summaryrefslogtreecommitdiff
path: root/security
AgeCommit message (Collapse)AuthorFilesLines
2022-08-31gnupg2: updated to 2.2.37adam3-7/+8
Noteworthy changes in version 2.2.37 (2022-08-24) ------------------------------------------------- * gpg: In de-vs mode use SHA-256 instead of SHA-1 as implicit preference. [T6043] * gpg: Actually show symmetric+pubkey encrypted data as de-vs compliant. Add extra compliance checks for symkey_enc packets. [T6119] * gpg: Request keygrip of key to be added via command-fd interface. [T5771] * gpg: Look up user ID to revoke by UID hash. [T5936] * gpg: Fix wrong error message for "keytocard". [T6122] * gpg: --card-status shows the application type for non-openpgp cards again. [rG8e393e2592] * gpg: The options --auto-key-import and --include-key-block are again listed by gpgconf. [T6138] * gpgsm: New option --compatibility-flags. [rG77b6896f7a] * agent: New options --no-user-trustlist and --sys-trustlist-name. [T5990] * agent: Track and update the Display-S/N of cards so that the "please insert card" prompt may now show more information. Use "gpg --card-status" to update stored card meta data. [T6135] * scd:openpgp: Fix problem with ECC algorithm attributes on Yubikeys. [rG225c66f13b87] * scd:openpgp: Fix problem with Yubikey 5.4 firmware. [T6070] * dirmngr: Ask keyservers to provide the key fingerprints. [T5741] * ssh: Allow authentication as used by OpenSSH's PQ crypto support. [T5935] * wkd: Fix path traversal attack in gpg-wks-server. Add the mail address to the pending request data. [rGc1489ca0e1, T6098] * gpgconf: Improve registry dumping. [rG6bc9592318] * Silence warnings from AllowSetForegroundWindow. [rG6583abedf3]
2022-08-30Apply upstream commit 0cb7bb4 to fall back to /dev/urandom on systemsschmonz9-6/+279
where getentropy() is not present. Bump PKGREVISION.
2022-08-30py-google-auth: update to 2.11.0sborrill3-15/+23
Changes since 1.34.0: 2.11.0 (2022-08-18) Features add integration tests for configurable token lifespan (#1103) (124bae6) Bug Fixes Async certificate retrieving (#1101) (05f125d) 2.10.0 (2022-08-05) Features add integration tests for pluggable auth (#1073) (f8d776a) support for configurable token lifetime (0dc6a9a) support for configurable token lifetime (#1079) (0dc6a9a) Bug Fixes async certificate decoding (#1085) (741c6c6) Async system tests were not unwrapping async_generators (#1086) (29d248a) Fix IDTokenCredentials update bug (#1072) (b62c25c) make expiration_time optional in response schema (#1091) (032fb8d) refactor credential subclass parameters (#1095) (8d15f69) 2.9.1 (2022-07-12) Bug Fixes there was a raise missing for throwing exceptions (#1077) (d1f17b0) 2.9.0 (2022-06-28) Features pluggable auth support (#1045) (de14f4e) 2.8.0 (2022-06-14) Features add experimental GDCH support (#1044) (94fb5e2) 2.7.0 (2022-06-07) Features add experimental enterprise cert support (#1052) (dda7dda) add experimental GDCH support (#1022) (5367aac) Pluggable auth support (#995) (62daa73) Bug Fixes validate urls for external accounts (#1031) (61b1f15) Reverts pluggable auth support #995 (#1039) (513d999) revert experimental GDCH support (#1022) (#1042) (c720995) Documentation fix changelog header to consistent size (#1046) (e64d084) 2.6.6 (2022-04-21) Bug Fixes silence TypeError during tear down stage (#1027) (952a6aa) 2.6.5 (2022-04-14) Bug Fixes add additional missing import in _default.py (#1018) (638331b) 2.6.4 (2022-04-12) Bug Fixes fix missing import in _default.py (#1015) (63f4e38) 2.6.3 (2022-04-06) Bug Fixes change requests lib import place (#1010) (c753c08) clean up HTTP session and pool during tear down phase (#1007) (d057376) pin click version and update sys test creds (#1008) (ae2804b) 2.6.2 (2022-03-16) Bug Fixes Rename aws imdsv2 url field and update token lifetime (#982) (818e6d2) Miscellaneous Chores let release-please finish the release (#991) (d2bdc9a) 2.6.1 (2022-02-09) Bug Fixes Add AWS session token to metadata requests (#958) (5c7f734) 2.6.0 (2022-01-31) Features ADC can load an impersonated service account credentials. (#962) (52c8ef9) Bug Fixes revert "feat: add api key support (#826)" (#964) (f9f23f4) 2.5.0 (2022-01-25) Features ADC can load an impersonated service account credentials. (#956) (a8eb4c8) 2.4.1 (2022-01-21) Bug Fixes urllib3 import (#953) (c8b5cae) 2.4.0 (2022-01-20) Features add 'py.typed' declaration (#919) (c993504) add api key support (#826) (3b15092) Bug Fixes deps: allow cachetools 5.0 for python 3.7+ (#937) (1eae37d) fix the message format for metadata server exception (#916) (e756f08) Documentation fix intersphinx link for 'requests-oauthlib' (#921) (967be4f) note ValueError in verify_oauth2_token (#928) (82bc5f0) 2.3.3 (2021-11-01) Bug Fixes add fetch_id_token_credentials (#866) (8f1e9cf) fix error in sign_bytes (#905) (ef31284) use 'int.to_bytes' and 'int.from_bytes' for py3 (#904) (bd0ccc5) 2.3.2 (2021-10-26) Bug Fixes add clock_skew_in_seconds to verify_token functions (#894) (8e95c1e) 2.3.1 (2021-10-21) Bug Fixes add back python 2.7 for gcloud usage only (#892) (5bd5ccf) Documentation Fix formatting of GCE_METADATA_HOST (#890) (e2b3c98) 2.3.0 (2021-10-07) Features add support for Python 3.10 (#882) (19d41f8) Bug Fixes ADC with impersonated workforce pools (#877) (10bd9fb) 2.2.1 (2021-09-28) Bug Fixes disable self signed jwt for domain wide delegation (#873) (0cd15e2) 2.2.0 (2021-09-21) Features add support for workforce pool credentials (#868) (993bab2) 2.1.0 (2021-09-10) Features Improve handling of clock skew (#858) (45c4491) Bug Fixes add SAML challenge to reauth (#819) (13aed5f) disable warning if quota project id provided to auth.default() (#856) (11ebaeb) rename CLOCK_SKEW and separate client/server user case (#863) (738611b) 2.0.2 (2021-08-25) Bug Fixes use 'int.to_bytes' rather than deprecated crypto wrapper (#848) (b79b554) use int.from_bytes (#846) (466aed9) 2.0.1 (2021-08-17) Bug Fixes normalize AWS paths correctly on windows (#842) (4e0fb1c) 2.0.0 (2021-08-16) BREAKING CHANGES drop support for Python 2.7 (#778) (560cf1e) Features service account is able to use a private token endpoint (#835) (20b817a) Bug Fixes downscoping documentation bugs (#830) (da8bb13) Fix missing space in error message. (#821) (7b03988) Documentation update user guide/references for downscoped creds (#827) (d1840dc)
2022-08-30py-google-auth-oauthlib: update to 0.5.2sborrill2-7/+6
Changes since 0.4.6: fix changelog header to consistent size. avoid deprecated "out-of-band" authentication flow deprecate OAuth out-of-band flow
2022-08-29ruby-oauth: does not support ruby 2.6 any longerwiz2-2/+6
2022-08-29Correct tyop, re-word sentence.hauke1-5/+4
2022-08-28security/ruby-vault: update to 0.17.0taca2-6/+6
0.17.0 (2022-05-11) IMPROVEMENTS * Added MissingRequiredStateErr error type to refer to 412s returned by Vault 1.10 when the WAL index on the node does not match the index in the Server-Side Consistent Token. This error type can be passed as a parameter to #with_retries, and will also be retried automatically when #with_retries is used with no parameters.
