| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
it returns. This allows it to connect to the server side again, which
has been listening on IPv6 addresses exclusively for more than 2 years.
PR: 59369
|
| |
|
|
| |
Approved by: re@
|
| |
|
|
|
|
| |
support is enabled.
Approved by: re (scottl)
|
| |
|
|
|
|
|
|
| |
(Lite Edition) respectively. These "lite" packages are streamlined to
provide users with the core essentials for each desktop and to fit on the
release disc 1.
Approved by: re (scottl)
|
| |
|
|
|
| |
Requested by: jhb
Approved by: re (jhb)
|
| |
|
|
|
|
|
| |
victim of the special sort order employed where files come before
directories and alphabetic inside these two groups.
Approved by: re@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
permitting the administrator to select a securelevel top operate
at. Include a helpfile summarizing some of the information from
init(8). This allows for explicit configuration of securelevels,
which was previously implicit in Security Profile selection.
Currently, there are no checkboxes for the active securelevel,
because sysinstall's facilities for deriving "current settings"
from rc.conf may use only one variable, not two, and I opted for
the simplest approach at this point.
Approved by: re (scottl)
|
| |
|
|
| |
Approved by: re (rwatson)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
selection is used to drive two configuration parameters:
(1) Default enable/disable for sshd
(2) Default enable/disable for securelevels
Replace this with an explicit choice to enable/disable sshd. A
follow-up commit will add a configuration option to the Security
post-install configuration menu to set the securelevel in rc.conf
explicitly. This should reduce the level of foot-shooting associated
with accidental enabling of securelevels, make the nature and
implications of the securelevel configuration options more explicit,
as well as make the choice to enable/disable sshd more explicit.
Approved by: re (scottl)
|
| |
|
|
|
|
|
| |
- Adjust names of IPv6 FTP hosts a bit
- Sync list of FTP sites with reality
Approved by: rwatson (re@)
|
| |
|
|
|
|
| |
PR: bin/59078
Submitted by: Panagiotis Astithas <past@noc.ntua.gr>
Approved by: re (rwatson)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(1) Document the notion of using jail(8) to run "virtual servers" or
just to constrain specific applications. If only running specific
applications, some configuration steps are unnecessary (such as
editing rc.conf).
(2) Add some more subsection headers to break up the bigger chunks of
text.
(3) Clarify the problems associated with applications binding all IP
addresses in the host, and attempt to be more specific about
potential application problems. Document how to force sshd to
bind the the right socket.
(4) Suggest that in a jailed application scenario, you might want to
have the host syslogd listen on the socket in the jail, rather
than running syslogd in the jail.
(5) Catch another reference to /stand/sysinstall.
Approved by: re (bmah implicitly)
|
| |
|
|
|
|
| |
-CURRENT, we have /usr/sbin/sysinstall.
Approved by: re (bmah implicitly)
|
| |
|
|
| |
Approved by: re@
|
| | |
|
| |
|
|
|
| |
* Replace references to mcd0 with acd0 (doc only)
* Remove references to the "c" partition (doc only - code was already fixed)
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
check if it's already loaded or compiled into the kernel, and only try to
load it if it isn't.
PR: bin/59368
Submitted by: Jens Rehsack <rehsack@liwing.de>
|
| |
|
|
| |
has been addressed.
|
| |
|
|
|
|
|
| |
link it at low cost and avoid environment poisoning attacks associated
with LD_LIBRARY_PATH.
Suggested by: rwatson
|
| |
|
|
| |
root and suggest alternatives.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
is possible for an error to occur while trying to log an error, and
this can result in infinite recursion (or at least until we run out
of stack).
Rather than this, we ignore requests to log an error while logging an
error.
PR: 51253
MFC after: 2 weeks
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Avoid implicit function calls by adding the proper include files.
Use const char copyright.
Fix some fprint formatting.
In the manual page:
Use the .Pa macro for filenames and locations.
Kill hard setence breaks.
Make use of the .Tn and .Dq macros.
Add some to text to the otherwise blank HISTORY section (taken from CVS).
|
| |
|
|
|
|
| |
constants NG_*SIZ that include the trailing NUL byte. This change
is mostly mechanical except for the replacement of a couple of snprintf()
and sprintf() calls with strlcpy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
- simplify by strdup.
- set ai_protocol in hints to TCP.
- g/c FAITH_NS (no description, not maintained for years)
- warn if connection from IPv4 mapped is reached.
- IPV6_V6ONLY if possible.
- unifdef -UFAITH4.
- drop rsh/rlogin support.
- deal with negative return value from wait3.
Obtained from: KAME
|
| |
|
|
|
|
|
|
|
|
|
| |
- realloc pedant.
- set sin6_scope_id before sending (link-local/multicast) packets
- removed an incorrect comment
- don't age non-gateway host routes.
- not remove global addresses on loopback interface from routing table
by route aging.
Obtained from: KAME
|
| |
|
|
|
|
| |
- simplify.
Obtained from: KAME
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
a SEMICOLON token (a newline or semicolon, or one of these preceded
by a comment and/or whitespace). The input stream was switched too
early and the parser was expecting a SEMICOLON in the included file
instead of after the filename in the include directive.
Submitted by: Stefan Farfeleder <stefan@fafoe.narf.at>
Kept alive by: Adam C. Migus <adam@migus.org>
|
| |
|
|
|
|
|
|
|
|
| |
ums module, and allow for up to five attempts to open the device, with
two-second pauses in between, to allow time for USB controllers and
devices to probe and attach. My Gigabyte P4 Titan 848P motherboard has
a total of 15 ports on four hubs hanging off four controllers, and needs
at least half of that ten-second allowance to get ready.
MFC after: 7 days
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
deraadt NOTE: -I needs to take an arg (there's no way we can take no
arg/an arg with a single option)
- sscanf overrun
- no variable name on prototype.
- u_int32_t may not be u_long.
- skipped non-host route when printing neighbor cache entries.
- valid and preferred lifetimes are unsigned.
- wording.
Obtained from: KAME
|
| |
|
|
| |
comparing two spec files.
|
| |
|
|
|
|
| |
not try to use a MIBS definition from the environment.
Submitted by: Joe Marcus Clarke <marcus@marcuscom.com>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
- be more picky about argument parsing - like ERANGE.
- use u_long for args, not to lose accuracy/prevent overflow.
- socklen_t audit.
- Add -I (use icmp) option.
- warn if multiple addresses are present for dest.
- no need to pass tz.
- type pedant. check -p range.
- grab hlim from sysctl.
- typo in port number setting.
Obtained from: KAME
|
| |
|
|
|
|
| |
add libnetgraph to the list of prebuilt libraries in the main Makefile.
Reviewed by: ru
|
| |
|
|
| |
and use the new constants which do.
|
| |
|
|
|
|
|
| |
settings.
Reviewed by: rwatson
Approved by: blackend (mentor)
|
| |
|
|
|
| |
Reviewed by: imp, julian, ru
Approved by: imp (mentor)
|
| |
|
|
| |
PR: 31771
|
| |
|
|
| |
with include "...".
|
| |
|
|
|
| |
that the sources use "..." includes to get at include files that
later on reside in an include sub-directory.
|
| | |
|
| | |
|
| |
|
|
| |
for the NgATM ILMI daemon and for the tree parsing helper program.
|
| |
|
|
| |
netgraph module for the SNMP daemon.
|
| | |
|
