MPPE session keys correctly.
I'm a bit dubious about this code. It seems that the session keys
are initialised differently based on whether you're the client or
the server. One side is the server if it issues the first challenge,
but of course you can issue a challenge from both sides.... at the
same time. Sounds like another wonderful M$ assumption...
Ppp can now talk to itself correctly using encryption.
Problem solved by: Ustimenko Semen <semen@iclub.nsu.ru>
Hair torn out by: me
program to read any file which is a valid crontab file.
The fix is based on that used in NetBSD and OpenBSD - we keep the
file open while the user is editing it. This means that files must
be edited in place. Cron attempts to warn you if your editor does
not do this. The fact that the file must be edited in place is also
noted in the man page.
This patch has been confirmed to work by atleast one person on
-security and has been tested locally.
Obtained from: OpenBSD
a per program basis.
This has now been added in the following way:
* Harness the make header file that's specified with the -h argument:
- Allow the user to define $(OPTS) to specify make arguments that should
be added to every program target.
- Allow the user to define $(prog_OPTS) to specify make arguments that
should just be added to the build of 'prog'.
* Make sure that $(OPTS) and $(prog_OPTS) are defined when looking through
each program's make file to determine which object files to crunch.
* When building the crunchgen makefile add $(OPTS) and $(prog_OPTS)
to the depend and build rules for $(prog_OBJS).
try to move the file from the source to the destination (spool) directory.
If that succeeds, much time and disk-space will be saved by doing that
instead of copying the entire file only to remove the original. This
could be a big win on machines doing samba-service or CAP-based printing.
Note that this is about the fourth or fifth iteration of the patch, after
trying to address all possible security implications of the change.
PR: 16124
Reviewed by: freebsd-current or freebsd-hackers (some time ago)
in lpd. Stat.recv is useful on a printserver, as something of a network
performance-monitoring tool. Stat.send is a minimal accounting record of
sorts for jobs going to tcp/ip based printers.
Reviewed by: freebsd-print@bostonradio.org
it again and again, practically begging the Bad Man to insert his symlink
underneath it and send us down the path to oblivion.
Noticed by: David Lary <dlary@secureworks.net>
* Use a sub-section (Ss) instead of a section (Sh) for
"Sysctl MIB Entries".
* Use a tagged list (Bl, El and It) instead of sub-sections (Ss) for
the actual MIB entries.
* Mark paths up as such (Pa).
* Mark defined values up as such (Dv).
of files auto-installed during an upgrade from a really old system
can get quite long, and it's piped to the PAGER already, print
that first, then print any of the 4 two-line messages that might
apply.
which have long names. Instead of just listing '...', try to list some
reasonable subset of the name (with a "..." to indicate something missing).
Reviewed by: freebsd-print@bostonradio.org (only a little review)
standard or serial. This change needs to be done to the entire system that
depends on this. This way we don't have some code using OnVTY checks
and other doing
strcmp(variable_get(VAR_FIXIT_TTY), "standard") == 0
checks. Also we need to set VAR_FIXIT_TTY to "serial" if we come up on
a serial console.
Also fixed a dialog problem in that dialog was used when dialog was
disabled causing some troubles such as not letting the cursor keys
work when exiting the fixit mode on media (ie. not the fixit shell but
for example fixit on a floppy).
Submitted by: Doug Ambrisko <ambrisko@whistle.com>
PR: 22352
process of making the script more cross platform friendly.
* Add -i option to automatically install files that do not exist
on the system already.
* Add the ability to specify DESTDIR.
* Allow the user to specify scripts to run right before the
comparison starts, and when mm is done. This will
allow the user to specify customized local behavior, and
implement features such as automatically deleting files.
* Document the above changes in the man page.
* Switch to using 'ident' for the CVS Id comparison, which
should help with portability, and makes it faster.
* Reorder, and in one case fix some code by doing things in
ways that make more sense.
* Check to see if the file exists on the system before doing
the comparisons. This saves CPU cycles, and streamlines
the auto-install process.
