Skip to content

Instantly share code, notes, and snippets.

@zeszyt

zeszyt/etc-49-50.diff

Created December 5, 2011 00:01
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save zeszyt/1431717 to your computer and use it in GitHub Desktop.
Save zeszyt/1431717 to your computer and use it in GitHub Desktop.
Download ZIP
OpenBSD etc 4.9 -> 5.0
Raw
etc-49-50.diff
diff -ur etc49/etc/changelist etc50/etc/changelist
--- etc49/etc/changelist Wed Mar 2 14:51:49 2011
+++ etc50/etc/changelist Wed Aug 17 17:50:53 2011
@@ -1,4 +1,4 @@
-# $OpenBSD: changelist,v 1.71 2011/01/19 18:34:58 david Exp $
+# $OpenBSD: changelist,v 1.74 2011/07/07 06:15:53 schwarze Exp $
#
# List of files which the security script backs up and checks
# for modifications.
@@ -38,6 +38,7 @@
/etc/gettytab
/etc/group
/etc/hostapd.conf
++/etc/hostname.*
/etc/hosts
/etc/hosts.allow
/etc/hosts.deny
@@ -101,7 +102,6 @@
/etc/pf.conf
/etc/pf.os
/etc/pkg.conf
-/etc/portal.conf
/etc/printcap
/etc/profile
/etc/protocols
@@ -123,7 +123,6 @@
/etc/rpc
/etc/rtadvd.conf
/etc/sasyncd.conf
-/etc/security
/etc/sensorsd.conf
/etc/services
/etc/shells
diff -ur etc49/etc/daily etc50/etc/daily
--- etc49/etc/daily Wed Mar 2 14:51:49 2011
+++ etc50/etc/daily Wed Aug 17 17:50:53 2011
@@ -1,5 +1,5 @@
#
-# $OpenBSD: daily,v 1.68 2010/09/22 13:01:10 deraadt Exp $
+# $OpenBSD: daily,v 1.71 2011/04/23 19:35:53 schwarze Exp $
# From: @(#)daily 8.2 (Berkeley) 1/25/94
#
# For local additions, create the file /etc/daily.local.
@@ -50,7 +50,7 @@
find -x . \
\( -path './ssh-*' -o -path ./.X11-unix -o -path ./.ICE-unix \
-o -path ./portslocks \) \
- -prune -o -type f -atime +3 -execdir rm -f -- {} \;
+ -prune -o -type f -atime +3 -execdir rm -f -- {} \; 2>&-
find -x . -type d -mtime +1 ! -path ./vi.recover ! -path ./.X11-unix \
! -path ./.ICE-unix ! -path ./portslocks ! -name . \
-execdir rmdir -- {} \; >/dev/null 2>&1; }
@@ -61,7 +61,7 @@
find -x . \
\( -path './ssh-*' -o -path ./.X11-unix -o -path ./.ICE-unix \
-o -path ./portslocks \) \
- -prune -o ! -type d -atime +7 -execdir rm -f -- {} \;
+ -prune -o ! -type d -atime +7 -execdir rm -f -- {} \; 2>&-
find -x . -type d -mtime +1 ! -path ./vi.recover ! -path ./.X11-unix \
! -path ./.ICE-unix ! -path ./portslocks ! -name . \
-execdir rmdir -- {} \; >/dev/null 2>&1; }
@@ -192,8 +192,9 @@
MAINOUT=/var/log/security.out
install -o 0 -g 0 -m 600 -b /dev/null $MAINOUT
-start_part "Running /etc/security:"
-run_script "security"
+start_part "Running security(8):"
+export SUIDSKIP
+/usr/libexec/security
end_part
rm -f $PARTOUT
diff -ur etc49/etc/dhclient.conf etc50/etc/dhclient.conf
--- etc49/etc/dhclient.conf Wed Mar 2 14:51:49 2011
+++ etc50/etc/dhclient.conf Wed Aug 17 17:50:53 2011
@@ -1,4 +1,4 @@
-# $OpenBSD: dhclient.conf,v 1.1 1998/09/08 20:26:41 marc Exp $
+# $OpenBSD: dhclient.conf,v 1.2 2011/04/04 11:14:52 krw Exp $
#
# DHCP Client Configuration
#
@@ -14,4 +14,3 @@
# request subnet-mask, broadcast-address, time-offset, routers,
# domain-name, domain-name-servers, host-name, lpr-servers, ntp-servers;
# require subnet-mask, domain-name-servers, routers;
-# media "link0 link1", "link0 link1", "link0 link1", "-link0 link1";
diff -ur etc49/etc/ksh.kshrc etc50/etc/ksh.kshrc
--- etc49/etc/ksh.kshrc Wed Mar 2 14:51:49 2011
+++ etc50/etc/ksh.kshrc Wed Aug 17 17:50:53 2011
@@ -1,5 +1,5 @@
:
-# $OpenBSD: ksh.kshrc,v 1.15 2010/04/26 09:04:15 otto Exp $
+# $OpenBSD: ksh.kshrc,v 1.16 2011/07/04 19:52:37 halex Exp $
#
# NAME:
# ksh.kshrc - global initialization for ksh
@@ -92,15 +92,15 @@
esac
# do we want window decorations?
if [ "$ILS" ]; then
- ilabel () { print -n "${ILS}$*${ILE}">/dev/tty; }
- label () { print -n "${WLS}$*${WLE}">/dev/tty; }
+ function ilabel { print -n "${ILS}$*${ILE}">/dev/tty; }
+ function label { print -n "${WLS}$*${WLE}">/dev/tty; }
alias stripe='label "$USER@$HOST ($tty) - $PWD"'
alias istripe='ilabel "$USER@$HOST ($tty)"'
- wftp () { ilabel "ftp $*"; "ftp" "$@"; eval istripe; }
- wcd () { \cd "$@" && eval stripe; }
- wssh ()
+ function wftp { ilabel "ftp $*"; "ftp" "$@"; eval istripe; }
+ function wcd { \cd "$@" && eval stripe; }
+ function wssh
{
local rc
"ssh" "$@"
@@ -109,7 +109,7 @@
eval stripe
return $rc
}
- wtelnet ()
+ function wtelnet
{
local rc
"telnet" "$@"
@@ -118,7 +118,7 @@
eval stripe
return $rc
}
- wrlogin ()
+ function wrlogin
{
local rc
"rlogin" "$@"
@@ -127,7 +127,7 @@
eval stripe
return $rc
}
- wsu ()
+ function wsu
{
local rc
"su" "$@"
@@ -173,7 +173,7 @@
# commands for both interactive and non-interactive shells
# is $1 missing from $2 (or PATH) ?
-no_path () {
+function no_path {
eval _v="\$${2:-PATH}"
case :$_v: in
*:$1:*) return 1;; # no we have it
@@ -181,15 +181,15 @@
return 0
}
# if $1 exists and is not in path, append it
-add_path () {
+function add_path {
[ -d ${1:-.} ] && no_path $* && eval ${2:-PATH}="\$${2:-PATH}:$1"
}
# if $1 exists and is not in path, prepend it
-pre_path () {
+function pre_path {
[ -d ${1:-.} ] && no_path $* && eval ${2:-PATH}="$1:\$${2:-PATH}"
}
# if $1 is in path, remove it
-del_path () {
+function del_path {
no_path $* || eval ${2:-PATH}=`eval echo :'$'${2:-PATH}: |
sed -e "s;:$1:;:;g" -e "s;^:;;" -e "s;:\$;;"`
}
diff -ur etc49/etc/login.conf etc50/etc/login.conf
--- etc49/etc/login.conf Wed Mar 2 14:51:50 2011
+++ etc50/etc/login.conf Wed Aug 17 17:50:53 2011
@@ -1,4 +1,4 @@
-# $OpenBSD: login.conf.in,v 1.3 2010/12/17 05:33:06 tedu Exp $
+# $OpenBSD: login.conf.in,v 1.4 2011/07/26 15:16:12 sthen Exp $
#
# Sample login.conf file. See login.conf(5) for details.
@@ -84,3 +84,10 @@
:welcome=/etc/motd.authpf:\
:shell=/usr/sbin/authpf:\
:tc=default:
+
+#
+# Override resource limits for certain daemons started by rc.d(8)
+#
+bgpd:\
+ :openfiles-cur=512:\
+ :tc=daemon:
diff -ur etc49/etc/lynx.cfg etc50/etc/lynx.cfg
--- etc49/etc/lynx.cfg Wed Mar 2 14:51:54 2011
+++ etc50/etc/lynx.cfg Wed Aug 17 17:51:01 2011
@@ -1,12 +1,13 @@
+# $LynxId: lynx.cfg,v 1.180 2009/06/07 17:02:21 tom Exp $
# lynx.cfg file.
# The default placement for this file is /usr/local/lib/lynx.cfg (Unix)
# or Lynx_Dir:lynx.cfg (VMS)
#
# $Format: "#PRCS LYNX_VERSION \"$ProjectVersion$\""$
-#PRCS LYNX_VERSION "2.8.6rel.5"
+#PRCS LYNX_VERSION "2.8.7rel.2"
#
# $Format: "#PRCS LYNX_DATE \"$ProjectDate$\""$
-#PRCS LYNX_DATE "Wed, 09 May 2007 17:29:16 -0700"
+#PRCS LYNX_DATE "Mon, 21 Jun 2010 02:27:35 -0700"
#
# Definition pairs are of the form VARIABLE:DEFINITION
# NO spaces are allowed between the pair items.
@@ -112,8 +113,10 @@
# for this distribution (use SHELL syntax including the device
# on VMS systems).
# The default HELPFILE is:
-# http://www.subir.com/lynx/lynx_help/lynx_help_main.html
+# http://lynx.isc.org/release/lynx2-8-7/lynx_help/lynx_help_main.html
# This should be changed to the local path.
+# This definition will be overridden if the "LYNX_HELPFILE" environment
+# variable has been set.
#
HELPFILE:file://localhost/usr/share/doc/html/lynx_help/lynx_help_main.html
.ex
@@ -282,6 +285,49 @@
#LOCAL_DOMAIN:ukans.edu
+.h1 Session support
+
+.h2 AUTO_SESSION
+# If AUTO_SESSION is TRUE lynx will save/restore useful information about
+# your browsing history when closing/starting current lynx session if
+# no command-line session switches override this setting.
+# This setting is useful only if SESSION_FILE is defined here or in the user's
+# .lynxrc file.
+#
+#AUTO_SESSION:FALSE
+
+.h2 SESSION_FILE
+# SESSION_FILE defines the file name where lynx will store user sessions.
+# This setting is used only when AUTO_SESSION is true.
+# Note: the default setting will store/resume each session in a different
+# folder under same file name (if that is allowed by operating system)
+# when lynx is invoked from different directories.
+# (The current working directory may be changed inside lynx)
+#
+# If you want to use the same session file wherever you invoke Lynx,
+# enter the full path below, eg '/home/<username>/.lynx_session'.
+#
+# If you do not want this feature, leave the setting commented.
+# Users can still customize SESSION_FILE and AUTO_SESSION via
+# their .lynxrc file.
+#
+#SESSION_FILE:lynx_session
+
+.h2 SESSION_LIMIT
+# SESSION_LIMIT defines maximum number of: searched strings, goto URLs,
+# visited links and history entries which will be saved in session file. The
+# minimum allowed is 1, the maximum is 10000.
+#
+# For instance, if SESSION_LIMIT is 250, a per-session limit of 250 entries of
+# searched strings, goto URLs, visited links and history entries will be saved
+# in the session file.
+#
+# There is no fixed limit on the number of entries which can be restored;
+# It is limited only by available memory.
+#
+#SESSION_LIMIT:250
+
+
.h1 Character sets
.h2 CHARACTER_SET
@@ -400,11 +446,12 @@
.h2 LOCALE_CHARSET
# LOCALE_CHARSET overrides CHARACTER_SET if true, using the current locale to
-# lookup a MIME name that corresponds, and use that as the display charset.
-# This feature is experimental because while nl_langinfo(CODESET) itself is
-# standardized, the return values and their relationship to the locale value is
-# not. GNU libiconv happens to give useful values, but other implementations
-# are not guaranteed to do this.
+# lookup a MIME name that corresponds, and use that as the display charset.
+#
+# Note that while nl_langinfo(CODESET) itself is standardized, the return
+# values and their relationship to the locale value is not. GNU libiconv
+# happens to give useful values, but other implementations are not guaranteed
+# to do this.
#LOCALE_CHARSET:FALSE
@@ -683,6 +730,7 @@
.h2 INFOSECS
.h2 MESSAGESECS
.h2 ALERTSECS
+.h2 NO_PAUSE
# The following definitions set the number of seconds for
# pauses following statusline messages that would otherwise be
# replaced immediately, and are more important than the unpaused
@@ -699,9 +747,13 @@
# SVr4-curses implementations support time delays in milliseconds,
# hence the value may be given shorter, e.g., 0.5
#
+# Use the NO_PAUSE option (like the command-line -nopause) to override
+# all of the delay times.
+#
#INFOSECS:1
#MESSAGESECS:2
#ALERTSECS:3
+#NO_PAUSE:FALSE
.h2 DEBUGSECS
# Set DEBUGSECS to a nonzero value to slow down progress messages
@@ -1014,9 +1066,7 @@
# =====
# TRUSTED_LYNXCGI rules define the permitted sources and/or paths for
# lynxcgi links (if LYNXCGI_LINKS is defined in userdefs.h). The format
-# is the same as for TRUSTED_EXEC rules (see above), but no defaults are
-# defined, i.e., if no TRUSTED_LYNXCGI rules are defined here, any source
-# and path for lynxcgi links will be permitted. Example rules:
+# is the same as for TRUSTED_EXEC rules (see above). Example rules:
#
# TRUSTED_LYNXCGI:file://localhost/
# TRUSTED_LYNXCGI:<tab>/usr/local/etc/httpd/cgi-bin/
@@ -1026,6 +1076,8 @@
# ====
# Do not define this.
#
+# The default TRUSTED_LYNXCGI rule is "none".
+#
#TRUSTED_LYNXCGI:none
@@ -1232,10 +1284,12 @@
.h2 USE_MOUSE
# If Lynx is configured with ncurses, PDcurses or slang & USE_MOUSE is TRUE,
# users can perform commands by left-clicking certain parts of the screen:
-# on a link = `g'oto + ACTIVATE (ie move highlight & follow the link);
-# on the top/bottom lines = PREV/NEXT_PAGE (ie go up/down 1 page);
-# on the top/bottom left corners = PREV_DOC (ie go to the previous document);
-# on the top/bottom right corners = HISTORY (ie call up the history page).
+# on a link = `g'oto + ACTIVATE (i.e., move highlight & follow the link);
+# on the top/bottom lines = PREV/NEXT_PAGE (i.e., go up/down 1 page);
+# on the top/bottom left corners = PREV/NEXT_DOC (i.e., go to the previous
+# document / undo goto previous document);
+# on the top/bottom right corners = HISTORY/VLINKS (i.e., call up the history
+# page or visited links page if on history page).
# NB if the mouse is defined in this way, it will not be available
# for copy/paste operations using the clipboard of a desktop manager:
# for flexibility instead, use the command-line switch -use_mouse .
@@ -1351,9 +1405,9 @@
# enough for reasonable usage; if they are very high, some sites may present
# undue performance waste.
#
-#max_cookies_domain:50
-#max_cookies_global:500
-#max_cookies_buffer:4096
+#MAX_COOKIES_DOMAIN:50
+#MAX_COOKIES_GLOBAL:500
+#MAX_COOKIES_BUFFER:4096
.h2 PERSISTENT_COOKIES
# PERSISTENT_COOKIES indicates that cookies should be read at startup from
@@ -1606,6 +1660,24 @@
#
#SYSTEM_EDITOR:
+.h3 POSITIONABLE_EDITOR
+# If POSITIONABLE_EDITOR is defined once or multiple times and if the same
+# editor is used as editor in lynx, lynx will use its features, i.e., adding an
+# option to set the initial line-position, when editing files and textarea.
+# The commented editors below are already known; there is no need to uncomment
+# them.
+#
+#POSITIONABLE_EDITOR:emacs
+#POSITIONABLE_EDITOR:jed
+#POSITIONABLE_EDITOR:jmacs
+#POSITIONABLE_EDITOR:joe
+#POSITIONABLE_EDITOR:jove
+#POSITIONABLE_EDITOR:jpico
+#POSITIONABLE_EDITOR:jstar
+#POSITIONABLE_EDITOR:nano
+#POSITIONABLE_EDITOR:pico
+#POSITIONABLE_EDITOR:rjoe
+#POSITIONABLE_EDITOR:vi
.h1 Proxy
@@ -1691,9 +1763,9 @@
#
# To define your own print or download option use the following formats:
#
-# PRINTER:<name>:<command>:<option>:<lines/page>
+# PRINTER:<name>:<command>:<option>:<lines/page>[:<environment>]
#
-# DOWNLOADER:<name>:<command>:<option>
+# DOWNLOADER:<name>:<command>:<option>[:<environment>]
#
# <name> is what you will see on the print/download screen.
#
@@ -1720,6 +1792,15 @@
# it uses current screen length for the computation
# when `Print to screen' is selected.
#
+# [:<environment>]
+# optional, if XWINDOWS then printer/downloader will be
+# enabled if DISPLAY environment variable IS defined and
+# disabled otherwise, if environment is NON_XWINDOWS
+# then printer/downloader will be enabled if DISPLAY
+# environment variable IS NOT defined and disabled otherwise,
+# for anything else or if environment is not specified
+# printer/downloader is always enabled.
