Age | Commit message (Collapse) | Author | Files | Lines |
|
SECURITY:
- default Policy Privilege Escalation: If a parent token did not have
the default policy attached to its token, it could still create
children with the default policy. This is no longer allowed (unless
the parent has sudo capability for the creation path). In most cases
this is low severity since the access grants in the default policy are
meant to be access grants that are acceptable for all tokens to have.
- Leases Not Expired When Limited Use Token Runs Out of Uses: When
using limited-use tokens to create leased secrets, if the
limited-use token was revoked due to running out of uses (rather than
due to TTL expiration or explicit revocation) it would fail to revoke
the leased secrets. These secrets would still be revoked when their
TTL expired, limiting the severity of this issue. An endpoint has been
added (auth/token/tidy) that can perform housekeeping tasks on the
token store; one of its tasks can detect this situation and revoke the
associated leases.
FEATURES:
- Policy UI (Enterprise): Vault Enterprise UI now supports viewing,
creating, and editing policies.
IMPROVEMENTS:
- http: Vault now sets a no-store cache control header to make it more
secure in setups that are not end-to-end encrypted
BUG FIXES:
- auth/ldap: Don't panic if dialing returns an error and starttls is
enabled; instead, return the error
- ui (Enterprise): Submitting an unseal key now properly resets the
form so a browser refresh isn't required to continue.
0.6.3 (December 6, 2016)
DEPRECATIONS/CHANGES:
- Request size limitation: A maximum request size of 32MB is imposed
to prevent a denial of service attack with arbitrarily large
requests
- LDAP denies passwordless binds by default: In new LDAP mounts, or
when existing LDAP mounts are rewritten, passwordless binds will be
denied by default. The new deny_null_bind parameter can be set to
false to allow these.
- Any audit backend activated satisfies conditions: Previously, when a
new Vault node was taking over service in an HA cluster, all audit
backends were required to be loaded successfully to take over active
duty. This behavior now matches the behavior of the audit logging
system itself: at least one audit backend must successfully be loaded.
The server log contains an error when this occurs. This helps keep a
Vault HA cluster working when there is a misconfiguration on a standby
node.
FEATURES:
- Web UI (Enterprise): Vault Enterprise now contains a built-in web UI
that offers access to a number of features, including
init/unsealing/sealing, authentication via userpass or LDAP, and K/V
reading/writing. The capability set of the UI will be expanding
rapidly in further releases. To enable it, set ui = true in the top
level of Vault's configuration file and point a web browser at your
Vault address.
- Google Cloud Storage Physical Backend: You can now use GCS for
storing Vault data
IMPROVEMENTS:
- auth/github: Policies can now be assigned to users as well as to
teams
- cli: Set the number of retries on 500 down to 0 by default (no
retrying). It can be very confusing to users when there is a pause
while the retries happen if they haven't explicitly set it. With
request forwarding the need for this is lessened anyways.
- core: Response wrapping is now allowed to be specified by backend
responses (requires backends gaining support)
- physical/consul: When announcing service, use the scheme of the
Vault server rather than the Consul client
- secret/consul: Added listing functionality to roles
- secret/postgresql: Added revocation_sql parameter on the role
endpoint to enable customization of user revocation SQL statements
- secret/transit: Add listing of keys
BUG FIXES:
- api/unwrap, command/unwrap: Increase compatibility of unwrap command
with Vault 0.6.1 and older
- api/unwrap, command/unwrap: Fix error when no client token exists
- auth/approle: Creating the index for the role_id properly
- auth/aws-ec2: Handle the case of multiple upgrade attempts when
setting the instance-profile ARN
- auth/ldap: Avoid leaking connections on login
- command/path-help: Use the actual error generated by Vault rather
than always using 500 when there is a path help error
- command/ssh: Use temporary file for identity and ensure its deletion
before the command returns
- cli: Fix error printing values with -field if the values contained
formatting directives
- command/server: Don't say mlock is supported on OSX when it isn't.
