Skip to content

Instantly share code, notes, and snippets.

@zeszyt

zeszyt/etc-48-49.diff

Created December 5, 2011 00:48
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save zeszyt/1431822 to your computer and use it in GitHub Desktop.
Save zeszyt/1431822 to your computer and use it in GitHub Desktop.
Download ZIP
OpenBSD etc 4.8 -> 4.9
Raw
etc-48-49.diff
diff -ur etc48/.profile etc49/.profile
--- etc48/.profile Mon Aug 16 16:46:51 2010
+++ etc49/.profile Wed Mar 2 14:51:50 2011
@@ -1,4 +1,4 @@
-# $OpenBSD: dot.profile,v 1.8 2009/05/06 22:02:05 millert Exp $
+# $OpenBSD: dot.profile,v 1.9 2010/12/13 12:54:31 millert Exp $
#
# sh/ksh initialization
@@ -8,10 +8,14 @@
export HOME
umask 022
-if [ -x /usr/bin/tset ]; then
- if [ X"$XTERM_VERSION" = X"" ]; then
- eval `/usr/bin/tset -sQ '-munknown:?vt220' $TERM`
- else
- eval `/usr/bin/tset -IsQ '-munknown:?vt220' $TERM`
+case "$-" in
+*i*) # interactive shell
+ if [ -x /usr/bin/tset ]; then
+ if [ X"$XTERM_VERSION" = X"" ]; then
+ eval `/usr/bin/tset -sQ '-munknown:?vt220' $TERM`
+ else
+ eval `/usr/bin/tset -IsQ '-munknown:?vt220' $TERM`
+ fi
fi
-fi
+ ;;
+esac
diff -ur etc48/etc/bgpd.conf etc49/etc/bgpd.conf
--- etc48/etc/bgpd.conf Mon Aug 16 16:46:49 2010
+++ etc49/etc/bgpd.conf Wed Mar 2 14:51:50 2011
@@ -1,4 +1,4 @@
-# $OpenBSD: bgpd.conf,v 1.9 2009/11/20 19:51:05 claudio Exp $
+# $OpenBSD: bgpd.conf,v 1.12 2011/01/19 07:36:40 claudio Exp $
# sample bgpd configuration file
# see bgpd.conf(5)
@@ -18,6 +18,9 @@
# log updates
# network 10.0.1.0/24
+# restricted socket for bgplg(8)
+# socket "/var/www/logs/bgpd.rsock" restricted
+
# neighbors and peers
group "peering AS65002" {
remote-as 65002
@@ -74,18 +77,36 @@
aes 4e0f2f1b5c4e3c0d0e2f2d3b8c5c8f0b
}
-# filter out prefixes longer than 24 or shorter than 8 bits
+# filter out prefixes longer than 24 or shorter than 8 bits for IPv4
+# and longer than 48 or shorter than 16 bits for IPv6.
deny from any
allow from any inet prefixlen 8 - 24
+allow from any inet6 prefixlen 16 - 48
# accept a default route (since the previous rule blocks this)
#allow from any prefix 0.0.0.0/0
-# filter bogus networks
+# filter bogus networks according to RFC5735
+deny from any prefix 0.0.0.0/8 prefixlen >= 8
deny from any prefix 10.0.0.0/8 prefixlen >= 8
-deny from any prefix 172.16.0.0/12 prefixlen >= 12
-deny from any prefix 192.168.0.0/16 prefixlen >= 16
+deny from any prefix 127.0.0.0/8 prefixlen >= 8
deny from any prefix 169.254.0.0/16 prefixlen >= 16
+deny from any prefix 172.16.0.0/12 prefixlen >= 12
deny from any prefix 192.0.2.0/24 prefixlen >= 24
+deny from any prefix 192.168.0.0/16 prefixlen >= 16
+deny from any prefix 198.18.0.0/15 prefixlen >= 15
+deny from any prefix 198.51.100.0/24 prefixlen >= 24
+deny from any prefix 203.0.113.0/24 prefixlen >= 24
deny from any prefix 224.0.0.0/4 prefixlen >= 4
deny from any prefix 240.0.0.0/4 prefixlen >= 4
+
+# filter bogus IPv6 networks according to IANA
+deny from any prefix ::/8 prefixlen >= 8
+deny from any prefix 2001:2::/48 prefixlen >= 48 # BMWG [RFC5180]
+deny from any prefix 2001:10::/28 prefixlen >= 28 # ORCHID [RFC4843]
+deny from any prefix 2001:db8::/32 prefixlen >= 32 # docu range [RFC3849]
