freebsd-skq/usr.sbin
Ed Maste 54786ab35e portsnap: only move expected snapshot contents from snap/ to files/
Previously it was possible to smuggle in addional files that would
be used by later portsnap runs. Now we only move those files expected
to be in the snapshot into files/ and require that there are no
unexpected files.

This was used by portsnap attacks 2, 3, and 4 in the "non-cryptanalytic
attacks against FreeBSD update components" anonymous gist.

Reported by:	anonymous gist
Reviewed by:	allanjude, delphij
MFC after:	ASAP
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D8052
2016-09-28 21:22:51 +00:00
..
ac Add META_MODE support. 2015-06-13 19:20:56 +00:00
accton Create an acct package for accounting tools. 2016-01-21 17:49:10 +00:00
acpi Teach acpidump how to parse ACPI 5.1 tables found on the development 2016-09-06 10:13:49 +00:00
adduser Add META_MODE support. 2015-06-13 19:20:56 +00:00
amd Switch from .CURDIR to the simpler, more legible SRCTOP. 2016-09-14 01:47:01 +00:00
ancontrol ancontrol(8): replace comma with semicolon when pertinent. 2016-08-09 19:46:05 +00:00
apm Create a package for apm(8). 2016-01-21 18:41:55 +00:00
apmd It seems <sys/types.h> is a new prerequisite for <bitstring.h> after 2016-05-24 03:15:46 +00:00
arp rtsock requests for deleting interface address lles started to return EPERM 2015-09-27 04:54:29 +00:00
asf Update dependencies after r291406 added libelf to libkvm. 2015-12-01 05:18:48 +00:00
audit Add META_MODE support. 2015-06-13 19:20:56 +00:00
auditd Add META_MODE support. 2015-06-13 19:20:56 +00:00
auditdistd DIRDEPS_BUILD: Regenerate without local dependencies. 2016-02-24 17:20:11 +00:00
auditreduce Add META_MODE support. 2015-06-13 19:20:56 +00:00
authpf Add META_MODE support. 2015-06-13 19:20:56 +00:00
autofs Use proper argument order for calloc(3). 2016-09-14 11:20:58 +00:00
bhyve Fix misuse of the basename() and dirname() functions. 2016-09-21 13:02:43 +00:00
bhyvectl MFH 2016-01-12 14:33:17 +00:00
bhyveload bhyve: improve memory size documentation 2016-06-26 14:44:01 +00:00
binmiscctl Another attempt at resolving CID 1305629. The test of cmd == -1 2016-05-13 17:48:04 +00:00
blacklistctl DIRDEPS_BUILD: Connect new directories and update dependencies. 2016-06-03 19:25:30 +00:00
blacklistd DIRDEPS_BUILD: Connect new directories and update dependencies. 2016-06-03 19:25:30 +00:00
bluetooth Avoid undefined behavior when calling va_start() in bnep_send_control(), 2016-08-29 19:40:46 +00:00
boot0cfg Adjust previous fix to conform to the existing style in this file. 2016-01-14 15:49:24 +00:00
boot98cfg META_MODE: Remove DEP_MACHINE from Makefile.depend files. 2015-09-25 19:44:01 +00:00
bootparamd DIRDEPS_BUILD: Regenerate without local dependencies. 2016-02-24 17:20:11 +00:00
bsdconfig Add bsdconfig wifi' (aka wireless' or `wlan') module 2016-06-16 21:14:25 +00:00
bsdinstall bsdinstall: add warning when unsupported partition is modified 2016-09-05 08:42:36 +00:00
bsnmpd When MAKEOBJDIRPREFIX points to a case-insensitive file system, the 2016-09-24 15:11:27 +00:00
btxld Reuse our roundup2() macro instead of reinventing the wheel. 2016-04-18 17:30:33 +00:00
camdd Fix camdd for host-aware and host-managed SMR disks. 2016-07-20 15:00:05 +00:00
