Commit Graph

4789 Commits

Author SHA1 Message Date
yongari
8a4c5a38b7 shi1_remark is in little endian format, convert it to host ordering.
Also remove upper 16bits which always seem to be 0xFFFF. We don't
allocate more than 64KB buffer anyway.
This change make smbutil work on sparc64.

Reviewed by:	marius, bp
Approved by:	bp
2010-01-25 18:35:58 +00:00
dougb
627ca92735 Upgrade to BIND 9.6.1-P3.
This version address the following vulnerabilities:

BIND 9 Cache Update from Additional Section
https://www.isc.org/advisories/CVE-2009-4022v6
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022
A nameserver with DNSSEC validation enabled may incorrectly add
unauthenticated records to its cache that are received during the
resolution of a recursive client query

BIND 9 DNSSEC validation code could cause bogus NXDOMAIN responses
https://www.isc.org/advisories/CVE-2010-0097
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0097
There was an error in the DNSSEC NSEC/NSEC3 validation code that could
cause bogus NXDOMAIN responses (that is, NXDOMAIN responses for records
proven by NSEC or NSEC3 to exist) to be cached as if they had validated
correctly

These issues only affect systems with DNSSEC validation enabled.
2010-01-25 06:18:31 +00:00
delphij
6852acc871 Update to 4.6.
Note: the -V option from OpenBSD is implemented using setfib(2) on FreeBSD.

MFC after:	2 weeks
2010-01-19 18:45:29 +00:00
ru
a64f684e51 Pull up vendor changes. 2010-01-15 15:10:29 +00:00
ru
d8e1c135e6 Moved the doc-str-Lb-libulog string definition to where it belongs. 2010-01-15 14:05:06 +00:00
ru
7b5fe6ac70 Pull up vendor changes. The following local changes made obsolete:
- Addition of several FreeBSD versions.
- r192561 that attempted to fix UTF-8 issues.
2010-01-15 13:59:50 +00:00
ed
55b15dac03 Forgot a part that was missing in the previous commit.
There is no need to call trimdomain() anymore now that ut_host is big
enough to fit decent hostnames.
2010-01-13 18:46:50 +00:00
ed
bd3422d93e Let telnetd build without utmp and logwtmp(3).
Just like rlogind, there is no need to change the ownership of the
terminal during shutdown anymore. Also don't call logwtmp, because the
login(1)/PAM is responsible for doing this. Also use SHUT_RDWR instead
of 2.
2010-01-13 18:37:42 +00:00
ed
cdcbec7f04 Don't include <utmp.h> when using <utmpx.h>.
libopie includes both <utmp.h> and <utmpx.h> in this case and uses some
#defines to let the code use struct utmpx and its utility functions.
We'd better not include <utmp.h> here, because maybe it will not be
present in the future.
2010-01-11 16:27:56 +00:00
ru
270ba02de1 Apply patches directly to sources. Their effect is as follows:
- Make one-true-awk respect locale's collating order in [a-z]
  bracket expressions, until a more complete fix (like handing
  BREs) is ready.

- Don't require a space between -[fv] and its argument.
2010-01-10 08:02:07 +00:00
ru
56d4794e72 Update to a 26-Nov-2009 release. 2010-01-09 23:19:01 +00:00
ru
8a9b761eed Clean up import. 2010-01-09 22:47:40 +00:00
imp
a8210f6c6c Merge r194519 from projects/mips to head by hand:
r194519 | gonzo | 2009-06-19 17:28:26 -0600 (Fri, 19 Jun 2009) | 3 lines
- set -mabicalls and -msoft-float as a default in order to
    simplify building ports
2010-01-08 23:37:30 +00:00
sobomax
e083f90a62 Allow comment (#) to be placed anywhere in the line, not only at the
beginning, so it's consistent with other configuration files.

MFC after:	3 weeks
2010-01-08 10:54:15 +00:00
ed
40014dccb8 Remove unneeded inclusion of <utmp.h> and dead variables. 2009-12-27 11:56:32 +00:00
ed
8f467b7b0f Let top(1) use MAXLOGNAME instead of UT_NAMESIZE.
The maximum user login length should have nothing to do with <utmp.h>.
2009-12-25 09:02:41 +00:00
delphij
40c18ac3ff Adapt OpenBSD pf's "sloopy" TCP state machine which is useful for Direct
Server Return mode, where not all packets would be visible to the load
balancer or gateway.

This commit should be reverted when we merge future pf versions.  The
benefit it would provide is that this version does not break any existing
public interface and thus won't be a problem if we want to MFC it to
earlier FreeBSD releases.

Discussed with:	mlaier
Obtained from:	OpenBSD
Sponsored by:	iXsystems, Inc.
MFC after:	1 month
2009-12-24 00:43:44 +00:00
roberto
230e76b538 Merge 4.2.4p8 into contrib (r200452 & r200454).
Subversion is being difficult here so take a hammer and get it in.

MFC after:		2 weeks
Security:		CVE-2009-3563
2009-12-15 14:58:10 +00:00
delphij
260d752e2e Apply two vendor fixes for CVE-2009-3720.
Security:	CVE-2009-3720
MFC after:	3 days
2009-12-11 02:09:46 +00:00
delphij
942205b726 What we have in base system is actually OpenBSD 4.5's netcat,
update this file to reflect the fact.
2009-12-08 19:12:38 +00:00
marcel
26d17419ba Fix Read-After-Write (RAW) dependency violation for ar.ccv in
isc_atomic_xadd() and isc_atomic_cmpxchg().

Approved by:	dougb@
MFC after:	1 week
2009-12-07 02:17:58 +00:00
syrinx
3f6e5c4df5 Fix a problem with high CPU consumption (up to 30%) by bsnmpd on a loaded system.
Instead of constantly calling the mibII_idle function when the server is not busy
call the function only once every 10 seconds to avoid bsnmpd constantly doing
gettimeofday syscalls. Make the idle polling interval confugurable via
begemotIfDataPoll.

Reported and tested by: misho (at) aitbg (dot) com
Oked by: harti
MFC after:	1 week
2009-12-03 16:08:00 +00:00
ed
879c7d2730 Add a new library: libulog.
One of the things I really want to do, is to get rid of the limitations
of our current utmp(5) mechanism:

- It only allows 8 byte TTY device names.
- The hostname only allows 16 bytes of storage.

I'm not a big fan of <utmpx.h>, but I think we should at least try to
add parts of it. Unfortunately we cannot implement <utmpx.h>, because we
miss various fields, such as ut_id, ut_pid, etc. The API provided by
libulog shares some similarities with <utmpx.h>, so it shouldn't be too
hard to port these applications eventually. In most simple cases, it
should just be a matter of removing the ulog_ prefix everywhere.

As a bonus, it also implements a function called ulog_login_pseudo(),
which allows unprivileged applications to write log entries, provided
they have a valid file descriptor to a pseudo-terminal master device.

libulog will allow a smoother transition to a new file format by adding
a library interface to deal with utmp/wtmp/lastlog files. I initially
thought about adding the functionality to libutil, but because I'm not
planning on keeping this library around forever, we'd better keep it
separated.

Next items on the todo list:

1. Port applications in the base system (and ports) to libulog, instead
   of letting them use <utmp.h>.
2. Remove <utmp.h>, implement <utmpx.h> and reimplement this library on
   top.
3. Port as many applications as possible back to <utmpx.h>.
2009-12-03 15:48:24 +00:00
kib
0d2524b063 Properly support -fPIE by linking PIE binaries with specially-built
Scrt1.o instead of crt1.o, since the later is built as non-PIC.

Separate i386-elf crt1.c into the pure assembler part and C code,
supplying all data extracted by assembler stub as explicit parameters [1].
Hide and localize _start1 symbol used as an interface between asm and
C code.

