races while allowing consistent lockless sampling of the per-cpu
statistics without atomic operations. Update comment describing
the locking protocol to include this.
These files were fumble-fingered out of the last commit.
0001. Do not recognize paths, mail folders, and pipes in mail addresses
by default. That avoids a direct command injection with syntactically
valid email addresses starting with |.
Such addresses can be specified both on the command line, the mail
headers (with -t) or in address lines copied over from previous
while replying.
This was assigned CVE-2014-7844 for some versions of BSD mailx. It is
documented behavior for Heirloom mailx, and was mentioned in an old
technical report about BSD mailx (which does not usually make its way
into operating system installations). The patch switches off this
processing and updates the documentation.
Added expandaddr option to explicitly enable this behavior.
0002. When invoking sendmail, prevent option processing for email
address arguments. This prevents changing e.g. the Postfix
configuration file in unexpected ways. This behavior was documented for
BSD mailx (sort of), but not for Heirloom mailx. We did not assign a
CVE to this because it is more of a missing feature, and code invoking
mailx needs adjustment in the caller as well.
Fixed.
0003. Make wordexp support mandatory. (No functional change.)
Fixed (replaced explicit shell pipe implementation).
0004. Prevent command execution in the expand function, which is IMHO
unexpected. (Not really required with patch 1, and there is still
information disclosure/DoS potential if this expansion occurs.) This is
a historic vulnerability already fixed in the Debian package,
retroactively assigned CVE-2004-2771:
Fixed (as part of the pipe replacement with wordexp).
Define the default, empty "build_kernel" target, so that old source trees,
whose sys/conf/Makefile.kern.inc don't have "build_kernel" .USE target, can
be built.
(When "build_kernel" is defined, the target is overriden, as far as
sys/conf/Makefile.kern.inc is included later than the "netbsd: ..." definition
in sys/arch/*/conf/Makefile.*.)
This should address PR bin/49389.
in private mail, it broke rcp(1).
To achieve the documented behavior and to fix long standing incorrect
rsh(1) behavior which I've tried to fix in rev. 1.36, rcmd(1) should have
two operation mode; whether it should relay signal information on
auxiliary channel or not, depending on the argument `fd2p' passed to rcmd(3).
So, make rcmd(1) behave differntly depending on the environment variable and
set it when necessary in rcmd(3) according to how auxiliary channel
is set up by rcmd(3).
Defer seeking the *input* image, or winding it forward, until we are
certain we all ready in the cloop2 output, because when the input
image is a pipe, we don't get a chance to seek back to the beginning
and start from the top instead of restarting.
If restart does fail, don't try to seek the input image back to the
beginning unless we had already tried to seek or wind it forward.
Add some automatic tests for this and related cases.
XXX pullup to netbsd-7, netbsd-6
Sort per-module kernel objects (*.ko) by dependency weight. Important modules
are placed in lower addresses. The ``machdep'' module will be always placed
in the lowest.
(At this moment, the order is not exact because dependency information is
incomplete in config files (files.*). Thus ``sysmon_power.ko'' comes lower
than ``machdep.ko'' and/or ``uvm.ko''; but still much better than alphabetical
sort.)
o Introduce a new selection directive "select" to select an attribute (as a
module) and its dependencies.
o Support "no select" too.
o Stop abusing "options" to select an attribute.
o Bump config(1) version.
Flag and param are to change contents of attributes (modules). These don't
have code (*.[coS]).
Filesystem definition still defines an attribute (module) implicitly.
nowadays sysctl(3) is the default information retrieval method.
- Fix description about default value for -N; it is no longer a single value
these days, so just say see kvm_openfiles(3) rahter than repeating
several lines description here.
config(1) still keeps backward-compatibility; it is more permissive than
before. The tree, however, needs the updated config(1), mainly to strictly
define attribute ("module") ownership and dependencies.
object files. Disabled for now. Commit this for further experiments.
Kernel (netbsd) has been built as:
netbsd: *.o
ld -o netbsd *.o
Change this to:
netbsd: *.ko
ld -o netbsd *.ko
acpica.ko: ${OBJS.acpica}
ld -r acpica.ko ${OBJS.acpica}
:
You can call *.ko as a module, but this is not only beneficial for loadable
module, but also localize related text/data. Various options/flags/params
will be able to be per-ko. Unnecessary symbols can be hidden. Many ideas
will follow.
specified expression is an attribute, mark the file as belonging to the
attribute.
At this moment this information is not used for any purpose, but can be
traced by config -ddd.
213: warning: can't find font `C'
Because the CW macro wants to use a constant width font is "ascii" mode,
and this does not exist with -Tascii. I don't think this should be fixed
here...
I was originally intending to preserve some of Jarmo Jaakkola's notes
on POSIX make from the PR 49085 changes... but really there's no point
wandering into details about $? and such when the big picture is
"almost everything in this manual works only in BSD make".
