diff --git a/net/routinator/Makefile b/net/routinator/Makefile index 70c206b4730c..48f2cdfd8632 100644 --- a/net/routinator/Makefile +++ b/net/routinator/Makefile @@ -1,58 +1,57 @@ PORTNAME= routinator DISTVERSIONPREFIX= v -DISTVERSION= 0.13.1 -PORTREVISION= 2 +DISTVERSION= 0.13.2 CATEGORIES= net MASTER_SITES= ${ROUTINATOR_UI_URL}/v${ROUTINATOR_UI_VERSION}/:0 DISTFILES+= routinator-ui-build.tar.gz:0 MAINTAINER= jaap@NLnetLabs.nl COMMENT= RPKI signed route collector and validator WWW= https://github.com/NLnetLabs/routinator LICENSE= BSD3CLAUSE LICENSE_FILE= ${WRKSRC}/LICENSE ONLY_FOR_ARCHS= amd64 i386 ONLY_FOR_ARCHS_REASON= ring crate not ported to other architectures RUN_DEPENDS= rsync:net/rsync USES= cargo cpe CPE_VENDOR= nlnetlabs USE_GITHUB= yes GH_ACCOUNT= NLnetLabs USE_RC_SUBR= routinator CARGO_FEATURES= --no-default-features routinator-ui SUB_FILES= pkg-message SUB_LIST+= GROUPS=${GROUPS} \ USERS=${USERS} USERS= ${PORTNAME} GROUPS= ${PORTNAME} ROUTINATOR_UI_VERSION= 0.3.4 ROUTINATOR_UI_URL= https://github.com/NLnetLabs/routinator-ui/releases/download/ OPTIONS_DEFINE= ASPA OPTIONS_SUB= yes ASPA_DESC= (Experimental) enable aspa support ASPA_VARS= CARGO_FEATURES+=aspa post-patch: ${REINPLACE_CMD} -e "s|DISTDIR|${DISTDIR}|" \ ${WRKSRC}/cargo-crates/routinator-ui-${ROUTINATOR_UI_VERSION}/build.rs post-install: ${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/routinator ${INSTALL_MAN} ${WRKSRC}/doc/routinator.1 \ ${STAGEDIR}${PREFIX}/share/man/man1/ @${MKDIR} ${STAGEDIR}/${PREFIX}/etc/routinator ${INSTALL_DATA} ${WRKSRC}/etc/routinator.conf.example \ ${STAGEDIR}${PREFIX}/etc/routinator/routinator.conf.example .include diff --git a/net/routinator/distinfo b/net/routinator/distinfo index 1526547874bb..a4046b53fc0d 100644 --- a/net/routinator/distinfo +++ b/net/routinator/distinfo @@ -1,425 +1,425 @@ -TIMESTAMP = 1707312619 +TIMESTAMP = 1709146884 SHA256 (routinator-ui-build.tar.gz) = 7079096b3fd986aa01b03cf3e743cf74d37b8441d312844c25e2b065deed8290 SIZE (routinator-ui-build.tar.gz) = 756828 SHA256 (rust/crates/addr2line-0.21.0.crate) = 8a30b2e23b9e17a9f90641c7ab1549cd9b44f296d3ccbf309d2863cfe398a0cb SIZE (rust/crates/addr2line-0.21.0.crate) = 40807 SHA256 (rust/crates/adler-1.0.2.crate) = f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe SIZE (rust/crates/adler-1.0.2.crate) = 12778 SHA256 (rust/crates/android-tzdata-0.1.1.crate) = e999941b234f3131b00bc13c22d06e8c5ff726d1b6318ac7eb276997bbb4fef0 SIZE (rust/crates/android-tzdata-0.1.1.crate) = 7674 SHA256 (rust/crates/android_system_properties-0.1.5.crate) = 819e7219dbd41043ac279b19830f2efc897156490d7fd6ea916720117ee66311 SIZE (rust/crates/android_system_properties-0.1.5.crate) = 5243 SHA256 (rust/crates/anstream-0.6.11.crate) = 6e2e1ebcb11de5c03c67de28a7df593d32191b44939c482e97702baaaa6ab6a5 SIZE (rust/crates/anstream-0.6.11.crate) = 30239 SHA256 (rust/crates/anstyle-1.0.4.crate) = 7079075b41f533b8c61d2a4d073c4676e1f8b249ff94a393b0595db304e0dd87 SIZE (rust/crates/anstyle-1.0.4.crate) = 13998 SHA256 (rust/crates/anstyle-parse-0.2.3.crate) = c75ac65da39e5fe5ab759307499ddad880d724eed2f6ce5b5e8a26f4f387928c SIZE (rust/crates/anstyle-parse-0.2.3.crate) = 24699 SHA256 (rust/crates/anstyle-query-1.0.2.crate) = e28923312444cdd728e4738b3f9c9cac739500909bb3d3c94b43551b16517648 SIZE (rust/crates/anstyle-query-1.0.2.crate) = 8739 SHA256 (rust/crates/anstyle-wincon-3.0.2.crate) = 1cd54b81ec8d6180e24654d0b371ad22fc3dd083b6ff8ba325b72e00c87660a7 SIZE (rust/crates/anstyle-wincon-3.0.2.crate) = 11272 SHA256 (rust/crates/arbitrary-1.3.2.crate) = 7d5a26814d8dcb93b0e5a0ff3c6d80a8843bafb21b39e8e18a6f05471870e110 SIZE (rust/crates/arbitrary-1.3.2.crate) = 32037 SHA256 (rust/crates/autocfg-1.1.0.crate) = d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa SIZE (rust/crates/autocfg-1.1.0.crate) = 13272 SHA256 (rust/crates/backtrace-0.3.69.crate) = 2089b7e3f35b9dd2d0ed921ead4f6d318c27680d4a5bd167b3ee120edb105837 SIZE (rust/crates/backtrace-0.3.69.crate) = 77299 SHA256 (rust/crates/base64-0.21.7.crate) = 9d297deb1925b89f2ccc13d7635fa0714f12c87adce1c75356b39ca9b7178567 SIZE (rust/crates/base64-0.21.7.crate) = 82576 SHA256 (rust/crates/bcder-0.7.4.crate) = c627747a6774aab38beb35990d88309481378558875a41da1a4b2e373c906ef0 SIZE (rust/crates/bcder-0.7.4.crate) = 63648 SHA256 (rust/crates/bitflags-1.3.2.crate) = bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a SIZE (rust/crates/bitflags-1.3.2.crate) = 23021 SHA256 (rust/crates/bitflags-2.4.2.crate) = ed570934406eb16438a4e976b1b4500774099c13b8cb96eec99f620f05090ddf SIZE (rust/crates/bitflags-2.4.2.crate) = 42602 SHA256 (rust/crates/bumpalo-3.14.0.crate) = 7f30e7476521f6f8af1a1c4c0b8cc94f0bee37d91763d0ca2665f299b6cd8aec SIZE (rust/crates/bumpalo-3.14.0.crate) = 82400 SHA256 (rust/crates/bytes-1.5.0.crate) = a2bd12c1caf447e69cd4528f47f94d203fd2582878ecb9e9465484c4148a8223 SIZE (rust/crates/bytes-1.5.0.crate) = 58909 SHA256 (rust/crates/cc-1.0.83.crate) = f1174fb0b6ec23863f8b971027804a42614e347eafb0a95bf0b12cdae21fc4d0 SIZE (rust/crates/cc-1.0.83.crate) = 68343 SHA256 (rust/crates/cfg-if-1.0.0.crate) = baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd SIZE (rust/crates/cfg-if-1.0.0.crate) = 7934 SHA256 (rust/crates/chrono-0.4.32.crate) = 41daef31d7a747c5c847246f36de49ced6f7403b4cdabc807a97b5cc184cda7a SIZE (rust/crates/chrono-0.4.32.crate) = 221116 SHA256 (rust/crates/clap-4.4.18.crate) = 1e578d6ec4194633722ccf9544794b71b1385c3c027efe0c55db226fc880865c SIZE (rust/crates/clap-4.4.18.crate) = 55269 SHA256 (rust/crates/clap_builder-4.4.18.crate) = 4df4df40ec50c46000231c914968278b1eb05098cf8f1b3a518a95030e71d1c7 SIZE (rust/crates/clap_builder-4.4.18.crate) = 163538 SHA256 (rust/crates/clap_derive-4.4.7.crate) = cf9804afaaf59a91e75b022a30fb7229a7901f60c755489cc61c9b423b836442 SIZE (rust/crates/clap_derive-4.4.7.crate) = 29046 SHA256 (rust/crates/clap_lex-0.6.0.crate) = 702fc72eb24e5a1e48ce58027a675bc24edd52096d5397d4aea7c6dd9eca0bd1 SIZE (rust/crates/clap_lex-0.6.0.crate) = 12272 SHA256 (rust/crates/colorchoice-1.0.0.crate) = acbf1af155f9b9ef647e42cdc158db4b64a1b61f743629225fde6f3e0be2a7c7 SIZE (rust/crates/colorchoice-1.0.0.crate) = 6857 SHA256 (rust/crates/core-foundation-0.9.4.crate) = 91e195e091a93c46f7102ec7818a2aa394e1e1771c3ab4825963fa03e45afb8f SIZE (rust/crates/core-foundation-0.9.4.crate) = 27743 SHA256 (rust/crates/core-foundation-sys-0.8.6.crate) = 06ea2b9bc92be3c2baa9334a323ebca2d6f074ff852cd1d7b11064035cd3868f SIZE (rust/crates/core-foundation-sys-0.8.6.crate) = 37629 SHA256 (rust/crates/crc32fast-1.3.2.crate) = b540bd8bc810d3885c6ea91e2018302f68baba2129ab3e88f32389ee9370880d SIZE (rust/crates/crc32fast-1.3.2.crate) = 38661 SHA256 (rust/crates/crossbeam-queue-0.3.11.crate) = df0346b5d5e76ac2fe4e327c5fd1118d6be7c51dfb18f9b7922923f287471e35 SIZE (rust/crates/crossbeam-queue-0.3.11.crate) = 15581 SHA256 (rust/crates/crossbeam-utils-0.8.19.crate) = 248e3bacc7dc6baa3b21e405ee045c3047101a49145e7e9eca583ab4c2ca5345 SIZE (rust/crates/crossbeam-utils-0.8.19.crate) = 42328 SHA256 (rust/crates/deranged-0.3.11.crate) = b42b6fa04a440b495c8b04d0e71b707c585f83cb9cb28cf8cd0d976c315e31b4 SIZE (rust/crates/deranged-0.3.11.crate) = 18043 SHA256 (rust/crates/derive_arbitrary-1.3.2.crate) = 67e77553c4162a157adbf834ebae5b415acbecbeafc7a74b0e886657506a7611 SIZE (rust/crates/derive_arbitrary-1.3.2.crate) = 10614 SHA256 (rust/crates/dirs-5.0.1.crate) = 