| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
ListType and TupleType is just "list" and "tuple" in python 3,
google reveals...
Bump PKGREVISION.
|
|
upstream changes:
-----------------
1.11.2 (2021-08-06)
o Add compatability with OTP 24
|
|
upstream changes:
-----------------
Version 1.0.12
o Fix building without calling configure first
Version 1.0.11
o Switch from using Travis to Github Actions as CI
o Fix compatibility with OTP24
|
|
upstream changes:
-----------------
Version 1.1.16
o Fix compilations on windows
o Reintroduce blocking of renegotions for Openssl < 1.1.0h
Version 1.1.15
o Fix compilation on pre c99 systems
Version 1.1.14
o Updating p1_utils to version 1.0.25.
o Improve compatibility with OpenSSL 3.0
o Improve compatiblity with LibreSSL >= 3.5
o Add 'keyfile', 'dh' and 'fips_mode' options
Version 1.1.13
o Updating p1_utils to version 1.0.23.
o Switch from using Travis to Github Actions as CI
|
|
upstream changes:
-----------------
Version 1.0.9
o Generate documentaion for hex.pm packages
o Update CA bundle
Version 1.0.8
o Switch from using Travis to Github Actions as CI
|
|
upstream changes:
-----------------
Version 1.0.20
o Updating yconf to version 1.0.14.
Version 1.0.19
o Updating yconf to version 1.0.13.
o Fix order in which dependencies are started
Version 1.0.18
o Updating jiffy to version 1.1.1 to support Mix compilation again
Version 1.0.17
o Updating jiffy to version 1.1.0 to support Erlang/OTP 25.0-rc1
o Copy code from eimp to use override_deps_versions only when not rebar3
Version 1.0.14
o Generate documentation when publishing to hex
o Updating jose to version 1.11.1.
Version 1.0.13
o Updating yconf to version 1.0.12.
o Switch from using Travis to Github Actions as CI
|
|
upstream changes:
-----------------
Version 0.6.11
o Generate documentation when generating hex.pm package
o Remove usage of deprecated crypto functions
o Improve errors reporting
Version 0.6.10
o Switch from using Travis to Github Actions as CI
Version 0.6.9
o Dialyzer: Update Response record definition: fields may be undefined
|
|
Version 1.1.0
This release contains breaking changes and security fixes.
Allow to pass claims_options to Framework OpenID Connect clients.
Fix .stream with context for HTTPX OAuth clients.
Fix Starlette OAuth client for cache store.
Breaking changes:
Raise InvalidGrantError for invalid code, redirect_uri and no user errors in OAuth 2.0 server.
The default authlib.jose.jwt would only work with JSON Web Signature algorithms, if you would like to use JWT with JWE algorithms, please pass the algorithms parameter:
jwt = JsonWebToken(['A128KW', 'A128GCM', 'DEF'])
Security fixes: CVE-2022-39175 and CVE-2022-39174, both related to JOSE.
Version 1.0.1
Fix authenticate_none method.
Allow to pass in alternative signing algorithm to RFC7523 authentication methods.
Fix missing_token for Flask OAuth client.
Allow openid in any place of the scope.
Security fix for validating essential value on blank value in JWT.
Version 1.0.0
We have dropped support for Python 2 in this release. We have removed built-in SQLAlchemy integration.
OAuth Client Changes:
The whole framework client integrations have been restructured, if you are using the client properly, e.g. oauth.register(...), it would work as before.
OAuth Provider Changes:
In Flask OAuth 2.0 provider, we have removed the deprecated OAUTH2_JWT_XXX configuration, instead, developers should define .get_jwt_config on OpenID extensions and grant types.
SQLAlchemy integrations has been removed from Authlib. Developers should define the database by themselves.
JOSE Changes
JWS has been renamed to JsonWebSignature
JWE has been renamed to JsonWebEncryption
JWK has been renamed to JsonWebKey
JWT has been renamed to JsonWebToken
The "Key" model has been re-designed, checkout the :ref:`jwk_guide` for updates.
