The recent problems with sshd were due to sshd reassigning
`environ' when setenv() thinks it owns it. setenv() subsequently
realloc()s the new version of environ and *boom*
- Include <stdlib.h> and <string.h> as needed for prototypes
- Remove unneeded "error" variables
o Make cap_init() use cap_clear() instead of bzero()
Obtained from: TrustedBSD Project
o Implementations will remain in the seperately distributed capability
patch until the cap_t type changes are synchronized.
Obtained from: TrustedBSD Project
response to return. This will stop processes waiting on DNS requests
from being woken up when a select collision occurs. This was tested
on mx1.FreeBSD.org (outgoing mail for the FreeBSD.org mailing
lists.)
Reviewed by: jlemon, peter
were not present when dev_mkdb(8) was run.
First the dev_mkdb(8) database is searched, this caters for non-DEVFS
cases where people have renamed a device.
If that fails we ask the kernel using sysctl kern.devname if the device
driver has put a name in the dev_t. This covers DEVFS cloned devices.
If that also fails we format a string which isn't entirely useless.
be used to point to a bad locale file. This is only believed to be a
minor security risk - the only risk is if some program uses the result
of a localized string as a format specifier in a vulnerable function
like sprintf(). No such code is believed to exist in the FreeBSD base
system, although it is possible that badly written third party code
would do that.
Submitted by: imp
Approved by: ache
configure FreeBSD so that various databases such as passwd and group can be
looked up using flat files, NIS, or Hesiod.
= Hesiod has been added to libc (see hesiod(3)).
= A library routine for parsing nsswitch.conf and invoking callback
functions as specified has been added to libc (see nsdispatch(3)).
= The following C library functions have been modified to use nsdispatch:
. getgrent, getgrnam, getgrgid
. getpwent, getpwnam, getpwuid
. getusershell
. getaddrinfo
. gethostbyname, gethostbyname2, gethostbyaddr
. getnetbyname, getnetbyaddr
. getipnodebyname, getipnodebyaddr, getnodebyname, getnodebyaddr
= host.conf has been removed from src/etc. rc.network has been modified
to warn that host.conf is no longer used at boot time. In addition, if
there is a host.conf but no nsswitch.conf, the latter is created at boot
time from the former.
Obtained from: NetBSD
the efficiency of byte-by-byte read operations on filesystems not already
supported by the block cache (especially NFS).
This should be a welcome change for users booting via PXE, as the loader
now reads its startup files almost instantly, instead of taking tens of
seconds.
It was kinda silly since the sigaction() syscall that it used to setup
the handler is more recent than __getcwd(), therefore it was useless
as the wrapper would have died before even getting as far as __getcwd(2).
Reminded by: bde
* rewrite catopen() to remove duplicate code chunks and optimize
* if empty string is passed to catopen() as name argument then
catopen() will set errno to ENOENT (File not found), not EINVAL
* move search code to LOOKUP() macro to shrink amount of duplicated code
* move common resource freeing actions to __nls_free_resources() function
* exclude from build code related to MCLoadAll defintion since it is not
using at all
* style(9) related whitespace changes
Reviewed by: ache
in my tree for a long time. bde reviewed this once upon a time and
said it was OK, iirc. This also obviates the need to put ? in the
optstring argument to preclude the extra warning message which some
people think confuses users. When I made my getopt cleanups of a long
time ago, this was the compromise reached. I just neglected to commit
it until now.
and bump __FreeBSD_version to 500012 to mark the occasion.
setproctitle() is prototyped in unistd.h as opposed to stdlib.h
where OpenBSD and NetBSD have it.
Reviewed by: peter
datagram embedded into ICMP error message, not with protocol
field of ICMP message itself (which is always IPPROTO_ICMP).
Pointed by: Erik Salander <erik@whistle.com>
not alias `ip_src' unless it comes from the host an original
datagram that triggered this error message was destined for.
