the jail(8) command. [10:04]
Fix a one-NUL-byte buffer overflow in libopie. [10:05]
Correctly sanity-check a buffer length in nfs mount. [10:06]
Approved by: so (cperciva)
Approved by: re (kensmith)
Security: FreeBSD-SA-10:04.jail
Security: FreeBSD-SA-10:05.opie
Security: FreeBSD-SA-10:06.nfsclient
utilities and related support files for manual pages, which were previously
controlled by MAN. For POLA, the default depends on MAN, i.e., WITHOUT_MAN
implies WITHOUT_MAN_UTILS and WITH_MAN implies WITH_MAN_UTILS. This patch
is slightly improved by me from:
PR: misc/145212
can only be used when ntpd is compiled with DEBUG support.
PR: docs/138206
Submitted by: Oliver Pinter (oliver dot pntr at gmail dot com)
MFC after: 5 days
Approved by: roberto
bottom of the manpages and order them consistently.
GNU groff doesn't care about the ordering, and doesn't even mention
CAVEATS and SECURITY CONSIDERATIONS as common sections and where to put
them.
Found by: mdocml lint run
Reviewed by: ru
hid_get_data() now expects that the hid data passed in always contains
the report ID byte. Thus we should not skip the the report ID byte in
hid_interrupt(). Also, if HUP_KEYBOARD usage is an array, do not try
to modify the 'data' pointer, instead, increase the hid_item_t field
'pos' by 'report_size' before calling hid_get_data() during each
iteration.
PR: usb/146367
Reported and tested by: Alex Deiter
Pointy hat to: kaiw
Reviewed by: emax
This joint work of Dag-Erling Smørgrav and myself updates the
FFS quota system to support both traditional 32-bit and new 64-bit
quotas (for those of you who want to put 2+Tb quotas on your users).
By default quotas are not compiled into the kernel. To include them
in your kernel configuration you need to specify:
options QUOTA # Enable FFS quotas
If you are already running with the current 32-bit quotas, they
should continue to work just as they have in the past. If you
wish to convert to using 64-bit quotas, use `quotacheck -c 64';
if you wish to revert from 64-bit quotas back to 32-bit quotas,
use `quotacheck -c 32'.
There is a new library of functions to simplify the use of the
quota system, do `man quotafile' for details. If your application
is currently using the quotactl(2), it is highly recommended that
you convert your application to use the quotafile interface.
Note that existing binaries will continue to work.
Special thanks to John Kozubik of rsync.net for getting me
interested in pursuing 64-bit quota support and for funding
part of my development time on this project.
would crash in check_options() since dp == NULL for the V4: line.
This patch moves the check for options allowed on the V4: line to
ahead of where dp is used to avoid this crash.
Reported by: mamalos AT eng.auth.gr
MFC after: 1 week
L2/3/4 headers and can drop or steer packets as instructed. Filtering
based on src ip, dst ip, src port, dst port, 802.1q, udp/tcp, and mac
addr is possible. Add support in cxgbtool to program these filters.
Some simple examples:
Drop all tcp/80 traffic coming from the subnet specified.
# cxgbtool cxgb2 filter 0 sip 192.168.1.0/24 dport 80 type tcp action drop
Steer all incoming UDP traffic to qset 0.
# cxgbtool cxgb2 filter 1 type udp queue 0 action pass
Steer all tcp traffic from 192.168.1.1 to qset 1.
# cxgbtool cxgb2 filter 2 sip 192.168.1.1 type tcp queue 1 action pass
Drop fragments.
# cxgbtool cxgb2 filter 3 type frag action drop
List all filters.
# cxgbtool cxgb2 filter list
index SIP DIP sport dport VLAN PRI P/MAC type Q
0 192.168.1.0/24 0.0.0.0 * 80 0 0/1 */* tcp -
1 0.0.0.0/0 0.0.0.0 * * 0 0/1 */* udp 0
2 192.168.1.1/32 0.0.0.0 * * 0 0/1 */* tcp 1
3 0.0.0.0/0 0.0.0.0 * * 0 0/1 */* frag -
16367 0.0.0.0/0 0.0.0.0 * * 0 0/1 */* * *
MFC after: 2 weeks
section holding the config file to sh_addralign bytes using NULs.
