don't forward packets with a source ip of 0.0.0.0.
my initial motivation here is that ip_output special cases 0.0.0.0
and replaces it with an ip from the local system under the assumption
that an unset ip originates from the local system.
in addition to this, my reading of rfc1122 makes me think it's
illegal from a standards point of view too, and sthen@ points out
that rfc6890 agrees. this makes fixing the stack problem easy because
we can just drop the packet.
this check is done for forwarded packets, but we should continue
to treat packets from 0.0.0.0 on a connected network as valid because
protocols like dhcp and igmp need to use it when they don't have
an ip yet. ie, we should accept packets from 0.0.0.0, but not forward
them.
i discovered this because there's a clever clogs dhcp implementation
somewhere at work that knows it hasn't got an address yet, but it tries
[6 lines not shown]
import ports/security/py-python-pskc, ok tb@
This Python library handles Portable Symmetric Key Container (PSKC)
files as defined in RFC 6030. PSKC files are used to transport and
provision symmetric keys (seed files) to different types of crypto
modules, commonly one-time password tokens or other authentication
devices.
This module can be used to extract keys from PSKC files for use in an
OTP authentication system. The module can also be used for authoring
PSKC files.
Implement the bits to support HW crypto and with the wpakey in mwx(4).
The HW is able to handle everything in HW but I only tested WPA2.
Committed over the hackathon wifi which uses wpa.
add upstream patches for postfix/stable35, ok Brad:
postfix-3.1-3.5-tlsa-death-patch
postfix-3.4-3.7-input-limit-patch
(3.5 is the last version which works with libressl, so it's kept
around for cases when you need to use remote databases with TLS, which
otherwise usually result in conflicts)
Rewrite screen-redraw.c to make it tidier and more maintainable. A scene
is generated and cached in the client: it holds positions and sizes of
panes, borders and so on. The scene is invalidated when a pane is moved
or resized or relevant option is changed. This scene is then drawn to
the client as needed and text and colours are filled in. With Michael
Grant.
Reject empty CNAMEs in gethostbyname(3) / getaddrinfo(3).
An empty string is arguably not a correct hostname (even though
res_hnok accepts it). More worrisome though is software not expecting
this and making mistakes. In practice this cannot happen unless the
resolver lies to us.
OK deraadt, jca