several new kerberos related libraries and applications to FreeBSD:
o kgetcred(1) allows one to manually get a ticket for a particular service.
o kf(1) securily forwards ticket to another host through an authenticated
and encrypted stream.
o kcc(1) is an umbrella program around klist(1), kswitch(1), kgetcred(1)
and other user kerberos operations. klist and kswitch are just symlinks
to kcc(1) now.
o kswitch(1) allows you to easily switch between kerberos credentials if
you're running KCM.
o hxtool(1) is a certificate management tool to use with PKINIT.
o string2key(1) maps a password into key.
o kdigest(8) is a userland tool to access the KDC's digest interface.
o kimpersonate(8) creates a "fake" ticket for a service.
We also now install manpages for some lirbaries that were not installed
before, libheimntlm and libhx509.
- The new HEIMDAL version no longer supports Kerberos 4. All users are
recommended to switch to Kerberos 5.
- Weak ciphers are now disabled by default. To enable DES support (used
by telnet(8)), use "allow_weak_crypto" option in krb5.conf.
- libtelnet, pam_ksu and pam_krb5 are now compiled with error on warnings
disabled due to the function they use (krb5_get_err_text(3)) being
deprecated. I plan to work on this next.
- Heimdal's KDC now require sqlite to operate. We use the bundled version
and install it as libheimsqlite. If some other FreeBSD components will
require it in the future we can rename it to libbsdsqlite and use for these
components as well.
- This is not a latest Heimdal version, the new one was released while I was
working on the update. I will update it to 1.5.2 soon, as it fixes some
important bugs and security issues.
- Fix wrong scaling in the bc.library.
- Let length(0.000) conform to what gnu bc does.
PR: bin/159227
Submitted by: AIDA Shinra <shinra at j10n dot org>
__uint16_t, we can partially undo r228668.
Note the remark "Work around a clang false positive with format string
warnings and ntohs macros (see LLVM PR 11313)" was actually incorrect.
Before r232745, on some arches, the ntohs() macros did in fact return
int, not uint16_t, so clang was right in warning about the %hu format
string.
MFC after: 2 weeks
installs clang as /usr/bin/cc, /usr/bin/c++ and /usr/bin/cpp.
Note this does *not* disable building and installing gcc, which will
still be available as /usr/bin/gcc, /usr/bin/g++ and /usr/bin/gcpp. If
you want to disable gcc completely, you must use WITHOUT_GCC.
MFC after: 2 weeks
This is harmless because srandom() is called somewhere else, with time(NULL)
as a seed, but this is more correct.
Obtained from: https://bitbucket.org/mux/csup
Pointyhat to: not mux, somebody else
MFC after: 1 week
get rid of testing explicitly for clang (using ${CC:T:Mclang}) in
individual Makefiles.
Instead, use the following extra macros, for use with clang:
- NO_WERROR.clang (disables -Werror)
- NO_WCAST_ALIGN.clang (disables -Wcast-align)
- NO_WFORMAT.clang (disables -Wformat and friends)
- CLANG_NO_IAS (disables integrated assembler)
- CLANG_OPT_SMALL (adds flags for extra small size optimizations)
As a side effect, this enables setting CC/CXX/CPP in src.conf instead of
make.conf! For clang, use the following:
CC=clang
CXX=clang++
CPP=clang-cpp
MFC after: 2 weeks
Some of new features:
- New readers: RAR, LHA/LZH, CAB reader, 7-Zip
- New writers: ISO9660, XAR
- Improvements to many formats, especially including ISO9660 and Zip
- Stackable write filters to write, e.g., tar.gz.uu in a single pass
- Exploit seekable input; new "seekable" Zip reader can exploit the Zip
Central Directory when it's available; the old "streamable" Zip reader
is still fully supported for cases where seeking is not possible.
Full release notes available at:
https://github.com/libarchive/libarchive/wiki/ReleaseNotes
If a utility called by xargs exits with status 255 or because of a signal,
POSIX requires writing an error message.
PR: 165155
Submitted by: Matthew Story matthewstory gmail com
The reasoning behind this, is that if we are consistent in our
documentation about the uint*_t stuff, people will be less tempted to
write new code that uses the non-standard types.
