This change is equivalent to the approach committed in r306417, but if
sed has a bug it could be exploited by the untrusted tar file. Instead,
generate the expected tar content and compare that with find's output.
convert the expected hash list to the expected tar content filesystem
layout, and compare that with find's output.
Submitted by: cperciva (in review D8052)
Reviewed by: oshogbo
MFC after: 2 weeks
Because rtsold listens for RAs on a raw socket, it may receive RAs from
interfaces that it does not manage. Such events can result in excessive
logging.
Submitted by: Franco Fichtner <franco@opnsense.org>
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D8108
Previously it was possible to smuggle in addional files that would
be used by later portsnap runs. Now we only move those files expected
to be in the snapshot into files/ and require that there are no
unexpected files.
This was used by portsnap attacks 2, 3, and 4 in the "non-cryptanalytic
attacks against FreeBSD update components" anonymous gist.
Reported by: anonymous gist
Reviewed by: allanjude, delphij
MFC after: ASAP
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D8052
It also turns off dependencies (bsdinstall, bsdconfig, dpv, tzsetup).
Reviewed by: dteske
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D7969
build can break when different source files create the same target
files (case-insensitivity speaking). This is the case for object
files compiled with -fpic and shared libraries. The former uses
an extension of ".So", and the latter an extension ".so". Rename
shared object files from *.So to *.pico to match what NetBSD does.
See also r305855
MFC after: 1 month
Sponsored by: Bracket Computing
Differential Revision: https://reviews.freebsd.org/D7906
These functions are allowed to overwrite their input. Pull a copy of the
input parameter and call dirname() and basename() on that instead. Do
ensure that we reload the pathname value between calls.
uefisign previously included sys/capability.h or sys/capsicum.h based
on __FreeBSD_version in order to facilitate development on the stable
branch. The Capsicum header is now installed as sys/capsicum.h in
stable/10 and FreeBSD 10.3, so there's no need for the backwards
compatibility support.
Reviewed by: trasz
Sponsored by: The FreeBSD Foundation
Adds virtio-console device support to bhyve, allowing to create
bidirectional character streams between host and guest.
Syntax:
-s <slotnum>,virtio-console,port1=/path/to/port1.sock,anotherport=...
Maximum of 16 ports per device can be created. Every port is named
and corresponds to an Unix domain socket created by bhyve. bhyve
accepts at most one connection per port at a time.
Limitations:
- due to lack of destructors of in bhyve, sockets on the filesystem
must be cleaned up manually after bhyve exits
- there's no way to use "console port" feature, nor the console port
resize as of now
- emergency write is advertised, but no-op as of now
Approved by: trasz
MFC after: 1 month
Relnotes: yes
Sponsored by: iXsystems, Inc.
Differential Revision: D7185
The second argment to calloc(3) should be the size, make it so.
While here be a little bit more cautious in fifolog_reader_open()
to protect in the unlikely event of an overflowed allocation.
MFC after: 3 weeks
It turns out that we had a couple of more calls to dirname()/basename()
in newsyslog(8) that assume the input isn't clobbered. This is bad,
because it apparently breaks log rotation now that the new dirname()
implementation has been merged.
Fix this by first copying the input and then calling
dirname()/basename(). While there, improve the naming of variables in
this function a bit.
Reported by: Ryan Steinmetz, gjb
Reviewed by: bdrewery, allanjude
Differential Revision: https://reviews.freebsd.org/D7838
When using diff3 to perform a three-way merge, etcupdate lost the destination
file's metadata. The metadata from the temporary file were used instead.
This was unpleasant for rc.d scripts, which require execute permission.
Use "cat >" to overwrite the destination file's contents while preserving its
metadata.
Reviewed by: bapt
Sponsored by: Dell Technologies
Differential Revision: https://reviews.freebsd.org/D7817
ThunderX units in the netperf cluster.
Approved by: jkim
Obtained from: ABT Systems Ltd
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D7252
using shell redirections instead of having gzip(1) to decide what
file to open.
Issue reported in the "non-cryptanalytic attacks against freebsd
update components" anonymous gist.
Reviewed by: allanjude, emaste
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D7653
Right now is possible to modify bootable partition type to
non-bootable type without getting warning from partedit.
Example: if you auto parition drive for arm64, you will
get freebsd-ufs as bootable partition; now you are able
to change bootable partition type to freebsd-zfs; there
will be no warning and the system will install but
will not be bootable afterwards.
After this fix, partedit will issue the same warning it
does when user attempts to create bootable partition of
not supported type, notyfing a user about incoming
problem and allowing to think the decision over before
commiting the schema.
This has been tested on amd64 and arm64.
Obtained from: Semihalf
Submitted by: Dominik Ermel <der@semihalf.com>
Sponsored by: Cavium
Reviewed by: nwhitehorn
Differential Revision: https://reviews.freebsd.org/D6879
Previously cron had its own maximum username length limit, which was
smaller than the system's MAXLOGNAME. This could lead to crontab -u
updating the wrong user's crontab (if the name was truncated, and
matched another user).
PR: 212305
Reported by: Andrii Kuzik
Reviewed by: allanjude, jilles
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D7747
- DIRDEPS_BUILD: Fix crunchgen builds losing their library dependencies
on a nop-rebuild.
- META_MODE: Fix not rebuilding various crunch.mk targets if their .meta
files warrant a rebuild. They were lacking .meta files previously.
This adds .NOMETA to the crunch objects being used since they are
already built. Bmake was forcing a rebuild on them since their
.meta files were not in the expected place; there is no reason to
rebuild them.
MFC after: 2 weeks
Sponsored by: EMC / Isilon Storage Division
Add a new 'clear driver' command for devctl along with the accompanying
ioctl and devctl_clear_driver() library routine to reset a device to
use a wildcard devclass instead of a fixed devclass. This can be used
to undo a previous 'set driver' command. After the device's name has
been reset to permit wildcard names, it is reprobed so that it can
attach to newly-available (to it) device drivers.
MFC after: 1 month
Sponsored by: Chelsio Communications
to newsyslog, etc made in the past month.
The issue is being root-caused as part of the bug noted below. This commit
will need to be partially reverted once the issue has been found/fixed
PR: 212160
Reported by: Jenkins
Sponsored by: EMC / Isilon Storage Division
Decouple the send and receive limits on the amount of data in a single
iSCSI PDU. MaxRecvDataSegmentLength is declarative, not negotiated, and
is direction-specific so there is no reason for both ends to limit
themselves to the same min(initiator, target) value in both directions.
Allow iSCSI drivers to report their send, receive, first burst, and max
burst limits explicitly instead of using hardcoded values or trying to
derive all of them from the receive limit (which was the only limit
reported by the drivers prior to this change).
Display the send and receive limits separately in the userspace iSCSI
utilities.
Reviewed by: jpaetzel@ (earlier version), trasz@
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D7279