| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r285396,r285398,r285401,r285403,r285405,r285406,r285408,r285409,r285411,
r285412,r285413,r285415,r285418,r285430,r285433,r285434,r285442,r285948,
r285984,r285985,r285989,r285996,r285997,r286045,r286047,r286066,r286150,
r286151,r286152,r286154,r286155,r286156,r286157,r286173,r286196,r286197,
r286198,r286199,r286200,r286201,r286202,r286203,r286204,r286210,r286211,
r286217,r286218,r286258,r286259,r286341,r286775,r286982,r286986,r286991,
r286993
Validate most pw inputs.
Rewrite the way parsing sub arguments is made to simplify code and improve
maintenability
Add -y (NIS) to userdel/usermod
pw userdel -r <rootdir> now deletes directories in the rootdir
Only parse pw.conf when needed
Reject usermod and userdel if the user concerned is not on the user database
supposed to be manipulated
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Issue warning and refuse to proceed further if the configured
repository signature_type is unsupported by bootstrap pkg(7).
Previously, when signature_type specified an unsupported method,
the bootstrap pkg(7) would proceed like when signature_type is
"none". MITM attackers may be able to use this vulnerability and
bypass validation and install their own versions of pkg(8).
At this time, only fingerprint and none are supported by the
bootstrap pkg(7).
FreeBSD's official pkg(8) repository uses the fingerprint method
and is therefore unaffected.
Errata candidate.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
Do a direct commit as the code on head has changed a lot and does not fail in
that case
PR: 202111
Reported by: gondim@bsdinfo.com.br
|
| |
|
|
|
|
|
|
|
|
| |
r273544 (MFC in r273921) changed the -f option allow no arguments in vt
mode (used to reset the font back to the default), but broke the
optionality of the size argument for syscons. Drop the required argument
from syscons' optstring for -f so the optional argument handler works
the same way for both syscons and vt.
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
|
|
|
| |
Ensure the local MANIFEST is always used when verifying remote
distribution sets.
Approved by: re (glebius, insta-MFC)
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
|
|
| |
Fix transposed words in man page.
PR: 201752
Reviewed by: gjb
|
| |
|
|
|
|
|
|
|
| |
Make setproctitle(3) work in Capsicum capability mode. This makes
ctld(8) child processes to indicate initiator address and name in
their titles, similar to what iscsid(8) child processes do.
PR: 181352
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
|
|
|
| |
Allow '@' in unquoted strings, such as with the "path" statement. Note
that one can use any character they like by using double quotes.
PR: 200895
Sponsored by: The FreeBDS Foundation
|
| |
|
|
|
|
| |
Remove OpenSSL dependency from iscsid(8) and ctld(8).
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
|
|
|
| |
Fix off-by-one error in fstyp(8) and geom_label(4) that made them use
a single space (" ") as a CD9660 label name when no label was present.
Similar problem was also present in msdosfs label recognition.
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
|
| |
fstyp(8) ships with 10.2.
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
|
| |
uefisign(8) ships with 10.2.
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
|
|
|
|
| |
Run a shell in the jail when no command is specified.
Add a new flag, -l, for a clean environment, same as jail(8) exec.clean.
Change the GET_USER_INFO macro into a function.
PR: 201300
Submitted by: Willem Jan Withagen
|
| |
|
|
| |
PR: 201289
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
retval is used to test the return of XML_Parse function which is ok if 1 is
returned and retval it directly returned to the main function and used as an
exit value.
if all the parsing part is done reset retval to 0 so that the command return 0
if everything ok
Differential Revision: https://reviews.freebsd.org/D3102
Reviewed by: trasz
Sponsored by: gandi.net
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Use fixed date/time (the time choosen was the time the import was done
on -HEAD) in libntp so we can make reproducible build.
PR: bin/201661
Differential Revision: https://reviews.freebsd.org/D3122
While I'm there also remove libmd from linkage as reported in bin/201738
PR: bin/201738
Submitted by: John Marshall
|
| |
|
|
|
|
|
|
| |
snmp_hostres(3): Fix buffer overflow.
Actually just a typo. Detected by gcc + FORTIFY_SOURCE patches.
CID: 1007594
|
| |
|
|
|
| |
PR: 201594
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Fix offset calculation in variable substitution
in jail.conf. The following did not work correctly:
A="A_${B}_C_${D}"
B="BBBBB"
D="DDDD_${E}_FFFFF"
E="EEEEE"
- Implement PF_IMMUTABLE flag and apply it to "name" and "jid" in
jail.conf parameters. This flag disallows redefinition of the parameter.
