On Thu, Mar 24, 2016, at 20:51, Adam D. Barratt wrote: > On Thu, 2016-03-24 at 10:16 +0100, Ondřej Surý wrote: > > And the patches... > > Thanks. > > While I'm generally more comfortable (happier's not really the right > word) with the changes, it looks like some of the changes aren't applied > in unstable - particularly the disabling of TLS compression and the > fixes for the CVEs; is that correct, or am I missing something?
Hmm, I though that 2.4.18 upstream version included both, which is true for TLS-configuration.patch, CVE-2011-3208.patch and CVE-2015-8076.patch, but it looks like CVE-2015-8077.patch and CVE-2015-8078.patch: Thanks for noticing that, I completely forgot about #804182, so I am doing build right now and will upload in couple of minutes. Cheers, -- Ondřej Surý <ond...@sury.org> Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
