| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
|
| |
r128060 for "hardware-supplied entropy" reversed this without reason,
seems a typo.
* Isolate "better than nothing" implementation to a function.
Submitted by: obrien & Arthur Mesh <arthurmesh@gmail.com>
Sponsored by: Juniper Networks
|
| |
|
|
|
|
| |
possible to specify a gptid in geli_devices.
|
|
|
|
| |
Submitted by: kargl
|
|
|
|
|
| |
We need to limit the amount of time between consuming the entropy seeds
and removing it in case of a kernel panic.
|
|
|
|
|
|
|
| |
Not doing so opens us up to replay attacks.
Submitted by: Arthur Mesh <arthurmesh@gmail.com>
Sponsored by: Juniper Networks
|
| |
|
|
|
|
| |
MFC after: 3 days
|
|
|
|
| |
Benjamin Kramer and Joerg Sonnenberger for their input and fixes.
|
|
|
|
|
|
|
| |
- To achieve above, convert jail(8) invocation to use new style
command line "-c" flag.
Reviewed at: freebsd-jail@
|
|
|
|
| |
MFC after: 2 weeks
|
| |
|
|
|
|
|
|
| |
Reviewed by: emaste (mentor)
Approved by: emaste (mentor)
MFC after: 3 days
|
|
|
|
| |
MFC after: 1 week
|
| |
|
|
|
|
| |
will override ours instead of the other way around.
|
|
|
|
|
|
|
| |
Tighten the regular expression that checks for an md /tmp such that
no /tmp mount and an md / isn't improperly matched.
Sponsored by: DARPA/AFRL
|
| |
|
| |
|
|
|
|
|
|
| |
- Add -P option to support PID file. When -a is specified /var/run/rarpd.pid
is used, and when an interface is specified /var/run/rarpd.<ifname>.pid is
used by default.
|
|
|
|
|
|
|
| |
by $firewall_logif rc.conf(5) variable at boot time or manually by ifconfig(8)
after a boot.
Discussed on: freebsd-ipfw@
|
|
|
|
| |
MFC after: 1 week
|
|
|
|
| |
on how to best proceed.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adjust power_profile script to handle the new world order as well.
Some vendors are opting out of a C2 state and only defining C1 & C3. This
leads the acpi_cpu display to indicate that the machine supports C1 & C2
which is caused by the (mis)use of the index of the cx_state array as the
ACPI_STATE_CX value.
e.g. the code was pretending that cx_state[i] would
always convert to i by subtracting 1.
cx_state[2] == ACPI_STATE_C3
cx_state[1] == ACPI_STATE_C2
cx_state[0] == ACPI_STATE_C1
however, on certain machines this would lead to
cx_state[1] == ACPI_STATE_C3
cx_state[0] == ACPI_STATE_C1
This didn't break anything but led to a display of:
* dev.cpu.0.cx_supported: C1/1 C2/96
Instead of
* dev.cpu.0.cx_supported: C1/1 C3/96
MFC after: 2 weeks
|
|
|
|
|
|
|
|
|
|
| |
chmod'ed
to make logging work.
PR: 168889
Submitted by: Robert Simmons <rsimmons0@gmail.com>
MFC after: 1 week
|
|
|
|
|
|
|
| |
has a non-empty dumpdates file.
Reviewed by: brooks
MFC after: 1 week
|
| |
|
|
|
|
| |
MFC after: 1 week
|
|
|
|
| |
MFC after: 1 week
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
thing it was still used for was to set the "global default" password
hash. Since the stock auth.conf contained nothing but comments, the
global default was actually the first algorithm in crypt(3)'s list,
which happens to be DES; I take the fact that nobody noticed as proof
that it was not used outside of crypt(3).
The only other use in our tree was in the Kerberos support code in
in tinyware's passwd(1). I removed that code in an earlier commit;
it would not have compiled anyway, as it only supported Kerberos IV.
The auth_getval() function is now a stub that always returns NULL,
which has the same effect as a functional auth_getval() with an
empty auth.conf.
MFC after: 3 weeks
|
|
|
|
|
|
|
| |
PR: conf/163828
Submitted by: Tatsuki Makino <tatsuki_makino@hotmail.com>
Approved by: cperciva
MFC after: 1 week
|
|
|
|
|
|
|
|
|
|
|
| |
passwordless login (kde-np),
and it doesn't really belong in base system.
