o) Add TARGET_ABI to the MIPS toolchain build process. This sets the default
ABI to one of o32, n32 or n64. If it is not set, o32 is assumed as that is
the current default.
o) Set the default GCC cpu type to any specified TARGET_CPUTYPE. This is
necessary to have a working "cc" if e.g. mips64 is specified, as binutils
will refuse to link objects using different ISAs in some cases.
o) Add support for n32 and n64 ABIs to binutils and GCC.
o) Add additional required libgcc2 stubs for n32 and n64.
o) Add support for the "mips64r2" architecture to GCC. Add the "octeon"
o) When static linking, wrap default libraries in --start-group and
--end-group. This is required for static linking to work on n64 with the
interdependencies between libraries there. This is what other OSes that
support n64 seem to do, as well.
o) Fix our GCC spec to define __mips64 for 64-bit targets, not __mips64__, the
former being what libgcc, etc., check and the latter seemingly being a
misspelling of a hand merge from a Linux spec.
o) When no TARGET_CPUTYPE is specified at build time, make GCC take the default
ISA from the ABI. Our old defaults were too liberal and assumed that 64-bit
ABIs should default to the MIPS64 ISA and that 32-bit ABIs should default to
the MIPS32 ISA, when we are supporting or will support some systems based on
earlier 32-bit and 64-bit ISAs, most notably MIPS-III.
o) Merge a new opcode file (and support code) from a later version of binutils
and add flags and code necessary to support Octeon-specific instructions.
This should also make merging opcodes for other modern architectures easier.
Reviewed by: imp
- Fix handling of ^@ when reading an ex command. Don't try to replay
the previous input.
- Fix handling of ^C in insert mode and when reading an ex command.
Repeating an interrupted input could cause a crash and interrupting
ex command input could cause a file corruption.
- Fix a bug which causes crashes in file name completion when a file
name is longer than the screen width.
- When an error occurs in v_txt(), leave the input mode.
PR: bin/21089, bin/136393
Obtained from: NetBSD
the jail(8) command. [10:04]
Fix a one-NUL-byte buffer overflow in libopie. [10:05]
Correctly sanity-check a buffer length in nfs mount. [10:06]
Approved by: so (cperciva)
Approved by: re (kensmith)
Security: FreeBSD-SA-10:04.jail
Security: FreeBSD-SA-10:05.opie
Security: FreeBSD-SA-10:06.nfsclient
- Bahia de Banderas (Mexican state of Nayarit) changed time zone
UTC-7 to new time zone UTC-6 on April 4, 2010 (to share the same
time zone as nearby city Puerto Vallarta, Jalisco).
Obtained from: ftp://elsie.nci.nih.gov/pub/
Instead of catching SIGPIPE and jumping out of the signal handler with
longjmp, ignore it and handle write errors to the local output by exiting
from there. I have changed the error message to mention the local output
instead of NetBSD's wrong "Connection closed by foreign host". Write errors
to the network were already handled by exiting immediately and this now
applies to EPIPE too.
The code assumed that SIGPIPE could only be generated by the network
connection; if it was generated by the local output, it would longjmp out of
the signal handler and write an error message which caused another SIGPIPE.
PR: 19773
Obtained from: NetBSD
MFC after: 1 week
changing format_k2 to take a long long. Because itoa is defined as a K&R
C function, without prototyping its arguments, format_k2 passed a 64-bit
value, but itoa() received only the first word, showing '0' in all memory
fields.
Although groff_mdoc(7) gives another impression, this is the ordering
most widely used and also required by mdocml/mandoc.
Reviewed by: ru
Approved by: philip, ed (mentors)
From tzdata2010h:
- Tunis will not go into DST this year.
- Pakistan will not go into DST this year.
From tzdata2010g:
- Bangladesh cancels DST.
- Palestine goes into DST one day later than expected.
- Russian timezones update:
Europe/Samara goes to Moscow time.
Asia/Kamchatka goes to Moscow+8 time.
Asia/Anadyr goes to Moscow+8 time.
