Release 1.18.0:
Added support for GSSAPI ECDH and Edwards DH key exchange algorithms.
Fixed gssapi-with-mic authentication to work with GSS key exchanges, in cases where gssapi-keyex is not supported.
Made connect_ssh and connect_reverse_ssh methods into async context managers, simplifying the syntax needed to use them to create tunneled SSH connections.
Fixed a couple of issues with known hosts matching on tunneled SSH connections.
Improved flexibility of key/certificate parser automatic format detection to properly recognize PEM even when other arbitrary text is present at the beginning of the file. With this change, the parser can also now handle mixing of multiple key formats in a single file.
Added support for OpenSSL “TRUSTED” PEM certificates. For now, no enforcement is done of the additional trust restrictions, but such certificates can be loaded and used by AsyncSSH without converting them back to regular PEM format.
Fixed some additional SFTP and SCP issues related to parsing of Windows paths with drive letters and paths with multiple colons.
Made AsyncSSH tolerant of a client which sends multiple service requests for the “ssh-userauth” service. This is needed by the Paramiko client when it tries more than one form of authentication on a connection.
doas is a port of OpenBSD's doas which runs on FreeBSD, Linux and
NetBSD.
The doas utility is a program originally written for OpenBSD which
allows a user to run a command as though they were another
user. Typically doas is used to allow non-privleged users to run
commands as though they were the root user. The doas program acts as
an alternative to sudo, which is a popular method in the Linux
community for granting admin access to specific users.
The doas program offers two benefits over sudo: its configuration file
has a simple syntax and it is smaller, requiring less effort to audit
the code. This makes it harder for both admins and coders to make
mistakes that potentially open security holes in the system.
0.37.2:
Stop disabling TLS session tickets in Nginx as it caused TLS failures on some systems.
0.37.1:
Fixed
Stop disabling TLS session tickets in Apache as it caused TLS failures on some systems.
0.37.0:
Added
Turn off session tickets for apache plugin by default
acme: Authz deactivation added to acme module.
Changed
Follow updated Mozilla recommendations for Nginx ssl_protocols, ssl_ciphers, and ssl_prefer_server_ciphers
Fixed
Fix certbot-auto failures on RHEL 8.
Some of the upstream changes since 0.4.0 :
* OpenSSL binary path is now configurable
* Support for ACME v02
* Challenge validation loop has been modified to loop over authorization identifiers instead of altnames (ACMEv2 + wildcard support)
* Use new ACME v2 endpoint by default
* Initial support for tls-alpn-01 validation
* OCSP refresh interval is now configurable
Full changelog available here :
https://github.com/lukas2511/dehydrated/blob/v0.6.5/CHANGELOG
Despite the changelog, the meson files are not included in
the distribution, so keep using autoconf for this release.
0.18.8
* Add support for g_autoptr() to our types [!11]
* Remove deprecated g_type_class_add_private() [!14]
* Bump GLib dependency (2.44+)
* Add meson build support [!9]
* Fix vapi generation [!15, ...]
* Build fixes [!12, !13]
* Updated translations
Minisign is a dead simple tool to sign files and verify signatures.
It is portable, lightweight, and uses the highly secure Ed25519 public-key
signature system.
OK kamil@
X - Certificate and Key management
This application is intended for creating and managing X.509
certificates, certificate requests, RSA, DSA and EC private keys,
Smartcards and CRLs. Everything that is needed for a CA is
implemented. All CAs can sign sub-CAs recursively. These certificate
chains are shown clearly. For an easy company-wide use there are
customiseable templates that can be used for certificate or request
generation.
All cryptographic data is stored in a SQL database. SQLite, MySQL
(MariaDB) and PostgreSQL databases are supported.
3.1.0:
OAuth2.0 Provider - Features
OIDC add support of nonce, c_hash, at_hash fields
New RequestValidator.fill_id_token method
Deprecated RequestValidator.get_id_token method
OIDC add UserInfo endpoint
New RequestValidator.get_userinfo_claims method
OAuth2.0 Provider - Security
Enhance data leak to logs
New default to not expose request content in logs
New function oauthlib.set_debug(True)
Disabling query parameters for POST requests
OAuth2.0 Provider - Bugfixes
Fix validate_authorization_request to return the new PKCE fields
Fix token_type to be case-insensitive (bearer and Bearer)
OAuth2.0 Client - Bugfixes
Fix Authorization Code's errors processing
BackendApplication.Client.prepare_request_body use the "scope" argument as intended.
Fix edge case when expires_in=Null
OAuth1.0 Client
Add case-insensitive headers to oauth1 BaseEndpoint
Implementation of elliptic curve cryptography using the Montgomery
and Edwards curves Curve25519, Ed25519, Ed448-Goldilocks and
Curve448, using the Decaf / Ristretto encoding.
v1.6.1:
Features
* Windows support, with wheels!
* GSSAPI extension rfc4178 (set_neg_mechs) support
* Expose mechanisms in the high-level API
* Test suite improvements
Documentation
* Add documentation for common cred store values
* Documentation typo fixes
Bindings to OpenSSL libssl and libcrypto, plus custom SSH key parsers.
Supports RSA, DSA and EC curves P-256, P-384, P-521, and curve25519.
Cryptographic signatures can either be created and verified manually
or via x509 certificates. AES can be used in cbc, ctr or gcm mode for
symmetric encryption; RSA for asymmetric (public key) encryption or EC
for Diffie Hellman. High-level envelope functions combine RSA and AES
for encrypting arbitrary sized data. Other utilities include key
generators, hash functions (md5, sha1, sha256, etc), base64 encoder, a
secure random number generator, and 'bignum' math methods for manually
performing crypto calculations on large multibyte integers.
Cross-platform utilities for prompting the user for credentials or a
passphrase, for example to authenticate with a server or read a
protected key. Includes native programs for MacOS and Windows, hence
no 'tcltk' is required. Password entry can be invoked in two different
ways: directly from R via the askpass() function, or indirectly as
password-entry back-end for 'ssh-agent' or 'git-credential' via the
SSH_ASKPASS and GIT_ASKPASS environment variables. Thereby the user
can be prompted for credentials or a passphrase if needed when R calls
out to git or ssh.
The canonical form [1] of an R package Makefile includes the
following:
- The first stanza includes R_PKGNAME, R_PKGVER, PKGREVISION (as
needed), and CATEGORIES.
- HOMEPAGE is not present but defined in math/R/Makefile.extension to
refer to the CRAN web page describing the package. Other relevant
web pages are often linked from there via the URL field.
This updates all current R packages to this form, which will make
regular updates _much_ easier, especially using pkgtools/R2pkg.
[1] http://mail-index.netbsd.org/tech-pkg/2019/08/02/msg021711.html
Remove rar support to workaround PR pkg/54420
This release includes 3 extra security related bug fixes that do not
apply to prior versions. In addition, it includes a number of minor bug
fixes and improvements.
* Fixes for the following vulnerabilities affecting 0.101.1 and
prior:
+ CVE-2019-1787: An out-of-bounds heap read condition may occur
when scanning PDF documents. The defect is a failure to
correctly keep track of the number of bytes remaining in a
buffer when indexing file data.
+ CVE-2019-1789: An out-of-bounds heap read condition may occur
when scanning PE files (i.e. Windows EXE and DLL files) that
have been packed using Aspack as a result of inadequate
bound-checking.
+ CVE-2019-1788: An out-of-bounds heap write condition may occur
when scanning OLE2 files such as Microsoft Office 97-2003
documents. The invalid write happens when an invalid pointer
is mistakenly used to initialize a 32bit integer to zero. This
is likely to crash the application.
* Fixes for the following ClamAV vulnerabilities:
+ CVE-2018-15378: Vulnerability in ClamAV's MEW unpacking
feature that could allow an unauthenticated, remote attacker
to cause a denial of service (DoS) condition on an affected
device. Reported by Secunia Research at Flexera.
+ Fix for a 2-byte buffer over-read bug in ClamAV's PDF parsing
code. Reported by Alex Gaynor.
* Fixes for the following vulnerabilities in bundled third-party
libraries:
+ CVE-2018-14680: An issue was discovered in mspack/chmd.c in
libmspack before 0.7alpha. It does not reject blank CHM
filenames.
+ CVE-2018-14681: An issue was discovered in kwajd_read_headers
in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file
header extensions could cause a one or two byte overwrite.
+ CVE-2018-14682: An issue was discovered in mspack/chmd.c in
libmspack before 0.7alpha. There is an off-by-one error in the
TOLOWER() macro for CHM decompression.
+ Additionally, 0.100.2 reverted 0.100.1's patch for
CVE-2018-14679, and applied libmspack's version of the fix in
its place.
* Fixes for the following CVE's:
+ CVE-2017-16932: Vulnerability in libxml2 dependency (affects
ClamAV on Windows only).
+ CVE-2018-0360: HWP integer overflow, infinite loop
vulnerability. Reported by Secunia Research at Flexera.
+ CVE-2018-0361: ClamAV PDF object length check, unreasonably
long time to parse relatively small file. Reported by aCaB.
For the full release notes, see:
https://github.com/Cisco-Talos/clamav-devel/blob/clamav-0.101.2/NEWS.md
Release 1.17.1:
Improved construction of file paths in SFTP to better handle native Windows source paths containing backslashes or drive letters.
Improved SFTP parallel I/O for large reads and file copies to better handle the case where a read returns less data than what was requested when not at the end of the file, allowing AsyncSSH to get back the right result even if the requested block size is larger than the SFTP server can handle.
Fixed an issue where the requested SFTP block_size wasn’t used in the get, copy, mget, and mcopy functions if it was larger than the default size of 16 KB.
Fixed a problem where the list of client keys provided in an SSHClientConnectionOptions object wasn’t always preserved properly across the opening of multiple SSH connections.
Changed SSH agent client code to avoid printing a warning on Windows when unable to connect to the SSH agent using the default path. A warning will be printed if the agent_path or SSH_AUTH_SOCK is explicitly set, but AsyncSSH will remain quiet if no agent path is set and no SSH agent is running.
Made AsyncSSH tolerant of unexpected authentication success/failure messages sent after authentication completes. AsyncSSH previously treated this as a protocol error and dropped the connection, while most other SSH implementations ignored these messages and allowed the connection to continue.
Made AsyncSSH tolerant of SFTP status responses which are missing error message and language tag fields, improving interoperability with servers that omit these fields. When missing, AsyncSSH treats these fields as if they were set to empty strings.
Revision 0.2.6:
- Added RFC3560 providing RSAES-OAEP Key Transport Algorithm
in CMS
- Added RFC6019 providing BinaryTime - an alternate format
for representing Date and Time
- RFC3565 superseded by RFC5649
- Added RFC5480 providng Elliptic Curve Cryptography Subject
Public Key Information
- Added RFC8520 providing X.509 Extensions for MUD URL and
MUD Signer
- Added RFC3161 providing Time-Stamp Protocol support
- Added RFC3709 providing Logotypes in X.509 Certificates
- Added RFC3274 providing CMS Compressed Data Content Type
- Added RFC4073 providing Multiple Contents protection with CMS
- Added RFC2634 providing Enhanced Security Services for S/MIME
- Added RFC5915 providing Elliptic Curve Private Key
- Added RFC5940 providing CMS Revocation Information Choices
- Added RFC7296 providing IKEv2 Certificate Bundle
- Added RFC8619 providing HKDF Algorithm Identifiers
- Added RFC7191 providing CMS Key Package Receipt and Error Content
Types
- Added openType support for ORAddress Extension Attributes and
Algorithm Identifiers in the RFC5280 module
- Added RFC5035 providing Update to Enhanced Security Services for
S/MIME
- Added openType support for CMS Content Types and CMS Attributes
in the RFC5652 module
- Added openType support to RFC 2986 by importing definitions from
the RFC 5280 module so that the same maps are used.
- Added maps for use with openType to RFC 2634, RFC 3274, RFC 3709,
RFC 3779, RFC 4055, RFC 4073, RFC 4108, RFC 5035, RFC 5083, RFC 5480,
RFC 5940, RFC 5958, RFC 6010, RFC 6019, RFC 6402, RFC 7191, RFC 8226,
and RFC 8520
- Changed `ValueSizeConstraint` erroneously applied to `SequenceOf`
and `SetOf` objects via `subtypeConstraint` attribute to be applied
via `sizeSpec` attribute. Although `sizeSpec` takes the same constraint
objects as `subtypeConstraint`, the former is only verified on
de/serialization i.e. when the [constructed] object at hand is fully
populated, while the latter is applied to [scalar] types at the moment
of instantiation.
Revision 0.4.6:
- Added previously missing SET OF ANY construct encoding/decoding support.
- Added omitEmptyOptionals option which is respected by Sequence
and Set encoders. When omitEmptyOptionals is set to True, empty
initialized optional components are not encoded. Default is False.
- New elements to SequenceOf/SetOf objects can now be added at any
position - the requirement for the new elements to reside at the end
of the existing ones (i.e. s[len(s)] = 123) is removed.
- List-like slicing support added to SequenceOf/SetOf objects.
- Removed default initializer from SequenceOf/SetOf types to ensure
consistent behaviour with the rest of ASN.1 types. Before this change,
SequenceOf/SetOf instances immediately become value objects behaving
like an empty list. With this change, SequenceOf/SetOf objects
remain schema objects unless a component is added or .clear() is
called.
This change can potentially cause incompatibilities with existing
pyasn1 objects which assume SequenceOf/SetOf instances are value
objects right upon instantiation.
The behaviour of Sequence/Set types depends on the componentType
initializer: if on componentType is given, the behaviour is the
same as SequenceOf/SetOf have. IF componentType is given, but
neither optional nor defaulted components are present, the created
instance remains schema object, If, however, either optional or
defaulted component isi present, the created instance immediately
becomes a value object.
- Added .reset() method to all constructed types to turn value object
into a schema object.
- Added PyAsn1UnicodeDecodeError/PyAsn1UnicodeDecodeError exceptions
to help the caller treating unicode errors happening internally
to pyasn1 at the upper layers.
- Added support for subseconds CER/DER encoding edge cases in
GeneralizedTime codec.
- Fixed 3-digit fractional seconds value CER/DER encoding of
GeneralizedTime.
- Fixed AnyDecoder to accept possible TagMap as asn1Spec
to make dumping raw value operational
Changes:
* Support TLS-alpn mode.
* Support Post-As-Get
* Support Buypass.com CA
* Support 12 more dns api.
* Bug fixes.
* Use letsencrypt v2 api as default.
* Use dns over tls to check domain status.
* Support Windows native taskschuler for cronjob.
* fix IDN name issues.
* fix other issues.
Changelog:
This is a SECURITY UPDATE, fixing vulnerabilities in the obsolete SSH-1
protocol. It also includes many bug fixes over 0.71. We recommend that
everybody update.
Vulnerabilities fixed in this release include:
- A malicious SSH-1 server could trigger a buffer overrun by sending
extremely short RSA keys, or certain bad packet length fields.
Either of these could happen before host key verification, so even
if you trust the server you *intended* to connect to, you would
still be at risk.
(However, the SSH-1 protocol is obsolete, and recent versions of
PuTTY do not try it by default, so you are only at risk if you work
with old servers and have explicitly configured SSH-1.)
- If a malicious process found a way to impersonate Pageant, then it
could cause an integer overflow in any of the SSH client tools
(PuTTY, Plink, PSCP, PSFTP) which accessed the malicious Pageant.
Other security-related bug fixes include:
- The 'trust sigil' system introduced in PuTTY 0.71 to protect
against server spoofing attacks had multiple bugs. Trust sigils
were not turned off after login in the SSH-1 and Rlogin protocols,
and not turned back on if you used the Restart Session command.
Both are now fixed.
Other bug fixes include:
- Kerberos key exchange could crash at the start of an SSH session
in the presence of a third-party Windows provider such as
MIT Kerberos for Windows, and could also crash if the server sent
an ordinary SSH host key as part of the Kerberos exchange.
- In SSH-2 keyboard-interactive authentication, one of the message
fields sent by the server (namely the 'instructions' message) was
accidentally never displayed to the user.
- When using SSH-2 connection sharing, pasting text into a downstream
PuTTY window that included a line longer than 16Kb could cause that
window's connection to be closed.
- When using PSCP in old-fashioned SCP mode, downloading files
specified by a wildcard could cause a newline character to be
appended to the downloaded file names. Also, using the -p option to
preserve file times failed with a spurious error message.
- On Windows, the numeric keypad key that should generate '.' or ','
depending on keyboard layout was always generating '.'.
- RSA keys generated by PuTTYgen could be 1 bit shorter than
requested. (Harmless, but a regression in 0.71 compared to 0.70.)
8.5.4:
All platforms
Update Firefox to 60.8.0esr
Update Torbutton to 2.1.12
Bug 30577: Add Fundraising Banner
Bug 31041: Stop syncing network.cookie.lifetimePolicy
Translations update
Update HTTPS Everywhere to 2019.6.27
Bug 31055+31058: Remove four default bridges
Bug 30712: Backport fix for Mozilla's bug 1552993
Bug 30849: Backport fixes for Mozilla's bug 1552627 and 1549833
Windows + OS X + Linux
Update Tor to 0.4.0.5
Update OpenSSL to 1.0.2s
Bug 29045: Ensure that tor does not start up in dormant mode
OS X
Bug 30631: Blurry Tor Browser icon on macOS app switcher
8.5.3:
All platforms
Pick up fix for Mozilla's bug 1560192
8.5.2:
All platforms
Pick up fix for Mozilla's bug 1544386
Update NoScript to 10.6.3
Bug 29904: NoScript blocks MP4 on higher security levels
Bug 30624+29043+29647: Prevent XSS protection from freezing the browser
8.5.1:
All platforms
Update Torbutton to 2.1.10
Bug 30565: Sync nocertdb with privatebrowsing.autostart at startup
Bug 30464: Add WebGL to safer descriptions
Translations update
Update NoScript to 10.6.2
Bug 29969: Remove workaround for Mozilla's bug 1532530
Update HTTPS Everywhere to 2019.5.13
Bug 30541: Disable WebGL readPixel() for web content
Windows + OS X + Linux
Bug 30560: Better match actual toolbar in onboarding toolbar graphic
Bug 30571: Correct more information URL for security settings
Android
Bug 30635: Sync mobile default bridges list with desktop one
Build System
All platforms
Bug 30480: Check that signed tag contains expected tag name
- apparently the Let's Encrypt test server is rejecting example.com emails
- added official python 3.7 support in setup.py
- fixed#226, start using POST-as-GET for GET requests
- fixed additional POST-as-GET
- addresses #205, a situation where polling may hang indefinitely
- Also accept critical SAN extensions.
- fixed#222, we shouldn't delete the challenge files on errors, but we
should clean them up on success
pkgsrc changes:
- Remove PYTHON_VERSIONS_INCOMPATIBLE, Python 3.x is now supported too
- Take MAINTAINERship
Changes:
- Upstream doesn't provide changelog (and CHANGELOG file just reference to
commit messages). According skimming of commit messages mostly bugfixes and
improvements.
NEWS for the Nettle 3.5.1 release
The Nettle-3.5.1 corrects a packaging mistake in Nettle-3.5.
The new directory x86_64/sha_ni were missing in the tar file,
breaking x86_64 builds with --enable-fat, and producing worse
performance than promised for builds with --enable-x86-sha-ni.
Also a few unused in-progress assembly files were accidentally
included in the tar file.
These problems are corrected in Nettle-3.5.1. There are no
other changes, and also the library version numbers are
unchanged.
NEWS for the Nettle 3.5 release
This release adds a couple of new features and optimizations,
and deletes or deprecates a few obsolete features. It is *not*
binary (ABI) compatible with earlier versions. Except for
deprecations listed below, it is intended to be fully
source-level (API) compatible with Nettle-3.4.1.
The shared library names are libnettle.so.7.0 and
libhogweed.so.5.0, with sonames libnettle.so.7 and
libhogweed.so.5.
Changes in behavior:
* Nettle's gcm_crypt will now call the underlying block cipher
to process more than one block at a time. This is not a
change to the documented behavior, but unfortunately breaks
assumptions accidentally made in GnuTLS, up to and including
version 3.6.1.
New features:
* Support for CFB8 (Cipher Feedback Mode, processing a single
octet per block cipher operation), contributed by Dmitry
Eremin-Solenikov.
* Support for CMAC (RFC 4493), contributed by Nikos
Mavrogiannopoulos.
* Support for XTS mode, contributed by Simo Sorce.
Optimizations:
* Improved performance of the x86_64 AES implementation using
the aesni instructions. Gives a large speedup for operations
processing multiple blocks at a time (including CTR mode,
GCM mode, and CBC decrypt, but *not* CBC encrypt).