I am not going to bump the man page dates, as these changes can be
considered style nits. The meaning of the man pages is unaffected.
MFC after: 1 month
According to POSIX, -a is equal to -bdlprtTu. It seems this is not true
in practice, as -b normally restricts the output to BOOT_TIME entries
and all implementations that I know of don't.
rpcgen will search the current PATH for the preprocessor. This makes it
possible to run a preprocessor built during the cross-tools stage of
buildworld.
MFC after: 1 week
preprocessor to run. Previously, it always ran /usr/bin/cpp, unless you
used the -Y option, and even then you could not set the basename. It
also attempted to run /usr/ccs/lib/cpp for SVR4 compatibility, but this
is obsolete, and has been removed.
Note that setting RPCGEN_CPP to a command with arguments is supported,
though the command line parsing is simplistic. However, setting it to
e.g. "gcc46 -E" or "clang -E" will lead to problems, because both gcc
and clang in -E mode will consider files with unknown extensions (such
as .x) as object files, and attempt to link them.
This could be worked around by also adding "-x c", but it is much safer
to set RPCGEN_CPP to e.g. "cpp46" or "clang-cpp" instead.
MFC after: 1 week
update access and modification times by reading and writing the file.
chmod(2) in rw() doesn't help because utimes(2) allow owner and the
super-user to change times. Using just utimes(2) should be sufficient.
The -f option becomes no-op.
Reviewed by: jilles
checking the returned oldlen: when ENOMEM is due to the supplied
buffer being too short the return oldlen is equal to buffer size.
Without this additional check sockstat gets stuck in loop leaking the
memory if the returned ENOMEM was due the exceeded memorylocked
limit. This is easily can be observed running `limits -l 1k sockstat'.
Submitted by: Andrey Zonov <andrey zonov org>
MFC after: 1 week
This fixes the bug: when procstat -xa was run and the sysctl for a
process returned ESRCH or EPERM, for this process procstat output the
result collected for the previous successful process.
or resetting USB serial devices.
Somebody[tm] should rewrite tip(1) to use two thread instead of two
processes or maybe even use that new-fangled "select(2)" or positively
futuristic "poll(2)" system call.
- Zero-terminate the resulting string by letting the for-loop copy the
terminating zero.
- Exit the for-loop after handling a backslash at the end of the format
string to fix a buffer overrun.
- Remove some unnecessary comments and blank lines. [1]
Requested by: bde [1]
PR: bin/144722
Approved by: kib (mentor)
Sockets not associated with a file descriptor include TCP TIME_WAIT states
and sockets created via the socket(9) API such as from rpc.lockd and the NFS
client.
PR: bin/164081
MFC after: 2 weeks
No objection: des
- A real filename is now shown in an output report when "-f file" is specified.
- Add Xr lastlogin into last(1) manual page.
Reviewed by: ed
MFC after: 1 week
progress information. The first is that fetch_read() (used in the HTTP
code but not the FTP code) can enter an infinite loop if it has previously
been interrupted by a signal. The second is that when it is interrupted,
fetch_read() will discard any data it may have read up to that point.
Luckily, both bugs are extremely timing-sensitive and therefore difficult
to trigger.
PR: bin/153240
Submitted by: Mark <markjdb@gmail.com>
MFC after: 3 weeks
The wtmpcvt(1) utility converts wtmp files to the new format used by
utmpx(3). Now that HEAD has been branched to stable/9 and 9.0 is
released, there is no need for it in HEAD.
MFC after: never
CTL is a disk and processor device emulation subsystem originally written
for Copan Systems under Linux starting in 2003. It has been shipping in
Copan (now SGI) products since 2005.
It was ported to FreeBSD in 2008, and thanks to an agreement between SGI
(who acquired Copan's assets in 2010) and Spectra Logic in 2010, CTL is
available under a BSD-style license. The intent behind the agreement was
that Spectra would work to get CTL into the FreeBSD tree.
Some CTL features:
- Disk and processor device emulation.
- Tagged queueing
- SCSI task attribute support (ordered, head of queue, simple tags)
- SCSI implicit command ordering support. (e.g. if a read follows a mode
select, the read will be blocked until the mode select completes.)
