Note that this introduces an explicit 2GB limit, but this was already
implicit in variable and function argument types.
This is based on the "non-cryptanalytic attacks against freebsd
update components" anonymous gist. Further refinement is planned.
Reviewed by: allanjude, cem, kib
Obtained from: anonymous gist
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D7619
process. We don't *quite* pull that number out of our backside, as
the actual number is difficult to determine without modifying the VM
system to report it, but it's still useful to get an idea of what's
going on when a machine unexpectedly starts swapping.
MFC after: 1 week
(On RISC-V MK_CXX is in BROKEN_OPTIONS, so users remains skipped there.)
Reviewed by: bdrewery
Differential Revision: https://reviews.freebsd.org/D7725
to -32768 when it is used as an argument to mp_itom(), in both libtelnet
and newkey. This code has been wrong since r26238 (!), so after almost
20 years it is rather useless to try to correct it.
MFC after: 1 week
It's not necessarily intuitive that the variables to query contain TRUSTEDBSD
in the prefix. Add non-TRUSTEDBSD prefixed knobs for querying things like
"_PC_ACL_NFS4".
MFC after: 1 week
Relnotes: yes
Reviewed by: wollman
Sponsored by: EMC / Isilon Storage Division
Differential Revision: https://reviews.freebsd.org/D7618
Move all of the fopen() and open() calls to the top of main()
Restrict each FD to least privilege (read/seek only, write only, etc)
cap_enter(), and make all except the output FD read/seek only.
Reviewed by: emaste, ed, oshogbo, delphij
Approved by: so
MFC after: 3 days
Relnotes: yes
Sponsored by: ScaleEngine Inc.
Differential Revision: https://reviews.freebsd.org/D7358
Decouple the send and receive limits on the amount of data in a single
iSCSI PDU. MaxRecvDataSegmentLength is declarative, not negotiated, and
is direction-specific so there is no reason for both ends to limit
themselves to the same min(initiator, target) value in both directions.
Allow iSCSI drivers to report their send, receive, first burst, and max
burst limits explicitly instead of using hardcoded values or trying to
derive all of them from the receive limit (which was the only limit
reported by the drivers prior to this change).
Display the send and receive limits separately in the userspace iSCSI
utilities.
Reviewed by: jpaetzel@ (earlier version), trasz@
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D7279
The TRUSTEDBSD prefix was chosen for consistency with the other
related `_PC_ACL*` prefixed variables.
MFC after: 3 days
Sponsored by: EMC / Isilon Storage Division
This allows shell programs to programmatically determine whether
or not a filesystem supports sparse files
MFC after: 3 days
Sponsored by: EMC / Isilon Storage Division
Make style changes (and trivial refactoring of open calls) now in order
to reduce noise in diffs for future capsicum changes.
Reviewed by: oshogbo
No objection: cperciva
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D7610
Coverity correctly reported that it's impossible for /comparison/ to be 0
here, because the only way for the for loop to end is by /comparison/
being < 0.
Fortunately the consequences of this bug weren't severe; for duplicated
entries in the typedef names file it would unnecessarily duplicate strings
with strdup(), but pointers to those would replace existing ones. So this
was a memory leak at worst.
CID: 1361477
Obtained from: Piotr Stephaniak
Shift the responsibility of allocating memory for the string duplicate
from the caller (set_option, add_typedefs_from_file) to the callee
(add_typename) as it has more knowledge about when the duplication
actually needs to occur.
Taken from: Piotr Stefaniak
Now that we've switched over to using the vDSO on CloudABI, it becomes a
lot easier for us to phase out old features. System call numbering is no
longer something that's part of the ABI. It's fully based on names. As
long as the numbering used by the kernel and the vDSO is consistent
(which it always is), it's all right.
Let's put this to the test by removing a system call (thread_tcb_set())
that's already unused for quite some time now, but was only left intact
to serve as a placeholder. Sync in the new system call table that uses
alphabetic sorting of system calls.
Obtained from: https://github.com/NuxiNL/cloudabi
add the new "-d" flag from D1626.
The man page will be updated in a subsequent commit.
Submitted by: will (earlier version)
Reviewed by: ken
MFC after: 1 month
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D1626
It was unlinking the target even though it uses rename(2) which already
effectively does that. -S is intended to not unlink(2) the target first.
MFC after: 1 week
Reviewed by: jhb
Sponsored by: EMC / Isilon Storage Division
Differential Revision: https://reviews.freebsd.org/D7452
With both of these flags, the backup was created via rename(dest, backup)
followed by rename(tmp, dest). This left the destination file missing
for a moment which contradicts the point of -S.
This fixes a race with installworld where PRECIOUSPROG and PRECIOUSLIB
files (which use -S for installation) would briefly be missing. In the
case of installing rtld with parallel installworld it could render an
error due to not having rtld present to run install/cp in another
process.
Reported by: jhb
Reviewed by: jhb
MFC after: 1 week
Sponsored by: EMC / Isilon Storage Division
Differential Revision: https://reviews.freebsd.org/D7451
This is a minor nit after r289391 made all installations to a directory always
end in a trailing '/'.
MFC after: 3 days
Sponsored by: EMC / Isilon Storage Division
removing CFLAGS+= -static
`CFLAGS+= -static` was a carryover from pre-r289195 with
usr.bin/tar/test/Makefile that should have been specified in LDFLAGS
There doesn't seem to be an apparent need for static compilation
of the test binaries.
Differential Revision: https://reviews.freebsd.org/D7430
MFC after: 1 week
Obtained-from: opBSD (418a491eed20d2603ddd1f1bd92c2c0d95094002)
Submitted by: op
Sponsored by: EMC / Isilon Storage Division
2 extra options not available neither on other BSD nor in GNU sdiff:
--diff-pid and --pipe-fd were present in the SoC code, none were usable
Just remove it
