Age | Commit message (Collapse) | Author | Files | Lines |
|
No changelog available, issues closed since 0.8.1:
certbot 0.9.1
- Make --quiet reduce the logging level
certbot 0.9.0
- Allow tests to pass without dnspython
- Remove psutil dep
- Renew symlink safety
- Update Nginx redirect enhancement process to modify appropriate
blocks
- If lineages are in an inconsistent (non-deployed) state, deploy
them
- Restructure how Nginx parser re-finds vhosts, and disable
creating new server blocks.
- Remove pointless question
- Tie Nginx OCSP stapling to enhancements system
- Nginx server block selection: Handle non-80/443 ports
- Include log retention count to 1000.
- Make parser.py: add_server_directives documentation consistent
with functionality
- Fix Nginx prompt
- Make Nginx error out if no matching server block is found
- Only suggest names LE will accept
- Implement Nginx server block selection
- should_autorenew ignores symlinks
- Fixes cffi errors in Travis during oldest tests
- DNS challenge support in the manual plugin and general purpose
--preferred-challenges flag
- Fixed hash_bucket_size detection for nginx
- Support both invalidEmail and invalidContact errors
- Removes duplication between README.rst and resources.rst
- Psutil tests
- Allow tests to run when psutil isn't available
- Tests fail on Certbot package due to missing psutil dependency
- Hide the Nginx plugin
- Add the Nginx plugin to certbot-auto
- OCSP stapling in Nginx
- Nginx plugin selection
- Add certbot-nginx to certbot-auto
- Missing links in README
- clarify invalid email error in non-interactive
- Replace '-' with '_' before filtering plugin settings
- Fix extra or lack of spacing between words in help for renew
flags
- Fix Travis tests
- Avoid importing conflicting security policy directives
- Change log rotation scheme
- Plugins with hyphens do not receive their args during renewal
- Handle dns01 challenge into the manual plugin [see #3466]
- Enable unit tests of certbot core on Python 3
- Add os-release ID_LIKE parsing if original distribution mapping
not found in constants
- Fix README typo
- Nginx plugin domain selection
- Fix spacing of nginx redirect blocks
- Rationalise challenge and port selection flags
- Remove psutil from requirements.txt
- prevent Github commits from modifying certbot-auto and
letsencrypt-auto
- Gradually remove psutil dependency, bugfix [URGENT]
- psutil fails to install because hash is missing when running
certbot-auto
- Failure to start Nginx after configuring redirect
- Prepare docs to turn off the wiki
- Certbot apache plugin fails with TypeError: 'NoneType' object
has no attribute '__getitem__'
- Change fatal warning to a fatal message
- Fatal warnings
- Apache default default
- Deprecation fixes
- New docs structure and introduction
- Nginx charset_map and ${VARIABLE_SUBSTITUTION} parsing
- Unclear error about invalid email in non-interactive mode
- Use simple socket test for port availability if psutil not found
- Python 3 support for certonly
- Set dialog widgets to use autowidgetsize
- Errors when run without root
- Apache plugin PATH fallback
- Automatically enable EPEL after prompting users
- Multi-topic help listings
- Installer error
- Explain why Apache [appears] not to be installed
- ErrorHandler causing errors
- Update FreeBSD package name
- Comment out corresponding RewriteConds for filtered RewriteRule
- Permissive parsing of nginx map blocks
- add nginx round-trip tests to tox/travis
- Fix Unix signal handling in certbot.error_handler.ErrorHandler
- Resuming error handling functions after a signal
- Only write nginx config files if they've been modified
- If the user picks "cancel" from the Apache vhost selection menu,
Certbot doesn't exit
- certbot removes http->https rules corrupts ruleset
- Fix typo
- Better document plugins and reversion
- Nginx parser apparently can't parse "map"
- Nginx plugin shouldn't write files it hasn't changed
- Fix Nginx reversion
- Merge Augeas fix for comment line continuations
- Remove warning about nginx options file
- Explain the most likely cause of a missing replay nonce error
- Bump pyca package versions
- Don't add wildcard listen if user has more specific
configuration
- Remove unused nosexcover dependency
- Cleanup dev setup
- Nginx space preservation
- Set dialog widgets to use autowidgetsize
- Printing pip output to terminal when -v is used
- Log new cert and cert renewal
- Log whether renewing or obtaining a new certificate
- Added the argument --quiet and -q so then when used with a
regular user there is no output to the screen.
- certbot-auto not quiet when used with regular user
- Adding sensible UI logging for typical user
- Replace psutils dependency
- Display DialogError details correctly
- -v implies --text
- Fix FQDN checks, closes #3057 and #3056
- Bug in FQDN detection: installer wrongly interprets _
- Installer thinks bare TLD is not a valid FQDN
- Limiting tox envlist to really needed tests
- trouble with Listen directives in CentOS 7 / ssl.conf
- Remove dangling footnote
- certbot-apache fails to parse files with comma in the filename
- pip and verbosity
- Dialog error messages
- NcursesDisplay.menu: treat ESC as cancel
- More useful error when running as non-root?
- -v should imply --text
- Update tox/instructions
- Error that results when run without root is unclear
- Enable EPEL in RPM bootstrapper
- Add dns-01 challenge support to the ACME client
- Apache plugin fails to parse OWASP's ModSecurity ruleset
- Audit nginx plugin for guaranteed config reversion in case of
error
- NoInstallationError() from Apache plugin within renewal cron
jobs due to /usr/sbin not being in the PATH
- nginx http redirect
- "No installers" error message not clear
- HelpfulArgumentParser should know about flags that are relevant
to several topics
- Nginx configurator should preserve whitespace on output
- server blocks added to nginx.conf
- Nginx fails if ssl_session_cache already defined
- nginx leaves dirty/modified config files
- Sensible UI logging for typical user
- nginx plugin issue with server block containing multiple
servernames
|
|
This fixes build on NetBSD-7.99.39 with pkgsrc-current from 2016-10-09.
Bump PKGREVISION to 2.
|
|
|
|
Mostly documentation fixes.
|
|
|
|
Changelog:
This release fixes following bugs:
* Fix Bug #21121: Searching for keys with pattern containing non-ascii
characters.
* Fix Bug #21119: Parsing of user identifier without name.
* Added POSIX method to isRunning() consistent with terminate().
|
|
Changelog:
Bug
[SANTUARIO-378] - xml-security-c cannot initialise on a Windows system with mandatory user profiles
[SANTUARIO-380] - Avoid use of PATH_MAX where possible
[SANTUARIO-381] - Spelling error in xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.cpp
[SANTUARIO-384] - OpenSSLCryptoKeyEC::signBase64SignatureDSA fails most of time
[SANTUARIO-400] - Buffer overwrite in WinCAPICryptoSymmetricKey::encrypt() (WinCAPICryptoSymmetricKey.cpp)
[SANTUARIO-409] - Win32 unicode build breaks due to wchar_t * passed to GetProcAddress()
[SANTUARIO-426] - xml-security-c-1.7.3 not getting build on AIX with xerces-c-3.1.2
Improvement
[SANTUARIO-386] - Spec file patch to add RHEL7 support
|
|
|
|
No changelog found.
|
|
2.5.0 - New APIs, bug fixes and improvements
* libtls now supports ALPN and SNI
* libtls adds a new callback interface for integrating custom IO
functions. Thanks to Tobias Pape.
