contrib/openbsm (svn merge) and src/sys/{bsm,security/audit} (manual
merge). Add libauditd build parts and add to auditd's linkage;
force libbsm to build before libauditd.
OpenBSM history for imported revisions below for reference.
MFC after: 1 month
Sponsored by: Apple Inc.
Obtained from: TrustedBSD Project
OpenBSM 1.1 alpha 4
- With the addition of BSM error number mapping, we also need to map the
local error number passed to audit_submit(3) to a BSM error number,
rather than have the caller perform that conversion.
- Reallocate user audit events to avoid collisions with Solaris; adopt a
more formal allocation scheme, and add some events allocated in Solaris
that will be of immediate use on other platforms.
- Add an event for Calife.
- Add au_strerror(3), which allows generating strings for BSM errors
directly, rather than requiring applications to map to the local error
space, which might not be able to entirely represent the BSM error
number space.
- Major auditd rewrite for launchd(8) support. Add libauditd library
that is shared between launchd and auditd.
- Add AUDIT_TRIGGER_INITIALIZE trigger (sent via 'audit -i') for
(re)starting auditing under launchd(8) on Mac OS X.
- Add 'current' symlink to active audit trail.
- Add crash recovery of previous audit trail file when detected on audit
startup that it has not been properly terminated.
- Add the event AUE_audit_recovery to indicated when an audit trail file
has been recovered from not being properly terminated. This event is
stored in the new audit trail file and includes the path of recovered
audit trail file.
- Mac OS X and FreeBSD dependent code in auditd.c is separated into
auditd_darwin.c and auditd_fbsd.c files.
- Add an event for the posix_spawn(2) and fsgetpath(2) Mac OS X system
calls.
- For Mac OS X, we use ASL(3) instead of syslog(3) for logging.
- Add support for NOTICE level logging.
OpenBSM 1.1 alpha 3
- Add two new functions, au_bsm_to_errno() and au_errno_to_bsm(), to map
between BSM error numbers (largely the Solaris definitions) and local
errno(2) values for 32-bit and 64-bit return tokens. This is required
as operating systems don't agree on some of the values of more recent
error numbers.
- Fix a bug how au_to_exec_args(3) and au_to_exec_env(3) calculates the
total size for the token. This buge.
- Deprecated Darwin constants, such as TRAILER_PAD_MAGIC, removed.
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,
The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.
Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:
- Kip Macy revised the locking code completely, thus completing
the last piece of the puzzle, Kip has also been conducting
active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
me maintaining that branch before the svn conversion
- Instead of including protocol info in diffs, strip them before adding
deltatext and take this into account when applying the diff later.
- Don't use strlen when the string in the RCS file may contain garbage. This got
caught in the checksumming before, but was not fixed until now. Instead of
using strlen, pass the token length when adding log and text entries to a
delta. Add an extra length parameter to duptext() to record the token length.
- When adding new branches to a file, add them in at the tail instead of the
head of the list to get correct ordering when writing out.
- Input stream when diffing was opened twice.
- Don't expand keywords in diffs between deltas.
contrib/openbsm (svn merge) and sys/{bsm,security/audit} (manual merge).
- Add OpenBSM contrib tree to include paths for audit(8) and auditd(8).
- Merge support for new tokens, fixes to existing token generation to
audit_bsm_token.c.
- Synchronize bsm includes and definitions.
OpenBSM history for imported revisions below for reference.
MFC after: 1 month
Sponsored by: Apple Inc.
Obtained from: TrustedBSD Project
--
OpenBSM 1.1 alpha 2
- Include files in OpenBSM are now broken out into two parts: library builds
required solely for user space, and system includes, which may also be
required for use in the kernels of systems integrating OpenBSM. Submitted
by Stacey Son.
- Configure option --with-native-includes allows forcing the use of native
include for system includes, rather than the versions bundled with OpenBSM.
This is intended specifically for platforms that ship OpenBSM, have adapted
versions of the system includes in a kernel source tree, and will use the
OpenBSM build infrastructure with an unmodified OpenBSM distribution,
allowing the customized system includes to be used with the OpenBSM build.
Submitted by Stacey Son.
