Fix for dnsmasq breakage

2018-07-02 Thread Nick Hall 
The recent update to the dns-root-data package in jessie changed its format
which in causes dnsmasq to not be able to start up, which causes DNS
servers running dnsmasq to not work.

See debian bug # 858506 for more information for when this happened on
stretch.

The attached patch is taken from there and fixes the issue.

Nick Hall
--- etc/init.d/dnsmasq.orig	2018-07-02 07:09:55.553073068 -0500
+++ etc/init.d/dnsmasq	2018-07-02 07:10:36.385072508 -0500
@@ -111,7 +111,7 @@
 ROOT_DS="/usr/share/dns/root.ds"
 
 if [ -f $ROOT_DS ]; then
-   DNSMASQ_OPTS="$DNSMASQ_OPTS `sed -e s/". IN DS "/--trust-anchor=.,/ -e s/" "/,/g $ROOT_DS | tr '\n' ' '`" 
+   DNSMASQ_OPTS="$DNSMASQ_OPTS $(cat $ROOT_DS | tr '[:blank:]' '\t' | cut -f4- | sed 's#^[A-Z]\+\s\+## ; s#^#--trust-anchor=.,# ; s:[ \t]\+:,:g' | paste -s -d ' ')"
 fi
 
 start()

jetty CVE triage: jetty8 ignored?

2018-07-02 Thread Hugo Lefeuvre 
Hi,

I just noticed that jetty8 is almost never marked as affected by issues
in jetty and jetty9. Is it intentional that jetty8 isn't listed whereas
jetty and jetty9 are ?

For example:
 - CVE-2018-12538: there is no obvious reason why jetty8 wouldn't be
   listed if jetty and jetty9 are.
 - CVE-2018-12536: there is no way to tell jetty8 isn't affected without
   doing some code analysis / at least trying to reproduce, and even so
   it would be better to list jetty8 and mark it not-affected.

... and many others. The number of issues "affecting" jetty8 is a lot
smaller than jetty/jetty9.

Regards,
 Hugo

-- 
 Hugo Lefeuvre (hle)|www.owl.eu.com
4096/ 9C4F C8BF A4B0 8FC5 48EB 56B8 1962 765B B9A8 BACA


signature.asc
Description: PGP signature