cmake.port.mk sets LIBfoo_VERSION for cmake to use as appropriate,
but this only works when the library name matches between SHARED_LIBS
and the cmake infrastructure - in this case there's a mismatch with
"proxy" vs "libproxy".
This used to be handled in this port by patching cmake files but
that's awkward to maintain so no surprise it accidentally got lost
in the last update; replace it by setting appropriate CONFIGURE_ENV
and MAKE_ENV in the port Makefile instead which is more maintainable.
Build problem with dependent ports reported by nigel@.
- Fixed a regression in resolver.c:possibly_mark() which caused
known-bogus servers to be queried anyway. [RT #41321]
- render_ecs errors were mishandled when printing out a OPT record
resulting in a assertion failure. (CVE-2015-8705) [RT #41397]
- Specific APL data could trigger a INSIST. (CVE-2015-8704) [RT #41396]
than 0.0.0.0 by default. This isn't good on OpenBSD which deliberately
doesn't allow IPv4 connections on an IPv6 socket so revert that change.
Failure reported and fix tested by Johan Huldtgren, ok aja@
CVE-2015-8605: UDP payload length not properly checked
"A badly formed packet with an invalid IPv4 UDP length field can
cause a DHCP server, client, or relay program to terminate abnormally."
(plus, compared to Henrik's diff, reinstate some make/MAKE_PROGRAM patches)
- mod_http_files could serve requests outside of the configured public root
- server-to-server dialback authentication (mod_dialback) weak RNG
fix for a transfer from a sender that you don't fully trust.
Originally gonzalo@ submitted a broken update to espie@ who passed
it around and then everybody forgot.
http://roy.marples.name/projects/dhcpcd/info/595883e2a431f65d
- Ensure that option length fits inside data length less option size.
(can lead to an invalid read/crash via malformed dhcp responses)
http://roy.marples.name/projects/dhcpcd/info/76a1609352263bd9
- dhcp_optlen now returns the length of the data we can sanely work
on given the option definition and data length. Call dhcp_optlen in
dhcp_envoption1 to take into ensure these bounds are not overstepped.
Fixes an issue reported by Nico Golde where extra undersized data was
present in the option. An example of this would be an array of uint16's
with a trailing byte.
(reporter says "exploitation is non-trivial, but i'd love to be
proven wrong.")