I used bits and pieces of suggestions and patches from various
people, ultimately too numerous to name. Which is not to say
that they were not both appreciated, and helpful in achieving
the ultimate result.
* More whitespace
* Change read -p to echo -n/read to help support portability
* Genericize an informational message regarding /.cshrc and /.profile
for the same reason
- avoid to use freed (by freeifaddrs) data
- 1st try getifaddrs, then try SIOCGIFMTU as the last resort
Submitted by: JINMEI Tatuya <jinmei@isl.rdc.toshiba.co.jp>
Obtained from: KAME Project
mimics that of tcpdump in that for normal builds, sendmail will only be
built once. For 'make release', it is built once for the bin dist and
once for the crypto dist. This method also removes the need for two separate
Makefiles (which could become out of sync).
Suggested by: bde
Assisted by: kris
a path of the port from which package has been created within FreeBSD Ports
Collection and will be used to improve pkg_version(1) and similar tools.
Reviewed by: ports@FreeBSD.org, jkh
Approved by: jkh
concerning where they're taking place.
Switch from [r]index() to str[r]chr() functions, which are more ISO
compliant.
Prompted by: Edward Welbourne <eddy@vortigen.demon.co.uk>
IRQs from kernel.''..
With IBM ThinkPad600. ``sio1'' was disabled in BIOS
and irq 3 was free (also not listed in dmesg), I think.
But I could not use irq 3 for PC-Card with new(PIOCSRESOURCE
ioctl enabled) pccardd.
user unless they come directly from the kernel. Document this and
add a flag to syslogd which prevents this conversion.
Sort getopt args while I'm at it.
PR: 21788
Submitted by: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>
rename the previous one to indicate that it's not just high, it's
extreme (everything off, secure level raised).
Submitted mostly by: Tony Finch <dot@dotat.at>
Replace all in-tree uses with <sys/mouse.h> which repo-copied a few
moments ago from src/sys/i386/include/mouse.h by peter.
This is also the appropriate fix for exo-tree sources.
Put warnings in <machine/mouse.h> to discourage use.
November 15th 2000 the warnings will be converted to errors.
January 15th 2001 the <machine/mouse.h> files will be removed.
remotely, but they would be if e.g. it happened to call the logging
function using a DNS hostname.
Also replace random() by arc4random() - only one of these is arguably
required since it's directly used in the protocol, but we might as
well replace both to avoid using two different PRNGs.
Reviewed by: green, alex
Replace all in-tree uses with necessary subset of <sys/{fb,kb,cons}io.h>.
This is also the appropriate fix for exo-tree sources.
Put warnings in <machine/console.h> to discourage use.
November 15th 2000 the warnings will be converted to errors.
January 15th 2001 the <machine/console.h> files will be removed.
Approved by: jkh
Write kern_securelevel_enable variable to rc.conf if user selects
medium or low security in sysinstall. This overrides the case where a
user selects fascist security and then tries to go back to a lower
setting.
a default. This should prevent people from whacking return at
the Distributions menu and getting nothing selected as a result
(a minimal "standard" system will at least install).
Flagged as big tech support headache by: Chris Shumway <cshumway@osd.bsdi.com>
The new format is:
filename {changed,missing,extra}
$field expected $foo found $bar
...
Fix various bugs along the way:
Don't complain about directory sizes differing.
Correctly check flags.
support which use National Semiconductor DP8393X (SONIC) as ethernet
controller. Currently, this driver is used on only PC-98.
Submitted by: Motomichi Matsuzaki <mzaki@e-mail.ne.jp>
Obtained from: NetBSD/pc98
OsdSleepUsec(), SleepOp corresponds to OsdSleep() by reading ACPICA
source code.
- Add OsdSleepUsec() which uses DELAY() simply.
- Change unit of acpi_sleep() argument; microseconds to milliseconds.
#include <sys/mbuf.h>. (which #include's <machine/mutex.h> and then
<sys/proc.h> and then <sys/callout.h>, leading to the collision).
