Commit Graph

4636 Commits

Author SHA1 Message Date
Xin LI
2d5ea05a45 Update to 4.6.
Note: the -V option from OpenBSD is implemented using setfib(2) on FreeBSD.

MFC after:	2 weeks
2010-01-19 18:45:29 +00:00
Ruslan Ermilov
18adde964d Pull up vendor changes. 2010-01-15 15:10:29 +00:00
Ruslan Ermilov
1b2ef7353d Moved the doc-str-Lb-libulog string definition to where it belongs. 2010-01-15 14:05:06 +00:00
Ruslan Ermilov
4d433b8ccd Pull up vendor changes. The following local changes made obsolete:
- Addition of several FreeBSD versions.
- r192561 that attempted to fix UTF-8 issues.
2010-01-15 13:59:50 +00:00
Ruslan Ermilov
0e96a56a89 Flatten out vendor tree. 2010-01-15 12:01:25 +00:00
Ed Schouten
c36be85f01 Forgot a part that was missing in the previous commit.
There is no need to call trimdomain() anymore now that ut_host is big
enough to fit decent hostnames.
2010-01-13 18:46:50 +00:00
Ed Schouten
c2fd39cb4d Let telnetd build without utmp and logwtmp(3).
Just like rlogind, there is no need to change the ownership of the
terminal during shutdown anymore. Also don't call logwtmp, because the
login(1)/PAM is responsible for doing this. Also use SHUT_RDWR instead
of 2.
2010-01-13 18:37:42 +00:00
Ed Schouten
7845988449 Don't include <utmp.h> when using <utmpx.h>.
libopie includes both <utmp.h> and <utmpx.h> in this case and uses some
#defines to let the code use struct utmpx and its utility functions.
We'd better not include <utmp.h> here, because maybe it will not be
present in the future.
2010-01-11 16:27:56 +00:00
Ruslan Ermilov
d98dd8e5f9 Apply patches directly to sources. Their effect is as follows:
- Make one-true-awk respect locale's collating order in [a-z]
  bracket expressions, until a more complete fix (like handing
  BREs) is ready.

- Don't require a space between -[fv] and its argument.
2010-01-10 08:02:07 +00:00
Ruslan Ermilov
91217c1c70 Update to a 26-Nov-2009 release. 2010-01-09 23:19:01 +00:00
Ruslan Ermilov
829089cc6f Clean up import. 2010-01-09 22:47:40 +00:00
Ruslan Ermilov
6023075d0d Flatten out vendor tree. 2010-01-09 22:31:11 +00:00
Warner Losh
168194c97f Merge r194519 from projects/mips to head by hand:
r194519 | gonzo | 2009-06-19 17:28:26 -0600 (Fri, 19 Jun 2009) | 3 lines
- set -mabicalls and -msoft-float as a default in order to
    simplify building ports
2010-01-08 23:37:30 +00:00
Maxim Sobolev
d594463f1b Allow comment (#) to be placed anywhere in the line, not only at the
beginning, so it's consistent with other configuration files.

MFC after:	3 weeks
2010-01-08 10:54:15 +00:00
Ed Schouten
cea2194d9c Remove unneeded inclusion of <utmp.h> and dead variables. 2009-12-27 11:56:32 +00:00
Ed Schouten
2d86428bba Let top(1) use MAXLOGNAME instead of UT_NAMESIZE.
The maximum user login length should have nothing to do with <utmp.h>.
2009-12-25 09:02:41 +00:00
Xin LI
dcc2b1ff46 Adapt OpenBSD pf's "sloopy" TCP state machine which is useful for Direct
Server Return mode, where not all packets would be visible to the load
balancer or gateway.

This commit should be reverted when we merge future pf versions.  The
benefit it would provide is that this version does not break any existing
public interface and thus won't be a problem if we want to MFC it to
earlier FreeBSD releases.

Discussed with:	mlaier
Obtained from:	OpenBSD
Sponsored by:	iXsystems, Inc.
MFC after:	1 month
2009-12-24 00:43:44 +00:00
Ollivier Robert
eb6d21b4ca Merge 4.2.4p8 into contrib (r200452 & r200454).
Subversion is being difficult here so take a hammer and get it in.

