Security release fixing CVE-2017-12374, CVE-2017-12375, CVE-2017-12376,
CVE-2017-12377, CVE-2017-12378, CVE-2017-12379, CVE-2017-12380.
Also included are 2 minor fixes to properly detect openssl install locations on FreeBSD 11, and prevent false warnings about zlib 1.2.1# version numbers.
### Added
- Support for the HTTP-01 challenge type was added to our Apache and Nginx
plugins.
- IPv6 support was added to the Nginx plugin.
- Support for automatically creating server blocks based on the default server
block was added to the Nginx plugin.
- The flags --delete-after-revoke and --no-delete-after-revoke were added
allowing users to control whether the revoke subcommand also deletes the
certificates it is revoking.
### Changed
- We deprecated support for Python 2.6 and Python 3.3 in Certbot and its ACME
library.
- We split our implementation of JOSE (Javascript Object Signing and
Encryption) out of our ACME library and into a separate package named josepy.
- We updated the ciphersuites used in Apache to the new values recommended by
Mozilla
### Fixed
- An issue with our Apache plugin on Gentoo due to differences in their
apache2ctl command have been resolved.
Changes
(unfortunately upstream does not provide any changelog, this is based by
reading commit messages):
1.2
---
- Misc improvements and bug fixes
1.1.11
------
- Add support for Apache SHA1
- Add support for Joomla password
- Add support for vBulletin password hashes
- Add support for DJANGO_MD5 and DJANGO_SHA1
- Add WAF script for Wordfence
- Add WAF script for DOSarrest
- Misc improvements and bug fixes
1.1.10
------
- Polish translation
- Add support for blind-based charset dump
- Misc improvements and bug fixes
0.12.0:
- Add support for channel binding tokens (assumes pykerberos support >= 1.2.1)
- Add support for kerberos message encryption (assumes pykerberos support >= 1.2.1)
- Misc CI/test fixes
Changes:
--------
* Binary paths are now sorted
* Greek language added
* systemd detection improved
* VirtualBox detection extended
* Several code enhancements
Tests:
------
* [PHP-2379] - Small enhancement to resolve error on screen in some cases
* [MALW-3280] - Improved detection for BitDefender tooling
Use TEST_DEPENDS.
1.84 2018-01-17
Fixed an error in t/local/04_basic.t causing a test failure if
Test::Exception not installed. Reported by Joel Berger.
1.83 2018-01-16
Fixed a problem with exporting OPENSSL_NO_NEXTPROTONEG even though they are not availble on LibreSSL.
Patch patch-SSLeay_xs-NO_NPN from Alexander Bluhm.
Patch from Heikki Vatiainen adds support for SSL_set_default_passwd_cb* for
OpenSSL 1.1.0f and later. LibreSSL does not support these functions, at
least yet.
Patch from Heikki Vatiainen adds new functions related to SSL_CTX_new.
Patch from Heikki Vatiainen adds two new functions introduced in OpenSSL 1.1.0, a number
of constants and a couple of const qualifiers to SSLeay.xs. Tests and
documentation .pod were also updated.
Patch from Heikki Vatiainen adds one new OpenSSL 1.1.0 function and has a minor fix for
LibreSSL version detection:
* Added support for SSL_use_certificate_chain_file
function introduced in OpenSSL 1.1.0.
* Fixed LibreSSL version detection to correctly parse
LibreSSL minor version.
Patch from Steffen Ulrich to fix memory leaks in OCSP handling. Thanks.
Patch from Heikki Vatiainen adds new functions for certificate verification introduced in
OpenSSL 1.02, a number of constants, new test data files, new tests and
updates to .pod documentation.
The new functions provide access to the built-in wildcard check
functionality available in OpenSSL 1.0.2 and later.
The patch also adds new tests for the new functions and updates some of
the current tests for CTX_set_default_passwd_cb* functions.
Added X509_STORE_CTX_new and X509_verify_cert.
SSL_OCSP_response_verify now clears the error queue if OCSP_basic_verify fails but the
intermediate certificate succeeds. Patch from Stefan Ullrich.
Version 1.0.20
- Include uthash.h in hex package
Version 1.0.19
- Fix couple memory leaks
- Switch hashmap to uthash library
- Use system allocator in openssl
- Update ciphers and option to safer defaults
Lynis is an open source security auditing tool. Used by system
administrators, security professionals, and auditors, to evaluate the
security defenses of their Linux and Unix-based systems. It runs on the host
itself, so it performs more extensive security scans than vulnerability
scanners.
Noteworthy changes in version 1.1.0 (2017-12-03)
------------------------------------------------
* A FLTK1.3-based pinentry has been contributed.
* A TQt3-based pinentry has been contributed.
* New option --ttyalert for pinentry-curses to alert the user.
* Don't show "save passphrase" checkbox if secret service is
unavailable.
* The GTK Pinentry shows on Linux some information anout the process
which invoked the Pinentry.
* The GTK Pinentry does not anymore show tooltips when keyboard
grabbing is enabled.
* Fixed various minor problems.
The actual fix as been done by "pkglint -F */*/buildlink3.mk", and was
reviewed manually.
There are some .include lines that still are indented with zero spaces
although the surrounding .if is indented. This is existing practice.
- Do not report badly formed Client Hello as a TLS error
- Report meaningful error when SNI callback fails
- Add Server Name Indication support for server connections
- Libressl only offer pre 1.1 api even if it present version > 1.1
- Fix crash on Mac OS X High Sierra due to replacement of system
OpenSSL with BoringSSL
DEPRECATIONS/CHANGES:
- AppRole Case Sensitivity: In prior versions of Vault, `list` operations
against AppRole roles would require preserving case in the role name, even
though most other operations within AppRole are case-insensitive with
respect to the role name. This has been fixed; existing roles will behave as
they have in the past, but new roles will act case-insensitively in these
cases.
- Token Auth Backend Roles parameter types: For `allowed_policies` and
`disallowed_policies` in role definitions in the token auth backend, input
can now be a comma-separated string or an array of strings. Reading a role
will now return arrays for these parameters.
- Transit key exporting: You can now mark a key in the `transit` backend as
`exportable` at any time, rather than just at creation time; however, once
this value is set, it still cannot be unset.
- PKI Secret Backend Roles parameter types: For `allowed_domains` and
`key_usage` in role definitions in the PKI secret backend, input
can now be a comma-separated string or an array of strings. Reading a role
will now return arrays for these parameters.
- SSH Dynamic Keys Method Defaults to 2048-bit Keys: When using the dynamic
key method in the SSH backend, the default is now to use 2048-bit keys if no
specific key bit size is specified.
- Consul Secret Backend lease handling: The `consul` secret backend can now
accept both strings and integer numbers of seconds for its lease value. The
value returned on a role read will be an integer number of seconds instead
of a human-friendly string.
- Unprintable characters not allowed in API paths: Unprintable characters are
no longer allowed in names in the API (paths and path parameters), with an
extra restriction on whitespace characters. Allowed characters are those
that are considered printable by Unicode plus spaces.
FEATURES:
- Transit Backup/Restore: The `transit` backend now supports a backup
operation that can export a given key, including all key versions and
configuration, as well as a restore operation allowing import into another
Vault.
- gRPC Database Plugins: Database plugins now use gRPC for transport,
allowing them to be written in other languages.
- Nomad Secret Backend: Nomad ACL tokens can now be generated and revoked
using Vault.
- TLS Cert Auth Backend Improvements: The `cert` auth backend can now
match against custom certificate extensions via exact or glob matching, and
additionally supports max_ttl and periodic token toggles.
IMPROVEMENTS:
- auth/cert: Support custom certificate constraints
- auth/cert: Support setting `max_ttl` and `period`
- audit/file: Setting a file mode of `0000` will now disable Vault from
automatically `chmod`ing the log file
- auth/github: The legacy MFA system can now be used with the GitHub auth
backend
- auth/okta: The legacy MFA system can now be used with the Okta auth backend
- auth/token: `allowed_policies` and `disallowed_policies` can now be specified
as a comma-separated string or an array of strings
- command/server: The log level can now be specified with `VAULT_LOG_LEVEL`
- core: Period values from auth backends will now be checked and applied to the
TTL value directly by core on login and renewal requests
- database/mongodb: Add optional `write_concern` parameter, which can be set
during database configuration. This establishes a session-wide write
concern for the lifecycle of the mount
- http: Request path containing non-printable characters will return 400 - Bad
Request
- mfa/okta: Filter a given email address as a login filter, allowing operation
when login email and account email are different
- plugins: Make Vault more resilient when unsealing when plugins are
unavailable
- secret/pki: `allowed_domains` and `key_usage` can now be specified
as a comma-separated string or an array of strings
- secret/ssh: Allow 4096-bit keys to be used in dynamic key method
- secret/consul: The Consul secret backend now uses the value of `lease` set
on the role, if set, when renewing a secret.
- storage/mysql: Don't attempt database creation if it exists, which can help
under certain permissions constraints
BUG FIXES:
- api/status (enterprise): Fix status reporting when using an auto seal
- auth/approle: Fix case-sensitive/insensitive comparison issue
- auth/cert: Return `allowed_names` on role read
- auth/ldap: Fix incorrect control information being sent
- core: Fix seal status reporting when using an autoseal
- core: Add creation path to wrap info for a control group token
- core: Fix potential panic that could occur using plugins when a node
transitioned from active to standby
- core: Fix memory ballooning when a connection would connect to the cluster
port and then go away -- redux!
- core: Replace recursive token revocation logic with depth-first logic, which
can avoid hitting stack depth limits in extreme cases
- core: When doing a read on configured audited-headers, properly handle case
insensitivity
- core/pkcs11 (enterprise): Fix panic when PKCS#11 library is not readable
- database/mysql: Allow the creation statement to use commands that are not yet
supported by the prepare statement protocol
- plugin/auth-gcp: Fix IAM roles when using `allow_gce_inference`
Unsorted entries in PLIST files have generated a pkglint warning for at
least 12 years. Somewhat more recently, pkglint has learned to sort
PLIST files automatically. Since pkglint 5.4.23, the sorting is only
done in obvious, simple cases. These have been applied by running:
pkglint -Cnone,PLIST -Wnone,plist-sort -r -F
The actual cleanup has been done by pkglint:
* Added missing identifier comments
* Replaced ${PKGMANDIR} with a simple man, since the infrastructure does
all the magic for PLISTs
This has been a pkglint warning for several years now, and pkglint can even
fix it automatically. And it did for this commit.
Only in lang/mercury, two passes of autofixing were necessary because there
were nested variables.
1.03 Mon Dec 25 00:08:10 MST 2017
- added "--ignore-missing" and "--strict" options to sha3sum
-- consistent with GNU coreutils
-- ref. rt.cpan.org #123897
1.02 Fri Dec 8 22:44:46 MST 2017
- added "tag" option (BSD-style checksums) to sha3sum
-- consistent with GNU sha1sum, sha224sum, etc.
-- thanks to Christopher Tubbs for suggestion
- modified SHA3.pm to use XSLoader
-- falls back to DynaLoader if necessary
6.01 Mon Dec 25 00:08:08 MST 2017
- added "--ignore-missing" and "--strict" options to shasum
-- consistent with GNU coreutils
-- ref. rt.cpan.org #123897
- removed PERL_CORE preambles from test scripts
-- preambles no longer needed for core testing
-- thanks to Chris Williams for patch
-- ref. rt.cpan.org #123863
6.00 Fri Dec 8 22:44:44 MST 2017
- added "tag" option (BSD-style checksums) to shasum
-- consistent with GNU sha1sum, sha224sum, etc.
-- thanks to Christopher Tubbs for suggestion
- modified SHA.pm to use XSLoader
-- falls back to DynaLoader if necessary
- decoupled Digest::SHA and Digest::SHA::PurePerl
-- scripts/tests in each module now fully independent
-- Digest::SHA::PurePerl to be phased out eventually
-- past versions will remain available
20171227:
Added ABI version number
AVX2/AVX-512F optimizations of BLAMKA
Set Argon2 version number from the command line
New bindings
Minor bug and warning fixes (no security issue)
Noteworthy changes in version 1.10.0:
* Now returns more specific error codes for decryption to distinguish
between bad passphrase, user canceled, and no secret key.
* Now returns key origin information if available.
* Added context flag "auto-key-retrieve" to selectively enable the
corresponding gpg option.
* Added flag is_de_vs to decryption and verify results.
* py: Use SEEK_SET as default for data.seek.
* cpp: Various new APIs.
* Reduced spawn overhead on Linux again. Added new configure option
--disable-linux-getdents to disable this feature for very old
Linux versions.
* Improved the Python bindings build system.
* Made the test suite less fragile.
Noteworthy changes in version 2.2.4:
* gpg: Change default preferences to prefer SHA512.
* gpg: Print a warning when more than 150 MiB are encrypted using a
cipher with 64 bit block size.
* gpg: Print a warning if the MDC feature has not been used for a
message.
* gpg: Fix regular expression of domain addresses in trust
signatures.
* agent: New option --auto-expand-secmem to help with high numbers
of concurrent connections. Requires libgcrypt 1.8.2 for having
an effect.
* dirmngr: Cache responses of WKD queries.
* gpgconf: Add option --status-fd.
* wks: Add commands --check and --remove-key to gpg-wks-server.
* Increase the backlog parameter of the daemons to 64 and add
option --listen-backlog.
* New configure option --enable-run-gnupg-user-socket to first try a
socket directory which is not removed by systemd at session end.
Noteworthy changes in version 2.5.1:
* Fix c+p error in the previous usleep fix.
Noteworthy changes in version 2.5.0:
* New function to change the system hooks for the socket
interface.
* Fix the use of the internal usleep in the nPth implementation.
* Interface changes relative to the 2.4.0 release:
assuan_sock_set_system_hooks NEW.
0.24.0
- `x509.Certificate().self_signed` will no longer return `"yes"` under any
circumstances. This helps prevent confusion since the library does not
verify the signature. Instead a library like oscrypto should be used
to confirm if a certificate is self-signed.
- Added various OIDs to `x509.KeyPurposeId()`
- Added `x509.Certificate().private_key_usage_period_value`
- Added structures for parsing common subject directory attributes for
X.509 certificates, including `x509.SubjectDirectoryAttribute()`
- Added `algos.AnyAlgorithmIdentifier()` for situations where an
algorithm identifier may contain a digest, signed digest or encryption
algorithm OID
- Fixed a bug with `x509.Certificate().subject_directory_attributes_value`
not returning the correct value
- Fixed a bug where explicitly-tagged fields in a `core.Sequence()` would
not function properly when the field had a default value
- Fixed a bug with type checking in `pem.armor()`
Noteworthy changes in version 1.8.2:
* Bug fixes:
- Do not use /dev/srandom on OpenBSD.
- Fix test suite failure on systems with large pages.
- Fix test suite to not use mmap on Windows.
- Fix fatal out of secure memory status in the s-expression parser
on heavy loaded systems.
* Other:
- Backport the auto expand secmem feature from master for use by
the forthcoming GnuPG 2.2.4.
Version 1.0.16
- Signatures computations and verifications are now way faster on
64-bit platforms with compilers supporting 128-bit arithmetic (gcc,
clang, icc). This includes the WebAssembly target.
- New low-level APIs for computations over edwards25519:
`crypto_scalarmult_ed25519()`, `crypto_scalarmult_ed25519_base()`,
`crypto_core_ed25519_is_valid_point()`, `crypto_core_ed25519_add()`,
`crypto_core_ed25519_sub()` and `crypto_core_ed25519_from_uniform()`
(elligator representative to point).
- `crypto_sign_open()`, `crypto_sign_verify_detached() and
`crypto_sign_edwards25519sha512batch_open` now reject public keys in
non-canonical form in addition to low-order points.
- The library can be built with `ED25519_NONDETERMINISTIC` defined in
order to use synthetic nonces for EdDSA. This is disabled by default.
- Webassembly: `crypto_pwhash_*()` functions are now included in
non-sumo builds.
- `sodium_stackzero()` was added to wipe content off the stack.
- Android: support new SDKs where unified headers have become the
default.
- The Salsa20-based PRNG example is now thread-safe on platforms with
support for thread-local storage, optionally mixes bits from RDRAND.
- CMAKE: static library detection on Unix systems has been improved
- Argon2 and scrypt are slightly faster on Linux.
Read/write after SSL object in error state (CVE-2017-3737)
==========================================================
Severity: Moderate
OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state"
mechanism. The intent was that if a fatal error occurred during a handshake then
OpenSSL would move into the error state and would immediately fail if you
attempted to continue the handshake. This works as designed for the explicit
handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()),
however due to a bug it does not work correctly if SSL_read() or SSL_write() is
called directly. In that scenario, if the handshake fails then a fatal error
will be returned in the initial function call. If SSL_read()/SSL_write() is
subsequently called by the application for the same SSL object then it will
succeed and the data is passed without being decrypted/encrypted directly from
the SSL/TLS record layer.
In order to exploit this issue an application bug would have to be present that
resulted in a call to SSL_read()/SSL_write() being issued after having already
received a fatal error.
rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)
=========================================================
Severity: Low
There is an overflow bug in the AVX2 Montgomery multiplication procedure
used in exponentiation with 1024-bit moduli. No EC algorithms are affected.
Analysis suggests that attacks against RSA and DSA as a result of this defect
would be very difficult to perform and are not believed likely. Attacks
against DH1024 are considered just feasible, because most of the work
necessary to deduce information about a private key may be performed offline.
The amount of resources required for such an attack would be significant.
However, for an attack on TLS to be meaningful, the server would have to share
the DH1024 private key among multiple clients, which is no longer an option
since CVE-2016-0701.
This only affects processors that support the AVX2 but not ADX extensions
like Intel Haswell (4th generation).
0.20.0 - 2017-12-06
- Certbot's ACME library now recognizes URL fields in challenge
objects in preparation for Let's Encrypt's new ACME endpoint.
- The Apache plugin now parses some distro specific Apache
configuration files on non-Debian systems allowing it to get a
clearer picture on the running configuration.
- Certbot better reports network failures by removing information
about connection retries from the error output.
- An unnecessary question when using Certbot's webroot plugin
interactively has been removed.
- Certbot's NGINX plugin no longer sometimes incorrectly reports that
it was unable to deploy a HTTP->HTTPS redirect when requesting
Certbot to enable a redirect for multiple domains.
- Problems where the Apache plugin was failing to find directives and
duplicating existing directives on openSUSE have been resolved.
- An issue running the test shipped with Certbot and some our DNS
plugins with older versions of mock have been resolved.
- On some systems, users reported strangely interleaved output
depending on when stdout and stderr were flushed.
0.19.0 - 2017-10-04
- Certbot now has renewal hook directories where executable files can
be placed for Certbot to run with the renew subcommand.
- After revoking a certificate with the revoke subcommand, Certbot
will offer to delete the lineage associated with the certificate.
- When using Certbot's Google Cloud DNS plugin on Google Compute
Engine, you no longer have to provide a credential file to Certbot
if you have configured sufficient permissions for the instance which
Certbot can automatically obtain using Google's metadata service.
- When deleting certificates interactively using the delete
subcommand, Certbot will now allow you to select multiple lineages
to be deleted at once.
- Certbot's Apache plugin no longer always parses Apache's
sites-available on Debian based systems and instead only parses
virtual hosts included in your Apache configuration.
- The plugins subcommand can now be run without root access.
- certbot-auto now includes a timeout when updating itself so it no
longer hangs indefinitely when it is unable to connect to the
external server.
- An issue where Certbot's Apache plugin would sometimes fail to
deploy a certificate on Debian based systems if mod_ssl wasn't
already enabled has been resolved.
- A bug in our Docker image where the certificates subcommand could
not report if certificates maintained by Certbot had been revoked
has been fixed.
- Certbot's RFC 2136 DNS plugin (for use with software like BIND) now
properly performs DNS challenges when the domain being verified
contains a CNAME record.
1.3.0:
Features
* Support RFC 5587: Extended GSS Mechanism Inquiry APIs
* Support RFC 5801: Using GSSAPI Mechanisms in SASL
Bugfixes
* Fix potential infinite recursion in GSSError#display_status when there is an error displaying the error
* Read the linker path during setup to support properly building with Heimdal on Debian
* Fix OID inequality comparison
Tooling
* k5test and gssapi-console now live in their own projects. They can be found at pythongssapi/k5test and pythongssapi/gssapi-console, respectively, and are available on PyPI as k5test and gssapi_console
This is a shell script to aid with creating a Certificate Authority
and certificates for use with an OpenVPN server. See
http://openvpn.net/howto.html for usage instructions along with
the documentation provided in this package.
17.5.0:
Backward-incompatible changes:
* The minimum cryptography version is now 2.1.4.
Changes:
* Fixed a potential use-after-free in the verify callback and resolved a memory leak when loading PKCS12 files with cacerts.
* Added Connection.export_keying_material for RFC 5705 compatible export of keying material.
Version 2.1.0.16
- Re-packaged 2.1.0.15 with newer setuptools to fix broken wheel.
Version 2.1.0.15
- Fully support PDFFile object.
- Add URI property to Artifact object.
- Support Object 'description' field.
- Add UnixUserAccount object.
- Fix error when PropertyTypes have 'delimiter' but no value.
- Allow setting 'condition' on Artifact object's RawArtifact propety.
- Support adding SSDEEP hashes.
- Don't include properties when adding Related Objects with inline=False.
- Handle 'event' property of Observables correctly.
