Age | Commit message (Collapse) | Author | Files | Lines |
|
security/tor-browser: bugfix
Revisions pulled up:
- security/tor-browser/Makefile 1.98
- security/tor-browser/PLIST 1.17
- security/tor-browser/distinfo 1.45
---
Module Name: pkgsrc
Committed By: wiz
Date: Thu Oct 7 12:17:10 UTC 2021
Modified Files:
pkgsrc/security/tor-browser: Makefile PLIST distinfo
Log Message:
tor-browser: update to 10.5.8.
Update Firefox to 78.15.0esr
Bug 40049: Add banner for VPN survey to about:tor
Bug 40363: Change bsaes git url
|
|
Changes:
One year of development, details at
https://www.openssh.com/releasenotes.html
|
|
* Version 1.1.1 (released 2021-05-19)
** Fix an issue where PIN authentication could be bypassed (CVE-2021-31924).
** Fix an issue with nodetect and non-resident credentials.
** Fix build issues with musl libc.
** Add support for self-attestation in pamu2fcfg.
** Fix minor bugs found by fuzzing.
|
|
|
|
0.1.28 (2021-02-11)
* Land #28, Update for ruby 3 support
|
|
0.1.8 (2020-11-30)
* Land #6, Update gemspec
|
|
0.1.6 (2020-11-30)
* Land #3, Update gemspec
|
|
* Land #11, Remove tainted calls
|
|
0.1.91 (2021-04-23)
* Land #30, Implement the rc4 wrapper
0.1.92 (2021-07-09)
* Land #31, add method to obfuscate string literals
* Land #32, fix unit tests
0.1.93 (2021-07-19)
* Land #33, Add github actions for tests
* Land #35, Add W^X powershell payload templates
|
|
0.1.30 (2021-03-25)
* Land #31, Consistently return nil as the failure indicator
0.1.31 (2021-08-05)
* Land #37, Honor the SSLVersion for server sockets
0.1.32 (2021-08-05)
* Land #36, Use getsockname to get the real local info
0.1.33 (2021-08-05)
* Land #35, Fix Default IPv6 LocalHost
|
|
0.1.6 (2020-11-30)
* Land #4, Update gemspec
0.1.7 (2021-07-19)
* Merge pull request #5 from sjanusz-r7/add-github-action-tests;
Add Github action tests
0.1.8 (2021-07-20)
* Land #6, Add language option to generator
|
|
0.2.35 (2021-04-08)
* Land #41, Add rand_password method to Rex::Text
0.2.36 (2021-07-01)
* Land #30, Fix for vbapplication payload generation
0.2.37 (2021-08-13)
* Land #24, Implement Rex::Text random function name generator
|
|
2.0.55 (2021-09-14)
* Land #499, Add support for updating terminal size dynamically
|
|
pkgsrc change: depends on rails60 or rails61. It should be changed from
4.0.2.
4.0.3 (2021-09-16)
* Update Ubuntu version & Ruby Setup action
|
|
pkgsrc change: depends on rails60 or rails61. It should be changed from
4.0.2.
4.0.4 (2021-09-16)
* Update Ubuntu version & Ruby Setup action
|
|
4.1.4 (2021-09-09)
Merged Pull Requests
* added back the begin and end #380 (nikhil2611)
4.1.3 (2021-09-07)
Merged Pull Requests
* Upgrade to GitHub-native Dependabot #371 (dependabot-preview[bot])
* fix-verify-pipeline #377 (jayashrig158)
* Replaced exception with the warnings and removed related failing
specs(used earlier for raising issue) #367 (sanga1794)
|
|
valuable insight, and still unfortunately the case.
No functional change.
|
|
|
|
Release 2.7.2
* Fixed a regression related to server host key selection when attempting
to use a leading '+' to add algorithms to the front of the default list.
* Fixed logging to properly handle SFTPName objects with string filenames.
* Fixed SSH_EXT_INFO to only be sent after the first key exchange.
|
|
Certbot 1.19.0
Added
The certbot-dns-rfc2136 plugin always assumed the use of an IP address as the
target server, but this was never checked. Until now. The plugin raises an error
if the configured target server is not a valid IPv4 or IPv6 address.
Our acme library now supports requesting certificates for IP addresses.
This feature is still unsupported by Certbot and Let's Encrypt.
Changed
Several attributes in certbot.display.util module are deprecated and will
be removed in a future release of Certbot. Any import of these attributes will
emit a warning to prepare the transition for developers.
zope based interfaces in certbot.interfaces module are deprecated and will
be removed in a future release of Certbot. Any import of these interfaces will
emit a warning to prepare the transition for developers.