+deny from any prefix 3ffe::/16 prefixlen >= 16 # old 6bone
+deny from any prefix fc00::/7 prefixlen >= 7 # unique local unicast
+deny from any prefix fe80::/10 prefixlen >= 10 # link local unicast
+deny from any prefix fec0::/10 prefixlen >= 10 # old site local unicast
+deny from any prefix ff00::/8 prefixlen >= 8 # multicast
diff -ur etc48/etc/changelist etc49/etc/changelist
--- etc48/etc/changelist Mon Aug 16 16:46:48 2010
+++ etc49/etc/changelist Wed Mar 2 14:51:49 2011
@@ -1,4 +1,4 @@
-# $OpenBSD: changelist,v 1.68 2010/06/29 17:17:53 nicm Exp $
+# $OpenBSD: changelist,v 1.71 2011/01/19 18:34:58 david Exp $
#
# List of files which the security script backs up and checks
# for modifications.
@@ -38,7 +38,6 @@
/etc/gettytab
/etc/group
/etc/hostapd.conf
-/etc/relayd.conf
/etc/hosts
/etc/hosts.allow
/etc/hosts.deny
@@ -48,9 +47,12 @@
+/etc/iked.conf
/etc/inetd.conf
+/etc/ipsec.conf
-+/etc/isakmpd/private/local.key
++/etc/isakmpd/isakmpd.conf
++/etc/isakmpd/isakmpd.policy
/etc/isakmpd/local.pub
++/etc/isakmpd/private/local.key
/etc/ksh.kshrc
+/etc/ldapd.conf
/etc/ldpd.conf
/etc/locate.rc
/etc/login.conf
@@ -91,12 +93,14 @@
/etc/netstart
/etc/networks
/etc/newsyslog.conf
+/etc/nsd.conf
/etc/ntpd.conf
-/etc/ospfd.conf
/etc/ospf6d.conf
+/etc/ospfd.conf
/etc/passwd
/etc/pf.conf
/etc/pf.os
+/etc/pkg.conf
/etc/portal.conf
/etc/printcap
/etc/profile
@@ -106,15 +110,17 @@
/etc/rc
/etc/rc.conf
/etc/rc.conf.local
+/etc/rc.d/rc.subr
/etc/rc.local
/etc/rc.securelevel
/etc/rc.shutdown
+/etc/relayd.conf
/etc/remote
/etc/resolv.conf
/etc/resolv.conf.tail
+/etc/ripd.conf
+/etc/rndc.key
/etc/rpc
-/etc/ripd.conf
/etc/rtadvd.conf
/etc/sasyncd.conf
/etc/security
@@ -129,6 +135,8 @@
/etc/ssh/ssh_config
+/etc/ssh/ssh_host_dsa_key
/etc/ssh/ssh_host_dsa_key.pub
++/etc/ssh/ssh_host_ecdsa_key
+/etc/ssh/ssh_host_ecdsa_key.pub
+/etc/ssh/ssh_host_key
/etc/ssh/ssh_host_key.pub
+/etc/ssh/ssh_host_rsa_key
@@ -145,6 +153,8 @@
/etc/weekly
/etc/weekly.local
/etc/wsconsctl.conf
+/etc/ypldap.conf
+/root/.Xdefaults
/root/.cshrc
/root/.klogin
/root/.login
diff -ur etc48/etc/daily etc49/etc/daily
--- etc48/etc/daily Mon Aug 16 16:46:48 2010
+++ etc49/etc/daily Wed Mar 2 14:51:49 2011
@@ -1,5 +1,5 @@
#
-# $OpenBSD: daily,v 1.67 2010/07/25 08:49:03 espie Exp $
+# $OpenBSD: daily,v 1.68 2010/09/22 13:01:10 deraadt Exp $
# From: @(#)daily 8.2 (Berkeley) 1/25/94
#
# For local additions, create the file /etc/daily.local.
@@ -78,10 +78,6 @@
if [ -d /var/rwho -a ! -L /var/rwho ] ; then
cd /var/rwho && {
find . ! -name . -mtime +7 -execdir rm -f -- {} \; ; }
-fi
-
-if [ -d /var/msgs -a ! -L /var/msgs ]; then
- msgs -c
fi
next_part "Purging accounting records:"
diff -ur etc48/etc/disktab etc49/etc/disktab
--- etc48/etc/disktab Mon Aug 16 16:46:49 2010
+++ etc49/etc/disktab Wed Mar 2 14:51:49 2011
@@ -1,4 +1,4 @@
-# $OpenBSD: disktab,v 1.20 2010/07/02 20:33:54 tedu Exp $
+# $OpenBSD: disktab,v 1.21 2010/10/19 20:23:53 deraadt Exp $
floppy288|3in|3.5in High Density Floppy, 2.88MB:\
:dt=floppy:ty=floppy:se#512:nt#2:rm#300:ns#36:nc#80:\
@@ -20,6 +20,6 @@
rdroot|ramdiskroot|RAM-disk root FS image:\
:ty=ramdisk:se#512:nt#2:ns#128:nc#16:\
- :pa#3800:oa#0:ta=4.2BSD:ba#4096:fa#512:\
+ :pa#3872:oa#0:ta=4.2BSD:ba#4096:fa#512:\
:pb#0:ob#0:tb=swap:\
- :pc#3800:oc#0:
+ :pc#3872:oc#0:
diff -ur etc48/etc/ldap/core.schema etc49/etc/ldap/core.schema
--- etc48/etc/ldap/core.schema Mon Aug 16 16:46:57 2010
+++ etc49/etc/ldap/core.schema Wed Mar 2 14:51:55 2011
@@ -635,14 +635,14 @@
################ rfc3045
attributetype ( 1.3.6.1.1.4 NAME 'vendorName'
- EQUALITY 1.3.6.1.4.1.1466.109.114.1
+ EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
NO-USER-MODIFICATION
USAGE dSAOperation )
attributetype ( 1.3.6.1.1.5 NAME 'vendorVersion'