2022-08-28security/ruby-rex-text: update to 0.2.39taca2-6/+6
0.2.37 (2021-09-16) * Land #42, Update Ubuntu version & Ruby setup 0.2.38 (2022-06-29) * Land #44, Fix rex-text split string crash 0.2.39 (2022-08-08) * Land #47, Run ubuntu 22.04 in test matrix
2022-08-28security/ruby-rex-socket: update to 0.1.41taca2-6/+6
0.1.35 (2022-04-05) * Land #42, Add ruby 3.1.1 to test matrix 0.1.36 (2022-05-03) * Land #45, Allow explicitly setting peer hostname 0.1.37 (2022-05-03) * Land #46, fixes a bug caused by a missing require statement 0.1.38 (2022-05-03) * Land #44, Ignore trailing commas in range walker 0.1.39 (2022-05-09) * Land #48, Fix typo in ssl_tcp.rb Fixes #47 0.1.40 (2022-06-13) * Fix typo in README.md 0.1.41 (2022-08-02) * Land #50, Run ubuntu 22.04 in test matrix
2022-08-28security/ruby-rex-powershell: update to 0.1.96taca2-6/+6
0.1.95 (2022-02-14) * Land #39, Fix upgrading sessions on Windows 0.1.96 (2022-04-07) * Land #40, Add ruby 3.1.1 to test matrix
2022-08-28security/ruby-rex-mime: update to 0.1.7taca2-6/+6
0.1.7 (2022-03-07) * Land #2, Fix Multipart Boundary Fingerprint Issue
2022-08-28security/ruby-rex-exploitation: update to 0.1.35taca3-7/+8
0.1.29 (2022-03-07) * Land #30, Add 'no_proto' option to wget/curl/lwp-request command stagers 0.1.30 (2022-04-05) * Land #30, Add 'no_proto' option to wget/curl/lwp-request command stagers 0.1.31 (2022-07-01) * Land #32, Add ruby 3.1.1 to test matrix * Land #34, CmdStagerTFTP: Set payload filename; raise if tftphost is not set 0.1.32 (2022-07-11) * Land #35, add cmdstager tests 0.1.33 (2022-07-14) * Land #33, add FtpHttp cmdstager 0.1.34 (2022-07-18) * Land #37, Update spec tests 0.1.35 (2022-7-18) * Land #38, Add missing Rex::Exploitation::ObfuscateJS tests
2022-08-28security/ruby-rex-core: update to 0.1.28taca3-7/+8
0.1.21 (2022-01-25) * Land #21, Apply rubocop changes to socket_abstraction 0.1.22 (2022-01-26) * Land #23, GitHub actions for running tests 0.1.23 (2022-01-26) * Land #24, move verify.yml to workflows folder 0.1.24 (2022-01-26) * Land #24, move verify.yml to workflows folder 0.1.25 (2022-01-26) * Land #22, cherry pick of stream_server cleanup 0.1.26 (2022-02-15) * Land #20, Fix metasploit-framework#15968 (Multiple Socket Abstraction Bugs) 0.1.27 (2022-03-24) * Land #25, Stop refs being cloned or duped 0.1.28 (2022-04-05) * Land #26, Rex::Compat: open_browser: Prepend 'file://' to file URLs for Android
2022-08-28security/ruby-chef-vault: update to 4.1.10taca2-6/+6
4.1.6 (2022-01-07) * To add a workflow for Simplecov Report 4.1.7 (2022-01-17) * Add workstation team as code-owner * Avoid loading all of chef-vault unless we're running the plugin (#385) 4.1.8 (2022-04-10) * updated the HTTPServerException to HTTPClientException * Merge pull request #391 from chef/nikhil/updating-ruby-3.0/3.1 4.1.9 (2022-04-12) * Update chef-utils requirement from = 16.6.14 to 17.10.0 #394 (dependabot[bot]) * Update pry-stack_explorer requirement from ~> 0.4.0 to ~> 0.6.1 #395 (dependabot[bot]) 4.1.10 (2022-04-18) Merged Pull Requests * To integrate test coverage % report in PR creation or merge #387 (snehaldwivedi)
2022-08-28security/ruby-oauth: update to 1.0.0taca2-6/+6
1.0.0 (2022-08-23) The first "Stable Release" in terms of Semantic Versioning. The oldest supported Ruby, currently 2.7, will be dropped no later than April 2025, and a new major version of this gem will be released to drop Ruby 2.7 support (and possibly other stuff).
2022-08-28security/ruby-openssl-cmac: update to 2.0.2taca2-6/+6
2.0.2 (2022-07-29) * Fix calculation with openss3
2022-08-28security/ruby-openssl-ccm: update to 1.2.3taca2-6/+6
1.2.3 (2022-07-29) * Fix calculation with openssl3
2022-08-28security/ruby-metasploit-payloads: really update to 2.0.94taca2-6/+6
Reallu update to 2.0.94 not 2.0.93.
2022-08-28security/ruby-metasploit-payloads: update to 2.0.94taca3-7/+37
2.0.75 (2022-02-23) * Fix race condition when reading subprocess results * Fail on invalid impersonation levels 2.0.76 (2022-03-01) * Land #537, Fix race condition in pymet 2.0.77 (2022-03-01) * Update mimikatz to 61cd1b9168 2.0.78 (2022-03-25) * Build and ship debug builds for windows meterpreter * Don't modify strings you don't own * add AMD64 in get_system_arch * add case insensivity * Land #555, add AMD64 arch in get_system_arch() 2.0.79 (2022-04-01) * Fix PHP Meterpreter crashing when trying to close a resource * Land #553, Build and ship debug builds for windows meterpreter 2.0.80 (2022-04-01) * Land #560, add build debug version to r7_all 2.0.81 (2022-04-05) * Land #558, PHP Meterpreter v8.x Support - ensure already closed channels are not reclosed 2.0.82 (2022-04-12) * Fix AF_INET constants in PHP Meterpreter * Land #557, Add debug logfile to Python Meterpreter 2.0.83 (2022-04-12) * Land #559, Add logging prerequisites to PHP Meterpreter 2.0.84 (2022-04-26) * Update the kiwi extension * Various changes required for cross compilation * Land #564, Remove unused extension network pug 2.0.85 (2022-04-29) * Add REQUEST_IGNORE_BATTERY_OPTIMIZATIONS android permission * Land #563, Add logging to file capabilities to windows Meterpreter 2.0.86 (2022-05-03) * Land #566, Add REQUEST_IGNORE_BATTERY_OPTIMIZATIONS android permission 2.0.87 (2022-05-03) * Land #565, update mimikatz (the kiwi extension) 2.0.88 (2022-05-04) * Fix order of closing channels * Update to include ReflectiveDllInjection#12 * Land #562, Fix AF_INET constants in PHP Meterpreter 2.0.89 (2022-05-05) * Land #572, Fix argument order for array join 2.0.90 (2022-05-06) * Land #570, Fix order of closing channels 2.0.91 (2022-05-11) * Land #574, Remove logging artifacts that made their way into the release build 2.0.92 (2022-05-16) * Land #575, fix android meterpreter > play audio command 2.0.93 (2022-05-17) * Land #571, Update ReflectiveDLLInjection to include #12 and remove a few RWX memory sections. 2.0.94 (2022-06-23) * Land #577, Add 6th getsystem technique EfsPotato
2022-08-28security/ruby-metasploit-model: update to 4.0.6taca2-6/+6
4.0.4 (20220-4-07) * Add ruby 3.1.1 to test matrix 4.0.5 (2022-06-17) * Add login status enum for incorrect public part 4.0.6 (2022-08-02) * Run ubuntu 22.04 in test matrix
2022-08-28security/ruby-metasploit-concern: update to 4.0.4taca2-6/+6
4.0.4 (2022-04-05) * Add ruby 3.1.1 to test matrix.
