Commit Graph

4676 Commits

Author SHA1 Message Date
Ruslan Ermilov
829089cc6f Clean up import. 2010-01-09 22:47:40 +00:00
Ruslan Ermilov
6023075d0d Flatten out vendor tree. 2010-01-09 22:31:11 +00:00
Warner Losh
168194c97f Merge r194519 from projects/mips to head by hand:
r194519 | gonzo | 2009-06-19 17:28:26 -0600 (Fri, 19 Jun 2009) | 3 lines
- set -mabicalls and -msoft-float as a default in order to
    simplify building ports
2010-01-08 23:37:30 +00:00
Maxim Sobolev
d594463f1b Allow comment (#) to be placed anywhere in the line, not only at the
beginning, so it's consistent with other configuration files.

MFC after:	3 weeks
2010-01-08 10:54:15 +00:00
Ed Schouten
cea2194d9c Remove unneeded inclusion of <utmp.h> and dead variables. 2009-12-27 11:56:32 +00:00
Ed Schouten
2d86428bba Let top(1) use MAXLOGNAME instead of UT_NAMESIZE.
The maximum user login length should have nothing to do with <utmp.h>.
2009-12-25 09:02:41 +00:00
Xin LI
dcc2b1ff46 Adapt OpenBSD pf's "sloopy" TCP state machine which is useful for Direct
Server Return mode, where not all packets would be visible to the load
balancer or gateway.

This commit should be reverted when we merge future pf versions.  The
benefit it would provide is that this version does not break any existing
public interface and thus won't be a problem if we want to MFC it to
earlier FreeBSD releases.

Discussed with:	mlaier
Obtained from:	OpenBSD
Sponsored by:	iXsystems, Inc.
MFC after:	1 month
2009-12-24 00:43:44 +00:00
Ollivier Robert
eb6d21b4ca Merge 4.2.4p8 into contrib (r200452 & r200454).
Subversion is being difficult here so take a hammer and get it in.

MFC after:		2 weeks
Security:		CVE-2009-3563
2009-12-15 14:58:10 +00:00
Xin LI
566a751354 Apply two vendor fixes for CVE-2009-3720.
Security:	CVE-2009-3720
MFC after:	3 days
2009-12-11 02:09:46 +00:00
Xin LI
8057c390ca Flattern all tags and dist tree for expat. 2009-12-10 21:15:25 +00:00
Xin LI
933ef0ba72 What we have in base system is actually OpenBSD 4.5's netcat,
update this file to reflect the fact.
2009-12-08 19:12:38 +00:00
Marcel Moolenaar
de7459e59d Fix Read-After-Write (RAW) dependency violation for ar.ccv in
isc_atomic_xadd() and isc_atomic_cmpxchg().

Approved by:	dougb@
MFC after:	1 week
2009-12-07 02:17:58 +00:00
Shteryana Shopova
bd96183d5e Fix a problem with high CPU consumption (up to 30%) by bsnmpd on a loaded system.
Instead of constantly calling the mibII_idle function when the server is not busy
call the function only once every 10 seconds to avoid bsnmpd constantly doing
gettimeofday syscalls. Make the idle polling interval confugurable via
begemotIfDataPoll.

Reported and tested by: misho (at) aitbg (dot) com
Oked by: harti
MFC after:	1 week
2009-12-03 16:08:00 +00:00
Ed Schouten
2208eadf43 Add a new library: libulog.
One of the things I really want to do, is to get rid of the limitations
of our current utmp(5) mechanism:

- It only allows 8 byte TTY device names.
- The hostname only allows 16 bytes of storage.

I'm not a big fan of <utmpx.h>, but I think we should at least try to
add parts of it. Unfortunately we cannot implement <utmpx.h>, because we
miss various fields, such as ut_id, ut_pid, etc. The API provided by
libulog shares some similarities with <utmpx.h>, so it shouldn't be too
hard to port these applications eventually. In most simple cases, it
should just be a matter of removing the ulog_ prefix everywhere.