MFC after:		2 weeks
Security:		CVE-2009-3563
2009-12-15 14:58:10 +00:00
Xin LI
566a751354 Apply two vendor fixes for CVE-2009-3720.
Security:	CVE-2009-3720
MFC after:	3 days
2009-12-11 02:09:46 +00:00
Xin LI
8057c390ca Flattern all tags and dist tree for expat. 2009-12-10 21:15:25 +00:00
Xin LI
933ef0ba72 What we have in base system is actually OpenBSD 4.5's netcat,
update this file to reflect the fact.
2009-12-08 19:12:38 +00:00
Marcel Moolenaar
de7459e59d Fix Read-After-Write (RAW) dependency violation for ar.ccv in
isc_atomic_xadd() and isc_atomic_cmpxchg().

Approved by:	dougb@
MFC after:	1 week
2009-12-07 02:17:58 +00:00
Shteryana Shopova
bd96183d5e Fix a problem with high CPU consumption (up to 30%) by bsnmpd on a loaded system.
Instead of constantly calling the mibII_idle function when the server is not busy
call the function only once every 10 seconds to avoid bsnmpd constantly doing
gettimeofday syscalls. Make the idle polling interval confugurable via
begemotIfDataPoll.

Reported and tested by: misho (at) aitbg (dot) com
Oked by: harti
MFC after:	1 week
2009-12-03 16:08:00 +00:00
Ed Schouten
2208eadf43 Add a new library: libulog.
One of the things I really want to do, is to get rid of the limitations
of our current utmp(5) mechanism:

- It only allows 8 byte TTY device names.
- The hostname only allows 16 bytes of storage.

I'm not a big fan of <utmpx.h>, but I think we should at least try to
add parts of it. Unfortunately we cannot implement <utmpx.h>, because we
miss various fields, such as ut_id, ut_pid, etc. The API provided by
libulog shares some similarities with <utmpx.h>, so it shouldn't be too
hard to port these applications eventually. In most simple cases, it
should just be a matter of removing the ulog_ prefix everywhere.

As a bonus, it also implements a function called ulog_login_pseudo(),
which allows unprivileged applications to write log entries, provided
they have a valid file descriptor to a pseudo-terminal master device.

libulog will allow a smoother transition to a new file format by adding
a library interface to deal with utmp/wtmp/lastlog files. I initially
thought about adding the functionality to libutil, but because I'm not
planning on keeping this library around forever, we'd better keep it
separated.

Next items on the todo list:

1. Port applications in the base system (and ports) to libulog, instead
   of letting them use <utmp.h>.
2. Remove <utmp.h>, implement <utmpx.h> and reimplement this library on
   top.
3. Port as many applications as possible back to <utmpx.h>.
2009-12-03 15:48:24 +00:00
Konstantin Belousov
c09ba32715 Properly support -fPIE by linking PIE binaries with specially-built
Scrt1.o instead of crt1.o, since the later is built as non-PIC.

Separate i386-elf crt1.c into the pure assembler part and C code,
supplying all data extracted by assembler stub as explicit parameters [1].
Hide and localize _start1 symbol used as an interface between asm and
C code.

In collaboration with:	kan
Inspired by:	PR i386/127387 [1]
Prodded and tested by:	rdivacky [1]
MFC after:	3 weeks
2009-12-02 16:34:20 +00:00
Hajimu UMEMOTO
0fa2c497a6 Don't try to bind to an anycast addeess. The KAME IPv6 stack doesn't
allow bind to an anycast addeess.  It does away with an annoying
message.

Reviewed by:	bz, roberto
MFC after:	2 weeks
2009-12-01 16:07:50 +00:00
Doug Barton
9748b72412 Update to BIND 9.6.1-P2. The vulnerability this is designed to fix is
related to DNSSEC validation on a resolving name server that allows
access to untrusted users. If your system does not fall into all 3 of
these categories you do not need to update immediately.
2009-11-30 03:38:34 +00:00
Ed Schouten
ea74c11fae Use <termios.h> instead of <sys/termios.h>.
<sys/termios.h> only works on FreeBSD by accident.
2009-11-28 11:57:25 +00:00
Darren Reed
7484474781 fix spelling mistake 2009-11-19 08:10:24 +00:00
Xin LI
1a9d4dda9b Revert revision 199201 for now as it has introduced a kernel vulnerability
and requires more polishing.
2009-11-12 19:02:10 +00:00
Xin LI
41c8c6e876 Add interface description capability as inspired by OpenBSD.
MFC after:	3 months
2009-11-11 21:30:58 +00:00
Xin LI
4ed03b8dd4 Add a minimal change to prevent NULL deference in ee(1).
To repeat the problem, one can press "Ctrl+C" and then enter "0".

