gpgsplit has been installed by gnupg(1) since 2002. gpgsplit has also
been in tools/ within gnupg-2, but upstream recently moved it from
noinst_PROGRAMS to bin_PROGRAMS without noting this in NEWS.
Because gnugp2 is normal and gnupg remains for special cases, simply
drop gpgsplit from gnupg; we have no intent to save people from
installing gnupg2 -- only to continue to allow them to use the old gpg
binary for special uses.
Fixes a criticial vulnerability: https://dev.gnupg.org/T5050
Noteworthy changes in version 2.2.22
====================================
* gpg: Change the default key algorithm to rsa3072.
* gpg: Add regular expression support for Trust Signatures on all
platforms. [#4843]
* gpg: Fix regression in 2.2.21 with non-default --passphrase-repeat
option. [#4991]
* gpg: Ignore --personal-digest-prefs for ECDSA keys. [#5021]
* gpgsm: Make rsaPSS a de-vs compliant scheme.
* gpgsm: Show also the SHA256 fingerprint in key listings.
* gpgsm: Do not require a default keyring for --gpgconf-list. [#4867]
* gpg-agent: Default to extended key format and record the creation
time of keys. Add new option --disable-extended-key-format.
* gpg-agent: Support the WAYLAND_DISPLAY envvar. [#5016]
* gpg-agent: Allow using --gpgconf-list even if HOME does not
exist. [#4866]
* gpg-agent: Make the Pinentry work even if the envvar TERM is set
to the empty string. [#4137]
* scdaemon: Add a workaround for Gnuk tokens <= 2.15 which wrongly
incremented the error counter when using the "verify" command of
"gpg --edit-key" with only the signature key being present.
* dirmngr: Better handle systems with disabled IPv6. [#4977]
* gpgpslit: Install tool. It was not installed in the past to avoid
conflicts with the version installed by GnuPG 1.4. [#5023]
* gpgtar: Handle Unicode file names on Windows correctly (requires
libgpg-error 1.39). [#4083]
* gpgtar: Make --files-from and --null work as documented. [#5027]
* Build the Windows installer with the new Ntbtls 0.2.0 so that TLS
connections succeed for servers demanding GCM.
Release-info: https://dev.gnupg.org/T5030
Noteworthy changes in version 2.2.23
====================================
* gpg: Fix AEAD preference list overflow. [#5050]
* gpg: Fix a possible segv in the key cleaning code.
* gpgsm: Fix a minor RFC2253 parser bug. [#5037]
* scdaemon: Fix a PIN verify failure on certain OpenPGP card
implementations. Regression in 2.2.22. [#5039]
* po: Fix bug in the Hungarian translation. Updates for the Czech,
Polish, and Ukrainian translations.
Release-info: https://dev.gnupg.org/T5045
= mbed TLS 2.24.0 branch released 2020-09-01
API changes
* In the PSA API, rename the types of elliptic curve and Diffie-Hellman
group families to psa_ecc_family_t and psa_dh_family_t, in line with the
PSA Crypto API specification version 1.0.0.
Rename associated macros as well:
PSA_ECC_CURVE_xxx renamed to PSA_ECC_FAMILY_xxx
PSA_DH_GROUP_xxx renamed to PSA_DH_FAMILY_xxx
PSA_KEY_TYPE_GET_CURVE renamed to to PSA_KEY_TYPE_ECC_GET_FAMILY
PSA_KEY_TYPE_GET_GROUP renamed to PSA_KEY_TYPE_DH_GET_FAMILY
Default behavior changes
* Stop storing persistent information about externally stored keys created
through PSA Crypto with a volatile lifetime. Reported in #3288 and
contributed by Steven Cooreman in #3382.
Features
* The new function mbedtls_ecp_write_key() exports private ECC keys back to
a byte buffer. It is the inverse of the existing mbedtls_ecp_read_key().
* Support building on e2k (Elbrus) architecture: correctly enable
-Wformat-signedness, and fix the code that causes signed-one-bit-field
and sign-compare warnings. Contributed by makise-homura (Igor Molchanov)
<akemi_homura@kurisa.ch>.
Security
* Fix a vulnerability in the verification of X.509 certificates when
matching the expected common name (the cn argument of
mbedtls_x509_crt_verify()) with the actual certificate name: when the
subjecAltName extension is present, the expected name was compared to any
name in that extension regardless of its type. This means that an
attacker could for example impersonate a 4-bytes or 16-byte domain by
getting a certificate for the corresponding IPv4 or IPv6 (this would
require the attacker to control that IP address, though). Similar attacks
using other subjectAltName name types might be possible. Found and
reported by kFYatek in #3498.
* When checking X.509 CRLs, a certificate was only considered as revoked if
its revocationDate was in the past according to the local clock if
available. In particular, on builds without MBEDTLS_HAVE_TIME_DATE,
certificates were never considered as revoked. On builds with
MBEDTLS_HAVE_TIME_DATE, an attacker able to control the local clock (for
example, an untrusted OS attacking a secure enclave) could prevent
revocation of certificates via CRLs. Fixed by no longer checking the
revocationDate field, in accordance with RFC 5280. Reported by
yuemonangong in #3340. Reported independently and fixed by
Raoul Strackx and Jethro Beekman in #3433.
* In (D)TLS record decryption, when using a CBC ciphersuites without the
Encrypt-then-Mac extension, use constant code flow memory access patterns
to extract and check the MAC. This is an improvement to the existing
countermeasure against Lucky 13 attacks. The previous countermeasure was
effective against network-based attackers, but less so against local
attackers. The new countermeasure defends against local attackers, even
if they have access to fine-grained measurements. In particular, this
fixes a local Lucky 13 cache attack found and reported by Tuba Yavuz,
Farhaan Fowze, Ken (Yihan) Bai, Grant Hernandez, and Kevin Butler
(University of Florida) and Dave Tian (Purdue University).
* Fix side channel in RSA private key operations and static (finite-field)
Diffie-Hellman. An adversary with precise enough timing and memory access
information (typically an untrusted operating system attacking a secure
enclave) could bypass an existing counter-measure (base blinding) and
potentially fully recover the private key.
* Fix a 1-byte buffer overread in mbedtls_x509_crl_parse_der().
Credit to OSS-Fuzz for detecting the problem and to Philippe Antoine
for pinpointing the problematic code.
* Zeroising of plaintext buffers in mbedtls_ssl_read() to erase unused
application data from memory. Reported in #689 by
Johan Uppman Bruce of Sectra.
Bugfix
* Library files installed after a CMake build no longer have execute
permission.
* Use local labels in mbedtls_padlock_has_support() to fix an invalid symbol
redefinition if the function is inlined.
Reported in #3451 and fix contributed in #3452 by okhowang.
* Fix the endianness of Curve25519 keys imported/exported through the PSA
APIs. psa_import_key and psa_export_key will now correctly expect/output
Montgomery keys in little-endian as defined by RFC7748. Contributed by
Steven Cooreman in #3425.
* Fix build errors when the only enabled elliptic curves are Montgomery
curves. Raised by signpainter in #941 and by Taiki-San in #1412. This
also fixes missing declarations reported by Steven Cooreman in #1147.
* Fix self-test failure when the only enabled short Weierstrass elliptic
curve is secp192k1. Fixes#2017.
* PSA key import will now correctly import a Curve25519/Curve448 public key
instead of erroring out. Contributed by Steven Cooreman in #3492.
* Use arc4random_buf on NetBSD instead of rand implementation with cyclical
lower bits. Fix contributed in #3540.
* Fix a memory leak in mbedtls_md_setup() when using HMAC under low memory
conditions. Reported and fix suggested by Guido Vranken in #3486.
* Fix bug in redirection of unit test outputs on platforms where stdout is
defined as a macro. First reported in #2311 and fix contributed in #3528.
Changes
* Only pass -Wformat-signedness to versions of GCC that support it. Reported
in #3478 and fix contributed in #3479 by okhowang.
* Reduce the stack consumption of mbedtls_x509write_csr_der() which
previously could lead to stack overflow on constrained devices.
Contributed by Doru Gucea and Simon Leet in #3464.
* Undefine the ASSERT macro before defining it locally, in case it is defined
in a platform header. Contributed by Abdelatif Guettouche in #3557.
* Update copyright notices to use Linux Foundation guidance. As a result,
the copyright of contributors other than Arm is now acknowledged, and the
years of publishing are no longer tracked in the source files. This also
eliminates the need for the lines declaring the files to be part of
MbedTLS. Fixes#3457.
* Add the command line parameter key_pwd to the ssl_client2 and ssl_server2
example applications which allows to provide a password for the key file
specified through the existing key_file argument. This allows the use of
these applications with password-protected key files. Analogously but for
ssl_server2 only, add the command line parameter key_pwd2 which allows to
set a password for the key file provided through the existing key_file2
argument.
No changelog provided by upstream, main changes since 1.4.7 based on commit
messages: add support for generic phpass (Wordpress, Drupal, PHPBB3), bug fixes.
* pkgsrc change: switch dependency from net/bind914 to net/bind916.
zkt 1.1.4 -- 9. May 2016
* misc Hint to mailinglist removed from README file
* bug pathname wasn't initialized in any case (dist_and_reload() in nscomm.c
Thanks Jeremy C. Reed
* bug move $(LIBS) at the end of the ggc link line in Makefile.in
* misc Exitcode of external command is now visible in log messages
stderr of each external command is redirected to stdin
* bug Fixed some potential memory leaks in ncparse.c dki.c zfparse.c
and zkt-soaserial.c (mostly a missing fclose() on error conditions).
Thanks to Jeremy C. Reed
* misc README file changed to Markdown syntax
* bug running zkt-keyman -3 didn't change anything on the key database
so a zkt-signer run afterwards didn't see anything to do.
Now the timestamp of the dnskey.db will be reset to a value less
than the timestamp of the (new) key signing key.
Thanks to Sven Strickroth for finding this.
* func New binary zkt-delegate added
Because it depends on the ldns library, it is located in
a separate directory and use a different Makefile
* func New Compile time option "--enable-ds-tracking" added.
Now dig is used on KSK rollover to check if the DS record
is announced in the parent zone.
Thanks to Sven Strickroth providing the patch.
zkt 1.1.3 -- 21. Nov 2014
* func New Config Parameter DependFiles added.
Contains a (comma separated) list of files which are
included into the ZoneFile. The timestamps of this files
are checked additional to the timestamp of the ZoneFile.
Based on a suggestion from Sven Strickroth
* misc Makefile changed to build tar file out of git repository
* misc Minimum supported BIND version is now 9.8
* bug Fixed bug in BIND version parsing (9.10.1 was parsed as 910
which is similar to 9.1.0)
Version 9.10.1 is parsed now as 091001
* misc Remove flag to request large exponent when creating keys
(BIND always creates keys with large exponents since BIND 9.5.0)
* misc Project moved to github
Thanks to Jakob Schlyter for doing the initial stuff
Major changes in 4.1
--------------------
Version 4.0 was the last version to support Python 2 and 3.4. Version 4.1 is compatible with Python 3.5+ only.
(newer changes not found)
Python-RSA is a pure-Python RSA implementation. It supports encryption
and decryption, signing and verifying signatures, and key generation
according to PKCS#1 version 1.5. It can be used as a Python library
as well as on the commandline.
This package contains the last version supported by Python 2.x.
I was confused about which SUBST was not ok, and had removed two, when
only one was troubled.
This is probably still not quite right, but zoneminder needs an update
of multiple major versions anyway.
Thanks to rillig@ for review and hints.
This is a collection of simple PIN or passphrase entry dialogs which
utilize the Assuan protocol as described by the aegypten project.
It provides programs for several graphical toolkits, such as FLTK,
GTK+ and QT, as well as for the console, using curses.
This package contains the GNOME 3 frontend.
v 11.0.41rc2
============================================================
x More precise event suppression mechanism
x Fixed regression: events suppressed on file:// pages
unless scripts are allowed
x Updated TLDs
v 11.0.41rc2
============================================================
x More precise event suppression mechanism
v 11.0.41rc1
============================================================
x Fixed regression: events suppressed on file:// pages
unless scripts are allowed
x Updated TLDs
v 11.0.40
============================================================
x Avoid synchronous policy fetching whenever possible
(fixes multiple issues)
v 11.0.40rc2
============================================================
x Avoid synchronous policy fetching whenever possible
v 11.0.40rc1
============================================================
x Handle edge case in file:// pages: policy change and
reload before DOMContentLoaded
v 11.0.39
============================================================
x Fix reload loops on broken file: HTML documents (thanks
bernie for report)
x [XSS] Updated HTML event attributes
x Local policy fallback for file: and ftp: URLs using
window.name rather than sessionStorage
x [L10n] Updated bn, br, ca, da, de, el, es, fr, he, is, it,
ja, lt, mk, ms, nb, nl, pl, pt_BR, ru, sq, sv_SE, tr,
zh_CN, zh_TW
x Added "Revoke temporary permissions on NoScript updates,
even if the browser is not restarted" advanced option
x Let temporary permissions survive NoScript updates
(shameless hack)
x Fixed some traps around Messages abstraction
x Ignore search / hash on policy matching of domain-less
URLs (e.g. file:///...)
x Updated TLDs
x Fixed automatic scrolling hampers usability on long sites
lists in popup
x Better timing for event attributes removal/restore
x Work-arounds for edge cases in synchronous page loads
bypassing webRequest (thanks skriptimaahinen)
v 11.0.39rc8
============================================================
x Several hacks to make non-distruptive updates compatible
with Chromium
x Tighten localPolicy persistence mechanism during reloads
v 11.0.39rc7
============================================================
x Temporary settings survival more resilient and compatible
with Fenix
x [L10n] Updated es
v 11.0.39rc6
============================================================
x Fix reload loops on broken file: HTML documents (thanks
bernie for report)
x [XSS] Updated HTML event attributes
v 11.0.39rc5
============================================================
x Local policy fallback for file: and ftp: URLs using
window.name rather than sessionStorage
x [L10n] Updated bn, br, ca, da, de, el, es, fr, he, is, it,
ja, lt, mk, ms, nb, nl, pl, pt_BR, ru, sq, sv_SE, tr,
zh_CN, zh_TW
x Renamed option to "Revoke temporary permissions on
NoScript updates, even if the browser is not restarted"
v 11.0.39rc4
============================================================
x Added option to forget temporary settings immediately
whenever NoScript gets updated
x Fixed regression: file:/// URLs reloaded whenever NoScript
gets reinstalled / enabled / reloaded
x More resilient and easy to debug survival data retrieving
v 11.0.39rc3
============================================================
x Fixed regression causing manual NoScript downgrades to be
delayed until manual restart
v 11.0.39rc2
============================================================
x Let temporary permissions survive NoScript updates
(shameless hack)
x Fixed some traps around Messages abstraction
x Ignore search / hash on policy matching of domain-less
URLs (e.g. file:///...)
