on builtins (broke longjmp usage) and a better cross-compiling support
in combination with -m32/-m64.
Update configuration to include /usr/include/clang-3.0 in the search
path.
- many security related fixes
- no MAXPATHLEN limits
- fixed missing text specification on ascii magic
- new ``pascal'' style string formats
- whitespace comparison fix
- more magic
Postfix releases 2.8.3, 2.7.4, 2.6.10 and 2.5.13 are available. These contain
a fix for CVE-2011-1720 which affects Postfix SMTP server configurations that
use Cyrus SASL authentication. Besides full releases, patches are available
for Postfix 1.1 and later.
This defect was introduced with the Postfix SASL patch, and is present in all
Postfix versions where the command "postconf mail_release_date" reports a
value of 20000314 (March 14, 2000) or greater.
Note: CVE-2011-1720 does not affect Postfix SMTP servers that use Dovecot
SASL authentication. It also does not affect the common Postfix SMTP server
configurations that use only Cyrus SASL mechanisms PLAIN and LOGIN.
More details will be available at http://www.postfix.org/CVE-2011-1720.html.
Merge the libraries into a single frontend, libmandoc.
Iinitial support for eqn(1) functionality.
Additional changes:
Portability fixes (tbl_opts.c 1.11, tbl_layout.c 1.18, tbl.c 1.25)
HTML space fixe (mdocml_html.c 1.163)
ROFF conditional nesting bug (roff.c 1.131)
* 20-resolv.conf now uses the correct variable for $IF_METRIC
* Exclude interface values when dumping the lease
* Parse static value subnet_mask when it exists instead of deriving from
ip address
* logger calls now resemble dhcpcd calls to syslog(3)
* Reject offered IP address if INADDR_BROADCAST or INADDR_ANY
* Change the route if source address has changed
* Note the address we are requesting in the broadcast log entry
* When operating on one interface, respect the timeout for in dhcpcd.conf
* Escape | and & characters before passing the value to the shell
Ensure we set a valid hostname, DNS domain and NIS domain.
Document the need for input validation in dhcpcd-run-hooks(8).
Fixes CVE-2011-996
Based on a patch to dhcpcd-3 by Marius Tomaschewski <mt@suse.de>
Unset TERM when running GDB
GDB inserts some funny control characters in its output when TERM is set to
e.g. xterm. Workaround this by simply unsetting TERM.
Reported by martin@ and diagnosed by pooka@/martin@.
make the lzf_compress() prototype match the function definition - the
prototype always added the state table argument, although it should be
conditionally compiled in. use the same cpp magic as in the source
file to prototype the function in the header file.
Experimental version released on March 31st, 2011.
This is the first release after the creation of the Kyua project, a more
modular and reliable replacement for ATF. From now on, ATF will change to
accomodate the transition to this new codebase, but ATF will still continue
to see development in the short/medium term. Check out the project page at
http://code.google.com/p/kyua/ for more details.
The changes in this release are:
* Added support to run the tests with the Kyua runtime engine (kyua-cli), a
new package that aims to replace atf-run and atf-report. The ATF tests
can be run with the new system by issuing a 'make installcheck-kyua' from
the top-level directory of the project (assuming the 'kyua' binary is
available during the configuration stage of ATF).
* atf-run and atf-report are now in maintenance mode (but *not* deprecated
yet!). Kyua already implements a new, much more reliable runtime engine
that provides similar features to these tools. That said, it is not
complete yet so all development efforts should go towards it.
* If GDB is installed, atf-run dumps the stack trace of crashing test
programs in an attempt to aid debugging. Contributed by Antti Kantee.
* Reverted default timeout change in previous release and reset its value
to 5 minutes. This was causing several issues, specially when running
the existing NetBSD test suite in qemu.
* Fixed the 'match' output checker in atf-check to properly validate the
last line of a file even if it does not have a newline.
* Added the ATF_REQUIRE_IN and ATF_REQUIRE_NOT_IN macros to atf-c++ to
check for the presence (or lack thereof) of an element in a collection.
* PR bin/44176: Fixed a race condition in atf-run that would crash atf-run
when the cleanup of a test case triggered asynchronous modifications to
its work directory (e.g. killing a daemon process that cleans up a pid
file in the work directory).
* PR bin/44301: Fixed the sample XSLT file to report bogus test programs
instead of just listing them as having 0 test cases.
Retry calls that raise file system errors during cleanup
If a test case mounts user-space (puffs/fuse) file systems or spawns
server processes that create pid files, the termination of the
corresponding processes does not guarantee that the file system is
left in a consistent state immediately. The cleanup routines of both
components (file systems and daemons) may still be running.
This situation causes a race condition between the termination of the
auxiliary processes and our own file system cleanup: the file system
calls performed from within the cleanup routine may raise errors
because the file system is still changing underneath. (E.g. we first
enumerate the contents of a directory and get file X, but when we
attempt to delete file X, it may be gone.)
Deal with this by retrying failing file system calls a few times and
ignoring "expected" errors before giving up.
