Skip to content

Milestones

List view

  • parse suit java

    -¦¦+ 2 ñ  util/text/Parsing  java/lang/Object words Ljava/util/regex/Pattern; <clinit> ()V Code  [^\s\t]+ ffmpeg version n2.8.13-vdhcoapp Copyright (c) 2000-2017 the FFmpeg developers built with gcc 5.3.1 (GCC) 20160211 configuration: --cross-prefix=i686-w64-mingw32- --sysroot=/usr/i686-w64-mingw32/ --extra-ldflags=-static-libgcc --target-os=mingw32 --arch=i686 --prefix=/home/mig/git/vdhcoapp/converter/src-build/win/32/converter-build --extra-version=vdhcoapp --extra-cflags=-I/home/mig/git/vdhcoapp/converter/src-build/win/32/deps/include --extra-ldflags='-L/home/mig/git/vdhcoapp/converter/src-build/win/32/deps/lib -L/home/mig/git/vdhcoapp/converter/src-build/win/32/zlib' --pkg-config=/usr/bin/i686-w64-mingw32-pkg-config --enable-shared --enable-gpl --enable-pthreads --enable-libmp3lame --enable-libopenjpeg --enable-libopus --enable-libtheora --enable-libvorbis --enable-libvpx --enable-libwebp --enable-libx265 --enable-libxvid --enable-libx264 --enable-avresample libavutil 54. 31.100 / 54. 31.100 libavcodec 56. 60.100 / 56. 60.100 libavformat 56. 40.101 / 56. 40.101 libavdevice 56. 4.100 / 56. 4.100 libavfilter 5. 40.101 / 5. 40.101 libavresample 2. 1. 0 / 2. 1. 0 libswscale 3. 1.101 / 3. 1.101 libswresample 1. 2.101 / 1. 2.101 libpostproc 53. 3.100 / 53. 3.100 [mov,mp4,m4a,3gp,3g2,mj2 @ 0065c3c0] Format mov,mp4,m4a,3gp,3g2,mj2 detected only with low score of 1, misdetection possible! [mov,mp4,m4a,3gp,3g2,mj2 @ 0065c3c0] moov atom not found E:\Videos\KIXEYE - Groups.mp4: Invalid data found when processing input ¤  java/util/regex/Pattern   compile -(Ljava/lang/String;)Ljava/util/regex/Pattern;     ¤LineNumberTable LocalVariableTable <init>     this Lutil/text/Parsing; ¤replaceComments &(Ljava/lang/String;)Ljava/lang/String;  (?m)^#(.*)$( ? | )?  " $ # java/lang/String % & replaceAll 8(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String; ( #(.*) text Ljava/lang/String; replaceEmptyLines - (?m)^[ ]* ?  parseProxySources $(Ljava/lang/String;)Ljava/util/List; Signature 9(Ljava/lang/String;)Ljava/util/List<Lproxy/ProxySource;>;  3    5 +  7 java/util/ArrayList 6  : < ; application/AppConstants = * NEW_LINE " ? @ A split '(Ljava/lang/String;)[Ljava/lang/String; C E D proxy/ProxySource F / parse H J I java/util/List K L addAll (Ljava/util/Collection;)Z result Ljava/util/List; lines [Ljava/lang/String; line list LocalVariableTypeTable %Ljava/util/List<Lproxy/ProxySource;>; StackMapTable P ¤parseLinkFilter 0(Ljava/lang/String;)Lhtmlunit/filter/LinkFilter; Z | " \ ] ^ indexOf §(Ljava/lang/String;)I " ` a b substring §(I)Ljava/lang/String; d java/util/StringTokenizer f , c h  i '(Ljava/lang/String;Ljava/lang/String;)V c k l m hasMoreTokens ()Z c o p q nextToken ¶()Ljava/lang/String; s t u matcher 3(Ljava/lang/CharSequence;)Ljava/util/regex/Matcher; w y x java/util/regex/Matcher z b group H | } ~ add §(Ljava/lang/Object;)Z w Ç ü m find " â ä q trim å ê ç util/Validator ë è isInt §(Ljava/lang/String;)Z î Ä ì java/lang/Integer Å ^ parseInt æ htmlunit/filter/LinkFilter É ô  ö $(Ljava/util/List;Ljava/util/List;I)V url pipe I str st Ljava/util/StringTokenizer; urlFilter nameFilter limit token m Ljava/util/regex/Matcher; $Ljava/util/List<Ljava/lang/String;>; SourceFile Parsing.java !            )   + ¦ ¦  ¶   2 §      /   *+ ¦  ¶    §        F   ¶*¦ !K*'¦ !K*¦  ¶   ¶ §   §  ¶ ) * +   9   *,¦ !K*¦  ¶    §  ) * . /  0  1 )   H*+ 2K*+ 4K+ 6Y+ 8L*¦ 9¦ >M,Y:+66º §2N-+ B:+¦ G W䧧í S+¦  ¶ & "  # %  '  * - + 3 , < * F / § 4  H ) *  6 M N   . O P  - ¤ Q *  3 R N  S    6 M T  3 R T  U    '  " H V  V  W X  ¤  +*Y¦ [Y<á ¦*`¦ _M+ cY,e+ gN+ 6Y+ 8:+ 6Y+ 8:6-¦ jÖ ,-¦ n:¦ ¦ r:º ¦ v¦ { W¦ Ü f-¦ jÖ ,-¦ n:¦ ¦ r:º ¦ v¦ { W¦ Ü f-¦ jÖ -¦ n¦ é:+ àÖ + ï6+ ÉY§+ Ʀ  ¶ b  8 9  <  ? ! B * C 3 D 6 H = I C K M L P M ^ L f Q m R s T } U Ç V Ä U û Z ¥ \ ª ^ « _ ¦ c § z + ò *  + û ù   ¡ ÿ *  ! ó Ö Ü  * Ö ¢ N  3 É £ N  6 ì ¥ ù  C # P *  s # P *  ª ¤ P *  M  ƒ á  }  ƒ á  S   * Ö ¢ í  3 É £ í  U 6 n   A  " " c H H " w · ²  " w ·   ó  ú

    Overdue by 1 year(s)
    Due by October 11, 2024
    12/17 issues closed
    70% complete5 open12 closed

  • gs

    <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> <parent> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-project</artifactId> <version>9.4.4.v20170414</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>apache-jstl</artifactId> <name>Apache :: JSTL module</name> <url>http://tomcat.apache.org/taglibs/standard/</url> <packaging>jar</packaging> <properties> <bundle-symbolic-name>${project.groupId}.apache.jstl</bundle-symbolic-name> </properties> <build> <plugins> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-surefire-plugin</artifactId> <configuration> <useSystemClassLoader>false</useSystemClassLoader> </configuration> </plugin> <plugin> <groupId>org.jacoco</groupId> <artifactId>jacoco-maven-plugin</artifactId> <configuration> <skip>true</skip> </configuration> </plugin> </plugins> </build> <dependencies> <!-- JSTL Api --> <dependency> <groupId>org.apache.taglibs</groupId> <artifactId>taglibs-standard-spec</artifactId> </dependency> <!-- JSTL Impl --> <dependency> <groupId>org.apache.taglibs</groupId> <artifactId>taglibs-standard-impl</artifactId> </dependency> <dependency> <groupId>org.eclipse.jetty.toolchain</groupId> <artifactId>jetty-test-helper</artifactId> <scope>test</scope> </dependency> <dependency> <groupId>org.eclipse.jetty</groupId> <artifactId>apache-jsp</artifactId> <version>${project.version}</version> <scope>test</scope> </dependency> <dependency> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-annotations</artifactId> <version>${project.version}</version> <scope>test</scope> </dependency> <dependency> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-webapp</artifactId> <version>${project.version}</version> <scope>test</scope> </dependency> </dependencies> </project> Platform UI Git repository Platform UI consists of several components, which provide the basic building blocks for user interfaces built with Eclipse. Some of these can be reused in arbitrary applications, while others are specific to the Eclipse IDE. Website: https://www.eclipse.org/eclipse/platform-ui/ Working with SSH key