This bogusly triggers an assert. Break out of the loop when we hit an
NUL within that many bytes of the end.
MFC after: 3 days
will allow people with old config options to either have it just work
(if config is new enough), or get a version error (if their config is
about 7.0 or newer) rather than getting a cryptic error about
duplicated options in the options file, or getting an error about an
unknown option, at which point they'd update their config file only to
learn they need a new config, only to learn they didn't really need to
update their config file... All this because our version checking was
in the wrong place for the past decade...
# hopefully this is the last change, and we'll be able to config with an
# 8.0 GENERIC file on stable/8 after I merge this change and add the
# compat options.
MFC after: 3 days
versions of config. Remove support for the syntax OLD = NEW form the
options file, and instead have a new file $S/conf/options-compat.
This file will be parsed as OLD NEW on each line. Bump version of
config. Since nothing in -current ever used this, there's no hazards
for current users, so I'm not bumping the version in the
Makefiles.$MACHINE. No need, really, for this version bump in
-current, but this was introduced into -stable before I realized the
version check was ineffective there, so the verison bump doesn't hurt
here and keeps the two branches in sync, versionwise, after the MFC.
MFC after: 3 days
we've parsed the config file. Makefile generation is too late if
we've introduce changes to the syntax of the metafiles to warn about
version skew, since we have to try to parse them and we get an parse
error that's rather baffling to the user rather than a 'your config is
too old, upgrade' which we should get.
We have to defer doing it until after we've read the user's config
file because we define machinename there. The version required to
compile the kernel is encoded in Makefile.machinename. There's no
real reason for this to be the case, but changing it now would
introduce some logistical issues that I'd rather avoid for the moment.
I intend to revisit this if we're still using config in FreeBSD 10.
This also means that we cannot introduce any config metafile changes
that result in a syntax error or other error for the user until 9.0 is
released. Otherwise, we break the upgrade path, or at least reduce
the usefulness of the error messages we generate.
# This implies that the config file option mapping will need to be redone.
MFC after: 3 days
brings in support for an optional intent log which eliminates the need
for background fsck on unclean shutdown.
Sponsored by: iXsystems, Yahoo!, and Juniper.
With help from: McKusick and Peter Holm
- Rework the wrapper support to check libpkg version as well as pkg_install
version.
- Add libfetch to _prebuild_libs.
- There are no new features introduced.
Notes: the API is not stable, so basically, do not use libpkg in your
projects for now. Also there's no manpage for libpkg yet, because the API
will change drastically. I repeat, do not use libpkg for now.
with all other corresponding CTF places by changing the corresponding
code which is generated by config(8). Or in short, move the '@' from
the variable definition to the use of the variable. [1]
While I'm here break up a long line. [2]
Discussed with: imp [1,2], bde [2]
sure the "Q = Finish" text is visible.
Reword the boot manager screen to try and avoid confusion, and make the
order of the menu items match that in sysinstall.
PR: bin/142916
Submitted by: Jeremy Chadwick <freebsd at jdc.parodius.com>
Reviewed by: randi
Approved by: rrs (mentor)
MFC after: 1 week
feature. The kernel makefiles have specifically not been bumped
because nothing uses this new feature and doing so forces everybody to
recompile for no good reason. This chnage will be MFC'd where the
kernel version numbers for amd64 and ia64 will be bumped, since those
are the only two that have use the option remapping feature. Once
merged, this will give a better error message to folks that are using
buildkernel without buildworld or kernel-toolchain to update their
kernels.
MFC after: 3 days
OLD_OPT = NEW_OPT
in options* files will now map OLD_OPT to NEW_OPT with a friendly
message. This is indented for situations where we need to preserve an
interface in the config file in an upwards compatible fashion on a
stable branch.
Reviewed by: nwhitehorn@
MFC after: 3 days
Although groff_mdoc(7) gives another impression, this is the ordering
most widely used and also required by mdocml/mandoc.
Reviewed by: ru
Approved by: philip, ed (mentors)
According to the manpage, the entries have to be sorted by uid. This is
no longer possible, since our utmpx implementation is completely unaware
of user IDs. You can safely add entries for multiple users sharing the
same uid.
