Commit Graph

3988 Commits

Author SHA1 Message Date
Doug Barton
ace7f68b50 This commit was generated by cvs2svn to compensate for changes in r163976,
which included commits to RCS files with non-trunk default branches.
2006-11-04 07:53:25 +00:00
Doug Barton
a02f92e875 Update to version 9.3.2-P2, which addresses the vulnerability
announced by ISC dated 31 October (delivered via e-mail to the
bind-announce@isc.org list on 2 November):

Description:
        Because of OpenSSL's recently announced vulnerabilities
        (CAN-2006-4339, CVE-2006-2937 and CVE-2006-2940) which affect named,
        we are announcing this workaround and releasing patches.  A proof of
        concept attack on OpenSSL has been demonstrated for CAN-2006-4339.

        OpenSSL is required to use DNSSEC with BIND.

Fix for version 9.3.2-P1 and lower:
        Upgrade to BIND 9.3.2-P2, then generate new RSASHA1 and
        RSAMD5 keys for all old keys using the old default exponent
        and perform a key rollover to these new keys.

        These versions also change the default RSA exponent to be
        65537 which is not vulnerable to the attacks described in
        CAN-2006-4339.
2006-11-04 07:53:25 +00:00
Hartmut Brandt
f56ce4bd26 This commit was generated by cvs2svn to compensate for changes in r163820,
which included commits to RCS files with non-trunk default branches.
2006-10-31 09:00:35 +00:00
Hartmut Brandt
cab70e0247 Vendor patch: synthesize the initial value for sysObjectId from the value
of uname -r in FreeBSD. This value can be overwritten in the configuration
file.

Suggested by:	phk
2006-10-31 09:00:35 +00:00
Hartmut Brandt
f929683df1 Vendor patch: improve readability by using the IF_Mbps macro.
Submitted by:	glebius
2006-10-30 16:56:38 +00:00
Hartmut Brandt
91c878a693 This commit was generated by cvs2svn to compensate for changes in r163799,
which included commits to RCS files with non-trunk default branches.
2006-10-30 16:56:38 +00:00
Max Laier
d6e883fee5 Mention that we do not support route labels in the BUGS section.
PR:		docs/93590
Reported by:	Niki Denev
2006-10-30 15:15:37 +00:00
Bruce Evans
11e27303d3 Fixed -mprofiler-epilogue. The garbage collector apparently doesn't
understand that non-local variables can never be collected, and when
it collected the static variable for mexitcount_libfunc, gcc aborted
on the next use of this variable.

This quick fix is to reinitialize the variable on every use and depend
on garbage collection recovering the small amount of memory wasted by
this, and not worry by the small amount of time wasted by this.  It
would be better to initialize the variable together with most of the
other libfuncs in optabs.c and depend on whatever magic is there to
prevent its collection, but we initialize it here to avoid taking at
least 2 more files off the vendor branch.
2006-10-25 07:29:22 +00:00
David Malone
eac17f2c6f Make it so that the synopsis and usage message almost agree.
MFC after:	3 weeks
2006-10-15 17:44:49 +00:00
David Malone
2f87bd055e Add a -D option to traceroute that prints the differences between
the probe packet we sent and the packet quoted by the ICMP response.
Can be useful for spotting hops that change the packet in-flight
or have problems generating correct ICMP responses.

MFC after:	3 weeks
2006-10-15 17:34:51 +00:00
Ruslan Ermilov
9110424caf This commit was generated by cvs2svn to compensate for changes in r163356,
which included commits to RCS files with non-trunk default branches.
2006-10-14 19:50:57 +00:00
Ruslan Ermilov
555c9cae3c Fix from upstream: unbreak generation of the terminfo.5 manpage.
PR:		docs/46709, docs/56981, docs/80871
MFC after:	3 days
Obtained from:	ftp://invisible-island.net/ncurses/ncurses-5.5.tar.gz
2006-10-14 19:50:57 +00:00
Xin LI
3d556d7a58 This commit was generated by cvs2svn to compensate for changes in r162837,
which included commits to RCS files with non-trunk default branches.
2006-09-30 09:44:58 +00:00
Ruslan Ermilov
a903458081 Markup nits. 2006-09-29 22:51:29 +00:00
Ollivier Robert
3fa694fea6 This commit was generated by cvs2svn to compensate for changes in r162735,
which included commits to RCS files with non-trunk default branches.
2006-09-28 16:02:34 +00:00
Ollivier Robert
8c24a1e0ff Fix compilation with gcc 4.1. This is imported on the vendor branch as it
was applied in the mainstream source and a later complete import of
4.2.2p3 will complete the fix.