Submitted by:	Alexander Best <alexbestms wwu de>
2009-11-10 00:48:24 +00:00
Doug Barton
48a8495574 Wrap some socket handling code in a !NULL bow
This patch or something similar will likely be included in a future
BIND release.

PR:		bin/138061
Submitted by:	Michael Baker <michael.baker@diversit.com.au>
Original patch submitted by:	Volker <volker@vwsoft.com>
Patch reviewed and tweaked by:	ISC
2009-11-07 18:55:39 +00:00
Rong-En Fan
e99c18762e Merge r198489 from vendor/ncurses/dist:
Pull upstream patch to fix ee(1) crash when received SIGWINCH:

   modify _nc_wgetch() to check for a -1 in the fifo, e.g., after a
   SIGWINCH, and discard that value, to avoid confusing application
   (patch by Eygene Ryabinkin, FreeBSD bin/136223).

PR:		136223
Submitted by:	Eygene Ryabinkin
Obtained from:	ncurses-5.7-20091024 snapshot
MFC after:	3 days
2009-10-26 13:03:52 +00:00
John Baldwin
22239c9dc4 Change gcc to assume a default machine architecture of 486 instead of 386
on "i386".  Doing it in the compiler is deemed to be less fragile then
attempting to provide a default -march setting via bsd.cpu.mk.  FreeBSD
itself has not supported plain 386 CPUs since 5.x.

Suggested by:	kan
Requested by:	rdivacky
MFC after:	1 month
2009-10-21 19:26:12 +00:00
Dag-Erling Smørgrav
b5a3d78a88 Merge upstream r421: grammar nit in pam.conf(5). 2009-10-09 09:42:58 +00:00
Rui Paulo
ce3ed1caa1 Add parsing code for TCP UTO (User Timeout Option).
Submitted by:	fangwang@
Obtained from:	//depot/projects/soc2009/tcputo/
2009-10-07 09:07:06 +00:00
Roman Divacky
e05b498065 Fix tcsh losing history when tcsh terminates because the pty beneath it
is closed.

Diagnosed by Ted Anderson:

New signal queuing logic was introduced in 6.15 and allows the signal handlers
to be run explicitly by calling handle_pending_signals, instead of
immediately when the signal is delivered.  This function is called at
various places, typically when receiving a EINTR from a slow system call
such as read or write.  In the pty exit case, it was called from xwrite,
called from flush, while printing the "exit" message after receiving EOF
when reading from the pty (note that the read did not return EINTR but
zero bytes, indicating EOF).  The SIGHUP handler, phup(), called
rechist, which opened the history file and began writing the merged
history to it.  This process invoked flush recursively to actually write
the data.  In this case, however, the flush noticed it was being called
recursively and decided fail by calling stderror.

My conclusion was that the signal was being handled at a bad time.  But
whether to fix flush not to care about the recursive call, or to handle
the signal some other time and when to handle it, was unclear to me.
However, by adding an extra call to handle_pending_signals, just after
process() returns to main(), I was able to avoid the truncated history
after network outages and similar failures.  I verified this fix in
version 6.17.

Approved by:	ed (mentor)
MFC after:	1 week
2009-10-06 20:19:16 +00:00
Attilio Rao
dcc3a33188 Import a vendor fix for a list overrun.
This has been considered as a security hole on some specialized ml,
but currently the secteam@ doesn't consider that way.

