From owner-freebsd-stable@freebsd.org Sun Oct 16 23:49:21 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F2FBEC14BCA for ; Sun, 16 Oct 2016 23:49:21 +0000 (UTC) (envelope-from 3ARIEWAgTBvopq-tgrn0ceeqwpvu.iqqing.eqouvcdnghtggduf.qti@gaia.bounces.google.com) Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id D16261647 for ; Sun, 16 Oct 2016 23:49:21 +0000 (UTC) (envelope-from 3ARIEWAgTBvopq-tgrn0ceeqwpvu.iqqing.eqouvcdnghtggduf.qti@gaia.bounces.google.com) Received: by mailman.ysv.freebsd.org (Postfix) id CD9EBC14BC9; Sun, 16 Oct 2016 23:49:21 +0000 (UTC) Delivered-To: stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CD410C14BC8 for ; Sun, 16 Oct 2016 23:49:21 +0000 (UTC) (envelope-from 3ARIEWAgTBvopq-tgrn0ceeqwpvu.iqqing.eqouvcdnghtggduf.qti@gaia.bounces.google.com) Received: from mail-it0-x245.google.com (mail-it0-x245.google.com [IPv6:2607:f8b0:4001:c0b::245]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A13B41646 for ; Sun, 16 Oct 2016 23:49:21 +0000 (UTC) (envelope-from 3ARIEWAgTBvopq-tgrn0ceeqwpvu.iqqing.eqouvcdnghtggduf.qti@gaia.bounces.google.com) Received: by mail-it0-x245.google.com with SMTP id 4so61465136itv.4 for ; Sun, 16 Oct 2016 16:49:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=accounts.google.com; s=20120806; h=mime-version:date:feedback-id:message-id:subject:from:to; bh=RSoGDVH4EdTpzg6Cbuq6ucJjvhQPxnS8qyXhSVBGgqs=; b=P1PN+sYQPxIxEhUHinoYIusy1tfHGasJR0UvhQV/EATXGJ6xaZ1viyKfsp1PRb1BzB SbX30zWsvSkcR1gV79QvR8j0qxe1qfWxBb93WBf2aUHEQqDkLeJlbsZGQ8mTam2imNCS CTzSZFJbCsSAUkS0MfQU4SWAg8AlWUdzrIaaruVSSAmwR/UF1rcyEiF/POzjiGSx1Nki l9ecsz7fv1/4qtm0xye0NO6JzKOLevONs6YlDdA8ohMT3xdduXgTDyg/LOuVrIx4JxyY 0uTOw1DLcV4a+KvhFkclq0dr1kBVej2yGaXyp8VZ+hza3c//4fclswJzZDJ9WtObJVz/ 7KxQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:feedback-id:message-id:subject :from:to; bh=RSoGDVH4EdTpzg6Cbuq6ucJjvhQPxnS8qyXhSVBGgqs=; b=RY/n3mJBgll0C5FGI9jVqUUPvaOoUQ3Ton6izYxA9ZIYZWQWDOOjG1KDTAX6gvQSpd Jdbqt8xfrC8vOkRfeBUp/0aN/p6lbTrTh58F72YoXv3l8+Jg+ACOfPWu5dunOQ6qvffy cK6n0l+3r445a+/ZF+AZ/qvv97lowcKJYgAX8Iaj6MUARJlAke1djFB9ULpEUTS0URby ptvAr9n2RH6FAyuWtruFUW8CE8TlLbFde9TbWm72oCuAScYXxhlwo94s12YNWKrdfNXV uKum+sWFDSFxCYAS5NjWpmBYeADqtZu9voN1PCfvq9bcxziheYUDBLqBZ7GcWkVylIyP 9Z1w== X-Gm-Message-State: AA6/9RllSY8UfHc5+ly9UjnM884PYfdK2U1WAHj5jKObxHAHbyM4JgbUpwzLajO9LvXZbkZ1FVDdWuqCHOU9tG/G MIME-Version: 1.0 X-Received: by 10.36.46.134 with SMTP id i128mr2346236ita.16.1476661761063; Sun, 16 Oct 2016 16:49:21 -0700 (PDT) Date: Sun, 16 Oct 2016 23:49:09 +0000 (UTC) X-Notifications: XEAAAAFE4TLkqngCptOP4Rd9-abI X-Account-Notification-Type: 2-RECOVERY-anexp:ire-control Feedback-ID: 2-RECOVERY-anexp:ire-control:account-notifier