- EQUALITY 1.3.6.1.4.1.1466.109.114.1
+ EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
NO-USER-MODIFICATION
diff -ur etc48/etc/login.conf etc49/etc/login.conf
--- etc48/etc/login.conf Mon Aug 16 16:46:49 2010
+++ etc49/etc/login.conf Wed Mar 2 14:51:50 2011
@@ -1,4 +1,4 @@
-# $OpenBSD: login.conf.in,v 1.2 2007/01/09 10:20:12 millert Exp $
+# $OpenBSD: login.conf.in,v 1.3 2010/12/17 05:33:06 tedu Exp $
#
# Sample login.conf file. See login.conf(5) for details.
diff -ur etc48/etc/mail/aliases etc49/etc/mail/aliases
--- etc48/etc/mail/aliases Mon Aug 16 16:46:57 2010
+++ etc49/etc/mail/aliases Wed Mar 2 14:51:55 2011
@@ -1,5 +1,5 @@
#
-# $OpenBSD: aliases,v 1.35 2010/06/03 20:32:36 reyk Exp $
+# $OpenBSD: aliases,v 1.36 2010/09/22 13:01:10 deraadt Exp $
#
# Aliases in this file will NOT be expanded in the header from
# Mail, but WILL be visible over networks or from /usr/libexec/mail.local.
@@ -84,6 +84,3 @@
# news: usenet
# webmaster: root
# ftp: root
-
-# uncomment this for msgs:
-# msgs: "|/usr/bin/msgs -s"
diff -ur etc48/etc/mail/localhost.cf etc49/etc/mail/localhost.cf
--- etc48/etc/mail/localhost.cf Mon Aug 16 16:46:53 2010
+++ etc49/etc/mail/localhost.cf Wed Mar 2 14:51:51 2011
@@ -16,7 +16,7 @@
#####
##### SENDMAIL CONFIGURATION FILE
#####
-##### built by root@i386.openbsd.org on Wed Aug 11 09:49:09 MDT 2010
+##### built by root@i386.openbsd.org on Tue Mar 1 08:52:00 MST 2011
##### in /usr/src/gnu/usr.sbin/sendmail/cf/cf
##### using /usr/src/gnu/usr.sbin/sendmail/cf/cf/../ as configuration include directory
#####
diff -ur etc48/etc/mail/sendmail.cf etc49/etc/mail/sendmail.cf
--- etc48/etc/mail/sendmail.cf Mon Aug 16 16:46:53 2010
+++ etc49/etc/mail/sendmail.cf Wed Mar 2 14:51:51 2011
@@ -16,7 +16,7 @@
#####
##### SENDMAIL CONFIGURATION FILE
#####
-##### built by root@i386.openbsd.org on Wed Aug 11 09:49:09 MDT 2010
+##### built by root@i386.openbsd.org on Tue Mar 1 08:52:00 MST 2011
##### in /usr/src/gnu/usr.sbin/sendmail/cf/cf
##### using /usr/src/gnu/usr.sbin/sendmail/cf/cf/../ as configuration include directory
#####
diff -ur etc48/etc/mail/submit.cf etc49/etc/mail/submit.cf
--- etc48/etc/mail/submit.cf Mon Aug 16 16:46:53 2010
+++ etc49/etc/mail/submit.cf Wed Mar 2 14:51:51 2011
@@ -16,7 +16,7 @@
#####
##### SENDMAIL CONFIGURATION FILE
#####
-##### built by root@i386.openbsd.org on Wed Aug 11 09:49:08 MDT 2010
+##### built by root@i386.openbsd.org on Tue Mar 1 08:52:00 MST 2011
##### in /usr/src/gnu/usr.sbin/sendmail/cf/cf
##### using /usr/src/gnu/usr.sbin/sendmail/cf/cf/../ as configuration include directory
#####
diff -ur etc48/etc/man.conf etc49/etc/man.conf
--- etc48/etc/man.conf Mon Aug 16 16:46:48 2010
+++ etc49/etc/man.conf Wed Mar 2 14:51:49 2011
@@ -1,4 +1,4 @@
-# $OpenBSD: man.conf,v 1.15 2010/04/09 19:07:30 naddy Exp $
+# $OpenBSD: man.conf,v 1.16 2010/10/19 20:05:52 schwarze Exp $
# Sheer, raging paranoia...
_version BSD.2
@@ -16,17 +16,15 @@
_suffix .0
_build .0.Z /usr/bin/zcat %s
_build .0.gz /usr/bin/gzcat %s
-_build .[1-9n] /usr/bin/nroff -Tascii -man %s
-_build .[1-9n].Z /usr/bin/zcat %s | /usr/bin/nroff -Tascii -man
-_build .[1-9n].gz /usr/bin/gzcat %s | /usr/bin/nroff -Tascii -man
-_build .[1-9][a-z] /usr/bin/nroff -Tascii -man %s
-_build .[1-9][a-z].Z /usr/bin/zcat %s | /usr/bin/nroff -Tascii -man
-_build .[1-9][a-z].gz /usr/bin/gzcat %s | /usr/bin/nroff -Tascii -man
-_build .tbl /usr/bin/tbl %s | /usr/bin/nroff -Tascii -man
-_build .tbl.Z /usr/bin/zcat %s | /usr/bin/tbl | /usr/bin/nroff -Tascii -man
-_build .tbl.gz /usr/bin/gzcat %s | /usr/bin/tbl | /usr/bin/nroff -Tascii -man
-_build .me /usr/bin/nroff -Tascii -me %s 2>/dev/null | cat -s
-_build .ms /usr/bin/nroff -Tascii -ms %s 2>/dev/null | cat -s
+_build .[1-9n] /usr/bin/mandoc %s
+_build .[1-9n].Z /usr/bin/zcat %s | /usr/bin/mandoc
+_build .[1-9n].gz /usr/bin/gzcat %s | /usr/bin/mandoc
+_build .[1-9][a-z] /usr/bin/mandoc %s
+_build .[1-9][a-z].Z /usr/bin/zcat %s | /usr/bin/mandoc
+_build .[1-9][a-z].gz /usr/bin/gzcat %s | /usr/bin/mandoc
+_build .tbl /usr/bin/mandoc %s
+_build .tbl.Z /usr/bin/zcat %s | /usr/bin/mandoc
+_build .tbl.gz /usr/bin/gzcat %s | /usr/bin/mandoc
# Sections and their directories.
# All paths ending in '/' are the equivalent of entries specifying that
diff -ur etc48/etc/monthly etc49/etc/monthly
--- etc48/etc/monthly Mon Aug 16 16:46:48 2010
+++ etc49/etc/monthly Wed Mar 2 14:51:49 2011
@@ -1,5 +1,5 @@
#
-# $OpenBSD: monthly,v 1.12 2009/05/25 21:31:24 schwarze Exp $
+# $OpenBSD: monthly,v 1.13 2011/01/19 06:18:05 david Exp $
#
# For local additions, create the file /etc/monthly.local.
# To get section headers, use the function next_part in monthly.local.
@@ -45,5 +45,5 @@
end_part
rm -f $PARTOUT
-
+
[ -s $MAINOUT ] && mail -s "`hostname` monthly output" root < $MAINOUT
diff -ur etc48/etc/netstart etc49/etc/netstart
--- etc48/etc/netstart Mon Aug 16 16:46:48 2010
+++ etc49/etc/netstart Wed Mar 2 14:51:49 2011
@@ -1,6 +1,6 @@
#!/bin/sh -
#
-# $OpenBSD: netstart,v 1.130 2010/06/16 23:45:57 todd Exp $
+# $OpenBSD: netstart,v 1.131 2011/02/09 17:22:06 sobrado Exp $
# Strip comments (and leading/trailing whitespace if IFS is set)
# from a file and spew to stdout
@@ -201,8 +201,8 @@
domainname `stripcom /etc/defaultdomain`
fi
-# Set the address for the loopback interface. Bringing the
-# interface up, automatically invokes the IPv6 address ::1)
+# Set the address for the loopback interface. Bringing the interface up,
+# automatically invokes the IPv6 address ::1.
