From nobody Wed Feb 26 20:51:45 2025 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Z36956PzBz5nt2v for ; Wed, 26 Feb 2025 20:52:09 +0000 (UTC) (envelope-from doctor@doctor.nl2k.ab.ca) Received: from doctor.nl2k.ab.ca (doctor.nl2k.ab.ca [204.209.81.1]) by mx1.freebsd.org (Postfix) with SMTP id 4Z36941QK3z3VRP for ; Wed, 26 Feb 2025 20:52:08 +0000 (UTC) (envelope-from doctor@doctor.nl2k.ab.ca) Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=pass (policy=quarantine) header.from=nl2k.ab.ca; spf=pass (mx1.freebsd.org: domain of doctor@doctor.nl2k.ab.ca designates 204.209.81.1 as permitted sender) smtp.mailfrom=doctor@doctor.nl2k.ab.ca Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.1 (FreeBSD)) (envelope-from ) id 1tnONd-000000007SO-24Td for freebsd-security@freebsd.org; Wed, 26 Feb 2025 13:51:45 -0700 Date: Wed, 26 Feb 2025 13:51:45 -0700 From: The Doctor To: freebsd-security@freebsd.org Subject: False positive Message-ID: List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Spamd-Result: default: False [2.39 / 15.00]; INTRODUCTION(2.00)[]; NEURAL_SPAM_LONG(1.00)[1.000]; NEURAL_HAM_SHORT(-0.93)[-0.926]; NEURAL_SPAM_MEDIUM(0.82)[0.820]; DMARC_POLICY_ALLOW(-0.50)[nl2k.ab.ca,quarantine]; ONCE_RECEIVED(0.20)[]; R_SPF_ALLOW(-0.20)[+a]; RCVD_NO_TLS_LAST(0.10)[]; MIME_GOOD(-0.10)[text/plain]; MIME_TRACE(0.00)[0:+]; TO_MATCH_ENVRCPT_ALL(0.00)[]; FROM_HAS_DN(0.00)[]; RCVD_COUNT_ONE(0.00)[1]; ARC_NA(0.00)[]; ASN(0.00)[asn:6171, ipnet:204.209.81.0/24, country:CA]; RCPT_COUNT_ONE(0.00)[1]; MISSING_XM_UA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; TO_DN_NONE(0.00)[]; MLMMJ_DEST(0.00)[freebsd-security@freebsd.org]; R_DKIM_NA(0.00)[]; MID_RHS_MATCH_FROM(0.00)[] X-Rspamd-Queue-Id: 4Z36941QK3z3VRP X-Spamd-Bar: ++ This main server is seeing curl -v -v -v -v -v -v -v -v -v -v -v -v https://gateway.moneris.com/chktv2/request/request.php * !!! WARNING !!! * This is a debug build of libcurl, do not use in production. * STATE: INIT => SETUP handle 0x15e5070d7808; line 2393 * STATE: SETUP => CONNECT handle 0x15e5070d7808; line 2409 * Added connection 0. The cache now contains 1 members * STATE: CONNECT => RESOLVING handle 0x15e5070d7808; line 2308 * Curl_multi_closed, fd=4 multi is 0x15e507095008 * Curl_multi_closed, fd=4 entry is 0x15e507010508 * Host gateway.moneris.com:443 was resolved. * IPv6: (none) * IPv4: 23.249.192.196 * STATE: RESOLVING => CONNECTING handle 0x15e5070d7808; line 2266 * Trying 23.249.192.196:443... * ALPN: curl offers h2,http/1.1 * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (OUT), TLS alert, unknown CA (560): * SSL certificate problem: self-signed certificate in certificate chain * multi_done[CONNECTING]: status: 60 prem: 1 done: 0 * multi_done, not reusing connection=0, forbid=0, close=0, premature=1, conn_multiplex=0 * Curl_disconnect(conn #0, aborted=1) * closing connection #0 * [CCACHE] closing #0 * Curl_multi_closed, fd=4 multi is 0x15e507095008 * Curl_multi_closed, fd=4 entry is (nil) * [CCACHE] trigger multi connchanged curl: (60) SSL certificate problem: self-signed certificate in certificate chain More details here: https://curl.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the webpage mentioned above. yet wen I check against KAli, the server says the certificate is correct. What could have gone wrong? -- Member - Liberal International This is doctor@nk.ca Ici doctor@nk.ca Yahweh, King & country!Never Satan President Republic!Beware AntiChrist rising! Look at Psalms 14 and 53 on Atheism ; Ontario vote for the Liberals - The best Anti-Trump option! From nobody Thu Feb 27 05:14:14 2025 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Z3KJk5bZcz5pXhL for ; Thu, 27 Feb 2025 05:14:30 +0000 (UTC) (envelope-from shuriku@shurik.kiev.ua) Received: from mail.flex-it.com.ua (mail.flex-it.com.ua [193.239.74.7]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4Z3KJj0fXpz3J71 for ; Thu, 27 Feb 2025 05:14:29 +0000 (UTC) (envelope-from shuriku@shurik.kiev.ua) Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of shuriku@shurik.kiev.ua designates 193.239.74.7 as permitted sender) smtp.mailfrom=shuriku@shurik.kiev.ua Received: from [188.231.181.61] (helo=[10.2.1.129]) by mail.flex-it.com.ua with esmtpsa (TLS1.3) tls TLS_AES_128_GCM_SHA256 (Exim 4.98.1 (FreeBSD)) (envelope-from ) id 1tnWE0-00000000OH6-0K1H for freebsd-security@freebsd.org; Thu, 27 Feb 2025 07:14:20 +0200 Message-ID: Date: Thu, 27 Feb 2025 07:14:14 +0200 List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: False positive To: freebsd-security@freebsd.org References: Content-Language: uk-UA From: Oleksandr Kryvulia In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-ACL-Warn: SPF failed. 