- New Darwin, FreeBSD, and NetBSD versions.
- DragonFly support including the new .Dx macro.
- New .St strings: -isoC-amd1, -isoC-tcor1, -isoC-tcor2, and -ieee1275-94.
contains a sigdec[] vector of structures, but the generated output is
missing braces around the initializer of each struct, which
triggers warnings in WARNS=3:
src/usr.bin/top/sigdesc.h:10: warning: missing braces around initializer
src/usr.bin/top/sigdesc.h:10: warning: (near initialization for `sigdesc[0]')
* Fix the sigconv.awk script to generate a header with initializers
which look better.
* Add rules to usr.bin/top/Makefile that rebuilds a new sigconv.h
header which matches the correct signal set from the build-time
version of `${DESTDIR}/usr/include/signal.h' (so sigconv.h doesn't
get stale once changes are made to the header).
* Remove the old sigconv.h header, now that it is autoupdated at
build time.
* Various Makefile style fixes (the committed Makefile was kindly
submitted by Ruslan):
- Reorder .PATH, PROG, SRCS and CFLAGS to match style.Makefile(5)
- Split off the generated sources (sigdesc.h top.local.h) in an
SRCS+= line of their own.
- Add entries to CLEANFILES near the rules that generate the
respective files.
- Move the explicit rule which builds top.1 after the implicit
rules which generate its dependencies.
Reviewed by: ru, bde
Submitted by: ru (Makefile)
MFC after: 2 weeks
fix servicecurve check; no point in checking the same sc three times, it
was obviously intended to check all three. has been wrong since the
beginning, 4 years... noticed by Earl Lapus <earl.lapus@gmail.com>, Vasil
Dimov <vd@FreeBSD.org> mailed me then, ok mcbride
MFC after: 3 days
announced by ISC dated 31 October (delivered via e-mail to the
bind-announce@isc.org list on 2 November):
Description:
Because of OpenSSL's recently announced vulnerabilities
(CAN-2006-4339, CVE-2006-2937 and CVE-2006-2940) which affect named,
we are announcing this workaround and releasing patches. A proof of
concept attack on OpenSSL has been demonstrated for CAN-2006-4339.
OpenSSL is required to use DNSSEC with BIND.
Fix for version 9.3.2-P1 and lower:
Upgrade to BIND 9.3.2-P2, then generate new RSASHA1 and
RSAMD5 keys for all old keys using the old default exponent
and perform a key rollover to these new keys.
These versions also change the default RSA exponent to be
65537 which is not vulnerable to the attacks described in
CAN-2006-4339.
understand that non-local variables can never be collected, and when
it collected the static variable for mexitcount_libfunc, gcc aborted
on the next use of this variable.
This quick fix is to reinitialize the variable on every use and depend
on garbage collection recovering the small amount of memory wasted by
this, and not worry by the small amount of time wasted by this. It
would be better to initialize the variable together with most of the
other libfuncs in optabs.c and depend on whatever magic is there to
prevent its collection, but we initialize it here to avoid taking at
least 2 more files off the vendor branch.
the probe packet we sent and the packet quoted by the ICMP response.
Can be useful for spotting hops that change the packet in-flight
or have problems generating correct ICMP responses.
MFC after: 3 weeks
history notes since the last import:
OpenBSM 1.0 alpha 12
- Correct bug in auditreduce which prevented the -c option from working
correctly when the user specifies to process successful or failed events.
The problem stemmed from not having access to the return token at the time
the initial preselection occurred, but now a second preselection process
occurs while processing the return token.
- getacfilesz(3) API added to read new audit_control(5) filesz setting,
which auditd(8) now sets the kernel audit trail rotation size to.
- auditreduce(1) now uses stdin if no file names are specified on the command
line; this was the documented behavior previously, but it was not
implemented. Be more specific in auditreduce(1)'s examples section about
what might be done with the output of auditreduce.
- Add audit_warn(5) closefile event so that administrators can hook
termination of an audit trail file. For example, this might be used to
compress the trail file after it is closed.
- auditreduce(1) now uses regular expressions for pathname matching. Users can
now supply one or more (comma delimited) regular expressions for searching
the pathnames. If one of the regular expressions is prefixed with a tilde
(~), and a path matches, it will be excluded from the search results.
MFC after: 3 days
Obtained from: TrustedBSD Project
notes since the last import:
OpenBSM 1.0 alpha 11
- Reclassify certain read/write operations as having no class rather than the
fr/fw class; our default classes audit intent (open) not operations (read,
write).
