WPA: Ignore unauthenticated encrypted EAPOL-Key data
Though hostapd is technically not vulnerable, the mitigation for
CVE-2018-14526 does apply cleanly, therefore it is applied to maintain
consistency with net/wpa_supplicant and wpa in base.
Approved by: leres@
MFH: 2018Q3
Differential Revision: https://reviews.freebsd.org/D16718
This update separates PulseAudio modules from net/xrdp port.
There're two reasons to separete them. The one is upstream now provides
them as separated repositories. The another one is PulseAudio modules
need to be rebuilt after the version of audio/pulseaudio changed but
the most part of net/xrdp port doesn't need rebuild. This minimizes
time for rebuilding.
Approved by: hrs (mentor)
Differential Revision: https://reviews.freebsd.org/D16621
to run without a dhcp6cctlkey file. Use openssl to generate
one from the rc.d script when it is missing.
PR: 229400
Reviewed by: ler (mentor)
Approved by: maintainer timeout (6 weeks), ler (mentor)
Differential Revision: https://reviews.freebsd.org/D16739
In jail environment, because fping 4.0 comes
with combined IPv4/IPv6 support, you need to enable
IPv6 for the jail even if you will not use IPv6.
This patch adds an IPV6 option, enabled by default,
but who can be turn off to build fping without IPv6
support and used it inside a jail without IPv6.
PR: 229903
Submitted by: Andrew <andrew.hotlab@hotmail.com>
Reported by: Stefan Witzel <stefan.witzel@zvw.uni-goettingen.de>
Approved by: <jharris@widomaker.com> (maintainer)
-Wall and -Wextra tend to highlight new compiler features, not new problems.
They don't need to be on when building a port... -Werror just makes them
worse.
PR: 230623
Reported by: jbeich@
Sponsored by: Limelight Networks
Also, sort plist.
* BREAKING CHANGE: When downloading the free databases without a
MaxMind account, you must either not have `AccountID`, `UserId`,
or `LicenseKey` set in your configuration file or they must be set
to the zero values previously recommended in our documentation. Any
other value will cause an authorization error.
* BREAKING CHANGE: The configuration options `Protocol`,
`SkipPeerVerification`, and `SkipHostnameVerification` are no longer
supported. If they are present in the configuration file, they will
be ignored. HTTPS with peer and hostname verification will be used
on all requests.
* BREAKING CHANGE: The configuration file must have the `AccountID`
or the deprecated `UserId` when downloading a paid database.
Previously, when downloading the GeoIP Legacy Country database, you
were able to only provide the `LicenseKey`.
* IMPORTANT: `geoipupdate-pureperl.pl` has been removed and will no
longer be distributed with `geoipupdate`. This Perl script had known
issues and did not have feature parity with the C implementation. If
you were using the Perl version, we recommend that you switch to the
C version. If you are not able to do this, you may continue using the
Perl version distributed with 2.5.0.
* This program no longer uses the following endpoints:
`/app/update_getipaddr`, `/app/update`, and `/app/update_secure`.
`/geoip/databases/{edition_id}/update` is now used instead.
* Fixed issue in `gu_strnlen()` dereferencing a pointer before checking
that it was in array bounds. Issue found by fcntl.
* We now update the default GeoIP.conf during installation so that
directory paths match build parameters. Previously this config always
said the data directory was under /usr/local/share which was not always
accurate.
* Improve the error checking and display the underlying reason for the
error when possible. Reported by Jonathan Kosgei. GitHub #82.
* Document that the `LockFile` is not removed from the filesystem after
a successful exit from the program. GitHub issue #79.
* Make default configuration directory agree with default installation
directory.
