and gids bigger than 16 bits. Added checks for uids and gids that are
bigger than 32 bits.
Approved by: jkh (partly, this fix is bigger than I first intended)
Some inetd internal udp servers didn't worked with problem.
Also fix recvfrom() "fromlen" arg type from int * to socklen_t *.
Approved by: jkh
Submitted by: bde
* Clarify quoting value in of name = value pairs.
* Describe the @reboot, @yearly, @annually, @monthly, @weekly,
@daily, @midnight and @hourly extensions.
PR: 17261
Submitted by: MIHIRA Yoshiro <sanpei@sanpei.org>
Obtained from: NetBSD
Also, add a cross reference to pkg_info(1) in pkg_version(1). Finally,
in pkg_version(1), don't put a period at the end of the list of see also
man pages.
Noticed by: Matt Ayres <matta@fast.net>
on locale.
o Allow use of "G" in label editor to stand for gigabytes. This
is actually an unrelated patch which I meant to commit separately
but what the heck, it's late.
Partially submitted by: phk
as they ought to be. The description of SA_RESTART was a little
unobvious to me in the man page, so i missed it. Thanks to Bruce for
spotting this.
Submitted by: bde
would cause syslogd to eventually kill innocent processes in the
system over time (note: not `could' but `would'). Many thanks to my
colleague Mirko for digging into the kernel structures and providing
me with the debugging framework to find out about the nature of this
bug (and to isolate that syslogd was the culprit) in a rather large
set of distributed machines at client sites where this happened
occasionally.
Whenever a child process was no longer responsive, or when syslogd
receives a SIGHUP so it closes all its logging file descriptors, for
any descriptor that refers to a pipe syslogd enters the data about the
old logging child process into a `dead queue', where it is being
removed from (and the status of the dead kitten being fetched) upon
receipt of a SIGCHLD. However, there's a high probability that the
SIGCHLD already arrives before the child's data are actually entered
into the dead queue inside the SIGHUP handler, so the SIGCHLD handler
has nothing to fetch and remove and simply continues. Whenever this
happens, the process'es data remain on the dead queue forever, and
since domark() tried to get rid of totally unresponsive children by
first sending a SIGTERM and later a SIGKILL, it was only a matter of
time until the system had recycled enough PIDs so an innocent process
got shot to death.
Fix the race by masking SIGHUP and SIGCHLD from both handlers mutually.
Add additional bandaids ``just in case'', i. e. don't enter a process
into the dead queue if we can't signal it (this should only happen in
case it is already dead by that time so we can fetch the status
immediately instead of deferring this to the SIGCHLD handler); for the
kill(2) inside domark(), check for an error status (/* Can't happen */
:) and remove it from the dead queue in this case (which if it would
have been there in the first place would have reduced the problem to a
statistically minimal likelihood so i certainly would never have
noticed the bug at all :).
Mirko also reviewed the fix in priciple (mutual blocking of both
signals inside the handlers), but not the actual code.
Reviewed by: Mirko Kaffka <mirko@interface-business.de>
Approved by: jkh
straight into debug mode if you boot -v. Also conditionalize some
annoying debugging output now that we have this ability.
Partially submitted by: msmith
Approved by: jkh [to make certain wise-acres happy ;)]
-Open socket() at first and then setuid() to actual user.
-Allow ping6 preload option only for root.
Approved by: jkh
Submitted by: Neil Blakey-Milner <nbm@mithrandr.moria.org>
BSD-style license, as an add-on to phk's beerware license. Please fedex
some beer to phk.
- Add a ``make depend'' line to the jail-building, which fixes openssl,
among other things. Suggested by: kris
- Add ``newaliases'' to the list of things to do when setting up a new
jail, so that the jailed sendmail doesn't complain.
- Correct references to ``kern.jail.set_hostname_allowed'' which now read
``jail.set_hostname_allowed''.
- Add a reference to sysctl.conf where the sysctl can easily be set in
a persistent way.
- Add a list of cross references to the man page.
- Fix a formatting nit or two.
Sorry for the flapping, but no change will be done for 4.0 anymore.
Official standard will be published around April or later.
If different format would be adopted at that time, then support for
the new format will be added to the succeeding FreeBSD 4.x.
