users should be configuring via m4 now. If set, use m4 to create the .cf
file. Also, if either SENDMAIL_MC or SENDMAIL_CF is set, 'make install' or
'make distribution' in src/etc/sendmail/ will install the appropriate .cf as
/etc/mail/sendmail.cf. This fixes some mergemaster problems.
PR: conf/13016
and one for Makefile options, pass in the list head and use a common
newopt() routine.
Fix the 'config vmunix' support glue which was broken for a few minutes.
Makefile to the etc/sendmail Makefile to be consistent with all of the
other /var file creations. In doing so, change the Makefile target from
etc-sendmail.cf to distribution as it installs more than just the sendmail.cf.
an interrupt thread while the interrupt thread is blocked on Giant waiting
to execute the interrupt handler being removed. The result was that the
intrhand structure would be free'd, and we would call 0xdeadc0de. The work
around is to check to see if the interrupt thread is idle when removing a
handler. If not, then we mark the interrupt handler as being dead using
the new IH_DEAD flag and don't remove it from the interrupt threads' list
of handlers. When the interrupt thread resumes, it will see a dead handler
while traversing the list of handlers and will remove the handler then.
work because opt_preemption.h wasn't #include'd. Instead, make use of the
do_switch parameter to ithread_schedule() and do the check in the alpha
interrupt code.
OpenSSL ASM optimizations, sysinstall preserving /etc/mail,
savecore -k, pkg_delete(1) now deletes in dependency order.
MFCs noted: ipfilter 3.4.16, ipfw(8) me, gperf 2.7.2,
lpr(1)/lpd(8)/syslogd(8)/logger(1) IPv6-capable,
bzip2(1) packages.
A few typo fixes were backported from RELNOTESng.
Preference was made to features that have been MFC-ed. I'll try to
get HEAD caught up to reality soon.
- Use pci_get_powerstate()/pci_set_powerstate() in all the other drivers
that need them so we don't have to fiddle with the PCI power management
registers directly.
- Use pci_enable_busmaster()/pci_enable_io() to turn on busmastering and
PIO/memory mapped accesses.
- Add support to the RealTek driver for the D-Link DFE-530TX+ which has
a RealTek 8139 with its own PCI ID. (Submitted by Jason Wright)
- Have the SiS 900/National DP83815 driver be sure to disable PME
mode in sis_reset(). This apparently fixes a problem on some
motherboards where the DP83815 chip fails to receive packets.
(Submitted by Chuck McCrobie <mccrobie@cablespeed.com>)
Use the target offset rather than the target Id to reference
the untagged SCB array. The offset and id are identical save
in the twin channel case. This should correct several issues
with the 2742T.
Set the user and goal settings prior to setting the current
settings. This allows the async update routine to filter out
intermediate transfer negotiation updates that may be less
than interesting. The Linux OSM uses this to reduce the amount
of stuff printed to the console.
aic7xxx.seq:
Correct an issue with the aic7770 in twin channel mode.
We could continually attempt to start a selection even
though a selection was already occurring on one channel.
This might have the side effect of hanging our selection
or causing us to select the wrong device.
While here, create a separate polling loop for when we
have already started a selection. This should reduce
the latency of our response to a (re)selection. The diffs
look larger than they really are due to some code rearrangement
to optimize out a jmp.
aic7xxx_freebsd.c:
Use the target offset rather than the target Id to reference
the untagged SCB array. The offset and id are identical save
in the twin channel case. This should correct several issues
with the 2742T.
aic7xxx_inline.h:
Get back in sync with perforce revision ID.
aic7xxx_pci.c:
Identify adapters in ARO mode as such.
Ensure that not only the subvendor ID is correct (9005)
but also that the controller type field is valid before
looking at other information in the subdevice id. Intel
seems to have decided that their subdevice id of 8086
is more appropriate for some of their MBs with aic7xxx
parts than Adaptec's sanctioned scheme.
Add an exclusion entry for SISL (AAC on MB based adapters).
Adapters in SISL mode are owned by the RAID controller, so
even if a driver for the RAID controller is not present,
it isn't safe for us to touch them.
if (error = function(a1, a2))
since it causes a warning with -Wall. Change it so it has an explicit test
against zero,
if ((error = function(a1, a2)) != 0)
credential structure, ucred (cr->cr_prison).
o Allow jail inheritence to be a function of credential inheritence.
o Abstract prison structure reference counting behind pr_hold() and
pr_free(), invoked by the similarly named credential reference
management functions, removing this code from per-ABI fork/exit code.
o Modify various jail() functions to use struct ucred arguments instead
of struct proc arguments.
o Introduce jailed() function to determine if a credential is jailed,
rather than directly checking pointers all over the place.
o Convert PRISON_CHECK() macro to prison_check() function.
o Move jail() function prototypes to jail.h.
o Emulate the P_JAILED flag in fill_kinfo_proc() and no longer set the
flag in the process flags field itself.
o Eliminate that "const" qualifier from suser/p_can/etc to reflect
mutex use.
Notes:
o Some further cleanup of the linux/jail code is still required.
o It's now possible to consider resolving some of the process vs
credential based permission checking confusion in the socket code.
o Mutex protection of struct prison is still not present, and is
required to protect the reference count plus some fields in the
structure.
Reviewed by: freebsd-arch
Obtained from: TrustedBSD Project
a bogus no-op in the usual case where fortune/ is a subdir of games/
(since <bsd.prog.mk> does an equivalent include automatically if
possible), but breaks building fortune when fortune/ is outside of the
games/ tree (since the include was unconditional here). This fix
depends on a previous fix for non-recursiveness of ../Makefile.inc
(it didn't exist).
PR: 25232
treat 0 as a wildcard in src/sys/in_pbc.c:in_pcbnotify()
It's sufficient to check for src|local port, as we'll have no
sessions with src|local port == 0
Without this a attacker sending ICMP messages, where the attached
IP header (+ 8 bytes) has the address and port numbers == 0, would
have the ICMP message applied to all sessions.
PR: kern/25195
Submitted by: originally by jesper, reimplimented by jlemon's advice
Reviewed by: jlemon
Approved by: jlemon
userland tool:
Use the vfs.devfs.generation sysctl to test for devfs presense
(thanks phk!) when devfs is active it will not try to create the
device nodes in /dev and therefore will not complain about the
failure to do so.
Revert the change in the #define for VINUM_DIR in the kernel
header so that vinum can find its device nodes.
Replace perror() with vinum_perror() to print file/line when
DEVBUG is defined (not defined by default).
kernel:
Don't use the #define names for the "superdev" creation since
they will be prepended by "/dev/" (based on VINUM_DIR), instead
use string constants.
Create both debug and non-debug "superdev" nodes in the devfs.
Problem noticed and fix tested by: Martin Blapp <mblapp@fuchur.lan.attic.ch>
pass udp from any 53 to ${oip}
allows an attacker to access ANY local port by simply binding his local
side to 53. The state keeping mechanism is the correct way to allow DNS
replies to go back to their source.
remove_sd_entry() to:
Simplify (hopefully) it by moving all error returns closer to
the beginning of the function.
Return an error when "Error removing subdisk %s: not found in
plex %s\n" would have been reported, as I doubt that we are "OK"
after printing that error message.