"name" and/or "jid" are automatically defined in jail.conf by using
the jail names at the front of jail parameter definitions. However,
one could override them by using a variable with the same name like
$name = "foo". This confused the parser and could end up with SIGSEGV.
Note that this change also affects a case when all of parameters are
defined in the command line arguments, not in jail.conf. Specifically,
"jail -c name=j1 name=j2" no longer works. This should be harmless.
Approved by: re (gjb)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Add auto-detecting workaround for Lenovo GPT boot issue
Add auto-detecting workaround for "GPT Active" boot issue
Allow user to select partitioning scheme in the ufs wizard
PR: 184910
PR: 194359
Approved by: re (gjb), marcel
Relnotes: yes
Sponsored by: ScaleEngine Inc.
Differential Revision: https://reviews.freebsd.org/D3144
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A variable was misspelled resulting in chmod executing on the installer instead of on the target chroot
PR: 191402
MFC: r285553
make /var/audit its own dataset so it is not part of the OS boot environment
PR: 199864
MFC: r285554
Set a mountpoint on the root of the pool so user-created datasets have a mountpoint to inherit
MFC: r285557
Make bsdinstall's zfsboot script align partitions to 4k/1m when the user requests it
PR: 195174
Approved by: re (gjb), brueffer
Relnotes: yes
Sponsored by: ScaleEngine Inc.
|
| |
|
|
|
|
|
|
|
| |
284864,285169-285170,285435:
ntp 4.2.8p3.
Relnotes: yes
Approved by: re (?)
|
| |
|
|
|
|
|
|
|
| |
- allow to create users with uid 0
- fix check duplicates logic
- fix gid policy to be in sync with uid if possible
Reported by: Jan Mikkelsen <janm@transactionware.com>
Approved by: re (marius)
|
| |
|
|
|
|
| |
upstream code
Approved by: re (gjb)
|
| |
|
|
|
|
|
|
| |
current FreeBSD 10 and earlier behavior of using compressed IPv6
addresses in configuration, maps, rulesets, etc. (FreeBSD 11 and
later will use the new default of uncompressed IPv6 addresses.)
Approved by: re (gjb)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
MFH (r276699, r276702, r277057): local control socket
MFH (r276599, r276612, r282087, r282088): build fixes
This brings in Unbound 1.5.3 from head. Local control sockets are now
supported and will be used by default for new installations. Existing
systems will continue to use TCP control sockets until the automated
setup script is re-run ("service local_unbound setup") and the service
restarted ("service local_unbound restart").
Approved by: re (kib)
Relnotes: yes
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When passwd or group information is changed (by pw, vipw, chpass, ...)
temporary file is created and then a rename() call move it to official file.
This operation didn't have any check to make sure data was written to disk
and if a power cycle happens system could end up with a 0 length passwd
or group database.
There is a pfSense bug with more information about it:
https://redmine.pfsense.org/issues/4523
The following changes were made to protect passwd and group operations:
* lib/libutil/gr_util.c:
- Replace mkstemp() by mkostemp() with O_SYNC flag to create temp file
- After rename(), fsync() call on directory for faster result
* lib/libutil/pw_util.c
- Replace mkstemp() by mkostemp() with O_SYNC flag to create temp file
* usr.sbin/pwd_mkdb/pwd_mkdb.c
- Added O_SYNC flag on dbopen() calls
- After rename(), fsync() call on directory for faster result
* lib/libutil/pw_util.3
- pw_lock() returns a file descriptor to master password file on success
Differential Revision: https://reviews.freebsd.org/D2978
Approved by: re (kib), bapt (implicit agreed)
Sponsored by: Netgate
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r275658,r275829,r277652,r277764,r278475,r278767,r278819,r278902,r279256,
r282681,r282683,r282685,r282686,r282687,r282697,r282698,r282699,r282700,
r282709,r282712,r282713,r282716,r282718,r282719,r282720,r282721,r283809,
r283810,r283811,r283814,r283815,r283816,r283818,r283841,r283842,r283843,
r283961,r283962,r284110,r284111,r284112,r284113,r284114,r284117,r284118,
r284119,r284120,r284121,r284122,r284123,r284124,r284126,r284128,r284129,
r284130,r284133,r284135,r284137,r284139,r284140,r284148,r284149,r284392
Lots of cleanup in the pw(8) code
Add pw -R <rootdir>
Add lots of regression tests
More accurate error messages
Approved by: re (kib)
Sponsored by: gandi.net
|
| |
|
|
|
|
| |
dconschat(8): Use NULL instead of 0 for the last argument in execl(3)
Found while experimenting with the gcc sentinel attribute.
|
| | |
|
| |
|
|
| |
- Include commas in valid file-name chars freebsd-update will support
|
| |
|
|
|
|
|
|
|
| |
Speed up `freebsd-update IDS` by using IFS to split fields instead of
forking lots of processes to run echo|cut. In one test this reduced
the CPU time from 980s to 134s and the wallclock time from 806s to
132s.
