Commit Graph

11136 Commits

Author SHA1 Message Date
Tim Kientzle
68f0154dcf This commit updates libarchive to be compatible with
GNU tar 1.17's implementation of --posix --sparse,
at the cost of losing compatibility with GNU tar 1.16.
Fortunately, the 1.17 implementation actually makes sense,
so the libarchive code is now a bit more straightforward
than before.

Background:  GNU tar 1.16 defined a new way to store
sparse files in --posix archives.  Unfortunately,
the implementation incorrectly inserted several
blocks of null padding after each such entry.
As a result, non-GNU tar implementations saw the
archive as truncated after any sparse entry.
This was fixed in GNU tar 1.17 at the cost of
losing compatibility with GNU tar 1.16 for this
new format (which is not the default, so hopefully
rarely used).  Libarchive recently gained support
for reading the GNU tar 1.16 formats; this commit
updates it to read the GNU tar 1.17 variant instead.

Approved by: re (ksmith for libarchive portion)
Approved by: re (blanket for libarchive_test portion)
MFC after: 5 days
2007-08-18 21:53:25 +00:00
Tim Kientzle
9136384dc2 Make suid/sgid restore be "opportunistic" if
owner restore is not requested.  If you ask
for permissions to be restored but not owner,
you will now get no error if suid/sgid bits
cannot be set.  (It's a security hole to restore
suid/sgid bits if the owner/group aren't restored.)

This fixes an obscure problem where a simple
"tar -xf" with no other options will sometimes
fail gratuitously because of suid/sgid bits.
This is causing occasional problems for people
using bsdtar as a drop-in replacement for
"that other tar program." ;-)

Note: If you do ask for owner restore, then suid/sgid
restore failures still issue an error.  This
only suppresses the error in the case where an
suid/sgid bit restore fails because of an owner
mismatch and owner restore was not requested.

Approved by: re (bmah)
MFC after: 7 days
2007-08-12 17:35:05 +00:00
Tim Kientzle
f6d19aee04 Update the tests for reading the various GNU tar sparse formats.
In particular:
  * Include a second entry in all of the test archives (to catch errors
    with intermediate padding)
  * Test the GNU tar 1.17 version of "posix sparse format 1.0"
    instead of the GNU tar 1.16 version (the latter is no longer
    supported by GNU tar).

Right now, libarchive fails this test because I originally
implemented the GNU tar 1.16 version of "posix sparse format 1.0".
I'll fix libarchive shortly.

Approved by: re (blanket, libarchive testing)
2007-08-12 01:16:19 +00:00
David Xu
4aa80591b6 Output error message to STDERR_FILENO.
Approved by: re (bmah)
2007-08-07 04:50:14 +00:00
Rink Springer
8a4974cb5a Improve error handling in libdisk while parsing the kern.geom.conftxt sysctl.
Previously, any parse error will result in the calling program exiting with an
unpleasant message. This change will cause libdisk to issue a warning and
ignore lines it cannot parse instead of bluntly terminating the unfortunate
enough program.

This change will allow you to use sysinstall if you have a NTFS parition with
a space in the name (such as 'Win Xp'). In such a case, a line like the
following will appear in the kern.geom.conftxt output:

2 LABEL ntfs/Win Xp 209818635264 512 i 0 o 0

As the fields are space-separated, libdisk would go beserk and exit the program.
This would happen if using FreeBSD 7.0 snapshot images (as GEOM_LABEL is in
the installation kernel as well), thus making it impossible to install FreeBSD
without renaming your NTFS paritions.

Reported by:	Dwight Berendse <dwight at berendse dot org>
Nod from:	phk
Reviewed by:	imp
Approved by:	re (bmah), imp (mentor)
MFC after:	1 month
2007-08-05 16:55:40 +00:00
Dag-Erling Smørgrav
062044ebbe Back out previous commit until I figure out why my regression test fails.
Approved by:	re (kensmith)
2007-08-03 09:20:28 +00:00
Dag-Erling Smørgrav
7eb198c642 Use fcntl(2)-style locks instead of less-portable flock(2)-style locks.
Approved by:	re (kensmith)
2007-08-03 06:32:45 +00:00
Michael Bushkov
3e83e4a3f2 - Getipnodebyname() and getipnodebyaddr() reimplemented through
gethostbyname() and gethostbyaddr() accordingly

Approved by:	re (kensmith), brooks (mentor)
2007-07-31 16:09:41 +00:00
Tim Kientzle
9e3fd30bac Two minor nits:
* Allow libarchive_test to compile on Interix again.
  * Track the test name (not just line number) when counting skipped tests.