44c45a9d03d6676652bcb5e724c7e988de1acad23a711b5217ab9cbecbec2225 SIZE (rust/crates/dirs-5.0.1.crate) = 12255 SHA256 (rust/crates/dirs-sys-0.4.1.crate) = 520f05a5cbd335fae5a99ff7a6ab8627577660ee5cfd6a94a6a929b52ff0321c SIZE (rust/crates/dirs-sys-0.4.1.crate) = 10719 SHA256 (rust/crates/either-1.9.0.crate) = a26ae43d7bcc3b814de94796a5e736d4029efb0ee900c12e2d54c993ad1a1e07 SIZE (rust/crates/either-1.9.0.crate) = 16660 SHA256 (rust/crates/encoding_rs-0.8.33.crate) = 7268b386296a025e474d5140678f75d6de9493ae55a5d709eeb9dd08149945e1 SIZE (rust/crates/encoding_rs-0.8.33.crate) = 1370071 SHA256 (rust/crates/equivalent-1.0.1.crate) = 5443807d6dff69373d433ab9ef5378ad8df50ca6298caf15de6e52e24aaf54d5 SIZE (rust/crates/equivalent-1.0.1.crate) = 6615 SHA256 (rust/crates/errno-0.3.8.crate) = a258e46cdc063eb8519c00b9fc845fc47bcfca4130e2f08e88665ceda8474245 SIZE (rust/crates/errno-0.3.8.crate) = 10645 SHA256 (rust/crates/error-chain-0.12.4.crate) = 2d2f06b9cac1506ece98fe3231e3cc9c4410ec3d5b1f24ae1c8946f0742cdefc SIZE (rust/crates/error-chain-0.12.4.crate) = 29274 SHA256 (rust/crates/fastrand-2.0.1.crate) = 25cbce373ec4653f1a01a31e8a5e5ec0c622dc27ff9c4e6606eefef5cbbed4a5 SIZE (rust/crates/fastrand-2.0.1.crate) = 14664 SHA256 (rust/crates/filetime-0.2.23.crate) = 1ee447700ac8aa0b2f2bd7bc4462ad686ba06baa6727ac149a2d6277f0d240fd SIZE (rust/crates/filetime-0.2.23.crate) = 14942 SHA256 (rust/crates/flate2-1.0.28.crate) = 46303f565772937ffe1d394a4fac6f411c6013172fadde9dcdb1e147a086940e SIZE (rust/crates/flate2-1.0.28.crate) = 73690 SHA256 (rust/crates/fnv-1.0.7.crate) = 3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1 SIZE (rust/crates/fnv-1.0.7.crate) = 11266 SHA256 (rust/crates/foreign-types-0.3.2.crate) = f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1 SIZE (rust/crates/foreign-types-0.3.2.crate) = 7504 SHA256 (rust/crates/foreign-types-shared-0.1.1.crate) = 00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b SIZE (rust/crates/foreign-types-shared-0.1.1.crate) = 5672 SHA256 (rust/crates/form_urlencoded-1.2.1.crate) = e13624c2627564efccf4934284bdd98cbaa14e79b0b5a141218e507b3a823456 SIZE (rust/crates/form_urlencoded-1.2.1.crate) = 8969 SHA256 (rust/crates/futures-0.3.30.crate) = 645c6916888f6cb6350d2550b80fb63e734897a8498abe35cfb732b6487804b0 SIZE (rust/crates/futures-0.3.30.crate) = 53828 SHA256 (rust/crates/futures-channel-0.3.30.crate) = eac8f7d7865dcb88bd4373ab671c8cf4508703796caa2b1985a9ca867b3fcb78 SIZE (rust/crates/futures-channel-0.3.30.crate) = 31736 SHA256 (rust/crates/futures-core-0.3.30.crate) = dfc6580bb841c5a68e9ef15c77ccc837b40a7504914d52e47b8b0e9bbda25a1d SIZE (rust/crates/futures-core-0.3.30.crate) = 14071 SHA256 (rust/crates/futures-executor-0.3.30.crate) = a576fc72ae164fca6b9db127eaa9a9dda0d61316034f33a0a0d4eda41f02b01d SIZE (rust/crates/futures-executor-0.3.30.crate) = 17744 SHA256 (rust/crates/futures-io-0.3.30.crate) = a44623e20b9681a318efdd71c299b6b222ed6f231972bfe2f224ebad6311f0c1 SIZE (rust/crates/futures-io-0.3.30.crate) = 8910 SHA256 (rust/crates/futures-macro-0.3.30.crate) = 87750cf4b7a4c0625b1529e4c543c2182106e4dedc60a2a6455e00d212c489ac SIZE (rust/crates/futures-macro-0.3.30.crate) = 11278 SHA256 (rust/crates/futures-sink-0.3.30.crate) = 9fb8e00e87438d937621c1c6269e53f536c14d3fbd6a042bb24879e57d474fb5 SIZE (rust/crates/futures-sink-0.3.30.crate) = 7852 SHA256 (rust/crates/futures-task-0.3.30.crate) = 38d84fa142264698cdce1a9f9172cf383a0c82de1bddcf3092901442c4097004 SIZE (rust/crates/futures-task-0.3.30.crate) = 11126 SHA256 (rust/crates/futures-util-0.3.30.crate) = 3d6401deb83407ab3da39eba7e33987a73c3df0c82b4bb5813ee871c19c41d48 SIZE (rust/crates/futures-util-0.3.30.crate) = 159977 SHA256 (rust/crates/getrandom-0.2.12.crate) = 190092ea657667030ac6a35e305e62fc4dd69fd98ac98631e5d3a2b1575a12b5 SIZE (rust/crates/getrandom-0.2.12.crate) = 36163 SHA256 (rust/crates/gimli-0.28.1.crate) = 4271d37baee1b8c7e4b708028c57d816cf9d2434acb33a549475f78c181f6253 SIZE (rust/crates/gimli-0.28.1.crate) = 270497 SHA256 (rust/crates/h2-0.3.24.crate) = bb2c4422095b67ee78da96fbb51a4cc413b3b25883c7717ff7ca1ab31022c9c9 SIZE (rust/crates/h2-0.3.24.crate) = 167814 SHA256 (rust/crates/hashbrown-0.14.3.crate) = 290f1a1d9242c78d09ce40a5e87e7554ee637af1351968159f4952f028f75604 SIZE (rust/crates/hashbrown-0.14.3.crate) = 141425 SHA256 (rust/crates/heck-0.4.1.crate) = 95505c38b4572b2d910cecb0281560f54b440a19336cbbcb27bf6ce6adc6f5a8 SIZE (rust/crates/heck-0.4.1.crate) = 11567 SHA256 (rust/crates/hermit-abi-0.3.4.crate) = 5d3d0e0f38255e7fa3cf31335b3a56f05febd18025f4db5ef7a0cfb4f8da651f SIZE (rust/crates/hermit-abi-0.3.4.crate) = 14445 SHA256 (rust/crates/hostname-0.3.1.crate) = 3c731c3e10504cc8ed35cfe2f1db4c9274c3d35fa486e3b31df46f068ef3e867 SIZE (rust/crates/hostname-0.3.1.crate) = 9272 SHA256 (rust/crates/http-0.2.11.crate) = 8947b1a6fad4393052c7ba1f4cd97bed3e953a95c79c92ad9b051a04611d9fbb SIZE (rust/crates/http-0.2.11.crate) = 100478 SHA256 (rust/crates/http-body-0.4.6.crate) = 7ceab25649e9960c0311ea418d17bee82c0dcec1bd053b5f9a66e265a693bed2 SIZE (rust/crates/http-body-0.4.6.crate) = 10773 SHA256 (rust/crates/httparse-1.8.0.crate) = d897f394bad6a705d5f4104762e116a75639e470d80901eed05a860a95cb1904 SIZE (rust/crates/httparse-1.8.0.crate) = 29954 SHA256 (rust/crates/httpdate-1.0.3.crate) = df3b46402a9d5adb4c86a0cf463f42e19994e3ee891101b1841f30a545cb49a9 SIZE (rust/crates/httpdate-1.0.3.crate) = 10639 SHA256 (rust/crates/hyper-0.14.28.crate) = bf96e135eb83a2a8ddf766e426a841d8ddd7449d5f00d34ea02b41d2f19eef80 SIZE (rust/crates/hyper-0.14.28.crate) = 197204 SHA256 (rust/crates/hyper-rustls-0.24.2.crate) = ec3efd23720e2049821a693cbc7e65ea87c72f1c58ff2f9522ff332b1491e590 SIZE (rust/crates/hyper-rustls-0.24.2.crate) = 30195 SHA256 (rust/crates/hyper-tls-0.5.0.crate) = d6183ddfa99b85da61a140bea0efc93fdf56ceaa041b37d553518030827f9905 SIZE (rust/crates/hyper-tls-0.5.0.crate) = 13257 SHA256 (rust/crates/iana-time-zone-0.1.59.crate) = b6a67363e2aa4443928ce15e57ebae94fd8949958fd1223c4cfc0cd473ad7539 SIZE (rust/crates/iana-time-zone-0.1.59.crate) = 27033 SHA256 (rust/crates/iana-time-zone-haiku-0.1.2.crate) = f31827a206f56af32e590ba56d5d2d085f558508192593743f16b2306495269f SIZE (rust/crates/iana-time-zone-haiku-0.1.2.crate) = 7185 SHA256 (rust/crates/idna-0.5.0.crate) = 634d9b1461af396cad843f47fdba5597a4f9e6ddd4bfb6ff5d85028c25cb12f6 SIZE (rust/crates/idna-0.5.0.crate) = 271940 SHA256 (rust/crates/indexmap-2.1.0.crate) = d530e1a18b1cb4c484e6e34556a0d948706958449fca0cab753d649f2bce3d1f SIZE (rust/crates/indexmap-2.1.0.crate) = 68224 SHA256 (rust/crates/ipnet-2.9.0.crate) = 8f518f335dce6725a761382244631d86cf0ccb2863413590b31338feb467f9c3 SIZE (rust/crates/ipnet-2.9.0.crate) = 27627 SHA256 (rust/crates/itoa-1.0.10.crate) = b1a46d1a171d865aa5f83f92695765caa047a9b4cbae2cbf37dbd613a793fd4c SIZE (rust/crates/itoa-1.0.10.crate) = 10534 SHA256 (rust/crates/js-sys-0.3.67.crate) = 9a1d36f1235bc969acba30b7f5990b864423a6068a10f7c90ae8f0112e3a59d1 SIZE (rust/crates/js-sys-0.3.67.crate) = 80764 SHA256 (rust/crates/lazy_static-1.4.0.crate) = e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646 SIZE (rust/crates/lazy_static-1.4.0.crate) = 10443 SHA256 (rust/crates/libc-0.2.152.crate) = 13e3bf6590cbc649f4d1a3eefc9d5d6eb746f5200ffb04e5e142700b8faa56e7 SIZE (rust/crates/libc-0.2.152.crate) = 740278 SHA256 (rust/crates/libredox-0.0.1.crate) = 