1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-19 10:53:58 +00:00
Commit Graph

10816 Commits

Author SHA1 Message Date
Stefan Eßer
79d8aaa992 Fix file selection logic for the RCS/SCCS case, as was done for the simple
file case before. Bump version because of the changed behavior, which now
matches the documentation.

Reviewed by:	pfg
2013-09-05 05:51:15 +00:00
Pawel Jakub Dawidek
7008be5bd7 Change the cap_rights_t type from uint64_t to a structure that we can extend
in the future in a backward compatible (API and ABI) way.

The cap_rights_t represents capability rights. We used to use one bit to
represent one right, but we are running out of spare bits. Currently the new
structure provides place for 114 rights (so 50 more than the previous
cap_rights_t), but it is possible to grow the structure to hold at least 285
rights, although we can make it even larger if 285 rights won't be enough.

The structure definition looks like this:

	struct cap_rights {
		uint64_t	cr_rights[CAP_RIGHTS_VERSION + 2];
	};

The initial CAP_RIGHTS_VERSION is 0.

The top two bits in the first element of the cr_rights[] array contain total
number of elements in the array - 2. This means if those two bits are equal to
0, we have 2 array elements.

The top two bits in all remaining array elements should be 0.
The next five bits in all array elements contain array index. Only one bit is
used and bit position in this five-bits range defines array index. This means
there can be at most five array elements in the future.

To define new right the CAPRIGHT() macro must be used. The macro takes two
arguments - an array index and a bit to set, eg.

	#define	CAP_PDKILL	CAPRIGHT(1, 0x0000000000000800ULL)

We still support aliases that combine few rights, but the rights have to belong
to the same array element, eg:

	#define	CAP_LOOKUP	CAPRIGHT(0, 0x0000000000000400ULL)
	#define	CAP_FCHMOD	CAPRIGHT(0, 0x0000000000002000ULL)

	#define	CAP_FCHMODAT	(CAP_FCHMOD | CAP_LOOKUP)

There is new API to manage the new cap_rights_t structure:

	cap_rights_t *cap_rights_init(cap_rights_t *rights, ...);
	void cap_rights_set(cap_rights_t *rights, ...);
	void cap_rights_clear(cap_rights_t *rights, ...);
	bool cap_rights_is_set(const cap_rights_t *rights, ...);

	bool cap_rights_is_valid(const cap_rights_t *rights);
	void cap_rights_merge(cap_rights_t *dst, const cap_rights_t *src);
	void cap_rights_remove(cap_rights_t *dst, const cap_rights_t *src);
	bool cap_rights_contains(const cap_rights_t *big, const cap_rights_t *little);

Capability rights to the cap_rights_init(), cap_rights_set(),
cap_rights_clear() and cap_rights_is_set() functions are provided by
separating them with commas, eg:

	cap_rights_t rights;

	cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_FSTAT);

There is no need to terminate the list of rights, as those functions are
actually macros that take care of the termination, eg:

	#define	cap_rights_set(rights, ...)				\
		__cap_rights_set((rights), __VA_ARGS__, 0ULL)
	void __cap_rights_set(cap_rights_t *rights, ...);

Thanks to using one bit as an array index we can assert in those functions that
there are no two rights belonging to different array elements provided
together. For example this is illegal and will be detected, because CAP_LOOKUP
belongs to element 0 and CAP_PDKILL to element 1:

	cap_rights_init(&rights, CAP_LOOKUP | CAP_PDKILL);

Providing several rights that belongs to the same array's element this way is
correct, but is not advised. It should only be used for aliases definition.

This commit also breaks compatibility with some existing Capsicum system calls,
but I see no other way to do that. This should be fine as Capsicum is still
experimental and this change is not going to 9.x.

Sponsored by:	The FreeBSD Foundation
2013-09-05 00:09:56 +00:00
Erwin Lansing
7bae7ac04d Reduce WARNS to 0 for dig, host, and nslookup to make them
compile with the optional WITH_BIND_SIGCHASE.

Submitted by:	Andre Albsmeier <Andre.Albsmeier@siemens.com>
Approved by:	delphij (mentor, implicit)
MFC after:	3 days
Sponsored by:	DK Hostmaster A/S
2013-08-30 06:21:00 +00:00
Pedro F. Giffuni
4b97b38825 Drop build option switch for the older GNU patch.
As promised, drop the option to make the older GNU patch
the default.