2022-08-28security/ruby-bcrypt: update to 3.1.18taca3-9/+8
3.1.17 (2022-05-14) * Unlock GVL when calculating hashes and salts [GH #260] * Fix compilation warnings in `ext/mri/bcrypt_ext.c` [GH #261] 3.1.18 (2022-05-16) * Fix regex in validators to use \A and \z instead of ^ and $ [GH #121] * Truncate secrets greater than 72 bytes in hash_secret [GH #255] * Assorted test and doc improvements
2022-08-28security/ruby-airbrussh: update to 1.4.1taca3-9/+8
1.4.1 (2022-07-23) This is a gem housekeeping release. No user-facing changes. Housekeeping * Rename default branch to main (#140) @mattbrictson * Include link to full diff in generated release notes (#144) @mattbrictson * Replace Travis with CircleCI and add Ruby 3.0 and 3.1 to CI matrix (#138) @mattbrictson * Upgrade to modern version of coveralls gem (#143) @mattbrictson * Update appveyor to use a more modern version of Ruby (2.6) (#142) @mattbrictson * Fix build failures on Ruby < 2.5 (#141) @mattbrictson * Simplify release-drafter config (#139) @mattbrictson
2022-08-25Update to 20220814. From the changelog:schmonz2-7/+7
- proxyprotocol cleanup - v2 removed - switched to buffer lib. - man page fixed many typos - tlswrapper-smtp update, added postgrey support - randombytes based on getentropy() insted of /dev/urandom - big cleanup in the code
2022-08-24py-gnupg: updated to 0.5.0adam2-6/+6
0.5.0 This is an enhancement and bug-fix release, and all users are encouraged to upgrade.
2022-08-23*: switch to appropriate py-dns versionwiz1-2/+2
2022-08-22prelude: remove from pkgsrctnn101-3335/+1
prelude is unmaintained in pkgsrc since 2009 and is several major versions behind. This makes it useless for it's intended purpose as an intrusion detection system. Can be revived if/when there is an interested maintainer. But it's probably easier to start from scratch given how stale these packages were.
2022-08-22merkletree: provide fallback declaration of MINtnn1-0/+3
2022-08-22oath-toolkit: update to 2.6.7sborrill11-39/+274
Changes since 2.4.1: Version 2.6.7 (released 2021-05-01) pam_oath: Support variables in usersfile string parameter. the usersfile string in the pam_oath configuration file. The placeholder values allow the user credentials file to be stored in a file path that is relative to the user, and mimics similar behavior found in google-authenticator-libpam. The motivation for these changes is to allow for non-privileged processes to use pam_oath (e.g., for 2FA with xscreensaver). Non-privileged and non-suid programs are unable to use pam_oath. These changes are a proposed alternative to a suid helper binary as well. Thanks to Jason Graham for the patch. See https://gitlab.com/oath-toolkit/oath-toolkit/-/merge_requests/12. doc: Fix project URL in man pages. Thanks to Jason Graham for the patch. Fixes https://gitlab.com/oath-toolkit/oath-toolkit/-/issues/19. build: Drop use of libxml's AM_PATH_XML2 in favor of pkg-config. build: Modernize autotools usage. Most importantly, no longer use -Werror with AM_INIT_AUTOMAKE to make rebuilding from source more safe with future automake versions. Updated gnulib files. Version 2.6.6 (released 2021-01-20) oathtool: Handle HOTP --counter values larger than 0x7FFFFFFFFFFFFFFF. Thanks to Jason Lai for report. doc: GTK-DOC manual improvements. Updated gnulib files. Fixes test-parse-datetime self-check. Fixes https://gitlab.com/oath-toolkit/oath-toolkit/-/issues/20. Version 2.6.5 (released 2020-12-29) oathtool: Support for reading KEY and OTP from standard input or filename. KEY and OTP may now be given as - to mean stdin, or @FILE to read from a particular file. This is recommended on multi-user systems, since secrets as command line parameters leak. Based on a patch from Ian Jackson. Fixes #6. pam_oath: Fix unlikely logic fail on out of memory conditions. Patch from Matthias Gerstner. Doc fixes. Version 2.6.4 (released 2020-11-11) libpskc: New --with-xmlsec-crypto-engine to hard-code crypto engine. Fixes https://gitlab.com/oath-toolkit/oath-toolkit/-/issues/16. Use it like --with-xmlsec-crypto-engine=gnutls or --with-xmlsec-crypto-engine=openssl if the default dynamic loading fails because of runtime linker search path issues. oathtool --totp --verbose now prints TOTP hash mode. Fixes https://gitlab.com/oath-toolkit/oath-toolkit/-/issues/4. oathtool: Hash names (e.g., SHA256) for --totp are now upper case. Fixes https://gitlab.com/oath-toolkit/oath-toolkit/-/issues/3. Lower/mixed case hash names are supported for compatibility. pam_oath: Fail gracefully for missing users. Fixes https://savannah.nongnu.org/support/index.php?109111. This allows you to incrementally add support for OATH authentication instead of forcing it on all users. See updated pam_oath/README on the [user_unknown=ignore success=ok] parameter that can now be supplied to PAM configuration. Patch by Antoine Beaupra Fix libpskc memory corruption bug. Fixes https://savannah.nongnu.org/support/?108736. Thanks to David Woodhouse and Jaroslav A karvada for report, self check and patch. Fix man pages. Fixes https://savannah.nongnu.org/support/?108312. Thanks to Jaroslav A karvada for the patch. Build fixes. Version 2.6.3 (released 2020-11-07) pam_oath: Fix self-tests. build: Update gnulib. Fix compiler warnings. Doc fixes. Version 2.6.2 (released 2016-08-27) doc: Version controlled source code repository moved to GitLab. Version 2.6.1 (released 2015-07-31) liboath: Fix make check on 32-bit systems. Report and patch by Christian Hesse. Version 2.6.0 (released 2015-05-19) liboath: Support TOTP with HMAC-SHA256 and HMAC-SHA512. This adds new APIs oath_totp_generate2, oath_totp_validate4 and oath_totp_validate4_callback. oathtool: The --totp parameter now take an optional argument to specify MAC. For example use --totp=sha256 to use HMAC-SHA256. When --totp is used the default HMAC-SHA1 is used, as before. pam_oath: Mention in README that you shouldn???t use insecure keys. Suggested by Robin. pam_oath: Check return value from strdup. Patch by Eero Hakkinen. The files gdoc and expect.oath are now included in the tarball. Suggested by Jaroslav A karvada.
