David Greenman [Tue, 22 Jan 2002 17:38:58 +0000 (17:38 +0000)]
Null commit - the previous log message should have read:
Fixed bug in calculation of amount of file sent when nbytes !=0 and
headers or trailers are supplied. Reported by Vladislav Shabanov
<vs@rambler-co.ru>.
David Greenman [Tue, 22 Jan 2002 17:32:10 +0000 (17:32 +0000)]
Fixed bug in calculation of amount of file to send when nbytes !=0 and
headers or trailers are supplied. Reported by Vladislav Shabanov
<vs@rambler-co.ru>.
Ruslan Ermilov [Tue, 22 Jan 2002 15:15:38 +0000 (15:15 +0000)]
Reincarnate SETUID code in man(1), not compiled in by default.
The code will be fixed for all known security vulnerabilities,
and a make.conf(5) knob (ENABLE_SUID_MAN) will be provided for
those who still want it installed setuid for whatever reasons.
Kirk McKusick [Tue, 22 Jan 2002 06:17:22 +0000 (06:17 +0000)]
This patch fixes a long standing complaint with soft updates in
which small and/or nearly full filesystems would fail with `file
system full' messages when trying to replace a number of existing
files (for example during a system installation). When the allocation
routines are about to fail with a file system full condition, they
make a call to softdep_request_cleanup() which attempts to accelerate
the flushing of pending deletion requests in an effort to free up
space. In the face of filesystem I/O requests that exceed the
available disk transfer capacity, the cleanup request could take
an unbounded amount of time. Thus, the softdep_request_cleanup()
routine will only try for tickdelay seconds (default 2 seconds)
before giving up and returning a filesystem full error. Under typical
conditions, the softdep_request_cleanup() routine is able to free
up space in under fifty milliseconds.
The idea of mapping non-existen characters to space (0x20) was nice alone,
but those maps also used as backward maps for Paste, so space becomes mapped
to last non-existen character on Paste as result.
Fix it by mapping non-existen characters to another non-existen one, i.e. to
0x00, so unused 0x00 can be backward-mapped to some junk without real harm.
Hajimu UMEMOTO [Mon, 21 Jan 2002 20:04:22 +0000 (20:04 +0000)]
- Check the address family of the destination cached in a PCB.
- Clear the cached destination before getting another cached route.
Otherwise, garbage in the padding space (which might be filled in if it was
used for IPv4) could annoy rtalloc.
Return PAM_SERVICE_ERR rather than PAM_USER_UNKNOWN if getpwnam() fails, as
PAM_USER_UNKNOWN will break the chain, revealing to an attacker that the
user does not exist.
Enable OPIE by default, using the no_fake_prompts option to hide it from
users who don't wish to use it. If the admin is worried about leaking
information about which users exist and which have OPIE enabled, the
no_fake_prompts option can simply be removed.
Also insert the appropriate pam_opieaccess lines after pam_opie to break
the chain in case the user is logging in from an untrusted host, or has a
.opiealways file. The entire opieaccess / opiealways concept is slightly
unpammish, but admins familiar with OPIE will expect it to work.
Reviewed by: ache, markm
Sponsored by: DARPA, NAI Labs
Further changes to allow enabling pam_opie(8) by default:
- Ignore the {try,use}_first_pass options by clearing PAM_AUTHTOK before
challenging the user. These options are meaningless for pam_opie(8)
since the user can't possibly know the right response before she sees
the challenge.
- Introduce the no_fake_prompts option. If this option is set, pam_opie(8)
will fail - rather than present a bogus challenge - if the target user
does not have an OPIE key. With this option, users who haven't set up
OPIE won't have to wonder what that "weird otp-md5 s**t" means :)
Reviewed by: ache, markm
Sponsored by: DARPA, NAI Labs
Add a new module, pam_opieaccess(8), which is responsible for checking
/etc/opieaccess and ~/.opiealways so we can decide what to do after
pam_opie(8) fails.
Sponsored by: DARPA, NAI Labs
Reviewed by: ache, markm
Josef Karthauser [Mon, 21 Jan 2002 05:02:21 +0000 (05:02 +0000)]
Merge from NetBSD:
ohci.c: -r1.69 to 1.71
ohcireg.h: -r1.14
Some of these deltas are based upon patches that we submitted back to
NetBSD. They got manifested slightly differently though, so I've brought
back those differences to bring our code bases closer together.
The logs from the NetBSD version of ohci.c:
revision 1.71
date: 2000/02/01 05:42:52; author: augustss; state: Exp; lines: +13 -2
Put some #ifdefs around power and shutdown hooks.
----------------------------
revision 1.70
date: 2000/01/31 22:35:13; author: augustss; state: Exp; lines: +7 -7
Rename TAILMASK to HEADMASK, since it really masks the head pointer.