cdcontrol Remove last remnants of acd(4), mcd(4), and scd(4) drivers. 2016-08-25 19:36:58 +00:00
chkgrp Revert r286148 2015-08-01 10:40:17 +00:00
chown Move chown tests to proper path 2016-07-23 05:49:18 +00:00
chroot Add META_MODE support. 2015-06-13 19:20:56 +00:00
ckdist Add META_MODE support. 2015-06-13 19:20:56 +00:00
clear_locks Add META_MODE support. 2015-06-13 19:20:56 +00:00
config Don't free fnamebuf before we calling cfgfile_add(). This changes a 2016-05-16 04:39:16 +00:00
cpucontrol Return usual error indicator to shell. 2016-06-16 12:08:25 +00:00
crashinfo Update crashinfo to work with newer gdb from ports. 2016-07-20 18:41:47 +00:00
cron cron: use existing maximum username constant MAXLOGNAME 2016-09-02 03:15:54 +00:00
crunch META_MODE/DIRDEPS_BUILD: Fix various issues with crunch builds. 2016-09-01 23:21:08 +00:00
ctladm Make the iSCSI parameter negotiation more flexible. 2016-08-25 05:22:53 +00:00
ctld Make the iSCSI parameter negotiation more flexible. 2016-08-25 05:22:53 +00:00
ctm Remove a link to the CTM section of the Handbook, which no longer exists. 2016-04-14 21:56:36 +00:00
daemon o -t comman line option added to the usage(). 2016-03-03 07:07:44 +00:00
dconschat Update dependencies after r291406 added libelf to libkvm. 2015-12-01 05:18:48 +00:00
devctl Implement 'devctl clear driver' to undo a previous 'devctl set driver'. 2016-08-29 22:48:36 +00:00
devinfo Use uintmax_t (typedef'd to rman_res_t type) for rman ranges. 2016-03-18 01:28:41 +00:00
digictl Add META_MODE support. 2015-06-13 19:20:56 +00:00
diskinfo Small tweaks to the diskinfo(8) manual page, to make it more consistent 2016-09-22 07:55:07 +00:00
dumpcis Add META_MODE support. 2015-06-13 19:20:56 +00:00
editmap DIRDEPS_BUILD: Regenerate without local dependencies. 2016-02-24 17:20:11 +00:00
edquota Use strlcpy() instead of strncpy() to ensure that qup->fsname is NUL 2016-05-13 00:02:03 +00:00
eeprom META_MODE: Remove DEP_MACHINE from Makefile.depend files. 2015-09-25 19:44:01 +00:00
etcupdate etcupdate: preserve the metadata of the destination file 2016-09-08 15:53:49 +00:00
extattr Disable extattr test on UFS1. 2016-09-21 10:58:58 +00:00
extattrctl Add META_MODE support. 2015-06-13 19:20:56 +00:00
fdcontrol Add META_MODE support. 2015-06-13 19:20:56 +00:00
fdformat Use NULL instead of 0 for pointers and memory allocation. 2016-04-15 02:14:11 +00:00
fdread Use NULL instead of 0 for pointers. 2016-04-14 12:46:46 +00:00
fdwrite Add META_MODE support. 2015-06-13 19:20:56 +00:00
fifolog fifolog(1): invert order of calloc(3) arguments. 2016-09-14 16:34:52 +00:00
flowctl Add META_MODE support. 2015-06-13 19:20:56 +00:00
fmtree Use NULL instead of 0 for pointers. 2016-04-15 03:38:58 +00:00
freebsd-update In preparation for removal of GNU rcs, replace merge(1) usage with direct 2016-09-18 14:48:28 +00:00
fstyp Merge ^/user/ngie/release-pkg-fix-tests to unbreak how test files are installed 2016-05-04 23:20:53 +00:00
ftp-proxy META MODE: Update dependencies with 'the-lot' and add missing directories. 2015-12-01 05:23:19 +00:00
fwcontrol Fix a ton of speelling errors 2015-10-21 05:37:09 +00:00
getfmac Add META_MODE support. 2015-06-13 19:20:56 +00:00
getpmac Add META_MODE support. 2015-06-13 19:20:56 +00:00