85c833ca1e66078851dba29046874e38f08b2c883700aa29a03ddd3b23814ee8 SIZE (rust/crates/libredox-0.0.1.crate) = 4212 SHA256 (rust/crates/linux-raw-sys-0.4.13.crate) = 01cda141df6706de531b6c46c3a33ecca755538219bd484262fa09410c13539c SIZE (rust/crates/linux-raw-sys-0.4.13.crate) = 1493855 SHA256 (rust/crates/listenfd-1.0.1.crate) = e0500463acd96259d219abb05dc57e5a076ef04b2db9a2112846929b5f174c96 SIZE (rust/crates/listenfd-1.0.1.crate) = 18375 SHA256 (rust/crates/log-0.4.20.crate) = b5e6163cb8c49088c2c36f57875e58ccd8c87c7427f7fbd50ea6710b2f3f2e8f SIZE (rust/crates/log-0.4.20.crate) = 38307 SHA256 (rust/crates/match_cfg-0.1.0.crate) = ffbee8634e0d45d258acb448e7eaab3fce7a0a467395d4d9f228e3c1f01fb2e4 SIZE (rust/crates/match_cfg-0.1.0.crate) = 7153 SHA256 (rust/crates/memchr-2.7.1.crate) = 523dc4f511e55ab87b694dc30d0f820d60906ef06413f93d4d7a1385599cc149 SIZE (rust/crates/memchr-2.7.1.crate) = 96307 SHA256 (rust/crates/memoffset-0.9.0.crate) = 5a634b1c61a95585bd15607c6ab0c4e5b226e695ff2800ba0cdccddf208c406c SIZE (rust/crates/memoffset-0.9.0.crate) = 9033 SHA256 (rust/crates/mime-0.3.17.crate) = 6877bb514081ee2a7ff5ef9de3281f14a4dd4bceac4c09388074a6b5df8a139a SIZE (rust/crates/mime-0.3.17.crate) = 15712 SHA256 (rust/crates/miniz_oxide-0.7.1.crate) = e7810e0be55b428ada41041c41f32c9f1a42817901b4ccf45fa3d4b6561e74c7 SIZE (rust/crates/miniz_oxide-0.7.1.crate) = 55194 SHA256 (rust/crates/mio-0.8.10.crate) = 8f3d0b296e374a4e6f3c7b0a1f5a51d748a0d34c85e7dc48fc3fa9a87657fe09 SIZE (rust/crates/mio-0.8.10.crate) = 102345 SHA256 (rust/crates/native-tls-0.2.11.crate) = 07226173c32f2926027b63cce4bcd8076c3552846cbe7925f3aaffeac0a3b92e SIZE (rust/crates/native-tls-0.2.11.crate) = 29008 SHA256 (rust/crates/nix-0.27.1.crate) = 2eb04e9c688eff1c89d72b407f168cf79bb9e867a9d3323ed6c01519eb9cc053 SIZE (rust/crates/nix-0.27.1.crate) = 286494 SHA256 (rust/crates/num-traits-0.2.17.crate) = 39e3200413f237f41ab11ad6d161bc7239c84dcb631773ccd7de3dfe4b5c267c SIZE (rust/crates/num-traits-0.2.17.crate) = 50190 SHA256 (rust/crates/num_cpus-1.16.0.crate) = 4161fcb6d602d4d2081af7c3a45852d875a03dd337a6bfdd6e06407b61342a43 SIZE (rust/crates/num_cpus-1.16.0.crate) = 15713 SHA256 (rust/crates/num_threads-0.1.6.crate) = 2819ce041d2ee131036f4fc9d6ae7ae125a3a40e97ba64d04fe799ad9dabbb44 SIZE (rust/crates/num_threads-0.1.6.crate) = 7334 SHA256 (rust/crates/object-0.32.2.crate) = a6a622008b6e321afc04970976f62ee297fdbaa6f95318ca343e3eebb9648441 SIZE (rust/crates/object-0.32.2.crate) = 286994 SHA256 (rust/crates/once_cell-1.19.0.crate) = 3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92 SIZE (rust/crates/once_cell-1.19.0.crate) = 33046 SHA256 (rust/crates/openssl-0.10.63.crate) = 15c9d69dd87a29568d4d017cfe8ec518706046a05184e5aea92d0af890b803c8 SIZE (rust/crates/openssl-0.10.63.crate) = 270890 SHA256 (rust/crates/openssl-macros-0.1.1.crate) = a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c SIZE (rust/crates/openssl-macros-0.1.1.crate) = 5601 SHA256 (rust/crates/openssl-probe-0.1.5.crate) = ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf SIZE (rust/crates/openssl-probe-0.1.5.crate) = 7227 SHA256 (rust/crates/openssl-sys-0.9.99.crate) = 22e1bf214306098e4832460f797824c05d25aacdf896f64a985fb0fd992454ae SIZE (rust/crates/openssl-sys-0.9.99.crate) = 68158 SHA256 (rust/crates/option-ext-0.2.0.crate) = 04744f49eae99ab78e0d5c0b603ab218f515ea8cfe5a456d7629ad883a3b6e7d SIZE (rust/crates/option-ext-0.2.0.crate) = 7345 SHA256 (rust/crates/percent-encoding-2.3.1.crate) = e3148f5046208a5d56bcfc03053e3ca6334e51da8dfb19b6cdc8b306fae3283e SIZE (rust/crates/percent-encoding-2.3.1.crate) = 10235 SHA256 (rust/crates/pin-project-lite-0.2.13.crate) = 8afb450f006bf6385ca15ef45d71d2288452bc3683ce2e2cacc0d18e4be60b58 SIZE (rust/crates/pin-project-lite-0.2.13.crate) = 29141 SHA256 (rust/crates/pin-utils-0.1.0.crate) = 8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184 SIZE (rust/crates/pin-utils-0.1.0.crate) = 7580 SHA256 (rust/crates/pkg-config-0.3.29.crate) = 2900ede94e305130c13ddd391e0ab7cbaeb783945ae07a279c268cb05109c6cb SIZE (rust/crates/pkg-config-0.3.29.crate) = 20563 SHA256 (rust/crates/powerfmt-0.2.0.crate) = 439ee305def115ba05938db6eb1644ff94165c5ab5e9420d1c1bcedbba909391 SIZE (rust/crates/powerfmt-0.2.0.crate) = 15165 SHA256 (rust/crates/ppv-lite86-0.2.17.crate) = 5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de SIZE (rust/crates/ppv-lite86-0.2.17.crate) = 22242 SHA256 (rust/crates/proc-macro2-1.0.78.crate) = e2422ad645d89c99f8f3e6b88a9fdeca7fabeac836b1002371c4367c8f984aae SIZE (rust/crates/proc-macro2-1.0.78.crate) = 47158 SHA256 (rust/crates/quick-xml-0.31.0.crate) = 1004a344b30a54e2ee58d66a71b32d2db2feb0a31f9a2d302bf0536f15de2a33 SIZE (rust/crates/quick-xml-0.31.0.crate) = 172236 SHA256 (rust/crates/quote-1.0.35.crate) = 291ec9ab5efd934aaf503a6466c5d5251535d108ee747472c3977cc5acc868ef SIZE (rust/crates/quote-1.0.35.crate) = 28136 SHA256 (rust/crates/rand-0.8.5.crate) = 34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404 SIZE (rust/crates/rand-0.8.5.crate) = 87113 SHA256 (rust/crates/rand_chacha-0.3.1.crate) = e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88 SIZE (rust/crates/rand_chacha-0.3.1.crate) = 15251 SHA256 (rust/crates/rand_core-0.6.4.crate) = ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c SIZE (rust/crates/rand_core-0.6.4.crate) = 22666 SHA256 (rust/crates/redox_syscall-0.4.1.crate) = 4722d768eff46b75989dd134e5c353f0d6296e5aaa3132e776cbdb56be7731aa SIZE (rust/crates/redox_syscall-0.4.1.crate) = 24858 SHA256 (rust/crates/redox_users-0.4.4.crate) = a18479200779601e498ada4e8c1e1f50e3ee19deb0259c25825a98b5603b2cb4 SIZE (rust/crates/redox_users-0.4.4.crate) = 15438 SHA256 (rust/crates/reqwest-0.11.23.crate) = 37b1ae8d9ac08420c66222fb9096fc5de435c3c48542bc5336c51892cffafb41 SIZE (rust/crates/reqwest-0.11.23.crate) = 158448 SHA256 (rust/crates/ring-0.17.7.crate) = 688c63d65483050968b2a8937f7995f443e27041a0f7700aa59b0822aedebb74 SIZE (rust/crates/ring-0.17.7.crate) = 4146482 SHA256 (rust/crates/routinator-ui-0.3.4.crate) = f2b93eb434f0d58c19ab098008bda682fc2e8f2918f3b6f64dcb8c34c3fc8fba SIZE (rust/crates/routinator-ui-0.3.4.crate) = 12050 SHA256 (rust/crates/rpki-0.18.1.crate) = 276d0592461d3b4f9fde0a5396586ab81ad02bb99ea694379d72c149b3970d55 SIZE (rust/crates/rpki-0.18.1.crate) = 699639 SHA256 (rust/crates/rustc-demangle-0.1.23.crate) = d626bb9dae77e28219937af045c257c28bfd3f69333c512553507f5f9798cb76 SIZE (rust/crates/rustc-demangle-0.1.23.crate) = 28970 SHA256 (rust/crates/rustix-0.38.30.crate) = 322394588aaf33c24007e8bb3238ee3e4c5c09c084ab32bc73890b99ff326bca SIZE (rust/crates/rustix-0.38.30.crate) = 374744 SHA256 (rust/crates/rustls-0.21.10.crate) = f9d5a6813c0759e4609cd494e8e725babae6a2ca7b62a5536a13daaec6fcb7ba SIZE (rust/crates/rustls-0.21.10.crate) = 284920 SHA256 (rust/crates/rustls-pemfile-1.0.4.crate) = 1c74cae0a4cf6ccbbf5f359f08efdf8ee7e1dc532573bf0db71968cb56b1448c SIZE (rust/crates/rustls-pemfile-1.0.4.crate) = 22092 SHA256 (rust/crates/rustls-webpki-0.101.7.crate) = 8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765 SIZE (rust/crates/rustls-webpki-0.101.7.crate) = 168808 SHA256 (rust/crates/ryu-1.0.16.crate) = f98d2aa92eebf49b69786be48e4477826b256916e84a57ff2a4f21923b48eb4c SIZE (rust/crates/ryu-1.0.16.crate) = 47351 SHA256 (rust/crates/schannel-0.1.23.crate) = fbc91545643bcf3a0bbb6569265615222618bdf33ce4ffbbd13c4bbd4c093534 