diff options
| author | cvs2svn <cvs2svn@FreeBSD.org> | 2002-02-04 19:23:43 +0000 |
|---|---|---|
| committer | cvs2svn <cvs2svn@FreeBSD.org> | 2002-02-04 19:23:43 +0000 |
| commit | c2429c497266c4f8c5ec071118e956758aa4af13 (patch) | |
| tree | 27eca0badfcdd1d8d0284d534696abb4195a9eba | |
| parent | b3ea8abeca50df2e24167770d1e7484f1f877a7d (diff) | |
This commit was manufactured by cvs2svn to create tagrelease/4.4.0
'RELENG_4_4_0_RELEASE'.
Notes
Notes:
svn path=/releng/4.4/; revision=90217
svn path=/release/4.4.0/; revision=90218; tag=release/4.4.0
61 files changed, 128 insertions, 3002 deletions
@@ -1,47 +1,13 @@ -Updating Information for FreeBSD STABLE users, 4.4 security branch +Updating Information for FreeBSD STABLE users This file is maintained and copyrighted by M. Warner Losh <imp@village.org>. Please send new entries directly to him. See end of file for further details. For commonly done items, please see the -COMMON ITEMS: section later in the file. A reverse chronology since -4.0 was released is included, followed by the common items quick -how-tos, followed by entries for versions of -current prior to 4.0 -Release. - -This is for the 4.4 release branch. All entries since 4.4 are an -itemized list of commits to this branch, numbered from the beginning. -By this count, we're at 4.4.0p7. - -The security advisories related to various patches contain information -on how to build/install a minimal set of binaries and start/stop a -minimal number of processes, if possible, for that patch. For those -updates that don't have an advisory, or to be safe, you can do a full -build and install as described in the COMMON ITEMS section. - -20020127: p7 - sdiff temp file handling. - -20020127: p6 - gzip temp file handling. - -20020127: p5 - The standard-supfile should track the branch. There won't be - a security advisory for this. - -20020123: p4 FreeBSD-SA-02:08.exec - There's a small window in exec where one could debug a setuid - program and obtain elevated priviledges. This was corrected. - -20020117: p3 FreeBSD-SA-02:07.k5su - k5su fixes. - -20011221: p2 FreeBSD-SA-02:02 - A bug was fixed wherein the pw(8) command created a short-lived - but world-readable copy of /etc/master.passwd. +COMMON ITEMS: section later in the file. -20011202: p1 FreeBSD-SA-01:63 - A security hole in OpenSSH involving `UseLogin yes' has been - patched. +A reverse chronology since 4.0 was released is included, followed by +the common items quick how-tos, followed by entries for versions of +-current prior to 4.0 Release. 20010915: FreeBSD 4.4-RELEASE. diff --git a/contrib/bind/bin/named-bootconf/test.boot b/contrib/bind/bin/named-bootconf/test.boot deleted file mode 100644 index 2b001e4ab041..000000000000 --- a/contrib/bind/bin/named-bootconf/test.boot +++ /dev/null @@ -1,30 +0,0 @@ -directory /var/named -forwarders 1.2.3.4 1.2.3.5 -limit datasize 10000000 -limit files 1000 -limit transfers-in 100 -limit transfers-per-ns 20 -; no-round-robin in HP specific -options no-round-robin fake-iquery forward-only no-fetch-glue no-recursion -slave -tcplist 10.0.0.1 -xfrnets 10.0.0.2 -cache . rootservers -primary example.net example.net.db -secondary example.com 127.0.0.1 example.com.db -stub example.org 127.0.0.1 example.org.db -primary/IN example.net example.net.db -secondary/IN example.com 127.0.0.1 example.com.db -stub/IN example.org 127.0.0.1 example.org.db -secondary/IN example.com 127.0.0.1 -stub/IN example.org 127.0.0.1 -primary/CHAOS example.net example.net.db -secondary/CHAOS example.com 127.0.0.1 example.com.db -stub/CHAOS example.org 127.0.0.1 example.org.db -secondary/CHAOS example.com 127.0.0.1 -stub/CHAOS example.org 127.0.0.1 -primary/HS example.net example.net.db -secondary/HS example.com 127.0.0.1 example.com.db -stub/HS example.org 127.0.0.1 example.org.db -secondary/HS example.com 127.0.0.1 -stub/HS example.org 127.0.0.1 diff --git a/contrib/bind/include/netgroup.h b/contrib/bind/include/netgroup.h deleted file mode 100644 index 30efb9414413..000000000000 --- a/contrib/bind/include/netgroup.h +++ /dev/null @@ -1,17 +0,0 @@ -#ifndef netgroup_h -#define netgroup_h - -int getnetgrent(const char **machinep, const char **userp, - const char **domainp); - -int getnetgrent_r(char **machinep, char **userp, char **domainp, - char *buffer, int buflen); - -void setnetgrent(const char *netgroup); - -void endnetgrent(void); - -int innetgr(const char *netgroup, const char *machine, - const char *user, const char *domain); - -#endif diff --git a/contrib/bind/lib/inet/inet_data.c b/contrib/bind/lib/inet/inet_data.c deleted file mode 100644 index 47b6d9bf6579..000000000000 --- a/contrib/bind/lib/inet/inet_data.c +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Copyright (c) 1995-1999 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS - * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE - * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$Id: inet_data.c,v 1.2 2001/06/20 22:06:36 marka Exp $"; -#endif /* LIBC_SCCS and not lint */ - -#include "port_before.h" - -#include <sys/types.h> -#include <sys/param.h> -#include <sys/socket.h> -#include <sys/time.h> - -#include <netinet/in.h> -#include <arpa/inet.h> -#include <arpa/nameser.h> - -#include <ctype.h> -#include <netdb.h> -#include <resolv.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <unistd.h> - -#include "port_after.h" - -const struct in6_addr isc_in6addr_any = IN6ADDR_ANY_INIT; -const struct in6_addr isc_in6addr_loopback = IN6ADDR_LOOPBACK_INIT; diff --git a/contrib/bind/lib/isc/hex.c b/contrib/bind/lib/isc/hex.c deleted file mode 100644 index 223979629896..000000000000 --- a/contrib/bind/lib/isc/hex.c +++ /dev/null @@ -1,116 +0,0 @@ -/* - * Copyright (c) 2001 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS - * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE - * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -#include <port_before.h> -#include <ctype.h> -#include <stdio.h> -#include <string.h> -#include <isc/misc.h> -#include <port_after.h> - -static const char hex[17] = "0123456789abcdef"; - -int -isc_gethexstring(unsigned char *buf, size_t len, int count, FILE *fp, - int *multiline) -{ - int c, n; - unsigned char x; - char *s; - int result = count; - - x = 0; /* silence compiler */ - n = 0; - while (count > 0) { - c = fgetc(fp); - - if ((c == EOF) || - (c == '\n' && !*multiline) || - (c == '(' && *multiline) || - (c == ')' && !*multiline)) - goto formerr; - /* comment */ - if (c == ';') { - while ((c = fgetc(fp)) != EOF && c != '\n') - /* empty */ - if (c == '\n' && *multiline) - continue; - goto formerr; - } - /* white space */ - if (c == ' ' || c == '\t' || c == '\n' || c == '\r') - continue; - /* multiline */ - if ('(' == c || c == ')') { - *multiline = (c == '(' /*)*/); - continue; - } - if ((s = strchr(hex, tolower(c))) == NULL) - goto formerr; - x = (x<<4) | (s - hex); - if (++n == 2) { - if (len > 0) { - *buf++ = x; - len--; - } else - result = -1; - count--; - n = 0; - } - } - return (result); - - formerr: - if (c == '\n') - ungetc(c, fp); - return (-1); -} - -void -isc_puthexstring(FILE *fp, const unsigned char *buf, size_t buflen, - size_t len1, size_t len2, const char *sep) -{ - size_t i = 0; - - if (len1 < 4) - len1 = 4; - if (len2 < 4) - len2 = 4; - while (buflen > 0) { - fputc(hex[(buf[0]>>4)&0xf], fp); - fputc(hex[buf[0]&0xf], fp); - i += 2; - buflen--; - buf++; - if (i >= len1 && sep != NULL) { - fputs(sep, fp); - i = 0; - len1 = len2; - } - } -} - -void -isc_tohex(const unsigned char *buf, size_t buflen, char *t) { - while (buflen > 0) { - *t++ = hex[(buf[0]>>4)&0xf]; - *t++ = hex[buf[0]&0xf]; - buf++; - buflen--; - } - *t = '\0'; -} diff --git a/contrib/bzip2/FREEBSD-upgrade b/contrib/bzip2/FREEBSD-upgrade deleted file mode 100644 index eebf2febc34d..000000000000 --- a/contrib/bzip2/FREEBSD-upgrade +++ /dev/null @@ -1,32 +0,0 @@ -$FreeBSD$ - -Julian Seward's bzip2 - originals can be found at: http://sources.redhat.com/bzip2/ - -Imported by: - - cvs import -m "Virgin import (trimmed) of Bzip2 version 1.0.2." \ - src/contrib/bzip2 BZIP2 v1_0_2 - -Notes: - 1. The following log shows details of trimming: - - $ tar xvfz bzip2-1.0.2.tar.gz - $ cd bzip2-1.0.2 - $ rm bzdiff bzdiff.1 bzgrep bzgrep.1 bzip2.1.preformatted bzip2.txt - $ rm bzmore bzmore.1 dlltest.dsp libbz2.dsp manual.html manual.pdf - $ rm manual.ps manual_1.html manual_2.html manual_3.html manual_4.html - $ rm manual_abt.html manual_ovr.html manual_toc.html mk251.c - $ uuencode sample1.bz2 sample1.bz2 > sample1.bz2.uu - $ uuencode sample2.bz2 sample2.bz2 > sample2.bz2.uu - $ uuencode sample3.bz2 sample3.bz2 > sample3.bz2.uu - $ gzip -9 sample1.ref sample2.ref sample3.ref - $ uuencode sample1.ref.gz sample1.ref.gz > sample1.ref.gz.uu - $ uuencode sample2.ref.gz sample2.ref.gz > sample2.ref.gz.uu - $ uuencode sample3.ref.gz sample3.ref.gz > sample3.ref.gz.uu - $ rm sample1.bz2 sample1.ref.gz sample2.bz2 sample2.ref.gz - $ rm sample3.bz2 sample3.ref.gz - - -sobomax@FreeBSD.org -1 February 2002 diff --git a/contrib/diff/sdiff.c b/contrib/diff/sdiff.c index 83f3ac025177..b64f1d038365 100644 --- a/contrib/diff/sdiff.c +++ b/contrib/diff/sdiff.c @@ -19,11 +19,6 @@ the Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA. */ /* GNU SDIFF was written by Thomas Lord. */ -#ifndef lint -static const char rcsid[] = -"$FreeBSD$"; -#endif /* not lint */ - #include "system.h" #include <stdio.h> #include <signal.h> @@ -87,6 +82,19 @@ static void try_help PARAMS((char const *)); static void untrapsig PARAMS((int)); static void usage PARAMS((void)); +/* this lossage until the gnu libc conquers the universe */ +#if HAVE_TMPNAM +#define private_tempnam() tmpnam ((char *) 0) +#else +#ifndef PVT_tmpdir +#define PVT_tmpdir "/tmp" +#endif +#ifndef TMPDIR_ENV +#define TMPDIR_ENV "TMPDIR" +#endif +static char *private_tempnam PARAMS((void)); +static int exists PARAMS((char const *)); +#endif static int diraccess PARAMS((char const *)); /* Options: */ @@ -927,29 +935,13 @@ edit (left, lenl, right, lenr, outfile) case 'q': return 0; case 'e': - { - int tfd; - FILE *tmp; + if (! tmpname && ! (tmpname = private_tempnam ())) + perror_fatal ("temporary file name"); - if (tmpmade) - { - unlink (tmpname); - tmpmade = 0; - free (tmpname); - } + tmpmade = 1; - asprintf (&tmpname, "%s/sdiff.XXXXXX", - getenv("TMPDIR") ?: P_tmpdir); - if (tmpname == NULL) - perror_fatal ("temporary file name"); - tfd = mkstemp(tmpname); - if (tfd == -1) - perror_fatal ("temporary file name"); - tmp = fdopen (tfd, "w+"); - if (tmp == NULL) - perror_fatal ("temporary file name"); - - tmpmade = 1; + { + FILE *tmp = ck_fopen (tmpname, "w+"); if (cmd1 == 'l' || cmd1 == 'b') lf_copy (left, lenl, tmp); @@ -1109,3 +1101,80 @@ diraccess (dir) struct stat buf; return stat (dir, &buf) == 0 && S_ISDIR (buf.st_mode); } + +#if ! HAVE_TMPNAM + +/* Return zero if we know that FILE does not exist. */ +static int +exists (file) + char const *file; +{ + struct stat buf; + return stat (file, &buf) == 0 || errno != ENOENT; +} + +/* These are the characters used in temporary filenames. */ +static char const letters[] = + "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; + +/* Generate a temporary filename and return it (in a newly allocated buffer). + Use the prefix "dif" as in tempnam. + This goes through a cyclic pattern of all possible + filenames consisting of five decimal digits of the current pid and three + of the characters in `letters'. Each potential filename is + tested for an already-existing file of the same name, and no name of an + existing file will be returned. When the cycle reaches its end + return 0. */ +static char * +private_tempnam () +{ + char const *dir = getenv (TMPDIR_ENV); + static char const tmpdir[] = PVT_tmpdir; + size_t index; + char *buf; + pid_t pid = getpid (); + size_t dlen; + + if (!dir) + dir = tmpdir; + + dlen = strlen (dir); + + /* Remove trailing slashes from the directory name. */ + while (dlen && dir[dlen - 1] == '/') + --dlen; + + buf = xmalloc (dlen + 1 + 3 + 5 + 1 + 3 + 1); + + sprintf (buf, "%.*s/.", (int) dlen, dir); + if (diraccess (buf)) + { + for (index = 0; + index < ((sizeof (letters) - 1) * (sizeof (letters) - 1) + * (sizeof (letters) - 1)); + ++index) + { + /* Construct a file name and see if it already exists. + + We use a single counter in INDEX to cycle each of three + character positions through each of 62 possible letters. */ + + sprintf (buf, "%.*s/dif%.5lu.