From owner-p4-projects Fri Oct 25 10:30:38 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 66E5537B404; Fri, 25 Oct 2002 10:30:01 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EB1AF37B401 for ; Fri, 25 Oct 2002 10:30:00 -0700 (PDT) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id C7F2343E4A for ; Fri, 25 Oct 2002 10:29:59 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id g9PHTAmV010997 for ; Fri, 25 Oct 2002 10:29:10 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.12.6/8.12.6/Submit) id g9PHT8sa010994 for perforce@freebsd.org; Fri, 25 Oct 2002 10:29:08 -0700 (PDT) Date: Fri, 25 Oct 2002 10:29:08 -0700 (PDT) Message-Id: <200210251729.g9PHT8sa010994@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson Subject: PERFORCE change 20134 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://perforce.freebsd.org/chv.cgi?CH=20134 Change 20134 by rwatson@rwatson_tislabs on 2002/10/25 10:28:12 Integ the MAC tree: loop back man page stuff from libc; pick up many sysinstall fixes, vfs fixes, etc. Affected files ... .. //depot/projects/trustedbsd/mac/UPDATING#16 integrate .. //depot/projects/trustedbsd/mac/bin/ls/ls.c#17 integrate .. //depot/projects/trustedbsd/mac/contrib/groff/tmac/troffrc#6 integrate .. //depot/projects/trustedbsd/mac/etc/MAKEDEV#17 integrate .. //depot/projects/trustedbsd/mac/etc/defaults/periodic.conf#6 integrate .. //depot/projects/trustedbsd/mac/etc/inetd.conf#7 integrate .. //depot/projects/trustedbsd/mac/etc/mtree/BSD.include.dist#18 integrate .. //depot/projects/trustedbsd/mac/etc/periodic/security/100.chksetuid#6 integrate .. //depot/projects/trustedbsd/mac/etc/periodic/security/200.chkmounts#5 integrate .. //depot/projects/trustedbsd/mac/etc/periodic/security/500.ipfwdenied#4 integrate .. //depot/projects/trustedbsd/mac/etc/periodic/security/510.ipfdenied#1 branch .. //depot/projects/trustedbsd/mac/etc/periodic/security/600.ip6fwdenied#4 integrate .. //depot/projects/trustedbsd/mac/etc/periodic/security/700.kernelmsg#5 integrate .. //depot/projects/trustedbsd/mac/etc/periodic/security/Makefile#3 integrate .. //depot/projects/trustedbsd/mac/etc/periodic/security/security.functions#1 branch .. //depot/projects/trustedbsd/mac/gnu/usr.bin/groff/tmac/Makefile#6 integrate .. //depot/projects/trustedbsd/mac/include/Makefile#25 integrate .. //depot/projects/trustedbsd/mac/lib/libc/locale/wcrtomb.c#3 integrate .. //depot/projects/trustedbsd/mac/lib/libc/net/getaddrinfo.c#8 integrate .. //depot/projects/trustedbsd/mac/lib/libc/posix1e/mac.c#6 integrate .. //depot/projects/trustedbsd/mac/lib/libc/posix1e/mac_free.3#9 integrate .. //depot/projects/trustedbsd/mac/lib/libc/stdio/local.h#7 integrate .. //depot/projects/trustedbsd/mac/lib/libc/string/strerror.3#6 integrate .. //depot/projects/trustedbsd/mac/lib/libc/string/wcsncpy.c#6 integrate .. //depot/projects/trustedbsd/mac/lib/libc/string/wcsstr.c#5 integrate .. //depot/projects/trustedbsd/mac/lib/libc/sys/aio_cancel.2#3 integrate .. //depot/projects/trustedbsd/mac/lib/libc/sys/aio_error.2#3 integrate .. //depot/projects/trustedbsd/mac/lib/libc/sys/aio_read.2#3 integrate .. //depot/projects/trustedbsd/mac/lib/libc/sys/aio_return.2#3 integrate .. //depot/projects/trustedbsd/mac/lib/libc/sys/aio_suspend.2#3 integrate .. //depot/projects/trustedbsd/mac/lib/libc/sys/aio_waitcomplete.2#3 integrate .. //depot/projects/trustedbsd/mac/lib/libc/sys/aio_write.2#3 integrate .. //depot/projects/trustedbsd/mac/lib/libc/sys/sigaction.2#7 integrate .. //depot/projects/trustedbsd/mac/lib/libdisk/disk.c#12 integrate .. //depot/projects/trustedbsd/mac/lib/libfetch/ftp.c#11 integrate .. //depot/projects/trustedbsd/mac/libexec/ftpd/ftpd.c#15 integrate .. //depot/projects/trustedbsd/mac/libexec/lukemftpd/Makefile#6 integrate .. //depot/projects/trustedbsd/mac/release/Makefile#30 integrate .. //depot/projects/trustedbsd/mac/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml#40 integrate .. //depot/projects/trustedbsd/mac/sbin/gpt/Makefile#2 integrate .. //depot/projects/trustedbsd/mac/sbin/gpt/create.c#1 branch .. //depot/projects/trustedbsd/mac/sbin/gpt/gpt.c#2 integrate .. //depot/projects/trustedbsd/mac/sbin/gpt/gpt.h#2 integrate .. //depot/projects/trustedbsd/mac/sbin/ifconfig/ifconfig.c#13 integrate .. //depot/projects/trustedbsd/mac/sbin/ipfw/ipfw2.c#9 integrate .. //depot/projects/trustedbsd/mac/share/doc/papers/fsinterface/Makefile#2 integrate .. //depot/projects/trustedbsd/mac/share/doc/papers/newvm/Makefile#2 integrate .. //depot/projects/trustedbsd/mac/share/doc/papers/sysperf/Makefile#2 integrate .. //depot/projects/trustedbsd/mac/share/doc/psd/01.cacm/Makefile#2 integrate .. //depot/projects/trustedbsd/mac/share/doc/psd/01.cacm/p1#2 integrate .. //depot/projects/trustedbsd/mac/share/doc/psd/01.cacm/ref.bib#1 branch .. //depot/projects/trustedbsd/mac/share/doc/psd/02.implement/Makefile#2 integrate .. //depot/projects/trustedbsd/mac/share/doc/psd/02.implement/implement#2 integrate .. //depot/projects/trustedbsd/mac/share/doc/psd/02.implement/ref.bib#1 branch .. //depot/projects/trustedbsd/mac/share/doc/psd/06.Clang/Makefile#2 integrate .. //depot/projects/trustedbsd/mac/share/doc/psd/13.rcs/rcs/Makefile#2 integrate .. //depot/projects/trustedbsd/mac/share/doc/psd/15.yacc/Makefile#2 integrate .. //depot/projects/trustedbsd/mac/share/doc/psd/15.yacc/ref.bib#1 branch .. //depot/projects/trustedbsd/mac/share/doc/psd/15.yacc/ss..#2 integrate .. //depot/projects/trustedbsd/mac/share/doc/psd/16.lex/Makefile#2 integrate .. //depot/projects/trustedbsd/mac/share/doc/psd/16.lex/lex.ms#2 integrate .. //depot/projects/trustedbsd/mac/share/doc/psd/17.m4/m4.ms#2 integrate .. //depot/projects/trustedbsd/mac/share/doc/smm/10.named/Makefile#2 delete .. //depot/projects/trustedbsd/mac/share/doc/smm/18.net/Makefile#2 integrate .. //depot/projects/trustedbsd/mac/share/doc/smm/contents/contents.ms#2 integrate .. //depot/projects/trustedbsd/mac/share/doc/usd/10.exref/Makefile.inc#2 integrate .. //depot/projects/trustedbsd/mac/share/doc/usd/10.exref/summary/Makefile#2 integrate .. //depot/projects/trustedbsd/mac/share/doc/usd/12.vi/Makefile.inc#2 integrate .. //depot/projects/trustedbsd/mac/share/doc/usd/12.vi/summary/Makefile#2 integrate .. //depot/projects/trustedbsd/mac/share/doc/usd/12.vi/vi/Makefile#2 integrate .. //depot/projects/trustedbsd/mac/share/doc/usd/22.trofftut/tt.mac#2 integrate .. //depot/projects/trustedbsd/mac/share/man/man3/assert.3#3 integrate .. //depot/projects/trustedbsd/mac/share/man/man3/stdarg.3#3 integrate .. //depot/projects/trustedbsd/mac/share/man/man4/Makefile#19 integrate .. //depot/projects/trustedbsd/mac/share/man/man4/acpi.4#4 integrate .. //depot/projects/trustedbsd/mac/share/man/man4/aio.4#1 branch .. //depot/projects/trustedbsd/mac/share/man/man5/periodic.conf.5#7 integrate .. //depot/projects/trustedbsd/mac/sys/alpha/alpha/trap.c#16 integrate .. //depot/projects/trustedbsd/mac/sys/boot/efi/libefi/bootinfo.c#4 integrate .. //depot/projects/trustedbsd/mac/sys/boot/efi/libefi/efiboot.h#3 integrate .. //depot/projects/trustedbsd/mac/sys/boot/efi/libefi/elf_freebsd.c#5 integrate .. //depot/projects/trustedbsd/mac/sys/conf/NOTES#28 integrate .. //depot/projects/trustedbsd/mac/sys/conf/files#66 integrate .. //depot/projects/trustedbsd/mac/sys/conf/files.i386#19 integrate .. //depot/projects/trustedbsd/mac/sys/conf/files.ia64#13 integrate .. //depot/projects/trustedbsd/mac/sys/conf/files.pc98#15 integrate .. //depot/projects/trustedbsd/mac/sys/conf/options#38 integrate .. //depot/projects/trustedbsd/mac/sys/conf/options.ia64#6 integrate .. //depot/projects/trustedbsd/mac/sys/dev/acpica/acpi_ec.c#11 integrate .. //depot/projects/trustedbsd/mac/sys/fs/specfs/spec_vnops.c#15 integrate .. //depot/projects/trustedbsd/mac/sys/geom/geom_subr.c#10 integrate .. //depot/projects/trustedbsd/mac/sys/i386/conf/NOTES#27 integrate .. //depot/projects/trustedbsd/mac/sys/i386/i386/trap.c#18 integrate .. //depot/projects/trustedbsd/mac/sys/i386/include/float.h#2 integrate .. //depot/projects/trustedbsd/mac/sys/ia64/conf/GENERIC#16 integrate .. //depot/projects/trustedbsd/mac/sys/ia64/ia64/machdep.c#22 integrate .. //depot/projects/trustedbsd/mac/sys/ia64/ia64/trap.c#12 integrate .. //depot/projects/trustedbsd/mac/sys/kern/kern_condvar.c#14 integrate .. //depot/projects/trustedbsd/mac/sys/kern/kern_mutex.c#18 integrate .. //depot/projects/trustedbsd/mac/sys/kern/kern_proc.c#22 integrate .. //depot/projects/trustedbsd/mac/sys/kern/kern_synch.c#15 integrate .. //depot/projects/trustedbsd/mac/sys/kern/kern_thread.c#8 integrate .. //depot/projects/trustedbsd/mac/sys/kern/vfs_default.c#14 integrate .. //depot/projects/trustedbsd/mac/sys/kern/vfs_mount.c#12 integrate .. //depot/projects/trustedbsd/mac/sys/kern/vfs_subr.c#46 integrate .. //depot/projects/trustedbsd/mac/sys/kern/vfs_vnops.c#57 