When libdes was replaced with OpenSSL's libcrypto, there were a few
interfaces that the former implemented but the latter did not. Because
some software in the base system still depended upon these interfaces,
we simply included them in our libcrypto (rnd_keys.c).
Now, finally get around to removing the dependencies on these
interfaces. There were basically two cases:
des_new_random_key -- This is just a wrapper for des_random_key, and
these calls were replaced.
des_init_random_number_generator et. al. -- A few functions were used
by the application to seed libdes's PRNG. These are not necessary
when using libcrypto, as OpenSSL internally seeds the PRNG from
/dev/random. These calls were simply removed.
Again, some of the Kerberos 4 files have been taken off the vendor
branch. I do not expect there to be future imports of KTH Kerberos 4.
separating its part around chroot(2) from that around initial
chdir(2). This makes the below changes really easy.
Move seteuid(to user's uid) to before calling chdir(2). There are
two goals to achieve by that. First, NFS mounted home directories
with restrictive permissions become accessible (local superuser
can't access them if not mapped to uid 0 on the remote side
explicitly.) Second, all the permissions to the home directory
pathname components become effective; previously a user could be
carried to any local directory despite its permissions since the
chdir(2) was done with euid 0. This reduces possible impact from
FTP server misconfiguration, e.g., assigning a wrong home directory
to a user.
Implement the "/./" feature. Now a guest or user subject to chrooting
may have "/./" in his login directory, which separates his chroot
directory from his home directory inside the chrooted environment.
This works for ftpchroot(5) as well.
PR: bin/17843 bin/23944
When we call "distributeworld" as part of "make release", we set
MACHINE and MACHINE_ARCH to point to TARGET and TARGET_ARCH; this
confused src/Makefile's idea of what ${MAKEPATH}, and consequently
${MAKE}, is (well, it still confuses ${MAKEPATH}, but see below).
To overcome this problem, we now take the following approach:
- We preserve the make(1)'s idea of its argv[0], ${MAKE}.
- We check to see if ${MAKE} passes the regression tests.
- If it does, we use it. Otherwise, we build and use an
up-to-date make(1).
This fix is still not quite right, in a situation where a single
/usr/obj is shared between different architecture machines, but
it is less critical and I hope to fix that soon.
Back out the removal of custom version of endian.h system header.
On recent systems, it just falls back to <sys/endian.h>. But on
older systems like 5.0-DP1 or 4-STABLE, this private version may
be necessary, as crunchide(1) is a cross-tool for "make release".
Spotted by: kris, markm
counterparts to bus_dmamem_alloc() and bus_dmamem_free(). This allows
the caller to specify the size of the allocation instead of it defaulting
to the max_size field of the busdma tag.
This is intended to aid in converting drivers to busdma. Lots of
hardware cannot understand scatter/gather lists, which forces the
driver to copy the i/o buffers to a single contiguous region
before sending it to the hardware. Without these new methods, this
would require a new busdma tag for each operation, or a complex
internal allocator/cache for each driver.
Allocations greater than PAGE_SIZE are rounded up to the next
PAGE_SIZE by contigmalloc(), so this is not suitable for multiple
static allocations that would be better served by a single
fixed-length subdivided allocation.
Reviewed by: jake (sparc64)
NODEVFS option has been removed and DEVFS thereby made standard.
This makes all references to MAKEDEV obsolete, and the should
be removed when convenient.
sched_runnable() et all.
- Remove some dead code in sched_clock().
- Define two macros KSEQ_SELF() and KSEQ_CPU() for getting the kseq of the
current cpu or some alternate cpu.
- Start introducing kseq_() functions, such as kseq_choose() and kseq_setup().
initialized until after a syncookie was generated. As a result,
all connections resulting from a returned cookie would end up using
a MSS of ~512 bytes. Now larger packets will be used where possible.
MFC after: 5 days
des_read_pw_string to break (and thus rather mysteriously
breaking utilities such as kinit).
= Enable the BSD /dev/crypto interface.
(These changes are being imported on the vendor branch, as they have
already been accepted and committed to the OpenSSL CVS repository.)
can only be built with MIT Kerberos.
If we didn't define this here, then SSL-using applications would have
to define OPENSSL_NO_KRB5 themselves in order to build.
two basic changes (both of which should be no-ops until OpenSSL 0.9.7
is imported):
= Define OPENSSL_DES_LIBDES_COMPATIBILITY wherever we include
openssl/des.h.
= Spell `struct des_ks_struct []' using the existing
`des_key_schedule' typedef.
When OpenSSL 0.9.7 is imported, `des_key_schedule' (among other
things) will be a macro invocation instead of a typedef, and things
should `just work'.
Yes, this commit does take several files off the vendor branch.
I do not expect there to be future imports of KTH Kerberos 4.