Make the output less random by sorting everything by name.
* WPA-None requires ap_scan=2:
The major difference between ap_scan=1 (default) and 2 is, that no
IEEE80211_IOC_SCAN* ioctls/functions are called, though, there is a
dependency on those. For example the call to wpa_driver_bsd_scan()
sets the interface UP, this never happens, therefore the interface
must be marked up in wpa_driver_bsd_associate(). IEEE80211_IOC_SSID
also is not called, which means that the SSID has not been set prior
to the IEEE80211_MLME_ASSOC call.
* WPA-None has no support for sequence number updates, it doesn't make
sense to check for replay violations..
* I had some crashes right after the switch to RUN state, issue is
that sc->sc_lastrs was not yet defined.
Approved by: rpaulo (mentor)
MFC after: 3 weeks
symlink before complaining that it doesn't exist. Typical case
would be a leftover library symlink that's left over after the
actual library has been removed.
Reported by: tabthorpe
don't try to find a hidden meaning in the strange order. The list used
to be sorted in rev. 1.1 from 4.4BSD but the order was broken as soon as
in rev. 1.2 by a single-character fix.
MFC after: 3 days
When using ac -w, we must use the last timestamp to terminate the log
file. I accidentally removed this when I ported the code to use utmpx.
Reported by: avg
- avoid coredump when there's only one token on a line;
- Use calloc();
- Remove a line inherited from example mdoc.
Obtained from: OpenBSD
MFC after: 1 month
and modify the BEGEMOT-PF-MIB to add support for IPV6 address' statistics in the PF
tables via pfTablesAddrNetType and pfTablesAddrNet. While here, upgrade the
pf_tree.def file to the new format that includes enumerated values. Also make sure
to return SNMP_ERR_NOSUCHNAME for ALTQ objects, if ALTQ is disabled, so that the agent
will know to skip the pfAltq subtree when servicing GETNEXT requests from SNMP clients
(otherwise snmpwalk on begemotPf would stop at the pfAltq subtree with bsnmpd returning
SNMP_ERR_GENERR).
then find a specific entry, and get the requested value. So far, it found
the specific entry, refreshed the entry list if necessary, and got the
requested value from the found entry. The problem is that refreshing nukes
all old entries and replaces them with new ones and the obtained entry
pointer was no longer valid after the refresh.
Reviewed by: bz, philip
MFC after: 1 week
Right now if a jail has multiple IPv6 addresses, it will print them
shifting only 4 bytes at a time. Example:
2001:4dd0:ff41::b23f:a9
2001:4dd0:ff41::b23f:aa
Becomes:
2001:4dd0:ff41::b23f:a9
ff41::b23f:a9:2001:4dd0
By casting to in6_addr, it uses the correct offsets.
MFC after: 1 week
and enforce this in the code. Apparently a lot of users mistakenly
combine -a with these flags and are then mystified that no changes
were made.
While I'm here, fix a trailing space in mergemaster.8
pmc_flush_logfile is now non-blocking and just ask the kernel
to shutdown the file. From that point, no more data is
accepted by the log thread and when the last buffer is flushed
the file is closed.
This will remove a deadlock between pmcstat asking for
flush while it cannot flush the pipe itself.
MFC after: 3 days
- no display on serial terminal in top mode.
- display alignment for continuation string.
- correct invalid value used for display limit.
MFC after: 3 days
uid_t and gid_t are unsigned. While initializing them to -1 and later
checking against -1 to see if they are still at their default usually
works, introduce two new flags and stop the inband signalling.
Approved by: ed (co-mentor)
The Makefiles are leftovers from the copies and should live in usr.sbin/zic/*
From usr.sbin/zic:
The sources are from a vendor contributed source, therefore should
live in contrib/tzcode/zic.
du(1), cp(1) etc, to prevent the crossing of mountpoints whilst using the
commands recursively.
PR: bin/130855
Submitted by: keramida
MFC after: 1 month
mpt(4) controller. Previously, the code assumed that multiple match
patterns provided to an XPT_DEV_MATCH request were ANDed together.