%c%c%c", (int) dlen, dir, + (unsigned long) pid % 100000, + letters[index % (sizeof (letters) - 1)], + letters[(index / (sizeof (letters) - 1)) + % (sizeof (letters) - 1)], + letters[index / ((sizeof (letters) - 1) * + (sizeof (letters) - 1))]); + + if (!exists (buf)) + return buf; + } + errno = EEXIST; + } + + /* Don't free buf; `free' might change errno. We'll exit soon anyway. */ + return 0; +} + +#endif /* ! HAVE_TMPNAM */ diff --git a/crypto/heimdal/appl/su/su.c b/crypto/heimdal/appl/su/su.c index 1d3a9dd74948..a5fd44292e87 100644 --- a/crypto/heimdal/appl/su/su.c +++ b/crypto/heimdal/appl/su/su.c @@ -134,11 +134,7 @@ krb5_verify(struct passwd *login_info, struct passwd *su_info, #ifdef KRB5 krb5_error_code ret; krb5_principal p; - char *login_name = NULL; -#if defined(HAVE_GETLOGIN) && !defined(POSIX_GETLOGIN) - login_name = getlogin(); -#endif ret = krb5_init_context (&context); if (ret) { #if 0 @@ -147,11 +143,9 @@ krb5_verify(struct passwd *login_info, struct passwd *su_info, return 1; } - if (login_name == NULL || strcmp (login_name, "root") == 0) - login_name = login_info->pw_name; if (strcmp (su_info->pw_name, "root") == 0) ret = krb5_make_principal(context, &p, NULL, - login_name, + login_info->pw_name, kerberos_instance, NULL); else @@ -270,6 +264,7 @@ main(int argc, char **argv) int i, optind = 0; char *su_user; struct passwd *su_info; + char *login_user = NULL; struct passwd *login_info; struct passwd *pwd; @@ -310,6 +305,10 @@ main(int argc, char **argv) } su_info = make_info(pwd); +#if defined(HAVE_GETLOGIN) && !defined(POSIX_GETLOGIN) + login_user = getlogin(); +#endif + if(login_user == NULL || (pwd = getpwnam(login_user)) == NULL) pwd = getpwuid(getuid()); if(pwd == NULL) errx(1, "who are you?"); diff --git a/crypto/openssh/session.c b/crypto/openssh/session.c index f429d8deccf1..300dc5a2fa1a 100644 --- a/crypto/openssh/session.c +++ b/crypto/openssh/session.c @@ -1118,7 +1118,6 @@ do_child(const char *command, struct passwd * pw, const char *term, child_set_env(&env, &envsize, "TZ", getenv("TZ")); /* Set custom environment options from RSA authentication. */ - if (!options.use_login) { while (custom_environment) { struct envstring *ce = custom_environment; char *s = ce->s; @@ -1132,7 +1131,6 @@ do_child(const char *command, struct passwd * pw, const char *term, xfree(ce->s); xfree(ce); } - } snprintf(buf, sizeof buf, "%.50s %d %d", get_remote_ipaddr(), get_remote_port(), get_local_port()); diff --git a/crypto/openssh/version.h b/crypto/openssh/version.h index 2a46e04f620b..9f554c50dbec 100644 --- a/crypto/openssh/version.h +++ b/crypto/openssh/version.h @@ -1,4 +1,4 @@ /* $FreeBSD$ */ /* $OpenBSD: version.h,v 1.13 2000/10/16 09:38:45 djm Exp $ */ -#define SSH_VERSION "OpenSSH_2.3.0 FreeBSD localisations 20011202" +#define SSH_VERSION "OpenSSH_2.3.0 FreeBSD localisations 20010713" diff --git a/crypto/openssl/doc/ssl/SSL_COMP_add_compression_method.pod b/crypto/openssl/doc/ssl/SSL_COMP_add_compression_method.pod deleted file mode 100644 index 2a987391147c..000000000000 --- a/crypto/openssl/doc/ssl/SSL_COMP_add_compression_method.pod +++ /dev/null @@ -1,70 +0,0 @@ -=pod - -=head1 NAME - -SSL_COMP_add_compression_method - handle SSL/TLS integrated compression methods - -=head1 SYNOPSIS - - #include <openssl/ssl.h> - - int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm); - -=head1 DESCRIPTION - -SSL_COMP_add_compression_method() adds the compression method B<cm> with -the identifier B<id> to the list of available compression methods. This -list is globally maintained for all SSL operations within this application. -It cannot be set for specific SSL_CTX or SSL objects. - -=head1 NOTES - -The TLS standard (or SSLv3) allows the integration of compression methods -into the communication. The TLS RFC does however not specify compression -methods or their corresponding identifiers, so there is currently no compatible -way to integrate compression with unknown peers. It is therefore currently not -recommended to integrate compression into applications. Applications for -non-public use may agree on certain compression methods. Using different -compression methods with the same identifier will lead to connection failure. - -An OpenSSL client speaking a protocol that allows compression (SSLv3, TLSv1) -will unconditionally send the list of all compression methods enabled with -SSL_COMP_add_compression_method() to the server during the handshake. -Unlike the mechanisms to set a cipher list, there is no method available to -restrict the list of compression method on a per connection basis. - -An OpenSSL server will match the identifiers listed by a client against -its own compression methods and will unconditionally activate compression -when a matching identifier is found. There is no way to restrict the list -of compression methods supported on a per connection basis. - -The OpenSSL library has the compression methods B<COMP_rle()> and (when -especially enabled during compilation) B<COMP_zlib()> available. - -=head1 WARNINGS - -Once the identities of the compression methods for the TLS protocol have -been standardized, the compression API will most likely be changed. Using -it in the current state is not recommended. - -=head1 RETURN VALUES - -SSL_COMP_add_compression_method() may return the following values: - -=over 4 - -=item 1 - -The operation succeeded. - -=item 0 - -The operation failed. Check the error queue to find out the reason. - -=back - -=head1 SEE ALSO - -L<ssl(3)|ssl(3)> - -=cut diff --git a/crypto/openssl/doc/ssl/SSL_CTX_ctrl.pod b/crypto/openssl/doc/ssl/SSL_CTX_ctrl.pod deleted file mode 100644 index 4228225ae81b..000000000000 --- a/crypto/openssl/doc/ssl/SSL_CTX_ctrl.pod +++ /dev/null @@ -1,34 +0,0 @@ -=pod - -=head1 NAME - -SSL_CTX_ctrl, SSL_CTX_callback_ctrl, SSL_ctrl, SSL_callback_ctrl - internal handling functions for SSL_CTX and SSL objects - -=head1 SYNOPSIS - - #include <openssl/ssl.h> - - long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg); - long SSL_CTX_callback_ctrl(SSL_CTX *, int cmd, void (*fp)()); - - long SSL_ctrl(SSL *ssl, int cmd, long larg, char *parg); - long SSL_callback_ctrl(SSL *, int cmd, void (*fp)()); - -=head1 DESCRIPTION - -The SSL_*_ctrl() family of functions is used to manipulate settings of -the SSL_CTX and SSL objects. Depending on the command B<cmd> the arguments -B<larg>, B<parg>, or B<fp> are evaluated. These functions should never -be called directly. All functionalities needed are made available via -other functions or macros. - -=head1 RETURN VALUES - -The return values of the SSL*_ctrl() functions depend on the command -supplied via the B<cmd> parameter. - -=head1 SEE ALSO - -L<ssl(3)|ssl(3)> - -=cut diff --git a/crypto/openssl/doc/ssl/SSL_CTX_set_cert_verify_callback.pod b/crypto/openssl/doc/ssl/SSL_CTX_set_cert_verify_callback.pod deleted file mode 100644 index 723fc140d42f..000000000000 --- a/crypto/openssl/doc/ssl/SSL_CTX_set_cert_verify_callback.pod +++ /dev/null @@ -1,75 +0,0 @@ -=pod - -=head1 NAME - -SSL_CTX_set_cert_verify_callback - set peer certificate verification procedure - -=head1 SYNOPSIS - - #include <openssl/ssl.h> - - void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*callback)(), - char *arg); - int (*callback)(); - -=head1 DESCRIPTION - -SSL_CTX_set_cert_verify_callback() sets the verification callback function for -B<ctx>. SSL objects, that are created from B<ctx> inherit the setting valid at -the time, L<SSL_new(3)|SSL_new(3)> is called. B<arg> is currently ignored. - -=head1 NOTES - -Whenever a certificate is verified during a SSL/TLS handshake, a verification -function is called. If the application does not explicitly specify a -verification callback function, the built-in verification function is used. -If a verification callback B<callback> is specified via -SSL_CTX_set_cert_verify_callback(), the supplied callback function is called -instead. By setting B<callback> to NULL, the default behaviour is restored. - -When the verification must be performed, B<callback> will be called with -the argument callback(X509_STORE_CTX *x509_store_ctx). The arguments B<arg> -that can be specified when setting B<callback> are currently ignored. - -B<callback> should return 1 to indicate verification success and 0 to -indicate verification failure. If SSL_VERIFY_PEER is set and B<callback> -returns 0, the handshake will fail. As the verification procedure may -allow to continue the connection in case of failure (by always returning 1) -the verification result must be set in any case using the B<error> -member of B<x509_store_ctx>, so that the calling application will be informed -about the detailed result of the verification procedure! - -Within B<x509_store_ctx>, B<callback> has access to the B<verify_callback> -function set using L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>. - -=head1 WARNINGS - -Do not mix the verification callback described in this function with the -B<verify_callback> function called during the verification process. The -latter is set using the L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)> -family of functions. - -Providing a complete verification procedure including certificate purpose -settings etc is a complex task. The built-in procedure is quite powerful -and in most cases it should be sufficient to modify its behaviour using -the B<verify_callback> function. - -=head1 BUGS - -It is possible to specify arguments to be passed to the verification callback. -Currently they are however not passed but ignored. - -The B<callback> function is not specified via a prototype, so that no -type checking takes place. - -=head1 RETURN VALUES - -SSL_CTX_set_cert_verify_callback() does not provide diagnostic information. - -=head1 SEE ALSO - -L<ssl(3)|ssl(3)>, L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>, -L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>, -L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)> - -=cut diff --git a/crypto/openssl/doc/ssl/SSL_CTX_set_info_callback.pod b/crypto/openssl/doc/ssl/SSL_CTX_set_info_callback.pod deleted file mode 100644 index 63d0b8d33f87..000000000000 --- a/crypto/openssl/doc/ssl/SSL_CTX_set_info_callback.pod +++ /dev/null @@ -1,153 +0,0 @@ -=pod - -=head1 NAME - -SSL_CTX_set_info_callback, SSL_CTX_get_info_callback, SSL_set_info_callback, SSL_get_info_callback - handle information callback for SSL connections - -=head1 SYNOPSIS - - #include <openssl/ssl.h> - - void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*callback)()); - void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(); - - void SSL_set_info_callback(SSL *ssl, void (*callback)()); - void (*SSL_get_info_callback(SSL *ssl))(); - -=head1 DESCRIPTION - -SSL_CTX_set_info_callback() sets the B<callback> function, that can be used to -obtain state information for SSL objects created from B<ctx> during connection -setup and use. The setting for B<ctx> is overridden from the setting for -a specific SSL object, if specified. -When B<callback> is NULL, not callback function is used. - -SSL_set_info_callback() sets the B<callback> function, that can be used to -obtain state information for B<ssl> during connection setup and use. -When B<callback> is NULL, the callback setting currently valid for -B<ctx> is used. - -SSL_CTX_get_info_callback() returns a pointer to the currently set information -callback function for B<ctx>. - -SSL_get_info_callback() returns a pointer to the currently set information -callback function for B<ssl>. - -=head1 NOTES - -When setting up a connection and during use, it is possible to obtain state -information from the SSL/TLS engine. When set, an information callback function -is called whenever the state changes, an alert appears, or an error occurs. - -The callback function is called as B<callback(SSL *ssl, int where, int ret)>. -The B<where> argument specifies information about where (in which context) -the callback function was called. If B<ret> is 0, an error condition occurred. -If an alert is handled, SSL_CB_ALERT is set and B<ret> specifies the alert -information. - -B<where> is a bitmask made up of the following bits: - -=over 4 - -=item SSL_CB_LOOP - -Callback has been called to indicate state change inside a loop. - -=item SSL_CB_EXIT - -Callback has been called to indicate error exit of a handshake function. -(May be soft error with retry option for non-blocking setups.) - -=item SSL_CB_READ - -Callback has been called during read operation. - -=item SSL_CB_WRITE - -Callback has been called during write operation. - -=item SSL_CB_ALERT - -Callback has been called due to an alert being sent or received. - -=item SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ) - -=item SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE) - -=item SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP) - -=item SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT) - -=item SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP) - -=item SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT) - -=item SSL_CB_HANDSHAKE_START - -Callback has been called because a new handshake is started. - -=item SSL_CB_HANDSHAKE_DONE 0x20 - -Callback has been called because a handshake is finished. - -=back - -The current state information can be obtained using the -L<SSL_state_string(3)|SSL_state_string(3)> family of functions. - -The B<ret> information can be evaluated using the -L<SSL_alert_type_string(3)|SSL_alert_type_string(3)> family of functions. - -=head1 RETURN VALUES - -SSL_set_info_callback() does not provide diagnostic information. - -SSL_get_info_callback() returns the current setting. - -=head1 EXAMPLES - -The following example callback function prints state strings, information -about alerts being handled and error messages to the B<bio_err> BIO. - - void apps_ssl_info_callback(SSL *s, int where, int ret) - { - const char *str; - int w; - - w=where& ~SSL_ST_MASK; - - if (w & SSL_ST_CONNECT) str="SSL_connect"; - else if (w & SSL_ST_ACCEPT) str="SSL_accept"; - else str="undefined"; - - if (where & SSL_CB_LOOP) - { - BIO_printf(bio_err,"%s:%s\n",str,SSL_state_string_long(s)); - } - else if (where & SSL_CB_ALERT) - { - str=(where & SSL_CB_READ)?"read":"write"; - BIO_printf(bio_err,"SSL3 alert %s:%s:%s\n", - str, - SSL_alert_type_string_long(ret), - SSL_alert_desc_string_long(ret)); - } - else if (where & SSL_CB_EXIT) - { - if (ret == 0) - BIO_printf(bio_err,"%s:failed in %s\n", - str,SSL_state_string_long(s)); - else if (ret < 0) - { - BIO_printf(bio_err,"%s:error in %s\n", - str,SSL_state_string_long(s)); - } - } - } - -=head1 SEE ALSO - -L<ssl(3)|ssl(3)>, L<SSL_state_string(3)|SSL_state_string(3)>, -L<SSL_alert_type_string(3)|SSL_alert_type_string(3)> - -=cut diff --git a/crypto/openssl/doc/ssl/SSL_CTX_set_quiet_shutdown.pod b/crypto/openssl/doc/ssl/SSL_CTX_set_quiet_shutdown.pod deleted file mode 100644 index 1d0526d59a3f..000000000000 --- a/crypto/openssl/doc/ssl/SSL_CTX_set_quiet_shutdown.pod +++ /dev/null @@ -1,63 +0,0 @@ -=pod - -=head1 NAME - -SSL_CTX_set_quiet_shutdown, SSL_CTX_get_quiet_shutdown, SSL_set_quiet_shutdown, SSL_get_quiet_shutdown - manipulate shutdown behaviour - -=head1 SYNOPSIS - - #include <openssl/ssl.h> - - void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode); - int SSL_CTX_get_quiet_shutdown(SSL_CTX *ctx); - - void SSL_set_quiet_shutdown(SSL *ssl, int mode); - int SSL_get_quiet_shutdown(SSL *ssl); - -=head1 DESCRIPTION - -SSL_CTX_set_quiet_shutdown() sets the "quiet shutdown" flag for B<ctx> to be -B<mode>. SSL objects created from B<ctx> inherit the B<mode> valid at the time -L<SSL_new(3)|SSL_new(3)> is called. B<mode> may be 0 or 1. - -SSL_CTX_get_quiet_shutdown() returns the "quiet shutdown" setting of B<ctx>. - -SSL_set_quiet_shutdown() sets the "quiet shutdown" flag for B<ssl> to be -B<mode>. The setting stays valid until B<ssl> is removed with -L<SSL_free(3)|SSL_free(3)> or SSL_set_quiet_shutdown() is called again. -It is not changed when L<SSL_clear(3)|SSL_clear(3)> is called. -B<mode> may be 0 or 1. - -SSL_get_quiet_shutdown() returns the "quiet shutdown" setting of B<ssl>. - -=head1 NOTES - -Normally when a SSL connection is finished, the parties must send out -"close notify" alert messages using L<SSL_shutdown(3)|SSL_shutdown(3)> -for a clean shutdown. - -When setting the "quiet shutdown" flag to 1, L<SSL_shutdown(3)|SSL_shutdown(3)> -will set the internal flags to SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN. -(L<SSL_shutdown(3)|SSL_shutdown(3)> then behaves like -L<SSL_set_shutdown(3)|SSL_set_shutdown(3)> called with -SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN.) -The session is thus considered to be shutdown, but no "close notify" alert -is sent to the peer. This behaviour violates the TLS standard. - -The