process dies, the process descriptor will be closed and pdfork(2)ed child
will be killed, which is not the case when regular fork(2) is used.
The PROCDESC option is now part of the GENERIC kernel configuration, so we
can start depending on it.
Add UPDATING entry to inform that this option is now required and log
detailed instruction to syslog if pdfork(2) is not available:
The pdfork(2) system call is not available; recompile the kernel with options PROCDESC
Submitted by: Mariusz Zaborski <oshogbo@FreeBSD.org>
Sponsored by: Google Summer of Code 2013
in the future in a backward compatible (API and ABI) way.
The cap_rights_t represents capability rights. We used to use one bit to
represent one right, but we are running out of spare bits. Currently the new
structure provides place for 114 rights (so 50 more than the previous
cap_rights_t), but it is possible to grow the structure to hold at least 285
rights, although we can make it even larger if 285 rights won't be enough.
The structure definition looks like this:
struct cap_rights {
uint64_t cr_rights[CAP_RIGHTS_VERSION + 2];
};
The initial CAP_RIGHTS_VERSION is 0.
The top two bits in the first element of the cr_rights[] array contain total
number of elements in the array - 2. This means if those two bits are equal to
0, we have 2 array elements.
The top two bits in all remaining array elements should be 0.
The next five bits in all array elements contain array index. Only one bit is
used and bit position in this five-bits range defines array index. This means
there can be at most five array elements in the future.
To define new right the CAPRIGHT() macro must be used. The macro takes two
arguments - an array index and a bit to set, eg.
#define CAP_PDKILL CAPRIGHT(1, 0x0000000000000800ULL)
We still support aliases that combine few rights, but the rights have to belong
to the same array element, eg:
#define CAP_LOOKUP CAPRIGHT(0, 0x0000000000000400ULL)
#define CAP_FCHMOD CAPRIGHT(0, 0x0000000000002000ULL)
#define CAP_FCHMODAT (CAP_FCHMOD | CAP_LOOKUP)
There is new API to manage the new cap_rights_t structure:
cap_rights_t *cap_rights_init(cap_rights_t *rights, ...);
void cap_rights_set(cap_rights_t *rights, ...);
void cap_rights_clear(cap_rights_t *rights, ...);
bool cap_rights_is_set(const cap_rights_t *rights, ...);
bool cap_rights_is_valid(const cap_rights_t *rights);
void cap_rights_merge(cap_rights_t *dst, const cap_rights_t *src);
void cap_rights_remove(cap_rights_t *dst, const cap_rights_t *src);
bool cap_rights_contains(const cap_rights_t *big, const cap_rights_t *little);
Capability rights to the cap_rights_init(), cap_rights_set(),
cap_rights_clear() and cap_rights_is_set() functions are provided by
separating them with commas, eg:
cap_rights_t rights;
cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_FSTAT);
There is no need to terminate the list of rights, as those functions are
actually macros that take care of the termination, eg:
#define cap_rights_set(rights, ...) \
__cap_rights_set((rights), __VA_ARGS__, 0ULL)
void __cap_rights_set(cap_rights_t *rights, ...);
Thanks to using one bit as an array index we can assert in those functions that
there are no two rights belonging to different array elements provided
together. For example this is illegal and will be detected, because CAP_LOOKUP
belongs to element 0 and CAP_PDKILL to element 1:
cap_rights_init(&rights, CAP_LOOKUP | CAP_PDKILL);
Providing several rights that belongs to the same array's element this way is
correct, but is not advised. It should only be used for aliases definition.
This commit also breaks compatibility with some existing Capsicum system calls,
but I see no other way to do that. This should be fine as Capsicum is still
experimental and this change is not going to 9.x.
Sponsored by: The FreeBSD Foundation
More concretely, periodic security scripts defaults to being
called from daily ones -- daily context -- so the mail subject
will now be "${HOST} daily security run output" instead of
"{HOST} security run output".
If you switch the period of some security checks to weekly, you
will receive another email "${HOST} weekly security run output".
terminology).
Adds command "mfiutil syspd <drive#>" to change a drive to SYSPD. Drive
will then be scanned/reported immediately as /dev/mfisyspdX by the host.
"mfiutil good <drive#>" clears SYSPD mode, remove /dev/mfisyspdX and
sets disk into UNCONFIGURED mode.
Tested on Dell H310 SAS/SATA RAID controller.
MFC after: 2 weeks
Sponsored by: Yahoo! Inc.
the prefix to the interface's prefix list. This shouldn't make a
difference, since rtadvd(8) is single-threaded, but I've seen it crash
in delete_prefix() with pfx_rainfo == NULL, and this is the only place
where a prefix can be added to the list with a NULL pfx_rainfo.
MFC after: 3 days
Notable new features:
* Elliptic Curve Digital Signature Algorithm keys and signatures in
DNSSEC are now supported per RFC 6605. [RT #21918]
* Introduces a new tool "dnssec-verify" that validates a signed zone,
checking for the correctness of signatures and NSEC/NSEC3 chains.
[RT #23673]
* BIND now recognizes the TLSA resource record type, created to
support IETF DANE (DNS-based Authentication of Named Entities)
[RT #28989]
* The new "inline-signing" option, in combination with the
"auto-dnssec" option that was introduced in BIND 9.7, allows
named to sign zones completely transparently.
Approved by: delphij (mentor)
MFC after: 3 days
Sponsored by: DK Hostmaster A/S
Without the cast there is ambiguity between 0xFF and -1 (EOF).
Suggested by: jilles
Submitted by: Mariusz Zaborski <oshogbo@FreeBSD.org>
Sponsored by: Google Summer of Code 2013
- It did not work with GENERIC kernel after r250603 because
options PROCDESC was required for pdfork(2). It now just uses fork(2)
instead when this syscall is not available.
