see which release you are installing (really which FreeBSD version the
installer is running, but that shouldn't matter in all normal cases).
PR: bin/100309
Submitted by: Joao Barros <joao.barros@gmail.com> (original version)
Idea from: FreeBSD ideas page
MFC after: 1 week
instead of maximum sized arrays embedded in the table structures and (2)
using pointers to constant oids instead of copying the oid into each
table structure. This also fixes indexing in the case when a string used
for indexing is longer than the maximum size allowed in the MIB.
Submitted by: Victor Cruceru <soc-victor@>
so that the checking will wind up with the correct mode-bits in
the case where the initial open() of that lock file will create it.
Due to this bug, the first job ever sent to a queue could leave
that queue in a "printing is disabled" state.
PR: 93469
Submitted by: Michael Szklarski of kco.com.pl
MFC after: 1 week
specification, but not in the file hierarchy.
PR: bin/99531
Submitted by: skv
Obtained from: NetBSD, originally from Ed Symanzik
Regress. test: test/test05.sh
MFC after: 1 month
A field width in printf(3) must be int, so cast return value from strlen()
to the type.
Noticed by: Andrzej Tobola <ato iem pw edu pl>; tinderbox
Pointy hat to: yar
X-MFC with: the rest of the new asf code
The improvements are:
- can get the kld info from core files via kvm(3);
- can use kldstat(2) directly, which is a piece of cake;
- can use .symbols or whatever, which allows for use by
non-developers when reporting system crashes -- now asf(8)
can be mentioned in the handbook at last;
- speed (no more double fts(3) per loaded module);
- various bugs fixed.
At the same time, the new asf(8) should stay compatible with
the old one, bar bugs. Perhaps some defaults may be changed
later to match today's state of affairs.
Reviewed by: grog
MFC after: 1 month
Sponsored by: RiNet (Cronyx Plus LLC)
parameter to try to delete an NFS export. It won't work, and will log
a spurious warning to syslog.
Tested by: Arno J. Klaassen <arno at heho dot snv dot jussieu dot fr>
MFC after: 3 days
- K&R -> ANSI prototype [O]
- Do not bother to do free right before exit() or execve() [O]
- Remove some dead code in addarg()
- Make additional parameters specified in mailer.conf(5)
actually work and document the fact. [N]
- Avoid using __progname but instead use getprogname()
and setprogname() to provide more sensible messages. [O, N]
- Update $OpenBSD$ and $NetBSD$ to reflect the fact that we
have sync'ed with their code.
- WARNS=6
Obtained from/Inspired by: OpenBSD [O], NetBSD [N] (partially)
is more than one HCI node present
- Use errx(3) instead of err(3) if there is no HCI node present as errno
is 0 in this case and the resulting error message wouldn't make much sense
Approved by: emax (mentor)
setgid(2), setlogin(2) and initgroups(3). In theory they could
fail for root with some third party mac(4) policies.
Submitted by: Kostik Belousov
MFC after: 1 month
Correct a bug in the handling of backslash characters in smbfs which can
allow an attacker to escape from a chroot(2). [2]
Security: FreeBSD-SA-06:15.ypserv [1]
Security: FreeBSD-SA-06:16.smbfs [2]
I considered leaving /boot/kernel out of the chflags noschg line, but I
seem to remember that there was a period where /boot/kernel was schg, so
have left it in for safety's sake.
Approved by: jhb
MFC after: 1 month
can read two variables at once; and suffix pattern deletion) to make the
extract command fork fewer processes.
With the portsnap snapshot and the ports tree in swap-backed memory
disks on my 1.4GHz laptop, this reduces 178800 processes and 195/56/126
seconds of real/user/sys time to 44600 processes and 103/34/60 seconds.
so that both parent and child processes ignore this signal.
PR: bin/97768
Submitted by: Gea-Suan Lin <gslin at csie dot nctu dot edu dot tw>
MFC after: 3 days
We already check for write() failures and handle EPIPE.
Failure to handle SIGPIPE was resulting in rpc.lockd terminating.
PR: bin/97768
Reported by: Gea-Suan Lin <gslin at csie dot nctu dot edu dot tw>
MFC after: 1 day
SRC_BASE package (src/[A-Z]*) as well as SRC_SYS (src/sys/*). This
allows users who only install the kernel source code to use the
modern "make buildkernel" approach.