Added ES256K algorithm for JWS and JWT.
|
|
The tarball was retracted due to a regression, to quote:
We have received a report of a significant regression in the latest
3.0.6 and 1.1.1r versions. The regression is not thought to have
security consequences. While the regression is further investigated we
have taken the decision to withdraw the 3.0.6 and 1.1.1r versions and
instead recommend that users remain on the previous 3.0.5 and 1.1.1q
versions for now.
We will issue a new plan for the release of 3.0.7 and 1.1.1s soon.
From https://mta.openssl.org/pipermail/openssl-announce/2022-October/000237.html
|
|
Major changes between OpenSSL 1.1.1q and OpenSSL 1.1.1r [11 Oct 2022]
o Added a missing header for memcmp that caused compilation failure on
some platforms
|
|
=========================
This release is focused on bug fixing.
Security
========
This release contains fixes for three minor memory safety problems.
None are believed to be exploitable, but we report most memory safety
problems as potential security vulnerabilities out of caution.
* ssh-keyscan(1): fix a one-byte overflow in SSH- banner processing.
Reported by Qualys
* ssh-keygen(1): double free() in error path of file hashing step in
signing/verify code; GHPR333
* ssh-keysign(8): double-free in error path introduced in openssh-8.9
Potentially-incompatible changes
--------------------------------
* The portable OpenSSH project now signs commits and release tags
using git's recent SSH signature support. The list of developer
signing keys is included in the repository as .git_allowed_signers
and is cross-signed using the PGP key that is still used to sign
release artifacts:
https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/RELEASE_KEY.asc
* ssh(1), sshd(8): SetEnv directives in ssh_config and sshd_config
are now first-match-wins to match other directives. Previously
if an environment variable was multiply specified the last set
value would have been used. bz3438
* ssh-keygen(8): ssh-keygen -A (generate all default host key types)
will no longer generate DSA keys, as these are insecure and have
not been used by default for some years.
New features
------------
* ssh(1), sshd(8): add a RequiredRSASize directive to set a minimum
RSA key length. Keys below this length will be ignored for user
authentication and for host authentication in sshd(8).
ssh(1) will terminate a connection if the server offers an RSA key
that falls below this limit, as the SSH protocol does not include
the ability to retry a failed key exchange.
* sftp-server(8): add a "users-groups-by-id@openssh.com" extension
request that allows the client to obtain user/group names that
correspond to a set of uids/gids.
* sftp(1): use "users-groups-by-id@openssh.com" sftp-server
extension (when available) to fill in user/group names for
directory listings.
* sftp-server(8): support the "home-directory" extension request
defined in draft-ietf-secsh-filexfer-extensions-00. This overlaps
a bit with the existing "expand-path@openssh.com", but some other
clients support it.
* ssh-keygen(1), sshd(8): allow certificate validity intervals,
sshsig verification times and authorized_keys expiry-time options
to accept dates in the UTC time zone in addition to the default
of interpreting them in the system time zone. YYYYMMDD and
YYMMDDHHMM[SS] dates/times will be interpreted as UTC if suffixed
with a 'Z' character.
Also allow certificate validity intervals to be specified in raw
seconds-since-epoch as hex value, e.g. -V 0x1234:0x4567890. This
is intended for use by regress tests and other tools that call
ssh-keygen as part of a CA workflow. bz3468
* sftp(1): allow arguments to the sftp -D option, e.g. sftp -D
"/usr/libexec/sftp-server -el debug3"
* ssh-keygen(1): allow the existing -U (use agent) flag to work
with "-Y sign" operations, where it will be interpreted to require
that the private keys is hosted in an agent; bz3429
Bugfixes
--------
* ssh-keygen(1): implement the "verify-required" certificate option.
This was already documented when support for user-verified FIDO
keys was added, but the ssh-keygen(1) code was missing.
* ssh-agent(1): hook up the restrict_websafe command-line flag;
previously the flag was accepted but never actually used.
* sftp(1): improve filename tab completions: never try to complete
names to non-existent commands, and better match the completion
type (local or remote filename) against the argument position
being completed.
