Version 4.7
CVE-2020-25658 - Bleichenbacher-style timing oracle in PKCS#1 v1.5 decryption code
Add padding length check as described by PKCS#1 v1.5
Reuse of blinding factors to speed up blinding operations.
Declare & test support for Python 3.9
* Version 1.10.0 (released 2021-01-01) [stable]
** This is a new major stable release. Brief changes compared to 1.8.x:
*** SCRAM-SHA-256 and SCRAM-SHA-256-PLUS support per RFC 7677.
*** SCRAM supports password-less usage (StoredKey/ServerKey).
*** New 'gsasl --mkpasswd' command to prepare SCRAM salted/hashed passwords.
*** Final warning that obsolete APIs will be removed.
*** Various cleanups, portability and other bug fixes.
See the entries in NEWS and lib/NEWS covering the 1.9.x branch for details.
* Version 1.9.3 (released 2021-01-01) [beta]
** Fix build/portability problems. GnuTLS >= 3.4 is required.
Thanks to Bruno Haible for reports.
* Version 1.9.2 (released 2020-12-24) [beta]
** gsasl: Don't abort command on some exepected TLS events (for TLS 1.3).
Patch from Enrico Scholz <enrico.scholz@sigma-chemnitz.de> in:
https://lists.gnu.org/archive/html/help-gsasl/2020-08/msg00000.html
** gsasl: Use GnuTLS system trust settings by default for X.509 server
** certificate validation.
Before it was documented behaviour that unless --x509-ca-file was
used, no verification of the server-side certificate was performed.
Now instead it will use the system trust settings, which on properly
configured systems results in verification of the server certificate.
As a result, you may now start to get server certificate verification
errors in situations where you didn't expect them. Use --x509-ca-file
with the empty string ("") as a file name to use the old behaviour to
not abort on server certificate verification failures.
** SCRAM, GS2 and GSSAPI retrieve properties later in
** the authentication process.
Before the property GSASL_CB_TLS_UNIQUE was retrieved during SCRAM
gsasl_client_start() and gsasl_server_start(), and the properties
GSSAPI_SERVICE and GSSAPI_HOSTNAME was retrived during GS2/GSSAPI
gsasl_server_start(). Now they are retrieved during the first call to
gsasl_step().
The only user-visible impact of this should be that 'gsasl
--client-mechanisms' and 'gsasl --server-mechanisms' will now not
query for parameters before giving a list of supported mechanisms,
which arguable gives a better user experience. The downside of this
is that SCRAM-*-PLUS, GS2 and GSSAPI may be advertised even though
completing the server mechanism may not complete.
The problem with calling callbacks in the start() function is that the
callback will have no per-session context at that point, only a global
context, so the only way to give per-session unique callback responses
is to use a separate global handle per session. This was discovered
in the Exim implementation of gsasl with SCRAM that used to request
the GSASL_CB_TLS_UNIQUE property in the start() function. After
noticing this design issue, and writing this self test, it was
discovered that it also happened for the GSSAPI/GS2 server (not
client) mechanism for the GSASL_SERVICE and GSASL_HOSTNAME properties.
Thanks to Jeremy Harris for noticing the problem and discussion, see
https://lists.gnu.org/archive/html/help-gsasl/2020-01/msg00035.html
** gsasl: The --mkpasswd output format follows Dovecot 'doveadm pw'.
** Filenames of images in the manual are now prefixed with 'gsasl-'.
This makes /usr/share/info more understandable, and it is suggested by
at least Debian to do this in upstream.
** Build changes.
Some more compiler warnings used and code fixed. Improved ./configure
diagnostics.
* Version 1.9.1 (released 2020-01-14) [beta]
** gsasl: New --mkpasswd argument to prepare salted/hashed passwords.
Currently mechanisms SCRAM-SHA-1 and SCRAM-SHA-256 are supported. New
parameter --iteration-count to indicate number of PBKDF2 rounds,
default being 65536. New parameter --salt to specify PBKDF2 salt.
* Version 1.9.0 (released 2020-01-03) [beta]
** Client and server support for SCRAM-SHA-256 and SCRAM-SHA-256-PLUS.
** gsasl: If PORT argument is "587" or "submission", SMTP mode is used.
Further, unrecognized PORT arguments will now on raise an error to
specify --smtp or --imap.
Pkgsrc changes:
* Added a patch to cope with docker client default settings (build
also on NetBSD)
Upstream changes:
1.6.1
=====
December 16, 2020
SECURITY:
* LDAP Auth Method: We addressed an issue where error messages
returned by the LDAP auth methold allowed user enumeration
[GH-10537]. This vulnerability affects Vault OSS and Vault Enterprise
and is fixed in 1.5.6 and 1.6.1 (CVE-2020-35177).
* Sentinel EGP: We've fixed incorrect handling of namespace paths
to prevent users within namespaces from applying Sentinel EGP
policies to paths above their namespace. This vulnerability
affects Vault Enterprise and is fixed in 1.5.6 and 1.6.1
(CVE-2020-35453).
