available (black)lists containing malicious and/or generally suspicious
trails, along with static trails compiled from various AV reports and
custom user defined lists, where trail can be anything from domain name
(e.g. zvpprsensinaix.com for Banjori malware),
URL (e.g. http://109.162.38.120/harsh02.exe for known malicious executable),
IP address (e.g. 185.130.5.231 for known attacker) or HTTP User-Agent header
value (e.g. sqlmap for automatic SQL injection and database takeover tool).
Also, it uses (optional) advanced heuristic mechanisms that can help in
discovery of unknown threats (e.g. new malware).
WWW: https://github.com/stamparm/maltrail
PR: 233074
Submitted by: Michael Muenz <m.muenz@gmail.com>
Global Development Group has released an update to all supported versions of
our database system, including 11.1, 10.6, 9.6.11, 9.5.15, 9.4.20, and 9.3.25.
This release fixes one security issue as well as bugs reported over the last
three months.
All users using the affected versions of PostgreSQL should update as soon as
possible. Please see the notes on "Updating" below for any post-update steps
that may be required if you are using pg_stat_statements in your installation.
This update is also the final release for PostgreSQL 9.3, which is now
end-of-life and will no longer receive any bug or security fixes. If your
environment still uses PostgreSQL 9.3, please make plans to update to a
community supported version as soon as possible. Please see our versioning
policy for more information.
Releasenotes: https://www.postgresql.org/about/news/1905/
Security: 1c27a706-e3aa-11e8-b77a-6cc21735f730
Security: CVE-2018-16850
Remove unused patches.
While here, fix build with OpenSSL 1.1.x
PR: 231274
Submitted by: Henry David Bartholomew <PopularMoment@protonmail.com>
MFH: 2018Q4
<ChangeLog>
Upgrade urgency: URGENT if you use Redis Streams. MODERATE otherwise.
Hi all, this is the first patch level release of Redis 5. It contains
both fixes and improvements. Here there is a list of the major ones, however
read the commit messages at the end of the changelog if you want to know
more about the smaller things. Let's start with the new features:
* Sentinel now supports authentication! Check the Sentinel official doc
for more info.
* Redis-cli cluster "fix" is now able to fix a big number of clusters put
in a bad condition. Previously many corner cases were not covered.
Now the critical fixes:
1. Fix RESTORE mismatch reply when certain keys already expired.
2. Fix an XCLAIM non trivial issue: sometimes the command returned a wrong
entry or desynchronized the protocol.
And now the other fixes:
3. Stack trace generation on the Raspberry PI (and 32bit ARM) fixed.
4. Don't evict expired keys when the KEYS command is called, in order to
avoid a mass deletion event. However expired keys are not displayed
by KEYS as usually.
5. Improvements in the computation of the memory used, when estimating
the AOF buffers.
6. XRANGE COUNT of 0 fixed.
7. "key misses" stats accounting fixed. Many cache misses were not counted.
8. When in MULTI state, return OOM while accumulating commands and there
is no longer memory available.
9. Fix build on FreeBSD and possibly others.
10. Fix a crash in Redis modules, thread safe context reply accumulation.
11. Fix a race condition when producing the RDB file for full SYNC.
12. Disable protected mode in Sentinel.
13. More commands now have the HELP subcommand.
14. Fixed an issue about adaptive server HZ timer.
15. Fix cluster-replica-no-failover option name.
</ChangeLog>
Enable libEGL build for all platforms, even those without llvm. Previously
it was disabled on those platforms. This has been tested on sparc64.
Remove the EGL option completely.
PR: 232729
Submitted by: jbeich
Tested by: Yoshihiko Iwama (sparc64 support)
Also, remove support for Clang < 4.0 and GCC < 6 for devel/simgear [1] and
games/flightgear ports.
PR: 232832 [1]
Submitted by: Piotr Kubaj <pkubaj@anongoth.pl> [1]