PR: 20712
Reviewed by: brian, Charles Mott <cmott@scientech.com>
rmdir(2) on directories and unlink(2) otherwise. This modification,
and most of the man page update has been obtined from OpenBSD. This
was spotted by someone on a mailing lists a few months ago, but
I've lost their mail.
Reviewed by: sheldonh
for crypt(3) by now. In any case:
Add crypt_set_format(3) + documentation to -lcrypt.
Add login_setcryptfmt(3) + documentation to -lutil.
Support for switching crypt formats in passwd(8).
Support for switching crypt formats in pw(8).
The simple synopsis is:
edit login.conf; add a passwd_format field set to "des" or "md5"; go nuts :)
Reviewed by: peter
Beyond changes to the build system, this includes fixing up the sample
freebsd.mc configuration for changes in defaults and syntax, removing
outdated documentation, and updating the release notes.
identifier to the DHCP server. Now you can check for this string
in your dhcp configuration to decide whether you will hand out a
lease to the client or not.
I changed to close to original code before merging IPv6 support.
It seems having delay before another try is useless. However, I'm
not sure that delay means. So, I leave it as-is.
PR: bin/20515
related patches. These include:
* Mode page editting can be scripted. This involves two
things: first, if stdin is not a tty, changes are read from
stdin rather than invoking $EDITOR. Second, and more
importantly, not all modepage entries must be included in the
change set. This means that camcontrol can now gracefully handle
more intrusive editting from the $EDITOR, including removal or
rearrangement of lines. It also means that you can do stuff
like:
# echo "WCE: 1" | camcontrol modepage da3 -m 8 -e
# newfs /dev/da3
# echo "WCE: 0" | camcontrol modepage da3 -m 8 -e
* Range-checking on user-supplied input values. modeedit.c now
uses the field width specifiers to determine the maximum
allowable value for a field. If the user enters a value larger
than the maximum, it clips the value to the max and warns the
user. This also involved patching cam_cmdparse.c to be more
consistent with regards to the "count" parameter to arg_put
(previously is was the length of strings and 1 for all integral
types). The cam_cdbparse(3) man page was also updated to reflect
the revised semantics.
* In the process, I removed the 64 entry limit on mode pages (not
that we were even close to hitting that limit). This was a nice
side-effect of the other changes.
* Technically, the new mode editting functionality allows editting
of character array entries in mode pages (type 'c' or 'z'),
however since buff_encode doesn't grok them it is currently
useless.
* Camcontrol gained two new options related to mode pages: -l and
-b. The former lists all available mode pages for a given
device. The latter forces mode page display in binary format
(the default when no mode page definition was found in
scsi_modes).
* Added support for mode page names to scsi_modes. Allows names to
be displayed alongside mode numbers in the mode page
listing. Updated scsi_modes to use the new functionality. This
also adds the semicolon into the scsi_modes syntax as an
optional mode page definition terminator. This is needed to name
pages without providing a page format definition.
* Updated scsi_all.h to include a structure describing mode page
headers.
* Added $FreeBSD$ line to scsi_modes.
Inspired by: dwhite
Reviewed by: ken
was not fun and I am not entirely certain of the correctness, but it seems
to work. (in fact, side by side testing of this code vs the x86 version
turned up hidden bugs in the x86 code).
testing and real-life applications:
1) If you returned from the thread function, you got a segv instead of
calling _exit() with your return code.
2) clean up some bogus stack management. There was also an underflow
on function return.
3) when making syscalls, the kernel is expecting to have to leave space
for the function's return address. We need to duplicate this. It was
an accident that the rfork syscall actually worked here. :-/
the number of times I have given this to people and got asked: why isn't
it in libc? It is impossible to do this without assembler glue to reset
the stack for the new child process.
int rfork_thread(flags, stack_addr, start_fnc, start_arg)
int flags; Flags to rfork system call. See rfork(2).
void *stack_addr; Top of stack for thread.
int (*start_fnc)(void *); Address of thread function to call in child.
void *start_arg; Argument to pass to the thread function in child.
