| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
ok guenther millert
|
|
Requested by deraadt@
|
|
prompted by deraadt@, ok eric@
|
|
CVE-2014-0133 does not affect OpenBSD because SPDY is not enabled
ok florian@
|
|
OK benno@, lteo@
|
|
OK benno@
|
|
|
|
ok jmc@ tedu@
|
|
- add a small shared SSL session cache
- disable rc4 ciphers in sample config
- switch to a unix socket for php-fpm
- use try_files to avoid passing non-existing files to php
http://wiki.nginx.org/Pitfalls#Passing_Uncontrolled_Requests_to_PHP
ok robert@
|
|
|
|
|
|
|
|
no longer needed now that this file is handled the same in Unbound's build
infrastructure as the other manpages.
|
|
generate a copy in the build directory. Removes some complexity and fixes
a problem noticed by rpe@ when running 'make -f Makefile.bsd-wrapper clean'
in src dir without having an obj dir present. From upstream r3100.
|
|
From upstream r3099
|
|
|
|
These are the direct sources from NLnet Labs upstream, minus these:
compat contrib libunbound/python pythonmod testcode testdata winrc
ok deraadt@ jakob@
|
|
|
|
confused a few people
ok eric@
|
|
recipient, the local domain is assumed. this was correctly handled at the
smtp level, but headers were not updated to reflect that.
issue experienced by several people, fix tested by ajacoutot@ and I
ok eric@
|
|
They are not supposed to be exposed.
ok gilles@
|
|
Don't fetch SHA256 twice when we are updating from the same repo.
Better output.
Simplify extract_set (becomes extract_sets and deal with all sets at once).
Make sure we cannot pass -s xetcXX and/or -x etcXX.
Bring consistency in condition evaluations.
Drop some unused variables.
with inputs from rpe@
|
|
will cause the parent process to wake up unnecessarily at runtime
ok eric@
|
|
|
|
never heard about it, it was to bypass the routing tables, not available
for IPv6 and we're going to always use the routing tables soon.
ok florian@, man pages ok jmc@
|
|
is only implemented for IPv4. Just remove it.
Tested by and ok florian@
|
|
ok florian@
|
|
in there.
|
|
|
|
distribution-etc-root-var target; otherwise mtree(8) can fail.
issue reported and debugged by deraadt@
ok sthen@
|
|
all processes from waking up every second
|
|
|
|
command for npppctl(8) to monitor PPP session start/stop events.
|
|
assert is disabled by compile time, the function returns immediatly on that
condition.
|
|
a user authentication is succeeded in case the authentication config option
has `username-suffix' and 'strip-atmark-realm' is yes. Delete
`username-prefix' from authentication setting. This config option was
mis-leading and useless.
|
|
Framed-IP-Address. acct_framed_ip_address should be used for that purpose.
|
|
|
|
|
|
support in 2007 (Windows Vista); requires MD4, which will be removed.
ok sthen@
|
|
|
|
|
|
and use it as the default location for the DNSSEC root key. Update default
config for this location.
With this, the only step required to enable DNSSEC validation is to
uncomment these default config entries and restart:
#module-config: "validator iterator"
#auto-trust-anchor-file: "/var/unbound/db/root.key"
There is no longer a requirement to run unbound-anchor manually to
update the root key. The rc.d script will take care of updates at boot,
and Unbound will manage the file itself at runtime.
Test with "dig test.dnssec-or-not.net txt @127.0.0.1" or similar.
|
|
information for people writing nginx configuration.
- remove commented-out "ssl_protocols SSLv3 TLSv1" line; nginx default is
"SSLv3 TLSv1 TLSv1.1 TLSv1.2", so uncommenting this line removes desirable
protocols
ok robert@
|
|
ok sthen@ rpe@
|
|
sendmail.8 note by jmc
|
|
|
|
--
Sync timestamp changes for inodes of special files to disk as late
as possible (when the inode is reclaimed). Temporarily only do
this if option UFS_LAZYMOD configured and softupdates aren't enabled.
UFS_LAZYMOD is intentionally left out of /sys/conf/options.
This is mainly to avoid almost useless disk i/o on battery powered
machines. It's silly to write to disk (on the next sync or when the
inode becomes inactive) just because someone hit a key or something
wrote to the screen or /dev/null.
--
Made lazy syncing of timestamps for special files non-optional.
--
Also, include support in 'pstat -v' to display the IN_LAZYMOD flag.
ok tedu@ millert@
|
|
this hardware alive is becoming increasingly difficult, and I should heed the
message sent by the three disks which have died on me over the last few days.
Noone sane will mourn these ports anyway. So long, and thanks for the fish.
|