188.231.181.61 is not allowed to send mail from shurik.kiev.ua. X-Spamd-Result: default: False [-1.48 / 15.00]; NEURAL_HAM_LONG(-0.92)[-0.917]; NEURAL_HAM_SHORT(-0.90)[-0.902]; NEURAL_SPAM_MEDIUM(0.64)[0.636]; R_SPF_ALLOW(-0.20)[+mx]; MIME_GOOD(-0.10)[text/plain]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; ASN(0.00)[asn:35297, ipnet:193.239.72.0/22, country:UA]; MIME_TRACE(0.00)[0:+]; RCVD_COUNT_ONE(0.00)[1]; MID_RHS_MATCH_FROM(0.00)[]; R_DKIM_NA(0.00)[]; MLMMJ_DEST(0.00)[freebsd-security@freebsd.org]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; ARC_NA(0.00)[]; TO_DN_NONE(0.00)[]; DMARC_NA(0.00)[shurik.kiev.ua]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCVD_TLS_ALL(0.00)[] X-Rspamd-Queue-Id: 4Z3KJj0fXpz3J71 X-Spamd-Bar: - 26.02.25 22:51, The Doctor: > This main server is seeing > > curl -v -v -v -v -v -v -v -v -v -v -v -v https://gateway.moneris.com/chktv2/request/request.php > * !!! WARNING !!! > * This is a debug build of libcurl, do not use in production. > * STATE: INIT => SETUP handle 0x15e5070d7808; line 2393 > * STATE: SETUP => CONNECT handle 0x15e5070d7808; line 2409 > * Added connection 0. The cache now contains 1 members > * STATE: CONNECT => RESOLVING handle 0x15e5070d7808; line 2308 > * Curl_multi_closed, fd=4 multi is 0x15e507095008 > * Curl_multi_closed, fd=4 entry is 0x15e507010508 > * Host gateway.moneris.com:443 was resolved. > * IPv6: (none) > * IPv4: 23.249.192.196 > * STATE: RESOLVING => CONNECTING handle 0x15e5070d7808; line 2266 > * Trying 23.249.192.196:443... > * ALPN: curl offers h2,http/1.1 > * TLSv1.3 (OUT), TLS handshake, Client hello (1): > * TLSv1.3 (IN), TLS handshake, Server hello (2): > * TLSv1.2 (IN), TLS handshake, Certificate (11): > * TLSv1.2 (OUT), TLS alert, unknown CA (560): > * SSL certificate problem: self-signed certificate in certificate chain > * multi_done[CONNECTING]: status: 60 prem: 1 done: 0 > * multi_done, not reusing connection=0, forbid=0, close=0, premature=1, conn_multiplex=0 > * Curl_disconnect(conn #0, aborted=1) > * closing connection #0 > * [CCACHE] closing #0 > * Curl_multi_closed, fd=4 multi is 0x15e507095008 > * Curl_multi_closed, fd=4 entry is (nil) > * [CCACHE] trigger multi connchanged > curl: (60) SSL certificate problem: self-signed certificate in certificate chain > More details here: https://curl.se/docs/sslcerts.html > > curl failed to verify the legitimacy of the server and therefore could not > establish a secure connection to it. To learn more about this situation and > how to fix it, please visit the webpage mentioned above. > > > yet wen I check against KAli, the server > says the certificate is correct. > > What could have gone wrong? > I do not have this problem. ftp/curl built fom latest packages, version 8.12.1. % curl -v -v -v -v -v -v -v -v -v -v -v -v https://gateway.moneris.com/chktv2/request/request.php * Host gateway.moneris.com:443 was resolved. * IPv6: (none) * IPv4: 23.249.192.196 *   Trying 23.249.192.196:443... * ALPN: curl offers h2,http/1.1 * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256 / prime256v1 / rsaEncryption * ALPN: server did not agree on a protocol. Uses default. * Server certificate: *  subject: C=CA; ST=Ontario; L=Etobicoke; O=Moneris Solutions Corporation; CN=gateway.moneris.com *  start date: Sep 20 14:46:33 2024 GMT *  expire date: Oct 19 14:46:32 2025 GMT *  subjectAltName: host "gateway.moneris.com" matched cert's "gateway.moneris.com" *  issuer: C=US; O=Entrust, Inc.; OU=See www.entrust.net/legal-terms; OU=(c) 2012 Entrust, Inc. - for authorized use only; CN=Entrust Certification Authority - L1K *  SSL certificate verify ok. *   Certificate level 0: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption *   Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption *   Certificate level 2: Public key type RSA (2048/112 Bits/secBits), signed using sha1WithRSAEncryption * Connected to gateway.moneris.com (23.249.192.196) port 443 * using HTTP/1.x > GET /chktv2/request/request.php HTTP/1.1 > Host: gateway.moneris.com > User-Agent: curl/8.12.1 > Accept: */* > * Request completely sent off < HTTP/1.1 200 OK < Date: Thu, 27 Feb 2025 05:05:51 GMT < Set-Cookie: GWID=5r08cio9drsdgp3ht14vh5gm07; path=/; secure; HttpOnly < Expires: Thu, 19 Nov 1981 08:52:00 GMT < Cache-Control: no-store, no-cache, must-revalidate < Pragma: no-cache < Content-Length: 120 < Content-Type: application/json < Set-Cookie: TS019fcda0=015a7b8a0ba69d7487449af4e6244b5af029cd371252f3c29241d62c4f336e79130a22ac475f4f7fcfd170687cac1a3d9f3c133aa286fa274318844792223c93e9b50193bc; Path=/; Domain=.gateway.moneris.com; Secure; < Exception: Invalid JSON input From nobody Thu Feb 27 17:06:47 2025 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Z3d996r6fz59JB4 for ; Thu, 27 Feb 2025 17:09:01 +0000 (UTC) (envelope-from doctor@doctor.nl2k.ab.ca) Received: from doctor.nl2k.ab.ca (doctor.nl2k.ab.ca [204.209.81.1]) by mx1.freebsd.org (Postfix) with