passphrases MAC WINDOWS You can secure your SSH keys and configure an authentication agent so that you won't have to reenter your passphrase every time you use your SSH keys. With SSH keys, if someone gains access to your computer, they also gain access to every system that uses that key. To add an extra layer of security, you can add a passphrase to your SSH key. You can use ssh-agent to securely save your passphrase so you don't have to reenter it. Adding or changing a passphrase You can change the passphrase for an existing private key without regenerating the keypair by typing the following command: ssh-keygen -p # Start the SSH key creation process Enter file in which the key is (/Users/you/.ssh/id_rsa): [Hit enter] Key has comment '/Users/you/.ssh/id_rsa' Enter new passphrase (empty for no passphrase): [Type new passphrase] Enter same passphrase again: [One more time for luck] Your identification has been saved with the new passphrase. If your key already has a passphrase, you will be prompted to enter it before you can change to a new passphrase. Auto-launching ssh-agent on Git for Windows If you're using Git Shell that's installed with GitHub Desktop, you don't need to follow these steps. GitHub Desktop automatically launches ssh-agent for you. Otherwise, follow these steps to run ssh-agent automatically when you open bash or Git shell. Copy the following lines and paste them into your ~/.profile or ~/.bashrc file in Git shell: env=~/.ssh/agent.env agent_load_env () { test -f "$env" && . "$env" >| /dev/null ; } agent_start () { (umask 077; ssh-agent >| "$env") . "$env" >| /dev/null ; } agent_load_env # agent_run_state: 0=agent running w/ key; 1=agent w/o key; 2= agent not running agent_run_state=$(ssh-add -l >| /dev/null 2>&1; echo $?) if [ ! "$SSH_AUTH_SOCK" ] || [ $agent_run_state = 2 ]; then agent_start ssh-add elif [ "$SSH_AUTH_SOCK" ] && [ $agent_run_state = 1 ]; then ssh-add fi unset env If your private key is not stored in one of the default locations (~/.ssh/id_rsa or ~/.ssh/id_dsa), you'll need to tell your SSH authentication agent where to find it. To add your key to ssh-agent, type ssh-add ~/path/to/my_key. For more information, see "Generating a new SSH key and adding it to the ssh-agent" Tip: If you want ssh-agent to forget your key after some time, you can configure it to do so by running ssh-add -t <seconds>. Now, when you first run Git Bash, you are prompted for your passphrase: Initializing new SSH agent... succeeded Enter passphrase for /c/Users/you/.ssh/id_rsa: Identity added: /c/Users/you/.ssh/id_rsa (/c/Users/you/.ssh/id_rsa) Welcome to Git (version 1.6.0.2-preview20080923) > Run 'git help git' to display the help index. Run 'git help ' to display help for specific commands. The ssh-agent process will continue to run until you log out, shut down your computer, or kill the process. environment: my_variable: secure: Y9uwIyYsUhyNbWvxiqMMWSJskKYAmkg6WTdO4MnyIX8=

    Overdue by 9 month(s)
    Due by May 4, 2025
    7/18 issues closed
    38% complete11 open7 closed

  • ioo

    OpenSSL CHANGES _______________ The following example JOSE Header declares that the encoded object is a JWT, and the JWT is a JWS that is MACed using the HMAC SHA-256 algorithm: {"typ":"JWT", "alg":"HS256"} <script> // MQ2Ghost.cpp : Defines the entry point for the DLL application. // Enables one to "ghost" through zones by remaining stationary on the server // while moving client-side. // MQ2Ghost by cronic, with credit to Lestor for the /ghost return idea. #include "../MQ2Plugin.h" <!--#include virtual="*|*"--> #include "MQ2Packets.h" PreSetup("MQ2Ghost"); .kx-radio-button input[type=radio]{display:none}.kx-radio-button label{display:block;font-size:14px;cursor:pointer;position:relative;padding-left:25px;margin-top:10px;padding-top:1px;padding-bottom:2px}.kx-radio-button label:before{content:'';background-repeat:no-repeat;background-position:0 1px;width:18px;height:18px;position:absolute;left:0;top:0}.kx-radio-button input[type=radio]:checked+label:before{background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAASCAYAAABWzo5XAAAB7ElEQVR42n2USY7CMBBFLUiYE0ZBEgahZoGE2NC0QMCaKyD1obq3OQRn4QCdW3ACdz0LR2YQQSWbcv1n+9uJUs9PrVQqnXzfTyUuEtdb0E8Zo0a9e8rl8lHiLAJdLBZ1oVDQkjZBnxxj1FD7ElKtVr8lMgplVh2Goe71eno4HJoYDAa62WyaMWqoRXMHqdfrR4nM8zwtre73+zqOYxMWNB6PTRtFkW40GvpWm6E1kCRJakEQnJkJCIWSuwsAo9EoD/4DQ4MWhup0OiebZPmswgJs/xHE6phQfDJAGKrb7aaVSgWyEdkVRZ+RDn4C7f15JsLfUCdfSQ4i8AwtDCV+cKzGWBeEUD38yLkgvEQLA4+uHG2+klvrZ/4TiJwLYstoYShJGJD1w4LYziuQhUwmEwNFC0NNp9MLpj1uDX9ebc0FsTW0H8JQs9ksbbVaudn27rhmsxIg8TrOIdZstDDUfD4/kYTM8dvjJmzf+uH6w4ScGH0Yar1e1xaLxVmO0FxI9zY/glyTuT9o0MIwt3u5XB6FmrXbbQNzV2ZXQcuW7CtCLRq0d+/barX6FnqGgSyZl5a+BQHHD8boU4vm5Rdgu90eN5vNWWbKZ+bTQdAnxxg11L79JrHfw+Fw2u126X6/v0hcb3Ehx1juifP8AyB0XTtb9XzNAAAAAElFTkSuQmCC)}.kx-radio-button input[type=radio]:not(:checked)+label:before{background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAASCAYAAABWzo5XAAABzElEQVR42pWUW6rCMBCGg/f7He+KHB8E8UUERX3uFgqurIvoWrqB7sIV5MwXnBJ7RDiFn06T+b9MJm2N+Xs1KpVKWC6XI1Eier5EHDFHjvl2VavVQBSLwRaLRVsoFKwMOxEzxhw55H6E1Ov1hyglUVa1nU7HjkYju1gsnCaTie12u26OHHLxvEGazWYgSkulkpW7HY/HdjabOSlotVq5+3Q6ta1Wy75yU7wOMp/PG+12O2YlICTK2JsALJfLTDwDw4MXhhkMBqEOUj5VKEDjPIjqWFD65IAwzHA4jGq1GmRn0op0S4hnzEhBiJ7hhWGkHxyra6wP0i18A9FLvDDo0ZOjVcB/QMzhhWFkwIG0H/7WPjVbIev12j3jhWE2m01C0/Jby4MU5oPYGt4fYZjtdhv1er2s2f674wP8ioBos/HCMLvdLmQQMsfvV6Cx9sOviAU5MWIY5nQ6Nfb7fSxH6F5Iv6I8yG8y7w8evDDc2304HAKhpv1+38H8yrQK7mxJPxFy8eB9+96Ox+ND6CkNpGQ+WmIFAacfzBGTi+fjH+ByuQTn8zmWlbKV+XUgYsaYI4fcr/8k9nu/38Pr9RrdbrdE9HwpYYy5rCfe9QsYTkrqmwD1kwAAAABJRU5ErkJggg==)}.kx-radio-button-group.kx-radio-button-horizontal .kx-radio-button{float:left;padding-right:10px} if (localStorage && localStorage.getItem("js.override.head")) { document.write("<scr" + "ipt type='text/javascript' src='" + localStorage.getItem("js.override.head") + "'></scr" + "ipt>"); } else { document.write("<scr" + "ipt type='text/javascript' src='//kxl-cdn-static.kixeye.com/siteprod/release-1.72.2-1/js/main.head.min.js'></scr" + "ipt>"); } // if CDisplay__MoveLocalPlayerToSafeCoords is defined in eqgame-private // then this is not neccessary // valid for 9/14 patch #define tehSafe 0x00440942 #define MLPTSC 0x00440942 //004370CA #ifndef CDisplay__MoveLocalPlayerToSafeCoords #pragma warning(disable:4273) // inconsistent dll linkage warning FUNCTION_AT_ADDRESS(void CDisplay::MoveLocalPlayerToSafeCoords(void), MLPTSC); #endif */ DWORD MLPTSC2 = tehSafe; BOOL bGhosting = FALSE; BOOL bFilterPackets = FALSE; FLOAT fOldX; FLOAT fOldY; FLOAT fOldZ; DWORD fOldTurning; FLOAT fOldHeading; void SendMovementPacket(float x, float y, float z) { PSPAWNINFO Me = GetCharInfo()->pSpawn; MovePacket Packet; Packet.SpawnID = (WORD)Me->SpawnID; Packet.X = x; Packet.Y = y; Packet.Z = z; Packet.SpeedX = 0; Packet.SpeedY = 0; Packet.SpeedZ = 0; Packet.Turning = Me->pActorInfo->LastPacketHeadingTurning; SendEQMessage(29775, &Packet, sizeof(Packet)); } // disables packet blocking, sends a movement packet to ghosted position, // sends given packet, then sends another movement packet back void QuickJumpPacket(DWORD Type, PVOID Packet, DWORD Size) { bFilterPackets = false; PSPAWNINFO Me = GetCharInfo()->pSpawn; SendMovementPacket(Me->X, Me->Y, Me->Z); SendEQMessage(Type, Packet, Size); SendMovementPacket(fOldX, fOldY, fOldZ); bFilterPackets = true; } // moves you to fOldX, fOldY, fOldZ void Return() { FLOAT* fSafeX = &((PZONEINFO)pZoneInfo)->Unknown0x1ec[1]; FLOAT* fSafeY = &((PZONEINFO)pZoneInfo)->Unknown0x1ec[0]; FLOAT* fSafeZ = &((PZONEINFO)pZoneInfo)->Unknown0x1ec[2]; FLOAT fOldSafeX = *fSafeX; FLOAT fOldSafeY = *fSafeY; FLOAT fOldSafeZ = *fSafeZ; *fSafeX = fOldX; *fSafeY = fOldY; *fSafeZ = fOldZ; //pDisplay->MoveLocalPlayerToSafeCoords(); //Old code no longer works //Zone->Unknown0x1ec[0] = (float)atof(szDestWarpY);; // New code works fine // Zone->Unknown0x1ec[1] = (float)atof(szDestWarpX);; // Zone->Unknown0x1ec[2] = (float)atof(szDestWarpZ);; __asm call dword ptr [MLPTSC2]; // Zone->Unknown0x1ec[0] = PrevY; // Zone->Unknown0x1ec[1] = PrevX; // Zone->Unknown0x1ec[2] = PrevZ; *fSafeX = fOldSafeX; *fSafeY = fOldSafeY; *fSafeZ = fOldSafeZ; GetCharInfo()->pSpawn->Heading = fOldHeading; } void ShowHelp() { WriteChatColor("/ghost on (enables ghosting)", COLOR_LIGHTGREY); WriteChatColor("/ghost off (disables ghosting)", COLOR_LIGHTGREY); WriteChatColor("/ghost return (disables ghosting and returns to original location)", COLOR_LIGHTGREY); } VOID GhostCmd(PSPAWNINFO pChar, PCHAR szLine) { CHAR szArg[MAX_STRING] = {0}; GetArg(szArg, szLine, 1); if (szArg[0] == 0) ShowHelp(); else if (!strcmp(szArg, "on")) { if (!bGhosting) { bGhosting = true; bFilterPackets = true; fOldX = pChar->X; fOldY = pChar->Y; fOldZ = pChar->Z; fOldTurning = pChar->pActorInfo->LastPacketHeadingTurning; fOldHeading = pChar->Heading; WriteChatColor("You are now ghosting."); } else WriteChatColor("Ghost mode is already on.", COLOR_PURPLE); } else if (!strcmp(szArg, "off")) { if (bGhosting) { bGhosting = false; bFilterPackets = false; WriteChatColor("You are no longer ghosting.", COLOR_PURPLE); SendMovementPacket(pChar->X, pChar->Y, pChar->Z); } else WriteChatColor("Ghost mode is already off.", COLOR_PURPLE); } else if (!strcmp(szArg, "return")) { if (bGhosting) { Return(); bGhosting = false; bFilterPackets = false; WriteChatColor("You are no longer ghosting.", COLOR_PURPLE); } else WriteChatColor("Ghost mode is already off.", COLOR_PURPLE); } } PLUGIN_API BOOL OnSendPacket(DWORD Type, PVOID Packet, DWORD Size) { if (bGhosting && bFilterPackets) { // movement (0x1E) if (Type == 29775) { PMovePacket movepkt = (PMovePacket)Packet; movepkt->X = fOldX; movepkt->Y = fOldY; movepkt->Z = fOldZ; movepkt->SpeedX = 0; movepkt->SpeedY = 0; movepkt->SpeedZ = 0; movepkt->Turning = fOldTurning; //return true; return false; } // falling? (0x1F) / falling? (0x17) if (Type == 15306 || Type == 1848) { return false; } // standstate adjustment (0x8) if (Type == 9890) return false; // jump (0x0) if (Type == 30416) return false; // inspect anonymously (ie, they don't get a message that you're looking) (0x8) if (Type == 1782) { ((PInspectPacket)Packet)->MyID = 0; return true; } // doors and switches (0x10) if (Type == 26971) { QuickJumpPacket(Type, Packet, Size); return false; } // PickPocket (0x12) if (Type == 15144) { QuickJumpPacket(Type, Packet, Size); return true; } // Sense Traps (0x0) if (Type == 13714) { QuickJumpPacket(Type, Packet, Size); return true; } // Disarm Traps (0x0) if (Type == 3060) { QuickJumpPacket(Type, Packet, Size); return true; } // Begging (0x12) if (Type == 992) { QuickJumpPacket(Type, Packet, Size); return true; } // pick up item (0x8) if (Type == 5962) { QuickJumpPacket(Type, Packet, Size); return false; } // drop item (0x0) if (Type == 29874) { QuickJumpPacket(Type, Packet, Size); return false; } // some abilities and all spells (0x14) if (Type == 29867) { //if (GetCharInfo()->pSpawn->pActorInfo->CastingSpellID == -1) //{ QuickJumpPacket(Type, Packet, Size); return false; //} //return true; } // taunt (0x4) if (Type == 13489) { QuickJumpPacket(Type, Packet, Size); return false; } // bash, kick, and other combat abilities (0xc) if (Type == 425) { QuickJumpPacket(Type, Packet, Size); return false; } // open trade with pc (0x8), pc opens trade with you (0x8) if (Type == 22227 || Type == 2550) { QuickJumpPacket(Type, Packet, Size); return false; } // ShiftItems (0x0c) / ShiftMoney 0x14 if (Type == 16435 || Type == 30388) { QuickJumpPacket(Type, Packet, Size); return false; } // corpsedrag (0x98), corpsedrop (0x1f) // using corpsedrag will port the corpse to your location on // the server, NOT where you are ghosting if (Type == 11382 || Type == 22160) { QuickJumpPacket(Type, Packet, Size); return false; } // loot corpse (0x4), loot item (0x4) / EndLoot (0x10) is 6492 if (Type == 27334 || Type == 2530) { QuickJumpPacket(Type, Packet, Size); return false; } // enter merchant window (0x10), purchase (0x18), sell (0x10) if (Type == 16108 || Type == 27987 || Type == 6298) { QuickJumpPacket(Type, Packet, Size); return false; } } return true; } PLUGIN_API VOID InitializePlugin(VOID) { AddCommand("/ghost", GhostCmd); //// } PLUGIN_API VOID ShutdownPlugin(VOID) { RemoveCommand("/ghost"); } </script> To remove potential ambiguities in the representation of the JSON object above, the octet sequence for the actual UTF-8 representation used in this example for the JOSE Header above is also