remove the maintainer convenience target for geolite databases as there
will be no more updates to these. update MESSAGE-main.
Users should switch to geolite2 and adapt programs to using libmaxminddb
if they want to continue with the free databases. There are still a few
months left on commercial updates for geolite 1.
other fixes);
dhcpcd-7.0.0, 7.0.1 and 7.0.2 are vulnerable to the DHCP6 issue where the
message is copied from the DHCP6 option into a buffer, but is NULL terminated
beyond the size of the buffer.
dhcpcd-6 is not vulnerable.
ChangeLog:
https://dnsdist.org/changelog.html#change-1.3.0
Port changes:
- activate DNS-over-TLS and DNSCrypt support
- tweak rc script to handle the removal of --daemon
- fix config file installation
From maintainer Peter van Dijk with PLIST tweaks by me.
naddy@ found that net/ocserv failed to build during his latest amd64
package bulk build. Specifically, configure appears to pick up GeoIP if
installed, but there is no dependency on net/GeoIP.
OK naddy@, sthen@
CVE-2018-6532: By sending specially crafted requests, authenticated and
unauthenticated, an attacker can exhaust a lot of memory on the server
side, triggering the OOM killer.
CVE-2018-6534: By sending specially crafted messages, an attacker can
cause a NULL pointer dereference, which can cause Icinga2 to crash.
CVE-2018-6535: Lack of a constant-time password comparison function can
disclose the password to an attacker.
Detailed write-up and simple crashers for the above at
https://hansmi.ch/articles/2018-03-icinga2-security
(CVE-2017-16933 and CVE-2018-6536 also in this release relate to the
init scripts that we don't use).
possible to remove thread locking with auto-init support but skipping
that for now.
attempt to build on hppa again; it switched compiler since it was marked
BROKEN.