Note that this is actually a no-op for most users, as this GNU
cpio was broken on -HEAD and 8-STABLE since last March until
the recent fix.
FreeBSD 8.0+ uses BSD cpio by default and the code is being
actively maintained.
Blessed by: kientzle
With hat: secteam
MFC after: 3 days
remote tape service returns deliberately crafted packets containing
more data than requested.
Fix this by checking the returned amount of data and bail out when it
is more than what we requested.
PR: gnu/145010
Submitted by: naddy
Reviewed by: imp
MFC after: immediately
Security: CVE-2010-0624
The Australian Antartic Division:
- Macquarie Island will stay on UTC+11 for winter and not switch back from DST.
- Casey station reverted to its normal time of UTC+8 on 5 March 2010.
- Davis station will revert to its normal time of UTC+7 at 10 March 2010
- Mawson station stays on UTC+5.
Syria will start DST on Thursday 1 April 2010 at midnight.
Correct Samao DST start date (26 Sep vs 24 Oct)
pam_end() already contains a NULL check, and it is not unreasonable to
call it with a NULL pamh in a cleanup / error-handling situation. Remove
OPENPAM_NONNULL, which may cause gcc to optimize away the NULL check.
This fixes a potential NULL pointer dereference in error-handling code
in passwd(1).
the problems related to the handling of broken DNSSEC trust chains.
This fix is only relevant for those who have DNSSEC validation
enabled and configure trust anchors from third parties, either
manually, or through a system like DLV.
to match the values passed in and prevent the SIZE field being corrupted
when more than 2TB is allocated.
PR: bin/129706
Approved by: rrs (mentor)
MFC after: 1 week
- Adjust beginning / end of DST in Bangladesh (minimal impact)
- Fiji ends DST one month earlier to last Sunday of March
- Samoa changes
- Chile extends DST until 3 April this year.
the linker spec. Provide the ability to have a default ABI that's
different than o32 (again, for all 4).
Submitted by: C. Jayachandran (JC) with tweaks for o64/o32 by me
security patches to the 9.6.1 version, as well as many other bug fixes.
This version also incorporates a different fix for the problem we had
patched in contrib/bind9/bin/dig/dighost.c, so that file is now back
to being the same as the vendor version.
Due to the fact that the DNSSEC algorithm that will be used to sign the
root zone is only included in this version and in 9.7.x those who wish
to do validation MUST upgrade to one of these prior to July 2010.
This is a split merge because of non-uniform licensing of the DTC package
contents and the way these components will be used in the FreeBSD environment.
The original DTC package is composed of the following two major pieces:
1. sys/contrib/libfdt (BSD [dual] license)
2. contrib/dtc (GPLv2)
The libfdt component is going to be shared in all aspects of the environment:
- /boot/loader
- kernel
- dtc (the device tree compiler proper, userspace tool)
The Makefiles are leftovers from the copies and should live in usr.sbin/zic/*
From usr.sbin/zic:
The sources are from a vendor contributed source, therefore should
live in contrib/tzcode/zic.
on mips. Its not fully done yet but its a start.
Obtained from: JC - c.jayachandran@gmail.com
M gnu/usr.bin/gdb/kgdb/trgt_mips.c
M gnu/usr.bin/gdb/arch/mips/init.c
M gnu/usr.bin/gdb/arch/mips/Makefile
M gnu/usr.bin/Makefile
M contrib/gdb/gdb/mips-tdep.h
- Include a cpasswd script performing the same mechanisms as the cvpasswd
utility from CVSup.
PR: bin/114129
Submitted by: Petar Zhivkov Petrov <pesho.petrov -at- gmail.com>
MFC after: 1 month
Also remove upper 16bits which always seem to be 0xFFFF. We don't
allocate more than 64KB buffer anyway.
This change make smbutil work on sparc64.