- core: Fix bug where a failure to come up as active node (e.g. if an
audit backend failed) could lead to deadlock
- physical/mysql: Fix potential crash during setup due to a query
failure
- secret/consul: Fix panic on user error
|
|
- Updated for bglibs v2
|
|
|
|
|
|
0.4.8 - 11/12/2014
- Added more acknowledgements and security considerations
0.4.7 - 11/12/2014
- Added TLS 1.2 support (Yngve Pettersen and Paul Sokolovsky)
- Don't offer SSLv3 by default (e.g. POODLE)
- Fixed bug with PyCrypto_RSA integration
- Fixed harmless bug that added non-prime into sieves list
- Added "make test" and "make test-dev" targets (Hubert Kario)
0.4.5 - 3/20/2013
- **API CHANGE**: TLSClosedConnectionError instead of ValueError when writing
to a closed connection. This inherits from socket.error, so should
interact better with SocketServer (see http://bugs.python.org/issue14574)
and other things expecting a socket.error in this situation.
- Added support for RC4-MD5 ciphersuite (if enabled in settings)
- This is allegedly necessary to connect to some Internet servers.
- Added TLSConnection.unread() function
- Switched to New-style classes (inherit from 'object')
- Minor cleanups
0.4.4 - 2/25/2013
- Added Python 3 support (Martin von Loewis)
- Added NPN client support (Marcelo Fernandez)
- Switched to RC4 as preferred cipher
- faster in Python, avoids "Lucky 13" timing attacks
- Fixed bug when specifying ciphers for anon ciphersuites
- Made RSA hashAndVerify() tolerant of sigs w/o encoded NULL AlgorithmParam
- (this function is not used for TLS currently, and this tolerance may
not even be necessary)
0.4.3 - 9/27/2012
- Minor bugfix (0.4.2 doesn't load tackpy)
0.4.2 - 9/25/2012
- Updated TACK (compatible with tackpy 0.9.9)
0.4.1 - 5/22/2012
- Fixed RSA padding bugs (w/help from John Randolph)
- Updated TACK (compatible with tackpy 0.9.7)
- Added SNI
- Added NPN server support (Sam Rushing/Google)
- Added AnonDH (Dimitris Moraitis)
- Added X509CertChain.parsePemList
- Improved XML-RPC (Kees Bos)
0.4.0 - 2/11/2012
- Fixed pycrypto support
- Fixed python 2.6 problems
0.3.9.x - 2/7/2012
Much code cleanup, in particular decomposing the handshake functions so they
are readable. The main new feature is support for TACK, an experimental
authentication method that provides a new way to pin server certificates (See
https://github.com/moxie0/Convergence/wiki/TACK ).
Also:
- Security Fixes
- Sends SCSV ciphersuite as per RFC 5746, to signal non-renegotiated
Client Hello. Does not support renegotiation (never has).
- Change from e=3 to e=65537 for generated RSA keys, not strictly
necessary but mitigates risk of sloppy verifier.
- 1/(n-1) countermeasure for BEAST.
- Behavior changes:
- Split cmdline into tls.py and tlstest.py, improved options.
- Formalized LICENSE.
- Defaults to closing socket after sending close_notify, fixes hanging.
problem that would occur sometime when waiting for other party's
close_notify.
- Update SRP to RFC 5054 compliance.
- Removed client handshake "callbacks", no longer support the SRP
re-handshake idiom within a single handshake function.
- Bugfixes
- Added hashlib support, removes Deprecation Warning due to sha and md5.
- Handled GeneratorExit exceptions that are a new Python feature, and
interfere with the async code if not handled.
- Removed:
- Shared keys (it was based on an ancient I-D, not TLS-PSK).
- cryptlib support, it wasn't used much, we have enough other options.
- cryptoIDs (TACK is better).
- win32prng extension module, as os.urandom is now available.
- Twisted integration (unused?, slowed down loading).
- Jython code (ancient, didn't work).
- Compat support for python versions < 2.7.
- Additions
- Support for TACK via TACKpy.
- Support for CertificateRequest.certificate_authorities ("reqCAs")
- Added TLSConnection.shutdown() to better mimic socket.
- Enabled Session resumption for XMLRPCTransport.
|
|
|
|
|
|
Pointed out by kamil, thanks.
|
|
Pointed out by leot - thanks!
|
|
|
|
PyCryptodome is a self-contained Python package of low-level cryptographic
primitives.
