summaryrefslogtreecommitdiff
path: root/etc
AgeCommit message (Collapse)Author
2023-11-16Use tset -I for all terminals, not just xterm.Todd C. Miller
Terminal initialization is usually only needed for hardware terminals, which are rare these days, and the initialization strings result in a bunch of extra newlines on pseudo-terminals. OK nicm@
2023-11-16Use tset -I for all terminals, not just xterm.Todd C. Miller
Terminal initialization is usually only needed for hardware terminals, which are rare these days, and the initialization strings result in a bunch of extra newlines on pseudo-terminals. OK nicm@
2023-11-16crank some limits because clang is a piggyTheo de Raadt
2023-11-14Bump powerpc64 default datasize to 1536MGeorge Koehler
This is for llvm 16; powerpc64 (like some other platforms) needs a higher datasize limit to build base-clang 16. ok jca@
2023-11-14increase datasize to 1536M for the default login classJonathan Gray
needed to build llvm-16 gnu/usr.bin/clang/include/llvm/AMDGPU ok jca@
2023-11-13raise i386's datasize for 'daemon' class so that relinking libc at bootStuart Henderson
doesn't fail - new clang is even greedier than the old one. I picked the value 1500M out of the air, it works for me but could perhaps be finessed downwards a bit. (I'm also using 1500M for make build / mkr+mkrx on i386; make -j8 build is no longer a good idea on i386 ;)
2023-11-13Bump datasize for staff to match amd64Jeremie Courreges-Anglas
Suggested by jsing@, ok tb@
2023-11-12Bump datasize for the default login class, needed to build clang-16Jeremie Courreges-Anglas
2023-11-12Also bump the default limit on riscv64Jeremie Courreges-Anglas
Reported by jsing@
2023-11-12bump datasize to 1536M for the default login class to allow the buildRobert Nagy
user to generate the AMDGPU includes in llvm-16 discussed with deraadt@
2023-11-05Add cdXX.iso to MDEXT, for it to be included in SHA256; reported by `petcat30'Miod Vallat
on bugs@.
2023-10-29Unmention/don't explain SSL, drop 9y old "ssl" keyword/deprecation warningKlemens Nanni
Switch "ssl" to "tls" in relayd.conf(5) if you haven't done so in the last ten years, "ssl" is now an error. Say "TLS" not "SSL/TLS" and drop the primer in the TLS RELAYS section. OK benno
2023-10-26do not create /usr/local/share/nls and subdirectories by defaultChristian Weisgerber
The share/nls/<locale> paths are unused. ok miod@ deraadt@
2023-10-25Import regenerated moduli.Darren Tucker
2023-10-08move release a earlier. when we wait for security fixes from one pieceTheo de Raadt
of software, another one will announce that we should wait for a security fix. the only winning move is not to play.
2023-10-02maybe a bit earlierTheo de Raadt
2023-10-01show fingerprint of freshly generated ssh host key on first bootChristian Weisgerber
Print to the console the fingerprint of a newly generated ssh host key of the preferred type (currently ED25519), typically when booting for the first time. This simplifies a secure first ssh connection to a freshly installed machine. ok deraadt@ kn@, and various for earlier iterations
2023-09-27Match GRACEFUL_SHUTDOWN only from ebgp sessions as specified byClaudio Jeker
RFC8326 Section 4.1. OK sthen@ phessler@ job@
2023-09-24Strip realm part for bsdauth. This is required and an exmaple usage ofYASUOKA Masahiko
new radius_standard module.
2023-09-19etc: drop vestiges of obsolete DSA ssh host keysChristian Weisgerber
It has been 8 years since DSA keys were disabled by default for ssh/sshd, and 15 months since ssh-keygen -A belatedly stopped generating DSA host keys. ok semarie@ deraadt@
2023-09-18match style used in revision 1.16 of src/etc/examples/radiusd.confIgor Sobrado
ok yasuoka@
2023-09-18crank to 7.4-betaTheo de Raadt
2023-09-16add 7.5 syspatch keyRobert Nagy
2023-09-167.5 packages keyChristian Weisgerber
2023-09-16add 7.5 firmware keyStuart Henderson
2023-08-18Tweak radiusd.conf example. input from an anonymous user.YASUOKA Masahiko
2023-06-22Add machdep.lidaction example. We support this on arm64 laptops now.Tobias Heider
From Jan Stary Ok patrick@
2023-06-19The group "operator" gatekeeps a few superuser abilities (dumping disks,Theo de Raadt
manipulating tape drives -> means gid operator on device nodes). This group is also used with group-access bit on the setuid-root shutdown command (mode ug+x,u+s). Some people use this to shutdown/reboot their machines, but use of that group is giving them disk read access also, which is wrong. It would be a pain to re-gid all the device nodes, so instead let's renumber the operator execution gid into group "_shutdown". Users using this shutdown/reboot functionality will notice it no longer works, and move themselves to the correct group. Various choices discussed at large, this seems our best choice. ok sthen
2023-06-09we always create keys 2 releases into the futureTheo de Raadt
2023-05-25After RFC 9110, the IANA services registry now lists both udp and tcpStuart Henderson
for https (HTTP/3 over QUIC). Add it to /etc/services so that it's included when /etc/rc populates sysctl net.inet.udp.baddynamic. suggested by Renauld Allard, ok tb@
2023-05-10Add a hint on using letsencrypt-staging for testingTheo Buehler
While florian rightly points out that this is likely to be overlooked, it may help someone. Also doesn't affect the adjust-config-with-sed-ability of the example file after input by a few. no objection florian ok espie millert
2023-05-01Import regenerated moduli.Darren Tucker
2023-04-26During boot we have a protective and restrictive pf ruleset during the timePeter Hessler
we are running netstart, and then load the pf.conf ruleset after all of the interfaces are loaded. Allow in and out IPv6 neighbor advertisement traffic without state during that time. suggestions/OK from saschan@ OK sthen@ kn@ florian@ deraadt@
2023-04-24add default tmux config; ok sthenKlemens Nanni
2023-04-21Delete incomplete and unreferenced 'miniroot' entries fromKenneth R Westerback
arm64 and macppc disktab.
2023-04-19Remove obsolete/unused disktab entries for install mediaKenneth R Westerback
that are no longer built. ok miod@
2023-04-18changelist: remove dhclient(8) filesSebastien Marie
as currently dhclient(8) is a (sort of) alias to "ifconfig inet autoconf", these files aren't used anymore. ok tb@
2023-04-18changelist: add unbound-control filesSebastien Marie
ok tb@
2023-04-16Add /etc/mixerctl.conf to changelist(5).Antoine Jacoutot
ok deraadt@ kn@ semarie@
2023-03-25things will be ready a bit earlierTheo de Raadt
2023-03-25correct day of weekTheo de Raadt
2023-03-15slightly earlier, and tweak some datesTheo de Raadt
2023-03-07Nuke pointless 'pb#N:ob#0:' lines from floppyKenneth R Westerback
types. ok miod@
2023-03-06Delete extraneous trailing blank line.Kenneth R Westerback
2023-03-06Remove pointless ":ob#0:pb#0:[tb=swap:]" disktab lines.Kenneth R Westerback
ok miod@
2023-03-06tweak examples/iked.conf bits a little further following comments byStuart Henderson
aisha@ and Crystal Kolipe, ok aisha@ tobhe@
2023-03-04move to 7.3-betaTheo de Raadt
2023-03-03Process accounting and lastcomm(1) can detect execve(2) violationsAlexander Bluhm
of pinsyscall(2) policy. Report such findings in daily mail like other security violations. User has to turn on accounting=YES in rc.conf.local to utilize this feature. OK deraadt@
2023-03-01/etc/examples/iked.conf tweaks:Stuart Henderson
- show a demo of a strong random string for psk, for some types of configuration psk makes sense. the previous example hinted at.not using it. - change the EAP MSCHAPv2 example so that more than one client can connect (previous used address config but with only a single address not a pool), and use the newer keywords to show how to route all traffic from dynamic-ip clients over the tunnel ok tobhe@
2023-02-28add 7.4 fw keyStuart Henderson
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-25 23:48:47 +0000