Untitled

diff -ur etc48/.profile etc49/.profile
--- etc48/.profile	Mon Aug 16 16:46:51 2010
+++ etc49/.profile	Wed Mar  2 14:51:50 2011
@@ -1,4 +1,4 @@
-# $OpenBSD: dot.profile,v 1.8 2009/05/06 22:02:05 millert Exp $
+# $OpenBSD: dot.profile,v 1.9 2010/12/13 12:54:31 millert Exp $
 #
 # sh/ksh initialization

@@ -8,10 +8,14 @@
 export HOME
 umask 022

-if [ -x /usr/bin/tset ]; then
-	if [ X"$XTERM_VERSION" = X"" ]; then
-		eval `/usr/bin/tset -sQ '-munknown:?vt220' $TERM`
-	else
-		eval `/usr/bin/tset -IsQ '-munknown:?vt220' $TERM`
+case "$-" in
+*i*)    # interactive shell
+	if [ -x /usr/bin/tset ]; then
+		if [ X"$XTERM_VERSION" = X"" ]; then
+			eval `/usr/bin/tset -sQ '-munknown:?vt220' $TERM`
+		else
+			eval `/usr/bin/tset -IsQ '-munknown:?vt220' $TERM`
+		fi
 	fi
-fi
+	;;
+esac
diff -ur etc48/etc/bgpd.conf etc49/etc/bgpd.conf
--- etc48/etc/bgpd.conf	Mon Aug 16 16:46:49 2010
+++ etc49/etc/bgpd.conf	Wed Mar  2 14:51:50 2011
@@ -1,4 +1,4 @@
-# $OpenBSD: bgpd.conf,v 1.9 2009/11/20 19:51:05 claudio Exp $
+# $OpenBSD: bgpd.conf,v 1.12 2011/01/19 07:36:40 claudio Exp $
 # sample bgpd configuration file
 # see bgpd.conf(5)

@@ -18,6 +18,9 @@
 # log updates
 # network 10.0.1.0/24

+# restricted socket for bgplg(8)
+# socket "/var/www/logs/bgpd.rsock" restricted
+
 # neighbors and peers
 group "peering AS65002" {
 	remote-as 65002
@@ -74,18 +77,36 @@
 	    aes 4e0f2f1b5c4e3c0d0e2f2d3b8c5c8f0b
 }

-# filter out prefixes longer than 24 or shorter than 8 bits
+# filter out prefixes longer than 24 or shorter than 8 bits for IPv4
+# and longer than 48 or shorter than 16 bits for IPv6.
 deny from any
 allow from any inet prefixlen 8 - 24
+allow from any inet6 prefixlen 16 - 48

 # accept a default route (since the previous rule blocks this)
 #allow from any prefix 0.0.0.0/0

-# filter bogus networks
+# filter bogus networks according to RFC5735
+deny from any prefix 0.0.0.0/8 prefixlen >= 8
 deny from any prefix 10.0.0.0/8 prefixlen >= 8
-deny from any prefix 172.16.0.0/12 prefixlen >= 12
-deny from any prefix 192.168.0.0/16 prefixlen >= 16
+deny from any prefix 127.0.0.0/8 prefixlen >= 8
 deny from any prefix 169.254.0.0/16 prefixlen >= 16
+deny from any prefix 172.16.0.0/12 prefixlen >= 12
 deny from any prefix 192.0.2.0/24 prefixlen >= 24
+deny from any prefix 192.168.0.0/16 prefixlen >= 16
+deny from any prefix 198.18.0.0/15 prefixlen >= 15
+deny from any prefix 198.51.100.0/24 prefixlen >= 24
+deny from any prefix 203.0.113.0/24 prefixlen >= 24
 deny from any prefix 224.0.0.0/4 prefixlen >= 4
 deny from any prefix 240.0.0.0/4 prefixlen >= 4
+
+# filter bogus IPv6 networks according to IANA
+deny from any prefix ::/8 prefixlen >= 8
+deny from any prefix 2001:2::/48 prefixlen >= 48	# BMWG [RFC5180]
+deny from any prefix 2001:10::/28 prefixlen >= 28	# ORCHID [RFC4843]
+deny from any prefix 2001:db8::/32 prefixlen >= 32	# docu range [RFC3849]
+deny from any prefix 3ffe::/16 prefixlen >= 16		# old 6bone
+deny from any prefix fc00::/7 prefixlen >= 7		# unique local unicast
+deny from any prefix fe80::/10 prefixlen >= 10		# link local unicast
+deny from any prefix fec0::/10 prefixlen >= 10		# old site local unicast
+deny from any prefix ff00::/8 prefixlen >= 8		# multicast
diff -ur etc48/etc/changelist etc49/etc/changelist
--- etc48/etc/changelist	Mon Aug 16 16:46:48 2010
+++ etc49/etc/changelist	Wed Mar  2 14:51:49 2011
@@ -1,4 +1,4 @@
-#	$OpenBSD: changelist,v 1.68 2010/06/29 17:17:53 nicm Exp $
+#	$OpenBSD: changelist,v 1.71 2011/01/19 18:34:58 david Exp $
 #
 # List of files which the security script backs up and checks
 # for modifications.
@@ -38,7 +38,6 @@
 /etc/gettytab
 /etc/group
 /etc/hostapd.conf
-/etc/relayd.conf
 /etc/hosts
 /etc/hosts.allow
 /etc/hosts.deny
@@ -48,9 +47,12 @@
 +/etc/iked.conf
 /etc/inetd.conf
 +/etc/ipsec.conf
-+/etc/isakmpd/private/local.key
++/etc/isakmpd/isakmpd.conf
++/etc/isakmpd/isakmpd.policy
 /etc/isakmpd/local.pub
++/etc/isakmpd/private/local.key
 /etc/ksh.kshrc
+/etc/ldapd.conf
 /etc/ldpd.conf
 /etc/locate.rc
 /etc/login.conf
@@ -91,12 +93,14 @@
 /etc/netstart
 /etc/networks
 /etc/newsyslog.conf
+/etc/nsd.conf
 /etc/ntpd.conf
-/etc/ospfd.conf
 /etc/ospf6d.conf
+/etc/ospfd.conf
 /etc/passwd
 /etc/pf.conf
 /etc/pf.os
+/etc/pkg.conf
 /etc/portal.conf
 /etc/printcap
 /etc/profile
@@ -106,15 +110,17 @@
 /etc/rc
 /etc/rc.conf
 /etc/rc.conf.local
+/etc/rc.d/rc.subr
 /etc/rc.local
 /etc/rc.securelevel
 /etc/rc.shutdown
+/etc/relayd.conf
 /etc/remote
 /etc/resolv.conf
 /etc/resolv.conf.tail
+/etc/ripd.conf
 +/etc/rndc.key
 /etc/rpc
-/etc/ripd.conf
 /etc/rtadvd.conf
 /etc/sasyncd.conf
 /etc/security
@@ -129,6 +135,8 @@
 /etc/ssh/ssh_config
 +/etc/ssh/ssh_host_dsa_key
 /etc/ssh/ssh_host_dsa_key.pub
++/etc/ssh/ssh_host_ecdsa_key
+/etc/ssh/ssh_host_ecdsa_key.pub
 +/etc/ssh/ssh_host_key
 /etc/ssh/ssh_host_key.pub
 +/etc/ssh/ssh_host_rsa_key
@@ -145,6 +153,8 @@
 /etc/weekly
 /etc/weekly.local
 /etc/wsconsctl.conf
+/etc/ypldap.conf
+/root/.Xdefaults
 /root/.cshrc
 /root/.klogin
 /root/.login
diff -ur etc48/etc/daily etc49/etc/daily
--- etc48/etc/daily	Mon Aug 16 16:46:48 2010
+++ etc49/etc/daily	Wed Mar  2 14:51:49 2011
@@ -1,5 +1,5 @@
 #
-#	$OpenBSD: daily,v 1.67 2010/07/25 08:49:03 espie Exp $
+#	$OpenBSD: daily,v 1.68 2010/09/22 13:01:10 deraadt Exp $
 #	From: @(#)daily	8.2 (Berkeley) 1/25/94
 #
 # For local additions, create the file /etc/daily.local.
@@ -78,10 +78,6 @@
 if [ -d /var/rwho -a ! -L /var/rwho ] ; then
 	cd /var/rwho && {
 	find . ! -name . -mtime +7 -execdir rm -f -- {} \; ; }
-fi
-
-if [ -d /var/msgs -a ! -L /var/msgs ]; then
-	msgs -c
 fi

 next_part "Purging accounting records:"
diff -ur etc48/etc/disktab etc49/etc/disktab
--- etc48/etc/disktab	Mon Aug 16 16:46:49 2010
+++ etc49/etc/disktab	Wed Mar  2 14:51:49 2011
@@ -1,4 +1,4 @@
-#	$OpenBSD: disktab,v 1.20 2010/07/02 20:33:54 tedu Exp $
+#	$OpenBSD: disktab,v 1.21 2010/10/19 20:23:53 deraadt Exp $

 floppy288|3in|3.5in High Density Floppy, 2.88MB:\
 	:dt=floppy:ty=floppy:se#512:nt#2:rm#300:ns#36:nc#80:\
@@ -20,6 +20,6 @@

 rdroot|ramdiskroot|RAM-disk root FS image:\
 	:ty=ramdisk:se#512:nt#2:ns#128:nc#16:\
-	:pa#3800:oa#0:ta=4.2BSD:ba#4096:fa#512:\
+	:pa#3872:oa#0:ta=4.2BSD:ba#4096:fa#512:\
 	:pb#0:ob#0:tb=swap:\
-	:pc#3800:oc#0:
+	:pc#3872:oc#0:
diff -ur etc48/etc/ldap/core.schema etc49/etc/ldap/core.schema
--- etc48/etc/ldap/core.schema	Mon Aug 16 16:46:57 2010
+++ etc49/etc/ldap/core.schema	Wed Mar  2 14:51:55 2011
@@ -635,14 +635,14 @@

 ################ rfc3045
 attributetype ( 1.3.6.1.1.4 NAME 'vendorName'
-	EQUALITY 1.3.6.1.4.1.1466.109.114.1
+	EQUALITY caseExactMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
         SINGLE-VALUE
 	NO-USER-MODIFICATION
 	USAGE dSAOperation )

 attributetype ( 1.3.6.1.1.5 NAME 'vendorVersion'
-	EQUALITY 1.3.6.1.4.1.1466.109.114.1
+	EQUALITY caseExactMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
         SINGLE-VALUE
 	NO-USER-MODIFICATION
diff -ur etc48/etc/login.conf etc49/etc/login.conf
--- etc48/etc/login.conf	Mon Aug 16 16:46:49 2010
+++ etc49/etc/login.conf	Wed Mar  2 14:51:50 2011
@@ -1,4 +1,4 @@
-# $OpenBSD: login.conf.in,v 1.2 2007/01/09 10:20:12 millert Exp $
+# $OpenBSD: login.conf.in,v 1.3 2010/12/17 05:33:06 tedu Exp $

 #
 # Sample login.conf file.  See login.conf(5) for details.
diff -ur etc48/etc/mail/aliases etc49/etc/mail/aliases
--- etc48/etc/mail/aliases	Mon Aug 16 16:46:57 2010
+++ etc49/etc/mail/aliases	Wed Mar  2 14:51:55 2011
@@ -1,5 +1,5 @@
 #
-#	$OpenBSD: aliases,v 1.35 2010/06/03 20:32:36 reyk Exp $
+#	$OpenBSD: aliases,v 1.36 2010/09/22 13:01:10 deraadt Exp $
 #
 #  Aliases in this file will NOT be expanded in the header from
 #  Mail, but WILL be visible over networks or from /usr/libexec/mail.local.
@@ -84,6 +84,3 @@
 # news:		usenet
 # webmaster:	root
 # ftp:		root
-
-# uncomment this for msgs:
-# msgs: "|/usr/bin/msgs -s"
diff -ur etc48/etc/mail/localhost.cf etc49/etc/mail/localhost.cf
--- etc48/etc/mail/localhost.cf	Mon Aug 16 16:46:53 2010
+++ etc49/etc/mail/localhost.cf	Wed Mar  2 14:51:51 2011
@@ -16,7 +16,7 @@
 #####
 #####		SENDMAIL CONFIGURATION FILE
 #####
-##### built by root@i386.openbsd.org on Wed Aug 11 09:49:09 MDT 2010
+##### built by root@i386.openbsd.org on Tue Mar 1 08:52:00 MST 2011
 ##### in /usr/src/gnu/usr.sbin/sendmail/cf/cf
 ##### using /usr/src/gnu/usr.sbin/sendmail/cf/cf/../ as configuration include directory
 #####
diff -ur etc48/etc/mail/sendmail.cf etc49/etc/mail/sendmail.cf
--- etc48/etc/mail/sendmail.cf	Mon Aug 16 16:46:53 2010
+++ etc49/etc/mail/sendmail.cf	Wed Mar  2 14:51:51 2011
@@ -16,7 +16,7 @@
 #####
 #####		SENDMAIL CONFIGURATION FILE
 #####
-##### built by root@i386.openbsd.org on Wed Aug 11 09:49:09 MDT 2010
+##### built by root@i386.openbsd.org on Tue Mar 1 08:52:00 MST 2011
 ##### in /usr/src/gnu/usr.sbin/sendmail/cf/cf
 ##### using /usr/src/gnu/usr.sbin/sendmail/cf/cf/../ as configuration include directory
 #####
diff -ur etc48/etc/mail/submit.cf etc49/etc/mail/submit.cf
--- etc48/etc/mail/submit.cf	Mon Aug 16 16:46:53 2010
+++ etc49/etc/mail/submit.cf	Wed Mar  2 14:51:51 2011
@@ -16,7 +16,7 @@
 #####
 #####		SENDMAIL CONFIGURATION FILE
 #####
-##### built by root@i386.openbsd.org on Wed Aug 11 09:49:08 MDT 2010
+##### built by root@i386.openbsd.org on Tue Mar 1 08:52:00 MST 2011
 ##### in /usr/src/gnu/usr.sbin/sendmail/cf/cf
 ##### using /usr/src/gnu/usr.sbin/sendmail/cf/cf/../ as configuration include directory
 #####
diff -ur etc48/etc/man.conf etc49/etc/man.conf
--- etc48/etc/man.conf	Mon Aug 16 16:46:48 2010
+++ etc49/etc/man.conf	Wed Mar  2 14:51:49 2011
@@ -1,4 +1,4 @@
-#	$OpenBSD: man.conf,v 1.15 2010/04/09 19:07:30 naddy Exp $
+#	$OpenBSD: man.conf,v 1.16 2010/10/19 20:05:52 schwarze Exp $

 # Sheer, raging paranoia...
 _version	BSD.2
@@ -16,17 +16,15 @@
 _suffix		.0
 _build		.0.Z		/usr/bin/zcat %s
 _build		.0.gz		/usr/bin/gzcat %s
-_build		.[1-9n]		/usr/bin/nroff -Tascii -man %s
-_build		.[1-9n].Z	/usr/bin/zcat %s | /usr/bin/nroff -Tascii -man
-_build		.[1-9n].gz	/usr/bin/gzcat %s | /usr/bin/nroff -Tascii -man
-_build		.[1-9][a-z]	/usr/bin/nroff -Tascii -man %s
-_build		.[1-9][a-z].Z	/usr/bin/zcat %s | /usr/bin/nroff -Tascii -man
-_build		.[1-9][a-z].gz	/usr/bin/gzcat %s | /usr/bin/nroff -Tascii -man
-_build		.tbl		/usr/bin/tbl %s | /usr/bin/nroff -Tascii -man
-_build		.tbl.Z		/usr/bin/zcat %s | /usr/bin/tbl | /usr/bin/nroff -Tascii -man
-_build		.tbl.gz		/usr/bin/gzcat %s | /usr/bin/tbl | /usr/bin/nroff -Tascii -man
-_build		.me		/usr/bin/nroff -Tascii -me %s 2>/dev/null | cat -s
-_build		.ms		/usr/bin/nroff -Tascii -ms %s 2>/dev/null | cat -s
+_build		.[1-9n]		/usr/bin/mandoc %s
+_build		.[1-9n].Z	/usr/bin/zcat %s | /usr/bin/mandoc
+_build		.[1-9n].gz	/usr/bin/gzcat %s | /usr/bin/mandoc
+_build		.[1-9][a-z]	/usr/bin/mandoc %s
+_build		.[1-9][a-z].Z	/usr/bin/zcat %s | /usr/bin/mandoc
+_build		.[1-9][a-z].gz	/usr/bin/gzcat %s | /usr/bin/mandoc
+_build		.tbl		/usr/bin/mandoc %s
+_build		.tbl.Z		/usr/bin/zcat %s | /usr/bin/mandoc
+_build		.tbl.gz		/usr/bin/gzcat %s | /usr/bin/mandoc

 # Sections and their directories.
 # All paths ending in '/' are the equivalent of entries specifying that
diff -ur etc48/etc/monthly etc49/etc/monthly
--- etc48/etc/monthly	Mon Aug 16 16:46:48 2010
+++ etc49/etc/monthly	Wed Mar  2 14:51:49 2011
@@ -1,5 +1,5 @@
 #
-#	$OpenBSD: monthly,v 1.12 2009/05/25 21:31:24 schwarze Exp $
+#	$OpenBSD: monthly,v 1.13 2011/01/19 06:18:05 david Exp $
 #
 # For local additions, create the file /etc/monthly.local.
 # To get section headers, use the function next_part in monthly.local.
@@ -45,5 +45,5 @@

 end_part
 rm -f $PARTOUT
-
+
 [ -s $MAINOUT ] && mail -s "`hostname` monthly output" root < $MAINOUT
diff -ur etc48/etc/netstart etc49/etc/netstart
--- etc48/etc/netstart	Mon Aug 16 16:46:48 2010
+++ etc49/etc/netstart	Wed Mar  2 14:51:49 2011
@@ -1,6 +1,6 @@
 #!/bin/sh -
 #
-#	$OpenBSD: netstart,v 1.130 2010/06/16 23:45:57 todd Exp $
+#	$OpenBSD: netstart,v 1.131 2011/02/09 17:22:06 sobrado Exp $

 # Strip comments (and leading/trailing whitespace if IFS is set)
 # from a file and spew to stdout
@@ -201,8 +201,8 @@
 	domainname `stripcom /etc/defaultdomain`
 fi

-# Set the address for the loopback interface.  Bringing the
-# interface up, automatically invokes the IPv6 address ::1)
+# Set the address for the loopback interface.  Bringing the interface up,
+# automatically invokes the IPv6 address ::1.
 ifconfig lo0 inet 127.0.0.1/8

 if ifconfig lo0 inet6 >/dev/null 2>&1; then
Only in etc49/etc: nsd.conf
diff -ur etc48/etc/pf.os etc49/etc/pf.os
--- etc48/etc/pf.os	Mon Aug 16 16:46:49 2010
+++ etc49/etc/pf.os	Wed Mar  2 14:51:50 2011
@@ -1,4 +1,4 @@
-# $OpenBSD: pf.os,v 1.22 2009/08/08 09:24:51 deraadt Exp $
+# $OpenBSD: pf.os,v 1.25 2010/10/18 15:55:27 deraadt Exp $
 # passive OS fingerprinting
 # -------------------------
 #
@@ -298,12 +298,15 @@
 # ----------------- OpenBSD -----------------

 16384:64:0:60:M*,N,W0,N,N,T:		OpenBSD:2.6::NetBSD 1.3 (or OpenBSD 2.6)
-16384:64:1:64:M*,N,N,S,N,W0,N,N,T:	OpenBSD:3.0-4.0::OpenBSD 3.0-4.0
-16384:64:0:64:M*,N,N,S,N,W0,N,N,T:	OpenBSD:3.0-4.0:no-df:OpenBSD 3.0-4.0 (scrub no-df)
+16384:64:1:64:M*,N,N,S,N,W0,N,N,T:	OpenBSD:3.0-4.8::OpenBSD 3.0-4.8
+16384:64:0:64:M*,N,N,S,N,W0,N,N,T:	OpenBSD:3.0-4.8:no-df:OpenBSD 3.0-4.8 (scrub no-df)
 57344:64:1:64:M*,N,N,S,N,W0,N,N,T:	OpenBSD:3.3-4.0::OpenBSD 3.3-4.0
 57344:64:0:64:M*,N,N,S,N,W0,N,N,T:	OpenBSD:3.3-4.0:no-df:OpenBSD 3.3-4.0 (scrub no-df)

 65535:64:1:64:M*,N,N,S,N,W0,N,N,T:	OpenBSD:3.0-4.0:opera:OpenBSD 3.0-4.0 (Opera)
+
+16384:64:1:64:M*,N,N,S,N,W3,N,N,T:	OpenBSD:4.9::OpenBSD 4.9
+16384:64:0:64:M*,N,N,S,N,W3,N,N,T:	OpenBSD:4.9:no-df:OpenBSD 4.9 (scrub no-df)

 # ----------------- Solaris -----------------

diff -ur etc48/etc/rc etc49/etc/rc
--- etc48/etc/rc	Mon Aug 16 16:46:48 2010
+++ etc49/etc/rc	Wed Mar  2 14:51:49 2011
@@ -1,4 +1,4 @@
-#	$OpenBSD: rc,v 1.340 2010/07/27 08:37:33 martinh Exp $
+#	$OpenBSD: rc,v 1.348 2011/01/14 00:05:42 deraadt Exp $

 # System startup script run by init on autoboot
 # or after single-user.
@@ -102,14 +102,12 @@
 random_seed()
 {
 	if [ -f /var/db/host.random -a "X$random_seed_done" = "X" ]; then
-		dd if=/var/db/host.random of=/dev/urandom bs=1024 count=64 \
+		dd if=/var/db/host.random of=/dev/arandom bs=65536 count=1 \
 		    > /dev/null 2>&1
-		dd if=/var/db/host.random of=/dev/arandom bs=1024 count=64 \
-		    > /dev/null 2>&1

 		# reset seed file, so that if a shutdown-less reboot occurs,
 		# the next seed is not a repeat
-		dd if=/dev/urandom of=/var/db/host.random bs=1024 count=64 \
+		dd if=/dev/arandom of=/var/db/host.random bs=65536 count=1 \
 		    > /dev/null 2>&1

 		random_seed_done=1
@@ -157,8 +155,11 @@
 PATH=/sbin:/bin:/usr/sbin:/usr/bin
 export PATH

+# pick up option configuration
+. /etc/rc.conf
+
 if [ X"$1" = X"shutdown" ]; then
-	dd if=/dev/urandom of=/var/db/host.random bs=1024 count=64 >/dev/null 2>&1
+	dd if=/dev/arandom of=/var/db/host.random bs=65536 count=1 >/dev/null 2>&1
 	chmod 600 /var/db/host.random >/dev/null 2>&1
 	if [ $? -eq 0 -a -f /etc/rc.shutdown ]; then
 		echo /etc/rc.shutdown in progress...
@@ -244,9 +245,6 @@

 random_seed

-# pick up option configuration
-. /etc/rc.conf
-
 # set flags on ttys.  (do early, in case they use tty for SLIP in netstart)
 echo 'setting tty flags'
 ttyflags -a
@@ -296,6 +294,7 @@
 	touch /etc/resolv.conf
 fi
 . /etc/netstart
+echo rekey > /dev/arandom	# any write triggers an RC4 rekey

 if [ X"${pf}" != X"NO" ]; then
 	if [ -f ${pf_rules} ]; then
@@ -310,9 +309,9 @@
 mount -s /usr >/dev/null 2>&1
 mount -s /var >/dev/null 2>&1

-# if there's no /var/db/host.random, make one through /dev/urandom
+# if there's no /var/db/host.random, use /dev/arandom to create one
 if [ ! -f /var/db/host.random ]; then
-	dd if=/dev/urandom of=/var/db/host.random bs=1024 count=64 \
+	dd if=/dev/arandom of=/var/db/host.random bs=65536 count=1 \
 		>/dev/null 2>&1
 	chmod 600 /var/db/host.random >/dev/null 2>&1
 else
@@ -340,6 +339,10 @@
 	rm -f /var/named/dev/log
 	syslogd_flags="${syslogd_flags} -a /var/named/dev/log"
 fi
+if [ X"${nsd_flags}" != X"NO" ]; then
+	rm -f /var/nsd/dev/log
+	syslogd_flags="${syslogd_flags} -a /var/nsd/dev/log"
+fi
 if [ -d /var/empty ]; then
 	rm -f /var/empty/dev/log
 	mkdir -p -m 0555 /var/empty/dev
@@ -371,6 +374,10 @@
 	echo 'starting named';		named $named_flags
 fi

+if [ X"${nsd_flags}" != X"NO" ]; then
+	echo 'starting nsd';		nsd $nsd_flags
+fi
+
 if [ ! -f /etc/isakmpd/private/local.key ]; then
 	echo -n "openssl: generating new isakmpd/iked RSA key... "
 	if /usr/sbin/openssl genrsa -out /etc/isakmpd/private/local.key 2048 \
@@ -607,6 +614,14 @@
 		echo failed.
 	fi
 fi
+if [ ! -f /etc/ssh/ssh_host_ecdsa_key ]; then
+	echo -n "ssh-keygen: generating new ECDSA host key... "
+	if /usr/bin/ssh-keygen -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N ''; then
+		echo done.
+	else
+		echo failed.
+	fi
+fi
 if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then
 	echo -n "ssh-keygen: generating new RSA host key... "
 	if /usr/bin/ssh-keygen -q -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''; then
@@ -627,7 +642,7 @@
 echo -n starting network daemons:

 if [ X"${sshd_flags}" != X"NO" ]; then
-	echo -n ' sshd';		/usr/sbin/sshd ${sshd_flags};
+	echo -n ' sshd';		/usr/sbin/sshd ${sshd_flags}
 fi

 if [ X"${snmpd_flags}" != X"NO" ]; then
@@ -699,7 +714,7 @@
 fi

 if [ X"${hostapd_flags}" != X"NO" ]; then
-	echo -n ' hostapd';		/usr/sbin/hostapd ${hostapd_flags};
+	echo -n ' hostapd';		/usr/sbin/hostapd ${hostapd_flags}
 fi

 if [ X"${bt}" != X"NO" ]; then
@@ -719,7 +734,7 @@
 fi

 if [ X"${ldapd_flags}" != X"NO" ]; then
-	echo -n ' ldapd';		/usr/sbin/ldapd ${ldapd_flags};
+	echo -n ' ldapd';		/usr/sbin/ldapd ${ldapd_flags}
 fi

 # We call sendmail with a full path so that SIGHUP works.
@@ -809,7 +824,7 @@
 # If rc.firstime exists, run it just once, and make sure it is deleted
 if [ -f /etc/rc.firsttime ]; then
 	mv /etc/rc.firsttime /etc/rc.firsttime.run
-	. /etc/rc.firsttime.run 2>&1 | mail -s 'rc.firsttime output' root
+	. /etc/rc.firsttime.run 2>&1 | mail -s 'rc.firsttime output' root >/dev/null
 fi
 rm -f /etc/rc.firsttime.run

diff -ur etc48/etc/rc.conf etc49/etc/rc.conf
--- etc48/etc/rc.conf	Mon Aug 16 16:46:49 2010
+++ etc49/etc/rc.conf	Wed Mar  2 14:51:49 2011
@@ -1,6 +1,6 @@
 #!/bin/sh -
 #
-#	$OpenBSD: rc.conf,v 1.139 2010/07/29 13:55:48 jmc Exp $
+#	$OpenBSD: rc.conf,v 1.141 2011/02/12 11:21:01 ajacoutot Exp $

 # set these to "NO" to turn them off.  otherwise, they're used as flags
 ldpd_flags=NO		# for normal use: ""
@@ -16,6 +16,7 @@
 rbootd_flags=NO		# for normal use: ""
 sshd_flags=""		# for normal use: ""
 named_flags=NO		# for normal use: ""
+nsd_flags=NO		# for normal use: ""
 rdate_flags=NO		# for normal use: [RFC868-host] or [-n RFC2030-host]
 timed_flags=NO		# for normal use: ""
 ldattach_flags=NO	# for normal use: "[options] linedisc cua-device"
@@ -105,6 +106,10 @@
 afsd_flags=			# Flags passed to afsd
 shlib_dirs=			# extra directories for ldconfig, separated
 				# by space
+
+# rc.d(8) daemons scripts
+# started in the specified order and stopped in reverse order
+rc_scripts=

 local_rcconf="/etc/rc.conf.local"

diff -ur etc48/etc/rc.local etc49/etc/rc.local
--- etc48/etc/rc.local	Mon Aug 16 16:46:49 2010
+++ etc49/etc/rc.local	Wed Mar  2 14:51:49 2011
@@ -1,4 +1,4 @@
-#	$OpenBSD: rc.local,v 1.39 2006/07/28 20:19:46 sturm Exp $
+#	$OpenBSD: rc.local,v 1.41 2010/11/05 10:03:00 ajacoutot Exp $

 # Site-specific startup actions, daemons, and other things which
 # can be done AFTER your system goes into securemode.  For actions
@@ -7,7 +7,10 @@

 echo -n 'starting local daemons:'

+for _r in $rc_scripts; do
+	[ -x /etc/rc.d/${_r} ] && echo -n " ${_r}" && /etc/rc.d/${_r} start
+done
+
 # Add your local startup actions here.

 echo '.'
-
diff -ur etc48/etc/rc.shutdown etc49/etc/rc.shutdown
--- etc48/etc/rc.shutdown	Mon Aug 16 16:46:49 2010
+++ etc49/etc/rc.shutdown	Wed Mar  2 14:51:49 2011
@@ -1,4 +1,4 @@
-#	$OpenBSD: rc.shutdown,v 1.7 2006/06/22 00:41:59 deraadt Exp $
+#	$OpenBSD: rc.shutdown,v 1.10 2010/11/26 08:09:35 ajacoutot Exp $
 #
 # If it exists, this script is run at system-shutdown by reboot(8),
 # halt(8).  If the architecture supports keyboard requested halting,
@@ -7,6 +7,14 @@

 powerdown=NO	# set to YES for powerdown

-#
-# Your shell code goes here
-#
+echo -n 'stopping local daemons:'
+
+while [ -n "${rc_scripts}" ]; do
+	_r=${rc_scripts##* }
+	rc_scripts=${rc_scripts%%*( )${_r}}
+	[ -x /etc/rc.d/${_r} ] && echo -n " ${_r}" && /etc/rc.d/${_r} stop
+done
+
+# Add your local shutdown actions here.
+
+echo '.'
diff -ur etc48/etc/sensorsd.conf etc49/etc/sensorsd.conf
--- etc48/etc/sensorsd.conf	Mon Aug 16 16:46:49 2010
+++ etc49/etc/sensorsd.conf	Wed Mar  2 14:51:50 2011
@@ -1,4 +1,4 @@
-# $OpenBSD: sensorsd.conf,v 1.8 2007/08/14 19:02:02 cnst Exp $
+# $OpenBSD: sensorsd.conf,v 1.9 2011/01/19 06:18:05 david Exp $

 #
 # Sample sensorsd.conf file. See sensorsd.conf(5) for details.
@@ -28,8 +28,8 @@
 #temp:high=70C


-# By default, sensorsd(8) reports status changes of all sensors that
-# keep their state. Uncomment the following lines if you want to
+# By default, sensorsd(8) reports status changes of all sensors that
+# keep their state. Uncomment the following lines if you want to
 # suppress reports about status changes of specific sensor types.

 #temp:istatus
diff -ur etc48/etc/services etc49/etc/services
--- etc48/etc/services	Mon Aug 16 16:46:49 2010
+++ etc49/etc/services	Wed Mar  2 14:51:49 2011
@@ -1,4 +1,4 @@
-#	$OpenBSD: services,v 1.74 2010/05/25 13:00:00 claudio Exp $
+#	$OpenBSD: services,v 1.75 2010/12/16 18:08:57 ajacoutot Exp $
 #
 # Network services, Internet style
 #
@@ -251,6 +251,10 @@
 sip		5060/tcp			# SIP
 sip		5060/udp			# SIP
 postgresql	5432/tcp			# PostgreSQL
+zabbix-agent	10050/tcp			# Zabbix Agent
+zabbix-agent	10050/udp			# Zabbix Agent
+zabbix-trapper	10051/tcp			# Zabbix Trapper
+zabbix-trapper	10051/udp			# Zabbix Trapper
 #
 # AFS Services
 #
diff -ur etc48/etc/ssh/sshd_config etc49/etc/ssh/sshd_config
--- etc48/etc/ssh/sshd_config	Mon Aug 16 16:46:53 2010
+++ etc49/etc/ssh/sshd_config	Wed Mar  2 14:51:51 2011
@@ -1,4 +1,4 @@
-#	$OpenBSD: sshd_config,v 1.81 2009/10/08 14:03:41 markus Exp $
+#	$OpenBSD: sshd_config,v 1.82 2010/09/06 17:10:19 naddy Exp $

 # This is the sshd server system-wide configuration file.  See
 # sshd_config(5) for more information.
@@ -21,6 +21,7 @@
 # HostKeys for protocol version 2
 #HostKey /etc/ssh/ssh_host_rsa_key
 #HostKey /etc/ssh/ssh_host_dsa_key
+#HostKey /etc/ssh/ssh_host_ecdsa_key

 # Lifetime and size of ephemeral version 1 server key
 #KeyRegenerationInterval 1h
diff -ur etc48/etc/sysctl.conf etc49/etc/sysctl.conf
--- etc48/etc/sysctl.conf	Mon Aug 16 16:46:49 2010
+++ etc49/etc/sysctl.conf	Wed Mar  2 14:51:50 2011
@@ -1,4 +1,4 @@
-#	$OpenBSD: sysctl.conf,v 1.47 2009/06/09 11:52:54 sthen Exp $
+#	$OpenBSD: sysctl.conf,v 1.49 2011/02/16 10:37:45 mikeb Exp $
 #
 # This file contains a list of sysctl options the user wants set at
 # boot time.  See sysctl(3) and sysctl(8) for more information on
@@ -22,14 +22,15 @@
 #net.inet.etherip.allow=1	# 1=Enable the Ethernet-over-IP protocol
 #net.inet.tcp.ecn=1		# 1=Enable the TCP ECN extension
 #net.inet.carp.preempt=1	# 1=Enable carp(4) preemption
-#net.inet.carp.log=1		# 1=Enable logging of carp(4) packets
+#net.inet.carp.log=3		# log level of carp(4) info, default 2
 #ddb.panic=0			# 0=Do not drop into ddb on a kernel panic
 #ddb.console=1			# 1=Permit entry of ddb from the console
 #fs.posix.setuid=0		# 0=Traditional BSD chown() semantics
 #vm.swapencrypt.enable=0	# 0=Do not encrypt pages that go to swap
 #vfs.nfs.iothreads=4		# Number of nfsio kernel threads
 #net.inet.ip.mtudisc=0		# 0=Disable tcp mtu discovery
-#kern.usercrypto=0		# 0=Disable userland use of /dev/crypto
+#kern.usercrypto=1		# 1=Enable userland use of /dev/crypto
+#kern.userasymcrypto=1		# 1=Permit userland to do asymmetric crypto
 #kern.splassert=2		# 2=Enable with verbose error messages
 #kern.nosuidcoredump=2		# 2=Put suid coredumps in /var/crash
 #kern.watchdog.period=32	# >0=Enable hardware watchdog(4) timer if available
diff -ur etc48/etc/weekly etc49/etc/weekly
--- etc48/etc/weekly	Mon Aug 16 16:46:49 2010
+++ etc49/etc/weekly	Wed Mar  2 14:51:49 2011
@@ -1,5 +1,5 @@
 #
-#	$OpenBSD: weekly,v 1.23 2009/05/25 21:31:24 schwarze Exp $
+#	$OpenBSD: weekly,v 1.24 2011/01/19 06:18:05 david Exp $
 #
 # For local additions, create the file /etc/weekly.local.
 # To get section headers, use the function next_part in weekly.local.
@@ -73,5 +73,5 @@

 end_part
 rm -f $PARTOUT
-
+
 [ -s $MAINOUT ] && mail -s "`hostname` weekly output" root < $MAINOUT
diff -ur etc48/root/.profile etc49/root/.profile
--- etc48/root/.profile	Mon Aug 16 16:46:51 2010
+++ etc49/root/.profile	Wed Mar  2 14:51:50 2011
@@ -1,4 +1,4 @@
-# $OpenBSD: dot.profile,v 1.8 2009/05/06 22:02:05 millert Exp $
+# $OpenBSD: dot.profile,v 1.9 2010/12/13 12:54:31 millert Exp $
 #
 # sh/ksh initialization

@@ -8,10 +8,14 @@
 export HOME
 umask 022

-if [ -x /usr/bin/tset ]; then
-	if [ X"$XTERM_VERSION" = X"" ]; then
-		eval `/usr/bin/tset -sQ '-munknown:?vt220' $TERM`
-	else
-		eval `/usr/bin/tset -IsQ '-munknown:?vt220' $TERM`
+case "$-" in
+*i*)    # interactive shell
+	if [ -x /usr/bin/tset ]; then
+		if [ X"$XTERM_VERSION" = X"" ]; then
+			eval `/usr/bin/tset -sQ '-munknown:?vt220' $TERM`
+		else
+			eval `/usr/bin/tset -IsQ '-munknown:?vt220' $TERM`
+		fi
 	fi
-fi
+	;;
+esac
diff -ur etc48/var/db/sysmerge/etcsum etc49/var/db/sysmerge/etcsum
--- etc48/var/db/sysmerge/etcsum	Mon Aug 16 16:55:30 2010
+++ etc49/var/db/sysmerge/etcsum	Wed Mar  2 14:57:58 2011
@@ -1,22 +1,22 @@
 2524506263 578 ./.cshrc
-1427350648 411 ./.profile
+2363117144 468 ./.profile
 611379239 34615 ./etc/afs/CellServDB
 4294967295 0 ./etc/afs/SuidCells
 3980592904 12 ./etc/afs/ThisCell
 1147551801 1637 ./etc/afs/afsd.conf
 4131638920 15 ./etc/amd/master.sample
 4294967295 0 ./etc/authpf
-2217676753 1955 ./etc/bgpd.conf
+4182151039 3038 ./etc/bgpd.conf
 3876916992 185 ./etc/ccd.conf
-793243876 3127 ./etc/changelist
+3448035340 3341 ./etc/changelist
 252594545 410 ./etc/chio.conf
 1472356903 102 ./etc/csh.cshrc
 2703696912 102 ./etc/csh.login
 3431436583 104 ./etc/csh.logout
-3370947786 5332 ./etc/daily
+1728858655 5277 ./etc/daily
 2378293123 591 ./etc/dhclient.conf
 4136716515 733 ./etc/dhcpd.conf
-4153755677 787 ./etc/disktab
+3581520 790 ./etc/disktab
 4294967295 0 ./etc/dumpdates
 3022890455 215 ./etc/dvmrpd.conf
 2099336431 235 ./etc/exports
@@ -39,54 +39,55 @@
 1419656858 2381 ./etc/inetd.conf
 4243353537 1122 ./etc/ipsec.conf
 1378435518 4005 ./etc/ksh.kshrc
-3481018561 19682 ./etc/ldap/core.schema
+1239840989 19658 ./etc/ldap/core.schema
 4128381391 2737 ./etc/ldap/inetorgperson.schema
 2139975806 7443 ./etc/ldap/nis.schema
 1003664992 360 ./etc/ldapd.conf
 1669450874 301 ./etc/ldpd.conf
-1315038147 874 ./etc/localtime
+4063907622 2388 ./etc/localtime
 1272061458 555 ./etc/locate.rc
-118646532 2245 ./etc/login.conf
+3897767250 2242 ./etc/login.conf
 3718017018 143932 ./etc/lynx.cfg
 4140050977 105 ./etc/mail.rc
 180804272 2556 ./etc/mail/Makefile
 2236616533 3388 ./etc/mail/README
 761663012 275 ./etc/mail/access
 2937419450 65536 ./etc/mail/access.db
-2239958834 1829 ./etc/mail/aliases
+1377801551 1776 ./etc/mail/aliases
 2308671928 65536 ./etc/mail/aliases.db
 2079996431 982 ./etc/mail/genericstable
 2937419450 65536 ./etc/mail/genericstable.db
 2054762348 5663 ./etc/mail/helpfile
 987201812 466 ./etc/mail/local-host-names
-1768776918 40743 ./etc/mail/localhost.cf
+382135422 40742 ./etc/mail/localhost.cf
 3116949394 562 ./etc/mail/mailertable
 2937419450 65536 ./etc/mail/mailertable.db
 1149556019 490 ./etc/mail/relay-domains
-2132050429 64506 ./etc/mail/sendmail.cf
+4292518303 64505 ./etc/mail/sendmail.cf
 667510436 300 ./etc/mail/smtpd.conf
 3479831541 1876 ./etc/mail/spamd.conf
-1289056739 41795 ./etc/mail/submit.cf
+1379803338 41794 ./etc/mail/submit.cf
 942407207 561 ./etc/mail/trusted-users
 780872591 621 ./etc/mail/virtusertable
 2937419450 65536 ./etc/mail/virtusertable.db
 233395827 424 ./etc/mailer.conf
-2074991023 2288 ./etc/man.conf
+408305320 2010 ./etc/man.conf
 3970800728 3030 ./etc/master.passwd
 3948491597 159160 ./etc/moduli
-686634897 938 ./etc/monthly
+1897395865 911 ./etc/monthly
 1116441835 406 ./etc/motd
 3992554006 1531 ./etc/mrouted.conf
 1841534430 17 ./etc/myname
-1550044728 9788 ./etc/netstart
+3166902118 9791 ./etc/netstart
 2935274938 203 ./etc/networks
 968301387 754 ./etc/newsyslog.conf
+522072229 474 ./etc/nsd.conf
 3066868024 493 ./etc/ntpd.conf
 2444571113 467 ./etc/ospf6d.conf
 4056398302 590 ./etc/ospfd.conf
 1160083724 2770 ./etc/passwd
 1588100705 1004 ./etc/pf.conf
-2300413469 28312 ./etc/pf.os
+1081783036 28452 ./etc/pf.os
 1486162102 322 ./etc/portal.conf
 2639296339 141 ./etc/ppp/chap-secrets
 2633022360 22 ./etc/ppp/options
@@ -96,20 +97,20 @@
 1129771337 5680 ./etc/protocols
 3597021780 40960 ./etc/pwd.db
 1686087193 344 ./etc/rbootd.conf
-3936635197 20397 ./etc/rc
-56307155 4435 ./etc/rc.conf
-1402807809 380 ./etc/rc.local
+3662757083 20802 ./etc/rc
+3512624051 4577 ./etc/rc.conf
+492396179 484 ./etc/rc.local
 639998969 635 ./etc/rc.securelevel
-3684809617 335 ./etc/rc.shutdown
+3940915127 557 ./etc/rc.shutdown
 3253051455 2530 ./etc/relayd.conf
 75412510 1887 ./etc/remote
 3052949533 272 ./etc/ripd.conf
-3131719434 10132 ./etc/rmt
+3778513600 10132 ./etc/rmt
 1935202087 852 ./etc/rpc
 4271262874 403 ./etc/sasyncd.conf
 2272953289 18717 ./etc/security
-1223872336 1136 ./etc/sensorsd.conf
-2849697141 9973 ./etc/services
+1815096265 1135 ./etc/sensorsd.conf
+255659374 10143 ./etc/services
 4011733011 258 ./etc/shells
 3838912274 22 ./etc/skel/.Xdefaults
 1301968229 773 ./etc/skel/.cshrc
@@ -124,22 +125,22 @@
 3850897738 40960 ./etc/spwd.db
 4294967295 0 ./etc/ssh
 2120219775 1555 ./etc/ssh/ssh_config
-231289807 2524 ./etc/ssh/sshd_config
+2950094583 2560 ./etc/ssh/sshd_config
 471002687 1598 ./etc/ssl/openssl.cnf
 993424129 1005 ./etc/ssl/x509v3.cnf
 2341528463 1354 ./etc/sudoers
-3071348488 2721 ./etc/sysctl.conf
+114370617 2789 ./etc/sysctl.conf
 1055529673 1530 ./etc/syslog.conf
 1892516430 3246 ./etc/systrace/usr_sbin_lpd
 1470207625 3531 ./etc/systrace/usr_sbin_named
 2328247655 22998 ./etc/ttys
-2776652567 1680 ./etc/weekly
+373947323 1653 ./etc/weekly
 4174102115 474 ./etc/wsconsctl.conf
 3838912274 22 ./root/.Xdefaults
 2524506263 578 ./root/.cshrc
 1685996065 125 ./root/.klogin
 866798803 328 ./root/.login
-1427350648 411 ./root/.profile
+2363117144 468 ./root/.profile
 3936545289 5 ./var/crash/minfree
 4294967295 0 ./var/cron/at.deny
 4294967295 0 ./var/cron/cron.deny
@@ -160,8 +161,7 @@
 4294967295 0 ./var/log/sendmail.st
 4294967295 0 ./var/log/wtmp
 4294967295 0 ./var/log/xferlog
-2532119393 4546 ./var/mail/root
-4294967295 0 ./var/msgs/bounds
+270223311 4546 ./var/mail/root
 2245793152 1563 ./var/named/etc/named-dual.conf
 1504362979 1351 ./var/named/etc/named-simple.conf
 1504362979 1351 ./var/named/etc/named.conf
@@ -180,7 +180,7 @@
 2431191444 194 ./var/www/conf/bgplg.head
 321454665 37749 ./var/www/conf/httpd.conf
 996429480 12965 ./var/www/conf/magic
-2364632045 16103 ./var/www/conf/mime.types
+406577318 16119 ./var/www/conf/mime.types
 1923043049 2326 ./var/www/htdocs/apache_pb.gif
 4294967295 0 ./var/www/htdocs/bgplg
 3954868337 376 ./var/www/htdocs/bgplg/index.html
diff -ur etc48/var/mail/root etc49/var/mail/root
--- etc48/var/mail/root	Mon Aug 16 16:46:57 2010
+++ etc49/var/mail/root	Wed Mar  2 14:51:57 2011
@@ -1,9 +1,9 @@
-From deraadt@do-not-reply.openbsd.org Wed Sep  1 07:47:47 MDT 2010
+From deraadt@do-not-reply.openbsd.org Sun May  1 07:47:47 MDT 2011
 Return-Path: root
-Date: Sep 1 07:47:47 MDT 2010
+Date: May 1 07:47:47 MDT 2011
 From: deraadt@do-not-reply.openbsd.org (Theo de Raadt)
 To: root
-Subject: Welcome to OpenBSD 4.8!
+Subject: Welcome to OpenBSD 4.9!

 This message attempts to describe the most basic initial questions that a
 system administrator of an OpenBSD box might have.  You are urged to save
@@ -27,13 +27,13 @@

 Several popular binary packages (pre-compiled applications) are available
 for most architectures.  If you installed from a CD-ROM the packages
-are on the same CD-ROM you installed from in the directory 4.8/packages.
+are on the same CD-ROM you installed from in the directory 4.9/packages.

 CD-ROM space permitted us to include a subset of the full FTP packages
 for the most common architectures.  Please see the FTP sites to see a
 full list of packages for each architecture:

-	ftp://ftp.openbsd.org/pub/OpenBSD/4.8/packages/
+	ftp://ftp.openbsd.org/pub/OpenBSD/4.9/packages/

 If you do not find a package you want on the CD, please go look at your
 nearest FTP mirror site.
@@ -41,9 +41,9 @@
 Select your architecture and download the tarballs of your choice.  For example
 to install the emacs package for i386, execute:
  # mount /dev/cd0a /cdrom
- # pkg_add -v /cdrom/4.8/packages/i386/emacs-22.3p6.tgz
+ # pkg_add -v /cdrom/4.9/packages/i386/emacs-22.3p6.tgz
 or alternatively install them via FTP this way:
- # pkg_add -v ftp://ftp.openbsd.org/pub/OpenBSD/4.8/packages/i386/emacs-22.3p6.tgz
+ # pkg_add -v ftp://ftp.openbsd.org/pub/OpenBSD/4.9/packages/i386/emacs-22.3p6.tgz

 Significant efforts were made to centralize all system configuration in the
 /etc directory.  You should be able to find each of the configuration files
Only in etc48/var: msgs
diff -ur etc48/var/www/conf/mime.types etc49/var/www/conf/mime.types
--- etc48/var/www/conf/mime.types	Mon Aug 16 16:46:53 2010
+++ etc49/var/www/conf/mime.types	Wed Mar  2 14:51:51 2011
@@ -13,7 +13,7 @@
 application/andrew-inset	ez
 application/applefile
 application/atomicmail
-application/atom+xml           atom
+application/atom+xml		atom
 application/batch-smtp
 application/beep+xml
 application/cals-1840
@@ -75,6 +75,7 @@
 application/reginfo+xml
 application/remote-printing
 application/riscos
+application/rss+xml		rss
 application/rtf
 application/sdp
 application/set-payment