Activity Not Available
1
I Use This!

News

Analyzed 2 months ago. based on code collected 2 months ago.
Posted 2 months ago by t...@mirbsd.org (MirOS Developer tg)
GMane has been down for a day or two, and flakey for a day before that. MidnightBSD’s laffer1 just linked the reason, which made me cry out loud. GMane is really great, and I rely on the NNTP interface a lot, both posting and especially ... [More] reading — it gives me the ability to download messages from mailing lists I don’t receive in order to be able to compose replies with (mostly) correct References and In-Reply-To headers. Its web interface, especially the article permalinks, are also extremely helpful. This is a request for a petition to save GMane. Please, someone, do something! Thanks in advance! [Less]
Posted 2 months ago by t...@mirbsd.org (MirOS Developer tg)
GMane has been down for a day or two, and flakey for a day before that. MidnightBSD’s laffer1 just linked the reason, which made me cry out loud. GMane is really great, and I rely on the NNTP interface a lot, both posting and especially ... [More] reading — it gives me the ability to download messages from mailing lists I don’t receive in order to be able to compose replies with (mostly) correct References and In-Reply-To headers. Its web interface, especially the article permalinks, are also extremely helpful. This is a request for a petition to save GMane. Please, someone, do something! Thanks in advance! [Less]
Posted 2 months ago by t...@mirbsd.org (MirOS Developer tg)
A small patch was applied to httpd(8) to not pass the HTTP Proxy header as HTTP_PROXY environment variable to CGI scripts, because those often call utilities such as ftp(1), lynx(1), GNU wget, etc. which may accept this as an alternative ... [More] spelling of http_proxy which is used to set a proxy for outgoing connections — something e.g. the CGI scripts in MirKarte do. [Less]
Posted 5 months ago by t...@mirbsd.org (MirOS Developer tg)
As announced in the earlier wlog entry about server reorg I’ve now switched over most services from the soon-to-be-defunct eurynome to fish, with gecko2’s www.ig42.org providing the redirection HTTP vhost for hostname-less mirbsd.org requests ... [More] (i.e. people who don’t know how this works) and, soon, fallback HTTP services should they be needed. (He’s trusted with the SSL key and certificate.) This also involves switching SSH hostkeys for AnonCVS, unfortunately; I’ve taken the chance to generate a fresh key for fish. Look in /MirOS/ for the files (gzsig(1) signed) hostkeys.gz or (PGP signed) hostkeys.asc for a less-dependent source for the new keys. [Less]
Posted 5 months ago by t...@mirbsd.org (MirOS Developer tg)
As announced in the earlier wlog entry about server reorg I’ve now switched over most services from the soon-to-be-defunct eurynome to fish, with gecko2’s www.ig42.org providing the redirection HTTP vhost for hostname-less mirbsd.org requests ... [More] (i.e. people who don’t know how this works) and, soon, fallback HTTP services should they be needed. (He’s trusted with the SSL key and certificate.) This also involves switching SSH hostkeys for AnonCVS, unfortunately; I’ve taken the chance to generate a fresh key for fish. Look in /MirOS/ for the files (gzsig(1) signed) hostkeys.gz or (PGP signed) hostkeys.asc for a less-dependent source for the new keys. [Less]
Posted 7 months ago by t...@mirbsd.org (MirOS Developer tg)
I’ll have to add O_DIRECTORY support to open(2) for more security in cpio(1), pax(1), and tar(1). (Maybe I’ll also add O_CLOEXEC while there…) Today’s paxmirabilis will however pick this up as soon as it’s there and thus fail if it is not ... [More] supported by the running kernel yet. Morale: when upgrading to a snapshot take care of the kernel first (install and reboot), userspace second. To be clear: this will affect the first -current snapshot to be published after today on /MirOS/current. [Less]
Posted 7 months ago by t...@mirbsd.org (MirOS Developer tg)
I’ll have to add O_DIRECTORY support to open(2) for more security in cpio(1), pax(1), and tar(1). (Maybe I’ll also add O_CLOEXEC while there…) Today’s paxmirabilis will however pick this up as soon as it’s there and thus fail if it is not ... [More] supported by the running kernel yet. Morale: when upgrading to a snapshot take care of the kernel first (install and reboot), userspace second. To be clear: this will affect the first -current snapshot to be published after today on /MirOS/current. [Less]
Posted 7 months ago by t...@mirbsd.org (MirOS Developer tg)