+#
# You must put the whole definition on one line;
# if you use a colon, precede it with a backslash.
#
@@ -2129,6 +2210,7 @@
# (the first for filenames with a dot somewhere in
# the name, the second without), these are currently
# mapped to text/plain in the (HTInit.c) builtin code.
+# Lynx compares the file-extensions ignoring case.
#
# <mime type> a MIME content type. It can also contain a charset
# parameter, see example below. This should be given in
@@ -2268,7 +2350,7 @@
# by some built-in defaults in src/HTInit.c.
#
# The VIEWER definition takes the form of:
-# VIEWER:<mime type>:<viewer command>[:environment]
+# VIEWER:<mime type>:<viewer command>[:<environment>]
# where -mime type is the MIME content type of the file
# -viewer command is a system command that can be
# used to display the file where %s is replaced
@@ -2434,6 +2516,7 @@
.nf
#KEYMAP:0x5C:SOURCE # Toggle source viewing mode (show HTML source)
#KEYMAP:^R:RELOAD # Reload the current document and redisplay
+#KEYMAP:^U:NEXT_DOC # Undo PREV_DOC)
#KEYMAP:q:QUIT # Ask the user to quit
#KEYMAP:Q:ABORT # Quit without verification
#KEYMAP:0x20:NEXT_PAGE # Move down to next page
@@ -2548,7 +2631,7 @@
# sense in Dired mode), and SELECT is meaningless. Default built-in override
# mappings are
#
-#KEYMAP:^U:PREV_DOC:DIRED # Return to the previous document
+#KEYMAP:^U:NEXT_DOC:DIRED # Undo going back to the previous document
#KEYMAP:.:TAG_LINK:DIRED # Tag a file or directory for later action
#KEYMAP:c:CREATE:DIRED # Create a new file or directory
#KEYMAP:C:CHDIR:DIRED # change current directory
@@ -2693,14 +2776,14 @@
.h1 Appearance
.h2 LIST_FORMAT
-# Unix ONLY:
-#===========
# LIST_FORMAT defines the display for local files when Lynx has been
# compiled with LONG_LIST defined in the Makefile. The default is set
# in userdefs.h, normally to "ls -l" format, and can be changed here
# by uncommenting the indicated lines, or adding a definition with a
# modified parameter list.
#
+# This feature is not available for VMS.
+#
# The percent items in the list are interpreted as follows:
.nf
#
@@ -2949,7 +3032,7 @@
.h2 COLOR_STYLE
# Also known as "lss" (lynx style-sheet), the color-style file assigns color
# combination to tags and combinations of tags. Normally a non-empty value
-# is compiled into lynx, and the user can override that using the -lss
+# is compiled into lynx, and the user can override that using the -lss
# command-line option. The configure script allows one to compile in an
# empty string. If lynx finds no value for this setting, it simulates the
# non-color-style assignments using the COLOR settings.
@@ -2971,7 +3054,7 @@
.h2 ASSUMED_COLOR
# If built with a library that recognizes default colors (usually ncurses or
# slang), and if the corresponding option is compiled into lynx, lynx
-# initializes it to assume the corresponding foreground and background colors.
+# initializes it to assume the corresponding foreground and background colors.
# Default colors are those that the terminal (emulator) itself is initialized
# to. For instance, you might have an xterm running with black text on a white
# background, and want lynx to display colored text on the white background,
@@ -2993,7 +3076,7 @@
.h2 DEFAULT_COLORS
# If built with a library that recognizes default colors (usually ncurses or
# slang), and if the corresponding option is compiled into lynx, lynx
-# initializes it to assume the corresponding foreground and background colors.
+# initializes it to assume the corresponding foreground and background colors.
# Default colors are those that the terminal (emulator) itself is initialized
# to.
#
@@ -3028,7 +3111,7 @@
#
# The lynx.cfg line is as follows:
#
-# EXTERNAL:<url>:<command> %s:<norestriction>:<allow_for_activate>
+# EXTERNAL:<url>:<command> %s:<norestriction>:<allow_for_activate>[:environment]
#
# <url> Any given URL. This can be normal ones like ftp or http or it
# can be one made up like mymail.
@@ -3048,6 +3131,11 @@
# pressing EXTERN key on it). If this component of the line is absent, then
# FALSE is assumed.
#
+# [:environment] Optional, if XWINDOWS then command is allowed only if
+# $DISPLAY environment variable is set, else if NON_XWINDOWS then command
+# is allowed only if $DISPLAY environment variable is not set, if absent or
+# anything else command is always allowed.
+#
# For invoking the command use the EXTERN_LINK or EXTERN_PAGE key. By default
# EXTERN_LINK is mapped to '.', and EXTERN_PAGE to ',' (if the feature is
# enabled), see the KEYMAP section above.
@@ -3233,6 +3321,15 @@
#
#HIDDEN_LINK_MARKER:
+.h2 XHTML_PARSING
+# XHTML_PARSING - HTML parsing
+# When true, tells lynx that it can ignore certain tags which have no content
+# in an XHTML 1.0 document. For example
+# <p />
+# <a />
+# When the option is false, lynx will not treat the tag as an ending.
+#XHTML_PARSING:FALSE
+
.h1 Appearance
.h2 JUSTIFY
@@ -3290,7 +3387,11 @@
# Specifies (in seconds) connect timeout. Default value is rather huge.
#CONNECT_TIMEOUT:18000
+.h2 READ_TIMEOUT
+# Specifies (in seconds) read-timeout. Default value is rather huge.
+#READ_TIMEOUT:18000
+
.h1 Internal Behavior
# These settings control internal lynx behavior - the way it interacts with the
# operating system and Internet. Modifying these settings will not change
@@ -3319,6 +3420,7 @@
.nf
#ENABLE_LYNXRC:accept_all_cookies:ON
#ENABLE_LYNXRC:assume_charset:OFF
+#ENABLE_LYNXRC:auto_session:OFF
#ENABLE_LYNXRC:bookmark_file:ON
#ENABLE_LYNXRC:case_sensitive_searching:ON
#ENABLE_LYNXRC:character_set:ON
@@ -3335,6 +3437,7 @@
#ENABLE_LYNXRC:file_sorting_method:ON
#ENABLE_LYNXRC:force_cookie_prompt:OFF
#ENABLE_LYNXRC:force_ssl_prompt:OFF
+#ENABLE_LYNXRC:ftp_passive:OFF
#ENABLE_LYNXRC:kblayout:ON
#ENABLE_LYNXRC:keypad_mode:ON
#ENABLE_LYNXRC:lineedit_mode:ON
@@ -3342,6 +3445,7 @@
#ENABLE_LYNXRC:make_links_for_all_images:OFF
#ENABLE_LYNXRC:make_pseudo_alts_for_inlines:OFF
#ENABLE_LYNXRC:multi_bookmark:ON
+#ENABLE_LYNXRC:no_pause:OFF
#ENABLE_LYNXRC:personal_mail_address:ON
#ENABLE_LYNXRC:preferred_charset:ON
#ENABLE_LYNXRC:preferred_encoding:OFF
@@ -3352,6 +3456,8 @@
#ENABLE_LYNXRC:run_execution_links_on_local_files:ON
#ENABLE_LYNXRC:scrollbar:OFF
#ENABLE_LYNXRC:select_popups:ON
+#ENABLE_LYNXRC:send_useragent:OFF
+#ENABLE_LYNXRC:session_file:OFF
#ENABLE_LYNXRC:set_cookies:OFF
#ENABLE_LYNXRC:show_color:ON
#ENABLE_LYNXRC:show_cursor:ON
@@ -3413,6 +3519,14 @@
#
#FORCE_COOKIE_PROMPT:PROMPT
+.h2 SSL_CERT_FILE
+# Set SSL_CERT_FILE to the file that contains all valid CA certificates lynx
+# should accept, in case the $SSL_CERT_FILE environment variable is not set,
+# e.g.,
+#
+#SSL_CERT_FILE:/etc/ssl/certs/ca-certificates.crt
+#SSL_CERT_FILE:NULL
+
.h1 Appearance
.h2 SCREEN_SIZE
@@ -3440,3 +3554,36 @@
# Add the given text to calls made to syslog, to distinguish Lynx from other
# applications which use that interface.
#SYSLOG_TEXT:
+
+.h1 Internal Behavior
+.h2 BROKEN_FTP_RETR
+# Some ftp servers are known to have a broken implementation of RETR. If asked
+# to retrieve a directory, they get confused and fails subsequent commands such
+# as CWD and LIST. Workaround: reconnect after a failed RETR, which is slow.
+#
+# Each BROKEN_FTP_RETR gives a string match for the reported FTP server version
+#BROKEN_FTP_RETR:ProFTPD 1.2.5
+#BROKEN_FTP_RETR:spftp/
+
+.h2 BROKEN_FTP_EPSV
+# Some ftp servers are known to have a broken implementation of EPSV. The
+# server will hang for a long time when we attempt to connect after issuing
+# this command. Workaround: do not use EPSV, just use PASV.
+#
+# Each BROKEN_FTP_EPSV gives a string match for the reported FTP server version
+#BROKEN_FTP_EPSV:(Version wu-2.6.2-12)
+
+.h1 Appearance
+.h2 FTP_FORMAT
+# FTP_FORMAT defines the display for remote files.
+# It uses the same "%" codes as LIST_FORMAT.
+#FTP_FORMAT:%d %-16.16t %a %K
+
+.h1 Internal Behavior
+
+.h2 STATUS_BUFFER_SIZE
+# STATUS_BUFFER_SIZE controls the size of the buffer used for the LYNXMESSAGES
+# special url.
+#
+# The default size (if not overridden in userdefs.h) is 40.
+#STATUS_BUFFER_SIZE:40
diff -ur etc49/etc/mail/localhost.cf etc50/etc/mail/localhost.cf
--- etc49/etc/mail/localhost.cf Wed Mar 2 14:51:51 2011
+++ etc50/etc/mail/localhost.cf Wed Aug 17 17:50:55 2011
@@ -1,5 +1,5 @@
#
-# Copyright (c) 1998-2004 Sendmail, Inc. and its suppliers.
+# Copyright (c) 1998-2004, 2009, 2010 Sendmail, Inc. and its suppliers.
# All rights reserved.
# Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved.
# Copyright (c) 1988, 1993
@@ -16,7 +16,7 @@
#####
##### SENDMAIL CONFIGURATION FILE
#####
-##### built by root@i386.openbsd.org on Tue Mar 1 08:52:00 MST 2011
+##### built by root@i386.openbsd.org on Sun Aug 7 13:14:20 MDT 2011
##### in /usr/src/gnu/usr.sbin/sendmail/cf/cf
##### using /usr/src/gnu/usr.sbin/sendmail/cf/cf/../ as configuration include directory
#####
@@ -27,21 +27,39 @@
######################################################################
######################################################################
-##### $Sendmail: cfhead.m4,v 8.116 2004/01/28 22:02:22 ca Exp $ #####
+##### $Sendmail: cfhead.m4,v 8.121 2010/01/07 18:20:19 ca Exp $ #####
##### $Sendmail: cf.m4,v 8.32 1999/02/07 07:26:14 gshapiro Exp $ #####
-##### @(#)openbsd-localhost.mc $Revision: 1.4 $ #####
-
+##### @(#)openbsd-proto.mc $Revision: 1.12 $ #####
##### $Sendmail: openbsd.m4,v 8.3 1999/04/24 05:37:42 gshapiro Exp $ #####
##### $Sendmail: nouucp.m4,v 8.13 1999/11/24 18:37:07 ca Exp $ #####
-##### $Sendmail: accept_unresolvable_domains.m4,v 8.10 1999/02/07 07:26:07 gshapiro Exp $ #####
+##### $Sendmail: access_db.m4,v 8.27 2006/07/06 21:10:10 ca Exp $ #####
+##### $Sendmail: blacklist_recipients.m4,v 8.13 1999/04/02 02:25:13 gshapiro Exp $ #####
+
+##### $Sendmail: use_cw_file.m4,v 8.11 2001/08/26 20:58:57 gshapiro Exp $ #####
+
+
+##### $Sendmail: mailertable.m4,v 8.25 2002/06/27 23:23:57 gshapiro Exp $ #####
+
+##### $Sendmail: use_ct_file.m4,v 8.11 2001/08/26 20:58:57 gshapiro Exp $ #####
+
+
+##### $Sendmail: virtusertable.m4,v 8.23 2002/06/27 23:23:57 gshapiro Exp $ #####
+
+##### $Sendmail: genericstable.m4,v 8.23 2002/06/27 23:23:57 gshapiro Exp $ #####
+
+##### $Sendmail: always_add_domain.m4,v 8.11 2000/09/12 22:00:53 ca Exp $ #####
+
+##### $Sendmail: redirect.m4,v 8.15 1999/08/06 01:47:36 gshapiro Exp $ #####
+
##### $Sendmail: no_default_msa.m4,v 8.2 2001/02/14 05:03:22 gshapiro Exp $ #####
-##### $Sendmail: proto.m4,v 8.734 2008/01/24 23:42:01 ca Exp $ #####
+##### $Sendmail: proto.m4,v 8.744 2010/11/23 20:29:47 guenther Exp $ #####
+
# level 10 config file format
V10/Berkeley
@@ -63,6 +81,8 @@
#D{sendmailMTACluster}$m
Cwlocalhost
+# file containing names of hosts for which we receive email
+Fw-o /etc/mail/local-host-names
# my official domain name
# ... define this only if sendmail cannot automatically determine your domain
@@ -84,7 +104,12 @@
# a class with just a left bracket (for identifying domain literals)
C[[
+# access_db acceptance class
+C{Accept}OK RELAY
+
+# Resolve map (to check if a host exists in check_mail)
+Kresolve host -a<OKR> -T<TEMP>
C{ResOk}OKR
@@ -93,6 +118,10 @@
# arithmetic map
Karith arith
+# macro storage map
+Kmacro macro
+# possible values for TLS_connection in access map
+C{Tls}VERIFY ENCR
@@ -113,8 +142,22 @@
DnMAILER-DAEMON
+# Access list database (for spam stomping)
+Kaccess hash -o -T<TMPF> /etc/mail/access
+
+# Mailer table (overriding domains)
+Kmailertable hash -o /etc/mail/mailertable
+
+# Virtual user table (maps incoming users)
+Kvirtuser hash -o /etc/mail/virtusertable
+
+# Generics table (mapping outgoing addresses)
+Kgenerics hash -o /etc/mail/genericstable
+
+CPREDIRECT
+
# Configuration version number
-DZ8.14.3
+DZ8.14.5
###############
@@ -223,8 +266,8 @@
# SMTP client options
-O ClientPortOptions=Family=inet6, Address=::
O ClientPortOptions=Family=inet, Address=0.0.0.0
+O ClientPortOptions=Family=inet6, Address=::
# Modifiers to define {daemon_flags} for direct submissions
#O DirectSubmissionModifiers
@@ -233,7 +276,7 @@
#O UseMSP
# privacy flags
-O PrivacyOptions=authwarnings
+O PrivacyOptions=authwarnings,needmailhelo,noexpn,novrfy,nobodyreturn
# who (if anyone) should get extra copies of error messages
#O PostmasterCopy=Postmaster
@@ -445,6 +488,7 @@
# once the threshold number of recipients have been rejected
#O BadRcptThrottle=0
+
# shall we get local names from our installed interfaces?
#O DontProbeInterfaces=False
@@ -505,6 +549,7 @@
# SMTP STARTTLS server options
#O TLSSrvOptions
+
# Input mail filters
#O InputMailFilters
@@ -554,7 +599,7 @@
#####################
# this is equivalent to setting class "t"
-#Ft/etc/mail/trusted-users
+Ft-o /etc/mail/trusted-users
Troot
Tdaemon
@@ -675,6 +720,8 @@
# local host aliases and pseudo-domains are always canonical
R$* < @ $=w > $* $: $1 < @ $2 . > $3
R$* < @ $=M > $* $: $1 < @ $2 . > $3
+R$* < @ $={VirtHost} > $* $: $1 < @ $2 . > $3
+R$* < @ $=G > $* $: $1 < @ $2 . > $3
R$* < @ $* . . > $* $1 < @ $2 . > $3
@@ -776,6 +823,25 @@
R$* < @ [ $+ ] : $- : $*> $* $#$3 $@ $4 $: $1 < @ [$2] > $5 smarthost with mailer
R$* < @ [ $+ ] : $+ > $* $#esmtp $@ $3 $: $1 < @ [$2] > $4 smarthost without mailer
+# handle virtual users
+R$+ $: <!> $1 Mark for lookup
+R<!> $+ < @ $={VirtHost} . > $: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 . >
+R<!> $+ < @ $=w . > $: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 . >
+R<@> $+ + $+ < @ $* . >
+ $: < $(virtuser $1 + + @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
+R<@> $+ + $* < @ $* . >
+ $: < $(virtuser $1 + * @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
+R<@> $+ + $* < @ $* . >
+ $: < $(virtuser $1 @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
+R<@> $+ + $+ < @ $+ . > $: < $(virtuser + + @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
+R<@> $+ + $* < @ $+ . > $: < $(virtuser + * @ $3 $@ $1 $@ $2 $@ +$2 $: @ $) > $1 + $2 < @ $3 . >
+R<@> $+ + $* < @ $+ . > $: < $(virtuser @ $3 $@ $1 $@ $2 $@ +$2 $: ! $) > $1 + $2 < @ $3 . >
+R<@> $+ < @ $+ . > $: < $(virtuser @ $2 $@ $1 $: @ $) > $1 < @ $2 . >
+R<@> $+ $: $1
+R<!> $+ $: $1
+R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4
+R< error : $- $+ > $* $#error $@ $(dequote $1 $) $: $2
+R< $+ > $+ < @ $+ > $: $>Recurse $1
# short circuit local delivery so forwarded email works
@@ -783,6 +849,12 @@
R$=L < @ $=w . > $#local $: @ $1 special local names
R$+ < @ $=w . > $#local $: $1 regular local name
+# not local -- try mailer table lookup
+R$* <@ $+ > $* $: < $2 > $1 < @ $2 > $3 extract host name
+R< $+ . > $* $: < $1 > $2 strip trailing dot
+R< $+ > $* $: < $(mailertable $1 $) > $2 lookup
+R< $~[ : $* > $* $>MailerToTriple < $1 : $2 > $3 check -- resolved?
