Date: Sun, 16 Oct 2016 23:49:09 +0000 (UTC) From: Google <no-reply@accounts.google.com> To: stable@freebsd.org Subject: Your recovery email address changed Message-ID: <1x7PeggN1gkI75CmBzbt3Q@notifications.google.com>
next in thread | raw e-mail | index | archive | help
WW91ciByZWNvdmVyeSBlbWFpbCBhZGRyZXNzIGNoYW5nZWQNCg0KDQoNCkhpIFZOU+WoseS5kOWf jjg3NjUwMi5jb23ms6jlhozpgIE4OOWFgyznvZHkuIrmnIDngavniIbnmoTmuLjmiI/lubPlj7As 6LaF5aW96LWi6ZKx5ri45oiPLA0KVGhlIHJlY292ZXJ5IGVtYWlsIGZvciB5b3VyIEdvb2dsZSBB Y2NvdW50IG1heGhpbGw1NDBAZ21haWwuY29tIHdhcw0KcmVjZW50bHkgY2hhbmdlZC4NCg0KKkRv bid0IHJlY29nbml6ZSB0aGlzIGFjdGl2aXR5PyoNClJldmlldyB5b3VyIHJlY2VudGx5IHVzZWQg ZGV2aWNlcw0KPGh0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbS9BY2NvdW50Q2hvb3Nlcj9FbWFp bD1tYXhoaWxsNTQwQGdtYWlsLmNvbSZjb250aW51ZT1odHRwczovL3NlY3VyaXR5Lmdvb2dsZS5j b20vc2V0dGluZ3Mvc2VjdXJpdHkvYWN0aXZpdHkvbnQvMTQ3NjY2MTc0OTUzMD9yZm4lM0QyJTI2 cmZuYyUzRDElMjZldCUzRDQlMjZhc2FlJTNEMiUyNmFuZXhwJTNEaXJlLWNvbnRyb2w+DQpub3cu DQoNCkJlc3QsDQpUaGUgR29vZ2xlIEFjY291bnRzIHRlYW0NCg0KDQoNClRoaXMgZW1haWwgY2Fu J3QgcmVjZWl2ZSByZXBsaWVzLiBGb3IgbW9yZSBpbmZvcm1hdGlvbiwgdmlzaXQgdGhlIEdvb2ds ZQ0KQWNjb3VudHMgSGVscCBDZW50ZXIgPGh0dHBzOi8vc3VwcG9ydC5nb29nbGUuY29tL2FjY291 bnRzL2Fuc3dlci8yNDUwMjM2Pi4NCg0KDQoNCllvdSByZWNlaXZlZCB0aGlzIG1hbmRhdG9yeSBl bWFpbCBzZXJ2aWNlIGFubm91bmNlbWVudCB0byB1cGRhdGUgeW91IGFib3V0DQppbXBvcnRhbnQg Y2hhbmdlcyB0byB5b3VyIEdvb2dsZSBwcm9kdWN0IG9yIGFjY291bnQuDQrCqSAyMDE2IEdvb2ds ZSBJbmMuLCAxNjAwIEFtcGhpdGhlYXRyZSBQYXJrd2F5LCBNb3VudGFpbiBWaWV3LCBDQSA5NDA0 MywgVVNBDQo= From owner-freebsd-stable@freebsd.org Mon Oct 17 00:32:59 2016 Return-Path: <owner-freebsd-stable@freebsd.org> Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 86690C14867 for <freebsd-stable@mailman.ysv.freebsd.org>; Mon, 17 Oct 2016 00:32:59 +0000 (UTC) (envelope-from kob6558@gmail.com) Received: from mail-vk0-x22d.google.com (mail-vk0-x22d.google.com [IPv6:2607:f8b0:400c:c05::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 345C81D31 for <freebsd-stable@freebsd.org>; Mon, 17 Oct 2016 00:32:59 +0000 (UTC) (envelope-from kob6558@gmail.com) Received: by mail-vk0-x22d.google.com with SMTP id q126so104615534vkd.2 for <freebsd-stable@freebsd.org>; Sun, 16 Oct 2016 17:32:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to; bh=oYrFjYV46m3Dctj0Sd/hs18lPfJhbZKHFQmntg9Kct0=; b=sAa5F/reZGHeHSLaXKFdy0nAjoAF/R55rxY6wEXKXj4kHcImGBNPFxWChG6ZaL/14G 043aQND3BdxHvlaAW8otV/exVNAJeCHRJ8flk6a6r8w9nbooW1L9eQDSmv3EvwzxBlc/ 3OfAO2pNd4De2V+6R7bW6iZO3xnma+8Y7wWHmcAJWC6iwaJC8SregKXMATimcuCOQ9TN VVJK296PyoBbOUuI8X388x5rocJRtc8DQBaqyTXt8gXb02K2IaQGPCLw3p/9tXsaML75 KXkpzPbAA/L/v/gM483dL6e2XLmQK6g0FvWlPBGXaCv5DZ5JzKzX52cWa0HoTfgKMcZ2 keNw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to; bh=oYrFjYV46m3Dctj0Sd/hs18lPfJhbZKHFQmntg9Kct0=; b=JWacufW9TgrAqoF7K43DVYdZAHh7uiViySaJJT4Ya2Xv3SgIHZP2wOwtLtOam2vUcn NlyzD9y6X1Gf4Q+mG5mgkUkzhcr/iaklw+9ZY+GkqXYNZMF4UUBgZkJlzspfrykCAdCE 