all inetd.conf services disabled by default but now editable in
sysinstall(8).
Deleted an item about disabling selected services in inetd.conf, since
it was superceded by the above.
While I'm here, rename the "Security Fixes" section to "Security-Related
Changes".
progs prog1
special prog1 objdir ../../prog1/obj
special prog1 objs prog1.o
This fixes a bug that I introduced around the time of 4.2-release.
Reported by: Larry Baird <lab@gta.com>
label if the dump device overflaps the label (which is a slight
misconfiguration). Dump routines don't use dscheck(), so the normal
write protection of the label doesn't help.
Reduced some nearby overflow bugs. In disk_dumpcheck(), there was
(fatal but fail-safe) overflow on i386's with 4GB of memory, at least
if Maxmem was the top page (can this happen?). The fix assumes that
the sector size divides PAGE_SIZE (dump routines already assume this).
In setdumpdev(), the corresponding overflow occurred with only about
2GB of memory on all machines with 32-bit ints. This allowed setdumpdev()
to succeed when it shouldn't have, but then disk_dumpcheck() failed
safe later. Except in old versions of FreeBSD like RELENG_3 where
there is no disk_dumpcheck().
PR: 28164 (label clobbering part)
MFC after: 1 week
: 2001-08-14 Ruslan Ermilov <ru@FreeBSD.org>
:
: * tmac/doc.tmac (Ex): New implementation.
: * tmac/doc-common, tmac/groff_tmac.man: Updated.
This adds a new macro, .Ex (Exit Status), for use in the
DIAGNOSTICS section of section 1, 6 and 8 manpages.
Prodded by: dd
"[EINVAL] ... The resulting file-position indicator would be set to a
negative value."
Moreover, in real life negative seek in stdio cause EOF indicator cleared
and not set again forever even if EOF returned.
2) Catch few possible off_t overflows.
Reviewed by: arch discussion
o Because of export controls, TELNET ENCRYPT option is not supported outside
of the United States and Canada.
o Because of export controls, data encryption
is not supported outside of the United States and Canada.
src/crypto/README revision 1.5 commit log says:
> Crypto sources are no longer export controlled:
> Explain, why crypto sources are still in crypto/.
and actually telnet encryption is used outside of US and Canada now.
Pointed out by: OHSAWA Chitoshi <ohsawa@catv1.ccn-net.ne.jp>
Reviewed by: no objection on doc
o This option is not available outside of the United States and Canada.
o Because of export controls, TELNET ENCRYPT option is not supported outside
of the United States and Canada.
src/crypto/README revision 1.5 commit log says:
> Crypto sources are no longer export controlled:
> Explain, why crypto sources are still in crypto/.
and actually telnet encryption is used outside of US and Canada now.
Pointed out by: OHSAWA Chitoshi <ohsawa@catv1.ccn-net.ne.jp>
Reviewed by:no objection on doc
to see if it was malloc()ed first" bug. In bus_dmamap_create(), one of
two things can happen: either we need to allocate a special map due to
some manner of bounce buffering requirement, or we can DMA a buffer
in place. On the x86 platform, the "in place" case results in
bus_dmamap_create() returning a dmamap of NULL. The bus_dmamap_destroy()
routine later checks for NULL and won't bother free()ing the map if
it detects this condition.
But on the alpha, we don't use NULL, we use a statically allocated map
called nobounce_dmamap(). Unfortunately, bus_dmamap_destroy() does not
handle the condition where we attempt to destroy such a map: it tries
to free() the dmamap, which causes a panic.
Fix: test that map != &nobounce_dmamap before trying to free() it.
With this fix, my busdma-ified if_sis driver works on the alpha. I'm
a bit alarmed that I'm the first person ever to trip over this bug, since
we have been using busdma on the alpha for a while, and since it sort
of screams out "Hi! I'm a bug! Booga-booga!" when you look at it.
(Somewhere, somebody will say: "But Bill, why don't you just not bother
destroying the maps in this case." Because the API is supposed to be
a) symetrical and b) opaque to the caller. I can't know whether it's safe
to skip the bus_dmamap_destroy() step or not without sticking my fingers
into unsafe places, which is what I wanted to avoid in the first place.)
assing an IRQ. Add better comments while I'm here.
MFC after: 1 day
# Note: That's merging all the -current pci pcic code, not just this one
# change for the Aug 15th code freeze.
use it. If not, then loop asking for each one, with normal -I
processing. This will effectively disable -I for when the pcic is in
PCI function interrupt routing mode.
structures (well, they're treated as opaque).
It's now possible to manage IPv6 interface addresses and routing
table entries and to filter IPV6 traffic whether encapsulated or
not.
IPV6CP support is crude for now, and hasn't been tested against
any other implementations.
RADIUS and IPv6 are independent of eachother for now.
ppp.linkup/ppp.linkdown aren't currently used by IPV6CP
o Understand all protocols(5) in filter rules rather than only a select
few.
o Allow a mask specification for the ``delete'' command. It's now
possible to specifically delete one of two conflicting routes.
o When creating and deleting proxy arp entries, do it for all IPv4
interface addresses rather than doing it just for the ``current''
peer address.
o When iface-alias isn't in effect, don't blow away manually (via ``iface
add'') added interface addresses.
o When listening on a tcp server (diagnostic) socket, bind so that a
tcp46 socket is created -- allowing both IPv4 and IPv6 connections.
o When displaying ICMP traffic, don't display the icmp type twice.
When display traffic, display at least some information about unrecognised
traffic.
o Bump version
Inspired after filtering work by: Makoto MATSUSHITA <matusita@jp.FreeBSD.org>
: 2001-08-13 Ruslan Ermilov <ru@FreeBSD.org>
:
: * tmac/doc.tmac (Rv): Implement support for 0 or more than 1
: argument.
: * tmac/groff_tmac.man: Updated.
All of the following are now valid:
.Rv -std f1
.Rv -std f1 f2
.Rv -std f1 f2 f3
.Rv -std
The last form is useful where the standard return behavior is applicable
to all of the functions described in this particular manpage. Look, for
example, at the stat(2), setresuid(2), and utimes(2) manpages.
The form with >1 functions is useful in a mixed environment. See the
fhopen(2) manpage for an example.
Prodded by: yar
