commit also removed the hint about using -Werror. -Werror is now added
in sys/conf/kern.pre.mk, which is a better place except it doesn't cover
modules.
EHOSTDOWN. These are often transient errors (when the remote host
reboots, temporary network problems, etc.), and we'd rather err on the
side of caution and keep trying send messages that never arrive than
just give up.
Note that this is not an implementation of the "back-off" methods
given in the PR. Those just seem too complicated. Why not just keep
trying each time? Trying and failing doesn't really consume
significantly more resources than if we were successful for each
message.
PR: bin/31029
MFC after: 1 week
in the script. Eliminates a bug where we create a temp file, but don't
delete it since the rm(1) is only done if the check is enabled.
PR: bin/40960
Submitted by: frf <frf@xocolatl.com>
MFC after: 3 days
firewall logging on and off when at elevated securelevel(8). It would
be nice to be able to only lock these at securelevel >= 3, like rules
are, but there is no such functionality at present. I don't see reason
to be adding features to securelevel(8) with MAC being merged into 5.0.
PR: kern/39396
Reviewed by: luigi
MFC after: 1 week
this particular GNU flag. It changes into the given directory for the
operation in question. This just goes into said directory at the time of
parsing the argument for getopt(3).
Submitted by: Rachel Hestilow <rachel@jerkcity.com>
and the TCP bandwidth delay product window limiting features.
note: the -current version of the retransmit timer defaults
to 200ms while the -stable version defaults to 1 second for now.
MFC after: 3 days
pmap_zero_page() and pmap_zero_page_area() were modified to accept
a struct vm_page * instead of a physical address, vm_page_zero_fill()
and vm_page_zero_fill_area() have served no purpose.
to fail needlessly if a reverse DNS lookup of the IP address didn't
come up with a hostname. As a comment in the code clearly stated,
the "damn hostname" was looked up only for the purpose of netgroup
matching. But if that lookup failed, the function bailed out
immediately even though in many cases netgroup matching would not
be used.
This change marks the hostname as unknown but continues. Where
netgroup matching is performed, an unknown hostname is handled
conservatively. I.e., for "+@netgroup" (accept) entries an unknown
hostname never matches, and for "-@netgroup" (reject) entries an
unknown hostname always matches.
In the lines affected (only), I also fixed a few bogus casts. There
are others, and in fact this entire file would be a good candidate
for a cleanup sweep.
Reviewed by: imp (wearing his flourescent yellow Security Team cap)
MFC after: 2 days
a pointer to a symbol is given and we have to find the containing symbol
table. We do this by bounds checking. For some strange reason (ie I
haven't found the root cause) the first test succeeded for said symbol,
implying that the symbol came from the .dynsym table. In reality however
the symbol actually resided in the .symtab table. Needless to say that
all that was returned was junk.
The upper bounds check was: (symptr - baseptr) < symtab_size
This has been rewritten to: symptr < (baseptr + symtab_size)
As a side-effect, slightly more optimal (and still correct :-) code can
be generated on ia64.
