[Forensics-changes] [SCM] debian-forensics/tct branch, upstream, updated. upstream/1.18-1-g7cfdee9
Michael Prokop
mika at debian.org
Tue Sep 29 21:50:50 UTC 2009
The following commit has been merged in the upstream branch:
commit 7cfdee9d854cd36208a560885257f01dacb29a1a
Author: Michael Prokop <mika at debian.org>
Date: Tue Sep 29 23:24:36 2009 +0200
Adding upstream version 1.19.
diff --git a/3867 b/3867
new file mode 100644
index 0000000..e69de29
diff --git a/CHANGES b/CHANGES
index 86881e0..50e0ec5 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,19 @@
+Sat Aug 29 2009
+
+o grave-robber did not record the initial directory in the body file.
+
+o Bit-rot: FreeBSD 7 support, including ``struct acct'' changes.
+
+o Bit-rot: lastcomm format strings.
+
+Sun Jan 11 20:01:27 EST 2009
+
+o Bit-rot: OpenBSD 4.x support (still TODO: file system tools).
+
+Thu Jun 7 10:54:44 EDT 2007
+
+o Bit-rot: FreeBSD 6.x support.
+
Mon Apr 9 09:36:31 EDT 2007
o Bit-rot: the 64-bit workaround for LINUX lseek() is no
diff --git a/extras/entropy/makedefs b/extras/entropy/makedefs
index 3c5140c..38b3574 100644
--- a/extras/entropy/makedefs
+++ b/extras/entropy/makedefs
@@ -10,10 +10,16 @@ case "$SYSTEM.$RELEASE" in
;;
FreeBSD.5*) DEFS="-DFREEBSD5"
;;
+ FreeBSD.6*) DEFS="-DFREEBSD6"
+ ;;
+ FreeBSD.7*) DEFS="-DFREEBSD7"
+ ;;
OpenBSD.2*) DEFS="-DOPENBSD2"
;;
OpenBSD.3*) DEFS="-DOPENBSD3"
;;
+ OpenBSD.4*) DEFS="-DOPENBSD4"
+ ;;
BSD/OS.2*) DEFS="-DBSDI2"
;;
BSD/OS.3*) DEFS="-DBSDI3"
diff --git a/extras/findkey/makedefs b/extras/findkey/makedefs
index 3c5140c..38b3574 100644
--- a/extras/findkey/makedefs
+++ b/extras/findkey/makedefs
@@ -10,10 +10,16 @@ case "$SYSTEM.$RELEASE" in
;;
FreeBSD.5*) DEFS="-DFREEBSD5"
;;
+ FreeBSD.6*) DEFS="-DFREEBSD6"
+ ;;
+ FreeBSD.7*) DEFS="-DFREEBSD7"
+ ;;
OpenBSD.2*) DEFS="-DOPENBSD2"
;;
OpenBSD.3*) DEFS="-DOPENBSD3"
;;
+ OpenBSD.4*) DEFS="-DOPENBSD4"
+ ;;
BSD/OS.2*) DEFS="-DBSDI2"
;;
BSD/OS.3*) DEFS="-DBSDI3"
diff --git a/lib/ostype.pl b/lib/ostype.pl
index 9efa78e..50c200a 100644
--- a/lib/ostype.pl
+++ b/lib/ostype.pl
@@ -13,8 +13,11 @@ print "Determining OS (in determine_os())\n" if $verbose;
"FREEBSD3", "FreeBSD.3",
"FREEBSD4", "FreeBSD.4",
"FREEBSD5", "FreeBSD.5",
+ "FREEBSD6", "FreeBSD.6",
+ "FREEBSD7", "FreeBSD.7",
"OPENBSD2", "OpenBSD.2",
"OPENBSD3", "OpenBSD.3",
+ "OPENBSD4", "OpenBSD.4",
"BSDI2", "BSD\/OS.2",
