We now unwrap IP/IP and apply filter rules to both the outer
layer (with ``set filter blah x.x.x.x y.y.y.y ipip'') and to
the payload (reinterpreted by the filter rules).
``set log tcp/ip'' will now show both the outer wrapper and
the (reinterpreted) payload contents.
always look up -network and -mask addresses numerically before
trying getnetbyname(). Without this, we may end up attempting DNS
queries on silly names such as "127.0.0.0.my-domain.com". See the
commit log from revisions 1.21 and 1.20 for further details.
removes the last path component until the mount() succeeds. However,
the code never checks if it has passed the mountpoint, so in some
cases where the mount() never succeeds, it can end up applying the
flags from a mounted filesystem to the underlying one.
Add a sanity check to the code which removes the last path component:
test that the fsid associated with the new path is the same as that
of the old one.
PR: bin/7872
a number of assumptions related to the parsing of options in
/etc/exports, and missed a few necessary new error checks.
The main problems related to netmasks: an IPv6 network address
missing a netmask would result in the filesystem being exported to
the whole IPv6 world, non-continuous netmasks would be made continuous
without any warnings, and nothing prevented you specifying an IPv4
mask with an IPv6 address.
This change addresses these issues. As a side-effect we now store
netmasks in sockaddr structs (this matches the kernel interface,
and is closer to the way it used to be). Add a flag OP_HAVEMASK to
keep track of whether or not we have successfully got a mask from
any source. Replace some mask-related helper functions with versions
that use the sockaddr-based masks.
Also tidy up get_net() and fix the code that interprets IPv4 partial
networks such as "127.1" as network rather than host addresses.
Properly zero out some structures that were ending up partially
containing junk from the stack, fix a few formatting issues, and
add a comment noting some assumptions about export arguments.
would call malloc, stdio and other library functions from the signal
handler which is not safe due to reentrancy problems.
Instead, add a simple handler that just sets a flag, and call the
more complex function from main() when necessary. Unfortunately to
be able to check this flag, we must expand the svc_run() call, but
the RPC library makes that relatively easy to do.
- Remove some horrible code that faked a "struct addrinfo" to be
later passed to freeaddrinfo(). Instead, add a new group type
"GT_DEFAULT" used to denote that the filesystem is exported to the
world, and treat this case separately.
- Don't clear the AI_CANONNAME flag in a struct addrinfo returned
by getaddrinfo. There's still a bit more struct addrinfo abuse
left in here.
- Simplify do_mount() slightly by using an addrinfo pointer to keep
track of the current address.
- Revert del_mlist() to its pre-tirpc prototype. Unlike NetBSD's version,
ours lets the caller generate any syslog() messages, so that it
can include the service name in the message.
- Initialise a few local variables to clarify the logic and avoid some
compiler warnings.
- Remove a few unused functions and local variables, and fix some
whitespace issues.
- Reinstate the logic for avoiding duplicate host entries that got
removed accidentally in revision 1.41 (added in r1.5). This bit
was submitted in a slightly different form by Thomas Quinot.
Submitted by: Martin Blapp <mb@imp.ch>,
Thomas Quinot <quinot@inf.enst.fr>
PR: bin/26148
group file. Because of the way the group sorting works while printing
out the new file it's not possible at this time to restore comments
in other locations, but at least they won't just disappear altogether.
one user who differs only by case. The other perl tools assume (or enforce)
the all lowercase requirement, therefore making the search through
master.passwd case insensitive seemed a reasonable optimization, IMO.
I understand, although I do not sympathize with, the argument that someone
might want to do this on purpose, and might subsequently want to use the
wrong tool for the job. So, this fix should hopefully satisfy both camps.
the following fixes had been made:
- check the size of the font being loaded and compare it with possible sizes
to minimise possibility of loading something that is not a fontfile at all
and turning console screen into garbage;
- prevent buffer overflow (and coredump as a result ) when loading valid
uuencoded file with size that exceeds allocated buffer;
- correct and improve several error messages.
Approved by: -audit, -hackers (silently)
being present in the environment if the user has CDROM defined, or
has specified a device on the command line.
This avoids users of ports like 'workman' that use these variables
getting gratuitous warnings from cdcontrol.
Suggested by: John Sellens <jsellens@generalconcepts.com>
Paxson et al, Status: Informational, May 1998), we should use "bits per
second" and "k" as 1000 not 1024 for throughput measures.
Submitted by: Eduardo Souza Machado da Silva <esms@acm.org>
that actually conforms to the Porters Handbook.
Add a -t option to pkg_version(1) for doing comparison testing.
Add a script (and make test target) to do some regression tests on
the package number comparison routine, to help debug future revisions.
Submitted by: knu
Procrastination by: bmah
Mschapv2 response generation may produce embedded NULs... causing
us to send a bogus response to the radius server and end up
failing the client's valid response.
Problem pointed out by: Eugene Vigovskiy <vigov@com2com.ru>
The usr.sbin/acpi/ utilities should be compiled non-static.
It just followed the usr.sbin/pccard/Makefile.inc way last time.
