Noteworthy changes in version 1.13.0:
* Support GPGME_AUDITLOG_DIAG for gpgsm.
* New context flag "trust-model".
* Removed support for WindowsCE and Windows ME.
* Aligned the gpgrt-config code with our other libaries.
* Auto-check for all installed Python versions.
* Fixed generating card key in the C++ bindings.
* Fixed a segv due to bad parameters in genkey.
* Fixed crash if the plaintext is ignored in a CMS verify.
* Fixed memleak on Windows.
* Tweaked the Windows I/O code.
* Fixed random crashes on Windows due to closing an arbitrary
handle.
* Fixed a segv on Windows.
* Fixed test suite problems related to dtags.
* Fixed bunch of python bugs.
* Several fixes to the Common Lisp bindings.
* Fixed minor bugs in gpgme-json.
* Require trace level 8 to dump all I/O data.
* The compiler must now support variadic macros.
Changelog:
Version 5.50, 2018.12.02, urgency: MEDIUM
* New features
- 32-bit Windows builds replaced with 64-bit builds.
- OpenSSL DLLs updated to version 1.1.1.
- Check whether "output" is not a relative file name.
- Major code cleanup in the configuration file parser.
- Added sslVersion, sslVersionMin and sslVersionMax
for OpenSSL 1.1.0 and later.
* Bugfixes
- Fixed PSK session resumption with TLS 1.3.
- Fixed a memory leak in WIN32 logging subsystem.
- Allow for zero value (ignored) TLS options.
- Partially refactored configuration file parsing
and logging subsystems for clearer code and minor
bugfixes.
* Caveats
- We removed FIPS support from our standard builds.
FIPS will still be available with bespoke builds.
Version 1.8.2 (25 Mar 2019)
Daniel Stenberg (25 Mar 2019)
- RELEASE-NOTES: version 1.8.2
- [Will Cosgrove brought this change]
moved MAX size declarations #330
- [Will Cosgrove brought this change]
Fixed misapplied patch (#327)
Fixes for user auth
Changelog:
These features were new in 0.70 (released 2017-07-08):
Security fix: the Windows PuTTY binaries should no longer be
vulnerable to hijacking by specially named DLLs in the same
directory, even a name we missed when we thought we'd fixed
this in 0.69. See vuln-indirect-dll-hijack-3.
Windows PuTTY should be able to print again, after our DLL
hijacking defences broke that functionality.
Windows PuTTY should be able to accept keyboard input outside
the current code page, after our DLL hijacking defences broke
that too.
These features are new in 0.71 (released 2019-03-16):
Security fixes found by an EU-funded bug bounty programme:
a remotely triggerable memory overwrite in RSA key exchange,
which can occur before host key verification
potential recycling of random numbers used in cryptography
on Windows, hijacking by a malicious help file in the same
directory as the executable
on Unix, remotely triggerable buffer overflow in any kind
of server-to-client forwarding
multiple denial-of-service attacks that can be triggered
by writing to the terminal
Other security enhancements: major rewrite of the crypto code
to remove cache and timing side channels.
User interface changes to protect against fake authentication
prompts from a malicious server.
We now provide pre-built binaries for Windows on Arm.
Hardware-accelerated versions of the most common cryptographic
primitives: AES, SHA-256, SHA-1.
GTK PuTTY now supports non-X11 displays (e.g. Wayland) and
high-DPI configurations.
Type-ahead now works as soon as a PuTTY window is opened:
keystrokes typed before authentication has finished will be
buffered instead of being dropped.
Support for GSSAPI key exchange: an alternative to the older
GSSAPI authentication system which can keep your forwarded
Kerberos credentials updated during a long session.
More choices of user interface for clipboard handling.
New terminal features: support the REP escape sequence (fixing
an ncurses screen redraw failure), true colour, and SGR 2 dim
text.
Pressing Ctrl+Shift+PgUp or Ctrl+Shift+PgDn now takes you
straight to the top or bottom of the terminal scrollback.
Release 1.16.1:
Added channel, connection, and env properties to SFTPServer instances, so connection and channel information can be used to influence the SFTP server's behavior. Previously, connection information was made avaiable through the constructor, but channel and environment information was not. Now, all of these are available as properties on the SFTPServer instance without the need to explicitly store anything in a custom constructor.
Optimized SFTP glob matching when the glob pattern contains directory names without glob characters in them. Thanks go to Mikhail Terekhov for contributing this improvement!
Added support for PurePath in a few places that were missed when this support was originally added. Once again, thanks go to Mikhail Terehkov for these fixes.