SMTP id 4Z3d993zfkz46bZ for ; Thu, 27 Feb 2025 17:09:01 +0000 (UTC) (envelope-from doctor@doctor.nl2k.ab.ca) Authentication-Results: mx1.freebsd.org; none Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.1 (FreeBSD)) (envelope-from ) id 1tnhLT-00000000Ivl-3GQ2; Thu, 27 Feb 2025 10:06:47 -0700 Date: Thu, 27 Feb 2025 10:06:47 -0700 From: The Doctor To: Oleksandr Kryvulia Cc: freebsd-security@freebsd.org Subject: Re: False positive Message-ID: References: List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:6171, ipnet:204.209.81.0/24, country:CA] X-Rspamd-Queue-Id: 4Z3d993zfkz46bZ X-Spamd-Bar: ---- On Thu, Feb 27, 2025 at 07:14:14AM +0200, Oleksandr Kryvulia wrote: > 26.02.25 22:51, The Doctor: > > This main server is seeing > > > > curl -v -v -v -v -v -v -v -v -v -v -v -v https://gateway.moneris.com/chktv2/request/request.php > > * !!! WARNING !!! > > * This is a debug build of libcurl, do not use in production. > > * STATE: INIT => SETUP handle 0x15e5070d7808; line 2393 > > * STATE: SETUP => CONNECT handle 0x15e5070d7808; line 2409 > > * Added connection 0. The cache now contains 1 members > > * STATE: CONNECT => RESOLVING handle 0x15e5070d7808; line 2308 > > * Curl_multi_closed, fd=4 multi is 0x15e507095008 > > * Curl_multi_closed, fd=4 entry is 0x15e507010508 > > * Host gateway.moneris.com:443 was resolved. > > * IPv6: (none) > > * IPv4: 23.249.192.196 > > * STATE: RESOLVING => CONNECTING handle 0x15e5070d7808; line 2266 > > * Trying 23.249.192.196:443... > > * ALPN: curl offers h2,http/1.1 > > * TLSv1.3 (OUT), TLS handshake, Client hello (1): > > * TLSv1.3 (IN), TLS handshake, Server hello (2): > > * TLSv1.2 (IN), TLS handshake, Certificate (11): > > * TLSv1.2 (OUT), TLS alert, unknown CA (560): > > * SSL certificate problem: self-signed certificate in certificate chain > > * multi_done[CONNECTING]: status: 60 prem: 1 done: 0 > > * multi_done, not reusing connection=0, forbid=0, close=0, premature=1, conn_multiplex=0 > > * Curl_disconnect(conn #0, aborted=1) > > * closing connection #0 > > * [CCACHE] closing #0 > > * Curl_multi_closed, fd=4 multi is 0x15e507095008 > > * Curl_multi_closed, fd=4 entry is (nil) > > * [CCACHE] trigger multi connchanged > > curl: (60) SSL certificate problem: self-signed certificate in certificate chain > > More details here: https://curl.se/docs/sslcerts.html > > > > curl failed to verify the legitimacy of the server and therefore could not > > establish a secure connection to it. To learn more about this situation and > > how to fix it, please visit the webpage mentioned above. > > > > > > yet wen I check against KAli, the server > > says the certificate is correct. > > > > What could have gone wrong? > > > I do not have this problem. ftp/curl built fom latest packages, version > 8.12.1. > > % curl -v -v -v -v -v -v -v -v -v -v -v -v > https://gateway.moneris.com/chktv2/request/request.php > * Host gateway.moneris.com:443 was resolved. > * IPv6: (none) > * IPv4: 23.249.192.196 > *???? Trying 23.249.192.196:443... > * ALPN: curl offers h2,http/1.1 > * TLSv1.3 (OUT), TLS handshake, Client hello (1): > * TLSv1.3 (IN), TLS handshake, Server hello (2): > * TLSv1.2 (IN), TLS handshake, Certificate (11): > * TLSv1.2 (IN), TLS handshake, Server key exchange (12): > * TLSv1.2 (IN), TLS handshake, Server finished (14): > * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): > * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1): > * TLSv1.2 (OUT), TLS handshake, Finished (20): > * TLSv1.2 (IN), TLS handshake, Finished (20): > * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256 / prime256v1 / > rsaEncryption > * ALPN: server did not agree on a protocol. Uses default. > * Server certificate: > *?? subject: C=CA; ST=Ontario; L=Etobicoke; O=Moneris Solutions Corporation; > CN=gateway.moneris.com > *?? start date: Sep 20 14:46:33 2024 GMT > *?? expire date: Oct 19 14:46:32 2025 GMT > *?? subjectAltName: host "gateway.moneris.com" matched cert's > "gateway.moneris.com" > *?? issuer: C=US; O=Entrust, Inc.; OU=See www.entrust.net/legal-terms; > OU=(c) 2012 Entrust, Inc. - for authorized use only; CN=Entrust > Certification Authority - L1K > *?? SSL certificate verify ok. > *???? Certificate level 0: Public key type RSA (2048/112 Bits/secBits), > signed using sha256WithRSAEncryption > *???? Certificate level 1: Public key type RSA (2048/112 Bits/secBits), > signed using sha256WithRSAEncryption > *???? Certificate level 2: Public key type RSA (2048/112 Bits/secBits), > signed using sha1WithRSAEncryption > * Connected to gateway.moneris.com (23.249.192.196) port 443 > * using HTTP/1.x > > GET /chktv2/request/request.php HTTP/1.1 > > Host: gateway.moneris.com > > User-Agent: curl/8.12.1 > > Accept: */* > > > * Request completely sent off > < HTTP/1.1 200 OK > < Date: Thu, 27 Feb 2025 05:05:51 