1.6.0 2017-02-26 03:26 UTC
Changelog:
* This release adds GnuPG 2.1 support.
* Internal API has been refactored.
* Fix Bug #21182: Ignore invalid proc_close() exit code
* Fix Bug G#28: Use --batch argument for key imports when no passphrase is
provided.
* Fix Bug #21151: GPG-AGENT process is not automatically closed when using
GnuPG 2.0
* Fix Bug #21152: Ignore time conflicts (by default)
* Fixed Bug #21148: Throw bad-passphrase exception instead of key-not-found
exception on decryption
Upstream changes:
2017-01-26 Dirk Eddelbuettel <edd@debian.org>
* DESCRIPTION (Version, Date): Release 0.6.12
2017-01-23 Thierry Onkelinx <thierry.onkelinx@inbo.be>
* NAMESPACE: export sha1.function() and sha1.call()
* R/sha1.R:
- sha1() gains methods for the class "function" and "call"
- sha1() gains a ... argument, currently only relevant for
"function"
- sha1() takes arguments into account for hash for complex,
Date and array. Note that this will lead to different
hasheS for these classes and for objects containing
these classes
* man/sha1.rd: update helppage for sha1()
* tests/sha1Test.R: update unit tests for sha1()
2017-01-01 Dirk Eddelbuettel <edd@debian.org>
* DESCRIPTION (Version, Date): Release 0.6.11
* R/sha1.R (sha1.anova): Added more #nocov marks
* src/sha2.c (SHA256_Transform): Idem
* tests/AESTest.R (hextextToRaw): Print AES object
* tests/AESTest.Rout.save: Updated
2016-12-08 Dirk Eddelbuettel <edd@debian.org>
* NAMESPACE: Register (and exported) makeRaw S3 methods
* man/makeRaw.Rd: New manual page
* tests/hmacTest.R: Direct call to makeRaw()
* tests/hmacTest.Rout.save: Ditto
* src/digest.c: Additional #nocov tags
* src/xxhash.c: Ditto
2016-12-07 Dirk Eddelbuettel <edd@debian.org>
* DESCRIPTION (Version, Date): Rolled minor version
* README.md: Use shields.io badge for codecov
* R/digest.R: Additional #nocov tags
* src/sha2.c: Ditto
* src/raes.c: Ditto
* tests/hmacTest.R: Additional tests
* tests/hmacTest.Rout.save: Ditto
2016-11-30 Dirk Eddelbuettel <edd@debian.org>
* .travis.yml (before_install): Activate PPA as we (currently)
need an updated version of (r-cran)-covr to run coverage
* tests/load-unload.R: Comment-out for now as it upsets coverage
* tests/digestTest.R: Test two more algorithms
* tests/digestTest.Rout.save: Updated reference output
* R/digest.R: Added #nocov tags
* R/zzz.R (.onUnload): Ditto
* src/crc32.c: Ditto
* src/pmurhash.c: Ditto
* src/raes.c: Ditto
* src/sha2.c: Ditto
* src/xxhash.c: Ditto
2016-11-26 Dirk Eddelbuettel <edd@debian.org>
* .travis.yml (after_success): Integrated Jim Hester's suggestion of
activating code coverage sent many moons ago (in PR #12)
* .codecov.yml (comment): Added
* .Rbuildignore: Exclude .codecov.yml
* README.md: Added code coverage badge
2016-10-16 Dirk Eddelbuettel <edd@debian.org>
* R/digest.R (digest): Support 'nosharing' option of base::serialize
as suggested by Radford Neal whose pqR uses this
2016-08-02 Dirk Eddelbuettel <edd@debian.org>
* DESCRIPTION (License): Now GPL (>= 2), cf issue 36 on GH
* README.md: Updated badge accordingly
2016-08-02 Dirk Eddelbuettel <edd@debian.org>
* DESCRIPTION (Version): Release 0.6.10
* DESCRIPTION (Description): Shortened to one paragraph
* DESCRIPTION (BugReports): URL to GH issues added
* .travis.yml: Rewritten for run.sh from forked r-travis
2016-07-12 Henrik Bengtsson <hb@aroma-project.org>
* src/digest.c: Correct bug with skip and file parameter interaction
* tests/digestTest.R: Test code
* tests/digestTest.Rout.save: Test reference output
* R/zzz.R: Allow for unloading of shared library
* tests/load-unload.R: Test code
* DESCRIPTION: Rolled minor Version and Date
2016-05-25 Thierry Onkelinx <thierry.onkelinx@inbo.be>
* R/sha1.R: Support for pairlist and name
* tests/sha1Test.R: Support for pairlist and name
* man/sha1.Rd: Support for pairlist, name, complex, array and Date
* NAMESPACE: Support for pairlist, name and array
* DESCRIPTION: bump version number and date
2016-05-01 Viliam Simko <viliam.simko@gmail.com>
* R/sha1.R: Support for complex, Date and array
* tests/sha1Test.R: Ditto
* NAMESPACE: Ditto
2016-04-27 Dirk Eddelbuettel <edd@debian.org>
* DESCRIPTION (Author): Add Qiang Kou to Authors
* README.md: Ditto
2016-01-25 Dirk Eddelbuettel <edd@debian.org>
* src/digest.c (digest): Use XLENGTH if R >= 3.0.0 (issue #29)
2016-01-11 Thierry Onkelinx <thierry.onkelinx@inbo.be>
* R/sha1.R: handle empty list and empty dataframe (#issue 27);
take the object class, digits and zapsmall into account (#PR 28)
* vignettes/sha1.Rmd: Small edits to reflect changes is sha1()
2016-01-09 Michel Lang <michellang@gmail.com>
* R/sha1.R: Add a length check to sha1(), use vapply()
This is a client for signing certificates with an ACME-server
(currently only provided by letsencrypt) implemented as a
relatively simple bash-script.
It uses the openssl utility for everything related to
actually handling keys and certificates,
so you need to have that installed.
Other dependencies are: curl, sed, grep, mktemp
(all found on almost any system, curl being the only exception)
The library can also be compiled using MinGW.
Removed use of alloca().
[Security] Removed implementation of deprecated "quick check" feature of PGP block cipher mode.
Improved the performance of scrypt by converting some Python to C.
Noteworthy changes in version 1.27 (2017-02-28) [C22/A22/R0]
-----------------------------------------------
* Added a Base64 decoder.
* Added support for the sh3 architecture.
* Added header gpgrt.h as an alias for gpg-error.h.
* Fixed macro GPGRT_GCC_VERSION.
* Fixed a race in non-blocking I/O on Windows.
* Interface changes relative to the 1.26 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
gpgrt_b64state_t NEW type.
gpgrt_b64dec_start NEW.
gpgrt_b64dec_proc NEW.
gpgrt_b64dec_finish NEW.
GPG_ERR_WRONG_NAME NEW.
gpgrt.h NEW header.
Otherwise, there is one nonsensical warning on every openssl invocation.
I have seen dozens of recipes for NetBSD setups, and each one cargo-cults
a "touch openssl.cnf" against that noise.
Bump package revision.
** libgnutls: Removed any references to OpenPGP functionality in documentation,
and marked all functions in openpgp.h as deprecated. That functionality
is considered deprecated and should not be used for other reason than
backwards compatibility.
** libgnutls: Improve detection of AVX support. In certain cases when
when the instruction was available on the host, but not on a VM running
gnutls, detection could fail causing illegal instruction usage.
** libgnutls: Added support for IDNA2008 for internationalized DNS names.
If gnutls is compiled using libidn2 (the latest version is recommended),
it will support IDNA2008 instead of the now obsolete IDNA2003 standard.
Resolves gitlab issue 150. Based on patch by Tim Ruehsen.
** p11tool: re-use ID from corresponding objects when writing certificates.
That is, when writing a certificate which has a corresponding public key,
or private key in the token, ensure that we use the same ID for the
certificate.
** API and ABI modifications:
gnutls_idna_map: Added
gnutls_idna_reverse_map: Added
# 20161029
* Argon2id added
* Better documentation
* Dual licensing CC0 / Apache 2.0
* Minor bug fixes (no security issue)
# 20160406
* Version 1.3 of Argon2
* Version number in encoded hash
* Refactored low-level API
* Visibility control for library symbols
* Microsoft Visual Studio solution
* New bindings
* Minor bug and warning fixes (no security issue)
# 20151206
* Python bindings
* Password read from stdin, instead of being an argument
* Compatibility FreeBSD, NetBSD, OpenBSD
* Constant-time verification
* Minor bug and warning fixes (no security issue)
v0.8.0 (14 February 2017)
+++++++++++++++++++++++++
- Added Fitbit compliance fix.
- Fixed an issue where newlines in the response body for the access token
request would cause errors when trying to extract the token.
- Fixed an issue introduced in v0.7.0 where users passing ``auth`` to several
methods would encounter conflicts with the ``client_id`` and
``client_secret``-derived auth. The user-supplied ``auth`` argument is now
used in preference to those options.
- More cleanups, removal of obsolete stuff, and moves towards py3k
compatibility.
- Add support for EC.get_builtin_curves() and use it for testing.
- Enable AES CTR mode
- Bundle-in six module v. 1.10.0
- add rand_file_name and rand_status
- remove all LHASH fiddling
- Extend Travis and GitLab CI configuration to test also py3k (with
allowed_failures) and CentOS6 (on GitLab CI).
- Add CONTRIBUTORS.rst. Thank you!
- Add PEP-484 type hints in comments to all Python files (except for
tests)
- Use context managers for file handling wherever possible instead of
leaking open file descriptors.
- Improve defaults handling for SSL_CTX_new().
- Fix PGP tests to actually run
2.047 2017/02/16
- better fix for problem which 2.046 tried to fix but broke LWP this way
2.046 2017/02/15
- cleanup everything in DESTROY and make sure to start with a fresh %{*self}
in configure_SSL because it can happen that a GLOB gets used again without
calling DESTROY (https://github.com/noxxi/p5-io-socket-ssl/issues/56)
2.045 2017/02/13
- fixed memory leak caused by not destroying CREATED_IN_THIS_THREAD for SSL
objects -> github pull#55
- optimization: don't track SSL objects and CTX in *CREATED_IN_THIS_THREAD
if perl is compiled w/o thread support
- small fix in t/protocol_version.t to use older versions of Net::SSLeay
with openssl build w/o SSLv3 support
- when setting SSL_keepSocketOnError to true the socket will not be closed
on fatal error. This is a modified version of
https://github.com/noxxi/p5-io-socket-ssl/pull/53/
Summary of upstream changelog:
bug fixes
many new ATRs
ATR_analysis: propose to submit the ATR if not known
We propose to submit the ATR at http://smartcard-atr.appspot.com/ when
the ATR is not found in the list.
The message is always displayed for an unknown ATR, not just after the
list has been updated.
ATR_analysis: correctly use wget to store the ATR list
1.4.26 - 7 January 2017, Ludovic Rousseau
- Add support of
. Bit4id Digital DNA Key
. Bit4id tokenME FIPS v3
. INGENICO Leo
. appidkey GmbH ID60-USB
- Add support of
- PowerOn: the default algorithm is now 5V then 1.8V then 3V then fail.
It is still possible to change the initial voltage in the
Info.plist file. Now, in any case, all the values are tried
before failing.
- Negociate maximum baud rate when bNumDataRatesSupported = 0
- Some minor improvements
1.4.25 - 30 September 2016, Ludovic Rousseau
- Add support of
. Aladdin R.D. JaCarta (idProduct: 0x0402)
. Broadcom Corp 5880 (idProduct: 0x5832)
. Broadcom Corp 5880 (idProduct: 0x5833)
. Broadcom Corp 5880 (idProduct: 0x5834)
. ESMART Token GOST X2 ET1020-A
. Feitian VR504 VHBR Contactless & Contact Card Reader
. Feitian bR500
. Gemalto K50
. appidkey GmbH ID100-USB SC Reader
. appidkey GmbH ID50 -USB
- Remove suport of
. Broadcom Corp 5880 (idProduct: 0x5800)
. Broadcom Corp 5880 (idProduct: 0x5805)
. KEBTechnology KONA USB SmartCard
- macOS: Fix composite device enumeration
- Fix crash with GemCore Pos Pro and GemCore Sim Pro
- Some minor improvements
1.4.24 - 22 May 2016, Ludovic Rousseau
- Add support of
. Generic USB Smart Card Reader
. Giesecke & Devrient GmbH StarSign CUT S
. HID AVIATOR Generic
- better support of Elatec TWN4 SmartCard NFC
- better support of SCM SCL011
- betetr support of HID Aviator generic
- fix SCARD_ATTR_VENDOR_IFD_SERIAL_NO attribute size
- fix a race condition on card events with multiple readers
- Some minor improvements
1.4.23 - 20 April 2016, Ludovic Rousseau
- Add support of
. ACS ACR3901U ICC Reader
. Alcor Micro AU9560
. Cherry SmartTerminal XX44
. HID Global OMNIKEY 3x21 Smart Card Reader
. HID Global OMNIKEY 5022 Smart Card Reader
. HID Global OMNIKEY 6121 Smart Card Reader
. IonIDe Smartcard Reader reader
. KACST HSID Reader
. KACST HSID Reader Dual Storage
. KACST HSID Reader Single Storage
- Remove support of
. VMware Virtual USB CCID
- Do NOT add support of
. DUALi DE-ABCM6
- Fix a busy loop consuming 100% of CPU for some composite USB devices
impacted readers: Yubico Yubikey NEO U2F+CCID and Broadcom BCM5880
- Remove support of (unused) option DRIVER_OPTION_RESET_ON_CLOSE
- log libusb error name instead of decimal value
- Some minor improvements
1.4.22 - 10 January 2016, Ludovic Rousseau
- Add support of
. Aktiv Rutoken PINPad 2
. Aladdin R.D. JC-WebPass (JC600)
. Aladdin R.D. JCR-770
. Aladdin R.D. JaCarta
. Aladdin R.D. JaCarta Flash
. Aladdin R.D. JaCarta LT
. Aladdin R.D. JaCarta U2F (JC602)
. Athena ASEDrive IIIe Combo Bio PIV
. Athena ASEDrive IIIe KB Bio PIV
. GEMALTO CT1100
. GEMALTO K1100
. Hitachi, Ltd. Hitachi Biometric Reader
. Hitachi, Ltd. Hitachi Portable Biometric Reader
. Nitrokey Nitrokey Storage
. THURSBY SOFTWARE TSS-PK1
. Thursby Software Systems, Inc. TSS-PK7
. Thursby Software Systems, Inc. TSS-PK8
- Patch for Microchip SEC1110 reader on Mac OS X (card events notification)
- Patch for Cherry KC 1000 SC (problem was with a T=1 card and case 2 APDU)
- Fix support of FEATURE_MCT_READER_DIRECT for the Kobil mIDentity
visual reader
- Set timeout to 90 sec for PPDU (Pseudo APDU) commands. This change
allows the use of a Secure Verify command sent as a PPDU through
SCardTransmit().
- Fix a crash when reader reader initialization failed
- Fix initialization bug with Gemalto Pinpad reader on Mac OS X
- Some minor bugs fixed
1.4.21 - 21 October 2015, Ludovic Rousseau
- Add support of
. ACS ACR1252 Dual Reader
. Chicony HP USB Smartcard CCID Keyboard JP
. Chicony HP USB Smartcard CCID Keyboard KR
. FT ePass2003Auto
. Feitian bR301 BLE
. Feitian iR301 (ProductID 0x0619)
. Feitian iR301 (ProductID 0x061C)
. Identiv @MAXX ID-1 Smart Card Reader
. Identiv @MAXX Light2 token
. Identiv CLOUD 2980 F Smart Card Reader
. Identiv Identiv uTrust 4701 F Dual Interface Reader
. Identiv SCR3500 A Contact Reader
. Identiv SCR3500 B Contact Reader
. Identiv SCR35xx USB Smart Card Reader
. Identiv uTrust 2900 R Smart Card Reader
. Identiv uTrust 2910 R Smart Card Reader
. Identiv uTrust 2910 R Taglio SC Reader
. Identiv uTrust 3512 SAM slot Token
. Identiv uTrust 3522 embd SE RFID Token
. Identiv uTrust 3700 F CL Reader
. Identiv uTrust 3701 F CL Reader
. Identive Identive CLOUD 4000 F DTC
. Liteon HP SC Keyboard - Apollo (Liteon)
. Liteon HP SC Keyboard - Apollo JP (Liteon)
. Liteon HP SC Keyboard - Apollo KR (Liteon)
. Nitrokey Nitrokey HSM
. Nitrokey Nitrokey Pro
. Nitrokey Nitrokey Start
. Rocketek RT-SCR1
. VASCO DIGIPASS 875
. WatchCNPC USB CCID Key
- Remove support of
. Crypto Stick Crypto Stick v1.4 is an old version of Nitrokey Nitrokey Pro
. Free Software Initiative of Japan Gnuk Token is an old version
of Nitrokey Nitrokey Start
- Add Feitain R502 dual interface (composite) reader on Mac OS X
- display a human readable version of the error code returned by
libusb
- Mac OS X: wait until libusb/the reader is ready
- some minor bugs fixed
1.8.20: Ludovic Rousseau
30 December 2016
- Fix a crash and potential security issue in pcscd
1.8.19: Ludovic Rousseau
9 December 2016
- SCardGetStatusChange(): Fix a (rare) race condition
- Doxygen:
. SCardGetStatusChange() may return SCARD_E_UNKNOWN_READER
. SCardConnect() and SCardReconnect() will never return SCARD_E_NOT_READY
- pcsc-spy:
. fix display of execution time
. log the thread number in the results
- Some other minor improvements
This is a tiny, auditable script that you can throw on your server to issue and
renew Let's Encrypt certificates. Since it has to be run on your server and
have access to your private Let's Encrypt account key, I tried to make it as
tiny as possible (currently less than 200 lines). The only prerequisites are
python and openssl.
Tested successfully on NetBSD 7.0.2 (i386).
"please import!" wiz@
FEATURES:
- Okta Authentication: A new Okta authentication backend allows you to use
Okta usernames and passwords to authenticate to Vault. If provided with an
appropriate Okta API token, group membership can be queried to assign
policies; users and groups can be defined locally as well.
- RADIUS Authentication: A new RADIUS authentication backend allows using
a RADIUS server to authenticate to Vault. Policies can be configured for
specific users or for any authenticated user.
- Exportable Transit Keys: Keys in `transit` can now be marked as
`exportable` at creation time. This allows a properly ACL'd user to retrieve
the associated signing key, encryption key, or HMAC key. The `exportable`
value is returned on a key policy read and cannot be changed, so if a key is
marked `exportable` it will always be exportable, and if it is not it will
never be exportable.
- Batch Transit Operations: `encrypt`, `decrypt` and `rewrap` operations
in the transit backend now support processing multiple input items in one
call, returning the output of each item in the response.
- Configurable Audited HTTP Headers: You can now specify headers that you
want to have included in each audit entry, along with whether each header
should be HMAC'd or kept plaintext. This can be useful for adding additional
client or network metadata to the audit logs.
- Transit Backend UI (Enterprise): Vault Enterprise UI now supports the transit
backend, allowing creation, viewing and editing of named keys as well as using
those keys to perform supported transit operations directly in the UI.
- Socket Audit Backend A new socket audit backend allows audit logs to be sent
through TCP, UDP, or UNIX Sockets.
IMPROVEMENTS:
- auth/aws-ec2: Add support for cross-account auth using STS
- auth/aws-ec2: Support issuing periodic tokens
- auth/github: Support listing teams and users
- auth/ldap: Support adding policies to local users directly, in addition to
local groups
- command/server: Add ability to select and prefer server cipher suites
- core: Add a nonce to unseal operations as a check (useful mostly for
support, not as a security principle)
- duo: Added ability to supply extra context to Duo pushes
- physical/consul: Add option for setting consistency mode on Consul gets
- physical/etcd: Full v3 API support; code will autodetect which API version
to use. The v3 code path is significantly less complicated and may be much
more stable.
- secret/pki: Allow specifying OU entries in generated certificate subjects
- secret mount ui (Enterprise): the secret mount list now shows all mounted
backends even if the UI cannot browse them. Additional backends can now be
mounted from the UI as well.
BUG FIXES:
- auth/token: Fix regression in 0.6.4 where using token store roles as a
blacklist (with only `disallowed_policies` set) would not work in most
circumstances
- physical/s3: Page responses in client so list doesn't truncate
- secret/cassandra: Stop a connection leak that could occur on active node
failover
- secret/pki: When using `sign-verbatim`, don't require a role and use the
CSR's common name
2.044 2017/01/26
- protect various 'eval'-based capability detections at startup with a localized
__DIE__ handler. This way dynamically requiring IO::Socket::SSL as done by
various third party software should cause less problems even if there is a
global __DIE__ handler which does not properly deal with 'eval'.
python-oath is a package implementing the three main OATH specifications:
- HOTP, an event based one-time password standard (RFC 4226)
- TOTP, a time based OTP (6238)
- OCRA, a mixed OTP / signature system based on HOTP for complex use cases
(RFC 6287)
Upstream changelog :
* Misleading add resp. enable of (already available) jail in database, that
induced a subsequent error: last position of log file will be never retrieved (gh-795)
* Fixed a distribution related bug within testReadStockJailConfForceEnabled
(e.g. test-cases faults on Fedora, see gh-1353)
* Fixed pythonic filters and test scripts (running via wrong python version,
uses "fail2ban-python" now);
* Fixed test case "testSetupInstallRoot" for not default python version (also
using direct call, out of virtualenv);
* Fixed ambiguous wrong recognized date pattern resp. its optional parts (see gh-1512);
* FIPS compliant, use sha1 instead of md5 if it not allowed (see gh-1540)
* Monit config: scripting is not supported in path (gh-1556)
* `filter.d/apache-modsecurity.conf`
- Fixed for newer version (one space, gh-1626), optimized: non-greedy catch-all
replaced for safer match, unneeded catch-all anchoring removed, non-capturing
* `filter.d/asterisk.conf`
- Fixed to match different asterisk log prefix (source file: method:)
* `filter.d/dovecot.conf`
- Fixed failregex ignores failures through some not relevant info (gh-1623)
* `filter.d/ignorecommands/apache-fakegooglebot`
- Fixed error within apache-fakegooglebot, that will be called
with wrong python version (gh-1506)
* `filter.d/assp.conf`
- Extended failregex and test cases to handle ASSP V1 and V2 (gh-1494)
* `filter.d/postfix-sasl.conf`
- Allow for having no trailing space after 'failed:' (gh-1497)
* `filter.d/vsftpd.conf`
- Optional reason part in message after FAIL LOGIN (gh-1543)
* `filter.d/sendmail-reject.conf`
- removed mandatory double space (if dns-host available, gh-1579)
* filter.d/sshd.conf
- recognized "Failed publickey for" (gh-1477);
- optimized failregex to match all of "Failed any-method for ... from <HOST>" (gh-1479)
- eliminated possible complex injections (on user-name resp. auth-info, see gh-1479)
- optional port part after host (see gh-1533, gh-1581)
* New Actions:
- `action.d/npf.conf` for NPF, the latest packet filter for NetBSD
* New Filters:
- `filter.d/mongodb-auth.conf` for MongoDB (document-oriented NoSQL database engine)
(gh-1586, gh-1606 and gh-1607)
* DateTemplate regexp extended with the word-end boundary, additionally to
word-start boundary
* Introduces new command "fail2ban-python", as automatically created symlink to
python executable, where fail2ban currently installed (resp. its modules are located):
- allows to use the same version, fail2ban currently running, e.g. in
external scripts just via replace python with fail2ban-python:
```diff
-#!/usr/bin/env python
+#!/usr/bin/env fail2ban-python
```
- always the same pickle protocol
- the same (and also guaranteed available) fail2ban modules
- simplified stand-alone install, resp. stand-alone installation possibility
via setup (like gh-1487) is getting closer
* Several test cases rewritten using new methods assertIn, assertNotIn
* New forward compatibility method assertRaisesRegexp (normally python >= 2.7).
Methods assertIn, assertNotIn, assertRaisesRegexp, assertLogged, assertNotLogged
are test covered now
* Jail configuration extended with new syntax to pass options to the backend (see gh-1408),
examples:
- `backend = systemd[journalpath=/run/log/journal/machine-1]`
- `backend = systemd[journalfiles="/run/log/journal/machine-1/system.journal, /run/log/journal/machine-1/user.journal"]`
- `backend = systemd[journalflags=2]`
2.5.1 - Bug and security fixes, new features, documentation updates
* X509_cmp_time() now passes a malformed GeneralizedTime field as an
error. Reported by Theofilos Petsios.
* Detect zero-length encrypted session data early, instead of when
malloc(0) fails or the HMAC check fails. Noted independently by
jsing@ and Kurt Cancemi.
* Check for and handle failure of HMAC_{Update,Final} or
EVP_DecryptUpdate().
* Massive update and normalization of manpages, conversion to
mandoc format. Many pages were rewritten for clarity and accuracy.
Portable doc links are up-to-date with a new conversion tool.
* Curve25519 Key Exchange support.
* Support for alternate chains for certificate verification.
* Code cleanups, CBS conversions, further unification of DTLS/SSL
handshake code, further ASN1 macro expansion and removal.
* Private symbol are now hidden in libssl and libcryto.
* Friendly certificate verification error messages in libtls, peer
verification is now always enabled.
* Added OCSP stapling support to libtls and netcat.
* Added ocspcheck utility to validate a certificate against its OCSP
responder and save the reply for stapling
* Enhanced regression tests and error handling for libtls.
* Added explicit constant and non-constant time BN functions,
defaulting to constant time wherever possible.
* Moved many leaked implementation details in public structs behind
opaque pointers.
* Added ticket support to libtls.
* Added support for setting the supported EC curves via
SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous
SSL{_CTX}_set1_curves{_list} names. This also changes the default
list of curves to be X25519, P-256 and P-384. All other curves must
be manually enabled.
* Added -groups option to openssl(1) s_client for specifying the curves
to be used in a colon-separated list.
* Merged client/server version negotiation code paths into one,
reducing much duplicate code.
* Removed error function codes from libssl and libcrypto.
* Fixed an issue where a truncated packet could crash via an OOB read.
* Added SSL_OP_NO_CLIENT_RENEGOTIATION option that disallows
client-initiated renegotiation. This is the default for libtls
servers.
* Avoid a side-channel cache-timing attack that can leak the ECDSA
private keys when signing. This is due to BN_mod_inverse() being
used without the constant time flag being set. Reported by Cesar
Pereida Garcia and Billy Brumley (Tampere University of Technology).
The fix was developed by Cesar Pereida Garcia.
* iOS and MacOS compatibility updates from Simone Basso and Jacob
Berkman.
* Security bugfixes
- OpenSSL DLLs updated to version 1.0.2k.
https://www.openssl.org/news/secadv/20170126.txt
* New features
- DH ciphersuites are now disabled by default.
- The daily server DH parameter regeneration is only performed if
DH ciphersuites are enabled in the configuration file.
- "checkHost" and "checkEmail" were modified to require either
"verifyChain" or "verifyPeer" (thx to Małorzata Olszówka).
* Bugfixes
- Fixed setting default ciphers.
Add patch that makes tests on NetBSD progress further.
But then there's a segfault. See
https://github.com/pyca/pyopenssl/issues/596
16.2.0 (2016-10-15)
-------------------
Changes:
^^^^^^^^
- Fixed compatibility errors with OpenSSL 1.1.0.
- Fixed an issue that caused failures with subinterpreters and embedded Pythons.
`#552 <https://github.com/pyca/pyopenssl/pull/552>`_
16.1.0 (2016-08-26)
-------------------
Deprecations:
^^^^^^^^^^^^^
- Dropped support for OpenSSL 0.9.8.
Changes:
^^^^^^^^
- Fix memory leak in ``OpenSSL.crypto.dump_privatekey()`` with ``FILETYPE_TEXT``.
`#496 <https://github.com/pyca/pyopenssl/pull/496>`_
- Enable use of CRL (and more) in verify context.
`#483 <https://github.com/pyca/pyopenssl/pull/483>`_
- ``OpenSSL.crypto.PKey`` can now be constructed from ``cryptography`` objects and also exported as such.
`#439 <https://github.com/pyca/pyopenssl/pull/439>`_
- Support newer versions of ``cryptography`` which use opaque structs for OpenSSL 1.1.0 compatibility.
Add more test dependencies.
Self tests cause a python core dump, see
https://github.com/pyca/cryptography/issues/3372
1.7.2 - 2017-01-27
~~~~~~~~~~~~~~~~~~
* Updated Windows and macOS wheels to be compiled against OpenSSL 1.0.2k.
Changes between 1.0.2j and 1.0.2k [26 Jan 2017]
*) Truncated packet could crash via OOB read
If one side of an SSL/TLS path is running on a 32-bit host and a specific
cipher is being used, then a truncated packet can cause that host to
perform an out-of-bounds read, usually resulting in a crash.
This issue was reported to OpenSSL by Robert Święcki of Google.
(CVE-2017-3731)
[Andy Polyakov]
*) BN_mod_exp may produce incorrect results on x86_64
There is a carry propagating bug in the x86_64 Montgomery squaring
procedure. No EC algorithms are affected. Analysis suggests that attacks
against RSA and DSA as a result of this defect would be very difficult to
perform and are not believed likely. Attacks against DH are considered just
feasible (although very difficult) because most of the work necessary to
deduce information about a private key may be performed offline. The amount
of resources required for such an attack would be very significant and
likely only accessible to a limited number of attackers. An attacker would
additionally need online access to an unpatched system using the target
private key in a scenario with persistent DH parameters and a private
key that is shared between multiple clients. For example this can occur by
default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very
similar to CVE-2015-3193 but must be treated as a separate problem.
This issue was reported to OpenSSL by the OSS-Fuzz project.
(CVE-2017-3732)
[Andy Polyakov]
*) Montgomery multiplication may produce incorrect results
There is a carry propagating bug in the Broadwell-specific Montgomery
multiplication procedure that handles input lengths divisible by, but
longer than 256 bits. Analysis suggests that attacks against RSA, DSA
and DH private keys are impossible. This is because the subroutine in
question is not used in operations with the private key itself and an input
of the attacker's direct choice. Otherwise the bug can manifest itself as
transient authentication and key negotiation failures or reproducible
erroneous outcome of public-key operations with specially crafted input.
Among EC algorithms only Brainpool P-512 curves are affected and one
presumably can attack ECDH key negotiation. Impact was not analyzed in
detail, because pre-requisites for attack are considered unlikely. Namely
multiple clients have to choose the curve in question and the server has to
share the private key among them, neither of which is default behaviour.
Even then only clients that chose the curve will be affected.
This issue was publicly reported as transient failures and was not
initially recognized as a security issue. Thanks to Richard Morgan for
providing reproducible case.
(CVE-2016-7055)
[Andy Polyakov]
*) OpenSSL now fails if it receives an unrecognised record type in TLS1.0
or TLS1.1. Previously this only happened in SSLv3 and TLS1.2. This is to
prevent issues where no progress is being made and the peer continually
sends unrecognised record types, using up resources processing them.
[Matt Caswell]
All py-certbot self tests pass.
39 self test failures in py-acme (running py.test), one core dump
in openssl (running make test).
Changes:
Test bug fixes
Changelog:
Version 5.39, 2017.01.01, urgency: LOW
* New features
- PKCS#11 engine (pkcs11.dll) added to the Win32 build.
- Per-destination TLS session cache added for the client mode.
- The new "logId" parameter "process" added to log PID values.
- Added support for the new SSL_set_options() values.
- Updated the manual page.
- Obsolete references to "SSL" replaced with "TLS".
* Bugfixes
- Fixed "logId" parameter to also work in inetd mode.
- "delay = yes" properly enforces "failover = prio".
- Fixed fd_set allocation size on Win64.
- Fixed reloading invalid configuration file on Win32.
- Fixed resolving addresses with unconfigured network interfaces.
Version 5.38, 2016.11.26, urgency: MEDIUM
* New features
- "sni=" can be used to prevent sending the SNI extension.
- The AI_ADDRCONFIG resolver flag is used when available.
- Merged Debian 06-lfs.patch (thx Peter Pentchev).
* Bugfixes
- Fixed a memory allocation bug causing crashes with OpenSSL 1.1.0.
- Fixed error handling for mixed IPv4/IPv6 destinations.
- Merged Debian 08-typos.patch (thx Peter Pentchev).
Version 5.37, 2016.11.06, urgency: MEDIUM
* Bugfixes
- OpenSSL DLLs updated to version 1.0.2j (stops crashes).
- The default SNI target (not handled by any slave service)
is handled by the master service rather than rejected.
- Removed thread synchronization in the FORK threading model.
Version 5.36, 2016.09.22, urgency: HIGH
* Security bugfixes
- OpenSSL DLLs updated to version 1.0.2i.
https://www.openssl.org/news/secadv_20160922.txt
* New features
- Added support for OpenSSL 1.1.0 built with "no-deprecated".
- Removed direct zlib dependency.
All tests pass.
Noteworthy changes in version 1.7.6 (2017-01-18) [C21/A1/R6]
------------------------------------------------
* Bug fixes:
- Fix AES CTR self-check detected failure in the SSSE3 based
implementation.
- Remove gratuitous select before the getrandom syscall.
Pkgsrc changes:
* Remove patch now integrated.
Upstream changes:
OpenDNSSEC 1.4.13 - 2017-01-20
* OPENDNSSEC-778: Double NSEC3PARAM record after resalt.
* OPENDNSSEC-853: Fixed serial_xfr_acquired not updated in state file.
* Wrong error was sometimes being print on failing TCP connect.
* Add support for OpenSSL 1.1.0.
* OPENDNSSEC-866: Script for migration between MySQL and SQLite was outdated.
MASTER_SITES= site1 \
site2
style continuation lines to be simple repeated
MASTER_SITES+= site1
MASTER_SITES+= site2
lines. As previewed on tech-pkg. With thanks to rillig for fixing pkglint
accordingly.
- Fixed bug #63660 php_ssh2_fopen_wrapper_parse_path segfaults
- Fixed bug #63855 compilation fails on windows
- Fixed bug #64535 php_ssh2_sftp_dirstream_read segfault on error
- Add reflection API support
- Add exit-status support for ssh2 file wrappers
- Fixed bug #58893 Unable to request a channel from remote host
- Fix segfault when trying to authenticate in servers that do not
support authentication (none)
1.80 2017-01-05
Patch from Steffen Ulrich that fixed unexpected changes in the
control flow of the Perl program which seemed to be triggered by the
ticket key callback. Thanks Steffen.
2.043 2017/01/06
- make t/session_ticket.t work with OpenSSL 1.1.0. With this version the
session does not get reused any longer if it was not properly closed which
is now done using an explicit close by the client which causes a
proper SSL_shutdown
2.042 2017/01/05
- enable session ticket callback with Net::SSLeay>=1.80
No changelog released, commits closed for 0.10.0:
- Stop IDisplay AssertionErrors
- Add update_symlinks to "--help manage"
- Hide rename command for 0.10.0
- Disable rename command for 0.10.0
- Break on failure to deploy cert
- Incorrect success condition in nginx
- certbot delete and rename evoke IDisplay
- Put update_symlinks in certbot --help manage
- Fix Error Message for invalid FQDNs
- pyopenssl inject workaround
- pyparsing.restOfLine is not a function, don't call it
- Add information on updating [certbot|letsencrypt]-auto
- Remove quotes so tilde is expanded
- Correctly report when we skip hooks during renewal
- Add line number to Augeas syntax error message
- Mention line in (Apache) conf file in case of Augeas parse/syntax
error
- Fixes#3954 and adds a test to prevent regressions
- Further OCSP improvements
- `-n` doesn't like `force_interactive`?
- Save allow_subset_of_names in renewal conf files
- I promise checklists are OK (fixes#3934)
- Return domains for _find_domains_or_certname
- --cert-name causes explosions when trying to use "run" as an installer
- Interactivity glitch in git master
- Document some particularities of the revoke subcommand
- test using os.path.sep not hardcoded /
- Save --pre and --post hooks in renewal conf files, and run them in a
sophisticated way
- Don't add ServerAlias directives when the domain is already covered by
a wildcard
- Mitigate problems for people who run without -n
- Use relative paths for livedir symlinks
- Implement delete command
- Use isatty checks before asking new questions
- Ensure apt-cache is always running in English if we're going to grep
- Sort the names by domain (then subdomain) before showing them
- Merge the manual and script plugins
- --allow-subset-of-names should probably be a renewalparam
- Fix certbox-nginx address equality check
- Implement our fancy new --help output
- Make renew command respect the --cert-name flag
- Error when using non-english locale on Debian
- Document defaults
- Improve simple --help output
- Add pyasn1 back to le-auto
- Mark Nginx vhosts as ssl when any vhost is on ssl at that address
- Fully check for Nginx address equality
- Preserve --must-staple in configuration for renewal (#3844)
- Git master certbot is making executable renewal conf files?
- Improve the "certbot certificates" output
- Renewal: Preserve 'OCSP Must Staple' (option --must-staple)
- Security enhancement cleanup
- Parallalelise nosetests from tox
- "certbot certificates" is API-like, so make it future-proof
- Fix LE_AUTO_SUDO usage
- Remove the sphinxcontrib.programout [docs]dependency
- No more relative path connection from live-crt to archive-crt files
- Ensure tests pass with openssl 1.1
- Output success message for revoke command
- acme module fails tests with openssl 1.1
- Pin pyopenssl 16.2.0 in certbot-auto
- Fixed output of `certbot-auto --version`(#3637).
- Take advantage of urllib3 pyopenssl rewrite
- Busybox support
- Fix --http-01-port typo at source
- Implement the --cert-name flag to select a lineage by its name.
- Fix reinstall message
- Changed plugin interface return types (#3748).
- Remove letshelp-letsencrypt
- Bump pyopenssl version
- Bump python-cryptography to 1.5.3
- Remove get_all_certs_keys() from Apache and Nginx
- Further merge --script-* with --*-hook
- Certbot opens curses sessions for informational notices, breaking
automation
- Fix writing pem files with Python3
- Strange reinstallation errors
- Don't re-add redirects if one exists
- Use subprocess.Popen.terminate instead of os.killpg
- Generalize return types for plugin interfaces
- Don't re-append Nginx redirect directive
- Cli help is sometimes wrong about what the default for something is
- [certbot-auto] Bump cryptography version to 1.5.2
- python-cryptography build failure on sid
- Remove sphinxcontrib-programoutput dependency?
- Allow notification interface to not wrap text
- Fix non-ASCII domain check.
- Add renew_hook to options stored in the renewal config, #3394
- Where oh where has sphinxcontrib-programoutput gone?
- Remove some domain name checks.
- Allowing modification check to run using "tox"
- How to modify *-auto
- Don't crash when U-label IDN provided on command line
- Add README file to each live directory explaining its contents.
- Allow user to select all domains by typing empty string at checklist
- Fix issue with suggest_unsafe undeclared
- Update docs/contributing.rst to match display behavior during release.
- Referencing unbound variable in certbot.display.ops.get_email
- Add list-certs command
- Remove the curses dialog, thereby deprecating the --help and --dialog
command line options
- Remove the curses dialog, thereby deprecating the --help and --dialog
command line options
- Specify archive directory in renewal configuration file
- 0.9.1 fails in non-interactive use (pythondialog, error opening
terminal)
- Allow certbot to get a cert for default_servers
- [nginx] Cert for two domains in one virtaulhost fails
- [nginx] --hsts and --uir flags not working?
- `certbot-auto --version` still says `letsencrypt 0.9.3` (should say
`certbot 0.9.3`?)
- Add a cli option for "all domains my installer sees"
- Stop rejecting punycode domain names
- Standalone vs. Apache for available ports
- nginx-compatibility-weirdness
- Support requesting IDNA2008 Punycode domains
- Cert Management Improvement Project (C-MIP)
- Add --lineage command line option for nicer SAN management.
- Fix requirements.txt surgery in response to shipping certbot-nginx
- Use correct Content-Types in headers.
- Missing Content-Type 'application/json' in POST requests
- Script plugin
- Inconsistent error placement
- Server alias [revision requested]
- When getopts is called multiple time we need to reset OPTIND.
- certbot-auto: Print link to doc on debugging pip install error
[revision requested]
- Update ACME error namespace to match the new draft.
- Update errors to match latest ACME version.
- Testing the output of build.py against lea-source/lea
- Make return type of certbot.interfaces.IInstaller.get_all_keys_certs()
an iterator
- Fix requirements file surgery for 0.10.0 release
- Update Where Are My Certs section.
- Hooks do not get stored in renewal config file
- Multiple vhosts
- Bind to IPv6, fix the problem of ipv6 site cannot generate / renew
certificate [revision requested]
- Warning message for low memory servers
- Run simple certbot-auto tests with `tox`
- letsencrypt-auto-source/letsencrypt-auto should be the output of
build.py
- DialogError should come with --text instructions
- Support correct error namespace
- Verification URL after successful certificate configuration can't be
opened from terminal
- Use appropriate caution when handling configurations that have complex
rewrite logic
- `revoke` doesn't output any status
- adding -delete option to remove the cert files
- Stop using simple_verify in manual plugin
- Ways of specifying what to renew
- Allow removing SAN from multidomain certificate when renewing
- Dialog is sometimes ugly
- Allow user to override sudo as root authorization method [minor
revision requested]
- Add a README file to each live directory explaining its contents
- ExecutableNotFound
* Version 3.5.8 (released 2016-01-09)
** libgnutls: Ensure that multiple calls to the gnutls_set_priority_*
functions will not leave the verification profiles field to an
undefined state. The last call will take precedence.
** libgnutls: Ensure that GNUTLS_E_DECRYPTION_FAIL will be returned
by PKCS#8 decryption functions when an invalid key is provided. This
addresses regression on decrypting certain PKCS#8 keys.
** libgnutls: Introduced option to override the default priority string
used by the library. The intention is to allow support of system-wide
priority strings (as set with --with-system-priority-file). The
configure option is --with-default-priority-string.
** libgnutls: Require a valid IV size on all ciphers for PKCS#8 decryption.
This prevents crashes when decrypting malformed PKCS#8 keys.
** libgnutls: Fix crash on the loading of malformed private keys with certain
parameters set to zero.
** libgnutls: Fix double free in certificate information printing. If the PKIX
extension proxy was set with a policy language set but no policy specified,
that could lead to a double free.
** libgnutls: Addressed memory leaks in client and server side error paths
(issues found using oss-fuzz project)
** libgnutls: Addressed memory leaks in X.509 certificate printing error paths
(issues found using oss-fuzz project)
** libgnutls: Addressed memory leaks and an infinite loop in OpenPGP certificate
parsing. Fixes by Alex Gaynor. (issues found using oss-fuzz project)
** libgnutls: Addressed invalid memory accesses in OpenPGP certificate parsing.
(issues found using oss-fuzz project)
** API and ABI modifications:
No changes since last version.
* Version 3.5.7 (released 2016-12-8)
** libgnutls: Include CHACHA20-POLY1305 ciphersuites in the SECURE128
and SECURE256 priority strings.
** libgnutls: Require libtasn1 4.9; this ensures gnutls will correctly
operate with OIDs which have elements that exceed 2^32.
** libgnutls: The DN decoding functions output the traditional DN format
rather than the strict RFC4514 compliant textual DN. This reverts the
3.5.6 introduced change, and allows applications which depended on the
previous format to continue to function. Introduced new functions which
output the strict format by default, and can revert to the old one using
a flag.
** libgnutls: Improved TPM key handling. Check authorization requirements
prior to using a key and fix issue on loop for PIN input. Patches by
James Bottomley.
** libgnutls: In all functions accepting UTF-8 passwords, ensure that
passwords are normalized according to RFC7613. When invalid UTF-8
passwords are detected, they are only tolerated for decryption.
This introduces a libunistring dependency on GnuTLS. A version of
libunistring is included in the library for the platforms that do
not ship it; it can be used with the '--with-included-unistring'
option to configure script.
** libgnutls: When setting a subject alternative name in a certificate
which is in UTF-8 format, it will transparently be converted to IDNA form
prior to storing.
** libgnutls: GNUTLS_CRT_PRINT_ONELINE flag on gnutls_x509_crt_print()
will print the SHA256 key-ID instead of a certificate fingerprint.
** libgnutls: enhance the PKCS#7 verification capabilities. In the case
signers that are not discoverable using the trust list or input, use
the stored list as pool to generate a trusted chain to the signer.
** libgnutls: Improved MTU calculation precision for the CBC ciphersuites
under DTLS.
** libgnutls: [added missing news entry since 3.5.0]
No longer tolerate certificate key usage violations for
TLS signature verification, and decryption. That is GnuTLS will fail
to connect to servers which incorrectly use a restricted to signing certificate
for decryption, or vice-versa. This reverts the lax behavior introduced
in 3.1.0, due to several such broken servers being available. The %COMPAT
priority keyword can be used to work-around connecting on these servers.
** certtool: When exporting a CRQ in DER format ensure no text data are
intermixed. Patch by Dmitry Eremin-Solenikov.
** certtool: Include the SHA-256 variant of key ID in --certificate-info
options.
** p11tool: Introduced the --initialize-pin and --initialize-so-pin
options.
** API and ABI modifications:
gnutls_utf8_password_normalize: Added
gnutls_ocsp_resp_get_responder2: Added
gnutls_x509_crt_get_issuer_dn3: Added
gnutls_x509_crt_get_dn3: Added
gnutls_x509_rdn_get2: Added
gnutls_x509_dn_get_str2: Added
gnutls_x509_crl_get_issuer_dn3: Added
gnutls_x509_crq_get_dn3: Added
* Version 3.5.6 (released 2016-11-04)
** libgnutls: Enhanced the PKCS#7 parser to allow decoding old
(pre-rfc5652) structures with arbitrary encapsulated content.
** libgnutls: Introduced a function group to set known DH parameters
using groups from RFC7919.
** libgnutls: Added more strict RFC4514 textual DN encoding and decoding.
Now the generated textual DN is in reverse order according to RFC4514,
and functions which generate a DN from strings such gnutls_x509_crt_set_*dn()
set the expected DN (reverse of the provided string).
** libgnutls: Introduced time and constraints checks in the end certificate
in the gnutls_x509_crt_verify_data2() and gnutls_pkcs7_verify_direct()
functions.
** libgnutls: Set limits on the maximum number of alerts handled. That is,
applications using gnutls could be tricked into an busy loop if the
peer sends continuously alert messages. Applications which set a maximum
handshake time (via gnutls_handshake_set_timeout) will eventually recover
but others may remain in a busy loops indefinitely. This is related but
not identical to CVE-2016-8610, due to the difference in alert handling
of the libraries (gnutls delegates that handling to applications).
** libgnutls: Reverted the change which made the gnutls_certificate_set_*key*
functions return an index (introduced in 3.5.5), to avoid affecting programs
which explicitly check success of the function as equality to zero. In order
for these functions to return an index an explicit call to gnutls_certificate_set_flags
with the GNUTLS_CERTIFICATE_API_V2 flag is now required.
** libgnutls: Reverted the behavior of sending a status request extension even
without a response (introduced in 3.5.5). That is, we no longer reply to a
client's hello with a status request, with a status request extension. Although
that behavior is legal, it creates incompatibility issues with releases in
the gnutls 3.3.x branch.
** libgnutls: Delayed the initialization of the random generator at
the first call of gnutls_rnd(). This allows applications to load
on systems which getrandom() would block, without blocking until
real random data are needed.
** certtool: --get-dh-params will output parameters from the RFC7919
groups.
** p11tool: improvements in --initialize option.
** API and ABI modifications:
GNUTLS_CERTIFICATE_API_V2: Added
GNUTLS_NO_TICKETS: Added
gnutls_pkcs7_get_embedded_data_oid: Added
gnutls_anon_set_server_known_dh_params: Added
gnutls_certificate_set_known_dh_params: Added
gnutls_psk_set_server_known_dh_params: Added
gnutls_x509_crt_check_key_purpose: Added
* Version 3.5.5 (released 2016-10-09)
** libgnutls: enhanced gnutls_certificate_set_ocsp_status_request_file()
to allow importing multiple OCSP request files, one for each chain
provided.
** libgnutls: The gnutls_certificate_set_key* functions return an
index of the added chain. That index can be used either with
gnutls_certificate_set_ocsp_status_request_file(), or with
gnutls_certificate_get_crt_raw() and friends.
** libgnutls: Added SHA*, AES-GCM, AES-CCM and AES-CBC optimized implementations
for the aarch64 architecture. Uses Andy Polyakov's assembly code.
** libgnutls: Ensure proper cleanups on gnutls_certificate_set_*key()
failures due to key mismatch. This prevents leaks or double freeing
on such failures.
** libgnutls: Increased the maximum size of the handshake message hash.
This will allow the library to cope better with larger packets, as
the ones offered by current TLS 1.3 drafts.
** libgnutls: Allow to use client certificates despite them containing
disallowed algorithms for a session. That allows for example a client
to use DSA-SHA1 due to his old DSA certificate, without requiring him
to enable DSA-SHA1 (and thus make it acceptable for the server's certificate).
** libgnutls: Reverted AESNI code on x86 to earlier version as the
latest version was creating position depending code. Added checks
in the CI to detect position depending code early.
** guile: Update code to the I/O port API of Guile >= 2.1.4
This makes sure the GnuTLS bindings will work with the forthcoming 2.2
stable series of Guile, of which 2.1 is a preview.
** API and ABI modifications:
gnutls_certificate_set_ocsp_status_request_function2: Added
gnutls_session_ext_register: Added
gnutls_session_supplemental_register: Added
GNUTLS_E_PK_INVALID_PUBKEY: Added
GNUTLS_E_PK_INVALID_PRIVKEY: Added
hitch-1.4.4 (2016-12-22)
------------------------
- OpenSSL 1.1.0 compatibility fixes. OpenSSL 1.1.0 is now fully
supported with Hitch.
- Fix a bug in the OCSP refresh code that could make it loop with
immediate refreshes flooding an OCSP responder.
- Force the SSL_OP_SINGLE_DH_USE setting. This protects against an
OpenSSL vulnerability where a remote attacker could discover private
DH exponents (CVE-2016-0701).
hitch-1.4.3 (2016-11-14)
------------------------
- OCSP stapling is now enabled by default.
Users should create ocsp-dir (default: /var/lib/hitch/) and make it
writable for the hitch user.
- Build error due to man page generation on FreeBSD (most likely non-Linux)
has been fixed.
hitch-1.4.2 (2016-11-08)
------------------------
- Example configuration file hitch.conf.example has been shortened and
defaults moved into Hitch itself. Default cipher string is now what we
believe to be secure. Users are recommended to use the built-in default
from now on, unless they have special requirements.
- hitch.conf(5) manual has been added.
- Hitch will now send a TLS Close notification during connection teardown.
This fixes an incomplete read with a GnuTLS client when the backend
(thttpd) used EOF to signal end of data, leaving some octets discarded
by gnutls client-side. (Issue 127_)
- Autotools will now detect SO_REUSEPORT availability. (Issue 122_)
- Improved error handling on memory allocation failure.
configure test because the type in stddef.h is guarded by a c11 macro
(most likely).
Force the configure test to pass.
From David Shao in PR pkg/51793 (originally from FreeBSD ports).
1.79 2017-01-03
Patch to fix a few inline variable declarations that cause errors for
older compilers. From Andy Grundman. Thanks.
Patch: Generated C code is not compatible with MSVC, AIX cc,
probably others. Added some PREINIT blocks and replaced 2 cases of INIT with
PREINIT. From Andy Grundman. Thanks.
Patch to fix: Fails to compile if the OpenSSL library it's built
against has compression support compiled out. From Stephan
Wall. Thanks.
Added RSA_get_key_parameters() to return a list of pointers to RSA key
internals.
Patch to fix some documentation typos courtesy gregor herrmann.
RSA_get_key_parameters() is now only available prior OpenSSL 1.1.
Testing with openssl-1.1.0b.
Version 1.0.9
- Fix problem with compilation agains libressl
- Make tests use localy build c library instead of system one
Version 1.0.8
- Use p1_utils 1.0.6
- Make it possible to decode certificate to OTP format
- Make sure p1_sha isn't compiled to native code
SECURITY:
- default Policy Privilege Escalation: If a parent token did not have
the default policy attached to its token, it could still create
children with the default policy. This is no longer allowed (unless
the parent has sudo capability for the creation path). In most cases
this is low severity since the access grants in the default policy are
meant to be access grants that are acceptable for all tokens to have.
- Leases Not Expired When Limited Use Token Runs Out of Uses: When
using limited-use tokens to create leased secrets, if the
limited-use token was revoked due to running out of uses (rather than
due to TTL expiration or explicit revocation) it would fail to revoke
the leased secrets. These secrets would still be revoked when their
TTL expired, limiting the severity of this issue. An endpoint has been
added (auth/token/tidy) that can perform housekeeping tasks on the
token store; one of its tasks can detect this situation and revoke the
associated leases.
FEATURES:
- Policy UI (Enterprise): Vault Enterprise UI now supports viewing,
creating, and editing policies.
IMPROVEMENTS:
- http: Vault now sets a no-store cache control header to make it more
secure in setups that are not end-to-end encrypted
BUG FIXES:
- auth/ldap: Don't panic if dialing returns an error and starttls is
enabled; instead, return the error
- ui (Enterprise): Submitting an unseal key now properly resets the
form so a browser refresh isn't required to continue.
0.6.3 (December 6, 2016)
DEPRECATIONS/CHANGES:
- Request size limitation: A maximum request size of 32MB is imposed
to prevent a denial of service attack with arbitrarily large
requests
- LDAP denies passwordless binds by default: In new LDAP mounts, or
when existing LDAP mounts are rewritten, passwordless binds will be
denied by default. The new deny_null_bind parameter can be set to
false to allow these.
- Any audit backend activated satisfies conditions: Previously, when a
new Vault node was taking over service in an HA cluster, all audit
backends were required to be loaded successfully to take over active
duty. This behavior now matches the behavior of the audit logging
system itself: at least one audit backend must successfully be loaded.
The server log contains an error when this occurs. This helps keep a
Vault HA cluster working when there is a misconfiguration on a standby
node.
FEATURES:
- Web UI (Enterprise): Vault Enterprise now contains a built-in web UI
that offers access to a number of features, including
init/unsealing/sealing, authentication via userpass or LDAP, and K/V
reading/writing. The capability set of the UI will be expanding
rapidly in further releases. To enable it, set ui = true in the top
level of Vault's configuration file and point a web browser at your
Vault address.
- Google Cloud Storage Physical Backend: You can now use GCS for
storing Vault data
IMPROVEMENTS:
- auth/github: Policies can now be assigned to users as well as to
teams
- cli: Set the number of retries on 500 down to 0 by default (no
retrying). It can be very confusing to users when there is a pause
while the retries happen if they haven't explicitly set it. With
request forwarding the need for this is lessened anyways.
- core: Response wrapping is now allowed to be specified by backend
responses (requires backends gaining support)
- physical/consul: When announcing service, use the scheme of the
Vault server rather than the Consul client
- secret/consul: Added listing functionality to roles
- secret/postgresql: Added revocation_sql parameter on the role
endpoint to enable customization of user revocation SQL statements
- secret/transit: Add listing of keys
BUG FIXES:
- api/unwrap, command/unwrap: Increase compatibility of unwrap command
with Vault 0.6.1 and older
- api/unwrap, command/unwrap: Fix error when no client token exists
- auth/approle: Creating the index for the role_id properly
- auth/aws-ec2: Handle the case of multiple upgrade attempts when
setting the instance-profile ARN
- auth/ldap: Avoid leaking connections on login
- command/path-help: Use the actual error generated by Vault rather
than always using 500 when there is a path help error
- command/ssh: Use temporary file for identity and ensure its deletion
before the command returns
- cli: Fix error printing values with -field if the values contained
formatting directives
- command/server: Don't say mlock is supported on OSX when it isn't.
- core: Fix bug where a failure to come up as active node (e.g. if an
audit backend failed) could lead to deadlock
- physical/mysql: Fix potential crash during setup due to a query
failure
- secret/consul: Fix panic on user error
0.4.8 - 11/12/2014
- Added more acknowledgements and security considerations
0.4.7 - 11/12/2014
- Added TLS 1.2 support (Yngve Pettersen and Paul Sokolovsky)
- Don't offer SSLv3 by default (e.g. POODLE)
- Fixed bug with PyCrypto_RSA integration
- Fixed harmless bug that added non-prime into sieves list
- Added "make test" and "make test-dev" targets (Hubert Kario)
0.4.5 - 3/20/2013
- **API CHANGE**: TLSClosedConnectionError instead of ValueError when writing
to a closed connection. This inherits from socket.error, so should
interact better with SocketServer (see http://bugs.python.org/issue14574)
and other things expecting a socket.error in this situation.
- Added support for RC4-MD5 ciphersuite (if enabled in settings)
- This is allegedly necessary to connect to some Internet servers.
- Added TLSConnection.unread() function
- Switched to New-style classes (inherit from 'object')
- Minor cleanups
0.4.4 - 2/25/2013
- Added Python 3 support (Martin von Loewis)
- Added NPN client support (Marcelo Fernandez)
- Switched to RC4 as preferred cipher
- faster in Python, avoids "Lucky 13" timing attacks
- Fixed bug when specifying ciphers for anon ciphersuites
- Made RSA hashAndVerify() tolerant of sigs w/o encoded NULL AlgorithmParam
- (this function is not used for TLS currently, and this tolerance may
not even be necessary)
0.4.3 - 9/27/2012
- Minor bugfix (0.4.2 doesn't load tackpy)
0.4.2 - 9/25/2012
- Updated TACK (compatible with tackpy 0.9.9)
0.4.1 - 5/22/2012
- Fixed RSA padding bugs (w/help from John Randolph)
- Updated TACK (compatible with tackpy 0.9.7)
- Added SNI
- Added NPN server support (Sam Rushing/Google)
- Added AnonDH (Dimitris Moraitis)
- Added X509CertChain.parsePemList
- Improved XML-RPC (Kees Bos)
0.4.0 - 2/11/2012
- Fixed pycrypto support
- Fixed python 2.6 problems
0.3.9.x - 2/7/2012
Much code cleanup, in particular decomposing the handshake functions so they
are readable. The main new feature is support for TACK, an experimental
authentication method that provides a new way to pin server certificates (See
https://github.com/moxie0/Convergence/wiki/TACK ).
Also:
- Security Fixes
- Sends SCSV ciphersuite as per RFC 5746, to signal non-renegotiated
Client Hello. Does not support renegotiation (never has).
- Change from e=3 to e=65537 for generated RSA keys, not strictly
necessary but mitigates risk of sloppy verifier.
- 1/(n-1) countermeasure for BEAST.
- Behavior changes:
- Split cmdline into tls.py and tlstest.py, improved options.
- Formalized LICENSE.
- Defaults to closing socket after sending close_notify, fixes hanging.
problem that would occur sometime when waiting for other party's
close_notify.
- Update SRP to RFC 5054 compliance.
- Removed client handshake "callbacks", no longer support the SRP
re-handshake idiom within a single handshake function.
- Bugfixes
- Added hashlib support, removes Deprecation Warning due to sha and md5.
- Handled GeneratorExit exceptions that are a new Python feature, and
interfere with the async code if not handled.
- Removed:
- Shared keys (it was based on an ancient I-D, not TLS-PSK).
- cryptlib support, it wasn't used much, we have enough other options.
- cryptoIDs (TACK is better).
- win32prng extension module, as os.urandom is now available.
- Twisted integration (unused?, slowed down loading).
- Jython code (ancient, didn't work).
- Compat support for python versions < 2.7.
- Additions
- Support for TACK via TACKpy.
- Support for CertificateRequest.certificate_authorities ("reqCAs")
- Added TLSConnection.shutdown() to better mimic socket.
- Enabled Session resumption for XMLRPCTransport.
* Remove -ansi flag to be compatible with OCaml 4.04 (thanks Mark Shinwell, ).
* Use accessor functions for X509_STORE_CTX.
* Change CLIBS order to allow static linking.
For full changes, please refer ChangeLog file.
Future deprecation notice
=========================
We plan on retiring more legacy cryptography in future releases,
specifically:
* In approximately August 2017, removing remaining support for the
SSH v.1 protocol (client-only and currently compile-time disabled).
* In the same release, removing support for Blowfish and RC4 ciphers
and the RIPE-MD160 HMAC. (These are currently run-time disabled).
* Refusing all RSA keys smaller than 1024 bits (the current minimum
is 768 bits)
* The next release of OpenSSH will remove support for running sshd(8)
with privilege separation disabled.
* The next release of portable OpenSSH will remove support for
OpenSSL version prior to 1.0.1.
This list reflects our current intentions, but please check the final
release notes for future releases.
Potentially-incompatible changes
================================
This release includes a number of changes that may affect existing
configurations:
* This release removes server support for the SSH v.1 protocol.
* ssh(1): Remove 3des-cbc from the client's default proposal. 64-bit
block ciphers are not safe in 2016 and we don't want to wait until
attacks like SWEET32 are extended to SSH. As 3des-cbc was the
only mandatory cipher in the SSH RFCs, this may cause problems
connecting to older devices using the default configuration,
but it's highly likely that such devices already need explicit
configuration for key exchange and hostkey algorithms already
anyway.
* sshd(8): Remove support for pre-authentication compression.
Doing compression early in the protocol probably seemed reasonable
in the 1990s, but today it's clearly a bad idea in terms of both
cryptography (cf. multiple compression oracle attacks in TLS) and
attack surface. Pre-auth compression support has been disabled by
default for >10 years. Support remains in the client.
* ssh-agent will refuse to load PKCS#11 modules outside a whitelist
of trusted paths by default. The path whitelist may be specified
at run-time.
* sshd(8): When a forced-command appears in both a certificate and
an authorized keys/principals command= restriction, sshd will now
refuse to accept the certificate unless they are identical.
The previous (documented) behaviour of having the certificate
forced-command override the other could be a bit confusing and
error-prone.
* sshd(8): Remove the UseLogin configuration directive and support
for having /bin/login manage login sessions.
Changes since OpenSSH 7.3
=========================
This is primarily a bugfix release.
Security
--------
* ssh-agent(1): Will now refuse to load PKCS#11 modules from paths
outside a trusted whitelist (run-time configurable). Requests to
load modules could be passed via agent forwarding and an attacker
could attempt to load a hostile PKCS#11 module across the forwarded
agent channel: PKCS#11 modules are shared libraries, so this would
result in code execution on the system running the ssh-agent if the
attacker has control of the forwarded agent-socket (on the host
running the sshd server) and the ability to write to the filesystem
of the host running ssh-agent (usually the host running the ssh
client). Reported by Jann Horn of Project Zero.
* sshd(8): When privilege separation is disabled, forwarded Unix-
domain sockets would be created by sshd(8) with the privileges of
'root' instead of the authenticated user. This release refuses
Unix-domain socket forwarding when privilege separation is disabled
(Privilege separation has been enabled by default for 14 years).
Reported by Jann Horn of Project Zero.
* sshd(8): Avoid theoretical leak of host private key material to
privilege-separated child processes via realloc() when reading
keys. No such leak was observed in practice for normal-sized keys,
nor does a leak to the child processes directly expose key material
to unprivileged users. Reported by Jann Horn of Project Zero.
* sshd(8): The shared memory manager used by pre-authentication
compression support had a bounds checks that could be elided by
some optimising compilers. Additionally, this memory manager was
incorrectly accessible when pre-authentication compression was
disabled. This could potentially allow attacks against the
privileged monitor process from the sandboxed privilege-separation
process (a compromise of the latter would be required first).
This release removes support for pre-authentication compression
from sshd(8). Reported by Guido Vranken using the Stack unstable
optimisation identification tool (http://css.csail.mit.edu/stack/)
* sshd(8): Fix denial-of-service condition where an attacker who
sends multiple KEXINIT messages may consume up to 128MB per
connection. Reported by Shi Lei of Gear Team, Qihoo 360.
* sshd(8): Validate address ranges for AllowUser and DenyUsers
directives at configuration load time and refuse to accept invalid
ones. It was previously possible to specify invalid CIDR address
ranges (e.g. user@127.1.2.3/55) and these would always match,
possibly resulting in granting access where it was not intended.
Reported by Laurence Parry.
2.040 2016/12/17
- fix detection of default CA path for OpenSSL 1.1.x
- Utils::CERT_asHash now includes the signature algorithm used
- Utils::CERT_asHash can now deal with large serial numbers
1.7.1 - 2016-12-13
~~~~~~~~~~~~~~~~~~
* Fixed a regression in ``int_from_bytes`` where it failed to accept
``bytearray``.
1.7 - 2016-12-12
~~~~~~~~~~~~~~~~
* Support for OpenSSL 1.0.0 has been removed. Users on older version of OpenSSL
will need to upgrade.
* Added support for Diffie-Hellman key exchange using
:meth:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKeyWithSerialization.exchange`
* The OS random engine for OpenSSL has been rewritten to improve compatibility
with embedded Python and other edge cases. More information about this change
can be found in the
`pull request <https://github.com/pyca/cryptography/pull/3229>`_.
* gpg: New algorithm for selecting the best ranked public key when
using a mail address with -r, -R, or --locate-key.
* gpg: New option --with-tofu-info to print a new "tfs" record in
colon formatted key listings.
* gpg: New option --compliance as an alternative way to specify
options like --rfc2440, --rfc4880, et al.
* gpg: Many changes to the TOFU implementation.
* gpg: Improve usability of --quick-gen-key.
* gpg: In --verbose mode print a diagnostic when a pinentry is
launched.
* gpg: Remove code which warns for old versions of gnome-keyring.
* gpg: New option --override-session-key-fd.
* gpg: Option --output does now work with --verify.
* gpgv: New option --output to allow saving the verified data.
* gpgv: New option --enable-special-filenames.
* agent, dirmngr: New --supervised mode for use by systemd and alike.
* agent: By default listen on all available sockets using standard
names.
* agent: Invoke scdaemon with --homedir.
* dirmngr: On Linux now detects the removal of its own socket and
terminates.
* scd: Support ECC key generation.
* scd: Support more card readers.
* dirmngr: New option --allow-version-check to download a software
version database in the background.
* dirmngr: Use system provided CAs if no --hkp-cacert is given.
* dirmngr: Use a default keyserver if none is explicitly set
* gpgconf: New command --query-swdb to check software versions
against an copy of an online database.
* gpgconf: Print the socket directory with --list-dirs.
* tools: The WKS tools now support draft version -02.
* tools: Always build gpg-wks-client and install under libexec.
* tools: New option --supported for gpg-wks-client.
* The log-file option now accepts a value "socket://" to log to the
socket named "S.log" in the standard socket directory.
* Provide fake pinentries for use by tests cases of downstream
developers.
* Fixed many bugs and regressions.
* Many changes and improvements for the test suite.
Many of these definitely do not depend on readline.
So there must be a different underlying problem, and that
should be tracked down instead of papering over it.
Noteworthy changes in version 1.7.4 (2016-12-09) [C21/A1/R4]
------------------------------------------------
* Performance:
- More ARMv8/AArch32 improvements for AES, GCM, SHA-256, and SHA-1.
- Add ARMv8/AArch32 assembly implementation for Twofish and
Camellia.
- Add bulk processing implementation for ARMv8/AArch32.
- Add Stribog OIDs.
- Improve the DRBG performance and sync the code with the Linux
version.
* Internal changes:
- When secure memory is requested by the MPI functions or by
gcry_xmalloc_secure, they do not anymore lead to a fatal error if
the secure memory pool is used up. Instead new pools are
allocated as needed. These new pools are not protected against
being swapped out (mlock can't be used). However, these days
this is considered a minor issue and can easily be mitigated by
using encrypted swap space.
* Bug fixes:
- Fix GOST 28147 CryptoPro-B S-box.
- Fix error code handling of mlock calls.
solves:
=> Bootstrap dependency digest>=20010302: found digest-20160304
===> Building for openssl-1.0.2jnb1
making depend in crypto...
gmake[1]: Entering directory '/construction/security/openssl/work/openssl-1.0.2j/crypto'
../util/domd: makedepend: not found
new packages. Most of which are the remaining modules of the Tryton
platform which weren't packaged. The others are dependencies of the new
modules. This was tested on FreeBSD and is based in large part on Richard
Palo's (richard@) work. This is the most recent release of the Tryton
platform, version 4.2. There's a very large list of changes from the 3.8
series we have in pkgsrc. If you're interested, those functional changes
can be found here:
http://www.tryton.org/posts/new-tryton-release-42.htmlhttp://www.tryton.org/posts/new-tryton-release-40.html
Solves:
/usr/libexec/binutils225/elf/ld.gold: error: cannot find -lreadline
The missing specification is obvious on DragonFly because there's
no publically accessible version of readline in base.
Noteworthy changes in version 1.0.0 (2016-11-22)
------------------------------------------------
* Qt pinentry now supports repeat mode in one dialog.
* Qt and GTK pinentries now make it possible to show the entered
value.
* Qt pinentry now only grabs the keyboard if an entry field is
focused.
* Fixed foreground handling in pinentry-qt if compiled with Qt5 for
Windows.
* Fixed potential crash in Qt qualitybar calculation.
* GTK keyboard grabbing is now a bit more robust. The cursor is
changed to a big dot as a visual indication that a pinentry has
popped up and is waiting for input.
* The GNOME pinentry now falls back to curses if it can't use the
GCR system prompter or a screenlock is active.
* Fixed error output for cached passwords.
* A show/hide passphrase button or checkbox is now available with
some pinentry flavors.
* Improved diagnostics and error codes.
1.6 - 2016-11-22
~~~~~~~~~~~~~~~~
* Deprecated support for OpenSSL 1.0.0. Support will be removed in
``cryptography`` 1.7.
* Replaced the Python-based OpenSSL locking callbacks with a C version to fix
a potential deadlock that could occur if a garbage collection cycle occurred
while inside the lock.
* Added support for :class:`~cryptography.hazmat.primitives.hashes.BLAKE2b` and
:class:`~cryptography.hazmat.primitives.hashes.BLAKE2s` when using OpenSSL
1.1.0.
* Added
:attr:`~cryptography.x509.Certificate.signature_algorithm_oid` support to
:class:`~cryptography.x509.Certificate`.
* Added
:attr:`~cryptography.x509.CertificateSigningRequest.signature_algorithm_oid`
support to :class:`~cryptography.x509.CertificateSigningRequest`.
* Added
:attr:`~cryptography.x509.CertificateRevocationList.signature_algorithm_oid`
support to :class:`~cryptography.x509.CertificateRevocationList`.
* Added support for :class:`~cryptography.hazmat.primitives.kdf.scrypt.Scrypt`
when using OpenSSL 1.1.0.
* Added a workaround to improve compatibility with Python application bundling
tools like ``PyInstaller`` and ``cx_freeze``.
* Added support for generating a
:meth:`~cryptography.x509.random_serial_number`.
* Added support for encoding ``IPv4Network`` and ``IPv6Network`` in X.509
certificates for use with :class:`~cryptography.x509.NameConstraints`.
* Added :meth:`~cryptography.x509.Name.public_bytes` to
:class:`~cryptography.x509.Name`.
* Added :class:`~cryptography.x509.RelativeDistinguishedName`
* :class:`~cryptography.x509.DistributionPoint` now accepts
:class:`~cryptography.x509.RelativeDistinguishedName` for
:attr:`~cryptography.x509.DistributionPoint.relative_name`.
Deprecated use of :class:`~cryptography.x509.Name` as
:attr:`~cryptography.x509.DistributionPoint.relative_name`.
* :class:`~cryptography.x509.Name` now accepts an iterable of
:class:`~cryptography.x509.RelativeDistinguishedName`. RDNs can
be accessed via the :attr:`~cryptography.x509.Name.rdns`
attribute. When constructed with an iterable of
:class:`~cryptography.x509.NameAttribute`, each attribute becomes
a single-valued RDN.
* Added
:func:`~cryptography.hazmat.primitives.asymmetric.ec.derive_private_key`.
* Added support for signing and verifying RSA, DSA, and ECDSA signatures with
:class:`~cryptography.hazmat.primitives.asymmetric.utils.Prehashed`
digests.
2.039 2016/11/20
- OpenSSL 1.1.0c changed the behavior of SSL_read so that it now returns -1 on
EOF without proper SSL shutdown. Since it looks like that this behavior will
be kept at least for 1.1.1+ adapt to the changed API by treating errno=NOERR
on SSL_ERROR_SYSCALL as EOF.
Noteworthy changes in version 1.25 (2016-11-14) [C20/A20/R0]
-----------------------------------------------
* New interface gpgrt_get_syscall_clamp to allow libaries to make use
of Libgpg-error's system call wrapper functions.
* gpgrt_poll does now work under Windows.
* Fixed bug in the locking code when used with the nPth threading
library.
* Added support for {i686,x86_64}-apple-darwin.
* Added new error codes.
* Interface changes relative to the 1.23 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
gpgrt_get_syscall_clamp NEW.
GPG_ERR_ENGINE_TOO_OLD NEW.
GPG_ERR_WINDOW_TOO_SMALL NEW.
GPG_ERR_WINDOW_TOO_LARGE NEW.
GPG_ERR_MISSING_ENVVAR NEW.
GPG_ERR_USER_ID_EXISTS NEW.
GPG_ERR_NAME_EXISTS NEW.
GPG_ERR_DUP_NAME NEW.
GPG_ERR_TOO_OLD NEW.
GPG_ERR_TOO_YOUNG NEW.
- Use constant time modular inverse algorithm to avoid possible side
channel attack against ECDSA (CVE-2016-2849)
- Use constant time PKCS #1 unpadding to avoid possible side channel
attack against RSA decryption (CVE-2015-7827)
- avoid side channel with OAEP (CVE-2016-8871)
- avoid Lucky13 timing attack against CBC-based TLS cipher
- added X25519-based key exchange for TLS
- add support for the TLS Supported Point Formats Extension from
RFC 4492
- add support for the NewHope Ring-LWE key encapsulation algorithm
for estimated ~200 bit security level against a quantum attacker.
- add support for TLS Encrypt-then-MAC extension
- Fix undefined behavior in Curve25519 for 32bit platforms
- bugfix for GCM when 32-bit counters overflowed
- added ChaCha20Poly1305 TLS cipher
1.5.3 - 2016-11-05
~~~~~~~~~~~~~~~~~~
* **SECURITY ISSUE**: Fixed a bug where ``HKDF`` would return an empty
byte-string if used with a ``length`` less than ``algorithm.digest_size``.
Credit to **Markus Döring** for reporting the issue.
Local changes (retained from earlier versions):
* Some adaptations of the build setup (conversion scripts etc.)
* in signer/ixfr.c, log the zone name if the soamin assertion trigers
* in signer/zone.c, if there's a bad ixfr journal file, save it, for debug
Upstream changes:
News:
This is a bug fix release targeting a memory leak in the signer
when being used in the "bump in the wire" model where the signer
would send out notify messages and respond to IXFR requests for
the signed zone. This typically would manifest itself with very
frequent outgoing IXFRs over a longer period of time.
When upgrading from 1.4.10 (the 1.4.11 release was skipped) no
migration steps are needed. For upgrading from earlier releases
see the migration steps in the individual releases, most notably
in 1.4.8.2. This version of OpenDNSSEC does however require a
slightly less older minimal version of the library ldns.
Fixes:
* OPENDNSSEC-808: Crash on query with empty query section
(thanks Havard Eidnes).
* SUPPORT-191: Regression, Must accept notify without SOA (thanks
Christos Trochalakis).
* OPENDNSSEC-845: memory leak occuring when responding to IXFR
out when having had multiple updates.
* OPENDNSSEC-805: Avoid full resign due to mismatch in backup file
when upgrading from 1.4.8 or later.
* OPENDNSSEC-828: parsing zone list could show data from next zone
when zones iterated on single line.
* OPENDNSSEC-811,OPENDNSSEC-827,e.o.: compiler warnings and other
static code analysis cleanup
* OPENDNSSEC-847: Broken DNS IN notifications when pkt answer
section is empty.
* OPENDNSSEC-838: Crash in signer after having removed a zone.
* Update dependency to ldns to version 1.6.17 enabling the DNS HIP record.
* Prevent responding to queries when not fully started yet.
Version 1.8.0 (25 Oct 2016)
Daniel Stenberg (25 Oct 2016)
- RELEASE-NOTES: adjusted for 1.8.0
Kamil Dudka (20 Oct 2016)
- Revert "aes: the init function fails when OpenSSL has AES support"
This partially reverts commit f4f2298ef3635acd031cc2ee0e71026cdcda5864
because it caused the compatibility code to call initialization routines
redundantly, leading to memory leakage with OpenSSL 1.1 and broken curl
test-suite in Fedora:
88 bytes in 1 blocks are definitely lost in loss record 5 of 8
at 0x4C2DB8D: malloc (vg_replace_malloc.c:299)
by 0x72C607D: CRYPTO_zalloc (mem.c:100)
by 0x72A2480: EVP_CIPHER_meth_new (cmeth_lib.c:18)
by 0x4E5A550: make_ctr_evp.isra.0 (openssl.c:407)
by 0x4E5A8E8: _libssh2_init_aes_ctr (openssl.c:471)
by 0x4E5BB5A: libssh2_init (global.c:49)
Daniel Stenberg (19 Oct 2016)
- [Charles Collicutt brought this change]
libssh2_wait_socket: Fix comparison with api_timeout to use milliseconds (#134)
Fixes#74
- [Charles Collicutt brought this change]
Set err_msg on _libssh2_wait_socket errors (#135)
- Revert "travis: Test mbedtls too"
This reverts commit 3e6de50a24815e72ec5597947f1831f6083b7da8.
Travis doesn't seem to support the mbedtls-dev package
- maketgz: support "only" to only update version number locally
and fix the date output locale
- configure: make the --with-* options override the OpenSSL default
... previously it would default to OpenSSL even with the --with-[crypto]
options used unless you specificly disabled OpenSSL. Now, enabling another
backend will automatically disable OpenSSL if the other one is found.
- [Keno Fischer brought this change]
docs: Add documentation on new cmake/configure options
- [Keno Fischer brought this change]
configure: Add support for building with mbedtls
- [wildart brought this change]
travis: Test mbedtls too
- [wildart brought this change]
crypto: add support for the mbedTLS backend
Closes#132
- [wildart brought this change]
cmake: Add CLEAR_MEMORY option, analogously to that for autoconf
- README.md: fix link typo
- README: markdown version to look nicer on github
Viktor Szakats (5 Sep 2016)
- [Taylor Holberton brought this change]
openssl: add OpenSSL 1.1.0 compatibility
Daniel Stenberg (4 Sep 2016)
- [Antenore Gatta brought this change]
tests: HAVE_NETINET_IN_H was not defined correctly (#127)
Fixes#125
- SECURITY: fix web site typo
- SECURITY: security process
GitHub (14 Aug 2016)
- [Alexander Lamaison brought this change]
Basic dockerised test suite.
This introduces a test suite for libssh2. It runs OpenSSH in a Docker
container because that works well on Windows (via docker-machine) as
well as Linux. Presumably it works on Mac too with docker-machine, but
I've not tested that.
Because the test suite is docker-machine aware, you can also run it
against a cloud provider, for more realistic network testing, by setting
your cloud provider as your active docker machine. The Appveyor CI setup
in this commit does that because Appveyor doesn't support docker
locally.
Kamil Dudka (3 Aug 2016)
- [Viktor Szakats brought this change]
misc.c: Delete unused static variables
Closes#114
Daniel Stenberg (9 Apr 2016)
- [Will Cosgrove brought this change]
Merge pull request #103 from willco007/patch-2
Fix for security issue CVE-2016-0787
Alexander Lamaison (2 Apr 2016)
- [Zenju brought this change]
Fix MSVC 14 compilation errors
For _MSC_VER == 1900 these macros are not needed and create problems:
1>C:\Program Files (x86)\Windows Kits\10\Include\10.0.10240.0\ucrt\stdio.h(1925): warning C4005: 'snprintf': macro redefinition (compiling source file libssh2-files\src\mac.c)
1> \win32\libssh2_config.h(27): note: see previous definition of 'snprintf' (compiling source file libssh2-files\src\mac.c)
1>C:\Program Files (x86)\Windows Kits\10\Include\10.0.10240.0\ucrt\stdio.h(1927): fatal error C1189: #error: Macro definition of snprintf conflicts with Standard Library function declaration (compiling source file libssh2-files\src\mac.c)
Daniel Stenberg (26 Mar 2016)
- [Brad Harder brought this change]
_libssh2_channel_open: speeling error fixed in channel error message
Alexander Lamaison (15 Mar 2016)
- Link with crypt32.lib on Windows.
Makes linking with static OpenSSL work again. Although it's not
required for dynamic OpenSSL, it does no harm.
Fixes#98.
- [Craig A. Berry brought this change]
Tweak VMS help file building.
Primarily this is handling cases where top-level files moved into
the docs/ directory. I also corrected a typo and removed the
claim that libssh2 is public domain.
- [Craig A. Berry brought this change]
Build with standard stat structure on VMS.
This gets us large file support, is available on any VMS release
in the last decade and more, and gives stat other modern features
such as 64-bit ino_t.
- [Craig A. Berry brought this change]
Update vms/libssh2_config.h.
VMS does have stdlib.h, gettimeofday(), and OpenSSL. The latter
is appropriate to hard-wire in the configuration because it's
installed by default as part of the base operating system and
there is currently no libgcrypt port.
- [Craig A. Berry brought this change]
VMS can't use %zd for off_t format.
%z is a C99-ism that VMS doesn't currently have; even though the
compiler is C99-compliant, the library isn't quite. The off_t used
for the st_size element of the stat can be 32-bit or 64-bit, so
detect what we've got and pick a format accordingly.
- [Craig A. Berry brought this change]
Normalize line endings in libssh2_sftp_get_channel.3.
Somehow it got Windows-style CRLF endings so convert to just LF,
for consistency as well as not to confuse tools that will regard
the \r as content (e.g. the OpenVMS help librarian).
Dan Fandrich (29 Feb 2016)
- libgcrypt: Fixed a NULL pointer dereference on OOM
Daniel Stenberg (24 Feb 2016)
- [Viktor Szakats brought this change]
url updates, HTTP => HTTPS
Closes#87
Dan Fandrich (23 Feb 2016)
- RELEASE-NOTES: removed some duplicated names
pkgsrc changes:
- set LICENSE (x11)
- add test target
- add new NetBSD patches
- keep INTERIX patch, not tested
Upstream changelog
==================
release 1.2.15
fix handling of files > 2GB on Windows.
fix handling of symlinks to files owned by root.
release 1.2.14
fix fill() function, this fixes DoE and Gutmann modes.
new --rcmp mode.
use simple mode by default and not Gutmann 35 pass.
release 1.2.13
fix handling of OsX resource forks.
release-1_2_12
now using SVN on SourceForge.
small updates to autotools build files.
support Haiku operating system.
overwrite POSIX extended attributes.
srm has exit code != 0 if removing any file or directory failed.
handle alternate data streams on Windows and NTFS.
handle hard links on Windows and NTFS.
release-1_2_11
Win32 command line wildcard expansion
-v -v displays current write position
SIGINFO, SIGUSR2 display current write position
-x does not cross file system boundaries
overwrite block devices
release-1_2_10
Mac OsX compiles and works again
add DoE wipe mode
fix deletion of named pipes/fifos
Debian fixes
Win32 fixes
release-1_2_9
fix deletion of 0 byte files
fix handling of files <4096 bytes
fix handling of files >2GiB on 32bit
OpenBSD compat switch
handle OsX ressource fork
added some code from OsX port
Win32 version
DEPRECATIONS/CHANGES:
- Convergent Encryption v2: New keys in transit using convergent mode will
use a new nonce derivation mechanism rather than require the user to
supply a nonce. While not explicitly increasing security, it minimizes the
likelihood that a user will use the mode improperly and impact the security
of their keys. Keys in convergent mode that were created in v0.6.1 will
continue to work with the same mechanism (user-supplied nonce).
- etcd HA off by default: Following in the footsteps of dynamodb, the etcd
storage backend now requires that ha_enabled be explicitly specified in
the configuration file. The backend currently has known broken HA behavior,
so this flag discourages use by default without explicitly enabling it. If
you are using this functionality, when upgrading, you should set ha_enabled
to "true" before starting the new versions of Vault.
- Default/Max lease/token TTLs are now 32 days: In previous versions of
Vault the default was 30 days, but moving it to 32 days allows some
operations (e.g. reauthenticating, renewing, etc.) to be performed via a
monthly cron job.
- AppRole Secret ID endpoints changed: Secret ID and Secret ID accessors are
no longer part of request URLs. The GET and DELETE operations are now
moved to new endpoints (/lookup and /destroy) which consumes the input from
the body and not the URL.
- AppRole requires at least one constraint: previously it was sufficient to
turn off all AppRole authentication constraints (secret ID, CIDR block)
and use the role ID only. It is now required that at least one additional
constraint is enabled. Existing roles are unaffected, but any new roles or
updated roles will require this.
- Reading wrapped responses from cubbyhole/response is deprecated. The
sys/wrapping/unwrap endpoint should be used instead as it provides
additional security, auditing, and other benefits. The ability to read
directly will be removed in a future release.
- Request Forwarding is now on by default: in 0.6.1 this required toggling
on, but is now enabled by default. This can be disabled via the
"disable_clustering" parameter in Vault's config, or per-request with the
X-Vault-No-Request-Forwarding header.
- In prior versions a bug caused the bound_iam_role_arn value in the aws-ec2
authentication backend to actually use the instance profile ARN. This has
been corrected, but as a result there is a behavior change. To match using
the instance profile ARN, a new parameter bound_iam_instance_profile_arn has
been added. Existing roles will automatically transfer the value over to the
correct parameter, but the next time the role is updated, the new meanings
will take effect.
FEATURES:
- Secret ID CIDR Restrictions in AppRole: Secret IDs generated under an
approle can now specify a list of CIDR blocks from where the requests to
generate secret IDs should originate from. If an approle already has CIDR
restrictions specified, the CIDR restrictions on the secret ID should be a
subset of those specified on the role [GH-1910]
- Initial Root Token PGP Encryption: Similar to generate-root, the root
token created at initialization time can now be PGP encrypted [GH-1883]
- Support Chained Intermediate CAs in pki: The pki backend now allows, when
a CA cert is being supplied as a signed root or intermediate, a trust
chain of arbitrary length. The chain is returned as a parameter at
certificate issue/sign time and is retrievable independently as well.
[GH-1694]
- Response Wrapping Enhancements: There are new endpoints to look up
response wrapped token parameters; wrap arbitrary values; rotate wrapping
tokens; and unwrap with enhanced validation. In addition, list operations
can now be response-wrapped. [GH-1927]
- Transit features: The transit backend now supports generating random bytes
and SHA sums; HMACs; and signing and verification functionality using EC
keys (P-256 curve)
IMPROVEMENTS:
- api: Return error when an invalid (as opposed to incorrect) unseal key is
submitted, rather than ignoring it [GH-1782]
- api: Add method to call auth/token/create-orphan endpoint [GH-1834]
- api: Rekey operation now redirects from standbys to master [GH-1862]
- audit/file: Sending a SIGHUP to Vault now causes Vault to close and
re-open the log file, making it easier to rotate audit logs [GH-1953]
- auth/aws-ec2: EC2 instances can get authenticated by presenting the
identity document and its SHA256 RSA digest [GH-1961]
- auth/aws-ec2: IAM bound parameters on the aws-ec2 backend will perform a
prefix match instead of exact match [GH-1943]
- auth/aws-ec2: Added a new constraint bound_iam_instance_profile_arn to
refer to IAM instance profile ARN and fixed the earlier bound_iam_role_arn
to refer to IAM role ARN instead of the instance profile ARN [GH-1913]
- auth/aws-ec2: Backend generates the nonce by default and clients can
explicitly disable reauthentication by setting empty nonce [GH-1889]
- auth/token: Added warnings if tokens and accessors are used in URLs
[GH-1806]
- command/format: The format flag on select CLI commands takes yml as an
alias for yaml [GH-1899]
- core: Allow the size of the read cache to be set via the config file, and
change the default value to 1MB (from 32KB) [GH-1784]
- core: Allow single and two-character path parameters for most places
[GH-1811]
- core: Allow list operations to be response-wrapped [GH-1814]
- core: Provide better protection against timing attacks in Shamir code
[GH-1877]
- core: Unmounting/disabling backends no longer returns an error if the
mount didn't exist. This is line with elsewhere in Vault's API where
DELETE is an idempotent operation. [GH-1903]
- credential/approle: At least one constraint is required to be enabled
while creating and updating a role [GH-1882]
- secret/cassandra: Added consistency level for use with roles [GH-1931]
- secret/mysql: SQL for revoking user can be configured on the role
[GH-1914]
- secret/transit: Use HKDF (RFC 5869) as the key derivation function for new
keys [GH-1812]
- secret/transit: Empty plaintext values are now allowed [GH-1874]
BUG FIXES:
- audit: Fix panic being caused by some values logging as underlying Go
types instead of formatted strings [GH-1912]
- auth/approle: Fixed panic on deleting approle that doesn't exist [GH-1920]
- auth/approle: Not letting secret IDs and secret ID accessors to get logged
in plaintext in audit logs [GH-1947]
- auth/aws-ec2: Allow authentication if the underlying host is in a bad
state but the instance is running [GH-1884]
- auth/token: Fixed metadata getting missed out from token lookup response
by gracefully handling token entry upgrade [GH-1924]
- cli: Don't error on newline in token file [GH-1774]
- core: Pass back content-type header for forwarded requests [GH-1791]
- core: Fix panic if the same key was given twice to generate-root [GH-1827]
- core: Fix potential deadlock on unmount/remount [GH-1793]
- physical/file: Remove empty directories from the file storage backend
[GH-1821]
- physical/zookeeper: Remove empty directories from the zookeeper storage
backend and add a fix to the file storage backend's logic [GH-1964]
- secret/aws: Added update operation to aws/sts path to consider ttl
parameter [39b75c6]
- secret/aws: Mark STS secrets as non-renewable [GH-1804]
- secret/cassandra: Properly store session for re-use [GH-1802]
- secret/ssh: Fix panic when revoking SSH dynamic keys [GH-1781]
v0.7.0 (22 September 2016)
++++++++++++++++++++++++++
- Allowed ``OAuth2Session.request`` to take the ``client_id`` and
``client_secret`` parameters for the purposes of automatic token refresh,
which may need them.
v0.6.2 (12 July 2016)
+++++++++++++++++++++
- Use ``client_id`` and ``client_secret`` for the Authorization header if
provided.
- Allow explicit bypass of the Authorization header by setting ``auth=False``.
- Pass through the ``proxies`` kwarg when refreshing tokens.
- Miscellaneous cleanups.
v0.6.1 (19 February 2016)
+++++++++++++++++++++++++
- Fixed a bug when sending authorization in headers with no username and
password present.
- Make sure we clear the session token before obtaining a new one.
- Some improvements to the Slack compliance fix.
- Avoid timing problems around token refresh.
- Allow passing arbitrary arguments to requests when calling
``fetch_request_token`` and ``fetch_access_token``.
v0.6.0 (14 December 2015)
+++++++++++++++++++++++++
- Add compliance fix for Slack.
- Add compliance fix for Mailchimp.
- ``TokenRequestDenied`` exceptions now carry the entire response, not just the
status code.
- Pass through keyword arguments when refreshing tokens automatically.
- Send authorization in headers, not just body, to maximize compatibility.
- More getters/setters available for OAuth2 session client values.
- Allow sending custom headers when refreshing tokens, and set some defaults.
## v4.0.0
New features:
* New Django samples. (#636)
* Add support for RFC7636 PKCE. (#588)
* Release as a universal wheel. (#665)
Bug fixes:
* Fix django authorization redirect by correctly checking validity of credentials. (#651)
* Correct query loss when using parse_qsl to dict. (#622)
* Switch django models from pickle to jsonpickle. (#614)
* Support new MIDDLEWARE Django 1.10 aetting. (#623)
* Remove usage of os.environ.setdefault. (#621)
* Handle missing storage files correctly. (#576)
* Try to revoke token with POST when getting a 405. (#662)
Internal changes:
* Use transport module for GCE environment check. (#612)
* Remove __author__ lines and add contributors.md. (#627)
* Clean up imports. (#625)
* Use transport.request in tests. (#607)
* Drop unittest2 dependency (#610)
* Remove backslash line continuations. (#608)
* Use transport helpers in system tests. (#606)
* Clean up usage of HTTP mocks in tests. (#605)
* Remove all uses of MagicMock. (#598)
* Migrate test runner to pytest. (#569)
* Merge util.py and _helpers.py. (#579)
* Remove httplib2 imports from non-transport modules. (#577)
Breaking changes:
* Drop Python 3.3 support. (#603)
* Drop Python 2.6 support. (#590)
* Remove multistore_file. (#589)
## v3.0.0
* Populate `token_expiry` for GCE credentials. (#473)
* Move GCE metadata interface to a separate module. (#520)
* Populate `scopes` for GCE credentials. (#524)
* Fix Python 3.5 compatibility. (#531)
* Add `oauth2client.contrib.sqlalchemy`, a SQLAlchemy-based credential store. (#527)
* Improve error when an invalid client secret is provided. (#530)
* Add `oauth2client.contrib.multiprocess_storage`. This supersedes the functionality in `oauth2client.contrib.multistore_file`. (#504)
* Pull httplib2 usage into a separate transport module. (#559, #561)
* Refactor all django-related code into `oauth2client.contrib.django_util`. Add `DjangoORMStorage`, remove `FlowField`. (#546)
* Fix application default credentials resolution order. (#570)
* Add configurable timeout for GCE metadata server check. (#571)
* Add warnings when using deprecated `approval_prompt='force'`. (#572)
* Add deprecation warning to `oauth2client.contrib.multistore_file`. (#574)
* (Hygiene) PEP8 compliance and various style fixes (#537, #540, #552, #562)
* (Hygiene) Remove duplicated exception classes in `oauth2client.contrib.appengine`. (#533)
NOTE: The next major release of oauth2client (v4.0.0) will remove the `oauth2client.contrib.multistore_file` module.
## v2.2.0
* Added support to override `token_uri` and `revoke_uri` in `oauth2client.service_account.ServiceAccountCredentials`. (#510)
* `oauth2client.contrib.multistore_file` now handles `OSError` in addition to `IOError` because Windows may raise `OSError` where other platforms will raise `IOError`.
* `oauth2client.contrib.django_util` and `oauth2client.contrib.django_orm` have been updated to support Django 1.8 - 1.10. Versions of Django below 1.8 will not work with these modules.
## v2.1.0
* Add basic support for JWT access credentials. (#503)
* Fix `oauth2client.client.DeviceFlowInfo` to use UTC instead of the system timezone when calculating code expiration.
## v2.0.2
* Fix issue where `flask_util.UserOAuth2.required` would accept expired credentials (#452).
* Fix issue where `flask_util` would fill the session with `Flow` objects (#498).
* Fix issue with Python 3 binary strings in `Flow.step2_exchange` (#446).
* Improve test coverage to 100%.
## v2.0.1
* Making scopes optional on Google Compute Engine `AppAssertionCredentials`
and adding a warning that GCE won't honor scopes (#419)
* Adding common `sign_blob()` to service account types and a
`service_account_email` property. (#421)
* Improving error message in P12 factory
`ServiceAccountCredentials.from_p12_keyfile` when pyOpenSSL is
missing. (#424)
* Allowing default flags in `oauth2client.tools.run_flow()`
rather than forcing users to create a dummy argparser (#426)
* Removing `oauth2client.util.dict_to_tuple_key()` from public
interface (#429)
* Adding `oauth2client.contrib._appengine_ndb` helper module
for `oauth2client.contrib.appengine` and moving most code that
uses the `ndb` library into the helper (#434)
* Fix error in `django_util` sample code (#438)
## v2.0.0-post1
* Fix Google Compute Engine breakage (#411, breakage introduced in #387) that
made it impossible to obtain access tokens
* Implement `ServiceAccountCredentials.from_p12_keyfile_buffer()`
to allow passing a file-like object in addition to the factory
constructor that uses a filename directly (#413)
* Implement `ServiceAccountCredentials.create_delegated()`
to allow upgrading a credential to one that acts on behalf
of a given subject (#420)
## [1.11.3][] (2016-09-16)
* Fix known_hosts caching to match on the entire hostlist
[PR #364](https://github.com/capistrano/sshkit/pull/364) @byroot
## [1.11.2][] (2016-07-29)
### Bug fixes
* Fixed a crash occurring when `Host@keys` was set to a non-Enumerable.
@xavierholt [PR #360](https://github.com/capistrano/sshkit/pull/360)
## [1.11.1][] (2016-06-17)
### Bug fixes
* Fixed a regression in 1.11.0 that would cause
`ArgumentError: invalid option(s): known_hosts` in some older versions of
net-ssh. @byroot [#357](https://github.com/capistrano/sshkit/issues/357)
## [1.11.0][] (2016-06-14)
### Bug fixes
* Fixed colorized output alignment in Logger::Pretty. @xavierholt
[PR #349](https://github.com/capistrano/sshkit/pull/349)
* Fixed a bug that prevented nested `with` calls
[#43](https://github.com/capistrano/sshkit/issues/43)
### Other changes
* Known hosts lookup optimization is now enabled by default. @byroot
## 1.10.0 (2016-04-22)
* You can now opt-in to caching of SSH's known_hosts file for a speed boost
when deploying to a large fleet of servers. Refer to the
[README](https://github.com/capistrano/sshkit/tree/v1.10.0#known-hosts-caching) for
details. We plan to turn this on by default in a future version of SSHKit.
[PR #330](https://github.com/capistrano/sshkit/pull/330) @byroot
* SSHKit now explicitly closes its pooled SSH connections when Ruby exits;
this fixes `zlib(finalizer): the stream was freed prematurely` warnings
[PR #343](https://github.com/capistrano/sshkit/pull/343) @mattbrictson
* Allow command map entries (`SSHKit::CommandMap#[]`) to be Procs
[PR #310](https://github.com/capistrano/sshkit/pull/310)
@mikz
## 1.9.0
**Refer to the 1.9.0.rc1 release notes for a full list of new features, fixes,
and potentially breaking changes since SSHKit 1.8.1.** There are no changes
since 1.9.0.rc1.
## 1.9.0.rc1
### Potentially breaking changes
* The SSHKit DSL is no longer automatically included when you `require` it.
**This means you must now explicitly `include SSHKit::DSL`.**
See [PR #219](https://github.com/capistrano/sshkit/pull/219) for details.
@beatrichartz
* `SSHKit::Backend::Printer#test` now always returns true
[PR #312](https://github.com/capistrano/sshkit/pull/312) @mikz
### New features
* `SSHKit::Formatter::Abstract` now accepts an optional Hash of options
[PR #308](https://github.com/capistrano/sshkit/pull/308) @mattbrictson
* Add `SSHKit::Backend.current` so that Capistrano plugin authors can refactor
helper methods and still have easy access to the currently-executing Backend
without having to use global variables.
* Add `SSHKit.config.default_runner` options that allows to override default command runner.
This option also accepts a name of the custom runner class.
* The ConnectionPool has been rewritten in this release to be more efficient
and have a cleaner internal API. You can still completely disable the pool
by setting `SSHKit::Backend::Netssh.pool.idle_timeout = 0`.
@mattbrictson @byroot [PR #328](https://github.com/capistrano/sshkit/pull/328)
### Bug fixes
* make sure working directory for commands is properly cleared after `within` blocks
[PR #307](https://github.com/capistrano/sshkit/pull/307)
@steved
* display more accurate string for commands with spaces being output in `Formatter::Pretty`
[PR #304](https://github.com/capistrano/sshkit/pull/304)
@steved
[PR #319](https://github.com/capistrano/sshkit/pull/319) @mattbrictson
* Fix a race condition experienced in JRuby that could cause multi-server
deploys to fail. [PR #322](https://github.com/capistrano/sshkit/pull/322)
@mattbrictson
A replacement log formatter for SSHKit that makes Capistrano output much
easier on the eyes. Just add Airbrussh to your Capfile and enjoy concise,
useful log output that is easy to read.
No changelog available, issues closed since 0.8.1:
certbot 0.9.1
- Make --quiet reduce the logging level
certbot 0.9.0
- Allow tests to pass without dnspython
- Remove psutil dep
- Renew symlink safety
- Update Nginx redirect enhancement process to modify appropriate
blocks
- If lineages are in an inconsistent (non-deployed) state, deploy
them
- Restructure how Nginx parser re-finds vhosts, and disable
creating new server blocks.
- Remove pointless question
- Tie Nginx OCSP stapling to enhancements system
- Nginx server block selection: Handle non-80/443 ports
- Include log retention count to 1000.
- Make parser.py: add_server_directives documentation consistent
with functionality
- Fix Nginx prompt
- Make Nginx error out if no matching server block is found
- Only suggest names LE will accept
- Implement Nginx server block selection
- should_autorenew ignores symlinks
- Fixes cffi errors in Travis during oldest tests
- DNS challenge support in the manual plugin and general purpose
--preferred-challenges flag
- Fixed hash_bucket_size detection for nginx
- Support both invalidEmail and invalidContact errors
- Removes duplication between README.rst and resources.rst
- Psutil tests
- Allow tests to run when psutil isn't available
- Tests fail on Certbot package due to missing psutil dependency
- Hide the Nginx plugin
- Add the Nginx plugin to certbot-auto
- OCSP stapling in Nginx
- Nginx plugin selection
- Add certbot-nginx to certbot-auto
- Missing links in README
- clarify invalid email error in non-interactive
- Replace '-' with '_' before filtering plugin settings
- Fix extra or lack of spacing between words in help for renew
flags
- Fix Travis tests
- Avoid importing conflicting security policy directives
- Change log rotation scheme
- Plugins with hyphens do not receive their args during renewal
- Handle dns01 challenge into the manual plugin [see #3466]
- Enable unit tests of certbot core on Python 3
- Add os-release ID_LIKE parsing if original distribution mapping
not found in constants
- Fix README typo
- Nginx plugin domain selection
- Fix spacing of nginx redirect blocks
- Rationalise challenge and port selection flags
- Remove psutil from requirements.txt
- prevent Github commits from modifying certbot-auto and
letsencrypt-auto
- Gradually remove psutil dependency, bugfix [URGENT]
- psutil fails to install because hash is missing when running
certbot-auto
- Failure to start Nginx after configuring redirect
- Prepare docs to turn off the wiki
- Certbot apache plugin fails with TypeError: 'NoneType' object
has no attribute '__getitem__'
- Change fatal warning to a fatal message
- Fatal warnings
- Apache default default
- Deprecation fixes
- New docs structure and introduction
- Nginx charset_map and ${VARIABLE_SUBSTITUTION} parsing
- Unclear error about invalid email in non-interactive mode
- Use simple socket test for port availability if psutil not found
- Python 3 support for certonly
- Set dialog widgets to use autowidgetsize
- Errors when run without root
- Apache plugin PATH fallback
- Automatically enable EPEL after prompting users
- Multi-topic help listings
- Installer error
- Explain why Apache [appears] not to be installed
- ErrorHandler causing errors
- Update FreeBSD package name
- Comment out corresponding RewriteConds for filtered RewriteRule
- Permissive parsing of nginx map blocks
- add nginx round-trip tests to tox/travis
- Fix Unix signal handling in certbot.error_handler.ErrorHandler
- Resuming error handling functions after a signal
- Only write nginx config files if they've been modified
- If the user picks "cancel" from the Apache vhost selection menu,
Certbot doesn't exit
- certbot removes http->https rules corrupts ruleset
- Fix typo
- Better document plugins and reversion
- Nginx parser apparently can't parse "map"
- Nginx plugin shouldn't write files it hasn't changed
- Fix Nginx reversion
- Merge Augeas fix for comment line continuations
- Remove warning about nginx options file
- Explain the most likely cause of a missing replay nonce error
- Bump pyca package versions
- Don't add wildcard listen if user has more specific
configuration
- Remove unused nosexcover dependency
- Cleanup dev setup
- Nginx space preservation
- Set dialog widgets to use autowidgetsize
- Printing pip output to terminal when -v is used
- Log new cert and cert renewal
- Log whether renewing or obtaining a new certificate
- Added the argument --quiet and -q so then when used with a
regular user there is no output to the screen.
- certbot-auto not quiet when used with regular user
- Adding sensible UI logging for typical user
- Replace psutils dependency
- Display DialogError details correctly
- -v implies --text
- Fix FQDN checks, closes#3057 and #3056
- Bug in FQDN detection: installer wrongly interprets _
- Installer thinks bare TLD is not a valid FQDN
- Limiting tox envlist to really needed tests
- trouble with Listen directives in CentOS 7 / ssl.conf
- Remove dangling footnote
- certbot-apache fails to parse files with comma in the filename
- pip and verbosity
- Dialog error messages
- NcursesDisplay.menu: treat ESC as cancel
- More useful error when running as non-root?
- -v should imply --text
- Update tox/instructions
- Error that results when run without root is unclear
- Enable EPEL in RPM bootstrapper
- Add dns-01 challenge support to the ACME client
- Apache plugin fails to parse OWASP's ModSecurity ruleset
- Audit nginx plugin for guaranteed config reversion in case of
error
- NoInstallationError() from Apache plugin within renewal cron
jobs due to /usr/sbin not being in the PATH
- nginx http redirect
- "No installers" error message not clear
- HelpfulArgumentParser should know about flags that are relevant
to several topics
- Nginx configurator should preserve whitespace on output
- server blocks added to nginx.conf
- Nginx fails if ssl_session_cache already defined
- nginx leaves dirty/modified config files
- Sensible UI logging for typical user
- nginx plugin issue with server block containing multiple
servernames
Changelog:
This release fixes following bugs:
* Fix Bug #21121: Searching for keys with pattern containing non-ascii
characters.
* Fix Bug #21119: Parsing of user identifier without name.
* Added POSIX method to isRunning() consistent with terminate().
Changelog:
Bug
[SANTUARIO-378] - xml-security-c cannot initialise on a Windows system with mandatory user profiles
[SANTUARIO-380] - Avoid use of PATH_MAX where possible
[SANTUARIO-381] - Spelling error in xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.cpp
[SANTUARIO-384] - OpenSSLCryptoKeyEC::signBase64SignatureDSA fails most of time
[SANTUARIO-400] - Buffer overwrite in WinCAPICryptoSymmetricKey::encrypt() (WinCAPICryptoSymmetricKey.cpp)
[SANTUARIO-409] - Win32 unicode build breaks due to wchar_t * passed to GetProcAddress()
[SANTUARIO-426] - xml-security-c-1.7.3 not getting build on AIX with xerces-c-3.1.2
Improvement
[SANTUARIO-386] - Spec file patch to add RHEL7 support
2.5.0 - New APIs, bug fixes and improvements
* libtls now supports ALPN and SNI
* libtls adds a new callback interface for integrating custom IO
functions. Thanks to Tobias Pape.
* libtls now handles 4 cipher suite groups:
"secure" (TLSv1.2+AEAD+PFS)
"compat" (HIGH:!aNULL)
"legacy" (HIGH:MEDIUM:!aNULL)
"insecure" (ALL:!aNULL:!eNULL)
This allows for flexibility and finer grained control, rather than
having two extremes (an issue raised by Marko Kreen some time ago).
* Tightened error handling for tls_config_set_ciphers().
* libtls now always loads CA, key and certificate files at the time the
configuration function is called. This simplifies code and results in
a single memory based code path being used to provide data to libssl.
* Add support for OCSP intermediate certificates.
* Added functions used by stunnel and exim from BoringSSL - this
brings in X509_check_host, X509_check_email, X509_check_ip, and
X509_check_ip_asc.
* Added initial support for iOS, thanks to Jacob Berkman.
* Improved behavior of arc4random on Windows when using memory leak
analysis software.
* Correctly handle an EOF that occurs prior to the TLS handshake
completing. Reported by Vasily Kolobkov, based on a diff from Marko
Kreen.
* Limit the support of the "backward compatible" ssl2 handshake to
only be used if TLS 1.0 is enabled.
* Fix incorrect results in certain cases on 64-bit systems when
BN_mod_word() can return incorrect results. BN_mod_word() now can
return an error condition. Thanks to Brian Smith.
* Added constant-time updates to address CVE-2016-0702
* Fixed undefined behavior in BN_GF2m_mod_arr()
* Removed unused Cryptographic Message Support (CMS)
* More conversions of long long idioms to time_t
* Improved compatibility by avoiding printing NULL strings with
printf.
* Reverted change that cleans up the EVP cipher context in
EVP_EncryptFinal() and EVP_DecryptFinal(). Some software relies on the
previous behaviour.
* Avoid unbounded memory growth in libssl, which can be triggered by a
TLS client repeatedly renegotiating and sending OCSP Status Request
TLS extensions.
* Avoid falling back to a weak digest for (EC)DH when using SNI with
libssl.
2.4.2 - Bug fixes and improvements
* Fixed loading default certificate locations with openssl s_client.
* Ensured OSCP only uses and compares GENERALIZEDTIME values as per
RFC6960. Also added fixes for OCSP to work with intermediate
certificates provided in responses.
* Improved behavior of arc4random on Windows to not appear to leak
memory in debug tools, reduced privileges of allocated memory.
* Fixed incorrect results from BN_mod_word() when the modulus is too
large, thanks to Brian Smith from BoringSSL.
* Correctly handle an EOF prior to completing the TLS handshake in
libtls.
* Improved libtls ceritificate loading and cipher string validation.
* Updated libtls cipher group suites into four categories:
"secure" (TLSv1.2+AEAD+PFS)
"compat" (HIGH:!aNULL)
"legacy" (HIGH:MEDIUM:!aNULL)
"insecure" (ALL:!aNULL:!eNULL)
This allows for flexibility and finer grained control, rather than
having two extremes.
* Limited support for 'backward compatible' SSLv2 handshake packets to
when TLS 1.0 is enabled, providing more restricted compatibility
with TLS 1.0 clients.
* openssl(1) and other documentation improvements.
* Removed flags for disabling constant-time operations.
This removes support for DSA_FLAG_NO_EXP_CONSTTIME,
DH_FLAG_NO_EXP_CONSTTIME, and RSA_FLAG_NO_CONSTTIME flags, making
all of these operations unconditionally constant-time.
2.4.1 - Security fix
* Correct a problem that prevents the DSA signing algorithm from
running in constant time even if the flag BN_FLG_CONSTTIME is set.
This issue was reported by Cesar Pereida (Aalto University), Billy
Brumley (Tampere University of Technology), and Yuval Yarom (The
University of Adelaide and NICTA). The fix was developed by Cesar
Pereida.
2.4.0 - Build improvements, new features
* Many improvements to the CMake build infrastructure, including
Solaris, mingw-w64, Cygwin, and HP-UX support. Thanks to Kinichiro
Inoguchi for this work.
* Added missing error handling around bn_wexpand() calls.
* Added explicit_bzero calls for freed ASN.1 objects.
* Fixed X509_*set_object functions to return 0 on allocation failure.
* Implemented the IETF ChaCha20-Poly1305 cipher suites.
* Changed default EVP_aead_chacha20_poly1305() implementation to the
IETF version, which is now the default.
* Fixed password prompts from openssl(1) to properly handle ^C.
* Reworked error handling in libtls so that configuration errors are
visible.
* Deprecated internal use of EVP_[Cipher|Encrypt|Decrypt]_Final.
* Manpage fixes and updates
NEWS for the Nettle 3.3 release
This release fixes a couple of bugs, and improves resistance
to side-channel attacks on RSA and DSA private key operations.
Changes in behavoir:
* Invalid private RSA keys, with an even modulo, are now
rejected by rsa_private_key_prepare. (Earlier versions
allowed such keys, even if results of using them were bogus).
Nettle applications are required to call
rsa_private_key_prepare and check the return value, before
using any other RSA private key functions; failing to do so
may result in crashes for invalid private keys. As a
workaround for versions of Gnutls which don't use
rsa_private_key_prepare, additional checks for even moduli
are added to the rsa_*_tr functions which are used by all
recent versions of Gnutls.
* Ignore bit 255 of the x coordinate of the input point to
curve25519_mul, as required by RFC 7748. To differentiate at
compile time, curve25519.h defines the constant
NETTLE_CURVE25519_RFC7748.
Security:
* RSA and DSA now use side-channel silent modular
exponentiation, to defend against attacks on the private key
from evil processes sharing the same processor cache. This
attack scenario is of particular relevance when running an
HTTPS server on a virtual machine, where you don't know who
you share the cache hardware with.
(Private key operations on elliptic curves were already
side-channel silent).
Bug fixes:
* Fix sexp-conv crashes on invalid input. Reported by Hanno
Böck.
* Fix out-of-bounds read in des_weak_p. Fixed by Nikos
Mavrogiannopoulos.
* Fix a couple of formally undefined shift operations,
reported by Nikos Mavrogiannopoulos.
* Fix compilation with c89. Reported by Henrik Grubbström.
New features:
* New function memeql_sec, for side-channel silent comparison
of two memory areas.
Miscellaneous:
* Building the public key support of nettle now requires GMP
version 5.0 or later (unless --enable-mini-gmp is used).
* Filenames of windows DLL libraries now include major number
only. So the dll names change at the same time as the
corresponding soname on ELF platforms. Fixed by Nikos
Mavrogiannopoulos.
* Eliminate most pointer-signedness warnings. In the process,
the strings representing expression type for sexp_interator
functions were changed from const uint8_t * to const char *.
These functions are undocumented, and it doesn't change the
ABI on any platform I'm aware of.
The shared library names are libnettle.so.6.3 and
libhogweed.so.4.3, with sonames still libnettle.so.6 and
libhogweed.so.4. It is intended to be fully binary compatible
with nettle-3.1.
idea and mdc2 patents expired, so enable them by default.
rc5 looks like it might be expired as well, but I didn't find
anything relevant on that topic, so I left it alone.
Bump PKGREVISION.
- Add a new tls-protos configuration option for specifying the
permitted TLS/SSL protocols. This new option supersedes settings
ssl and tls which are now deprecated and will be kept for
backwards compatibility.
1.5.1 - 2016-09-22
~~~~~~~~~~~~~~~~~~
* Updated Windows and OS X wheels to be compiled against OpenSSL 1.0.2i.
* Resolved a ``UserWarning`` when used with cffi 1.8.3.
* Fixed a memory leak in name creation with X.509.
* Added a workaround for old versions of setuptools.
* Fixed an issue preventing ``cryptography`` from compiling against
OpenSSL 1.0.2i.
v2.21, 23.09.2016
- no code changes to ECB.pm
- ecb.pl -l now prints module versions
- ignoring Serpent in test suite as it is broken on many platforms
* Avoid unbounded memory growth in libssl, which can be triggered by a
TLS client repeatedly renegotiating and sending OCSP Status Request
TLS extensions.
* Avoid falling back to a weak digest for (EC)DH when using SNI with
libssl.
Changes between 1.0.2i and 1.0.2j [26 Sep 2016]
*) Missing CRL sanity check
A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0
but was omitted from OpenSSL 1.0.2i. As a result any attempt to use
CRLs in OpenSSL 1.0.2i will crash with a null pointer exception.
This issue only affects the OpenSSL 1.0.2i
(CVE-2016-7052)
[Matt Caswell]
Changes between 1.0.2h and 1.0.2i [22 Sep 2016]
*) OCSP Status Request extension unbounded memory growth
A malicious client can send an excessively large OCSP Status Request
extension. If that client continually requests renegotiation, sending a
large OCSP Status Request extension each time, then there will be unbounded
memory growth on the server. This will eventually lead to a Denial Of
Service attack through memory exhaustion. Servers with a default
configuration are vulnerable even if they do not support OCSP. Builds using
the "no-ocsp" build time option are not affected.
This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.)
(CVE-2016-6304)
[Matt Caswell]
*) In order to mitigate the SWEET32 attack, the DES ciphers were moved from
HIGH to MEDIUM.
This issue was reported to OpenSSL Karthikeyan Bhargavan and Gaetan
Leurent (INRIA)
(CVE-2016-2183)
[Rich Salz]
*) OOB write in MDC2_Update()
An overflow can occur in MDC2_Update() either if called directly or
through the EVP_DigestUpdate() function using MDC2. If an attacker
is able to supply very large amounts of input data after a previous
call to EVP_EncryptUpdate() with a partial block then a length check
can overflow resulting in a heap corruption.
The amount of data needed is comparable to SIZE_MAX which is impractical
on most platforms.
This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.)
(CVE-2016-6303)
[Stephen Henson]
*) Malformed SHA512 ticket DoS
If a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a
DoS attack where a malformed ticket will result in an OOB read which will
ultimately crash.
The use of SHA512 in TLS session tickets is comparatively rare as it requires
a custom server callback and ticket lookup mechanism.
This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.)
(CVE-2016-6302)
[Stephen Henson]
*) OOB write in BN_bn2dec()
The function BN_bn2dec() does not check the return value of BN_div_word().
This can cause an OOB write if an application uses this function with an
overly large BIGNUM. This could be a problem if an overly large certificate
or CRL is printed out from an untrusted source. TLS is not affected because
record limits will reject an oversized certificate before it is parsed.
This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.)
(CVE-2016-2182)
[Stephen Henson]
*) OOB read in TS_OBJ_print_bio()
The function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is
the total length the OID text representation would use and not the amount
of data written. This will result in OOB reads when large OIDs are
presented.
This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.)
(CVE-2016-2180)
[Stephen Henson]
*) Pointer arithmetic undefined behaviour
Avoid some undefined pointer arithmetic
A common idiom in the codebase is to check limits in the following manner:
"p + len > limit"
Where "p" points to some malloc'd data of SIZE bytes and
limit == p + SIZE
"len" here could be from some externally supplied data (e.g. from a TLS
message).
The rules of C pointer arithmetic are such that "p + len" is only well
defined where len <= SIZE. Therefore the above idiom is actually
undefined behaviour.
For example this could cause problems if some malloc implementation
provides an address for "p" such that "p + len" actually overflows for
values of len that are too big and therefore p + len < limit.
This issue was reported to OpenSSL by Guido Vranken
(CVE-2016-2177)
[Matt Caswell]
*) Constant time flag not preserved in DSA signing
Operations in the DSA signing algorithm should run in constant time in
order to avoid side channel attacks. A flaw in the OpenSSL DSA
implementation means that a non-constant time codepath is followed for
certain operations. This has been demonstrated through a cache-timing
attack to be sufficient for an attacker to recover the private DSA key.
This issue was reported by César Pereida (Aalto University), Billy Brumley
(Tampere University of Technology), and Yuval Yarom (The University of
Adelaide and NICTA).
(CVE-2016-2178)
[César Pereida]
*) DTLS buffered message DoS
In a DTLS connection where handshake messages are delivered out-of-order
those messages that OpenSSL is not yet ready to process will be buffered
for later use. Under certain circumstances, a flaw in the logic means that
those messages do not get removed from the buffer even though the handshake
has been completed. An attacker could force up to approx. 15 messages to
remain in the buffer when they are no longer required. These messages will
be cleared when the DTLS connection is closed. The default maximum size for
a message is 100k. Therefore the attacker could force an additional 1500k
to be consumed per connection. By opening many simulataneous connections an
attacker could cause a DoS attack through memory exhaustion.
This issue was reported to OpenSSL by Quan Luo.
(CVE-2016-2179)
[Matt Caswell]
*) DTLS replay protection DoS
A flaw in the DTLS replay attack protection mechanism means that records
that arrive for future epochs update the replay protection "window" before
the MAC for the record has been validated. This could be exploited by an
attacker by sending a record for the next epoch (which does not have to
decrypt or have a valid MAC), with a very large sequence number. This means
that all subsequent legitimate packets are dropped causing a denial of
service for a specific DTLS connection.
This issue was reported to OpenSSL by the OCAP audit team.
(CVE-2016-2181)
[Matt Caswell]
*) Certificate message OOB reads
In OpenSSL 1.0.2 and earlier some missing message length checks can result
in OOB reads of up to 2 bytes beyond an allocated buffer. There is a
theoretical DoS risk but this has not been observed in practice on common
platforms.
The messages affected are client certificate, client certificate request
and server certificate. As a result the attack can only be performed
against a client or a server which enables client authentication.
This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.)
(CVE-2016-6306)
[Stephen Henson]
