and updating the bundled pcre (also security fixes).
add patches to use arc4random_buf instead of /dev/urandom (which is
typically not available on a normal OpenBSD php installation, with very
bad fallbacks in some cases).
ok robert@
and updating the bundled pcre (also security fixes).
add patches to use arc4random_buf instead of /dev/urandom (which is
typically not available on a normal OpenBSD php installation, with very
bad fallbacks in some cases).
testing of arc4random bits from martijn@, ok robert@
is inaccessible. Specifically: fixes amavisd-new startup if razor-agents
is installed (rc.d cd's to the *startup* user's home, i.e. /root, but
this is normally unreadable for the unprivileged user). Remove a useless
FAKE_FLAGS while there. ok ajacoutot@
Adding -O0 for the next bulk build. I don't have a machine where to
test the workaround. I will remove the comment when I know if that
helps with the bug or not.
package's old default but this has been replaced in the csv file since
the OpenDNS acquisition.
There is now no default; select a server yourself and configure it as shown
in the readme.
remove the package if installed. This was then removed from perl core again,
a port was added, but the quirk wasn't removed, so people who *don't* clean
their /usr/libdata between updates would have the new version from packages
removed, and people who *do* clean would see a message like this,
"Not removing p5-Module-Pluggable-5.2 , /usr/libdata/perl5/Module/Pluggable.pm not found"
Remove from quirks to fix.
Listing or checking the integrity may call readpassphrase(3)
and thus requires a "tty" promise.
Report and fix by provided by Andre S, thanks!
ok czarkoff@, Josh Grosse (MAINTAINER)
changes:
- old-configure is gone, so use waf
- instead of patching cd/dvd device names, use sed
- explicitly disable dependencies we don't have but may get in future
ok, tweaks and testing bentley@, jasper@ and sthen@
- Security: malformed packets could cause the OpenDNS deviceid,
OpenDNS set-client-ip, blocking and AAAA blocking plugins to use
uninitialized pointers, leading to a denial of service or possibly
code execution. The vulnerable code is present since dnscrypt-proxy
1.1.0. OpenDNS users and people using dnscrypt-proxy in order to block
domain names and IP addresses should upgrade as soon as possible.
The vmdktool utility converts raw filesystems to the VMDK format and vice versa.
It can also produce information for a given VMDK file.
req., tested by and OK reyk@
where the decoder writes assuming 4 bytes per pixel into a 3 byte per pixel
wide buffer, allowing writing 768 bytes off the end of the buffer. This
overwrites objects in Python's stack, leading to a crash.
https://github.com/python-pillow/Pillow/pull/1706
(There's also a newer upstream release but that will need additional
checking before it can go in).
- A stack overflow in vulnerability was found that can be triggered when
command line arguments (complete address specifications, host names,
file names) are longer than 512 bytes.
- In the OpenSSL address implementation the hard coded 1024 bit DH p
parameter was not prime. [..] Fix: generated a new 2048bit prime.