"BSDI3", "BSD\/OS.3",
"BSDI4", "BSD\/OS.4",
diff --git a/lib/tree.pl b/lib/tree.pl
index 856f9f8..7844498 100644
--- a/lib/tree.pl
+++ b/lib/tree.pl
@@ -32,6 +32,8 @@ if (!opendir(DIR, $dir)) {
return;
}
+crunch($dir) if $flag;
+
#
# Suck in all the dir entries
@next = readdir(DIR);
diff --git a/man/man1/grave-robber.1 b/man/man1/grave-robber.1
index 8fca1e6..84e6190 100644
--- a/man/man1/grave-robber.1
+++ b/man/man1/grave-robber.1
@@ -90,6 +90,7 @@ what sort of corpse you have. Acceptable values include
\fB`FREEBSD3'\fR,
\fB`OPENBSD2'\fR,
\fB`OPENBSD3'\fR,
+\fB`OPENBSD4'\fR,
\fB`BSDI2'\fR,
\fB`BSDI3'\fR,
\fB`SUNOS4'\fR,
diff --git a/src/aux/makedefs b/src/aux/makedefs
index 1e34c54..106798b 100644
--- a/src/aux/makedefs
+++ b/src/aux/makedefs
@@ -10,10 +10,16 @@ case "$SYSTEM.$RELEASE" in
;;
FreeBSD.5*) DEFS="-DFREEBSD5"
;;
+ FreeBSD.6*) DEFS="-DFREEBSD6"
+ ;;
+ FreeBSD.7*) DEFS="-DFREEBSD7"
+ ;;
OpenBSD.2*) DEFS="-DOPENBSD2"
;;
OpenBSD.3*) DEFS="-DOPENBSD3"
;;
+ OpenBSD.4*) DEFS="-DOPENBSD4"
+ ;;
BSD/OS.2*) DEFS="-DBSDI2"
;;
BSD/OS.3*) DEFS="-DBSDI3"
diff --git a/src/file/file.c b/src/file/file.c
index dc8772a..d7d659f 100644
--- a/src/file/file.c
+++ b/src/file/file.c
@@ -44,7 +44,11 @@ static char *moduleid =
#include <unistd.h> /* for read() */
#ifdef __ELF__
-#include <elf.h>
+# ifdef USE_ELF_ABI_H
+# include <elf_abi.h>
+# else
+# include <elf.h>
+# endif
#endif
#include "patchlevel.h"
diff --git a/src/file/makedefs b/src/file/makedefs
index b2f3517..32d9d9b 100644
--- a/src/file/makedefs
+++ b/src/file/makedefs
@@ -10,10 +10,16 @@ case "$SYSTEM.$RELEASE" in
;;
FreeBSD.5*) DEFS="-DFREEBSD5"
;;
+ FreeBSD.6*) DEFS="-DFREEBSD6"
+ ;;
+ FreeBSD.7*) DEFS="-DFREEBSD7"
+ ;;
OpenBSD.2*) DEFS="-DOPENBSD2"
;;
OpenBSD.3*) DEFS="-DOPENBSD3"
;;
+ OpenBSD.4*) DEFS="-DOPENBSD4 -DUSE_ELF_ABI_H"
+ ;;
BSD/OS.2*) DEFS="-DBSDI2"
;;
BSD/OS.3*) DEFS="-DBSDI3"
diff --git a/src/fstools/fs_tools.h b/src/fstools/fs_tools.h
index 5644d1e..53d4368 100644
--- a/src/fstools/fs_tools.h
+++ b/src/fstools/fs_tools.h
@@ -115,7 +115,7 @@ extern int optind;
#define INO_TO_CG ino_to_cg
#endif
-#if defined(FREEBSD5)
+#if defined(FREEBSD5) || defined(FREEBSD6) || defined(FREEBSD7)
#define SUPPORTED
#include <sys/vnode.h>
#include <ufs/ufs/quota.h>
@@ -175,9 +175,9 @@ extern int optind;
#endif
/*
- * OpenBSD looks like BSD/OS 3.x.
+ * OpenBSD2 looks like BSD/OS 3.x.