Instead, they are ORed. Instead, to match peripherals for a specific bus,
one query needs to be performed to lookup the path ID of the bus. A second
query can then be performed matching peripherals attached to that path.
This approach also makes the code a bit cleaner as the returned match
results do not mix bus and perphierals.
Reported by: several folks
MFC after: 1 week
present. mpt(4) controllers that do not support RAID do not have an IOC6
page, for example.
- Correct a check for a missing page error in a debug function.
MFC after: 1 week
- Kcachegrind (calltree) support with assembly/source
code mapping and call count estimator (-F).
- Top mode for calltree and callgraph plugin (-T).
MFC after: 1 month
interfaces (such as when you are part of a carp pool), and you run
rpcbind -h to restrict which interfaces have rpc services, rpcbind can
none-the-less return addresses that aren't in the -h list. This patch
enforces the rule that when you specify -h on the command line, then
services returned from rpcbind must be to one of the addresses listed
in -h, or be a loopback address (since localhost is implicit when
running -h).
The root cause of this is the assumption in addrmerge that there can
be only one interface that matches a given network IP address. This
turns out not to be the case. To retain historical behavior, I didn't
try to fix the routine to prefer the address that the request came
into, since I didn't know the side effects that might cause in the
normal case. My quick analysis suggests that it wouldn't be a
problem, but since this code is tricky I opted for the more
conservative patch of only restricting the reply when -h is in effect.
Hence, this change will have no effect when you are running rpcbind
without -h.
Reviewed by: alfred@
Sponsored by: iX Systems
MFC after: 2 weeks
due to careful design. We've not yet figured out how to properly
annotate the sockaddr structs to communicate this to the compiler and
there's a number of constructs in the tree that make this annotation
challenging.
As such, reduce warns to 3 here because this code really isn't warns 6
safe, even if it kinda sorta appears to be on intel (which has no such
alignment restrictions). Warns 4 adds the -Wcast-align warning.
# fixes the mips tinderbox build
interface specifier on the command line can be ommited.
Besides of this, the bpf is being reused for each machine
that has to be woken up.
Submitted by: Marc Balmer <marc@msys.ch>
Some Exchange systems wrap lines over 75 characters long while converting
messages to quoted-printable, preventing ctm_rmail from reassembling
emailed deltas. For a negligible loss of encoding efficiency, this change
allows ctm deltas to once more pass through Exchange undamaged.
longer than the length of the current attribute if the buffer were reused
and previously longer, so bits of the previous, longer attribute would be
written. Fix this by using the actual attribute length.
which stops to proceed further, as it is possible that processes which
fails to create PID file get screwed by rotation.
Requested by: stas
MFC after: 2 weeks
X-MFC with: r200806
whether to use source address selection (default) or the primary
jail address for unbound outgoing connections.
This is intended to be used by people upgrading from single-IP
jails to multi-IP jails but not having to change firewall rules,
application ACLs, ... but to force their connections (unless
otherwise changed) to the primry jail IP they had been used for
years, as well as for people prefering to implement similar policies.
Note that for IPv6, if configured incorrectly, this might lead to
scope violations, which single-IPv6 jails could as well, as by the
design of jails. [1]
Reviewed by: jamie, hrs (ipv6 part)
Pointed out by: hrs [1]
MFC After: 2 weeks
Asked for by: Jase Thew (bazerka beardz.net)
While there, fix a bug I introduced previously. We must reopen the
database for each username passed on the command line. We must rewind
the database and search from the beginning.
Similar to last(1), it must compare ut_id's instead of TTYs to determine
whether a session has been terminated. It must also use ut_type to
determine the type of the login record instead figuring it out by
itself.
A nice thing about utmpx is that it makes it very easy to log sessions
that don't use TTYs. This is because the file is not indexed by TTY
slots anymore.
Silence from: brian
from standard 3G wireless units by supplying a raw IP/IPv6 endpoint rather than
using PPP over serial. uhsoctl(1) is used to initiate and close the WAN
connection.
Obtained from: Fredrik Lindberg <fli@shapeshifter.se>
Update delete_temproot() to include the error message if it fails,
and clean up the places where it's called.