Maybe the exact details can be stuffed into a chapter of the mythical
make reference manual if that ever gets (re)written.
appeared in the PR 49085 changes, even though it's not actually
relevant there except tangentially. However, I've reworked most of
that for clarity and added some more.
it's a consequence of what uuencode does. Also note for a more hostile
internet environment that blindly uudecoding files without inspecting
the header is dangerous.
Pursuant to PR 49177.
$() means something special to the shell, so ${} reduces confusion
and is used almost exclusively in the rest of the makefiles.
Discussed with: christos
in a variable assignment simply stores the backslashes as part of the
value, and treats the newline as though it was not escaped. This
is compatible with GNU make.
Many of these tests fail, and I have populated the escape.exp file with
the results that I expect, not with the results that make(1) actually
produces.
Also update the set lists for these tests.
Quite extensive rewrite of the Suff module. Some ripple effects into
Parse and Targ modules too.
Dependency searches in general were made to honor explicit rules so
implicit and explicit sources are no longer applied on targets that
do not invoke a transformation rule.
Archive member dependency search was rewritten. Explicit rules now
work properly and $(.TARGET) is set correctly. POSIX semantics for
lib(member.o) and .s1.a rules are supported.
.SUFFIXES list maintenance was rewritten so that scanning of existing
rules works when suffixes are added and that clearing the suffix list
removes single suffix rules too. Transformation rule nodes are now
mixed with regular nodes so they are available as regular targets too
if needed (especially after the known suffixes are cleared).
The .NULL target was documented in the manual page, especially to
warn against using it when a single suffix rule would work.
A deprecation warning was also added to the manual and make also
warns the user if it encounters .NULL.
Search for suffix rules no longer allows the explicit dependencies
to override the selected transformation rule. A check is made in
the search that the transformation that would be tried does not
already exist in the chain. This prevents getting stuck in an infinite
loop under specific circumstances. Local variables are now set
before node's children are expanded so dynamic sources work in
multi-stage transformations. Make_HandleUse() no longer expands
the added children for transformation nodes, preventing triple
expansion and allowing the Suff module to properly postpone their
expansion until proper values are set for the local variables.
Directory prefix is no longer removed from $(.PREFIX) if the target
is found via directory search.
The last rule defined is now used instead of the first one (POSIX
requirement) in case a rule is defined multiple times. Everything
defined in the first instance is undone, but things added "globally"
are honored. To implement this, each node tracks attribute bits
which have been set by special targets (global) instead of special
sources (local). They also track dependencies that were added by
a rule with commands (local) instead of rule with no commands (global).
New attribute, OP_FROM_SYS_MK is introduced. It is set on all targets
found in system makefiles so that they are not eligible to become
the main target. We cannot just set OP_NOTMAIN because it is one of
the attributes inherited from transformation and .USE rules and would
make any eligible target that uses a built-in inference rule ineligible.
The $(.IMPSRC) local variable now works like in gmake: it is set to
the first prerequisite for explicit rules. For implicit rules it
is still the implied source.
The manual page is improved regarding the fixed features. Test cases
for the fixed problems are added.
Other improvements in the Suff module include:
- better debug messages for transformation rule search (length of
the chain is now visualized by indentation)
- Suff structures are created, destroyed and moved around by a set
of maintenance functions so their reference counts are easier
to track (this also gets rid of a lot of code duplication)
- some unreasonably long functions were split into smaller ones
- many local variables had their names changed to describe their
purpose instead of their type
Don't exit from var.c:Var_Parse() before possible modifiers are handled
on D and F modified versions of local variables. Properly expand $(?D)
and $(?F) too.
Make line continuations in rule's commands POSIX compliant.
Fix the syntax error caused by lib(member) as the last target before
a dependency operator.
Document the line continuation change in the manual page. Also talk
more about the POSIX style local variables and their modifiers.
Add tests covering the fixed problems into d_posix.mk. The test is
a known failure at the moment because of PR 49086 and PR 49092.
[XXX: unconverted tests]
For now, the only test is copied from
src/tests/usr.bin/make/d_unmatchedvarparen.mk. This was
the only test in src/tests/usr.bin/make that was not also in
src/usr.bin/make/unit-tests.
XXX: src/tests/usr.bin/mk should be changed to reach over to
src/usr.bin/make/unit-tests, instead of keeping out of date copies
of the tests.
* Rename each sub-makefile to *.mk;
* Add a *.exp file of expected output for each sub-makefile;
* Remove test.exp, which is replaced by all the other *.exp files.
* Use suffix rules to generate *.rawout and *.out files for
each test case.
* Rewrite the test and accept targets to adapt to the new way.