Reviewed by: marius, bp
Approved by: bp
Just like rlogind, there is no need to change the ownership of the
terminal during shutdown anymore. Also don't call logwtmp, because the
login(1)/PAM is responsible for doing this. Also use SHUT_RDWR instead
of 2.
libopie includes both <utmp.h> and <utmpx.h> in this case and uses some
#defines to let the code use struct utmpx and its utility functions.
We'd better not include <utmp.h> here, because maybe it will not be
present in the future.
- Make one-true-awk respect locale's collating order in [a-z]
bracket expressions, until a more complete fix (like handing
BREs) is ready.
- Don't require a space between -[fv] and its argument.
r194519 | gonzo | 2009-06-19 17:28:26 -0600 (Fri, 19 Jun 2009) | 3 lines
- set -mabicalls and -msoft-float as a default in order to
simplify building ports
Server Return mode, where not all packets would be visible to the load
balancer or gateway.
This commit should be reverted when we merge future pf versions. The
benefit it would provide is that this version does not break any existing
public interface and thus won't be a problem if we want to MFC it to
earlier FreeBSD releases.
Discussed with: mlaier
Obtained from: OpenBSD
Sponsored by: iXsystems, Inc.
MFC after: 1 month
Instead of constantly calling the mibII_idle function when the server is not busy
call the function only once every 10 seconds to avoid bsnmpd constantly doing
gettimeofday syscalls. Make the idle polling interval confugurable via
begemotIfDataPoll.
Reported and tested by: misho (at) aitbg (dot) com
Oked by: harti
MFC after: 1 week
One of the things I really want to do, is to get rid of the limitations
of our current utmp(5) mechanism:
- It only allows 8 byte TTY device names.
- The hostname only allows 16 bytes of storage.
I'm not a big fan of <utmpx.h>, but I think we should at least try to
add parts of it. Unfortunately we cannot implement <utmpx.h>, because we
miss various fields, such as ut_id, ut_pid, etc. The API provided by
libulog shares some similarities with <utmpx.h>, so it shouldn't be too
hard to port these applications eventually. In most simple cases, it
should just be a matter of removing the ulog_ prefix everywhere.
As a bonus, it also implements a function called ulog_login_pseudo(),
which allows unprivileged applications to write log entries, provided
they have a valid file descriptor to a pseudo-terminal master device.
libulog will allow a smoother transition to a new file format by adding
a library interface to deal with utmp/wtmp/lastlog files. I initially
thought about adding the functionality to libutil, but because I'm not
planning on keeping this library around forever, we'd better keep it
separated.
Next items on the todo list:
1. Port applications in the base system (and ports) to libulog, instead
of letting them use <utmp.h>.
2. Remove <utmp.h>, implement <utmpx.h> and reimplement this library on
top.
3. Port as many applications as possible back to <utmpx.h>.
Scrt1.o instead of crt1.o, since the later is built as non-PIC.
Separate i386-elf crt1.c into the pure assembler part and C code,
supplying all data extracted by assembler stub as explicit parameters [1].
Hide and localize _start1 symbol used as an interface between asm and
C code.
In collaboration with: kan
Inspired by: PR i386/127387 [1]
Prodded and tested by: rdivacky [1]
MFC after: 3 weeks
related to DNSSEC validation on a resolving name server that allows
access to untrusted users. If your system does not fall into all 3 of
these categories you do not need to update immediately.
This patch or something similar will likely be included in a future
BIND release.
PR: bin/138061
Submitted by: Michael Baker <michael.baker@diversit.com.au>
Original patch submitted by: Volker <volker@vwsoft.com>
Patch reviewed and tweaked by: ISC
Pull upstream patch to fix ee(1) crash when received SIGWINCH:
modify _nc_wgetch() to check for a -1 in the fifo, e.g., after a
SIGWINCH, and discard that value, to avoid confusing application
(patch by Eygene Ryabinkin, FreeBSD bin/136223).
PR: 136223
Submitted by: Eygene Ryabinkin
Obtained from: ncurses-5.7-20091024 snapshot
MFC after: 3 days
on "i386". Doing it in the compiler is deemed to be less fragile then
attempting to provide a default -march setting via bsd.cpu.mk. FreeBSD
itself has not supported plain 386 CPUs since 5.x.