integrate .. //depot/projects/trustedbsd/mac/sys/modules/Makefile#49 integrate .. //depot/projects/trustedbsd/mac/sys/modules/mac_partition/Makefile#2 integrate .. //depot/projects/trustedbsd/mac/sys/modules/vinum/Makefile#3 integrate .. //depot/projects/trustedbsd/mac/sys/netinet/ip_divert.c#12 integrate .. //depot/projects/trustedbsd/mac/sys/netinet/ip_fw.h#8 integrate .. //depot/projects/trustedbsd/mac/sys/netinet/ip_fw2.c#10 integrate .. //depot/projects/trustedbsd/mac/sys/netinet/tcp_usrreq.c#13 integrate .. //depot/projects/trustedbsd/mac/sys/sparc64/include/trap.h#4 integrate .. //depot/projects/trustedbsd/mac/sys/sparc64/sparc64/machdep.c#22 integrate .. //depot/projects/trustedbsd/mac/sys/sparc64/sparc64/rwindow.c#6 integrate .. //depot/projects/trustedbsd/mac/sys/sparc64/sparc64/trap.c#16 integrate .. //depot/projects/trustedbsd/mac/sys/sys/conf.h#9 integrate .. //depot/projects/trustedbsd/mac/sys/sys/proc.h#28 integrate .. //depot/projects/trustedbsd/mac/sys/sys/vnode.h#49 integrate .. //depot/projects/trustedbsd/mac/sys/ufs/ffs/ffs_snapshot.c#14 integrate .. //depot/projects/trustedbsd/mac/sys/ufs/ffs/ffs_vfsops.c#26 integrate .. //depot/projects/trustedbsd/mac/sys/vm/uma_core.c#11 integrate .. //depot/projects/trustedbsd/mac/tools/regression/geom/Test/T000/ref.conf#5 integrate .. //depot/projects/trustedbsd/mac/tools/regression/geom/Test/T001/ref.conf#6 integrate .. //depot/projects/trustedbsd/mac/tools/regression/geom/Test/T002/ref.conf#6 integrate .. //depot/projects/trustedbsd/mac/tools/regression/geom/Test/T003/ref.conf#6 integrate .. //depot/projects/trustedbsd/mac/tools/regression/geom/Test/T004/ref.conf#6 integrate .. //depot/projects/trustedbsd/mac/tools/regression/geom/Test/T005/ref.conf#6 integrate .. //depot/projects/trustedbsd/mac/tools/regression/geom/Test/T006/ref.conf#5 integrate .. //depot/projects/trustedbsd/mac/tools/regression/geom/Test/T007/ref.conf#5 integrate .. //depot/projects/trustedbsd/mac/tools/regression/geom/Test/T008/ref.conf#5 integrate .. //depot/projects/trustedbsd/mac/tools/regression/geom/Test/T009/ref.conf#5 integrate .. //depot/projects/trustedbsd/mac/tools/regression/geom/Test/T011/ref.conf#5 integrate .. //depot/projects/trustedbsd/mac/tools/regression/geom/Test/T012/ref.conf#6 integrate .. //depot/projects/trustedbsd/mac/tools/regression/geom/Test/T013/ref.conf#6 integrate .. //depot/projects/trustedbsd/mac/tools/regression/geom/Test/T014/ref.conf#7 integrate .. //depot/projects/trustedbsd/mac/tools/regression/geom/geom_sim.h#4 integrate .. //depot/projects/trustedbsd/mac/tools/regression/geom/geom_simdisk.c#6 integrate .. //depot/projects/trustedbsd/mac/tools/regression/usr.bin/make/Makefile#6 integrate .. //depot/projects/trustedbsd/mac/usr.bin/make/var.c#8 integrate .. //depot/projects/trustedbsd/mac/usr.bin/stat/stat.c#4 integrate .. //depot/projects/trustedbsd/mac/usr.sbin/pkg_install/info/show.c#5 integrate .. //depot/projects/trustedbsd/mac/usr.sbin/quot/quot.c#5 integrate .. //depot/projects/trustedbsd/mac/usr.sbin/sysinstall/dev2c.sh#3 delete .. //depot/projects/trustedbsd/mac/usr.sbin/sysinstall/dist.c#9 integrate .. //depot/projects/trustedbsd/mac/usr.sbin/sysinstall/install.c#12 integrate Differences ... ==== //depot/projects/trustedbsd/mac/UPDATING#16 (text+ko) ==== @@ -22,6 +22,20 @@ integrity. Re-enabling write caching can substantially improve performance. +20021023: + Alphas with kernels from between 20020830 and 20021023 and/or + rtld (ld-elf.so.1) older than 20021023 may experience problems + with groff while doing a buildworld (kernel: "out of memory", + fixed in rev 1.129 of kern/imgact_elf.c; rtld: "too few PT_LOAD + segments", fixed in rev 1.8 of libexec/rtld-elf/map_object.c). + + So, to successfully upgrade your Alpha, you must either + upgrade your kernel and rtld first (which might be a bit + tricky), or avoid running the bootstrapped groff during the + "transitional" buildworld. To avoid running groff during the + transitional upgrade run make buildworld with -DNOMAN, + -DNO_SHAREDOCS, and -DNO_LPR. + 20020831: gcc has been upgraded to 3.2. It is not all binary compatible with earlier versions of gcc for c++ programs. All c++ @@ -1077,4 +1091,4 @@ Contact Warner Losh if you have any questions about your use of this document. -$FreeBSD: src/UPDATING,v 1.217 2002/09/03 06:13:43 imp Exp $ +$FreeBSD: src/UPDATING,v 1.218 