Approved by: jkh
instructions so as to reduce warnings during jail startup, etc.
Add a somewhat bolder warning recommending the use of
kern.jail.set_hostname to limit jail renamining.
a distribution, recognize it and treat as fatal media error. This
happens in the case of a timeout on FTP installations where the
user chooses not to select another FTP site, and resulted in
segmentation fault.
Approved by: jkh
'S' status call- this was the size of the original mtget structure. Don't
bother to map the current mtget structure to an old one- for version 0
RMT it's meaningless because it's all binary data anyway, and it's only the
wierd edge case of Solaris 7 starting to use the 'S' status call that has
tickled this issue- and this MNC fixes that issue.
We need to implement Version 1 RMT anyway.
Approved: jkh@freebsd.org
PR: 14946
KAME put INET6 related stuff into sys/netinet6 dir, but IPv6
standard API(RFC2553) require following files to be under sys/netinet.
netinet/ip6.h
netinet/icmp6.h
Now those header files just include each following files.
netinet6/ip6.h
netinet6/icmp6.h
Also KAME has netinet6/in6.h for easy INET6 common defs
sharing between different BSDs, but RFC2553 requires only
netinet/in.h should be included from userland.
So netinet/in.h also includes netinet6/in6.h inside.
To keep apps portability, apps should not directly include
above files from netinet6 dir.
Ideally, all contents of,
netinet6/ip6.h
netinet6/icmp6.h
netinet6/in6.h
should be moved into
netinet/ip6.h
netinet/icmp6.h
netinet/in.h
but to avoid big changes in this stage, add some hack, that
-Put some special macro define into those files under neitnet
-Let files under netinet6 cause error if it is included
from some apps, and, if the specifal macro define is not
defined.
(which should have been defined if files under netinet is
included)
-And let them print an error message which tells the
correct name of the include file to be included.
Also fix apps which includes invalid header files.
Approved by: jkh
Obtained from: KAME project
ntpd.8:
add -gx to SYNOPSIS
clarify explanation of -g
ntp.conf.5:
add missing field description for rawstats lines
Install audio.htm, driver3[567].htm and qth.htm.
userland in a safer way. Using the NO_MAKEDEV argument in make
distribution prevents the creation of a number of unsafe device nodes
in the jailed /dev, including disk devices, and more. This depends
on an earlier commit to /etc/Makefile to provide the NO_MAKEDEV
support.
Approved by: jkh
directory is not considered a directory. I have a feeling all the other
stat(2) calls should instead be lstat(2) calls, but I have not suffiently
determined that the current behavior [especially in isfile()] isn't
depended upon by someone.
Ok'ed by: JKH
Applied modified patch, since ATA/ATAPI is the keyword nowadays.
PR: 16507
Submitted by: Dan Papasian <bugg@bugg.strangled.net>
No need for an OK since we can exercise our divine rights as docpersons
according to: jkh
interface, and statically link them to the programs using them.
These functions, upon reflection and discussion, are too generically
named for a library interface with such specific functionality.
Also the api that they use, whilst ok for private use, isn't good
enough for a libc function.
Additionally there were complications with the build/install-world
process. It depends heavily upon xinstall, which got broken by
the change in api, and caused bootstrap problems and general mayhem.
There is work in progress to address future problems that may be
caused by changes in install-chain tools, and better names for
{g|s}etflags can be derived when some future program requires them.
For now the code has been left in src/lib/libc/gen (it started off
in src/bin/ls).
It's important to provide library functions for manipulating file
flag strings if we ever want this interface to be adopted outside
of the source tree, but now isn't necessarily the right moment
with 4.0-release just around the corner.
Approved: jkh
makefiles (for use with picobsd among other things).
See the manpage for details, but:
* -h makefile-include-name
can be used to specify a file to include in the makefiles
generated by crunchgen . This is a good place to specify make
variables such as RELEASE_CRUNCH, NOTHIS, NOTHAT and the like.
* special progname objvar variable_name
in the crunch config file declares a different variable than
OBJS to be used to get the list of objects.
* crunchgen now looks first for Makefile.<progname> in the current
directory to override the makefile in <progname> source dir.
