- Update install notes to indicate /etc files are to be installed manually.
- On systems without LOG_SECURITY, use LOG_AUTH.
- Convert to autoconf/automake in order to move to a more portable (not
BSD-specific) build infrastructure, and more easy conditional building of
components. Currently, the primary feature loss is that automake does
not have native support for manual symlinks. This will be addressed in a
future OpenBSM release.
- Add compat/queue.h, to be used on systems dated BSD queue macro libraries
(as found on Linux).
- Rename CHANGELOG to HISTORY, as our change log doesn't follow some of the
existing conventions for a CHANGELOG.
- Some private data structures moved from audit.h to audit_internal.h to
prevent inappropriate use by applications and name space pollution.
- Improved detection and use of endian macros using autoconf.
- Avoid non-portable use of struct in6_addr, which is largely opaque.
- Avoid leaking BSD kernel socket related token code to user space in
bsm_token.c.
- Teach System V IPC calls to look for Linux naming variations for certain
struct ipc_perm fields.
- Test for audit system calls, and if not present, don't build
bsm_wrappers.c, bsm_notify.c, audit(8), and auditd(8), which rely on
those system calls.
- au_close() is not implemented on systems that don't have audit system
calls, but au_close_buffer() is.
- Work around missing BSDisms in bsm_wrapper.c.
- Fix nested includes so including libbsm.h in an application on Linux
picks up the necessary definitions.
Obtained from: TrustedBSD Project
- Remove "audit" user example from audit_user, as it's not present on most
systems.
- Add cannot_audit() function non-Darwin systems that wraps auditon();
required by OpenSSH BSM support. Convert Darwin cannot_audit() into a
function rather than a macro.
- Library build fixed on Darwin following include file tweaks. The native
Darwin sys/audit.h conflicts with bsm/audit.h due to duplicate types, so
for now we force bsm_wrappers.c to not perform a nested include of
sys/audit.h.
Obtained from: TrustedBSD Project
- Man page formatting, cross reference, mlinks, and accuracy improvements.
- auditd and tools now compile and run on FreeBSD/arm.
- auditd will now fchown() the trail file to the audit review group, if
defined at compile-time.
- Added AUE_SYSARCH for FreeBSD.
- Definition of AUE_SETFSGID fixed for Linux.
Many thanks to: brueffer, cognet
Obtained from: TrustedBSD Project
- Man page formatting improvements.
- A number of new audit event identifiers for FreeBSD, Linux, and POSIX.1b
events.
- Remove 'tfm' class, unused in OpenBSM.
Obtained from: TrustedBSD Project
1.0 alpha 1, an implementation of the documented Sun Basic Security
Module (BSM) Audit API and file format, as well as local extensions to
support the Mac OS X and FreeBSD operating systems. Also included are
command line tools for audit trail reduction and conversion to text,
as well as documentation of the commands, file format, and APIs. This
distribution is the foundation for the TrustedBSD Audit implementation,
and is a pre-release.
This is the first in a series of commits to introduce support for
Common Criteria CAPP security event audit support.
This software has been made possible through the generous
contributions of Apple Computer, Inc., SPARTA, Inc., as well as
members of the TrustedBSD Project, including Wayne Salamon <wsalamon>
and Tom Rhodes <trhodes>. The original OpenBSM implementation was
created by McAfee Research under contract to Apple Computer, Inc., as
part of their CC CAPP security evaluation.
Many thanks to: wsalamon, trhodes
Obtained from: TrustedBSD Project
Correct insecure temporary file usage in ee. [06:02]
Correct a race condition when setting file permissions, sanitize file
names by default, and fix a buffer overflow when handling files
larger than 4GB in cpio. [06:03]
Fix an error in the handling of IP fragments in ipfw which can cause
a kernel panic. [06:04]
Security: FreeBSD-SA-06:01.texindex
Security: FreeBSD-SA-06:02.ee
Security: FreeBSD-SA-06:03.cpio
Security: FreeBSD-SA-06:04.ipfw
probe
Before:
5 *
freebsd (195.250.137.134) 19.086 ms 24.694 ms
After:
5 * freebsd (195.250.137.134) 19.086 ms 24.694 ms
Fixes: bin/90098
Reported by: Jeremy Chadwick <freebsd@jdc.parodius.com>
Approved by: andre
MFC after: 1 day
basically disables any access unless other strings are set in the config
file. Note, that there is no way to set the communities back to NULL once
they're set to something not NULL.
part of the structure was a hack to maintain binary compatibility with
Sun binaries, and my understanding is that it's not needed generally
on sparc systems running other operating systems. Therefore, hide this
code behind the same set of tests as in lib/bind/include/netdb.h.
This file is being imported on the vendor branch because a similar change
(or change with similar effect) will be in the next version of BIND 9.
This change will not affect other platforms in any way.
interface up when it is running AND the link is not down (that is, it is
up or unknown). If the interface is running but the link is down, we return
state 'dormant', because we're waiting for an external event. Otherwise
the interface is 'down'.