In collaboration with:	kan
Inspired by:	PR i386/127387 [1]
Prodded and tested by:	rdivacky [1]
MFC after:	3 weeks
2009-12-02 16:34:20 +00:00
ume
a3e767ede4 Don't try to bind to an anycast addeess. The KAME IPv6 stack doesn't
allow bind to an anycast addeess.  It does away with an annoying
message.

Reviewed by:	bz, roberto
MFC after:	2 weeks
2009-12-01 16:07:50 +00:00
dougb
54dfe5254b Update to BIND 9.6.1-P2. The vulnerability this is designed to fix is
related to DNSSEC validation on a resolving name server that allows
access to untrusted users. If your system does not fall into all 3 of
these categories you do not need to update immediately.
2009-11-30 03:38:34 +00:00
ed
369b564923 Use <termios.h> instead of <sys/termios.h>.
<sys/termios.h> only works on FreeBSD by accident.
2009-11-28 11:57:25 +00:00
darrenr
2aed81f206 fix spelling mistake 2009-11-19 08:10:24 +00:00
delphij
8fed657163 Revert revision 199201 for now as it has introduced a kernel vulnerability
and requires more polishing.
2009-11-12 19:02:10 +00:00
delphij
13a19ef806 Add interface description capability as inspired by OpenBSD.
MFC after:	3 months
2009-11-11 21:30:58 +00:00
delphij
f89d1346eb Add a minimal change to prevent NULL deference in ee(1).
To repeat the problem, one can press "Ctrl+C" and then enter "0".

Submitted by:	Alexander Best <alexbestms wwu de>
2009-11-10 00:48:24 +00:00
dougb
2223d789e6 Wrap some socket handling code in a !NULL bow
This patch or something similar will likely be included in a future
BIND release.

PR:		bin/138061
Submitted by:	Michael Baker <michael.baker@diversit.com.au>
Original patch submitted by:	Volker <volker@vwsoft.com>
Patch reviewed and tweaked by:	ISC
2009-11-07 18:55:39 +00:00
rafan
d8453107cc Merge r198489 from vendor/ncurses/dist:
Pull upstream patch to fix ee(1) crash when received SIGWINCH:

   modify _nc_wgetch() to check for a -1 in the fifo, e.g., after a
   SIGWINCH, and discard that value, to avoid confusing application
   (patch by Eygene Ryabinkin, FreeBSD bin/136223).

PR:		136223
Submitted by:	Eygene Ryabinkin
Obtained from:	ncurses-5.7-20091024 snapshot
MFC after:	3 days
2009-10-26 13:03:52 +00:00
jhb
bc6b0275a0 Change gcc to assume a default machine architecture of 486 instead of 386
on "i386".  Doing it in the compiler is deemed to be less fragile then
attempting to provide a default -march setting via bsd.cpu.mk.  FreeBSD
itself has not supported plain 386 CPUs since 5.x.

Suggested by:	kan
Requested by:	rdivacky
MFC after:	1 month
2009-10-21 19:26:12 +00:00
des
dd851241ac Merge upstream r421: grammar nit in pam.conf(5). 2009-10-09 09:42:58 +00:00
rpaulo
38b5375bb9 Add parsing code for TCP UTO (User Timeout Option).
Submitted by:	fangwang@
Obtained from:	//depot/projects/soc2009/tcputo/
2009-10-07 09:07:06 +00:00
rdivacky
4117cffd4e Fix tcsh losing history when tcsh terminates because the pty beneath it
is closed.

Diagnosed by Ted Anderson:

New signal queuing logic was introduced in 6.15 and allows the signal handlers
to be run explicitly by calling handle_pending_signals, instead of
immediately when the signal is delivered.  This function is called at
various places, typically when receiving a EINTR from a slow system call
such as read or write.  In the pty exit case, it was called from xwrite,
called from flush, while printing the "exit" message after receiving EOF
when reading from the pty (note that the read did not return EINTR but
zero bytes, indicating EOF).  The SIGHUP handler, phup(), called
rechist, which opened the history file and began writing the merged
history to it.  This process invoked flush recursively to actually write
the data.  In this case, however, the flush noticed it was being called
recursively and decided fail by calling stderror.

My conclusion was that the signal was being handled at a bad time.  But
whether to fix flush not to care about the recursive call, or to handle
the signal some other time and when to handle it, was unclear to me.
However, by adding an extra call to handle_pending_signals, just after
process() returns to main(), I was able to avoid the truncated history
after network outages and similar failures.  I verified this fix in
version 6.17.

Approved by:	ed (mentor)
MFC after:	1 week
2009-10-06 20:19:16 +00:00
attilio
2aef64d798 Import a vendor fix for a list overrun.
This has been considered as a security hole on some specialized ml,
but currently the secteam@ doesn't consider that way.

Reviewed by:	emaste, des
Sponsored by:	Sandvine Incorporated
MFC after:	3 days
2009-09-07 09:30:37 +00:00
ache
fe4cbf528e 1) Remove single occurance of HAS_CTYPE ifdef, ctype functions
used here for a long time and needs their header in anycase.
2) Add (unsigned char) casts to more ctype macros.
3) Simplify menu input handling using ctype instead of range unguarded
hardcoded tricks.
2009-09-04 07:42:13 +00:00
ache
cc84c0640f Move <locale.h> out of NO_CATGETS define too (as setlocale() in prev.
commit)
2009-09-02 04:43:46 +00:00
ache
bbd87e6bfd 1) Use isprint() instead of hardcoded values to detect non-printable.
2) Use (unsigned char) cast in waddch() calls.
It fix highlighting bug: sign extension of 8bit to the attributes area.
3) Use setlocale() in any case.
2009-09-02 04:26:34 +00:00
ume
e9fb7bf28d - Add AS lookup functionality to traceroute6(8) as well.
- Support for IPv6 transport for AS lookup.
- Introduce $RA_SERVER to set whois server.
- Support for 4 byte ASN.
- ANSIfy function declaration in as.c.

Tested by:	IHANet folks.
2009-08-23 17:00:16 +00:00
jhb
f67f7744c1 Explicitly line up the CPU state labels with the calculated starting column
that takes into account the width of the largest CPU ID.  On systems with
> 10 CPUs the labels for the first 10 CPUs were not lined up properly
otherwise.

Approved by:	re (kib)
MFC after:	1 week
2009-08-19 15:17:13 +00:00
des
32589bd8e2 Update and remove CVS-specific items
Approved by:	re (kib)
2009-08-13 06:07:38 +00:00
rwatson
8db4ca2429 Import OpenBSM 1.1p2 from vendor branch to 8-CURRENT. This patch release
addresses several minor issues:

- Fix audit_event definitions of AUE_OPENAT_RWT and AUE_OPENAT_RWTC.
- Fix build on Linux.
- Fix printing of class masks in the audump tool.

MFC after:	3 weeks
Obtained from:	TrustedBSD Project
Approved by:	re (kib)
2009-08-02 10:27:54 +00:00
delphij
a1420f2d09 Update less to v436. This is considered as a bugfix release from vendor.
Major changes from v429:
 * Don't pass "-" to non-pipe LESSOPEN unless it starts with "-".
 * Allow a fraction as the argument to the -# (--shift) option.
 * Fix highlight bug when underlined/overstruck text matches at end of line.
 * Fix non-regex searches with ctrl-R.

Approved by:	re (kensmith, kib)
2009-07-29 09:20:32 +00:00
dougb
2e73ad7182 Update to version 9.6.1-P1 which addresses a remote DoS vulnerability:
Receipt of a specially-crafted dynamic update message may
	cause BIND 9 servers to exit. This vulnerability affects all
	servers -- it is not limited to those that are configured to
	allow dynamic updates. Access controls will not provide an
	effective workaround.

