Notable changes:
Add -DCMAKE_CXX_FLAGS="-DELEKTRA_SHARED" to work around an upstream
bug (already fixed) in the Makefile.
Signed-off-by: Harald Geyer <harald@ccbib.org>
Among many fixes and improvements this new version adds
support of ARC architecture (ARC port was actually introduced
in v3.1 but while at it why not to update to the most recent version).
Which allows to build dependent projects like Python etc.
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Fixes segfaults occuring in the node host build when GCC 6 is used.
Backport of upstream commit 96198d5bc7.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
- add DNS lookup support for "drill" and "khost" (Knot DNS) #2637
- new service nsupdate.info (IPv4 and IPv6) #2433
- new services dyndnss.net, dyns.net (IPv4 only)
- new services dnshome.de, goip.de, myonlineportal.net (IPv4 and IPv6)
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
* push gnurl, gnutls and libmicrohttpd dependencies down to modules
* use standard UID/GID for gnunet (958/958)
* use GID adjecent (452) to dnsmasq (453) for gnunetdns to allow
using the owner match with a range of GIDs (452-452)
* package new gnunet-social pub/sub CLI tool
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Fixes the following CVEs:
Bug 3020 / CVE-2016-1551: Refclock impersonation vulnerability, AKA: refclock-peering
Reported by Matt Street and others of Cisco ASIG
Bug 3012 / CVE-2016-1549: Sybil vulnerability: ephemeral association attack, AKA: ntp-sybil - MITIGATION ONLY
Reported by Matthew Van Gundy of Cisco ASIG
Bug 3011 / CVE-2016-2516: Duplicate IPs on unconfig directives will cause an assertion botch
Reported by Yihan Lian of the Cloud Security Team, Qihoo 360
Bug 3010 / CVE-2016-2517: Remote configuration trustedkey/requestkey values are not properly validated
Reported by Yihan Lian of the Cloud Security Team, Qihoo 360
Bug 3009 / CVE-2016-2518: Crafted addpeer with hmode > 7 causes array wraparound with MATCH_ASSOC
Reported by Yihan Lian of the Cloud Security Team, Qihoo 360
Bug 3008 / CVE-2016-2519: ctl_getitem() return value not always checked
Reported by Yihan Lian of the Cloud Security Team, Qihoo 360
Bug 3007 / CVE-2016-1547: Validate crypto-NAKs, AKA: nak-dos
Reported by Stephen Gray and Matthew Van Gundy of Cisco ASIG
Bug 2978 / CVE-2016-1548: Interleave-pivot - MITIGATION ONLY
Reported by Miroslav Lichvar of RedHat and separately by Jonathan Gardner of Cisco ASIG
Bug 2952 / CVE-2015-7704: KoD fix: peer associations were broken by the fix for NtpBug2901, AKA: Symmetric active/passive mode is broken
Reported by Michael Tatarinov, NTP Project Developer Volunteer
Bug 2945 / Bug 2901 / CVE-2015-8138: Zero Origin Timestamp Bypass, AKA: Additional KoD Checks
Reported by Jonathan Gardner of Cisco ASIG
Bug 2879 / CVE-2016-1550: Improve NTP security against buffer comparison timing attacks, authdecrypt-timing, AKA: authdecrypt-timing
Reported independently by Loganaden Velvindron, and Matthew Van Gundy and Stephen Gray of Cisco ASIG.
Signed-off-by: Peter Wagner <tripolar@gmx.at>
OpenWrt offers a special 'prelocal' routing table at priority 0.
Use it, so local-to-local DNS traffic also gets redirected properly.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>