It's also intended to be a drop-in replacement for py-crypto.
|
|
* Remove -ansi flag to be compatible with OCaml 4.04 (thanks Mark Shinwell, ).
* Use accessor functions for X509_STORE_CTX.
* Change CLIBS order to allow static linking.
|
|
|
|
For full changes, please refer ChangeLog file.
Future deprecation notice
=========================
We plan on retiring more legacy cryptography in future releases,
specifically:
* In approximately August 2017, removing remaining support for the
SSH v.1 protocol (client-only and currently compile-time disabled).
* In the same release, removing support for Blowfish and RC4 ciphers
and the RIPE-MD160 HMAC. (These are currently run-time disabled).
* Refusing all RSA keys smaller than 1024 bits (the current minimum
is 768 bits)
* The next release of OpenSSH will remove support for running sshd(8)
with privilege separation disabled.
* The next release of portable OpenSSH will remove support for
OpenSSL version prior to 1.0.1.
This list reflects our current intentions, but please check the final
release notes for future releases.
Potentially-incompatible changes
================================
This release includes a number of changes that may affect existing
configurations:
* This release removes server support for the SSH v.1 protocol.
* ssh(1): Remove 3des-cbc from the client's default proposal. 64-bit
block ciphers are not safe in 2016 and we don't want to wait until
attacks like SWEET32 are extended to SSH. As 3des-cbc was the
only mandatory cipher in the SSH RFCs, this may cause problems
connecting to older devices using the default configuration,
but it's highly likely that such devices already need explicit
configuration for key exchange and hostkey algorithms already
anyway.
* sshd(8): Remove support for pre-authentication compression.
Doing compression early in the protocol probably seemed reasonable
in the 1990s, but today it's clearly a bad idea in terms of both
cryptography (cf. multiple compression oracle attacks in TLS) and
attack surface. Pre-auth compression support has been disabled by
default for >10 years. Support remains in the client.
* ssh-agent will refuse to load PKCS#11 modules outside a whitelist
of trusted paths by default. The path whitelist may be specified
at run-time.
* sshd(8): When a forced-command appears in both a certificate and
an authorized keys/principals command= restriction, sshd will now
refuse to accept the certificate unless they are identical.
The previous (documented) behaviour of having the certificate
forced-command override the other could be a bit confusing and
error-prone.
* sshd(8): Remove the UseLogin configuration directive and support
for having /bin/login manage login sessions.
Changes since OpenSSH 7.3
=========================
This is primarily a bugfix release.
Security
--------
* ssh-agent(1): Will now refuse to load PKCS#11 modules from paths
outside a trusted whitelist (run-time configurable). Requests to
load modules could be passed via agent forwarding and an attacker
could attempt to load a hostile PKCS#11 module across the forwarded
agent channel: PKCS#11 modules are shared libraries, so this would
result in code execution on the system running the ssh-agent if the
attacker has control of the forwarded agent-socket (on the host
running the sshd server) and the ability to write to the filesystem
of the host running ssh-agent (usually the host running the ssh
client). Reported by Jann Horn of Project Zero.
* sshd(8): When privilege separation is disabled, forwarded Unix-
domain sockets would be created by sshd(8) with the privileges of
'root' instead of the authenticated user. This release refuses
Unix-domain socket forwarding when privilege separation is disabled
(Privilege separation has been enabled by default for 14 years).
Reported by Jann Horn of Project Zero.
* sshd(8): Avoid theoretical leak of host private key material to
privilege-separated child processes via realloc() when reading
keys. No such leak was observed in practice for normal-sized keys,
nor does a leak to the child processes directly expose key material
to unprivileged users. Reported by Jann Horn of Project Zero.
* sshd(8): The shared memory manager used by pre-authentication
compression support had a bounds checks that could be elided by
some optimising compilers. Additionally, this memory manager was
incorrectly accessible when pre-authentication compression was
disabled. This could potentially allow attacks against the
privileged monitor process from the sandboxed privilege-separation
process (a compromise of the latter would be required first).
This release removes support for pre-authentication compression
from sshd(8). Reported by Guido Vranken using the Stack unstable
optimisation identification tool (http://css.csail.mit.edu/stack/)
* sshd(8): Fix denial-of-service condition where an attacker who
sends multiple KEXINIT messages may consume up to 128MB per
connection. Reported by Shi Lei of Gear Team, Qihoo 360.
* sshd(8): Validate address ranges for AllowUser and DenyUsers
directives at configuration load time and refuse to accept invalid
ones. It was previously possible to specify invalid CIDR address
ranges (e.g. user@127.1.2.3/55) and these would always match,
possibly resulting in granting access where it was not intended.
Reported by Laurence Parry.
|
|
Noteworthy changes in version 1.26 (2016-12-21) [C21/A21/R0]
-----------------------------------------------
* New option --desc for gpg-error.
* Interface changes relative to the 1.25 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
GPG_ERR_UNKNOWN_FLAG NEW.
GPG_ERR_INV_ORDER NEW.
GPG_ERR_ALREADY_FETCHED NEW.
GPG_ERR_TRY_LATER NEW.
GPG_ERR_SYSTEM_BUG NEW.
GPG_ERR_DNS_UNKNOWN NEW.
GPG_ERR_DNS_SECTION NEW.
GPG_ERR_DNS_ADDRESS NEW.
GPG_ERR_DNS_NO_QUERY NEW.
GPG_ERR_DNS_NO_ANSWER NEW.
GPG_ERR_DNS_CLOSED NEW.
GPG_ERR_DNS_VERIFY NEW.
GPG_ERR_DNS_TIMEOUT NEW.
|
|
Noteworthy changes in version 1.7.5 (2016-12-15) [C21/A1/R5]
------------------------------------------------
* Bug fixes:
- Fix regression in mlock detection [bug#2870].
|
|
|
|
|
|
55, 56 and 70
|
|
|
|
2.040 2016/12/17
- fix detection of default CA path for OpenSSL 1.1.x
- Utils::CERT_asHash now includes the signature algorithm used
- Utils::CERT_asHash can now deal with large serial numbers
|
|
1.7.1 - 2016-12-13
~~~~~~~~~~~~~~~~~~
* Fixed a regression in ``int_from_bytes`` where it failed to accept
``bytearray``.
1.7 - 2016-12-12
~~~~~~~~~~~~~~~~
* Support for OpenSSL 1.0.0 has been removed. Users on older version of OpenSSL
will need to upgrade.
* Added support for Diffie-Hellman key exchange using
:meth:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKeyWithSerialization.exchange`
* The OS random engine for OpenSSL has been rewritten to improve compatibility
with embedded Python and other edge cases. More information about this change
can be found in the
`pull request <https://github.com/pyca/cryptography/pull/3229>`_.
|
|
* gpg: New algorithm for selecting the best ranked public key when
using a mail address with -r, -R, or --locate-key.
* gpg: New option --with-tofu-info to print a new "tfs" record in
colon formatted key listings.
* gpg: New option --compliance as an alternative way to specify
options like --rfc2440, --rfc4880, et al.
* gpg: Many changes to the TOFU implementation.
* gpg: Improve usability of --quick-gen-key.
* gpg: In --verbose mode print a diagnostic when a pinentry is
launched.
* gpg: Remove code which warns for old versions of gnome-keyring.
* gpg: New option --override-session-key-fd.
* gpg: Option --output does now work with --verify.
* gpgv: New option --output to allow saving the verified data.
* gpgv: New option --enable-special-filenames.
* agent, dirmngr: New --supervised mode for use by systemd and alike.
* agent: By default listen on all available sockets using standard
names.
* agent: Invoke scdaemon with --homedir.
* dirmngr: On Linux now detects the removal of its own socket and
terminates.
* scd: Support ECC key generation.
* scd: Support more card readers.
* dirmngr: New option --allow-version-check to download a software
version database in the background.
* dirmngr: Use system provided CAs if no --hkp-cacert is given.
* dirmngr: Use a default keyserver if none is explicitly set
* gpgconf: New command --query-swdb to check software versions
against an copy of an online database.
