CVSROOT: /cvs
Module name: src
Changes by: be...@cvs.openbsd.org 2021/11/09 06:41:24
Modified files:
usr.sbin/rpki-client: Tag: OPENBSD_6_9 Makefile cert.c cms.c
crl.c encoding.c extern.h gbr.c http.c
io.c ip.c main.c mft.c mkdir.c
output-bgpd.c output-bird.c output-csv.c
output-json.c output.c parser.c repo.c
roa.c rpki-client.8 rrdp.c rrdp.h
rrdp_delta.c rrdp_notification.c
rrdp_snapshot.c rsync.c tal.c validate.c
version.h x509.c
usr.bin/rsync : Tag: OPENBSD_6_9 Makefile blocks.c client.c
downloader.c extern.h fargs.c flist.c main.c
misc.c mkpath.c receiver.c rsync.1 sender.c
server.c session.c socket.c symlinks.c
uploader.c
Log message:
rpki-client(8) should handle CA misbehaviours as soft-errors.
This is a merge of usr.sbin/rpki-client and usr.bin/rsync from current
and includes all commits in rpki-client 7.5 up to Tue Nov 9 11:03:40
2021 and to openrsync up to Wed Nov 3 14:42:13 2021, including:
* Make rpki-client more resilient regarding untrusted input:
- fail repository synchronisation after 15min runtime
- limit the number of publication points per TAL
- don't allow DOCTYPE definitions in RRDP XML files
- fix detection of HTTP redirect loops.
* limit the number of concurrent rsync processes.
* fix CRLF in tal files.
This is patches/6.9/common/021_rpki.patch.sig
