between it and hostname:username is optional as well (some software relies
in this); while here, covert to use sscanf() instead of explicit parse code,
sprinkle some comments
dumpit(): change so that the price is total price for this entry, instead of
beeing price per copy
Addresses bin/9996 by Brian Stark, though the implementation differs from
patch code attached to it.
- remove obsolete non-advanced-api support.
- if a routing entry exists for aggregate prefix (-A), do not overwrite
the routing entry (exit with error).
in inetd.conf. otherwise, we'll have (minor) problem putting IPv6 address in.
sync with kame.
[::1]:ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -ll
- Centerize the check whether an interface is specified.
- Print maximum data length.
- Swap wi_type and wi_code in struct wi_table so that wi_type matches with
wi_type in wi_req.
XXX enami, I admit it is not a good thing to check the error code from
getaddrinfo. it is sometimes mandatory, however. gai_strerror message
can be too generic in some cases. we can't really extend getaddrinfo,
as it was not invented by kame (see RFC2553)
sync with kame.
benefits: allows us to access-control inbound traffic by using hosts.allow(5).
possible drawbacks: inetd mode has no chance for multi-connection-per-single-
process enhancement. current faithd(8) needs 1 process per 1 connection
anyways.
sockets in the situation where all of the following are true:
* /etc/syslogd.conf contained forwarding actions when we were
started up or when we last received a HUP
* /etc/syslogd.conf has had all forwarding actions removed
* we are running with -s
and we receive a HUP.
request:
instead of the -S flag, fix the -s flag to not open a socket
if there are no forwarding rules in /etc/syslog.conf
The behavior of syslogd when -s is specified and there are forwarding rules
should still be made cleaner.
in man page and comments -- for some time it has no longer prevents
an inet socket from being opened, just caused it to be ignored
2.) Fix this problem with `-s' -- syslogd always opens an inet socket, even if
-s is specified and it has nowhere to send to. This socket is then
shutdown(), but there is no way to not have this socket open.
Users setting up paranoid installations can now specify `-S' which
prevents any non-unix-domain sockets from being opened, even if
forwarding is specified in /etc/syslogd.conf.
As per the previous fix, this is not made the default for `-s', as it
also prevents syslogd from forwarding log messages.
3.) document the above in the man page and usage.
Justification: in light of the possibility of future DoS attacks, or the
desire to set up a machine which is relatively uninformative in the face
of port scans, users may quite legitimately want to control what sockets
are open on their machine. Telling such users that they cannot run
syslogd is non-ideal.
option pulls in a set of symbols that increases the size of dhclient
with functionality that is not required for installation media.
This was discussed with Ted Lemon, and the patch is being submitted to him
for inclusion in his source tree.
short enough to put on the same line.
- Kill the comma at the end of SEE ALSO list.
- Remove empty line in the source.
- Break line at the end of statement in the source for better output (in other
words, let the roff to format it).
adding support for Heimdal/KTH Kerberos where easy to do so. Eliminate
bsd.crypto.mk.
There is still a bunch more work to do, but crypto is now more-or-less
fully merged into the base NetBSD distribution.
a bit, to make them more descriptive
* in findbestmatchingname_fn, fix a bug where a null pointer wasn't
caught (I wonder why we didn't actually hit that case...)
* Bugfix in findbestmatchingname_fn: when comparing, strip off any
trailing ".tgz", as this will give wrong results. "1.9.8.tgz" was
found to be greater than "1.9.8.1".
Add flags "-b" and "-I" to dumplfs, to allow the user to specify the
location of the superblock and Ifile inode, respectively.
Don't print "corrupt segment header" any more for leftover slivers of
space too close to the next segment to write a partial-segment. In the
event that there was no such sliver, the segment still ends; recognize
this and print out the segment number, and superblock if asked.
Document all the flags in the man page.
Print the partial-segment write flags (SS_DIROP, SS_CONT).
Make the "-a" flag output look slightly better.
Change all hex numbers to lowercase, instead of having some upper and
some lower.
+ Make depend required all the source files to be built before
the dependencies were generated due to some sub-optimal logic
in the version generation.
Fix from Bernd Ernesti in private mail.
+ Make the version string contain ${PROG} as originally intended
and not "ntpd" for all 7 programs.
Also move version generation to Makefile.inc to stop having 7 copies
of exactly the same thing.
to mention here. notable changes are like below.
kernel:
- make PF_KEY kernel interface more robust against broken input stream.
it includes complete internal structure change in sys/netkey/key.c.
- remove non-RFC compliant change in PF_KEY API, in particular,
in struct sadb_msg. we cannot just change these standard structs.
sadb_x_sa2 is introduced instead.
- remove prototypes for pfkey_xx functions from /usr/include/net/pfkeyv2.h.
these functions are not supplied in /usr/lib.
setkey(8):
- get/delete does not require "-m mode" (ignored with warning, if you
specify it)
- spddelete takes direction specification
file, make command specified, and no flags or attrs-which-cause-inclusion
are spec'd. The notion is, if you change either of the last 2, it will
probably have very undesirable results, so only allow the make command to
be changed. override by clobbering the make command in the previous entry.
also, fix a bug where line number of original entry would get clobbered on
dup entry, so that if you had multiple dups the later ones would get bogus
initial definition info.
fhopen() and flock(). This means that if you kill lockd, all locks will
be relased (but you're supposed to kill statd at the same time, so
remote hosts will know it and re-establish the lock).
Tested against solaris 2.7 and linux 2.2.14 clients.
Shared lock are not handled efficiently, they're serialised in lockd when they
could be granted.
with both names. So log the "Unsolicited notification" with LOG_DEBUG
instead of LOG_ERR.
Don't return failure if we received a notification for which the host is
unknown, or we don't have outstanding requests. The remote host will retry
forever otherwise.
mellon