2022-08-19gpgme: add patch from upstream to not require C++14tnn3-3/+60
2022-08-18py-asyncssh: updated to 2.12.0adam3-8/+11
Release 2.12.0 (10 Aug 2022) ---------------------------- * Added top-level functions run_client() and run_server() which allow you to begin running an SSH client or server on an already-connected socket. This capability is also available via a new "sock" argument in the existing connect(), connect_reverse(), get_server_host_key(), and get_server_auth_methods() functions. * Added "sock" argument to listen() and listen_reverse() functions which takes an already-bound listening socket instead of a host and port to bind a new socket to. * Added support for forwarding break, signal, and terminal size updates when redirection of stdin is set up between two SSHProcess instances. * Added support for sntrup761x25519-sha512@openssh.com post-quantum key exchange algorithm. For this to be available, the Open Quantum Safe (liboqs) dynamic library must be installed. * Added "sig_alg" argument to set a signature algorithm when creating OpenSSH certificates, allowing a choice between ssh-rsa, rsa-sha2-256, and rsa-sha2-512 for certificates signed by RSA keys. * Added new read_parallel() method in SFTPClientFile which allows parallel reads to be performed from a remote file, delivering incremental results as these reads complete. Previously, large reads would automatically be parallelized, but a result was only returned after all reads completed. * Added definition of __all__ for public symbols in AsyncSSH to make pyright autocompletion work better. Thanks go to Nicolas Riebesel for providing this change. * Updated SFTP and SCP glob and copy functions to use scandir() instead of listdir() to improve efficiency. * Updated default for "ignore_encrypted" client connection option to ignore encrypted keys specified in an OpenSSH config file when no passphrase is provided, similar to what was previosuly done for keys with default names. * Fixed an issue when using an SSH agent with RSA keys and an X.509 certificate while requesting SHA-2 signatures. * Fixed an issue with use of expanduser() in unit tests on newer versions of Python. Thanks go to Georg Sauthoff for providing an initial version of this fix. * Fixed an issue with fallback to a Pageant agent not working properly on Windows when no agent_path or SSH_AUTH_SOCK was set. * Fixed improper escaping in readuntil(), causing certain punctuation in separator to not match properly. Thanks go to Github user MazokuMaxy for reporting this issue. * Fixed the connection close handler to properly mark channels as fully closed when the peer unexpected closes the connection, allowing exceptions to fire if an application continues to try and use the channel. Thanks go to Taha Jahangir for reporting this issue and suggesting a possible fix. * Eliminated unit testing against OpenSSH for tests involving DSA and RSA keys using SHA-1 signatures, since this support is being dropped in some distributions of OpenSSH. These tests are still performed, but using only AsyncSSH code. Thanks go to Ken Dreyer and Georg Sauthoff for reporting this issue and helping me to reproduce it.
2022-08-18fix copy-pastetnn1-2/+2
2022-08-18gpgme: filed upstream bugtnn1-2/+2
2022-08-18security/gpg-tui: update to 0.9.1pin3-195/+243
[0.9.1] - 2022-08-18 Added Support setting the detail level via config or args (#44) Changed Enable GitHub Sponsors for funding Apply clippy lints for tests Bump dependencies Set MSRV to 1.57.0 Fixed Apply clippy lints Update test preparation script about gpg directories Removed Remove broken link from README.md
2022-08-17gpgme: needs C++14 nowtnn1-2/+2
2022-08-17gpgme: update to 1.18.0.wiz3-7/+8
Noteworthy changes in version 1.18.0 (2022-08-10) ------------------------------------------------- * New keylist mode to force refresh via external methods. [T5951] * The keylist operations now create an import result to report the result of the locate keylist modes. [T5951] * core: Return BAD_PASSPHRASE error code on symmetric decryption failure. [T5939] * cpp, qt: Do not export internal symbols anymore. [T5906] * cpp, qt: Support revocation of own OpenPGP keys. [T5904] * qt: The file name of (signed and) encrypted data can now be set. [T6056] * cpp, qt: Support setting the primary user ID. [T5938] * python: Fix segv(NULL) when inspecting contect after exeception. [T6060]
2022-08-17Vaultwarden is a Bitwarden server API implementation written in Rust,hauke11-1/+1833
compatible with upstream Bitwarden password manager clients. It is well-suited for self-hosted deployment, where running the official resource-heavy service might not be ideal.
2022-08-12Revbump all Go packages after go118 security updatebsiegert9-17/+18
2022-08-11p5-Crypt-SMIME: add pkg-config to tools to fix buildwiz1-3/+5
2022-08-11security/Makefile: + mbedtls3wiz1-1/+2
2022-08-11security/mbedtls3: import mbedtls3-3.2.1wiz6-0/+253
mbed TLS (formerly known as PolarSSL) makes it trivially easy for developers to include cryptographic and SSL/TLS capabilities in their (embedded) products, facilitating this functionality with a minimal coding footprint. This contains major version 3 of the library, which is not backwards compatible to version 2.
2022-08-11mbedtls: mark this as the 'old stable 2.x branch'wiz2-5/+9
2022-08-11*: recursive PKGREVISION bump for mbedtls shlib major increaseswiz3-6/+6
2022-08-11mbedtls: update to 2.28.1.wiz4-12/+17
= Mbed TLS 2.28.1 branch released 2022-07-11 Default behavior changes * mbedtls_cipher_set_iv will now fail with ChaCha20 and ChaCha20+Poly1305 for IV lengths other than 12. The library was silently overwriting this length with 12, but did not inform the caller about it. Fixes #4301. Features * When MBEDTLS_PSA_CRYPTO_CONFIG is enabled, you may list the PSA crypto feature requirements in the file named by the new macro MBEDTLS_PSA_CRYPTO_CONFIG_FILE instead of the default psa/crypto_config.h. Furthermore you may name an additional file to include after the main file with the macro MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE. Security * Zeroize dynamically-allocated buffers used by the PSA Crypto key storage module before freeing them. These buffers contain secret key material, and could thus potentially leak the key through freed heap. * Fix a potential heap buffer overread in TLS 1.2 server-side when MBEDTLS_USE_PSA_CRYPTO is enabled, an opaque key (created with mbedtls_pk_setup_opaque()) is provisioned, and a static ECDH ciphersuite is selected. This may result in an application crash or potentially an information leak. * Fix a buffer overread in DTLS ClientHello parsing in servers with MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled. An unauthenticated client or a man-in-the-middle could cause a DTLS server to read up to 255 bytes after the end of the SSL input buffer. The buffer overread only happens when MBEDTLS_SSL_IN_CONTENT_LEN is less than a threshold that depends on the exact configuration: 258 bytes if using mbedtls_ssl_cookie_check(), and possibly up to 571 bytes with a custom cookie check function. Reported by the Cybeats PSI Team. Bugfix * Fix a memory leak if mbedtls_ssl_config_defaults() is called twice. * Fix several bugs (warnings, compiler and linker errors, test failures) in reduced configurations when MBEDTLS_USE_PSA_CRYPTO is enabled. * Fix a bug in (D)TLS curve negotiation: when MBEDTLS_USE_PSA_CRYPTO was enabled and an ECDHE-ECDSA or ECDHE-RSA key exchange was used, the client would fail to check that the curve selected by the server for ECDHE was indeed one that was offered. As a result, the client would