Commit Graph

4611 Commits

Author SHA1 Message Date
Hajimu UMEMOTO
0fa2c497a6 Don't try to bind to an anycast addeess. The KAME IPv6 stack doesn't
allow bind to an anycast addeess.  It does away with an annoying
message.

Reviewed by:	bz, roberto
MFC after:	2 weeks
2009-12-01 16:07:50 +00:00
Doug Barton
9748b72412 Update to BIND 9.6.1-P2. The vulnerability this is designed to fix is
related to DNSSEC validation on a resolving name server that allows
access to untrusted users. If your system does not fall into all 3 of
these categories you do not need to update immediately.
2009-11-30 03:38:34 +00:00
Ed Schouten
ea74c11fae Use <termios.h> instead of <sys/termios.h>.
<sys/termios.h> only works on FreeBSD by accident.
2009-11-28 11:57:25 +00:00
Darren Reed
7484474781 fix spelling mistake 2009-11-19 08:10:24 +00:00
Xin LI
1a9d4dda9b Revert revision 199201 for now as it has introduced a kernel vulnerability
and requires more polishing.
2009-11-12 19:02:10 +00:00
Xin LI
41c8c6e876 Add interface description capability as inspired by OpenBSD.
MFC after:	3 months
2009-11-11 21:30:58 +00:00
Xin LI
4ed03b8dd4 Add a minimal change to prevent NULL deference in ee(1).
To repeat the problem, one can press "Ctrl+C" and then enter "0".

Submitted by:	Alexander Best <alexbestms wwu de>
2009-11-10 00:48:24 +00:00
Doug Barton
48a8495574 Wrap some socket handling code in a !NULL bow
This patch or something similar will likely be included in a future
BIND release.

PR:		bin/138061
Submitted by:	Michael Baker <michael.baker@diversit.com.au>
Original patch submitted by:	Volker <volker@vwsoft.com>
Patch reviewed and tweaked by:	ISC
2009-11-07 18:55:39 +00:00
Rong-En Fan
e99c18762e Merge r198489 from vendor/ncurses/dist:
Pull upstream patch to fix ee(1) crash when received SIGWINCH:

   modify _nc_wgetch() to check for a -1 in the fifo, e.g., after a
   SIGWINCH, and discard that value, to avoid confusing application
   (patch by Eygene Ryabinkin, FreeBSD bin/136223).

PR:		136223
Submitted by:	Eygene Ryabinkin
Obtained from:	ncurses-5.7-20091024 snapshot
MFC after:	3 days
2009-10-26 13:03:52 +00:00
John Baldwin
22239c9dc4 Change gcc to assume a default machine architecture of 486 instead of 386
on "i386".  Doing it in the compiler is deemed to be less fragile then
attempting to provide a default -march setting via bsd.cpu.mk.  FreeBSD
itself has not supported plain 386 CPUs since 5.x.

Suggested by:	kan
Requested by:	rdivacky
MFC after:	1 month
2009-10-21 19:26:12 +00:00
Dag-Erling Smørgrav
b5a3d78a88 Merge upstream r421: grammar nit in pam.conf(5). 2009-10-09 09:42:58 +00:00
Rui Paulo
ce3ed1caa1 Add parsing code for TCP UTO (User Timeout Option).
Submitted by:	fangwang@
Obtained from:	//depot/projects/soc2009/tcputo/
2009-10-07 09:07:06 +00:00
Roman Divacky
e05b498065 Fix tcsh losing history when tcsh terminates because the pty beneath it
is closed.

Diagnosed by Ted Anderson:

New signal queuing logic was introduced in 6.15 and allows the signal handlers
to be run explicitly by calling handle_pending_signals, instead of
immediately when the signal is delivered.  This function is called at
various places, typically when receiving a EINTR from a slow system call
such as read or write.  In the pty exit case, it was called from xwrite,
called from flush, while printing the "exit" message after receiving EOF
when reading from the pty (note that the read did not return EINTR but
zero bytes, indicating EOF).  The SIGHUP handler, phup(), called
rechist, which opened the history file and began writing the merged
history to it.  This process invoked flush recursively to actually write
the data.  In this case, however, the flush noticed it was being called
recursively and decided fail by calling stderror.

My conclusion was that the signal was being handled at a bad time.  But
whether to fix flush not to care about the recursive call, or to handle
the signal some other time and when to handle it, was unclear to me.
However, by adding an extra call to handle_pending_signals, just after
process() returns to main(), I was able to avoid the truncated history
after network outages and similar failures.  I verified this fix in
version 6.17.

Approved by:	ed (mentor)
MFC after:	1 week
2009-10-06 20:19:16 +00:00
Attilio Rao
dcc3a33188 Import a vendor fix for a list overrun.
This has been considered as a security hole on some specialized ml,
but currently the secteam@ doesn't consider that way.

Reviewed by:	emaste, des
Sponsored by:	Sandvine Incorporated
MFC after:	3 days
2009-09-07 09:30:37 +00:00
Andrey A. Chernov
31dcbfad38 1) Remove single occurance of HAS_CTYPE ifdef, ctype functions
used here for a long time and needs their header in anycase.
2) Add (unsigned char) casts to more ctype macros.
3) Simplify menu input handling using ctype instead of range unguarded
hardcoded tricks.
2009-09-04 07:42:13 +00:00
Andrey A. Chernov
db07ef76da Move <locale.h> out of NO_CATGETS define too (as setlocale() in prev.
commit)
2009-09-02 04:43:46 +00:00
Andrey A. Chernov
f39e07f3af 1) Use isprint() instead of hardcoded values to detect non-printable.
2) Use (unsigned char) cast in waddch() calls.
It fix highlighting bug: sign extension of 8bit to the attributes area.
3) Use setlocale() in any case.
2009-09-02 04:26:34 +00:00
Hajimu UMEMOTO
d429d7201e - Add AS lookup functionality to traceroute6(8) as well.
- Support for IPv6 transport for AS lookup.
- Introduce $RA_SERVER to set whois server.
- Support for 4 byte ASN.
- ANSIfy function declaration in as.c.

Tested by:	IHANet folks.
2009-08-23 17:00:16 +00:00
John Baldwin
fcaeaff4b6 Explicitly line up the CPU state labels with the calculated starting column
that takes into account the width of the largest CPU ID.  On systems with
> 10 CPUs the labels for the first 10 CPUs were not lined up properly
otherwise.

Approved by:	re (kib)
MFC after:	1 week
2009-08-19 15:17:13 +00:00
Dag-Erling Smørgrav
9517e86625 Update and remove CVS-specific items
Approved by:	re (kib)
2009-08-13 06:07:38 +00:00
Robert Watson
a743684e60 Import OpenBSM 1.1p2 from vendor branch to 8-CURRENT. This patch release
addresses several minor issues:

- Fix audit_event definitions of AUE_OPENAT_RWT and AUE_OPENAT_RWTC.
- Fix build on Linux.
- Fix printing of class masks in the audump tool.

MFC after:	3 weeks
Obtained from:	TrustedBSD Project
Approved by:	re (kib)
2009-08-02 10:27:54 +00:00
Xin LI
f0be0a1f8c Update less to v436. This is considered as a bugfix release from vendor.
Major changes from v429:
 * Don't pass "-" to non-pipe LESSOPEN unless it starts with "-".
 * Allow a fraction as the argument to the -# (--shift) option.
 * Fix highlight bug when underlined/overstruck text matches at end of line.
 * Fix non-regex searches with ctrl-R.

Approved by:	re (kensmith, kib)
2009-07-29 09:20:32 +00:00
Doug Barton
0df811a678 Update to version 9.6.1-P1 which addresses a remote DoS vulnerability:
Receipt of a specially-crafted dynamic update message may
	cause BIND 9 servers to exit. This vulnerability affects all
	servers -- it is not limited to those that are configured to
	allow dynamic updates. Access controls will not provide an
	effective workaround.

More details can be found here: https://www.isc.org/node/474

All BIND users are encouraged to update to a patched version ASAP.

Approved by:	re (re -> SO -> dougb)
2009-07-29 00:15:39 +00:00
Bruce M Simpson
f667763060 Output DWARF debug information for global 'using' declarations, instead
of just blowing up. A very similar change to this exists which is
GPLv3 licensed, this is my own change.

This problem was triggered by running the Boost regression tests.

See also:	http://gcc.gnu.org/bugzilla/show_bug.cgi?id=31899
Reviewed by:	luigi
Approved by:	re (kib)
2009-07-22 01:07:11 +00:00
Robert Watson
597df30e62 Import OpenBSM 1.1p1 from vendor branch to 8-CURRENT, populating
contrib/openbsm and a subset also imported into sys/security/audit.
This patch release addresses several minor issues:

- Fixes to AUT_SOCKUNIX token parsing.
- IPv6 support for au_to_me(3).
- Improved robustness in the parsing of audit_control, especially long
  flags/naflags strings and whitespace in all fields.
- Add missing conversion of a number of FreeBSD/Mac OS X errnos to/from BSM
  error number space.

MFC after:	3 weeks
Obtained from:	TrustedBSD Project
Sponsored by:	Apple, Inc.
Approved by:	re (kib)
2009-07-17 14:02:20 +00:00
Sam Leffler
649874e159 correct IEEE80211_RADIOTAP_XCHANNEL to match system
Submitted by:	Guy Harris
Approved by:	re (kib)
2009-07-15 13:50:06 +00:00
Alexander Kabaev
2286fe7635 Second attempt at eliminating .text relocations in shared libraries
compiled with stack protector.

Use libssp_nonshared library to pull __stack_chk_fail_local symbol into
each library that needs it instead of pulling it from libc. GCC
generates local calls to this function which result in absolute
relocations put into position-independent code segment, making dynamic
loader do extra work every time given shared library is being relocated
and making affected text pages non-shareable.

Reviewed by:        kib
Approved by:        re (kib)
2009-07-14 21:19:13 +00:00
Sam Leffler
0b73e40339 Updates, mostly to add 802.11s support:
o add missing Status and Reason codes
o parse/display Action frames
o parse/display Mesh data frames
o parse/display BA frames

Reviewed by:	rpaulo
Approved by:	re (kib)
2009-07-14 17:11:06 +00:00
Colin Percival
7d845dde8d Remove build timestamps from the following files:
/boot/kernel/hptrr.ko
/etc/mail/*.cf
/lib/libcrypto.so.5
/usr/bin/ntpq
/usr/sbin/amd
/usr/sbin/iasl
/usr/sbin/ntpd
/usr/sbin/ntpdate
/usr/sbin/ntpdc

There does not appear to be any purpose to having these timestamps, and
they have the irritating consequence that the aforementioned files will
be different every time they are rebuilt.

After this commit, the only remaining build timestamps are in the kernel,
the boot loaders, /usr/include/osreldate.h (the year in the copyright
notice), and lib*.a (the timestamps on all of the included .o files).

Reviewed by:	scottl (hptrr), gshapiro (sendmail), simon (openssl),
		roberto (ntp), jkim (acpica)
Approved by:	re (kib)
2009-07-11 22:30:37 +00:00
Colin Percival
f15e71c26a Fix .Dd value -- our mdoc macros don't know how to parse the $Mdocdate$
tag, so the file was being treated as having no date (i.e., the current
date was being inserted).

Approved by:	re (kib)
2009-07-11 17:35:55 +00:00
Mark Peek
a15e6f9a9a Update to tcsh 6.17.00.
Approved by:	re (kensmith)
2009-07-11 05:35:08 +00:00
Mark Peek
bc49518e16 Flatten vendor/tcsh/dist. 2009-07-10 21:00:38 +00:00
Doug Barton
9d0520c4b2 This is the solution that ISC committed after 9.6.1-release for
the gcc warning issue. It should be included in the next upstream
release.
2009-06-25 19:52:45 +00:00
Doug Barton
d1fdc8795a Update to the final release version of BIND 9.6.1. It has the following
changes from the 9.6.1rc1 version. The first 2 only affect DNSSEC.

          named could incorrectly delete NSEC3 records for
          empty nodes when processing a update request.

          Accept DS responses from delegation only zones.

          "delegation-only" was not being accepted in
          delegation-only type zones.
2009-06-25 19:16:29 +00:00
Konstantin Belousov
c9253e931d Usermode portion of the support for swap allocation accounting:
- update for getrlimit(2) manpage;
- support for setting RLIMIT_SWAP in login class;
- addition to the limits(1) and sh and csh limit-setting builtins;
- tuning(7) documentation on the sysctls controlling overcommit.

In collaboration with:	pho
Reviewed by:	alc
Approved by:	re (kensmith)
2009-06-23 20:57:27 +00:00
Roman Divacky
5caf16048e Fix a typo that causes the for loop to exit immediately. There's
identical loop a few lines above.

Reviewed by: sam
Approved by: ed (mentor)
Silence from: darrenr (maintainer)
2009-06-16 13:31:01 +00:00
Ulf Lilleengen
c420fd5bb2 - Remove semicolon that should not have been there.
Submitted by:	rdivacky
MFC after:	1 week
2009-06-12 16:37:53 +00:00
Andriy Gapon
84056e4e85 gdb: make 'thread apply all bt' always work on all threads
even if some appear to have (partially) corrupted stack traces.
E.g. kernel crashdumps typically have stack weirdness at
userland-kernel boundary.

Obtained from:	vendor/upstream (CVS rev 1.118 of stack.c)
Reviewed by:	emaste
Approved by:	jhb
2009-06-12 14:27:50 +00:00
Colin Percival
9a1bde1808 Prevent integer overflow in direct pipe write code from circumventing
virtual-to-physical page lookups. [09:09]

Add missing permissions check for SIOCSIFINFO_IN6 ioctl. [09:10]

Fix buffer overflow in "autokey" negotiation in ntpd(8). [09:11]

Approved by:	so (cperciva)
Approved by:	re (not really, but SVN wants this...)
Security:	FreeBSD-SA-09:09.pipe
Security:	FreeBSD-SA-09:10.ipv6
Security:	FreeBSD-SA-09:11.ntpd
2009-06-10 10:31:11 +00:00
Ulf Lilleengen
95bac762d7 - Add missing data argument to printf.
Submitted by:	Pawel Worach <pawel.worach -AT- gmail.com>
MFC after:	1 week
2009-06-01 09:25:32 +00:00
Doug Barton
8df4f1e7be Local hack to get the build going again while ISC works on a more
permanent solution for 9.6.1-release.

"My suggestion is to remove the whole attribute construct.
It only suppresses a warning when a function is unused. In this case
the function is defined as inline, so it's not causing a warning when
not used."

Submitted by:	marcel
2009-06-01 06:31:04 +00:00
Doug Barton
86a672bc31 Update BIND to version 9.6.1rc1. This version has better performance and
lots of new features compared to 9.4.x, including:

	Full NSEC3 support
	Automatic zone re-signing
	New update-policy methods tcp-self and 6to4-self
	DHCID support.
	More detailed statistics counters including those supported in BIND 8.
	Faster ACL processing.
	Efficient LRU cache-cleaning mechanism.
	NSID support.
2009-05-31 05:44:21 +00:00
Doug Barton
6318052d9e Update BIND to version 9.6.1rc1. This version has better performance and
lots of new features compared to 9.4.x, including:

	Full NSEC3 support
	Automatic zone re-signing
	New update-policy methods tcp-self and 6to4-self
	DHCID support.
	More detailed statistics counters including those supported in BIND 8.
	Faster ACL processing.
	Efficient LRU cache-cleaning mechanism.
	NSID support.
2009-05-31 05:42:58 +00:00
Stanislav Sedov
6760b335c6 - Prevent buffer overflow in IPFilter's load_http function used to load
ipfilter tables via http by the user-level ippool utility. Previously
  the 1024-byte buffer used to store a http request coudld easily overflow
  if the length of the hostname part of the url passes exceeded 496 bytes. [1]
- Use snprintf to prevent possieble buffer overflows in future. [2]
- Do not try to close the descriptor twice on failure. [2]

Reported by:	Maksymilian Arciemowicz <cxib@securityreason.com> [1]
Obtained from:	NetBSD CVS [2]
MFC after:	2 weeks
2009-05-29 16:24:23 +00:00
Xin LI
c9b4549c3d Add an EXIT STATUS section to the manual page. Currently, nc(1)
does not follow sysexits(3), and returns 1 for all error cases.

PR:		docs/126451
2009-05-29 07:18:31 +00:00
Xin LI
1a9dc239f5 Update netcat to the version carried with OpenBSD 4.5. 2009-05-28 23:23:49 +00:00
Marcel Moolenaar
1ac3735c5f char can be unsigned, like on ARM and PowerPC. Unbreak the
build for those by propagating the type of character from
char to int.
2009-05-28 04:25:38 +00:00
Ed Schouten
96b676e999 Update ee(1) in the base system to version 1.5.0.
This version is now licensed under a 2-clause BSD license, instead of
the Artistic license. I've reverted a lot of local modifications we made
to ee, because they have been integrated upstream as well.

Only local modifications include:

- $FreeBSD$ ID.
- Pathname to init.ee.
- catopen() call, to honor LC_MESSAGES instead of LANG.

To keep SVN happy, I'm putting an application/octet-stream mime type on
the KOI8 translations.

Reviewed by:	current@
2009-05-27 17:27:03 +00:00
Ed Schouten
cfe04e82b1 Merge local changes to ee(1) into contrib space.
The source file, manual page and English translation are now directly
obtained from the contrib/ directory. This makes it a lot easier to
merge a newer version of ee(1) into the tree.

Thanks to:	des and jhb
2009-05-26 21:06:51 +00:00
Ed Schouten
72fcea8cb7 Copy ee 1.4.2 into the contrib directory.
This allows me to merge our custom changes to ee(1) back on top of
original sources, with correct mergeinfo.
2009-05-26 20:13:17 +00:00