default. Only the former checks/fixes are done if no items are given
on the command line. The latter must be requested explicitely.
Intended for "fixes" that are dangerous in some way, because they might
remove files that are still in use, for example.
Make the "sendmail" item disabled by default, it removes sendmail
configuration. Partly addresses PR install/36180.
Proposed on tech-userlevel, review and spelling fixes from lukem@.
FORTIFY_SOURCE feature of libssp, thus checking the size of arguments to
various string and memory copy and set functions (as well as a few system
calls and other miscellany) where known at function entry. RedHat has
evidently built all "core system packages" with this option for some time.
This option should be used at the top of Makefiles (or Makefile.inc where
this is used for subdirectories) but after any setting of LIB.
This is only useful for userland code, and cannot be used in libc or in
any code which includes the libc internals, because it overrides certain
libc functions with macros. Some effort has been made to make USE_FORT=yes
work correctly for a full-system build by having the bsd.sys.mk logic
disable the feature where it should not be used (libc, libssp iteself,
the kernel) but no attempt has been made to build the entire system with
USE_FORT and doing so will doubtless expose numerous bugs and misfeatures.
Adjust the system build so that all programs and libraries that are setuid,
directly handle network data (including serial comm data), perform
authentication, or appear likely to have (or have a history of having)
data-driven bugs (e.g. file(1)) are built with USE_FORT=yes by default,
with the exception of libc, which cannot use USE_FORT and thus uses
only USE_SSP by default. Tested on i386 with no ill results; USE_FORT=no
per-directory or in a system build will disable if desired.
the history buffer that require knowledge of the readline internals to
make safe (it "knows" that GNU readline mallocs certain returned data,
and thus, with libedit, happily calls free on static variables).
using a #define to turn one into the other, this is pointless and causes
more portability issues than it solves (admittedly, in the year 1702 when
this code was written the opposite may have been the case).
This allows the mouse to be used properly in consoles with different sizes:
before this change it was restricted to the size reported by the console
used to start the daemon.
Problem reported by Blair Sadewitz.
be reclaimed from under while we are warming the getattr cache.
Shuffle some code to prevent the effects. Theoretically the race
is still possible, but I don't think it will happen in practice.
In any case, the code could benefit from some more dusting.
getattr are usually still outstanding when we already would like
the result. Instead of issueing another stat which will be serviced
only after all the other entries in the directory, record all the
outgoing readdir getattr buffers and if we encounter an outstanding
request when we need to fetch attrs, do a puffs_framev_framebuf_ccpromote()
wait for it instead of firing off the second query. This shaves
almost 10% off the time for ls -lR.
Also, get rid of the SUPERREADDIR conditional, since it has penetrated
the code quite a bit and the #ifdef SUPERREADDIRs were starting to
look like tagliatelle alla bolognese (n.b. I love how it looks,
but I wouldn't like it either if my tagliatelle alla bolognese
looked like psshfs code). Maybe it should be re-introduced in the
form of a switch?
a bit differently: when reading the directory, store all getattr
caching queries and fire off only when the directory read is
complete. That way the common sequence is not [readdir, lots of
async getattr requests, readdir EOF] but rather [readdir, readdir
EOF, lots of async getattr]. This speeds up ls -lR by about 25%
(on my LAN).
equal, larger, respectively instead of 0/1 for non/equal. This
will allow sorting the buffers for faster matching in libpuffs.
While here, change the name from respcmp to framecmp, as that better
reflects the purpose.
NOTE! there is no obvious way to make compilation fail for file
systems which may already be using this feature (although I don't
think there are any outside our tree, as the feature is two weeks
old). Nevertheless, non-updated file systems will fail very quickly.
reference count goes to 0) reclaim of deleted nodes as opposed to
waiting for the system to start reclaiming the freelist
* combine some nodeflags from different variable to one status variable
foo 11/tcp
bar 11/tcp
are equivalent to:
foo 11/tcp bar
This way we can use the IANA services file properly *and* be able to augment
it with our entries without needing to intersperse our fixes.
Bug fixes:
- Fix crash reported by Scott Ellis on current-users@.
- Fix race conditions in enforcing the Veriexec rename and remove
policies. These are NOT security issues.
- Fix memory leak in rename handling when overwriting a monitored
file.
- Fix table deletion logic.
- Don't prevent query requests if not in learning mode.
KPI updates:
- fileassoc_table_run() now takes a cookie to pass to the callback.
- veriexec_table_add() was removed, it is now done internally. As a
result, there's no longer a need for VERIEXEC_TABLESIZE.
- veriexec_report() was removed, it is now internal.
