- fixes CVE-2011-1910: Large RRSIG RRsets and Negative Caching can crash named
- fixes CVE-2011-0414: bind lockup during IXFR
- return a more correct error in case of policy violation
bump version of libdns and libisc
Push -Wno-array-bounds down to the cases that depend on it.
Selectively disable warnings for 3rd party software or non-trivial
issues to be reviewed later to get clang -Werror to build most of the
tree.
on builtins (broke longjmp usage) and a better cross-compiling support
in combination with -m32/-m64.
Update configuration to include /usr/include/clang-3.0 in the search
path.
- many security related fixes
- no MAXPATHLEN limits
- fixed missing text specification on ascii magic
- new ``pascal'' style string formats
- whitespace comparison fix
- more magic
Merge the libraries into a single frontend, libmandoc.
Iinitial support for eqn(1) functionality.
Additional changes:
Portability fixes (tbl_opts.c 1.11, tbl_layout.c 1.18, tbl.c 1.25)
HTML space fixe (mdocml_html.c 1.163)
ROFF conditional nesting bug (roff.c 1.131)
* 20-resolv.conf now uses the correct variable for $IF_METRIC
* Exclude interface values when dumping the lease
* Parse static value subnet_mask when it exists instead of deriving from
ip address
* logger calls now resemble dhcpcd calls to syslog(3)
* Reject offered IP address if INADDR_BROADCAST or INADDR_ANY
* Change the route if source address has changed
* Note the address we are requesting in the broadcast log entry
* When operating on one interface, respect the timeout for in dhcpcd.conf
* Escape | and & characters before passing the value to the shell
Ensure we set a valid hostname, DNS domain and NIS domain.
Document the need for input validation in dhcpcd-run-hooks(8).
Fixes CVE-2011-996
Based on a patch to dhcpcd-3 by Marius Tomaschewski <mt@suse.de>
Unset TERM when running GDB
GDB inserts some funny control characters in its output when TERM is set to
e.g. xterm. Workaround this by simply unsetting TERM.
Reported by martin@ and diagnosed by pooka@/martin@.
make the lzf_compress() prototype match the function definition - the
prototype always added the state table argument, although it should be
conditionally compiled in. use the same cpp magic as in the source
file to prototype the function in the header file.
Experimental version released on March 31st, 2011.
This is the first release after the creation of the Kyua project, a more
modular and reliable replacement for ATF. From now on, ATF will change to
accomodate the transition to this new codebase, but ATF will still continue
to see development in the short/medium term. Check out the project page at
http://code.google.com/p/kyua/ for more details.
The changes in this release are:
* Added support to run the tests with the Kyua runtime engine (kyua-cli), a
new package that aims to replace atf-run and atf-report. The ATF tests
can be run with the new system by issuing a 'make installcheck-kyua' from
the top-level directory of the project (assuming the 'kyua' binary is
available during the configuration stage of ATF).
* atf-run and atf-report are now in maintenance mode (but *not* deprecated
yet!). Kyua already implements a new, much more reliable runtime engine
that provides similar features to these tools. That said, it is not
complete yet so all development efforts should go towards it.
* If GDB is installed, atf-run dumps the stack trace of crashing test
programs in an attempt to aid debugging. Contributed by Antti Kantee.
* Reverted default timeout change in previous release and reset its value
to 5 minutes. This was causing several issues, specially when running
the existing NetBSD test suite in qemu.
* Fixed the 'match' output checker in atf-check to properly validate the
last line of a file even if it does not have a newline.
* Added the ATF_REQUIRE_IN and ATF_REQUIRE_NOT_IN macros to atf-c++ to
check for the presence (or lack thereof) of an element in a collection.
* PR bin/44176: Fixed a race condition in atf-run that would crash atf-run
when the cleanup of a test case triggered asynchronous modifications to
its work directory (e.g. killing a daemon process that cleans up a pid
file in the work directory).
* PR bin/44301: Fixed the sample XSLT file to report bogus test programs
instead of just listing them as having 0 test cases.
Retry calls that raise file system errors during cleanup
If a test case mounts user-space (puffs/fuse) file systems or spawns
server processes that create pid files, the termination of the
corresponding processes does not guarantee that the file system is
left in a consistent state immediately. The cleanup routines of both
components (file systems and daemons) may still be running.
This situation causes a race condition between the termination of the
auxiliary processes and our own file system cleanup: the file system
calls performed from within the cleanup routine may raise errors
because the file system is still changing underneath. (E.g. we first
enumerate the contents of a directory and get file X, but when we
attempt to delete file X, it may be gone.)
Deal with this by retrying failing file system calls a few times and
ignoring "expected" errors before giving up.
name, provides a proper CPP mode and fixes a number of compat issues
in the integrated assembler.
Build the toolchain compiler optimized and without assertions now.
Really kill subprocesses of a test case before waiting for its completion
Before waiting for any leftover output of the test case after it terminates,
we must ensure that all of its subprocess are really, really dead. Otherwise,
these subprocesses may be sharing the stdout of the test case, in which case
our wait will block (potentially indefinitely).
