contrib/openbsm and a subset also imported into sys/security/audit.
This patch release addresses several minor issues:
- Fixes to AUT_SOCKUNIX token parsing.
- IPv6 support for au_to_me(3).
- Improved robustness in the parsing of audit_control, especially long
flags/naflags strings and whitespace in all fields.
- Add missing conversion of a number of FreeBSD/Mac OS X errnos to/from BSM
error number space.
MFC after: 3 weeks
Obtained from: TrustedBSD Project
Sponsored by: Apple, Inc.
Approved by: re (kib)
compiled with stack protector.
Use libssp_nonshared library to pull __stack_chk_fail_local symbol into
each library that needs it instead of pulling it from libc. GCC
generates local calls to this function which result in absolute
relocations put into position-independent code segment, making dynamic
loader do extra work every time given shared library is being relocated
and making affected text pages non-shareable.
Reviewed by: kib
Approved by: re (kib)
o add missing Status and Reason codes
o parse/display Action frames
o parse/display Mesh data frames
o parse/display BA frames
Reviewed by: rpaulo
Approved by: re (kib)
/boot/kernel/hptrr.ko
/etc/mail/*.cf
/lib/libcrypto.so.5
/usr/bin/ntpq
/usr/sbin/amd
/usr/sbin/iasl
/usr/sbin/ntpd
/usr/sbin/ntpdate
/usr/sbin/ntpdc
There does not appear to be any purpose to having these timestamps, and
they have the irritating consequence that the aforementioned files will
be different every time they are rebuilt.
After this commit, the only remaining build timestamps are in the kernel,
the boot loaders, /usr/include/osreldate.h (the year in the copyright
notice), and lib*.a (the timestamps on all of the included .o files).
Reviewed by: scottl (hptrr), gshapiro (sendmail), simon (openssl),
roberto (ntp), jkim (acpica)
Approved by: re (kib)
changes from the 9.6.1rc1 version. The first 2 only affect DNSSEC.
named could incorrectly delete NSEC3 records for
empty nodes when processing a update request.
Accept DS responses from delegation only zones.
"delegation-only" was not being accepted in
delegation-only type zones.
- update for getrlimit(2) manpage;
- support for setting RLIMIT_SWAP in login class;
- addition to the limits(1) and sh and csh limit-setting builtins;
- tuning(7) documentation on the sysctls controlling overcommit.
In collaboration with: pho
Reviewed by: alc
Approved by: re (kensmith)
even if some appear to have (partially) corrupted stack traces.
E.g. kernel crashdumps typically have stack weirdness at
userland-kernel boundary.
Obtained from: vendor/upstream (CVS rev 1.118 of stack.c)
Reviewed by: emaste
Approved by: jhb
permanent solution for 9.6.1-release.
"My suggestion is to remove the whole attribute construct.
It only suppresses a warning when a function is unused. In this case
the function is defined as inline, so it's not causing a warning when
not used."
Submitted by: marcel
lots of new features compared to 9.4.x, including:
Full NSEC3 support
Automatic zone re-signing
New update-policy methods tcp-self and 6to4-self
DHCID support.
More detailed statistics counters including those supported in BIND 8.
Faster ACL processing.
Efficient LRU cache-cleaning mechanism.
NSID support.
lots of new features compared to 9.4.x, including:
Full NSEC3 support
Automatic zone re-signing
New update-policy methods tcp-self and 6to4-self
DHCID support.
More detailed statistics counters including those supported in BIND 8.
Faster ACL processing.
Efficient LRU cache-cleaning mechanism.
NSID support.
ipfilter tables via http by the user-level ippool utility. Previously
the 1024-byte buffer used to store a http request coudld easily overflow
if the length of the hostname part of the url passes exceeded 496 bytes. [1]
- Use snprintf to prevent possieble buffer overflows in future. [2]
- Do not try to close the descriptor twice on failure. [2]
Reported by: Maksymilian Arciemowicz <cxib@securityreason.com> [1]
Obtained from: NetBSD CVS [2]
MFC after: 2 weeks
This version is now licensed under a 2-clause BSD license, instead of
the Artistic license. I've reverted a lot of local modifications we made
to ee, because they have been integrated upstream as well.
