Changes between 1.0.2f and 1.0.2g [1 Mar 2016]
* Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
Builds that are not configured with "enable-weak-ssl-ciphers" will not
provide any "EXPORT" or "LOW" strength ciphers.
[Viktor Dukhovni]
* Disable SSLv2 default build, default negotiation and weak ciphers. SSLv2
is by default disabled at build-time. Builds that are not configured with
"enable-ssl2" will not support SSLv2. Even if "enable-ssl2" is used,
users who want to negotiate SSLv2 via the version-flexible SSLv23_method()
will need to explicitly call either of:
SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2);
or
SSL_clear_options(ssl, SSL_OP_NO_SSLv2);
as appropriate. Even if either of those is used, or the application
explicitly uses the version-specific SSLv2_method() or its client and
server variants, SSLv2 ciphers vulnerable to exhaustive search key
recovery have been removed. Specifically, the SSLv2 40-bit EXPORT
ciphers, and SSLv2 56-bit DES are no longer available.
(CVE-2016-0800)
[Viktor Dukhovni]
*) Fix a double-free in DSA code
A double free bug was discovered when OpenSSL parses malformed DSA private
keys and could lead to a DoS attack or memory corruption for applications
that receive DSA private keys from untrusted sources. This scenario is
considered rare.
This issue was reported to OpenSSL by Adam Langley(Google/BoringSSL) using
libFuzzer.
(CVE-2016-0705)
[Stephen Henson]
*) Disable SRP fake user seed to address a server memory leak.
Add a new method SRP_VBASE_get1_by_user that handles the seed properly.
SRP_VBASE_get_by_user had inconsistent memory management behaviour.
In order to fix an unavoidable memory leak, SRP_VBASE_get_by_user
was changed to ignore the "fake user" SRP seed, even if the seed
is configured.
Users should use SRP_VBASE_get1_by_user instead. Note that in
SRP_VBASE_get1_by_user, caller must free the returned value. Note
also that even though configuring the SRP seed attempts to hide
invalid usernames by continuing the handshake with fake
credentials, this behaviour is not constant time and no strong
guarantees are made that the handshake is indistinguishable from
that of a valid user.
(CVE-2016-0798)
[Emilia Käsper]
*) Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
In the BN_hex2bn function the number of hex digits is calculated using an
int value |i|. Later |bn_expand| is called with a value of |i * 4|. For
large values of |i| this can result in |bn_expand| not allocating any
memory because |i * 4| is negative. This can leave the internal BIGNUM data
field as NULL leading to a subsequent NULL ptr deref. For very large values
of |i|, the calculation |i * 4| could be a positive value smaller than |i|.
In this case memory is allocated to the internal BIGNUM data field, but it
is insufficiently sized leading to heap corruption. A similar issue exists
in BN_dec2bn. This could have security consequences if BN_hex2bn/BN_dec2bn
is ever called by user applications with very large untrusted hex/dec data.
This is anticipated to be a rare occurrence.
All OpenSSL internal usage of these functions use data that is not expected
to be untrusted, e.g. config file data or application command line
arguments. If user developed applications generate config file data based
on untrusted data then it is possible that this could also lead to security
consequences. This is also anticipated to be rare.
This issue was reported to OpenSSL by Guido Vranken.
(CVE-2016-0797)
[Matt Caswell]
*) Fix memory issues in BIO_*printf functions
The internal |fmtstr| function used in processing a "%s" format string in
the BIO_*printf functions could overflow while calculating the length of a
string and cause an OOB read when printing very long strings.
Additionally the internal |doapr_outch| function can attempt to write to an
OOB memory location (at an offset from the NULL pointer) in the event of a
memory allocation failure. In 1.0.2 and below this could be caused where
the size of a buffer to be allocated is greater than INT_MAX. E.g. this
could be in processing a very long "%s" format string. Memory leaks can
also occur.
The first issue may mask the second issue dependent on compiler behaviour.
These problems could enable attacks where large amounts of untrusted data
is passed to the BIO_*printf functions. If applications use these functions
in this way then they could be vulnerable. OpenSSL itself uses these
functions when printing out human-readable dumps of ASN.1 data. Therefore
applications that print this data could be vulnerable if the data is from
untrusted sources. OpenSSL command line applications could also be
vulnerable where they print out ASN.1 data, or if untrusted data is passed
as command line arguments.
Libssl is not considered directly vulnerable. Additionally certificates etc
received via remote connections via libssl are also unlikely to be able to
trigger these issues because of message size limits enforced within libssl.
This issue was reported to OpenSSL Guido Vranken.
(CVE-2016-0799)
[Matt Caswell]
*) Side channel attack on modular exponentiation
A side-channel attack was found which makes use of cache-bank conflicts on
the Intel Sandy-Bridge microarchitecture which could lead to the recovery
of RSA keys. The ability to exploit this issue is limited as it relies on
an attacker who has control of code in a thread running on the same
hyper-threaded core as the victim thread which is performing decryptions.
This issue was reported to OpenSSL by Yuval Yarom, The University of
Adelaide and NICTA, Daniel Genkin, Technion and Tel Aviv University, and
Nadia Heninger, University of Pennsylvania with more information at
http://cachebleed.info.
(CVE-2016-0702)
[Andy Polyakov]
*) Change the req app to generate a 2048-bit RSA/DSA key by default,
if no keysize is specified with default_bits. This fixes an
omission in an earlier change that changed all RSA/DSA key generation
apps to use 2048 bits by default.
[Emilia Käsper]
Patch provided by Carsten Kunze via pkgsrc-wip and discussed with me via private
emails.