As a bonus, it also implements a function called ulog_login_pseudo(),
which allows unprivileged applications to write log entries, provided
they have a valid file descriptor to a pseudo-terminal master device.

libulog will allow a smoother transition to a new file format by adding
a library interface to deal with utmp/wtmp/lastlog files. I initially
thought about adding the functionality to libutil, but because I'm not
planning on keeping this library around forever, we'd better keep it
separated.

Next items on the todo list:

1. Port applications in the base system (and ports) to libulog, instead
   of letting them use <utmp.h>.
2. Remove <utmp.h>, implement <utmpx.h> and reimplement this library on
   top.
3. Port as many applications as possible back to <utmpx.h>.
2009-12-03 15:48:24 +00:00
Konstantin Belousov
c09ba32715 Properly support -fPIE by linking PIE binaries with specially-built
Scrt1.o instead of crt1.o, since the later is built as non-PIC.

Separate i386-elf crt1.c into the pure assembler part and C code,
supplying all data extracted by assembler stub as explicit parameters [1].
Hide and localize _start1 symbol used as an interface between asm and
C code.

In collaboration with:	kan
Inspired by:	PR i386/127387 [1]
Prodded and tested by:	rdivacky [1]
MFC after:	3 weeks
2009-12-02 16:34:20 +00:00
Hajimu UMEMOTO
0fa2c497a6 Don't try to bind to an anycast addeess. The KAME IPv6 stack doesn't
allow bind to an anycast addeess.  It does away with an annoying
message.

Reviewed by:	bz, roberto
MFC after:	2 weeks
2009-12-01 16:07:50 +00:00
Doug Barton
9748b72412 Update to BIND 9.6.1-P2. The vulnerability this is designed to fix is
related to DNSSEC validation on a resolving name server that allows
access to untrusted users. If your system does not fall into all 3 of
these categories you do not need to update immediately.
2009-11-30 03:38:34 +00:00
Ed Schouten
ea74c11fae Use <termios.h> instead of <sys/termios.h>.
<sys/termios.h> only works on FreeBSD by accident.
2009-11-28 11:57:25 +00:00
Darren Reed
7484474781 fix spelling mistake 2009-11-19 08:10:24 +00:00
Xin LI
1a9d4dda9b Revert revision 199201 for now as it has introduced a kernel vulnerability
and requires more polishing.
2009-11-12 19:02:10 +00:00
Xin LI
41c8c6e876 Add interface description capability as inspired by OpenBSD.
MFC after:	3 months
2009-11-11 21:30:58 +00:00
Xin LI
4ed03b8dd4 Add a minimal change to prevent NULL deference in ee(1).
To repeat the problem, one can press "Ctrl+C" and then enter "0".

Submitted by:	Alexander Best <alexbestms wwu de>
2009-11-10 00:48:24 +00:00
Doug Barton
48a8495574 Wrap some socket handling code in a !NULL bow
This patch or something similar will likely be included in a future
BIND release.

PR:		bin/138061
Submitted by:	Michael Baker <michael.baker@diversit.com.au>
Original patch submitted by:	Volker <volker@vwsoft.com>
Patch reviewed and tweaked by:	ISC
2009-11-07 18:55:39 +00:00
Rong-En Fan
e99c18762e Merge r198489 from vendor/ncurses/dist:
Pull upstream patch to fix ee(1) crash when received SIGWINCH:

   modify _nc_wgetch() to check for a -1 in the fifo, e.g., after a
   SIGWINCH, and discard that value, to avoid confusing application
   (patch by Eygene Ryabinkin, FreeBSD bin/136223).

PR:		136223
Submitted by:	Eygene Ryabinkin
Obtained from:	ncurses-5.7-20091024 snapshot
MFC after:	3 days
2009-10-26 13:03:52 +00:00
John Baldwin
22239c9dc4 Change gcc to assume a default machine architecture of 486 instead of 386
on "i386".  Doing it in the compiler is deemed to be less fragile then
attempting to provide a default -march setting via bsd.cpu.mk.  FreeBSD
itself has not supported plain 386 CPUs since 5.x.