* libtls now handles 4 cipher suite groups:
"secure" (TLSv1.2+AEAD+PFS)
"compat" (HIGH:!aNULL)
"legacy" (HIGH:MEDIUM:!aNULL)
"insecure" (ALL:!aNULL:!eNULL)
This allows for flexibility and finer grained control, rather than
having two extremes (an issue raised by Marko Kreen some time ago).
* Tightened error handling for tls_config_set_ciphers().
* libtls now always loads CA, key and certificate files at the time the
configuration function is called. This simplifies code and results in
a single memory based code path being used to provide data to libssl.
* Add support for OCSP intermediate certificates.
* Added functions used by stunnel and exim from BoringSSL - this
brings in X509_check_host, X509_check_email, X509_check_ip, and
X509_check_ip_asc.
* Added initial support for iOS, thanks to Jacob Berkman.
* Improved behavior of arc4random on Windows when using memory leak
analysis software.
* Correctly handle an EOF that occurs prior to the TLS handshake
completing. Reported by Vasily Kolobkov, based on a diff from Marko
Kreen.
* Limit the support of the "backward compatible" ssl2 handshake to
only be used if TLS 1.0 is enabled.
* Fix incorrect results in certain cases on 64-bit systems when
BN_mod_word() can return incorrect results. BN_mod_word() now can
return an error condition. Thanks to Brian Smith.
* Added constant-time updates to address CVE-2016-0702
* Fixed undefined behavior in BN_GF2m_mod_arr()
* Removed unused Cryptographic Message Support (CMS)
* More conversions of long long idioms to time_t
* Improved compatibility by avoiding printing NULL strings with
printf.
* Reverted change that cleans up the EVP cipher context in
EVP_EncryptFinal() and EVP_DecryptFinal(). Some software relies on the
previous behaviour.
* Avoid unbounded memory growth in libssl, which can be triggered by a
TLS client repeatedly renegotiating and sending OCSP Status Request
TLS extensions.
* Avoid falling back to a weak digest for (EC)DH when using SNI with
libssl.
2.4.2 - Bug fixes and improvements
* Fixed loading default certificate locations with openssl s_client.
* Ensured OSCP only uses and compares GENERALIZEDTIME values as per
RFC6960. Also added fixes for OCSP to work with intermediate
certificates provided in responses.
* Improved behavior of arc4random on Windows to not appear to leak
memory in debug tools, reduced privileges of allocated memory.
* Fixed incorrect results from BN_mod_word() when the modulus is too
large, thanks to Brian Smith from BoringSSL.
* Correctly handle an EOF prior to completing the TLS handshake in
libtls.
* Improved libtls ceritificate loading and cipher string validation.
* Updated libtls cipher group suites into four categories:
"secure" (TLSv1.2+AEAD+PFS)
"compat" (HIGH:!aNULL)
"legacy" (HIGH:MEDIUM:!aNULL)
"insecure" (ALL:!aNULL:!eNULL)
This allows for flexibility and finer grained control, rather than
having two extremes.
* Limited support for 'backward compatible' SSLv2 handshake packets to
when TLS 1.0 is enabled, providing more restricted compatibility
with TLS 1.0 clients.
* openssl(1) and other documentation improvements.
* Removed flags for disabling constant-time operations.
This removes support for DSA_FLAG_NO_EXP_CONSTTIME,
DH_FLAG_NO_EXP_CONSTTIME, and RSA_FLAG_NO_CONSTTIME flags, making
all of these operations unconditionally constant-time.
2.4.1 - Security fix
* Correct a problem that prevents the DSA signing algorithm from
running in constant time even if the flag BN_FLG_CONSTTIME is set.
This issue was reported by Cesar Pereida (Aalto University), Billy
Brumley (Tampere University of Technology), and Yuval Yarom (The
University of Adelaide and NICTA). The fix was developed by Cesar
Pereida.
2.4.0 - Build improvements, new features
* Many improvements to the CMake build infrastructure, including
Solaris, mingw-w64, Cygwin, and HP-UX support. Thanks to Kinichiro
Inoguchi for this work.
* Added missing error handling around bn_wexpand() calls.
* Added explicit_bzero calls for freed ASN.1 objects.
* Fixed X509_*set_object functions to return 0 on allocation failure.
* Implemented the IETF ChaCha20-Poly1305 cipher suites.
* Changed default EVP_aead_chacha20_poly1305() implementation to the
IETF version, which is now the default.
* Fixed password prompts from openssl(1) to properly handle ^C.
* Reworked error handling in libtls so that configuration errors are
visible.
* Deprecated internal use of EVP_[Cipher|Encrypt|Decrypt]_Final.
* Manpage fixes and updates
|
|
NEWS for the Nettle 3.3 release
This release fixes a couple of bugs, and improves resistance
to side-channel attacks on RSA and DSA private key operations.
Changes in behavoir:
* Invalid private RSA keys, with an even modulo, are now
rejected by rsa_private_key_prepare. (Earlier versions
allowed such keys, even if results of using them were bogus).
Nettle applications are required to call
rsa_private_key_prepare and check the return value, before
using any other RSA private key functions; failing to do so
may result in crashes for invalid private keys. As a
workaround for versions of Gnutls which don't use
rsa_private_key_prepare, additional checks for even moduli
are added to the rsa_*_tr functions which are used by all
recent versions of Gnutls.
* Ignore bit 255 of the x coordinate of the input point to
curve25519_mul, as required by RFC 7748. To differentiate at
compile time, curve25519.h defines the constant
NETTLE_CURVE25519_RFC7748.
Security:
* RSA and DSA now use side-channel silent modular
exponentiation, to defend against attacks on the private key
from evil processes sharing the same processor cache. This
attack scenario is of particular relevance when running an
HTTPS server on a virtual machine, where you don't know who
you share the cache hardware with.
(Private key operations on elliptic curves were already
side-channel silent).
Bug fixes:
* Fix sexp-conv crashes on invalid input. Reported by Hanno
Böck.
* Fix out-of-bounds read in des_weak_p. Fixed by Nikos
Mavrogiannopoulos.
* Fix a couple of formally undefined shift operations,
reported by Nikos Mavrogiannopoulos.
* Fix compilation with c89. Reported by Henrik Grubbström.
New features:
* New function memeql_sec, for side-channel silent comparison
of two memory areas.
Miscellaneous:
* Building the public key support of nettle now requires GMP
version 5.0 or later (unless --enable-mini-gmp is used).
* Filenames of windows DLL libraries now include major number
only. So the dll names change at the same time as the
corresponding soname on ELF platforms. Fixed by Nikos
Mavrogiannopoulos.
* Eliminate most pointer-signedness warnings. In the process,
the strings representing expression type for sexp_interator
functions were changed from const uint8_t * to const char *.
These functions are undocumented, and it doesn't change the
ABI on any platform I'm aware of.
The shared library names are libnettle.so.6.3 and
libhogweed.so.4.3, with sonames still libnettle.so.6 and
libhogweed.so.4. It is intended to be fully binary compatible
with nettle-3.1.
|
|
|
|
1.5.2 - 2016-09-26
~~~~~~~~~~~~~~~~~~
* Updated Windows and OS X wheels to be compiled against OpenSSL 1.0.2j.
|
|
idea and mdc2 patents expired, so enable them by default.
rc5 looks like it might be expired as well, but I didn't find
anything relevant on that topic, so I left it alone.
