| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
0.8.0 (2022-12-08)
Features
Add support for Python 3.11
Introduce granted scopes to credentials
|
|
Certbot 2.1.0
Fixed
Interfaces which plugins register themselves as implementing without inheriting from them now show up in certbot plugins output.
IPluginFactory, IPlugin, IAuthenticator and IInstaller have been re-added to
certbot.interfaces.
This is to fix compatibility with a number of third-party DNS plugins which may
have started erroring with AttributeError in Certbot v2.0.0.
Plugin authors can find more information about Certbot 2.x compatibility
here.
A bug causing our certbot-apache tests to crash on some systems has been resolved.
|
|
2.15.0 (2022-12-01)
Features
Add api_key credentials
Introduce a way to provide scopes granted by user
Bug Fixes
Allow mtls sts endpoint for external account token urls.
CI broken by removal of py.path
Ensure JWT segments have the right types
Updated the lower bound of interactive timeout and fix the kwarg…
|
|
|
|
oauth2c is a command-line tool that simplifies the process of
experimenting with different grant types and client authentication
methods for OAuth 2.0.
* Simple and intuitive interface for quickly experimenting with
different OAuth 2.0 grant types and client authentication methods
* Supports all modern OAuth 2.0 grant types: authorization code,
implicit, password, client credentials, refresh token, JWT bearer
* Supports all client authentication methods: client secret basic,
client secret post, client secret JWT, private key JWT, TLS client
auth
|
|
Version 1.2.0
Not passing request.body to ResourceProtector
Use flask.g instead of _app_ctx_stack
Add headers parameter back to ClientSecretJWT
Always passing realm parameter in OAuth 1 clients
Implemented RFC7592 Dynamic Client Registration Management Protocol
Add default_timeout for requests OAuth2Session and AssertionSession.
Deprecate jwk.loads and jwk.dumps
|
|
|
|
2022.12.7
Unknown changes
|
|
|
|
git-crypt enables transparent encryption and decryption of files in a
git repository. Files which you choose to protect are encrypted when
committed, and decrypted when checked out. git-crypt lets you freely
share a repository containing a mix of public and private content.
git-crypt gracefully degrades, so developers without the secret key can
still clone and commit to a repository with encrypted files. This lets
you store your secret material (such as keys or passwords) in the same
repository as your code, without requiring you to lock down your entire
repository.
|
|
Update PLIST to fix build problem.
|
|
6.2.1 (2022-11-11)
* Removed old rdoc folder that was triggering a security warning due to an
old version of JQuery being included in the HTML docs. This has no impact
on the Ruby library.
|
|
pkgsrc change: make CATEGORIES to security.
There are changes entries before 7.0.0. Please refer
<https://github.com/net-ssh/net-ssh/compare/v6.1.0...v7.0.1> for 7.0.0 and
later changes.
6.3.0 beta1
* Support cert based host key auth, fix asterisk in known_hosts [#833]
* Support kex dh-group14-sha256 [#795]
* Fix StrictHostKeyChecking ssh config parameter translation [#765]
6.2.0 rc1
6.2.0 beta1
* rsa-sha2-512, rsa-sha2-256 host_key algs [#771]
* JRuby aes*-ctr suppport [#767]
|
|
* net-ssh7.* support.
|
|
|
|
|
|
[0.9.2] - 2022-12-02
Changed
- Bump dependencies
- Bump the Rust version in Dockerfile
- Update Docker build badge in README.md
- Bump Debian distribution in Dockerfile
Fixed
- Fix typos (#45)
- Apply clippy lints
|
|
Old version is not compatible with python311.
|
|
|
|
Detach from the qca2 build as a newer release is now required for QT5. I was
unable to find a list of changes since 2.2.1.
|
|
2.4.7
Fixed
* Fixed a timestamp parsing bug that occurred with some vulnerability
reports provided by the OSV service
|
|
|
|
|
|
Volatility is the world's most widely used framework for extracting digital
artifacts from volatile memory (RAM) samples. The extraction techniques are
performed completely independent of the system being investigated but offer
visibility into the runtime state of the system. The framework is intended to
introduce people to the techniques and complexities associated with extracting
digital artifacts from volatile memory samples and provide a platform for
further work into this exciting area of research.
|
|
|
|
|
|
YARA v4.2.3
BUGFIX: Fix security issue that can lead to arbitrary code execution.
BUGFIX: Fix incorrect logic in expressions like <quantifier> of <string_set> in (start..end
|
|
38.0.4 - 2022-11-27
Fixed compilation when using LibreSSL 3.6.0.
Fixed error when using py2app to build an application with a cryptography dependency.
|
|
This is the latest version, with no real pkgsrc-related changes.
|
|
3.16.0
New features
Build wheels for musl Linux. Thanks to Ben Raz.