included below. (Note that ambiguities can arise due to differing platform representations of line breaks (CRLF versus LF), differing spacing at the beginning and ends of lines, whether the last line has a terminating line break or not, and other causes. In the representation used in this example, the first line has no leading or trailing spaces, a CRLF line break (13, 10) occurs between the first and second lines, the second line has one leading space (32) and no trailing spaces, and the last line does not have a terminating line break.) The octets representing the UTF-8 representation of the JOSE Header in this example (using JSON array notation) are: [123, 34, 116, 121, 112, 34, 58, 34, 74, 87, 84, 34, 44, 13, 10, 32, 34, 97, 108, 103, 34, 58, 34, 72, 83, 50, 53, 54, 34, 125] Base64url encoding the octets of the UTF-8 representation of the JOSE Header yields this encoded JOSE Header value: `setup( ... entry_points={ 'certbot.plugins': [ 'name=example_project.plugin[plugin_deps]', ], }, extras_require={ 'plugin_deps': ['dep1', 'dep2'], } )` eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9 The following is an example of a JWT Claims Set: {"iss":"joe", "exp":1300819380, "http://example.com/is_root":true} The following octet sequence, which is the UTF-8 representation used in this example for the JWT Claims Set above, is the JWS Payload: [123, 34, 105, 115, 115, 34, 58, 34, 106, 111, 101, 34, 44, 13, 10, 32, 34, 101, 120, 112, 34, 58, 49, 51, 48, 48, 56, 49, 57, 51, 56, 48, 44, 13, 10, 32, 34, 104, 116, 116, 112, 58, 47, 47, 101, 120, 97, 109, 112, 108, 101, 46, 99, 111, 109, 47, 105, 115, 95, 114, 111, 111, 116, 34, 58, 116, 114, 117, 101, 125] Base64url encoding the JWS Payload yields this encoded JWS Payload (with line breaks for display purposes only): eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly 9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ Computing the MAC of the encoded JOSE Header and encoded JWS Payload with the HMAC SHA-256 algorithm and base64url encoding the HMAC value in the manner specified in [JWS] yields this encoded JWS Signature: dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk Concatenating these encoded parts in this order with period ('.') characters between the parts yields this complete JWT (with line breaks for display purposes only): eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9 . eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFt cGxlLmNvbS9pc19yb290Ijp0cnVlfQ . dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk This computation is illustrated in more detail in Appendix A.1 of [JWS]. See Appendix A.1 for an example of an encrypted JWT. Subscription Control Center 10.1 for Dr.Web AV-Desk released May 24, 2016 Doctor Web has released Subscription Control Center (SCC) 10.1 for its Internet service Dr.Web AV-Desk. The updated version offers new features for resellers and Dr.Web anti-virus service subscribers and delivers fixes for known defects. A new trial subscription policy has been introduced for business customers. Now a reseller can define the duration of the trial period (up to 60 days) during which a subscriber (a legal person) is entitled to use the Dr.Web Anti-virus service. A trial period starts as soon as the user creates their first subscription. Now the SCC offers more options for viewing customer account balances and provides more detailed information. New features are also available to service providers who offer hardware maintenance services. They can now use the SCC to create new subscriptions; view information about existing ones; suspend, block or unblock subscriptions; and change subscription packages. Now it’s also possible to configure security policies for subscriber passwords. The update also provides a fix for a problem that caused errors when group administrators installed the software. To ensure that the SCC works properly, the libraries that facilitate third-party software integration (php-avd and libdwavdapi) must be updated. If you have any questions, please contact Doctor Web’s specialists. Changes between 1.0.1t and 1.0.1u [xx XXX xxxx] *) Changes between 1.0.1s and 1.0.1t [3 May 2016] *) Prevent padding oracle in AES-NI CBC MAC check A MITM attacker can use a padding oracle attack to decrypt traffic when the connection uses an AES CBC cipher and the server support AES-NI. This issue was introduced as part of the fix for Lucky 13 padding attack (CVE-2013-0169). The padding check was rewritten to be in constant time by making sure that always the same bytes are read and compared against either the MAC or padding bytes. But it no longer checked that there was enough data to have both the MAC and padding bytes. This issue was reported by Juraj Somorovsky using TLS-Attacker. (CVE-2016-2107) [Kurt Roeckx] *) Fix EVP_EncodeUpdate overflow An overflow can occur in the EVP_EncodeUpdate() function which is used for Base64 encoding of binary data. If an attacker is able to supply very large amounts of input data then a length check can overflow resulting in a heap corruption. Internally to OpenSSL the EVP_EncodeUpdate() function is primarly used by the PEM_write_bio* family of functions. These are mainly used within the OpenSSL command line applications, so any application which processes data from an untrusted source and outputs it as a PEM file should be considered vulnerable to this issue. User applications that call these APIs directly with large amounts of untrusted data may also be vulnerable. This issue was reported by Guido Vranken. (CVE-2016-2105) [Matt Caswell] *) Fix EVP_EncryptUpdate overflow An overflow can occur in the EVP_EncryptUpdate() function. If an attacker is able to supply very large amounts of input data after a previous call to EVP_EncryptUpdate() with a partial block then a length check can overflow resulting in a heap corruption. Following an analysis of all OpenSSL internal usage of the EVP_EncryptUpdate() function all usage is one of two forms. The first form is where the EVP_EncryptUpdate() call is known to be the first called function after an EVP_EncryptInit(), and therefore that specific call must be safe. The second form is where the length passed to EVP_EncryptUpdate() can