x Removed useless CSS property
x Updated TLDs
v 11.0.39rc1
============================================================
x Updated TLDs
x Fixed automatic scrolling hampers usability on long sites
lists in popup
x Fixed typo in vendor-prefixed CSS
v 11.0.38rc2
============================================================
x Better timing for event attributes removal/restore
v 11.0.38rc1
============================================================
x Work-arounds for edge cases in synchronous page loads
bypassing webRequest (thanks skriptimaahinen)
x [L10n] Updated bn
v 11.0.38
============================================================
x Better timing for event attributes removal/restore
x Work-arounds for edge cases in synchronous page loads
bypassing webRequest (thanks skriptimaahinen)
x [L10n] Updated bn
v 11.0.38rc2
============================================================
x Better timing for event attributes removal/restore
v 11.0.38rc1
============================================================
x Work-arounds for edge cases in synchronous page loads
bypassing webRequest (thanks skriptimaahinen)
x [L10n] Updated bn
v 11.0.37
============================================================
x Simpler and more reliable sendSyncMessage implementation
and usage
x sendSyncMessage support for multiple suspension requests
(should fix extension script injection issues)
x Updated TLDs
v 11.0.37rc3
============================================================
x Simpler and more reliable sendSyncMessage implementation
and usage
x Updated TLDs
v 11.0.37rc2
============================================================
x SyncMessage suspending on DOM modification as well
x Updated TLDs
v 11.0.37rc1
============================================================
x Updated TLDs
x sendSyncMessage support for multiple suspension requests
(should fix extension script injection issues)
v 11.0.36
============================================================
x Fixed regression: temporary permissions revocation not
working anymore on privileged pages
x SendSyncMessage script execution safety net more
compatible with other extensions (e.g. BlockTube)
v 11.0.35
============================================================
x Avoid unnecessary reloads on temporary permissions
revocation
x [UI] Removed accidental cyan background for site labels
x [L10n] Updated es
x Work-around for conflict with extensions inserting
elements into content pages' DOM early
x [XSS] Updated HTML events
x Updated TLDs
x Fixed buggy policy references in the Options dialog
x More accurate NOSCRIPT element emulation
x Anticipate onScriptDisabled surrogates to first script-src
'none' CSP violation
x isTrusted checks for all the content events
x Improved look in mobile portrait mode
x Let SyncMessage prevent undesired script execution
scheduled during suspension
v 11.0.35rc4
============================================================
x Avoid unnecessary reloads on temporary permissions
revocation
x Fixed potentially infinite loop in SyncMessage Firefox
implementation
x [UI] Removed accidental cyan background for site labels
x [L10n] Updated es
v 11.0.35rc3
============================================================
x Work-around for conflict with extensions inserting
elements into content pages' DOM early
x [XSS] Updated HTML events
v 11.0.35rc2
============================================================
x Updated TLDs
x Fixed buggy policy references in the Options dialog
x More accurate NOSCRIPT element emulation
x Anticipate onScriptDisabled surrogates to first script-src
'none' CSP violation
x isTrusted checks for all the content events
x Improved look in mobile portrait mode
v 11.0.35rc1
============================================================
x Let SyncMessage prevent undesired script execution
scheduled during suspension
Certbot 1.7.0
Added
Third-party plugins can be used without prefix (plugin_name instead of dist_name:plugin_name):
this concerns the plugin name, CLI flags, and keys in credential files.
The prefixed form is still supported but is deprecated, and will be removed in a future release.
Added --nginx-sleep-seconds (default 1) for environments where nginx takes a long time to reload.
Changed
The Linode DNS plugin now waits 120 seconds for DNS propagation, instead of 1200,
due to https://www.linode.com/blog/linode/linode-turns-17/
We deprecated support for Python 3.5 in Certbot and its ACME library.
Support for Python 3.5 will be removed in the next major release of Certbot.
More details about these changes can be found on our GitHub repo.
This is the last version that supports autoconf, and this update is
only because it's a reasonable benefit/cost tradeoff as an
intermediaate step. Tested on netbsd-9/earmv7hf-el.
Upstream chanages:
many bug fixes and improvements
zoneminder API
Multiserver
limted ONVIF support
See more at
https://github.com/ZoneMinder/zoneminder/releases/tag/v1.29.0-rc2 and
before and after.
Note that when updating, one must run zmupdate to modify the db schema.
give "gpg: can't connect to the agent: File name too long". Make this
less annoying by not running tests before 'make test' (and fixing that
pkgsrc target).
As of 1.24, MATE requires GNU-specific msgfmt features. meta-pkgs/mate/
Makefile.common r. 1.10 expressed this tool dependency using
USE_BUILTIN.gettext=no, but this exposed pkgsrc gettext-libs in the
build environment as well, which some MATE packages then linked
against, but gettext-libs didn't end up being declared as a run-time
dependency, so binary package installations were broken (with the
workaround of manually installing the undeclared gettext-libs
dependency). Express this dependency differently, so GNU msgfmt is
used as a tool without exposing pkgsrc gettext-libs.
(The pkgsrc tooling infrastruture could be altered to provide a
distinct "gmsgfmt" tool, same with "gxgettext", and perhaps others.
Here I'm just immediately concerned with fixing this packaging issue.)
Addresses PR pkg/55503 by Jay Patel.
* Disable document option, it requires asciidoctor.
Changelog:
## 2.6.1 (2020-08-19)
### Added
- Add menu entries for auto-typing only username or only password [#4891]
- Browser: Add command for retrieving current TOTP [#5278]
- Improve man pages [#5010]
- Linux: Support Xfce screen lock signals [#4971]
- Linux: Add OARS metadata to AppStream markup [#5031]
- SSH Agent: Substitute tilde with %USERPROFILE% on Windows [#5116]
### Changed
- Improve password generator UI and UX [#5129]
- Do not prompt to restart if switching the theme back and forth [#5084]
- Change actions for F1, F2, and F3 keys [#5082]
- Skip referenced passwords in health check report [#5056]
- Check system-wide Qt translations directory for downstream translations packaging [#5064]
- macOS: Change password visibility toggle shortcut to Ctrl+H to avoid conflict with system shortcut [#5114]
- Browser: Only display domain name in browser access confirm dialog to avoid overly wide window sizes [#5214]
### Fixed
- Fix clipboard not being cleared when database is locked while timeout is still active [#5184]
- Fix list of previous databases not being cleared in some cases [#5123]
- Fix saving of non-data changes on database lock [#5210]
- Fix search results banner theming [#5197]
- Don't enforce theme palette in Classic theme mode and add hover effect for buttons [#5122,#5267]
- Fix label clipping in settings on high-DPI screens [#5227]
- Fix excessive memory usage by icons on systems with high-DPI screens [#5266]
- Fix crash if number of TOTP digits exceeds ten [#5106]
- Fix slot detection when first YubiKey is configured on the second slot [#5004]
- Prevent crash if focus widget gets deleted during saving [#5005]
- Always show buttons for opening or saving attachments [#4956]
- Update link to Auto-Type help [#5228]
- Fix build errors with Ninja [#5121]
- CLI: Fix db-info command wrongly labelled as db-show in usage listing [#5140]
- Windows: Use Classic theme by default if high-contrast mode is on [#5191]
- Linux: Add workaround for qt5ct bug, causing icons not to show up [#5011]
- Linux: Correct high-DPI display by not allowing fractional scaling [#5185]
- Browser: Consider subdomain and path when requesting only "best-matching credentials" [#4832]
- SSH Agent: Always forget all keys on lock [#5115]
## 2.6.0 (2020-07-06)
### Added
- Custom Light and Dark themes [#4110, #4769, #4791, #4892, #4915]
- Compact mode to use classic Group and Entry line height [#4910]
- New monochrome tray icons [#4796, #4803]
- View menu to quickly switch themes, compact mode, and toggle UI elements [#4910]
- Search for groups and scope search to matched groups [#4705]
- Save Database Backup feature [#4550]
- Sort entries by "natural order" and move lines up/down [#4357]
- Option to launch KeePassXC on system startup/login [#4675]
- Caps Lock warning on password input fields [#3646]
- Add "Size" column to entry view [#4588]
- Browser-like tab experience using Ctrl+[Num] (Alt+[Num] on Linux) [#4063, #4305]
- Password Generator: Define additional characters to choose from [#3876]
- Reports: Database password health check (offline) [#3993]
- Reports: HIBP online service to check for breached passwords [#4438]
- Auto-Type: DateTime placeholders [#4409]
- Browser: Show group name in results sent to browser extension [#4111]
- Browser: Ability to define a custom browser location (macOS and Linux only) [#4148]
- Browser: Ability to change root group UUID and inline edit connection ID [#4315, #4591]
- CLI: `db-info` command [#4231]
- CLI: Use wl-clipboard if xclip is not available (Linux) [#4323]
- CLI: Incorporate xclip into snap builds [#4697]
- SSH Agent: Key file path env substitution, SSH_AUTH_SOCK override, and connection test [#3769, #3801, #4545]
- SSH Agent: Context menu actions to add/remove keys [#4290]
### Changed
- Complete replacement of default database icons [#4699]
- Complete replacement of application icons [#4066, #4161, #4203, #4411]
- Complete rewrite of documentation and manpages using Asciidoctor [#4937]
- Complete refactor of config files; separate between local and roaming [#4665]
- Complete refactor of browser integration and proxy code [#4680]
- Complete refactor of hardware key integration (YubiKey and OnlyKey) [#4584, #4843]
- Significantly improve performance when saving and opening databases [#4309, #4833]
- Remove read-only detection for database files [#4508]
- Overhaul of password fields and password generator [#4367]
- Replace instances of "Master Key" with "Database Credentials" [#4929]
- Change settings checkboxes to positive phrasing for consistency [#4715]
- Improve UX of using entry actions (focus fix) [#3893]
- Set expiration time to Now when enabling entry expiration [#4406]
- Always show "New Entry" in context menu [#4617]
- Issue warning before adding large attachments [#4651]
- Improve importing OPVault [#4630]
- Improve AutoOpen capability [#3901, #4752]
- Check for updates every 7 days even while still running [#4752]
- Improve Windows installer UI/UX [#4675]
- Improve config file handling of portable distribution [#4131, #4752]
- macOS: Hide dock icon when application is hidden to tray [#4782]
- Browser: Use unlock dialog to improve UX of opening a locked database [#3698]
- Browser: Improve database and entry settings experience [#4392, #4591]
- Browser: Improve confirm access dialog [#2143, #4660]
- KeeShare: Improve monitoring file changes of shares [#4720]
- CLI: Rename `create` command to `db-create` [#4231]
- CLI: Cleanup `db-create` options (`--set-key-file` and `--set-password`) [#4313]
- CLI: Use stderr for help text and password prompts [#4086, #4623]
- FdoSecrets: Display existing secret service process [#4128]
### Fixed
- Fix changing focus around the main window using tab key [#4641]
- Fix search field clearing while still using the application [#4368]
- Improve search help widget displaying on macOS and Linux [#4236]
- Return keyboard focus after editing an entry [#4287]
- Reset database path after failed "Save As" [#4526]
- Make builds reproducible [#4411]
- Improve handling of ccache when building [#4104, #4335]
- Windows: Use correct UI font and size [#4769]
- macOS: Properly re-hide application window after browser integration and Auto-Type usage [#4909]
- Linux: Fix version number not embedded in AppImage [#4842]
- Auto-Type: Fix crash when performing on new entry [#4132]
- Browser: Send legacy HTTP settings to recycle bin [#4589]
- Browser: Fix merging browser keys [#4685]
- CLI: Fix encoding when exporting database [#3921]
- SSH Agent: Improve reliability and underlying code [#3833, #4256, #4549, #4595]
- FdoSecrets: Fix crash when editing settings before service is enabled [#4332]
Changes since v4.4.0:
wolfSSL Release 4.5.0 (August 19, 2020)
If you have questions about this release, feel free to contact us on our
info@ address.
Release 4.5.0 of wolfSSL embedded TLS has bug fixes and new features including:
New Feature Additions
* Added Xilinx Vitis 2019.2 example and README updates
* TLS v1.3 is now enabled by default
* Building FIPS 140-2 code and test on Solaris
* Secure renegotiation with DTLS 1.2
* Update RSA calls for hardware acceleration with Xilsecure
* Additional OpenSSL compatibility layer functions added
* Cypress PSoC6 wolfCrypt driver added
* Added STM32CubeIDE support
* Added certificate parsing and inspection to C# wrapper layer
* TLS v1.3 sniffer support added
* TSIP v1.09 for target board GR-ROSE support added
* Added support for the "X72N Envision Kit" evaluation board
* Support for ECC nonblocking using the configure options
"--enable-ecc=nonblock --enable-sp=yes,nonblock CFLAGS=-DWOLFSSL_PUBLIC_MP"
* Added wc_curve25519_make_pub function to generate a public key given the
private one
Fixes
* PIC32MZ hardware cache and large hashes fix
* AES-GCM use with EVP layer in compatibility layer code
* Fix for RSA_LOW_MEM with ARM build of SP code
* Sanity check on tag length with AES-CCM to conform with RFC 3610
* Fixes for 32 and 64 bit software implementations of SP code when
WOLFSSL_SP_CACHE_RESISTANT is defined
* GCC warning fixes for GCC 9 and later
* Sanity check on HKDF expand length to conform with RFC 5869
* Fixes for STM32 CubeMX HAL with AES-GCM
* Fixed point cache look up table (LUT) implementation fixes
* Fix for ARM 32bit SP code when calling div word
* Fix for potential out of bounds read when parsing CRLs
* Fix for potential out of bounds read with RSA unpadding
* AES-CCM optimized counter fix
* Updates to Xcode projects for new files and features
* Fix for adding CRL’s to a WOLFSSL_X509_STORE structure
* FIPSv2 build with opensslall build fixes
* Fixes for CryptoCell use with ECC and signature wrappers
* Fix for mod calculation with SP code dealing with 3072 bit keys
* Fix for handling certificates with multiple OU’s in name
* Fix for SP math implementation of sp_add_d and add a sanity check on
rshb range
* Fix for sanity check on padding with DES3 conversion of PEM to DER
* Sanity check for potential out of bounds read with fp_read_radix_16
* Additional checking of ECC scalars.
* Fixing the FIPS Ready build w.r.t. ecc.c.
* When processing certificate names with OpenSSL compatibility layer
enabled, unknown name item types were getting handled as having NID 0,
and failing. Added a couple more items to what is handled correctly,
and ignoring anything that is an unknown type.
Improvements/Optimizations
* TLS 1.3 certificate verify update to handle 8192 bit RSA keys
* wpa_supplicant support with reduced code size option
* TLS 1.3 alerts encrypted when possible
* Many minor coverity fixes added
* Error checking when parsing PKCS12 DER
* IAR warning in test.c resolved
* ATECC608A improvements for use with Harmony 3 and PIC32 MZ
* Support for AES-GCM and wc_SignatureVerifyHash with static memory and no
malloc’s
* Enable SNI by default with JNI/JSSE builds
* NetBSD GCC compiler warnings resolved
* Additional test cases and code coverage added including curve25519 and
curve448 tests
* Option for user defined mutexes with WOLFSSL_USER_MUTEX
* Sniffer API’s for loading buffer directly
* Fixes and improvements from going through the DO-178 process were added
* Doxygen updates and fixes for auto documentation generation
* Changed the configure option for FIPS Ready builds to be
`--enable-fips=ready`.
