the bitrig stable/1.0 branch has been updated by patrick with 7 new commits:
commit 430c74f1680d36cf8fe01e33d04087268a96b9a8 diff: https://github.com/bitrig/bitrig/commit/430c74f author: Patrick Wildt <[email protected]> date: Wed Dec 10 21:48:23 2014 +0100 Implement a fix from OpenBSD 5.6-stable: Backport fix for CVE-2014-8602 - Limit the number of fetches performed for a DNS query, to avoid the resolver being tricked into following an endless series of delegations, consuming a lot of resources. Many DNS recursive resolvers are affected by this bug (including BIND, Unbound, and PowerDNS recursor). More details at: http://www.unbound.net/pipermail/unbound-users/2014-December/003662.html Diff from florian@, tested by myself. ok pedro@ M usr.sbin/unbound/iterator/iterator.c M usr.sbin/unbound/iterator/iterator.h commit 66782d866d747df956148d863aebd73f96cdfd6d diff: https://github.com/bitrig/bitrig/commit/66782d8 author: Patrick Wildt <[email protected]> date: Wed Dec 3 20:31:18 2014 +0100 Implement a fix from OpenBSD 5.6-stable: httpd was developed very rapidly in the weeks before 5.6 release, and it has a few flaws. It would be nice to get these flaws fully remediated before the next release, and that requires the community to want to use it. Therefore here is a "jumbo" patch that brings in the most important fixes. committing on behalf of reyk@ M usr.sbin/httpd/config.c M usr.sbin/httpd/http.h M usr.sbin/httpd/httpd.c M usr.sbin/httpd/httpd.h M usr.sbin/httpd/logger.c M usr.sbin/httpd/parse.y M usr.sbin/httpd/server.c M usr.sbin/httpd/server_fcgi.c M usr.sbin/httpd/server_file.c M usr.sbin/httpd/server_http.c commit ddd5f23457555f3583ce718bb10721c6772cb1de diff: https://github.com/bitrig/bitrig/commit/ddd5f23 author: Patrick Wildt <[email protected]> date: Wed Dec 3 20:27:10 2014 +0100 Implement a fix from OpenBSD 5.6-stable: backport the correct fix for overlapping memcpy which caused corrupt MACs ok pedro@ M sys/net/if_ethersubr.c commit ee4d85b388ed2e1adb50e6b75e5d0224a0696703 diff: https://github.com/bitrig/bitrig/commit/ee4d85b author: Patrick Wildt <[email protected]> date: Wed Dec 3 20:26:35 2014 +0100 Implement a fix from OpenBSD 5.6-stable: Check the header fields of GRE and MPPE packets strictly. ok pedro@ M sys/net/pipex.c M sys/net/pipex_local.h commit 811a48828a52da21f829bf8bee067db31d0b0b5d diff: https://github.com/bitrig/bitrig/commit/811a488 author: Patrick Wildt <[email protected]> date: Wed Dec 3 20:21:14 2014 +0100 Implement a fix from OpenBSD 5.6-stable: backport fix to avoid null deref with invalid hostnames ok pedro@ M lib/libc/asr/gethostnamadr_async.c M lib/libc/asr/getnetnamadr_async.c commit 0a58fbe8e122038f27e9fb6342c5f7bef842f7b4 diff: https://github.com/bitrig/bitrig/commit/0a58fbe author: Patrick Wildt <[email protected]> date: Wed Dec 3 20:20:28 2014 +0100 Implement a fix from OpenBSD 5.6-stable: backport 1.34. Don't crash without HTTP version. ok pedro@ M usr.sbin/relayd/relay_http.c commit b14f9c5db9faf74af59d142495779117624a4e67 diff: https://github.com/bitrig/bitrig/commit/b14f9c5 author: Patrick Wildt <[email protected]> date: Wed Dec 3 20:18:32 2014 +0100 Implement a fix from OpenBSD 5.6-stable: backport 1.100: support for $2b$ hashes. ok deraadt ok pedro@ M usr.sbin/user/user.c