From FreeBSD.
----------------------------
revision 1.69
date: 2000/01/31 22:09:13; author: augustss; state: Exp; lines: +18 -14
Change where the has table for physical-to-virtual address translation
is handled. Partly from FreeBSD.
Josef Karthauser [Mon, 21 Jan 2002 04:24:33 +0000 (04:24 +0000)]
Merge from NetBSD:
ohci.c: -r1.68
ohcireg.h: -r1.13
date: 2000/01/31 20:17:25; author: augustss; state: Exp;
Fiddle with over-current protect when turning on port power to make
things work for some OHCI controllers.
Maxim Sobolev [Mon, 21 Jan 2002 01:16:11 +0000 (01:16 +0000)]
Allow dump device be configured as early as possible using loader(8) tunable.
This allows obtaining crash dumps from the panics occured during late stages
of kernel initialisation before system enters into single-user mode.
Josef Karthauser [Sun, 20 Jan 2002 23:48:43 +0000 (23:48 +0000)]
Merge from NetBSD:
revision 1.125
date: 2000/09/23 21:00:10; author: augustss; state: Exp; lines: +19 -3
Avoid "bandwidth reclamation" for control transfers. The kue device chokes
on it.
Josef Karthauser [Sun, 20 Jan 2002 23:38:33 +0000 (23:38 +0000)]
Merge from NetBSD:
uhci.c: -r1.124
uhcireg.h: -r1.13
date: 2000/08/13 18:20:14; author: augustss; state: Exp;
Fix race condition when unlinking xfers. Thanks to IWAMOTO Toshihiro
<iwamoto@sat.t.u-tokyo.ac.jp> for analyzing the problem and suggesting a fix.
Fixes PR 10662.
Josef Karthauser [Sun, 20 Jan 2002 20:12:25 +0000 (20:12 +0000)]
Merge from NetBSD:
uhci.c: -r1.123 (and a tiny bit of -r1.92)
uhcivar.h: -r1.32
date: 2000/08/13 16:18:09; author: augustss; state: Exp;
Implement what in Intel-speech is known as "bandwidth
reclamation". It means that we continously poll USB devices
that have a pending transfer instead of polling just once
every ms. This speeds up some transfers at the expense of
using more PCI bandwidth.
Mike Smith [Sun, 20 Jan 2002 08:51:08 +0000 (08:51 +0000)]
Add the 'iir' driver, for the Intel Integrated RAID controllers and
prior ICP Vortex models. This driver was developed by Achim Leubner
of Intel (previously with ICP Vortex) and Boji Kannanthanam of Intel.
Submitted by: "Kannanthanam, Boji T" <boji.t.kannanthanam@intel.com>
MFC after: 2 weeks
Mike Smith [Sun, 20 Jan 2002 06:21:33 +0000 (06:21 +0000)]
ICP have been acquired by Intel, and their driver is now the Intel
Integrated RAID driver, supported by <boji.t.kannanthanam@intel.com> and
<achim.leubner@intel.com>.
Submitted by: "Kannanthanam, Boji T" <boji.t.kannanthanam@intel.com>
Warner Losh [Sun, 20 Jan 2002 03:28:29 +0000 (03:28 +0000)]
The Libretto L series has no $PIR table, but does have a _PIR table.
This typo keeps us from properly routing an interrupt for CardBus
bridges on this machine. So, now we look for $PIR and then _PIR to
cope. With these changes, the Libretto L1 now works properly.
Evidentally, the idea comes from patch that the Japanese version of
RedHat (or against a Japanese version of Red Hat), but my Japanese
isn't good enough to to know for sure.
Reported by: Hiroyuki Aizu-san <eyes@navi.org>
# This may be an MFC candidate, but I'm not yet sure.
Alan Cox [Sun, 20 Jan 2002 00:52:44 +0000 (00:52 +0000)]
o Revision 1.99 ("KSE Milestone 2") left the aio daemons
sleeping on a process object but changed the corresponding
wakeup()s to the thread object. The result was that non-raw
aio ops waited for an aio daemon to timeout before action
was taken. Now, we sleep on the thread object.
Matthew Dillon [Sat, 19 Jan 2002 23:20:02 +0000 (23:20 +0000)]
I've been meaning to do this for a while. Add an underscore to the
time_to_xxx() and xxx_to_time() functions. e.g. _time_to_xxx()
instead of time_to_xxx(), to make it more obvious that these are
stopgap functions & placemarkers and not meant to create a defacto
standard. They will eventually be replaced when a real standard
comes out of committee.
If user not exist in OPIE system, return failure immediately instead
of producing fake prompts with random numbers which can be detected by
potential intruder in two tries and totally confuse non-OPIE users.