This release of wolfSSL includes fixes for 6 security vulnerabilities.
wolfSSL version 4.5.0 contains 6 vulnerability fixes: 2 fixes for TLS 1.3,
2 side channel attack mitigations, 1 fix for a potential private key leak
in a specific use case, 1 fix for DTLS.
* In earlier versions of wolfSSL there exists a potential man in the middle
attack on TLS 1.3 clients. Malicious attackers with a privileged network
position can impersonate TLS 1.3 servers and bypass authentication. Users
that have applications with client side code and have TLS 1.3 turned on,
should update to the latest version of wolfSSL. Users that do not have
TLS 1.3 turned on, or that are server side only, are NOT affected by this
report. Thanks to Gerald Doussot from NCC group for the report.
* Denial of service attack on TLS 1.3 servers from repetitively sending
ChangeCipherSpecs messages. This denial of service results from the
relatively low effort of sending a ChangeCipherSpecs message versus the
effort of the server to process that message. Users with TLS 1.3 servers are
recommended to update to the most recent version of wolfSSL which limits the
number of TLS 1.3 ChangeCipherSpecs that can be received in order to avoid
this DoS attack. CVE-2020-12457 was reserved for the report. Thanks to
Lenny Wang of Tencent Security Xuanwu LAB.
* Potential cache timing attacks on public key operations in builds that are
not using SP (single precision). Users that have a system where malicious
agents could execute code on the system, are not using the SP build with
wolfSSL, and are doing private key operations on the system (such as signing
with a private key) are recommended to regenerate private keys and update to
the most recent version of wolfSSL. CVE-2020-15309 is reserved for this
issue. Thanks to Ida Bruhns from Universität zu Lübeck for the report.
* When using SGX with EC scalar multiplication the possibility of side-channel
attacks are present. To mitigate the risk of side channel attacks wolfSSL’s
single precision EC operations should be used instead. Release 4.5.0 turns
this on be default now with SGX builds and in previous versions of wolfSSL
this can be turned on by using the WOLFSSL_SP macros. Thank you to
Alejandro Cabrera Aldaya, Cesar Pereida García and Billy Bob Brumley from
the Network and Information Security Group (NISEC) at Tampere University for
the report.
* Leak of private key in the case that PEM format private keys are bundled in
with PEM certificates into a single file. This is due to the
misclassification of certificate type versus private key type when parsing
through the PEM file. To be affected, wolfSSL would need to have been built
with OPENSSL_EXTRA (--enable-opensslextra). Some build variants such as
--enable-all and --enable-opensslall also turn on this code path, checking
wolfssl/options.h for OPENSSL_EXTRA will show if the macro was used with the
build. If having built with the opensslextra enable option and having placed
PEM certificates with PEM private keys in the same file when loading up the
certificate file, then we recommend updating wolfSSL for this use case and
also recommend regenerating any private keys in the file.
* During the handshake, clear application_data messages in epoch 0 are
processed and returned to the application. Fixed by dropping received
application_data messages in epoch 0. Thank you to Paul Fiterau of Uppsala
University and Robert Merget of Ruhr-University Bochum for the report.
For additional vulnerability information visit the vulnerability page at
https://www.wolfssl.com/docs/security-vulnerabilities/
See INSTALL file for build instructions.
More info can be found on-line at https://wolfssl.com/wolfSSL/Docs.html
acceleration code. If we're x86_64, and the assembler is GNU, and the
version is too old, disable hardware acceleration. Other non-working
combinations can be added as they're discovered. No functional change
intended to any platforms where this previously built, but since it's
hard to be sure of that, I'm bumping PKGREVISION.
Alternatively, we could build with gas from devel/binutils when needed.
multimedia/libvpx says it does this (for similar reasons), but I
couldn't get that to work here, and am suspicious whether it still
works there.
This enables built-in U2F/FIDO security key support, without any
SSH_SK_PROVIDER middleware library needed. Works only on platforms
with working libfido2, so not enabled by default yet. We should
enable it by default in NetBSD>=10 and maybe some other platforms.
packaging changes: accomodate README to README.md transition
upstream changes:
- support added for many cards/readers (see README.md upstream for list)
- bugfixes
- minor improvements
1.4.33 - 25 June 2020, Ludovic Rousseau
- add --enable-oslog argument for macOS
use os_log(3) for macOS >= 10.12 (Sierra)
- Update PCSC submodule to get Unicode support
1.4.32 - 22 April 2020, Ludovic Rousseau
- Add SCardGetAttrib(.., SCARD_ATTR_CHANNEL_ID, ..) for USB devices
- Increase the timeout used to detect the Identiv uTrust 3700/3701 F readers
- Fix PowerOn bug for ICCD type A & B devices
- Disable pinpad for Chicony HP Skylab USB Smartcard Keyboard
1.4.31 - 10 August 2019, Ludovic Rousseau
1.4.30 - 19 September 2018, Ludovic Rousseau
- The project moved to https://ccid.apdu.fr/
- Disabled readers
- REINER SCT cyberJack RFID standard
1.4.29 - 21 February 2018, Ludovic Rousseau
- The C3PO LTC31 v2 wrongly declares PIN support
- Remove extra EGT patch because if has bad side effects
1.4.28 - 11 October 2017, Ludovic Rousseau
- Disabled readers
- Jinmuyu Electronics Co., Ltd. MR800
Yubico's Python library and command-line tool for managing Yubikeys.
Meta-package security/ykman gives a more obvious name, without any
Python package prefixing, for the ykman command-line tool package.
The webauthn API is disabled by default in the Tor Browser:
https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/26614
In order to use it, risking the consequences since the Tor Project
has not audited its anonymity properties, you have to explicitly
enable security.webauthn.webauthn=true in about:config.
So if you definitely want to log into a web site using U2F in spite
of that, with location privacy but not anonymity, then these patches
now enable it to work on NetBSD (with the caveat that enabling
security.webauthn.webauthn=true applies also to any web site that
tries to use the webauthn API, not just the ones you want to log
into).
Changes since previous pkgsrc version 2.5.1, from the NEWS file
Also add a fix for proper escape single quotes in RelayState
From upstream https://dev.entrouvert.org/issues/45581
2.6.1 - Aptil 22th 2019
----------------------
42 commits, 425 files changed, 3894 insertions, 795 deletions
- Keep order of SessionIndexes
- Clear SessionIndex when private SessionIndexes is empty (#41950)
- misc: clear warnings about class_init signature using coccinelle
- tests: fix compilation with check>0.12 (#39101)
- Sort input file lists to make build deterministic (#40454)
- debian: disable php7 (#28608)
- Modify .gitignore for PHP 7 binding (#28608)
- Add PHP 7 binding (#28608)
- Fix tests broken by new DEBUG logs (#12829)
- Improve error logging during node parsing (#12829)
- Improve configure compatibility (#32425)
- Improve compatibility with Solaris (#32425)
- Fix reference count in lasso_server_add_provider2 (fixes#35061)
- Fix python multi-version builds on jessie and stretch
- docs: do not use Internet to fetch DTDs, entities or documents (#35590)
- fix missing include <strings.h> for index() (fixes#33791)
- PAOS: Do not populate "Destination" attribute (Dmitrii Shcherbakov)
- export symbol lasso_log (#33784)
- Do not ignore WantAuthnRequestSigned value with hint MAYBE (#33354)
- Use io.open(encoding=utf8) in extract_symbols/sections.py (#33360)
- xml: adapt schema in saml2:AuthnContext (#29340)
- Fix ECP signature not found error when only assertion is signed (#26828)
- autoconf: search python interpreters by versions (John Dennis)
- python: make tools compatible with Py3 (John Dennis)
- python: run tests and tools with same interpreter as binding target (John Dennis)
- improve resiliency of lasso_inflate (#24853)
- fix segfault in lasso_get_saml_message (#24830)
- python: add classmethod Profile.getIssuer (#24831)
- website: add news about 2.6.0 release
- debian: sync with debian package (#24595)
- faq: fix references to lasso.profileGetIssuer (#24832)
- python: add a classmethod for lasso.profileGetIssuer (#24831)
- tools: fix segfault in lasso_get_saml_message (fixes#24830)
- jenkins.sh: add a make clean to prevent previous build to break new ones
- tools: set output buffer size in lasso_inflate to 20 times the input size (fixes#24853)
- Use python interpreter specified configure script
- Make Python scripts compatible with both Py2 and Py3
- fix duplicate definition of LogoutTestCase and logoutSuite
- Downcase UTF-8 file encoding name
- Make more Python scripts compatible with both Py2 and Py3
- Configure should search for versioned Python interpreter.
- Clean python cache when building python3 binding
- Move AC_SUBST declaration for AM_CFLAGS with alike (#24771)
- Remove -Werror from --enable-debugging (fixes#24771)
- xml: fix parsing of saml:AuthnContext (fixes#25640)
2.6.0 - June 1st 2018
---------------------
32 commits, 73 files changed, 1920 insertions, 696 deletions
- add inline implementation of lasso_log
- Choose the Reference transform based on the chosen Signature transform (fixes#10155)
- add support for C14N 1.1 methods and C14N withComments methods (fixes#4863)
- remove DGME specific commented out code
- add docstring on SHA-2 signature method enum
- tests: silence unused variable warning
- check node names in lasso_node_impl_init_from_xml() (fixes#47)
- fix segfault when parsed node has no namespace (#47)
- do not call xmlSecKeyDuplicate is source key is NULL
- enable user supplied CFLAGS
- Fix ecp test validate_idp_list() (fixes#11421)
- tests: convert log level as string
- fix definitions of error, critical and warning macros (fixes#12830)
- jenkins.sh: add V=1
- add defined for the XML namespace
- ignore unknown attributes from the xsi: namespace
- saml-2.0: improve support for free content inside samlp2:Extensions (fixes#18581)
- debian: initialize stretch packaging with a copy of upstream debian (#21772)
- replace use of <xmlsec/soap.h> which is deprecated (fixes#18771)
- fix get_issuer and get_in_response_to
- route logs from libxml2 and libxmlsec through GLib logging
- tests: prevent crash in glib caused by abort on recursive logging
- java: stop setting a bytecode version target
- add xmlsec_soap.h to Makefile
- python: route logs for libxml2 and libxmlsec2 to their own logger
- perl: force use of the in-tree lasso when running tests (fixes#23276)
- perl: set DESTDIR and PREFIX at Makefile's creation
- Replace xmlSecSoap functions with lasso implementations
- add a pem-public-key runtime flag
- deprecate loading PEM formatted public keys in lasso_xmlsec_load_key_info
- perl/tests: build Makefile.perl before running the tests
pkgsrc changes:
- Document all the patches
- Honors user's CFLAGS and don't remove -Wall from CFLAGS in patch-aa: they are
usually pretty useful
- Unset OPT_{NORMAL,INLINE} optimizations via MAKE_FLAGS to minimize patch-aa
- Remove not needed NO_CONFIGURE
- Use pre-configure as stage for SUBST (now that NO_CONFIGURE is removed)
Changes:
The following changes have been made between John 1.8.0 and 1.9.0:
* Increased the interleaving for bcrypt on x86-64 from 2x to 3x for a major
speedup on CPUs without SMT. Unfortunately, this sometimes results in a minor
performance regression when running multiple threads on CPUs with SMT.
* Recognize the $2b$ bcrypt prefix.
* In the generic crypt(3) format, detect descrypt with valid vs. invalid salts
as separate id's for our heuristics on supported hash types.
* Introduced a number of optimizations for faster handling of large password
hash files, including loading, cracking, and "--show". Some of these use more
memory than before, yet in a more efficient manner.
* Benchmark using all-different candidate passwords of length 7 by default.
* Dropped undocumented special handling of "Mc" in 'c' and 'C' rule commands.
* Dropped undocumented limitation of the 'M' and 'Q' rule commands where they
would sometimes memorize/check only up to the current hash type's length limit
yet this optimization wouldn't necessarily be transparent (e.g., if a later
command would extract a substring from above the hash type's length limit and
bring it to within the limit).
* Implemented special-case handling of repeated rule commands '$', '^', '[',
']', '{', and '}', as well as faster handling of the 'D' command.
* When built with "--fork" support, disallow session names with all-digit
suffixes since these clash with those produced by "--fork".
* Forward SIGTERM to --fork'ed children.
* Set stdout to line buffered (rather than potentially fully buffered), except
for "--stdout", "--show", and auxiliary programs such as "unshadow".
* On Windows, restore normal processing of Ctrl-C in case our parent (such as
Johnny the GUI) had disabled it.
* Added linux-x86*-avx512 and linux-x86*-avx2 make targets, which use
respectively AVX-512 and AVX2 for bitslice DES.
* Added linux-mic make target for Intel MIC (first generation Xeon Phi, aka
Knights Corner), which uses its 512-bit SIMD intrinsics for bitslice DES.
(For second generation Xeon Phi, aka Knights Landing, use linux-x86-64-avx512.)
* Added linux-arm64le, linux-arm32le-neon, and linux-arm32le make targets.
(The first two of these make use of ASIMD or NEON for bitslice DES.)
* Added linux-sparc64 make target.
* Made a minor optimization to MMX and SSE2 assembly code for LM hash.
* Dropped Ultrix and SCO support.
* Don't probe for alternate config file names (like john.ini when on Unix).
* "DokuWiki" external mode sample has been added to the default john.conf.
* Fixed operator precedence in the external mode compiler to be the same as C.
* Fixed an out of bounds write bug in the external mode virtual machine.
* Fixed a bug introduced in version 1.7.4 in the wordlist rules engine, where
some sequences of rule commands could overflow a word buffer.
* Fixed a bug where unaligned access SSE/AVX instructions would unnecessarily
be generated by GCC 4.6+ in the bitslice DES code in non-OpenMP builds.
* Fixed a bug where "Warning: no OpenMP support for this hash type" could be
printed in "--stdout" mode.
* Made assorted other bugfixes, portability and documentation enhancements.
1.20.1
Bug Fixes
reduce refresh clock skew to 10 seconds
set Content-Type header in the request to signBlob API to avoid Invalid JSON payload error
1.20.0
Features
Add debug logging that can help with diagnosing auth lib. path
Show the transport exception that happened for GCE Metadata
packaging: add support for Python 3.8
Noteworthy changes in version 1.14.0
------------------------------------
* New keylist mode to force the engine to return the keygrip.
* New export mode to export as OpenSSH public key.
* New context flag "extended-edit" to enable expert key edit.
* Deprecate the anyway non working trustlist functions.
* cpp: Add convenience API to obtain remarks.