Suggested by:	kan
Requested by:	rdivacky
MFC after:	1 month
2009-10-21 19:26:12 +00:00
Dag-Erling Smørgrav
b5a3d78a88 Merge upstream r421: grammar nit in pam.conf(5). 2009-10-09 09:42:58 +00:00
Rui Paulo
ce3ed1caa1 Add parsing code for TCP UTO (User Timeout Option).
Submitted by:	fangwang@
Obtained from:	//depot/projects/soc2009/tcputo/
2009-10-07 09:07:06 +00:00
Roman Divacky
e05b498065 Fix tcsh losing history when tcsh terminates because the pty beneath it
is closed.

Diagnosed by Ted Anderson:

New signal queuing logic was introduced in 6.15 and allows the signal handlers
to be run explicitly by calling handle_pending_signals, instead of
immediately when the signal is delivered.  This function is called at
various places, typically when receiving a EINTR from a slow system call
such as read or write.  In the pty exit case, it was called from xwrite,
called from flush, while printing the "exit" message after receiving EOF
when reading from the pty (note that the read did not return EINTR but
zero bytes, indicating EOF).  The SIGHUP handler, phup(), called
rechist, which opened the history file and began writing the merged
history to it.  This process invoked flush recursively to actually write
the data.  In this case, however, the flush noticed it was being called
recursively and decided fail by calling stderror.

My conclusion was that the signal was being handled at a bad time.  But
whether to fix flush not to care about the recursive call, or to handle
the signal some other time and when to handle it, was unclear to me.
However, by adding an extra call to handle_pending_signals, just after
process() returns to main(), I was able to avoid the truncated history
after network outages and similar failures.  I verified this fix in
version 6.17.

Approved by:	ed (mentor)
MFC after:	1 week
2009-10-06 20:19:16 +00:00
Attilio Rao
dcc3a33188 Import a vendor fix for a list overrun.
This has been considered as a security hole on some specialized ml,
but currently the secteam@ doesn't consider that way.

Reviewed by:	emaste, des
Sponsored by:	Sandvine Incorporated
MFC after:	3 days
2009-09-07 09:30:37 +00:00
Andrey A. Chernov
31dcbfad38 1) Remove single occurance of HAS_CTYPE ifdef, ctype functions
used here for a long time and needs their header in anycase.
2) Add (unsigned char) casts to more ctype macros.
3) Simplify menu input handling using ctype instead of range unguarded
hardcoded tricks.
2009-09-04 07:42:13 +00:00
Andrey A. Chernov
db07ef76da Move <locale.h> out of NO_CATGETS define too (as setlocale() in prev.
commit)
2009-09-02 04:43:46 +00:00
Andrey A. Chernov
f39e07f3af 1) Use isprint() instead of hardcoded values to detect non-printable.
2) Use (unsigned char) cast in waddch() calls.
It fix highlighting bug: sign extension of 8bit to the attributes area.
3) Use setlocale() in any case.
2009-09-02 04:26:34 +00:00
Hajimu UMEMOTO
d429d7201e - Add AS lookup functionality to traceroute6(8) as well.
- Support for IPv6 transport for AS lookup.
- Introduce $RA_SERVER to set whois server.
- Support for 4 byte ASN.
- ANSIfy function declaration in as.c.

Tested by:	IHANet folks.
2009-08-23 17:00:16 +00:00
John Baldwin
fcaeaff4b6 Explicitly line up the CPU state labels with the calculated starting column
that takes into account the width of the largest CPU ID.  On systems with
> 10 CPUs the labels for the first 10 CPUs were not lined up properly
otherwise.

Approved by:	re (kib)
MFC after:	1 week
2009-08-19 15:17:13 +00:00
Dag-Erling Smørgrav
9517e86625 Update and remove CVS-specific items
Approved by:	re (kib)
2009-08-13 06:07:38 +00:00
Robert Watson
a743684e60 Import OpenBSM 1.1p2 from vendor branch to 8-CURRENT. This patch release
addresses several minor issues:

- Fix audit_event definitions of AUE_OPENAT_RWT and AUE_OPENAT_RWTC.
- Fix build on Linux.
- Fix printing of class masks in the audump tool.