IMPROVEMENTS:
* auth/ldap: Improve consistency in error messages [GH-10537]
* core/metrics: Added "vault operator usage" command. [GH-10365]
* secrets/gcp: Truncate ServiceAccount display names longer than
100 characters. [GH-10558]
BUG FIXES:
* agent: Only set the namespace if the VAULT_NAMESPACE env var
isn't present [GH-10556]
* auth/jwt: Fixes bound_claims validation for provider-specific
group and user info fetching. [GH-10546]
* core (enterprise): Vault EGP policies attached to path * were
not correctly scoped to the namespace.
* core: Avoid deadlocks by ensuring that if grabLockOrStop returns
stopped=true, the lock will not be held. [GH-10456]
* core: Fix client.Clone() to include the address [GH-10077]
* core: Fix rate limit resource quota migration from 1.5.x to
1.6.x by ensuring purgeInterval and staleAge are set appropriately.
[GH-10536]
* core: Make all APIs that report init status consistent, and make
them report initialized=true when a Raft join is in progress.
[GH-10498]
* secrets/database/influxdb: Fix issue where not all errors from
InfluxDB were being handled [GH-10384]
* secrets/database/mysql: Fixes issue where the DisplayName within
generated usernames was the incorrect length [GH-10433]
* secrets/database: Sanitize private_key field when reading database
plugin config [GH-10416]
* secrets/transit: allow for null string to be used for optional
parameters in encrypt and decrypt [GH-10386]
* storage/raft (enterprise): The parameter aws_s3_server_kms_key
was misnamed and didn't work. Renamed to aws_s3_kms_key, and
make it work so that when provided the given key will be used
to encrypt the snapshot using AWS KMS.
* transform (enterprise): Fix bug tokenization handling metadata
on exportable stores
* transform (enterprise): Fix transform configuration not handling
stores parameter on the legacy path
* transform (enterprise): Make expiration timestamps human readable
* transform (enterprise): Return false for invalid tokens on the
validate endpoint rather than returning an HTTP error
* transform (enterprise): Fix bug where tokenization store changes
are persisted but don't take effect
* ui: Fix bug in Transform secret engine when a new role is added
and then removed from a transformation [GH-10417]
* ui: Fix footer URL linking to the correct version changelog.
[GH-10491]
* ui: Fox radio click on secrets and auth list pages. [GH-10586]
1.6.0
=====
November 11th, 2020
NOTE:
Binaries for 32-bit macOS (i.e. the darwin_386 build) will no longer
be published. This target was dropped in the latest version of the
Go compiler.
CHANGES:
* agent: Agent now properly returns a non-zero exit code on error,
such as one due to template rendering failure. Using
error_on_missing_key in the template config will cause agent to
immediately exit on failure. In order to make agent properly
exit due to continuous failure from template rendering errors,
the old behavior of indefinitely restarting the template server
is now changed to exit once the default retry attempt of 12
times (with exponential backoff) gets exhausted. [GH-9670]
* token: Periodic tokens generated by auth methods will have the
period value stored in its token entry. [GH-7885]
* core: New telemetry metrics reporting mount table size and number
of entries [GH-10201]
* go: Updated Go version to 1.15.4 [GH-10366]
FEATURES:
* Couchbase Secrets: Vault can now manage static and dynamic
credentials for Couchbase. [GH-9664]
* Expanded Password Policy Support: Custom password policies are
now supported for all database engines.
* Integrated Storage Auto Snapshots (Enterprise): This feature
enables an operator to schedule snapshots of the integrated
storage backend and ensure those snapshots are persisted elsewhere.
* Integrated Storage Cloud Auto Join: This feature for integrated
storage enables Vault nodes running in the cloud to automatically
discover and join a Vault cluster via operator-supplied metadata.
* Key Management Secrets Engine (Enterprise; Tech Preview): This
new secret engine allows securely distributing and managing keys
to Azure cloud KMS services.
* Seal Migration: With Vault 1.6, we will support migrating from
an auto unseal mechanism to a different mechanism of the same
type. For example, if you were using an AWS KMS key to automatically
unseal, you can now migrate to a different AWS KMS key.
* Tokenization (Enterprise; Tech Preview): Tokenization supports
creating irreversible "tokens" from sensitive data. Tokens can
be used in less secure environments, protecting the original
data.
* Vault Client Count: Vault now counts the number of active entities
(and non-entity tokens) per month and makes this information
available via the "Metrics" section of the UI.
IMPROVEMENTS:
* auth/approle: Role names can now be referenced in templated
policies through the approle.metadata.role_name property [GH-9529]
* auth/aws: Improve logic check on wildcard BoundIamPrincipalARNs
and include role name on error messages on check failure [GH-10036]
* auth/jwt: Add support for fetching groups and user information
from G Suite during authentication. [GH-123]
* auth/jwt: Adding EdDSA (ed25519) to supported algorithms [GH-129]
* auth/jwt: Improve cli authorization error [GH-137]
* auth/jwt: Add OIDC namespace_in_state option [GH-140]
* secrets/transit: fix missing plaintext in bulk decrypt response [GH-9991]
* command/server: Delay informational messages in -dev mode until
logs have settled. [GH-9702]
* command/server: Add environment variable support for disable_mlock.