2002/10/24 18:41:02 gallatin Exp $ ==== //depot/projects/trustedbsd/mac/bin/ls/ls.c#17 (text+ko) ==== @@ -46,10 +46,11 @@ #endif /* not lint */ #endif #include -__FBSDID("$FreeBSD: src/bin/ls/ls.c,v 1.68 2002/10/24 00:07:30 rwatson Exp $"); +__FBSDID("$FreeBSD: src/bin/ls/ls.c,v 1.69 2002/10/24 01:01:53 rwatson Exp $"); #include #include +#include #include #include @@ -685,6 +686,7 @@ flen = 0; labelstr = NULL; if (f_label) { + char name[PATH_MAX + 1]; mac_t label; int error; @@ -696,12 +698,20 @@ goto label_out; } + if (cur->fts_level == FTS_ROOTLEVEL) + snprintf(name, sizeof(name), + "%s", cur->fts_name); + else + snprintf(name, sizeof(name), + "%s/%s", cur->fts_parent->fts_accpath, + cur->fts_name); + if (options & FTS_LOGICAL) - error = mac_get_file( - cur->fts_path, label); + error = mac_get_file(name, + label); else - error = mac_get_link( - cur->fts_name, label); + error = mac_get_link(name, + label); if (error == -1) { perror(cur->fts_name); mac_free(label); ==== //depot/projects/trustedbsd/mac/contrib/groff/tmac/troffrc#6 (text+ko) ==== @@ -1,5 +1,5 @@ .\" Startup file for troff. -.\" $FreeBSD: src/contrib/groff/tmac/troffrc,v 1.13 2002/10/23 19:04:00 ru Exp $ +.\" $FreeBSD: src/contrib/groff/tmac/troffrc,v 1.14 2002/10/24 11:05:58 ru Exp $ . .\" This is tested by pic. .nr 0p 0 @@ -45,4 +45,12 @@ . .\} . +.\" Disable SGR support in grotty(1). +.if n \{\ +. do nop \X'tty: sgr 0' +. sp -1 +. nr nl 0-1 +. nr % -1 +.\} +. .\" Don't let blank lines creep in here. ==== //depot/projects/trustedbsd/mac/etc/MAKEDEV#17 (text+ko) ==== @@ -20,7 +20,7 @@ # MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. # # @(#)MAKEDEV 5.2 (Berkeley) 6/22/90 -# $FreeBSD: src/etc/MAKEDEV,v 1.331 2002/10/20 08:17:34 scottl Exp $ +# $FreeBSD: src/etc/MAKEDEV,v 1.332 2002/10/24 17:59:58 luigi Exp $ # # Device "make" file. Valid arguments: # all makes all known devices, standard number of units (or close) @@ -916,8 +916,8 @@ ;; usb) - mknod usb$unit c 108 255 root:operator - chmod 0660 usb$unit + mknod usb c 108 255 root:operator + chmod 0660 usb ;; usb*) ==== //depot/projects/trustedbsd/mac/etc/defaults/periodic.conf#6 (text+ko) ==== @@ -10,7 +10,7 @@ # values set in this file. This eases the upgrade path when defaults # are changed and new features are added. # -# $FreeBSD: src/etc/defaults/periodic.conf,v 1.21 2002/09/25 03:01:42 brian Exp $ +# $FreeBSD: src/etc/defaults/periodic.conf,v 1.22 2002/10/25 15:16:54 thomas Exp $ # # What files override these defaults ? @@ -150,6 +150,9 @@ # 500.ipfwdenied daily_status_security_ipfwdenied_enable="YES" +# 510.ipfdenied +daily_status_security_ipfdenied_enable="YES" + # 550.ipfwlimit daily_status_security_ipfwlimit_enable="YES" ==== //depot/projects/trustedbsd/mac/etc/inetd.conf#7 (text+ko) ==== @@ -1,4 +1,4 @@ -# $FreeBSD: src/etc/inetd.conf,v 1.58 2002/08/09 17:34:13 gordon Exp $ +# $FreeBSD: src/etc/inetd.conf,v 1.59 2002/10/24 15:46:10 rwatson Exp $ # # Internet server configuration database # @@ -6,7 +6,12 @@ # To disable a service, comment it out by prefixing the line with '#'. # To enable a service, remove the '#' at the beginning of the line. # +# WARNING: lukemftpd does not support PAM, MAC, per-class nologin files, +# or any login.conf resource limits or features; use it only if this is +# appropriate for your environment. If you require these features, use +# the regular FreeBSD ftpd below. #ftp stream tcp nowait root /usr/libexec/lukemftpd ftpd -l -r +# #ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l #ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -l #telnet stream tcp nowait root /usr/libexec/telnetd telnetd ==== //depot/projects/trustedbsd/mac/etc/mtree/BSD.include.dist#18 (text+ko) ==== @@ -1,4 +1,4 @@ -# $FreeBSD: src/etc/mtree/BSD.include.dist,v 1.60 2002/10/18 15:30:50 tmm Exp $ +# $FreeBSD: src/etc/mtree/BSD.include.dist,v 1.61 2002/10/24 15:25:37 rwatson Exp $ # # Please see the file src/etc/mtree/README before making changes to this file. # ==== //depot/projects/trustedbsd/mac/etc/periodic/security/100.chksetuid#6 (text+ko) ==== @@ -24,7 +24,7 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $FreeBSD: src/etc/periodic/security/100.chksetuid,v 1.6 2002/09/24 18:53:46 ache Exp $ +# $FreeBSD: src/etc/periodic/security/100.chksetuid,v 1.7 2002/10/25 15:14:16 thomas Exp $ # # If there is a global system configuration file, suck it in. @@ -35,12 +35,12 @@ source_periodic_confs fi -LOG="${daily_status_security_logdir}" +. /etc/periodic/security/security.functions + rc=0 case "$daily_status_security_chksetuid_enable" in [Yy][Ee][Ss]) - TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX` echo "" echo 'Checking setuid files and devices:' # XXX Note that there is the possibility of overrunning the args to ls @@ -54,24 +54,10 @@ find $mount -xdev -type f \ \( -perm -u+x -or -perm -g+x -or -perm -o+x \) \ \( -perm -u+s -or -perm -g+s \) -print0 - done | xargs -0 -n 20 ls -liTd | sed 's/^ *//' | sort -k 11 > ${TMP} - fi - - if [ ! -f ${LOG}/setuid.today ]; then - rc=1 - echo "No ${LOG}/setuid.today" - cp ${TMP} ${LOG}/setuid.today || rc=3 - fi - - if ! cmp ${LOG}/setuid.today ${TMP} >/dev/null - then - [ $rc -lt 1 ] && rc=1 - echo "${host} setuid diffs:" - diff -b ${LOG}/setuid.today ${TMP} - mv ${LOG}/setuid.today ${LOG}/setuid.yesterday || rc=3 - mv ${TMP} ${LOG}/setuid.today || rc=3 - fi - rm -f ${TMP};; + done | xargs -0 -n 20 ls -liTd | sed 's/^ *//' | sort -k 11 | + check_diff setuid - "${host} setuid diffs:" + rc=$? + fi;; *) rc=0;; esac ==== //depot/projects/trustedbsd/mac/etc/periodic/security/200.chkmounts#5 (text+ko) ==== @@ -24,7 +24,7 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $FreeBSD: src/etc/periodic/security/200.chkmounts,v 1.4 2002/08/25 04:09:17 cjc Exp $ +# $FreeBSD: src/etc/periodic/security/200.chkmounts,v 1.5 2002/10/25 15:14:16 thomas Exp $ # # Show changes in the way filesystems are mounted @@ -38,35 +38,21 @@ source_periodic_confs fi -LOG="${daily_status_security_logdir}" +. /etc/periodic/security/security.functions + ignore="${daily_status_security_chkmounts_ignore}" rc=0 case "$daily_status_security_chkmounts_enable" in [Yy][Ee][Ss]) - TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX` case "$daily_status_security_noamd" in [Yy][Ee][Ss]) ignore="${ignore}|^amd:" esac [ -n "$ignore" ] && cmd="egrep -v ${ignore#|}" || cmd=cat - if mount -p | ${cmd} > ${TMP}; then - if [ ! -f ${LOG}/mount.today ]; then - rc=1 - echo "" - echo "No ${LOG}/mount.today" - cp ${TMP} ${LOG}/mount.today || rc=3 - fi - if ! cmp ${LOG}/mount.today ${TMP} >/dev/null 2>&1; then - [ $rc -lt 1 ] && rc=1 - echo "" - echo "${host} changes in mounted filesystems:" - diff -b ${LOG}/mount.today ${TMP} - mv ${LOG}/mount.today ${LOG}/mount.yesterday || rc=3 - mv ${TMP} ${LOG}/mount.today || rc=3 - fi - fi - rm -f ${TMP};; + mount -p | ${cmd} | + check_diff mount - "${host} changes in mounted filesystems:" + rc=$?;; *) rc=0;; esac ==== //depot/projects/trustedbsd/mac/etc/periodic/security/500.ipfwdenied#4 (text+ko) ==== @@ -24,13 +24,9 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $FreeBSD: src/etc/periodic/security/500.ipfwdenied,v 1.3 2002/08/25 04:09:17 cjc Exp $ +# $FreeBSD: src/etc/periodic/security/500.ipfwdenied,v 1.4 2002/10/25 15:14:16 thomas Exp $ # -# Show denied packets -# - - # If there is a global system configuration file, suck it in. # if [ -r /etc/defaults/periodic.conf ] @@ -39,29 +35,17 @@ source_periodic_confs fi -LOG="${daily_status_security_logdir}" +. /etc/periodic/security/security.functions + rc=0 case "$daily_status_security_ipfwdenied_enable" in [Yy][Ee][Ss]) TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX` if ipfw -a l 2>/dev/null | egrep "deny|reset|unreach" > ${TMP}; then - if [ ! -f ${LOG}/ipfw.today ]; then - rc=1 - echo "" - echo "No ${LOG}/ipfw.today" - cp ${TMP} ${LOG}/ipfw.today || rc=3 - fi - - if ! cmp ${LOG}/ipfw.today ${TMP} >/dev/null; then - [ $rc -lt 1 ] && rc=1 - echo "" - echo "${host} denied packets:" - diff -b ${LOG}/ipfw.today ${TMP} | egrep "^>" - mv ${LOG}/ipfw.today ${LOG}/ipfw.yesterday || rc=3 - mv ${TMP} ${LOG}/ipfw.today || rc=3 - fi + check_diff new_only ipfw ${TMP} "${host} ipfw denied packets:" fi + rc=$? rm -f ${TMP};; *) rc=0;; esac ==== //depot/projects/trustedbsd/mac/etc/periodic/security/600.ip6fwdenied#4 (text+ko) ==== @@ -24,12 +24,9 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $FreeBSD: src/etc/periodic/security/600.ip6fwdenied,v 1.3 2002/08/25 04:09:17 cjc Exp $ +# $FreeBSD: src/etc/periodic/security/600.ip6fwdenied,v 1.4 2002/10/25 15:14:16 thomas Exp $ # -# Show IPv6 denied packets -# - # If there is a global system configuration file, suck it in. # if [ -r /etc/defaults/periodic.conf ] @@ -38,30 +35,17 @@ source_periodic_confs fi -LOG="${daily_status_security_logdir}" +. /etc/periodic/security/security.functions + rc=0 case "$daily_status_security_ip6fwdenied_enable" in [Yy][Ee][Ss]) TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX` if ip6fw -a l 2>/dev/null | egrep "deny|reset|unreach" > ${TMP}; then - if [ ! -f ${LOG}/ip6fw.today ]; then - rc=1 - echo "" - echo "No ${LOG}/ip6fw.today" - cp ${TMP} ${LOG}/ip6fw.today || rc=3 - fi - - if ! cmp ${LOG}/ip6fw.today ${TMP} >/dev/null; then - [ $rc -lt 1 ] && rc=1 - echo "" - echo "${host} IPv6 denied packets:" - diff -b ${LOG}/ip6fw.today ${TMP} | - egrep "^>" - mv ${LOG}/ip6fw.today ${LOG}/ip6fw.yesterday || rc=3 - mv ${TMP} ${LOG}/ip6fw.today || rc=3 - fi + check_diff new_only ip6fw ${TMP} "${host} ip6fw denied packets:" fi + rc=$? rm -f ${TMP};; *) rc=0;; esac ==== //depot/projects/trustedbsd/mac/etc/periodic/security/700.kernelmsg#5 (text+ko) ==== @@ -24,7 +24,7 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $FreeBSD: src/etc/periodic/security/700.kernelmsg,v 1.5 2002/08/25 04:09:17 cjc Exp $ +# $FreeBSD: src/etc/periodic/security/700.kernelmsg,v 1.6 2002/10/25 15:14:16 thomas Exp $ # # Show kernel log messages @@ -38,30 +38,15 @@ source_periodic_confs fi -LOG="${daily_status_security_logdir}" +. /etc/periodic/security/security.functions + rc=0 case "$daily_status_security_kernelmsg_enable" in [Yy][Ee][Ss]) - TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX` - if dmesg 2>/dev/null > ${TMP}; then - if [ ! -f ${LOG}/dmesg.today ]; then - rc=1 - echo "" - echo "No ${LOG}/dmesg.today" - cp ${TMP} ${LOG}/dmesg.today || rc=3 - fi - - echo "" - echo "${host} kernel log messages:" - if ! cmp ${LOG}/dmesg.today ${TMP} >/dev/null 2>&1; then - [ $rc -lt 1 ] && rc=1 - diff -b ${LOG}/dmesg.today ${TMP} | egrep "^>" - mv ${LOG}/dmesg.today ${LOG}/dmesg.yesterday || rc=3 - mv ${TMP} ${LOG}/dmesg.today || rc=3 - fi - fi - rm -f ${TMP};; + dmesg 2>/dev/null > ${TMP} | + check_diff new_only dmesg - "${host} kernel log messages:" + rc=$?;; *) rc=0;; esac ==== //depot/projects/trustedbsd/mac/etc/periodic/security/Makefile#3 (text+ko) ==== @@ -1,15 +1,17 @@ -# $FreeBSD: src/etc/periodic/security/Makefile,v 1.2 2002/07/18 12:32:57 ru Exp $ +# $FreeBSD: src/etc/periodic/security/Makefile,v 1.3 2002/10/25 15:23:26 thomas Exp $ FILES= 100.chksetuid \ 200.chkmounts \ 300.chkuid0 \ 400.passwdless \ 500.ipfwdenied \ + 510.ipfdenied \ 550.ipfwlimit \ 600.ip6fwdenied \ 650.ip6fwlimit \ 700.kernelmsg \ 800.loginfail \ - 900.tcpwrap + 900.tcpwrap \ + security.functions .include ==== //depot/projects/trustedbsd/mac/gnu/usr.bin/groff/tmac/Makefile#6 (text+ko) ==== @@ -1,4 +1,4 @@ -# $FreeBSD: src/gnu/usr.bin/groff/tmac/Makefile,v 1.39 2002/10/23 19:04:00 ru Exp $ +# $FreeBSD: src/gnu/usr.bin/groff/tmac/Makefile,v 1.40 2002/10/24 11:05:58 ru Exp $ TMACOWN?= ${BINOWN} TMACGRP?= ${BINGRP} @@ -14,7 +14,6 @@ MLINKS+= groff_mdoc.7 mdoc.7 groff_mdoc.7 mdoc.samples.7 CLEANFILES= ${MAN} ${MDOCFILES:S/$/-s/} ${STRIPFILES:S/$/-s/} ${SPECIALFILES:S/$/-s/} -CLEANFILES+= troffrc-end.patched NORMALFILES= mandoc.tmac andoc.tmac an-old.tmac \ me.tmac \ @@ -33,7 +32,7 @@ lbp.tmac \ html.tmac www.tmac \ eqnrc \ - troffrc \ + troffrc troffrc-end \ hyphen.us SPECIALFILES= an.tmac man.tmac s.tmac ms.tmac STRIPFILES= e.tmac doc.tmac mdoc.local @@ -41,7 +40,6 @@ fr.ISO8859-1 ru.KOI8-R all: ${MDOCFILES:S/$/-s/} ${STRIPFILES:S/$/-s/} ${SPECIALFILES:S/$/-s/} -all: troffrc-end.patched .for f in ${MDOCFILES} ${STRIPFILES} $f-s: $f @@ -55,9 +53,6 @@ ${.ALLSRC} > ${.TARGET} .endfor -troffrc-end.patched: troffrc-end - (cat ${.ALLSRC}; echo ".if n .do nop \X'tty: sgr 0'\c") > ${.TARGET} - beforeinstall: cd ${DIST_DIR}; \ ${INSTALL} -o ${TMACOWN} -g ${TMACGRP} -m ${TMACMODE} \ @@ -66,8 +61,6 @@ ${INSTALL} -o ${TMACOWN} -g ${TMACGRP} -m ${TMACMODE} \ hyphen.ru ${DESTDIR}${TMACDIR} cd ${.OBJDIR} - ${INSTALL} -o ${TMACOWN} -g ${TMACGRP} -m ${TMACMODE} \ - troffrc-end.patched ${DESTDIR}${TMACDIR}/troffrc-end .for f in ${STRIPFILES} ${SPECIALFILES} ${INSTALL} -o ${TMACOWN} -g ${TMACGRP} -m ${TMACMODE} \ $f-s ${DESTDIR}${TMACDIR}/$f ==== //depot/projects/trustedbsd/mac/include/Makefile#25 (text+ko) ==== @@ -1,5 +1,5 @@ # @(#)Makefile 8.2 (Berkeley) 1/4/94 -# $FreeBSD: src/include/Makefile,v 1.184 2002/10/18 15:30:45 tmm Exp $ +# $FreeBSD: src/include/Makefile,v 1.185 2002/10/24 15:25:37 rwatson Exp $ # # Doing a make install builds /usr/include # ==== //depot/projects/trustedbsd/mac/lib/libc/locale/wcrtomb.c#3 (text+ko) ==== @@ -25,9 +25,10 @@ */ #include -__FBSDID("$FreeBSD: src/lib/libc/locale/wcrtomb.c,v 1.2 2002/09/06 11:23:45 tjr Exp $"); +__FBSDID("$FreeBSD: src/lib/libc/locale/wcrtomb.c,v 1.3 2002/10/25 13:24:45 tjr Exp $"); #include +#include #include #include #include @@ -36,7 +37,10 @@ wcrtomb(char * __restrict s, wchar_t wc, mbstate_t * __restrict ps __unused) { char *e; + char buf[MB_LEN_MAX]; + if (s == NULL) + s = buf; sputrune(wc, s, MB_CUR_MAX, &e); if (e == NULL) { errno = EILSEQ; ==== //depot/projects/trustedbsd/mac/lib/libc/net/getaddrinfo.c#8 (text+ko) ==== @@ -38,12 +38,9 @@ * in the source code. This is because RFC2553 is silent about which error * code must be returned for which situation. * - freeaddrinfo(NULL). RFC2553 is silent about it. XNET 5.2 says it is - * invalid. - * current code - SEGV on freeaddrinfo(NULL) + * invalid. current code - SEGV on freeaddrinfo(NULL) + * * Note: - * - We use getipnodebyname() just for thread-safeness. There's no intent - * to let it do PF_UNSPEC (actually we never pass PF_UNSPEC to - * getipnodebyname(). * - The code filters out AFs that are not supported by the kernel, * when globbing NULL hostname (to loopback, or wildcard). Is it the right * thing to do? What is the relationship with post-RFC2553 AI_ADDRCONFIG @@ -52,38 +49,21 @@ * (1) what should we do against numeric hostname (2) what should we do * against NULL hostname (3) what is AI_ADDRCONFIG itself. AF not ready? * non-loopback address configured? global address configured? + * + * OS specific notes for netbsd/openbsd/freebsd4/bsdi4: * - To avoid search order issue, we have a big amount of code duplicate * from gethnamaddr.c and some other places. The issues that there's no * lower layer function to lookup "IPv4 or IPv6" record. Calling * gethostbyname2 from getaddrinfo will end up in wrong search order, as - * follows: - * - The code makes use of following calls when asked to resolver with - * ai_family = PF_UNSPEC: - * getipnodebyname(host, AF_INET6); - * getipnodebyname(host, AF_INET); - * This will result in the following queries if the node is configure to - * prefer /etc/hosts than DNS: - * lookup /etc/hosts for IPv6 address - * lookup DNS for IPv6 address - * lookup /etc/hosts for IPv4 address - * lookup DNS for IPv4 address - * which may not meet people's requirement. - * The right thing to happen is to have underlying layer which does - * PF_UNSPEC lookup (lookup both) and return chain of addrinfos. - * This would result in a bit of code duplicate with _dns_ghbyname() and - * friends. + * presented above. + * + * OS specific notes for freebsd4: + * - FreeBSD supported $GAI. The code does not. + * - FreeBSD allowed classful IPv4 numeric (127.1), the code does not. */ -/* - * diffs with other KAME platforms: - * - other KAME platforms already nuked FAITH ($GAI), but as FreeBSD - * 4.0-RELEASE supplies it, we still have the code here. - * - AI_ADDRCONFIG support is supplied - * - some of FreeBSD style (#define tabify and others) - * - classful IPv4 numeric (127.1) is allowed. - */ #include -__FBSDID("$FreeBSD: src/lib/libc/net/getaddrinfo.c,v 1.34 2002/10/06 08:43:35 ume Exp $"); +__FBSDID("$FreeBSD: src/lib/libc/net/getaddrinfo.c,v 1.35 2002/10/25 16:24:28 ume Exp $"); #include "namespace.h" #include @@ -120,19 +100,21 @@ # define FAITH #endif -#define SUCCESS 0 -#define ANY 0 -#define YES 1 -#define NO 0 +#define SUCCESS 0 +#define ANY 0 +#define YES 1 +#define NO 0 static const char in_addrany[] = { 0, 0, 0, 0 }; +static const char in_loopback[] = { 127, 0, 0, 1 }; +#ifdef INET6 static const char in6_addrany[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; -static const char in_loopback[] = { 127, 0, 0, 1 }; static const char in6_loopback[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1 }; +#endif static const struct afd { int a_af; @@ -166,9 +148,9 @@ int e_protocol; const char *e_protostr; int e_wild; -#define WILD_AF(ex) ((ex)->e_wild & 0x01) -#define WILD_SOCKTYPE(ex) ((ex)->e_wild & 0x02) -#define WILD_PROTOCOL(ex) ((ex)->e_wild & 0x04) +#define WILD_AF(ex) ((ex)->e_wild & 0x01) +#define WILD_SOCKTYPE(ex) ((ex)->e_wild & 0x02) +#define WILD_PROTOCOL(ex) ((ex)->e_wild & 0x04) }; static const struct explore explore[] = { @@ -190,9 +172,9 @@ }; #ifdef INET6 -#define PTON_MAX 16 +#define PTON_MAX 16 #else -#define PTON_MAX 4 +#define PTON_MAX 4 #endif static const ns_src