Bump PKGREVISION.
|
|
|
|
- Add a new tls-protos configuration option for specifying the
permitted TLS/SSL protocols. This new option supersedes settings
ssl and tls which are now deprecated and will be kept for
backwards compatibility.
|
|
|
|
1.5.1 - 2016-09-22
~~~~~~~~~~~~~~~~~~
* Updated Windows and OS X wheels to be compiled against OpenSSL 1.0.2i.
* Resolved a ``UserWarning`` when used with cffi 1.8.3.
* Fixed a memory leak in name creation with X.509.
* Added a workaround for old versions of setuptools.
* Fixed an issue preventing ``cryptography`` from compiling against
OpenSSL 1.0.2i.
|
|
v2.21, 23.09.2016
- no code changes to ECB.pm
- ecb.pl -l now prints module versions
- ignoring Serpent in test suite as it is broken on many platforms
|
|
|
|
Should fix the build failure on FreeBSD-10.3.
|
|
* Avoid unbounded memory growth in libssl, which can be triggered by a
TLS client repeatedly renegotiating and sending OCSP Status Request
TLS extensions.
* Avoid falling back to a weak digest for (EC)DH when using SNI with
libssl.
|
|
Changes between 1.0.2i and 1.0.2j [26 Sep 2016]
*) Missing CRL sanity check
A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0
but was omitted from OpenSSL 1.0.2i. As a result any attempt to use
CRLs in OpenSSL 1.0.2i will crash with a null pointer exception.
This issue only affects the OpenSSL 1.0.2i
(CVE-2016-7052)
[Matt Caswell]
|
|
Changes between 1.0.2h and 1.0.2i [22 Sep 2016]
*) OCSP Status Request extension unbounded memory growth
A malicious client can send an excessively large OCSP Status Request
extension. If that client continually requests renegotiation, sending a
large OCSP Status Request extension each time, then there will be unbounded
memory growth on the server. This will eventually lead to a Denial Of
Service attack through memory exhaustion. Servers with a default
configuration are vulnerable even if they do not support OCSP. Builds using
the "no-ocsp" build time option are not affected.
This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.)
(CVE-2016-6304)
[Matt Caswell]
*) In order to mitigate the SWEET32 attack, the DES ciphers were moved from
HIGH to MEDIUM.
This issue was reported to OpenSSL Karthikeyan Bhargavan and Gaetan
Leurent (INRIA)
(CVE-2016-2183)
[Rich Salz]
*) OOB write in MDC2_Update()
An overflow can occur in MDC2_Update() either if called directly or
through the EVP_DigestUpdate() function using MDC2. If an attacker
is able to supply very large amounts of input data after a previous
call to EVP_EncryptUpdate() with a partial block then a length check
can overflow resulting in a heap corruption.
The amount of data needed is comparable to SIZE_MAX which is impractical
on most platforms.
This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.)
(CVE-2016-6303)
[Stephen Henson]
*) Malformed SHA512 ticket DoS
If a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a
DoS attack where a malformed ticket will result in an OOB read which will
ultimately crash.
The use of SHA512 in TLS session tickets is comparatively rare as it requires
a custom server callback and ticket lookup mechanism.
This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.)
(CVE-2016-6302)
[Stephen Henson]
*) OOB write in BN_bn2dec()
The function BN_bn2dec() does not check the return value of BN_div_word().
This can cause an OOB write if an application uses this function with an
overly large BIGNUM. This could be a problem if an overly large certificate
or CRL is printed out from an untrusted source. TLS is not affected because
record limits will reject an oversized certificate before it is parsed.
This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.)
(CVE-2016-2182)
[Stephen Henson]
*) OOB read in TS_OBJ_print_bio()
The function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is
the total length the OID text representation would use and not the amount
of data written. This will result in OOB reads when large OIDs are
presented.
This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.)
(CVE-2016-2180)
[Stephen Henson]
*) Pointer arithmetic undefined behaviour
Avoid some undefined pointer arithmetic
A common idiom in the codebase is to check limits in the following manner:
"p + len > limit"
Where "p" points to some malloc'd data of SIZE bytes and
limit == p + SIZE
"len" here could be from some externally supplied data (e.g. from a TLS
message).
The rules of C pointer arithmetic are such that "p + len" is only well
defined where len <= SIZE. Therefore the above idiom is actually
undefined behaviour.
For example this could cause problems if some malloc implementation
provides an address for "p" such that "p + len" actually overflows for
values of len that are too big and therefore p + len < limit.
This issue was reported to OpenSSL by Guido Vranken
(CVE-2016-2177)
[Matt Caswell]
*) Constant time flag not preserved in DSA signing
Operations in the DSA signing algorithm should run in constant time in
order to avoid side channel attacks. A flaw in the OpenSSL DSA
implementation means that a non-constant time codepath is followed for
certain operations. This has been demonstrated through a cache-timing
attack to be sufficient for an attacker to recover the private DSA key.
This issue was reported by César Pereida (Aalto University), Billy Brumley
(Tampere University of Technology), and Yuval Yarom (The University of
Adelaide and NICTA).
(CVE-2016-2178)
[César Pereida]
*) DTLS buffered message DoS
In a DTLS connection where handshake messages are delivered out-of-order
those messages that OpenSSL is not yet ready to process will be buffered
for later use. Under certain circumstances, a flaw in the logic means that
those messages do not get removed from the buffer even though the handshake
has been completed. An attacker could force up to approx. 15 messages to
remain in the buffer when they are no longer required. These messages will
be cleared when the DTLS connection is closed. The default maximum size for
a message is 100k. Therefore the attacker could force an additional 1500k
to be consumed per connection. By opening many simulataneous connections an
attacker could cause a DoS attack through memory exhaustion.
This issue was reported to OpenSSL by Quan Luo.
(CVE-2016-2179)
[Matt Caswell]
*) DTLS replay protection DoS
A flaw in the DTLS replay attack protection mechanism means that records
that arrive for future epochs update the replay protection "window" before
the MAC for the record has been validated. This could be exploited by an
attacker by sending a record for the next epoch (which does not have to
decrypt or have a valid MAC), with a very large sequence number. This means
that all subsequent legitimate packets are dropped causing a denial of
service for a specific DTLS connection.
This issue was reported to OpenSSL by the OCAP audit team.
(CVE-2016-2181)
[Matt Caswell]
*) Certificate message OOB reads
In OpenSSL 1.0.2 and earlier some missing message length checks can result
in OOB reads of up to 2 bytes beyond an allocated buffer. There is a
theoretical DoS risk but this has not been observed in practice on common
platforms.
The messages affected are client certificate, client certificate request
and server certificate. As a result the attack can only be performed
against a client or a server which enables client authentication.
This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.)
(CVE-2016-6306)
[Stephen Henson]
|
|
|
|
----------------------------------
* keychain 2.8.3 (24 Jun 2016)
Summary: fix gpg key addition (Clemens Kaposi)
|
|
|
|
(Only changes bin/*, not lib). Fixes build when autoopts already is installed
Disable valgrind explicitly.
Addresses issues reported by Ricard Palo.
Bump PKGREVISION.
|
|
No functional change.
|
|
Replace bash binary path in more shell scripts so more tests work.
Result: no failing tests. Yay!
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Version 3.5.4 (released 2016-09-08)
** libgnutls: Corrected the comparison of the serial size in OCSP response.
Previously the OCSP certificate check wouldn't verify the serial length
and could succeed in cases it shouldn't (GNUTLS-SA-2016-3).