* ssh-keygen(1), ssh(1), ssh-agent(1): several fixes to FIDO key
handling, especially relating to keys that request
user-verification. These should reduce the number of unnecessary
PIN prompts for keys that support intrinsic user verification.
GHPR302, GHPR329
* ssh-keygen(1): when enrolling a FIDO resident key, check if a
credential with matching application and user ID strings already
exists and, if so, prompt the user for confirmation before
overwriting the credential. GHPR329
* sshd(8): improve logging of errors when opening authorized_keys
files. bz2042
* ssh(1): avoid multiplexing operations that could cause SIGPIPE from
causing the client to exit early. bz3454
* ssh_config(5), sshd_config(5): clarify that the RekeyLimit
directive applies to both transmitted and received data. GHPR328
* ssh-keygen(1): avoid double fclose() in error path.
* sshd(8): log an error if pipe() fails while accepting a
connection. bz3447
* ssh(1), ssh-keygen(1): fix possible NULL deref when built without
FIDO support. bz3443
* ssh-keyscan(1): add missing *-sk types to ssh-keyscan manpage.
GHPR294.
* sshd(8): ensure that authentication passwords are cleared from
memory in error paths. GHPR286
* ssh(1), ssh-agent(1): avoid possibility of notifier code executing
kill(-1). GHPR286
* ssh_config(5): note that the ProxyJump directive also accepts the
same tokens as ProxyCommand. GHPR305.
* scp(1): do not not ftruncate(3) files early when in sftp mode. The
previous behaviour of unconditionally truncating the destination
file would cause "scp ~/foo localhost:foo" and the reverse
"scp localhost:foo ~/foo" to delete all the contents of their
destination. bz3431
* ssh-keygen(1): improve error message when 'ssh-keygen -Y sign' is
unable to load a private key; bz3429
* sftp(1), scp(1): when performing operations that glob(3) a remote
path, ensure that the implicit working directory used to construct
that path escapes glob(3) characters. This prevents glob characters
from being processed in places they shouldn't, e.g. "cd /tmp/a*/",
"get *.txt" should have the get operation treat the path "/tmp/a*"
literally and not attempt to expand it.
* ssh(1), sshd(8): be stricter in which characters will be accepted
in specifying a mask length; allow only 0-9. GHPR278
* ssh-keygen(1): avoid printing hash algorithm twice when dumping a
KRL
* ssh(1), sshd(8): continue running local I/O for open channels
during SSH transport rekeying. This should make ~-escapes work in
the client (e.g. to exit) if the connection happened to have
stalled during a rekey event.
* ssh(1), sshd(8): avoid potential poll() spin during rekeying
* Further hardening for sshbuf internals: disallow "reparenting" a
hierarchical sshbuf and zero the entire buffer if reallocation
fails. GHPR287
Portability
-----------
* ssh(1), ssh-keygen(1), sshd(8): automatically enable the built-in
FIDO security key support if libfido2 is found and usable, unless
--without-security-key-builtin was requested.
* ssh(1), ssh-keygen(1), sshd(8): many fixes to make the WinHello
FIDO device usable on Cygwin. The windows://hello FIDO device will
be automatically used by default on this platform unless requested
otherwise, or when probing resident FIDO credentials (an operation
not currently supported by WinHello).
* Portable OpenSSH: remove workarounds for obsolete and unsupported
versions of OpenSSL libcrypto. In particular, this release removes
fallback support for OpenSSL that lacks AES-CTR or AES-GCM.
Those AES cipher modes were added to OpenSSL prior to the minimum
version currently supported by OpenSSH, so this is not expected to
impact any currently supported configurations.
* sshd(8): fix SANDBOX_SECCOMP_FILTER_DEBUG on current Linux/glibc
* All: resync and clean up internal CSPRNG code.
* scp(1), sftp(1), sftp-server(8): avoid linking these programs with
unnecessary libraries. They are no longer linked against libz and
libcrypto. This may be of benefit to space constrained systems
using any of those components in isolation.
