BSD Commit Log Search

   x11/dunst: Update to 1.13.2

   From Maintainer Timo Myyra, thanks

   Don't pick up sqlcipher.

   reported by naddy@

   update to offlineimap-8.0.3

   update to offlineimap-8.0.3

   geo/gpxsee: update to 16.8

   www/Makefile: +librewolf

   Initial revision

   Return immediately if the list is empty in mode_tree_key instead of
   crashing, from Bryce Miller in GitHub issue 5170.

   Update keycloak 26.6.2 -> 26.6.3
   Changelogs: https://github.com/keycloak/keycloak/releases
   Release notes: https://www.keycloak.org/docs/latest/release_notes/index.html
   Upgrading guide: https://www.keycloak.org/docs/26.6.3/upgrading

   update to p5-DateTime-Format-Natural-1.27

   Update vault 2.0.0 -> 2.0.2
   Changelogs: https://github.com/hashicorp/vault/releases

   update to p5-DBI-1.648

   update to p5-DBI-1.648 (various fixes including a couple of small
   security related issues), ok afresh1@

   MFC update to redis-6.2.22

   update to libmagic-5.48

   when no constraints are configured, do not wait for constraint replies
   openntpd-portable commit 2760aa0, bcook@

   update to zigbee2mqtt-2.11.0

   when creating a peer out of a pool spec ("servers" in cfg), copy
   "trusted" just like weight and everything else
   openntpd-portable commit fd6d7d0 by bcook@

   Update because printconf missed a hypen.

   -       announce as4byte yes
   +       announce as-4byte yes

   announce as-4byte uses a hyphen in the name. Fix printconf to output the
   statement correctly.

   update to py3-test-asyncio-1.4.0

   update p5-Cpanel-JSON-XS to 4.42

   Save the rpkiNotify URI itself in the repository's RRDP state file

   Providing this mapping makes introspection & comparison of RRDP states
   across different instances easier.

   OK tb@

   Add a point at infinity check to ecdh_compute_key()

   While we already check that the peer's public point is on the curve and
   will reject the point at infinity when getting the affine coordinates,
   doing this earlier avoids doing work with the private key in a clearly
   invalid case.

   Suggested by Lucca Hirschi et al.

   [An EC_KEY_check_key() call was also suggested but this is a bit expensive
   and punishes callers that do that or equivalent already (e.g. ssh)]

   ok jsing kenjiro

   tlsext: add XXX to consider refusing anything but uncompressed point format

   ok jsing kenjiro

   The ssl_kex regress now passes.

   ssl_kex: ensure the public key uses uncompressed encoding

   EC_POINT_oct2point() does most of the validation we need it to do, but it
   has to accept the point at infinity, compressed and hybrid encodings for
   historic reasons. So exclude these cases: the point at infinity makes no
   sense here and will be caught later in ECDH_compute_key(), the compressed
   and hybrid encodings MUST NOT be supported per RFC 8422 section 5.1.2.

   This is implemented using the strategy already used in ec_convert.c since
   the point_conversion_form_t is completely unfit for anything.

   Set decode_error to ensure we send that alert. We may make some effort to
   use illegal_parameter later.

   Issue about the missing alert and the point at infinity raised by Lucca
   Hirschi et al.

   ok jsing kenjiro

   Adjust ssl_kex test for signature change in ssl_kex_peer_public_ecdhe_ecp()

   Add a decode_error argument to ssl_kex_peer_public_ecdhe_ecp()

   ok jsing kenjiro

   sysutils/trash-d: update to 21

   ok volker@