10867 Commits

Author SHA1 Message Date
sjg
61d13f6983 Merge bmake-20130904 2013-09-05 15:57:26 +00:00
se
f83bb7c481 Fix file selection logic for the RCS/SCCS case, as was done for the simple
file case before. Bump version because of the changed behavior, which now
matches the documentation.

Reviewed by:	pfg
2013-09-05 05:51:15 +00:00
pjd
029a6f5d92 Change the cap_rights_t type from uint64_t to a structure that we can extend
in the future in a backward compatible (API and ABI) way.

The cap_rights_t represents capability rights. We used to use one bit to
represent one right, but we are running out of spare bits. Currently the new
structure provides place for 114 rights (so 50 more than the previous
cap_rights_t), but it is possible to grow the structure to hold at least 285
rights, although we can make it even larger if 285 rights won't be enough.

The structure definition looks like this:

	struct cap_rights {
		uint64_t	cr_rights[CAP_RIGHTS_VERSION + 2];
	};

The initial CAP_RIGHTS_VERSION is 0.

The top two bits in the first element of the cr_rights[] array contain total
number of elements in the array - 2. This means if those two bits are equal to
0, we have 2 array elements.

The top two bits in all remaining array elements should be 0.
The next five bits in all array elements contain array index. Only one bit is
used and bit position in this five-bits range defines array index. This means
there can be at most five array elements in the future.

To define new right the CAPRIGHT() macro must be used. The macro takes two
arguments - an array index and a bit to set, eg.

	#define	CAP_PDKILL	CAPRIGHT(1, 0x0000000000000800ULL)

We still support aliases that combine few rights, but the rights have to belong
to the same array element, eg:

	#define	CAP_LOOKUP	CAPRIGHT(0, 0x0000000000000400ULL)
	#define	CAP_FCHMOD	CAPRIGHT(0, 0x0000000000002000ULL)

	#define	CAP_FCHMODAT	(CAP_FCHMOD | CAP_LOOKUP)

There is new API to manage the new cap_rights_t structure:

	cap_rights_t *cap_rights_init(cap_rights_t *rights, ...);
	void cap_rights_set(cap_rights_t *rights, ...);
	void cap_rights_clear(cap_rights_t *rights, ...);
	bool cap_rights_is_set(const cap_rights_t *rights, ...);

	bool cap_rights_is_valid(const cap_rights_t *rights);
	void cap_rights_merge(cap_rights_t *dst, const cap_rights_t *src);
	void cap_rights_remove(cap_rights_t *dst, const cap_rights_t *src);
	bool cap_rights_contains(const cap_rights_t *big, const cap_rights_t *little);

Capability rights to the cap_rights_init(), cap_rights_set(),
cap_rights_clear() and cap_rights_is_set() functions are provided by
separating them with commas, eg:

	cap_rights_t rights;

	cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_FSTAT);

There is no need to terminate the list of rights, as those functions are
actually macros that take care of the termination, eg:

	#define	cap_rights_set(rights, ...)				\
		__cap_rights_set((rights), __VA_ARGS__, 0ULL)
	void __cap_rights_set(cap_rights_t *rights, ...);

Thanks to using one bit as an array index we can assert in those functions that
there are no two rights belonging to different array elements provided
together. For example this is illegal and will be detected, because CAP_LOOKUP
belongs to element 0 and CAP_PDKILL to element 1:

	cap_rights_init(&rights, CAP_LOOKUP | CAP_PDKILL);

Providing several rights that belongs to the same array's element this way is
correct, but is not advised. It should only be used for aliases definition.

This commit also breaks compatibility with some existing Capsicum system calls,
but I see no other way to do that. This should be fine as Capsicum is still
experimental and this change is not going to 9.x.

Sponsored by:	The FreeBSD Foundation
2013-09-05 00:09:56 +00:00
erwin
e0b55fed21 Reduce WARNS to 0 for dig, host, and nslookup to make them
compile with the optional WITH_BIND_SIGCHASE.

Submitted by:	Andre Albsmeier <Andre.Albsmeier@siemens.com>
Approved by:	delphij (mentor, implicit)
MFC after:	3 days
Sponsored by:	DK Hostmaster A/S
2013-08-30 06:21:00 +00:00
pfg
a90a8d62c1 Drop build option switch for the older GNU patch.
As promised, drop the option to make the older GNU patch
the default.