Resolved issues
ARC4 now also works with ‘keys’ as short as 8 bits.
fix segfaults when running in a manylinux2010 i686 image.
|
|
Change log:
### mate-polkit 1.26.1
* Translations update
* Fix segfault from gdk_x11_get_server_time if not on X11
### mate-polkit 1.26.0
* Translations update
* update copyright to 2021
### mate-polkit 1.25.0
* Translations update
* Remove USE_MATE2_MACROS from autogen.sh (legacy)
* add git.mk to generate .gitignore
* build: silent build warnings for distcheck
|
|
Certbot 2.0.0
Added
Support for Python 3.11 was added to Certbot and all of its components.
acme.challenges.HTTP01Response.simple_verify now accepts a timeout argument which defaults to 30 that causes the verification request to timeout after that many seconds.
Changed
The default key type for new certificates is now ECDSA secp256r1 (P-256). It was previously RSA 2048-bit. Existing certificates are not affected.
The Apache plugin no longer supports Apache 2.2.
acme and Certbot no longer support versions of ACME from before the RFC 8555 standard.
acme and Certbot no longer support the old urn:acme:error: ACME error prefix.
Removed the deprecated certbot-dns-cloudxns plugin.
Certbot will now error if a certificate has --reuse-key set and a conflicting --key-type, --key-size or --elliptic-curve is requested on the CLI. Use --new-key to change the key while preserving --reuse-key.
3rd party plugins no longer support the dist_name:plugin_name format on the CLI and in configuration files. Use the shorter plugin_name format.
acme.client.Client, acme.client.ClientBase, acme.client.BackwardsCompatibleClientV2, acme.mixins, acme.client.DER_CONTENT_TYPE, acme.fields.Resource, acme.fields.resource, acme.magic_typing, acme.messages.OLD_ERROR_PREFIX, acme.messages.Directory.register, acme.messages.Authorization.resolved_combinations, acme.messages.Authorization.combinations have been removed.
acme.messages.Directory now only supports lookups by the exact resource name string in the ACME directory (e.g. directory['newOrder']).
Removed the deprecated source_address argument for acme.client.ClientNetwork.
The zope based interfaces in certbot.interfaces have been removed in favor of the abc based interfaces found in the same module.
Certbot no longer depends on zope.
Removed deprecated function certbot.util.get_strict_version.
Removed deprecated functions certbot.crypto_util.init_save_csr, certbot.crypto_util.init_save_key,
and certbot.compat.misc.execute_command
The attributes FileDisplay, NoninteractiveDisplay, SIDE_FRAME, input_with_timeout, separate_list_input, summarize_domain_list, HELP, and ESC from certbot.display.util have been removed.
Removed deprecated functions certbot.tests.util.patch_get_utility*. Plugins should now
patch certbot.display.util themselves in their tests or use
certbot.tests.util.patch_display_util as a temporary workaround.
Certbot's test API under certbot.tests now uses unittest.mock instead of the 3rd party mock library.
Fixed
Fixes a bug where the certbot working directory has unusably restrictive permissions on systems with stricter default umasks.
Requests to subscribe to the EFF mailing list now time out after 60 seconds.
|
|
Qt6 module with network auth libraries.
|
|
2.4.6
Fixed
* Fixed an incorrect interaction between `--desc=auto` and `--format=json`;
`--desc=auto` now includes the description in the generated JSON report,
as intended
* Fixed a bug in dependency resolution with third-party indices where
relative URLs were not resolved correctly
2.4.5
ixed
* Fixed an issue where audits done with the PyPI vulnerability service (the
default) were not correctly filtered by "withdrawn" status; "withdrawn"
vulnerabilities are now excluded
* Fixed an issue where audits done with the OSV vulnerability service (`-s osv`)
were not correctly filtered by "withdrawn" status; "withdrawn" vulnerabilities
are now excluded
* Fixed `pip-audit`'s handling of URL-style requirements in `--no-deps` mode
(URL requirements are now treated as skipped, rather than producing
an error due to a lack of pinning)
|
|
Version 2.19.3, 2022-11-16
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* CVE-2022-43705: A malicious OCSP responder could forge OCSP
responses due to a failure to validate that an embedded certificate
was issued by the end-entity issuing certificate authority.
|
|
|
|
Heimdal 7.8 Latest
This release includes both the Heimdal 7.7.1 Security Vulnerability fixes and non-Security bug fixes/improvements.
Security Vulnerabilities:
CVE-2022-42898 PAC parse integer overflows
CVE-2022-3437 Overflows and non-constant time leaks in DES{,3} and arcfour
CVE-2022-41916 Fix Unicode normalization read of 1 bytes past end of array
CVE-2021-44758 A null pointer de-reference DoS in SPNEGO acceptors
CVE-2021-3671 A null pointer de-reference when handling missing sname in TGS-REQ
CVE-2022-44640 Heimdal KDC: invalid free in ASN.1 codec
Note that CVE-2022-44640 is a severe vulnerability, possibly a 10.0
on the Common Vulnerability Scoring System (CVSS) v3, as we believe
it should be possible to get an RCE on a KDC, which means that
credentials can be compromised that can be used to impersonate
anyone in a realm or forest of realms.
