Commit Graph

4605 Commits

Author SHA1 Message Date
des
dd851241ac Merge upstream r421: grammar nit in pam.conf(5). 2009-10-09 09:42:58 +00:00
rpaulo
38b5375bb9 Add parsing code for TCP UTO (User Timeout Option).
Submitted by:	fangwang@
Obtained from:	//depot/projects/soc2009/tcputo/
2009-10-07 09:07:06 +00:00
rdivacky
4117cffd4e Fix tcsh losing history when tcsh terminates because the pty beneath it
is closed.

Diagnosed by Ted Anderson:

New signal queuing logic was introduced in 6.15 and allows the signal handlers
to be run explicitly by calling handle_pending_signals, instead of
immediately when the signal is delivered.  This function is called at
various places, typically when receiving a EINTR from a slow system call
such as read or write.  In the pty exit case, it was called from xwrite,
called from flush, while printing the "exit" message after receiving EOF
when reading from the pty (note that the read did not return EINTR but
zero bytes, indicating EOF).  The SIGHUP handler, phup(), called
rechist, which opened the history file and began writing the merged
history to it.  This process invoked flush recursively to actually write
the data.  In this case, however, the flush noticed it was being called
recursively and decided fail by calling stderror.

My conclusion was that the signal was being handled at a bad time.  But
whether to fix flush not to care about the recursive call, or to handle
the signal some other time and when to handle it, was unclear to me.
However, by adding an extra call to handle_pending_signals, just after
process() returns to main(), I was able to avoid the truncated history
after network outages and similar failures.  I verified this fix in
version 6.17.

Approved by:	ed (mentor)
MFC after:	1 week
2009-10-06 20:19:16 +00:00
attilio
2aef64d798 Import a vendor fix for a list overrun.
This has been considered as a security hole on some specialized ml,
but currently the secteam@ doesn't consider that way.

Reviewed by:	emaste, des
Sponsored by:	Sandvine Incorporated
MFC after:	3 days
2009-09-07 09:30:37 +00:00
ache
fe4cbf528e 1) Remove single occurance of HAS_CTYPE ifdef, ctype functions
used here for a long time and needs their header in anycase.
2) Add (unsigned char) casts to more ctype macros.
3) Simplify menu input handling using ctype instead of range unguarded
hardcoded tricks.
2009-09-04 07:42:13 +00:00
ache
cc84c0640f Move <locale.h> out of NO_CATGETS define too (as setlocale() in prev.
commit)
2009-09-02 04:43:46 +00:00
ache
bbd87e6bfd 1) Use isprint() instead of hardcoded values to detect non-printable.
2) Use (unsigned char) cast in waddch() calls.
It fix highlighting bug: sign extension of 8bit to the attributes area.
3) Use setlocale() in any case.
2009-09-02 04:26:34 +00:00
ume
e9fb7bf28d - Add AS lookup functionality to traceroute6(8) as well.
- Support for IPv6 transport for AS lookup.
- Introduce $RA_SERVER to set whois server.
- Support for 4 byte ASN.
- ANSIfy function declaration in as.c.

Tested by:	IHANet folks.
2009-08-23 17:00:16 +00:00
jhb
f67f7744c1 Explicitly line up the CPU state labels with the calculated starting column
that takes into account the width of the largest CPU ID.  On systems with
> 10 CPUs the labels for the first 10 CPUs were not lined up properly
otherwise.

Approved by:	re (kib)
MFC after:	1 week
2009-08-19 15:17:13 +00:00
des
32589bd8e2 Update and remove CVS-specific items
Approved by:	re (kib)
2009-08-13 06:07:38 +00:00
rwatson
8db4ca2429 Import OpenBSM 1.1p2 from vendor branch to 8-CURRENT. This patch release
addresses several minor issues:

- Fix audit_event definitions of AUE_OPENAT_RWT and AUE_OPENAT_RWTC.
- Fix build on Linux.
- Fix printing of class masks in the audump tool.

MFC after:	3 weeks
Obtained from:	TrustedBSD Project
Approved by:	re (kib)
2009-08-02 10:27:54 +00:00
delphij
a1420f2d09 Update less to v436. This is considered as a bugfix release from vendor.
Major changes from v429:
 * Don't pass "-" to non-pipe LESSOPEN unless it starts with "-".
 * Allow a fraction as the argument to the -# (--shift) option.
 * Fix highlight bug when underlined/overstruck text matches at end of line.
 * Fix non-regex searches with ctrl-R.

Approved by:	re (kensmith, kib)
2009-07-29 09:20:32 +00:00
dougb
2e73ad7182 Update to version 9.6.1-P1 which addresses a remote DoS vulnerability:
Receipt of a specially-crafted dynamic update message may
	cause BIND 9 servers to exit. This vulnerability affects all
	servers -- it is not limited to those that are configured to
	allow dynamic updates. Access controls will not provide an
	effective workaround.

More details can be found here: https://www.isc.org/node/474

All BIND users are encouraged to update to a patched version ASAP.

Approved by:	re (re -> SO -> dougb)
2009-07-29 00:15:39 +00:00
bms
062f7fc07c Output DWARF debug information for global 'using' declarations, instead
of just blowing up. A very similar change to this exists which is
GPLv3 licensed, this is my own change.

This problem was triggered by running the Boost regression tests.

See also:	http://gcc.gnu.org/bugzilla/show_bug.cgi?id=31899
Reviewed by:	luigi
Approved by:	re (kib)
2009-07-22 01:07:11 +00:00
rwatson
d77b22ca31 Import OpenBSM 1.1p1 from vendor branch to 8-CURRENT, populating
contrib/openbsm and a subset also imported into sys/security/audit.
This patch release addresses several minor issues:

- Fixes to AUT_SOCKUNIX token parsing.
- IPv6 support for au_to_me(3).
- Improved robustness in the parsing of audit_control, especially long
  flags/naflags strings and whitespace in all fields.
- Add missing conversion of a number of FreeBSD/Mac OS X errnos to/from BSM
  error number space.

MFC after:	3 weeks
Obtained from:	TrustedBSD Project
Sponsored by:	Apple, Inc.
Approved by:	re (kib)
2009-07-17 14:02:20 +00:00
sam
9990f66d44 correct IEEE80211_RADIOTAP_XCHANNEL to match system
Submitted by:	Guy Harris
Approved by:	re (kib)
2009-07-15 13:50:06 +00:00
kan
ef443476d9 Second attempt at eliminating .text relocations in shared libraries
compiled with stack protector.

Use libssp_nonshared library to pull __stack_chk_fail_local symbol into
each library that needs it instead of pulling it from libc. GCC
generates local calls to this function which result in absolute
relocations put into position-independent code segment, making dynamic
loader do extra work every time given shared library is being relocated
and making affected text pages non-shareable.

Reviewed by:        kib
Approved by:        re (kib)
2009-07-14 21:19:13 +00:00
sam
9a9b86768c Updates, mostly to add 802.11s support:
o add missing Status and Reason codes
o parse/display Action frames
o parse/display Mesh data frames
o parse/display BA frames

Reviewed by:	rpaulo
Approved by:	re (kib)
2009-07-14 17:11:06 +00:00
cperciva
45e5ee4e4a Remove build timestamps from the following files:
/boot/kernel/hptrr.ko
/etc/mail/*.cf
/lib/libcrypto.so.5
/usr/bin/ntpq
/usr/sbin/amd
/usr/sbin/iasl
/usr/sbin/ntpd
/usr/sbin/ntpdate
/usr/sbin/ntpdc

There does not appear to be any purpose to having these timestamps, and
they have the irritating consequence that the aforementioned files will
be different every time they are rebuilt.

After this commit, the only remaining build timestamps are in the kernel,
the boot loaders, /usr/include/osreldate.h (the year in the copyright
notice), and lib*.a (the timestamps on all of the included .o files).

Reviewed by:	scottl (hptrr), gshapiro (sendmail), simon (openssl),
		roberto (ntp), jkim (acpica)
Approved by:	re (kib)
2009-07-11 22:30:37 +00:00
cperciva
b79a5aa131 Fix .Dd value -- our mdoc macros don't know how to parse the $Mdocdate$
tag, so the file was being treated as having no date (i.e., the current
date was being inserted).

Approved by:	re (kib)
2009-07-11 17:35:55 +00:00
mp
e5921a6fae Update to tcsh 6.17.00.
Approved by:	re (kensmith)
2009-07-11 05:35:08 +00:00
mp
5c3d0e09d7 Flatten vendor/tcsh/dist. 2009-07-10 21:00:38 +00:00
dougb
b4778c66fe This is the solution that ISC committed after 9.6.1-release for
the gcc warning issue. It should be included in the next upstream
release.
2009-06-25 19:52:45 +00:00
dougb
3727f1aa7d Update to the final release version of BIND 9.6.1. It has the following
changes from the 9.6.1rc1 version. The first 2 only affect DNSSEC.

          named could incorrectly delete NSEC3 records for
          empty nodes when processing a update request.

          Accept DS responses from delegation only zones.

          "delegation-only" was not being accepted in
          delegation-only type zones.
2009-06-25 19:16:29 +00:00
kib
e91d5cfe69 Usermode portion of the support for swap allocation accounting:
- update for getrlimit(2) manpage;
- support for setting RLIMIT_SWAP in login class;
- addition to the limits(1) and sh and csh limit-setting builtins;
- tuning(7) documentation on the sysctls controlling overcommit.

In collaboration with:	pho
Reviewed by:	alc
Approved by:	re (kensmith)
2009-06-23 20:57:27 +00:00
rdivacky
9d18ee7303 Fix a typo that causes the for loop to exit immediately. There's
identical loop a few lines above.

Reviewed by: sam
Approved by: ed (mentor)
Silence from: darrenr (maintainer)
2009-06-16 13:31:01 +00:00
lulf
d5dee91033 - Remove semicolon that should not have been there.
Submitted by:	rdivacky
MFC after:	1 week
2009-06-12 16:37:53 +00:00
avg
76ddf57429 gdb: make 'thread apply all bt' always work on all threads
even if some appear to have (partially) corrupted stack traces.
E.g. kernel crashdumps typically have stack weirdness at
userland-kernel boundary.

Obtained from:	vendor/upstream (CVS rev 1.118 of stack.c)
Reviewed by:	emaste
Approved by:	jhb
2009-06-12 14:27:50 +00:00
cperciva
632fa45574 Prevent integer overflow in direct pipe write code from circumventing
virtual-to-physical page lookups. [09:09]

Add missing permissions check for SIOCSIFINFO_IN6 ioctl. [09:10]

Fix buffer overflow in "autokey" negotiation in ntpd(8). [09:11]

Approved by:	so (cperciva)
Approved by:	re (not really, but SVN wants this...)
Security:	FreeBSD-SA-09:09.pipe
Security:	FreeBSD-SA-09:10.ipv6
Security:	FreeBSD-SA-09:11.ntpd
2009-06-10 10:31:11 +00:00
lulf
e976638672 - Add missing data argument to printf.
Submitted by:	Pawel Worach <pawel.worach -AT- gmail.com>
MFC after:	1 week
2009-06-01 09:25:32 +00:00
dougb
8ad378b6e2 Local hack to get the build going again while ISC works on a more
permanent solution for 9.6.1-release.

"My suggestion is to remove the whole attribute construct.
It only suppresses a warning when a function is unused. In this case
the function is defined as inline, so it's not causing a warning when
not used."

Submitted by:	marcel
2009-06-01 06:31:04 +00:00
dougb
5e9448f437 Update BIND to version 9.6.1rc1. This version has better performance and
lots of new features compared to 9.4.x, including:

	Full NSEC3 support
	Automatic zone re-signing
	New update-policy methods tcp-self and 6to4-self
	DHCID support.
	More detailed statistics counters including those supported in BIND 8.
	Faster ACL processing.
	Efficient LRU cache-cleaning mechanism.
	NSID support.
2009-05-31 05:44:21 +00:00
dougb
1e9abbf9ca Update BIND to version 9.6.1rc1. This version has better performance and
lots of new features compared to 9.4.x, including:

	Full NSEC3 support
	Automatic zone re-signing
	New update-policy methods tcp-self and 6to4-self
	DHCID support.
	More detailed statistics counters including those supported in BIND 8.
	Faster ACL processing.
	Efficient LRU cache-cleaning mechanism.
	NSID support.
2009-05-31 05:42:58 +00:00
stas
b6666822bf - Prevent buffer overflow in IPFilter's load_http function used to load
ipfilter tables via http by the user-level ippool utility. Previously
  the 1024-byte buffer used to store a http request coudld easily overflow
  if the length of the hostname part of the url passes exceeded 496 bytes. [1]
- Use snprintf to prevent possieble buffer overflows in future. [2]
- Do not try to close the descriptor twice on failure. [2]

Reported by:	Maksymilian Arciemowicz <cxib@securityreason.com> [1]
Obtained from:	NetBSD CVS [2]
MFC after:	2 weeks
2009-05-29 16:24:23 +00:00
delphij
a62a3b6e1f Add an EXIT STATUS section to the manual page. Currently, nc(1)
does not follow sysexits(3), and returns 1 for all error cases.

PR:		docs/126451
2009-05-29 07:18:31 +00:00
delphij
7515df23bd Update netcat to the version carried with OpenBSD 4.5. 2009-05-28 23:23:49 +00:00
marcel
10a76e38af char can be unsigned, like on ARM and PowerPC. Unbreak the
build for those by propagating the type of character from
char to int.
2009-05-28 04:25:38 +00:00
ed
6c84dada4f Update ee(1) in the base system to version 1.5.0.
This version is now licensed under a 2-clause BSD license, instead of
the Artistic license. I've reverted a lot of local modifications we made
to ee, because they have been integrated upstream as well.

Only local modifications include:

- $FreeBSD$ ID.
- Pathname to init.ee.
- catopen() call, to honor LC_MESSAGES instead of LANG.

To keep SVN happy, I'm putting an application/octet-stream mime type on
the KOI8 translations.

Reviewed by:	current@
2009-05-27 17:27:03 +00:00
ed
0eb321bfa5 Merge local changes to ee(1) into contrib space.
The source file, manual page and English translation are now directly
obtained from the contrib/ directory. This makes it a lot easier to
merge a newer version of ee(1) into the tree.

Thanks to:	des and jhb
2009-05-26 21:06:51 +00:00
ed
fbad22d013 Copy ee 1.4.2 into the contrib directory.
This allows me to merge our custom changes to ee(1) back on top of
original sources, with correct mergeinfo.
2009-05-26 20:13:17 +00:00
des
dfd6cf5c69 When man pages are formatted in UTF-8, .Fl is encoded as U+2212 "MINUS
SIGN" instead of U+002D "HYPHEN-MINUS".  This is unfortunate for two
reasons: 1) this is not the character which is actually used on the
command line, and 2) it makes it impossible to search a man page for a
specific command-line option.

This patch fixes this, but there are other unresolved issues, such as
confusion between -, \- and hy: while the latter is always (and only)
used for hyphenation, both - and \- are used for negation and
subtraction, and \- is used for command-line options and sometimes
also for parenthesis.  IMHO, the correct Unicode characters are:

 - hyphenation: either U+2010 or U+00AD, most likely the former (the
   latter is the so-called soft hyphen, used to indicate a point at
   which a text processor is allowed to hyphenate a word)

 - negation and subtraction: U+2212

 - parenthesis: in English, U+2214, with spaces suppressed before and
   after; in some others (such as Norwegian), U+2213 with spaces
   retained.

 - command-line options: U+002D, because that is what is actually used
   on the command line.

However, fixing this would require extensive modifications to (at least)
the doc and man macro sets...

MFC after:	1 week
2009-05-21 17:56:00 +00:00
delphij
94241912dc Merge vendor/file/dist@192348, bringing FILE 5.03 to 8-CURRENT.
Security:	CVE-2009-1515
2009-05-18 22:34:33 +00:00
delphij
810e5a84b4 Update to less v429. 2009-05-09 01:35:27 +00:00
delphij
d069efd47c Flatten all tags of the dist tree of less. 2009-05-08 23:34:35 +00:00
obrien
7fea4c3732 This belongs in //svn.freebsd.org/base/vendor/file/dist now. 2009-05-04 00:42:15 +00:00
obrien
a8abfd3eba Merge vendor/file/dist@191739, bringing FILE 5.00 to 8-CURRENT. 2009-05-04 00:37:44 +00:00
bz
1d1c15a5ac Remove udp and tcp includes not needed here.
Tripped over by: a compile of an upcoming change
MFC after:	1 month
2009-04-25 19:14:22 +00:00
roberto
d0b7303e63 Merge r191298 into HEAD.
Prevent a buffer overflow in ntpq.  Patch taken from the PR database
after being committed to the official ntp tree and present in 4.2.4p7-rc2.

It will be MFH to the upcoming 7.2 pending re approval.

Obtained from:  https://support.ntp.org/bugs/show_bug.cgi?id=1144
MFC after:      3 days
Security:       http://www.securityfocus.com/bid/34481
                CVE-2009-0159
2009-04-20 09:59:08 +00:00
rwatson
0776eb3d4e Merge OpenBSM 1.1 from OpenBSM vendor branch to head.
OpenBSM history for imported revision below for reference.

MFC after:      2 weeks
Sponsored by:   Apple, Inc.
Obtained from:  TrustedBSD Project

OpenBSM 1.1

- Change auditon(2) parameters and data structures to be 32/64-bit architecture
  independent.  Add more information to man page about auditon(2) parameters.
- Add wrapper functions for auditon(2) to use legacy commands when the new
  commands are not supported.
- Add default for 'expire-after' in audit_control to expire trail files when
  the audit directory is more than 10 megabytes ('10M').
- Interface to convert between local and BSM fcntl(2) command values has been
  added:  au_bsm_to_fcntl_cmd(3) and au_fcntl_cmd_to_bsm(3), along with
  definitions of constants in audit_fcntl.h.
- A bug, introduced in OpenBSM 1.1 alpha 4, in which AUT_RETURN32 tokens
  generated by audit_submit(3) were improperly encoded has been fixed.
- Fix example in audit_submit(3) man page.  Also, make it clear that we want
  the audit ID as the argument.
- A new audit event class 'aa', for post-login authentication and
  authorization events, has been added.
2009-04-19 16:17:13 +00:00
rpaulo
dc6531d9b1 Revert previous commit that commented out some bpf functions.
Unconstify arguments of bpf_image(), bpf_filter() and bpf_dump(). This
is needed because some ports rely heavely on these arguments (some of
them even roll out their own implemenentations of bpf_dump).
2009-04-11 17:36:11 +00:00