SIZE (rust/crates/schannel-0.1.23.crate) = 41667 SHA256 (rust/crates/sct-0.7.1.crate) = da046153aa2352493d6cb7da4b6e5c0c057d8a1d0a9aa8560baffdd945acd414 SIZE (rust/crates/sct-0.7.1.crate) = 27501 SHA256 (rust/crates/security-framework-2.9.2.crate) = 05b64fb303737d99b81884b2c63433e9ae28abebe5eb5045dcdd175dc2ecf4de SIZE (rust/crates/security-framework-2.9.2.crate) = 79295 SHA256 (rust/crates/security-framework-sys-2.9.1.crate) = e932934257d3b408ed8f30db49d85ea163bfe74961f017f405b025af298f0c7a SIZE (rust/crates/security-framework-sys-2.9.1.crate) = 18284 SHA256 (rust/crates/serde-1.0.195.crate) = 63261df402c67811e9ac6def069e4786148c4563f4b50fd4bf30aa370d626b02 SIZE (rust/crates/serde-1.0.195.crate) = 76856 SHA256 (rust/crates/serde_derive-1.0.195.crate) = 46fe8f8603d81ba86327b23a2e9cdf49e1255fb94a4c5f297f6ee0547178ea2c SIZE (rust/crates/serde_derive-1.0.195.crate) = 55687 SHA256 (rust/crates/serde_json-1.0.111.crate) = 176e46fa42316f18edd598015a5166857fc835ec732f5215eac6b7bdbf0a84f4 SIZE (rust/crates/serde_json-1.0.111.crate) = 146447 SHA256 (rust/crates/serde_urlencoded-0.7.1.crate) = d3491c14715ca2294c4d6a88f15e84739788c1d030eed8c110436aafdaa2f3fd SIZE (rust/crates/serde_urlencoded-0.7.1.crate) = 12822 SHA256 (rust/crates/signal-hook-registry-1.4.1.crate) = d8229b473baa5980ac72ef434c4415e70c4b5e71b423043adb4ba059f89c99a1 SIZE (rust/crates/signal-hook-registry-1.4.1.crate) = 17987 SHA256 (rust/crates/slab-0.4.9.crate) = 8f92a496fb766b417c996b9c5e57daf2f7ad3b0bebe1ccfca4856390e3d3bb67 SIZE (rust/crates/slab-0.4.9.crate) = 17108 SHA256 (rust/crates/smallvec-1.13.1.crate) = e6ecd384b10a64542d77071bd64bd7b231f4ed5940fba55e98c3de13824cf3d7 SIZE (rust/crates/smallvec-1.13.1.crate) = 34952 SHA256 (rust/crates/socket2-0.5.5.crate) = 7b5fac59a5cb5dd637972e5fca70daf0523c9067fcdc4842f053dae04a18f8e9 SIZE (rust/crates/socket2-0.5.5.crate) = 54863 SHA256 (rust/crates/spin-0.9.8.crate) = 6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67 SIZE (rust/crates/spin-0.9.8.crate) = 38958 SHA256 (rust/crates/strsim-0.10.0.crate) = 73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623 SIZE (rust/crates/strsim-0.10.0.crate) = 11355 SHA256 (rust/crates/syn-2.0.48.crate) = 0f3531638e407dfc0814761abb7c00a5b54992b849452a0646b7f65c9f770f3f SIZE (rust/crates/syn-2.0.48.crate) = 250566 SHA256 (rust/crates/syslog-6.1.0.crate) = 7434e95bcccce1215d30f4bf84fe8c00e8de1b9be4fb736d747ca53d36e7f96f SIZE (rust/crates/syslog-6.1.0.crate) = 10000 SHA256 (rust/crates/system-configuration-0.5.1.crate) = ba3a3adc5c275d719af8cb4272ea1c4a6d668a777f37e115f6d11ddbc1c8e0e7 SIZE (rust/crates/system-configuration-0.5.1.crate) = 12618 SHA256 (rust/crates/system-configuration-sys-0.5.0.crate) = a75fb188eb626b924683e3b95e3a48e63551fcfb51949de2f06a9d91dbee93c9 SIZE (rust/crates/system-configuration-sys-0.5.0.crate) = 6730 SHA256 (rust/crates/tar-0.4.40.crate) = b16afcea1f22891c49a00c751c7b63b2233284064f11a200fc624137c51e2ddb SIZE (rust/crates/tar-0.4.40.crate) = 51844 SHA256 (rust/crates/tempfile-3.9.0.crate) = 01ce4141aa927a6d1bd34a041795abd0db1cccba5d5f24b009f694bdf3a1f3fa SIZE (rust/crates/tempfile-3.9.0.crate) = 32182 SHA256 (rust/crates/terminal_size-0.3.0.crate) = 21bebf2b7c9e0a515f6e0f8c51dc0f8e4696391e6f1ff30379559f8365fb0df7 SIZE (rust/crates/terminal_size-0.3.0.crate) = 10096 SHA256 (rust/crates/thiserror-1.0.56.crate) = d54378c645627613241d077a3a79db965db602882668f9136ac42af9ecb730ad SIZE (rust/crates/thiserror-1.0.56.crate) = 20592 SHA256 (rust/crates/thiserror-impl-1.0.56.crate) = fa0faa943b50f3db30a20aa7e265dbc66076993efed8463e8de414e5d06d3471 SIZE (rust/crates/thiserror-impl-1.0.56.crate) = 15367 SHA256 (rust/crates/time-0.3.31.crate) = f657ba42c3f86e7680e53c8cd3af8abbe56b5491790b46e22e19c0d57463583e SIZE (rust/crates/time-0.3.31.crate) = 121762 SHA256 (rust/crates/time-core-0.1.2.crate) = ef927ca75afb808a4d64dd374f00a2adf8d0fcff8e7b184af886c3c87ec4a3f3 SIZE (rust/crates/time-core-0.1.2.crate) = 7191 SHA256 (rust/crates/time-macros-0.2.16.crate) = 26197e33420244aeb70c3e8c78376ca46571bc4e701e4791c2cd9f57dcb3a43f SIZE (rust/crates/time-macros-0.2.16.crate) = 24356 SHA256 (rust/crates/tinyvec-1.6.0.crate) = 87cc5ceb3875bb20c2890005a4e226a4651264a5c75edb2421b52861a0a0cb50 SIZE (rust/crates/tinyvec-1.6.0.crate) = 45991 SHA256 (rust/crates/tinyvec_macros-0.1.1.crate) = 1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20 SIZE (rust/crates/tinyvec_macros-0.1.1.crate) = 5865 SHA256 (rust/crates/tokio-1.35.1.crate) = c89b4efa943be685f629b149f53829423f8f5531ea21249408e8e2f8671ec104 SIZE (rust/crates/tokio-1.35.1.crate) = 744407 SHA256 (rust/crates/tokio-macros-2.2.0.crate) = 5b8a1e28f2deaa14e508979454cb3a223b10b938b45af148bc0986de36f1923b SIZE (rust/crates/tokio-macros-2.2.0.crate) = 11520 SHA256 (rust/crates/tokio-native-tls-0.3.1.crate) = bbae76ab933c85776efabc971569dd6119c580d8f5d448769dec1764bf796ef2 SIZE (rust/crates/tokio-native-tls-0.3.1.crate) = 20676 SHA256 (rust/crates/tokio-rustls-0.24.1.crate) = c28327cf380ac148141087fbfb9de9d7bd4e84ab5d2c28fbc911d753de8a7081 SIZE (rust/crates/tokio-rustls-0.24.1.crate) = 33049 SHA256 (rust/crates/tokio-socks-0.5.1.crate) = 51165dfa029d2a65969413a6cc96f354b86b464498702f174a4efa13608fd8c0 SIZE (rust/crates/tokio-socks-0.5.1.crate) = 16137 SHA256 (rust/crates/tokio-stream-0.1.14.crate) = 397c988d37662c7dda6d2208364a706264bf3d6138b11d436cbac0ad38832842 SIZE (rust/crates/tokio-stream-0.1.14.crate) = 35881 SHA256 (rust/crates/tokio-util-0.7.10.crate) = 5419f34732d9eb6ee4c3578b7989078579b7f039cbbb9ca2c4da015749371e15 SIZE (rust/crates/tokio-util-0.7.10.crate) = 110508 SHA256 (rust/crates/toml_datetime-0.6.5.crate) = 3550f4e9685620ac18a50ed434eb3aec30db8ba93b0287467bca5826ea25baf1 SIZE (rust/crates/toml_datetime-0.6.5.crate) = 10910 SHA256 (rust/crates/toml_edit-0.20.7.crate) = 70f427fce4d84c72b5b732388bf4a9f4531b53f74e2887e3ecb2481f68f66d81 SIZE (rust/crates/toml_edit-0.20.7.crate) = 101056 SHA256 (rust/crates/tower-service-0.3.2.crate) = b6bc1c9ce2b5135ac7f93c72918fc37feb872bdc6a5533a8b85eb4b86bfdae52 SIZE (rust/crates/tower-service-0.3.2.crate) = 6847 SHA256 (rust/crates/tracing-0.1.40.crate) = c3523ab5a71916ccf420eebdf5521fcef02141234bbc0b8a49f2fdc4544364ef SIZE (rust/crates/tracing-0.1.40.crate) = 79459 SHA256 (rust/crates/tracing-core-0.1.32.crate) = c06d3da6113f116aaee68e4d601191614c9053067f9ab7f6edbcb161237daa54 SIZE (rust/crates/tracing-core-0.1.32.crate) = 61221 SHA256 (rust/crates/try-lock-0.2.5.crate) = e421abadd41a4225275504ea4d6566923418b7f05506fbc9c0fe86ba7396114b SIZE (rust/crates/try-lock-0.2.5.crate) = 4314 SHA256 (rust/crates/unicode-bidi-0.3.15.crate) = 08f95100a766bf4f8f28f90d77e0a5461bbdb219042e7679bebe79004fed8d75 SIZE (rust/crates/unicode-bidi-0.3.15.crate) = 56811 SHA256 (rust/crates/unicode-ident-1.0.12.crate) = 3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b SIZE (rust/crates/unicode-ident-1.0.12.crate) = 42168 SHA256 (rust/crates/unicode-normalization-0.1.22.crate) = 5c5713f0fc4b5db668a2ac63cdb7bb4469d8c9fed047b1d0292cc7b0ce2ba921 SIZE (rust/crates/unicode-normalization-0.1.22.crate) = 122604 SHA256 (rust/crates/untrusted-0.9.0.crate) = 8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1 SIZE (rust/crates/untrusted-0.9.0.crate) = 14447 SHA256 (rust/crates/url-2.5.0.crate) = 31e6302e3bb753d46e83516cae55ae196fc0c309407cf11ab35cc51a4c2a4633 SIZE (rust/crates/url-2.5.0.crate) = 