Commit Graph

4591 Commits

Author SHA1 Message Date
Robert Watson
a743684e60 Import OpenBSM 1.1p2 from vendor branch to 8-CURRENT. This patch release
addresses several minor issues:

- Fix audit_event definitions of AUE_OPENAT_RWT and AUE_OPENAT_RWTC.
- Fix build on Linux.
- Fix printing of class masks in the audump tool.

MFC after:	3 weeks
Obtained from:	TrustedBSD Project
Approved by:	re (kib)
2009-08-02 10:27:54 +00:00
Xin LI
f0be0a1f8c Update less to v436. This is considered as a bugfix release from vendor.
Major changes from v429:
 * Don't pass "-" to non-pipe LESSOPEN unless it starts with "-".
 * Allow a fraction as the argument to the -# (--shift) option.
 * Fix highlight bug when underlined/overstruck text matches at end of line.
 * Fix non-regex searches with ctrl-R.

Approved by:	re (kensmith, kib)
2009-07-29 09:20:32 +00:00
Doug Barton
0df811a678 Update to version 9.6.1-P1 which addresses a remote DoS vulnerability:
Receipt of a specially-crafted dynamic update message may
	cause BIND 9 servers to exit. This vulnerability affects all
	servers -- it is not limited to those that are configured to
	allow dynamic updates. Access controls will not provide an
	effective workaround.

More details can be found here: https://www.isc.org/node/474

All BIND users are encouraged to update to a patched version ASAP.

Approved by:	re (re -> SO -> dougb)
2009-07-29 00:15:39 +00:00
Bruce M Simpson
f667763060 Output DWARF debug information for global 'using' declarations, instead
of just blowing up. A very similar change to this exists which is
GPLv3 licensed, this is my own change.

This problem was triggered by running the Boost regression tests.

See also:	http://gcc.gnu.org/bugzilla/show_bug.cgi?id=31899
Reviewed by:	luigi
Approved by:	re (kib)
2009-07-22 01:07:11 +00:00
Robert Watson
597df30e62 Import OpenBSM 1.1p1 from vendor branch to 8-CURRENT, populating
contrib/openbsm and a subset also imported into sys/security/audit.
This patch release addresses several minor issues:

- Fixes to AUT_SOCKUNIX token parsing.
- IPv6 support for au_to_me(3).
- Improved robustness in the parsing of audit_control, especially long
  flags/naflags strings and whitespace in all fields.
- Add missing conversion of a number of FreeBSD/Mac OS X errnos to/from BSM
  error number space.

MFC after:	3 weeks
Obtained from:	TrustedBSD Project
Sponsored by:	Apple, Inc.
Approved by:	re (kib)
2009-07-17 14:02:20 +00:00
Sam Leffler
649874e159 correct IEEE80211_RADIOTAP_XCHANNEL to match system
Submitted by:	Guy Harris
Approved by:	re (kib)
2009-07-15 13:50:06 +00:00
Alexander Kabaev
2286fe7635 Second attempt at eliminating .text relocations in shared libraries
compiled with stack protector.

Use libssp_nonshared library to pull __stack_chk_fail_local symbol into
each library that needs it instead of pulling it from libc. GCC
generates local calls to this function which result in absolute
relocations put into position-independent code segment, making dynamic
loader do extra work every time given shared library is being relocated
and making affected text pages non-shareable.

Reviewed by:        kib
Approved by:        re (kib)
2009-07-14 21:19:13 +00:00
Sam Leffler
0b73e40339 Updates, mostly to add 802.11s support:
o add missing Status and Reason codes
o parse/display Action frames
o parse/display Mesh data frames
o parse/display BA frames

Reviewed by:	rpaulo
Approved by:	re (kib)
2009-07-14 17:11:06 +00:00
Colin Percival
7d845dde8d Remove build timestamps from the following files:
/boot/kernel/hptrr.ko
/etc/mail/*.cf
/lib/libcrypto.so.5
/usr/bin/ntpq
/usr/sbin/amd
/usr/sbin/iasl
/usr/sbin/ntpd
/usr/sbin/ntpdate
/usr/sbin/ntpdc

There does not appear to be any purpose to having these timestamps, and
they have the irritating consequence that the aforementioned files will
be different every time they are rebuilt.

After this commit, the only remaining build timestamps are in the kernel,
the boot loaders, /usr/include/osreldate.h (the year in the copyright
notice), and lib*.a (the timestamps on all of the included .o files).

