the 'ifconfig ifN delete' into pccard_ether under the 'stop'
function.
In addition start dhclient with a pid file based on the interface
name, e.g. /var/run/dhclient.ep0.pid, and kill the correct dhclient
(or dhcpc) process when the card is removed.
convinced myself that it's better then what we have, but still
not perfect.
/etc/rc : Attempt to seed /dev/random with multiple backoffs.
/etc/rc.shutdown : Attempt to write the entropy_file.
In debugging the above changes, I've run into some
inconsistancies... rc.shutdown is run via 'init 6', but
does not appear to be run via '/sbin/reboot'. Thus, this
set of changes improves life depending on the mechanism
used to shut the system down.
Submitted by: Doug Barton <DougB@gorean.org>
Approved by: markm
not allocate a pty(4) so it is not suitable at all for interactive
PAM modules. rlogind calls login(1) which is already PAM enabled.
Approved by: markm
the appropriate documentation added to rc.conf(5). If all goes well
with this over the next few weeks, the PR will be closed with the
pullup of patches back to 4-STABLE.
PR: 20202
Submitted by: Gerhard Sittig <Gerhard.Sittig@gmx.net>
Reviewed by: Darren Reed <darrenr@freebsd.org>
Approved by: Darren Reed <darrenr@freebsd.org>
Obtained from: Gerhard Sittig <Gerhard.Sittig@gmx.net>
are bad enough, but finger is hardly a critical system service and
it's traditionally been vulnerable to a variety of attacks; anybody
remember RTFM and his worm?
PC-card stuff. Also print a NEWLINE (!!) after that.
I'm driving mad each time when I see messages related to pccard before
"Enable PC-card." and particulary when I see
"Doing initial network setup". on the same line w/o a break.
make_dev() call.
At the moment, it is an error for anyone but root to write to this
device (EPERM), and the permissions don't suggest that. Soon, however,
anyone will be able to write here, but only root will cause an implicit
reseed.
All periodic sub-scripts <larf> now have their return codes interpreted
by periodic(8). Output may be masked based on variable values in
periodic.conf.
It's also now possible to email periodic output to arbitrary addresses,
or to send it to a log file, examples of which can be found in
newsyslog.conf.
The upshot of it all should be no discernable changes to the default
behaviour of periodic(8).
PR: 21250
-- Unknown
Now that the RSA algorithm is released into the public domain, build
librsaintl by default unless NO_RSAINTL is set in make.conf.
The native OpenSSL implementation of RSA is much faster, doesn't have
an artificial keysize limitation, has 30% fewer calories and tastes great!
configure FreeBSD so that various databases such as passwd and group can be
looked up using flat files, NIS, or Hesiod.
= Hesiod has been added to libc (see hesiod(3)).
= A library routine for parsing nsswitch.conf and invoking callback
functions as specified has been added to libc (see nsdispatch(3)).
= The following C library functions have been modified to use nsdispatch:
. getgrent, getgrnam, getgrgid
. getpwent, getpwnam, getpwuid
. getusershell
. getaddrinfo
. gethostbyname, gethostbyname2, gethostbyaddr
. getnetbyname, getnetbyaddr
. getipnodebyname, getipnodebyaddr, getnodebyname, getnodebyaddr
= host.conf has been removed from src/etc. rc.network has been modified
to warn that host.conf is no longer used at boot time. In addition, if
there is a host.conf but no nsswitch.conf, the latter is created at boot
time from the former.
Obtained from: NetBSD
cached when not in use. This changes the FreeBSD default from 30 minutes
to 5 minutes. JKH was the one that added the override to amd_flags, but
there was no reason given other to serve as an example of what could be
done.
not when ${firewall_type} is set to a filename, as we know
nothing about user's script specifics.
Reported by: Bernhard Valenti <bernhard.valenti@gmx.net>
X field is treated the same as the unit number for acdX. The optional
Y parameter specifies the number of track devices to create starting at
track 1. If Y is not specified, it defaults to 100.
- Add the acd0t target to the all target to preserve previous behavior.
- Don't add the acd0t target to the fixit target, thus keeping the fixit
floppy from running out of i-nodes.
which really wasn't such a hot idea in retrospect.
If the random device isn't available, it probably isn't wanted.
If it's wanted, it should be enabled in loader.conf.
the output for the linux_enable and svr4_enable stuff "floating
in the middle of nowhere".
Give them their own section, called "additional ABI support".
kernel modules for ibcs2_enable and svr4_enable.
Don't rely on a shell script to do the neglibly less simple
job of loading a kernel module and running one command for
linux_enable.
These shell scripts are going away.