GNU patch is still being built but something drastic may
happen to it to it before Release.
2013-08-29 00:38:24 +00:00
John-Mark Gurney
7ffbbd985e fix up my copyright and remove third clause.. 2013-08-26 18:51:48 +00:00
Jilles Tjoelker
f92f062e50 kdump: Decode SOCK_CLOEXEC and SOCK_NONBLOCK in socket() and socketpair(). 2013-08-26 17:22:51 +00:00
Joel Dahl
a0b4f76799 Remove EOL whitespace. 2013-08-22 16:01:20 +00:00
Erwin Lansing
08e6ea976b Update Bind to 9.9.3-P2
Notable new features:

*  Elliptic Curve Digital Signature Algorithm keys and signatures in
   DNSSEC are now supported per RFC 6605. [RT #21918]

*  Introduces a new tool "dnssec-verify" that validates a signed zone,
   checking for the correctness of signatures and NSEC/NSEC3 chains.
   [RT #23673]

*  BIND now recognizes the TLSA resource record type, created to
   support IETF DANE (DNS-based Authentication of Named Entities)
   [RT #28989]

*  The new "inline-signing" option, in combination with the
   "auto-dnssec" option that was introduced in BIND 9.7, allows
   named to sign zones completely transparently.

Approved by:	delphij (mentor)
MFC after:	3 days
Sponsored by:	DK Hostmaster A/S
2013-08-22 08:15:03 +00:00
Andrew Turner
4a90491e55 Subversion requires atomic functions we only support on arm with clang. 2013-08-19 17:44:19 +00:00
John Baldwin
bf59b2c504 Remove incorrect 'const' qualifier from pointers to dynamic string
buffers I added in the previous commit.

Pointy hat to:	jhb
MFC after:	1 month
2013-08-19 17:09:14 +00:00
David Chisnall
88169e0388 Add support for parameterised device tree sources to the device tree compiler.
Reviewed by:	brooks
Sponsored by:	DARPA, AFRL
2013-08-19 12:37:13 +00:00
Pawel Jakub Dawidek
f5ffdfc18b Make the "FD" column one character wider, so that "trace" can also align
properly.
2013-08-18 10:44:37 +00:00
Hiroki Sato
84dde578a9 - Use getnameinfo(3) instead of gethostbyaddr(3) or inet_ntop(3).
- Fill sin6_scope_id from in6p.sin6_addr.s6_addr[2].  struct inpcb has
  struct in6_addr for the endpoint addresses, so sin6_scope_id must be filled.
2013-08-17 17:23:42 +00:00
John Baldwin
5aa60b6f21 Add new mmap(2) flags to permit applications to request specific virtual
address alignment of mappings.
- MAP_ALIGNED(n) requests a mapping aligned on a boundary of (1 << n).
  Requests for n >= number of bits in a pointer or less than the size of
  a page fail with EINVAL.  This matches the API provided by NetBSD.
- MAP_ALIGNED_SUPER is a special case of MAP_ALIGNED.  It can be used
  to optimize the chances of using large pages.  By default it will align
  the mapping on a large page boundary (the system is free to choose any
  large page size to align to that seems best for the mapping request).
  However, if the object being mapped is already using large pages, then
  it will align the virtual mapping to match the existing large pages in
  the object instead.
- Internally, VMFS_ALIGNED_SPACE is now renamed to VMFS_SUPER_SPACE, and
  VMFS_ALIGNED_SPACE(n) is repurposed for specifying a specific alignment.
  MAP_ALIGNED(n) maps to using VMFS_ALIGNED_SPACE(n), while
  MAP_ALIGNED_SUPER maps to VMFS_SUPER_SPACE.
- mmap() of a device object now uses VMFS_OPTIMAL_SPACE rather than
  explicitly using VMFS_SUPER_SPACE.  All device objects are forced to
  use a specific color on creation, so VMFS_OPTIMAL_SPACE is effectively
  equivalent.