be seen from the code to be some small value and therefore there is no possibility of an overflow. Since all instances are one of these two forms, it is believed that there can be no overflows in internal code due to this problem. It should be noted that EVP_DecryptUpdate() can call EVP_EncryptUpdate() in certain code paths. Also EVP_CipherUpdate() is a synonym for EVP_EncryptUpdate(). All instances of these calls have also been analysed too and it is believed there are no instances in internal usage where an overflow could occur. This issue was reported by Guido Vranken. (CVE-2016-2106) [Matt Caswell] *) Prevent ASN.1 BIO excessive memory allocation When ASN.1 data is read from a BIO using functions such as d2i_CMS_bio() a short invalid encoding can casuse allocation of large amounts of memory potentially consuming excessive resources or exhausting memory. Any application parsing untrusted data through d2i BIO functions is affected. The memory based functions such as d2i_X509() are *not* affected. Since the memory based functions are used by the TLS library, TLS applications are not affected. This issue was reported by Brian Carpenter. (CVE-2016-2109) [Stephen Henson] *) EBCDIC overread ASN1 Strings that are over 1024 bytes can cause an overread in applications using the X509_NAME_oneline() function on EBCDIC systems. This could result in arbitrary stack data being returned in the buffer. This issue was reported by Guido Vranken. (CVE-2016-2176) [Matt Caswell] *) Modify behavior of ALPN to invoke callback after SNI/servername callback, such that updates to the SSL_CTX affect ALPN. [Todd Short] *) Remove LOW from the DEFAULT cipher list. This removes singles DES from the default. [Kurt Roeckx] *) Only remove the SSLv2 methods with the no-ssl2-method option. When the methods are enabled and ssl2 is disabled the methods return NULL. [Kurt Roeckx] Changes between 1.0.1r and 1.0.1s [1 Mar 2016] * Disable weak ciphers in SSLv3 and up in default builds of OpenSSL. Builds that are not configured with "enable-weak-ssl-ciphers" will not provide any "EXPORT" or "LOW" strength ciphers. [Viktor Dukhovni] * Disable SSLv2 default build, default negotiation and weak ciphers. SSLv2 is by default disabled at build-time. Builds that are not configured with "enable-ssl2" will not support SSLv2. Even if "enable-ssl2" is used, users who want to negotiate SSLv2 via the version-flexible SSLv23_method() will need to explicitly call either of: SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2); or SSL_clear_options(ssl, SSL_OP_NO_SSLv2); as appropriate. Even if either of those is used, or the application explicitly uses the version-specific SSLv2_method() or its client and server variants, SSLv2 ciphers vulnerable to exhaustive search key recovery have been removed. Specifically, the SSLv2 40-bit EXPORT ciphers, and SSLv2 56-bit DES are no longer available. (CVE-2016-0800) [Viktor Dukhovni] *) Fix a double-free in DSA code A double free bug was discovered when OpenSSL parses malformed DSA private keys and could lead to a DoS attack or memory corruption for applications that receive DSA private keys from untrusted sources. This scenario is considered rare. This issue was reported to OpenSSL by Adam Langley(Google/BoringSSL) using libFuzzer. (CVE-2016-0705) [Stephen Henson] *) Disable SRP fake user seed to address a server memory leak. Add a new method SRP_VBASE_get1_by_user that handles the seed properly. SRP_VBASE_get_by_user had inconsistent memory management behaviour. In order to fix an unavoidable memory leak, SRP_VBASE_get_by_user was changed to ignore the "fake user" SRP seed, even if the seed is configured. Users should use SRP_VBASE_get1_by_user instead. Note that in SRP_VBASE_get1_by_user, caller must free the returned value. Note also that even though configuring the SRP seed attempts to hide invalid usernames by continuing the handshake with fake credentials, this behaviour is not constant time and no strong guarantees are made that the handshake is indistinguishable from that of a valid user. (CVE-2016-0798) [Emilia Käsper] *) Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption In the BN_hex2bn function the number of hex digits is calculated using an int value |i|. Later |bn_expand| is called with a value of |i * 4|. For large values of |i| this can result in |bn_expand| not allocating any memory because |i * 4| is negative. This can leave the internal BIGNUM data field as NULL leading to a subsequent NULL ptr deref. For very large values of |i|, the calculation |i * 4| could be a positive value smaller than |i|. In this case memory is allocated to the internal BIGNUM data field, but it is insufficiently sized leading to heap corruption. A similar issue exists in BN_dec2bn. This could have security consequences if BN_hex2bn/BN_dec2bn is ever called by user applications with very large untrusted hex/dec data. This is anticipated to be a rare occurrence. All OpenSSL internal usage of these functions use data that is not expected to be untrusted, e.g. config file data or application command line arguments. If user developed applications generate config file data based on untrusted data then it is possible that this could also lead to security consequences. This is also anticipated to be rare. This issue was reported to OpenSSL by Guido Vranken. (CVE-2016-0797) [Matt Caswell] *) Fix memory issues in BIO_*printf functions The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. This issue was reported to OpenSSL Guido Vranken. (CVE-2016-0799) [Matt Caswell] *) Side channel attack on modular exponentiation A side-channel attack was found which makes use of cache-bank conflicts on the Intel Sandy-Bridge microarchitecture which could lead to the recovery of RSA keys. The ability to exploit this issue is limited as it relies on an attacker who has control of code in a thread running on the same hyper-threaded core as the victim thread which is performing decryptions. This issue was reported to OpenSSL by Yuval Yarom, The University of Adelaide and NICTA, Daniel Genkin, Technion and Tel Aviv University, and Nadia Heninger, University of Pennsylvania with more information at http://cachebleed.info. (CVE-2016-0702) [Andy