gpioctl Fix gcc warnings about possibly uninitialized variables in gpioctl.c. 2016-03-12 15:10:30 +00:00
gssd usr.sbin: minor spelling fixes on comments. 2016-05-01 16:41:25 +00:00
gstat Fix gstat's interactive f and q commands 2016-06-23 23:13:14 +00:00
hyperv META MODE: Update dependencies with 'the-lot' and add missing directories. 2015-12-01 05:23:19 +00:00
i2c i2c(8): uninitialized variable (UNINIT). 2016-05-13 15:57:55 +00:00
ifmcstat Add META_MODE support. 2015-06-13 19:20:56 +00:00
inetd Rename getline with get_line to avoid collision with getline(3) 2016-05-10 11:12:31 +00:00
iostat Make the "r/s" and "w/s" fields in "iostat -x" a little bit wider; 2016-09-21 11:22:19 +00:00
iovctl Clean up repeated "All rights reserved" 2016-03-14 17:41:17 +00:00
ip6addrctl Add META_MODE support. 2015-06-13 19:20:56 +00:00
ipfwpcap Add META_MODE support. 2015-06-13 19:20:56 +00:00
iscsid Make the iSCSI parameter negotiation more flexible. 2016-08-25 05:22:53 +00:00
jail Fix up the order in which jail creation processes are run, to preserve 2016-07-14 20:15:55 +00:00
jexec Define which of the username options (-u/-U) to jexec(8) is the default. 2016-04-23 22:31:58 +00:00
jls Add a package for jail(8) and related utilities. 2016-01-20 17:07:13 +00:00
kbdcontrol kbdcontrol: add -P path option to add keymap search paths 2016-03-16 04:05:02 +00:00
kbdmap kbdmap: include filename when reporting fopen() failure 2015-11-27 21:27:39 +00:00
keyserv keyserv(1): drop useless comparison. 2016-05-30 20:41:55 +00:00
kgmon Use NULL instead of 0 for pointers. 2016-04-14 11:41:30 +00:00
kgzip kgzip.8: note that it is deprecated and clarify BUGS section 2016-08-02 21:48:26 +00:00
kldxref Use roundup2() from sys/param.h. 2016-08-23 13:43:43 +00:00
lastlogin Add META_MODE support. 2015-06-13 19:20:56 +00:00
lmcconfig Use strlcpy() instead of strncpy() when copying ifname to ensure 2016-05-15 21:45:04 +00:00
lpr Rename getline with get_line to avoid collision with getline(3) 2016-05-10 11:17:19 +00:00
lptcontrol Add META_MODE support. 2015-06-13 19:20:56 +00:00
mailstats DIRDEPS_BUILD: Regenerate without local dependencies. 2016-02-24 17:20:11 +00:00
mailwrapper Add META_MODE support. 2015-06-13 19:20:56 +00:00
makefs makefs: sync NetBSD IDs with upstream for changes that we already have 2016-07-19 18:40:54 +00:00
makemap DIRDEPS_BUILD: Regenerate without local dependencies. 2016-02-24 17:20:11 +00:00
manctl Add META_MODE support. 2015-06-13 19:20:56 +00:00
memcontrol Add META_MODE support. 2015-06-13 19:20:56 +00:00
mergemaster META_MODE: Don't require filemon(4) for mergemaster(8)/etcupdate(8) 2016-07-12 19:47:01 +00:00
mfiutil Fix a ton of speelling errors 2015-10-21 05:37:09 +00:00
mixer mixer(8): Style: Tag no-return usage() as __dead2 2016-05-11 17:27:27 +00:00
mld6query Add META_MODE support. 2015-06-13 19:20:56 +00:00
mlxcontrol Add META_MODE support. 2015-06-13 19:20:56 +00:00
mount_smbfs META MODE: Update dependencies with 'the-lot' and add missing directories. 2015-12-01 05:23:19 +00:00
mountd Use MIN macro from sys/param.h. 2016-05-02 01:49:42 +00:00
moused Add Elantech trackpad to the list of known models 2016-09-26 22:07:45 +00:00
mpsutil Plug various resources leak 2016-04-20 21:32:34 +00:00