[GH-9931]
* core/metrics: Add metrics for storage cache [GH_10079]
* core/metrics: Add metrics for leader status [GH 10147]
* physical/azure: Add the ability to use Azure Instance Metadata
Service to set the credentials for Azure Blob storage on the
backend. [GH-10189]
* sdk/framework: Add a time type for API fields. [GH-9911]
* secrets/database: Added support for password policies to all
databases [GH-9641, and more]
* secrets/database/cassandra: Added support for static credential
rotation [GH-10051]
* secrets/database/elasticsearch: Added support for static credential
rotation [GH-19]
* secrets/database/hanadb: Added support for root credential &
static credential rotation [GH-10142]
* secrets/database/hanadb: Default password generation now includes
dashes. Custom statements may need to be updated to include
quotes around the password field [GH-10142]
* secrets/database/influxdb: Added support for static credential
rotation [GH-10118]
* secrets/database/mongodbatlas: Added support for root credential
rotation [GH-14]
* secrets/database/mongodbatlas: Support scopes field in creations
statements for MongoDB Atlas database plugin [GH-15]
* seal/awskms: Add logging during awskms auto-unseal [GH-9794]
* storage/azure: Update SDK library to use azure-storage-blob-go
since previous library has been deprecated. [GH-9577]
* secrets/ad: rotate-root now supports POST requests like other
secret engines [GH-70]
* ui: Add ui functionality for the Transform Secret Engine [GH-9665]
* ui: Pricing metrics dashboard [GH-10049]
BUG FIXES:
* auth/jwt: Fix bug preventing config edit UI from rendering [GH-141]
* cli: Don't open or overwrite a raft snapshot file on an unsuccessful
vault operator raft snapshot [GH-9894]
* core: Implement constant time version of shamir GF(2^8) math [GH-9932]
* core: Fix resource leak in plugin API (plugin-dependent, not
all plugins impacted) [GH-9557]
* core: Fix race involved in enabling certain features via a
license change
* core: Fix error handling in HCL parsing of objects with invalid
syntax [GH-410]
* identity: Check for timeouts in entity API [GH-9925]
* secrets/database: Fix handling of TLS options in mongodb connection
strings [GH-9519]
* secrets/gcp: Ensure that the IAM policy version is appropriately
set after a roleset's bindings have changed. [GH-93]
* ui: Mask LDAP bindpass while typing [GH-10087]
* ui: Update language in promote dr modal flow [GH-10155]
* ui: Update language on replication primary dashboard for clarity
[GH-10205]
* core: Fix bug where updating an existing path quota could
introduce a conflict. [GH-10285]
1.5.6
=====
December 16, 2020
SECURITY:
* LDAP Auth Method: We addressed an issue where error messages
returned by the LDAP auth methold allowed user enumeration
[GH-10537]. This vulnerability affects Vault OSS and Vault
Enterprise and is fixed in 1.5.6 and 1.6.1 (CVE-2020-35177).
* Sentinel EGP: We've fixed incorrect handling of namespace paths
to prevent users within namespaces from applying Sentinel EGP
policies to paths above their namespace. This vulnerability
affects Vault Enterprise and is fixed in 1.5.6 and 1.6.1.
IMPROVEMENTS:
* auth/ldap: Improve consistency in error messages [GH-10537]
BUG FIXES:
* core (enterprise): Vault EGP policies attached to path * were
not correctly scoped to the namespace.
* core: Fix bug where updating an existing path quota could
introduce a conflict [GH-10285]
* core: Fix client.Clone() to include the address [GH-10077]
* quotas (enterprise): Reset cache before loading quotas in the
db during startup
* secrets/transit: allow for null string to be used for optional
parameters in encrypt and decrypt [GH-10386]
1.5.5
=====
October 21, 2020
IMPROVEMENTS:
* auth/aws, core/seal, secret/aws: Set default IMDS timeouts to
match AWS SDK [GH-10133]
BUG FIXES:
* auth/aws: Restrict region selection when in the aws-us-gov
partition to avoid IAM errors [GH-9947]
* core (enterprise): Allow operators to add and remove (Raft)
peers in a DR secondary cluster using Integrated Storage.
* core (enterprise): Add DR operation token to the remove peer
API and CLI command (when DR secondary).
* core (enterprise): Fix deadlock in handling EGP policies
* core (enterprise): Fix extraneous error messages in DR Cluster
* secrets/mysql: Conditionally overwrite TLS parameters for MySQL
secrets engine [GH-9729]
* secrets/ad: Fix bug where password_policy setting was not using
correct key when ad/config was read [GH-71]
* ui: Fix issue with listing roles and methods on the same auth
methods with different names [GH-10122]
1.5.4
=====
September 24th, 2020
SECURITY:
* Batch Token Expiry: We addressed an issue where batch token
leases could outlive their TTL because we were not scheduling
the expiration time correctly. This vulnerability affects Vault
OSS and Vault Enterprise 1.0 and newer and is fixed in 1.4.7
and 1.5.4 (CVE-2020-25816).
