sven falempin | 24 Apr 17:23 2014


Dear OpenBSD misc reader,

I am a bit lost in all the manpages related to process id and parent and
group ....
reading the fork manpage, I do not read the child group id is set.

Is it a good practice to set the group id to the parent process id,
thus allowing a 'kill -ppid' command to kill all forked process.

Best regards,


() ascii ribbon campaign - against html e-mail

Blaise Hizded | 24 Apr 16:03 2014

Nginx security patch build fail

I just installed a fresh OpenBSD 5.4 release and I want to apply all the
errata security patch.
Everything worked well except the 004 patch for Nginx.
I apply the patch without problem, but when I try to recompile:

# rm -rf
# cd /usr/src/
# make -f Makefile.bsd-wrapper obj  
/usr/src/usr.sbin/nginx/obj -> /usr/obj/usr.sbin/nginx
# make -f Makefile.bsd-wrapper depend
# Nothing here so far...
# make -f Makefile.bsd-wrapper       
/usr/bin/lndir -s -e obj -e obj.i386 -e Makefile.bsd-wrapper
checking for OS
 + OpenBSD 5.4 i386
checking for C compiler ... found but is not working

configure: error: C compiler cc is not found

*** Error 1 in /usr/src/usr.sbin/nginx (Makefile.bsd-wrapper:49
'/usr/src/usr.sbin/nginx/obj/objs/ngx_auto_config.h':  <at> cd

This is weird, my compiler worked fine for the other build..
OpenBSD 5.4 i386. dmesg attached.
 AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ ("AuthenticAMD" 686-class, 512KB L2 cache) 2.21 GHz
(Continue reading)

Alejandro | 24 Apr 15:51 2014

Linux Foundation raising money for "Core Infrastructure"

So, i was just reading this article[1] on wired where they mention the
Linux Foundation raising money for projects like OpenSSL after Heartbleed
hit and for other crucial software on the Internet... What are the chances
of things like OpenSSH getting founding from them for example? (I mention
OpenSSH because i cannot think any other single most crucial piece of code
on the internet). Does this give any kind of hope for future founding on
OpenBSD and the Foundation?

Also, funny how they mention the lack of founding on OpenBSD on the same
article as OpenSSL, meanwhile LibreSSL is born, the irony...


[1] =

Mansour Moufid | 24 Apr 05:43 2014

LibreSSL semantic patches


Like most of you I imagine, I follow the LibreSSL port with interest.

I noticed a couple changes that could be automated with Coccinelle [1]
so I wrote some semantic patches here:

in the branch named 'cocci'.

To apply a semantic patch, say 10-rm-malloc-return-casts.cocci,

    spatch --sp-file cocci/10-rm-malloc-return-casts.cocci \
        --dir /path/to/openssl

To apply all of them in order,

    ls -1 cocci | xargs -I {} -n 1 -- \
        spatch --dir /path/to/openssl --sp-file cocci/{}

For a big project like OpenSSL, semantic patching can save lots of time.
The patches generated are big and I haven't double-checked everything.
Please have a look and feel free to use what works.



(Continue reading)

Ralph Siegler | 24 Apr 00:47 2014

On Thu, 10 Apr 2014 03:44:26 +0000, Ralph W Siegler wrote:

> Stuart Henderson <stu <at>> writes:
>> On 2014-04-09, sven falempin <sven.falempin <at>> wrote:
>> > i which this : was open and inside the base
>> You can wish, but that is commercial+GPL code so OpenBSD can't use it
>> in base.
> What I would wish for is the OpenSSH project to expand to become the
> OpenSSH/SSL project.  I'll take  a 'correct and slow' transport layer
> security over 'fast and bypassing my OS's memory protection features'
> transport layer security any day.   Such a scope would seem to be within
> the purview of securing communications.