Thanks to: Joerg Sonnenberger
Approved by: re (blanket; libarchive testing)
2007-07-31 05:03:27 +00:00
Joseph Koshy
c73743b6ce Cross-reference the correct manual page.
Approved by:	re (bmah)
2007-07-28 15:35:03 +00:00
Randall Stewart
1b649582bb - take out a needless panic under invariants for sctp_output.c
- Fix addrs's error checking of sctp_sendx(3) when addrcnt is less than
   SCTP_SMALL_IOVEC_SIZE
 - re-add back inpcb_bind local address check bypass capability
 - Fix it so sctp_opt_info is independant of assoc_id postion.
 - Fix cookie life set to use MSEC_TO_TICKS() macro.
 - asconf changes
   o More comment changes/clarifications related to the old local address
    "not" list which is now an explicit restricted list.

   o Rename some functions for clarity:
     - sctp_add/del_local_addr_assoc to xxx_local_addr_restricted()
     - asconf related iterator functions to sctp_asconf_iterator_xxx()

   o Fix bug when the same address is deleted and added (and removed from
     the asconf queue) where the ifa is "freed" twice refcount wise,
     possibly freeing it completely.

   o Fix bug in output where the first ASCONF would not go out after the
     last address is changed (e.g. only goes out when retransmitted).

   o Fix bug where multiple ASCONFs can be bundled in the same packet with
     the and with the same serial numbers.

   o Fix asconf stcb iterator to not send ASCONF until after all work
     queue entries have been processed.

   o Change behavior so that when the last address is deleted (auto asconf
     on a bound all endpoint) no action is taken until an address is
     added; at that time, an ASCONF add+delete is sent (if the assoc
     is still up).

   o Fix local address counting so that address scoping is taken into
     account.

   o #ifdef SCTP_TIMER_BASED_ASCONF the old timer triggered sending
     of ASCONF (after an RTO).  The default now is to send
     ASCONF immediately (except for the case of changing/deleting the
     last usable address).
Approved by:	re(ken smith)@freebsd.org
2007-07-24 20:06:02 +00:00
Simon L. B. Nielsen
33e6f9c10c Set timeout for all NIS RPC requests to 1 second and not just for
yp_next as revision 1.50 did.  This should fix, or at least very much
reduce the risk of, NIS timing out due to UDP packet loss for NIS
functions.

See also revision 1.50 for more details about the general problem.

Tested by:	nosedive, freefall, hub, mx1, brooks
MFC after:	1 week
Approved by:	re (mux)
2007-07-24 13:06:08 +00:00
Dag-Erling Smørgrav
f0f1db2e4c Apply the same error checks to PAM_TTY in pam_sm_close_session() as in
pam_sm_open_session(), avoiding false negatives when no tty is present.

Submitted by:	Todd C. Miller <millert@courtesan.com>
Approved by:	re (rwatson)
MFC after:	2 weeks
2007-07-22 15:17:29 +00:00
Dag-Erling Smørgrav
1173d3bb33 Whitespace cleanup
Approved by:	re (rwatson)
2007-07-22 15:14:40 +00:00
Rong-En Fan
37d9f47f49 - Correctly substitute variables like @NCURSES_MAJOR@ in manual pages
PR:		doc/114711
Submitted by:	Yuri Pankov <yuri at darklight.org.ru>
Approved by:	re (bmah)
MFC after:	3 days
2007-07-21 00:27:17 +00:00
Sean Farley
9bab236702 Added environ-replacement detection. For programs that "clean" (i.e., su)
or replace (i.e., zdump) the environment after a call to setenv(), putenv()
or unsetenv() has been made, a few changes were made.
  - getenv() will return the value from the new environ array.
  - setenv() was split into two functions:  __setenv() which is most of the
    previous setenv() without checks on the name and setenv() which
    contains the checks before calling __setenv().
  - setenv(), putenv() and unsetenv() will unset all previous values and
    call __setenv() on all entries in the new environ array which in turn
    adds them to the end of the envVars array.  Calling __setenv() instead
    of setenv() is done to avoid the temporary replacement of the '=' in a
    string with a NUL byte.  Some strings may be read-only data.

Added more regression checks for clearing the environment array.