Reported by Stefan Buehler.
** libgnutls: Added support for IP name constraints. Patch by Martin Ukrop.
** libgnutls: Added support of PKCS#8 file decryption using DES-CBC-MD5. This
is added to allow decryption of PKCS #8 private keys from openssl prior to 1.1.0.
** libgnutls: Added support for decrypting PKCS#8 files which use HMAC-SHA256
as PRF. This allow decrypting PKCS #8 private keys generated with openssl 1.1.0.
** libgnutls: Added support for internationalized passwords in PKCS#12 files.
Previous versions would only encrypt or decrypt using passwords from the ASCII
set.
** libgnutls: Addressed issue with PKCS#11 signature generation on ECDSA
keys. The signature is now written as unsigned integers into the DSASignatureValue
structure. Previously signed integers could be written depending on what
the underlying module would produce. Addresses #122.
** gnutls-cli: Fixed starttls regression from 3.5.3.
** API and ABI modifications:
GNUTLS_E_MALFORMED_CIDR: Added
gnutls_x509_cidr_to_rfc5280: Added
gnutls_oid_to_mac: Added
* Version 3.5.3 (released 2016-08-09)
** libgnutls: Added support for TCP fast open (RFC7413), allowing
to reduce by one round-trip the handshake process. Based on proposal and
patch by Tim Ruehsen.
** libgnutls: Adopted a simpler with less memory requirements DTLS sliding
window implementation. Based on Fridolin Pokorny's implementation for
AF_KTLS.
** libgnutls: Use getrandom where available via the syscall interface.
This works around an issue of not-using getrandom even if it exists
since glibc doesn't declare such function.
** libgnutls: Fixed DNS name constraints checking in the case of empty
intersection of domain names in the chain. Report and fix by Martin Ukrop.
** libgnutls: Fixed name constraints checking in the case of chains
where the higher level certificates contained different types of
constraints than the ones present in the lower intermediate CAs.
Report and fix by Martin Ukrop.
** libgnutls: Dropped support for the EGD random generator.
** libgnutls: Allow the decoding of raw elements (starting with #)
in RFC4514 DN string decoding.
** libgnutls: Fixes in gnutls_x509_crt_list_import2, which was
ignoring flags if all certificates in the list fit within the
initially allocated memory. Patch by Tim Kosse.
** libgnutls: Corrected issue which made gnutls_certificate_get_x509_crt()
to return invalid pointers when returned more than a single certificate.
Report and fix by Stefan Sørensen.
** libgnutls: Fix gnutls_pkcs12_simple_parse to always extract the complete chain,
even when the extra_certs was non-null. Report and fix by Stefan Sørensen.
** certtool: Added the "add_extension" and "add_critical_extension"
template options. This allows specifying arbitrary extensions into
certificates and certificate requests.
** gnutls-cli: Added the --fastopen option.
** API and ABI modifications:
GNUTLS_E_UNAVAILABLE_DURING_HANDSHAKE: Added
gnutls_x509_crq_set_extension_by_oid: Added
gnutls_x509_dn_set_str: Added
gnutls_transport_set_fastopen: Added
* Version 3.5.2 (released 2016-07-06)
** libgnutls: Address issue when utilizing the p11-kit trust store
for certificate verification (GNUTLS-SA-2016-2).
** libgnutls: Fixed DTLS handshake packet reconstruction. Reported by
Guillaume Roguez.
** libgnutls: Fixed issues with PKCS#11 reading of sensitive objects
from SafeNet Network HSM. Reported by Anthony Alba in #108.
** libgnutls: Corrected the writing of PKCS#11 CKA_SERIAL_NUMBER. Report
and fix by Stanislav Židek.
** libgnutls: Added AES-GCM optimizations using the AVX and MOVBE
instructions. Uses Andy Polyakov's assembly code.
** API and ABI modifications:
No changes since last version.
* Version 3.5.1 (released 2016-06-14)
** libgnutls: The SSL 3.0 protocol support can completely be removed
using a compile time option. The configure option is --disable-ssl3-support.
** libgnutls: The SSL 2.0 client hello support can completely be removed
using a compile time option. The configure option is --disable-ssl2-support.
** libgnutls: Added support for OCSP Must staple PKIX extension. That is,
implemented the RFC7633 TLSFeature for OCSP status request extension.
Feature implemented by Tim Kosse.
** libgnutls: More strict OCSP staple verification. That is, no longer
ignore invalid or too old OCSP staples. The previous behavior was
to rely on application use gnutls_ocsp_status_request_is_checked(),
while the new behavior is to include OCSP verification by default
and set the GNUTLS_CERT_INVALID_OCSP_STATUS verification flag on error.
** libgnutls: Treat CA certificates with the "Server Gated Cryptography" key
purpose OIDs equivalent to having the GNUTLS_KP_TLS_WWW_SERVER OID. This
improves interoperability with several old intermediate CA certificates
carrying these legacy OIDs.
** libgnutls: Re-read the system wide priority file when needed. Patch by
Daniel P. Berrange.
** libgnutls: Allow for fallback in system-specific initial keywords
(prefixed with '@'). That allows to specify a keyword such as
"@KEYWORD1,KEYWORD2" which will use the first available of these
two keywords. Patch by Daniel P. Berrange.
** libgnutls: The SSLKEYLOGFILE environment variable can be used to log
session keys. These session keys are compatible with the NSS Key Log
Format and can be used to decrypt the session for debugging using
wireshark.
** API and ABI modifications:
GNUTLS_CERT_INVALID_OCSP_STATUS: Added
gnutls_x509_crt_set_crq_extension_by_oid: Added
gnutls_x509_ext_import_tlsfeatures: Added
gnutls_x509_ext_export_tlsfeatures: Added
gnutls_x509_tlsfeatures_add: Added
gnutls_x509_tlsfeatures_init: Added
gnutls_x509_tlsfeatures_deinit: Added
gnutls_x509_tlsfeatures_get: Added
gnutls_x509_crt_get_tlsfeatures: Added
gnutls_x509_crt_set_tlsfeatures: Added
gnutls_x509_crq_get_tlsfeatures: Added
gnutls_x509_crq_set_tlsfeatures: Added
gnutls_ext_get_name: Added
* Version 3.5.0 (released 2016-05-09)
** libgnutls: Added SHA3 based signing algorithms for DSA, RSA and ECDSA,
based on http://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/algorithms.html
** libgnutls: Added support for curve X25519 (RFC 7748, draft-ietf-tls-rfc4492bis-07).
This curve is disabled by default as it is still on specification status. It
can be enabled using the priority string modifier +CURVE-X25519.
** libgnutls: Added support for TLS false start (draft-ietf-tls-falsestart-01)
by introducing gnutls_init() flag GNUTLS_ENABLE_FALSE_START (#73).
** libgnutls: Added new APIs to access the FIPS186-4 (Shawe-Taylor based) provable
RSA and DSA parameter generation from a seed.
** libgnutls: The CHACHA20-POLY1305 ciphersuite is enabled by default. This
cipher is prioritized after AES-GCM.
** libgnutls: On a rehandshake ensure that the certificate of the peer or
its username remains the same as in previous handshakes. That is to protect
applications which do not check user credentials on rehandshakes. The
threat to address depends on the application protocol. Primarily it
protects against applications which authenticate the peer initially and
perform accounting using the session's information, from being misled
by a rehandshake which switches the peer's identity. Applications can
disable this protection by using the %GNUTLS_ALLOW_ID_CHANGE flag in
gnutls_init().
