diff -ruU1 -I[$]OpenBSD ./etc/ntpd.conf ../42/etc/ntpd.conf --- ./etc/ntpd.conf Sat Mar 10 20:31:29 2007 +++ ../42/etc/ntpd.conf Tue Aug 28 11:59:48 2007 @@ -10,3 +10,3 @@ # use a random selection of 8 public stratum 2 servers -# see http://twiki.ntp.org/bin/view/Servers/NTPPoolServers +# see http://support.ntp.org/bin/view/Servers/NTPPoolServers servers pool.ntp.org diff -ruU1 -I[$]OpenBSD ./etc/ssh/ssh_config ../42/etc/ssh/ssh_config --- ./etc/ssh/ssh_config Sat Mar 10 20:31:32 2007 +++ ../42/etc/ssh/ssh_config Tue Aug 28 11:59:52 2007 @@ -40,2 +40,3 @@ # Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc +# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160 # EscapeChar ~ diff -ruU1 -I[$]OpenBSD ./etc/ssl/x509v3.cnf ../42/etc/ssl/x509v3.cnf --- ./etc/ssl/x509v3.cnf Sat Mar 10 20:31:47 2007 +++ ../42/etc/ssl/x509v3.cnf Tue Aug 28 12:00:15 2007 @@ -2,3 +2,3 @@ CERTPATHLEN = 1 -CERTUSAGE = digitalSignature,keyCertSign +CERTUSAGE = digitalSignature,keyCertSign,cRLSign CERTIP = 0.0.0.0 diff -ruU1 -I[$]OpenBSD ./etc/sysctl.conf ../42/etc/sysctl.conf --- ./etc/sysctl.conf Sat Mar 10 20:31:29 2007 +++ ../42/etc/sysctl.conf Tue Aug 28 11:59:48 2007 @@ -8,4 +8,6 @@ #net.inet.ip.mforwarding=1 # 1=Permit forwarding (routing) of IPv4 multicast packets +#net.inet.ip.multipath=1 # 1=Enable IP multipath routing #net.inet6.ip6.forwarding=1 # 1=Permit forwarding (routing) of IPv6 packets #net.inet6.ip6.mforwarding=1 # 1=Permit forwarding (routing) of IPv6 multicast packets +#net.inet6.ip6.multipath=1 # 1=Enable IPv6 multipath routing #net.inet6.ip6.accept_rtadv=1 # 1=Permit IPv6 autoconf (forwarding must be 0) @@ -29,2 +31,3 @@ #kern.splassert=2 # 2=enable with verbose error messages +#kern.nosuidcoredump=2 # 2=put suid coredumps in /var/crash #machdep.allowaperture=2 # See xf86(4) diff -ruU1 -I[$]OpenBSD ./etc/wsconsctl.conf ../42/etc/wsconsctl.conf --- ./etc/wsconsctl.conf Sat Mar 10 20:31:29 2007 +++ ../42/etc/wsconsctl.conf Tue Aug 28 11:59:48 2007 @@ -7,2 +7,3 @@ #keyboard.encoding=ru # use different keyboard encoding +#keyboard.bell.volume=0 # mute keyboard beep #display.vblank=on # enable vertical sync blank for screen burner diff -ruU1 -I[$]OpenBSD ./var/www/conf/httpd.conf ../42/var/www/conf/httpd.conf --- ./var/www/conf/httpd.conf Sat Mar 10 20:31:32 2007 +++ ../42/var/www/conf/httpd.conf Tue Aug 28 11:59:53 2007 @@ -51,2 +51,9 @@ # +# ServerTokens is either Full, OS, Minimal, or ProductOnly. +# The values define what version information is returned in the +# Server header in HTTP responses. +# +# ServerTokens ProductOnly + +# # ServerRoot: The top of the directory tree under which the server's @@ -575,3 +582,3 @@ # -ServerSignature On +# ServerSignature Off diff -ruU1 -I[$]OpenBSD ./etc/sensorsd.conf ../42/etc/sensorsd.conf --- ./etc/sensorsd.conf Sat Mar 10 20:31:29 2007 +++ ../42/etc/sensorsd.conf Tue Aug 28 11:59:48 2007 @@ -21,6 +21,29 @@ -# Intrusion detection (on ipmi) -#hw.sensors.ipmi0.indicator0: +# ignore certain indicators on ipmi(4) +#hw.sensors.ipmi0.indicator1:istatus -# RAID volume sd0 status -#hw.sensors.ami0.drive0: +# Warn if any temperature sensor is over 70 degC. +# This entry will match only those temperature sensors +# that don't have their own entry. +#temp:high=70C + + +# By default, sensorsd(8) reports status changes of all sensors that +# keep their state. Uncomment the following lines if you want to +# suppress reports about status changes of specific sensor types. + +#temp:istatus +#fan:istatus +#volt:istatus +#acvolt:istatus +#resistance:istatus +#power:istatus +#current:istatus +#watthour:istatus +#amphour:istatus +#indicator:istatus +#raw:istatus +#percentage:istatus +#illuminance:istatus +#drive:istatus +#timedelta:istatus diff -ruU2 -I[$]OpenBSD ./etc/sudoers ../42/etc/sudoers --- ./etc/sudoers Wed Oct 17 20:57:46 2007 env_keep and root ALL=(ALL) SETENV: ALL +++ ./etc/sudoers.42 Wed Oct 17 20:57:33 2007 (should work) @@ -1,2 +1,4 @@ +# $OpenBSD: upgrade42.patch,v 1.3 2007/10/23 00:33:26 nick Exp $ +# # sudoers file. # @@ -13,9 +15,13 @@ # Defaults specification +Defaults env_keep +="DESTDIR FETCH_CMD FLAVOR FTPMODE MAKE MULTI_PACKAGES OKAY_FILES PKG_DBDIR PKG_DESTDIR PKG_CACHE PKG_PATH PKG_TMPDIR PORTSDIR RELEASEDIR SUBPACKAGE" +# Uncomment to preserve the environment for users in group wheel +#Defaults:%wheel !env_reset + # Runas alias specification # User privilege specification -root ALL=(ALL) ALL +root ALL=(ALL) SETENV: ALL # Uncomment to allow people in group wheel to run all commands --- ./etc/sudoers Wed Oct 17 21:06:40 2007 sample wheel +++ ./etc/sudoers.42 Wed Oct 17 21:06:28 2007 (may fail) @@ -26,5 +26,6 @@ # Uncomment to allow people in group wheel to run all commands -# %wheel ALL=(ALL) ALL +# and set environment variables. +# %wheel ALL=(ALL) SETENV: ALL # Same thing without a password --- ./etc/sudoers Wed Oct 17 21:17:17 2007 sample wheel, no pw +++ ./etc/sudoers.42 Wed Oct 17 21:17:55 2007 (may fail) @@ -30,5 +30,5 @@ # Same thing without a password -# %wheel ALL=(ALL) NOPASSWD: ALL +# %wheel ALL=(ALL) NOPASSWD: SETENV: ALL # Samples --- ./etc/sudoers Wed Oct 17 21:06:40 2007 prod. wheel +++ ./etc/sudoers.42 Wed Oct 17 21:06:28 2007 (may fail) @@ -26,5 +26,6 @@ # Uncomment to allow people in group wheel to run all commands -%wheel ALL=(ALL) ALL +# and set environment variables. +%wheel ALL=(ALL) SETENV: ALL # Same thing without a password --- ./etc/sudoers Wed Oct 17 21:17:17 2007 prod. wheel, no pw +++ ./etc/sudoers.42 Wed Oct 17 21:17:55 2007 (may fail) @@ -30,5 +30,5 @@ # Same thing without a password -%wheel ALL=(ALL) NOPASSWD: ALL +%wheel ALL=(ALL) NOPASSWD: SETENV: ALL # Samples