Created
December 5, 2011 00:01
-
-
Save zeszyt/1431717 to your computer and use it in GitHub Desktop.
OpenBSD etc 4.9 -> 5.0
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff -ur etc49/etc/changelist etc50/etc/changelist | |
--- etc49/etc/changelist Wed Mar 2 14:51:49 2011 | |
+++ etc50/etc/changelist Wed Aug 17 17:50:53 2011 | |
@@ -1,4 +1,4 @@ | |
-# $OpenBSD: changelist,v 1.71 2011/01/19 18:34:58 david Exp $ | |
+# $OpenBSD: changelist,v 1.74 2011/07/07 06:15:53 schwarze Exp $ | |
# | |
# List of files which the security script backs up and checks | |
# for modifications. | |
@@ -38,6 +38,7 @@ | |
/etc/gettytab | |
/etc/group | |
/etc/hostapd.conf | |
++/etc/hostname.* | |
/etc/hosts | |
/etc/hosts.allow | |
/etc/hosts.deny | |
@@ -101,7 +102,6 @@ | |
/etc/pf.conf | |
/etc/pf.os | |
/etc/pkg.conf | |
-/etc/portal.conf | |
/etc/printcap | |
/etc/profile | |
/etc/protocols | |
@@ -123,7 +123,6 @@ | |
/etc/rpc | |
/etc/rtadvd.conf | |
/etc/sasyncd.conf | |
-/etc/security | |
/etc/sensorsd.conf | |
/etc/services | |
/etc/shells | |
diff -ur etc49/etc/daily etc50/etc/daily | |
--- etc49/etc/daily Wed Mar 2 14:51:49 2011 | |
+++ etc50/etc/daily Wed Aug 17 17:50:53 2011 | |
@@ -1,5 +1,5 @@ | |
# | |
-# $OpenBSD: daily,v 1.68 2010/09/22 13:01:10 deraadt Exp $ | |
+# $OpenBSD: daily,v 1.71 2011/04/23 19:35:53 schwarze Exp $ | |
# From: @(#)daily 8.2 (Berkeley) 1/25/94 | |
# | |
# For local additions, create the file /etc/daily.local. | |
@@ -50,7 +50,7 @@ | |
find -x . \ | |
\( -path './ssh-*' -o -path ./.X11-unix -o -path ./.ICE-unix \ | |
-o -path ./portslocks \) \ | |
- -prune -o -type f -atime +3 -execdir rm -f -- {} \; | |
+ -prune -o -type f -atime +3 -execdir rm -f -- {} \; 2>&- | |
find -x . -type d -mtime +1 ! -path ./vi.recover ! -path ./.X11-unix \ | |
! -path ./.ICE-unix ! -path ./portslocks ! -name . \ | |
-execdir rmdir -- {} \; >/dev/null 2>&1; } | |
@@ -61,7 +61,7 @@ | |
find -x . \ | |
\( -path './ssh-*' -o -path ./.X11-unix -o -path ./.ICE-unix \ | |
-o -path ./portslocks \) \ | |
- -prune -o ! -type d -atime +7 -execdir rm -f -- {} \; | |
+ -prune -o ! -type d -atime +7 -execdir rm -f -- {} \; 2>&- | |
find -x . -type d -mtime +1 ! -path ./vi.recover ! -path ./.X11-unix \ | |
! -path ./.ICE-unix ! -path ./portslocks ! -name . \ | |
-execdir rmdir -- {} \; >/dev/null 2>&1; } | |
@@ -192,8 +192,9 @@ | |
MAINOUT=/var/log/security.out | |
install -o 0 -g 0 -m 600 -b /dev/null $MAINOUT | |
-start_part "Running /etc/security:" | |
-run_script "security" | |
+start_part "Running security(8):" | |
+export SUIDSKIP | |
+/usr/libexec/security | |
end_part | |
rm -f $PARTOUT | |
diff -ur etc49/etc/dhclient.conf etc50/etc/dhclient.conf | |
--- etc49/etc/dhclient.conf Wed Mar 2 14:51:49 2011 | |
+++ etc50/etc/dhclient.conf Wed Aug 17 17:50:53 2011 | |
@@ -1,4 +1,4 @@ | |
-# $OpenBSD: dhclient.conf,v 1.1 1998/09/08 20:26:41 marc Exp $ | |
+# $OpenBSD: dhclient.conf,v 1.2 2011/04/04 11:14:52 krw Exp $ | |
# | |
# DHCP Client Configuration | |
# | |
@@ -14,4 +14,3 @@ | |
# request subnet-mask, broadcast-address, time-offset, routers, | |
# domain-name, domain-name-servers, host-name, lpr-servers, ntp-servers; | |
# require subnet-mask, domain-name-servers, routers; | |
-# media "link0 link1", "link0 link1", "link0 link1", "-link0 link1"; | |
diff -ur etc49/etc/ksh.kshrc etc50/etc/ksh.kshrc | |
--- etc49/etc/ksh.kshrc Wed Mar 2 14:51:49 2011 | |
+++ etc50/etc/ksh.kshrc Wed Aug 17 17:50:53 2011 | |
@@ -1,5 +1,5 @@ | |
: | |
-# $OpenBSD: ksh.kshrc,v 1.15 2010/04/26 09:04:15 otto Exp $ | |
+# $OpenBSD: ksh.kshrc,v 1.16 2011/07/04 19:52:37 halex Exp $ | |
# | |
# NAME: | |
# ksh.kshrc - global initialization for ksh | |
@@ -92,15 +92,15 @@ | |
esac | |
# do we want window decorations? | |
if [ "$ILS" ]; then | |
- ilabel () { print -n "${ILS}$*${ILE}">/dev/tty; } | |
- label () { print -n "${WLS}$*${WLE}">/dev/tty; } | |
+ function ilabel { print -n "${ILS}$*${ILE}">/dev/tty; } | |
+ function label { print -n "${WLS}$*${WLE}">/dev/tty; } | |
alias stripe='label "$USER@$HOST ($tty) - $PWD"' | |
alias istripe='ilabel "$USER@$HOST ($tty)"' | |
- wftp () { ilabel "ftp $*"; "ftp" "$@"; eval istripe; } | |
- wcd () { \cd "$@" && eval stripe; } | |
- wssh () | |
+ function wftp { ilabel "ftp $*"; "ftp" "$@"; eval istripe; } | |
+ function wcd { \cd "$@" && eval stripe; } | |
+ function wssh | |
{ | |
local rc | |
"ssh" "$@" | |
@@ -109,7 +109,7 @@ | |
eval stripe | |
return $rc | |
} | |
- wtelnet () | |
+ function wtelnet | |
{ | |
local rc | |
"telnet" "$@" | |
@@ -118,7 +118,7 @@ | |
eval stripe | |
return $rc | |
} | |
- wrlogin () | |
+ function wrlogin | |
{ | |
local rc | |
"rlogin" "$@" | |
@@ -127,7 +127,7 @@ | |
eval stripe | |
return $rc | |
} | |
- wsu () | |
+ function wsu | |
{ | |
local rc | |
"su" "$@" | |
@@ -173,7 +173,7 @@ | |
# commands for both interactive and non-interactive shells | |
# is $1 missing from $2 (or PATH) ? | |
-no_path () { | |
+function no_path { | |
eval _v="\$${2:-PATH}" | |
case :$_v: in | |
*:$1:*) return 1;; # no we have it | |
@@ -181,15 +181,15 @@ | |
return 0 | |
} | |
# if $1 exists and is not in path, append it | |
-add_path () { | |
+function add_path { | |
[ -d ${1:-.} ] && no_path $* && eval ${2:-PATH}="\$${2:-PATH}:$1" | |
} | |
# if $1 exists and is not in path, prepend it | |
-pre_path () { | |
+function pre_path { | |
[ -d ${1:-.} ] && no_path $* && eval ${2:-PATH}="$1:\$${2:-PATH}" | |
} | |
# if $1 is in path, remove it | |
-del_path () { | |
+function del_path { | |
no_path $* || eval ${2:-PATH}=`eval echo :'$'${2:-PATH}: | | |
sed -e "s;:$1:;:;g" -e "s;^:;;" -e "s;:\$;;"` | |
} | |
diff -ur etc49/etc/login.conf etc50/etc/login.conf | |
--- etc49/etc/login.conf Wed Mar 2 14:51:50 2011 | |
+++ etc50/etc/login.conf Wed Aug 17 17:50:53 2011 | |
@@ -1,4 +1,4 @@ | |
-# $OpenBSD: login.conf.in,v 1.3 2010/12/17 05:33:06 tedu Exp $ | |
+# $OpenBSD: login.conf.in,v 1.4 2011/07/26 15:16:12 sthen Exp $ | |
# | |
# Sample login.conf file. See login.conf(5) for details. | |
@@ -84,3 +84,10 @@ | |
:welcome=/etc/motd.authpf:\ | |
:shell=/usr/sbin/authpf:\ | |
:tc=default: | |
+ | |
+# | |
+# Override resource limits for certain daemons started by rc.d(8) | |
+# | |
+bgpd:\ | |
+ :openfiles-cur=512:\ | |
+ :tc=daemon: | |
diff -ur etc49/etc/lynx.cfg etc50/etc/lynx.cfg | |
--- etc49/etc/lynx.cfg Wed Mar 2 14:51:54 2011 | |
+++ etc50/etc/lynx.cfg Wed Aug 17 17:51:01 2011 | |
@@ -1,12 +1,13 @@ | |
+# $LynxId: lynx.cfg,v 1.180 2009/06/07 17:02:21 tom Exp $ | |
# lynx.cfg file. | |
# The default placement for this file is /usr/local/lib/lynx.cfg (Unix) | |
# or Lynx_Dir:lynx.cfg (VMS) | |
# | |
# $Format: "#PRCS LYNX_VERSION \"$ProjectVersion$\""$ | |
-#PRCS LYNX_VERSION "2.8.6rel.5" | |
+#PRCS LYNX_VERSION "2.8.7rel.2" | |
# | |
# $Format: "#PRCS LYNX_DATE \"$ProjectDate$\""$ | |
-#PRCS LYNX_DATE "Wed, 09 May 2007 17:29:16 -0700" | |
+#PRCS LYNX_DATE "Mon, 21 Jun 2010 02:27:35 -0700" | |
# | |
# Definition pairs are of the form VARIABLE:DEFINITION | |
# NO spaces are allowed between the pair items. | |
@@ -112,8 +113,10 @@ | |
# for this distribution (use SHELL syntax including the device | |
# on VMS systems). | |
# The default HELPFILE is: | |
-# http://www.subir.com/lynx/lynx_help/lynx_help_main.html | |
+# http://lynx.isc.org/release/lynx2-8-7/lynx_help/lynx_help_main.html | |
# This should be changed to the local path. | |
+# This definition will be overridden if the "LYNX_HELPFILE" environment | |
+# variable has been set. | |
# | |
HELPFILE:file://localhost/usr/share/doc/html/lynx_help/lynx_help_main.html | |
.ex | |
@@ -282,6 +285,49 @@ | |
#LOCAL_DOMAIN:ukans.edu | |
+.h1 Session support | |
+ | |
+.h2 AUTO_SESSION | |
+# If AUTO_SESSION is TRUE lynx will save/restore useful information about | |
+# your browsing history when closing/starting current lynx session if | |
+# no command-line session switches override this setting. | |
+# This setting is useful only if SESSION_FILE is defined here or in the user's | |
+# .lynxrc file. | |
+# | |
+#AUTO_SESSION:FALSE | |
+ | |
+.h2 SESSION_FILE | |
+# SESSION_FILE defines the file name where lynx will store user sessions. | |
+# This setting is used only when AUTO_SESSION is true. | |
+# Note: the default setting will store/resume each session in a different | |
+# folder under same file name (if that is allowed by operating system) | |
+# when lynx is invoked from different directories. | |
+# (The current working directory may be changed inside lynx) | |
+# | |
+# If you want to use the same session file wherever you invoke Lynx, | |
+# enter the full path below, eg '/home/<username>/.lynx_session'. | |
+# | |
+# If you do not want this feature, leave the setting commented. | |
+# Users can still customize SESSION_FILE and AUTO_SESSION via | |
+# their .lynxrc file. | |
+# | |
+#SESSION_FILE:lynx_session | |
+ | |
+.h2 SESSION_LIMIT | |
+# SESSION_LIMIT defines maximum number of: searched strings, goto URLs, | |
+# visited links and history entries which will be saved in session file. The | |
+# minimum allowed is 1, the maximum is 10000. | |
+# | |
+# For instance, if SESSION_LIMIT is 250, a per-session limit of 250 entries of | |
+# searched strings, goto URLs, visited links and history entries will be saved | |
+# in the session file. | |
+# | |
+# There is no fixed limit on the number of entries which can be restored; | |
+# It is limited only by available memory. | |
+# | |
+#SESSION_LIMIT:250 | |
+ | |
+ | |
.h1 Character sets | |
.h2 CHARACTER_SET | |
@@ -400,11 +446,12 @@ | |
.h2 LOCALE_CHARSET | |
# LOCALE_CHARSET overrides CHARACTER_SET if true, using the current locale to | |
-# lookup a MIME name that corresponds, and use that as the display charset. | |
-# This feature is experimental because while nl_langinfo(CODESET) itself is | |
-# standardized, the return values and their relationship to the locale value is | |
-# not. GNU libiconv happens to give useful values, but other implementations | |
-# are not guaranteed to do this. | |
+# lookup a MIME name that corresponds, and use that as the display charset. | |
+# | |
+# Note that while nl_langinfo(CODESET) itself is standardized, the return | |
+# values and their relationship to the locale value is not. GNU libiconv | |
+# happens to give useful values, but other implementations are not guaranteed | |
+# to do this. | |
#LOCALE_CHARSET:FALSE | |
@@ -683,6 +730,7 @@ | |
.h2 INFOSECS | |
.h2 MESSAGESECS | |
.h2 ALERTSECS | |
+.h2 NO_PAUSE | |
# The following definitions set the number of seconds for | |
# pauses following statusline messages that would otherwise be | |
# replaced immediately, and are more important than the unpaused | |
@@ -699,9 +747,13 @@ | |
# SVr4-curses implementations support time delays in milliseconds, | |
# hence the value may be given shorter, e.g., 0.5 | |
# | |
+# Use the NO_PAUSE option (like the command-line -nopause) to override | |
+# all of the delay times. | |
+# | |
#INFOSECS:1 | |
#MESSAGESECS:2 | |
#ALERTSECS:3 | |
+#NO_PAUSE:FALSE | |
.h2 DEBUGSECS | |
# Set DEBUGSECS to a nonzero value to slow down progress messages | |
@@ -1014,9 +1066,7 @@ | |
# ===== | |
# TRUSTED_LYNXCGI rules define the permitted sources and/or paths for | |
# lynxcgi links (if LYNXCGI_LINKS is defined in userdefs.h). The format | |
-# is the same as for TRUSTED_EXEC rules (see above), but no defaults are | |
-# defined, i.e., if no TRUSTED_LYNXCGI rules are defined here, any source | |
-# and path for lynxcgi links will be permitted. Example rules: | |
+# is the same as for TRUSTED_EXEC rules (see above). Example rules: | |
# | |
# TRUSTED_LYNXCGI:file://localhost/ | |
# TRUSTED_LYNXCGI:<tab>/usr/local/etc/httpd/cgi-bin/ | |
@@ -1026,6 +1076,8 @@ | |
# ==== | |
# Do not define this. | |
# | |
+# The default TRUSTED_LYNXCGI rule is "none". | |
+# | |
#TRUSTED_LYNXCGI:none | |
@@ -1232,10 +1284,12 @@ | |
.h2 USE_MOUSE | |
# If Lynx is configured with ncurses, PDcurses or slang & USE_MOUSE is TRUE, | |
# users can perform commands by left-clicking certain parts of the screen: | |
-# on a link = `g'oto + ACTIVATE (ie move highlight & follow the link); | |
-# on the top/bottom lines = PREV/NEXT_PAGE (ie go up/down 1 page); | |
-# on the top/bottom left corners = PREV_DOC (ie go to the previous document); | |
-# on the top/bottom right corners = HISTORY (ie call up the history page). | |
+# on a link = `g'oto + ACTIVATE (i.e., move highlight & follow the link); | |
+# on the top/bottom lines = PREV/NEXT_PAGE (i.e., go up/down 1 page); | |
+# on the top/bottom left corners = PREV/NEXT_DOC (i.e., go to the previous | |
+# document / undo goto previous document); | |
+# on the top/bottom right corners = HISTORY/VLINKS (i.e., call up the history | |
+# page or visited links page if on history page). | |
# NB if the mouse is defined in this way, it will not be available | |
# for copy/paste operations using the clipboard of a desktop manager: | |
# for flexibility instead, use the command-line switch -use_mouse . | |
@@ -1351,9 +1405,9 @@ | |
# enough for reasonable usage; if they are very high, some sites may present | |
# undue performance waste. | |
# | |
-#max_cookies_domain:50 | |
-#max_cookies_global:500 | |
-#max_cookies_buffer:4096 | |
+#MAX_COOKIES_DOMAIN:50 | |
+#MAX_COOKIES_GLOBAL:500 | |
+#MAX_COOKIES_BUFFER:4096 | |
.h2 PERSISTENT_COOKIES | |
# PERSISTENT_COOKIES indicates that cookies should be read at startup from | |
@@ -1606,6 +1660,24 @@ | |
# | |
#SYSTEM_EDITOR: | |
+.h3 POSITIONABLE_EDITOR | |
+# If POSITIONABLE_EDITOR is defined once or multiple times and if the same | |
+# editor is used as editor in lynx, lynx will use its features, i.e., adding an | |
+# option to set the initial line-position, when editing files and textarea. | |
+# The commented editors below are already known; there is no need to uncomment | |
+# them. | |
+# | |
+#POSITIONABLE_EDITOR:emacs | |
+#POSITIONABLE_EDITOR:jed | |
+#POSITIONABLE_EDITOR:jmacs | |
+#POSITIONABLE_EDITOR:joe | |
+#POSITIONABLE_EDITOR:jove | |
+#POSITIONABLE_EDITOR:jpico | |
+#POSITIONABLE_EDITOR:jstar | |
+#POSITIONABLE_EDITOR:nano | |
+#POSITIONABLE_EDITOR:pico | |
+#POSITIONABLE_EDITOR:rjoe | |
+#POSITIONABLE_EDITOR:vi | |
.h1 Proxy | |
@@ -1691,9 +1763,9 @@ | |
