Commit Graph

2603 Commits

Author SHA1 Message Date
Gregory Neil Shapiro
872880c2c0 ip6fw doesn't support -q if reading from a file so don't use ${fw6cmd} which
may have a -q if ${ipv6_firewall_quiet} is set.

Reviewed by:	kris
2001-02-28 06:51:17 +00:00
Gregory Neil Shapiro
fab9e3acac Fix dependencies and cleanup spacing in the file 2001-02-28 04:04:07 +00:00
Gregory Neil Shapiro
457767e4ff Fix dependencies and use a better variable name 2001-02-28 04:03:51 +00:00
Gregory Neil Shapiro
9f8cda5dbe Add a pointer to the ORBS web site for more DNS black hole lists. 2001-02-28 02:47:52 +00:00
Gregory Neil Shapiro
a77b865277 Fixup some of the commented out examples:
1) blackholes.mail-abuse.org is the same as FEATURE(dnsbl), so specifying
it in the "Other DNS based black hole lists" section leads to confusion of
specifying it twice.

2) Formatting issues. If error diagnostic not enclosed in double quotes,
varius visual artefacts appearse like 1) no space after ; and 2) redundant
space after ? (in CGI request), so I add quotes where needed.

3) FEATURE(dnsbl) directly use error code 550 by default, so I made other
dnsbl variants use the same error code too.

4) Comment relays.* list as "open relays" list, just "other" word is not
explain enough.

Submitted by:	ache
2001-02-28 02:06:46 +00:00
Julian Elischer
5fc391d0cc Add an entry for the nmdm devices 2001-02-27 18:36:56 +00:00
Kris Kennaway
181b6941c7 Add definitions and support for the AMD k6-2, Pentium MMX (i586/MMX),
and Pentium II, III and IV processors (p2, p3, p4), as well as 'mmx' and
'3dnow' MACHINE_CPU tags as appropriate.  In the near future this will
be used to control various ports which have MMX/3dNow optimizations,
instead of the ad-hoc methods currently used.

Reviewed by:    peter
2001-02-27 11:21:47 +00:00
Jeroen Ruigrok van der Werven
f9eec60e72 Short lived fame for -Wundef.
Second thoughts by:	bde
2001-02-27 10:16:56 +00:00
Jeroen Ruigrok van der Werven
e18f542dc0 Add -Wundef to BDECFLAGS:
Warn if an undefined identifier is evaluated in an `#if' directive.

Not objected to by:	bde
2001-02-27 09:03:55 +00:00
Mike Smith
671468e752 Add the 'mly' device nodes. 2001-02-25 22:52:55 +00:00
Kris Kennaway
247b759d92 Update the list of OpenSSL manpages (now contains many more describing
libssl, for example), and hide it behind a make.conf option,
WANT_OPENSSL_MANPAGES, instead of having it commented out.  We still can't
install these by default because of clobbering of a number of system
manpages with the same name, but they're there for people who want them.
2001-02-25 21:42:12 +00:00
Dag-Erling Smørgrav
7a6ac3e087 Fix references to Chapman & Zwicky and Cheswick & Bellowin.
PR:		24652
Submitted by:	jjreynold@home.com
2001-02-25 11:44:51 +00:00
Seigo Tanimura
283ea61c54 I thought it was a new CPU :)
s/i585/i586/
2001-02-24 02:59:32 +00:00
Peter Wemm
e0f332edab Remove the camcontrol rescan $device insert events for the aic driver,
which does it itself now.  Although CAM should do the rescan itself
if the initial boot-time rescan has already been done.
2001-02-23 02:45:15 +00:00
Brian Somers
98d7002b19 Change the 120 second timeout to 180 seconds to reflect the real default 2001-02-22 23:28:12 +00:00
Gregory Neil Shapiro
e6c77250ef Need one additional make.conf knob, SENDMAIL_ADDITIONAL_MC to satisfy bug
report.  It allows building multiple .cf files at build time.

PR:		bin/19897
2001-02-22 19:44:16 +00:00
Gregory Neil Shapiro
d1885c41cc Add a note indicating that SENDMAIL_MC should include the path. This is
necessary if you expect to be able to use this setting in both /etc/mail
and etc/sendmail.
2001-02-22 19:34:13 +00:00
Kris Kennaway
62d90fb793 Overhaul the MACHINE_CPU behaviour:
* Rip out MACHINE_CPU stuff from sys.mk and include a new <bsd.cpu.mk>
  after we pull in /etc/make.conf.  We need to do it afterwards so we can
  react to the user setting of the:

* CPUTYPE variable, which contains the CPU type which the user wants to
  optimize for.  For example, if you want your binaries to only run on an
  i686-class machine (or higher), set this to i686.  If you want to support
  running binaries on a variety of CPU generations, set this to the lowest
  common denominator.  Supported values are listed in make.conf.

* bsd.cpu.mk does the expansion of CPUTYPE into MACHINE_CPU using the
  (hopefully) correct unordered list of CPU types which should be used on
  that CPU.  For example, an AMD k6 CPU wants any of the following:
    k6 k5 i586 i486 i386
  This is still an unordered list so the client makefile logic is simple -
  client makefiles need to test for the various elements of the set in
  decreasing order of priority using ${MACHINE_CPU:M<foo>}, as before.
  The various MACHINE_CPU lists are believed to be correct, but should be
  checked.