- Bugfix: postscreen DNSBL scoring error. When a client disconnected
and then reconnected before all DNSBL results for the earlier
session arrived, DNSBL results for the earlier session would be
added to the score for the later session. This is very unlikely
to have affected any legitimate mail.
- Workaround: the SMTP client did not support mail to [ipv6:ipv6addr].
name, provides a proper CPP mode and fixes a number of compat issues
in the integrated assembler.
Build the toolchain compiler optimized and without assertions now.
Really kill subprocesses of a test case before waiting for its completion
Before waiting for any leftover output of the test case after it terminates,
we must ensure that all of its subprocess are really, really dead. Otherwise,
these subprocesses may be sharing the stdout of the test case, in which case
our wait will block (potentially indefinitely).
This finally (well, hopefully) fixes some random lockups exposed by the
NetBSD test suite. Reported by Antti Kantee after
tests/fs/vfs/t_full:p2k_ffs_fillfs was exposing this problem in a pretty
reproducible manner.
tmux is a "terminal multiplexer". It enables a number of terminals (or
windows) to be accessed and controlled from a single terminal. tmux is
intended to be a simple, modern, BSD-licensed alternative to programs
such as GNU screen.
The import of tmux is intended to replace window(1) in the not-too-distant
future. For reference, tmux is also present in the base system of FreeBSD
and OpenBSD.
Approved by core@.
in particular, parse.y was being processed twice.. with one
process leaving a y.tab.h file behind
no need to explicitly add scan.c, parse.c and parse.h to CLEANFILES,
the framework knows they are generated and will remove them
Postfix stable release 2.8.0 is available. This release continues the
move towards improving code and documentation, and making the system
better prepared for changes in the threat environment.
The postscreen daemon (a zombie blocker in front of Postfix) is now
included with the stable release. postscreen now supports TLS and can
log the rejected sender, recipient and helo information. See the
POSTSCREEN_README file for recommended usage scenarios.
Support for DNS whitelisting (permit_rhswl_client), and for pattern
matching to filter the responses from DNS white/blacklist servers
(e.g., reject_rhsbl_client zen.spamhaus.org=127.0.0.[1..10]).
Improved message tracking across SMTP-based content filters; the
after-filter SMTP server can log the before-filter queue ID (the
XCLIENT protocol was extended).
Read-only support for sqlite databases. See sqlite_table(5) and
SQLITE_README.
Support for 'footers' that are appended to SMTP server "reject"
responses. See "smtpd_reject_footer" in the postconf(5) manpage.
confusion in the manpage. Not to mention the examples including
commands that don't exist on NetBSD (killall, sudo), so do a bit of
cleanup (and don't copy from dist, just keep it here)
mDNSResponder -> mdnsd
mdnsd -> mDNSResponder
mDNS -> dns-sd
killall -> pkill
% sudo -> #
syslog(8) -> syslogd(8)
example for syslog -> /dev/null
Xr for pkill, syslogd, dns-sd
"foo > bar" fails when bar is mode 444, and files copied from the
source tree should be expected to perhaps be read only. However, the
copy should have been removed when the sed was added. And, it never
should have been "@"; suppressing it made debugging this harder than
it should have been.
#ifdef inside the macro arguments is undefined behaviour (pcc reports
a syntax error)
This was fixed upstream so change this to be the same as the 4.2.6p3
stable release of ntp (can't find an actual changelog entry that
describes this, so have included the memcpy change also - memmove
is not required here)
Use relevant TargetAddress, not just first one we happen to find.
Following improvement based on feedback from Daisuke Aoyama (author of istgt):
Handle NOP-OUT CmdSN and immediate bit.
Handle NOP-IN TransferTag=0xffffffff.
Interim solution for dealing with Underflow bit in iSCSI response.
iscsi-initiator now talks to istgt and other targets.
Remaining issues:
CHAP support will not work with most targets (maximum 16 octet challenge is
used, but other initiators use up to 1024). However, CHAP can now be
bypassed by not specifying a username.
didn't work (insisted on a username being given and then used, plus always
advertised CHAP to the target). Make initiator work as advertised (i.e.
defaults to auth type none and so don't require a username).
To use CHAP you should explicitly request CHAP:
iscsi-initiator -a chap -u user -h targetname /mountpoint
For backwards compatibility, if a username is given (-u) and no auth type
is specified (-a), it will default to CHAP, i.e. to use none, just give no
username:
iscsi-initiator -h targetname /mountpoint
This means /mnt/mytarget.domain.local/target0/storage is now
/mnt/target0/storage.
Rationale is as follows:
- The hostname used may vary (i.e. name vs FQDN vs IP) which can mess up
mountpoints (especially across multiple hosts e.g. in a shared xen pool)
- Target name is given in the mount anyway so it is redundant
OK agc@
the cpu name and the latter the port name. They had been reversed until
now due to some "smart" stupidity^Wlogic in the upstream configure script,
which is now gone.
This is a pullup of revision f9329ca68da7e8557e0803b5747a12f8c10b1258
plus the corresponding reachover build changes.
Addresses PR bin/44305.
