I've added in the rest of M. Bernstein's public domain libtai library,
parts of which were already included by some of the tools. This has
added the easter, nowutc, and yearcal commands, which are packaged up
alongside libtai.a, the libtai C language headers, and the libtai manual
pages in a new libtai package.
More importantly, it has added the leapsecs command, and the
/usr/local/etc/leapsecs.dat file is now generated from leapsecs.txt
rather than included as a binary in the source as it was before. The
sharp-eyed will also note that support for /usr/local/etc/leapsecs.dat
(as an alternative to /etc/leapsecs.dat for systems that like
non-operating system files in /usr/local/etc) has also been added. The
leapsecs.txt is the Bernstein 2015-06-30 version (which is still the
latest published by M. Bernstein) patched with the forthcoming leap second.
The libtai package does not include /usr/local/etc/leapsecs.dat .
Rather, that is packaged in a separate leapsecs package, to allow
updated versions to be substituted with ease when they come along, as
well as to permit installing only that without the rest of libtai.
Note the subtle difference between the URL you tried and the given one (yes,
the trailing slash). This is it.
It is admittedly a bit uncommon these days to not set up a redirect from
the non-slash to the slash variant, but having seen the dots at the end
of the top-level-domains you'd expect some amount idiosyncrasy.
> is not working: "access denied"
Try with appended slash. It'll work.
> and I instinctively tried that one first, as to avoid .eu (even it
> makes no sense).
This I don't understand: what is your problem with .eu?
(By the way: this one might have worked for you, since here the
variant without trailing slash redirects (301) to the one with
slash. Go figure. Seems .eu is better than .info, after all ;-)
You should have just tried the URL that I gave to you, without your
changing it to something different.
Ironically, Bernstein publicfile is part of the package at hand, and
this is the documented behaviour of publicfile, in its original
> A request for http://v/f refers to the file named ./v/f inside
the root directory hierarchy, if f does not end with a slash.
> httpd will refuse to read a file if the file [...] is anything other
than a regular file: a directory, socket, device, etc.
publicfile isn't going to let you read the WWW server's directories
directly with URL tricks. You attempt that in vain. (-: For *not*
trying to trick the WWW server, and simply reading the blurb and the
download instructions, just use the actual URL that I gave.
Now I get it. When marking with the mouse, I did not mark the ending /
On Tue, Dec 06, 2016 at 01:18:14PM +0000, Jonathan de Boyne Pollard wrote:
> Jonathan de Boyne Pollard:
> > In celebration of the forthcoming leap second, djbwares is now at
> > version 4.
> > * http://jdebp.eu./Softwares/djbwares/ > > * http://jdebp.info./Softwares/djbwares/ > >
> Jean Louis:
> > http://jdebp.info./Softwares/djbwares > >
> > is not working: "access denied" and I instinctively tried that one
> > first, as to avoid .eu (even it makes no sense).
> You should have just tried the URL that I gave to you, without your changing
> it to something different.
> Ironically, Bernstein publicfile is part of the package at hand, and this is
> the documented behaviour of publicfile, in its original Bernstein manual:
> > A request for http://v/f refers to the file named ./v/f inside the root
> directory hierarchy, if f does not end with a slash.
> > httpd will refuse to read a file if the file [...] is anything other than
> a regular file: a directory, socket, device, etc.
> publicfile isn't going to let you read the WWW server's directories directly
> with URL tricks. You attempt that in vain. (-: For *not* trying to trick
> the WWW server, and simply reading the blurb and the download instructions,
> just use the actual URL that I gave.
This contains some long-overdue changes: ip6.int has been replaced by ip6.arpa in tinydns-data and dnscache, and rblsmtpd no longer falls back to using an RBL that has been defunct for many years.
It also contains some additions: some UCSPI-SSL capability, a new gopherd UCSPI server to go alongside httpd and ftpd in publicfile, and most of the previously missing manual pages (including a few for commands which had no manuals in the original toolsets).
There are no longer any placeholder manual pages for the "man" command. There are still a few manual pages that are only present in roff form, though.
dnscache now has a built-in AAAA resource record for localhost, like it
already had a built-in A resource record. I've slightly improved the
way that it caches AAAA resource record sets, to match the way that it
was handling A resource record sets. And it now caches SOA resource
records. There are also some minor improvements to the logging to
decode SRV, A, and AAAA records rather than print them in raw
The changes to ftpd were motivated by my pointing several WWW browsers
at a publicfile FTP site and discovering that the WWW browsers adhere to
the RFCs far less than they used to at the turn of the century. You can
read some of the saddening discoveries in the Hall of Shame. I have
enhanced publicfile ftpd to support OPTS, FEAT, SIZE, EPSV, and HOST; to
interoperate better with some faulty FTP ALGs that cannot cope with an
FTP server that one does not need to log in to; to interoperate better
with some faulty WWW browsers that misuse CWD as a type testing
mechanism; and to log things more clearly in order to diagnose such
faults from server logs. HOST support means that ftpd supports virtual
hosting on FTP, which is explained in the manual, although it is hard to
find any FTP client that employs this.
A further minor addition is a host command, a subset of the host
commands from ISC and from KnotDNS that uses the same DNS client library
from djbdns as all of the other djbdns query tools do. Of course, the
conventional djbdns client tools have a simpler syntax and more regular
behaviours than the host command, and are preferable. Moreover, the
subset excludes rarities that djbdns has never supported, such as non-IN
There are only a few changes. A common build problem across
several toolsets that occurs if one has set a CDPATH,
has been fixed. dnscache now has a FORWARDFIRST
mode. And a bug in tcpserver that manifests itself
when tcpserver inherits no open standard I/O file
descriptors has been fixed.
This version sees changes to the doco and to the DNS and HTTP
I plan for this to be the last release with binaries built on
FreeBSD 10. I am going to upgrade the build machine.
All of the manuals are now DocBook XML, and the hodgepodge
admixture of manuals from three sources is gone. A stylesheet is
supplied for reading the manuals directly using a GUI WWW
browser. They can also be read using the console-docbook-xml-viewer
tool from version 1.40 of the nosh toolset.
The long-missing tcp-environ manual is now present.
Hand in hand with the documentation improvement, httpd
now has content types for the .xml and .xhtml
The ANY query type in the DNS has never meant ALL,
and has never really been useful. Pretty much only one software
even made use of ANY for non-testing purposes. That
was qmail, which I patched not to do so back in 2003.
Although the diagnostic tools still support sending ANY
queries, with one exception, in this release all of the DNS server
softwares now synthesize non-responses, containing an invariant HINFO
resource record set, to ANY queries. The
specialized content DNS servers simply return such responses
straightforwardly, as they do not have to worry about CNAME
chains, which they do not ever construct. The other DNS servers
have to handle CNAME chains.
The general-purpose tinydns and axfrdns
content DNS servers will continue to process CNAME
chains as before, but will return a synthesized HINFO
resource record set at the end of the chain. dnscache
also processes CNAME chains as before, again
returning the chain with a synthesized HINFO
resource record set at the end. It no longer allows ANY
queries as a loophole for retrieving cache contents, and will not
issue ANY queries from its back end.
The diagnostic tool that is the exception is tinydns-get,
whose operation is supposed to exactly replicate what tinydns
does. It, too, now synthesizes non-responses when an ANY
lookup is requested.
On Thu, Mar 21 2019, Dan Ritter wrote:
> 황병희 wrote:
>> On Wed, Mar 20 2019, Jonathan de Boyne Pollard wrote:
>> > ...snip...
>> > http://jdebp.eu./Softwares/djbwares/qmail-patches.html#any-to-cname >>
>> just comment:
>> whenever i see these patches, i think qmail is not easy to handle.
> qmail is the easiest mail server to understand and configure.