v2.05, 04.03.2016
- make Crypt:ECB work under perl-5.8.* again
- some changes actually made in v2.00 haven't been mentioned in the changelog
- add some more block ciphers to the test suite
- minor changes in test.pl
- minor documentation update
Changelog:
Version 5.31, 2016.03.01, urgency: HIGH
* Security bugfixes
- OpenSSL DLLs updated to version 1.0.2g.
https://www.openssl.org/news/secadv_20160301.txt
* New features
- Added logging the list of client CAs requested by the server.
- Improved compatibility with the current OpenSSL 1.1.0-dev tree.
* Bugfixes
- Only reset the watchdog if some data was actually transferred.
- A workaround implemented for the unexpected exceptfds set by
select() on WinCE 6.0 (thx to Richard Kraemer).
v2.00, 19.02.2016
- better compatibility with current Crypt::CBC:
- allow passing options like Crypt::CBC does (new and old styles)
- allow passing an existing cipher object (RT bug 112020)
- added padding styles, including custom padding
- added methods for accessing keysize and blocksize of a cipher
- remove caching; the feature did finally not seem to make much sense
- use Test::More (thanks to Xavier Guimard for providing a patch, RT bug 82301)
- changed internal attribute names (foo -> _foo and Foo -> foo)
- much more internal code cleanup
- updated documentation
## v2.0.0
* Add django_util (#332)
* Avoid OAuth2Credentials `id_token` going out of sync after a token
refresh (#337)
* Move to a `contrib` sub-package code not considered a core part of
the library (#346, #353, #370, #375, #376, #382)
* Add `token_expiry` to `devshell` credentials (#372)
* Move `Storage` locking into a base class (#379)
* Added dictionary storage (#380)
* Added `to_json` and `from_json` methods to all `Credentials`
classes (#385)
* Fall back to read-only credentials on EACCES errors (#389)
* Coalesced the two `ServiceAccountCredentials`
classes (#395, #396, #397, #398, #400)
### Special Note About `ServiceAccountCredentials`:
-------------------------------------------------
For JSON keys, you can create a credential via
```py
from oauth2client.service_account import ServiceAccountCredentials
credentials = ServiceAccountCredentials.from_json_keyfile_name(
key_file_name, scopes=[...])
```
You can still rely on
```py
from oauth2client.client import GoogleCredentials
credentials = GoogleCredentials.get_application_default()
```
returning these credentials when you set the `GOOGLE_APPLICATION_CREDENTIALS`
environment variable.
For `.p12` keys, construct via
```py
credentials = ServiceAccountCredentials.from_p12_keyfil(
service_account_email, key_file_name, scopes=[...])
```
though we urge you to use JSON keys (rather than `.p12` keys) if you can.
This is equivalent to the previous method
```py
# PRE-oauth2client 2.0.0 EXAMPLE CODE!
from oauth2client.client import SignedJwtAssertionCredentials
with open(key_file_name, 'rb') as key_file:
private_key = key_file.read()
credentials = SignedJwtAssertionCredentials(
service_account_email, private_key, scope=[...])
```
Changes between 1.0.2f and 1.0.2g [1 Mar 2016]
* Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
Builds that are not configured with "enable-weak-ssl-ciphers" will not
provide any "EXPORT" or "LOW" strength ciphers.
[Viktor Dukhovni]
* Disable SSLv2 default build, default negotiation and weak ciphers. SSLv2
is by default disabled at build-time. Builds that are not configured with
"enable-ssl2" will not support SSLv2. Even if "enable-ssl2" is used,
users who want to negotiate SSLv2 via the version-flexible SSLv23_method()
will need to explicitly call either of:
SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2);
or
SSL_clear_options(ssl, SSL_OP_NO_SSLv2);
as appropriate. Even if either of those is used, or the application
explicitly uses the version-specific SSLv2_method() or its client and
server variants, SSLv2 ciphers vulnerable to exhaustive search key
recovery have been removed. Specifically, the SSLv2 40-bit EXPORT
ciphers, and SSLv2 56-bit DES are no longer available.
(CVE-2016-0800)
[Viktor Dukhovni]
*) Fix a double-free in DSA code
A double free bug was discovered when OpenSSL parses malformed DSA private
keys and could lead to a DoS attack or memory corruption for applications
that receive DSA private keys from untrusted sources. This scenario is
considered rare.
This issue was reported to OpenSSL by Adam Langley(Google/BoringSSL) using
libFuzzer.