* gpgconf: Print the socket directory with --list-dirs.
* tools: The WKS tools now support draft version -02.
* tools: Always build gpg-wks-client and install under libexec.
* tools: New option --supported for gpg-wks-client.
* The log-file option now accepts a value "socket://" to log to the
socket named "S.log" in the standard socket directory.
* Provide fake pinentries for use by tests cases of downstream
developers.
* Fixed many bugs and regressions.
* Many changes and improvements for the test suite.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Many of these definitely do not depend on readline.
So there must be a different underlying problem, and that
should be tracked down instead of papering over it.
|
|
Noteworthy changes in version 1.7.4 (2016-12-09) [C21/A1/R4]
------------------------------------------------
* Performance:
- More ARMv8/AArch32 improvements for AES, GCM, SHA-256, and SHA-1.
- Add ARMv8/AArch32 assembly implementation for Twofish and
Camellia.
- Add bulk processing implementation for ARMv8/AArch32.
- Add Stribog OIDs.
- Improve the DRBG performance and sync the code with the Linux
version.
* Internal changes:
- When secure memory is requested by the MPI functions or by
gcry_xmalloc_secure, they do not anymore lead to a fatal error if
the secure memory pool is used up. Instead new pools are
allocated as needed. These new pools are not protected against
being swapped out (mlock can't be used). However, these days
this is considered a minor issue and can easily be mitigated by
using encrypted swap space.
* Bug fixes:
- Fix GOST 28147 CryptoPro-B S-box.
- Fix error code handling of mlock calls.
|
|
|
|
|
|
PR 51696 by Dmitry Marakasov.
|
|
solves:
=> Bootstrap dependency digest>=20010302: found digest-20160304
===> Building for openssl-1.0.2jnb1
making depend in crypto...
gmake[1]: Entering directory '/construction/security/openssl/work/openssl-1.0.2j/crypto'
../util/domd: makedepend: not found
|
|
new packages. Most of which are the remaining modules of the Tryton
platform which weren't packaged. The others are dependencies of the new
modules. This was tested on FreeBSD and is based in large part on Richard
Palo's (richard@) work. This is the most recent release of the Tryton
platform, version 4.2. There's a very large list of changes from the 3.8
series we have in pkgsrc. If you're interested, those functional changes
can be found here:
http://www.tryton.org/posts/new-tryton-release-42.html
http://www.tryton.org/posts/new-tryton-release-40.html
|
|
Changelog from 0.9.3 and 0.9.4 is quite long. Expect new and improved
jails, actions and filter. Details are here :
- https://github.com/fail2ban/fail2ban/releases/tag/0.9.4
- https://github.com/fail2ban/fail2ban/releases/tag/0.9.5
Pkgsrc changes are :
- added man pages (fail2ban-testcases.1 fail2ban.1)
- added and reorderd filters, actions, and documentation files
- minor edits to please pkglint
|
|
|
|
|
|
Solves:
/usr/libexec/binutils225/elf/ld.gold: error: cannot find -lreadline
The missing specification is obvious on DragonFly because there's
no publically accessible version of readline in base.
|
|
|
|
Bump PKGREVISION.
Noticed by marino.
|
|
|
|
|
|
|
|
Noteworthy changes in version 1.0.0 (2016-11-22)
------------------------------------------------
* Qt pinentry now supports repeat mode in one dialog.
* Qt and GTK pinentries now make it possible to show the entered
value.
* Qt pinentry now only grabs the keyboard if an entry field is
focused.
* Fixed foreground handling in pinentry-qt if compiled with Qt5 for
Windows.
* Fixed potential crash in Qt qualitybar calculation.
* GTK keyboard grabbing is now a bit more robust. The cursor is
changed to a big dot as a visual indication that a pinentry has
popped up and is waiting for input.
* The GNOME pinentry now falls back to curses if it can't use the
GCR system prompter or a screenlock is active.
* Fixed error output for cached passwords.
* A show/hide passphrase button or checkbox is now available with
some pinentry flavors.
* Improved diagnostics and error codes.
|
|
2.0.1 (2016-11-23)
------------------
* (FIX) Normalize handling of request.scopes list
|
|
1.6 - 2016-11-22
~~~~~~~~~~~~~~~~
* Deprecated support for OpenSSL 1.0.0. Support will be removed in
``cryptography`` 1.7.
* Replaced the Python-based OpenSSL locking callbacks with a C version to fix
a potential deadlock that could occur if a garbage collection cycle occurred
while inside the lock.
* Added support for :class:`~cryptography.hazmat.primitives.hashes.BLAKE2b` and
:class:`~cryptography.hazmat.primitives.hashes.BLAKE2s` when using OpenSSL
1.1.0.
* Added
:attr:`~cryptography.x509.Certificate.signature_algorithm_oid` support to
:class:`~cryptography.x509.Certificate`.
* Added
:attr:`~cryptography.x509.CertificateSigningRequest.signature_algorithm_oid`
support to :class:`~cryptography.x509.CertificateSigningRequest`.
* Added
:attr:`~cryptography.x509.CertificateRevocationList.signature_algorithm_oid`
support to :class:`~cryptography.x509.CertificateRevocationList`.
* Added support for :class:`~cryptography.hazmat.primitives.kdf.scrypt.Scrypt`
when using OpenSSL 1.1.0.
* Added a workaround to improve compatibility with Python application bundling
tools like ``PyInstaller`` and ``cx_freeze``.
* Added support for generating a
:meth:`~cryptography.x509.random_serial_number`.
* Added support for encoding ``IPv4Network`` and ``IPv6Network`` in X.509
certificates for use with :class:`~cryptography.x509.NameConstraints`.
* Added :meth:`~cryptography.x509.Name.public_bytes` to
:class:`~cryptography.x509.Name`.
* Added :class:`~cryptography.x509.RelativeDistinguishedName`
* :class:`~cryptography.x509.DistributionPoint` now accepts
:class:`~cryptography.x509.RelativeDistinguishedName` for
:attr:`~cryptography.x509.DistributionPoint.relative_name`.
Deprecated use of :class:`~cryptography.x509.Name` as
:attr:`~cryptography.x509.DistributionPoint.relative_name`.
* :class:`~cryptography.x509.Name` now accepts an iterable of
:class:`~cryptography.x509.RelativeDistinguishedName`. RDNs can
be accessed via the :attr:`~cryptography.x509.Name.rdns`
attribute. When constructed with an iterable of
:class:`~cryptography.x509.NameAttribute`, each attribute becomes
a single-valued RDN.
* Added
:func:`~cryptography.hazmat.primitives.asymmetric.ec.derive_private_key`.
* Added support for signing and verifying RSA, DSA, and ECDSA signatures with
:class:`~cryptography.hazmat.primitives.asymmetric.utils.Prehashed`
digests.
|
|
2.039 2016/11/20
- OpenSSL 1.1.0c changed the behavior of SSL_read so that it now returns -1 on
EOF without proper SSL shutdown. Since it looks like that this behavior will
be kept at least for 1.1.1+ adapt to the changed API by treating errno=NOERR
on SSL_ERROR_SYSCALL as EOF.
|
|
Noteworthy changes in version 1.25 (2016-11-14) [C20/A20/R0]
-----------------------------------------------
* New interface gpgrt_get_syscall_clamp to allow libaries to make use
of Libgpg-error's system call wrapper functions.
* gpgrt_poll does now work under Windows.
* Fixed bug in the locking code when used with the nPth threading
library.
* Added support for {i686,x86_64}-apple-darwin.
* Added new error codes.
* Interface changes relative to the 1.23 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
gpgrt_get_syscall_clamp NEW.
GPG_ERR_ENGINE_TOO_OLD NEW.
GPG_ERR_WINDOW_TOO_SMALL NEW.
GPG_ERR_WINDOW_TOO_LARGE NEW.
GPG_ERR_MISSING_ENVVAR NEW.
GPG_ERR_USER_ID_EXISTS NEW.
GPG_ERR_NAME_EXISTS NEW.
GPG_ERR_DUP_NAME NEW.
GPG_ERR_TOO_OLD NEW.
GPG_ERR_TOO_YOUNG NEW.
|