* 20-resolv.conf now uses the correct variable for $IF_METRIC
* Exclude interface values when dumping the lease
* Parse static value subnet_mask when it exists instead of deriving from
ip address
* logger calls now resemble dhcpcd calls to syslog(3)
* Reject offered IP address if INADDR_BROADCAST or INADDR_ANY
* Change the route if source address has changed
* Note the address we are requesting in the broadcast log entry
* When operating on one interface, respect the timeout for in dhcpcd.conf
* Escape | and & characters before passing the value to the shell
Ensure we set a valid hostname, DNS domain and NIS domain.
Document the need for input validation in dhcpcd-run-hooks(8).
Fixes CVE-2011-996
Based on a patch to dhcpcd-3 by Marius Tomaschewski <mt@suse.de>
Unset TERM when running GDB
GDB inserts some funny control characters in its output when TERM is set to
e.g. xterm. Workaround this by simply unsetting TERM.
Reported by martin@ and diagnosed by pooka@/martin@.
make the lzf_compress() prototype match the function definition - the
prototype always added the state table argument, although it should be
conditionally compiled in. use the same cpp magic as in the source
file to prototype the function in the header file.
Experimental version released on March 31st, 2011.
This is the first release after the creation of the Kyua project, a more
modular and reliable replacement for ATF. From now on, ATF will change to
accomodate the transition to this new codebase, but ATF will still continue
to see development in the short/medium term. Check out the project page at
http://code.google.com/p/kyua/ for more details.
The changes in this release are:
* Added support to run the tests with the Kyua runtime engine (kyua-cli), a
new package that aims to replace atf-run and atf-report. The ATF tests
can be run with the new system by issuing a 'make installcheck-kyua' from
the top-level directory of the project (assuming the 'kyua' binary is
available during the configuration stage of ATF).
* atf-run and atf-report are now in maintenance mode (but *not* deprecated
yet!). Kyua already implements a new, much more reliable runtime engine
that provides similar features to these tools. That said, it is not
complete yet so all development efforts should go towards it.
* If GDB is installed, atf-run dumps the stack trace of crashing test
programs in an attempt to aid debugging. Contributed by Antti Kantee.
* Reverted default timeout change in previous release and reset its value
to 5 minutes. This was causing several issues, specially when running
the existing NetBSD test suite in qemu.
* Fixed the 'match' output checker in atf-check to properly validate the
last line of a file even if it does not have a newline.
* Added the ATF_REQUIRE_IN and ATF_REQUIRE_NOT_IN macros to atf-c++ to
check for the presence (or lack thereof) of an element in a collection.
* PR bin/44176: Fixed a race condition in atf-run that would crash atf-run
when the cleanup of a test case triggered asynchronous modifications to
its work directory (e.g. killing a daemon process that cleans up a pid
file in the work directory).
* PR bin/44301: Fixed the sample XSLT file to report bogus test programs
instead of just listing them as having 0 test cases.
Retry calls that raise file system errors during cleanup
If a test case mounts user-space (puffs/fuse) file systems or spawns
server processes that create pid files, the termination of the
corresponding processes does not guarantee that the file system is
left in a consistent state immediately. The cleanup routines of both
components (file systems and daemons) may still be running.
This situation causes a race condition between the termination of the
auxiliary processes and our own file system cleanup: the file system
calls performed from within the cleanup routine may raise errors
because the file system is still changing underneath. (E.g. we first
enumerate the contents of a directory and get file X, but when we
attempt to delete file X, it may be gone.)
Deal with this by retrying failing file system calls a few times and
ignoring "expected" errors before giving up.
- Bugfix: postscreen DNSBL scoring error. When a client disconnected
and then reconnected before all DNSBL results for the earlier
session arrived, DNSBL results for the earlier session would be
added to the score for the later session. This is very unlikely
to have affected any legitimate mail.
- Workaround: the SMTP client did not support mail to [ipv6:ipv6addr].
name, provides a proper CPP mode and fixes a number of compat issues
in the integrated assembler.
Build the toolchain compiler optimized and without assertions now.
Really kill subprocesses of a test case before waiting for its completion
Before waiting for any leftover output of the test case after it terminates,
we must ensure that all of its subprocess are really, really dead. Otherwise,
these subprocesses may be sharing the stdout of the test case, in which case
our wait will block (potentially indefinitely).
This finally (well, hopefully) fixes some random lockups exposed by the
NetBSD test suite. Reported by Antti Kantee after
tests/fs/vfs/t_full:p2k_ffs_fillfs was exposing this problem in a pretty
reproducible manner.
tmux is a "terminal multiplexer". It enables a number of terminals (or
windows) to be accessed and controlled from a single terminal. tmux is
intended to be a simple, modern, BSD-licensed alternative to programs
such as GNU screen.