*/
-#if defined(OPENBSD2) || defined(OPENBSD3)
+#if defined(OPENBSD2) || defined(OPENBSD3) || defined(OPENBSD4)
#define SUPPORTED
#define HAVE_UFS_FFS
#include <sys/vnode.h>
diff --git a/src/fstools/makedefs b/src/fstools/makedefs
index 0f208bb..3d83d43 100644
--- a/src/fstools/makedefs
+++ b/src/fstools/makedefs
@@ -10,10 +10,16 @@ case "$SYSTEM.$RELEASE" in
;;
FreeBSD.5*) DEFS="-DFREEBSD5"
;;
+ FreeBSD.6*) DEFS="-DFREEBSD6"
+ ;;
+ FreeBSD.7*) DEFS="-DFREEBSD7"
+ ;;
OpenBSD.2*) DEFS="-DOPENBSD2"
;;
OpenBSD.3*) DEFS="-DOPENBSD3"
;;
+ OpenBSD.4*) DEFS="-DOPENBSD4"
+ ;;
BSD/OS.2*) DEFS="-DBSDI2"
;;
BSD/OS.3*) DEFS="-DBSDI3"
diff --git a/src/lastcomm/lastcomm.c b/src/lastcomm/lastcomm.c
index 3f59143..b0976e3 100644
--- a/src/lastcomm/lastcomm.c
+++ b/src/lastcomm/lastcomm.c
@@ -53,6 +53,7 @@ static char sccsid[] = "@(#)lastcomm.c 8.1 (Berkeley) 6/6/93";
#include <sys/stat.h>
#include <sys/acct.h>
+#include <time.h>
#include <ctype.h>
#include <fcntl.h>
#include <stdio.h>
@@ -63,10 +64,19 @@ static char sccsid[] = "@(#)lastcomm.c 8.1 (Berkeley) 6/6/93";
#include <utmp.h>
/*#include "pathnames.h"*/
+#ifdef HAVE_ACCTV2
+#define ACCT_STRUCT acctv2
+#define ACCT_FLAG ac_flagx
+#define expand(x) (x)
+#define AHZ 1000000
+#else
+#define ACCT_STRUCT acct
+#define ACCT_FLAG ac_flag
time_t expand(u_int);
+#endif
char *flagbits(int);
char *getdev(dev_t);
-int requested(char *[], struct acct *);
+int requested(char *[], struct ACCT_STRUCT *);
void usage(void);
char *user_from_uid();
@@ -95,7 +105,7 @@ main(argc, argv)
char *argv[];
{
register char *p;
- struct acct ab;
+ struct ACCT_STRUCT ab;
struct stat sb;
FILE *fp;
off_t size;
@@ -157,7 +167,7 @@ main(argc, argv)
* Round off to integral number of accounting records, probably
* not necessary, but it doesn't hurt.
*/
- size = sb.st_size - sb.st_size % sizeof(struct acct);
+ size = sb.st_size - sb.st_size % sizeof(struct ACCT_STRUCT);
/* Print the optional time machine header. */
if (time_machine) {
@@ -196,14 +206,14 @@ main(argc, argv)
}
/* Check if any records to display. */
- if (size < sizeof(struct acct))
+ if (size < sizeof(struct ACCT_STRUCT))
exit(0);
/*
* Seek to before the last entry in the file; use lseek(2) in case
* the file is bigger than a "long".