GNU patch is still being built but something drastic may
happen to it to it before Release.
2013-08-29 00:38:24 +00:00
jmg
a1c1d2c61c fix up my copyright and remove third clause.. 2013-08-26 18:51:48 +00:00
jilles
24cd181d1e kdump: Decode SOCK_CLOEXEC and SOCK_NONBLOCK in socket() and socketpair(). 2013-08-26 17:22:51 +00:00
joel
28f43d3ba0 Remove EOL whitespace. 2013-08-22 16:01:20 +00:00
erwin
6a288ef517 Update Bind to 9.9.3-P2
Notable new features:

*  Elliptic Curve Digital Signature Algorithm keys and signatures in
   DNSSEC are now supported per RFC 6605. [RT #21918]

*  Introduces a new tool "dnssec-verify" that validates a signed zone,
   checking for the correctness of signatures and NSEC/NSEC3 chains.
   [RT #23673]

*  BIND now recognizes the TLSA resource record type, created to
   support IETF DANE (DNS-based Authentication of Named Entities)
   [RT #28989]

*  The new "inline-signing" option, in combination with the
   "auto-dnssec" option that was introduced in BIND 9.7, allows
   named to sign zones completely transparently.

Approved by:	delphij (mentor)
MFC after:	3 days
Sponsored by:	DK Hostmaster A/S
2013-08-22 08:15:03 +00:00
andrew
bf6a516fa3 Subversion requires atomic functions we only support on arm with clang. 2013-08-19 17:44:19 +00:00
jhb
fb96ed57d0 Remove incorrect 'const' qualifier from pointers to dynamic string
buffers I added in the previous commit.

Pointy hat to:	jhb
MFC after:	1 month
2013-08-19 17:09:14 +00:00
theraven
a84c641767 Add support for parameterised device tree sources to the device tree compiler.
Reviewed by:	brooks
Sponsored by:	DARPA, AFRL
2013-08-19 12:37:13 +00:00
pjd
5696218306 Make the "FD" column one character wider, so that "trace" can also align
properly.
2013-08-18 10:44:37 +00:00
hrs
17f8b7cb0b - Use getnameinfo(3) instead of gethostbyaddr(3) or inet_ntop(3).
- Fill sin6_scope_id from in6p.sin6_addr.s6_addr[2].  struct inpcb has
  struct in6_addr for the endpoint addresses, so sin6_scope_id must be filled.
2013-08-17 17:23:42 +00:00
jhb
3bfcb89de4 Add new mmap(2) flags to permit applications to request specific virtual
address alignment of mappings.
- MAP_ALIGNED(n) requests a mapping aligned on a boundary of (1 << n).
  Requests for n >= number of bits in a pointer or less than the size of
  a page fail with EINVAL.  This matches the API provided by NetBSD.
- MAP_ALIGNED_SUPER is a special case of MAP_ALIGNED.  It can be used
  to optimize the chances of using large pages.  By default it will align
  the mapping on a large page boundary (the system is free to choose any
  large page size to align to that seems best for the mapping request).
  However, if the object being mapped is already using large pages, then
  it will align the virtual mapping to match the existing large pages in
  the object instead.
- Internally, VMFS_ALIGNED_SPACE is now renamed to VMFS_SUPER_SPACE, and
  VMFS_ALIGNED_SPACE(n) is repurposed for specifying a specific alignment.
  MAP_ALIGNED(n) maps to using VMFS_ALIGNED_SPACE(n), while
  MAP_ALIGNED_SUPER maps to VMFS_SUPER_SPACE.
- mmap() of a device object now uses VMFS_OPTIMAL_SPACE rather than
  explicitly using VMFS_SUPER_SPACE.  All device objects are forced to
  use a specific color on creation, so VMFS_OPTIMAL_SPACE is effectively
  equivalent.

