| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
Minor bugfixes and build fixes.
|
|
Feature
Bump dependencies (da3f0ca)
Completed work on #155 (#172) (a926b34)
Support complete model for bom.metadata (#162) (2938a6c)
Support for bom.externalReferences in JSON and XML #124 (1b733d7)
Complete support for bom.components (#155) (32c0139)
Support services in XML BOMs (9edf6c9)
Fix
license_url not serialised in XML output #179 (#180) (f014d7c)
Component.bom_ref is not Optional in our model implementation (in the schema it is) - we generate a UUID if bom_ref is not supplied explicitly (5c954d1)
Temporary fix for __hash__ of Component with properties #153 (a51766d)
Further fix for #150 (1f55f3e)
Regression introduced by first fix for #150 (c09e396)
Components with no version (optional since 1.4) produce invalid BOM output in XML #150 (70d25c8)
expression not supported in Component Licsnes for version 1.0 (15b081b)
Breaking
Adopt PEP-3102 (da3f0ca)
Optional Lists are now non-optional Sets (da3f0ca)
Remove concept of DEFAULT schema version - replaced with LATEST schema version (da3f0ca)
Added BomRef data type (da3f0ca)
|
|
|
|
1.12.0 (2022-01-11)
-------------------
* Corrected some type annotations.
* Dropped support for cryptography<1.5.
* Added the top level attributes josepy.JWKEC, josepy.JWKOct, and
josepy.ComparableECKey for convenience and consistency.
|
|
|
|
Changelog:
Not available in summary form.
|
|
Changes between 1.1.1l and 1.1.1m [14 Dec 2021]
*) Avoid loading of a dynamic engine twice.
*) Fixed building on Debian with kfreebsd kernels
*) Prioritise DANE TLSA issuer certs over peer certs
*) Fixed random API for MacOS prior to 10.12
|
|
|
|
ca-certificates (20211016) unstable; urgency=low
[ Michael Shuler ]
* Fix error on install when TEMPBUNDLE missing. Closes: #996005
-- Julien Cristau <jcristau@debian.org> Sat, 16 Oct 2021 18:09:43 +0200
ca-certificates (20211004) unstable; urgency=low
[ Debian Janitor ]
* Fix day-of-week for changelog entry 20090624.
[ Julien Cristau ]
* Create temporary ca-certificates.crt on the same file system.
Closes: #923784
* Don't remove ca-certificates.crt before updating it, so it doesn't
go missing for a short while (closes: #920348). Thanks, Dimitris
Aragiorgis!
* Bump package priority from optional to standard.
* mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate authority
bundle to version 2.50
The following certificate authorities were added (+):
+ "AC RAIZ FNMT-RCM SERVIDORES SEGUROS"
+ "GlobalSign Root R46"
+ "GlobalSign Root E46"
+ "GLOBALTRUST 2020"
+ "ANF Secure Server Root CA"
+ "Certum EC-384 CA"
+ "Certum Trusted Root CA"
The following certificate authorities were removed (-):
- "QuoVadis Root CA"
- "Sonera Class 2 Root CA"
- "GeoTrust Primary Certification Authority - G2"
- "VeriSign Universal Root Certification Authority"
- "Chambers of Commerce Root - 2008"
- "Global Chambersign Root - 2008"
- "Trustis FPS Root CA"
- "Staat der Nederlanden Root CA - G3"
* Blacklist expired root certificate "DST Root CA X3" (closes: #995432)
* mozilla/certdata2pem.py: print a warning for expired certificates.
-- Julien Cristau <jcristau@debian.org> Thu, 07 Oct 2021 17:12:47 +0200
ca-certificates (20210119) unstable; urgency=medium
[ Julien Cristau ]
* New maintainer (closes: #976406)
* mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate authority
bundle to version 2.46.