<sys/mbuf.h> is really one of those 'no user servicable parts inside'
things.
- If resource which was allocated for pcic was
requested via this ioctl, bus_alloc_resource
would be succeeded and that resource was
returned as free resource. So check whether
requested resource was used for pcic or not
before bus_alloc_resource test.
- merge SYS_RES_IRQ routine into other SYS_RES_*
routine and clean up.
problem reported by: Yohei Terada <terada@jiro.c.u-tokyo.ac.jp>
that it's enabled in acpireg.h only if DIAGNOSTIC option is specified.
ACPICA OSD functions will be compiled in machine/acpi_machdep.c again
tentatively (if DIAGNOSTIC option is specified).
# Should we have acpica_osd.c ?
avoid power on again problem after acpi_soft_off() calling.
- Implement SleepOp/StallOp in AML interpreter. Also provide ACPICA
compatibility.
- Minor changes on __inline function declaration in acpica_osd.h
(obtained from NetBSD porting).
- Move all register I/O into acpi_io.c
- Move event handling into acpi_event.c
- Reorganise headers into acpivar/acpireg/acpiio
- Move find-RSDT and find-ACPI-owned-memory into acpi_machdep
- Allocate all resources (except those detailed only by AML)
as real resources. Add infrastructure that will make adding
resource support to AML code easy.
- Remove all ACPI #ifdefs in non-ACPI code
- Removed unnecessary includes
- Minor style and commenting fixes
Reviewed by: iwasaki
appropriate(?) defaults for "low", "medium" and "high" security
environments. Medium is basically what we currently have with a little
seat-belt tightening where it made sense. Low is the same as medium but
without the tightening. High is positively fascist with nothing turned
on by default and an automatic call to 911 if it can find a modem.
really doesn't make any sense, what was I smoking) and allow
the more canonical usage of "any" for either side of the comparison
for release name or architecture (meaning you can also set CD_VERSION=any
in a cdrom.inf file to cause sysinstall to always match it and likewise
with the architecture, if specified).
Sensibly suggested by: Makoto MATSUSHITA <matusita@jp.FreeBSD.org>
Also remove unneeded includes in aml_obj.c and aml_parse.c.
This new function takes 'struct aml_name *' as a argument rather than
'char *' where aml_invoke_method_by_name() does. It's worth to have
these two interfaces in many cases.
Previously, these cards were supported by the lnc driver (and they
still are, but the pcn driver will claim them first), which is fine
except the lnc driver runs them in 16-bit LANCE compatibility mode.
The pcn driver runs these chips in 32-bit mode and uses the RX alignment
feature to achieve zero-copy receive. (Which puts it in the same
class as the xl, fxp and tl chipsets.) This driver is also MI, so it
will work on the x86 and alpha platforms. (The lnc driver is still
needed to support non-PCI cards. At some point, I'll need to newbusify
it so that it too will me MI.)
The Am79c978 HomePNA adapter is also supported.
of AML interpreter.
- Delete and cleanup a lot of almost duplicated code in kernel/userland.
- Add new common functions for kernel/userland code.
aml_adjust_readvalue(), aml_adjust_updatevalue(),
aml_region_handle_alloc(), aml_region_handle_free() and
aml_region_io().
- Add primitive functions for both versions of kernel/userland in order to
have shared code as much as possible.
aml_region_read_simple(), aml_region_write_simple(),
aml_region_prompt_read(), aml_region_prompt_write() and
aml_region_prompt_update_value().
- Consider update rule and access type in field flags. Also add a lot of
definitions for the flags.
- Fix bugs on bit manipulation for read/write operations.
- Fix bugs on IndexField I/O part. Also add workaround for temporary
object corruption during StoreOp interpretation.
so that we don't see any more ``null message body, hope that's
ok'' messages.
We now see something like ``No output from the 3 files processed''.
Lump all output for a given periodic argument together so that
people with /usr/local/etc/periodic/daily (for example) will
get the output of those jobs together with the normal daily run
rather than getting a second email.
