nipper and libnipper became comercial over ten years ago and have not been
updated ever since; HOMEPAGE doesn't even mention them any longer.
Pointed out by Marcus MERIGHI <mcmer-openbsd at tor dot at>, thanks!
OK sthen jca
- [CVE-2020-3327](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3327):
Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.2 that
could cause a Denial-of-Service (DoS) condition. Improper bounds checking of
an unsigned variable results in an out-of-bounds read which causes a crash.
Special thanks to Daehui Chang and Fady Othman for helping identify the ARJ
parsing vulnerability.
- [CVE-2020-3341](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3341):
Fix a vulnerability in the PDF parsing module in ClamAV 0.101 - 0.102.2 that
could cause a Denial-of-Service (DoS) condition. Improper size checking of
a buffer used to initialize AES decryption routines results in an out-of-
bounds read which may cause a crash. Bug found by OSS-Fuzz.
- Fix "Attempt to allocate 0 bytes" error when parsing some PDF documents.
- Fix a couple of minor memory leaks.
- Updated libclamunrar to UnRAR 5.9.2.
uacme is a lightweight client for the RFC8555 ACMEv2 protocol used with
certificate authorities to validate and issue X509 certificates. It is
written in plain C with minimal dependencies (libcurl and one of GnuTLS,
OpenSSL or mbedTLS) and can handle all authentication types via external
hooks (examples for http-01, dns-01 via nsupdate, and tls-alpn-01).
Changelog: https://github.com/hashicorp/vault/blob/master/CHANGELOG.md
Port changes:
* Vault config moved to /etc/vault/vault.hcl
* Added default config with internal Raft storage
* Add patch for signing SSH keys using rsa-sha2-256 algorithm
* Add locations for vault db/plugins/logs
* Use logger for Vault server logging to /var/log/vault/vault.log
* Add pkg README
ok ajacoutot@
Browser integration only works with Chromium-based browsers
and/or Firefox, build it only on archs that support either of
these two to avoid wasting bulk time.
"fine for me" rsadowski@ (maintainer), OK kmos@
Remvoing the default "-O2" is pointless since our CFLAGS are always
honored and passed after the default, hence overriding them.
Comment all other patches while here.
Fix side channel in ECC code that allowed an adversary with access to
precise enough timing and memory access information to fully recover an
ECDSA private key (CVE-2020-10932).
- add `-fheinous-gnu-extensions' as seen on some other archs
- add a patch to remove the `-Wa,-mppc' flag, because clang's
integrated assembler was unhappy with it. Proposed by jca@,
instead of using `-no-integrated-as'.
OK jca@ (maintainer)
Detection succeeds on sparc64 where clang uses gas, but then build fails
because of a mix of -Wa,foobar unused argument warning and -Werror.
Just drop the use of --noexecstack, the stack is always marked
non-executable on OpenBSD.
ok sthen@ (maintainer)
Significant changes since 1.6.0:
* A new -u option instructs spiped to run as a different uid/gid.
* RDRAND x86 CPU extensions (if available) are used as an additional source
of entropy. (Note that they are only used as a *supplemental* source, and
if the operating system provides strong entropy then it doesn't matter if
RDRAND works.)
* SHA x86 CPU extensions (if available) are used to speed up computations.
Few CPUs support these yet.
* spipe now prints a warning if it cannot connect to the target host.
