- no need to disable SSLv2 and SSLv3
- no need to initialize the libraries explicitly anymore
- remove incomplete uninit code
- use TLS_method() instead of SSLv23_client_method()
from Brad
this please test and report back if you see problems; in the run-up
to OpenBSD 6.9 we dropped back to 9.16.10 due to problems in interim
releases
CVE-2021-25214: A broken inbound incremental zone update (IXFR)
can cause named to terminate unexpectedly
https://kb.isc.org/docs/cve-2021-25214
CVE-2021-25215: An assertion check can fail while answering queries for
DNAME records that require the DNAME to be processed to resolve itself
https://kb.isc.org/docs/cve-2021-25215
CVE-2021-25216: A second vulnerability in BIND's GSSAPI security policy
negotiation can be targeted by a buffer overflow attack
https://kb.isc.org/docs/cve-2021-25216
When missing, samba builds pytdb support using its bundled copy of tdb,
and installs it in WRKINST, as shown by update-plist. samba runs fine
with the py-tdb package registered in its RUN_DEPENDS, but this is not
what was intended. Consistently use libtdb and py-tdb from databases/tdb.
Broken since ~2018 on clang+ld.lld archs, no analysis and no diff to fix
it, so it's time to send it to the Attic. Support for AD DC mode can't
be optimal anyway, with the deprecation of the ntvfs server code and our
lack of xattrs/ACLs.
"Fine by me" Ian
This runs icinga-web2 out of the webserver root, so far we have not
found a non-awkward way to have it in /icingaweb2 like the other
examples.
Michael Wilson (mw at 1wilson.org) answered my cry for help, thanks!
OK sthen
an issue with DNS retries in 2.83/2.84, and a fix to not use a static
source port when dnsmasq is configured to bind to a source address
or interface (affected config of these forms: server=8.8.8.8@1.2.3.4,
server=8.8.8.8@1.2.3.4#66, server=8.8.8.8@eth0)
