Neo (or New or Not) Simple (or Small or Suckless) X Image Viewer.
nsxiv is a fork of now unmaintained sxiv with the purpose of being a drop-in
replacement of sxiv, maintaining it and adding simple, sensible features.
nsxiv is free software licensed under GPLv2 and aims to be easy to modify
and customize.
This is a bug-fix release, addressing CVE-2022-1328: a buffer overread in
the uuencoded decoder routine.
Also fixed were a possible integer overflow issue in the general iconv and
rfc2047-conversion iconv functions. These are not believed to be
exploitable.
This minor release includes three security fixes following the security policy:
- encoding/pem: fix stack overflow in Decode
A large (more than 5 MB) PEM input can cause a stack overflow in Decode,
leading the program to crash.
Thanks to Juho Nurminen of Mattermost who reported the error.
This is CVE-2022-24675 and https://go.dev/issue/51853.
- crypto/elliptic: tolerate all oversized scalars in generic P-256
A crafted scalar input longer than 32 bytes can cause P256().ScalarMult or
P256().ScalarBaseMult to panic. Indirect uses through crypto/ecdsa and
crypto/tls are unaffected. amd64, arm64, ppc64le, and s390x are unaffected.
This was discovered thanks to a Project Wycheproof test vector.
This is CVE-2022-28327 and https://go.dev/issue/52075.
- crypto/x509: non-compliant certificates can cause a panic in Verify on macOS in Go 1.18
Verifying certificate chains containing certificates which are not compliant
with RFC 5280 causes Certificate.Verify to panic on macOS.
These chains can be delivered through TLS and can cause a crypto/tls or
net/http client to crash.
Thanks to Tailscale for doing weird things and finding this.
This is CVE-2022-27536 and https://go.dev/issue/51759.
This minor release includes three security fixes following the security policy:
- encoding/pem: fix stack overflow in Decode
A large (more than 5 MB) PEM input can cause a stack overflow in Decode,
leading the program to crash.
Thanks to Juho Nurminen of Mattermost who reported the error.
This is CVE-2022-24675 and https://go.dev/issue/51853.
- crypto/elliptic: tolerate all oversized scalars in generic P-256
A crafted scalar input longer than 32 bytes can cause P256().ScalarMult or
P256().ScalarBaseMult to panic. Indirect uses through crypto/ecdsa and
crypto/tls are unaffected. amd64, arm64, ppc64le, and s390x are unaffected.
This was discovered thanks to a Project Wycheproof test vector.
This is CVE-2022-28327 and https://go.dev/issue/52075.
- crypto/x509: non-compliant certificates can cause a panic in Verify on macOS in Go 1.18
Verifying certificate chains containing certificates which are not compliant
with RFC 5280 causes Certificate.Verify to panic on macOS.
These chains can be delivered through TLS and can cause a crypto/tls or
net/http client to crash.
Thanks to Tailscale for doing weird things and finding this.
This is CVE-2022-27536 and https://go.dev/issue/51759.
This involves a bit of a kludge to deal with how GCC from pkgsrc ends
up linking. This is obviously not ideal, and is part of a broader
topic that needs revisiting.
Changes since 0.4.0:
- support for compilation modes (as provided by DeforaOS configure)
- updates to the helper scripts from DeforaOS configure
- re-generating the Makefiles before building
This also makes use of a new helper for DeforaOS configure, found in
devel/deforaos-configure/deforaos-configure.mk.
This makes use of a new helper for DeforaOS configure, found in
devel/deforaos-configure/deforaos-configure.mk.
Bumps PKGREVISION for DeforaOS libSystem update.
This makes use of a new helper for DeforaOS configure, found in
devel/deforaos-configure/deforaos-configure.mk.
Bumps PKGREVISION for DeforaOS libSystem update.
Added support for EdDSA keys.
Added support for SSH ed25519-sk keys.
Added authenticator filtering based on user verification options.
Fixed an issue with privilege restoration on MacOS.
Fixed an issue where credentials created with pamu2fcfg 1.0.8 or earlier
were not handled correctly if their origin and appid differed.
Miscellaneous improvements to the documentation.
Miscellaneous minor bug fixes found by fuzzing.
Changes since 0.4.1:
- add support for vendors in packages
- general improvements to the helper scripts
- hierarchical installation path for helper scripts
- new tool, configure-update(1), to refresh helper scripts
- improved rules to compile assembly code
- support different compilation modes (eg debug, release...)
- fix build with DeforaOS libSystem 0.4.3
- add support for Go targets
- fix building libraries with libtool (with --tags)
libcpuid provides CPU identification for the x86 (and x86_64). For
details about the programming API, you might want to take a look at
the project's website on sourceforge
(http://libcpuid.sourceforge.net/). There you'd find a short tutorial,
as well as the full API reference.
Noteworthy changes:
- New VCL timestamp variables have been added
- Some deprecated parameters and command-line options removed
- Regex literals can now be concatenated strings
- New STRING strftime(TIME time, STRING format) function for UTC formatting
4121 Fix RENAME TO/SET SCHEMA on distributed hypertable
4122 Fix segfault on INSERT into distributed hypertable
4142 Ignore invalid relid when deleting hypertable
4159 Fix ADD COLUMN IF NOT EXISTS error on compressed hypertable
4161 Fix memory handling during scans
4176 Fix remote EXPLAIN with parameterized queries
4181 Fix spelling errors and omissions
4186 Fix owner change for distributed hypertable
4192 Abort sessions after extension reload
4193 Fix relcache callback handling causing crashes
4199 Remove signal-unsafe calls from signal handlers
4219 Do not modify aggregation state in finalize
Changes since 0.4.2:
- API changes (version bump for libSystem.so)
- no longer build the tests by default
- bug fixes
- use XML to build documentation with Gtk-Doc
Changes specific to pkgsrc:
- use libtool to build libSystem.so
The latter should fix the build on macOS.