- Perform sanity checks on the entry type, and enforce default type
in veriexec_file_add() rather than in veriexecctl.
- Add veriexec_flush(), used to delete all Veriexec tables, and
veriexec_dump(), used to fill an array with all Veriexec entries.
New features:
- Add a '-k' flag to veriexecctl, to keep the filenames in the kernel
database. This allows Veriexec to produce slightly more accurate
logs under certain circumstances. In the future, this can be either
replaced by vnode->pathname translation, or combined with it.
- Add a VERIEXEC_DUMP ioctl, to dump the entire Veriexec database.
This can be used to recover a database if the file was lost.
Example usage:
# veriexecctl dump > /etc/signatures
Note that only entries with the filename kept (that is, were loaded
with the '-k' flag) will be dumped.
Idea from Brett Lymn.
- Add a VERIEXEC_FLUSH ioctl, to delete all Veriexec entries. Sample
usage:
# veriexecctl flush
- Add a 'veriexec_flags' rc(8) variable, and make its default have
the '-k' flag. On systems using the default signatures file
(generaetd from running 'veriexecgen' with no arguments), this will
use additional 32kb of kernel memory on average.
- Add a '-e' flag to veriexecctl, to evaluate the fingerprint during
load. This is done automatically for files marked as 'untrusted'.
Misc. stuff:
- The code for veriexecctl was massively simplified as a result of
eliminating the need for VERIEXEC_TABLESIZE, and now uses a single
pass of the signatures file, making the loading somewhat faster.
- Lots of minor fixes found using the (still under development)
Veriexec regression testsuite.
- Some of the messages Veriexec prints were improved.
- Various documentation fixes.
All relevant man-pages were updated to reflect the above changes.
Binary compatibility with existing veriexecctl binaries is maintained.
correctly, otherwise the file server will attempt a conversion.
Specifically, if the directory bit is not set when changing the
permissions for a directory, a conversion from directory to regular
file would be attempted and naturally it being unsupported the
whole chmod would fail. So supply the file type as part of the
file mode.
As it is actually possible to find the positive based on the segment
dumps and some trying with -I/-i, it can be used to recover from bad
superblocks pointing to non-sense locations.
support them, but all known FTP server support wildcard matches. So just
run two commands to get the list of tgz and tbz packages.
Bump pkg_install version to 20070416.
Original commit ended up local, but keep this with the original date as
that is what pkgsrc itself is using. Thanks to Hubert for noticing.
device controllers, and more specifically raid controllers.
Add a new sensor type, ENVSYS_DRIVE, to report drive status. From OpenBSD.
Add bio and sysmon support to mfi(4). This allow userland to query
status for drives and logical volumes attached to a mfi(4) controller. While
there fix some debug printfs in mfi so they compile.
Add bio(4) to amd64 and i386 GENERIC.
PUFFS_KFLAG_WTCACHE. Second, create separate fids for reading and
writing. If opening for read, open a read-only fid and for write
a write-only fid; use these for reading and writing. When the
open-count for a node drops to zero, clunk both. This avoids hitting
the fid limit when accessing large directory hierarchies.
Two problems remain:
* does not take credentials into account, although we can only mount
the remote 9P file server with one set of credentials, so not a
huge worry
* doesn't work for the open/mmap/close/access_memory_window case, but
that will require some further kernel changes
Works, but lots of little things to nibble on:
* fix permissions to work better
* limit the amount of open files required
* do constant folding with psshfs code
* support authentication
etcetc.
the Linux (BlueZ) API.
- L2CAP or RFCOMM connections can require the baseband radio link
mode be any of:
authenticated (devices are paired)
encrypted (implies authentication)
secured (encryption, plus generate new link key)
- for sockets, the mode is set using setsockopt(2) and the socket
connection will be aborted if the mode change fails.
- mode settings will be applied during connection establishment, and
for safety, we enter a wait state and will only proceed when the mode
settings are successfuly set.
- It is possible to change the mode on already open connections, but
not possible to guarantee that data already queued (from either end)
will not be delivered. (this is a feature, not a bug)
- bthidev(4) and rfcomm_sppd(1) support "auth", "encrypt" and
"secure" options
- btdevctl(8) by default enables "auth" for HIDs, and "encrypt" for
keyboards (which are required to support it)
only take the bare essentials, which currently means removing
"maxreqlen" from the argument list (all current callers I'm aware
of set it as 0 anyway). Introduce puffs_init(), which provides a
context for setting various parameters and puffs_domount(), which
can be used to mount the file system. Keep puffs_mount() as a
shortcut for the above two for simple file systems.
Bump development ABI version to 13. After all, it's Friday the 13th.
