the derived variables (fields & NF) under the END pattern. This
implicitly complies with the SUSv2 specification at
http://www.opengroup.org/onlinepubs/007908799/xcu/awk.html
which explicitly says that NF and NR must retain their values from
the last record seen. Fixes PR#29659.
* #ifdef out some things we don't have or do differently.
* Write struct "pcap_sf_pkthdr" instead of "pcap_pkthdr".
Fixes an LP64 specific problem with reading the pflog with tcpdump(8).
(OpenBSD fixed this by changing the structs to always use 32-bit fields)
Reviewed by yamt@.
headers and LKM.
Add MKPF; if set to no, don't build and install the pf(4) programs,
headers, LKM and spamd.
Both options default to yes, so nothing changed in the default build.
Reviewed by lukem.
generated auto-payload from the vendor branch. Now it works.
(and no, this has of course nothing to do with the version 4.*13*,
there are greater powers at play)
generated auto-payload from the vendor branch. Now it works.
(and no, this has of course nothing to do with the version 4.*13*,
there are greater powers at play)
That includes:
o Manpage fixes
o to{lower,upper,whatever} fixes
o strl* use
o use of getopt() in chat(8)
o use of NetBSD's md5 and sha1 APIs
o support for utmp and utmpx
o a slightly different way of handling active and pass filters, to
avoid depend on "inbound" and "outbound" keywords of libpcap
o addition of plug-in hooks for LCP
o use of the former TDB code (ppp-2.4.3 uses a GPL version, which
was removed prior to the import)
o changes in the compressor API.
> revision 1.2.2.1
> date: 2004/12/17 02:51:35; author: brad; state: Exp; lines: +2 -2
> MFC:
> Fix by frantzen@
>
> &&/|| inversion would try to merge IP addresses with non-addresses into a
> single table causing a ruleset load error and eventually a double-free.
>
> ok deraadt@ mcbride@ henning@ frantzen@ dhartmei@
allowing rules to be set to match only ipv4/ipv6. And so ipnat must be updated
to actually set this field correctly but to keep things working for old
versions of ipnat (that will set this to 0), make the ioctl handler "update"
the 0 to a 4 to keep things working when people just upgrade kernels. This
forces NAT rule matching to be limited to ipv4 only, here forward, fixing
kern/28662
After receiving the magic 10-line incantation from Christos for
re-building the autoconf stuff, attempt to do so. This might fix
the problem, or might not. That is why this stuff is so fun.
some files were imported to the different places from the previous version.
v3_5:
etc/pf.conf
etc/pf.os
etc/spamd.conf
share/man/man4/pf.4
share/man/man4/pflog.4
share/man/man5/pf.conf.5
share/man/man5/pf.os.5
share/man/man5/spamd.conf.5
v3_6:
dist/pf/etc/pf.conf
dist/pf/etc/pf.os
dist/pf/etc/spamd.conf
dist/pf/share/man/man4/pf.4
dist/pf/share/man/man4/pflog.4
dist/pf/share/man/man5/pf.conf.5
dist/pf/share/man/man5/pf.os.5
dist/pf/share/man/man5/spamd.conf.5
a given address family and a peer only supports the family localhost does
not support. For example: configure a kernel without IPV6, and then
add a line in ntp.conf server <ipv6addr>. We report that the server is
unreachable and we keep going because there might be more servers around?
XXX: What if it is the last server? Should we detect this? It is not nice
to just bail on this error, because a server might lose its ipv4 address
and only advertise ipv6.
one command line option to specify which firewall it is meant to interact
with. The implementation here puts the firewall specific code into separate
files with markers for future changes that could enable a fully transparent
mode for non-private network proxying.
sparc64. change 20 * 4096 to 5 * 4096 * sizeof(void *). This is again
very little, but enough :-). If you see a crash again, don't blame the
nameserver code before you change this constant.
When deleting the final partition, truncate it to match media size.
Also handle creating new partitions beyond the existing partitions
if it is still within the media size.
a bunch of small daemons that seem small packet flows can easily chew up
significant kernel memory (each BPF device opened takes 2*buffersize of
wired memory.) In each of these applications, add code to set the buffer
size to 32k before setting the interface.
"media" lines that contain wireless network keys, that eg, ifconfig(8)
carefully hides.
this is not a complete solution, but it's OK until one arrives.
approved by mellon@. fixes the problem described in PR#22271.
$(mkdir_p) which isn't defined anywhere. So replace it with good ol'
$(mkinstalldirs) to fix problem with tools installation.