MFC after:	3 weeks
Obtained from:	TrustedBSD Project
Approved by:	re (kib)
2009-08-02 10:27:54 +00:00
Xin LI
f0be0a1f8c Update less to v436. This is considered as a bugfix release from vendor.
Major changes from v429:
 * Don't pass "-" to non-pipe LESSOPEN unless it starts with "-".
 * Allow a fraction as the argument to the -# (--shift) option.
 * Fix highlight bug when underlined/overstruck text matches at end of line.
 * Fix non-regex searches with ctrl-R.

Approved by:	re (kensmith, kib)
2009-07-29 09:20:32 +00:00
Doug Barton
0df811a678 Update to version 9.6.1-P1 which addresses a remote DoS vulnerability:
Receipt of a specially-crafted dynamic update message may
	cause BIND 9 servers to exit. This vulnerability affects all
	servers -- it is not limited to those that are configured to
	allow dynamic updates. Access controls will not provide an
	effective workaround.

More details can be found here: https://www.isc.org/node/474

All BIND users are encouraged to update to a patched version ASAP.

Approved by:	re (re -> SO -> dougb)
2009-07-29 00:15:39 +00:00
Bruce M Simpson
f667763060 Output DWARF debug information for global 'using' declarations, instead
of just blowing up. A very similar change to this exists which is
GPLv3 licensed, this is my own change.

This problem was triggered by running the Boost regression tests.

See also:	http://gcc.gnu.org/bugzilla/show_bug.cgi?id=31899
Reviewed by:	luigi
Approved by:	re (kib)
2009-07-22 01:07:11 +00:00
Robert Watson
597df30e62 Import OpenBSM 1.1p1 from vendor branch to 8-CURRENT, populating
contrib/openbsm and a subset also imported into sys/security/audit.
This patch release addresses several minor issues:

- Fixes to AUT_SOCKUNIX token parsing.
- IPv6 support for au_to_me(3).
- Improved robustness in the parsing of audit_control, especially long
  flags/naflags strings and whitespace in all fields.
- Add missing conversion of a number of FreeBSD/Mac OS X errnos to/from BSM
  error number space.

MFC after:	3 weeks
Obtained from:	TrustedBSD Project
Sponsored by:	Apple, Inc.
Approved by:	re (kib)
2009-07-17 14:02:20 +00:00
Sam Leffler
649874e159 correct IEEE80211_RADIOTAP_XCHANNEL to match system
Submitted by:	Guy Harris
Approved by:	re (kib)
2009-07-15 13:50:06 +00:00
Alexander Kabaev
2286fe7635 Second attempt at eliminating .text relocations in shared libraries
compiled with stack protector.

Use libssp_nonshared library to pull __stack_chk_fail_local symbol into
each library that needs it instead of pulling it from libc. GCC
generates local calls to this function which result in absolute
relocations put into position-independent code segment, making dynamic
loader do extra work every time given shared library is being relocated
and making affected text pages non-shareable.

Reviewed by:        kib
Approved by:        re (kib)
2009-07-14 21:19:13 +00:00
Sam Leffler
0b73e40339 Updates, mostly to add 802.11s support:
o add missing Status and Reason codes
o parse/display Action frames
o parse/display Mesh data frames
o parse/display BA frames

Reviewed by:	rpaulo
Approved by:	re (kib)
2009-07-14 17:11:06 +00:00
Colin Percival
7d845dde8d Remove build timestamps from the following files:
/boot/kernel/hptrr.ko
/etc/mail/*.cf
/lib/libcrypto.so.5
/usr/bin/ntpq
/usr/sbin/amd
/usr/sbin/iasl
/usr/sbin/ntpd
/usr/sbin/ntpdate
/usr/sbin/ntpdc

There does not appear to be any purpose to having these timestamps, and
they have the irritating consequence that the aforementioned files will
be different every time they are rebuilt.

After this commit, the only remaining build timestamps are in the kernel,
the boot loaders, /usr/include/osreldate.h (the year in the copyright
notice), and lib*.a (the timestamps on all of the included .o files).

Reviewed by:	scottl (hptrr), gshapiro (sendmail), simon (openssl),
		roberto (ntp), jkim (acpica)
Approved by:	re (kib)
2009-07-11 22:30:37 +00:00
Colin Percival
f15e71c26a Fix .Dd value -- our mdoc macros don't know how to parse the $Mdocdate$
tag, so the file was being treated as having no date (i.e., the current
date was being inserted).