mptable Stop suggesting -grope argument when -grope argument was actually given 2015-10-22 21:13:35 +00:00
mptutil Fix multiple Coverity Out-of-bounds access false postive issues in CAM 2016-05-24 00:57:11 +00:00
mtest mtest: Prevent access to uninitialized value. 2016-04-01 01:35:52 +00:00
nandsim usr.sbin: minor spelling fixes on comments. 2016-05-01 16:41:25 +00:00
nandtool META MODE: Connect MK_NAND directories. 2015-12-02 05:31:01 +00:00
ndiscvt Remove the old depend (mkdep) code and make FAST_DEPEND the one true way. 2016-03-30 23:50:23 +00:00
ndp Fix indent after r292333. 2015-12-19 09:18:01 +00:00
newsyslog Properly patch up dirname()/basename() calls to not clobber ent->log. 2016-09-09 07:10:50 +00:00
nfscbd Cleanup unnecessary semicolons from utilities we all love. 2016-04-15 22:31:22 +00:00
nfsd Cleanup unnecessary semicolons from utilities we all love. 2016-04-15 22:31:22 +00:00
nfsdumpstate Add META_MODE support. 2015-06-13 19:20:56 +00:00
nfsrevoke Add META_MODE support. 2015-06-13 19:20:56 +00:00
nfsuserd Document the new "-manage-gids" option for the nfsuserd daemon. 2015-11-30 22:16:30 +00:00
ngctl ngctl dot: Drop invalid trailing semi-colon 2015-09-22 01:31:01 +00:00
nghook Add META_MODE support. 2015-06-13 19:20:56 +00:00
nmtree Merge ^/user/ngie/release-pkg-fix-tests to unbreak how test files are installed 2016-05-04 23:20:53 +00:00
nologin new depends 2015-06-16 23:37:19 +00:00
nscd Add META_MODE support. 2015-06-13 19:20:56 +00:00
ntp Fixup man page formatting. 2016-08-24 02:41:24 +00:00
nvram use .Mt to mark up email addresses consistently (part2) 2014-06-20 09:57:27 +00:00
ofwdump DIRDEPS_BUILD: Update dependencies. 2015-12-07 23:53:01 +00:00
pc-sysinstall Remove last remnants of acd(4), mcd(4), and scd(4) drivers. 2016-08-25 19:36:58 +00:00
pciconf Fix some logic in PCIe HotPlug; display EI status 2016-08-05 23:23:48 +00:00
periodic Better document security_show_{success,info,badconfig} in /etc/periodic.conf 2016-05-21 02:14:11 +00:00
pkg Remove usage of _WITH_GETLINE from usr.sbin 2016-07-30 01:10:05 +00:00
pmcannotate Add META_MODE support. 2015-06-13 19:20:56 +00:00
pmccontrol Use macro MAX() from sys/param.h. 2016-04-22 05:07:59 +00:00
pmcstat Make code compile when basename() is POSIX compliant. 2016-05-25 08:45:03 +00:00
pmcstudy DIRDEPS_BUILD: Add some missing dirctories to the build. 2016-08-31 19:30:59 +00:00
pnpinfo META_MODE: Remove DEP_MACHINE from Makefile.depend files. 2015-09-25 19:44:01 +00:00
portsnap portsnap: only move expected snapshot contents from snap/ to files/ 2016-09-28 21:22:51 +00:00
powerd Directly set the NONBLOCK flags when creating the socket 2016-05-10 11:18:53 +00:00
ppp Fix build of ppp when WITHOUT_PAM is set 2016-07-04 21:18:57 +00:00
pppctl Add META_MODE support. 2015-06-13 19:20:56 +00:00
praliases DIRDEPS_BUILD: Regenerate without local dependencies. 2016-02-24 17:20:11 +00:00
praudit Add META_MODE support. 2015-06-13 19:20:56 +00:00
procctl Add META_MODE support. 2015-06-13 19:20:56 +00:00
pstat Update dependencies after r291406 added libelf to libkvm. 2015-12-01 05:18:48 +00:00
pw Add another badly-needed simple example to the pw(8) man page. 2016-09-13 02:18:29 +00:00
pwd_mkdb Following revision r295924, the changes to a db file should be fsynced 2016-02-23 15:28:13 +00:00
