From 3ed4126a31406124ae8042fc3d4c0bf963d6961e Mon Sep 17 00:00:00 2001
From: William Hubbs <w.d.hubbs@gmail.com>
Date: Fri, 20 Nov 2020 10:00:34 -0600
Subject: [PATCH] update news for 0.43 with info on checkpath fix

---
 NEWS.md | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/NEWS.md b/NEWS.md
index 4dafc150..3c2153ec 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -4,6 +4,16 @@ OpenRC NEWS
 This file will contain a list of notable changes for each release. Note
 the information in this file is in reverse order.
 
+## OpenRC 0.43
+
+This version changes the behavior of the checkpath helper to address
+CVE-2018-21269. on Linux systems, We require  non-terminal symbolic links
+to be owned by root. Since we can't do this on non-linux xystems, we do
+not dereference non-terminal symbolic links by default. If you need them
+dereferenced, you should add the "-s" switch to the appropriate
+checkpath calls.
+For more information, see http://github.com/openrc/openrc/issues/201.
+
 ## OpenRC 0.42
 
 openrc-shutdown now has the ability to shut down sysvinit-based systems.