Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
137,548 Commits 606 Branches 0 Tags 3.1 GiB
Commit Graph

10221 Commits

Author SHA1 Message Date
elad 5888b16eef Some changes in veriexec. 
New features:

  - Add a veriexec_report() routine to make most reporting consistent and
    remove some common code.
  - Add 'strict' mode that controls how veriexec behaves.
  - Add sysctl knobs:
     o kern.veriexec.verbose controls verbosity levels. Value: 0, 1.
     o kern.veriexec.strict controls strict level. Values: 0, 1, 2. See
       documentation in sysctl(3) for details.
     o kern.veriexec.algorithms returns a string with a space separated
       list of supported hashing algorithms in veriexec.
  - Updated documentation in man pages for sysctl(3) and sysctl(8).

Bug fixes:

  - veriexec_removechk(): Code cleanup + handle FINGERPRINT_NOTEVAL
    correctly.
  - exec_script(): Don't pass 0 as flag when executing a script; use the
    defined VERIEXEC_INDIRECT - which is 1. Makes indirect execution
    enforcement work.
  - Fix some printing formats and types..
 2005-05-19 20:16:19 +00:00
christos eda876c9d5 Libedit depends on libterm. From Patrick Welche 2005-05-18 22:36:20 +00:00
christos 33b0562908 Make completion_matches non-static since readline wants it. 2005-05-18 22:34:41 +00:00
christos 308097fac3 Make signal handler safe. From Michael Knudsen, many thanks. 2005-05-18 00:50:24 +00:00
peter 838f5a9f71 - setmode() can fail on strtol(3); note this. 
- Use .Va for errno.
 2005-05-17 21:54:06 +00:00
wiz 98fcd5ac03 Fix capso in Dd argument. 2005-05-16 18:49:24 +00:00
lukem 78745cde09 Remove clause 3 from the UCB license. 2005-05-16 13:14:43 +00:00
lukem 9704a33c9a Remove clause 3 from the UCB license. 
XXX: the separate TNF copyright block should be converted to a standard TNF one
 2005-05-16 13:13:12 +00:00
lukem a1273fe760 More whitespace consistency tweaks 2005-05-16 11:42:04 +00:00
lukem 248b38c348 Whitespace consistency fixes. 2005-05-16 11:40:16 +00:00
peter bae4325411 This function is in librt, not libc. 2005-05-16 00:45:24 +00:00
christos cf3e6ebd2b add t_putws 2005-05-15 21:10:52 +00:00
thorpej f2b0a44663 u_short -> uint16_t 2005-05-15 21:01:34 +00:00
dsl 54cc3da266 Make the arg to getnetconfigent const char * to match the man page (and 
likely calling code).
 2005-05-15 20:54:41 +00:00
yamt 176be94d27 add fgetwln. 2005-05-15 13:09:13 +00:00
yamt 62de7e0c8d dcngettext: don't return stack garbage when there's no usable database. 2005-05-15 09:58:06 +00:00
christos 6a08589259 bump for wide stdio functions. 2005-05-14 23:51:16 +00:00
christos f432bbb6fd Add the missing wide char support functions from freebsd. 
XXX: long double support is missing until we get gdtoa, and add the
necessary wide functions.
 2005-05-14 23:51:02 +00:00
tshiozak dd416aa868 add plural support. 2005-05-14 17:58:56 +00:00
tshiozak a023aa0fb7 * add some comments. 
* add some functions:
   _citrus_memory_stream_bind_ptr()
   _citrus_memory_stream_tell()
   _citrus_memory_stream_ungetc()
   _citrus_region_get_subregion()
* fix a bug in _citrus_memory_stream_seek().
 2005-05-14 17:55:42 +00:00
christos d1ca0533bf make sure ty_class is cleared on each entry. 2005-05-14 15:43:47 +00:00
manu 6add206c2f - Fix a double free 
- For acquire messages, when NAT-T is in use, consider null port as a
  wildcard and use IKE port
 2005-05-13 14:09:44 +00:00
christos 182beb15f2 PR/30215: Kouichirou Hiratsuka: /bin/sh dumps core with tabcomplete 
Don't core-dump when trying to complete an empty line; instead assume ./
 2005-05-12 15:48:40 +00:00
jmc 2c8974a914 Fix fallout from vm_anon changes 2005-05-11 17:41:52 +00:00
manu a5a80e2b4d Update sample config file to higher security settings 2005-05-10 10:22:03 +00:00
dsl 2e685ade80 Use getpwuid_r(getuid(), ...) to expand ~/.... 
Don't replace ~xyz with /home/xyz when expanding ~
 2005-05-09 20:10:33 +00:00
manu 873e8e21a9 More NAT-T fixes for the situation where racoon acts as a VPN client 
Flush SA and generated SP on DPD timeout and deletion payloads
 2005-05-08 08:57:26 +00:00
perry 478944b35b Change HISTORY. It traces execve only back to 4.2BSD, and it is a 
touch older than that. (Surprisingly, though, it doesn't appear to
have been in v6.)
 2005-05-07 17:29:19 +00:00
dsl 6ddc453ece gdb directly calls filename_completion_function() 2005-05-07 16:28:32 +00:00
dsl 76a1f02b41 Make everything that uses makelist depend on Makefile - that way the 
created files pick up new entries.
 2005-05-07 16:22:59 +00:00
dsl 41a59814ed Separate out the filename completion functions from the readline() code. 
Pass in loads of parameters instead of relying on shed-loads of global
variables to modify the behaviour.
The filename completion code can now be enabled by code that uses el_gets().
(eg /bin/sh)
 2005-05-07 16:01:25 +00:00
perry d2b93fe0e9 cross reference script.7 2005-05-07 02:38:41 +00:00
perry d11d9afc47 cross reference script(7) 2005-05-07 02:32:35 +00:00
lukem d26858bb0f Allow this to compile if MKSTATICLIB=no. 
More of PR 29968 from Jukka Salmi.
 2005-05-07 00:23:01 +00:00
jmc ff69cd3f50 The __used__ change doesn't work on 2.95/vax. Put an #ifdef back in for vax and 
reverted it to __unused__ as it was before
 2005-05-06 19:32:30 +00:00
rearnsha dd7174bb3e On ARMv5 reduce the value to the LSB before using CLZ. Otherwise we'll 
calculate the position of the MSB not the LSB.
 2005-05-06 09:50:25 +00:00
lukem 0d885c3aa4 Don't perform a check for "secure" tty for root logins when using PAM; 
that is what we provide pam_securetty(8) for.