Reviewed by:	alc
MFC after:	1 month
2013-08-16 21:13:55 +00:00
Gleb Smirnoff
2c32df4489 Provide UTF-8 version of russian calendars. 2013-08-16 07:02:17 +00:00
David Chisnall
8d9c809950 Make carets line up in dtc diagnostics if the line starts with a tab. 2013-08-14 14:34:02 +00:00
Ulrich Spörlein
85981e9950 Belatedly add my birthday and fix a typo. 2013-08-14 08:10:54 +00:00
Jilles Tjoelker
1ca6c7fc31 kdump: Decode AT_FDCWD in first argument of bindat() and connectat(). 2013-08-13 20:33:50 +00:00
Jilles Tjoelker
8447b7cddc kdump: Improve decoding of various *at calls:
* Write AT_FDCWD where appropriate.
* Decode the remaining arguments of openat() etc like open() etc.
2013-08-13 19:57:35 +00:00
Edward Tomasz Napierala
d790b96563 Make check for unknown login class actually work. Previously, using the "-c" option
with login class not defined in login.conf(5) would silently fail, resulting in using
the default login class.
2013-08-12 21:01:01 +00:00
Peter Wemm
9b67bbba3c Give up on using iconv to convert to UTF-8 at build time. I don't see any
practical way to make iconv(1) as a build tool.  Instead pre-convert.
This gives us UTF-8 nvi catalogs even on systems without iconv enabled.
2013-08-12 09:56:52 +00:00
Peter Wemm
6c43122a42 Don't build the UTF-8 version of the catalogs without iconv enabled.
Pointy-hat to:	peter (don't do things at 4am!)
2013-08-11 21:46:06 +00:00
Peter Wemm
e656ab0f3a Don't install a ru_SU.KOI8-R symlink, 'make delete-old' will just remove
it again.
2013-08-11 20:46:05 +00:00
Peter Wemm
f0957ccae4 Update nvi-1.79 to 2.1.1-4334a8297f
This is the gsoc-2011 project to clean up and backport multibyte support
from other nvi forks in a form we can use.

USE_WIDECHAR is on unless building for the rescue crunchgen. This should
allow editing in the native locale encoding.

USE_ICONV depends on make.conf having 'WITH_ICONV=YES' for now.  This
adds the ability to do things like edit a KOI8-R file while having $LANG
set to (say) en_US.UTF-8.  iconv is used to transcode the characters for
display.

Other points:
* It uses gencat and catopen/etc instead of homegrown msg catalog stuff.
* A lot of stuff has been trimmed out, eg: the perl and tcl bindings which
  we could never use in base anyway.
* It uses ncursesw when in widechar mode.  This could be interesting.

GSoC info: http://www.google-melange.com/gsoc/proposal/review/google/gsoc2011/zy/1
Repo at: https://github.com/lichray/nvi2

Obtained from:  Zhihao Yuan <lichray@gmail.com>
2013-08-11 20:03:12 +00:00
Edward Tomasz Napierala
f8a2fe5ead In su(1), fix option ordering and clarify that the login class specified
must be defined in login.conf.

MFC after:	1 month
2013-08-11 11:06:49 +00:00
Simon J. Gerraty
84efbe96f1 ParseGetLine: don't treat a zero byte as end of buffer if P_end says it isn't.
Consume up to next newline, and issue a parse warning.
If no newline found before P_end, carry on as before.
2013-08-10 21:31:35 +00:00
Mark Johnston
a94a4b74bd Pass variables prefixed with both LD_ and LD_32_ to the run-time linker.
This prevents unintentional execution of programs when running ldd(1) on
32-bit Linux binaries.

PR:		175339, 127276
Suggested by:	kib, rstone
Reviewed by:	kib
MFC after:	2 weeks
2013-08-07 00:28:17 +00:00
Peter Wemm
6d2b20fd17 Update serf 1.2.1 -> 1.3.0 for svn 2013-08-02 19:21:46 +00:00
Jilles Tjoelker
9d6d5a7131 find: Allow -delete to delete files given as arguments.
Formerly, a command like find dir1/dir2 -delete would delete everything
under dir1/dir2 but not dir1/dir2 itself.

When -L is not specified and "." can be opened, the fts(3) code underlying
find(1) is careful to avoid following symlinks or being dropped in different
locations by moving the directory fts is currently traversing. If a
problematic concurrent modification is detected, fts will not enter the
directory or abort. Files found in the search are returned via the current
working directory and a pathname not containing a slash.

For paranoia, find(1) verifies this when -delete is used. However, it is too
paranoid about the root of the traversal. It is already assumed that the
initial pathname does not refer to directories or symlinks that might be
replaced by untrusted users; otherwise, the whole traversal would be unsafe.
Therefore, it is not necessary to do the check for fts_level ==
FTS_ROOTLEVEL.

Deleting the pathnames given as arguments can be prevented without error
messages using -mindepth 1 or by changing directory and passing "." as
argument to find. This works in the old as well as the new version of find.