More details can be found here: https://www.isc.org/node/474

All BIND users are encouraged to update to a patched version ASAP.

Approved by:	re (re -> SO -> dougb)
2009-07-29 00:15:39 +00:00
bms
062f7fc07c Output DWARF debug information for global 'using' declarations, instead
of just blowing up. A very similar change to this exists which is
GPLv3 licensed, this is my own change.

This problem was triggered by running the Boost regression tests.

See also:	http://gcc.gnu.org/bugzilla/show_bug.cgi?id=31899
Reviewed by:	luigi
Approved by:	re (kib)
2009-07-22 01:07:11 +00:00
rwatson
d77b22ca31 Import OpenBSM 1.1p1 from vendor branch to 8-CURRENT, populating
contrib/openbsm and a subset also imported into sys/security/audit.
This patch release addresses several minor issues:

- Fixes to AUT_SOCKUNIX token parsing.
- IPv6 support for au_to_me(3).
- Improved robustness in the parsing of audit_control, especially long
  flags/naflags strings and whitespace in all fields.
- Add missing conversion of a number of FreeBSD/Mac OS X errnos to/from BSM
  error number space.

MFC after:	3 weeks
Obtained from:	TrustedBSD Project
Sponsored by:	Apple, Inc.
Approved by:	re (kib)
2009-07-17 14:02:20 +00:00
sam
9990f66d44 correct IEEE80211_RADIOTAP_XCHANNEL to match system
Submitted by:	Guy Harris
Approved by:	re (kib)
2009-07-15 13:50:06 +00:00
kan
ef443476d9 Second attempt at eliminating .text relocations in shared libraries
compiled with stack protector.

Use libssp_nonshared library to pull __stack_chk_fail_local symbol into
each library that needs it instead of pulling it from libc. GCC
generates local calls to this function which result in absolute
relocations put into position-independent code segment, making dynamic
loader do extra work every time given shared library is being relocated
and making affected text pages non-shareable.

Reviewed by:        kib
Approved by:        re (kib)
2009-07-14 21:19:13 +00:00
sam
9a9b86768c Updates, mostly to add 802.11s support:
o add missing Status and Reason codes
o parse/display Action frames
o parse/display Mesh data frames
o parse/display BA frames

Reviewed by:	rpaulo
Approved by:	re (kib)
2009-07-14 17:11:06 +00:00
cperciva
45e5ee4e4a Remove build timestamps from the following files:
/boot/kernel/hptrr.ko
/etc/mail/*.cf
/lib/libcrypto.so.5
/usr/bin/ntpq
/usr/sbin/amd
/usr/sbin/iasl
/usr/sbin/ntpd
/usr/sbin/ntpdate
/usr/sbin/ntpdc

There does not appear to be any purpose to having these timestamps, and
they have the irritating consequence that the aforementioned files will
be different every time they are rebuilt.

After this commit, the only remaining build timestamps are in the kernel,
the boot loaders, /usr/include/osreldate.h (the year in the copyright
notice), and lib*.a (the timestamps on all of the included .o files).

Reviewed by:	scottl (hptrr), gshapiro (sendmail), simon (openssl),
		roberto (ntp), jkim (acpica)
Approved by:	re (kib)
2009-07-11 22:30:37 +00:00
cperciva
b79a5aa131 Fix .Dd value -- our mdoc macros don't know how to parse the $Mdocdate$
tag, so the file was being treated as having no date (i.e., the current
date was being inserted).

Approved by:	re (kib)
2009-07-11 17:35:55 +00:00
mp
e5921a6fae Update to tcsh 6.17.00.
Approved by:	re (kensmith)
2009-07-11 05:35:08 +00:00
mp
5c3d0e09d7 Flatten vendor/tcsh/dist. 2009-07-10 21:00:38 +00:00
dougb
b4778c66fe This is the solution that ISC committed after 9.6.1-release for
the gcc warning issue. It should be included in the next upstream
release.
2009-06-25 19:52:45 +00:00
dougb
3727f1aa7d Update to the final release version of BIND 9.6.1. It has the following
changes from the 9.6.1rc1 version. The first 2 only affect DNSSEC.

          named could incorrectly delete NSEC3 records for
          empty nodes when processing a update request.

          Accept DS responses from delegation only zones.

          "delegation-only" was not being accepted in
          delegation-only type zones.
2009-06-25 19:16:29 +00:00
kib
e91d5cfe69 Usermode portion of the support for swap allocation accounting:
- update for getrlimit(2) manpage;
- support for setting RLIMIT_SWAP in login class;
- addition to the limits(1) and sh and csh limit-setting builtins;
- tuning(7) documentation on the sysctls controlling overcommit.

In collaboration with:	pho
Reviewed by:	alc
Approved by:	re (kensmith)
2009-06-23 20:57:27 +00:00
rdivacky
9d18ee7303 Fix a typo that causes the for loop to exit immediately. There's
identical loop a few lines above.

Reviewed by: sam
Approved by: ed (mentor)
Silence from: darrenr (maintainer)
2009-06-16 13:31:01 +00:00
lulf
d5dee91033 - Remove semicolon that should not have been there.
Submitted by:	rdivacky
MFC after:	1 week
2009-06-12 16:37:53 +00:00
avg
76ddf57429 gdb: make 'thread apply all bt' always work on all threads
even if some appear to have (partially) corrupted stack traces.
E.g. kernel crashdumps typically have stack weirdness at
userland-kernel boundary.

Obtained from:	vendor/upstream (CVS rev 1.118 of stack.c)
Reviewed by:	emaste
Approved by:	jhb
2009-06-12 14:27:50 +00:00
cperciva
632fa45574 Prevent integer overflow in direct pipe write code from circumventing
virtual-to-physical page lookups. [09:09]

Add missing permissions check for SIOCSIFINFO_IN6 ioctl. [09:10]

Fix buffer overflow in "autokey" negotiation in ntpd(8). [09:11]

Approved by:	so (cperciva)
Approved by:	re (not really, but SVN wants this...)
Security:	FreeBSD-SA-09:09.pipe
Security:	FreeBSD-SA-09:10.ipv6
Security:	FreeBSD-SA-09:11.ntpd
2009-06-10 10:31:11 +00:00
lulf
e976638672 - Add missing data argument to printf.
Submitted by:	Pawel Worach <pawel.worach -AT- gmail.com>
MFC after:	1 week
2009-06-01 09:25:32 +00:00
dougb
8ad378b6e2 Local hack to get the build going again while ISC works on a more
permanent solution for 9.6.1-release.

"My suggestion is to remove the whole attribute construct.
It only suppresses a warning when a function is unused. In this case
the function is defined as inline, so it's not causing a warning when
not used."

Submitted by:	marcel
2009-06-01 06:31:04 +00:00
dougb
5e9448f437 Update BIND to version 9.6.1rc1. This version has better performance and
lots of new features compared to 9.4.x, including:

	Full NSEC3 support
	Automatic zone re-signing
	New update-policy methods tcp-self and 6to4-self
	DHCID support.
	More detailed statistics counters including those supported in BIND 8.
	Faster ACL processing.
	Efficient LRU cache-cleaning mechanism.
	NSID support.
2009-05-31 05:44:21 +00:00
dougb
1e9abbf9ca Update BIND to version 9.6.1rc1. This version has better performance and
lots of new features compared to 9.4.x, including:

	Full NSEC3 support
	Automatic zone re-signing
	New update-policy methods tcp-self and 6to4-self
	DHCID support.
	More detailed statistics counters including those supported in BIND 8.
	Faster ACL processing.
	Efficient LRU cache-cleaning mechanism.
	NSID support.
2009-05-31 05:42:58 +00:00
stas
b6666822bf - Prevent buffer overflow in IPFilter's load_http function used to load
ipfilter tables via http by the user-level ippool utility. Previously
  the 1024-byte buffer used to store a http request coudld easily overflow
  if the length of the hostname part of the url passes exceeded 496 bytes. [1]
- Use snprintf to prevent possieble buffer overflows in future. [2]
- Do not try to close the descriptor twice on failure. [2]

Reported by:	Maksymilian Arciemowicz <cxib@securityreason.com> [1]
Obtained from:	NetBSD CVS [2]
MFC after:	2 weeks
2009-05-29 16:24:23 +00:00
delphij
a62a3b6e1f Add an EXIT STATUS section to the manual page. Currently, nc(1)
does not follow sysexits(3), and returns 1 for all error cases.