default is normal shutdown behaviour as described by the TLS standard. - -=head1 RETURN VALUES - -SSL_CTX_set_quiet_shutdown() and SSL_set_quiet_shutdown() do not return -diagnostic information. - -SSL_CTX_get_quiet_shutdown() and SSL_get_quiet_shutdown return the current -setting. - -=head1 SEE ALSO - -L<ssl(3)|ssl(3)>, L<SSL_shutdown(3)|SSL_shutdown(3)>, -L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>, L<SSL_new(3)|SSL_new(3)>, -L<SSL_clear(3)|SSL_clear(3)>, L<SSL_free(3)|SSL_free(3)> - -=cut diff --git a/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod b/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod deleted file mode 100644 index 29d1f8a6fbfe..000000000000 --- a/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod +++ /dev/null @@ -1,170 +0,0 @@ -=pod - -=head1 NAME - -SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, SSL_set_tmp_dh_callback, SSL_set_tmp_dh - handle DH keys for ephemeral key exchange - -=head1 SYNOPSIS - - #include <openssl/ssl.h> - - void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, - DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength)); - long SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh); - - void SSL_set_tmp_dh_callback(SSL_CTX *ctx, - DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength)); - long SSL_set_tmp_dh(SSL *ssl, DH *dh) - - DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength)); - -=head1 DESCRIPTION - -SSL_CTX_set_tmp_dh_callback() sets the callback function for B<ctx> to be -used when a DH parameters are required to B<tmp_dh_callback>. -The callback is inherited by all B<ssl> objects created from B<ctx>. - -SSL_CTX_set_tmp_dh() sets DH parameters to be used to be B<dh>. -The key is inherited by all B<ssl> objects created from B<ctx>. - -SSL_set_tmp_dh_callback() sets the callback only for B<ssl>. - -SSL_set_tmp_dh() sets the parameters only for B<ssl>. - -These functions apply to SSL/TLS servers only. - -=head1 NOTES - -When using a cipher with RSA authentication, an ephemeral DH key exchange -can take place. Ciphers with DSA keys always use ephemeral DH keys as well. -In these cases, the session data are negotiated using the -ephemeral/temporary DH key and the key supplied and certified -by the certificate chain is only used for signing. -Anonymous ciphers (without a permanent server key) also use ephemeral DH keys. - -Using ephemeral DH key exchange yields forward secrecy, as the connection -can only be decrypted, when the DH key is known. By generating a temporary -DH key inside the server application that is lost when the application -is left, it becomes impossible for an attacker to decrypt past sessions, -even if he gets hold of the normal (certified) key, as this key was -only used for signing. - -In order to perform a DH key exchange the server must use a DH group -(DH parameters) and generate a DH key. The server will always generate a new -DH key during the negotiation, when the DH parameters are supplied via -callback and/or when the SSL_OP_SINGLE_DH_USE option of -L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)> is set. It will -immediately create a DH key, when DH parameters are supplied via -SSL_CTX_set_tmp_dh() and SSL_OP_SINGLE_DH_USE is not set. In this case, -it may happen that a key is generated on initialization without later -being needed, while on the other hand the computer time during the -negotiation is being saved. - -If "strong" primes were used to generate the DH parameters, it is not strictly -necessary to generate a new key for each handshake but it does improve forward -secrecy. If it is not assured, that "strong" primes were used (see especially -the section about DSA parameters below), SSL_OP_SINGLE_DH_USE must be used -in order to prevent small subgroup attacks. Always using SSL_OP_SINGLE_DH_USE -has an impact on the computer time needed during negotiation, but it is not -very large, so application authors/users should consider to always enable -this option. - -As generating DH parameters is extremely time consuming, an application -should not generate the parameters on the fly but supply the parameters. -DH parameters can be reused, as the actual key is newly generated during -the negotiation. The risk in reusing DH parameters is that an attacker -may specialize on a very often used DH group. Applications should therefore -generate their own DH parameters during the installation process using the -openssl L<dhparam(1)|dhparam(1)> application. In order to reduce the computer -time needed for this generation, it is possible to use DSA parameters -instead (see L<dhparam(1)|dhparam(1)>), but in this case SSL_OP_SINGLE_DH_USE -is mandatory. - -Application authors may compile in DH parameters. Files dh512.pem, -dh1024.pem, dh2048.pem, and dh4096 in the 'apps' directory of current -version of the OpenSSL distribution contain the 'SKIP' DH parameters, -which use safe primes and were generated verifiably pseudo-randomly. -These files can be converted into C code using the B<-C> option of the -L<dhparam(1)|dhparam(1)> application. -Authors may also generate their own set of parameters using -L<dhparam(1)|dhparam(1)>, but a user may not be sure how the parameters were -generated. The generation of DH parameters during installation is therefore -recommended. - -An application may either directly specify the DH parameters or -can supply the DH parameters via a callback function. The callback approach -has the advantage, that the callback may supply DH parameters for different -key lengths. - -The B<tmp_dh_callback> is called with the B<keylength> needed and -the B<is_export> information. The B<is_export> flag is set, when the -ephemeral DH key exchange is performed with an export cipher. - -=head1 EXAMPLES - -Handle DH parameters for key lengths of 512 and 1024 bits. (Error handling -partly left out.) - - ... - /* Set up ephemeral DH stuff */ - DH *dh_512 = NULL; - DH *dh_1024 = NULL; - FILE *paramfile; - - ... - /* "openssl dhparam -out dh_param_512.pem -2 512" */ - paramfile = fopen("dh_param_512.pem", "r"); - if (paramfile) { - dh_512 = PEM_read_DHparams(paramfile, NULL, NULL, NULL); - fclose(paramfile); - } - /* "openssl dhparam -out dh_param_1024.pem -2 1024" */ - paramfile = fopen("dh_param_1024.pem", "r"); - if (paramfile) { - dh_1024 = PEM_read_DHparams(paramfile, NULL, NULL, NULL); - fclose(paramfile); - } - ... - - /* "openssl dhparam -C -2 512" etc... */ - DH *get_dh512() { ... } - DH *get_dh1024() { ... } - - DH *tmp_dh_callback(SSL *s, int is_export, int keylength) - { - DH *dh_tmp=NULL; - - switch (keylength) { - case 512: - if (!dh_512) - dh_512 = get_dh512(); - dh_tmp = dh_512; - break; - case 1024: - if (!dh_1024) - dh_1024 = get_dh1024(); - dh_tmp = dh_1024; - break; - default: - /* Generating a key on the fly is very costly, so use what is there */ - setup_dh_parameters_like_above(); - } - return(dh_tmp); - } - -=head1 RETURN VALUES - -SSL_CTX_set_tmp_dh_callback() and SSL_set_tmp_dh_callback() do not return -diagnostic output. - -SSL_CTX_set_tmp_dh() and SSL_set_tmp_dh() do return 1 on success and 0 -on failure. Check the error queue to find out the reason of failure. - -=head1 SEE ALSO - -L<ssl(3)|ssl(3)>, L<SSL_CTX_set_cipher_list(3)|SSL_CTX_set_cipher_list(3)>, -L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>, -L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>, -L<ciphers(1)|ciphers(1)>, L<dhparam(1)|dhparam(1)> - -=cut diff --git a/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod b/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod deleted file mode 100644 index f85775927dda..000000000000 --- a/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod +++ /dev/null @@ -1,166 +0,0 @@ -=pod - -=head1 NAME - -SSL_CTX_set_tmp_rsa_callback, SSL_CTX_set_tmp_rsa, SSL_CTX_need_tmp_rsa, SSL_set_tmp_rsa_callback, SSL_set_tmp_rsa, SSL_need_tmp_rsa - handle RSA keys for ephemeral key exchange - -=head1 SYNOPSIS - - #include <openssl/ssl.h> - - void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, - RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength)); - long SSL_CTX_set_tmp_rsa(SSL_CTX *ctx, RSA *rsa); - long SSL_CTX_need_tmp_rsa(SSL_CTX *ctx); - - void SSL_set_tmp_rsa_callback(SSL_CTX *ctx, - RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength)); - long SSL_set_tmp_rsa(SSL *ssl, RSA *rsa) - long SSL_need_tmp_rsa(SSL *ssl) - - RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength)); - -=head1 DESCRIPTION - -SSL_CTX_set_tmp_rsa_callback() sets the callback function for B<ctx> to be -used when a temporary/ephemeral RSA key is required to B<tmp_rsa_callback>. -The callback is inherited by all SSL objects newly created from B<ctx> -with <SSL_new(3)|SSL_new(3)>. Already created SSL objects are not affected. - -SSL_CTX_set_tmp_rsa() sets the temporary/ephemeral RSA key to be used to be -B<rsa>. The key is inherited by all SSL objects newly created from B<ctx> -with <SSL_new(3)|SSL_new(3)>. Already created SSL objects are not affected. - -SSL_CTX_need_tmp_rsa() returns 1, if a temporary/ephemeral RSA key is needed -for RSA-based strength-limited 'exportable' ciphersuites because a RSA key -with a keysize larger than 512 bits is installed. - -SSL_set_tmp_rsa_callback() sets the callback only for B<ssl>. - -SSL_set_tmp_rsa() sets the key only for B<ssl>. - -SSL_need_tmp_rsa() returns 1, if a temporary/ephemeral RSA key is needed, -for RSA-based strength-limited 'exportable' ciphersuites because a RSA key -with a keysize larger than 512 bits is installed. - -These functions apply to SSL/TLS servers only. - -=head1 NOTES - -When using a cipher with RSA authentication, an ephemeral RSA key exchange -can take place. In this case the session data are negotiated using the -ephemeral/temporary RSA key and the RSA key supplied and certified -by the certificate chain is only used for signing. - -Under previous export restrictions, ciphers with RSA keys shorter (512 bits) -than the usual key length of 1024 bits were created. To use these ciphers -with RSA keys of usual length, an ephemeral key exchange must be performed, -as the normal (certified) key cannot be directly used. - -Using ephemeral RSA key exchange yields forward secrecy, as the connection -can only be decrypted, when the RSA key is known. By generating a temporary -RSA key inside the server application that is lost when the application -is left, it becomes impossible for an attacker to decrypt past sessions, -even if he gets hold of the normal (certified) RSA key, as this key was -used for signing only. The downside is that creating a RSA key is -computationally expensive. - -Additionally, the use of ephemeral RSA key exchange is only allowed in -the TLS standard, when the RSA key can be used for signing only, that is -for export ciphers. Using ephemeral RSA key exchange for other purposes -violates the standard and can break interoperability with clients. -It is therefore strongly recommended to not use ephemeral RSA key -exchange and use EDH (Ephemeral Diffie-Hellman) key exchange instead -in order to achieve forward secrecy (see -L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>). - -On OpenSSL servers ephemeral RSA key exchange is therefore disabled by default -and must be explicitly enabled using the SSL_OP_EPHEMERAL_RSA option of -L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>, violating the TLS/SSL -standard. When ephemeral RSA key exchange is required for export ciphers, -it will automatically be used without this option! - -An application may either directly specify the key or can supply the key via -a callback function. The callback approach has the advantage, that the -callback may generate the key only in case it is actually needed. As the -generation of a RSA key is however costly, it will lead to a significant -delay in the handshake procedure. Another advantage of the callback function -is that it can supply keys of different size (e.g. for SSL_OP_EPHEMERAL_RSA -usage) while the explicit setting of the key is only useful for key size of -512 bits to satisfy the export restricted ciphers and does give away key length -if a longer key would be allowed. - -The B<tmp_rsa_callback> is called with the B<keylength> needed and -the B<is_export> information. The B<is_export> flag is set, when the -ephemeral RSA key exchange is performed with an export cipher. - -=head1 EXAMPLES - -Generate temporary RSA keys to prepare ephemeral RSA key exchange. As the -generation of a RSA key costs a lot of computer time, they saved for later -reuse. For demonstration purposes, two keys for 512 bits and 1024 bits -respectively are generated. - - ... - /* Set up ephemeral RSA stuff */ - RSA *rsa_512 = NULL; - RSA *rsa_1024 = NULL; - - rsa_512 = RSA_generate_key(512,RSA_F4,NULL,NULL); - if (rsa_512 == NULL) - evaluate_error_queue(); - - rsa_1024 = RSA_generate_key(1024,RSA_F4,NULL,NULL); - if (rsa_1024 == NULL) - evaluate_error_queue(); - - ... - - RSA *tmp_rsa_callback(SSL *s, int is_export, int keylength) - { - RSA *rsa_tmp=NULL; - - switch (keylength) { - case 512: - if (rsa_512) - rsa_tmp = rsa_512; - else { /* generate on the fly, should not happen in this example */ - rsa_tmp = RSA_generate_key(keylength,RSA_F4,NULL,NULL); - rsa_512 = rsa_tmp; /* Remember for later reuse */ - } - break; - case 1024: - if (rsa_1024) - rsa_tmp=rsa_1024; - else - should_not_happen_in_this_example(); - break; - default: - /* Generating a key on the fly is very costly, so use what is there */ - if (rsa_1024) - rsa_tmp=rsa_1024; - else - rsa_tmp=rsa_512; /* Use at least a shorter key */ - } - return(rsa_tmp); - } - -=head1 RETURN VALUES - -SSL_CTX_set_tmp_rsa_callback() and SSL_set_tmp_rsa_callback() do not return -diagnostic output. - -SSL_CTX_set_tmp_rsa() and SSL_set_tmp_rsa() do return 1 on success and 0 -on failure. Check the error queue to find out the reason of failure. - -SSL_CTX_need_tmp_rsa() and SSL_need_tmp_rsa() return 1 if a temporary -RSA key is needed and 0 otherwise. - -=head1 SEE ALSO - -L<ssl(3)|ssl(3)>, L<SSL_CTX_set_cipher_list(3)|SSL_CTX_set_cipher_list(3)>, -L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>, -L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>, -L<SSL_new(3)|SSL_new(3)>, L<ciphers(1)|ciphers(1)> - -=cut diff --git a/crypto/openssl/doc/ssl/SSL_alert_type_string.pod b/crypto/openssl/doc/ssl/SSL_alert_type_string.pod deleted file mode 100644 index 783758943d1b..000000000000 --- a/crypto/openssl/doc/ssl/SSL_alert_type_string.pod +++ /dev/null @@ -1,228 +0,0 @@ -=pod - -=head1 NAME - -SSL_alert_type_string, SSL_alert_type_string_long, SSL_alert_desc_string, SSL_alert_desc_string_long - get textual description of alert information - -=head1 SYNOPSIS - - #include <openssl/ssl.h> - - char *SSL_alert_type_string(int value); - char *SSL_alert_type_string_long(int value); - - char *SSL_alert_desc_string(int value); - char *SSL_alert_desc_string_long(int value); - -=head1 DESCRIPTION - -SSL_alert_type_string() returns a one letter string indicating the -type of the alert specified by B<value>. - -SSL_alert_type_string_long() returns a string indicating the type of the alert -specified by B<value>. - -SSL_alert_desc_string() returns a two letter string as a short form -describing the reason of the alert specified by B<value>. - -SSL_alert_desc_string_long() returns a string describing the reason -of the alert specified by B<value>. - -=head1 NOTES - -When one side of an SSL/TLS communication wants to inform the peer about -a special situation, it sends an alert. The alert is sent as a special message -and does not influence the normal data stream (unless its contents results -in the communication being canceled). - -A warning alert is sent, when a non-fatal error condition occurs. The -"close notify" alert is sent as a warning alert. Other examples for -non-fatal errors are certificate errors ("certificate expired", -"unsupported certificate"), for which a warning alert may be sent. -(The sending party may however decide to send a fatal error.) The -receiving side may cancel the connection on reception of a warning -alert on it discretion. - -Several alert messages must be sent as fatal alert messages as specified -by the TLS RFC. A fatal alert always leads to a connection abort. - -=head1 RETURN VALUES - -The following strings can occur for SSL_alert_type_string() or -SSL_alert_type_string_long(): - -=over 4 - -=item "W"/"warning" - -=item "F"/"fatal" - -=item "U"/"unknown" - -This indicates that no support is available for this alert type. -Probably B<value> does not contain a correct alert message. - -=back - -The following strings can occur for SSL_alert_desc_string() or -SSL_alert_desc_string_long(): - -=over 4 - -=item "CN"/"close notify" - -The connection shall be closed. This is a warning alert. - -=item "UM"/"unexpected message" - -An inappropriate message was received. This alert is always fatal -and should never be observed in communication between proper -implementations. - -=item "BM"/"bad record mac" - -This alert is returned if a record is received with an incorrect -MAC. This message is always fatal. - -=item "DF"/"decompression failure" - -The decompression function received improper input (e.g. data -that would expand to excessive length). This message is always -fatal. - -=item "HF"/"handshake failure" - -Reception of a handshake_failure alert message indicates that the -sender was unable to negotiate an acceptable set of security -parameters given the options available. This is a fatal error. - -=item "NC"/"no certificate" - -A client, that was asked to send a certificate, does not send a certificate -(SSLv3 only). - -=item "BC"/"bad certificate" - -A certificate was corrupt, contained signatures that did not -verify correctly, etc - -=item "UC"/"unsupported certificate" - -A certificate was of an unsupported type. - -=item "CR"/"certificate revoked" - -A certificate was revoked by its signer. - -=item "CE"/"certificate expired" - -A certificate has expired or is not currently valid. - -=item "CU"/"certificate unknown" - -Some other (unspecified) issue arose in processing the -certificate, rendering it unacceptable. - -=item "IP"/"illegal parameter" - -A field in the handshake was out of range or inconsistent with -other fields. This is always fatal. - -=item "DC"/"decryption failed" - -A TLSCiphertext decrypted in an invalid way: either it wasn't an -even multiple of the block length or its padding values, when -checked, weren't correct. This message is always fatal. - -=item "RO"/"record overflow" - -A TLSCiphertext record was received which had a length more than -2^14+2048 bytes, or a record decrypted to a TLSCompressed record -with more than 2^14+1024 bytes. This message is always fatal. - -=item "CA"/"unknown CA" - -A valid certificate chain or partial chain was received, but the -certificate was not accepted because the CA certificate could not -be located or couldn't be matched with a known, trusted CA. This -message is always fatal. - -=item "AD"/"access denied" - -A valid certificate was received, but when access control was -applied, the sender decided not to proceed with negotiation. -This message is always fatal. - -=item "DE"/"decode error" - -A message could not be decoded because some field was out of the -specified range or the length of the message was incorrect. This -message is always fatal. - -=item "CY"/"decrypt error" - -A handshake cryptographic operation failed, including being -unable to correctly verify a signature, decrypt a key exchange, -or validate a finished message. - -=item "ER"/"export restriction" - -A negotiation not in compliance with export restrictions was -detected; for example, attempting to transfer a 1024 bit -ephemeral RSA key for the RSA_EXPORT handshake method. This -message is always fatal. - -=item "PV"/"protocol version" - -The protocol version the client has attempted to negotiate is -recognized, but not supported. (For example, old protocol -versions might be avoided for security reasons). This message is -always fatal. - -=item "IS"/"insufficient security" - -Returned instead of handshake_failure when a negotiation has -failed specifically because the server requires ciphers more -secure than those supported by the client. This message is always -fatal. - -=item "IE"/"internal error" - -An internal error unrelated to the peer or the correctness of the -protocol makes it impossible to continue (such as a memory -allocation failure). This message is always fatal. - -=item "US"/"user canceled" - -This handshake is being canceled for some reason unrelated to a -protocol failure. If the user cancels an operation after the -handshake is complete, just closing the connection by sending a -close_notify is more appropriate. This alert should be followed -by a close_notify. This message is generally a warning. - -=item "NR"/"no renegotiation" - -Sent by the client in response to a hello request or by the -server in response to a client hello after initial handshaking. -Either of these would normally lead to renegotiation; when that -is not appropriate, the recipient should respond with this alert; -at that point, the original requester can decide whether to -proceed with the connection. One case where this would be -appropriate would be where a server has spawned a process to -satisfy a request; the process might receive security parameters -(key length, authentication, etc.) at startup and it might be -difficult to communicate changes to these parameters after that -point. This message is always a warning. - -=item "UK"/"unknown" - -This indicates that no description is available for this alert type. -Probably B<value> does not contain a correct alert message. - -=back - -=head1 SEE ALSO - -L<ssl(3)|ssl(3)>, L<SSL_CTX_set_info_callback(3)|SSL_CTX_set_info_callback(3)> - -=cut diff --git a/crypto/openssl/doc/ssl/SSL_get_SSL_CTX.pod b/crypto/openssl/doc/ssl/SSL_get_SSL_CTX.pod deleted file mode 100644 index 52d0227b193d..000000000000 --- a/crypto/openssl/doc/ssl/SSL_get_SSL_CTX.pod +++ /dev/null @@ -1,26 +0,0 @@ -=pod - -=head1 NAME - -SSL_get_SSL_CTX - get the SSL_CTX from which an SSL is created - -=head1 SYNOPSIS - - #include <openssl/ssl.h> - - SSL_CTX *SSL_get_SSL_CTX(SSL *ssl); - -=head1 DESCRIPTION - -SSL_get_SSL_CTX() returns a pointer to the SSL_CTX object, from which -B<ssl> was created with L<SSL_new(3)|SSL_new(3)>. - -=head1 RETURN VALUES - -The pointer to the SSL_CTX object is returned. - -=head1 SEE ALSO - -L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)> - -=cut diff --git a/crypto/openssl/doc/ssl/SSL_get_default_timeout.pod b/crypto/openssl/doc/ssl/SSL_get_default_timeout.pod deleted file mode 100644 index 8d43b31345df..000000000000 --- a/crypto/openssl/doc/ssl/SSL_get_default_timeout.pod +++ /dev/null @@ -1,41 +0,0 @@ -=pod - -=head1 NAME - -SSL_get_default_timeout - get default session timeout value - -=head1 SYNOPSIS - - #include <openssl/ssl.h> - - long SSL_get_default_timeout(SSL *ssl); - -=head1 DESCRIPTION - -SSL_get_default_timeout() returns the default timeout value assigned to -SSL_SESSION objects negotiated for the protocol valid for B<ssl>. - -=head1 NOTES - -Whenever a new session is negotiated, it is assigned a timeout value, -after which it will not be accepted for session reuse. If the timeout -value was not explicitly set using -L<SSL_CTX_set_timeout(3)|SSL_CTX_set_timeout(3)>, the hardcoded default -timeout for the protocol will be used. - -SSL_get_default_timeout() return this hardcoded value, which is 300 seconds -for all currently supported protocols (SSLv2, SSLv3, and TLSv1). - -=head1 RETURN VALUES - -See description. - -=head1 SEE ALSO - -L<ssl(3)|ssl(3)>, -L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>, -L<SSL_SESSION_get_time(3)|SSL_SESSION_get_time(3)>, -L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>, -L<SSL_get_default_timeout(3)|SSL_get_default_timeout(3)> - -=cut diff --git a/crypto/openssl/doc/ssl/SSL_rstate_string.pod b/crypto/openssl/doc/ssl/SSL_rstate_string.pod deleted file mode 100644 index 6dbbb99b9358..000000000000 --- a/crypto/openssl/doc/ssl/SSL_rstate_string.pod +++ /dev/null @@ -1,59 +0,0 @@ -=pod - -=head1 NAME - -SSL_rstate_string, SSL_rstate_string_long - get textual description of state of an SSL object during read operation - -=head1 SYNOPSIS - - #include <openssl/ssl.h> - - char *SSL_rstate_string(SSL *ssl); - char *SSL_rstate_string_long(SSL *ssl); - -=head1 DESCRIPTION - -SSL_rstate_string() returns a 2 letter string indicating the current read state -of the SSL object B<ssl>. - -SSL_rstate_string_long() returns a string indicating the current read state of -the SSL object B<ssl>. - -=head1 NOTES - -When performing a read operation, the SSL/TLS engine must parse the record, -consisting of header and body. When working in a blocking environment, -SSL_rstate_string[_long]() should always return "RD"/"read done". - -This function should only seldom be needed in applications. - -=head1 RETURN VALUES - -SSL_rstate_string() and SSL_rstate_string_long() can return the following -values: - -=over 4 - -=item "RH"/"read header" - -The header of the record is being evaluated. - -=item "RB"/"read body" - -The body of the record is being evaluated. - -=item "RD"/"read done" - -The record has been completely processed. - -=item "unknown"/"unknown" - -The read state is unknown. This should never happen. - -=back - -=head1 SEE ALSO - -L<ssl(3)|ssl(3)> - -=cut diff --git a/crypto/openssl/doc/ssl/SSL_session_reused.pod b/crypto/openssl/doc/ssl/SSL_session_reused.pod deleted file mode 100644 index da7d06264d04..000000000000 --- a/crypto/openssl/doc/ssl/SSL_session_reused.pod +++ /dev/null @@ -1,45 +0,0 @@ -=pod - -=head1 NAME - -SSL_session_reused - query whether a reused session was negotiated during handshake - -=head1 SYNOPSIS - - #include <openssl/ssl.h> - - int SSL_session_reused(SSL *ssl); - -=head1 DESCRIPTION - -Query, whether a reused session was negotiated during the handshake. - -=head1 NOTES - -During the negotiation, a client can propose to reuse a session. The server -then looks up the session in its cache. If both client and server agree -on the session, it will be reused and a flag is being set that can be -queried by the application. - -=head1 RETURN VALUES - -The following return values can occur: - -=over 4 - -=item 0 - -A new session was negotiated. - -=item 1 - -A session was reused. - -=back - -=head1 SEE ALSO - -L<ssl(3)|ssl(3)>, L<SSL_set_session(3)|SSL_set_session(3)>, -L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)> - -=cut diff --git a/crypto/openssl/doc/ssl/SSL_state_string.pod b/crypto/openssl/doc/ssl/SSL_state_string.pod deleted file mode 100644 index 440459514160..000000000000 --- a/crypto/openssl/doc/ssl/SSL_state_string.pod +++ /dev/null @@ -1,45 +0,0 @@ -=pod - -=head1 NAME - -SSL_state_string, SSL_state_string_long - get textual description of state of an SSL object - -=head1 SYNOPSIS - - #include <openssl/ssl.h> - - char *SSL_state_string(SSL *ssl); - char *SSL_state_string_long(SSL *ssl); - -=head1 DESCRIPTION - -SSL_state_string() returns a 6 letter string indicating the current state -of the SSL object B<ssl>. - -SSL_state_string_long() returns a string indicating the current state of -the SSL object B<ssl>. - -=head1 NOTES - -During its use, an SSL objects passes several states. The state is internally -maintained. Querying the state information is not very informative before -or when a connection has been established. It however can be of significant -interest during the handshake. - -When using non-blocking sockets, the function call performing the handshake -may return with SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE condition, -so that SSL_state_string[_long]() may be called. - -For both blocking or non-blocking sockets, the details state information -can be used within the info_callback function set with the -SSL_set_info_callback() call. - -=head1 RETURN VALUES - -Detailed description of possible states to be included later. - -=head1 SEE ALSO - -L<ssl(3)|ssl(3)>, L<SSL_CTX_set_info_callback(3)|SSL_CTX_set_info_callback(3)> - -=cut diff --git a/crypto/openssl/doc/ssl/SSL_want.pod b/crypto/openssl/doc/ssl/SSL_want.pod deleted file mode 100644 index 50cc89db80b9..000000000000 --- a/crypto/openssl/doc/ssl/SSL_want.pod +++ /dev/null @@ -1,77 +0,0 @@ -=pod - -=head1 NAME - -SSL_want, SSL_want_nothing, SSL_want_read, SSL_want_write, SSL_want_x509_lookup - obtain state information TLS/SSL I/O operation - -=head1 SYNOPSIS - - #include <openssl/ssl.h> - - int SSL_want(SSL *ssl); - int SSL_want_nothing(SSL *ssl); - int SSL_want_read(SSL *ssl); - int SSL_want_write(SSL *ssl); - int SSL_want_x509_lookup(SSL *ssl); - -=head1 DESCRIPTION - -SSL_want() returns state information for the SSL object B<ssl>. - -The other SSL_want_*() calls are shortcuts for the possible states returned -by SSL_want(). - -=head1 NOTES - -SSL_want() examines the internal state information of the SSL object. Its -return values are similar to that of L<SSL_get_error(3)|SSL_get_error(3)>. -Unlike L<SSL_get_error(3)|SSL_get_error(3)>, which also evaluates the -error queue, the results are obtained by examining an internal state flag -only. The information must therefore only be used for normal operation under -non-blocking I/O. Error conditions are not handled and must be treated -using L<SSL_get_error(3)|SSL_get_error(3)>. - -The result returned by SSL_want() should always be consistent with -the result of L<SSL_get_error(3)|SSL_get_error(3)>. - -=head1 RETURN VALUES - -The following return values can currently occur for SSL_want(): - -=over 4 - -=item SSL_NOTHING - -There is no data to be written or to be read. - -=item SSL_WRITING - -There are data in the SSL buffer that must be written to the underlying -B<BIO> layer in order to complete the actual SSL_*() operation. -A call to L<SSL_get_error(3)|SSL_get_error(3)> should return -SSL_ERROR_WANT_WRITE. - -=item SSL_READING - -More data must be read from the underlying B<BIO> layer in order to -complete the actual SSL_*() operation. -A call to L<SSL_get_error(3)|SSL_get_error(3)> should return -SSL_ERROR_WANT_READ. - -=item SSL_X509_LOOKUP - -The operation did not complete because an application callback set by -SSL_CTX_set_client_cert_cb() has asked to be called again. -A call to L<SSL_get_error(3)|SSL_get_error(3)> should return -SSL_ERROR_WANT_X509_LOOKUP. - -=back - -SSL_want_nothing(), SSL_want_read(), SSL_want_write(), SSL_want_x509_lookup() -return 1, when the corresponding condition is true or 0 otherwise. - -=head1 SEE ALSO - -L<ssl(3)|ssl(3)>, L<err(3)|err(3)>, L<SSL_get_error(3)|SSL_get_error(3)> - -=cut diff --git a/crypto/openssl/tools/c89.sh b/crypto/openssl/tools/c89.sh deleted file mode 100755 index b25c9fda2df1..000000000000 --- a/crypto/openssl/tools/c89.