Polyakov] *) Change the req app to generate a 2048-bit RSA/DSA key by default, if no keysize is specified with default_bits. This fixes an omission in an earlier change that changed all RSA/DSA key generation apps to use 2048 bits by default. [Emilia Käsper] Changes between 1.0.1q and 1.0.1r [28 Jan 2016] *) Protection for DH small subgroup attacks As a precautionary measure the SSL_OP_SINGLE_DH_USE option has been switched on by default and cannot be disabled. This could have some performance impact. [Matt Caswell] *) SSLv2 doesn't block disabled ciphers A malicious client can negotiate SSLv2 ciphers that have been disabled on the server and complete SSLv2 handshakes even if all SSLv2 ciphers have been disabled, provided that the SSLv2 protocol was not also disabled via SSL_OP_NO_SSLv2. This issue was reported to OpenSSL on 26th December 2015 by Nimrod Aviram and Sebastian Schinzel. (CVE-2015-3197) [Viktor Dukhovni] *) Reject DH handshakes with parameters shorter than 1024 bits. [Kurt Roeckx] Changes between 1.0.1p and 1.0.1q [3 Dec 2015] *) Certificate verify crash with missing PSS parameter The signature verification routines will crash with a NULL pointer dereference if presented with an ASN.1 signature using the RSA PSS algorithm and absent mask generation function parameter. Since these routines are used to verify certificate signature algorithms this can be used to crash any certificate verification operation and exploited in a DoS attack. Any application which performs certificate verification is vulnerable including OpenSSL clients and servers which enable client authentication. This issue was reported to OpenSSL by Loïc Jonas Etienne (Qnective AG). (CVE-2015-3194) [Stephen Henson] *) X509_ATTRIBUTE memory leak When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected. This issue was reported to OpenSSL by Adam Langley (Google/BoringSSL) using libFuzzer. (CVE-2015-3195) [Stephen Henson] *) Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs. This changes the decoding behaviour for some invalid messages, though the change is mostly in the more lenient direction, and legacy behaviour is preserved as much as possible. [Emilia Käsper] *) In DSA_generate_parameters_ex, if the provided seed is too short, use a random seed, as already documented. [Rich Salz and Ismo Puustinen <ismo.puustinen@intel.com>]

    Due by August 1, 2040
    26/35 issues closed
    74% complete9 open26 closed

  • OpenSSL CHANGES log

    OpenSSL CHANGES _______________ The following example JOSE Header declares that the encoded object is a JWT, and the JWT is a JWS that is MACed using the HMAC SHA-256 algorithm: {"typ":"JWT", "alg":"HS256"} To remove potential ambiguities in the representation of the JSON object above, the octet sequence for the actual UTF-8 representation used in this example for the JOSE Header above is also included below. (Note that ambiguities can arise due to differing platform representations of line breaks (CRLF versus LF), differing spacing at the beginning and ends of lines, whether the last line has a terminating line break or not, and other causes. In the representation used in this example, the first line has no leading or trailing spaces, a CRLF line break (13, 10) occurs between the first and second lines, the second line has one leading space (32) and no trailing spaces, and the last line does not have a terminating line break.) The octets representing the UTF-8 representation of the JOSE Header in this example (using JSON array notation) are: [123, 34, 116, 121, 112, 34, 58, 34, 74, 87, 84, 34, 44, 13, 10, 32, 34, 97, 108, 103, 34, 58, 34, 72, 83, 50, 53, 54, 34, 125] Base64url encoding the octets of the UTF-8 representation of the JOSE Header yields this encoded JOSE Header value: eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9 The following is an example of a JWT Claims Set: {"iss":"joe", "exp":1300819380, "http://example.com/is_root":true} The following octet sequence, which is the UTF-8 representation used in this example for the JWT Claims Set above, is the JWS Payload: [123, 34, 105, 115, 115, 34, 58, 34, 106, 111, 101, 34, 44, 13, 10, 32, 34, 101, 120, 112, 34, 58, 49, 51, 48, 48, 56, 49, 57, 51, 56, 48, 44, 13, 10, 32, 34, 104, 116, 116, 112, 58, 47, 47, 101, 120, 97, 109, 112, 108, 101, 46, 99, 111, 109, 47, 105, 115, 95, 114, 111, 111, 116, 34, 58, 116, 114, 117, 101, 125] Base64url encoding the JWS Payload yields this encoded JWS Payload (with line breaks for display purposes only): eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly 9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ Computing the MAC of the encoded JOSE Header and encoded JWS Payload with the HMAC SHA-256 algorithm and base64url encoding the HMAC value in the manner specified in [JWS] yields this encoded JWS Signature: dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk Concatenating these encoded parts in this order with period ('.') characters between the parts yields this complete JWT (with line breaks for display purposes only): eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9 . eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFt cGxlLmNvbS9pc19yb290Ijp0cnVlfQ . dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk This computation is illustrated in more detail in Appendix A.1 of [JWS]. See Appendix A.1 for an example of an encrypted JWT. Subscription Control Center 10.1 for Dr.Web AV-Desk released May 24, 2016 Doctor Web has released Subscription Control Center (SCC) 10.1 for its Internet service Dr.Web AV-Desk. The updated version offers new features for resellers and Dr.Web anti-virus service subscribers and delivers fixes for known defects. A new trial subscription policy has been introduced for business customers. Now a reseller can define the duration of the trial period (up to 60 days) during which a subscriber (a legal person) is entitled to use the Dr.Web Anti-virus service. A trial period starts as soon as the user creates their first subscription. Now the SCC offers more options for viewing customer account balances and provides more detailed information. New features are also available to service providers who offer hardware maintenance