- Fix verify(). This function was broken in r250602 because the outermost
"()" was removed from the condition !(isalnum() || ispunct()).
It prevented hostnames including "-", for example.
directory on the FTP mirrors to fetch distributions, since
these are always pushed to releases/ during the release cycle.
MFC after: 3 days
X-MFC-To: stable/9, releng/9.2
being defined in <sys/diskmbr.h>. Instead give the symbols here a
"PC98_" prefix. This way, both <sys/diskmbr.h> and <sys/diskpc98.h>
can be included in the same C source file.
The renaming is trivial. The only gotcha is that DOSBBSECTOR is
also redefined from 0 to 1. This because DOSBBSECTOR was always
used in conjunction with an addition of 1. The PC98_BBSECTOR symbol
is defined as 1 and the expression is simplified.
Note: it is not believed that ports are seriously impacted; or at
all for that matter.
Approved by: nyan@
New Features
Adds a new configuration option, "check-spf"; valid values are
"warn" (default) and "ignore". When set to "warn", checks SPF
and TXT records in spf format, warning if either resource record
type occurs without a corresponding record of the other resource
record type. [RT #33355]
Adds support for Uniform Resource Identifier (URI) resource
records. [RT #23386]
Adds support for the EUI48 and EUI64 RR types. [RT #33082]
Adds support for the RFC 6742 ILNP record types (NID, LP, L32,
and L64). [RT #31836]
Feature Changes
Changes timing of when slave zones send NOTIFY messages after
loading a new copy of the zone. They now send the NOTIFY before
writing the zone data to disk. This will result in quicker
propagation of updates in multi-level server structures. [RT #27242]
"named -V" can now report a source ID string. (This is will be
of most interest to developers and troubleshooters). The source
ID for ISC's production versions of BIND is defined in the "srcid"
file in the build tree and is normally set to the most recent
git hash. [RT #31494]
Response Policy Zone performance enhancements. New "response-policy"
option "min-ns-dots". "nsip" and "nsdname" now enabled by default
with RPZ. [RT #32251]
Approved by: delphij (mentor)
Sponsored by: DK Hostmaster A/S
PF_INET6 in kernel. This fixes various malfunction when the wall time
clock is changed. Bump __FreeBSD_version to 1000041.
- Use clock_gettime(CLOCK_MONOTONIC_FAST) in userland utilities.
MFC after: 1 month
The original API calls for pow2ns, however the new APIs from
Linux call for seconds.
We need to be able to convert to/from 2^Nns to seconds in both
userland and kernel to fix this and properly compare units.
rather than NetBSD.
- Correctly set the Expiration Time in the Primary Volume Descriptor;
according to ISO 9660 8.4.26.1 unspecified date and time are denoted
by the digit 0 in RBP 1 to 16 but the number 0 in RBP 17. [1]
- Merge iso9660_rrip.c rev. 1.11 from NetBSD: name_len should be read
as unsigned byte. [2]
Note: This is according to ISO 9660 9.1.10.
- Rock Ridge TF entries should use a length of 5, because after the 4
bytes of generic SUSP header there is one byte of flags. See typedef
of ISO_RRIP_TF in iso9660_rrip.h. [1]
Submitted by: Thomas Schmitt [1]
Obtained from: NetBSD [2]
MFC after: 3 days
is picked up when defined. Previously, ffs_subr.c was always built without
support for opposite endianess as it doesn't include makefs.h on its own.
MFC after: 3 days
SVN r224656:
Add back ftp4, a new machine has taken its place. ftp2 and ftp8 are both
IPv6 capable mirrors. cvsup4/ftp4 have already been added to the handbook.
NOTE: Except put IPv6 entries in IPv6 section at the top of the list
SVN r225467:
Add ftp4.se.freebsd.org to the IPv4 and IPv6 mirror lists.
SVN r235228:
Add the IPv6 tag to ftp4.fr.freebsd.org.
NOTE: Except dup entry into IPv6 section.
SVN r243832:
- Remove snapshots.se.freebsd.org [1]
- Add ftp6.se.freebsd.org
SVN r243854:
Remove snapshots.jp.freebsd.org. It stopped working years ago.
SVN r253543:
Update mirror list to more closely match
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mirrors-ftp.html
MFC after: 1 week
nfs, ftp, http, httpproxy, etc.) and f_device_get() (abstract method for
calling aforementioned f_media_get_TYPE()).
Previously, if $probe_only was present and non-NULL, the TYPE functions
would check for $file and exit with an appropriate error status (success if
the file exists and readable, failure otherwise).
While this has been retained, a pair of globals has been introduced:
$PROBE_EXIST and $PROBE_SIZE (see `/usr/share/bsdconfig/media/common.subr')
The $PROBE_EXIST global can be used where you need the functionality of
simply testing for existence (previously the _only_ functionality).
Meanwhile, the new $PROBE_SIZE global can be used to cause the TYPE function
to print the size of the file (in bytes) on standard-out (or -1) if not
found or an error occurs. NOTE: If an error occurs, it is logged with the
dprintf function, which is visible with `-d' flag or debug=1.
In many cases, where you need to get the size of a file _and_ check for its
existence, you can use the return status of a $PROBE_SIZE call.
them changed (or was removed from the tree) then portsnap would delete
that file. This happened earlier today when one of two empty port
directories was removed. Uniquifying the lists of needed files fixes
this.
9.2-RELEASE candidate.
MFC after: 3 days
an executable by-name without forking or using externals.
In a performance benchmark of 10,000 runs on circa 2006 hardware, f_which
out-performed `which' with an average completion time of ~2.5 seconds versus
~56 seconds.
This should be handy for future use (not that I make it a habit to call
`which' in a loop 10,000 times).
