Revision tags: v6.2.1, v6.2.0, v6.3.0, v6.0.1, v6.0.0, v6.0.0rc1, v6.1.0, v5.8.3, v5.8.2, v5.8.1, v5.8.0, v5.9.0, v5.8.0rc1, v5.6.3, v5.6.2, v5.6.1, v5.6.0, v5.6.0rc1, v5.7.0, v5.4.3 |
|
#
ed5666c1 |
| 22-Apr-2019 |
zrj <rimvydas.jasinskas@gmail.com> |
Deprecate and remove OPIE from PAM.
This will require user intervention to manually disable OPIE usage or cleanly reinstall pam.d/* (even better if no modifications were done). Due to very strict us
Deprecate and remove OPIE from PAM.
This will require user intervention to manually disable OPIE usage or cleanly reinstall pam.d/* (even better if no modifications were done). Due to very strict used "requisite" requirements any pam_opie loading error will result in unusable system except for singe user mode. Add warning for the user. Sooner or later this will need to be done.
While there, disable installing /etc/pam.d/rsh script. It can be removed.
show more ...
|
Revision tags: v5.4.2, v5.4.1, v5.4.0, v5.5.0, v5.4.0rc1, v5.2.2, v5.2.1, v5.2.0, v5.3.0, v5.2.0rc, v5.0.2, v5.0.1, v5.0.0, v5.0.0rc2, v5.1.0, v5.0.0rc1, v4.8.1, v4.8.0, v4.6.2, v4.9.0, v4.8.0rc, v4.6.1, v4.6.0, v4.6.0rc2, v4.6.0rc, v4.7.0, v4.4.3, v4.4.2, v4.4.1, v4.4.0, v4.5.0, v4.4.0rc, v4.2.4, v4.3.1, v4.2.3, v4.2.1, v4.2.0, v4.0.6, v4.3.0, v4.2.0rc, v4.0.5, v4.0.4, v4.0.3, v4.0.2, v4.0.1, v4.0.0, v4.0.0rc3, v4.0.0rc2, v4.0.0rc, v4.1.0, v3.8.2, v3.8.1, v3.6.3, v3.8.0, v3.8.0rc2, v3.9.0, v3.8.0rc, v3.6.2, v3.6.1, v3.6.0, v3.7.1, v3.6.0rc, v3.7.0, v3.4.3, v3.4.2, v3.4.0, v3.4.1, v3.4.0rc, v3.5.0, v3.2.2, v3.2.1, v3.2.0, v3.3.0, v3.0.3 |
|
#
2edc29ca |
| 11-Jul-2012 |
Peter Avalos <pavalos@dragonflybsd.org> |
pam.d: Delete some files that don't belong.
While I'm here, fix some whitespace issues and pam_ssh examples (add want_agent).
|
Revision tags: v3.0.2, v3.0.1, v3.1.0, v3.0.0 |
|
#
86d7f5d3 |
| 26-Nov-2011 |
John Marino <draco@marino.st> |
Initial import of binutils 2.22 on the new vendor branch
Future versions of binutils will also reside on this branch rather than continuing to create new binutils branches for each new version.
|
Revision tags: v2.12.0, v2.13.0, v2.10.1, v2.11.0, v2.10.0, v2.9.1, v2.8.2, v2.8.1, v2.8.0, v2.9.0, v2.6.3, v2.7.3, v2.6.2, v2.7.2, v2.7.1, v2.6.1, v2.7.0, v2.6.0, v2.5.1, v2.4.1, v2.5.0, v2.4.0, v2.3.2, v2.3.1, v2.2.1, v2.2.0, v2.3.0 |
|
#
bf9ce431 |
| 02-Jan-2009 |
Peter Avalos <pavalos@theshell.com> |
Sync ftpd(8) with FreeBSD. Here are the highlights:
-Prevent cross-site forgery attacks on ftpd(8) due to splitting long commands into multiple requests.
-Switch from S/Key to OPIE.
-Add PAM suppo
Sync ftpd(8) with FreeBSD. Here are the highlights:
-Prevent cross-site forgery attacks on ftpd(8) due to splitting long commands into multiple requests.
-Switch from S/Key to OPIE.
-Add PAM support for account management and sessions.
-Avoid calling uninitialized function pointers in protocol switch code.
-Add support for RFC 2389 (FEAT) and RFC 2640 (UTF8) to ftpd(8).
-Use uniform punctuation, capitalization, and language style in server messages wherever this doesn't contradict to a particular message format.
-Use the standardized CHAR_BIT constant instead of NBBY.
-Let tilde expansion be done even if a file/directory doesn't exist yet. This makes such natural commands as "MKD ~user/newdir" or "STOR ~/newfile" do what they are supposed to instead of failing miserably with the "File not found" error.
-ANSI function declarations.
-Remove (void) casts and register keyword.
-Block SIGURG while reading from the control channel. SIGURG is configured by ftpd to interrupt system calls, which is useful during data transfers. However, SIGURG could interrupt I/O on the control channel as well, which was mistaken for the end of the session. A practical example could be aborting the download of a tiny file, when the abort sequence reached ftpd after ftpd had passed the file data to the system and returned to its command loop.
-Improve error handling in getline().
-Log pathname arguments to ftp commands as the user specified them; add the working directory pathname to the log message if any of such arguments isn't absolute. This has advantage over the old way of logging that an admin can see what users are actually trying to do, and where. The old code was also not too robust when it came to a chrooted session and an absolute pathname.
-Improve handling SIGURG and OOB commands on the control channel. The major change is to process STAT sent as an OOB command w/o breaking the current data transfer. As a side effect, this gives better error checking in the code performing data transfers.
-Never emit a message to stderr: use syslog instead. When in inetd mode, this prevents bogus messages from appearing on the control channel. When running as a daemon, we shouldn't write to the terminal we used to have at all.
-Don't depend on IPv4-mapped IPv6 address to bind to both IPv4 and IPv6.
-Work around a bug in some clients by never returning raw directory contents in reply to a RETR command. Such clients consider RETR as a way to tell a file from a directory.
-Log the actual number of bytes sent on the wire to /var/log/ftpd instead of the disk size of the file sent. Since the log file is intended to provide data for anonymous ftp traffic accounting, the disk size of the file isn't really informative in this case.
show more ...
|
Revision tags: v2.1.1, v2.0.1 |
|
#
73c4f380 |
| 22-Jul-2005 |
Joerg Sonnenberger <joerg@dragonflybsd.org> |
Split monolithic /etc/pam.conf into separate files for each service under /etc/pam.d. The README was obtained from FreeBSD, the convert.sh script is inspired by convert.pl, but works with sh and awk
Split monolithic /etc/pam.conf into separate files for each service under /etc/pam.d. The README was obtained from FreeBSD, the convert.sh script is inspired by convert.pl, but works with sh and awk only.
If you just want to convert your existing configuration to the new format, run "sh /etc/pam.d/convert.sh". You can remove /etc/pam.conf afterwards.
show more ...
|