quot quot: make use of our rounddown() macro when <sys/param.h> is available. 2016-05-02 02:13:22 +00:00
quotaon Add META_MODE support. 2015-06-13 19:20:56 +00:00
rarpd When clearing rtmsg, pass &rtmsg to bzero() instead of the address of 2016-05-17 04:03:45 +00:00
repquota Add META_MODE support. 2015-06-13 19:20:56 +00:00
rip6query Add META_MODE support. 2015-06-13 19:20:56 +00:00
rmt Use NULL instead of 0 for pointers. 2016-04-14 12:25:00 +00:00
route6d Use strlcpy() instead of strncpy() when copying ifname to ensure 2016-05-15 22:31:03 +00:00
rpc.lockd Add missing break in lock_partialfilelock(..) with NFS_RESERR 2016-06-13 11:19:06 +00:00
rpc.statd Mark out_of_mem(..) and usage(..) with __dead2 as they both directly call exit 2016-05-29 04:18:47 +00:00
rpc.umntall Add META_MODE support. 2015-06-13 19:20:56 +00:00
rpc.yppasswdd Wrap EXPAND(..) macro with a do-while(0) loop and put a single statement on each line 2016-05-22 19:06:38 +00:00
rpc.ypupdated DIRDEPS_BUILD: Regenerate without local dependencies. 2016-02-24 17:20:11 +00:00
rpc.ypxfrd DIRDEPS_BUILD: Regenerate without local dependencies. 2016-02-24 17:20:11 +00:00
rpcbind Fix usr.sbin/rpcbind ATF tests on 32-bit platforms 2016-06-16 15:25:37 +00:00
rrenumd DIRDEPS_BUILD: Regenerate without local dependencies. 2016-02-24 17:20:11 +00:00
rtadvctl Add META_MODE support. 2015-06-13 19:20:56 +00:00
rtadvd Use strlcpy() instead of strncpy() when copying ifname to ensure 2016-05-15 22:06:21 +00:00
rtprio Add META_MODE support. 2015-06-13 19:20:56 +00:00
rtsold Use strlcpy() instead of strncpy() when copying ifname to ensure 2016-05-15 22:17:41 +00:00
rwhod Create a rcmds package. 2016-01-21 17:33:31 +00:00
sa Skip lastcomm and sa tests on unsupported architectures 2016-06-26 00:53:31 +00:00
sendmail MFH 2016-03-02 16:14:46 +00:00
service Add an additional check to service(8) -e incase rcvar is blank 2015-09-08 22:50:17 +00:00
services_mkdb Remove usage of _WITH_GETLINE from usr.sbin 2016-07-30 01:10:05 +00:00
sesutil Plug memory leak 2016-04-20 21:37:32 +00:00
setfib Add META_MODE support. 2015-06-13 19:20:56 +00:00
setfmac Add META_MODE support. 2015-06-13 19:20:56 +00:00
setpmac Add META_MODE support. 2015-06-13 19:20:56 +00:00
smbmsg Add META_MODE support. 2015-06-13 19:20:56 +00:00
snapinfo Add META_MODE support. 2015-06-13 19:20:56 +00:00
spkrtest Add META_MODE support. 2015-06-13 19:20:56 +00:00
spray Add META_MODE support. 2015-06-13 19:20:56 +00:00
syslogd Directly set the O_NONBLOCK flags via open(2) 2016-09-11 18:58:44 +00:00
sysrc Change my given name from "Garrett" to "Ngie" 2016-06-13 10:30:49 +00:00
tcpdchk Use LIBEXECDIR for /usr/libexec. 2015-11-26 01:14:40 +00:00
tcpdmatch Use LIBEXECDIR for /usr/libexec. 2015-11-26 01:14:40 +00:00
tcpdrop Add META_MODE support. 2015-06-13 19:20:56 +00:00
tcpdump Fix spelling of the casper introduced in the r296047. 2016-06-08 22:30:21 +00:00
tests Merge ^/user/ngie/release-pkg-fix-tests to unbreak how test files are installed 2016-05-04 23:20:53 +00:00
timed Undo the bogus gethostname() change from r299709. 2016-05-14 04:29:13 +00:00
traceroute DIRDEPS_BUILD: Regenerate without local dependencies. 2016-02-24 17:20:11 +00:00