- Introduce AUE_SYSCTL_WRITE event so that BSD/Darwin systems can audit reads
and writes of sysctls as separate events. Add additional kernel
environment and jail events for FreeBSD.
- Break AUDIT_TRIGGER_OPEN_NEW into two events, AUDIT_TRIGGER_ROTATE_USER
(issued by the user audit(8) tool) and AUDIT_TRIGGER_ROTATE_KERNEL (issued
by the kernel audit implementation) so that they can be distinguished.
- Disable rate limiting of rotate requests; as the kernel doesn't retransmit
a dropped request, the log file will otherwise grow indefinitely if the
trigger is dropped.
- Improve auditd debugging output.
- Fix a number of threading related bugs in audit_control file reading
routines.
- Add APIs au_poltostr() and au_strtopol() to convert between text
representations of audit_control policy flags and the flags passed to
auditon(A_SETPOLICY) and retrieved from auditon(A_GETPOLICY).
- Add API getacpol() to return the 'policy:' entry from audit_control, an
extension to the Solaris file format to allow specification of policy
persistent flags.
- Update audump to print the audit_control policy field.
- Update auditd to read the audit_control policy field and set the kernel
policy to match it when configuring/reconfiguring. Remove the -s and -h
arguments as these policies are now set via the configuration file. If a
policy line is not found in the configuration file, continue with the
current default of setting AUDIT_CNT.
- Fix bugs in the parsing of large execve(2) arguments and environmental
variable tokens; increase maximum parsed argument and variable count.
- configure now detects strlcat(), used by policy-related functions.
- Reference token and record sample files added to test tree.
Obtained from: TrustedBSD Project
- auditd now generates complete audit records for its events, as required for
application-submitted audit records in the the FreeBSD kernel audit
implementation.
This also restores contrib/openbsm/bsm/audit_record to the vendor version
after the build fixes previously committed; however, this file is not used
in the build.
Obtained from: TrustedBSD Project
contrib/openbsm/bsm and sys/bsm. This will help avoid triggering
problems due to an inconsistent include order between the base and
lib32 builds. We will continue to import these files on the vendor
branch. Files used purely in user space (audit_uevents.h) are not
removed.
Suggested by: ru
+ Add PAM and LOGIN_CAP support. Mostly from FreeBSD.
+ Implement option "-D", for running ftpd in standalone mode (daemon).
+ NLST should return 450 instead of 550 upon error, per RFC 959.
+ Add recvbufsize configuration option
+ Remove unreachable code (res could never be NULL here), Coverity CID 712.
+ Set file to NULL after calling fclose(), Coverity CID 2669.
+ Make sure that "su" is initialized before dereferencing it, Coverity CID 1075.
+ Cleanup utmp and utmpx support.
the build. The openbsm folks are free to fix it in any other way they
see fit once they resurface.
Basically, make everything always be const char **, even though const
char ** usually should be 'const char * const *' in most cases. This
makes the three different definitions consistant and allows world to
build.
notes since the last import:
OpenBSM 1.0 alpha 9
- Rename many OpenBSM-specific constants and API elements containing the
strings "BSM" and "bsm" to "AUDIT" and "audit", observing that this is true
for almost all existing constants and APIs.
- Instead of passing a per-instance cookie directly into all audit filter
APIs, pass in the audit filter daemon state pointer, which is then used by
the module using an audit_filter_{get,set}cookie() API. This will allow
future service APIs provided by the filter daemon to maintain their own
state -- for example, per-module preselection state.
OpenBSM 1.0 alpha 8
- Correct typo in definition of AUR_INT.
- Adopt OpenSolaris constant values for AUDIT_* configuration flags.
- Arguments to au_to_exec_args() and au_to_exec_env() no longer const.
- Add kernel versions of au_to_exec_args() and au_to_exec_env().
- Fix exec argument type that is printed for env strings from 'arg' to 'env'.
- New OpenBSM token version number assigned, constants added for other
commonly seen version numbers.
- OpenBSM-specific events assigned numbers in the 43xxx range to avoid future
collisions with Solaris. Darwin events renamed to AUE_DARWIN_foo, as they
are now deprecated numberings.
- autoconf now detects clock_gettime(), which is not available on Darwin.
- praudit output fixes relating to arg32 and arg64 tokens.
- Maximum record size updated to 64k-1 to match Solaris record size limit.
- Various style and comment cleanups in include files.
This is an MFC candidate to RELENG_6.
Obtained from: TrustedBSD Project
notes:
- Adopted Solaris-compatible format for subject32_ex and subject64_ex
tokens, which previously did not correctly implement variable length
address storage.