ifconfig lo0 inet 127.0.0.1/8
if ifconfig lo0 inet6 >/dev/null 2>&1; then
Only in etc49/etc: nsd.conf
diff -ur etc48/etc/pf.os etc49/etc/pf.os
--- etc48/etc/pf.os Mon Aug 16 16:46:49 2010
+++ etc49/etc/pf.os Wed Mar 2 14:51:50 2011
@@ -1,4 +1,4 @@
-# $OpenBSD: pf.os,v 1.22 2009/08/08 09:24:51 deraadt Exp $
+# $OpenBSD: pf.os,v 1.25 2010/10/18 15:55:27 deraadt Exp $
# passive OS fingerprinting
# -------------------------
#
@@ -298,12 +298,15 @@
# ----------------- OpenBSD -----------------
16384:64:0:60:M*,N,W0,N,N,T: OpenBSD:2.6::NetBSD 1.3 (or OpenBSD 2.6)
-16384:64:1:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.0-4.0::OpenBSD 3.0-4.0
-16384:64:0:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.0-4.0:no-df:OpenBSD 3.0-4.0 (scrub no-df)
+16384:64:1:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.0-4.8::OpenBSD 3.0-4.8
+16384:64:0:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.0-4.8:no-df:OpenBSD 3.0-4.8 (scrub no-df)
57344:64:1:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.3-4.0::OpenBSD 3.3-4.0
57344:64:0:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.3-4.0:no-df:OpenBSD 3.3-4.0 (scrub no-df)
65535:64:1:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.0-4.0:opera:OpenBSD 3.0-4.0 (Opera)
+
+16384:64:1:64:M*,N,N,S,N,W3,N,N,T: OpenBSD:4.9::OpenBSD 4.9
+16384:64:0:64:M*,N,N,S,N,W3,N,N,T: OpenBSD:4.9:no-df:OpenBSD 4.9 (scrub no-df)
# ----------------- Solaris -----------------
diff -ur etc48/etc/rc etc49/etc/rc
--- etc48/etc/rc Mon Aug 16 16:46:48 2010
+++ etc49/etc/rc Wed Mar 2 14:51:49 2011
@@ -1,4 +1,4 @@
-# $OpenBSD: rc,v 1.340 2010/07/27 08:37:33 martinh Exp $
+# $OpenBSD: rc,v 1.348 2011/01/14 00:05:42 deraadt Exp $
# System startup script run by init on autoboot
# or after single-user.
@@ -102,14 +102,12 @@
random_seed()
{
if [ -f /var/db/host.random -a "X$random_seed_done" = "X" ]; then
- dd if=/var/db/host.random of=/dev/urandom bs=1024 count=64 \
+ dd if=/var/db/host.random of=/dev/arandom bs=65536 count=1 \
> /dev/null 2>&1
- dd if=/var/db/host.random of=/dev/arandom bs=1024 count=64 \
- > /dev/null 2>&1
# reset seed file, so that if a shutdown-less reboot occurs,
# the next seed is not a repeat
- dd if=/dev/urandom of=/var/db/host.random bs=1024 count=64 \
+ dd if=/dev/arandom of=/var/db/host.random bs=65536 count=1 \
> /dev/null 2>&1
random_seed_done=1
@@ -157,8 +155,11 @@
PATH=/sbin:/bin:/usr/sbin:/usr/bin
export PATH
+# pick up option configuration
+. /etc/rc.conf
+
if [ X"$1" = X"shutdown" ]; then
- dd if=/dev/urandom of=/var/db/host.random bs=1024 count=64 >/dev/null 2>&1
+ dd if=/dev/arandom of=/var/db/host.random bs=65536 count=1 >/dev/null 2>&1
chmod 600 /var/db/host.random >/dev/null 2>&1
if [ $? -eq 0 -a -f /etc/rc.shutdown ]; then
echo /etc/rc.shutdown in progress...
@@ -244,9 +245,6 @@
random_seed
-# pick up option configuration
-. /etc/rc.conf
-
# set flags on ttys. (do early, in case they use tty for SLIP in netstart)
echo 'setting tty flags'
ttyflags -a
@@ -296,6 +294,7 @@
touch /etc/resolv.conf
fi
. /etc/netstart
+echo rekey > /dev/arandom # any write triggers an RC4 rekey
if [ X"${pf}" != X"NO" ]; then
if [ -f ${pf_rules} ]; then
@@ -310,9 +309,9 @@
mount -s /usr >/dev/null 2>&1
mount -s /var >/dev/null 2>&1
-# if there's no /var/db/host.random, make one through /dev/urandom
+# if there's no /var/db/host.random, use /dev/arandom to create one
if [ ! -f /var/db/host.random ]; then
- dd if=/dev/urandom of=/var/db/host.random bs=1024 count=64 \
+ dd if=/dev/arandom of=/var/db/host.random bs=65536 count=1 \
>/dev/null 2>&1
chmod 600 /var/db/host.random >/dev/null 2>&1
else
@@ -340,6 +339,10 @@
rm -f /var/named/dev/log
syslogd_flags="${syslogd_flags} -a /var/named/dev/log"
fi
+if [ X"${nsd_flags}" != X"NO" ]; then
+ rm -f /var/nsd/dev/log
+ syslogd_flags="${syslogd_flags} -a /var/nsd/dev/log"
+fi
if [ -d /var/empty ]; then
rm -f /var/empty/dev/log
mkdir -p -m 0555 /var/empty/dev
@@ -371,6 +374,10 @@
echo 'starting named'; named $named_flags
fi
+if [ X"${nsd_flags}" != X"NO" ]; then
+ echo 'starting nsd'; nsd $nsd_flags
+fi
+
if [ ! -f /etc/isakmpd/private/local.key ]; then
echo -n "openssl: generating new isakmpd/iked RSA key... "
if /usr/sbin/openssl genrsa -out /etc/isakmpd/private/local.key 2048 \
@@ -607,6 +614,14 @@
echo failed.
fi
fi
+if [ ! -f /etc/ssh/ssh_host_ecdsa_key ]; then
+ echo -n "ssh-keygen: generating new ECDSA host key... "
+ if /usr/bin/ssh-keygen -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N ''; then
+ echo done.