GMT > < Set-Cookie: GWID=5r08cio9drsdgp3ht14vh5gm07; path=/; secure; HttpOnly > < Expires: Thu, 19 Nov 1981 08:52:00 GMT > < Cache-Control: no-store, no-cache, must-revalidate > < Pragma: no-cache > < Content-Length: 120 > < Content-Type: application/json > < Set-Cookie: TS019fcda0=015a7b8a0ba69d7487449af4e6244b5af029cd371252f3c29241d62c4f336e79130a22ac475f4f7fcfd170687cac1a3d9f3c133aa286fa274318844792223c93e9b50193bc; > Path=/; Domain=.gateway.moneris.com; Secure; > < > Exception: Invalid JSON input > > Next question, either chatgpt or gemmini suggested rehash. How do I do a rehash if that is the problem? -- Member - Liberal International This is doctor@nk.ca Ici doctor@nk.ca Yahweh, King & country!Never Satan President Republic!Beware AntiChrist rising! Look at Psalms 14 and 53 on Atheism ; Ontario vote for the Liberals - The best Anti-Trump option! From nobody Fri Feb 28 07:06:39 2025 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Z3zlt1Vnhz5Vhxk for ; Fri, 28 Feb 2025 07:06:50 +0000 (UTC) (envelope-from shuriku@shurik.kiev.ua) Received: from mail.flex-it.com.ua (mail.flex-it.com.ua [193.239.74.7]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4Z3zls1kxtz414Z for ; Fri, 28 Feb 2025 07:06:49 +0000 (UTC) (envelope-from shuriku@shurik.kiev.ua) Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of shuriku@shurik.kiev.ua designates 193.239.74.7 as permitted sender) smtp.mailfrom=shuriku@shurik.kiev.ua Received: from 93.183.208.50.ipv4.datagroup.ua ([93.183.208.50] helo=[192.168.200.135]) by mail.flex-it.com.ua with esmtpsa (TLS1.3) tls TLS_AES_128_GCM_SHA256 (Exim 4.98.1 (FreeBSD)) (envelope-from ) id 1tnuSF-000000009a5-32Ky for freebsd-security@freebsd.org; Fri, 28 Feb 2025 09:06:39 +0200 Content-Type: multipart/alternative; boundary="------------0w2a0dml5txGOrm70vs9OL5R" Message-ID: <3c90f42a-6ef7-4f9e-b695-d4d23879881f@shurik.kiev.ua> Date: Fri, 28 Feb 2025 09:06:39 +0200 List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: False positive To: freebsd-security@freebsd.org References: Content-Language: uk-UA From: Oleksandr Kryvulia In-Reply-To: X-ACL-Warn: SPF failed. 93.183.208.50 is not allowed to send mail from shurik.kiev.ua. X-Spamd-Result: default: False [2.09 / 15.00]; URI_COUNT_ODD(1.00)[13]; NEURAL_SPAM_MEDIUM(0.98)[0.978]; NEURAL_SPAM_LONG(0.96)[0.959]; NEURAL_HAM_SHORT(-0.54)[-0.545]; R_SPF_ALLOW(-0.20)[+mx]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; RCVD_VIA_SMTP_AUTH(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCPT_COUNT_ONE(0.00)[1]; RCVD_COUNT_ONE(0.00)[1]; ASN(0.00)[asn:35297, ipnet:193.239.72.0/22, country:UA]; MID_RHS_MATCH_FROM(0.00)[]; R_DKIM_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; ARC_NA(0.00)[]; TO_DN_NONE(0.00)[]; DMARC_NA(0.00)[shurik.kiev.ua]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MLMMJ_DEST(0.00)[freebsd-security@freebsd.org]; RCVD_TLS_ALL(0.00)[] X-Rspamd-Queue-Id: 4Z3zls1kxtz414Z X-Spamd-Bar: ++ This is a multi-part message in MIME format. --------------0w2a0dml5txGOrm70vs9OL5R Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit 27.02.25 19:06, The Doctor: > On Thu, Feb 27, 2025 at 07:14:14AM +0200, Oleksandr Kryvulia wrote: >> 26.02.25 22:51, The Doctor: >>> This main server is seeing >>> >>> curl -v -v -v -v -v -v -v -v -v -v -v -vhttps://gateway.moneris.com/chktv2/request/request.php >>> * !!! WARNING !!! >>> * This is a debug build of libcurl, do not use in production. >>> * STATE: INIT => SETUP handle 0x15e5070d7808; line 2393 >>> * STATE: SETUP => CONNECT handle 0x15e5070d7808; line 2409 >>> * Added connection 0. The cache now contains 1 members >>> * STATE: CONNECT => RESOLVING handle 0x15e5070d7808; line 2308 >>> * Curl_multi_closed, fd=4 multi is 0x15e507095008 >>> * Curl_multi_closed, fd=4 entry is 0x15e507010508 >>> * Host gateway.moneris.com:443 was resolved. >>> * IPv6: (none) >>> * IPv4: 23.249.192.196 >>> * STATE: RESOLVING => CONNECTING handle 0x15e5070d7808; line 2266 >>> * Trying 23.249.192.196:443... >>> * ALPN: curl offers h2,http/1.1 >>> * TLSv1.3 (OUT), TLS handshake, Client hello (1): >>> * TLSv1.3 (IN), TLS handshake, Server hello (2): >>> * TLSv1.2 (IN), TLS handshake, Certificate (11): >>> * TLSv1.2 (OUT), TLS alert, unknown CA (560): >>> * SSL certificate problem: self-signed certificate in certificate chain >>> * multi_done[CONNECTING]: status: 60 prem: 1 done: 0 >>> * multi_done, not reusing connection=0, forbid=0, close=0, premature=1, conn_multiplex=0 >>> * Curl_disconnect(conn #0, aborted=1) >>> * closing connection #0 >>> * [CCACHE] closing #0 >>> * Curl_multi_closed, fd=4 multi is 0x15e507095008 >>> * Curl_multi_closed, fd=4 entry is (nil) >>> * [CCACHE] trigger multi connchanged >>> curl: (60) SSL certificate problem: self-signed certificate in certificate chain >>> More details