the bitrig patrick_stable branch has been created by patrick. it is 0 commits behind master, and 7 commits ahead.
commit e2ed623a4d6c90ec9e5bb401f2d751ff1fce1d8c diff: https://github.com/bitrig/bitrig/commit/e2ed623 author: Patrick Wildt <[email protected]> date: Wed Dec 10 21:48:23 2014 +0100 Implement a fix from OpenBSD 5.6-stable: Backport fix for CVE-2014-8602 - Limit the number of fetches performed for a DNS query, to avoid the resolver being tricked into following an endless series of delegations, consuming a lot of resources. Many DNS recursive resolvers are affected by this bug (including BIND, Unbound, and PowerDNS recursor). More details at: http://www.unbound.net/pipermail/unbound-users/2014-December/003662.html Diff from florian@, tested by myself. M usr.sbin/unbound/iterator/iterator.c M usr.sbin/unbound/iterator/iterator.h commit b6758ca07958c722baf0e760681eb2fbd32ff7c2 diff: https://github.com/bitrig/bitrig/commit/b6758ca author: Patrick Wildt <[email protected]> date: Wed Dec 3 20:31:18 2014 +0100 Implement a fix from OpenBSD 5.6-stable: httpd was developed very rapidly in the weeks before 5.6 release, and it has a few flaws. It would be nice to get these flaws fully remediated before the next release, and that requires the community to want to use it. Therefore here is a "jumbo" patch that brings in the most important fixes. committing on behalf of reyk@ M usr.sbin/httpd/config.c M usr.sbin/httpd/http.h M usr.sbin/httpd/httpd.c M usr.sbin/httpd/httpd.h M usr.sbin/httpd/logger.c M usr.sbin/httpd/parse.y M usr.sbin/httpd/server.c M usr.sbin/httpd/server_fcgi.c M usr.sbin/httpd/server_file.c M usr.sbin/httpd/server_http.c commit 3406796066740a1b0cba7e9cd10016b5886dc5f1 diff: https://github.com/bitrig/bitrig/commit/3406796 author: Patrick Wildt <[email protected]> date: Wed Dec 3 20:27:10 2014 +0100 Implement a fix from OpenBSD 5.6-stable: backport the correct fix for overlapping memcpy which caused corrupt MACs M sys/net/if_ethersubr.c commit c056ab502e778f98a3470d8bce34600b6d337ddf diff: https://github.com/bitrig/bitrig/commit/c056ab5 author: Patrick Wildt <[email protected]> date: Wed Dec 3 20:26:35 2014 +0100 Implement a fix from OpenBSD 5.6-stable: Check the header fields of GRE and MPPE packets strictly. M sys/net/pipex.c M sys/net/pipex_local.h commit 7eac19de38bc6dd1b188299c6656b0c09b1a3015 diff: https://github.com/bitrig/bitrig/commit/7eac19d author: Patrick Wildt <[email protected]> date: Wed Dec 3 20:21:14 2014 +0100 Implement a fix from OpenBSD 5.6-stable: backport fix to avoid null deref with invalid hostnames M lib/libc/asr/gethostnamadr_async.c M lib/libc/asr/getnetnamadr_async.c commit e92a8ab6b1919dfc64297c7069060f3d41eeb3d8 diff: https://github.com/bitrig/bitrig/commit/e92a8ab author: Patrick Wildt <[email protected]> date: Wed Dec 3 20:20:28 2014 +0100 Implement a fix from OpenBSD 5.6-stable: backport 1.34. Don't crash without HTTP version. M usr.sbin/relayd/relay_http.c commit 1e887384213b8b1b83437a64a8b40002e858bacf diff: https://github.com/bitrig/bitrig/commit/1e88738 author: Patrick Wildt <[email protected]> date: Wed Dec 3 20:18:32 2014 +0100 Implement a fix from OpenBSD 5.6-stable: backport 1.100: support for $2b$ hashes. ok deraadt M usr.sbin/user/user.c