+R< $+ > $* $: $>Mailertable <$1> $2 try domain
# resolve fake top level domains by forwarding to other hosts
@@ -842,6 +914,18 @@
###################################################################
+### Ruleset 90 -- try domain part of mailertable entry ###
+###################################################################
+
+SMailertable=90
+R$* <$- . $+ > $* $: $1$2 < $(mailertable .$3 $@ $1$2 $@ $2 $) > $4
+R$* <$~[ : $* > $* $>MailerToTriple < $2 : $3 > $4 check -- resolved?
+R$* < . $+ > $* $@ $>Mailertable $1 . <$2> $3 no -- strip & try again
+R$* < $* > $* $: < $(mailertable . $@ $1$2 $) > $3 try "."
+R< $~[ : $* > $* $>MailerToTriple < $1 : $2 > $3 "." found?
+R< $* > $* $@ $2 no mailertable match
+
+###################################################################
### Ruleset 95 -- canonify mailer:[user@]host syntax to triple ###
###################################################################
@@ -885,6 +969,22 @@
SMasqHdr=93
+# handle generics database
+R$+ < @ $=G . > $: < $1@$2 > $1 < @ $2 . > @ mark
+R$+ < @ *LOCAL* > $: < $1@$j > $1 < @ *LOCAL* > @ mark
+R< $+ > $+ < $* > @ $: < $(generics $1 $: @ $1 $) > $2 < $3 >
+R<@$+ + $* @ $+> $+ < @ $+ >
+ $: < $(generics $1+*@$3 $@ $2 $:@$1 + $2@$3 $) > $4 < @ $5 >
+R<@$+ + $* @ $+> $+ < @ $+ >
+ $: < $(generics $1@$3 $: $) > $4 < @ $5 >
+R<@$+ > $+ < @ $+ > $: < > $2 < @ $3 >
+R< > $+ < @ $+ . > $: < $(generics @$2 $@ $1 $: $) > $1 < @ $2 . >
+R< > $+ < @ $+ > $: < $(generics $1 $: $) > $1 < @ $2 >
+R< > $+ + $* < @ $+ > $: < $(generics $1+* $@ $2 $: $) > $1 + $2 < @ $3 >
+R< > $+ + $* < @ $+ > $: < $(generics $1 $: $) > $1 + $2 < @ $3 >
+R< $* @ $* > $* < $* > $@ $>canonify $1 @ $2 found qualified
+R< $+ > $* < $* > $: $>canonify $1 @ *LOCAL* found unqualified
+R< > $* $: $1 not found
# do not masquerade anything in class N
R$* < @ $* $=N . > $@ $1 < @ $2 $3 . >
@@ -904,10 +1004,60 @@
SParseLocal=98
+# addresses sent to foo@host.REDIRECT will give a 551 error code
+R$* < @ $+ .REDIRECT. > $: $1 < @ $2 . REDIRECT . > < ${opMode} >
+R$* < @ $+ .REDIRECT. > <i> $: $1 < @ $2 . REDIRECT. >
+R$* < @ $+ .REDIRECT. > < $- > $#error $@ 5.1.1 $: "551 User has moved; please try " <$1@$2>
+
######################################################################
+### D: LookUpDomain -- search for domain in access database
+###
+### Parameters:
+### <$1> -- key (domain name)
+### <$2> -- default (what to return if not found in db)
+### <$3> -- mark (must be <(!|+) single-token>)
+### ! does lookup only with tag
+### + does lookup with and without tag
+### <$4> -- passthru (additional data passed unchanged through)
+######################################################################
+
+SD
+R<$*> <$+> <$- $-> <$*> $: < $(access $4:$1 $: ? $) > <$1> <$2> <$3 $4> <$5>
+R<?> <$+> <$+> <+ $-> <$*> $: < $(access $1 $: ? $) > <$1> <$2> <+ $3> <$4>
+R<?> <[$+.$-]> <$+> <$- $-> <$*> $@ $>D <[$1]> <$3> <$4 $5> <$6>
+R<?> <[$+::$-]> <$+> <$- $-> <$*> $: $>D <[$1]> <$3> <$4 $5> <$6>
+R<?> <[$+:$-]> <$+> <$- $-> <$*> $: $>D <[$1]> <$3> <$4 $5> <$6>
+R<?> <$+.$+> <$+> <$- $-> <$*> $@ $>D <$2> <$3> <$4 $5> <$6>
+R<?> <$+> <$+> <$- $-> <$*> $@ <$2> <$5>
+R<$* <TMPF>> <$+> <$+> <$- $-> <$*> $@ <<TMPF>> <$6>
+R<$*> <$+> <$+> <$- $-> <$*> $@ <$1> <$6>
+
+######################################################################
+### A: LookUpAddress -- search for host address in access database
+###
+### Parameters:
+### <$1> -- key (dot quadded host address)
+### <$2> -- default (what to return if not found in db)
+### <$3> -- mark (must be <(!|+) single-token>)
+### ! does lookup only with tag
+### + does lookup with and without tag
+### <$4> -- passthru (additional data passed through)
+######################################################################
+
+SA
+R<$+> <$+> <$- $-> <$*> $: < $(access $4:$1 $: ? $) > <$1> <$2> <$3 $4> <$5>
+R<?> <$+> <$+> <+ $-> <$*> $: < $(access $1 $: ? $) > <$1> <$2> <+ $3> <$4>
+R<?> <$+::$-> <$+> <$- $-> <$*> $@ $>A <$1> <$3> <$4 $5> <$6>
+R<?> <$+:$-> <$+> <$- $-> <$*> $@ $>A <$1> <$3> <$4 $5> <$6>
+R<?> <$+.$-> <$+> <$- $-> <$*> $@ $>A <$1> <$3> <$4 $5> <$6>
+R<?> <$+> <$+> <$- $-> <$*> $@ <$2> <$5>
+R<$* <TMPF>> <$+> <$+> <$- $-> <$*> $@ <<TMPF>> <$6>
+R<$*> <$+> <$+> <$- $-> <$*> $@ <$1> <$6>
+
+######################################################################
### CanonAddr -- Convert an address into a standard form for
### relay checking. Route address syntax is
### crudely converted into a %-hack address.
@@ -946,6 +1096,8 @@
R<NO> $* < @ $* $=R > $: <RELAY> $1 < @ $2 $3 >
+R<NO> $* < @ $+ > $: $>D <$2> <NO> <+ To> <$1 < @ $2 >>
+R<$+> <$+> $: <$1> $2
@@ -971,9 +1123,20 @@
R< d > $* $@ deferred
R< $* > $* $: $2
+R$+ $| $+ $: $>D < $1 > <?> <+ Connect> < $2 >
+R $| $+ $: $>A < $1 > <?> <+ Connect> <> empty client_name
+R<?> <$+> $: $>A < $1 > <?> <+ Connect> <> no: another lookup
+R<?> <$*> $: OK found nothing
+R<$={Accept}> <$*> $@ $1 return value of lookup
+R<REJECT> <$*> $#error $@ 5.7.1 $: "550 Access denied"
+R<DISCARD> <$*> $#discard $: discard
+R<QUARANTINE:$+> <$*> $#error $@ quarantine $: $1
+R<ERROR:$-.$-.$-:$+> <$*> $#error $@ $1.$2.$3 $: $4
+R<ERROR:$+> <$*> $#error $: $1
+R<$* <TMPF>> <$*> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
+R<$+> <$*> $#error $: $1
-
######################################################################
### check_mail -- check SMTP `MAIL FROM:' command argument
######################################################################
@@ -1018,8 +1181,18 @@
# handle non-DNS hostnames (*.bitnet, *.decnet, *.uucp, etc)
R<?> $* < @ $* $=P > $: <OKR> $1 < @ $2 $3 >
R<?> $* < @ $j > $: <OKR> $1 < @ $j >
-R<?> $* < @ $+ > $: <OKR> $1 < @ $2 > ... unresolvable OK
+R<?> $* < @ $+ > $: <? $(resolve $2 $: $2 <PERM> $) > $1 < @ $2 >
+R<? $* <$->> $* < @ $+ >
+ $: <$2> $3 < @ $4 >
+# check sender address: user@address, user@, address
+R<$+> $+ < @ $* > $: @<$1> <$2 < @ $3 >> $| <F:$2@$3> <U:$2@> <D:$3>
+R<$+> $+ $: @<$1> <$2> $| <U:$2@>
+R@ <$+> <$*> $| <$+> $: <@> <$1> <$2> $| $>SearchList <+ From> $| <$3> <>
+R<@> <$+> <$*> $| <$*> $: <$3> <$1> <$2> reverse result
+# retransform for further use
+R<?> <$+> <$*> $: <$1> $2 no match
+R<$+> <$+> <$*> $: <$1> $3 relevant result, keep it
# handle case of no @domain on address
R<?> $* $: $&{daemon_flags} $| <?> $1
@@ -1034,6 +1207,14 @@
R<$={ResOk}> $* $: @ $2 domain ok
R<TEMP> $* $#error $@ 4.1.8 $: "451 Domain of sender address " $&f " does not resolve"
R<PERM> $* $#error $@ 5.1.8 $: "553 Domain of sender address " $&f " does not exist"
+R<$={Accept}> $* $# $1 accept from access map
+R<DISCARD> $* $#discard $: discard
+R<QUARANTINE:$+> $* $#error $@ quarantine $: $1
+R<REJECT> $* $#error $@ 5.7.1 $: "550 Access denied"
+R<ERROR:$-.$-.$-:$+> $* $#error $@ $1.$2.$3 $: $4
+R<ERROR:$+> $* $#error $: $1
+R<<TMPF>> $* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
+R<$+> $* $#error $: $1 error from access db
@@ -1080,7 +1261,25 @@
+# blacklist local users or any host from receiving mail
+R$* $: <?> $1
+R<?> $+ < @ $=w > $: <> <$1 < @ $2 >> $| <F:$1@$2> <U:$1@> <D:$2>
+R<?> $+ < @ $* > $: <> <$1 < @ $2 >> $| <F:$1@$2> <D:$2>
+R<?> $+ $: <> <$1> $| <U:$1@>
+R<> <$*> $| <$+> $: <@> <$1> $| $>SearchList <+ To> $| <$2> <>
+R<@> <$*> $| <$*> $: <$2> <$1> reverse result
+R<?> <$*> $: @ $1 mark address as no match
+R<$={Accept}> <$*> $: @ $2 mark address as no match
+R<REJECT> $* $#error $@ 5.2.1 $: "550 Mailbox disabled for this recipient"
+R<DISCARD> $* $#discard $: discard
+R<QUARANTINE:$+> $* $#error $@ quarantine $: $1
+R<ERROR:$-.$-.$-:$+> $* $#error $@ $1.$2.$3 $: $4
+R<ERROR:$+> $* $#error $: $1
+R<<TMPF>> $* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
+R<$+> $* $#error $: $1 error from access db
+R@ $* $1 remove mark
+
# authenticated via TLS?
R$* $: $1 $| $>RelayTLS client authenticated?
R$* $| $# $+ $# $2 error/ok?
@@ -1098,10 +1297,13 @@
# anything terminating locally is ok
R$+ < @ $=w > $@ RELAY
R$+ < @ $* $=R > $@ RELAY
+R$+ < @ $+ > $: $>D <$2> <?> <+ To> <$1 < @ $2 >>
+R<RELAY> $* $@ RELAY
+R<$* <TMPF>> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
+R<$*> <$*> $: $2
-
# check for local user (i.e. unqualified address)
R$* $: <?> $1
R<?> $* < @ $+ > $: <REMOTE> $1 < @ $2 >
@@ -1121,6 +1323,11 @@
R127.0.0.1 $@ RELAY originated locally
RIPv6:::1 $@ RELAY originated locally
R$=R $* $@ RELAY relayable IP address
+R$* $: $>A <$1> <?> <+ Connect> <$1>
+R<RELAY> $* $@ RELAY relayable IP address
+
+R<<TMPF>> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
+R<$*> <$*> $: $2
R$* $: [ $1 ] put brackets around it...
R$=w $@ RELAY ... and see if it is local
@@ -1137,12 +1344,119 @@
R$* . $1 strip trailing dots
R<?> $=w $@ RELAY
R<?> $* $=R $@ RELAY
+R<?> $* $: $>D <$1> <?> <+ Connect> <$1>
+R<RELAY> $* $@ RELAY
+R<$* <TMPF>> $* $#TEMP $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
+R<$*> <$*> $: $2
+######################################################################
+### F: LookUpFull -- search for an entry in access database
+###
+### lookup of full key (which should be an address) and
+### variations if +detail exists: +* and without +detail
+###
+### Parameters:
+### <$1> -- key
+### <$2> -- default (what to return if not found in db)
+### <$3> -- mark (must be <(!|+) single-token>)
+### ! does lookup only with tag
+### + does lookup with and without tag
+### <$4> -- passthru (additional data passed unchanged through)
+######################################################################
+SF
+R<$+> <$*> <$- $-> <$*> $: <$(access $4:$1 $: ? $)> <$1> <$2> <$3 $4> <$5>
+R<?> <$+> <$*> <+ $-> <$*> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4>
+R<?> <$+ + $* @ $+> <$*> <$- $-> <$*>
+ $: <$(access $6:$1+*@$3 $: ? $)> <$1+$2@$3> <$4> <$5 $6> <$7>
+R<?> <$+ + $* @ $+> <$*> <+ $-> <$*>
+ $: <$(access $1+*@$3 $: ? $)> <$1+$2@$3> <$4> <+ $5> <$6>
+R<?> <$+ + $* @ $+> <$*> <$- $-> <$*>
+ $: <$(access $6:$1@$3 $: ? $)> <$1+$2@$3> <$4> <$5 $6> <$7>
+R<?> <$+ + $* @ $+> <$*> <+ $-> <$*>
+ $: <$(access $1@$3 $: ? $)> <$1+$2@$3> <$4> <+ $5> <$6>
+R<?> <$+> <$*> <$- $-> <$*> $@ <$2> <$5>
+R<$+ <TMPF>> <$*> <$- $-> <$*> $@ <<TMPF>> <$5>
+R<$+> <$*> <$- $-> <$*> $@ <$1> <$5>
######################################################################
+### E: LookUpExact -- search for an entry in access database
+###
+### Parameters:
+### <$1> -- key
+### <$2> -- default (what to return if not found in db)
+### <$3> -- mark (must be <(!|+) single-token>)
+### ! does lookup only with tag
+### + does lookup with and without tag
+### <$4> -- passthru (additional data passed unchanged through)
+######################################################################
+
+SE
+R<$*> <$*> <$- $-> <$*> $: <$(access $4:$1 $: ? $)> <$1> <$2> <$3 $4> <$5>
+R<?> <$+> <$*> <+ $-> <$*> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4>
+R<?> <$+> <$*> <$- $-> <$*> $@ <$2> <$5>
+R<$+ <TMPF>> <$*> <$- $-> <$*> $@ <<TMPF>> <$5>
+R<$+> <$*> <$- $-> <$*> $@ <$1> <$5>
+
+######################################################################
+### U: LookUpUser -- search for an entry in access database
+###
+### lookup of key (which should be a local part) and
+### variations if +detail exists: +* and without +detail
+###
+### Parameters:
+### <$1> -- key (user@)
+### <$2> -- default (what to return if not found in db)
+### <$3> -- mark (must be <(!|+) single-token>)
+### ! does lookup only with tag
+### + does lookup with and without tag
+### <$4> -- passthru (additional data passed unchanged through)
+######################################################################
+
+SU
+R<$+> <$*> <$- $-> <$*> $: <$(access $4:$1 $: ? $)> <$1> <$2> <$3 $4> <$5>
+R<?> <$+> <$*> <+ $-> <$*> $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4>
+R<?> <$+ + $* @> <$*> <$- $-> <$*>
+ $: <$(access $5:$1+*@ $: ? $)> <$1+$2@> <$3> <$4 $5> <$6>
+R<?> <$+ + $* @> <$*> <+ $-> <$*>
+ $: <$(access $1+*@ $: ? $)> <$1+$2@> <$3> <+ $4> <$5>
+R<?> <$+ + $* @> <$*> <$- $-> <$*>
+ $: <$(access $5:$1@ $: ? $)> <$1+$2@> <$3> <$4 $5> <$6>
+R<?> <$+ + $* @> <$*> <+ $-> <$*>
+ $: <$(access $1@ $: ? $)> <$1+$2@> <$3> <+ $4> <$5>
+R<?> <$+> <$*> <$- $-> <$*> $@ <$2> <$5>
+R<$+ <TMPF>> <$*> <$- $-> <$*> $@ <<TMPF>> <$5>
+R<$+> <$*> <$- $-> <$*> $@ <$1> <$5>
+
+######################################################################
+### SearchList: search a list of items in the access map
+### Parameters:
+### <exact tag> $| <mark:address> <mark:address> ... <>
+### where "exact" is either "+" or "!":
+### <+ TAG> lookup with and w/o tag
+### <! TAG> lookup with tag
+### possible values for "mark" are:
+### D: recursive host lookup (LookUpDomain)
+### E: exact lookup, no modifications
+### F: full lookup, try user+ext@domain and user@domain
+### U: user lookup, try user+ext and user (input must have trailing @)
+### return: <RHS of lookup> or <?> (not found)
+######################################################################
+
+# class with valid marks for SearchList
+C{Src}E F D U
+SSearchList
+# just call the ruleset with the name of the tag... nice trick...