*/
- size -= sizeof(struct acct);
+ size -= sizeof(struct ACCT_STRUCT);
if (lseek(fileno(fp), size, SEEK_SET) == -1)
err(1, "%s", acctfile);
@@ -211,13 +221,13 @@ main(argc, argv)
if (size < 0)
break;
- if (fread(&ab, sizeof(struct acct), 1, fp) != 1)
+ if (fread(&ab, sizeof(struct ACCT_STRUCT), 1, fp) != 1)
err(1, "%s", acctfile);
- size -= sizeof(struct acct);
+ size -= sizeof(struct ACCT_STRUCT);
if (size >= 0)
- if (fseek(fp, 2 * -(long)sizeof(struct acct), SEEK_CUR) == -1)
+ if (fseek(fp, 2 * -(long)sizeof(struct ACCT_STRUCT), SEEK_CUR) == -1)
err(1, "%s", acctfile);
if (ab.ac_comm[0] == '\0') {
@@ -231,19 +241,19 @@ main(argc, argv)
#define UNSIG(x) ((unsigned char *)(x))
if (time_machine) {
for (p = ab.ac_comm; *p != 0
- && p < ab.ac_comm + fldsiz(acct, ac_comm); p++)
+ && p < ab.ac_comm + fldsiz(ACCT_STRUCT, ac_comm); p++)
if (isascii(*UNSIG(p)) && isprint(*UNSIG(p))
&& *UNSIG(p) != '|' && *UNSIG(p) != '%')
putchar(*UNSIG(p));
else
printf("%%%02X", *UNSIG(p));
printf("|%s|%lu|%lu",
- flagbits(ab.ac_flag),
+ flagbits(ab.ACCT_FLAG),
(unsigned long) ab.ac_uid,
(unsigned long) ab.ac_gid);
printf("|%s", getdev(ab.ac_tty));
- printf("|%.2f|%.2f|%ld|%.2f",
+ printf("|%.3f|%.3f|%ld|%.3f",
expand(ab.ac_utime) / AC_HZ,
expand(ab.ac_stime) / AC_HZ,
(long) ab.ac_btime,
@@ -275,7 +285,7 @@ main(argc, argv)
(unsigned long) expand(ab.ac_minflt));
#endif
#ifdef HAVE_EXIT_STATUS
- printf("|%ld", ab.ac_exitcode);
+ printf("|%ld", (long) ab.ac_exitcode);
#endif
#ifdef HAVE_COMP_SWAP_USAGE
printf("|%lu", (unsigned long) expand(ab.ac_swaps));
@@ -286,37 +296,38 @@ main(argc, argv)
/* Produce the default output format. */
for (p = &ab.ac_comm[0];
- p < &ab.ac_comm[fldsiz(acct, ac_comm)] && *p; ++p)
+ p < &ab.ac_comm[fldsiz(ACCT_STRUCT, ac_comm)] && *p; ++p)
if (!isprint(*p))
*p = '?';
(void)printf("%-*.*s %-7s %-*s %-*s ",
- fldsiz(acct, ac_comm), fldsiz(acct, ac_comm),
+ fldsiz(ACCT_STRUCT, ac_comm),
+ fldsiz(ACCT_STRUCT, ac_comm),
ab.ac_comm,
- flagbits(ab.ac_flag),
+ flagbits(ab.ACCT_FLAG),
PRINT_NAMESIZE, user_from_uid(ab.ac_uid, 0),
PRINT_LINESIZE, getdev(ab.ac_tty));
/* user + system time */
if (time & AC_CTIME) {
- (void)printf("%6.2f secs ",
+ (void)printf("%6.3f secs ",
(expand(ab.ac_utime) +
expand(ab.ac_stime))/AC_HZ);
}
/* usr time */
if (time & AC_UTIME) {
- (void)printf("%6.2f us ", expand(ab.ac_utime)/AC_HZ);
+ (void)printf("%6.3f us ", expand(ab.ac_utime)/AC_HZ);
}
/* system time */
if (time & AC_STIME) {
- (void)printf("%6.2f sy ", expand(ab.ac_stime)/AC_HZ);
+ (void)printf("%6.3f sy ", expand(ab.ac_stime)/AC_HZ);