This finally (well, hopefully) fixes some random lockups exposed by the
NetBSD test suite. Reported by Antti Kantee after
tests/fs/vfs/t_full:p2k_ffs_fillfs was exposing this problem in a pretty
reproducible manner.
tmux is a "terminal multiplexer". It enables a number of terminals (or
windows) to be accessed and controlled from a single terminal. tmux is
intended to be a simple, modern, BSD-licensed alternative to programs
such as GNU screen.
The import of tmux is intended to replace window(1) in the not-too-distant
future. For reference, tmux is also present in the base system of FreeBSD
and OpenBSD.
Approved by core@.
in particular, parse.y was being processed twice.. with one
process leaving a y.tab.h file behind
no need to explicitly add scan.c, parse.c and parse.h to CLEANFILES,
the framework knows they are generated and will remove them
"foo > bar" fails when bar is mode 444, and files copied from the
source tree should be expected to perhaps be read only. However, the
copy should have been removed when the sed was added. And, it never
should have been "@"; suppressing it made debugging this harder than
it should have been.
#ifdef inside the macro arguments is undefined behaviour (pcc reports
a syntax error)
This was fixed upstream so change this to be the same as the 4.2.6p3
stable release of ntp (can't find an actual changelog entry that
describes this, so have included the memcpy change also - memmove
is not required here)
Use relevant TargetAddress, not just first one we happen to find.
Following improvement based on feedback from Daisuke Aoyama (author of istgt):
Handle NOP-OUT CmdSN and immediate bit.
Handle NOP-IN TransferTag=0xffffffff.
Interim solution for dealing with Underflow bit in iSCSI response.
iscsi-initiator now talks to istgt and other targets.
Remaining issues:
CHAP support will not work with most targets (maximum 16 octet challenge is
used, but other initiators use up to 1024). However, CHAP can now be
bypassed by not specifying a username.
didn't work (insisted on a username being given and then used, plus always
advertised CHAP to the target). Make initiator work as advertised (i.e.
defaults to auth type none and so don't require a username).
To use CHAP you should explicitly request CHAP:
iscsi-initiator -a chap -u user -h targetname /mountpoint
For backwards compatibility, if a username is given (-u) and no auth type
is specified (-a), it will default to CHAP, i.e. to use none, just give no
username:
iscsi-initiator -h targetname /mountpoint
This means /mnt/mytarget.domain.local/target0/storage is now
/mnt/target0/storage.
Rationale is as follows:
- The hostname used may vary (i.e. name vs FQDN vs IP) which can mess up
mountpoints (especially across multiple hosts e.g. in a shared xen pool)
- Target name is given in the mount anyway so it is redundant
OK agc@
the cpu name and the latter the port name. They had been reversed until
now due to some "smart" stupidity^Wlogic in the upstream configure script,
which is now gone.
This is a pullup of revision f9329ca68da7e8557e0803b5747a12f8c10b1258
plus the corresponding reachover build changes.
Addresses PR bin/44305.
--- 20110215:
Fix audit-history subcommand to include patterns making use of [x-y] notation.
--- 20101212:
Don't warn about _ALPHA, _BETA, _PATCH, _RC, _STABLE mismatches when
pkg_add'ing on NetBSD.
--- 20101122:
Fix crash in pkg_info -X on hand-written packages.
--- 20100915:
Allow https URLs.
--- 20100914:
Add -D flag to pkg_install, to override the "pkg_add -U" check that
all depending packages have their dependencies satisfied by the new
package. Essentially, split off this particular behavior as a special
case of -f, so that -f works as before, unforced works as before, and
one can give -D to override exactly this check, leaving all other
checks intact.
The -D flag is in support of make replace, as the workflow for make
replace is that inter-package dependencies are sometimes violated (but
then one must replace the depending packages, which is what
pkg_rolling-replace does via the unsafe_depends flags).
Add missing break statement in option parsing of "pkg_add -C", riding
the version bump.
- Fix UNUSED macro to not have "NULL EFFECT"
- Add /*CONSTCOND*/ to while (0) loops
- Change do while (1) loops to for (;;)
- remove stray continue from do while (0) loop.
- remove "" in comments that confuse lint
- fix strict aliases
- fix non ansi prototypes
so provide the TARGMACH definition to the compiler here.
(makes no difference to the currently imported sources, but
will be easier for people wanting to try newer sources)
Upstream sources can be fetched by running "make checkout" in
src/external/bsd/llvm, they will be properly imported once the
integration and missing features are sorted out.
(tbl_data.c 1.15, tbl_layout.c 1.13, tbl_opts.c 1.8).
This features many small improvements and the initial integration of
tbl(1) support on all output devices.
Revision: 869e092e4986eb5dce90331ca9a64e125d7796eb
Parent: cca40eb08e7469dfe9d6ca982613458f24c1de28
Author: jmmv@NetBSD.org
Date: 12/27/10 21:19:19
Branch: org.NetBSD.atf.src
Changelog:
Recognize sigabrt in the signal checker
Problem found by Paul Goyette.
