than really solve it. This approach (inspired by Ruslan's patch) solves
the real problem by stripping the local domain off the host name in the
config line structure.
Also mark a bunch of code sections that either do not check the return value
of a strdup(), malloc() or calloc() call, or do not properly handle a NULL
return.
1.64, i.e. July of last year. Also fix a minor style bug in the same code.
PR: bin/28634
Pointy hat to: dwmalone
Pointed out by: my buggy DSL router's remote logging facility
1. FreeBSD should be spelled with "F" and "BSD" in capitals,
even in comments.
2. Please don't use hard sentence breaks. Always start a
new sentence from the new line.
3. Don't use `#' or `$' in EXAMPLES; this has been fixed
recently in share/examples/mdoc/ templates.
4. Nuke the prog_name variable burncd.c, use getprogname(3).
correct mode via ancontrol, you can use bpf to sniff raw 802.11 frames.
Who want's to port AirSnort. ;-)
Submitted by: Doug Ambrisko <ambrisko@ambrisko.com> (author)
David Wolfskill <david@catwhisker.org> (port to current)
__unused, and change local variables named `sin' (struct
sockaddr_in) to `sin4'. (`sin' conflicts with the definition of
sin(3), which gcc assumes to be defined even if math.h isn't
included (it's a builtin). This is probably a bug in gcc.)
- Apply WARNS=1. WARNS=2 was not used because this program assigns
string literals to (struct iovec).iov_base for writing, and the only
clean way to silence -Wwrite-strings in that case would be to
strdup() and consequently free() those literals, which I considered
too disruptive.
Reviewed by: bde (partially)
for each option in the DHCP lease file. The DHCP lease parsing code
specifically ignores more than the first nameserver, but it didn't
previously deal with the case of more than one router. This caused
segfaults and a painful death when installing on a network with
multiple routers.
PR: misc/16003
COPTS towards the end of final CFLAGS so that it can be used to
override Makefile and other defaults. Using it in Makefiles risks
having options set using it clobbered when somebody uses it on the
command line.
Approved by: bde
doesn't talk about these files elsewhere, doesn't use the files by
default, and the names are dependent on site-specific newsyslog
configuration.
PR: 30348
Submitted by: Giorgos Keramidas <charon@labs.gr>
interactive case. This already works for non-interactive installs,
but at least one user thinks it would be useful and it certainly seems
more correct to allow it here as well.
So, this will now work :
# sysinstall netDev=fxp0 tcpMenuSelect
PR: bin/30229
Submitted by: Mikhail Teterin <mi@aldan.algebra.com>
This will now allow sysinstall to work properly if a FreeBSD CD/DVD is
already mounted as /cdrom, instead of just crapping out when it tries
to mount as /dist and gets EBUSY.
PR: conf/28081
Tested by: jhb
useful for post install configuration or other cases that might not be
handled by usb.c. (usb.c already sets usbd_enable iff sysinstall
detects usb during install).
PR: bin/18946
Submitted by: Peter van Heusden <pvh@egenetics.com>
Reviewed by: jhb
and RTSOL in sysinstall. If the respective TRY_FOO variable is set to
"YES" then it will be tried without prompting the user.
However, if the TRY_FOO variable is set to "NO" then the user will not
be prompted for a choice. This is the correct behavior, since we want
people to be able to script sysinstall in either case.
However, the default TRY_FOO variable has been "NO" since 1999. This
is incorrect, and when the logic was corrected in tcpip.c this has the
effect of never giving the user a choice to use DHCP or IPv6. The
value should be undefined until it is set by a script or by the user.
Submitted by: Randy Pratt, Chern Lee, many others.
UPGRADE.TXT along with a YesNo dialog requesting confirmation of
the upgrade. During the transition to RELNOTESng, UPGRADE.TXT got
folded into a file that eventually renders as INSTALL.TXT, which
makes sysinstall complain about a non-existent file. As a
solution/workaround, point the user at INSTALL.TXT, and then request
confirmation.
Noticed by: rpratt (on 4.4-RC3)
Approved by: jkh
1) Removed the low-level (unneeded in this context) details on
escape sequences that are already documented in screen(4).
2) Removed whitespace at EOL.
3) Removed the garbage from previous revision.
16 bits access is required by nsp driver to work in SMIT mode.
Since previously (1.65 and before in current, and 1.46.28 and before
in stable branch) 16 bits access was default, I hope it will break nothing.
Okayed-by: imp
mail, if configured to do so. Some sites have setups where the user's
mail is delivered to their home directory, so sending mail before is
exists didn't work.
PR: 29892
added but not its postrequisite -ltermcap.