- Various strcpy()'s/strcat()'s have been changed to strlcpy()'s/strlcat()'s
or asprintf(). Added compat/strlcpy.h for Linux.
- Remove compatibility defines for old Darwin token constant names; now only
BSM token names are provided and used.
- Add support for extended header tokens, which contain space for information
on the host generating the record.
- Add support for setting extended host information in the kernel, which is
used for setting host information in extended header tokens. The
audit_control file now supports a "host" parameter which can be used by
auditd to set the information; if not present, the kernel parameters won't
be set and auditd uses unextended headers for records that it generates.
OpenBSM 1.1 alpha 1
- Add option to auditreduce(1) which allows users to invert sense of
matching, such that BSM records that do not match, are selected.
- Fix bug in audit_write() where we commit an incomplete record in the
event there is an error writing the subject token. This was submitted
by Diego Giagio.
- Build support for Mac OS X 10.5.1 submitted by Eric Hall.
- Fix a bug which resulted in host XML attributes not being arguments so
that const strings can be passed as arguments to tokens. This patch was
submitted by Xin LI.
- Modify the -m option so users can select more then one audit event.
- For Mac OS X, added Mach IPC support for audit trigger messages.
- Fixed a bug in getacna() which resulted in a locking problem on Mac OS X.
- Added LOG_PERROR flag to openlog when -d option is used with auditd.
- AUE events added for Mac OS X Leopard system calls.
- Handle the case where a repository may have been copied, and the symlinks have
not been preserved. CVSup removes the files and creates the symlinks, so
enable this behaviour in csup as well.
- While there, fix comments and style issues.
- Use internal xmalloc instead of malloc.
- Include missing header after warnings.
- Fix unneeded printouts.
- Fix a bug when checking the CO_NORSYNC flag.
- This also removes $FreeBSD$ from two now unmodifed source files
ncurses/tinfo/lib_raw.c and ncurses/tinfo/lib_baudrate.c
MFC after: 2 months (after 7.1 and 6.4 are released)
Some time ago I got some reports MPSAFE TTY broke telnetd(8). Even
though it turned out to be a different problem within the TTY code, I
spotted a small issue with telnetd(8). Instead of allocating PTY's using
openpty(3) or posix_openpt(2), it used its own PTY allocation routine.
This means that telnetd(8) still uses /dev/ptyXX-style devices.
I've also increased the size of line[]. Even though 16 should be enough,
we already use 13 bytes ("/dev/pts/999", including '\0'). 32 bytes gives
us a little more freedom.
Also enable -DSTREAMSPTY. Otherwise telnetd(8) strips the PTY's pathname
to the latest slash instead of just removing "/dev/" (e.g. /dev/pts/0 ->
0, instead of pts/0).
Reviewed by: rink
previously in order to ensure it fit properly in the bufer when encoded.
This prevents a debugging printf from firing if a source or destination
host name for an smb mount exceeds 15 characters.
MFC after: 3 days
Obtained from: Apple, Inc.
files if the client supports it. The support is implemented with an API to
operate on files, calculating the rolling checksum and md5 checksum for the
blocks etc.
- Remove unneeded stream_filter_stop and stream_flush before stream_close.
different version has been committed upstream in the libpcap vendor branch.
This will allow people to experiment with zero-copy bpf(4) without requiring
external patches.
Note to enable this functionality:
sysctl net.bpf.zerocopy_enable=1
By default, libpcap will use the legacy buffering method unless this sysctl
variable is set to 1.
For the details about zero-copy bpf(4) implementation see svn change r177548.
Requested by: many
Discussed with: sam
In collaboration with: rwatson
loop pointed out by cognet@ that occurs when calling strtod() with a
string representing a number between DBL_MAX and 2*DBL_MAX, when the
rounding mode is anything other than the default.
Note: As the first merge since the conversion to svn, it includes many
propset changes to get the proper svn:eol-style and svn:mime-type on the
files (as merged from the fixed up vendor/dist area).
MFC after: 3 days
operating systems. Previously, gcc would inhibit the generation of
fsqrt, fsin, and several other floating point instructions, for the
benefit of the old in-kernel math emulator, which was removed over 5
years ago.