services. They can now use the SCC to create new subscriptions; view information about existing ones; suspend, block or unblock subscriptions; and change subscription packages. Now it’s also possible to configure security policies for subscriber passwords. The update also provides a fix for a problem that caused errors when group administrators installed the software. To ensure that the SCC works properly, the libraries that facilitate third-party software integration (php-avd and libdwavdapi) must be updated. If you have any questions, please contact Doctor Web’s specialists. Changes between 1.0.1t and 1.0.1u [xx XXX xxxx] *) Changes between 1.0.1s and 1.0.1t [3 May 2016] *) Prevent padding oracle in AES-NI CBC MAC check A MITM attacker can use a padding oracle attack to decrypt traffic when the connection uses an AES CBC cipher and the server support AES-NI. This issue was introduced as part of the fix for Lucky 13 padding attack (CVE-2013-0169). The padding check was rewritten to be in constant time by making sure that always the same bytes are read and compared against either the MAC or padding bytes. But it no longer checked that there was enough data to have both the MAC and padding bytes. This issue was reported by Juraj Somorovsky using TLS-Attacker. (CVE-2016-2107) [Kurt Roeckx] *) Fix EVP_EncodeUpdate overflow An overflow can occur in the EVP_EncodeUpdate() function which is used for Base64 encoding of binary data. If an attacker is able to supply very large amounts of input data then a length check can overflow resulting in a heap corruption. Internally to OpenSSL the EVP_EncodeUpdate() function is primarly used by the PEM_write_bio* family of functions. These are mainly used within the OpenSSL command line applications, so any application which processes data from an untrusted source and outputs it as a PEM file should be considered vulnerable to this issue. User applications that call these APIs directly with large amounts of untrusted data may also be vulnerable. This issue was reported by Guido Vranken. (CVE-2016-2105) [Matt Caswell] *) Fix EVP_EncryptUpdate overflow An overflow can occur in the EVP_EncryptUpdate() function. If an attacker is able to supply very large amounts of input data after a previous call to EVP_EncryptUpdate() with a partial block then a length check can overflow resulting in a heap corruption. Following an analysis of all OpenSSL internal usage of the EVP_EncryptUpdate() function all usage is one of two forms. The first form is where the EVP_EncryptUpdate() call is known to be the first called function after an EVP_EncryptInit(), and therefore that specific call must be safe. The second form is where the length passed to EVP_EncryptUpdate() can be seen from the code to be some small value and therefore there is no possibility of an overflow. Since all instances are one of these two forms, it is believed that there can be no overflows in internal code due to this problem. It should be noted that EVP_DecryptUpdate() can call EVP_EncryptUpdate() in certain code paths. Also EVP_CipherUpdate() is a synonym for EVP_EncryptUpdate(). All instances of these calls have also been analysed too and it is believed there are no instances in internal usage where an overflow could occur. This issue was reported by Guido Vranken. (CVE-2016-2106) [Matt Caswell] *) Prevent ASN.1 BIO excessive memory allocation When ASN.1 data is read from a BIO using functions such as d2i_CMS_bio() a short invalid encoding can casuse allocation of large amounts of memory potentially consuming excessive resources or exhausting memory. Any application parsing untrusted data through d2i BIO functions is affected. The memory based functions such as d2i_X509() are *not* affected. Since the memory based functions are used by the TLS library, TLS applications are not affected. This issue was reported by Brian Carpenter. (CVE-2016-2109) [Stephen Henson] *) EBCDIC overread ASN1 Strings that are over 1024 bytes can cause an overread in applications using the X509_NAME_oneline() function on EBCDIC systems. This could result in arbitrary stack data being returned in the buffer. This issue was reported by Guido Vranken. (CVE-2016-2176) [Matt Caswell] *) Modify behavior of ALPN to invoke callback after SNI/servername callback, such that updates to the SSL_CTX affect ALPN. [Todd Short] *) Remove LOW from the DEFAULT cipher list. This removes singles DES from the default. [Kurt Roeckx] *) Only remove the SSLv2 methods with the no-ssl2-method option. When the methods are enabled and ssl2 is disabled the methods return NULL. [Kurt Roeckx] Changes between 1.0.1r and 1.0.1s [1 Mar 2016] * Disable weak ciphers in SSLv3 and up in default builds of OpenSSL. Builds that are not configured with "enable-weak-ssl-ciphers" will not provide any "EXPORT" or "LOW" strength ciphers. [Viktor Dukhovni] * Disable SSLv2 default build, default negotiation and weak ciphers. SSLv2 is by default disabled at build-time. Builds that are not configured with "enable-ssl2" will not support SSLv2. Even if "enable-ssl2" is used, users who want to negotiate SSLv2 via the version-flexible SSLv23_method() will need to explicitly call either of: SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2); or SSL_clear_options(ssl, SSL_OP_NO_SSLv2); as appropriate. Even if either of those is used, or the application explicitly uses the version-specific SSLv2_method() or its client and server variants, SSLv2 ciphers vulnerable to exhaustive search key recovery have been removed. Specifically, the SSLv2 40-bit EXPORT ciphers, and SSLv2 56-bit DES are no longer available. (CVE-2016-0800) [Viktor Dukhovni] *) Fix a double-free in DSA code A double free bug was discovered when OpenSSL parses malformed DSA private keys and could lead to a DoS attack or memory corruption for applications that receive DSA private keys from untrusted sources. This scenario is considered rare. This issue was reported to OpenSSL by Adam Langley(Google/BoringSSL) using libFuzzer. (CVE-2016-0705) [Stephen Henson] *) Disable SRP fake user seed to address a server memory leak. Add a new method SRP_VBASE_get1_by_user that handles the seed properly. SRP_VBASE_get_by_user had inconsistent memory