Fixed breakage of DPADD in previous commit. ${LIBREADLINE} was misspelled
-lreadline. This should have been fatal since there is no file named
-lreadline, but it worked because of an undcumented bugfeature in make(1)
(or its configuration files): missing source files named -l* are silently
assumed to be up to date libraries. `make checkdpadd' also fails to detect
this error.
assignment of `l' in `gr_update' to the return value of snprintf. It
claimed to have fixed the case where snprintf returned -1--in fact, it
broke the entire routine. Not setting `l' here causes fileupdate() to
invariably fail with EINVAL because it does its own check to assert
that the parameter isn't -1.
for ntp-4.1.0.
Unfortunately, David Mills insists on managing the documentation in
such a way as to make it impossible for me to make things easy on our
translators, without printing out the documentation and reading through
it side-by-side with a finger on each page.
post-configuration "Startup" menu. In the event that diskcheckd is
removed, this can easily be trimmed also; in the mean time, it allows
diskcheckd to be easily disabled using our documented management
tool
the system on which it is running. The hostname is reloaded when
'HUPped' and a log message generated to note a change (before anyone
points it out, this is not an added security feature).
PR: bin/24444
Reviewed by: freebsd-audit
Approved by: ru
MFC after: 2 weeks
dictionaries are out of sync.
This avoids the complications that happen when our original reset
request gets lost in transit (quite likely in hind sight, given a
lossy link) when we end up ignoring the peer for the next (up to)
256 packets.
Submitted by: Nick Sayer <nsayer@quack.kfu.com>
originally written in January, 2000, but have been substantially updated.
- No longer use hz/stathz and the CPU times in computing the TTY stats,
but rather use etime, like the disk stats.
- Clean up malloc/realloc failure tests.
- Use a new integrated routine to fetch devstat information via sysctl or
KVM.
- Get rid of the X() macro for calculating CPU stats
- Use rint() on the CPU state display to avoid truncation errors. (this
requires libm)
- Clean up flag usage somewhat.
Reviewed by: bde
when we ioctl(TUNSIFINFO) under OpenBSD)
o Don't bring the interface up immediately
o Don't complain about unrecognised interface flags in ``show iface''.
the size of the tsp_name field is OS-dependent. 4.3BSD used a 32-byte
field, FreeBSD uses MAXHOSTNAMELEN and RedHat apparently uses a 64-byte
field. As a result, sanity checking code added a few months ago to detect
short packets will fail when interoperating with one of these other vendors.
Change the short packet detection code to expect a minimum packet size
corresponding to the 4.3BSD implementation, which should be a safe minimum
size.
Submitted by: Stephen Whiteley <stevew@best.com> (based on)
PR: misc/29867
and mask to the routing socket, otherwise the update fails.
Warning provided by: markm
The code here was broken for FreeBSD when IPv6 support was added, but
was fixed for OpenBSD. OpenBSD expects the gateway and mask to be
supplied and fails the update otherwise.
on older kernels correctly. Terminate the loop when we find a
suitable irq. Also, only try to select from the pool. Cleaned up the
two cases (IRQ picked by the user and ?) into one.
MFC upon re approval.
and implement a far more subtle and correct fix.
The reason behind the infinite loop was that ppp was trying to make up
initial IPv6 numbers and wasn't giving up when it failed unexpectedly to
assign the addresses it just fabricated to it's interface (thinking that
the reason was because another interface was using the same address).
It now attempts this up to 100 times before just failing and trying to
muddle along (in reality, this should never happen more than a couple
of times unless our random number generator doesn't work).
Also, when IPv6 is not available, don't even try to assign the IPv6
interface address in the first place...
monthly and weekly, respectively. Also fix the @yearly shortcut so
that it doesn't execute daily during January. OpenBSD and NetBSD also
appear to have this bug.
PR: bin/21152
sizes on a route.
IMHO this shouldn't be necessary (the destination & mask/prefixlen
should be enough), but without it, the default route update under
OpenBSD will fail.
Thanks to: Russell T Hunt <alaric@MIT.EDU>
the name for the moderate security profile is "moderate", not
"medium", so update this one reference to it as "medium".
This is a 4.4-RELEASE MFC candidate.
MFC after: 2 days
Add a timestamp to the comment so that it's possible to see when
changes were made.
e.g.:
# -- sysinstall generated deltas -- # Wed Aug 15 18:10:20 2001
progs prog1
special prog1 objdir ../../prog1/obj
special prog1 objs prog1.o
This fixes a bug that I introduced around the time of 4.2-release.
Reported by: Larry Baird <lab@gta.com>
use it. If not, then loop asking for each one, with normal -I
processing. This will effectively disable -I for when the pcic is in
PCI function interrupt routing mode.
structures (well, they're treated as opaque).
It's now possible to manage IPv6 interface addresses and routing
table entries and to filter IPV6 traffic whether encapsulated or
not.
IPV6CP support is crude for now, and hasn't been tested against
any other implementations.