Fix the -DNOPAM build option by allowing it to compile
(even though we don't use this source file when USE_PAM=no).
 2005-05-05 23:21:58 +00:00
lukem f4ee085480 PAM may change the user name during the authentication process; 
ensure that we deal with this so that SRA authenticated logins
will pass the changed user name to login(1).
 2005-05-05 22:43:56 +00:00
lukem 94b84ac8a2 Fix the check for insecure root logins in rootterm(): 
- It was originally referring to a bogus version of `line'.
  (problem solved by using 'extern char *line' instead of 'extern char line[]')
- It wasn't stripping the leading "/dev/" off `line' before calling getttynam(3)
 2005-05-05 02:20:45 +00:00
manu 8bf053b3f3 on phase 2 acquire, lookup phase 2 by (src, dst, policy id) so that 
multiple SA can be used in transport mode

While I'm there, patch ipsec-tools ChangeLog to reflect the changes we
took from ipsec-tools-0_6-branch
 2005-05-03 21:08:47 +00:00
matt 57947b7b48 Make longjmp on vax not use sigreturn. Instead it rewrites the 
jmp_buf into one compatible with __longjmp14 and relies on that
to change that into a ucontext_t suitable for setcontext(2).
 2005-05-03 04:37:33 +00:00
matt cedcd39661 Don't cast x to double, it already is one. 2005-05-03 04:18:32 +00:00
martin 3fcf13a5a0 Fix some typos. From Christian Brueffer in PR lib/30109. 2005-05-01 16:36:47 +00:00
christos 340e17eb3b Don't attempt to delete a NULL key. Can happen if we were the only key 
in a 64K page. Thanks to Juergen Hannken-Illjes for the test.
 2005-04-27 23:11:29 +00:00
yamt 4882631e1a correct size to malloc. 2005-04-27 09:51:52 +00:00
yamt c67c589db3 remove unnecessary #include. 2005-04-27 09:50:26 +00:00
manu 10802677c9 Bug fixes from the ipsec-tools 0.6 branch: 
- Fix NAT-T problems that prevented multiple peers behind the same NAT
  to talk to the same machine outside the NAT. This also require kernel
  fixes (already committed eralier)
- Fix a LP64 bug
- Fix NAT-T RFC conformance bugs (missing non ESP marker in packets)
- Add a -p option to setkey to display ports that could be used for ESP
  over UDP when printing policies
 2005-04-27 05:19:49 +00:00
matt ae59c445be Remove CPPFLAGS 2005-04-25 17:21:31 +00:00
matt 51ba88ed0f Add ${DESTDIR}/usr/include/krb5 to CPPFLAGS so <parse_units.h> can be found. 2005-04-25 15:43:34 +00:00
matt bb1ca526b7 Don't cast the lvalue; cast the rhs instead. 2005-04-25 15:42:46 +00:00
tshiozak 7204e681ae make sure to set errno to EINVAL if _citrus_iconv_open() returns ENOENT. 2005-04-25 13:42:04 +00:00
yamt 8c79aa408b s!/var/run/nologin!/etc/nologin!g to match with the code. 2005-04-25 10:24:06 +00:00
matt 35f4d7fe23 Terminate the arglist with a NULL instead of 0. (Shuts up gcc4.x) 2005-04-25 01:06:03 +00:00
christos 631ccd6107 Revert the previous patch. It is not worth it optimizing the code to avoid 
compiler errors because it makes it gratutiously different.
 2005-04-24 23:29:06 +00:00
christos 19139351d0 Simplify the code and avoid a compiler issue with -O6 on sparc64: 
Error: Illegal operands: There are only 32 single precision f registers; [0-31]