Suggested by: kan
Requested by: rdivacky
MFC after: 1 month
is closed.
Diagnosed by Ted Anderson:
New signal queuing logic was introduced in 6.15 and allows the signal handlers
to be run explicitly by calling handle_pending_signals, instead of
immediately when the signal is delivered. This function is called at
various places, typically when receiving a EINTR from a slow system call
such as read or write. In the pty exit case, it was called from xwrite,
called from flush, while printing the "exit" message after receiving EOF
when reading from the pty (note that the read did not return EINTR but
zero bytes, indicating EOF). The SIGHUP handler, phup(), called
rechist, which opened the history file and began writing the merged
history to it. This process invoked flush recursively to actually write
the data. In this case, however, the flush noticed it was being called
recursively and decided fail by calling stderror.
My conclusion was that the signal was being handled at a bad time. But
whether to fix flush not to care about the recursive call, or to handle
the signal some other time and when to handle it, was unclear to me.
However, by adding an extra call to handle_pending_signals, just after
process() returns to main(), I was able to avoid the truncated history
after network outages and similar failures. I verified this fix in
version 6.17.
Approved by: ed (mentor)
MFC after: 1 week
This has been considered as a security hole on some specialized ml,
but currently the secteam@ doesn't consider that way.
Reviewed by: emaste, des
Sponsored by: Sandvine Incorporated
MFC after: 3 days
used here for a long time and needs their header in anycase.
2) Add (unsigned char) casts to more ctype macros.
3) Simplify menu input handling using ctype instead of range unguarded
hardcoded tricks.
- Support for IPv6 transport for AS lookup.
- Introduce $RA_SERVER to set whois server.
- Support for 4 byte ASN.
- ANSIfy function declaration in as.c.
Tested by: IHANet folks.
that takes into account the width of the largest CPU ID. On systems with
> 10 CPUs the labels for the first 10 CPUs were not lined up properly
otherwise.
Approved by: re (kib)
MFC after: 1 week
addresses several minor issues:
- Fix audit_event definitions of AUE_OPENAT_RWT and AUE_OPENAT_RWTC.
- Fix build on Linux.
- Fix printing of class masks in the audump tool.
MFC after: 3 weeks
Obtained from: TrustedBSD Project
Approved by: re (kib)
Major changes from v429:
* Don't pass "-" to non-pipe LESSOPEN unless it starts with "-".
* Allow a fraction as the argument to the -# (--shift) option.
* Fix highlight bug when underlined/overstruck text matches at end of line.
* Fix non-regex searches with ctrl-R.
Approved by: re (kensmith, kib)
Receipt of a specially-crafted dynamic update message may
cause BIND 9 servers to exit. This vulnerability affects all
servers -- it is not limited to those that are configured to
allow dynamic updates. Access controls will not provide an
effective workaround.
More details can be found here: https://www.isc.org/node/474
All BIND users are encouraged to update to a patched version ASAP.
Approved by: re (re -> SO -> dougb)
of just blowing up. A very similar change to this exists which is
GPLv3 licensed, this is my own change.
This problem was triggered by running the Boost regression tests.
See also: http://gcc.gnu.org/bugzilla/show_bug.cgi?id=31899
Reviewed by: luigi
Approved by: re (kib)
contrib/openbsm and a subset also imported into sys/security/audit.
This patch release addresses several minor issues:
- Fixes to AUT_SOCKUNIX token parsing.
- IPv6 support for au_to_me(3).
- Improved robustness in the parsing of audit_control, especially long
flags/naflags strings and whitespace in all fields.
- Add missing conversion of a number of FreeBSD/Mac OS X errnos to/from BSM
error number space.
MFC after: 3 weeks
Obtained from: TrustedBSD Project
Sponsored by: Apple, Inc.
Approved by: re (kib)
compiled with stack protector.