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/sh -k -# -# Re-order arguments so that -L comes first -# -opts="" -lopts="" - -for arg in $* ; do - case $arg in - -L*) lopts="$lopts $arg" ;; - *) opts="$opts $arg" ;; - esac -done - -c89 $lopts $opts diff --git a/gnu/usr.bin/gzip/zdiff b/gnu/usr.bin/gzip/zdiff index 310a201e1a34..ebc9eca485a3 100644 --- a/gnu/usr.bin/gzip/zdiff +++ b/gnu/usr.bin/gzip/zdiff @@ -47,11 +47,10 @@ elif test $# -eq 2; then case "$2" in *[-.]gz* | *[-.][zZ] | *.t[ga]z) F=`echo "$2" | sed 's|.*/||;s|[-.][zZtga]*||'` - tmp=`mktemp -t "$F"` - gzip -cdfq "$2" > "$tmp" - gzip -cdfq "$1" | $comp $OPTIONS - "$tmp" + gzip -cdfq "$2" > /tmp/"$F".$$ + gzip -cdfq "$1" | $comp $OPTIONS - /tmp/"$F".$$ STAT="$?" - /bin/rm -f "$tmp";; + /bin/rm -f /tmp/"$F".$$;; *) gzip -cdfq "$1" | $comp $OPTIONS - "$2" STAT="$?";; diff --git a/gnu/usr.bin/gzip/znew b/gnu/usr.bin/gzip/znew index 52b0ae963c2f..8e0e26bc76bd 100644 --- a/gnu/usr.bin/gzip/znew +++ b/gnu/usr.bin/gzip/znew @@ -14,28 +14,24 @@ block=1024 # block is the disk block size (best guess, need not be exact) warn="(does not preserve modes and timestamp)" -tmp=`mktemp -d -t znew` -if test -z "$tmp"; then - echo znew: could not create temporary directory - exit 1 -fi -echo hi > $tmp/1 -echo hi > $tmp/2 -if test -z "`(${CPMOD-cpmod} $tmp/1 $tmp/2) 2>&1`"; then +tmp=/tmp/zfoo.$$ +echo hi > $tmp.1 +echo hi > $tmp.2 +if test -z "`(${CPMOD-cpmod} $tmp.1 $tmp.2) 2>&1`"; then cpmod=${CPMOD-cpmod} warn="" fi -if test -z "$cpmod" && ${TOUCH-touch} -r $tmp/1 $tmp/2 2>/dev/null; then +if test -z "$cpmod" && ${TOUCH-touch} -r $tmp.1 $tmp.2 2>/dev/null; then cpmod="${TOUCH-touch}" cpmodarg="-r" warn="(does not preserve file modes)" fi # check if GZIP env. variable uses -S or --suffix -gzip -q $tmp/1 -ext=`echo $tmp/1* | sed "s|$tmp/1||"` -rm -rf $tmp +gzip -q $tmp.1 +ext=`echo $tmp.1* | sed "s|$tmp.1||"` +rm -f $tmp.[12]* if test -z "$ext"; then echo znew: error determining gzip extension exit 1 diff --git a/release/doc/ja_JP.eucJP/Makefile b/release/doc/ja_JP.eucJP/Makefile deleted file mode 100644 index 3b74dac64251..000000000000 --- a/release/doc/ja_JP.eucJP/Makefile +++ /dev/null @@ -1,15 +0,0 @@ -# $FreeBSD$ -# Original revision: 1.2.2.1 - -RELN_ROOT?= ${.CURDIR}/.. - -SUBDIR = relnotes -#SUBDIR+= hardware -#SUBDIR+= readme -SUBDIR+= errata -#SUBDIR+= installation - -COMPAT_SYMLINK = ja - -.include "${RELN_ROOT}/share/mk/doc.relnotes.mk" -.include "${DOC_PREFIX}/share/mk/doc.project.mk" diff --git a/release/doc/ja_JP.eucJP/errata/Makefile b/release/doc/ja_JP.eucJP/errata/Makefile deleted file mode 100644 index 590f6638fdd1..000000000000 --- a/release/doc/ja_JP.eucJP/errata/Makefile +++ /dev/null @@ -1,22 +0,0 @@ -# $FreeBSD$ -# Original revision: 1.3.2.3 - -RELN_ROOT?= ${.CURDIR}/../.. -.ifdef NO_LANGCODE_IN_DESTDIR -DESTDIR?= ${DOCDIR}/errata -.else -DESTDIR?= ${DOCDIR}/ja_JP.eucJP/errata -.endif - -DOC?= article -FORMATS?= html -INSTALL_COMPRESSED?= gz -INSTALL_ONLY_COMPRESSED?= - -# SGML content -SRCS+= article.sgml - -NO_TIDY?=YES - -.include "${RELN_ROOT}/share/mk/doc.relnotes.mk" -.include "${DOC_PREFIX}/share/mk/doc.project.mk" diff --git a/release/doc/ja_JP.eucJP/errata/article.sgml b/release/doc/ja_JP.eucJP/errata/article.sgml deleted file mode 100644 index 53cd721f2ec8..000000000000 --- a/release/doc/ja_JP.eucJP/errata/article.sgml +++ /dev/null @@ -1,140 +0,0 @@ -<!-- - FreeBSD Japanese Documentation Project - - $FreeBSD$ - Original revision: 1.1.2.22.2.3 ---> - -<!-- - FreeBSD errata document. Unlike some of the other RELNOTESng - files, this file should remain as a single SGML file, so that - the dollar FreeBSD dollar header has a meaningful modification - time. This file is all but useless without a datestamp on it, - so we'll take some extra care to make sure it has one. - - (If we didn't do this, then the file with the datestamp might - not be the one that received the last change in the document.) - ---> - -<!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook V4.1-Based Extension//EN" [ -<!ENTITY % man PUBLIC "-//FreeBSD//ENTITIES DocBook Manual Page Entities//EN"> -%man; -<!ENTITY % ja-authors PUBLIC "-//FreeBSD//ENTITIES DocBook Author Entities//JA"> -%ja-authors; -<!ENTITY % authors PUBLIC "-//FreeBSD//ENTITIES DocBook Author Entities//EN"> -%authors; -<!ENTITY % ja-mlists PUBLIC "-//FreeBSD//ENTITIES DocBook Mailing List Entities//JA"> -%ja-mlists; -<!ENTITY % release PUBLIC "-//FreeBSD//ENTITIES Release Specification//EN"> -%release; -]> - -<article> - <articleinfo> - - <title>&os; -<![ %release.type.snapshot [ - &release.prev; -]]> -<![ %release.type.release [ - &release.current; -]]> - Errata</title> - - <corpauthor>&os; �ץ���������</corpauthor> - - <pubdate>$FreeBSD$</pubdate> - - <copyright> - <year>2000</year> - <year>2001</year> - <holder role="mailto:doc@FreeBSD.org">FreeBSD �ɥ�����ơ������ץ���������</holder> - </copyright> - </articleinfo> - - <abstract> - - <para>����ʸ��� &os; -<![ %release.type.snapshot [ - &release.prev; -]]> -<![ %release.type.release [ - &release.current; -]]> - �θ������Ƚ���������פʾ���Ƥ��� errata �ꥹ�� (����ɽ) �Ǥ�. - ����ˤϥ������ƥ����𤪤��, - �����ƥ�α��ѡ����Ѥ˱ƶ���Ϳ����褦�ʴ�Ϣ���եȥ�����, - ��Ϣʸ��ι��������ޤޤ�Ƥ��ޤ�. - ���ΥС������� &os; �ȡ��뤹�����ˤ�ɬ��, - �ǿ��� errata �Ȥ���褦�ˤ��Ƥ�������.</para> - - <para>���� errata ʸ��� &os; -<![ %release.type.snapshot [ - &release.prev; -]]> -<![ %release.type.release [ - &release.current; -]]> - �ѤǤ�. - &os; &release.next; �Υ����ޤǤδ���, �ݼ餵��ޤ�.</para> - </abstract> - - <sect1> - <title>�Ϥ����</title> - - <para>���� errata ʸ��ˤ� &os; -<![ %release.type.snapshot [ - &release.prev; -]]> -<![ %release.type.release [ - &release.current; -]]> - �˴ؤ��� - <quote>�ǿ��ξ㳲����</quote> ����Ƥ��ޤ�. - ����ʸ����ɤ�, - ���ΥС������Υ��ȡ������˥���������˴���ȯ�����������줿�������ˤĤ��� - �ΤäƤ����Ƥ�������.</para> - - <para>�����θ��� (���Ȥ��� CDROM �ˤ������) �ˤ� - errata ʸ��Ʊ������Ƥ��뤳�Ȥ�����ޤ�. - ������, ����������ʤ��餽�λ����Τ�ΤǤ���, - �ǿ��Τ�Τ�Ʊ���Ǥ���Ȥϸ¤�ޤ���. - �����ͥåȾ���֤���Ƥ��� - ���Υ������б����� <quote>errata ʸ��κǿ���</quote> - �Ȥ���褦�ˤ��Ƥ�������. - errata ʸ��� <ulink url="http://www.FreeBSD.org/releases/"></ulink> - ��Ϥ���, �ǿ��ξ��֤�ݻ����Ƥ���ƥߥ顼�����Ȥ��֤���Ƥ��ޤ�.</para> - - <para>&os; &release.branch; �Υ��������ʥåץ���å�, - �Х��ʥꥹ�ʥåץ���åȤˤ�, - (���ʥåץ���åȺ�������) �ǿ��Ǥ� - errata ʸ�ޤޤ�Ƥ��ޤ�.</para> - - <para>&os; CERT �������ƥ���������ꥹ�Ȥ�, - <ulink url="http://www.FreeBSD.org/security/"></ulink> - �⤷���� - <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/"></ulink> - �Ȥ��Ƥ�������.</para> - </sect1> - - <sect1> - <title>�������ƥ�����ȥ������ƥ��˴ؤ��뤪�Τ餻</title> - - <para>������������ȥ������Х���������礬�������Ԥʤ��ʤ�����, - �ƥ桼���� <filename>~/.login_conf</filename> - �ե����� (�ܺ٤� &man.login.conf.5; ����) - ��̵��������ޤ���. - ��������Ͼ���Υ����ǽ��������ͽ��Ǥ�.</para> - </sect1> - - <sect1> - <title>�����ƥ������</title> - - <para>&man.printcap.5; �ե�����˴ޤޤ��, - ��������Υ����Ȥ������������ʤ��Ȥ����Զ�礬����ޤ�. - �����ȹԤ� <literal>:\</literal> �ǽ���äƤ����� (����ʸ�����̾�, - ��ĤΥץ���������³���Ƥ��뤳�Ȥ��Τ˻Ȥ��ޤ�), - ���Υ����Ȥμ��ιԤϰ�����Υץ������ΰ����Ȥ���ǧ������ޤ�.</para> - </sect1> -</article> diff --git a/release/doc/ja_JP.eucJP/relnotes/Makefile b/release/doc/ja_JP.eucJP/relnotes/Makefile deleted file mode 100644 index f22e16ac7f9d..000000000000 --- a/release/doc/ja_JP.eucJP/relnotes/Makefile +++ /dev/null @@ -1,10 +0,0 @@ -# $FreeBSD$ -# Original revision: 1.2.2.1 - -RELN_ROOT?= ${.CURDIR}/../.. - -SUBDIR = alpha -SUBDIR+= i386 - -.include "${RELN_ROOT}/share/mk/doc.relnotes.mk" -.include "${DOC_PREFIX}/share/mk/doc.project.mk" diff --git a/release/doc/ja_JP.eucJP/relnotes/Makefile.inc b/release/doc/ja_JP.eucJP/relnotes/Makefile.inc deleted file mode 100644 index c7ebbea9306e..000000000000 --- a/release/doc/ja_JP.eucJP/relnotes/Makefile.inc +++ /dev/null @@ -1,9 +0,0 @@ -# $FreeBSD$ -# Original revision: 1.1.2.2 - -.ifdef NO_LANGCODE_IN_DESTDIR -DESTDIR?= ${DOCDIR}/relnotes/${.CURDIR:T} -.else -DESTDIR?= ${DOCDIR}/ja_JP.eucJP/relnotes/${.CURDIR:T} -.endif - diff --git a/release/doc/ja_JP.eucJP/relnotes/alpha/Makefile b/release/doc/ja_JP.eucJP/relnotes/alpha/Makefile deleted file mode 100644 index c316eb5e2ae4..000000000000 --- a/release/doc/ja_JP.eucJP/relnotes/alpha/Makefile +++ /dev/null @@ -1,22 +0,0 @@ -# $FreeBSD$ -# Original revision: 1.3.2.2 - -RELN_ROOT?= ${.CURDIR}/../../.. - -DOC?= article -FORMATS?= html -INSTALL_COMPRESSED?= gz -INSTALL_ONLY_COMPRESSED?= - -NO_TIDY?=YES - -# SGML content -SRCS+= article.sgml -SRCS+= ../common/relnotes.ent -SRCS+= ../common/artheader.sgml -SRCS+= ../common/intro.sgml -SRCS+= ../common/new.sgml -SRCS+= ../common/upgrading.sgml - -.include "${RELN_ROOT}/share/mk/doc.relnotes.mk" -.include "${DOC_PREFIX}/share/mk/doc.project.mk" diff --git a/release/doc/ja_JP.eucJP/relnotes/alpha/article.sgml b/release/doc/ja_JP.eucJP/relnotes/alpha/article.sgml deleted file mode 100644 index 283d763050a0..000000000000 --- a/release/doc/ja_JP.eucJP/relnotes/alpha/article.sgml +++ /dev/null @@ -1,33 +0,0 @@ -<!-- - FreeBSD Japanese Documentation Project - - $FreeBSD$ - - Original revision: 1.1.2.1 ---> - -<!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook V4.1-Based Extension//EN" [ -<!ENTITY % man PUBLIC "-//FreeBSD//ENTITIES DocBook Manual Page Entities//EN"> -%man; -<!ENTITY % ja-authors PUBLIC "-//FreeBSD//ENTITIES DocBook Author Entities//JA"> -%ja-authors; -<!ENTITY % authors PUBLIC "-//FreeBSD//ENTITIES DocBook Author Entities//EN"> -%authors; -<!ENTITY % ja-mlists PUBLIC "-//FreeBSD//ENTITIES DocBook Mailing List Entities//JA"> -%ja-mlists; -<!ENTITY % release PUBLIC "-//FreeBSD//ENTITIES Release Specification//EN"> -%release; -<!ENTITY % sections SYSTEM "../common/relnotes.ent"> %sections; - -<!-- Architecture-specific customization --> - -<!ENTITY arch "alpha"> - -]> - -<article> - &artheader; - §.intro; - §.new; - §.upgrading; -</article> diff --git a/release/doc/ja_JP.eucJP/relnotes/common/artheader.sgml b/release/doc/ja_JP.eucJP/relnotes/common/artheader.sgml deleted file mode 100644 index 3cd139d72720..000000000000 --- a/release/doc/ja_JP.eucJP/relnotes/common/artheader.sgml +++ /dev/null @@ -1,19 +0,0 @@ -<!-- - FreeBSD Japanese Documentation Project - - $FreeBSD$ - - Original revision: 1.1.2.1 ---> - -<articleinfo> - <title>&os; &release.current; &arch; �����Ρ���</title> - - <corpauthor>FreeBSD �ץ���������</corpauthor> - - <copyright> - <year>2000</year> - <year>2001</year> - <holder role="mailto:doc@FreeBSD.org">FreeBSD �ɥ�����ơ������ץ���������</holder> - </copyright> -</articleinfo> diff --git a/release/doc/ja_JP.eucJP/relnotes/common/intro.sgml b/release/doc/ja_JP.eucJP/relnotes/common/intro.sgml deleted file mode 100644 index cbbd967535a2..000000000000 --- a/release/doc/ja_JP.eucJP/relnotes/common/intro.sgml +++ /dev/null @@ -1,43 +0,0 @@ -<!-- - FreeBSD Japanese Documentation Project - - $FreeBSD$ - - Original revision: 1.1.2.2 ---> - -<!-- - Introduction to the release notes, adapted from the - introduction to the old RELNOTES.TXT. ---> - -<sect1> - <title>�Ϥ����</title> - - <para>����ʸ��� &arch; �������ƥ������� &os; &release.current; - �Υ����Ρ��ȤǤ�. - ����ˤ� &release.prev; �ʹߤ��ɲ� (�ѹ�) - ���줿����ǽ����Ƥ��ޤ�.</para> - -<![ %release.type.snapshot [ - - <para>�����Ρ��Ȥ��оݤȤ��Ƥ��뤳�� &release.type; ��, - &release.branch; ��ȯ�֥����� - &release.prev; �� &release.next; ����������б����ޤ�. - ���Υ֥����ˤ����빽�ۺѤߤΥХ��ʥ� &release.type; - �� <ulink url="&release.url;"></ulink> ���������ǽ�Ǥ�.</para> - -]]> - -<![ %release.type.release [ - - <para>���� &os; &release.current �� &release.type; �ǤǤ���, - <ulink url="&release.url;"></ulink> - ����ӳƥߥ顼�����ȤǸ�������Ƥ��ޤ�. - &os; �� &release.type; �� (�ޤ��Ϥ���ʳ�) ������ˡ�ˤĤ��Ƥ� - <ulink url="http://www.FreeBSD.org/handbook/">FreeBSD - �ϥ�ɥ֥å�</ulink>��<ulink url="http://www.FreeBSD.org/handbook/mirrors.html">��Ͽ - <quote>&os; �����ꤹ��ˤ�</quote></ulink>������������.</para> - -]]> -</sect1> diff --git a/release/doc/ja_JP.eucJP/relnotes/common/new.sgml b/release/doc/ja_JP.eucJP/relnotes/common/new.sgml deleted file mode 100644 index da9c5edfb5d6..000000000000 --- a/release/doc/ja_JP.eucJP/relnotes/common/new.sgml +++ /dev/null @@ -1,807 +0,0 @@ -<!-- - FreeBSD Japanese Documentation Project - - $FreeBSD$ - - Original revision: 1.22.2.86.2.1 ---> - -<!-- - The "What's New" section of the release notes. Within - each subsection (i.e. kernel, security, userland), list - items in chronological order, unless necessary to keep - related items together, such as multiple release notes - pertaining to a single program or module. - ---> - -<sect1> - <sect1info> - <pubdate>$FreeBSD$</pubdate> - </sect1info> - - <title>��������</title> - - <para>������Ǥ� &release.prev; �ʹߤ˿������ɲá��ѹ����줿 - �桼���˱ƶ����뵡ǽ�ˤĤ����������ޤ�.</para> - - <para>&os; �˲ä���줿�ѹ����Τ���, - ���ڡ������Թ�夳���˽�Ƥ��ʤ���Τ�¿��¸�ߤ��ޤ�. - �����Ϥ��Ȥ���ʸ��ν��������, �����ƶ��ξ������Х��ν���, - �ƺ��Ǹ��Ĥ��ä��������ƥ��幥�ޤ����ʤ���������ǽ줿�����ɤν���, - �����������ɤ������ʤɤǤ�.