Log Message:
Update audit-packages to 1.18.

Changes from previous version:

+ rely on an embedded sha1 digest to tell whether the vulnerabilities
  file has been damaged in transit or received successfully, rather than
  trusting that the file will not grow smaller

+ use the new filename "pkg-vulnerabilities"

+ use definitions from defs.${OPSYS}.mk in the download-vulnerability-list
  script

+ at installation time, don't rely on "ln -sf" to DTRT - explicitly call
  "rm -f" before attempting the symbolc link

With thanks to seb@ for testing.