We removed the dependency on chardet from our acme library. Except for when
downloading a certificate in an alternate format, our acme library now
assumes all server responses are UTF-8 encoded which is required by RFC 8555.
Fixed
Fixed parsing of Defined values in the Apache plugin to allow for = in the value.
Fixed a relatively harmless crash when issuing a certificate with --quiet/-q.
|
|
Update Firefox to 78.14.0esr
|
|
Release 2.7.1 (6 Sep 2021)
--------------------------
* Added an option to allow encrypted keys to be ignored when no passphrase
is set. This behavior previously happened by default when loading keys
from default locations, but now this option to load_keypairs() can be
specified when loading any set of keys.
* Changed loading of default keys to automatically skip key types which
aren't supported due to missing dependencies.
* Added the ability to specify "default" for server_host_key_algs, as
a way for a client to request that its full set of default algorithms
be advertised to the server, rather than just the algorithms matching
keys in the client's known hosts list. Thanks go to Manfred Kaiser
for suggesting this improvement.
* Added support for tilde-expansion in the config file "include"
directive. Thanks go to Zack Cerza for reporting this and suggesting
a fix.
* Improved interoperatbility of AsyncSSH SOCKS listener by sending a zero
address rather than an empty hostname in the SOCKS CONNECT response.
Thanks go to Github user juouy for reporting this and suggesting a fix.
* Fixed a couple of issues related to sending SSH_EXT_INFO messages.
* Fixed an issue with using SSHAcceptor as an async context manager.
Thanks go to Paulo Costa for reporing this.
* Fixed an issue where a tunnel wasn't always cleaned up properly when
creating a remote listener.
* Improved handling of connection drops, avoiding exceptions from being
raised in some cases when the transport is abruptly closed.
* Made AsyncSSH SFTP support more tolerant of file permission values with
undefined bits set. Thanks go to GitHub user ccwufu for reporting this.
* Added some missing key exchange algorithms in the AsyncSSH documentation.
Thanks go to Jeremy Norris for noticing and reporting this.
* Added support for running AsyncSSH unit tests on systems with OpenSSL
3.0 installed. Thanks go to Ken Dreyer for raising this issue and
pointing out the new OpenSSL "provider" support for legacy algorithms.
|
|
v1.0.0 is the first stable release of the Go CLI and API, twenty
months after the first beta.
|
|
Upstream changes:
2.072
- add PEM_certs2file and PEM_file2certs in IO::Socket::SSL::Utils based
on idea by rovo89 in #101
- certs/*.p12 used for testing should now work with OpenSSL 3.0 too #108
- update public suffix database
|
|
Upstream changes:
0.32 Wed Sep 8 2021
- Prefix internal bn2sv function so it doesn't collide with Net::SSLeay
- Ensure that verify() leaves openssl error stack clean on failure
- Fixed broken SEE ALSO links.
- prevent outer $SIG{__DIE__} handler from being called during optional require.
- omit done_testing since it does not work for older perl versions
|
|
1.6.6 (2021-09-05)
* Fix possible infinite loop.
* Use configured debug handler also in CLI.
* Support generating keys without a user name.
|
|
Upstream changes:
0.08 Wed Oct 21 2020
- Switch to XSLoader
0.07 Wed Oct 21 2020
- Rename the subroutine compress to not conflict with libz's symbol
- Update manifest and .gitignore
- Move modules to lib/
- drop use vars and Exporter
- Do not provide examples of indirect calls to the module.
|
|
Upstream changes:
0.073 2021-07-18
- fix #73 CPAN testers failure with Math::BigInt 1.99982
- fix #70 remove lto related hacks from Makefile.PL
- fix #72 drop optional prereqs JSON::XS + Cpanel::JSON::XS, use optionally only JSON
|
|
Added:
-Add a configuration file
-Support global locations for the configuration file
-Check GPG_TUI_CONFIG environment variable for config file
-Add manpage for the configuration file (gpg-tui.toml.5)
-Add :style command for changing styles
Changed:
-Rename the shell completions binary
-Use the correct name for completions binary
-Update the example shell completions command
-Bump dependencies
Fixed:
-Disable tests for the completions binary
-Build only the main binary in Dockerfile
-Update the build dependencies for the docker image
|
|
0.4.6
Bug Fixes
remove dependency on six
|
|
1.0.11 (2021-08-02)
From commit logs:
* Add brackets to linux proc names like ps does.
* Only wrap process names in brackets on linux.
* Use the entire process path.