</para> - - <para>�����Ρ��Ȥι��ܤ�, �礭�����Ĥ��ᤫ�鹽������Ƥ��ޤ�. - �ޤ� <xref linkend="kernel"> �ˤ� &os; - �����ͥ�˲ä���줿�ǿ����ѹ�������Ƥ��ޤ�. - ������ <xref linkend="security"> - �ˤϥ������ƥ������ޤॻ�����ƥ���ν�����, - �Ǹ�� <xref linkend="userland"> �ˤ� &os; - �Υ١��������ƥ�˴ޤޤ�Ƥ���桼�����ɥ��ץꥱ�������� - �ѹ������ޤȤ���Ƥ��ޤ�.</para> - - <sect2 id="kernel"> - <title>�����ͥ���ѹ���</title> - - <para>&man.open.2; ����� &man.fcntl.2; �� - <literal>O_DIRECT</literal> �ե饰���ɲä���ޤ���. - �ե����륪���ץ���ˤ��Υե饰�����ꤹ���, - �ɤ߽��Υ���å���αƶ���Ǿ������ޤ�.</para> - - <para>&man.orm.4; �ǥХ������ɲä���ޤ���. - �����¾�Υɥ饤�Ф����ä� ROM �ȽŤʤä����ɥ쥹�������Ƥ뤳�ȤΤʤ��褦, - ISA ���� I/O ������Υ��ץ���� ROM ��������뤿��Τ�ΤǤ�.</para> - - <para>�ǥåɥ��å����뤿��, - ����å��ΰ������Υץ�������λ�����ϸŤ��ץ���������Ԥʤ���褦�ˤʤ�ޤ���. - ����ˤ��ν�λ�����Ǥ�, - �ץ������������η���ɬ�פʥ���å��ΰ���θ�������褦�ˤʤ�ޤ���.</para> - - <para>�ͥåȥ���ǥХ����Υ������˥������˼�������, - ��������Ѥ���褦�� &man.gif.4; �ǥХ������ѹ�����ޤ���. - ���Τ���ǥХ����������ɲä��������� - �����ͥ륳��ե����졼�����ե���������Ѥ�������� - &man.gif.4; ����ꤹ��ΤǤϤʤ�, - &man.ifconfig.8; �� <option>create</option> - ���ץ�����ȤäƤ�������.</para> - - <para>&man.ddb.4; �˿����ʥ��ޥ�� <command>hwatch</command> - <command>dhwatch</command> ��Ƴ������ޤ���. - �������ƥ����㤬�б����Ƥ���ɬ�פ�����ޤ���, - ������ (���եȥ����������å��ݥ���Ȥ����ꤹ��) - <command>watch</command> ����� <command>dwatch</command> - �Τ褦�˥ϡ��ɥ����������å��ݥ���Ȥ����ꤹ�뤿��Τ�ΤǤ�.</para> - - <para>������ &man.nmdm.4; �̥��ǥ�ü���ɥ饤�Ф��ɲä���ޤ���.</para> - - <para>&man.stl.4; �ɥ饤�Ф� - Signetics SC26C194/8 Intelligent Quad/Octal UART �١����� - Stallion Technologies ���� - PCI/ISA EasyIO �ޥ���ݡ��ȥ��ꥢ�륫���ɤ��б����ޤ���.</para> - - <para arch="i386">&os; �֡��ȥ��������Ф���, - �����ե��åԤ���쥻�������ѹ��ΤǤ���ͭ���� MS-DOS BPB �����ꤷ�Ƥ��� - IBM BIOS �Ǥε�ư���б����뤿��ν������Ԥʤ��ޤ���. - <!-- hrs: need to be revised here --></para> - - <para arch="alpha">CDROM ����� &os; �ε�ư��Ĺ����¸�ߤ��Ƥ����Х�����������ޤ���. - ����ˤ��, AlphaServer 1200 �Τ褦�ʥޥ���⥤�ȡ��� CDROM, - fixit CDROM ���鵯ư�Ǥ���褦�ˤʤäƤ��ޤ�.</para> - - <sect3> - <title>�ץ����å����ޥ����ܡ��ɤ��б�����</title> - - <para arch="i386">Transmeta Crusoe, Transmeta Crusoe LongRun - �Ȥ��ä�, �������ץ����å��θ��Х����ɤ��ɲä���ޤ���.</para> - - <para arch="alpha">��ư�ե��åԥǥ����������̤����¤���Ƥ��뤿��, - ���ȡ����ѥ����ͥ뤫�� DEC3000 TurboChannel - �١����Υޥ���ؤ��б����������ޤ���. - �ޤ�, Ʊ�ͤ���ͳ�� - &man.ncr.4;, &man.sa.4;, &man.amr.4;, &man.plip.4;, - &man.le.4;, &man.pcn.4;, &man.wx.4;, and &man.sl.4; - �γƥɥ饤�Ф⥤�ȡ����ѥ����ͥ뤫��������Ƥ��ޤ�. - &man.ncr.4; �ɥ饤�Ф��б����Ƥ��� Symbios ���������ץ���, - ���٤ƤǤϤ���ޤ������� &man.sym.4; - �ɥ饤�Ф��б����Ƥ��ޤ�.</para> - - <para arch="i386">Streaming <acronym>SIMD</acronym> Extensions - (<acronym>SSE</acronym>) ��Ƴ������ޤ���. - SSE �б����ͥ���Ȥ߹��फ�ɤ���������� - <literal>CPU_ENABLE_SSE</literal> �����ͥ륪�ץ����ǹԤʤ����Ȥ��Ǥ��ޤ�.</para> - - <para arch="alpha"> &os; �� - Whitebox (NT-only) AlphaServer 530x �ޥ�����б����ޤ���. - &os; �����̤ɤ���, AlphaBIOS �ǤϤʤ� SRM ���鵯ư���ޤ�. - &os; �ǻ��Ѥ��� SCSI �����ץ��� ID 0 �ˤʤäƤ��뤳�Ȥ��ǧ���Ƥ�������.</para> - </sect3> - - <sect3> - <title>�ͥåȥ�������ե��������б�����</title> - - <para>&man.fxp.4; �ɥ饤�Фϥ����ͥ륳��ե����졼�����ե������ - <literal>device miibus</literal> �Υ���ȥ��ɬ�פȤ���褦�ˤʤ�ޤ���.</para> - - <para>&man.wx.4; �ɥ饤�Ф� Intel PRO1000-F ����� - PRO1000-T (10/100/1000) �����ץ����б����ޤ���.</para> - - <para>&man.an.4; �ɥ饤�Ф� Cisco Aironet 350 - ������Υ����ץ����б���, �����Ĥ��Х��������Ԥʤ��ޤ���. - promiscuos �⡼�ɤ�ư���褦�ˤʤ�, - <literal>up</literal> �����������ꤹ�뤳�Ȥ��Ǥ���褦�ˤʤäƤ��ޤ�.</para> - - <para>&man.xl.4; �ɥ饤�Ф� - VLAN �����ե졼��μ������б����ޤ��� - (������ <quote>Cyclone</quote> ���åץ��åȤ����, - ����ʹߤο��������åץ��åȤΤ�).</para> - - <para>&man.ti.4; �ɥ饤�Ф� VLAN �������������ޥ�������褦�ˤʤ�ޤ���.</para> - - <para>National Semiconductor DP83820 ����� DP83821 - �����ӥåȥ������ͥåȥ���ȥ�������åפ�١����Ȥ��� - PCI �����ӥåȥ������ͥåȥ����ץ����б����� - &man.nge.4; �ɥ饤�Ф��������ɲä���ޤ���. - ����� D-Link DGE-500T, SMC EZ Card 1000 (SMC9462TX), - Asante FriendlyNet GigaNIC 1000TA ����� 1000TPC, - Addtron AEG320T ���б����Ƥ��ޤ�. - �ޤ�, ���Υɥ饤�Ф������������å�����Υ��ե����ɵ�ǽ���б����Ƥ��ޤ�.</para> - - <para>Level 1 LXT1001 NetCellerator - �����ӥåȥ������ͥåȥ���ȥ�������åפ��б����� - &man.lge.4; �ɥ饤�Ф��������ɲä���ޤ���. - ���Υɥ饤�Ф� SMC, D-Link, Addtron - ���θ��ե����Х����ӥåȥ������ͥåȥ����ɤ����Ѥ��뤿��˻Ȥ����ΤǤ�. - Jumbograms ����Ӽ������� TCP/IP �����å�����Υ��ե����ɵ�ǽ���б����Ƥ��ޤ���, - �ϡ��ɥ����� VLAN �ե��륿�ˤ��б����Ƥ��ޤ���.</para> - - <para>The &man.tx.4; �ɥ饤�Ф������� - SMC 9432FTX ���ե����� NIC ���б����ޤ���.</para> - - <para>&man.ed.4; �ɥ饤�Ф�, NetGear FA-410TX �ʤɤ����Ѥ��Ƥ��� - D-Link DL10022 ���åפ��б����ޤ���. - ���Τ��� &man.ed.4; ����Ѥ���ݤϥ����ͥ륳��ե����졼�����ե������ - <literal>device miibus</literal> ���ɲä��ʤ���Фʤ�ʤ��ʤäƤ��ޤ�.</para> - - <para>&man.txp.4; �ɥ饤�Ф��ɲä���ޤ���. - ����� 3Com 3XP Typhoon/Sidewinder (3CR990) ���åץ��åȥ١����� - �ͥåȥ�������ե��������б����Ƥ��ޤ�.</para> - </sect3> - - <sect3> - <title>�ͥåȥ���ץ��ȥ���</title> - - <para>&man.rc.conf.5; ��ɸ������ˤ����� - TCP �� RFC 1323 ��ĥ��ͭ���������褦�ˤʤ�ޤ���.</para> - - <para>��³����Ω������, �����ܤ� SYN - �������Ȥ�������ޤǤ�ȿ�����ʤ��ä����� - RFC 1323 ����� RFC 1644 �� TCP ��ĥ��̵���������褦�ˤʤ�ޤ���. - ����ư��� VJ �إå����̤μ����˥Х������� - (���˸Ť�) �����ߥʥ륵���Ф��б����뤿��Τ�ΤǤ�.</para> - - <para><literal>TCP_RESTRICT_RST</literal> �����ͥ륪�ץ���������ޤ���. - Ʊ�ͤε�ǽ�� sysctl �ѿ� - <varname>net.inet.tcp.blackhole</varname> �Ǽ¸���ǽ�Ǥ�.</para> - - <para>����³���Ф��� TCP - �ƥ�ץ졼�ȹ�¤�ΤΥ��������Ƥ�Ԥʤ�ʤ��褦�� - TCP �������ѹ�����ޤ���. - �����¿������³���絬�ϥ����ƥ�ˤ����ƥХåե��λ����̤��㸺���ޤ�.</para> - - <para>sysctl �ѿ� <varname>net.inet.ip.check_interface</varname> - ���������ɲä���ޤ���. �����ɸ������� off �ˤʤäƤ���, - �ѥ��åȤ������襢�ɥ쥹�Ȱ��פ��륢�ɥ쥹����ä������ե������� - �ѥ��åȤ����夷�����ɤ��� IP ��٥�ǥ����å���Ԥʤ��ޤ�.</para> - - <para>IP �ѥ��åȤ� ID �ե�����ɤ���������� - <literal>options RANDOM_IP_ID</literal> - �����ͥ륪�ץ�����ɲä���ޤ���. - ����ϥ�⡼�Ȥδ�¬�Ԥ�, - �������ѥ��åȤ��Ф��ư�Ĥ��ĥ�����Ȥ����ä�����Ȥ���ɸ��Ū��ư��� - �ޥ���Υѥ��å�����®�٤����Ǥ��ʤ��褦�ˤ����ΤǤ�.</para> - </sect3> - - <sect3> - <title>�ǥ���������������</title> - - <para arch="i386">The &man.asr.4; �ɥ饤�Ф� - Adaptec 2000S, 2005S Zero-Channel RAID ����ȥ�������б����ޤ���.</para> - - <para arch="i386">The &man.aac.4; �ɥ饤�Ф� - Adaptec SCSI RAID 5400S ����ȥ�������б����ޤ���.</para> - - <para>&man.ata.4; - �ɥ饤�Ф�ɸ������ǽ��ߥ���å��夬ͭ���������褦�ˤʤ�ޤ���.</para> - - <para>&man.wd.4; �ߴ��ǥХ����� - &man.ata.4; �ɥ饤�Ф���������ޤ���.</para> - - <para arch="alpha"> - AlphaServer DS10 ����� AlphaServer DS20 ��, - �ե��åԥǥ������ɥ饤�֤ؤΥ��������������ư��ޤ���. - DS10 �Ϥ�������Υ��顼�����Ϥ���, - DS20 �Ǥϥޥ��۾���ߤ��ޤ�.</para> - </sect3> - - <sect3> - <title>�ե����륷���ƥ�</title> - - <para arch="i386">�����ͥ뤬 smbfs (CIFS) ���б����ޤ���. - �桼������¦�Υե����륷���ƥ�ޥ���ȥ桼�ƥ���ƥ��� - &os; Ports Collection �ˤ��� - <port>net/smbfs</port> �� port �˴ޤޤ�Ƥ��ޤ�.</para> - - <para>����ʥǥ��쥯�ȥ��Ѥ�, - <literal>dirhash</literal> - �ȸƤФ��ñ��ʥϥå����١����Ȥ���������Ψ���������ɲä���ޤ���. - <literal>UFS_DIRHASH</literal> - �����ͥ륪�ץ���������ˤ��, - �����¿��;ʬ�˻ȤäƵ���ʥǥ��쥯�ȥ�����®�٤���夵���뤳�Ȥ���ǽ�Ǥ�.</para> - </sect3> - - <sect3> - <title>PCCARD �б�����</title> - - <para>���Ū�������ޥ����¿����, PCCARD �ǥХ����γ����ߤ� - ISA �⤷���� PCI �Τ����줫�γ����߷�ϩ�����ꤹ�뤳�Ȥ���ǽ�ˤʤ�ޤ���. - &man.pcic.4; �ɥ饤�Ф���������, �����ˤ���ξ���γ����߷�ϩ���б� - (������ ISA �Τߤ��б��Ǥ���) ���Ƥ��ޤ�. - �ۤȤ�ɤΥ�åץȥå� PC �ˤ����� PCMCIA - �ǥХ��������꤬��ñ�ǽ���˹Ԥʤ���褦�ˤʤäƤ��ޤ�. - �ޤ�, ���ޤ��ޤ��� PCI �Х���Ȥä� Cardbus �֥�å� (Orinoco �Ҥ� PCI NIC - �ǻȤ��Ƥ��ޤ�) �ˤ��б����ޤ���. - PCI �����߷�ϩ���椬������, - �ޥ���ΰ۾���ߤ�ѥ˥å��������꤬ȯ�������Τ⤢��ޤ���, - ���ξ��Ͻ���� ISA �����߷�ϩ��������ꤹ�뤳�Ȥ��������Ǥ����ǽ��������ޤ�. - ���κݤˤ� <filename>/boot/loader.conf</filename> - �ˤ��뼡�ιԤ�����Ƥ�������.</para> - - <programlisting>hw.pcic.intr_path="1" -hw.pcic.irq="0"</programlisting> - - <para>&os; �������ȯ������ޥ���˥��ȡ��뤹��ݤ�, - ���ֺǽ�ε�ư��, �֡��ȥ������˼��ιԤ����Ϥ�����ɤ��Ǥ��礦.</para> - - <screen><prompt>ok</prompt> <userinput>set hw.pcic.intr_path="1"</userinput> -<prompt>ok</prompt> <userinput>set hw.pcic.irq="0"</userinput></screen> - - <para>PCCARD �μ��Ф����ˤ��ޤ˰۾���ߤ���褦�ʾ���, - ���Τ褦�ˤ��뤳�ȤǤ����������뤳�Ȥ��Ǥ��ޤ�.</para> - - <screen><prompt>#</prompt> <userinput>pccardc power 0 <replaceable>slot</replaceable></userinput></screen> - </sect3> - - <sect3> - <title>�ޥ����ǥ����ؤ��б�����</title> - - <para arch="i386">Advance Logic ALS4000 �ѥɥ饤�Ф��������ɲä���ޤ���.</para> - </sect3> - - <sect3> - <title>��£���եȥ�����</title> - - <para><application>IPFilter</application> �� - �С������ 3.4.20 �˹�������ޤ���.</para> - - <sect4 arch="i386"> - <title>isdn4bsd</title> - - <para><application>isdn4bsd</application> �� - �С������ 1.0.1 �˹�������ޤ���. - ���ι����ˤ��, - &man.i4bisppp.4; (�����ͥ� PPP over ISDN) - �ɥ饤�Ф���Ѥ��Ƥ������, - �ͥåȥ�������ե����������������κݤ� - &man.spppcontrol.8; �ǤϤʤ� &man.ispppcontrol.8; - ��<emphasis>�Ȥ�ʤ���Фʤ�ʤ�</emphasis>�ʤäƤ��ޤ�.</para> - - <para>Cologne Chip Designs HFC �ǥХ����� - <application>isdn4bsd</application> ���б������� - &man.ihfc.4; �ɥ饤�Ф��������ɲä���ޤ���.</para> - - <para>NETjet-S / Teles PCI-TJ �ǥХ����� - <application>isdn4bsd</application> ���б������� - &man.itjc.4; �ɥ饤�Ф��������ɲä���ޤ���.</para> - - <para>�¸�Ū�ʤ�ΤǤ���, - &man.isic.4; <application>isdn4bsd</application> �ɥ饤�Ф� - Eicon.Diehl DIVA 2.0 ����� 2.02 ISA PnP ISDN �����ɤ��б����ޤ���.</para> - - <para>&man.i4bcapi.4; ����� &man.iavc.4; �ɥ饤�Фˤ�� - AVM ���� Active CAPI �١����� ISDN �����ɤ��б����ޤ���. - �б����Ƥ��륫���ɤ� - AVM B1 PCI/AVM B1 ISA Basic Rate ������, - AVM T1 Primary Rate �����ɤǤ�.</para> - - <para>&man.isdnd.rc.5; �ե�����˿����ʥ������ - <literal>maxconnecttime</literal> ���ɲä���ޤ���. - ����ϰ�Ĥ���³�������ץ���֤ˤ�����֤����¤��ޤ�.</para> - </sect4> - - <sect4 id="kame-kernel"> - <title>KAME</title> - - <para>IPv6 �����å��� KAME �ץ��������Ȥ� - 2001 ǯ 5 �� 28 ���Υ��ʥåץ���åȤ�١����Ȥ�����Τˤʤ�ޤ���. - ������ι��ܤΤۤȤ�ɤ�, ���줬�����ޤ줿���Ȥˤ���ΤǤ�. - KAME IPv6 �����å��Υ桼�����ɤˤ����빹������� - <xref linkend="kame-userland"> �˽�Ƥ��ޤ�.</para> - - <para>&man.gif.4; �� RFC 1933 �ǤϤʤ� RFC 2893 ���Τ�Τˤʤ�ޤ���. - ���쥹�ե��륿������� - <literal>IFF_LINK2</literal> - �����ե������ե饰�ǹԤʤ����Ȥ���ǽ�Ǥ�.</para> - - <para><application>IPSec</application> ��¿�����ɤ���, - Rijndael, SHA2 ���르�ꥺ������ѤǤ���褦�ˤʤ�ޤ���. - �õ�������Τ��� IPSec �� RC5 �б��Ϻ������Ƥ��ޤ�.</para> - - <para>&man.stf.4; �� RFC 3056 �˽��, - ���쥹�ե��륿������� - <literal>IFF_LINK2</literal> - �����ե������ե饰�ǹԤʤ���褦�ˤʤ�ޤ���.</para> - - <para>IPv6 ��ʪ���ͥåȥ����������ʥ��ɥ쥹 - (�롼�ץХå����ɥ쥹�ʤ�) ��̩�˥����å�����褦�ˤʤ�ޤ���.</para> - - <para><varname>IPV6_V6ONLY</varname> - �����åȥ��ץ����˴����б����ޤ���. - ���Υ��ץ����˴ؤ��륫���ͥ��ɸ��ư��� - sysctl �ѿ� <varname>net.inet6.ip6.v6only</varname> - �ˤ�ä����椵��ޤ�.</para> - - <para>RFC 3041 (Privacy Extensions for Stateless Address - Autoconfiguration) ���б����ޤ���. - ����� sysctl �ѿ� - <varname>net.inet6.ip6.use_tempaddr</varname> - ��ͭ�������뤳�Ȥ��Ǥ��ޤ�.</para> - </sect4> - </sect3> - </sect2> - - <sect2 id="security"> - <title>�������ƥ���Ϣ�ν���</title> - - <para>�������ƥ����� FreeBSD-SA-01:39 �ǽҤ٤��Ƥ��� - TCP ������������ֹ���������˴ؤ��뽤����, - �ߴ���������ˤʤ��ǽ��������ޤ�. - ��������Ǥ���褦, ���ν����� sysctl �ѿ� - <varname>net.inet.tcp.tcp_seq_genscheme</varname> - ��ͭ������̵���������椬�Ǥ���褦�ˤʤäƤ��ޤ�.</para> - - <para>(�Ƶ�Ū�˥ե����륷���ƥ��õ�����륢�ץꥱ�������ǻȤ���) - &man.fts.3; �롼�����¸�ߤ��Ƥ���, - ���ꤷ���ǥ��쥯�ȥ곬�ؤγ��ˤ���ե���������뤳�Ȥ���ǽ�Ǥ���, - �Ȥ����������ƥ���μ�������������ޤ���. - (�������ƥ����� FreeBSD-SA-01:40 ����).</para> - - <para>&man.portmap.8; ��ɸ���̵���ˤʤ�ޤ���. - ������ NFS �����ӥ�, NIS �����ӥ�, &man.amd.8; �����ӥ��� - &man.rc.conf.5; ��ͳ��ͭ������������, - ��ưŪ�� &man.portmap.8; ���¹Ԥ���ޤ�.</para> - - <para>�ƥץ��������� exec ���줿�ҥץ������ˤ�����, - �ºݤˤϤ����Ĥ��Υ����ʥ�ϥ�ɥ餬���ΤޤޤˤʤäƤ��ޤ���٤���������ޤ��� - (�������ƥ����� FreeBSD-SA-01:42 ����). - ����ԤϤ�������Ѥ��� setuid - ���줿�Х��ʥ�θ��¤�Ǥ�դΥ����ɤ�¹ԤǤ��ޤ�.</para> - - <para>&man.tcpdump.1; �˴ޤޤ�Ƥ���, - ��⡼�Ȥ��鰭�Ѳ�ǽ�ʥХåե������Хե������꤬��������ޤ���. - (�������ƥ����� FreeBSD-SA-01:48 ����). </para> - - <para>&man.telnetd.8; �˴ޤޤ�Ƥ���, - ��⡼�Ȥ��鰭�Ѳ�ǽ�ʥХåե������Хե������꤬��������ޤ���. - (�������ƥ����� FreeBSD-SA-01:49 ����). </para> - - <para>sysctl �ѿ� <varname>net.inet.ip.maxfragpackets</varname> - ����� <varname>net.inet.ip6.maxfragpackets</varname> - �������˲ä����ޤ���. - ������ IPv4, IPv6 �ѥ��åȤΥե饰���Ȥ���������̤ξ�¤����ꤷ, - �����Υ����ӥ�˸��������ɤ�����Τ�ΤǤ� - (�������ƥ����� FreeBSD-SA-01:52 ����)</para> - - <para>&man.sysinstall.8; - �ο������ȡ���������٤�<quote>�������ƥ��ץ��ե�����</quote>�ο��� - 2 ����˸��餵��ޤ���.</para> - - <para><filename>inetd.conf</filename> �ˤ����뤹�٤ƤΥ����ӥ��� - ɸ��ο������ȡ����̵���������褦�ˤʤ�ޤ���. - �ޤ� &man.sysinstall.8; �Ǥ�, - <filename>inetd.conf</filename> ���Խ���ǽ�˲ä��� - &man.inetd.8; ���Τ�Τ�ͭ����/̵�����������ɲä���Ƥ��ޤ�.</para> - - <para>������ (point-to-point) ��ˤ����� &man.ipfw.8; <literal>me</literal> - �롼������η�٤���������ޤ���. - ������ <literal>me</literal> - �ե��륿�롼��������֥����ե������Υ�������¦ IP ���ɥ쥹�����Ǥʤ�, - ��⡼��¦ IP ���ɥ쥹�ˤ�ޥå����Ƥ��ޤ��ޤ� (�������ƥ����� - FreeBSD-SA-01:53 ����).</para> - - <para>&man.procfs.5; �ˤ��ä��������ƥ���μ�������������ޤ���. - ����ϥץ���������¾�Υץ������Υ�����֤ˤ��뵡̩������ɤळ�Ȥ��Ǥ���褤����ΤǤ� - (�������ƥ����� FreeBSD-SA-01:55 ����).</para> - - <para><application>tcp_wrappers</application> �ˤ��� - <literal>PARANOID</literal> - �ۥ���̾�����å���ǽ���������ư���褦�ˤʤ�ޤ��� - (�������ƥ����� FreeBSD-SA-01:56 ����).</para> - - <para>�������뤫�鰭�Ѳ�ǽ�� &man.sendmail.8; �Υ������ƥ���μ�������������ޤ��� - (�������ƥ����� FreeBSD-SA-01:57 ����).</para> - - <para>��⡼�Ȥ��� root ���¤�������å�����Ȥ���ǽ�� - &man.lpd.8; �Υ������ƥ���μ�������������ޤ��� - (�������ƥ����� FreeBSD-SA-01:58 ����).</para> - - <para>&man.rmuser.8; ��¸�ߤ��Ƥ���������֤���������ޤ���. - ��������˸¤�줿���֤Ǥ��� - <filename>/etc/master.passwd</filename> - ��ï�Ǥ��ɤ߹��߲�ǽ�ʾ��֤ˤʤ�Ȥ�����ΤǤ� - (�������ƥ����� FreeBSD-SA-01:59 ����). </para> - - <para>ɸ��Υ����ƥ�ѥ���¸�ߤ���, <username>root</username> - ����ͭ�ԤȤʤäƤ��ʤ�������Х��ʥ�� - <literal>schg</literal> �ե饰�����ꤵ���褦�ˤʤ�ޤ���. - ����� &man.cron.8; ���ͳ������, ���뤤�� - <username>root</username> - �桼���䤽�ΥХ��ʥ��ͭ�ʳ��Υ桼������¹Ԥ�, - ���ΥХ��ʥ���Ѥ��뤳�Ȥ��ɤ�����Ǥ�. - �ޤ� <filename>/etc/periodic/daily/410.status-uucp</filename> ���� - �¹Ԥ���� &man.uustat.1; ��, - <username>root</username> ���¤ǤϤʤ� - <username>uucp</username> �桼�����¤Ǽ¹Ԥ����褦���ѹ�����Ƥ��ޤ�.</para> - - <para>&man.semop.2; - �����ƥॳ�����¸�ߤ��Ƥ����Хåե������Хե�������ˤ�� - �������ƥ��ۡ��뤬��������ޤ���.</para> - </sect2> - - <sect2 id="userland"> - <title>�桼�����ɤ��ѹ���</title> - - <para>&man.ip6fw.8; - �˥ե������ɤ߹����Υץ�ץ����å���ǽ�� - <option>-q</option> (quiet) �ե饰���������ɲä���ޤ���.