PR: misc/167261
Submitted by: avilla@
Approved by: rwatson (mentor)
MFC after: 3 days
|
|
|
|
| |
MFC after: 3 days
|
|
|
|
|
|
|
|
| |
to the build system. FreeBSD written scripts are stored in
src/share and the toolkit scripts are brought from the cddl directory
into a working tree via install.
MFC after: 2 weeks
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The NAND Flash environment consists of several distinct components:
- NAND framework (drivers harness for NAND controllers and NAND chips)
- NAND simulator (NANDsim)
- NAND file system (NAND FS)
- Companion tools and utilities
- Documentation (manual pages)
This work is still experimental. Please use with caution.
Obtained from: Semihalf
Supported by: FreeBSD Foundation, Juniper Networks
|
|
|
|
|
| |
Approved by: cperciva
MFC after: 3 days
|
|
|
|
|
|
| |
PR: conf/165956
Submitted by: Jeremy Chadwick
MFC after: 1 week
|
|
|
|
|
|
|
|
|
|
| |
o change rcname to kfd;
o move mandatory options to command_args;
o add missing "shutdown" keyword;
o fix require line. Kfd doesn't really need to be started before
daemons.
Suggested by: dougb
|
|
|
|
|
|
|
|
|
|
| |
if the accounting log file is atomically replaced with a new file
(such as during log rotation).
- Simplify accounting log rotation a bit. There is no need to re-run
accton(8) after renaming the new log file to it's real name.
PR: kern/167321
Tested by: Jeremy Chadwick
|
|
|
|
|
|
|
| |
upcoming 3.1 release (expected in a few weeks). Preliminary release
notes can be found at: <http://llvm.org/docs/ReleaseNotes.html>
MFC after: 2 weeks
|
|
|
|
|
|
|
|
|
|
| |
- make the default prompt a bit more like scp
- make the user show as root even when using 'su' instead of 'su -'
- the key bindings didn't hurt anything but likely hide a bug
- merge history instead of overwriting it
Submitted by: gavin, joel
Approved by: cperciva
|
| |
|
|
|
|
|
| |
Obtained from: http://www.iana.org/assignments/port-numbers
MFC after: 1 week
|
|
|
|
|
|
| |
Submitted by: flo
Approved by: cperciva
MFC after: 1 week
|
|
|
|
|
|
|
|
|
| |
- Add an examples file with many of the not accepted suggestions from the discussion
PR: conf/160689
Reviewed by: many
Discussed on: current
Approved by: cperciva
|
|
|
|
| |
Glanced by: kib
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
several new kerberos related libraries and applications to FreeBSD:
o kgetcred(1) allows one to manually get a ticket for a particular service.
o kf(1) securily forwards ticket to another host through an authenticated
and encrypted stream.
o kcc(1) is an umbrella program around klist(1), kswitch(1), kgetcred(1)
and other user kerberos operations. klist and kswitch are just symlinks
to kcc(1) now.
o kswitch(1) allows you to easily switch between kerberos credentials if
you're running KCM.
o hxtool(1) is a certificate management tool to use with PKINIT.
o string2key(1) maps a password into key.
o kdigest(8) is a userland tool to access the KDC's digest interface.
o kimpersonate(8) creates a "fake" ticket for a service.
We also now install manpages for some lirbaries that were not installed
before, libheimntlm and libhx509.
- The new HEIMDAL version no longer supports Kerberos 4. All users are
recommended to switch to Kerberos 5.
- Weak ciphers are now disabled by default. To enable DES support (used
by telnet(8)), use "allow_weak_crypto" option in krb5.conf.
- libtelnet, pam_ksu and pam_krb5 are now compiled with error on warnings
disabled due to the function they use (krb5_get_err_text(3)) being
deprecated. I plan to work on this next.
- Heimdal's KDC now require sqlite to operate. We use the bundled version
and install it as libheimsqlite. If some other FreeBSD components will
require it in the future we can rename it to libbsdsqlite and use for these
components as well.
- This is not a latest Heimdal version, the new one was released while I was
working on the update. I will update it to 1.5.2 soon, as it fixes some
important bugs and security issues.
|
| | |
|
| |
|