8ac581d7ea
Add bind914 version 9.14.1 package (BIND 9.14.1).
pkgsrc chagnes:
* Add blacklist support from NetBSD base system.
* Note about required directories.
BIND, the Berkeley Internet Name Daemon. This package contains the BIND
9.14 release.
* A new "plugin" mechanism has been added to allow query functionality
to be extended using dynamically loadable libraries. The "filter-aaaa"
feature has been removed from named and is now implemented as a
plugin.
* QNAME minimization, as described in RFC 7816, is now supported.
* Socket and task code has been refactored to improve performance on
most modern machines.
* "Root key sentinel" support, enabling validating resolvers to indicate
via a special query which trust anchors are configured for the root
zone.
* Secondary zones can now be configured as "mirror" zones; their
contents are transferred in as with traditional slave zones, but are
subject to DNSSEC validation and are not treated as authoritative data
when answering. This makes it easier to configure a local copy of the
root zone as described in RFC 7706.
* The "validate-except" option allows configuration of domains below
which DNSSEC validation should not be performed.
* The default value of "dnssec-validation" is now "auto".
* IDNA2008 is now supported when linking with libidn2.
* "named -V" now outputs the default paths for files used by named and
other tools.
20 lines
570 B
C
20 lines
570 B
C
$NetBSD: patch-lib_dns_gssapi__link.c,v 1.1 2019/04/30 03:34:34 taca Exp $
|
|
|
|
* C syntax.
|
|
|
|
--- lib/dns/gssapi_link.c.orig 2019-04-06 20:09:59.000000000 +0000
|
|
+++ lib/dns/gssapi_link.c
|
|
@@ -190,9 +190,12 @@ gssapi_verify(dst_context_t *dctx, const
|
|
gss_buffer_desc gmessage, gsig;
|
|
OM_uint32 minor, gret;
|
|
gss_ctx_id_t gssctx = dctx->key->keydata.gssctx;
|
|
- unsigned char buf[sig->length];
|
|
+ unsigned char buf[4096];
|
|
char err[1024];
|
|
|
|
+ if (sizeof(buf) < sig->length)
|
|
+ abort();
|
|
+
|
|
/*
|
|
* Convert the data we wish to sign into a structure gssapi can
|
|
* understand.
|