Changes against parent cca40eb08e7469dfe9d6ca982613458f24c1de28
patched atf-sh/atf-check.cpp
external/lib/Makefile and crypto/external/lib/Makefile, replacing
them all with SUBDIRs directly from lib/Makefile.
compat/compatsubdirs.mk becomes simpler now, as everything is built
from lib/Makefile, meaning all the libraries will now be built under
compat so update the set lists to account for that.
* syntax in 50-ypbind hook has been fixed
* man page corrections
* report hwaddr used by dhcpcd when debug is enabled
* Fix detecting inet address for INFORM support
* document reason RELEASE in dhcpcd-run-hooks
* Support RTM_CHGADDR in the upcoming NetBSD-6
This is used to work out if the hwaddr has changed as the interface
does not go down/up unlike other OSes
* ntp hook no longer attempts to restart ntpd if 1st attempt failed
This reverts the default timeout for test cases back to 300 seconds.
The change in the release was quite blind because it did not anticipate
many existing tests to be slow enough to overflow the modified timeout
(30 seconds), specially in anita.
My plan to really fix this is to let test cases specify their sizes in
a declarative way instead of specifying timeouts in seconds (the timeout
being defined by atf-run on a size basis), so I'm not going to bother to
go over all existing tests trying to figure out which ones need a higher
timeout for now. It is just easier to revert.
interval instead of assuming that there are exactly 1000 real-time-clock
milliseconds per second! On some ports when running under qemu, there
can be twice as many RTC milliseconds as expected.
This is part 2 of the changes required to make the libevent tests work
on port-amd64 under qemu.
even when running under qemu on platforms with a clock-skew problem.
The original 3-second timer was intended to be "longer than the http
timeout" (which is 2 seconds), and the updated 5-second value still meets
this requirement. The updated value also meets the requirement even when
the http timeout stretches to 4-seconds under qemu.
This is part 1 of getting the libevent tests working on port-amd64 with
qemu.
Experimental version released on November 7th, 2010.
* Added the ATF_REQUIRE_THROW_RE to atf-c++, which is the same as
ATF_REQUIRE_THROW but allows checking for the validity of the exception's
error message by means of a regular expression.
* Added the ATF_REQUIRE_MATCH to atf-c++, which allows checking for a
regular expression match in a string.
* Changed the default timeout for test cases from 5 minutes to 30 seconds.
30 seconds is long enough for virtually all tests to complete, and 5
minutes is a way too long pause in a test suite where a single test case
stalls.
* Deprecated the use.fs property. While this seemed like a good idea in
the first place to impose more control on what test cases can do, it
turns out to be bad. First, use.fs=false prevents bogus test cases
from dumping core so after-the-fact debugging is harder. Second,
supporting use.fs adds a lot of unnecessary complexity. atf-run will
now ignore any value provided to use.fs and will allow test cases to
freely access the file system if they wish to.
* Added the atf_tc_get_config_var_as_{bool,long}{,_wd} functions to the atf-c
library. The 'text' module became private in 0.11 but was being used
externally to simplify the parsing of configuration variables.
* Made atf-run recognize the 'unprivileged-user' configuration variable
and automatically drop root privileges when a test case sets
require.user=unprivileged. Note that this is, by no means, done for
security purposes; this is just for user convenience; tests should, in
general, not be blindly run as root in the first place.
it allows libelf work on /dev/ksyms.
XXX the name of the flag is a bit confusing and i think it's better to rename
MALLOCED to DATA_MALLOCED or such. but i don't think it's worth increasing
the diff against the upstream for it.
atf-run is not twice as large as before. This is a pull-up of
699284e5c0d0a375958293e578af4e02d68d1182.
(I don't think it's reasonable to intentionally cripple tests as I have
just done here. In the future I would like to only report the output of
failed test cases, which would allow us to undo this, but not there yet.)
Experimental version released on October 20th, 2010.
* The ATF_CHECK* macros in atf-c++ were renamed to ATF_REQUIRE* to match
their counterparts in atf-c.
* Clearly separated the modules in atf-c that are supposed to be public
from those that are implementation details. The header files for the
internal modules are not installed any more.
* Made the atf-check tool private. It is only required by atf-sh and being
public has the danger of causing confusion. Also, making it private
simplifies the public API of atf.
* Changed atf-sh to enable per-command error checking (set -e) by default.
This catches many cases in which a test case is broken but it is not
reported as such because execution continues.
* Fixed the XSTL and CSS stylesheets to support expected failures.
* Use dynamically sized buffers for reading kernel link events
* Use the active link address
* Added option to dump a lease to stdout
* TEST mode now works correctly if an old lease is NAKed
* routes with the gateway = leased ip are now treated as host routes
tre will be compiled without approx and wchar/mulibyte support to
only match the minimum requirement to replace our spencer regex.
This needs a lot of testing.
Only enabled when USE_LIBTRE is set to `yes'.