* If NO_CPU_CFLAGS is not defined, add relevant gcc compiler optimization
  settings by default (e.g. -karch=k6 for CPUTYPE=k6, etc).  Release
  builders and developers of third-party software need to make sure not to
  enable CPU-specific optimization when generating code intended to be
  portable.  We probably need to move to an /etc/world.conf to allow the
  optimization stuff to be applied separately to world/kernel and external
  compilations, but it's not any worse a problem than it was before.

* Add coverage for the ia64/itanium MACHINE_ARCH/CPUTYPE.

* Add CPUTYPE support for all of the CPU types supported by FreeBSD and gcc
  (only i386, alpha and ia64 first, since those are the minimally-working
  ports.  Other architecture porters, please feel free to add the relevant
  gunk for your platform).

Reviewed by:    jhb, obrien
2001-02-22 11:14:25 +00:00
Gregory Neil Shapiro
f2e560e181 Revamp /etc/mail/Makefile:
+ Add support for the new SENDMAIL_MC make.conf knob
+ Add the ability to build .cf files from .mc files
+ Generalize map rebuilding
+ Add the ability to rebuild the aliases file
+ Add the ability to stop, start, and restart sendmail

PR:		bin/13759, bin/19897, bin/24397
2001-02-22 04:17:33 +00:00
Gregory Neil Shapiro
25219d25e6 Add a new make knob, SENDMAIL_MC, which is meant to replace SENDMAIL_CF as
users should be configuring via m4 now.  If set, use m4 to create the .cf
file.  Also, if either SENDMAIL_MC or SENDMAIL_CF is set, 'make install' or
'make distribution' in src/etc/sendmail/ will install the appropriate .cf as
/etc/mail/sendmail.cf.  This fixes some mergemaster problems.

PR:		conf/13016
2001-02-22 04:11:52 +00:00
Gregory Neil Shapiro
e10536edc1 Install freebsd.mc and freebsd.cf in /etc/mail so users have the base files
for creating their own configuration.
2001-02-22 04:01:16 +00:00
Gregory Neil Shapiro
e4e1027a2e Move creation of the sendmail statistics file from the usr.sbin/sendmail
Makefile to the etc/sendmail Makefile to be consistent with all of the
other /var file creations.  In doing so, change the Makefile target from
etc-sendmail.cf to distribution as it installs more than just the sendmail.cf.
2001-02-22 03:55:08 +00:00
Gregory Neil Shapiro
7f010cfc3d Clean up freebsd.mc to make it easier for users to read and modify.
The freebsd.cf from this new freebsd.mc is functionally equivalent.
2001-02-22 03:41:14 +00:00
Nik Clayton
d8d11df0a1 Add com1-4 as finger friendly shortcuts for /dev/cuaa0-3. Specify a default
baud rate of 9600.

Reviewed by:    arch
2001-02-21 19:45:47 +00:00
Nick Sayer
5b9c7d3e5b Fix some glaring insecurities in the prototype firewall configurations.
pass udp from any 53 to ${oip}

allows an attacker to access ANY local port by simply binding his local
side to 53. The state keeping mechanism is the correct way to allow DNS
replies to go back to their source.
2001-02-20 19:54:31 +00:00
Ruslan Ermilov
619ab04511 Add missing .../cat?/alpha directories. 2001-02-19 15:30:11 +00:00
Ruslan Ermilov
54ecfa0813 Create directory infrastructure required to format, display
and store preformatted /usr/share/man manual pages in 8-bit
iso-8859-1 charset for all *_*.ISO_8859-1 locales.

Requested by:	des
Input from:	ache
2001-02-19 13:08:14 +00:00
Andrey A. Chernov
fa94f1388d Add 500.queuerun 2001-02-19 07:12:37 +00:00
Kris Kennaway
0937df81ca Introduce support for using OpenSSL ASM optimizations. This is done
through the use of a new build directive, MACHINE_CPU, which contains a
list of the CPU generations/features for which optimizations are desired.
This feature will be extended to cover the ports tree in the future.

Currently OpenSSL provides optimizations for i386, i586 and i686-class
CPUs. Currently it has not been tested on an i386 or i486.

Teach make(1) to provide sensible defaults for MACHINE_CPU if it is not
defined (namely, the lowest common denominator CPU we support for each
architecture).  Currently this is i386 for the i386 architecture and ev4
for the alpha.  sys.mk also sets the variable as a last resort for
consistency with MACHINE_ARCH and bootstrapping from very old versions of
make.

Benchmarks show a significant speed increase even in the i386 case, with
additional improvements for i586 and i686 systems.  For maximum performance
define MACHINE_CPU=i686 i586 i386 in /etc/make.conf.

Based on a patch submitted by:  Mike Silbersack <silby@silby.com>
Reviewed by:    current
2001-02-19 03:59:05 +00:00
Peter Wemm
6edba32695 Move the sendmail -q from cron to periodic, as suggested by a few people.
This has the benefit of adding a random start time element as daily
processing takes a different amount of time on different machines.
2001-02-19 02:47:42 +00:00
Poul-Henning Kamp
2f1ac13b0a Duh! forgot to add BSD_daemon to the mtree files.
Submitted by:	"Niels Chr. Bank-Pedersen" <ncbp@bank-pedersen.dk>
2001-02-18 08:18:44 +00:00
Kris Kennaway
83ac420321 120 seconds is not 3 minutes 2001-02-18 02:11:37 +00:00
Poul-Henning Kamp
960cada9b8 Log the console output to "/var/log/console.log", not "/var/log/console"
(MFC candidate)
2001-02-17 20:27:58 +00:00
Ruslan Ermilov
2f397f6b6c Apparently, people do not listen for a plea to look into the
README file before making changes here.  Fix them once again.
2001-02-15 12:25:48 +00:00
Ruslan Ermilov
97424e48a0 Fixed the fatal (missing "..").
Pointy hat to:	asmodai
2001-02-15 10:34:43 +00:00
Peter Wemm
3bb02cdb6f Manually run /usr/sbin/sendmail -q once a day. Folks seem to be too
trigger happy and turn off sendmail_enable entirely (instead of setting
sendmail_flags to -q30m instead).  I have seen boxes with things like daily
run reports that have sat in mailq for 5 months.  Since /usr/sbin/sendmail
is actually mailwrapper, this should be safe for the other plugins that
provide the sendmail calling interface.
2001-02-15 01:34:37 +00:00
Toshihiko ARAI
3fd6657490 Added the KME SCSI-CARD-001 of a SCSI card (accessory of
Hewlett Packard M820e CD-writer).

Pointed out by:	mitchy@er.ams.eng.osaka-u.ac.jp
Submitted by:	Stacy Millions <stacy@millions.ca>
2001-02-12 07:32:04 +00:00
Gregory Neil Shapiro
712401bee7 Give some additional DNS black hole possibilities as comments.
Submitted by:	clive
2001-02-12 05:26:11 +00:00
Jeroen Ruigrok van der Werven
531f27501e Add en_NZ.ISO_8859-1. 2001-02-10 13:46:59 +00:00
Jeroen Ruigrok van der Werven
536133b760 Add af_ZA.ISO_8859-1
Submitted by:	ache
2001-02-09 21:58:31 +00:00
Brian Somers
5a5bb7591b Show denied secondary bind transfer attempts
Submitted by:		inTEXT Communications <glenn@intextonline.com>
Ok'd by:		imp, kris
Not objected to by:	freebsd-audit
2001-02-08 20:31:21 +00:00
Robert Watson
d6828be55f o Introduce automated log rotation for /var/log/console, the
default syslog target for console messages (when enabled in
  syslog.conf).  Use the same rotation defaults as with
  /var/log/messages -- every 100kb of log, compress back logs,
  and keep five rotated logs.
o Note: phk also thought it would be useful to force rotation
  each boot.  This commit does not introduce such a rotation.

Reviewed by:	phk
2001-02-06 06:07:00 +00:00
Doug Barton
385a585a4b Introduce the option of running fsck -y if the initial preen fails.
Defaults to off.

Obtained from:	Yahoo!
2001-02-05 04:54:42 +00:00
Brian Somers
a567cf6dd6 Don't specify root:wheel for tun*, it's the default.
Pointed out by:	bde
2001-02-03 23:31:31 +00:00
Robert Watson
6a56450bfb o Reinstate Kerberos IV support for sshd when MAKE_KERBEROS4 is
compiled in.  This involves a commented out sshd line to match the
  remainder of the commented out pam_kerberosIV.so entries.  This
  doesn't quite restore the correct behavior, as ticket files are
  not managed properly, but it's an improvement.

Forgotten by: green
2001-02-03 02:09:20 +00:00
Brian Somers
38fb35db09 Pick up all messages* files less than two days old rather than
just messages{,.0*} when looking for login failures and refused
connections.

PR: 23415
Mostly submitted by: phk

Convert a few "  "s to tabs while I'm here - for consistency.
2001-02-03 01:28:46 +00:00
Brian Somers
e0cd22b7b4 Change the permissions on /dev/tun* to 0600 root:wheel 2001-02-03 00:32:17 +00:00
Brian Somers
afcf65b56b Allow the output of /etc/security to be logged or mailed to different
users in line with ${daily,weekly,monthly}_output using a new
$daily_status_security_output variable.

PR:	24643
2001-01-30 10:24:18 +00:00
Brian Somers
12e0a85bba Run purgedir (a local function) on /var/run instead of rm /var/run/*
PR:		24612
Submitted by:	David Drum <david@mu.org>
2001-01-30 10:07:03 +00:00
Sheldon Hearn
de29595584 Replace the full path to sysinstall with a standard manual page
reference.  The sysinstall binary is now in root's standard PATH,
so there's no need for explicit pathing, and there's some value
in a manual page reference.
2001-01-29 08:22:21 +00:00