Submitted by:	kan
2006-09-28 16:02:34 +00:00
Ruslan Ermilov
eb0fa6f5d7 Remove bogus casts of valid integer ioctl() arguments. 2006-09-26 21:46:12 +00:00
Robert Watson
b9ad4a7bf0 Resolve conflicts from OpenBSM 1.0 alpha 12 import.
Obtained from:	TrustedBSD Project
2006-09-25 11:53:06 +00:00
Robert Watson
b3a9bf4df7 This commit was generated by cvs2svn to compensate for changes in r162621,
which included commits to RCS files with non-trunk default branches.
2006-09-25 11:40:29 +00:00
Robert Watson
4bd0c025f3 Vendor import TrustedBSD OpenBSM 1.0 alpha 12, with the following change
history notes since the last import:

OpenBSM 1.0 alpha 12

- Correct bug in auditreduce which prevented the -c option from working
  correctly when the user specifies to process successful or failed events.
  The problem stemmed from not having access to the return token at the time
  the initial preselection occurred, but now a second preselection process
  occurs while processing the return token.
- getacfilesz(3) API added to read new audit_control(5) filesz setting,
  which auditd(8) now sets the kernel audit trail rotation size to.
- auditreduce(1) now uses stdin if no file names are specified on the command
  line; this was the documented behavior previously, but it was not
  implemented.  Be more specific in auditreduce(1)'s examples section about
  what might be done with the output of auditreduce.
- Add audit_warn(5) closefile event so that administrators can hook
  termination of an audit trail file.  For example, this might be used to
  compress the trail file after it is closed.
- auditreduce(1) now uses regular expressions for pathname matching. Users can
  now supply one or more (comma delimited) regular expressions for searching
  the pathnames. If one of the regular expressions is prefixed with a tilde
  (~), and a path matches, it will be excluded from the search results.

MFC after:	3 days
Obtained from:	TrustedBSD Project
2006-09-25 11:40:29 +00:00
Ruslan Ermilov
f981f1923b Removed these from HEAD as well. 2006-09-21 07:55:28 +00:00
Ruslan Ermilov
5bb8cebbb4 This commit was generated by cvs2svn to compensate for changes in r162512,
which included commits to RCS files with non-trunk default branches.
2006-09-21 07:54:02 +00:00
Ruslan Ermilov
83cc3b492f This commit was generated by cvs2svn to compensate for changes in r162509,
which included commits to RCS files with non-trunk default branches.
2006-09-21 07:45:37 +00:00
Ruslan Ermilov
932b1e2fe8 Updated manpages for 3.4.6 release.
OK'ed by:	kan
Obtained from:	gcc-3.4.6.tar.bz2
2006-09-21 07:45:37 +00:00
Robert Watson
5bf75b12ba Update config.h for OpenBSM 1.0 alpha 11 import: strlcat is now detected
by configure.
2006-09-21 07:14:41 +00:00
Robert Watson
2a62e5451b Resolve conflicts from OpenBSM 1.0 alpha 11 vendor import: we have locally
added $FreeBSD$ to /etc configuration files to assist mergemaster.
2006-09-21 07:12:33 +00:00
Robert Watson
bb97b41819 Vendor import of OpenBSM 1.0 alpha 11, with the following change history
notes since the last import:

OpenBSM 1.0 alpha 11

- Reclassify certain read/write operations as having no class rather than the
  fr/fw class; our default classes audit intent (open) not operations (read,
  write).
- Introduce AUE_SYSCTL_WRITE event so that BSD/Darwin systems can audit reads
  and writes of sysctls as separate events.  Add additional kernel
  environment and jail events for FreeBSD.
- Break AUDIT_TRIGGER_OPEN_NEW into two events, AUDIT_TRIGGER_ROTATE_USER
  (issued by the user audit(8) tool) and AUDIT_TRIGGER_ROTATE_KERNEL (issued
  by the kernel audit implementation) so that they can be distinguished.
- Disable rate limiting of rotate requests; as the kernel doesn't retransmit
  a dropped request, the log file will otherwise grow indefinitely if the
  trigger is dropped.
- Improve auditd debugging output.
- Fix a number of threading related bugs in audit_control file reading
  routines.
- Add APIs au_poltostr() and au_strtopol() to convert between text
  representations of audit_control policy flags and the flags passed to
  auditon(A_SETPOLICY) and retrieved from auditon(A_GETPOLICY).
- Add API getacpol() to return the 'policy:' entry from audit_control, an
  extension to the Solaris file format to allow specification of policy
  persistent flags.
- Update audump to print the audit_control policy field.
- Update auditd to read the audit_control policy field and set the kernel
  policy to match it when configuring/reconfiguring.  Remove the -s and -h
  arguments as these policies are now set via the configuration file.  If a
  policy line is not found in the configuration file, continue with the
  current default of setting AUDIT_CNT.
- Fix bugs in the parsing of large execve(2) arguments and environmental
  variable tokens; increase maximum parsed argument and variable count.
- configure now detects strlcat(), used by policy-related functions.
- Reference token and record sample files added to test tree.