- Full task management support (abort, LUN reset, target reset, etc.)
- Support for multiple ports
- Support for multiple simultaneous initiators
- Support for multiple simultaneous backing stores
- Persistent reservation support
- Mode sense/select support
- Error injection support
- High Availability support (1)
- All I/O handled in-kernel, no userland context switch overhead.
(1) HA Support is just an API stub, and needs much more to be fully
functional.
ctl.c: The core of CTL. Command handlers and processing,
character driver, and HA support are here.
ctl.h: Basic function declarations and data structures.
ctl_backend.c,
ctl_backend.h: The basic CTL backend API.
ctl_backend_block.c,
ctl_backend_block.h: The block and file backend. This allows for using
a disk or a file as the backing store for a LUN.
Multiple threads are started to do I/O to the
backing device, primarily because the VFS API
requires that to get any concurrency.
ctl_backend_ramdisk.c: A "fake" ramdisk backend. It only allocates a
small amount of memory to act as a source and sink
for reads and writes from an initiator. Therefore
it cannot be used for any real data, but it can be
used to test for throughput. It can also be used
to test initiators' support for extremely large LUNs.
ctl_cmd_table.c: This is a table with all 256 possible SCSI opcodes,
and command handler functions defined for supported
opcodes.
ctl_debug.h: Debugging support.
ctl_error.c,
ctl_error.h: CTL-specific wrappers around the CAM sense building
functions.
ctl_frontend.c,
ctl_frontend.h: These files define the basic CTL frontend port API.
ctl_frontend_cam_sim.c: This is a CTL frontend port that is also a CAM SIM.
This frontend allows for using CTL without any
target-capable hardware. So any LUNs you create in
CTL are visible in CAM via this port.
ctl_frontend_internal.c,
ctl_frontend_internal.h:
This is a frontend port written for Copan to do
some system-specific tasks that required sending
commands into CTL from inside the kernel. This
isn't entirely relevant to FreeBSD in general,
but can perhaps be repurposed.
ctl_ha.h: This is a stubbed-out High Availability API. Much
more is needed for full HA support. See the
comments in the header and the description of what
is needed in the README.ctl.txt file for more
details.
ctl_io.h: This defines most of the core CTL I/O structures.
union ctl_io is conceptually very similar to CAM's
union ccb.
ctl_ioctl.h: This defines all ioctls available through the CTL
character device, and the data structures needed
for those ioctls.
ctl_mem_pool.c,
ctl_mem_pool.h: Generic memory pool implementation used by the
internal frontend.
ctl_private.h: Private data structres (e.g. CTL softc) and
function prototypes. This also includes the SCSI
vendor and product names used by CTL.
ctl_scsi_all.c,
ctl_scsi_all.h: CTL wrappers around CAM sense printing functions.
ctl_ser_table.c: Command serialization table. This defines what
happens when one type of command is followed by
another type of command.
ctl_util.c,
ctl_util.h: CTL utility functions, primarily designed to be
used from userland. See ctladm for the primary
consumer of these functions. These include CDB
building functions.
scsi_ctl.c: CAM target peripheral driver and CTL frontend port.
This is the path into CTL for commands from
target-capable hardware/SIMs.
README.ctl.txt: CTL code features, roadmap, to-do list.
usr.sbin/Makefile: Add ctladm.
ctladm/Makefile,
ctladm/ctladm.8,
ctladm/ctladm.c,
ctladm/ctladm.h,
ctladm/util.c: ctladm(8) is the CTL management utility.
It fills a role similar to camcontrol(8).
It allow configuring LUNs, issuing commands,
injecting errors and various other control
functions.
usr.bin/Makefile: Add ctlstat.
ctlstat/Makefile
ctlstat/ctlstat.8,
ctlstat/ctlstat.c: ctlstat(8) fills a role similar to iostat(8).
It reports I/O statistics for CTL.
sys/conf/files: Add CTL files.
sys/conf/NOTES: Add device ctl.
sys/cam/scsi_all.h: To conform to more recent specs, the inquiry CDB
length field is now 2 bytes long.
