An error in TSIG handling could permit unauthorized zone transfers
or zone updates. CVE-2017-3142, CVE-2017-3143.
Also updates the address of b.root in hints.
Add a patch from schwarze@ to avoid information loss in both groff and
mandoc (".PP text" to ".PP\ntext").
"It looks like pkg_create(1) is not passing the -t option to groff(1)
because lftp(1) lacks the tbl(7) annotation that you can see in the
first source line of, for example, xz(1)." and OK schwarze@
OK rsadowski@ (maintainer)
- Update the geolite2 maintainer target to cope with new upstream
packaging scheme, and also fetch the ASN database
- Add a subpackage for the ASN database
- Update GeoLite2 databases to latest version
OK sthen@
Fixes for:
- CVE-2017-7508 Remotely-triggerable ASSERT() on malformed IPv6 packet
- CVE-2017-7520 Pre-authentication remote crash/information disclosure
for clients
- CVE-2017-7521 Potential double-free in --x509-alt-username
- CVE-2017-7512 Remote-triggerable memory leaks
- CVE-2017-7522 Post-authentication remote DoS when using
the --x509-track option
- Null-pointer dereference in establish_http_proxy_passthru()
Full description at
https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243
This update kills some of our patches that were committed upstream.
Similar diff proposed by pirofti@, ok pirofti@ stsp@
Make sendto() work for IPv4 by setting the IP_MULTICAST_IF socket option.
Allows this port to drop the dependency on net/libnet and stop using the
associated sendto() replacement hack (which supports only IPv4).
Make IPv6 work: Fix adding/deleting IPv6 routes, and don't complain
about a missing net.inet6.icmp6.rediraccept sysctl.
Also enable the verbose build so build logs show the commands
being used to compile things.
ok danj@ sthen@
use of the gnustep module.
Patches for the modern runtime from Debian (pointer to it from jca@)
Additionally, some failing tests, due to using the modern runtime, are disabled
The package is currently broken, and this is an attempt to fix it, and
give people a chance to actually test it.
proposed to go ahead by sthen@, also OK espie@, jca@
There is a bit less bold face with mandoc because with mandoc, .in
terminates .ft, but in many of these cases, i doubt that the author
even intended so much bold face, and the mandoc output looks better.