4JCO5SW6BrLFJr10dyLzEwQnrYkQXfQE6gB1h89CW9X9I9lZ+hjLvOFfU+c3G64suNsX 3qFw2FeWY8eRlg4EsCZ/tlIXb9NzeCVnOUkFs/OIDVcSqAqHIKgFj9MOe3nSazU3ZquB PgggDT7B/CK1mqwEQIEsx0zuYByLU7/F1YFx/t3KlZVEPnP9pU/q2yqNF4f5kcx/giIP vmgA== X-Gm-Message-State: AA6/9RkmuO9U+3iGOZk5EqzGdnkxlj40pl1qenWvt0ZxopMlO5EE3cAY1GmgtlKJPW3Bk41QzhGNhj2icXq9yQ== X-Received: by 10.31.148.22 with SMTP id w22mr13224919vkd.87.1476664378189; Sun, 16 Oct 2016 17:32:58 -0700 (PDT) MIME-Version: 1.0 Sender: kob6558@gmail.com Received: by 10.103.118.78 with HTTP; Sun, 16 Oct 2016 17:32:57 -0700 (PDT) In-Reply-To: <20161016174540.GI1069@albert.catwhisker.org> References: <20161016162605.GG1069@albert.catwhisker.org> <e411c763-30b7-dee1-24d0-5c6278ef6a65@delphij.net> <20161016174540.GI1069@albert.catwhisker.org> From: Kevin Oberman <rkoberman@gmail.com> Date: Sun, 16 Oct 2016 17:32:57 -0700 X-Google-Sender-Auth: LwTfD9BRYTWRYL5R5nI6_qj6bV0 Message-ID: <CAN6yY1sgX7-QujHOODjbmi10gkic1pyM3gsVBjSRrtgVRsQKHQ@mail.gmail.com> Subject: Re: sshd whines & dies after releng/10 "freebsd-update" run To: David Wolfskill <david@catwhisker.org>, Xin Li <delphij@delphij.net>, FreeBSD-STABLE Mailing List <freebsd-stable@freebsd.org>, Xin LI <d@delphij.net> Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org> List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-stable>, <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable/>; List-Post: <mailto:freebsd-stable@freebsd.org> List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help> List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-stable>, <mailto:freebsd-stable-request@freebsd.org?subject=subscribe> X-List-Received-Date: Mon, 17 Oct 2016 00:32:59 -0000 On Sun, Oct 16, 2016 at 10:45 AM, David Wolfskill <david@catwhisker.org> wrote: > On Sun, Oct 16, 2016 at 10:29:00AM -0700, Xin Li wrote: > > ... > > On 10/16/16 09:26, David Wolfskill wrote: > > > And over the last year or so, it's worked pretty well: I have the > > > machine set up (as is usually my approach) to be able to boot from > > > either of a couple of slices. I use a "dump | restore" pipeline > > > to copy the / and /usr file systems from the "active" slice to the > > > "inactive" slice, adjust /etc/fstab on the inactive slice to reflect > > > reality for when it's the boot slice, then (while the file systemms > > > from the other slice are still mounted -- e.g., on /S2) run > > > "freebsd-update -b /S2 fetch install", then reboot from the > > > newly-updated slice. > > > > > > In the past, that's Just Worked. > > > > Your usage probably worked because you were lucky for a few times in the > > past. (details below) > > > > > This weekend, though, I was planning to update my other systems tfrom > > > stable/10 to stable/11, so I figured I'd try freebsd-update on this > > > machine first. > > > > > [...] > > > root@sisboombah:/tmp # `which sshd` -d > > > Undefined symbol "ssh_compat13" referenced from