accept any curve that it supported, even if that curve was not allowed according to its configuration. Fixes #5291. * Fix unit tests that used 0 as the file UID. This failed on some implementations of PSA ITS. Fixes #3838. * Fix API violation in mbedtls_md_process() test by adding a call to mbedtls_md_starts(). Fixes #2227. * Fix compile errors when MBEDTLS_HAVE_TIME is not defined. Add tests to catch bad uses of time.h. * Fix the library search path when building a shared library with CMake on Windows. * Fix bug in the alert sending function mbedtls_ssl_send_alert_message() potentially leading to corrupted alert messages being sent in case the function needs to be re-called after initially returning MBEDTLS_SSL_WANT_WRITE. Fixes #1916. * In configurations with MBEDTLS_SSL_DTLS_CONNECTION_ID enabled but none of MBEDTLS_SSL_HW_RECORD_ACCEL, MBEDTLS_SSL_EXPORT_KEYS or MBEDTLS_DEBUG_C, DTLS handshakes using CID would crash due to a null pointer dereference. Fix this. Fixes #3998. * Fix incorrect documentation of mbedtls_x509_crt_profile. The previous documentation stated that the `allowed_pks` field applies to signatures only, but in fact it does apply to the public key type of the end entity certificate, too. Fixes #1992. * Fix PSA cipher multipart operations using ARC4. Previously, an IV was required but discarded. Now, an IV is rejected, as it should be. * Fix undefined behavior in mbedtls_asn1_find_named_data(), where val is not NULL and val_len is zero. * psa_raw_key_agreement() now returns PSA_ERROR_BUFFER_TOO_SMALL when applicable. Fixes #5735. * Fix a bug in the x25519 example program where the removal of MBEDTLS_ECDH_LEGACY_CONTEXT caused the program not to run. Fixes #4901 and #3191. * Encode X.509 dates before 1/1/2000 as UTCTime rather than GeneralizedTime. Fixes #5465. * Fix order value of curve x448. * Fix string representation of DNs when outputting values containing commas and other special characters, conforming to RFC 1779. Fixes #769. * Silence a warning from GCC 12 in the selftest program. Fixes #5974. * Fix mbedtls_asn1_write_mpi() writing an incorrect encoding of 0. * Fix resource leaks in mbedtls_pk_parse_public_key() in low memory conditions. * Fix server connection identifier setting for outgoing encrypted records on DTLS 1.2 session resumption. After DTLS 1.2 session resumption with connection identifier, the Mbed TLS client now properly sends the server connection identifier in encrypted record headers. Fix #5872. * Fix a null pointer dereference when performing some operations on zero represented with 0 limbs (specifically mbedtls_mpi_mod_int() dividing by 2, and mbedtls_mpi_write_string() in base 2). * Fix record sizes larger than 16384 being sometimes accepted despite being non-compliant. This could not lead to a buffer overflow. In particular, application data size was already checked correctly. Changes * Assume source files are in UTF-8 when using MSVC with CMake. = mbed TLS 2.28.0 branch released 2021-12-17 API changes * Some fields of mbedtls_ssl_session and mbedtls_ssl_config are in a different order. This only affects applications that define such structures directly or serialize them. Requirement changes * Sign-magnitude and one's complement representations for signed integers are not supported. Two's complement is the only supported representation. Removals * Remove config option MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES, which allowed SHA-1 in the default TLS configuration for certificate signing. It was intended to facilitate the transition in environments with SHA-1 certificates. SHA-1 is considered a weak message digest and its use constitutes a security risk. * Remove the partial support for running unit tests via Greentea on Mbed OS, which had been unmaintained since 2018. Features * The identifier of the CID TLS extension can be configured by defining MBEDTLS_TLS_EXT_CID at compile time. * Warn if errors from certain functions are ignored. This is currently supported on GCC-like compilers and on MSVC and can be configured through the macro MBEDTLS_CHECK_RETURN. The warnings are always enabled (where supported) for critical functions where ignoring the return value is almost always a bug. Enable the new configuration option MBEDTLS_CHECK_RETURN_WARNING to get warnings for other functions. This is currently implemented in the AES, DES and md modules, and will be extended to other modules in the future. * Add missing PSA macros declared by PSA Crypto API 1.0.0: PSA_ALG_IS_SIGN_HASH, PSA_ALG_NONE, PSA_HASH_BLOCK_LENGTH, PSA_KEY_ID_NULL. * Add new API mbedtls_ct_memcmp for constant time buffer comparison. * Add PSA API definition for ARIA. Security * Zeroize several intermediate variables used to calculate the expected value when verifying a MAC or AEAD tag. This hardens the library in case the value leaks through a memory disclosure vulnerability. For example, a memory disclosure vulnerability could have allowed a man-in-the-middle to inject fake ciphertext into a DTLS connection. * In psa_cipher_generate_iv() and psa_cipher_encrypt(), do not read back from the output buffer. This fixes a potential policy bypass or decryption oracle vulnerability if the output buffer is in memory that is shared with an untrusted application. * Fix a double-free that happened after mbedtls_ssl_set_session() or mbedtls_ssl_get_session() failed with MBEDTLS_ERR_SSL_ALLOC_FAILED (out of memory). After that, calling mbedtls_ssl_session_free() and mbedtls_ssl_free() would cause an internal session buffer to be free()'d twice. Bugfix * Stop using reserved identifiers as local variables. Fixes #4630. * The GNU makefiles invoke python3 in preference to python except on Windows. The check was accidentally not performed when cross-compiling for Windows on Linux. Fix this. Fixes #4774. * Prevent divide by zero if either of PSA_CIPHER_ENCRYPT_OUTPUT_SIZE() or PSA_CIPHER_UPDATE_OUTPUT_SIZE() were called using an asymmetric key type. * Fix a parameter set but unused in psa_crypto_cipher.c. Fixes #4935. * Don't use the obsolete header path sys/fcntl.h in unit tests. These header files cause compilation errors in musl. Fixes #4969. * Fix missing constraints on x86_64 and aarch64 assembly code for bignum multiplication that broke some bignum operations with (at least) Clang 12. Fixes #4116, #4786, #4917, #4962. * Fix mbedtls_cipher_crypt: AES-ECB when MBEDTLS_USE_PSA_CRYPTO is enabled. * Failures of alternative implementations of AES or DES single-block functions enabled with MBEDTLS_AES_ENCRYPT_ALT, MBEDTLS_AES_DECRYPT_ALT, MBEDTLS_DES_CRYPT_ECB_ALT or MBEDTLS_DES3_CRYPT_ECB_ALT were ignored. This does not concern the implementation provided with Mbed TLS, where this function cannot fail, or full-module replacements with MBEDTLS_AES_ALT or MBEDTLS_DES_ALT. Reported by Armelle Duboc in #1092. * Some failures of HMAC operations were ignored. These failures could only happen with an alternative implementation of the underlying hash module. * Fix the error returned by psa_generate_key() for a public key. Fixes #4551. * Fix the build of sample programs when neither MBEDTLS_ERROR_C nor MBEDTLS_ERROR_STRERROR_DUMMY is enabled. * Fix PSA_ALG_RSA_PSS verification accepting an arbitrary salt length. This algorithm now accepts only the same salt length for verification that it produces when signing, as documented. Use the new algorithm PSA_ALG_RSA_PSS_ANY_SALT to accept any salt length. Fixes #4946. * The existing predicate macro name PSA_ALG_IS_HASH_AND_SIGN is now reserved for algorithm values that fully encode the hashing step, as per the PSA Crypto API specification. This excludes PSA_ALG_RSA_PKCS1V15_SIGN_RAW and PSA_ALG_ECDSA_ANY. The new predicate macro PSA_ALG_IS_SIGN_HASH covers all algorithms that can be used with psa_{sign,verify}_hash(), including these two. * Fix issue in Makefile on Linux with SHARED=1, that caused shared libraries not to list other shared libraries they need. * Fix a bug in mbedtls_gcm_starts() when the bit length of the iv exceeds 2^32. Fixes #4884. * Fix an uninitialized variable warning in test_suite_ssl.function with GCC version 11. * Fix the build when no SHA2 module is included. Fixes #4930. * Fix the build when only the bignum module is included. Fixes #4929. * Fix a potential invalid pointer dereference and infinite loop bugs in pkcs12 functions when the password is empty. Fix the documentation to better describe the inputs to these functions and their possible values. Fixes #5136. * The key usage flags PSA_KEY_USAGE_SIGN_MESSAGE now allows the MAC operations psa_mac_compute() and psa_mac_sign_setup(). * The key usage flags PSA_KEY_USAGE_VERIFY_MESSAGE now allows the MAC operations psa_mac_verify() and psa_mac_verify_setup(). Changes * Set config option MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE to be disabled by default. * Improve the performance of base64 constant-flow code. The result is still slower than the original non-constant-flow implementation, but much faster than the previous constant-flow implementation. Fixes #4814. * Indicate in the error returned if the nonce length used with ChaCha20-Poly1305 is invalid, and not just unsupported. * The mbedcrypto library includes a new source code module constant_time.c, containing various functions meant to resist timing side channel attacks. This module does not have a separate configuration option, and functions from this module will be included in the build as required. Currently most of the interface of this module is private and may change at any time. = mbed TLS 2.27.0 branch released 2021-07-07 API changes * Update AEAD output size macros to bring them in line with the PSA Crypto API version 1.0 spec. This version of the spec parameterizes them on the key type used, as well as the key bit-size in the case of PSA_AEAD_TAG_LENGTH. The old versions of these macros were renamed and deprecated as follows: - PSA_AEAD_TAG_LENGTH -> PSA_AEAD_TAG_LENGTH_1_ARG - PSA_AEAD_ENCRYPT_OUTPUT_SIZE -> PSA_AEAD_ENCRYPT_OUTPUT_SIZE_2_ARG - PSA_AEAD_DECRYPT_OUTPUT_SIZE -> PSA_AEAD_DECRYPT_OUTPUT_SIZE_2_ARG - PSA_AEAD_UPDATE_OUTPUT_SIZE -> PSA_AEAD_UPDATE_OUTPUT_SIZE_2_ARG - PSA_AEAD_FINISH_OUTPUT_SIZE -> PSA_AEAD_FINISH_OUTPUT_SIZE_1_ARG - PSA_AEAD_VERIFY_OUTPUT_SIZE -> PSA_AEAD_VERIFY_OUTPUT_SIZE_1_ARG * Implement one-shot cipher functions, psa_cipher_encrypt and psa_cipher_decrypt, according to the PSA Crypto API 1.0.0 specification. Requirement changes * The library now uses the %zu format specifier with the printf() family of functions, so requires a toolchain that supports it. This change does not affect the maintained LTS branches, so when contributing changes please bear this in mind and do not add them to backported code. Features * Add mbedtls_rsa_rsassa_pss_sign_ext() function allowing to generate a signature with a specific salt length. This function allows to validate test cases provided in the NIST's CAVP test suite. Contributed by Cédric Meuter in PR #3183. * Added support for built-in driver keys through the PSA opaque crypto driver interface. Refer to the documentation of MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS for more information. * Implement psa_sign_message() and psa_verify_message(). * The new function mbedtls_mpi_random() generates a random value in a given range uniformly. * Implement psa_mac_compute() and psa_mac_verify() as defined in the PSA Cryptograpy API 1.0.0 specification. * MBEDTLS_ECP_MAX_BITS is now determined automatically from the configured curves and no longer needs to be configured explicitly to save RAM. Security * Fix a bias in the generation of finite-field Diffie-Hellman-Merkle (DHM) private keys and of blinding values for DHM and elliptic curves (ECP) computations. Reported by FlorianF89 in #4245. * Fix a potential side channel vulnerability in ECDSA ephemeral key generation. An adversary who is capable of very precise timing measurements could learn partial information about the leading bits of the nonce used for the signature, allowing the recovery of the private key after observing a large number of signature operations. This completes a partial fix in Mbed TLS 2.20.0. * It was possible to configure MBEDTLS_ECP_MAX_BITS to a value that is too small, leading to buffer overflows in ECC operations. Fail the build in such a case. * An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) could recover an RSA private key after observing the victim performing a single private-key operation. Found and reported by Zili KOU, Wenjian HE, Sharad Sinha, and Wei ZHANG. * An adversary with access to precise enough timing information (typically, a co-located process) could recover a Curve25519 or Curve448 static ECDH key after inputting a chosen public key and observing the victim performing the corresponding private-key operation. Found and reported by Leila Batina, Lukas Chmielewski, Björn Haase, Niels Samwel and Peter Schwabe. Bugfix * Add printf function attributes to mbedtls_debug_print_msg to ensure we get printf format specifier warnings. * Fix premature fopen() call in mbedtls_entropy_write_seed_file which may lead to seed file corruption in the case where the path to the seed file is equal to MBEDTLS_PLATFORM_STD_NV_SEED_FILE. Contributed by Victor Krasnoshchok in #3616. * PSA functions other than psa_open_key now return PSA_ERROR_INVALID_HANDLE rather than PSA_ERROR_DOES_NOT_EXIST for an invalid handle, bringing them in line with version 1.0.0 of the specification. Fix #4162. * PSA functions creating a key now return PSA_ERROR_INVALID_ARGUMENT rather than PSA_ERROR_INVALID_HANDLE when the identifier specified for the key to create is not valid, bringing them in line with version 1.0.0 of the specification. Fix #4271. * Fix some cases in the bignum module where the library constructed an unintended representation of the value 0 which was not processed correctly by some bignum operations. This could happen when mbedtls_mpi_read_string() was called on "-0", or when mbedtls_mpi_mul_mpi() and mbedtls_mpi_mul_int() was called with one of the arguments being negative and the other being 0. Fixes #4643. * Fix a bug in ECDSA that would cause it to fail when the hash is all-bits zero. Fixes #1792 * Fix a compilation error when MBEDTLS_ECP_RANDOMIZE_MXZ_ALT is defined. Fixes #4217. * Fix an incorrect error code when parsing a PKCS#8 private key. * In a TLS client, enforce the Diffie-Hellman minimum parameter size set with mbedtls_ssl_conf_dhm_min_bitlen() precisely. Before, the minimum size was rounded down to the nearest multiple of 8. * In library/net_sockets.c, _POSIX_C_SOURCE and _XOPEN_SOURCE are defined to specific values. If the code is used in a context where these are already defined, this can result in a compilation error. Instead, assume that if they are defined, the values will be adequate to build Mbed TLS. * The cipher suite TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 was not available when SHA-1 was disabled and was offered when SHA-1 was enabled but SHA-384 was disabled. Fix the dependency. Fixes #4472. * Do not offer SHA384 cipher suites when SHA-384 is disabled. Fixes #4499. * With MBEDTLS_PSA_CRYPTO_C disabled, some functions were getting built nonetheless, resulting in undefined reference errors when building a shared library. Reported by Guillermo Garcia M. in #4411. * Fix test suite code on platforms where int32_t is not int, such as Arm Cortex-M. Fixes #4530. * Fix some issues affecting MBEDTLS_ARIA_ALT implementations: a misplaced directive in a header and a missing initialization in the self-test. * Fix a missing initialization in the Camellia self-test, affecting MBEDTLS_CAMELLIA_ALT implementations. * Restore the ability to configure PSA via Mbed TLS options to support RSA key pair operations but exclude RSA key generation. When MBEDTLS_GENPRIME is not defined PSA will no longer attempt to use mbedtls_rsa_gen_key(). Fixes #4512. * Fix a regression introduced in 2.24.0 which broke (D)TLS CBC ciphersuites (when the encrypt-then-MAC extension is not in use) with some ALT implementations of the underlying hash (SHA-1, SHA-256, SHA-384), causing the affected side to wrongly reject valid messages. Fixes #4118. * Remove outdated check-config.h check that prevented implementing the timing module on Mbed OS. Fixes #4633. * Fix PSA_ALG_TLS12_PRF and PSA_ALG_TLS12_PSK_TO_MS being too permissive about missing inputs. * Fix mbedtls_net_poll() and mbedtls_net_recv_timeout() often failing with MBEDTLS_ERR_NET_POLL_FAILED on Windows. Fixes #4465. * Fix a resource leak in a test suite with an alternative AES implementation. Fixes #4176. * Fix a crash in mbedtls_mpi_debug_mpi on a bignum having 0 limbs. This could notably be triggered by setting the TLS debug level to 3 or above and using a Montgomery curve for the key exchange. Reported by lhuang04 in #4578. Fixes #4608. * psa_verify_hash() was relying on implementation-specific behavior of mbedtls_rsa_rsassa_pss_verify() and was causing failures in some _ALT implementations. This reliance is now removed. Fixes #3990. * Disallow inputs of length different from the corresponding hash when signing or verifying with PSA_ALG_RSA_PSS (The PSA Crypto API mandates that PSA_ALG_RSA_PSS uses the same hash throughout the algorithm.) * Fix a null pointer dereference when mbedtls_mpi_exp_mod() was called with A=0 represented with 0 limbs. Up to and including Mbed TLS 2.26, this bug could not be triggered by code that constructed A with one of the mbedtls_mpi_read_xxx functions (including in particular TLS code) since those always built an mpi object with at least one limb. Credit to OSS-Fuzz. Fixes #4641. * Fix mbedtls_mpi_gcd(G,A,B) when the value of B is zero. This had no effect on Mbed TLS's internal use of mbedtls_mpi_gcd(), but may affect applications that call mbedtls_mpi_gcd() directly. Fixes #4642. * The PSA API no longer allows the creation or destruction of keys with a read-only lifetime. The persistence level PSA_KEY_PERSISTENCE_READ_ONLY can now only be used as intended, for keys that cannot be modified through normal use of the API. * When MBEDTLS_PSA_CRYPTO_SPM is enabled, crypto_spe.h was not included in all the right places. Include it from crypto_platform.h, which is the natural place. Fixes #4649. * mbedtls_pk_sign() and mbedtls_pk_verify() and their extended and restartable variants now always honor the specified hash length if nonzero. Before, for RSA, hash_len was ignored in favor of the length of the specified hash algorithm. * Fix which alert is sent in some cases to conform to the applicable RFC: on an invalid Finished message value, an invalid max_fragment_length extension, or an unsupported extension used by the server. * Correct (change from 12 to 13 bytes) the value of the macro describing the maximum nonce length returned by psa_aead_generate_nonce(). Changes * Add extra printf compiler warning flags to builds. * Fix memsan build false positive in x509_crt.c with Clang 11 * Fix the setting of the read timeout in the DTLS sample programs. * Remove the AES sample application programs/aes/aescrypt2 which shows bad cryptographic practice. Fix #1906. * Alternative implementations of CMAC may now opt to not support 3DES as a CMAC block cipher, and still pass the CMAC self test. * Remove configs/config-psa-crypto.h, which was identical to the default configuration except for having some extra cryptographic mechanisms enabled and for unintended differences. This configuration was primarily intended to demonstrate the PSA API, and lost most of its usefulness when MBEDTLS_PSA_CRYPTO_C became enabled by default. * When building the test suites with GNU make, invoke python3 or python, not python2, which is no longer supported upstream. * When using session cache based session resumption on the server, double-check that custom session cache implementations return sessions which are consistent with the negotiated ciphersuite and compression method. * Fix build failure on MinGW toolchain when __USE_MING_ANSI_STDIO is on. When that flag is on, standard GNU C printf format specifiers should be used. * Reduce the default value of MBEDTLS_ECP_WINDOW_SIZE. This reduces RAM usage during ECC operations at a negligible performance cost. * mbedtls_mpi_read_binary(), mbedtls_mpi_read_binary_le() and mbedtls_mpi_read_string() now construct an mbedtls_mpi object with 0 limbs when their input has length 0. Note that this is an implementation detail and can change at any time, so this change should be transparent, but it may result in mbedtls_mpi_write_binary() or mbedtls_mpi_write_string() now writing an empty string where it previously wrote one or more zero digits when operating from values constructed with an mpi_read function and some mpi operations. * Implicitly add PSA_KEY_USAGE_SIGN_MESSAGE key usage policy flag when PSA_KEY_USAGE_SIGN_HASH flag is set and PSA_KEY_USAGE_VERIFY_MESSAGE flag when PSA_KEY_USAGE_VERIFY_HASH flag is set. This usage flag extension is also applied when loading a key from storage.
2022-08-11Bump all dependent packages of wayland (belatedly)gutteridge11-21/+22
The package changed with the addition of its libepoll-shim dependency. Otherwise, we can get: ERROR: libepoll-shim>=0.0.20210418 is not installed; can't buildlink files.
2022-08-10security/clamav-doc: update to 0.103.7taca2-3/+3
Catch up to clamav 0.103.7.
2022-08-10security/clamav: update to 0.103.7taca3-6/+23
0.103.7 (2022-07-26) ClamAV 0.103.7 is a critical patch release with the following fixes: * Upgrade the vendored UnRAR library to version 6.1.7. * Fix logical signature "Intermediates" feature. * Relax constraints on slightly malformed zip archives that contain overlapping file entries.
2022-08-10py-ecdsa: updated to 0.18.0adam3-8/+20
Release 0.18.0 (09 Jul 2022) New API: * `curve_by_name` in `curves` module to get a `Curve` object by providing curve name. Bug fix: * Make the `VerifyingKey` encoded with explicit parameters use the same kind of point encoding for public key and curve generator. * Better handling of malformed curve parameters (as in CVE-2022-0778); make python-ecdsa raise `MalformedPointError` instead of `AssertionError`. Doc fix: * Publish the documentation on https://ecdsa.readthedocs.io/, include explanation of basics of handling of ECC data formats and how to use the library for elliptic curve arithmetic. * Make object names more consistent, make them into hyperlinks on the readthedocs documentation. * Make security note more explicit (Ian Rodney) * Fix the `explicit` vs `named_curve` confusion in `VerifyingKey` docs. Maintenance: * Updated black version; slight changes to formatting * Include interoperability tests for Ed25519 and Ed448 with OpenSSL.
2022-08-09*: Remove hardcoded -liconv / -lintl on SunOS.jperkin2-5/+3
This is now handled centrally via OPSYS_EXPLICIT_LIBDEPS support in libiconv and gettext-lib.
2022-08-08security/wolfssl: Update to v5.4.0fox4-28/+8
Changes since v5.3.0: wolfSSL Release 5.4.0 (July 11, 2022) Note: ** Future releases of wolfSSL will turn off TLS 1.1 by default ** Release 5.4.0 made SP math the default math implementation. To make an equivalent build as –disable-fastmath from previous versions of wolfSSL, now requires using the configure option –enable-heapmath instead. Release 5.4.0 of wolfSSL embedded TLS has bug fixes and new features including: Vulnerabilities * [High] Potential for DTLS DoS attack. In wolfSSL versions before 5.4.0 the return-routability check is wrongly skipped in a specific edge case. The check on the return-routability is there for stopping attacks that either consume excessive resources on the server, or try to use the server as an amplifier sending an excessive amount of messages to a victim IP. If using DTLS 1.0/1.2 on the server side users should update to avoid the potential DoS attack. CVE-2022-34293 * [Medium] Ciphertext side channel attack on ECC and DH operations. Users on systems where rogue agents can monitor memory use should update the version of wolfSSL and change private ECC keys. Thanks to Sen Deng from Southern University of Science and Technology (SUSTech) for the report. * [Medium] Public disclosure of a side channel vulnerability that has been fixed since wolfSSL version 5.1.0. When running on AMD there is the potential to leak private key information with ECDSA operations due to a ciphertext side channel attack. Users on AMD doing ECDSA operations with wolfSSL versions less than 5.1.0 should update their wolfSSL version used. Thanks to professor Yinqian Zhang from Southern University of Science and Technology (SUSTech), his Ph.D. student Mengyuan Li from The Ohio State University, and his M.S students Sen Deng and Yining Tang from SUStech along with other collaborators; Luca Wilke, Jan Wichelmann and Professor Thomas Eisenbarth from the University of Lubeck, Professor Shuai Wang from Hong Kong University of Science and Technology, Professor Radu Teodorescu from The Ohio State University, Huibo Wang, Kang Li and Yueqiang Cheng from Baidu Security and Shoumeng Yang from Ant Financial Services Group. CVE-2020-12966 https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1013 CVE-2021-46744 https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1033 New Feature Additions DTLS 1.3 * Support for using the new DTLSv1.3 protocol was added * Enhancements to bundled examples for an event driven server with DTLS 1.3 was added Ports * Update for the version of VxWorks supported, adding in support for version 6.x * Support for new DPP and EAP-TEAP/EAP-FAST in wpa_supplicant * Update for TSIP version support, adding support for version 1.15 for RX65N and RX72N * Improved TSIP build to handle having the options WOLFSSL_AEAD_ONLY defined or NO_AES_CBC defined * Added support for offloading TLS1.3 operations to Renesas RX boards with TSIP Misc. * Constant time improvements due to development of new constant time tests * Initial translation of API headers to Japanese and expansion of Japanese help message support in example applications * Add support for some FPKI (Federal PKI) certificate cases, UUID, FASC-N, PIV extension for use with smart cards * Add support for parsing additional CSR attributes such as unstructured name and content type * Add support for Linux getrandom() when defining the macro WOLFSSL_GETRANDOM * Add TLS 1.2 ciphersuite ECDHE_PSK_WITH_AES_128_GCM_SHA256 from RFC 8442 * Expand CAAM support with QNX to include i.MX8 boards and add AES-CTR support * Enhanced glitching protection by hardening the TLS encrypt operations Math and Performance SP Math Additions * Support for ARMv3, ARMv6 and ARMv7a - Changes and improvements to get SP building for armv7-a - Updated assembly for moving large immediate values on ARMv6 - Support for architectures with no ldrd/strd and clz * Reworked generation using common asm ruby code for 32bit ARM * Enable wolfSSL SP math all by default (sp_int.c) * Update SP math all to not use sp_int_word when SQR_MUL_ASM is available SP Math Fixes * Fixes for constant time with div function * Fix casting warnings for Windows builds and assembly changes to support XMM6-15 being non-volatile * Fix for div_word when not using div function * Fixes for user settings with SP ASM and ED/Curve25519 small * Additional Wycheproof tests ran and fixes * Fix for SP math ECC non-blocking to always check `hashLen` * Fix for SP math handling edge case with submod Improvements and Optimizations Compatibility Layer * Provide access to "Finished" messages outside of compatibility layer builds * Remove unneeded FIPS guard on wolfSSL_EVP_PKEY_derive * Fix control command issues with AES-GCM, control command EVP_CTRL_GCM_IV_GEN * Add support for importing private only EC key to a WOLFSSL_EVP_PKEY struct * Add support for more extensions to wolfSSL_X509_print_ex * Update for internal to DER (i2d) AIPs to move the buffer pointer when passed in and the operation is successful * Return subject and issuer X509_NAME object even when not set Ports * Renesas RA6M4 example update and fixes * Support multi-threaded use cases with Renesas SCE protected mode and TSIP * Add a global variable for heap-hint for use with TSIP * Changes to support v5.3.0 cube pack for STM32 * Use the correct mutex type for embOS * ESP-IDF build cleanup and enhancements, adding in note regarding ESP-IDF Version * Support for SEGGER embOS and emNET * Fix to handle WOLFSSL_DTLS macro in Micrium build Build Options * Support for verify only and no-PSS builds updated * Add the enable options wolfssh (mapped to the existing –enable-ssh) * Remove WOLFSSL_ALT_NAMES restriction on notBefore/notAfter use in Cert struct * Move several more definitions outside the BUILDING_WOLFSSL gate with linux kernel module build * Modify --enable-openssh to not enable non-FIPS algos for FIPS builds * Remove the Python wrappers from wolfSSL source (use pip install instead of using wolfSSL with Python and our separate Python repository) * Add --enable-openldap option to configure.ac for building the OpenLDAP port * Resolve DTLS build to handle not having –enable-hrrcookie when not needed * Add an --enable-strongswan option to configure.ac for building the Strongswan port * Improve defaults for 64-bit BSDs in configure * Crypto only build can now be used openssl extra * Update ASN template build to properly handle WOLFSSL_CERT_EXT and HAVE_OID_ENCODING * Allow using 3DES and MD5 with FIPS 140-3, as they fall outside of the FIPS boundary * Add the build option --enable-dh=const which replaces setting the macro WOLFSSL_DH_CONST and now conditionally link to -lm as needed * Add the macro WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY which is used to verify hostname/ip address using alternate name (SAN) only and does not use the common name * WOLFSSL_DTLS_NO_HVR_ON_RESUME macro added (off by default to favor more security). If defined, a DTLS server will not do a cookie exchange on successful client resumption: the resumption will be faster (one RTT less) and will consume less bandwidth (one ClientHello and one HelloVerifyRequest less). On the other hand, if a valid SessionID is collected, forged clientHello messages will consume resources on the server. * Misc. * Refactoring of some internal TLS functions to reduce the memory usage * Make old less secure TimingPadVerify implementation available * Add support for aligned data with clang LLVM * Remove subject/issuer email from the list of alt. Email names in the DecodedCerts struct * Zeroizing of pre-master secret buffer in TLS 1.3 * Update to allow TLS 1.3 application server to send session ticket * Improve the sniffer asynchronous test case to support multiple concurrent streams * Clean up wolfSSL_clear() and add more logging * Update to not error out on bad CRL next date if using NO_VERIFY when parsing * Add an example C# PSK client * Add ESP-IDF WOLFSSL_ESP8266 setting for ESP8266 devices * Support longer sigalg list for post quantum use cases and inter-op with OQS's OpenSSL fork * Improve AES-GCM word implementation of GMULT to be constant time * Additional sanity check with Ed25519/Ed448, now defaults to assume public key is not trusted * Support PSK ciphersuites in benchmark apps * FIPS in core hash using SHA2-256 and SHA2-384 * Add ability to store issuer name components when parsing a certificate * Make the critical extension flags in DecodedCert always available * Updates to the default values for basic constraint with X509’s * Support using RSA OAEP with no malloc and add additional sanity checks * Leverage async code paths to support WANT_WRITE while sending packet fragments * New azsphere example for continuous integration testing * Update RSA key generation function to handle pairwise consistency tests with static memory pools used * Resolve build time warning by passing in and checking output length with internal SetCurve function * Support DTLS bidirectional shutdown in the examples * Improve DTLS version negotiation and downgrade capability General Fixes * Fixes for STM32 Hash/PKA, add some missing mutex frees, and add an additional benchmark * Fix missing return checks in KSDK ED25519 code * Fix compilation warnings from IAR * Fixes for STM32U5/H7 hash/crypto support * Fix for using track memory feature with FreeRTOS * Fixup XSTR processing for MICRIUM * Update Zephyr fs.h path * DTLS fixes with WANT_WRITE simulations * Fixes for BER use with PKCS7 to have additional sanity checks and guards on edge cases * Fix to handle exceptional edge case with TFM mp_exptmod_ex * Fix for stack and heap measurements of a 32-bit build * Fix to allow enabling AES key wrap (direct) with KCAPI * Fix --enable-openssh FIPS detection syntax in configure.ac * Fix to move wolfSSL_ERR_clear_error outside gate for OPENSSL_EXTRA * Remove MCAPI project's dependency on zlib version * Only use __builtin_offset on supported GCC versions (4+) * Fix for c89 builds with using WOLF_C89 * Fix 64bit postfix for constants building with powerpc * Fixed async Sniffer with TLS v1.3, async removal of `WC_HW_WAIT_E` and sanitize leak * Fix for QAT ECC to gate use of HW based on marker * Fix the supported version extension to always check minDowngrade * Fix for TLS v1.1 length sanity check for large messages * Fixes for loading a long DER/ASN.1 certificate chain * Fix to expose the RSA public DER export functions with certgen * Fixes for building with small version of SHA3 * Fix configure with WOLFSSL_WPAS_SMALL * Fix to free PKCS7 recipient list in error cases * Sanity check to confirm ssl->hsHashes is not NULL before attempting to dereference it * Clear the leftover byte count in Aes struct when setting IV