PR:		docs/126451
2009-05-29 07:18:31 +00:00
delphij
7515df23bd Update netcat to the version carried with OpenBSD 4.5. 2009-05-28 23:23:49 +00:00
marcel
10a76e38af char can be unsigned, like on ARM and PowerPC. Unbreak the
build for those by propagating the type of character from
char to int.
2009-05-28 04:25:38 +00:00
ed
6c84dada4f Update ee(1) in the base system to version 1.5.0.
This version is now licensed under a 2-clause BSD license, instead of
the Artistic license. I've reverted a lot of local modifications we made
to ee, because they have been integrated upstream as well.

Only local modifications include:

- $FreeBSD$ ID.
- Pathname to init.ee.
- catopen() call, to honor LC_MESSAGES instead of LANG.

To keep SVN happy, I'm putting an application/octet-stream mime type on
the KOI8 translations.

Reviewed by:	current@
2009-05-27 17:27:03 +00:00
ed
0eb321bfa5 Merge local changes to ee(1) into contrib space.
The source file, manual page and English translation are now directly
obtained from the contrib/ directory. This makes it a lot easier to
merge a newer version of ee(1) into the tree.

Thanks to:	des and jhb
2009-05-26 21:06:51 +00:00
ed
fbad22d013 Copy ee 1.4.2 into the contrib directory.
This allows me to merge our custom changes to ee(1) back on top of
original sources, with correct mergeinfo.
2009-05-26 20:13:17 +00:00
des
dfd6cf5c69 When man pages are formatted in UTF-8, .Fl is encoded as U+2212 "MINUS
SIGN" instead of U+002D "HYPHEN-MINUS".  This is unfortunate for two
reasons: 1) this is not the character which is actually used on the
command line, and 2) it makes it impossible to search a man page for a
specific command-line option.

This patch fixes this, but there are other unresolved issues, such as
confusion between -, \- and hy: while the latter is always (and only)
used for hyphenation, both - and \- are used for negation and
subtraction, and \- is used for command-line options and sometimes
also for parenthesis.  IMHO, the correct Unicode characters are:

 - hyphenation: either U+2010 or U+00AD, most likely the former (the
   latter is the so-called soft hyphen, used to indicate a point at
   which a text processor is allowed to hyphenate a word)

 - negation and subtraction: U+2212

 - parenthesis: in English, U+2214, with spaces suppressed before and
   after; in some others (such as Norwegian), U+2213 with spaces
   retained.

 - command-line options: U+002D, because that is what is actually used
   on the command line.

However, fixing this would require extensive modifications to (at least)
the doc and man macro sets...

MFC after:	1 week
2009-05-21 17:56:00 +00:00
delphij
94241912dc Merge vendor/file/dist@192348, bringing FILE 5.03 to 8-CURRENT.
Security:	CVE-2009-1515
2009-05-18 22:34:33 +00:00
delphij
810e5a84b4 Update to less v429. 2009-05-09 01:35:27 +00:00
delphij
d069efd47c Flatten all tags of the dist tree of less. 2009-05-08 23:34:35 +00:00
obrien
7fea4c3732 This belongs in //svn.freebsd.org/base/vendor/file/dist now. 2009-05-04 00:42:15 +00:00
obrien
a8abfd3eba Merge vendor/file/dist@191739, bringing FILE 5.00 to 8-CURRENT. 2009-05-04 00:37:44 +00:00
bz
1d1c15a5ac Remove udp and tcp includes not needed here.
Tripped over by: a compile of an upcoming change
MFC after:	1 month
2009-04-25 19:14:22 +00:00
roberto
d0b7303e63 Merge r191298 into HEAD.
Prevent a buffer overflow in ntpq.  Patch taken from the PR database
after being committed to the official ntp tree and present in 4.2.4p7-rc2.

It will be MFH to the upcoming 7.2 pending re approval.

Obtained from:  https://support.ntp.org/bugs/show_bug.cgi?id=1144
MFC after:      3 days
Security:       http://www.securityfocus.com/bid/34481
                CVE-2009-0159
2009-04-20 09:59:08 +00:00
rwatson
0776eb3d4e Merge OpenBSM 1.1 from OpenBSM vendor branch to head.
OpenBSM history for imported revision below for reference.

MFC after:      2 weeks
Sponsored by:   Apple, Inc.
Obtained from:  TrustedBSD Project

OpenBSM 1.1

- Change auditon(2) parameters and data structures to be 32/64-bit architecture
  independent.  Add more information to man page about auditon(2) parameters.
- Add wrapper functions for auditon(2) to use legacy commands when the new
  commands are not supported.
- Add default for 'expire-after' in audit_control to expire trail files when
  the audit directory is more than 10 megabytes ('10M').
- Interface to convert between local and BSM fcntl(2) command values has been
  added:  au_bsm_to_fcntl_cmd(3) and au_fcntl_cmd_to_bsm(3), along with
  definitions of constants in audit_fcntl.h.
- A bug, introduced in OpenBSM 1.1 alpha 4, in which AUT_RETURN32 tokens
  generated by audit_submit(3) were improperly encoded has been fixed.
- Fix example in audit_submit(3) man page.  Also, make it clear that we want
  the audit ID as the argument.
- A new audit event class 'aa', for post-login authentication and
  authorization events, has been added.
2009-04-19 16:17:13 +00:00
rpaulo
dc6531d9b1 Revert previous commit that commented out some bpf functions.
Unconstify arguments of bpf_image(), bpf_filter() and bpf_dump(). This
is needed because some ports rely heavely on these arguments (some of
them even roll out their own implemenentations of bpf_dump).
2009-04-11 17:36:11 +00:00
emaste
c51d7427dc - Use gdb-* glob instead of gdb-6.1.1, to simplify future imports.
- Add a few entries for additional files from later gdb releases that
  should also be ignored.
2009-04-07 20:15:51 +00:00
rpaulo
9d4d27efa9 Restore local change to include <sys/bpf.h> inside pcap.h. This fixes
remaining ports build problems.
2009-04-02 13:04:17 +00:00
rpaulo
4e28805a1b Remove a dangling extern "C" declaration that was missed during the
merge. Fixes C++ ports using libpcap (nmap, for example).

Submitted by:	Daniel Roethlisberger <daniel at roe.ch>
2009-03-31 11:04:51 +00:00
lulf
a6bcdcc2b6 - Add proper error checking and printing to the CVSMode code when reading and
writing from/to streams, as leaving them out stops csup from cleaning up on
  SIGINT and friends properly.