Watch out! Bad things can happen on Friday the 13th. --No carrier--
been nodetofh translated even if they are not valid on the sftp
server anymore, because some nfs client might still be clinging on
to the file handle we are reclaiming now.
Now, when I say support, I mean "support", due to the limitations
of the backend. File handles are valid only for one session, since
nodes can only be identified by pathnames and pathnames don't (all)
fit into the nfs file handle space. Additionally, we can't detect
if a pathname is completely replaced by another file (if it's done
via some other route that through our mount, of course). But then
again, that's an inherent problem with sshfs even without nfs.
accessors for interesting data in it. Namely, you can now get
pu->pu_privdata with puffs_getspecific(), pu->pu_pn_root with
puffs_set/getroot() and pu->pu_maxreqlen with puffs_getmaxreqlen().
(that's what you get when you copypaste code, a cid with a pin
to burst your bubble, that's what you get for all your troubles, I'll
never copypaste again)
CID 4461
files. (It was already possible to use several -s options.)
* Change man page to refer to "-s tgzdir" instead of "-s tempdir",
to reduce confusion between tempdir and temproot.
* Always use a temproot directory, even if passed "-s tgzdir".
* Always invoke "postinstall check", even when not using a source dir.
* Add a BUGS section saying that using -s srcdir is not recommended.
Reviewed by lukem and martti.
repeating the -s option, or by using a colon-separated list.
* Update postinstall(8) man page with some of the text used in
etcupdate(8)'s description of the -s option.
* Remove an outdated comment about invoking etc/postinstall from
the directory in which the tgz is extracted.
* Rename orig_SRC_DIR to SRC_ARG and make related changes.
Reviewed by lukem and martti.
this can happen legally when a file is removed from backing
storage not using this sshfs instance, a readdir is executed for
the parent directory and only then the node gets reclaimed.
* now that there is a mechanism in place which does not require a
pcc to do an sftp transaction, do not yield() in operations where
the final transaction is something where we don't care about the
return value (e.g. close handle). speedup benefit for no cost.
- Remove unused debug and progname variables
- Use return instead of exit() for quiting at end of main()
- Print errors to stderr instead of stdout
From: Slava Semushin <php-coder@altlinux.ru>
dependencies. Just like -P is used for the full dependencies to create
@blddep entries in the PLIST, -T does that as well. To reduce the chance
of confusing older tools, they are sorted after the full dependencies.
Bump pkg_install version to 20070308.
there are zero extra groups, the size of the cmsg is smaller than
sizeof(struct sockcred). This fixes a problem with registering
services during rc.d
while here, validate the pdu header length before using the contents
If specified then checks on the disks BPB are not done, and any existing BPB
is deleted.
This is needed soince newfs(8) doesn't overwrite the BPB - which is basically
the FAT superblock.
Update documentation and add an example of using bootxx_fat16.
reclaimed nodes hanging until all their children have been reclaimed
and then reclaim everything we can as far up to root as possible.
This is because the file system structures are currently interlinked
in a fashion which would make dotdot lookup based on purely a path
instead of a in-memory node parent member pointer very difficult.
Yes, this deserves a closer look some day.
directory entries already in readdir and caches the results instead
of waiting for each individial getattr from the kernel. For
high-latency links the difference in "ls -l" is quite astounding
and even on my lan "ls -lR" is faster than for nfs in a normal
directory hierarchy (i.e. not one artifically setup to have thousands
of files per directory).
TODO: implement some sort of bandwidth/latency measurement in the
code and enable or disable this option based on than information
(and a command-line flag).
by christos@. The comment reads:
# This program is set 0550 because, as security(8) states, it has
# the potential to deplete kernel memory, under certain conditions.
* Sprinkle const.
* Use EXIT_FAILURE instead of 1.
* Use err(), errx().
* Use calloc() instead of malloc()+memset().
* timedc:
* Non-terminated hostnames or unknown tsp_type could
cause a crash due to out-of-bounds reads in msite().
* Check the received packet size.
* Merged duplicated code into functions.
* Moved variables into the relevant scopes.
* Use connect() so that only the receiver can reply,
send()/recv() can be used and rejected packets
are immediately noticed by recv() instead of causing
timeouts.
* Updated manpage.
use of a raw socket for ICMP; thus there is also no need to differ
between privileged and unprivileged commands.
* Switch to user "nobody" after allocating the raw socket.
* Close all file descriptors above 2 (just in case).
* Check the packet size and sender address in daydiff().
* priv_resources(): Use bind() instead of bindresvport() because an
reserved port is not required. This also resolves the interoperability
issue reported in PR bin/35479.
pooka