traceroute6 traceroute6(8): use NULL instead of zero for initializing a pointer. 2016-05-12 02:05:50 +00:00
trpt Check and fail if drop of privileges failed. 2015-09-01 06:32:02 +00:00
tzsetup Fix tzsetup not installing /etc/localtime for UTC 2016-06-01 15:39:11 +00:00
uathload Rename devname to udevname after including stdlib.h in r303445 2016-07-30 20:39:39 +00:00
uefisign uefisign: Remove backwards-compatibility sys/capability.h support 2016-09-19 16:07:32 +00:00
ugidfw Add META_MODE support. 2015-06-13 19:20:56 +00:00
uhsoctl Prevent use-after-free with ctx->ns in set_nameservers(..), which could occur 2015-12-22 05:57:23 +00:00
unbound Upgrade to Unbound 1.5.9. 2016-09-04 12:17:57 +00:00
usbconfig Add META_MODE support. 2015-06-13 19:20:56 +00:00
usbdump Reuse our roundup2() macro instead of reinventing the wheel. 2016-04-18 17:30:33 +00:00
utx Add META_MODE support. 2015-06-13 19:20:56 +00:00
vidcontrol Add "vidcontrol -i active", to print out active vty number, 2016-01-19 13:09:20 +00:00
vigr META MODE: Update dependencies with 'the-lot' and add missing directories. 2015-12-01 05:23:19 +00:00
vipw Add META_MODE support. 2015-06-13 19:20:56 +00:00
wake Fix a few mandoc warnings. 2015-08-12 10:34:05 +00:00
watch Use strlcpy() when the string is expected to be nul-terminated. 2015-10-06 22:49:25 +00:00
watchdogd Fix typo. 2016-02-29 17:40:37 +00:00
wlandebug Belatedly fix documentation on which interface to use as argument. 2015-08-17 09:18:54 +00:00
wpa Update hostapd/wpa_supplicant to version 2.5. 2015-10-18 21:38:25 +00:00
yp_mkdb Staticfy and constify some variables and clean up the code a bit to make it 2015-07-28 02:32:40 +00:00
ypbind Use strlcpy() instead of strncpy() when copying to dom_domain to 2016-05-12 21:35:40 +00:00
ypldap DIRDEPS_BUILD: Update dependencies after a 'make bootstrap-tools'. 2016-09-02 20:41:43 +00:00
yppoll Update META_MODE dependencies. 2015-09-17 05:06:34 +00:00
yppush DIRDEPS_BUILD: Regenerate without local dependencies. 2016-02-24 17:20:11 +00:00
ypserv Delay calling yp_malloc_dnsent() until after some additional sanity 2016-05-25 00:25:38 +00:00
ypset Rename YP to NIS in the manpages. 2015-09-03 07:18:52 +00:00
zic Use more appropriate ${SHAREDIR} rather than /usr/share. 2015-10-27 23:35:02 +00:00
zonectl DIRDEPS_BUILD: Connect new directories and update dependencies. 2016-06-03 19:25:30 +00:00
zzz Add META_MODE support. 2015-06-13 19:20:56 +00:00
Makefile Add a WITHOUT_DIALOG src.conf(5) knob 2016-09-27 18:08:38 +00:00
Makefile.amd64 Remove the si(4) driver and sicontrol(8) for Specialix serial cards. 2016-08-19 21:14:27 +00:00
Makefile.arm Make the building of libsmb and mount_smbfs unconditional, now that r292552 2015-12-21 17:41:08 +00:00
Makefile.arm64 arm64: build usr.sbin/acpi subdirectory 2015-11-08 20:56:04 +00:00
Makefile.i386 Remove the wl(4) driver and wlconfig(8) utility. 2016-08-19 22:27:14 +00:00
Makefile.inc
Makefile.mips Document why we use -z nonexecstack in the Makefile since it 2015-11-21 16:37:11 +00:00
Makefile.powerpc Make the building of libsmb and mount_smbfs unconditional, now that r292552 2015-12-21 17:41:08 +00:00
Makefile.sparc64 Make the building of libsmb and mount_smbfs unconditional, now that r292552 2015-12-21 17:41:08 +00:00