+R<$+> $| <$={Src}:$*> <$*> $: <$1> $| <$4> $| $>$2 <$3> <?> <$1> <>
+R<$+> $| <> $| <?> <> $@ <?>
+R<$+> $| <$+> $| <?> <> $@ $>SearchList <$1> $| <$2>
+R<$+> $| <$*> $| <$+> <> $@ <$3>
+R<$+> $| <$+> $@ <$2>
+
+
+######################################################################
### trust_auth: is user trusted to authenticate as someone else?
###
### Parameters:
@@ -1173,15 +1487,25 @@
### (done in server)
######################################################################
Ssrv_features
+R$* $: $>D <$&{client_name}> <?> <! "Srv_Features"> <>
+R<?>$* $: $>A <$&{client_addr}> <?> <! "Srv_Features"> <>
+R<?>$* $: <$(access "Srv_Features": $: ? $)>
+R<?>$* $@ OK
+R<$* <TMPF>>$* $#temp
+R<$+>$* $# $1
-
######################################################################
### try_tls: try to use STARTTLS?
### (done in client)
######################################################################
Stry_tls
+R$* $: $>D <$&{server_name}> <?> <! "Try_TLS"> <>
+R<?>$* $: $>A <$&{server_addr}> <?> <! "Try_TLS"> <>
+R<?>$* $: <$(access "Try_TLS": $: ? $)>
+R<?>$* $@ OK
+R<$* <TMPF>>$* $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
+R<NO>$* $#error $@ 5.7.1 $: "550 do not try TLS with " $&{server_name} " ["$&{server_addr}"]"
-
######################################################################
### tls_rcpt: is connection with server "good" enough?
### (done in client, per recipient)
@@ -1190,8 +1514,16 @@
### $1: recipient
######################################################################
Stls_rcpt
+R$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1
+R$+ $: <?> $>CanonAddr $1
+R<?> $+ < @ $+ . > <?> $1 <@ $2 >
+R<?> $+ < @ $+ > $: $1 <@ $2 > $| <F:$1@$2> <U:$1@> <D:$2> <E:>
+R<?> $+ $: $1 $| <U:$1@> <E:>
+R$* $| $+ $: $1 $| $>SearchList <! "TLS_Rcpt"> $| $2 <>
+R$* $| <?> $@ OK
+R$* $| <$* <TMPF>> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
+R$* $| <$+> $@ $>"TLS_connection" $&{verify} $| <$2>
-
######################################################################
### tls_client: is connection with client "good" enough?
### (done in server)
@@ -1200,7 +1532,12 @@
### ${verify} $| (MAIL|STARTTLS)
######################################################################
Stls_client
-R$* $| $* $@ $>"TLS_connection" $1
+R$* $: $(macro {TLS_Name} $@ $&{client_name} $) $1
+R$* $| $* $: $1 $| $>D <$&{client_name}> <?> <! "TLS_Clt"> <>
+R$* $| <?>$* $: $1 $| $>A <$&{client_addr}> <?> <! "TLS_Clt"> <>
+R$* $| <?>$* $: $1 $| <$(access "TLS_Clt": $: ? $)>
+R$* $| <$* <TMPF>> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
+R$* $@ $>"TLS_connection" $1
######################################################################
### tls_server: is connection with server "good" enough?
@@ -1210,20 +1547,91 @@
### ${verify}
######################################################################
Stls_server
+R$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1
+R$* $: $1 $| $>D <$&{server_name}> <?> <! "TLS_Srv"> <>
+R$* $| <?>$* $: $1 $| $>A <$&{server_addr}> <?> <! "TLS_Srv"> <>
+R$* $| <?>$* $: $1 $| <$(access "TLS_Srv": $: ? $)>
+R$* $| <$* <TMPF>> $#error $@ 4.3.0 $: "451 Temporary system failure. Please try again later."
R$* $@ $>"TLS_connection" $1
######################################################################
### TLS_connection: is TLS connection "good" enough?
###
### Parameters:
-### ${verify}
+### ${verify} $| <Requirement> [<>]
### Requirement: RHS from access map, may be ? for none.
######################################################################
STLS_connection
-RSOFTWARE $#error $@ 4.7.0 $: "403 TLS handshake."
+R$* $| <$*>$* $: $1 $| <$2>
+# create the appropriate error codes
+R$* $| <PERM + $={Tls} $*> $: $1 $| <503:5.7.0> <$2 $3>
+R$* $| <TEMP + $={Tls} $*> $: $1 $| <403:4.7.0> <$2 $3>
+R$* $| <$={Tls} $*> $: $1 $| <403:4.7.0> <$2 $3>
+# deal with TLS handshake failures: abort
+RSOFTWARE $| <$-:$+> $* $#error $@ $2 $: $1 " TLS handshake failed."
+RSOFTWARE $| $* $#error $@ 4.7.0 $: "403 TLS handshake failed."
+# deal with TLS protocol errors: abort
+RPROTOCOL $| <$-:$+> $* $#error $@ $2 $: $1 " STARTTLS failed."
+RPROTOCOL $| $* $#error $@ 4.7.0 $: "403 STARTTLS failed."
+R$* $| <$*> <VERIFY> $: <$2> <VERIFY> <> $1
+R$* $| <$*> <VERIFY + $+> $: <$2> <VERIFY> <$3> $1
+R$* $| <$*> <$={Tls}:$->$* $: <$2> <$3:$4> <> $1
+R$* $| <$*> <$={Tls}:$- + $+>$* $: <$2> <$3:$4> <$5> $1
+R$* $| $* $@ OK
+# authentication required: give appropriate error
+# other side did authenticate (via STARTTLS)
+R<$*><VERIFY> <> OK $@ OK
+R<$*><VERIFY> <$+> OK $: <$1> <REQ:0> <$2>
+R<$*><VERIFY:$-> <$*> OK $: <$1> <REQ:$2> <$3>
+R<$*><ENCR:$-> <$*> $* $: <$1> <REQ:$2> <$3>
+R<$-:$+><VERIFY $*> <$*> $#error $@ $2 $: $1 " authentication required"
+R<$-:$+><VERIFY $*> <$*> FAIL $#error $@ $2 $: $1 " authentication failed"
+R<$-:$+><VERIFY $*> <$*> NO $#error $@ $2 $: $1 " not authenticated"
+R<$-:$+><VERIFY $*> <$*> NOT $#error $@ $2 $: $1 " no authentication requested"
+R<$-:$+><VERIFY $*> <$*> NONE $#error $@ $2 $: $1 " other side does not support STARTTLS"
+R<$-:$+><VERIFY $*> <$*> $+ $#error $@ $2 $: $1 " authentication failure " $4
+R<$*><REQ:$-> <$*> $: <$1> <REQ:$2> <$3> $>max $&{cipher_bits} : $&{auth_ssf}
+R<$*><REQ:$-> <$*> $- $: <$1> <$2:$4> <$3> $(arith l $@ $4 $@ $2 $)
+R<$-:$+><$-:$-> <$*> TRUE $#error $@ $2 $: $1 " encryption too weak " $4 " less than " $3
+R<$-:$+><$-:$-> <$*> $* $: <$1:$2 ++ $5>
+R<$-:$+ ++ > $@ OK
+R<$-:$+ ++ $+ > $: <$1:$2> <$3>
+R<$-:$+> < $+ ++ $+ > <$1:$2> <$3> <$4>
+R<$-:$+> $+ $@ $>"TLS_req" $3 $| <$1:$2>
+######################################################################
+### TLS_req: check additional TLS requirements
+###
+### Parameters: [<list> <of> <req>] $| <$-:$+>
+### $-: SMTP reply code
+### $+: Enhanced Status Code
+######################################################################
+STLS_req
+R $| $+ $@ OK
+R<CN> $* $| <$+> $: <CN:$&{TLS_Name}> $1 $| <$2>
+R<CN:$&{cn_subject}> $* $| <$+> $@ $>"TLS_req" $1 $| <$2>
+R<CN:$+> $* $| <$-:$+> $#error $@ $4 $: $3 " CN " $&{cn_subject} " does not match " $1
+R<CS:$&{cert_subject}> $* $| <$+> $@ $>"TLS_req" $1 $| <$2>
+R<CS:$+> $* $| <$-:$+> $#error $@ $4 $: $3 " Cert Subject " $&{cert_subject} " does not match " $1
+R<CI:$&{cert_issuer}> $* $| <$+> $@ $>"TLS_req" $1 $| <$2>
+R<CI:$+> $* $| <$-:$+> $#error $@ $4 $: $3 " Cert Issuer " $&{cert_issuer} " does not match " $1
+ROK $@ OK
######################################################################
+### max: return the maximum of two values separated by :
+###
+### Parameters: [$-]:[$-]
+######################################################################
+Smax
+R: $: 0
+R:$- $: $1
+R$-: $: $1
+R$-:$- $: $(arith l $@ $1 $@ $2 $) : $1 : $2
+RTRUE:$-:$- $: $2
+R$-:$-:$- $: $2
+
+
+######################################################################
### RelayTLS: allow relaying based on TLS authentication
###
### Parameters:
@@ -1231,6 +1639,16 @@
######################################################################
SRelayTLS
# authenticated?
+R$* $: <?> $&{verify}
+R<?> OK $: OK authenticated: continue
+R<?> $* $@ NO not authenticated
+R$* $: $&{cert_issuer}
+R$+ $: $(access CERTISSUER:$1 $)
+RRELAY $# RELAY
+RSUBJECT $: <@> $&{cert_subject}
+R<@> $+ $: <@> $(access CERTSUBJECT:$1 $)
+R<@> RELAY $# RELAY
+R$* $: NO
######################################################################
### authinfo: lookup authinfo in the access map
@@ -1240,11 +1658,24 @@
### $2: {server_addr}
######################################################################
Sauthinfo
+R$* $: $1 $| $>D <$&{server_name}> <?> <! AuthInfo> <>
+R$* $| <?>$* $: $1 $| $>A <$&{server_addr}> <?> <! AuthInfo> <>
+R$* $| <?>$* $: $1 $| <$(access AuthInfo: $: ? $)> <>
+R$* $| <?>$* $@ no no authinfo available
+R$* $| <$*> <> $# $2
+
+
+
+HMessage-Id: $>CheckMessageId
+
+SCheckMessageId
+R< $+ @ $+ > $@ OK
+R$* $#error $: 553 Header Error
#
######################################################################
######################################################################
@@ -1308,7 +1739,10 @@
# Common code to add local domain name (only if always-add-domain)
#
SAddDomain
+R$* < @ $* > $* $@ $1 < @ $2 > $3 already fully qualified
+R$+ $@ $1 < @ *LOCAL* > add local qualification
+
Mlocal, P=/usr/libexec/mail.local, F=lsDFMAw5:/|@qrmn9S, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL,
T=DNS/RFC822/X-Unix,
A=mail -d $u
@@ -1397,40 +1831,5 @@
A=TCP $h
### openbsd-localhost.mc ###
-# divert(-1)
-# #
-# # Copyright (c) 1998 Sendmail, Inc. All rights reserved.
-# # Copyright (c) 1983 Eric P. Allman. All rights reserved.
-# # Copyright (c) 1988, 1993
-# # The Regents of the University of California. All rights reserved.
-# #
-# # By using this file, you agree to the terms and conditions set
-# # forth in the LICENSE file which can be found at the top level of
-# # the sendmail distribution.
-# #
-# #
-#
-# #
-# # This configuration only runs sendmail on the localhost interface.
-# # This allows mail on the local host to work without accepting
-# # connections from the net at large.
-# #
-#
-# divert(0)dnl
-# VERSIONID(`@(#)openbsd-localhost.mc $Revision: 1.4 $')
-# OSTYPE(openbsd)dnl
-# FEATURE(nouucp, `reject')dnl
-# FEATURE(`accept_unresolvable_domains')dnl
-# FEATURE(`no_default_msa')dnl
-# MAILER(local)dnl
-# MAILER(smtp)dnl
-# DAEMON_OPTIONS(`Family=inet, address=127.0.0.1, Name=MTA')dnl
-# DAEMON_OPTIONS(`Family=inet6, address=::1, Name=MTA6, M=O')dnl
-# DAEMON_OPTIONS(`Family=inet, address=127.0.0.1, Port=587, Name=MSA, M=E')dnl
-# DAEMON_OPTIONS(`Family=inet6, address=::1, Port=587, Name=MSA6, M=O, M=E')dnl
-# CLIENT_OPTIONS(`Family=inet6, Address=::')dnl
-# CLIENT_OPTIONS(`Family=inet, Address=0.0.0.0')dnl
-# dnl
-# dnl Some broken nameservers will return SERVFAIL (a temporary failure)
-# dnl on T_AAAA (IPv6) lookups.
-# define(`confBIND_OPTS', `WorkAroundBrokenAAAA')dnl
+# define(`LOCALHOST_ONLY')dnl
+# include(_CF_DIR_`cf/openbsd-proto.mc')dnl
diff -ur etc49/etc/mail/sendmail.cf etc50/etc/mail/sendmail.cf
--- etc49/etc/mail/sendmail.cf Wed Mar 2 14:51:51 2011
+++ etc50/etc/mail/sendmail.cf Wed Aug 17 17:50:55 2011
@@ -1,5 +1,5 @@
#
-# Copyright (c) 1998-2004 Sendmail, Inc. and its suppliers.
+# Copyright (c) 1998-2004, 2009, 2010 Sendmail, Inc. and its suppliers.
# All rights reserved.
# Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved.