Message-ID: <1x7PeggN1gkI75CmBzbt3Q@notifications.google.com> Subject: Your recovery email address changed From: Google To: stable@freebsd.org Content-Type: text/plain; charset=UTF-8; format=flowed; delsp=yes Content-Transfer-Encoding: base64 X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Oct 2016 23:49:22 -0000 WW91ciByZWNvdmVyeSBlbWFpbCBhZGRyZXNzIGNoYW5nZWQNCg0KDQoNCkhpIFZOU+WoseS5kOWf jjg3NjUwMi5jb23ms6jlhozpgIE4OOWFgyznvZHkuIrmnIDngavniIbnmoTmuLjmiI/lubPlj7As 6LaF5aW96LWi6ZKx5ri45oiPLA0KVGhlIHJlY292ZXJ5IGVtYWlsIGZvciB5b3VyIEdvb2dsZSBB Y2NvdW50IG1heGhpbGw1NDBAZ21haWwuY29tIHdhcw0KcmVjZW50bHkgY2hhbmdlZC4NCg0KKkRv bid0IHJlY29nbml6ZSB0aGlzIGFjdGl2aXR5PyoNClJldmlldyB5b3VyIHJlY2VudGx5IHVzZWQg ZGV2aWNlcw0KPGh0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbS9BY2NvdW50Q2hvb3Nlcj9FbWFp bD1tYXhoaWxsNTQwQGdtYWlsLmNvbSZjb250aW51ZT1odHRwczovL3NlY3VyaXR5Lmdvb2dsZS5j b20vc2V0dGluZ3Mvc2VjdXJpdHkvYWN0aXZpdHkvbnQvMTQ3NjY2MTc0OTUzMD9yZm4lM0QyJTI2 cmZuYyUzRDElMjZldCUzRDQlMjZhc2FlJTNEMiUyNmFuZXhwJTNEaXJlLWNvbnRyb2w+DQpub3cu DQoNCkJlc3QsDQpUaGUgR29vZ2xlIEFjY291bnRzIHRlYW0NCg0KDQoNClRoaXMgZW1haWwgY2Fu J3QgcmVjZWl2ZSByZXBsaWVzLiBGb3IgbW9yZSBpbmZvcm1hdGlvbiwgdmlzaXQgdGhlIEdvb2ds ZQ0KQWNjb3VudHMgSGVscCBDZW50ZXIgPGh0dHBzOi8vc3VwcG9ydC5nb29nbGUuY29tL2FjY291 bnRzL2Fuc3dlci8yNDUwMjM2Pi4NCg0KDQoNCllvdSByZWNlaXZlZCB0aGlzIG1hbmRhdG9yeSBl bWFpbCBzZXJ2aWNlIGFubm91bmNlbWVudCB0byB1cGRhdGUgeW91IGFib3V0DQppbXBvcnRhbnQg Y2hhbmdlcyB0byB5b3VyIEdvb2dsZSBwcm9kdWN0IG9yIGFjY291bnQuDQrCqSAyMDE2IEdvb2ds ZSBJbmMuLCAxNjAwIEFtcGhpdGhlYXRyZSBQYXJrd2F5LCBNb3VudGFpbiBWaWV3LCBDQSA5NDA0 MywgVVNBDQo= From owner-freebsd-stable@freebsd.org Mon Oct 17 00:32:59 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 86690C14867 for ; Mon, 17 Oct 2016 00:32:59 +0000 (UTC) (envelope-from kob6558@gmail.com) Received: from mail-vk0-x22d.google.com (mail-vk0-x22d.google.com [IPv6:2607:f8b0:400c:c05::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 345C81D31 for ; Mon, 17 Oct 2016 00:32:59 +0000 (UTC) (envelope-from kob6558@gmail.com) Received: by mail-vk0-x22d.google.com with SMTP id q126so104615534vkd.2 for ; Sun, 16 Oct 2016 17:32:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to; bh=oYrFjYV46m3Dctj0Sd/hs18lPfJhbZKHFQmntg9Kct0=; b=sAa5F/reZGHeHSLaXKFdy0nAjoAF/R55rxY6wEXKXj4kHcImGBNPFxWChG6ZaL/14G 043aQND3BdxHvlaAW8otV/exVNAJeCHRJ8flk6a6r8w9nbooW1L9eQDSmv3EvwzxBlc/ 3OfAO2pNd4De2V+6R7bW6iZO3xnma+8Y7wWHmcAJWC6iwaJC8SregKXMATimcuCOQ9TN VVJK296PyoBbOUuI8X388x5rocJRtc8DQBaqyTXt8gXb02K2IaQGPCLw3p/9tXsaML75 KXkpzPbAA/L/v/gM483dL6e2XLmQK6g0FvWlPBGXaCv5DZ5JzKzX52cWa0HoTfgKMcZ2 