This is deliberately not documented or prototyped in includes until the
corresponding alpha version is written.
a bug in some ftp servers (most notably ftp.vmunix.com) which report the
size of a file correctly in ascii mode, but report it as 0 in binary mode.
Reported by: asmodai
Also remove an unneeded initialization.
Sort out the size / length confusion. Always try to report the *real* file
size in the url_stat structure, no matter how much of it is actually being
sent, and try to detect inconsistencies between sizes.
Rearrange the request loop to avoid having to add meaningless code just to
silence compiler warnings.
Switch to a more sensible and consistent interface for the _http_parse*()
functions.
32-bit type (rather than define his own type based on the type of box
being compiled on).
Submitted by: Mark Abene <phiber@radicalmedia.com>
(however I applied a slightly different fix)
strdup()) rather than pointing it at something that's free()d
(via freeaddrinfo(res)) before the function returns.
I appreciate that this is an API change, but it's the only way
(AFAIK) of doing this without breaking existing code that uses
rcmd{,_af}().
Pointed out by: phkmalloc
than requested. Instead, inform the caller of the real offset by modifying
the offset field in the original struct url, and let him decide how to handle
the situation.
pthread_cond_signal(), pthread_cond_broadcast(), and pthread_cond_timedwait().
Do not dump core in pthread_cond_timedwait() (due to a NULL pointer
dereference) if attempting to wait on an uninitialized condition variable.
PR: bin/18099
fetchStat*(). In most cases, either fetchGet*() or fetchXGet*() is a wrapper
around the other; in all cases, calling fetchGet*() is identical to calling
fetchXGet*() with the second argument set to NULL.
outside the loop inspects it to determine whether or not we succeeded in
retrieving the requested document. This fixes a bug where fetchGetHTTP()
would return a FILE with an invalid file descriptor if it hit the redirect
limit without locating the requested document.
or not interrupted system calls will be restarted. This fixes a bug where
fetch(1) would hang (potentially forever) if a server stopped responding,
because the signal handler would absorb the user's efforts to interrupt the
transfer.
via IPv6, the hostname is trimed due to the length of IPv6 address.
This change saves it as possible.
I have a grudge against the shortage of UT_HOSTSIZE.
to be applied to the value given. This does not break installed
/etc/login.conf files, since un-suffixed numbers are interpreted as
they were before.
PR: 19750
Submitted by: Paul Herman <pherman@frenchfries.net>
moved around, but the acutal functional changes are small.
Add support for site-internal redirects (where the Location: header gives a
path instead of an absolute URI)
Pointed out by: kuriyama
with fdisk, ensure that they are a multiple of the sector size in length.
- Axe all the 1024 cylinder checks as they are no longer relevant with the
fixed bootstrap.
more robust, and somewhat more efficient. It also handles authorization and
redirects properly, and supports timeouts like the FTP code.
Many thanks to Umemoto-san for his assistance with IPv6 support, both here
and in other parts of libfetch.
management involving rcmd_af(), getaddrinfo(), freeaddrinfo(), etc.
We set *ahost to point to ai->canonname; and later free the ai-> stuff
and still leave the old pointers in *ahost to the freed data.
Perhaps the best way to deal with this is a static buffer or a static
strdup() that is freed on the next iteration or something. This gives
me headaches just thinking about this.
The new 'AJ' default for malloc() tripped this up.
of the processing of the recursion, "scan" would be pointing to O_CH
(or O_QUEST), which would then be interpreted as being the end character
for altoffset().
We avoid this by properly increasing scan before leaving the switch.
Without this, something like (a?b?)?cc would result in a g->moffset of
1 instead of 2.
I added a case to the soon-to-be-imported regex(3) test code to catch
this error.
string may be found (from the beginning of the pattern), the point
at which must is found minus that offset may actually point to some
place before the start of the text.
In that case, make start = start.
Alternatively, this could be tested for in the preceding if, but it
did not occur to me. :-)
Caught by: regex(3) test code
use a CHAR_MIN-based array, like elsewhere in the code.