</para> - - <para>&man.ping.8; ��, ���Хѥ��åȤ� TTL �����ꤹ�� - <option>-m</option> ���ץ�����ɲä���ޤ���.</para> - - <para>&man.ln.1; ��, �����оݥե����뤬����ä����� - ����ɤ�ʤ��褦�ˤ��� <option>-h</option> ���ץ����ե饰���ɲä���ޤ���. - �ޤ�, ¾�μ����Ȥθߴ�������뤿�� <option>-n</option> - ���ץ����ե饰��Ʊ����Ū�ǻ��Ѳ�ǽ�Ǥ�.</para> - - <para>&man.find.1; �˥ե�����Υ����ॹ����פ���Ӥ��뤿��ο��������ץ���� - <option>-anewer</option>, - <option>-cnewer</option>, <option>-mnewer</option>, - <option>-okdir</option>, <option>-newer[acm][acmt]</option> - ���ɲä���ޤ���.</para> - - <para>ELF ưŪ��Ǥ��� &man.rtld.1; �Υѥե����ޥ����夷�ޤ���.</para> - - <para>&man.ifconfig.8; ���ޥ�ɤ� CIDR �� / ������Ѥ�����ˡ���б����ޤ���.</para> - - <para>&man.c89.1; �������륹����ץȤ���Х��ʥ�¹ԥե�������֤��������, - �����Ĥ����ä������ʥХ�����������ޤ���.</para> - - <para>&man.vidcontrol.1; �� - &man.syscons.4; �����Хåե��Υ��ʥåץ���åȤ�Ȥ뤿��ο��������ץ���� - <option>-p</option> ���ɲä���ޤ���. - ���Υ��ץ����ˤ�륹�ʥåץ���åȤ�, - Ports Collection �˴ޤޤ�� - <port>graphics/scr2png</port> �桼�ƥ���ƥ������뤳�Ȥ��Ǥ��ޤ�.</para> - - <para>&man.vidcontrol.1; �ˤ�����, - �ե���ȥ����ɻ��Υե���ȥ�����������ά�Ǥ���褦�ˤʤ�ޤ���. - �ޤ�, ���顼������ʬ�ˤ����Ĥ��β��ɤ�ä����Ƥ��ޤ�.</para> - - <para>&man.telnet.1; �˿��������ץ���� - <option>-u</option> ���ɲä���ޤ���. - ����� UNIX �ɥᥤ�� (<literal>AF_UNIX</literal>) - �����åȤؤ���³���ǽ�ˤ����ΤǤ�.</para> - - <para>&man.newfs.8; ��, �������ե����륷���ƥ�� - softupdates ��ǽ��ͭ�������� <option>-U</option> - ���ץ����ե饰���ɲä���ޤ���.</para> - - <para><filename>libcrypt</filename> �� Blowfish - �ѥ���ɥϥå�����б����ޤ���.</para> - - <para>&os; �����뤬�����饤�ʸ���б����ޤ���.</para> - - <para>2GB �ʾ�� RAM ����ܤ����ޥ���Ǥ� - &man.savecore.8; �������ư���褦�ˤʤ�ޤ���.</para> - - <para>&man.faithd.8; ���б����뤿��� &man.inetd.8; ʸˡ��, - ¾�� BSD �ȸߴ����Τ����Τ��ѹ�����ޤ���.</para> - - <para>&man.inetd.8; �� <literal>ident</literal> - �ץ��ȥ����б������ܡ���������ޤ���.</para> - - <para>&man.inetd.8; �� UNIX �ɥᥤ���åȤ��б����ޤ���.</para> - - <para>&os; �� &man.resolver.3; ������ EDNS0 ���б����ޤ���. - ����� IPv6 �б��� resolver, DNS �����ФȤ�ư���ɬ�פȤʤ��ΤǤ�.</para> - - <para>&man.df.1; �˿��������ץ���� <option>-l</option> ���ɲä���ޤ���. - ����ϥ�������˥ޥ���Ȥ��줿�ե����륷���ƥ�ξ���Τߤ�ɽ�����ޤ�.</para> - - <para>&man.whois.1; ��, IP ���ɥ쥹���䤤��碌�� - ARIN ������褦���ѹ�����ޤ���. - <option>-Q</option> ���ץ�����ꤵ��Ƥ��餺, - ARIN �ؤ��䤤��碌�� APNIC �⤷���� RIPE - ���Ȥ�����ˤ�, Ŭ�ڤʥ����Ф˺��䤤��碌���Ԥʤ��ޤ�.</para> - - <para>&man.dump.8; �� <option>-T</option> ���ץ����, - ��³���륪�ץ�����;�פ�̵�������Ƥ��ޤäƤ������꤬��������ޤ���.</para> - - <para>&man.dump.8; �˿��������ץ���� <option>-D</option> ���ɲä���ޤ���. - ����ˤ�� <filename>/etc/dumpdates</filename> - �ե�����ѥ����ѹ�����ǽ�ˤʤ�ޤ�.</para> - - <para><filename>libfetch</filename> �� - <envar>HTTP_USER_AGENT</envar> �Ķ��ѿ����б����ޤ���.</para> - - <para>�������饤�֥��ؿ� &man.getprogname.3;, - &man.setprogname.3; ���ɲä���ޤ���. - �����ϸ��¹Ԥ���Ƥ���ץ������Υץ������̾�����뤿��Τ�Τ�, - ���顼���롼����ǽ��Ϥ˰������������뤿��˻��Ѥ���ޤ�.</para> - - <para>&man.xargs.1; �˿��������ץ���� <option>-J</option> - <replaceable>replstr</replaceable> ���ɲä���ޤ���. - �����ɸ�����Ϥ����ɤ߹��ޤ줿�ǡ����ޥ�ɥ饤������κǸ�ǤϤʤ�, - ���ꤷ��������������褦�����椹�뤿��Τ�ΤǤ�.</para> - - <para>&man.ifconfig.8; ���ޥ�ɤ� - IEEE 802.11 ̵���ͥåȥ���ǥХ����Υѥ���������б����ޤ���. - �б����Ƥ���Τ� &man.wi.4; ����� &man.an.4; �ǥХ����Ǥ�.</para> - - <para>&man.ifconfig.8; ���ޥ�ɤϥǥե���Ȥ��б���ǥ����Υꥹ�Ȥ� - ɽ�����ʤ��褦���ѹ�����ޤ���. - �ꥹ�Ȥ�ɽ���� <option>-m</option> ���ץ����������˹Ԥʤ��ޤ�.</para> - - <para>&man.lpd.8; �˿��������ץ��������ɲä���ޤ���. - <option>-c</option> ���ץ����ե饰�� - ���٤Ƥ���³���顼�Υ����� &man.syslogd.8; ������, - <option>-W</option> ���ץ����ե饰��ͽ��Ѥߥݡ��Ȱʳ��������³����Ĥ��ޤ�.</para> - - <para>&man.lpc.8; �˲��ɤ��ä����ޤ���. - <command>lpc clean</command> ��¿��������ư���褦���ѹ�����, - ������Ƴ�����줿 <command>lpc tclean</command> ���ޥ�ɤˤ��, - <command>lpc clean</command> ���ޥ�ɤǺ�������ե����������å����뤳�Ȥ��Ǥ��ޤ�.</para> - - <para>&man.du.1; �˿��������ץ���� <option>-I</option> ���ɲä���ޤ���. - ����ϻ��ꤵ�줿�����륰���֤˥ޥå�����ե����롦���֥ǥ��쥯�ȥ��̵�뤹�뤿��Τ�ΤǤ�.</para> - - <para>��Ĺ�� FFS �ե����륷���ƥ� &man.growfs.8; ���������ɲä���ޤ���. - �ޤ�, ��¸�Υե����륷���ƥ�Υ��������פ��� - &man.ffsinfo.8; �桼�ƥ���ƥ����ɲä���Ƥ��ޤ�.</para> - - <para>&man.mail.1; �˿��������ץ���� <option>-E</option> ���ɲä���ޤ���. - �������ʸ�����Υ�å��������������ʤ��褦�ˤ��뤿��Τ�ΤǤ�.</para> - - <para>&man.vidcontrol.1; ��, ���ꤷ�� tty ������Хåե��ꥢ���뿷�������ץ���� - <option>-C</option> ���ɲä���ޤ���. - �ޤ� <option>-h</option> ���ץ�����Ȥ����Ȥ�, - ����Хåե����礭�������ꤹ�뤳�Ȥ���ǽ�Ǥ�.</para> - - <para>&man.last.1; �� <option>-d</option> - ���ץ����ե饰���ɲä���ޤ���. - �����, �������������������˥������Ƥ����桼���� - <quote>���ʥåץ���å�</quote> ��ɽ�����ޤ�.</para> - - <para>�ѥ����ǧ�ڥϥå���饤�֥��������ǽ�ˤ��뤿��� - <filename>libcrypt</filename> �� - <filename>libdescrypt</filename> �����礵��ޤ���. - des �ϥå��奢�르�ꥺ���ѥ��뤷�ʤ����������Ū�ˤ��Ƥ��ʤ��¤�, - md5 �� des ��ξ���Υϥå��奢�르�ꥺ�ब���Ѳ�ǽ�Ǥ�.</para> - - <para>&man.install.1; �˿�¿���ο���ǽ���ɲä���ޤ���. - ����ˤϴ�¸���оݥե�����ΥХå����åפ�������� - <option>-b</option> ����� <option>-B</option> ���ץ����, - <quote>������</quote> (���ȥߥå��ʥ��ԡ�) ����Ԥʤ� - <option>-S</option> ���ץ������ɲä��ޤޤ�Ƥ��ޤ�. - ɸ��� <option>-c</option> (���ԡ�) ���ץ����ͭ���������褦�ˤʤ�, - <option>-D</option> (�ǥХå�) ���ץ������ѻߤ���ޤ���. - �ޤ�, &man.install.1; �� <option>-d</option> (�ǥ��쥯�ȥ����) - ���ץ����� <option>-C</option> (�ѹ����줿�ե�����Τߥ��ԡ�) - ���ץ����Ʊ���˻��ꤵ�줿���˷ٹ��ɽ������褦�ˤʤäƤ��ޤ�.</para> - - <para>&os; <filename>Makefile</filename> ����ե饹�ȥ饯���㤬 - NetBSD ��ͳ�褹�� <varname>WARNS</varname> �ؼ��Ҥ��б����ޤ���. - ���λؼ��Ҥ� <varname>CFLAGS</varname> - �˥���ѥ���ηٹ𥪥ץ����ե饰���ɲä��뤫�ɤ����� - ���Ū����ѥ���μ���˰�¸���ʤ��������椹�뤳�Ȥ��ǽ�ˤ����ΤǤ�.</para> - - <para>MS-DOS �ե����륷���ƥ�ΰ����������å�����桼�ƥ���ƥ� - &man.fsck.msdosfs.8; ���������ɲä���ޤ���.</para> - - <para>�������桼�ƥ���ƥ� &man.kldconfig.8; ���ɲä���ޤ���. - ����ˤ��, - �����ͥ�⥸�塼��θ����ѥ��������ñ�˹Ԥʤ����Ȥ��Ǥ��ޤ�.</para> - - <para>&man.moused.8; �˿��������ץ���� <option>-a</option> ���ɲä���ޤ���. - ����ϥޥ����ݥ��β�®�����椹�뤿��Τ�ΤǤ�.</para> - - <para>&man.ppp.8; ��, ������ - <literal>tcpmssfixup</literal> ���ץ�����ɲä���ޤ���. - ������������������ TCP SYN �ѥ��åȤ�Ĵ����, - ��������������ȥ������������ե������� MTU ��Ķ���ʤ��褦�ˤ��ޤ�.</para> - - <para>&man.sysctl.8; ��������, �ѿ�̾�Τߤ�ɽ�����뤿��Υ��ץ���� - <option>-N</option> ���б����ޤ���.</para> - - <para>&man.sysctl.8; �Υ��ץ���� - <option>-A</option> ����� <option>-X</option> - �Ϥ��줾�� <option>-ao</option> ����� <option>-ax</option> ���֤��������, - ����Υ��ץ������ѻߤ���ޤ���. - �ޤ�, ư�����ꤹ�� <option>-w</option> - ���ץ�����ɬ�������ʤ�����������ޤ���.</para> - - <para>&man.cdcontrol.1; ��������, - ���� CD �������˻��ꤷ������������Υȥ�å��ذ�ư���뤿��Υ��ޥ��, - <literal>next</literal> ����� <literal>prev</literal> - ���б����ޤ���.</para> - - <para>&man.col.1; �˿��������ץ���� - <option>-p</option> ���ɲä���ޤ���. - ����������ʥ���ȥ����륷����������������̲ᤵ���뤿��Τ�ΤǤ�.</para> - - <para><envar>TMPDIR</envar> ���Ѥ��� - &man.tmpnam.3; �ˤ��������ե�����ξ������Ǥ���褦�ˤʤ�ޤ���.</para> - - <para>&man.rc.8; �ϵ�ư����, - <filename>/var/run</filename> ����� - <filename>/var/spool/lock</filename> - �˴ޤޤ��ǥ��쥯�ȥ�Ǥʤ��ե�����٤ƺ������褦�ˤʤ�ޤ���.</para> - - <para>����ʸ����ΰ����������å�����ؿ� - &man.fmtcheck.3; ���������ɲä���ޤ���.</para> - - <para>&man.apmd.8; �˿���������ؼ��� - <literal>apm_battery</literal> ���ɲä���, - �Хåƥ��٥�Υ�˥����ǽ�����, - �Хåƥ���̤Υѡ�������̤�Ĥ���֤���Ȥ������ޥ�ɤμ¹Ԥ���ǽ�ˤʤ�ޤ���. - ������ˡ�� - <filename>/etc/apmd.conf</filename> �ˤ��륳���ȥ����Ȥ��줿�������������.</para> - - <para>&man.pppd.8; (�����ͥ� PPP �������ѥץ������) - �Υ��ȡ�����ε���°���� <literal>4555</literal> ���� <literal>4550</literal> ��, - ��ͭ��/���롼�פ� - <username>root</username><literal>:</literal><groupname>dialer</groupname> - ���ѹ�����ޤ��� (�Ĥޤ�, �¹ԤǤ���桼�������¤���ޤ���). - &man.pppd.8; �����Ѥ��Ƥ������, ���롼��������ѹ�����ɬ�פ�����ޤ�.</para> - - <para arch="alpha"> - &man.sysinstall.8; �ˤ����ƥ�˥塼������� <literal>/: write failed, file - system is full</literal> ��ɽ������뤳�Ȥ�����ޤ���, - ����� &man.sysinstall.8; - ��ư���ºݤΥ��ȡ��빩���˰��ƶ��Ϥ���ޤ���Τ�, ̵�뤷�Ƥ�������.</para> - - <para arch="alpha">Alpha �ޥ����Ǥ� - &man.savecore.8; �������ư���褦�ˤʤ�ޤ���.</para> - - <sect3> - <title>��£���եȥ�����</title> - - <para><application>BIND</application> �� - <literal>NOADDITIONAL</literal> ���ץ����ǹ��ۤ����褦�ˤʤ�ޤ���. - ������ɤ���������ߥ����Ф���, - &man.named.8; �ˤ�������ι⤤ư����뤿��Τ�ΤǤ�.</para> - - <para><application>BIND</application> ���С������ - 8.2.4-REL �˹�������ޤ���.</para> - - <para><application>Binutils</application> �� - 2.11.2 �˹�������ޤ���.</para> - - <para><application>bzip2</application> �С������ 1.0.1 �� import ����ޤ���. - ����ˤ��١��������ƥ�� &man.bzip2.1; �ץ�����प���, - <filename>libbz2</filename> �饤�֥�꤬Ƴ������ޤ���.</para> - - <para>The &man.ee.1; <application>Easy Editor</application> - ���С������ 1.4.2 �˹�������ޤ���.</para> - - <para>&man.file.1; ���С������ 3.36 �˹�������ޤ���.</para> - - <para>&man.gcc.1; �� - <envar>GCC_OPTIONS</envar> �Ķ��ѿ����б����ޤ���. - �����ѿ��ˤ� <application>GCC</application> - �Υǥե���ȥ��ץ�������ꤷ�ޤ�.</para> - - <para><application>GNATS</application> ���С������ - 3.113 �˹�������ޤ���.</para> - - <para><application>groff</application> ����Ӵ�Ϣ�桼�ƥ���ƥ�����������, - FSF �С������ 1.17.2 �ˤʤ�ޤ���. - ���� import �ˤ��, ���褢�ä����¤������˴��¤��� - &man.mdoc.7; �ޥ����ѥå����� - (<literal>mdocNG</literal> �ȸƤФ�Ƥ��ޤ�) - ���ɲä���Ƥ��ޤ�.</para> - - <para><application>libpcap</application> ���С������ - 0.6.2 �˹�������ޤ���. </para> - - <para><application>OpenSSL</application> ���С������ - 0.9.6a �˹�������ޤ���.</para> - - <para><application>sendmail</application> �ȴ�Ϣ�桼�ƥ���ƥ��� - �С������ 8.11.6 �˹�������ޤ���. - �ܺ٤ˤĤ��Ƥ� - <filename>/usr/src/contrib/sendmail/RELEASE_NOTES</filename> - ������������.</para> - - <para>&man.traceroute.8; ��, - �ǥե���Ȥκ��� TTL �ͤ� - <varname>net.inet.ip.ttl</varname> sysctl �ѿ���������褦�ˤʤ�ޤ���.</para> - - <para><application>tcpdump</application> ���С������ - 3.6.3 �˹�������ޤ���.</para> - - <sect4> - <title>CVSup</title> - - <para><application>CVSup</application> �� - &os; Ports Collection ���ɤ��Ȥ���桼�ƥ���ƥ��ΰ�ĤǤ�. - �����Ϥ���ȡ��뤹��ʣ���� port/package ��¸�ߤ��ޤ�����, - <port>net/cvsup-bin</port> ����� <port>net/cvsupd-bin</port> - ���ѻߤ���, <port>net/cvsup</port> �ˤʤ�ޤ���.</para> - - <para>&os; Ports Collection �� <port>net/cvsup</port> - ���饤�ȡ���Ǥ��� - <application>CVSup</application> �� 16.1_3 �˹�������Ƥ��ޤ�. - ���ι����Ǥ� 2001 ǯ 9 �� 9 �� 01:46:40 UTC - (UNIX epoch ���� 1,000,000,000 �ø�) - �ʹߤΤ��٤ƤΥե�����Υ����ॹ����פ˱ƶ�����, - Ĺ����¸�ߤ��Ƥ��� (������ɽ�̲����ʤ��ä�) - �Х�����������ޤ���.</para> - </sect4> - - <sect4 id="kame-userland"> - <title>KAME</title> - - <para>IPv6 �����å��� KAME Project �� 2001 ǯ 5 �� 28 ���Ť��� - IPv6 ���ʥåץ���åȤ�١����Ȥ�����Τˤʤ�ޤ���. - ������˽�Ƥ������ƤΤۤȤ�ɤ�, ���� import �ˤ���ΤǤ�. - KAME IPv6 �����å��˴ؤ��륫���ͥ�ؤ��ѹ����� - <xref linkend="kame-kernel"> �ˤ���ޤ�.</para> - - <para>&man.faithd.8; ���������������Ѥ�����ե�������б����ޤ���.</para> - - <para>&man.ifconfig.8; �� &man.gifconfig.8; �ε�ǽ�����礵��ޤ���.</para> - - <para>&man.ifconfig.8; �� &man.prefix.8; �ε�ǽ�����礵��ޤ���. - �����ߴ�������ݤ��뤿��, &man.prefix.8; - �ϥ����륹����ץȤȤ��ƻĤ���Ƥ��ޤ�.</para> - - <para>&man.ndp.8; ���Ф���, RFC2461 - (Neighbor Discovery for IP Version 6 (IPv6)) - �˽�Ƥ���褦��̵���ˤʤä� NDP - ����ȥ���Ф��륬�١������쥯�����������ޤ���.</para> - - <para>���¤��줿�饤��������ä� - &man.pim6dd.8; ����� &man.pim6sd.8; ���������ޤ���. - �����Υץ������� Ports Collection �ΰ����Ȥ��� - <port>net/pim6dd</port>, - <port>net/pim6dd</port> �������Ѳ�ǽ�Ǥ�.</para> - - <para>&man.route6d.8; �˿��������ץ���� - <option>-n</option> ���ɲä���ޤ���. - ����ϥ����ͥ��ž���ơ��֥�ι������������뤿��Τ�ΤǤ�.</para> - - <para>&man.rtadvd.8; ���Ф��� <option>-R</option> (�롼���ƥʥ�Х��) - ���ץ�����, �������Ǥ�̵�뤵���褦�ˤʤäƤ��ޤ�.</para> - </sect4> - </sect3> - - <sect3> - <title>Ports/Packages Collection</title> - - <para>&man.pkg.version.1; �˿��������ץ���� - <option>-s</option> ���ɲä���ޤ���. - �����, ����оݤ���ꤵ�줿ʸ����ȥޥå����� - ports/packages �����¤��뤿��Τ�ΤǤ�.</para> - </sect3> - </sect2> -</sect1> diff --git a/release/doc/ja_JP.eucJP/relnotes/common/relnotes.ent b/release/doc/ja_JP.eucJP/relnotes/common/relnotes.ent deleted file mode 100644 index 8b3a1bae2e9d..000000000000 --- a/release/doc/ja_JP.eucJP/relnotes/common/relnotes.ent +++ /dev/null @@ -1,21 +0,0 @@ -<!-- -*- sgml -*- --> - -<!-- - FreeBSD Japanese Documentation Project - - $FreeBSD$ - - Original revision: 1.1.2.1 ---> - -<!-- Text constants which probably don't need to be changed.--> - -<!-- The marker for MFCs. --> -<!ENTITY merged "[MFC ��]"> - -<!-- Files to be included --> - -<!ENTITY artheader SYSTEM "../common/artheader.sgml"> -<!ENTITY sect.intro SYSTEM "../common/intro.sgml"> -<!ENTITY sect.new SYSTEM "../common/new.sgml"> -<!ENTITY sect.upgrading SYSTEM "../common/upgrading.sgml"> diff --git a/release/doc/ja_JP.eucJP/relnotes/common/upgrading.sgml b/release/doc/ja_JP.eucJP/relnotes/common/upgrading.sgml deleted file mode 100644 index 8852ece2c37a..000000000000 --- a/release/doc/ja_JP.eucJP/relnotes/common/upgrading.sgml +++ /dev/null @@ -1,45 +0,0 @@ -<!-- - FreeBSD Japanese Documentation Project - - $FreeBSD$ - - Original revision: 1.1.2.3 ---> - -<!-- - Summary information on upgrading FreeBSD. This comes from - the similarly-named section of RELNOTES.TXT. ---> - -<sect1> - <title>������ &os; �����Ǥ���Υ��åץ��졼��</title> - - <para>������ &os; - ������ (�ۤȤ�ɤ� 4.X ���Ȼפ��ޤ���) - ����Υ��åץ��졼�ɤ�ͤ��Ƥ��Ƥ���ʤ����꤬ȯ�����뤫���Τ�ޤ���. - ����Ϥ������, �ɤΥ��åץ��졼����ˡ�����֤��ˤ���ޤ�. - &os; �åץ��졼�ɤ���ˤ�, ������Ĥ���ˡ���ɤ��Ȥ��ޤ�.</para> - - <para> - <itemizedlist> - <listitem> - <para><filename>/usr/src</filename> �ˤ��륽������Ȥ�.</para> - </listitem> - <listitem> - <para>&man.sysinstall.8; �ΥХ��ʥꥢ�åץ��졼�ɤ�Ȥ�.</para> - </listitem> - </itemizedlist> - </para> - - <para>�ʤ�٤����åץ��졼�ɤ�Ϥ�����˾ܺ٤ˤĤ��� - <filename>INSTALL.TXT</filename> ������������. - ���������饢�åץ��졼�ɤ������ - <filename>/usr/src/UPDATING</filename> �ˤ��ܤ��̤�ɬ�פ�����ޤ�.</para> - - <para>�Ǹ�ˤʤ�ޤ���, &os; �� -STABLE �⤷���� -CURRENT - �֥������ɤ������뤿����Ѱդ��줿���ʤΰ�Ĥ�Ȥꤿ���ȹͤ��Ƥ���ʤ�, - <ulink url="http://www.FreeBSD.org/handbook/">FreeBSD - �ϥ�ɥ֥å�</ulink>�� - <ulink url="http://www.FreeBSD.org/handbook/current-stable.html"><quote>-CURRENT - vs. -STABLE</quote></ulink> ��������ˤʤ�褦���ꤤ���ޤ�.</para> -</sect1> diff --git a/release/doc/ja_JP.eucJP/relnotes/i386/Makefile b/release/doc/ja_JP.eucJP/relnotes/i386/Makefile deleted file mode 100644 index c316eb5e2ae4..000000000000 --- a/release/doc/ja_JP.eucJP/relnotes/i386/Makefile +++ /dev/null @@ -1,22 +0,0 @@ -# $FreeBSD$ -# Original revision: 1.3.2.2 - -RELN_ROOT?