The following certificate authorities were added (+):
+ "certSIGN ROOT CA G2"
+ "e-Szigno Root CA 2017"
+ "Microsoft ECC Root Certificate Authority 2017"
+ "Microsoft RSA Root Certificate Authority 2017"
+ "NAVER Global Root Certification Authority"
+ "Trustwave Global Certification Authority"
+ "Trustwave Global ECC P256 Certification Authority"
+ "Trustwave Global ECC P384 Certification Authority"
The following certificate authorities were removed (-):
- "EE Certification Centre Root CA"
- "GeoTrust Universal CA 2"
- "LuxTrust Global Root 2"
- "OISTE WISeKey Global Root GA CA"
- "Staat der Nederlanden Root CA - G2" (closes: #962079)
- "Taiwan GRCA"
- "Verisign Class 3 Public Primary Certification Authority - G3"
[ Michael Shuler ]
* mozilla/blacklist:
Revert Symantec CA blacklist (#911289). Closes: #962596
The following root certificates were added back (+):
+ "GeoTrust Primary Certification Authority - G2"
+ "VeriSign Universal Root Certification Authority"
[ Gianfranco Costamagna ]
* debian/{rules,control}:
Merge Ubuntu patch from Matthias Klose to use Python3 during build.
Closes: #942915
-- Julien Cristau <jcristau@debian.org> Tue, 19 Jan 2021 11:11:04 +0100
|
|
Changes since v5.1.1:
wolfSSL Release 5.2.0 (Feb 21, 2022)
Release 5.2.0 of wolfSSL embedded TLS has bug fixes and new features including:
Vulnerabilities
* [High] A TLS v1.3 server who requires mutual authentication can be
bypassed. If a malicious client does not send the certificate_verify message
a client can connect without presenting a certificate even if the server
requires one. Thank you to Aina Toky Rasoamanana and Olivier Levillain of
Télécom SudParis.
* [High] A TLS v1.3 client attempting to authenticate a TLS v1.3 server can
have its certificate check bypassed. If the sig_algo in the
certificate_verify message is different than the certificate message checking
may be bypassed. Thank you to Aina Toky Rasoamanana and Olivier Levillain of
Télécom SudParis.
New Feature Additions
* Example applications for Renesas RX72N with FreeRTOS+IoT
* Renesas FSP 3.5.0 support for RA6M3
* For TLS 1.3, improved checks on order of received messages.
* Support for use of SHA-3 cryptography instructions available in ARMv8.2-A
architecture extensions. (For Apple M1)
* Support for use of SHA-512 cryptography instructions available in ARMv8.2-A
architecture extensions. (For Apple M1)
* Fixes for clang -Os on clang >= 12.0.0
* Expose Sequence Numbers so that Linux TLS (kTLS) can be configured
* Fix bug in TLSX_ALPN_ParseAndSet when using ALPN select callback.
* Allow DES3 with FIPS v5-dev.
* Include HMAC for deterministic ECC sign build
* Add --enable-chrony configure option. This sets build options needed to
build the Chrony NTP (Network Time Protocol) service.
* Add support for STM32U575xx boards.
* Fixes for NXP’s SE050 Ed25519/Curve25519.
* TLS: Secure renegotiation info on by default for compatibility.
* Inline C code version of ARM32 assembly for cryptographic algorithms
available and compiling for improved performance on ARM platforms
* Configure HMAC: define NO_HMAC to disable HMAC (default: enabled)
* ISO-TP transport layer support added to wolfio for TLS over CAN Bus
* Fix initialization bug in SiLabs AES support
* Domain and IP check is only performed on leaf certificates
ARM PSA Support (Platform Security Architecture) API
* Initial support added for ARM’s Platform Security Architecture (PSA) API in
wolfCrypt which allows support of ARM PSA enabled devices by wolfSSL,
wolfSSH, and wolfBoot and wolfCrypt FIPS.
* Included algorithms: ECDSA, ECDH, HKDF, AES, SHA1, SHA256, SHA224, RNG
ECICE Updates
* Support for more encryption algorithms: AES-256-CBC, AES-128-CTR,
AES-256-CTR
* Support for compressed public keys in messages.