(CVE-2016-0705)
[Stephen Henson]
*) Disable SRP fake user seed to address a server memory leak.
Add a new method SRP_VBASE_get1_by_user that handles the seed properly.
SRP_VBASE_get_by_user had inconsistent memory management behaviour.
In order to fix an unavoidable memory leak, SRP_VBASE_get_by_user
was changed to ignore the "fake user" SRP seed, even if the seed
is configured.
Users should use SRP_VBASE_get1_by_user instead. Note that in
SRP_VBASE_get1_by_user, caller must free the returned value. Note
also that even though configuring the SRP seed attempts to hide
invalid usernames by continuing the handshake with fake
credentials, this behaviour is not constant time and no strong
guarantees are made that the handshake is indistinguishable from
that of a valid user.
(CVE-2016-0798)
[Emilia Käsper]
*) Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
In the BN_hex2bn function the number of hex digits is calculated using an
int value |i|. Later |bn_expand| is called with a value of |i * 4|. For
large values of |i| this can result in |bn_expand| not allocating any
memory because |i * 4| is negative. This can leave the internal BIGNUM data
field as NULL leading to a subsequent NULL ptr deref. For very large values
of |i|, the calculation |i * 4| could be a positive value smaller than |i|.
In this case memory is allocated to the internal BIGNUM data field, but it
is insufficiently sized leading to heap corruption. A similar issue exists
in BN_dec2bn. This could have security consequences if BN_hex2bn/BN_dec2bn
is ever called by user applications with very large untrusted hex/dec data.
This is anticipated to be a rare occurrence.
All OpenSSL internal usage of these functions use data that is not expected
to be untrusted, e.g. config file data or application command line
arguments. If user developed applications generate config file data based
on untrusted data then it is possible that this could also lead to security
consequences. This is also anticipated to be rare.
This issue was reported to OpenSSL by Guido Vranken.
(CVE-2016-0797)
[Matt Caswell]
*) Fix memory issues in BIO_*printf functions
The internal |fmtstr| function used in processing a "%s" format string in
the BIO_*printf functions could overflow while calculating the length of a
string and cause an OOB read when printing very long strings.
Additionally the internal |doapr_outch| function can attempt to write to an
OOB memory location (at an offset from the NULL pointer) in the event of a
memory allocation failure. In 1.0.2 and below this could be caused where
the size of a buffer to be allocated is greater than INT_MAX. E.g. this
could be in processing a very long "%s" format string. Memory leaks can
also occur.
The first issue may mask the second issue dependent on compiler behaviour.
These problems could enable attacks where large amounts of untrusted data
is passed to the BIO_*printf functions. If applications use these functions
in this way then they could be vulnerable. OpenSSL itself uses these
functions when printing out human-readable dumps of ASN.1 data. Therefore
applications that print this data could be vulnerable if the data is from
untrusted sources. OpenSSL command line applications could also be
vulnerable where they print out ASN.1 data, or if untrusted data is passed
as command line arguments.
Libssl is not considered directly vulnerable. Additionally certificates etc
received via remote connections via libssl are also unlikely to be able to
trigger these issues because of message size limits enforced within libssl.
This issue was reported to OpenSSL Guido Vranken.
(CVE-2016-0799)
[Matt Caswell]
*) Side channel attack on modular exponentiation
A side-channel attack was found which makes use of cache-bank conflicts on
the Intel Sandy-Bridge microarchitecture which could lead to the recovery
of RSA keys. The ability to exploit this issue is limited as it relies on
an attacker who has control of code in a thread running on the same
hyper-threaded core as the victim thread which is performing decryptions.
This issue was reported to OpenSSL by Yuval Yarom, The University of
Adelaide and NICTA, Daniel Genkin, Technion and Tel Aviv University, and
Nadia Heninger, University of Pennsylvania with more information at
http://cachebleed.info.
(CVE-2016-0702)
[Andy Polyakov]
*) Change the req app to generate a 2048-bit RSA/DSA key by default,
if no keysize is specified with default_bits. This fixes an
omission in an earlier change that changed all RSA/DSA key generation
apps to use 2048 bits by default.
[Emilia Käsper]
Upstream changes:
News:
The main motivations for this release are bug fixes related to use
cases with large number of zones (more than 50 zones) in combination
with an XFR based setup. Too much concurrent zone transfers causes
new transfers to be held back. These excess transfers however were
not properly scheduled for later.