The import of tmux is intended to replace window(1) in the not-too-distant
future. For reference, tmux is also present in the base system of FreeBSD
and OpenBSD.
Approved by core@.
in particular, parse.y was being processed twice.. with one
process leaving a y.tab.h file behind
no need to explicitly add scan.c, parse.c and parse.h to CLEANFILES,
the framework knows they are generated and will remove them
Postfix stable release 2.8.0 is available. This release continues the
move towards improving code and documentation, and making the system
better prepared for changes in the threat environment.
The postscreen daemon (a zombie blocker in front of Postfix) is now
included with the stable release. postscreen now supports TLS and can
log the rejected sender, recipient and helo information. See the
POSTSCREEN_README file for recommended usage scenarios.
Support for DNS whitelisting (permit_rhswl_client), and for pattern
matching to filter the responses from DNS white/blacklist servers
(e.g., reject_rhsbl_client zen.spamhaus.org=127.0.0.[1..10]).
Improved message tracking across SMTP-based content filters; the
after-filter SMTP server can log the before-filter queue ID (the
XCLIENT protocol was extended).
Read-only support for sqlite databases. See sqlite_table(5) and
SQLITE_README.
Support for 'footers' that are appended to SMTP server "reject"
responses. See "smtpd_reject_footer" in the postconf(5) manpage.
confusion in the manpage. Not to mention the examples including
commands that don't exist on NetBSD (killall, sudo), so do a bit of
cleanup (and don't copy from dist, just keep it here)
mDNSResponder -> mdnsd
mdnsd -> mDNSResponder
mDNS -> dns-sd
killall -> pkill
% sudo -> #
syslog(8) -> syslogd(8)
example for syslog -> /dev/null
Xr for pkill, syslogd, dns-sd
"foo > bar" fails when bar is mode 444, and files copied from the
source tree should be expected to perhaps be read only. However, the
copy should have been removed when the sed was added. And, it never
should have been "@"; suppressing it made debugging this harder than
it should have been.
#ifdef inside the macro arguments is undefined behaviour (pcc reports
a syntax error)
This was fixed upstream so change this to be the same as the 4.2.6p3
stable release of ntp (can't find an actual changelog entry that
describes this, so have included the memcpy change also - memmove
is not required here)
Use relevant TargetAddress, not just first one we happen to find.
Following improvement based on feedback from Daisuke Aoyama (author of istgt):
Handle NOP-OUT CmdSN and immediate bit.
Handle NOP-IN TransferTag=0xffffffff.
Interim solution for dealing with Underflow bit in iSCSI response.
iscsi-initiator now talks to istgt and other targets.
Remaining issues:
CHAP support will not work with most targets (maximum 16 octet challenge is
used, but other initiators use up to 1024). However, CHAP can now be
bypassed by not specifying a username.
didn't work (insisted on a username being given and then used, plus always
advertised CHAP to the target). Make initiator work as advertised (i.e.
defaults to auth type none and so don't require a username).
To use CHAP you should explicitly request CHAP:
iscsi-initiator -a chap -u user -h targetname /mountpoint
For backwards compatibility, if a username is given (-u) and no auth type
is specified (-a), it will default to CHAP, i.e. to use none, just give no
username:
iscsi-initiator -h targetname /mountpoint
This means /mnt/mytarget.domain.local/target0/storage is now
/mnt/target0/storage.
Rationale is as follows:
- The hostname used may vary (i.e. name vs FQDN vs IP) which can mess up
mountpoints (especially across multiple hosts e.g. in a shared xen pool)
- Target name is given in the mount anyway so it is redundant
OK agc@
the cpu name and the latter the port name. They had been reversed until
now due to some "smart" stupidity^Wlogic in the upstream configure script,
which is now gone.
This is a pullup of revision f9329ca68da7e8557e0803b5747a12f8c10b1258
plus the corresponding reachover build changes.
Addresses PR bin/44305.
--- 20110215:
Fix audit-history subcommand to include patterns making use of [x-y] notation.
--- 20101212:
Don't warn about _ALPHA, _BETA, _PATCH, _RC, _STABLE mismatches when
pkg_add'ing on NetBSD.
--- 20101122:
Fix crash in pkg_info -X on hand-written packages.
--- 20100915:
Allow https URLs.
--- 20100914:
Add -D flag to pkg_install, to override the "pkg_add -U" check that
all depending packages have their dependencies satisfied by the new
package. Essentially, split off this particular behavior as a special
case of -f, so that -f works as before, unforced works as before, and
one can give -D to override exactly this check, leaving all other
checks intact.
The -D flag is in support of make replace, as the workflow for make
replace is that inter-package dependencies are sometimes violated (but
then one must replace the depending packages, which is what
pkg_rolling-replace does via the unsafe_depends flags).
Add missing break statement in option parsing of "pkg_add -C", riding
the version bump.