Reviewed by:	alc
MFC after:	1 month
2013-08-16 21:13:55 +00:00
glebius
5cec20bb2b Provide UTF-8 version of russian calendars. 2013-08-16 07:02:17 +00:00
theraven
70c59fcff4 Make carets line up in dtc diagnostics if the line starts with a tab. 2013-08-14 14:34:02 +00:00
uqs
8eeca12329 Belatedly add my birthday and fix a typo. 2013-08-14 08:10:54 +00:00
jilles
90af9dfe1e kdump: Decode AT_FDCWD in first argument of bindat() and connectat(). 2013-08-13 20:33:50 +00:00
jilles
7817797d29 kdump: Improve decoding of various *at calls:
* Write AT_FDCWD where appropriate.
* Decode the remaining arguments of openat() etc like open() etc.
2013-08-13 19:57:35 +00:00
trasz
3eef1145fb Make check for unknown login class actually work. Previously, using the "-c" option
with login class not defined in login.conf(5) would silently fail, resulting in using
the default login class.
2013-08-12 21:01:01 +00:00
peter
1930f97c40 Give up on using iconv to convert to UTF-8 at build time. I don't see any
practical way to make iconv(1) as a build tool.  Instead pre-convert.
This gives us UTF-8 nvi catalogs even on systems without iconv enabled.
2013-08-12 09:56:52 +00:00
peter
2d178f0d11 Don't build the UTF-8 version of the catalogs without iconv enabled.
Pointy-hat to:	peter (don't do things at 4am!)
2013-08-11 21:46:06 +00:00
peter
4ad6d22609 Don't install a ru_SU.KOI8-R symlink, 'make delete-old' will just remove
it again.
2013-08-11 20:46:05 +00:00
peter
5f2a1d6536 Update nvi-1.79 to 2.1.1-4334a8297f
This is the gsoc-2011 project to clean up and backport multibyte support
from other nvi forks in a form we can use.

USE_WIDECHAR is on unless building for the rescue crunchgen. This should
allow editing in the native locale encoding.

USE_ICONV depends on make.conf having 'WITH_ICONV=YES' for now.  This
adds the ability to do things like edit a KOI8-R file while having $LANG
set to (say) en_US.UTF-8.  iconv is used to transcode the characters for
display.

Other points:
* It uses gencat and catopen/etc instead of homegrown msg catalog stuff.
* A lot of stuff has been trimmed out, eg: the perl and tcl bindings which
  we could never use in base anyway.
* It uses ncursesw when in widechar mode.  This could be interesting.

GSoC info: http://www.google-melange.com/gsoc/proposal/review/google/gsoc2011/zy/1
Repo at: https://github.com/lichray/nvi2

Obtained from:  Zhihao Yuan <lichray@gmail.com>
2013-08-11 20:03:12 +00:00
trasz
68b7f99701 In su(1), fix option ordering and clarify that the login class specified
must be defined in login.conf.

MFC after:	1 month
2013-08-11 11:06:49 +00:00
sjg
0e7402e046 ParseGetLine: don't treat a zero byte as end of buffer if P_end says it isn't.
Consume up to next newline, and issue a parse warning.
If no newline found before P_end, carry on as before.
2013-08-10 21:31:35 +00:00
markj
a11192f9a0 Pass variables prefixed with both LD_ and LD_32_ to the run-time linker.
This prevents unintentional execution of programs when running ldd(1) on
32-bit Linux binaries.

PR:		175339, 127276
Suggested by:	kib, rstone
Reviewed by:	kib
MFC after:	2 weeks
2013-08-07 00:28:17 +00:00
peter
bce4a8587d Update serf 1.2.1 -> 1.3.0 for svn 2013-08-02 19:21:46 +00:00
jilles
713e53c6b9 find: Allow -delete to delete files given as arguments.
Formerly, a command like find dir1/dir2 -delete would delete everything
under dir1/dir2 but not dir1/dir2 itself.

When -L is not specified and "." can be opened, the fts(3) code underlying
find(1) is careful to avoid following symlinks or being dropped in different
locations by moving the directory fts is currently traversing. If a
problematic concurrent modification is detected, fts will not enter the
directory or abort. Files found in the search are returned via the current
working directory and a pathname not containing a slash.

For paranoia, find(1) verifies this when -delete is used. However, it is too
paranoid about the root of the traversal. It is already assumed that the
initial pathname does not refer to directories or symlinks that might be
replaced by untrusted users; otherwise, the whole traversal would be unsafe.
Therefore, it is not necessary to do the check for fts_level ==
FTS_ROOTLEVEL.

Deleting the pathnames given as arguments can be prevented without error
messages using -mindepth 1 or by changing directory and passing "." as
argument to find. This works in the old as well as the new version of find.