here:https://curl.se/docs/sslcerts.html >>> >>> curl failed to verify the legitimacy of the server and therefore could not >>> establish a secure connection to it. To learn more about this situation and >>> how to fix it, please visit the webpage mentioned above. >>> >>> >>> yet wen I check against KAli, the server >>> says the certificate is correct. >>> >>> What could have gone wrong? >>> >> I do not have this problem. ftp/curl built fom latest packages, version >> 8.12.1. >> >> % curl -v -v -v -v -v -v -v -v -v -v -v -v >> https://gateway.moneris.com/chktv2/request/request.php >> * Host gateway.moneris.com:443 was resolved. >> * IPv6: (none) >> * IPv4: 23.249.192.196 >> *???? Trying 23.249.192.196:443... >> * ALPN: curl offers h2,http/1.1 >> * TLSv1.3 (OUT), TLS handshake, Client hello (1): >> * TLSv1.3 (IN), TLS handshake, Server hello (2): >> * TLSv1.2 (IN), TLS handshake, Certificate (11): >> * TLSv1.2 (IN), TLS handshake, Server key exchange (12): >> * TLSv1.2 (IN), TLS handshake, Server finished (14): >> * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): >> * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1): >> * TLSv1.2 (OUT), TLS handshake, Finished (20): >> * TLSv1.2 (IN), TLS handshake, Finished (20): >> * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256 / prime256v1 / >> rsaEncryption >> * ALPN: server did not agree on a protocol. Uses default. >> * Server certificate: >> *?? subject: C=CA; ST=Ontario; L=Etobicoke; O=Moneris Solutions Corporation; >> CN=gateway.moneris.com >> *?? start date: Sep 20 14:46:33 2024 GMT >> *?? expire date: Oct 19 14:46:32 2025 GMT >> *?? subjectAltName: host "gateway.moneris.com" matched cert's >> "gateway.moneris.com" >> *?? issuer: C=US; O=Entrust, Inc.; OU=Seewww.entrust.net/legal-terms; >> OU=(c) 2012 Entrust, Inc. - for authorized use only; CN=Entrust >> Certification Authority - L1K >> *?? SSL certificate verify ok. >> *???? Certificate level 0: Public key type RSA (2048/112 Bits/secBits), >> signed using sha256WithRSAEncryption >> *???? Certificate level 1: Public key type RSA (2048/112 Bits/secBits), >> signed using sha256WithRSAEncryption >> *???? Certificate level 2: Public key type RSA (2048/112 Bits/secBits), >> signed using sha1WithRSAEncryption >> * Connected to gateway.moneris.com (23.249.192.196) port 443 >> * using HTTP/1.x >>> GET /chktv2/request/request.php HTTP/1.1 >>> Host: gateway.moneris.com >>> User-Agent: curl/8.12.1 >>> Accept: */* >>> >> * Request completely sent off >> < HTTP/1.1 200 OK >> < Date: Thu, 27 Feb 2025 05:05:51 GMT >> < Set-Cookie: GWID=5r08cio9drsdgp3ht14vh5gm07; path=/; secure; HttpOnly >> < Expires: Thu, 19 Nov 1981 08:52:00 GMT >> < Cache-Control: no-store, no-cache, must-revalidate >> < Pragma: no-cache >> < Content-Length: 120 >> < Content-Type: application/json >> < Set-Cookie: TS019fcda0=015a7b8a0ba69d7487449af4e6244b5af029cd371252f3c29241d62c4f336e79130a22ac475f4f7fcfd170687cac1a3d9f3c133aa286fa274318844792223c93e9b50193bc; >> Path=/; Domain=.gateway.moneris.com; Secure; >> < >> Exception: Invalid JSON input >> >> > Next question, either chatgpt or gemmini suggested rehash. > > How do I do a rehash if that is the problem? Do you have security/ca_root_nss installed? Or use curl -k to trust this certificate. --------------0w2a0dml5txGOrm70vs9OL5R Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit
27.02.25 19:06, The Doctor:
On Thu, Feb 27, 2025 at 07:14:14AM +0200, Oleksandr Kryvulia wrote:

26.02.25 22:51, The Doctor:

This main server is seeing

curl -v -v -v -v -v -v -v -v -v -v -v -v  https://gateway.moneris.com/chktv2/request/request.php
* !!! WARNING !!!
* This is a debug build of libcurl, do not use in production.
* STATE: INIT => SETUP handle 0x15e5070d7808; line 2393
* STATE: SETUP => CONNECT handle 0x15e5070d7808; line 2409
* Added connection 0. The cache now contains 1 members
* STATE: CONNECT => RESOLVING handle 0x15e5070d7808; line 2308
* Curl_multi_closed, fd=4 multi is 0x15e507095008
* Curl_multi_closed, fd=4 entry is 0x15e507010508
* Host gateway.moneris.com:443 was resolved.
* IPv6: (none)
* IPv4: 23.249.192.196
* STATE: RESOLVING => CONNECTING handle 0x15e5070d7808; line 2266
*   Trying 23.249.192.196:443...
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: self-signed certificate in certificate chain
* multi_done[CONNECTING]: status: 60 prem: 1 done: 0
* multi_done, not reusing connection=0, forbid=0, close=0, premature=1, conn_multiplex=0
* Curl_disconnect(conn #0, aborted=1)
* closing connection #0
* [CCACHE] closing #0
* Curl_multi_closed, fd=4 multi is 0x15e507095008
* Curl_multi_closed, fd=4 entry is (nil)
* [CCACHE] trigger multi connchanged
curl: (60) SSL certificate problem: self-signed certificate in certificate chain
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the webpage mentioned above.


