Fixes:
* CVE-2019-6472 affects the Kea DHCPv6 server, which can exit
with an assertion failure if the DHCPv6 server process receives
a request containing DUID value which is too large.
(https://kb.isc.org/docs/cve-2019-6474)
* CVE-2019-6473 affects the Kea DHCPv4 server, which can exit with
an assertion failure if it receives a packed containing a malformed
option. (https://kb.isc.org/docs/cve-2019-6473)
* CVE-2019-6474 can cause a condition where the server cannot be
restarted without manual operator intervention to correct a problem
that can be deliberately introduced into the stored leases.
CVE-2019-6474 can only affect servers which are using memfile
for lease storage. (https://kb.isc.org/docs/cve-2019-6474)
Annoucement: https://www.openwall.com/lists/oss-security/2019/08/29/1
Python2 is only needed for `libglade-convert`[1] which is a simple
script that converts old glade files into new glade files and for tests
and docs which we currently don't generate.
As Python2 is about to get EOLed and this is mostly a tool to migrate
old data, it shouldn't be built by default. With this change,
`xscreensaver` and `xsecurelock` don't depend on Python2 anymore.
[1] https://manpages.ubuntu.com/manpages/trusty/man1/libglade-convert.1.html
Changelog: https://github.com/nicolargo/glances/blob/v3.1.2/NEWS.rst#version-312
Note/TODO: Theoretically the IP test should work(?) now:
> Bugs corrected:
> - Error with IP Plugin : object has no attribute bug #1528
> - ip plugin empty interface bug #1509
but the test is still failing inside the Nix build sandbox.
The `keys.target` is used to indicate whether all NixOps keys were
successfully uploaded on an unattended reboot. However this can cause
startup issues e.g. with NixOS containers (see #67265) and can block
boots even though this might not be needed (e.g. with a dovecot2
instance running that doesn't need any of the NixOps keys).
As described in the NixOps manual[1], dependencies to keys should be
defined like this now:
``` nix
{
systemd.services.myservice = {
after = [ "secret-key.service" ];
wants = [ "secret-key.service" ];
};
}
```
However I'd leave the issue open until it's discussed whether or not to
keep `keys.target` in `nixpkgs`.
[1] https://nixos.org/nixops/manual/#idm140737322342384