Only local modifications include:
- $FreeBSD$ ID.
- Pathname to init.ee.
- catopen() call, to honor LC_MESSAGES instead of LANG.
To keep SVN happy, I'm putting an application/octet-stream mime type on
the KOI8 translations.
Reviewed by: current@
The source file, manual page and English translation are now directly
obtained from the contrib/ directory. This makes it a lot easier to
merge a newer version of ee(1) into the tree.
Thanks to: des and jhb
SIGN" instead of U+002D "HYPHEN-MINUS". This is unfortunate for two
reasons: 1) this is not the character which is actually used on the
command line, and 2) it makes it impossible to search a man page for a
specific command-line option.
This patch fixes this, but there are other unresolved issues, such as
confusion between -, \- and hy: while the latter is always (and only)
used for hyphenation, both - and \- are used for negation and
subtraction, and \- is used for command-line options and sometimes
also for parenthesis. IMHO, the correct Unicode characters are:
- hyphenation: either U+2010 or U+00AD, most likely the former (the
latter is the so-called soft hyphen, used to indicate a point at
which a text processor is allowed to hyphenate a word)
- negation and subtraction: U+2212
- parenthesis: in English, U+2214, with spaces suppressed before and
after; in some others (such as Norwegian), U+2213 with spaces
retained.
- command-line options: U+002D, because that is what is actually used
on the command line.
However, fixing this would require extensive modifications to (at least)
the doc and man macro sets...
MFC after: 1 week
OpenBSM history for imported revision below for reference.
MFC after: 2 weeks
Sponsored by: Apple, Inc.
Obtained from: TrustedBSD Project
OpenBSM 1.1
- Change auditon(2) parameters and data structures to be 32/64-bit architecture
independent. Add more information to man page about auditon(2) parameters.
- Add wrapper functions for auditon(2) to use legacy commands when the new
commands are not supported.
- Add default for 'expire-after' in audit_control to expire trail files when
the audit directory is more than 10 megabytes ('10M').
- Interface to convert between local and BSM fcntl(2) command values has been
added: au_bsm_to_fcntl_cmd(3) and au_fcntl_cmd_to_bsm(3), along with
definitions of constants in audit_fcntl.h.
- A bug, introduced in OpenBSM 1.1 alpha 4, in which AUT_RETURN32 tokens
generated by audit_submit(3) were improperly encoded has been fixed.
- Fix example in audit_submit(3) man page. Also, make it clear that we want
the audit ID as the argument.
- A new audit event class 'aa', for post-login authentication and
authorization events, has been added.
Unconstify arguments of bpf_image(), bpf_filter() and bpf_dump(). This
is needed because some ports rely heavely on these arguments (some of
them even roll out their own implemenentations of bpf_dump).
inline function support. This should fix instances where gcc
spuriously reports the following error:
error: nested function 'foo' declared but never defined
1. Add a note to double-check the man page
2. Remove windows-specific items in the ctrl_interface section
3. Add a note that ap_scan must be set to 1 for use with wlan
4. Clarify the wording for scan_ssid related to APs that hide ssid
5. Clarify the wording for the priority option
original intent, but the functionality wasn't implemented until after
gcc 4.2 was released. However, if you compiled a program that would
behave differently before and after this change, gcc 4.2 would have
warned you; hence, everything currently in the base system is
unaffected by this change. This patch also adds additional warnings
about certain inline function-related bogosity, e.g., using a
static non-const local variable in an inline function.
These changes were merged from a snapshot of gcc mainline from March
2007, prior to the GPLv3 switch. I then ran the regression test suite
from a more recent gcc snapshot and fixed the important bugs it found.
I also squelched the following warning unless -pedantic is specified:
foo is static but used in inline function bar which is not static
This is consistent with LLVM's behavior, but not consistent with gcc 4.3.
Reviewed by: arch@
record-only mergeinfo because an automated merge is confused by the
flattening that took place:
Move install to install-sh to prevent name-clashes.
MFC after: 3 days
contrib/openbsm (svn merge) and src/sys/{bsm,security/audit} (manual
merge).
OpenBSM history for imported revision below for reference.
MFC after: 1 month
Sponsored by: Apple, Inc.