RADIUS and IPv6 are independent of eachother for now.
ppp.linkup/ppp.linkdown aren't currently used by IPV6CP
o Understand all protocols(5) in filter rules rather than only a select
few.
o Allow a mask specification for the ``delete'' command. It's now
possible to specifically delete one of two conflicting routes.
o When creating and deleting proxy arp entries, do it for all IPv4
interface addresses rather than doing it just for the ``current''
peer address.
o When iface-alias isn't in effect, don't blow away manually (via ``iface
add'') added interface addresses.
o When listening on a tcp server (diagnostic) socket, bind so that a
tcp46 socket is created -- allowing both IPv4 and IPv6 connections.
o When displaying ICMP traffic, don't display the icmp type twice.
When display traffic, display at least some information about unrecognised
traffic.
o Bump version
Inspired after filtering work by: Makoto MATSUSHITA <matusita@jp.FreeBSD.org>
options used to build ppp.
Currently, this is a no-op and only handles LOCALNAT and LOCALRAD cases.
This will be used for the upcoming ipv6 changes, and allows a shared
man page between OpenBSD and FreeBSD.
conservative default, and actually prompt specifically for inetd rather
than handling it as a side effect of the security profile. Update the
help file to reflect this change.
o Rename "Fascist" to "Extreme" in the source code, to match the names
presented to the user.
o Remove portmap and inetd from profile management. Portmap is now
disabled by default, but automatically turned on if a feature requires
it (such as NFS, etc).
This is an MFC candidate for 4.4-RELEASE.
Reviewed by: freebsd-arch@FreeBSD.org
Approved by: re@FreeBSD.org
MFC after: 2 days
Not much, but it is better than nothing as it discourages
the extremely lazy.
Please read the actual text (the last text was softer than the commit
message about it) before giving me feedback.
Also, in the last commit I also tagged the newly optional elements in
the command line as optional.
WEP IS INSECURE. DO NOT USE IT.
and point people to details on the attack:
http://www.cs.rice.edu/~astubble/wep/wep_attack.html
and recommend people use ipsec instead if possible.
Approved by: kris
Mandoc police: Please do your worst. I'd like to merge similar text
into ancontrol and ifconfig.
Avoid using parenthesis enclosure macros (.Pq and .Po/.Pc) with plain text.
Not only this slows down the mdoc(7) processing significantly, but it also
has an undesired (in this case) effect of disabling hyphenation within the
entire enclosed block.
post-install config, reduce the potential confusion from the existence
of both configTTYs and configTtys by renaming configTTYs to
configEtcTtys. While this is not a C naming conflict, it was probably
a poor choice of names on my part.
into sadb_x_sa2_sequence from sadb_x_sa2_reserved3 in the sadb_x_sa2
structure. Also the output of setkey is changed. sequence number
of the sadb is replaced to the end of the output.
Obtained from: KAME
crash dumps, and make it use sysctl for all data retrievals in the
"live" case (i.e. when not using iostat on a crash dump).
Remove setgid kmem for the iostat executable, it is not needed any
more after these changes.
Reviewed by: ken
- clean_mtab():
Actually use the strdup'd version of the host that we go to the
trouble of creating.
- do_umntall/do_umount:
Don't return success if clnt_create() fails.
Don't access a client pointer after it has been destroyed.
Remember to destroy the authentication information we created.
crypto bits installed and/or NOCRYPTO/NO_OPENSSL is defined. This unfortunately
meants that usr.bin/chkey, usr.bin/newkey and usr.sbin/keyserv have also to
be disconnected.
IMO it is merely a workaround, the proper solution is to move libmp to
src/crypto where it belongs and use libgmp for the cryptoless builds instead.
Missed by: dd
Use '' quotes instead of `' to delimit names of files and packages in
warning and error messages, because it is easier to cut-n-paste name in
question that way (single click) without confusing the shell. And yes,
I know that it is less eye-candy...
MFC after: 1 month
some of the config problems that we've been seeing (where wi0 tries to
allocate 0x138-0x198, for example).
Use err(1,"foo") rather than perror + exit while I'm here.
system installation process. This allows users installing via serial
console to enable serial console login during the installation
process using an un-customized install. The user is not prompted to
modify /etc/ttys during a normal install, but is offered the
opportunity during post-install configuration.
- Introduce configTTYs(), which describes the benefits of editing
/etc/ttys, and asks for confirmation before spawning the editor.
- add configTTYs to the post-install configuration, as well as to
the global configuration index.
by providing the opportunity to edit inetd.conf during the system
installation process. The following modifications were made:
(1) Expand the Anonymous FTP description dialog to indicate that inetd
and ftpd must be enabled before it can be used.
