Age | Commit message (Collapse) | Author |
|
|
|
|
|
- RUSTSEC-2021-0115: #[zeroize(drop)] doesn't implement Drop for enums
(vulnerability)
- The zerioize_derive team released 1.1.1, which fixes this and keeps
the MSRV <= 1.48.
- Fixes #764.
|
|
- RUSTSEC-2021-0093: Data race in crossbeam-deque (vulnerability)
- Patched: >=0.7.4, <0.8.0 and >=0.8.1
|
|
- Remove explicit dependency on unicode-normalization. It was added in
2a19afb8 to pin the crate to a version that has a low enough MSRV.
The pin was removed in 742eac41, but the explicit dependency wasn't.
|
|
|
|
|
|
- This adds a cryptographic backend based on the RustCrypto crates.
The backend is marked as experimental, as the RustCrypto crates'
authors state that they have not been audited and may not perform
computations in constant time. Nevertheless, it may be useful in
certain environments, e.g. WebAssembly.
- The backend implements RSA, EdDSA and ECDH over Curve25519, IDEA,
3DES, CAST5, Blowfish, AES, Twofish, EAX, MD5, SHA1, RipeMD160, and
the SHA2 family.
- Notably missing are DSA, ElGamal, and ECDSA and ECDH over the NIST
curves.
- See #333.
|
|
|
|
- From this point on, the crate sequoia-sqv will be maintained in
its own repository.
|
|
|
|
|
|
- Generate a flooded cert before the benchmark is run.
|
|
|
|
|
|
- This moves all functionality from sequoia_core crate as an inner
`core` module of the ipc crate.
- The `core` module has to be public as other crates depend on
`core::Context` either directly (store, ffi) or indirectly (store
through ffi crate).
- Remove the `core` crate completely.
|
|
- Fixes #688.
|
|
|
|
|
|
|
|
- smallvec < 1.6.1 has a vulnerability in SmallVec::insert_many.
Our two dependencies that use smallvec, rusqlite 0.24.2 and
num-bigint-dig 0.6.1, do not seem to use that specific function.
Bumping the dependency to be safe.
- https://rustsec.org/advisories/RUSTSEC-2021-0003
- https://github.com/servo/rust-smallvec/issues/252
- Fixes #661
|
|
|
|
|
|
|
|
|
|
|
|
- Neither assert_cmd nor predicates are in Debian.
|
|
|
|
- term_size is packaged in Debian.
|
|
- We want to release sq without it depending on the key store.
The keystore is little more than a prototype, but because it keeps
state, it has the potential to break if we change it later.
|
|
- Move core::NetworkPolicy to net::Policy, update all code
accordingly.
|
|
- Fixes #188.
|
|
- From this point on, the crate sequoia-sop will be maintained in
its own repository.
|
|
- Add a subcommand to have a certificate adopt a key on another
certificate. That is, the subcommand adds a key from one
certificate (A) to another (B) by having B create any necessary
binding signatures.
- The modified certificate is written to stdout.
|
|
- Release buffered-reader 1.0.0, sequoia-openpgp 1.0.0, and
sequoia-sqv 1.0.0.
- Also release sequoia-sop 0.22.0.
|
|
- Fixes build on architectures with unsigned chars.
|
|
|
|
- Versions required by feature or API usage:
- anyhow 1.0.18.
- policy::test::reject_seip_packet and
policy::test::reject_cipher' fail
- We use `impl From<anyhow::Error> for Box<dyn std::error::Error +
Send + Sync + 'static>`, introduced in 1.0.5.
- tokio 0.2.19
- We use `tokio::net::tcp::OwnedReadHalf`, introduced in 0.2.19.
- chrono 0.4.10
- We use the `std` feature, introduced in 0.4.10.
- thiserror 1.0.2
- futures and futures-util 0.3.5
- tempfile 3.1
- c_doctests require the same version of rand both as direct
dependency and through tempfile.
- Yanked versions:
- structopt 0.3.11. 0.3.8 to 0.3.10 were yanked.
- socket2 0.3.16. 0.3.0 to 0.3.15 were yanked.
- Update our dependencies to the package versions required by other
dependencies, e.g. structopt requires lazy_static 1.4.0.
- clap 2.33
- lazy_static to 1.4.0
- libc to 0.2.66
- proc-macro2 to 1.0.7
- syn to 1.0.5.
- winapi 0.3.8
|
|
|
|
- Fixes #556.
|
|
- Fixes build on Windows.
|
|
|
|
|
|
- Use a collision detecting implementation of SHA-1. When a
collision attack is detected, the algorithm employs a mitigation,
changing the hash function to discriminate the colliding preimage.
|
|
|
|
|
|
|
|
|
|
|
|
|