Obtained from: TrustedBSD Project
OpenBSM 1.1 beta 1
- The filesz parameter in audit_control(5) now accepts suffixes: 'B' for
Bytes, 'K' for Kilobytes, 'M' for Megabytes, and 'G' for Gigabytes.
For legacy support no suffix defaults to bytes.
- Audit trail log expiration support added. It is configured in
audit_control(5) with the expire-after parameter. If there is no
expire-after parameter in audit_control(5), the default, then the audit
trail files are not expired and removed. See audit_control(5) for
more information.
- Change defaults in audit_control: warn at 5% rather than 20% free for audit
partitions, rotate automatically at 2mb, and set the default policy to
cnt,argv rather than cnt so that execve(2) arguments are captured if
AUE_EXECVE events are audited. These may provide more usable defaults for
many users.
- Use au_domain_to_bsm(3) and au_socket_type_to_bsm(3) to convert
au_to_socket_ex(3) arguments to BSM format.
- Fix error encoding AUT_IPC_PERM tokens.
The function pow() in libmp(3) clashes with pow(3) in libm. We could
rename this single function, but we can just take the same approach as
the Solaris folks did, which is to prefix all function names with mp_.
libmp(3) isn't really popular nowadays. I suspect not a single
application in ports depends on it. There's still a chance, so I've
increased the SHLIB_MAJOR and __FreeBSD_version.
Reviewed by: deischen, rdivacky
alignment requirement, while rt_msghdr has a 4 byte alignment
requirement. The root cause is that if_msghdr has an struct if_data
which has an 8-byte alignment requirement due to a time_t that's
embedded in it. On MIPS, time_t is a 64-bit number, so must be 64-bit
aligned.
Since we don't access ifm_data.ifi_epoch, a simple cast is all that's
necessary here. It is likely the case that ifi_epoch should *NOT* be
a time_t because it is an uptime (time delta) an not an absolute time
since 1970. u_long is likely sufficient there since that gives an
uptime of 136 years will suffice for the foreseeable future.
again in case the connection is interrupted and csup have to reconnect. The
lists will be freed after the collection has been completely processed.
PR: bin/131477
Tested by: dchagin
contrib/openbsm (svn merge) and src/sys/{bsm,security/audit} (manual
merge). Hook up bsm_domain.c and bsm_socket_type.c to the libbsm
build along with man pages, add audit_bsm_domain.c and
audit_bsm_socket_type.c to the kernel environment.
OpenBSM history for imported revisions below for reference.
MFC after: 1 month
Sponsored by: Apple Inc.
Obtained from: TrustedBSD Project
OpenBSM 1.1 alpha 5
- Stub libauditd(3) man page added.
- All BSM error number constants with BSM_ERRNO_.
- Interfaces to convert between local and BSM socket types and protocol
families have been added: au_bsm_to_domain(3), au_bsm_to_socket_type(3),
au_domain_to_bsm(3), and au_socket_type_to_bsm(3), along with definitions
of constants in audit_domain.h and audit_socket_type.h. This improves
interoperability by converting local constant spaces, which vary by OS, to
and from Solaris constants (where available) or OpenBSM constants for
protocol domains not present in Solaris (a fair number). These routines
should be used when generating and interpreting extended socket tokens.
- Fix build warnings with full gcc warnings enabled on most supported
platforms.
- Don't compile error strings into bsm_errno.c when building it in the kernel
environment.
- When started by launchd, use the label com.apple.auditd rather than
org.trustedbsd.auditd.
long commands into multiple requests. [09:01]
Fix incorrect OpenSSL checks for malformed signatures due to invalid
check of return value from EVP_VerifyFinal(), DSA_verify, and
DSA_do_verify. [09:02]
Security: FreeBSD-SA-09:01.lukemftpd
Security: FreeBSD-SA-09:02.openssl
Obtained from: NetBSD [SA-09:01]
Obtained from: OpenSSL Project [SA-09:02]
Approved by: so (simon)
fetch a complete CVS repository. Support for rsync update of regular files are
also included, but are not yet enabled. The change should not have an impact on
existing csup usage, as little of the existing code has changed.
details to the cvsup server. The deltatext does not need parsing, and some
parts of the rcsfile data structure doesn't need to be set up.