IMPROVEMENTS:
* secrets/pki: Handle expiration of a cert not in storage as a
success [GH-9880]
* auth/kubernetes: Add an option to disable defaulting to the
local CA cert and service account JWT when running in a Kubernetes
pod [GH-97]
* secrets/gcp: Add check for 403 during rollback to prevent repeated
deletion calls [GH-97]
* core: Disable usage metrics collection on performance standby
nodes. [GH-9966]
* credential/aws: Added X-Amz-Content-Sha256 as a default STS
request header [GH-10009]
BUG FIXES:
* agent: Fix disable_fast_negotiation not being set on the auth
method when configured by user. [GH-9892]
* core (enterprise): Fix hang when cluster-wide plugin reload
cleanup is slow on unseal
* core (enterprise): Fix an error in cluster-wide plugin reload
cleanup following such a reload
* core: Fix crash when metrics collection encounters zero-length
keys in KV store [GH-9811]
* mfa (enterprise): Fix incorrect handling of PingID responses
that could result in auth requests failing
* replication (enterprise): Improve race condition when using a
newly created token on a performance standby node
* replication (enterprise): Only write failover cluster addresses
if they've changed
* ui: fix bug where dropdown for identity/entity management is not
reflective of actual policy [GH-9958]
0.23.22 (stable)
* Fix memory-safety issues that affect the RPC protocol
(CVE-2020-29361, CVE-2020-29362, and CVE-2020-29363), discovered
and fixed by David Cook
* anchor: Prefer persistent format when storing anchor [PR#329]
* common: Fix infloop in p11_path_build [PR#326, PR#327]
* proxy: C_CloseAllSessions: Make sure that calloc args are non-zero [PR#325]
* common: Check for a NULL locale before freeing it [PR#321]
* Build and test fixes [PR#313, PR#315, PR#317, PR#318, PR#319, PR#323, PR#330, PR#333, PR#334, PR#335, PR#338, PR#339]
v 11.1.7
============================================================
x Optimize serviceWorker tracking for heavy tabs usage
(thanks vadimm and barbaz for investigation)
x Force placeholder visibility on Youtube embeddings
x Fixed popup opening being slowed down if options UI is
opened (thanks Sirus for report)
x Explicit failure for wrong settings importation formats
x Updated TLDs
v 11.1.7rc3
============================================================
x Updated TLDs
x Optimize serviceWorker tracking for heavy tabs usage
(thanks vadimm and barbaz for investigation)
x Force placeholder visibility on Youtube embeddings
v 11.1.7rc2
============================================================
x Fixed popup opening being slowed down if options UI is
opened (thanks Sirus for report)
v 11.1.7rc1
============================================================
x Explicit failure for wrong settings importation formats
v 11.1.6
============================================================
x Better handling of concurrent prompts issues (thanks
billarbor for reporting)
x Remove z-index boosting from ancestors when placeholder is
collapsed or replaced (issue #162)
x Fixed permission keyboard shortcuts being triggered with
modifiers like CTRL (thanks barbaz for report)
x More accurate blockage reporting, with better filtering of
page's own CSP effects
x [UI] Fixed bug in CUSTOM sites filtering (thanks barbaz
for reporting)
x Fixed bug in automatic HTML events build-time updates
x Updated HTML events
x Updated TLDs
x [L10n] Updated sv_SE
x Better handling 0 width / 0 height media placeholders
v 11.1.6rc6
============================================================
x Better handling of concurrent prompts issues (thanks
billarbor for reporting)
v 11.1.6rc5
============================================================
x Remove z-index boosting from ancestors when placeholder is
collapsed or replaced (issue #162)
v 11.1.6rc4
============================================================
x Fixed permission keyboard shortcuts being triggered with
modifiers like CTRL (thanks barbaz for report)
v 11.1.6rc3
============================================================
x More accurate blockage reporting, with better filtering of
page's own CSP effects
v 11.1.6rc2
============================================================
x [UI] Fixed bug in CUSTOM sites filtering (thanks barbaz
for reporting)
x Fixed bug in automatic HTML events build-time updates
x Updated HTML events
x Updated TLDs
v 11.1.6rc1
============================================================
x Updated TLDs
x [L10n] Updated sv_SE
x Better handling 0 width / 0 height media placeholders
This release updates Firefox for desktops to 78.6.0esr and Firefox
for Android to 84.1.0. This release includes important security
updates to Firefox for Desktop, and similar important security
updates to Firefox for Android.
The full changelog since Desktop and Android Tor Browser 10.0.6 is:
All Platforms
Update HTTPS Everywhere to 2020.11.17
Bug 40166: Disable security.certerrors.mitm.auto_enable_enterprise_roots
Bug 40176: Update openssl to 1.1.1i
Windows + OS X + Linux
Update Firefox to 78.6.0esr
Android
Update Firefox to 84.1.0
Update NoScript to 11.1.6
Linux
Bug 40226: Crash on Fedora Workstation Rawhide GNOME
Build System
All Platforms
Bug 40139: Pick up rbm commit for bug 40008
Bug 40161: Update Go compiler to 1.14.13
Android
Bug 40128: Allow updating Fenix allowed_addons.json
Bug 40140: Create own Gradle project
Bug 40155: Update toolchain for Fenix 84
Bug 40156: Update Fenix and dependencies to 84.0.0-beta2
Bug 40163: Avoid checking hash of .pom files
Bug 40171: Include all uniffi-rs artifacts into application-services
Bug 40184: Update Fenix and deps to 84.1.0
10.0.6
All Platforms
Bug 40175: Update obfs4proxy's TLS certificate public key pinning
Release 2.5.0
Added support for limiting which identities in an SSH agent will be used when making a connection, via a new “agent_identities” config option. This change also adds compatibility with the OpenSSL config file option “IdentitiesOnly”.
Added support for including Subject Key Identifier and Authority Key Identifier extensions in generated X.509 certificates to better comply with RFC 5280.
Added support for makedirs() and rmtree() methods in the AsyncSSH SFTP client, as well as a new scandir() method which returns an async iterator to more efficiently process very large directories. Thanks go to Joseph Ernest for suggesting these improvements.
Significantly reworked AsyncSSH line editor support to improve its performance by several orders of magnitude on long input lines, and added a configurable maximum line length when the editor is in use to avoid potential denial-of-service attacks. This limit defaults to 1024 bytes, but with the improvements it can reasonably handle lines which are megabytes in size if needed.
Changed AsyncSSH to allow SSH agent identities to still be used when an explicit list of client keys is specified, for better compatibility with OpenSSH. The previous behavior can still be achieved by explicitly setting the agent_path option to None when setting client_keys.
Changed AsyncSSH to enforce a limit of 1024 characters on usernames when acting as a server to avoid a potential denial-of-service issue related to SASLprep username normalization.
Changed SCP implementation to explicitly yield to other coroutines when sending a large file to better share an event loop.
Fixed a few potential race conditions related to cleanup of objects during connection close. Thanks go to Thomas Léveil for reporting one of these places and suggesting a fix.
Re-applied a previous fix which was unintentionally lost to allow Pageant to be used by default on Windows.
Release v1.6.12: Meyer (Patch 12)
Fix GSSAPI detection for macOS Big Sur
Clarify how to disable detection
Release v1.6.11: Meyer (Patch 11)
Fix build on FreeBSD
On FreeBSD, prefer GSSAPI from ports if available
Support python >= 3.8 in test suite by dropping dependency on should_be
Fix malformed S4U tests
Release v1.6.10: Meyer (Patch 10)
Provide python 3.9 Windows wheels
Fix shlex.split on Windows
Removed six package and other older py cleanup values
Packaged in wip by Sunil Nimmagadda.
An unofficial, portable fork of the OpenBSD doas command.
doas is a minimal replacement for the venerable sudo. It was
initially written by Ted Unangst of the OpenBSD project to provide
95% of the features of sudo with a fraction of the codebase.
Ancient ipsec stuff ported in 2003 then abandoned, doesn't work
with modern operating systems.
Directing (unlikely, this doesn't build) users to security/racoon2
"Important Note
The development of ipsec-tools has been ABANDONED.
ipsec-tools has security issues, and you should not use it. Please switch to a secure alternative!"
security/racoon2 provides an alternative that works with modern OS releases.
Changes since v4.5.0:
wolfSSL Release 4.6.0 (December 22, 2020)
Release 4.6.0 of wolfSSL embedded TLS has bug fixes and new features including:
New Feature Additions
New Build Options
* wolfSSL now enables linux kernel module support. Big news for Linux kernel
module developers with crypto requirements! wolfCrypt and wolfSSL are now
loadable as modules in the Linux kernel, providing the entire libwolfssl
API natively to other kernel modules. For the first time on Linux, the
entire TLS protocol stack can be loaded as a module, allowing fully
kernel-resident TLS/DTLS endpoints with in-kernel handshaking.
(--enable-linuxkm, --enable-linuxkm-defaults, --with-linux-source)
(https://www.wolfssl.com/loading-wolfssl-into-the-linux-kernel/)
* Build tests and updated instructions for use with Apple’s A12Z chipset
(https://www.wolfssl.com/preliminary-cryptographic-benchmarks-on-new-apple-a12z-bionic-platform/)
* Expansion of wolfSSL SP math implementation and addition of
--enable-sp-math-all build option
* Apache httpd w/TLS 1.3 support added
* Sniffer support for TLS 1.3 and AES CCM
* Support small memory footprint build with only TLS 1.3 and PSK without
code for (EC)DHE and certificates
New Hardware Acceleration
* Added support for NXP DCP (i.MX RT1060/1062) crypto co-processor
* Add Silicon Labs hardware acceleration using SL SE Manager
New Algorithms
* RC2 ECB/CBC added for use with PKCS#12 bundles
* XChaCha and the XChaCha20-Poly1305 AEAD algorithm support added
Misc
* Added support for 802.11Q VLAN frames to sniffer
* Added OCSP function wolfSSL_get_ocsp_producedDate
* Added API to set CPU ID flags cpuid_select_flags, cpuid_set_flag,
cpuid_clear_flag
* New DTLS/TLS non-blocking Secure Renegotiation example added to server.c
and client.c
Fixes
Math Library
* Fix mp_to_unsigned_bin_len out of bounds read with buffers longer than
maximum MP
* Fix for fp_read_radix_16 out of bounds read
* Fix to add wrapper for new timing resistant wc_ecc_mulmod_ex2 function
version in HW ECC acceleration
* Handle an edge case with RSA-PSS encoding message to hash
Compatibility Layer Fixes
* Fix for setting serial number wolfSSL_X509_set_serialNumber
* Fix for setting ASN1 time not before / not after with WOLFSSL_X509
* Fix for order of components in issuer name when using X509_sign
* Fix for compatibility layer API DH_compute_key
* EVP fix incorrect block size for GCM and buffer up AAD for
encryption/decryption
* EVP fix for AES-XTS key length return value and fix for string compare
calls
* Fix for mutex freeing during RNG failure case with EVP_KEY creation
* Non blocking use with compatibility layer BIOs in TLS connections
Build Configuration
* Fix for custom build with WOLFSSL_USER_MALLOC defined
* ED448 compiler warning on Intel 32bit systems
* CURVE448_SMALL build fix for 32bit systems with Curve448
* Fix to build SP math with IAR
* CMake fix to only set ranlib arguments for Mac, and for stray typo of
, -> ;
* Build with --enable-wpas=small fix
* Fix for building fips ready using openssl extra
* Fixes for building with Microchip (min/max and undef SHA_BLOCK_SIZE)
* FIx for NO_FILESYSTEM build on Windows
* Fixed SHA256 support for IMX-RT1060
* Fix for ECC key gen with NO_TFM_64BIT
Sniffer
* Fixes for sniffer when using static ECC keys. Adds back TLS v1.2 static
ECC key fallback detection and fixes new ECC RNG requirement for timing
resistance
* Fix for sniffer with SNI enabled to properly handle WOLFSSL_SUCCESS error
code in ProcessClientHello
* Fix for sniffer using HAVE_MAX_FRAGMENT in "certificate" type message
* Fix build error with unused "ret" when building with WOLFSSL_SNIFFER_WATCH.
* Fix to not treat cert/key not found as error in myWatchCb and
WOLFSSL_SNIFFER_WATCH.
* Sniffer fixes for handling TCP out-of-range sequence number
* Fixes SSLv3 use of ECDH in sniffer
PKCS
* PKCS#11 fix to generate ECC key for decrypt/sign or derive
* Fix for resetting internal variables when parsing a malformed PKCS#7
bundle with PKCS7_VerifySignedData()
* Verify the extracted public key in wc_PKCS7_InitWithCert
* Fix for internal buffer size when using decompression with PKCS#7
Misc
* Pin the C# verify callback function to keep from garbage collection
* DH fixes for when public key is owned and free’d after a handshake
* Fix for TLS 1.3 early data packets
* Fix for STM32 issue with some Cube HAL versions and STM32 example timeout
* Fix mmCAU and LTC hardware mutex locking to prevent double lock
* Fix potential race condition with CRL monitor
* Fix for possible malformed encrypted key with 3DES causing negative length
* AES-CTR performance fixed with AES-NI
Improvements/Optimizations
SP and Math
* mp_radix_size adjustment for leading 0
* Resolve implicit cast warnings with SP build
* Change mp_sqr to return an error if the result won't fit into the fixed
length dp
* ARM64 assembly with clang improvements, clang doesn't always handle use of
x29 (FP or Frame Pointer) in inline assembly code correctly - reworked
sp_2048_sqr_8 to not use x29
* SP mod exp changed to support exponents of different lengths
* TFM div: fix initial value of size in q so clamping doesn't OOB read
* Numerous stack depth improvements with --enable-smallstack
* Improve cache resistance with Base64 operations
TLS 1.3
* TLS 1.3 wolfSSL_peek want read return addition
* TLS 1.3: Fix P-521 algorithm matching
PKCS
* Improvements and refactoring to PKCS#11 key look up
* PKCS #11 changes for signing and loading RSA public key from private
* check PKCS#7 SignedData private key is valid before using it
* check PKCS#7 VerifySignedData content length against total bundle size
to avoid large malloc
Compatibility Layer
* EVP add block size for more ciphers in wolfSSL_EVP_CIPHER_block_size()
* Return long names instead of short names in wolfSSL_OBJ_obj2txt()
* Add additional OpenSSL compatibility functions to update the version of
Apache httpd supported
* add "CCM8" variants to cipher_names "CCM-8" ciphers, for OpenSSL compat
Builds
* Cortex-M SP ASM support for IAR 6.70
* STM Cube pack support (IDE/STM32Cube)
* Build option --enable-aesgcm=4bit added for AES-GCM GMULT using 4 bit
table
* Xilinx IDE updates to allow XTIME override for Xilinx, spelling fixes in
Xilinx README.md, and add Xilinx SDK printf support
* Added ED448 to the "all" options and ED448 check key null argument sanity
check
* Added ARC4, 3DES, nullcipher, BLAKE2, BLAKE2s, XChaCha, MD2, and MD4 to
the “all” options
* Added an --enable-all-crypto option, to enable only the wolfCrypt features
of --enable-all, combinable with --enable-cryptonly
* Added the ability to selectively remove features from --enable-all and
--enable-all-crypto using specific --disable- options
* Use Intel intrinsics with Windows for RDSEED and RDRAND
(thanks to dr-m from MariaDB)
* Add option to build with WOLFSSL_NO_CLIENT_AUTH
* Updated build requirements for wolfSSH use to be less restrictive
* lighttpd support update for v1.4.56
* Added batch file to copy files to ESP-IDF folders and resolved warnings
when using v4.0 ESP-IDF
* Added --enable-stacksize=verbose, showing at a glance the stack high water
mark for each subtest in testwolfcrypt
ECC
* Performance increase for ECC verify only, using non constant time SP modinv
* During ECC verify add validation of r and s before any use
* Always use safe add and dbl with ECC
* Timing resistant scalar multiplication updated with use of Joye double-add
ladder
* Update mp_jacobi function to reduce stack and increase performance for
base ECC build
* Reduce heap memory use with wc_EccPrivateKeyDecode, Improvement to
ECC wc_ecc_sig_to_rs and wc_ecc_rs_raw_to_sig to reduce memory use (avoid the mp_int)
* Improve StoreECC_DSA_Sig bounds checking
OCSP
* OCSP improvement to handle extensions in singleResponse
* support for OCSP request/response for multiple certificates
* OCSP Must Staple option added to require OCSP stapling response
* Add support for id-pkix-ocsp-nocheck extension
Misc
* Additional code coverage added for ECC and RSA, PKCS#7, 3DES, EVP and
Blake2b operations
* DTLS MTU: check MTU on write
* Refactor hash sig selection and add the macros WOLFSSL_STRONGEST_HASH_SIG
(picks the strongest hash) and WOLFSSL_ECDSA_MATCH_HASH (will pick the
hash to match the ECC curve)
* Strict certificate version allowed from client, TLS 1.2 / 1.3 can not
accept client certificates lower than version 3
* wolfSSL_get_ciphers_compat(), skip the fake indicator ciphers like the
renegotiation indication and the quantum-safe hybrid
* When parsing session ticket, check TLS version to see whether they are
version compatible
* Additional sanity check for invalid ASN1 padding on integer type
* Adding in ChaCha20 streaming feature with Mac and Intel assembly build
* Sniffer build with --enable-oldtls option on
Setup and retrieve HTTPS and SSH credentials for use with 'git' and
other services. For HTTPS remotes the package interfaces the
'git-credential' utility which 'git' uses to store HTTP usernames and
passwords. For SSH remotes we provide convenient functions to find or
generate appropriate SSH keys. The package both helps the user to
setup a local git installation, and also provides a back-end for
git/ssh client libraries to authenticate with existing user
credentials.
1.4.3
- Fix a harmless compiler warning for CRAN
1.4.2
- Catch FIPS errors and add FIPS flag to openssl_config()
- Win/Mac: update binary packages to openssl 1.1.1g
- Early preparations for upcoming OpenSSL 3
Changes:
20.0.1 (2020-12-15)
-------------------
Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Deprecations:
^^^^^^^^^^^^^
Changes:
^^^^^^^^
- Fixed compatibility with OpenSSL 1.1.0.
20.0.0 (2020-11-27)
-------------------
Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- The minimum ``cryptography`` version is now 3.2.
- Remove deprecated ``OpenSSL.tsafe`` module.
- Removed deprecated ``OpenSSL.SSL.Context.set_npn_advertise_callback``, ``OpenSSL.SSL.Context.set_npn_select_callback``, and ``OpenSSL.SSL.Connection.get_next_proto_negotiated``.
- Drop support for Python 3.4
- Drop support for OpenSSL 1.0.1 and 1.0.2
Deprecations:
^^^^^^^^^^^^^
- Deprecated ``OpenSSL.crypto.loads_pkcs7`` and ``OpenSSL.crypto.loads_pkcs12``.
Changes:
^^^^^^^^
- Added a new optional ``chain`` parameter to ``OpenSSL.crypto.X509StoreContext()``
where additional untrusted certificates can be specified to help chain building.
`#948 <https://github.com/pyca/pyopenssl/pull/948>`_
- Added ``OpenSSL.crypto.X509Store.load_locations`` to set trusted
certificate file bundles and/or directories for verification.
`#943 <https://github.com/pyca/pyopenssl/pull/943>`_
- Added ``Context.set_keylog_callback`` to log key material.
`#910 <https://github.com/pyca/pyopenssl/pull/910>`_
- Added ``OpenSSL.SSL.Connection.get_verified_chain`` to retrieve the
verified certificate chain of the peer.
`#894 <https://github.com/pyca/pyopenssl/pull/894>`_.
- Make verification callback optional in ``Context.set_verify``.
If omitted, OpenSSL's default verification is used.
`#933 <https://github.com/pyca/pyopenssl/pull/933>`_
- Fixed a bug that could truncate or cause a zero-length key error due to a
null byte in private key passphrase in ``OpenSSL.crypto.load_privatekey``
and ``OpenSSL.crypto.dump_privatekey``.
`#947 <https://github.com/pyca/pyopenssl/pull/947>`_
3.3.1:
* Re-added a legacy symbol causing problems for older ``pyOpenSSL`` users.
3.3:
* **BACKWARDS INCOMPATIBLE:** Support for Python 3.5 has been removed due to
low usage and maintenance burden.
* **BACKWARDS INCOMPATIBLE:** The
:class:`~cryptography.hazmat.primitives.ciphers.modes.GCM` and
:class:`~cryptography.hazmat.primitives.ciphers.aead.AESGCM` now require
64-bit to 1024-bit (8 byte to 128 byte) initialization vectors. This change
is to conform with an upcoming OpenSSL release that will no longer support
sizes outside this window.
* **BACKWARDS INCOMPATIBLE:** When deserializing asymmetric keys we now
raise ``ValueError`` rather than ``UnsupportedAlgorithm`` when an
unsupported cipher is used. This change is to conform with an upcoming
OpenSSL release that will no longer distinguish between error types.
* **BACKWARDS INCOMPATIBLE:** We no longer allow loading of finite field
Diffie-Hellman parameters of less than 512 bits in length. This change is to
conform with an upcoming OpenSSL release that no longer supports smaller
sizes. These keys were already wildly insecure and should not have been used
in any application outside of testing.
* Updated Windows, macOS, and ``manylinux`` wheels to be compiled with
OpenSSL 1.1.1i.
* Python 2 support is deprecated in ``cryptography``. This is the last release
that will support Python 2.
* Added the
:meth:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey.recover_data_from_signature`
function to
:class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey`
for recovering the signed data from an RSA signature.
1.24.0
Features
add Python 3.9 support, drop Python 3.5 support
Bug Fixes
avoid losing the original '_include_email' parameter in impersonated credentials
Documentation
fix typo in import
1.10.1 - 2020-12-03
Fixed
Fixed a bug in certbot.util.add_deprecated_argument that caused the deprecated --manual-public-ip-logging-ok flag to crash Certbot in some scenarios.
More details about these changes can be found on our GitHub repo.
1.10.0 - 2020-12-01
Added
Added timeout to DNS query function calls for dns-rfc2136 plugin.
Confirmation when deleting certificates
CLI flag --key-type has been added to specify 'rsa' or 'ecdsa' (default 'rsa').
CLI flag --elliptic-curve has been added which takes an NIST/SECG elliptic curve. Any of secp256r1, secp384r1 and secp521r1 are accepted values.
The command certbot certficates lists the which type of the private key that was used for the private key.
Support for Python 3.9 was added to Certbot and all of its components.
Changed
certbot-auto was deprecated on Debian based systems.
CLI flag --manual-public-ip-logging-ok is now a no-op, generates a deprecation warning, and will be removed in a future release.
Fixed
Fixed a Unicode-related crash in the nginx plugin when running under Python 2.
Changes since 1.10.4:
duo_unix-1.11.4 - May 18, 2020
Added support for Ubuntu 20.04.
Added support tool to collect information (e.g. logs and PAM stacks) you can
send to Duo Support when troubleshooting issues.
Ubuntu 12.04 no longer supported.
Updated GPG public key for downloading distribution packages.
duo_unix-1.11.3 - October 2019
Support for CentOS 8, Red Hat 8, and Debian 10.
Improved validation of BSON messages.
Updated GPG public key for downloading distribution packages.
duo_unix-1.11.2 - June 2019
Published a guide to recommended Kerberos configuration for Duo Unix. Thanks
to Neal Poole at Facebook for bringing expertise and attention to this topic.
Updated SELinux policy to allow local logins to use the pam_duo PAM module
and made sshd configurable. This requires installation of
selinux-policy-devel on CentOS and RHEL 7 as a prerequisite.
Added support for spaces in group names when escaped with backslashes in
pam_duo.conf and login_duo.conf
Debian 7 no longer supported.
duo_unix-1.11.1 - November 2018
Fixed bug causing console login to fail on certain systems.
Debian 7 support is deprecated and will be removed in the next release.
duo_unix-1.11.0 - October 2018
Added configuration options for parsing the Duo username out of the GECOS
field: gecos_username_pos and gecos_delim.
Support for Debian 9 (Stretch).
CentOS 5 no longer supported.
duo_unix-1.10.5 - September 2018
CentOS 5 Support is deprecated and will be removed in the next release.
Fixed a bug that caused a segfault on systems where the hostname wasn't
retrievable.