Submitted by: Oleg Ginzburg
|
| |
|
|
|
|
|
| |
Add logic for detecting non-persistent filesystems being utilized by
workdir which would break the upgrade process upon reboot.
Currently we check for tmpfs and md.
|
| |
|
|
|
| |
Use "RCS tag" instead of "$FreeBSD$ tag", since svn will obediently
expand the latter.
|
| |
|
|
|
|
|
| |
Skip src component if /usr/src is empty.
Submitted by: kczekirda
Reviewed by: cperciva, delphij, nwhitehorn, allanjude
|
| |
|
|
|
|
|
|
| |
Teach ctld about CTL's physical_port and virtual_port fields.
This allows ctld to work with isp(4) virtual ports, specifying them as
isp0/1, isp0/2, etc. There are still problems on isp(4) layer with
disabling those ports after enabling, but hopefully they can be fixed.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Emulate the 'bit test' instruction.
MFC r282259:
Re-implement RTC current time calculation to eliminate the possibility of
losing time.
MFC r282281:
Advertise the MTRR feature via CPUID and emulate the minimal set of MTRR MSRs.
MFC r282284:
When an instruction cannot be decoded just return to userspace so bhyve(8)
can dump the instruction bytes.
MFC r282287:
Don't require <sys/cpuset.h> to be always included before <machine/vmm.h>.
MFC r282296:
Emulate MSR_SYSCFG which is accessed by Linux on AMD cpus when MTRRs are
enabled.
MFC r282301:
Relax limits when transitioning a vector from the IRR to the ISR and also
when extinguishing it from the ISR in response to an EOI.
MFC r282335:
Advertise an additional memory BAR in the "dummy" device emulation.
MFC r282336:
Emulate machine check related MSRs to allow guest OSes like Windows to boot.
MFC r282351:
Don't advertise the Intel SMX capability to the guest.
MFC r282407:
Emulate the 'CMP r/m8, imm8' instruction.
MFC r282519:
Add macros for AMD-specific bits in MSR_EFER: LMSLE, FFXSR and TCE.
MFC r282520:
Emulate guest writes to EFER_MSR properly.
MFC r282558:
Deprecate the 3-way return values from vm_gla2gpa() and vm_copy_setup().
MFC r282571:
Check 'td_owepreempt' and yield the vcpu thread if it is set.
MFC r282595:
Allow byte reads of AHCI registers.
MFC r282784:
Handling indirect descriptors is a capability of the host and not one that
needs to be negotiated. Use the host capabilities field and not the negotiated
field when verifying that indirect descriptors are supported.
MFC r282788:
Allow configuration of the sector size advertised to the guest.
MFC r282865:
Set the subvendor field in config space to the vendor ID. This is required
by the Windows virtio drivers to correctly match a device.
MFC r282922:
Bump the size of the blockif scatter-gather list to 67.
MFC r283075:
Fix off-by-one in array index bounds check. bhyveload would allow you to
create 33 entries on an array that only has 32 slots
MFC r283168:
Temporarily revert r282922 which bumped the max descriptors.
MFC r283255:
Emulate the "CMP r/m, reg" instruction (opcode 39H).
MFC r283256:
Add an option "--get-vmcs-exit-inst-length" to display the instruction length
of the instruction that caused the VM-exit.
MFC r283264:
Change the header type of the emulated host-bridge from type 1 to type 0.
MFC r283293:
Don't rely on the 'VM-exit instruction length' field in the VMCS to always
have an accurate length on an EPT violation.
MFC r283299:
Remove bogus verification of instruction length after instruction decode.
MFC r283308:
Exceptions don't deliver an error code in real mode.
MFC r283657:
Fix non-deterministic delays when accessing a vcpu that was in "running" or
"sleeping" state.
MFC r283973:
Use tunable 'hw.vmm.svm.features' to disable specific SVM features even
though they might be available in hardware. Use tunable 'hw.vmm.svm.num_asids'
to limit the number of ASIDs used by the hypervisor.
MFC r284046:
Fix regression in 'verify_gla()' with the RIP-relative addressing mode.
MFC r284174:
Support guest writes to the TSC by enabling the "use TSC offsetting"
execution control.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allow passthrough devices to be hinted.