Pointed out by: ru and msmith
Committed at: BSD HANAMI in Japan 2001
Make sure we pass $(BUILDOPTS) to the `clean' target
so that `make clean' works on the same set of object
files. Otherwise, we may end up with an incorrectly
built and up-to-date object file.
NO_MAKEDEV_INSTALL and NO_MAKEDEV_RUN. The former implying the latter.
The names imply what they do. The last commit by DES based on a PR defeated
the original idea behind NO_MAKEDEV, which was not to run MAKEDEV, but to do
the installation of MAKEDEV. This should satisfy both parties on the MAKEDEV
challenge.
Reflect this in mergemaster, this might later on be decided to be set to
NO_MAKEDEV_INSTALL, for now I kept to the old behaviour.
NO_MAKEDEV_INSTALL and NO_MAKEDEV_RUN. The former implying the latter.
The names imply what they do. The last commit by DES based on a PR defeated
the original idea behind NO_MAKEDEV, which was not to run MAKEDEV, but to do
the installation of MAKEDEV. This should satisfy both parties on the MAKEDEV
challenge.
Reflect this in the documentation.
method anymore since the code inside the RPC library has changed too much.
Now that the clnt_dg module has the necessary code internally, we can yank
out the local method code and turn on the ASYNC hack with clnt_control().
This will make the -m flag work again.
and do the unregister/reregister work.
Don't call syslog in the unregister/reregister code as we haven't called
openlog() yet.
Be a more conservative about accepting errno values from socket(2),
only EPROTONOSUPPORT means that the kernel isn't supporting it
something like INET6. The other possible errnos would be returned
if there was a mistake in the socket(2) call so remove them from the
list of "acceptable" return values.
then wait for the connection to be closed by the peer.
This means that commands such as ``pppctl ... show links'' will
display the correct output again (rather than truncating it depending
on how much data arrived in the last packet).
aliases with the same netmask and destination, don't remove it and then
re-add exactly the same thing.
This means that static (non-sticky) routes that use the interface address
(or destination address) as a destination will not suddenly evaporate when
IPCP comes up (not unless the negotiated IPs have changed anyway).
/usr/src/usr.sbin/sysinstall/menus.c:1323: initializer element is not computable at load time
/usr/src/usr.sbin/sysinstall/menus.c:1323: (near initialization for `MenuNetworking.items[9].aux')
- fix a harmless bug in match_installed() function introduced in my last
commit;
- uniformely reorder includes across files.
Submitted by: Garrett Rooney <rooneg@electricjellyfish.net>
Not objected by: jkh, -ports
Eliminate an old warning brought about by insufficient foresight when creating
the Menu structure. Have I ever mentioned that sysinstall really needs to
be rewritten?
Make struct cmessage visible from socket.h (about 4 places were
defining it for themselves which wasn't good)
Make __rpc_get_local_uid() useable and give it prototype that's
visible.
Fix some issues with printing out usernames from rpcbind and keyserv.
authorization check is on /dev/{,k}mem.
o Update man page to reflect requirement that gid kmem privileges must
be held, not root. (submitted by: peter)
needed to make the asynchronous DNS lookup mechanism work. (It needs to
be able to get/set the transaction ID in the trasport handle so it can
deliver a delayed UDP response when a reply is received from a DNS
server.) With TI-TPC, the transport handle has changed slightly (what
used to be an int is now a size_t) so we need to account for this.
SM_NOTIFY procedure.
Remove our hand-coded one as it was causing world breakage for
worlds compiled with NOSHARED=yes because the static linker is a
bit less forgiving (or not as broken as) our dynamic linker.
Add $FreeBSD$ while I'm here.
Pointed out by: bde
to run PPP over Radiocontact T-Link Radio Modems which run best when something
is transmitted at least every 1.5 seconds.
Tested by: Jennifer Clark <jen@telepresence.strath.ac.uk>
Approved by: Brian
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
Somebody submitted this long time ago, and it has been sitting in my
tree for months because I thought archie would pick it up.
Submitted by: (sorry, lost track)
A depends on dependency B then dependency A will be in all cases listed
before B, so ``pkg_add -r'' will fetch/install packages in the correct order.
Previously dependencies were sorted just by its names, which is why
``pkg_add -r'' never actually worked properly.
To be usefull, hovewer, this fix requires that all packages have been
rebuilt, so it will take some time until users would be able to feel
posititive improvements. For the same reasons it is desirable to propagate
these changes to the 4-stable package building cluster *before* 4.3 ports
freeze, so packages for 4.3-RELEASE would be properly prepared.
Prompted by: kris
Insanely appreciated by: obrien
Silently approved by: jkh, -ports
revised EA interface with explicit namespacing. Link against libutil
to provide string/constant conversion for namespaces. Document
revised interface.
Obtained from: TrustedBSD Project
explicit namespaces. Modify it to use libutil for string/constant
namespace conversions. Update the documentation to take into account
the new interface.
Obtained from: TrustedBSD Project
actually triggered a match and which did not, and add patterns that didn't
into resulting list, so caller will have a chance to notify user that package
isn't installed. This should fix current, POLA-breaking behaviour when user
doesn't receive a notification if he specifies several packages, some of which
aren't installed.