Noteworthy changes in version 1.8.5 (2019-08-29) [C22/A2/R5]
------------------------------------------------
* Bug fixes:
- Add mitigation against an ECDSA timing attack.
[#4626,CVE-2019-13627]
- Improve ECDSA unblinding.
* Other features:
- Provide a pkg-config file for libgcrypt.
Release-info: https://dev.gnupg.org/T4683
19.1.0
* macOS Keyring now honors a ``KEYCHAIN_PATH``
environment variable. If set, Keyring will use that
keychain instead of the default.
19.0.2
* Refresh package skeleton.
* Adopt `black <https://pypi.org/project/black>`_ code style.
19.0.1
* Merge with 18.0.1.
18.0.1
* ExceptionInfo no longer retains a reference to the
traceback.
3.9.0:
New features
* Add support for loading PEM files encrypted with AES256-CBC.
* Add support for XChaCha20 and XChaCha20-Poly1305 ciphers.
* Add support for bcrypt key derivation function (`Crypto.Protocol.KDF.bcrypt`).
* Add support for left multiplication of an EC point by a scalar.
* Add support for importing ECC and RSA keys in the new OpenSSH format.
Resolved issues
* it was not possible to invert an EC point anymore.
* fix printing of DSA keys.
* `DSA.generate()` was not always using the `randfunc` input.
* the MD2 hash had block size of 64 bytes instead of 16; as result the HMAC construction gave incorrect results.
Revision 0.4.7:
- Added `isInconsistent` property to all constructed types. This property
conceptually replaces `verifySizeSpec` method to serve a more general
purpose e.g. ensuring all required fields are in a good shape. By default
this check invokes subtype constraints verification and is run by codecs
on value de/serialisation.
- Deprecate `subtypeSpec` attributes and keyword argument. It is now
recommended to pass `ValueSizeConstraint`, as well as all other constraints,
to `subtypeSpec`.
- Fixed a design bug in a way of how the items assigned to constructed
types are verified. Now if `Asn1Type`-based object is assigned, its
compatibility is verified based on having all tags and constraint
objects as the type in field definition. When a bare Python value is
assigned, then field type object is cloned and initialized with the
bare value (constraints verificaton would run at this moment).
- Added `WithComponentsConstraint` along with related
`ComponentPresentConstraint` and `ComponentAbsentConstraint` classes
to be used with `Sequence`/`Set` types representing
`SET ... WITH COMPONENTS ...` like ASN.1 constructs.
Pkgsrc changes:
* Adapt patch to enforcer/utils/Makefile.in
Upstream changes:
* OPENDNSSEC-888: Fixup database conversion script.
* OPENDNSSEC-752: Incorrect calculated number of KSKs needed when KSK and ZSK
have exactly the same paramaters.
* OPENDNSSEC-890: Bogus signatures upon wrong zone input when TTLs for
same rrset are mismatching.
Release 1.18.0:
Added support for GSSAPI ECDH and Edwards DH key exchange algorithms.
Fixed gssapi-with-mic authentication to work with GSS key exchanges, in cases where gssapi-keyex is not supported.
Made connect_ssh and connect_reverse_ssh methods into async context managers, simplifying the syntax needed to use them to create tunneled SSH connections.
Fixed a couple of issues with known hosts matching on tunneled SSH connections.
Improved flexibility of key/certificate parser automatic format detection to properly recognize PEM even when other arbitrary text is present at the beginning of the file. With this change, the parser can also now handle mixing of multiple key formats in a single file.
Added support for OpenSSL “TRUSTED” PEM certificates. For now, no enforcement is done of the additional trust restrictions, but such certificates can be loaded and used by AsyncSSH without converting them back to regular PEM format.
Fixed some additional SFTP and SCP issues related to parsing of Windows paths with drive letters and paths with multiple colons.
Made AsyncSSH tolerant of a client which sends multiple service requests for the “ssh-userauth” service. This is needed by the Paramiko client when it tries more than one form of authentication on a connection.
doas is a port of OpenBSD's doas which runs on FreeBSD, Linux and
NetBSD.
The doas utility is a program originally written for OpenBSD which
allows a user to run a command as though they were another
user. Typically doas is used to allow non-privleged users to run
commands as though they were the root user. The doas program acts as
an alternative to sudo, which is a popular method in the Linux
community for granting admin access to specific users.
The doas program offers two benefits over sudo: its configuration file
has a simple syntax and it is smaller, requiring less effort to audit
the code. This makes it harder for both admins and coders to make
mistakes that potentially open security holes in the system.
0.37.2:
Stop disabling TLS session tickets in Nginx as it caused TLS failures on some systems.
0.37.1:
Fixed
Stop disabling TLS session tickets in Apache as it caused TLS failures on some systems.
0.37.0:
Added
Turn off session tickets for apache plugin by default
acme: Authz deactivation added to acme module.
Changed
Follow updated Mozilla recommendations for Nginx ssl_protocols, ssl_ciphers, and ssl_prefer_server_ciphers
Fixed
Fix certbot-auto failures on RHEL 8.
Some of the upstream changes since 0.4.0 :
* OpenSSL binary path is now configurable
* Support for ACME v02
* Challenge validation loop has been modified to loop over authorization identifiers instead of altnames (ACMEv2 + wildcard support)
* Use new ACME v2 endpoint by default
* Initial support for tls-alpn-01 validation
* OCSP refresh interval is now configurable
Full changelog available here :
https://github.com/lukas2511/dehydrated/blob/v0.6.5/CHANGELOG
Despite the changelog, the meson files are not included in
the distribution, so keep using autoconf for this release.
0.18.8
* Add support for g_autoptr() to our types [!11]
* Remove deprecated g_type_class_add_private() [!14]
* Bump GLib dependency (2.44+)
* Add meson build support [!9]
* Fix vapi generation [!15, ...]
* Build fixes [!12, !13]
* Updated translations
Minisign is a dead simple tool to sign files and verify signatures.
It is portable, lightweight, and uses the highly secure Ed25519 public-key
signature system.
OK kamil@
X - Certificate and Key management
This application is intended for creating and managing X.509
certificates, certificate requests, RSA, DSA and EC private keys,
Smartcards and CRLs. Everything that is needed for a CA is
implemented. All CAs can sign sub-CAs recursively. These certificate
chains are shown clearly. For an easy company-wide use there are
customiseable templates that can be used for certificate or request
generation.
All cryptographic data is stored in a SQL database. SQLite, MySQL
(MariaDB) and PostgreSQL databases are supported.
3.1.0:
OAuth2.0 Provider - Features
OIDC add support of nonce, c_hash, at_hash fields
New RequestValidator.fill_id_token method
Deprecated RequestValidator.get_id_token method
OIDC add UserInfo endpoint
New RequestValidator.get_userinfo_claims method
OAuth2.0 Provider - Security
Enhance data leak to logs
New default to not expose request content in logs
New function oauthlib.set_debug(True)
Disabling query parameters for POST requests
OAuth2.0 Provider - Bugfixes
Fix validate_authorization_request to return the new PKCE fields
Fix token_type to be case-insensitive (bearer and Bearer)
OAuth2.0 Client - Bugfixes
Fix Authorization Code's errors processing
BackendApplication.Client.prepare_request_body use the "scope" argument as intended.
Fix edge case when expires_in=Null
OAuth1.0 Client
Add case-insensitive headers to oauth1 BaseEndpoint
Implementation of elliptic curve cryptography using the Montgomery
and Edwards curves Curve25519, Ed25519, Ed448-Goldilocks and
Curve448, using the Decaf / Ristretto encoding.
v1.6.1:
Features
* Windows support, with wheels!
* GSSAPI extension rfc4178 (set_neg_mechs) support
* Expose mechanisms in the high-level API
* Test suite improvements
Documentation
* Add documentation for common cred store values
* Documentation typo fixes
Bindings to OpenSSL libssl and libcrypto, plus custom SSH key parsers.
Supports RSA, DSA and EC curves P-256, P-384, P-521, and curve25519.
Cryptographic signatures can either be created and verified manually
or via x509 certificates. AES can be used in cbc, ctr or gcm mode for
symmetric encryption; RSA for asymmetric (public key) encryption or EC
for Diffie Hellman. High-level envelope functions combine RSA and AES
for encrypting arbitrary sized data. Other utilities include key
generators, hash functions (md5, sha1, sha256, etc), base64 encoder, a
secure random number generator, and 'bignum' math methods for manually
performing crypto calculations on large multibyte integers.
Cross-platform utilities for prompting the user for credentials or a
passphrase, for example to authenticate with a server or read a
protected key. Includes native programs for MacOS and Windows, hence
no 'tcltk' is required. Password entry can be invoked in two different
ways: directly from R via the askpass() function, or indirectly as
password-entry back-end for 'ssh-agent' or 'git-credential' via the
SSH_ASKPASS and GIT_ASKPASS environment variables. Thereby the user
can be prompted for credentials or a passphrase if needed when R calls
out to git or ssh.
The canonical form [1] of an R package Makefile includes the
following:
- The first stanza includes R_PKGNAME, R_PKGVER, PKGREVISION (as
needed), and CATEGORIES.
- HOMEPAGE is not present but defined in math/R/Makefile.extension to
refer to the CRAN web page describing the package. Other relevant
web pages are often linked from there via the URL field.
This updates all current R packages to this form, which will make
regular updates _much_ easier, especially using pkgtools/R2pkg.
[1] http://mail-index.netbsd.org/tech-pkg/2019/08/02/msg021711.html
Remove rar support to workaround PR pkg/54420
This release includes 3 extra security related bug fixes that do not
apply to prior versions. In addition, it includes a number of minor bug
fixes and improvements.
* Fixes for the following vulnerabilities affecting 0.101.1 and
prior:
+ CVE-2019-1787: An out-of-bounds heap read condition may occur
when scanning PDF documents. The defect is a failure to
correctly keep track of the number of bytes remaining in a
buffer when indexing file data.
+ CVE-2019-1789: An out-of-bounds heap read condition may occur
when scanning PE files (i.e. Windows EXE and DLL files) that
have been packed using Aspack as a result of inadequate
bound-checking.
+ CVE-2019-1788: An out-of-bounds heap write condition may occur
when scanning OLE2 files such as Microsoft Office 97-2003
documents. The invalid write happens when an invalid pointer
is mistakenly used to initialize a 32bit integer to zero. This
is likely to crash the application.
* Fixes for the following ClamAV vulnerabilities:
+ CVE-2018-15378: Vulnerability in ClamAV's MEW unpacking
feature that could allow an unauthenticated, remote attacker
to cause a denial of service (DoS) condition on an affected
device. Reported by Secunia Research at Flexera.
+ Fix for a 2-byte buffer over-read bug in ClamAV's PDF parsing
code. Reported by Alex Gaynor.
* Fixes for the following vulnerabilities in bundled third-party
libraries:
+ CVE-2018-14680: An issue was discovered in mspack/chmd.c in
libmspack before 0.7alpha. It does not reject blank CHM
filenames.
+ CVE-2018-14681: An issue was discovered in kwajd_read_headers
in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file
header extensions could cause a one or two byte overwrite.
+ CVE-2018-14682: An issue was discovered in mspack/chmd.c in
libmspack before 0.7alpha. There is an off-by-one error in the
TOLOWER() macro for CHM decompression.
+ Additionally, 0.100.2 reverted 0.100.1's patch for
CVE-2018-14679, and applied libmspack's version of the fix in
its place.
* Fixes for the following CVE's:
+ CVE-2017-16932: Vulnerability in libxml2 dependency (affects
ClamAV on Windows only).
+ CVE-2018-0360: HWP integer overflow, infinite loop
vulnerability. Reported by Secunia Research at Flexera.
+ CVE-2018-0361: ClamAV PDF object length check, unreasonably
long time to parse relatively small file. Reported by aCaB.
For the full release notes, see:
https://github.com/Cisco-Talos/clamav-devel/blob/clamav-0.101.2/NEWS.md
Release 1.17.1:
Improved construction of file paths in SFTP to better handle native Windows source paths containing backslashes or drive letters.
Improved SFTP parallel I/O for large reads and file copies to better handle the case where a read returns less data than what was requested when not at the end of the file, allowing AsyncSSH to get back the right result even if the requested block size is larger than the SFTP server can handle.
Fixed an issue where the requested SFTP block_size wasn’t used in the get, copy, mget, and mcopy functions if it was larger than the default size of 16 KB.
Fixed a problem where the list of client keys provided in an SSHClientConnectionOptions object wasn’t always preserved properly across the opening of multiple SSH connections.
Changed SSH agent client code to avoid printing a warning on Windows when unable to connect to the SSH agent using the default path. A warning will be printed if the agent_path or SSH_AUTH_SOCK is explicitly set, but AsyncSSH will remain quiet if no agent path is set and no SSH agent is running.
Made AsyncSSH tolerant of unexpected authentication success/failure messages sent after authentication completes. AsyncSSH previously treated this as a protocol error and dropped the connection, while most other SSH implementations ignored these messages and allowed the connection to continue.
Made AsyncSSH tolerant of SFTP status responses which are missing error message and language tag fields, improving interoperability with servers that omit these fields. When missing, AsyncSSH treats these fields as if they were set to empty strings.
Revision 0.2.6:
- Added RFC3560 providing RSAES-OAEP Key Transport Algorithm
in CMS
- Added RFC6019 providing BinaryTime - an alternate format
for representing Date and Time
- RFC3565 superseded by RFC5649
- Added RFC5480 providng Elliptic Curve Cryptography Subject
Public Key Information
- Added RFC8520 providing X.509 Extensions for MUD URL and
MUD Signer
- Added RFC3161 providing Time-Stamp Protocol support
- Added RFC3709 providing Logotypes in X.509 Certificates
- Added RFC3274 providing CMS Compressed Data Content Type
- Added RFC4073 providing Multiple Contents protection with CMS
- Added RFC2634 providing Enhanced Security Services for S/MIME
- Added RFC5915 providing Elliptic Curve Private Key
- Added RFC5940 providing CMS Revocation Information Choices
- Added RFC7296 providing IKEv2 Certificate Bundle
- Added RFC8619 providing HKDF Algorithm Identifiers
- Added RFC7191 providing CMS Key Package Receipt and Error Content
Types
- Added openType support for ORAddress Extension Attributes and
Algorithm Identifiers in the RFC5280 module
- Added RFC5035 providing Update to Enhanced Security Services for
S/MIME
- Added openType support for CMS Content Types and CMS Attributes
in the RFC5652 module
- Added openType support to RFC 2986 by importing definitions from
the RFC 5280 module so that the same maps are used.
- Added maps for use with openType to RFC 2634, RFC 3274, RFC 3709,
RFC 3779, RFC 4055, RFC 4073, RFC 4108, RFC 5035, RFC 5083, RFC 5480,
RFC 5940, RFC 5958, RFC 6010, RFC 6019, RFC 6402, RFC 7191, RFC 8226,
and RFC 8520
- Changed `ValueSizeConstraint` erroneously applied to `SequenceOf`
and `SetOf` objects via `subtypeConstraint` attribute to be applied
via `sizeSpec` attribute. Although `sizeSpec` takes the same constraint
objects as `subtypeConstraint`, the former is only verified on
de/serialization i.e. when the [constructed] object at hand is fully
populated, while the latter is applied to [scalar] types at the moment
of instantiation.
Revision 0.4.6:
- Added previously missing SET OF ANY construct encoding/decoding support.
- Added omitEmptyOptionals option which is respected by Sequence
and Set encoders. When omitEmptyOptionals is set to True, empty
initialized optional components are not encoded. Default is False.
- New elements to SequenceOf/SetOf objects can now be added at any
position - the requirement for the new elements to reside at the end
of the existing ones (i.e. s[len(s)] = 123) is removed.
- List-like slicing support added to SequenceOf/SetOf objects.
- Removed default initializer from SequenceOf/SetOf types to ensure
consistent behaviour with the rest of ASN.1 types. Before this change,
SequenceOf/SetOf instances immediately become value objects behaving
like an empty list. With this change, SequenceOf/SetOf objects
remain schema objects unless a component is added or .clear() is
called.
This change can potentially cause incompatibilities with existing
pyasn1 objects which assume SequenceOf/SetOf instances are value
objects right upon instantiation.
The behaviour of Sequence/Set types depends on the componentType
initializer: if on componentType is given, the behaviour is the
same as SequenceOf/SetOf have. IF componentType is given, but
neither optional nor defaulted components are present, the created
instance remains schema object, If, however, either optional or
defaulted component isi present, the created instance immediately
becomes a value object.
- Added .reset() method to all constructed types to turn value object
into a schema object.
- Added PyAsn1UnicodeDecodeError/PyAsn1UnicodeDecodeError exceptions
to help the caller treating unicode errors happening internally
to pyasn1 at the upper layers.
- Added support for subseconds CER/DER encoding edge cases in
GeneralizedTime codec.
- Fixed 3-digit fractional seconds value CER/DER encoding of
GeneralizedTime.
- Fixed AnyDecoder to accept possible TagMap as asn1Spec
to make dumping raw value operational
Changes:
* Support TLS-alpn mode.
* Support Post-As-Get
* Support Buypass.com CA
* Support 12 more dns api.
* Bug fixes.
* Use letsencrypt v2 api as default.
* Use dns over tls to check domain status.
* Support Windows native taskschuler for cronjob.
* fix IDN name issues.
* fix other issues.
Changelog:
This is a SECURITY UPDATE, fixing vulnerabilities in the obsolete SSH-1
protocol. It also includes many bug fixes over 0.71. We recommend that
everybody update.
Vulnerabilities fixed in this release include:
- A malicious SSH-1 server could trigger a buffer overrun by sending
extremely short RSA keys, or certain bad packet length fields.
Either of these could happen before host key verification, so even
if you trust the server you *intended* to connect to, you would
still be at risk.
(However, the SSH-1 protocol is obsolete, and recent versions of
PuTTY do not try it by default, so you are only at risk if you work
with old servers and have explicitly configured SSH-1.)
- If a malicious process found a way to impersonate Pageant, then it
could cause an integer overflow in any of the SSH client tools
(PuTTY, Plink, PSCP, PSFTP) which accessed the malicious Pageant.
Other security-related bug fixes include:
- The 'trust sigil' system introduced in PuTTY 0.71 to protect
against server spoofing attacks had multiple bugs. Trust sigils
were not turned off after login in the SSH-1 and Rlogin protocols,
and not turned back on if you used the Restart Session command.
Both are now fixed.
Other bug fixes include:
- Kerberos key exchange could crash at the start of an SSH session
in the presence of a third-party Windows provider such as
MIT Kerberos for Windows, and could also crash if the server sent
an ordinary SSH host key as part of the Kerberos exchange.
- In SSH-2 keyboard-interactive authentication, one of the message
fields sent by the server (namely the 'instructions' message) was
accidentally never displayed to the user.
- When using SSH-2 connection sharing, pasting text into a downstream
PuTTY window that included a line longer than 16Kb could cause that
window's connection to be closed.
- When using PSCP in old-fashioned SCP mode, downloading files
specified by a wildcard could cause a newline character to be
appended to the downloaded file names. Also, using the -p option to
preserve file times failed with a spurious error message.
- On Windows, the numeric keypad key that should generate '.' or ','
depending on keyboard layout was always generating '.'.
- RSA keys generated by PuTTYgen could be 1 bit shorter than
requested. (Harmless, but a regression in 0.71 compared to 0.70.)
8.5.4:
All platforms
Update Firefox to 60.8.0esr
Update Torbutton to 2.1.12
Bug 30577: Add Fundraising Banner
Bug 31041: Stop syncing network.cookie.lifetimePolicy
Translations update
Update HTTPS Everywhere to 2019.6.27
Bug 31055+31058: Remove four default bridges
Bug 30712: Backport fix for Mozilla's bug 1552993
Bug 30849: Backport fixes for Mozilla's bug 1552627 and 1549833
Windows + OS X + Linux
Update Tor to 0.4.0.5
Update OpenSSL to 1.0.2s
Bug 29045: Ensure that tor does not start up in dormant mode
OS X
Bug 30631: Blurry Tor Browser icon on macOS app switcher
8.5.3:
All platforms
Pick up fix for Mozilla's bug 1560192
8.5.2:
All platforms
Pick up fix for Mozilla's bug 1544386
Update NoScript to 10.6.3
Bug 29904: NoScript blocks MP4 on higher security levels
Bug 30624+29043+29647: Prevent XSS protection from freezing the browser
8.5.1:
All platforms
Update Torbutton to 2.1.10
Bug 30565: Sync nocertdb with privatebrowsing.autostart at startup
Bug 30464: Add WebGL to safer descriptions
Translations update
Update NoScript to 10.6.2
Bug 29969: Remove workaround for Mozilla's bug 1532530
Update HTTPS Everywhere to 2019.5.13
Bug 30541: Disable WebGL readPixel() for web content
Windows + OS X + Linux
Bug 30560: Better match actual toolbar in onboarding toolbar graphic
Bug 30571: Correct more information URL for security settings
Android
Bug 30635: Sync mobile default bridges list with desktop one
Build System
All platforms
Bug 30480: Check that signed tag contains expected tag name
- apparently the Let's Encrypt test server is rejecting example.com emails
- added official python 3.7 support in setup.py
- fixed#226, start using POST-as-GET for GET requests
- fixed additional POST-as-GET
- addresses #205, a situation where polling may hang indefinitely
- Also accept critical SAN extensions.
- fixed#222, we shouldn't delete the challenge files on errors, but we
should clean them up on success
pkgsrc changes:
- Remove PYTHON_VERSIONS_INCOMPATIBLE, Python 3.x is now supported too
- Take MAINTAINERship
Changes:
- Upstream doesn't provide changelog (and CHANGELOG file just reference to
commit messages). According skimming of commit messages mostly bugfixes and
improvements.
NEWS for the Nettle 3.5.1 release
The Nettle-3.5.1 corrects a packaging mistake in Nettle-3.5.
The new directory x86_64/sha_ni were missing in the tar file,
breaking x86_64 builds with --enable-fat, and producing worse
performance than promised for builds with --enable-x86-sha-ni.
Also a few unused in-progress assembly files were accidentally
included in the tar file.
These problems are corrected in Nettle-3.5.1. There are no
other changes, and also the library version numbers are
unchanged.
NEWS for the Nettle 3.5 release
This release adds a couple of new features and optimizations,
and deletes or deprecates a few obsolete features. It is *not*
binary (ABI) compatible with earlier versions. Except for
deprecations listed below, it is intended to be fully
source-level (API) compatible with Nettle-3.4.1.
The shared library names are libnettle.so.7.0 and
libhogweed.so.5.0, with sonames libnettle.so.7 and
libhogweed.so.5.
Changes in behavior:
* Nettle's gcm_crypt will now call the underlying block cipher
to process more than one block at a time. This is not a
change to the documented behavior, but unfortunately breaks
assumptions accidentally made in GnuTLS, up to and including
version 3.6.1.
New features:
* Support for CFB8 (Cipher Feedback Mode, processing a single
octet per block cipher operation), contributed by Dmitry
Eremin-Solenikov.
* Support for CMAC (RFC 4493), contributed by Nikos
Mavrogiannopoulos.
* Support for XTS mode, contributed by Simo Sorce.
Optimizations:
* Improved performance of the x86_64 AES implementation using
the aesni instructions. Gives a large speedup for operations
processing multiple blocks at a time (including CTR mode,
GCM mode, and CBC decrypt, but *not* CBC encrypt).
* Improved performance for CTR mode, for the common case of
16-byte block size. Pass more data at a time to underlying
block cipher, and fill the counter blocks more efficiently.
Extension to also handle GCM mode efficiently contributed
by Nikos Mavrogiannopoulos.
* New x86_64 implementation of sha1 and sha256, for processors
supporting the sha_ni instructions. Speedup of 3-5 times on
affected processors.
* Improved parameters for the precomputation of tables used
for ecc signatures. Roughly 10%-15% speedup of the ecdsa
sign operation using the secp_256r1, secp_384r1 and
secp_521r1 curves, and 25% speedup of ed25519 sign
operation, benchmarked on x86_64. Table sizes unchanged,
around 16 KB per curve.
* In ARM fat builds, automatically select Neon implementation
of Chacha, where possible. Contributed by Yuriy M.
Kaminskiy.
Deleted features:
* The header file des-compat.h and everything declared therein
has been deleted, as announced earlier. This file provided a
subset of the old libdes/ssleay/openssl interface for DES
and triple-DES. DES is still supported, via the functions
declared in des.h.
* Functions using the old struct aes_ctx have been marked as
deprecated. Use the fixed key size interface instead, e.g.,
struct aes256_ctx, introduced in Nettle-3.0.
* The header file nettle-stdint.h, and corresponding autoconf
tests, have been deleted. Nettle now requires that the
compiler/libc provides <stdint.h>.
Miscellaneous:
* Support for big-endian ARM systems, contributed by Michael
Weiser.
* The programs aesdata, desdata, twofishdata, shadata and
gcmdata are no longer built by default. Makefile
improvements contributed by Jay Foad.
* The "example" program examples/eratosthenes.c has been
deleted.
* The contents of hash context structs, and the deprecated
aes_ctx struct, have been reorganized, to enable later
optimizations.
The shared library names are libnettle.so.7.0 and
libhogweed.so.5.0.
* Change MASTER_SITES to https://
Changelog:
Version 5.55, 2019.06.10, urgency: HIGH
* Security bugfixes
- Fixed a Windows local privilege escalation vulnerability
caused insecure OpenSSL cross-compilation defaults.
Successful exploitation requires stunnel to be deployed
as a Windows service, and user-writable C:\ folder. This
vulnerability was discovered and reported by Rich Mirch.
- OpenSSL DLLs updated to version 1.1.1c.
* Bugfixes
- Implemented a workaround for Windows hangs caused by its
inability to the monitor the same socket descriptor from
multiple threads.
- Windows configuration (including cryptographic keys)
is now completely removed at uninstall.
- A number of testing framework fixes and improvements.
Version 5.54, 2019.05.15, urgency: LOW
* New features
- New "ticketKeySecret" and "ticketMacSecret" options
to control confidentiality and integrity protection
of the issued session tickets. These options allow
for session resumption on other nodes in a cluster.
- Added logging the list of active connections on
SIGUSR2 or with Windows GUI.
- Logging of the assigned bind address instead of the
requested bind address.
* Bugfixes
- Service threads are terminated before OpenSSL cleanup
to prevent occasional stunnel crashes at shutdown.
Version 5.53, 2019.04.10, urgency: HIGH
* New features
- Android binary updated to support Android 4.x.
* Bugfixes
- Fixed data transfer stalls introduced in stunnel 5.51.
Version 5.52, 2019.04.08, urgency: HIGH
* Bugfixes
- Fixed a transfer() loop bug introduced in stunnel 5.51.
0.36.0:
Added
-----
Turn off session tickets for nginx plugin by default
Added missing error types from RFC8555 to acme
Changed
-------
Support for Ubuntu 14.04 Trusty has been removed.
Update the 'manage your account' help to be more generic.
The error message when Certbot's Apache plugin is unable to modify your Apache configuration has been improved.
Certbot's config_changes subcommand has been deprecated and will be removed in a future release.
certbot config_changes no longer accepts a --num parameter.
The functions certbot.plugins.common.Installer.view_config_changes and certbot.reverter.Reverter.view_config_changes have been deprecated and will be removed in a future release.
Fixed
-----
Replace some unnecessary platform-specific line separation.
The libtool-ification caused plugins to have a "lib" prefix, causing a mismatch
with what the code was trying to dlopen(), and failures. Bump PKGREVISION.
Changes
=======
* Version 3.6.8 (released 2019-05-28)
** libgnutls: Added gnutls_prf_early() function to retrieve early keying
material (#329)
** libgnutls: Added support for AES-XTS cipher (#354)
** libgnutls: Fix calculation of Streebog digests (incorrect carry operation in
512 bit addition)
** libgnutls: During Diffie-Hellman operations in TLS, verify that the peer's
public key is on the right subgroup (y^q=1 mod p), when q is available (under
TLS 1.3 and under earlier versions when RFC7919 parameters are used).
** libgnutls: the gnutls_srp_set_server_credentials_function can now be used
with the 8192 parameters as well (#995).
** libgnutls: Fixed bug preventing the use of gnutls_pubkey_verify_data2() and
gnutls_pubkey_verify_hash2() with the GNUTLS_VERIFY_DISABLE_CA_SIGN flag (#754)
** libgnutls: The priority string option %ALLOW_SMALL_RECORDS was added to allow
clients to communicate with the server advertising smaller limits than 512
** libgnutls: Apply STD3 ASCII rules in gnutls_idna_map() to prevent
hostname/domain crafting via IDNA conversion (#720)
** certtool: allow the digital signature key usage flag in CA certificates.
Previously certtool would ignore this flag for CA certificates even if
specified (#767)
** gnutls-cli/serv: added the --keymatexport and --keymatexportsize options.
These allow testing the RFC5705 using these tools.
** API and ABI modifications:
gnutls_prf_early: Added
gnutls_record_set_max_recv_size: Added
gnutls_dh_params_import_raw3: Added
gnutls_ffdhe_2048_group_q: Added
gnutls_ffdhe_3072_group_q: Added
gnutls_ffdhe_4096_group_q: Added
gnutls_ffdhe_6144_group_q: Added
gnutls_ffdhe_8192_group_q: Added
Noteworthy changes in version 2.2.17:
* gpg: Ignore all key-signatures received from keyservers. This
change is required to mitigate a DoS due to keys flooded with
faked key-signatures. The old behaviour can be achieved by adding
keyserver-options no-self-sigs-only,no-import-clean
to your gpg.conf.
* gpg: If an imported keyblocks is too large to be stored in the
keybox (pubring.kbx) do not error out but fallback to an import
using the options "self-sigs-only,import-clean".
* gpg: New command --locate-external-key which can be used to
refresh keys from the Web Key Directory or via other methods
configured with --auto-key-locate.
* gpg: New import option "self-sigs-only".
* gpg: In --auto-key-retrieve prefer WKD over keyservers.
* dirmngr: Support the "openpgpkey" subdomain feature from
draft-koch-openpgp-webkey-service-07.
* dirmngr: Add an exception for the "openpgpkey" subdomain to the
CSRF protection.
* dirmngr: Fix endless loop due to http errors 503 and 504.
* dirmngr: Fix TLS bug during redirection of HKP requests.
* gpgconf: Fix a race condition when killing components.
July 1st, 2018
v1.18.2
-- Fix Side Channel Based ECDSA Key Extraction (CVE-2018-12437) (PR #408)
-- Fix potential stack overflow when DER flexi-decoding (CVE-2018-0739) (PR #373)
-- Fix two-key 3DES (PR #390)
-- Fix accelerated CTR mode (PR #359)
-- Fix Fortuna PRNG (PR #363)
-- Fix compilation on platforms where cc doesn't point to gcc (PR #382)
-- Fix using the wrong environment variable LT instead of LIBTOOL (PR #392)
-- Fix build on platforms where the compiler provides __WCHAR_MAX__ but wchar.h is not available (PR #390)
-- Fix & re-factor crypt_list_all_sizes() and crypt_list_all_constants() (PR #414)
-- Minor fixes (PR's #350#351#375#377#378#379)
January 22nd, 2018
v1.18.1
-- Fix wrong SHA3 blocksizes, thanks to Claus Fischer for reporting this via Mail (PR #329)
-- Fix NULL-pointer dereference in `ccm_memory()` with LTC_CLEAN_STACK enabled (PR #327)
-- Fix `ccm_process()` being unable to process input buffers longer than 256 bytes (PR #326)
-- Fix the `register_all_{ciphers,hashes,prngs}()` return values (PR #316)
-- Fix some typos, warnings and duplicate prototypes in code & doc (PR's #310#320#321#335)
-- Fix possible undefined behavior with LTC_PTHREAD (PR #337)
-- Fix some DER bugs (PR #339)
-- Fix CTR-mode when accelerator is used (OP-TEE/optee_os #2086)
-- Fix installation procedure (Issue #340)
October 10th, 2017
v1.18.0
-- Bugfix multi2
-- Bugfix Noekeon
-- Bugfix XTEA
-- Bugfix rng_get_bytes() on windows where we could read from c:\dev\random
-- Fixed the Bleichbacher Signature attack in PKCS#1 v1.5 EMSA, thanks to Alex Dent
-- Fixed a potential cache-based timing attack in CCM, thanks to Sebastian Verschoor
-- Fix GCM counter reuse and potential timing attacks in EAX, OCB and OCBv3,
thanks to Raphaël Jamet
-- Implement hardened RSA operations when CRT is used
-- Enabled timing resistant calculations of ECC and RSA operations per default
-- Applied some patches from the OLPC project regarding PKCS#1 and preventing
the hash algorithms from overflowing
-- Larry Bugbee contributed the necessary stuff to more easily call libtomcrypt
from a dynamic language like Python, as shown in his pyTomCrypt
-- Nikos Mavrogiannopoulos contributed RSA blinding and export of RSA and DSA keys
in OpenSSL/GnuTLS compatible format
-- Patrick Pelletier contributed a smart volley of patches
-- Christopher Brown contributed some patches and additions to ASN.1/DER
-- Pascal Brand of STMicroelectronics contributed patches regarding CCM, the
XTS mode and RSA private key operations with keys without CRT parameters
-- RC2 now also works with smaller key-sizes
-- Improved/extended several tests & demos
-- Hardened DSA and RSA by testing (through Karel's perl-CryptX)
against Google's "Wycheproof" and Kudelski Security's "CDF"
-- Fixed all compiler warnings
-- Fixed several build issues on FreeBSD, NetBSD, Linux x32 ABI, HP-UX/IA64,
Mac OS X, Windows (32&64bit, Cygwin, MingW & MSVC) ...
-- Re-worked all makefiles
-- Re-worked most PRNG's
-- The code is now verified by a linter, thanks to Francois Perrad
-- Documentation (crypt.pdf) is now built deterministically, thanks to Michael Stapelberg
-- Add Adler32 and CRC32 checksum algorithms
-- Add Base64-URL de-/encoding and some strict variants
-- Add Blake2b & Blake2s (hash & mac), thanks to Kelvin Sherlock
-- Add Camellia block cipher
-- Add ChaCha (stream cipher), Poly1305 (mac), ChaCha20Poly1305 (encauth)
-- Add constant-time mem-compare mem_neq()
-- Add DER GeneralizedTime de-/encoding
-- Add DSA and ECC key generation FIPS-186-4 compliance
-- Add HKDF, thanks to RyanC (especially for also providing documentation :-) )
-- Add OCBv3
-- Add PKCS#1 v1.5 mode of SSL3.0
-- Add PKCS#1 testvectors from RSA
-- Add PKCS#8 & X.509 import for RSA keys
-- Add stream cipher API
-- Add SHA3 & SHAKE
-- Add SHA512/256 and SHA512/224
-- Add Triple-DES 2-key mode, thanks to Paul Howarth
-- Brought back Diffie-Hellman
Changes:
- adds ECDSA keys and host key support when using OpenSSL
- adds ED25519 key and host key support when using OpenSSL 1.1.1
- adds OpenSSH style key file reading
- adds AES CTR mode support when using WinCNG
- adds PEM passphrase protected file support for Libgcrypt and WinCNG
- adds SHA256 hostkey fingerprint
- adds libssh2_agent_get_identity_path() and libssh2_agent_set_identity_path()
- adds explicit zeroing of sensitive data in memory
- adds additional bounds checks to network buffer reads
- adds the ability to use the server default permissions when creating sftp directories
- adds support for building with OpenSSL no engine flag
- adds support for building with LibreSSL
- increased sftp packet size to 256k
- fixed oversized packet handling in sftp
- fixed building with OpenSSL 1.1
- fixed a possible crash if sftp stat gets an unexpected response
- fixed incorrect parsing of the KEX preference string value
- fixed conditional RSA and AES-CTR support
- fixed a small memory leak during the key exchange process
- fixed a possible memory leak of the ssh banner string
- fixed various small memory leaks in the backends
- fixed possible out of bounds read when parsing public keys from the server
- fixed possible out of bounds read when parsing invalid PEM files
- no longer null terminates the scp remote exec command
- now handle errors when diffie hellman key pair generation fails
- fixed compiling on Windows with the flag STDCALL=ON
- improved building instructions
- improved unit tests
3.0.2:
* Fixed space encoding in base string URI used in the signature base string.
* Fixed OIDC /token response which wrongly returned "&state=None"
* Doc: The value `state` must not be stored by the AS, only returned in /authorize response.
* Fixed OIDC "nonce" checks: raise errors when it's mandatory
Noteworthy changes in version 1.13.1:
* cpp: gpgme_set_global_flag is now wrapped.
* w32: Improved handling of unicode install paths.
* w32: The gpgme_io_spawn error message is now only shown once.
* Fixed a crash introduced in 1.13.0 when working with S/MIME.
* w32: Fixed format string errors introduced in 1.13.0 that could
cause crashes.
* w32: Fixed an error in the new diagnostic gpgsm support introduced
in 1.13.0 that caused crashes in low fd scenarios.
* python: Fixed a DecryptionError Exception.
* python: No longer raises BadSignatures from decrypt(verify=True).
* Add security/libsodium as dependency
Changelog:
2.4.3 (2019-06-12)
=========================
- Fix library loading issues in the Snap and macOS releases [#3247]
- Fix various keyboard navigation issues [#3248]
- Fix main window toggling regression when clicking the tray icon on KDE [#3258]
- Add documentation for keyboard shortcuts to source code distribution [#3215]
2.4.2 (2019-05-31)
=========================
- Improve resilience against memory attacks - overwrite memory before free [#3020]
- Prevent infinite save loop when location is unavailable [#3026]
- Attempt to fix quitting application when shutdown or logout issued [#3199]
- Support merging database custom data [#3002]
- Fix opening URL's with non-http schemes [#3153]
- Fix data loss due to not reading all database attachments if duplicates exist [#3180]
- Fix entry context menu disabling when using keyboard navigation [#3199]
- Fix behaviors when canceling an entry edit [#3199]
- Fix processing of tray icon click and doubleclick [#3112]
- Update group in preview widget when focused [#3199]
- Prefer DuckDuckGo service over direct icon download (increases resolution) [#2996]
- Remove apply button in application settings [#3019]
- Use winqtdeploy on Windows to correct deployment issues [#3025]
- Don't mark entry edit as modified when attribute selection changes [#3041]
- Use console code page CP_UTF8 on Windows if supported [#3050]
- Snap: Fix locking database with session lock [#3046]
- Snap: Fix theming across Linux distributions [#3057]
- Snap: Use SNAP_USER_COMMON and SNAP_USER_DATA directories [#3131]
- KeeShare: Automatically enable WITH_XC_KEESHARE_SECURE if quazip is found [#3088]
- macOS: Fix toolbar text when in dark mode [#2998]
- macOS: Lock database on switching user [#3097]
- macOS: Fix global Auto-Type when the database is locked [#3138]
- Browser: Close popups when database is locked [#3093]
- Browser: Add tests [#3016]
- Browser: Don't create default group if custom group is enabled [#3127]
2.6.0:
Add a new keyword argument to SSHClient.connect and Transport, disabled_algorithms, which allows selectively disabling one or more kex/key/cipher/etc algorithms. This can be useful when disabling algorithms your target server (or client) does not support cleanly, or to work around unpatched bugs in Paramiko’s own implementation thereof.
SSHClient.exec_command previously returned a naive ChannelFile object for its stdin value; such objects don’t know to properly shut down the remote end’s stdin when they .close(). This lead to issues (such as hangs) when running remote commands that read from stdin.
Add backwards-compatible support for the gssapi GSSAPI library, as the previous backend (python-gssapi) has since become defunct. This change also includes tests for the GSSAPI functionality.
Tweak many exception classes so their string representations are more human-friendly; this also includes incidental changes to some super() calls.
Tested on OS X Tiger PowerPC and NetBSD-HEAD amd64
Changes between 1.0.2r and 1.0.2s [28 May 2019]
*) Change the default RSA, DSA and DH size to 2048 bit instead of 1024.
This changes the size when using the genpkey app when no size is given. It
fixes an omission in earlier changes that changed all RSA, DSA and DH
generation apps to use 2048 bits by default.
[Kurt Roeckx]
*) Add FIPS support for Android Arm 64-bit
Support for Android Arm 64-bit was added to the OpenSSL FIPS Object
Module in Version 2.0.10. For some reason, the corresponding target
'android64-aarch64' was missing OpenSSL 1.0.2, whence it could not be
built with FIPS support on Android Arm 64-bit. This omission has been
fixed.
[Matthias St. Pierre]
Changes between 1.0.2q and 1.0.2r [26 Feb 2019]
*) 0-byte record padding oracle
If an application encounters a fatal protocol error and then calls
SSL_shutdown() twice (once to send a close_notify, and once to receive one)
then OpenSSL can respond differently to the calling application if a 0 byte
record is received with invalid padding compared to if a 0 byte record is
received with an invalid MAC. If the application then behaves differently
based on that in a way that is detectable to the remote peer, then this
amounts to a padding oracle that could be used to decrypt data.
In order for this to be exploitable "non-stitched" ciphersuites must be in
use. Stitched ciphersuites are optimised implementations of certain
commonly used ciphersuites. Also the application must call SSL_shutdown()
twice even if a protocol error has occurred (applications should not do
this but some do anyway).
This issue was discovered by Juraj Somorovsky, Robert Merget and Nimrod
Aviram, with additional investigation by Steven Collison and Andrew
Hourselt. It was reported to OpenSSL on 10th December 2018.
(CVE-2019-1559)
[Matt Caswell]
*) Move strictness check from EVP_PKEY_asn1_new() to EVP_PKEY_asn1_add0().
[Richard Levitte]
Changes between 1.0.2p and 1.0.2q [20 Nov 2018]
*) Microarchitecture timing vulnerability in ECC scalar multiplication
OpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH, has been
shown to be vulnerable to a microarchitecture timing side channel attack.
An attacker with sufficient access to mount local timing attacks during
ECDSA signature generation could recover the private key.
This issue was reported to OpenSSL on 26th October 2018 by Alejandro
Cabrera Aldaya, Billy Brumley, Sohaib ul Hassan, Cesar Pereida Garcia and
Nicola Tuveri.
(CVE-2018-5407)
[Billy Brumley]
*) Timing vulnerability in DSA signature generation
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a
timing side channel attack. An attacker could use variations in the signing
algorithm to recover the private key.
This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser.
(CVE-2018-0734)
[Paul Dale]
*) Resolve a compatibility issue in EC_GROUP handling with the FIPS Object
Module, accidentally introduced while backporting security fixes from the
development branch and hindering the use of ECC in FIPS mode.
[Nicola Tuveri]
3.1.7:
Set a setuptools lower bound for PEP517 wheel building.
We no longer distribute 32-bit manylinux1 wheels. Continuing to produce them was a maintenance burden.
0.35.1:
Fixed
Support for specifying an authoritative base domain in our dns-rfc2136 plugin has been removed. This feature was added in our last release but had a bug which caused the plugin to fail so the feature has been removed until it can be added properly.
Despite us having broken lockstep, we are continuing to release new versions of all Certbot components during releases for the time being, however, the only package with changes other than its version number was:
certbot-dns-rfc2136
py-certbot: update to 0.35.0
py-certbot-apache: update to 0.35.0
py-certbot-dns-luadns: update to 0.35.0
py-certbot-dns-nsone: update to 0.35.0
py-certbot-dns-ovh: update to 0.35.0
py-certbot-dns-rfc2136: update to 0.35.0
py-certbot-dns-route53: update to 0.35.0
py-certbot-dns-sakuracloud: update to 0.35.0
py-certbot-nginx: update to 0.35.0
pkgsrc changes:
---------------
* Add py-certbot/Makefile.common to make version number coherent
upstream changes:
-----------------
- Added
o dns_rfc2136 plugin now supports explicitly specifing an authorative base domain for cases when the automatic method does not work (e.g. Split horizon DNS)
- Fixed
o Renewal parameter webroot_path is always saved, avoiding some regressions when webroot authenticator plugin is invoked with no challenge to perform.
o Certbot now accepts OCSP responses when an explicit authorized responder, different from the issuer, is used to sign OCSP responses.
o Scripts in Certbot hook directories are no longer executed when their filenames end in a tilde.
- Despite us having broken lockstep, we are continuing to release new versions of all Certbot components during releases for the time being, however, the only package with changes other than its version number was:
o certbot
o certbot-dns-rfc2136
Release 1.17.0:
Added support for “reverse direction” SSH connections, useful to support applications like NETCONF Call Home, described in RFC 8071.
Added support for the PyCA implementation of Chacha20-Poly1305, eliminating the dependency on libnacl/libsodium to provide this functionality, as long as OpenSSL 1.1.1b or later is installed.
Restored libnacl support for Curve25519/Ed25519 on systems which have an older version of OpenSSL that doesn’t have that support. This fallback also applies to Chacha20-Poly1305.
Fixed Pageant support on Windows to use the Pageant agent by default when it is available and client keys are not explicitly configured.
Disabled the use of RSA SHA-2 signatures when using the Pageant or Windows 10 OpenSSH agent on Windows, since neither of those support the signature flags options to request them.
Fixed a regression where a callable was no longer usable in the sftp_factory argument of create_server.
2.5.0:
[Feature] Updated SSHConfig.lookup so it returns a new, type-casting-friendly dict subclass (SSHConfigDict) in lieu of dict literals. This ought to be backwards compatible, and allows an easier way to check boolean or int type ssh_config values.
[Feature] Add support for Curve25519 key exchange (aka curve25519-sha256@libssh.org).
[Feature] Add support for encrypt-then-MAC (ETM) schemes (hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com) and two newer Diffie-Hellman group key exchange algorithms (group14, using SHA256; and group16, using SHA512). Patch courtesy of Edgar Sousa.
[Support] Update our install docs with (somewhat) recently added additional dependencies; we previously only required Cryptography, but the docs never got updated after we incurred bcrypt and pynacl requirements for Ed25519 key support.
Additionally, pyasn1 was never actually hard-required; it was necessary during a development branch, and is used by the optional GSSAPI support, but is not required for regular installation. Thus, it has been removed from our setup.py and its imports in the GSSAPI code made optional.
[Support] Add *.pub files to the MANIFEST so distributed source packages contain some necessary test assets. Credit: Alexander Kapshuna.
[Support] Add support for the modern (as of Python 3.3) import location of MutableMapping (used in host key management) to avoid the old location becoming deprecated in Python 3.8.
[Support] Raise Cryptography dependency requirement to version 2.5 (from 1.5) and update some deprecated uses of its API.
Version 8.2.0
minor release, no recompile of programs required
expanded community input and support
56 unique contributors as of this release
use PowerPC unaligned loads and stores with Power8
add SKIPJACK test vectors
fix SHAKE-128 and SHAKE-256 compile
removed IS_NEON from Makefile
fix Aarch64 build on Fedora 29
fix missing GF2NT_233_Multiply_Reduce_CLMUL in FIPS DLL
add missing BLAKE2 constructors
fix missing BlockSize() in BLAKE2 classes
Version 8.1.0
minor release, no recompile of programs required
expanded community input and support
56 unique contributors as of this release
fix OS X PowerPC builds with Clang
add Microsoft ARM64 support
fix iPhone Simulator build due to missign symbols
add CRYPTOPP_BUGGY_SIMD_LOAD_AND_STORE
add carryless multiplies for NIST b233 and k233 curves
fix OpenMP build due to use of OpenMP 4 with down-level compilers
add SignStream and VerifyStream for ed25519 and large files
fix missing AlgorithmProvider in PanamaHash
add SHAKE-128 and SHAKE-256
fix AVX2 build due to _mm256_broadcastsi128_si256
add IETF ChaCha, XChaCha, ChaChaPoly1305 and XChaChaPoly1305
Version 8.0.0
major release, recompile of programs required
expanded community input and support
54 unique contributors as of this release
add x25519 key exchange and ed25519 signature scheme
add limited Asymmetric Key Package support from RFC 5958
add Power9 DARN random number generator support
add CHAM, HC-128, HC-256, Hight, LEA, Rabbit, Simeck
fix FixedSizeAllocatorWithCleanup may be unaligned on some platforms
cutover to GNU Make-based cpu feature tests
rename files with dashes to underscores
fix LegacyDecryptor and LegacyDecryptorWithMAC use wrong MAC
fix incorrect AES/CBC decryption on Windows
avoid Singleton<T> when possible, avoid std::call_once completely
fix SPARC alignment problems due to GetAlignmentOf<T>() on word64
add ARM AES asm implementation from Cryptogams
remove CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS support
Noteworthy changes in version 2.2.16:
* gpg,gpgsm: Fix deadlock on Windows due to a keybox sharing
violation.
* gpg: Allow deletion of subkeys with --delete-key. This finally
makes the bang-suffix work as expected for that command.
* gpg: Replace SHA-1 by SHA-256 in self-signatures when updating
them with --quick-set-expire or --quick-set-primary-uid.
* gpg: Improve the photo image viewer selection.
* gpg: Fix decryption with --use-embedded-filename.
* gpg: Remove hints on using the --keyserver option.
* gpg: Fix export of certain secret keys with comments.
* gpg: Reject too long user-ids in --quick-gen-key.
* gpg: Fix a double free in the best key selection code.
* gpg: Fix the key generation dialog for switching back from EdDSA
to ECDSA.
* gpg: Use AES-192 with SHA-384 to comply with RFC-6637.
* gpg: Use only the addrspec from the Signer's UID subpacket to
mitigate a problem with another implementation.
* gpg: Skip invalid packets during a keyring listing and sync
diagnostics with the output.
* gpgsm: Avoid confusing diagnostic when signing with the default
key.
* agent: Do not delete any secret key in --dry-run mode.
* agent: Fix failures on 64 bit big-endian boxes related to URIs in
a keyfile.
* agent: Stop scdaemon after a reload with disable-scdaemon newly
configured.
* dirmngr: Improve caching algorithm for WKD domains.
* dirmngr: Support other hash algorithms than SHA-1 for OCSP.
* gpgconf: Make --homedir work for --launch.
* gpgconf: Before --launch check for a valid config file.
* wkd: Do not import more than 5 keys from one WKD address.
* wkd: Accept keys which are stored in armored format in the
directory.
* The installer for Windows now comes with signed binaries.
Pick up two more NetBSD bugfixes from firefox60:
* use /dev/audio instead of /dev/sound
* use libGL.so instead of the versioned libGL.so.1, which does not exist
on NetBSD
Version 1.0.18
- The Enterprise versions of Visual Studio are now supported.
- Visual Studio 2019 is now supported.
- 32-bit binaries for Visual Studio 2010 are now provided.
- A test that didn't work properly on Linux systems with overcommit
memory turned on has been removed. This fixes Ansible builds.
- Emscripten: print and printErr functions are overridden to send
errors to the console, if there is one.
- Emscripten: UTF8ToString() is now exported since Pointer_stringify()
has been deprecated.
- Libsodium version detection has been fixed in the CMake recipe.
- Generic hashing got a 10% speedup on AVX2.
- New target: WebAssembly/WASI (compile with dist-builds/wasm32-wasi.sh).
- New functions to map a hash to an edwards25519 point or get a random point:
core_ed25519_from_hash() and core_ed25519_random().
- crypto_core_ed25519_scalar_mul() has been implemented for scalar*scalar
(mod L) multiplication.
- Support for the Ristretto group has been implemented, for compatibility
with wasm-crypto.
- Improvements have been made to the test suite.
- Portability improvements has been made.
- getentropy() is now used on systems providing this system call.
- randombytes_salsa20 has been renamed to randombytes_internal.
- Support for (p)nacl has been removed.
- Most ((nonnull)) attributes have been relaxed to allow 0-length inputs
to be NULL.
- The -ftree-vectorize and -ftree-slp-vectorize compiler switches are
now used, if available, for optimized builds.
2.7:
BACKWARDS INCOMPATIBLE: We no longer distribute 32-bit manylinux1 wheels. Continuing to produce them was a maintenance burden.
BACKWARDS INCOMPATIBLE: Removed the cryptography.hazmat.primitives.mac.MACContext interface. The CMAC and HMAC APIs have not changed, but they are no longer registered as MACContext instances.
Updated Windows, macOS, and manylinux1 wheels to be compiled with OpenSSL 1.1.1c.
Removed support for running our tests with setup.py test. Users interested in running our tests can continue to follow the directions in our :doc:development documentation</development/getting-started>.
Add support for :class:~cryptography.hazmat.primitives.poly1305.Poly1305 when using OpenSSL 1.1.1 or newer.
Support serialization with Encoding.OpenSSH and PublicFormat.OpenSSH in :meth:Ed25519PublicKey.public_bytes <cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey.public_bytes> .
Correctly allow passing a SubjectKeyIdentifier to :meth:~cryptography.x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier and deprecate passing an Extension object. The documentation always required SubjectKeyIdentifier but the implementation previously required an Extension.
copy tsutsui's commit to firefox:
fix wrong latency unit in stream_init() function.
Based on a patch in PR pkg/54206 from Y.Sugahara.
Bump PKGREVISION.
Avoid a situation where a build host can use SSE2, but opt.c is then
compiled without SSE2 support (which fails).
Also check for CFLAGS for this compile test while here.
amend comment: we avoid -march=native not because of netbsd, but because
it results in shiny package builders creating packages not usable by
some users with older machines.
PR pkg/54238: security/argon2 build fails on i386-current (8.99.41)
signing-party (2.10-1) unstable; urgency=high
* gpg-key2ps: Security fix for CVE-2018-15599: unsafe shell call enabling
shell injection via a User ID. Use Perl's (core) module Encode.pm instead
of shelling out to `iconv`. (Closes: #928256.)
2016-Jul-30 v3.1 - Added the purge command.
Added Data::Password::passwdqc support to the
pwck command and prefer it over Data::Password.
Minor improvements in cli_pwck().
Applied SF patch #6 from Chris van Marle.
Addressed items pointed out in SF patch #7.
In cli_save(), worked around a File::KeePass bug.
- rt.cpan.org tik# 113391; https://goo.gl/v65HKE
Applied SF patch #8 from Maciej Grela.
Optional better RNG; SF bug #30 from Aaron Toponce.
2017-Dec-22 v3.2 - Added xpx command per the request in SF ticket #32.
Added autosave functionality (shadow copies).
Fixed a bug in new_edit_multiline_input() that was
preventing blank lines between paragraphs.
Fixed a typo in the --help info for --pwfile.
Fixed a small bug in subroutine destroy_found().
0.34.2:
Fixed
certbot-auto no longer writes a check_permissions.py script at the root of the filesystem.
Despite us having broken lockstep, we are continuing to release new versions of all Certbot components during releases for the time being, however, the only changes in this release were to certbot-auto.
Changelog:
2.4.1 (2019-04-12)
=========================
- Fix database deletion when using unsafe saves to a different file system [#2889]
- Fix opening databases with legacy key files that contain '/' [#2872]
- Fix opening database files from the command line [#2919]
- Fix crash when editing master key [#2836]
- Fix multiple issues with apply button behavior [#2947]
- Fix issues on application startup (tab order, --pw-stdin, etc.) [#2830]
- Fix building without WITH_XC_KEESHARE
- Fix reference entry coloring on macOS dark mode [#2984]
- Hide window when performing entry auto-type on macOS [#2969]
- Improve UX of update checker; reduce checks to every 7 days [#2968]
- KeeShare improvements [#2946, #2978, #2824]
- Re-enable Ctrl+C to copy password from search box [#2947]
- Add KeePassXC-Browser integration for Brave browser [#2933]
- SSH Agent: Re-Add keys on database unlock [#2982]
- SSH Agent: Only remove keys on app exit if they are removed on lock [#2985]
- CLI: Add --no-password option [#2708]
- CLI: Improve database extraction to XML [#2698]
- CLI: Don't call mandb on build [#2774]
- CLI: Add debug info [#2714]
- Improve support for Snap theming [#2832]
- Add support for building on Haiku OS [#2859]
- Ctrl+PgDn now goes to the next tab and Ctrl+PgUp to the previous
- Fix compiling on GCC 5 / Xenial [#2990]
- Add .gitrev output to tarball for third-party builds [#2970]
- Add WITH_XC_UPDATECHECK compile flag to toggle the update checker [#2968]
0.34.1:
Fixed
certbot-auto no longer prints a blank line when there are no permissions problems.
Despite us having broken lockstep, we are continuing to release new versions of all Certbot components during releases for the time being, however, the only changes in this release were to certbot-auto.
More details about these changes can be found on our GitHub repo.
0.34.0:
Changed
Apache plugin now tries to restart httpd on Fedora using systemctl if a configuration test error is detected. This has to be done due to the way Fedora now generates the self signed certificate files upon first restart.
Updated Certbot and its plugins to improve the handling of file system permissions on Windows as a step towards adding proper Windows support to Certbot.
Updated urllib3 to 1.24.2 in certbot-auto.
Removed the fallback introduced with 0.32.0 in acme to retry a challenge response with a keyAuthorization if sending the response without this field caused a malformed error to be received from the ACME server.
Linode DNS plugin now supports api keys created from their new panel at cloud.linode.com
Adding a warning noting that future versions of Certbot will automatically configure the webserver so that all requests redirect to secure HTTPS access. You can control this behavior and disable this warning with the --redirect and --no-redirect flags.
certbot-auto now prints warnings when run as root with insecure file system permissions. If you see these messages, you should fix the problem by following the instructions at https://community.letsencrypt.org/t/certbot-auto-deployment-best-practices/91979/, however, these warnings can be disabled as necessary with the flag --no-permissions-check.
acme module uses now a POST-as-GET request to retrieve the registration from an ACME v2 server
Convert the tsig algorithm specified in the certbot_dns_rfc2136 configuration file to all uppercase letters before validating. This makes the value in the config case insensitive.
Fix conflict with hmac symbol from libc, from Naveen Narayanan.
Update configure option, it was renamed. Bump PKGREVISION for that.
Small pkglint fix while here.
Distfile does not exist and was not redistributable.
Package was marked BROKEN for this reason for some time.
Newer version available, package could be re-added if someone is interested.
(Last update was 2007.)
Update provided by Aleksej Lebedev in pkgsrc-wip.
I removed Interix support. We've been moving the patches for a
while, without a real test on Interix. the support for interix
is quite invasive and makes updating this package difficult.
Will reconsider re-adding if I knew we had actual users on
Interix (I strongly suspect we don't).
OpenSSH 8.0 was released on 2019-04-17. It is available from the
mirrors listed at https://www.openssh.com/.
OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support.
Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested snapshots or donated to the
project. More information on donations may be found at:
http://www.openssh.com/donations.html
Security
========
This release contains mitigation for a weakness in the scp(1) tool
and protocol (CVE-2019-6111): when copying files from a remote system
to a local directory, scp(1) did not verify that the filenames that
the server sent matched those requested by the client. This could
allow a hostile server to create or clobber unexpected local files
with attacker-controlled content.
This release adds client-side checking that the filenames sent from
the server match the command-line request,
The scp protocol is outdated, inflexible and not readily fixed. We
recommend the use of more modern protocols like sftp and rsync for
file transfer instead.
Potentially-incompatible changes
================================
This release includes a number of changes that may affect existing
configurations:
* scp(1): Relating to the above changes to scp(1); the scp protocol
relies on the remote shell for wildcard expansion, so there is no
infallible way for the client's wildcard matching to perfectly
reflect the server's. If there is a difference between client and
server wildcard expansion, the client may refuse files from the
server. For this reason, we have provided a new "-T" flag to scp
that disables these client-side checks at the risk of
reintroducing the attack described above.
* sshd(8): Remove support for obsolete "host/port" syntax. Slash-
separated host/port was added in 2001 as an alternative to
host:port syntax for the benefit of IPv6 users. These days there
are establised standards for this like [::1]:22 and the slash
syntax is easily mistaken for CIDR notation, which OpenSSH
supports for some things. Remove the slash notation from
ListenAddress and PermitOpen; bz#2335
Changes since OpenSSH 7.9
=========================
This release is focused on new features and internal refactoring.
New Features
------------
* ssh(1), ssh-agent(1), ssh-add(1): Add support for ECDSA keys in
PKCS#11 tokens.
* ssh(1), sshd(8): Add experimental quantum-computing resistant
key exchange method, based on a combination of Streamlined NTRU
Prime 4591^761 and X25519.
* ssh-keygen(1): Increase the default RSA key size to 3072 bits,
following NIST Special Publication 800-57's guidance for a
128-bit equivalent symmetric security level.
* ssh(1): Allow "PKCS11Provider=none" to override later instances of
the PKCS11Provider directive in ssh_config; bz#2974
* sshd(8): Add a log message for situations where a connection is
dropped for attempting to run a command but a sshd_config
ForceCommand=internal-sftp restriction is in effect; bz#2960
* ssh(1): When prompting whether to record a new host key, accept
the key fingerprint as a synonym for "yes". This allows the user
to paste a fingerprint obtained out of band at the prompt and
have the client do the comparison for you.
* ssh-keygen(1): When signing multiple certificates on a single
command-line invocation, allow automatically incrementing the
certificate serial number.
* scp(1), sftp(1): Accept -J option as an alias to ProxyJump on
the scp and sftp command-lines.
* ssh-agent(1), ssh-pkcs11-helper(8), ssh-add(1): Accept "-v"
command-line flags to increase the verbosity of output; pass
verbose flags though to subprocesses, such as ssh-pkcs11-helper
started from ssh-agent.
* ssh-add(1): Add a "-T" option to allowing testing whether keys in
an agent are usable by performing a signature and a verification.
* sftp-server(8): Add a "lsetstat@openssh.com" protocol extension
that replicates the functionality of the existing SSH2_FXP_SETSTAT
operation but does not follow symlinks. bz#2067
* sftp(1): Add "-h" flag to chown/chgrp/chmod commands to request
they do not follow symlinks.
* sshd(8): Expose $SSH_CONNECTION in the PAM environment. This makes
the connection 4-tuple available to PAM modules that wish to use
it in decision-making. bz#2741
* sshd(8): Add a ssh_config "Match final" predicate Matches in same
pass as "Match canonical" but doesn't require hostname
canonicalisation be enabled. bz#2906
* sftp(1): Support a prefix of '@' to suppress echo of sftp batch
commands; bz#2926
* ssh-keygen(1): When printing certificate contents using
"ssh-keygen -Lf /path/certificate", include the algorithm that
the CA used to sign the cert.
Bugfixes
--------
* sshd(8): Fix authentication failures when sshd_config contains
"AuthenticationMethods any" inside a Match block that overrides
a more restrictive default.
* sshd(8): Avoid sending duplicate keepalives when ClientAliveCount
is enabled.
* sshd(8): Fix two race conditions related to SIGHUP daemon restart.
Remnant file descriptors in recently-forked child processes could
block the parent sshd's attempt to listen(2) to the configured
addresses. Also, the restarting parent sshd could exit before any
child processes that were awaiting their re-execution state had
completed reading it, leaving them in a fallback path.
* ssh(1): Fix stdout potentially being redirected to /dev/null when
ProxyCommand=- was in use.
* sshd(8): Avoid sending SIGPIPE to child processes if they attempt
to write to stderr after their parent processes have exited;
bz#2071
* ssh(1): Fix bad interaction between the ssh_config ConnectTimeout
and ConnectionAttempts directives - connection attempts after the
first were ignoring the requested timeout; bz#2918
* ssh-keyscan(1): Return a non-zero exit status if no keys were
found; bz#2903
* scp(1): Sanitize scp filenames to allow UTF-8 characters without
terminal control sequences; bz#2434
* sshd(8): Fix confusion between ClientAliveInterval and time-based
RekeyLimit that could cause connections to be incorrectly closed.
bz#2757
* ssh(1), ssh-add(1): Correct some bugs in PKCS#11 token PIN
handling at initial token login. The attempt to read the PIN
could be skipped in some cases, particularly on devices with
integrated PIN readers. This would lead to an inability to
retrieve keys from these tokens. bz#2652
* ssh(1), ssh-add(1): Support keys on PKCS#11 tokens that set the
CKA_ALWAYS_AUTHENTICATE flag by requring a fresh login after the
C_SignInit operation. bz#2638
* ssh(1): Improve documentation for ProxyJump/-J, clarifying that
local configuration does not apply to jump hosts.
* ssh-keygen(1): Clarify manual - ssh-keygen -e only writes
public keys, not private.
* ssh(1), sshd(8): be more strict in processing protocol banners,
allowing \r characters only immediately before \n.
* Various: fix a number of memory leaks, including bz#2942 and
bz#2938
* scp(1), sftp(1): fix calculation of initial bandwidth limits.
Account for bytes written before the timer starts and adjust the
schedule on which recalculations are performed. Avoids an initial
burst of traffic and yields more accurate bandwidth limits;
bz#2927
* sshd(8): Only consider the ext-info-c extension during the initial
key eschange. It shouldn't be sent in subsequent ones, but if it
is present we should ignore it. This prevents sshd from sending a
SSH_MSG_EXT_INFO for REKEX for buggy these clients. bz#2929
* ssh-keygen(1): Clarify manual that ssh-keygen -F (find host in
authorized_keys) and -R (remove host from authorized_keys) options
may accept either a bare hostname or a [hostname]:port combo.
bz#2935
* ssh(1): Don't attempt to connect to empty SSH_AUTH_SOCK; bz#2936
* sshd(8): Silence error messages when sshd fails to load some of
the default host keys. Failure to load an explicitly-configured
hostkey is still an error, and failure to load any host key is
still fatal. pr/103
* ssh(1): Redirect stderr of ProxyCommands to /dev/null when ssh is
started with ControlPersist; prevents random ProxyCommand output
from interfering with session output.
* ssh(1): The ssh client was keeping a redundant ssh-agent socket
(leftover from authentication) around for the life of the
connection; bz#2912
* sshd(8): Fix bug in HostbasedAcceptedKeyTypes and
PubkeyAcceptedKeyTypes options. If only RSA-SHA2 siganture types
were specified, then authentication would always fail for RSA keys
as the monitor checks only the base key (not the signature
algorithm) type against *AcceptedKeyTypes. bz#2746
* ssh(1): Request correct signature types from ssh-agent when
certificate keys and RSA-SHA2 signatures are in use.
Portability
-----------
* sshd(8): On Cygwin, run as SYSTEM where possible, using S4U for
token creation if it supports MsV1_0 S4U Logon.
* sshd(8): On Cygwin, use custom user/group matching code that
respects the OS' behaviour of case-insensitive matching.
* sshd(8): Don't set $MAIL if UsePAM=yes as PAM typically specifies
the user environment if it's enabled; bz#2937
* sshd(8) Cygwin: Change service name to cygsshd to avoid collision
with Microsoft's OpenSSH port.
* Allow building against OpenSSL -dev (3.x)
* Fix a number of build problems against version configurations and
versions of OpenSSL. Including bz#2931 and bz#2921
* Improve warnings in cygwin service setup. bz#2922
* Remove hardcoded service name in cygwin setup. bz#2922
Right now, a user installing xscreensaver with the "pam" option will
see two messages about how to configure it, one of which comes from
this package. This needs to be disentangled properly, but there are
some broader questions that also apply to gnome-screensaver and mate-
screensaver, so for now, add a bit more detail here just in case. (This
relates to, but doesn't particularly address, PR pkg/50622.)
1.3.0:
Added optional dependency for cryptography for faster RC4 cipher calls
Removed the deprecation warning for Ntlm, this is still advised not to use but there's no major harm keep it in place for older hosts
Add CI test for Python 3.7 and 3.8
Changes in 2.2
- support for openssl 1.1
- support for AES GCM and AES CCM modes
- new base64 convenience functions
- new botan2 support
- new hkdf support
- various build improvements and (deprecation) cleanups
There may be trouble building this release on windows. Feedback/input
would be very welcome.
(2.2.0 was not announced due to defects noticed after tagging)
Add new package option "editline" (enabled by default) which adds
command line editing and filename completion to the "sftp" client.
Bump the package revision because of this change.
Revision 0.2.5:
- Added module RFC5958 providing Asymmetric Key Packages,
which is essentially version 2 of the PrivateKeyInfo
structure in PKCS#8 in RFC 5208
- Added module RFC8410 providing algorithm Identifiers for
Ed25519, Ed448, X25519, and X448
- Added module RFC8418 providing Elliptic Curve Diffie-Hellman
(ECDH) Key Agreement Algorithm with X25519 and X448
- Added module RFC3565 providing Elliptic Curve Diffie-Hellman
Key Agreement Algorithm use with X25519 and X448 in the
Cryptographic Message Syntax (CMS)
- Added module RFC4108 providing CMS Firmware Wrapper
- Added module RFC3779 providing X.509 Extensions for IP
Addresses and AS Identifiers
- Added module RFC4055 providing additional Algorithms and
Identifiers for RSA Cryptography for use in Certificates
and CRLs
Upstream changes:
**** 1.12 Mar 19, 2019
Avoid use of EC_POINT_set_affine_coordinates_GFp which is
deprecated in OpenSSL 3.0.0
Reduce level of support for OpenSSL non-LTS releases.
Changelog:
Noteworthy changes in version 0.10.0 (2018-10-16)
-------------------------------------------------
* Added key manager context menu items to copy the key fingerprint
and the secret key to the clipboard.
* Added "Details" buttons to many error popups to show raw
diagnostic output from gpg.
* Changed the "Retrieve Key" dialog to first try the Web Key
Directory if a mail address is given. Only if this lookup fails
the keyservers are searched.
* Added a user-ID notebook page to show per user-ID info.
* Made location of locale dir under Windows more flexible.
* Fixed crash on filename conversion error. [#2185]
* Fixed listing of key algos in the subkey windows. [#3405]
* Removed lazy loading of the secret keyring. [#3748]
Release-info: https://dev.gnupg.org/T4186
0.33.1:
Fixed
A bug causing certbot-auto to print warnings or crash on some RHEL based systems has been resolved.
Despite us having broken lockstep, we are continuing to release new versions of all Certbot components during releases for the time being, however, the only changes in this release were to certbot-auto.
0.33.0:
Added
Fedora 29+ is now supported by certbot-auto. Since Python 2.x is on a deprecation path in Fedora, certbot-auto will install and use Python 3.x on Fedora 29+.
CLI flag --https-port has been added for Nginx plugin exclusively, and replaces --tls-sni-01-port. It defines the HTTPS port the Nginx plugin will use while setting up a new SSL vhost. By default the HTTPS port is 443.
Changed
Support for TLS-SNI-01 has been removed from all official Certbot plugins.
Attributes related to the TLS-SNI-01 challenge in acme.challenges and acme.standalone modules are deprecated and will be removed soon.
CLI flags --tls-sni-01-port and --tls-sni-01-address are now no-op, will generate a deprecation warning if used, and will be removed soon.
Options tls-sni and tls-sni-01 in --preferred-challenges flag are now no-op, will generate a deprecation warning if used, and will be removed soon.
CLI flag --standalone-supported-challenges has been removed.
Fixed
Certbot uses the Python library cryptography for OCSP when cryptography>=2.5 is installed. We fixed a bug in Certbot causing it to interpret timestamps in the OCSP response as being in the local timezone rather than UTC.
Issue causing the default CentOS 6 TLS configuration to ignore some of the HTTPS VirtualHosts created by Certbot. mod_ssl loading is now moved to main http.conf for this environment where possible.
Version 5.51, 2019.04.04, urgency: MEDIUM
New features
Hexadecimal PSK keys are automatically converted to binary.
Session ticket support (requires OpenSSL 1.1.1 or later). "connect"
address persistence is currently unsupported with session tickets.
SMTP HELO before authentication (thx to Jacopo Giudici).
New "curves" option to control the list of elliptic curves in OpenSSL
1.1.0 and later.
New "ciphersuites" option to control the list of permitted TLS 1.3 ciphersuites.
Include file name and line number in OpenSSL errors.
Compatibility with the current OpenSSL 3.0.0-dev branch.
Better performance with SSL_set_read_ahead()/SSL_pending().
Bugfixes
Fixed PSKsecrets as a global option (thx to Teodor Robas).
Fixed a memory allocation bug (thx to matanfih).
Changes:
(No changelog is provided upstream, this is based on commit messages.)
1.3.4
-----
- Add support for preprocess response data (`--preprocess' option)
- Misc bug fixes and improvements
1.3.3
-----
- Misc bug fixes and improvements
1.3.2
-----
- Add and update WAF scripts
- Misc bug fixes and improvements
1.3.1
-----
(Not released)
1.3
---
- Add Approach and Bluedon WAF scripts
- Misc bug fixes and improvements
1.2.12
------
- Misc bug fixes and improvements
3.8.1:
New features
* Add support for loading PEM files encrypted with AES192-CBC, AES256-CBC, and AES256-GCM.
* When importing ECC keys, ignore EC PARAMS section that was included by some openssl commands.
Noteworthy changes in version 1.13.0:
* Support GPGME_AUDITLOG_DIAG for gpgsm.
* New context flag "trust-model".
* Removed support for WindowsCE and Windows ME.
* Aligned the gpgrt-config code with our other libaries.
* Auto-check for all installed Python versions.
* Fixed generating card key in the C++ bindings.
* Fixed a segv due to bad parameters in genkey.
* Fixed crash if the plaintext is ignored in a CMS verify.
* Fixed memleak on Windows.
* Tweaked the Windows I/O code.
* Fixed random crashes on Windows due to closing an arbitrary
handle.
* Fixed a segv on Windows.
* Fixed test suite problems related to dtags.
* Fixed bunch of python bugs.
* Several fixes to the Common Lisp bindings.
* Fixed minor bugs in gpgme-json.
* Require trace level 8 to dump all I/O data.
* The compiler must now support variadic macros.
Changelog:
Version 5.50, 2018.12.02, urgency: MEDIUM
* New features
- 32-bit Windows builds replaced with 64-bit builds.
- OpenSSL DLLs updated to version 1.1.1.
- Check whether "output" is not a relative file name.
- Major code cleanup in the configuration file parser.
- Added sslVersion, sslVersionMin and sslVersionMax
for OpenSSL 1.1.0 and later.
* Bugfixes
- Fixed PSK session resumption with TLS 1.3.
- Fixed a memory leak in WIN32 logging subsystem.
- Allow for zero value (ignored) TLS options.
- Partially refactored configuration file parsing
and logging subsystems for clearer code and minor
bugfixes.
* Caveats
- We removed FIPS support from our standard builds.
FIPS will still be available with bespoke builds.
Version 1.8.2 (25 Mar 2019)
Daniel Stenberg (25 Mar 2019)
- RELEASE-NOTES: version 1.8.2
- [Will Cosgrove brought this change]
moved MAX size declarations #330
- [Will Cosgrove brought this change]
Fixed misapplied patch (#327)
Fixes for user auth
Changelog:
These features were new in 0.70 (released 2017-07-08):
Security fix: the Windows PuTTY binaries should no longer be
vulnerable to hijacking by specially named DLLs in the same
directory, even a name we missed when we thought we'd fixed
this in 0.69. See vuln-indirect-dll-hijack-3.
Windows PuTTY should be able to print again, after our DLL
hijacking defences broke that functionality.
Windows PuTTY should be able to accept keyboard input outside
the current code page, after our DLL hijacking defences broke
that too.
These features are new in 0.71 (released 2019-03-16):
Security fixes found by an EU-funded bug bounty programme:
a remotely triggerable memory overwrite in RSA key exchange,
which can occur before host key verification
potential recycling of random numbers used in cryptography
on Windows, hijacking by a malicious help file in the same
directory as the executable
on Unix, remotely triggerable buffer overflow in any kind
of server-to-client forwarding
multiple denial-of-service attacks that can be triggered
by writing to the terminal
Other security enhancements: major rewrite of the crypto code
to remove cache and timing side channels.
User interface changes to protect against fake authentication
prompts from a malicious server.
We now provide pre-built binaries for Windows on Arm.
Hardware-accelerated versions of the most common cryptographic
primitives: AES, SHA-256, SHA-1.
GTK PuTTY now supports non-X11 displays (e.g. Wayland) and
high-DPI configurations.
Type-ahead now works as soon as a PuTTY window is opened:
keystrokes typed before authentication has finished will be
buffered instead of being dropped.
Support for GSSAPI key exchange: an alternative to the older
GSSAPI authentication system which can keep your forwarded
Kerberos credentials updated during a long session.
More choices of user interface for clipboard handling.
New terminal features: support the REP escape sequence (fixing
an ncurses screen redraw failure), true colour, and SGR 2 dim
text.
Pressing Ctrl+Shift+PgUp or Ctrl+Shift+PgDn now takes you
straight to the top or bottom of the terminal scrollback.
Release 1.16.1:
Added channel, connection, and env properties to SFTPServer instances, so connection and channel information can be used to influence the SFTP server's behavior. Previously, connection information was made avaiable through the constructor, but channel and environment information was not. Now, all of these are available as properties on the SFTPServer instance without the need to explicitly store anything in a custom constructor.
Optimized SFTP glob matching when the glob pattern contains directory names without glob characters in them. Thanks go to Mikhail Terekhov for contributing this improvement!
Added support for PurePath in a few places that were missed when this support was originally added. Once again, thanks go to Mikhail Terehkov for these fixes.
Fixed bug in SFTP parallel I/O file reader where it sometimes returned EOF prematurely. Thanks go to David G for reporting this problem and providing a reproducible test case.
Fixed test failures seen on Fedora Rawhide. Thanks go to Georg Sauthof for reporting this issue and providing a test environment to help debug it.
Updated Ed25519/448 and Curve25519/448 tests to only run when these algorithms are available. Thanks go to Ondřej Súkup for reporting this issue and providing a suggested fix.
Noteworthy changes in version 2.2.15:
* sm: Fix --logger-fd and --status-fd on Windows for non-standard
file descriptors.
* sm: Allow decryption even if expired keys are configured.
* agent: Change command KEYINFO to print ssh fingerprints with other
hash algos.
* dirmngr: Fix build problems on Solaris due to the use of reserved
symbol names.
* wkd: New commands --print-wkd-hash and --print-wkd-url for
gpg-wks-client.
Bug fix and security release on the stable 3.6.x branch.
OK during the freeze by <jperkin>, thanks!
Changes:
3.6.7
-----
- libgnutls, gnutls tools: Every gnutls_free() will automatically set
the free'd pointer to NULL. This prevents possible use-after-free and
double free issues. Use-after-free will be turned into NULL dereference.
The counter-measure does not extend to applications using gnutls_free().
- libgnutls: Fixed a memory corruption (double free) vulnerability in the
certificate verification API. Reported by Tavis Ormandy; addressed with
the change above. [GNUTLS-SA-2019-03-27, #694]
- libgnutls: Fixed an invalid pointer access via malformed TLS1.3 async messages;
Found using tlsfuzzer. [GNUTLS-SA-2019-03-27, #704]
- libgnutls: enforce key usage limitations on certificates more actively.
Previously we would enforce it for TLS1.2 protocol, now we enforce it
even when TLS1.3 is negotiated, or on client certificates as well. When
an inappropriate for TLS1.3 certificate is seen on the credentials structure
GnuTLS will disable TLS1.3 support for that session (#690).
- libgnutls: the default number of tickets sent under TLS 1.3 was increased to
two. This makes it easier for clients which perform multiple connections
to the server to use the tickets sent by a default server.
- libgnutls: enforce the equality of the two signature parameters fields in
a certificate. We were already enforcing the signature algorithm, but there
was a bug in parameter checking code.
- libgnutls: fixed issue preventing sending and receiving from different
threads when false start was enabled (#713).
- libgnutls: the flag GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO now implies a writable
session, as non-writeable security officer sessions are undefined in PKCS#11
(#721).
- libgnutls: no longer send downgrade sentinel in TLS 1.3.
Previously the sentinel value was embedded to early in version
negotiation and was sent even on TLS 1.3. It is now sent only when
TLS 1.2 or earlier is negotiated (#689).
- gnutls-cli: Added option --logfile to redirect informational messages output.
- No API and ABI modifications since last version.
Version 1.8.1 (14 Mar 2019)
Will Cosgrove (14 Mar 2019)
- [Michael Buckley brought this change]
More 1.8.0 security fixes (#316)
* Defend against possible integer overflows in comp_method_zlib_decomp.
* Defend against writing beyond the end of the payload in _libssh2_transport_read().
* Sanitize padding_length - _libssh2_transport_read(). https://libssh2.org/CVE-2019-3861.html
This prevents an underflow resulting in a potential out-of-bounds read if a server sends a too-large padding_length, possibly with malicious intent.
* Prevent zero-byte allocation in sftp_packet_read() which could lead to an out-of-bounds read. https://libssh2.org/CVE-2019-3858.html
* Check the length of data passed to sftp_packet_add() to prevent out-of-bounds reads.
* Add a required_size parameter to sftp_packet_require et. al. to require callers of these functions to handle packets that are too short. https://libssh2.org/CVE-2019-3860.html
* Additional length checks to prevent out-of-bounds reads and writes in _libssh2_packet_add(). https://libssh2.org/CVE-2019-3862.html
GitHub (14 Mar 2019)
- [Will Cosgrove brought this change]
1.8 Security fixes (#314)
* fixed possible integer overflow in packet_length
CVE https://www.libssh2.org/CVE-2019-3861.html
* fixed possible interger overflow with userauth_keyboard_interactive
CVE https://www.libssh2.org/CVE-2019-3856.html
* fixed possible out zero byte/incorrect bounds allocation
CVE https://www.libssh2.org/CVE-2019-3857.html
* bounds checks for response packets
* fixed integer overflow in userauth_keyboard_interactive
CVE https://www.libssh2.org/CVE-2019-3863.html
Changelog:
trust: Improve error handling if backed trust file is corrupted [#206]
url: Prefer upper-case letters in hex characters when encoding [#193]
trust/extract-jks.c: also honor SOURCE_DATE_EPOCH time [#202]
virtual: Prefer fixed closures to libffi closures [#196]
Fix issues spotted by coverity and cppcheck [#194, #204]
Build and test fixes [#164, #191, #199, #201]
3.8.0:
New features
* Speed-up ECC performance. ECDSA is 33 times faster on the NIST P-256 curve.
* Added support for NIST P-384 and P-521 curves.
* EccKey has new methods size_in_bits() and size_in_bytes().
* Support HMAC-SHA224, HMAC-SHA256, HMAC-SHA384, and HMAC-SHA512 in PBE2/PBKDF2.
Resolved issues
* DER objects were not rejected if their length field had a leading zero.
* Allow legacy RC2 ciphers to have 40-bit keys.
* ASN.1 Object IDs did not allow the value 0 in the path.
Breaks in compatibility
* point_at_infinity() becomes an instance method for Crypto.PublicKey.ECC.EccKey, from a static one.
version 0.8.7 (released 2019-02-25)
* Fixed handling extension flags in the server implementation
* Fixed exporting ed25519 private keys
* Fixed corner cases for rsa-sha2 signatures
* Fixed some issues with connector
Noteworthy changes in version 2.2.14:
* gpg: Allow import of PGP desktop exported secret keys. Also avoid
importing secret keys if the secret keyblock is not valid.
* gpg: Do not error out on version 5 keys in the local keyring.
* gpg: Make invalid primary key algo obvious in key listings.
* sm: Do not mark a certificate in a key listing as de-vs compliant
if its use for a signature will not be possible.
* sm: Fix certificate creation with key on card.
* sm: Create rsa3072 bit certificates by default.
* sm: Print Yubikey attestation extensions with --dump-cert.
* agent: Fix cancellation handling for scdaemon.
* agent: Support --mode=ssh option for CLEAR_PASSPHRASE.
* scd: Fix flushing of the CA-FPR DOs in app-openpgp.
* scd: Avoid a conflict error with the "undefined" app.
* dirmngr: Add CSRF protection exception for protonmail.
* dirmngr: Fix build problems with gcc 9 in libdns.
* gpgconf: New option --show-socket for use wity --launch.
* gpgtar: Make option -C work for archive creation.
Version 3.6.6:
* libgnutls: gnutls_pubkey_import_ecc_raw() was fixed to set the number bits
on the public key.
* libgnutls: Added support for raw public-key authentication as defined in RFC7250.
Raw public-keys can be negotiated by enabling the corresponding certificate
types via the priority strings. The raw public-key mechanism must be explicitly
enabled via the GNUTLS_ENABLE_RAWPK init flag.
* libgnutls: When on server or client side we are sending no extensions we do
not set an empty extensions field but we rather remove that field competely.
This solves a regression since 3.5.x and improves compatibility of the server
side with certain clients.
* libgnutls: We no longer mark RSA keys in PKCS#11 tokens as RSA-PSS capable if
the CKA_SIGN is not set.
* libgnutls: The priority string option %NO_EXTENSIONS was improved to completely
disable extensions at all cases, while providing a functional session. This
also implies that when specified, TLS1.3 is disabled.
* libgnutls: GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION was marked as deprecated.
The previous definition was non-functional.
* API and ABI modifications:
GNUTLS_ENABLE_RAWPK: Added
GNUTLS_ENABLE_CERT_TYPE_NEG: Removed (was no-op; replaced by GNUTLS_ENABLE_RAWPK)
GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION: Deprecated
GNUTLS_PCERT_NO_CERT: Deprecated
Noteworthy changes in version 1.36:
* Two new error codes to better support PIV cards.
* Support armv7a-unknown-linux-gnueabihf.
* Increased estream buffer sizes for Windows.
* Interface changes relative to the 1.34 release:
GPG_ERR_NO_AUTH NEW.
GPG_ERR_BAD_AUTH NEW.
Monocypher is an easy to use crypto library. It is:
- Small. Sloccount counts about 1700 lines of code, small enough to
allow audits. The binaries are under 65KB.
= Easy to deploy. Just add monocypher.c and monocypher.h to your
project. They compile as C99 or C++, have no dependency, and
are dedicated to the public domain.
- Easy to use. The API is small, consistent, and cannot fail
on correct input.
- Fast. The primitives are fast to begin with, and performance
wasn't needlessly sacrificed. Monocypher holds up pretty well
against Libsodium, despite being closer in size to TweetNaCl.
Added
If possible, Certbot uses built-in support for OCSP from recent cryptography versions instead of the OpenSSL binary: as a consequence Certbot does not need the OpenSSL binary to be installed anymore if cryptography>=2.5 is installed.
Changed
Certbot and its acme module now depend on josepy>=1.1.0 to avoid printing the warnings described at https://github.com/certbot/josepy/issues/13.
Apache plugin now respects CERTBOT_DOCS environment variable when adding command line defaults.
The running of manual plugin hooks is now always included in Certbot's log output.
Tests execution for certbot, certbot-apache and certbot-nginx packages now relies on pytest.
An ACME CA server may return a "Retry-After" HTTP header on authorization polling, as specified in the ACME protocol, to indicate when the next polling should occur. Certbot now reads this header if set and respect its value.
The acme module avoids sending the keyAuthorization field in the JWS payload when responding to a challenge as the field is not included in the current ACME protocol. To ease the migration path for ACME CA servers, Certbot and its acme module will first try the request without the keyAuthorization field but will temporarily retry the request with the field included if a malformed error is received. This fallback will be removed in version 0.34.0.
