webtre
Hosting web di qualit`, performante, veloce e sicuro. I nostri profili di hosting sono stati studiati per andare incontro a tutte le vostre esigenze: dal servizio di hosting condiviso sviluppato per siti hobbystici, all'hosting semidedicato studiato per siti e-commerce o aziendali, al servizio di hosting dedicato per siti web con risorse in termini di CPU e RAM riservate e garantite. Ordina il Tuo sito personale a 250 euro http://hostingwebtre.blogspot.com/ Quality web hosting, high performance, fast and secure. Our hosting profiles are designed to meet all your needs: the service of shared hosting sites developed for hobbies, hosting semidedicato designed for e-commerce site or business, the dedicated hosting service for websites with resources in terms of CPU and RAM reserved and guaranteed. Your website at 250 Eur http://hostingwebtre.blogspot.com/ Questo messaggio e' stato inviato in ottemperanza al Decreto legislativo 196/03 se hai ricevuto questa newsletter per errore, contattare il mittente e comunicare l' avvenuta cancellazione. black74...@gmail.com
Re: counting zero-length matches in sed(1)
Before the 5.0 lock, i rewrote the sed(1) s/// loop to fix multiple bugs with respect to zero-length matches. The patch that went in, http://marc.info/?l=openbsd-techm=131145325927701w=2 had to be backed out due to a regression: When the input did not end in a trailing newline character and there was an empty match at the end, the committed code added a spurious '\0' character to the output. A fix for that was posted, but not committed again to not disrupt the 5.0 release: http://marc.info/?l=openbsd-techm=131167188124500w=2 Here is the full patch against -current including the fix to avoid the regression. OK? Index: process.c === RCS file: /cvs/src/usr.bin/sed/process.c,v retrieving revision 1.17 diff -u -p -r1.17 process.c --- process.c 26 Jul 2011 08:47:07 - 1.17 +++ process.c 17 Sep 2011 08:54:51 - @@ -312,7 +312,7 @@ substitute(struct s_command *cp) { SPACE tspace; regex_t *re; - size_t re_off, slen; + regoff_t slen; int n, lastempty; char *s; @@ -333,60 +333,55 @@ substitute(struct s_command *cp) n = cp-u.s-n; lastempty = 1; - switch (n) { - case 0: /* Global */ - do { - if (lastempty || match[0].rm_so != match[0].rm_eo) { - /* Locate start of replaced string. */ - re_off = match[0].rm_so; - /* Copy leading retained string. */ - cspace(SS, s, re_off, APPEND); - /* Add in regular expression. */ - regsub(SS, s, cp-u.s-new); - } + do { + /* Copy the leading retained string. */ + if (n = 1 match[0].rm_so) + cspace(SS, s, match[0].rm_so, APPEND); - /* Move past this match. */ - if (match[0].rm_so != match[0].rm_eo) { - s += match[0].rm_eo; - slen -= match[0].rm_eo; - lastempty = 0; + /* Skip zero-length matches right after other matches. */ + if (lastempty || match[0].rm_so || + match[0].rm_so != match[0].rm_eo) { + if (n = 1) { + /* Want this match: append replacement. */ + regsub(SS, s, cp-u.s-new); + if (n == 1) + n = -1; } else { - if (match[0].rm_so == 0) - cspace(SS, s, match[0].rm_so + 1, - APPEND); - else - cspace(SS, s + match[0].rm_so, 1, - APPEND); - s += match[0].rm_so + 1; - slen -= match[0].rm_so + 1; - lastempty = 1; + /* Want a later match: append original. */ + if (match[0].rm_eo) + cspace(SS, s, match[0].rm_eo, APPEND); + n--; } - } while (slen 0 regexec_e(re, s, REG_NOTBOL, 0, slen)); - /* Copy trailing retained string. */ - if (slen 0) - cspace(SS, s, slen, APPEND); - break; - default:/* Nth occurrence */ - while (--n) { - s += match[0].rm_eo; - slen -= match[0].rm_eo; - if (!regexec_e(re, s, REG_NOTBOL, 0, slen)) - return (0); } - /* FALLTHROUGH */ - case 1: /* 1st occurrence */ - /* Locate start of replaced string. */ - re_off = match[0].rm_so + (s - ps); - /* Copy leading retained string. */ - cspace(SS, ps, re_off, APPEND); - /* Add in regular expression. */ - regsub(SS, s, cp-u.s-new); - /* Copy trailing retained string. */ + + /* Move past this match. */ s += match[0].rm_eo; slen -= match[0].rm_eo; + + /* +* After a zero-length match, advance one byte, +* and at the end of the line, terminate. +*/ + if (match[0].rm_so == match[0].rm_eo) { + if (*s == '\0' || *s == '\n') + slen = -1; + else +
Re: pflog shows 0.0.0.0.0 0.0.0.0.0
so now that alexander commited his part, I redid mine - much simpler now. Index: net/pf.c === RCS file: /cvs/src/sys/net/pf.c,v retrieving revision 1.772 diff -u -p -r1.772 pf.c --- net/pf.c17 Sep 2011 10:12:37 - 1.772 +++ net/pf.c17 Sep 2011 10:57:42 - @@ -2762,9 +2762,6 @@ pf_test_rule(struct pf_rule **rm, struct u_int16_tvirtual_type, virtual_id; u_int8_t icmptype = 0, icmpcode = 0; - PF_ACPY(pd-nsaddr, pd-src, pd-af); - PF_ACPY(pd-ndaddr, pd-dst, pd-af); - bzero(act, sizeof(act)); act.prio[0] = act.prio[1] = PF_PRIO_NOTSET; bzero(sns, sizeof(sns)); @@ -2782,14 +2779,6 @@ pf_test_rule(struct pf_rule **rm, struct } switch (pd-virtual_proto) { - case IPPROTO_TCP: - pd-nsport = th-th_sport; - pd-ndport = th-th_dport; - break; - case IPPROTO_UDP: - pd-nsport = pd-hdr.udp-uh_sport; - pd-ndport = pd-hdr.udp-uh_dport; - break; #ifdef INET case IPPROTO_ICMP: icmptype = pd-hdr.icmp-icmp_type; @@ -2820,9 +2809,6 @@ pf_test_rule(struct pf_rule **rm, struct } break; #endif /* INET6 */ - default: - pd-nsport = pd-ndport = 0; - break; } pd-osport = pd-nsport; @@ -5762,6 +5748,9 @@ pf_setup_pdesc(sa_family_t af, int dir, } + PF_ACPY(pd-nsaddr, pd-src, pd-af); + PF_ACPY(pd-ndaddr, pd-dst, pd-af); + switch (pd-virtual_proto) { case PF_VPROTO_FRAGMENT: /* @@ -5838,6 +5827,12 @@ pf_setup_pdesc(sa_family_t af, int dir, } #endif /* INET6 */ } + + if (pd-sport) + pd-nsport = *pd-sport; + if (pd-dport) + pd-ndport = *pd-dport; + return (0); } -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
the newer changes in the ports tree (normalization of pkgpath)
I promised yesterday I was going to write an email explaining what this is about. This has got everything to do with reproducible package builds, and the complexity that's package version numbers. First, here's the situation before the change - Take minitube-1.5, for instance. Among other things, it has RUN_DEPENDS = multimedia/gstreamer-0.10/plugins-base this ends up in the package as something like this: @depend multimedia/gstreamer-0.10/plugins-base:gstreamer-plugins-base-*:gstreamer-plugins-base-0.10.35p0 when you want to update a package, very often, the package name itself won't change. So when do we update ? pkg_add actually looks at the depend lines in the package and compares them. That is, the @depend multimedia/gstreamer-0.10/plugins-base:gstreamer-plugins-base-*: part is used as key, and the gstreamer-plugins-base-0.10.35p0 part is used for further comparison. If the set of keys change, the packages won't be comparable based on depend line, and normally, you're supposed to bump the REVISION. Otherwise, pkg_add will complain it doesn't know which is the newest package. Prior to the most recent change, the RUN_DEPENDS was used as-is. Let's look at net/avahi, it contains: RUN_DEPENDS-gtk = net/avahi,-ui,no_mono,no_qt3,no_qt4 thus, the plist for avahi-gtk-0.6.30p2 contains: @depend net/avahi,-ui,no_mono,no_qt3,no_qt4:avahi-ui-*:avahi-ui-0.6.30 However, this is somewhat strange, because the no_mono,no_qt3,no_qt4 part *is* a pseudo-flavor: it is just pertinent to the build, but not at all for a binary package. avahi-gtk would be happy with an avahi-ui that would come as @depend net/avahi,-ui,no_qt4:avahi-ui-*:avahi-ui-0.6.30 But this doesn't work, because the binary packages don't know about pseudo-flavors, and thus net/avahi,-ui,no_qt4 and net/avahi,-ui,no_mono,no_qt3,no_qt4 are completely different things, thus the packages will be different, and non comparable. The change itself - Some time ago, I came to the realization that some stuff were better left to the depending port. We always went there to get the build package name anyways (avahi-ui-0.6.30), but we also decided to get there to grab the pkgspec (the avahi-ui-* part). That's how ports depending on python magically got their python-=2.7,2.8 spec without having to say anything. For instance, youtube-dl-2011.08.04 has: @depend lang/python/2.7:python-=2.7,2.8:python-2.7.1p11 So I realized I could go to the depending port for the pkgpath *as well*. This has the neat effect of putting back the path in a standard order, and of removing pseudo-flavors entirely... it also creates full pkgpaths every time. There was some fallout: all of a sudden, *a lot* of @depend lines in packages would change, and I would need to bump all the affected packages (1980 ports to be exact). Because alongside pseudo-flavors, all multi-package dependencies would have a subpackage appended if it wasn't already there. The result -- Let's go back to our examples. minitube got bumped to minitube-1.5p0 it now sports @depend multimedia/gstreamer-0.10/plugins-base,-main:gstreamer-plugins-base-*:gstreamer-plugins-base-0.10.35p1 because of the subpackage part. youtube-dl-2011-08-04p0 sports: @depend lang/python/2.7,-main:python-=2.7,2.8:python-2.7.1p12 for the same reason. More interestingly, avahi-gtk-0.6.30p3 now says: @depend net/avahi,-ui:avahi-ui-*:avahi-ui-0.6.30p0 That's right, the pseudo-flavors are completely gone. This triggered a small bug in pkg_create (net/avahi,-ui, in that context, means the -ui subpackage of net/avahi with an empty flavor, not a default flavor) which is now fixed. Why this is cool well, the previous way pkgpaths were stored, you had to be really careful how you presented stuff, because equivalent paths would end up as different strings, and thus divergent paths stored in a package, with ill effect. For instance some/dir,flavor1,flavor2 and some/dir,flavor2,flavor1 are now completely equivalent for package building. Also, mentioning a subpackage explicitly (or not mentioning it) won't change the string recorded in