MFC r279683:
When ICW1 is issued the edge sense circuit is reset which means that
following an initialization a low-to-high transistion is necesary to
generate an interrupt.
MFC r279925:
Add -p parameter to list PCI device to pass through to the guest.
MFC r281559:
Fix handling of BUS_PROBE_NOWILDCARD in 'device_probe_child()'.
MFC r280447:
When fetching an instruction in non-64bit mode, consider the value of the
code segment base address.
MFC r280725:
Move legacy interrupt allocation for virtio devices to common code.
MFC r280775:
Fix the RTC device model to operate correctly in 12-hour mode.
MFC r280929:
Fix "MOVS" instruction memory to MMIO emulation.
MFC r280968:
Display instruction bytes and %rip prior to aborting due to an instruction
emulation error.
MFC r281145:
Enhance the support for Group 1 Extended opcodes for CMP, AND, OR instructions.
MFC r281542:
Initialize 'error' before use (Coverity IDs 1249748, 1249747, 1249751, 1249749)
MFC r281561:
Prior to aborting due to an ioport error, it is always interesting to see what
the guest's %rip is.
MFC r281611:
If the number of guest vcpus is less than '1' then flag it as an error.
MFC r281612:
Prefer 'vcpu_should_yield()' over checking 'curthread->td_flags' directly.
MFC r281630:
Relax the check on which vectors can be delivered through the APIC. According
to the Intel SDM vectors 16 through 255 are allowed to be delivered via the
local APIC.
MFC r281879:
Missing break in switch case (Coverity ID 1292499)
MFC r281946:
Don't allow guest to modify readonly bits in the PCI config 'status' register.
MFC r281987:
STOS/STOSB/STOSW/STOSD/STOSQ instruction emulation.
MFC r282206:
Implement the century byte in the RTC.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replace bhyve's minimal RTC emulation with a fully featured one in vmm.ko.
MFC r276432:
Initialize all fields of 'struct vm_exception exception' before passing it
to vm_inject_exception().
MFC r276763:
Clear blocking due to STI or MOV SS in the hypervisor when an instruction is
emulated or when the vcpu incurs an exception.
MFC r277149:
Clean up usage of 'struct vm_exception' to only to communicate information
from userspace to vmm.ko when injecting an exception.
MFC r277168:
Fix typo (missing comma).
MFC r277309:
Make the error message explicit instead of just printing the usage if the
virtual machine name is not specified.
MFC r277310:
Simplify instruction restart logic in bhyve.
MFC r277359:
Fix a bug in libvmmapi 'vm_copy_setup()' where it would return success even
if the 'gpa' was in the guest MMIO region.
MFC r277360:
MOVS instruction emulation.
MFC r277626:
Add macro to identify AVIC capability (advanced virtual interrupt controller)
in AMD processors.
MFC r279220:
Don't close a block context if it couldn't be opened avoiding a null deref.
MFC r279225:
Add "-u" option to bhyve(8) to indicate that the RTC should maintain UTC time.
MFC r279227:
Emulate MSR 0xC0011024 when running on AMD processors.
MFC r279228:
Always emulate MSR_PAT on Intel processors and don't rely on PAT save/restore
capability of VT-x. This lets bhyve run nested in older VMware versions that
don't support the PAT save/restore capability.
MFC r279540:
Fix warnings/errors when building vmm.ko with gcc.
|
| |
|
|
| |
PR: bin/196514
|
| |
|
|
|
|
|
| |
Remove the warning about invalid PE checksum; apparently nothing
cares about those checksums anyway.
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
|
| |
Advertise ctlstat(8) a little better.
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
|
| |
Add hint about "volmode=dev" to ctl.conf(5).
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
|
| |
Merge ACPICA 20150515.
Relnotes: yes
|
| |
|
|
|
| |
Reassign copyright statements on several files from Advanced
Computing Technologies LLC to Hudson River Trading LLC.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix pmcstat symbol resolution for userland processes.
When examining existing processes pmcstat fails to
correctly determine the locations of executable sections
of the process due to a miscalculated virtual load address.
This does not affect the newly launched processes as the
same value passed as a "start address" to the pmcstat_image_link()
thus nullifying the effect of it. The issue manifests itself
in processes not being reported in the pmcstat(8) output and
"dubious frames" being reported.
Fix it for now by ignoring all the sections except the executable
one. This won't fix the issue for objects with multiple
executable sections but helps in majority of real world usecases.
The real solution would be to modify the MAP-IN event to include
the appropriate load address so pmcstat(8) won't have to manually
parse object files to try to determine it.
PR: 198147, 198148
Submitted by: stas
|