Prompted by: ben
the exact relationship between an installed package and its
corresponding entry in the index file can't be determined.
Submitted by: Mark Ovens <marko@freebsd.org>
All periodic sub-scripts <larf> now have their return codes interpreted
by periodic(8). Output may be masked based on variable values in
periodic.conf.
It's also now possible to email periodic output to arbitrary addresses,
or to send it to a log file, examples of which can be found in
newsyslog.conf.
The upshot of it all should be no discernable changes to the default
behaviour of periodic(8).
PR: 21250
the existing attribute file rather than aborting with an error.
o Useful if you want to reset the state of attributes on the system without
allocating different disk blocks through deletion and recreation,
for example, if you're doing benchmarks of extended attribute code. :-)
Obtained from: TrustedBSD Project
introduced by version 1.349 of ports/Mk/bsd.port.mk and originally
submitted by kris.
In particular, it understands the $PORTREVISION (FreeBSD-specific changes
or patches to a port) and $PORTEPOCH (for re-sorting version numbers
when not used or when broken).
configure FreeBSD so that various databases such as passwd and group can be
looked up using flat files, NIS, or Hesiod.
= Hesiod has been added to libc (see hesiod(3)).
= A library routine for parsing nsswitch.conf and invoking callback
functions as specified has been added to libc (see nsdispatch(3)).
= The following C library functions have been modified to use nsdispatch:
. getgrent, getgrnam, getgrgid
. getpwent, getpwnam, getpwuid
. getusershell
. getaddrinfo
. gethostbyname, gethostbyname2, gethostbyaddr
. getnetbyname, getnetbyaddr
. getipnodebyname, getipnodebyaddr, getnodebyname, getnodebyaddr
= host.conf has been removed from src/etc. rc.network has been modified
to warn that host.conf is no longer used at boot time. In addition, if
there is a host.conf but no nsswitch.conf, the latter is created at boot
time from the former.
Obtained from: NetBSD
attribute namespace and DAC protection on file:
- Attribute names beginning with '$' are in the system namespace
- The attribute name "$" is reserved
- System namespace attributes may only be read/set by suser()
or by kernel (cred == NULL)
- Other attribute names are in the application namespace
- The attribute name "" is reserved
- Application namespace attributes are protected in the manner
of the target file permission
o Kernel changes
- Add ufs_extattr_valid_attrname() to check whether the requested
attribute "set" or "enable" is appropriate (i.e., non-reserved)
- Modify ufs_extattr_credcheck() to accept target file vnode, not
to take inode uid
- Modify ufs_extattr_credcheck() to check namespace, then enforce
either kernel/suser for system namespace, or vaccess() for
application namespace
o EA backing file format changes
- Remove permission fields from extended attribute backing file
header
- Bump extended attribute backing file header version to 3
o Update extattrctl.c and extattrctl.8
- Remove now deprecated -r and -w arguments to initattr, as
permissions are now implicit
- (unrelated) fix error reporting and unlinking during failed
initattr to remove duplicate/inaccurate error messages, and to
only unlink if the failure wasn't in the backing file open()
Obtained from: TrustedBSD Project
- The "Osd*" stuff went away from acpi driver code, use the bus_space
functions directly instead.
- Fix minor english bugs.
acpi_registers_input -> acpi_register_input
acpi_registers_output -> acpi_register_output
- Remove all magic numbers for the sleeping states. We now have
#defines for these.
- NULL is treated the same as the return from aml_get_rootname in
aml_find_from_namespace().
Suggested by: msmith
Thanks mike!
When we use PC-Card as install media, it is a patch
to tell with beep about whether we were able to
recognize it well.
Reviewed by: jkh, imp
Tested by: Kenji Yamada <kyamada@ISI.EDU>
statistics as a side effect.
Submitted by: Marcin Cieslak <saper@system.pl>
with some tweaks to RAD_ACCT_SESSION_ID and
RAD_ACCT_MULTI_SESSION_ID generation by me.