Replaced gettimeofday() with getrusage() in timing regression check for
better accuracy.

Fixed an off-by-one bug in __remove_putenv() in the use of memmove().  This
went unnoticed due to the allocation of double the number of environ
entries when building envVars.

Fixed a few spelling mistakes in the comments.

Reviewed by:	ache
Approved by:	wes
Approved by:	re (kensmith)
2007-07-20 23:30:13 +00:00
Tim Kientzle
8ea9716c0c Fix a strict aliasing warning from GCC 4.1.
Thanks to: Joerg Sonnenberger
Approved by: re (hrs)
MFC after: 3 days
2007-07-20 01:28:50 +00:00
Tim Kientzle
d3bb697513 archive_string_ensure() used to call exit(3) if it
couldn't allocate more memory for a string.  Change
this so it returns NULL in that case, and update
all of its callers to handle the error.  Some of
those callers can now return errors back to the
client instead of calling exit(3).

Approved by: re (bmah)
2007-07-15 19:13:59 +00:00
Tim Kientzle
75d0856ca5 Add archive_entry_copy_gname() and archive_entry_copy_uname()
functions.

Approved by: re (bmah)
MFC after: 3 days
2007-07-15 19:10:34 +00:00
Tim Kientzle
58bdc3275c Clarify one test.
Approved by: re (blanket, libarchive testing)
2007-07-15 17:16:42 +00:00
Robert Watson
2b851aeb63 Disconnect netatm from the build as it is not MPSAFE and relies on
NET_NEEDS_GIANT, which will shortly be removed.  This is done in a
away that it may be easily reattached to the build before 7.1 if
appropriate locking is added.  Specifics:

- Don't install netatm include files
- Disconnect netatm command line management tools
- Don't build libatm
- Don't include ATM parts in rescue or sysinstall
- Don't install sample configuration files and documents
- Don't build kernel support as a module or in NOTES
- Don't build netgraph wrapper nodes for netatm

This removes the last remaining consumer of NET_NEEDS_GIANT.

Reviewed by:	harti
Discussed with:	bz, bms
Approved by:	re (kensmith)
2007-07-14 21:49:24 +00:00
Christian Brueffer
e38e34dbad Take a sentence into the present by removing a reference to FreeBSD 3.0.
Approved by:	re (blanket)
MFC after:	3 days
2007-07-14 19:23:29 +00:00
Tim Kientzle
a902b04074 Use an uncompressed test archive for gtar sparse format 1.0 format,
as that better exercises some internal read-combining logic than the
compressed archive.

Approved by: re (blanket, libarchive testing)
2007-07-14 17:54:14 +00:00
Tim Kientzle
2e4e46b540 Report each failed test once, but keep a count and report that count
if there was more than one.  In particular, this simplifies
test_tar_filenames.c, which has a tendency to be very noisy otherwise.

Approved by: re (blanket, libarchive testing)
2007-07-14 17:52:01 +00:00
Randall Stewart
b54d3a6c48 - Modular congestion control, with RFC2581 being the default.
- CMT_PF states added (w/sysctl to turn the PF version on)
- sctp_input.c had a missing incr of cookie case when the
  auth was bad. This meant a free was called without an
  increment to refcnt, added increment like rest of code.
- There was a case, unlikely, when the scope of the destination
  changed (this is a TSNH case). In that case, it would not free
  the alloc'ed asoc (in sctp_input.c).
- When listed addresses found a colliding cookie/Init, then
  the collided upon tcb was not unlocked in sctp_pcb.c
- Add error checking on arguments of sctp_sendx(3) to prevent it from
  referencing a NULL pointer.
- Fix an error return of sctp_sendx(3), it was returing
  ENOMEM not -1.
- Get assoc id was changed to use the sanctified socket api
  method for getting a assoc id (PEER_ADDR_INFO instead of
  PEER_ADDR_PARAMS).
- Fix it so a peeled off socket will get a proper error return
  if it trys to send to a different address then it is connected to.
- Fix so that select_a_stream can avoid an endless loop that
  could hang a caller.
- time_entered (state set time) was not being set in all cases
  to the time we went established.
Approved by:	re(ken smith)
2007-07-14 09:36:28 +00:00
Tim Kientzle
46dd1e6ee7 Restore the 'break' that was inadvertently removed in 1.57 of this file.
Without this, hardlinks get returned as symlinks.

