interfaces (such as when you are part of a carp pool), and you run
rpcbind -h to restrict which interfaces have rpc services, rpcbind can
none-the-less return addresses that aren't in the -h list. This patch
enforces the rule that when you specify -h on the command line, then
services returned from rpcbind must be to one of the addresses listed
in -h, or be a loopback address (since localhost is implicit when
running -h).
The root cause of this is the assumption in addrmerge that there can
be only one interface that matches a given network IP address. This
turns out not to be the case. To retain historical behavior, I didn't
try to fix the routine to prefer the address that the request came
into, since I didn't know the side effects that might cause in the
normal case. My quick analysis suggests that it wouldn't be a
problem, but since this code is tricky I opted for the more
conservative patch of only restricting the reply when -h is in effect.
Hence, this change will have no effect when you are running rpcbind
without -h.
Reviewed by: alfred@
Sponsored by: iX Systems
MFC after: 2 weeks
due to careful design. We've not yet figured out how to properly
annotate the sockaddr structs to communicate this to the compiler and
there's a number of constructs in the tree that make this annotation
challenging.
As such, reduce warns to 3 here because this code really isn't warns 6
safe, even if it kinda sorta appears to be on intel (which has no such
alignment restrictions). Warns 4 adds the -Wcast-align warning.
# fixes the mips tinderbox build
interface specifier on the command line can be ommited.
Besides of this, the bpf is being reused for each machine
that has to be woken up.
Submitted by: Marc Balmer <marc@msys.ch>
Some Exchange systems wrap lines over 75 characters long while converting
messages to quoted-printable, preventing ctm_rmail from reassembling
emailed deltas. For a negligible loss of encoding efficiency, this change
allows ctm deltas to once more pass through Exchange undamaged.
longer than the length of the current attribute if the buffer were reused
and previously longer, so bits of the previous, longer attribute would be
written. Fix this by using the actual attribute length.
which stops to proceed further, as it is possible that processes which
fails to create PID file get screwed by rotation.
Requested by: stas
MFC after: 2 weeks
X-MFC with: r200806
whether to use source address selection (default) or the primary
jail address for unbound outgoing connections.
This is intended to be used by people upgrading from single-IP
jails to multi-IP jails but not having to change firewall rules,
application ACLs, ... but to force their connections (unless
otherwise changed) to the primry jail IP they had been used for
years, as well as for people prefering to implement similar policies.
Note that for IPv6, if configured incorrectly, this might lead to
scope violations, which single-IPv6 jails could as well, as by the
design of jails. [1]
Reviewed by: jamie, hrs (ipv6 part)
Pointed out by: hrs [1]
MFC After: 2 weeks
Asked for by: Jase Thew (bazerka beardz.net)
While there, fix a bug I introduced previously. We must reopen the
database for each username passed on the command line. We must rewind
the database and search from the beginning.
Similar to last(1), it must compare ut_id's instead of TTYs to determine
whether a session has been terminated. It must also use ut_type to
determine the type of the login record instead figuring it out by
itself.
A nice thing about utmpx is that it makes it very easy to log sessions
that don't use TTYs. This is because the file is not indexed by TTY
slots anymore.
Silence from: brian
from standard 3G wireless units by supplying a raw IP/IPv6 endpoint rather than
using PPP over serial. uhsoctl(1) is used to initiate and close the WAN
connection.
Obtained from: Fredrik Lindberg <fli@shapeshifter.se>
Update delete_temproot() to include the error message if it fails,
and clean up the places where it's called.
If there are no files left in temproot when the comparison is done
delete it without prompting. This should make "automated" runs of
mergemaster without -a a little easier.
Document the new behavior in the man page.
Std 1003.1-2008. Both Linux and Solaris conforms to the new definitions,
so we better follow too (older glibc used old BSDish alphasort prototype
and corresponding type of the comparision function for scandir). While
there, change the definitions of the functions to ANSI C and fix several
style issues nearby.
Remove requirement for "sys/types.h" include for functions from manpage.
POSIX also requires that alphasort(3) sorts as if strcoll(3) was used,
but leave the strcmp(3) call in the function for now.
Adapt in-tree callers of scandir(3) to new declaration. The fact that
select_sections() from catman(1) could modify supplied struct dirent is
a bug.
PR: standards/142255
MFC after: 2 weeks
Even though it builds with WARNS=2, some users link sendmail from the
base system against SASL. This doesn't build in this case.
Reported by: Andrzej Tobola <ato iem pw edu pl>