** libgnutls: Be strict in TLS extension decoding. That is, do not tolerate
parsing errors in the extensions field and treat it as a typical Hello
message structure. Reported by Hubert Kario (#40).
** libgnutls: Old and unsupported version numbers in client hellos are
rejected with a "protocol_version" alert message. Reported by Hubert
Kario (#42).
** libgnutls: Lifted the limitation of calling the gnutls_session_get_data*()
functions, only on non-resumed sessions. This brings the API in par with
its usage (#79).
** libgnutls: Follow RFC5280 strictly in name constraints computation. The
permitted subtrees is intersected with any previous values. Report and
patch by Daiki Ueno.
** libgnutls: Enforce the RFC 7627 (extended master secret) requirements on
session resumption. Reported by Hubert Kario (#69).
** libgnutls: Consider the max-record TLS extension even when under DTLS.
Reported by Peter Dettman (#61).
** libgnutls: Replaced writev() system call with sendmsg().
** libgnutls: Replaced select() system call with poll() on POSIX systems.
** libgnutls: Preload the system priority file on library load. This allows
applications that chroot() to also use the system priorities.
** libgnutls: Applications are allowed to override the built-in key and
certificate URLs.
** libgnutls: The gnutls.h header marks constant and pure functions explictly.
** certtool: Added the ability to sign certificates using SHA3.
** certtool: Added the --provable and --verify-allow-broken options.
** gnutls-cli: The --dane option will cause verification failure if gnutls is not
compiled with DANE support.
** crywrap: The tool was unbundled from gnutls' distribution. It can be found at
https://github.com/nmav/crywrap
** guile: .go files are now built and installed
** guile: Fix compatibility issue of the test suite with Guile 2.1
** guile: When --with-guile-site-dir is passed, modules are installed in a
versioned directory, typically $(datadir)/guile/site/2.0
** guile: Tests no longer leave zombie processes behind
** API and ABI modifications:
GNUTLS_FORCE_CLIENT_CERT: Added
GNUTLS_ENABLE_FALSE_START: Added
GNUTLS_INDEFINITE_TIMEOUT: Added
GNUTLS_ALPN_SERVER_PRECEDENCE: Added
GNUTLS_E_ASN1_EMBEDDED_NULL_IN_STRING: Added
GNUTLS_E_HANDSHAKE_DURING_FALSE_START: Added
gnutls_check_version_numeric: Added
gnutls_x509_crt_equals: Added
gnutls_x509_crt_equals2: Added
gnutls_x509_crt_set_subject_alt_othername: Added
gnutls_x509_crt_set_issuer_alt_othername: Added
gnutls_x509_crt_get_signature_oid: Added
gnutls_x509_crt_get_pk_oid: Added
gnutls_x509_crq_set_subject_alt_othername: Added
gnutls_x509_crq_get_pk_oid: Added
gnutls_x509_crq_get_signature_oid: Added
gnutls_x509_crl_get_signature_oid: Added
gnutls_x509_privkey_generate2: Added
gnutls_x509_privkey_get_seed: Added
gnutls_x509_privkey_verify_seed: Added
gnutls_privkey_generate2: Added
gnutls_privkey_get_seed: Added
gnutls_privkey_verify_seed: Added
gnutls_decode_ber_digest_info: Added
gnutls_encode_ber_digest_info: Added
gnutls_dh_params_import_dsa: Added
gnutls_session_get_master_secret: Added
* Version 3.4.3 (released 2015-07-12)
** libgnutls: Follow closely RFC5280 recommendations and use UTCTime for
dates prior to 2050.
** libgnutls: Force 16-byte alignment to all input to ciphers (previously it
was done only when cryptodev was enabled).
** libgnutls: Removed support for pthread_atfork() as it has undefined
semantics when used with dlopen(), and may lead to a crash.
** libgnutls: corrected failure when importing plain files
with gnutls_x509_privkey_import2(), and a password was provided.
** libgnutls: Don't reject certificates if a CA has the URI or IP address
name constraints, and the end certificate doesn't have an IP address
name or a URI set.
** libgnutls: set and read the hint in DHE-PSK and ECDHE-PSK ciphersuites.
** p11tool: Added --list-token-urls option, and print the token module name
in list-tokens.
** API and ABI modifications:
gnutls_ecc_curve_get_oid: Added
gnutls_digest_get_oid: Added
gnutls_pk_get_oid: Added
gnutls_sign_get_oid: Added
gnutls_ecc_curve_get_id: Added
gnutls_oid_to_digest: Added
gnutls_oid_to_pk: Added
gnutls_oid_to_sign: Added
gnutls_oid_to_ecc_curve: Added
gnutls_pkcs7_get_signature_count: Added
* Version 3.4.2 (released 2015-06-16)
** libgnutls: DTLS blocking API is more robust against infinite blocking,
and will notify of more possible timeouts.
** libgnutls: corrected regression with Camellia-256-GCM cipher. Reported
by Manuel Pegourie-Gonnard.
** libgnutls: Introduced the GNUTLS_NO_SIGNAL flag to gnutls_init(). That
allows to disable SIGPIPE for writes done within gnutls.
** libgnutls: Enhanced the PKCS #7 API to allow signing and verification
of structures. API moved to gnutls/pkcs7.h header.
** certtool: Added options to generate PKCS #7 bundles and signed
structures.
** API and ABI modifications:
gnutls_x509_dn_get_str: Added
gnutls_pkcs11_get_raw_issuer_by_subject_key_id: Added
gnutls_x509_trust_list_get_issuer_by_subject_key_id: Added
gnutls_x509_crt_verify_data2: Added
gnutls_pkcs7_get_crt_raw2: Added
gnutls_pkcs7_signature_info_deinit: Added
gnutls_pkcs7_get_signature_info: Added
gnutls_pkcs7_verify_direct: Added
gnutls_pkcs7_verify: Added
gnutls_pkcs7_get_crl_raw2: Added
gnutls_pkcs7_sign: Added
gnutls_pkcs7_attrs_deinit: Added
gnutls_pkcs7_add_attr: Added
gnutls_pkcs7_get_attr: Added
gnutls_pkcs7_print: Added
* Version 3.4.1 (released 2015-05-03)
** libgnutls: gnutls_certificate_get_ours: will return the certificate even
if a callback was used to send it.
** libgnutls: Check for invalid length in the X.509 version field. Without
the check certificates with invalid length would be detected as having an
arbitrary version. Reported by Hanno Böck.
** libgnutls: Handle DNS name constraints with a leading dot. Patch by
Fotis Loukos.
** libgnutls: Updated system-keys support for windows to compile in more
versions of mingw. Patch by Tim Kosse.
** libgnutls: Fix for MD5 downgrade in TLS 1.2 signatures. Reported by
Karthikeyan Bhargavan [GNUTLS-SA-2015-2].
** libgnutls: Reverted: The gnutls_handshake() process will enforce a timeout
by default. That caused issues with non-blocking programs.
