Do not ship evtag functions in base libevent.
Upstream libevent 2.1.13-stable contains several security fixes.
Our reduced libevent 1.4.15-stable does not contain the affected
code. The functions in event_tagging.c are only used by evrpc which
we have removed from libevent. As the attack vectors for the
upstream fixes go through evrpc to evtag, better remove this dead
code and do not export it in our libevent. Major library bump
needed.
OK dlg@ claudio@ sthen@
der_len needs to be int so that the error check around i2d_X509_PUBKEY()
works. Only positive der_len values make it to base64_encode() where it
is promoted to size_t which is fine.
OK tb@
ASnum are unsigned 32bit values. Use %u to print them not %d.
Also use json_do_uint() just to be consistent. The json encoder operates
with 64bit values so it does not matter there as much as it does for printf.
With and OK tb@
- fix syntax in example login_ldap.conf file, it had :\ on a line
presumably when converted from getcap in the ports version
- switch to a more unix-y sample filter, and add a commented-out example
for ActiveDirectory
based on a diff from Chaz Kettleson which was ok with tweaks by claudio@,
and incorporating feedback from Andrew Daugherity
Restore { and } to swap-pane and for floating panes and use a separate
key table accessed by g (short for "gove and/or gesize") for floating
panes. So "C-b g Up" moves the pane to top-centre, "C-b g M-Up" moves
and resizes it. This means we not only do not lose the surprisingly
popular { and } bindings, but we can have more than four keys for moving
and resizing panes.
don't assume an ipv4 header is always 20 bytes.
as reported by SecBuddyF, Tencent KeenLab:
> OpenBSD's pipex PPTP GRE packet handling uses a fixed GRE/IP header
> length check before later reading the GRE header at an offset derived
> from the actual IPv4 header length.
>
> When IPv4 options are present, the dynamic IPv4 header length can
> be larger than 20 bytes. A short GRE packet can therefore pass the
> fixed 28-byte PIPEX_IPGRE_HDRLEN check while still being too short
> for the later m_copydata(m0, hlen, sizeof(gre), &gre) read.
>
> This can trigger:
>
> panic: m_copydata: null mbuf
>
> The issue is remotely triggerable when GRE and pipex are enabled
> and inbound IPv4 GRE packets with IP options are allowed to reach
[8 lines not shown]
iked: Wrong data structure zeroized
The parameter int mask was confused with the local variable struct
sockaddr_in mask4. bzero(3) was applied to mask instead of mask4.
ok markus@