* Use a preprocessor directive instead of strcasestr.
|
|
No release note is available. Please refer commit log
<https://github.com/rapid7/metasploit-payloads/compare/v2.0.47...v2.0.54>
in details.
|
|
libssh2 1.10
This release includes the following enhancements and bugfixes:
o adds agent forwarding support
o adds OpenSSH Agent support on Windows
o adds ECDSA key support using the Mbed TLS backend
o adds ECDSA cert authentication
o adds diffie-hellman-group14-sha256, diffie-hellman-group16-sha512,
diffie-hellman-group18-sha512 key exchanges
o adds support for PKIX key reading when using ed25519 with OpenSSL
o adds support for EWOULDBLOCK on VMS systems
o adds support for building with OpenSSL 3
o adds support for using FIPS mode in OpenSSL
o adds debug symbols when building with MSVC
o adds support for building on the 3DS
o adds unicode build support on Windows
o restores os400 building
o increases min, max and opt Diffie Hellman group values
o improves portiablity of the make file
o improves timeout behavior with 2FA keyboard auth
o various improvements to the Wincng backend
o fixes reading parital packet replies when using an agent
o fixes Diffie Hellman key exchange on Windows 1903+ builds
o fixes building tests with older versions of OpenSSL
o fixes possible multiple definition warnings
o fixes potential cast issues _libssh2_ecdsa_key_get_curve_type()
o fixes potential use after free if libssh2_init() is called twice
o improved linking when using Mbed TLS
o fixes call to libssh2_crypto_exit() if crypto hasn't been initialized
o fixes crash when loading public keys with no id
o fixes possible out of bounds read when exchanging keys
o fixes possible out of bounds read when reading packets
o fixes possible out of bounds read when opening an X11 connection
o fixes possible out of bounds read when ecdh host keys
o fixes possible hang when trying to read a disconnected socket
o fixes a crash when using the delayed compression option
o fixes read error with large known host entries
o fixes various warnings
o fixes various small memory leaks
o improved error handling, various detailed errors will now be reported
o builds are now using OSS-Fuzz
o builds now use autoreconf instead of a custom build script
o cmake now respects install directory
o improved CI backend
o updated HACKING-CRYPTO documentation
o use markdown file extensions
o improved unit tests
|
|
1.4.36 - 30 August 2021, Ludovic Rousseau
- Add support of
- Lenovo Lenovo Smartcard Wired Keyboard II
- REINER SCT tanJack USB
- SafeNet eToken 5110+ FIPS
- SafeNet eToken 5300 C
- jSolutions s.r.o. Multi SIM card reader 4/8
- parse: fix check when bNumDataRatesSupported = 0
|
|
version 0.9.6 (released 2021-08-26)
* CVE-2021-3634: Fix possible heap-buffer overflow when rekeying with
different key exchange mechanism
* Fix several memory leaks on error paths
* Reset pending_call_state on disconnect
* Fix handshake bug with AEAD ciphers and no HMAC overlap
* Use OPENSSL_CRYPTO_LIBRARIES in CMake
* Ignore request success and failure message if they are not expected
* Support more identity files in configuration
* Avoid setting compiler flags directly in CMake
* Support build directories with special characters
* Include stdlib.h to avoid crash in Windows
* Fix sftp_new_channel constructs an invalid object
* Fix Ninja multiple rules error
* Several tests fixes
|
|
Noteworthy changes in version 1.9.4 (2021-08-22) [C23/A3/R4]
------------------------------------------------
* Bug fixes:
- Fix Elgamal encryption for other implementations.
[#5328,CVE-2021-33560]
- Fix alignment problem on macOS. [#5440]
- Check the input length of the point in ECDH. [#5423]
- Fix an abort in gcry_pk_get_param for "Curve25519". [#5490]
* Other features:
- Add GCM and CCM to OID mapping table for AES. [a83fb13a3b]
|
|
0.9.0:
Unknown changes
|
|
Pkgsrc changes:
* Note that we need go >= 1.15.15.
Upstream changes:
26 August 2021
SECURITY:
* UI Secret Caching: The Vault UI erroneously cached and exposed
user-viewed secrets between authenticated sessions in a single
shared browser, if the browser window / tab was not refreshed or
closed between logout and a subsequent login. This vulnerability,
CVE-2021-38554, was fixed in Vault 1.8.0 and will be addressed in
pending 1.7.4 / 1.6.6 releases.
CHANGES:
* go: Update go version to 1.15.15 [GH-12423]
IMPROVEMENTS:
* db/cassandra: Added tls_server_name to specify server name for
TLS validation [GH-11820]
BUG FIXES:
* physical/raft: Fix safeio.Rename error when restoring snapshots
on windows [GH-12377]
* secret: fix the bug where transit encrypt batch doesn't work
with key_version [GH-11628]
* secrets/database: Fixed an issue that prevented external database
plugin processes from restarting after a shutdown. [GH-12087]
* ui: Automatically refresh the page when user logs out [GH-12035]
* ui: Fixes metrics page when read on counter config not allowed [GH-12348]
* ui: fix oidc login with Safari [GH-11884]
|
|
Should hopefully unbreak bulk builds.
|
|
Major changes in 1.18.4
Fix a denial of service attack against the KDC encrypted challenge code [CVE-2021-36222].
Fix a memory leak when gss_inquire_cred() is called without a credential handle.
|
|
|
|
Changes between 1.1.1k and 1.1.1l [24 Aug 2021]
*) Fixed an SM2 Decryption Buffer Overflow.
In order to decrypt SM2 encrypted data an application is expected to call the
API function EVP_PKEY_decrypt(). Typically an application will call this
function twice. The first time, on entry, the "out" parameter can be NULL and,
on exit, the "outlen" parameter is populated with the buffer size required to
hold the decrypted plaintext. The application can then allocate a sufficiently
sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL
value for the "out" parameter.
A bug in the implementation of the SM2 decryption code means that the
calculation of the buffer size required to hold the plaintext returned by the
first call to EVP_PKEY_decrypt() can be smaller than the actual size required by
the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is
called by the application a second time with a buffer that is too small.
A malicious attacker who is able present SM2 content for decryption to an
application could cause attacker chosen data to overflow the buffer by up to a
maximum of 62 bytes altering the contents of other data held after the
buffer, possibly changing application behaviour or causing the application to
crash. The location of the buffer is application dependent but is typically
heap allocated.
(CVE-2021-3711)
[Matt Caswell]
*) Fixed various read buffer overruns processing ASN.1 strings
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING
structure which contains a buffer holding the string data and a field holding
the buffer length. This contrasts with normal C strings which are repesented as
a buffer for the string data which is terminated with a NUL (0) byte.
Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's
own "d2i" functions (and other similar parsing functions) as well as any string
whose value has been set with the ASN1_STRING_set() function will additionally
NUL terminate the byte array in the ASN1_STRING structure.
However, it is possible for applications to directly construct valid ASN1_STRING
structures which do not NUL terminate the byte array by directly setting the
"data" and "length" fields in the ASN1_STRING array. This can also happen by
using the ASN1_STRING_set0() function.
Numerous OpenSSL functions that print ASN.1 data have been found to assume that
the ASN1_STRING byte array will be NUL terminated, even though this is not
guaranteed for strings that have been directly constructed. Where an application
requests an ASN.1 structure to be printed, and where that ASN.1 structure
contains ASN1_STRINGs that have been directly constructed by the application
without NUL terminating the "data" field, then a read buffer overrun can occur.
The same thing can also occur during name constraints processing of certificates
(for example if a certificate has been directly constructed by the application
instead of loading it via the OpenSSL parsing functions, and the certificate
contains non NUL terminated ASN1_STRING structures). It can also occur in the
X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions.
If a malicious actor can cause an application to directly construct an
ASN1_STRING and then process it through one of the affected OpenSSL functions
then this issue could be hit. This might result in a crash (causing a Denial of
Service attack). It could also result in the disclosure of private memory
contents (such as private keys, or sensitive plaintext).
(CVE-2021-3712)
[Matt Caswell]
|
|
This should fix the build on platforms that do not use GNU ld
such as MacOSX.
|
|
Added security/R-oskeyring version 0.1.1
Added security/R-gitgreds version 0.1.1
|
|
Query, set, delete credentials from the 'git' credential store. Manage
'GitHub' tokens and other 'git' credentials. This package is to be
used by other packages that need to authenticate to 'GitHub' and/or
other 'git' repositories.
|
|
Aims to support all features of the system credential store, including
non-portable ones. Supports 'Keychain' on 'macOS', and 'Credential
Manager' on 'Windows'. See the 'keyring' package if you need a
portable 'API'.
|
|
Release 4.1.1
CHANGELOG
* Support already valid authorizations
* Moved to Github Actions workflows for automated tests, started using Let's Encrypt pebble test server, increased test coverage to 100%
* Added test to ensure path traversal can't be exploited
* Started logging Account IDs for later reference
* Various README updates
|
|
Changelog:
Zerossl.com is set a default CA now: https://github.com/acmesh-official/acme.sh/wiki/Change-default-CA-to-ZeroSSL
SSL.com is supported now: https://github.com/acmesh-official/acme.sh/wiki/SSL.com-CA
Add more retry logic for unstable network connections.
More dns apis are aded.
Bug fixes.
|
|
Bug 40582: Tor Browser 10.5.2 tabs always crash on Fedora Xfce Rawhide
|
|
The library sets up a pthread_atfork() hook. If we let be unload, we
get a callback to stale memory.
|