1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-20 11:11:24 +00:00
Commit Graph

3924 Commits

Author SHA1 Message Date
Robert Watson
98c38adbfd Update for OpenBSM 1.0 alpha 9.
Obtained from:	TrustedBSD Project
2006-08-26 08:12:17 +00:00
Robert Watson
505237ac0c Resolove conflicts from OpenBSM 1.0 alpha 9 into audit_event.
Obtained from:	TrustedBSD Project
2006-08-26 08:08:47 +00:00
Robert Watson
c9965e710d This commit was generated by cvs2svn to compensate for changes in r161630,
which included commits to RCS files with non-trunk default branches.
2006-08-26 08:04:15 +00:00
Robert Watson
22ccb20de4 Vendor import of OpenBSM 1.0 alpha 9, with the following change history
notes since the last import:

OpenBSM 1.0 alpha 9

- Rename many OpenBSM-specific constants and API elements containing the
  strings "BSM" and "bsm" to "AUDIT" and "audit", observing that this is true
  for almost all existing constants and APIs.
- Instead of passing a per-instance cookie directly into all audit filter
  APIs, pass in the audit filter daemon state pointer, which is then used by
  the module using an audit_filter_{get,set}cookie() API.  This will allow
  future service APIs provided by the filter daemon to maintain their own
  state -- for example, per-module preselection state.

OpenBSM 1.0 alpha 8

- Correct typo in definition of AUR_INT.
- Adopt OpenSolaris constant values for AUDIT_* configuration flags.
- Arguments to au_to_exec_args() and au_to_exec_env() no longer const.
- Add kernel versions of au_to_exec_args() and au_to_exec_env().
- Fix exec argument type that is printed for env strings from 'arg' to 'env'.
- New OpenBSM token version number assigned, constants added for other
  commonly seen version numbers.
- OpenBSM-specific events assigned numbers in the 43xxx range to avoid future
  collisions with Solaris.  Darwin events renamed to AUE_DARWIN_foo, as they
  are now deprecated numberings.
- autoconf now detects clock_gettime(), which is not available on Darwin.
- praudit output fixes relating to arg32 and arg64 tokens.
- Maximum record size updated to 64k-1 to match Solaris record size limit.
- Various style and comment cleanups in include files.

This is an MFC candidate to RELENG_6.

Obtained from:	TrustedBSD Project
2006-08-26 08:04:15 +00:00
Marcel Moolenaar
92d95d05b3 This commit was generated by cvs2svn to compensate for changes in r161561,
which included commits to RCS files with non-trunk default branches.
2006-08-24 02:43:20 +00:00
Marcel Moolenaar
929e506f33 Add support for PowerPC. These files are added onto the FSF branch
to avoid future conflicts.
2006-08-24 02:43:20 +00:00
Marcel Moolenaar
d5ae8b19e8 Update for PowerPC support. We need to keep rs6000 related files. 2006-08-23 03:30:33 +00:00
Marcel Moolenaar
0ffcd81703 Import files needed for PowerPC support and not included in the
original GDB 6.1.1 import.
2006-08-23 03:28:37 +00:00
Marcel Moolenaar
7eab377589 This commit was generated by cvs2svn to compensate for changes in r161537,
which included commits to RCS files with non-trunk default branches.
2006-08-23 03:28:37 +00:00
Ruslan Ermilov
2b46c64c9c Remove alpha left-overs. 2006-08-22 08:03:01 +00:00
Xin LI
89dd99dcac Resolve conflicts. 2006-08-20 15:50:51 +00:00
Xin LI
8978d559b1 This commit was generated by cvs2svn to compensate for changes in r161475,
which included commits to RCS files with non-trunk default branches.
2006-08-20 15:49:51 +00:00
Xin LI
6dcb072b30 Import less v394 2006-08-20 15:49:51 +00:00
Gregory Neil Shapiro
ce49de0077 Update to sendmail 8.13.8 2006-08-17 05:16:15 +00:00
Gregory Neil Shapiro
37ae5ffeb0 This commit was generated by cvs2svn to compensate for changes in r161389,
which included commits to RCS files with non-trunk default branches.
2006-08-17 05:10:43 +00:00
Gregory Neil Shapiro
3a3ef73d37 Import sendmail 8.13.8 2006-08-17 05:10:43 +00:00
Guido van Rooij
dac098f2c9 Resolve conflicts
MFC after:	1 weeks
2006-08-16 12:23:02 +00:00
Guido van Rooij
2b8b5c44fc This commit was generated by cvs2svn to compensate for changes in r161351,
which included commits to RCS files with non-trunk default branches.
2006-08-16 11:51:32 +00:00
Guido van Rooij
4e39c44e09 Import IP Filter 4.1.13 2006-08-16 11:51:32 +00:00
Giorgos Keramidas
2f934d3e27 Spell 'connection options' correctly.
Submitted by:	  Leonidas Tsampros <ltsampros@upnet.gr>
2006-08-11 12:35:22 +00:00
Colin Percival
fb4bfeb31e Add note concerning FreeBSD-SA-06:01.texindex.
Suggested by:	csjp
2006-07-08 07:32:41 +00:00
Robert Watson
1727deefa8 Resolve conflicts from OpenBSM 1.0 alpha 7 import.
Obtained from:	TrustedBSD Project
2006-06-27 18:09:54 +00:00
Robert Watson
d9af45c4c8 Vendor import of OpenBSM 1.0 alpha 7, with the following change history
notes:

- Adopted Solaris-compatible format for subject32_ex and subject64_ex
  tokens, which previously did not correctly implement variable length
  address storage.
- Prefer inttypes.h to stdint.h; enhance queue.h detection to test for
  TAILQ_FOREACH_SAFE(), which is present in recent BSD queue.h's, but not
  older ones.  OpenBSM now builds on some FreeBSD 4.x version.
- New event types for extended attributes, ACLs, and scheduling.

Obtained from:	TrustedBSD Project
2006-06-27 18:06:41 +00:00
Robert Watson
258cc56708 This commit was generated by cvs2svn to compensate for changes in r159985,
which included commits to RCS files with non-trunk default branches.
2006-06-27 18:06:41 +00:00
Robert Watson
21b2c802f6 Modify import instructions to include "-n" in the sample command line for
the CVS import, and suggest removing it for the real import, rather than
suggesting it for testing.  This will hopefully prevent me (and others)
from making errors.
2006-06-27 17:55:38 +00:00
David E. O'Brien
bc4990d51b This commit was generated by cvs2svn to compensate for changes in r159825,
which included commits to RCS files with non-trunk default branches.
2006-06-21 09:28:00 +00:00
David E. O'Brien
dbca37326f Fix segfault when '/etc/malloc.conf@ -> AJ' due to differnce between
calloc & malloc as agreed by vendor.  Also remove an unused variable.
2006-06-21 09:28:00 +00:00
David E. O'Brien
35a6917047 Document that 'bad cksum 0' is expected on NICs with checksum off-loading. 2006-06-20 05:04:05 +00:00
David E. O'Brien
838ae103d1 Update for the 'file' 4.17 import. 2006-06-19 07:53:49 +00:00
David E. O'Brien
88a5e5ac7b Virgin import of Christos Zoulas's FILE 4.17. 2006-06-19 07:52:15 +00:00
David E. O'Brien
9c5a4d53e8 This commit was generated by cvs2svn to compensate for changes in r159764,
which included commits to RCS files with non-trunk default branches.
2006-06-19 07:52:15 +00:00
Gregory Neil Shapiro
6945f452cb Update FreeBSD info regarding sendmail 8.13.7 import 2006-06-14 16:33:59 +00:00
Gregory Neil Shapiro
355d91e30e Resolve conflicts from sendmail 8.13.7 import 2006-06-14 16:25:31 +00:00
Gregory Neil Shapiro
af9557fdd1 Import sendmail 8.13.7
Security: FreeBSD-SA-06:17.sendmail
2006-06-14 16:23:02 +00:00
Gregory Neil Shapiro
81623278a5 This commit was generated by cvs2svn to compensate for changes in r159609,
which included commits to RCS files with non-trunk default branches.
2006-06-14 16:23:02 +00:00
David Malone
e4ad3d8dd8 Make traceroute decode all the ICMP unreachable messages defined
in http://www.iana.org/assignments/icmp-parameters. Thankfully
IANA's list aggrees with <netinet/ip_icmp.h>.