the package. And finally, the new version *doesn't care at all* about pseudo-flavors. So, if you want to depend on print/poppler,no_qt,no_qt4 or print/poppler the resulting @depend line will be the same: it will be something like: @depend print/poppler,-main:poppler-*:poppler-0.6.17p1 This can solve some nightmarish situations between subpackages in the same port with pseudo-flavors, where you had to be very careful about which pseudo-flavor you were depending on if you wanted to have reproducible results. Thus removing a lot of the interest of pseudo-flavors to avoid building things (looking at such cases, the current situation is slightly wrong in a lot of directories). There's also the very real possibility to tweak pseudo-flavors in dependencies between individual builds and bulk builds thru dpb. So,
tcpdump: fix for IPv6 and misaligned packets
When you run tcpdump on a 64-bit arch and look at UDP traffic over IPv6 (say NTP or DNS), you'll see preposterous packet sizes. Packets are considered misaligned, copied into a new buffer, but one of the pointer variables isn't updated. Fix below. IPv4 is not affected, because the equivalent function doesn't use bp after the packet has been copied. As a separate issue, tcpdump wants packets to be aligned to sizeof(long) bytes. I guess what it gets from pcap is 4-byte aligned, so on LP64 archs all packets are treated as misaligned. I strongly suspect it should just check for 4-byte alignment, but haven't looked closely yet. Index: print-ip6.c === RCS file: /cvs/src/usr.sbin/tcpdump/print-ip6.c,v retrieving revision 1.14 diff -u -p -r1.14 print-ip6.c --- print-ip6.c 27 Jun 2011 16:54:14 - 1.14 +++ print-ip6.c 17 Sep 2011 15:36:26 - @@ -81,7 +81,7 @@ ip6_print(register const u_char *bp, reg } memmove((char *)abuf, (char *)ip6, min(length, clen)); snapend = abuf + clen; - packetp = abuf; + packetp = bp = abuf; ip6 = (struct ip6_hdr *)abuf; /* We really want libpcap to give us aligned packets */ if (!didwarn) { -- Christian naddy Weisgerber na...@mips.inka.de
BGP implement draft-ietf-grow-mrt-17
This is an update to the MRT dump code to implement the new table dump format specified in draft-ietf-grow-mrt-17. The older formats should still work as before. OK? -- :wq Claudio Index: bgpd.8 === RCS file: /cvs/src/usr.sbin/bgpd/bgpd.8,v retrieving revision 1.39 diff -u -p -r1.39 bgpd.8 --- bgpd.8 15 Oct 2010 07:45:32 - 1.39 +++ bgpd.8 17 Sep 2011 15:52:20 - @@ -212,9 +212,14 @@ control socket .%D April 2009 .Re .Rs -.%R draft-ietf-idr-fsm-subcode-00 +.%R draft-ietf-idr-fsm-subcode-02 .%T Subcodes for BGP Finite State Machine Error -.%D September 2010 +.%D August 2011 +.Re +.Rs +.%R draft-ietf-grow-mrt-17 +.%T MRT routing information export format +.%D August 2011 .Re .Sh HISTORY The Index: bgpd.conf.5 === RCS file: /cvs/src/usr.sbin/bgpd/bgpd.conf.5,v retrieving revision 1.115 diff -u -p -r1.115 bgpd.conf.5 --- bgpd.conf.5 23 Jun 2011 20:35:22 - 1.115 +++ bgpd.conf.5 17 Sep 2011 15:46:37 - @@ -149,7 +149,7 @@ The default is 120 seconds. .It Xo .Ic dump .Op Ic rib Ar name -.Pq Ic table Ns | Ns Ic table-mp +.Pq Ic table Ns | Ns Ic table-mp Ns | Ns Ic table-v2 .Ar file Op Ar timeout .Xc .It Xo @@ -161,17 +161,21 @@ The default is 120 seconds. Dump the RIB, a.k.a. the .Em routing information base , and all BGP messages in Multi-threaded Routing Toolkit (MRT) format. -Dumping the RIB is normally an expensive operation, -but it should not influence the session handling. It is possible to dump alternate RIB with the use of .Ar name . .Pp For example, the following will dump the entire table to the .Xr strftime 3 Ns -expanded filename. -The +Only the +.Ic table-v2 +format is able to dump a multi-protocol RIB correctly. +Both +.Ic table +and .Ic table-mp -format is multi-protocol capable but often not supported by 3rd-party tools. +formats are more or less limited when handling multi-protocol entries and +are only left around to support 3rd party tools not handling the new format. The timeout is optional: .Bd -literal -offset indent dump table /tmp/rib-dump-%H%M 300 Index: mrt.c === RCS file: /cvs/src/usr.sbin/bgpd/mrt.c,v retrieving revision 1.70 diff -u -p -r1.70 mrt.c --- mrt.c 2 Sep 2010 14:03:21 - 1.70 +++ mrt.c 17 Sep 2011 12:59:46 - @@ -32,10 +32,12 @@ #include mrt.h -int mrt_attr_dump(struct ibuf *, struct rde_aspath *, struct bgpd_addr *); +int mrt_attr_dump(struct ibuf *, struct rde_aspath *, struct bgpd_addr *, int); int mrt_dump_entry_mp(struct mrt *, struct prefix *, u_int16_t, struct rde_peer*); int mrt_dump_entry(struct mrt *, struct prefix *, u_int16_t, struct rde_peer*); +int mrt_dump_entry_v2(struct mrt *, struct rib_entry *, u_int32_t); +int mrt_dump_peer(struct ibuf *, struct rde_peer *); int mrt_dump_hdr_se(struct ibuf **, struct peer *, u_int16_t, u_int16_t, u_int32_t, int); int mrt_dump_hdr_rde(struct ibuf **, u_int16_t type, u_int16_t, u_int32_t); @@ -45,7 +47,7 @@ int mrt_open(struct mrt *, time_t); do {\ u_char t = (b);\ if (ibuf_add((x), t, sizeof(t)) == -1) { \ - log_warnx(mrt_dump1: ibuf_add error); \ + log_warn(mrt_dump1: ibuf_add error); \ goto fail; \ } \ } while (0) @@ -55,7 +57,7 @@ int mrt_open(struct mrt *, time_t); u_int16_t t; \ t = htons((s)); \ if (ibuf_add((x), t, sizeof(t)) == -1) { \ - log_warnx(mrt_dump2: ibuf_add error); \ + log_warn(mrt_dump2: ibuf_add error); \ goto fail; \ } \ } while (0) @@ -65,7 +67,7 @@ int mrt_open(struct mrt *, time_t); u_int32_t t; \ t = htonl((l)); \ if (ibuf_add((x), t, sizeof(t)) == -1) { \ - log_warnx(mrt_dump3: ibuf_add error); \ + log_warn(mrt_dump3: ibuf_add error); \ goto fail; \ } \ } while (0) @@ -74,7 +76,7 @@ int mrt_open(struct mrt *, time_t); do {
Fix for openssl bug #2240
http://rt.openssl.org/Ticket/Display.html?id=2240user=guestpass=guest This affects us, I noticed when I had problems connecting with gajim to a certain server using TLS. Below patch lifted from openssl CVS fixes this. On a different note, we still have openssl 1.0.0a when OpenSSL 1.0.0e is now available, including important bug and security fixes. -- viq Index: src/ssl/t1_lib.c === RCS file: /cvs/src/lib/libssl/src/ssl/t1_lib.c,v retrieving revision 1.8 diff -u -d -r1.8 t1_lib.c --- src/ssl/t1_lib.c10 Feb 2011 22:40:27 - 1.8 +++ src/ssl/t1_lib.c17 Sep 2011 20:57:50 - @@ -1453,23 +1453,20 @@ int al = SSL_AD_UNRECOGNIZED_NAME; #ifndef OPENSSL_NO_EC - /* If we are client and using an elliptic curve cryptography cipher suite, then server -* must return a an EC point formats lists containing uncompressed. + /* If we are client and using an elliptic curve cryptography cipher +* suite, then if server returns an EC point formats lists extension +* it must contain uncompressed. */ unsigned long alg_k = s-s3-tmp.new_cipher-algorithm_mkey; unsigned long alg_a = s-s3-tmp.new_cipher-algorithm_auth; if ((s-tlsext_ecpointformatlist != NULL) (s-tlsext_ecpointformatlist_length 0) + (s-session-tlsext_ecpointformatlist != NULL) (s-session-tlsext_ecpointformatlist_length 0) ((alg_k (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a SSL_aECDSA))) { /* we are using an ECC cipher */ size_t i; unsigned char *list; int found_uncompressed = 0; - if ((s-session-tlsext_ecpointformatlist == NULL) || (s-session-tlsext_ecpointformatlist_length == 0)) - { - SSLerr(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT,SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST); - return -1; - } list = s-session-tlsext_ecpointformatlist; for (i = 0; i s-session-tlsext_ecpointformatlist_length; i++) {
cross-gcc for itanium
This makes the cross-gcc target for ia64 build, okay? Index: config.gcc === RCS file: /cvs/src/gnu/usr.bin/gcc/gcc/config.gcc,v retrieving revision 1.20 diff -u -p -r1.20 config.gcc --- config.gcc 18 Mar 2010 19:39:48 - 1.20 +++ config.gcc 18 Sep 2011 02:03:14 - @@ -1512,6 +1512,12 @@ ia64*-*-freebsd*) tmake_file=${tmake_file} ia64/t-ia64 extra_parts=crtbegin.o crtend.o crtbeginS.o crtendS.o crtfastmath.o ;; +ia64*-*-openbsd*) + tm_file=${tm_file} dbxelf.h elfos.h ${fbsd_tm_file} ia64/sysv4.h ia64/openbsd.h ia64/ia64.h + target_cpu_default=MASK_GNU_AS|MASK_GNU_LD + tmake_file=${tmake_file} ia64/t-ia64 + extra_parts=crtbegin.o crtend.o crtbeginS.o crtendS.o crtfastmath.o + ;; ia64*-*-linux*) tm_file=${tm_file} dbxelf.h elfos.h svr4.h linux.h ia64/sysv4.h ia64/linux.h tmake_file=t-slibgcc-elf-ver t-linux ia64/t-ia64 ia64/t-glibc Index: config/ia64/openbsd.h === RCS file: config/ia64/openbsd.h diff -N config/ia64/openbsd.h --- /dev/null 1 Jan 1970 00:00:00 - +++ config/ia64/openbsd.h 18 Sep 2011 02:03:14 - @@ -0,0 +1,53 @@ +/* Definitions for Intel IA-64 running FreeBSD using the ELF format + Copyright (C) 2001 Free Software Foundation, Inc. + Contributed by David E. O'Brien obr...@freebsd.org and BSDi. + +This file is part of GNU CC. + +GNU CC is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU CC is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU CC; see the file COPYING. If not, write to +the Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA. */ + + +#define LINK_SPEC \ + %{p:%e`-p' not supported; use `-pg' and gprof(1)}\ + %{Wl,*:%*} \ + %{assert*} %{R*} %{rpath*} %{defsym*} \ + %{shared:-Bshareable %{h*} %{soname*}} \ + %{symbolic:-Bsymbolic} \ + %{!shared: \ +%{!static: \ + %{rdynamic:-export-dynamic} \ + %{!dynamic-linker:-dynamic-linker /usr/libexec/ld-elf.so.1}} \ +%{static:-Bstatic}} + + +/[ Target stuff ]***/ + +/* Define the actual types of some ANSI-mandated types. + Needs to agree with machine/ansi.h. GCC defaults come from c-decl.c, + c-common.c, and config/arch/arch.h. */ + +/* Earlier headers may get this wrong for FreeBSD. + We use the GCC defaults instead. */ +#undef WCHAR_TYPE + +#undef WCHAR_TYPE_SIZE +#define WCHAR_TYPE_SIZE 32 + +#undef TARGET_VERSION +#define TARGET_VERSION fprintf (stderr, (OpenBSD/IA-64 ELF)); + +#define TARGET_ELF 1 + +#define JMP_BUF_SIZE 76