sanitization broke sysinstall on some disks. This was due to the disks
reporting a geometry that was incorrectly sanitized by sysinstall. This makes
the sanitization consistent with fdisk.
Tested by: randi
use almost anything that uses libufs(3) against a file as an unprivileged user, e.g.
tunefs(8) and dumpfs(8) against a makefs(8)-created image.
Prodded by: kensmith
The amd64-specific bits of msun use an undocumented constraint, which is
less likely to be supported by other compilers (such as Clang). Change
the code to use a more common machine constraint.
Obtained from: /projects/clangbsd/
The problem with fcntl(2) locks is that they are not inherited by child
processes. This breaks pidfile(3), where the common idiom is to open
and lock the PID file before daemonizing.
lots of new features compared to 9.4.x, including:
Full NSEC3 support
Automatic zone re-signing
New update-policy methods tcp-self and 6to4-self
DHCID support.
More detailed statistics counters including those supported in BIND 8.
Faster ACL processing.
Efficient LRU cache-cleaning mechanism.
NSID support.
Last year I added SLIST_REMOVE_NEXT and STAILQ_REMOVE_NEXT, to remove
entries behind an element in the list, using O(1) time. I recently
discovered NetBSD also has a similar macro, called SLIST_REMOVE_AFTER.
In my opinion this approach is a lot better:
- It doesn't have the unused first argument of the list pointer. I added
this, mainly because OpenBSD also had it.
- The _AFTER suffix makes a lot more sense, because it is related to
SLIST_INSERT_AFTER. _NEXT is only used to iterate through the list.
The reason why I want to rename this now, is to make sure we don't
release a major version with the badly named macros.
by creating a child jail, which is visible to that jail and to any
parent jails. Child jails may be restricted more than their parents,
but never less. Jail names reflect this hierarchy, being MIB-style
dot-separated strings.
Every thread now points to a jail, the default being prison0, which
contains information about the physical system. Prison0's root
directory is the same as rootvnode; its hostname is the same as the
global hostname, and its securelevel replaces the global securelevel.
Note that the variable "securelevel" has actually gone away, which
should not cause any problems for code that properly uses
securelevel_gt() and securelevel_ge().
Some jail-related permissions that were kept in global variables and
set via sysctls are now per-jail settings. The sysctls still exist for
backward compatibility, used only by the now-deprecated jail(2) system
call.
Approved by: bz (mentor)
Upgrade of the tzcode from 2004a to 2009e.
Changes are numerous, but include...
- New format of the output of zic, which supports both 32 and 64
bit time_t formats.
- zdump on 64 bit platforms will actually produce some output instead
of doing nothing for a looooooooong time.
- linux_base-fX, with X >= at least 8, will work without problems related
to the local time again.
The original patch, based on the 2008e, has been running for a long
time on both my laptop and desktop machine and have been tested by
other people.
After the installation of this code and the running of zic(8), you
need to run tzsetup(8) again to install the new datafile.
Approved by: wollman@ for usr.sbin/zic
MFC after: 1 month
field when computing the length of the gzip header.
Thanks to Dag-Erling for pointing me to the OpenSSH tarballs,
which are the first files I've seen that actually used this field.
the length by evaluating the value from the copy, cbuf instead. This
fixes a crash caused by previous commit (use-after-free)
Submitted by: Dimitry Andric <dimitry andric com>
Pointy hat to: delphij
to eliminate some duplicated code. In particular,
archive_read_open_filename() has different close
handling than archive_read_open_fd(), so delegating
the former to the latter in the degenerate case
(a NULL filename is treated as stdin) broke reading
from pipelines. In particular, this fixes occasional
port failures that were seen when using "gunzip | tar"
pipelines under /bin/csh.
Thanks to Alexey Shuvaev for reporting this failure and
patiently helping me to track down the cause.
The entire world seems to use the non-standard TIOCSCTTY ioctl to make a
TTY a controlling terminal of a session. Even though tcsetsid(3) is also
non-standard, I think it's a lot better to use in our own source code,
mainly because it's similar to tcsetpgrp(), tcgetpgrp() and tcgetsid().
I stole the idea from QNX. They do it the other way around; their
TIOCSCTTY is just a wrapper around tcsetsid(). tcsetsid() then calls
into an IPC framework.
interface as nmount(2). Three new system calls are added:
* jail_set, to create jails and change the parameters of existing jails.
This replaces jail(2).