** certtool: It can generate SHA256 key IDs.
** gnutls-cli: fixed crash in --benchmark-ciphers. Reported by James Cloos.
** configure: re-enabled the --enable-local-libopts flag
** API and ABI modifications:
gnutls_x509_crt_get_pk_ecc_raw: Added
* Version 3.4.0 (released 2015-04-08)
** libgnutls: Added support for AES-CCM and AES-CCM-8 (RFC6655 and RFC7251)
ciphersuites. The former are enabled by default, the latter need to be
explicitly enabled, since they reduce the overall security level.
** libgnutls: Added support for Chacha20-Poly1305 ciphersuites following
draft-mavrogiannopoulos-chacha-tls-05 and draft-irtf-cfrg-chacha20-poly1305-10.
That is currently provided as technology preview and is not enabled by
default, since there are no assigned ciphersuite points by IETF and there
is no guarrantee of compatibility between draft versions. The ciphersuite
priority string to enable it is "+CHACHA20-POLY1305".
** libgnutls: Added support for encrypt-then-authenticate in CBC
ciphersuites (RFC7366 -taking into account its errata text). This is
enabled by default and can be disabled using the %NO_ETM priority
string.
** libgnutls: Added support for the extended master secret
(triple-handshake fix) following draft-ietf-tls-session-hash-02.
** libgnutls: Added a new simple and hard to misuse AEAD API (crypto.h).
** libgnutls: SSL 3.0 is no longer included in the default priorities
list. It has to be explicitly enabled, e.g., with a string like
"NORMAL:+VERS-SSL3.0".
** libgnutls: ARCFOUR (RC4) is no longer included in the default priorities
list. It has to be explicitly enabled, e.g., with a string like
"NORMAL:+ARCFOUR-128".
** libgnutls: DSA signatures and DHE-DSS are no longer included in the
default priorities list. They have to be explicitly enabled, e.g., with
a string like "NORMAL:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1". The
DSA ciphersuites were dropped because they had no deployment at all
on the internet, to justify their inclusion.
** libgnutls: The priority string EXPORT was completely removed. The string
was already defunc as support for the EXPORT ciphersuites was removed in
GnuTLS 3.2.0.
** libgnutls: Added API to utilize system specific private keys in
"gnutls/system-keys.h". It is currently provided as technology preview
and is restricted to windows CNG keys.
** libgnutls: gnutls_x509_crt_check_hostname() and friends will use
RFC6125 comparison of hostnames. That introduces a dependency on libidn.
** libgnutls: Depend on p11-kit 0.23.1 to comply with the final
PKCS #11 URLs draft (draft-pechanec-pkcs11uri-21).
** libgnutls: Depend on nettle 3.1.
** libgnutls: Use getrandom() or getentropy() when available. That
avoids the complexity of file descriptor handling and issues with
applications closing all open file descriptors on startup.
** libgnutls: Use pthread_atfork() to detect fork when available.
** libgnutls: If a key purpose (extended key usage) is specified for verification,
it is applied into intermediate certificates. The verification result
GNUTLS_CERT_PURPOSE_MISMATCH is also introduced.
** libgnutls: When gnutls_certificate_set_x509_key_file2() is used in
combination with PKCS #11, or TPM URLs, it will utilize the provided
password as PIN if required. That removes the requirement for the
application to set a callback for PINs in that case.
** libgnutls: priority strings VERS-TLS-ALL and VERS-DTLS-ALL are
restricted to the corresponding protocols only, and the VERS-ALL
string is introduced to catch all possible protocols.
** libgnutls: Added helper functions to obtain information on PKCS #8
structures.
** libgnutls: Certificate chains which are provided to gnutls_certificate_credentials_t
will automatically be sorted instead of failing with GNUTLS_E_CERTIFICATE_LIST_UNSORTED.
** libgnutls: Added functions to export and set the record state. That
allows for gnutls_record_send() and recv() to be offloaded (to kernel,
hardware or any other subsystem).
** libgnutls: Added the ability to register application specific URL
types, which express certificates and keys using gnutls_register_custom_url().
** libgnutls: Added API to override existing ciphers, digests and MACs, e.g.,
to override AES-GCM using a system-specific accelerator. That is, (crypto.h)
gnutls_crypto_register_cipher(), gnutls_crypto_register_aead_cipher(),
gnutls_crypto_register_mac(), and gnutls_crypto_register_digest().
** libgnutls: Added gnutls_ext_register() to register custom extensions.
Contributed by Thierry Quemerais.
** libgnutls: Added gnutls_supplemental_register() to register custom
supplemental data handshake messages. Contributed by Thierry Quemerais.
** libgnutls-openssl: it is no longer built by default.
** certtool: Added --p8-info option, which will print PKCS #8 information
even if the password is not available.
** certtool: --key-info option will print PKCS #8 encryption information
when available.
** certtool: Added the --key-id and --fingerprint options.
** certtool: Added the --verify-hostname, --verify-email and --verify-purpose
options to be used in certificate chain verification, to simulate verification
for specific hostname and key purpose (extended key usage).
** certtool: --p12-info option will print PKCS #12 MAC and cipher information
when available.
** certtool: it will print the A-label (ACE) names in addition to UTF-8.
** p11tool: added options --set-id and --set-label.
** gnutls-cli: added options --priority-list and --save-cert.
** guile: Deprecated priority API has been removed. The old priority API,
which had been deprecated for some time, is now gone; use 'set-session-priorities!'
instead.
** guile: Remove RSA parameters and related procedures. This API had been
deprecated.
** guile: Fix compilation on MinGW. Previously only the static version of the
'guile-gnutls-v-2' library would be built, preventing dynamic loading from Guile.
** API and ABI modifications:
gnutls_record_get_state: Added
gnutls_record_set_state: Added
gnutls_aead_cipher_init: Added
gnutls_aead_cipher_decrypt: Added
gnutls_aead_cipher_encrypt: Added
gnutls_aead_cipher_deinit: Added
gnutls_pkcs12_generate_mac2: Added
gnutls_pkcs12_mac_info: Added
gnutls_pkcs12_bag_enc_info: Added
gnutls_pkcs8_info: Added
gnutls_pkcs_schema_get_name: Added
gnutls_pkcs_schema_get_oid: Added
gnutls_pcert_export_x509: Added
gnutls_pcert_export_openpgp: Added
gnutls_pcert_import_x509_list: Added
gnutls_pkcs11_privkey_cpy: Added
gnutls_x509_crq_get_signature_algorithm: Added
gnutls_x509_trust_list_iter_get_ca: Added
gnutls_x509_trust_list_iter_deinit: Added
gnutls_x509_trust_list_get_issuer_by_dn: Added
gnutls_pkcs11_get_raw_issuer_by_dn: Added
gnutls_certificate_get_trust_list: Added
gnutls_privkey_export_x509: Added
gnutls_privkey_export_pkcs11: Added
gnutls_privkey_export_openpgp: Added
gnutls_privkey_import_ext3: Added
gnutls_certificate_get_x509_key: Added
gnutls_certificate_get_x509_crt: Added
gnutls_certificate_get_openpgp_key: Added
gnutls_certificate_get_openpgp_crt: Added
gnutls_record_discard_queued: Added
gnutls_session_ext_master_secret_status: Added
gnutls_priority_string_list: Added
gnutls_dh_params_import_raw2: Added
gnutls_memset: Added
gnutls_memcmp: Added
gnutls_pkcs12_bag_set_privkey: Added
gnutls_ocsp_resp_get_responder_raw_id: Added
gnutls_system_key_iter_deinit: Added
gnutls_system_key_iter_get_info: Added
gnutls_system_key_delete: Added
gnutls_system_key_add_x509: Added
gnutls_system_recv_timeout: Added
gnutls_register_custom_url: Added
gnutls_pkcs11_obj_list_import_url3: Added
gnutls_pkcs11_obj_list_import_url4: Added
gnutls_pkcs11_obj_set_info: Added
gnutls_crypto_register_cipher: Added
gnutls_crypto_register_aead_cipher: Added
gnutls_crypto_register_mac: Added
gnutls_crypto_register_digest: Added
gnutls_ext_register: Added
gnutls_supplemental_register: Added
gnutls_supplemental_recv: Added
gnutls_supplemental_send: Added
gnutls_openpgp_crt_check_email: Added
gnutls_x509_crt_check_email: Added
gnutls_handshake_set_hook_function: Modified
gnutls_pkcs11_privkey_generate3: Added
gnutls_pkcs11_copy_x509_crt2: Added
gnutls_pkcs11_copy_x509_privkey2: Added
gnutls_pkcs11_obj_list_import_url: Removed
gnutls_pkcs11_obj_list_import_url2: Removed
gnutls_certificate_client_set_retrieve_function: Removed
gnutls_certificate_server_set_retrieve_function: Removed
gnutls_certificate_set_rsa_export_params: Removed
gnutls_certificate_type_set_priority: Removed
gnutls_cipher_set_priority: Removed
gnutls_compression_set_priority: Removed
gnutls_kx_set_priority: Removed
gnutls_mac_set_priority: Removed
gnutls_protocol_set_priority: Removed
gnutls_rsa_export_get_modulus_bits: Removed
gnutls_rsa_export_get_pubkey: Removed
gnutls_rsa_params_cpy: Removed
gnutls_rsa_params_deinit: Removed
gnutls_rsa_params_export_pkcs1: Removed
gnutls_rsa_params_export_raw: Removed
gnutls_rsa_params_generate2: Removed
gnutls_rsa_params_import_pkcs1: Removed
gnutls_rsa_params_import_raw: Removed
gnutls_rsa_params_init: Removed
gnutls_sign_callback_get: Removed
gnutls_sign_callback_set: Removed
gnutls_x509_crt_verify_data: Removed
gnutls_x509_crt_verify_hash: Removed
gnutls_pubkey_get_verify_algorithm: Removed
gnutls_x509_crt_get_verify_algorithm: Removed
gnutls_pubkey_verify_hash: Removed
gnutls_pubkey_verify_data: Removed
gnutls_record_set_max_empty_records: Removed
guile:
set-session-cipher-priority!: Removed
set-session-mac-priority!: Removed
set-session-compression-method-priority!: Removed
set-session-kx-priority!: Removed
set-session-protocol-priority!: Removed
set-session-certificate-type-priority!: Removed
set-session-default-priority!: Removed
set-session-default-export-priority!: Removed
make-rsa-parameters: Removed
rsa-parameters?: Removed
set-certificate-credentials-rsa-export-parameters!: Removed
pkcs1-import-rsa-parameters: Removed
pkcs1-export-rsa-parameters: Removed
|
|
hitch-1.4.0 (2016-09-12)
- Fix a bug in the OCSP request code where it broke if the OCSP
responder required a Host header. (#113)
- Add support for ECC certificates (#116).
hitch-1.4.0-beta1 (2016-08-26)
- NPN/ALPN support for negotiating a protocol in the SSL handshake.
This lets you use Hitch for terminating TLS in front of an HTTP/2
capable backend. For ALPN, OpenSSL 1.0.2 is needed, while NPN
requires OpenSSL 1.0.1.
- Expanded PROXY protocol support for communicating an ALPN/NPN
negotiated protocol to the backend. Hitch will now include the
ALPN/NPN protocol that was selected during the handshake as part
of the PROXYv2 header.
|
|
2.038 2016/09/17
- restrict session ticket callback to Net::SSLeay 1.79+ since version before
contains bug. Add test for session reuse
- extend SSL fingerprint to pubkey digest, i.e. 'sha1$pub$xxxxxx....'
- fix t/external/ocsp.t to use different server (under my control) to check
OCSP stapling
|
|
OpenSSH 7.3p1 is primarily a bugfix release and here is summary.
Changes since OpenSSH 7.2
=========================
Security
--------
* sshd(8): Mitigate a potential denial-of-service attack against
the system's crypt(3) function via sshd(8). An attacker could
send very long passwords that would cause excessive CPU use in
crypt(3). sshd(8) now refuses to accept password authentication
requests of length greater than 1024 characters. Independently
reported by Tomas Kuthan (Oracle), Andres Rojas and Javier Nieto.
* sshd(8): Mitigate timing differences in password authentication
that could be used to discern valid from invalid account names
when long passwords were sent and particular password hashing
algorithms are in use on the server. CVE-2016-6210, reported by
EddieEzra.Harari at verint.com
* ssh(1), sshd(8): Fix observable timing weakness in the CBC padding
oracle countermeasures. Reported by Jean Paul Degabriele, Kenny
Paterson, Torben Hansen and Martin Albrecht. Note that CBC ciphers
are disabled by default and only included for legacy compatibility.
* ssh(1), sshd(8): Improve operation ordering of MAC verification for
Encrypt-then-MAC (EtM) mode transport MAC algorithms to verify the
MAC before decrypting any ciphertext. This removes the possibility
of timing differences leaking facts about the plaintext, though no
such leakage has been observed. Reported by Jean Paul Degabriele,
Kenny Paterson, Torben Hansen and Martin Albrecht.
* sshd(8): (portable only) Ignore PAM environment vars when
UseLogin=yes. If PAM is configured to read user-specified
environment variables and UseLogin=yes in sshd_config, then a
hostile local user may attack /bin/login via LD_PRELOAD or
similar environment variables set via PAM. CVE-2015-8325,
found by Shayan Sadigh.
New Features
------------
* ssh(1): Add a ProxyJump option and corresponding -J command-line
flag to allow simplified indirection through a one or more SSH
bastions or "jump hosts".
* ssh(1): Add an IdentityAgent option to allow specifying specific
agent sockets instead of accepting one from the environment.
* ssh(1): Allow ExitOnForwardFailure and ClearAllForwardings to be
optionally overridden when using ssh -W. bz#2577
* ssh(1), sshd(8): Implement support for the IUTF8 terminal mode as
per draft-sgtatham-secsh-iutf8-00.
* ssh(1), sshd(8): Add support for additional fixed Diffie-Hellman
2K, 4K and 8K groups from draft-ietf-curdle-ssh-kex-sha2-03.
* ssh-keygen(1), ssh(1), sshd(8): support SHA256 and SHA512 RSA
signatures in certificates;
* ssh(1): Add an Include directive for ssh_config(5) files.
* ssh(1): Permit UTF-8 characters in pre-authentication banners sent
from the server. bz#2058
Bugfixes
--------
* ssh(1), sshd(8): Reduce the syslog level of some relatively common
protocol events from LOG_CRIT. bz#2585
* sshd(8): Refuse AuthenticationMethods="" in configurations and
accept AuthenticationMethods=any for the default behaviour of not
requiring multiple authentication. bz#2398
* sshd(8): Remove obsolete and misleading "POSSIBLE BREAK-IN
ATTEMPT!" message when forward and reverse DNS don't match. bz#2585
* ssh(1): Close ControlPersist background process stderr except
in debug mode or when logging to syslog. bz#1988
* misc: Make PROTOCOL description for direct-streamlocal@openssh.com
channel open messages match deployed code. bz#2529
* ssh(1): Deduplicate LocalForward and RemoteForward entries to fix
failures when both ExitOnForwardFailure and hostname
canonicalisation are enabled. bz#2562
* sshd(8): Remove fallback from moduli to obsolete "primes" file
that was deprecated in 2001. bz#2559.
* sshd_config(5): Correct description of UseDNS: it affects ssh
hostname processing for authorized_keys, not known_hosts; bz#2554
* ssh(1): Fix authentication using lone certificate keys in an agent
without corresponding private keys on the filesystem. bz#2550
* sshd(8): Send ClientAliveInterval pings when a time-based
RekeyLimit is set; previously keepalive packets were not being
sent. bz#2252
|
|
|
|
This package disables guile unconditionally. This just changes the
comment to not include 2.0 instead of not including 1.8, to reduce the
number of packages that look like they need updating.
|
|
Security
- Fixed missing padding length check required by PKCS1 v2.2 in
mbedtls_rsa_rsaes_pkcs1_v15_decrypt(). (considered low impact)
- Fixed potential integer overflow to buffer overflow in
mbedtls_rsa_rsaes_pkcs1_v15_encrypt() and
mbedtls_rsa_rsaes_oaep_encrypt(). (not triggerable remotely in
(D)TLS).
- Fixed potential integer underflow to buffer overread in
mbedtls_rsa_rsaes_oaep_decrypt(). It is not triggerable remotely
in SSL/TLS.
Bugfix
- Fixed bug in mbedtls_mpi_add_mpi() that caused wrong results
when the three arguments were the same (in-place doubling). #309
- Fixed issue in Makefile that prevented building using armar.
#386
- Fixed issue that caused a hang when generating RSA keys of odd
bitlength.
- Fixed bug in mbedtls_rsa_rsaes_pkcs1_v15_encrypt() that made
null pointer dereference possible.
- Fixed issue that caused a crash if invalid curves were passed to
mbedtls_ssl_conf_curves(). #373
Changes
- On ARM platforms, when compiling with -O0 with GCC, Clang or
armcc5, don't use the optimized assembly for bignum
multiplication. This removes the need to pass -fomit-frame-pointer
to avoid a build error with -O0.
- Disabled SSLv3 in the default configuration.
|
|
|
|
What's new in Sudo 1.8.17p1
* Fixed a bug introduced in 1.8.17 where the user's groups were
not set on systems that don't use PAM. Bug #749.
What's new in Sudo 1.8.17
* On AIX, if /etc/security/login.cfg has auth_type set to PAM_AUTH
but pam_start(3) fails, fall back to AIX authentication.
Bug #740.
* Sudo now takes all sudoers sources into account when determining
whether or not "sudo -l" or "sudo -b" should prompt for a password.
In other words, if both file and ldap sudoers sources are in
specified in /etc/nsswitch.conf, "sudo -v" will now require that
all entries in both sources be have NOPASSWD (file) or !authenticate
(ldap) in the entries.
* Sudo now ignores SIGPIPE until the command is executed. Previously,
SIGPIPE was only ignored in a few select places. Bug #739.
* Fixed a bug introduced in sudo 1.8.14 where (non-syslog) log
file entries were missing the newline when loglinelen is set to
a non-positive number. Bug #742.
* Unix groups are now set before the plugin session intialization
code is run. This makes it possible to use dynamic groups with
the Linux-PAM pam_group module.
* Fixed a bug where a debugging statement could dereference a NULL
pointer when looking up a group that doesn't exist. Bug #743.
* Sudo has been run through the Coverity code scanner. A number of
minor bugs have been fixed as a result. None were security issues.
* SELinux support, which was broken in 1.8.16, has been repaired.
* Fixed a bug when logging I/O where all output buffers might not
get flushed at exit.
* Forward slashes are no longer escaped in the JSON output of
"visudo -x". This was never required by the standard and not
escaping them improves readability of the output.
* Sudo no longer treats PAM_SESSION_ERR as a fatal error when
opening the PAM session. Other errors from pam_open_session()
are still treated as fatal. This avoids the "policy plugin
failed session initialization" error message seen on some systems.
* Korean translation for sudo and sudoers from translationproject.org.
* Fixed a bug on AIX where the stack size hard resource limit was
being set to 2GB instead of 4GB on 64-bit systems.
* The SSSD backend now properly supports "sudo -U otheruser -l".
* The SSSD backend now uses the value of "ipa_hostname"
from sssd.conf, if specified, when matching the host name.
* Fixed a hang on some systems when the command is being run in
a pty and it failed to execute.
* When performing a wildcard match in sudoers, check for an exact
string match if the user command was fully-qualified (or resolved
via the PATH). This fixes an issue executing scripts on Linux
when there are multiple wildcard matches with the same base name.
Bug #746.
What's new in Sudo 1.8.16
* Fixed a compilation error on Solaris 10 with Stun Studio 12.
Bug #727.
* When preserving variables from the invoking user's environment, if
there are duplicates sudo now only keeps the first instance.
* Fixed a bug that could cause warning mail to be sent in list
mode (sudo -l) for users without sudo privileges when the
LDAP and sssd backends are used.
* Fixed a bug that prevented the "mail_no_user" option from working
properly with the LDAP backend.
* In the LDAP and sssd backends, white space is now ignored between
an operator (!, +, +=, -=) when parsing a sudoOption.
* It is now possible to disable Path settings in sudo.conf
by omitting the path name.
* The sudoedit_checkdir Defaults option is now enabled by default
and has been extended. When editing files with sudoedit, each
directory in the path to be edited is now checked. If a directory
is writable by the invoking user, symbolic links will not be
followed. If the parent directory of the file to be edited is
writable, sudoedit will refuse to edit it.
Bug #707.
* The netgroup_tuple Defaults option has been added to enable matching
of the entire netgroup tuple, not just the host or user portion.
Bug #717.
* When matching commands based on the SHA2 digest, sudo will now
use fexecve(2) to execute the command if it is available. This
fixes a time of check versus time of use race condition when the
directory holding the command is writable by the invoking user.
* On AIX systems, sudo now caches the auth registry string along
with password and group information. This fixes a potential
problem when a user or group of the same name exists in multiple
auth registries. For example, local and LDAP.
* Fixed a crash in the SSSD backend when the invoking user is not
found. Bug #732.
* Added the --enable-asan configure flag to enable address sanitizer
support. A few minor memory leaks have been plugged to quiet
the ASAN leak detector.
* The value of _PATH_SUDO_CONF may once again be overridden via
the Makefile. Bug #735.
* The sudoers2ldif script now handles multiple roles with same name.
* Fixed a compilation error on systems that have the posix_spawn()
and posix_spawnp() functions but an unusable spawn.h header.
Bug #730.
* Fixed support for negating character classes in sudo's version
of the fnmatch() function.
* Fixed a bug in the LDAP and SSSD backends that could allow an
unauthorized user to list another user's privileges. Bug #738.
* The PAM conversation function now works around an ambiguity in the
PAM spec with respect to multiple messages. Bug #726.
|
|
|
|
for SunOS, while fixing a declaration prototype to match the definition.
PR pkg/47436
bump PKGREVISION
|
|
|