Dang, I got my wish with the LibreSSL project!  Another donation coming 

Daniel Melameth | 23 Apr 18:26 2014

systat queues pps and bps (was pf/pfstat New Queue Reporting)

On Wed, Apr 23, 2014 at 9:58 AM, Henning Brauer <lists-openbsd <at>> wrote:
> * Daniel Melameth <daniel <at>> [2014-04-23 17:56]:
>> Anyone else seeing this?  I also noticed pps and bps were missing from
>> systat queues, but I assume this is expected
> hmm, no, that worked for me. did I forget to commit sth?

Here's the output from systat queues from a test system:

root                1G             0     0      0      0    0
 regular            1G            69 14428      0      0    0
 icmp               1M            10   980      0      0    0

The P/S and B/S are always blank.

Daniel Melameth | 23 Apr 18:00 2014

pf/pfstat New Queue Reporting

I'm running a recent snapshot and noticed pfstat no longer graphs the
new queues correctly (they are blank).  Is anyone else seeing this?  I
also noticed pps and bps were missing from systat queues, but I assume
this is expected (pfctl –vvs queue still displays this though).

I also noticed the following commit message in the pfstat Makefile
from ~6 months ago (has the syntax for queues changed as it relates to

initial fix for queues; s/pfioc_qstats/pfioc_altqstats


Daniel Melameth | 23 Apr 17:55 2014

pf/pfstat New Queue Reporting

Running a recent snapshot and I've noticed the following:

* pfstat no longer graphs the new queues correctly (they are blank)
* nfdump reports Sequence Errors when using pflowproto 10 (I haven’t tried v5)

Anyone else seeing this?  I also noticed pps and bps were missing from
systat queues, but I assume this is expected (pfctl –vvs queue still
displays this though).

I noticed the following commit message from ~6 months ago

Shawn K. Quinn | 23 Apr 10:30 2014

Re: tmpfs weirdness

On Tue, Apr 22, 2014, at 11:24 PM, Chris Cappuccio wrote:
> there are some interesting patches in bitrig that you could try to 
> apply in the openbsd tree, recompile your kernel and see if
> any of them help. 
> "Fix integer overflows handling objects >= 2G
> Fix a series of overflows preventing objects larger than two gigabytes
> from being handled correctly by uvm_aobj.c. Since kernel_object_store is
> 4G on amd64, this is slightly worrying."

I started with this one, and I cannot get it to apply cleanly. It looks
like whatever is in -current now has diverged enough from what Bitrig
took or vice versa to make applying it by hand tricky at best.

Given my horrible luck with this one, I am hesitant to try the others.


  Shawn K. Quinn
  skquinn <at>

Shawn K. Quinn | 23 Apr 04:51 2014

disklabel: phantom "partition extends past end of unit" message on amd64, possible bug?

Either I'm missing something obvious, or something is amiss in disklabel
as of the April 19 snapshot for amd64. I'm thinking it's the latter
because, as you can see below, 'disklabel -E' has no issue with what
'disklabel -e' complains about:

Script started on Tue Apr 22 21:44:41 2014
# disklabel sd0
# /dev/rsd0c:
type: SCSI
disk: SCSI disk
label: ST3750528AS
duid: e6430fb1fad1094c
bytes/sector: 512
sectors/track: 63
tracks/cylinder: 255
sectors/cylinder: 16065
cylinders: 91201
total sectors: 1953525168
boundstart: 64
boundend: 1953525168
drivedata: 0

16 partitions:
#                size           offset  fstype [fsize bsize  cpg]
  a:          2097152               64  4.2BSD   2048 16384    1 # /
  b:         70243488          2097216    swap                   # none
  c:       1953525168                0  unused
  d:          8911776         72340704  4.2BSD   2048 16384    1
  e:          8911776        124776832  4.2BSD   2048 16384    1 # /usr
(Continue reading)

Héctor Luis Gimbatti | 23 Apr 03:43 2014

support new

C Argentina
P Santa Fe
T Rosario
Z 2000
I Hector Luis Gimbatti
A Italia 4838
M hlg <at>
N OpenBSD consulting, installation, maintenance and support for mid-size business. Over 10 years of
experience with BSD based systems (both servers and clients). Experienced in firewalls and OpenBSD daemons.