
> devfs on jails.
>
> I think this has the same ef
st either?
Yes you can. They are just not so guaranteed to be ABI compatible.
Cheers,
- --
Xin LI https://www.delphij.net/
FreeBSD - The Power to Serve! Live free or die
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (FreeBSD)
iQIcBAEBCgAGBQJTXp0sAAoJEJW2GBstM+ns3RMP/RTh8PJ39cH
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 4/13/14, 10:04 PM, David Noel wrote:
> On 4/13/14, David Noel wrote:
>>> So by your definition, every single Apache server on the planet
>>> runs "a closed source fork of the open source Apache project"
>>> because they do not use the exact same
builder of portsnap at FreeBSD.org
uses svn over spiped transport.
The configuration on svn do not necessarily reflect what's running in
production (however you brought a very good point that it's a good
idea to bring them public assuming there is no sensitive information
in them so a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 4/9/14, 10:28 PM, Ronald F. Guilmette wrote:
>
> My apologies if the following few naive questions are out of place
> or off topic here. I do suppose that there might perhaps be other
> places where such question might perhaps be better put, b
y be affected by certain other OpenSSL issues.
Cheers,
- --
Xin LI https://www.delphij.net/
FreeBSD - The Power to Serve! Live free or die
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (FreeBSD)
iQIcBAEBCgAGBQJTRcb3AAoJEJW2GBstM+nsQe4P/3M
pd and
see if there is /usr/local/lib/libcrypto.so.8), then you are affected.
Cheers,
- --
Xin LI https://www.delphij.net/
FreeBSD - The Power to Serve! Live free or die
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (FreeBSD)
iQIcBAEBCgAGBQJTRcaZAAoJEJW2GBstM+nsPGAP+gJ
binary is absolutely
needed). This will make it easier to make sure that the system is
clean of outdated OpenSSL bits when updating the libraries.
Cheers,
- --
Xin LI https://www.delphij.net/
FreeBSD - The Power to Serve! Live free or die
-BEGIN PGP SIGNATURE-
which later was revised because another unrelated CVE), and the
workaround also requires recompile. Moreover, the patch would provide
better protection because it changes the code so NO_CLEAN= won't skip
it in an incremental build, while with -DOPENSSL_NO_HEARTBEATS it's
possible t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 04/08/14 15:58, Chris Nehren wrote:
> On Tue, Apr 08, 2014 at 15:47:29 -0700, Xin Li wrote:
>> What would be the preferable way of representing the patchlevel?
>> We can do it as part of a EN batch at later time. (Note though,
ater time. (Note though, even
without this the user or an application can still use
freebsd-version(1) on FreeBSD 10.0-RELEASE and up to find out the
patchlevel for userland).
Cheers,
- --
Xin LI https://www.delphij.net/
FreeBSD - The Power to Serve!
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 4/7/14, 7:27 PM, Mike Tancsa wrote:
> On 4/7/2014 5:02 PM, Xin Li wrote:
>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA512
>>
>> Hi, Thomas,
>>
>> On 04/07/14 13:49, Thomas Steen Rasmussen wrote:
>>
ld
take some time.
Attached is the minimal fix (extracted from upstream git repository)
we are intending to use in the advisory for those who want to apply a
fix now, please DO NOT use any new certificates before applying fixes.
Cheers,
- --
Xin LI https://www.delphij.net/
FreeBSD - The Power t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 03/17/14 02:26, Pawel Jakub Dawidek wrote:
> On Thu, Mar 13, 2014 at 02:08:36PM -0700, Xin Li wrote:
>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA512
>>
>> Hi, Pawel,
>>
>> I have noticed that casperd
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 3/15/14, 2:30 AM, Brett Glass wrote:
> At 11:34 PM 3/14/2014, Xin Li wrote:
>
>> I can't reproduce with fresh install. How did you tested it (or
>> what is missing in the default ntp.conf), can you elaborate?
>
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 3/14/14, 8:43 PM, Brett Glass wrote:
> At 07:39 PM 3/14/2014, Xin Li wrote:
>
>> FreeBSD 10.0-RELEASE ships with new default NTP settings, are
>> you talking an earlier RC (before RC4 as r259975), or are you
>> saying 1
n additional step for ntp prior to 4.2.7).
[1]
http://www.freebsd.org/security/advisories/FreeBSD-SA-14:02.ntpd.asc ;
patch at http://security.freebsd.org/patches/SA-14:02/ntpd.patch
Cheers,
- --
Xin LI https://www.delphij.net/
FreeBSD - The Power to Serve! Live free or die
-BEGIN PGP SIG
both close() can be omitted. If
this makes sense I'll submit a new patch.