Approved by: re (Ken Smith)
MFC after: 2 days
2007-07-14 05:53:51 +00:00
Tim Kientzle
f7f698bb22 Extend the basic tar reading test to exercise most types of
entries.  This doesn't cover everything yet, but it's a big improvement.

Approved by:  re (blanket, libarchive testing)
2007-07-14 05:35:17 +00:00
Tim Kientzle
99d4bb3999 Make the test for reading gtar sparse entries more robust;
it now verifies that the returned blocks have the correct data
at the correct file offsets, ignoring any null padding that
may exist.

Approved by: re (blanket, libarchive test suite)
2007-07-13 15:16:26 +00:00
Tim Kientzle
ceab112df6 New test suite test_read_pax_truncated probes libarchive
behavior with truncated or damaged pax archives.  This
tests most of the cases covered by the recent security advisory.

Approved by: re (blanket, libarchive test suite)
2007-07-13 15:14:35 +00:00
Tim Kientzle
8ed6656123 New file "read_open_memory.c" is a custom variant of
archive_read_open_memory.c that tries to test border
cases.  In particular, it copies over each returned block
so that formats or decompressors that read past the end
of a returned block will break.

Approved by: re (blanket, libarchive test suite)
2007-07-13 15:12:52 +00:00
Tim Kientzle
4b0489dd31 Fix running individual tests via "libarchive_test <number> <number> ..."
Approved by: re (blanket)
2007-07-13 15:09:07 +00:00
Colin Percival
612c3e7724 Correct multiple security issues in how libarchive handles corrupt
tar archives, including a potentially exploitable buffer overflow.

Approved by:	re (kensmith, security blanket)
Reviewed by:	kientzle
Security:	FreeBSD-SA-07:05.libarchive
2007-07-12 15:00:28 +00:00
Tim Kientzle
ed3ba42250 Fix installworld: /usr/bin/printf isn't available then,
so use awk's printf for the formatting here instead.

Pointy hat: Yours Truly
Approved by: re
2007-07-07 16:55:42 +00:00
Tim Kientzle
dbb4eb7d9c Make test suite work with libarchive 1.3.1: Take advantage of
ARCHIVE_VERSION_STAMP to selectively disable tests that don't
apply to that version; new "skipping()" function reports skipped
tests; modify final summary to report component test failures and
skips.

Note:  I don't currently intend to MFC the test suite itself;
anyone interested should just checkout and use this version
of the test suite, which should work for any library version.

Approved by: re (Ken Smith, blanket)
2007-07-06 15:43:11 +00:00
Tim Kientzle
ab16ac785a New "version stamp" simplifies determining the exact version
of libarchive being used.  I've been taking advantage of this
with a recent round of updates to libarchive_test so that it
can test older and newer versions of the library.

Approved by: re (Ken Smith)
2007-07-06 15:36:38 +00:00
Daniel Eischen
76390742ee Fix a typo that prevented the quad symbols from being exported
(s/SYM_MAP/SYM_MAPS/).

Reported by:	kan
Approved by:	re@ (Ken Smith)
2007-07-06 13:42:24 +00:00
Peter Wemm
0c5931043c Fix remaining syntax errors (missing semicolons)
Submitted by: Björn König <bkoenig@cs.tu-berlin.de>
Approved by: re (kensmith, followup commits)
2007-07-05 17:42:00 +00:00
Doug Rabson
41ec374660 If the mech_type argument to gss_display_status is null, use a default
mechanism.

Approved by: re (kensmith)
2007-07-05 13:40:07 +00:00
Peter Wemm
db62d47f87 Add missing \ characters in PSEUDO() macro on arm. Oops.
Submitted by:  cognet
Approved by: re (kensmith)
2007-07-04 23:35:18 +00:00
Peter Wemm
4dd719bd7f Change the C wrappers for mmap/lseek/pread/pwrite/truncate/ftruncate to
call the pad-less versions of the corresponding syscalls if the running
kernel supports it.  Check kern.osreldate once per program and cache the
result to select the appropriate syscall.  This maintains userland
compatability with kernel.old's from quite a while back.

Approved by:  re (kensmith)
2007-07-04 23:27:38 +00:00
Peter Wemm
65a6d893ba Classify mmap, lseek, pread, pwrite, truncate, ftruncate as pseudo
syscalls, unless WITHOUT_SYSCALL_COMPAT is defined.  The default case
will have the .c wrappers still.  If you define WITHOUT_SYSCALL_COMPAT,
the .c wrappers will go away and libc will make direct syscalls.

