On servers configured to perform DNSSEC validation using managed
trust anchors (i.e., keys configured explicitly via managed-keys, or
implicitly via dnssec-validation auto; or dnssec-lookaside auto;),
revoking a trust anchor and sending a new untrusted replacement could
cause named to crash with an assertion failure. This could occur in
the event of a botched key rollover, or potentially as a result of a
deliberate attack if the attacker was in position to monitor the
victim's DNS traffic. This flaw was discovered by Jan-Piet Mens, and
is disclosed in [CVE-2015-1349] [RT #38344] (**)
which should all be started/stopped together), previously "restart" would
restart each sub-daemon in turn, but actually it should stop all daemons
and only then start them again. Additionally, as suggested by ajacoutot,
stop the procedure and return an error if stopping one of the rc scripts
failed. ok ajacoutot@ rpe@
(as done for a couple of other ports; bacula was actually the one I wanted
to fix this on but missed the earlier commit ;)
On OpenBSD, the sa_family field in netmask sockaddrs can be zero and
thus different from the sa_family of the address sockaddr.
Until this glitch gets corrected, fix postgresql.
ok sthen@ pea@ (MAINTAINER)
which should all be started/stopped together), previously "restart" would
restart each sub-daemon in turn, but actually it should stop all daemons
and only then start them again. Additionally, as suggested by ajacoutot,
stop the procedure and return an error if stopping one of the rc scripts
failed. ok ajacoutot@ rpe@
name change, which in turn resulted in distfile change. No actual changes
in package, therefore, no bump - just unbreaking the build.
Noticed/prodded by espie@ and jasper@.
GH_ACCOUNT tweak suggested by Adam Wolk (MAINTAINER).
instead of man manuals. Fixes man rake22, which was broken before.
Remove USE_GROFF as mandoc formats the manuals properly.
While here, fix the xargs usage in pre-install to handle cases
where fake is run after being cleaned.
Issue with rake22 man page reported by naddy@
Detailed analysis and --with-mantype=doc change from schwarze@
xargs fix from me
The incorrect code was generating memcpy calls with src and dest
overlapping, which raises SIGABRT, making the server unreachable
using IPv6. The fix consists in passing the right parameters to
memcpy, including sizeof(struct sockaddr_in) as len, since
sizeof(struct sockaddr_storage) would be too much, and sa_len
is unusable in netmask sockaddrs. Debugged with sthen@ and lteo@
Problem reported by Hugo Osvaldo Barrera.
ok sthen@
message with no payload, just skip printing the disconnect reason."
Fixes printing junk and possibly crashing if the server goes away.
Tweak DESCR, mention the open-source server ocserv (port for this is
ready but holding in openbsd-wip until we're done with 5.7).
(Readers might be interested to note that 7.04 is probably the last
version of OpenConnect to only support Cisco's SSL-VPN protocol; the
next version will almost certainly add client support for Juniper's
protocol).
Rename all egnat* binaries back to gnat*, sync with 4.8
Add hppa Ada support
Delete debug patch for a linker issue solved some time ago
funktioniert pascal@