Math Improvements
* Improved performance of X448 and Ed448 through inlining Karatsuba in square
and multiplication operations for 128-bit implementation (64-bit platforms
with 128-bit type support).
* SP Math C implementation: fix for corner case in curve specific
implementations of Montgomery Reduction (P-256, P-384).
* SP math all: assembly snippets added for ARM Thumb. Performance improvement
on platform.
* SP math all: ARM64/32 sp_div_word assembly snippets added to remove
dependency on __udiv3.
* SP C implementation: multiplication of two signed types with overflow is
undefined in C. Now cast to unsigned type before multiplication is
performed.
* SP C implementation correctly builds when using CFLAG: -m32
OpenSSL Compatibility Layer
* Added DH_get_2048_256 to compatibility layer.
* wolfSSLeay_version now returns the version of wolfSSL
* Added C++ exports for API’s in wolfssl/openssl/crypto.h. This allows better
compatibility when building with a C++ compiler.
* Fix for OpenSSL x509_NAME_hash mismatch
* Implement FIPS_mode and FIPS_mode_set in the compat layer.
* Fix for certreq and certgen options with openssl compatibility
* wolfSSL_BIO_dump() and wolfSSL_OBJ_obj2txt() rework
* Fix IV length bug in EVP AES-GCM code.
* Add new ASN1_INTEGER compatibility functions.
* Fix wolfSSL_PEM_X509_INFO_read with NO_FILESYSTEM
CMake Updates
* Check for valid override values.
* Add KEYGEN option.
* Cleanup help messages.
* Add options to support wolfTPM.
VisualStudio Updates
* Remove deprecated VS solution
* Fix VS unreachable code warning
New Algorithms and Protocols
* AES-SIV (RFC 5297)
* DTLS SRTP (RFC 5764), used with WebRTC to agree on profile for new real-time
session keys
* SipHash MAC/PRF for hash tables. Includes inline assembly for x86_64 and
Aarch64.
Remove Obsolete Algorithms
* IDEA
* Rabbit
* HC-128
|
|
|
|
|
|
New in 2.1.28
build:
configure - Restore LIBS after checking gss_inquire_sec_context_by_oid
makemd5.c - Fix potential out of bound writes
fix build with –disable-shared –enable-static
Dozens of fixes for Windows specific builds
Fix cross platform builds with SPNEGO
Do not try to build broken java subtree
Fix build error with –enable-auth-sasldb
common:
plugin_common.c:
Ensure size is always checked if called repeatedly (#617)
documentation:
Fixed generation of saslauthd(8) man page
Fixed installation of saslauthd(8) and testsaslauthd(8) man pages (#373)
Updates for additional SCRAM mechanisms
Fix sasl_decode64 and sasl_encode64 man pages
Tons of fixes for Sphinx
include:
sasl.h:
Allow up to 16 bits for security flags
lib:
checkpw.c:
Skip one call to strcat
Disable auxprop-hashed (#374)
client.c:
Use proper length for fully qualified domain names
common.c:
CVE-2019-19906 Fix off by one error (#587)
external.c:
fix EXTERNAL with non-terminated input (#689)
saslutil.c:
fix index_64 to be a signed char (#619)
plugins:
gssapi.c:
Emit debug log only in case of errors
ntlm.c:
Fail compile if MD4 is not available (#632)
sql.c:
Finish reading residual return data (#639)
CVE-2022-24407 Escape password for SQL insert/update commands.