Tested by:	Kurt Lidl
Reviewed by:	jhb
2013-08-02 14:14:23 +00:00
Simon J. Gerraty
51ee2c1cc6 Merge bmake-20130730
Main feature of interest is .MAKE.JOB.PREFIX=
to suppress --- job --- tokens.
2013-08-02 06:25:28 +00:00
Mark Johnston
9e1db66eb4 Properly print arguments to vfork(2) and rfork(2).
PR:		180976
Submitted by:	Yuri <yuri@tsoft.com> (original patch)
MFC after:	1 week
2013-08-01 02:57:04 +00:00
David E. O'Brien
c89bc70064 MFC'ing to 9.2. 2013-07-30 19:21:36 +00:00
Andrey A. Chernov
f1135552c6 grep -i does not work for simple patterns and single byte locales, like
LANG=ru_RU.KOI8-R grep -i <some single KOI8-R letter>
Fix it.

MFC after:      3 days
2013-07-30 18:16:43 +00:00
Dag-Erling Smørgrav
1453595f49 Include an Accept header in requests.
PR:		kern/180917
MFC after:	1 week
2013-07-30 13:07:55 +00:00
Dag-Erling Smørgrav
cb67f01df2 Add Michael Gmelin's name to the copyright statement. 2013-07-30 13:05:51 +00:00
Andriy Gapon
a29cc9a34b Revert r253748,253749
This WIP should not have been committed yet.

Pointyhat to:	avg
2013-07-28 18:44:17 +00:00
Andriy Gapon
c722ec3a51 remove needless inclusion of machine/cpu.h in userland
MFC after:	21 days
2013-07-28 18:35:43 +00:00
Joel Dahl
b5a4266b48 Remove EOL whitespace. 2013-07-28 06:16:12 +00:00
Peter Wemm
4705e3668d Update subversion-1.8.0 -> 1.8.1. Update supporting
components: apr-1.4.6 -> 1.4.8 and apr-util-1.4.1 -> 1.5.2.

This is a post point-zero bug-fix / fix-sharp-edges release, including
some workarounds for UTF-8 for people who haven't yet turned on WITH_ICONV.
2013-07-28 06:02:40 +00:00
Pedro F. Giffuni
21244d5227 Make the BSD-licensed patch the default.
The BSD-licensed patch(1) command has matured and it's behaviour
can be considered equivalent to the older version of GNU patch
in the tree.

The switch has been extensively tested [1] and only two ports
presented regressions, which have since been fixed.

For convenience a new WITH_GNU_PATCH option is available,
but it will likely be removed in the near future.

PR:		176313
Approved by:	portmgr
2013-07-26 21:25:18 +00:00
Dag-Erling Smørgrav
dcd47379ff Implement certificate verification, and many other SSL-related
imrovements; complete details in the PR.

PR:		kern/175514
Submitted by:	Michael Gmelin <freebsd@grem.de>
MFC after:	1 week
2013-07-26 15:53:43 +00:00
Pedro F. Giffuni
b9740ba1a8 patch: style fix
Submitted by:	gogolok
2013-07-24 15:46:49 +00:00
Andrey V. Elsukov
6794f46021 Remove the large part of struct ipsecstat. Only few fields of this
structure is used, but they already have equal fields in the struct
newipsecstat, that was introduced with FAST_IPSEC and then was merged
together with old ipsecstat structure.

This fixes kernel stack overflow on some architectures after migration
ipsecstat to PCPU counters.

Reported by:	Taku YAMAMOTO, Maciej Milewski
2013-07-23 14:14:24 +00:00
Dag-Erling Smørgrav
011a8335f8 mdoc nit 2013-07-21 07:24:25 +00:00
Pawel Jakub Dawidek
de89bd6bc2 Close uniq(1) in the capability mode sandbox and limit descriptors using
capability rights.
2013-07-18 22:11:27 +00:00
Pawel Jakub Dawidek
e14da991ec - Make localtime(3) to work in sandbox.
- Move strerror(3) initialization to its own function.
2013-07-18 21:56:10 +00:00
Gleb Smirnoff
c780f37850 Sweep unused nlist entries.
Sponsored by:	Nginx, Inc.
2013-07-16 12:22:36 +00:00
Gleb Smirnoff
2898a92a21 Nuke "systat -mbuf". It was broken since FreeBSD 5, and since there
haven't been any complaints, no one used it.
2013-07-15 12:15:14 +00:00
Andrey V. Elsukov
05d1f5bce0 Introduce new structure sfstat for collecting sendfile's statistics
and remove corresponding fields from struct mbstat. Use PCPU counters
and SFSTAT_INC() macro for update these statistics.

Discussed with:	glebius
2013-07-15 06:16:57 +00:00
Hiroki Sato
3fddef95af Add -F fibnum option to specify an FIB number for -r flag. 2013-07-12 17:11:30 +00:00