+ Make depend required all the source files to be built before
the dependencies were generated due to some sub-optimal logic
in the version generation.
Fix from Bernd Ernesti in private mail.
+ Make the version string contain ${PROG} as originally intended
and not "ntpd" for all 7 programs.
Also move version generation to Makefile.inc to stop having 7 copies
of exactly the same thing.
to mention here. notable changes are like below.
kernel:
- make PF_KEY kernel interface more robust against broken input stream.
it includes complete internal structure change in sys/netkey/key.c.
- remove non-RFC compliant change in PF_KEY API, in particular,
in struct sadb_msg. we cannot just change these standard structs.
sadb_x_sa2 is introduced instead.
- remove prototypes for pfkey_xx functions from /usr/include/net/pfkeyv2.h.
these functions are not supplied in /usr/lib.
setkey(8):
- get/delete does not require "-m mode" (ignored with warning, if you
specify it)
- spddelete takes direction specification
file, make command specified, and no flags or attrs-which-cause-inclusion
are spec'd. The notion is, if you change either of the last 2, it will
probably have very undesirable results, so only allow the make command to
be changed. override by clobbering the make command in the previous entry.
also, fix a bug where line number of original entry would get clobbered on
dup entry, so that if you had multiple dups the later ones would get bogus
initial definition info.
fhopen() and flock(). This means that if you kill lockd, all locks will
be relased (but you're supposed to kill statd at the same time, so
remote hosts will know it and re-establish the lock).
Tested against solaris 2.7 and linux 2.2.14 clients.
Shared lock are not handled efficiently, they're serialised in lockd when they
could be granted.
with both names. So log the "Unsolicited notification" with LOG_DEBUG
instead of LOG_ERR.
Don't return failure if we received a notification for which the host is
unknown, or we don't have outstanding requests. The remote host will retry
forever otherwise.
had been granted access to the portmapper via hosts.{allow,deny} could use
PMAPPROC_CALLIT to call PMAPPROC_{SET,UNSET} to (un)register services as if
they were running on the local host.
The new code disallows all indirect calls to the portmapper except for
PMAPPROC_NULL unless the -i (insecure) flag has been specified.
While there, add a new flag, -p (paranoid) which also disallows indirect calls
to a small number of other services, including key parts of NFS and NIS. This
code hardcodes the services to be disallowed, and is thus somewhat of a hack,
but will serve for the time being (until portmap is replaced by rpcbind as part
of fvdl's current rpc work, due to happen before 1.5).
Problem pointed out by Frank van der Linden <fvdl@netbsd.org>, solution determined
in discussion with Frank van der Linden and with Bill Sommerfeld <sommerfeld@netbsd.org>.
Some inspiration drawn from the (less general) handling of this problem in Wietse
Venema's libwrap'ed portmap.
use of non-exported function __ivaliduser{,_sa}().
we cannot make __ivaliduser{,_sa}() static yet, since doing that would choke
compiled lpd binaries. we should do it on next libc major version bump.
added a memo on lib/libc/shlib_version.
while here, do some whitespace/const cleanup, convert to use addentry(),
g/c section[] (now uses buf[] directly) - 10 character limit for section
name is gone
- decrease warning level on missing rtadvd.conf (actually, the file
can be omitted)
- strict prototype
- gather stats better, emit stats on SIGUSR1 to /var/run
+ Use _PATH_GROUP and _PATH_MASTERPASSWD (from OpenBSD)
+ Use -G group1,group2,group3 for multiple groups in useradd and usermod
(pointed out by Matt Green, and also changed in OpenBSD, but done more
efficiently here)
+ is_number should not be inside #ifdef EXTENSIONS (from OpenBSD)
+ clear up yet another usage message (for user(8) and group(8)) - noticed
in passing, unknown if fixed anywhere else
support the address family (like including "tcp6" in inetd.conf, on
non-IPv6 kernel).
was:
inetd[185]: ftp/tcp6: *: hostname nor servname provided, or not known
now:
inetd[315]: ftp/tcp6: *: the address family is not supported by the kernel
1. if there is a colon present, use that as a separator for user:group
2. if there is no colon, attempt to convert the arg into a username,
searching backwards in the string for a '.' for us.er.group
3. if the arg doesn't match a username and has a '.' in it, split it
up and try user.group
package matching a certain pattern. Examples:
yui# cd /usr/pkgsrc/packages/i386ELF/All/
yui# ls unzip*
unzip-5.40.tgz unzip-5.41.tgz
yui# pkg_admin lsall 'unzip*'
unzip-5.40.tgz
unzip-5.41.tgz
yui# pkg_admin lsall 'unzip>=5.40'
unzip-5.40.tgz
unzip-5.41.tgz
yui# pkg_admin lsall 'unzip>=5.41'
unzip-5.41.tgz
yui# pkg_admin lsbest 'unzip>=5.40'
unzip-5.41.tgz
yui# pkg_admin lsall /usr/pkgsrc/packages/i386ELF/All/'{mit,unproven}-pthread*'
/usr/pkgsrc/packages/i386ELF/All/mit-pthreads-1.60b6.tgz
This adds a shell/user-interface to pkg-patterns, which are a superset
of sh/csh patterns and can't be expanded by any shell.
a static once-generated version instead. We know we have IPv6
headers available here.
The probing was problematical for several reasons:
o it probed the host headers, not the headers in the build or DESTDIR
tree (could be fixed in another way)
o the probe_ipv6 script mucks with PATH, which would be problematical
for cross compilation.
contents of that header (the only file that includes it compiles to the
same object code on multiple architectures with or without including
<ieeefp.h>), so remove all references to it.
Fix sent to NTP maintainers - they will probably implement this change
after the immenient 4.1.0 release, but don't want to change it so close
to the release date.
- isakmp: print CERT and SIG payload. fix IPsec-AH algorithm type.
- rt6: avoid duplicated IPv6 src/dst.
sync with tcpdump.org.
XXX we need to think about future synchronization with tcpdump.org...
default nis-domain "";
would cause a NULL pointer deref while writing out the lease into
the persistent database if the server didn't include an nis-domain
option in the reply.
From: hiro@takechi.org
XXX checkremote() should be improved. gethostname -> getaddrinfo is
not the right thing to do, we cannot assume DNS FQDNs is configured
as hostname. if the goal here is to check if it is really remote or not,
getifaddrs() is the way to go.
struct dirent *, rather than non-const. this makes scandir(3) the
same as the scandir implementations in libiberty and glibc, and the
select function has no need to modify the dirent.
mellon