| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
|
| |
permissions to use for alias and map database files built by
/etc/mail/Makefile. The default is 0640 to assist users in avoiding
a file locking local denial of service.
MFC after: 1 day
pending RE approval
|
|
|
|
|
|
|
|
| |
instead of 0644 to help protect users against a file locking local
denial of service.
MFC after: 1 day
pending RE approval
|
|
|
|
|
|
|
|
|
|
| |
Apparently binding only to 127.0.0.1 inside of a jail actually binds
to the jail IP address as well (in effect, bind to all available
interfaces in the jail).
Submitted by: Helge Oldach <test-smtp@oldach.net>
MFC after: 1 day
pending RE approval
|
| |
|
|
|
|
| |
Reviewed by: grog
|
|
|
|
|
|
|
|
|
|
| |
though I would personally prefer to see the broken nameservers fixed
instead of standards compliant applications work around them, I can't
force FreeBSD users to help fight that battle.
Submitted by: Damon Anton Permezel <dap@damon.com>
MFC after: 2 days
pending RE approval
|
|
|
|
|
|
|
|
|
| |
fix a comment that suggested setting ipv6_ipv4mapping to blank. This
will aid in merging with rcng which requires all veriables to be
explicitly set.
Submitted by: Mike Makonnen
MFC after: 1 week
|
|
|
|
| |
(anymore).
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
files in each ${local_startup} directory, it also reverses the order of the
directories.
Suggested by: jhb
Reviewed by: jake
Approved by: dougb
MFC after: 1 week
|
|
|
|
|
|
|
|
|
|
| |
of wtmp.0 is done as mode 600.
This ensures that tight permissions set in /etc/newsyslog.conf for
wtmp logging aren't ``betrayed''.
Suggested by: lumpy <lumpy@the.whole.net>
MFC after: 3 days
|
|
|
|
|
|
|
|
|
|
|
| |
The change was introduced in src/etc/security 1.53 almost a year ago
in an attempt to see ipfw deny message logs.
However, ipfw deny/reject logs have been displayed since version 1.13
of the same file as a separate ``job'' and have since moved to
src/etc/periodic/security/500.ipfwdenied.
MFC after: 3 days
|
|
|
|
|
| |
Problem reported by: lumpy <lumpy@the.whole.net>
MFC after: 3 days
|
|
|
|
|
|
| |
Returning $? masks security output when ``periodic security'' is successful !
MFC after: 3 days
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
rm -f /tmp/.X11-unix/*
If /tmp/.X11-unix didn't already exist, a user could symlink it to a directory
with files that he wants to wipe out, and wait for next reboot.
Reported by: lumpy <lumpy@the.whole.net>
|
|
|
|
|
|
| |
Submitted by: Marius Strom <marius@marius.org>
MFC after: 1 day
and RE approval
|
|
|
|
| |
Sponsored by: DARPA, NAI Labs
|
|
|
|
|
|
|
|
|
| |
The Blue Concentric CF 802.11b card is a compactflash form-factored card
that does 802.11b, including 128bit encryption.
The Zonet modem pccard is a simple FAX/Modem card.
Both are sold in Guang-Hua Market in Taipei, and functions perfectly
with -current and -stable.
|
|
|
|
|
|
| |
PR: 23766
Mostly submitted by: lambert@ssabsd.csw.net
MFC after: 3 days
|
|
|
|
|
| |
Reviewed by: sheldonh
MFC after: 3 days
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Due to the way we run ls(1), through xargs(1), the leading whitespace
can change even when the setuid files haven't. To avoid displaying
these lines, we currently run diff(1) with the '-w' option. However,
this is probably not the ideal way to go; there is a very, very small
possibility for diff(1) to miss things is shouldn't. So, with the
leading space cleaned, we can revert to the '-b' option which is
"safer."
PR: conf/37618
Reviewed by: brian
MFC after: 3 days
|
|
|
|
| |
Sponsored by: DARPA, NAI Labs
|
|
|
|
|
|
|
|
| |
pam_lastlog, so add a dummy session chain to avoid using the one from
pam.d/other. I assume gdm does something similar, so give it a dummy
session chain as well.
Sponsored by: DARPA, NAI Labs.
|
|
|
|
|
|
| |
PR: 37529
Partially submitted by: Peter Hollaubek <fifteen@inext.hu>
MFC after: 1 week
|
| |
|
|
|
|
| |
when linked with Linux-PAM.
|
|
|
|
|
|
| |
PR: 32265
Submitted by: Thierry Thomas <thierry@pompo.net>
MFC after: 1 week
|
|
|
|
|
|
| |
over a year ago.
Small ws twiddle while I'm here.
|
|
|
|
|
|
|
| |
is a loader configuration file and can be used for more than just a
kernel name.
Submitted by: Gordon Tetlow <gordont@gnf.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Do not install games and profiled libraries to the ${CHROOTDIR}
with the initial installworld.
Eliminate the need in the second installworld. For that, make sure
_everything_ is built in the "world" environment, using the right
tool chain.
Added SUBDIR_OVERRIDE helper stuff to Makefile.inc1. Split the
buildworld process into stages, and skip some stages when
SUBDIR_OVERRIDE is set (used to build crypto, krb4, and krb5
dists).
Added NO_MAKEDB_RUN knob to Makefile.inc1 to avoid running
makewhatis(1) at the end of installworld (used when making crypto,
krb4, and krb5 dists).
In release/scripts/doFS.sh, ensure that the correct boot blocks are
used.
Moved the creation of the "crypto" dist from release.5 to
release.2.
In release.3 and doMFSKERN, build kernels in the "world"
environment. KERNELS now means "additional" kernels, GENERIC is
always built.
Ensure we build crunched binaries in the "world" environment.
Obfuscate release/Makefile some more (WMAKEENV) to achieve this.
Inline createBOOTMFS target.
Use already built GENERIC kernel modules to augment mfsfd's
/stand/modules. GC doMODULES as such.
Assorted fixes:
Get rid of the "afterdistribute" target by moving the single use
of it from sys/Makefile to etc/Makefile's "distribute".
Makefile.inc1: apparently "etc" no longer needs to be last for
"distribute" to succeed.
gnu/usr.bin/perl/library/Makefile.inc: do not override the
"install" and "distribute" targets, do it the "canonical" way.
release/scripts/{man,cat}pages-make.sh: make sure Perl manpages and
catpages appear in the right dists. Note that because Perl does
not respect the MANBUILDCAT (and NOMAN), this results in a loss of
/usr/share/perl/man/cat* empty directories. This will be fixed
soon.
Turn MAKE_KERBEROS4 into a plain boolean variable (if it is set it
means "make KerberosIV"), as documented in the make.conf(5)
manpage. Most of the userland makefiles did not test it for "YES"
anyway.
XXX Should specialized kerberized libpam versions be included into
the krb4 and krb5 dists? (libpam.a would be incorrect anyway if
both krb4 and krb5 dists were choosen.)
Make sure "games" dist is made before "catpages", otherwise games
catpages settle in the wrong dist.
Fast build machine provided by: Igor Kucherenko <kivvy@sunbay.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
around. If the kernel boots successfully, the record of this kernel
is erased, it is intended to be a one-shot option for testing
kernels.
This could be improved by having the loader remove the record of
the next kernel to boot, it is currently removed in /etc/rc immediately
after disks are mounted r/w.
I'd like to MFC this before the 4.6 freeze unless there is violent
objection.
Reviewed by: Several on IRC
MFC after: 4 days
|
|
|
|
|
|
|
| |
This is done since it contains much more than /bin, and also gets in the
way when making a combined install+fixit CD.
OK'ed by: jkh
|
|
|
|
|
|
| |
the definition of SHAREMODE.
Submitted by: Udo Schweigert <Udo.Schweigert@siemens.com>
|
|
|
|
|
|
| |
PR: 37370
Submitted by: Daniel O'Connor <doconnor@gsoft.com.au>
MFC after: 2 weeks
|
|
|
|
|
|
|
| |
around *user* memory to extract the environment variable strings. This
is problematic for us.
Submitted by: peter
|
|
|
|
|
|
| |
hostname and DNS information already.
Submitted by: Danny Braniss <danny@cs.huji.ac.il>
|
| |
|
|
|
|
|
| |
Also change one case of blatant __progname abuse (several more remain)
This commit does not touch anything in src/{contrib,crypto,gnu}/.
|
|
|
|
|
|
|
|
|
|
|
|
| |
alternative MTAs. Therefore, always install rc.sendmail, regardless of
NO_SENDMAIL make.conf setting. Users can still set mta_start_script to a
different script.
This commit is after a repo-copy of src/etc/sendmail/rc.sendmail to
src/etc/rc.sendmail.
Noticed by: Calvin NG <calvinng@brel.com>
MFC after: 3 days
|
|
|
|
|
|
| |
PR: conf/37292
Submitted by: Helge Oldach <send-pr@oldach.net>
MFC after: 3 days
|
|
|
|
|
|
|
|
| |
the creation of /var/spool/clientmqueue and therefore the need for the
smmsp user and group if NO_SENDMAIL is defined. This required breaking out
the creation of the directory into a new BSD.sendmail.dist mtree file.
MFC after: 1 week
|
|
|
|
|
|
| |
session management services.
Sponsored by: DARPA, NAI Labs
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added NOOBJ if anyone even attempts to "make obj" here.
Revert to installing files with mode 644 except README.
Make this overall look like a BSD-style Makefile rather
than roll-your-own (this is not a bug).
For the record. Previous revision also fixed the breakage
introduced by the sys.mk,v 1.60 commit: bsd.own.mk is no
longer automatically included from sys.mk.
Reported by: jhay
|