# Copyright (c) 1988, 1993
@@ -16,7 +16,7 @@
#####
##### SENDMAIL CONFIGURATION FILE
#####
-##### built by root@i386.openbsd.org on Tue Mar 1 08:52:00 MST 2011
+##### built by root@i386.openbsd.org on Sun Aug 7 13:14:20 MDT 2011
##### in /usr/src/gnu/usr.sbin/sendmail/cf/cf
##### using /usr/src/gnu/usr.sbin/sendmail/cf/cf/../ as configuration include directory
#####
@@ -27,9 +27,9 @@
######################################################################
######################################################################
-##### $Sendmail: cfhead.m4,v 8.116 2004/01/28 22:02:22 ca Exp $ #####
+##### $Sendmail: cfhead.m4,v 8.121 2010/01/07 18:20:19 ca Exp $ #####
##### $Sendmail: cf.m4,v 8.32 1999/02/07 07:26:14 gshapiro Exp $ #####
-##### @(#)openbsd-proto.mc $Revision: 1.11 $ #####
+##### @(#)openbsd-proto.mc $Revision: 1.12 $ #####
##### $Sendmail: openbsd.m4,v 8.3 1999/04/24 05:37:42 gshapiro Exp $ #####
##### $Sendmail: nouucp.m4,v 8.13 1999/11/24 18:37:07 ca Exp $ #####
@@ -57,8 +57,9 @@
##### $Sendmail: no_default_msa.m4,v 8.2 2001/02/14 05:03:22 gshapiro Exp $ #####
-##### $Sendmail: proto.m4,v 8.734 2008/01/24 23:42:01 ca Exp $ #####
+##### $Sendmail: proto.m4,v 8.744 2010/11/23 20:29:47 guenther Exp $ #####
+
# level 10 config file format
V10/Berkeley
@@ -156,7 +157,7 @@
CPREDIRECT
# Configuration version number
-DZ8.14.3
+DZ8.14.5
###############
@@ -487,6 +488,7 @@
# once the threshold number of recipients have been rejected
#O BadRcptThrottle=0
+
# shall we get local names from our installed interfaces?
#O DontProbeInterfaces=False
@@ -547,6 +549,7 @@
# SMTP STARTTLS server options
#O TLSSrvOptions
+
# Input mail filters
#O InputMailFilters
@@ -1134,7 +1137,6 @@
R<$+> <$*> $#error $: $1
-
######################################################################
### check_mail -- check SMTP `MAIL FROM:' command argument
######################################################################
@@ -1530,7 +1532,7 @@
### ${verify} $| (MAIL|STARTTLS)
######################################################################
Stls_client
-R$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1
+R$* $: $(macro {TLS_Name} $@ $&{client_name} $) $1
R$* $| $* $: $1 $| $>D <$&{client_name}> <?> <! "TLS_Clt"> <>
R$* $| <?>$* $: $1 $| $>A <$&{client_addr}> <?> <! "TLS_Clt"> <>
R$* $| <?>$* $: $1 $| <$(access "TLS_Clt": $: ? $)>
@@ -1837,7 +1839,7 @@
# # Note that lines beginning with "dnl" below are comments.
#
# divert(0)dnl
-# VERSIONID(`@(#)openbsd-proto.mc $Revision: 1.11 $')dnl
+# VERSIONID(`@(#)openbsd-proto.mc $Revision: 1.12 $')dnl
# OSTYPE(openbsd)dnl
# dnl
# dnl If you have a non-static IP address you may wish to forward outgoing mail
@@ -1917,10 +1919,17 @@
# dnl 25 (SMTP) and 587 (MSA).
# dnl
# FEATURE(`no_default_msa')dnl
+# ifdef(`LOCALHOST_ONLY', `
+# DAEMON_OPTIONS(`Family=inet, address=127.0.0.1, Name=MTA')dnl
+# DAEMON_OPTIONS(`Family=inet6, address=::1, Name=MTA6, M=O')dnl
+# DAEMON_OPTIONS(`Family=inet, address=127.0.0.1, Port=587, Name=MSA, M=E')dnl
+# DAEMON_OPTIONS(`Family=inet6, address=::1, Port=587, Name=MSA6, M=O, M=E')dnl
+# ',`
# DAEMON_OPTIONS(`Family=inet, Address=0.0.0.0, Name=MTA')dnl
# DAEMON_OPTIONS(`Family=inet6, Address=::, Name=MTA6, M=O')dnl
# DAEMON_OPTIONS(`Family=inet, Address=0.0.0.0, Port=587, Name=MSA, M=E')dnl
# DAEMON_OPTIONS(`Family=inet6, Address=::, Port=587, Name=MSA6, M=O, M=E')dnl
+# ')dnl
# dnl
# dnl Use either IPv4 or IPv6 for outgoing connections.
# dnl
diff -ur etc49/etc/mail/submit.cf etc50/etc/mail/submit.cf
--- etc49/etc/mail/submit.cf Wed Mar 2 14:51:51 2011
+++ etc50/etc/mail/submit.cf Wed Aug 17 17:50:55 2011
@@ -1,5 +1,5 @@
#
-# Copyright (c) 1998-2004 Sendmail, Inc. and its suppliers.
+# Copyright (c) 1998-2004, 2009, 2010 Sendmail, Inc. and its suppliers.
# All rights reserved.
# Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved.
# Copyright (c) 1988, 1993
@@ -16,7 +16,7 @@
#####
##### SENDMAIL CONFIGURATION FILE
#####
-##### built by root@i386.openbsd.org on Tue Mar 1 08:52:00 MST 2011
+##### built by root@i386.openbsd.org on Sun Aug 7 13:14:20 MDT 2011
##### in /usr/src/gnu/usr.sbin/sendmail/cf/cf
##### using /usr/src/gnu/usr.sbin/sendmail/cf/cf/../ as configuration include directory
#####
@@ -27,7 +27,7 @@
######################################################################
######################################################################
-##### $Sendmail: cfhead.m4,v 8.116 2004/01/28 22:02:22 ca Exp $ #####
+##### $Sendmail: cfhead.m4,v 8.121 2010/01/07 18:20:19 ca Exp $ #####
##### $Sendmail: cf.m4,v 8.32 1999/02/07 07:26:14 gshapiro Exp $ #####
##### $OpenBSD: openbsd-submit.mc,v 1.1 2008/10/03 16:29:05 millert Exp $ #####
@@ -42,7 +42,7 @@
##### $Sendmail: no_default_msa.m4,v 8.2 2001/02/14 05:03:22 gshapiro Exp $ #####
-##### $Sendmail: proto.m4,v 8.734 2008/01/24 23:42:01 ca Exp $ #####
+##### $Sendmail: proto.m4,v 8.744 2010/11/23 20:29:47 guenther Exp $ #####
# level 10 config file format
V10/Berkeley
@@ -119,7 +119,7 @@
# Configuration version number
-DZ8.14.3/Submit
+DZ8.14.5/Submit
###############
@@ -445,6 +445,7 @@
# once the threshold number of recipients have been rejected
#O BadRcptThrottle=0
+
# shall we get local names from our installed interfaces?
O DontProbeInterfaces=True
@@ -505,6 +506,7 @@
# SMTP STARTTLS server options
#O TLSSrvOptions
+
# Input mail filters
#O InputMailFilters
@@ -992,7 +994,6 @@
R$* $: < $&{deliveryMode} > $1
R< d > $* $@ deferred
R< $* > $* $: $2
-
diff -ur etc49/etc/man.conf etc50/etc/man.conf
--- etc49/etc/man.conf Wed Mar 2 14:51:49 2011
+++ etc50/etc/man.conf Wed Aug 17 17:50:53 2011
@@ -1,4 +1,4 @@
-# $OpenBSD: man.conf,v 1.16 2010/10/19 20:05:52 schwarze Exp $
+# $OpenBSD: man.conf,v 1.17 2011/04/11 14:45:41 sthen Exp $
# Sheer, raging paranoia...
_version BSD.2
@@ -31,7 +31,7 @@
# directory with all of the subdirectories listed for the keyword _subdir.
# default
-_default /usr/{share,X11R6,local}/man/
+_default /usr/{share,X11R6,local,ports/infrastructure}/man/
# Other sections that represent complete man subdirectories.
X11 /usr/X11R6/man/
diff -ur etc49/etc/netstart etc50/etc/netstart
--- etc49/etc/netstart Wed Mar 2 14:51:49 2011
+++ etc50/etc/netstart Wed Aug 17 17:50:53 2011
@@ -1,6 +1,6 @@
#!/bin/sh -
#
-# $OpenBSD: netstart,v 1.131 2011/02/09 17:22:06 sobrado Exp $
+# $OpenBSD: netstart,v 1.133 2011/07/07 23:09:46 guenther Exp $
# Strip comments (and leading/trailing whitespace if IFS is set)
# from a file and spew to stdout
@@ -47,11 +47,9 @@
chmod -LR o-rwx $file
chown -LR root.wheel $file
fi
- ifconfig $if > /dev/null 2>&1
- if [ "$?" != "0" ]; then
+ if ! ifconfig $if > /dev/null 2>&1; then
# Try to create interface if it does not exist
- ifconfig $if create > /dev/null 2>&1
- if [ "$?" != "0" ]; then
+ if ! ifconfig $if create > /dev/null 2>&1; then
return
fi
fi
@@ -260,12 +258,12 @@
# Configure all the non-loopback interfaces which we know about, but
# do not start interfaces which must be delayed. Refer to hostname.if(5)
-ifmstart "" "trunk vlan carp gif gre pfsync pppoe tun bridge"
+ifmstart "" "trunk svlan vlan carp gif gre pfsync pppoe tun bridge"
# The trunk interfaces need to come up first in this list.
-# The vlan interfaces need to come up after trunk.
+# The (s)vlan interfaces need to come up after trunk.
# Configure all the carp interfaces which we know about before default route.
-ifmstart "trunk vlan carp"
+ifmstart "trunk svlan vlan carp"
if [ "$ip6kernel" = "YES" -a "x$rtsolif" != "x" ]; then
fw=`sysctl -n net.inet6.ip6.forwarding`
diff -ur etc49/etc/newsyslog.conf etc50/etc/newsyslog.conf
--- etc49/etc/newsyslog.conf Wed Mar 2 14:51:49 2011
+++ etc50/etc/newsyslog.conf Wed Aug 17 17:50:53 2011
@@ -1,4 +1,4 @@
-# $OpenBSD: newsyslog.conf,v 1.28 2010/06/29 10:25:13 stephan Exp $
+# $OpenBSD: newsyslog.conf,v 1.29 2011/04/14 20:32:34 sthen Exp $
#
# configuration file for newsyslog
#
@@ -11,7 +11,7 @@
/var/log/maillog 600 7 * 24 Z
/var/log/messages 644 5 30 * Z
/var/log/secure 600 7 * 168 Z
-/var/log/wtmp 644 7 * $W6D4 ZB
+/var/log/wtmp 644 7 * $W6D4 B
/var/log/xferlog 640 7 250 * Z
/var/log/ppp.log 640 7 250 * Z
/var/log/pflog 600 3 250 * ZB "pkill -HUP -u root -U root -t - -x pflogd"
diff -ur etc49/etc/pf.conf etc50/etc/pf.conf
--- etc49/etc/pf.conf Wed Mar 2 14:51:50 2011
+++ etc50/etc/pf.conf Wed Aug 17 17:50:54 2011
@@ -1,4 +1,4 @@
-# $OpenBSD: pf.conf,v 1.49 2009/09/17 06:39:03 jmc Exp $
+# $OpenBSD: pf.conf,v 1.50 2011/04/28 00:19:42 mikeb Exp $
#
# See pf.conf(5) for syntax and examples.
# Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1
@@ -8,7 +8,7 @@
# filter rules and anchor for ftp-proxy(8)
#anchor "ftp-proxy/*"
-#pass in quick proto tcp to port ftp rdr-to 127.0.0.1 port 8021
+#pass in quick inet proto tcp to port ftp divert-to 127.0.0.1 port 8021
# anchor for relayd(8)
#anchor "relayd/*"
Only in etc49/etc: portal.conf
diff -ur etc49/etc/rc etc50/etc/rc
--- etc49/etc/rc Wed Mar 2 14:51:49 2011
+++ etc50/etc/rc Wed Aug 17 17:50:53 2011
@@ -1,4 +1,4 @@
-# $OpenBSD: rc,v 1.348 2011/01/14 00:05:42 deraadt Exp $
+# $OpenBSD: rc,v 1.392 2011/07/28 19:09:16 halex Exp $
# System startup script run by init on autoboot
# or after single-user.
@@ -94,54 +94,119 @@
set -- `stripcom /etc/wsconsctl.conf`
IFS="$save_IFS"
while [ $# -ge 1 ] ; do
- eval /sbin/wsconsctl $1
+ eval wsconsctl $1
shift
done
}
random_seed()
{
- if [ -f /var/db/host.random -a "X$random_seed_done" = "X" ]; then
+ if [ -f /var/db/host.random ]; then
dd if=/var/db/host.random of=/dev/arandom bs=65536 count=1 \
> /dev/null 2>&1
+ chmod 600 /var/db/host.random >/dev/null 2>&1
# reset seed file, so that if a shutdown-less reboot occurs,
# the next seed is not a repeat
dd if=/dev/arandom of=/var/db/host.random bs=65536 count=1 \
> /dev/null 2>&1
-
- random_seed_done=1
fi
}
fill_baddynamic()
{
- local _service="$1"
+ local _service=$1
local _sysctl="net.inet.${_service}.baddynamic"
- local _name _port _srv _junk _ban
- local _i=0
- grep "/${_service}" /etc/services | {
- IFS=" /"
- while read _name _port _srv _junk; do
- [ "x${_srv}" = "x${_service}" ] || continue;
- if [ "x${_ban}" = "x" ]; then
- _ban="+${_port}"
- else
- _ban="${_ban},+${_port}"
- fi
+ stripcom /etc/services |
+ {
+ # Variables are local
+ while IFS=" /" read _name _port _srv _junk; do
+ [ "x${_srv}" = "x${_service}" ] || continue
+ _ban="${_ban:+${_ban},}+${_port}"
# Flush before argv gets too long
- if [ $((++_i)) -gt 128 ]; then
- sysctl ${_sysctl}=${_ban} >/dev/null
+ if [ ${#_ban} -gt 1024 ]; then
+ sysctl -q ${_sysctl}=${_ban}
_ban=""
- _i=0
fi
- done;
- if [ "x${_ban}" != "x" ]; then
- sysctl ${_sysctl}=${_ban} >/dev/null
- fi
+ done
+ [ "${_ban}" ] && sysctl -q ${_sysctl}=${_ban}
}
}
+start_daemon()
+{
+ local _n
+ for _n; do
+ eval _do=\${${_n}_flags}
+ if [ X"${_do}" != X"NO" ]; then
+ /etc/rc.d/${_n} start
+ fi
+ done
+}
+
+make_keys()
+{
+ if [ X"${named_flags}" != X"NO" ]; then
+ if ! cmp -s /etc/rndc.key /var/named/etc/rndc.key ; then
+ echo -n "rndc-confgen: generating shared secret... "
+ if rndc-confgen -a -t /var/named >/dev/null 2>&1; then
+ chmod 0640 /var/named/etc/rndc.key \
+ >/dev/null 2>&1
+ echo done.
+ else
+ echo failed.
+ fi
+ fi
+ fi
+
+ if [ ! -f /etc/isakmpd/private/local.key ]; then
+ echo -n "openssl: generating isakmpd/iked RSA key... "
+ if openssl genrsa -out /etc/isakmpd/private/local.key 2048 \
+ >/dev/null 2>&1; then
+ chmod 600 /etc/isakmpd/private/local.key
+ openssl rsa -out /etc/isakmpd/local.pub -in \
+ /etc/isakmpd/private/local.key -pubout \
+ >/dev/null 2>&1
+ echo done.
+ else
+ echo failed.
+ fi
+ fi
+
+ if [ ! -f /etc/iked/private/local.key ]; then
+ # Just copy the generated isakmpd key
+ cp /etc/isakmpd/private/local.key /etc/iked/private/local.key
+ chmod 600 /etc/iked/private/local.key
+ cp /etc/isakmpd/local.pub /etc/iked/local.pub
+ fi
+
+ ssh-keygen -A
+}
+
+# create Unix sockets directories for X if needed and make sure they have
+# correct permissions
+setup_X_sockets()
+{
+ if [ -d /usr/X11R6/lib ]; then
+ for d in /tmp/.X11-unix /tmp/.ICE-unix ; do
+ if [ -d $d ]; then
+ if [ `ls -ld $d | cut -d' ' -f4` \
+ != root ]; then
+ chown root $d
+ fi
+ if [ `ls -ld $d | cut -d' ' -f1` \
+ != drwxrwxrwt ]; then
+ chmod 1777 $d
+ fi
+ elif [ -e $d ]; then
+ echo "Error: $d exists and isn't a directory."
+ else
+ mkdir -m 1777 $d
+ fi
+ done
+ fi
+}
+
# End subroutines
stty status '^T'
@@ -152,6 +217,7 @@
trap : 3 # shouldn't be needed
HOME=/; export HOME
+INRC=1; export INRC
PATH=/sbin:/bin:/usr/sbin:/usr/bin
export PATH
@@ -161,7 +227,17 @@
if [ X"$1" = X"shutdown" ]; then
dd if=/dev/arandom of=/var/db/host.random bs=65536 count=1 >/dev/null 2>&1
chmod 600 /var/db/host.random >/dev/null 2>&1
- if [ $? -eq 0 -a -f /etc/rc.shutdown ]; then
+ local _c=$?
+ if [ ${_c} -eq 0 -a -n "${pkg_scripts}" ]; then
+ echo -n 'stopping package daemons:'
+ while [ -n "${pkg_scripts}" ]; do
+ _r=${pkg_scripts##* }
+ pkg_scripts=${pkg_scripts%%*( )${_r}}
+ [ -x /etc/rc.d/${_r} ] && /etc/rc.d/${_r} stop
+ done
+ echo '.'
+ fi
+ if [ ${_c} -eq 0 -a -f /etc/rc.shutdown ]; then
echo /etc/rc.shutdown in progress...
. /etc/rc.shutdown
echo /etc/rc.shutdown complete.