Add several mode page definitions for CTL.
sys/cam/scsi_all.c: Handle the new 2 byte inquiry length.
sys/dev/ciss/ciss.c,
sys/dev/ata/atapi-cam.c,
sys/cam/scsi/scsi_targ_bh.c,
scsi_target/scsi_cmds.c,
mlxcontrol/interface.c: Update for 2 byte inquiry length field.
scsi_da.h: Add versions of the format and rigid disk pages
that are in a more reasonable format for CTL.
amd64/conf/GENERIC,
i386/conf/GENERIC,
ia64/conf/GENERIC,
sparc64/conf/GENERIC: Add device ctl.
i386/conf/PAE: The CTL frontend SIM at least does not compile
cleanly on PAE.
Sponsored by: Copan Systems, SGI and Spectra Logic
MFC after: 1 month
From the NetBSD bug:
The way how hexdump(1) parses escape sequences has some bugs.
It shows up when an escape sequence is used as the non-last character
of a format string.
PR: bin/144722
Submitted by: gcooper
Approved by: rpaulo
Obtained from: NetBSD
MFC after: 1 week
The index() and rindex() functions were marked LEGACY in the 2001
revision of POSIX and were subsequently removed from the 2008 revision.
The strchr() and strrchr() functions are part of the C standard.
This makes the source code a lot more consistent, as most of these C
files also call into other str*() routines. In fact, about a dozen
already perform strchr() calls.
This makes a tiny percentage of entries in calendars ugly for latin1
users, but fixes them for UTF-8 users.
This badly needs a solution involving locale-dependent re-encoding.
The following additional vendor revisions are applied:
Revision 3740:
Use archive_clear_error() to clear the error markers.
Obtained from: http://code.google.com/p/libarchive
MFC after: 2 weeks
This matches 4.4BSD tradition and other utilities with these options and is
required by POSIX (POSIX does not specify -P, only -HL).
MFC after: 2 weeks
Whenever the conv_c() function encounters an incomplete multibyte char,
it peeks ahead. It also sets p to peekbuf, to indicate it is still
processing the incomplete character.
However, on the next retry, it compares buf against peekbuf, which
always returns false, since both buf and peekbuf are local char arrays,
whose addresses are never the same.
Fix this by comparing against p instead, which was the intention. Also
turn peekbuf into an array of u_char, to prevent conversion warnings.
MFC after: 1 week
(see tools/regression/usr.bin/make/execution/joberr test).
openpty(fd + 0, fd + 1,...) version does not have this problem but
it sometimes enters an infinite sleep in "ttywait" state in tty_drain()
when make(1) closes slave pty.
As C1X is close to being released, there is no need to wrap around a
feature that is already part of C90. Most of these files already use
`const' in different placed as well.
to Compat_RunCommand() being called with `cmd' that is not on the node->commands
list
- Make ellipsis ("..." command) handling consistent: check for "..." command
in job make after variables expansion to match compat make behavior
- Fix empty command handling (after variables expansion and @+- modifiers
are processed): now empty commands are ignored in compat make and are not
printed in job make case
- Bump MAKE_VERSION to 5-2011-11-30-0
This also fixes the issue, spotted by mdf, with values that were
printed as decimal and had hex prefixes.
Discussed with: kib, rwatson
MFC after: 2 weeks
- fix other errors introduced when committing r226436
- add 'function' to a sentence where it makes sense
Submitted by: delphij
Submitted by: dougb
Submitted by: jhb
Approved by: dougb
Approved by: jhb
- Add ? option to optstring.
- Sort options alphabetically.
- Vertical space.
Tidy up usage() function.
Bring man page in sync with source.
Ensure that debug code is only executed with the -d option.
Submitted by: Christiane Yeardley
Only one of these flags can be set. Just add them together and check the
value. Also, get rid of the listall variable. The code is already filled
with direct *flag-comparisons.
Obtained from: Alexander Best (though modified)
Such optimisations should not be performed in this Makefile. Also, uqs@
suggested they have no effect, because the checksum of the resulting
binary is unchanged.
Discussed with: gabor, uqs
The privs.h header is not only used by at(1), it's also used by
atrun(8). Just let the code the way it used to be (for now).
Reported by: kwm, tinderbox
Hat to: me