Remove a number of unused variables (some due to the above change, one
that was left after a number of optimizing steps through the source).
Brucified by: bde
remove (comment out) functions defined or depricated elsewhere:
bsearch, lfind, lsearch, insque, remque
change hcreate to take a size_t rather than uint (essentially the same)
since hcreate/hdestroy are now in <search.h>, remove private search.h
in lib/libc/db/hash/
add $FreeBSD tags to hsearch.c
- permit numeric scopeid, be more careful about buffer size
TODO: 2nd arg type should be socklen_t for RFC2553 conformance,
but due to include file dependency it is not a easy thing to do
(netdb.h does not have socklen_t)
soon to be committed syscall stubs. These calls will be used to get
and set capability state associated with executables.
Obtained from: TrustedBSD Project
interface addresses in a portable manner, without headache of SIOCGIFCONF
or sysctl. it is in bsdi/openbsd/netbsd already.
from kame tree (actually, mandatory for latest kame tree).
when parsing certain DNS records during a reverse address resolution. Thus
when code tries to examine the returned host name, it dereferences a null
pointer :-(
Problem noticed by: ps
VIS_HTTPSTYLE is a new encoding style for use in vis(), strvis() and
strvisx() that escapes characters according to RFC 1808 (URI encoding).
Since decoding of these require different detection of start-points of
escaped characters, VIS_HTTPSTYLE can be given as flag to unvis().
unvis() will then properly decode URIs.
A new function appeared, strunvisx(): strunvisx() behaves similar as
strunvis(), with one exception: It has an additional flag parameter,
which is passed to unvis() to archive the effect I described above.
previous commits.
At the time we search the pattern for the "must" string, we now compute
the longest offset from the beginning of the pattern at which the must
string might be found. If that offset is found to be infinite (through
use of "+" or "*"), we set it to -1 to disable the heuristics applied
later.
After we are done with pre-matching, we use that offset and the point in
the text at which the must string was found to compute the earliest
point at which the pattern might be found.
Special care should be taken here. The variable "start" is passed to the
automata-processing functions fast() and slow() to indicate the point in
the text at which they should start working from. The real beginning of
the text is passed in a struct match variable m, which is used to check
for anchors. That variable, though, is initialized with "start", so we
must not adjust "start" before "m" is properly initialized.
Simple tests showed a speed increase from 100% to 400%, but they were
biased in that regexec() was called for the whole file instead of line
by line, and parenthized subexpressions were not searched for.
This change adds a single integer to the size of the "guts" structure,
and does not change the ABI.
Further improvements possible:
Since the speed increase observed here is so huge, one intuitive
optimization would be to introduce a bias in the function that computes
the "must" string so as to prefer a smaller string with a finite offset
over a larger one with an infinite offset. Tests have shown this to be a
bad idea, though, as the cost of false pre-matches far outweights the
benefits of a must offset, even in biased situations.
A number of other improvements suggest themselves, though:
* identify the cases where the pattern is identical to the must
string, and avoid entering fast() and slow() in these cases.
* compute the maximum offset from the must string to the end of
the pattern, and use that to set the point at which fast() and
slow() should give up trying to find a match, and return then
return to pre-matching.
* return all the way to pre-matching if a "match" was found and
later invalidated by back reference processing. Since back
references are evil and should be avoided anyway, this is of
little use.
The BM algorithm works by scanning the pattern from right to left,
and jumping as many characters as viable based on the text's mismatched
character and the pattern's already matched suffix.
This typically enable us to test only a fraction of the text's characters,
but has a worse performance than the straight-forward method for small
patterns. Because of this, the BM algorithm will only be used if the
pattern size is at least 4 characters.
Notice that this pre-matching is done on the largest substring of the
regular expression that _must_ be present on the text for a succesful
match to be possible at all.
For instance, "(xyzzy|grues)" will yield a null "must" substring, and,
therefore, not benefit from the BM algorithm at all. Because of the
lack of intelligence of the algorithm that finds the "must" string,
things like "charjump|matchjump" will also yield a null string. To
optimize that, "(char|match)jump" should be used.