- Fix a bug where the RCS expansion mode is not written out.
contrib/openbsm (svn merge) and src/sys/{bsm,security/audit} (manual
merge). Add libauditd build parts and add to auditd's linkage;
force libbsm to build before libauditd.
OpenBSM history for imported revisions below for reference.
MFC after: 1 month
Sponsored by: Apple Inc.
Obtained from: TrustedBSD Project
OpenBSM 1.1 alpha 4
- With the addition of BSM error number mapping, we also need to map the
local error number passed to audit_submit(3) to a BSM error number,
rather than have the caller perform that conversion.
- Reallocate user audit events to avoid collisions with Solaris; adopt a
more formal allocation scheme, and add some events allocated in Solaris
that will be of immediate use on other platforms.
- Add an event for Calife.
- Add au_strerror(3), which allows generating strings for BSM errors
directly, rather than requiring applications to map to the local error
space, which might not be able to entirely represent the BSM error
number space.
- Major auditd rewrite for launchd(8) support. Add libauditd library
that is shared between launchd and auditd.
- Add AUDIT_TRIGGER_INITIALIZE trigger (sent via 'audit -i') for
(re)starting auditing under launchd(8) on Mac OS X.
- Add 'current' symlink to active audit trail.
- Add crash recovery of previous audit trail file when detected on audit
startup that it has not been properly terminated.
- Add the event AUE_audit_recovery to indicated when an audit trail file
has been recovered from not being properly terminated. This event is
stored in the new audit trail file and includes the path of recovered
audit trail file.
- Mac OS X and FreeBSD dependent code in auditd.c is separated into
auditd_darwin.c and auditd_fbsd.c files.
- Add an event for the posix_spawn(2) and fsgetpath(2) Mac OS X system
calls.
- For Mac OS X, we use ASL(3) instead of syslog(3) for logging.
- Add support for NOTICE level logging.
OpenBSM 1.1 alpha 3
- Add two new functions, au_bsm_to_errno() and au_errno_to_bsm(), to map
between BSM error numbers (largely the Solaris definitions) and local
errno(2) values for 32-bit and 64-bit return tokens. This is required
as operating systems don't agree on some of the values of more recent
error numbers.
- Fix a bug how au_to_exec_args(3) and au_to_exec_env(3) calculates the
total size for the token. This buge.
- Deprecated Darwin constants, such as TRAILER_PAD_MAGIC, removed.
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,
The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.
Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:
- Kip Macy revised the locking code completely, thus completing
the last piece of the puzzle, Kip has also been conducting
active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
me maintaining that branch before the svn conversion
- Instead of including protocol info in diffs, strip them before adding
deltatext and take this into account when applying the diff later.
- Don't use strlen when the string in the RCS file may contain garbage. This got
caught in the checksumming before, but was not fixed until now. Instead of
using strlen, pass the token length when adding log and text entries to a
delta. Add an extra length parameter to duptext() to record the token length.
- When adding new branches to a file, add them in at the tail instead of the
head of the list to get correct ordering when writing out.
- Input stream when diffing was opened twice.
- Don't expand keywords in diffs between deltas.
contrib/openbsm (svn merge) and sys/{bsm,security/audit} (manual merge).
- Add OpenBSM contrib tree to include paths for audit(8) and auditd(8).
- Merge support for new tokens, fixes to existing token generation to
audit_bsm_token.c.
- Synchronize bsm includes and definitions.
OpenBSM history for imported revisions below for reference.
MFC after: 1 month
Sponsored by: Apple Inc.
Obtained from: TrustedBSD Project
--
OpenBSM 1.1 alpha 2
- Include files in OpenBSM are now broken out into two parts: library builds
required solely for user space, and system includes, which may also be
required for use in the kernels of systems integrating OpenBSM. Submitted
by Stacey Son.
- Configure option --with-native-includes allows forcing the use of native
include for system includes, rather than the versions bundled with OpenBSM.
This is intended specifically for platforms that ship OpenBSM, have adapted
versions of the system includes in a kernel source tree, and will use the
OpenBSM build infrastructure with an unmodified OpenBSM distribution,
allowing the customized system includes to be used with the OpenBSM build.
Submitted by Stacey Son.