* Improved performance for CTR mode, for the common case of
16-byte block size. Pass more data at a time to underlying
block cipher, and fill the counter blocks more efficiently.
Extension to also handle GCM mode efficiently contributed
by Nikos Mavrogiannopoulos.
* New x86_64 implementation of sha1 and sha256, for processors
supporting the sha_ni instructions. Speedup of 3-5 times on
affected processors.
* Improved parameters for the precomputation of tables used
for ecc signatures. Roughly 10%-15% speedup of the ecdsa
sign operation using the secp_256r1, secp_384r1 and
secp_521r1 curves, and 25% speedup of ed25519 sign
operation, benchmarked on x86_64. Table sizes unchanged,
around 16 KB per curve.
* In ARM fat builds, automatically select Neon implementation
of Chacha, where possible. Contributed by Yuriy M.
Kaminskiy.
Deleted features:
* The header file des-compat.h and everything declared therein
has been deleted, as announced earlier. This file provided a
subset of the old libdes/ssleay/openssl interface for DES
and triple-DES. DES is still supported, via the functions
declared in des.h.
* Functions using the old struct aes_ctx have been marked as
deprecated. Use the fixed key size interface instead, e.g.,
struct aes256_ctx, introduced in Nettle-3.0.
* The header file nettle-stdint.h, and corresponding autoconf
tests, have been deleted. Nettle now requires that the
compiler/libc provides <stdint.h>.
Miscellaneous:
* Support for big-endian ARM systems, contributed by Michael
Weiser.
* The programs aesdata, desdata, twofishdata, shadata and
gcmdata are no longer built by default. Makefile
improvements contributed by Jay Foad.
* The "example" program examples/eratosthenes.c has been
deleted.
* The contents of hash context structs, and the deprecated
aes_ctx struct, have been reorganized, to enable later
optimizations.
The shared library names are libnettle.so.7.0 and
libhogweed.so.5.0.
* Change MASTER_SITES to https://
Changelog:
Version 5.55, 2019.06.10, urgency: HIGH
* Security bugfixes
- Fixed a Windows local privilege escalation vulnerability
caused insecure OpenSSL cross-compilation defaults.
Successful exploitation requires stunnel to be deployed
as a Windows service, and user-writable C:\ folder. This
vulnerability was discovered and reported by Rich Mirch.
- OpenSSL DLLs updated to version 1.1.1c.
* Bugfixes
- Implemented a workaround for Windows hangs caused by its
inability to the monitor the same socket descriptor from
multiple threads.
- Windows configuration (including cryptographic keys)
is now completely removed at uninstall.
- A number of testing framework fixes and improvements.
Version 5.54, 2019.05.15, urgency: LOW
* New features
- New "ticketKeySecret" and "ticketMacSecret" options
to control confidentiality and integrity protection
of the issued session tickets. These options allow
for session resumption on other nodes in a cluster.
- Added logging the list of active connections on
SIGUSR2 or with Windows GUI.
- Logging of the assigned bind address instead of the
requested bind address.
* Bugfixes
- Service threads are terminated before OpenSSL cleanup
to prevent occasional stunnel crashes at shutdown.
Version 5.53, 2019.04.10, urgency: HIGH
* New features
- Android binary updated to support Android 4.x.
* Bugfixes
- Fixed data transfer stalls introduced in stunnel 5.51.
Version 5.52, 2019.04.08, urgency: HIGH
* Bugfixes
- Fixed a transfer() loop bug introduced in stunnel 5.51.
0.36.0:
Added
-----
Turn off session tickets for nginx plugin by default
Added missing error types from RFC8555 to acme
Changed
-------
Support for Ubuntu 14.04 Trusty has been removed.
Update the 'manage your account' help to be more generic.
The error message when Certbot's Apache plugin is unable to modify your Apache configuration has been improved.
Certbot's config_changes subcommand has been deprecated and will be removed in a future release.
certbot config_changes no longer accepts a --num parameter.
The functions certbot.plugins.common.Installer.view_config_changes and certbot.reverter.Reverter.view_config_changes have been deprecated and will be removed in a future release.
Fixed
-----
Replace some unnecessary platform-specific line separation.
The libtool-ification caused plugins to have a "lib" prefix, causing a mismatch
with what the code was trying to dlopen(), and failures. Bump PKGREVISION.