keNw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to; bh=oYrFjYV46m3Dctj0Sd/hs18lPfJhbZKHFQmntg9Kct0=; b=JWacufW9TgrAqoF7K43DVYdZAHh7uiViySaJJT4Ya2Xv3SgIHZP2wOwtLtOam2vUcn NlyzD9y6X1Gf4Q+mG5mgkUkzhcr/iaklw+9ZY+GkqXYNZMF4UUBgZkJlzspfrykCAdCE 4JCO5SW6BrLFJr10dyLzEwQnrYkQXfQE6gB1h89CW9X9I9lZ+hjLvOFfU+c3G64suNsX 3qFw2FeWY8eRlg4EsCZ/tlIXb9NzeCVnOUkFs/OIDVcSqAqHIKgFj9MOe3nSazU3ZquB PgggDT7B/CK1mqwEQIEsx0zuYByLU7/F1YFx/t3KlZVEPnP9pU/q2yqNF4f5kcx/giIP vmgA== X-Gm-Message-State: AA6/9RkmuO9U+3iGOZk5EqzGdnkxlj40pl1qenWvt0ZxopMlO5EE3cAY1GmgtlKJPW3Bk41QzhGNhj2icXq9yQ== X-Received: by 10.31.148.22 with SMTP id w22mr13224919vkd.87.1476664378189; Sun, 16 Oct 2016 17:32:58 -0700 (PDT) MIME-Version: 1.0 Sender: kob6558@gmail.com Received: by 10.103.118.78 with HTTP; Sun, 16 Oct 2016 17:32:57 -0700 (PDT) In-Reply-To: <20161016174540.GI1069@albert.catwhisker.org> References: <20161016162605.GG1069@albert.catwhisker.org> <20161016174540.GI1069@albert.catwhisker.org> From: Kevin Oberman Date: Sun, 16 Oct 2016 17:32:57 -0700 X-Google-Sender-Auth: LwTfD9BRYTWRYL5R5nI6_qj6bV0 Message-ID: Subject: Re: sshd whines & dies after releng/10 "freebsd-update" run To: David Wolfskill , Xin Li , FreeBSD-STABLE Mailing List , Xin LI Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Oct 2016 00:32:59 -0000 On Sun, Oct 16, 2016 at 10:45 AM, David Wolfskill wrote: > On Sun, Oct 16, 2016 at 10:29:00AM -0700, Xin Li wrote: > > ... > > On 10/16/16 09:26, David Wolfskill wrote: > > > And over the last year or so, it's worked pretty well: I have the > > > machine set up (as is usually my approach) to be able to boot from > > > either of a couple of slices. I use a "dump | restore" pipeline > > > to copy the / and /usr file systems from the "active" slice to the > > > "inactive" slice, adjust /etc/fstab on the inactive slice to reflect > > > reality for when it's the boot slice, then (while the file systemms > > > from the other slice are still mounted -- e.g., on /S2) run > > > "freebsd-update -b /S2 fetch install", then reboot from the > > > newly-updated slice. > > > > > > In the past, that's Just Worked. > > > > Your usage probably worked because you were lucky for a few times in the > > past. (details below) > > > > > This weekend, though, I was planning to update my other systems tfrom > > > stable/10 to stable/11, so I figured I'd try freebsd-update on this > > > machine first. > > > > > [...] > > > root@sisboombah:/tmp # `which sshd` -d > > > Undefined symbol "ssh_compat13" referenced from COPY relocation in > /usr/sbin/sshd > > > > > > Any clues? > > > > I think this is not going to work (stable/10 -> releng/10.3) due to ABI > > incompatibility in a downgrade. > > I seem to have failed to commnunicate clearly: The