I've tried to do this in a way which is mostly consistent with
tcptraceroute and Debian's version of traceroute. However, sometimes
a letter is used twice by these versions, so I've gone with:

                                LBL     tcptr   Debian          (chosen)
ICMP_UNREACH_NET                !N      !N      !N              !N
ICMP_UNREACH_HOST               !H      !H      !H              !H
ICMP_UNREACH_PROTOCOL           !P      !P      !P              !P
ICMP_UNREACH_PORT               !       !p      !               !
ICMP_UNREACH_NEEDFRAG           !F-%d   !F      !F-<%d>         !F-<%d>
ICMP_UNREACH_SRCFAIL            !S      !S      !S              !S
ICMP_UNREACH_NET_UNKNOWN        !<%d>   !U      !<%d>           !U
ICMP_UNREACH_HOST_UNKNOWN       !<%d>   !U      !<%d>           !W
ICMP_UNREACH_ISOLATED           !<%d>   !I      !I              !I
ICMP_UNREACH_NET_PROHIB         !<%d>   !A      !A              !A
ICMP_UNREACH_HOST_PROHIB        !<%d>   !C      !C              !Z
ICMP_UNREACH_TOSNET             !<%d>   !T      !T              !Q
ICMP_UNREACH_TOSHOST            !<%d>   !T      !T              !T
ICMP_UNREACH_FILTER_PROHIB      !X      !A      !A              !X
ICMP_UNREACH_HOST_PRECEDENCE    !V      !<%d>   !V              !V
ICMP_UNREACH_PRECEDENCE_CUTOFF  !C      !<%d>   !C              !C

Graham Wilson is planning to use the same codes in Debian's version.

MFC after:	3 weeks
2006-06-13 14:59:07 +00:00
Marius Strobl
ef75316994 This commit was generated by cvs2svn to compensate for changes in r159399,
which included commits to RCS files with non-trunk default branches.
2006-06-08 13:10:51 +00:00
Marius Strobl
2ce641c5c4 * elf64-sparc.c (sparc64_elf_adjust_dynamic_symbol): When linking a
non-shared object, do not reserve space in .plt and .rela.plt
for regular symbols neither defined nor referenced in shared objects.

This is a backport of rev. 1.101 (sourceware.org repository) to
Binutils 2.15 which fixes the creation of bogus relocations in the
PLT of Firefox and Thunderbird binaries and which in turn caused
them to segfault in rtld(1). This is committed to the vendor branch
as it doesn't represent a local change but the original vendor fix
is from after elf_link_hash_flags was replaced with bitfields.

PR:		sparc64/89486
Approved by:	maintainer timeout
Obtained from:	NetBSD
MFC after:	1 week
2006-06-08 13:10:51 +00:00
Maxim Konovalov
75c0641ed4 o It's lilac-dmc.Berkeley.EDU, not lbl-csam.arpa.
Obtained from:	NetBSD
2006-06-07 21:37:42 +00:00
Gleb Smirnoff
301402accb - Note that the synchronisation interface needs to be up and have
an IP address assigned.
- Add "quick" keyword to pf.conf example.