# | |
# To define your own print or download option use the following formats: | |
# | |
-# PRINTER:<name>:<command>:<option>:<lines/page> | |
+# PRINTER:<name>:<command>:<option>:<lines/page>[:<environment>] | |
# | |
-# DOWNLOADER:<name>:<command>:<option> | |
+# DOWNLOADER:<name>:<command>:<option>[:<environment>] | |
# | |
# <name> is what you will see on the print/download screen. | |
# | |
@@ -1720,6 +1792,15 @@ | |
# it uses current screen length for the computation | |
# when `Print to screen' is selected. | |
# | |
+# [:<environment>] | |
+# optional, if XWINDOWS then printer/downloader will be | |
+# enabled if DISPLAY environment variable IS defined and | |
+# disabled otherwise, if environment is NON_XWINDOWS | |
+# then printer/downloader will be enabled if DISPLAY | |
+# environment variable IS NOT defined and disabled otherwise, | |
+# for anything else or if environment is not specified | |
+# printer/downloader is always enabled. | |
+# | |
# You must put the whole definition on one line; | |
# if you use a colon, precede it with a backslash. | |
# | |
@@ -2129,6 +2210,7 @@ | |
# (the first for filenames with a dot somewhere in | |
# the name, the second without), these are currently | |
# mapped to text/plain in the (HTInit.c) builtin code. | |
+# Lynx compares the file-extensions ignoring case. | |
# | |
# <mime type> a MIME content type. It can also contain a charset | |
# parameter, see example below. This should be given in | |
@@ -2268,7 +2350,7 @@ | |
# by some built-in defaults in src/HTInit.c. | |
# | |
# The VIEWER definition takes the form of: | |
-# VIEWER:<mime type>:<viewer command>[:environment] | |
+# VIEWER:<mime type>:<viewer command>[:<environment>] | |
# where -mime type is the MIME content type of the file | |
# -viewer command is a system command that can be | |
# used to display the file where %s is replaced | |
@@ -2434,6 +2516,7 @@ | |
.nf | |
#KEYMAP:0x5C:SOURCE # Toggle source viewing mode (show HTML source) | |
#KEYMAP:^R:RELOAD # Reload the current document and redisplay | |
+#KEYMAP:^U:NEXT_DOC # Undo PREV_DOC) | |
#KEYMAP:q:QUIT # Ask the user to quit | |
#KEYMAP:Q:ABORT # Quit without verification | |
#KEYMAP:0x20:NEXT_PAGE # Move down to next page | |
@@ -2548,7 +2631,7 @@ | |
# sense in Dired mode), and SELECT is meaningless. Default built-in override | |
# mappings are | |
# | |
-#KEYMAP:^U:PREV_DOC:DIRED # Return to the previous document | |
+#KEYMAP:^U:NEXT_DOC:DIRED # Undo going back to the previous document | |
#KEYMAP:.:TAG_LINK:DIRED # Tag a file or directory for later action | |
#KEYMAP:c:CREATE:DIRED # Create a new file or directory | |
#KEYMAP:C:CHDIR:DIRED # change current directory | |
@@ -2693,14 +2776,14 @@ | |
.h1 Appearance | |
.h2 LIST_FORMAT | |
-# Unix ONLY: | |
-#=========== | |
# LIST_FORMAT defines the display for local files when Lynx has been | |
# compiled with LONG_LIST defined in the Makefile. The default is set | |
# in userdefs.h, normally to "ls -l" format, and can be changed here | |
# by uncommenting the indicated lines, or adding a definition with a | |
# modified parameter list. | |
# | |
+# This feature is not available for VMS. | |
+# | |
# The percent items in the list are interpreted as follows: | |
.nf | |
# | |
@@ -2949,7 +3032,7 @@ | |
.h2 COLOR_STYLE | |
# Also known as "lss" (lynx style-sheet), the color-style file assigns color | |
# combination to tags and combinations of tags. Normally a non-empty value | |
-# is compiled into lynx, and the user can override that using the -lss | |
+# is compiled into lynx, and the user can override that using the -lss | |
# command-line option. The configure script allows one to compile in an | |
# empty string. If lynx finds no value for this setting, it simulates the | |
# non-color-style assignments using the COLOR settings. | |
@@ -2971,7 +3054,7 @@ | |
.h2 ASSUMED_COLOR | |
# If built with a library that recognizes default colors (usually ncurses or | |
# slang), and if the corresponding option is compiled into lynx, lynx | |
-# initializes it to assume the corresponding foreground and background colors. | |
+# initializes it to assume the corresponding foreground and background colors. | |
# Default colors are those that the terminal (emulator) itself is initialized | |
# to. For instance, you might have an xterm running with black text on a white | |
# background, and want lynx to display colored text on the white background, | |
@@ -2993,7 +3076,7 @@ | |
.h2 DEFAULT_COLORS | |
# If built with a library that recognizes default colors (usually ncurses or | |
# slang), and if the corresponding option is compiled into lynx, lynx | |
-# initializes it to assume the corresponding foreground and background colors. | |
+# initializes it to assume the corresponding foreground and background colors. | |
# Default colors are those that the terminal (emulator) itself is initialized | |
# to. | |
# | |
@@ -3028,7 +3111,7 @@ | |
# | |
# The lynx.cfg line is as follows: | |
# | |
-# EXTERNAL:<url>:<command> %s:<norestriction>:<allow_for_activate> | |
+# EXTERNAL:<url>:<command> %s:<norestriction>:<allow_for_activate>[:environment] | |
# | |
# <url> Any given URL. This can be normal ones like ftp or http or it | |
# can be one made up like mymail. | |
@@ -3048,6 +3131,11 @@ | |
# pressing EXTERN key on it). If this component of the line is absent, then | |
# FALSE is assumed. | |
# | |
+# [:environment] Optional, if XWINDOWS then command is allowed only if | |
+# $DISPLAY environment variable is set, else if NON_XWINDOWS then command | |
+# is allowed only if $DISPLAY environment variable is not set, if absent or | |
+# anything else command is always allowed. | |
+# | |
# For invoking the command use the EXTERN_LINK or EXTERN_PAGE key. By default | |
# EXTERN_LINK is mapped to '.', and EXTERN_PAGE to ',' (if the feature is | |
# enabled), see the KEYMAP section above. | |
@@ -3233,6 +3321,15 @@ | |
# | |
#HIDDEN_LINK_MARKER: | |
+.h2 XHTML_PARSING | |
+# XHTML_PARSING - HTML parsing | |
+# When true, tells lynx that it can ignore certain tags which have no content | |
+# in an XHTML 1.0 document. For example | |
+# <p /> | |
+# <a /> | |
+# When the option is false, lynx will not treat the tag as an ending. | |
+#XHTML_PARSING:FALSE | |
+ | |
.h1 Appearance | |
.h2 JUSTIFY | |
@@ -3290,7 +3387,11 @@ | |
# Specifies (in seconds) connect timeout. Default value is rather huge. | |
#CONNECT_TIMEOUT:18000 | |
+.h2 READ_TIMEOUT | |
+# Specifies (in seconds) read-timeout. Default value is rather huge. | |
+#READ_TIMEOUT:18000 | |
+ | |
.h1 Internal Behavior | |
# These settings control internal lynx behavior - the way it interacts with the | |
# operating system and Internet. Modifying these settings will not change | |
@@ -3319,6 +3420,7 @@ | |
.nf | |
#ENABLE_LYNXRC:accept_all_cookies:ON | |
#ENABLE_LYNXRC:assume_charset:OFF | |
+#ENABLE_LYNXRC:auto_session:OFF | |
#ENABLE_LYNXRC:bookmark_file:ON | |
#ENABLE_LYNXRC:case_sensitive_searching:ON | |
#ENABLE_LYNXRC:character_set:ON | |
@@ -3335,6 +3437,7 @@ | |
#ENABLE_LYNXRC:file_sorting_method:ON | |
#ENABLE_LYNXRC:force_cookie_prompt:OFF | |
#ENABLE_LYNXRC:force_ssl_prompt:OFF | |
+#ENABLE_LYNXRC:ftp_passive:OFF | |
#ENABLE_LYNXRC:kblayout:ON | |
#ENABLE_LYNXRC:keypad_mode:ON | |
#ENABLE_LYNXRC:lineedit_mode:ON | |
@@ -3342,6 +3445,7 @@ | |
#ENABLE_LYNXRC:make_links_for_all_images:OFF | |
#ENABLE_LYNXRC:make_pseudo_alts_for_inlines:OFF | |
#ENABLE_LYNXRC:multi_bookmark:ON | |
+#ENABLE_LYNXRC:no_pause:OFF | |
#ENABLE_LYNXRC:personal_mail_address:ON | |
#ENABLE_LYNXRC:preferred_charset:ON | |
#ENABLE_LYNXRC:preferred_encoding:OFF | |
@@ -3352,6 +3456,8 @@ | |
#ENABLE_LYNXRC:run_execution_links_on_local_files:ON | |
#ENABLE_LYNXRC:scrollbar:OFF | |
#ENABLE_LYNXRC:select_popups:ON | |
+#ENABLE_LYNXRC:send_useragent:OFF | |
+#ENABLE_LYNXRC:session_file:OFF | |
#ENABLE_LYNXRC:set_cookies:OFF | |
#ENABLE_LYNXRC:show_color:ON | |
#ENABLE_LYNXRC:show_cursor:ON | |
@@ -3413,6 +3519,14 @@ | |
# | |
#FORCE_COOKIE_PROMPT:PROMPT | |
+.h2 SSL_CERT_FILE | |
+# Set SSL_CERT_FILE to the file that contains all valid CA certificates lynx | |
+# should accept, in case the $SSL_CERT_FILE environment variable is not set, | |
+# e.g., | |
+# | |
+#SSL_CERT_FILE:/etc/ssl/certs/ca-certificates.crt | |
+#SSL_CERT_FILE:NULL | |
+ | |
.h1 Appearance | |
.h2 SCREEN_SIZE | |
@@ -3440,3 +3554,36 @@ | |
# Add the given text to calls made to syslog, to distinguish Lynx from other | |
# applications which use that interface. | |
#SYSLOG_TEXT: | |
+ | |
+.h1 Internal Behavior | |
+.h2 BROKEN_FTP_RETR | |
+# Some ftp servers are known to have a broken implementation of RETR. If asked | |
+# to retrieve a directory, they get confused and fails subsequent commands such | |
+# as CWD and LIST. Workaround: reconnect after a failed RETR, which is slow. | |
+# | |
+# Each BROKEN_FTP_RETR gives a string match for the reported FTP server version | |
+#BROKEN_FTP_RETR:ProFTPD 1.2.5 | |
+#BROKEN_FTP_RETR:spftp/ | |
+ | |
+.h2 BROKEN_FTP_EPSV | |
+# Some ftp servers are known to have a broken implementation of EPSV. The | |
+# server will hang for a long time when we attempt to connect after issuing | |
+# this command. Workaround: do not use EPSV, just use PASV. | |
+# | |
+# Each BROKEN_FTP_EPSV gives a string match for the reported FTP server version | |
+#BROKEN_FTP_EPSV:(Version wu-2.6.2-12) | |
+ | |
+.h1 Appearance | |
+.h2 FTP_FORMAT | |
+# FTP_FORMAT defines the display for remote files. | |
+# It uses the same "%" codes as LIST_FORMAT. | |
+#FTP_FORMAT:%d %-16.16t %a %K | |
+ | |
+.h1 Internal Behavior | |
+ | |
+.h2 STATUS_BUFFER_SIZE | |
+# STATUS_BUFFER_SIZE controls the size of the buffer used for the LYNXMESSAGES | |
+# special url. | |
+# | |
+# The default size (if not overridden in userdefs.h) is 40. | |
+#STATUS_BUFFER_SIZE:40 | |
diff -ur etc49/etc/mail/localhost.cf etc50/etc/mail/localhost.cf | |
--- etc49/etc/mail/localhost.cf Wed Mar 2 14:51:51 2011 | |
+++ etc50/etc/mail/localhost.cf Wed Aug 17 17:50:55 2011 | |
@@ -1,5 +1,5 @@ | |
# | |
-# Copyright (c) 1998-2004 Sendmail, Inc. and its suppliers. | |
+# Copyright (c) 1998-2004, 2009, 2010 Sendmail, Inc. and its suppliers. | |
# All rights reserved. | |
# Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved. | |
# Copyright (c) 1988, 1993 | |
@@ -16,7 +16,7 @@ | |
##### | |
##### SENDMAIL CONFIGURATION FILE | |
##### | |
-##### built by root@i386.openbsd.org on Tue Mar 1 08:52:00 MST 2011 | |
+##### built by root@i386.openbsd.org on Sun Aug 7 13:14:20 MDT 2011 | |
##### in /usr/src/gnu/usr.sbin/sendmail/cf/cf | |
##### using /usr/src/gnu/usr.sbin/sendmail/cf/cf/../ as configuration include directory | |
##### | |
@@ -27,21 +27,39 @@ | |
###################################################################### | |
###################################################################### | |
-##### $Sendmail: cfhead.m4,v 8.116 2004/01/28 22:02:22 ca Exp $ ##### | |
+##### $Sendmail: cfhead.m4,v 8.121 2010/01/07 18:20:19 ca Exp $ ##### | |
##### $Sendmail: cf.m4,v 8.32 1999/02/07 07:26:14 gshapiro Exp $ ##### | |
-##### @(#)openbsd-localhost.mc $Revision: 1.4 $ ##### | |
- | |
+##### @(#)openbsd-proto.mc $Revision: 1.12 $ ##### | |
##### $Sendmail: openbsd.m4,v 8.3 1999/04/24 05:37:42 gshapiro Exp $ ##### | |
##### $Sendmail: nouucp.m4,v 8.13 1999/11/24 18:37:07 ca Exp $ ##### | |
-##### $Sendmail: accept_unresolvable_domains.m4,v 8.10 1999/02/07 07:26:07 gshapiro Exp $ ##### | |
+##### $Sendmail: access_db.m4,v 8.27 2006/07/06 21:10:10 ca Exp $ ##### | |
+##### $Sendmail: blacklist_recipients.m4,v 8.13 1999/04/02 02:25:13 gshapiro Exp $ ##### | |
+ | |
+##### $Sendmail: use_cw_file.m4,v 8.11 2001/08/26 20:58:57 gshapiro Exp $ ##### | |
+ | |
+ | |
+##### $Sendmail: mailertable.m4,v 8.25 2002/06/27 23:23:57 gshapiro Exp $ ##### | |
+ | |
+##### $Sendmail: use_ct_file.m4,v 8.11 2001/08/26 20:58:57 gshapiro Exp $ ##### | |
+ | |
+ | |
+##### $Sendmail: virtusertable.m4,v 8.23 2002/06/27 23:23:57 gshapiro Exp $ ##### | |
+ | |
+##### $Sendmail: genericstable.m4,v 8.23 2002/06/27 23:23:57 gshapiro Exp $ ##### | |
+ | |
+##### $Sendmail: always_add_domain.m4,v 8.11 2000/09/12 22:00:53 ca Exp $ ##### | |
+ | |
+##### $Sendmail: redirect.m4,v 8.15 1999/08/06 01:47:36 gshapiro Exp $ ##### | |
+ | |
##### $Sendmail: no_default_msa.m4,v 8.2 2001/02/14 05:03:22 gshapiro Exp $ ##### | |
-##### $Sendmail: proto.m4,v 8.734 2008/01/24 23:42:01 ca Exp $ ##### | |
+##### $Sendmail: proto.m4,v 8.744 2010/11/23 20:29:47 guenther Exp $ ##### | |
+ | |
# level 10 config file format | |
V10/Berkeley | |
@@ -63,6 +81,8 @@ | |
#D{sendmailMTACluster}$m | |
Cwlocalhost | |
+# file containing names of hosts for which we receive email | |
+Fw-o /etc/mail/local-host-names | |
# my official domain name | |
# ... define this only if sendmail cannot automatically determine your domain | |
@@ -84,7 +104,12 @@ | |
# a class with just a left bracket (for identifying domain literals) | |
C[[ | |
+# access_db acceptance class | |
+C{Accept}OK RELAY | |
+ | |
+# Resolve map (to check if a host exists in check_mail) | |
+Kresolve host -a<OKR> -T<TEMP> | |
C{ResOk}OKR | |
@@ -93,6 +118,10 @@ | |
# arithmetic map | |
Karith arith | |
+# macro storage map | |
+Kmacro macro | |
+# possible values for TLS_connection in access map | |
+C{Tls}VERIFY ENCR | |
@@ -113,8 +142,22 @@ | |
DnMAILER-DAEMON | |
+# Access list database (for spam stomping) | |
+Kaccess hash -o -T<TMPF> /etc/mail/access | |
+ | |
+# Mailer table (overriding domains) | |
+Kmailertable hash -o /etc/mail/mailertable | |
+ | |
+# Virtual user table (maps incoming users) | |
+Kvirtuser hash -o /etc/mail/virtusertable | |
+ | |
+# Generics table (mapping outgoing addresses) | |
+Kgenerics hash -o /etc/mail/genericstable | |
+ | |
+CPREDIRECT | |
+ | |
# Configuration version number | |
-DZ8.14.3 | |
+DZ8.14.5 | |
############### | |
@@ -223,8 +266,8 @@ | |
# SMTP client options | |
-O ClientPortOptions=Family=inet6, Address=:: | |
O ClientPortOptions=Family=inet, Address=0.0.0.0 | |
+O ClientPortOptions=Family=inet6, Address=:: | |
# Modifiers to define {daemon_flags} for direct submissions | |
#O DirectSubmissionModifiers | |
@@ -233,7 +276,7 @@ | |
#O UseMSP | |
# privacy flags | |
-O PrivacyOptions=authwarnings | |