+ else
+ echo failed.
+ fi
+fi
if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then
echo -n "ssh-keygen: generating new RSA host key... "
if /usr/bin/ssh-keygen -q -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''; then
@@ -627,7 +642,7 @@
echo -n starting network daemons:
if [ X"${sshd_flags}" != X"NO" ]; then
- echo -n ' sshd'; /usr/sbin/sshd ${sshd_flags};
+ echo -n ' sshd'; /usr/sbin/sshd ${sshd_flags}
fi
if [ X"${snmpd_flags}" != X"NO" ]; then
@@ -699,7 +714,7 @@
fi
if [ X"${hostapd_flags}" != X"NO" ]; then
- echo -n ' hostapd'; /usr/sbin/hostapd ${hostapd_flags};
+ echo -n ' hostapd'; /usr/sbin/hostapd ${hostapd_flags}
fi
if [ X"${bt}" != X"NO" ]; then
@@ -719,7 +734,7 @@
fi
if [ X"${ldapd_flags}" != X"NO" ]; then
- echo -n ' ldapd'; /usr/sbin/ldapd ${ldapd_flags};
+ echo -n ' ldapd'; /usr/sbin/ldapd ${ldapd_flags}
fi
# We call sendmail with a full path so that SIGHUP works.
@@ -809,7 +824,7 @@
# If rc.firstime exists, run it just once, and make sure it is deleted
if [ -f /etc/rc.firsttime ]; then
mv /etc/rc.firsttime /etc/rc.firsttime.run
- . /etc/rc.firsttime.run 2>&1 | mail -s 'rc.firsttime output' root
+ . /etc/rc.firsttime.run 2>&1 | mail -s 'rc.firsttime output' root >/dev/null
fi
rm -f /etc/rc.firsttime.run
diff -ur etc48/etc/rc.conf etc49/etc/rc.conf
--- etc48/etc/rc.conf Mon Aug 16 16:46:49 2010
+++ etc49/etc/rc.conf Wed Mar 2 14:51:49 2011
@@ -1,6 +1,6 @@
#!/bin/sh -
#
-# $OpenBSD: rc.conf,v 1.139 2010/07/29 13:55:48 jmc Exp $
+# $OpenBSD: rc.conf,v 1.141 2011/02/12 11:21:01 ajacoutot Exp $
# set these to "NO" to turn them off. otherwise, they're used as flags
ldpd_flags=NO # for normal use: ""
@@ -16,6 +16,7 @@
rbootd_flags=NO # for normal use: ""
sshd_flags="" # for normal use: ""
named_flags=NO # for normal use: ""
+nsd_flags=NO # for normal use: ""
rdate_flags=NO # for normal use: [RFC868-host] or [-n RFC2030-host]
timed_flags=NO # for normal use: ""
ldattach_flags=NO # for normal use: "[options] linedisc cua-device"
@@ -105,6 +106,10 @@
afsd_flags= # Flags passed to afsd
shlib_dirs= # extra directories for ldconfig, separated
# by space
+
+# rc.d(8) daemons scripts
+# started in the specified order and stopped in reverse order
+rc_scripts=
local_rcconf="/etc/rc.conf.local"
diff -ur etc48/etc/rc.local etc49/etc/rc.local
--- etc48/etc/rc.local Mon Aug 16 16:46:49 2010
+++ etc49/etc/rc.local Wed Mar 2 14:51:49 2011
@@ -1,4 +1,4 @@
-# $OpenBSD: rc.local,v 1.39 2006/07/28 20:19:46 sturm Exp $
+# $OpenBSD: rc.local,v 1.41 2010/11/05 10:03:00 ajacoutot Exp $
# Site-specific startup actions, daemons, and other things which
# can be done AFTER your system goes into securemode. For actions
@@ -7,7 +7,10 @@
echo -n 'starting local daemons:'
+for _r in $rc_scripts; do
+ [ -x /etc/rc.d/${_r} ] && echo -n " ${_r}" && /etc/rc.d/${_r} start
+done
+
# Add your local startup actions here.
echo '.'
-
diff -ur etc48/etc/rc.shutdown etc49/etc/rc.shutdown
--- etc48/etc/rc.shutdown Mon Aug 16 16:46:49 2010
+++ etc49/etc/rc.shutdown Wed Mar 2 14:51:49 2011
@@ -1,4 +1,4 @@
-# $OpenBSD: rc.shutdown,v 1.7 2006/06/22 00:41:59 deraadt Exp $
+# $OpenBSD: rc.shutdown,v 1.10 2010/11/26 08:09:35 ajacoutot Exp $
#
# If it exists, this script is run at system-shutdown by reboot(8),
# halt(8). If the architecture supports keyboard requested halting,
@@ -7,6 +7,14 @@
powerdown=NO # set to YES for powerdown
-#
-# Your shell code goes here
-#
+echo -n 'stopping local daemons:'
+
+while [ -n "${rc_scripts}" ]; do
+ _r=${rc_scripts##* }
+ rc_scripts=${rc_scripts%%*( )${_r}}
+ [ -x /etc/rc.d/${_r} ] && echo -n " ${_r}" && /etc/rc.d/${_r} stop
+done
+
+# Add your local shutdown actions here.