MFC after:      1 week
2009-03-25 20:15:48 +00:00
lulf
ad7291d1d2 - Remember to set umask before setting attributes of RCS file.
Tested by:	dougb
MFC after:	2 days
2009-03-25 07:01:45 +00:00
das
b02644481a Merge an important change that I mistakenly left out when merging C99
inline function support. This should fix instances where gcc
spuriously reports the following error:

    error: nested function 'foo' declared but never defined
2009-03-25 05:10:32 +00:00
vanhu
d645281c28 Fixed indentation for LINKTYPE_ENC
Approved by:	gnn(mentor)
2009-03-24 15:57:35 +00:00
rpaulo
989ff00905 bpf_filter() and bpf_validate() can't live here if they already live in
bpf.h
2009-03-22 00:47:41 +00:00
rpaulo
46635ef154 Remove remaining references to BIOCSETBUFMODE ifdefs. We now have
another ifdef for zerocopy bpf.
2009-03-21 23:13:48 +00:00
rpaulo
12c773480a Finish merge of zerocopy bpf. 2009-03-21 23:08:04 +00:00
dougb
4add853d06 Merge from vendor/bind9/dist as of the 9.4.3-P2 import 2009-03-21 23:00:40 +00:00
rpaulo
3f19af99ad Merge libpcap 1.0.0. 2009-03-21 22:58:08 +00:00
rpaulo
b0069d00e9 Fix WITHOUT_IPV6=yes build.
Reported by:	Andrzej Tobola ato at iem.pw.edu.pl
2009-03-21 21:56:23 +00:00
rpaulo
259f53ade9 Add Mac OS X stuff. 2009-03-21 20:39:22 +00:00
rpaulo
2a5dac1a1e Add a couple more paths. 2009-03-21 20:34:41 +00:00
rpaulo
fb140a5d54 Add exclude list for libpcap. 2009-03-21 20:16:15 +00:00
rpaulo
a7b3086920 Merge tcpdump 4.0.0 from the vendor branch. 2009-03-21 18:30:25 +00:00
rpaulo
ee5eb0283c Fix a path. 2009-03-21 16:08:40 +00:00
rpaulo
b423254b4f Exclude list for tcpdump imports. 2009-03-21 15:46:37 +00:00
rpaulo
5779dabf1b Flatten vendor/libpcap and remove keyword expansion. 2009-03-20 13:44:43 +00:00
rpaulo
04b1d6babe Flatten vendor/tcpdump and remove keyword expansion. 2009-03-20 13:27:51 +00:00
dougb
4e75ea04f5 Add some notes and clarify a few sections:
1. Add a note to double-check the man page
2. Remove windows-specific items in the ctrl_interface section
3. Add a note that ap_scan must be set to 1 for use with wlan
4. Clarify the wording for scan_ssid related to APs that hide ssid
5. Clarify the wording for the priority option
2009-03-16 23:56:28 +00:00
vanhu
8f8f965b49 Added DLT_ENC to map list, so it is now possible
to save dumps on enc0

Reviewed by:	gnn(mentor)
Obtained from:	NETASQ
MFC after:	1 week
2009-03-16 15:09:47 +00:00
sam
05a3fc25cf remove gcc-ism; tsinfo isn't used anyway 2009-03-15 01:38:37 +00:00
das
c7efb5498d Make gcc use C99 inline semantics in c99 and gnu99 mode. This was the
original intent, but the functionality wasn't implemented until after
gcc 4.2 was released. However, if you compiled a program that would
behave differently before and after this change, gcc 4.2 would have
warned you; hence, everything currently in the base system is
unaffected by this change.  This patch also adds additional warnings
about certain inline function-related bogosity, e.g., using a
static non-const local variable in an inline function.

These changes were merged from a snapshot of gcc mainline from March
2007, prior to the GPLv3 switch. I then ran the regression test suite
from a more recent gcc snapshot and fixed the important bugs it found.
I also squelched the following warning unless -pedantic is specified:

    foo is static but used in inline function bar which is not static

This is consistent with LLVM's behavior, but not consistent with gcc 4.3.

Reviewed by:	arch@
2009-03-14 19:36:13 +00:00
sam
c0eea162c5 fix portability; linux does not have sa_len/sun_len 2009-03-13 19:05:34 +00:00
rwatson
40428b7066 Merge r183430 from vendor/top/dist to head/contrib/top, although with
record-only mergeinfo because an automated merge is confused by the
flattening that took place:

  Move install to install-sh to prevent name-clashes.

MFC after:	3 days
2009-03-10 11:46:41 +00:00
lulf
ab7611c432 - Try to handle rcsfile write failures in the same way as cvsup, as they are not
necessarily fatal. If the file was incorrectly written, the checksum will
  detect it and the file will be retransferred.
2009-03-06 20:17:16 +00:00
das
01402dea5b Remove some unused vendor files. 2009-03-04 03:45:02 +00:00
rwatson
47970c8b69 Update config.h for OpenBSM 1.1 beta1.
MFC after:	1 month
2009-03-03 11:57:29 +00:00
rwatson
ee5318d543 Merge OpenBSM 1.1 beta 1 from OpenBSM vendor branch to head, both
contrib/openbsm (svn merge) and src/sys/{bsm,security/audit} (manual
merge).

OpenBSM history for imported revision below for reference.

MFC after:      1 month
Sponsored by:   Apple, Inc.
Obtained from:  TrustedBSD Project

OpenBSM 1.1 beta 1

- The filesz parameter in audit_control(5) now accepts suffixes: 'B' for
  Bytes, 'K' for Kilobytes, 'M' for Megabytes, and 'G' for Gigabytes.
  For legacy support no suffix defaults to bytes.
- Audit trail log expiration support added.  It is configured in
  audit_control(5) with the expire-after parameter.  If there is no
  expire-after parameter in audit_control(5), the default, then the audit
  trail files are not expired and removed.  See audit_control(5) for
  more information.
- Change defaults in audit_control: warn at 5% rather than 20% free for audit
  partitions, rotate automatically at 2mb, and set the default policy to
  cnt,argv rather than cnt so that execve(2) arguments are captured if
  AUE_EXECVE events are audited.  These may provide more usable defaults for
  many users.
- Use au_domain_to_bsm(3) and au_socket_type_to_bsm(3) to convert
  au_to_socket_ex(3) arguments to BSM format.
- Fix error encoding AUT_IPC_PERM tokens.
2009-03-02 13:29:18 +00:00
sam
ddc2833396 don't need these any more; we are now using a combined tree 2009-03-02 02:29:17 +00:00
sam
3cac7b891b bring in local changes for:
CONFIG_DEBUG_SYSLOG
CONFIG_TERMINATE_ONLASTIF
EAP_SERVER
2009-03-02 02:26:53 +00:00
sam
2af41b09fa connect vendor wpa area to contrib 2009-03-02 02:23:47 +00:00
das
3f9ccbd00f Make `less -R' not crash all the time. 2009-02-28 06:27:23 +00:00
ed
fa4082de19 Rename all symbols in libmp(3) to mp_*, just like Solaris.
The function pow() in libmp(3) clashes with pow(3) in libm. We could
rename this single function, but we can just take the same approach as
the Solaris folks did, which is to prefix all function names with mp_.

libmp(3) isn't really popular nowadays. I suspect not a single
application in ports depends on it. There's still a chance, so I've
increased the SHLIB_MAJOR and __FreeBSD_version.

Reviewed by:	deischen, rdivacky
2009-02-26 21:43:15 +00:00
imp
ad4207874a Add an extra (void *) cast. The struct if_msghdr has an 8 byte
alignment requirement, while rt_msghdr has a 4 byte alignment
requirement.  The root cause is that if_msghdr has an struct if_data
which has an 8-byte alignment requirement due to a time_t that's
embedded in it.  On MIPS, time_t is a 64-bit number, so must be 64-bit
aligned.

Since we don't access ifm_data.ifi_epoch, a simple cast is all that's
necessary here.  It is likely the case that ifi_epoch should *NOT* be
a time_t because it is an uptime (time delta) an not an absolute time
since 1970.  u_long is likely sufficient there since that gives an
uptime of 136 years will suffice for the foreseeable future.
2009-02-18 19:59:27 +00:00
des
123e930ac3 Don't try to auto-detect dynamic linking; it fails on mips. The Makefile
part of the patch is an ugly (and hopefully temporary) hack.