+O PrivacyOptions=authwarnings,needmailhelo,noexpn,novrfy,nobodyreturn | |
# who (if anyone) should get extra copies of error messages | |
#O PostmasterCopy=Postmaster | |
@@ -445,6 +488,7 @@ | |
# once the threshold number of recipients have been rejected | |
#O BadRcptThrottle=0 | |
+ | |
# shall we get local names from our installed interfaces? | |
#O DontProbeInterfaces=False | |
@@ -505,6 +549,7 @@ | |
# SMTP STARTTLS server options | |
#O TLSSrvOptions | |
+ | |
# Input mail filters | |
#O InputMailFilters | |
@@ -554,7 +599,7 @@ | |
##################### | |
# this is equivalent to setting class "t" | |
-#Ft/etc/mail/trusted-users | |
+Ft-o /etc/mail/trusted-users | |
Troot | |
Tdaemon | |
@@ -675,6 +720,8 @@ | |
# local host aliases and pseudo-domains are always canonical | |
R$* < @ $=w > $* $: $1 < @ $2 . > $3 | |
R$* < @ $=M > $* $: $1 < @ $2 . > $3 | |
+R$* < @ $={VirtHost} > $* $: $1 < @ $2 . > $3 | |
+R$* < @ $=G > $* $: $1 < @ $2 . > $3 | |
R$* < @ $* . . > $* $1 < @ $2 . > $3 | |
@@ -776,6 +823,25 @@ | |
R$* < @ [ $+ ] : $- : $*> $* $#$3 $@ $4 $: $1 < @ [$2] > $5 smarthost with mailer | |
R$* < @ [ $+ ] : $+ > $* $#esmtp $@ $3 $: $1 < @ [$2] > $4 smarthost without mailer | |
+# handle virtual users | |
+R$+ $: <!> $1 Mark for lookup | |
+R<!> $+ < @ $={VirtHost} . > $: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 . > | |
+R<!> $+ < @ $=w . > $: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 . > | |
+R<@> $+ + $+ < @ $* . > | |
+ $: < $(virtuser $1 + + @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . > | |
+R<@> $+ + $* < @ $* . > | |
+ $: < $(virtuser $1 + * @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . > | |
+R<@> $+ + $* < @ $* . > | |
+ $: < $(virtuser $1 @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . > | |
+R<@> $+ + $+ < @ $+ . > $: < $(virtuser + + @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . > | |
+R<@> $+ + $* < @ $+ . > $: < $(virtuser + * @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . > | |
+R<@> $+ + $* < @ $+ . > $: < $(virtuser @ $3 $@ $1 $@ $2 $@ +$2 $: ! $) > $1 + $2 < @ $3 . > | |
+R<@> $+ < @ $+ . > $: < $(virtuser @ $2 $@ $1 $: @ $) > $1 < @ $2 . > | |
+R<@> $+ $: $1 | |
+R<!> $+ $: $1 | |
+R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4 | |
+R< error : $- $+ > $* $#error $@ $(dequote $1 $) $: $2 | |
+R< $+ > $+ < @ $+ > $: $>Recurse $1 | |
# short circuit local delivery so forwarded email works | |
@@ -783,6 +849,12 @@ | |
R$=L < @ $=w . > $#local $: @ $1 special local names | |
R$+ < @ $=w . > $#local $: $1 regular local name | |
+# not local -- try mailer table lookup | |
+R$* <@ $+ > $* $: < $2 > $1 < @ $2 > $3 extract host name | |
+R< $+ . > $* $: < $1 > $2 strip trailing dot | |
+R< $+ > $* $: < $(mailertable $1 $) > $2 lookup | |
+R< $~[ : $* > $* $>MailerToTriple < $1 : $2 > $3 check -- resolved? | |
+R< $+ > $* $: $>Mailertable <$1> $2 try domain | |
# resolve fake top level domains by forwarding to other hosts | |
@@ -842,6 +914,18 @@ | |
################################################################### | |
+### Ruleset 90 -- try domain part of mailertable entry ### | |
+################################################################### | |
+ | |
+SMailertable=90 | |
+R$* <$- . $+ > $* $: $1$2 < $(mailertable .$3 $@ $1$2 $@ $2 $) > $4 | |
+R$* <$~[ : $* > $* $>MailerToTriple < $2 : $3 > $4 check -- resolved? | |
+R$* < . $+ > $* $@ $>Mailertable $1 . <$2> $3 no -- strip & try again | |
+R$* < $* > $* $: < $(mailertable . $@ $1$2 $) > $3 try "." | |
+R< $~[ : $* > $* $>MailerToTriple < $1 : $2 > $3 "." found? | |
+R< $* > $* $@ $2 no mailertable match | |
+ | |
+################################################################### | |
### Ruleset 95 -- canonify mailer:[user@]host syntax to triple ### | |
################################################################### | |
@@ -885,6 +969,22 @@ | |
SMasqHdr=93 | |
+# handle generics database | |
+R$+ < @ $=G . > $: < $1@$2 > $1 < @ $2 . > @ mark | |
+R$+ < @ *LOCAL* > $: < $1@$j > $1 < @ *LOCAL* > @ mark | |
+R< $+ > $+ < $* > @ $: < $(generics $1 $: @ $1 $) > $2 < $3 > | |
+R<@$+ + $* @ $+> $+ < @ $+ > | |
+ $: < $(generics $1+*@$3 $@ $2 $:@$1 + $2@$3 $) > $4 < @ $5 > | |
+R<@$+ + $* @ $+> $+ < @ $+ > | |
+ $: < $(generics $1@$3 $: $) > $4 < @ $5 > | |
+R<@$+ > $+ < @ $+ > $: < > $2 < @ $3 > | |
+R< > $+ < @ $+ . > $: < $(generics @$2 $@ $1 $: $) > $1 < @ $2 . > | |
+R< > $+ < @ $+ > $: < $(generics $1 $: $) > $1 < @ $2 > | |
+R< > $+ + $* < @ $+ > $: < $(generics $1+* $@ $2 $: $) > $1 + $2 < @ $3 > | |
+R< > $+ + $* < @ $+ > $: < $(generics $1 $: $) > $1 + $2 < @ $3 > | |
+R< $* @ $* > $* < $* > $@ $>canonify $1 @ $2 found qualified | |
+R< $+ > $* < $* > $: $>canonify $1 @ *LOCAL* found unqualified | |
+R< > $* $: $1 not found | |
# do not masquerade anything in class N | |
R$* < @ $* $=N . > $@ $1 < @ $2 $3 . > | |
@@ -904,10 +1004,60 @@ | |
SParseLocal=98 | |
+# addresses sent to foo@host.REDIRECT will give a 551 error code | |
+R$* < @ $+ .REDIRECT. > $: $1 < @ $2 . REDIRECT . > < ${opMode} > | |
+R$* < @ $+ .REDIRECT. > <i> $: $1 < @ $2 . REDIRECT. > | |
+R$* < @ $+ .REDIRECT. > < $- > $#error $@ 5.1.1 $: "551 User has moved; please try " <$1@$2> | |
+ | |
###################################################################### | |
+### D: LookUpDomain -- search for domain in access database | |
+### | |
+### Parameters: | |
+### <$1> -- key (domain name) | |
+### <$2> -- default (what to return if not found in db) | |
+### <$3> -- mark (must be <(!|+) single-token>) | |
+### ! does lookup only with tag | |
+### + does lookup with and without tag | |
+### <$4> -- passthru (additional data passed unchanged through) | |
+###################################################################### | |
+ | |
+SD | |
+R<$*> <$+> <$- $-> <$*> $: < $(access $4:$1 $: ? $) > <$1> <$2> <$3 $4> <$5> | |
+R<?> <$+> <$+> <+ $-> <$*> $: < $(access $1 $: ? $) > <$1> <$2> <+ $3> <$4> | |
+R<?> <[$+.$-]> <$+> <$- $-> <$*> $@ $>D <[$1]> <$3> <$4 $5> <$6> | |
+R<?> <[$+::$-]> <$+> <$- $-> <$*> $: $>D <[$1]> <$3> <$4 $5> <$6> | |
+R<?> <[$+:$-]> <$+> <$- $-> <$*> $: $>D <[$1]> <$3> <$4 $5> <$6> | |
+R<?> <$+.$+> <$+> <$- $-> <$*> $@ $>D <$2> <$3> <$4 $5> <$6> | |
+R<?> <$+> <$+> <$- $-> <$*> $@ <$2> <$5> | |
+R<$* <TMPF>> <$+> <$+> <$- $-> <$*> $@ <<TMPF>> <$6> | |
+R<$*> <$+> <$+> <$- $-> <$*> $@ <$1> <$6> | |
+ | |
+###################################################################### | |
+### A: LookUpAddress -- search for host address in access database | |
+### | |
+### Parameters: | |
+### <$1> -- key (dot quadded host address) | |
+### <$2> -- default (what to return if not found in db) | |
+### <$3> -- mark (must be <(!|+) single-token>) | |
+### ! does lookup only with tag | |
+### + does lookup with and without tag | |
+### <$4> -- passthru (additional data passed through) | |
+###################################################################### | |
+ | |
+SA | |
+R<$+> <$+> <$- $-> <$*> $: < $(access $4:$1 $: ? $) > <$1> <$2> <$3 $4> <$5> | |
+R<?> <$+> <$+> <+ $-> <$*> $: < $(access $1 $: ? $) > <$1> <$2> <+ $3> <$4> | |
+R<?> <$+::$-> <$+> <$- $-> <$*> $@ $>A <$1> <$3> <$4 $5> <$6> | |
+R<?> <$+:$-> <$+> <$- $-> <$*> $@ $>A <$1> <$3> <$4 $5> <$6> | |
+R<?> <$+.$-> <$+> <$- $-> <$*> $@ $>A <$1> <$3> <$4 $5> <$6> | |
+R<?> <$+> <$+> <$- $-> <$*> $@ <$2> <$5> | |
+R<$* <TMPF>> <$+> <$+> <$- $-> <$*> $@ <<TMPF>> <$6> | |
+R<$*> <$+> <$+> <$- $-> <$*> $@ <$1> <$6> | |
+ | |
+###################################################################### | |
### CanonAddr -- Convert an address into a standard form for | |
### relay checking. Route address syntax is | |
### crudely converted into a %-hack address. | |
@@ -946,6 +1096,8 @@ | |
R<NO> $* < @ $* $=R > $: <RELAY> $1 < @ $2 $3 > | |
+R<NO> $* < @ $+ > $: $>D <$2> <NO> <+ To> <$1 < @ $2 >> | |
+R<$+> <$+> $: <$1> $2 | |
@@ -971,9 +1123,20 @@ | |
R< d > $* $@ deferred | |
R< $* > $* $: $2 | |
+R$+ $| $+ $: $>D < $1 > <?> <+ Connect> < $2 > | |
+R $| $+ $: $>A < $1 > <?> <+ Connect> <> empty client_name | |
+R<?> <$+> $: $>A < $1 > <?> <+ Connect> <> no: another lookup | |
+R<?> <$*> $: OK found nothing | |
+R<$={Accept}> <$*> $@ $1 return value of lookup | |
+R<REJECT> <$*> $#error $@ 5.7.1 $: "550 Access denied" | |
+R<DISCARD> <$*> $#discard $: discard | |
+R<QUARANTINE:$+> <$*> $#error $@ quarantine $: $1 | |
+R<ERROR:$-.$-.$-:$+> <$*> $#error $@ $1.$2.$3 $: $4 | |
+R<ERROR:$+> <$*> $#error $: $1 | |
+R<$* <TMPF>> <$*> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later." | |
+R<$+> <$*> $#error $: $1 | |
- | |
###################################################################### | |
### check_mail -- check SMTP `MAIL FROM:' command argument | |
###################################################################### | |
@@ -1018,8 +1181,18 @@ | |
# handle non-DNS hostnames (*.bitnet, *.decnet, *.uucp, etc) | |
R<?> $* < @ $* $=P > $: <OKR> $1 < @ $2 $3 > | |
R<?> $* < @ $j > $: <OKR> $1 < @ $j > | |
-R<?> $* < @ $+ > $: <OKR> $1 < @ $2 > ... unresolvable OK | |
+R<?> $* < @ $+ > $: <? $(resolve $2 $: $2 <PERM> $) > $1 < @ $2 > | |
+R<? $* <$->> $* < @ $+ > | |
+ $: <$2> $3 < @ $4 > | |
+# check sender address: user@address, user@, address | |
+R<$+> $+ < @ $* > $: @<$1> <$2 < @ $3 >> $| <F:$2@$3> <U:$2@> <D:$3> | |
+R<$+> $+ $: @<$1> <$2> $| <U:$2@> | |
+R@ <$+> <$*> $| <$+> $: <@> <$1> <$2> $| $>SearchList <+ From> $| <$3> <> | |
+R<@> <$+> <$*> $| <$*> $: <$3> <$1> <$2> reverse result | |
+# retransform for further use | |
+R<?> <$+> <$*> $: <$1> $2 no match | |
+R<$+> <$+> <$*> $: <$1> $3 relevant result, keep it | |
# handle case of no @domain on address | |
R<?> $* $: $&{daemon_flags} $| <?> $1 | |
@@ -1034,6 +1207,14 @@ | |
R<$={ResOk}> $* $: @ $2 domain ok | |
R<TEMP> $* $#error $@ 4.1.8 $: "451 Domain of sender address " $&f " does not resolve" | |
R<PERM> $* $#error $@ 5.1.8 $: "553 Domain of sender address " $&f " does not exist" | |
+R<$={Accept}> $* $# $1 accept from access map | |
+R<DISCARD> $* $#discard $: discard | |
+R<QUARANTINE:$+> $* $#error $@ quarantine $: $1 | |
+R<REJECT> $* $#error $@ 5.7.1 $: "550 Access denied" | |
+R<ERROR:$-.$-.$-:$+> $* $#error $@ $1.$2.$3 $: $4 | |
+R<ERROR:$+> $* $#error $: $1 | |
+R<<TMPF>> $* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later." | |
+R<$+> $* $#error $: $1 error from access db | |
@@ -1080,7 +1261,25 @@ | |
+# blacklist local users or any host from receiving mail | |
+R$* $: <?> $1 | |
+R<?> $+ < @ $=w > $: <> <$1 < @ $2 >> $| <F:$1@$2> <U:$1@> <D:$2> | |
+R<?> $+ < @ $* > $: <> <$1 < @ $2 >> $| <F:$1@$2> <D:$2> | |
+R<?> $+ $: <> <$1> $| <U:$1@> | |
+R<> <$*> $| <$+> $: <@> <$1> $| $>SearchList <+ To> $| <$2> <> | |
+R<@> <$*> $| <$*> $: <$2> <$1> reverse result | |
+R<?> <$*> $: @ $1 mark address as no match | |
+R<$={Accept}> <$*> $: @ $2 mark address as no match | |
+R<REJECT> $* $#error $@ 5.2.1 $: "550 Mailbox disabled for this recipient" | |
+R<DISCARD> $* $#discard $: discard | |
+R<QUARANTINE:$+> $* $#error $@ quarantine $: $1 | |
+R<ERROR:$-.$-.$-:$+> $* $#error $@ $1.$2.$3 $: $4 | |
+R<ERROR:$+> $* $#error $: $1 | |
+R<<TMPF>> $* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later." | |
+R<$+> $* $#error $: $1 error from access db | |
+R@ $* $1 remove mark | |
+ | |
# authenticated via TLS? | |
R$* $: $1 $| $>RelayTLS client authenticated? | |
R$* $| $# $+ $# $2 error/ok? | |
@@ -1098,10 +1297,13 @@ | |
# anything terminating locally is ok | |
R$+ < @ $=w > $@ RELAY | |
R$+ < @ $* $=R > $@ RELAY | |
+R$+ < @ $+ > $: $>D <$2> <?> <+ To> <$1 < @ $2 >> | |
+R<RELAY> $* $@ RELAY | |
+R<$* <TMPF>> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later." | |
+R<$*> <$*> $: $2 | |
- | |
# check for local user (i.e. unqualified address) | |
R$* $: <?> $1 | |
R<?> $* < @ $+ > $: <REMOTE> $1 < @ $2 > | |
@@ -1121,6 +1323,11 @@ | |
R127.0.0.1 $@ RELAY originated locally | |
RIPv6:::1 $@ RELAY originated locally | |
R$=R $* $@ RELAY relayable IP address | |
+R$* $: $>A <$1> <?> <+ Connect> <$1> | |
+R<RELAY> $* $@ RELAY relayable IP address | |
+ | |
+R<<TMPF>> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later." | |
+R<$*> <$*> $: $2 | |
R$* $: [ $1 ] put brackets around it... | |
R$=w $@ RELAY ... and see if it is local | |
@@ -1137,12 +1344,119 @@ | |
R$* . $1 strip trailing dots | |
R<?> $=w $@ RELAY | |
R<?> $* $=R $@ RELAY | |
+R<?> $* $: $>D <$1> <?> <+ Connect> <$1> | |
+R<RELAY> $* $@ RELAY | |
+R<$* <TMPF>> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later." | |
+R<$*> <$*> $: $2 | |
+###################################################################### | |
+### F: LookUpFull -- search for an entry in access database | |
+### | |
+### lookup of full key (which should be an address) and | |
+### variations if +detail exists: +* and without +detail | |
+### | |
+### Parameters: | |
+### <$1> -- key | |
+### <$2> -- default (what to return if not found in db) | |
+### <$3> -- mark (must be <(!|+) single-token>) | |
+### ! does lookup only with tag | |
+### + does lookup with and without tag | |
+### <$4> -- passthru (additional data passed unchanged through) | |
+###################################################################### | |
+SF | |
+R<$+> <$*> <$- $-> <$*> $: <$(access $4:$1 $: ? $)> <$1> <$2> <$3 $4> <$5> | |
+R<?> <$+> <$*> <+ $-> <$*> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4> | |
+R<?> <$+ + $* @ $+> <$*> <$- $-> <$*> | |
+ $: <$(access $6:$1+*@$3 $: ? $)> <$1+$2@$3> <$4> <$5 $6> <$7> | |
+R<?> <$+ + $* @ $+> <$*> <+ $-> <$*> | |
+ $: <$(access $1+*@$3 $: ? $)> <$1+$2@$3> <$4> <+ $5> <$6> | |
+R<?> <$+ + $* @ $+> <$*> <$- $-> <$*> | |
+ $: <$(access $6:$1@$3 $: ? $)> <$1+$2@$3> <$4> <$5 $6> <$7> | |
+R<?> <$+ + $* @ $+> <$*> <+ $-> <$*> | |
+ $: <$(access $1@$3 $: ? $)> <$1+$2@$3> <$4> <+ $5> <$6> | |
+R<?> <$+> <$*> <$- $-> <$*> $@ <$2> <$5> | |
+R<$+ <TMPF>> <$*> <$- $-> <$*> $@ <<TMPF>> <$5> | |
+R<$+> <$*> <$- $-> <$*> $@ <$1> <$5> | |
###################################################################### | |
+### E: LookUpExact -- search for an entry in access database | |
+### | |
+### Parameters: | |
+### <$1> -- key | |
+### <$2> -- default (what to return if not found in db) | |
+### <$3> -- mark (must be <(!|+) single-token>) | |
+### ! does lookup only with tag | |