Approved by:	re (kib)
2009-07-11 17:35:55 +00:00
Mark Peek
a15e6f9a9a Update to tcsh 6.17.00.
Approved by:	re (kensmith)
2009-07-11 05:35:08 +00:00
Mark Peek
bc49518e16 Flatten vendor/tcsh/dist. 2009-07-10 21:00:38 +00:00
Doug Barton
9d0520c4b2 This is the solution that ISC committed after 9.6.1-release for
the gcc warning issue. It should be included in the next upstream
release.
2009-06-25 19:52:45 +00:00
Doug Barton
d1fdc8795a Update to the final release version of BIND 9.6.1. It has the following
changes from the 9.6.1rc1 version. The first 2 only affect DNSSEC.

          named could incorrectly delete NSEC3 records for
          empty nodes when processing a update request.

          Accept DS responses from delegation only zones.

          "delegation-only" was not being accepted in
          delegation-only type zones.
2009-06-25 19:16:29 +00:00
Konstantin Belousov
c9253e931d Usermode portion of the support for swap allocation accounting:
- update for getrlimit(2) manpage;
- support for setting RLIMIT_SWAP in login class;
- addition to the limits(1) and sh and csh limit-setting builtins;
- tuning(7) documentation on the sysctls controlling overcommit.

In collaboration with:	pho
Reviewed by:	alc
Approved by:	re (kensmith)
2009-06-23 20:57:27 +00:00
Roman Divacky
5caf16048e Fix a typo that causes the for loop to exit immediately. There's
identical loop a few lines above.

Reviewed by: sam
Approved by: ed (mentor)
Silence from: darrenr (maintainer)
2009-06-16 13:31:01 +00:00
Ulf Lilleengen
c420fd5bb2 - Remove semicolon that should not have been there.
Submitted by:	rdivacky
MFC after:	1 week
2009-06-12 16:37:53 +00:00
Andriy Gapon
84056e4e85 gdb: make 'thread apply all bt' always work on all threads
even if some appear to have (partially) corrupted stack traces.
E.g. kernel crashdumps typically have stack weirdness at
userland-kernel boundary.

Obtained from:	vendor/upstream (CVS rev 1.118 of stack.c)
Reviewed by:	emaste
Approved by:	jhb
2009-06-12 14:27:50 +00:00
Colin Percival
9a1bde1808 Prevent integer overflow in direct pipe write code from circumventing
virtual-to-physical page lookups. [09:09]

Add missing permissions check for SIOCSIFINFO_IN6 ioctl. [09:10]

Fix buffer overflow in "autokey" negotiation in ntpd(8). [09:11]

Approved by:	so (cperciva)
Approved by:	re (not really, but SVN wants this...)
Security:	FreeBSD-SA-09:09.pipe
Security:	FreeBSD-SA-09:10.ipv6
Security:	FreeBSD-SA-09:11.ntpd
2009-06-10 10:31:11 +00:00
Ulf Lilleengen
95bac762d7 - Add missing data argument to printf.
Submitted by:	Pawel Worach <pawel.worach -AT- gmail.com>
MFC after:	1 week
2009-06-01 09:25:32 +00:00
Doug Barton
8df4f1e7be Local hack to get the build going again while ISC works on a more
permanent solution for 9.6.1-release.

"My suggestion is to remove the whole attribute construct.
It only suppresses a warning when a function is unused. In this case
the function is defined as inline, so it's not causing a warning when
not used."