78605 SHA256 (rust/crates/utf8parse-0.2.1.crate) = 711b9620af191e0cdc7468a8d14e709c3dcdb115b36f838e601583af800a370a SIZE (rust/crates/utf8parse-0.2.1.crate) = 13435 SHA256 (rust/crates/uuid-1.7.0.crate) = f00cc9702ca12d3c81455259621e676d0f7251cec66a21e98fe2e9a37db93b2a SIZE (rust/crates/uuid-1.7.0.crate) = 42627 SHA256 (rust/crates/vcpkg-0.2.15.crate) = accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426 SIZE (rust/crates/vcpkg-0.2.15.crate) = 228735 SHA256 (rust/crates/version_check-0.9.4.crate) = 49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f SIZE (rust/crates/version_check-0.9.4.crate) = 14895 SHA256 (rust/crates/want-0.3.1.crate) = bfa7760aed19e106de2c7c0b581b509f2f25d3dacaf737cb82ac61bc6d760b0e SIZE (rust/crates/want-0.3.1.crate) = 6398 SHA256 (rust/crates/wasi-0.11.0+wasi-snapshot-preview1.crate) = 9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423 SIZE (rust/crates/wasi-0.11.0+wasi-snapshot-preview1.crate) = 28131 SHA256 (rust/crates/wasm-bindgen-0.2.90.crate) = b1223296a201415c7fad14792dbefaace9bd52b62d33453ade1c5b5f07555406 SIZE (rust/crates/wasm-bindgen-0.2.90.crate) = 182529 SHA256 (rust/crates/wasm-bindgen-backend-0.2.90.crate) = fcdc935b63408d58a32f8cc9738a0bffd8f05cc7c002086c6ef20b7312ad9dcd SIZE (rust/crates/wasm-bindgen-backend-0.2.90.crate) = 28348 SHA256 (rust/crates/wasm-bindgen-futures-0.4.40.crate) = bde2032aeb86bdfaecc8b261eef3cba735cc426c1f3a3416d1e0791be95fc461 SIZE (rust/crates/wasm-bindgen-futures-0.4.40.crate) = 15375 SHA256 (rust/crates/wasm-bindgen-macro-0.2.90.crate) = 3e4c238561b2d428924c49815533a8b9121c664599558a5d9ec51f8a1740a999 SIZE (rust/crates/wasm-bindgen-macro-0.2.90.crate) = 13904 SHA256 (rust/crates/wasm-bindgen-macro-support-0.2.90.crate) = bae1abb6806dc1ad9e560ed242107c0f6c84335f1749dd4e8ddb012ebd5e25a7 SIZE (rust/crates/wasm-bindgen-macro-support-0.2.90.crate) = 20008 SHA256 (rust/crates/wasm-bindgen-shared-0.2.90.crate) = 4d91413b1c31d7539ba5ef2451af3f0b833a005eb27a631cec32bc0635a8602b SIZE (rust/crates/wasm-bindgen-shared-0.2.90.crate) = 7264 SHA256 (rust/crates/web-sys-0.3.67.crate) = 58cd2333b6e0be7a39605f0e255892fd7418a682d8da8fe042fe25128794d2ed SIZE (rust/crates/web-sys-0.3.67.crate) = 725967 SHA256 (rust/crates/webpki-roots-0.25.3.crate) = 1778a42e8b3b90bff8d0f5032bf22250792889a5cdc752aa0020c84abe3aaf10 SIZE (rust/crates/webpki-roots-0.25.3.crate) = 251565 SHA256 (rust/crates/winapi-0.3.9.crate) = 5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419 SIZE (rust/crates/winapi-0.3.9.crate) = 1200382 SHA256 (rust/crates/winapi-i686-pc-windows-gnu-0.4.0.crate) = ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6 SIZE (rust/crates/winapi-i686-pc-windows-gnu-0.4.0.crate) = 2918815 SHA256 (rust/crates/winapi-x86_64-pc-windows-gnu-0.4.0.crate) = 712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f SIZE (rust/crates/winapi-x86_64-pc-windows-gnu-0.4.0.crate) = 2947998 SHA256 (rust/crates/windows-core-0.52.0.crate) = 33ab640c8d7e35bf8ba19b884ba838ceb4fba93a4e8c65a9059d08afcfc683d9 SIZE (rust/crates/windows-core-0.52.0.crate) = 42154 SHA256 (rust/crates/windows-sys-0.48.0.crate) = 677d2418bec65e3338edb076e806bc1ec15693c5d0104683f2efe857f61056a9 SIZE (rust/crates/windows-sys-0.48.0.crate) = 2628884 SHA256 (rust/crates/windows-sys-0.52.0.crate) = 282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d SIZE (rust/crates/windows-sys-0.52.0.crate) = 2576877 SHA256 (rust/crates/windows-targets-0.48.5.crate) = 9a2fa6e2155d7247be68c096456083145c183cbbbc2764150dda45a87197940c SIZE (rust/crates/windows-targets-0.48.5.crate) = 6904 SHA256 (rust/crates/windows-targets-0.52.0.crate) = 8a18201040b24831fbb9e4eb208f8892e1f50a37feb53cc7ff887feb8f50e7cd SIZE (rust/crates/windows-targets-0.52.0.crate) = 6229 SHA256 (rust/crates/windows_aarch64_gnullvm-0.48.5.crate) = 2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8 SIZE (rust/crates/windows_aarch64_gnullvm-0.48.5.crate) = 418492 SHA256 (rust/crates/windows_aarch64_gnullvm-0.52.0.crate) = cb7764e35d4db8a7921e09562a0304bf2f93e0a51bfccee0bd0bb0b666b015ea SIZE (rust/crates/windows_aarch64_gnullvm-0.52.0.crate) = 430182 SHA256 (rust/crates/windows_aarch64_msvc-0.48.5.crate) = dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc SIZE (rust/crates/windows_aarch64_msvc-0.48.5.crate) = 798483 SHA256 (rust/crates/windows_aarch64_msvc-0.52.0.crate) = bbaa0368d4f1d2aaefc55b6fcfee13f41544ddf36801e793edbbfd7d7df075ef SIZE (rust/crates/windows_aarch64_msvc-0.52.0.crate) = 821663 SHA256 (rust/crates/windows_i686_gnu-0.48.5.crate) = a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e SIZE (rust/crates/windows_i686_gnu-0.48.5.crate) = 844891 SHA256 (rust/crates/windows_i686_gnu-0.52.0.crate) = a28637cb1fa3560a16915793afb20081aba2c92ee8af57b4d5f28e4b3e7df313 SIZE (rust/crates/windows_i686_gnu-0.52.0.crate) = 870285 SHA256 (rust/crates/windows_i686_msvc-0.48.5.crate) = 8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406 SIZE (rust/crates/windows_i686_msvc-0.48.5.crate) = 864300 SHA256 (rust/crates/windows_i686_msvc-0.52.0.crate) = ffe5e8e31046ce6230cc7215707b816e339ff4d4d67c65dffa206fd0f7aa7b9a SIZE (rust/crates/windows_i686_msvc-0.52.0.crate) = 888693 SHA256 (rust/crates/windows_x86_64_gnu-0.48.5.crate) = 53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e SIZE (rust/crates/windows_x86_64_gnu-0.48.5.crate) = 801619 SHA256 (rust/crates/windows_x86_64_gnu-0.52.0.crate) = 3d6fa32db2bc4a2f5abeacf2b69f7992cd09dca97498da74a151a3132c26befd SIZE (rust/crates/windows_x86_64_gnu-0.52.0.crate) = 826213 SHA256 (rust/crates/windows_x86_64_gnullvm-0.48.5.crate) = 0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc SIZE (rust/crates/windows_x86_64_gnullvm-0.48.5.crate) = 418486 SHA256 (rust/crates/windows_x86_64_gnullvm-0.52.0.crate) = 1a657e1e9d3f514745a572a6846d3c7aa7dbe1658c056ed9c3344c4109a6949e SIZE (rust/crates/windows_x86_64_gnullvm-0.52.0.crate) = 430165 SHA256 (rust/crates/windows_x86_64_msvc-0.48.5.crate) = ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538 SIZE (rust/crates/windows_x86_64_msvc-0.48.5.crate) = 798412 SHA256 (rust/crates/windows_x86_64_msvc-0.52.0.crate) = dff9641d1cd4be8d1a070daf9e3773c5f67e78b4d9d42263020c057706765c04 SIZE (rust/crates/windows_x86_64_msvc-0.52.0.crate) = 821600 SHA256 (rust/crates/winnow-0.5.34.crate) = b7cf47b659b318dccbd69cc4797a39ae128f533dce7902a1096044d1967b9c16 SIZE (rust/crates/winnow-0.5.34.crate) = 154055 SHA256 (rust/crates/winreg-0.50.0.crate) = 524e57b2c537c0f9b1e69f1965311ec12182b4122e45035b1508cd24d2adadb1 SIZE (rust/crates/winreg-0.50.0.crate) = 29703 SHA256 (rust/crates/xattr-1.3.1.crate) = 8da84f1a25939b27f6820d92aed108f83ff920fdf11a7b19366c27c4cda81d4f SIZE (rust/crates/xattr-1.3.1.crate) = 12580 -SHA256 (NLnetLabs-routinator-v0.13.1_GH0.tar.gz) = bf88bf03c749ba98a653a45313008d4f88cc9920395662d789be2d0529dd7870 -SIZE (NLnetLabs-routinator-v0.13.1_GH0.tar.gz) = 5455937 +SHA256 (NLnetLabs-routinator-v0.13.2_GH0.tar.gz) = 77c3b74b508caabf4c59387480cda18b222d817fd70328f8c73a8fb45a774108 +SIZE (NLnetLabs-routinator-v0.13.2_GH0.tar.gz) = 5456095 diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml index d425738ea7e7..8938a3888d23 100644 --- a/security/vuxml/vuln/2024.xml +++ b/security/vuxml/vuln/2024.xml @@ -1,2050 +1,2077 @@ + + null -- Routinator terminates when RTR connection is reset too quickly after opening + + + null + null + + + + +