This in many cases avoids the need to patch the original makefile
if the above two features are still not enough.
Approved-By: jordan
Now when tcp_wrapper is enabled by inetd -wW,
several accesses which should be permitted are refused only for IPv6,
if hostname is used to decide the host to be allowed.
IPv6 users will be just upset.
About security related concern.
-All extensions are wrapped by #ifdef INET6, so people can completely
disable the extension by recompile libwrap without INET6 option.
-Access via IPv6 is not enabled by default.
People need to enable IPv6 access by changing /etc/inetd.conf at first,
by adding tcp6 and/or tcp46 entries.
-The base of patches are from KAME package and are actually daily used
for more than a year in several Japanese IPv6 environments.
-Patches are reviewed by markm.
Approved by: jkh
Submitted by: Hajimu UMEMOTO <ume@mahoroba.org>
Reviewed by: markm
Obtained from: KAME project
Incorrect Address Family check is done for RPC services, and
fail to initialize it.
The error check is replaced to new one, which checks if IPv4
bind is enabled or not. (It is disabled when IPv6 numeric
addr is specified for -a bind address option.)
An review reqeust is once sent to des, but he quit MAINTAINER.
Approved by: jkh
Also update wicontrol to enable/disable encryption, set WEP keys and set the
TX key index. Silver cards only have 40-bit keys. This is something of a quick
hack, but it works well enough for me to commit this from the LinuxWorld
exhibit floor.
The WEP support only shows up if you have a card that supports it.
Would have been approved by: jkh, if he hadn't wandered off somewhere
Approved in his place by: msmith, who's standing right here
This is fix to usr.sbin/trpt and tcp_debug.[ch]
I think of putting this after 4.0 but,,,
-There was bug that when INET6 is defined,
IPv4 socket is not traced by trpt.
-I received request from a person who distribute a program
which use tcp_debug interface and print performance statistics,
that
-leave comptibility with old program as much as possible
-use same interface with other OSes
So, I talked with itojun, and synced API with netbsd IPv6 extension.
makeworld check, kernel build check(includes GENERIC) is done.
But if there happen to any problem, please let me know and
I soon backout this change.
I don't claim to own the code and certainly don't want to discourage
people from fixing or updating it.
[I know it's the 29th, but the FREEZE hasn't yet been posted to committers]
the committer (shin). While I don't have permission for this change
from the inetd maintainer (des), I assume that shin has permission
and I'm just fixing his contribution up for him.
Okay, I couldn't resist, I made some extra changes:
* Replace ".Tn FreeBSD" with .Fx
* Make the illegal TCPMUX and IPSEC sections legal subsections
of the IMPLEMENTATION NOTES section.
Requested by: shin
kernel IPv6 multicast routing support.
pim6 dense mode daemon
pim6 sparse mode daemon
netstat support of IPv6 multicast routing statistics
Merging to the current and testing with other existing multicast routers
is done by Tatsuya Jinmei <jinmei@kame.net>, who writes and maintainances
the base code in KAME distribution.
Make world check and kernel build check was also successful.
string to u_long and back using two functions, flags_to_string and
string_to_flags, which co-existed with 'ls'. As time has progressed
more and more other tools have used these private functions to
manipulate the file flags.
Recently I moved these functions from /usr/src/bin/ls to libutil,
but after some discussion with bde it's been decided that they
really ought to go in libc.
There are two already existing libc functions for manipulating file
modes: setmode and getmode. In keeping with these flags_to_string
has been renamed getflags and string_to_flags to setflags.
The manual page could probably be improved upon ;)
was having its last element zero'd. It turns out not to be a security
hole or to have any real effect on the code because 'from' was previously
pointing to a buffer of the same size as 'fromb', and the last
element in fromb is already 0 anyway due to the use of sizeof(fromb)-1
in the strncpy() call. But I'm not pressing my luck so only the type-o
is being fixed.
member variable to find the configuration on new driver allocation.
Correct condition is that card_config and driver are not in use. Both
of them are cleared in card_removed() (conf->driver->card never be
cleared).
This fix problems `No free configuration for card' on insertion, and
pccardd core dump on removal in condition of the same driver but
different card.
Also this might be emergency measures, complete solution would be made
after Hosokawa-san come back.