Fixed bug in SFTP parallel I/O file reader where it sometimes returned EOF prematurely. Thanks go to David G for reporting this problem and providing a reproducible test case.
Fixed test failures seen on Fedora Rawhide. Thanks go to Georg Sauthof for reporting this issue and providing a test environment to help debug it.
Updated Ed25519/448 and Curve25519/448 tests to only run when these algorithms are available. Thanks go to Ondřej Súkup for reporting this issue and providing a suggested fix.
Noteworthy changes in version 2.2.15:
* sm: Fix --logger-fd and --status-fd on Windows for non-standard
file descriptors.
* sm: Allow decryption even if expired keys are configured.
* agent: Change command KEYINFO to print ssh fingerprints with other
hash algos.
* dirmngr: Fix build problems on Solaris due to the use of reserved
symbol names.
* wkd: New commands --print-wkd-hash and --print-wkd-url for
gpg-wks-client.
Bug fix and security release on the stable 3.6.x branch.
OK during the freeze by <jperkin>, thanks!
Changes:
3.6.7
-----
- libgnutls, gnutls tools: Every gnutls_free() will automatically set
the free'd pointer to NULL. This prevents possible use-after-free and
double free issues. Use-after-free will be turned into NULL dereference.
The counter-measure does not extend to applications using gnutls_free().
- libgnutls: Fixed a memory corruption (double free) vulnerability in the
certificate verification API. Reported by Tavis Ormandy; addressed with
the change above. [GNUTLS-SA-2019-03-27, #694]
- libgnutls: Fixed an invalid pointer access via malformed TLS1.3 async messages;
Found using tlsfuzzer. [GNUTLS-SA-2019-03-27, #704]
- libgnutls: enforce key usage limitations on certificates more actively.
Previously we would enforce it for TLS1.2 protocol, now we enforce it
even when TLS1.3 is negotiated, or on client certificates as well. When
an inappropriate for TLS1.3 certificate is seen on the credentials structure
GnuTLS will disable TLS1.3 support for that session (#690).
- libgnutls: the default number of tickets sent under TLS 1.3 was increased to
two. This makes it easier for clients which perform multiple connections
to the server to use the tickets sent by a default server.
- libgnutls: enforce the equality of the two signature parameters fields in
a certificate. We were already enforcing the signature algorithm, but there
was a bug in parameter checking code.
- libgnutls: fixed issue preventing sending and receiving from different
threads when false start was enabled (#713).
- libgnutls: the flag GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO now implies a writable
session, as non-writeable security officer sessions are undefined in PKCS#11
(#721).
- libgnutls: no longer send downgrade sentinel in TLS 1.3.
Previously the sentinel value was embedded to early in version
negotiation and was sent even on TLS 1.3. It is now sent only when
TLS 1.2 or earlier is negotiated (#689).
- gnutls-cli: Added option --logfile to redirect informational messages output.
- No API and ABI modifications since last version.
Version 1.8.1 (14 Mar 2019)
Will Cosgrove (14 Mar 2019)
- [Michael Buckley brought this change]
More 1.8.0 security fixes (#316)
* Defend against possible integer overflows in comp_method_zlib_decomp.
* Defend against writing beyond the end of the payload in _libssh2_transport_read().
* Sanitize padding_length - _libssh2_transport_read(). https://libssh2.org/CVE-2019-3861.html
This prevents an underflow resulting in a potential out-of-bounds read if a server sends a too-large padding_length, possibly with malicious intent.
* Prevent zero-byte allocation in sftp_packet_read() which could lead to an out-of-bounds read. https://libssh2.org/CVE-2019-3858.html
* Check the length of data passed to sftp_packet_add() to prevent out-of-bounds reads.
* Add a required_size parameter to sftp_packet_require et. al. to require callers of these functions to handle packets that are too short. https://libssh2.org/CVE-2019-3860.html
* Additional length checks to prevent out-of-bounds reads and writes in _libssh2_packet_add(). https://libssh2.org/CVE-2019-3862.html
GitHub (14 Mar 2019)
- [Will Cosgrove brought this change]
1.8 Security fixes (#314)
* fixed possible integer overflow in packet_length
CVE https://www.libssh2.org/CVE-2019-3861.html
* fixed possible interger overflow with userauth_keyboard_interactive
CVE https://www.libssh2.org/CVE-2019-3856.html
* fixed possible out zero byte/incorrect bounds allocation
CVE https://www.libssh2.org/CVE-2019-3857.html
* bounds checks for response packets
* fixed integer overflow in userauth_keyboard_interactive
CVE https://www.libssh2.org/CVE-2019-3863.html
Changelog:
trust: Improve error handling if backed trust file is corrupted [#206]
url: Prefer upper-case letters in hex characters when encoding [#193]
trust/extract-jks.c: also honor SOURCE_DATE_EPOCH time [#202]
virtual: Prefer fixed closures to libffi closures [#196]
Fix issues spotted by coverity and cppcheck [#194, #204]
Build and test fixes [#164, #191, #199, #201]
3.8.0:
New features
* Speed-up ECC performance. ECDSA is 33 times faster on the NIST P-256 curve.
* Added support for NIST P-384 and P-521 curves.
* EccKey has new methods size_in_bits() and size_in_bytes().
* Support HMAC-SHA224, HMAC-SHA256, HMAC-SHA384, and HMAC-SHA512 in PBE2/PBKDF2.
Resolved issues
* DER objects were not rejected if their length field had a leading zero.
* Allow legacy RC2 ciphers to have 40-bit keys.
* ASN.1 Object IDs did not allow the value 0 in the path.
Breaks in compatibility
* point_at_infinity() becomes an instance method for Crypto.PublicKey.ECC.EccKey, from a static one.
version 0.8.7 (released 2019-02-25)
* Fixed handling extension flags in the server implementation
* Fixed exporting ed25519 private keys
* Fixed corner cases for rsa-sha2 signatures
* Fixed some issues with connector
Noteworthy changes in version 2.2.14:
* gpg: Allow import of PGP desktop exported secret keys. Also avoid
importing secret keys if the secret keyblock is not valid.
* gpg: Do not error out on version 5 keys in the local keyring.
* gpg: Make invalid primary key algo obvious in key listings.
* sm: Do not mark a certificate in a key listing as de-vs compliant
if its use for a signature will not be possible.
* sm: Fix certificate creation with key on card.
* sm: Create rsa3072 bit certificates by default.
* sm: Print Yubikey attestation extensions with --dump-cert.
* agent: Fix cancellation handling for scdaemon.
* agent: Support --mode=ssh option for CLEAR_PASSPHRASE.
* scd: Fix flushing of the CA-FPR DOs in app-openpgp.
* scd: Avoid a conflict error with the "undefined" app.
* dirmngr: Add CSRF protection exception for protonmail.
* dirmngr: Fix build problems with gcc 9 in libdns.
* gpgconf: New option --show-socket for use wity --launch.
* gpgtar: Make option -C work for archive creation.
Version 3.6.6:
* libgnutls: gnutls_pubkey_import_ecc_raw() was fixed to set the number bits
on the public key.
* libgnutls: Added support for raw public-key authentication as defined in RFC7250.
Raw public-keys can be negotiated by enabling the corresponding certificate
types via the priority strings. The raw public-key mechanism must be explicitly
enabled via the GNUTLS_ENABLE_RAWPK init flag.
* libgnutls: When on server or client side we are sending no extensions we do
not set an empty extensions field but we rather remove that field competely.
This solves a regression since 3.5.x and improves compatibility of the server
side with certain clients.
* libgnutls: We no longer mark RSA keys in PKCS#11 tokens as RSA-PSS capable if
the CKA_SIGN is not set.
* libgnutls: The priority string option %NO_EXTENSIONS was improved to completely
disable extensions at all cases, while providing a functional session. This
also implies that when specified, TLS1.3 is disabled.
* libgnutls: GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION was marked as deprecated.
The previous definition was non-functional.
* API and ABI modifications:
GNUTLS_ENABLE_RAWPK: Added
GNUTLS_ENABLE_CERT_TYPE_NEG: Removed (was no-op; replaced by GNUTLS_ENABLE_RAWPK)
GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION: Deprecated
GNUTLS_PCERT_NO_CERT: Deprecated
Noteworthy changes in version 1.36:
* Two new error codes to better support PIV cards.
* Support armv7a-unknown-linux-gnueabihf.
* Increased estream buffer sizes for Windows.
* Interface changes relative to the 1.34 release:
GPG_ERR_NO_AUTH NEW.
GPG_ERR_BAD_AUTH NEW.
Monocypher is an easy to use crypto library. It is:
- Small. Sloccount counts about 1700 lines of code, small enough to
allow audits. The binaries are under 65KB.
= Easy to deploy. Just add monocypher.c and monocypher.h to your
project. They compile as C99 or C++, have no dependency, and
are dedicated to the public domain.
- Easy to use. The API is small, consistent, and cannot fail
on correct input.
- Fast. The primitives are fast to begin with, and performance
wasn't needlessly sacrificed. Monocypher holds up pretty well
against Libsodium, despite being closer in size to TweetNaCl.
Added
If possible, Certbot uses built-in support for OCSP from recent cryptography versions instead of the OpenSSL binary: as a consequence Certbot does not need the OpenSSL binary to be installed anymore if cryptography>=2.5 is installed.
Changed
Certbot and its acme module now depend on josepy>=1.1.0 to avoid printing the warnings described at https://github.com/certbot/josepy/issues/13.
Apache plugin now respects CERTBOT_DOCS environment variable when adding command line defaults.
The running of manual plugin hooks is now always included in Certbot's log output.
Tests execution for certbot, certbot-apache and certbot-nginx packages now relies on pytest.
An ACME CA server may return a "Retry-After" HTTP header on authorization polling, as specified in the ACME protocol, to indicate when the next polling should occur. Certbot now reads this header if set and respect its value.
The acme module avoids sending the keyAuthorization field in the JWS payload when responding to a challenge as the field is not included in the current ACME protocol. To ease the migration path for ACME CA servers, Certbot and its acme module will first try the request without the keyAuthorization field but will temporarily retry the request with the field included if a malformed error is received. This fallback will be removed in version 0.34.0.
0.32.0:
- setup.py: use ${CPP} as path to cpp
- Bump pipeline OpenSSL from 1.1.0i to 1.1.0j
- Stub wchar_t helpers and ignore unused WCHAR defs
- Add type comment to setup.py
Support for UNIX domain socket connections.
New configuration file settings pem-dir and pem-dir-glob.
Support for TLS 1.3.
Fixed a bug that would cause a crash on reload if ocsp-dir was changed.
Add log-level. This supersedes the previous quiet setting.
Add proxy-tlv. This enables extra reporting of cipher and protocol.
Drop TLSv1.1 from the default TLS protocols list.
Remove f-prot-antivirus6-ws-bin package version 6.2.3.
Althoguth F-PROT Antivirus is still supported for licensed users,
its antivirus engine (i.e. program itself) did not updated since 2013 and
it is sold for Linux and Windows (no *BSD).
So it's time to remove it from pkgsrc.
Remove f-prot-antivirus6-fs-bin package version 6.2.3.
Althoguth F-PROT Antivirus is still supported for licensed users,
its antivirus engine (i.e. program itself) did not updated since 2013 and
it is sold for Linux and Windows (no *BSD).
So it's time to remove it from pkgsrc.
Remove f-prot-antivirus6-ms-bin package version 6.2.3.
Althoguth F-PROT Antivirus is still supported for licensed users,
its antivirus engine (i.e. program itself) did not updated since 2013 and
it is sold for Linux and Windows (no *BSD).
So it's time to remove it from pkgsrc.
1.16.0:
Added support for Ed448 host/client keys and certificates and rewrote Ed25519 support to use the PyCA implementation, reducing the dependency on libnacl and libsodium to only be needed to support the chacha20-poly1305 cipher.
Added support for PKCS-8 format Ed25519 and Ed448 private and public keys (in addition to the OpenSSH format previously supported).
Added support for multiple delimiters in SSHReader’s readuntil() function, causing it to return data as soon as any of the specified delimiters are matched.
Added the ability to register custom key handlers in the line editor which can modify the input line, extending the built-in editing functionality.
Added SSHSubprocessProtocol and SSHSubprocessTransport classes to provide compatibility with asyncio.SubprocessProtocol and asyncio.SubprocessTransport. Code which is designed to call BaseEventLoop.subprocess_shell() or BaseEventLoop.subprocess_exec() can be easily adapted to work against a remote process by calling SSHClientConnection.create_subprocess().
Added support for sending keepalive messages when the SSH connection is idle, with an option to automatically disconnect the connection if the remote system doesn’t respond to these keepalives.
Changed AsyncSSH to ignore errors when loading unsupported key types from the default file locations.
Changed the reuse_port option to only be available on Python releases which support it (3.4.4 and later).
Fixed an issue where MSG_IGNORE packets could sometimes be sent between MSG_NEWKEYS and MSG_EXT_INFO, which caused some SSH implementations to fail to properly parse the MSG_EXT_INFO.
Fixed a couple of errors in the handling of disconnects occurring prior to authentication completing.
Renamed “session_encoding” and “session_errors” arguments in asyncssh.create_server() to “encoding” and “errors”, to match the names used for these arguments in other AsyncSSH APIs. The old names are still supported for now, but they are marked as deprecated and will be removed in a future release.
2.6.1:
* Resolved an error in our build infrastructure that broke our Python3 wheels
for macOS and Linux.
2.6:
* **BACKWARDS INCOMPATIBLE:** Removed
cryptography.hazmat.primitives.asymmetric.utils.encode_rfc6979_signature
and
cryptography.hazmat.primitives.asymmetric.utils.decode_rfc6979_signature,
which had been deprecated for nearly 4 years. Use
:func:~cryptography.hazmat.primitives.asymmetric.utils.encode_dss_signature
and
:func:~cryptography.hazmat.primitives.asymmetric.utils.decode_dss_signature
instead.
* **BACKWARDS INCOMPATIBLE**: Removed cryptography.x509.Certificate.serial,
which had been deprecated for nearly 3 years. Use
:attr:~cryptography.x509.Certificate.serial_number instead.
* Updated Windows, macOS, and manylinux1 wheels to be compiled with
OpenSSL 1.1.1b.
* Added support for :doc:/hazmat/primitives/asymmetric/ed448 when using
OpenSSL 1.1.1b or newer.
* Added support for :doc:/hazmat/primitives/asymmetric/ed25519 when using
OpenSSL 1.1.1b or newer.
* :func:~cryptography.hazmat.primitives.serialization.load_ssh_public_key can
now load ed25519 public keys.
* Add support for easily mapping an object identifier to its elliptic curve
class via
:func:~cryptography.hazmat.primitives.asymmetric.ec.get_curve_for_oid.
* Add support for OpenSSL when compiled with the no-engine
(OPENSSL_NO_ENGINE) flag.
18.0.0
* On macOS, the backend now raises a KeyringLocked
when access to the keyring is denied (on get or set) instead
of PasswordSetError or KeyringError. Any API users
may need to account for this change, probably by catching
the parent KeyringError.
Additionally, the error message from the underying error is
now included in any errors that occur.
17.1.1
* Update packaging technique to avoid 0.0.0 releases.
17.1.0
* When calling keyring.core.init_backend, if any
limit function is supplied, it is saved and later honored by
the ChainerBackend as well.
17.0.0
* Remove application attribute from stored passwords
using SecretService, addressing regression introduced in
10.5.0. Impacted Linux keyrings will once again
prompt for a password for "Python program".
16.1.1
* Fix error on import due to circular imports
on Python 3.4.
16.1.0
* Refactor ChainerBackend, introduced in 16.0 to function
as any other backend, activating when relevant.
16.0.2
* In Windows backend, trap all exceptions when
attempting to import pywin32.
16.0.1
* Once again allow all positive, non-zero priority
keyrings to participate.
16.0.0
* Fix race condition in delete_password on Windows.
* All suitable backends (priority 1 and greater) are
allowed to participate.
15.2.0
* Added new API for get_credentials, for backends
that can resolve both a username and password for a service.
15.1.0
* Add the Null keyring, disabled by default.
* Added --disable option to command-line
interface.
* Now honor a PYTHON_KEYRING_BACKEND
environment variable to select a backend. Environments
may set to keyring.backends.null.Keyring to disable
keyring.
This is based on a git checkout from a couple days ago; not completely
sure about the version number.
The Makefile now contains a short how-to for updating this package.
Many thanks for the www/firefox60 patches!
Use at your own risk!
Survives basic browsing and check.torproject.org claims it connects via tor.
Changes: too many to document.
1.3.0 2018-09-26
- Added support for Python 3.7.
- Update libsodium to 1.0.16.
- Run and test all code examples in PyNaCl docs through sphinx's doctest builder.
- Add low-level bindings for chacha20-poly1305 AEAD constructions.
- Add low-level bindings for the chacha20-poly1305 secretstream constructions.
- Add low-level bindings for ed25519ph pre-hashed signing construction.
- Add low-level bindings for constant-time increment and addition on fixed-precision big integers represented as little-endian byte sequences.
- Add low-level bindings for the ISO/IEC 7816-4 compatible padding API.
- Add low-level bindings for libsodium's crypto_kx... key exchange construction.
- Set hypothesis deadline to None in tests/test_pwhash.py to avoid incorrect test failures on slower processor architectures. GitHub issue #370
1.2.1 - 2017-12-04
- Update hypothesis minimum allowed version.
- Infrastructure: add proper configuration for readthedocs builder runtime environment.
1.2.0 - 2017-11-01
- Update libsodium to 1.0.15.
- Infrastructure: add jenkins support for automatic build of manylinux1 binary wheels
- Added support for SealedBox construction.
- Added support for argon2i and argon2id password hashing constructs and restructured high-level password hashing implementation to expose the same interface for all hashers.
- Added support for 128 bit siphashx24 variant of siphash24.
- Added support for from_seed APIs for X25519 keypair generation.
- Dropped support for Python 3.3.