XXX: need to revisit this to discover true lossage.
Problem noted by Nick Hudson.
the owner of the mount point (or user specified via -u); this is necessary
to succeed the permission check in the kernel SMB share code
owner setting via -O would still apply, but it's now not necessary when
doing non-root mount
enable the check for cloned /dev/nsmb, to simplify eventual future switch
to cloned /dev/nsmb device
use compile time string concatenation for one constant string
(this might be preliminary, it might be intended to receive other host's
multicast in the future, but until packets are filtered properly this
fixes the "manycastclient answers requests" problem - see ntp bug #241)
the ISC DHCP server to fail to start when it is configured to use the
ad-hoc DNS update mechanism. This fixes PR#20460 and PR#23284 (once
this is pulled up to the 1.6 branch).
array which is used to calculate the maximum width of a scroll entry
item. Previous use of sprintf would blindly overwrite the stack if
there were more than 100 characters in an entry item.
imply a null node in the DNS tree so a lookup for such a key must clearly fail
and with the current info_hesiod.c it does (after calling hes{,iod}_resolve)
but returns an error that confuses some programs - eg. apache - so shortcut
the process and just return ENOENT for any key starting with "."
Patch will be in am-utils 6.1.
OK'd by christos
According to lex(1) (the manual page for flex, which is what we use for lex):
Finally, note that you cannot put back EOF to attempt to mark the
input stream with an end-of-file.
Fixes PR bin/8707, which had been reclassified as a toolchain bug.
Highlights vs. 8.3.4
Maintenance release.
--- 8.3.5-REL released --- (Mon Jun 2 03:15:53 PDT 2003)
1540. [bug] remove potential memory leak from net_data_create().
1537. [bug] dig buffer overrun with large command lines.
1535. [bug] winnt: large zone transfers failed.
1536. [cleanup] use NS_MAXMSG to define TCP buffers.
1534. [func] The advertised EDNS UDP buffer size can now be set
via named.conf (edns-udp-size).
1533. [bug] don't artificially restrict the update message size.
1532. [bug] use maximum sized answer buffers in res_findzonecut().
1530. [bug] nslookup computed incorrect reverse lookup for IPv6.
1529. [lint] unused variable in dnsquery.c::main().
1528. [bug] getaddrinfo() incorrectly rejected a numeric service
under certian circumstances.
1527. [proto] add ns_t_apl (42).
1526. [doc] res_{get,set}servers().
1523. [bug] getipnodebyname with AI_ADDRCONFIG set was broken
on HPUX 11.11. Detect IPv6 interfaces under linux.
1519. [port] decunix: conflicting setnetgrent() and innetgr()
prototypes.
1518. [cleanup] silence "No root nameservers for class XX" when
"forward only;" is set in options.
1517. [cleanup] stop using putshort/putlong internally.
1513. [bug] use ipnodes.{byname,byaddr} for IPv6 NIS lookups.
Add support for "YP_MULTI_".
1511. [cleanup] don't use argument names in function prototypes.
1510. [port] openbsd uses /bsd not /kernel.
1506. [bug] named could sometimes set tc incorrectly.
1505. [bug] potential overflow if pointer arithmetic wrapped.
1503. [bug] named could make unnecessary queries for glue if the
additional section was full.
1501. [port] decunix: OSF 3.2 does not have native 64 bit support.
1500. [port] linux: namespace collision.
1499. [port] linux: #include <time.h> bin/dig/dig.c
1498. [bug] ns_makecanon() could under read its destination buffer
by one character and fail to properly canonicalise.
1497. [bug] res_mkupdate() used compression pointers when it
shouldn't.
1496. [bug] res_mkupdate() didn't support NAPTR.
1494. [bug] memory leak on thread destruction if gethostbyname() /
getnetbyname() have been called by the thread.
1493. [bug] check scope for link local servers.
1492. [placeholder]
1491. [cleanup] indentation problems.
1490. [bug] the seek offset was miscalculated when truncating
the ixfr log.
1489. [func] named no longer queries for missing additional A6
records.
1488. [port] decunix: TruCluster support.
See port/decunix/TruCluster.
1487. [bug] getnetgroup() takes (char **) not (const char **).
1486. [func] res_query() now generates more/better debug on failure
1485. [func] res_send() records the nameserver the response came
from. Dig retrieves this rather than reporting the
first address.
1484. [bug] dig use sin.sin_port for IPv4.
1483. [bug] nslookup could dereference a NULL pointer under certain
circumstances.
1482. [bug] provide local storage for localtime_r result.