Consulted with: imp
Waiting for: hosokawa
This mouse may be a OEM version of Genius EasyScroll Mouse.
(The mouse has three buttons on top, one side button and a wheel which
also acts as a button. However, I know no way to activate the wheel,
and it can only be used as an ordinary 3-buttons mouse :-)
Remove -? flag that was not working but documented. Make it work instead
but hide it in man page and usage string as others tools do.
Spelling.
Abort on allocation failure (with errx()).
has been made obsolete by the block/char device merging.
Reflect this change in the manual page and fix the usage of a
backslash in ``e.g.''.
Reviewed by: bright, sheldonh, phk
the need to specify the unit number of unwired devices. ie: instead
of saying "device fxp0" we can say "device fxp" which is much closer
to what it actually means. The former (fxp0) implied something about
reserving the 0th unit, but it does not and never did - it was a
figment of config(8)'s imagination that we had to work around..
"device fxp0" simply means "compile in the fxp device driver", so we
may as well just write it as "device fxp" which is closer to what it
really means.
Doing this also saves us from filling up the ioconf.c tables with
meaningless entries.
garbage value for the username (hex garbage, that is), and the -d flag
provides a default username for fallback purposes if the user cannot be
looked up. That is very useful for the case where inetd auth is
running on a NAT box.
While I'm here updating the manpage, clean up an English error and a
few small nits.
with remote hosts feeding it, so that some hosts have their header
pages supressed and some don't. This is because lpd doesn't know
how to rewrite a print job before forwarding it to a remote lpd.
In particular this causes problems with p rinters that contain
their own lpd, eg. HP jet direct cards, because they can't suppress
headers. It's not possible to have headers supressed by putting
'sh' in any printcap in the lpd chain, it is up to the originating
lpr to have a '-h' option specified at run time.
Lpr has been modified to allow _it_ to honour the 'sh' flag in the
local print cap. This allows the administrator to switch off
headers for a particular printer (on a particular host) irrespective
of whether that printer is local to the machine or remote.
This doesn't break anything, because in the case of a remote printer
the 'sh' flag would have had no meaning, in the case of the local
printer it would have been on anyway.
Submitted by: Scott James Remnant <scott@pavilion.net>
For example, when /etc/pccard.conf had ed0 in config line, but kernel
refused this name and said
devclass_alloc_unit: ed0 already exists, using next availale unit
number
Kernel used ed1 as device name and it did not match with config and
insert/remove lines. Fortunately, dhclient was called without args,
and it works, but if we wanted to use static IP address for PC-card,
it did not work.
This modification makes pccardd to execute insert/remove lines with
the true device name that returns from kernel. (Last change to
etc/pccard.conf.sample eliminated all hardwired device name from
insert/remove lines in /etc/pccard.conf)
|I made ctm ignore deltas for files that match the "after edit" MD5.
|(In one case, I had the compiler fill all temporary space while CTM
|was editing files.)
Submitted by: se
Reviewed by: phk
Changes are:
- rpc.umntall is called at the right places now in /etc/rc*
- rpc.umntall timeout has been lowered from two days (too high) to one
- verbose messages in rpc.umntall have been clarified
- kill double entries in /var/db/mounttab when rpc.umntall is invoked
- ${early_nfs_mounts} has been removed from /etc/rc
- patched mount(8) -p to print different pass/dump values for ufs filesystems.
(last patch recieved from dan <bugg@bugg.strangled.net>)
Submitted by: Martin Blapp <mbr@imp.ch>, dan <bugg@bugg.strangled.net>
NICs. (Finally!) The PCMCIA, ISA and PCI varieties are all supported,
though only the ISA and PCI ones will work on the alpha for now.
PCCARD, ISA and PCI attachments are all provided. Also provided an
ancontrol(8) utility for configuring the NIC, man pages, and updated
pccard.conf.sample. ISA cards are supported in both ISA PnP and hard-wired
mode, although you must configure the kernel explicitly to support the
hardwired mode since you have to know the I/O address and port ahead
of time.
Special thanks to Doug Ambrisko for doing the initial newbus hackery
and getting it to work in infrastructure mode.
vogons, set the size of the receive buffer to 1 and rely on the kernel to
simply drop incoming packets. The logging code was buggy anyway.