Heimdal's ASN.1 compiler generates code that allows specially
crafted DER encodings of CHOICEs to invoke the wrong free function
on the decoded structure upon decode error. This is known to impact
the Heimdal KDC, leading to an invalid free() of an address partly
or wholly under the control of the attacker, in turn leading to a
potential remote code execution (RCE) vulnerability.
This error affects the DER codec for all extensible CHOICE types
used in Heimdal, though not all cases will be exploitable. We have
not completed a thorough analysis of all the Heimdal components
affected, thus the Kerberos client, the X.509 library, and other
parts, may be affected as well.
This bug has been in Heimdal's ASN.1 compiler since 2005, but it may
only affect Heimdal 1.6 and up. It was first reported by Douglas
Bagnall, though it had been found independently by the Heimdal
maintainers via fuzzing a few weeks earlier.
While no zero-day exploit is known, such an exploit will likely be
available soon after public disclosure.
CVE-2019-14870: Validate client attributes in protocol-transition
CVE-2019-14870: Apply forwardable policy in protocol-transition
CVE-2019-14870: Always lookup impersonate client in DB
Other changes:
Bugs found by UBSAN (including the incorrect encoding of unconstrained
INTEGER value -1).
Errors found by the LLVM scan-build static analyzer.
Errors found by the valgrind memory debugger.
Work around GCC Bug 95189 (memcmp wrongly stripped like strcmp).
Correct ASN.1 OID typo for SHA-384
Fix a deadlock in in the MEMORY ccache type.
TGS: strip forwardable and proxiable flags if the server is
disallowed.
CVE-2019-14870: Validate client attributes in protocol-transition
CVE-2019-14870: Apply forwardable policy in protocol-transition
CVE-2019-14870: Always lookup impersonate client in DB
Incremental HDB propagation improvements
Refactor send_diffs making it progressive
Handle partial writes on non-blocking sockets
Disable Nagle in iprop master and slave
Use async I/O
Don't send I_HAVE in response to AYT
Do not recover log in kadm5_get_principal()
Don't send diffs to slaves with not yet known version
Don't stutter in send_diffs
Optional backwards-compatible anon-pkinit behavior
|
|
These are currently duplicated in mk/platform/SunOS.mk but the generic
removals will be removed soon in favour of per-package removals, due to
flags getting leaked into installed files.
|
|
|
|
0.7.1 (2022-11-03)
Bug Fixes
Include updates to properties from Google Auth lib
|
|
2.14.1 (2022-11-07)
Bug Fixes
Apply quota project for compute cred in adc
Update minimum required version of cryptography in pyopenssl extra
Validate url domain for aws metadata urls
|
|
Release v1.8.2: Klipspringer (Patch 2) Latest
Added Python 3.11 wheel - #303
Release v1.8.1: Klipspringer (Patch 1)
Bumped minimum Python version to Python 3.7 - #299
Release v1.8.0: Klipspringer
Created PEP 517 compliant sdist
No longer include cythonised files in sdist as they can be built on install time with Cython
The Cython build requirement will be automatically resolved by pip and other tools due to PEP 517 metadata
|
|
2.12.0 2022-11-04
[Feature] Add a transport_factory kwarg to SSHClient.connect for advanced users to gain more control over early Transport setup and manipulation. Thanks to Noah Pederson for the patch.
|
|
Changes since v1.0.1:
July 13, 2022:
Fix a security bug and an issue.
Point::steg_encode was leaving the 24 high bits of the buffer as zero.
It also ignored the size parameter. The size parameter has now been
removed, the zeros fixed and a test added to make sure that it is fixed.
Per https://github.com/MystenLabs/ed25519-unsafe-libs, deprecate eddsa
signing with separate pubkey and privkey input. Instead decaf_ed*_keypair_sign.