Use libssp_nonshared library to pull __stack_chk_fail_local symbol into
each library that needs it instead of pulling it from libc. GCC
generates local calls to this function which result in absolute
relocations put into position-independent code segment, making dynamic
loader do extra work every time given shared library is being relocated
and making affected text pages non-shareable.
Reviewed by: kib
Approved by: re (kib)
o add missing Status and Reason codes
o parse/display Action frames
o parse/display Mesh data frames
o parse/display BA frames
Reviewed by: rpaulo
Approved by: re (kib)
/boot/kernel/hptrr.ko
/etc/mail/*.cf
/lib/libcrypto.so.5
/usr/bin/ntpq
/usr/sbin/amd
/usr/sbin/iasl
/usr/sbin/ntpd
/usr/sbin/ntpdate
/usr/sbin/ntpdc
There does not appear to be any purpose to having these timestamps, and
they have the irritating consequence that the aforementioned files will
be different every time they are rebuilt.
After this commit, the only remaining build timestamps are in the kernel,
the boot loaders, /usr/include/osreldate.h (the year in the copyright
notice), and lib*.a (the timestamps on all of the included .o files).
Reviewed by: scottl (hptrr), gshapiro (sendmail), simon (openssl),
roberto (ntp), jkim (acpica)
Approved by: re (kib)
changes from the 9.6.1rc1 version. The first 2 only affect DNSSEC.
named could incorrectly delete NSEC3 records for
empty nodes when processing a update request.
Accept DS responses from delegation only zones.
"delegation-only" was not being accepted in
delegation-only type zones.
- update for getrlimit(2) manpage;
- support for setting RLIMIT_SWAP in login class;
- addition to the limits(1) and sh and csh limit-setting builtins;
- tuning(7) documentation on the sysctls controlling overcommit.
In collaboration with: pho
Reviewed by: alc
Approved by: re (kensmith)
even if some appear to have (partially) corrupted stack traces.
E.g. kernel crashdumps typically have stack weirdness at
userland-kernel boundary.
Obtained from: vendor/upstream (CVS rev 1.118 of stack.c)
Reviewed by: emaste
Approved by: jhb
permanent solution for 9.6.1-release.
"My suggestion is to remove the whole attribute construct.
It only suppresses a warning when a function is unused. In this case
the function is defined as inline, so it's not causing a warning when
not used."
Submitted by: marcel
lots of new features compared to 9.4.x, including:
Full NSEC3 support
Automatic zone re-signing
New update-policy methods tcp-self and 6to4-self
DHCID support.
More detailed statistics counters including those supported in BIND 8.
Faster ACL processing.
Efficient LRU cache-cleaning mechanism.
NSID support.
lots of new features compared to 9.4.x, including:
Full NSEC3 support
Automatic zone re-signing
New update-policy methods tcp-self and 6to4-self
DHCID support.
More detailed statistics counters including those supported in BIND 8.
Faster ACL processing.
Efficient LRU cache-cleaning mechanism.
NSID support.
ipfilter tables via http by the user-level ippool utility. Previously
the 1024-byte buffer used to store a http request coudld easily overflow
if the length of the hostname part of the url passes exceeded 496 bytes. [1]
- Use snprintf to prevent possieble buffer overflows in future. [2]
- Do not try to close the descriptor twice on failure. [2]
Reported by: Maksymilian Arciemowicz <cxib@securityreason.com> [1]
Obtained from: NetBSD CVS [2]
MFC after: 2 weeks
This version is now licensed under a 2-clause BSD license, instead of
the Artistic license. I've reverted a lot of local modifications we made
to ee, because they have been integrated upstream as well.
Only local modifications include:
- $FreeBSD$ ID.
- Pathname to init.ee.
- catopen() call, to honor LC_MESSAGES instead of LANG.
To keep SVN happy, I'm putting an application/octet-stream mime type on
the KOI8 translations.
Reviewed by: current@
The source file, manual page and English translation are now directly
obtained from the contrib/ directory. This makes it a lot easier to
merge a newer version of ee(1) into the tree.