+
+echo '.'
diff -ur etc48/etc/sensorsd.conf etc49/etc/sensorsd.conf
--- etc48/etc/sensorsd.conf Mon Aug 16 16:46:49 2010
+++ etc49/etc/sensorsd.conf Wed Mar 2 14:51:50 2011
@@ -1,4 +1,4 @@
-# $OpenBSD: sensorsd.conf,v 1.8 2007/08/14 19:02:02 cnst Exp $
+# $OpenBSD: sensorsd.conf,v 1.9 2011/01/19 06:18:05 david Exp $
#
# Sample sensorsd.conf file. See sensorsd.conf(5) for details.
@@ -28,8 +28,8 @@
#temp:high=70C
-# By default, sensorsd(8) reports status changes of all sensors that
-# keep their state. Uncomment the following lines if you want to
+# By default, sensorsd(8) reports status changes of all sensors that
+# keep their state. Uncomment the following lines if you want to
# suppress reports about status changes of specific sensor types.
#temp:istatus
diff -ur etc48/etc/services etc49/etc/services
--- etc48/etc/services Mon Aug 16 16:46:49 2010
+++ etc49/etc/services Wed Mar 2 14:51:49 2011
@@ -1,4 +1,4 @@
-# $OpenBSD: services,v 1.74 2010/05/25 13:00:00 claudio Exp $
+# $OpenBSD: services,v 1.75 2010/12/16 18:08:57 ajacoutot Exp $
#
# Network services, Internet style
#
@@ -251,6 +251,10 @@
sip 5060/tcp # SIP
sip 5060/udp # SIP
postgresql 5432/tcp # PostgreSQL
+zabbix-agent 10050/tcp # Zabbix Agent
+zabbix-agent 10050/udp # Zabbix Agent
+zabbix-trapper 10051/tcp # Zabbix Trapper
+zabbix-trapper 10051/udp # Zabbix Trapper
#
# AFS Services
#
diff -ur etc48/etc/ssh/sshd_config etc49/etc/ssh/sshd_config
--- etc48/etc/ssh/sshd_config Mon Aug 16 16:46:53 2010
+++ etc49/etc/ssh/sshd_config Wed Mar 2 14:51:51 2011
@@ -1,4 +1,4 @@
-# $OpenBSD: sshd_config,v 1.81 2009/10/08 14:03:41 markus Exp $
+# $OpenBSD: sshd_config,v 1.82 2010/09/06 17:10:19 naddy Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
@@ -21,6 +21,7 @@
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
+#HostKey /etc/ssh/ssh_host_ecdsa_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