The setup time (at regcomp()) for the BM algorithm will most likely
outweight any benefits for one-time matches. Given the slow regex(3)
we have, this is unlikely to be even perceptible, though.
The size of a regex_t structure is increased by 2*sizeof(char*) +
256*sizeof(int) + strlen(must)*sizeof(int). This is all inside the
regex_t's "guts", which is allocated dynamically by regcomp(). If
allocation of either of the two tables fail, the other one is freed.
In this case, the straight-forward algorithm is used for pre-matching.
Tests exercising the code path affected have shown a speed increase of
50% for "must" strings of length four or five.
API and ABI remain unchanged by this commit.
The patch submitted on the PR was not used, as it was non-functional.
PR: 14342
not have a user-supplied signal handler, when a signal is delivered, one
thread will receive the signal, and then the code reverts to having no
signal handler for the signal. This can leave the other sigwait()ing
threads stranded permanently if the signal is later ignored, or can result
in process termination when the process should have delivered the signal to
one of the threads in sigwait().
To fix this problem, maintain a count of sigwait()ers for each signal that
has no default signal handler. Use the count to correctly install/uninstall
dummy signal handlers.
Reviewed by: deischen
available. If not, it falls back to the existing hack and slash method.
A positive side effect is that non-root users may now use Disk_Names(),
for non-dangerous libh/disk.tcl testing.
Reviewed by: phk
- Have NgSendAsciiMsg() return the same token as NgSendMsg()
- Document that NgSendMsg() and NgSendAsciiMsg() return the token
- Add MLINKS for the functions defined in netgraph(3)
getaddrinfo() accidentally returns IPv4 mapped IPv6 address instead
of native IPv4 address.
Now, getaddinfo() is scoped address ready. You can put scoped
address within /etc/hosts.
Obtained from: KAME Project.
- Multiple PPTP clients behind NAT to the same or different servers.
- Single PPTP server behind NAT -- you just need to redirect TCP
port 1723 to a local machine. Multiple servers behind NAT is
possible but would require a simple API change.
- No API changes!
For more information on how this works see comments at the start of
the alias_pptp.c.
PacketAliasPptp() is no longer necessary and will be removed soon.
Submitted by: Erik Salander <erik@whistle.com>
Reviewed by: ru
Rewritten by: ru
Reviewed by: Erik Salander <erik@whistle.com>
renamed to {s|g}etflagsbyname, which received objections. They're
now called strtofflags (string to file flags) and fflagstostr (file
flags to string).
Suggested by: bde
not allowed to return EINTR, but use of pthread_suspend_np() could cause
EINTR to be returned. To fix this, restructure pthread_suspend_np() so that
it does not interrupt a thread that is waiting on a mutex or condition, and
keep enough state around that pthread_resume_np() can fix things up
afterwards.
Reviewed by: deischen
It does mean that it is now possible to run passive-mode FTP
server behind NAT.
- SECURITY: FTP aliasing engine now ensures that:
o the segment preceding a PORT/227 segment terminates with a \r\n;
o the IP address in the PORT/227 matches the source IP address of
the packet;
o the port number in the PORT command or 277 reply is greater than
or equal to 1024.
Submitted by: Erik Salander <erik@whistle.com>
Reviewed by: ru
.Pp
.Fn func
.Pp
Description ...
with a list (Bl ... Li ... El).
- Remove a superfluous ``.Sh ENVIRONMENT'' and replace it with a ``.Pp''
within the IMPLEMENTATION DETAILS section.
Reviewed by: rwatson
right now...
I talked w/ phk last night and "fixing" this in a generic way is going
to require a lot of complex thought on stacking let alone the NFS problems..
add missing sys/time.h for struct timespec def...
standardized interface to the capability support in TrustedBSD.
o Not currently enabled in Makefile, as this code depends on syscalls
and include files that will be committed at a later date.
Obtained from: TrustedBSD Project