machine in question > does not, and has not, run "stable". It runs releng. > > At the moment (on the "old" slice), it reports: > > sisboombah(10.3-RELEASE-p7)[1] uname -a > FreeBSD sisboombah.catwhisker.org 10.3-RELEASE-p7 FreeBSD 10.3-RELEASE-p7 > #0: Thu Aug 11 18:38:15 UTC 2016 root@amd64-builder.daemonology.net: > /usr/obj/usr/src/sys/GENERIC amd64 > sisboombah(10.3-RELEASE-p7)[2] > > > Basically, freebsd-update is treating your stable/10 as a 10.3-RELEASE > > installation and will fetch only changes from 10.3-RELEASE to the latest > > patchlevel. > > I can see that... if the machine were running stable. > > > Because of a SSH vulnerability that affects 10.3, freebsd-update would > > patch libssh (shared library used by sshd and friends), however the > > change does not affect the main binary. This worked by replacing your > > existing libssh with the one shipped by freebsd-update (effectively > > downgraded the library) and that would break sshd. > > As a reality check: > sisboombah(10.3-RELEASE-p7)[4] sudo mount /S2 > Password: > sisboombah(10.3-RELEASE-p7)[5] sudo mount /S2/usr > sisboombah(10.3-RELEASE-p7)[6] ls -lT {,/S2}/usr/lib/private/libssh.so.* > -r--r--r-- 1 root wheel 634232 Oct 16 11:57:32 2016 > /S2/usr/lib/private/libssh.so.5 > -r--r--r-- 1 root wheel 569864 Jun 5 13:37:52 2016 > /usr/lib/private/libssh.so.5 > sisboombah(10.3-RELEASE-p7)[7] ls -lT {,/S2}/usr/sbin/ssh* > -r-xr-xr-x 1 root wheel 297736 Jun 5 13:38:35 2016 /S2/usr/sbin/sshd > -r-xr-xr-x 1 root wheel 297736 Jun 5 13:38:35 2016 /usr/sbin/sshd > sisboombah(10.3-RELEASE-p7)[8] > > > I think upgrade -r 10.2-RELEASE (ideally, 11.0-RELEASE though as it > > would eliminate the possibility of any potential incompatibility) would > > work because that would result in a full rewrite of all files. > > Well, I had seen reports of folks having "issues" with attempts to > use freebsd-update to get to releng/11 from systems that weren't > as up-to-date as they might be; I was actually trying to avoid a > problem.... :-} > > Peace, > david > -- > David H. Wolfskill david@catwhisker.org > Those who would murder in the name of God or prophet are blasphemous > cowards. > > See http://www.catwhisker.org/~david/publickey.gpg for my public key. > I believe sshd no longer supports ssh1 compatibility and it looks like you might still have an entry in /etc/sshd/sshd.config trying to touch v1. Check the file for any non-default entries. Compare your sshd_config with the default version in /usr/src/crypto/openssh. -- Kevin Oberman, Part time kid herder and retired Network Engineer E-mail: rkoberman@gmail.com PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683