Submitted by:	marcel
2009-06-01 06:31:04 +00:00
Doug Barton
86a672bc31 Update BIND to version 9.6.1rc1. This version has better performance and
lots of new features compared to 9.4.x, including:

	Full NSEC3 support
	Automatic zone re-signing
	New update-policy methods tcp-self and 6to4-self
	DHCID support.
	More detailed statistics counters including those supported in BIND 8.
	Faster ACL processing.
	Efficient LRU cache-cleaning mechanism.
	NSID support.
2009-05-31 05:44:21 +00:00
Doug Barton
6318052d9e Update BIND to version 9.6.1rc1. This version has better performance and
lots of new features compared to 9.4.x, including:

	Full NSEC3 support
	Automatic zone re-signing
	New update-policy methods tcp-self and 6to4-self
	DHCID support.
	More detailed statistics counters including those supported in BIND 8.
	Faster ACL processing.
	Efficient LRU cache-cleaning mechanism.
	NSID support.
2009-05-31 05:42:58 +00:00
Stanislav Sedov
6760b335c6 - Prevent buffer overflow in IPFilter's load_http function used to load
ipfilter tables via http by the user-level ippool utility. Previously
  the 1024-byte buffer used to store a http request coudld easily overflow
  if the length of the hostname part of the url passes exceeded 496 bytes. [1]
- Use snprintf to prevent possieble buffer overflows in future. [2]
- Do not try to close the descriptor twice on failure. [2]

Reported by:	Maksymilian Arciemowicz <cxib@securityreason.com> [1]
Obtained from:	NetBSD CVS [2]
MFC after:	2 weeks
2009-05-29 16:24:23 +00:00
Xin LI
c9b4549c3d Add an EXIT STATUS section to the manual page. Currently, nc(1)
does not follow sysexits(3), and returns 1 for all error cases.

PR:		docs/126451
2009-05-29 07:18:31 +00:00
Xin LI
1a9dc239f5 Update netcat to the version carried with OpenBSD 4.5. 2009-05-28 23:23:49 +00:00
Marcel Moolenaar
1ac3735c5f char can be unsigned, like on ARM and PowerPC. Unbreak the
build for those by propagating the type of character from
char to int.
2009-05-28 04:25:38 +00:00
Ed Schouten
96b676e999 Update ee(1) in the base system to version 1.5.0.
This version is now licensed under a 2-clause BSD license, instead of
the Artistic license. I've reverted a lot of local modifications we made
to ee, because they have been integrated upstream as well.

Only local modifications include:

- $FreeBSD$ ID.
- Pathname to init.ee.
- catopen() call, to honor LC_MESSAGES instead of LANG.

To keep SVN happy, I'm putting an application/octet-stream mime type on
the KOI8 translations.

Reviewed by:	current@
2009-05-27 17:27:03 +00:00
Ed Schouten
cfe04e82b1 Merge local changes to ee(1) into contrib space.
The source file, manual page and English translation are now directly
obtained from the contrib/ directory. This makes it a lot easier to
merge a newer version of ee(1) into the tree.

Thanks to:	des and jhb
2009-05-26 21:06:51 +00:00
Ed Schouten
72fcea8cb7 Copy ee 1.4.2 into the contrib directory.
This allows me to merge our custom changes to ee(1) back on top of
original sources, with correct mergeinfo.
2009-05-26 20:13:17 +00:00
Dag-Erling Smørgrav
62aa21ae86 When man pages are formatted in UTF-8, .Fl is encoded as U+2212 "MINUS
SIGN" instead of U+002D "HYPHEN-MINUS".  This is unfortunate for two
reasons: 1) this is not the character which is actually used on the
command line, and 2) it makes it impossible to search a man page for a
specific command-line option.

This patch fixes this, but there are other unresolved issues, such as
confusion between -, \- and hy: while the latter is always (and only)
used for hyphenation, both - and \- are used for negation and
subtraction, and \- is used for command-line options and sometimes
also for parenthesis.  IMHO, the correct Unicode characters are:

 - hyphenation: either U+2010 or U+00AD, most likely the former (the
   latter is the so-called soft hyphen, used to indicate a point at
   which a text processor is allowed to hyphenate a word)

 - negation and subtraction: U+2212

 - parenthesis: in English, U+2214, with spaces suppressed before and
   after; in some others (such as Norwegian), U+2213 with spaces
   retained.

 - command-line options: U+002D, because that is what is actually used
   on the command line.

However, fixing this would require extensive modifications to (at least)
the doc and man macro sets...