Reviewed by:	emaste, des
Sponsored by:	Sandvine Incorporated
MFC after:	3 days
2009-09-07 09:30:37 +00:00
Andrey A. Chernov
31dcbfad38 1) Remove single occurance of HAS_CTYPE ifdef, ctype functions
used here for a long time and needs their header in anycase.
2) Add (unsigned char) casts to more ctype macros.
3) Simplify menu input handling using ctype instead of range unguarded
hardcoded tricks.
2009-09-04 07:42:13 +00:00
Andrey A. Chernov
db07ef76da Move <locale.h> out of NO_CATGETS define too (as setlocale() in prev.
commit)
2009-09-02 04:43:46 +00:00
Andrey A. Chernov
f39e07f3af 1) Use isprint() instead of hardcoded values to detect non-printable.
2) Use (unsigned char) cast in waddch() calls.
It fix highlighting bug: sign extension of 8bit to the attributes area.
3) Use setlocale() in any case.
2009-09-02 04:26:34 +00:00
Hajimu UMEMOTO
d429d7201e - Add AS lookup functionality to traceroute6(8) as well.
- Support for IPv6 transport for AS lookup.
- Introduce $RA_SERVER to set whois server.
- Support for 4 byte ASN.
- ANSIfy function declaration in as.c.

Tested by:	IHANet folks.
2009-08-23 17:00:16 +00:00
John Baldwin
fcaeaff4b6 Explicitly line up the CPU state labels with the calculated starting column
that takes into account the width of the largest CPU ID.  On systems with
> 10 CPUs the labels for the first 10 CPUs were not lined up properly
otherwise.

Approved by:	re (kib)
MFC after:	1 week
2009-08-19 15:17:13 +00:00
Dag-Erling Smørgrav
9517e86625 Update and remove CVS-specific items
Approved by:	re (kib)
2009-08-13 06:07:38 +00:00
Robert Watson
a743684e60 Import OpenBSM 1.1p2 from vendor branch to 8-CURRENT. This patch release
addresses several minor issues:

- Fix audit_event definitions of AUE_OPENAT_RWT and AUE_OPENAT_RWTC.
- Fix build on Linux.
- Fix printing of class masks in the audump tool.

MFC after:	3 weeks
Obtained from:	TrustedBSD Project
Approved by:	re (kib)
2009-08-02 10:27:54 +00:00
Xin LI
f0be0a1f8c Update less to v436. This is considered as a bugfix release from vendor.
Major changes from v429:
 * Don't pass "-" to non-pipe LESSOPEN unless it starts with "-".
 * Allow a fraction as the argument to the -# (--shift) option.
 * Fix highlight bug when underlined/overstruck text matches at end of line.
 * Fix non-regex searches with ctrl-R.

Approved by:	re (kensmith, kib)
2009-07-29 09:20:32 +00:00
Doug Barton
0df811a678 Update to version 9.6.1-P1 which addresses a remote DoS vulnerability:
Receipt of a specially-crafted dynamic update message may
	cause BIND 9 servers to exit. This vulnerability affects all
	servers -- it is not limited to those that are configured to
	allow dynamic updates. Access controls will not provide an
	effective workaround.

More details can be found here: https://www.isc.org/node/474

All BIND users are encouraged to update to a patched version ASAP.

Approved by:	re (re -> SO -> dougb)
2009-07-29 00:15:39 +00:00
Bruce M Simpson
f667763060 Output DWARF debug information for global 'using' declarations, instead
of just blowing up. A very similar change to this exists which is
GPLv3 licensed, this is my own change.

This problem was triggered by running the Boost regression tests.

See also:	http://gcc.gnu.org/bugzilla/show_bug.cgi?id=31899
Reviewed by:	luigi
Approved by:	re (kib)
2009-07-22 01:07:11 +00:00
Robert Watson
597df30e62 Import OpenBSM 1.1p1 from vendor branch to 8-CURRENT, populating
contrib/openbsm and a subset also imported into sys/security/audit.
This patch release addresses several minor issues:

- Fixes to AUT_SOCKUNIX token parsing.
- IPv6 support for au_to_me(3).
- Improved robustness in the parsing of audit_control, especially long
  flags/naflags strings and whitespace in all fields.
- Add missing conversion of a number of FreeBSD/Mac OS X errnos to/from BSM
  error number space.

MFC after:	3 weeks
Obtained from:	TrustedBSD Project
Sponsored by:	Apple, Inc.
Approved by:	re (kib)
2009-07-17 14:02:20 +00:00