Cheers,
- --
Xin LI https://www.delphij.net/
FreeBSD - The Power to Serve! Live free or die
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (FreeBSD)
iQIcBAEBCgAGBQJTIh5UAAoJEJW2GBstM+nsDIoP/jJ0na0zN
d be to change your configuration such that:
1) Do not give shell access to jail users unless they are also host
system administrator.
2) Do not make host's sshd to listen on all addresses, instead, only
listen to the designated host IP address. This is not a security
measure but avoids con
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 1/16/14, 12:41 PM, Jeremie Le Hen wrote:
> Hi,
>
> On Tue, Jan 14, 2014 at 08:11:08PM +, FreeBSD Security
> Advisories wrote:
>>
>> II. Problem Description
>>
>> The bsnmpd(8) daemon is prone to a stack-based buffer-overflow
>> when it has
On 01/13/14 02:08, Cristiano Deana wrote:
> On Fri, Jan 10, 2014 at 6:18 AM, Xin Li wrote:
>
> Hi,
>
> We will have an advisory next week. If a NTP server is properly
>> configured, it's likely that they are not affected
>>
>
> I had this problem in nove
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 1/9/14, 6:12 AM, Palle Girgensohn wrote:
>
> 9 jan 2014 kl. 15:08 skrev Eugene Grosbein :
>
>> On 09.01.2014 19:38, Palle Girgensohn wrote:
>>> They recommend at least 4.2.7. Any thoughts about this?
>>
>> Other than updating ntpd, you can filt
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 1/9/14, 7:14 PM, Garrett Wollman wrote:
> < said:
>
>> Other than updating ntpd, you can filter out requests to
>> 'monlist' command with 'restrict ... noquery' option that
>> disables some queries for the internal ntpd status, including
>> 'mon
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 12/24/13 15:26, Paul Hoffman wrote:
> On Dec 24, 2013, at 2:53 PM, Xin Li wrote:
>
>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA512
>>
>> On 12/24/13 14:36, Paul Hoffman wrote:
>>> On Dec 24, 2013, at 12:44 P
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 12/24/13 14:36, Paul Hoffman wrote:
> On Dec 24, 2013, at 12:44 PM, Xin Li wrote:
>
>> I think we shouldn't save entropy inside jails, as the data is
>> not going to be used by rc script (pjd@126744). If there is no
exit 0
+fi
+
case ${entropy_dir} in
[Nn][Oo])
exit 0
Cheers,
--
Xin LI https://www.delphij.net/
FreeBSD - The Power to Serve! Live free or die
___
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 11/29/13, 1:14 PM, Rob wrote:
> Hi,
>
> Why isn't this bug being fixed in 9.1?
FreeBSD 9.x are not affected because the earlier FreeBSD releases do
not ship with OpenSSL that supports AES-GCM, therefore, OpenSSH would
not support it and thus not
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 11/20/13, 7:09 AM, Paul Hoffman wrote:
> I was wondering about that, but figured it might have moved in
> FreeBSD 10. Good to hear that it is not moving.
No, it's not moving. We try our best to keep POLA even with .0
releases whenever possible.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 11/19/13, 3:52 AM, Cstdenis wrote:
> I think the file in workaround should actually be
> /etc/ssh/sshd_config unless I am mistaken.
Ah you are right, that's my fault.
Cheers,
-BEGIN PGP SIGNATURE-
iQIcBAEBCgAGBQJSjFU1AAoJEJW2GBstM+nspsE
(working copy)
@@ -420,4 +420,4 @@ struct vfsops tmpfs_vfsops = {
.vfs_statfs = tmpfs_statfs,
.vfs_fhtovp = tmpfs_fhtovp,
};
- -VFS_SET(tmpfs_vfsops, tmpfs, 0);
+VFS_SET(tmpfs_vfsops, tmpfs, VFCF_JAIL);
Cheers,
- --
Xin LI https
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 4/29/13 3:26 PM, Winston wrote:
> For the purpose of the NFS vulnerability in 9.0-RELEASE, does it
> make any difference whether one has used /etc/exports and an
> explicitly started nfsd, or exported the files using "zfs set
> sharenfs={options}"
7;s agenda and have set a deadline on that
day, also noted on my own calendar as well as the agenda.
If we have received no objections by Apr 18, I assume the responsibility
of approving this proposed change and consider this as a formal approval
for committing.
Cheers,
--
Xin LI https://www.d
t the new OpenSSL version have introduced a
regression, by the way:
http://www.mail-archive.com/openssl-dev@openssl.org/msg32009.html
Cheers,
- --
Xin LI https://www.delphij.net/
FreeBSD - The Power to Serve! Live free or die
-BEGIN PGP SIGNATURE-
iQEcBAEB
c me on the PR as I'll commit if no one else
> objects.
It doesn't seem hurt in general but if you are going to commit it
please also change the other instances in the base system.
I personally don't think this is useful either -- the case does not
apply to FreeBSD and it seems t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 10/1/12 3:31 AM, Erik Cederstrand wrote:
> I'm looking through the clang analyzer reports and found this one:
> http://scan.freebsd.your.org/freebsd-head/sbin.ping/2012-09-30-amd64/report-R9ZgC6.html#EndPath
>
>
>
It's complaining that, if setui
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 9/14/12 7:18 PM, Samuel Ports wrote:
> Omg cant an freebsd-entropy be created as mailing list already
Nothing prevents you from unsubscribing this mailing list.
> Sent from my iPhone
>
> On Sep 14, 2012, at 8:09 PM, RW
> wrote:
>
>> On Fri, 1
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 09/11/12 17:07, David O'Brien wrote:
> On Tue, Sep 11, 2012 at 04:22:24PM -0700, Xin Li wrote:
>> Please consider using sha512...
>
> What is the performance (boot time) impact on low-end MIPS and ARM
> systems?
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 09/11/12 16:01, David O'Brien wrote:
> On Tue, Sep 11, 2012 at 03:37:09PM -0700, Xin Li wrote:
>> On 09/11/12 14:52, David O'Brien wrote:
>>> On Tue, Sep 11, 2012 at 02:22:15PM -0700, Xin Li wrote:
>>>>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 09/11/12 15:48, Arthur Mesh wrote:
> On Tue, Sep 11, 2012 at 03:37:09PM -0700, Xin Li wrote:
>> Using gzip is better than not using it though, since 4k worth of
>> compressed data is better than 4k worth of plain text becaus
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 09/11/12 14:52, David O'Brien wrote:
> On Tue, Sep 11, 2012 at 02:22:15PM -0700, Xin Li wrote:
>> On 09/11/12 14:17, David O'Brien wrote:
>>> On Tue, Sep 11, 2012 at 02:04:42PM -0700, Xin Li wrote:
>>>> So
nistic (header, etc) so I
choose to skip first 16 bytes.
Cheers,
- --
Xin LI https://www.delphij.net/
FreeBSD - The Power to Serve! Live free or die
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.19 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozd
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 09/11/12 14:27, RW wrote:
> On Tue, 11 Sep 2012 13:54:41 -0700 Xin Li wrote:
>
>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA256
>>
>> On 09/11/12 12:53, RW wrote:
>>> On Tue, 11 Sep 2012 13:28:5
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 09/11/12 14:17, David O'Brien wrote:
> On Tue, Sep 11, 2012 at 02:04:42PM -0700, Xin Li wrote:
>> So if I was to implement the low grade part I'd remove the
>> variable names from the sysctl output at minimum.
>
>
file to fill-up the
>> remaining 4k.
>
> Or fill-up the 4k buffers with high-quality entropy, and add in
> the low-grade stuff if there is room.
Cheers,
- --
Xin LI https://www.delphij.net/
FreeBSD - The Power to Serve! Live free or die
-BEGIN PGP SIGNATUR
bits.
It's not clear to me whether we really need to have 32768 bits worth
of entropy at all, or if 20480 bits would be "good enough" but the
fact of feeding less bytes to the device makes me a little bit
concerned. but not very much.
Cheers,
- --
Xin LI https://www.delphij.net/
F
ink you could use sysctl -n to remove the variable names (which is
a good thing). I'm a little bit concerned with the fact that most of
the characters here are numbers, would it be a good idea to filter it
with e.g. gzip (my $.02) by the way before feeding into /dev/random?
Cheers,
- --
Xin L
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
I've been playing around GELI a little bit and come with an idea, have
a prototype and wonders if this would be useful.
The scenario is that a system administrator wants a system be started
with only network access. In the current startup orde
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 8/21/12 6:37 AM, Dag-Erling Smørgrav wrote:
> I'm looking for *rekeyable* TOTP (RFC 6238) tokens - preferably,
> but not necessarily OATH-certified. Does anyone know where I can
> find something like that?
>
> Alternatively, does anyone know of
cutables are used for administrative usage, and thus should be kept
if OPIE functionality is desirable (or be made as ports).
However, the built-in components in telnet and ftp servers, in my
opinion, could be removed in favor of the PAM implementation.
Cheers,
- --
Xin LI https://www.delphij.net/
FreeBS
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
The proposed change have been committed as r237567 (for vendor branch)
and r237568 (merged to -HEAD with 1 week settle). Thanks!
Cheers,
- --
Xin LI https://www.delphij.net/
FreeBSD - The Power to Serve! Live free or die
-BEGIN
1 - 100 of 156 matches
Mail list logo
