src/usr.bin/netstat relies on code from src/sbin/route. WHen building
with -DSMALL, some functions such as mpls_ntoa() or p_rtrmx() are not
built in src/sbin/route. We therefore have to make sure they are not
used in src/usr.bin/netstat.
Don't use warn/err to print error messages about the input, as
prepending the program name to those both isn't helpful and confuses
programs that try to parse compile logs.
that the lhs is a variable reference, a number or a quoted string.
This helps avoid subtle bugs caused by typos.
When conditionals are being evaluated during variable expansion
we cannot be as strict becuase lhs will already have been expanded.
We therefor pass a boolean to Cond_EvalExpression to tell it how
lhs should be treated.
Add unit-tests/cond2.mk to test the above
Reviewed by: christos, joerg
Implement -x xferbufsize set the socket send and receive buffer size,
as per 'xferbuf' in interactive mode.
Patch from Nicholas Mills (via private mail), with minor adjustment by me.
When reading in the original file name from gzip header, we read
in PATH_MAX + 1 bytes from the file. In r281500, strrchr() is
used to strip possible path portion of the file name to mitigate
a possible attack. Unfortunately, strrchr() expects a buffer
that is NUL-terminated, and since we are processing potentially
untrusted data, we can not assert that be always true.
Solve this by reading in one less byte (now PATH_MAX) and
explicitly terminate the buffer after the read size with NUL.
reflected in make.1
Also fix handling to match the behavior described in the comment
of JobPrintCommand (only matters if shell sets hasErrCtl).
A better long term solution is needed since the current behavior
is sub-optimal wrt '-' and different from all other makes.
Reviewed by: christos
they are created on the fly. This makes it clear what the route is for
and allows an optimisation in ip_output() by avoiding a call to
in_broadcast() because most of the time we do talk to a host.
It also avoids a needless allocation for the storage of llinfo_arp and
thus vanishes from arp(8) - it showed as incomplete anyway so this
is a nice side effect.
Guard against this and routes marked with RTF_BLACKHOLE in
ip_fastforward().
While here, guard against routes marked with RTF_BLACKHOLE in
ip6_fastforward().
RTF_BROADCAST is IPv4 only, so don't bother checking that here.
One of motivation of this change is to make the behavior of test(1)
-nt/ot with preserved copy (like cp -p) closer to the NetBSD 6.
Of course whether full timestamps are kept or not depends also on
underlying file system.
The ifdef added in mv(1) since existing ifdefs was our local change
to compile it on solaris (though I couldn't test it):
http://mail-index.netbsd.org/tech-userlevel/2014/11/28/msg008831.html
the X sets, and include the DRM ioctls. Unfortunately the DRM ioctls for
different cards overlap, so until I write some code to merge them, only
enable one (currently the i915).
instead of it being always provided by the rump kernel base. This
move accomplishes two things:
1) it is no longer necessary to provide sysproxy hypercall stubs for
platforms which do not want to use sysproxy
2) it is easier to reason about the security aspects, since configurations
not linking the sysproxy component simply do not support remote
system calls
discussed on rumpkernel-users
races while allowing consistent lockless sampling of the per-cpu
statistics without atomic operations. Update comment describing
the locking protocol to include this.
These files were fumble-fingered out of the last commit.
0001. Do not recognize paths, mail folders, and pipes in mail addresses
by default. That avoids a direct command injection with syntactically
valid email addresses starting with |.
Such addresses can be specified both on the command line, the mail
headers (with -t) or in address lines copied over from previous
while replying.
This was assigned CVE-2014-7844 for some versions of BSD mailx. It is
documented behavior for Heirloom mailx, and was mentioned in an old
technical report about BSD mailx (which does not usually make its way
into operating system installations). The patch switches off this
processing and updates the documentation.
Added expandaddr option to explicitly enable this behavior.
0002. When invoking sendmail, prevent option processing for email
address arguments. This prevents changing e.g. the Postfix
configuration file in unexpected ways. This behavior was documented for
BSD mailx (sort of), but not for Heirloom mailx. We did not assign a
CVE to this because it is more of a missing feature, and code invoking
mailx needs adjustment in the caller as well.
Fixed.
0003. Make wordexp support mandatory. (No functional change.)
Fixed (replaced explicit shell pipe implementation).
0004. Prevent command execution in the expand function, which is IMHO
unexpected. (Not really required with patch 1, and there is still
information disclosure/DoS potential if this expansion occurs.) This is
a historic vulnerability already fixed in the Debian package,
retroactively assigned CVE-2004-2771:
Fixed (as part of the pipe replacement with wordexp).
Define the default, empty "build_kernel" target, so that old source trees,
whose sys/conf/Makefile.kern.inc don't have "build_kernel" .USE target, can
be built.
(When "build_kernel" is defined, the target is overriden, as far as
sys/conf/Makefile.kern.inc is included later than the "netbsd: ..." definition
in sys/arch/*/conf/Makefile.*.)
This should address PR bin/49389.
in private mail, it broke rcp(1).
To achieve the documented behavior and to fix long standing incorrect
rsh(1) behavior which I've tried to fix in rev. 1.36, rcmd(1) should have
two operation mode; whether it should relay signal information on
auxiliary channel or not, depending on the argument `fd2p' passed to rcmd(3).
So, make rcmd(1) behave differntly depending on the environment variable and
set it when necessary in rcmd(3) according to how auxiliary channel
is set up by rcmd(3).
Defer seeking the *input* image, or winding it forward, until we are
certain we all ready in the cloop2 output, because when the input
image is a pipe, we don't get a chance to seek back to the beginning
and start from the top instead of restarting.
If restart does fail, don't try to seek the input image back to the
beginning unless we had already tried to seek or wind it forward.
Add some automatic tests for this and related cases.
XXX pullup to netbsd-7, netbsd-6
Sort per-module kernel objects (*.ko) by dependency weight. Important modules
are placed in lower addresses. The ``machdep'' module will be always placed
in the lowest.
(At this moment, the order is not exact because dependency information is
incomplete in config files (files.*). Thus ``sysmon_power.ko'' comes lower
than ``machdep.ko'' and/or ``uvm.ko''; but still much better than alphabetical
sort.)
o Introduce a new selection directive "select" to select an attribute (as a
module) and its dependencies.
o Support "no select" too.
o Stop abusing "options" to select an attribute.
o Bump config(1) version.
Flag and param are to change contents of attributes (modules). These don't
have code (*.[coS]).
Filesystem definition still defines an attribute (module) implicitly.
nowadays sysctl(3) is the default information retrieval method.
- Fix description about default value for -N; it is no longer a single value
these days, so just say see kvm_openfiles(3) rahter than repeating
several lines description here.
config(1) still keeps backward-compatibility; it is more permissive than
before. The tree, however, needs the updated config(1), mainly to strictly
define attribute ("module") ownership and dependencies.