yet wen I check against KAli, the server
says the certificate is correct.

What could have gone wrong?


I do not have this problem. ftp/curl built fom latest packages, version
8.12.1.

% curl -v -v -v -v -v -v -v -v -v -v -v -v
https://gateway.moneris.com/chktv2/request/request.php
* Host gateway.moneris.com:443 was resolved.
* IPv6: (none)
* IPv4: 23.249.192.196
*???? Trying 23.249.192.196:443...
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256 / prime256v1 /
rsaEncryption
* ALPN: server did not agree on a protocol. Uses default.
* Server certificate:
*?? subject: C=CA; ST=Ontario; L=Etobicoke; O=Moneris Solutions Corporation;
CN=gateway.moneris.com
*?? start date: Sep 20 14:46:33 2024 GMT
*?? expire date: Oct 19 14:46:32 2025 GMT
*?? subjectAltName: host "gateway.moneris.com" matched cert's
"gateway.moneris.com"
*?? issuer: C=US; O=Entrust, Inc.; OU=See www.entrust.net/legal-terms;
OU=(c) 2012 Entrust, Inc. - for authorized use only; CN=Entrust
Certification Authority - L1K
*?? SSL certificate verify ok.
*???? Certificate level 0: Public key type RSA (2048/112 Bits/secBits),
signed using sha256WithRSAEncryption
*???? Certificate level 1: Public key type RSA (2048/112 Bits/secBits),
signed using sha256WithRSAEncryption
*???? Certificate level 2: Public key type RSA (2048/112 Bits/secBits),
signed using sha1WithRSAEncryption
* Connected to gateway.moneris.com (23.249.192.196) port 443
* using HTTP/1.x

GET /chktv2/request/request.php HTTP/1.1
Host: gateway.moneris.com
User-Agent: curl/8.12.1
Accept: */*


* Request completely sent off
< HTTP/1.1 200 OK
< Date: Thu, 27 Feb 2025 05:05:51 GMT
< Set-Cookie: GWID=5r08cio9drsdgp3ht14vh5gm07; path=/; secure; HttpOnly
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate
< Pragma: no-cache
< Content-Length: 120
< Content-Type: application/json
< Set-Cookie: TS019fcda0=015a7b8a0ba69d7487449af4e6244b5af029cd371252f3c29241d62c4f336e79130a22ac475f4f7fcfd170687cac1a3d9f3c133aa286fa274318844792223c93e9b50193bc;
Path=/; Domain=.gateway.moneris.com; Secure;
<
Exception: Invalid JSON input



Next question, either chatgpt or gemmini suggested rehash.

How do I do a rehash if that is the problem?

Do you have security/ca_root_nss installed? Or use curl -k to trust this certificate.
 --------------0w2a0dml5txGOrm70vs9OL5R-- From nobody Fri Feb 28 18:01:05 2025 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Z4GGs0c8Qz5nqMF for ; Fri, 28 Feb 2025 18:01:09 +0000 (UTC) (envelope-from d.s.pearce@outlook.com) Received: from CWXP265CU008.outbound.protection.outlook.com (mail-ukwestazolkn19010001.outbound.protection.outlook.com [52.103.38.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (secp384r1) server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mail.protection.outlook.com", Issuer "DigiCert Cloud Services CA-1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Z4GGr2Dffz3P10 for ; Fri, 28 Feb 2025 18:01:08 +0000 (UTC) (envelope-from d.s.pearce@outlook.com) Authentication-Results: mx1.freebsd.org; none ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=b3AiBakFoqQInwqxvFYITjeCQNUFL/PWneE9Lm2GoeWEoYYVIC3mGgzCOwbFGXVFNL1TNIOaZnu3rC5qleF53cRFpZHmqT2nieLVaeBrVKXFMjrzFazP2fy2mG/CYSPj5RMVxfdni328LpjK6ZwtW/tHzgAAS7rIxVk0FTxUCOt+LUU72OFjoEyExN9rpXUkbYLa14IbqtPS1RU7gDqPRmLXBQMyJx61HRX7I4Dy5y9wP1LsbIMf/5bI3cF6/t0fd5HfCZ5wL629vY0iTw0tISU09+7ngZBRaMXjN/B75C7jnBnYlUKgZ8iwE65kD6lgO8OYRLwNeF2C76/7Mz4nrA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ggD5x/nDcNSfWh8ZQa1iAfW4lI/a7Xok/jBxUqZBNNY=; b=CD/4BDucPhGA1VMeIKJeWlj4oxd7EAQ10pa85Vw0Tzsxz0Hy68VpJqscbF2mUBzUc8U6W55yVDucwzlKt3yqhqPSAGKB0LPXf4J4u6qhhzjrt0mI/J6RvkaVdjX0cITT4Uylxc57XgaQNuGEYMuucQAktF8JNPI29