it returns. This allows it to connect to the server side again, which
has been listening on IPv6 addresses exclusively for more than 2 years.
PR: 59369
(Lite Edition) respectively. These "lite" packages are streamlined to
provide users with the core essentials for each desktop and to fit on the
release disc 1.
Approved by: re (scottl)
permitting the administrator to select a securelevel top operate
at. Include a helpfile summarizing some of the information from
init(8). This allows for explicit configuration of securelevels,
which was previously implicit in Security Profile selection.
Currently, there are no checkboxes for the active securelevel,
because sysinstall's facilities for deriving "current settings"
from rc.conf may use only one variable, not two, and I opted for
the simplest approach at this point.
Approved by: re (scottl)
selection is used to drive two configuration parameters:
(1) Default enable/disable for sshd
(2) Default enable/disable for securelevels
Replace this with an explicit choice to enable/disable sshd. A
follow-up commit will add a configuration option to the Security
post-install configuration menu to set the securelevel in rc.conf
explicitly. This should reduce the level of foot-shooting associated
with accidental enabling of securelevels, make the nature and
implications of the securelevel configuration options more explicit,
as well as make the choice to enable/disable sshd more explicit.
Approved by: re (scottl)
(1) Document the notion of using jail(8) to run "virtual servers" or
just to constrain specific applications. If only running specific
applications, some configuration steps are unnecessary (such as
editing rc.conf).
(2) Add some more subsection headers to break up the bigger chunks of
text.
(3) Clarify the problems associated with applications binding all IP
addresses in the host, and attempt to be more specific about
potential application problems. Document how to force sshd to
bind the the right socket.
(4) Suggest that in a jailed application scenario, you might want to
have the host syslogd listen on the socket in the jail, rather
than running syslogd in the jail.
(5) Catch another reference to /stand/sysinstall.
Approved by: re (bmah implicitly)
check if it's already loaded or compiled into the kernel, and only try to
load it if it isn't.
PR: bin/59368
Submitted by: Jens Rehsack <rehsack@liwing.de>
is possible for an error to occur while trying to log an error, and
this can result in infinite recursion (or at least until we run out
of stack).
Rather than this, we ignore requests to log an error while logging an
error.
PR: 51253
MFC after: 2 weeks
Avoid implicit function calls by adding the proper include files.
Use const char copyright.
Fix some fprint formatting.
In the manual page:
Use the .Pa macro for filenames and locations.
Kill hard setence breaks.
Make use of the .Tn and .Dq macros.
Add some to text to the otherwise blank HISTORY section (taken from CVS).
constants NG_*SIZ that include the trailing NUL byte. This change
is mostly mechanical except for the replacement of a couple of snprintf()
and sprintf() calls with strlcpy.
- simplify by strdup.
- set ai_protocol in hints to TCP.
- g/c FAITH_NS (no description, not maintained for years)
- warn if connection from IPv4 mapped is reached.
- IPV6_V6ONLY if possible.
- unifdef -UFAITH4.
- drop rsh/rlogin support.
- deal with negative return value from wait3.
Obtained from: KAME
- realloc pedant.
- set sin6_scope_id before sending (link-local/multicast) packets
- removed an incorrect comment
- don't age non-gateway host routes.
- not remove global addresses on loopback interface from routing table
by route aging.
Obtained from: KAME
a SEMICOLON token (a newline or semicolon, or one of these preceded
by a comment and/or whitespace). The input stream was switched too
early and the parser was expecting a SEMICOLON in the included file
instead of after the filename in the include directive.
Submitted by: Stefan Farfeleder <stefan@fafoe.narf.at>
Kept alive by: Adam C. Migus <adam@migus.org>
ums module, and allow for up to five attempts to open the device, with
two-second pauses in between, to allow time for USB controllers and
devices to probe and attach. My Gigabyte P4 Titan 848P motherboard has
a total of 15 ports on four hubs hanging off four controllers, and needs
at least half of that ten-second allowance to get ready.
MFC after: 7 days
deraadt NOTE: -I needs to take an arg (there's no way we can take no
arg/an arg with a single option)
- sscanf overrun
- no variable name on prototype.
- u_int32_t may not be u_long.
- skipped non-host route when printing neighbor cache entries.
- valid and preferred lifetimes are unsigned.
- wording.
Obtained from: KAME
- be more picky about argument parsing - like ERANGE.
- use u_long for args, not to lose accuracy/prevent overflow.
- socklen_t audit.
- Add -I (use icmp) option.
- warn if multiple addresses are present for dest.
- no need to pass tz.
- type pedant. check -p range.
- grab hlim from sysctl.
- typo in port number setting.
Obtained from: KAME