COPY relocation in > /usr/sbin/sshd > > > > > > Any clues? > > > > I think this is not going to work (stable/10 -> releng/10.3) due to ABI > > incompatibility in a downgrade. > > I seem to have failed to commnunicate clearly: The machine in question > does not, and has not, run "stable". It runs releng. > > At the moment (on the "old" slice), it reports: > > sisboombah(10.3-RELEASE-p7)[1] uname -a > FreeBSD sisboombah.catwhisker.org 10.3-RELEASE-p7 FreeBSD 10.3-RELEASE-p7 > #0: Thu Aug 11 18:38:15 UTC 2016 root@amd64-builder.daemonology.net: > /usr/obj/usr/src/sys/GENERIC amd64 > sisboombah(10.3-RELEASE-p7)[2] > > > Basically, freebsd-update is treating your stable/10 as a 10.3-RELEASE > > installation and will fetch only changes from 10.3-RELEASE to the latest > > patchlevel. > > I can see that... if the machine were running stable. > > > Because of a SSH vulnerability that affects 10.3, freebsd-update would > > patch libssh (shared library used by sshd and friends), however the > > change does not affect the main binary. This worked by replacing your > > existing libssh with the one shipped by freebsd-update (effectively > > downgraded the library) and that would break sshd. > > As a reality check: > sisboombah(10.3-RELEASE-p7)[4] sudo mount /S2 > Password: > sisboombah(10.3-RELEASE-p7)[5] sudo mount /S2/usr > sisboombah(10.3-RELEASE-p7)[6] ls -lT {,/S2}/usr/lib/private/libssh.so.* > -r--r--r-- 1 root wheel 634232 Oct 16 11:57:32 2016 > /S2/usr/lib/private/libssh.so.5 > -r--r--r-- 1 root wheel 569864 Jun 5 13:37:52 2016 > /usr/lib/private/libssh.so.5 > sisboombah(10.3-RELEASE-p7)[7] ls -lT {,/S2}/usr/sbin/ssh* > -r-xr-xr-x 1 root wheel 297736 Jun 5 13:38:35 2016 /S2/usr/sbin/sshd > -r-xr-xr-x 1 root wheel 297736 Jun 5 13:38:35 2016 /usr/sbin/sshd > sisboombah(10.3-RELEASE-p7)[8] > > > I think upgrade -r 10.2-RELEASE (ideally, 11.0-RELEASE though as it > > would eliminate the possibility of any potential incompatibility) would > > work because that would result in a full rewrite of all files. > > Well, I had seen reports of folks having "issues" with attempts to > use freebsd-update to get to releng/11 from systems that weren't > as up-to-date as they might be; I was actually trying to avoid a > problem.... :-} > > Peace, > david > -- > David H. Wolfskill david@catwhisker.org > Those who would murder in the name of God or prophet are blasphemous > cowards. > > See http://www.catwhisker.org/~david/publickey.gpg for my public key. > I believe sshd no longer supports ssh1 compatibility and it looks like you might still have an entry in /etc/sshd/sshd.config trying to touch v1. Check the file for any non-default entries. Compare your sshd_config with the default version in /usr/src/crypto/openssh. -- Kevin Oberman, Part time kid herder and retired Network Engineer E-mail: rkoberman@gmail.com PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1x7PeggN1gkI75CmBzbt3Q>