tedu
a0c81f7a45
explicit_bzero where useful
10 years ago
sthen
8b3ce8e88e
typo in errx() string
10 years ago
deraadt
36f63ef5a1
delete junk file
11 years ago
dtucker
65f45be470
Change the default PF policy to "block return", including x11 as
suggested by naddy@. This solves the problem that occurs when a
server crashes or is hard booted and comes back up without tearing
down any connections to it, and packets from these connections don't
match any existing state or rule and are silenty dropped.
ok phessler@ henning@ claudio@ dlg@
11 years ago
deraadt
fba32d740f
sort the SHA256 file
11 years ago
jmc
8d7315b175
add explicit_bzero to NAME;
11 years ago
tedu
2beb8f104d
add explicit_bzero to libc. implementation subject to change, but start
the ball rolling. ok deraadt.
11 years ago
benno
a6df84bdf5
allow -s<abrev> in addition to -s <word> in ntpctl commandline, like
all the other tools do. changes option 'sensors' to 'Sensors'.
ok henning@, and grudgingly phessler@
11 years ago
deraadt
425e578efb
Ouch... recommend arc4random, not random.
spotted by tedu
11 years ago
schwarze
fbd81370eb
obvious .Pa fixes; found with mandocdb(8)
11 years ago
schwarze
938b39d868
Fix an obvious .Fn/.Fa typo, found while testing mandocdb(8).
11 years ago
schwarze
7227c1c1df
Usually, you don't want macros in the .Nd line, so remove instances of .Tn
marking up words that are not trademarks (ASCII, I/O, NFS, TCP, TELNET).
While here, remove .Tn markup from the same words in the body
of these pages, too.
11 years ago
claudio
557ed03945
Extend the initial pf ruleset to explicitly allow dhcp / bootp and dhcpv6.
Our dhclient only uses the bpf tap for broadcast packets (which bypass
pf) but lease renewals will use a regular socket and are blocked without
this change. Rules are written so that accidential forwarding of packets
is not possible.
Diff from brad@, OK henning@, benno@, mikeb@
11 years ago
schwarze
e2b8a435dc
Punctuation after macro arguments needs to be in a separate argument.
Found while testing mandocdb(8).
11 years ago
jsing
3d91c77a21
Wrap long line.
11 years ago
matthieu
329bbe8924
Directories updates for freetype 2.5.2
11 years ago
deraadt
1265f289cb
crank to 5.5beta
11 years ago
naddy
7d2108902b
test pkg key for during the 5.5-beta sequence
11 years ago
sthen
d781d60935
test fw key for during the 5.5-beta sequence
11 years ago
deraadt
b1e59af974
test key for during the 5.5-beta sequence
11 years ago
deraadt
5d614be5df
improve ntpctl usage so that the manual page does not need to be read
every time
ok jmc
11 years ago
sthen
b3d2446dc5
Remove unnecessary rc_post from rc.d/nsd.
It was there to try and ensure that failure was reported if nsd stopped
shortly after startup (as it used to do if the address was in use, etc),
but this is no longer the case with nsd 4 which returns a failure at
startup in these cases, and having it there breaks properly printing
"(ok)" when stopping.
11 years ago
deraadt
53af3f8c5b
be a bit more careful
11 years ago
deraadt
0324a077ed
be forceful with removing the SHA256 file
11 years ago
deraadt
30e829acf5
a new key. Once again, this is still testing time.
11 years ago
brad
6d3f6e9755
Add DHCPv6.
ok deraadt@
11 years ago
sthen
00ae7ec924
Install our third key. NOTE that this is a TEST KEY for use as we improve
our processes.
requested by espie@
11 years ago
deraadt
be34e24419
remove the SHA256 file as soon as we start creating sets
11 years ago
espie
a6175a019b
Install our second key. NOTE that this is a TEST KEY for use as we improve
our processes.
prodded by deraadt@
11 years ago
deraadt
c9d82279a9
install signify keys
11 years ago
deraadt
5c507bd686
Install our first key. NOTE that this is a TEST KEY for use as we improve
our processes.
ok tedu
11 years ago
deraadt
fbc6865216
create the /etc/signify directory
11 years ago
guenther
c42f7865bd
Delete struct definitions that have been obsolete for a dozen years
ok deraadt@
11 years ago
tedu
9bdaa18357
calling HashFinal with a null digest should crash, not be silently ignored
11 years ago
deraadt
b66e338b72
rename SHA256_ONLY to SHA2_SMALL; changing things so that sha512 support
is also pulled in
11 years ago
miod
7c529b2bed
Rework the setup of the bootable installation cd-rom (installXX.iso) to
contain both a 2048-byte sector ffs filesystem, and a 512-byte volume header,
so that the IP27 boot magic^Wuglyness recently added to the boot-only cd-rom
(cdXX.iso) can be applied as well.
The full-blown installation iso can now boot on IP27/28/30/32/35.
11 years ago
deraadt
0b406e5e6e
sync
11 years ago
deraadt
5e880e25b6
We need /dev/random on the install media
discussed with rpe and halex
11 years ago
millert
05f4462266
Use kern.securelevel to determine whether or not we are in single
user mode now that init no longer raises securelevel during reboot.
OK deraadt@
11 years ago
kettenis
b612c6c4a1
Move atexit(3) into crtbegin.c and certbeginS.c such that we can pass the
right __dso_handle and have dlopen'ed shared objects run their atexit handlers
when they get unloaded. This is what Linux does, and several ports depend on
this behaviour (and will crash upon exit without this chang).
Based on an earlier diff from matthew@
Tested by ajacoutot@
ok deraadt@
11 years ago
martynas
9af00b1d73
Annotate a few more bounded functions: realpath(3) needs a buffer
of size at least PATH_MAX. pread(2), pwrite(2) and readlinkat(2)
also take the buffer and the bound. OK theo.
11 years ago
deraadt
a137f8a971
document a hack we want fixed later
11 years ago
rpe
998abefe00
- add chmod of seedfile in /etc
- use its return code for single/multiuser detection
ok deraadt
11 years ago
rpe
3617ad469e
re-use random_seed in shutdown section
ok deraadt
11 years ago
deraadt
e5be49c8bf
create a seed file for the bootloader in /etc/random.seed
11 years ago
deraadt
3722093477
nest random_seed() contents into a single redirection
idea from rpe
11 years ago
deraadt
c4a6c88868
re-do shutdown operations. Run the scripts if we may; take down carp
unconditionally, and then do the optional powerdown
discussed at length with rpe
11 years ago
deraadt
dd546f8037
/stand has not been used in decades
ok miod
11 years ago
deraadt
278b68e64a
when forcing a re-key, might as well toss in dmesg as additional seed
material
11 years ago
deraadt
9cfb3c5807
all the random devices have been the same for a while; so let us avoid
being obtuse and use /dev/random
11 years ago