Obtained from:	TrustedBSD Project
2006-09-21 07:07:33 +00:00
Robert Watson
55b15aaa25 This commit was generated by cvs2svn to compensate for changes in r162503,
which included commits to RCS files with non-trunk default branches.
2006-09-21 07:07:33 +00:00
Maxim Konovalov
7585818828 o Mention .telnetrc DEFAULT keyword.
PR:		bin/100496 (sort of)
Obtained from:	NetBSD, heas@netbsd
MFC after:	3 weeks
2006-09-18 15:03:18 +00:00
Ruslan Ermilov
99f3b482da Sort sections. 2006-09-17 18:52:28 +00:00
Ruslan Ermilov
979df1f5dd Remove vestiges of GNU tar. 2006-09-15 08:04:23 +00:00
Doug Barton
42b74b2549 Vendor import of BIND 9.3.2-P1, which addresses the following security
vulnerabilities:

http://www.niscc.gov.uk/niscc/docs/re-20060905-00590.pdf?lang=en
2066.  [security]      Handle SIG queries gracefully. [RT #16300]

http://www.kb.cert.org/vuls/id/697164
1941.  [bug]           ncache_adderesult() should set eresult even if no
                       rdataset is passed to it. [RT #15642]

All users of BIND 9 are encouraged to upgrade to this version.
2006-09-06 21:27:11 +00:00
Doug Barton
ccf118a50a This commit was generated by cvs2svn to compensate for changes in r162079,
which included commits to RCS files with non-trunk default branches.
2006-09-06 21:27:11 +00:00
Sam Leffler
17cb103cb1 resolve merge conflicts
MFC after:	1 month
2006-09-04 20:25:04 +00:00
Sam Leffler
34c97c7db9 sigh, put back buffer overflow fix of 1.1.11 that seems to have
not gone into the 0.9.4 release; don't put it on the vendor branch
so we won't lose it on the next import if they continue to lose it
2006-09-04 20:12:45 +00:00
Sam Leffler
d44c9004ff This commit was generated by cvs2svn to compensate for changes in r162017,
which included commits to RCS files with non-trunk default branches.
2006-09-04 20:04:42 +00:00
Sam Leffler
2ebc47db5b Import of tcpdump v3.9.4 2006-09-04 20:04:42 +00:00
Sam Leffler
73c9abba78 update instructions 2006-09-04 19:54:49 +00:00
Sam Leffler
ff252dbedb resolve merge conflicts
MFC after:	1 month
2006-09-04 19:54:21 +00:00
Sam Leffler
47aafbd8f9 This commit was generated by cvs2svn to compensate for changes in r162012,
which included commits to RCS files with non-trunk default branches.
2006-09-04 19:43:23 +00:00
Sam Leffler
5d18909f05 Import of libpcap v0.9.4 2006-09-04 19:43:23 +00:00
Robert Watson
33c207f0e2 Note removal of certain contrib/openbsm/bsm include files from
FreeBSD development branches, they exist only in the vendor branch.

Obtained from:	TrustedBSD Project
2006-09-02 09:56:28 +00:00
Robert Watson
fdb4472c92 Vendor import of OpenBSM 1.0 alpha 10, with the following changes:
- auditd now generates complete audit records for its events, as required for
  application-submitted audit records in the the FreeBSD kernel audit
  implementation.

This also restores contrib/openbsm/bsm/audit_record to the vendor version
after the build fixes previously committed; however, this file is not used
in the build.

Obtained from:	TrustedBSD Project
2006-09-02 09:37:14 +00:00
Robert Watson
ba33e7d9dd This commit was generated by cvs2svn to compensate for changes in r161863,
which included commits to RCS files with non-trunk default branches.
2006-09-02 09:37:14 +00:00
Robert Watson
85feadf62a Back out imp's quick build fix for OpenBSM now that the prototypes and
functions are in sync between the kernel and user space.

This restores bsm_token.c as found in OpenBSM 1.0 alpha 9.
2006-09-01 15:47:07 +00:00
Robert Watson
2965fc7642 This commit was generated by cvs2svn to compensate for changes in r161818,
which included commits to RCS files with non-trunk default branches.
2006-09-01 15:47:07 +00:00
Robert Watson
8379353c85 Remove duplicated include files from HEAD that appear in both
contrib/openbsm/bsm and sys/bsm.  This will help avoid triggering
problems due to an inconsistent include order between the base and
lib32 builds.  We will continue to import these files on the vendor
branch.  Files used purely in user space (audit_uevents.h) are not
removed.

Suggested by:	ru
2006-09-01 04:58:39 +00:00
David E. O'Brien
67f52b8478 Pull vendor file to HEAD. 2006-08-31 17:11:46 +00:00
David E. O'Brien
c731f591cc Merge in OPIE support, and MAC support.
Our PAM and LOGIN_CAP support is now in the stock sources.
2006-08-31 17:08:21 +00:00
David E. O'Brien
0b2314893a This commit was generated by cvs2svn to compensate for changes in r161764,
which included commits to RCS files with non-trunk default branches.
2006-08-31 16:55:08 +00:00