Tested by:	Kurt Lidl
Reviewed by:	jhb
2013-08-02 14:14:23 +00:00
sjg
ff765cb371 Merge bmake-20130730
Main feature of interest is .MAKE.JOB.PREFIX=
to suppress --- job --- tokens.
2013-08-02 06:25:28 +00:00
markj
5d2ce17ff0 Properly print arguments to vfork(2) and rfork(2).
PR:		180976
Submitted by:	Yuri <yuri@tsoft.com> (original patch)
MFC after:	1 week
2013-08-01 02:57:04 +00:00
obrien
d74088447c MFC'ing to 9.2. 2013-07-30 19:21:36 +00:00
ache
d6abb7bc66 grep -i does not work for simple patterns and single byte locales, like
LANG=ru_RU.KOI8-R grep -i <some single KOI8-R letter>
Fix it.

MFC after:      3 days
2013-07-30 18:16:43 +00:00
des
0b1a1b2338 Include an Accept header in requests.
PR:		kern/180917
MFC after:	1 week
2013-07-30 13:07:55 +00:00
des
b0032aebc5 Add Michael Gmelin's name to the copyright statement. 2013-07-30 13:05:51 +00:00
avg
4e6c4b2a36 Revert r253748,253749
This WIP should not have been committed yet.

Pointyhat to:	avg
2013-07-28 18:44:17 +00:00
avg
c8737cbf1c remove needless inclusion of machine/cpu.h in userland
MFC after:	21 days
2013-07-28 18:35:43 +00:00
joel
441173b6cc Remove EOL whitespace. 2013-07-28 06:16:12 +00:00
peter
0aadc82afb Update subversion-1.8.0 -> 1.8.1. Update supporting
components: apr-1.4.6 -> 1.4.8 and apr-util-1.4.1 -> 1.5.2.

This is a post point-zero bug-fix / fix-sharp-edges release, including
some workarounds for UTF-8 for people who haven't yet turned on WITH_ICONV.
2013-07-28 06:02:40 +00:00
pfg
97ac613107 Make the BSD-licensed patch the default.
The BSD-licensed patch(1) command has matured and it's behaviour
can be considered equivalent to the older version of GNU patch
in the tree.

The switch has been extensively tested [1] and only two ports
presented regressions, which have since been fixed.

For convenience a new WITH_GNU_PATCH option is available,
but it will likely be removed in the near future.

PR:		176313
Approved by:	portmgr
2013-07-26 21:25:18 +00:00
des
29d3efe0a8 Implement certificate verification, and many other SSL-related
imrovements; complete details in the PR.

PR:		kern/175514
Submitted by:	Michael Gmelin <freebsd@grem.de>
MFC after:	1 week
2013-07-26 15:53:43 +00:00
pfg
e34a7fd471 patch: style fix
Submitted by:	gogolok
2013-07-24 15:46:49 +00:00
ae
afd48faca0 Remove the large part of struct ipsecstat. Only few fields of this
structure is used, but they already have equal fields in the struct
newipsecstat, that was introduced with FAST_IPSEC and then was merged
together with old ipsecstat structure.

This fixes kernel stack overflow on some architectures after migration
ipsecstat to PCPU counters.

Reported by:	Taku YAMAMOTO, Maciej Milewski
2013-07-23 14:14:24 +00:00
des
2cf5ec44f0 mdoc nit 2013-07-21 07:24:25 +00:00
pjd
f2d723e2cd Close uniq(1) in the capability mode sandbox and limit descriptors using
capability rights.
2013-07-18 22:11:27 +00:00
pjd
1018d5b890 - Make localtime(3) to work in sandbox.
- Move strerror(3) initialization to its own function.
2013-07-18 21:56:10 +00:00
glebius
06ff98bcf1 Sweep unused nlist entries.
Sponsored by:	Nginx, Inc.
2013-07-16 12:22:36 +00:00
glebius
270169f28a Nuke "systat -mbuf". It was broken since FreeBSD 5, and since there
haven't been any complaints, no one used it.
2013-07-15 12:15:14 +00:00
ae
6f8e41d6cb Introduce new structure sfstat for collecting sendfile's statistics
and remove corresponding fields from struct mbstat. Use PCPU counters
and SFSTAT_INC() macro for update these statistics.

Discussed with:	glebius
2013-07-15 06:16:57 +00:00