If there are no files left in temproot when the comparison is done
delete it without prompting. This should make "automated" runs of
mergemaster without -a a little easier.
Document the new behavior in the man page.
Std 1003.1-2008. Both Linux and Solaris conforms to the new definitions,
so we better follow too (older glibc used old BSDish alphasort prototype
and corresponding type of the comparision function for scandir). While
there, change the definitions of the functions to ANSI C and fix several
style issues nearby.
Remove requirement for "sys/types.h" include for functions from manpage.
POSIX also requires that alphasort(3) sorts as if strcoll(3) was used,
but leave the strcmp(3) call in the function for now.
Adapt in-tree callers of scandir(3) to new declaration. The fact that
select_sections() from catman(1) could modify supplied struct dirent is
a bug.
PR: standards/142255
MFC after: 2 weeks
Even though it builds with WARNS=2, some users link sendmail from the
base system against SASL. This doesn't build in this case.
Reported by: Andrzej Tobola <ato iem pw edu pl>
an "rc file only" option by design.
While I'm here, update the comments in the example rc file to indicate
which command line options they relate to, and correct the defaults
for a couple of options.
1. Don't prompt the user for "-U but no db" error if we're using -a
2. Add an option to delete stale rc.d files automatically if the user
has DELETE_STALE_RC_FILES in their rc file. Lack of command line option
for this is not an oversight.
3. Add []'s around the terminal $ for the $FreeBSD$ test for -F
For one bug raised by jhb I did a more thorough solution:
There were a lot of things that "snuck in" between the end of the test
for -r and the start of the comparison. One of them is the creation of
the mtree db, as pointed out by jhb. Fix this problem more thoroughly
by moving the end of the test down to where it should/used to be, right
before the comparison. As a result, indent the interloping code to match.
IFF_POINTOPOINT link types. The reason was due to the routing
entry returned from the kernel covering the remote end is of an
interface type that does not support ARP. This patch fixes this
problem by providing a hint to the kernel routing code, which
indicates the prefix route instead of the PPP host route should
be returned to the caller. Since a host route to the local end
point is also added into the routing table, and there could be
multiple such instantiations due to multiple PPP links can be
created with the same local end IP address, this patch also fixes
the loopback route installation failure problem observed prior to
this patch. The reference count of loopback route to local end would
be either incremented or decremented. The first instantiation would
create the entry and the last removal would delete the route entry.
MFC after: 5 days
I was considering committing all these patches one by one, but as
discussed with brooks@, there is no need to do this. If we ever
need/want to merge these changes back, it is still possible to do this
per application.
Fix some wrong usages.
Note: this does not affect generated binaries as this argument is not used.
PR: 137213
Submitted by: Eygene Ryabinkin (initial version)
MFC after: 1 month
I am not planning on providing a mechanism tot stat() the database files
directly. The disadvantage of this, is that rwhod will now be a little
bit more heavy than it used to be. It normally used to fstat() the file
descriptor to see whether the file had changed, but this is now
impossible to implement, meaning we have to parse the entire utmp file
each 180 seconds.
This is probably not an issue on modern 16-way servers, but if it turns
out to be a problem, we'll think of something.
- Only set the fields in the ulog_utmpx structure that are valid for the
command in question. This means that strings like "shutdown" or "~"
are not visible to the user anymore.
- Rename UTXF_* to UTXI_*, indicating the indexation, instead of using
the `antique' filename. If we ever get rid of utmp, it makes little
sense calling it by its old name.
The utmp code in systime.c is not enabled, so including <utmp.h> has no
effect in our setup. This makes it a little easier for me to migrate to
<utmpx.h>.
Approved by: roberto
to proceed anyway as this most likely mean that the process has been
terminated.
PR: bin/140397
Submitted by: Dan Lukes <dan obluda cz>
MFC after: 1 month
Its primary purpose is to start and stop services provided by
the rc.d scripts, however it can also be used to list the scripts
using various criteria.
and /.profile. The problem is that install(1) will unlink the old file
before it installs the new one, which means that in the best case we
have to compare the changes for the old file twice.