diff -ur etc48/etc/sysctl.conf etc49/etc/sysctl.conf
--- etc48/etc/sysctl.conf Mon Aug 16 16:46:49 2010
+++ etc49/etc/sysctl.conf Wed Mar 2 14:51:50 2011
@@ -1,4 +1,4 @@
-# $OpenBSD: sysctl.conf,v 1.47 2009/06/09 11:52:54 sthen Exp $
+# $OpenBSD: sysctl.conf,v 1.49 2011/02/16 10:37:45 mikeb Exp $
#
# This file contains a list of sysctl options the user wants set at
# boot time. See sysctl(3) and sysctl(8) for more information on
@@ -22,14 +22,15 @@
#net.inet.etherip.allow=1 # 1=Enable the Ethernet-over-IP protocol
#net.inet.tcp.ecn=1 # 1=Enable the TCP ECN extension
#net.inet.carp.preempt=1 # 1=Enable carp(4) preemption
-#net.inet.carp.log=1 # 1=Enable logging of carp(4) packets
+#net.inet.carp.log=3 # log level of carp(4) info, default 2
#ddb.panic=0 # 0=Do not drop into ddb on a kernel panic
#ddb.console=1 # 1=Permit entry of ddb from the console
#fs.posix.setuid=0 # 0=Traditional BSD chown() semantics
#vm.swapencrypt.enable=0 # 0=Do not encrypt pages that go to swap
#vfs.nfs.iothreads=4 # Number of nfsio kernel threads
#net.inet.ip.mtudisc=0 # 0=Disable tcp mtu discovery
-#kern.usercrypto=0 # 0=Disable userland use of /dev/crypto
+#kern.usercrypto=1 # 1=Enable userland use of /dev/crypto
+#kern.userasymcrypto=1 # 1=Permit userland to do asymmetric crypto
#kern.splassert=2 # 2=Enable with verbose error messages
#kern.nosuidcoredump=2 # 2=Put suid coredumps in /var/crash
#kern.watchdog.period=32 # >0=Enable hardware watchdog(4) timer if available
diff -ur etc48/etc/weekly etc49/etc/weekly
--- etc48/etc/weekly Mon Aug 16 16:46:49 2010
+++ etc49/etc/weekly Wed Mar 2 14:51:49 2011
@@ -1,5 +1,5 @@
#
-# $OpenBSD: weekly,v 1.23 2009/05/25 21:31:24 schwarze Exp $
+# $OpenBSD: weekly,v 1.24 2011/01/19 06:18:05 david Exp $
#
# For local additions, create the file /etc/weekly.local.
# To get section headers, use the function next_part in weekly.local.
@@ -73,5 +73,5 @@
end_part
rm -f $PARTOUT
-
+
[ -s $MAINOUT ] && mail -s "`hostname` weekly output" root < $MAINOUT
diff -ur etc48/root/.profile etc49/root/.profile
--- etc48/root/.profile Mon Aug 16 16:46:51 2010
+++ etc49/root/.profile Wed Mar 2 14:51:50 2011
@@ -1,4 +1,4 @@
-# $OpenBSD: dot.profile,v 1.8 2009/05/06 22:02:05 millert Exp $
+# $OpenBSD: dot.profile,v 1.9 2010/12/13 12:54:31 millert Exp $
#
# sh/ksh initialization
@@ -8,10 +8,14 @@
export HOME
umask 022
-if [ -x /usr/bin/tset ]; then
- if [ X"$XTERM_VERSION" = X"" ]; then
- eval `/usr/bin/tset -sQ '-munknown:?vt220' $TERM`
- else
- eval `/usr/bin/tset -IsQ '-munknown:?vt220' $TERM`
+case "$-" in
+*i*) # interactive shell
+ if [ -x /usr/bin/tset ]; then
+ if [ X"$XTERM_VERSION" = X"" ]; then
+ eval `/usr/bin/tset -sQ '-munknown:?vt220' $TERM`
+ else
+ eval `/usr/bin/tset -IsQ '-munknown:?vt220' $TERM`
+ fi
fi
-fi
+ ;;
+esac
diff -ur etc48/var/db/sysmerge/etcsum etc49/var/db/sysmerge/etcsum
--- etc48/var/db/sysmerge/etcsum Mon Aug 16 16:55:30 2010
+++ etc49/var/db/sysmerge/etcsum Wed Mar 2 14:57:58 2011
@@ -1,22 +1,22 @@
2524506263 578 ./.cshrc
-1427350648 411 ./.profile
+2363117144 468 ./.profile
611379239 34615 ./etc/afs/CellServDB
4294967295 0 ./etc/afs/SuidCells
3980592904 12 ./etc/afs/ThisCell
1147551801 1637 ./etc/afs/afsd.conf
4131638920 15 ./etc/amd/master.sample
4294967295 0 ./etc/authpf
-2217676753 1955 ./etc/bgpd.conf
+4182151039 3038 ./etc/bgpd.conf
3876916992 185 ./etc/ccd.conf
-793243876 3127 ./etc/changelist
+3448035340 3341 ./etc/changelist
252594545 410 ./etc/chio.conf
1472356903 102 ./etc/csh.cshrc
2703696912 102 ./etc/csh.login
3431436583 104 ./etc/csh.logout
-3370947786 5332 ./etc/daily
+1728858655 5277 ./etc/daily
2378293123 591 ./etc/dhclient.conf
4136716515 733 ./etc/dhcpd.conf
-4153755677 787 ./etc/disktab
+3581520 790 ./etc/disktab
4294967295 0 ./etc/dumpdates
3022890455 215 ./etc/dvmrpd.conf
2099336431 235 ./etc/exports
@@ -39,54 +39,55 @@
1419656858 2381 ./etc/inetd.conf
4243353537 1122 ./etc/ipsec.conf
1378435518 4005 ./etc/ksh.kshrc
-3481018561 19682 ./etc/ldap/core.schema
+1239840989 19658 ./etc/ldap/core.schema
4128381391 2737 ./etc/ldap/inetorgperson.schema
2139975806 7443 ./etc/ldap/nis.schema
1003664992 360 ./etc/ldapd.conf
1669450874 301 ./etc/ldpd.conf
-1315038147 874 ./etc/localtime
+4063907622 2388 ./etc/localtime
1272061458 555 ./etc/locate.rc
-118646532 2245 ./etc/login.conf
+3897767250 2242 ./etc/login.conf
3718017018 143932 ./etc/lynx.cfg
4140050977 105 ./etc/mail.rc
180804272 2556 ./etc/mail/Makefile
2236616533 3388 ./etc/mail/README
761663012 275 ./etc/mail/access
2937419450 65536 ./etc/mail/access.db
-2239958834 1829 ./etc/mail/aliases
+1377801551 1776 ./etc/mail/aliases
2308671928 65536 ./etc/mail/aliases.db
2079996431 982 ./etc/mail/genericstable
2937419450 65536 ./etc/mail/genericstable.db
2054762348 5663 ./etc/mail/helpfile
987201812 466 ./etc/mail/local-host-names
-1768776918 40743 ./etc/mail/localhost.cf
+382135422 40742 ./etc/mail/localhost.cf
3116949394 562 ./etc/mail/mailertable
2937419450 65536 ./etc/mail/mailertable.db
1149556019 490 ./etc/mail/relay-domains
-2132050429 64506 ./etc/mail/sendmail.cf
+4292518303 64505 ./etc/mail/sendmail.cf
667510436 300 ./etc/mail/smtpd.conf
3479831541 1876 ./etc/mail/spamd.conf
-1289056739 41795 ./etc/mail/submit.cf
+1379803338 41794 ./etc/mail/submit.cf
942407207 561 ./etc/mail/trusted-users
780872591 621 ./etc/mail/virtusertable
2937419450 65536 ./etc/mail/virtusertable.db
233395827 424 ./etc/mailer.conf
-2074991023 2288 ./etc/man.conf
+408305320 2010 ./etc/man.conf
3970800728 3030 ./etc/master.passwd
3948491597 159160 ./etc/moduli
-686634897 938 ./etc/monthly
+1897395865 911 ./etc/monthly
1116441835 406 ./etc/motd
3992554006 1531 ./etc/mrouted.conf
1841534430 17 ./etc/myname
-1550044728 9788 ./etc/netstart
+3166902118 9791 ./etc/netstart
2935274938 203 ./etc/networks
968301387 754 ./etc/newsyslog.conf
+522072229 474 ./etc/nsd.conf
3066868024 493 ./etc/ntpd.conf
2444571113 467 ./etc/ospf6d.conf
4056398302 590 ./etc/ospfd.conf
1160083724 2770 ./etc/passwd
1588100705 1004 ./etc/pf.conf
-2300413469 28312 ./etc/pf.os
+1081783036 28452 ./etc/pf.os
1486162102 322 ./etc/portal.conf
2639296339 141 ./etc/ppp/chap-secrets
2633022360 22 ./etc/ppp/options
@@ -96,20 +97,20 @@
1129771337 5680 ./etc/protocols
3597021780 40960 ./etc/pwd.db
1686087193 344 ./etc/rbootd.conf
-3936635197 20397 ./etc/rc
-56307155 4435 ./etc/rc.conf
-1402807809 380 ./etc/rc.local
+3662757083 20802 ./etc/rc
+3512624051 4577 ./etc/rc.conf
+492396179 484 ./etc/rc.local
639998969 635 ./etc/rc.securelevel
-3684809617 335 ./etc/rc.shutdown
+3940915127 557 ./etc/rc.shutdown
3253051455 2530 ./etc/relayd.conf
75412510 1887 ./etc/remote
3052949533 272 ./etc/ripd.conf
-3131719434 10132 ./etc/rmt
+3778513600 10132 ./etc/rmt
1935202087 852 ./etc/rpc
4271262874 403 ./etc/sasyncd.conf
2272953289 18717 ./etc/security
-1223872336 1136 ./etc/sensorsd.conf
-2849697141 9973 ./etc/services
+1815096265 1135 ./etc/sensorsd.conf
+255659374 10143 ./etc/services
4011733011 258 ./etc/shells
3838912274 22 ./etc/skel/.Xdefaults
1301968229 773 ./etc/skel/.cshrc
@@ -124,22 +125,22 @@
3850897738 40960 ./etc/spwd.db
4294967295 0 ./etc/ssh
2120219775 1555 ./etc/ssh/ssh_config
-231289807 2524 ./etc/ssh/sshd_config
+2950094583 2560 ./etc/ssh/sshd_config
471002687 1598 ./etc/ssl/openssl.cnf
993424129 1005 ./etc/ssl/x509v3.cnf
2341528463 1354 ./etc/sudoers
-3071348488 2721 ./etc/sysctl.conf
+114370617 2789 ./etc/sysctl.conf
1055529673 1530 ./etc/syslog.conf
1892516430 3246 ./etc/systrace/usr_sbin_lpd
1470207625 3531 ./etc/systrace/usr_sbin_named
2328247655 22998 ./etc/ttys
-2776652567 1680 ./etc/weekly
+373947323 1653 ./etc/weekly
4174102115 474 ./etc/wsconsctl.conf
3838912274 22 ./root/.Xdefaults
2524506263 578 ./root/.cshrc
1685996065 125 ./root/.klogin
866798803 328 ./root/.login
-1427350648 411 ./root/.profile
+2363117144 468 ./root/.profile
3936545289 5 ./var/crash/minfree
4294967295 0 ./var/cron/at.deny
4294967295 0 ./var/cron/cron.deny
@@ -160,8 +161,7 @@
4294967295 0 ./var/log/sendmail.st
4294967295 0 ./var/log/wtmp
4294967295 0 ./var/log/xferlog
-2532119393 4546 ./var/mail/root
-4294967295 0 ./var/msgs/bounds
+270223311 4546 ./var/mail/root
2245793152 1563 ./var/named/etc/named-dual.conf
1504362979 1351 ./var/named/etc/named-simple.conf
1504362979 1351 ./var/named/etc/named.conf
@@ -180,7 +180,7 @@
2431191444 194 ./var/www/conf/bgplg.head
321454665 37749 ./var/www/conf/httpd.conf
996429480 12965 ./var/www/conf/magic
-2364632045 16103 ./var/www/conf/mime.types
+406577318 16119 ./var/www/conf/mime.types
1923043049 2326 ./var/www/htdocs/apache_pb.gif
4294967295 0 ./var/www/htdocs/bgplg
3954868337 376 ./var/www/htdocs/bgplg/index.html
diff -ur etc48/var/mail/root etc49/var/mail/root
--- etc48/var/mail/root Mon Aug 16 16:46:57 2010
+++ etc49/var/mail/root Wed Mar 2 14:51:57 2011
@@ -1,9 +1,9 @@
-From deraadt@do-not-reply.openbsd.org Wed Sep 1 07:47:47 MDT 2010
+From deraadt@do-not-reply.openbsd.org Sun May 1 07:47:47 MDT 2011
Return-Path: root
-Date: Sep 1 07:47:47 MDT 2010
+Date: May 1 07:47:47 MDT 2011
From: deraadt@do-not-reply.openbsd.org (Theo de Raadt)
To: root
-Subject: Welcome to OpenBSD 4.8!
+Subject: Welcome to OpenBSD 4.9!
This message attempts to describe the most basic initial questions that a
system administrator of an OpenBSD box might have. You are urged to save
@@ -27,13 +27,13 @@
Several popular binary packages (pre-compiled applications) are available
for most architectures. If you installed from a CD-ROM the packages
-are on the same CD-ROM you installed from in the directory 4.8/packages.
+are on the same CD-ROM you installed from in the directory 4.9/packages.
CD-ROM space permitted us to include a subset of the full FTP packages
for the most common architectures. Please see the FTP sites to see a
full list of packages for each architecture:
- ftp://ftp.openbsd.org/pub/OpenBSD/4.8/packages/
+ ftp://ftp.openbsd.org/pub/OpenBSD/4.9/packages/
If you do not find a package you want on the CD, please go look at your
nearest FTP mirror site.
@@ -41,9 +41,9 @@
Select your architecture and download the tarballs of your choice. For example
to install the emacs package for i386, execute:
# mount /dev/cd0a /cdrom
- # pkg_add -v /cdrom/4.8/packages/i386/emacs-22.3p6.tgz
+ # pkg_add -v /cdrom/4.9/packages/i386/emacs-22.3p6.tgz
or alternatively install them via FTP this way:
- # pkg_add -v ftp://ftp.openbsd.org/pub/OpenBSD/4.8/packages/i386/emacs-22.3p6.tgz
+ # pkg_add -v ftp://ftp.openbsd.org/pub/OpenBSD/4.9/packages/i386/emacs-22.3p6.tgz
Significant efforts were made to centralize all system configuration in the
/etc directory. You should be able to find each of the configuration files
Only in etc48/var: msgs
diff -ur etc48/var/www/conf/mime.types etc49/var/www/conf/mime.types
--- etc48/var/www/conf/mime.types Mon Aug 16 16:46:53 2010
+++ etc49/var/www/conf/mime.types Wed Mar 2 14:51:51 2011
@@ -13,7 +13,7 @@
application/andrew-inset ez
application/applefile
application/atomicmail
-application/atom+xml atom
+application/atom+xml atom
application/batch-smtp
application/beep+xml
application/cals-1840
@@ -75,6 +75,7 @@
application/reginfo+xml
application/remote-printing
application/riscos
+application/rss+xml rss
application/rtf
application/sdp
application/set-payment
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment