build fails on big-endian systems - there's support for generating "fuzzy
hash subsignatures" used to detect "images known to be used in phishing
campaigns or otherwise used when distributing malware" - openexr support
in the library used for this is currently little-endian only, so I've
patched to disable openexr in this.
diff from maintainer George Rosamond, thanks!
Upstream doesn't seem to provide a changelog: looking at the diff the
changes are '-' used as word separator by default now, the usage of
eff_short_wordlist_1.txt by default instead of eff_large_wordlist.txt
and the addition of -l/--large to select the eff large wordlist.
Unofficial Bitwarden compatible server written in Rust and compatible
with upstream Bitwarden clients.
Full implementation of Bitwarden API is provided including:
- Organizations support
- Attachments
- Vault API support
- Serving the static files for Vault interface
- Website icons API
- Authenticator and U2F support
- YubiKey and Duo support
CVE-2022-20803: Fixed a possible double-free vulnerability in the OLE2 file parser.
Issue affects versions 0.104.0 through 0.104.2.
CVE-2022-20770: Fixed a possible infinite loop vulnerability in the CHM file parser.
Issue affects versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions.
CVE-2022-20796: Fixed a possible NULL-pointer dereference crash in the scan verdict cache check.
Issue affects versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2.
CVE-2022-20771: Fixed a possible infinite loop vulnerability in the TIFF file parser.
Issue affects versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions.
CVE-2022-20785: Fixed a possible memory leak in the HTML file parser / Javascript normalizer.
Issue affects versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions.
CVE-2022-20792: Fixed a possible multi-byte heap buffer overflow write vulnerability in the
signature database load module.
Issue affects versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions.
ChangeLog: https://dev.gnupg.org/T5928
Tests & ok bket@ gnezdo@
Since the question came up: we're staying on the 2.2 LTS branch as long
as there is no adamant reason to switch to the public testing 2.3
release, and as long as 2.4 hasn't been published. For more information
about the release scheme please refer to the gnupg-2.3.0 announcement:
https://lists.gnupg.org/pipermail/gnupg-announce/2021q2/000458.html