Discussed with: re (scottl, kensmith)
MFC after: 3 days
parameter optional.
- Add Read_Node_List command which prints a list of available HCI nodes,
their Netgraph IDs and connected hooks
Reviewed by: emax
Approved by: emax
MFC after: 1 week
expression, which makes it possible to only see interesting
providers. "f" is used inside gstat to set a filter, "F" is used to
remove current filter.
- Do not print some uninteresting values in the gstat title line.
- Do not print past the end of the screen.
- Read multiple keystrokes per "wait" when gstat is running.
- Remove a redundant != check, right after check of NULL against the
same variable ("gid").
- Use sysexits.h.
- Do not link against libkvm and libsbuf, they are not actually used.
- Fix a few style(9) issues where I had to touch nearby code anyway.
Approved by: cperciva (mentor)
MFC after: 2 weeks
Submitted by: Dan Lukes
Reviewed by: hm@
fix compile warnings in isdnd and isdntest. some more
compile time warnings also mentioned in this PR were
already fixed in an earlier commit today.
interact very nicely with HTTP proxies: Since proxies do not know
that all the files on portsnap1.freebsd.org are identical to the
files with the same names on portsnap2.freebsd.org, said proxies end
up downloading and storing files in duplicate.
This commit uses the HTTP_PROXY environment variable, if set, to
generate a random number seed for use in selecting a mirror. This
means that if several systems all have the same HTTP_PROXY value set,
they will ask the proxy to fetch files from the same mirror (unless
that mirror fails, in which case all the systems will use the same
second choice, et cetera).
Portsnap still doesn't interact very well with "transparent" HTTP
proxies, but there's nothing I can do about those.
Requested by: simon
Sponsored by: FreeBSD security development fundraiser
track of which mirrors we have tried and try a different mirror if we
fail when trying to download the SSL public key or the snapshot
signature.
Failures later in the download process will not result in switching to
a different mirror, for two reasons:
1. If is very unlikely that a mirror will fail partway through the
process of downloading updates.
2. If we switched from a more recently updated mirror to a less
recently updated mirror partway through the download process, we would
end up failing anyway because we would be trying to fetch files which
the second mirror didn't have yet.
PR: bin/96288
Requested by: lots of people
Sponsored by: FreeBSD security development fundraiser
the host(1) from BIND 9. This doesn't matter for HEAD, but will help
people who install portsnap from the ports tree onto older versions of
FreeBSD.
PR: ports/93901
Sponsored by: FreeBSD security development fundraiser
An mtree description of all non-zero files that make
distribution installs (only size and md5) is built from the
temproot. When the user completes a mergemaster run, the
mtree description file gets installed into /var/db for
safe-keeping.
When the user then decides to do a subsequent upgrade (with
the -U flag), the existing mtree description from /var/db
is called into service looking for files that are different in
DESTDIR. This is stashed away until a file that would normally
end up prompting the user to look at changes is encountered.
Since there are no user modified changes, the new file is
installed without bothering the user.
Looked at by: dougb
MFC after: 6 weeks
- Remove hard sentence breaks;
- Avoid using double negatives or "sexist" language;
- Expand contractions;
- Remove a blank line;
- Some grammar changes.
Usually we do not "hard code" requests to submit bugs to the author, but
I will leave this go for now.
subject: ranges of uid, ranges of gid, jail id
objects: ranges of uid, ranges of gid, filesystem,
object is suid, object is sgid, object matches subject uid/gid
object type
We can also negate individual conditions. The ruleset language is
a superset of the previous language, so old rules should continue
to work.
These changes require a change to the API between libugidfw and the
mac_bsdextended module. Add a version number, so we can tell if
we're running mismatched versions.
Update man pages to reflect changes, add extra test cases to
test_ugidfw.c and add a shell script that checks that the the
module seems to do what we expect.
Suggestions from: rwatson, trhodes
Reviewed by: trhodes
MFC after: 2 months
1900 in network byte order. Use a uint32_t to calculate and send
the time, so that we don't need to know how big ints or longs are.
I used uint32_t instead of int in the patch, on the off chance
someone uses our inetd source on a system that doesnt 32 bit ints.
PR: 95290
Submitted by: Bruce Becker <hostmaster@whois.gts.net>
MFC after: 2 weeks