PR:		docs/85209
2006-06-06 12:35:53 +00:00
Robert Watson
0163f8cb67 Regenerate config.h from OpenBSM 1.0 alpha 6 import.
Obtained from:	TrustedBSD Project
2006-06-05 11:06:32 +00:00
Robert Watson
506764c6f6 Vendor branch import of TrustedBSD OpenBSM 1.0 alpha 6:
- Use AU_TO_WRITE and AU_NO_TO_WRITE for the 'keep' argument to au_close();
  previously we used hard-coded 0 and 1 values.
- Add man page for au_open(), au_write(), au_close(), and
  au_close_buffer().
- Support a more complete range of data types for the arbitrary data token:
  add AUR_CHAR (alias to AUR_BYTE), remove AUR_LONG, add AUR_INT32 (alias
  to AUR_INT), add AUR_INT64.
- Add au_close_token(), which allows writing a single token_t to a memory
  buffer.  Not likely to be used much by applications, but useful for
  writing test tools.
- Modify au_to_file() so that it accepts a timeval in user space, not just
  kernel -- this is not a Solaris BSM API so can be modified without
  causing compatibility issues.
- Define a new API, au_to_header32_tm(), which adds a struct timeval
  argument to the ordinary au_to_header32(), which is now implemented by
  wrapping au_to_header32_tm() and calling gettimeofday().  #ifndef KERNEL
  the APIs that invoke gettimeofday(), rather than having a variable
  definition.  Don't try to retrieve time zone information using
  gettimeofday(), as it's not needed, and introduces possible failure
  modes.
- Don't perform byte order transformations on the addr/machine fields of
  the terminal ID that appears in the process32/subject32 tokens.  These
  are assumed to be IP addresses, and as such, to be in network byte
  order.
- Universally, APIs now assume that IP addresses and ports are provided
  in network byte order.  APIs now generally provide these types in
  network byte order when decoding.
- Beginnings of an OpenBSM test framework can now be found in openbsm/test.
  This code is not built or installed by default.
- auditd now assigns more appropriate syslog levels to its debugging and
  error information.
- Support for audit filters introduced: audit filters are dynamically
  loaded shared objects that run in the context of a new daemon,
  auditfilterd.  The daemon reads from an audit pipe and feeds both BSM and
  parsed versions of records to shared objects using a module API.  This
  will provide a framework for the writing of intrusion detection services.
- New utility API, audit_submit(), added to capture common elements of audit
  record submission for many applications.

Obtained from:	TrustedBSD Project
2006-06-05 10:52:12 +00:00
Robert Watson
0127a4bb1b This commit was generated by cvs2svn to compensate for changes in r159248,
which included commits to RCS files with non-trunk default branches.
2006-06-05 10:52:12 +00:00
Hartmut Brandt
1164383c76 This commit was generated by cvs2svn to compensate for changes in r159063,
which included commits to RCS files with non-trunk default branches.
2006-05-30 07:46:52 +00:00
Hartmut Brandt
6f557cf7be Vendor patch: add support for the BITS construct and enumerations in both
gensnmpdef and gensnmptree. Add include and typedef directives to gensnmptree.

Submitted by:	soc-sheryana (partly)
2006-05-30 07:46:52 +00:00
Xin LI
2440a45859 Resolve conflicts. 2006-05-21 15:52:24 +00:00
Xin LI
50973020f9 This commit was generated by cvs2svn to compensate for changes in r158795,
which included commits to RCS files with non-trunk default branches.
2006-05-21 15:49:27 +00:00
Xin LI
7a997a696b Import netcat from OpenBSD 3.9-RELEASE. 2006-05-21 15:49:27 +00:00
Giorgos Keramidas
d9c49a535a Update the description of the `STATE' column for SMP systems,
and add the missing `C' SMP-only column.

PR:		docs/29245
Submitted by:	ada@bsd.org
Patch by:	Pawel Worach <pawel.worach@telia.com>
MFC after:	3 days
2006-05-16 15:27:43 +00:00
Crist J. Clark
a719d3b931 Option for setting a fixed destination port. This is useful for tracing
to a host behind a firewall where only specific services are allowed.
For example, to trace the hops to an HTTP server behind a firewall,

  $ traceroute -e -P tcp -p 80 www-firewalled.example.com

MFC after:	1 week
2006-05-11 06:30:18 +00:00