Mh3yqbBDXKg/VoBm7MiYBzjRxZYnCIDQJpx1iIPcfX5SxUqtPUJNhOWfsbq9ovEFAHR6WktysjVV+7V8yhn+JKrQA8+mQ9ON0BQ+Voxgw5IRFg3LWnYDaQw9YUexImKqghD54JIwrQIQsZWSLRxsygsts5Oe3tKPT7ei947pSFgCVWX22N+ig== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ggD5x/nDcNSfWh8ZQa1iAfW4lI/a7Xok/jBxUqZBNNY=; b=URFuYbfcYLPOyUizOVvTEieghK05zoS3OwvPaNqGYgNOZk+38kwQMbNYbR+ZP7MkIlplaBiX3ZfPaNOUo3RCsPczyiM/FKMH443x2utytyD9JTpJDmQhwnjDkkSU1z/NZ6en59H9uZg0hCtm2Lbfb3Kdk5Fe7yZO2eFK4QjwXWYdHSncYKuXAGsgGq++f7LIBVRiOjyx99PLnzz0nNIKRmYJF5hfGl39h45yEZlCl0+8psRn0bfGv8VbJl9xOu08tU4C7pqE00t7vgD9kle7x1iEK1U0JI9io4jmnnBIeoIKs0YsZFqEHo3fZi6rrUmz10lAk/7x6gJSBOv0xiifeg== Received: from LO9P265MB7859.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:3b6::7) by CWLP265MB2291.GBRP265.PROD.OUTLOOK.COM (2603:10a6:400:69::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8489.20; Fri, 28 Feb 2025 18:01:05 +0000 Received: from LO9P265MB7859.GBRP265.PROD.OUTLOOK.COM ([fe80::e30f:af4b:67a1:cc08]) by LO9P265MB7859.GBRP265.PROD.OUTLOOK.COM ([fe80::e30f:af4b:67a1:cc08%5]) with mapi id 15.20.8511.008; Fri, 28 Feb 2025 18:01:05 +0000 From: David Pearce To: The Doctor , Oleksandr Kryvulia CC: "freebsd-security@FreeBSD.org" Subject: Re: False positive Thread-Topic: False positive Thread-Index: AQHbigh4QAXd/qL6skiZfy1Gj97yVrNdAJDr Date: Fri, 28 Feb 2025 18:01:05 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-GB, en-US Content-Language: en-GB X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: LO9P265MB7859:EE_|CWLP265MB2291:EE_ x-ms-office365-filtering-correlation-id: afe628c4-2ddf-4927-224d-08dd5821ded2 x-microsoft-antispam: BCL:0;ARA:14566002|15030799003|19110799003|9112599006|8060799006|461199028|13031999003|8062599003|8040799003|30101999003|10035399004|440099028|3412199025|102099032|3430499032|3420499032; x-microsoft-antispam-message-info: =?Windows-1252?Q?KuI/2cSMVsluuv5ZbMOUvXNIiHQ/cVLn/Y40YxF+KTmRJZBXbTcyzrV3?= =?Windows-1252?Q?g9Vv2W/7BfObQX/HsXQOM4RmDMrPlIfxanNt4c29BnTOdGYe7Vo1Zv67?= =?Windows-1252?Q?5zmp8/jR7KD1e4V/Vln7CVrvooIIbpagkIu1paN+2kEEaiuTdD2xEv+P?= =?Windows-1252?Q?aryJzq6+59r+N8Dh3OoP7hl+1FcrnseUm19dUrueYRt9hF1Ng3JKHc0v?= =?Windows-1252?Q?OW90l7aHJrNo7nOgWsMFkF5F2PeWRxrfTH88/pCsToKwg809zKzrK7y1?= =?Windows-1252?Q?LecneUK0+L8GMSsJtBEIChyIiB4pi9/lYvEoR3OM48awxeV74rgyI2xZ?= =?Windows-1252?Q?7eGKc11isaFi4L4WXPi04gkulsI/Ngv+iZhaXCh9tQfWJCtlTmyELAdS?= =?Windows-1252?Q?iAur/JDIPfTHPQYSOOFiIiUlMo9OLEJHMPJQ0e470vfrYCZxX7HJ/+9Q?= =?Windows-1252?Q?eqFUCD0cJmOyAmZhMcORURkTYaKsnpTtQxcWWG298eyknPnh9rk2G4w2?= =?Windows-1252?Q?1421pTT2CaL6Y9bKBQ13oh8gogYH1oXy6y7NJTrDiwcphawBuv7AEBnx?= =?Windows-1252?Q?hLRlOdMdN0vow9jtvZZznmnyL4Sju8KojvmJYh2VNd07kKGWH1egdrvr?= =?Windows-1252?Q?EEYvZbpMAad9yXAJhRyBv/levpRgs004deqegCi+2Jkc+YEaDPPvcbqb?= =?Windows-1252?Q?kYc+1Gz0Gu3JyQKJOQXQQ9defJHFDQ4Awa8kPqpkABlEXxXkkj1jgeqI?= =?Windows-1252?Q?Apbbgu6kk9nsCeIc/ltbOrrVjNNu+Gw6xxJtI3kSMap9p7ZNZfgCpcUO?= =?Windows-1252?Q?TtgCQ41sFhyeby/CKN5KdUcadFCWQVqy/uwbVX8+c24j3psuYrwwcfpi?= =?Windows-1252?Q?8q53SmuVzJwcJOubOGInoUGyctD+R60j9Yv+b5Ak1mGa3UNesprIt9rw?= =?Windows-1252?Q?I0f15HEvRgmzfAx3hjE2TPoZ3ybv6/tQPBXzgwUr5Z6jIfnJwJTspIAS?= =?Windows-1252?Q?ClodjAnBk+4agCwUZ9PZQxfppFMzrZp1DXUXEwyU0LBFUC7HOCdUbbAs?= =?Windows-1252?Q?7bP1p+0FIe7sCF6Bp1KJwRyWrKWuWJ44ETOuJFqvlWf6fxG+pm5PISBO?= =?Windows-1252?Q?T8cH+H/g4kukJIXK0f0BJGl0Jxb//cF9g66+o0KQzc7X5747Vr/TbEYu?= =?Windows-1252?Q?ztSh7cabnWp+oWravfqjjGZn++yLv/uhdWkd0qio+3t9i72wk7Au3yf5?= =?Windows-1252?Q?0dX4RKilcKYCIAAvvFt4RAECyHjzj/e1VQyKiwHuBw5wmfByBojJ38XY?= =?Windows-1252?Q?irTrr6bE3G4ySh+yuzW1XuilDF4=3D?= x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?Windows-1252?Q?LvMzfHl8aEx2Zq24v5UYvnmPyLix1ZfW48TsA4ElxseYO1Lctq5ZQYwv?