CVE-2018-5744: A specially crafted packet can cause named to leak memory
...
A failure to free memory can occur when processing messages
having a specific combination of EDNS options.
By exploiting this condition, an attacker can potentially cause
named's memory use to grow without bounds until all memory
available to the process is exhausted. Typically a server process
is limited as to the amount of memory it can use but if the named
process is not limited by the operating system all free memory
on the server could be exhausted.
...
CVE-2018-5745: An assertion failure can occur if a trust anchor
rolls over to an unsupported key algorithm when using managed-keys
(there is also CVE-2019-6465 but we don't build dlz)
OK cwen@
Comment:
retrieve terminal size
Description:
This is a unified interface to retrieve terminal size. It loads one
module of a list of known alternatives, each implementing some way to
get the desired terminal information. This loaded module will actually
do the job on behalf of `Term::Size::Any'.
On timestamps such as " 4-Mar-2018 16:49:25 -0500", mbsync would abort if
the Channel option `CopyArrivalDate' was set.
The IMAP protocol specifies a date format beginning with a day-of-month
space-padded to two characters. The "%d" specifier in glibc's strptime(3)
will consume a space-padded day of month, but OpenBSD's "%d" only accepts
leading zeroes.
Prodded by this issue, our strptime(3) now strips leading spaces with "%e"
as of lib/libc/time/strptime.c r1.25.
Found, analysed and patch (using "%n%d" instead of "%e") from
Evan Silberman <evan at jklol dot net>, thanks!
OK afresh1@
Comment:
perl extension for retrieving terminal size
Description:
Yet another implementation of Term::Size. Now in pure Perl, with
the exception of a C probe run on build time.
a command line tool which executes commands on remote servers. Define
tasks in Perl and execute them on remote servers or groups of servers.
Rex can be used to:
_ Deploy web applications to servers sequentially or in parallel.
_ Automate common tasks.
_ Provision servers using Rex's builtin tools.
From Olivier Cherrier <oc AT symacx.com>
with tweaks from sthen@
This module reads MANIFEST to find modules to be tested and does
use_ok() for each of them. Now all you have to do is update MANIFEST.
You don't have to modify the test any more (hopefully).
ok sthen@
Janet is a functional and imperative programming language. The entire
language (core library, interpreter, compiler, assembler) is about
200-300 kB and should run on many constrained systems.
Janet makes a good system scripting language or a language to embed in
other programs, similar Lua or Guile. Janet also can be used for rapid
prototying, dynamic systems, and other domains where lisp shines.
Features include first class closures, garbage collection, lisp macros,
a REPL, the ability to directly interoperate with C including
dynamically loading C libraries, and an extensive core library.