= ${.CURDIR}/../../.. - -DOC?= article -FORMATS?= html -INSTALL_COMPRESSED?= gz -INSTALL_ONLY_COMPRESSED?= - -NO_TIDY?=YES - -# SGML content -SRCS+= article.sgml -SRCS+= ../common/relnotes.ent -SRCS+= ../common/artheader.sgml -SRCS+= ../common/intro.sgml -SRCS+= ../common/new.sgml -SRCS+= ../common/upgrading.sgml - -.include "${RELN_ROOT}/share/mk/doc.relnotes.mk" -.include "${DOC_PREFIX}/share/mk/doc.project.mk" diff --git a/release/doc/ja_JP.eucJP/relnotes/i386/article.sgml b/release/doc/ja_JP.eucJP/relnotes/i386/article.sgml deleted file mode 100644 index d978010de61e..000000000000 --- a/release/doc/ja_JP.eucJP/relnotes/i386/article.sgml +++ /dev/null @@ -1,33 +0,0 @@ -<!-- - FreeBSD Japanese Documentation Project - - $FreeBSD$ - - Original revision: 1.1.2.1 ---> - -<!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook V4.1-Based Extension//EN" [ -<!ENTITY % man PUBLIC "-//FreeBSD//ENTITIES DocBook Manual Page Entities//EN"> -%man; -<!ENTITY % ja-authors PUBLIC "-//FreeBSD//ENTITIES DocBook Author Entities//JA"> -%ja-authors; -<!ENTITY % authors PUBLIC "-//FreeBSD//ENTITIES DocBook Author Entities//EN"> -%authors; -<!ENTITY % ja-mlists PUBLIC "-//FreeBSD//ENTITIES DocBook Mailing List Entities//JA"> -%ja-mlists; -<!ENTITY % release PUBLIC "-//FreeBSD//ENTITIES Release Specification//EN"> -%release; -<!ENTITY % sections SYSTEM "../common/relnotes.ent"> %sections; - -<!-- Architecture-specific customization --> - -<!ENTITY arch "i386"> - -]> - -<article> - &artheader; - §.intro; - §.new; - §.upgrading; -</article> diff --git a/release/doc/ja_JP.eucJP/share/sgml/catalog b/release/doc/ja_JP.eucJP/share/sgml/catalog deleted file mode 100644 index 84bd8a53e022..000000000000 --- a/release/doc/ja_JP.eucJP/share/sgml/catalog +++ /dev/null @@ -1,10 +0,0 @@ - -- FreeBSD SGML Public Identifiers -- - -- Language-specific -- - - -- $FreeBSD$ -- - -- Original revision: 1.1.2.1 -- - -PUBLIC "-//FreeBSD//DOCUMENT Release Notes DocBook Stylesheet//EN" - "release.dsl" - - diff --git a/release/doc/ja_JP.eucJP/share/sgml/release.dsl b/release/doc/ja_JP.eucJP/share/sgml/release.dsl deleted file mode 100644 index 210d60de36b9..000000000000 --- a/release/doc/ja_JP.eucJP/share/sgml/release.dsl +++ /dev/null @@ -1,79 +0,0 @@ -<!-- $FreeBSD$ --> -<!-- Original revision: 1.1.2.2 --> - -<!DOCTYPE style-sheet PUBLIC "-//James Clark//DTD DSSSL Style Sheet//EN" [ -<!ENTITY release.dsl PUBLIC "-//FreeBSD//DOCUMENT Release Notes DocBook Language Neutral Stylesheet//EN" CDATA DSSSL> -<!ENTITY % output.html "IGNORE"> -<!ENTITY % output.print "IGNORE"> -]> - -<style-sheet> - <style-specification use="docbook"> - <style-specification-body> - - <![ %output.html; [ - (define ($email-footer$) - (make sequence - (make element gi: "p" - attributes: (list (list "align" "center")) - (make element gi: "small" - (literal "���Υե������¾, ������Ϣ��ʸ��� ") - (create-link (list (list "HREF" (entity-text "release.url"))) - (literal (entity-text "release.url"))) - (literal " �������������ɤǤ��ޤ�."))) - (make element gi: "p" - attributes: (list (list "align" "center")) - (make element gi: "small" - (literal "FreeBSD �˴ؤ��뤪�䤤��碌��, <") - (create-link - (list (list "HREF" "mailto:questions@FreeBSD.org")) - (literal "questions@FreeBSD.org")) - (literal "> �ؼ������Ƥ�������") - (create-link - (list (list "HREF" "http://www.FreeBSD.org/docs.html")) - (literal "����ʸ��")) - (literal "���ɤߤ�������.") - (make element gi: "p" - attributes: (list (list "align" "center")) - (make element gi: "small" - (literal "FreeBSD ") - (literal (entity-text "release.branch")) - (literal " �Ȥ�������, ���� ") - (literal "<") - (create-link (list (list "HREF" "mailto:stable@FreeBSD.org")) - (literal "stable@FreeBSD.org")) - (literal "> ���ꥹ�Ȥ˻��ä�������."))) - - (make element gi: "p" - attributes: (list (list "align" "center")) - (literal "����ʸ��θ�ʸ�˴ؤ��뤪�䤤��碌�� <") - (create-link (list (list "HREF" "mailto:doc@FreeBSD.org")) - (literal "doc@FreeBSD.org")) - (literal "> �ޤ�, ") - (make empty-element gi: "br") - (literal "���ܸ����˴ؤ��뤪�䤤��碌��, <") - (create-link (list (list "HREF" "mailto:doc-jp@jp.FreeBSD.org")) - (literal "doc-jp@jp.FreeBSD.org")) - (literal "> �ޤ��Żҥ��Ǥ��ꤤ���ޤ�.")))))) - - - <!-- Convert " ... " to `` ... '' in the HTML output. --> - (element quote - (make sequence - (literal "``") - (process-children) - (literal "''"))) - - <!-- Generate links to HTML man pages --> - (define %refentry-xref-link% #t) - - <!-- Specify how to generate the man page link HREF --> - (define ($create-refentry-xref-link$ refentrytitle manvolnum) - (string-append "http://www.FreeBSD.org/cgi/man.cgi?query=" - refentrytitle "&" "sektion=" manvolnum)) - ]]> - </style-specification-body> - </style-specification> - - <external-specification id="docbook" document="release.dsl"> -</style-sheet> diff --git a/release/sysinstall/dist.c b/release/sysinstall/dist.c index 7991ad76ea73..573ae9debb2b 100644 --- a/release/sysinstall/dist.c +++ b/release/sysinstall/dist.c @@ -392,7 +392,7 @@ distMaybeSetPorts(dialogMenuItem *self) dialog_clear_norefresh(); if (!msgYesNo("Would you like to install the FreeBSD ports collection?\n\n" "This will give you ready access to over 5800 ported software packages,\n" - "at a cost of around 100MB of disk space when \"clean\" and possibly\n" + "at a cost of around 70MB of disk space when \"clean\" and possibly\n" "much more than that when a lot of the distribution tarballs are loaded\n" "(unless you have the extra discs available from a FreeBSD CD/DVD distribution\n" "and can mount them on /cdrom, in which case this is far less of a problem).\n\n" diff --git a/share/examples/cvsup/standard-supfile b/share/examples/cvsup/standard-supfile index 89065a0d585d..e8fc618bbc64 100644 --- a/share/examples/cvsup/standard-supfile +++ b/share/examples/cvsup/standard-supfile @@ -51,7 +51,7 @@ *default host=CHANGE_THIS.FreeBSD.org *default base=/usr *default prefix=/usr -*default release=cvs tag=RELENG_4_4 +*default release=cvs tag=RELENG_4 *default delete use-rel-suffix # If your network link is a T1 or faster, comment out the following line. diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh index a8f2bb15d155..1ad7111d41c2 100644 --- a/sys/conf/newvers.sh +++ b/sys/conf/newvers.sh @@ -36,7 +36,7 @@ TYPE="FreeBSD" REVISION="4.4" -BRANCH="RELEASE-p7" +BRANCH="RELEASE" RELEASE="${REVISION}-${BRANCH}" VERSION="${TYPE} ${RELEASE}" diff --git a/sys/kern/kern_exec.c b/sys/kern/kern_exec.c index 341033c0fcdc..430837ca8629 100644 --- a/sys/kern/kern_exec.c +++ b/sys/kern/kern_exec.c @@ -113,15 +113,6 @@ execve(p, uap) imgp = &image_params; /* - * Lock the process and set the P_INEXEC flag to indicate that - * it should be left alone until we're done here. This is - * necessary to avoid race conditions - e.g. in ptrace() - - * that might allow a local user to illicitly obtain elevated - * privileges. - */ - p->p_flag |= P_INEXEC; - - /* * Initialize part of the common data */ imgp->proc = p; @@ -352,12 +343,10 @@ interpret: VREF(ndp->ni_vp); p->p_textvp = ndp->ni_vp; - /* - * Notify others that we exec'd, and clear the P_INEXEC flag - * as we're now a bona fide freshly-execed process. - */ + /* + * notify others that we exec'd + */ KNOTE(&p->p_klist, NOTE_EXEC); - p->p_flag &= ~P_INEXEC; /* * If tracing the process, trap to debugger so breakpoints @@ -411,8 +400,6 @@ exec_fail_dealloc: return (0); exec_fail: - /* we're done here, clear P_INEXEC */ - p->p_flag &= ~P_INEXEC; if (imgp->vmspace_destroyed) { /* sorry, no more process anymore. exit gracefully */ exit1(p, W_EXITCODE(0, SIGABRT)); diff --git a/sys/kern/sys_process.c b/sys/kern/sys_process.c index 482663c793d8..1fd7ef1457ff 100644 --- a/sys/kern/sys_process.c +++ b/sys/kern/sys_process.c @@ -220,10 +220,6 @@ ptrace(curp, uap) if (!PRISON_CHECK(curp, p)) return (ESRCH); - /* Can't trace a process that's currently exec'ing. */ - if ((p->p_flag & P_INEXEC) != 0) - return EAGAIN; - /* * Permissions check */ diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c index 6bbd90fc8a63..de2e4861e9ed 100644 --- a/sys/kern/vfs_syscalls.c +++ b/sys/kern/vfs_syscalls.c @@ -678,8 +678,6 @@ fstatfs(p, uap) if ((error = getvnode(p->p_fd, SCARG(uap, fd), &fp)) != 0) return (error); mp = ((struct vnode *)fp->f_data)->v_mount; - if (mp == NULL) - return (EBADF); sp = &mp->mnt_stat; error = VFS_STATFS(mp, sp, p); if (error) diff --git a/sys/miscfs/procfs/procfs.h b/sys/miscfs/procfs/procfs.h index 9236cbf6cd70..efc982a4da45 100644 --- a/sys/miscfs/procfs/procfs.h +++ b/sys/miscfs/procfs/procfs.h @@ -97,7 +97,7 @@ struct pfsnode { ((((p1)->p_cred->pc_ucred->cr_uid == (p2)->p_cred->p_ruid) && \ ((p1)->p_cred->p_ruid == (p2)->p_cred->p_ruid) && \ ((p1)->p_cred->p_svuid == (p2)->p_cred->p_ruid) && \ - ((p2)->p_flag & (P_SUGID|P_INEXEC)) == 0) || \ + ((p2)->p_flag & P_SUGID) == 0) || \ (suser_xxx((p1)->p_cred->pc_ucred, (p1), PRISON_ROOT) == 0)) /* diff --git a/sys/miscfs/procfs/procfs_ctl.c b/sys/miscfs/procfs/procfs_ctl.c index 6370e8b05912..2192dbe5afa1 100644 --- a/sys/miscfs/procfs/procfs_ctl.c +++ b/sys/miscfs/procfs/procfs_ctl.c @@ -110,9 +110,6 @@ procfs_control(curp, p, op) { int error; - /* Can't trace a process that's currently exec'ing. */ - if ((p->p_flag & P_INEXEC) != 0) - return EAGAIN; /* * Authorization check: rely on normal debugging protection, except * allow processes to disengage debugging on a process onto which diff --git a/sys/miscfs/procfs/procfs_dbregs.c b/sys/miscfs/procfs/procfs_dbregs.c index 9fe4968d37c6..b4e9d41f668c 100644 --- a/sys/miscfs/procfs/procfs_dbregs.c +++ b/sys/miscfs/procfs/procfs_dbregs.c @@ -62,9 +62,6 @@ procfs_dodbregs(curp, p, pfs, uio) char *kv; int kl; - /* Can't trace a process that's currently exec'ing. */ - if ((p->p_flag & P_INEXEC) != 0) - return EAGAIN; if (!CHECKIO(curp, p) || p_trespass(curp, p)) return (EPERM); kl = sizeof(r); diff --git a/sys/miscfs/procfs/procfs_fpregs.c b/sys/miscfs/procfs/procfs_fpregs.c index 7074148cfbfc..cd5fa7426fe6 100644 --- a/sys/miscfs/procfs/procfs_fpregs.c +++ b/sys/miscfs/procfs/procfs_fpregs.c @@ -59,9 +59,6 @@ procfs_dofpregs(curp, p, pfs, uio) char *kv; int kl; - /* Can't trace a process that's currently exec'ing. */ - if ((p->p_flag & P_INEXEC) != 0) - return EAGAIN; if (!CHECKIO(curp, p) || p_trespass(curp, p)) return EPERM; kl = sizeof(r); diff --git a/sys/miscfs/procfs/procfs_mem.c b/sys/miscfs/procfs/procfs_mem.c index 7e59c4dded62..4994aa6c830a 100644 --- a/sys/miscfs/procfs/procfs_mem.c +++ b/sys/miscfs/procfs/procfs_mem.c @@ -244,9 +244,6 @@ procfs_domem(curp, p, pfs, uio) if (uio->uio_resid == 0) return (0); - /* Can't trace a process that's currently exec'ing. */ - if ((p->p_flag & P_INEXEC) != 0) - return EAGAIN; if (!CHECKIO(curp, p) || p_trespass(curp, p)) return EPERM; diff --git a/sys/miscfs/procfs/procfs_regs.c b/sys/miscfs/procfs/procfs_regs.c index ccde00af6da5..65659eafe7a6 100644 --- a/sys/miscfs/procfs/procfs_regs.c +++ b/sys/miscfs/procfs/procfs_regs.c @@ -60,9 +60,6 @@ procfs_doregs(curp, p, pfs, uio) char *kv; int kl; - /* Can't trace a process that's currently exec'ing. */ - if ((p->p_flag & P_INEXEC) != 0) - return EAGAIN; if (!CHECKIO(curp, p) || p_trespass(curp, p)) return EPERM; kl = sizeof(r); diff --git a/sys/miscfs/procfs/procfs_status.c b/sys/miscfs/procfs/procfs_status.c index b8cc6dbe9f91..8c1707584482 100644 --- a/sys/miscfs/procfs/procfs_status.c +++ b/sys/miscfs/procfs/procfs_status.c @@ -211,9 +211,7 @@ procfs_docmdline(curp, p, pfs, uio) */ if (p->p_args && - (ps_argsopen || (CHECKIO(curp, p) && - (p->p_flag & P_INEXEC) == 0 && - !p_trespass(curp, p)))) { + (ps_argsopen || (CHECKIO(curp, p) && !p_trespass(curp, p)))) { bp = p->p_args->ar_args; buflen = p->p_args->ar_length; buf = 0; diff --git a/sys/miscfs/procfs/procfs_vnops.c b/sys/miscfs/procfs/procfs_vnops.c index 48b4765baa9b..a0dd3986655b 100644 --- a/sys/miscfs/procfs/procfs_vnops.c +++ b/sys/miscfs/procfs/procfs_vnops.c @@ -148,9 +148,6 @@ procfs_open(ap) return (EBUSY); p1 = ap->a_p; - /* Can't trace a process that's currently exec'ing. */ - if ((p2->p_flag & P_INEXEC) != 0) - return EAGAIN; if (!CHECKIO(p1, p2) || p_trespass(p1, p2)) return (EPERM); @@ -242,9 +239,6 @@ procfs_ioctl(ap) return ENOTTY; } - /* Can't trace a process that's currently exec'ing. */ - if ((procp->p_flag & P_INEXEC) != 0) - return EAGAIN; if (!CHECKIO(p, procp) || p_trespass(p, procp)) return EPERM; diff --git a/sys/sys/proc.h b/sys/sys/proc.h index 1ee93da7e60f..7c7cdef8d4d6 100644 --- a/sys/sys/proc.h +++ b/sys/sys/proc.h @@ -291,7 +291,6 @@ struct proc { #define P_JAILED 0x1000000 /* Process is in jail */ #define P_OLDMASK 0x2000000 /* need to restore mask before pause */ #define P_ALTSTACK 0x4000000 /* have alternate signal stack */ -#define P_INEXEC 0x8000000 /* Process is in execve(). */ /* * MOVE TO ucred.h? diff --git a/usr.bin/bzip2/doc/manual.texi.diff b/usr.bin/bzip2/doc/manual.texi.diff deleted file mode 100644 index 0c14f6307b58..000000000000 --- a/usr.bin/bzip2/doc/manual.texi.diff +++ /dev/null @@ -1,22 +0,0 @@ -$FreeBSD$ - ---- manual.texi 2002/02/01 16:00:45 1.1 -+++ manual.texi 2002/02/01 16:01:11 -@@ -46,8 +46,6 @@ - find it identical to that contained in the file LICENSE in the - source distribution. - --@bf{------------------ START OF THE LICENSE ------------------} -- - This program, @code{bzip2}, - and associated library @code{libbzip2}, are - Copyright (C) 1996-2002 Julian R Seward. All rights reserved. -@@ -89,8 +87,6 @@ - @code{jseward@@acm.org} - - @code{bzip2}/@code{libbzip2} version 1.0.2 of 30 December 2001. -- --@bf{------------------ END OF THE LICENSE ------------------} - - Web sites: - diff --git a/usr.sbin/pkg_install/lib/pen.c b/usr.sbin/pkg_install/lib/pen.c index 58770ac47532..62465bf3f902 100644 --- a/usr.sbin/pkg_install/lib/pen.c +++ b/usr.sbin/pkg_install/lib/pen.c @@ -106,7 +106,7 @@ make_playpen(char *pen, size_t sz) cleanup(0); errx(2, __FUNCTION__ ": can't mktemp '%s'", pen); } - if (chmod(pen, 0700) == FAIL) { + if (chmod(pen, 0755) == FAIL) { cleanup(0); errx(2, __FUNCTION__ ": can't mkdir '%s'", pen); } diff --git a/usr.sbin/pw/pwupd.c b/usr.sbin/pw/pwupd.c index b95e24b2bc69..fef3662667e9 100644 --- a/usr.sbin/pw/pwupd.c +++ b/usr.sbin/pw/pwupd.c @@ -174,7 +174,7 @@ pw_update(struct passwd * pwd, char const * user, int mode) */ if (pwd != NULL) fmtpwentry(pwbuf, pwd, PWF_MASTER); - rc = fileupdate(getpwpath(_MASTERPASSWD), 0600, pwbuf, pfx, l, mode); + rc = fileupdate(getpwpath(_MASTERPASSWD), 0644, pwbuf, pfx, l, mode); if (rc == 0) { #ifdef HAVE_PWDB_U if (mode == UPD_DELETE || isrename) |