MFC after:	1 week
2009-05-21 17:56:00 +00:00
Xin LI
70b95ceeab Merge vendor/file/dist@192348, bringing FILE 5.03 to 8-CURRENT.
Security:	CVE-2009-1515
2009-05-18 22:34:33 +00:00
Xin LI
7374caaaed Update to less v429. 2009-05-09 01:35:27 +00:00
Xin LI
ad5f463cf9 Flatten all tags of the dist tree of less. 2009-05-08 23:34:35 +00:00
David E. O'Brien
befabca97a This belongs in //svn.freebsd.org/base/vendor/file/dist now. 2009-05-04 00:42:15 +00:00
David E. O'Brien
7dbb948b5f Merge vendor/file/dist@191739, bringing FILE 5.00 to 8-CURRENT. 2009-05-04 00:37:44 +00:00
Bjoern A. Zeeb
01b5749292 Remove udp and tcp includes not needed here.
Tripped over by: a compile of an upcoming change
MFC after:	1 month
2009-04-25 19:14:22 +00:00
Ollivier Robert
0963cc7dac Merge r191298 into HEAD.
Prevent a buffer overflow in ntpq.  Patch taken from the PR database
after being committed to the official ntp tree and present in 4.2.4p7-rc2.

It will be MFH to the upcoming 7.2 pending re approval.

Obtained from:  https://support.ntp.org/bugs/show_bug.cgi?id=1144
MFC after:      3 days
Security:       http://www.securityfocus.com/bid/34481
                CVE-2009-0159
2009-04-20 09:59:08 +00:00
Robert Watson
c0020399a6 Merge OpenBSM 1.1 from OpenBSM vendor branch to head.
OpenBSM history for imported revision below for reference.

MFC after:      2 weeks
Sponsored by:   Apple, Inc.
Obtained from:  TrustedBSD Project

OpenBSM 1.1

- Change auditon(2) parameters and data structures to be 32/64-bit architecture
  independent.  Add more information to man page about auditon(2) parameters.
- Add wrapper functions for auditon(2) to use legacy commands when the new
  commands are not supported.
- Add default for 'expire-after' in audit_control to expire trail files when
  the audit directory is more than 10 megabytes ('10M').
- Interface to convert between local and BSM fcntl(2) command values has been
  added:  au_bsm_to_fcntl_cmd(3) and au_fcntl_cmd_to_bsm(3), along with
  definitions of constants in audit_fcntl.h.
- A bug, introduced in OpenBSM 1.1 alpha 4, in which AUT_RETURN32 tokens
  generated by audit_submit(3) were improperly encoded has been fixed.
- Fix example in audit_submit(3) man page.  Also, make it clear that we want
  the audit ID as the argument.
- A new audit event class 'aa', for post-login authentication and
  authorization events, has been added.
2009-04-19 16:17:13 +00:00
Rui Paulo
efbbe93e56 Revert previous commit that commented out some bpf functions.
Unconstify arguments of bpf_image(), bpf_filter() and bpf_dump(). This
is needed because some ports rely heavely on these arguments (some of
them even roll out their own implemenentations of bpf_dump).
2009-04-11 17:36:11 +00:00
Ed Maste
bf2d1caf3c - Use gdb-* glob instead of gdb-6.1.1, to simplify future imports.
- Add a few entries for additional files from later gdb releases that
  should also be ignored.
2009-04-07 20:15:51 +00:00
Rui Paulo
0c9438135a Restore local change to include <sys/bpf.h> inside pcap.h. This fixes
remaining ports build problems.
2009-04-02 13:04:17 +00:00
Rui Paulo
fa01cfefc2 Remove a dangling extern "C" declaration that was missed during the
merge. Fixes C++ ports using libpcap (nmap, for example).

Submitted by:	Daniel Roethlisberger <daniel at roe.ch>
2009-03-31 11:04:51 +00:00
Ulf Lilleengen
36005c6050 - Add proper error checking and printing to the CVSMode code when reading and
writing from/to streams, as leaving them out stops csup from cleaning up on
  SIGINT and friends properly.

MFC after:      1 week
2009-03-25 20:15:48 +00:00
Ulf Lilleengen
a2cd3e4eda - Remember to set umask before setting attributes of RCS file.
Tested by:	dougb
MFC after:	2 days
2009-03-25 07:01:45 +00:00
David Schultz
e4c3a7fc88 Merge an important change that I mistakenly left out when merging C99
inline function support. This should fix instances where gcc
spuriously reports the following error:

    error: nested function 'foo' declared but never defined
2009-03-25 05:10:32 +00:00
VANHULLEBUS Yvan
ff1fdd77ff Fixed indentation for LINKTYPE_ENC
Approved by:	gnn(mentor)
2009-03-24 15:57:35 +00:00
Rui Paulo
1d111e6dfe bpf_filter() and bpf_validate() can't live here if they already live in
bpf.h
2009-03-22 00:47:41 +00:00
Rui Paulo
b2e0e80d0c Remove remaining references to BIOCSETBUFMODE ifdefs. We now have
another ifdef for zerocopy bpf.
2009-03-21 23:13:48 +00:00
Rui Paulo
2676a4aff3 Finish merge of zerocopy bpf. 2009-03-21 23:08:04 +00:00
Doug Barton
212b42b0a3 Merge from vendor/bind9/dist as of the 9.4.3-P2 import 2009-03-21 23:00:40 +00:00
Rui Paulo
a8e0710125 Merge libpcap 1.0.0. 2009-03-21 22:58:08 +00:00
Rui Paulo
661c9d81e0 Fix WITHOUT_IPV6=yes build.
Reported by:	Andrzej Tobola ato at iem.pw.edu.pl
2009-03-21 21:56:23 +00:00
Rui Paulo
e744b7e395 Add Mac OS X stuff. 2009-03-21 20:39:22 +00:00
Rui Paulo
4eea7c44d8 Add a couple more paths. 2009-03-21 20:34:41 +00:00
Rui Paulo
4953d4b64d Add exclude list for libpcap. 2009-03-21 20:16:15 +00:00
Rui Paulo
a5779b6e02 Merge tcpdump 4.0.0 from the vendor branch. 2009-03-21 18:30:25 +00:00
Rui Paulo
ef1946bcf8 Fix a path. 2009-03-21 16:08:40 +00:00
Rui Paulo
58ffff611f Exclude list for tcpdump imports. 2009-03-21 15:46:37 +00:00
Rui Paulo
3430dc7c1f Flatten vendor/libpcap and remove keyword expansion. 2009-03-20 13:44:43 +00:00
Rui Paulo
81ceab7147 Flatten vendor/tcpdump and remove keyword expansion. 2009-03-20 13:27:51 +00:00
Doug Barton
c0c0c35c3b Add some notes and clarify a few sections:
1. Add a note to double-check the man page
2. Remove windows-specific items in the ctrl_interface section
3. Add a note that ap_scan must be set to 1 for use with wlan
4. Clarify the wording for scan_ssid related to APs that hide ssid
5. Clarify the wording for the priority option
2009-03-16 23:56:28 +00:00
VANHULLEBUS Yvan
ef39bc9f18 Added DLT_ENC to map list, so it is now possible
to save dumps on enc0

Reviewed by:	gnn(mentor)
Obtained from:	NETASQ
MFC after:	1 week
2009-03-16 15:09:47 +00:00
Sam Leffler
1e0f47c327 remove gcc-ism; tsinfo isn't used anyway 2009-03-15 01:38:37 +00:00
David Schultz
d5ed956300 Make gcc use C99 inline semantics in c99 and gnu99 mode. This was the
original intent, but the functionality wasn't implemented until after
gcc 4.2 was released. However, if you compiled a program that would
behave differently before and after this change, gcc 4.2 would have
warned you; hence, everything currently in the base system is
unaffected by this change.  This patch also adds additional warnings
about certain inline function-related bogosity, e.g., using a
static non-const local variable in an inline function.

These changes were merged from a snapshot of gcc mainline from March
2007, prior to the GPLv3 switch. I then ran the regression test suite
from a more recent gcc snapshot and fixed the important bugs it found.
I also squelched the following warning unless -pedantic is specified:

    foo is static but used in inline function bar which is not static

This is consistent with LLVM's behavior, but not consistent with gcc 4.3.

Reviewed by:	arch@
2009-03-14 19:36:13 +00:00