Thanks to: des and jhb
SIGN" instead of U+002D "HYPHEN-MINUS". This is unfortunate for two
reasons: 1) this is not the character which is actually used on the
command line, and 2) it makes it impossible to search a man page for a
specific command-line option.
This patch fixes this, but there are other unresolved issues, such as
confusion between -, \- and hy: while the latter is always (and only)
used for hyphenation, both - and \- are used for negation and
subtraction, and \- is used for command-line options and sometimes
also for parenthesis. IMHO, the correct Unicode characters are:
- hyphenation: either U+2010 or U+00AD, most likely the former (the
latter is the so-called soft hyphen, used to indicate a point at
which a text processor is allowed to hyphenate a word)
- negation and subtraction: U+2212
- parenthesis: in English, U+2214, with spaces suppressed before and
after; in some others (such as Norwegian), U+2213 with spaces
retained.
- command-line options: U+002D, because that is what is actually used
on the command line.
However, fixing this would require extensive modifications to (at least)
the doc and man macro sets...
MFC after: 1 week
OpenBSM history for imported revision below for reference.
MFC after: 2 weeks
Sponsored by: Apple, Inc.
Obtained from: TrustedBSD Project
OpenBSM 1.1
- Change auditon(2) parameters and data structures to be 32/64-bit architecture
independent. Add more information to man page about auditon(2) parameters.
- Add wrapper functions for auditon(2) to use legacy commands when the new
commands are not supported.
- Add default for 'expire-after' in audit_control to expire trail files when
the audit directory is more than 10 megabytes ('10M').
- Interface to convert between local and BSM fcntl(2) command values has been
added: au_bsm_to_fcntl_cmd(3) and au_fcntl_cmd_to_bsm(3), along with
definitions of constants in audit_fcntl.h.
- A bug, introduced in OpenBSM 1.1 alpha 4, in which AUT_RETURN32 tokens
generated by audit_submit(3) were improperly encoded has been fixed.
- Fix example in audit_submit(3) man page. Also, make it clear that we want
the audit ID as the argument.
- A new audit event class 'aa', for post-login authentication and
authorization events, has been added.
Unconstify arguments of bpf_image(), bpf_filter() and bpf_dump(). This
is needed because some ports rely heavely on these arguments (some of
them even roll out their own implemenentations of bpf_dump).
inline function support. This should fix instances where gcc
spuriously reports the following error:
error: nested function 'foo' declared but never defined
1. Add a note to double-check the man page
2. Remove windows-specific items in the ctrl_interface section
3. Add a note that ap_scan must be set to 1 for use with wlan
4. Clarify the wording for scan_ssid related to APs that hide ssid
5. Clarify the wording for the priority option
original intent, but the functionality wasn't implemented until after
gcc 4.2 was released. However, if you compiled a program that would
behave differently before and after this change, gcc 4.2 would have
warned you; hence, everything currently in the base system is
unaffected by this change. This patch also adds additional warnings
about certain inline function-related bogosity, e.g., using a
static non-const local variable in an inline function.
These changes were merged from a snapshot of gcc mainline from March
2007, prior to the GPLv3 switch. I then ran the regression test suite
from a more recent gcc snapshot and fixed the important bugs it found.
I also squelched the following warning unless -pedantic is specified:
foo is static but used in inline function bar which is not static
This is consistent with LLVM's behavior, but not consistent with gcc 4.3.
Reviewed by: arch@
record-only mergeinfo because an automated merge is confused by the
flattening that took place:
Move install to install-sh to prevent name-clashes.
MFC after: 3 days
contrib/openbsm (svn merge) and src/sys/{bsm,security/audit} (manual
merge).
OpenBSM history for imported revision below for reference.
MFC after: 1 month
Sponsored by: Apple, Inc.
Obtained from: TrustedBSD Project
OpenBSM 1.1 beta 1
- The filesz parameter in audit_control(5) now accepts suffixes: 'B' for
Bytes, 'K' for Kilobytes, 'M' for Megabytes, and 'G' for Gigabytes.
For legacy support no suffix defaults to bytes.