Submitted by: csjp
Reviewed by: glebius
* freebsd-spec.h (FBSD_TARGET_OS_CPP_BUILTINS):
Use builtin_define_with_int_value() instead of
adding a new check for every new major FreeBSD version.
Motivated by: simon
Discussed with: obrien, kan
version has a bug where it fails to properly cancel the polling loop
that periodically queries the BSSID (this is done to detect the
association/disassociation state). The timeout is supposed to fire
once a second, but the eloop_cancel_timeout() call uses a different
'user data' value than what was passed to eloop_register_timeout(),
so cancelling the timeouts fails. This results in an additional timeout
being created each time an EAPOL packet is received, which can lead
to dozens of unwanted timeouts firing every second instead of just one.
the range allowed by that function, resulting in undefined behaviour.
Our undefined behaviour in multibyte locales happened to differ from
glibc's, resulting in errors parsing option strings.
Obtained from: Corinna Vinschen (Red Hat)
system boot, and hook it up in the system.
The separate script is needed because in the presence of various
interface lists in rc.conf ($network_interfaces, $cloned_interfaces,
$sppp_interfaces, $gif_interfaces, more to come) it is hard to start
them orderly, so that pfsync is brought up after its syncdev, which
is required for the proper startup of pfsync.
Discussed with: mlaier on -pf
MFC after: 5 days
file cannot be linked into place when requested (not required) to do it,
reassure them that cpio is still intelligent enough that it will perform
a full copy instead.
This file is already off the vendor branch and there hasn't been a bc
release in more than 4 years so I can't see any harm in fixing this.
Submitted by: Arne Woerner <arne_woerner at yahoo dot com>
PR: gnu/86627
Before (backslash in c syntax meaning):
6 p16-2-0-0.r21.sttlwa01.us.bb.verio.net (129.250.2.180) 71.027 ms \
p16-1-1-3.r20.sttlwa01.us.bb.verio.net (129.250.2.6) 66.730 ms 66.535 ms
7 xe-0-2-0.r20.sttlwa01.us.bb.verio.net (129.250.4.16) 71.092 ms \
xe-3-1.r00.sttlwa01.us.bb.verio.net (129.250.2.205) 66.598 ms \
xe-0-2-0.r20.sttlwa01.us.bb.verio.net (129.250.4.16) 71.024 ms
After:
6 p16-2-0-0.r21.sttlwa01.us.bb.verio.net (129.250.2.180) 71.027 ms
p16-1-1-3.r20.sttlwa01.us.bb.verio.net (129.250.2.6) 66.730 ms 66.535 ms
7 xe-0-2-0.r20.sttlwa01.us.bb.verio.net (129.250.4.16) 71.092 ms
xe-3-1.r00.sttlwa01.us.bb.verio.net (129.250.2.205) 66.598 ms
xe-0-2-0.r20.sttlwa01.us.bb.verio.net (129.250.4.16) 71.024 ms
Submitted by: Richard A Steenbergen <ras at e-gerbil.net>
MFC after: 3 days
researched by glebius, and incorporated by ISC into the next
version of BIND. Unfortunately, it looks like their release
will come after the release of FreeBSD 6, so we will bring
this in now.
The patch addresses a problem with high-load resolvers which
hit memory barriers. Without this patch, running the resolving
name server out of memory would lead to "unpredictable results."
Of course, the canonical answer to this problem is to put more
memory into the system, however that is not always possible, and
the code should be able to handle this situation gracefully in
any case.
(Note this makes the vendor branch not represent Binutils in the vendor's
CVS repository at any point in time. Portmgr did not like the state of
Binutils on Sparc that represented the point in time the vendor fixed this
issue. I'd rather have fixed this on RELENG_6.)
Approved by: re
This allows FreeBSD/PPC to build and run out of stock CVS sources. This
also takes the file off of the vendor branch.
Submitted by: kan, grehan
Approved by: re, kan
The ipfw tables lookup code caches the result of the last query. The
kernel may process multiple packets concurrently, performing several
concurrent table lookups. Due to an insufficient locking, a cached
result can become corrupted that could cause some addresses to be
incorrectly matched against a lookup table.
Submitted by: ru
Reviewed by: csjp, mlaier
Security: CAN-2005-2019
Security: FreeBSD-SA-05:13.ipfw
Correct bzip2 permission race condition vulnerability.
Obtained from: Steve Grubb via RedHat
Security: CAN-2005-0953
Security: FreeBSD-SA-05:14.bzip2
Approved by: obrien
Correct TCP connection stall denial of service vulnerability.
A TCP packets with the SYN flag set is accepted for established
connections, allowing an attacker to overwrite certain TCP options.
Submitted by: Noritoshi Demizu
Reviewed by: andre, Mohan Srinivasan
Security: CAN-2005-2068
Security: FreeBSD-SA-05:15.tcp
Approved by: re (security blanket), cperciva
(1) "ipf -T" is broken for fetching single entries and
(2) loading rules with numbered collections does not order insertion right.
(3) stats aren't accumulated for hash table memory failures
Approved by: re (dwhite)