- Various strcpy()'s/strcat()'s have been changed to strlcpy()'s/strlcat()'s
or asprintf(). Added compat/strlcpy.h for Linux.
- Remove compatibility defines for old Darwin token constant names; now only
BSM token names are provided and used.
- Add support for extended header tokens, which contain space for information
on the host generating the record.
- Add support for setting extended host information in the kernel, which is
used for setting host information in extended header tokens. The
audit_control file now supports a "host" parameter which can be used by
auditd to set the information; if not present, the kernel parameters won't
be set and auditd uses unextended headers for records that it generates.
OpenBSM 1.1 alpha 1
- Add option to auditreduce(1) which allows users to invert sense of
matching, such that BSM records that do not match, are selected.
- Fix bug in audit_write() where we commit an incomplete record in the
event there is an error writing the subject token. This was submitted
by Diego Giagio.
- Build support for Mac OS X 10.5.1 submitted by Eric Hall.
- Fix a bug which resulted in host XML attributes not being arguments so
that const strings can be passed as arguments to tokens. This patch was
submitted by Xin LI.
- Modify the -m option so users can select more then one audit event.
- For Mac OS X, added Mach IPC support for audit trigger messages.
- Fixed a bug in getacna() which resulted in a locking problem on Mac OS X.
- Added LOG_PERROR flag to openlog when -d option is used with auditd.
- AUE events added for Mac OS X Leopard system calls.
- Handle the case where a repository may have been copied, and the symlinks have
not been preserved. CVSup removes the files and creates the symlinks, so
enable this behaviour in csup as well.
- While there, fix comments and style issues.
- Use internal xmalloc instead of malloc.
- Include missing header after warnings.
- Fix unneeded printouts.
- Fix a bug when checking the CO_NORSYNC flag.
- This also removes $FreeBSD$ from two now unmodifed source files
ncurses/tinfo/lib_raw.c and ncurses/tinfo/lib_baudrate.c
MFC after: 2 months (after 7.1 and 6.4 are released)
Some time ago I got some reports MPSAFE TTY broke telnetd(8). Even
though it turned out to be a different problem within the TTY code, I
spotted a small issue with telnetd(8). Instead of allocating PTY's using
openpty(3) or posix_openpt(2), it used its own PTY allocation routine.
This means that telnetd(8) still uses /dev/ptyXX-style devices.
I've also increased the size of line[]. Even though 16 should be enough,
we already use 13 bytes ("/dev/pts/999", including '\0'). 32 bytes gives
us a little more freedom.
Also enable -DSTREAMSPTY. Otherwise telnetd(8) strips the PTY's pathname
to the latest slash instead of just removing "/dev/" (e.g. /dev/pts/0 ->
0, instead of pts/0).
Reviewed by: rink
previously in order to ensure it fit properly in the bufer when encoded.
This prevents a debugging printf from firing if a source or destination
host name for an smb mount exceeds 15 characters.
MFC after: 3 days
Obtained from: Apple, Inc.
files if the client supports it. The support is implemented with an API to
operate on files, calculating the rolling checksum and md5 checksum for the
blocks etc.
- Remove unneeded stream_filter_stop and stream_flush before stream_close.
different version has been committed upstream in the libpcap vendor branch.
This will allow people to experiment with zero-copy bpf(4) without requiring
external patches.
Note to enable this functionality:
sysctl net.bpf.zerocopy_enable=1
By default, libpcap will use the legacy buffering method unless this sysctl
variable is set to 1.
For the details about zero-copy bpf(4) implementation see svn change r177548.
Requested by: many
Discussed with: sam
In collaboration with: rwatson
loop pointed out by cognet@ that occurs when calling strtod() with a
string representing a number between DBL_MAX and 2*DBL_MAX, when the
rounding mode is anything other than the default.
Note: As the first merge since the conversion to svn, it includes many
propset changes to get the proper svn:eol-style and svn:mime-type on the
files (as merged from the fixed up vendor/dist area).
MFC after: 3 days
operating systems. Previously, gcc would inhibit the generation of
fsqrt, fsin, and several other floating point instructions, for the
benefit of the old in-kernel math emulator, which was removed over 5
years ago.
This works around a bug in HP-UX's telnet client and also gives a much
saner user experience when using FreeBSD's telnet client.
PR: bin/19405
Submitted by: Joel Ray Holveck joelh of gnu.org
MFC after: 1 month
own purposes. To pull this off, it defines _KERNEL before including the
headers where these structures are defined. This leads to no end of
trouble when some of these headers, or other headers that they include,
change, as demonstrated by r180755.
The quick fix in this particular case is to define _WANT_FILE instead of
_KERNEL, conditional on __FreeBSD__. A better long-term fix is left as
an exercise to the reader.
The xgetpass() function pushes a cleanup entry for &osa, but then
attempts to flush the stack until an entry matching &sa. The two
object pointers do not match, so the stack is popped too much,
and then cleanup_until calls abort() when it unexpectedly hits
the bottom of the cleanup stack.
Reported by: Paul B. Mahol, onemda at gmail.com,
Pietro Cerutti, gahr at gahr.ch
PR: bin/124191
Reviewed by: mp, kris
MFC after: 2 days
the patch from ISC for lib/bind9/check.c and deletion of unused
files in lib/bind.
This version will by default randomize the UDP query source port
(and sequence number of course) for every query.
In order to take advantage of this randomization users MUST have an
appropriate firewall configuration to allow UDP queries to be sent and
answers to be received on random ports; and users MUST NOT specify a
port number using the query-source[-v6] options.
The avoid-v[46]-udp-ports options exist for users who wish to eliminate
certain port numbers from being chosen by named for this purpose. See
the ARM Chatper 6 for more information.
Also please note, this issue applies only to UDP query ports. A random
ephemeral port is always chosen for TCP queries.
This issue applies primarily to name servers whose main purpose is to
resolve random queries (sometimes referred to as "caching" servers, or
more properly as "resolving" servers), although even an "authoritative"
name server will make some queries, primarily at startup time.
All users of BIND are strongly encouraged to upgrade to the latest
version, and to utilize the source port randomization feature.
This update addresses issues raised in:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447http://www.kb.cert.org/vuls/id/800113http://tools.ietf.org/html/draft-ietf-dnsext-forgery-resilience
conflicts due to radically different approaches to security and bug fixes.
In some cases I re-started from the vendor version and reimplemented our
patches. Fortunately, this is not enabled by default in -current.
for FreeBSD as well.
This is the fix for __gthread_active_p() returning false positives
which was committed as rev. 1.1.1.8.2.1 to RELENG_7 but now looped
back to the vendor branch via the GCC repository and relicensed to
be GPLv2 by me.
Thanks go to gerald@ for getting the fix approved upstream and for
committing to the GCC repository.
PR: 119289
Approved by: core
and netgraph in gernal). This also allows to add queues for an interface
that is not yet existing (you have to provide the bandwidth for the
interface, however).
PR: kern/106400, kern/117827
MFC after: 2 weeks
rev 1.27 ("iso8601" option keyword) revs 1.12/1.10/1.5/1.4 ($CVSHeader$
support) rev 1.2 ($CVS_LOCAL_BRANCH_NUM support for local commit
feature of cvsup) into version 1.11-20080310.
rev 1.4 (1.12 CVSROOT/config keyword expansion forward compatability)
into version 1.11-20080310.
Note the vendor has also added some forward compatability support.
We should determine if we can live with just the vendor's method.
"CVS_OPTIONS"), rev 1.14 ('-g' option to support shared-group access),
rev 1.7 ('-R' read-only repository mode), rev 1.6 (support for checking
out from a read-only repository), revs 1.4 & 1.5 ("tagexpand=")
into version 1.11-20080310. Note the vendor accepted my "blame" alias.
-T CVS/Template support, rev 1.9: new long flag that causes cvs to ignore
the CVSROOT/passwd file, rev 1.3: support for checking out from a read-only
repository, rev. 1.2: support for local $Id$ keyword into cvs 1.11-20080310.
rev 1.2: fix a problem sometimes seen when doing checkouts from a local repo
and committing via remote cvs (a cvs -d override of the mismatched CVS/Root
files was missing) into cvs 1.11-20080310.
Note that rev 1.4 (default CVS_RSH to "ssh") will not be handled thru the
vendor's config.h.