natpmpd is a daemon that can be used on an OpenBSD NAT gateway to
provide support for the NAT-PMP protocol on any internal networks which
then allows a client to create and maintain rules in pf to map TCP and
UDP connections to the external IP address on the NAT gateway to
services running on the client itself.
jakob@ and myself. See http://www.unbound.net/downloads/CVE-2011-4528.txt
for more details, summary from the above is below:
--
Unbound crashes when confronted with a non-standard response from a
server for a domain. This domain produces duplicate RRs from a certain
type and is DNSSEC signed.Unbound also crashes when confronted with a
query that eventually, and under specific circumstances, resolves to a
domain that misses expected NSEC3 records.
These two problems were discovered within 24 hours, hence a combined
vulnerability disclosure.
By constructing the non standard responses an attacker can use these
vulnerabilities for a DOS attack.
To our knowledge 'denial of service' is the only type of exploit possible.
--
parameter to daemonize, move the parameter from daemon to daemon_flags,
so that the user cannot inadvertently prevent it from daemonizing by
adjusting the flags.
Discussed with ajacoutot and schwarze, this method was suggested
by schwarze@ as a simpler alternative to my diff. ok aja@
Fix: first check our bool variable, then make some calculations if
it's false. Not the other way around
(upstream git commit 41090dfe3756396a8b4496f732ab8493aa51fe6c)
Fix: disabling protocol obfuscation broke Kad and triggered assertions
(upstream git commit ec2e66216738f92724a37fa030a79734e0e8b1ba)
Fix: disable the partfile importer's 'Add' button on the remote gui
unless using a localhost connection
(upstream git commit 004f3929d91e4b81f47235060d86686fff13e2d3)
Fix: "Prompt on exit" preference
(upstream git commit aea8d002b6446dcaf38db4d4ab222fcebce60948)
Fix: require restart when protocol obfuscation setting gets changed
(upstream git commit ec2e66216738f92724a37fa030a79734e0e8b1ba)
And fix libX11 '-lX11' linkage.
OpenConnect is a client for Cisco's AnyConnect SSL VPN, which is
supported by the ASA5500 Series, IOS 12.4(9)T or later on Cisco SR500,
870, 880, 1800, 2800, 3800, 7200 Series and 7301 Routers, and probably
others. Features include:
- Connection through HTTP/SOCKS5 proxy.
- Automatic detection of IPv4 and IPv6 address, routes.
- Authentication via HTTP forms.
- Authentication using SSL certificates.
- Data transport over TCP (HTTPS) or UDP (DTLS).
- Keepalive and Dead Peer Detection on both HTTPS and DTLS.
- Automatic update of VPN server list / configuration.
- Roaming support, allowing reconnection when the local
IP address changes.
ok/tweaks jasper@, and *big* thanks to upstream developer David Woodhouse
for letting me have access to his test server, noticing+tracking down
problems with vpnc-script when configuring v6 addresses on tun on OpenBSD,
and testing the fix for this on a range of OS.
- Added support for non-blocking clients accept on the server side
- new_from_fd() is now alias to new_from_socket()
examples added as suggested by jasper@
Ok aja@, jasper@