* jail_get, to read the parameters of existing jails. This replaces the
security.jail.list sysctl.
* jail_remove to kill off a jail's processes and remove the jail.
Most jail parameters may now be changed after creation, and jails may be
set to exist without any attached processes. The current jail(2) system
call still exists, though it is now a stub to jail_set(2).
Approved by: bz (mentor)
the kernel will return in msfr_nsrcs the number of source filters
in-mode for a given multicast group.
However, the filters themselves were never copied out, as the libc
function clobbers this field with zero, causing the kernel to assume
the provided vector of struct sockaddr_storage has zero length.
This bug would only affect users of SSM multicast, which is shimmed
in 7.x.
Picked up during mtest(8) refactoring.
MFC after: 1 day
to if (len == 0).
The length is supposed to be unsigned, so len - 1 < 0 won't happen except
if len == 0 anyway, and it would return 0 when it shouldn't, if len was
> INT_MAX.
Spotted out by: Channa <channa kad gmail com>
Unfortunately, liblzma itself is GPLed, so unlikely to become part of
the FreeBSD base system.
However, the core lzma compression/decompression code is public
domain, so it should be feasible for someone to create a compatible
library without the GPL strings.
read_support_format_raw() allows people to exploit libarchive's
automatic decompression support by simply stubbing out the
archive format handler.
The raw handler is not enabled by support_format_all(), of course.
It bids 1 on any non-empty input and always returns a single
entry named "data" with no properties set.
Fix reading big-endian binary cpio archives, and add a test.
While I'm here, add a note about Solaris ACL extension for cpio,
which should be relatively straightforward to support.
Thanks to: Edward Napierala, who sent me a big-endian cpio archive
from a Solaris system he's been playing with.
Pointy hat: me
Make test_fuzz a bit more sensitive by actually reading the body
of each entry instead of skipping it.
While I'm here, move the "UnsupportedCompress" macro into the
only file that still uses it.
* Fix parsing of POSIX.1e ACLs from Solaris tar archives
* Test the above
* Preserve the order of POSIX.1e ACL entries
* Update tests whose results depended on the order of ACL entries
* Identify NFSv4 ACLs in Solaris tar archives and warn that
they're not yet supported. (In particular, don't try to parse
them as POSIX.1e ACLs.)
Thanks to: Edward Napierala sent me some Solaris 10 tar archives to test
* Split whiny skip function to create a new best-effort skip_lenient()
* Correctly increment the top-level file position only for the top filter
* Simulate skip by reading against the current filter, not the top filter
The latter two bugs aren't currently visible because no existing
filter delegates skip operations.
access to the file data (if the file exists on
disk). This was broken for the first regular
file; fix it and add a test so it won't break again.
In particular, this fixes the following idiom for creating
a tar archive in which every file is owned by root:
tar cf - --format=mtree . \
| sed -e 's/uname=[a-z]*/uname=root/' -e 's/uid=[0-9]*/uid=0/' \
| tar cf - @-
descriptions of the GNU tar "posix-style" sparse format,
clarification of the Solaris tar ACL storage,
and a few comments about Mac OS X tar's resource storage.
This should make it easier to make Linux BlueZ libhci port.
Reviewed by: Iain Hibbert < plunky -at- rya-online -dot- net > of NetBSD
MFC after: 1 week
Inspired by: Linux BlueZ
Inspired by: NetBSD
OpenBSM history for imported revision below for reference.
MFC after: 2 weeks
Sponsored by: Apple, Inc.
Obtained from: TrustedBSD Project
OpenBSM 1.1
- Change auditon(2) parameters and data structures to be 32/64-bit architecture
independent. Add more information to man page about auditon(2) parameters.
- Add wrapper functions for auditon(2) to use legacy commands when the new
commands are not supported.
- Add default for 'expire-after' in audit_control to expire trail files when
the audit directory is more than 10 megabytes ('10M').
- Interface to convert between local and BSM fcntl(2) command values has been
added: au_bsm_to_fcntl_cmd(3) and au_fcntl_cmd_to_bsm(3), along with
definitions of constants in audit_fcntl.h.
- A bug, introduced in OpenBSM 1.1 alpha 4, in which AUT_RETURN32 tokens
generated by audit_submit(3) were improperly encoded has been fixed.
- Fix example in audit_submit(3) man page. Also, make it clear that we want
the audit ID as the argument.
- A new audit event class 'aa', for post-login authentication and
authorization events, has been added.