Changes:
Release 160217
==============
2016-02-17
tbl: Invalid memory access bug fixed. (When testing if a
line starts with '_' or '=' it did not check if the string is
empty.)
2016-02-16
.tr bugfix: When the first character given to .tr was un-
known, all character translations had been done wrong.
2016-02-11
tbl troff bug fixed: Height of table had been calculated
wrong. This could lead to graphics artifacts if a table is
at page bottom.
2016-02-10
Many changes to -man and -mdoc. Heirloom's manual page for-
matting is now quite compatible to groff.
2016-02-08
Operator 'v' added for ".if". (Some manpages using this.)
2016-02-02
-ms: Macros .QS and .QE added.
2016-01-29
Support for groff's notation \[uXXXX] added.
2016-01-26
nroff: Use of new names for .char now possible. (Up to now
only names found in the tab file could be used.)
2016-01-01
Spaces are now allowed in filenames of .cf, .fp, .lf, .nx,
and .so requests. The documentation stated that %20 could be
used to escape spaces. However this was not implemented.
The implementation has now been changed to allow spaces by
quoting the filename with '"'. Additionally character codes
up to 255 are allowed now in filenames. (Bug reported by
Jacob Parker (https://github.com/jacobp100).)
2015-12-23
groff's operator ".if F <font>" added.
2015-12-18
Support for groff's notation \[char<n>] added.
2015-12-10
File system case-sensitivity issue fixed. (Reported by Henry
McGilton.)
2015-10-28
Set previous font to current font in case of unknown font.
This is the groff behaviour. E.g. \fIfoo\fP \f(CWbar\fP blah
did underline "blah" in AT&T nroff.
2015-09-23
\n[.ns] implemented (had only been documented up to now).
2015-09-21
Basic HTML support added.
2015-09-18
Escape \I added (test if argument is a valid identifier). \I
is equivalent to groff's \A.
2015-07-14
PDFMark: \X'SetBorderStyle' added.
2015-07-08
Special groff compatibility mode for manual pages added which
is enabled when register .g is set to 1.
2015-06-24
.box bug fixed: .box did discard part of roff's state.
2015-06-22
mm(7): .PGFORM added to allow line length change inside docu-
ment.
2015-06-10
.ie-.el bug fixed. Up to now .ie-.el did not work fully re-
liable in AT&T roff. (Found during -mdoc debugging.)
2015-06-08
mdoc: Macro Lb with library definitions for FreeBSD and
NetBSD added.
2015-06-05
nroff -T37 (default), -Tlp and -Tlocale: Display of pic(7)
drawings implemented.
2015-06-04
troff -Tpost: All font description files now uppercase (for
use on case-insensitive file systems) and use of groff font
names instead of traditional names now possible with .ft and
\f.
2015-05-26
Bugfix: nroff: Local motions had not been local (did stay in
effect across line boundary).
nroff: Request \D'l ...' added.
2015-05-02
mdoc(7): .El: List type stack bug fixed.
we are pleased to announce the availability of Swift 3.0, an XMPP client
focused on usability and security.
It is our first release for 3 years and includes bug fixes and new features
like:
- File-transfer using Jingle File Transfer
- Simple continuation of 1-to-1 chats in group chats
- Keyword highlighting ( http://swift.im/blog/keyword-highlighting )
- Simple blocking of contacts using Blocking Command
- Compact roster setting that hides avatars and status messages
- Quick contact search filter in roster
- and more.
For the full changelog see https://swift.im/docs/changelog-3-0.html .
This is a filesystem client based on the SSH File Transfer Protocol.
Since most SSH servers already support this protocol it is very easy to
set up: i.e. on the server side there's nothing to do. On the client
side mounting the filesystem is as easy as logging into the server with
ssh.
The idea of sshfs was taken from the SSHFS filesystem distributed with
LUFS. There were some limitations in that codebase, and this
implementation features:
- Based on FUSE
- Multithreading
- Large reads (max 64k)
- Caching directory contents
- Reconnect on failure
* The low-level merge machinery has been taught to use CRLF line
termination when inserting conflict markers to merged contents that
are themselves CRLF line-terminated.
* "git worktree" had a broken code that attempted to auto-fix
possible inconsistency that results from end-users moving a
worktree to different places without telling Git (the original
repository needs to maintain backpointers to its worktrees, but
"mv" run by end-users who are not familiar with that fact will
obviously not adjust them), which actually made things worse
when triggered.
* "git push --force-with-lease" has been taught to report if the push
needed to force (or fast-forwarded).
* The emulated "yes" command used in our test scripts has been
tweaked not to spend too much time generating unnecessary output
that is not used, to help those who test on Windows where it would
not stop until it fills the pipe buffer due to lack of SIGPIPE.
* The vimdiff backend for "git mergetool" has been tweaked to arrange
and number buffers in the order that would match the expectation of
majority of people who read left to right, then top down and assign
buffers 1 2 3 4 "mentally" to local base remote merge windows based
on that order.
* The documentation for "git clean" has been corrected; it mentioned
that .git/modules/* are removed by giving two "-f", which has never
been the case.
* Paths that have been told the index about with "add -N" are not
quite yet in the index, but a few commands behaved as if they
already are in a harmful way.
* 2.3.5 to 2.3.6 upgrade:
What changed:
- Support WebSocket fragmented packets
- Fixed delivering directed presence (to self)
- Reset in-sess 'from' to FullJID on non-Presence packets
This is mainly a bugfix release.
The main change is that WebSocket connections work stable now.
https://github.com/jabberd2/jabberd2/commits/jabberd-2.3.6