Use socklen_t instead of int for the length argument to recvfrom.
Add a 'continue' at the end of a loop for ANSI conformance.
USB-EL1202A chipset. Between this and the other two drivers, we should
have support for pretty much every USB ethernet adapter on the market.
The only other USB chip that I know of is the SMC USB97C196, and right
now I don't know of any adapters that use it (including the ones made
by SMC :/ ).
Note that the CATC chip supports a nifty feature: read and write combining.
This allows multiple ethernet packets to be transfered in a single USB
bulk in/out transaction. However I'm again having trouble with large
bulk in transfers like I did with the ADMtek chip, which leads me to
believe that our USB stack needs some work before we can really make
use of this feature. When/if things improve, I intend to revisit the
aue and cue drivers. For now, I've lost enough sanity points.
in favour of placing information in the correct sections.
The ntp_acc(8), ntp_auth(8), ntp_clock(8), ntp_conf(8),
ntp_misc(8) and ntp_mon(8) pages have been merged into
ntp.conf(5) and ntp.keys(5).
Requested by: rgrimes, wollman
don't have an interface index that's the same as the if_msghdr
interface index.
This prevents the occasional perror("SIOCGIFFLAGS") from appearing
at boot time.
While I'm there:
Make a couple of error messages more useful.
Add a missing include.
Add some braces to silence gccs dumb complaints.
Add some consts
Ansify decls
Add copyright to pmap_check.h (well, you could say it's been rewritten)
Those pages which have not been transcribed are referenced as
gracefully as possible.
There is no perfect section for the ntp_* files, which document
configuration options for the NTP suite, so I'm putting them in
the same section as the pages for the utilities themselves.
instead of -2. This (I believe) caused static wirings to not match.
This should fix Bill Pechter's problem but we'll see.
Problem discovered by: Bill Pechter <pechter@shell.monmouth.com>
o Realloc memory leak fixed which won't matter but would trigger purify
o Default to sendmail when no mailer.conf exists.
Fixed bugs in OpenBSD version:
o Add NULL termination in the right place.
Also put back the err. free shouldn't touch errno.
Pointed out by: theo de raadt (except the NULL bug :-)
a string containign 'J'.
o Properly terminate argv list with a NULL entry.
o Use warn() to report the exec failure because free could change errno and
err would report the wrong reason.
o Don't terminate string to err with ':' since this results in two colons.
getipnodebyaddr().
This resolve 2 problems.
-can specify scope index(@ifname) for IPv6 link local addr
-reverse lookup for IPv6 loopback addr(::1) was strange, but fixed
This would mean that we could move files.alpha, files.i386, files.pc98
etc all next to conf/files, and the various Makefiles next to each
other. This should go a long way towards committers "seeing" the
Alpha etc stuff and remembering to update that too as it would be
right next to the i386 config files. Note this does not include
the GENERIC etc files as they can't be shared. I haven't actually
moved the files, but the support is here for it. It still supports
the per-machine conf directories so that folks working on a new arch
can just distribute a subdir of files.
- redo the "at" configuration system so that it just syntax checks
to make sure the device you're configuring something "at" appears to
exist. Nuke a bunch of complexity that was responsible for creating
"clones" of wildcard devices and some wierd stuff in a few places
including the scbus config tables etc.
- merge "controller" and "device" - there is no difference as far as
the kernel is concernend, it's just something there to make life
difficult for config file writers. "controller" is now an alias for
"device".
- emit full scsi config into the resource tables. We could trivially
change cam to use that rather than it's own "special" table for wiring
and static configuration. ATA could use this too for static wiring.
- try and emulate some of the quirks of the old system where it made
sense. Some were too strange though and I'd be very suprised if they
were features and not outright bugs. nexus handling is still strange.
One thing in particular is that some of the wierd entries in the
newbus devtables is now gone as it was a quirk side effect of the
wildcard/question-mark cloning above.
GENERIC and LINT still build etc.
known option, unknown options following the known option were not
removed. Now I think only unknown options in unknown options files
are not removed. This is harmless because unknown options files should
not be used, but removing the files would be cleaner.