default_dns_files[] = { @@ -240,9 +222,9 @@ static struct addrinfo *getanswer(const querybuf *, int, const char *, int, const struct addrinfo *); -static int _dns_getaddrinfo(void *, void *, va_list); static void _sethtent(void); static void _endhtent(void); +static int _dns_getaddrinfo(void *, void *, va_list); static struct addrinfo *_gethtent(const char *, const struct addrinfo *); static int _files_getaddrinfo(void *, void *, va_list); #ifdef YP @@ -291,7 +273,7 @@ /* XXX macros that make external reference is BAD. */ -#define GET_AI(ai, afd, addr) \ +#define GET_AI(ai, afd, addr) \ do { \ /* external reference: pai, error, and label free */ \ (ai) = get_ai(pai, (afd), (addr)); \ @@ -301,7 +283,7 @@ } \ } while (/*CONSTCOND*/0) -#define GET_PORT(ai, serv) \ +#define GET_PORT(ai, serv) \ do { \ /* external reference: error and label free */ \ error = get_port((ai), (serv), 0); \ @@ -309,7 +291,7 @@ goto free; \ } while (/*CONSTCOND*/0) -#define GET_CANONNAME(ai, str) \ +#define GET_CANONNAME(ai, str) \ do { \ /* external reference: pai, error and label free */ \ error = get_canonname(pai, (ai), (str)); \ @@ -317,7 +299,7 @@ goto free; \ } while (/*CONSTCOND*/0) -#define ERR(err) \ +#define ERR(err) \ do { \ /* external reference: error, and label bad */ \ error = (err); \ @@ -325,9 +307,9 @@ /*NOTREACHED*/ \ } while (/*CONSTCOND*/0) -#define MATCH_FAMILY(x, y, w) \ +#define MATCH_FAMILY(x, y, w) \ ((x) == (y) || (/*CONSTCOND*/(w) && ((x) == PF_UNSPEC || (y) == PF_UNSPEC))) -#define MATCH(x, y, w) \ +#define MATCH(x, y, w) \ ((x) == (y) || (/*CONSTCOND*/(w) && ((x) == ANY || (y) == ANY))) char * @@ -430,8 +412,8 @@ continue; if (ex->e_protocol == ANY) continue; - if (pai->ai_socktype == ex->e_socktype - && pai->ai_protocol != ex->e_protocol) { + if (pai->ai_socktype == ex->e_socktype && + pai->ai_protocol != ex->e_protocol) { ERR(EAI_BADHINTS); } } @@ -440,7 +422,7 @@ /* * post-2553: AI_ALL and AI_V4MAPPED are effective only against - * AF_INET6 query. They needs to be ignored if specified in other + * AF_INET6 query. They need to be ignored if specified in other * occassions. */ switch (pai->ai_flags & (AI_ALL | AI_V4MAPPED)) { @@ -776,7 +758,7 @@ while (cur && cur->ai_next) cur = cur->ai_next; } else - ERR(EAI_FAMILY); /*xxx*/ + ERR(EAI_FAMILY); /* XXX */ } break; } @@ -870,7 +852,7 @@ ai->ai_canonname = (char *)malloc(strlen(str) + 1); if (ai->ai_canonname == NULL) return EAI_MEMORY; - strcpy(ai->ai_canonname, str); + strlcpy(ai->ai_canonname, str, strlen(str) + 1); } return 0; } @@ -997,9 +979,10 @@ if (str_isnumber(servname)) { if (!allownumeric) return EAI_SERVICE; - port = htons(atoi(servname)); + port = atoi(servname); if (port < 0 || port > 65535) return EAI_SERVICE; + port = htons(port); } else { switch (ai->ai_socktype) { case SOCK_DGRAM: @@ -1227,8 +1210,8 @@ const u_char *cp; int n; const u_char *eom; - char *bp; - int type, class, buflen, ancount, qdcount; + char *bp, *ep; + int type, class, ancount, qdcount; int haveanswer, had_error; char tbuf[MAXDNAME]; int (*name_ok)(const char *); @@ -1255,13 +1238,13 @@ ancount = ntohs(hp->ancount); qdcount = ntohs(hp->qdcount); bp = hostbuf; - buflen = sizeof hostbuf; + ep = hostbuf + sizeof hostbuf; cp = answer->buf + HFIXEDSZ; if (qdcount != 1) { h_errno = NO_RECOVERY; return (NULL); } - n = dn_expand(answer->buf, eom, cp, bp, buflen); + n = dn_expand(answer->buf, eom, cp, bp, ep - bp); if ((n < 0) || !(*name_ok)(bp)) { h_errno = NO_RECOVERY; return (NULL); @@ -1279,14 +1262,13 @@ } canonname = bp; bp += n; - buflen -= n; /* The qname can be abbreviated, but h_name is now absolute. */ qname = canonname; } haveanswer = 0; had_error = 0; while (ancount-- > 0 && cp < eom && !had_error) { - n = dn_expand(answer->buf, eom, cp, bp, buflen); + n = dn_expand(answer->buf, eom, cp, bp, ep - bp); if ((n < 0) || !(*name_ok)(bp)) { had_error++; continue; @@ -1313,14 +1295,13 @@ cp += n; /* Get canonical name. */ n = strlen(tbuf) + 1; /* for the \0 */ - if (n > buflen || n >= MAXHOSTNAMELEN) { + if (n > ep - bp || n >= MAXHOSTNAMELEN) { had_error++; continue; } - strcpy(bp, tbuf); + strlcpy(bp, tbuf, ep - bp); canonname = bp; bp += n; - buflen -= n; continue; } if (qtype == T_ANY) { @@ -1374,7 +1355,6 @@ canonname = bp; nn = strlen(bp) + 1; /* for the \0 */ bp += nn; - buflen -= nn; } >>> TRUNCATED FOR MAIL (1000 lines) <<< To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message