This works around a bug in HP-UX's telnet client and also gives a much
saner user experience when using FreeBSD's telnet client.
PR: bin/19405
Submitted by: Joel Ray Holveck joelh of gnu.org
MFC after: 1 month
own purposes. To pull this off, it defines _KERNEL before including the
headers where these structures are defined. This leads to no end of
trouble when some of these headers, or other headers that they include,
change, as demonstrated by r180755.
The quick fix in this particular case is to define _WANT_FILE instead of
_KERNEL, conditional on __FreeBSD__. A better long-term fix is left as
an exercise to the reader.
The xgetpass() function pushes a cleanup entry for &osa, but then
attempts to flush the stack until an entry matching &sa. The two
object pointers do not match, so the stack is popped too much,
and then cleanup_until calls abort() when it unexpectedly hits
the bottom of the cleanup stack.
Reported by: Paul B. Mahol, onemda at gmail.com,
Pietro Cerutti, gahr at gahr.ch
PR: bin/124191
Reviewed by: mp, kris
MFC after: 2 days
the patch from ISC for lib/bind9/check.c and deletion of unused
files in lib/bind.
This version will by default randomize the UDP query source port
(and sequence number of course) for every query.
In order to take advantage of this randomization users MUST have an
appropriate firewall configuration to allow UDP queries to be sent and
answers to be received on random ports; and users MUST NOT specify a
port number using the query-source[-v6] options.
The avoid-v[46]-udp-ports options exist for users who wish to eliminate
certain port numbers from being chosen by named for this purpose. See
the ARM Chatper 6 for more information.
Also please note, this issue applies only to UDP query ports. A random
ephemeral port is always chosen for TCP queries.
This issue applies primarily to name servers whose main purpose is to
resolve random queries (sometimes referred to as "caching" servers, or
more properly as "resolving" servers), although even an "authoritative"
name server will make some queries, primarily at startup time.
All users of BIND are strongly encouraged to upgrade to the latest
version, and to utilize the source port randomization feature.
This update addresses issues raised in:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447http://www.kb.cert.org/vuls/id/800113http://tools.ietf.org/html/draft-ietf-dnsext-forgery-resilience
conflicts due to radically different approaches to security and bug fixes.
In some cases I re-started from the vendor version and reimplemented our
patches. Fortunately, this is not enabled by default in -current.
for FreeBSD as well.
This is the fix for __gthread_active_p() returning false positives
which was committed as rev. 1.1.1.8.2.1 to RELENG_7 but now looped
back to the vendor branch via the GCC repository and relicensed to
be GPLv2 by me.
Thanks go to gerald@ for getting the fix approved upstream and for
committing to the GCC repository.
PR: 119289
Approved by: core
and netgraph in gernal). This also allows to add queues for an interface
that is not yet existing (you have to provide the bandwidth for the
interface, however).
PR: kern/106400, kern/117827
MFC after: 2 weeks
rev 1.27 ("iso8601" option keyword) revs 1.12/1.10/1.5/1.4 ($CVSHeader$
support) rev 1.2 ($CVS_LOCAL_BRANCH_NUM support for local commit
feature of cvsup) into version 1.11-20080310.
rev 1.4 (1.12 CVSROOT/config keyword expansion forward compatability)
into version 1.11-20080310.
Note the vendor has also added some forward compatability support.
We should determine if we can live with just the vendor's method.
"CVS_OPTIONS"), rev 1.14 ('-g' option to support shared-group access),
rev 1.7 ('-R' read-only repository mode), rev 1.6 (support for checking
out from a read-only repository), revs 1.4 & 1.5 ("tagexpand=")
into version 1.11-20080310. Note the vendor accepted my "blame" alias.
-T CVS/Template support, rev 1.9: new long flag that causes cvs to ignore
the CVSROOT/passwd file, rev 1.3: support for checking out from a read-only
repository, rev. 1.2: support for local $Id$ keyword into cvs 1.11-20080310.
rev 1.2: fix a problem sometimes seen when doing checkouts from a local repo
and committing via remote cvs (a cvs -d override of the mismatched CVS/Root
files was missing) into cvs 1.11-20080310.