The old (now removed) test.exp file is almost identical to the
concatenation (in the correct order) of all the new *.exp files. There
are expected differences in makefile names embedded in the output, and
the new "exit status" lines. Some old "*** Error code 1 (ignored)"
lines are also removed (replaced by new "exit status 1" lines).
replaced by the make option COPY_SYMTAB set to any value. The copy of
the symbol table is no longer put into a buffer in kern_ksyms.o, but a
small helper object. This object is build first with a dummy size, then
the kernel is linked to compute the real dimension of the symbol table
buffer. After that, the helper object is rebuild and the kernel linked
again.
search rules in man.conf or MANPATH, it must begin with "/", "./", or
"../". Simply testing whether it contains "/" is wrong, because it
breaks usage like "man 8 vax/boot".
This reverts revision 1.57 dated 2013-10-06,
"Be more permissive in interpreting man pages as filenames".
option.
Allows one to win with declarations like:
no options MSGBUFSIZE
options MSGBUFSIZE="128*1024"
Briefly discussed with cube@, lukem@ and martin@.
* Elide some unnecessary pairs of quotation marks, to improve readability.
For example, shell_quote "''" is now \'\' instead of ''\'''\'''.
* Don't add quotes around words that contain only safe characters,
to improve readability.
* LC_COLLATE=C to prevent [a-zA-Z] from matching non-ASCII characters.
* Use ${SED} if defined.
Avoids:
src/usr.bin/timeout/timeout.c:331:5: error: conversion to 'int' from 'sig_atomic_t' may alter its value [-Werror=conversion]
kill(pid, sig_term);
^
warning from gcc 4.8
Move all the reference manuals to subdirs of /usr/share/doc/reference.
We have subdirs ref1-ref9, corresponding to man page sections 1-9.
Everything that's the reference manual for a program (sections 1, 6,
8), C interface (sections 2, 3), driver or file system (section 4),
format or configuration (section 5), or kernel internal interface
(section 9) belongs in here.
Section 7 is a little less clear: some things that might go in section
7 if they were a man page aren't really reference manuals. So I'm only
putting things in reference section 7 that are (to me) clearly
reference material, rather than e.g. tutorials, guides, FAQs, etc.
This obviously leaves some room for debate, especially without first
editing the docs with this distinction in mind, but if people hate
what I've done things can always be moved again.
Note also that while roff macro man pages traditionally go in section
7, I have put all the roff documentation (macros, tools, etc.) in one
place in reference/ref1/roff. This will make it easier to find and
also easier to edit it into some kind of coherent form.
Update the <bsd.doc.mk> infrastructure, and update the docs to match
the new infrastructure.
- Build and install text, ps, pdf, and/or html, not roff sources.
- Don't wire the chapter numbers into the build system, or use them in
the installed pathnames. This didn't matter much when the docs were a
museum, but now that we're theoretically going to start maintaining
them again, we're going to add and remove documents periodically and
having the chapter numbers baked in creates a lot of thrashing for no
purpose.
- Specify the document name explicitly, rather than implicitly in a
path. Use this name (instead of other random strings) as the name
of the installed files.
- Specify the document section, which is the subdirectory of
/usr/share/doc to install into.
- Allow multiple subdocuments. (That is, multiple documents in one
output directory.)
- Enumerate the .png files groff emits along with html so they can be
installed.
- Remove assorted hand-rolled rules for running roff and roff widgetry
and add enough variable settings to make these unnecessary. This
includes support for
- explicit use of soelim
- refer
- tbl
- pic
- eqn
- Forcibly apply at least minimal amounts of sanity to certain
autogenerated roff files.
- Don't exclude USD.doc, SMM.doc, and PSD.doc directories from the
build, as they now actually do stuff.
Note: currently we can't generate pdf. This turns out to be a
nontrivial problem with no immediate solution forthcoming. So for now,
as a workaround, install compressed .ps as the printable form.
is delivered to the remote process via the secondary channel. So,
the backend driver, rcmd(1), is responsible to watch the file descriptor 2
and transfer the data to the remote process, rather than receiving signal
by itself. Previously, signal generated by tty was sent since rcmd was
incorrectly generated the data, but, for example, signal sent to rsh command
by kill command was ignored.
This ensures we correctly detect errors like:
.if empty(VAR && !empty(FOO)
Var_Subst: if Var_Parse returns var_Error it is an error.
This ensures we detect errors like:
VAR:= ${FOO.${GOO}
- vcache_get() retrieves a referenced and initialised vnode / fs node pair.
- vcache_remove() removes a vnode / fs node pair from the cache.
On cache miss vcache_get() calls new vfs operation vfs_loadvnode() to
initialise a vnode / fs node pair. This call is guaranteed exclusive,
no other thread will try to load this vnode / fs node pair.
Convert ufs/ext2fs, ufs/ffs and ufs/mfs to use this interface.
Remove now unused ufs/ufs_ihash
Discussed on tech-kern.
Welcome to 6.99.41