No migration steps needed when upgrading from OpenDNSSEC 1.4.8.
Bugfixes:
* Add TCP waiting queue. Fix signer getting `stuck' when adding
many zones at once. Thanks to Havard Eidnes to bringing this
to our attention.
* OPENDNSSEC-723: received SOA serial reported as on disk.
* Fix potential locking issue on SOA serial.
* Crash on shutdown. At all times join xfr and dns handler threads.
* Make handling of notifies more consistent. Previous implementation
would bounce between code paths.
Changes:
libssh2_session_set_last_error: Add function
mac: Add support for HMAC-SHA-256 and HMAC-SHA-512
WinCNG: support for SHA256/512 HMAC
kex: Added diffie-hellman-group-exchange-sha256 support
OS/400 crypto library QC3 support
Bug fixes:
diffie_hellman_sha256: convert bytes to bits CVE-2016-0787
SFTP: Increase speed and datasize in SFTP read
openssl: make libssh2_sha1 return error code
openssl: fix memleak in _libssh2_dsa_sha1_verify()
cmake: include CMake files in the release tarballs
Fix builds with Visual Studio 2015
hostkey.c: Fix compiling error when OPENSSL_NO_MD5 is defined
GNUmakefile: add support for LIBSSH2_LDFLAG_EXTRAS
GNUmakefile: add -m64 CFLAGS when targeting mingw64
kex: free server host key before allocating it (again)
SCP: add libssh2_scp_recv2 to support large (> 2GB) files on windows
channel: Detect bad usage of libssh2_channel_process_startup
userauth: Fix off by one error when reading public key file
kex: removed dupe entry from libssh2_kex_methods
_libssh2_error: Support allocating the error message
hostkey: fix invalid memory access if libssh2_dsa_new fails
hostkey: align code path of ssh_rsa_init to ssh_dss_init
libssh2.pc.in: fix the output of pkg-config --libs
wincng: fixed possible memory leak in _libssh2_wincng_hash
wincng: fixed _libssh2_wincng_hash_final return value
add OpenSSL 1.1.0-pre2 compatibility
agent_disconnect_unix: unset the agent fd after closing it
sftp: stop reading when buffer is full
sftp: Send at least one read request before reading
sftp: Don't return EAGAIN if data was written to buffer
sftp: Check read packet file offset
configure: build "silent" if possible
openssl: add OpenSSL 1.1.0-pre3-dev compatibility
GNUmakefile: list system libs after user libs
16.0.0 (2016-02-18)
-------------------
Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- Python 3.3 and 2.6 aren't supported anymore.
They may work by chance but any effort to keep them working has ceased.
The last Python 2.6 release was on October 29, 2013 and isn't supported by the CPython core team anymore.
Major Python packages like Django and Twisted dropped Python 2.6 a while ago already.
Python 3.3 never had a significant user base and wasn't part of any distribution's LTS release.
- pyOpenSSL versions older than 0.14 are not tested anymore.
They don't even build with recent OpenSSL versions.
Changes:
^^^^^^^^
- Officially support Python 3.5.
- ``service_identity.SubjectAltNameWarning`` is now raised if the server certicate lacks a proper ``SubjectAltName``.
[`#9 <https://github.com/pyca/service_identity/issues/9>`_]
- Add a ``__str__`` method to ``VerificationError``.
- Port from ``characteristic`` to its spiritual successor `attrs <https://attrs.readthedocs.org/>`_.
+ get rid of calls to snprintf which simply add the returned value to
the number of characters used so far. This practice is unsafe. Instead,
use a dynamic buffer and grow its size to accommodate the contents.
+ add USE_ARG definition to some files which use it but don't check to
see that it's been defined
pkgsrc changes:
+ Bump version number to 20160214
+ Use the same method as libnetpgpverify for finding the version number
from the sources.
Needed by py-google-api-python-client-1.4.2.
## v1.5.2
* Add access token refresh error class that includes HTTP status (#310)
* Python3 compatibility fixes for Django (#316, #318)
* Fix incremental auth in flask_util (#322)
* Fall back to credential refresh on EDEADLK in multistore_file (#336)
## v1.5.1
* Fix bad indent in `tools.run_flow()` (#301, bug was
introduced when switching from 2 space indents to 4)
## v1.5.0
* Fix (more like clarify) `bytes` / `str` handling in crypto
methods. (#203, #250, #272)
* Replacing `webapp` with `webapp2` in `oauth2client.appengine` (#217)
* Added optional `state` parameter to
`step1_get_authorize_url`. (#219 and #222)
* Added `flask_util` module that provides a Flask extension to aid
with using OAuth2 web server flow. This provides the same functionality
as the `appengine.webapp2` OAuth2Decorator, but will work with any Flask
application regardless of hosting environment. (#226, #273)
* Track scopes used on credentials objects (#230)
* Moving docs to [readthedocs.org][1] (#237, #238, #244)
* Removing `old_run` module. Was deprecated July 2, 2013. (#285)
* Avoid proxies when querying for GCE metadata (to check if
running on GCE) (#114, #293)
[1]: https://readthedocs.org/
## v1.4.12
* Fix OS X flaky test failure (#189).
* Fix broken OpenSSL import (#191).
* Remove `@util.positional` from wrapped request in `Credentials.authorize()`
(#196, #197).
* Changing pinned dependencies to `>=` (#200, #204).
* Support client authentication using `Authorization` header (#206).
* Clarify environment check in case where GAE imports succeed but GAE services
aren't available (#208).
## v1.4.11
* Better environment detection with Managed VMs.
* Better OpenSSL detection in exotic environments.
## v1.4.10
* Update the `OpenSSL` check to be less strict about finding `crypto.py` in
the `OpenSSL` directory.
* `tox` updates for new environment handling in `tox`.
## v1.4.9
* Ensure that the ADC fails if we try to *write* the well-known file to a
directory that doesn't exist, but not if we try to *read* from one.
## v1.4.8
* Better handling of `body` during token refresh when `body` is a stream.
* Better handling of expired tokens in storage.
* Cleanup around `openSSL` import.
* Allow custom directory for the `well_known_file`.
* Integration tests for python2 and python3. (!!!)
* Stricter file permissions when saving the `well_known_file`.
* Test cleanup around config file locations.
## v1.4.7
* Add support for Google Developer Shell credentials.
* Better handling of filesystem errors in credential refresh.
* python3 fixes
* Add `NO_GCE_CHECK` for skipping GCE detection.
* Better error messages on `InvalidClientSecretsError`.
* Comment cleanup on `run_flow`.
## v1.4.6
* Add utility function to convert PKCS12 key to PEM. (#115)
* Change GCE detection logic. (#93)
* Add a tox env for doc generation.
## v1.4.5
* Set a shorter timeout for an Application Default Credentials issue on some
networks. (#93, #101)
* Test cleanup, switch from mox to mock. (#103)
* Switch docs to sphinx from epydoc.
## v1.4.4
* Fix a bug in bytes/string encoding of headers.
## v1.4.3
* Big thanks to @dhermes for spotting and fixing a mess in our test setup.
* Fix a serious issue with tests not being run. (#86, #87, #89)
* Start credentials cleanup for single 2LO/3LO call. (#83, #84)
* Clean up stack traces when re-raising in some places. (#79)
* Clean up doc building. (#81, #82)
* Fixed minimum version for `six` dependency. (#75)
What is the Tor Browser?
The Tor software protects you by bouncing your communications around
a distributed network of relays run by volunteers all around the
world: it prevents somebody watching your Internet connection from
learning what sites you visit, it prevents the sites you visit from
learning your physical location, and it lets you access sites which
are blocked.
Noteworthy changes in version 1.6.5 (2016-02-09) [C20/A0/R5]
------------------------------------------------
* Mitigate side-channel attack on ECDH with Weierstrass curves
[CVE-2015-7511]. See http://www.cs.tau.ac.IL/~tromer/ecdh/ for
details.
* Fix build problem on Solaris.
Upstream changes:
0.11 2015-10-09 rurban
- add libressl support, unsupported random_egd() with libressl
0.10 2015-02-04 rurban
- fix LIBS argument, fatal on Windows. thanks to kmx
0.09 2015-02-04 rurban
- add missing hints/MSWin32.pl (kmx, RT #56455)
- add a couple of distro tests
- fix gcov target
0.08 2015-02-03 rurban
- remove Devel::CheckLib which does not work for 2 required libs
- replace DynaLoader by XSLoader
0.07 2015-02-03 rurban
- Bump version to publish an official release
0.06 rurban
- Typo in doc (dsteinbrunner)
0.05 2013-04-02 14:31:30 rurban
- Add inc/Devel/CheckLib, improve POD, add README and some helper targets
- Better diagnostics when the openssl libraries are not found
- Support INCDIR= and LIBDIR= arguments to Makefile.PL
- Add MSWin32 hints to find the openssl libraries
- Autocreate README
- Fix some -Wpointer-sign warnings
- Remove wrong Crypt::OpenSSL::RSA package names in docs and errmsg
2.024 2016/02/06
- Work around issue where the connect fails on systems having only a loopback
interface and where IO::Socket::IP is used as super class (default when
available). Since IO::Socket::IP sets AI_ADDRCONFIG by default connect to
localhost would fail on this systems. This happened at least for the tests,
see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813796
Workaround is to explicitely set GetAddrInfoFlags to 0 if no GetAddrInfoFlags
is set but the Family/Domain is given. In this case AI_ADDRCONFIG would not
be useful anyway but would cause at most harm.
- Handle the case where the CPU supports AVX, but we are running
on an hypervisor with AVX disabled/not supported.
- Faster (2x) scalarmult_base() when using the ref10 implementation
ocaml.mk. It was becoming more trouble than it was worth: only a minority
of packages used it, and it only made Makefiles more confusing.
(I've left out some packages: these will be updated forthwith)
which contains all the trusted certificates in PEM format. This file
can e.g. be used with command line clients like "curl" or "wget" to
validate certificates.
2.0.1:
- Flush temporary file before opening attachment. [#390]
- Disable password generator when showing entry in history mode. [#422]
- Strip invalid XML chars when writing databases. [#392]
- Add repair function to fix databases with invalid XML chars. [#392]
- Display custom icons scaled. [#322]
- Allow opening databases that have no password and keyfile. [#391]
- Fix crash when importing .kdb files with invalid icon ids. [#425]
- Update translations.
2.0.2:
- Fix regression in database writer that caused it to strip certain special
characters (characters from Unicode plane > 0).
- Fix bug in repair function that caused it to strip non-ASCII characters.
0.5.2 (2015-11-23)
=====
* Add OPENSSL_NO_SSL3 preprocessor flag to disable SSLv3 (thanks Jérémie
Courrèges-Anglas).
0.5.1 (2015-05-27)
=====
* Fix META file for versions of OCaml older than 4.02.0 (thanks Anil
Madhavapeddy, closes#20).
0.5.0 (2015-05-18)
=====
* Allow to honor server cipher preferences (thanks mfp, closes#18).
* Add functions for reading into/writing from bigarrays, avoiding copy (thanks
mfp, closes#15).
* Support disabling SSL protocol versions (thanks Edwin Török, closes#13).
* Use Bytes instead of String for read and write, changes the ABI thus the
version bump (thanks Vincent Bernardoff, closes#16, and mfp, closes#19).
* Make verbosity of client_verify_callback configurable (thanks Nicolas Trangez,
closes#12).
* Fix build with old versions of SSL (thanks Edwin Török, closes#10).
Fix some pkglint while here.
NEWS for the Nettle 3.2 release
Bug fixes:
* The SHA3 implementation is updated according to the FIPS 202
standard. It is not interoperable with earlier versions of
Nettle. Thanks to Nikos Mavrogiannopoulos. To easily
differentiate at compile time, sha3.h defines the constant
NETTLE_SHA3_FIPS202.
* Fix corner-case carry propagation bugs affecting elliptic
curve operations on the curves secp_256r1 and secp_384r1 on
certain platforms, including x86_64. Reported by Hanno Böck.
New features:
* New functions for RSA private key operations, identified by
the "_tr" suffix, with better resistance to side channel
attacks and to hardware or software failures which could
break the CRT optimization. See the Nettle manual for
details. Initial patch by Nikos Mavrogiannopoulos.
* New functions nettle_version_major, nettle_version_minor, as
a run-time variant of the compile-time constants
NETTLE_VERSION_MAJOR and NETTLE_VERSION_MINOR.
Optimizations:
* New ARM Neon implementation of the chacha stream cipher.
Miscellaneous:
* ABI detection on mips, with improved default libdir
location. Contributed by Klaus Ziegler.
* Fixes for ARM assembly syntax, to work better with the clang
assembler. Thanks to Jukka Ukkonen.
* Disabled use of ifunc relocations for fat builds, to fix
problems most easily triggered by using dlopen RTLD_NOW.
The shared library names are libnettle.so.6.2 and
libhogweed.so.4.2, with sonames still libnettle.so.6 and
libhogweed.so.4. It is intended to be fully binary compatible
with nettle-3.1.