@@ -243,8 +319,6 @@
mount -uw / # root on nfs requires this, others aren't hurt
rm -f /fastboot # XXX (root now writeable)
-random_seed
-
# set flags on ttys. (do early, in case they use tty for SLIP in netstart)
echo 'setting tty flags'
ttyflags -a
@@ -309,194 +383,37 @@
mount -s /usr >/dev/null 2>&1
mount -s /var >/dev/null 2>&1
-# if there's no /var/db/host.random, use /dev/arandom to create one
-if [ ! -f /var/db/host.random ]; then
- dd if=/dev/arandom of=/var/db/host.random bs=65536 count=1 \
- >/dev/null 2>&1
- chmod 600 /var/db/host.random >/dev/null 2>&1
-else
- # Try to read seed if it was not initially present (e.g. /var on NFS)
- random_seed
-fi
+random_seed
# clean up left-over files
-rm -f /etc/nologin
-rm -f /var/spool/lock/LCK.*
-rm -f /var/spool/uucp/STST/*
+rm -f /etc/nologin /var/spool/lock/LCK.* /var/spool/uucp/STST/*
(cd /var/run && { rm -rf -- *; install -c -m 664 -g utmp /dev/null utmp; })
(cd /var/authpf && rm -rf -- *)
# save a copy of the boot messages
dmesg >/var/run/dmesg.boot
-echo 'starting system logger'
-rm -f /dev/log
-if [ X"${httpd_flags}" != X"-u" ]; then
- rm -f /var/www/dev/log
- syslogd_flags="${syslogd_flags} -a /var/www/dev/log"
-fi
-if [ X"${named_flags}" != X"NO" ]; then
- rm -f /var/named/dev/log
- syslogd_flags="${syslogd_flags} -a /var/named/dev/log"
-fi
-if [ X"${nsd_flags}" != X"NO" ]; then
- rm -f /var/nsd/dev/log
- syslogd_flags="${syslogd_flags} -a /var/nsd/dev/log"
-fi
-if [ -d /var/empty ]; then
- rm -f /var/empty/dev/log
- mkdir -p -m 0555 /var/empty/dev
- syslogd_flags="${syslogd_flags} -a /var/empty/dev/log"
-fi
-syslogd ${syslogd_flags}
+make_keys
-if [ X"${pf}" != X"NO" ]; then
- ifconfig pflog0 create >/dev/null 2>&1
- if ifconfig pflog0 >/dev/null 2>&1; then
- ifconfig pflog0 up
- if [ X"${pflogd_flags}" != X"NO" ]; then
- pflogd ${pflogd_flags}
- fi
- fi
-fi
+echo -n 'starting early daemons:'
+start_daemon syslogd ldattach pflogd named nsd ntpd isakmpd iked sasyncd
+echo '.'
-if [ X"${named_flags}" != X"NO" ]; then
- if ! cmp -s /etc/rndc.key /var/named/etc/rndc.key ; then
- echo -n "rndc-confgen: generating new shared secret... "
- if /usr/sbin/rndc-confgen -a -t /var/named >/dev/null 2>&1; then
- chmod 0640 /var/named/etc/rndc.key >/dev/null 2>&1
- echo done.
- else
- echo failed.
- fi
- fi
-
- echo 'starting named'; named $named_flags
-fi
-
-if [ X"${nsd_flags}" != X"NO" ]; then
- echo 'starting nsd'; nsd $nsd_flags
-fi
-
-if [ ! -f /etc/isakmpd/private/local.key ]; then
- echo -n "openssl: generating new isakmpd/iked RSA key... "
- if /usr/sbin/openssl genrsa -out /etc/isakmpd/private/local.key 2048 \
- > /dev/null 2>&1; then
- chmod 600 /etc/isakmpd/private/local.key
- openssl rsa -out /etc/isakmpd/local.pub \
- -in /etc/isakmpd/private/local.key -pubout > /dev/null 2>&1
- echo done.
- else
- echo failed.
- fi
-fi
-
-if [ ! -f /etc/iked/private/local.key ]; then
- # Just copy the generated isakmpd key
- cp /etc/isakmpd/private/local.key /etc/iked/private/local.key
- chmod 600 /etc/iked/private/local.key
- cp /etc/isakmpd/local.pub /etc/iked/local.pub
-fi
-
-if [ X"${isakmpd_flags}" != X"NO" ]; then
- if [ X"${sasyncd_flags}" != X"NO" ]; then
- isakmpd_flags="-S ${isakmpd_flags}"
- fi
- echo 'starting isakmpd'; isakmpd ${isakmpd_flags}
-fi
-
-if [ X"${iked_flags}" != X"NO" ]; then
- if [ X"${sasyncd_flags}" != X"NO" ]; then
- iked_flags="-S ${iked_flags}"
- fi
- echo 'starting iked'; iked ${iked_flags}
-fi
-
-if [ X"${sasyncd_flags}" != X"NO" ]; then
- echo 'starting sasyncd'; sasyncd ${sasyncd_flags}
-fi
-
if [ X"${ipsec}" != X"NO" ]; then
if [ -f ${ipsec_rules} ]; then
ipsecctl -f ${ipsec_rules}
fi
fi
-echo -n 'starting initial daemons:'
-
-if [ X"${portmap}" = X"YES" ]; then
- echo -n ' portmap'; portmap
+echo -n 'starting RPC daemons:'
+start_daemon portmap
+if [ X"`domainname`" != X"" ]; then
+ start_daemon ypserv ypbind yppasswdd
fi
-
-if [ X`domainname` != X ]; then
- if [ -d /var/yp/`domainname` ]; then
- # YP server capabilities needed...
- echo -n ' ypserv'; ypserv ${ypserv_flags}
- #echo -n ' ypxfrd'; ypxfrd
- fi
-
- if [ -d /var/yp/binding ]; then
- # YP client capabilities needed...
- echo -n ' ypbind'; ypbind
- fi
-
- if [ X"${yppasswdd_flags}" != X"NO" -a -d /var/yp/`domainname` ]; then
- # if we are the master server, run rpc.yppasswdd
- _host1=`ypwhich -m passwd 2> /dev/null`
- _host2=`hostname`
- if [ `grep '^lookup' /etc/resolv.conf | grep yp | wc -c` -ne 0 ]; then
- _host1=`ypmatch $_host1 hosts | cut -d' ' -f2`
- _host2=`ypmatch $_host2 hosts | cut -d' ' -f2 | head -1`
- else
- _host1=`echo $_host1 | nslookup | grep '^Name: ' | \
- sed -e 's/^Name: //'`
- _host2=`echo $_host2 | nslookup | grep '^Name: ' | \
- sed -e 's/^Name: //'`
- fi
- if [ "$_host2" = "$_host1" ]; then
- echo -n ' rpc.yppasswdd'
- rpc.yppasswdd ${yppasswdd_flags}
- fi
- fi
-fi
-
-if [ X"${nfs_server}" = X"YES" -a -s /etc/exports -a \
- `sed -e '/^#/d' < /etc/exports | wc -l` -ne 0 ]; then
- rm -f /var/db/mountdtab
- echo -n > /var/db/mountdtab
- echo -n ' mountd'; mountd
- echo -n ' nfsd'; nfsd ${nfsd_flags}
- if [ X"${lockd}" = X"YES" ]; then
- echo -n ' rpc.lockd'; rpc.lockd
- echo -n ' rpc.statd'; rpc.statd
- fi
-fi
-
-if [ X"${amd}" = X"YES" -a -e ${amd_master} ]; then
- echo -n ' amd'
- (cd /etc/amd; amd `cat ${amd_master}`)
-fi
-
-# run rdate before timed/ntpd
-if [ X"${rdate_flags}" != X"NO" ]; then
- echo -n ' rdate'; rdate -s ${rdate_flags}
-fi
-
-if [ X"${timed_flags}" != X"NO" ]; then
- echo -n ' timed'; timed $timed_flags
-fi
-
-if [ X"${ldattach_flags}" != X"NO" -a -n "${ldattach_flags}" ]; then
- echo -n ' ldattach'; ldattach ${ldattach_flags}
-fi
-
-if [ X"${ntpd_flags}" != X"NO" ]; then
- echo -n ' ntpd'; ntpd $ntpd_flags
-fi
+start_daemon ypldap mountd nfsd lockd statd amd
echo '.'
mount -a
-
swapctl -A -t noblk
# /var/crash should be a directory or a symbolic link
@@ -505,14 +422,6 @@
savecore ${savecore_flags} /var/crash
fi
-if [ X"${afs}" = X"YES" -a -c /dev/nnpfs0 ]; then
- echo -n 'mounting afs:'
- mkdir -p -m 0755 /afs
- mount -t nnpfs /dev/nnpfs0 /afs
- /usr/libexec/afsd ${afsd_flags}
- echo ' done.'
-fi
-
if [ X"${check_quotas}" = X"YES" ]; then
echo -n 'checking quotas:'
quotacheck -a
@@ -520,21 +429,15 @@
quotaon -a
fi
-# build ps databases
-echo -n 'building ps databases:'
-echo -n " kvm"
-kvm_mkdb
-echo -n " dev"
+kvm_mkdb # build kvm(3) databases
dev_mkdb
-echo "."
-
chmod 666 /dev/tty[pqrstuvwxyzPQRST]*
chown root:wheel /dev/tty[pqrstuvwxyzPQRST]*
# check the password temp/lock file
if [ -f /etc/ptmp ]; then
logger -s -p auth.err \
- 'password file may be incorrect -- /etc/ptmp exists'
+ 'password file may be incorrect -- /etc/ptmp exists'
fi
echo clearing /tmp
@@ -546,24 +449,7 @@
find . ! -name . ! -name lost+found ! -name quota.user \
! -name quota.group -execdir rm -rf -- {} \; -type d -prune)
-# create Unix sockets directories for X if needed and make sure they have
-# correct permissions
-if [ -d /usr/X11R6/lib ]; then
- for d in /tmp/.X11-unix /tmp/.ICE-unix ; do
- if [ -d $d ]; then
- if [ `ls -ld $d | cut -d' ' -f4` != root ]; then
- chown root $d
- fi
- if [ `ls -ld $d | cut -d' ' -f1` != drwxrwxrwt ]; then
- chmod 1777 $d
- fi
- elif [ -e $d ]; then
- echo "Error: $d exists and isn't a directory."
- else
- mkdir -m 1777 $d
- fi
- done
-fi
+setup_X_sockets
[ -f /etc/rc.securelevel ] && . /etc/rc.securelevel
if [ X"${securelevel}" != X"" ]; then
@@ -575,8 +461,7 @@
if [ ! -f /etc/motd ]; then
install -c -o root -g wheel -m 664 /dev/null /etc/motd
fi
-T=`mktemp /tmp/_motd.XXXXXXXXXX`
-if [ $? -eq 0 ]; then
+if T=`mktemp /tmp/_motd.XXXXXXXXXX`; then
sysctl -n kern.version | sed 1q > $T
echo "" >> $T
sed '1,/^$/d' < /etc/motd >> $T
@@ -602,268 +487,55 @@
ldconfig $shlib_dirs
fi
-if [ -x /usr/libexec/vi.recover ]; then
- echo 'preserving editor files.'; /usr/libexec/vi.recover
-fi
+echo 'preserving editor files.'; /usr/libexec/vi.recover
-if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
- echo -n "ssh-keygen: generating new DSA host key... "
- if /usr/bin/ssh-keygen -q -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''; then
- echo done.
- else
- echo failed.
- fi
-fi
-if [ ! -f /etc/ssh/ssh_host_ecdsa_key ]; then
- echo -n "ssh-keygen: generating new ECDSA host key... "
- if /usr/bin/ssh-keygen -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N ''; then
- echo done.
- else
- echo failed.
- fi
-fi
-if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then
- echo -n "ssh-keygen: generating new RSA host key... "
- if /usr/bin/ssh-keygen -q -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''; then
- echo done.
- else
- echo failed.
- fi
-fi
-if [ ! -f /etc/ssh/ssh_host_key ]; then
- echo -n "ssh-keygen: generating new RSA1 host key... "
- if /usr/bin/ssh-keygen -q -t rsa1 -f /etc/ssh/ssh_host_key -N ''; then
- echo done.
- else
- echo failed.
- fi
-fi
+echo -n 'starting network daemons:'
+start_daemon sshd snmpd ldpd ripd ospfd ospf6d bgpd ifstated
+start_daemon relayd dhcpd dhcrelay mrouted dvmrpd
-echo -n starting network daemons:
-
-if [ X"${sshd_flags}" != X"NO" ]; then
- echo -n ' sshd'; /usr/sbin/sshd ${sshd_flags}
-fi
-
-if [ X"${snmpd_flags}" != X"NO" ]; then
- echo -n ' snmpd'; /usr/sbin/snmpd $snmpd_flags
-fi
-
-if [ X"${ldpd_flags}" != X"NO" ]; then
- echo -n ' ldpd'; /usr/sbin/ldpd $ldpd_flags
-fi
-
-if [ X"${ripd_flags}" != X"NO" ]; then
- echo -n ' ripd'; /usr/sbin/ripd $ripd_flags
-fi
-
-if [ X"${mrouted_flags}" != X"NO" ]; then
- echo -n ' mrouted'; mrouted $mrouted_flags
-fi
-
-if [ X"${dvmrpd_flags}" != X"NO" ]; then
- echo -n ' dvmrpd'; /usr/sbin/dvmrpd $dvmrpd_flags
-fi
-
-if [ X"${ospfd_flags}" != X"NO" ]; then
- echo -n ' ospfd'; /usr/sbin/ospfd $ospfd_flags
-fi
-
-if [ X"${ospf6d_flags}" != X"NO" ]; then
- echo -n ' ospf6d'; /usr/sbin/ospf6d $ospf6d_flags
-fi
-
-if [ X"${bgpd_flags}" != X"NO" ]; then
- echo -n ' bgpd'; /usr/sbin/bgpd $bgpd_flags
-fi
-
-if [ X"${ifstated_flags}" != X"NO" ]; then
- echo -n ' ifstated'; ifstated $ifstated_flags
-fi
-
-if [ X"${relayd_flags}" != X"NO" ]; then
- echo -n ' relayd'; /usr/sbin/relayd $relayd_flags
-fi
-
-if [ X"${dhcpd_flags}" != X"NO" -a -f /etc/dhcpd.conf ]; then
- touch /var/db/dhcpd.leases
- echo -n ' dhcpd'; /usr/sbin/dhcpd ${dhcpd_flags}
-fi
-
-if [ X"${dhcrelay_flags}" != X"NO" ]; then
- echo -n ' dhcrelay'; /usr/sbin/dhcrelay $dhcrelay_flags
-fi
-
if ifconfig lo0 inet6 >/dev/null 2>&1; then
fw=`sysctl -n net.inet6.ip6.forwarding`
if [ X"${fw}" = X"0" ]; then
- if [ X"${rtsold_flags}" != X"NO" ]; then
- echo -n ' rtsold'
- /usr/sbin/rtsold ${rtsold_flags}
- fi
+ start_daemon rtsold
else
- if [ X"${route6d_flags}" != X"NO" ]; then
- echo -n ' route6d'
- /usr/sbin/route6d ${route6d_flags}
- fi
- if [ X"${rtadvd_flags}" != X"NO" ]; then
- echo -n ' rtadvd'
- /usr/sbin/rtadvd ${rtadvd_flags}
- fi
+ start_daemon route6d rtadvd
fi
fi
-if [ X"${hostapd_flags}" != X"NO" ]; then
- echo -n ' hostapd'; /usr/sbin/hostapd ${hostapd_flags}
-fi
+start_daemon hostapd rwhod lpd ldapd sendmail smtpd httpd ftpd
+start_daemon ftpproxy identd inetd rarpd bootparamd rbootd mopd
+start_daemon spamd spamlogd kdc kadmind kpasswdd aucat
+echo '.'
-if [ X"${bt}" != X"NO" ]; then
- echo -n ' btd'; /usr/sbin/btd
- if [ -f ${bt_rules} ]; then
- btctl -f ${bt_rules}
- fi
-fi
-
-if [ X"${rwhod}" = X"YES" ]; then
- echo -n ' rwhod'; rwhod
-fi
-
-
-if [ X"${lpd_flags}" != X"NO" ]; then
- echo -n ' lpd'; lpd ${lpd_flags}
-fi
-
-if [ X"${ldapd_flags}" != X"NO" ]; then
- echo -n ' ldapd'; /usr/sbin/ldapd ${ldapd_flags}
-fi
-
-# We call sendmail with a full path so that SIGHUP works.
-# Note that /usr/sbin/sendmail may actually call a
-# mailer other than sendmail, depending on /etc/mailer.conf.
-if [ X"${sendmail_flags}" != X"NO" -a -s /etc/mailer.conf ]; then
- echo -n ' sendmail'; ( /usr/sbin/sendmail ${sendmail_flags} >/dev/null 2>&1 & )
-fi
-
-if [ X"${smtpd_flags}" != X"NO" ]; then
- echo -n ' smtpd'; smtpd $smtpd_flags
-fi
-
-if [ X"${httpd_flags}" != X"NO" ]; then
- # Clean up left-over httpd locks
- rm -f /var/www/logs/{ssl_mutex,httpd.lock,accept.lock}.*
- echo -n ' httpd'; /usr/sbin/httpd ${httpd_flags}
-fi
-
-if [ X"${ftpd_flags}" != X"NO" ]; then
- echo -n ' ftpd'; /usr/libexec/ftpd ${ftpd_flags}
-fi
-
-if [ X"${ftpproxy_flags}" != X"NO" ]; then
- echo -n ' ftp-proxy'; /usr/sbin/ftp-proxy ${ftpproxy_flags}
-fi
-
-if [ X"${identd_flags}" != X"NO" ]; then
- echo -n ' identd'; /usr/libexec/identd ${identd_flags}
-fi
-
-if [ X"${inetd}" = X"YES" -a -e /etc/inetd.conf ]; then
- echo -n ' inetd'; inetd
-fi
-
if [ X"${spamd_flags}" != X"NO" ]; then
- if [ X"${spamd_black}" != X"NO" ]; then
- spamd_flags="${spamd_flags} -b"
- fi
- echo -n ' spamd'; eval /usr/libexec/spamd ${spamd_flags}
/usr/libexec/spamd-setup -D
- if [ X"${spamd_black}" = X"NO" ]; then
- echo -n ' spamlogd'
- /usr/libexec/spamlogd ${spamlogd_flags}
- fi
fi
-if [ X"${rarpd_flags}" != X"NO" -a -s /etc/ethers ]; then
- echo -n ' rarpd'; rarpd ${rarpd_flags}
-fi
-
-if [ X"${bootparamd_flags}" != X"NO" -a -s /etc/bootparams ]; then
- echo -n ' rpc.bootparamd'; rpc.bootparamd ${bootparamd_flags}
-fi
-
-if [ X"${rbootd_flags}" != X"NO" -a -s /etc/rbootd.conf ]; then
- echo -n ' rbootd'; rbootd ${rbootd_flags}
-fi
-
-if [ X"${mopd_flags}" != X"NO" -a -d /tftpboot/mop ]; then
- echo -n ' mopd'; mopd ${mopd_flags}
-fi
-
-echo '.'