}
/* elapsed time */
if (time & AC_ETIME) {
- (void)printf("%8.2f es ", expand(ab.ac_etime)/AC_HZ);
+ (void)printf("%8.3f es ", expand(ab.ac_etime)/AC_HZ);
}
/* starting time */
@@ -336,6 +347,8 @@ main(argc, argv)
exit(0);
}
+#ifndef HAVE_ACCTV2
+
time_t
expand(t)
u_int t;
@@ -351,6 +364,8 @@ expand(t)
return (nt);
}
+#endif
+
char *
flagbits(f)
register int f;
@@ -379,7 +394,7 @@ flagbits(f)
int
requested(argv, acp)
register char *argv[];
- register struct acct *acp;
+ register struct ACCT_STRUCT *acp;
{
register char *p;
@@ -389,7 +404,7 @@ requested(argv, acp)
return (1);
if ((p = getdev(acp->ac_tty)) && !strcmp(p, *argv))
return (1);
- if (!strncmp(acp->ac_comm, *argv, fldsiz(acct, ac_comm)))
+ if (!strncmp(acp->ac_comm, *argv, fldsiz(ACCT_STRUCT, ac_comm)))
return (1);
} while (*++argv);
return (0);
diff --git a/src/lastcomm/makedefs b/src/lastcomm/makedefs
index e16459b..8db0ab1 100644
--- a/src/lastcomm/makedefs
+++ b/src/lastcomm/makedefs
@@ -10,6 +10,12 @@ case "$SYSTEM.$RELEASE" in
;;
FreeBSD.5*) DEFS="-DFREEBSD5"
;;
+ FreeBSD.6*) DEFS="-DFREEBSD6"
+ ;;
+ FreeBSD.7*) DEFS="-DFREEBSD7"
+ ;;
+ OpenBSD.4*) DEFS="-DOPENBSD4"
+ ;;
OpenBSD.3*) DEFS="-DOPENBSD3"
;;
OpenBSD.2*) DEFS="-DOPENBSD2"
diff --git a/src/lastcomm/sys_defs.h b/src/lastcomm/sys_defs.h
index e0fd50b..0dd57b6 100644
--- a/src/lastcomm/sys_defs.h
+++ b/src/lastcomm/sys_defs.h
@@ -6,15 +6,19 @@
* This software is distributed under the IBM Public License.
*/
#if defined(FREEBSD2) || defined(FREEBSD3) || defined(FREEBSD4) \
- || defined(FREEBSD5) \
+ || defined(FREEBSD5) || defined(FREEBSD6) || defined(FREEBSD7) \
|| defined(BSDI2) || defined(BSDI3) || defined(BSDI4) \
- || defined(OPENBSD2) || defined(OPENBSD3)
+ || defined(OPENBSD2) || defined(OPENBSD3) || defined(OPENBSD4)
#define SUPPORTED
#define _PATH_ACCT "/var/account/acct"
#define HAVE_COMP_BLOCK_IO_COUNT
#define HAVE_MEMORY_USAGE
#endif
+#ifdef FREEBSD7
+#define HAVE_ACCTV2
+#endif
+
#ifdef SUNOS5_0_5
#define SUPPORTED
#define _PATH_ACCT "/var/adm/pacct"
diff --git a/src/major_minor/makedefs b/src/major_minor/makedefs
index 0f3c6e6..964c3b0 100644
--- a/src/major_minor/makedefs
+++ b/src/major_minor/makedefs
@@ -10,10 +10,16 @@ case "$SYSTEM.$RELEASE" in
;;
FreeBSD.5*) DEFS="-DFREEBSD5"
;;
+ FreeBSD.6*) DEFS="-DFREEBSD6"
+ ;;
+ FreeBSD.7*) DEFS="-DFREEBSD7"
+ ;;
OpenBSD.2*) DEFS="-DOPENBSD2"
;;
OpenBSD.3*) DEFS="-DOPENBSD3"
;;
+ OpenBSD.4*) DEFS="-DOPENBSD4"
+ ;;
BSD/OS.2*) DEFS="-DBSDI2"
;;
BSD/OS.3*) DEFS="-DBSDI3"
diff --git a/src/misc/makedefs b/src/misc/makedefs
