This commit adds TLSA records for all locally-hosted (sub)domains
(those with A or AAAA records that match the local box).
TLSA records are computed using the build_tlsa_record() method
based on the default certificate (or key). Since the default
key is the same for all domains hosted on the box, and the TLSA
criteria used are 3 1 1, the TLSA record will be the same for all
domains.
At this point, there is no opt-out mechanism. I'm not sure if this
is necessary, nor what would be the best way to do it if it is
necessary.
* sshfp records from nonstandard ports
If port 22 is not open, dns_update.py will not create SSHFP records
because it only scans port 22 for keys. This commit modifies
dns_update.py to parse the sshd_config file for open ports, and
then obtains keys from one of them (even if port 22 is not open).
* modified test of s per JoshData request
* edit CHANGELOG per JoshData
* fix typo
Seems like if REQUEST_METHOD is set to GET, then we can drop two redundant ways the query string is given. munin-cgi-graph itself reads the environment variables only, but its calls to Perl's CGI::param will look at the command line if REQUEST_METHOD is not used, otherwise it uses environment variables like CGI used to work.
Since this is all behind admin auth anyway, there isn't a public vulnerability. #914 was opened without comment which lead me to notice the redundancy and worry about a vulnerability, before I realized this is admin-only anyway.
The vulnerability was created by 6d6f3ea391.
See #914.
This is the v0.19b hotfix commit.
Seems like if REQUEST_METHOD is set to GET, then we can drop two redundant ways the query string is given. munin-cgi-graph itself reads the environment variables only, but its calls to Perl's CGI::param will look at the command line if REQUEST_METHOD is not used, otherwise it uses environment variables like CGI used to work.
Since this is all behind admin auth anyway, there isn't a public vulnerability. #914 was opened without comment which lead me to notice the redundancy and worry about a vulnerability, before I realized this is admin-only anyway.
DavDroid's latest version's account configuration no longer just asked for a hostname. Its email address & password configuration mode did not work without a SRV record.
David R. Andersen
Michael Kroes
rxcomm
Joshua Tauberer
Steve Gregg
Marius Blüm
Mathis Hoffmann
Corey Hinshaw
Scott Bronson
cs@twoflower
ReadmeCritic
schlypel