sasldb:
db_gdbm.c:
fix gdbm_errno overlay from gdbm_close
DIGEST-MD5 plugin:
Prevent double free of RC4 context
Use OpenSSL RC4 implementation if available
SCRAM plugin:
Return BADAUTH on incorrect password (#545)
Add -224, -384, -512 (#552)
Remove SCRAM_HASH_SIZE
Add function to return SCRAM auth method name
Allocate enough memory in scam_setpass()
Add function to sort SCRAM methods by hash strength
Update windows build for newer SCRAM options
saslauthd:
auth_httpform.c:
Avoid signed overflow with non-ascii characters (#576)
auth_krb5.c:
support setting an explicit auth_krb5 server name
support setting an explicit servername with Heimdal
unify the MIT and Heimdal auth_krb5 implementations
Remove call to krbtf
auth_rimap.c:
provide native memmem implementation if missing
lak.c:
Allow LDAP_OPT_X_TLS_REQUIRE_CERT to be 0 (no certificate verification)
lak.h:
Increase supported DN length to 4096 (#626)
|
|
Added:
-Support custom file name for the exported keys (#4)
Changed:
-Switch to clap for argument parsing
-Update license copyright years
-Update lychee arguments
-Apply clippy::needless_borrow suggestion
-Add tests for custom file name
-Bump the Rust version in Dockerfile
-Bump dependencies
|
|
### Added
* CLI: The `--fix` flag has been added, allowing users to attempt to
automatically upgrade any vulnerable dependencies to the first safe version
available ([#212](https://github.com/trailofbits/pip-audit/pull/212),
[#222](https://github.com/trailofbits/pip-audit/pull/222))
* CLI: The combination of `--fix` and `--dry-run` is now supported, causing
`pip-audit` to perform the auditing step but not any resulting fix steps
([#223](https://github.com/trailofbits/pip-audit/pull/223))
* CLI: The `--require-hashes` flag has been added which can be used in
conjunction with `-r` to check that all requirements in the file have an
associated hash ([#229](https://github.com/trailofbits/pip-audit/pull/229))
* CLI: The `--index-url` flag has been added, allowing users to use custom
package indices when running with the `-r` flag
([#238](https://github.com/trailofbits/pip-audit/pull/238))
* CLI: The `--extra-index-url` flag has been added, allowing users to use
multiple package indices when running with the `-r` flag
([#238](https://github.com/trailofbits/pip-audit/pull/238))
### Changed
* `pip-audit`'s minimum Python version is now 3.7.
* CLI: The default output format is now correctly pluralized
([#221](https://github.com/trailofbits/pip-audit/pull/221))
* Output formats: The SBOM output formats (`--format=cyclonedx-xml` and
`--format=cyclonedx-json`) now use CycloneDX
[Schema 1.4](https://cyclonedx.org/docs/1.4/xml/)
([#216](https://github.com/trailofbits/pip-audit/pull/216))
* Vulnerability sources: When using PyPI as a vulnerability service, any hashes
provided in a requirements file are checked against those reported by PyPI
([#229](https://github.com/trailofbits/pip-audit/pull/229))
* Vulnerability sources: `pip-audit` now uniques each result based on its
alias set, reducing the amount of duplicate information in the default
columnar output format
([#232](https://github.com/trailofbits/pip-audit/pull/232))
* CLI: `pip-audit` now prints its output more frequently, including when
there are no discovered vulnerabilities but packages were skipped.