- Prefer inttypes.h to stdint.h; enhance queue.h detection to test for
TAILQ_FOREACH_SAFE(), which is present in recent BSD queue.h's, but not
older ones. OpenBSM now builds on some FreeBSD 4.x version.
- New event types for extended attributes, ACLs, and scheduling.
Obtained from: TrustedBSD Project
the CVS import, and suggest removing it for the real import, rather than
suggesting it for testing. This will hopefully prevent me (and others)
from making errors.
in http://www.iana.org/assignments/icmp-parameters. Thankfully
IANA's list aggrees with <netinet/ip_icmp.h>.
I've tried to do this in a way which is mostly consistent with
tcptraceroute and Debian's version of traceroute. However, sometimes
a letter is used twice by these versions, so I've gone with:
LBL tcptr Debian (chosen)
ICMP_UNREACH_NET !N !N !N !N
ICMP_UNREACH_HOST !H !H !H !H
ICMP_UNREACH_PROTOCOL !P !P !P !P
ICMP_UNREACH_PORT ! !p ! !
ICMP_UNREACH_NEEDFRAG !F-%d !F !F-<%d> !F-<%d>
ICMP_UNREACH_SRCFAIL !S !S !S !S
ICMP_UNREACH_NET_UNKNOWN !<%d> !U !<%d> !U
ICMP_UNREACH_HOST_UNKNOWN !<%d> !U !<%d> !W
ICMP_UNREACH_ISOLATED !<%d> !I !I !I
ICMP_UNREACH_NET_PROHIB !<%d> !A !A !A
ICMP_UNREACH_HOST_PROHIB !<%d> !C !C !Z
ICMP_UNREACH_TOSNET !<%d> !T !T !Q
ICMP_UNREACH_TOSHOST !<%d> !T !T !T
ICMP_UNREACH_FILTER_PROHIB !X !A !A !X
ICMP_UNREACH_HOST_PRECEDENCE !V !<%d> !V !V
ICMP_UNREACH_PRECEDENCE_CUTOFF !C !<%d> !C !C
Graham Wilson is planning to use the same codes in Debian's version.
MFC after: 3 weeks
non-shared object, do not reserve space in .plt and .rela.plt
for regular symbols neither defined nor referenced in shared objects.
This is a backport of rev. 1.101 (sourceware.org repository) to
Binutils 2.15 which fixes the creation of bogus relocations in the
PLT of Firefox and Thunderbird binaries and which in turn caused
them to segfault in rtld(1). This is committed to the vendor branch
as it doesn't represent a local change but the original vendor fix
is from after elf_link_hash_flags was replaced with bitfields.
PR: sparc64/89486
Approved by: maintainer timeout
Obtained from: NetBSD
MFC after: 1 week
- Use AU_TO_WRITE and AU_NO_TO_WRITE for the 'keep' argument to au_close();
previously we used hard-coded 0 and 1 values.
- Add man page for au_open(), au_write(), au_close(), and
au_close_buffer().
- Support a more complete range of data types for the arbitrary data token:
add AUR_CHAR (alias to AUR_BYTE), remove AUR_LONG, add AUR_INT32 (alias
to AUR_INT), add AUR_INT64.
- Add au_close_token(), which allows writing a single token_t to a memory
buffer. Not likely to be used much by applications, but useful for
writing test tools.
- Modify au_to_file() so that it accepts a timeval in user space, not just
kernel -- this is not a Solaris BSM API so can be modified without
causing compatibility issues.
- Define a new API, au_to_header32_tm(), which adds a struct timeval
argument to the ordinary au_to_header32(), which is now implemented by
wrapping au_to_header32_tm() and calling gettimeofday(). #ifndef KERNEL
the APIs that invoke gettimeofday(), rather than having a variable
definition. Don't try to retrieve time zone information using
gettimeofday(), as it's not needed, and introduces possible failure
modes.
- Don't perform byte order transformations on the addr/machine fields of
the terminal ID that appears in the process32/subject32 tokens. These
are assumed to be IP addresses, and as such, to be in network byte
order.
- Universally, APIs now assume that IP addresses and ports are provided
in network byte order. APIs now generally provide these types in
network byte order when decoding.
- Beginnings of an OpenBSM test framework can now be found in openbsm/test.
This code is not built or installed by default.
- auditd now assigns more appropriate syslog levels to its debugging and
error information.
- Support for audit filters introduced: audit filters are dynamically
loaded shared objects that run in the context of a new daemon,
auditfilterd. The daemon reads from an audit pipe and feeds both BSM and
parsed versions of records to shared objects using a module API. This
will provide a framework for the writing of intrusion detection services.
- New utility API, audit_submit(), added to capture common elements of audit
record submission for many applications.
Obtained from: TrustedBSD Project
to a host behind a firewall where only specific services are allowed.
For example, to trace the hops to an HTTP server behind a firewall,
$ traceroute -e -P tcp -p 80 www-firewalled.example.com
MFC after: 1 week
require the authenticator announce EAPOL version 1 don't have to hack
the code to get a working setup.
Discussed with Jouni; he's committed a similar set of changes to
his devel branch and I sent him these changes so I'm committing
this on the vendor branch in the expectation it will appear in
the next import.
MFC after: 1 week
Correctly identify the user running opiepasswd(1) when the login name
differs from the account name. [2]
Security: FreeBSD-SA-06:11.ipsec [1]
Security: FreeBSD-SA-06:12.opie [2]
- Update install notes to indicate /etc files are to be installed manually.
- On systems without LOG_SECURITY, use LOG_AUTH.
- Convert to autoconf/automake in order to move to a more portable (not
BSD-specific) build infrastructure, and more easy conditional building of
components. Currently, the primary feature loss is that automake does
not have native support for manual symlinks. This will be addressed in a
future OpenBSM release.
- Add compat/queue.h, to be used on systems dated BSD queue macro libraries
(as found on Linux).
- Rename CHANGELOG to HISTORY, as our change log doesn't follow some of the
existing conventions for a CHANGELOG.
- Some private data structures moved from audit.h to audit_internal.h to
prevent inappropriate use by applications and name space pollution.
- Improved detection and use of endian macros using autoconf.
- Avoid non-portable use of struct in6_addr, which is largely opaque.
- Avoid leaking BSD kernel socket related token code to user space in
bsm_token.c.
- Teach System V IPC calls to look for Linux naming variations for certain
struct ipc_perm fields.
- Test for audit system calls, and if not present, don't build
bsm_wrappers.c, bsm_notify.c, audit(8), and auditd(8), which rely on
those system calls.
- au_close() is not implemented on systems that don't have audit system
calls, but au_close_buffer() is.
- Work around missing BSDisms in bsm_wrapper.c.
- Fix nested includes so including libbsm.h in an application on Linux
picks up the necessary definitions.
Obtained from: TrustedBSD Project
- Remove "audit" user example from audit_user, as it's not present on most
systems.
- Add cannot_audit() function non-Darwin systems that wraps auditon();
required by OpenSSH BSM support. Convert Darwin cannot_audit() into a
function rather than a macro.
- Library build fixed on Darwin following include file tweaks. The native
Darwin sys/audit.h conflicts with bsm/audit.h due to duplicate types, so
for now we force bsm_wrappers.c to not perform a nested include of
sys/audit.h.
Obtained from: TrustedBSD Project
- Man page formatting, cross reference, mlinks, and accuracy improvements.
- auditd and tools now compile and run on FreeBSD/arm.
- auditd will now fchown() the trail file to the audit review group, if
defined at compile-time.
- Added AUE_SYSARCH for FreeBSD.
- Definition of AUE_SETFSGID fixed for Linux.
Many thanks to: brueffer, cognet
Obtained from: TrustedBSD Project
- Man page formatting improvements.
- A number of new audit event identifiers for FreeBSD, Linux, and POSIX.1b
events.
- Remove 'tfm' class, unused in OpenBSM.
Obtained from: TrustedBSD Project
1.0 alpha 1, an implementation of the documented Sun Basic Security
Module (BSM) Audit API and file format, as well as local extensions to
support the Mac OS X and FreeBSD operating systems. Also included are
command line tools for audit trail reduction and conversion to text,
as well as documentation of the commands, file format, and APIs. This
distribution is the foundation for the TrustedBSD Audit implementation,
and is a pre-release.
This is the first in a series of commits to introduce support for
Common Criteria CAPP security event audit support.
This software has been made possible through the generous
contributions of Apple Computer, Inc., SPARTA, Inc., as well as
members of the TrustedBSD Project, including Wayne Salamon <wsalamon>
and Tom Rhodes <trhodes>. The original OpenBSM implementation was
created by McAfee Research under contract to Apple Computer, Inc., as
part of their CC CAPP security evaluation.
Many thanks to: wsalamon, trhodes
Obtained from: TrustedBSD Project
Correct insecure temporary file usage in ee. [06:02]
Correct a race condition when setting file permissions, sanitize file
names by default, and fix a buffer overflow when handling files
larger than 4GB in cpio. [06:03]
Fix an error in the handling of IP fragments in ipfw which can cause
a kernel panic. [06:04]
Security: FreeBSD-SA-06:01.texindex
Security: FreeBSD-SA-06:02.ee
Security: FreeBSD-SA-06:03.cpio
Security: FreeBSD-SA-06:04.ipfw
probe
Before:
5 *
freebsd (195.250.137.134) 19.086 ms 24.694 ms
After:
5 * freebsd (195.250.137.134) 19.086 ms 24.694 ms
Fixes: bin/90098
Reported by: Jeremy Chadwick <freebsd@jdc.parodius.com>
Approved by: andre
MFC after: 1 day
basically disables any access unless other strings are set in the config
file. Note, that there is no way to set the communities back to NULL once
they're set to something not NULL.
part of the structure was a hack to maintain binary compatibility with
Sun binaries, and my understanding is that it's not needed generally
on sparc systems running other operating systems. Therefore, hide this
code behind the same set of tests as in lib/bind/include/netdb.h.
This file is being imported on the vendor branch because a similar change
(or change with similar effect) will be in the next version of BIND 9.
This change will not affect other platforms in any way.
interface up when it is running AND the link is not down (that is, it is
up or unknown). If the interface is running but the link is down, we return
state 'dormant', because we're waiting for an external event. Otherwise
the interface is 'down'.
Submitted by: csjp
Reviewed by: glebius
* freebsd-spec.h (FBSD_TARGET_OS_CPP_BUILTINS):
Use builtin_define_with_int_value() instead of
adding a new check for every new major FreeBSD version.
Motivated by: simon
Discussed with: obrien, kan
version has a bug where it fails to properly cancel the polling loop
that periodically queries the BSSID (this is done to detect the
association/disassociation state). The timeout is supposed to fire
once a second, but the eloop_cancel_timeout() call uses a different
'user data' value than what was passed to eloop_register_timeout(),
so cancelling the timeouts fails. This results in an additional timeout
being created each time an EAPOL packet is received, which can lead
to dozens of unwanted timeouts firing every second instead of just one.
the range allowed by that function, resulting in undefined behaviour.
Our undefined behaviour in multibyte locales happened to differ from
glibc's, resulting in errors parsing option strings.
Obtained from: Corinna Vinschen (Red Hat)
system boot, and hook it up in the system.
The separate script is needed because in the presence of various
interface lists in rc.conf ($network_interfaces, $cloned_interfaces,
$sppp_interfaces, $gif_interfaces, more to come) it is hard to start
them orderly, so that pfsync is brought up after its syncdev, which
is required for the proper startup of pfsync.
Discussed with: mlaier on -pf
MFC after: 5 days
file cannot be linked into place when requested (not required) to do it,
reassure them that cpio is still intelligent enough that it will perform
a full copy instead.
This file is already off the vendor branch and there hasn't been a bc
release in more than 4 years so I can't see any harm in fixing this.
Submitted by: Arne Woerner <arne_woerner at yahoo dot com>
PR: gnu/86627
Before (backslash in c syntax meaning):
6 p16-2-0-0.r21.sttlwa01.us.bb.verio.net (129.250.2.180) 71.027 ms \
p16-1-1-3.r20.sttlwa01.us.bb.verio.net (129.250.2.6) 66.730 ms 66.535 ms
7 xe-0-2-0.r20.sttlwa01.us.bb.verio.net (129.250.4.16) 71.092 ms \
xe-3-1.r00.sttlwa01.us.bb.verio.net (129.250.2.205) 66.598 ms \
xe-0-2-0.r20.sttlwa01.us.bb.verio.net (129.250.4.16) 71.024 ms
After:
6 p16-2-0-0.r21.sttlwa01.us.bb.verio.net (129.250.2.180) 71.027 ms
p16-1-1-3.r20.sttlwa01.us.bb.verio.net (129.250.2.6) 66.730 ms 66.535 ms
7 xe-0-2-0.r20.sttlwa01.us.bb.verio.net (129.250.4.16) 71.092 ms
xe-3-1.r00.sttlwa01.us.bb.verio.net (129.250.2.205) 66.598 ms
xe-0-2-0.r20.sttlwa01.us.bb.verio.net (129.250.4.16) 71.024 ms
Submitted by: Richard A Steenbergen <ras at e-gerbil.net>
MFC after: 3 days