IPX folks a fighting chance of figuring this out themselves. I can't
work out how to document this carefully in rc.conf(5), but this ought
to close the PR.
PR: 17904
Reported by: John Gelnaw <jeg@hawk.circa.ufl.edu>
SUPFLAGS when a 'make update' is run. This means that the supfile
doesn't need to be edited because the -h will override the
CHANGE_THIS.FreeBSD.org host.
Beyond changes to the build system, this includes fixing up the sample
freebsd.mc configuration for changes in defaults and syntax, removing
outdated documentation, and updating the release notes.
it lives in /usr/bin. Instead, locate files manually.
Note, only *files* under /var/spool/lock are now deleted rather
than everything that's not a directory. I think this is more
correct, but if anyone disagrees please feel free to change it.
Problem pointed out by: bde
Make sysinstall override this on install, so the effective behavioural
change for a newly installed system is null. Overall, this makes a system
with an empty /etc/rc.conf not run any network services, and makes the
FreeBSD-provided network services that are running visible in /etc/rc.conf
(instead of making people look through /etc/defaults/rc.conf to find the
things they need to disable to secure the system.)
Reviewed by: jhb
Discussed with: The usual cabal
Add hints towards login.conf(5), which should be the preferred way
to set this systemwide without having to worry about the shell used.
PR: 9245
Submitted by: martin Kammerhofer <dada@sbox.tu-graz.ac.at>
build process in too many cases. Adding mtree to bootstrap-tools
to solve this breaks the upgrade path because mtree needs a
libc that has strtofflags and fflagstostr.
The tap driver is used to present a virtual Ethernet interface to the
system. Packets presented by the network stack to the interface are
made available to a character device in /dev. With tap and the bridge
code, you can make remote bridge configurations where both sides of
the bridge are separated by userland daemons.
This driver also has a special naming hack to allow it to serve a similar
purpose to the vmware port.
Submitted by: myevmenkin@att.com, vsilyaev@mindspring.com
time, and this is used to reseed the random number generator at
boot time.
NOTE - this has no hope of working if you halt(); you need to
execute rc.shutdown to get the entropy stash.
- Remove unit numbers in config lines.
- Remove all of logger lines and add logstr lines for some cards. This
changes reduced file size from 84k to 45k.
- Use '/sbin/ifconfig $device delete' instead of /etc/pccard_ether_remove
which haven't merge from PAO yet.
- Cosmetic changes.
MAKE_foo for things like MAKE_KERBEROS etc. Use that. I managed to
confuse myself last time and made make.conf different to the code. ;-(
Reported by: Jun Kuriyama <kuriyama@FreeBSD.org>
wheel to trash logfiles is not exactly good security policy. There have
been several gid wheel holes in ports. Various other files were changed
as well (eg: the locate database were set to more restrictive modes (444)
by their generation scripts) so this should be safe for them. utmp and
wtmp are mode 644 already on all the systems we checked.
Submitted by: jkb
Reviewed by: kris
Seems to work great in the type II cf<->pccard adapter that came with
the card. Others have reported with different chipsets for the pccard
bridge that additional support is needed to make this card work with
the 3.3 volts it needs.
o The Shining PMIDE-ASC card is also used in Road Warrior's Bullet Drive, so
add that to the comments.
o Eiger Lab's fujitsu based ethernet card: EPX-10BT (thanks to Ryan Losh for
donating the card to the cause).
o Add place holder entry for the 3Com Megahertz 3CXEM556. It doesn't work
yet, but that will change in time.
I've seen some script kiddie tools out there that fake the timestamps
but don't preserve the inode number.
Note - this will cause a lot of output the first time it is run!
PR: 18947
Reviewed by: Sheldon Hearn <sheldonh@uunet.co.za>
(I had been busy for my own research activity until the last weekend)
Supported devices:
SB Midi Port (sbc + midi)
SB OPL3 (sbc + midi)
16550 UART (midi, needs a trick in your hint)
CS461x Midi Port (csa + midi)
OSS-compatible sequencer (seq)
Supported playing software:
playmidi (We definitely need more)
Notes:
/dev/midistat now reports installed midi drivers. /dev/sndstat reports
only pcm drivers. We need the new name(pcmstat?).
EMU8000(SB AWE) does not sound yet but does get probed so that the OPL3
synth on an AWE card works.
TODO:
MSS/PCI bridge drivers
Midi-tty interface to support general serial devices
Modules
time, I have no idea if there is equivalence of printf. So, stf
setup still depends on /usr. In addition, prefix(8) and gifconfig(8)
are in /usr/sbin. Should we move these into /sbin?
- Sync with latest stf behavior. Latest stf doesn't have link-local
address. And, latest stf is not gif but stf.