= =?Windows-1252?Q?Bjn4kKtKRseCcsT3b8v8APrr32FMq0JY7URrkbRkYggzDDvzNmh1KlMg?= =?Windows-1252?Q?CwKCbbKvmOk1KVNIMmc50nfUK9pz0PHgl2SYVWLVbmhAojW6ZIVw2gmp?= =?Windows-1252?Q?2h1WL9ACgD53a2DCLRHl6Bh1UdvAr1fb06XitgqUYoNELK/HMZJY7PaJ?= =?Windows-1252?Q?RIAcdwwPv4mWbeYiNG8mqQ9PuC1Q/65OffYcY3SP0fAojKzGBnmuY0/b?= =?Windows-1252?Q?/7Q0ykOQZ/m9u5FD+KyWIYfWWP1/6Pg9TE2oiTU8SvtVD5/yrR/ptuWB?= =?Windows-1252?Q?FzJRJCXAebFPkBHscxFilzAIiXsti1o1qpzjrJiUBfVcZUQUqMQLevKU?= =?Windows-1252?Q?ViaF8gaJYJR86OJAN1CN5vu2pACfGkoduHBhWlVD+0dX+6MOJyB+IoFi?= =?Windows-1252?Q?J/9MSdskQIV2ggrg+hpjFJ8f30aVdL6kf4imM2E3R9TnRXjuJoauJIYV?= =?Windows-1252?Q?GtHaNAWgraRzAo8i8ZYhHMZ2LOnzSaNwYrsJukcnRxG0aR8KQZWKxyA6?= =?Windows-1252?Q?7lSKKP61WSzPpcqTjnKvEkIkrnY6FhOqeHS5YAUhdDi3q8eZll9xCg88?= =?Windows-1252?Q?lMRrtVYZaUNaqVRuLp/72KUmCIRW6qIfDWMwzIH+C9244Ec2Dxmww9m1?= =?Windows-1252?Q?JzSLNgo9LBKljsKy7tVuyle5/gIAmVaMo1Xpcu5JDc5XGk6Iyqx7OnVe?= =?Windows-1252?Q?lATN+EN4fiY1Rv/T3aGX49XA99RnzPTjLIlNZWveDk6UPBIgG3gYmG2U?= =?Windows-1252?Q?tY7ZFKvge83NheyYB4r+u4kXak3OQiwvhMwyfyvjVo7RnASt0yXwlgDC?= =?Windows-1252?Q?BWnL0DjUfy9ptB13s72pQyEEW1uLyt9tEWGHuRscvS1CeyJbUjUaw5Zh?= =?Windows-1252?Q?lLJHsvt3HDHhflLGz/sZJOv/O4eQMxympxbMQUpPO8T3/Tn9AOz/UCZj?= =?Windows-1252?Q?tE3pmOO106BP2hfxgisT0dj/KjuZr4M4qp85vkh1PEpbyrnXm80tlL4d?= =?Windows-1252?Q?dtVtHURQyLttx8manaqNtA3msKQ5/brxL6U7/bBDmV1+kDSrCXMv/nPo?= =?Windows-1252?Q?mRXhKL/OBScV6DZtTcN36l9ik/yaAnelb/PqiYSUHqs6M1rd9IMVTSe1?= =?Windows-1252?Q?Qrg8lSfyp05adK3Iyui8/BvTuWLcQ0swHnT8DGZu4llnFdPZ/uNvJTzi?= =?Windows-1252?Q?Yd0yo/O2O4uMP9P+ioVcx564Sl5xr5BAhpAJd3O7jmet3Xl8FIcnh6rC?= =?Windows-1252?Q?iP/FuD9wTEAPhCfaUyjq1EEJz70=3D?= Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org MIME-Version: 1.0 X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: LO9P265MB7859.GBRP265.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-CrossTenant-Network-Message-Id: afe628c4-2ddf-4927-224d-08dd5821ded2 X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Feb 2025 18:01:05.1812 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: CWLP265MB2291 X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:8075, ipnet:52.96.0.0/12, country:US] X-Rspamd-Queue-Id: 4Z4GGr2Dffz3P10 X-Spamd-Bar: ---- =0A= Quoting The Doctor =0A= =0A= > Yahweh, King & country!Never Satan President Republic!Beware AntiChrist r= ising!=0A= > Look at Psalms 14 and 53 on Atheism ;=0A= =0A= So, I did. From https://www.gotquestions.org/fool-heart-no-God.html :=0A= =0A= "Both Psalm 14:1 and Psalm 53:1 read, =93The fool says in his heart, =91The= re is no God.=92=94 Some take these verses to mean that atheists are stupid= , i.e., lacking intelligence. However, that is not the only meaning of the = Hebrew word translated =93fool.=94 In this text, the Hebrew word is nabal, = which often refers to an impious person who has no perception of ethical or= religious truth. The meaning of the text is not =93unintelligent people do= not believe in God.=94 Rather, the meaning of the text is =93sinful people= do not believe in God.=94 In other words, it is a wicked thing to deny God= , and a denial of God is often accompanied by a wicked lifestyle. The verse= goes on to list some other characteristics of the irreligious: =93They are= corrupt; their deeds are vile; / there is no one who does good.=94 Psalm 1= 4 is a study on the universal depravity of mankind."=0A= =0A= As an ethical and moral atheist, and in no ways wicked, how is this appropr= iate on this mailing list?=0A= =0A= I'm sure if I called it "fairy-tale claptrap, and doing 'good' because of b= eing scared of gods wrath isn't morality, it's servitude" I'd be censured.= =0A= =0A= Stop it.=0A= =0A= Dave.=