repository signature_type is unsupported by bootstrap pkg(7).
Previously, when signature_type specified an unsupported method,
the bootstrap pkg(7) would proceed like when signature_type is
"none". MITM attackers may be able to use this vulnerability and
bypass validation and install their own versions of pkg(8).
At this time, only fingerprint and none are supported by the
bootstrap pkg(7).
FreeBSD's official pkg(8) repository uses the fingerprint method
and is therefore unaffected.
Errata candidate.
Discussed with: bapt@
Submitted by: Fabian Keil
Obtained from: ElectroBSD
The C library already knows how to lookup eui64 entries from NIS. For
example, fwcontrol(8) does it. But /var/yp/Makefile.dist doesn't build the
eui64 maps, and ypinit(8) doesn't push them to slaves. This change fixes
that.
Reviewed by: brooks, wblock
MFC after: 2 weeks
Sponsored by: SpectraLogic Corp
Differential Revision: https://reviews.freebsd.org/D3404
Its idea was to be a simple initiator and execute several commands from
kernel level, but FreeBSD never had consumer for that functionality,
while its implementation polluted many unrelated places..
characters use the defined constant so that in case of change this
would not break.
Reviewed by: allanjude
Differential Revision: https://reviews.freebsd.org/D3340
MFC after: 2 weeks
This will help ensure we don't trash file descriptors that get used later on
in the daemon
Found via internal Coverity scan
MFC after: 2 weeks
Discussed with: cem, ed, markj
Differential Revision: https://reviews.freebsd.org/D3081
Submitted by: Miles Ohlrich <miles.ohlrich@isilon.com>
Sponsored by: EMC / Isilon Storage Division
/usr/home/adrian/work/freebsd/head-embedded-2/src/usr.sbin/pw/pw_user.c: In function 'pw_user_next':
/usr/home/adrian/work/freebsd/head-embedded-2/src/usr.sbin/pw/pw_user.c:680: warning: statement with no effect
Now each subcommands checks its arguments in a dedicated functions.
This helps improving input validation, code readability/maintainability
While here:
- Add a -y option to pw userdel/usermod so it can maintain NIS servers if
nispasswd is not defined in pw.conf(5)
- Allow pw -r <rootdir> to remove directory with userdel -r
- Fix bug when renaming a user which was not renaming the user name it groups
it is a member of.
- Only parse pw.conf(5) when needed.
First they are redundant with the tests we currently have on pw(8)
Second they to modify the host database instead of being self contained withing
the test directory