After 7-stable starts, the direct syscall method will be default.

Approved by:  re (kensmith)
2007-07-04 23:23:01 +00:00
Peter Wemm
eabc04d472 Adjust the syscall stub macros to be consistent in their meaning. In
particular:
SYSCALL() makes a syscall, with errno handling, and continues execution
directly after the macro in the non-error case.
RSYSCALL() is just like SYSCALL(), but returns after success.
Both SYSCALL(name) and RSYSCALL(name) export  "__sys_name" as a strong
symbol, with "_name" and "name" as weak aliases.
PSEUDO() is just like RSYSCALL(), but skipping the "name" weak alias.  It
still does "__sys_name" and "_name".

Change i386 to add errno handling to PSEUDO.  The same for amd64 and
sparc64, with appear to have copied the behavior.
ia64 was correct (as was alpha).  Just remove some apparently unused
variants of the macros. (untested!)
I believe powerpc is correct.
Fix arm to not export "name" from the PSEUDO case.  Remove apparently
extra unused variants.  (untested!)

The errno problem manifested on i386/amd64/sparc64 by having "PSEUDO"
classified syscalls return without setting errno.  eg: "addr = mmap()"
could return with "addr" = 22 instead of setting errno to 22 and
returning -1.

Approved by: re (kensmith)
2007-07-04 23:18:38 +00:00
Peter Wemm
f275d39c8f Fix missing prototype warnings. (Compile errors with -Werror on)
When using namespace.h/un-namespace.h, you use _ versions of syscalls.
Change getsockopt() to _getsockopt() and same for setsockopt().

Approved by:  re
2007-07-04 00:55:50 +00:00
Sean Farley
2966d28c32 Significantly reduce the memory leak as noted in BUGS section for
setenv(3) by tracking the size of the memory allocated instead of using
strlen() on the current value.

Convert all calls to POSIX from historic BSD API:
 - unsetenv returns an int.
 - putenv takes a char * instead of const char *.
 - putenv no longer makes a copy of the input string.
 - errno is set appropriately for POSIX.  Exceptions involve bad environ
   variable and internal initialization code.  These both set errno to
   EFAULT.

Several patches to base utilities to handle the POSIX changes from
Andrey Chernov's previous commit.  A few I re-wrote to use setenv()
instead of putenv().

New regression module for tools/regression/environ to test these
functions.  It also can be used to test the performance.

Bump __FreeBSD_version to 700050 due to API change.

PR:		kern/99826
Approved by:	wes
Approved by:	re (kensmith)
2007-07-04 00:00:41 +00:00
Randall Stewart
602afc03e4 - Removes some incorrect error returns (errno was being overriden in
one of the functions)
- Fixes the error return of sctp_get_opt, it was returning the errno not
 -1.
Approved by:	re@freebsd.org (Robert Watson)
Obtained from:	Weongyo Jeong (weongyo.jeong@gmail.com)
2007-07-02 10:52:34 +00:00
George V. Neville-Neil
8409aedfa6 Commit IPv6 support for FAST_IPSEC to the tree.
This commit includes all remaining changes for the time being including
user space updates.

Submitted by:    bz
Approved by:    re
2007-07-01 12:08:08 +00:00
Doug Rabson
22a25490ab Merge fixes back from heimdal.
Approved by: re (kensmith)
2007-06-30 07:47:45 +00:00
Alexander Kabaev
db97450987 Fix sbrk.S to use _end symbol the same way brk.s was fixed some time
ago. sbrk.S should have gotten the same change then but was forgotten.

Approved by:	re (bmah)
PR:		kern/114049
2007-06-27 02:45:37 +00:00
Tim Kientzle
3f6c3bcd84 Fix 'bsdtar -t' on tape drives. Libarchive uses the
skip() callback to skip over data when reading uncompressed
archives.  This gets invoked, for example, during tar -t
or tar -x with a filename argument.  The revised code
only calls [lf]seek() on regular files, instead of depending
on the kernel to return an error.

Thanks to: bde for explaining the implementation of lseek()
Thanks to: Daniel O'Connor for testing
Approved by: re (Ken Smith)
MFC after: 5 days
2007-06-26 03:06:48 +00:00
Matt Jacob
f1d305391f Add missing semi-colon.
Approved by:	re (not really, but it's better to have things compile than not for right now. Sorry)
2007-06-26 02:07:47 +00:00