ssh: canonicize the host name before looking it up in the host file
Re-apply r99054 by des in 2002. This was accidentally dropped
by the update to OpenSSH 6.5p1 (r261320).
This change is actually taken from r387082 of
ports/security/openssh-portable/files/patch-ssh.c
Differential Revision: https://reviews.freebsd.org/D3103
PR: 198043
Approved by: re (gjb), kib (mentor)
Sponsored by: Dell Inc.
Relnotes: yes
If ggated's exports_find() fails, the connection is removed before
(trying to) report the problem to the client.
sendfail() is called with an already closed socket and thus it
fails to inform the client about the problem.
Fix this by calling sendfail() before connection_remove().
PR: 195944
Submitted by: Fabian Keil
Reviewed by: pjd
Approved by: re (gjb)
Unbreak ggatec and ggatel on i386 after r238119, which added two more
'struct g_gate_ctl_create' fields.
While the behaviour was technically undefined on other architectures
as well, on the reporter's amd64 systems the uninitialized bytes the
kernel cares about were always zero so everything worked as expected.
PR: 197309, 199559
Submitted by: ota@j.email.ne.jp, Fabian Keil
Reviewed by: pjd
Approved by: re (gjb)
New function smbios_match to detect BIOS versions during boot
MFC: r277957:
Fix order of functions in smbios.c (corrects r277949)
MFC: r281138:
SMBIOS support for EFI
r281138 makes changes to the new unified EFI loader (r280950), which has not been merged to stable/10 (and likely won't be).
These changes were manually applied to the amd64 EFI loader (sys/boot/amd64/efi).
The changes to sys/boot/amd64/efi are a direct commit.
Reviewed by: stas
Approved by: re (gjb), marcel
Sponsored by: ScaleEngine Inc.
Differential Revision: https://reviews.freebsd.org/D3129
- Add IPv6 support in quota(1). While rpc.rquotad has supported
PF_INET6 for a long time, quota(1) utility supported only PF_INET.
- Clean up confusing changes in f_mntfromname.
- Add an entry for rquotad with rpc/udp6 to inetd.conf.
PR: 194084
Approved by: re (kib)
Sponsored by: The FreeBSD Foundation
A variable was misspelled resulting in chmod executing on the installer instead of on the target chroot
PR: 191402
MFC: r285553
make /var/audit its own dataset so it is not part of the OS boot environment
PR: 199864
MFC: r285554
Set a mountpoint on the root of the pool so user-created datasets have a mountpoint to inherit
MFC: r285557
Make bsdinstall's zfsboot script align partitions to 4k/1m when the user requests it
PR: 195174
Approved by: re (gjb), brueffer
Relnotes: yes
Sponsored by: ScaleEngine Inc.
Prevent inlining txg_quiesce
This allows dtrace to monitor the calls to txg_quiesce which can be
really helpful.
Also standardize __noinline order for arc_kmem_reap_now.
Sponsored by: Multiplay
Approved by: re
introduced by r280182. FreeBSD-head doesn't need TUNABLE_INT() now with
SYSCTL_INT() but stable/10 still does.
Note: This is a direct commit to stable/10.
PR: 201644
Reviewed by: erj
Approved by: re (gjb)
Sponsored by: Limelight Networks
Obtain proper capsicum rights for dump files so rotation of such files works when requested. This is equivalent to cherry picking the following upstream commits:
commit c6d472bf63488b0c2ab7ab9f4b32c68dd2c8ea2b
commit f08eb851eedf9775e6485ab75c0d8cf8d1306be6
commit d83a284abc80d3d09f6bddd087760bb1b01d9cc7
PR: 199568
Approved by: re
Make the creation of the free lists dynamic, i.e., it is based on the
available physical memory at boot time. For amd64 systems with 64 GB
or more of physical memory, create free lists for managing pages with
physical addresses below 4 GB.
PR: 185727
Requested by: alc
Approved by: re (gjb)
Fill the port and protocol information in the SADB_ACQUIRE message
in case when security policy has it as required by RFC 2367.
PR: 192774
Approved by: re (delphij)
Use the monotonic (uptime) counter rather than time-of-day to measure
elapsed time between ntp_adjtime() clock offset adjustments. This
eliminates spurious frequency steering after a large clock step (such
as a 1970->2015 step on a system with no battery-backed clock hardware).
This problem was discovered after the import of ntpd 4.2.8, which does
things in a slightly different (but still correct) order than the 4.2.4
we had previously. In particular, 4.2.4 would step the clock then
immediately after use ntp_adjtime() to set the frequency and offset to
zero, which captured the post-step time-of-day as a side effect. In
4.2.8, ntpd sets frequency and offset to zero before any initial clock
step, capturing the time as 1970-ish, then when it next calls
ntp_adjtime() it's with a non-zero offset measurement. This non-zero
value gets multiplied by the apparent 45-year interval, which blows up
into a completely bogus frequency steer. That gets clamped to 500ppm,
but that's still enough to make the clock drift so fast that ntpd has
to keep stepping it every few minutes to compensate.
Approved by: re (gjb)
Fix if_loop so bpfwrite() can use it regardless of the state of
bd_hdrcmplt. As if_loop does not use link-level headers, its behavior
when used by bpfwrite() should be the same regardless of the state of
bd_hdrcmplt. Without this change, libpcap (and other BPF users that
work like it) fail when writing to loopback interfaces.
Approved by: re
Fix sysctl(3) so it returns the intended values for all mib names in
the 'user' sysctl tree, which have all been coming back 0 or empty
since r240176.
Approved by: re
- allow to create users with uid 0
- fix check duplicates logic
- fix gid policy to be in sync with uid if possible
Reported by: Jan Mikkelsen <janm@transactionware.com>
Approved by: re (marius)