 2005-04-24 19:33:52 +00:00
christos 950f51e55c Remove unused, -- just used is enough. From uwe. 2005-04-24 18:18:52 +00:00
christos d066f8aee0 Add a __used__ attribute next to the __unused__ attribute, because we don't 
want the optimizer to get rid of the whole code erroneously (which happens
with -O6 on sparc64).
 2005-04-24 18:15:52 +00:00
wiz 4878707c24 Oops, openssl_errstr(1), not (3). 2005-04-24 00:13:50 +00:00
wiz d3e15626be Add openssl_errstr(1). 2005-04-24 00:12:07 +00:00
wiz e19d039592 regen (sync with 0.9.7g). 2005-04-24 00:10:02 +00:00
christos c20fe9e615 add new files. 2005-04-23 20:32:17 +00:00
christos d3444e8124 Update for 4.0, bump version. 2005-04-23 16:53:47 +00:00
simonb 546f9b44cd Branch to a local symbol instead of a global symbol. 2005-04-22 06:59:00 +00:00
simonb 0cbe508fbc Use the same function name in the LEAF() and END() directives. 2005-04-22 06:58:01 +00:00
jmc 9de49396cd Don't use 'm4' here. Use $TOOL_M4 instead. 2005-04-20 18:26:11 +00:00
nathanw 5f7a108732 Avoid passing along a timespec with a negative number of seconds if 
the current time plus the caller-supplied time to sleep wraps the
time_t. Instead, sleep until INT_MAX.
 2005-04-19 16:38:57 +00:00
rillig 1990d26431 Converted all arguments for the <ctype.h> functions to (unsigned char). 
Fixes PR 21165. Approved by christos.
 2005-04-19 16:33:53 +00:00
christos b4073cddaf Fix getgrnam -> getgrnam_r 2005-04-19 13:04:38 +00:00
christos e640241b82 fix getgrnam -> getgrnam_r and add a forgotten getpwnam -> gepwnam_r 
From john nemeth
 2005-04-19 13:04:19 +00:00
wiz d82b36f1ee Add a comma for readability. 2005-04-19 10:00:50 +00:00
lukem 9fcbc80387 When sequentially parsing a source looking for entries don't fail with 
NS_UNAVAIL on an unparseable or too long line; instead try the next entry.
This is more consistent with the behaviour prior to the rework in rev 1.49.
 2005-04-19 05:27:58 +00:00
lukem 2662d7cbb4 Clarify getgr*_r() return value when entry isn't found. 
Improve markup of various constants.
 2005-04-19 04:38:04 +00:00
lukem 77c203997c remove bogus punctuation 2005-04-19 04:32:58 +00:00
lukem f948a874e7 Clarify getpw*_r() return value when entry isn't found. 
Improve markup of various constants.
 2005-04-19 04:26:16 +00:00
lukem 01cf9d0263 Safety boots: don't depend upon getpwnam_r() to set pwd to NULL on all 
failures, especially if we're going to ignore the return result.
 2005-04-19 03:40:16 +00:00
lukem a767f5ec9c getpw*_r() may return 0 and set pwd==NULL 2005-04-19 03:38:08 +00:00
christos b9b92f846c check for pwd != NULL, fix a missed getpwnam. 2005-04-19 03:29:18 +00:00
christos eea147d9f9 check for pwd != NULL 2005-04-19 03:20:50 +00:00
christos 262b0ba97f check pwd != NULL 2005-04-19 03:19:46 +00:00
christos 2a62e4e1ad check for pwd != in getpw*_r functions. 2005-04-19 03:15:34 +00:00
lukem d0388cff8b getgrent(): 
Return the correct result. (broken in rev 1.56 -- Hi Christos!)

getgr{ent,nam,uid}_r():
Return 0 "entry not found" and errno for other failures.
("entry not found" still sets *result to NULL).