So, change the logic to first test to see if the link exists, then
install the file. Then if the link was there and we're using -i, just
create the link in /root and be done with it. Otherwise display the
message to the user and give them the option.
Because we are now sorting things before doing the comparison we can
know conclusively that the files in / should be the sources, and the
files in /root will be the targets, so adjust the paths accordingly.
While I'm here, split a too-long error message into two lines and
just return at the end of handling these files instead of setting
the variable that says "do nothing" and then returning at the end
of the function anyway.
when "-P port" is specified. It invoked svc{tcp,udp}_create()
for only one of the two allocated sockets, and prevented the
TCP socket from binding to as the result.
- Use TI-RPC functions and handle sockets in a
transport-independent way. At this moment only AF_INET ("udp"
and "tcp") is supported because others need rewrites of ACL
handling and yp clients.
- Add '-h addr' to specify addresses to bind to.
- Convert _msgout() to use variable argument lists and remove
asprintf() for error strings.
- Remove register storage class specifier.
Discussed with: kuriyama
MFC after: 1 week
to something else. So add code to detect when things don't match and
give the user choices about how to fix it.
If we're using -P and something in the above check needs to be moved
we need to have the directory there for it, so create it at the
beginning and delete empty versions of it at the end.
The case where something used to be a file or link and now is supposed
to be a directory (e.g., /etc/security) is especially dangerous, so
make failure to install a necessary directory in $DESTDIR a fatal error.
MAXLOGNAME seems more applicable in this case, because UT_NAMESIZE
refers to the username field in utmp files, which is clearly unrelated
to repquota(8).
The size of the username record in utmp files should not influence the
maximum username length. Right now ut_user/ut_name is big enough, so in
this case it's dead code anyway.
protocol flaw. [09:15]
Correctly handle failures from unsetenv resulting from a corrupt
environment in rtld-elf. [09:16]
Fix permissions in freebsd-update in order to prevent leakage of
sensitive files. [09:17]
Approved by: so (cperciva)
Security: FreeBSD-SA-09:15.ssl
Security: FreeBSD-SA-09:16.rtld
Security: FreeBSD-SA-09:17.freebsd-udpate
environments.
Please note that this can't be done while such processes run in jails.
Note: in future it would be interesting to find a way to do that
selectively for any desired proccess (choosen by user himself), probabilly
via a ptrace interface or whatever.
Obtained from: Sandvine Incorporated
Reviewed by: emaste, arch@
Sponsored by: Sandvine Incorporated
MFC: 1 month
Right now syscons(4) uses a cons25-style terminal emulator. The
disadvantages of that are:
- Little compatibility with embedded devices with serial interfaces.
- Bad bandwidth efficiency, mainly because of the lack of scrolling
regions.
- A very hard transition path to support for modern character sets like
UTF-8.
Our terminal emulation library, libteken, has been supporting
xterm-style terminal emulation for months, so flip the switch and make
everyone use an xterm-style console driver.
I still have to enable this on i386. Right now pc98 and i386 share the
same /etc/ttys file. I'm not going to switch pc98, because it uses its
own Kanji-capable cons25 emulator.
IMPORTANT: What to do if things go wrong (i.e. graphical artifacts):
- Run the application inside script(1), try to reduce the problem and
send me the log file.
- In the mean time, you can run `vidcontrol -T cons25' and `export
TERM=cons25' so you can run applications the same way you did before.
You can also build your kernel with `options TEKEN_CONS25' to make all
virtual terminals use the cons25 emulator by default.
Discussed on: current@
This will make it more easy for people to experiment with TERM=xterm.
Instead of echoing these strange escape sequences, I can just instruct
them to run `vidcontrol -T xterm'.
offer to install an SMP kernel. The way this worked was: on supported
platforms, code to read ACPI tables and BIOS MP tables was compiled into
sysinstall, and if an SMP kernel config was present in the source tree when
sysinstall was built, code that called it was also compiled. Since we
haven't had SMP kernel configs in years, the latter was never compiled and
the former never ran.
This only removes dead and unreachable code; it does *not* remove the NCpus
variable, nor the code that sets it to 1, nor the code that asks the user to
select a kernel from a list.
Discussed with: re@, randi@ and others