Note that rev 1.4 (default CVS_RSH to "ssh") will not be handled thru the
vendor's config.h.
find the corresponding AS for that IP (-a switch).
We can also choose a different whois server with the -A switch. The
default is whois.radb.net.
Obtained from: NetBSD
Reviewed by: bms, njl (mentor)
Approved by: njl (mentor)
times when it shouldn't). The PR's patch has been incorporated upstream
as magic.c rev 1.46.
PR: 107676
Submitted by: Dr. Markus Waldeck <waldeck@gmx.de>
cplus_demangle_type. This is the rev 1.50-1.51 change.
Our addr2line, etc.. would crash if used on C++ code that contains
certain symbol types. One example is
_ZN13PatternDriver23StringScalarDeleteValueC1ERKNS_25ConflateStringScalarValueERKNS_25AbstractStringScalarValueERKNS_12TemplateEnumINS_12pdcomplementELZNS_16complement_namesEELZNS_14COMPLEMENTENUMEEEE
rev 1.27 ("iso8601" option keyword) revs 1.12/1.10/1.5/1.4 ($CVSHeader$
support) rev 1.2 ($CVS_LOCAL_BRANCH_NUM support for local commit
feature of cvsup) into version 1.11.22.
Note rev 1.21 ("-D date" checkout bug relating to 1.1.1.1 vs 1.1
revisions), rev 1.13 (allow -D'date' with -r'branch' on a checkout),
rev 1.6 (use xstrdup rather than strdup) are fixed in the vendor sources
rev 1.17 (environtmental var "CVS_OPTIONS"), rev 1.14 ('-g' option to
support shared-group access), rev 1.7 ('-R' read-only repository mode),
rev 1.6 (support for checking out from a read-only repository),
revs 1.4 & 1.5 ("tagexpand=") into version 1.11.22.
Merge rev 1.14: comprehensive -T CVS/Template support, rev 1.9: new long
flag that causes cvs to ignore the CVSROOT/passwd file, rev 1.3: support
for checking out from a read-only repository, rev. 1.2: support for local
$Id$ keyword into cvs 1.11.22.
Note that rev 1.4 (make verifymsg extra useful) is OBE.
rev 1.4: flip the default for CVS_RSH to "ssh", rev 1.2: fix a problem
sometimes seen when doing checkouts from a local repo and committing
via remote cvs (a cvs -d override of the mismatched CVS/Root files was
missing) into cvs 1.11.22.
cplus_demangle_type. This is the rev 1.50-1.51 change.
Our addr2line, etc.. would crash if used on C++ code that contains
certain symbol types. One example is
_ZN13PatternDriver23StringScalarDeleteValueC1ERKNS_25ConflateStringScalarValueERKNS_25AbstractStringScalarValueERKNS_12TemplateEnumINS_12pdcomplementELZNS_16complement_namesEELZNS_14COMPLEMENTENUMEEEE
CVSROOT/config file options that control keyword expansion. cvs-1.12 has
its own $Id$ expansion controls and they're configured in CVSROOT/config
rather than CVSROOT/options. The problem is that current cvs-1.11.x
doesn't understand the future keywords.....
Add trivial forward support for the new keywords for when cvs-1.12
hits the tree down the road. CVSROOT/options won't be going away - cvsup
uses it.
says they are never supposed to, and the fact that they did could
cause apps that run with unmasked FP exceptions to SIGFPE after a
scanf() or strtod(). The vendor stated that he will not be fixing
this, citing portability concerns.
- Accept the '0x' prefix so strtod("nan(0x...)", NULL) returns the same
thing as gcc's builtin nan("0x...") for such strings.
- Don't return uninitialized memory.
- Finish processing the string up to the closing ')' (provided it's
lexically valid) for compatibility with C99 and *scanf().
The problem was, isc_atomic_cmpxchg() is almost like our
atomic_cmpset_32(), except it expects the old value to be
returned, whereas our atomic_cmpset_32 returns 1 on success,
or 0 on failure. So I re-implemented something suitable.
Submitted by: cognet
Reviewed by: bsdimp