- Audit trail log expiration support added. It is configured in
audit_control(5) with the expire-after parameter. If there is no
expire-after parameter in audit_control(5), the default, then the audit
trail files are not expired and removed. See audit_control(5) for
more information.
- Change defaults in audit_control: warn at 5% rather than 20% free for audit
partitions, rotate automatically at 2mb, and set the default policy to
cnt,argv rather than cnt so that execve(2) arguments are captured if
AUE_EXECVE events are audited. These may provide more usable defaults for
many users.
- Use au_domain_to_bsm(3) and au_socket_type_to_bsm(3) to convert
au_to_socket_ex(3) arguments to BSM format.
- Fix error encoding AUT_IPC_PERM tokens.
The function pow() in libmp(3) clashes with pow(3) in libm. We could
rename this single function, but we can just take the same approach as
the Solaris folks did, which is to prefix all function names with mp_.
libmp(3) isn't really popular nowadays. I suspect not a single
application in ports depends on it. There's still a chance, so I've
increased the SHLIB_MAJOR and __FreeBSD_version.
Reviewed by: deischen, rdivacky
alignment requirement, while rt_msghdr has a 4 byte alignment
requirement. The root cause is that if_msghdr has an struct if_data
which has an 8-byte alignment requirement due to a time_t that's
embedded in it. On MIPS, time_t is a 64-bit number, so must be 64-bit
aligned.
Since we don't access ifm_data.ifi_epoch, a simple cast is all that's
necessary here. It is likely the case that ifi_epoch should *NOT* be
a time_t because it is an uptime (time delta) an not an absolute time
since 1970. u_long is likely sufficient there since that gives an
uptime of 136 years will suffice for the foreseeable future.
again in case the connection is interrupted and csup have to reconnect. The
lists will be freed after the collection has been completely processed.
PR: bin/131477
Tested by: dchagin
Binutils has a "contrib" subdirectory - thus flattening cannot happen
without renaming the upper level contrib directory in a first pass.
Also, don't record this move and remove any keyword expansion.
contrib/openbsm (svn merge) and src/sys/{bsm,security/audit} (manual
merge). Hook up bsm_domain.c and bsm_socket_type.c to the libbsm
build along with man pages, add audit_bsm_domain.c and
audit_bsm_socket_type.c to the kernel environment.
OpenBSM history for imported revisions below for reference.
MFC after: 1 month
Sponsored by: Apple Inc.
Obtained from: TrustedBSD Project
OpenBSM 1.1 alpha 5
- Stub libauditd(3) man page added.
- All BSM error number constants with BSM_ERRNO_.
- Interfaces to convert between local and BSM socket types and protocol
families have been added: au_bsm_to_domain(3), au_bsm_to_socket_type(3),
au_domain_to_bsm(3), and au_socket_type_to_bsm(3), along with definitions
of constants in audit_domain.h and audit_socket_type.h. This improves
interoperability by converting local constant spaces, which vary by OS, to
and from Solaris constants (where available) or OpenBSM constants for
protocol domains not present in Solaris (a fair number). These routines
should be used when generating and interpreting extended socket tokens.
- Fix build warnings with full gcc warnings enabled on most supported
platforms.
- Don't compile error strings into bsm_errno.c when building it in the kernel
environment.
- When started by launchd, use the label com.apple.auditd rather than
org.trustedbsd.auditd.
long commands into multiple requests. [09:01]
Fix incorrect OpenSSL checks for malformed signatures due to invalid
check of return value from EVP_VerifyFinal(), DSA_verify, and
DSA_do_verify. [09:02]
Security: FreeBSD-SA-09:01.lukemftpd
Security: FreeBSD-SA-09:02.openssl
Obtained from: NetBSD [SA-09:01]
Obtained from: OpenSSL Project [SA-09:02]
Approved by: so (simon)
fetch a complete CVS repository. Support for rsync update of regular files are
also included, but are not yet enabled. The change should not have an impact on
existing csup usage, as little of the existing code has changed.