Various backends:
don't set the retval to errno (or modify errno) for NS_NOTFOUND.

Per discussion with Klaus Klein.
 2005-04-19 03:00:12 +00:00
lukem 443af068fa getpw{ent,nam,uid}_r(): 
Return 0 "entry not found" and errno for other failures.
("entry not found" still sets *result to NULL).

Various backends:
don't set the retval to errno (or modify errno) for NS_NOTFOUND.

Per discussion with Klaus Klein.
 2005-04-19 02:49:00 +00:00
wiz 9899f59159 Grammar fix. 2005-04-19 00:15:50 +00:00
kleink 4e3cae58ff Move the (at this time private) get{proto,serv}ent_r() prototypes and 
data structures into the libc sources until the interface gets redone.
Approved by christos.
 2005-04-18 19:39:45 +00:00
wiz 7224809d57 Document index argument, and mention that long_options 
needs to be terminated with a structure containing zeroes.
Slightly modified version of patch from PR 30002 by Kailash Sethuraman.
Bump date.
 2005-04-18 10:56:33 +00:00
christos 0de6393bd4 PR/21165: Christian Biere: ctype function misuse 2005-04-17 17:27:11 +00:00
christos 476fac655a PR/21167: Christian Biere: ctype function misuse. 2005-04-17 17:22:36 +00:00
wiz aad2c7a127 Remove superfluous .Pp, add some commas, improve grammar in a sentence, 
and bump date for the many changes in the update to 1.0c.
 2005-04-17 08:51:19 +00:00
wiz 46e16d08b7 Drop trailing whitespace. 2005-04-17 08:48:17 +00:00
provos bdc32cfad7 update to libevent-1.0c. This includes support for event priorities, 
multi-threaded applications and some bug fixes.  regression test
improved to test for new features.  bump major.
 2005-04-17 07:20:00 +00:00
kleink d6a0715a49 Due to their "inverse" treatment of the fraction's MSb, update NAN 
conversion to construct a quiet NaN on hppa, mips, sh3, and sh5 as well.
Also, remove the portion constructing a ROP on vax; this is not required
by the standard, and in its consequences it is not an appropriate
substitute for a qNaN.
 2005-04-15 22:46:21 +00:00
kleink b2cb7fcd8a Push back the descriptions of NaN formats, and descriptions of the 
distinction between signalling NaNs and quiet NaNs back into the
machine-dependent headers; treat the implementation of __nanf in the
same spirit.

IEEE 754 leaves the distinction between signalling NaNs and quiet NANs
to the implementation, and unlike our headers used to suggest they're
not identical in the interpretation of the fraction's MSb; in due
course, make those of hppa, mips, sh3, and sh5 reflect reality.
 2005-04-15 22:39:10 +00:00
wiz 0bb532e823 Bump date for previous; add commas to make 
sentences more readable.
 2005-04-13 23:08:03 +00:00
drochner 1a771b22ec Allow for a login.conf file without an explicite "default" class 
definition.
The login.conf(5) manpage states that the "default" class is used
*if it exists*.
 2005-04-13 20:32:42 +00:00
christos a76abbed58 PR/29958: Peter Bex: add rl_variable_bind and rl_attempted_completion_over 2005-04-12 22:01:40 +00:00
drochner 179747d76c getmntinfo() if a compatibility function, so there is no point in hiding 
references to the compatibility getfsstat()
The real problem behind PR lib/29919 was a stale weak_alias, so back out
the workaround.
 2005-04-12 21:36:46 +00:00
drochner ec387481a6 the real reason behind PR lib/29919 was that there was a __weak_alias, 
obviously copied from getmntinfo.c, referencing the compatibility
getmntinfo()
 2005-04-12 20:49:19 +00:00
wiz 37172421f7 Adapt .Dt argument for man page renaming, and use more macros. 2005-04-12 17:04:46 +00:00
drochner a00e491cf3 Both libcurses and libc installed a getcap(3) manpage, and both used it 
as target for a bunch of MLINKS. This had the effect that whatever came
last in install overwrote everything from the other camp.
Solve this by renaming the libc page -- this makes sense because no
function is really named "getcap" here.
 2005-04-12 16:27:42 +00:00
drochner 4ba6a2ab76 this should refer to "cgetset", not "cgetseq" 2005-04-12 16:11:33 +00:00