sep@nlnetlabs.nl reports:

+
+

Due to a mistake in error checking, Routinator will terminate when + an incoming RTR connection is reset by the peer too quickly after + opening.

+
+ +
+ + CVE-2024-1622 + https://nvd.nist.gov/vuln/detail/CVE-2024-1622 + + + 2024-02-26 + 2024-02-28 + +
curl -- OCSP verification bypass with TLS session reuse curl 8.6.0

Hiroki Kurosawa reports:

curl inadvertently kept the SSL session ID for connections in its cache even when the verify status (OCSP stapling) test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check.

CVE-2024-0853 https://curl.se/docs/CVE-2024-0853.html 2024-01-31 2024-02-28
gitea -- Fix XSS vulnerabilities gitea 1.21.6

Problem Description:

  • The Wiki page did not sanitize author name
  • the reviewer name on a "dismiss review" comment is also affected
  • the migration page has some spots
https://blog.gitea.com/release-of-1.21.6/ 2024-02-23 2024-02-24
chromium -- multiple security fixes chromium 122.0.6261.57 ungoogled-chromium 122.0.6261.57

Chrome Releases reports:

This update includes 12 security fixes:

  • [41495060] High CVE-2024-1669: Out of bounds memory access in Blink. Reported by Anonymous on 2024-01-26
  • [41481374] High CVE-2024-1670: Use after free in Mojo. Reported by Cassidy Kim(@cassidy6564) on 2023-12-06
  • [41487933] Medium CVE-2024-1671: Inappropriate implementation in Site Isolation. Reported by Harry Chen on 2024-01-03
  • [41485789] Medium CVE-2024-1672: Inappropriate implementation in Content Security Policy. Reported by Georg Felber (TU Wien) & Marco Squarcina (TU Wien) on 2023-12-19
  • [41490491] Medium CVE-2024-1673: Use after free in Accessibility. Reported by Weipeng Jiang (@Krace) of VRI on 2024-01-11
  • [40095183] Medium CVE-2024-1674: Inappropriate implementation in Navigation. Reported by David Erceg on 2019-05-27
  • [41486208] Medium CVE-2024-1675: Insufficient policy enforcement in Download. Reported by Bartłomiej Wacko on 2023-12-21
  • [40944847] Low CVE-2024-1676: Inappropriate implementation in Navigation. Reported by Khalil Zhani on 2023-11-21
https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html 2024-02-20 2024-02-24
Grafana -- Email verification is not required after email change grafana 9.5.16 10.0.010.0.11 10.1.010.1.7 10.2.010.2.4 10.3.010.3.3 grafana9 9.5.16 grafana10 10.0.11 10.1.010.1.7 10.2.010.2.4 10.3.010.3.3

Grafana Labs reports:

The vulnerability impacts instances where Grafana basic authentication is enabled.

Grafana has a verify_email_enabled configuration option. When this option is enabled, users are required to confirm their email addresses before the sign-up process is complete. However, the email is only checked at the time of the sign-up. No further verification is carried out if a user’s email address is updated after the initial sign-up. Moreover, Grafana allows using an email address as the user’s login name, and no verification is ever carried out for this email address.

This means that even if the verify_email_enabled configuration option is enabled, users can use unverified email addresses to log into Grafana if the email address has been changed after the sign up, or if an email address is set as the login name.

The CVSS score for this vulnerability is [5.4 Medium] (CVSS).

CVE-2023-6152 https://grafana.com/security/security-advisories/cve-2023-6152/ 2023-11-10 2024-02-20
dns/c-ares -- malformatted file causes application crash c-ares 1.27.0

c-ares project reports:

Reading malformatted /etc/resolv.conf, /etc/nsswitch.conf or the HOSTALIASES file could result in a crash.

CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q 2024-02-23 2024-02-23
suricata -- multiple vulnerabilities suricata 7.0.3

Suricata team reports:

Multiple vulnerabilities fixed in the last release of suricata.