+### + does lookup with and without tag | |
+### <$4> -- passthru (additional data passed unchanged through) | |
+###################################################################### | |
+ | |
+SE | |
+R<$*> <$*> <$- $-> <$*> $: <$(access $4:$1 $: ? $)> <$1> <$2> <$3 $4> <$5> | |
+R<?> <$+> <$*> <+ $-> <$*> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4> | |
+R<?> <$+> <$*> <$- $-> <$*> $@ <$2> <$5> | |
+R<$+ <TMPF>> <$*> <$- $-> <$*> $@ <<TMPF>> <$5> | |
+R<$+> <$*> <$- $-> <$*> $@ <$1> <$5> | |
+ | |
+###################################################################### | |
+### U: LookUpUser -- search for an entry in access database | |
+### | |
+### lookup of key (which should be a local part) and | |
+### variations if +detail exists: +* and without +detail | |
+### | |
+### Parameters: | |
+### <$1> -- key (user@) | |
+### <$2> -- default (what to return if not found in db) | |
+### <$3> -- mark (must be <(!|+) single-token>) | |
+### ! does lookup only with tag | |
+### + does lookup with and without tag | |
+### <$4> -- passthru (additional data passed unchanged through) | |
+###################################################################### | |
+ | |
+SU | |
+R<$+> <$*> <$- $-> <$*> $: <$(access $4:$1 $: ? $)> <$1> <$2> <$3 $4> <$5> | |
+R<?> <$+> <$*> <+ $-> <$*> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4> | |
+R<?> <$+ + $* @> <$*> <$- $-> <$*> | |
+ $: <$(access $5:$1+*@ $: ? $)> <$1+$2@> <$3> <$4 $5> <$6> | |
+R<?> <$+ + $* @> <$*> <+ $-> <$*> | |
+ $: <$(access $1+*@ $: ? $)> <$1+$2@> <$3> <+ $4> <$5> | |
+R<?> <$+ + $* @> <$*> <$- $-> <$*> | |
+ $: <$(access $5:$1@ $: ? $)> <$1+$2@> <$3> <$4 $5> <$6> | |
+R<?> <$+ + $* @> <$*> <+ $-> <$*> | |
+ $: <$(access $1@ $: ? $)> <$1+$2@> <$3> <+ $4> <$5> | |
+R<?> <$+> <$*> <$- $-> <$*> $@ <$2> <$5> | |
+R<$+ <TMPF>> <$*> <$- $-> <$*> $@ <<TMPF>> <$5> | |
+R<$+> <$*> <$- $-> <$*> $@ <$1> <$5> | |
+ | |
+###################################################################### | |
+### SearchList: search a list of items in the access map | |
+### Parameters: | |
+### <exact tag> $| <mark:address> <mark:address> ... <> | |
+### where "exact" is either "+" or "!": | |
+### <+ TAG> lookup with and w/o tag | |
+### <! TAG> lookup with tag | |
+### possible values for "mark" are: | |
+### D: recursive host lookup (LookUpDomain) | |
+### E: exact lookup, no modifications | |
+### F: full lookup, try user+ext@domain and user@domain | |
+### U: user lookup, try user+ext and user (input must have trailing @) | |
+### return: <RHS of lookup> or <?> (not found) | |
+###################################################################### | |
+ | |
+# class with valid marks for SearchList | |
+C{Src}E F D U | |
+SSearchList | |
+# just call the ruleset with the name of the tag... nice trick... | |
+R<$+> $| <$={Src}:$*> <$*> $: <$1> $| <$4> $| $>$2 <$3> <?> <$1> <> | |
+R<$+> $| <> $| <?> <> $@ <?> | |
+R<$+> $| <$+> $| <?> <> $@ $>SearchList <$1> $| <$2> | |
+R<$+> $| <$*> $| <$+> <> $@ <$3> | |
+R<$+> $| <$+> $@ <$2> | |
+ | |
+ | |
+###################################################################### | |
### trust_auth: is user trusted to authenticate as someone else? | |
### | |
### Parameters: | |
@@ -1173,15 +1487,25 @@ | |
### (done in server) | |
###################################################################### | |
Ssrv_features | |
+R$* $: $>D <$&{client_name}> <?> <! "Srv_Features"> <> | |
+R<?>$* $: $>A <$&{client_addr}> <?> <! "Srv_Features"> <> | |
+R<?>$* $: <$(access "Srv_Features": $: ? $)> | |
+R<?>$* $@ OK | |
+R<$* <TMPF>>$* $#temp | |
+R<$+>$* $# $1 | |
- | |
###################################################################### | |
### try_tls: try to use STARTTLS? | |
### (done in client) | |
###################################################################### | |
Stry_tls | |
+R$* $: $>D <$&{server_name}> <?> <! "Try_TLS"> <> | |
+R<?>$* $: $>A <$&{server_addr}> <?> <! "Try_TLS"> <> | |
+R<?>$* $: <$(access "Try_TLS": $: ? $)> | |
+R<?>$* $@ OK | |
+R<$* <TMPF>>$* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later." | |
+R<NO>$* $#error $@ 5.7.1 $: "550 do not try TLS with " $&{server_name} " ["$&{server_addr}"]" | |
- | |
###################################################################### | |
### tls_rcpt: is connection with server "good" enough? | |
### (done in client, per recipient) | |
@@ -1190,8 +1514,16 @@ | |
### $1: recipient | |
###################################################################### | |
Stls_rcpt | |
+R$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1 | |
+R$+ $: <?> $>CanonAddr $1 | |
+R<?> $+ < @ $+ . > <?> $1 <@ $2 > | |
+R<?> $+ < @ $+ > $: $1 <@ $2 > $| <F:$1@$2> <U:$1@> <D:$2> <E:> | |
+R<?> $+ $: $1 $| <U:$1@> <E:> | |
+R$* $| $+ $: $1 $| $>SearchList <! "TLS_Rcpt"> $| $2 <> | |
+R$* $| <?> $@ OK | |
+R$* $| <$* <TMPF>> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later." | |
+R$* $| <$+> $@ $>"TLS_connection" $&{verify} $| <$2> | |
- | |
###################################################################### | |
### tls_client: is connection with client "good" enough? | |
### (done in server) | |
@@ -1200,7 +1532,12 @@ | |
### ${verify} $| (MAIL|STARTTLS) | |
###################################################################### | |
Stls_client | |
-R$* $| $* $@ $>"TLS_connection" $1 | |
+R$* $: $(macro {TLS_Name} $@ $&{client_name} $) $1 | |
+R$* $| $* $: $1 $| $>D <$&{client_name}> <?> <! "TLS_Clt"> <> | |
+R$* $| <?>$* $: $1 $| $>A <$&{client_addr}> <?> <! "TLS_Clt"> <> | |
+R$* $| <?>$* $: $1 $| <$(access "TLS_Clt": $: ? $)> | |
+R$* $| <$* <TMPF>> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later." | |
+R$* $@ $>"TLS_connection" $1 | |
###################################################################### | |
### tls_server: is connection with server "good" enough? | |
@@ -1210,20 +1547,91 @@ | |
### ${verify} | |
###################################################################### | |
Stls_server | |
+R$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1 | |
+R$* $: $1 $| $>D <$&{server_name}> <?> <! "TLS_Srv"> <> | |
+R$* $| <?>$* $: $1 $| $>A <$&{server_addr}> <?> <! "TLS_Srv"> <> | |
+R$* $| <?>$* $: $1 $| <$(access "TLS_Srv": $: ? $)> | |
+R$* $| <$* <TMPF>> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later." | |
R$* $@ $>"TLS_connection" $1 | |
###################################################################### | |
### TLS_connection: is TLS connection "good" enough? | |
### | |
### Parameters: | |
-### ${verify} | |
+### ${verify} $| <Requirement> [<>] | |
### Requirement: RHS from access map, may be ? for none. | |
###################################################################### | |
STLS_connection | |
-RSOFTWARE $#error $@ 4.7.0 $: "403 TLS handshake." | |
+R$* $| <$*>$* $: $1 $| <$2> | |
+# create the appropriate error codes | |
+R$* $| <PERM + $={Tls} $*> $: $1 $| <503:5.7.0> <$2 $3> | |
+R$* $| <TEMP + $={Tls} $*> $: $1 $| <403:4.7.0> <$2 $3> | |
+R$* $| <$={Tls} $*> $: $1 $| <403:4.7.0> <$2 $3> | |
+# deal with TLS handshake failures: abort | |
+RSOFTWARE $| <$-:$+> $* $#error $@ $2 $: $1 " TLS handshake failed." | |
+RSOFTWARE $| $* $#error $@ 4.7.0 $: "403 TLS handshake failed." | |
+# deal with TLS protocol errors: abort | |
+RPROTOCOL $| <$-:$+> $* $#error $@ $2 $: $1 " STARTTLS failed." | |
+RPROTOCOL $| $* $#error $@ 4.7.0 $: "403 STARTTLS failed." | |
+R$* $| <$*> <VERIFY> $: <$2> <VERIFY> <> $1 | |
+R$* $| <$*> <VERIFY + $+> $: <$2> <VERIFY> <$3> $1 | |
+R$* $| <$*> <$={Tls}:$->$* $: <$2> <$3:$4> <> $1 | |
+R$* $| <$*> <$={Tls}:$- + $+>$* $: <$2> <$3:$4> <$5> $1 | |
+R$* $| $* $@ OK | |
+# authentication required: give appropriate error | |
+# other side did authenticate (via STARTTLS) | |
+R<$*><VERIFY> <> OK $@ OK | |
+R<$*><VERIFY> <$+> OK $: <$1> <REQ:0> <$2> | |
+R<$*><VERIFY:$-> <$*> OK $: <$1> <REQ:$2> <$3> | |
+R<$*><ENCR:$-> <$*> $* $: <$1> <REQ:$2> <$3> | |
+R<$-:$+><VERIFY $*> <$*> $#error $@ $2 $: $1 " authentication required" | |
+R<$-:$+><VERIFY $*> <$*> FAIL $#error $@ $2 $: $1 " authentication failed" | |
+R<$-:$+><VERIFY $*> <$*> NO $#error $@ $2 $: $1 " not authenticated" | |
+R<$-:$+><VERIFY $*> <$*> NOT $#error $@ $2 $: $1 " no authentication requested" | |
+R<$-:$+><VERIFY $*> <$*> NONE $#error $@ $2 $: $1 " other side does not support STARTTLS" | |
+R<$-:$+><VERIFY $*> <$*> $+ $#error $@ $2 $: $1 " authentication failure " $4 | |
+R<$*><REQ:$-> <$*> $: <$1> <REQ:$2> <$3> $>max $&{cipher_bits} : $&{auth_ssf} | |
+R<$*><REQ:$-> <$*> $- $: <$1> <$2:$4> <$3> $(arith l $@ $4 $@ $2 $) | |
+R<$-:$+><$-:$-> <$*> TRUE $#error $@ $2 $: $1 " encryption too weak " $4 " less than " $3 | |
+R<$-:$+><$-:$-> <$*> $* $: <$1:$2 ++ $5> | |
+R<$-:$+ ++ > $@ OK | |
+R<$-:$+ ++ $+ > $: <$1:$2> <$3> | |
+R<$-:$+> < $+ ++ $+ > <$1:$2> <$3> <$4> | |
+R<$-:$+> $+ $@ $>"TLS_req" $3 $| <$1:$2> | |
+###################################################################### | |
+### TLS_req: check additional TLS requirements | |
+### | |
+### Parameters: [<list> <of> <req>] $| <$-:$+> | |
+### $-: SMTP reply code | |
+### $+: Enhanced Status Code | |
+###################################################################### | |
+STLS_req | |
+R $| $+ $@ OK | |
+R<CN> $* $| <$+> $: <CN:$&{TLS_Name}> $1 $| <$2> | |
+R<CN:$&{cn_subject}> $* $| <$+> $@ $>"TLS_req" $1 $| <$2> | |
+R<CN:$+> $* $| <$-:$+> $#error $@ $4 $: $3 " CN " $&{cn_subject} " does not match " $1 | |
+R<CS:$&{cert_subject}> $* $| <$+> $@ $>"TLS_req" $1 $| <$2> | |
+R<CS:$+> $* $| <$-:$+> $#error $@ $4 $: $3 " Cert Subject " $&{cert_subject} " does not match " $1 | |
+R<CI:$&{cert_issuer}> $* $| <$+> $@ $>"TLS_req" $1 $| <$2> | |
+R<CI:$+> $* $| <$-:$+> $#error $@ $4 $: $3 " Cert Issuer " $&{cert_issuer} " does not match " $1 | |
+ROK $@ OK | |
###################################################################### | |
+### max: return the maximum of two values separated by : | |
+### | |
+### Parameters: [$-]:[$-] | |
+###################################################################### | |
+Smax | |
+R: $: 0 | |
+R:$- $: $1 | |
+R$-: $: $1 | |
+R$-:$- $: $(arith l $@ $1 $@ $2 $) : $1 : $2 | |
+RTRUE:$-:$- $: $2 | |
+R$-:$-:$- $: $2 | |
+ | |
+ | |
+###################################################################### | |
### RelayTLS: allow relaying based on TLS authentication | |
### | |
### Parameters: | |
@@ -1231,6 +1639,16 @@ | |
###################################################################### | |
SRelayTLS | |
# authenticated? | |
+R$* $: <?> $&{verify} | |
+R<?> OK $: OK authenticated: continue | |
+R<?> $* $@ NO not authenticated | |
+R$* $: $&{cert_issuer} | |
+R$+ $: $(access CERTISSUER:$1 $) | |
+RRELAY $# RELAY | |
+RSUBJECT $: <@> $&{cert_subject} | |
+R<@> $+ $: <@> $(access CERTSUBJECT:$1 $) | |
+R<@> RELAY $# RELAY | |
+R$* $: NO | |
###################################################################### | |
### authinfo: lookup authinfo in the access map | |
@@ -1240,11 +1658,24 @@ | |
### $2: {server_addr} | |
###################################################################### | |
Sauthinfo | |
+R$* $: $1 $| $>D <$&{server_name}> <?> <! AuthInfo> <> | |
+R$* $| <?>$* $: $1 $| $>A <$&{server_addr}> <?> <! AuthInfo> <> | |
+R$* $| <?>$* $: $1 $| <$(access AuthInfo: $: ? $)> <> | |
+R$* $| <?>$* $@ no no authinfo available | |
+R$* $| <$*> <> $# $2 | |
+ | |
+ | |
+ | |
+HMessage-Id: $>CheckMessageId | |
+ | |
+SCheckMessageId | |
+R< $+ @ $+ > $@ OK | |
+R$* $#error $: 553 Header Error | |
# | |
###################################################################### | |
###################################################################### | |
@@ -1308,7 +1739,10 @@ | |
# Common code to add local domain name (only if always-add-domain) | |
# | |
SAddDomain | |
+R$* < @ $* > $* $@ $1 < @ $2 > $3 already fully qualified | |
+R$+ $@ $1 < @ *LOCAL* > add local qualification | |
+ | |
Mlocal, P=/usr/libexec/mail.local, F=lsDFMAw5:/|@qrmn9S, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, | |
T=DNS/RFC822/X-Unix, | |
A=mail -d $u | |
@@ -1397,40 +1831,5 @@ | |
A=TCP $h | |
### openbsd-localhost.mc ### | |
-# divert(-1) | |
-# # | |
-# # Copyright (c) 1998 Sendmail, Inc. All rights reserved. | |
-# # Copyright (c) 1983 Eric P. Allman. All rights reserved. | |
-# # Copyright (c) 1988, 1993 | |
-# # The Regents of the University of California. All rights reserved. | |
-# # | |
-# # By using this file, you agree to the terms and conditions set | |
-# # forth in the LICENSE file which can be found at the top level of | |
-# # the sendmail distribution. | |
-# # | |
-# # | |
-# | |
-# # | |
-# # This configuration only runs sendmail on the localhost interface. | |
-# # This allows mail on the local host to work without accepting | |
-# # connections from the net at large. | |
-# # | |
-# | |
-# divert(0)dnl | |
-# VERSIONID(`@(#)openbsd-localhost.mc $Revision: 1.4 $') | |
-# OSTYPE(openbsd)dnl | |
-# FEATURE(nouucp, `reject')dnl | |
-# FEATURE(`accept_unresolvable_domains')dnl | |
-# FEATURE(`no_default_msa')dnl | |
-# MAILER(local)dnl | |
-# MAILER(smtp)dnl | |
-# DAEMON_OPTIONS(`Family=inet, address=127.0.0.1, Name=MTA')dnl | |
-# DAEMON_OPTIONS(`Family=inet6, address=::1, Name=MTA6, M=O')dnl | |
-# DAEMON_OPTIONS(`Family=inet, address=127.0.0.1, Port=587, Name=MSA, M=E')dnl | |
-# DAEMON_OPTIONS(`Family=inet6, address=::1, Port=587, Name=MSA6, M=O, M=E')dnl | |
-# CLIENT_OPTIONS(`Family=inet6, Address=::')dnl | |
-# CLIENT_OPTIONS(`Family=inet, Address=0.0.0.0')dnl | |
-# dnl | |
-# dnl Some broken nameservers will return SERVFAIL (a temporary failure) | |
-# dnl on T_AAAA (IPv6) lookups. | |
-# define(`confBIND_OPTS', `WorkAroundBrokenAAAA')dnl | |
+# define(`LOCALHOST_ONLY')dnl | |
+# include(_CF_DIR_`cf/openbsd-proto.mc')dnl | |
diff -ur etc49/etc/mail/sendmail.cf etc50/etc/mail/sendmail.cf | |
--- etc49/etc/mail/sendmail.cf Wed Mar 2 14:51:51 2011 | |
+++ etc50/etc/mail/sendmail.cf Wed Aug 17 17:50:55 2011 | |
@@ -1,5 +1,5 @@ | |
# | |
-# Copyright (c) 1998-2004 Sendmail, Inc. and its suppliers. | |
+# Copyright (c) 1998-2004, 2009, 2010 Sendmail, Inc. and its suppliers. | |
# All rights reserved. | |
# Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved. | |
# Copyright (c) 1988, 1993 | |
@@ -16,7 +16,7 @@ | |