index 3c5140c..38b3574 100644
--- a/src/misc/makedefs
+++ b/src/misc/makedefs
@@ -10,10 +10,16 @@ case "$SYSTEM.$RELEASE" in
;;
FreeBSD.5*) DEFS="-DFREEBSD5"
;;
+ FreeBSD.6*) DEFS="-DFREEBSD6"
+ ;;
+ FreeBSD.7*) DEFS="-DFREEBSD7"
+ ;;
OpenBSD.2*) DEFS="-DOPENBSD2"
;;
OpenBSD.3*) DEFS="-DOPENBSD3"
;;
+ OpenBSD.4*) DEFS="-DOPENBSD4"
+ ;;
BSD/OS.2*) DEFS="-DBSDI2"
;;
BSD/OS.3*) DEFS="-DBSDI3"
diff --git a/src/pcat/makedefs b/src/pcat/makedefs
index c4f9d4b..c8977aa 100644
--- a/src/pcat/makedefs
+++ b/src/pcat/makedefs
@@ -14,12 +14,21 @@ case "$SYSTEM.$RELEASE" in
FreeBSD.5*) DEFS="-DFREEBSD5"
SYSLIBS="-lkvm"
;;
+ FreeBSD.6*) DEFS="-DFREEBSD6"
+ SYSLIBS="-lkvm"
+ ;;
+ FreeBSD.7*) DEFS="-DFREEBSD7"
+ SYSLIBS="-lkvm"
+ ;;
OpenBSD.2*) DEFS="-DOPENBSD2"
SYSLIBS="-lkvm"
;;
OpenBSD.3*) DEFS="-DOPENBSD3"
SYSLIBS="-lkvm"
;;
+ OpenBSD.4*) DEFS="-DOPENBSD4"
+ SYSLIBS="-lkvm"
+ ;;
BSD/OS.2*) DEFS="-DBSDI2"
SYSLIBS="-lkvm"
;;
diff --git a/src/pcat/pcat.c b/src/pcat/pcat.c
index 4ee2f50..a567e8d 100644
--- a/src/pcat/pcat.c
+++ b/src/pcat/pcat.c
@@ -115,7 +115,7 @@
* grope kernel memory instead.
*/
#if defined(FREEBSD2) || defined(FREEBSD3) || defined(FREEBSD4) \
- || defined(FREEBSD5)
+ || defined(FREEBSD5) || defined(FREEBSD6) || defined(FREEBSD7)
#define SUPPORTED
#include <sys/param.h>
#include <sys/user.h>
@@ -136,7 +136,7 @@
#define PROCP_VMSPACE(p) ((p)->kp_proc.p_vmspace)
#endif
-#if defined(FREEBSD5)
+#if defined(FREEBSD5) || defined(FREEBSD6) || defined(FREEBSD7)
#define PROCP_STATUS(p) ((p)->ki_stat)
#define PROCP_VMSPACE(p) ((p)->ki_vmspace)
#endif
@@ -193,7 +193,7 @@
* OpenBSD 2.4 ptrace() resumes a stopped process when detaching, so we must
* re-suspend upon detach.
*/
-#if defined(OPENBSD2) || defined(OPENBSD3)
+#if defined(OPENBSD2) || defined(OPENBSD3) || defined(OPENBSD4)
#define SUPPORTED
#include <sys/param.h>
#include <sys/user.h>
@@ -571,7 +571,7 @@ static void copy_process(PROC_INFO *proc, int out_fd)
static PROC_INFO *open_process(pid_t pid)
{
#if defined(FREEBSD2) || defined(FREEBSD3) || defined(FREEBSD4) \
- || defined(FREEBSD5)
+ || defined(FREEBSD5) || defined(FREEBSD6) || defined(FREEBSD7)
PROC_INFO *proc = (PROC_INFO *) mymalloc(sizeof(*proc));
MAP_INFO *mp;
struct kinfo_proc *procp;
@@ -918,7 +918,7 @@ static PROC_INFO *open_process(pid_t pid)
return (proc);
#endif
-#if defined(OPENBSD2) || defined(OPENBSD3)
+#if defined(OPENBSD2) || defined(OPENBSD3) || defined(OPENBSD4)
PROC_INFO *proc;
MAP_INFO *mp;
struct kinfo_proc *procp;
--
debian-forensics/tct
More information about the forensics-changes
mailing list