Reviewed by:	scottl (hptrr), gshapiro (sendmail), simon (openssl),
		roberto (ntp), jkim (acpica)
Approved by:	re (kib)
2009-07-11 22:30:37 +00:00
Colin Percival
f15e71c26a Fix .Dd value -- our mdoc macros don't know how to parse the $Mdocdate$
tag, so the file was being treated as having no date (i.e., the current
date was being inserted).

Approved by:	re (kib)
2009-07-11 17:35:55 +00:00
Mark Peek
a15e6f9a9a Update to tcsh 6.17.00.
Approved by:	re (kensmith)
2009-07-11 05:35:08 +00:00
Mark Peek
bc49518e16 Flatten vendor/tcsh/dist. 2009-07-10 21:00:38 +00:00
Doug Barton
9d0520c4b2 This is the solution that ISC committed after 9.6.1-release for
the gcc warning issue. It should be included in the next upstream
release.
2009-06-25 19:52:45 +00:00
Doug Barton
d1fdc8795a Update to the final release version of BIND 9.6.1. It has the following
changes from the 9.6.1rc1 version. The first 2 only affect DNSSEC.

          named could incorrectly delete NSEC3 records for
          empty nodes when processing a update request.

          Accept DS responses from delegation only zones.

          "delegation-only" was not being accepted in
          delegation-only type zones.
2009-06-25 19:16:29 +00:00
Konstantin Belousov
c9253e931d Usermode portion of the support for swap allocation accounting:
- update for getrlimit(2) manpage;
- support for setting RLIMIT_SWAP in login class;
- addition to the limits(1) and sh and csh limit-setting builtins;
- tuning(7) documentation on the sysctls controlling overcommit.

In collaboration with:	pho
Reviewed by:	alc
Approved by:	re (kensmith)
2009-06-23 20:57:27 +00:00
Roman Divacky
5caf16048e Fix a typo that causes the for loop to exit immediately. There's
identical loop a few lines above.

Reviewed by: sam
Approved by: ed (mentor)
Silence from: darrenr (maintainer)
2009-06-16 13:31:01 +00:00
Ulf Lilleengen
c420fd5bb2 - Remove semicolon that should not have been there.
Submitted by:	rdivacky
MFC after:	1 week
2009-06-12 16:37:53 +00:00
Andriy Gapon
84056e4e85 gdb: make 'thread apply all bt' always work on all threads
even if some appear to have (partially) corrupted stack traces.
E.g. kernel crashdumps typically have stack weirdness at
userland-kernel boundary.

Obtained from:	vendor/upstream (CVS rev 1.118 of stack.c)
Reviewed by:	emaste
Approved by:	jhb
2009-06-12 14:27:50 +00:00
Colin Percival
9a1bde1808 Prevent integer overflow in direct pipe write code from circumventing
virtual-to-physical page lookups. [09:09]

Add missing permissions check for SIOCSIFINFO_IN6 ioctl. [09:10]

Fix buffer overflow in "autokey" negotiation in ntpd(8). [09:11]

Approved by:	so (cperciva)
Approved by:	re (not really, but SVN wants this...)
Security:	FreeBSD-SA-09:09.pipe
Security:	FreeBSD-SA-09:10.ipv6
Security:	FreeBSD-SA-09:11.ntpd
2009-06-10 10:31:11 +00:00
Ulf Lilleengen
95bac762d7 - Add missing data argument to printf.
Submitted by:	Pawel Worach <pawel.worach -AT- gmail.com>
MFC after:	1 week
2009-06-01 09:25:32 +00:00
Doug Barton
8df4f1e7be Local hack to get the build going again while ISC works on a more
permanent solution for 9.6.1-release.

"My suggestion is to remove the whole attribute construct.
It only suppresses a warning when a function is unused. In this case
the function is defined as inline, so it's not causing a warning when
not used."

Submitted by:	marcel
2009-06-01 06:31:04 +00:00
Doug Barton
86a672bc31 Update BIND to version 9.6.1rc1. This version has better performance and
lots of new features compared to 9.4.x, including:

	Full NSEC3 support
	Automatic zone re-signing
	New update-policy methods tcp-self and 6to4-self
	DHCID support.
	More detailed statistics counters including those supported in BIND 8.
	Faster ACL processing.
	Efficient LRU cache-cleaning mechanism.
	NSID support.
2009-05-31 05:44:21 +00:00
Doug Barton
6318052d9e Update BIND to version 9.6.1rc1. This version has better performance and
lots of new features compared to 9.4.x, including:

	Full NSEC3 support
	Automatic zone re-signing
	New update-policy methods tcp-self and 6to4-self
	DHCID support.
	More detailed statistics counters including those supported in BIND 8.
	Faster ACL processing.
	Efficient LRU cache-cleaning mechanism.
	NSID support.
2009-05-31 05:42:58 +00:00
Stanislav Sedov
6760b335c6 - Prevent buffer overflow in IPFilter's load_http function used to load
ipfilter tables via http by the user-level ippool utility. Previously
  the 1024-byte buffer used to store a http request coudld easily overflow
  if the length of the hostname part of the url passes exceeded 496 bytes. [1]
- Use snprintf to prevent possieble buffer overflows in future. [2]
- Do not try to close the descriptor twice on failure. [2]

Reported by:	Maksymilian Arciemowicz <cxib@securityreason.com> [1]
Obtained from:	NetBSD CVS [2]
MFC after:	2 weeks
2009-05-29 16:24:23 +00:00
Xin LI
c9b4549c3d Add an EXIT STATUS section to the manual page. Currently, nc(1)
does not follow sysexits(3), and returns 1 for all error cases.

PR:		docs/126451
2009-05-29 07:18:31 +00:00
Xin LI
1a9dc239f5 Update netcat to the version carried with OpenBSD 4.5. 2009-05-28 23:23:49 +00:00
Marcel Moolenaar
1ac3735c5f char can be unsigned, like on ARM and PowerPC. Unbreak the
build for those by propagating the type of character from
char to int.
2009-05-28 04:25:38 +00:00
Ed Schouten
96b676e999 Update ee(1) in the base system to version 1.5.0.
This version is now licensed under a 2-clause BSD license, instead of
the Artistic license. I've reverted a lot of local modifications we made
to ee, because they have been integrated upstream as well.

Only local modifications include:

- $FreeBSD$ ID.
- Pathname to init.ee.
- catopen() call, to honor LC_MESSAGES instead of LANG.

To keep SVN happy, I'm putting an application/octet-stream mime type on
the KOI8 translations.

Reviewed by:	current@
2009-05-27 17:27:03 +00:00
Ed Schouten
cfe04e82b1 Merge local changes to ee(1) into contrib space.
The source file, manual page and English translation are now directly
obtained from the contrib/ directory. This makes it a lot easier to
merge a newer version of ee(1) into the tree.

Thanks to:	des and jhb
2009-05-26 21:06:51 +00:00
Ed Schouten
72fcea8cb7 Copy ee 1.4.2 into the contrib directory.
This allows me to merge our custom changes to ee(1) back on top of
original sources, with correct mergeinfo.
2009-05-26 20:13:17 +00:00
Dag-Erling Smørgrav
62aa21ae86 When man pages are formatted in UTF-8, .Fl is encoded as U+2212 "MINUS
SIGN" instead of U+002D "HYPHEN-MINUS".  This is unfortunate for two
reasons: 1) this is not the character which is actually used on the
command line, and 2) it makes it impossible to search a man page for a
specific command-line option.

This patch fixes this, but there are other unresolved issues, such as
confusion between -, \- and hy: while the latter is always (and only)
used for hyphenation, both - and \- are used for negation and
subtraction, and \- is used for command-line options and sometimes
also for parenthesis.  IMHO, the correct Unicode characters are:

 - hyphenation: either U+2010 or U+00AD, most likely the former (the
   latter is the so-called soft hyphen, used to indicate a point at
   which a text processor is allowed to hyphenate a word)

 - negation and subtraction: U+2212

 - parenthesis: in English, U+2214, with spaces suppressed before and
   after; in some others (such as Norwegian), U+2213 with spaces
   retained.

 - command-line options: U+002D, because that is what is actually used
   on the command line.

However, fixing this would require extensive modifications to (at least)
the doc and man macro sets...

MFC after:	1 week
2009-05-21 17:56:00 +00:00
Xin LI
70b95ceeab Merge vendor/file/dist@192348, bringing FILE 5.03 to 8-CURRENT.
Security:	CVE-2009-1515
2009-05-18 22:34:33 +00:00
Xin LI
7374caaaed Update to less v429. 2009-05-09 01:35:27 +00:00
Xin LI
ad5f463cf9 Flatten all tags of the dist tree of less. 2009-05-08 23:34:35 +00:00
David E. O'Brien
befabca97a This belongs in //svn.freebsd.org/base/vendor/file/dist now. 2009-05-04 00:42:15 +00:00
David E. O'Brien
7dbb948b5f Merge vendor/file/dist@191739, bringing FILE 5.00 to 8-CURRENT. 2009-05-04 00:37:44 +00:00
Bjoern A. Zeeb
01b5749292 Remove udp and tcp includes not needed here.
Tripped over by: a compile of an upcoming change
MFC after:	1 month
2009-04-25 19:14:22 +00:00
Ollivier Robert
0963cc7dac Merge r191298 into HEAD.
Prevent a buffer overflow in ntpq.  Patch taken from the PR database
after being committed to the official ntp tree and present in 4.2.4p7-rc2.

It will be MFH to the upcoming 7.2 pending re approval.

Obtained from:  https://support.ntp.org/bugs/show_bug.cgi?id=1144
MFC after:      3 days
Security:       http://www.securityfocus.com/bid/34481
                CVE-2009-0159
2009-04-20 09:59:08 +00:00
Robert Watson
c0020399a6 Merge OpenBSM 1.1 from OpenBSM vendor branch to head.
OpenBSM history for imported revision below for reference.

MFC after:      2 weeks
Sponsored by:   Apple, Inc.
Obtained from:  TrustedBSD Project

OpenBSM 1.1

- Change auditon(2) parameters and data structures to be 32/64-bit architecture
  independent.  Add more information to man page about auditon(2) parameters.
- Add wrapper functions for auditon(2) to use legacy commands when the new
  commands are not supported.
- Add default for 'expire-after' in audit_control to expire trail files when
  the audit directory is more than 10 megabytes ('10M').
- Interface to convert between local and BSM fcntl(2) command values has been
  added:  au_bsm_to_fcntl_cmd(3) and au_fcntl_cmd_to_bsm(3), along with
  definitions of constants in audit_fcntl.h.
- A bug, introduced in OpenBSM 1.1 alpha 4, in which AUT_RETURN32 tokens
  generated by audit_submit(3) were improperly encoded has been fixed.
- Fix example in audit_submit(3) man page.  Also, make it clear that we want
  the audit ID as the argument.
- A new audit event class 'aa', for post-login authentication and
  authorization events, has been added.
2009-04-19 16:17:13 +00:00
Rui Paulo
efbbe93e56 Revert previous commit that commented out some bpf functions.
Unconstify arguments of bpf_image(), bpf_filter() and bpf_dump(). This
is needed because some ports rely heavely on these arguments (some of
them even roll out their own implemenentations of bpf_dump).
2009-04-11 17:36:11 +00:00
Ed Maste
bf2d1caf3c - Use gdb-* glob instead of gdb-6.1.1, to simplify future imports.
- Add a few entries for additional files from later gdb releases that
  should also be ignored.
2009-04-07 20:15:51 +00:00
Rui Paulo
0c9438135a Restore local change to include <sys/bpf.h> inside pcap.h. This fixes
remaining ports build problems.
2009-04-02 13:04:17 +00:00
Rui Paulo
fa01cfefc2 Remove a dangling extern "C" declaration that was missed during the
merge. Fixes C++ ports using libpcap (nmap, for example).

Submitted by:	Daniel Roethlisberger <daniel at roe.ch>
2009-03-31 11:04:51 +00:00
Ulf Lilleengen
36005c6050 - Add proper error checking and printing to the CVSMode code when reading and
writing from/to streams, as leaving them out stops csup from cleaning up on
  SIGINT and friends properly.

MFC after:      1 week
2009-03-25 20:15:48 +00:00
Ulf Lilleengen
a2cd3e4eda - Remember to set umask before setting attributes of RCS file.
Tested by:	dougb
MFC after:	2 days
2009-03-25 07:01:45 +00:00
David Schultz
e4c3a7fc88 Merge an important change that I mistakenly left out when merging C99
inline function support. This should fix instances where gcc
spuriously reports the following error:

    error: nested function 'foo' declared but never defined
2009-03-25 05:10:32 +00:00
VANHULLEBUS Yvan
ff1fdd77ff Fixed indentation for LINKTYPE_ENC
Approved by:	gnn(mentor)
2009-03-24 15:57:35 +00:00
Rui Paulo
1d111e6dfe bpf_filter() and bpf_validate() can't live here if they already live in
bpf.h
2009-03-22 00:47:41 +00:00
Rui Paulo
b2e0e80d0c Remove remaining references to BIOCSETBUFMODE ifdefs. We now have
another ifdef for zerocopy bpf.
2009-03-21 23:13:48 +00:00
Rui Paulo
2676a4aff3 Finish merge of zerocopy bpf. 2009-03-21 23:08:04 +00:00