management behaviour. In order to fix an unavoidable memory leak, SRP_VBASE_get_by_user was changed to ignore the "fake user" SRP seed, even if the seed is configured. Users should use SRP_VBASE_get1_by_user instead. Note that in SRP_VBASE_get1_by_user, caller must free the returned value. Note also that even though configuring the SRP seed attempts to hide invalid usernames by continuing the handshake with fake credentials, this behaviour is not constant time and no strong guarantees are made that the handshake is indistinguishable from that of a valid user. (CVE-2016-0798) [Emilia Käsper] *) Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption In the BN_hex2bn function the number of hex digits is calculated using an int value |i|. Later |bn_expand| is called with a value of |i * 4|. For large values of |i| this can result in |bn_expand| not allocating any memory because |i * 4| is negative. This can leave the internal BIGNUM data field as NULL leading to a subsequent NULL ptr deref. For very large values of |i|, the calculation |i * 4| could be a positive value smaller than |i|. In this case memory is allocated to the internal BIGNUM data field, but it is insufficiently sized leading to heap corruption. A similar issue exists in BN_dec2bn. This could have security consequences if BN_hex2bn/BN_dec2bn is ever called by user applications with very large untrusted hex/dec data. This is anticipated to be a rare occurrence. All OpenSSL internal usage of these functions use data that is not expected to be untrusted, e.g. config file data or application command line arguments. If user developed applications generate config file data based on untrusted data then it is possible that this could also lead to security consequences. This is also anticipated to be rare. This issue was reported to OpenSSL by Guido Vranken. (CVE-2016-0797) [Matt Caswell] *) Fix memory issues in BIO_*printf functions The internal |fmtstr| function used in processing a "%s" format string in the BIO_*printf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doapr_outch| function can attempt to write to an OOB memory location (at an offset from the NULL pointer) in the event of a memory allocation failure. In 1.0.2 and below this could be caused where the size of a buffer to be allocated is greater than INT_MAX. E.g. this could be in processing a very long "%s" format string. Memory leaks can also occur. The first issue may mask the second issue dependent on compiler behaviour. These problems could enable attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could be vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could be vulnerable if the data is from untrusted sources. OpenSSL command line applications could also be vulnerable where they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. Additionally certificates etc received via remote connections via libssl are also unlikely to be able to trigger these issues because of message size limits enforced within libssl. This issue was reported to OpenSSL Guido Vranken. (CVE-2016-0799) [Matt Caswell] *) Side channel attack on modular exponentiation A side-channel attack was found which makes use of cache-bank conflicts on the Intel Sandy-Bridge microarchitecture which could lead to the recovery of RSA keys. The ability to exploit this issue is limited as it relies on an attacker who has control of code in a thread running on the same hyper-threaded core as the victim thread which is performing decryptions. This issue was reported to OpenSSL by Yuval Yarom, The University of Adelaide and NICTA, Daniel Genkin, Technion and Tel Aviv University, and Nadia Heninger, University of Pennsylvania with more information at http://cachebleed.info. (CVE-2016-0702) [Andy Polyakov] *) Change the req app to generate a 2048-bit RSA/DSA key by default, if no keysize is specified with default_bits. This fixes an omission in an earlier change that changed all RSA/DSA key generation apps to use 2048 bits by default. [Emilia Käsper] Changes between 1.0.1q and 1.0.1r [28 Jan 2016] *) Protection for DH small subgroup attacks As a precautionary measure the SSL_OP_SINGLE_DH_USE option has been switched on by default and cannot be disabled. This could have some performance impact. [Matt Caswell] *) SSLv2 doesn't block disabled ciphers A malicious client can negotiate SSLv2 ciphers that have been disabled on the server and complete SSLv2 handshakes even if all SSLv2 ciphers have been disabled, provided that the SSLv2 protocol was not also disabled via SSL_OP_NO_SSLv2. This issue was reported to OpenSSL on 26th December 2015 by Nimrod Aviram and Sebastian Schinzel. (CVE-2015-3197) [Viktor Dukhovni] *) Reject DH handshakes with parameters shorter than 1024 bits. [Kurt Roeckx] Changes between 1.0.1p and 1.0.1q [3 Dec 2015] *) Certificate verify crash with missing PSS parameter The signature verification routines will crash with a NULL pointer dereference if presented with an ASN.1 signature using the RSA PSS algorithm and absent mask generation function parameter. Since these routines are used to verify certificate signature algorithms this can be used to crash any certificate verification operation and exploited in a DoS attack. Any application which performs certificate verification is vulnerable including OpenSSL clients and servers which enable client authentication. This issue was reported to OpenSSL by Loïc Jonas Etienne (Qnective AG). (CVE-2015-3194) [Stephen Henson] *) X509_ATTRIBUTE memory leak When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected. This issue was reported to OpenSSL by Adam Langley (Google/BoringSSL) using libFuzzer. (CVE-2015-3195) [Stephen Henson] *) Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs. This changes the decoding behaviour for some invalid messages, though the change is mostly in the more lenient direction, and legacy behaviour is preserved as much as possible. [Emilia Käsper] *) In DSA_generate_parameters_ex, if the provided seed is too short, use a random seed, as already documented. [Rich Salz and Ismo Puustinen <ismo.puustinen@intel.com>]

    Overdue by 1 year(s)
    Due by August 3, 2024
    61/82 issues closed
    74% complete21 open61 closed