Release v1.0.2.
|
|
devel/libjit, devel/m17n-lib, devel/quilt, devel/treecc, emulators/simulavr,
fonts/jomolhari-ttf, graphics/dvipng, graphics/freetype2, graphics/libotf,
ham/xlog, misc/color-theme, misc/m17n-db, multimedia/flvstreamer,
net/mimms, print/chktex, security/oath-toolkit, sysutils/attr,
sysutils/pidof, sysutils/renameutils, textproc/lout:
change MASTER_SITES from http://download.savannah.gnu.org to https://download.savannah.gnu.org
|
|
Changes since v5.5.1:
wolfSSL Release 5.5.3 (Nov 2, 2022)
Release 5.5.3 of wolfSSL embedded TLS has the following bug fix:
Fixes
* Fix for possible buffer zeroization overrun introduced at the end of v5.5.2
release cycle in GitHub pull request 5743
(https://github.com/wolfSSL/wolfssl/pull/5743) and fixed in pull request 5757
(https://github.com/wolfSSL/wolfssl/pull/5757). In the case where a specific
memory allocation failed or a hardware fault happened there was the potential
for an overrun of 0’s when masking the buffer used for (D)TLS 1.2 and lower
operations. (D)TLS 1.3 only and crypto only users are not affected by the
issue. This is not related in any way to recent issues reported in OpenSSL.
wolfSSL Release 5.5.2 (Oct 28, 2022)
Release 5.5.2 of wolfSSL embedded TLS has bug fixes and new features including:
Vulnerabilities
* [Med] In the case that the WOLFSSL_CALLBACKS macro is set when building
wolfSSL, there is a potential heap over read of 5 bytes when handling TLS 1.3
client connections. This heap over read is limited to wolfSSL builds
explicitly setting the macro WOLFSSL_CALLBACKS, the feature does not get
turned on by any other build options. The macro WOLFSSL_CALLBACKS is intended
for debug use only, but if having it enabled in production, users are
recommended to disable WOLFSSL_CALLBACKS. Users enabling WOLFSSL_CALLBACKS are
recommended to update their version of wolfSSL. Thanks to Lucca Hirschi and
Steve Kremer from LORIA, Inria and Max Ammann from Trail of Bits for finding
and reporting the bug with the tlspuffin tool developed partly at LORIA and
Trail of Bits. CVE 2022-42905
Release 5.5.2 of wolfSSL embedded TLS has bug fixes and new features including:
New Feature Additions
* Add function wolfSSL_CTX_load_system_CA_certs to load system CA certs into a
WOLFSSL_CTX and --sys-ca-certs option to example client
* Add wolfSSL_set1_host to OpenSSL compatible API
* Added the function sk_X509_shift
* AES x86 ASM for AES-CBC and GCM performance enhancements
* Add assembly for AES for ARM32 without using crypto hardware instructions
* Xilinx Versal port and hardware acceleration tie in
* SP Cortex-M support for ICCARM
Enhancements
* Add snifftest vcxproj file and documentation
* Nucleus Thread Types supported
* Handle certificates with RSA-PSS signature that have RSAk public keys
* Small stack build improvements
* DTLS 1.3 improvements for Alerts and unit tests
* Add a binary search for CRL
* Improvement of SSL/CTX_set_max_early_data() for client side
* Remove unused ASN1_GENERALIZEDTIME enum value from wolfssl/ssl.h
* Add user_settings.h for Intel/M1 FIPSv2 macOS C++ projects
* Add dtlscid.test to ‘make check’ unit testing
* Generate an assembler-safe user_settings.h in configure.ac and CMakeLists.txt
* ForceZero enabled with USE_FAST_MATH
* Add TLS 1.3 support of ticketNonce sizes bigger than MAX_TICKET_NONCE_SZ
* FIPSv2 builds on win10 adjust for new fastmath default in settings.h
* Add IRQ install for Aruix example
Fixes
* When looking up the session by ID on the server, check that the protocol
version of the SSL and session match on TLS 1.3 or not
* Fix for potential EVP_PKEY_DH memory leak with OPENSSL_EXTRA
* Curve448 32-bit C code: handle corner case
* Fixup builds using WOLFSSL_LOG_PRINTF
* Correct DIST_POINT_NAME type value
* Do not perform IV Wrap test when using cert3389 inlined armasm
* Fix for Linux kernel module and stdio.h
* (D)TLS: send alert on version mismatch
* Fix PKCS#7 SignedData verification when signer cert is not first in SET
* Fix bug with wolfIO_TcpConnect not working with timeout on Windows
* Fix output length bug in SP non-blocking ECC shared secret gen
* Fix build with enable-fastmath and disable-rsa
* Correct wolfSSL_sk_X509_new in OpenSSL compatible API
* Fixes for SP and x86_64 with MSVC
* Fix wrong size using DTLSv1.3 in RestartHandshakeHashWithCookie
* Fix redundant file include with TI RTOS build
* Fix wolfCrypt only build with wincrypt.h
* DTLS 1.2: Reset state when sending HelloVerifyRequest
|
|
Change log:
lxqt-sudo-1.2.0 / 2022-11-05
=============================
* Updated translations and bumped the version.
|
|
Change log:
lxqt-openssh-askpass-1.2.0 / 2022-11-05
========================================
* Bumped the version to 1.2.0.
|
|
Change log:
lxqt-policykit-1.2.0 / 2022-11-05
==================================
* Updated translations and bumped the version.
|
|
|