No details have been disclosed yet

CVE-2024-23839 CVE-2024-23836 CVE-2024-23835 CVE-2024-24568 CVE-2024-23837 2024-01-22 2024-02-23
electron27 -- multiple vulnerabilities electron27 27.3.3

Electron developers report:

This update fixes the following vulnerability:

  • Security: backported fix for CVE-2024-1283.
  • Security: backported fix for CVE-2024-1284.
CVE-2024-1283 https://github.com/advisories/GHSA-7mgj-p9v3-3vxr CVE-2024-1284 https://github.com/advisories/GHSA-pf89-rhhw-xmhp 2024-02-21 2024-02-23
Gitlab -- Vulnerabilities gitlab-ce 16.9.016.9.1 16.8.016.8.3 11.3.016.7.6

Gitlab reports:

Stored-XSS in user's profile page

User with "admin_group_members" permission can invite other groups to gain owner access

ReDoS issue in the Codeowners reference extractor

LDAP user can reset password using secondary email and login using direct authentication

Bypassing group ip restriction settings to access environment details of projects through Environments/Operations Dashboard

Users with the Guest role can change Custom dashboard projects settings for projects in the victim group

Group member with sub-maintainer role can change title of shared private deploy keys

Bypassing approvals of CODEOWNERS

CVE-2024-1451 CVE-2023-6477 CVE-2023-6736 CVE-2024-1525 CVE-2023-4895 CVE-2024-0861 CVE-2023-3509 CVE-2024-0410 https://about.gitlab.com/releases/2024/02/21/security-release-gitlab-16-9-1-released/ 2024-02-21 2024-02-22
powerdns-recursor -- Multiple Vulnerabilities powerdns-recursor 5.0.2

cve@mitre.org reports:

CVE-2023-50868: The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.

CVE-2023-50387: Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.

CVE-2023-50868 https://nvd.nist.gov/vuln/detail/CVE-2023-50868 CVE-2023-50387 https://nvd.nist.gov/vuln/detail/CVE-2023-50387 2024-02-14 2024-02-16
nginx-devel -- Multiple Vulnerabilities in HTTP/3 nginx-devel 1.25.01.25.4

The nginx development team reports:

When using HTTP/3 a segmentation fault might occur in a worker process while processing a specially crafted QUIC session.

CVE-2024-24989 CVE-2024-24990 2024-02-14 2024-02-15
FreeBSD -- jail(2) information leak FreeBSD-kernel 14.014.0_5 13.213.2_10

Problem Description:

The jail(2) system call has not limited a visiblity of allocated TTYs (the kern.ttys sysctl). This gives rise to an information leak about processes outside the current jail.

Impact:

Attacker can get information about TTYs allocated on the host or in other jails. Effectively, the information printed by "pstat -t" may be leaked.

CVE-2024-25941 SA-24:02.tty 2024-02-14 2024-02-14
FreeBSD -- bhyveload(8) host file access FreeBSD 14.014.0_5 13.213.2_10

Problem Description:

`bhyveload -h <host-path>` may be used to grant loader access to the <host-path> directory tree on the host. Affected versions of bhyveload(8) do not make any attempt to restrict loader's access to <host-path>, allowing the loader to read any file the host user has access to.

Impact:

In the bhyveload(8) model, the host supplies a userboot.so to boot with, but the loader scripts generally come from the guest image. A maliciously crafted script could be used to exfiltrate sensitive data from the host accessible to the user running bhyhveload(8), which is often the system root.

CVE-2024-25940 SA-24:01.bhyveload 2024-02-14 2024-02-14
chromium -- security fix chromium 121.0.6167.184 ungoogled-chromium 121.0.6167.184

Chrome Releases reports:

This update includes 1 security fix.

https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_13.html 2024-02-13 2024-02-14
DNSSEC validators -- denial-of-service/CPU exhaustion from KeyTrap and NSEC3 vulnerabilities bind916 9.16.48 bind918 9.18.24 bind9-devel 9.19.21 dnsmasq 2.90 dnsmasq-devel 2.90 powerdns-recursor 5.0.2 unbound 1.19.1

Simon Kelley reports:

If DNSSEC validation is enabled, then an attacker who can force a DNS server to validate a specially crafted signed domain can use a lot of CPU in the validator. This only affects dnsmasq installations with DNSSEC enabled.

Stichting NLnet Labs reports:

The KeyTrap [CVE-2023-50387] vulnerability works by using a combination of Keys (also colliding Keys), Signatures and number of RRSETs on a malicious zone. Answers from that zone can force a DNSSEC validator down a very CPU intensive and time costly validation path.

The NSEC3 [CVE-2023-50868] vulnerability uses specially crafted responses on a malicious zone with multiple NSEC3 RRSETs to force a DNSSEC validator down a very CPU intensive and time costly NSEC3 hash calculation path.

CVE-2023-50387 CVE-2023-50868 https://kb.isc.org/docs/cve-2023-50387 https://kb.isc.org/docs/cve-2023-50868 https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html https://blog.powerdns.com/2024/02/13/powerdns-recursor-4-8-6-4-9-3-5-0-2-released https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/ 2024-02-06 2024-02-13
phpmyfaq -- multiple vulnerabilities phpmyfaq-php81 phpmyfaq-php82 phpmyfaq-php83 3.2.5

phpMyFAQ team reports:

phpMyFAQ doesn't implement sufficient checks to avoid XSS when storing on attachments filenames. The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. phpMyFAQ's user removal page allows an attacker to spoof another user's detail, and in turn make a compelling phishing case for removing another user's account.

https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7m8g-fprr-47fx https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9hhf-xmcw-r3xg https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6648-6g96-mg35 2024-02-05 2024-02-11
openexr -- Heap Overflow in Scanline Deep Data Parsing openexr 3.1.12 3.2.03.2.2

Austin Hackers Anonymous report:

Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEXR image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability.

[...] it is in a routine that is predominantly used for development and testing. It is not likely to appear in production code.

CVE-2023-5841 https://takeonme.org/cves/CVE-2023-5841.html https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.2.2 2023-10-26 2024-02-12
readstat -- Heap buffer overflow in readstat_convert readstat 1.1.9

Google reports:

A heap buffer overflow exists in readstat_convert.

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33991 https://osv.dev/vulnerability/OSV-2021-732 https://github.com/WizardMac/ReadStat/issues/285 2021-05-05 2024-02-12
p5-Spreadsheet-ParseExcel -- Remote Code Execution Vulnerability p5-Spreadsheet-ParseExcel 0.66

Spreadsheet-ParseExcel reports:

Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type eval "eval". Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic.

CVE-2023-7101 https://nvd.nist.gov/vuln/detail/CVE-2023-7101 2023-12-29 2024-02-11
postgresql-server -- non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL postgresql-server 15.6 14.11 13.14 12.18

PostgreSQL Project reports:

One step of a concurrent refresh command was run under weak security restrictions. If a materialized view's owner could persuade a superuser or other high-privileged user to perform a concurrent refresh on that view, the view's owner could control code executed with the privileges of the user running REFRESH. The fix for the vulnerability makes is so that all user-determined code is run as the view's owner, as expected.

CVE-2024-0985 https://www.postgresql.org/support/security/CVE-2024-0985/ 2024-02-08 2024-02-08
Gitlab -- vulnerabilities gitlab-ce 16.8.016.8.2 16.7.016.7.5 13.3.016.6.7

Gitlab reports:

Restrict group access token creation for custom roles

Project maintainers can bypass group's scan result policy block_branch_modification setting

ReDoS in CI/CD Pipeline Editor while verifying Pipeline syntax

Resource exhaustion using GraphQL vulnerabilitiesCountByDay

CVE-2024-1250 CVE-2023-6840 CVE-2023-6386 CVE-2024-1066 https://about.gitlab.com/releases/2024/02/07/security-release-gitlab-16-8-2-released/ 2024-02-07 2024-02-08
Composer -- Code execution and possible privilege escalation php81-composer 2.7.0 php82-composer 2.7.0 php83-composer 2.7.0

Copmposer reports:

Code execution and possible privilege escalation via compromised InstalledVersions.php or installed.php.

Several files within the local working directory are included during the invocation of Composer and in the context of the executing user.

As such, under certain conditions arbitrary code execution may lead to local privilege escalation, provide lateral user movement or malicious code execution when Composer is invoked within a directory with tampered files.

All Composer CLI commands are affected, including composer.phar's self-update.

CVE-2024-24821 https://github.com/composer/composer/security/advisories/GHSA-7c6p-848j-wh5h 2024-02-08 2024-02-08
Libgit2 -- multiple vulnerabilities eza 0.18.2 libgit2 1.7.01.7.2 1.6.5

Git community reports:

A bug in git_revparse_single is fixed that could have caused the function to enter an infinite loop given well-crafted inputs, potentially causing a Denial of Service attack in the calling application

A bug in git_revparse_single is fixed that could have caused the function to enter an infinite loop given well-crafted inputs, potentially causing a Denial of Service attack in the calling application

A bug in the smart transport negotiation could have caused an out-of-bounds read when a remote server did not advertise capabilities

CVE-2024-24577 https://github.com/libgit2/libgit2/releases/tag/v1.7.2 2024-02-06 2024-02-08 2024-02-14
chromium -- multiple security fixes chromium 121.0.6167.160 ungoogled-chromium 121.0.6167.160 qt5-webengine 5.15.16.p5_5 qt6-webengine 6.6.1_5

Chrome Releases reports:

This update includes 3 security fixes:

  • [41494539] High CVE-2024-1284: Use after free in Mojo. Reported by Anonymous on 2024-01-25
  • [41494860] High CVE-2024-1283: Heap buffer overflow in Skia. Reported by Jorge Buzeti (@r3tr074) on 2024-01-25
CVE-2024-1284 CVE-2024-1283 https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop.html 2024-02-06 2024-02-08
clamav -- Multiple vulnerabilities clamav 1.2.2,1 clamav-lts 1.0.5,1

The ClamAV project reports:

CVE-2024-20290
A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software and consuming available system resources.
CVE-2024-20328
Fixed a possible command injection vulnerability in the "VirusEvent" feature of ClamAV's ClamD service. To fix this issue, we disabled the '%f' format string parameter. ClamD administrators may continue to use the `CLAM_VIRUSEVENT_FILENAME` environment variable, instead of '%f'. But you should do so only from within an executable, such as a Python script, and not directly in the clamd.conf "VirusEvent" command.
CVE-2024-20290 CVE-2024-20328 https://blog.clamav.net/2023/11/clamav-130-122-105-released.html 2024-02-07 2024-02-07
Django -- multiple vulnerabilities py39-django32 py310-django32 py311-django32 3.2.24 py39-django42 py310-django42 py311-django42 4.2.8 py311-django50 5.0.2

Django reports:

CVE-2024-24680:Potential denial-of-service in intcomma template filter.