I’ll have to add O_DIRECTORY support to open(2) for more security in cpio(1), pax(1), and tar(1). (Maybe I’ll also add O_CLOEXEC while there…) Today’s paxmirabilis will however pick this up as soon as it’s there and thus fail if it is not ... [More] supported by the running kernel yet. Morale: when upgrading to a snapshot take care of the kernel first (install and reboot), userspace second. To be clear: this will affect the first -current snapshot to be published after today on /MirOS/current. [Less]
Posted 7 months ago by t...@mirbsd.org (MirOS Developer tg)
I’ll have to add O_DIRECTORY support to open(2) for more security in cpio(1), pax(1), and tar(1). (Maybe I’ll also add O_CLOEXEC while there…) Today’s paxmirabilis will however pick this up as soon as it’s there and thus fail if it is not ... [More] supported by the running kernel yet. Morale: when upgrading to a snapshot take care of the kernel first (install and reboot), userspace second. To be clear: this will affect the first -current snapshot to be published after today on /MirOS/current. [Less]
Posted 7 months ago by t...@mirbsd.org (MirOS Developer tg)
The MirBSD Korn Shell R52c was published today as bugfix-accumulating release of low upto medium importance. Thanks to everyone who helped squashing all those bugs; this includes our bug reporters who always include reproducer testcases; you’re ... [More] wonderful! MirCPIO was also resynchronised from OpenBSD, to address the CVE-2015-{1193,1194} test cases, after a downstream (wow there are so many?) reminded us of it; thanks!This is mostly to prevent extracting ../foo – either directly or from a symlink(7) – from actually ending up being placed in the parent directory. As such the severity is medium-high. And it has a page now – initially just a landing page / stub; will be fleshed out later. Uploads for both should make their way into Debian very soon (these are the packages mksh and pax). Uploading backports for mksh (jessie and wheezy-sloppy) have been requested by several users, but none of the four(?) DDs asked about sponsoring them even answered at all, and the regular (current) sponsors don’t have experience with bpo, so… SOL ☹ I’ve also tweaked a bug in sed(1), in MirBSD. Unfortunately, this means it now comes with the GNUism -i too: don’t use it, use ed(1) (much nicer anyway) or perlrun(1) -p/-n… Finally, our PDF manpages now use the PA4 paper size instead of DIN ISO A4, meaning they can be printed without cropping or scaling on both A4 and US-american “letter” paper. And a Бодун from the last announcement: we now use Gentium and Inconsolata as body text and monospace fonts, respectively. (And à propos, the website ought to be more legible due to text justification and better line spacing now.) I managed to hack this up in GNU groff and Ghostscript, thankfully. (LaTeX too) Currently there are PDF manpages for joe (jupp), mksh, and cpio/pax/tar. And we had Grünkohl today! Also, new console-setup package in the “WTF” APT repository since upstream managed to do actual work on it (even fixed some bugs). Read its feed if interested, as its news will not be repeated here usually. (That means, subscribe as there won’t be many future reminders in this place.) The netboot.me service appears to be gone. I’ll not remove our images, but if someone knows what became of it drop us a message (IRC or mailing list will work just fine). PS: This was originally written on 20160304 but opax refused to be merged in time… Happy Birthday, gecko2! In the meantime, the Street Food festival weekend provided wonderful food at BaseCamp, and headache prevented this from being finished on the fifth. Update 06.03.2016: The pax changes were too intrusive, so I decided to only backport the fixes OpenBSD did (both those they mentioned and those silently included), well, the applicable parts of them, anyway, instead. There will be a MirCPIO release completely rebased later after all changes are merged and, more importantly, tested. Another release although not set for immediate future should bring a more sensible (and mksh-like) buildsystem for improved portability (and thus some more changes we had to exclude at first). I’ve also cloned the halfwidth part of the FixedMisc [MirOS] font as FixedMiscHW for use with Qt5 applications, xfonts-base in the “WTF” APT repo. (Debian #809979) tl;dr: mksh R52c (bugfix-only, low-medium); mircpio 20160306 (security backport; high) with future complete rebase (medium) upstream and in Debian. No mksh backports due to lacking a bpo capable sponsor. New console-setup in “WTF” APT repo, and mksh there as usual. xfonts-base too. netboot.me gone? [Less]