(2) Introduce a new configInetd() pair of dialogs, the first describing
inetd, giving a couple of examples of services that require it, and
hinting at potential risk, then asking the user if they wish to
enable it. The second indicates that inetd.conf must be configured
to enabled specific services, and asks if the user would like to
load inetd.conf into the editor to modify it. Add this
configuration action to the index.
There are some further improvements that might be considered:
(1) Provide a more inetd.conf-specific configuration tool that speaks
inetd.conf(5). However, this is made difficult by the "yet another
configuration format" nature of inetd.conf, as well as its use of
commenting to disable services, rather than an in-syntax way to
disable a service without commenting it out. Submissions here
would probably be welcome.
(2) There's some overlap between settings in the somewhat obtuse
Security Profile mechanism and other settings, including the inetd
setting, and NFS server configuration. As features become
individually tunable, they should probably be removed from the
security profile mechanism. Otherwise, somewhat counter-intuitively,
sysinstall (in practice) queries multiple times whether inetd, nfsd,
etc, should be enabled/disabled. A possible future direction might
be to drive profiles not by degree of paranoia, rather, the set
of services desired. Or simply to remove the Security Profile
mechanism and resort to feature-driven configuration.
Reviewed by: imp, chris, jake, nate, -arch, -stable
When encryption (MPPE) is enabled, WindowsME and Windows98 both
fail because of the extra byte, suggesting that they autheticated
successfully in their log and then dropping the connection, telling
the user that the peer doesn't support compatible encryption
options.
MFC after: 1 week
byte of the packet to contain '\0'.
Windows 98 gets this wrong, dropping garbage into the last byte and
failing authentication.
Now, we notice this and whinge to our log file that we're compensating
for the corrupt data.
will soon return the irq from the pcic bridge in cases where't that's
appropriate.
Note: I've had to disbale -I option for the moment. I've made it easy
to reenable it for people that need it.
MFC After: soon!
doing PPPoE and the default MRU is therefore too big.
When negotiating with win2k, we ask for MRU 1492 and the win2k box
NAKs us saying ``MRU 1492''. This doesn't make sense to me. When
we continue to request MRU 1492, the win2k box eventually REJs our
MRU. This fix allows negotiations to continue at that point,
bringing the link up and potentially allowing the win2k box to send
us frames that are too large. AFAICT this is better than failing
to bring the link up.... probably !
I have no idea how to do the equivalent of ``route get'' or
``ifconfig -a'' under win2k, so I can't tell what MTU it actually
ends up using.
I believe the bug is in win2k (it's certainly mis-negotiating).
I'll MFC given the release engineers permission as code freeze
begins on August 1.
PR: 29277
MFC after: 3 days
inconsistently named "ptmp" and "etc_ptmp". This commit changes
it to "passwd_tmp" for consistency and to match OpenBSD's name
for the variable.
Consulted with: jedgar
once. If they repeat the request (again without the IPADDR option)
ACK it.
I've had reports that some ppp implementations will not assign
themselves an IP number. This should negotiate with such things.
MFC after: 3 days
When reading the code I had to stop, say "ok, what does *these*
modifications of strl*() do? Pull out grep. Oh, not in add/, maybe above
in ../lib/? Yep. So what do they do? Comments above them are misleading,
guess I'll have to read the code. Oh, they just test strl* against the
size and return the result of the test. Now I can continue to read the
code I was.
The uses of s_strl*() then test that result and errx()'s.
Lets think about the "optimized" code I am removing:
In general the compiler pushes the three args to strl* onto the stack and calls
s_strl*. s_strl* has to indirectly access 3 args from the stack. Then push
them on the stack a 2nd time for the real strl* call. s_strl* then pops the
return from strl* off the stack; or moves it from the register it was returned
in, to the register where tests can happen. s_strl* then pops the three
arguments to strl*. Perform the test, push the result of the test, or move it
from the result register to the return value register. The caller to s_strl*
now has to either pop the return value of s_strl* or move it from the return
value register to the test register. The caller then pops the three args to
s_strl* off the stack (the same args that s_strl* itself had to pop off after
the real call to strl*). The s_strl* caller then performs a simular test to
what has already been done, and conditionally jumps. By doing things this way, we've given the compiler optimizer less to work with.
Also, please don't forget the that call to s_strl* has possibly jumped to code
not in the cache due to being far away from the calling code, thus causing a
pipeline stall.
So where is the "optimization" from s_strl*?
It isn't code clarity.
It isn't code execution speed. It isn't code size either.
in the signal handlers which may pose a risk when executable by untrusted
users.
Submitted by: Przemyslaw Frasunek <venglin@freebsd.lublin.pl>
MFC After: 3 days
correct the error-checking that was there. With the old code, an error
return from getpwuid(daemon_user) could turn the lpd process into a very
effective fork-bomb...
Reviewed by: freebsd-audit freebsd-print (a little...)
MFC after: 6 days