* sshd(8): add AUDIT_ARCH_PPC to supported seccomp sandbox
architectures.
* configure: remove special casing of crypt(). configure will no
longer search for crypt() in libcrypto, as it was removed from
there years ago. configure will now only search libc and libcrypt.
* configure: refuse to use OpenSSL 3.0.4 due to potential RCE in its
RSA implementation (CVE-2022-2274) on x86_64.
* All: request 1.1x API compatibility for OpenSSL >=3.x; GHPR#322
* ssh(1), ssh-keygen(1), sshd(8): fix a number of missing includes
required by the XMSS code on some platforms.
* sshd(8): cache timezone data in capsicum sandbox.
|
|
|
|
Added
* Certificate for signing gem releases (@pboling)
* Gemspec metadata (@pboling)
- funding_uri
- mailing_list_uri
* Checksums for released gems (@pboling)
Changed
* Gem releases are now cryptographically signed (@pboling)
|
|
1.0.4 (2022-09-19)
Added
* Certificate for signing gem releases (@pboling)
* Gemspec metadata (@pboling)
- funding_uri
- mailing_list_uri
* Installation and usage documentation (@pboling)
* SHA 512 Checksum for release (@pboling)
Changed
* Gem releases are now cryptographically signed (@pboling)
1.0.5 (2022-09-20)
Added
* SHA 256 Checksum for release (in addition to SHA 512) (@pboling)
* Aligned checksums directory name with rake build:checksum task (@pboling)
* General Cleanup
|
|
2.0.95 (2022-09-22)
* Changes are too many to write here, please refer:
<https://github.com/rapid7/metasploit-payloads/compare/v2.0.94...v2.0.95>
2.0.96 (2022-09-22)
* Land #585, Add stdapi_registry_check_key_exists for Python
2.0.97 (2022-09-29)
* land #588, Add TrustedSec's COFFLoader as Meterpreter Extension
|
|
Noteworthy changes in version 1.6.2 (2022-10-07) [C22/A14/R2]
------------------------------------------------
* Fix integer overflow in the CRL parser.
|
|
Noteworthy changes in version 1.46 (2022-10-07) [C33/A33/R1]
-----------------------------------------------
* Support for bidirectional pipes under Windows. [T6112]
* REG_DWORD types are now support in the Windows Registry.
[rE745d333cf7]
* Added ES_SYSHD_SOCK support for gpgrt_sysopen under Windows.
[rE018ea46a30]
* Fixed gpgrt_log_get_fd for the file case. [T5922]
* Avoids header problem with C11 and "noreturn". [T4002]
* The gpg-error-config command is not installed by default, because
it is now replaced by use of pkg-config/gpgrt-config with
gpg-error.pc. Supply --enable-install-gpg-error-config configure
option, if it's really needed.
* Fixed support of posix-lock for FreeBSD. [rE6e17e70bb7]
* Build fixes for some Mingw tool chain versions. [T5890, T4656]
* Removed remaining support for WindowsCE. [T5912]
* Updated config.guess, config.sub, and config.rpath. [T6078]
* gpg-error-config is now only installed when enabled. [T5683]
* System paths are now stripped from --cflags --and --libs. [T6136]
|
|
The signify utility creates and verifies cryptographic signatures.
A signature verifies the integrity of a message
This version of signify is part of outils, a portable collection of
non-standard OpenBSD tools.
|
|
Certbot 1.31.0
Changed
If Certbot exits before setting up its usual log files, the temporary directory created to save logging information will begin with the name certbot-log- rather than a generic name. This should not be considered a stable aspect of Certbot and may change again in the future.
Fixed
Fixed an incompatibility in the certbot-dns-cloudflare plugin and the Cloudflare library
which was introduced in the Cloudflare library version 2.10.1. The library would raise
an error if a token was specified in the Certbot --dns-cloudflare-credentials file as
well as the cloudflare.cfg configuration file of the Cloudflare library.
|
|
|
|
|
|
|
|
Changes according to Changelog:
8.7.0 - August 7, 2022
- minor release, recompile of programs required
- expanded community input and support
* 81 unique contributors as of this release
- fix RSA key generation for small moduli
- fix AES-GCM with AESNI but without CLMUL
- fix Clang warning with C++17
- fix MinGW builds due to use of O_NOFOLLOW
- rework CFB_CipherTemplate::ProcessData and AdditiveCipherTemplate::ProcessData
* restored performance and avoided performance penalty of a temp buffer
- fix undersized SecBlock buffer in Integer bit operations
- work around several GCC 11 & 12 problems
8.6.0 - September 21, 2021
- minor release, recompile of programs required
- expanded community input and support
* 74 unique contributors as of this release
- fix ElGamal encryption
- fix ChaCha20 AVX2 implementation
- add octal and decimal literal prefix parsing to Integer
- add missing overload in ed25519Signer and ed25519Verifier
- make SHA-NI independent of AVX and AVX2
- fix OldRandomPool GenerateWord32
- use CPPFLAGS during feature testing
- fix compile on CentOS 5
- fix compile on FreeBSD
- fix feature testing on ARM A-32 and Aarch64
- enable inline ASM for CRC and PMULL on Apple M1
- fix Intel oneAPI compile
- rename test files with *.cpp extension
- fix GCC compile error due to missing _mm256_set_m128i
- add LSH-256 and LSH-512 hash functions
- add ECIES_P1363 for backwards compatibility
- fix AdditiveCipherTemplate<T> ProcessData
- remove CRYPTOPP_NO_CXX11 define
- add -fno-common for Darwin builds
- update documentation
8.5.0 - March 7, 2021
- minor release, no recompile of programs required
- expanded community input and support
* 70 unique contributors as of this release
- port to Apple M1 hardware
8.4.0 - January 2, 2021
- minor release, recompile of programs required
- expanded community input and support
* 67 unique contributors as of this release
- fix SIGILL on POWER8 when compiling with GCC 10
- fix potential out-of-bounds write in FixedSizeAllocatorWithCleanup
- fix compile on AIX POWER7 with IBM XLC 12.01
- fix compile on Solaris with SunCC 12.6
- revert changes for constant-time elliptic curve algorithms
- fix makefile clean and distclean recipes
8.3.0 - December 20, 2020
- minor release, recompile of programs required
- expanded community input and support
* 66 unique contributors as of this release
- fix use of macro CRYPTOPP_ALIGN_DATA
- fix potential out-of-bounds read in ECDSA
- fix std::bad_alloc when using ByteQueue in pipeline
- fix missing CRYPTOPP_CXX17_EXCEPTIONS with Clang
- fix potential out-of-bounds read in GCM mode
- add configure.sh when preprocessor macros fail
- fix potential out-of-bounds read in SipHash
- fix compile error on POWER9 due to vec_xl_be
- fix K233 curve on POWER8
- add Cirrus CI testing
- fix broken encryption for some 64-bit ciphers
- fix Android cpu-features.c using C++ compiler
- disable RDRAND and RDSEED for some AMD processors
- fix BLAKE2 hash calculation using Salt and Personalization
- refresh Android and iOS build scripts
- add XTS mode
- fix circular dependency between misc.h and secblock.h
- add Certificate interface
- fix recursion in AES::Encryption without AESNI
- add missing OID for ElGamal encryption
- fix missing override in KeyDerivationFunction-derived classes
- fix RDSEED assemble under MSVC
- fix elliptic curve timing leaks (CVE-2019-14318)
- add link-library variable to Makefiles
- fix SIZE_MAX definition in misc.h
- add GetWord64 and PutWord64 to BufferedTransformation
- use HKDF in AutoSeededX917RNG::Reseed
- fix Asan finding in VMAC on i686 in inline asm
- fix undeclared identifier _mm_roti_epi64 on Gentoo
- fix ECIES and GetSymmetricKeyLength
- fix possible divide by zero in PKCS5_PBKDF2_HMAC
- refine ASN.1 encoders and decoders
- disable BMI2 code paths in Integer class
- fix use of CRYPTOPP_CLANG_VERSION
- add NEON SHA1, SHA256 and SHA512 from Cryptogams
- add ARM SHA1, SHA256 and SHA512 from Cryptogams
- make config.h more autoconf friendly
- handle Clang triplet armv8l-unknown-linux-gnueabihf
- fix reference binding to misaligned address in xed25519
- clear asserts in TestDataNameValuePairs
|
|
Changes since v5.5.0:
wolfSSL Release 5.5.1 (Sep 28, 2022) Latest
Vulnerabilities
* [Med] Denial of service attack and buffer overflow against TLS 1.3 servers
using session ticket resumption. When built with --enable-session-ticket and
making use of TLS 1.3 server code in wolfSSL, there is the possibility of a
malicious client to craft a malformed second ClientHello packet that causes
the server to crash. This issue is limited to when using both
--enable-session-ticket and TLS 1.3 on the server side. Users with TLS 1.3
servers, and having --enable-session-ticket, should update to the latest
version of wolfSSL. Thanks to Max at Trail of Bits for the report and
"LORIA, INRIA, France" for research on tlspuffin.
New Feature Additions
* Add support for non-blocking ECC key gen and shared secret gen for
P-256/384/521
* Add support for non-blocking ECDHE/ECDSA in TLS/DTLS layer.
* Port to NXP RT685 with FreeRTOS
* Add option to build post quantum Kyber API (--enable-kyber)
* Add post quantum algorithm sphincs to wolfCrypt
* Config. option to force no asm with SP build (--enable-sp=noasm)
* Allow post quantum keyshare for DTLS 1.3
Enhancements
* DTLSv1.3: Do HRR Cookie exchange by default
* Add wolfSSL_EVP_PKEY_new_CMAC_key to OpenSSL compatible API
* Update ide win10 build files to add missing sp source files
* Improve Workbench docs
* Improve EVP support for CHACHA20_POLY1305
* Improve wc_SetCustomExtension documentation
* RSA-PSS with OCSP and add simple OCSP response DER verify test case
* Clean up some FIPS versioning logic in configure.ac and WIN10 user_settings.h
* Don't over-allocate memory for DTLS fragments
* Add WOLFSSL_ATECC_TFLXTLS for Atmel port
* SHA-3 performance improvements with x86_64 assembly
* Add code to fallback to S/W if TSIP cannot handle
* Improves entropy with VxWorks
* Make time in milliseconds 64-bits for longer session ticket lives
* Support for setting cipher list with bytes
* wolfSSL_set1_curves_list(), wolfSSL_CTX_set1_curves_list() improvements
* Add to RSAES-OAEP key parsing for pkcs7
* Add missing DN nid to work with PrintName()
* SP int: default to 16 bit word size when NO_64BIT defined
* Limit the amount of fragments we store per a DTLS connection and error out
when max limit is reached
* Detect when certificate's RSA public key size is too big and fail on loading
of certificate
Fixes
* Fix for async with OCSP non-blocking in ProcessPeerCerts
* Fixes for building with 32-bit and socket size sign/unsigned mismatch
* Fix Windows CMakeList compiler options
* TLS 1.3 Middle-Box compat: fix missing brace
* Configuration consistency fixes for RSA keys and way to force disable of
private keys
* Fix for Aarch64 Mac M1 SP use
* Fix build errors and warnings for MSVC with DTLS 1.3
* Fix HMAC compat layer function for SHA-1
* Fix DTLS 1.3 do not negotiate ConnectionID in HelloRetryRequest
* Check return from call to wc_Time
* SP math: fix build configuration with opensslall
* Fix for async session tickets
* SP int mp_init_size fixes when SP_WORD_SIZE == 8
* Ed. function to make public key now checks for if the private key flag is set
* Fix HashRaw WC_SHA256_DIGEST_SIZE for wc_Sha256GetHash
* Fix for building with PSK only
* Set correct types in wolfSSL_sk_*_new functions
* Sanity check that size passed to mp_init_size() is no more than SP_INT_DIGITS
|
|
Changelog from AN-2022-09-18:
With great sadness we report the death of schilytools main author and
long time maintainer Jörg Schilling (1955-03-27--2021-10-10). Jörg, we
miss you! After his passing, development has been picked up by a group
of volunteers who would like to keep the project alive and well. Our
goal is to carefully preserve the portability and compatibility of this
project while extending it to new platforms and implementing new tools
and features that fit the tool set.
