why pam is failing in the case of an included pam config file missing.
example: instead of logging with the default log settings:
Jun 17 08:49:37 tucana su: pam_start failed: system error
it will log:
Jun 17 08:55:49 tucana su: in openpam_parse_chain(): failed loading include for service gibbetnich in /etc/pam.d/su(15): No such file or directory
Jun 17 08:55:49 tucana su: pam_start failed: system error
* Only fork when the RA has a RDNSS option AND a valid prefix OR no DHCPv6 instruction.
* Handle BSD per interface rtadv kernel flag.
* Add a reject route for the delegated prefix so that unassigned prefixes don't go back upstream.
* If not specified, Delegated Prefixes will get an automatic SLA of the interface index. If the biggest SLA and the assigned prefix fits into a /64 then dhcpcd creates a /64 prefix so that SLAAC works. If bigger than /64 is needed then dhcpcd creates one rounded upto the nearest multiple of 8. Unless a configured SLA of 0 is assigned, a reject route for the Delegated Prefix is installed to stop unassigned addresses trying to be resolved upstream. Addresses added from Delegated Prefixes now have a default address suffix of 1 instead of using a SLAAC style address.
* Don't spam timezone updates unless its actually changed.
* Support ND6_IFF_OVERRIDE_RTADV on BSD.
* Document why we don't send both FQDN and hostname options.
* Respect RFC4861 MAX_RTR_SOLICITATION_DELAY as specified in section 6.3.7.
* RFC2131 section 4.4.1 states the client SHOULD wait a random time between one and ten seconds to desynchronize the use of DHCP at startup. Instead we wait a random time between zero and one second to mirror the more modern IPv6RS and DHCPv6 standards unless overridden by defining RFC2131_STRICT.
* Always send a carrier as it's no longer encapsulated in the IPv4 stack. When stopping and not departed, run with the STOPPED reason but do not process it in hooks.
* Poll kernel neighbour reachability (SIOCGNBRINFO_IN6) for each router instead of sending and listening for Neighbour Soliciation/Advertisement packets. The kernel is privy to a lot more reachability information than userland is.
* Ensure that ND6_IFF_PERFORMNUD is set.
* controlgroup option changes group ownership of the control socket.
* Should use arc4random_uniform when wanting a randon number between 1 and N. Improve the compat arc4random function a little and re-stir on fork.
* -4 and -6 are now mutually exclusive and when running on a single interface per protocol pidfiles are created. This means that other control options suchs as -x and -n will require the -4 or -6 option as well.
* Implement Stable Private Addresses for SLAAC as per RFC7217. Enable this as default in dhcpcd.conf.
* Log error condition if a new or changed Router Advertisment to avoid spamming the log.
* Add an IPv6 link-local address before upping the interface if needed. Bring an interface up when we start it and not during discovery. As such, stop waiting on carrier for a second if we did.
* Add gateway option to enable the gateway or an interface/profile. Ensure the option and require options disable the nooption option - last wins.
* Restarting ntp/yp are not critical and their initialisation continues in the background as well so we may as well background the restart commands for faster dhcpcd performance.
2014-06-09 9:04 Christos Zoulas <christos@zoulas.com>
* Misc buffer overruns and missing buffer size tests in cdf parsing
(Francisco Alonso, Jan Kaluza)
2014-06-02 14:50 Christos Zoulas <christos@zoulas.com>
* Enforce limit of 8K on regex searches that have no limits
* Allow the l modifier for regex to mean line count. Default
to byte count. If line count is specified, assume a max
of 80 characters per line to limit the byte count.
* Don't allow conversions to be used for dates, allowing
the mask field to be used as an offset.
2014-05-30 12:51 Christos Zoulas <christos@zoulas.com>
* Make the range operator limit the length of the
regex search.
2014-05-14 19:23 Christos Zoulas <christos@zoulas.com>
* PR/347: Windows fixes
* PR/352: Hangul word processor recognition
* PR/354: Encoding irregularities in text files
2014-05-06 6:12 Christos Zoulas <christos@zoulas.com>
* Fix uninitialized title in CDF files (Jan Kaluza)
2014-05-04 14:55 Christos Zoulas <christos@zoulas.com>
* PR/351: Fix compilation of empty files
2014-04-30 17:39 Christos Zoulas <christos@zoulas.com>
* Fix integer formats: We don't specify 'l' or
'h' and 'hh' specifiers anymore, only 'll' for
quads and nothing for the rest. This is so that
magic writing is simpler.
2014-04-01 15:25 Christos Zoulas <christos@zoulas.com>
* PR/341: Jan Kaluza, fix memory leak
* PR/342: Jan Kaluza, fix out of bounds read
2014-03-28 15:25 Christos Zoulas <christos@zoulas.com>
* Fix issue with long formats not matching fmtcheck
This patch fixes "ipfstat" not displaying group rules and fixes problems
being able to remove individual rules using ipf/ipnat.
#547 rule parsing puts junk at the end of ipf rules
#546 ipfstat -io does not list rules in groups aside from 0
Due to unforeseen circumstances I'm not able to commit this myself.
Missing module files were treated as soft failures leading to
unexpected behavior if policy files were copied between hosts with
differently installed modules or in the short period during upgrades
when module files were being replaced.
When autogenerating headers from source (yuck) use a more selective
pattern to avoid selecting anything if part of the current absolute
path happens to match part of the nvi source tree.
SIGHUP,SIGINT,SIGTERM on startup, so make those also conditional to isc_bind9.
The net effect of this was that dhclient blocked the 3 signals for both
itself and its progeny so /etc/rc.d/dhclient restart would not work.
* Improvements to autoconf build emulation
* CARRIER/NOCARRIER are now run outside of the IPv4 runs
* validate domains correctly which contain a - on non bash shells
* don't remove IPv6 addresses from internal state when added as tentative
* HUP now rebinds, ALRM now releases - the -x and -k flags work as
they used to
* Add -M, --master option to force dhcpcd into master mode even if one
interface is specified on the command line
* Fix a crash when receiving a reconfigure key
* Dumping a DHCPv4 lease works again
* SEND_DAD code removed
* hoplimit is no longer defined for DHCPv6 messages
* hoplimit of 255 for IPv6 RS/ND message is now defined at the socket
instead of ancillary data with the message