-
-mixerctl_conf
-
-if [ X"${aucat_flags}" != X"NO" ]; then
- aucat -l ${aucat_flags}
-fi
-
-# KerberosV master KDC
-if [ X"${krb5_master_kdc}" = X"YES" ]; then
- echo 'KerberosV master KDC'
- /usr/libexec/kdc &
- /usr/libexec/kadmind &
- /usr/libexec/kpasswdd &
-fi
-
-# KerberosV slave KDC
-if [ X"${krb5_slave_kdc}" = X"YES" ]; then
- echo 'KerberosV slave KDC'
- /usr/libexec/kdc &
- # Remember to enable hpropd in inetd.conf
-fi
-
# If rc.firstime exists, run it just once, and make sure it is deleted
if [ -f /etc/rc.firsttime ]; then
mv /etc/rc.firsttime /etc/rc.firsttime.run
- . /etc/rc.firsttime.run 2>&1 | mail -s 'rc.firsttime output' root >/dev/null
+ . /etc/rc.firsttime.run 2>&1 | tee /dev/tty |
+ mail -Es "`hostname` rc.firsttime output" root >/dev/null
fi
rm -f /etc/rc.firsttime.run
-[ -f /etc/rc.local ] && . /etc/rc.local
-
-echo -n standard daemons:
-
-if [ X"${apmd_flags}" != X"NO" -a -x /usr/sbin/apmd ]; then
- echo -n ' apmd'; /usr/sbin/apmd ${apmd_flags}
+# Run rc.d(8) scripts from packages
+if [ -n "${pkg_scripts}" ]; then
+ echo -n 'starting package daemons:'
+ for _r in $pkg_scripts; do
+ [ -x /etc/rc.d/${_r} ] && start_daemon ${_r}
+ done
+ echo '.'
fi
-if [ X"${sensorsd_flags}" != X"NO" ]; then
- echo -n ' sensorsd'; /usr/sbin/sensorsd ${sensorsd_flags}
-fi
+[ -f /etc/rc.local ] && . /etc/rc.local
-if [ X"${hotplugd_flags}" != X"NO" -a -x /usr/sbin/hotplugd ]; then
- echo -n ' hotplugd'; /usr/sbin/hotplugd ${hotplugd_flags}
-fi
+ifconfig -g carp -carpdemote 128 # disable carp interlock
-if [ X"${watchdogd_flags}" != X"NO" -a -x /usr/sbin/watchdogd ]; then
- echo -n ' watchdogd'; /usr/sbin/watchdogd ${watchdogd_flags}
-fi
-
-echo -n ' cron'; cron
-
-# disable carp interlock
-ifconfig -g carp -carpdemote 128
-
+mixerctl_conf
+echo -n 'starting local daemons:'
+start_daemon apmd sensorsd hotplugd watchdogd cron wsmoused xdm
echo '.'
date
-
-if [ X"${wsmoused_flags}" != X"NO" -a -x /usr/sbin/wsmoused ]; then
- echo 'starting wsmoused...'; /usr/sbin/wsmoused ${wsmoused_flags}
-fi
-
-# Alternatively, on some architectures, xdm may be started in /etc/ttys.
-if [ X"${xdm_flags}" != X"NO" -a -x /usr/X11R6/bin/xdm ]; then
- echo 'starting xdm...'; /usr/X11R6/bin/xdm ${xdm_flags}
-fi
-
exit 0
diff -ur etc49/etc/rc.conf etc50/etc/rc.conf
--- etc49/etc/rc.conf Wed Mar 2 14:51:49 2011
+++ etc50/etc/rc.conf Wed Aug 17 17:50:53 2011
@@ -1,6 +1,6 @@
#!/bin/sh -
#
-# $OpenBSD: rc.conf,v 1.141 2011/02/12 11:21:01 ajacoutot Exp $
+# $OpenBSD: rc.conf,v 1.160 2011/07/24 15:33:41 fgsch Exp $
# set these to "NO" to turn them off. otherwise, they're used as flags
ldpd_flags=NO # for normal use: ""
@@ -17,8 +17,6 @@
sshd_flags="" # for normal use: ""
named_flags=NO # for normal use: ""
nsd_flags=NO # for normal use: ""
-rdate_flags=NO # for normal use: [RFC868-host] or [-n RFC2030-host]
-timed_flags=NO # for normal use: ""
ldattach_flags=NO # for normal use: "[options] linedisc cua-device"
ntpd_flags=NO # for normal use: ""
isakmpd_flags=NO # for normal use: ""
@@ -35,6 +33,7 @@
rtsold_flags=NO # for normal use: interface
# be sure to set net.inet6.ip6.forwarding=0
# be sure to set net.inet6.ip6.accept_rtadv=1
+ # be sure to set net.inet6.icmp6.rediraccept=1
lpd_flags=NO # for normal use: "" (or "-l" for debugging)
sensorsd_flags=NO # for normal use: ""
hotplugd_flags=NO # for normal use: ""
@@ -47,6 +46,14 @@
smtpd_flags=NO # for normal use: ""
aucat_flags=NO # for normal use: ""
ldapd_flags=NO # for normal use: ""
+inetd_flags="" # for normal use: ""
+rwhod_flags=NO # for normal use: ""
+portmap_flags=NO # for normal use: ""
+kdc_flags=NO # for normal use: "" see 'info heimdal' for help
+kadmind_flags=NO # for normal use: ""
+kpasswdd_flags=NO # for normal use: ""
+btd_flags=NO # for normal use: ""
+amd_flags=NO # for normal use: ""
# use -u to disable chroot, see httpd(8)
httpd_flags=NO # for normal use: "" (or "-DSSL" after reading ssl(8))
@@ -70,20 +77,13 @@
wsmoused_flags=NO # for ps/2 or usb mice: "", serial: "-p /dev/cua00"
# set the following to "YES" to turn them on
-rwhod=NO
-nfs_server=NO # see sysctl.conf for nfs client configuration
-lockd=NO
-amd=NO
pf=YES # Packet filter / NAT
ipsec=NO # IPsec
bt=NO # Bluetooth
portmap=NO # Note: inetd(8) rpc services need portmap too
-inetd=YES # almost always needed
check_quotas=YES # NO may be desirable in some YP environments
accounting=NO # process accounting (using /var/account/acct)
-krb5_master_kdc=NO # KerberosV master KDC. Run 'info heimdal' for help.
-krb5_slave_kdc=NO # KerberosV slave KDC.
afs=NO # mount and run afs
# Multicast routing configuration
@@ -92,11 +92,14 @@
multicast_router=NO # A multicast routing daemon will be run, e.g. mrouted
# miscellaneous other flags
-# only used if the appropriate server is marked YES above
savecore_flags= # "-z" to compress
-ypserv_flags= # E.g. -1 for YP v1, -d for DNS etc
+ypserv_flags=NO # add more flags, eg. -1 for YP v1, -d for DNS etc
+ypldap_flags=NO # for normal use: ""
yppasswdd_flags=NO # "-d /etc/yp" if passwd files are in /etc/yp
-nfsd_flags="-tun 4" # Crank the 4 for a busy NFS fileserver
+nfsd_flags=NO # for normal use: "-tun 4" and see nfsd(8)
+mountd_flags=NO # for normal use: ""
+lockd_flags=NO # for normal use: ""
+statd_flags=NO # for normal use: ""
amd_master=/etc/amd/master # AMD 'master' map
syslogd_flags= # add more flags, e.g. "-u -a /chroot/dev/log"
pf_rules=/etc/pf.conf # Packet filter rules file
@@ -107,10 +110,40 @@
shlib_dirs= # extra directories for ldconfig, separated
# by space
-# rc.d(8) daemons scripts
+# rc.d(8) packages scripts
# started in the specified order and stopped in reverse order
-rc_scripts=
+pkg_scripts=
local_rcconf="/etc/rc.conf.local"
+unset inetd_flags rwhod_flags portmap_flags kdc_flags kadmind_flags
+unset kpasswdd_flags btd_flags nfsd_flags mountd_flags lockd_flags
+unset statd_flags amd_flags
+
[ -f ${local_rcconf} ] && . ${local_rcconf} # Do not edit this line
+
+# special care needed for spamlogd to avoid starting it up and failing
+# all the time
+if [ X"${spamd_flags}" = X"NO" -o X"${spamd_black}" != X"NO" ]; then
+ spamlogd_flags=NO
+fi
+
+# special care needed for pflogd to avoid starting it up and failing
+# if pf is not enabled
+if [ X"${pf}" = X"NO" ]; then
+ pflogd_flags=NO
+fi
+
+# backward compatibility
+: ${inetd_flags=$([ X"${inetd-YES}" = XYES ] || echo NO)}
+: ${rwhod_flags=$([ X"${rwhod-NO}" = XYES ] || echo NO)}
+: ${portmap_flags=$([ X"${portmap-NO}" = XYES ] || echo NO)}
+: ${kdc_flags=$([ X"${krb5_master_kdc-NO}" = XYES -o X"${krb5_slave_kdc-NO}" = XYES ] || echo NO)}
+: ${kadmind_flags=$([ X"${krb5_master_kdc-NO}" = XYES ] || echo NO)}
+: ${kpasswdd_flags=$([ X"${krb5_master_kdc-NO}" = XYES ] || echo NO)}
+: ${btd_flags=$([ X"${bt-NO}" = XYES ] || echo NO)}
+: ${nfsd_flags=$([ X"${nfs_server-NO}" = XYES ] && echo "-tun 4" || echo NO)}
+: ${mountd_flags=$([ X"${nfs_server-NO}" = XYES ] || echo NO)}
+: ${lockd_flags=$([ X"${lockd-NO}" = XYES ] || echo NO)}
+: ${statd_flags=$([ X"${lockd-NO}" = XYES ] || echo NO)}
+: ${amd_flags=$([ X"${amd-NO}" = XYES ] || echo NO)}
Only in etc50/etc: rc.d
diff -ur etc49/etc/rc.local etc50/etc/rc.local
--- etc49/etc/rc.local Wed Mar 2 14:51:49 2011
+++ etc50/etc/rc.local Wed Aug 17 17:50:53 2011
@@ -1,16 +1,6 @@
-# $OpenBSD: rc.local,v 1.41 2010/11/05 10:03:00 ajacoutot Exp $
+# $OpenBSD: rc.local,v 1.44 2011/04/22 06:08:14 ajacoutot Exp $
# Site-specific startup actions, daemons, and other things which
# can be done AFTER your system goes into securemode. For actions
# which should be done BEFORE your system has gone into securemode
# please see /etc/rc.securelevel.
-
-echo -n 'starting local daemons:'
-
-for _r in $rc_scripts; do
- [ -x /etc/rc.d/${_r} ] && echo -n " ${_r}" && /etc/rc.d/${_r} start
-done
-
-# Add your local startup actions here.
-
-echo '.'
diff -ur etc49/etc/rc.shutdown etc50/etc/rc.shutdown
--- etc49/etc/rc.shutdown Wed Mar 2 14:51:49 2011
+++ etc50/etc/rc.shutdown Wed Aug 17 17:50:53 2011
@@ -1,4 +1,4 @@
-# $OpenBSD: rc.shutdown,v 1.10 2010/11/26 08:09:35 ajacoutot Exp $
+# $OpenBSD: rc.shutdown,v 1.12 2011/04/22 06:08:14 ajacoutot Exp $
#
# If it exists, this script is run at system-shutdown by reboot(8),
# halt(8). If the architecture supports keyboard requested halting,
@@ -7,14 +7,4 @@
powerdown=NO # set to YES for powerdown
-echo -n 'stopping local daemons:'
-
-while [ -n "${rc_scripts}" ]; do
- _r=${rc_scripts##* }
- rc_scripts=${rc_scripts%%*( )${_r}}
- [ -x /etc/rc.d/${_r} ] && echo -n " ${_r}" && /etc/rc.d/${_r} stop
-done
-
# Add your local shutdown actions here.
-
-echo '.'
diff -ur etc49/etc/relayd.conf etc50/etc/relayd.conf
--- etc49/etc/relayd.conf Wed Mar 2 14:51:50 2011
+++ etc50/etc/relayd.conf Wed Aug 17 17:50:54 2011
@@ -1,4 +1,4 @@
-# $OpenBSD: relayd.conf,v 1.13 2008/03/03 16:58:41 reyk Exp $
+# $OpenBSD: relayd.conf,v 1.14 2011/04/07 13:33:52 reyk Exp $
#
# Macros
#
@@ -82,6 +82,10 @@
# Return HTTP/HTML error pages to the client
return error
+ # Block disallowed sites
+ label "URL filtered!"
+ request url filter "www.example.com/"
+
# Block disallowed browsers
label "Please try a <em>different Browser</em>"
header filter "Mozilla/4.0 (compatible; MSIE *" from "User-Agent"
@@ -96,10 +100,10 @@
}
relay httpproxy {
- # Listen on localhost, accept redirected connections from pf(4)
+ # Listen on localhost, accept diverted connections from pf(4)
listen on 127.0.0.1 port 8080
protocol httpfilter
# Forward to the original target host
- forward to nat lookup
+ forward to destination
}
diff -ur etc49/etc/remote etc50/etc/remote
--- etc49/etc/remote Wed Mar 2 14:51:49 2011
+++ etc50/etc/remote Wed Aug 17 17:50:53 2011
@@ -1,4 +1,4 @@
-# $OpenBSD: remote,v 1.12 2010/06/29 17:17:53 nicm Exp $
+# $OpenBSD: remote,v 1.13 2011/07/07 19:16:42 deraadt Exp $
# from: @(#)remote 8.1 (Berkeley) 6/10/93
#
# remote -- remote host description database
@@ -53,7 +53,7 @@
unixhost:\
:pa=none:br#9600:el=^U^C^R^O^D^S^Q:ie=%$:oe=^D:
-tty00|For hp300,i386,mac68k,macppc,mvmeppc,vax:\
+tty00|For hp300,i386,mac68k,macppc,vax:\
:dv=/dev/tty00:tc=direct:tc=unixhost:
ttya|For sparc,mvme68k:\
Only in etc49/etc: security
diff -ur etc49/etc/ssh/sshd_config etc50/etc/ssh/sshd_config
--- etc49/etc/ssh/sshd_config Wed Mar 2 14:51:51 2011
+++ etc50/etc/ssh/sshd_config Wed Aug 17 17:50:55 2011
@@ -1,11 +1,11 @@
-# $OpenBSD: sshd_config,v 1.82 2010/09/06 17:10:19 naddy Exp $
+# $OpenBSD: sshd_config,v 1.84 2011/05/23 03:30:07 djm Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
-# possible, but leave them commented. Uncommented options change a
+# possible, but leave them commented. Uncommented options override the
# default value.
#Port 22
@@ -42,7 +42,10 @@
#RSAAuthentication yes
#PubkeyAuthentication yes
-#AuthorizedKeysFile .ssh/authorized_keys
+
+# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
+# but this is overridden so installations will only check .ssh/authorized_keys
+AuthorizedKeysFile .ssh/authorized_keys
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
diff -ur etc49/etc/sysctl.conf etc50/etc/sysctl.conf
--- etc49/etc/sysctl.conf Wed Mar 2 14:51:50 2011
+++ etc50/etc/sysctl.conf Wed Aug 17 17:50:53 2011
@@ -1,4 +1,4 @@
-# $OpenBSD: sysctl.conf,v 1.49 2011/02/16 10:37:45 mikeb Exp $
+# $OpenBSD: sysctl.conf,v 1.52 2011/06/24 19:47:48 naddy Exp $
#
# This file contains a list of sysctl options the user wants set at
# boot time. See sysctl(3) and sysctl(8) for more information on
@@ -8,7 +8,7 @@
#net.inet.ip.mforwarding=1 # 1=Permit forwarding (routing) of IPv4 multicast packets
#net.inet.ip.multipath=1 # 1=Enable IP multipath routing
#net.inet.icmp.rediraccept=1 # 1=Accept ICMP redirects
-#net.inet6.icmp6.rediraccept=0 # 0=Don't accept IPv6 ICMP redirects
+#net.inet6.icmp6.rediraccept=1 # 1=Accept IPv6 ICMP redirects (for hosts)
#net.inet6.ip6.forwarding=1 # 1=Permit forwarding (routing) of IPv6 packets
#net.inet6.ip6.mforwarding=1 # 1=Permit forwarding (routing) of IPv6 multicast packets
#net.inet6.ip6.multipath=1 # 1=Enable IPv6 multipath routing
@@ -35,6 +35,8 @@
#kern.nosuidcoredump=2 # 2=Put suid coredumps in /var/crash
#kern.watchdog.period=32 # >0=Enable hardware watchdog(4) timer if available
#kern.watchdog.auto=0 # 0=Disable automatic watchdog(4) retriggering
+#kern.pool_debug=0 # 0=Disable pool corruption checks (faster)
+#hw.allowpowerdown=0 # 0=Disable power button shutdown
#machdep.allowaperture=2 # See xf86(4)