As a part of the change in management, the schilytools project has moved
from Sourceforge to Codeberg.
- general: Explain how to contribute and update README
- general: Add list of contributors
- all: Misc spelling fixes
Submitted by Friedhelm Mehnert.
- all: Update E-Mail address and project URL in many places.
Jörg's old joerg@schily.net address is defunct and so is his
postal address. As a part of an ongoing documentation cleanup,
these addresses have been replaced by our new project pages in
many locations.
Submitted by Nico Sonack.
- man pages: work around buggy syntax highlighting by adding
\" " comments into various places.
Submitted by Nico Sonack.
- RULES: Fix build on macOS 12.4
- RULES: add i386-openbsd-clang.rul
This should permit compilation on modern OpenBSD using clang as
the system compiler.
- autoconf: Work around clang bug in #pragma weak detection.
A clang compiler bug causing a crash in the configure test for
#pragma weak has been worked around, permitting use of weak
symbols when compiling with clang.
- libmdigest: Add support for BLAKE2 digests
Submitted by Nico Sonack.
- libmdigest: Prefer intrinsic for bswap_32 over inline assembly
This should improve performance slightly when compiling with gcc
on i386 targets.
- libmdigest: Work around clang bug in #pragma weak
- mdigest: Add support for BLAKE2 digests
Submitted by Nico Sonack.
- tests: fix arm64/aarch64 architecture confusion on OpenBSD
Submitted by Nico Sonack.
|
|
|
|
16 months of development
|
|
5 months of development
|
|
|
|
ersion 3.7.8 (released 2022-09-27)
** libgnutls: In FIPS140 mode, RSA signature verification is an approved
operation if the key has modulus with known sizes (1024, 1280,
1536, and 1792 bits), in addition to any modulus sizes larger than
2048 bits, according to SP800-131A rev2.
** libgnutls: gnutls_session_channel_binding performs additional checks when
GNUTLS_CB_TLS_EXPORTER is requested. According to RFC9622 4.2, the
"tls-exporter" channel binding is only usable when the handshake is
bound to a unique master secret (i.e., either TLS 1.3 or extended
master secret extension is negotiated). Otherwise the function now
returns error.
** libgnutls: usage of the following functions, which are designed to
loosen restrictions imposed by allowlisting mode of configuration,
has been additionally restricted. Invoking them is now only allowed
if system-wide TLS priority string has not been initialized yet:
gnutls_digest_set_secure
gnutls_sign_set_secure
gnutls_sign_set_secure_for_certs
gnutls_protocol_set_enabled
** API and ABI modifications:
No changes since last version.
|
|
Fixes PR 57028 by Nathan Ahlstrom.
Bump PKGREVISION.
Move options handling into options.mk while here.
|
|
|
|
Noteworthy changes in version 2.2.39 (2022-09-02)
-------------------------------------------------
* agent: Fix regression in 2.2.37 related to non-extended format
private keys.
Noteworthy changes in version 2.2.38 (2022-09-01)
-------------------------------------------------
* gpg: Make --require-compliance work for sign+encrypt.
* gpg: Fix an encoding problem under Windows in the printed
timezone.
* gpg: Emit a FAILURE status for --require-compliance errors.
* dirmngr: Avoid caching expired certificates.
|
|
Noteworthy changes in version 1.6.1 (2022-09-16)
------------------------------------------------
* Allow an OCSP server not to return the sent nonce.
|
|
|
|
Welcome to 2016.
MESSAGE content has been moved to an installed README and improved.
Prepared in wip by dsainty@ with some help from gdt@.
Upstream NEWS
Onvif discovery is now enabled by default. This features increases
build time, but the benefit is auto-discovery of any Onvif compliant
camera. Please note that this feature is still experimental. It has
not been tested in a large environment or with a large variety of
cameras. Using this tool is largely self explanatory, but if you are
looking for documentation it can be found on the @altaroca ’s blog
site. As time allows, we will bring the documentation over to our
readthedocs site. Volunteers to do this work are welcome.
ZoneMinder now has a telemetry deamon which collects information about
your machine. This was done to learn how our user base uses
ZoneMinder, the most common system size, choice of distro, cpu,
memory, and a couple of other things. This will help us focus our
efforts on what features get used the most. Since this was written in
Perl, you can easily see for yourself what information is being
sent. Note that this feature defaults to ON. If this is not what you
want, then you can turn it off under Options. In a future release, we
plan to include an install wizard, which will prompt the user about
this feature.
Have you ever wished for the motion detection zones to be live, rather
than a static image? Well they are now! Creating or modifying zones
works exactly the same as before, but with the live stream running in
the background. If you need to freeze the stream, there is a Pause
button at the bottom of the window to do just that.
A new feature called Montage Review has been added. This can be
thought of as a modified version of the original montage feature with
features such as "scrubbing" through video. The Montage Review screen
has received sufficient testing to be part of the release, but you
should still treat this feature as experimental. We expect there to be
additional fixes and refinements.
|
|
|
|
22.1.0:
Backward-incompatible changes:
Remove support for SSLv2 and SSLv3.
The minimum cryptography version is now 37.0.2.
The OpenSSL.crypto.X509StoreContextError exception has been refactored, changing its internal attributes.
Deprecations:
OpenSSL.SSL.SSLeay_version is deprecated in favor of OpenSSL.SSL.OpenSSL_version. The constants OpenSSL.SSL.SSLEAY_* are deprecated in favor of OpenSSL.SSL.OPENSSL_*.
Changes:
Add OpenSSL.SSL.Connection.set_verify and OpenSSL.SSL.Connection.get_verify_mode to override the context object’s verification flags.
Add OpenSSL.SSL.Connection.use_certificate and OpenSSL.SSL.Connection.use_privatekey to set a certificate per connection (and not just per context)
|
|
|
|
|
|
|
|
|
|
0.1.43 (2022-09-16)
* Land #52, Fix openssl3 unsafe legacy renegotiation disabled error
|
|
v3.1.0
Feature
Out-factor SPDX compound detection (fd4d537, 2b69925)
License factories (033bad2)
Note: There was no 3.0.0 release officially, but due to CI publishing
issues, an unexpected 3.0.0 release was publiched to PyPi and
subsequently yanked from PyPi. There are NO breaking changes between
2.7.1 and 3.1.0.
|
|
|
|
The sed options that clear out optimization
options for rndjent.c, that must be compiled
without optimization, did not take away -O
as reported by Jason Bacon on pkgsrc-users.
While here also make it take away the -Oz
optimization option supported by gcc 12
and later.
|
|
Changes:
3.10.3
------
- Use gitparse for unstaged changes.
|
|
3.2.1 (2022-09-09)
------------------
OAuth2.0 Provider:
* Metadata endpoint support of non-HTTPS
* CVE-2022-36087
OAuth1.0:
* Allow IPv6 being parsed by signature
General:
* Improved and fixed documentation warnings.
* Cosmetic changes based on isort
|
|
- fixed randombytes(), uses getentropy() and /dev/urandom where
getentropy() does not exist
|
|
22.0.0 (2022-01-29)
-------------------
Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- Drop support for Python 2.7.
`#1047 <https://github.com/pyca/pyopenssl/pull/1047>`_
- The minimum ``cryptography`` version is now 35.0.
Deprecations:
^^^^^^^^^^^^^
Changes:
^^^^^^^^
- Expose wrappers for some `DTLS
<https://en.wikipedia.org/wiki/Datagram_Transport_Layer_Security>`_
primitives. `#1026 <https://github.com/pyca/pyopenssl/pull/1026>`_
|