Similarly, "manifest" output formats (JSON, CycloneDX) are now emitted
unconditionally
([#240](https://github.com/trailofbits/pip-audit/pull/240))
### Fixed
* CLI: A regression causing excess output during `pip audit -r`
was fixed ([#226](https://github.com/trailofbits/pip-audit/pull/226))
|
|
1.3.0 (2022-01-24)
Feature
bom-ref for Component and Vulnerability default to a UUID (#142) (3953bb6)
1.2.0 (2022-01-24)
Feature
Add CPE to component (#138) (269ee15)
1.1.1 (2022-01-19)
Fix
Bump dependencies (#136) (18ec498)
1.1.0 (2022-01-13)
Feature
Add support for bom.metadata.component (#118) (1ac31f4)
1.0.0 (2022-01-13)
Support for CycloneDX schema version 1.4 (#108)
Breaking Changes
Support for CycloneDX 1.4. This includes:
Support for tools having externalReferences
Allowing version for a Component to be optional in 1.4
Support for releaseNotes per Component
Support for the core schema implementation of Vulnerabilities (VEX)
Features
$schema is now included in JSON BOMs
Concrete Parsers how now been moved into downstream projects to keep this libraries focus on modelling and outputting CycloneDX - see https://github.com/CycloneDX/cyclonedx-python
Fixes
Unit tests now include schema validation (we've left schema validation out of the core library due to dependency bloat)
Ensure schema is adhered to in 1.0
URIs are now used throughout the library through a new XsUri class to provide URI validation
Other
Documentation is now hosted on readthedocs.org (https://cyclonedx-python-library.readthedocs.io/)
Added reference to release of this library on Anaconda
0.12.3 (2021-12-15)
Fix
Removed requirements-parser as dependency (temp) as not available for Python 3 as Wheel (#98) (3677d9f)
0.12.2 (2021-12-09)
Fix
Tightened dependency packageurl-python (#95) (eb4ae5c)
0.12.1 (2021-12-09)
Fix
Further loosened dependency definitions (8bef6ec)
0.12.0 (2021-12-09)
Feature
Loosed dependency versions to make this library more consumable (55f10fb)
|
|
1.6.7 (2022-02-16)
* [CVE-2022-24953] Insert the end-of-options marker before operation
arguments [thomas-chauchefoin-sonarsource].
* Ignore tests/debug.log and .gitattributes itself.
|
|
|
|
|
|
|
|
A mostly platform independent method to obtain cryptographically strong
entropy (RDRAND, urandom, CryptAPI, and patches welcome).
|
|
|
|
A practical incremental and one-pass, pure API to the MD5 hash algorithm
(including HMAC support) with performance close to the fastest
implementations available in other languages.
The implementation is made in C with a haskell FFI wrapper that hides the C
implementation.
|
|
Noteworthy changes in version 2.2.34 (2022-02-07)
-------------------------------------------------
* gpgconf: Backport the improved option reading and writing code
from 2.3. [rG7a3a1ef370,T4788]
* gpgconf: Do not list ignored options and mark forced options as
read-only. [T5732]
* gpgconf: Correctly show registry entries with --show-configs.
[T5724]
* gpgconf: Add command aliases -L, -K, and -R. [rGf16c535eee]
* gpgconf: Tweak the use of the ldapserver option. [T5801]
* gpgconf: Make "--launch gpg-agent" work again. [rG5a7ed6dd8f]
* gpg: Accept Ed25519 private keys in modernized encoding. [T5120]
* gpg: Fix adding the list of ultimate trusted keys. [T5742]
* gpgsm: New option --ignore-cert-with-oid. [rGbcf446b70c]
* dirmngr: Avoid initial delay on the first keyserver access in
presence of --no-use-tor. [rGdde88897e2]
* scdaemon: Also prefer Yubikeys if no reader port is given.
[rG38c666ec3f]
* agent: Make missing strings translatable and update German and
Japanese translations. [T4777]
* ssh: Fix adding an ed25519 key with a zero length comment. [T5794]
* gpgtar: Create and handle extended headers to support long file
names. [T5754]
* Fix the creation of socket directories under Windows for non-ascii
account names. [rG7d1215cb9c]
* Improve the registry HKCU->HKLM fallback. [rG96db487a4d]
* Prettify the --help output of most commands.
|
|
|
|
A practical incremental and one-pass, pure API to the SHA-1 hash algorithm
(including HMAC support) with performance close to the fastest
implementations available in other languages.
The implementation is made in C with a haskell FFI wrapper that hides the C
implementation.
|
|
Noteworthy changes in version 1.10.0 (2022-02-01) [C24/A4/R0]
-------------------------------------------------
* New and extended interfaces:
- New control codes to check for FIPS 140-3 approved algorithms.
- New control code to switch into non-FIPS mode.
- New cipher modes SIV and GCM-SIV as specified by RFC-5297.
- Extended cipher mode AESWRAP with padding as specified by
RFC-5649. [T5752]
- New set of KDF functions.
- New KDF modes Argon2 and Balloon.
- New functions for combining hashing and signing/verification. [T4894]
* Performance:
- Improved support for PowerPC architectures.
- Improved ECC performance on zSeries/s390x by using accelerated
scalar multiplication.
- Many more assembler performance improvements for several
architectures.
* Bug fixes:
- Fix Elgamal encryption for other implementations.
[R5328,CVE-2021-40528]
- Fix alignment problem on macOS. [T5440]
- Check the input length of the point in ECDH. [T5423]
- Fix an abort in gcry_pk_get_param for "Curve25519". [T5490]
* Other features:
- The control code GCRYCTL_SET_ENFORCED_FIPS_FLAG is ignored
because it is useless with the FIPS 140-3 related changes.
- Update of the jitter entropy RNG code. [T5523]
- Simplification of the entropy gatherer when using the getentropy
system call.
|
|
1.0.18 (2022-01-26)
* Land #230, Update stdapi_fs_delete_dir to be recusive
|
|
No release note is available. Please refer commit log
<https://github.com/rapid7/metasploit-payloads/compare/v2.0.66...v2.0.74>
in details.
|
|
1.3.0 (2022-01-16)
* Bump rubocop dependencies. (#30)
* Add support for Ruby 3 & JRuby 9.3.0. (#31)
|
|
|
|
|
|
Version 1.5.7
New APIs: getFinished and getPeerFinished #445
Version 1.5.6
Dynamically setting enctypted extensions #444
|
|
No changelogs are provided by the upstream.
|
|
No changelogs are provided by the upstream.
|
|
No changelogs are provided by the upstream.
|
|
No changelogs are provided by the upstream.
|
|
0.6.2.0
* Safely prepare for when cabal factors out Cabal-syntax
0.6.1.0
* Support basic auth in package-indices (#252)
* Fix tests due to new aeson handling of unescaped control sequences (#256)
* Bump a lot of bounds on packages we depend on
|
|
No changelogs are provided by the upstream.
|
|
No changelogs are provided by the upstream.
|
|
No changelogs are provided by the upstream.
|
|
|
|
Certbot 1.23.0
Added
Added show_account subcommand, which will fetch the account information
from the ACME server and show the account details (account URL and, if
applicable, email address or addresses)
We deprecated support for Python 3.6 in Certbot and its ACME library.
Support for Python 3.6 will be removed in the next major release of Certbot.
Fixed
GCP Permission list for certbot-dns-google in plugin documentation
dns-digitalocean used the SOA TTL for newly created records, rather than 30 seconds.
Revoking a certificate based on an ECDSA key can now be done with --key-path.
|
|
3.14.1
Resolved issues
* Fixed memory leak for GMP integers.
|
|
From Claes Nästén in PR 56697
|
|
The option --enable-lzo was removed in 2011, the option
--enable-local-libopts was removed in January 2022.
Bump PKGREVISION.
|
|
v1.3.1 (21 January 2022)
- Add initial support for OAuth Mutual TLS (draft-ietf-oauth-mtls)
- Add eBay compliance fix
- Add Spotify OAuth 2 Tutorial
- Add support for python 3.8, 3.9
- Fixed LinkedIn Compliance Fixes
- Fixed ReadTheDocs Documentation and sphinx errors
- Moved pipeline to GitHub Actions
|
|
3.2.0 (2022-01-29)
------------------
OAuth2.0 Client:
* Add Device Authorization Flow for Web Application
* Add PKCE support for Client
* Fallback to none in case of wrong expires_at format.
OAuth2.0 Provider:
* Add support for CORS to metadata endpoint.
* Add support for CORS to token endpoint.
* Remove comma after Bearer in WWW-Authenticate
OAuth2.0 Provider - OIDC:
* Call save_token in Hybrid code flow
* OIDC add support of refreshing ID Tokens with `refresh_id_token`
* The RefreshTokenGrant modifiers now take the same arguments as the
AuthorizationCodeGrant modifiers (`token`, `token_handler`, `request`).
General:
* Added Python 3.9, 3.10, 3.11
* Improve Travis & Coverage
|