* cpp: The sign key edit-interactor now supports multiple signatures
from the same key.
* qt: Extended signkeyjob to handle remarks and multiple signatures.
* qt: Added job API for gpg-card.
* qt: The logging category has been changed to gpg.qgpgme to be more
consistent with other qt logging categories.
* Interface changes relative to the 1.13.1 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
GPGME_KEYLIST_MODE_WITH_KEYGRIP NEW.
GPGME_EXPORT_MODE_SSH NEW.
gpgme_user_id_t EXTENDED: New field 'uidhash'.
cpp: UserID::remark NEW.
cpp: UserID::remarks NEW.
cpp: GpgSignKeyEditInteractor::setDupeOk NEW.
cpp: Context::exportPublicKeys EXTENDED: New param 'flags'.
cpp: Context::startPublicKeyExport EXTENDED: New param 'flags'.
cpp: Context::ExportMode NEW.
qt: SignKeyJob::setDupeOk NEW.
qt: SignKeyJob::setRemark NEW.
qt: GpgCardJob NEW.
qt: ExportJob::setExportFlags NEW.
Noteworthy changes in version 1.4.0
-----------------------------------
* Supports ECDSA and EdDSA certificate creation and parsing.
* Supports ECDH enveloped data.
* Supports ECDSA and EdDSA signed data.
* Supports rsaPSS signature verification.
* Supports standard file descriptors in ksba_reader_read.
* New configure flag --disable-doc.
* Improves supports for reproducible builds.
* Allows for optional elements in keyinfo objects.
* Updates the config and M4 scripts to the latest version.
* Fixes error detection in the CMS parser.
* Fixes memory leak in ksba_cms_identify.
* Fixes build warnings on macOS.
* Uses --disable-new-dtags if LD_LIBRARY_PATH is defined.
* New constants KSBA_VERSION and KSBA_VERSION_NUMBER.
* New API to make creation of DER objects easy.
* Interface changes relative to the 1.3.5 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
KSBA_VERSION NEW.
KSBA_VERSION_NUMBER NEW.
KSBA_CT_SPC_IND_DATA_CTX NEW.
KSBA_CLASS_* NEW.
KSBA_TYPE_* NEW.
ksba_der_t NEW.
ksba_der_release NEW.
ksba_der_builder_new NEW.
ksba_der_builder_reset NEW.
ksba_der_add_ptr NEW.
ksba_der_add_val NEW.
ksba_der_add_int NEW.
ksba_der_add_oid NEW.
ksba_der_add_bts NEW.
ksba_der_add_der NEW.
ksba_der_add_tag NEW.
ksba_der_add_end NEW.
ksba_der_builder_get NEW.
Tor Browser 9.5.3 -- July 28 2020
* All Platforms
* Update Firefox to 68.11.0esr
* Update NoScript to 11.0.34
* Update Tor to 0.4.3.6
Tor Browser 9.5.2 -- July 7 2020
* Android
* Update Firefox to 68.10.1esr
1.4.0
- `core.ObjectIdentifier` and all derived classes now obey X.660 §7.6 and
thus restrict the first arc to 0 to 2, and the second arc to less than
40 if the first arc is 0 or 1. This also fixes parsing of OIDs where the
first arc is 2 and the second arc is greater than 39.
- Fixed `keys.PublicKeyInfo.bit_size` to return an int rather than a float
on Python 3 when working with elliptic curve keys
- Fixed the `asn1crypto-tests` sdist on PyPi to work properly to generate a
.whl
v 11.0.34
============================================================
x Fixed regression breaking network-based CSP injection
v 11.0.33
============================================================
x Switch from HTTP to DOM event based CSP reporting in
compatible browsers
x [XSS] Updated HTML event attributes
x Updated TLDs
Release 2.3.0
Added initial support for reading configuration from OpenSSH-compatible config files, when present. Both client and server configuration files are supported, but not all config options are supported. See the AsyncSSH documentation for the latest list of what client and server options are supported, as well as what match conditions and percent substitutions are understood.
Added support for the concept of only a subset of supported algorithms being enabled by default, and for the ability to use wildcards when specifying algorithm names. Also, OpenSSH’s syntax of prefixing the list with ‘^’, ‘+’, or ‘-‘ is supported for incrementally adjusting the list of algorithms starting from the default set.
Added support for specifying a preferred list of client authentication methods, in order of preference. Previously, the order of preference was hard-coded into AsyncSSH.
Added the ability to use AsyncSSH’s “password” argument on servers which are using keyboard-interactive authentication to prompt for a “passcode”. Previously, this was only supported when the prompt was for a “password”.
Added support for providing separate lists of private keys and certificates, rather than requiring them to be specifying together as a tuple. When this new option is used, AsyncSSH will automatically associate the private keys with their corresponding certificates if matching certificates are present in the list.
Added support for the “known_hosts” argument to accept a list of known host files, rather than just a single file. Known hosts can also be specified using the GlobalKnownHostFile and UserKnownHostFile config file options, each of which can take multiple filenames.
Added new “request_tty” option to provide finer grained control over whether AsyncSSH will request a TTY when opening new sessions. The default is to still tie this to whether a “term_type” is specified, but now that can be overridden. Supported options of “yes”, “no”, “force”, and “auto” match the values supported by OpenSSH.
Added new “rdns_lookup” option to control whether the server does a reverse DNS of client addresses to allow matching of clients based on hostname in authorized keys and config files. When this option is disabled (the default), matches can only be based on client IP.
Added new “send_env” argument when opening a session to forward local environment variables using their existing values, augmenting the “env” argument that lets you specify remote environment variables to set and their corresponding values.
Added new “tcp_keepalive” option to control whether TCP-level keepalives are enabled or not on SSH connections. Previously, TCP keepalives were enabled unconditionally and this is still the default, but the new option provides a way to disable them.
Added support for sending and parsing client EXT_INFO messages, and for sending the “global-requests-ok” option in these messages when AsyncSSH is acting as a client.
Added support for expansion of ‘~’ home directory expansion when specifying arguments which contain filenames.
Added support for time intervals and byte counts to optionally be specified as string values with units, allowing for values such as “1.5h” or “1h30m” instead of having to specify that as 5400 seconds. Similarly, a byte count of “1g” can be passed to indicate 1 gigabyte, rather than specifying 1073741824 bytes.
Enhanced logging to report lists of sent and received algorithms when no matching algorithm is found. Thanks go to Jeremy Schulman for suggesting this.
Fixed an interoperability issue with PKIXSSH when attempting to use X.509 certificates with a signature algorithm of “x509v3-rsa2048-sha256”.
Fixed an issue with some links not working in the ReadTheDocs sidebar. Thanks go to Christoph Giese for reporting this issue.
Fixed keepalive handler to avoid leaking a timer object in some cases. Thanks go to Tom van Neerijnen for reporting this issue.
The original master site is gone. The new one redirects to Github but for
the ancient release we package (1.5.3, newest is 7.x), it does not have the
distfile.
Update NetBSD/pkgsrc#68
Noteworthy changes in version 2.2.21
* gpg: Improve symmetric decryption speed by about 25%.
* gpg: Support decryption of AEAD encrypted data packets.
* gpg: Add option --no-include-key-block.
* gpg: Allow for extra padding in ECDH.
* gpg: Only a single pinentry is shown for symmetric encryption if
the pinentry supports this.
* gpg: Print a note if no keys are given to --delete-key.
* gpg,gpgsm: The ridiculous passphrase quality bar is not anymore
shown.
* gpgsm: Certificates without a CRL distribution point are now
considered valid without looking up a CRL. The new option
--enable-issuer-based-crl-check can be used to revert to the
former behaviour.
* gpgsm: Support rsaPSS signature verification.
* gpgsm: Unless CRL checking is disabled lookup a missing issuer
certificate using the certificate's authorityInfoAccess.
* gpgsm: Print the certificate's serial number also in decimal
notation.
* gpgsm: Fix possible NULL-deref in messages of --gen-key.
* scd: Support the CardOS 5 based D-Trust Card 3.1.
* dirmngr: Allow http URLs with "LOOKUP --url".
* wkd: Take name of sendmail from configure. Fixes an OpenBSD
specific bug.
Noteworthy changes in version 1.8.6 (2020-07-06) [C22/A2/R6]
------------------------------------------------
* Bug fixes:
- Fix build problems on OpenIndiana et al. [#4818]
- Fix GCM bug on arm64 which troubles for example OMEMO. [#4986]
- Fix wrong code execution in Poly1305 ARM/NEON implementation.
[#4833]
- Detect a div-by-zero in a debug helper tool. [#4868]
- Use a constant time mpi_inv in some cases and change the order
mpi_invm is called. [#4869]
- Fix mpi_copy to correctly handle flags of opaque MPIs.
- Fix mpi_cmp to consider +0 and -0 the same.
* Other features:
- Add OIDs from RFC-8410 as aliases for Ed25519 and Curve25519.
pkglint 20.2.0 (and a bit earlier) does not insist on entries
for directories any longer that do not contain complete packages.
Remove them.
While here, fix security/Makefile that had two missing entries.
Update clamav to 0.102.4.
## 0.102.4
ClamAV 0.102.4 is a bug patch release to address the following issues.
- [CVE-2020-3350](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3350):
Fix a vulnerability wherein a malicious user could replace a scan target's
directory with a symlink to another path to trick clamscan, clamdscan, or
clamonacc into removing or moving a different file (eg. a critical system
file). The issue would affect users that use the --move or --remove options
for clamscan, clamdscan, and clamonacc.
For more information about AV quarantine attacks using links, see the
[RACK911 Lab's report](https://www.rack911labs.com/research/exploiting-almost-every-antivirus-software).
- [CVE-2020-3327](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3327):
Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.3 that
could cause a Denial-of-Service (DoS) condition. Improper bounds checking
results in an out-of-bounds read which could cause a crash.
The previous fix for this CVE in 0.102.3 was incomplete. This fix correctly
resolves the issue.
- [CVE-2020-3481](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3481):
Fix a vulnerability in the EGG archive module in ClamAV 0.102.0 - 0.102.3
could cause a Denial-of-Service (DoS) condition. Improper error handling
may result in a crash due to a NULL pointer dereference.
This vulnerability is mitigated for those using the official ClamAV
signature databases because the file type signatures in daily.cvd
will not enable the EGG archive parser in versions affected by the
vulnerability.
1.19.0:
Features
add quota project to base credentials class
check 'iss' in verify_oauth2_token
Bug Fixes
migrate signBlob to iamcredentials.googleapis.com
Documentation
remove 3.4 from supported versions list
Changes:
0.0.8
-----
- add vb_test.php check
- add phpinfo test
0.0.7
-----
- add a test for openelasticsearch
- add check for django debugging on error pages
- print more information about invalid hostnames
- add laravel telescope test
1.5.0:
* Added the `mic_present` property to the `NtlmContext` class to determine if a MIC has been added to the authentication message.
* Added the `sign` and `verify` function to the `NtlmContext` to sign data and verify signatures.
* Added the `reset_rc4_state` function to the `NtlmContext` to allow a caller to reset the incoming and outgoing RC4 cipher.
* Added the `NTLMSSP_NEGOTIATE_UNICODE` flag to the negotiate message to ensure the challenge and authentication message's text fields can be unicode encoded
1.6.0
Added
Certbot snaps are now available for the arm64 and armhf architectures.
Add minimal code to run Nginx plugin on NetBSD.
Make Certbot snap find externally snapped plugins
Function certbot.compat.filesystem.umask is a drop-in replacement for os.umask implementing umask for both UNIX and Windows systems.
Support for alternative certificate chains in the acme module.
Added --preferred-chain <issuer CN>. If a CA offers multiple certificate chains, it may be used to indicate to Certbot which chain should be preferred.
e.g. --preferred-chain "DST Root CA X3"
Changed
Allow session tickets to be disabled in Apache when mod_ssl is statically linked.
Generalize UI warning message on renewal rate limits
Certbot behaves similarly on Windows to on UNIX systems regarding umask, and the umask 022 is applied by default: all files/directories are not writable by anyone other than the user running Certbot and the system/admin users.
Read acmev1 Let's Encrypt server URL from renewal config as acmev2 URL to prepare for impending acmev1 deprecation.
Fixed
Cloudflare API Tokens may now be restricted to individual zones.
Don't use StrictVersion, but LooseVersion to check version requirements with setuptools, to fix some packaging issues with libraries respecting PEP404 for version string, with doesn't match StrictVersion requirements.
Certbot output doesn't refer to SSL Labs due to confusing scoring behavior.
Fix paths when calling to programs outside of the Certbot Snap, fixing the apache and nginx plugins on, e.g., CentOS 7.
(1) There is no {get,make,set}context support before Darwin 9
(2) Instead of failing the build on makedepend(8) malfunction, have
make(1) ignore its return value - which used to be the default for
previous OpenSSL versions.
v1.6.9: Meyer (Patch 9)
There were no releases between 1.6.5 and 1.6.9 due to release pipeline issues with Github Actions; please use this release instead.
Raise exception on unknown usage
Update tutorial to make server_name equal FQDN
Handle missing locale.LC_MESSAGES on Windows
A comprehensive OpenSSL module for Lua.
It includes support for certificate and key management, key generation,
signature verification, and deep bindings to the distinguished name,
alternative name, and X.509v3 extension interfaces.
It also binds OpenSSL's bignum, message digest, HMAC, cipher, and CSPRNG
interfaces. The end goal is to bind almost everything that OpenSSL supports,
but no more. It's intended as a low-level interface.
Basic bindings to OpenSSL's SSL* session and SSL_CTX* prototype objects are
available, but they cannot yet be used standalone to do SSL I/O. cqueues
supports SSL/TLS sockets internally, accepts an SSL_CTX* object from Lua
code for session configuration, and exports an SSL* object to Lua for session
introspection.
This is a really old version that is likely vulnerable.
AFAIK the only consumer of boringssl is Chromium which vendors its
own variant, otherwise the library is just for internal Google use
v1.4.1
• Use sudo when necessary to install in system-wide NSS stores (#192)
• Add a -version flag (#191)
• Speed up macOS execution by 4x for most users (#135)
• Minor usability improvements (#182, #178, #188)
v1.4.0
macOS Catalina compatibility, URL and email SANs, and more
macOS 10.15 Catalina introduced certificate lifespan limits which block mkcert
certificates. As a temporary measure, mkcert certificates now have a fixed
notBefore date of June 1st, 2019. Once the ACME server is implemented,
certificate lifespan will be shortened to 3 months. (#174)
Certificates generated by previous versions of mkcert after July 1st, 2019 will
not work on macOS 10.15 Catalina, and will have to be regenerated. The root CA
is unaffected and there is no need to rerun mkcert -install.
URL (#166) and email (for S/MIME, #152) SANs are now supported.
Client certificates are now created with a -client filename suffix, and they
claim the serverAuth EKU as well as the clientAuth one.
The certificate subject now includes the full user name, like
filippo@Bistromath.local (Filippo Valsorda).
SLES, OpenSUSE (#162), Snapcraft (#116), and CentOS 7 (#120) are now supported.
Linux release binaries are now fully static, and will work regardless of the
system libc. (#169)
v1.3.0
New advanced options:
• -ecdsa to generate ECDSA private keys
• -client to generate client certificates
• -csr to sign certificate signing requests
• $TRUST_STORES to select what stores to install into
Also, in other news:
• Add "Firefox Nightly.app" support on macOS
• Set the CommonName when generating PKCS#12 files for IIS
= mbed TLS 2.23.0 branch released 2020-07-01
Default behavior changes
* In the experimental PSA secure element interface, change the encoding of
key lifetimes to encode a persistence level and the location. Although C
prototypes do not effectively change, code calling
psa_register_se_driver() must be modified to pass the driver's location
instead of the keys' lifetime. If the library is upgraded on an existing
device, keys created with the old lifetime value will not be readable or
removable through Mbed TLS after the upgrade.
Features
* New functions in the error module return constant strings for
high- and low-level error codes, complementing mbedtls_strerror()
which constructs a string for any error code, including compound
ones, but requires a writable buffer. Contributed by Gaurav Aggarwal
in #3176.
* The new utility programs/ssl/ssl_context_info prints a human-readable
dump of an SSL context saved with mbedtls_ssl_context_save().
* Add support for midipix, a POSIX layer for Microsoft Windows.
* Add new mbedtls_x509_crt_parse_der_with_ext_cb() routine which allows
parsing unsupported certificate extensions via user provided callback.
Contributed by Nicola Di Lieto <nicola.dilieto@gmail.com> in #3243 as
a solution to #3241.
* Pass the "certificate policies" extension to the callback supplied to
mbedtls_x509_crt_parse_der_with_ext_cb() if it contains unsupported
policies (#3419).
* Added support to entropy_poll for the kern.arandom syscall supported on
some BSD systems. Contributed by Nia Alarie in #3423.
* Add support for Windows 2000 in net_sockets. Contributed by opatomic. #3239
Security
* Fix a side channel vulnerability in modular exponentiation that could
reveal an RSA private key used in a secure enclave. Noticed by Sangho Lee,
Ming-Wei Shih, Prasun Gera, Taesoo Kim and Hyesoon Kim (Georgia Institute
of Technology); and Marcus Peinado (Microsoft Research). Reported by Raoul
Strackx (Fortanix) in #3394.
* Fix side channel in mbedtls_ecp_check_pub_priv() and
mbedtls_pk_parse_key() / mbedtls_pk_parse_keyfile() (when loading a
private key that didn't include the uncompressed public key), as well as
mbedtls_ecp_mul() / mbedtls_ecp_mul_restartable() when called with a NULL
f_rng argument. An attacker with access to precise enough timing and
memory access information (typically an untrusted operating system
attacking a secure enclave) could fully recover the ECC private key.
Found and reported by Alejandro Cabrera Aldaya and Billy Brumley.
* Fix issue in Lucky 13 counter-measure that could make it ineffective when
hardware accelerators were used (using one of the MBEDTLS_SHAxxx_ALT
macros). This would cause the original Lucky 13 attack to be possible in
those configurations, allowing an active network attacker to recover
plaintext after repeated timing measurements under some conditions.
Reported and fix suggested by Luc Perneel in #3246.
Bugfix
* Fix the Visual Studio Release x64 build configuration for mbedtls itself.
Completes a previous fix in Mbed TLS 2.19 that only fixed the build for
the example programs. Reported in #1430 and fix contributed by irwir.
* Fix undefined behavior in X.509 certificate parsing if the
pathLenConstraint basic constraint value is equal to INT_MAX.
The actual effect with almost every compiler is the intended
behavior, so this is unlikely to be exploitable anywhere. #3192
* Fix issue with a detected HW accelerated record error not being exposed
due to shadowed variable. Contributed by Sander Visser in #3310.
* Avoid NULL pointer dereferencing if mbedtls_ssl_free() is called with a
NULL pointer argument. Contributed by Sander Visser in #3312.
* Fix potential linker errors on dual world platforms by inlining
mbedtls_gcc_group_to_psa(). This allows the pk.c module to link separately
from psa_crypto.c. Fixes#3300.
* Remove dead code in X.509 certificate parsing. Contributed by irwir in
#2855.
* Include asn1.h in error.c. Fixes#3328 reported by David Hu.
* Fix potential memory leaks in ecp_randomize_jac() and ecp_randomize_mxz()
when PRNG function fails. Contributed by Jonas Lejeune in #3318.
* Remove unused macros from MSVC projects. Reported in #3297 and fix
submitted in #3333 by irwir.
* Add additional bounds checks in ssl_write_client_hello() preventing
output buffer overflow if the configuration declared a buffer that was
too small.
* Set _POSIX_C_SOURCE to at least 200112L in C99 code. Reported in #3420 and
fix submitted in #3421 by Nia Alarie.
* Fix building library/net_sockets.c and the ssl_mail_client program on
NetBSD. Contributed by Nia Alarie in #3422.
* Fix false positive uninitialised variable reported by cpp-check.
Contributed by Sander Visser in #3311.
* Update iv and len context pointers manually when reallocating buffers
using the MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH feature. This caused issues
when receiving a connection with CID, when these fields were shifted
in ssl_parse_record_header().
Changes
* Fix warnings about signedness issues in format strings. The build is now
clean of -Wformat-signedness warnings. Contributed by Kenneth Soerensen
in #3153.
* Fix minor performance issue in operations on Curve25519 caused by using a
suboptimal modular reduction in one place. Found and fix contributed by
Aurelien Jarno in #3209.
* Combine identical cases in switch statements in md.c. Contributed
by irwir in #3208.
* Simplify a bounds check in ssl_write_certificate_request(). Contributed
by irwir in #3150.
* Unify the example programs termination to call mbedtls_exit() instead of
using a return command. This has been done to enable customization of the
behavior in bare metal environments.
* Fix mbedtls_x509_dn_gets to escape non-ASCII characters as "?".
Contributed by Koh M. Nakagawa in #3326.
* Use FindPython3 when cmake version >= 3.15.0
* Abort the ClientHello writing function as soon as some extension doesn't
fit into the record buffer. Previously, such extensions were silently
dropped. As a consequence, the TLS handshake now fails when the output
buffer is not large enough to hold the ClientHello.
* The unit tests now rely on header files in tests/include/test and source
files in tests/src. When building with make or cmake, the files in
tests/src are compiled and the resulting object linked into each test
executable.
* The ECP module, enabled by `MBEDTLS_ECP_C`, now depends on
`MBEDTLS_CTR_DRBG_C` or `MBEDTLS_HMAC_DRBG_C` for some side-channel
coutermeasures. If side channels are not a concern, this dependency can
be avoided by enabling the new option `MBEDTLS_ECP_NO_INTERNAL_RNG`.
* Align MSVC error flag with GCC and Clang. Contributed by Carlos Gomes
Martinho. #3147
* Remove superfluous assignment in mbedtls_ssl_parse_certificate(). Reported
in #3182 and fix submitted by irwir. #3217
* Fix typo in XTS tests. Reported and fix submitted by Kxuan. #3319
This release updates Firefox to 68.10.0esr and NoScript to 11.0.32.
Also, this release features important security updates to Firefox.
The full changelog since Tor Browser 9.5 is:
All Platforms
Update Firefox to 68.10.0esr
Update NoScript to 11.0.32
Translations update
Bug 40009: Improve tor's client auth stability
Windows + OS X + Linux
Bug 34361: "Prioritize .onion sites when known" appears under General
Bug 34362: Improve Onion Service Authentication prompt
Bug 34369: Fix learn more link in Onion Auth prompt
Bug 34379: Fix learn more for Onion-Location
Bug 34347: The Tor Network part on the onboarding is not new anymore
v 11.0.32
============================================================
x [L10n] Updated it, mk, sv_SE
x Fixed setting CUSTOM permissions in private mode may cause
the TRUSTED preset to become temporary
x Updated TLDs
x [XSS] Updated HTML 5 events support
x More compact high contrast appearance
v 11.0.31
============================================================
x Focus "OK" button on dialog-mode UI
x Fixed various toolbar buttons DnD issues
x Updated TLDs
x [L10n] Updated bn, br, ca, da, de, el, es, fr, he, is, it,
ja, lt, mk, ms, nb, nl, pl, pt_BR, ru, sq, sv_SE, tr,
zh_CN, zh_TW
x Fixed very low contrast HTTPS-only label in High Contrast
mode
v 11.0.31rc2
============================================================
x Focus "OK" button on dialog-mode UI
x [L10n] Updated da
x Fixed various toolbar buttons DnD graphic issues
x Updated TLDs
v 11.0.31rc1
============================================================
x [L10n] Updated bn, br, ca, da, de, el, es, fr, he, is, it,
ja, lt, mk, ms, nb, nl, pl, pt_BR, ru, sq, sv_SE, tr,
zh_CN, zh_TW
x Fixed very low contrast HTTPS-only label in High Contrast
mode
x More precise DnD of toolbar buttons + work-around for
https://bugzilla.mozilla.org/show_bug.cgi?id=568313
It isn't extracted properly by archivers/pax, which leads to
packaging errors on some platforms, e.g. some Solaris derivatives.
(gtar works too, but the common approach here seems to be to just
keep it simple and specify bsdtar universally.) This should address
PR pkg/55448 from Hauke Fath.
The arc4random family of functions provides a cryptographic pseudorandom
number generator automatically seeded from the system entropy pool and
safe to use from multiple threads. arc4random is designed to prevent an
adversary from guessing outputs, unlike rand(3) and random(3), and is
faster and more convenient than reading from /dev/urandom directly.
This is a Lua wrapper for arc4random(3), portable to systems that
do and don't have it natively in libc. On systems where arc4random
may be insecure it provides a replacement.
3.9.8:
Resolved issues
* The Shamir's secret sharing implementation is not actually compatible with ``ssss``.
Added an optional parameter to enable interoperability.
* Skip altogether loading of ``gmp.dll`` on Windows.
* Fix incorrect CFB decryption when the input and the output are the same buffer.
Motivation: the default behaviour of reopening /dev/urandom repeatedly
for every 128 bytes of entropy required is _exceedingly_ slow on NetBSD.
Not helped is using fread(), which assumes a long-lived file and buffers
excessively. This change makes the standard gen_entropy tool run in
milliseconds instead of seconds when it generates 48K of randomness.
Not only that, but sysctl is a lot more robust in e.g. chroots, resource
limited processes, etc.
Risk: On NetBSD, the security properties of the previous and current
behaviour are identical.
Upstreamed: https://github.com/ARMmbed/mbedtls/pull/3423
Bump PKGREVISION.
Changelog:
This release fixes the following security issues:
- In some situations an SSH server could cause PuTTY to access freed
mdmory by pretending to accept an SSH key and then refusing the
actual signature. It can only happen if you're using an SSH agent.
- New configuration option to disable PuTTY's default policy of
changing its host key algorithm preferences to prefer keys it
already knows. (There is a theoretical information leak in this
policy.)
Other bug fixes include:
- Windows installer: the text in the installer UI is now visible in
Windows high-contrast mode. (Previously it was white on white by
mistake.)
- Windows 7: fixed spurious OS out-of-memory error when reading
passwords from a Windows console (e.g. psftp).
- Terminal crash: the dreaded "line==NULL" error could happen if an
application switched between the main and alternate screens while
the user was looking at the scrollback.
- Terminal crash: the terminal could fail an assertion when sending
an empty answerback string, and when pasting text none of whose
characters exist in the selected character set.
- SSH: fixed endless memory-allocating loop that could be triggered
by the combination of a misbehaving SSH agent and PuTTY's bug
compatibility mode for padded RSA signatures.
- File transfer: when uploading files to some SFTP servers (e.g. the
one in proftpd's mod_sftp), PSFTP would consume up to 4GB of local
memory before sending anything to the server.
- Terminal behaviour: sometimes the cursor was put in the wrong place
after restoring from the alternate screen.
- GTK: fixed font size calculation when using newer Pango libraries
(e.g. the one on Ubuntu 20.04).
- GTK: scroll wheel events now work in unusual environments like VNC.
Instead:
1. Package makefiles including their own options.mk
2. Packages say "SUBST_CLASSES+=djberrno" to get the hack, if needed
3. Packages adjust SUBST_FILES.djberrno, if needed
Should fix bulk build failures due to multiple inclusions of options.mk
and/or incorrect definitions of DJB_ERRNO_HACK.
Approved during the freeze by wiz@.
Update ruby-sshkey to 2.0.0.
pkgsrc change: add "USE_LANGUAGES= # none".
2.0.0 (2019-02-11)
* Breaking Change: Drop support for Ruby 1.9
* Feature: Accept valid ed25519 keys with leading zero byte (#37)
* Feature: Support sshfp (#30)
Update ruby-metasploit_payloads-mettle to 1.0.1.
No releasenote nor changelog is available. Quote from
<https://github.com/rapid7/mettle/compare/v1.0.0...v1.0.1>:
1.0.1 (2020-06-18)
* Use DER instead of PEM for TLV encryption.
1.9.0:
- SCardEndTransaction(): greatly improve performances (x300)
- tokenparser: accept any Unicode character in a reader name
- Use /run instead of /var/run by default
- Fix a memory leak from a polkit call
- Some other minor improvements
1.8.26:
- Use poll() instead of select() to allow file descriptor higher than FD_SETSIZE
- Enable reader filtering by default
- pcsc-spy:
. Do not read output buffer after error
. Adjust code to handle autoallocated buffers
. fix year-2038 issue by using long instead of int
- Android: fix compilation
- if client/server protocol mismatch:
. log an explicit message
. SCardEstablishContext() returns SCARD_E_SERVICE_STOPPED
- polkit: log the error message if polkit_authority_get_sync() fails
- Exit with EXIT_SUCCESS on shutdown to please systemd
- Doxygen: fix minor issues in the documentation
- Add --disable-documentation option
- Fix a minor memory leak
1.8.25:
- Fix a socket issue when pcscd is used inside LXC container
- pcsc-spy: always provide a total time of execution
- Fix resource leak if SCardEstablishContext() fails
- Fix realloc(3) error handling (possible memory leak)
- Remove usage of function chmod(2) to use fchmod(2) (fix race condition)
1.8.24:
- the project moved to https://pcsclite.apdu.fr/
- SCardGetStatusChange(): Fix a rare race condition
- SCardReleaseContext(): do not release a lock owned by another context
- SCardReconnect(): suspend card auto power off
- Allow "=" in serial driver filenames
- Add the thread id in the pcscd log lines
- pcsc-spy: correctly handle incomplete log file
- Simclist: avoid to divide by zero in list_findpos()
- Some other minor improvements
Passphrase is a zero-dependency passphrase generator.
It is pretty fast (over 6000 times faster than
bitwarden's "bw generate -p",) and you can use any wordlist.
An English wordlist is included, and is the default.
Unfortunately no changelog is provided by upstream, main changes between 1.4.2
are added support for CrateDB, Cubid, Drizzle, Apache Ignite, Amazon Aurora
forks, InterSystems cache, eXtremeDB.
OAuth often seems complicated and difficult-to-implement. There are several
prominent libraries for handling OAuth requests, but they all suffer from one
or both of the following:
* They predate the OAuth 1.0 spec, AKA RFC 5849.
* They predate the OAuth 2.0 spec, AKA RFC 6749.
* They assume the usage of a specific HTTP request library.
OAuthLib is a generic utility which implements the logic of OAuth without
assuming a specific HTTP request object or web framework. Use it to graft OAuth
client support onto your favorite HTTP library, or provider support onto your
favourite web framework. If you're a maintainer of such a library, write a thin
veneer on top of OAuthLib and get OAuth support for very little effort.
Single sign-on framework for GNOME. It aims to provide a way for users to
setup online accounts to be used by the core system and core applications
only. Calendar entries show up in GNOME Shell, e-mail in Evolution, online
storages are exposed as GVolumes, and so on.
Update to ruby-net-ssh 6.1.0.
=== 6.1.0
* adapt to ssh's default bahaviors when no username is provided.
When Net::SSH.start user is nil and config has no entry
we default to Etc.getpwuid.name() instead of Etc.getlogin(). [#749]
=== 6.1.0.rc1
* Make sha2-{256,512}-etm@openssh.com MAC default again [#761]
* Support algorithm subtraction syntax from ssh_config [#751]
Add openssl-cmac package version 2.0.1.
Ruby Gem for
* RFC 4493 - The AES-CMAC Algorithm (http://tools.ietf.org/html/rfc4493)
* RFC 4494 - The AES-CMAC-96 Algorithm and Its Use with IPsec
(http://tools.ietf.org/html/rfc4494)
* RFC 4615 - The Advanced Encryption Standard-Cipher-based Message
Authentication Code-Pseudo-Random Function-128 (AES-CMAC-PRF-128)
Algorithm for the Internet Key Exchange Protocol (IKE)
(http://tools.ietf.org/html/rfc4615)
Changes:
3.6.14
------
* libgnutls: Fixed insecure session ticket key construction, since 3.6.4.
The TLS server would not bind the session ticket encryption key with a
value supplied by the application until the initial key rotation, allowing
attacker to bypass authentication in TLS 1.3 and recover previous
conversations in TLS 1.2 (#1011).
[GNUTLS-SA-2020-06-03, CVSS: high]
* libgnutls: Fixed handling of certificate chain with cross-signed
intermediate CA certificates (#1008).
* libgnutls: Fixed reception of empty session ticket under TLS 1.2 (#997).
* libgnutls: gnutls_x509_crt_print() is enhanced to recognizes commonName
(2.5.4.3), decodes certificate policy OIDs (!1245), and prints Authority
Key Identifier (AKI) properly (#989, #991).
* certtool: PKCS #7 attributes are now printed with symbolic names (!1246).
* libgnutls: Added several improvements on Windows Vista and later releases
(!1257, !1254, !1256). Most notably the system random number generator now
uses Windows BCrypt* API if available (!1255).
* libgnutls: Use accelerated AES-XTS implementation if possible (!1244).
Also both accelerated and non-accelerated implementations check key block
according to FIPS-140-2 IG A.9 (!1233).
* libgnutls: Added support for AES-SIV ciphers (#463).
* libgnutls: Added support for 192-bit AES-GCM cipher (!1267).
* libgnutls: No longer use internal symbols exported from Nettle (!1235)
* API and ABI modifications:
GNUTLS_CIPHER_AES_128_SIV: Added
GNUTLS_CIPHER_AES_256_SIV: Added
GNUTLS_CIPHER_AES_192_GCM: Added
gnutls_pkcs7_print_signature_info: Added
Certbot 1.5.0
Added
Require explicit confirmation of snap plugin permissions before connecting.
Changed
Improved error message in apache installer when mod_ssl is not available.
Fixed
Add support for OCSP responses which use a public key hash ResponderID, fixing
interoperability with Sectigo CAs.
Fix TLS-ALPN test that fails when run with newer versions of OpenSSL.
More details about these changes can be found on our GitHub repo.
EVP_sha1 and EVP_sha256. Without this, opendnssec would build
but would not recognize any of those algorithms for tsig, and
therefore be pretty useless. I'll admit that I'm not entirely
certain why this is now suddenly required; those functions are
in the same library in 9.0 as in 8.0.
Bump PKGREVISION.
1.0 - 2020-05-13
- Limit support to GnuPG 2.2+ and 1.4
- Additional information from keys when using GnuPG 2.2 or higher
- Add support for use of agent/pinentry
- Updated options to add ignore_mdc_error and logging
- Improvements to tests
- Update pubkey_data documentation
- Special thanks to dkg on Github for a large PR with updates for GnuPG 2
- Thanks also to ntyni on Github for a pointer to test updates also dealing
with version changes
This release includes important security updates to Firefox.
This new Tor Browser release is focused on helping users understand
onion services.
Tor's onion routing remains the best way to achieve end-to-end
anonymous communication on the Internet. With onion services (.onion
addresses), website administrators can provide their users with
anonymous connections that are metadata-free or that hide metadata
from any third party. Onion services are also one of the few
censorship circumvention technologies that allow users to route
around censorship while simultaneously protecting their privacy
and identity.
For the first time, Tor Browser users on desktop will be able to
opt-in for using onion sites automatically whenever the website
makes them available. For years, some websites have invisibly used
onion services with alternative services (alt-svc), and this
continues to be an excellent choice. Now, there is also an opt-in
mechanism available for websites that want their users to know
about their onion service that invites them to upgrade their
connection via the .onion address.
5.68
[KAuth] Add support for action details in Polkit1 backend
[policy-gen] Fix the code to actually use the correct capture group
Drop Policykit backend
[polkit-1] Simplify Polkit1Backend action exists lookup
[polkit-1] Return an error status in actionStatus if there is an error
Calculate KAuthAction::isValid on demand
5.69
Fix type namespace requirement
ChangeLog:
- New option: -R to recover the public key from a secret key.
- minisign can now be compiled to WebAssembly.
- Error messages have been improved.
- Key derivation is now possible on devices with limited memory.
- Compilation on OpenWRT is now possible using cmake.
- A Docker image is now available.
- 64-bit Windows binaries have been added, and macOS binaries are notarized.
2020.5.20
not documented
2020.5.19
* Reverting Onboarding page for the time being
* Patch for whitelisting rules and EASE mode issue
* Double rule load patch in update channels
* Fix minor JS and UX issues
v 11.0.30
============================================================
x Discoverable option to force site-leaking UI in
PBM/Incognito
x [L10n] Updated he
x Easier keyboard navigation of preset configuration
x Yellow-less UI palette
lxqt-sudo-0.15.0 / 2020-04-23
=============================
* sudo: Fix (re)setting HOME with sudo backend.
* sudo: Add TERM to allowed/preserved env vars.
* Build on NetBSD.
lxqt-policykit-0.15.0 / 2020-04-22
==================================
* Bumped version to 0.15.0.
* Delete Password from line-edit.
* Made the infobox non-modal.
* Removed (duplicated) string casts definitions.
This package provides the certificates distributed by the Mozilla
Project.
It also provides a script, update-ca-certs, which can be used to manage
a location that makes certificates usable by TLS implementations,
including installing select certificates from this package.
pkgsrc changes: Delete roots which expired today or earlier:
C = SE, O = AddTrust AB, OU = AddTrust TTP Network, CN = AddTrust Class 1 CA Root
C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
C = NL, O = Staat der Nederlanden, CN = Staat der Nederlanden Root CA - G2
Upstream changes:
1618404 - Set CKA_NSS_SERVER_DISTRUST_AFTER for Symantec root
1621159 - Set CKA_NSS_SERVER_DISTRUST_AFTER for Consorci AOC,
GRCA, and SK ID root certs. r=jcj
1.4.0:
* Update ``libsodium`` to 1.0.18.
* **BACKWARDS INCOMPATIBLE:** We no longer distribute 32-bit ``manylinux1``
wheels. Continuing to produce them was a maintenance burden.
* Added support for Python 3.8, and removed support for Python 3.4.
* Add low level bindings for extracting the seed and the public key
from crypto_sign_ed25519 secret key
* Add low level bindings for deterministic random generation.
* Add ``wheel`` and ``setuptools`` setup_requirements in ``setup.py``
* Fix checks on very slow builders
* Add low-level bindings to ed25519 arithmetic functions
* Update low-level blake2b state implementation
* Fix wrong short-input behavior of SealedBox.decrypt()
* Raise CryptPrefixError exception instead of InvalidkeyError when trying
to check a password against a verifier stored in a unknown format
* Add support for minimal builds of libsodium. Trying to call functions
not available in a minimal build will raise an UnavailableError
exception. To compile a minimal build of the bundled libsodium, set
the SODIUM_INSTALL_MINIMAL environment variable to any non-empty
string (e.g. ``SODIUM_INSTALL_MINIMAL=1``) for setup.
OpenSSH 8.3 was released on 2020-05-27. It is available from the
mirrors listed at https://www.openssh.com/.
OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support.
Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested snapshots or donated to the
project. More information on donations may be found at:
https://www.openssh.com/donations.html
Future deprecation notice
=========================
It is now possible[1] to perform chosen-prefix attacks against the
SHA-1 algorithm for less than USD$50K. For this reason, we will be
disabling the "ssh-rsa" public key signature algorithm by default in a
near-future release.
This algorithm is unfortunately still used widely despite the
existence of better alternatives, being the only remaining public key
signature algorithm specified by the original SSH RFCs.
The better alternatives include:
* The RFC8332 RSA SHA-2 signature algorithms rsa-sha2-256/512. These
algorithms have the advantage of using the same key type as
"ssh-rsa" but use the safe SHA-2 hash algorithms. These have been
supported since OpenSSH 7.2 and are already used by default if the
client and server support them.
* The ssh-ed25519 signature algorithm. It has been supported in
OpenSSH since release 6.5.
* The RFC5656 ECDSA algorithms: ecdsa-sha2-nistp256/384/521. These
have been supported by OpenSSH since release 5.7.
To check whether a server is using the weak ssh-rsa public key
algorithm, for host authentication, try to connect to it after
removing the ssh-rsa algorithm from ssh(1)'s allowed list:
ssh -oHostKeyAlgorithms=-ssh-rsa user@host
If the host key verification fails and no other supported host key
types are available, the server software on that host should be
upgraded.
A future release of OpenSSH will enable UpdateHostKeys by default
to allow the client to automatically migrate to better algorithms.
Users may consider enabling this option manually. Vendors of devices
that implement the SSH protocol should ensure that they support the
new signature algorithms for RSA keys.
[1] "SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1 and
Application to the PGP Web of Trust" Leurent, G and Peyrin, T
(2020) https://eprint.iacr.org/2020/014.pdf
Security
========
* scp(1): when receiving files, scp(1) could be become desynchronised
if a utimes(2) system call failed. This could allow file contents
to be interpreted as file metadata and thereby permit an adversary
to craft a file system that, when copied with scp(1) in a
configuration that caused utimes(2) to fail (e.g. under a SELinux
policy or syscall sandbox), transferred different file names and
contents to the actual file system layout.
Exploitation of this is not likely as utimes(2) does not fail under
normal circumstances. Successful exploitation is not silent - the
output of scp(1) would show transfer errors followed by the actual
file(s) that were received.
Finally, filenames returned from the peer are (since openssh-8.0)
matched against the user's requested destination, thereby
disallowing a successful exploit from writing files outside the
user's selected target glob (or directory, in the case of a
recursive transfer). This ensures that this attack can achieve no
more than a hostile peer is already able to achieve within the scp
protocol.
Potentially-incompatible changes
================================
This release includes a number of changes that may affect existing
configurations:
* sftp(1): reject an argument of "-1" in the same way as ssh(1) and
scp(1) do instead of accepting and silently ignoring it.
Changes since OpenSSH 8.2
=========================
The focus of this release is bug fixing.
New Features
------------
* sshd(8): make IgnoreRhosts a tri-state option: "yes" to ignore
rhosts/shosts, "no" allow rhosts/shosts or (new) "shosts-only"
to allow .shosts files but not .rhosts.
* sshd(8): allow the IgnoreRhosts directive to appear anywhere in a
sshd_config, not just before any Match blocks; bz3148
* ssh(1): add %TOKEN percent expansion for the LocalFoward and
RemoteForward keywords when used for Unix domain socket forwarding.
bz#3014
* all: allow loading public keys from the unencrypted envelope of a
private key file if no corresponding public key file is present.
* ssh(1), sshd(8): prefer to use chacha20 from libcrypto where
possible instead of the (slower) portable C implementation included
in OpenSSH.
* ssh-keygen(1): add ability to dump the contents of a binary key
revocation list via "ssh-keygen -lQf /path" bz#3132
Bugfixes
--------
* ssh(1): fix IdentitiesOnly=yes to also apply to keys loaded from
a PKCS11Provider; bz#3141
* ssh-keygen(1): avoid NULL dereference when trying to convert an
invalid RFC4716 private key.
* scp(1): when performing remote-to-remote copies using "scp -3",
start the second ssh(1) channel with BatchMode=yes enabled to
avoid confusing and non-deterministic ordering of prompts.
* ssh(1), ssh-keygen(1): when signing a challenge using a FIDO token,
perform hashing of the message to be signed in the middleware layer
rather than in OpenSSH code. This permits the use of security key
middlewares that perform the hashing implicitly, such as Windows
Hello.
* ssh(1): fix incorrect error message for "too many known hosts
files." bz#3149
* ssh(1): make failures when establishing "Tunnel" forwarding
terminate the connection when ExitOnForwardFailure is enabled;
bz#3116
* ssh-keygen(1): fix printing of fingerprints on private keys and add
a regression test for same.
* sshd(8): document order of checking AuthorizedKeysFile (first) and
AuthorizedKeysCommand (subsequently, if the file doesn't match);
bz#3134
* sshd(8): document that /etc/hosts.equiv and /etc/shosts.equiv are
not considered for HostbasedAuthentication when the target user is
root; bz#3148
* ssh(1), ssh-keygen(1): fix NULL dereference in private certificate
key parsing (oss-fuzz #20074).
* ssh(1), sshd(8): more consistency between sets of %TOKENS are
accepted in various configuration options.
* ssh(1), ssh-keygen(1): improve error messages for some common
PKCS#11 C_Login failure cases; bz#3130
* ssh(1), sshd(8): make error messages for problems during SSH banner
exchange consistent with other SSH transport-layer error messages
and ensure they include the relevant IP addresses bz#3129
* various: fix a number of spelling errors in comments and debug/error
messages
* ssh-keygen(1), ssh-add(1): when downloading FIDO2 resident keys
from a token, don't prompt for a PIN until the token has told us
that it needs one. Avoids double-prompting on devices that
implement on-device authentication.
* sshd(8), ssh-keygen(1): no-touch-required FIDO certificate option
should be an extension, not a critical option.
* ssh(1), ssh-keygen(1), ssh-add(1): offer a better error message
when trying to use a FIDO key function and SecurityKeyProvider is
empty.
* ssh-add(1), ssh-agent(8): ensure that a key lifetime fits within
the values allowed by the wire format (u32). Prevents integer
wraparound of the timeout values. bz#3119
* ssh(1): detect and prevent trivial configuration loops when using
ProxyJump. bz#3057.
Portability
-----------
* Detect systems where signals flagged with SA_RESTART will interrupt
select(2). POSIX permits implementations to choose whether
select(2) will return when interrupted with a SA_RESTART-flagged
signal, but OpenSSH requires interrupting behaviour.
* Several compilation fixes for HP/UX and AIX.
* On platforms that do not support setting process-wide routing
domains (all excepting OpenBSD at present), fail to accept a
configuration attempts to set one at process start time rather than
fatally erroring at run time. bz#3126
* Improve detection of egrep (used in regression tests) on platforms
that offer a poor default one (e.g. Solaris).
* A number of shell portability fixes for the regression tests.
* Fix theoretical infinite loop in the glob(3) replacement
implementation.
* Fix seccomp sandbox compilation problems for some Linux
configurations bz#3085
* Improved detection of libfido2 and some compilation fixes for some
configurations when --with-security-key-builtin is selected.
OpenSSH 8.2 was released on 2020-02-14. It is available from the
mirrors listed at https://www.openssh.com/.
OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support.
Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested snapshots or donated to the
project. More information on donations may be found at:
https://www.openssh.com/donations.html
Future deprecation notice
=========================
It is now possible[1] to perform chosen-prefix attacks against the
SHA-1 hash algorithm for less than USD$50K. For this reason, we will
be disabling the "ssh-rsa" public key signature algorithm that depends
on SHA-1 by default in a near-future release.
This algorithm is unfortunately still used widely despite the
existence of better alternatives, being the only remaining public key
signature algorithm specified by the original SSH RFCs.
The better alternatives include:
* The RFC8332 RSA SHA-2 signature algorithms rsa-sha2-256/512. These
algorithms have the advantage of using the same key type as
"ssh-rsa" but use the safe SHA-2 hash algorithms. These have been
supported since OpenSSH 7.2 and are already used by default if the
client and server support them.
* The ssh-ed25519 signature algorithm. It has been supported in
OpenSSH since release 6.5.
* The RFC5656 ECDSA algorithms: ecdsa-sha2-nistp256/384/521. These
have been supported by OpenSSH since release 5.7.
To check whether a server is using the weak ssh-rsa public key
algorithm for host authentication, try to connect to it after
removing the ssh-rsa algorithm from ssh(1)'s allowed list:
ssh -oHostKeyAlgorithms=-ssh-rsa user@host
If the host key verification fails and no other supported host key
types are available, the server software on that host should be
upgraded.
A future release of OpenSSH will enable UpdateHostKeys by default
to allow the client to automatically migrate to better algorithms.
Users may consider enabling this option manually.
[1] "SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1 and
Application to the PGP Web of Trust" Leurent, G and Peyrin, T
(2020) https://eprint.iacr.org/2020/014.pdf
Security
========
* ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa"
(RSA/SHA1) algorithm from those accepted for certificate signatures
(i.e. the client and server CASignatureAlgorithms option) and will
use the rsa-sha2-512 signature algorithm by default when the
ssh-keygen(1) CA signs new certificates.
Certificates are at special risk to the aforementioned SHA1
collision vulnerability as an attacker has effectively unlimited
time in which to craft a collision that yields them a valid
certificate, far more than the relatively brief LoginGraceTime
window that they have to forge a host key signature.
The OpenSSH certificate format includes a CA-specified (typically
random) nonce value near the start of the certificate that should
make exploitation of chosen-prefix collisions in this context
challenging, as the attacker does not have full control over the
prefix that actually gets signed. Nonetheless, SHA1 is now a
demonstrably broken algorithm and futher improvements in attacks
are highly likely.
OpenSSH releases prior to 7.2 do not support the newer RSA/SHA2
algorithms and will refuse to accept certificates signed by an
OpenSSH 8.2+ CA using RSA keys unless the unsafe algorithm is
explicitly selected during signing ("ssh-keygen -t ssh-rsa").
Older clients/servers may use another CA key type such as
ssh-ed25519 (supported since OpenSSH 6.5) or one of the
ecdsa-sha2-nistp256/384/521 types (supported since OpenSSH 5.7)
instead if they cannot be upgraded.
Potentially-incompatible changes
================================
This release includes a number of changes that may affect existing
configurations:
* ssh(1), sshd(8): the above removal of "ssh-rsa" from the accepted
CASignatureAlgorithms list.
* ssh(1), sshd(8): this release removes diffie-hellman-group14-sha1
from the default key exchange proposal for both the client and
server.
* ssh-keygen(1): the command-line options related to the generation
and screening of safe prime numbers used by the
diffie-hellman-group-exchange-* key exchange algorithms have
changed. Most options have been folded under the -O flag.
* sshd(8): the sshd listener process title visible to ps(1) has
changed to include information about the number of connections that
are currently attempting authentication and the limits configured
by MaxStartups.
* ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F
support to provide address-space isolation for token middleware
libraries (including the internal one). It needs to be installed
in the expected path, typically under /usr/libexec or similar.
Changes since OpenSSH 8.1
=========================
This release contains some significant new features.
FIDO/U2F Support
----------------
This release adds support for FIDO/U2F hardware authenticators to
OpenSSH. U2F/FIDO are open standards for inexpensive two-factor
authentication hardware that are widely used for website
authentication. In OpenSSH FIDO devices are supported by new public
key types "ecdsa-sk" and "ed25519-sk", along with corresponding
certificate types.
ssh-keygen(1) may be used to generate a FIDO token-backed key, after
which they may be used much like any other key type supported by
OpenSSH, so long as the hardware token is attached when the keys are
used. FIDO tokens also generally require the user explicitly authorise
operations by touching or tapping them.
Generating a FIDO key requires the token be attached, and will usually
require the user tap the token to confirm the operation:
$ ssh-keygen -t ecdsa-sk -f ~/.ssh/id_ecdsa_sk
Generating public/private ecdsa-sk key pair.
You may need to touch your security key to authorize key generation.
Enter file in which to save the key (/home/djm/.ssh/id_ecdsa_sk):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/djm/.ssh/id_ecdsa_sk
Your public key has been saved in /home/djm/.ssh/id_ecdsa_sk.pub
This will yield a public and private key-pair. The private key file
should be useless to an attacker who does not have access to the
physical token. After generation, this key may be used like any other
supported key in OpenSSH and may be listed in authorized_keys, added
to ssh-agent(1), etc. The only additional stipulation is that the FIDO
token that the key belongs to must be attached when the key is used.
FIDO tokens are most commonly connected via USB but may be attached
via other means such as Bluetooth or NFC. In OpenSSH, communication
with the token is managed via a middleware library, specified by the
SecurityKeyProvider directive in ssh/sshd_config(5) or the
$SSH_SK_PROVIDER environment variable for ssh-keygen(1) and
ssh-add(1). The API for this middleware is documented in the sk-api.h
and PROTOCOL.u2f files in the source distribution.
OpenSSH includes a middleware ("SecurityKeyProvider=internal") with
support for USB tokens. It is automatically enabled in OpenBSD and may
be enabled in portable OpenSSH via the configure flag
--with-security-key-builtin. If the internal middleware is enabled
then it is automatically used by default. This internal middleware
requires that libfido2 (https://github.com/Yubico/libfido2) and its
dependencies be installed. We recommend that packagers of portable
OpenSSH enable the built-in middleware, as it provides the
lowest-friction experience for users.
Note: FIDO/U2F tokens are required to implement the ECDSA-P256
"ecdsa-sk" key type, but hardware support for Ed25519 "ed25519-sk" is
less common. Similarly, not all hardware tokens support some of the
optional features such as resident keys.
The protocol-level changes to support FIDO/U2F keys in SSH are
documented in the PROTOCOL.u2f file in the OpenSSH source
distribution.
There are a number of supporting changes to this feature:
* ssh-keygen(1): add a "no-touch-required" option when generating
FIDO-hosted keys, that disables their default behaviour of
requiring a physical touch/tap on the token during authentication.
Note: not all tokens support disabling the touch requirement.
* sshd(8): add a sshd_config PubkeyAuthOptions directive that
collects miscellaneous public key authentication-related options
for sshd(8). At present it supports only a single option
"no-touch-required". This causes sshd to skip its default check for
FIDO/U2F keys that the signature was authorised by a touch or press
event on the token hardware.
* ssh(1), sshd(8), ssh-keygen(1): add a "no-touch-required" option
for authorized_keys and a similar extension for certificates. This
option disables the default requirement that FIDO key signatures
attest that the user touched their key to authorize them, mirroring
the similar PubkeyAuthOptions sshd_config option.
* ssh-keygen(1): add support for the writing the FIDO attestation
information that is returned when new keys are generated via the
"-O write-attestation=/path" option. FIDO attestation certificates
may be used to verify that a FIDO key is hosted in trusted
hardware. OpenSSH does not currently make use of this information,
beyond optionally writing it to disk.
FIDO2 resident keys
-------------------
FIDO/U2F OpenSSH keys consist of two parts: a "key handle" part stored
in the private key file on disk, and a per-device private key that is
unique to each FIDO/U2F token and that cannot be exported from the
token hardware. These are combined by the hardware at authentication
time to derive the real key that is used to sign authentication
challenges.
For tokens that are required to move between computers, it can be
cumbersome to have to move the private key file first. To avoid this
requirement, tokens implementing the newer FIDO2 standard support
"resident keys", where it is possible to effectively retrieve the key
handle part of the key from the hardware.
OpenSSH supports this feature, allowing resident keys to be generated
using the ssh-keygen(1) "-O resident" flag. This will produce a
public/private key pair as usual, but it will be possible to retrieve
the private key part from the token later. This may be done using
"ssh-keygen -K", which will download all available resident keys from
the tokens attached to the host and write public/private key files
for them. It is also possible to download and add resident keys
directly to ssh-agent(1) without writing files to the file-system
using "ssh-add -K".
Resident keys are indexed on the token by the application string and
user ID. By default, OpenSSH uses an application string of "ssh:" and
an empty user ID. If multiple resident keys on a single token are
desired then it may be necessary to override one or both of these
defaults using the ssh-keygen(1) "-O application=" or "-O user="
options. Note: OpenSSH will only download and use resident keys whose
application string begins with "ssh:"
Storing both parts of a key on a FIDO token increases the likelihood
of an attacker being able to use a stolen token device. For this
reason, tokens should enforce PIN authentication before allowing
download of keys, and users should set a PIN on their tokens before
creating any resident keys.
Other New Features
------------------
* sshd(8): add an Include sshd_config keyword that allows including
additional configuration files via glob(3) patterns. bz2468
* ssh(1)/sshd(8): make the LE (low effort) DSCP code point available
via the IPQoS directive; bz2986,
* ssh(1): when AddKeysToAgent=yes is set and the key contains no
comment, add the key to the agent with the key's path as the
comment. bz2564
* ssh-keygen(1), ssh-agent(1): expose PKCS#11 key labels and X.509
subjects as key comments, rather than simply listing the PKCS#11
provider library path. PR138
* ssh-keygen(1): allow PEM export of DSA and ECDSA keys; bz3091
* ssh(1), sshd(8): make zlib compile-time optional, available via the
Makefile.inc ZLIB flag on OpenBSD or via the --with-zlib configure
option for OpenSSH portable.
* sshd(8): when clients get denied by MaxStartups, send a
notification prior to the SSH2 protocol banner according to
RFC4253 section 4.2.
* ssh(1), ssh-agent(1): when invoking the $SSH_ASKPASS prompt
program, pass a hint to the program to describe the type of
desired prompt. The possible values are "confirm" (indicating
that a yes/no confirmation dialog with no text entry should be
shown), "none" (to indicate an informational message only), or
blank for the original ssh-askpass behaviour of requesting a
password/phrase.
* ssh(1): allow forwarding a different agent socket to the path
specified by $SSH_AUTH_SOCK, by extending the existing ForwardAgent
option to accepting an explicit path or the name of an environment
variable in addition to yes/no.
* ssh-keygen(1): add a new signature operations "find-principals" to
look up the principal associated with a signature from an allowed-
signers file.
* sshd(8): expose the number of currently-authenticating connections
along with the MaxStartups limit in the process title visible to
"ps".
Bugfixes
--------
* sshd(8): make ClientAliveCountMax=0 have sensible semantics: it
will now disable connection killing entirely rather than the
current behaviour of instantly killing the connection after the
first liveness test regardless of success. bz2627
* sshd(8): clarify order of AllowUsers / DenyUsers vs AllowGroups /
DenyGroups in the sshd(8) manual page. bz1690
* sshd(8): better describe HashKnownHosts in the manual page. bz2560
* sshd(8): clarify that that permitopen=/PermitOpen do no name or
address translation in the manual page. bz3099
* sshd(8): allow the UpdateHostKeys feature to function when
multiple known_hosts files are in use. When updating host keys,
ssh will now search subsequent known_hosts files, but will add
updated host keys to the first specified file only. bz2738
* All: replace all calls to signal(2) with a wrapper around
sigaction(2). This wrapper blocks all other signals during the
handler preventing races between handlers, and sets SA_RESTART
which should reduce the potential for short read/write operations.
* sftp(1): fix a race condition in the SIGCHILD handler that could
turn in to a kill(-1); bz3084
* sshd(8): fix a case where valid (but extremely large) SSH channel
IDs were being incorrectly rejected. bz3098
* ssh(1): when checking host key fingerprints as answers to new
hostkey prompts, ignore whitespace surrounding the fingerprint
itself.
* All: wait for file descriptors to be readable or writeable during
non-blocking connect, not just readable. Prevents a timeout when
the server doesn't immediately send a banner (e.g. multiplexers
like sslh)
* sshd_config(5): document the sntrup4591761x25519-sha512@tinyssh.org
key exchange algorithm. PR#151
Portability
-----------
* sshd(8): multiple adjustments to the Linux seccomp sandbox:
- Non-fatally deny IPC syscalls in sandbox
- Allow clock_gettime64() in sandbox (MIPS / glibc >= 2.31)
- Allow clock_nanosleep_time64 in sandbox (ARM) bz3100
- Allow clock_nanosleep() in sandbox (recent glibc) bz3093
* Explicit check for memmem declaration and fix up declaration if the
system headers lack it. bz3102
OpenSSH 8.1 was released on 2019-10-09. It is available from the
mirrors listed at https://www.openssh.com/.
OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support.
Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested snapshots or donated to the
project. More information on donations may be found at:
http://www.openssh.com/donations.html
Security
========
* ssh(1), sshd(8), ssh-add(1), ssh-keygen(1): an exploitable integer
overflow bug was found in the private key parsing code for the XMSS
key type. This key type is still experimental and support for it is
not compiled by default. No user-facing autoconf option exists in
portable OpenSSH to enable it. This bug was found by Adam Zabrocki
and reported via SecuriTeam's SSD program.
* ssh(1), sshd(8), ssh-agent(1): add protection for private keys at
rest in RAM against speculation and memory side-channel attacks like
Spectre, Meltdown and Rambleed. This release encrypts private keys
when they are not in use with a symmetric key that is derived from a
relatively large "prekey" consisting of random data (currently 16KB).
Potentially-incompatible changes
================================
This release includes a number of changes that may affect existing
configurations:
* ssh-keygen(1): when acting as a CA and signing certificates with
an RSA key, default to using the rsa-sha2-512 signature algorithm.
Certificates signed by RSA keys will therefore be incompatible
with OpenSSH versions prior to 7.2 unless the default is
overridden (using "ssh-keygen -t ssh-rsa -s ...").
Changes since OpenSSH 8.0
=========================
This release is focused on bug-fixing.
New Features
------------
* ssh(1): Allow %n to be expanded in ProxyCommand strings
* ssh(1), sshd(8): Allow prepending a list of algorithms to the
default set by starting the list with the '^' character, E.g.
"HostKeyAlgorithms ^ssh-ed25519"
* ssh-keygen(1): add an experimental lightweight signature and
verification ability. Signatures may be made using regular ssh keys
held on disk or stored in a ssh-agent and verified against an
authorized_keys-like list of allowed keys. Signatures embed a
namespace that prevents confusion and attacks between different
usage domains (e.g. files vs email).
* ssh-keygen(1): print key comment when extracting public key from a
private key. bz#3052
* ssh-keygen(1): accept the verbose flag when searching for host keys
in known hosts (i.e. "ssh-keygen -vF host") to print the matching
host's random-art signature too. bz#3003
* All: support PKCS8 as an optional format for storage of private
keys to disk. The OpenSSH native key format remains the default,
but PKCS8 is a superior format to PEM if interoperability with
non-OpenSSH software is required, as it may use a less insecure
key derivation function than PEM's.
Bugfixes
--------
* ssh(1): if a PKCS#11 token returns no keys then try to login and
refetch them. Based on patch from Jakub Jelen; bz#2430
* ssh(1): produce a useful error message if the user's shell is set
incorrectly during "match exec" processing. bz#2791
* sftp(1): allow the maximum uint32 value for the argument passed
to -b which allows better error messages from later validation.
bz#3050
* ssh(1): avoid pledge sandbox violations in some combinations of
remote forwarding, connection multiplexing and ControlMaster.
* ssh-keyscan(1): include SHA2-variant RSA key algorithms in KEX
proposal; allows ssh-keyscan to harvest keys from servers that
disable old SHA1 ssh-rsa. bz#3029
* sftp(1): print explicit "not modified" message if a file was
requested for resumed download but was considered already complete.
bz#2978
* sftp(1): fix a typo and make <esc><right> move right to the
closest end of a word just like <esc><left> moves left to the
closest beginning of a word.
* sshd(8): cap the number of permitopen/permitlisten directives
allowed to appear on a single authorized_keys line.
* All: fix a number of memory leaks (one-off or on exit paths).
* Regression tests: a number of fixes and improvements, including
fixes to the interop tests, adding the ability to run most tests
on builds that disable OpenSSL support, better support for running
tests under Valgrind and a number of bug-fixes.
* ssh(1), sshd(8): check for convtime() refusing to accept times that
resolve to LONG_MAX Reported by Kirk Wolf bz2977
* ssh(1): slightly more instructive error message when the user
specifies multiple -J options on the command-line. bz3015
* ssh-agent(1): process agent requests for RSA certificate private
keys using correct signature algorithm when requested. bz3016
* sftp(1): check for user@host when parsing sftp target. This
allows user@[1.2.3.4] to work without a path. bz#2999
* sshd(8): enlarge format buffer size for certificate serial
number so the log message can record any 64-bit integer without
truncation. bz#3012
* sshd(8): for PermitOpen violations add the remote host and port to
be able to more easily ascertain the source of the request. Add the
same logging for PermitListen violations which where not previously
logged at all.
* scp(1), sftp(1): use the correct POSIX format style for left
justification for the transfer progress meter. bz#3002
* sshd(8) when examining a configuration using sshd -T, assume any
attribute not provided by -C does not match, which allows it to work
when sshd_config contains a Match directive with or without -C.
bz#2858
* ssh(1), ssh-keygen(1): downgrade PKCS#11 "provider returned no
slots" warning from log level error to debug. This is common when
attempting to enumerate keys on smartcard readers with no cards
plugged in. bz#3058
* ssh(1), ssh-keygen(1): do not unconditionally log in to PKCS#11
tokens. Avoids spurious PIN prompts for keys not selected for
authentication in ssh(1) and when listing public keys available in
a token using ssh-keygen(1). bz#3006
Portability
-----------
* ssh(1): fix SIGWINCH delivery of Solaris for multiplexed sessions
bz#3030
* ssh(1), sshd(8): fix typo that prevented detection of Linux VRF
* sshd(8): add no-op implementation of pam_putenv to avoid build
breakage on platforms where the PAM implementation lacks this
function (e.g. HP-UX). bz#3008
* sftp-server(8): fix Solaris privilege sandbox from preventing
the legacy sftp rename operation from working (was refusing to
allow hard links to files owned by other users). bz#3036
* All: add a proc_pidinfo()-based closefrom() for OS X to avoid
the need to brute-force close all high-numbered file descriptors.
bz#3049
* sshd(8): in the Linux seccomp-bpf sandbox, allow mprotect(2) with
PROT_(READ|WRITE|NONE) only. This syscall is used by some hardened
heap allocators. Github PR#142
* sshd(8): in the Linux seccomp-bpf sandbox, allow the s390-specific
ioctl for ECC hardware support.
* All: use "doc" man page format if the mandoc(1) tool is present on
the system. Previously configure would not select the "doc" man
page format if mandoc was present but nroff was not.
* sshd(8): don't install duplicate STREAMS modules on Solaris; check
if STREAMS modules are already installed on a pty before installing
since when compiling with XPG>=4 they will likely be installed
already. Prevents hangs and duplicate lines on the terminal.
bz#2945 and bz#2998,
I believe this makes this package somewhat usable again, as it seems to require
Python 2.7 in order to work. At the moment "sshfp -s hostname" works. The new
dane(1) utility requires additional dependencies to work, which are not in
pkgsrc yet. I have imported a new Python package required for sshfp(1) though.
v1.2.2:
- Fix -4 / -6 flags [Chris]
- Throw errors on stderr to improve pipe usage [Ludwig Nusse]
- openSUSE package information on import error [Ludwig Nusse]
- Fix nameserver by IP address (ldns workaround [Chris]
- Fix case where AAAA is found but no IPv6 is available [Paul]
v1.2.1:
- Fix copyright information to clearly make it is all GPLv2+ [Paul]
v1.2.0:
- dane : Added the dane command (See IETF DANE working group) [Paul]
- sshfp: Fix quiet for external commands [James Brown]
- sshfp: Merged in subprocess changes [James Brown]
- sshfp: Use optparse, some code refactoring [James Brown]
- sshfp: Added -U UDP option [James Brown]
- sshfp: Rename of some functions [James Brown]
- sshfp: doclifted man page, generate when needed using xmlto [Paul]
v1.1.6:
- Fix quiet for external commands [James Brown]
- Merged in subprocess changes [James Brown]
- Use optparse, some code refactoring [James Brown]
- Added -U UDP option [James Brown]
- Rename of some functions [James Brown]
- doclifted man page, generate when needed using xmlto [Paul]
v1.1.5
- Fixes for https://bugs.launchpad.net/ubuntu/+source/sshfp/+bug/355886
- Fix for sha Deprecation warning [Martin Jackson]
- Fix for use of os.popen3 [Martin Jackson]
- Sync debian/ with Debian (thanks)
- Various small pylint fixes [Simon Deziel]
v1.1.4
- Fixes to man page [Maximiliano Curia]
- Fixes to Makefile for Debian [Maximiliano Curia]
Required before testing PKGPATH, though the use of various PKGPATH tests
across the courier packages are pretty terrible and should be re-thought.
Fixes bulk builds.
Adding --libdir seems innocuous enough, but due to OpenSSL's crazy complicated
build system actually results in LIBDIR becoming unset, which trickles down to
the Darwin -install_name being wrong. This broke the 'openssl' command and
thus many many dependencies.
Switch to $(libdir) instead which appears to still be set correctly.
Nettle 3.6:
This release adds a couple of new features, most notable being
support for ED448 signatures.
It is not binary compatible with earlier releases. The shared
library names are libnettle.so.8.0 and libhogweed.so.6.0, with
sonames nibnettle.so.8 and libhogweed.so.6. The changed
sonames are mainly to avoid upgrade problems with recent
GnuTLS versions, that depend on Nettle internals outside of
the advertised ABI. But also because of the removal of
internal poly1305 functions which were undocumented but
declared in an installed header file, see Interface changes
below.
New features:
* Support for Curve448 and ED448 signatures. Contributed by
Daiki Ueno.
* Support for SHAKE256 (SHA3 variant with arbitrary output
size). Contributed by Daiki Ueno.
* Support for SIV-CMAC (Synthetic Initialization Vector) mode,
contributed by Nikos Mavrogiannopoulos.
* Support for CMAC64, contributed by Dmitry Baryshkov.
* Support for the "CryptoPro" variant of the GOST hash
function, as gosthash94cp. Contributed by Dmitry Baryshkov.
* Support for GOST DSA signatures, including GOST curves
gc256b and gc512a. Contributed by Dmitry Baryshkov.
* Support for Intel CET in x86 and x86_64 assembly files, if
enabled via CFLAGS (gcc --fcf-protection=full). Contributed
by H.J. Lu and Simo Sorce.
* A few new functions to improve support for the Chacha
variant with 96-bit nonce and 32-bit block counter (the
existing functions use nonce and counter of 64-bit each),
and functions to set the counter. Contributed by Daiki Ueno.
* New interface, struct nettle_mac, for MAC (message
authentication code) algorithms. This abstraction is only
for MACs that don't require a per-message nonce. For HMAC,
the key size is fixed, and equal the digest size of the
underlying hash function.
Bug fixes:
* Fix bug in cfb8_decrypt. Previously, the IV was not updated
correctly in the case of input data shorter than the block
size. Reported by Stephan Mueller, fixed by Daiki Ueno.
* Fix configure check for __builtin_bswap64, the incorrect
check would result in link errors on platforms missing this
function. Patch contributed by George Koehler.
* All use of old-fashioned suffix rules in the Makefiles have
been replaced with %-pattern rules. Nettle's use of suffix
rules in earlier versions depended on undocumented GNU make
behavior, which is being deprecated in GNU make 4.3.
Building with other make programs than GNU make is untested
and unsupported. (Building with BSD make or Solaris make
used to work years ago, but has not been tested recently).
Interface changes:
* Declarations of internal poly1305.h functions have been
removed from the header file poly1305.h, to make it clear
that they are not part of the advertised API or ABI.
Miscellaneous:
* Building the public key support of nettle now requires GMP
version 6.1.0 or later (unless --enable-mini-gmp is used).
* A fair amount of changes to ECC internals, with a few
deleted and a few new fields in the internal struct
ecc_curve. Files and functions have been renamed to more
consistently match the curve name, e.g., ecc-256.c has been
renamed to ecc-secp256r1.c.
* Documentation for chacha-poly1305 updated. It is no longer
experimental. The implementation was updated to follow RFC
8439 in Nettle-3.1, but that was not documented or announced
at the time.
k5start, when run with the -K option to run as a daemon, no longer exits if
the initial authentication fails (unless -x was given). Instead, it reports
the error to standard error and then continues to run, attempting authentication
every minute as if authentication had failed after it had started.
For both k5start with a command or -K and no -x flag, and krenew with the -i
flag, repeatedly retry the initial authentication. The first retry will be
immediate, and then the commands will keep trying with exponential backoff to
one minute intervals, and then continuously at one minute intervals until the
command is killed or authentication succeeds. k5start and krenew will no longer
start any other command until the initial authentication succeeds, fixing
startup behavior when running a command that must have valid Kerberos tickets
immediately on start.
Clean up the temporary ticket cache on k5start failure if -o, -g, or -m were
given.
The -H flag to k5start or krenew may now be used in conjunction with -K and
controls whether the ticket is renewed when the command wakes up. Normally,
the ticket will be renewed if it will expire sooner than two minutes after the
next time the command will wake up. If -H is specified, its value replaces the
default value of two minutes.
Add a new -a option to both k5start and krenew that, when used with -K, tells
those programs to refresh tickets every time they wake up. This is useful with
-t to ensure that the AFS token renewal program is always run, even if something
else renews the ticket cache before k5start or krenew wake up. It also provides
more predictable ticket refresh behavior. This probably should have been the
default with -K from the beginning, but the default wasn't changed to keep
backward compatibility. Consider always using -a with -K.
Fix k5start and krenew to not incorrectly reject the -b flag in conjunction
with -K or a command.
this unexpectedly increased the major version of a shared object.
not sure if anything in pkgsrc actually uses that shared object, but
being safe (and leot requested this (:)
These packages are susceptible to bugs when confronted with non-ASCII
characters.
See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94182.
It takes some time to analyze and fix these individually, therefore they
are only marked as "needs work".
v21.2.1
-------
* Restored lenience on startup when entry point
metadata is missing.
* Avoid RecursionError when initializing backends
when a limit is supplied.
v21.2.0
-------
* Chainer now deterministically resolves at a lower
priority than the Fail keyring (when there are no backends
to chain).
* Fail keyring now raises a ``NoKeyringError`` for
easier selectability.
* Keyring now logs at DEBUG rather than INFO during
backend startup.
v21.1.1
-------
* Refreshed package metadata.
v21.1.0
-------
* In SecretService backend, close connections after
using them.
v21.0.0
-------
* Require Python 3.6 or later.
v20.0.1
-------
* Fix TypeError when backend fails to initialize.
v20.0.0
-------
* Extracted ``keyring.testing`` package to contain supporting
functionality for plugin backends. ``keyring.tests`` has been
removed from the package.
v19.3.0
-------
* Switch to `importlib.metadata
<https://docs.python.org/3/library/importlib.metadata.html>`_
for loading entry points. Removes one dependency on Python 3.8.
* Added new ``KeyringBackend.set_properties_from_env``.
* Add support for alternate persistence scopes for Windows
backend. Set ``.persist`` to "local machine" or "session"
to enable the alternate scopes or "enterprise" to use the
default scope.
* Improve import times when a backend is specifically
configured by lazily calling ``get_all_keyring``.
