BSD Commit Log Search

   iked: Fix leak of new SA on rekey error

   Found by hshoexer@, fix from markus@

   don't forward packets with a source ip of 0.0.0.0.

   my initial motivation here is that ip_output special cases 0.0.0.0
   and replaces it with an ip from the local system under the assumption
   that an unset ip originates from the local system.

   in addition to this, my reading of rfc1122 makes me think it's
   illegal from a standards point of view too, and sthen@ points out
   that rfc6890 agrees. this makes fixing the stack problem easy because
   we can just drop the packet.

   this check is done for forwarded packets, but we should continue
   to treat packets from 0.0.0.0 on a connected network as valid because
   protocols like dhcp and igmp need to use it when they don't have
   an ip yet. ie, we should accept packets from 0.0.0.0, but not forward
   them.

   i discovered this because there's a clever clogs dhcp implementation
   somewhere at work that knows it hasn't got an address yet, but it tries

    [6 lines not shown]

   update to py3-astropy-iers-data-0.2026.6.22.1.23.34
   enable tests

   tcpslice: fix HOMEPAGE, from espie

   update to yubikey-manager-5.9.1

   +py-python-pskc

   import ports/security/py-python-pskc, ok tb@

   This Python library handles Portable Symmetric Key Container (PSKC)
   files as defined in RFC 6030. PSKC files are used to transport and
   provision symmetric keys (seed files) to different types of crypto
   modules, commonly one-time password tokens or other authentication
   devices.

   This module can be used to extract keys from PSKC files for use in an
   OTP authentication system. The module can also be used for authoring
   PSKC files.

   port-modules: properly annotate make variables to make man -k work

   from espie

   Implement the bits to support HW crypto and with the wpakey in mwx(4).

   The HW is able to handle everything in HW but I only tested WPA2.
   Committed over the hackathon wifi which uses wpa.

   +py-makefun

   Initial revision

   add upstream patches for postfix/stable35:

   postfix-3.1-3.5-tlsa-death-patch
   postfix-3.4-3.7-input-limit-patch

   update to postfix-3.11.4

   add upstream patches for postfix/stable35, ok Brad:

   postfix-3.1-3.5-tlsa-death-patch
   postfix-3.4-3.7-input-limit-patch

   (3.5 is the last version which works with libressl, so it's kept
   around for cases when you need to use remote databases with TLS, which
   otherwise usually result in conflicts)

   update to postfix-3.11.4, ok Brad

   update to jansson-2.15.0, and I'm taking maintainer
   ok kirby@ (previous maintainer)

   Set check callback for menus so they aren't overwritten by sync.

   iked: enforce unique IKE spi in rekeying

   Reported by xiao__xiang at 163.com, thanks!
   Fix from markus@.

   Keep in-sync with R 4.6.0

   Update to R 4.6.0

   x509_vfy: another function pointer argument causing shadowing issues

   bio_meth: rename function pointer arguments to avoid stdio.h shadowing

   remove local ifdefs now we have dma_map_sg_attrs() and dma_unmap_sg()

   add dma_map_sg_attrs() and dma_unmap_sg() to remove local ifdefs
   in i915_gem_gtt.c

   Update miller to 6.19.0.

   Update atari800 to 6.0.0.

   Rewrite screen-redraw.c to make it tidier and more maintainable. A scene
   is generated and cached in the client: it holds positions and sizes of
   panes, borders and so on. The scene is invalidated when a pane is moved
   or resized or relevant option is changed. This scene is then drawn to
   the client as needed and text and colours are filled in. With Michael
   Grant.

   conf_api: remove a bunch of redundant parentheses

   Update fuse to 1.9.0.

   Reject empty CNAMEs in gethostbyname(3) / getaddrinfo(3).

   An empty string is arguably not a correct hostname (even though
   res_hnok accepts it). More worrisome though is software not expecting
   this and making mistakes. In practice this cannot happen unless the
   resolver lies to us.

   OK deraadt, jca