Tests by Pierre Emeriaud (co-maintainer) and florian@, ok sthen@
DESCR:
Knot DNS is a high-performance authoritative-only DNS server which
supports all key features of the domain name system including zone
transfers and DNSSEC. Among its goals is support for on-line addition
and removal of zones.
dependency, ok ajacoutot@
(The newer version of megaglest at least sometimes has problems building
without this, and we need to make sure pkg updates are triggered when needed
due to lib changes in base).
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
CVE-2015-1798 "When ntpd is configured to use a symmetric key to authenticate a
remote NTP server/peer, it checks if the NTP message authentication code (MAC)
in received packets is valid, but not if there actually is any MAC included."
CVE-2015-1799 "An attacker knowing that NTP hosts A and B are peering with each
other (symmetric association) can send a packet to host A with source address
of B which will set the NTP state variables on A to the values sent by the
attacker. Host A will then send on its next poll to B a packet with originate
timestamp that doesn't match the transmit timestamp of B and the packet will be
dropped. If the attacker does this periodically for both hosts, they won't be
able to synchronize to each other."
no hackathon is really complete without a gnaughty commit, but an actual update
hasn't been done since p2k10...the shame! i'm putting it in now so the public expose
ensures deeper testing.
For clients, this means no change.
For relays, this instructs tor to do a clean shutdown, leaving 30s for other
peers to find another route. Increase daemon_timeout to one minute to give
tor a bit more time on slow machines (like my BBB).
Hint from Michael McConvill, "go ahead" ajacoutot@
websocketd is a small command-line tool that will wrap an existing command-line
interface program, and allow it to be accessed via a WebSocket.
WebSocket-capable applications can now be built very easily in any language. As
long as you can write an executable program that reads `STDIN` and writes to
`STDOUT`, you can build a WebSocket server.
ok sthen@
