for the X protocol instead of port 6000 only; this way pf provides
the same protection level to all X servers.
ok sthen@; "I am convinced that 6000-6010 is acceptable for blocking
in pf" deraadt@, "i'd thought of something similar" oga@
changed with a sysctl, so note it in sysctl.conf. v6 needs further
testing following discussions on the tech mailing list; rainer@ points
out possible interactions with neighbour discovery which need to be
investigated first.
"go ahead on the v4 part" deraadt@
Currently the receiver fetches an imsg via imsg_get() and if he expects
an fd, he then calls imsg_get_fd() to fetch the next fd queued on the
imsgbuf from which the imsg came.
This changes hides the fd queueing mechanism to the API user. When closing
an imsg with an fd, the message is flagged so that the receiving end knows
it must dequeue the fd in imsg_get() and return it with the imsg structure.
This way there is no (less) possible screw up from imsg_get_fd() not being
called directly after imsg_get() by the user. The retreived imsg is
self-contained.
ok pyr@, "I like that" henning@
corrections more often. Due to physical effects crystal oscillators aren't
really stable beyond 1000s or so - at least not the kind found in pc's.
ok henning
offset. This avoids future frequency adjustments based on measurements of a
clock that was being adjusted. End result: more stable clock and better
frequency convergence.
Also, fix a mis-ordered structure member while I'm here.
ok henning
PF_UNSPEC queries are made. While there change the default from inet6
first then inet4 to inet4 first then inet6, this prevents the many
people with IPv4 only connectivity from constantly trying to contact
IPv6 addresses, and also unbreaks many ports who don't use getaddrinfo
right.
ok deraadt@, plenty of cheering in the room wrt the idea, not loud
enough complaining from the v6 crowd.
standard explicitly disallows passing setenv a name with a '=' in
it but historic BSD behavior is to allow this but to ignore the '='
and anything after it.
reply instead of doing it in ntpd itself by getting the time we read
from the socket. based on a diff from mickey hacked in shape by me,
lots of testing and review from ckuethe and sthen, theo and claudio like it
too
1) replace +%e by +%d, unescaped blanks don't work at all in file names
2) replace +%b by +%m to make log files sort better by month
3) replace the home-grown +%Y.%m.%d by the standard +%F (= +%Y-%m-%d)
from Tim van der Molen <tbvdm at xs4all dot nl>, thanks!
ok okan@
1) advertise *.local and next_part near the top of the three scripts
2) daily: mention smtpd(8) mailq behaviour (like for sendmail, postfix, exim)
3) weekly: drop a comment trivially rehashing the next two lines of code
documenting next_part in the scripts was suggested by jmc@
ok sthen@ okan@ halex@; "i won't object" ajacoutot@
useful for example for release(8) DESTDIRs, ro-mounted foreign OS
partitions, nosuid+nodev-mounted backup areas and the like
while here, do not call ls w/o args in case find returns nothing
based on a patch from halex@, re-implemented by me; variable naming by jmc@
ok halex@ jmc@
Do not attempt to copy a larger partition onto a smaller one.
Backup of non-ffs root partitions was never supported, so don't even try.
(Both of the above suggested by guenther@).
Also add error messages in case ROOTBACKUP is switched on but severely
misconfigured - those were silently ignored in the past:
/altroot not defined or wrong type or on the same device as root.
otto@ agrees that checking the sizes makes sense
error out.
Add a new user _rwalld for rpc.rwalld, and use that instead
of nobody, also unconditionally drop to _rwalld not only
if rpc.rwalld was started with euid 0 (as root).
ok deraadt@
i.e. rely on the PATH set up in the root crontab(5)
in case /usr/local/bin is needed, daily.local is a logical place to append it
suggested by ajacoutot@; "i like this" okan@; feedback jmc@ deraadt@;
"i don't strongly object" sthen@
rely on the PATH set up in the root crontab(5), just like in monthly(8)
suggested by ajacoutot@; "i like this" okan@; feedback jmc@ sthen@;
"absolutely" deraadt@
based on a patch from John Wong, johnw at wonghome dot net, tweaked by me
while here, document globbing for normal lines, too
"i like that" okan@; feedback and ok jmc@