Discussed with:	imp@
2009-02-17 16:35:19 +00:00
cperciva
84a38d3949 Correctly scrub telnetd's environment.
Approved by:	so (cperciva)
Security:	FreeBSD-SA-09:05.telnetd
2009-02-16 21:56:17 +00:00
lulf
9af3f80126 - Do not free the pattern lists immediately after use, as they might be needed
again in case the connection is interrupted and csup have to reconnect. The
  lists will be freed after the collection has been completely processed.

PR:		bin/131477
Tested by:	dchagin
2009-02-15 13:22:21 +00:00
lulf
7174fcbb48 - Fix an issue where file attributes were not installed correctly during a Touch
and SetAttrs operation.
- SetAttrs and Touch were incorrectly switched.
2009-02-09 20:13:55 +00:00
gabor
8e86e76809 - Remove non-existing reference
- Fix trailing comma

PR:             docs/85118
Submitted by:   vs
MFC after:      3 days
2009-01-30 15:43:55 +00:00
das
1dd1bae7b6 Vendor import of gdtoa 20081205. 2009-01-28 04:36:34 +00:00
sam
80318a9979 update to 0.5.11: some useful bug fixes (check ChangeLog)
Submitted by:	scf
MFC after:	3 weeks
2009-01-27 22:18:04 +00:00
trhodes
a1622264a5 Document the "-U" option. While it is not part of the
getopt(), it is accepted through smb_ctx_init() in
lib/smb/ctx.c.

PR:		117013
Submitted by:	Tom Evans <tevans.uk@googlemail.com> (original version)
2009-01-22 08:29:39 +00:00
rwatson
decd722669 Merge OpenBSM alpha 5 from OpenBSM vendor branch to head, both
contrib/openbsm (svn merge) and src/sys/{bsm,security/audit} (manual
merge).  Hook up bsm_domain.c and bsm_socket_type.c to the libbsm
build along with man pages, add audit_bsm_domain.c and
audit_bsm_socket_type.c to the kernel environment.

OpenBSM history for imported revisions below for reference.

MFC after:      1 month
Sponsored by:   Apple Inc.
Obtained from:  TrustedBSD Project

OpenBSM 1.1 alpha 5

- Stub libauditd(3) man page added.
- All BSM error number constants with BSM_ERRNO_.
- Interfaces to convert between local and BSM socket types and protocol
  families have been added: au_bsm_to_domain(3), au_bsm_to_socket_type(3),
  au_domain_to_bsm(3), and au_socket_type_to_bsm(3), along with definitions
  of constants in audit_domain.h and audit_socket_type.h.  This improves
  interoperability by converting local constant spaces, which vary by OS, to
  and from Solaris constants (where available) or OpenBSM constants for
  protocol domains not present in Solaris (a fair number).  These routines
  should be used when generating and interpreting extended socket tokens.
- Fix build warnings with full gcc warnings enabled on most supported
  platforms.
- Don't compile error strings into bsm_errno.c when building it in the kernel
  environment.
- When started by launchd, use the label com.apple.auditd rather than
  org.trustedbsd.auditd.
2009-01-14 10:44:16 +00:00
simon
49eb227b50 Correct ntpd(8) cryptographic signature bypass [SA-09:04].
Correct BIND DNSSEC incorrect checks for malformed signatures
[SA-09:04].

Security:	FreeBSD-SA-09:03.ntpd
Security:	FreeBSD-SA-09:04.bind
Obtained from:	ISC [SA-09:04]
Approved by:	so (simon)
2009-01-13 21:19:27 +00:00
dougb
b57ad9857e Merge from vendor/bind9/dist as of the 9.4.3-P1 import 2009-01-09 11:45:45 +00:00
simon
abe6016909 Prevent cross-site forgery attacks on lukemftpd(8) due to splitting
long commands into multiple requests. [09:01]

Fix incorrect OpenSSL checks for malformed signatures due to invalid
check of return value from EVP_VerifyFinal(), DSA_verify, and
DSA_do_verify. [09:02]

Security:	FreeBSD-SA-09:01.lukemftpd
Security:	FreeBSD-SA-09:02.openssl
Obtained from:	NetBSD [SA-09:01]
Obtained from:	OpenSSL Project [SA-09:02]
Approved by:	so (simon)
2009-01-07 20:17:55 +00:00
lulf
ef24bb1a20 - Update manpage now that cvs mode is supported. 2009-01-07 18:37:07 +00:00
lulf
62eb8b9f1f Merge support for CVSMode (aka. mirror mode) into csup. This means csup can now
fetch a complete CVS repository. Support for rsync update of regular files are
also included, but are not yet enabled. The change should not have an impact on
existing csup usage, as little of the existing code has changed.
2009-01-05 15:18:16 +00:00
lulf
760895aea1 - Sort children branches by revision number rather than by date since a few RCS
files have the wrong date.
2009-01-04 18:18:59 +00:00
lulf
dc75d3e533 - Update copyright. 2009-01-04 17:31:01 +00:00
lulf
a15ea1e8c6 - Try to match style(9).
- Remove old comments.
2009-01-04 17:26:59 +00:00
lulf
60951a07c9 - Use a LIST to hold branches instead of a STAILQ.
- Sort branches when inserting them.
2009-01-03 18:51:49 +00:00
lulf
6bc677840c - Write out branches with the highest revision number first if they have the
same date.
2009-01-03 15:17:20 +00:00
lulf
94a4b6019d - A bit missing from the previous commit. The '@'s from the string token must be
stripped before encoding the expansion mode.
2009-01-03 12:09:18 +00:00
lulf
f67ab72faf - Add an optimization when parsing rcsfiles when the intention is to only send
details to the cvsup server. The deltatext does not need parsing, and some
  parts of the rcsfile data structure doesn't need to be set up.
- Fix a bug where the RCS expansion mode is not written out.
2009-01-02 12:40:58 +00:00
lulf
fd8c0b9c3a - Disable rsync support for now, as it is not fully working. 2009-01-02 12:37:31 +00:00
lulf
9b87fcddf8 - Fattrs are not used for rsync, so remove unused code. 2009-01-02 12:36:59 +00:00
lulf
f4ac6e7305 - Check for NULL in case fattr_frompath fails. 2009-01-02 12:35:01 +00:00
obrien
69f0422a25 Add an additional COMPILE_ONLY check. 2009-01-02 03:31:45 +00:00
obrien
729acffa05 Record that base/vendor/file/dist@186675 was merged.
Merge base/vendor/file/dist@186675@186690, bringing FILE 4.26 to 8-CURRENT.
2009-01-02 03:10:55 +00:00
obrien
87d6fde760 Flatten the file vendor area.
Remove the svn:keywords property from the vendor files.
2009-01-01 05:39:43 +00:00
rwatson
ccd2e131fb Update config.h for OpenBSM 1.1 alpha 4. 2008-12-31 11:19:46 +00:00
rwatson
e52e71cb6e Merge OpenBSM alpha 4 from OpenBSM vendor branch to head, both
contrib/openbsm (svn merge) and src/sys/{bsm,security/audit} (manual
merge).  Add libauditd build parts and add to auditd's linkage;
force libbsm to build before libauditd.

OpenBSM history for imported revisions below for reference.

MFC after:      1 month
Sponsored by:   Apple Inc.
Obtained from:  TrustedBSD Project

OpenBSM 1.1 alpha 4

- With the addition of BSM error number mapping, we also need to map the
  local error number passed to audit_submit(3) to a BSM error number,
  rather than have the caller perform that conversion.
- Reallocate user audit events to avoid collisions with Solaris; adopt a
  more formal allocation scheme, and add some events allocated in Solaris
  that will be of immediate use on other platforms.
- Add an event for Calife.
- Add au_strerror(3), which allows generating strings for BSM errors
  directly, rather than requiring applications to map to the local error
  space, which might not be able to entirely represent the BSM error
  number space.
- Major auditd rewrite for launchd(8) support.  Add libauditd library
  that is shared between launchd and auditd.
- Add AUDIT_TRIGGER_INITIALIZE trigger (sent via 'audit -i') for
  (re)starting auditing under launchd(8) on Mac OS X.
- Add 'current' symlink to active audit trail.
- Add crash recovery of previous audit trail file when detected on audit
  startup that it has not been properly terminated.
- Add the event AUE_audit_recovery to indicated when an audit trail file
  has been recovered from not being properly terminated.  This event is
  stored in the new audit trail file and includes the path of recovered
  audit trail file.
- Mac OS X and FreeBSD dependent code in auditd.c is separated into
  auditd_darwin.c and auditd_fbsd.c files.
- Add an event for the posix_spawn(2) and fsgetpath(2) Mac OS X system
  calls.
- For Mac OS X, we use ASL(3) instead of syslog(3) for logging.
- Add support for NOTICE level logging.

OpenBSM 1.1 alpha 3

- Add two new functions, au_bsm_to_errno() and au_errno_to_bsm(), to map
  between BSM error numbers (largely the Solaris definitions) and local
  errno(2) values for 32-bit and 64-bit return tokens.  This is required
  as operating systems don't agree on some of the values of more recent
  error numbers.
- Fix a bug how au_to_exec_args(3) and au_to_exec_env(3) calculates the
  total size for the token.  This buge.
- Deprecated Darwin constants, such as TRAILER_PAD_MAGIC, removed.
2008-12-31 11:12:24 +00:00
dougb
c673a416c3 Merge from vendor/bind9/dist as of the 9.4.3 import 2008-12-23 22:47:56 +00:00
lulf
306c871b2f - Fix a wrong flag check. 2008-12-21 14:04:10 +00:00
delphij
2d9e1680b9 Merge nc(1) from OpenBSD 4.4. While there, rename our '-O' (no
tcp options) to '--no-tcpopt' in order to resolve a comflicit
with OpenBSD's -O semantics.
2008-12-19 23:00:23 +00:00
qingli
ec826ad5c7 This main goals of this project are:
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
   possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,

The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.

Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:

- Kip Macy revised the locking code completely, thus completing
  the last piece of the puzzle, Kip has also been conducting
  active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
  provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
  me maintaining that branch before the svn conversion
2008-12-15 06:10:57 +00:00
imp
806f871aea Push mips support into the tree. 2008-12-11 08:22:20 +00:00
lulf
59150ced5d - Add missing printout information when appending file.
Submitted by:	naddy
2008-12-10 18:13:30 +00:00
lulf
7cbf8f4f95 - Check return value of the encoded keyword before using it.
Pointed out by:	Christian Weisgerber <naddy -at- mips.inka.de>
2008-12-09 21:10:09 +00:00
lulf
338234a6b0 A few bugfixes:
- Instead of including protocol info in diffs, strip them before adding
  deltatext and take this into account when applying the diff later.
- Don't use strlen when the string in the RCS file may contain garbage. This got
  caught in the checksumming before, but was not fixed until now. Instead of
  using strlen, pass the token length when adding log and text entries to a
  delta. Add an extra length parameter to duptext() to record the token length.
- When adding new branches to a file, add them in at the tail instead of the
  head of the list to get correct ordering when writing out.
- Input stream when diffing was opened twice.
- Don't expand keywords in diffs between deltas.
2008-12-03 22:47:33 +00:00
rwatson
0ac6f8ebdf Merge OpenBSM 1.1 alpha 2 from the OpenBSM vendor branch to head, both
contrib/openbsm (svn merge) and sys/{bsm,security/audit} (manual merge).

- Add OpenBSM contrib tree to include paths for audit(8) and auditd(8).
- Merge support for new tokens, fixes to existing token generation to
  audit_bsm_token.c.
- Synchronize bsm includes and definitions.

OpenBSM history for imported revisions below for reference.

MFC after:      1 month
Sponsored by:   Apple Inc.
Obtained from:  TrustedBSD Project

--

OpenBSM 1.1 alpha 2

- Include files in OpenBSM are now broken out into two parts: library builds
  required solely for user space, and system includes, which may also be
  required for use in the kernels of systems integrating OpenBSM.  Submitted
  by Stacey Son.
- Configure option --with-native-includes allows forcing the use of native
  include for system includes, rather than the versions bundled with OpenBSM.
  This is intended specifically for platforms that ship OpenBSM, have adapted
  versions of the system includes in a kernel source tree, and will use the
  OpenBSM build infrastructure with an unmodified OpenBSM distribution,
  allowing the customized system includes to be used with the OpenBSM build.
  Submitted by Stacey Son.
- Various strcpy()'s/strcat()'s have been changed to strlcpy()'s/strlcat()'s
  or asprintf().  Added compat/strlcpy.h for Linux.
- Remove compatibility defines for old Darwin token constant names; now only
  BSM token names are provided and used.
- Add support for extended header tokens, which contain space for information
  on the host generating the record.
- Add support for setting extended host information in the kernel, which is
  used for setting host information in extended header tokens.  The
  audit_control file now supports a "host" parameter which can be used by
  auditd to set the information; if not present, the kernel parameters won't
  be set and auditd uses unextended headers for records that it generates.

OpenBSM 1.1 alpha 1

- Add option to auditreduce(1) which allows users to invert sense of
  matching, such that BSM records that do not match, are selected.
- Fix bug in audit_write() where we commit an incomplete record in the
  event there is an error writing the subject token.  This was submitted
  by Diego Giagio.
- Build support for Mac OS X 10.5.1 submitted by Eric Hall.
- Fix a bug which resulted in host XML attributes not being arguments so
  that const strings can be passed as arguments to tokens.  This patch was
  submitted by Xin LI.
- Modify the -m option so users can select more then one audit event.
- For Mac OS X, added Mach IPC support for audit trigger messages.
- Fixed a bug in getacna() which resulted in a locking problem on Mac OS X.
- Added LOG_PERROR flag to openlog when -d option is used with auditd.
- AUE events added for Mac OS X Leopard system calls.
2008-12-02 23:26:43 +00:00
lulf
e7eb22f786 - Print out information about what file that is edited before it is edited
instead of after.
2008-12-02 20:50:37 +00:00
lulf
93999cbca6 - Fix a bug where deltas was not sorted on RCS dates _and_ revision number. 2008-12-02 20:48:45 +00:00
lulf
7f6c5eb21e - Fix a bug in csup where SKIP is not obeyed when sending collection
information.
2008-11-26 19:27:51 +00:00
lulf
129cc6ad3e - Make sure comparisons are done on file types as well.
- Handle the case where a repository may have been copied, and the symlinks have
  not been preserved. CVSup removes the files and creates the symlinks, so
  enable this behaviour in csup as well.
- While there, fix comments and style issues.
2008-11-23 16:44:49 +00:00
lulf
01924560e7 - Add support for reading RCS info from status file to avoid having to detail a
file if it is up to date.
2008-11-23 14:53:21 +00:00
lulf
e73e056aab - Refactor some parts of the code and increase code reuse.
- Fix a lot of style issues remaining and old debugging output.
- Update comments where needed.
2008-11-20 19:51:06 +00:00
lulf
afd3a2cc89 - Add support for 'X' and 'x' commands in CVSup protocol. These commands are not
often used, but were quite simple to implement anyway.
2008-11-20 13:39:14 +00:00
lulf
a2a32c1acd - Fix build with GNU make.
- Fix compiler warnings and symbol overlaps.
- Don't build code that is not used yet.
- Fix types and format strings.
2008-11-20 12:52:07 +00:00
lulf
fb66787b9a - Fix issues that prevented rsync support from working. 2008-11-20 12:23:44 +00:00
lulf
b389e1bc70 A few general bugfixes:
- Use internal xmalloc instead of malloc.
- Include missing header after warnings.
- Fix unneeded printouts.
- Fix a bug when checking the CO_NORSYNC flag.
2008-11-19 14:57:00 +00:00
lulf
49d71b6584 - Fixup the rcs revision comparing to be correct this time. 2008-11-19 14:53:20 +00:00
raj
ee3d6ade2e gdb: Remove arm_pc_is_thumb_dummy() and related code.
This is basically an import of the following gdb change:
http://sourceware.org/ml/gdb-cvs/2005-03/msg00143.html (which in effect fixes
problems with gracefully closing down the non-Thumb program being debugged).
2008-11-17 16:37:04 +00:00
rafan
531323da7e - Update instructions for Subversion import
- Remove FREEBSD-vendor as edwin@ is working on a automatically contrib
  software status page generation
2008-11-15 09:30:09 +00:00
rafan
f5d8332252 - Update ncurses to 5.7-20081102 (5.7 release) and build glue
- This also removes $FreeBSD$ from two now unmodifed source files
  ncurses/tinfo/lib_raw.c and ncurses/tinfo/lib_baudrate.c

MFC after:	2 months (after 7.1 and 6.4 are released)
2008-11-15 09:23:48 +00:00
gshapiro
9ceaef29da Merge from vendor dist: Bring in a change already in the sendmail
repository that will allow sendmail to be built with the c99 compiler.

Submitted by: rdivacky
2008-11-15 04:43:54 +00:00
ed
1c998c296e Use strlcpy() instead of strcpy().
Requested by:	mlaier
2008-11-13 20:40:38 +00:00
ed
c737fde5da Convert telnetd(8) to use posix_openpt(2).
Some time ago I got some reports MPSAFE TTY broke telnetd(8). Even
though it turned out to be a different problem within the TTY code, I
spotted a small issue with telnetd(8). Instead of allocating PTY's using
openpty(3) or posix_openpt(2), it used its own PTY allocation routine.
This means that telnetd(8) still uses /dev/ptyXX-style devices.

I've also increased the size of line[]. Even though 16 should be enough,
we already use 13 bytes ("/dev/pts/999", including '\0'). 32 bytes gives
us a little more freedom.

Also enable -DSTREAMSPTY. Otherwise telnetd(8) strips the PTY's pathname
to the latest slash instead of just removing "/dev/" (e.g. /dev/pts/0 ->
0, instead of pts/0).

Reviewed by:	rink
2008-11-13 19:05:27 +00:00
rwatson
2bd138f9ed Flatten OpenBSM vendor tree in preparation for new OpenBSM vendor
import.
2008-11-12 23:48:20 +00:00
lulf
5de5584baa - Fix idiotic rcsnum_cmp and compare the revision numbers without allocating any
memory.
2008-11-12 14:29:24 +00:00
rafan
7977961487 - Flatten the vendor area 2008-11-09 09:06:04 +00:00
rwatson
b563afb164 When encoding an smb name, truncate one byte earlier in order than we did
previously in order to ensure it fit properly in the bufer when encoded.
This prevents a debugging printf from firing if a source or destination
host name for an smb mount exceeds 15 characters.

MFC after:	3 days
Obtained from:	Apple, Inc.
2008-11-02 19:48:15 +00:00
lulf
6ce0f78fdf - Implement rsync support in csup, which is chosen as a protocol for regular
files if the client supports it. The support is implemented with an API to
  operate on files, calculating the rolling checksum and md5 checksum for the
  blocks etc.
- Remove unneeded stream_filter_stop and stream_flush before stream_close.
2008-10-25 10:54:28 +00:00
lulf
819cd9f881 - Implement support for retrieving a size_t type from the protocol stream. 2008-10-25 10:52:22 +00:00
lulf
0f6475d2a0 - Add size_t format specifier to proto_printf. 2008-10-25 10:23:24 +00:00
ru
604182d32e Actually fix pty detection for autologout setting.
(The fix has been submitted upstream.)
2008-10-20 08:44:14 +00:00
lulf
811088f018 - Import csup work from p4. 2008-10-19 09:08:59 +00:00
lulf
cf5320822f - Import the HEAD csup code which is the basis for the cvsmode work. 2008-10-19 08:41:10 +00:00
csjp
2f23d207d3 Implement zero-copy bpf(4) buffer or "zbuf" support for libpcap. A slightly
different version has been committed upstream in the libpcap vendor branch.
This will allow people to experiment with zero-copy bpf(4) without requiring
external patches.

Note to enable this functionality:

    sysctl net.bpf.zerocopy_enable=1

By default, libpcap will use the legacy buffering method unless this sysctl
variable is set to 1.

For the details about zero-copy bpf(4) implementation see svn change r177548.

Requested by:		many
Discussed with:		sam
In collaboration with:	rwatson
2008-09-16 20:32:29 +00:00
antoine
5843973f4a Fix TELOPT(opt) when opt > TELOPT_TN3270E.
PR:		127194
Submitted by:	Joost Bekkers
MFC after:	1 month
2008-09-13 17:46:50 +00:00
obrien
5bde7108b7 If arm.h is going to define WCHAR_TYPE, don't assume WCHAR_TYPE_SIZE
doesn't already have a definition.

Reported by:	imp
2008-09-10 15:47:31 +00:00
roberto
acc06a9e28 Merge from vendor/ntp/dist: r182856:
Apply updated patch from bin/92839 to avoid two possible buffer overflows.

PR:		bin/92839
Submitted by:	Helge Oldach <freebsdntpd@oldach.net>
2008-09-07 22:15:41 +00:00
das
65b5df780e Make strtof() respect the current rounding mode. 2008-09-03 07:32:06 +00:00
das
2732388653 Merge gdtoa 20080831. This fixes several bugs, including an infinite
loop pointed out by cognet@ that occurs when calling strtod() with a
string representing a number between DBL_MAX and 2*DBL_MAX, when the
rounding mode is anything other than the default.
2008-09-03 07:23:57 +00:00
das
785a4b4a47 Flatten vendor/gdtoa/*. 2008-09-03 05:17:02 +00:00
gshapiro
b9e5455674 Fix an ABI breakage found after the import that will be part of the
next version of sendmail.  Putting it in now for the upcoming 7-BETA
and 6-BETA test releases.

Submitted by:	Mike Tancsa
2008-09-02 04:53:24 +00:00
obrien
34e07c5340 We're not quite ready for the full %(endian_spec). 2008-09-01 23:09:45 +00:00
dougb
1f3acabb18 Merge from vendor/bind9/dist as of the 9.4.2-P2 import 2008-09-01 22:54:49 +00:00
obrien
188674d6ca Add __unix__. Tweak __KPRINTF_ATTRIBUTE__ while I'm here. 2008-09-01 22:22:44 +00:00
obrien
f18a1ee8d4 Add FreeBSD/MIPS support to GCC. 2008-09-01 18:46:03 +00:00
obrien
1da46bec02 Turn cc_tools/Makefile and Makefile.tgt into a "linear" read. Shared
parts of the configuration aren't duplicated, and arch-specific exceptions
are made "in-place".  Also clean up the FreeBSD/amd64 config a little.
2008-08-31 23:38:28 +00:00
trhodes
505d893184 List authentication types supported with "-X" taken from the libtelnet
code.

PR:		121721
2008-08-29 00:04:37 +00:00