1481. [bug] tv.tv_sec and time_t are not always the same type.
1480. [bug] gethostbyname(), getaddrinfo() could drop address
if the previous call contained one of the new
addresses.
1479. [func] try known lame servers if all other servers have
failed.
1478. [cleanup] libbind: don't look for A6 records, don't follow
DNAME record (use the CNAMES), remove some bitstring
related functions.
1477. [cleanup] libbind: namespace cleanup (irs_* to __irs*,
dst_* to __dst_* and tree_* to __tree*)
1476. [bug] dig wasn't using a random query id.
1475. [bug] "query-source address <listening interface> port *"
failed to use a system assigned port as documented.
1474. [bug] named wasn't seeing cached NODATA CNAME records.
1473. [bug] nslookup: buffer overrun when looking up reverse
IPv6 addresses under IP6.INT when not found under
IP6.ARPA.
1472. [port] freebsd; current has pselect().
1471. [port] 'dig -P' failed on some platforms.
1470. [bug] J.ROOT-SERVERS.NET is now 192.58.128.30.
1467. [deleted]
1461. [func] return referrals for glue (NS/A/AAAA) if recursion is
disabled (recursion no;).
1460. [bug] NS_MD5RSA_MAX_BITS was not correct.
1459. [bug] ns_sign2() could fail to compute a correct signature
if the TSIG ownername was compressed.
1458. [bug] host: spurious "Unknown algorithm" message with default
zone listing. missing white space before '(' in SOA
format.
1457. [bug] bison didn't like ns_parser.y.
1456. [doc] document auth-nxdomain default is "no" (see # 524).
1455. [bug] named failed to allow a cached NODATA response for
a ANY query to be retrieved.
1454. [contrib] nsverifier from Bob.Whelton@qwest.com.
1453. [bug] SOA answers should only be cached for the current
tick.
1452. [bug] don't cache -ve response SOA record.
1451. [port] bsdos: maybe_fix_includes is not required.
1450. [bug] hint zones don't need to be reloaded when a "child"
zone is removed.
1449. [bug] it was possible to orphan glue records. this could
lead to panics in stale().
1438. [bug] glue from a parent zone beneath a child zone could
be deleted by loading a child zone.
1437. [bug] linux: probe_ipv6 was broken.
1436. [port] decunix: update sys/bitypes.h
1435. [func] named-xfer: log the zone name when reporting query
sent.
1434. [doc] the man page for dn_expand failed to document eomorig.
1433. [lint] remove unused variable.
1432. [func] log TSIG key name if used with zone transfer.
1431. [func] new category "update-security".
1430. [func] libbind: the default nameservers now include ::1/::
as well as 127.0.0.1/0.0.0.0 if none are specified in
resolv.conf.
1429. [port] libbind: use strlcat/strlcpy if available.
1428. [port] eventlib.c: cast tv_sec to long when calling *printf().
1427. [func] define INT8SZ
1426. [port] res_dprintf() now supports format checking w/ gcc.
1425. [bug] 'aa' was not being set appropriately with cross zone
CNAMES.
1424. [cleanup] ip6_str2scopeid() now returns u_int32_t.
1423. [bug] 'ndc restart' could fail to restart named if there
were no arguments to named.
1422. [cleanup] optarg() etc. are declared in unistd.h.
1421. [bug] clear and check errno when calling strtoul().
1420. [cleanup] use %p instead of %#x for printing pointers.
1419. [cleanup] getinfo(): kill buflen manipulation.
1418. [port] cast pointers to (size_t) when aligning.
1417. [cleanup] make1101inaddr(): kill size manipulation.
1416. [port] log_vwrite() now supports format checking w/ gcc.
1415. [port] irix: probe for in6addr_any.
1414. [bug] strtoul() cast (char*) to (unsigned char*).
1413. [bug] host: soa values are not signed.
1412. [bug] fix numeric port range check in getaddrinfo().
1411. [port] freebsd/netbsd/openbsd: #define USE_IFNAMELINKID.
1410. [port] probe for sin6_scope_id when probing for IPv6 structs.
1409. [bug] dig: reverse6 computed a incorrect nibble string.
1408. [cleanup] res_mkquery.c: kill buflen manipulation.
1407. [port] namespace clash EV_ERR -> EV_SETERR
with Ted Lemon leave in checks for IFF_LOOPBACK and IFF_POINTTOPOINT
in case an OS incorrectly marks them with IFF_BROADCAST.
Patch submitted back to dhcp-server@isc.org
