Make ALTQ cope with disappearing interfaces (particularly common with mpd
and netgraph in gernal). This also allows to add queues for an interface
that is not yet existing (you have to provide the bandwidth for the
interface, however).
PR: kern/106400, kern/117827
Tested by: Florian Smeets, Boris S.
MFOpenBSD rev 1.393 pf.conf.5
do not describe `/' as solidus; from Allen (freebsd pr120484);
PR: 120484
Submitted by: Allen <alandsidel at 1001islington dot com>
MFC After: 3 days
Import two binutils header files from FSF 2.15 branch.
These fix binutils compilation on i386/amd64 with GCC 4.1 and
have no other effect.
This fixes RELENG_6 build on RELENG_7/HEAD.
Approved by: re (kensmith)
OpenBSM 1.0
- Fix bug in auditreduce(8) which resulted in a memory fault/crash when
the user specified an event name with -m.
- Remove AU_.* hard-coded audit class constants, as udit classes are now
entirely dynamically configured using /etc/security/audit_class.
OpenBSM 1.0 alpha 15
- Fix bug when processing in_addr_ex tokens.
- Restore the behavior of printing the string/text specified while
auditing arg32 tokens.
- Synchronized audit event list to Solaris, picking up the *at(2) system call
definitions, now required for FreeBSD and Linux. Added additional events
for *at(2) system calls not present in Solaris.
- Bugs in auditreduce(8) fixed allowing partial date strings to be used in
filtering events.
OpenBSM 1.0 alpha 14
- Fix endian issues when processing IPv6 addresses for extended subject
and process tokens.
- gcc41 warnings clean.
- Teach audit_submit(3) about getaudit_addr(2).
- Add support for zonename tokens.
OpenBSM 1.0 alpha 13
- compat/clock_gettime.h now provides a compatibility implementation of
clock_gettime(), which fixes building on Mac OS X.
- Countless man page improvements, markup fixes, content fixs, etc.
- XML printing support via "praudit -x".
- audit.log.5 expanded to include additional BSM token types.
- Added encoding and decoding routines for process64_ex, process32_ex,
subject32_ex, header64, and attr64 tokens.
- Additional audit event identifiers for listen, mlockall/munlockall,
getpath, POSIX message queues, and mandatory access control.
- New Darwin, FreeBSD, and NetBSD versions.
- DragonFly support including the new .Dx macro.
- New .St strings: -isoC-amd1, -isoC-tcor1, -isoC-tcor2, and -ieee1275-94.
The DNS query id generation is vulnerable to cryptographic
analysis which provides a 1 in 8 chance of guessing the next
query id for 50% of the query ids. This can be used to perform
cache poisoning by an attacker.
This bug only affects outgoing queries, generated by BIND 9 to
answer questions as a resolver, or when it is looking up data
for internal uses, such as when sending NOTIFYs to slave name
servers.
All users are encouraged to upgrade.
See also:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926
- s/jail id/jail ID/, acronyms should be in uppercase in general. Also,
it is written this way in jail(8).
Suggested by: brueffer
Approved by: delphij (mentor, implicit)