#machdep.apmhalt=1 # 1=powerdown hack, try if halt -p doesn't work
#machdep.kbdreset=1 # permit console CTRL-ALT-DEL to do a nice halt
@@ -42,6 +44,4 @@
#machdep.userldt=1 # allow userland programs to play with ldt,
# required by some ports
#kern.emul.aout=1 # enable running dynamic OpenBSD a.out bins
-#kern.emul.freebsd=1 # enable running FreeBSD binaries
#kern.emul.linux=1 # enable running Linux binaries
-#kern.emul.svr4=1 # enable running SVR4 binaries
diff -ur etc49/etc/weekly etc50/etc/weekly
--- etc49/etc/weekly Wed Mar 2 14:51:49 2011
+++ etc50/etc/weekly Wed Aug 17 17:50:53 2011
@@ -1,5 +1,5 @@
#
-# $OpenBSD: weekly,v 1.24 2011/01/19 06:18:05 david Exp $
+# $OpenBSD: weekly,v 1.25 2011/07/07 23:09:46 guenther Exp $
#
# For local additions, create the file /etc/weekly.local.
# To get section headers, use the function next_part in weekly.local.
@@ -45,8 +45,7 @@
next_part "Rebuilding locate database:"
if [ -f /var/db/locate.database ]; then
- TMP=`mktemp /var/db/locate.database.XXXXXXXXXX`
- if [ $? -eq 0 ]; then
+ if TMP=`mktemp /var/db/locate.database.XXXXXXXXXX`; then
trap 'rm -f $TMP; exit 1' 0 1 15
UPDATEDB="/usr/libexec/locate.updatedb"
echo "${UPDATEDB} --fcodes=- --tmpdir=${TMPDIR:-/var/tmp}" | \
Only in etc50/etc: ypldap.conf
diff -ur etc49/var/db/sysmerge/etcsum etc50/var/db/sysmerge/etcsum
--- etc49/var/db/sysmerge/etcsum Wed Mar 2 14:57:58 2011
+++ etc50/var/db/sysmerge/etcsum Wed Aug 17 18:00:10 2011
@@ -8,13 +8,13 @@
4294967295 0 ./etc/authpf
4182151039 3038 ./etc/bgpd.conf
3876916992 185 ./etc/ccd.conf
-3448035340 3341 ./etc/changelist
+3775300743 3330 ./etc/changelist
252594545 410 ./etc/chio.conf
1472356903 102 ./etc/csh.cshrc
2703696912 102 ./etc/csh.login
3431436583 104 ./etc/csh.logout
-1728858655 5277 ./etc/daily
-2378293123 591 ./etc/dhclient.conf
+333940016 5302 ./etc/daily
+1049233877 521 ./etc/dhclient.conf
4136716515 733 ./etc/dhcpd.conf
3581520 790 ./etc/disktab
4294967295 0 ./etc/dumpdates
@@ -38,7 +38,7 @@
4294967295 0 ./etc/iked/pubkeys/ufqdn
1419656858 2381 ./etc/inetd.conf
4243353537 1122 ./etc/ipsec.conf
-1378435518 4005 ./etc/ksh.kshrc
+3233988592 4078 ./etc/ksh.kshrc
1239840989 19658 ./etc/ldap/core.schema
4128381391 2737 ./etc/ldap/inetorgperson.schema
2139975806 7443 ./etc/ldap/nis.schema
@@ -46,8 +46,8 @@
1669450874 301 ./etc/ldpd.conf
4063907622 2388 ./etc/localtime
1272061458 555 ./etc/locate.rc
-3897767250 2242 ./etc/login.conf
-3718017018 143932 ./etc/lynx.cfg
+1110035010 2356 ./etc/login.conf
+982492453 149343 ./etc/lynx.cfg
4140050977 105 ./etc/mail.rc
180804272 2556 ./etc/mail/Makefile
2236616533 3388 ./etc/mail/README
@@ -59,36 +59,35 @@
2937419450 65536 ./etc/mail/genericstable.db
2054762348 5663 ./etc/mail/helpfile
987201812 466 ./etc/mail/local-host-names
-382135422 40742 ./etc/mail/localhost.cf
+3386756419 58736 ./etc/mail/localhost.cf
3116949394 562 ./etc/mail/mailertable
2937419450 65536 ./etc/mail/mailertable.db
1149556019 490 ./etc/mail/relay-domains
-4292518303 64505 ./etc/mail/sendmail.cf
+422510689 64855 ./etc/mail/sendmail.cf
667510436 300 ./etc/mail/smtpd.conf
3479831541 1876 ./etc/mail/spamd.conf
-1379803338 41794 ./etc/mail/submit.cf
+2844956136 41813 ./etc/mail/submit.cf
942407207 561 ./etc/mail/trusted-users
780872591 621 ./etc/mail/virtusertable
2937419450 65536 ./etc/mail/virtusertable.db
233395827 424 ./etc/mailer.conf
-408305320 2010 ./etc/man.conf
+538068741 2028 ./etc/man.conf
3970800728 3030 ./etc/master.passwd
3948491597 159160 ./etc/moduli
1897395865 911 ./etc/monthly
1116441835 406 ./etc/motd
3992554006 1531 ./etc/mrouted.conf
1841534430 17 ./etc/myname
-3166902118 9791 ./etc/netstart
+2821369227 9776 ./etc/netstart
2935274938 203 ./etc/networks
-968301387 754 ./etc/newsyslog.conf
+1749469726 751 ./etc/newsyslog.conf
522072229 474 ./etc/nsd.conf
3066868024 493 ./etc/ntpd.conf
2444571113 467 ./etc/ospf6d.conf
4056398302 590 ./etc/ospfd.conf
1160083724 2770 ./etc/passwd
-1588100705 1004 ./etc/pf.conf
+3723656003 1014 ./etc/pf.conf
1081783036 28452 ./etc/pf.os
-1486162102 322 ./etc/portal.conf
2639296339 141 ./etc/ppp/chap-secrets
2633022360 22 ./etc/ppp/options
1780344634 5 ./etc/ppp/options.leaf
@@ -97,18 +96,82 @@
1129771337 5680 ./etc/protocols
3597021780 40960 ./etc/pwd.db
1686087193 344 ./etc/rbootd.conf
-3662757083 20802 ./etc/rc
-3512624051 4577 ./etc/rc.conf
-492396179 484 ./etc/rc.local
+2763463174 12389 ./etc/rc
+1578515318 6004 ./etc/rc.conf
+267637332 312 ./etc/rc.d/amd
+1265943401 139 ./etc/rc.d/apmd
+261475010 245 ./etc/rc.d/aucat
+2834649058 148 ./etc/rc.d/bgpd
+3740553734 193 ./etc/rc.d/bootparamd
+2038945235 161 ./etc/rc.d/btd
+730954222 125 ./etc/rc.d/cron
+3047728792 186 ./etc/rc.d/dhcpd
+68343521 147 ./etc/rc.d/dhcrelay
+1327359381 143 ./etc/rc.d/dvmrpd
+3135602125 142 ./etc/rc.d/ftpd
+3094353546 148 ./etc/rc.d/ftpproxy
+395773181 131 ./etc/rc.d/hostapd
+2636195187 133 ./etc/rc.d/hotplugd
+3834501401 223 ./etc/rc.d/httpd
+1739603648 146 ./etc/rc.d/identd
+2768964995 133 ./etc/rc.d/ifstated
+464380069 244 ./etc/rc.d/iked
+578927436 127 ./etc/rc.d/inetd
+1126074747 260 ./etc/rc.d/isakmpd
+3201856125 161 ./etc/rc.d/kadmind
+1322067361 153 ./etc/rc.d/kdc
+2083241768 163 ./etc/rc.d/kpasswdd
+2394091930 127 ./etc/rc.d/ldapd
+246626946 185 ./etc/rc.d/ldattach
+3305142314 148 ./etc/rc.d/ldpd
+2348371821 148 ./etc/rc.d/lockd
+1907405467 123 ./etc/rc.d/lpd
+3024300963 175 ./etc/rc.d/mopd
+1230391394 273 ./etc/rc.d/mountd
+645692843 131 ./etc/rc.d/mrouted
+4201548706 151 ./etc/rc.d/named
+3936574830 263 ./etc/rc.d/nfsd
+408870648 123 ./etc/rc.d/nsd
+3762480537 148 ./etc/rc.d/ntpd
+1296917791 153 ./etc/rc.d/ospf6d
+115544782 152 ./etc/rc.d/ospfd
+890096221 321 ./etc/rc.d/pflogd
+596435374 148 ./etc/rc.d/portmap
+943130337 175 ./etc/rc.d/rarpd
+1412695812 129 ./etc/rc.d/rbootd
+4190350284 3686 ./etc/rc.d/rc.subr
+3270191689 154 ./etc/rc.d/relayd
+1026433280 148 ./etc/rc.d/ripd
+2497839557 131 ./etc/rc.d/route6d
+913712826 143 ./etc/rc.d/rtadvd
+2842351940 143 ./etc/rc.d/rtsold
+1851593216 127 ./etc/rc.d/rwhod
+2618722736 157 ./etc/rc.d/sasyncd
+463419716 201 ./etc/rc.d/sendmail
+492290785 133 ./etc/rc.d/sensorsd
+2155830537 127 ./etc/rc.d/smtpd
+3610797679 151 ./etc/rc.d/snmpd
+3517108066 251 ./etc/rc.d/spamd
+1872449312 383 ./etc/rc.d/spamlogd
+4120889130 125 ./etc/rc.d/sshd
+2477508236 148 ./etc/rc.d/statd
+1840352542 683 ./etc/rc.d/syslogd
+2752900909 135 ./etc/rc.d/watchdogd
+1017102124 147 ./etc/rc.d/wsmoused
+475019693 128 ./etc/rc.d/xdm
+1454977672 217 ./etc/rc.d/ypbind
+378041663 129 ./etc/rc.d/ypldap
+2137632492 684 ./etc/rc.d/yppasswdd
+3344039607 212 ./etc/rc.d/ypserv
+1321551014 298 ./etc/rc.local
639998969 635 ./etc/rc.securelevel
-3940915127 557 ./etc/rc.shutdown
-3253051455 2530 ./etc/relayd.conf
-75412510 1887 ./etc/remote
+4048415435 346 ./etc/rc.shutdown
+1363152004 2618 ./etc/relayd.conf
+2055517336 1882 ./etc/remote
3052949533 272 ./etc/ripd.conf
-3778513600 10132 ./etc/rmt
+3726841241 10132 ./etc/rmt
1935202087 852 ./etc/rpc
4271262874 403 ./etc/sasyncd.conf
-2272953289 18717 ./etc/security
1815096265 1135 ./etc/sensorsd.conf
255659374 10143 ./etc/services
4011733011 258 ./etc/shells
@@ -117,25 +180,24 @@
4250547697 398 ./etc/skel/.login
2758166825 113 ./etc/skel/.mailrc
1242816164 218 ./etc/skel/.profile
-4294967295 0 ./etc/skel/.ssh
4294967295 0 ./etc/skel/.ssh/authorized_keys
1777800463 349 ./etc/sliphome/slip.hosts
2924136859 500 ./etc/sliphome/slip.login
3515895754 608 ./etc/snmpd.conf
3850897738 40960 ./etc/spwd.db
-4294967295 0 ./etc/ssh
2120219775 1555 ./etc/ssh/ssh_config
-2950094583 2560 ./etc/ssh/sshd_config
+1751492801 2719 ./etc/ssh/sshd_config
471002687 1598 ./etc/ssl/openssl.cnf
993424129 1005 ./etc/ssl/x509v3.cnf
2341528463 1354 ./etc/sudoers
-114370617 2789 ./etc/sysctl.conf
+111611641 2809 ./etc/sysctl.conf
1055529673 1530 ./etc/syslog.conf
1892516430 3246 ./etc/systrace/usr_sbin_lpd
1470207625 3531 ./etc/systrace/usr_sbin_named
2328247655 22998 ./etc/ttys
-373947323 1653 ./etc/weekly
+3915551415 1642 ./etc/weekly
4174102115 474 ./etc/wsconsctl.conf
+2792435811 1077 ./etc/ypldap.conf
3838912274 22 ./root/.Xdefaults
2524506263 578 ./root/.cshrc
1685996065 125 ./root/.klogin
@@ -161,14 +223,13 @@
4294967295 0 ./var/log/sendmail.st
4294967295 0 ./var/log/wtmp
4294967295 0 ./var/log/xferlog
-270223311 4546 ./var/mail/root
+3999719321 4546 ./var/mail/root
2245793152 1563 ./var/named/etc/named-dual.conf
1504362979 1351 ./var/named/etc/named-simple.conf
1504362979 1351 ./var/named/etc/named.conf
-1453147431 3056 ./var/named/etc/root.hint
+437437808 3110 ./var/named/etc/root.hint
4294967295 0 ./var/named/master
4294967295 0 ./var/named/slave
-4294967295 0 ./var/named/standard
1984377487 254 ./var/named/standard/localhost
3822975874 257 ./var/named/standard/loopback
1448486153 314 ./var/named/standard/loopback6.arpa
@@ -182,7 +243,6 @@
996429480 12965 ./var/www/conf/magic
406577318 16119 ./var/www/conf/mime.types
1923043049 2326 ./var/www/htdocs/apache_pb.gif
-4294967295 0 ./var/www/htdocs/bgplg
3954868337 376 ./var/www/htdocs/bgplg/index.html
4068849323 75238 ./var/www/htdocs/bgplg/openbgpd.gif
95417789 41318 ./var/www/htdocs/blowfish.jpg
diff -ur etc49/var/mail/root etc50/var/mail/root
--- etc49/var/mail/root Wed Mar 2 14:51:57 2011
+++ etc50/var/mail/root Wed Aug 17 17:51:02 2011
@@ -1,9 +1,9 @@
-From deraadt@do-not-reply.openbsd.org Sun May 1 07:47:47 MDT 2011
+From deraadt@do-not-reply.openbsd.org Tue Nov 1 07:47:47 MST 2011
Return-Path: root
-Date: May 1 07:47:47 MDT 2011
+Date: Nov 1 07:47:47 MST 2011
From: deraadt@do-not-reply.openbsd.org (Theo de Raadt)
To: root
-Subject: Welcome to OpenBSD 4.9!
+Subject: Welcome to OpenBSD 5.0!
This message attempts to describe the most basic initial questions that a
system administrator of an OpenBSD box might have. You are urged to save
@@ -27,13 +27,13 @@
Several popular binary packages (pre-compiled applications) are available
for most architectures. If you installed from a CD-ROM the packages
-are on the same CD-ROM you installed from in the directory 4.9/packages.
+are on the same CD-ROM you installed from in the directory 5.0/packages.
CD-ROM space permitted us to include a subset of the full FTP packages
for the most common architectures. Please see the FTP sites to see a
full list of packages for each architecture:
- ftp://ftp.openbsd.org/pub/OpenBSD/4.9/packages/
+ ftp://ftp.openbsd.org/pub/OpenBSD/5.0/packages/
If you do not find a package you want on the CD, please go look at your
nearest FTP mirror site.
@@ -41,9 +41,9 @@
Select your architecture and download the tarballs of your choice. For example
to install the emacs package for i386, execute:
# mount /dev/cd0a /cdrom
- # pkg_add -v /cdrom/4.9/packages/i386/emacs-22.3p6.tgz
+ # pkg_add -v /cdrom/5.0/packages/i386/emacs-22.3p6.tgz
or alternatively install them via FTP this way:
- # pkg_add -v ftp://ftp.openbsd.org/pub/OpenBSD/4.9/packages/i386/emacs-22.3p6.tgz
+ # pkg_add -v ftp://ftp.openbsd.org/pub/OpenBSD/5.0/packages/i386/emacs-22.3p6.tgz
Significant efforts were made to centralize all system configuration in the
/etc directory. You should be able to find each of the configuration files
diff -ur etc49/var/named/etc/root.hint etc50/var/named/etc/root.hint
--- etc49/var/named/etc/root.hint Wed Mar 2 14:51:50 2011
+++ etc50/var/named/etc/root.hint Wed Aug 17 17:50:54 2011
@@ -1,4 +1,4 @@
-; $OpenBSD: root.hint,v 1.8 2010/06/27 22:04:33 jakob Exp $
+; $OpenBSD: root.hint,v 1.9 2011/06/22 05:22:20 jakob Exp $
;
; This file holds the information on root name servers needed to
; initialize cache of Internet domain name servers
@@ -11,8 +11,8 @@
; on server FTP.INTERNIC.NET
; -OR- RS.INTERNIC.NET
;
-; last update: Jun 17, 2010
-; related version of root zone: 2010061700
+; last update: Jun 8, 2011
+; related version of root zone: 2011060800
;
; formerly NS.INTERNIC.NET
;
@@ -34,6 +34,7 @@
;
. 3600000 NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90
+D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2D::D
;
; FORMERLY NS.NASA.GOV
;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment