Release 2.11.0 (4 Jun 2022)
---------------------------
* Made a number of improvements in SFTP glob support, with thanks to
Github user LuckyDams for all the help working out these changes!
* Added a new glob_sftpname() method which returns glob matches
together with attribute information, avoiding the need for a
caller to make separate calls to stat() on the returned results.
* Switched from listdir() to scandir() to reduce the number of
stat() operations required while finding matches.
* Added code to remove duplicates when glob() is called with
multiple patterns that match the same path.
* Added a cache of directory listing and stat results to improve
performance when matching patterns with overlapping paths.
* Fixed an "index out of range" bug in recursive glob matching
and aligned it better with results reeturned by UNIX shells.
* Changed matching to ignore inaccessible or non-existent paths
in a glob pattern, to allow accessible paths to be fully
explored before returning an error. The error handler will now
be called only if a pattern results in no matches, or if a more
serious error occurs while scanning.
* Changed SFTP makedirs() method to work better cases where parts of
requested path already exist but don't allow read access. As long as
the entire path can be created, makedirs() will succeed, even if some
directories on the path don't allow their contents to be read. Thanks
go to Peter Rowlands for providing this fix.
* Replaced custom Diffie Hellman implementation in AsyncSSH with the
one in the cryptography package, resulting in an over 10x speedup.
Thanks go to Github user iwanb for suggesting this change.
* Fixed AsyncSSH to re-acquire GSS credentials when performing key
renegotiation to avoid expired credentials on long-lived connections.
Thanks go to Github user PromyLOPh for pointing out this issue and
suggesting a fix.
* Fixed GSS MIC to work properly with GSS key exchange when AsyncSSH
is running as a server. This was previously fixed on the client side,
but a similar fix for the server was missed.
* Changed connection timeout unit tests to work better in environments
where a firewall is present. Thanks go to Stefano Rivera for
reporting this issue.
* Improved unit tests of Windows SSPI GSSAPI module.
* Improved speed of unit tests by reducing the number of key generation
calls. RSA key generation in particular has gotten much more expensive
in OpenSSL 3.
37.0.4 - 2022-07-05
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.5.
37.0.3 - 2022-06-21
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.4.
What's new in Sudo 1.9.11p3
* Fixed "connection reset" errors on AIX when running shell scripts
with the "intercept" or "log_subcmds" sudoers options enabled.
* Fixed very slow execution of shell scripts when the "intercept"
or "log_subcmds" sudoers options are set on systems that enable
Nagle's algorithm on the loopback device, such as AIX.
What's new in Sudo 1.9.11p2
* Fixed a compilation error on Linux/x86_64 with the x32 ABI.
* Fixed a regression introduced in 1.9.11p1 that caused a warning
when logging to sudo_logsrvd if the command returned no output.
What's new in Sudo 1.9.11p1
* Correctly handle EAGAIN in the I/O read/right events. This fixes
a hang seen on some systems when piping a large amount of data
through sudo, such as via rsync.
* Changes to avoid implementation or unspecified behavior when
bit shifting signed values in the protobuf library.
* Fixed a compilation error on Linux/aarch64.
* Fixed the configure check for seccomp(2) support on Linux.
* Corrected the EBNF specification for tags in the sudoers manual
page.
What's new in Sudo 1.9.11
* Fixed a crash in the Python module with Python 3.9.10 on some
systems. Additionally, "make check" now passes for Python 3.9.10.
* Error messages sent via email now include more details, including
the file name and the line number and column of the error.
Multiple errors are sent in a single message. Previously, only
the first error was included.
* Fixed logging of parse errors in JSON format. Previously,
the JSON logger would not write entries unless the command and
runuser were set. These may not be known at the time a parse
error is encountered.
* Fixed a potential crash parsing sudoers lines larger than twice
the value of LINE_MAX on systems that lack the getdelim() function.
* The tests run by "make check" now unset the LANGUAGE environment
variable. Otherwise, localization strings will not match if
LANGUAGE is set to a non-English locale.
* The "starttime" test now passed when run under Debian faketime.
* The Kerberos authentication module now honors the custom password
prompt if one has been specified.
* The embedded copy of zlib has been updated to version 1.2.12.
* Updated the version of libtool used by sudo to version 2.4.7.
* Sudo now defines _TIME_BITS to 64 on systems that define __TIMESIZE
in the header files (currently only GNU libc). This is required
to allow the use of 64-bit time values on some 32-bit systems.
* Sudo's "intercept" and "log_subcmds" options no longer force the
command to run in its own pseudo-terminal. It is now also
possible to intercept the system(3) function.
* Fixed a bug in sudo_logsrvd when run in store-first relay mode
where the commit point messages sent by the server were incorrect
if the command was suspended or received a window size change
event.
* Fixed a potential crash in sudo_logsrvd when the "tls_dhparams"
configuration setting was used.
* The "intercept" and "log_subcmds" functionality can now use
ptrace(2) on Linux systems that support seccomp(2) filtering.
This has the advantage of working for both static and dynamic
binaries and can work with sudo's SELinux RBAC mode. The following
architectures are currently supported: i386, x86_64, aarch64,
arm, mips (log_subcmds only), powerpc, riscv, and s390x. The
default is to use ptrace(2) where possible; the new "intercept_type"
sudoers setting can be used to explicitly set the type.
* New Georgian translation from translationproject.org.
* Fixed creating packages on CentOS Stream.
* Fixed a bug in the intercept and log_subcmds support where
the execve(2) wrapper was using the current environment instead
of the passed environment pointer.
* Added AppArmor integration for Linux. A sudoers rule can now
specify an APPARMOR_PROFILE option to run a command confined by
the named AppArmor profile.
* Fixed parsing of the "server_log" setting in sudo_logsrvd.conf.
Non-paths were being treated as paths and an actual path was
treated as an error.
3.15.0
New features
------------
* Add support for curves Ed25519 and Ed448, including export and import of keys.
* Add support for EdDSA signatures.
* Add support for Asymmetric Key Packages (RFC5958) to import private keys.
Resolved issues
---------------
* GH-620: for ``Crypto.Util.number.getPrime`` , do not sequentially
scan numbers searching for a prime.
Based mostly on work by adam@ in wip.
.. _v37-0-2:
37.0.2 - 2022-05-03
~~~~~~~~~~~~~~~~~~~
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.3.
* Added a constant needed for an upcoming pyOpenSSL release.
.. _v37-0-1:
37.0.1 - 2022-04-27
~~~~~~~~~~~~~~~~~~~
* Fixed an issue where parsing an encrypted private key with the public
loader functions would hang waiting for console input on OpenSSL 3.0.x rather
than raising an error.
* Restored some legacy symbols for older ``pyOpenSSL`` users. These will be
removed again in the future, so ``pyOpenSSL`` users should still upgrade
to the latest version of that package when they upgrade ``cryptography``.
.. _v37-0-0:
37.0.0 - 2022-04-26
~~~~~~~~~~~~~~~~~~~
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.2.
* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL 2.9.x and 3.0.x.
The new minimum LibreSSL version is 3.1+.
* **BACKWARDS INCOMPATIBLE:** Removed ``signer`` and ``verifier`` methods
from the public key and private key classes. These methods were originally
deprecated in version 2.0, but had an extended deprecation timeline due
to usage. Any remaining users should transition to ``sign`` and ``verify``.
* Deprecated OpenSSL 1.1.0 support. OpenSSL 1.1.0 is no longer supported by
the OpenSSL project. The next release of ``cryptography`` will be the last
to support compiling with OpenSSL 1.1.0.
* Deprecated Python 3.6 support. Python 3.6 is no longer supported by the
Python core team. Support for Python 3.6 will be removed in a future
``cryptography`` release.
* Deprecated the current minimum supported Rust version (MSRV) of 1.41.0.
In the next release we will raise MSRV to 1.48.0. Users with the latest
``pip`` will typically get a wheel and not need Rust installed, but check
:doc:`/installation` for documentation on installing a newer ``rustc`` if
required.
* Deprecated
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.CAST5`,
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.SEED`,
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.IDEA`, and
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.Blowfish` because
they are legacy algorithms with extremely low usage. These will be removed
in a future version of ``cryptography``.
* Added limited support for distinguished names containing a bit string.
* We now ship ``universal2`` wheels on macOS, which contain both ``arm64``
and ``x86_64`` architectures. Users on macOS should upgrade to the latest
``pip`` to ensure they can use this wheel, although we will continue to
ship ``x86_64`` specific wheels for now to ease the transition.
* This will be the final release for which we ship ``manylinux2010`` wheels.
Going forward the minimum supported ``manylinux`` ABI for our wheels will
be ``manylinux2014``. The vast majority of users will continue to receive
``manylinux`` wheels provided they have an up to date ``pip``. For PyPy
wheels this release already requires ``manylinux2014`` for compatibility
with binaries distributed by upstream.
* Added support for multiple
:class:`~cryptography.x509.ocsp.OCSPSingleResponse` in a
:class:`~cryptography.x509.ocsp.OCSPResponse`.
* Restored support for signing certificates and other structures in
:doc:`/x509/index` with SHA3 hash algorithms.
* :class:`~cryptography.hazmat.primitives.ciphers.algorithms.TripleDES` is
disabled in FIPS mode.
* Added support for serialization of PKCS#12 CA friendly names/aliases in
:func:`~cryptography.hazmat.primitives.serialization.pkcs12.serialize_key_and_certificates`
* Added support for 12-15 byte (96 to 120 bit) nonces to
:class:`~cryptography.hazmat.primitives.ciphers.aead.AESOCB3`. This class
previously supported only 12 byte (96 bit).
* Added support for
:class:`~cryptography.hazmat.primitives.ciphers.aead.AESSIV` when using
OpenSSL 3.0.0+.
* Added support for serializing PKCS7 structures from a list of
certificates with
:class:`~cryptography.hazmat.primitives.serialization.pkcs7.serialize_certificates`.
* Added support for parsing :rfc:`4514` strings with
:meth:`~cryptography.x509.Name.from_rfc4514_string`.
* Added :attr:`~cryptography.hazmat.primitives.asymmetric.padding.PSS.AUTO` to
:class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`. This can
be used to verify a signature where the salt length is not already known.
* Added :attr:`~cryptography.hazmat.primitives.asymmetric.padding.PSS.DIGEST_LENGTH`
to :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`. This
constant will set the salt length to the same length as the ``PSS`` hash
algorithm.
* Added support for loading RSA-PSS key types with
:func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key`
and
:func:`~cryptography.hazmat.primitives.serialization.load_der_private_key`.
This functionality is limited to OpenSSL 1.1.1e+ and loads the key as a
normal RSA private key, discarding the PSS constraint information.
.. _v36-0-2:
36.0.2 - 2022-03-15
~~~~~~~~~~~~~~~~~~~
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 1.1.1n.
.. _v36-0-1:
36.0.1 - 2021-12-14
~~~~~~~~~~~~~~~~~~~
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 1.1.1m.
.. _v36-0-0:
36.0.0 - 2021-11-21
~~~~~~~~~~~~~~~~~~~
* **FINAL DEPRECATION** Support for ``verifier`` and ``signer`` on our
asymmetric key classes was deprecated in version 2.0. These functions had an
extended deprecation due to usage, however the next version of
``cryptography`` will drop support. Users should migrate to ``sign`` and
``verify``.
* The entire :doc:`/x509/index` layer is now written in Rust. This allows
alternate asymmetric key implementations that can support cloud key
management services or hardware security modules provided they implement
the necessary interface (for example:
:class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey`).
* :ref:`Deprecated the backend argument<faq-missing-backend>` for all
functions.
* Added support for
:class:`~cryptography.hazmat.primitives.ciphers.aead.AESOCB3`.
* Added support for iterating over arbitrary request
:attr:`~cryptography.x509.CertificateSigningRequest.attributes`.
* Deprecated the ``get_attribute_for_oid`` method on
:class:`~cryptography.x509.CertificateSigningRequest` in favor of
:meth:`~cryptography.x509.Attributes.get_attribute_for_oid` on the new
:class:`~cryptography.x509.Attributes` object.
* Fixed handling of PEM files to allow loading when certificate and key are
in the same file.
* Fixed parsing of :class:`~cryptography.x509.CertificatePolicies` extensions
containing legacy ``BMPString`` values in their ``explicitText``.
* Allow parsing of negative serial numbers in certificates. Negative serial
numbers are prohibited by :rfc:`5280` so a deprecation warning will be
raised whenever they are encountered. A future version of ``cryptography``
will drop support for parsing them.
* Added support for parsing PKCS12 files with friendly names for all
certificates with
:func:`~cryptography.hazmat.primitives.serialization.pkcs12.load_pkcs12`,
which will return an object of type
:class:`~cryptography.hazmat.primitives.serialization.pkcs12.PKCS12KeyAndCertificates`.
* :meth:`~cryptography.x509.Name.rfc4514_string` and related methods now have
an optional ``attr_name_overrides`` parameter to supply custom OID to name
mappings, which can be used to match vendor-specific extensions.
* **BACKWARDS INCOMPATIBLE:** Reverted the nonstandard formatting of
email address fields as ``E`` in
:meth:`~cryptography.x509.Name.rfc4514_string` methods from version 35.0.
The previous behavior can be restored with:
``name.rfc4514_string({NameOID.EMAIL_ADDRESS: "E"})``
* Allow
:class:`~cryptography.hazmat.primitives.asymmetric.x25519.X25519PublicKey`
and
:class:`~cryptography.hazmat.primitives.asymmetric.x448.X448PublicKey` to
be used as public keys when parsing certificates or creating them with
:class:`~cryptography.x509.CertificateBuilder`. These key types must be
signed with a different signing algorithm as ``X25519`` and ``X448`` do
not support signing.
* Extension values can now be serialized to a DER byte string by calling
:func:`~cryptography.x509.ExtensionType.public_bytes`.
* Added experimental support for compiling against BoringSSL. As BoringSSL
does not commit to a stable API, ``cryptography`` tests against the
latest commit only. Please note that several features are not available
when building against BoringSSL.
* Parsing ``CertificateSigningRequest`` from DER and PEM now, for a limited
time period, allows the ``Extension`` ``critical`` field to be incorrectly
encoded. See `the issue <https://github.com/pyca/cryptography/issues/6368>`_
for complete details. This will be reverted in a future ``cryptography``
release.
* When :class:`~cryptography.x509.OCSPNonce` are parsed and generated their
value is now correctly wrapped in an ASN.1 ``OCTET STRING``. This conforms
to :rfc:`6960` but conflicts with the original behavior specified in
:rfc:`2560`. For a temporary period for backwards compatibility, we will
also parse values that are encoded as specified in :rfc:`2560` but this
behavior will be removed in a future release.
.. _v35-0-0:
35.0.0 - 2021-09-29
~~~~~~~~~~~~~~~~~~~
* Changed the :ref:`version scheme <api-stability:versioning>`. This will
result in us incrementing the major version more frequently, but does not
change our existing backwards compatibility policy.
* **BACKWARDS INCOMPATIBLE:** The :doc:`/x509/index` PEM parsers now require
that the PEM string passed have PEM delimiters of the correct type. For
example, parsing a private key PEM concatenated with a certificate PEM will
no longer be accepted by the PEM certificate parser.
* **BACKWARDS INCOMPATIBLE:** The X.509 certificate parser no longer allows
negative serial numbers. :rfc:`5280` has always prohibited these.
* **BACKWARDS INCOMPATIBLE:** Additional forms of invalid ASN.1 found during
:doc:`/x509/index` parsing will raise an error on initial parse rather than
when the malformed field is accessed.
* Rust is now required for building ``cryptography``, the
``CRYPTOGRAPHY_DONT_BUILD_RUST`` environment variable is no longer
respected.
* Parsers for :doc:`/x509/index` no longer use OpenSSL and have been
rewritten in Rust. This should be backwards compatible (modulo the items
listed above) and improve both security and performance.
* Added support for OpenSSL 3.0.0 as a compilation target.
* Added support for
:class:`~cryptography.hazmat.primitives.hashes.SM3` and
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.SM4`,
when using OpenSSL 1.1.1. These algorithms are provided for compatibility
in regions where they may be required, and are not generally recommended.
* We now ship ``manylinux_2_24`` and ``musllinux_1_1`` wheels, in addition to
our ``manylinux2010`` and ``manylinux2014`` wheels. Users on distributions
like Alpine Linux should ensure they upgrade to the latest ``pip`` to
correctly receive wheels.
* Added ``rfc4514_attribute_name`` attribute to :attr:`x509.NameAttribute
<cryptography.x509.NameAttribute.rfc4514_attribute_name>`.
* Added :class:`~cryptography.hazmat.primitives.kdf.kbkdf.KBKDFCMAC`.
.. _v3-4-8:
3.4.8 - 2021-08-24
~~~~~~~~~~~~~~~~~~
* Updated Windows, macOS, and ``manylinux`` wheels to be compiled with
OpenSSL 1.1.1l.
.. _v3-4-7:
3.4.7 - 2021-03-25
~~~~~~~~~~~~~~~~~~
* Updated Windows, macOS, and ``manylinux`` wheels to be compiled with
OpenSSL 1.1.1k.
.. _v3-4-6:
3.4.6 - 2021-02-16
~~~~~~~~~~~~~~~~~~
* Updated Windows, macOS, and ``manylinux`` wheels to be compiled with
OpenSSL 1.1.1j.
.. _v3-4-5:
3.4.5 - 2021-02-13
~~~~~~~~~~~~~~~~~~
* Various improvements to type hints.
* Lower the minimum supported Rust version (MSRV) to >=1.41.0. This change
improves compatibility with system-provided Rust on several Linux
distributions.
* ``cryptography`` will be switching to a new versioning scheme with its next
feature release. More information is available in our
:doc:`/api-stability` documentation.
.. _v3-4-4:
3.4.4 - 2021-02-09
~~~~~~~~~~~~~~~~~~
* Added a ``py.typed`` file so that ``mypy`` will know to use our type
annotations.
* Fixed an import cycle that could be triggered by certain import sequences.
.. _v3-4-3:
3.4.3 - 2021-02-08
~~~~~~~~~~~~~~~~~~
* Specify our supported Rust version (>=1.45.0) in our ``setup.py`` so users
on older versions will get a clear error message.
.. _v3-4-2:
3.4.2 - 2021-02-08
~~~~~~~~~~~~~~~~~~
* Improvements to make the rust transition a bit easier. This includes some
better error messages and small dependency fixes. If you experience
installation problems **Be sure to update pip** first, then check the
:doc:`FAQ </faq>`.
.. _v3-4-1:
3.4.1 - 2021-02-07
~~~~~~~~~~~~~~~~~~
* Fixed a circular import issue.
* Added additional debug output to assist users seeing installation errors
due to outdated ``pip`` or missing ``rustc``.
.. _v3-4:
3.4 - 2021-02-07
~~~~~~~~~~~~~~~~
* **BACKWARDS INCOMPATIBLE:** Support for Python 2 has been removed.
* We now ship ``manylinux2014`` wheels and no longer ship ``manylinux1``
wheels. Users should upgrade to the latest ``pip`` to ensure this doesn't
cause issues downloading wheels on their platform.
* ``cryptography`` now incorporates Rust code. Users building ``cryptography``
themselves will need to have the Rust toolchain installed. Users who use an
officially produced wheel will not need to make any changes. The minimum
supported Rust version is 1.45.0.
* ``cryptography`` now has :pep:`484` type hints on nearly all of of its public
APIs. Users can begin using them to type check their code with ``mypy``.
2.6.0
Reduce unnessessarry type casting of set/SortedSet (#203)
2.5.1
Add expected lower-than comparators for OrganizationalEntity
and VulnerabilityCredits (#248)
NEWS for the Nettle 3.8 release
This release includes a couple of new features, and many
performance improvements. It adds assembly code for two more
architectures: ARM64 and S390x.
The new version is intended to be fully source and binary
compatible with Nettle-3.6. The shared library names are
libnettle.so.8.5 and libhogweed.so.6.5, with sonames
libnettle.so.8 and libhogweed.so.6.
New features:
* AES keywrap (RFC 3394), contributed by Nicolas Mora.
* SM3 hash function, contributed by Tianjia Zhang.
* New functions cbc_aes128_encrypt, cbc_aes192_encrypt,
cbc_aes256_encrypt.
On processors where AES is fast enough, e.g., x86_64 with
aesni instructions, the overhead of using Nettle's general
cbc_encrypt can be significant. The new functions can be
implemented in assembly, to do multiple blocks with reduced
per-block overhead.
Note that there's no corresponding new decrypt functions,
since the general cbc_decrypt doesn't suffer from the same
performance problem.
Bug fixes:
* Fix fat builds for x86_64 windows, these appear to never
have worked.
Optimizations:
* New ARM64 implementation of AES, GCM, Chacha, SHA1 and
SHA256, for processors supporting crypto extensions. Great
speedups, and fat builds are supported. Contributed by
Mamone Tarsha.
* New s390x implementation of AES, GCM, Chacha, memxor, SHA1,
SHA256, SHA512 and SHA3. Great speedups, and fat builds are
supported. Contributed by Mamone Tarsha.
* New PPC64 assembly for ecc modulo/redc operations,
contributed by Amitay Isaacs, Martin Schwenke and Alastair
D´Silva.
* The x86_64 AES implementation using aesni instructions has
been reorganized with one separate function per key size,
each interleaving the processing of two blocks at a time
(when the caller processes multiple blocks with each call).
This gives a modest performance improvement on some
processors.
* Rewritten and faster x86_64 poly1305 assembly.
Known issues:
* Nettle's testsuite doesn't work out-of-the-box on recent
MacOS, due to /bin/sh discarding the DYLD_LIBRARY_PATH
environment variable. Nettle's test scripts handle this in
some cases, but currently fails the test cases that are
themselves written as /bin/sh scripts. As a workaround, use
make check EMULATOR='env DYLD_LIBRARY_PATH=$(TEST_SHLIB_DIR)'
Miscellaneous:
* Updated manual to current makeinfo conventions, with no
explicit node pointers. Generate pdf version with texi2pdf,
to get working hyper links.
* Added square root functions for NIST ecc curves, as a
preparation for supporting compact point representation.
* Reworked internal GCM/ghash interfaces, simplifying assembly
implementations. Deleted unused GCM C implementation
variants with less than 8-bit lookup table.
camlp4 is an outdated way to build packages with caml and does not work
with pkgsrc ocaml versions for more than a year.
Remove camlp4 and all packages using it.
Ok jaapb@
Approved during freeze by gdt@, tested on SmartOS and macOS.
Major changes between OpenSSL 1.1.1o and OpenSSL 1.1.1p [21 Jun 2022]
o Fixed additional bugs in the c_rehash script which was not properly
sanitising shell metacharacters to prevent command injection
(CVE-2022-2068)
2.5.1
Fix
Add missing Vulnerability comparator for sorting (#246) (c3f3d0d)
2.5.0
Feature
Use SortedSet in model to improve reproducibility - this will provide predictable ordering of various items in generated CycloneDX documents - thanks to @RodneyRichardson (8a1c404)
Documentation
Fix typo "This is out" -> "This is our" (ef0278a)
2.4.0
Feature
deps: Remove unused typing-extensions constraints (2ce358a)
Version 2.19.2
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Add support for parallel computation in Argon2 (GH #2937#2926)
* Add SSSE3 implementation of Argon2 (GH #2937#2927)
* The OpenSSL provider was incompatible with OpenSSL 3.0.
It has been removed (GH #2902)
* Avoid using reserve in secure_vector appending, which caused
a performance problem (GH #2945#2920)
* Fix TLS::Text_Policy behavior when X25519 is disabled
at build time (GH #2894)
* Fix several warnings from Clang (#2888#2886)
Upstream changes:
OpenDNSSEC 2.1.10 - 2021-09-10
* OPENDNSSEC-957: Fix exit code signer daemon to not always report failure.
* OPENDNSSEC-958: Fix immediate resalting after migration from 1.4.
* OPENDNSSEC-959: Emit warning on ods-kaspcheck for NSEC iteration count
that is deemed too high.
* SUPPORT-265: Resolve conflict when deleting keys from HSM whilst
also performing step in key roll process. Typically a message
"key_data_update failed" is present in logs.
* Provided RedHat/CentOS spec file in contrib directory.
- The location of the system certificate store can now be set using
a new configuration file (ca-certificates-dir.conf).
- Installing the certificates to the system certificate store must
be enabled by the administrator.
Point out that this is from Debian and that Debian's policy is unclear
(it's not on HOMEPAGE at least; they probably do have one).
Note that modification outside of the package's files is either to
base or to pkgsrc openssl.
Clarify that there's a supported way to exclude particular certs as
trust anchors.
-do not read config files that have already been processed
-permit reason (-r) strings as regex matches
-%{HOSTNAME} expands to hostname in regex rules
-suggest -d when invoked with cd and cd is not located
-new option of timeout for password prompt
-new option of target_group for run/edit
1.28.0
Added
Updated Apache/NGINX TLS configs to document contents are based on ssl-config.mozilla.org
Changed
A change to order finalization has been made to the acme module and Certbot:
An order's certificate field will only be processed if the order's status is valid.
An order's error field will only be processed if the order's status is invalid.
(Once I did import with wrong directory name, R-soduim, and I noticed
that before I did commit security/Makefile and doc/CHANGES-2022,
so those two are correct, but I did not notice the necessity of correcting
importing commit, now re-importing the correct name, I hope,
sorry and thanks leot@)
Bindings to 'libsodium': a modern, easy-to-use software library for
encryption, decryption, signatures, password hashing and more. Sodium
uses curve25519, a state-of-the-art Diffie-Hellman function by Daniel
Bernstein, which has become very popular after it was discovered that
the NSA had backdoored Dual EC DRBG.
Bindings to 'libsodium': a modern, easy-to-use software library for
encryption, decryption, signatures, password hashing and more. Sodium
uses curve25519, a state-of-the-art Diffie-Hellman function by Daniel
Bernstein, which has become very popular after it was discovered that
the NSA had backdoored Dual EC DRBG.
[0.9.0] - 2022-05-27
Added
Support customizing key bindings (#6)
Add a separate script for preparing the test environment
Changed
Bump dependencies
Bump the Rust version in Dockerfile
Update man page about custom key bindings
Fixed
Fix the formatting
Update application handler tests about custom key bindings
Update custom key binding handler test
Fix the keycode handler test
Fix typo in the script name
Removed
Remove edition key from rustfmt config
Upstream changes:
20211001
- Update mk-ca-bundle.pl and Mozilla data to 2021-10-01 (Aaron Rowe)
- Improve metadata for license information (Shoichi Kaji)
## [2.3.0] - 2022-05-18
### Added
* CLI: The `--ignore-vuln` option has been added, allowing users to
specify vulnerability IDs to ignore during the final report
([#275](https://github.com/trailofbits/pip-audit/pull/275))
* CLI: The `--no-deps` flag has been added, allowing users to skip dependency
resolution entirely when `pip-audit` is used in requirements mode
([#255](https://github.com/trailofbits/pip-audit/pull/255))
Version 3.7.6 (released 2022-05-27)
** libgnutls: Fixed invalid write when gnutls_realloc_zero()
is called with new_size < old_size. This bug caused heap
corruption when gnutls_realloc_zero() has been set as gmp
reallocfunc
0.4.9
Added a status attribute to the returned object from gen_key() which is set to 'ok' if a key was successfully created, or 'key not created' if that was reported by gpg, or None in any other case.
Provided the ability to add subkeys. Thanks to Daniel Kilimnik for the feature request and patch.
Added keygrip values to the information collected when keys are listed. Thanks to Daniel Kilimnik for the feature request and patch.
Added extra_args to send_keys(), recv_keys() and search_keys() to allow passing options relating to key servers.
Release 2.10.1 (16 Apr 2022)
----------------------------
* Added support for "Match Exec" in config files and updated AsyncSSH
API calls to do config parsing in an executor to avoid blocking the
event loop if a "Match Exec" command doesn't return immediately.
* Fixed an issue where settings associated with server channels set
when creating a listener rather than at the time a new channel is
opened were not always being applied correctly.
* Fixed config file handling to be more consistent with OpenSSH, making
all relative paths be evaluated relative to ~/.ssh and allowing
references to config file patterns which don't match anything to only
trigger a debug message rather than an error. Thanks go to Caleb Ho
for reporting this issue!
* Update minimum required version of cryprography package to 3.1, to
allow calls to it to be made without passing in a "backend" argument.
This was missed back in the 2.9 release. Thanks go to Github users
sebby97 and JavaScriptDude for reporting this issue!
Release 2.10.0 (26 Mar 2022)
----------------------------
* Added new get_server_auth_methods() function which returns the set
of auth methods available for a given user and SSH server.
* Added support for new line_echo argument when creating a server
channel which controls whether input in the line editor is echoed
to the output immediately or under the control of the application,
allowing more control over the ordering of input and output.
* Added explicit support for RSA SHA-2 certificate algorithms.
Previously, SHA-2 signatures were supported using the original
ssh-rsa-cert-v01@openssh.com algorithm name, but recent versions
of SSH now disable this algorithm by default, so the new SHA-2
algorithm names need to be advertised for SHA-2 signatures to
work when using OpenSSH certificates.
* Improved handling of config file loading when options argument is
used, allowing config loading to be overridden at connect() time
even if the options passed in referenced a config file.
* Improved speed of unit tests by avoiding some network timeouts
when connecting to invalid addresses.
* Merged GitHub workflows contributed by GitHub user hexchain to
run unit tests and collect code coverage information on multiple
platforms and Python versions. Thanks so much for this work!
* Fixed issue with GSS auth unit tests hanging on Windows.
* Fixed issue with known_hosts matching when ProxyJump is being used.
Thanks go to GitHub user velavokr for reporting this and helping
to debug it.
* Fixed type annotations for SFTP client and server open methods.
Thanks go to Marat Sharafutdinov for reporting this!
Basically lasso installs additional files when Inkscape is available,
which it would normally re-generate but are already in the source tree.
This unconditionally caches "/bin/false" as the path to Inkscape, which:
* will always behave the same (install the missing files)
* will break if they ever have to be re-generated (thus exposing the
issue directly, which is a good thing)
In addition since lasso can provide additional documentation when
gtk-doc is installed, I have enabled this by default as well.
Bumps PKGREVISION.
Reviewed by manu@, thanks!
Version 3.7.5 (released 2022-05-15)
** libgnutls: The GNUTLS_NO_TICKETS_TLS12 flag and %NO_TICKETS_TLS12 priority
modifier have been added to disable session ticket usage in TLS 1.2 because
it does not provide forward secrecy. On the other hand, since session
tickets in TLS 1.3 do provide forward secrecy, the PFS priority string now
only disables session tickets in TLS 1.2. Future backward incompatibility:
in the next major release of GnuTLS, we plan to remove those flag and
modifier, and make GNUTLS_NO_TICKETS and %NO_TICKETS only affect TLS 1.2.
** gnutls-cli, gnutls-serv: Channel binding for printing information
has been changed from tls-unique to tls-exporter as tls-unique is
not supported in TLS 1.3.
** libgnutls: Certificate sanity checks has been enhanced to make
gnutls more RFC 5280 compliant (!1583).
Following changes were included:
- critical extensions are parsed when loading x509
certificate to prohibit any random octet strings.
Requires strict-x509 configure option to be enabled
- garbage bits in Key Usage extension are prohibited
- empty DirectoryStrings in Distinguished name structures
of Issuer and Subject name are prohibited
** libgnutls: Removed 3DES from FIPS approved algorithms.
According to the section 2 of SP800-131A Rev.2, 3DES algorithm
will be disallowed for encryption after December 31, 2023:
https://csrc.nist.gov/publications/detail/sp/800-131a/rev-2/final
** libgnutls: Optimized support for AES-SIV-CMAC algorithms.
The existing AEAD API that works in a scatter-gather fashion
(gnutls_aead_cipher_encryptv2) has been extended to support AES-SIV-CMAC.
For further optimization, new function (gnutls_aead_cipher_set_key) has been
added to set key on the existing AEAD handle without re-allocation.
** libgnutls: HKDF and AES-GCM algorithms are now approved in FIPS-140 mode
when used in TLS.
** The configure arguments for Brotli and Zstandard (zstd) support
have changed to reflect the previous help text: they are now
--with-brotli/--with-zstd respectively.
** Detecting the Zstandard (zstd) library in configure has been
fixed.
** API and ABI modifications:
GNUTLS_NO_TICKETS_TLS12: New flag
gnutls_aead_cipher_set_key: New function
Changes since OpenSSH 8.9
=========================
This release is focused on bug fixing.
Potentially-incompatible changes
--------------------------------
This release switches scp(1) from using the legacy scp/rcp protocol
to using the SFTP protocol by default.
Legacy scp/rcp performs wildcard expansion of remote filenames (e.g.
"scp host:* .") through the remote shell. This has the side effect of
requiring double quoting of shell meta-characters in file names
included on scp(1) command-lines, otherwise they could be interpreted
as shell commands on the remote side.
This creates one area of potential incompatibility: scp(1) when using
the SFTP protocol no longer requires this finicky and brittle quoting,
and attempts to use it may cause transfers to fail. We consider the
removal of the need for double-quoting shell characters in file names
to be a benefit and do not intend to introduce bug-compatibility for
legacy scp/rcp in scp(1) when using the SFTP protocol.
Another area of potential incompatibility relates to the use of remote
paths relative to other user's home directories, for example -
"scp host:~user/file /tmp". The SFTP protocol has no native way to
expand a ~user path. However, sftp-server(8) in OpenSSH 8.7 and later
support a protocol extension "expand-path () openssh com" to support
this.
In case of incompatibility, the scp(1) client may be instructed to use
the legacy scp/rcp using the -O flag.
New features
------------
* ssh(1), sshd(8): use the hybrid Streamlined NTRU Prime + x25519 key
exchange method by default ("sntrup761x25519-sha512 () openssh com").
The NTRU algorithm is believed to resist attacks enabled by future
quantum computers and is paired with the X25519 ECDH key exchange
(the previous default) as a backstop against any weaknesses in
NTRU Prime that may be discovered in the future. The combination
ensures that the hybrid exchange offers at least as good security
as the status quo.
We are making this change now (i.e. ahead of cryptographically-
relevant quantum computers) to prevent "capture now, decrypt
later" attacks where an adversary who can record and store SSH
session ciphertext would be able to decrypt it once a sufficiently
advanced quantum computer is available.
* sftp-server(8): support the "copy-data" extension to allow server-
side copying of files/data, following the design in
draft-ietf-secsh-filexfer-extensions-00. bz2948
* sftp(1): add a "cp" command to allow the sftp client to perform
server-side file copies.
Bugfixes
--------
* ssh(1), sshd(8): upstream: fix poll(2) spin when a channel's output
fd closes without data in the channel buffer. bz3405 and bz3411
* sshd(8): pack pollfd array in server listen/accept loop. Could
cause the server to hang/spin when MaxStartups > RLIMIT_NOFILE
* ssh-keygen(1): avoid NULL deref via the find-principals and
check-novalidate operations. bz3409 and GHPR#307 respectively.
* scp(1): fix a memory leak in argument processing. bz3404
* sshd(8): don't try to resolve ListenAddress directives in the sshd
re-exec path. They are unused after re-exec and parsing errors
(possible for example if the host's network configuration changed)
could prevent connections from being accepted.
* sshd(8): when refusing a public key authentication request from a
client for using an unapproved or unsupported signature algorithm
include the algorithm name in the log message to make debugging
easier.
Portability
-----------
* sshd(8): refactor platform-specific locked account check, fixing
an incorrect free() on platforms with both libiaf and shadow
passwords (probably only Unixware) GHPR#284,
* ssh(1), sshd(8): Fix possible integer underflow in scan_scaled(3)
parsing of K/M/G/etc quantities. bz#3401.
* sshd(8): provide killpg implementation (mostly for Tandem NonStop)
GHPR#301.
* Check for missing ftruncate prototype. GHPR#301
* sshd(8): default to not using sandbox when cross compiling. On most
systems poll(2) does not work when the number of FDs is reduced
with setrlimit, so assume it doesn't when cross compiling and we
can't run the test. bz#3398.
* sshd(8): allow ppoll_time64 in seccomp sandbox. Should fix sandbox
violations on some (at least i386 and armhf) 32bit Linux platforms.
bz#3396.
* Improve detection of -fzero-call-used-regs=all support in
configure script.
Security Near Miss
==================
* sshd(8): fix an integer overflow in the user authentication path
that, in conjunction with other logic errors, could have yielded
unauthenticated access under difficult to exploit conditions.
This situation is not exploitable because of independent checks in
the privilege separation monitor. Privilege separation has been
enabled by default in since openssh-3.2.2 (released in 2002) and
has been mandatory since openssh-7.5 (released in 2017). Moreover,
portable OpenSSH has used toolchain features available in most
modern compilers to abort on signed integer overflow since
openssh-6.5 (released in 2014).
Thanks to Malcolm Stagg for finding and reporting this bug.
Potentially-incompatible changes
================================
* sshd(8), portable OpenSSH only: this release removes in-built
support for MD5-hashed passwords. If you require these on your
system then we recommend linking against libxcrypt or similar.
* This release modifies the FIDO security key middleware interface
and increments SSH_SK_VERSION_MAJOR.
Changes since OpenSSH 8.8
=========================
This release includes a number of new features.
New features
------------
* ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a system for
restricting forwarding and use of keys added to ssh-agent(1)
A detailed description of the feature is available at
https://www.openssh.com/agent-restrict.html and the protocol
extensions are documented in the PROTOCOL and PROTOCOL.agent
files in the source release.
* ssh(1), sshd(8): add the sntrup761x25519-sha512@openssh.com hybrid
ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the
default KEXAlgorithms list (after the ECDH methods but before the
prime-group DH ones). The next release of OpenSSH is likely to
make this key exchange the default method.
* ssh-keygen(1): when downloading resident keys from a FIDO token,
pass back the user ID that was used when the key was created and
append it to the filename the key is written to (if it is not the
default). Avoids keys being clobbered if the user created multiple
resident keys with the same application string but different user
IDs.
* ssh-keygen(1), ssh(1), ssh-agent(1): better handling for FIDO keys
on tokens that provide user verification (UV) on the device itself,
including biometric keys, avoiding unnecessary PIN prompts.
* ssh-keygen(1): add "ssh-keygen -Y match-principals" operation to
perform matching of principals names against an allowed signers
file. To be used towards a TOFU model for SSH signatures in git.
* ssh-add(1), ssh-agent(1): allow pin-required FIDO keys to be added
to ssh-agent(1). $SSH_ASKPASS will be used to request the PIN at
authentication time.
* ssh-keygen(1): allow selection of hash at sshsig signing time
(either sha512 (default) or sha256).
* ssh(1), sshd(8): read network data directly to the packet input
buffer instead of indirectly via a small stack buffer. Provides a
modest performance improvement.
* ssh(1), sshd(8): read data directly to the channel input buffer,
providing a similar modest performance improvement.
* ssh(1): extend the PubkeyAuthentication configuration directive to
accept yes|no|unbound|host-bound to allow control over one of the
protocol extensions used to implement agent-restricted keys.
Bugfixes
--------
* sshd(8): document that CASignatureAlgorithms, ExposeAuthInfo and
PubkeyAuthOptions can be used in a Match block. PR#277.
* sshd(8): fix possible string truncation when constructing paths to
.rhosts/.shosts files with very long user home directory names.
* ssh-keysign(1): unbreak for KEX algorithms that use SHA384/512
exchange hashes
* ssh(1): don't put the TTY into raw mode when SessionType=none,
avoids ^C being unable to kill such a session. bz3360
* scp(1): fix some corner-case bugs in SFTP-mode handling of
~-prefixed paths.
* ssh(1): unbreak hostbased auth using RSA keys. Allow ssh(1) to
select RSA keys when only RSA/SHA2 signature algorithms are
configured (this is the default case). Previously RSA keys were
not being considered in the default case.
* ssh-keysign(1): make ssh-keysign use the requested signature
algorithm and not the default for the key type. Part of unbreaking
hostbased auth for RSA/SHA2 keys.
* ssh(1): stricter UpdateHostkey signature verification logic on
the client- side. Require RSA/SHA2 signatures for RSA hostkeys
except when RSA/SHA1 was explicitly negotiated during initial
KEX; bz3375
* ssh(1), sshd(8): fix signature algorithm selection logic for
UpdateHostkeys on the server side. The previous code tried to
prefer RSA/SHA2 for hostkey proofs of RSA keys, but missed some
cases. This will use RSA/SHA2 signatures for RSA keys if the
client proposed these algorithms in initial KEX. bz3375
* All: convert all uses of select(2)/pselect(2) to poll(2)/ppoll(2).
This includes the mainloops in ssh(1), ssh-agent(1), ssh-agent(1)
and sftp-server(8), as well as the sshd(8) listen loop and all
other FD read/writability checks. On platforms with missing or
broken poll(2)/ppoll(2) syscalls a select(2)-based compat shim is
available.
* ssh-keygen(1): the "-Y find-principals" command was verifying key
validity when using ca certs but not with simple key lifetimes
within the allowed signers file.
* ssh-keygen(1): make sshsig verify-time argument parsing optional
* sshd(8): fix truncation in rhosts/shosts path construction.
* ssh(1), ssh-agent(1): avoid xmalloc(0) for PKCS#11 keyid for ECDSA
keys (we already did this for RSA keys). Avoids fatal errors for
PKCS#11 libraries that return empty keyid, e.g. Microchip ATECC608B
"cryptoauthlib"; bz#3364
* ssh(1), ssh-agent(1): improve the testing of credentials against
inserted FIDO: ask the token whether a particular key belongs to
it in cases where the token supports on-token user-verification
(e.g. biometrics) rather than just assuming that it will accept it.
Will reduce spurious "Confirm user presence" notifications for key
handles that relate to FIDO keys that are not currently inserted in at
least some cases. bz3366
* ssh(1), sshd(8): correct value for IPTOS_DSCP_LE. It needs to
allow for the preceding two ECN bits. bz#3373
* ssh-keygen(1): add missing -O option to usage() for the "-Y sign"
option.
* ssh-keygen(1): fix a NULL deref when using the find-principals
function, when matching an allowed_signers line that contains a
namespace restriction, but no restriction specified on the
command-line
* ssh-agent(1): fix memleak in process_extension(); oss-fuzz
issue #42719
* ssh(1): suppress "Connection to xxx closed" messages when LogLevel
is set to "error" or above. bz3378
* ssh(1), sshd(8): use correct zlib flags when inflate(3)-ing
compressed packet data. bz3372
* scp(1): when recursively transferring files in SFTP mode, create the
destination directory if it doesn't already exist to match scp(1) in
legacy RCP mode behaviour.
* scp(1): many improvements in error message consistency between scp(1)
in SFTP mode vs legacy RCP mode.
* sshd(8): fix potential race in SIGTERM handling PR#289
* ssh(1), ssh(8): since DSA keys are deprecated, move them to the
end of the default list of public keys so that they will be tried
last. PR#295
* ssh-keygen(1): allow 'ssh-keygen -Y find-principals' to match
wildcard principals in allowed_signers files
Portability
-----------
* ssh(1), sshd(8): don't trust closefrom(2) on Linux. glibc's
implementation does not work in a chroot when the kernel does not
have close_range(2). It tries to read from /proc/self/fd and when
that fails dies with an assertion of sorts. Instead, call
close_range(2) directly from our compat code and fall back if
that fails. bz#3349,
* OS X poll(2) is broken; use compat replacement. For character-
special devices like /dev/null, Darwin's poll(2) returns POLLNVAL
when polled with POLLIN. Apparently this is Apple bug 3710161 -
not public but a websearch will find other OSS projects
rediscovering it periodically since it was first identified in
2005.
* Correct handling of exceptfds/POLLPRI in our select(2)-based
poll(2)/ppoll(2) compat implementation.
* Cygwin: correct checking of mbstowcs() return value.
* Add a basic SECURITY.md that refers people to the openssh.com
website.
* Enable additional compiler warnings and toolchain hardening flags,
including -Wbitwise-instead-of-logical, -Wmisleading-indentation,
-fzero-call-used-regs and -ftrivial-auto-var-init.
* HP/UX. Use compat getline(3) on HP-UX 10.x, where the libc version
is not reliable.
What's new in Sudo 1.9.10
* Added new "log_passwords" and "passprompt_regex" sudoers options.
If "log_passwords" is disabled, sudo will attempt to prevent passwords
from being logged. If sudo detects any of the regular expressions in
the "passprompt_regex" list in the terminal output, sudo will log '*'
characters instead of the terminal input until a newline or carriage
return is found in the input or an output character is received.
* Added new "log_passwords" and "passprompt_regex" settings to
sudo_logsrvd that operate like the sudoers options when logging
terminal input.
* Fixed several few bugs in the cvtsudoers utility when merging
multiple sudoers sources.
* Fixed a bug in sudo_logsrvd when parsing the sudo_logsrvd.conf
file, where the "retry_interval" in the [relay] section was not
being recognized.
* Restored the pre-1.9.9 behavior of not performing authentication
when sudo's -n option is specified. A new "noninteractive_auth"
sudoers option has been added to enable PAM authentication in
non-interactive mode.
* On systems with /proc, if the /proc/self/stat (Linux) or
/proc/pid/psinfo (other systems) file is missing or invalid,
sudo will now check file descriptors 0-2 to determine the user's
terminal.
* Fixed a compilation problem on Debian kFreeBSD.
* Fixed a crash in sudo_logsrvd when running in relay mode if
an alert message is received.
* Fixed an issue that resulting in "problem with defaults entries"
email to be sent if a user ran sudo when the sudoers entry in
the nsswitch.conf file includes "sss" but no sudo provider is
configured in /etc/sssd/sssd.conf.
* Updated the warning displayed when the invoking user is not
allowed to run sudo. If sudo has been configured to send mail
on failed attempts (see the mail_* flags in sudoers), it will
now print "This incident has been reported to the administrator."
If the "mailto" or "mailerpath" sudoers settings are disabled,
the message will not be printed and no mail will be sent.
* Fixed a bug where the user-specified command timeout was not
being honored if the sudoers rule did not also specify a timeout.
* Added support for using POSIX extended regular expressions in
sudoers rules. A command and/or arguments in sudoers are treated
as a regular expression if they start with a '^' character and
end with a '$'. The command and arguments are matched separately,
either one (or both) may be a regular expression.
* A user may now only run "sudo -U otheruser -l" if they have a
"sudo ALL" privilege where the RunAs user contains either "root"
or "otheruser". Previously, having "sudo ALL" was sufficient,
regardless of the RunAs user.
* The sudo lecture is now displayed immediately before the password
prompt. As a result, sudo will no longer display the lecture
unless the user needs to enter a password. Authentication methods
that don't interact with the user via a terminal do not trigger
the lecture.
* Sudo now uses its own closefrom() emulation on Linux systems.
The glibc version may not work in a chroot jail where /proc is
not available. If close_range(2) is present, it will be used
in preference to /proc/self/fd.
What's new in Sudo 1.9.9
* Sudo can now be built with OpenSSL 3.0 without generating warnings
about deprecated OpenSSL APIs.
* A digest can now be specified along with the "ALL" command in
the LDAP and SSSD back-ends. Sudo 1.9.0 introduced support for
this in the sudoers file but did not include corresponding changes
for the other back-ends.
* visudo now only warns about an undefined alias or a cycle in an
alias once for each alias.
* The sudoRole cn was truncated by a single character in warning messages.
* The cvtsudoers utility has new --group-file and --passwd-file options
to use a custom passwd or group file when the --match-local option is
also used.
* The cvtsudoers utility can now filter or match based on a command.
* The cvtsudoers utility can now produce output in csv (comma-separated
value) format. This can be used to help generate entitlement reports.
* Fixed a bug in sudo_logsrvd that could result in the connection being
dropped for very long command lines.
* Fixed a bug where sudo_logsrvd would not accept a restore point
of zero.
* Fixed a bug in visudo where the value of the "editor" setting was not
used if it did not match the user's EDITOR environment variable.
This was only a problem if the "env_editor" setting was not enabled.
* Sudo now builds with the -fcf-protection compiler option and the
"-z now" linker option if supported.
* The output of "sudoreplay -l" now more closely matches the
traditional sudo log format.
* The sudo_sendlog utility will now use the full contents of the log.json
file, if present. This makes it possible to send sudo-format I/O logs
that use the newer log.json format to sudo_logsrvd without losing any
information.
* Fixed compilation of the arc4random_buf() replacement on systems with
arc4random() but no arc4random_buf().
* Sudo now uses its own getentropy() by default on Linux. The GNU libc
version of getentropy() will fail on older kernels that don't support
the getrandom() system call.
* It is now possible to build sudo with WolfSSL's OpenSSL compatibility
layer by using the --enable-wolfssl configure option.
* Fixed a bug related to Daylight Saving Time when parsing timestamps
in Generalized Time format. This affected the NOTBEFORE and
NOTAFTER options in sudoers.
* Added the -O and -P options to visudo, which can be used to check
or set the owner and permissions. This can be used in conjunction
with the -c option to check that the sudoers file ownership and
permissions are correct.
* It is now possible to set resource limits in the sudoers file itself.
The special values "default" and "user" refer to the default system
limit and invoking user limit respectively. The core dump size limit
is now set to 0 by default unless overridden by the sudoers file.
* The cvtsudoers utility can now merge multiple sudoers sources into
a single, combined sudoers file. If there are conflicting entries,
cvtsudoers will attempt to resolve them but manual intervention
may be required. The merging of sudoers rules is currently fairly
simplistic but will be improved in a future release.
* Sudo was parsing but not applying the "deref" and "tls_reqcert"
ldap.conf settings. This meant the options were effectively
ignored which broke dereferencing of aliases in LDAP.
* Clarified in the sudo man page that the security policy may
override the user's PATH environment variable.
* When sudo is run in non-interactive mode (with the -n option), it
will now attempt PAM authentication and only exit with an error
if user interaction is required. This allows PAM modules that
don't interact with the user to succeed. Previously, sudo
would not attempt authentication if the -n option was specified.
* Fixed a regression introduced in version 1.9.1 when sudo is
built with the --with-fqdn configure option. The local host
name was being resolved before the sudoers file was processed,
making it impossible to disable DNS lookups by negating the
"fqdn" sudoers option.
* Added support for negated sudoUser attributes in the LDAP and
SSSD sudoers back ends. A matching sudoUser that is negated
will cause the sudoRole containing it to be ignored.
* Fixed a bug where the stack resource limit could be set to a
value smaller than that of the invoking user and not be reset
before the command was run.
What's new in Sudo 1.9.8p2
* Fixed a potential out-of-bounds read with "sudo -i" when the
target user's shell is bash. This is a regression introduced
in sudo 1.9.8.
* sudo_logsrvd now only sends a log ID for first command of a session.
There is no need to send the log ID for each sub-command.
* Fixed a few minor memory leaks in intercept mode.
* Fixed a problem with sudo_logsrvd in relay mode if "store_first"
was enabled when handling sub-commands. A new zero-length journal
file was created for each sub-command instead of simply using
the existing journal file.
* Fixed a bug where sudoedit would fail if one of the directories
in the path to be edited had the immutable flag set (BSD, Linux
or macOS).
What's new in Sudo 1.9.8p1
* Fixed support for passing a prompt (sudo -p) or a login class
(sudo -c) on the command line. This is a regression introduced
in sudo 1.9.8.
* Fixed a crash with "sudo ALL" rules in the LDAP and SSSD back-ends.
This is a regression introduced in sudo 1.9.8.
* Fixed a compilation error when the --enable-static-sudoers configure
option was specified. This is a regression introduced in sudo
1.9.8 caused by a symbol clash with the intercept and log server
protobuf functions.
What's new in Sudo 1.9.8
* It is now possible to transparently intercepting sub-commands
executed by the original command run via sudo. Intercept support
is implemented using LD_PRELOAD (or the equivalent supported by
the system) and so has some limitations. The two main limitations
are that only dynamic executables are supported and only the
execl, execle, execlp, execv, execve, execvp, and execvpe library
functions are currently intercepted. Its main use case is to
support restricting privileged shells run via sudo.
To support this, there is a new "intercept" Defaults setting and
an INTERCEPT command tag that can be used in sudoers. For example:
Cmnd_Alias SHELLS=/bin/bash, /bin/sh, /bin/csh, /bin/ksh, /bin/zsh
Defaults!SHELLS intercept
would cause sudo to run the listed shells in intercept mode.
This can also be set on a per-rule basis. For example:
Cmnd_Alias SHELLS=/bin/bash, /bin/sh, /bin/csh, /bin/ksh, /bin/zsh
chuck ALL = INTERCEPT: SHELLS
would only apply intercept mode to user "chuck" when running one
of the listed shells.
In intercept mode, sudo will not prompt for a password before
running a sub-command and will not allow a set-user-ID or
set-group-ID program to be run by default. The new
intercept_authenticate and intercept_allow_setid sudoers settings
can be used to change this behavior.
* The new "log_subcmds" sudoers setting can be used to log additional
commands run in a privileged shell. It uses the same mechanism as
the intercept support described above and has the same limitations.
* The new "log_exit_status" sudoers setting can be used to log
the exit status commands run via sudo. This is also a corresponding
"log_exit" setting in the sudo_logsrvd.conf eventlog stanza.
* Support for logging sudo_logsrvd errors via syslog or to a file.
Previously, most sudo_logsrvd errors were only visible in the
debug log.
* Better diagnostics when there is a TLS certificate validation error.
* Using the "+=" or "-=" operators in a Defaults setting that takes
a string, not a list, now produces a warning from sudo and a
syntax error from inside visudo.
* Fixed a bug where the "iolog_mode" setting in sudoers and sudo_logsrvd
had no effect when creating I/O log parent directories if the I/O log
file name ended with the string "XXXXXX".
* Fixed a bug in the sudoers custom prompt code where the size
parameter that was passed to the strlcpy() function was incorrect.
No overflow was possible since the correct amount of memory was
already pre-allocated.
* The mksigname and mksiglist helper programs are now built with
the host compiler, not the target compiler, when cross-compiling.
* Fixed compilation error when the --enable-static-sudoers configure
option was specified. This was due to a typo introduced in sudo
1.9.7.
# oskeyring 0.1.3
# development version
* This version fixes a potential crash on macOS (#11).
# 0.1.2
* Windows functions now use UTF-16 (little endian) encoding instead
of UCS-2. UTF-16 should be the default on all reasonably recent
Windows versions.
2.0.0
- The default fingerprint() for keys has changed from md5 to sha256. This is
a breaking change, but in line with other software phasing out md5, and needed
to support systems where use of MD5 has been disabled to comply with FIPS.
- Make the test-suite pass under FIPS on RHEL 8.
- New family of ssl_ctx functions to manipulate an SSL context from inside curl
https requests.
- Rd manuals have been markdownified
1.4.6
- Update unit tests to new pki.goog test servers
1.4.5
- Tweaks and fixes for upcoming OpenSSLv3. Once OpenSSLv3 is released we should
port the deprecated functions, but for now we keep supporting OpenSSL 1.0.2.
1.4.4
- Fix rand_bytes for large input
- Remove some legacy Windows workarounds from R 3.2
- Windows: upgrade libs to openssl 1.1.1k
2021-11-30 Dirk Eddelbuettel <edd@debian.org>
* DESCRIPTION (Version, Date): Release 0.6.29
* src/digest.c (digest): Accomodate Windows UCRT build
* man/AES.Rd: Remove one URL that upsets the URL checker
* README.md: Update one URL that upsets the URL checker
2021-11-20 Dirk Eddelbuettel <edd@debian.org>
* DESCRIPTION (Version, Date): Roll minor version
* vignettes/sha1.md: Renamed from .Rmd, corrected code block syntax
2021-11-19 Dirk Eddelbuettel <edd@debian.org>
* DESCRIPTION (VignetteBuilder): Converted to simplermarkdown engine
* vignettes/sha1.Rmd: Idem
* vignettes/water.css: Added
2021-11-05 Dirk Eddelbuettel <edd@debian.org>
* README.md: Remove Travis badge
* .travis.yml: Remove Travis YAML config
2021-09-23 Dirk Eddelbuettel <edd@debian.org>
* DESCRIPTION (Version, Date): Release 0.6.28
2021-09-22 Dirk Eddelbuettel <edd@debian.org>
* DESCRIPTION (Version, Date): Roll minor version
* vignettes/sha1.Rmd (date): Remove knitr date calculation in YAML
header which GitHub does not like and mistakes for Jekyll code
* docs/mkdmt-src/src/vignette.md (date): Idem
* README.md: Add total download badge, label other as monthly
2021-09-22 András Svraka <svraka.andras@gmail.com>
* R/vdigest.R (non_streaming_digest): Ensure UTF-8 encoded file paths
on Windows
* inst/tinytest/test_encoding.R: Expand test coverage for path name
encodings on Windows
2021-03-28 Dirk Eddelbuettel <edd@debian.org>
* docs/mkdmt-src/: Moved mkdocs-material input
2021-03-26 Dirk Eddelbuettel <edd@debian.org>
* README.md: Add 'last commit' badge
2021-03-23 Dirk Eddelbuettel <edd@debian.org>
* DESCRIPTION (URL): Add link to repo
2021-03-22 Dirk Eddelbuettel <edd@debian.org>
* docs-src/mkdocs.yml (theme): Add (draft, incomplete) vignette
* docs-src/src/vignette.md (title): Idem
2021-03-22 Floris Vanderhaeghe <floris.vanderhaeghe@inbo.be>
* man/digest.Rd: Reworded to also highlight file mode
2021-01-16 Dirk Eddelbuettel <edd@debian.org>
* DESCRIPTION (Version, Date): Roll minor version
* src/SpookyV2.cpp: Disallow unaligned reads which have been seen to
trigger SAN issues as reported by Winston in #167
2020-12-23 Dirk Eddelbuettel <edd@debian.org>
* .github/workflows/ci.yaml: Add CI runner using r-ci
* README.md: Add new CI badge
2020-10-20 Dirk Eddelbuettel <edd@debian.org>
* DESCRIPTION (Version, Date): Release 0.6.27
2020-10-19 Dirk Eddelbuettel <edd@debian.org>
* src/blake3_dispatch.c: Comment-out include of intrinsics to also
comment-out erroring on insufficient architectures such as Solaris
2020-10-17 Dirk Eddelbuettel <edd@debian.org>
* DESCRIPTION (Version, Date): Release 0.6.26
* docs/: Added package website
* docs-src/: Added package website inputs
* .travis.yml (dist): Change to focal
2020-10-15 Dirk Eddelbuettel <edd@debian.org>
* README.md: Update URLs
* man/digest.Rd: Ditto
* man/hmac.Rd: Ditto
2020-10-14 Dirk Eddelbuettel <edd@debian.org>
* DESCRIPTION (Version, Date): Roll minor version
* inst/tinytest/test_blake3.R: Skip file-based blake3 tests on Windows
* vignettes/sha1.Rmd: Switch to minidown and 'framework: water'
* DESCRIPTION (Suggests): Add minidown
2020-10-07 Dirk Eddelbuettel <edd@debian.org>
* DESCRIPTION (Version, Date): Roll minor version
2020-10-06 Winston Chang <winston@stdout.org>
* R/digest.R: Speedup via explicit alternative values for
match.arg() and a direct call to serialize()
* R/vdigest.R: Idem
* R/init.R: Idem (for serialize())
* inst/tinytest/test_digest.R: New test ensuring all variants hit
2020-09-21 Dirk Eddelbuettel <edd@debian.org>
* .travis.yml: Updated to 'bionic', R 4.0, and BSPM
2020-08-03 Dirk Eddelbuettel <edd@debian.org>
* DESCRIPTION (Depends): Roll Depends: on to R (>= 3.3.0) due to use
of startsWith(), with thanks to Florian Pein
2020-05-20 Dirk Eddelbuettel <edd@debian.org>
* .travis.yml: Switch to bionic and R 4.0.0
2020-05-19 Dirk Schumacher <mail@dirk-schumacher.net>
* src/digest.c: Support file operation
* inst/tinytest/test_blake3.R: Update test
2020-05-19 Dirk Eddelbuettel <edd@debian.org>
* DESCRIPTION (Version): Roll minor version and date
2020-05-19 Dirk Schumacher <mail@dirk-schumacher.net>
* src/blake3.c: Add blake3 implementation
* src/blake3.h: Idem
* src/blake3_dispatch.c: Idem
* src/blake3_impl.h: Idem
* src/blake3_portable.c: Idem
* src/digest.c: Support blake3 call
* R/digest.R: Idem
* inst/tinytest/test_blake3.R: Add tests
* man/digest.Rd: Add documentation
2020-03-05 Harris McGehee <mcgehee.harris@gmail.com>
* man/sha1.Rd: Correct typo
2020-02-26 Dirk Eddelbuettel <edd@debian.org>
* README.md: Add Debian badge
2020-02-22 Dirk Eddelbuettel <edd@debian.org>
1.5.1
Handle RSASSA-PSS in keys.PrivateKeyInfo.bit_size and keys.PublicKeyInfo.bit_size
Handle RSASSA-PSS in keys.PrivateKeyInfo.wrap and keys.PublicKeyInfo.wrap
Updated docs for keys.PrivateKeyInfo.algorithm and keys.PublicKeyInfo.algorithm to reflect that they can return "rsassa_pss"
1.5.0
Fix tsp.TimeStampAndCRL to be a core.Sequence instead of a core.SequenceOf via @joernheissler
Added OIDs for Edwards curves from RFC 8410 - via @MatthiasValvekens
Fixed convenience attributes on algos.EncryptionAlgorithm when the algorithm is RC2 via @joernheissler
Added Microsoft OIDs microsoft_enrollment_csp_provider (1.3.6.1.4.1.311.13.2.2), microsoft_os_version (1.3.6.1.4.1.311.13.2.3) and microsoft_request_client_info (1.3.6.1.4.1.311.21.20) to csr.CSRAttributeType along with supporting extension structures via @qha
Added Microsoft OID microsoft_enroll_certtype (1.3.6.1.4.1.311.20.2) to x509.ExtensionId via @qha
Fixed a few bugs with parsing indefinite-length encodings via @davidben
Added various bounds checks to parsing engine via @davidben
Fixed a bug with tags not always being minimally encoded via @davidben
Fixed cms.RoleSyntax, cms.SecurityCategory and cms.AttCertIssuer to have explicit instead of implicit tagging via @MatthiasValvekens
Fixed tagging of, and default value for fields in cms.Clearance via @MatthiasValvekens
Fixed calling .dump(force=True) when the value has undefined/unknown core.Sequence fields. Previously the value would be truncated, now the existing encoding is preserved.
Added sMIME capabilities (1.2.840.113549.1.9.15) support from RFC 2633 to cms.CMSAttribute via Hellzed
Major changes between OpenSSL 1.1.1n and OpenSSL 1.1.1o [3 May 2022]
o Fixed a bug in the c_rehash script which was not properly sanitising
shell metacharacters to prevent command injection (CVE-2022-1292)
Changes since v5.2.0:
Release 5.3.0 of wolfSSL embedded TLS has bug fixes and new features including:
New Feature Additions
Ports
* Updated support for Stunnel to version 5.61
* Add i.MX8 NXP SECO use for secure private ECC keys and expand
cryptodev-linux for use with the RSA/Curve25519 with the Linux CAAM driver
* Allow encrypt then mac with Apache port
* Update Renesas TSIP version to 1.15 on GR-ROSE and certificate signature
data for TSIP / SCE example
* Add IAR MSP430 example, located in IDE/IAR-MSP430 directory
* Add support for FFMPEG with the enable option --enable-ffmpeg, FFMPEG is
used for recording and converting video and audio (https://ffmpeg.org/)
* Update the bind port to version 9.18.0
Post Quantum
* Add Post-quantum KEM benchmark for STM32
* Enable support for using post quantum algorithms with embedded STM32 boards
and port to STM32U585
Compatibility Layer Additions
* Add port to support libspdm
(https://github.com/DMTF/libspdm/blob/main/README.md), compatibility
functions added for the port were:
- ASN1_TIME_compare
- DH_new_by_nid
- OBJ_length, OBJ_get0_data,
- EVP layer ChaCha20-Poly1305, HKDF
- EC_POINT_get_affine_coordinates
- EC_POINT_set_affine_coordinates
* Additional functions added were:
- EC_KEY_print_fp
- EVP_PKEY_paramgen
- EVP_PKEY_sign/verify functionality
- PEM_write_RSAPublicKey
- PEM_write_EC_PUBKEY
- PKCS7_sign
- PKCS7_final
- SMIME_write_PKCS7
- EC_KEY/DH_up_ref
- EVP_DecodeBlock
- EVP_EncodeBlock
- EC_KEY_get_conv_form
- BIO_eof
- Add support for BIO_CTRL_SET and BIO_CTRL_GET
* Add compile time support for the type SSL_R_NULL_SSL_METHOD_PASSED
* Enhanced X509_NAME_print_ex() to support RFC5523 basic escape
* More checks on OPENSSL_VERSION_NUMBER for API prototype differences
* Add extended key usage support to wolfSSL_X509_set_ext
* SSL_VERIFY_FAIL_IF_NO_PEER_CERT now can also connect with compatibility
layer enabled and a TLS 1.3 PSK connection is used
* Improve wolfSSL_BN_rand to handle non byte boundaries and top/bottom
parameters
* Changed X509_V_ERR codes to better match OpenSSL values used
* Improve wolfSSL_i2d_X509_name to allow for a NULL input in order to get the
expected resulting size
* Enhance the smallstack build to reduce stack size farther when built with
compatibility layer enabled
Misc.
* Sniffer asynchronous support addition, handling of DH shared secret and
tested with Intel QuickAssist
* Added in support for OCSP with IPv6
* Enhance SP (single precision) optimizations for use with the ECC P521
* Add new public API wc_CheckCertSigPubKey() for use to easily check the
signature of a certificate given a public key buffer
* Add CSR (Certificate Signing Request) userId support in subject name
* Injection and parsing of custom extensions in X.509 certificates
* Add WOLF_CRYPTO_CB_ONLY_RSA and WOLF_CRYPTO_CB_ONLY_ECC to reduce code size
if using only crypto callback functions with RSA and ECC
* Created new --enable-engine configure flag used to build wolfSSL for use with
wolfEngine
* With TLS 1.3 PSK, when WOLFSSL_PSK_MULTI_ID_PER_CS is defined multiple IDs
for a cipher suite can be handled
* Added private key id/label support with improving the PK (Public Key)
callbacks
* Support for Intel QuickAssist ECC KeyGen acceleration
* Add the function wolfSSL_CTX_SetCertCbCtx to set user context for certificate
call back
* Add the functions wolfSSL_CTX_SetEccSignCtx(WOLFSSL_CTX* ctx, void userCtx)
and wolfSSL_CTX_GetEccSignCtx(WOLFSSL_CTX ctx) for setting and getting a user
context
* wolfRand for AMD --enable-amdrand
Fixes
PORT Fixes
* KCAPI memory optimizations and page alignment fixes for ECC, AES mode fixes
and reduction to memory usage
* Add the new kdf.c file to the TI-RTOS build
* Fix wait-until-done in RSA hardware primitive acceleration of ESP-IDF port
* IOTSafe workarounds when reading files with ending 0’s and for ECC
signatures
Math Library Fixes
* Sanity check with SP math that ECC points ordinates are not greater than
modulus length
* Additional sanity checks that _sp_add_d does not error due to overflow
* Wycheproof fixes, testing integration, and fixes for AVX / AArch64 ASM edge
case tests
* TFM fp_div_2_ct rework to avoid potential overflow
Misc.
* Fix for PKCS#7 with Crypto Callbacks
* Fix for larger curve sizes with deterministic ECC sign
* Fixes for building wolfSSL alongside openssl using --enable-opensslcoexist
* Fix for compatibility layer handling of certificates with SHA256 SKID (Subject Key ID)
* Fix for wolfSSL_ASN1_TIME_diff erroring out on a return value of 0 from mktime
* Remove extra padding when AES-CBC encrypted with PemToDer
* Fixes for TLS v1.3 early data with async.
* Fixes for async disables around the DevCopy calls
* Fixes for Windows AES-NI with clang compiler
* Fix for handling the detection of processing a plaintext TLS alert packet
* Fix for potential memory leak in an error case with TLSX supported groups
* Sanity check on input size in DecodeNsCertType
* AES-GCM stack alignment fixes with assembly code written for AVX/AVX2
* Fix for PK callbacks with server side and setting a public key
Improvements/Optimizations
Build Options and Warnings
* Added example user settings template for FIPS v5 ready
* Automake file touch cleanup for use with Yocto devtool
* Allow disabling forced 'make clean' at the end of ./configure by using
--disable-makeclean
* Enable TLS 1.3 early data when specifying --enable-all option
* Disable PK Callbacks with JNI FIPS builds
* Add a FIPS cert 3389 ready option, this is the fips-ready build
* Support (no)inline with Wind River Diab compiler
* ECDH_compute_key allow setting of globalRNG with FIPS 140-3
* Add logic equivalent to configure.ac in settings.h for Poly1305
* Fixes to support building opensslextra with SP math
* CPP protection for extern references to x86_64 asm code
* Updates and enhancements for Espressif ESP-IDF wolfSSL setup_win.bat
* Documentation improvements with auto generation
* Fix reproducible-build for working an updated version of libtool, version
2.4.7
* Fixes for Diab C89 and armclang
* Fix mcapi_test.c to include the settings.h before crypto.h
* Update and handle builds with NO_WOLFSSL_SERVER and NO_WOLFSSL_CLIENT
* Fix for some macro defines with FIPS 140-3 build so that
RSA_PKCS1_PSS_PADDING can be used with RSA sign/verify functions
Math Libraries
* Add RSA/DH check for even modulus
* Enhance TFM math to handle more alloc failure cases gracefully
* SP ASM performance improvements mostly around AArch64
* SP ASM improvements for additional cache attack resistance
* Add RSA check for small difference between p and q
* 6-8% performance increase with ECC operations using SP int by improving the
Montgomery Reduction
Testing and Validation
* All shell scripts in source tree now tested for correctness using shellcheck
and bash -n
* Added build testing under gcc-12 and -std=c++17 and fixed warnings
* TLS 1.3 script test improvement to wait for server to write file
* Unit tests for ECC r/s zeroness handling
* CI server was expanded with a very “quiet” machine that can support multiple
ContantTime tests ensuring ongoing mitigation against side-channel timing
based attacks. Algorithms being assessed on this machine are: AES-CBC,
AES-GCM, CHACHA20, ECC, POLY1305, RSA, SHA256, SHA512, CURVE25519.
* Added new multi configuration windows builds to CI testing for greater
testing coverage of windows use-cases
Misc.
* Support for ECC import to check validity of key on import even if one of the
coordinates (x or y) is 0
* Modify example app to work with FreeRTOS+IoT
* Ease of access for cert used for verifying a PKCS#7 bundle
* Clean up Visual Studio output and intermediate directories
* With TLS 1.3 fail immediately if a server sends empty certificate message
* Enhance the benchmark application to support multi-threaded testing
* Improvement for wc_EccPublicKeyToDer to not overestimate the buffer size
required
* Fix to check if wc_EccPublicKeyToDer has enough output buffer space
* Fix year 2038 problem in wolfSSL_ASN1_TIME_diff
* Various portability improvements (Time, DTLS epoch size, IV alloc)
* Prefer status_request_v2 over status_request when both are present
* Add separate "struct stat" definition XSTATSTRUCT to make overriding XSTAT
easier for portability
* With SipHash replace gcc specific ASM instruction with generic
* Don't force a ECC CA when a custom CA is passed with -A
* Add peer authentication failsafe for TLS 1.2 and below
* Improve parsing of UID from subject and issuer name with the compatibility
layer by
* Fallback to full TLS handshake if session ticket fails
* Internal refactoring of code to reduce ssl.c file size
2.10.4 2022-04-25
[Bug]: Servers offering certificate variants of hostkey algorithms (eg ssh-rsa-cert-v01@openssh.com) could not have their host keys verified by Paramiko clients, as it only ever considered non-cert key types for that part of connection handshaking. This has been fixed.
[Bug]: PKey instances’ __eq__ did not have the usual safety guard in place to ensure they were being compared to another PKey object, causing occasional spurious BadHostKeyException (among other things). This has been fixed. Thanks to Shengdun Hua for the original report/patch and to Christopher Papke for the final version of the fix.
[Support]: Update camelCase method calls against the threading module to be snake_case; this and related tweaks should fix some deprecation warnings under Python 3.10. Thanks to Karthikeyan Singaravelan for the report, @Narendra-Neerukonda for the patch, and to Thomas Grainger and Jun Omae for patch workshopping.