--- 20110215:
Fix audit-history subcommand to include patterns making use of [x-y] notation.
--- 20101212:
Don't warn about _ALPHA, _BETA, _PATCH, _RC, _STABLE mismatches when
pkg_add'ing on NetBSD.
--- 20101122:
Fix crash in pkg_info -X on hand-written packages.
--- 20100915:
Allow https URLs.
--- 20100914:
Add -D flag to pkg_install, to override the "pkg_add -U" check that
all depending packages have their dependencies satisfied by the new
package. Essentially, split off this particular behavior as a special
case of -f, so that -f works as before, unforced works as before, and
one can give -D to override exactly this check, leaving all other
checks intact.
The -D flag is in support of make replace, as the workflow for make
replace is that inter-package dependencies are sometimes violated (but
then one must replace the depending packages, which is what
pkg_rolling-replace does via the unsafe_depends flags).
Add missing break statement in option parsing of "pkg_add -C", riding
the version bump.
- Fix UNUSED macro to not have "NULL EFFECT"
- Add /*CONSTCOND*/ to while (0) loops
- Change do while (1) loops to for (;;)
- remove stray continue from do while (0) loop.
- remove "" in comments that confuse lint
- fix strict aliases
- fix non ansi prototypes
1) libsaslc is an SASL client only.
2) dovecot is an SASL server only.
3) cyrus-sasl is both a client and a server.
4) postfix allows us to have multiple SASL servers and clients.
5) The SASL server to use at runtime is determined by the setting of
"smtpd_sasl_type" in main.cf (note that is smtpd_ not smtp_). If
that is not set, then it defaults to the value of
DEF_SERVER_SASL_TYPE at build time, which if not set, defaults to
"cyrus". See postfix/dist/src/global/mail_params.h.
6) The SASL client to use at runtime is determined by the setting of
"smtp_sasl_type" in main.cf. If that is not set, then it defaults
to the value of DEF_CLIENT_SASL_TYPE at build time, which if not
set, defaults to "cyrus". See postfix/dist/src/global/mail_params.h.
7) If MKCRYPTO is "no", libsaslc will not link as it requires the
crypto libraries, so libsaslc cannot be enabled (as it was before)
without crypto.
8) I have made the definition of DEF_CLIENT_SASL_TYPE conditional on
MKCRYPTO due to (7). Without crypto it will default to cyrus.
9) HAVE_CYRUS_SASL is _never_ defined during a normal build and _never_
should be! It is there for the convenience of users who wish to
install cyrus-sasl and rebuild postfix with it. It is also very
useful for testing if it is suspected that something might be wrong
with libsaslc. PLEASE DO NOT REMOVE IT!
so provide the TARGMACH definition to the compiler here.
(makes no difference to the currently imported sources, but
will be easier for people wanting to try newer sources)
communicate with device-mapper directly. Our lvm stack now looks like this
lvm<->libdevmapper<->libdm<->dm where only libdm knows how our dm protocol
looks like.
No objections on tech-userlevel@.
Upstream sources can be fetched by running "make checkout" in
src/external/bsd/llvm, they will be properly imported once the
integration and missing features are sorted out.
we could link against the static liblua.a here (the Lua dist build
does that) but would need to pass "-Wl,--export-dynamic" to ensure that
all symbols were available, as dlopen() with other modules may cause
problems later.
(tbl_data.c 1.15, tbl_layout.c 1.13, tbl_opts.c 1.8).
This features many small improvements and the initial integration of
tbl(1) support on all output devices.
/var/run/lvm and create it in rc.d/mountcritlocal. Fix dm control device
permissions to allow rw for operator.
Test if we are running lvm commands as operator and if that it's true do not
create vg backups and do not print confusing warning.
for vdev. This makes ztest survive ztest_vdev_LUN_growth test. Replace dummy
VOP_GETATTR with vn_getattr routine which reset vp_size and vattr_size accordingly
to reality.
Revision: 869e092e4986eb5dce90331ca9a64e125d7796eb
Parent: cca40eb08e7469dfe9d6ca982613458f24c1de28
Author: jmmv@NetBSD.org
Date: 12/27/10 21:19:19
Branch: org.NetBSD.atf.src
Changelog:
Recognize sigabrt in the signal checker
Problem found by Paul Goyette.
Changes against parent cca40eb08e7469dfe9d6ca982613458f24c1de28
patched atf-sh/atf-check.cpp
DIOCGWEDGEINFO and DIOCGDINFO. This should fix problem with raidframe + lvm
reported by
Toby Karyadi on current-users@.
Thanks for reporting this issue.
- Centralize CPPFLAGS for DM_DEVICE_{UID,GID,MODE}
- Make DM_DEVICE_GID operator DM_DEVICE_MODE 0640 to be more NetBSD like
- make all the code use DM_DEVICE_MODE instead of hard-coding.
- make sure that all mknod calls are followed by a chown call.
We don't use bzip2 fonts on build and some OS doesn't have bzip2 headers.
Ok'ed by mrg@, martin@, fixes PR/44138.
Should be pulled up to netbsd-5 (and netbsd-5-1).
christos