##### | |
##### SENDMAIL CONFIGURATION FILE | |
##### | |
-##### built by root@i386.openbsd.org on Tue Mar 1 08:52:00 MST 2011 | |
+##### built by root@i386.openbsd.org on Sun Aug 7 13:14:20 MDT 2011 | |
##### in /usr/src/gnu/usr.sbin/sendmail/cf/cf | |
##### using /usr/src/gnu/usr.sbin/sendmail/cf/cf/../ as configuration include directory | |
##### | |
@@ -27,9 +27,9 @@ | |
###################################################################### | |
###################################################################### | |
-##### $Sendmail: cfhead.m4,v 8.116 2004/01/28 22:02:22 ca Exp $ ##### | |
+##### $Sendmail: cfhead.m4,v 8.121 2010/01/07 18:20:19 ca Exp $ ##### | |
##### $Sendmail: cf.m4,v 8.32 1999/02/07 07:26:14 gshapiro Exp $ ##### | |
-##### @(#)openbsd-proto.mc $Revision: 1.11 $ ##### | |
+##### @(#)openbsd-proto.mc $Revision: 1.12 $ ##### | |
##### $Sendmail: openbsd.m4,v 8.3 1999/04/24 05:37:42 gshapiro Exp $ ##### | |
##### $Sendmail: nouucp.m4,v 8.13 1999/11/24 18:37:07 ca Exp $ ##### | |
@@ -57,8 +57,9 @@ | |
##### $Sendmail: no_default_msa.m4,v 8.2 2001/02/14 05:03:22 gshapiro Exp $ ##### | |
-##### $Sendmail: proto.m4,v 8.734 2008/01/24 23:42:01 ca Exp $ ##### | |
+##### $Sendmail: proto.m4,v 8.744 2010/11/23 20:29:47 guenther Exp $ ##### | |
+ | |
# level 10 config file format | |
V10/Berkeley | |
@@ -156,7 +157,7 @@ | |
CPREDIRECT | |
# Configuration version number | |
-DZ8.14.3 | |
+DZ8.14.5 | |
############### | |
@@ -487,6 +488,7 @@ | |
# once the threshold number of recipients have been rejected | |
#O BadRcptThrottle=0 | |
+ | |
# shall we get local names from our installed interfaces? | |
#O DontProbeInterfaces=False | |
@@ -547,6 +549,7 @@ | |
# SMTP STARTTLS server options | |
#O TLSSrvOptions | |
+ | |
# Input mail filters | |
#O InputMailFilters | |
@@ -1134,7 +1137,6 @@ | |
R<$+> <$*> $#error $: $1 | |
- | |
###################################################################### | |
### check_mail -- check SMTP `MAIL FROM:' command argument | |
###################################################################### | |
@@ -1530,7 +1532,7 @@ | |
### ${verify} $| (MAIL|STARTTLS) | |
###################################################################### | |
Stls_client | |
-R$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1 | |
+R$* $: $(macro {TLS_Name} $@ $&{client_name} $) $1 | |
R$* $| $* $: $1 $| $>D <$&{client_name}> <?> <! "TLS_Clt"> <> | |
R$* $| <?>$* $: $1 $| $>A <$&{client_addr}> <?> <! "TLS_Clt"> <> | |
R$* $| <?>$* $: $1 $| <$(access "TLS_Clt": $: ? $)> | |
@@ -1837,7 +1839,7 @@ | |
# # Note that lines beginning with "dnl" below are comments. | |
# | |
# divert(0)dnl | |
-# VERSIONID(`@(#)openbsd-proto.mc $Revision: 1.11 $')dnl | |
+# VERSIONID(`@(#)openbsd-proto.mc $Revision: 1.12 $')dnl | |
# OSTYPE(openbsd)dnl | |
# dnl | |
# dnl If you have a non-static IP address you may wish to forward outgoing mail | |
@@ -1917,10 +1919,17 @@ | |
# dnl 25 (SMTP) and 587 (MSA). | |
# dnl | |
# FEATURE(`no_default_msa')dnl | |
+# ifdef(`LOCALHOST_ONLY', ` | |
+# DAEMON_OPTIONS(`Family=inet, address=127.0.0.1, Name=MTA')dnl | |
+# DAEMON_OPTIONS(`Family=inet6, address=::1, Name=MTA6, M=O')dnl | |
+# DAEMON_OPTIONS(`Family=inet, address=127.0.0.1, Port=587, Name=MSA, M=E')dnl | |
+# DAEMON_OPTIONS(`Family=inet6, address=::1, Port=587, Name=MSA6, M=O, M=E')dnl | |
+# ',` | |
# DAEMON_OPTIONS(`Family=inet, Address=0.0.0.0, Name=MTA')dnl | |
# DAEMON_OPTIONS(`Family=inet6, Address=::, Name=MTA6, M=O')dnl | |
# DAEMON_OPTIONS(`Family=inet, Address=0.0.0.0, Port=587, Name=MSA, M=E')dnl | |
# DAEMON_OPTIONS(`Family=inet6, Address=::, Port=587, Name=MSA6, M=O, M=E')dnl | |
+# ')dnl | |
# dnl | |
# dnl Use either IPv4 or IPv6 for outgoing connections. | |
# dnl | |
diff -ur etc49/etc/mail/submit.cf etc50/etc/mail/submit.cf | |
--- etc49/etc/mail/submit.cf Wed Mar 2 14:51:51 2011 | |
+++ etc50/etc/mail/submit.cf Wed Aug 17 17:50:55 2011 | |
@@ -1,5 +1,5 @@ | |
# | |
-# Copyright (c) 1998-2004 Sendmail, Inc. and its suppliers. | |
+# Copyright (c) 1998-2004, 2009, 2010 Sendmail, Inc. and its suppliers. | |
# All rights reserved. | |
# Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved. | |
# Copyright (c) 1988, 1993 | |
@@ -16,7 +16,7 @@ | |
##### | |
##### SENDMAIL CONFIGURATION FILE | |
##### | |
-##### built by root@i386.openbsd.org on Tue Mar 1 08:52:00 MST 2011 | |
+##### built by root@i386.openbsd.org on Sun Aug 7 13:14:20 MDT 2011 | |
##### in /usr/src/gnu/usr.sbin/sendmail/cf/cf | |
##### using /usr/src/gnu/usr.sbin/sendmail/cf/cf/../ as configuration include directory | |
##### | |
@@ -27,7 +27,7 @@ | |
###################################################################### | |
###################################################################### | |
-##### $Sendmail: cfhead.m4,v 8.116 2004/01/28 22:02:22 ca Exp $ ##### | |
+##### $Sendmail: cfhead.m4,v 8.121 2010/01/07 18:20:19 ca Exp $ ##### | |
##### $Sendmail: cf.m4,v 8.32 1999/02/07 07:26:14 gshapiro Exp $ ##### | |
##### $OpenBSD: openbsd-submit.mc,v 1.1 2008/10/03 16:29:05 millert Exp $ ##### | |
@@ -42,7 +42,7 @@ | |
##### $Sendmail: no_default_msa.m4,v 8.2 2001/02/14 05:03:22 gshapiro Exp $ ##### | |
-##### $Sendmail: proto.m4,v 8.734 2008/01/24 23:42:01 ca Exp $ ##### | |
+##### $Sendmail: proto.m4,v 8.744 2010/11/23 20:29:47 guenther Exp $ ##### | |
# level 10 config file format | |
V10/Berkeley | |
@@ -119,7 +119,7 @@ | |
# Configuration version number | |
-DZ8.14.3/Submit | |
+DZ8.14.5/Submit | |
############### | |
@@ -445,6 +445,7 @@ | |
# once the threshold number of recipients have been rejected | |
#O BadRcptThrottle=0 | |
+ | |
# shall we get local names from our installed interfaces? | |
O DontProbeInterfaces=True | |
@@ -505,6 +506,7 @@ | |
# SMTP STARTTLS server options | |
#O TLSSrvOptions | |
+ | |
# Input mail filters | |
#O InputMailFilters | |
@@ -992,7 +994,6 @@ | |
R$* $: < $&{deliveryMode} > $1 | |
R< d > $* $@ deferred | |
R< $* > $* $: $2 | |
- | |
diff -ur etc49/etc/man.conf etc50/etc/man.conf | |
--- etc49/etc/man.conf Wed Mar 2 14:51:49 2011 | |
+++ etc50/etc/man.conf Wed Aug 17 17:50:53 2011 | |
@@ -1,4 +1,4 @@ | |
-# $OpenBSD: man.conf,v 1.16 2010/10/19 20:05:52 schwarze Exp $ | |
+# $OpenBSD: man.conf,v 1.17 2011/04/11 14:45:41 sthen Exp $ | |
# Sheer, raging paranoia... | |
_version BSD.2 | |
@@ -31,7 +31,7 @@ | |
# directory with all of the subdirectories listed for the keyword _subdir. | |
# default | |
-_default /usr/{share,X11R6,local}/man/ | |
+_default /usr/{share,X11R6,local,ports/infrastructure}/man/ | |
# Other sections that represent complete man subdirectories. | |
X11 /usr/X11R6/man/ | |
diff -ur etc49/etc/netstart etc50/etc/netstart | |
--- etc49/etc/netstart Wed Mar 2 14:51:49 2011 | |
+++ etc50/etc/netstart Wed Aug 17 17:50:53 2011 | |
@@ -1,6 +1,6 @@ | |
#!/bin/sh - | |
# | |
-# $OpenBSD: netstart,v 1.131 2011/02/09 17:22:06 sobrado Exp $ | |
+# $OpenBSD: netstart,v 1.133 2011/07/07 23:09:46 guenther Exp $ | |
# Strip comments (and leading/trailing whitespace if IFS is set) | |
# from a file and spew to stdout | |
@@ -47,11 +47,9 @@ | |
chmod -LR o-rwx $file | |
chown -LR root.wheel $file | |
fi | |
- ifconfig $if > /dev/null 2>&1 | |
- if [ "$?" != "0" ]; then | |
+ if ! ifconfig $if > /dev/null 2>&1; then | |
# Try to create interface if it does not exist | |
- ifconfig $if create > /dev/null 2>&1 | |
- if [ "$?" != "0" ]; then | |
+ if ! ifconfig $if create > /dev/null 2>&1; then | |
return | |
fi | |
fi | |
@@ -260,12 +258,12 @@ | |
# Configure all the non-loopback interfaces which we know about, but | |
# do not start interfaces which must be delayed. Refer to hostname.if(5) | |
-ifmstart "" "trunk vlan carp gif gre pfsync pppoe tun bridge" | |
+ifmstart "" "trunk svlan vlan carp gif gre pfsync pppoe tun bridge" | |
# The trunk interfaces need to come up first in this list. | |
-# The vlan interfaces need to come up after trunk. | |
+# The (s)vlan interfaces need to come up after trunk. | |
# Configure all the carp interfaces which we know about before default route. | |
-ifmstart "trunk vlan carp" | |
+ifmstart "trunk svlan vlan carp" | |
if [ "$ip6kernel" = "YES" -a "x$rtsolif" != "x" ]; then | |
fw=`sysctl -n net.inet6.ip6.forwarding` | |
diff -ur etc49/etc/newsyslog.conf etc50/etc/newsyslog.conf | |
--- etc49/etc/newsyslog.conf Wed Mar 2 14:51:49 2011 | |
+++ etc50/etc/newsyslog.conf Wed Aug 17 17:50:53 2011 | |
@@ -1,4 +1,4 @@ | |
-# $OpenBSD: newsyslog.conf,v 1.28 2010/06/29 10:25:13 stephan Exp $ | |
+# $OpenBSD: newsyslog.conf,v 1.29 2011/04/14 20:32:34 sthen Exp $ | |
# | |
# configuration file for newsyslog | |
# | |
@@ -11,7 +11,7 @@ | |
/var/log/maillog 600 7 * 24 Z | |
/var/log/messages 644 5 30 * Z | |
/var/log/secure 600 7 * 168 Z | |
-/var/log/wtmp 644 7 * $W6D4 ZB | |
+/var/log/wtmp 644 7 * $W6D4 B | |
/var/log/xferlog 640 7 250 * Z | |
/var/log/ppp.log 640 7 250 * Z | |
/var/log/pflog 600 3 250 * ZB "pkill -HUP -u root -U root -t - -x pflogd" | |
diff -ur etc49/etc/pf.conf etc50/etc/pf.conf | |
--- etc49/etc/pf.conf Wed Mar 2 14:51:50 2011 | |
+++ etc50/etc/pf.conf Wed Aug 17 17:50:54 2011 | |
@@ -1,4 +1,4 @@ | |
-# $OpenBSD: pf.conf,v 1.49 2009/09/17 06:39:03 jmc Exp $ | |
+# $OpenBSD: pf.conf,v 1.50 2011/04/28 00:19:42 mikeb Exp $ | |
# | |
# See pf.conf(5) for syntax and examples. | |
# Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1 | |
@@ -8,7 +8,7 @@ | |
# filter rules and anchor for ftp-proxy(8) | |
#anchor "ftp-proxy/*" | |
-#pass in quick proto tcp to port ftp rdr-to 127.0.0.1 port 8021 | |
+#pass in quick inet proto tcp to port ftp divert-to 127.0.0.1 port 8021 | |
# anchor for relayd(8) | |
#anchor "relayd/*" | |
Only in etc49/etc: portal.conf | |
diff -ur etc49/etc/rc etc50/etc/rc | |
--- etc49/etc/rc Wed Mar 2 14:51:49 2011 | |
+++ etc50/etc/rc Wed Aug 17 17:50:53 2011 | |
@@ -1,4 +1,4 @@ | |
-# $OpenBSD: rc,v 1.348 2011/01/14 00:05:42 deraadt Exp $ | |
+# $OpenBSD: rc,v 1.392 2011/07/28 19:09:16 halex Exp $ | |
# System startup script run by init on autoboot | |
# or after single-user. | |
@@ -94,54 +94,119 @@ | |
set -- `stripcom /etc/wsconsctl.conf` | |
IFS="$save_IFS" | |
while [ $# -ge 1 ] ; do | |
- eval /sbin/wsconsctl $1 | |
+ eval wsconsctl $1 | |
shift | |
done | |
} | |
random_seed() | |
{ | |
- if [ -f /var/db/host.random -a "X$random_seed_done" = "X" ]; then | |
+ if [ -f /var/db/host.random ]; then | |
dd if=/var/db/host.random of=/dev/arandom bs=65536 count=1 \ | |
> /dev/null 2>&1 | |
+ chmod 600 /var/db/host.random >/dev/null 2>&1 | |
# reset seed file, so that if a shutdown-less reboot occurs, | |
# the next seed is not a repeat | |
dd if=/dev/arandom of=/var/db/host.random bs=65536 count=1 \ | |
> /dev/null 2>&1 | |
- | |
- random_seed_done=1 | |
fi | |
} | |
fill_baddynamic() | |
{ | |
- local _service="$1" | |
+ local _service=$1 | |
local _sysctl="net.inet.${_service}.baddynamic" | |
- local _name _port _srv _junk _ban | |
- local _i=0 | |
- grep "/${_service}" /etc/services | { | |
- IFS=" /" | |
- while read _name _port _srv _junk; do | |
- [ "x${_srv}" = "x${_service}" ] || continue; | |
- if [ "x${_ban}" = "x" ]; then | |
- _ban="+${_port}" | |
- else | |
- _ban="${_ban},+${_port}" | |
- fi | |
+ stripcom /etc/services | | |
+ { | |
+ # Variables are local | |
+ while IFS=" /" read _name _port _srv _junk; do | |
+ [ "x${_srv}" = "x${_service}" ] || continue | |
+ _ban="${_ban:+${_ban},}+${_port}" | |
# Flush before argv gets too long | |
- if [ $((++_i)) -gt 128 ]; then | |
- sysctl ${_sysctl}=${_ban} >/dev/null | |
+ if [ ${#_ban} -gt 1024 ]; then | |
+ sysctl -q ${_sysctl}=${_ban} | |
_ban="" | |
- _i=0 | |
fi | |
- done; | |
- if [ "x${_ban}" != "x" ]; then | |
- sysctl ${_sysctl}=${_ban} >/dev/null | |
- fi | |
+ done | |
+ [ "${_ban}" ] && sysctl -q ${_sysctl}=${_ban} | |
} | |
} | |
+start_daemon() | |
+{ | |
+ local _n | |
+ for _n; do | |
+ eval _do=\${${_n}_flags} | |
+ if [ X"${_do}" != X"NO" ]; then | |
+ /etc/rc.d/${_n} start | |
+ fi | |
+ done | |
+} | |
+ | |
+make_keys() | |
+{ | |
+ if [ X"${named_flags}" != X"NO" ]; then | |
+ if ! cmp -s /etc/rndc.key /var/named/etc/rndc.key ; then | |
+ echo -n "rndc-confgen: generating shared secret... " | |
+ if rndc-confgen -a -t /var/named >/dev/null 2>&1; then | |
+ chmod 0640 /var/named/etc/rndc.key \ | |
+ >/dev/null 2>&1 | |
+ echo done. | |
+ else | |
+ echo failed. | |
+ fi | |
+ fi | |
+ fi | |
+ | |
+ if [ ! -f /etc/isakmpd/private/local.key ]; then | |
+ echo -n "openssl: generating isakmpd/iked RSA key... " | |
+ if openssl genrsa -out /etc/isakmpd/private/local.key 2048 \ | |
+ >/dev/null 2>&1; then | |
+ chmod 600 /etc/isakmpd/private/local.key | |
+ openssl rsa -out /etc/isakmpd/local.pub -in \ | |
+ /etc/isakmpd/private/local.key -pubout \ | |
+ >/dev/null 2>&1 | |
+ echo done. | |
+ else | |
+ echo failed. | |
+ fi | |
+ fi | |
+ | |
+ if [ ! -f /etc/iked/private/local.key ]; then | |
+ # Just copy the generated isakmpd key | |
+ cp /etc/isakmpd/private/local.key /etc/iked/private/local.key | |
+ chmod 600 /etc/iked/private/local.key | |
+ cp /etc/isakmpd/local.pub /etc/iked/local.pub | |
+ fi | |
+ | |
+ ssh-keygen -A | |
+} | |
+ | |
+# create Unix sockets directories for X if needed and make sure they have | |
+# correct permissions | |
+setup_X_sockets() | |
+{ | |
+ if [ -d /usr/X11R6/lib ]; then | |
+ for d in /tmp/.X11-unix /tmp/.ICE-unix ; do | |
+ if [ -d $d ]; then | |
+ if [ `ls -ld $d | cut -d' ' -f4` \ | |
+ != root ]; then | |
+ chown root $d | |
+ fi | |
+ if [ `ls -ld $d | cut -d' ' -f1` \ | |
+ != drwxrwxrwt ]; then | |
+ chmod 1777 $d | |
+ fi | |
+ elif [ -e $d ]; then | |
+ echo "Error: $d exists and isn't a directory." | |
+ else | |
+ mkdir -m 1777 $d | |
+ fi | |
+ done | |
+ fi | |
+} | |
+ | |
# End subroutines | |
stty status '^T' | |
@@ -152,6 +217,7 @@ | |
trap : 3 # shouldn't be needed | |
HOME=/; export HOME | |
+INRC=1; export INRC | |
PATH=/sbin:/bin:/usr/sbin:/usr/bin | |
export PATH | |
@@ -161,7 +227,17 @@ | |
if [ X"$1" = X"shutdown" ]; then | |
dd if=/dev/arandom of=/var/db/host.random bs=65536 count=1 >/dev/null 2>&1 | |
chmod 600 /var/db/host.random >/dev/null 2>&1 | |
- if [ $? -eq 0 -a -f /etc/rc.shutdown ]; then | |
+ local _c=$? | |
+ if [ ${_c} -eq 0 -a -n "${pkg_scripts}" ]; then | |
+ echo -n 'stopping package daemons:' | |
+ while [ -n "${pkg_scripts}" ]; do | |
+ _r=${pkg_scripts##* } | |
+ pkg_scripts=${pkg_scripts%%*( )${_r}} | |
+ [ -x /etc/rc.d/${_r} ] && /etc/rc.d/${_r} stop | |
+ done | |
+ echo '.' | |
+ fi | |
+ if [ ${_c} -eq 0 -a -f /etc/rc.shutdown ]; then | |
echo /etc/rc.shutdown in progress... | |
. /etc/rc.shutdown | |
echo /etc/rc.shutdown complete. | |
@@ -243,8 +319,6 @@ | |
mount -uw / # root on nfs requires this, others aren't hurt | |
rm -f /fastboot # XXX (root now writeable) | |
-random_seed | |
- | |
# set flags on ttys. (do early, in case they use tty for SLIP in netstart) | |
echo 'setting tty flags' | |
ttyflags -a | |
@@ -309,194 +383,37 @@ | |
mount -s /usr >/dev/null 2>&1 | |
mount -s /var >/dev/null 2>&1 | |
-# if there's no /var/db/host.random, use /dev/arandom to create one | |
-if [ ! -f /var/db/host.random ]; then | |
- dd if=/dev/arandom of=/var/db/host.random bs=65536 count=1 \ | |
- >/dev/null 2>&1 | |
- chmod 600 /var/db/host.random >/dev/null 2>&1 | |
-else | |
- # Try to read seed if it was not initially present (e.g. /var on NFS) | |
- random_seed | |
-fi | |
+random_seed | |
# clean up left-over files | |
-rm -f /etc/nologin | |
-rm -f /var/spool/lock/LCK.* | |
-rm -f /var/spool/uucp/STST/* | |
+rm -f /etc/nologin /var/spool/lock/LCK.* /var/spool/uucp/STST/* | |
(cd /var/run && { rm -rf -- *; install -c -m 664 -g utmp /dev/null utmp; }) | |
(cd /var/authpf && rm -rf -- *) | |
# save a copy of the boot messages | |
dmesg >/var/run/dmesg.boot | |
-echo 'starting system logger' | |
-rm -f /dev/log | |
-if [ X"${httpd_flags}" != X"-u" ]; then | |
- rm -f /var/www/dev/log | |
- syslogd_flags="${syslogd_flags} -a /var/www/dev/log" | |
-fi | |
-if [ X"${named_flags}" != X"NO" ]; then | |
- rm -f /var/named/dev/log | |
- syslogd_flags="${syslogd_flags} -a /var/named/dev/log" | |
-fi | |
-if [ X"${nsd_flags}" != X"NO" ]; then | |
- rm -f /var/nsd/dev/log | |
- syslogd_flags="${syslogd_flags} -a /var/nsd/dev/log" | |
-fi | |
-if [ -d /var/empty ]; then | |
- rm -f /var/empty/dev/log | |
- mkdir -p -m 0555 /var/empty/dev | |
- syslogd_flags="${syslogd_flags} -a /var/empty/dev/log" | |
-fi | |
-syslogd ${syslogd_flags} | |
+make_keys | |
-if [ X"${pf}" != X"NO" ]; then | |
- ifconfig pflog0 create >/dev/null 2>&1 | |
- if ifconfig pflog0 >/dev/null 2>&1; then | |
- ifconfig pflog0 up | |
- if [ X"${pflogd_flags}" != X"NO" ]; then | |
- pflogd ${pflogd_flags} | |
- fi | |
- fi | |
-fi | |
+echo -n 'starting early daemons:' | |
+start_daemon syslogd ldattach pflogd named nsd ntpd isakmpd iked sasyncd | |
+echo '.' | |
-if [ X"${named_flags}" != X"NO" ]; then | |
- if ! cmp -s /etc/rndc.key /var/named/etc/rndc.key ; then | |
- echo -n "rndc-confgen: generating new shared secret... " | |
- if /usr/sbin/rndc-confgen -a -t /var/named >/dev/null 2>&1; then | |
- chmod 0640 /var/named/etc/rndc.key >/dev/null 2>&1 | |
- echo done. | |
- else | |
- echo failed. | |
- fi | |
- fi | |
- | |
- echo 'starting named'; named $named_flags | |
-fi | |
- | |
-if [ X"${nsd_flags}" != X"NO" ]; then | |
- echo 'starting nsd'; nsd $nsd_flags | |
-fi | |
- | |
-if [ ! -f /etc/isakmpd/private/local.key ]; then | |
- echo -n "openssl: generating new isakmpd/iked RSA key... " | |
- if /usr/sbin/openssl genrsa -out /etc/isakmpd/private/local.key 2048 \ | |
- > /dev/null 2>&1; then | |
- chmod 600 /etc/isakmpd/private/local.key | |
- openssl rsa -out /etc/isakmpd/local.pub \ | |
- -in /etc/isakmpd/private/local.key -pubout > /dev/null 2>&1 | |
- echo done. | |
- else | |
- echo failed. | |
- fi | |
-fi | |
- | |
-if [ ! -f /etc/iked/private/local.key ]; then | |
- # Just copy the generated isakmpd key | |
- cp /etc/isakmpd/private/local.key /etc/iked/private/local.key | |
- chmod 600 /etc/iked/private/local.key | |
- cp /etc/isakmpd/local.pub /etc/iked/local.pub | |
-fi | |
- | |
-if [ X"${isakmpd_flags}" != X"NO" ]; then | |
- if [ X"${sasyncd_flags}" != X"NO" ]; then | |
- isakmpd_flags="-S ${isakmpd_flags}" | |
- fi | |
- echo 'starting isakmpd'; isakmpd ${isakmpd_flags} | |
-fi | |
- | |
-if [ X"${iked_flags}" != X"NO" ]; then | |
- if [ X"${sasyncd_flags}" != X"NO" ]; then | |
- iked_flags="-S ${iked_flags}" | |
- fi | |
- echo 'starting iked'; iked ${iked_flags} | |
-fi | |
- | |
-if [ X"${sasyncd_flags}" != X"NO" ]; then | |
- echo 'starting sasyncd'; sasyncd ${sasyncd_flags} | |
-fi | |
- | |
if [ X"${ipsec}" != X"NO" ]; then | |
if [ -f ${ipsec_rules} ]; then | |
ipsecctl -f ${ipsec_rules} | |
fi | |
fi | |
-echo -n 'starting initial daemons:' | |
- | |
-if [ X"${portmap}" = X"YES" ]; then | |
- echo -n ' portmap'; portmap | |
+echo -n 'starting RPC daemons:' | |
+start_daemon portmap | |
+if [ X"`domainname`" != X"" ]; then | |
+ start_daemon ypserv ypbind yppasswdd | |
fi | |
- | |
-if [ X`domainname` != X ]; then | |
- if [ -d /var/yp/`domainname` ]; then | |
- # YP server capabilities needed... | |
- echo -n ' ypserv'; ypserv ${ypserv_flags} | |
- #echo -n ' ypxfrd'; ypxfrd | |
- fi | |
- | |
- if [ -d /var/yp/binding ]; then | |
- # YP client capabilities needed... | |
- echo -n ' ypbind'; ypbind | |
- fi | |
- | |
- if [ X"${yppasswdd_flags}" != X"NO" -a -d /var/yp/`domainname` ]; then | |
- # if we are the master server, run rpc.yppasswdd | |
- _host1=`ypwhich -m passwd 2> /dev/null` | |
- _host2=`hostname` | |
- if [ `grep '^lookup' /etc/resolv.conf | grep yp | wc -c` -ne 0 ]; then | |
- _host1=`ypmatch $_host1 hosts | cut -d' ' -f2` | |
- _host2=`ypmatch $_host2 hosts | cut -d' ' -f2 | head -1` | |
- else | |
- _host1=`echo $_host1 | nslookup | grep '^Name: ' | \ | |
- sed -e 's/^Name: //'` | |
- _host2=`echo $_host2 | nslookup | grep '^Name: ' | \ | |
- sed -e 's/^Name: //'` | |
- fi | |
- if [ "$_host2" = "$_host1" ]; then | |
- echo -n ' rpc.yppasswdd' | |
- rpc.yppasswdd ${yppasswdd_flags} | |
- fi | |
- fi | |
-fi | |
- | |
-if [ X"${nfs_server}" = X"YES" -a -s /etc/exports -a \ | |
- `sed -e '/^#/d' < /etc/exports | wc -l` -ne 0 ]; then | |
- rm -f /var/db/mountdtab | |
- echo -n > /var/db/mountdtab | |
- echo -n ' mountd'; mountd | |
- echo -n ' nfsd'; nfsd ${nfsd_flags} | |
- if [ X"${lockd}" = X"YES" ]; then | |
- echo -n ' rpc.lockd'; rpc.lockd | |
- echo -n ' rpc.statd'; rpc.statd | |
- fi | |
-fi | |
- | |
-if [ X"${amd}" = X"YES" -a -e ${amd_master} ]; then | |
- echo -n ' amd' | |
- (cd /etc/amd; amd `cat ${amd_master}`) | |
-fi | |
- | |
-# run rdate before timed/ntpd | |
-if [ X"${rdate_flags}" != X"NO" ]; then | |
- echo -n ' rdate'; rdate -s ${rdate_flags} | |
-fi | |
- | |
-if [ X"${timed_flags}" != X"NO" ]; then | |
- echo -n ' timed'; timed $timed_flags | |
-fi | |
- | |
-if [ X"${ldattach_flags}" != X"NO" -a -n "${ldattach_flags}" ]; then | |
- echo -n ' ldattach'; ldattach ${ldattach_flags} | |
-fi | |
- | |
-if [ X"${ntpd_flags}" != X"NO" ]; then | |
- echo -n ' ntpd'; ntpd $ntpd_flags | |
-fi | |
+start_daemon ypldap mountd nfsd lockd statd amd | |
echo '.' | |
mount -a | |
- | |
swapctl -A -t noblk | |
# /var/crash should be a directory or a symbolic link | |
@@ -505,14 +422,6 @@ | |
savecore ${savecore_flags} /var/crash | |
fi | |
-if [ X"${afs}" = X"YES" -a -c /dev/nnpfs0 ]; then | |
- echo -n 'mounting afs:' | |
- mkdir -p -m 0755 /afs | |
- mount -t nnpfs /dev/nnpfs0 /afs | |
- /usr/libexec/afsd ${afsd_flags} | |
- echo ' done.' | |
-fi | |
- | |
if [ X"${check_quotas}" = X"YES" ]; then | |
echo -n 'checking quotas:' | |
quotacheck -a | |
@@ -520,21 +429,15 @@ | |
quotaon -a | |
fi | |
-# build ps databases | |
-echo -n 'building ps databases:' | |
-echo -n " kvm" | |
-kvm_mkdb | |
-echo -n " dev" | |
+kvm_mkdb # build kvm(3) databases | |
dev_mkdb | |
-echo "." | |
- | |
chmod 666 /dev/tty[pqrstuvwxyzPQRST]* | |
chown root:wheel /dev/tty[pqrstuvwxyzPQRST]* | |
# check the password temp/lock file | |
if [ -f /etc/ptmp ]; then | |
logger -s -p auth.err \ | |
- 'password file may be incorrect -- /etc/ptmp exists' | |
+ 'password file may be incorrect -- /etc/ptmp exists' | |
fi | |
echo clearing /tmp | |
@@ -546,24 +449,7 @@ | |
find . ! -name . ! -name lost+found ! -name quota.user \ | |
! -name quota.group -execdir rm -rf -- {} \; -type d -prune) | |
-# create Unix sockets directories for X if needed and make sure they have | |
-# correct permissions | |
-if [ -d /usr/X11R6/lib ]; then | |
- for d in /tmp/.X11-unix /tmp/.ICE-unix ; do | |
- if [ -d $d ]; then | |
- if [ `ls -ld $d | cut -d' ' -f4` != root ]; then | |
- chown root $d | |
- fi | |
- if [ `ls -ld $d | cut -d' ' -f1` != drwxrwxrwt ]; then | |
- chmod 1777 $d | |
- fi | |
- elif [ -e $d ]; then | |
- echo "Error: $d exists and isn't a directory." | |
- else | |
- mkdir -m 1777 $d | |
- fi | |
- done | |
-fi | |
+setup_X_sockets | |
[ -f /etc/rc.securelevel ] && . /etc/rc.securelevel | |
if [ X"${securelevel}" != X"" ]; then | |
@@ -575,8 +461,7 @@ | |
if [ ! -f /etc/motd ]; then | |
install -c -o root -g wheel -m 664 /dev/null /etc/motd | |
fi | |
-T=`mktemp /tmp/_motd.XXXXXXXXXX` | |
-if [ $? -eq 0 ]; then | |
+if T=`mktemp /tmp/_motd.XXXXXXXXXX`; then | |
sysctl -n kern.version | sed 1q > $T | |
echo "" >> $T | |
sed '1,/^$/d' < /etc/motd >> $T | |
@@ -602,268 +487,55 @@ | |
ldconfig $shlib_dirs | |
fi | |
-if [ -x /usr/libexec/vi.recover ]; then | |
- echo 'preserving editor files.'; /usr/libexec/vi.recover | |
-fi | |
+echo 'preserving editor files.'; /usr/libexec/vi.recover | |
-if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then | |
- echo -n "ssh-keygen: generating new DSA host key... " | |
- if /usr/bin/ssh-keygen -q -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''; then | |
- echo done. | |
- else | |
- echo failed. | |
- fi | |
-fi | |
-if [ ! -f /etc/ssh/ssh_host_ecdsa_key ]; then | |
- echo -n "ssh-keygen: generating new ECDSA host key... " | |
- if /usr/bin/ssh-keygen -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N ''; then | |
- echo done. | |
- else | |
- echo failed. | |
- fi | |
-fi | |
-if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then | |
- echo -n "ssh-keygen: generating new RSA host key... " | |
- if /usr/bin/ssh-keygen -q -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''; then | |
- echo done. | |
- else | |
- echo failed. | |
- fi | |
-fi | |
-if [ ! -f /etc/ssh/ssh_host_key ]; then | |
- echo -n "ssh-keygen: generating new RSA1 host key... " | |
- if /usr/bin/ssh-keygen -q -t rsa1 -f /etc/ssh/ssh_host_key -N ''; then | |
- echo done. | |
- else | |
- echo failed. | |
- fi | |
-fi | |
+echo -n 'starting network daemons:' | |
+start_daemon sshd snmpd ldpd ripd ospfd ospf6d bgpd ifstated | |
+start_daemon relayd dhcpd dhcrelay mrouted dvmrpd | |
-echo -n starting network daemons: | |
- | |
-if [ X"${sshd_flags}" != X"NO" ]; then | |
- echo -n ' sshd'; /usr/sbin/sshd ${sshd_flags} | |
-fi | |
- | |
-if [ X"${snmpd_flags}" != X"NO" ]; then | |
- echo -n ' snmpd'; /usr/sbin/snmpd $snmpd_flags | |
-fi | |
- | |
-if [ X"${ldpd_flags}" != X"NO" ]; then | |
- echo -n ' ldpd'; /usr/sbin/ldpd $ldpd_flags | |
-fi | |
- | |
-if [ X"${ripd_flags}" != X"NO" ]; then | |
- echo -n ' ripd'; /usr/sbin/ripd $ripd_flags | |
-fi | |
- | |
-if [ X"${mrouted_flags}" != X"NO" ]; then | |
- echo -n ' mrouted'; mrouted $mrouted_flags | |
-fi | |
- | |
-if [ X"${dvmrpd_flags}" != X"NO" ]; then | |
- echo -n ' dvmrpd'; /usr/sbin/dvmrpd $dvmrpd_flags | |
-fi | |
- | |
-if [ X"${ospfd_flags}" != X"NO" ]; then | |
- echo -n ' ospfd'; /usr/sbin/ospfd $ospfd_flags | |
-fi | |
- | |
-if [ X"${ospf6d_flags}" != X"NO" ]; then | |
- echo -n ' ospf6d'; /usr/sbin/ospf6d $ospf6d_flags | |
-fi | |
- | |
-if [ X"${bgpd_flags}" != X"NO" ]; then | |
- echo -n ' bgpd'; /usr/sbin/bgpd $bgpd_flags | |
-fi | |
- | |
-if [ X"${ifstated_flags}" != X"NO" ]; then | |
- echo -n ' ifstated'; ifstated $ifstated_flags | |
-fi | |
- | |
-if [ X"${relayd_flags}" != X"NO" ]; then | |
- echo -n ' relayd'; /usr/sbin/relayd $relayd_flags | |
-fi | |
- | |
-if [ X"${dhcpd_flags}" != X"NO" -a -f /etc/dhcpd.conf ]; then | |
- touch /var/db/dhcpd.leases | |
- echo -n ' dhcpd'; /usr/sbin/dhcpd ${dhcpd_flags} | |
-fi | |
- | |
-if [ X"${dhcrelay_flags}" != X"NO" ]; then | |
- echo -n ' dhcrelay'; /usr/sbin/dhcrelay $dhcrelay_flags | |
-fi | |
- | |
if ifconfig lo0 inet6 >/dev/null 2>&1; then | |
fw=`sysctl -n net.inet6.ip6.forwarding` | |
if [ X"${fw}" = X"0" ]; then | |
- if [ X"${rtsold_flags}" != X"NO" ]; then | |
- echo -n ' rtsold' | |
- /usr/sbin/rtsold ${rtsold_flags} | |
- fi | |
+ start_daemon rtsold | |
else | |
- if [ X"${route6d_flags}" != X"NO" ]; then | |
- echo -n ' route6d' | |
- /usr/sbin/route6d ${route6d_flags} | |
- fi | |
- if [ X"${rtadvd_flags}" != X"NO" ]; then | |
- echo -n ' rtadvd' | |
- /usr/sbin/rtadvd ${rtadvd_flags} | |
- fi | |
+ start_daemon route6d rtadvd | |
fi | |
fi | |
-if [ X"${hostapd_flags}" != X"NO" ]; then | |
- echo -n ' hostapd'; /usr/sbin/hostapd ${hostapd_flags} | |
-fi | |
+start_daemon hostapd rwhod lpd ldapd sendmail smtpd httpd ftpd | |
+start_daemon ftpproxy identd inetd rarpd bootparamd rbootd mopd | |
+start_daemon spamd spamlogd kdc kadmind kpasswdd aucat | |
+echo '.' | |
-if [ X"${bt}" != X"NO" ]; then | |
- echo -n ' btd'; /usr/sbin/btd | |
- if [ -f ${bt_rules} ]; then | |
- btctl -f ${bt_rules} | |
- fi | |
-fi | |
- | |
-if [ X"${rwhod}" = X"YES" ]; then | |
- echo -n ' rwhod'; rwhod | |
-fi | |
- | |
- | |
-if [ X"${lpd_flags}" != X"NO" ]; then | |
- echo -n ' lpd'; lpd ${lpd_flags} | |
-fi | |
- | |
-if [ X"${ldapd_flags}" != X"NO" ]; then | |
- echo -n ' ldapd'; /usr/sbin/ldapd ${ldapd_flags} | |
-fi | |
- | |
-# We call sendmail with a full path so that SIGHUP works. | |
-# Note that /usr/sbin/sendmail may actually call a | |
-# mailer other than sendmail, depending on /etc/mailer.conf. | |
-if [ X"${sendmail_flags}" != X"NO" -a -s /etc/mailer.conf ]; then | |
- echo -n ' sendmail'; ( /usr/sbin/sendmail ${sendmail_flags} >/dev/null 2>&1 & ) | |
-fi | |
- | |
-if [ X"${smtpd_flags}" != X"NO" ]; then | |
- echo -n ' smtpd'; smtpd $smtpd_flags | |
-fi | |
- | |
-if [ X"${httpd_flags}" != X"NO" ]; then | |
- # Clean up left-over httpd locks | |
- rm -f /var/www/logs/{ssl_mutex,httpd.lock,accept.lock}.* | |
- echo -n ' httpd'; /usr/sbin/httpd ${httpd_flags} | |
-fi | |
- | |
-if [ X"${ftpd_flags}" != X"NO" ]; then | |
- echo -n ' ftpd'; /usr/libexec/ftpd ${ftpd_flags} | |
-fi | |
- | |
-if [ X"${ftpproxy_flags}" != X"NO" ]; then | |
- echo -n ' ftp-proxy'; /usr/sbin/ftp-proxy ${ftpproxy_flags} | |
-fi | |
- | |
-if [ X"${identd_flags}" != X"NO" ]; then | |
- echo -n ' identd'; /usr/libexec/identd ${identd_flags} | |
-fi | |
- | |
-if [ X"${inetd}" = X"YES" -a -e /etc/inetd.conf ]; then | |
- echo -n ' inetd'; inetd | |
-fi | |
- | |
if [ X"${spamd_flags}" != X"NO" ]; then | |
- if [ X"${spamd_black}" != X"NO" ]; then | |
- spamd_flags="${spamd_flags} -b" | |
- fi | |
- echo -n ' spamd'; eval /usr/libexec/spamd ${spamd_flags} | |
/usr/libexec/spamd-setup -D | |
- if [ X"${spamd_black}" = X"NO" ]; then | |
- echo -n ' spamlogd' | |
- /usr/libexec/spamlogd ${spamlogd_flags} | |
- fi | |
fi | |
-if [ X"${rarpd_flags}" != X"NO" -a -s /etc/ethers ]; then | |
- echo -n ' rarpd'; rarpd ${rarpd_flags} | |
-fi | |
- | |
-if [ X"${bootparamd_flags}" != X"NO" -a -s /etc/bootparams ]; then | |
- echo -n ' rpc.bootparamd'; rpc.bootparamd ${bootparamd_flags} | |
-fi | |
- | |
-if [ X"${rbootd_flags}" != X"NO" -a -s /etc/rbootd.conf ]; then | |
- echo -n ' rbootd'; rbootd ${rbootd_flags} | |
-fi | |
- | |
-if [ X"${mopd_flags}" != X"NO" -a -d /tftpboot/mop ]; then | |
- echo -n ' mopd'; mopd ${mopd_flags} | |
-fi | |
- | |
-echo '.' | |
- | |
-mixerctl_conf | |
- | |
-if [ X"${aucat_flags}" != X"NO" ]; then | |
- aucat -l ${aucat_flags} | |
-fi | |
- | |
-# KerberosV master KDC | |
-if [ X"${krb5_master_kdc}" = X"YES" ]; then | |
- echo 'KerberosV master KDC' | |
- /usr/libexec/kdc & | |
- /usr/libexec/kadmind & | |
- /usr/libexec/kpasswdd & | |
-fi | |
- | |
-# KerberosV slave KDC | |
-if [ X"${krb5_slave_kdc}" = X"YES" ]; then | |
- echo 'KerberosV slave KDC' | |
- /usr/libexec/kdc & | |
- # Remember to enable hpropd in inetd.conf | |
-fi | |
- | |
# If rc.firstime exists, run it just once, and make sure it is deleted | |
if [ -f /etc/rc.firsttime ]; then | |
mv /etc/rc.firsttime /etc/rc.firsttime.run | |
- . /etc/rc.firsttime.run 2>&1 | mail -s 'rc.firsttime output' root >/dev/null | |
+ . /etc/rc.firsttime.run 2>&1 | tee /dev/tty | | |
+ mail -Es "`hostname` rc.firsttime output" root >/dev/null | |
fi | |
rm -f /etc/rc.firsttime.run | |
-[ -f /etc/rc.local ] && . /etc/rc.local | |
- | |
-echo -n standard daemons: | |
- | |
-if [ X"${apmd_flags}" != X"NO" -a -x /usr/sbin/apmd ]; then | |
- echo -n ' apmd'; /usr/sbin/apmd ${apmd_flags} | |
+# Run rc.d(8) scripts from packages | |
+if [ -n "${pkg_scripts}" ]; then | |
+ echo -n 'starting package daemons:' | |
+ for _r in $pkg_scripts; do | |
+ [ -x /etc/rc.d/${_r} ] && start_daemon ${_r} | |
+ done | |
+ echo '.' | |
fi | |
-if [ X"${sensorsd_flags}" != X"NO" ]; then | |
- echo -n ' sensorsd'; /usr/sbin/sensorsd ${sensorsd_flags} | |
-fi | |
+[ -f /etc/rc.local ] && . /etc/rc.local | |
-if [ X"${hotplugd_flags}" != X"NO" -a -x /usr/sbin/hotplugd ]; then | |
- echo -n ' hotplugd'; /usr/sbin/hotplugd ${hotplugd_flags} | |
-fi | |
+ifconfig -g carp -carpdemote 128 # disable carp interlock | |
-if [ X"${watchdogd_flags}" != X"NO" -a -x /usr/sbin/watchdogd ]; then | |
- echo -n ' watchdogd'; /usr/sbin/watchdogd ${watchdogd_flags} | |
-fi | |
- | |
-echo -n ' cron'; cron | |
- | |
-# disable carp interlock | |
-ifconfig -g carp -carpdemote 128 | |
- | |
+mixerctl_conf | |
+echo -n 'starting local daemons:' | |
+start_daemon apmd sensorsd hotplugd watchdogd cron wsmoused xdm | |
echo '.' | |
date | |
- | |
-if [ X"${wsmoused_flags}" != X"NO" -a -x /usr/sbin/wsmoused ]; then | |
- echo 'starting wsmoused...'; /usr/sbin/wsmoused ${wsmoused_flags} | |
-fi | |
- | |
-# Alternatively, on some architectures, xdm may be started in /etc/ttys. | |
-if [ X"${xdm_flags}" != X"NO" -a -x /usr/X11R6/bin/xdm ]; then | |
- echo 'starting xdm...'; /usr/X11R6/bin/xdm ${xdm_flags} | |
-fi | |
- | |
exit 0 | |
diff -ur etc49/etc/rc.conf etc50/etc/rc.conf | |
--- etc49/etc/rc.conf Wed Mar 2 14:51:49 2011 | |
+++ etc50/etc/rc.conf Wed Aug 17 17:50:53 2011 | |
@@ -1,6 +1,6 @@ | |
#!/bin/sh - | |
# | |
-# $OpenBSD: rc.conf,v 1.141 2011/02/12 11:21:01 ajacoutot Exp $ | |
+# $OpenBSD: rc.conf,v 1.160 2011/07/24 15:33:41 fgsch Exp $ | |
# set these to "NO" to turn them off. otherwise, they're used as flags | |
ldpd_flags=NO # for normal use: "" | |
@@ -17,8 +17,6 @@ | |
sshd_flags="" # for normal use: "" | |
named_flags=NO # for normal use: "" | |
nsd_flags=NO # for normal use: "" | |
-rdate_flags=NO # for normal use: [RFC868-host] or [-n RFC2030-host] | |
-timed_flags=NO # for normal use: "" | |
ldattach_flags=NO # for normal use: "[options] linedisc cua-device" | |
ntpd_flags=NO # for normal use: "" | |
isakmpd_flags=NO # for normal use: "" | |
@@ -35,6 +33,7 @@ | |
rtsold_flags=NO # for normal use: interface | |
# be sure to set net.inet6.ip6.forwarding=0 | |
# be sure to set net.inet6.ip6.accept_rtadv=1 | |
+ # be sure to set net.inet6.icmp6.rediraccept=1 | |
lpd_flags=NO # for normal use: "" (or "-l" for debugging) | |
sensorsd_flags=NO # for normal use: "" | |
hotplugd_flags=NO # for normal use: "" | |
@@ -47,6 +46,14 @@ | |
smtpd_flags=NO # for normal use: "" | |
aucat_flags=NO # for normal use: "" | |
ldapd_flags=NO # for normal use: "" | |
+inetd_flags="" # for normal use: "" | |
+rwhod_flags=NO # for normal use: "" | |
+portmap_flags=NO # for normal use: "" | |
+kdc_flags=NO # for normal use: "" see 'info heimdal' for help | |
+kadmind_flags=NO # for normal use: "" | |
+kpasswdd_flags=NO # for normal use: "" | |
+btd_flags=NO # for normal use: "" | |
+amd_flags=NO # for normal use: "" | |
# use -u to disable chroot, see httpd(8) | |
httpd_flags=NO # for normal use: "" (or "-DSSL" after reading ssl(8)) | |
@@ -70,20 +77,13 @@ | |
wsmoused_flags=NO # for ps/2 or usb mice: "", serial: "-p /dev/cua00" | |
# set the following to "YES" to turn them on | |
-rwhod=NO | |
-nfs_server=NO # see sysctl.conf for nfs client configuration | |
-lockd=NO | |
-amd=NO | |
pf=YES # Packet filter / NAT | |
ipsec=NO # IPsec | |
bt=NO # Bluetooth | |
portmap=NO # Note: inetd(8) rpc services need portmap too | |
-inetd=YES # almost always needed | |
check_quotas=YES # NO may be desirable in some YP environments | |
accounting=NO # process accounting (using /var/account/acct) | |
-krb5_master_kdc=NO # KerberosV master KDC. Run 'info heimdal' for help. | |
-krb5_slave_kdc=NO # KerberosV slave KDC. | |
afs=NO # mount and run afs | |
# Multicast routing configuration | |
@@ -92,11 +92,14 @@ | |
multicast_router=NO # A multicast routing daemon will be run, e.g. mrouted | |
# miscellaneous other flags | |
-# only used if the appropriate server is marked YES above | |
savecore_flags= # "-z" to compress | |
-ypserv_flags= # E.g. -1 for YP v1, -d for DNS etc | |
+ypserv_flags=NO # add more flags, eg. -1 for YP v1, -d for DNS etc | |
+ypldap_flags=NO # for normal use: "" | |
yppasswdd_flags=NO # "-d /etc/yp" if passwd files are in /etc/yp | |
-nfsd_flags="-tun 4" # Crank the 4 for a busy NFS fileserver | |
+nfsd_flags=NO # for normal use: "-tun 4" and see nfsd(8) | |
+mountd_flags=NO # for normal use: "" | |
+lockd_flags=NO # for normal use: "" | |
+statd_flags=NO # for normal use: "" | |
amd_master=/etc/amd/master # AMD 'master' map | |
syslogd_flags= # add more flags, e.g. "-u -a /chroot/dev/log" | |
pf_rules=/etc/pf.conf # Packet filter rules file | |
@@ -107,10 +110,40 @@ | |
shlib_dirs= # extra directories for ldconfig, separated | |
# by space | |
-# rc.d(8) daemons scripts | |
+# rc.d(8) packages scripts | |
# started in the specified order and stopped in reverse order | |
-rc_scripts= | |
+pkg_scripts= | |
local_rcconf="/etc/rc.conf.local" | |
+unset inetd_flags rwhod_flags portmap_flags kdc_flags kadmind_flags | |
+unset kpasswdd_flags btd_flags nfsd_flags mountd_flags lockd_flags | |
+unset statd_flags amd_flags | |
+ | |
[ -f ${local_rcconf} ] && . ${local_rcconf} # Do not edit this line | |
+ | |
+# special care needed for spamlogd to avoid starting it up and failing | |
+# all the time | |
+if [ X"${spamd_flags}" = X"NO" -o X"${spamd_black}" != X"NO" ]; then | |
+ spamlogd_flags=NO | |
+fi | |
+ | |
+# special care needed for pflogd to avoid starting it up and failing | |
+# if pf is not enabled | |
+if [ X"${pf}" = X"NO" ]; then | |
+ pflogd_flags=NO | |
+fi | |
+ | |
+# backward compatibility | |
+: ${inetd_flags=$([ X"${inetd-YES}" = XYES ] || echo NO)} | |
+: ${rwhod_flags=$([ X"${rwhod-NO}" = XYES ] || echo NO)} | |
+: ${portmap_flags=$([ X"${portmap-NO}" = XYES ] || echo NO)} | |
+: ${kdc_flags=$([ X"${krb5_master_kdc-NO}" = XYES -o X"${krb5_slave_kdc-NO}" = XYES ] || echo NO)} | |
+: ${kadmind_flags=$([ X"${krb5_master_kdc-NO}" = XYES ] || echo NO)} | |
+: ${kpasswdd_flags=$([ X"${krb5_master_kdc-NO}" = XYES ] || echo NO)} | |
+: ${btd_flags=$([ X"${bt-NO}" = XYES ] || echo NO)} | |
+: ${nfsd_flags=$([ X"${nfs_server-NO}" = XYES ] && echo "-tun 4" || echo NO)} | |
+: ${mountd_flags=$([ X"${nfs_server-NO}" = XYES ] || echo NO)} | |
+: ${lockd_flags=$([ X"${lockd-NO}" = XYES ] || echo NO)} | |
+: ${statd_flags=$([ X"${lockd-NO}" = XYES ] || echo NO)} | |
+: ${amd_flags=$([ X"${amd-NO}" = XYES ] || echo NO)} | |
Only in etc50/etc: rc.d | |
diff -ur etc49/etc/rc.local etc50/etc/rc.local | |
--- etc49/etc/rc.local Wed Mar 2 14:51:49 2011 | |
+++ etc50/etc/rc.local Wed Aug 17 17:50:53 2011 | |
@@ -1,16 +1,6 @@ | |
-# $OpenBSD: rc.local,v 1.41 2010/11/05 10:03:00 ajacoutot Exp $ | |
+# $OpenBSD: rc.local,v 1.44 2011/04/22 06:08:14 ajacoutot Exp $ | |
# Site-specific startup actions, daemons, and other things which | |
# can be done AFTER your system goes into securemode. For actions | |
# which should be done BEFORE your system has gone into securemode | |
# please see /etc/rc.securelevel. | |
- | |
-echo -n 'starting local daemons:' | |
- | |
-for _r in $rc_scripts; do | |
- [ -x /etc/rc.d/${_r} ] && echo -n " ${_r}" && /etc/rc.d/${_r} start | |
-done | |
- | |
-# Add your local startup actions here. | |
- | |
-echo '.' | |
diff -ur etc49/etc/rc.shutdown etc50/etc/rc.shutdown | |
--- etc49/etc/rc.shutdown Wed Mar 2 14:51:49 2011 | |
+++ etc50/etc/rc.shutdown Wed Aug 17 17:50:53 2011 | |
@@ -1,4 +1,4 @@ | |
-# $OpenBSD: rc.shutdown,v 1.10 2010/11/26 08:09:35 ajacoutot Exp $ | |
+# $OpenBSD: rc.shutdown,v 1.12 2011/04/22 06:08:14 ajacoutot Exp $ | |
# | |
# If it exists, this script is run at system-shutdown by reboot(8), | |
# halt(8). If the architecture supports keyboard requested halting, | |
@@ -7,14 +7,4 @@ | |
powerdown=NO # set to YES for powerdown | |
-echo -n 'stopping local daemons:' | |
- | |
-while [ -n "${rc_scripts}" ]; do | |
- _r=${rc_scripts##* } | |
- rc_scripts=${rc_scripts%%*( )${_r}} | |
- [ -x /etc/rc.d/${_r} ] && echo -n " ${_r}" && /etc/rc.d/${_r} stop | |
-done | |
- | |
# Add your local shutdown actions here. | |
- | |
-echo '.' | |
diff -ur etc49/etc/relayd.conf etc50/etc/relayd.conf | |
--- etc49/etc/relayd.conf Wed Mar 2 14:51:50 2011 | |
+++ etc50/etc/relayd.conf Wed Aug 17 17:50:54 2011 | |
@@ -1,4 +1,4 @@ | |
-# $OpenBSD: relayd.conf,v 1.13 2008/03/03 16:58:41 reyk Exp $ | |
+# $OpenBSD: relayd.conf,v 1.14 2011/04/07 13:33:52 reyk Exp $ | |
# | |
# Macros | |
# | |
@@ -82,6 +82,10 @@ | |
# Return HTTP/HTML error pages to the client | |
return error | |
+ # Block disallowed sites | |
+ label "URL filtered!" | |
+ request url filter "www.example.com/" | |
+ | |
# Block disallowed browsers | |
label "Please try a <em>different Browser</em>" | |
header filter "Mozilla/4.0 (compatible; MSIE *" from "User-Agent" | |
@@ -96,10 +100,10 @@ | |
} | |
relay httpproxy { | |
- # Listen on localhost, accept redirected connections from pf(4) | |
+ # Listen on localhost, accept diverted connections from pf(4) | |
listen on 127.0.0.1 port 8080 | |
protocol httpfilter | |
# Forward to the original target host | |
- forward to nat lookup | |
+ forward to destination | |
} | |
diff -ur etc49/etc/remote etc50/etc/remote | |
--- etc49/etc/remote Wed Mar 2 14:51:49 2011 | |
+++ etc50/etc/remote Wed Aug 17 17:50:53 2011 | |
@@ -1,4 +1,4 @@ | |
-# $OpenBSD: remote,v 1.12 2010/06/29 17:17:53 nicm Exp $ | |
+# $OpenBSD: remote,v 1.13 2011/07/07 19:16:42 deraadt Exp $ | |
# from: @(#)remote 8.1 (Berkeley) 6/10/93 | |
# | |
# remote -- remote host description database | |
@@ -53,7 +53,7 @@ | |
unixhost:\ | |
:pa=none:br#9600:el=^U^C^R^O^D^S^Q:ie=%$:oe=^D: | |
-tty00|For hp300,i386,mac68k,macppc,mvmeppc,vax:\ | |
+tty00|For hp300,i386,mac68k,macppc,vax:\ | |
:dv=/dev/tty00:tc=direct:tc=unixhost: | |
ttya|For sparc,mvme68k:\ | |
Only in etc49/etc: security | |
diff -ur etc49/etc/ssh/sshd_config etc50/etc/ssh/sshd_config | |
--- etc49/etc/ssh/sshd_config Wed Mar 2 14:51:51 2011 | |
+++ etc50/etc/ssh/sshd_config Wed Aug 17 17:50:55 2011 | |
@@ -1,11 +1,11 @@ | |
-# $OpenBSD: sshd_config,v 1.82 2010/09/06 17:10:19 naddy Exp $ | |
+# $OpenBSD: sshd_config,v 1.84 2011/05/23 03:30:07 djm Exp $ | |
# This is the sshd server system-wide configuration file. See | |
# sshd_config(5) for more information. | |
# The strategy used for options in the default sshd_config shipped with | |
# OpenSSH is to specify options with their default value where | |
-# possible, but leave them commented. Uncommented options change a | |
+# possible, but leave them commented. Uncommented options override the | |
# default value. | |
#Port 22 | |
@@ -42,7 +42,10 @@ | |
#RSAAuthentication yes | |
#PubkeyAuthentication yes | |
-#AuthorizedKeysFile .ssh/authorized_keys | |
+ | |
+# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 | |
+# but this is overridden so installations will only check .ssh/authorized_keys | |
+AuthorizedKeysFile .ssh/authorized_keys | |
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts | |
#RhostsRSAAuthentication no | |
diff -ur etc49/etc/sysctl.conf etc50/etc/sysctl.conf | |
--- etc49/etc/sysctl.conf Wed Mar 2 14:51:50 2011 | |
+++ etc50/etc/sysctl.conf Wed Aug 17 17:50:53 2011 | |
@@ -1,4 +1,4 @@ | |
-# $OpenBSD: sysctl.conf,v 1.49 2011/02/16 10:37:45 mikeb Exp $ | |
+# $OpenBSD: sysctl.conf,v 1.52 2011/06/24 19:47:48 naddy Exp $ | |
# | |
# This file contains a list of sysctl options the user wants set at | |
# boot time. See sysctl(3) and sysctl(8) for more information on | |
@@ -8,7 +8,7 @@ | |
#net.inet.ip.mforwarding=1 # 1=Permit forwarding (routing) of IPv4 multicast packets | |
#net.inet.ip.multipath=1 # 1=Enable IP multipath routing | |
#net.inet.icmp.rediraccept=1 # 1=Accept ICMP redirects | |
-#net.inet6.icmp6.rediraccept=0 # 0=Don't accept IPv6 ICMP redirects | |
+#net.inet6.icmp6.rediraccept=1 # 1=Accept IPv6 ICMP redirects (for hosts) | |
#net.inet6.ip6.forwarding=1 # 1=Permit forwarding (routing) of IPv6 packets | |
#net.inet6.ip6.mforwarding=1 # 1=Permit forwarding (routing) of IPv6 multicast packets | |
#net.inet6.ip6.multipath=1 # 1=Enable IPv6 multipath routing | |
@@ -35,6 +35,8 @@ | |
#kern.nosuidcoredump=2 # 2=Put suid coredumps in /var/crash | |
#kern.watchdog.period=32 # >0=Enable hardware watchdog(4) timer if available | |
#kern.watchdog.auto=0 # 0=Disable automatic watchdog(4) retriggering | |
+#kern.pool_debug=0 # 0=Disable pool corruption checks (faster) | |
+#hw.allowpowerdown=0 # 0=Disable power button shutdown | |
#machdep.allowaperture=2 # See xf86(4) | |
#machdep.apmhalt=1 # 1=powerdown hack, try if halt -p doesn't work | |
#machdep.kbdreset=1 # permit console CTRL-ALT-DEL to do a nice halt | |
@@ -42,6 +44,4 @@ | |
#machdep.userldt=1 # allow userland programs to play with ldt, | |
# required by some ports | |
#kern.emul.aout=1 # enable running dynamic OpenBSD a.out bins | |
-#kern.emul.freebsd=1 # enable running FreeBSD binaries | |
#kern.emul.linux=1 # enable running Linux binaries | |
-#kern.emul.svr4=1 # enable running SVR4 binaries | |
diff -ur etc49/etc/weekly etc50/etc/weekly | |
--- etc49/etc/weekly Wed Mar 2 14:51:49 2011 | |
+++ etc50/etc/weekly Wed Aug 17 17:50:53 2011 | |
@@ -1,5 +1,5 @@ | |
# | |
-# $OpenBSD: weekly,v 1.24 2011/01/19 06:18:05 david Exp $ | |
+# $OpenBSD: weekly,v 1.25 2011/07/07 23:09:46 guenther Exp $ | |
# | |
# For local additions, create the file /etc/weekly.local. | |
# To get section headers, use the function next_part in weekly.local. | |
@@ -45,8 +45,7 @@ | |
next_part "Rebuilding locate database:" | |
if [ -f /var/db/locate.database ]; then | |
- TMP=`mktemp /var/db/locate.database.XXXXXXXXXX` | |
- if [ $? -eq 0 ]; then | |
+ if TMP=`mktemp /var/db/locate.database.XXXXXXXXXX`; then | |
trap 'rm -f $TMP; exit 1' 0 1 15 | |
UPDATEDB="/usr/libexec/locate.updatedb" | |
echo "${UPDATEDB} --fcodes=- --tmpdir=${TMPDIR:-/var/tmp}" | \ | |
Only in etc50/etc: ypldap.conf | |
diff -ur etc49/var/db/sysmerge/etcsum etc50/var/db/sysmerge/etcsum | |
--- etc49/var/db/sysmerge/etcsum Wed Mar 2 14:57:58 2011 | |
+++ etc50/var/db/sysmerge/etcsum Wed Aug 17 18:00:10 2011 | |
@@ -8,13 +8,13 @@ | |
4294967295 0 ./etc/authpf | |
4182151039 3038 ./etc/bgpd.conf | |
3876916992 185 ./etc/ccd.conf | |
-3448035340 3341 ./etc/changelist | |
+3775300743 3330 ./etc/changelist | |
252594545 410 ./etc/chio.conf | |
1472356903 102 ./etc/csh.cshrc | |
2703696912 102 ./etc/csh.login | |
3431436583 104 ./etc/csh.logout | |
-1728858655 5277 ./etc/daily | |
-2378293123 591 ./etc/dhclient.conf | |
+333940016 5302 ./etc/daily | |
+1049233877 521 ./etc/dhclient.conf | |
4136716515 733 ./etc/dhcpd.conf | |
3581520 790 ./etc/disktab | |
4294967295 0 ./etc/dumpdates | |
@@ -38,7 +38,7 @@ | |
4294967295 0 ./etc/iked/pubkeys/ufqdn | |
1419656858 2381 ./etc/inetd.conf | |
4243353537 1122 ./etc/ipsec.conf | |
-1378435518 4005 ./etc/ksh.kshrc | |
+3233988592 4078 ./etc/ksh.kshrc | |
1239840989 19658 ./etc/ldap/core.schema | |
4128381391 2737 ./etc/ldap/inetorgperson.schema | |
2139975806 7443 ./etc/ldap/nis.schema | |
@@ -46,8 +46,8 @@ | |
1669450874 301 ./etc/ldpd.conf | |
4063907622 2388 ./etc/localtime | |
1272061458 555 ./etc/locate.rc | |
-3897767250 2242 ./etc/login.conf | |
-3718017018 143932 ./etc/lynx.cfg | |
+1110035010 2356 ./etc/login.conf | |
+982492453 149343 ./etc/lynx.cfg | |
4140050977 105 ./etc/mail.rc | |
180804272 2556 ./etc/mail/Makefile | |
2236616533 3388 ./etc/mail/README | |
@@ -59,36 +59,35 @@ | |
2937419450 65536 ./etc/mail/genericstable.db | |
2054762348 5663 ./etc/mail/helpfile | |
987201812 466 ./etc/mail/local-host-names | |
-382135422 40742 ./etc/mail/localhost.cf | |
+3386756419 58736 ./etc/mail/localhost.cf | |
3116949394 562 ./etc/mail/mailertable | |
2937419450 65536 ./etc/mail/mailertable.db | |
1149556019 490 ./etc/mail/relay-domains | |
-4292518303 64505 ./etc/mail/sendmail.cf | |
+422510689 64855 ./etc/mail/sendmail.cf | |
667510436 300 ./etc/mail/smtpd.conf | |
3479831541 1876 ./etc/mail/spamd.conf | |
-1379803338 41794 ./etc/mail/submit.cf | |
+2844956136 41813 ./etc/mail/submit.cf | |
942407207 561 ./etc/mail/trusted-users | |
780872591 621 ./etc/mail/virtusertable | |
2937419450 65536 ./etc/mail/virtusertable.db | |
233395827 424 ./etc/mailer.conf | |
-408305320 2010 ./etc/man.conf | |
+538068741 2028 ./etc/man.conf | |
3970800728 3030 ./etc/master.passwd | |
3948491597 159160 ./etc/moduli | |
1897395865 911 ./etc/monthly | |
1116441835 406 ./etc/motd | |
3992554006 1531 ./etc/mrouted.conf | |
1841534430 17 ./etc/myname | |
-3166902118 9791 ./etc/netstart | |
+2821369227 9776 ./etc/netstart | |
2935274938 203 ./etc/networks | |
-968301387 754 ./etc/newsyslog.conf | |
+1749469726 751 ./etc/newsyslog.conf | |
522072229 474 ./etc/nsd.conf | |
3066868024 493 ./etc/ntpd.conf | |
2444571113 467 ./etc/ospf6d.conf | |
4056398302 590 ./etc/ospfd.conf | |
1160083724 2770 ./etc/passwd | |
-1588100705 1004 ./etc/pf.conf | |
+3723656003 1014 ./etc/pf.conf | |
1081783036 28452 ./etc/pf.os | |
-1486162102 322 ./etc/portal.conf | |
2639296339 141 ./etc/ppp/chap-secrets | |
2633022360 22 ./etc/ppp/options | |
1780344634 5 ./etc/ppp/options.leaf | |
@@ -97,18 +96,82 @@ | |
1129771337 5680 ./etc/protocols | |
3597021780 40960 ./etc/pwd.db | |
1686087193 344 ./etc/rbootd.conf | |
-3662757083 20802 ./etc/rc | |
-3512624051 4577 ./etc/rc.conf | |
-492396179 484 ./etc/rc.local | |
+2763463174 12389 ./etc/rc | |
+1578515318 6004 ./etc/rc.conf | |
+267637332 312 ./etc/rc.d/amd | |
+1265943401 139 ./etc/rc.d/apmd | |
+261475010 245 ./etc/rc.d/aucat | |
+2834649058 148 ./etc/rc.d/bgpd | |
+3740553734 193 ./etc/rc.d/bootparamd | |
+2038945235 161 ./etc/rc.d/btd | |
+730954222 125 ./etc/rc.d/cron | |
+3047728792 186 ./etc/rc.d/dhcpd | |
+68343521 147 ./etc/rc.d/dhcrelay | |
+1327359381 143 ./etc/rc.d/dvmrpd | |
+3135602125 142 ./etc/rc.d/ftpd | |
+3094353546 148 ./etc/rc.d/ftpproxy | |
+395773181 131 ./etc/rc.d/hostapd | |
+2636195187 133 ./etc/rc.d/hotplugd | |
+3834501401 223 ./etc/rc.d/httpd | |
+1739603648 146 ./etc/rc.d/identd | |
+2768964995 133 ./etc/rc.d/ifstated | |
+464380069 244 ./etc/rc.d/iked | |
+578927436 127 ./etc/rc.d/inetd | |
+1126074747 260 ./etc/rc.d/isakmpd | |
+3201856125 161 ./etc/rc.d/kadmind | |
+1322067361 153 ./etc/rc.d/kdc | |
+2083241768 163 ./etc/rc.d/kpasswdd | |
+2394091930 127 ./etc/rc.d/ldapd | |
+246626946 185 ./etc/rc.d/ldattach | |
+3305142314 148 ./etc/rc.d/ldpd | |
+2348371821 148 ./etc/rc.d/lockd | |
+1907405467 123 ./etc/rc.d/lpd | |
+3024300963 175 ./etc/rc.d/mopd | |
+1230391394 273 ./etc/rc.d/mountd | |
+645692843 131 ./etc/rc.d/mrouted | |
+4201548706 151 ./etc/rc.d/named | |
+3936574830 263 ./etc/rc.d/nfsd | |
+408870648 123 ./etc/rc.d/nsd | |
+3762480537 148 ./etc/rc.d/ntpd | |
+1296917791 153 ./etc/rc.d/ospf6d | |
+115544782 152 ./etc/rc.d/ospfd | |
+890096221 321 ./etc/rc.d/pflogd | |
+596435374 148 ./etc/rc.d/portmap | |
+943130337 175 ./etc/rc.d/rarpd | |
+1412695812 129 ./etc/rc.d/rbootd | |
+4190350284 3686 ./etc/rc.d/rc.subr | |
+3270191689 154 ./etc/rc.d/relayd | |
+1026433280 148 ./etc/rc.d/ripd | |
+2497839557 131 ./etc/rc.d/route6d | |
+913712826 143 ./etc/rc.d/rtadvd | |
+2842351940 143 ./etc/rc.d/rtsold | |
+1851593216 127 ./etc/rc.d/rwhod | |
+2618722736 157 ./etc/rc.d/sasyncd | |
+463419716 201 ./etc/rc.d/sendmail | |
+492290785 133 ./etc/rc.d/sensorsd | |
+2155830537 127 ./etc/rc.d/smtpd | |
+3610797679 151 ./etc/rc.d/snmpd | |
+3517108066 251 ./etc/rc.d/spamd | |
+1872449312 383 ./etc/rc.d/spamlogd | |
+4120889130 125 ./etc/rc.d/sshd | |
+2477508236 148 ./etc/rc.d/statd | |
+1840352542 683 ./etc/rc.d/syslogd | |
+2752900909 135 ./etc/rc.d/watchdogd | |
+1017102124 147 ./etc/rc.d/wsmoused | |
+475019693 128 ./etc/rc.d/xdm | |
+1454977672 217 ./etc/rc.d/ypbind | |
+378041663 129 ./etc/rc.d/ypldap | |
+2137632492 684 ./etc/rc.d/yppasswdd | |
+3344039607 212 ./etc/rc.d/ypserv | |
+1321551014 298 ./etc/rc.local | |
639998969 635 ./etc/rc.securelevel | |
-3940915127 557 ./etc/rc.shutdown | |
-3253051455 2530 ./etc/relayd.conf | |
-75412510 1887 ./etc/remote | |
+4048415435 346 ./etc/rc.shutdown | |
+1363152004 2618 ./etc/relayd.conf | |
+2055517336 1882 ./etc/remote | |
3052949533 272 ./etc/ripd.conf | |
-3778513600 10132 ./etc/rmt | |
+3726841241 10132 ./etc/rmt | |
1935202087 852 ./etc/rpc | |
4271262874 403 ./etc/sasyncd.conf | |
-2272953289 18717 ./etc/security | |
1815096265 1135 ./etc/sensorsd.conf | |
255659374 10143 ./etc/services | |
4011733011 258 ./etc/shells | |
@@ -117,25 +180,24 @@ | |
4250547697 398 ./etc/skel/.login | |
2758166825 113 ./etc/skel/.mailrc | |
1242816164 218 ./etc/skel/.profile | |
-4294967295 0 ./etc/skel/.ssh | |
4294967295 0 ./etc/skel/.ssh/authorized_keys | |
1777800463 349 ./etc/sliphome/slip.hosts | |
2924136859 500 ./etc/sliphome/slip.login | |
3515895754 608 ./etc/snmpd.conf | |
3850897738 40960 ./etc/spwd.db | |
-4294967295 0 ./etc/ssh | |
2120219775 1555 ./etc/ssh/ssh_config | |
-2950094583 2560 ./etc/ssh/sshd_config | |
+1751492801 2719 ./etc/ssh/sshd_config | |
471002687 1598 ./etc/ssl/openssl.cnf | |
993424129 1005 ./etc/ssl/x509v3.cnf | |
2341528463 1354 ./etc/sudoers | |
-114370617 2789 ./etc/sysctl.conf | |
+111611641 2809 ./etc/sysctl.conf | |
1055529673 1530 ./etc/syslog.conf | |
1892516430 3246 ./etc/systrace/usr_sbin_lpd | |
1470207625 3531 ./etc/systrace/usr_sbin_named | |
2328247655 22998 ./etc/ttys | |
-373947323 1653 ./etc/weekly | |
+3915551415 1642 ./etc/weekly | |
4174102115 474 ./etc/wsconsctl.conf | |
+2792435811 1077 ./etc/ypldap.conf | |
3838912274 22 ./root/.Xdefaults | |
2524506263 578 ./root/.cshrc | |
1685996065 125 ./root/.klogin | |
@@ -161,14 +223,13 @@ | |
4294967295 0 ./var/log/sendmail.st | |
4294967295 0 ./var/log/wtmp | |
4294967295 0 ./var/log/xferlog | |
-270223311 4546 ./var/mail/root | |
+3999719321 4546 ./var/mail/root | |
2245793152 1563 ./var/named/etc/named-dual.conf | |
1504362979 1351 ./var/named/etc/named-simple.conf | |
1504362979 1351 ./var/named/etc/named.conf | |
-1453147431 3056 ./var/named/etc/root.hint | |
+437437808 3110 ./var/named/etc/root.hint | |
4294967295 0 ./var/named/master | |
4294967295 0 ./var/named/slave | |
-4294967295 0 ./var/named/standard | |
1984377487 254 ./var/named/standard/localhost | |
3822975874 257 ./var/named/standard/loopback | |
1448486153 314 ./var/named/standard/loopback6.arpa | |
@@ -182,7 +243,6 @@ | |
996429480 12965 ./var/www/conf/magic | |
406577318 16119 ./var/www/conf/mime.types | |
1923043049 2326 ./var/www/htdocs/apache_pb.gif | |
-4294967295 0 ./var/www/htdocs/bgplg | |
3954868337 376 ./var/www/htdocs/bgplg/index.html | |
4068849323 75238 ./var/www/htdocs/bgplg/openbgpd.gif | |
95417789 41318 ./var/www/htdocs/blowfish.jpg | |
diff -ur etc49/var/mail/root etc50/var/mail/root | |
--- etc49/var/mail/root Wed Mar 2 14:51:57 2011 | |
+++ etc50/var/mail/root Wed Aug 17 17:51:02 2011 | |
@@ -1,9 +1,9 @@ | |
-From deraadt@do-not-reply.openbsd.org Sun May 1 07:47:47 MDT 2011 | |
+From deraadt@do-not-reply.openbsd.org Tue Nov 1 07:47:47 MST 2011 | |
Return-Path: root | |
-Date: May 1 07:47:47 MDT 2011 | |
+Date: Nov 1 07:47:47 MST 2011 | |
From: deraadt@do-not-reply.openbsd.org (Theo de Raadt) | |
To: root | |
-Subject: Welcome to OpenBSD 4.9! | |
+Subject: Welcome to OpenBSD 5.0! | |
This message attempts to describe the most basic initial questions that a | |
system administrator of an OpenBSD box might have. You are urged to save | |
@@ -27,13 +27,13 @@ | |
Several popular binary packages (pre-compiled applications) are available | |
for most architectures. If you installed from a CD-ROM the packages | |
-are on the same CD-ROM you installed from in the directory 4.9/packages. | |
+are on the same CD-ROM you installed from in the directory 5.0/packages. | |
CD-ROM space permitted us to include a subset of the full FTP packages | |
for the most common architectures. Please see the FTP sites to see a | |
full list of packages for each architecture: | |
- ftp://ftp.openbsd.org/pub/OpenBSD/4.9/packages/ | |
+ ftp://ftp.openbsd.org/pub/OpenBSD/5.0/packages/ | |
If you do not find a package you want on the CD, please go look at your | |
nearest FTP mirror site. | |
@@ -41,9 +41,9 @@ | |
Select your architecture and download the tarballs of your choice. For example | |
to install the emacs package for i386, execute: | |
# mount /dev/cd0a /cdrom | |
- # pkg_add -v /cdrom/4.9/packages/i386/emacs-22.3p6.tgz | |
+ # pkg_add -v /cdrom/5.0/packages/i386/emacs-22.3p6.tgz | |
or alternatively install them via FTP this way: | |
- # pkg_add -v ftp://ftp.openbsd.org/pub/OpenBSD/4.9/packages/i386/emacs-22.3p6.tgz | |
+ # pkg_add -v ftp://ftp.openbsd.org/pub/OpenBSD/5.0/packages/i386/emacs-22.3p6.tgz | |
Significant efforts were made to centralize all system configuration in the | |
/etc directory. You should be able to find each of the configuration files | |
diff -ur etc49/var/named/etc/root.hint etc50/var/named/etc/root.hint | |
--- etc49/var/named/etc/root.hint Wed Mar 2 14:51:50 2011 | |
+++ etc50/var/named/etc/root.hint Wed Aug 17 17:50:54 2011 | |
@@ -1,4 +1,4 @@ | |
-; $OpenBSD: root.hint,v 1.8 2010/06/27 22:04:33 jakob Exp $ | |
+; $OpenBSD: root.hint,v 1.9 2011/06/22 05:22:20 jakob Exp $ | |
; | |
; This file holds the information on root name servers needed to | |
; initialize cache of Internet domain name servers | |
@@ -11,8 +11,8 @@ | |
; on server FTP.INTERNIC.NET | |
; -OR- RS.INTERNIC.NET | |
; | |
-; last update: Jun 17, 2010 | |
-; related version of root zone: 2010061700 | |
+; last update: Jun 8, 2011 | |
+; related version of root zone: 2011060800 | |
; | |
; formerly NS.INTERNIC.NET | |
; | |
@@ -34,6 +34,7 @@ | |
; | |
. 3600000 NS D.ROOT-SERVERS.NET. | |
D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90 | |
+D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2D::D | |
; | |
; FORMERLY NS.NASA.GOV | |
; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment