Certbot, previously the Let's Encrypt Client, is EFF's tool to
obtain certs from Let's Encrypt, and (optionally) autoenable HTTPS
on your server. It can also act as a client for any other CA that
uses the ACME protocol.
PolicyKit-mate provides an Authentication Agent for PolicyKit that
integrates well with the MATE desktop environment
See http://www.freedesktop.org/wiki/Software/PolicyKit for lots of
documentation, mailing lists, etc. about PolicyKit.
See also the file HACKING for notes of interest to developers working
on PolicyKit-mate.
Report bugs against PolicyKit-mate at github
https://github.com/mate-desktop/mate-polkit/issues
MATE polkit is a fork of GNOME polkit.
- CVE-2016-2849: side channel attack against DSA and ECDSA
- CVE-2016-2850: failure to enforce TLS policies could lead to weaker
algorithms being choosen
- CVE-2016-2195: heap overflow in ECC point decoding
- CVE-2016-2196: heap overflow in P-521 reduction
- CVE-2016-2194: DOS against the modular reduction
- CVE-2015-7824: padding oracle attack against TLS CBC
- CVE-2015-7825: DOS due to certificate chains
- CVE-2015-7826: wildcard certifications verification failures
- CVE-2015-7827: protection against PKCS#1 side channel issues
- CVE-2015-5726: potential DOS with invalid zero-length BER
- CVE-2015-5727: unbound memory use with BER
- deprecation or removal of various insecure crypto primitives
- TLS heartbeat removed
- various other bugfixes and improvements.
for all pkgsrc dir/file ownership rules. Fixes unprivileged
user/group names from leaking into binary packages, manifest as
non-fatal chown/chgrp failure messages at pkg_add time.
Bump respective packages' PKGREVISION.
1.3.2 - 2016-05-04
~~~~~~~~~~~~~~~~~~
* Updated Windows and OS X wheels to be compiled against OpenSSL 1.0.2h.
* Fixed an issue preventing ``cryptography`` from compiling against
LibreSSL 2.3.x.
Upstream changes:
0.06 2015/02/06
- fix for #77911 Patch to add more functions
- new constructors: new, rand, pseudo_rand, rand_range
- new methods: ucmp, num_bits, num_bytes, rshift, lshift, swap
- improved pod documentation (added missing functions)
- XS code cleanup
0.05 2015/02/04
- fix for #84369 Win32 compatibility patch
- fix for #100993 Memory not reclaimed when CTX object goes out of scope
- fix for #86561 typo fixes
- fix for #82959 Error in synopsis: Crypt::OpenSSL::Bignum->new_from_hex("0x3e8") returns "0"
- fix for #81537 to_bin method returns garbage when value is zero
- Add all SHA-2 hash functions: SHA-224, SHA-384 and SHA-512
in addition to the existing SHA-256. (Closes: #1223)
- Add support for CTR (Counter) chaining mode.
- Fix compilation error with OCaml 4.03+dev.
- Avoid using some obsolete OCaml stdlib functions.
Vault is a tool for securely accessing secrets. A secret is
anything that you want to tightly control access to, such as API
keys, passwords, certificates, and more. Vault provides a unified
interface to any secret, while providing tight access control and
recording a detailed audit log.
Noteworthy changes in version 2.1.12 (2016-05-04)
-------------------------------------------------
* gpg: New --edit-key sub-command "change-usage" for testing
purposes.
* gpg: Out of order key-signatures are now systematically detected
and fixed by --edit-key.
* gpg: Improved detection of non-armored messages.
* gpg: Removed the extra prompt needed to create Curve25519 keys.
* gpg: Improved user ID selection for --quick-sign-key.
* gpg: Use the root CAs provided by the system with --fetch-key.
* gpg: Add support for the experimental Web Key Directory key
location service.
* gpg: Improve formatting of Tofu messages and emit new Tofu specific
status lines.
* gpgsm: Add option --pinentry-mode to support a loopback pinentry.
* gpgsm: A new pubring.kbx is now created with the header blob so
that gpg can detect that the keybox format needs to be used.
* agent: Add read support for the new private key protection format
openpgp-s2k-ocb-aes.
* agent: Add read support for the new extended private key format.
* agent: Default to --allow-loopback-pinentry and add option
--no-allow-loopback-pinentry.
* scd: Changed to use the new libusb 1.0 API for the internal CCID
driver.
* dirmngr: The dirmngr-client does now auto-detect the PEM format.
* g13: Add experimental support for dm-crypt.
* w32: Tofu support is now available with the Speedo build method.
* w32: Removed the need for libiconv.dll.
* The man pages for gpg and gpgv are now installed under the correct
name (gpg2 or gpg - depending on a configure option).
* Lots of internal cleanups and bug fixes.
Noteworthy changes in version 1.22 (2016-04-25) [C18/A18/R0)
-----------------------------------------------
* New functions and macros to to provide iconv(3) on Windows.
* Support for LeakSanitizer with the gpgrt_annotate_leaked_object
inline function.
* Interface changes relative to the 1.21 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
GPG_ERR_DB_CORRUPTED NEW.
gpgrt_annotate_leaked_object NEW inline func.
GPGRT_ENABLE_W32_ICONV_MACROS NEW.
gpgrt_w32_iconv_open NEW.
gpgrt_w32_iconv_close NEW.
gpgrt_w32_iconv NEW.
Changes between 1.0.2g and 1.0.2h [3 May 2016]
*) Prevent padding oracle in AES-NI CBC MAC check
A MITM attacker can use a padding oracle attack to decrypt traffic
when the connection uses an AES CBC cipher and the server support
AES-NI.
This issue was introduced as part of the fix for Lucky 13 padding
attack (CVE-2013-0169). The padding check was rewritten to be in
constant time by making sure that always the same bytes are read and
compared against either the MAC or padding bytes. But it no longer
checked that there was enough data to have both the MAC and padding
bytes.
This issue was reported by Juraj Somorovsky using TLS-Attacker.
(CVE-2016-2107)
[Kurt Roeckx]
*) Fix EVP_EncodeUpdate overflow
An overflow can occur in the EVP_EncodeUpdate() function which is used for
Base64 encoding of binary data. If an attacker is able to supply very large
amounts of input data then a length check can overflow resulting in a heap
corruption.
Internally to OpenSSL the EVP_EncodeUpdate() function is primarly used by
the PEM_write_bio* family of functions. These are mainly used within the
OpenSSL command line applications, so any application which processes data
from an untrusted source and outputs it as a PEM file should be considered
vulnerable to this issue. User applications that call these APIs directly
with large amounts of untrusted data may also be vulnerable.
This issue was reported by Guido Vranken.
(CVE-2016-2105)
[Matt Caswell]
*) Fix EVP_EncryptUpdate overflow
An overflow can occur in the EVP_EncryptUpdate() function. If an attacker
is able to supply very large amounts of input data after a previous call to
EVP_EncryptUpdate() with a partial block then a length check can overflow
resulting in a heap corruption. Following an analysis of all OpenSSL
internal usage of the EVP_EncryptUpdate() function all usage is one of two
forms. The first form is where the EVP_EncryptUpdate() call is known to be
the first called function after an EVP_EncryptInit(), and therefore that
specific call must be safe. The second form is where the length passed to
EVP_EncryptUpdate() can be seen from the code to be some small value and
therefore there is no possibility of an overflow. Since all instances are
one of these two forms, it is believed that there can be no overflows in
internal code due to this problem. It should be noted that
EVP_DecryptUpdate() can call EVP_EncryptUpdate() in certain code paths.
Also EVP_CipherUpdate() is a synonym for EVP_EncryptUpdate(). All instances
of these calls have also been analysed too and it is believed there are no
instances in internal usage where an overflow could occur.
This issue was reported by Guido Vranken.
(CVE-2016-2106)
[Matt Caswell]
*) Prevent ASN.1 BIO excessive memory allocation
When ASN.1 data is read from a BIO using functions such as d2i_CMS_bio()
a short invalid encoding can casuse allocation of large amounts of memory
potentially consuming excessive resources or exhausting memory.
Any application parsing untrusted data through d2i BIO functions is
affected. The memory based functions such as d2i_X509() are *not* affected.
Since the memory based functions are used by the TLS library, TLS
applications are not affected.
This issue was reported by Brian Carpenter.
(CVE-2016-2109)
[Stephen Henson]
*) EBCDIC overread
ASN1 Strings that are over 1024 bytes can cause an overread in applications
using the X509_NAME_oneline() function on EBCDIC systems. This could result
in arbitrary stack data being returned in the buffer.
This issue was reported by Guido Vranken.
(CVE-2016-2176)
[Matt Caswell]
*) Modify behavior of ALPN to invoke callback after SNI/servername
callback, such that updates to the SSL_CTX affect ALPN.
[Todd Short]
*) Remove LOW from the DEFAULT cipher list. This removes singles DES from the
default.
[Kurt Roeckx]
*) Only remove the SSLv2 methods with the no-ssl2-method option. When the
methods are enabled and ssl2 is disabled the methods return NULL.
[Kurt Roeckx]
codecrypt is a program like gnupg (or netpgp) that uses only
quantum-computer-resistant algorithms
This is a GnuPG-like unix program for encryption and signing that uses
only quantum-computer-resistant algorithms:
+ McEliece cryptosystem (compact QC-MDPC variant) for encryption
+ Hash-based Merkle tree algorithm (FMTSeq variant) for digital
signatures
Stream ciphers used: ChaCha20, XSynd stream cipher, RC4 (for initial
simplicity of implementation)
CRHFs used:
+ Cubehash variants were selected for implementation ease, really
clean design, quite good speed and flexibility of parameter choices.
KeyID's are CUBE256 hashes of serialized public key.
+ ripemd128 for small hashes
+ tiger192 is used as an alternative for Cubehash for 192bit hashes
+ There's always a variant with SHA-256, SHA-384 or SHA-512.
Signature algorithms:
+ FMTSeq with many possibilities and combinations of aforementioned CRHFs
Encryption:
MDPC McEliece on quasi-cyclic matrices - decoding is (slightly)
vulnerable to timing attacks.
Version 1.0.3
- Do not call internal erlang erl_exit function (Christophe Romain)
Version 1.0.2
- Add support for cafile option (Evgeny Khramtsov)
- Better error checks (Michael Santos)
Fast TLS is a native TLS / SSL driver for Erlang / Elixir. It is
based on OpenSSL, a proven and efficient TLS implementation. It
is designed for efficiency, speed and compliance.
2.027 2016/04/20
- only added Changes for 2.026
2.026 2016/04/20
- update default server and client ciphers based on recommendation of
Mozilla and what the current browsers use. Notably this finally disables
RC4 for the client (was disabled for server long ago) and adds CHACHA20.
Changes:
16.0.0 (2016-03-19)
-------------------
This is the first release under full stewardship of PyCA.
We have made *many* changes to make local development more pleasing.
The test suite now passes both on Linux and OS X with OpenSSL 0.9.8,
1.0.1, and 1.0.2. It has been moved to `py.test <https://pytest.org/>`_,
all CI test runs are part of `tox <https://testrun.org/tox/>`_ and
the source code has been made fully `flake8
<https://flake8.readthedocs.org/>`_ compliant.
We hope to have lowered the barrier for contributions significantly
but are open to hear about any remaining frustrations.
Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- Python 3.2 support has been dropped.
It never had significant real world usage and has been dropped
by our main dependency ``cryptography``. Affected users should
upgrade to Python 3.3 or later.
Deprecations:
^^^^^^^^^^^^^
- The support for EGD has been removed.
The only affected function ``OpenSSL.rand.egd()`` now uses
``os.urandom()`` to seed the internal PRNG instead. Please see
`pyca/cryptography#1636
<https://github.com/pyca/cryptography/pull/1636>`_ for more
background information on this decision. In accordance with our
backward compatibility policy ``OpenSSL.rand.egd()`` will be
*removed* no sooner than a year from the release of 16.0.0.
Please note that you should `use urandom
<http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/>`_
for all your secure random number needs.
- Python 2.6 support has been deprecated.
Our main dependency ``cryptography`` deprecated 2.6 in version
0.9 (2015-05-14) with no time table for actually dropping it.
pyOpenSSL will drop Python 2.6 support once ``cryptography``
does.
Changes:
^^^^^^^^
- Fixed ``OpenSSL.SSL.Context.set_session_id``,
``OpenSSL.SSL.Connection.renegotiate``,
``OpenSSL.SSL.Connection.renegotiate_pending``, and
``OpenSSL.SSL.Context.load_client_ca``.
They were lacking an implementation since 0.14. `#422
<https://github.com/pyca/pyopenssl/pull/422>`_
- Fixed segmentation fault when using keys larger than 4096-bit to sign data.
`#428 <https://github.com/pyca/pyopenssl/pull/428>`_
- Fixed ``AttributeError`` when ``OpenSSL.SSL.Connection.get_app_data()``
was called before setting any app data.
`#304 <https://github.com/pyca/pyopenssl/pull/304>`_
- Added ``OpenSSL.crypto.dump_publickey()`` to dump ``OpenSSL.crypto.PKey``
objects that represent public keys, and ``OpenSSL.crypto.load_publickey()``
to load such objects from serialized representations.
`#382 <https://github.com/pyca/pyopenssl/pull/382>`_
- Added ``OpenSSL.crypto.dump_crl()`` to dump a certificate revocation
list out to a string buffer.
`#368 <https://github.com/pyca/pyopenssl/pull/368>`_
- Added ``OpenSSL.SSL.Connection.get_state_string()`` using the
OpenSSL binding ``state_string_long``.
`#358 <https://github.com/pyca/pyopenssl/pull/358>`_
- Added support for the ``socket.MSG_PEEK`` flag to
``OpenSSL.SSL.Connection.recv()`` and
``OpenSSL.SSL.Connection.recv_into()``.
`#294 <https://github.com/pyca/pyopenssl/pull/294>`_
- Added ``OpenSSL.SSL.Connection.get_protocol_version()`` and
``OpenSSL.SSL.Connection.get_protocol_version_name()``.
`#244 <https://github.com/pyca/pyopenssl/pull/244>`_
- Switched to ``utf8string`` mask by default.
OpenSSL formerly defaulted to a ``T61String`` if there were UTF-8
characters present. This was changed to default to ``UTF8String``
in the config around 2005, but the actual code didn't change it
until late last year. This will default us to the setting that
actually works. To revert this you can call
``OpenSSL.crypto._lib.ASN1_STRING_set_default_mask_asc(b"default")``.
`#234 <https://github.com/pyca/pyopenssl/pull/234>`_
Noteworthy changes in version 1.7.0 (2016-04-15) [C21/A1/R0]
------------------------------------------------
* New algorithms and modes:
- SHA3-224, SHA3-256, SHA3-384, SHA3-512, and MD2 hash algorithms.
- SHAKE128 and SHAKE256 extendable-output hash algorithms.
- ChaCha20 stream cipher.
- Poly1305 message authentication algorithm
- ChaCha20-Poly1305 Authenticated Encryption with Associated Data
mode.
- OCB mode.
- HMAC-MD2 for use by legacy applications.
* New curves for ECC:
- Curve25519.
- sec256k1.
- GOST R 34.10-2001 and GOST R 34.10-2012.
* Performance:
- Improved performance of KDF functions.
- Assembler optimized implementations of Blowfish and Serpent on
ARM.
- Assembler optimized implementation of 3DES on x86.
- Improved AES using the SSSE3 based vector permutation method by
Mike Hamburg.
- AVX/BMI is used for SHA-1 and SHA-256 on x86. This is for SHA-1
about 20% faster than SSSE3 and more than 100% faster than the
generic C implementation.
- 40% speedup for SHA-512 and 72% for SHA-1 on ARM Cortex-A8.
- 60-90% speedup for Whirlpool on x86.
- 300% speedup for RIPE MD-160.
- Up to 11 times speedup for CRC functions on x86.
* Other features:
- Improved ECDSA and FIPS 186-4 compliance.
- Support for Montgomery curves.
- gcry_cipher_set_sbox to tweak S-boxes of the gost28147 cipher
algorithm.
- gcry_mpi_ec_sub to subtract two points on a curve.
- gcry_mpi_ec_decode_point to decode an MPI into a point object.
- Emulation for broken Whirlpool code prior to 1.6.0. [from 1.6.1]
- Flag "pkcs1-raw" to enable PCKS#1 padding with a user supplied
hash part.
- Parameter "saltlen" to set a non-default salt length for RSA PSS.
- A SP800-90A conforming DRNG replaces the former X9.31 alternative
random number generator.
- Map deprecated RSA algo number to the RSA algo number for better
backward compatibility. [from 1.6.2]
- Use ciphertext blinding for Elgamal decryption [CVE-2014-3591].
See http://www.cs.tau.ac.il/~tromer/radioexp/ for details.
[from 1.6.3]
- Fixed data-dependent timing variations in modular exponentiation
[related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks
are Practical]. [from 1.6.3]
- Flag "no-keytest" for ECC key generation. Due to a bug in
the parser that flag will also be accepted but ignored by older
version of Libgcrypt. [from 1.6.4]
- Speed up the random number generator by requiring less extra
seeding. [from 1.6.4]
- Always verify a created RSA signature to avoid private key leaks
due to hardware failures. [from 1.6.4]
- Mitigate side-channel attack on ECDH with Weierstrass curves
[CVE-2015-7511]. See http://www.cs.tau.ac.IL/~tromer/ecdh/ for
details. [from 1.6.5]
* Internal changes:
- Moved locking out to libgpg-error.
- Support of the SYSROOT envvar in the build system.
- Refactor some code.
- The availability of a 64 bit integer type is now mandatory.
* Bug fixes:
- Fixed message digest lookup by OID (regression in 1.6.0).
- Fixed a build problem on NetBSD
- Fixed memory leaks in ECC code.
- Fixed some asm build problems and feature detection bugs.
* Interface changes relative to the 1.6.0 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
gcry_cipher_final NEW macro.
GCRY_CIPHER_MODE_CFB8 NEW constant.
GCRY_CIPHER_MODE_OCB NEW.
GCRY_CIPHER_MODE_POLY1305 NEW.
gcry_cipher_set_sbox NEW macro.
gcry_mac_get_algo NEW.
GCRY_MAC_HMAC_MD2 NEW.
GCRY_MAC_HMAC_SHA3_224 NEW.
GCRY_MAC_HMAC_SHA3_256 NEW.
GCRY_MAC_HMAC_SHA3_384 NEW.
GCRY_MAC_HMAC_SHA3_512 NEW.
GCRY_MAC_POLY1305 NEW.
GCRY_MAC_POLY1305_AES NEW.
GCRY_MAC_POLY1305_CAMELLIA NEW.
GCRY_MAC_POLY1305_SEED NEW.
GCRY_MAC_POLY1305_SERPENT NEW.
GCRY_MAC_POLY1305_TWOFISH NEW.
gcry_md_extract NEW.
GCRY_MD_FLAG_BUGEMU1 NEW [from 1.6.1].
GCRY_MD_GOSTR3411_CP NEW.
GCRY_MD_SHA3_224 NEW.
GCRY_MD_SHA3_256 NEW.
GCRY_MD_SHA3_384 NEW.
GCRY_MD_SHA3_512 NEW.
GCRY_MD_SHAKE128 NEW.
GCRY_MD_SHAKE256 NEW.
gcry_mpi_ec_decode_point NEW.
gcry_mpi_ec_sub NEW.
GCRY_PK_EDDSA NEW constant.
GCRYCTL_GET_TAGLEN NEW.
GCRYCTL_SET_SBOX NEW.
GCRYCTL_SET_TAGLEN NEW.
The RTM_RESOLVE symbol has been removed after the following change in
src/sys/net/route.h:
revision 1.98
date: 2016-04-04 09:37:07 +0200; author: ozaki-r; state: Exp; lines: +8 -6; commitid: r0chxU5ZkTdAqh1z;
Separate nexthop caches from the routing table
Bump PKGREVISION to 1
1.12 2015-08-16 CPAN Day release
- Add NoVersion parameter to CO::Armour->armour (GH#26)
1.11 2015-07-20
- Check that Crypt::OpenPGP::Cipher->new succeeded, RT#14033.
- Fix GH#7, when false data was discarded (@Camspi).
1.10 2015-07-06
- Update GnuPG defaults (@bk2204).
- Fix error propagation on generating RSA key (@niner).
1.09 2015-07-02
- Require Digest::SHA instead of Digest::SHA1, RT#82316 (@bk2204).
1.08 2014-11-20
- Move distribution to Dist::Zilla.
- Require Alt::Crypt::RSA::BigInt instead of Crypt::RSA.
- Apply a patch from RT#82314 (@bk2204, @kmx).
- Add a test case from GH#7, yet to be fixed (@throughnothing).
1.07 2014-06-23
- Reformatted Changes as per CPAN::Changes::Spec.
- Fixed hash randomisation bug (RT#81442).
- Documentation now references most recent "OpenPGP Message Format" RFC.
- Fixed typo in Pod (@dsteinbrunner).
- Improved ASCII armor detection (@gwillen).
Upstream changes:
2016-01-07 Dirk Eddelbuettel <edd@debian.org>
* DESCRIPTION (Version): Version 0.6.9
* DESCRIPTION (Date): Bumped Date: to current date
2016-01-06 Dirk Eddelbuettel <edd@debian.org>
* vignettes/sha1.Rmd: Small edits
2016-01-06 Thierry Onkelinx <thierry.onkelinx@inbo.be>
* R/sha1.R: Add functions to calculate stable SHA1 with floating points
* man/sha1.Rd: Add helpfile for sha1()
* tests/num2hexTest.R: unit tests for num2hex() (non exported function)
* tests/sha1Test.R: unit tests for sha1()
* NAMESPACE: Export sha1 and its methods
* DESCRIPTION: Add Thierry Onkelinx as contributor, bump Version and Date
* README.md: Add Thierry Onkelinx as contributor
* vignette/sha1.Rmd: Added
* .travis.yml: Added 'sudo: required' per recent Travis changes
2015-10-14 Dirk Eddelbuettel <edd@debian.org>
* man/digest.Rd: Remove references to inaccessible web pages
* man/hmac.Rd: Ditto
2015-10-13 Dirk Eddelbuettel <edd@debian.org>
* src/digest.c: Use uint32_t instead of int for nchar
2015-10-12 Qiang Kou <qkou@umail.iu.edu>
* src/digest.c: Use XLENGTH instead of LENGTH (PR #17, issue #16)
2015-08-06 Dirk Eddelbuettel <edd@debian.org>
* DESCRIPTION (Title): Updated now stressing 'compact' over 'crypto'
2014-12-30 Dirk Eddelbuettel <edd@debian.org>
* DESCRIPTION (Version): Version 0.6.8
* DESCRIPTION (Date): Bumped Date: to current date
2014-12-29 Dirk Eddelbuettel <edd@debian.org>
* inst/include/pmurhashAPI.h: Added HOWTO comment to top of file
2014-12-26 Dirk Eddelbuettel <edd@debian.org>
* src/pmurhash.c: Protect against _BIG_ENDIAN defined but empty
* inst/include/pmurhash.h: Consistent four space indentation
2014-12-25 Dirk Eddelbuettel <edd@debian.org>
* DESCRIPTION: Bump Date: and Version:
* src/init.c: Minor edit and removal of unused headers
2014-12-25 Wush Wu <wush978@gmail.com>
* inst/include/pmurhash.h: Export function
* src/init.c: Register function for use by other packages
2014-12-20 Dirk Eddelbuettel <edd@debian.org>
* DESCRIPTION (Version): Version 0.6.7
* DESCRIPTION (Date): Bumped Date: to current date
2014-12-19 Dirk Eddelbuettel <edd@debian.org>
* cleanup: Also remove src/symbols.rds
* src/sha2.c: Apply (slightly edited) patch from
https://www.nlnetlabs.nl/bugs-script/attachment.cgi?id=220&action=diff
to overcome the strict-aliasing warning
* src/digest.c: Use inttypes.h macro PRIx64 only on Windows
2014-12-16 Dirk Eddelbuettel <edd@debian.org>
* src/xxhash.c: Remove two semicolons to make gcc -pedantic happy
* tests/digestTest.Rout.save: Updated reflecting murmurHash test
* src/pmurhash.c: Renamed from PMurHash.c for naming consistency
* src/pmurhash.h: Renamed from PMurHash.h for naming consistency
2014-12-16 Jim Hester <james.f.hester@gmail.com>
* src/digest.c: murmurHash implementation
* tests/digestTest.R: murmurHash implementation
* R/digest.R: murmurHash implementation
* src/PMurHash.c: murmurHash implementation
* src/PMurHash.h: murmurHash implementation
2014-12-10 Dirk Eddelbuettel <edd@debian.org>
* src/xxhash.c: Applied pull request #6 by Jim Hester with updated
upstream code and already corrected UBSAN issue identified by CRAN
2014-12-09 Dirk Eddelbuettel <edd@debian.org>
* DESCRIPTION (Version): Version 0.6.6
* DESCRIPTION (Date): Bumped Date: to current date
* src/digest.c: Applied pull request #5 by Jim Hester providing
portable integer printing inttypes.h header
2014-12-08 Dirk Eddelbuettel <edd@debian.org>
* DESCRIPTION (Version): Version 0.6.5
* DESCRIPTION (Date): Bumped Date: to current date
* NAMESPACE: Expanded useDynLib() declaring C level symbols, in
particular using digest_impl to for the C-level digest
* R/AES.R: Use R symbols from NAMESPACE declaration in .Call()
* R/digest.R: Use R symbol digest_impl to load C level digest
2014-12-07 Dirk Eddelbuettel <edd@debian.org>
* DESCRIPTION: Edited Title and Description
* R/digest.R: Added GPL copyright header, reindented to four spaces
* src/digest.c: Reindented to four spaces
* R/AES.R: Reindented to four spaces
* R/hmac.R: Reindented to four spaces
2014-12-06 Dirk Eddelbuettel <edd@debian.org>
* src/digest.c: Updated GPL copyright header
* src/xxhash.c: Removed two spurious ';'
* man/digest.Rd: Document 'seed' argument in \usage
* tests/digest.Rout.save: Updated for expanded tests
* DESCRIPTION: Add Jim Hester to list of Authors
2014-12-05 Dirk Eddelbuettel <edd@debian.org>
* R/digest.R: Applied pull request #3 by Jim Hester with support for
xxHash (https://code.google.com/p/xxhash/)
* src/digest.c: Ditto
* src/xxhash.c: xxHash implementation supplied as part of #3
* src/xxhash.h: xxHash implementation supplied as part of #3
* R/digest.R: Applied pull request #4 by Jim Hester with expanded
support for xxHash providing xxhash32 and xxhash64
* src/digest.c: Ditto
* man/digest.Rd: Added documentation for xxHash, corrected typos
* src/digest.R: New support for a seed parameter used by xxHash
* tests/digestTest.R: Added tests for xxHash
2014-08-15 Dirk Eddelbuettel <edd@debian.org>
* R/hmac.R: Applied (slightly edited) patch for crc32 computation of
hmac kindly supplied by Suchen Jin
1.74 2016-04-12
README.OSX was missing from the distribution
1.73 2016-04-11
Added X509_get_X509_PUBKEY. Patch supplied by GUILHEM. Thanks.
Added README.OSX with instructions on how to build for recent OS X.
Added info about using OPENSSL_PREFIX to README.Win32.
Added comments in POD about installation documentation.
Added '/usr/local/opt/openssl/bin/openssl' to Openssl search path for
latest version of OSX homebrew openssl. Patch from Shoichi Kaji.
Noteworthy changes in version 2.0.30 (2016-03-31)
-------------------------------------------------
* gpg: Avoid too early timeout during key generation with 2.1 cards.
* agent: Fixed printing of ssh fingerprints for 384 bit ECDSA keys.
* agent: Fixed an alignment bug related to the passphrase
confirmation.
* scdaemon: Fixed a "conflicting usage" bug.
* scdaemon: Fixed usb card reader removal problem on Windows 8 and
later.
* Fixed a problem on AIX due to peculiarity with RLIMIT_NOFILE.
* Updated the Japanese and Dutch translations.
* Fixed a few other bugs.
Version 3.4.1 - released 2006-03-26
----------------------------------------
- Included tests/private.pem in MANIFEST.in
- Included README.md and CHANGELOG.txt in MANIFEST.in
Upstream changes:
2016-03-09 Gisle Aas <gisle@ActiveState.com>
Release 2.55
Gordon Stanton (2):
Make use warnings work including test cases.
Initial Travis config
Gisle Aas (1):
Avoid warning: 'static' is not at beginning of declaration [RT#105646]
1.3.1 - 2016-03-21
~~~~~~~~~~~~~~~~~~
* Fixed a bug that caused an ``AttributeError`` when using ``mock`` to patch
some ``cryptography`` modules.
1.3 - 2016-03-18
~~~~~~~~~~~~~~~~
* Added support for padding ANSI X.923 with
:class:`~cryptography.hazmat.primitives.padding.ANSIX923`.
* Deprecated support for OpenSSL 0.9.8. Support will be removed in
``cryptography`` 1.4.
* Added support for the :class:`~cryptography.x509.PolicyConstraints`
X.509 extension including both parsing and generation using
:class:`~cryptography.x509.CertificateBuilder` and
:class:`~cryptography.x509.CertificateSigningRequestBuilder`.
* Added :attr:`~cryptography.x509.CertificateSigningRequest.is_signature_valid`
to :class:`~cryptography.x509.CertificateSigningRequest`.
* Fixed an intermittent ``AssertionError`` when performing an RSA decryption on
an invalid ciphertext, ``ValueError`` is now correctly raised in all cases.
* Added
:meth:`~cryptography.x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier`.
2.025 2016/04/04
- Resolved memleak if SSL_crl_file was used: RT#113257, RT#113530
Thanks to avi[DOT]maslati[AT]forescout[DOT]com and
mark[DOT]kurman[AT]gmail[DOT]com for reporting the problem
1.22: Records created by Crypt::PWSafe3 (eg. the ones fetched
with getrecords) are now associated with the parent
object, so that you can modify them directly and call
$vault->save afterwards without using $vault->modifyrecord.
Erase passwd from memory using zeros instead of
random bytes. fixes github#9.
Fixed rt.cpan.org#112975: Crypt::ECB (which we use) have been
reworked and among other issues it fixed handline of padding.
PWSafe3.pm did not specify a padding scheme (because it doesn't
use it) and therefore Crypt::ECB enforced a default scheme
which lead to an invalid key size. Now we specify explicitly
padding:none, as suggested by Christoph Appel.
Upstream changes:
v2.15, 14.03.2016
- removing caching with v2.00 made Crypt::ECB ignorant of key changes
within the same Crypt::ECB object. Fixed, changing the key now
forces a new cipher object to be created.
- added some notes on upgrading from versions before v2.00 to the README
** Bug
* [CPPOST-91] - BOOST autoconf macros break with gcc5
Release Notes - OpenSAML 2 - C++ - Version 2.5.4
** Bug
* [CPPOST-87] - legacyOrgNames doesn't work as expected with empty
mdui:UIInfo
* [CPPOST-88] - Insufficient XML entity encoding in Metadata Status
generation
* [CPPOST-90] - Condition validation for empty element incorrectly
requires either a NotBefore or a NotOnOrAfter attribute
This is part of fixing PR pkg/50354
Changes since OpenSSH 7.2p1
===========================
This release fixes a security bug:
* sshd(8): sanitise X11 authentication credentials to avoid xauth
command injection when X11Forwarding is enabled.
Full details of the vulnerability are available at:
http://www.openssh.com/txt/x11fwd.adv
Changelog: 2016-03-05 PuTTY 0.67 released, fixing a SECURITY HOLE
PuTTY 0.67, released today, fixes a security hole in 0.66 and
before: vuln-pscp-sink-sscanf. It also contains a few other small
bug fixes.
Also, for the first time, the Windows executables in this release
(including the installer) are signed using an Authenticode certificate,
to help protect against tampering in transit from our website or
after downloading. You should find that they list "Simon Tatham"
as the verified publisher.
Changes since 2.4.1 from NEWS file:
2.5.1 - February 19th 2016
---------------------------
17 commits, 16 files changed, 1096 insertions, 42 deletions
- Add missing urn constants used in PAOS HTTP header
- Set NotBefore in SAML 2.0 login assertions
- tests: fix leak in test test16_test_get_issuer
- id-ff: fix leak of profile->private_data->message_id
- saml-2.0: fix leak of message_id in
lasso_profile_saml20_build_paos_request_msg
- tests: fix leaks in test_ecp
- xml: fix wrong termination of comment
- xml: fix leak in lasso_soap_envelope_new_full
- profile: fix leak of private idp_list field
- saml-2.0: fix leaks of url
- tests: fix leak
- tests: update valgrind suppressions
- perl: remove quotes from $PERL -V::ccflags: output (#9572)
- Fix wrong snippet type (fixes#9616). Thanks to Brett Gardner for the patch.
- tools.c: use correct NID and digest length when building RSA signature
using SHA-2 digest
(fixes#10019) Thanks to Brett Gardner for the patch.
- bindings/php5: fix enum getters and setters (fixes#10032). Thanks to
Brett Gardner for the bug report.
- fix warning about INCLUDES directive
2.5.0 - September 2nd 2015
--------------------------
151 commits, 180 files changed, 8391 insertions, 1339 deletions
- lots of bugfixes (reported by static analysis tools like clang,
coverity and manual inspection) thanks to Simo Sorce and John Dennis from
RedHat
- xsd:choices are now parsed correctly by implementing a real finite automata
for parsing XML documents. New flag for jumping forward and backward in
schema snippets have been added. It fixes parsing of message from third
party not following the ordre from the schema (they are entitled to do it but
most SAML implementations do not)
- added C CGI examples for SP and IdP side
- removed the _POSIX_SOURCE declaration
- added support for the SHA-2 family of hash functions
- fixed protocol profile selection when parsing AuthnRequest
- added support for Python 3, thanks to Houzefa Abbasbhay from
XCG Consulting
- fixed default value of WantAuthnRequestSigned in metadata parsing
- SAML 2.0 ECP is now functionnal, thanks to John Dennis from RedHat
- added two new API function to LassoProfile to extract the Issuer and
InResponseTo attribute of messages, allowing pre-treatment before parsing
the message, to load the metadata of the remote provider, or find the request
which the response matches.
- fixed segfault when parsing HTTP-Redirect marlformed base64 content
- added support for automake 1.15 (jdennis)
v2.10, 07.03.2016
- forgot another change in the v2.00 changelog...
- changed license from GPL to Artistic
- improved kwalitee:
- added license information to meta files
- removed test.pl
- added eg/ecb.pl (command line en- and decryption)
- added dummy cipher, so the test suite makes sense even if there are no block ciphers installed
- refactored test data from test scripts
Changelog:
0.22.1 (stable)
* Use SubjectKeyIdentifier for CKA_ID when available [#84761]
* Allow 'BEGIN PuBLIC KEY' PEM blocks in .p11-kit files
* Bump libtool library version
* Build fixes [#84665 ...]
0.22.0 (stable)
* Remove the 'isolated = yes' option due to unclear semantics
replacement forth coming in later versions.
* Use secure_getenv() where necessary
* Run separate binary for 'p11-kit remote' command
0.21.3 (unstable)
* New public pkcs11x.h header containing extensions [#83495]
* Export necessary defines to lookup attached extensions [#83495]
* Use term 'attached extensions' rather than 'stabled extensions'
* Make proxy module respect 'critical = no' [#83651]
* Show public-key-info in 'trust list --details'
* Build fixes [#75674 ...]
0.21.2 (unstable)
* Don't use invalid keys for looking up stapled extensions [#82328]
* Better error messages when invalid certificate extensions
* Fix parsing of some odd OpenSSL TRUSTED CERTIFICATE files
* Fix some leaks, and memory issues
* Silence some clang scanner warnings
* Fix build against older pthread implementations [#82617]
* Move to a non-recursive Makefile
* Can now specify which tests to run on command line
0.21.1 (unstable)
* Add new 'isolate' pkcs11 config option [#80472]
* Add 'p11-kit remote' command for isolating modules [#54105]
* Don't complain about C_Finalize after a fork
* Other minor fixes
0.20.3 (stable)
* Fix problems reinitializing managed modules after fork
* Fix bad bookeeping when fail initializing one of the modules
* Fix case where module would be unloaded while in use [#74919]
* Remove assertions when module used before initialized [#74919]
* Fix handling of mmap failure and mapping empty files [#74773]
* Stable p11_kit_be_quiet() and p11_kit_be_loud() functions
* Require automake 1.12 or later
* Build fixes for Windows [#76594#74149]
0.20.2 (stable)
* Fix bug where blacklist didn't affect extracted ca-anchors if the anchor
and blacklist were not in the same trust path (regression) [#73558]
* Check for race in BasicConstraints stapled extension [#69314]
* autogen.sh now runs configure as srcdir != builddir by default
* Build fixes and cleanup
0.20.1 (stable)
* Extract compat trust data after we've changes
* Skip compat extraction if running as non-root
* Better failure messages when removing anchors
* Build cleanup
0.20.0 (stable)
* Doc fixes
0.19.4 (unstable)
* 'trust anchor' now adds/removes certificate anchors
* 'trust list' lists trust policy stuff
* 'p11-kit extract' is now 'trust extract'
* 'p11-kit extract-trust' is now 'trust extract-compat'
* Workarounds for working on broken zfsonlinux.org [#68525]
* Add --with-module-config parameter to the configure script [#68122]
* Add support for removing stored PKCS#11 objects in trust module
* Various debugging tweaks
0.19.3 (unstable)
* Fix up problems with automake testing
* Fix a bunch of memory leaks in newly refactored code
* Don't use _GNU_SOURCE and the unportability it brings
* Testing fixes
0.19.2 (unstable)
* Add basic 'trust anchor' command to store a new anchor
* Support for writing out trust token objects
* Port to use CKA_PUBLIC_KEY_INFO and updated trust store spec
* Add option to use freebl for hashing
* Implement reloading of token data
* Fix warnings and possible minor bugs higlighted by code scanners
* Don't load configs in home directories when running setuid or setgid
* Support treating ~/.config as $XDG_CONFIG_HOME
* Use $XDG_DATA_HOME/pkcs11 as default user config directory
* Use $TMPDIR instead of $TEMP while testing
* Open files and fds with O_CLOEXEC
* Abort initialization if a critical module fails to load
* Don't use thread-unsafe functions: strerror, getpwuid
* Fix p11_kit_space_strlen() result when empty string
* Refactoring of where various components live
* Build fixes
0.19.1 (unstable)
* Refactor API to be able to handle managed modules
* Deprecate much of old p11-kit API
* Implement concept of managed modules
* Make C_CloseAllSessions function work for multiple callers
* New dependency on libffi
* Fix possible threading problems reported by hellgrind
* Add log-calls option
* Mark p11_kit_message() as a stable function
* Use our own unit testing framework
0.18.3 (stable)
* Fix reinitialization of trust module [#65401]
* Fix crash in trust module C_Initialize
* Mac OS fixes [#57714]
0.18.2 (stable)
* Build fixes [#64378 ...]
0.18.1 (stable)
* Put the external tools in $libdir/p11-kit
* Documentation build fixes
0.18.0 (stable)
* Fix use of trust module with gcr and empathy [#62896]
* Further tweaks to trust module date parsing
* Fix unaligned memory reads [#62819]
* Win32 fixes [#63062, #63046]
* Debug and logging tweaks [#62874]
* Other build fixes
0.17.5 (unstable)
* Don't try to guess at overflowing time values on 32-bit systems [#62825]
* Test fixes [#927394]
0.17.4 (unstable)
* Check for duplicate certificates in a token, warn and discard [#62548]
* Implement a proper index so we have decent load performance
0.17.3 (unstable)
* Use descriptive labels for the trust module tokens [#62534]
* Remove the temporary built in distrust objects
* Make extracted output directories and files read-only [#61898]
* Don't export unneccessary ABI
* Build fixes [#62479]
0.17.2 (unstable)
* Fix build on 32-bit linux
* Fix several crashers
0.17.1 (unstable)
* Support a p11-kit specific PKCS#11 attribute persistance format [#62156]
* Use the SHA1 hash of SPKI as the CKA_ID in the trust module by default [#62329]
* Refactor a trust builder which builds objects out of parsed data [#62329]
* Combine trust policy when extracting certificates [#61497]
* The extract --comment option adds comments to PEM bundles [#62029]
* A new 'priority' config option for ordering modules [#61978]
* Make each configured path its own trust module token [#61499]
* Use --with-trust-paths to configure trust module [#62327]
* Fix bug decoding some PEM files
* Better debug output for trust module lookups
* Work around bug in NSS when doing serial number lookups
* Work around broken strndup() function in firefox
* Fix the nickname for the distrusted attribute
* Build fixes
0.16.4 (stable)
* Display per command help again [#62153]
* Don't always print tools debug output [#62152]
0.16.3 (stable)
* When iterating don't skip tokens without the CKF_TOKEN_INITIALIZED flag
* Hardcode some distrust records for NSS temporarily
* Parse global options better in the p11-kit command
* Better debugging
0.16.2 (stable)
* Fix regression in 'p11-kit extract --purpose' option [#62009]
* Documentation updates
* Build fixes [#62001, ...]
0.16.1 (stable)
* Don't break when cA field of BasicConstraints is missing [#61975]
* Documentation fixes and updates
* p11-kit extract-trust is a placeholder script now
0.16.0 (stable)
* Update the pkcs11.h header for new mechanisms
* Fix build and tests on mingw64 (ie: win32)
* Relicense LGPL code to BSD license
* Documentation tweaks
* Pull translations from Transifex [#60792]
* Build fixes [#61739, #60894, #61740]
0.15.2 (unstable)
* Add German and Finish translations
* Better define the libtasn1 dependency
* Crasher and bug fixes
* Build fixes
0.15.1 (unstable)
* Fix some memory leaks
* Add a location for packages to drop module configs
* Documentation updates and fixes
* Add command line tool manual page
* Remove unused err() function and friends
* Move more code into common/ directory and refactor
* Add a system trust policy module
* Refactor how the p11-kit command line tool works
* Add p11-kit extract and extract-trust commands
* Don't complain if we cannot access ~/.pkcs11/pkcs11.conf
* Refuse to load the p11-kit-proxy.so as a registered module
* Don't fail initialization if last initialized module fails
0.14
* Change default for user-config to merge
* Always URI-encode the 'id' attribute in PKCS#11 URIs
* Expect a .module extension on module configs
* Windows compatibility fixes
* Testing fixes
* Build fixes
0.13
* Don't allow reading of PIN files larger than 4096 bytes
* If a module is not marked as critical then ignore init failure
* Use preconditions to check for input problems and out of memory
* Add enable-in and disable-in options to module config
* Fix the flags in pin.h
* Use gcc extensions to check varargs during compile
* Fix crasher when a duplicate module is present
* Fix broken hashmap behavior
* Testing fixes
* Win32 build fixes
* 'p11-kit -h' now works
* Documentation fixes
0.12
* Build fix
0.11
* Remove automatic reinitialization of PKCS#11 after fork
OAuth is an authorization protocol built on top of HTTP which allows
applications to securely access data without having to store usernames
and passwords.
v2.05, 04.03.2016
- make Crypt:ECB work under perl-5.8.* again
- some changes actually made in v2.00 haven't been mentioned in the changelog
- add some more block ciphers to the test suite
- minor changes in test.pl
- minor documentation update
Changelog:
Version 5.31, 2016.03.01, urgency: HIGH
* Security bugfixes
- OpenSSL DLLs updated to version 1.0.2g.
https://www.openssl.org/news/secadv_20160301.txt
* New features
- Added logging the list of client CAs requested by the server.
- Improved compatibility with the current OpenSSL 1.1.0-dev tree.
* Bugfixes
- Only reset the watchdog if some data was actually transferred.
- A workaround implemented for the unexpected exceptfds set by
select() on WinCE 6.0 (thx to Richard Kraemer).
v2.00, 19.02.2016
- better compatibility with current Crypt::CBC:
- allow passing options like Crypt::CBC does (new and old styles)
- allow passing an existing cipher object (RT bug 112020)
- added padding styles, including custom padding
- added methods for accessing keysize and blocksize of a cipher
- remove caching; the feature did finally not seem to make much sense
- use Test::More (thanks to Xavier Guimard for providing a patch, RT bug 82301)
- changed internal attribute names (foo -> _foo and Foo -> foo)
- much more internal code cleanup
- updated documentation
## v2.0.0
* Add django_util (#332)
* Avoid OAuth2Credentials `id_token` going out of sync after a token
refresh (#337)
* Move to a `contrib` sub-package code not considered a core part of
the library (#346, #353, #370, #375, #376, #382)
* Add `token_expiry` to `devshell` credentials (#372)
* Move `Storage` locking into a base class (#379)
* Added dictionary storage (#380)
* Added `to_json` and `from_json` methods to all `Credentials`
classes (#385)
* Fall back to read-only credentials on EACCES errors (#389)
* Coalesced the two `ServiceAccountCredentials`
classes (#395, #396, #397, #398, #400)
### Special Note About `ServiceAccountCredentials`:
-------------------------------------------------
For JSON keys, you can create a credential via
```py
from oauth2client.service_account import ServiceAccountCredentials
credentials = ServiceAccountCredentials.from_json_keyfile_name(
key_file_name, scopes=[...])
```
You can still rely on
```py
from oauth2client.client import GoogleCredentials
credentials = GoogleCredentials.get_application_default()
```
returning these credentials when you set the `GOOGLE_APPLICATION_CREDENTIALS`
environment variable.
For `.p12` keys, construct via
```py
credentials = ServiceAccountCredentials.from_p12_keyfil(
service_account_email, key_file_name, scopes=[...])
```
though we urge you to use JSON keys (rather than `.p12` keys) if you can.
This is equivalent to the previous method
```py
# PRE-oauth2client 2.0.0 EXAMPLE CODE!
from oauth2client.client import SignedJwtAssertionCredentials
with open(key_file_name, 'rb') as key_file:
private_key = key_file.read()
credentials = SignedJwtAssertionCredentials(
service_account_email, private_key, scope=[...])
```
Changes between 1.0.2f and 1.0.2g [1 Mar 2016]
* Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
Builds that are not configured with "enable-weak-ssl-ciphers" will not
provide any "EXPORT" or "LOW" strength ciphers.
[Viktor Dukhovni]
* Disable SSLv2 default build, default negotiation and weak ciphers. SSLv2
is by default disabled at build-time. Builds that are not configured with
"enable-ssl2" will not support SSLv2. Even if "enable-ssl2" is used,
users who want to negotiate SSLv2 via the version-flexible SSLv23_method()
will need to explicitly call either of:
SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2);
or
SSL_clear_options(ssl, SSL_OP_NO_SSLv2);
as appropriate. Even if either of those is used, or the application
explicitly uses the version-specific SSLv2_method() or its client and
server variants, SSLv2 ciphers vulnerable to exhaustive search key
recovery have been removed. Specifically, the SSLv2 40-bit EXPORT
ciphers, and SSLv2 56-bit DES are no longer available.
(CVE-2016-0800)
[Viktor Dukhovni]
*) Fix a double-free in DSA code
A double free bug was discovered when OpenSSL parses malformed DSA private
keys and could lead to a DoS attack or memory corruption for applications
that receive DSA private keys from untrusted sources. This scenario is
considered rare.
This issue was reported to OpenSSL by Adam Langley(Google/BoringSSL) using
libFuzzer.
(CVE-2016-0705)
[Stephen Henson]
*) Disable SRP fake user seed to address a server memory leak.
Add a new method SRP_VBASE_get1_by_user that handles the seed properly.
SRP_VBASE_get_by_user had inconsistent memory management behaviour.
In order to fix an unavoidable memory leak, SRP_VBASE_get_by_user
was changed to ignore the "fake user" SRP seed, even if the seed
is configured.
Users should use SRP_VBASE_get1_by_user instead. Note that in
SRP_VBASE_get1_by_user, caller must free the returned value. Note
also that even though configuring the SRP seed attempts to hide
invalid usernames by continuing the handshake with fake
credentials, this behaviour is not constant time and no strong
guarantees are made that the handshake is indistinguishable from
that of a valid user.
(CVE-2016-0798)
[Emilia Käsper]
*) Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
In the BN_hex2bn function the number of hex digits is calculated using an
int value |i|. Later |bn_expand| is called with a value of |i * 4|. For
large values of |i| this can result in |bn_expand| not allocating any
memory because |i * 4| is negative. This can leave the internal BIGNUM data
field as NULL leading to a subsequent NULL ptr deref. For very large values
of |i|, the calculation |i * 4| could be a positive value smaller than |i|.
In this case memory is allocated to the internal BIGNUM data field, but it
is insufficiently sized leading to heap corruption. A similar issue exists
in BN_dec2bn. This could have security consequences if BN_hex2bn/BN_dec2bn
is ever called by user applications with very large untrusted hex/dec data.
This is anticipated to be a rare occurrence.
All OpenSSL internal usage of these functions use data that is not expected
to be untrusted, e.g. config file data or application command line
arguments. If user developed applications generate config file data based
on untrusted data then it is possible that this could also lead to security
consequences. This is also anticipated to be rare.
This issue was reported to OpenSSL by Guido Vranken.
(CVE-2016-0797)
[Matt Caswell]
*) Fix memory issues in BIO_*printf functions
The internal |fmtstr| function used in processing a "%s" format string in
the BIO_*printf functions could overflow while calculating the length of a
string and cause an OOB read when printing very long strings.
Additionally the internal |doapr_outch| function can attempt to write to an
OOB memory location (at an offset from the NULL pointer) in the event of a
memory allocation failure. In 1.0.2 and below this could be caused where
the size of a buffer to be allocated is greater than INT_MAX. E.g. this
could be in processing a very long "%s" format string. Memory leaks can
also occur.
The first issue may mask the second issue dependent on compiler behaviour.
These problems could enable attacks where large amounts of untrusted data
is passed to the BIO_*printf functions. If applications use these functions
in this way then they could be vulnerable. OpenSSL itself uses these
functions when printing out human-readable dumps of ASN.1 data. Therefore
applications that print this data could be vulnerable if the data is from
untrusted sources. OpenSSL command line applications could also be
vulnerable where they print out ASN.1 data, or if untrusted data is passed
as command line arguments.
Libssl is not considered directly vulnerable. Additionally certificates etc
received via remote connections via libssl are also unlikely to be able to
trigger these issues because of message size limits enforced within libssl.
This issue was reported to OpenSSL Guido Vranken.
(CVE-2016-0799)
[Matt Caswell]
*) Side channel attack on modular exponentiation
A side-channel attack was found which makes use of cache-bank conflicts on
the Intel Sandy-Bridge microarchitecture which could lead to the recovery
of RSA keys. The ability to exploit this issue is limited as it relies on
an attacker who has control of code in a thread running on the same
hyper-threaded core as the victim thread which is performing decryptions.
This issue was reported to OpenSSL by Yuval Yarom, The University of
Adelaide and NICTA, Daniel Genkin, Technion and Tel Aviv University, and
Nadia Heninger, University of Pennsylvania with more information at
http://cachebleed.info.
(CVE-2016-0702)
[Andy Polyakov]
*) Change the req app to generate a 2048-bit RSA/DSA key by default,
if no keysize is specified with default_bits. This fixes an
omission in an earlier change that changed all RSA/DSA key generation
apps to use 2048 bits by default.
[Emilia Käsper]
Upstream changes:
News:
The main motivations for this release are bug fixes related to use
cases with large number of zones (more than 50 zones) in combination
with an XFR based setup. Too much concurrent zone transfers causes
new transfers to be held back. These excess transfers however were
not properly scheduled for later.
No migration steps needed when upgrading from OpenDNSSEC 1.4.8.
Bugfixes:
* Add TCP waiting queue. Fix signer getting `stuck' when adding
many zones at once. Thanks to Havard Eidnes to bringing this
to our attention.
* OPENDNSSEC-723: received SOA serial reported as on disk.
* Fix potential locking issue on SOA serial.
* Crash on shutdown. At all times join xfr and dns handler threads.
* Make handling of notifies more consistent. Previous implementation
would bounce between code paths.
Changes:
libssh2_session_set_last_error: Add function
mac: Add support for HMAC-SHA-256 and HMAC-SHA-512
WinCNG: support for SHA256/512 HMAC
kex: Added diffie-hellman-group-exchange-sha256 support
OS/400 crypto library QC3 support
Bug fixes:
diffie_hellman_sha256: convert bytes to bits CVE-2016-0787
SFTP: Increase speed and datasize in SFTP read
openssl: make libssh2_sha1 return error code
openssl: fix memleak in _libssh2_dsa_sha1_verify()
cmake: include CMake files in the release tarballs
Fix builds with Visual Studio 2015
hostkey.c: Fix compiling error when OPENSSL_NO_MD5 is defined
GNUmakefile: add support for LIBSSH2_LDFLAG_EXTRAS
GNUmakefile: add -m64 CFLAGS when targeting mingw64
kex: free server host key before allocating it (again)
SCP: add libssh2_scp_recv2 to support large (> 2GB) files on windows
channel: Detect bad usage of libssh2_channel_process_startup
userauth: Fix off by one error when reading public key file
kex: removed dupe entry from libssh2_kex_methods
_libssh2_error: Support allocating the error message
hostkey: fix invalid memory access if libssh2_dsa_new fails
hostkey: align code path of ssh_rsa_init to ssh_dss_init
libssh2.pc.in: fix the output of pkg-config --libs
wincng: fixed possible memory leak in _libssh2_wincng_hash
wincng: fixed _libssh2_wincng_hash_final return value
add OpenSSL 1.1.0-pre2 compatibility
agent_disconnect_unix: unset the agent fd after closing it
sftp: stop reading when buffer is full
sftp: Send at least one read request before reading
sftp: Don't return EAGAIN if data was written to buffer
sftp: Check read packet file offset
configure: build "silent" if possible
openssl: add OpenSSL 1.1.0-pre3-dev compatibility
GNUmakefile: list system libs after user libs
16.0.0 (2016-02-18)
-------------------
Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- Python 3.3 and 2.6 aren't supported anymore.
They may work by chance but any effort to keep them working has ceased.
The last Python 2.6 release was on October 29, 2013 and isn't supported by the CPython core team anymore.
Major Python packages like Django and Twisted dropped Python 2.6 a while ago already.
Python 3.3 never had a significant user base and wasn't part of any distribution's LTS release.
- pyOpenSSL versions older than 0.14 are not tested anymore.
They don't even build with recent OpenSSL versions.
Changes:
^^^^^^^^
- Officially support Python 3.5.
- ``service_identity.SubjectAltNameWarning`` is now raised if the server certicate lacks a proper ``SubjectAltName``.
[`#9 <https://github.com/pyca/service_identity/issues/9>`_]
- Add a ``__str__`` method to ``VerificationError``.
- Port from ``characteristic`` to its spiritual successor `attrs <https://attrs.readthedocs.org/>`_.
+ get rid of calls to snprintf which simply add the returned value to
the number of characters used so far. This practice is unsafe. Instead,
use a dynamic buffer and grow its size to accommodate the contents.
+ add USE_ARG definition to some files which use it but don't check to
see that it's been defined
pkgsrc changes:
+ Bump version number to 20160214
+ Use the same method as libnetpgpverify for finding the version number
from the sources.
Needed by py-google-api-python-client-1.4.2.
## v1.5.2
* Add access token refresh error class that includes HTTP status (#310)
* Python3 compatibility fixes for Django (#316, #318)
* Fix incremental auth in flask_util (#322)
* Fall back to credential refresh on EDEADLK in multistore_file (#336)
## v1.5.1
* Fix bad indent in `tools.run_flow()` (#301, bug was
introduced when switching from 2 space indents to 4)
## v1.5.0
* Fix (more like clarify) `bytes` / `str` handling in crypto
methods. (#203, #250, #272)
* Replacing `webapp` with `webapp2` in `oauth2client.appengine` (#217)
* Added optional `state` parameter to
`step1_get_authorize_url`. (#219 and #222)
* Added `flask_util` module that provides a Flask extension to aid
with using OAuth2 web server flow. This provides the same functionality
as the `appengine.webapp2` OAuth2Decorator, but will work with any Flask
application regardless of hosting environment. (#226, #273)
* Track scopes used on credentials objects (#230)
* Moving docs to [readthedocs.org][1] (#237, #238, #244)
* Removing `old_run` module. Was deprecated July 2, 2013. (#285)
* Avoid proxies when querying for GCE metadata (to check if
running on GCE) (#114, #293)
[1]: https://readthedocs.org/
## v1.4.12
* Fix OS X flaky test failure (#189).
* Fix broken OpenSSL import (#191).
* Remove `@util.positional` from wrapped request in `Credentials.authorize()`
(#196, #197).
* Changing pinned dependencies to `>=` (#200, #204).
* Support client authentication using `Authorization` header (#206).
* Clarify environment check in case where GAE imports succeed but GAE services
aren't available (#208).
## v1.4.11
* Better environment detection with Managed VMs.
* Better OpenSSL detection in exotic environments.
## v1.4.10
* Update the `OpenSSL` check to be less strict about finding `crypto.py` in
the `OpenSSL` directory.
* `tox` updates for new environment handling in `tox`.
## v1.4.9
* Ensure that the ADC fails if we try to *write* the well-known file to a
directory that doesn't exist, but not if we try to *read* from one.
## v1.4.8
* Better handling of `body` during token refresh when `body` is a stream.
* Better handling of expired tokens in storage.
* Cleanup around `openSSL` import.
* Allow custom directory for the `well_known_file`.
* Integration tests for python2 and python3. (!!!)
* Stricter file permissions when saving the `well_known_file`.
* Test cleanup around config file locations.
## v1.4.7
* Add support for Google Developer Shell credentials.
* Better handling of filesystem errors in credential refresh.
* python3 fixes
* Add `NO_GCE_CHECK` for skipping GCE detection.
* Better error messages on `InvalidClientSecretsError`.
* Comment cleanup on `run_flow`.
## v1.4.6
* Add utility function to convert PKCS12 key to PEM. (#115)
* Change GCE detection logic. (#93)
* Add a tox env for doc generation.
## v1.4.5
* Set a shorter timeout for an Application Default Credentials issue on some
networks. (#93, #101)
* Test cleanup, switch from mox to mock. (#103)
* Switch docs to sphinx from epydoc.
## v1.4.4
* Fix a bug in bytes/string encoding of headers.
## v1.4.3
* Big thanks to @dhermes for spotting and fixing a mess in our test setup.
* Fix a serious issue with tests not being run. (#86, #87, #89)
* Start credentials cleanup for single 2LO/3LO call. (#83, #84)
* Clean up stack traces when re-raising in some places. (#79)
* Clean up doc building. (#81, #82)
* Fixed minimum version for `six` dependency. (#75)
What is the Tor Browser?
The Tor software protects you by bouncing your communications around
a distributed network of relays run by volunteers all around the
world: it prevents somebody watching your Internet connection from
learning what sites you visit, it prevents the sites you visit from
learning your physical location, and it lets you access sites which
are blocked.
Noteworthy changes in version 1.6.5 (2016-02-09) [C20/A0/R5]
------------------------------------------------
* Mitigate side-channel attack on ECDH with Weierstrass curves
[CVE-2015-7511]. See http://www.cs.tau.ac.IL/~tromer/ecdh/ for
details.
* Fix build problem on Solaris.
Upstream changes:
0.11 2015-10-09 rurban
- add libressl support, unsupported random_egd() with libressl
0.10 2015-02-04 rurban
- fix LIBS argument, fatal on Windows. thanks to kmx
0.09 2015-02-04 rurban
- add missing hints/MSWin32.pl (kmx, RT #56455)
- add a couple of distro tests
- fix gcov target
0.08 2015-02-03 rurban
- remove Devel::CheckLib which does not work for 2 required libs
- replace DynaLoader by XSLoader
0.07 2015-02-03 rurban
- Bump version to publish an official release
0.06 rurban
- Typo in doc (dsteinbrunner)
0.05 2013-04-02 14:31:30 rurban
- Add inc/Devel/CheckLib, improve POD, add README and some helper targets
- Better diagnostics when the openssl libraries are not found
- Support INCDIR= and LIBDIR= arguments to Makefile.PL
- Add MSWin32 hints to find the openssl libraries
- Autocreate README
- Fix some -Wpointer-sign warnings
- Remove wrong Crypt::OpenSSL::RSA package names in docs and errmsg
2.024 2016/02/06
- Work around issue where the connect fails on systems having only a loopback
interface and where IO::Socket::IP is used as super class (default when
available). Since IO::Socket::IP sets AI_ADDRCONFIG by default connect to
localhost would fail on this systems. This happened at least for the tests,
see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813796
Workaround is to explicitely set GetAddrInfoFlags to 0 if no GetAddrInfoFlags
is set but the Family/Domain is given. In this case AI_ADDRCONFIG would not
be useful anyway but would cause at most harm.
- Handle the case where the CPU supports AVX, but we are running
on an hypervisor with AVX disabled/not supported.
- Faster (2x) scalarmult_base() when using the ref10 implementation
ocaml.mk. It was becoming more trouble than it was worth: only a minority
of packages used it, and it only made Makefiles more confusing.
(I've left out some packages: these will be updated forthwith)
which contains all the trusted certificates in PEM format. This file
can e.g. be used with command line clients like "curl" or "wget" to
validate certificates.
2.0.1:
- Flush temporary file before opening attachment. [#390]
- Disable password generator when showing entry in history mode. [#422]
- Strip invalid XML chars when writing databases. [#392]
- Add repair function to fix databases with invalid XML chars. [#392]
- Display custom icons scaled. [#322]
- Allow opening databases that have no password and keyfile. [#391]
- Fix crash when importing .kdb files with invalid icon ids. [#425]
- Update translations.
2.0.2:
- Fix regression in database writer that caused it to strip certain special
characters (characters from Unicode plane > 0).
- Fix bug in repair function that caused it to strip non-ASCII characters.
0.5.2 (2015-11-23)
=====
* Add OPENSSL_NO_SSL3 preprocessor flag to disable SSLv3 (thanks Jérémie
Courrèges-Anglas).
0.5.1 (2015-05-27)
=====
* Fix META file for versions of OCaml older than 4.02.0 (thanks Anil
Madhavapeddy, closes#20).
0.5.0 (2015-05-18)
=====
* Allow to honor server cipher preferences (thanks mfp, closes#18).
* Add functions for reading into/writing from bigarrays, avoiding copy (thanks
mfp, closes#15).
* Support disabling SSL protocol versions (thanks Edwin Török, closes#13).
* Use Bytes instead of String for read and write, changes the ABI thus the
version bump (thanks Vincent Bernardoff, closes#16, and mfp, closes#19).
* Make verbosity of client_verify_callback configurable (thanks Nicolas Trangez,
closes#12).
* Fix build with old versions of SSL (thanks Edwin Török, closes#10).
Fix some pkglint while here.
NEWS for the Nettle 3.2 release
Bug fixes:
* The SHA3 implementation is updated according to the FIPS 202
standard. It is not interoperable with earlier versions of
Nettle. Thanks to Nikos Mavrogiannopoulos. To easily
differentiate at compile time, sha3.h defines the constant
NETTLE_SHA3_FIPS202.
* Fix corner-case carry propagation bugs affecting elliptic
curve operations on the curves secp_256r1 and secp_384r1 on
certain platforms, including x86_64. Reported by Hanno Böck.
New features:
* New functions for RSA private key operations, identified by
the "_tr" suffix, with better resistance to side channel
attacks and to hardware or software failures which could
break the CRT optimization. See the Nettle manual for
details. Initial patch by Nikos Mavrogiannopoulos.
* New functions nettle_version_major, nettle_version_minor, as
a run-time variant of the compile-time constants
NETTLE_VERSION_MAJOR and NETTLE_VERSION_MINOR.
Optimizations:
* New ARM Neon implementation of the chacha stream cipher.
Miscellaneous:
* ABI detection on mips, with improved default libdir
location. Contributed by Klaus Ziegler.
* Fixes for ARM assembly syntax, to work better with the clang
assembler. Thanks to Jukka Ukkonen.
* Disabled use of ifunc relocations for fat builds, to fix
problems most easily triggered by using dlopen RTLD_NOW.
The shared library names are libnettle.so.6.2 and
libhogweed.so.4.2, with sonames still libnettle.so.6 and
libhogweed.so.4. It is intended to be fully binary compatible
with nettle-3.1.
-------------------
Revision history for Perl extension Net::OpenSSH.
0.70 Jan 20, 2016
- Re-release as stable.
0.69_01 Jan 14, 2016
- Add fish.pm to MANIFEST (bug reported by Erik Ferguson).
0.68 Dec 20, 2015
- Rerelease as stable.
0.67_02 Dec 4, 2015
- Do not croak when a method gets an unknown argument as far
as its value is undef.
0.67_01 Nov 7, 2015
- fix internal waitpid usage (bug report by Konrad
Bucheli, #rt108516)
- use strict and warnings in Net::OpenSSH::ConnectionCache
(bug report and fix by Mohammad S Anwar)
0.66 Oct 11, 2015
- documentation fix (reported by Alex Kok)
- allow redirecting debug output to a custom file handle
0.65_06 Aug 26, 2015
- accept IPv6 addresess with zone indexes (bug report by
Cserb叩k M叩rton)
- some documentation corrections (bug report and patch by
Florian Schlichting)
0.65_05 Jul 13, 2015
- improve documentation
0.65_04 Jul 13, 2015
- add support for Object::Remote framework integration
- be more explicit on errors about non matching host public
keys if possible (still unfinished, bug report by Ferenc
Erki)
- add support for connecting to remote unix sockets (requires
patch to OpenSSH)
0.65_03 Jun 18, 2015
- remove defined-or operator usage in order to remain perl
5.8.x compatible
0.65_02 Jun 17, 2015
- accept as targets URIs where the username contains the at
sign (bug report by Mark Rushing)
0.65_01 Mar 12, 2015
- add disown_master method
- add sshfs_mount.pl sample
0.64 Mar 12, 2015
WARNING: mayor internal changes have been introduced since
last stable release!!!
- Rerelease as stable
0.63_07 Jan 25, 2015
- umask is not thread safe, avoid it (bug report and fix by
Shaun Pankau)
0.63_06 Jan 15, 2015
- DESTROY was overwritting $@
0.63_05 Jan 8, 2015
WARNING, this is a mayor internal change!!!
it may introduce regression bugs!!!
===============================================================
- completely revamp internal logic for master monitoring
===============================================================
- add constructor option 'connect'
- add method 'any'
- add "contributing code" documentation section
- update TODO list
0.63_04 Jan 4, 2015
- remove usage of defined-or operator in order to restore
support for perl 5.8
0.63_03 Jan 3, 2015
- remove usage of defined-or operator in order to restore
support for perl 5.8
0.63_02 Jan 2, 2015
- make module instalable on Windows and Cygwin
- fix error on regular expression inside quoting.t (bug report
by Slaven Rezic)
- documentation section about security added
- doc corrections (reported by Gregor Herrmann from Debian)
- AT&T ksh is broken, don't use it when testing quoting
functions (bug report by Greg Oldendick)
0.63_01 Jun 14, 2014
- add clean_cache method to Net::OpenSSH::ConnectionCache (bug
report by Mithun Ayachit)
0.62 Jun 14, 2014
- rerelease as stable
0.61_18 May 6, 2014
- add passwd_prompt feature
- check for the password not being requested a second time
(bug report by leschm)
- more spelling errors corrected
0.61_17 Apr 24, 2014
- lots of spelling errors corrected
- support code for master_setpgrp feature was not reseting the
terminal process group owner on failure (bug report by
Matthias Hofer)
- MSWin, MSCmd and Chain quoters where missing from the
MANIFEST and so not being distributed
- document MSWin and MSCmd quoters
- add dummy package Net::OpenSSH::SSH
0.61_16 Apr 6, 2014
- add work around in quoting.t for Solaris csh 'fixing'
invalid UTF8 sequences
0.61_15 Apr 2, 2014
- from OpenSSH version 6.5 UNKNOWN is not a valid
you-are-not-going-to-use-it-anyway hostname as it tries to
resolve; now we use 0.0.0.0 instead
- add support for master_setpgrp and setpgrp features
- scp does not accept setting bandwidth limit to 0
0.61_14 Oct 30, 2013
- the way used in tests to detect when they are running in the
background was broken (bug report by Victor Efimov)
0.61_13 Oct 28, 2013
- set bath_mode when test are being run on the background
(bug report by Victor Efimov)
- disable testing against custom ssh server as it is currently
broken
0.61_12 Oct 10, 2013
- rsync_* was not replicating time attributes when copy_attrs
was set (bug report and fix by SUN Guonian)
- add chain quoter
- add quoters for MS Windows (MSWin, MSCmd)
- extended argument quoting was never triggered
- stream_encoding option was not accepted by capture2 method
- glob_quoting option was not accepted by most methods
- rename quote_style option as remote_shell
0.61_11 Aug 29, 2013
- rsync_get method relied on a feature not available in old
but still widely used versions of rsync (bug report by
laiweiwei)
0.61_10 Jul 29, 2013
- disable ControlPersist only when OpenSSH version >= 5.6 (bug
report by Philippe Bruhat)
- autodetect OpenSSH version during object creation
0.61_09 Jul 19, 2013
- forcibly disable ControlPersist that may have been set from
ssh configuration files (bug report by Philippe Bruhat)
0.61_08 Jul 19, 2013
- fix test errors on perl 5.8
0.61_07 Jul 15, 2013
- capture methods were not hanling retriable errors correctly
(bug report by Victor Efimov)
0.61_06 Jul 12, 2013
- another take into the shell_is_clean sanity check. Now we
mimic sshd close enough to fool bash and make it behave as
when really called by sshd
0.61_05 Jul 11, 2013
- add shell_is_clean sanity check to test scripts to avoid
false negatives while testing (bug report by Karen
Etheridge)
0.61_04 Jun 28, 2013
- print more informative error messages when loading an
optional module fail
- remove useless old fix for a nonexistent bug on
_fileno_dup_over (un-bug report by Tammy Rockvam)
0.61_03 May 10, 2013
- when testing on AIX don't check mux socket permissions and
use correct ps arguments (bug report by mwatson)
- apply doc patch by Florian of Debian project
- add open3socket method
- open2socket and open2pty now return the socket and pty
respectively when called on scalar context
- methods returning several file objects now croak when called
on scalar context
0.61_02 Apr 16, 2013
- add support for multiple shell quoting backends
- add support for X11 forwarding
0.61_01 Mar 18, 2013
- remote shell detection code was broken in tests (bug report
by Neil Bowers)
- skip tests requiring a bourne shell when the remote shell is
csh or some derivative as tcsh
0.60 Feb 15, 2013
- scp_put and rsync_put where not handling correctly the case
where glob was set but the given file patterns didn't match
any local file (bug report by Pavel Leity).
- $SIG{__DIE__} was not always localized before calling eval
0.59 Jan 31, 2013
- release as stable
- fix some misspellings
0.58_04 May 2, 2012
- solve some git merge mistakes
0.58_03 May 1, 2012
- several misspellings corrected on the docs (bug report by
Florian Schlichting from Debian - I love these guys!)
- don't put square brackets around IPv6 addreses when passing
the hostname to ssh (bug report by Alexey ?)
0.58_02 Apr 16, 2012
- strict_mode lets pass world-writable directories if they
have the restricted deletion flag set
- implement sshfs import and export methods
- add forward_agent feature
- do not disable ssh-agent when using password authentication
- some documentation improvements
0.58_01 Jan 30, 2012
- add new documentation section about debugging
- new helper module Net::OpenSSH::OSTracer added
- ConnectionCache module was missing from MANIFEST
- correction on default_ssh_opts feature documentation
(reported by Yann Kerherv.)
