---
- branch: netbsd-8
  date: Fri Jun 22 17:54:47 UTC 2018
  files:
  - new: 1.54.2.7
    old: 1.54.2.6
    path: src/sys/netipsec/xform_ah.c
    pathrev: src/sys/netipsec/xform_ah.c@1.54.2.7
    type: modified
  id: 20180622T175447Z.e0822235dfe977aa6439b94a1fc14cda8947b56d
  log: "Pull up following revision(s) (requested by maxv in ticket #889):\n\n\tsys/netinet6/ip6_output.c:
    revision 1.205\n\tsys/netipsec/xform_ah.c: revision 1.90,1.93,1.102,1.103\n\nSimplify
    the IPv4 parser. Get the option length in 'optlen', and sanitize\nit earlier.
    A new check is added (off + optlen > skip).\n\nIn the IPv6 parser we reuse 'optlen',
    and remove 'ad' as a result.\n\nRemove the kernel RH0 code. RH0 is deprecated
    by RFC5095, for security\nreasons. RH0 was already removed in the kernel's input
    path, but some\nparts were still present in the output path: they are now removed.\nSent
    on tech-net@ a few days ago.\n\nFix non-INET6 builds\n\nStrengthen and simplify,
    once more.\n"
  module: src
  subject: 'CVS commit: [netbsd-8] src/sys/netipsec'
  unixtime: '1529690087'
  user: martin