Its idea was to be a simple initiator and execute several commands from
kernel level, but FreeBSD never had consumer for that functionality,
while its implementation polluted many unrelated places.
Add a new sesutil(8) utility
This is an utility for managing SCSI Enclosure Services (SES) device.
For now only one command is supported "locate" which will change the test of the
external LED associated to a given disk.
Usage if the following:
sesutil locate disk [on|off]
Disk can be a device name: "da12" or a special keyword: "all".
Reviewed by: mav
Relnotes: yes
Sponsored by: gandi.net
pmcstat.8: fix -a flag description; improve -m flag to match
The -a flag reads a file saved by -O, not -o.
The -m flag requires the -R flag. Copy that paragraph from -a.
Sponsored by: Dell Inc.
Use the cpuset API more consistently:
- Fetch the root set from cpuset_getaffinity() instead of assuming all CPUs
from 0 to hw.ncpu are the root set.
- Use CPU_SETSIZE and CPU_FFS.
- The original notion of halted CPUs the manpage and code refers to is gone.
Use the term "available" instead.
transport specific form of a universal transport address. The
structure is expected to be opaque to consumers. In the current
implementation, the structure contains a pointer to a buffer
that holds the actual address.
In rpcbind(8), netbuf structures are copied directly, which would
result in two netbuf structures that reference to one shared
address buffer. When one of the two netbuf structures is freed,
access to the other netbuf structure would result in an undefined
result that may crash the rpcbind(8) daemon.
Fix this by making a copy of the buffer that is going to be freed
instead of doing a shallow copy.
Security: FreeBSD-SA-15:24.rpcbind
Security: CVE-2015-7236
Use strlcpy() in favor of strncpy() as it's defined to have a nul character
at the end of string buffer, and the code context do expects this to behave
correctly (e.g. strchr).
- Fix a crash on a rpc entry when an IPv6 address is explicitly
specified in -a flag.
- Fix a bug that sockaddr_in was used where sockaddr_in6 should have
been used. This was not actually harmful because offsetof(struct
sockaddr_in, sin_port) is equal to offsetof(struct sockaddr_in6,
sin6_port).
- Remove unused union p_un.
- Use NI_MAXHOST-long buffer for getnameinfo().
Although INET6_ADDRSTRLEN was designed to hold the longest
IPv6 address in IPv4-mapped address format a long time ago,
getnameinfo() can return scope identifier in addition to it.
Implement pubkey support for the bootstrap
Note that to not interfer with finger print it expects a signature on pkg itself
which is named pkg.txz.pubkeysign
To genrate it:
echo -n "$(sha256 -q pkg.txz)" | openssl dgst -sha256 -sign /thekey \
-binary -out ./pkg.txz.pubkeysig
Note the "echo -n" which prevent signing the '\n' one would get otherwise
PR: 202622
Regression: fix pw usermod -d
Mark the user has having been edited if -d option is passed to usermod and
so the request change of home directory actually happen
PR: 203052
Reported by: lenzi.sergio@gmail.com
Prefer pciids database from ports if present
Given the pciids database on ports is updated more often than the one in base
prefer this version if present, otherwise read the one from base.
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D3391
- Ansify function definitions.
- Change the type of addr argument in dump() function to be able
disambiguate link-local addresses from different zones.
- Add static and remove unused variables.
Check for invalid length or more than max length for the interpreter, instead
of the validity of the string pointer holding the interpreter.
Submitted by: sson
Serve /etc/eui64 via NIS.
The C library already knows how to lookup eui64 entries from NIS. For
example, fwcontrol(8) does it. But /var/yp/Makefile.dist doesn't build the
eui64 maps, and ypinit(8) doesn't push them to slaves. This change fixes
that.
r285396,r285398,r285401,r285403,r285405,r285406,r285408,r285409,r285411,
r285412,r285413,r285415,r285418,r285430,r285433,r285434,r285442,r285948,
r285984,r285985,r285989,r285996,r285997,r286045,r286047,r286066,r286150,
r286151,r286152,r286154,r286155,r286156,r286157,r286173,r286196,r286197,
r286198,r286199,r286200,r286201,r286202,r286203,r286204,r286210,r286211,
r286217,r286218,r286258,r286259,r286341,r286775,r286982,r286986,r286991,
r286993
Validate most pw inputs.
Rewrite the way parsing sub arguments is made to simplify code and improve
maintenability
Add -y (NIS) to userdel/usermod
pw userdel -r <rootdir> now deletes directories in the rootdir
Only parse pw.conf when needed
Reject usermod and userdel if the user concerned is not on the user database
supposed to be manipulated
Issue warning and refuse to proceed further if the configured
repository signature_type is unsupported by bootstrap pkg(7).
Previously, when signature_type specified an unsupported method,
the bootstrap pkg(7) would proceed like when signature_type is
"none". MITM attackers may be able to use this vulnerability and
bypass validation and install their own versions of pkg(8).
At this time, only fingerprint and none are supported by the
bootstrap pkg(7).
FreeBSD's official pkg(8) repository uses the fingerprint method
and is therefore unaffected.
Errata candidate.
r273544 (MFC in r273921) changed the -f option allow no arguments in vt
mode (used to reset the font back to the default), but broke the
optionality of the size argument for syscons. Drop the required argument
from syscons' optstring for -f so the optional argument handler works
the same way for both syscons and vt.
Sponsored by: The FreeBSD Foundation
Ensure the local MANIFEST is always used when verifying remote
distribution sets.
Approved by: re (glebius, insta-MFC)
Sponsored by: The FreeBSD Foundation
Make setproctitle(3) work in Capsicum capability mode. This makes
ctld(8) child processes to indicate initiator address and name in
their titles, similar to what iscsid(8) child processes do.
PR: 181352
Sponsored by: The FreeBSD Foundation
Allow '@' in unquoted strings, such as with the "path" statement. Note
that one can use any character they like by using double quotes.
PR: 200895
Sponsored by: The FreeBDS Foundation
