| Age | Commit message (Collapse) | Author |
|---|
|
|
|
*installboot*: all Paul Kranenburg
pppctl(8): Brian Somers
rpc.bootparamd(8): public domain
|
|
bootpef(8), pppd(8): Carnegie Mellon
map-mbone(8), mrinfo(8): Xerox
pdisk(8): Apple
awk(1): Lucent
sectok(3): University of Michigan
|
|
these are all Regents of the University of California
|
|
|
|
|
|
|
|
des_crypt(3): Eric Young
aac(4): Michael Smith, BSDi, Niklas Hallqvist; ok niklas@
bktr(4): Amancio Hasty, Roger Hardiman
getopt(1): Henry Spencer (public domain)
pcnfds(8): Sun
|
|
|
|
the boundary could never ever be accidentally matched inside base64
data. Based on conversation with markus@, deraadt@, henning@. OK
deraadt@, henning@
|
|
ETag (entity tag) header value. Instead of including
the file modification date, inode, file size, etc.
directly in the ETag header, return a SHA1 hash of
these values instead.
This SHA1 hash is initialized with a pseudorandom
secret, so that it's harder to brute force inode
numbers. This initialization secret is saved in a
file called "etag-state" in the httpd chroot logs/
directory, so that the ETag header values are consistent
across httpd restarts (if the secret were different
each time httpd started, ETags would change unnecessarily
and thereby cause caches to refresh unnecessarily).
An additional change is introduced: we add the dev
number to the hash when (and only when) we add the
inode number to the hash.
Before:
HTTP/1.1 200 OK
Server: Apache/1.3.27 (Unix) mod_ssl/2.8.12 OpenSSL/0.9.7-beta3
ETag: "b10d3-1e59-3e49cbe4"
In this case, we can tell the inode number of index.html
is is b10d3 hex.
After:
HTTP/1.1 200 OK
Server: Apache/1.3.27 (Unix) mod_ssl/2.8.12 OpenSSL/0.9.7-beta3
ETag: "3f3b3cb2ce2e278087960b3be6a6e9844166e371"
Idea and solution by deraadt@. OK deraadt@, henning@. Any
bugs are my fault :)
|
|
the base64 alphabet includes the characters '/', '+', and '=', it may
violate section 4 of RFC 1341, which says that these kinds of characters
must be quoted in order to be used as a header parameter. Pointed out
by Wouter Clarie (rimshot AT pandora DOT be).
My solution is not to quote the parameter (I'm afraid that will break
simple browsers) but to replace special characters with alphabetic
characters so that the resulting string is entirely alphanumeric. We
don't want to use hex here, the alphabet is too small.
"not too ugly for me" deraadt@, "a bit ugly but good enough" henning@,
"that might be better than quoting" wouter
|
|
|
|
Instead, generate a random MIME boundary separator that is also
much longer, which makes it less likely to occur in the data.
Before:
HTTP/1.1 206 Partial Content
Server: Apache/1.3.27 (Unix) mod_ssl/2.8.12 OpenSSL/0.9.7-beta3
Content-Type: multipart/byteranges; boundary=3e4e7d648e6
where the first 6 hex digits of the boundary is the request
time and the last 4 hex digits of the boundary (48e6) is the PID
of the httpd process that served the request.
After:
HTTP/1.1 206 Partial Content
Server: Apache/1.3.27 (Unix) mod_ssl/2.8.12 OpenSSL/0.9.7-beta3
Content-Type: multipart/byteranges; boundary=lqmQDSxeaFSosnx+R46M94slY7G5BKGVPIhCc4ffoW852Vz0RbOaLJfMCAHHTfvR
The boundary now consists of 48 pseudorandom bytes encoded into 64
base64 characters. This is in accordance with RFC 1341 section 7.2.1.
Based on conversations with deraadt@. OK deraadt@
|
|
|
|
|
|
|
|
|
|
tftpd(8): tweak and ok millert@
tokenadm(8): tweak and ok millert@
|
|
|
|
3084; different fix used. Hopefully this makes the code in question
easier to read. deraadt@ henric@ OK
|
|
setextattr(8): example markus@
spamd(8): someone else found some of these on bugs/misc, but for the life
of me i can't find out who
pf.conf(5): from openbsd@davidkrause.com
raidctl(8): from ian@darwinsys.com
|
|
|
|
This will make librpcsvc follow the real protocol and not the incorrect
specification in yp.x.
The changes in yp.x is from FreeBSD. A make build is the simplest way
to get things working but the following five step is an alternative
1) make depend && make && make install in lib/librpcsvc
2) make includes in lib/librpcsvc
3) make depend && make && make install in lib/libc
4) make depend && make && make install in usr.sbin/ypserv/ypserv
5) make depend && make && make install in usr.sbin/ypserv/ypxfr
-moj ok niklas@ ho@
|
|
|
|
Make sence.
millert@ ok
|
|
ok henric@
|
|
raidctl(8) ok millert@
mknetid(8) help maja@
|
|
dot org. -moj ok deraadt@
|
|
|
|
workaround in the tree
|
|
|
|
was to avoid needless incompatibilities with NetBSD's command line options
but this ended up causing too much confusion on the part of the user.
The -u option now also sets the group and group vector based on passwd(5)
and group(5) unless an alternate group list is specified via the -g option.
The -U and -G options have been removed.
The resulting code is much simpler and the behavior of chroot(8) seems
to better match users' expectations; OK deraadt@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
ipsecadm(8): examples ho@
help and ok markus@
|
|
|
|
|
|
|
|
it in if it is needed. We do need a fake maninstall target ifdef
NOMAN though. This prevents dhcp-options.5 from being installed
if NOMAN is set.
|
|
|
|
chat(8): removed reference to uucico(8)
ok deraadt@
|
|
eeprom(8): added .Ar to fields, removed references to sun3
sshd(8): help and ok markus@
help and ok millert@
|
|
ok deraadt@ millert@
|
|
many tweaks by millert@ (thanks)
thanks mpech@ for help with adduser(8)
ok millert@
|
