From owner-freebsd-stable@FreeBSD.ORG Sun Jun 14 13:46:53 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 49CA440C for ; Sun, 14 Jun 2015 13:46:53 +0000 (UTC) (envelope-from daved@nostrum.com) Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 3146FA25 for ; Sun, 14 Jun 2015 13:46:52 +0000 (UTC) (envelope-from daved@nostrum.com) Received: from [10.1.12.128] (vpn.net.tamu.edu [128.194.177.117]) (authenticated bits=0) by nostrum.com (8.15.1/8.14.9) with ESMTPSA id t5EDkosV006485 (version=TLSv1 cipher=ECDHE-RSA-AES128-SHA bits=128 verify=NO); Sun, 14 Jun 2015 08:46:51 -0500 (CDT) (envelope-from daved@nostrum.com) X-Authentication-Warning: raven.nostrum.com: Host vpn.net.tamu.edu [128.194.177.117] claimed to be [10.1.12.128] From: Dave Duchscher Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Date: Sun, 14 Jun 2015 08:46:45 -0500 Subject: freebsd-update upgrading 9.2 -> 9.3 To: FreeBSD Stable Message-Id: <80446E6A-5217-4D84-A37D-444C9E1ED166@nostrum.com> Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2098\)) X-Mailer: Apple Mail (2.2098) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Jun 2015 13:46:53 -0000 Trying to upgrade a system from 9.2 -> 9.3 with freebsd-update and I get = the output below. Search has seen reports but not solutions. I also = tried upgrading to 10.1 and seeing similar issue those the "No such file = or directory" error only shows up once but is asking for me to manually = merge lots of unmodified files in /etc. Anybody have a clue on what is going wrong? -- Dave freebsd-update -r 9.3-RELEASE upgrade Looking up update.FreeBSD.org mirrors... 5 mirrors found. Fetching public key from update6.freebsd.org... done. Fetching metadata signature for 9.2-RELEASE from update6.freebsd.org... = done. Fetching metadata index... done. Fetching 2 metadata files... done. Inspecting system... done. The following components of FreeBSD seem to be installed: kernel/generic world/base world/doc world/lib32 The following components of FreeBSD do not seem to be installed: src/src world/games Does this look reasonable (y/n)? y Fetching metadata signature for 9.3-RELEASE from update6.freebsd.org... = done. Fetching metadata index... done. Fetching 1 metadata patches. done. Applying metadata patches... done. Fetching 1 metadata files... done. Inspecting system... done. Fetching files from 9.2-RELEASE for merging... done. Preparing to download files... done. Fetching 1322 = patches.....10....20....30....40....50....60....70....80....90....100....1= 10....120....130....140....150....160....170....180....190....200....210..= ..220....230....240....250....260....270....280....290....300....310....32= 0....330....340....350....360....370....380....390....400....410....420...= .430....440....450....460....470....480....490....500....510....520....530= ....540....550....560....570....580....590....600....610....620....630....= 640....650....660....670....680....690....700....710....720....730....740.= ...750....760....770....780....790....800....810....820....830....840....8= 50....860....870....880....890....900....910....920....930....940....950..= ..960....970....980....990....1000....1010....1020....1030....1040....1050= ....1060....1070....1080....1090....1100....1110....1120....1130....1140..= ..1150....1160....1170....1180....1190....1200....1210....1220....1230....= 1240....1250....1260....1270....1280....1290....1300....1310....1320. = done. Applying patches... done. Fetching 199 files... done. /usr/sbin/freebsd-update: cannot open files/.gz: No such file or = directory /usr/sbin/freebsd-update: cannot open files/.gz: No such file or = directory /usr/sbin/freebsd-update: cannot open files/.gz: No such file or = directory [ snip the out the 100 repeats of this error ] /usr/sbin/freebsd-update: cannot open files/.gz: No such file or = directory /usr/sbin/freebsd-update: cannot open files/.gz: No such file or = directory The following file will be removed, as it no longer exists in FreeBSD 9.3-RELEASE: /boot/device.hints Does this look reasonable (y/n)? n From owner-freebsd-stable@FreeBSD.ORG Sun Jun 14 13:59:49 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 43CDB6A4 for ; Sun, 14 Jun 2015 13:59:49 +0000 (UTC) (envelope-from rainer@ultra-secure.de) Received: from mail.ultra-secure.de (mail.ultra-secure.de [88.198.178.88]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 8A795C81 for ; Sun, 14 Jun 2015 13:59:48 +0000 (UTC) (envelope-from rainer@ultra-secure.de) Received: (qmail 28382 invoked by uid 89); 14 Jun 2015 13:59:37 -0000 Received: from unknown (HELO ?192.168.1.200?) (rainer@ultra-secure.de@217.71.83.52) by mail.ultra-secure.de with ESMTPA; 14 Jun 2015 13:59:37 -0000 Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2098\)) Subject: Re: freebsd-update upgrading 9.2 -> 9.3 From: Rainer Duffner In-Reply-To: <80446E6A-5217-4D84-A37D-444C9E1ED166@nostrum.com> Date: Sun, 14 Jun 2015 15:59:36 +0200 Cc: FreeBSD Stable Content-Transfer-Encoding: quoted-printable Message-Id: <2AE1123C-302A-4457-98BC-750B8B8D2FA8@ultra-secure.de> References: <80446E6A-5217-4D84-A37D-444C9E1ED166@nostrum.com> To: Dave Duchscher X-Mailer: Apple Mail (2.2098) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Jun 2015 13:59:49 -0000 > Am 14.06.2015 um 15:46 schrieb Dave Duchscher : >=20 > Trying to upgrade a system from 9.2 -> 9.3 with freebsd-update and I = get the output below. Search has seen reports but not solutions. I = also tried upgrading to 10.1 and seeing similar issue those the "No such = file or directory" error only shows up once but is asking for me to = manually merge lots of unmodified files in /etc. >=20 > Anybody have a clue on what is going wrong? Are you on the latest patch-level for 9.2? From owner-freebsd-stable@FreeBSD.ORG Sun Jun 14 14:57:20 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C5E9A867 for ; Sun, 14 Jun 2015 14:57:20 +0000 (UTC) (envelope-from frank_s@bellsouth.net) Received: from fmailhost02.isp.att.net (fmailhost02.isp.att.net [204.127.217.102]) by mx1.freebsd.org (Postfix) with ESMTP id B44ABC3F for ; Sun, 14 Jun 2015 14:57:20 +0000 (UTC) (envelope-from frank_s@bellsouth.net) Received: from ace.nina.org (adsl-74-178-59-239.gnv.bellsouth.net[74.178.59.239]) by isp.att.net (frfwmhc02) with SMTP id <20150614145800H02004pve4e>; Sun, 14 Jun 2015 14:58:00 +0000 X-Originating-IP: [74.178.59.239] Date: Sun, 14 Jun 2015 10:57:13 -0400 (EDT) From: Frank Seltzer X-X-Sender: frank_s@Ace.nina.org To: freebsd-stable@freebsd.org Subject: Sendmail problem after upgrade to r284296 Message-ID: User-Agent: Alpine 2.20 (BSF 67 2015-01-07) MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset=US-ASCII X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Jun 2015 14:57:20 -0000 I didn't get any hits from a mailing list search and there is no mail or sendmail list so I am sending it here because stable is what I'm running. Because of a recent alert I updated both of my FreeBSD computers (both running 10.1-STABLE and built from /etc/src) to r284296 and am having a problem with sendmail. Sendmail is giving me the following error every 30 minutes: Jun 14 09:50:04 Ace sm-mta[10430]: STARTTLS=server, error: accept failed=0, reason=sslv3 alert handshake failure, SSL_error=1, errno=0, retry=-1, relay=localhost [127.0.0.1] If I restart it I get these errors: Jun 14 00:50:04 Ace sm-msp-queue[79406]: STARTTLS=client, error: connect failed=-1, reason=dh key too small, SSL_error=1, errno=0, retry=-1 Jun 14 00:50:04 Ace sm-msp-queue[79406]: ruleset=tls_server, arg1=SOFTWARE, relay=[127.0.0.1], reject=403 4.7.0 TLS handshake. I have made no changes to sendmail's configuration and all files in /etc/mail are dated Mar 16 so apparently mergemaster didn't see anything new to install and rebuild. There is no entry in /usr/src/UPDATING about any change in sendmail either. I first noticed this on the second machine on my home network. This machine has an entry in /etc/mail/aliases forwarding root's email to me on the primary. I noticed the day after the upgrade that I didn't get the nightly email from the /etc/periodic/daily/ run or from rkhunter. I checked my main machine and found that I am not getting these emails from it either and am getting the same errors in /var/log/maillog. It can't even email itself. Am I the only one seeing this? Did I get caught between revisions? Thanks, Frank From owner-freebsd-stable@FreeBSD.ORG Sun Jun 14 15:19:38 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5A97EF3F for ; Sun, 14 Jun 2015 15:19:38 +0000 (UTC) (envelope-from samanthashanemarie@gmail.com) Received: from mail-yk0-x22f.google.com (mail-yk0-x22f.google.com [IPv6:2607:f8b0:4002:c07::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1BF5DD7 for ; Sun, 14 Jun 2015 15:19:38 +0000 (UTC) (envelope-from samanthashanemarie@gmail.com) Received: by ykfr66 with SMTP id r66so39695272ykf.0 for ; Sun, 14 Jun 2015 08:19:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=diFDla01Muxdw9WzidwuztWesZcPdYk5GKtX0150nH8=; b=IIVe1zoAOA5a3N7LR2yRrDDn7jIb+dIJqbH3vaGRWguhEYUjsP9MLN2m1MMVPTAgbU /IhBoiLkk2DodCUQBbXO1cdEOTvAelU8QbCWP2c75n4lldG/4EsEb5nHdcdlZA4+iC1G 8+2FkOurLaYf56SM0TVfkFCt2S35OvbjebVdzUv9GKMWGB3CZiXFTbTC3r+q4lh8GLNk HcWrUzGP/R+s4ihbTL+lxZVYaGR40+j24Tqo+oBhlbNVE/W3mL7IBZ8BtW9BT4jwFxRz S4TBHgFr6Ul7H1Q79UPOPArZjJB/FI22eRWzWAwQQka2nHLnFVm8nhlAEkKRgygqtges G/NQ== MIME-Version: 1.0 X-Received: by 10.52.119.165 with SMTP id kv5mr37123213vdb.46.1434295177179; Sun, 14 Jun 2015 08:19:37 -0700 (PDT) Received: by 10.52.113.34 with HTTP; Sun, 14 Jun 2015 08:19:37 -0700 (PDT) Received: by 10.52.113.34 with HTTP; Sun, 14 Jun 2015 08:19:37 -0700 (PDT) Date: Sun, 14 Jun 2015 08:19:37 -0700 Message-ID: Subject: How to reply From: Neneth Morales To: freebsd-stable@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Jun 2015 15:19:38 -0000 From owner-freebsd-stable@FreeBSD.ORG Sun Jun 14 15:26:05 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 6D46816E; Sun, 14 Jun 2015 15:26:05 +0000 (UTC) (envelope-from ekarkkai@pp.htv.fi) Received: from filtteri2.pp.htv.fi (filtteri2.pp.htv.fi [213.243.153.185]) by mx1.freebsd.org (Postfix) with ESMTP id 222E0323; Sun, 14 Jun 2015 15:26:04 +0000 (UTC) (envelope-from ekarkkai@pp.htv.fi) Received: from localhost (localhost [127.0.0.1]) by filtteri2.pp.htv.fi (Postfix) with ESMTP id 2F76019C064; Sun, 14 Jun 2015 18:18:22 +0300 (EEST) X-Virus-Scanned: Debian amavisd-new at pp.htv.fi Received: from smtp5.welho.com ([213.243.153.39]) by localhost (filtteri2.pp.htv.fi [213.243.153.185]) (amavisd-new, port 10024) with ESMTP id vTrD0GPf-+mh; Sun, 14 Jun 2015 18:18:18 +0300 (EEST) Received: from zero.my.domain (87-100-187-111.bb.dnainternet.fi [87.100.187.111]) by smtp5.welho.com (Postfix) with ESMTP id 16A0C5BC007; Sun, 14 Jun 2015 18:18:18 +0300 (EEST) Received: from thunderbolt.my.domain (thunderbolt.my.domain [10.192.168.30]) by zero.my.domain (8.14.9/8.14.9) with ESMTP id t5EFIHSP023974; Sun, 14 Jun 2015 18:18:17 +0300 (EEST) (envelope-from ekarkkai@pp.htv.fi) Received: from thunderbolt.my.domain (localhost [127.0.0.1]) by thunderbolt.my.domain (8.14.9/8.14.9) with ESMTP id t5EFIHF6097443; Sun, 14 Jun 2015 18:18:17 +0300 (EEST) (envelope-from ejk@thunderbolt.my.domain) Received: (from ejk@localhost) by thunderbolt.my.domain (8.14.9/8.14.9/Submit) id t5EFIHPM097442; Sun, 14 Jun 2015 18:18:17 +0300 (EEST) (envelope-from ejk) Date: Sun, 14 Jun 2015 18:18:17 +0300 From: Esa Karkkainen To: Frank Seltzer Cc: gshapiro@FreeBSD.org, freebsd-stable@freebsd.org Subject: Re: Sendmail problem after upgrade to r284296 Message-ID: <20150614151817.GB89960@pp.htv.fi> Mail-Followup-To: Esa Karkkainen , Frank Seltzer , gshapiro@FreeBSD.org, freebsd-stable@freebsd.org References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Jun 2015 15:26:05 -0000 On Sun, Jun 14, 2015 at 10:57:13AM -0400, Frank Seltzer wrote: > Am I the only one seeing this? Nope, I had the same issues after upgading from 10.1-RELEASE-p10 to 10.1-RELEASE-p12 using freebsd-update. I fixed this in my home enviroment by disabling TLS in sendmail.cf, by commenting e.g. adding "dnl " to the beginning of the lines lines which have "CERT_DIR" string, rebuiding and installing sendmail.cf and restarting sendmail daemons. # cd /etc/mail # vi freebsd.mc :g/CERT_DIR/s/^/dnl / :wq! The lines should look like this: # fgrep CERT_DIR freebsd.mc dnl define(`CERT_DIR', `/etc/mail/certs')dnl dnl define(`confSERVER_CERT', `CERT_DIR/host.cert')dnl dnl define(`confSERVER_KEY', `CERT_DIR/host.key')dnl dnl define(`confCLIENT_CERT', `CERT_DIR/host.cert')dnl dnl define(`confCLIENT_KEY', `CERT_DIR/host.key')dnl dnl define(`confCACERT', `CERT_DIR/cacert.pem')dnl dnl define(`confCACERT_PATH', `CERT_DIR')dnl dnl define(`confDH_PARAMETERS', `CERT_DIR/dh.param')dnl These three commands create and update/install new sendmail.cf and restarts sendmail daemons. # make all # make install # make restart > Did I get caught between revisions? I do not know. # freebsd-version 10.1-RELEASE-p12 # ident /etc/mail/freebsd.mc /etc/mail/freebsd.mc: $FreeBSD: releng/10.1/etc/sendmail/freebsd.mc 266698 2014-05-26 15:42:39Z gshapiro $ Regards, Esa -- "In the beginning the Universe was created. This has made a lot of people very angry and been widely regarded as a bad move." -- Douglas Adams 1952 - 2001 From owner-freebsd-stable@FreeBSD.ORG Sun Jun 14 15:26:38 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id EE3B4259 for ; Sun, 14 Jun 2015 15:26:38 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3cd3:cd67:fafa:3d78]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.infracaninophile.co.uk", Issuer "infracaninophile.co.uk" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 8FDBD332 for ; Sun, 14 Jun 2015 15:26:38 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from liminal.local ([199.119.128.114]) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.15.1/8.15.1) with ESMTPSA id t5EFQUfu009095 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for ; Sun, 14 Jun 2015 16:26:32 +0100 (BST) (envelope-from matthew@FreeBSD.org) Authentication-Results: smtp.infracaninophile.co.uk; dmarc=none header.from=FreeBSD.org DKIM-Filter: OpenDKIM Filter v2.9.2 smtp.infracaninophile.co.uk t5EFQUfu009095 Authentication-Results: smtp.infracaninophile.co.uk/t5EFQUfu009095; dkim=none reason="no signature"; dkim-adsp=none; dkim-atps=neutral X-Authentication-Warning: lucid-nonsense.infracaninophile.co.uk: Host [199.119.128.114] claimed to be liminal.local Message-ID: <557D9D0F.1050201@FreeBSD.org> Date: Sun, 14 Jun 2015 11:26:07 -0400 From: Matthew Seaman User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 MIME-Version: 1.0 To: freebsd-stable@freebsd.org Subject: Re: Sendmail problem after upgrade to r284296 References: In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="ML8Kv4xcDUO26TgB0PLUjT0DUFvRLPs4J" X-Virus-Scanned: clamav-milter 0.98.7 at lucid-nonsense.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on lucid-nonsense.infracaninophile.co.uk X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Jun 2015 15:26:39 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --ML8Kv4xcDUO26TgB0PLUjT0DUFvRLPs4J Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 14/06/2015 10:57, Frank Seltzer wrote: > Because of a recent alert I updated both of my FreeBSD computers (both > running 10.1-STABLE and built from /etc/src) to r284296 and am having a= > problem with sendmail. Sendmail is giving me the following error every > 30 minutes: >=20 > Jun 14 09:50:04 Ace sm-mta[10430]: STARTTLS=3Dserver, error: accept > failed=3D0, reason=3Dsslv3 alert handshake failure, SSL_error=3D1, errn= o=3D0, > retry=3D-1, relay=3Dlocalhost [127.0.0.1] >=20 > If I restart it I get these errors: >=20 > Jun 14 00:50:04 Ace sm-msp-queue[79406]: STARTTLS=3Dclient, error: conn= ect > failed=3D-1, reason=3Ddh key too small, SSL_error=3D1, errno=3D0, retry= =3D-1 > Jun 14 00:50:04 Ace sm-msp-queue[79406]: ruleset=3Dtls_server, > arg1=3DSOFTWARE, relay=3D[127.0.0.1], reject=3D403 4.7.0 TLS handshake.= >=20 > I have made no changes to sendmail's configuration and all files in > /etc/mail are dated Mar 16 so apparently mergemaster didn't see anythin= g > new to install and rebuild. There is no entry in /usr/src/UPDATING > about any change in sendmail either. >=20 > I first noticed this on the second machine on my home network. This > machine has an entry in /etc/mail/aliases forwarding root's email to me= > on the primary. I noticed the day after the upgrade that I didn't get > the nightly email from the /etc/periodic/daily/ run or from rkhunter. = I > checked my main machine and found that I am not getting these emails > from it either and am getting the same errors in /var/log/maillog. It > can't even email itself. >=20 > Am I the only one seeing this? Did I get caught between revisions? Looks like your sendmail is trying to use SSLv3 a.k.a TLSv1 and that may not be supported in whichever version of OpenSSL you're linking to any more. TLSv1 has some known deficiencies, and the TLSv1.1 or TLSv1.2 ciphers are generally preferred nowadays[*] There's some config-fu at https://weakdh.org/sysadmin.html which will allow you to configure your sendmail to use the most up to date and believed still to be secure ciphers for preference, plus disallow anything known to be insecure. This works for me in general, but it might cause you problems if you need to exchange e-mail with some particularly old machines. Cheers, Matthew [*] Not least because they implement 'Perfect Forward Secrecy' which means the NSA has to keep breaking your crypto over and over again, rather than just once... --ML8Kv4xcDUO26TgB0PLUjT0DUFvRLPs4J Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.20 (Darwin) iQJ8BAEBCgBmBQJVfZ0WXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2NTNBNjhCOTEzQTRFNkNGM0UxRTEzMjZC QjIzQUY1MThFMUE0MDEzAAoJELsjr1GOGkATWg4QAK4BOvtLBMZ0nycchAS9/Umh 4lSKw4Kj23bPkH/zPFFH4+IpfLlvuNy8YuOxJuIRj+EsYSNbWEaExJZaxOr8+ozf 5LG8pUuTLXh/sX+W8eydTzpFDKrRpajZ3V8gaz8o5ScsFAc9tlbVINlK2mdndF7m SjzGKO+Z9Pu0UtwvfgwUyQEQ1H+7+S1VwJYNhiIzUU8v+bdc9ObWEGcz9EXIkGkB XeE97M2Rz6X9r0/2lVZgcyGPsAAWc9v60NQzJLQKbzrAud0GtlboIfS+OycLQC2L 9VAtvx2J9TAhOmyA7mq6W2GRI4f9z8TikxmshICQ1EmXwY5+XzJyy1tuzZkwW3k3 wsC8li+MhcSHyslmLlB5aDGJCLxWDNRgUK4jn1FjVAa8ZRUO4T1tgL2L2cxJR800 rUG28500Vsgs853obRlT4k6t2UcR28b63TTzFl6JJni9SMwCs7urBqJEHXiRBOmY ZyiK88hlAk92MSrPXqY+h44byZc4x+DDbWUFnm9QcDgz0UZ9sjyiQcvBMrDIKx8Z 1tyg9e/QlRMOjsnRdqNOPrBYaiO4VS/9MAoEsrknZ5VjzKn9CvofkAcKDKP2FzSw kQmDnhsmkX9zAlMbgznxKBu2kqQy2qDMdwEu2fIvsxrGFHGz3kMutr1YLTbtNSi2 G+IEkHlU5KNEE3vMwV2h =INrJ -----END PGP SIGNATURE----- --ML8Kv4xcDUO26TgB0PLUjT0DUFvRLPs4J-- From owner-freebsd-stable@FreeBSD.ORG Sun Jun 14 16:55:14 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5CE9BB4E for ; Sun, 14 Jun 2015 16:55:14 +0000 (UTC) (envelope-from gshapiro@gshapiro.net) Received: from zim.gshapiro.net (zim.gshapiro.net [IPv6:2001:4f8:3:36::224]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.gshapiro.net", Issuer "Certificate Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 3E421B98 for ; Sun, 14 Jun 2015 16:55:14 +0000 (UTC) (envelope-from gshapiro@gshapiro.net) Received: from minime.local (c-98-207-41-174.hsd1.ca.comcast.net [98.207.41.174]) (authenticated bits=0) by zim.gshapiro.net (8.15.1.30/8.15.1.30) with ESMTPSA id t5EGt8EB051487 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sun, 14 Jun 2015 09:55:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=gshapiro.net; s=gatsby.dkim; t=1434300912; bh=JUI40ZblrAxRxO4rFFZ0Awfq+5wxtx3jYI21ISrhcfo=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=chd3kY84jPxBpZXqAUM0qAdFqBz8CiOFA6eEszBwTHYDXiyd69gcPPLlHRNuzCM3U o8Ql0ecssS7TchPYS8yFzVv+/yO3wrjzVFfpwBxJduT0eD8rGdSbwI1aSKTw8TRJb/ ZI045/nkQlYgrz4cTrtyWdXzOD7Xl+/1nqrJEbtw= Date: Sun, 14 Jun 2015 09:55:07 -0700 From: Gregory Shapiro To: Frank Seltzer Cc: freebsd-stable@freebsd.org Subject: Re: Sendmail problem after upgrade to r284296 Message-ID: <20150614165507.GD95564@minime.local> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Jun 2015 16:55:14 -0000 > Jun 14 00:50:04 Ace sm-msp-queue[79406]: STARTTLS=client, error: connect failed=-1, reason=dh key too small, SSL_error=1, errno=0, retry=-1 > Jun 14 00:50:04 Ace sm-msp-queue[79406]: ruleset=tls_server, arg1=SOFTWARE, relay=[127.0.0.1], reject=403 4.7.0 TLS handshake. The new OpenSSL eliminated small DHParam support. That leaves two possibilities: 1. The remote side you are talking to is using a small value. The best thing to do would be to eliminate the DH ciphers from your settings. See the docs for the CipherList setting. 2. Your side is using a small value. Double check your setting: > grep DHParam /etc/mail/sendmail.cf # DHParameters (only required if DSA/DH is used) #O DHParameters If that is set to '5' (or a string beginning with 5) or a filename which was created with a 512 bit DHParam, change it to '2' (2048) or a newly created file using 'openssl dhparam -out /path/to/file 2048'. In your /etc/mail/`hostname`.mc file, this setting will show as confDH_PARAMETERS. Also note that the first version of the openssl fix including an ABI issue and a new version was released. Make sure you are using the latest version. From owner-freebsd-stable@FreeBSD.ORG Sun Jun 14 17:50:35 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 66214996 for ; Sun, 14 Jun 2015 17:50:35 +0000 (UTC) (envelope-from frank_s@bellsouth.net) Received: from fmailhost02.isp.att.net (fmailhost02.isp.att.net [204.127.217.102]) by mx1.freebsd.org (Postfix) with ESMTP id 5189794D for ; Sun, 14 Jun 2015 17:50:34 +0000 (UTC) (envelope-from frank_s@bellsouth.net) Received: from ace.nina.org (adsl-74-178-59-239.gnv.bellsouth.net[74.178.59.239]) by isp.att.net (frfwmhc02) with SMTP id <20150614175119H02004q2see>; Sun, 14 Jun 2015 17:51:20 +0000 X-Originating-IP: [74.178.59.239] Date: Sun, 14 Jun 2015 13:50:32 -0400 (EDT) From: Frank Seltzer X-X-Sender: frank_s@Ace.nina.org To: Gregory Shapiro cc: freebsd-stable@freebsd.org Subject: Re: Sendmail problem after upgrade to r284296 In-Reply-To: <20150614165507.GD95564@minime.local> Message-ID: References: <20150614165507.GD95564@minime.local> User-Agent: Alpine 2.20 (BSF 67 2015-01-07) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Jun 2015 17:50:35 -0000 On Sun, 14 Jun 2015, Gregory Shapiro wrote: > The new OpenSSL eliminated small DHParam support. That leaves two possibilities: > > 1. The remote side you are talking to is using a small value. The best thing to do would be to eliminate the DH ciphers from your settings. See the docs for the CipherList setting. Both machines are on my home network. Both have default settings. > 2. Your side is using a small value. Double check your setting: > >> grep DHParam /etc/mail/sendmail.cf > # DHParameters (only required if DSA/DH is used) > #O DHParameters # DHParameters (only required if DSA/DH is used) O DHParameters=/etc/mail/certs/dh.param # DHParameters (only required if DSA/DH is used) O DHParameters=/etc/mail/certs/dh.param Again, default values, no changes to the installed files made. > If that is set to '5' (or a string beginning with 5) or a filename which was created with a 512 bit DHParam, change it to '2' (2048) or a newly created file using 'openssl dhparam -out /path/to/file 2048'. In your /etc/mail/`hostname`.mc file, this setting will show as confDH_PARAMETERS. > > Also note that the first version of the openssl fix including an ABI issue and a new version was released. Make sure you are using the latest version. root@Shop:/etc/mail/certs # openssl version OpenSSL 1.0.1n-freebsd 11 Jun 2015 root@Shop:/etc/mail/certs # svnlite info /usr/src/ Path: /usr/src Working Copy Root Path: /usr/src URL: svn://ace/src/stable/10 Relative URL: ^/stable/10 Repository Root: svn://ace/src Repository UUID: ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f Revision: 284296 Node Kind: directory Schedule: normal Last Changed Author: jkim Last Changed Rev: 284285 Last Changed Date: 2015-06-11 15:07:45 -0400 (Thu, 11 Jun 2015) oot@Ace:/usr/ports # openssl version OpenSSL 1.0.1n-freebsd 11 Jun 2015 root@Ace:/usr/ports # svnlite info /usr/src/ Path: /usr/src Working Copy Root Path: /usr/src URL: svn://ace/src/stable/10 Relative URL: ^/stable/10 Repository Root: svn://ace/src Repository UUID: ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f Revision: 284296 Node Kind: directory Schedule: normal Last Changed Author: jkim Last Changed Rev: 284285 Last Changed Date: 2015-06-11 15:07:45 -0400 (Thu, 11 Jun 2015) Has anything changed since then? Does this revision have the openssl changes? From owner-freebsd-stable@FreeBSD.ORG Sun Jun 14 18:01:48 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5A557E61 for ; Sun, 14 Jun 2015 18:01:48 +0000 (UTC) (envelope-from gshapiro@gshapiro.net) Received: from zim.gshapiro.net (zim.gshapiro.net [IPv6:2001:4f8:3:36::224]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.gshapiro.net", Issuer "Certificate Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4214CC35 for ; Sun, 14 Jun 2015 18:01:48 +0000 (UTC) (envelope-from gshapiro@gshapiro.net) Received: from minime.local (c-98-207-41-174.hsd1.ca.comcast.net [98.207.41.174]) (authenticated bits=0) by zim.gshapiro.net (8.15.1.30/8.15.1.30) with ESMTPSA id t5EI1ixj044958 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sun, 14 Jun 2015 11:01:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=gshapiro.net; s=gatsby.dkim; t=1434304906; bh=f8LX09ulA4FLuDByMHiYQlKWwIPH45WR7dyXlpTmkP8=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=Gfa/+NJ2kEKrjmbnRbwiqRNud1qFA/MIFmoDYuLaE72pi7lpZW2fLks1Yj3mtD3NK RYDim4OJOau3TbqVM2oTNgRd02pIdk25AQXhJPdJk8isXF3kUpNaetbff7L3BLDHon JICWn/fkd3Z2fdSlDuo9jmud7MLrYslxfI8GTKk8= Date: Sun, 14 Jun 2015 11:01:42 -0700 From: Gregory Shapiro To: Frank Seltzer Cc: freebsd-stable@freebsd.org Subject: Re: Sendmail problem after upgrade to r284296 Message-ID: <20150614180142.GE95564@minime.local> References: <20150614165507.GD95564@minime.local> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Jun 2015 18:01:48 -0000 > # DHParameters (only required if DSA/DH is used) > O DHParameters=/etc/mail/certs/dh.param > > # DHParameters (only required if DSA/DH is used) > O DHParameters=/etc/mail/certs/dh.param > > Again, default values, no changes to the installed files made. Try recreating those -- I'm not exactly sure where they came from. /etc/rc.d/sendmail stop mv /etc/mail/certs/dh.param{,~old} openssl dhparam -out /etc/mail/certs/dh.param 2048 /etc/rc.d/sendmail start > root@Shop:/etc/mail/certs # openssl version > OpenSSL 1.0.1n-freebsd 11 Jun 2015 1.0.1o has the ABI fix. From openssl.org: 12-Jun-2015: New releases to resolve ABI compatibility problems: 12-Jun-2015: OpenSSL 1.0.2c is now available, including bug fixes 12-Jun-2015: OpenSSL 1.0.1o is now available, including bug fixes It was imported on HEAD in rev 284329. From owner-freebsd-stable@FreeBSD.ORG Sun Jun 14 18:51:26 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id CC6179E4 for ; Sun, 14 Jun 2015 18:51:26 +0000 (UTC) (envelope-from daved@nostrum.com) Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id AEA6BA0B for ; Sun, 14 Jun 2015 18:51:26 +0000 (UTC) (envelope-from daved@nostrum.com) Received: from [10.1.12.128] (vpn.net.tamu.edu [128.194.177.117]) (authenticated bits=0) by nostrum.com (8.15.1/8.14.9) with ESMTPSA id t5EIpOer041559 (version=TLSv1 cipher=ECDHE-RSA-AES128-SHA bits=128 verify=NO); Sun, 14 Jun 2015 13:51:25 -0500 (CDT) (envelope-from daved@nostrum.com) X-Authentication-Warning: raven.nostrum.com: Host vpn.net.tamu.edu [128.194.177.117] claimed to be [10.1.12.128] Subject: Re: freebsd-update upgrading 9.2 -> 9.3 Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2098\)) Content-Type: text/plain; charset=us-ascii From: Dave Duchscher In-Reply-To: <2AE1123C-302A-4457-98BC-750B8B8D2FA8@ultra-secure.de> Date: Sun, 14 Jun 2015 13:51:19 -0500 Cc: FreeBSD Stable Content-Transfer-Encoding: quoted-printable Message-Id: References: <80446E6A-5217-4D84-A37D-444C9E1ED166@nostrum.com> <2AE1123C-302A-4457-98BC-750B8B8D2FA8@ultra-secure.de> To: Rainer Duffner X-Mailer: Apple Mail (2.2098) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Jun 2015 18:51:26 -0000 > On Jun 14, 2015, at 8:59 AM, Rainer Duffner = wrote: >=20 >=20 >> Am 14.06.2015 um 15:46 schrieb Dave Duchscher : >>=20 >> Trying to upgrade a system from 9.2 -> 9.3 with freebsd-update and I = get the output below. Search has seen reports but not solutions. I = also tried upgrading to 10.1 and seeing similar issue those the "No such = file or directory" error only shows up once but is asking for me to = manually merge lots of unmodified files in /etc. >>=20 >> Anybody have a clue on what is going wrong? >=20 >=20 >=20 > Are you on the latest patch-level for 9.2? Looking, I am not at the latest version. Trying to upgrade to the latest = version breaks things (ssh is the main thing, missing libssh.so.5 = errors). Ignoring the breakage, I get the same errors. Using the = freebsd-update script from the latest 9.2 doesn't help. I am guessing a rebuild of the system is necessary. That may have to = wait for another day. Thankfully, I can rollback. -- Dave From owner-freebsd-stable@FreeBSD.ORG Sun Jun 14 18:53:57 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 4D102C38 for ; Sun, 14 Jun 2015 18:53:57 +0000 (UTC) (envelope-from rainer@ultra-secure.de) Received: from mail.ultra-secure.de (mail.ultra-secure.de [88.198.178.88]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id AD28CA9B for ; Sun, 14 Jun 2015 18:53:56 +0000 (UTC) (envelope-from rainer@ultra-secure.de) Received: (qmail 36232 invoked by uid 89); 14 Jun 2015 18:53:52 -0000 Received: from unknown (HELO ?192.168.1.200?) (rainer@ultra-secure.de@217.71.83.52) by mail.ultra-secure.de with ESMTPA; 14 Jun 2015 18:53:52 -0000 Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2098\)) Subject: Re: freebsd-update upgrading 9.2 -> 9.3 From: Rainer Duffner In-Reply-To: Date: Sun, 14 Jun 2015 20:53:51 +0200 Cc: FreeBSD Stable Content-Transfer-Encoding: quoted-printable Message-Id: <27ABD2D5-80E8-4BC4-A9AF-210D2FF6A199@ultra-secure.de> References: <80446E6A-5217-4D84-A37D-444C9E1ED166@nostrum.com> <2AE1123C-302A-4457-98BC-750B8B8D2FA8@ultra-secure.de> To: Dave Duchscher X-Mailer: Apple Mail (2.2098) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Jun 2015 18:53:57 -0000 > Am 14.06.2015 um 20:51 schrieb Dave Duchscher : >=20 >> On Jun 14, 2015, at 8:59 AM, Rainer Duffner = wrote: >>=20 >>=20 >>> Am 14.06.2015 um 15:46 schrieb Dave Duchscher : >>>=20 >>> Trying to upgrade a system from 9.2 -> 9.3 with freebsd-update and I = get the output below. Search has seen reports but not solutions. I = also tried upgrading to 10.1 and seeing similar issue those the "No such = file or directory" error only shows up once but is asking for me to = manually merge lots of unmodified files in /etc. >>>=20 >>> Anybody have a clue on what is going wrong? >>=20 >>=20 >>=20 >> Are you on the latest patch-level for 9.2? >=20 > Looking, I am not at the latest version. Trying to upgrade to the = latest version breaks things (ssh is the main thing, missing libssh.so.5 = errors). Ignoring the breakage, I get the same errors. Using the = freebsd-update script from the latest 9.2 doesn't help. >=20 > I am guessing a rebuild of the system is necessary. That may have to = wait for another day. Thankfully, I can rollback. >=20 > -- > Dave >=20 Sometimes, there are updates for freebsd-update itself that are required = for a -r upgrade. So, it=E2=80=99s IMO good practice to update to the latest patch level = and then do the upgrade. Or at least get the latest version of freebsd-update from somewhere else = and use that. From owner-freebsd-stable@FreeBSD.ORG Sun Jun 14 19:01:44 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 7B184E95 for ; Sun, 14 Jun 2015 19:01:44 +0000 (UTC) (envelope-from ca+envelope@esmtp.org) Received: from zardoc.esmtp.org (zardoc.esmtp.org [70.36.157.240]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "zardoc.esmtp.org", Issuer "Claus Assmann CA RSA 2015" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 60D98C8C for ; Sun, 14 Jun 2015 19:01:44 +0000 (UTC) (envelope-from ca+envelope@esmtp.org) Received: from x2.esmtp.org (localhost. [127.0.0.1]) by zardoc.esmtp.org (MeTA1-1.1.Alpha1.0) with ESMTPS (TLS=TLSv1.2, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256, verify=OK) id S000000000012EB4300; Sun, 14 Jun 2015 11:51:37 -0700 Received: (from ca@localhost) by x2.esmtp.org (8.14.6/8.12.10.Beta0/Submit) id t5EIpbiW019569 for freebsd-stable@freebsd.org; Sun, 14 Jun 2015 11:51:37 -0700 (PDT) Date: Sun, 14 Jun 2015 11:51:37 -0700 From: Claus Assmann To: freebsd-stable@freebsd.org Subject: Re: dhparam (was: sendmail problem after upgrade to r284296) Message-ID: <20150614185137.GA14935@x2.esmtp.org> Reply-To: freebsd-stable@freebsd.org Mail-Followup-To: freebsd-stable@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.22+16 (adf90e5365bc) (2013-10-16) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Jun 2015 19:01:44 -0000 BTW: You can check the file using: $ openssl dhparam -C < dhparam.pem | fgrep get_dh DH *get_dh768() ^^^ From owner-freebsd-stable@FreeBSD.ORG Sun Jun 14 19:05:11 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 3643132B for ; Sun, 14 Jun 2015 19:05:11 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from kib.kiev.ua (kib.kiev.ua [IPv6:2001:470:d5e7:1::1]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id CA35BCE0 for ; Sun, 14 Jun 2015 19:05:10 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from tom.home (kostik@localhost [127.0.0.1]) by kib.kiev.ua (8.14.9/8.14.9) with ESMTP id t5EJ55Ec099426 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Sun, 14 Jun 2015 22:05:05 +0300 (EEST) (envelope-from kostikbel@gmail.com) DKIM-Filter: OpenDKIM Filter v2.9.2 kib.kiev.ua t5EJ55Ec099426 Received: (from kostik@localhost) by tom.home (8.14.9/8.14.9/Submit) id t5EJ54SU099415; Sun, 14 Jun 2015 22:05:04 +0300 (EEST) (envelope-from kostikbel@gmail.com) X-Authentication-Warning: tom.home: kostik set sender to kostikbel@gmail.com using -f Date: Sun, 14 Jun 2015 22:05:04 +0300 From: Konstantin Belousov To: Andre Meiser Cc: freebsd-stable@freebsd.org Subject: Re: Re: Many core dumps in pthread_getspecific. Message-ID: <20150614190504.GT2080@kib.kiev.ua> References: <20150603145838.GX2499@kib.kiev.ua> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) X-Spam-Status: No, score=-2.0 required=5.0 tests=ALL_TRUSTED,BAYES_00, DKIM_ADSP_CUSTOM_MED,FREEMAIL_FROM,NML_ADSP_CUSTOM_MED autolearn=no autolearn_force=no version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on tom.home X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Jun 2015 19:05:11 -0000 On Fri, Jun 12, 2015 at 12:03:16PM +0200, Andre Meiser wrote: > Hi, > > On Wed, Jun 03, 2015 at 16:58 +0200, Konstantin Belousov wrote: > > You should recompile both libc and libthr with debugging symbols, like > > cd /usr/src > > (cd lib/libc && make all install DEBUG_FLAGS=-g) > > (cd lib/libthr && make all install DEBUG_FLAGS=-g) > > then obtain the core dump and post backtraces. > > still no new core dump from Xorg, but one from vim. > As far as I recall, vim used to crash at pthread_getspecific, too, but this time it was different: > > Core was generated by `vim'. > Program terminated with signal 11, Segmentation fault. > Reading symbols from /lib/libm.so.5...(no debugging symbols found)...done. > Loaded symbols for /lib/libm.so.5 > Reading symbols from /lib/libncurses.so.8...(no debugging symbols found)...done. > Loaded symbols for /lib/libncurses.so.8 > Reading symbols from /usr/local/lib/libintl.so.8...(no debugging symbols found)...done. > Loaded symbols for /usr/local/lib/libintl.so.8 > Reading symbols from /usr/local/lib/libpython2.7.so.1...(no debugging symbols found)...done. > Loaded symbols for /usr/local/lib/libpython2.7.so.1 > Reading symbols from /lib/libthr.so.3...done. > Loaded symbols for /lib/libthr.so.3 > Reading symbols from /lib/libc.so.7...done. > Loaded symbols for /lib/libc.so.7 > Reading symbols from /lib/libutil.so.9...done. > Loaded symbols for /lib/libutil.so.9 > Reading symbols from /libexec/ld-elf.so.1...done. > Loaded symbols for /libexec/ld-elf.so.1 > #0 0x000000080149d6a2 in check_deferred_signal (curthread=0x802406400) at /usr/src/lib/libthr/thread/thr_sig.c:331 > 331 getcontext(uc); > [New Thread 802406400 (LWP 101373/vim)] > Current language: auto; currently minimal > (gdb) bt > #0 0x000000080149d6a2 in check_deferred_signal (curthread=0x802406400) at /usr/src/lib/libthr/thread/thr_sig.c:331 > #1 0x000000080149d5ed in _thr_ast (curthread=0x802406400) at /usr/src/lib/libthr/thread/thr_sig.c:264 > #2 0x00000008014a23c7 in _thr_rtld_lock_release (lock=) at /usr/src/lib/libthr/thread/thr_rtld.c:162 > #3 0x000000080083c94d in _r_debug_postinit () from /libexec/ld-elf.so.1 > #4 0x000000080083a15d in .text () from /libexec/ld-elf.so.1 > #5 0x00000000004e3d83 in preserve_exit () > #6 0x000000000051e808 in mch_libcall () > #7 0x000000080149e47a in handle_signal (actp=, sig=, info=, ucp=) at /usr/src/lib/libthr/thread/thr_sig.c:240 > #8 0x000000080149e062 in thr_sighandler (sig=, info=, _ucp=) at /usr/src/lib/libthr/thread/thr_sig.c:183 > #9 > #10 0x000000080149d6a2 in check_deferred_signal (curthread=0x802406400) at /usr/src/lib/libthr/thread/thr_sig.c:331 > #11 0x000000080149d5ed in _thr_ast (curthread=0x802406400) at /usr/src/lib/libthr/thread/thr_sig.c:264 > #12 0x00000008014a23c7 in _thr_rtld_lock_release (lock=) at /usr/src/lib/libthr/thread/thr_rtld.c:162 > #13 0x000000080083c94d in _r_debug_postinit () from /libexec/ld-elf.so.1 > #14 0x000000080083a15d in .text () from /libexec/ld-elf.so.1 > #15 0x000000080149e4e2 in handle_signal (actp=, sig=, info=, ucp=) at /usr/src/lib/libthr/thread/thr_sig.c:256 > #16 0x000000080149e062 in thr_sighandler (sig=, info=, _ucp=) at /usr/src/lib/libthr/thread/thr_sig.c:183 > #17 > #18 0x00000008017f9b7a in select () from /lib/libc.so.7 > #19 0x000000080149bb32 in __select (numfds=1, readfds=0x7fffffffdfb0, writefds=0x0, exceptfds=0x7fffffffdf30, timeout=0x0) at /usr/src/lib/libthr/thread/thr_syscalls.c:561 > #20 0x000000000051a33b in mch_write () > #21 0x000000000051a5ac in mch_inchar () > #22 0x00000000005b7a17 in ui_inchar () > #23 0x00000000004ae86a in inchar () > #24 0x00000000004b1cdb in vgetc () > #25 0x00000000004b0bda in vgetc () > #26 0x00000000004b2499 in safe_vgetc () > #27 0x00000000004f560f in normal_cmd () > #28 0x00000000005df297 in main_loop () > #29 0x00000000005de908 in main () > > It's still a thread problem, but I've no idea if it's related with the former pthread_getspecific problem. Show me the 'ldd vim' output and output from the readelf -d vim | grep NEEDED. From owner-freebsd-stable@FreeBSD.ORG Sun Jun 14 19:24:08 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id DBFC28B4 for ; Sun, 14 Jun 2015 19:24:08 +0000 (UTC) (envelope-from markoml@markoturk.info) Received: from vps.markoturk.info (vps.markoturk.info [95.154.208.14]) by mx1.freebsd.org (Postfix) with ESMTP id A9C8F177 for ; Sun, 14 Jun 2015 19:24:08 +0000 (UTC) (envelope-from markoml@markoturk.info) Received: by vps.markoturk.info (Postfix, from userid 1001) id C9AF827389; Sun, 14 Jun 2015 21:23:40 +0200 (CEST) Date: Sun, 14 Jun 2015 21:23:40 +0200 From: Marko Turk To: freebsd-stable@freebsd.org Subject: Re: Vbox kernel module panic on boot Message-ID: <20150614192340.GD9045@vps.markoturk.info> References: <20150612193529.GB9045@vps.markoturk.info> <44y4jo8zyo.fsf@be-well.ilk.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="lc9FT7cWel8HagAv" Content-Disposition: inline In-Reply-To: <44y4jo8zyo.fsf@be-well.ilk.org> User-Agent: Mutt/1.5.23 (2014-03-12) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Jun 2015 19:24:09 -0000 --lc9FT7cWel8HagAv Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Fri, Jun 12, 2015 at 03:54:23PM -0400, Lowell Gilbert wrote: > You rebuilt the vbox module, yes? No, I didn't have to before. Thanks for the answer, I will rebuild the module and try again. BR, Marko --lc9FT7cWel8HagAv Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJVfdS8AAoJEDcRe7P/w1sj8vYP/1TTe977/0guzX3J4FBqws0R BK1zf4ST7cXD0mVbXObgrS05aQVJOqScB7KXzwHh7GqPrqvQPhR0OQxJTmIdp4ww pidDdy4al4nhMyhYvyOTp4zD2rDr3ZFc8f/z2Fh7xmbkfto1UuhjghGKC0CaE6AB KfOQ7JnsTF+f76pTh+KjgSZKZKiXD3SqSQPuFhY4NNz9qyDLkMvENIQAK3L3oe5K A0NJnmCvb8P3u3uynf+WOdeRSiDRs6gceLQ36urkrffBUkHZJjCjyPeaTSzRPC44 AgtlaWQWKRi3OXHJPpGjMhSWf8GWciBqhM/7Om+xOv52As5GTjMjc9hLYIsFg/42 r13BO7Jk1PiS/aMvkbXYJWgQiOqunl/tD0O5lgfWpkeABmrz3m0xduhah5q4bpei mB47XZpix+EvSDUC8bQEpE5P9g0dPk6twdhiQEa1FeJfvvOCedJyubHCiU7FU22p zFMZjNODZ73yyb60yF1v8hUVQZd6fze9kqAcqmLH6AJVljh91CQMlkVYF+c7PCkS ezRjvKVLBuwS1HwXguTsExXmIbpXbbU5TBgDNQDqtMJHhILTH7qxL8mDLLa08HDC uasjG74gwtBlmjo9LMLANU8T+7Y0IvM2zWEjjCPf2X0RX/nwDD+wH43fFuHF9id7 opAkagW7nPJ15kDeHA+o =km/y -----END PGP SIGNATURE----- --lc9FT7cWel8HagAv-- From owner-freebsd-stable@FreeBSD.ORG Sun Jun 14 20:05:03 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B532A69D for ; Sun, 14 Jun 2015 20:05:03 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 71B2AC65 for ; Sun, 14 Jun 2015 20:05:02 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (localhost [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id 1DDFC28412; Sun, 14 Jun 2015 22:04:58 +0200 (CEST) Received: from illbsd.quip.test (ip-89-177-50-74.net.upcbroadband.cz [89.177.50.74]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id 2EBDA2840A; Sun, 14 Jun 2015 22:04:55 +0200 (CEST) Message-ID: <557DDE67.10100@quip.cz> Date: Sun, 14 Jun 2015 22:04:55 +0200 From: Miroslav Lachman <000.fbsd@quip.cz> User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:35.0) Gecko/20100101 Firefox/35.0 SeaMonkey/2.32 MIME-Version: 1.0 To: Dave Duchscher , Rainer Duffner CC: FreeBSD Stable Subject: Re: freebsd-update upgrading 9.2 -> 9.3 References: <80446E6A-5217-4D84-A37D-444C9E1ED166@nostrum.com> <2AE1123C-302A-4457-98BC-750B8B8D2FA8@ultra-secure.de> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Jun 2015 20:05:03 -0000 Dave Duchscher wrote on 06/14/2015 20:51: [...] >> Are you on the latest patch-level for 9.2? > > Looking, I am not at the latest version. Trying to upgrade to the latest version breaks things (ssh is the main thing, missing libssh.so.5 errors). Ignoring the breakage, I get the same errors. Using the freebsd-update script from the latest 9.2 doesn't help. > > I am guessing a rebuild of the system is necessary. That may have to wait for another day. Thankfully, I can rollback. I saw similar problem about half year ago when I did upgrad from 9.x to 9.3. The system was totally messed up after freebsd-update so then I must fixed it with source upgrade method. (buil and install kernel & world) Miroslav Lachman From owner-freebsd-stable@FreeBSD.ORG Mon Jun 15 00:21:27 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 088E845A for ; Mon, 15 Jun 2015 00:21:27 +0000 (UTC) (envelope-from frank_s@bellsouth.net) Received: from fmailhost01.isp.att.net (fmailhost01.isp.att.net [207.115.11.51]) by mx1.freebsd.org (Postfix) with ESMTP id E7054E43 for ; Mon, 15 Jun 2015 00:21:26 +0000 (UTC) (envelope-from frank_s@bellsouth.net) Received: from ace.nina.org (adsl-74-178-59-239.gnv.bellsouth.net[74.178.59.239]) by isp.att.net (frfwmhc01) with SMTP id <20150615002115H0100m3l74e>; Mon, 15 Jun 2015 00:21:16 +0000 X-Originating-IP: [74.178.59.239] Date: Sun, 14 Jun 2015 20:21:19 -0400 (EDT) From: Frank Seltzer X-X-Sender: frank_s@Ace.nina.org To: Gregory Shapiro cc: freebsd-stable@freebsd.org Subject: Re: Sendmail problem after upgrade to r284296 In-Reply-To: <20150614180142.GE95564@minime.local> Message-ID: References: <20150614165507.GD95564@minime.local> <20150614180142.GE95564@minime.local> User-Agent: Alpine 2.20 (BSF 67 2015-01-07) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Jun 2015 00:21:27 -0000 I updated source and rebuilt world and kernel with no change in sendmail's behavior. This is the revision I have now: root@Ace:/etc/mail/certs # svnlite info /usr/src/ Path: /usr/src Working Copy Root Path: /usr/src URL: svn://ace/src/stable/10 Relative URL: ^/stable/10 Repository Root: svn://ace/src Repository UUID: ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f Revision: 284384 Node Kind: directory Schedule: normal Last Changed Author: kib Last Changed Rev: 284375 Last Changed Date: 2015-06-14 01:12:48 -0400 (Sun, 14 Jun 2015) root@Ace:/etc/mail/certs # uname -a FreeBSD Ace.nina.org 10.1-STABLE FreeBSD 10.1-STABLE #0 r284384: Sun Jun 14 16:40:15 EDT 2015 frank_s@Ace.nina.org:/usr/obj/usr/src/sys/GENERIC amd64 and openssl: root@Ace:/etc/mail/certs # openssl version OpenSSL 1.0.1o-freebsd 12 Jun 2015 so I'm up to date there as well. > /etc/rc.d/sendmail stop > mv /etc/mail/certs/dh.param{,~old} > openssl dhparam -out /etc/mail/certs/dh.param 2048 > /etc/rc.d/sendmail start After the update I got your email and followed your instructions, except for moving dh.param because it didn't exist, and sendmail is happy now. I checked and there is still no mention of this in /usr/src/UPDATING so my question is, when and how is dh.param supposed to be created? Since I'm not the only one with this problem it doesn't seem to be something I did or didn't do. What could have caused dh.param to not be generated? Thanks, Frank From owner-freebsd-stable@FreeBSD.ORG Mon Jun 15 00:42:19 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 9CC0C90A for ; Mon, 15 Jun 2015 00:42:19 +0000 (UTC) (envelope-from karl@denninger.net) Received: from fs.denninger.net (wsip-70-169-168-7.pn.at.cox.net [70.169.168.7]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "NewFS.denninger.net", Issuer "NewFS.denninger.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 64DB95DF for ; Mon, 15 Jun 2015 00:42:18 +0000 (UTC) (envelope-from karl@denninger.net) Received: from [192.168.1.40] (localhost [127.0.0.1]) by fs.denninger.net (8.14.9/8.14.8) with ESMTP id t5F0R4ux052205 for ; Sun, 14 Jun 2015 19:27:04 -0500 (CDT) (envelope-from karl@denninger.net) Received: from [192.168.1.40] [192.168.1.40] (Via SSLv3 AES128-SHA) ; by Spamblock-sys (LOCAL/AUTH) Sun Jun 14 19:27:04 2015 Message-ID: <557E1B98.6070402@denninger.net> Date: Sun, 14 Jun 2015 19:26:00 -0500 From: Karl Denninger User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 MIME-Version: 1.0 To: freebsd-stable@freebsd.org Subject: Re: Sendmail problem after upgrade to r284296 References: <20150614165507.GD95564@minime.local> <20150614180142.GE95564@minime.local> In-Reply-To: Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary="------------ms080708000100030106000008" X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Jun 2015 00:42:19 -0000 This is a cryptographically signed message in MIME format. --------------ms080708000100030106000008 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 6/14/2015 19:21, Frank Seltzer wrote: > I updated source and rebuilt world and kernel with no change in > sendmail's behavior. This is the revision I have now: > > root@Ace:/etc/mail/certs # svnlite info /usr/src/ > Path: /usr/src > Working Copy Root Path: /usr/src > URL: svn://ace/src/stable/10 > Relative URL: ^/stable/10 > Repository Root: svn://ace/src > Repository UUID: ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f > Revision: 284384 > Node Kind: directory > Schedule: normal > Last Changed Author: kib > Last Changed Rev: 284375 > Last Changed Date: 2015-06-14 01:12:48 -0400 (Sun, 14 Jun 2015) > > root@Ace:/etc/mail/certs # uname -a > FreeBSD Ace.nina.org 10.1-STABLE FreeBSD 10.1-STABLE #0 r284384: Sun > Jun 14 16:40:15 EDT 2015 =20 > frank_s@Ace.nina.org:/usr/obj/usr/src/sys/GENERIC amd64 > > and openssl: > > root@Ace:/etc/mail/certs # openssl version > OpenSSL 1.0.1o-freebsd 12 Jun 2015 > > so I'm up to date there as well. > >> /etc/rc.d/sendmail stop >> mv /etc/mail/certs/dh.param{,~old} >> openssl dhparam -out /etc/mail/certs/dh.param 2048 >> /etc/rc.d/sendmail start > > After the update I got your email and followed your instructions, > except for moving dh.param because it didn't exist, and sendmail is > happy now. > > I checked and there is still no mention of this in /usr/src/UPDATING > so my question is, when and how is dh.param supposed to be created?=20 > Since I'm not the only one with this problem it doesn't seem to be > something I did or didn't do. What could have caused dh.param to not > be generated? > > Thanks, > Frank > It only needs to be done once (and now you've done it.) The reason is a bit obscure but has to do with some vulnerabilities discovered in DH key negotiation with weak parameter sets. Most mail servers do not check literally ANYTHING when it comes to SSL connections, but this is a VERY poor practice. That it's being tightened up is a good thing to a point, but there will be more of this sort of problem over time (particularly if people start getting uppity about broken certification chains or private CAs as a whole LOT of email servers run self-signed or local-CA-issued SSL certificates!) Are these potentially breakable too? Yes, with a MITM (man-in-the-middle) attack -- but that's not the same degree of vulnerability as the DH key problem, so hopefully the "cranking down of the screws" will stop before it gets to where it begins to SEVERELY impact mail exchange. --=20 Karl Denninger karl@denninger.net /The Market Ticker/ /[S/MIME encrypted email preferred]/ --------------ms080708000100030106000008 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIGXzCC BlswggRDoAMCAQICASkwDQYJKoZIhvcNAQELBQAwgZAxCzAJBgNVBAYTAlVTMRAwDgYDVQQI EwdGbG9yaWRhMRIwEAYDVQQHEwlOaWNldmlsbGUxGTAXBgNVBAoTEEN1ZGEgU3lzdGVtcyBM TEMxHDAaBgNVBAMTE0N1ZGEgU3lzdGVtcyBMTEMgQ0ExIjAgBgkqhkiG9w0BCQEWE0N1ZGEg U3lzdGVtcyBMTEMgQ0EwHhcNMTUwNDIxMDIyMTU5WhcNMjAwNDE5MDIyMTU5WjBaMQswCQYD VQQGEwJVUzEQMA4GA1UECBMHRmxvcmlkYTEZMBcGA1UEChMQQ3VkYSBTeXN0ZW1zIExMQzEe MBwGA1UEAxMVS2FybCBEZW5uaW5nZXIgKE9DU1ApMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A MIICCgKCAgEAuYRY+EB2mGtZ3grlVO8TmnEvduVFA/IYXcCmNSOC1q+pTVjylsjcHKBcOPb9 TP1KLxdWP+Q1soSORGHlKw2/HcVzShDW5WPIKrvML+Ry0XvIvNBu9adTiCsA9nci4Cnf98XE hVpenER0qbJkBUOGT1rP4iAcfjet0lEgzPEnm+pAxv6fYSNp1WqIY9u0b1pkQiaWrt8hgNOc rJOiLbc8CeQ/DBP6rUiQjYNO9/aPNauEtHkNNfR9RgLSfGUdZuOCmJqnIla1HsrZhA5p69Bv /e832BKiNPaH5wF6btAiPpTr2sRhwQO8/IIxcRX1Vxd1yZbjYtJGw+9lwEcWRYAmoxkzKLPi S6Zo/6z5wgNpeK1H+zOioMoZIczgI8BlX1iHxqy/FAvm4PHPnC8s+BLnJLwr+jvMNHm82QwL J9hC5Ho8AnFU6TkCuq+P2V8/clJVqnBuvTUKhYMGSm4mUp+lAgR4L+lwIEqSeWVsxirIcE7Z OKkvI7k5x3WeE3+c6w74L6PfWVAd84xFlo9DKRdU9YbkFuFZPu21fi/LmE5brImB5P+jdqnK eWnVwRq+RBFLy4kehCzMXooitAwgP8l/JJa9VDiSyd/PAHaVGiat2vCdDh4b8cFL7SV6jPA4 k0MgGUA/6Et7wDmhZmCigggr9K6VQCx8jpKB3x1NlNNiaWECAwEAAaOB9DCB8TA3BggrBgEF BQcBAQQrMCkwJwYIKwYBBQUHMAGGG2h0dHA6Ly9jdWRhc3lzdGVtcy5uZXQ6ODg4ODAJBgNV HRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDALBgNVHQ8EBAMCBeAwLAYJYIZIAYb4QgENBB8W HU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBTFHJQt6cloXBdG1Pv1 o2YgH+7lWTAfBgNVHSMEGDAWgBQkcZudhX383d29sMqSlAOh+tNtNTAdBgNVHREEFjAUgRJr YXJsQGRlbm5pbmdlci5uZXQwDQYJKoZIhvcNAQELBQADggIBAE9/dxi2YqjCYYhiybp4GKcm 7tBVa/GLW+qcHPcoT4dqmqghlLz8+iUH+HCJjRQATVGyMEnvISOKFVHC6aZIG+Sg7J8bfS4+ fjKDi9smRH2VPPx3bV8+yFYRNroMGHaPHZB/Xctmmvc+PZ9O2W7rExgrODtxIOB3Zs6wkYf+ ty+9r1KmTHlV+rRHI6timH1uiyFE3cPi1taAEBxf0851cJV8k40PGF8G48ewnq8SY9sCf5cv liXbpdgU+I4ND5BuTjg63WS32zuhLd1VSuH3ZC/QbcncMX5W3oLXmcQP5/5uTiBJy74kdPtG MSZ9rXwZPwNxP/8PXMSR7ViaFvjUkf4bJlyENFa2PGxLk4EUzOuO7t3brjMlQW1fuInfG+ko 3tVxko20Hp0tKGPe/9cOxBVBZeZH/VgpZn3cLculGzZjmdh2fqAQ6kv9Z9AVOG1+dq0c1zt8 2zm+Oi1pikGXkfz5UJq60psY6zbX25BuEZkthO/qiS4pxjxb7gQkS0rTEHTy+qv0l3QVL0wa NAT74Zaj7l5DEW3qdQQ0dtVieyvptg9CxkfQJE3JyBMb0zBj9Qhc5/hbTfhSlHzZMEbUuIyx h9vxqFAmGzfB1/WfOKkiNHChkpPW8ZeH9yPeDBKvrgZ96dREHFoVkDk7Vpw5lSM+tFOfdyLg xxhb/RZVUDeUMYIE4zCCBN8CAQEwgZYwgZAxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdGbG9y aWRhMRIwEAYDVQQHEwlOaWNldmlsbGUxGTAXBgNVBAoTEEN1ZGEgU3lzdGVtcyBMTEMxHDAa BgNVBAMTE0N1ZGEgU3lzdGVtcyBMTEMgQ0ExIjAgBgkqhkiG9w0BCQEWE0N1ZGEgU3lzdGVt cyBMTEMgQ0ECASkwCQYFKw4DAhoFAKCCAiEwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAc BgkqhkiG9w0BCQUxDxcNMTUwNjE1MDAyNjAwWjAjBgkqhkiG9w0BCQQxFgQUSnXgl/5jR/oX 4bfFnsUN0Q3HwEMwbAYJKoZIhvcNAQkPMV8wXTALBglghkgBZQMEASowCwYJYIZIAWUDBAEC MAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzAN BggqhkiG9w0DAgIBKDCBpwYJKwYBBAGCNxAEMYGZMIGWMIGQMQswCQYDVQQGEwJVUzEQMA4G A1UECBMHRmxvcmlkYTESMBAGA1UEBxMJTmljZXZpbGxlMRkwFwYDVQQKExBDdWRhIFN5c3Rl bXMgTExDMRwwGgYDVQQDExNDdWRhIFN5c3RlbXMgTExDIENBMSIwIAYJKoZIhvcNAQkBFhND dWRhIFN5c3RlbXMgTExDIENBAgEpMIGpBgsqhkiG9w0BCRACCzGBmaCBljCBkDELMAkGA1UE BhMCVVMxEDAOBgNVBAgTB0Zsb3JpZGExEjAQBgNVBAcTCU5pY2V2aWxsZTEZMBcGA1UEChMQ Q3VkYSBTeXN0ZW1zIExMQzEcMBoGA1UEAxMTQ3VkYSBTeXN0ZW1zIExMQyBDQTEiMCAGCSqG SIb3DQEJARYTQ3VkYSBTeXN0ZW1zIExMQyBDQQIBKTANBgkqhkiG9w0BAQEFAASCAgC2LrSl BG2H6Q6r7GdlC0Rxm1uOpjzyMPN+uha6+H/vHFC+YF8XE0MmDzhGdTT/n81P91oZ2tyrfMyb awOcLx4No9c0ru6/01qkkne7D69R0lDZ+OtQ+35MYImQKJt5hxV0m5zFl2sQH402HQD0bt83 gOcle4NM50W901pNX65MLep6PL3n5Mqxn4lJ+dyaVzTRstSAXKCNx4w7Rsal0yBwOzOOwwSz Qv0AM71dfSradn35p88lJXtotuz1r+bJ4lWaYIaWQ6qBqpm8Iz2fLZCne2XQPi2YHbnBWlc4 3GgugDYVbZTN91bjOWd5x4dg9e51sXSW54TamOkLJgLFPZlld3gTpDgJT3n9CQdoemYBLrIc lOSE/4yxW3yw+CHPBRzwi/TrBWTS7lhxTiBcvMmKpqe69ZydoAvi3u2lJ2G9cXW3RjHQeBE6 DNOx2NB0yisxXEu8Ywxa1p5anHITI+JAi2AYIt15Ya4mNP86N5Nht4jum7M0ws9Ac8+7uHb9 NCEstr/MwBr6eFZw+BxWSvn2sbVM1MrE8SuX+BRezt1XWmuUH0/+0mYqfhy9c9uViK10xdNT 9FrvqjUrBYsYONn5lJG9Dx8yicHr0d/dTBE06so8Fh6WOwnlPL5rlEtP81n2nMVMrL16Ap8P /mASNe95jz+hHMVn6T4/h3Y3bbUkLwAAAAAAAA== --------------ms080708000100030106000008-- From owner-freebsd-stable@FreeBSD.ORG Mon Jun 15 01:35:51 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B02DEADA for ; Mon, 15 Jun 2015 01:35:51 +0000 (UTC) (envelope-from gshapiro@gshapiro.net) Received: from zim.gshapiro.net (zim.gshapiro.net [IPv6:2001:4f8:3:36::224]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.gshapiro.net", Issuer "Certificate Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 96C2F12D for ; Mon, 15 Jun 2015 01:35:51 +0000 (UTC) (envelope-from gshapiro@gshapiro.net) Received: from minime.local (c-24-4-66-9.hsd1.ca.comcast.net [24.4.66.9]) (authenticated bits=0) by zim.gshapiro.net (8.15.1.30/8.15.1.30) with ESMTPSA id t5F1ZlpY019408 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sun, 14 Jun 2015 18:35:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=gshapiro.net; s=gatsby.dkim; t=1434332150; bh=5U/giQQohiEjEPuFBqVni/ZMeKurp7JcFEqtLB9nPic=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=jl4zru1Vm2hvbO/Yn+rhTzUIqhoHpIEEXOcRJkA5Ry+X5DOELtebHgUCHJwu2+Ql1 DsZfAjoENltT1a/T6+TXYw/YxiVYZ0CJKpV4KhhkRTrZF97a0v3hI1ZSFHfE3CBlGw t2ZubGcyCYcyeLbo635vxfFcJGPeany6GlP7nigU= Date: Sun, 14 Jun 2015 18:35:17 -0700 From: Gregory Shapiro To: Frank Seltzer Cc: freebsd-stable@freebsd.org Subject: Re: Sendmail problem after upgrade to r284296 Message-ID: <20150615013517.GA19755@minime.local> References: <20150614165507.GD95564@minime.local> <20150614180142.GE95564@minime.local> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Jun 2015 01:35:51 -0000 > After the update I got your email and followed your instructions, except for > moving dh.param because it didn't exist, and sendmail is happy now. Happy to hear sendmail is happy. > I checked and there is still no mention of this in /usr/src/UPDATING so my > question is, when and how is dh.param supposed to be created? Since I'm not > the only one with this problem it doesn't seem to be something I did or > didn't do. What could have caused dh.param to not be generated? That is a good question. If you didn't create it, I don't know what did -- it's not part of the base build (checked on a newly installed snapshot). Are you sure you didn't create it at some point? Not even the mail/sendmail port creates it. From owner-freebsd-stable@FreeBSD.ORG Mon Jun 15 02:39:43 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 18F5855A for ; Mon, 15 Jun 2015 02:39:43 +0000 (UTC) (envelope-from frank_s@bellsouth.net) Received: from fmailhost02.isp.att.net (fmailhost02.isp.att.net [204.127.217.102]) by mx1.freebsd.org (Postfix) with ESMTP id 0407EBA for ; Mon, 15 Jun 2015 02:39:42 +0000 (UTC) (envelope-from frank_s@bellsouth.net) Received: from ace.nina.org (adsl-74-178-59-239.gnv.bellsouth.net[74.178.59.239]) by isp.att.net (frfwmhc02) with SMTP id <20150615024028H02004pv3oe>; Mon, 15 Jun 2015 02:40:28 +0000 X-Originating-IP: [74.178.59.239] Date: Sun, 14 Jun 2015 22:39:41 -0400 (EDT) From: Frank Seltzer X-X-Sender: frank_s@Ace.nina.org To: Gregory Shapiro cc: freebsd-stable@freebsd.org Subject: Re: Sendmail problem after upgrade to r284296 In-Reply-To: <20150615013517.GA19755@minime.local> Message-ID: References: <20150614165507.GD95564@minime.local> <20150614180142.GE95564@minime.local> <20150615013517.GA19755@minime.local> User-Agent: Alpine 2.20 (BSF 67 2015-01-07) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Jun 2015 02:39:43 -0000 On Sun, 14 Jun 2015, Gregory Shapiro wrote: >> After the update I got your email and followed your instructions, except for >> moving dh.param because it didn't exist, and sendmail is happy now. > > Happy to hear sendmail is happy. > >> I checked and there is still no mention of this in /usr/src/UPDATING so my >> question is, when and how is dh.param supposed to be created? Since I'm not >> the only one with this problem it doesn't seem to be something I did or >> didn't do. What could have caused dh.param to not be generated? > > That is a good question. If you didn't create it, I don't know what did -- it's not part of the base build (checked on a newly installed snapshot). Are you sure you didn't create it at some point? Not even the mail/sendmail port creates it. I created it per your instructions. See above about it not existing previously. From owner-freebsd-stable@FreeBSD.ORG Mon Jun 15 03:24:08 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id F048BD88 for ; Mon, 15 Jun 2015 03:24:08 +0000 (UTC) (envelope-from gshapiro@gshapiro.net) Received: from zim.gshapiro.net (zim.gshapiro.net [IPv6:2001:4f8:3:36::224]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.gshapiro.net", Issuer "Certificate Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id D601BF5D for ; Mon, 15 Jun 2015 03:24:08 +0000 (UTC) (envelope-from gshapiro@gshapiro.net) Received: from minime.local (mx2.proofpoint.com [208.86.202.10]) (authenticated bits=0) by zim.gshapiro.net (8.15.1.30/8.15.1.30) with ESMTPSA id t5F3O3rZ021826 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sun, 14 Jun 2015 20:24:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=gshapiro.net; s=gatsby.dkim; t=1434338647; bh=vgpbW2XpIZiAJlLTNbGv8KIONuaqJWPBWxWYzWNTY+8=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=ChS+3vw/zj/fJdPpcPB+llVd/pbixsJKVJ2ojurax8zNFaaYuTnnE+4I3A6TSsAzE VMPpKw5yb8mgWbbdKHT8YCHqLCgcJi30Sj9DsLLta4lrNsuhLP69VqZTjc9WD9USWt DL4G8efItitk4l/ZQgLZ7/4bfm+GDPPzE0e06YQ8= Date: Sun, 14 Jun 2015 20:23:33 -0700 From: Gregory Shapiro To: Frank Seltzer Cc: freebsd-stable@freebsd.org Subject: Re: Sendmail problem after upgrade to r284296 Message-ID: <20150615032333.GE21822@minime.local> References: <20150614165507.GD95564@minime.local> <20150614180142.GE95564@minime.local> <20150615013517.GA19755@minime.local> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Jun 2015 03:24:09 -0000 > I created it per your instructions. See above about it not existing > previously. Oh, sorry for the confusion. Seems an emergency patch is in order to change the default. Would you be willing to test this patch (apply, build, install, remove dh.params file, and restart)? The patch changes the client and server default to 2048 (previous 512 and 1024) to help mitigate LogJam/WeakDH. Index: src/tls.c =================================================================== --- src/tls.c (revision 284402) +++ src/tls.c (working copy) @@ -676,8 +676,8 @@ } if (dhparam == NULL) { - dhparam = srv ? "1" : "5"; - req |= (srv ? TLS_I_DH1024 : TLS_I_DH512); + dhparam = "2"; + req |= TLS_I_DH2048; } else if (*dhparam == '/') { From owner-freebsd-stable@FreeBSD.ORG Mon Jun 15 04:23:05 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 9B3C5FF7 for ; Mon, 15 Jun 2015 04:23:05 +0000 (UTC) (envelope-from gshapiro@gshapiro.net) Received: from zim.gshapiro.net (zim.gshapiro.net [IPv6:2001:4f8:3:36::224]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.gshapiro.net", Issuer "Certificate Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 62F7DEE9 for ; Mon, 15 Jun 2015 04:23:05 +0000 (UTC) (envelope-from gshapiro@gshapiro.net) Received: from minime.local (mx2.proofpoint.com [208.86.202.10]) (authenticated bits=0) by zim.gshapiro.net (8.15.1.30/8.15.1.30) with ESMTPSA id t5F4N15o022901 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sun, 14 Jun 2015 21:23:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=gshapiro.net; s=gatsby.dkim; t=1434342184; bh=mm7sch0F2dCXrP0pmgYd0Eqej0JOsHFAg3m0d61uTtg=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=Yv639z3yQ/gbm98j5tI4npoiTbo5IXgcQZ669BywqxV+HZLNWe04t+FCJTga74TxE +UuvnZ5+2G3Kw9i5dTErNBLKneeaZvvs1dqkxIVmkYaUPGFXkzlS3k/CtO7z1ZY3BH 4Su/FkxIzpXTROnflNRo37GRBvG6ErN5hrQ4BfpE= Date: Sun, 14 Jun 2015 21:22:31 -0700 From: Gregory Shapiro To: Frank Seltzer Cc: freebsd-stable@freebsd.org Subject: Re: Sendmail problem after upgrade to r284296 Message-ID: <20150615042231.GF21822@minime.local> References: <20150614165507.GD95564@minime.local> <20150614180142.GE95564@minime.local> <20150615013517.GA19755@minime.local> <20150615032333.GE21822@minime.local> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20150615032333.GE21822@minime.local> User-Agent: Mutt/1.5.23 (2014-03-12) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Jun 2015 04:23:05 -0000 On Sun, Jun 14, 2015 at 08:23:33PM -0700, Gregory Shapiro wrote: > > I created it per your instructions. See above about it not existing > > previously. > > Oh, sorry for the confusion. Seems an emergency patch is in order to change the default. For now, I've add an UPDATING entry: +20150614: + The import of openssl to address the FreeBSD-SA-15:10.openssl + security advisory includes a change which rejects handshakes + with DH parameters below 768 bits. sendmail releases prior + to 8.15.2 (not yet released), defaulted to a 512 bit + DH parameter setting for client connections. To work around + this interoperability, sendmail can be configured to use a + 2048 bit DH parameter by: + + 1. Edit /etc/mail/`hostname`.mc + 2. If a setting for confDH_PARAMETERS does not exist or + exists and is set to a string beginning with '5', + replace it with '2'. + 3. If a setting for confDH_PARAMETERS exists and is set to + a file path, create a new file with: + openssl dhparam -out /path/to/file 2048 + 4. Rebuild the .cf file: + cd /etc/mail/; make; make install + 5. Restart sendmail: + cd /etc/mail/; make restart + + A sendmail patch is coming, at which time this file will be + updated. From owner-freebsd-stable@FreeBSD.ORG Mon Jun 15 08:29:49 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 720EAC0B for ; Mon, 15 Jun 2015 08:29:49 +0000 (UTC) (envelope-from ronald-lists@klop.ws) Received: from smarthost1.greenhost.nl (smarthost1.greenhost.nl [195.190.28.81]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 3529FEBE for ; Mon, 15 Jun 2015 08:29:48 +0000 (UTC) (envelope-from ronald-lists@klop.ws) Received: from smtp.greenhost.nl ([213.108.104.138]) by smarthost1.greenhost.nl with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from ) id 1Z4Pm1-0005uC-WB; Mon, 15 Jun 2015 10:29:47 +0200 Content-Type: text/plain; charset=utf-8; format=flowed; delsp=yes To: freebsd-stable@freebsd.org, "Marko Turk" Subject: Re: Vbox kernel module panic on boot References: <20150612193529.GB9045@vps.markoturk.info> <44y4jo8zyo.fsf@be-well.ilk.org> <20150614192340.GD9045@vps.markoturk.info> Date: Mon, 15 Jun 2015 10:29:40 +0200 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: "Ronald Klop" Message-ID: In-Reply-To: <20150614192340.GD9045@vps.markoturk.info> User-Agent: Opera Mail/1.0 (Win32) X-Authenticated-As-Hash: 398f5522cb258ce43cb679602f8cfe8b62a256d1 X-Virus-Scanned: by clamav at smarthost1.samage.net X-Spam-Level: - X-Spam-Score: -1.0 X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED, BAYES_40, URIBL_BLOCKED autolearn=disabled version=3.3.1 X-Scan-Signature: 645486d610a00fe5591aab0f6aa1616b X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Jun 2015 08:29:49 -0000 On Sun, 14 Jun 2015 21:23:40 +0200, Marko Turk wrote: > On Fri, Jun 12, 2015 at 03:54:23PM -0400, Lowell Gilbert wrote: >> You rebuilt the vbox module, yes? > > No, I didn't have to before. > > Thanks for the answer, I will rebuild the module and try again. > > BR, > Marko You can use PORTS_MODULES to prevent this in the future. See https://www.freebsd.org/cgi/man.cgi?query=build(7)&sektion= Regards, Ronald. From owner-freebsd-stable@FreeBSD.ORG Mon Jun 15 12:22:27 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 18B812FD for ; Mon, 15 Jun 2015 12:22:27 +0000 (UTC) (envelope-from frank_s@bellsouth.net) Received: from fmailhost01.isp.att.net (fmailhost01.isp.att.net [207.115.11.51]) by mx1.freebsd.org (Postfix) with ESMTP id 02FF6176 for ; Mon, 15 Jun 2015 12:22:26 +0000 (UTC) (envelope-from frank_s@bellsouth.net) Received: from ace.nina.org (adsl-74-178-59-239.gnv.bellsouth.net[74.178.59.239]) by isp.att.net (frfwmhc01) with SMTP id <20150615122221H0100m3oume>; Mon, 15 Jun 2015 12:22:21 +0000 X-Originating-IP: [74.178.59.239] Date: Mon, 15 Jun 2015 08:22:24 -0400 (EDT) From: Frank Seltzer X-X-Sender: frank_s@Ace.nina.org To: Gregory Shapiro cc: freebsd-stable@freebsd.org Subject: Re: Sendmail problem after upgrade to r284296 In-Reply-To: <20150615032333.GE21822@minime.local> Message-ID: References: <20150614165507.GD95564@minime.local> <20150614180142.GE95564@minime.local> <20150615013517.GA19755@minime.local> <20150615032333.GE21822@minime.local> User-Agent: Alpine 2.20 (BSF 67 2015-01-07) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Jun 2015 12:22:27 -0000 On Sun, 14 Jun 2015, Gregory Shapiro wrote: >> I created it per your instructions. See above about it not existing >> previously. > > Oh, sorry for the confusion. Seems an emergency patch is in order to change the default. > > Would you be willing to test this patch (apply, build, install, remove dh.params file, and restart)? > > The patch changes the client and server default to 2048 (previous 512 and 1024) to help mitigate LogJam/WeakDH. > > Index: src/tls.c > =================================================================== > --- src/tls.c (revision 284402) > +++ src/tls.c (working copy) > @@ -676,8 +676,8 @@ > } > if (dhparam == NULL) > { > - dhparam = srv ? "1" : "5"; > - req |= (srv ? TLS_I_DH1024 : TLS_I_DH512); > + dhparam = "2"; > + req |= TLS_I_DH2048; > } > else if (*dhparam == '/') > { Do you mean just build and install sendmail or world and kernel? I can do world and kernel if you want me to, it only takes about 2 hours to build world and 20 minutes to build the kernel so it's no big deal. I'll need instruction on how to patch the file though, I've never done it before. From owner-freebsd-stable@FreeBSD.ORG Mon Jun 15 15:36:15 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C57E5DE2; Mon, 15 Jun 2015 15:36:15 +0000 (UTC) (envelope-from jenkins-admin@freebsd.org) Received: from jenkins-9.freebsd.org (jenkins-9.freebsd.org [8.8.178.209]) by mx1.freebsd.org (Postfix) with ESMTP id B5AB88F2; Mon, 15 Jun 2015 15:36:15 +0000 (UTC) (envelope-from jenkins-admin@freebsd.org) Received: from jenkins-9.freebsd.org (localhost [127.0.0.1]) by jenkins-9.freebsd.org (Postfix) with ESMTP id 8F045E4A; Mon, 15 Jun 2015 15:36:14 +0000 (UTC) Date: Mon, 15 Jun 2015 15:36:10 +0000 (GMT) From: jenkins-admin@freebsd.org To: jenkins-admin@FreeBSD.org, freebsd-stable@FreeBSD.org, freebsd-i386@FreeBSD.org Message-ID: <567034783.1.1434382572553.JavaMail.jenkins@jenkins-9.freebsd.org> Subject: $PROJECT_NAME - Build #$BUILD_NUMBER - $BUILD_STATUS MIME-Version: 1.0 X-Jenkins-Job: FreeBSD_STABLE_10-i386 X-Jenkins-Result: FAILURE Precedence: bulk Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Jun 2015 15:36:15 -0000 $PROJECT_NAME - Build #$BUILD_NUMBER - $BUILD_STATUS: Check console output at $BUILD_URL to view the results. From owner-freebsd-stable@FreeBSD.ORG Mon Jun 15 16:49:32 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 75E31831 for ; Mon, 15 Jun 2015 16:49:32 +0000 (UTC) (envelope-from kob6558@gmail.com) Received: from mail-oi0-x22d.google.com (mail-oi0-x22d.google.com [IPv6:2607:f8b0:4003:c06::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 34C63EB4 for ; Mon, 15 Jun 2015 16:49:32 +0000 (UTC) (envelope-from kob6558@gmail.com) Received: by oial131 with SMTP id l131so29810093oia.3 for ; Mon, 15 Jun 2015 09:49:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=IPy+SzMRFmNMnTPybXnsavLMWDjs0+rfsMGMTyOCc8g=; b=nAM7EtZPgPROz2/2YMl5V2Qejn2LT+L6faqaR4kpgLXocd/pi2Pk/fy/qP/veHGTHk U4Hfbqs/ipZ6haFhtK082UxXrk0t3hdb3Fq9oEfNzcmeL+v7p/Y1miMEI+sAXAdkeWmq UETG03oVD+3fc/JtCT2WS0rYmaSjqvRRdRtZpDwxqucdkpSxZDQ18Ni9Bs2McT+SQIwh bS282ye7hoajsyl2DutaIoF3NgIC0nYnOROzqAJHXvw8UrwKFO61SVBeyWgU6+qznD+3 Wn5QvzTuD0Zxec0bfdX9C66loQ+x07lV/Cu3v+SBoG7tHwZEtnYnWwCL/k7rMtcVXYho +Bvg== MIME-Version: 1.0 X-Received: by 10.202.188.139 with SMTP id m133mr23431656oif.73.1434386971315; Mon, 15 Jun 2015 09:49:31 -0700 (PDT) Sender: kob6558@gmail.com Received: by 10.202.221.69 with HTTP; Mon, 15 Jun 2015 09:49:31 -0700 (PDT) In-Reply-To: References: <20150614165507.GD95564@minime.local> <20150614180142.GE95564@minime.local> <20150615013517.GA19755@minime.local> <20150615032333.GE21822@minime.local> Date: Mon, 15 Jun 2015 09:49:31 -0700 X-Google-Sender-Auth: L9u9XsXr80IHdP1Srh5aC0y5vps Message-ID: Subject: Re: Sendmail problem after upgrade to r284296 From: Kevin Oberman To: Frank Seltzer Cc: Gregory Shapiro , FreeBSD-STABLE Mailing List Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Jun 2015 16:49:32 -0000 On Mon, Jun 15, 2015 at 5:22 AM, Frank Seltzer wrote: > On Sun, 14 Jun 2015, Gregory Shapiro wrote: > > I created it per your instructions. See above about it not existing >>> previously. >>> >> >> Oh, sorry for the confusion. Seems an emergency patch is in order to >> change the default. >> >> Would you be willing to test this patch (apply, build, install, remove >> dh.params file, and restart)? >> >> The patch changes the client and server default to 2048 (previous 512 and >> 1024) to help mitigate LogJam/WeakDH. >> >> Index: src/tls.c >> =================================================================== >> --- src/tls.c (revision 284402) >> +++ src/tls.c (working copy) >> @@ -676,8 +676,8 @@ >> } >> if (dhparam == NULL) >> { >> - dhparam = srv ? "1" : "5"; >> - req |= (srv ? TLS_I_DH1024 : TLS_I_DH512); >> + dhparam = "2"; >> + req |= TLS_I_DH2048; >> } >> else if (*dhparam == '/') >> { >> > > Do you mean just build and install sendmail or world and kernel? I can do > world and kernel if you want me to, it only takes about 2 hours to build > world and 20 minutes to build the kernel so it's no big deal. I'll need > instruction on how to patch the file though, I've never done it before. > No meed to rebuild the kernel (this is a patch to sendmail and is not tied to the kernel in any way) or world. Just rebuild sendmail. # cd /usr/src/contrib/sendmail # patch < PATCHFILE (or edit the file by hand) # cd /usr/src/usr.sbin/sendmail # make obj # make clean # make # make install That should do it. -- Kevin Oberman, Network Engineer, Retired E-mail: rkoberman@gmail.com From owner-freebsd-stable@FreeBSD.ORG Mon Jun 15 19:36:58 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 11AE4CC6; Mon, 15 Jun 2015 19:36:58 +0000 (UTC) (envelope-from jenkins-admin@freebsd.org) Received: from jenkins-9.freebsd.org (jenkins-9.freebsd.org [8.8.178.209]) by mx1.freebsd.org (Postfix) with ESMTP id 002DBF74; Mon, 15 Jun 2015 19:36:58 +0000 (UTC) (envelope-from jenkins-admin@freebsd.org) Received: from jenkins-9.freebsd.org (localhost [127.0.0.1]) by jenkins-9.freebsd.org (Postfix) with ESMTP id 49BE7E9A; Mon, 15 Jun 2015 19:36:58 +0000 (UTC) Date: Mon, 15 Jun 2015 19:36:58 +0000 (GMT) From: jenkins-admin@freebsd.org To: jenkins-admin@FreeBSD.org, freebsd-stable@FreeBSD.org, freebsd-i386@FreeBSD.org Message-ID: <490088536.7.1434397018251.JavaMail.jenkins@jenkins-9.freebsd.org> In-Reply-To: <567034783.1.1434382572553.JavaMail.jenkins@jenkins-9.freebsd.org> References: <567034783.1.1434382572553.JavaMail.jenkins@jenkins-9.freebsd.org> Subject: $PROJECT_NAME - Build #$BUILD_NUMBER - $BUILD_STATUS MIME-Version: 1.0 X-Jenkins-Job: FreeBSD_STABLE_10-i386 X-Jenkins-Result: FAILURE Precedence: bulk Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Jun 2015 19:36:58 -0000 $PROJECT_NAME - Build #$BUILD_NUMBER - $BUILD_STATUS: Check console output at $BUILD_URL to view the results. From owner-freebsd-stable@FreeBSD.ORG Mon Jun 15 21:04:57 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 582337B1 for ; Mon, 15 Jun 2015 21:04:57 +0000 (UTC) (envelope-from ronald-lists@klop.ws) Received: from smarthost1.greenhost.nl (smarthost1.greenhost.nl [195.190.28.81]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 1B052B00 for ; Mon, 15 Jun 2015 21:04:56 +0000 (UTC) (envelope-from ronald-lists@klop.ws) Received: from smtp.greenhost.nl ([213.108.104.138]) by smarthost1.greenhost.nl with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from ) id 1Z4bYm-0004Vz-9X; Mon, 15 Jun 2015 23:04:53 +0200 Content-Type: text/plain; charset=iso-8859-15; format=flowed; delsp=yes To: "Oliver Pinter" Cc: freebsd-stable@freebsd.org Subject: Re: iwn & Intel Centrino Advanced-N 6235 support in 10-stable References: Date: Mon, 15 Jun 2015 23:04:49 +0200 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: "Ronald Klop" Message-ID: In-Reply-To: User-Agent: Opera Mail/1.0 (Win32) X-Authenticated-As-Hash: bdb49c4ff80bd276e321aade33e76e02752072e2 X-Virus-Scanned: by clamav at smarthost1.samage.net X-Spam-Level: / X-Spam-Score: -0.2 X-Spam-Status: No, score=-0.2 required=5.0 tests=ALL_TRUSTED, BAYES_50, URIBL_BLOCKED autolearn=disabled version=3.3.1 X-Scan-Signature: 258bd43c1b7c380ff6f1b27dffaa1ebc X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Jun 2015 21:04:57 -0000 On Wed, 03 Jun 2015 14:25:23 +0200, Oliver Pinter wrote: > On 6/3/15, Ronald Klop wrote: >> Hello, >> >> I see support for the 6235 in iwn(4) is committed in Dec 2013 to CURRENT >> [1]. I would like to buy one of these for a reasonable price [2]. Will >> it >> be easy to use the driver from current in 10-stable? Or is there a >> reason >> support for this hardware is not MFC'ed? >> >> [1] http://svnweb.freebsd.org/base?view=revision&revision=259116 >> [2] >> http://www.routercenter.nl/product/294857/intel-centrino-advanced-n-6235.html >> >> A recommendation for a better supported card is also welcome. > > Hi Ronald! > > Try this branch: > https://github.com/opntr/opBSD/tree/op/stable/10-stable-hbsd-iwn . > > I backported most of the net80211 and iwn related changes till 2014. > August to 10-STABLE in this branch. Hi, The card is ordered. Will try your branch soon. Is there more in that branch or only WiFi changes? Cheers, Ronald. From owner-freebsd-stable@FreeBSD.ORG Mon Jun 15 21:08:44 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 12E41B32 for ; Mon, 15 Jun 2015 21:08:44 +0000 (UTC) (envelope-from oliver.pinter@hardenedbsd.org) Received: from mail-wi0-f181.google.com (mail-wi0-f181.google.com [209.85.212.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id BCF24B3E for ; Mon, 15 Jun 2015 21:08:43 +0000 (UTC) (envelope-from oliver.pinter@hardenedbsd.org) Received: by wiga1 with SMTP id a1so90555442wig.0 for ; Mon, 15 Jun 2015 14:08:36 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=ys773F/STGu3UH7obg8oXzzigx0JUBXD/coEfqUdXkI=; b=Ebx+EujwFkt42JAvlZAC62Y2g3rBh3UR7tPacEoICFq/g+j3ZByAQcYzHdsf++Bj/W 1BcPiFfpBS3D44P/8K2dEBS7v7bjH1SzQnOQB+AKl7eFRVfmhHC2THJ6cQQ7lHmL1B6x L7bQgC0OZN0yeQCEFZHfJd+VKaaV9YBtCoQ/VL1sbuEgTUcSlXfzYaClC0TMzayBlict MEntpI0nZJMVTyKsfCsMhfPmdqW2ROWOUja/sWqa2WuGmX9lWLwyrwG9m7SdWb9Q4IJh BjJ8SSy/s+t6JoHvzy7oMr+fVOKXTGoa3ol4uW359GHpcT4+MeYoz3LUoMqp7BgsNk6e U1Dw== X-Gm-Message-State: ALoCoQnxomU5/Bo1+wf17gAQIu/mR2MnPdwP684BeDLCIcZqtmGnnbRhIvn9arCL78mRNEZ2qfH5 MIME-Version: 1.0 X-Received: by 10.194.71.226 with SMTP id y2mr53843186wju.34.1434402516600; Mon, 15 Jun 2015 14:08:36 -0700 (PDT) Received: by 10.194.162.225 with HTTP; Mon, 15 Jun 2015 14:08:36 -0700 (PDT) In-Reply-To: References: Date: Mon, 15 Jun 2015 23:08:36 +0200 Message-ID: Subject: Re: iwn & Intel Centrino Advanced-N 6235 support in 10-stable From: Oliver Pinter To: Ronald Klop Cc: freebsd-stable@freebsd.org Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Jun 2015 21:08:44 -0000 On 6/15/15, Ronald Klop wrote: > On Wed, 03 Jun 2015 14:25:23 +0200, Oliver Pinter > wrote: > >> On 6/3/15, Ronald Klop wrote: >>> Hello, >>> >>> I see support for the 6235 in iwn(4) is committed in Dec 2013 to CURRENT >>> [1]. I would like to buy one of these for a reasonable price [2]. Will >>> it >>> be easy to use the driver from current in 10-stable? Or is there a >>> reason >>> support for this hardware is not MFC'ed? >>> >>> [1] http://svnweb.freebsd.org/base?view=revision&revision=259116 >>> [2] >>> http://www.routercenter.nl/product/294857/intel-centrino-advanced-n-6235.html >>> >>> A recommendation for a better supported card is also welcome. >> >> Hi Ronald! >> >> Try this branch: >> https://github.com/opntr/opBSD/tree/op/stable/10-stable-hbsd-iwn . >> >> I backported most of the net80211 and iwn related changes till 2014. >> August to 10-STABLE in this branch. > > Hi, > > The card is ordered. Will try your branch soon. Is there more in that > branch or only WiFi changes? The changes are ontop of HardenedBSD, so there are many of changes. > > Cheers, > Ronald. > From owner-freebsd-stable@FreeBSD.ORG Mon Jun 15 21:36:51 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id ECB3C966; Mon, 15 Jun 2015 21:36:51 +0000 (UTC) (envelope-from jenkins-admin@freebsd.org) Received: from jenkins-9.freebsd.org (jenkins-9.freebsd.org [8.8.178.209]) by mx1.freebsd.org (Postfix) with ESMTP id DB541253; Mon, 15 Jun 2015 21:36:51 +0000 (UTC) (envelope-from jenkins-admin@freebsd.org) Received: from jenkins-9.freebsd.org (localhost [127.0.0.1]) by jenkins-9.freebsd.org (Postfix) with ESMTP id 1F49DECE; Mon, 15 Jun 2015 21:36:52 +0000 (UTC) Date: Mon, 15 Jun 2015 21:36:52 +0000 (GMT) From: jenkins-admin@freebsd.org To: jenkins-admin@FreeBSD.org, freebsd-stable@FreeBSD.org, freebsd-i386@FreeBSD.org Message-ID: <1830947334.12.1434404212057.JavaMail.jenkins@jenkins-9.freebsd.org> In-Reply-To: <490088536.7.1434397018251.JavaMail.jenkins@jenkins-9.freebsd.org> References: <490088536.7.1434397018251.JavaMail.jenkins@jenkins-9.freebsd.org> Subject: $PROJECT_NAME - Build #$BUILD_NUMBER - $BUILD_STATUS MIME-Version: 1.0 X-Jenkins-Job: FreeBSD_STABLE_10-i386 X-Jenkins-Result: FAILURE Precedence: bulk Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Jun 2015 21:36:52 -0000 $PROJECT_NAME - Build #$BUILD_NUMBER - $BUILD_STATUS: Check console output at $BUILD_URL to view the results. From owner-freebsd-stable@FreeBSD.ORG Tue Jun 16 03:05:10 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 6A193A10 for ; Tue, 16 Jun 2015 03:05:10 +0000 (UTC) (envelope-from gshapiro@gshapiro.net) Received: from zim.gshapiro.net (zim.gshapiro.net [IPv6:2001:4f8:3:36::224]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.gshapiro.net", Issuer "Certificate Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 34DE1D44 for ; Tue, 16 Jun 2015 03:05:10 +0000 (UTC) (envelope-from gshapiro@gshapiro.net) Received: from minime.local ([IPv6:2601:647:4e01:8f7b:8164:e3e6:a4ad:6dab]) (authenticated bits=0) by zim.gshapiro.net (8.15.1.30/8.15.1.30) with ESMTPSA id t5G356Vv067366 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 15 Jun 2015 20:05:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=gshapiro.net; s=gatsby.dkim; t=1434423908; bh=KXs6B4RUIwlESNg9xfGAyI546sQvmH2a53McTvLITkc=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=HfIecO+HsITCKvKNH4qUwLYJvcOZAAJrW9sxP4b7QqOS+Ar9Gq9rs5ZdCBYUPJ2/r gLz4zXzGCMBLE0bVqdX23cFL6zLgH2NjOEzwp1o0sfWRWnanZm4drAdkmsEHlb09DQ ZgyqlRrZm5mEo5mEK7uADy+0Si7JBIqaRQBgmepQ= Date: Mon, 15 Jun 2015 20:05:06 -0700 From: Gregory Shapiro To: Frank Seltzer Cc: freebsd-stable@freebsd.org Subject: Re: Sendmail problem after upgrade to r284296 Message-ID: <20150616030506.GE26025@minime.local> References: <20150614165507.GD95564@minime.local> <20150614180142.GE95564@minime.local> <20150615013517.GA19755@minime.local> <20150615032333.GE21822@minime.local> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Jun 2015 03:05:10 -0000 The change of default has been committed to HEAD and will be MFC'ed in the next day or two. Likewise, UPDATING from HEAD has been updated with: 20150615: The fix for the issue described in the 20150614 sendmail entry below has been been committed in revision 284436. The work around described in that entry is no longer needed unless the default setting is overridden by a confDH_PARAMETERS configuration setting of '5' or pointing to a 512 bit DH parameter file. On Mon, Jun 15, 2015 at 08:22:24AM -0400, Frank Seltzer wrote: > On Sun, 14 Jun 2015, Gregory Shapiro wrote: > > >>I created it per your instructions. See above about it not existing > >>previously. > > > >Oh, sorry for the confusion. Seems an emergency patch is in order to change the default. > > > >Would you be willing to test this patch (apply, build, install, remove dh.params file, and restart)? > > > >The patch changes the client and server default to 2048 (previous 512 and 1024) to help mitigate LogJam/WeakDH. > > > >Index: src/tls.c > >=================================================================== > >--- src/tls.c (revision 284402) > >+++ src/tls.c (working copy) > >@@ -676,8 +676,8 @@ > > } > > if (dhparam == NULL) > > { > >- dhparam = srv ? "1" : "5"; > >- req |= (srv ? TLS_I_DH1024 : TLS_I_DH512); > >+ dhparam = "2"; > >+ req |= TLS_I_DH2048; > > } > > else if (*dhparam == '/') > > { > > Do you mean just build and install sendmail or world and kernel? I can do > world and kernel if you want me to, it only takes about 2 hours to build > world and 20 minutes to build the kernel so it's no big deal. I'll need > instruction on how to patch the file though, I've never done it before. > From owner-freebsd-stable@FreeBSD.ORG Tue Jun 16 03:36:54 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 46E2A456; Tue, 16 Jun 2015 03:36:54 +0000 (UTC) (envelope-from jenkins-admin@freebsd.org) Received: from jenkins-9.freebsd.org (jenkins-9.freebsd.org [8.8.178.209]) by mx1.freebsd.org (Postfix) with ESMTP id 3561B614; Tue, 16 Jun 2015 03:36:54 +0000 (UTC) (envelope-from jenkins-admin@freebsd.org) Received: from jenkins-9.freebsd.org (localhost [127.0.0.1]) by jenkins-9.freebsd.org (Postfix) with ESMTP id 56503FA0; Tue, 16 Jun 2015 03:36:49 +0000 (UTC) Date: Tue, 16 Jun 2015 03:36:43 +0000 (GMT) From: jenkins-admin@freebsd.org To: jenkins-admin@FreeBSD.org, freebsd-stable@FreeBSD.org, freebsd-i386@FreeBSD.org Message-ID: <1019783521.21.1434425803822.JavaMail.jenkins@jenkins-9.freebsd.org> In-Reply-To: <1830947334.12.1434404212057.JavaMail.jenkins@jenkins-9.freebsd.org> References: <1830947334.12.1434404212057.JavaMail.jenkins@jenkins-9.freebsd.org> Subject: $PROJECT_NAME - Build #$BUILD_NUMBER - $BUILD_STATUS MIME-Version: 1.0 X-Jenkins-Job: FreeBSD_STABLE_10-i386 X-Jenkins-Result: FAILURE Precedence: bulk Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Jun 2015 03:36:54 -0000 $PROJECT_NAME - Build #$BUILD_NUMBER - $BUILD_STATUS: Check console output at $BUILD_URL to view the results. From owner-freebsd-stable@FreeBSD.ORG Tue Jun 16 07:14:47 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 9FE77C08 for ; Tue, 16 Jun 2015 07:14:47 +0000 (UTC) (envelope-from ortadur@web.de) Received: from mout.web.de (mout.web.de [212.227.17.11]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mout.web.de", Issuer "TeleSec ServerPass DE-1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 397F81D0 for ; Tue, 16 Jun 2015 07:14:46 +0000 (UTC) (envelope-from ortadur@web.de) Received: from [31.16.117.145] by 3capp-webde-bs53.server.lan (via HTTP); Tue, 16 Jun 2015 09:09:25 +0200 MIME-Version: 1.0 Message-ID: From: "Andre Meiser" To: freebsd-stable@freebsd.org Subject: Re: Many core dumps in pthread_getspecific. Content-Type: text/plain; charset=UTF-8 Date: Tue, 16 Jun 2015 09:09:25 +0200 Importance: normal Sensitivity: Normal In-Reply-To: <20150614190504.GT2080@kib.kiev.ua> References: <20150603145838.GX2499@kib.kiev.ua> , <20150614190504.GT2080@kib.kiev.ua> X-UI-Message-Type: mail X-Priority: 3 X-Provags-ID: V03:K0:XBIp6OVEuonrI2zPlKx2fyuWi54GOb6hec3t2W4N0P6 t9SJCCX79nPSiDmGCw3GQiBDLL4JDeizPjE+9sMRcE4gkjtep4 asjeVSxo9YQtdeYDd4in5QNZu7mfe2IwX8LaQwonE4uc/3SSyQ QjrckvG2Rnf9a9Pd9eb+eIjIoimzzYx3p9aa5GZztz4Jdcavop YTuh6ZxLyWw8uNg4E223rBmR2axyeGj3tiJa9xpZu7RtjBLcG/ GucS074PWtS2TiDiP0j5pJmQWubNTWHLpA4z0BGz7GNx5Frlyj CIC0zg= X-UI-Out-Filterresults: notjunk:1; X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Jun 2015 07:14:47 -0000 On Sun, Jun 14, 2015 at 21:05 +0200, Konstantin Belousov wrote: > Show me the 'ldd vim' output and output from the > readelf -d vim | grep NEEDED. % ldd /usr/local/bin/vim /usr/local/bin/vim: libm.so.5 => /lib/libm.so.5 (0x800a55000) libncurses.so.8 => /lib/libncurses.so.8 (0x800c7d000) libintl.so.8 => /usr/local/lib/libintl.so.8 (0x800eca000) libpython2.7.so.1 => /usr/local/lib/libpython2.7.so.1 (0x8010d5000) libthr.so.3 => /lib/libthr.so.3 (0x801490000) libc.so.7 => /lib/libc.so.7 (0x8016b5000) libutil.so.9 => /lib/libutil.so.9 (0x801a5e000) % readelf -d /usr/local/bin/vim | grep NEEDED 0x0000000000000001 (NEEDED) Shared library: [libm.so.5] 0x0000000000000001 (NEEDED) Shared library: [libncurses.so.8] 0x0000000000000001 (NEEDED) Shared library: [libintl.so.8] 0x0000000000000001 (NEEDED) Shared library: [libpython2.7.so.1] 0x0000000000000001 (NEEDED) Shared library: [libthr.so.3] 0x0000000000000001 (NEEDED) Shared library: [libc.so.7] Vim is compiled with CSCOPE, DEFAULT_VIMRC, EXUBERANT_CTAGS, NLS, PYTHON and CONSOLE. This vim core dump remains the only one since the recompilation of libc and libthr with debug flag. From owner-freebsd-stable@FreeBSD.ORG Tue Jun 16 07:36:42 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id AA5B6A4 for ; Tue, 16 Jun 2015 07:36:42 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from kib.kiev.ua (kib.kiev.ua [IPv6:2001:470:d5e7:1::1]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 1EC838AC for ; Tue, 16 Jun 2015 07:36:41 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from tom.home (kostik@localhost [127.0.0.1]) by kib.kiev.ua (8.14.9/8.14.9) with ESMTP id t5G7abHd072261 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Tue, 16 Jun 2015 10:36:37 +0300 (EEST) (envelope-from kostikbel@gmail.com) DKIM-Filter: OpenDKIM Filter v2.9.2 kib.kiev.ua t5G7abHd072261 Received: (from kostik@localhost) by tom.home (8.14.9/8.14.9/Submit) id t5G7abuv072260; Tue, 16 Jun 2015 10:36:37 +0300 (EEST) (envelope-from kostikbel@gmail.com) X-Authentication-Warning: tom.home: kostik set sender to kostikbel@gmail.com using -f Date: Tue, 16 Jun 2015 10:36:37 +0300 From: Konstantin Belousov To: Andre Meiser Cc: freebsd-stable@freebsd.org Subject: Re: Many core dumps in pthread_getspecific. Message-ID: <20150616073637.GO2080@kib.kiev.ua> References: <20150603145838.GX2499@kib.kiev.ua> <20150614190504.GT2080@kib.kiev.ua> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) X-Spam-Status: No, score=-2.0 required=5.0 tests=ALL_TRUSTED,BAYES_00, DKIM_ADSP_CUSTOM_MED,FREEMAIL_FROM,NML_ADSP_CUSTOM_MED autolearn=no autolearn_force=no version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on tom.home X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Jun 2015 07:36:42 -0000 On Tue, Jun 16, 2015 at 09:09:25AM +0200, Andre Meiser wrote: > On Sun, Jun 14, 2015 at 21:05 +0200, Konstantin Belousov wrote: > > Show me the 'ldd vim' output and output from the > > readelf -d vim | grep NEEDED. > > % ldd /usr/local/bin/vim > /usr/local/bin/vim: > libm.so.5 => /lib/libm.so.5 (0x800a55000) > libncurses.so.8 => /lib/libncurses.so.8 (0x800c7d000) > libintl.so.8 => /usr/local/lib/libintl.so.8 (0x800eca000) > libpython2.7.so.1 => /usr/local/lib/libpython2.7.so.1 (0x8010d5000) > libthr.so.3 => /lib/libthr.so.3 (0x801490000) > libc.so.7 => /lib/libc.so.7 (0x8016b5000) > libutil.so.9 => /lib/libutil.so.9 (0x801a5e000) > > % readelf -d /usr/local/bin/vim | grep NEEDED > 0x0000000000000001 (NEEDED) Shared library: [libm.so.5] > 0x0000000000000001 (NEEDED) Shared library: [libncurses.so.8] > 0x0000000000000001 (NEEDED) Shared library: [libintl.so.8] > 0x0000000000000001 (NEEDED) Shared library: [libpython2.7.so.1] > 0x0000000000000001 (NEEDED) Shared library: [libthr.so.3] > 0x0000000000000001 (NEEDED) Shared library: [libc.so.7] > > Vim is compiled with CSCOPE, DEFAULT_VIMRC, EXUBERANT_CTAGS, NLS, PYTHON and CONSOLE. > > This vim core dump remains the only one since the recompilation of libc and libthr with debug flag. Ok, so the vim fault is reproducable, I suppose ? >From the core, please do in gdb from the frame 0: info locals info registers disassemble From owner-freebsd-stable@FreeBSD.ORG Tue Jun 16 08:27:53 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 4665918D; Tue, 16 Jun 2015 08:27:53 +0000 (UTC) (envelope-from jenkins-admin@freebsd.org) Received: from jenkins-9.freebsd.org (jenkins-9.freebsd.org [8.8.178.209]) by mx1.freebsd.org (Postfix) with ESMTP id 34F1A6B1; Tue, 16 Jun 2015 08:27:53 +0000 (UTC) (envelope-from jenkins-admin@freebsd.org) Received: from jenkins-9.freebsd.org (localhost [127.0.0.1]) by jenkins-9.freebsd.org (Postfix) with ESMTP id CF1DC8A; Tue, 16 Jun 2015 08:27:53 +0000 (UTC) Date: Tue, 16 Jun 2015 08:27:53 +0000 (GMT) From: jenkins-admin@freebsd.org To: jenkins-admin@FreeBSD.org, freebsd-stable@FreeBSD.org, freebsd-i386@FreeBSD.org Message-ID: <649221889.3.1434443273733.JavaMail.jenkins@jenkins-9.freebsd.org> In-Reply-To: <1019783521.21.1434425803822.JavaMail.jenkins@jenkins-9.freebsd.org> References: <1019783521.21.1434425803822.JavaMail.jenkins@jenkins-9.freebsd.org> Subject: FreeBSD_STABLE_10-i386 - Build #168 - Fixed MIME-Version: 1.0 X-Jenkins-Job: FreeBSD_STABLE_10-i386 X-Jenkins-Result: SUCCESS Precedence: bulk Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Jun 2015 08:27:53 -0000 FreeBSD_STABLE_10-i386 - Build #168 - Fixed: Check console output at https://jenkins.freebsd.org/job/FreeBSD_STABLE_10-i386/168/ to view the results. From owner-freebsd-stable@FreeBSD.ORG Tue Jun 16 16:56:27 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5A6AF1B6 for ; Tue, 16 Jun 2015 16:56:27 +0000 (UTC) (envelope-from rjk@wintek.com) Received: from local.wintek.com (local.wintek.com [72.12.201.234]) by mx1.freebsd.org (Postfix) with ESMTP id 2187632F for ; Tue, 16 Jun 2015 16:56:26 +0000 (UTC) (envelope-from rjk@wintek.com) Received: from rjk.wintek.local (172.28.1.248) by local.wintek.com (172.28.1.234) with Microsoft SMTP Server id 8.3.389.2; Tue, 16 Jun 2015 12:56:06 -0400 Message-ID: <558054EE.4070405@wintek.com> Date: Tue, 16 Jun 2015 12:55:10 -0400 From: Richard Kuhns User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:36.0) Gecko/20100101 Firefox/36.0 SeaMonkey/2.33.1 MIME-Version: 1.0 To: "freebsd-stable@freebsd.org" Subject: Getting going with a new Dell 7810 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Jun 2015 16:56:27 -0000 Greetings all, I've just received a new Dell Precision 7810. I've installed FreeBSD 10.1 (UEFI boot), checked out sources, built world & kernel and am now running r284449. So far, so good. The problem is Xorg. I'm running the latest Xorg in ports; I just did a 'make install clean' in /usr/ports/x11/xorg with no errors. The display card is a FirePro W4100. lspci shows: 03:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] Cape Verde GL [FirePro W4100] It has 4 DisplayPorts, and I have 2 monitors plugged in. If I run 'Xorg -configure' it says Number of created screens does not match number of detected devices. Configuration failed. Looking through /var/log/Xorg.0.log it appears that the X server is trying to use the RADEON driver, but ends with: ===== [ 1292.463] (--) Using syscons driver with X support (version 2.0) [ 1292.463] (--) using VT number 9 [ 1292.485] (II) [KMS] Kernel modesetting enabled. [ 1292.485] (WW) Falling back to old probe method for vesa [ 1292.485] (WW) VGA arbiter: cannot open kernel arbiter, no multi-card support [ 1292.485] (==) RADEON(0): Depth 24, (--) framebuffer bpp 32 [ 1292.485] (II) RADEON(0): Pixel depth = 24 bits stored in 4 bytes (32 bpp pixmaps) [ 1292.485] (==) RADEON(0): Default visual is TrueColor [ 1292.485] (==) RADEON(0): RGB weight 888 [ 1292.485] (II) RADEON(0): Using 8 bits per RGB (8 bit DAC) [ 1292.485] (--) RADEON(0): Chipset: "VERDE" (ChipID = 0x682c) [ 1292.579] (EE) RADEON(0): [drm] Failed to open DRM device for pci:0000:03:00.0: No such file or directory [ 1292.579] (EE) RADEON(0): Kernel modesetting setup failed [ 1292.579] (II) UnloadModule: "radeon" [ 1292.579] (EE) Screen(s) found, but none have a usable configuration. [ 1292.579] (EE) Fatal server error: [ 1292.579] (EE) no screens found(EE) [ 1292.580] (EE) Please consult the The X.Org Foundation support at http://wiki.x.org for help. [ 1292.580] (EE) Please also check the log file at "/var/log/Xorg.0.log" for additional information. [ 1292.580] (EE) [ 1292.580] (EE) Server terminated with error (1). Closing log file. ==== Should I be able to use this video card? I've done some googling, and apparently at least some Linux people are using it. It's not a huge deal if it doesn't work; I can install a Radeon HD 4670 that I know works. If I've mis-configured something, though, I'd like to fix it. Thanks for any comments! -- Richard Kuhns Main Number: 765-742-8428 Wintek Corporation Direct: 765-269-8541 427 N 6th Street Internet Support: 765-269-8503 Lafayette, IN 47901-2211 Consulting: 765-269-8504 From owner-freebsd-stable@FreeBSD.ORG Tue Jun 16 18:39:34 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 7485C7B1 for ; Tue, 16 Jun 2015 18:39:34 +0000 (UTC) (envelope-from ronald-lists@klop.ws) Received: from smarthost1.greenhost.nl (smarthost1.greenhost.nl [195.190.28.81]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 38703FC7 for ; Tue, 16 Jun 2015 18:39:33 +0000 (UTC) (envelope-from ronald-lists@klop.ws) Received: from smtp.greenhost.nl ([213.108.104.138]) by smarthost1.greenhost.nl with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from ) id 1Z4vlW-0004C7-UZ for freebsd-stable@freebsd.org; Tue, 16 Jun 2015 20:39:25 +0200 Content-Type: text/plain; charset=utf-8; format=flowed; delsp=yes To: freebsd-stable@freebsd.org Subject: Re: Getting going with a new Dell 7810 References: <558054EE.4070405@wintek.com> Date: Tue, 16 Jun 2015 20:39:18 +0200 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: "Ronald Klop" Message-ID: In-Reply-To: <558054EE.4070405@wintek.com> User-Agent: Opera Mail/12.16 (FreeBSD) X-Authenticated-As-Hash: 398f5522cb258ce43cb679602f8cfe8b62a256d1 X-Virus-Scanned: by clamav at smarthost1.samage.net X-Spam-Level: / X-Spam-Score: -0.2 X-Spam-Status: No, score=-0.2 required=5.0 tests=ALL_TRUSTED, BAYES_50, URIBL_BLOCKED autolearn=disabled version=3.3.1 X-Scan-Signature: 22b714be0c51703cd3047a81d17f7b3c X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Jun 2015 18:39:34 -0000 What does 'sysctl kern.vty' say? If it is not 'vt', you need the following stuff. /boot/loader.conf should contain kern.vty="vt" And /etc/rc.conf kld_list="radeonkms" Or something similar. FreeBSD is in the transition of old-style syscons- and vt-terminal. The last one has support for modern KMS graphics, but is not the default on 10 yet. Regards, Ronald. On Tue, 16 Jun 2015 18:55:10 +0200, Richard Kuhns wrote: > Greetings all, > > I've just received a new Dell Precision 7810. I've installed FreeBSD > 10.1 (UEFI boot), checked out sources, built world & kernel and am now > running r284449. So far, so good. > > The problem is Xorg. I'm running the latest Xorg in ports; I just did a > 'make install clean' in /usr/ports/x11/xorg with no errors. > > The display card is a FirePro W4100. lspci shows: > > 03:00.0 VGA compatible controller: Advanced Micro Devices, Inc. > [AMD/ATI] Cape Verde GL [FirePro W4100] > > It has 4 DisplayPorts, and I have 2 monitors plugged in. If I run 'Xorg > -configure' it says > > Number of created screens does not match number of detected devices. > Configuration failed. > > Looking through /var/log/Xorg.0.log it appears that the X server is > trying to use the RADEON driver, but ends with: > > ===== > [ 1292.463] (--) Using syscons driver with X support (version 2.0) > [ 1292.463] (--) using VT number 9 > > [ 1292.485] (II) [KMS] Kernel modesetting enabled. > [ 1292.485] (WW) Falling back to old probe method for vesa > [ 1292.485] (WW) VGA arbiter: cannot open kernel arbiter, no multi-card > support > [ 1292.485] (==) RADEON(0): Depth 24, (--) framebuffer bpp 32 > [ 1292.485] (II) RADEON(0): Pixel depth = 24 bits stored in 4 bytes (32 > bpp pixmaps) > [ 1292.485] (==) RADEON(0): Default visual is TrueColor > [ 1292.485] (==) RADEON(0): RGB weight 888 > [ 1292.485] (II) RADEON(0): Using 8 bits per RGB (8 bit DAC) > [ 1292.485] (--) RADEON(0): Chipset: "VERDE" (ChipID = 0x682c) > [ 1292.579] (EE) RADEON(0): [drm] Failed to open DRM device for > pci:0000:03:00.0: No such file or directory > [ 1292.579] (EE) RADEON(0): Kernel modesetting setup failed > [ 1292.579] (II) UnloadModule: "radeon" > [ 1292.579] (EE) Screen(s) found, but none have a usable configuration. > [ 1292.579] (EE) > Fatal server error: > [ 1292.579] (EE) no screens found(EE) > [ 1292.580] (EE) > Please consult the The X.Org Foundation support > at http://wiki.x.org > for help. > [ 1292.580] (EE) Please also check the log file at > "/var/log/Xorg.0.log" for additional information. > [ 1292.580] (EE) > [ 1292.580] (EE) Server terminated with error (1). Closing log file. > ==== > > Should I be able to use this video card? I've done some googling, and > apparently at least some Linux people are using it. > > It's not a huge deal if it doesn't work; I can install a Radeon HD 4670 > that I know works. If I've mis-configured something, though, I'd like to > fix it. > > Thanks for any comments! From owner-freebsd-stable@FreeBSD.ORG Tue Jun 16 19:58:33 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 1C04B657 for ; Tue, 16 Jun 2015 19:58:33 +0000 (UTC) (envelope-from lists@jnielsen.net) Received: from webmail2.jnielsen.net (webmail2.jnielsen.net [50.114.224.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "webmail2.jnielsen.net", Issuer "freebsdsolutions.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 00F85798 for ; Tue, 16 Jun 2015 19:58:32 +0000 (UTC) (envelope-from lists@jnielsen.net) Received: from [10.10.1.196] (office.betterlinux.com [199.58.199.60]) (authenticated bits=0) by webmail2.jnielsen.net (8.15.1/8.15.1) with ESMTPSA id t5GJwMer010621 (version=TLSv1 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 16 Jun 2015 13:58:24 -0600 (MDT) (envelope-from lists@jnielsen.net) X-Authentication-Warning: webmail2.jnielsen.net: Host office.betterlinux.com [199.58.199.60] claimed to be [10.10.1.196] Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2098\)) Subject: Re: Getting going with a new Dell 7810 From: John Nielsen In-Reply-To: Date: Tue, 16 Jun 2015 13:58:21 -0600 Cc: Richard Kuhns Content-Transfer-Encoding: quoted-printable Message-Id: References: <558054EE.4070405@wintek.com> To: FreeBSD stable X-Mailer: Apple Mail (2.2098) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Jun 2015 19:58:33 -0000 On Jun 16, 2015, at 12:39 PM, Ronald Klop wrote: > What does 'sysctl kern.vty' say? If it is not 'vt', you need the = following stuff. >=20 > /boot/loader.conf should contain > kern.vty=3D"vt" >=20 > And /etc/rc.conf > kld_list=3D"radeonkms" >=20 > Or something similar. >=20 > FreeBSD is in the transition of old-style syscons- and vt-terminal. = The last one has support for modern KMS graphics, but is not the default = on 10 yet. With UEFI boot it will be using vt but with the efifb driver by default. = Hopefully loading the radeon KMS driver (as Ronald suggests above) will = let it take over. Try it with just a =E2=80=9Ckldload radeonkms=E2=80=9D = before adding it to rc.conf, just in case something gets wedged.. > On Tue, 16 Jun 2015 18:55:10 +0200, Richard Kuhns = wrote: >=20 >> Greetings all, >>=20 >> I've just received a new Dell Precision 7810. I've installed FreeBSD >> 10.1 (UEFI boot), checked out sources, built world & kernel and am = now >> running r284449. So far, so good. >>=20 >> The problem is Xorg. I'm running the latest Xorg in ports; I just did = a >> 'make install clean' in /usr/ports/x11/xorg with no errors. >>=20 >> The display card is a FirePro W4100. lspci shows: >>=20 >> 03:00.0 VGA compatible controller: Advanced Micro Devices, Inc. >> [AMD/ATI] Cape Verde GL [FirePro W4100] >>=20 >> It has 4 DisplayPorts, and I have 2 monitors plugged in. If I run = 'Xorg >> -configure' it says >>=20 >> Number of created screens does not match number of detected devices. >> Configuration failed. >>=20 >> Looking through /var/log/Xorg.0.log it appears that the X server is >> trying to use the RADEON driver, but ends with: >>=20 >> =3D=3D=3D=3D=3D >> [ 1292.463] (--) Using syscons driver with X support (version 2.0) >> [ 1292.463] (--) using VT number 9 >>=20 >> [ 1292.485] (II) [KMS] Kernel modesetting enabled. >> [ 1292.485] (WW) Falling back to old probe method for vesa >> [ 1292.485] (WW) VGA arbiter: cannot open kernel arbiter, no = multi-card >> support >> [ 1292.485] (=3D=3D) RADEON(0): Depth 24, (--) framebuffer bpp 32 >> [ 1292.485] (II) RADEON(0): Pixel depth =3D 24 bits stored in 4 = bytes (32 >> bpp pixmaps) >> [ 1292.485] (=3D=3D) RADEON(0): Default visual is TrueColor >> [ 1292.485] (=3D=3D) RADEON(0): RGB weight 888 >> [ 1292.485] (II) RADEON(0): Using 8 bits per RGB (8 bit DAC) >> [ 1292.485] (--) RADEON(0): Chipset: "VERDE" (ChipID =3D 0x682c) >> [ 1292.579] (EE) RADEON(0): [drm] Failed to open DRM device for >> pci:0000:03:00.0: No such file or directory >> [ 1292.579] (EE) RADEON(0): Kernel modesetting setup failed >> [ 1292.579] (II) UnloadModule: "radeon" >> [ 1292.579] (EE) Screen(s) found, but none have a usable = configuration. >> [ 1292.579] (EE) >> Fatal server error: >> [ 1292.579] (EE) no screens found(EE) >> [ 1292.580] (EE) >> Please consult the The X.Org Foundation support >> at http://wiki.x.org >> for help. >> [ 1292.580] (EE) Please also check the log file at >> "/var/log/Xorg.0.log" for additional information. >> [ 1292.580] (EE) >> [ 1292.580] (EE) Server terminated with error (1). Closing log file. >> =3D=3D=3D=3D >>=20 >> Should I be able to use this video card? I've done some googling, and >> apparently at least some Linux people are using it. >>=20 >> It's not a huge deal if it doesn't work; I can install a Radeon HD = 4670 >> that I know works. If I've mis-configured something, though, I'd like = to >> fix it. >>=20 >> Thanks for any comments! > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to = "freebsd-stable-unsubscribe@freebsd.org" >=20 From owner-freebsd-stable@FreeBSD.ORG Tue Jun 16 20:29:49 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B26B0561 for ; Tue, 16 Jun 2015 20:29:49 +0000 (UTC) (envelope-from rjk@wintek.com) Received: from local.wintek.com (local.wintek.com [72.12.201.234]) by mx1.freebsd.org (Postfix) with ESMTP id 769C8E90 for ; Tue, 16 Jun 2015 20:29:49 +0000 (UTC) (envelope-from rjk@wintek.com) Received: from rjk.wintek.local (172.28.1.248) by local.wintek.com (172.28.1.234) with Microsoft SMTP Server id 8.3.389.2; Tue, 16 Jun 2015 16:30:38 -0400 Message-ID: <5580873C.3060907@wintek.com> Date: Tue, 16 Jun 2015 16:29:48 -0400 From: Richard Kuhns User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:36.0) Gecko/20100101 Firefox/36.0 SeaMonkey/2.33.1 MIME-Version: 1.0 To: John Nielsen , FreeBSD stable Subject: Re: Getting going with a new Dell 7810 References: <558054EE.4070405@wintek.com> In-Reply-To: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Jun 2015 20:29:49 -0000 On 06/16/15 15:58, John Nielsen wrote: > On Jun 16, 2015, at 12:39 PM, Ronald Klop wrote: > >> What does 'sysctl kern.vty' say? If it is not 'vt', you need the following stuff. >> >> /boot/loader.conf should contain >> kern.vty="vt" >> >> And /etc/rc.conf >> kld_list="radeonkms" >> >> Or something similar. >> >> FreeBSD is in the transition of old-style syscons- and vt-terminal. The last one has support for modern KMS graphics, but is not the default on 10 yet. > > With UEFI boot it will be using vt but with the efifb driver by default. Hopefully loading the radeon KMS driver (as Ronald suggests above) will let it take over. Try it with just a “kldload radeonkms†before adding it to rc.conf, just in case something gets wedged.. As you said, it is using vt. Unfortunately loading radeonkms didn't help. It actually seems to be a regression; the only RADEON line /var/log/Xorg.0.log now is the one that lists all the supported chipsets. Immediately after that line it ends with ==== [ 4005.835] (II) VESA: driver for VESA chipsets: vesa [ 4005.835] (++) Using config file: "/home/rjk/xorg.conf.new" [ 4005.836] (==) ServerLayout "X.org Configured" [ 4005.836] (**) |-->Screen "Screen0" (0) [ 4005.836] (**) | |-->Monitor "Monitor0" [ 4005.836] (**) | |-->Device "Card0" [ 4005.836] (**) |-->Screen "Screen1" (1) [ 4005.836] (**) | |-->Monitor "Monitor1" [ 4005.836] (**) | |-->Device "Card1" [ 4005.836] (**) |-->Input Device "Mouse0" [ 4005.836] (**) |-->Input Device "Keyboard0" [ 4005.836] (==) Automatically adding devices [ 4005.836] (==) Automatically enabling devices [ 4005.836] (==) Not automatically adding GPU devices [ 4005.836] (**) FontPath set to: /usr/local/share/fonts/misc/, /usr/local/share/fonts/TTF/, /usr/local/share/fonts/OTF/, /usr/local/share/fonts/Type1/, /usr/local/share/fonts/100dpi/, /usr/local/share/fonts/75dpi/, /usr/local/share/fonts/misc/, /usr/local/share/fonts/TTF/, /usr/local/share/fonts/OTF/, /usr/local/share/fonts/Type1/, /usr/local/share/fonts/100dpi/, /usr/local/share/fonts/75dpi/ [ 4005.836] (**) ModulePath set to "/usr/local/lib/xorg/modules" [ 4005.836] (WW) Hotplugging is on, devices using drivers 'kbd', 'mouse' or 'vmmouse' will be disabled. [ 4005.836] (WW) Disabling Mouse0 [ 4005.836] (WW) Disabling Keyboard0 [ 4005.836] (II) [KMS] Kernel modesetting enabled. [ 4005.836] (WW) Falling back to old probe method for vesa [ 4005.836] Number of created screens does not match number of detected devices. Configuration failed. [ 4005.836] (EE) Server terminated with error (2). Closing log file. ==== I noticed in the previous log that it said >>> [ 1292.463] (--) Using syscons driver with X support (version 2.0) which made me think I had something set up incorrectly, since it's using vt, not syscons. >> On Tue, 16 Jun 2015 18:55:10 +0200, Richard Kuhns wrote: >> >>> Greetings all, >>> >>> I've just received a new Dell Precision 7810. I've installed FreeBSD >>> 10.1 (UEFI boot), checked out sources, built world & kernel and am now >>> running r284449. So far, so good. >>> >>> The problem is Xorg. I'm running the latest Xorg in ports; I just did a >>> 'make install clean' in /usr/ports/x11/xorg with no errors. >>> >>> The display card is a FirePro W4100. lspci shows: >>> >>> 03:00.0 VGA compatible controller: Advanced Micro Devices, Inc. >>> [AMD/ATI] Cape Verde GL [FirePro W4100] >>> >>> It has 4 DisplayPorts, and I have 2 monitors plugged in. If I run 'Xorg >>> -configure' it says >>> >>> Number of created screens does not match number of detected devices. >>> Configuration failed. >>> >>> Looking through /var/log/Xorg.0.log it appears that the X server is >>> trying to use the RADEON driver, but ends with: >>> >>> ===== >>> [ 1292.463] (--) Using syscons driver with X support (version 2.0) >>> [ 1292.463] (--) using VT number 9 >>> >>> [ 1292.485] (II) [KMS] Kernel modesetting enabled. >>> [ 1292.485] (WW) Falling back to old probe method for vesa >>> [ 1292.485] (WW) VGA arbiter: cannot open kernel arbiter, no multi-card >>> support >>> [ 1292.485] (==) RADEON(0): Depth 24, (--) framebuffer bpp 32 >>> [ 1292.485] (II) RADEON(0): Pixel depth = 24 bits stored in 4 bytes (32 >>> bpp pixmaps) >>> [ 1292.485] (==) RADEON(0): Default visual is TrueColor >>> [ 1292.485] (==) RADEON(0): RGB weight 888 >>> [ 1292.485] (II) RADEON(0): Using 8 bits per RGB (8 bit DAC) >>> [ 1292.485] (--) RADEON(0): Chipset: "VERDE" (ChipID = 0x682c) >>> [ 1292.579] (EE) RADEON(0): [drm] Failed to open DRM device for >>> pci:0000:03:00.0: No such file or directory >>> [ 1292.579] (EE) RADEON(0): Kernel modesetting setup failed >>> [ 1292.579] (II) UnloadModule: "radeon" >>> [ 1292.579] (EE) Screen(s) found, but none have a usable configuration. >>> [ 1292.579] (EE) >>> Fatal server error: >>> [ 1292.579] (EE) no screens found(EE) >>> [ 1292.580] (EE) >>> Please consult the The X.Org Foundation support >>> at http://wiki.x.org >>> for help. >>> [ 1292.580] (EE) Please also check the log file at >>> "/var/log/Xorg.0.log" for additional information. >>> [ 1292.580] (EE) >>> [ 1292.580] (EE) Server terminated with error (1). Closing log file. >>> ==== >>> >>> Should I be able to use this video card? I've done some googling, and >>> apparently at least some Linux people are using it. >>> >>> It's not a huge deal if it doesn't work; I can install a Radeon HD 4670 >>> that I know works. If I've mis-configured something, though, I'd like to >>> fix it. >>> >>> Thanks for any comments! >> _______________________________________________ >> freebsd-stable@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-stable >> To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" >> > -- Richard Kuhns Main Number: 765-742-8428 Wintek Corporation Direct: 765-269-8541 427 N 6th Street Internet Support: 765-269-8503 Lafayette, IN 47901-2211 Consulting: 765-269-8504 From owner-freebsd-stable@FreeBSD.ORG Wed Jun 17 07:24:21 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id D8B61A07; Wed, 17 Jun 2015 07:24:21 +0000 (UTC) (envelope-from FreeBSD@shaneware.biz) Received: from ipmail06.adl2.internode.on.net (ipmail06.adl2.internode.on.net [150.101.137.129]) by mx1.freebsd.org (Postfix) with ESMTP id 4585020A; Wed, 17 Jun 2015 07:24:20 +0000 (UTC) (envelope-from FreeBSD@shaneware.biz) Received: from ppp118-210-151-206.lns20.adl6.internode.on.net (HELO leader.local) ([118.210.151.206]) by ipmail06.adl2.internode.on.net with ESMTP; 17 Jun 2015 16:54:19 +0930 Message-ID: <5581209E.1070905@ShaneWare.Biz> Date: Wed, 17 Jun 2015 16:54:14 +0930 From: Shane Ambler User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 MIME-Version: 1.0 To: Andriy Gapon , Hans Petter Selasky , freebsd-stable@FreeBSD.org Subject: Re: Help debugging stable/10 References: <5488F58D.7060708@ShaneWare.Biz> <201412161129.57704.jhb@freebsd.org> <549BC924.3050402@ShaneWare.Biz> <549BD90B.2050000@selasky.org> <549C042D.3090108@FreeBSD.org> <55103050.6030904@ShaneWare.Biz> In-Reply-To: <55103050.6030904@ShaneWare.Biz> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Jun 2015 07:24:21 -0000 On 24/03/2015 01:55, Shane Ambler wrote: > On 25/12/2014 23:03, Andriy Gapon wrote: >> On 25/12/2014 11:29, Hans Petter Selasky wrote: >>> The cam_sim_free() is stuck, blocking the rest of that controller from >>> enumerating. It might look like a non-USB stack issue. >>> >>> MAV: Do you have some ideas where to start looking, now we have a >>> dump? Any >>> refcounts to check in particular? >> >> Apparently sim->refcount > 0. >> Not sure how to check who has the reference(s). >> Can anyone think of something I can try? To recap to save you going back through history - After running 9.0 - 9.2 for 3 years I upgraded to 10.1RC3 and started getting a locking issue, most new processes fail to start, top and ps failing being indicators, the most info I have got is a back trace using kgdb, there are 4 instances I got output from procstat -kk -a On several occasions I have found that after inserting a usb memstick the device failed to be created, leaving me unable to mount the filesystem without a restart. I then switched to stable/10 in hopes of a fix finding it's way in. The back traces I have been able to collect (and a dmesg) are listed at http://shaneware.biz/freebsddebugdata/ This is my everyday desktop machine. I am now running FreeBSD leader.local 10.1-STABLE FreeBSD 10.1-STABLE #11 r283839: Thu Jun 4 17:41:28 ACST 2015 root@leader.local:/usr/obj/usr/src/sys /GENERIC amd64 I can only say it appears to be getting worse, though I may just be getting sick of having to restart nearly every day. Lately it seems that the less I do the quicker it locks up. I have restarted twice this week and then let it sit while I have gone out, after returning I get maybe 10-15 mins then have to restart, one of them was less than an hour uptime. While running poudriere I have got past 1 day uptime but it locks up harder and I don't usually get a chance to record any data. -- FreeBSD - the place to B...Software Developing Shane Ambler From owner-freebsd-stable@FreeBSD.ORG Wed Jun 17 13:10:54 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E68DE8DA; Wed, 17 Jun 2015 13:10:54 +0000 (UTC) (envelope-from hps@selasky.org) Received: from mail.turbocat.net (heidi.turbocat.net [88.198.202.214]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id A6DF2A7A; Wed, 17 Jun 2015 13:10:54 +0000 (UTC) (envelope-from hps@selasky.org) Received: from laptop015.home.selasky.org (cm-176.74.213.204.customer.telag.net [176.74.213.204]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.turbocat.net (Postfix) with ESMTPSA id 370641FE023; Wed, 17 Jun 2015 09:51:27 +0200 (CEST) Message-ID: <55812736.5070504@selasky.org> Date: Wed, 17 Jun 2015 09:52:22 +0200 From: Hans Petter Selasky User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 MIME-Version: 1.0 To: Shane Ambler , Andriy Gapon , freebsd-stable@FreeBSD.org Subject: Re: Help debugging stable/10 References: <5488F58D.7060708@ShaneWare.Biz> <201412161129.57704.jhb@freebsd.org> <549BC924.3050402@ShaneWare.Biz> <549BD90B.2050000@selasky.org> <549C042D.3090108@FreeBSD.org> <55103050.6030904@ShaneWare.Biz> <5581209E.1070905@ShaneWare.Biz> In-Reply-To: <5581209E.1070905@ShaneWare.Biz> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Jun 2015 13:10:55 -0000 On 06/17/15 09:24, Shane Ambler wrote: > On 24/03/2015 01:55, Shane Ambler wrote: >> On 25/12/2014 23:03, Andriy Gapon wrote: >>> On 25/12/2014 11:29, Hans Petter Selasky wrote: >>>> The cam_sim_free() is stuck, blocking the rest of that controller from >>>> enumerating. It might look like a non-USB stack issue. >>>> >>>> MAV: Do you have some ideas where to start looking, now we have a >>>> dump? Any >>>> refcounts to check in particular? >>> >>> Apparently sim->refcount > 0. >>> Not sure how to check who has the reference(s). >>> > > Can anyone think of something I can try? > > To recap to save you going back through history - > After running 9.0 - 9.2 for 3 years I upgraded to 10.1RC3 and started > getting a locking issue, most new processes fail to start, top and ps > failing being indicators, the most info I have got is a back trace > using kgdb, there are 4 instances I got output from procstat -kk -a > > On several occasions I have found that after inserting a usb memstick > the device failed to be created, leaving me unable to mount the > filesystem without a restart. > > I then switched to stable/10 in hopes of a fix finding it's way in. > > The back traces I have been able to collect (and a dmesg) are listed at > http://shaneware.biz/freebsddebugdata/ > > This is my everyday desktop machine. I am now running > > FreeBSD leader.local 10.1-STABLE FreeBSD 10.1-STABLE #11 r283839: Thu > Jun 4 17:41:28 ACST 2015 root@leader.local:/usr/obj/usr/src/sys > /GENERIC amd64 > > I can only say it appears to be getting worse, though I may just be > getting sick of having to restart nearly every day. Lately it seems that > the less I do the quicker it locks up. I have restarted twice this week > and then let it sit while I have gone out, after returning I get maybe > 10-15 mins then have to restart, one of them was less than an hour uptime. > > While running poudriere I have got past 1 day uptime but it locks up > harder and I don't usually get a chance to record any data. > > Hi, One solution is to use fuse instead of the native fs, until the CAM/SCSI refcount issues are resolved. --HPS From owner-freebsd-stable@FreeBSD.ORG Wed Jun 17 13:49:27 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id ED3C8EC3 for ; Wed, 17 Jun 2015 13:49:27 +0000 (UTC) (envelope-from ronald-lists@klop.ws) Received: from smarthost1.greenhost.nl (smarthost1.greenhost.nl [195.190.28.81]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id AEC6D920 for ; Wed, 17 Jun 2015 13:49:27 +0000 (UTC) (envelope-from ronald-lists@klop.ws) Received: from smtp.greenhost.nl ([213.108.104.138]) by smarthost1.greenhost.nl with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from ) id 1Z58Oi-0003mO-Cc for freebsd-stable@freebsd.org; Wed, 17 Jun 2015 10:08:42 +0200 Content-Type: text/plain; charset=utf-8; format=flowed; delsp=yes To: freebsd-stable@freebsd.org Subject: Re: Getting going with a new Dell 7810 References: <558054EE.4070405@wintek.com> <5580873C.3060907@wintek.com> Date: Wed, 17 Jun 2015 10:08:35 +0200 MIME-Version: 1.0 Content-Transfer-Encoding: Quoted-Printable From: "Ronald Klop" Message-ID: In-Reply-To: <5580873C.3060907@wintek.com> User-Agent: Opera Mail/12.16 (FreeBSD) X-Authenticated-As-Hash: 398f5522cb258ce43cb679602f8cfe8b62a256d1 X-Virus-Scanned: by clamav at smarthost1.samage.net X-Spam-Level: / X-Spam-Score: -0.2 X-Spam-Status: No, score=-0.2 required=5.0 tests=ALL_TRUSTED, BAYES_50, URIBL_BLOCKED autolearn=disabled version=3.3.1 X-Scan-Signature: 0b90d2ac815c9ef578df8ccc1b50cfb0 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Jun 2015 13:49:28 -0000 On Tue, 16 Jun 2015 22:29:48 +0200, Richard Kuhns wrote= : > On 06/16/15 15:58, John Nielsen wrote: >> On Jun 16, 2015, at 12:39 PM, Ronald Klop wrot= e: >> >>> What does 'sysctl kern.vty' say? If it is not 'vt', you need the = >>> following stuff. >>> >>> /boot/loader.conf should contain >>> kern.vty=3D"vt" >>> >>> And /etc/rc.conf >>> kld_list=3D"radeonkms" >>> >>> Or something similar. >>> >>> FreeBSD is in the transition of old-style syscons- and vt-terminal. = = >>> The last one has support for modern KMS graphics, but is not the = >>> default on 10 yet. >> >> With UEFI boot it will be using vt but with the efifb driver by = >> default. Hopefully loading the radeon KMS driver (as Ronald suggests = = >> above) will let it take over. Try it with just a =E2=80=9Ckldload rad= eonkms=E2=80=9D = >> before adding it to rc.conf, just in case something gets wedged.. > > As you said, it is using vt. Unfortunately loading radeonkms didn't > help. It actually seems to be a regression; the only RADEON line > /var/log/Xorg.0.log now is the one that lists all the supported > chipsets. Immediately after that line it ends with > > =3D=3D=3D=3D > [ 4005.835] (II) VESA: driver for VESA chipsets: vesa > [ 4005.835] (++) Using config file: "/home/rjk/xorg.conf.new" > [ 4005.836] (=3D=3D) ServerLayout "X.org Configured" > [ 4005.836] (**) |-->Screen "Screen0" (0) > [ 4005.836] (**) | |-->Monitor "Monitor0" > [ 4005.836] (**) | |-->Device "Card0" > [ 4005.836] (**) |-->Screen "Screen1" (1) > [ 4005.836] (**) | |-->Monitor "Monitor1" > [ 4005.836] (**) | |-->Device "Card1" > [ 4005.836] (**) |-->Input Device "Mouse0" > [ 4005.836] (**) |-->Input Device "Keyboard0" > [ 4005.836] (=3D=3D) Automatically adding devices > [ 4005.836] (=3D=3D) Automatically enabling devices > [ 4005.836] (=3D=3D) Not automatically adding GPU devices > [ 4005.836] (**) FontPath set to: > /usr/local/share/fonts/misc/, > /usr/local/share/fonts/TTF/, > /usr/local/share/fonts/OTF/, > /usr/local/share/fonts/Type1/, > /usr/local/share/fonts/100dpi/, > /usr/local/share/fonts/75dpi/, > /usr/local/share/fonts/misc/, > /usr/local/share/fonts/TTF/, > /usr/local/share/fonts/OTF/, > /usr/local/share/fonts/Type1/, > /usr/local/share/fonts/100dpi/, > /usr/local/share/fonts/75dpi/ > [ 4005.836] (**) ModulePath set to "/usr/local/lib/xorg/modules" > [ 4005.836] (WW) Hotplugging is on, devices using drivers 'kbd', > 'mouse' or 'vmmouse' will be disabled. > [ 4005.836] (WW) Disabling Mouse0 > [ 4005.836] (WW) Disabling Keyboard0 > [ 4005.836] (II) [KMS] Kernel modesetting enabled. > [ 4005.836] (WW) Falling back to old probe method for vesa > [ 4005.836] Number of created screens does not match number of detect= ed > devices. > Configuration failed. > [ 4005.836] (EE) Server terminated with error (2). Closing log file. > =3D=3D=3D=3D > > I noticed in the previous log that it said > >>>> [ 1292.463] (--) Using syscons driver with X support (version 2.0)= > > which made me think I had something set up incorrectly, since it's usi= ng > vt, not syscons. Hi, I don't know about the other issues, but can confirm that my = Xorg.0.log also says syscons here while I'm using vt. That is normal. Regards, Ronald. > > >>> On Tue, 16 Jun 2015 18:55:10 +0200, Richard Kuhns = >>> wrote: >>> >>>> Greetings all, >>>> >>>> I've just received a new Dell Precision 7810. I've installed FreeBS= D >>>> 10.1 (UEFI boot), checked out sources, built world & kernel and am = now >>>> running r284449. So far, so good. >>>> >>>> The problem is Xorg. I'm running the latest Xorg in ports; I just d= id = >>>> a >>>> 'make install clean' in /usr/ports/x11/xorg with no errors. >>>> >>>> The display card is a FirePro W4100. lspci shows: >>>> >>>> 03:00.0 VGA compatible controller: Advanced Micro Devices, Inc. >>>> [AMD/ATI] Cape Verde GL [FirePro W4100] >>>> >>>> It has 4 DisplayPorts, and I have 2 monitors plugged in. If I run = >>>> 'Xorg >>>> -configure' it says >>>> >>>> Number of created screens does not match number of detected devices= . >>>> Configuration failed. >>>> >>>> Looking through /var/log/Xorg.0.log it appears that the X server is= >>>> trying to use the RADEON driver, but ends with: >>>> >>>> =3D=3D=3D=3D=3D >>>> [ 1292.463] (--) Using syscons driver with X support (version 2.0)= >>>> [ 1292.463] (--) using VT number 9 >>>> >>>> [ 1292.485] (II) [KMS] Kernel modesetting enabled. >>>> [ 1292.485] (WW) Falling back to old probe method for vesa >>>> [ 1292.485] (WW) VGA arbiter: cannot open kernel arbiter, no = >>>> multi-card >>>> support >>>> [ 1292.485] (=3D=3D) RADEON(0): Depth 24, (--) framebuffer bpp 32 >>>> [ 1292.485] (II) RADEON(0): Pixel depth =3D 24 bits stored in 4 by= tes = >>>> (32 >>>> bpp pixmaps) >>>> [ 1292.485] (=3D=3D) RADEON(0): Default visual is TrueColor >>>> [ 1292.485] (=3D=3D) RADEON(0): RGB weight 888 >>>> [ 1292.485] (II) RADEON(0): Using 8 bits per RGB (8 bit DAC) >>>> [ 1292.485] (--) RADEON(0): Chipset: "VERDE" (ChipID =3D 0x682c) >>>> [ 1292.579] (EE) RADEON(0): [drm] Failed to open DRM device for >>>> pci:0000:03:00.0: No such file or directory >>>> [ 1292.579] (EE) RADEON(0): Kernel modesetting setup failed >>>> [ 1292.579] (II) UnloadModule: "radeon" >>>> [ 1292.579] (EE) Screen(s) found, but none have a usable = >>>> configuration. >>>> [ 1292.579] (EE) >>>> Fatal server error: >>>> [ 1292.579] (EE) no screens found(EE) >>>> [ 1292.580] (EE) >>>> Please consult the The X.Org Foundation support >>>> at http://wiki.x.org >>>> for help. >>>> [ 1292.580] (EE) Please also check the log file at >>>> "/var/log/Xorg.0.log" for additional information. >>>> [ 1292.580] (EE) >>>> [ 1292.580] (EE) Server terminated with error (1). Closing log fil= e. >>>> =3D=3D=3D=3D >>>> >>>> Should I be able to use this video card? I've done some googling, a= nd >>>> apparently at least some Linux people are using it. >>>> >>>> It's not a huge deal if it doesn't work; I can install a Radeon HD = = >>>> 4670 >>>> that I know works. If I've mis-configured something, though, I'd li= ke = >>>> to >>>> fix it. >>>> >>>> Thanks for any comments! >>> _______________________________________________ >>> freebsd-stable@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-stable >>> To unsubscribe, send any mail to = >>> "freebsd-stable-unsubscribe@freebsd.org" >>> >> > From owner-freebsd-stable@FreeBSD.ORG Wed Jun 17 15:52:08 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id BDB25A14 for ; Wed, 17 Jun 2015 15:52:08 +0000 (UTC) (envelope-from mcdouga9@egr.msu.edu) Received: from mail.egr.msu.edu (boomhauer.egr.msu.edu [35.9.37.167]) by mx1.freebsd.org (Postfix) with ESMTP id 97ACDEC7 for ; Wed, 17 Jun 2015 15:52:08 +0000 (UTC) (envelope-from mcdouga9@egr.msu.edu) Received: from boomhauer (localhost [127.0.0.1]) by mail.egr.msu.edu (Postfix) with ESMTP id 2B14D4744A for ; Wed, 17 Jun 2015 11:43:36 -0400 (EDT) X-Virus-Scanned: amavisd-new at egr.msu.edu Received: from mail.egr.msu.edu ([127.0.0.1]) by boomhauer (boomhauer.egr.msu.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a8WD5WeuEh4Q for ; Wed, 17 Jun 2015 11:43:36 -0400 (EDT) Received: from EGR authenticated sender mcdouga9 Message-ID: <558195A7.3000006@egr.msu.edu> Date: Wed, 17 Jun 2015 11:43:35 -0400 From: Adam McDougall User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 MIME-Version: 1.0 To: freebsd-stable@freebsd.org Subject: Re: Getting going with a new Dell 7810 References: <558054EE.4070405@wintek.com> In-Reply-To: <558054EE.4070405@wintek.com> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Jun 2015 15:52:08 -0000 On 06/16/2015 12:55, Richard Kuhns wrote: > Greetings all, > > I've just received a new Dell Precision 7810. I've installed FreeBSD > 10.1 (UEFI boot), checked out sources, built world & kernel and am now > running r284449. So far, so good. > > The problem is Xorg. I'm running the latest Xorg in ports; I just did a > 'make install clean' in /usr/ports/x11/xorg with no errors. > > The display card is a FirePro W4100. lspci shows: > > 03:00.0 VGA compatible controller: Advanced Micro Devices, Inc. > [AMD/ATI] Cape Verde GL [FirePro W4100] > If it is brand new, it is probably not supported and probably won't be for a while. Please see https://wiki.freebsd.org/Graphics for a list of devices which does include your Radeon HD 4670. From owner-freebsd-stable@FreeBSD.ORG Wed Jun 17 16:36:50 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id EC2C18BB for ; Wed, 17 Jun 2015 16:36:50 +0000 (UTC) (envelope-from kob6558@gmail.com) Received: from mail-ob0-x22b.google.com (mail-ob0-x22b.google.com [IPv6:2607:f8b0:4003:c01::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B0B54BDF for ; Wed, 17 Jun 2015 16:36:50 +0000 (UTC) (envelope-from kob6558@gmail.com) Received: by obctg8 with SMTP id tg8so36845222obc.3 for ; Wed, 17 Jun 2015 09:36:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=RhEAlqwIzFMUp69s4ZFfKQAMlOxWAq39PoPBPSkv75Q=; b=t412G1ExfHv4Pnb3UPctN1V6TaYKY3CT/a7WDTWi1izC9H8vNkqDCy6bVI2JK6+52i UWKO/2098Bv3P60QL/sj8swzJuSgtkXD0vlIooIkXH3s5rvrXq2Z5C5QuVTh8uP8wa1E fbLnYr4r8zfeOWj6DE7YFHs9FP6X1ZuYkXEWyrBScp/qjIaoFc3pvi5CXnPEXevlMZLv WhztUygWTmWjR0C60gHFaYcQY7NVC9geudf2SjNlVtOuZyXas2DvEcxGukuKdEEhmYTE 0n44lUDOn1FRhfjYIrx+pt2QyCEI4r2+Tz5D2E83oNxITnqAlnj5oW2NmUdzGLZyLCOW PzKA== MIME-Version: 1.0 X-Received: by 10.202.241.67 with SMTP id p64mr4963591oih.87.1434559009925; Wed, 17 Jun 2015 09:36:49 -0700 (PDT) Sender: kob6558@gmail.com Received: by 10.202.221.69 with HTTP; Wed, 17 Jun 2015 09:36:49 -0700 (PDT) In-Reply-To: <558195A7.3000006@egr.msu.edu> References: <558054EE.4070405@wintek.com> <558195A7.3000006@egr.msu.edu> Date: Wed, 17 Jun 2015 09:36:49 -0700 X-Google-Sender-Auth: lp6wzZSU2ThoOdKjfb9Rlo-jZDk Message-ID: Subject: Re: Getting going with a new Dell 7810 From: Kevin Oberman To: Adam McDougall Cc: FreeBSD-STABLE Mailing List Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Jun 2015 16:36:51 -0000 You would be more likely to get good feedback on Xorg issues by sending them to x11@. X is not a part of stable or any base system. It i a group of ports and the issues with it are often very esoteric. This is just not the best place to find expertise on them. Kevin Oberman, Network Engineer, Retired E-mail: rkoberman@gmail.com On Wed, Jun 17, 2015 at 8:43 AM, Adam McDougall wrote: > On 06/16/2015 12:55, Richard Kuhns wrote: > > Greetings all, > > > > I've just received a new Dell Precision 7810. I've installed FreeBSD > > 10.1 (UEFI boot), checked out sources, built world & kernel and am now > > running r284449. So far, so good. > > > > The problem is Xorg. I'm running the latest Xorg in ports; I just did a > > 'make install clean' in /usr/ports/x11/xorg with no errors. > > > > The display card is a FirePro W4100. lspci shows: > > > > 03:00.0 VGA compatible controller: Advanced Micro Devices, Inc. > > [AMD/ATI] Cape Verde GL [FirePro W4100] > > > > If it is brand new, it is probably not supported and probably won't be > for a while. Please see https://wiki.freebsd.org/Graphics for a list of > devices which does include your Radeon HD 4670. > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" > From owner-freebsd-stable@FreeBSD.ORG Wed Jun 17 18:15:00 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 394E5544 for ; Wed, 17 Jun 2015 18:15:00 +0000 (UTC) (envelope-from jungleboogie0@gmail.com) Received: from mail-ig0-x22d.google.com (mail-ig0-x22d.google.com [IPv6:2607:f8b0:4001:c05::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 0708FB25 for ; Wed, 17 Jun 2015 18:15:00 +0000 (UTC) (envelope-from jungleboogie0@gmail.com) Received: by igbiq7 with SMTP id iq7so73613106igb.1 for ; Wed, 17 Jun 2015 11:14:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=EXfCHTXn8eGjZXmeUQmXRMTe/uKO0S8iod8d5e673wc=; b=c0QUdrEKbCm3IVFvOq04vCMUmji2Lyg+hEnyXSoZgoYptQBEeNWenBSjz8BPemdfS1 xzJU5dj//BeXKPJMYupqZPscIcr8BPdq1TPCgBa3HHVy+y2epzPNkWGrvoQLjh2FhE1+ HE70Zp2iNhljCXuXVfDTfrrO816VzJ9tj5YmMWCFFNz2gNduZWbiyhaEmluFl3M/YzCL jq80EO/fqphuAmJay2Dr0amM+csYT5EA4p8N6WG90htAMJ2bilD55WVrhkhjfOzf/SDn aBYVwHzzWuDq+fr0rkkdD8p9MeyeS3fqTRi9KTHbOld+6EeKx7kuIl8DlWVE99VYLUJy +l1g== MIME-Version: 1.0 X-Received: by 10.43.140.5 with SMTP id iy5mr1660688icc.77.1434564899273; Wed, 17 Jun 2015 11:14:59 -0700 (PDT) Received: by 10.79.111.18 with HTTP; Wed, 17 Jun 2015 11:14:59 -0700 (PDT) Date: Wed, 17 Jun 2015 11:14:59 -0700 Message-ID: Subject: building -stable after FreeBSD-SA-15:10.openssl From: jungle Boogie To: freebsd-stable Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Jun 2015 18:15:00 -0000 Hello All, Trying to upgrade from r283863 to 284520 after I applied this patch: https://www.freebsd.org/security/advisories/FreeBSD-SA-15:10.openssl.asc In the manner described: # fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-10.1.patch # cd /usr/src # patch < /path/to/patch I begin the build by doing: cd /usr/src svn update make -j `sysctl -n hw.ncpu` buildworld -DNO_CLEAN But then this happened: Removing stale symlinks. rm -f /usr/obj/usr/src/tmp/usr/include/des.h rm -f /usr/obj/usr/src/tmp/usr/lib/libdes.a rm -f /usr/obj/usr/src/tmp/usr/lib/libdes.so rm -f /usr/obj/usr/src/tmp/usr/lib/libdes.so.3 rm -f /usr/obj/usr/src/tmp/usr/lib/libdes_p.a ===> lib/libldns (obj,depend,all,install) sh /usr/src/tools/install.sh -C -o root -g wheel -m 444 libldns.a /usr/obj/usr/src/tmp/usr/lib/private sh /usr/src/tools/install.sh -s -o root -g wheel -m 444 libldns.so.5 /usr/obj/usr/src/tmp/usr/lib/private sh /usr/src/tools/install.sh -l s libldns.so.5 /usr/obj/usr/src/tmp/usr/lib/private/libldns.so ===> secure/lib/libssl (obj,depend,all,install) cc -fpic -DPIC -O2 -pipe -DTERMIOS -DANSI_SOURCE -I/usr/src/secure/lib/libssl/../../../crypto/openssl -I/usr/src/secure/lib/libssl/../../../crypto/openssl/crypto -I/usr/obj/usr/src/secure/lib/libssl -DOPENSSL_THREADS -DDSO_DLFCN -DH$ /usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:3371:9: error: redefinition of 'al' int al = SSL_AD_HANDSHAKE_FAILURE; ^ /usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:3276:9: note: previous definition is here int al = SSL_AD_HANDSHAKE_FAILURE; ^ 1 error generated. *** [s3_clnt.So] Error code 1 make[4]: stopped in /usr/src/secure/lib/libssl 1 error make[4]: stopped in /usr/src/secure/lib/libssl A failure has been detected in another branch of the parallel make make[3]: stopped in /usr/src *** [libraries] Error code 2 make[2]: stopped in /usr/src 1 error make[2]: stopped in /usr/src *** [_libraries] Error code 2 make[1]: stopped in /usr/src 1 error make[1]: stopped in /usr/src *** [buildworld] Error code 2 make: stopped in /usr/src 1 error make: stopped in /usr/src My patch happened to be in /usr/src when I applied it. Is this what caused the issue? Is there a way to revert the patch? Thanks & Best, jungle -- ------- inum: 883510009027723 sip: jungleboogie@sip2sip.info xmpp: jungle-boogie@jit.si From owner-freebsd-stable@FreeBSD.ORG Wed Jun 17 18:23:27 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 871078C8 for ; Wed, 17 Jun 2015 18:23:27 +0000 (UTC) (envelope-from kpaasial@gmail.com) Received: from mail-la0-x22a.google.com (mail-la0-x22a.google.com [IPv6:2a00:1450:4010:c03::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 0E401DB6 for ; Wed, 17 Jun 2015 18:23:27 +0000 (UTC) (envelope-from kpaasial@gmail.com) Received: by laka10 with SMTP id a10so39049823lak.0 for ; Wed, 17 Jun 2015 11:23:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=ATamTNydjrPlLPcgVd7NlR5onAUxqHuK1BTT/2WXdUQ=; b=wVE3KgH2bBIqPTboLTaNZiNyrWaREbzpgIdyfeLnF/CU6aaNlffeQ8+kY026hpr9LT JgGCTS/fNVYRSY3wN0o7K/76tDTgCK1XDLuQGs25YYdjxUXYteDKd4t9SoT+aOxiRmFM WiMsaS1/ZYiDHBuhfakvF92z0UFsnLaCfEBBHtJCIIZc1Cr1/AsboUlhlrUNJh/sgSyu 9kmP69cvnmZfm+w8QTdDfIW6BRc8q4cNSO3YStK+y03eQ+5Y08Dz+BXpGmVafuA+EdOX Kgym52t+nDjZKaokgfivWPjA1VXCu39hdQ4lBM7+lwvJetJsTf5i4lUgTIqqSY6/Wd6X mn0Q== MIME-Version: 1.0 X-Received: by 10.152.2.38 with SMTP id 6mr9348641lar.80.1434565405149; Wed, 17 Jun 2015 11:23:25 -0700 (PDT) Received: by 10.152.219.35 with HTTP; Wed, 17 Jun 2015 11:23:25 -0700 (PDT) In-Reply-To: References: Date: Wed, 17 Jun 2015 21:23:25 +0300 Message-ID: Subject: Re: building -stable after FreeBSD-SA-15:10.openssl From: Kimmo Paasiala To: jungle Boogie Cc: freebsd-stable Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Jun 2015 18:23:27 -0000 On Wed, Jun 17, 2015 at 9:14 PM, jungle Boogie wrote: > Hello All, > > Trying to upgrade from r283863 to 284520 after I applied this patch: > https://www.freebsd.org/security/advisories/FreeBSD-SA-15:10.openssl.asc > > In the manner described: > > # fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-10.1.patch > # cd /usr/src > # patch < /path/to/patch > > > I begin the build by doing: > cd /usr/src > svn update > make -j `sysctl -n hw.ncpu` buildworld -DNO_CLEAN > > But then this happened: > > Removing stale symlinks. > rm -f /usr/obj/usr/src/tmp/usr/include/des.h > rm -f /usr/obj/usr/src/tmp/usr/lib/libdes.a > rm -f /usr/obj/usr/src/tmp/usr/lib/libdes.so > rm -f /usr/obj/usr/src/tmp/usr/lib/libdes.so.3 > rm -f /usr/obj/usr/src/tmp/usr/lib/libdes_p.a > ===> lib/libldns (obj,depend,all,install) > sh /usr/src/tools/install.sh -C -o root -g wheel -m 444 libldns.a > /usr/obj/usr/src/tmp/usr/lib/private > sh /usr/src/tools/install.sh -s -o root -g wheel -m 444 > libldns.so.5 /usr/obj/usr/src/tmp/usr/lib/private > sh /usr/src/tools/install.sh -l s libldns.so.5 > /usr/obj/usr/src/tmp/usr/lib/private/libldns.so > ===> secure/lib/libssl (obj,depend,all,install) > cc -fpic -DPIC -O2 -pipe -DTERMIOS -DANSI_SOURCE > -I/usr/src/secure/lib/libssl/../../../crypto/openssl > -I/usr/src/secure/lib/libssl/../../../crypto/openssl/crypto > -I/usr/obj/usr/src/secure/lib/libssl -DOPENSSL_THREADS -DDSO_DLFCN > -DH$ > /usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:3371:9: > error: redefinition of 'al' > int al = SSL_AD_HANDSHAKE_FAILURE; > ^ > /usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:3276:9: > note: previous definition is here > int al = SSL_AD_HANDSHAKE_FAILURE; > ^ > 1 error generated. > *** [s3_clnt.So] Error code 1 > > make[4]: stopped in /usr/src/secure/lib/libssl > 1 error > > make[4]: stopped in /usr/src/secure/lib/libssl > A failure has been detected in another branch of the parallel make > > make[3]: stopped in /usr/src > *** [libraries] Error code 2 > > make[2]: stopped in /usr/src > 1 error > > make[2]: stopped in /usr/src > *** [_libraries] Error code 2 > > make[1]: stopped in /usr/src > 1 error > > make[1]: stopped in /usr/src > *** [buildworld] Error code 2 > > make: stopped in /usr/src > 1 error > > make: stopped in /usr/src > > > > My patch happened to be in /usr/src when I applied it. Is this what > caused the issue? > > Is there a way to revert the patch? > > > Thanks & Best, > jungle > > -- > ------- > inum: 883510009027723 > sip: jungleboogie@sip2sip.info > xmpp: jungle-boogie@jit.si Don't use the patch at all if you're following stable/10, the necessary security fixes are already included in updates you pull in from SVN. You can revert all local changes with 'svnlite revert -R .' in /usr/src, might take a while for it to finish though. -Kimmo From owner-freebsd-stable@FreeBSD.ORG Wed Jun 17 18:36:24 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id CD879C9E for ; Wed, 17 Jun 2015 18:36:24 +0000 (UTC) (envelope-from jungleboogie0@gmail.com) Received: from mail-ie0-x236.google.com (mail-ie0-x236.google.com [IPv6:2607:f8b0:4001:c03::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9853DED for ; Wed, 17 Jun 2015 18:36:24 +0000 (UTC) (envelope-from jungleboogie0@gmail.com) Received: by iebmu5 with SMTP id mu5so39805538ieb.1 for ; Wed, 17 Jun 2015 11:36:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=VjtzKrd579obc33nkMPWDtb/mKqcTQDwQO/o/2swpa4=; b=z0lks3Qmc4ZHVjrWEee8pisyitbgf1giDq9ex8sBX+n3IKfnPLrdoxcLbg/NFZ2Jla cl5O6tKEvoQWpfiC6rNYvdFLQ8wcvH4cMryqcX4oSw40qEc7GVzGAi3Kc1U9tOBF4DNm Sqf/ckNunwAGpcvy8NjAcNUUL+RU06xRyTYQnBgep5ippaV60UfebhvNZUOEBmsk0TTR cgXl8w5JHf13NW5GuBKCGpvYLDb5/VvHzgb3F4TXDfJXOVx6e1yfSbqpjr/iARRnoyH7 AR6GU6GsRm9YjO54GvuhWmUvAoKlqOxsdGzThL2tB1ixWNYwtr8Y5a45ugJU7iUxQs5f XAwg== MIME-Version: 1.0 X-Received: by 10.50.178.230 with SMTP id db6mr13008961igc.26.1434566183967; Wed, 17 Jun 2015 11:36:23 -0700 (PDT) Received: by 10.79.111.18 with HTTP; Wed, 17 Jun 2015 11:36:23 -0700 (PDT) In-Reply-To: References: Date: Wed, 17 Jun 2015 11:36:23 -0700 Message-ID: Subject: Re: building -stable after FreeBSD-SA-15:10.openssl From: jungle Boogie To: Kimmo Paasiala Cc: freebsd-stable Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Jun 2015 18:36:24 -0000 On 17 June 2015 at 11:23, Kimmo Paasiala wrote: > Don't use the patch at all if you're following stable/10, the > necessary security fixes are already included in updates you pull in > from SVN. Oh, so in the future, just svn up and rebuild? Thanks for the tip on reverting, I'll try that out. -- ------- inum: 883510009027723 sip: jungleboogie@sip2sip.info xmpp: jungle-boogie@jit.si From owner-freebsd-stable@FreeBSD.ORG Wed Jun 17 18:41:05 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 59379EA7 for ; Wed, 17 Jun 2015 18:41:05 +0000 (UTC) (envelope-from kpaasial@gmail.com) Received: from mail-la0-x22a.google.com (mail-la0-x22a.google.com [IPv6:2a00:1450:4010:c03::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D31951EF for ; Wed, 17 Jun 2015 18:41:04 +0000 (UTC) (envelope-from kpaasial@gmail.com) Received: by lacny3 with SMTP id ny3so39298021lac.3 for ; Wed, 17 Jun 2015 11:41:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=PUmmDgf0pKS05Nc/65PNae/rBvO4vGzdNJCxfNKJoDk=; b=Vd+Mc5Nsn7+heuzJ7VJ2SbPxJ+DcTtQUln3rZH8CmbecGgdOBIio4LSPmZdrTD3Mm8 tzLCCU2/RRn8vmDUutyvN/PM3BudVv1zwPP5WRybTyveq8E1cmXjRN1pVbioGRPoRXuL k7vPi/s78L6jlUunREIvxycXd/gwcqb0wA296KZ1sHoSV8RV2w/4AmnT3kVs1IRnkv7b nMnv/DKAGGSZgJ3kdONEoTocgiI7SPmVKw82EM2Jv/VP1Q+s/UkHKwxCW61iE1/uVp1S Qymo69jwpd6n4WJ7eVqMN4tyeYfa1pp3qQKHTBXYjod0hRTZpphQ/rL8b3Xg3Z6F9aqK U73Q== MIME-Version: 1.0 X-Received: by 10.112.126.42 with SMTP id mv10mr9533008lbb.58.1434566463020; Wed, 17 Jun 2015 11:41:03 -0700 (PDT) Received: by 10.152.219.35 with HTTP; Wed, 17 Jun 2015 11:41:02 -0700 (PDT) In-Reply-To: References: Date: Wed, 17 Jun 2015 21:41:02 +0300 Message-ID: Subject: Re: building -stable after FreeBSD-SA-15:10.openssl From: Kimmo Paasiala To: jungle Boogie Cc: freebsd-stable Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Jun 2015 18:41:05 -0000 On Wed, Jun 17, 2015 at 9:36 PM, jungle Boogie wrote: > On 17 June 2015 at 11:23, Kimmo Paasiala wrote: >> Don't use the patch at all if you're following stable/10, the >> necessary security fixes are already included in updates you pull in >> from SVN. > > > Oh, so in the future, just svn up and rebuild? > Exactly. -Kimmo From owner-freebsd-stable@FreeBSD.ORG Wed Jun 17 19:39:58 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id EB9B1A87 for ; Wed, 17 Jun 2015 19:39:58 +0000 (UTC) (envelope-from rjk@wintek.com) Received: from local.wintek.com (local.wintek.com [72.12.201.234]) by mx1.freebsd.org (Postfix) with ESMTP id BF42D5E0 for ; Wed, 17 Jun 2015 19:39:58 +0000 (UTC) (envelope-from rjk@wintek.com) Received: from rjk.wintek.local (172.28.1.248) by local.wintek.com (172.28.1.234) with Microsoft SMTP Server id 8.3.389.2; Wed, 17 Jun 2015 15:40:43 -0400 Message-ID: <5581CD07.9000101@wintek.com> Date: Wed, 17 Jun 2015 15:39:51 -0400 From: Richard Kuhns User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:36.0) Gecko/20100101 Firefox/36.0 SeaMonkey/2.33.1 MIME-Version: 1.0 To: Adam McDougall , "freebsd-stable@freebsd.org" Subject: Re: Getting going with a new Dell 7810 References: <558054EE.4070405@wintek.com> <558195A7.3000006@egr.msu.edu> In-Reply-To: <558195A7.3000006@egr.msu.edu> Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Jun 2015 19:39:59 -0000 On 06/17/15 11:43, Adam McDougall wrote: > On 06/16/2015 12:55, Richard Kuhns wrote: >> Greetings all, >> >> I've just received a new Dell Precision 7810. I've installed FreeBSD >> 10.1 (UEFI boot), checked out sources, built world & kernel and am now >> running r284449. So far, so good. >> >> The problem is Xorg. I'm running the latest Xorg in ports; I just did a >> 'make install clean' in /usr/ports/x11/xorg with no errors. >> >> The display card is a FirePro W4100. lspci shows: >> >> 03:00.0 VGA compatible controller: Advanced Micro Devices, Inc. >> [AMD/ATI] Cape Verde GL [FirePro W4100] >> > > If it is brand new, it is probably not supported and probably won't be > for a while. Please see https://wiki.freebsd.org/Graphics for a list of > devices which does include your Radeon HD 4670. That's what I was afraid of. I was hoping that the message that it was using syscons when my machine was using vt had something to do with it, but based on a couple of other messages that isn't the case. Thanks! -- Richard Kuhns Main Number: 765-742-8428 Wintek Corporation Direct: 765-269-8541 427 N 6th Street Internet Support: 765-269-8503 Lafayette, IN 47901-2211 Consulting: 765-269-8504 From owner-freebsd-stable@FreeBSD.ORG Thu Jun 18 04:11:32 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 2AFB8624; Thu, 18 Jun 2015 04:11:32 +0000 (UTC) (envelope-from FreeBSD@shaneware.biz) Received: from ipmail06.adl2.internode.on.net (ipmail06.adl2.internode.on.net [150.101.137.129]) by mx1.freebsd.org (Postfix) with ESMTP id 8991819E; Thu, 18 Jun 2015 04:11:30 +0000 (UTC) (envelope-from FreeBSD@shaneware.biz) Received: from ppp118-210-151-206.lns20.adl6.internode.on.net (HELO leader.local) ([118.210.151.206]) by ipmail06.adl2.internode.on.net with ESMTP; 18 Jun 2015 13:41:23 +0930 Message-ID: <558244E6.3080102@ShaneWare.Biz> Date: Thu, 18 Jun 2015 13:41:18 +0930 From: Shane Ambler User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 MIME-Version: 1.0 To: Hans Petter Selasky , Shane Ambler , Andriy Gapon , freebsd-stable@FreeBSD.org Subject: Re: Help debugging stable/10 References: <5488F58D.7060708@ShaneWare.Biz> <201412161129.57704.jhb@freebsd.org> <549BC924.3050402@ShaneWare.Biz> <549BD90B.2050000@selasky.org> <549C042D.3090108@FreeBSD.org> <55103050.6030904@ShaneWare.Biz> <5581209E.1070905@ShaneWare.Biz> <55812736.5070504@selasky.org> In-Reply-To: <55812736.5070504@selasky.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Jun 2015 04:11:32 -0000 On 17/06/2015 17:22, Hans Petter Selasky wrote: > On 06/17/15 09:24, Shane Ambler wrote: >> On 24/03/2015 01:55, Shane Ambler wrote: >>> On 25/12/2014 23:03, Andriy Gapon wrote: >>>> On 25/12/2014 11:29, Hans Petter Selasky wrote: >>>>> The cam_sim_free() is stuck, blocking the rest of that controller from >>>>> enumerating. It might look like a non-USB stack issue. >>>>> >>>>> MAV: Do you have some ideas where to start looking, now we have a >>>>> dump? Any >>>>> refcounts to check in particular? >>>> >>>> Apparently sim->refcount > 0. >>>> Not sure how to check who has the reference(s). >>>> >> >> Can anyone think of something I can try? >> >> To recap to save you going back through history - >> After running 9.0 - 9.2 for 3 years I upgraded to 10.1RC3 and started >> getting a locking issue, most new processes fail to start, top and ps >> failing being indicators, the most info I have got is a back trace >> using kgdb, there are 4 instances I got output from procstat -kk -a >> >> On several occasions I have found that after inserting a usb memstick >> the device failed to be created, leaving me unable to mount the >> filesystem without a restart. >> >> I then switched to stable/10 in hopes of a fix finding it's way in. >> >> The back traces I have been able to collect (and a dmesg) are listed at >> http://shaneware.biz/freebsddebugdata/ >> >> This is my everyday desktop machine. I am now running >> >> FreeBSD leader.local 10.1-STABLE FreeBSD 10.1-STABLE #11 r283839: Thu >> Jun 4 17:41:28 ACST 2015 root@leader.local:/usr/obj/usr/src/sys >> /GENERIC amd64 >> >> I can only say it appears to be getting worse, though I may just be >> getting sick of having to restart nearly every day. Lately it seems that >> the less I do the quicker it locks up. I have restarted twice this week >> and then let it sit while I have gone out, after returning I get maybe >> 10-15 mins then have to restart, one of them was less than an hour >> uptime. >> >> While running poudriere I have got past 1 day uptime but it locks up >> harder and I don't usually get a chance to record any data. >> >> > > Hi, > > One solution is to use fuse instead of the native fs, until the CAM/SCSI > refcount issues are resolved. > > --HPS If you refer to the usb stick, it locks up without inserting one. I'll try with the extra fs kmods unloaded and see how it goes. -- FreeBSD - the place to B...Software Developing Shane Ambler From owner-freebsd-stable@FreeBSD.ORG Thu Jun 18 08:35:24 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id D79C0F3C; Thu, 18 Jun 2015 08:35:24 +0000 (UTC) (envelope-from timp87@gmail.com) Received: from mail-wi0-f182.google.com (mail-wi0-f182.google.com [209.85.212.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 7CB34991; Thu, 18 Jun 2015 08:35:24 +0000 (UTC) (envelope-from timp87@gmail.com) Received: by wiga1 with SMTP id a1so163558347wig.0; Thu, 18 Jun 2015 01:34:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=msu/2wVuIa9V33A+ZMpm+aiVCPtu/7h8J8E1HhDPlTw=; b=I1UdrZyvke5g8Dtzrv+//jh+xmrD4SgkYudffLlRISlrqZpbti5G2oy+239KbnLcJ0 Hb6karYIfDKFeiOPgyrfMK5Y8R1J7Mc3hR6AHcgUqwp+tf3vCCgD9jgc3PieF+AlX53V 0IKVZZUoP4Sv/mNjlM3RpLlbFPRT/wV4t9czy/IkSQdBvJihWM43MgeSTtJhXWjyvTkq APNQx0LZfT3i3wOlH5bzglaPZl1QXhvsm+szfsQ8e2WkJ0o05YebrLh5uHWbi+DWxfTH lshDFNj65DqhxArIJeUAimPYuEKeDNOu4x4QtOa6Y344BRmjcJEr4DU5ru07qo+0CDVq huyA== MIME-Version: 1.0 X-Received: by 10.194.7.97 with SMTP id i1mr13902974wja.107.1434616476334; Thu, 18 Jun 2015 01:34:36 -0700 (PDT) Received: by 10.28.48.147 with HTTP; Thu, 18 Jun 2015 01:34:36 -0700 (PDT) Date: Thu, 18 Jun 2015 11:34:36 +0300 Message-ID: Subject: Last openssl update brakes localhost email sending From: Pavel Timofeev To: freebsd-stable stable , Gregory Shapiro Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Jun 2015 08:35:24 -0000 Good day to everybody! ;) My FreeBSD 10.1-RELEASE-p13 amd64 can't send email to localhost anymore! I know that openssl has been updated, and it raises the bar of bit size of dh parameters. I know, there is an update for sendmail to catch up it. But. it didn't help. Here is one of my servers. I did not touch anything in /etc/mail after installation of my system. And of course I didn't create a dh parameters in /etc/mail/certs dir. root@pyxis-v:~ # freebsd-version 10.1-RELEASE-p13 root@pyxis-v:~ # echo test | mail -s 'aa' ptimofeev@ocs.ru root@pyxis-v:~ # tail -f /var/log/maillog Jun 18 11:19:00 pyxis-v sendmail[1122]: t5I8J0F1001122: from=timp, size=39, class=0, nrcpts=1, msgid=<201506180819.t5I8J0F1001122@pyxis-v.ocs.ru>, relay=root@localhost Jun 18 11:19:00 pyxis-v sendmail[1122]: STARTTLS=client, error: connect failed=-1, reason=dh key too small, SSL_error=1, errno=0, retry=-1 Jun 18 11:19:00 pyxis-v sm-mta[1123]: STARTTLS=server, error: accept failed=0, reason=sslv3 alert handshake failure, SSL_error=1, errno=0, retry=-1, relay=localhost [127.0.0.1] Jun 18 11:19:00 pyxis-v sendmail[1122]: ruleset=tls_server, arg1=SOFTWARE, relay=[127.0.0.1], reject=403 4.7.0 TLS handshake. Jun 18 11:19:00 pyxis-v sendmail[1122]: t5I8J0F1001122: to=ptimofeev@ocs.ru, ctladdr=timp (1001/1001), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30039, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: 403 4.7.0 TLS handshake. Jun 18 11:19:00 pyxis-v sm-mta[1123]: t5I8J0p5001123: localhost [127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN during connection to Daemon0 Why it complains about too small dh key?! I don't have them. No changes in /etc/mail since installation. What's going on? So looks like everybody who updated their systems to p-1(2|3) has to do some stuff (openssl dhparam -out dh.param 2048). IMO, it's really, really bad. Am I wrong, misunderstanding or doing something wrong? From owner-freebsd-stable@FreeBSD.ORG Thu Jun 18 09:00:56 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 8A53E7DD; Thu, 18 Jun 2015 09:00:56 +0000 (UTC) (envelope-from timp87@gmail.com) Received: from mail-wi0-f174.google.com (mail-wi0-f174.google.com [209.85.212.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 2BBDBEB7; Thu, 18 Jun 2015 09:00:55 +0000 (UTC) (envelope-from timp87@gmail.com) Received: by wibdq8 with SMTP id dq8so79895933wib.1; Thu, 18 Jun 2015 02:00:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=36N1aHxOz8+HnvFqgvaalQiMgJBUmUno0keAEXpjowI=; b=ypW3FQD9Mmp1ZvyzhcWEGPdBaRudmQmnGEdIsdwMIrDVnwAk/rEdvgWqsnkDiKEMcE 0sGEJWRNPCUqK4yjYZNlm6z/8MmPe37xHy5QnjMSpT569ytp3gVOD8VZ49G/ocmk6VkE wsSHz8xlDiCB+gLWh0jzzIXbUgLtltUeOCCH8f+UqpdmHSUGi6QRvDnZYuzICNlp6C0c o+ipK612RIc0/p6nWu+Ds3ci7mjNviRnXWXMUnT+UnFxjL90OVHMnLfMoD++nDcXaMFq Fa9qXjHGUhHgGeX8SUEi+6WnNlY77+YWxgHC5o6nTmKy8MUqZXTB1tCGhD6hXZOwo++v iBwQ== MIME-Version: 1.0 X-Received: by 10.180.85.8 with SMTP id d8mr42830690wiz.11.1434618009131; Thu, 18 Jun 2015 02:00:09 -0700 (PDT) Received: by 10.28.48.147 with HTTP; Thu, 18 Jun 2015 02:00:09 -0700 (PDT) In-Reply-To: References: Date: Thu, 18 Jun 2015 12:00:09 +0300 Message-ID: Subject: Re: Last openssl update brakes localhost email sending From: Pavel Timofeev To: freebsd-stable stable , Gregory Shapiro Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Jun 2015 09:00:56 -0000 Here is kind of proof that nothing is changed in mail dir since installation. root@pyxis-v:~ # ll /etc/mail total 384 -rw-r--r-- 1 root wheel 6814 Oct 7 2014 Makefile -rw-r--r-- 1 root wheel 2900 Oct 7 2014 README -rw-r--r-- 1 root wheel 632 Oct 7 2014 access.sample -rw-r--r-- 1 root wheel 1691 Oct 7 2014 aliases -rw-r----- 1 root wheel 131072 Aug 6 2014 aliases.db drwxr-xr-x 2 root wheel 512 Aug 6 2014 certs/ -rw-r--r-- 1 root wheel 58400 Oct 7 2014 freebsd.cf -rw-r--r-- 1 root wheel 4537 Oct 7 2014 freebsd.mc -r--r--r-- 1 root wheel 40741 Oct 7 2014 freebsd.submit.cf -r--r--r-- 1 root wheel 898 Oct 7 2014 freebsd.submit.mc -r--r--r-- 1 root wheel 5659 Sep 15 2014 helpfile -rw-r--r-- 1 root wheel 405 Oct 7 2014 mailer.conf -rw-r--r-- 1 root wheel 248 Oct 7 2014 mailertable.sample -rw-r--r-- 1 root wheel 58400 Oct 7 2014 sendmail.cf -r--r--r-- 1 root wheel 40741 Oct 7 2014 submit.cf -rw-r--r-- 1 root wheel 574 Oct 7 2014 virtusertable.sample root@pyxis-v:~ # ll /etc/mail/certs/ total 12 lrwxr-xr-x 1 root wheel 10 Aug 6 2014 6ba511ab.0@ -> cacert.pem -rw-r--r-- 1 root wheel 1285 Aug 6 2014 cacert.pem -rw-r--r-- 1 root wheel 1334 Aug 6 2014 host.cert -rw------- 1 root wheel 1704 Aug 6 2014 host.key 2015-06-18 11:34 GMT+03:00 Pavel Timofeev : > Good day to everybody! ;) > My FreeBSD 10.1-RELEASE-p13 amd64 can't send email to localhost anymore! > > I know that openssl has been updated, and it raises the bar of bit > size of dh parameters. > I know, there is an update for sendmail to catch up it. But. it didn't help. > > Here is one of my servers. > I did not touch anything in /etc/mail after installation of my system. > And of course I didn't create a dh parameters in /etc/mail/certs dir. > > root@pyxis-v:~ # freebsd-version > 10.1-RELEASE-p13 > > root@pyxis-v:~ # echo test | mail -s 'aa' ptimofeev@ocs.ru > > root@pyxis-v:~ # tail -f /var/log/maillog > Jun 18 11:19:00 pyxis-v sendmail[1122]: t5I8J0F1001122: from=timp, > size=39, class=0, nrcpts=1, > msgid=<201506180819.t5I8J0F1001122@pyxis-v.ocs.ru>, > relay=root@localhost > Jun 18 11:19:00 pyxis-v sendmail[1122]: STARTTLS=client, error: > connect failed=-1, reason=dh key too small, SSL_error=1, errno=0, > retry=-1 > Jun 18 11:19:00 pyxis-v sm-mta[1123]: STARTTLS=server, error: accept > failed=0, reason=sslv3 alert handshake failure, SSL_error=1, errno=0, > retry=-1, relay=localhost [127.0.0.1] > Jun 18 11:19:00 pyxis-v sendmail[1122]: ruleset=tls_server, > arg1=SOFTWARE, relay=[127.0.0.1], reject=403 4.7.0 TLS handshake. > Jun 18 11:19:00 pyxis-v sendmail[1122]: t5I8J0F1001122: > to=ptimofeev@ocs.ru, ctladdr=timp (1001/1001), delay=00:00:00, > xdelay=00:00:00, mailer=relay, pri=30039, relay=[127.0.0.1] > [127.0.0.1], dsn=4.0.0, stat=Deferred: 403 4.7.0 TLS handshake. > Jun 18 11:19:00 pyxis-v sm-mta[1123]: t5I8J0p5001123: localhost > [127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN during connection to > Daemon0 > > > Why it complains about too small dh key?! I don't have them. No > changes in /etc/mail since installation. What's going on? > > So looks like everybody who updated their systems to p-1(2|3) has to > do some stuff (openssl dhparam -out dh.param 2048). > IMO, it's really, really bad. > Am I wrong, misunderstanding or doing something wrong? From owner-freebsd-stable@FreeBSD.ORG Thu Jun 18 11:29:37 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C5D8C551; Thu, 18 Jun 2015 11:29:37 +0000 (UTC) (envelope-from list-freebsd-announce@jyborn.se) Received: from mailgate.leissner.se (mailgate.leissner.se [212.3.1.210]) by mx1.freebsd.org (Postfix) with ESMTP id 5C4ED8AD; Thu, 18 Jun 2015 11:29:36 +0000 (UTC) (envelope-from list-freebsd-announce@jyborn.se) Received: from mailgate.leissner.se (localhost [127.0.0.1]) by mailgate.leissner.se (8.15.1/8.15.1) with ESMTP id t5IBLYbZ090502; Thu, 18 Jun 2015 13:21:34 +0200 (CEST) (envelope-from list-freebsd-announce@jyborn.se) Received: (from uucp@localhost) by mailgate.leissner.se (8.15.1/8.15.1/Submit) id t5IBLYBB090498; Thu, 18 Jun 2015 13:21:34 +0200 (CEST) (envelope-from list-freebsd-announce@jyborn.se) Received: from pol.leissner.se(192.71.29.17), claiming to be "pol-server.leissner.se" via SMTP by mailgate.leissner.se, id smtpdISIGF9; Thu Jun 18 13:21:32 2015 Received: from localhost (pol-server.leissner.se [local]); by pol-server.leissner.se (OpenSMTPD) with ESMTPA id 924c665b; Thu, 18 Jun 2015 13:21:32 +0200 (CEST) Date: Thu, 18 Jun 2015 13:21:32 +0200 From: Peter Olsson To: freebsd-stable@freebsd.org Cc: FreeBSD Errata Notices Subject: Re: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-15:08.sendmail Message-ID: <20150618112132.GD7234@pol-server.leissner.se> References: <201506180553.t5I5rKlO059969@freefall.freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <201506180553.t5I5rKlO059969@freefall.freebsd.org> User-Agent: Mutt/1.5.23 (2014-03-12) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Jun 2015 11:29:37 -0000 On Thu, Jun 18, 2015 at 05:53:20AM +0000, FreeBSD Errata Notices wrote: > Corrected: 2015-06-17 02:39:10 UTC (stable/10, 10.1-STABLE) > 2015-06-18 05:36:45 UTC (releng/10.1, 10.1-RELEASE-p13) > > V. Solution ... > # freebsd-update fetch > # freebsd-update install This does not seem to solve the problem. I upgraded two of my 10.1-RELEASE-pX servers to 10.1-RELEASE-p12 a couple of days ago, after which all outgoing mail, both for local destinations and for destinations outside the servers, end up stuck in /var/spool/clientmqueue with this in maillog: sendmail[1045]: t5IBAMAB001045: from=pol, size=23, class=0, nrcpts=1, msgid=<201506181110.t5IBAMAB001045@xxx>, relay=root@localhost sendmail[1045]: STARTTLS=client, error: connect failed=-1, reason=dh key too small, SSL_error=1, errno=0, retry=-1 sm-mta[1046]: STARTTLS=server, error: accept failed=0, reason=sslv3 alert handshake failure, SSL_error=1, errno=0, retry=-1, relay=localhost [127.0.0.1] sendmail[1045]: ruleset=tls_server, arg1=SOFTWARE, relay=[127.0.0.1], reject=403 4.7.0 TLS handshake. sm-mta[1046]: t5IBAMPQ001046: localhost [127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN during connection to Daemon0 sendmail[1045]: t5IBAMAB001045: to=www, ctladdr=pol (xxx/xxx), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30023, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: 403 4.7.0 TLS handshake. And I still have the same problem after upgrading to 10.1-RELEASE-p13 and rebooting. Both servers use base sendmail, and I have done nothing (except adding aliases) with the sendmail configuration in them. Not even created `hostname` mc/cf files, so they are using the default cf files. -- Peter Olsson From owner-freebsd-stable@FreeBSD.ORG Thu Jun 18 12:54:53 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 7FAA61EE; Thu, 18 Jun 2015 12:54:53 +0000 (UTC) (envelope-from royce.williams@gmail.com) Received: from mail-ob0-x234.google.com (mail-ob0-x234.google.com [IPv6:2607:f8b0:4003:c01::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 19DDA2DD; Thu, 18 Jun 2015 12:54:53 +0000 (UTC) (envelope-from royce.williams@gmail.com) Received: by obbgp2 with SMTP id gp2so53332841obb.2; Thu, 18 Jun 2015 05:54:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=4BNP3eCcBH3JZRkJ6jDU591xMym0QuQHISsV2N3ajWg=; b=ySxMRzkLD9Pidu/siBAQRfwzRAb3UMiPiKCR0xIIsrD3mDGScahE7cCuR8apop7BDc rTs/Sx1bwJHUmugm4e10xxRLhD8OlCEedgtHANySmci9W9c6HiXirIxwscpdlQF7VpI/ ozselsQ7xG3w49EjDZwBdE7Qk9Hz7679GdtsiT0GvlqIPEfuveqiH/PbEZcAI9dqogVi 3OLO2ZEB6KvXs7MUo3EmPLdxqM5LM4+fXDjB/JBHqID2yhjKDNW4XUYHkrF9PCq3vm5U b9pCXbtZoCh0/EVbdWejnoa4bHn//okNTlwUfW5UGysJ82vjVlFo+H0zD1P4uP0OE+Up ec2w== X-Received: by 10.202.207.206 with SMTP id f197mr2741346oig.28.1434632092355; Thu, 18 Jun 2015 05:54:52 -0700 (PDT) MIME-Version: 1.0 Sender: royce.williams@gmail.com Received: by 10.202.132.78 with HTTP; Thu, 18 Jun 2015 05:54:31 -0700 (PDT) In-Reply-To: <20150618112132.GD7234@pol-server.leissner.se> References: <201506180553.t5I5rKlO059969@freefall.freebsd.org> <20150618112132.GD7234@pol-server.leissner.se> From: Royce Williams Date: Thu, 18 Jun 2015 04:54:31 -0800 X-Google-Sender-Auth: uMsgD8jE7IZ85SBmd1oplQwlhxE Message-ID: Subject: Re: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-15:08.sendmail To: Peter Olsson Cc: freebsd-stable , FreeBSD Errata Notices Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Jun 2015 12:54:53 -0000 On Thu, Jun 18, 2015 at 3:21 AM, Peter Olsson < list-freebsd-announce@jyborn.se> wrote: > On Thu, Jun 18, 2015 at 05:53:20AM +0000, FreeBSD Errata Notices wrote: > > Corrected: 2015-06-17 02:39:10 UTC (stable/10, 10.1-STABLE) > > 2015-06-18 05:36:45 UTC (releng/10.1, 10.1-RELEASE-p13) > > > > V. Solution > ... > > # freebsd-update fetch > > # freebsd-update install > > This does not seem to solve the problem. > > I upgraded two of my 10.1-RELEASE-pX servers to > 10.1-RELEASE-p12 a couple of days ago, after which all > outgoing mail, both for local destinations and for > destinations outside the servers, end up stuck in > /var/spool/clientmqueue with this in maillog: > > sendmail[1045]: t5IBAMAB001045: from=pol, size=23, class=0, nrcpts=1, > msgid=<201506181110.t5IBAMAB001045@xxx>, relay=root@localhost > sendmail[1045]: STARTTLS=client, error: connect failed=-1, reason=dh key > too small, SSL_error=1, errno=0, retry=-1 > sm-mta[1046]: STARTTLS=server, error: accept failed=0, reason=sslv3 alert > handshake failure, SSL_error=1, errno=0, retry=-1, relay=localhost > [127.0.0.1] > sendmail[1045]: ruleset=tls_server, arg1=SOFTWARE, relay=[127.0.0.1], > reject=403 4.7.0 TLS handshake. > sm-mta[1046]: t5IBAMPQ001046: localhost [127.0.0.1] did not issue > MAIL/EXPN/VRFY/ETRN during connection to Daemon0 > sendmail[1045]: t5IBAMAB001045: to=www, ctladdr=pol (xxx/xxx), > delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30023, relay=[127.0.0.1] > [127.0.0.1], dsn=4.0.0, stat=Deferred: 403 4.7.0 TLS handshake. > > And I still have the same problem after upgrading to > 10.1-RELEASE-p13 and rebooting. > > Both servers use base sendmail, and I have done nothing > (except adding aliases) with the sendmail configuration > in them. Not even created `hostname` mc/cf files, so they > are using the default cf files. > Did you (re)generate your dh.params file as noted in the Workaround section? On my systems, I had to do this to support the actual patch (not to perform the workaround). You might have to restart sendmail as well, but I have not tested this. Royce From owner-freebsd-stable@FreeBSD.ORG Thu Jun 18 13:22:22 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 36532CF7; Thu, 18 Jun 2015 13:22:22 +0000 (UTC) (envelope-from list-freebsd-announce@jyborn.se) Received: from mailgate.leissner.se (mailgate.leissner.se [212.3.1.210]) by mx1.freebsd.org (Postfix) with ESMTP id BAC6BC57; Thu, 18 Jun 2015 13:22:21 +0000 (UTC) (envelope-from list-freebsd-announce@jyborn.se) Received: from mailgate.leissner.se (localhost [127.0.0.1]) by mailgate.leissner.se (8.15.1/8.15.1) with ESMTP id t5IDMJUl094524; Thu, 18 Jun 2015 15:22:19 +0200 (CEST) (envelope-from list-freebsd-announce@jyborn.se) Received: (from uucp@localhost) by mailgate.leissner.se (8.15.1/8.15.1/Submit) id t5IDMJGr094521; Thu, 18 Jun 2015 15:22:19 +0200 (CEST) (envelope-from list-freebsd-announce@jyborn.se) Received: from pol.leissner.se(192.71.29.17), claiming to be "pol-server.leissner.se" via SMTP by mailgate.leissner.se, id smtpd6qbPQ4; Thu Jun 18 15:22:11 2015 Received: from localhost (pol-server.leissner.se [local]); by pol-server.leissner.se (OpenSMTPD) with ESMTPA id f2cc0381; Thu, 18 Jun 2015 15:22:11 +0200 (CEST) Date: Thu, 18 Jun 2015 15:22:11 +0200 From: Peter Olsson To: Royce Williams Cc: freebsd-stable , FreeBSD Errata Notices Subject: Re: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-15:08.sendmail Message-ID: <20150618132211.GO7234@pol-server.leissner.se> References: <201506180553.t5I5rKlO059969@freefall.freebsd.org> <20150618112132.GD7234@pol-server.leissner.se> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Jun 2015 13:22:22 -0000 On Thu, Jun 18, 2015 at 04:54:31AM -0800, Royce Williams wrote: > On Thu, Jun 18, 2015 at 3:21 AM, Peter Olsson < > list-freebsd-announce@jyborn.se> wrote: > > > On Thu, Jun 18, 2015 at 05:53:20AM +0000, FreeBSD Errata Notices wrote: > > > Corrected: 2015-06-17 02:39:10 UTC (stable/10, 10.1-STABLE) > > > 2015-06-18 05:36:45 UTC (releng/10.1, 10.1-RELEASE-p13) > > > > > > V. Solution > > ... > > > # freebsd-update fetch > > > # freebsd-update install > > > > This does not seem to solve the problem. > > > > I upgraded two of my 10.1-RELEASE-pX servers to > > 10.1-RELEASE-p12 a couple of days ago, after which all > > outgoing mail, both for local destinations and for > > destinations outside the servers, end up stuck in > > /var/spool/clientmqueue with this in maillog: > > > > And I still have the same problem after upgrading to > > 10.1-RELEASE-p13 and rebooting. > > > > Both servers use base sendmail, and I have done nothing > > (except adding aliases) with the sendmail configuration > > in them. Not even created `hostname` mc/cf files, so they > > are using the default cf files. > > > > Did you (re)generate your dh.params file as noted in the Workaround section? No, because of this text under Solution: " A change to the raise the default for sendmail client connections to 1024-bit DH parameters has been committed. " As I understand it this would remove the need for generating the dh.params file? Hence my thinking that the patch is maybe not 100% correct. Mail from these two servers are not critical for me, so I will wait and see if there is another patch or if in fact I have to generate the dh.params file. > On my systems, I had to do this to support the actual patch (not to perform > the workaround). > > You might have to restart sendmail as well, but I have not tested this. I rebooted the server, didn't help. Peter Olsson From owner-freebsd-stable@FreeBSD.ORG Thu Jun 18 13:24:39 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 762ECFE for ; Thu, 18 Jun 2015 13:24:39 +0000 (UTC) (envelope-from matthew@freebsd.org) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3cd3:cd67:fafa:3d78]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.infracaninophile.co.uk", Issuer "infracaninophile.co.uk" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 034A4C7D for ; Thu, 18 Jun 2015 13:24:38 +0000 (UTC) (envelope-from matthew@freebsd.org) Received: from ox-dell39.ox.adestra.com (no-reverse-dns.metronet-uk.com [85.199.232.226] (may be forged)) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.15.1/8.15.1) with ESMTPSA id t5IDONMC070405 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for ; Thu, 18 Jun 2015 14:24:29 +0100 (BST) (envelope-from matthew@freebsd.org) Authentication-Results: smtp.infracaninophile.co.uk; dmarc=none header.from=freebsd.org DKIM-Filter: OpenDKIM Filter v2.9.2 smtp.infracaninophile.co.uk t5IDONMC070405 Authentication-Results: smtp.infracaninophile.co.uk/t5IDONMC070405; dkim=none reason="no signature"; dkim-adsp=none; dkim-atps=neutral X-Authentication-Warning: lucid-nonsense.infracaninophile.co.uk: Host no-reverse-dns.metronet-uk.com [85.199.232.226] (may be forged) claimed to be ox-dell39.ox.adestra.com Message-ID: <5582C67F.5050508@freebsd.org> Date: Thu, 18 Jun 2015 14:24:15 +0100 From: Matthew Seaman User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 MIME-Version: 1.0 To: freebsd-stable@freebsd.org Subject: Re: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-15:08.sendmail References: <201506180553.t5I5rKlO059969@freefall.freebsd.org> <20150618112132.GD7234@pol-server.leissner.se> In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="v4E7JAdqFuEW8iI14xeSSmp4GGNJnFaRK" X-Virus-Scanned: clamav-milter 0.98.7 at lucid-nonsense.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham autolearn_force=no version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on lucid-nonsense.infracaninophile.co.uk X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Jun 2015 13:24:39 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --v4E7JAdqFuEW8iI14xeSSmp4GGNJnFaRK Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 06/18/15 13:54, Royce Williams wrote: > Did you (re)generate your dh.params file as noted in the Workaround sec= tion? There isn't a default dh.param file. The suggested work-around in the EN is to generate one. > On my systems, I had to do this to support the actual patch (not to per= form > the workaround). Which is precisely the point. The EN suggests either to patch sendmail or add a dh.param file. Either of those should work alone, but according to reports on various mailing lists it seems only the dh.param method works reliably (and I can personally confirm it works without needing the sendmail patches from the EN.) It's not clear to me if there are some special circumstances that happen to prevent the fix in the EN working for just a few people, or if it is a more general problem. > You might have to restart sendmail as well, but I have not tested this.= Yes you do, with either alternative. Cheers, Matthew --v4E7JAdqFuEW8iI14xeSSmp4GGNJnFaRK Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJVgsaHAAoJEABRPxDgqeTnF7UP/jIBBoUhROKjMMX7LFxbAc4t QQ7vbNzr3CY2RBY3QAJkzNu4sCJWFE1pkGKbHoI58cXDJdJV8LmsBe30tOp1Zy81 oaIviE9IitMUUb1PBYoQM2Z9hUeGVtvt4JdqCRGSUyHhmscVpTZIGNrJaAOUE6oQ z4lWO9Pq0YWzMDWwfu4R585uSPH6bZuqTom5KXiKlGZt1u5zm6qa7es+RajtahE7 A8PCmK7W5vh8KH4edrnJ7IchdWwgjnFueKbGZ3+bavKnX0T2sGgQDx3q1VMA3oHg xWGm0YJyxla5tv4xY3+MPE+kvtlJbzXEHHvaEONYX4Rs6jmWQ5TgD1+G+Ism2s71 0OniA8vzpCUNKysRPrmDEPyc0P4xQX/huH7kQCisGE0jlDToB1OBrADO7NNpchzF mffGEsWGD3RZ8vOtaWuA/wWmVrVcflt+JfG3086kL/HKuSYBgJVmHOh5vRYkinv3 FwjXHisgt79uNIpe+pnQjb73vZeylUMZV1F1ii84Ri8U64VdiAV3hqycEaUSWpod W7svODR3V7+0mD+SogINKSyhZ6c5aVjaz09VfIarNpgfYNdMtbZ8Hu8pqGPzu6gc izyjK08HnhA4M0/wYoQe1mBc7+N5pAFjsAFoTB8eCzenQ5SEYMIsHwdnRWu23mv+ ipgkqMUE6WDV77wYf841 =/gp0 -----END PGP SIGNATURE----- --v4E7JAdqFuEW8iI14xeSSmp4GGNJnFaRK-- From owner-freebsd-stable@FreeBSD.ORG Thu Jun 18 13:27:36 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id AFED3229; Thu, 18 Jun 2015 13:27:36 +0000 (UTC) (envelope-from mike@sentex.net) Received: from smarthost1.sentex.ca (smarthost1.sentex.ca [IPv6:2607:f3e0:0:1::12]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "smarthost.sentex.ca", Issuer "smarthost.sentex.ca" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 7813AC9E; Thu, 18 Jun 2015 13:27:36 +0000 (UTC) (envelope-from mike@sentex.net) Received: from [IPv6:2607:f3e0:0:4:f025:8813:7603:7e4a] (saphire3.sentex.ca [IPv6:2607:f3e0:0:4:f025:8813:7603:7e4a]) by smarthost1.sentex.ca (8.14.9/8.14.9) with ESMTP id t5IDRZWY018009; Thu, 18 Jun 2015 09:27:36 -0400 (EDT) (envelope-from mike@sentex.net) Message-ID: <5582C749.9060801@sentex.net> Date: Thu, 18 Jun 2015 09:27:37 -0400 From: Mike Tancsa Organization: Sentex Communications User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 MIME-Version: 1.0 To: Pavel Timofeev , freebsd-stable stable , Gregory Shapiro Subject: Re: Last openssl update brakes localhost email sending References: In-Reply-To: Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.75 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Jun 2015 13:27:36 -0000 On 6/18/2015 5:00 AM, Pavel Timofeev wrote: > Here is kind of proof that nothing is changed in mail dir since installation. We ran into this as well. There are notes in UPDATING now that have the instructions on what changes need to be done to the locale .mc file. https://lists.freebsd.org/pipermail/svn-src-head/2015-June/073118.html But we also have been seeing the odd site that cannot accept mail now with opportunistic encryption, so we had to disable TLS for them :( ---Mike -- ------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ From owner-freebsd-stable@FreeBSD.ORG Thu Jun 18 14:43:32 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id F2E51C3 for ; Thu, 18 Jun 2015 14:43:32 +0000 (UTC) (envelope-from ca+envelope@esmtp.org) Received: from zardoc.esmtp.org (zardoc.esmtp.org [70.36.157.240]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "zardoc.esmtp.org", Issuer "Claus Assmann CA RSA 2015" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id D5ADD2D5 for ; Thu, 18 Jun 2015 14:43:32 +0000 (UTC) (envelope-from ca+envelope@esmtp.org) Received: from x2.esmtp.org (localhost. [127.0.0.1]) by zardoc.esmtp.org (MeTA1-1.1.Alpha1.0) with ESMTPS (TLS=TLSv1.2, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256, verify=OK) id S000000000013049500; Thu, 18 Jun 2015 07:43:26 -0700 Received: (from ca@localhost) by x2.esmtp.org (8.14.6/8.12.10.Beta0/Submit) id t5IEhQ6N004576 for freebsd-stable@freebsd.org; Thu, 18 Jun 2015 07:43:26 -0700 (PDT) Date: Thu, 18 Jun 2015 07:43:26 -0700 From: Claus Assmann To: freebsd-stable@freebsd.org Subject: Re: sendmail: TLS interop Message-ID: <20150618144326.GA29275@x2.esmtp.org> Reply-To: freebsd-stable@freebsd.org Mail-Followup-To: freebsd-stable@freebsd.org References: <5582C749.9060801@sentex.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5582C749.9060801@sentex.net> User-Agent: Mutt/1.5.22+16 (adf90e5365bc) (2013-10-16) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Jun 2015 14:43:33 -0000 On Thu, Jun 18, 2015, Mike Tancsa wrote: > But we also have been seeing the odd site that cannot accept mail now > with opportunistic encryption, so we had to disable TLS for them :( Do you have a list of those? Are those sites having problems with larger DH primes? Can you set a different cipher list for them so TLS works again? From owner-freebsd-stable@FreeBSD.ORG Thu Jun 18 15:04:07 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 64400776 for ; Thu, 18 Jun 2015 15:04:07 +0000 (UTC) (envelope-from gshapiro@gshapiro.net) Received: from zim.gshapiro.net (zim.gshapiro.net [IPv6:2001:4f8:3:36::224]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.gshapiro.net", Issuer "Certificate Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4B2F99DC for ; Thu, 18 Jun 2015 15:04:07 +0000 (UTC) (envelope-from gshapiro@gshapiro.net) Received: from minime.local (c-98-207-41-174.hsd1.ca.comcast.net [98.207.41.174]) (authenticated bits=0) by zim.gshapiro.net (8.15.1.30/8.15.1.30) with ESMTPSA id t5IF44Z3073958 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 18 Jun 2015 08:04:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=gshapiro.net; s=gatsby.dkim; t=1434639847; bh=JQwdk+c8YSnpQJue4R2dOP4TfMmDDK1nVZ2iYl7bKEI=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=N2mZs72vY/jyI0dfzsJA4FuNcyVMbuDLVrH95NeYL3JKbdou55Ir+sYpZiYi2eyaa ZmVmb9Z9zUNocR3ihNfQDmTH3pNE3ItgU9uyxkyx/9f83MCA76iYDqFTRbYaqBdMNz A2SaDYf6R0FwMv4KqkSzPIgy2dX501QwK6G4qBpk= Date: Thu, 18 Jun 2015 08:04:04 -0700 From: Gregory Shapiro To: Mike Tancsa Cc: Pavel Timofeev , freebsd-stable stable Subject: Re: Last openssl update brakes localhost email sending Message-ID: <20150618150404.GA42082@minime.local> References: <5582C749.9060801@sentex.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5582C749.9060801@sentex.net> User-Agent: Mutt/1.5.23 (2014-03-12) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Jun 2015 15:04:07 -0000 > We ran into this as well. There are notes in UPDATING now that have the > instructions on what changes need to be done to the locale .mc file. Even better than UPDATING: https://security.FreeBSD.org/advisories/FreeBSD-EN-15:08.sendmail.asc From owner-freebsd-stable@FreeBSD.ORG Thu Jun 18 15:10:17 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B563A958 for ; Thu, 18 Jun 2015 15:10:17 +0000 (UTC) (envelope-from timp87@gmail.com) Received: from mail-wg0-x22f.google.com (mail-wg0-x22f.google.com [IPv6:2a00:1450:400c:c00::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4CDDCA7C for ; Thu, 18 Jun 2015 15:10:17 +0000 (UTC) (envelope-from timp87@gmail.com) Received: by wgzl5 with SMTP id l5so66591400wgz.3 for ; Thu, 18 Jun 2015 08:10:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=Gh0LRLInlqNfNW3HN2NccXerry5yUKS226hgICQ+jPQ=; b=MjfVYchePiqgxUhKDmGf5L/giW1S3/eVYl2hgE2SWwxgZNEXzT8EBcZjcE2gmacdHS d8FLfQRS/TQpjFHxsAVF7kl8WqKlYH0Lm9Sh5+USTBH3ZPzmWTuqvq5mmEQwwyxS0FCU rc+dEmBa0O8MAT7mCxnpt8sUOiof4Od7UsLr4cozNfh5mxq+id1DLiWdhTvpyAM6p/uX p7uP4dcdK52w1lrGbGXlJcpRxq8/ZV6diQEm8kZgBBBq5aWvUwdDGOKuaxBRCbS/F4bY htnfqCh10c2f7F5thvhHQKtHoXeUoEAXDo0QkauKiiFSnvQgGpVQodv4E7ii//InyaXy AgPg== MIME-Version: 1.0 X-Received: by 10.180.149.243 with SMTP id ud19mr29571312wib.11.1434640215855; Thu, 18 Jun 2015 08:10:15 -0700 (PDT) Received: by 10.28.48.147 with HTTP; Thu, 18 Jun 2015 08:10:15 -0700 (PDT) In-Reply-To: <20150618150404.GA42082@minime.local> References: <5582C749.9060801@sentex.net> <20150618150404.GA42082@minime.local> Date: Thu, 18 Jun 2015 18:10:15 +0300 Message-ID: Subject: Re: Last openssl update brakes localhost email sending From: Pavel Timofeev To: Gregory Shapiro Cc: Mike Tancsa , freebsd-stable stable Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Jun 2015 15:10:17 -0000 Hi! Thank you! Of course, I know about that workaround. But it's still a "workaround". Where is the working solution? I already wrote about that. From owner-freebsd-stable@FreeBSD.ORG Thu Jun 18 15:10:37 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 487C2A47; Thu, 18 Jun 2015 15:10:37 +0000 (UTC) (envelope-from gshapiro@gshapiro.net) Received: from zim.gshapiro.net (zim.gshapiro.net [IPv6:2001:4f8:3:36::224]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.gshapiro.net", Issuer "Certificate Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 2D29BABC; Thu, 18 Jun 2015 15:10:37 +0000 (UTC) (envelope-from gshapiro@gshapiro.net) Received: from minime.local (c-98-207-41-174.hsd1.ca.comcast.net [98.207.41.174]) (authenticated bits=0) by zim.gshapiro.net (8.15.1.30/8.15.1.30) with ESMTPSA id t5IFAXo0074110 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 18 Jun 2015 08:10:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=gshapiro.net; s=gatsby.dkim; t=1434640236; bh=UJBrOE4t+pqSo9VDBHju+BM23SDnMCc0MXU8BpSqb10=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=coacuykyWb9p1g0s94LKoVI+kPZvsflr1oVGp1HKUhfzDJc8G0usTb7SP7wZPANt8 g875o57s/pxu+W8UDnCkLdKC8udj/1hNst4tIzsajFLcY7glLcIwSxHk/3zP2ToiNC AFuLIT9eIeYZwFGFmu/NDj1c2eHAcjnPnDtjk6AI= Date: Thu, 18 Jun 2015 08:10:33 -0700 From: Gregory Shapiro To: Peter Olsson Cc: Royce Williams , FreeBSD Errata Notices , freebsd-stable Subject: Re: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-15:08.sendmail Message-ID: <20150618151032.GB42082@minime.local> References: <201506180553.t5I5rKlO059969@freefall.freebsd.org> <20150618112132.GD7234@pol-server.leissner.se> <20150618132211.GO7234@pol-server.leissner.se> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20150618132211.GO7234@pol-server.leissner.se> User-Agent: Mutt/1.5.23 (2014-03-12) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Jun 2015 15:10:37 -0000 > > Did you (re)generate your dh.params file as noted in the Workaround section? > > No, because of this text under Solution: > " > A change to the raise the default for sendmail client connections to > 1024-bit DH parameters has been committed. > " > > As I understand it this would remove the need for generating > the dh.params file? You do not need to regenerate dh.params with the patch unless you have specifically set DHParameters in /etc/mail/sendmail.cf to a lower strength. What is the output of: grep DHParam /etc/mail/sendmail.cf If it is set to a string beginning with '5' or a filename and that file was generated using 512-bit strength, then remove that setting. From owner-freebsd-stable@FreeBSD.ORG Thu Jun 18 15:16:14 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A51D1C2F; Thu, 18 Jun 2015 15:16:14 +0000 (UTC) (envelope-from list-freebsd-announce@jyborn.se) Received: from mailgate.leissner.se (mailgate.leissner.se [212.3.1.210]) by mx1.freebsd.org (Postfix) with ESMTP id 3540DC94; Thu, 18 Jun 2015 15:16:13 +0000 (UTC) (envelope-from list-freebsd-announce@jyborn.se) Received: from mailgate.leissner.se (localhost [127.0.0.1]) by mailgate.leissner.se (8.15.1/8.15.1) with ESMTP id t5IFGBxi097858; Thu, 18 Jun 2015 17:16:11 +0200 (CEST) (envelope-from list-freebsd-announce@jyborn.se) Received: (from uucp@localhost) by mailgate.leissner.se (8.15.1/8.15.1/Submit) id t5IFGBKJ097857; Thu, 18 Jun 2015 17:16:11 +0200 (CEST) (envelope-from list-freebsd-announce@jyborn.se) Received: from pol.leissner.se(192.71.29.17), claiming to be "pol-server.leissner.se" via SMTP by mailgate.leissner.se, id smtpdXCavhs; Thu Jun 18 17:16:08 2015 Received: from localhost (pol-server.leissner.se [local]); by pol-server.leissner.se (OpenSMTPD) with ESMTPA id c960cd49; Thu, 18 Jun 2015 17:16:08 +0200 (CEST) Date: Thu, 18 Jun 2015 17:16:08 +0200 From: Peter Olsson To: Gregory Shapiro Cc: FreeBSD Errata Notices , freebsd-stable Subject: Re: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-15:08.sendmail Message-ID: <20150618151608.GB3755@pol-server.leissner.se> References: <201506180553.t5I5rKlO059969@freefall.freebsd.org> <20150618112132.GD7234@pol-server.leissner.se> <20150618132211.GO7234@pol-server.leissner.se> <20150618151032.GB42082@minime.local> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20150618151032.GB42082@minime.local> User-Agent: Mutt/1.5.23 (2014-03-12) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Jun 2015 15:16:14 -0000 On Thu, Jun 18, 2015 at 08:10:33AM -0700, Gregory Shapiro wrote: > > > Did you (re)generate your dh.params file as noted in the Workaround section? > > > > No, because of this text under Solution: > > " > > A change to the raise the default for sendmail client connections to > > 1024-bit DH parameters has been committed. > > " > > > > As I understand it this would remove the need for generating > > the dh.params file? > > You do not need to regenerate dh.params with the patch unless you have > specifically set DHParameters in /etc/mail/sendmail.cf to a lower > strength. What is the output of: > > grep DHParam /etc/mail/sendmail.cf > > If it is set to a string beginning with '5' or a filename and that > file was generated using 512-bit strength, then remove that setting. I never changed or generated anything in the mail configuration on these servers, they use the default mc/cf files: $ grep DHParam /etc/mail/sendmail.cf # DHParameters (only required if DSA/DH is used) O DHParameters=/etc/mail/certs/dh.param $ ls -l /etc/mail/certs total 12 lrwxr-xr-x 1 root wheel 10 31 Aug 2014 4bc0b037.0 -> cacert.pem -rw-r--r-- 1 root wheel 1326 31 Aug 2014 cacert.pem -rw-r--r-- 1 root wheel 1375 31 Aug 2014 host.cert -rw------- 1 root wheel 1704 31 Aug 2014 host.key Peter Olsson From owner-freebsd-stable@FreeBSD.ORG Thu Jun 18 15:26:18 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 6E027F4F for ; Thu, 18 Jun 2015 15:26:18 +0000 (UTC) (envelope-from mike@sentex.net) Received: from smarthost1.sentex.ca (smarthost1.sentex.ca [IPv6:2607:f3e0:0:1::12]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "smarthost.sentex.ca", Issuer "smarthost.sentex.ca" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 36D2BEE7 for ; Thu, 18 Jun 2015 15:26:18 +0000 (UTC) (envelope-from mike@sentex.net) Received: from [IPv6:2607:f3e0:0:4:f025:8813:7603:7e4a] (saphire3.sentex.ca [IPv6:2607:f3e0:0:4:f025:8813:7603:7e4a]) by smarthost1.sentex.ca (8.14.9/8.14.9) with ESMTP id t5IFQHQp037585 for ; Thu, 18 Jun 2015 11:26:18 -0400 (EDT) (envelope-from mike@sentex.net) Message-ID: <5582E31B.1050705@sentex.net> Date: Thu, 18 Jun 2015 11:26:19 -0400 From: Mike Tancsa Organization: Sentex Communications User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 MIME-Version: 1.0 To: freebsd-stable@freebsd.org Subject: Re: sendmail: TLS interop References: <5582C749.9060801@sentex.net> <20150618144326.GA29275@x2.esmtp.org> In-Reply-To: <20150618144326.GA29275@x2.esmtp.org> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 2.75 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Jun 2015 15:26:18 -0000 On 6/18/2015 10:43 AM, Claus Assmann wrote: > On Thu, Jun 18, 2015, Mike Tancsa wrote: > >> But we also have been seeing the odd site that cannot accept mail now >> with opportunistic encryption, so we had to disable TLS for them :( > > Do you have a list of those? > Are those sites having problems with larger DH primes? Actually, Looking at the error message, I guess its on our end. STARTTLS=client, error: connect failed=-1, reason=dh key too small, SSL_error=1, errno=0, retry=-1 I added define(`confDH_PARAMETERS', `2') to this particular server ---Mike -- ------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ From owner-freebsd-stable@FreeBSD.ORG Thu Jun 18 15:41:55 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 3BF085CF; Thu, 18 Jun 2015 15:41:55 +0000 (UTC) (envelope-from gshapiro@gshapiro.net) Received: from zim.gshapiro.net (zim.gshapiro.net [IPv6:2001:4f8:3:36::224]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.gshapiro.net", Issuer "Certificate Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 087255FA; Thu, 18 Jun 2015 15:41:55 +0000 (UTC) (envelope-from gshapiro@gshapiro.net) Received: from C02N93Y5G3QT.corp.proofpoint.com (mx2.proofpoint.com [208.86.202.10]) (authenticated bits=0) by zim.gshapiro.net (8.15.1.30/8.15.1.30) with ESMTPSA id t5IFfmNU074646 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 18 Jun 2015 08:41:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=gshapiro.net; s=gatsby.dkim; t=1434642114; bh=3HCH29h53OPR/L90yfjhRITBaQoy/ROxOJl9A4AE1Bs=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=fDuB71kZN3ZVvEU3tFZSJdm57QdJngmUU8ZV7LyX0V0l9LPdtPq0a6ScFH+la9zFN fz44kmeh+gd/J48hK4GthYS0Is1HCauIL3aoOiab3iUmFVGl2NDHEeovTNqmOVsq7l IQdnsYQpagHIkHktKqFpun10zThPDu+9B3i7pMSc= Date: Thu, 18 Jun 2015 08:41:51 -0700 From: Gregory Shapiro To: Peter Olsson Cc: FreeBSD Errata Notices , freebsd-stable Subject: Re: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-15:08.sendmail Message-ID: <20150618154115.GA68153@C02N93Y5G3QT.corp.proofpoint.com> References: <201506180553.t5I5rKlO059969@freefall.freebsd.org> <20150618112132.GD7234@pol-server.leissner.se> <20150618132211.GO7234@pol-server.leissner.se> <20150618151032.GB42082@minime.local> <20150618151608.GB3755@pol-server.leissner.se> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20150618151608.GB3755@pol-server.leissner.se> User-Agent: Mutt/1.5.23 (2014-03-12) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Jun 2015 15:41:55 -0000 > I never changed or generated anything in the mail configuration > on these servers, they use the default mc/cf files: > > $ grep DHParam /etc/mail/sendmail.cf > # DHParameters (only required if DSA/DH is used) > O DHParameters=/etc/mail/certs/dh.param > > $ ls -l /etc/mail/certs > total 12 > lrwxr-xr-x 1 root wheel 10 31 Aug 2014 4bc0b037.0 -> cacert.pem > -rw-r--r-- 1 root wheel 1326 31 Aug 2014 cacert.pem > -rw-r--r-- 1 root wheel 1375 31 Aug 2014 host.cert > -rw------- 1 root wheel 1704 31 Aug 2014 host.key I found what is breaking it. This commit made locally to FreeBSD: Revision 256982 Modified Wed Oct 23 16:55:20 2013 UTC (19 months, 3 weeks ago) by jmg MFC r256773: Enable the automatic creation of a certificate (if one does not exists) and enable the usage by sendmail if sendmail is enabled. sets DHParameters to that file but nothing else generates that file. We'll have to rev the Errata (and patch) to create that file. In the mean time, generating the file will fix the problem: openssl dhparam -out /etc/mail/certs/dh.param 2048 I'll probably fix this by changing /etc/rc.d/sendmail to do the above. I'll also look into the sendmail source behavior when the file doesn't exist (it should revert to it's defaults). From owner-freebsd-stable@FreeBSD.ORG Thu Jun 18 17:36:23 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C9A51D5A; Thu, 18 Jun 2015 17:36:23 +0000 (UTC) (envelope-from jenkins-admin@freebsd.org) Received: from jenkins-9.freebsd.org (jenkins-9.freebsd.org [8.8.178.209]) by mx1.freebsd.org (Postfix) with ESMTP id B96CA7F9; Thu, 18 Jun 2015 17:36:23 +0000 (UTC) (envelope-from jenkins-admin@freebsd.org) Received: from jenkins-9.freebsd.org (localhost [127.0.0.1]) by jenkins-9.freebsd.org (Postfix) with ESMTP id D3F711B6; Thu, 18 Jun 2015 17:36:23 +0000 (UTC) Date: Thu, 18 Jun 2015 17:36:23 +0000 (GMT) From: jenkins-admin@freebsd.org To: jenkins-admin@FreeBSD.org, freebsd-stable@FreeBSD.org, freebsd-i386@FreeBSD.org Message-ID: <2073361883.1.1434648983671.JavaMail.jenkins@jenkins-9.freebsd.org> Subject: FreeBSD_STABLE_9-i386 - Build #68 - Failure MIME-Version: 1.0 X-Jenkins-Job: FreeBSD_STABLE_9-i386 X-Jenkins-Result: FAILURE Precedence: bulk Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Jun 2015 17:36:23 -0000 FreeBSD_STABLE_9-i386 - Build #68 - Failure: Check console output at https://jenkins.freebsd.org/job/FreeBSD_STABLE_9-i386/68/ to view the results. From owner-freebsd-stable@FreeBSD.ORG Thu Jun 18 18:37:04 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 091DBBFA; Thu, 18 Jun 2015 18:37:04 +0000 (UTC) (envelope-from list-freebsd-announce@jyborn.se) Received: from mailgate.leissner.se (mailgate.leissner.se [212.3.1.210]) by mx1.freebsd.org (Postfix) with ESMTP id 7293D8A2; Thu, 18 Jun 2015 18:37:02 +0000 (UTC) (envelope-from list-freebsd-announce@jyborn.se) Received: from mailgate.leissner.se (localhost [127.0.0.1]) by mailgate.leissner.se (8.15.1/8.15.1) with ESMTP id t5IIaxCG003585; Thu, 18 Jun 2015 20:36:59 +0200 (CEST) (envelope-from list-freebsd-announce@jyborn.se) Received: (from uucp@localhost) by mailgate.leissner.se (8.15.1/8.15.1/Submit) id t5IIaxqK003583; Thu, 18 Jun 2015 20:36:59 +0200 (CEST) (envelope-from list-freebsd-announce@jyborn.se) Received: from pol.leissner.se(192.71.29.17), claiming to be "pol-server.leissner.se" via SMTP by mailgate.leissner.se, id smtpdM2rP4x; Thu Jun 18 20:36:49 2015 Received: from localhost (pol-server.leissner.se [local]); by pol-server.leissner.se (OpenSMTPD) with ESMTPA id c8684114; Thu, 18 Jun 2015 20:36:49 +0200 (CEST) Date: Thu, 18 Jun 2015 20:36:49 +0200 From: Peter Olsson To: Gregory Shapiro Cc: FreeBSD Errata Notices , freebsd-stable Subject: Re: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-15:08.sendmail Message-ID: <20150618183649.GE3755@pol-server.leissner.se> References: <201506180553.t5I5rKlO059969@freefall.freebsd.org> <20150618112132.GD7234@pol-server.leissner.se> <20150618132211.GO7234@pol-server.leissner.se> <20150618151032.GB42082@minime.local> <20150618151608.GB3755@pol-server.leissner.se> <20150618154115.GA68153@C02N93Y5G3QT.corp.proofpoint.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20150618154115.GA68153@C02N93Y5G3QT.corp.proofpoint.com> User-Agent: Mutt/1.5.23 (2014-03-12) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Jun 2015 18:37:04 -0000 On Thu, Jun 18, 2015 at 08:41:51AM -0700, Gregory Shapiro wrote: > > I never changed or generated anything in the mail configuration > > on these servers, they use the default mc/cf files: > > > > $ grep DHParam /etc/mail/sendmail.cf > > # DHParameters (only required if DSA/DH is used) > > O DHParameters=/etc/mail/certs/dh.param > > > > $ ls -l /etc/mail/certs > > total 12 > > lrwxr-xr-x 1 root wheel 10 31 Aug 2014 4bc0b037.0 -> cacert.pem > > -rw-r--r-- 1 root wheel 1326 31 Aug 2014 cacert.pem > > -rw-r--r-- 1 root wheel 1375 31 Aug 2014 host.cert > > -rw------- 1 root wheel 1704 31 Aug 2014 host.key > > I found what is breaking it. This commit made locally to FreeBSD: > > Revision 256982 > Modified Wed Oct 23 16:55:20 2013 UTC (19 months, 3 weeks ago) by jmg > MFC r256773: > Enable the automatic creation of a certificate (if one does not exists) > and enable the usage by sendmail if sendmail is enabled. > > sets DHParameters to that file but nothing else generates that file. > We'll have to rev the Errata (and patch) to create that file. In the mean > time, generating the file will fix the problem: > > openssl dhparam -out /etc/mail/certs/dh.param 2048 > > I'll probably fix this by changing /etc/rc.d/sendmail to do the above. > > I'll also look into the sendmail source behavior when the file doesn't > exist (it should revert to it's defaults). Thanks for the investigation and explanation. I have now generated dh.param in both servers and rebooted, and the problem is gone. Thanks! Peter Olsson From owner-freebsd-stable@FreeBSD.ORG Thu Jun 18 19:46:50 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id DA3669E0; Thu, 18 Jun 2015 19:46:50 +0000 (UTC) (envelope-from jenkins-admin@freebsd.org) Received: from jenkins-9.freebsd.org (jenkins-9.freebsd.org [8.8.178.209]) by mx1.freebsd.org (Postfix) with ESMTP id C8979B2A; Thu, 18 Jun 2015 19:46:50 +0000 (UTC) (envelope-from jenkins-admin@freebsd.org) Received: from jenkins-9.freebsd.org (localhost [127.0.0.1]) by jenkins-9.freebsd.org (Postfix) with ESMTP id 3BA7C205; Thu, 18 Jun 2015 19:46:51 +0000 (UTC) Date: Thu, 18 Jun 2015 19:46:50 +0000 (GMT) From: jenkins-admin@freebsd.org To: jenkins-admin@FreeBSD.org, freebsd-stable@FreeBSD.org, freebsd-i386@FreeBSD.org Message-ID: <39773793.1.1434656811142.JavaMail.jenkins@jenkins-9.freebsd.org> In-Reply-To: <2073361883.1.1434648983671.JavaMail.jenkins@jenkins-9.freebsd.org> References: <2073361883.1.1434648983671.JavaMail.jenkins@jenkins-9.freebsd.org> Subject: FreeBSD_STABLE_9-i386 - Build #69 - Fixed MIME-Version: 1.0 X-Jenkins-Job: FreeBSD_STABLE_9-i386 X-Jenkins-Result: SUCCESS Precedence: bulk Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Jun 2015 19:46:51 -0000 FreeBSD_STABLE_9-i386 - Build #69 - Fixed: Check console output at https://jenkins.freebsd.org/job/FreeBSD_STABLE_9-i386/69/ to view the results. From owner-freebsd-stable@FreeBSD.ORG Thu Jun 18 21:05:52 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 2962897F for ; Thu, 18 Jun 2015 21:05:52 +0000 (UTC) (envelope-from stable@museum.rain.com) Received: from ns.umpquanet.com (ns.umpquanet.com [98.158.10.80]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "secure.umpquanet.com", Issuer "StartCom Class 1 Primary Intermediate Server CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 0B44114F for ; Thu, 18 Jun 2015 21:05:51 +0000 (UTC) (envelope-from stable@museum.rain.com) Received: from ns.umpquanet.com (localhost [127.0.0.1]) by ns.umpquanet.com (8.14.9/8.14.9) with ESMTP id t5IKo74Y054406 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 18 Jun 2015 13:50:07 -0700 (PDT) (envelope-from stable@museum.rain.com) Received: (from james@localhost) by ns.umpquanet.com (8.14.9/8.14.9/Submit) id t5IKo7Ei054405 for freebsd-stable@freebsd.org; Thu, 18 Jun 2015 13:50:07 -0700 (PDT) (envelope-from stable@museum.rain.com) Date: Thu, 18 Jun 2015 13:50:07 -0700 From: James Long To: freebsd-stable@freebsd.org Subject: ifconfig VLAN cloning, renaming, configuring in rc.conf.local Message-ID: <20150618205007.GA54259@ns.umpquanet.com> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Jun 2015 21:05:52 -0000 [Please CC: me on any replies, as I check my inbox more frequently than I check this list.] I have three servers running 9.3-STABLE which are designed to be able to exchange jails so that a virtual host can be readily moved to a different physical host. Because physical NIC names could differ, the ezjail config files are set up to use an interface name of 'public' or 'private' depending on which of the two physical NICs each jail wants to use, and the rc.conf system is responsible to configure the physical NICs with the correct 'public' and 'private' NICknames (pardon the expression). The hitch is that one of the three machines is on a trunked switch port, so that it can access multiple (two) VLANs through a single physical NIC. This works fine once I manually configure it, but I can't find a way to adapt my rc.conf.local model to handle the VLAN setup automatically at boot time. I want to end up with a 'public' interface on vlan 1 of the main physical NIC (and multiple IPs configured), a 'vlan100' interface on vlan 100 of the main physical NIC (with IPs configured), and a 'private' interface on the secondary physical NIC (with IPs configured). I use an identical rc.conf on the servers, and keep the nitty gritty details in rc.conf.local, as follows: rc.conf: # most machine-specific stuff is in rc.conf.local # # these settings are common to all # moused_enable="YES" gateway_enable="YES" inetd_enable="YES" sshd_enable="YES" sshd_flags='-o "PermitRootLogin=without-password" -o "ListenAddress=$IP:22"' zfs_enable="YES" ezjail_enable="YES" ##eof## Here is the problematic rc.conf.local: hostname="trunked-server.example.com" # vlan trunking on interface bce0: # physical interface bce0 just needs to be up ifconfig_bce0="up" # We will clone two vlan interfaces: cloned_interfaces="vlan1 vlan100" # The details for those two cloned interfaces: ifconfig_vlan1="vlan 1 vlandev bce0" ifconfig_vlan100="vlan 100 vlandev bce0" # Some interfaces get renamed, so that jails can find # the "public" and "private" interfaces: ifconfig_vlan1_name="public" ifconfig_bce1_name="private" # primary public IP: IP="10.158.10.18" MASK="/25" defaultrouter="10.158.10.1" # public interface IPs: ipv4_addrs_public=" ${IP}${MASK} 10.158.10.10/32 10.158.10.31-47/32 " ipv4_addrs_vlan100=" 10.158.2.5/27 " # private interface IPs: #ipv4_addrs_private="10.0.0.7/24" firewall_enable="YES" # Set to YES to enable firewall functionality firewall_script="/root/fw.sh" # jail settings: jail_set_hostname_allow="NO" # jail_jail1_parameters="allow.raw_sockets=1 allow.sysvipc=1" jail_parameters=" allow.raw_sockets=1 allow.mount.devfs=1 allow.set_hostname=0 " ##eof## Some things I have found: As given above, the vlan interfaces don't get set up the way I want them. public gets created and has all the IPs, but is on vlan 0 with no parent device: bce0: flags=8843 metric 0 mtu 1500 options=c01bb ether 00:1f:29:e1:22:f6 inet6 fe80::21f:29ff:fee1:22f6%bce0 prefixlen 64 scopeid 0x1 nd6 options=29 media: Ethernet autoselect (100baseTX ) status: active private: flags=8802 metric 0 mtu 1500 options=c01bb ether 00:1f:29:e1:22:f4 nd6 options=29 media: Ethernet autoselect lo0: flags=8049 metric 0 mtu 16384 options=600003 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x9 inet 127.0.0.1 netmask 0xff000000 nd6 options=21 public: flags=8003 metric 0 mtu 1500 ether 00:00:00:00:00:00 inet 10.158.10.18 netmask 0xffffff80 broadcast 10.158.10.127 inet 10.158.10.10 netmask 0xffffffff broadcast 10.158.10.10 inet 10.158.10.31 netmask 0xffffffff broadcast 10.158.10.31 inet 10.158.10.32 netmask 0xffffffff broadcast 10.158.10.32 inet 10.158.10.33 netmask 0xffffffff broadcast 10.158.10.33 inet 10.158.10.34 netmask 0xffffffff broadcast 10.158.10.34 inet 10.158.10.35 netmask 0xffffffff broadcast 10.158.10.35 inet 10.158.10.36 netmask 0xffffffff broadcast 10.158.10.36 inet 10.158.10.37 netmask 0xffffffff broadcast 10.158.10.37 inet 10.158.10.38 netmask 0xffffffff broadcast 10.158.10.38 inet 10.158.10.39 netmask 0xffffffff broadcast 10.158.10.39 inet 10.158.10.40 netmask 0xffffffff broadcast 10.158.10.40 inet 10.158.10.41 netmask 0xffffffff broadcast 10.158.10.41 inet 10.158.10.42 netmask 0xffffffff broadcast 10.158.10.42 inet 10.158.10.43 netmask 0xffffffff broadcast 10.158.10.43 inet 10.158.10.44 netmask 0xffffffff broadcast 10.158.10.44 inet 10.158.10.45 netmask 0xffffffff broadcast 10.158.10.45 inet 10.158.10.46 netmask 0xffffffff broadcast 10.158.10.46 inet 10.158.10.47 netmask 0xffffffff broadcast 10.158.10.47 nd6 options=29 vlan: 0 parent interface: vlan100: flags=8843 metric 0 mtu 1500 options=103 ether 00:1f:29:e1:22:f6 inet 10.158.2.5 netmask 0xffffffe0 broadcast 10.158.2.31 nd6 options=29 media: Ethernet autoselect (100baseTX ) status: active vlan: 100 parent interface: bce0 ipfw0: flags=8801 metric 0 mtu 65536 nd6 options=21 My first thought was to clone the vlan 1 interface as 'public' directly, instead of cloning it as 'vlan1' and then renaming it (although, is that specifically not supported?) However, ifconfig doesn't seem to like that syntax: # ifconfig public create vlan 1 vlandev bce0 ifconfig: SIOCIFCREATE2: Invalid argument What do I need to do to get the vlan1 interface cloned properly, configured with the proper IPs, and renamed as 'public'? Thank you! Please let me know if I can supply additional information. Jim From owner-freebsd-stable@FreeBSD.ORG Thu Jun 18 23:09:38 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 54D41843 for ; Thu, 18 Jun 2015 23:09:38 +0000 (UTC) (envelope-from jamie@dyslexicfish.net) Received: from dyslexicfish.net (deadcat.mail.dyslexicfish.net [45.63.12.202]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 01587219 for ; Thu, 18 Jun 2015 23:09:37 +0000 (UTC) (envelope-from jamie@dyslexicfish.net) Received: from dyslexicfish.net (deadcat.mail.dyslexicfish.net [45.63.12.202]) by dyslexicfish.net (8.14.5/8.14.5) with ESMTP id t5IN2lvQ090848; Fri, 19 Jun 2015 00:02:47 +0100 (BST) (envelope-from jamie@dyslexicfish.net) Received: (from jamie@localhost) by dyslexicfish.net (8.14.5/8.14.5/Submit) id t5IN2l82090847; Fri, 19 Jun 2015 00:02:47 +0100 (BST) (envelope-from jamie) From: Jamie Landeg-Jones Message-Id: <201506182302.t5IN2l82090847@dyslexicfish.net> Date: Fri, 19 Jun 2015 00:02:47 +0100 To: gshapiro@gshapiro.net Cc: freebsd-stable@freebsd.org Subject: Re: Last openssl update brakes localhost email sending References: <5582C749.9060801@sentex.net> <20150618150404.GA42082@minime.local> In-Reply-To: User-Agent: Heirloom mailx 12.4 7/29/08 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (dyslexicfish.net [45.63.12.202]); Fri, 19 Jun 2015 00:02:47 +0100 (BST) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Jun 2015 23:09:38 -0000 Hello! I'm curious... Why is localhost delivery encrypted by default in the first place? I have this in /etc/mail/access: # ---------------------------------------------------------------------------- # Disable local encrypted connections: Srv_Features:localhost S # ---------------------------------------------------------------------------- The only reason I can think of is if there is some unencrypted TCP relayed 'tunnel', that has been set up not using ssh or some other encrypted transport. Have I answered my own question? This hardly seems like typical usage, and if someone did do such a thing, I'd expect them to know to tweak the sendmail defaults. Cheers, Jamie From owner-freebsd-stable@FreeBSD.ORG Fri Jun 19 19:57:38 2015 Return-Path: Delivered-To: stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id DFC709A for ; Fri, 19 Jun 2015 19:57:38 +0000 (UTC) (envelope-from trtrmitya@gmail.com) Received: from mail-lb0-x232.google.com (mail-lb0-x232.google.com [IPv6:2a00:1450:4010:c04::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 16EA38EF for ; Fri, 19 Jun 2015 19:57:38 +0000 (UTC) (envelope-from trtrmitya@gmail.com) Received: by lbbvz5 with SMTP id vz5so30258919lbb.0 for ; Fri, 19 Jun 2015 12:57:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:content-type:subject:message-id:date:to:mime-version; bh=dllcol1ERVzuQNcGgmgAuUgf09n94zzfy/5BgWn7li8=; b=cT6O6+r7aUuek1xGzxXb73Mrr/h3StOJJ3H2z2EGdKDgsWuek5Y1bmzq51UDoWpEaS Wb7bpy9jvL8h0XvC8TlVNtANHFhZu8npvEvpwaoAszvAmAd8BNN6K70tfDWwAP3ts09e +u1nGp5jpEODj/IpEOLpt+urf6IXoHD9Jt9kl8qgr+44tz0gMkKkPzQVpaD0t68YeRXf KdSyCVLmDVgyDsHap3mrBWpGod/zn3tg0/V8UTJQrfuB7oiU+R8RyA0a/uTpdG/TtAfR /XJp/+Ny7PVlfUWwV/uBwVCUEaouuspjLwuVtkWxprlM631ncmh47s5+0nmtTdz6SozE avYQ== X-Received: by 10.152.204.7 with SMTP id ku7mr19360670lac.38.1434743855561; Fri, 19 Jun 2015 12:57:35 -0700 (PDT) Received: from [10.0.1.6] (broadband-5-228-251-108.nationalcablenetworks.ru. [5.228.251.108]) by mx.google.com with ESMTPSA id sf1sm825072lbb.3.2015.06.19.12.57.34 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 19 Jun 2015 12:57:34 -0700 (PDT) From: Dmitry Sivachenko Subject: panic: wm_page_unwire Message-Id: <8436D969-5AF2-4189-A509-B44669906AEB@gmail.com> Date: Fri, 19 Jun 2015 22:57:33 +0300 To: FreeBSD Stable ML Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2098\)) X-Mailer: Apple Mail (2.2098) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Jun 2015 19:57:39 -0000 Hello, got this panic today on my 10.1-STABLE #0 r279956 box: From owner-freebsd-stable@FreeBSD.ORG Sat Jun 20 03:22:52 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id F3BC9C0; Sat, 20 Jun 2015 03:22:51 +0000 (UTC) (envelope-from gshapiro@gshapiro.net) Received: from zim.gshapiro.net (zim.gshapiro.net [IPv6:2001:4f8:3:36::224]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.gshapiro.net", Issuer "Certificate Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id D7768FE5; Sat, 20 Jun 2015 03:22:51 +0000 (UTC) (envelope-from gshapiro@gshapiro.net) Received: from minime.local (c-98-207-41-174.hsd1.ca.comcast.net [98.207.41.174]) (authenticated bits=0) by zim.gshapiro.net (8.15.1.30/8.15.1.30) with ESMTPSA id t5K3Mjer021384 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 19 Jun 2015 20:22:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=gshapiro.net; s=gatsby.dkim; t=1434770571; bh=8ZxLADFDwR92mLZydqiPMWK2Ly82Gg2MZLFp/wcRhtk=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=aLV1JS3ge3LG1I1dYcdUtf7RsseGIzQv+ROt+M9e2nB8EwqE2P+Za67vh2K9GT9aK Sdpctscnfdnd4EW12Ms8vtF118Ah8gcLumB+Os//Ybwci8l4iePK2XCrihW53Hrb7a tPJEKzrFuiMihvDK377sZ3dq8iaBHqUa17G/BkRs= Date: Fri, 19 Jun 2015 20:22:45 -0700 From: Gregory Shapiro To: Peter Olsson Cc: FreeBSD Errata Notices , freebsd-stable Subject: Re: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-15:08.sendmail Message-ID: <20150620032245.GF45374@minime.local> References: <201506180553.t5I5rKlO059969@freefall.freebsd.org> <20150618112132.GD7234@pol-server.leissner.se> <20150618132211.GO7234@pol-server.leissner.se> <20150618151032.GB42082@minime.local> <20150618151608.GB3755@pol-server.leissner.se> <20150618154115.GA68153@C02N93Y5G3QT.corp.proofpoint.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20150618154115.GA68153@C02N93Y5G3QT.corp.proofpoint.com> User-Agent: Mutt/1.5.23 (2014-03-12) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Jun 2015 03:22:52 -0000 > I'll probably fix this by changing /etc/rc.d/sendmail to do the above. > > I'll also look into the sendmail source behavior when the file doesn't > exist (it should revert to it's defaults). As a quick update, the sendmail open source team have completed a set of changes to address these issues. I'll be testing a new change this weekend for a revised Errata Notice. I'll post a patch here by tomorrow for those willing to assist in testing. From owner-freebsd-stable@FreeBSD.ORG Sat Jun 20 07:23:43 2015 Return-Path: Delivered-To: stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 63784412 for ; Sat, 20 Jun 2015 07:23:43 +0000 (UTC) (envelope-from trtrmitya@gmail.com) Received: from mail-la0-x230.google.com (mail-la0-x230.google.com [IPv6:2a00:1450:4010:c03::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id DC087E12 for ; Sat, 20 Jun 2015 07:23:42 +0000 (UTC) (envelope-from trtrmitya@gmail.com) Received: by labko7 with SMTP id ko7so85644094lab.2 for ; Sat, 20 Jun 2015 00:23:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date :content-transfer-encoding:message-id:references:to; bh=azvKkBG5IUe8h14Qka8ePCgZWXGNm75u+r8fBp3UQVg=; b=wwmQWHbi2JrOeR4ONaHMFCmyHqPkdEM0748TT1vD+JLouWC1N+x36CC3/bB0S8P0MO QtXjAdPf8TulcISFqMjH1GoTJmI4sl16bcDdCfYJxuUp+QmNj+382jIiJyzdSZgDZAjX B72NAhM2ZfmCbdXd2b/zAXYS2HeMgvagDfwFmGco4dSOvC59AIuTQKuBnWMLmr0XnxCa WRX/AHreTSa8Loyt/ncmh515Avj4wtddsZDI/wLPgqWRkDKknHf3NINPT1vD/kOqdjSl WeH1DDVY6kzVV7G5/aXTcNkIp8Jzzk9+JLIwvL53noMpSZPxGumryP+i6/JnaaZ9ncRe CDYw== X-Received: by 10.112.171.101 with SMTP id at5mr21496690lbc.66.1434785021018; Sat, 20 Jun 2015 00:23:41 -0700 (PDT) Received: from [10.0.1.6] (broadband-5-228-251-108.nationalcablenetworks.ru. [5.228.251.108]) by mx.google.com with ESMTPSA id q3sm3027669laa.30.2015.06.20.00.23.40 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sat, 20 Jun 2015 00:23:40 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2098\)) Subject: Re: panic: wm_page_unwire From: Dmitry Sivachenko In-Reply-To: <8436D969-5AF2-4189-A509-B44669906AEB@gmail.com> Date: Sat, 20 Jun 2015 10:23:39 +0300 Content-Transfer-Encoding: quoted-printable Message-Id: <60FB4B9C-CC80-4269-8C94-F9DE3D98EE0D@gmail.com> References: <8436D969-5AF2-4189-A509-B44669906AEB@gmail.com> To: FreeBSD Stable ML X-Mailer: Apple Mail (2.2098) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Jun 2015 07:23:43 -0000 > On 19 =D0=B8=D1=8E=D0=BD=D1=8F 2015 =D0=B3., at 22:57, Dmitry = Sivachenko wrote: >=20 > Hello, >=20 > got this panic today on my 10.1-STABLE #0 r279956 box: >=20 > Well, I tracked this down a bit. Rather easy way to panic -stable box = (mine is r279956), but I can't reliably reproduce this. It happens when there is a process running which mmap()+mlock() some = file, and while it is running this file is modified on disk (not rm+mv, but open the same file, truncate and write some other data = into it). After process exits, system will panic with high probability. So far I got 2 cases: 1) run process which mlock()'s a file; modify that file; stop process = and system panics 2) run process which mlock()'s a file; modify that file; stop process = [no panic so far]; modify that file again and system panics. Panic message is the same: panic: vm_page_unwire: page 's wire = count is zero= From owner-freebsd-stable@FreeBSD.ORG Sat Jun 20 10:02:39 2015 Return-Path: Delivered-To: stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 54C7D14E; Sat, 20 Jun 2015 10:02:39 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from kib.kiev.ua (kib.kiev.ua [IPv6:2001:470:d5e7:1::1]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D27D6875; Sat, 20 Jun 2015 10:02:38 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from tom.home (kostik@localhost [127.0.0.1]) by kib.kiev.ua (8.14.9/8.14.9) with ESMTP id t5KA1Jd3001665 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Sat, 20 Jun 2015 13:01:19 +0300 (EEST) (envelope-from kostikbel@gmail.com) DKIM-Filter: OpenDKIM Filter v2.9.2 kib.kiev.ua t5KA1Jd3001665 Received: (from kostik@localhost) by tom.home (8.14.9/8.14.9/Submit) id t5KA1HwU001662; Sat, 20 Jun 2015 13:01:17 +0300 (EEST) (envelope-from kostikbel@gmail.com) X-Authentication-Warning: tom.home: kostik set sender to kostikbel@gmail.com using -f Date: Sat, 20 Jun 2015 13:01:17 +0300 From: Konstantin Belousov To: Dmitry Sivachenko Cc: FreeBSD Stable ML , alc@freebsd.org Subject: Re: panic: wm_page_unwire Message-ID: <20150620100116.GU2080@kib.kiev.ua> References: <8436D969-5AF2-4189-A509-B44669906AEB@gmail.com> <60FB4B9C-CC80-4269-8C94-F9DE3D98EE0D@gmail.com> MIME-Version: 1.0 In-Reply-To: <60FB4B9C-CC80-4269-8C94-F9DE3D98EE0D@gmail.com> User-Agent: Mutt/1.5.23 (2014-03-12) X-Spam-Status: No, score=-2.0 required=5.0 tests=ALL_TRUSTED,BAYES_00, DKIM_ADSP_CUSTOM_MED,FREEMAIL_FROM,NML_ADSP_CUSTOM_MED autolearn=no autolearn_force=no version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on tom.home Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 8bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Jun 2015 10:02:39 -0000 On Sat, Jun 20, 2015 at 10:23:39AM +0300, Dmitry Sivachenko wrote: > > > On 19 ÉÀÎÑ 2015 Ç., at 22:57, Dmitry Sivachenko wrote: > > > > Hello, > > > > got this panic today on my 10.1-STABLE #0 r279956 box: > > > > > > > Well, I tracked this down a bit. Rather easy way to panic -stable box (mine is r279956), but I can't reliably reproduce this. > > It happens when there is a process running which mmap()+mlock() some file, and while it is running this file is modified on disk > (not rm+mv, but open the same file, truncate and write some other data into it). > > After process exits, system will panic with high probability. > > So far I got 2 cases: > > 1) run process which mlock()'s a file; modify that file; stop process and system panics > 2) run process which mlock()'s a file; modify that file; stop process [no panic so far]; modify that file again and system panics. > > Panic message is the same: panic: vm_page_unwire: page 's wire count is zero I was able to reproduce something related, this may be very well your problem. Take the attached program. Select a scratch file on UFS mount point, say x. Run the following commands: mlock_modify x& dd if=/dev/zero of=x bs=1 count=1 fg ^C <- system might panic at this point, if buffers are in short supply dd if=/dev/zero of=x bs=1 count=1 <- at this point, the system must panic The issue apparently is the following: we have a wired shared mapping backed by a vnode, and the vnode is truncated, so that the mapped pages are removed from the vnode' object [*]. But, some other pages are inserted into the object at the same position to hold newly written data. Then, when the region is unwired during unmap, the vm_object_unwire() blindly unwires whatever pages belong to the object at the mapped range, without checking that the pages are indeed wired mapped there. Depending on whether the buffer for the page still exists when unwire is done, the panic would occur in the first or in the second place. * In fact, the pages are not removed immediately by vnode_pager_setsize()->vm_object_page_remove(), since the pages are still wired by buffer cache. But truncation does brelse(), which removes last wire count and vfs_vmio_release() correctly frees the pages. I do not see any other solution than to allow vm_object_unwire() to see if the region still maps the page we found through the object' backing chain walk. This makes the vm_object_unwire() name and interface somewhat strange for vm_object.c. diff --git a/sys/vm/vm_map.c b/sys/vm/vm_map.c index 12ebf5d..61ea796 100644 --- a/sys/vm/vm_map.c +++ b/sys/vm/vm_map.c @@ -2459,8 +2459,8 @@ vm_map_wire_entry_failure(vm_map_t map, vm_map_entry_t entry, */ if (failed_addr > entry->start) { pmap_unwire(map->pmap, entry->start, failed_addr); - vm_object_unwire(entry->object.vm_object, entry->offset, - failed_addr - entry->start, PQ_ACTIVE); + vm_object_unwire(map, entry, failed_addr - entry->start, + PQ_ACTIVE); } /* @@ -2839,8 +2839,7 @@ vm_map_entry_unwire(vm_map_t map, vm_map_entry_t entry) KASSERT(entry->wired_count > 0, ("vm_map_entry_unwire: entry %p isn't wired", entry)); pmap_unwire(map->pmap, entry->start, entry->end); - vm_object_unwire(entry->object.vm_object, entry->offset, entry->end - - entry->start, PQ_ACTIVE); + vm_object_unwire(map, entry, entry->end - entry->start, PQ_ACTIVE); entry->wired_count = 0; } diff --git a/sys/vm/vm_object.c b/sys/vm/vm_object.c index c7f3153..79b233f 100644 --- a/sys/vm/vm_object.c +++ b/sys/vm/vm_object.c @@ -2220,18 +2220,23 @@ vm_object_set_writeable_dirty(vm_object_t object) * wired. */ void -vm_object_unwire(vm_object_t object, vm_ooffset_t offset, vm_size_t length, +vm_object_unwire(vm_map_t map, vm_map_entry_t entry, vm_size_t length, uint8_t queue) { - vm_object_t tobject; + vm_object_t object, tobject; vm_page_t m, tm; + vm_ooffset_t offset; vm_pindex_t end_pindex, pindex, tpindex; int depth, locked_depth; + object = entry->object.vm_object; + offset = entry->offset; KASSERT((offset & PAGE_MASK) == 0, ("vm_object_unwire: offset is not page aligned")); KASSERT((length & PAGE_MASK) == 0, ("vm_object_unwire: length is not a multiple of PAGE_SIZE")); + KASSERT(length <= entry->end - entry->start, + ("vm_object_unwire: length too large")); /* The wired count of a fictitious page never changes. */ if ((object->flags & OBJ_FICTITIOUS) != 0) return; @@ -2254,9 +2259,8 @@ vm_object_unwire(vm_object_t object, vm_ooffset_t offset, vm_size_t length, tpindex += OFF_TO_IDX(tobject->backing_object_offset); tobject = tobject->backing_object; - KASSERT(tobject != NULL, - ("vm_object_unwire: missing page")); - if ((tobject->flags & OBJ_FICTITIOUS) != 0) + if (tobject == NULL || + (tobject->flags & OBJ_FICTITIOUS) != 0) goto next_page; depth++; if (depth == locked_depth) { @@ -2269,6 +2273,9 @@ vm_object_unwire(vm_object_t object, vm_ooffset_t offset, vm_size_t length, tm = m; m = TAILQ_NEXT(m, listq); } + if (pmap_extract(map->pmap, entry->start + + IDX_TO_OFF(pindex)) != VM_PAGE_TO_PHYS(tm)) + goto next_page; vm_page_lock(tm); vm_page_unwire(tm, queue); vm_page_unlock(tm); diff --git a/sys/vm/vm_object.h b/sys/vm/vm_object.h index 1f59156..9ac661d 100644 --- a/sys/vm/vm_object.h +++ b/sys/vm/vm_object.h @@ -320,7 +320,7 @@ void vm_object_shadow (vm_object_t *, vm_ooffset_t *, vm_size_t); void vm_object_split(vm_map_entry_t); boolean_t vm_object_sync(vm_object_t, vm_ooffset_t, vm_size_t, boolean_t, boolean_t); -void vm_object_unwire(vm_object_t object, vm_ooffset_t offset, +void vm_object_unwire(vm_map_t map, vm_map_entry_t entry, vm_size_t length, uint8_t queue); struct vnode *vm_object_vnode(vm_object_t object); #endif /* _KERNEL */ From owner-freebsd-stable@FreeBSD.ORG Sat Jun 20 11:07:55 2015 Return-Path: Delivered-To: stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A0C80952; Sat, 20 Jun 2015 11:07:55 +0000 (UTC) (envelope-from trtrmitya@gmail.com) Received: from mail-la0-x232.google.com (mail-la0-x232.google.com [IPv6:2a00:1450:4010:c03::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 240C17DC; Sat, 20 Jun 2015 11:07:55 +0000 (UTC) (envelope-from trtrmitya@gmail.com) Received: by labko7 with SMTP id ko7so87227174lab.2; Sat, 20 Jun 2015 04:07:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=Cb6g5Mj0YydhwGN8MH+xdBpbYiWbUbKi2+BvW/YWr3g=; b=iRtZr9jo/2yAU5j5Kb/oDt3KOGM/45SxvfBbDzBX3XQ4XZr6XAkUPRtCtQIIs84xF0 P8TyTDhpRD0m/lbui4cEPTbKLHW83SfTrWlx13Km0x0lP3c36qVt8P5Rbhc0toVlVc6b 7HbwAmP18Gfgytgn/3ZVgNFclaCAFxdJN3a/dihIds1WLd7sBM104wO36hkn8ENHSS5I 49I5FX7DszQoprqvM3K90y4nroUOqAuisWqpWKe6o+iN+7Ecj4AyTlJClegbOeACNNaa LiH6vEd/FwnuU1FwZ/t84SoZhWH+ODYesOijzEMAL3ycXpJmPJH8mzVVj4qQby02Cqnn GHdQ== X-Received: by 10.112.137.164 with SMTP id qj4mr21624232lbb.105.1434798473145; Sat, 20 Jun 2015 04:07:53 -0700 (PDT) Received: from [10.0.1.6] (broadband-5-228-251-108.nationalcablenetworks.ru. [5.228.251.108]) by mx.google.com with ESMTPSA id la10sm3125325lab.15.2015.06.20.04.07.52 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sat, 20 Jun 2015 04:07:52 -0700 (PDT) Content-Type: text/plain; charset=koi8-r Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2098\)) Subject: Re: panic: wm_page_unwire From: Dmitry Sivachenko In-Reply-To: <20150620100116.GU2080@kib.kiev.ua> Date: Sat, 20 Jun 2015 14:07:51 +0300 Cc: FreeBSD Stable ML , alc@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: <7643BD12-C684-4C50-93A8-C25CE5A535EC@gmail.com> References: <8436D969-5AF2-4189-A509-B44669906AEB@gmail.com> <60FB4B9C-CC80-4269-8C94-F9DE3D98EE0D@gmail.com> <20150620100116.GU2080@kib.kiev.ua> To: Konstantin Belousov X-Mailer: Apple Mail (2.2098) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Jun 2015 11:07:55 -0000 > On 20 =C9=C0=CE=D1 2015 =C7., at 13:01, Konstantin Belousov = wrote: >=20 >=20 > I was able to reproduce something related, this may be very well your > problem. Take the attached program. Select a scratch file on UFS = mount > point, say x. Run the following commands: > mlock_modify x& > dd if=3D/dev/zero of=3Dx bs=3D1 count=3D1 > fg > ^C <- system might panic at this point, if buffers are in short supply > dd if=3D/dev/zero of=3Dx bs=3D1 count=3D1 <- at this point, the system = must panic Yes, that is exactly two cases when I was able to reproduce a panic, so = it is apparently my issue. I tried your patch and I can confirm that it does fix the problem. Thanks! From owner-freebsd-stable@FreeBSD.ORG Sat Jun 20 16:32:08 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E7FAD2CD for ; Sat, 20 Jun 2015 16:32:08 +0000 (UTC) (envelope-from schors@gmail.com) Received: from mail-ig0-x22d.google.com (mail-ig0-x22d.google.com [IPv6:2607:f8b0:4001:c05::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B4B82C9E for ; Sat, 20 Jun 2015 16:32:08 +0000 (UTC) (envelope-from schors@gmail.com) Received: by igbqq3 with SMTP id qq3so36444580igb.0 for ; Sat, 20 Jun 2015 09:32:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=TbFlVjyK2lVxiAX4Wq6KR/oIUetZK71w5SgNG++ZUVQ=; b=Ypca60BkmEH9izZxKHDhzPiYzZ5ZJDFkBRb5WYAeLIp1oPsetAkf7/6Yaj540pkEnX 5P9RB6hKvSpMUHs0Z7T2SJLFA/l64znA50HBtBJcbKRZlm/ntBoo0MNf9B2HOfTR27/u AMGZxq2ir7EaaMKlL43h7I1tlgdWDSyO0oIeWbXM+PceUJ6AlXr2ITUKSwySWTFUvWyJ LPEWEBfxoeBds9if7YgAT93Ne5WIulwA67jwsfMBXn465U4TGm1Llg72rCUA5p39Go3z TNaXWagerycA6CgvfeQETvkf5v56Vcn/UhAqg4Ob9ZMc/q+dSyvml333bJsXQfHO0myG r1kA== MIME-Version: 1.0 X-Received: by 10.107.32.73 with SMTP id g70mr29443519iog.23.1434817928020; Sat, 20 Jun 2015 09:32:08 -0700 (PDT) Received: by 10.107.189.195 with HTTP; Sat, 20 Jun 2015 09:32:07 -0700 (PDT) Date: Sat, 20 Jun 2015 19:32:07 +0300 Message-ID: Subject: camcontrol commands results in Periph destroyed on mrsas From: Phil Kulin To: freebsd-stable@freebsd.org Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Jun 2015 16:32:09 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D200993 FreeBSD 10.1 amd64 on Dell R530 server camcontrol identify ... smartctl -a ... detach disk with message: da0 at mrsas0 bus 1 scbus1 target 0 lun 0 da0: s/n WZ141217AS1648620 detached (da0:mrsas0:1:0:0): Periph destroyed But camcontrol rescan sometimes return disk # smartctl -a /dev/da0 # camcontrol rescan 1:0:0 # camcontrol identify /dev/da0 # MegaCli -FwTermLog -Dsply -a0 =EF=BF=BD06/20/15 12:29:19: C0:EVT#02773-06/20/15 12:29:19: 113=3DUnexpecte= d sense: PD 00(e0x20/s0) Path 4433221104000000, CDB: 00 00 00 00 00 00, Sense: 1/00/1d =EF=BF=BD06/20/15 12:32:56: C0:SysDma: localAddrPlb 50e0241070, localAddr e0241070 00 00 1d 00 00 00 00 06/20/15 16:07:36: C0:EVT#02781-06/20/15 16:07:36: 113=3DUnexpected sense: PD 07(e0x20/s7) Path 4433221103000000, CDB: 1b 00 00 00 02 00, Sense: 5/24/00 # uname -a FreeBSD ********** 10.1-RELEASE-p10 FreeBSD 10.1-RELEASE-p10 #0: Wed May 13 06:54:13 UTC 2015 root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64 # sysctl -a | grep mrsas device mrsas da0 at mrsas0 bus 1 scbus1 target 0 lun 0 (da0:mrsas0:1:0:0): Periph destroyed da0 at mrsas0 bus 1 scbus1 target 0 lun 0 da0 at mrsas0 bus 1 scbus1 target 0 lun 0 (da0:mrsas0:1:0:0): Periph destroyed da0 at mrsas0 bus 1 scbus1 target 0 lun 0 da0 at mrsas0 bus 1 scbus1 target 0 lun 0 (da0:mrsas0:1:0:0): Periph destroyed da0 at mrsas0 bus 1 scbus1 target 0 lun 0 da7 at mrsas0 bus 1 scbus1 target 7 lun 0 hw.mfi.mrsas_enable: 1 dev.mrsas.%parent: dev.mrsas.0.%desc: LSI Invader SAS Controller dev.mrsas.0.%driver: mrsas dev.mrsas.0.%location: slot=3D0 function=3D0 dev.mrsas.0.%pnpinfo: vendor=3D0x1000 device=3D0x005d subvendor=3D0x1028 subdevice=3D0x1f49 class=3D0x010400 dev.mrsas.0.%parent: pci1 dev.mrsas.0.disable_ocr: 0 dev.mrsas.0.driver_version: 06.704.01.01-fbsd dev.mrsas.0.reset_count: 0 dev.mrsas.0.fw_outstanding: 0 dev.mrsas.0.io_cmds_highwater: 84 dev.mrsas.0.mrsas_debug: 9 dev.mrsas.0.mrsas_io_timeout: 180000 dev.mrsas.0.mrsas_fw_fault_check_delay: 1 dev.mrsas.0.reset_in_progress: 0 # MegaCli -AdpAllInfo -aAll Adapter #0 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D Versions =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Product Name : PERC H730 Mini Serial No : 4CF01GX FW Package Build: 25.2.1.0037 Mfg. Data =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Mfg. Date : 12/18/14 Rework Date : 12/18/14 Revision No : A00 Battery FRU : N/A Image Versions in Flash: =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D BIOS Version : 6.18.02.0_4.16.07.00_0x06070400 Ctrl-R Version : 5.03-0010 FW Version : 4.240.00-3615 NVDATA Version : 3.1310.00-0081 Boot Block Version : 3.02.00.00-0000 Pending Images in Flash =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D None PCI Info =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Controller Id : 0000 Vendor Id : 1000 Device Id : 005d SubVendorId : 1028 SubDeviceId : 1f49 Host Interface : PCIE ChipRevision : C0 Link Speed : 3 Number of Frontend Port: 0 Device Interface : PCIE Number of Backend Port: 8 Port : Address 0 4433221100000000 1 4433221101000000 2 4433221102000000 3 4433221103000000 4 4433221104000000 5 4433221105000000 6 4433221106000000 7 4433221107000000 HW Configuration =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D SAS Address : 544a84200655a100 BBU : Present Alarm : Absent NVRAM : Present Serial Debugger : Present Memory : Present Flash : Present Memory Size : 1024MB TPM : Absent On board Expander: Absent Upgrade Key : Absent Temperature sensor for ROC : Present Temperature sensor for controller : Present ROC temperature : 33 degree Celsius Controller temperature : 33 degree Celcius Settings =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Current Time : 16:24:37 6/20, 2015 Predictive Fail Poll Interval : 300sec Interrupt Throttle Active Count : 16 Interrupt Throttle Completion : 50us Rebuild Rate : 30% PR Rate : 30% BGI Rate : 30% Check Consistency Rate : 30% Reconstruction Rate : 30% Cache Flush Interval : 4s Max Drives to Spinup at One Time : 4 Delay Among Spinup Groups : 12s Physical Drive Coercion Mode : 128MB Cluster Mode : Disabled Alarm : Disabled Auto Rebuild : Enabled Battery Warning : Enabled Ecc Bucket Size : 255 Ecc Bucket Leak Rate : 240 Minutes Restore HotSpare on Insertion : Disabled Expose Enclosure Devices : Disabled Maintain PD Fail History : Disabled Host Request Reordering : Enabled Auto Detect BackPlane Enabled : SGPIO/i2c SEP Load Balance Mode : Auto Use FDE Only : Yes Security Key Assigned : No Security Key Failed : No Security Key Not Backedup : No Default LD PowerSave Policy : Controller Defined Maximum number of direct attached drives to spin up in 1 min : 0 Auto Enhanced Import : No Any Offline VD Cache Preserved : No Allow Boot with Preserved Cache : No Disable Online Controller Reset : No PFK in NVRAM : No Use disk activity for locate : No POST delay : 90 seconds BIOS Error Handling : Pause on Errors Current Boot Mode :Normal Capabilities =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RAID Level Supported : RAID0, RAID1, RAID5, RAID6, RAID10, RAID50, RAID60, PRL 11, PRL 11 with spanning, PRL11-RLQ0 DDF layout with no span, PRL11-RLQ0 DDF layout with span Supported Drives : SAS, SATA Allowed Mixing: Mix in Enclosure Allowed Status =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D ECC Bucket Count : 0 Limitations =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Max Arms Per VD : 32 Max Spans Per VD : 8 Max Arrays : 128 Max Number of VDs : 64 Max Parallel Commands : 928 Max SGE Count : 60 Max Data Transfer Size : 8192 sectors Max Strips PerIO : 42 Max LD per array : 16 Min Strip Size : 64 KB Max Strip Size : 1.0 MB Max Configurable CacheCade Size: 0 GB Current Size of CacheCade : 0 GB Current Size of FW Cache : 0 MB Device Present =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Virtual Drives : 0 Degraded : 0 Offline : 0 Physical Devices : 9 Disks : 8 Critical Disks : 0 Failed Disks : 0 Supported Adapter Operations =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Rebuild Rate : Yes CC Rate : Yes BGI Rate : Yes Reconstruct Rate : Yes Patrol Read Rate : Yes Alarm Control : Yes Cluster Support : No BBU : Yes Spanning : Yes Dedicated Hot Spare : Yes Revertible Hot Spares : Yes Foreign Config Import : Yes Self Diagnostic : Yes Allow Mixed Redundancy on Array : No Global Hot Spares : Yes Deny SCSI Passthrough : No Deny SMP Passthrough : No Deny STP Passthrough : No Support Security : Yes Snapshot Enabled : No Support the OCE without adding drives : Yes Support PFK : No Support PI : Yes Support Boot Time PFK Change : No Disable Online PFK Change : No Support LDPI Type1 : No Support LDPI Type2 : Yes Support LDPI Type3 : No Support Shield State : Yes Block SSD Write Disk Cache Change: No Support Online FW Update : Yes Supported VD Operations =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Read Policy : Yes Write Policy : Yes IO Policy : Yes Access Policy : Yes Disk Cache Policy : Yes Reconstruction : Yes Deny Locate : No Deny CC : No Allow Ctrl Encryption: No Enable LDBBM : Yes Support Breakmirror : Yes Power Savings : Yes Supported PD Operations =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Force Online : Yes Force Offline : Yes Force Rebuild : Yes Deny Force Failed : No Deny Force Good/Bad : No Deny Missing Replace : No Deny Clear : No Deny Locate : No Support Temperature : Yes NCQ : No Disable Copyback : No Enable JBOD : Yes Enable Copyback on SMART : Yes Enable Copyback to SSD on SMART Error : Yes Enable SSD Patrol Read : No PR Correct Unconfigured Areas : Yes Enable Spin Down of UnConfigured Drives : No Disable Spin Down of hot spares : Yes Spin Down time : 30 T10 Power State : Yes Error Counters =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Memory Correctable Errors : 0 Memory Uncorrectable Errors : 0 Cluster Information =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Cluster Permitted : No Cluster Active : No Default Settings =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Phy Polarity : 0 Phy PolaritySplit : 0 Background Rate : 30 Strip Size : 64kB Flush Time : 4 seconds Write Policy : WB Read Policy : Adaptive Cache When BBU Bad : Disabled Cached IO : No SMART Mode : Mode 6 Alarm Disable : No Coercion Mode : 128MB ZCR Config : Unknown Dirty LED Shows Drive Activity : No BIOS Continue on Error : 1 Spin Down Mode : None Allowed Device Type : SAS/SATA Mix Allow Mix in Enclosure : Yes Allow HDD SAS/SATA Mix in VD : No Allow SSD SAS/SATA Mix in VD : No Allow HDD/SSD Mix in VD : No Allow SATA in Cluster : No Max Chained Enclosures : 4 Disable Ctrl-R : No Enable Web BIOS : No Direct PD Mapping : Yes BIOS Enumerate VDs : Yes Restore Hot Spare on Insertion : No Expose Enclosure Devices : No Maintain PD Fail History : No Disable Puncturing : No Zero Based Enclosure Enumeration : Yes PreBoot CLI Enabled : No LED Show Drive Activity : Yes Cluster Disable : Yes SAS Disable : No Auto Detect BackPlane Enable : SGPIO/i2c SEP Use FDE Only : Yes Enable Led Header : No Delay during POST : 0 EnableCrashDump : No Disable Online Controller Reset : No EnableLDBBM : Yes Un-Certified Hard Disk Drives : Allow Treat Single span R1E as R10 : Yes Max LD per array : 16 Power Saving option : Don't spin down unconfigured drives Don't spin down Hot spares Don't Auto spin down Configured Drives Power settings apply to all drives - individual PD/LD power settings cannot be set Max power savings option is not allowed for LDs. Only T10 power conditions are to be used. Cached writes are not used for spun down VDs Can schedule disable power savings at controller level Default spin down time in minutes: 30 Enable JBOD : Yes TTY Log In Flash : Yes Auto Enhanced Import : No BreakMirror RAID Support : Yes Disable Join Mirror : Yes Enable Shield State : No Time taken to detect CME : 60s Exit Code: 0x00 # camcontrol devlist -v scbus0 on mrsas0 bus 0: <> at scbus0 target -1 lun ffffffff () scbus1 on mrsas0 bus 1: at scbus1 target 0 lun 0 (da0,pass0) at scbus1 target 1 lun 0 (pass1,da1) at scbus1 target 2 lun 0 (pass2,da2) at scbus1 target 3 lun 0 (pass3,da3) at scbus1 target 4 lun 0 (pass4,da4) at scbus1 target 5 lun 0 (pass5,da5) at scbus1 target 6 lun 0 (pass6,da6) at scbus1 target 7 lun 0 (pass7,da7) <> at scbus1 target -1 lun ffffffff () scbus2 on ahcich0 bus 0: <> at scbus2 target -1 lun ffffffff () scbus3 on ahcich1 bus 0: <> at scbus3 target -1 lun ffffffff () scbus4 on ahcich2 bus 0: <> at scbus4 target -1 lun ffffffff () scbus5 on ahcich3 bus 0: <> at scbus5 target -1 lun ffffffff () scbus6 on ahciem0 bus 0: at scbus6 target 0 lun 0 (pass8,ses0) <> at scbus6 target -1 lun ffffffff () scbus7 on ahcich4 bus 0: <> at scbus7 target -1 lun ffffffff () scbus8 on ahcich5 bus 0: <> at scbus8 target -1 lun ffffffff () scbus9 on ahcich6 bus 0: <> at scbus9 target -1 lun ffffffff () scbus10 on ahcich7 bus 0: <> at scbus10 target -1 lun ffffffff () scbus11 on ahcich8 bus 0: <> at scbus11 target -1 lun ffffffff () scbus12 on ahcich9 bus 0: <> at scbus12 target -1 lun ffffffff () scbus13 on ahciem1 bus 0: at scbus13 target 0 lun 0 (pass9,ses1) <> at scbus13 target -1 lun ffffffff () scbus-1 on xpt0 bus 0: <> at scbus-1 target -1 lun ffffffff (xpt0) --=20 Non nobis Domine non nobis sed Nomini Tuo da gloriam Phil Kulin