CVE-2024-24680 https://www.djangoproject.com/weblog/2024/feb/06/security-releases/ 2024-01-09 2024-02-07
chromium -- multiple security fixes chromium 121.0.6167.139 ungoogled-chromium 121.0.6167.139 qt5-webengine 5.15.16.p5_5 qt6-webengine 6.6.1_5

Chrome Releases reports:

This update includes 4 security fixes:

  • [1511567] High CVE-2024-1060: Use after free in Canvas. Reported by Anonymous on 2023-12-14
  • [1514777] High CVE-2024-1059: Use after free in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2023-12-29
  • [1511085] High CVE-2024-1077: Use after free in Network. Reported by Microsoft Security Research Center on 2023-12-13
CVE-2024-1060 CVE-2024-1059 CVE-2024-1077 https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_30.html 2024-01-30 2024-02-02
chromium -- multiple security fixes chromium 121.0.6167.85 ungoogled-chromium 121.0.6167.85

Chrome Releases reports:

This update includes 17 security fixes:

  • [1484394] High CVE-2024-0812: Inappropriate implementation in Accessibility. Reported by Anonymous on 2023-09-19
  • [1504936] High CVE-2024-0808: Integer underflow in WebUI. Reported by Lyra Rebane (rebane2001) on 2023-11-24
  • [1496250] Medium CVE-2024-0810: Insufficient policy enforcement in DevTools. Reported by Shaheen Fazim on 2023-10-26
  • [1463935] Medium CVE-2024-0814: Incorrect security UI in Payments. Reported by Muneaki Nishimura (nishimunea) on 2023-07-11
  • [1477151] Medium CVE-2024-0813: Use after free in Reading Mode. Reported by @retsew0x01 on 2023-08-30
  • [1505176] Medium CVE-2024-0806: Use after free in Passwords. Reported by 18楼梦想改造家 on 2023-11-25
  • [1514925] Medium CVE-2024-0805: Inappropriate implementation in Downloads. Reported by Om Apip on 2024-01-01
  • [1515137] Medium CVE-2024-0804: Insufficient policy enforcement in iOS Security UI. Reported by Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India) on 2024-01-03
  • [1494490] Low CVE-2024-0811: Inappropriate implementation in Extensions API. Reported by Jann Horn of Google Project Zero on 2023-10-21
  • [1497985] Low CVE-2024-0809: Inappropriate implementation in Autofill. Reported by Ahmed ElMasry on 2023-10-31
CVE-2024-0812 CVE-2024-0808 CVE-2024-0810 CVE-2024-0814 CVE-2024-0813 CVE-2024-0806 CVE-2024-0805 CVE-2024-0804 CVE-2024-0811 CVE-2024-0809 https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html 2024-01-23 2024-02-02
electron{26,27,28} -- Use after free in Web Audio electron26 26.6.8 electron27 27.3.1 electron28 28.2.1

Electron developers reports:

This update fixes the following vulnerability:

  • Security: backported fix for CVE-2024-0807.
CVE-2024-0807 https://github.com/advisories/GHSA-hjm7-v5pw-x89r 2024-01-31 2024-02-01
qt6-webengine -- Multiple vulnerabilities qt5-webengine 5.15.16.p5_5 qt6-webengine 6.6.1_4

Qt qtwebengine-chromium repo reports:

Backports for 3 security bugs in Chromium:

  • [1505080] High CVE-2024-0807: Use after free in WebAudio
  • [1504936] Critical CVE-2024-0808: Integer underflow in WebUI
  • [1496250] Medium CVE-2024-0810: Insufficient policy enforcement in DevTools
CVE-2024-0807 CVE-2024-0808 CVE-2024-0810 https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=112-based 2024-01-30 2024-01-31
OpenSSL -- Multiple vulnerabilities openssl 3.0.13,1 openssl-quictls 3.0.13 openssl31 3.1.5 openssl31-quictls 3.1.5 openssl32 3.2.1

The OpenSSL project reports:

Excessive time spent checking invalid RSA public keys (CVE-2023-6237)

PKCS12 Decoding crashes (CVE-2024-0727)

CVE-2024-0727 CVE-2023-6237 https://www.openssl.org/news/secadv/20240125.txt https://www.openssl.org/news/secadv/20240115.txt https://www.openssl.org/news/openssl-3.0-notes.html https://www.openssl.org/news/openssl-3.1-notes.html https://www.openssl.org/news/openssl-3.2-notes.html 2024-01-30 2024-01-31
lizard -- Negative size passed to memcpy resulting in memory corruption lizard 1.0_1

cve@mitre.org reports:

In Lizard v1.0 and LZ5 v2.0 (the prior release, before the product was renamed), there is an unchecked buffer size during a memcpy in the Lizard_decompress_LIZv1 function (lib/lizard_decompress_liz.h). Remote attackers can leverage this vulnerability to cause a denial of service via a crafted input file, as well as achieve remote code execution.

CVE-2018-11498 https://nvd.nist.gov/vuln/detail/CVE-2018-11498 2018-05-26 2024-01-31
qt6-webengine -- Multiple vulnerabilities qt6-webengine 6.6.1_3

Qt qtwebengine-chromium repo reports:

Backports for 15 security bugs in Chromium:

  • [1505053] High CVE-2023-6345: Integer overflow in Skia
  • [1500856] High CVE-2023-6346: Use after free in WebAudio
  • [1494461] High CVE-2023-6347: Use after free in Mojo
  • [1501326] High CVE-2023-6702: Type Confusion in V8
  • [1502102] High CVE-2023-6703: Use after free in Blink
  • [1505708] High CVE-2023-6705: Use after free in WebRTC
  • [1500921] High CVE-2023-6706: Use after free in FedCM
  • [1513170] High CVE-2023-7024: Heap buffer overflow in WebRTC
  • [1501798] High CVE-2024-0222: Use after free in ANGLE
  • [1505009] High CVE-2024-0223: Heap buffer overflow in ANGLE
  • [1505086] High CVE-2024-0224: Use after free in WebAudio
  • [1506923] High CVE-2024-0225: Use after free in WebGPU
  • [1513379] High CVE-2024-0333: Insufficient data validation in Extensions
  • [1507412] High CVE-2024-0518: Type Confusion in V8
  • [1517354] High CVE-2024-0519: Out of bounds memory access in V8
CVE-2023-6345 CVE-2023-6346 CVE-2023-6347 CVE-2023-6702 CVE-2023-6703 CVE-2023-6705 CVE-2023-6706 CVE-2023-7024 CVE-2024-0222 CVE-2024-0223 CVE-2024-0224 CVE-2024-0225 CVE-2024-0333 CVE-2024-0518 CVE-2024-0519 https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=112-based 2024-01-08 2024-01-29
qt5-webengine -- Multiple vulnerabilities qt5-webengine 5.15.16.p5_4

Qt qtwebengine-chromium repo reports:

Backports for 8 security bugs in Chromium:

  • [1505053] High CVE-2023-6345: Integer overflow in Skia
  • [1501326] High CVE-2023-6702: Type Confusion in V8
  • [1513170] High CVE-2023-7024: Heap buffer overflow in WebRTC
  • [1501798] High CVE-2024-0222: Use after free in ANGLE
  • [1505086] High CVE-2024-0224: Use after free in WebAudio
  • [1513379] High CVE-2024-0333: Insufficient data validation in Extensions
  • [1507412] High CVE-2024-0518: Type Confusion in V8
  • [1517354] High CVE-2024-0519: Out of bounds memory access in V8
CVE-2023-6345 CVE-2023-6702 CVE-2023-7024 CVE-2024-0222 CVE-2024-0224 CVE-2024-0333 CVE-2024-0518 CVE-2024-0519 https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=87-based 2024-01-08 2024-01-29
rclone -- Multiple vulnerabilities rclone 1.65.1

Multiple vulnerabilities in ssh and golang

  • CVE-2023-45286: HTTP request body disclosure in go-resty disclosure across requests.
  • CVE-2023-48795: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks.
CVE-2023-45286 CVE-2023-48795 https://nvd.nist.gov/vuln/detail/CVE-2023-45286 https://nvd.nist.gov/vuln/detail/CVE-2023-48795 2023-11-28 2024-01-26
Gitlab -- vulnerabilities gitlab-ce 16.8.016.8.1 16.7.016.7.4 16.6.016.6.6 12.7.016.5.8

Gitlab reports:

Arbitrary file write while creating workspace

ReDoS in Cargo.toml blob viewer

Arbitrary API PUT requests via HTML injection in user's name

Disclosure of the public email in Tags RSS Feed

Non-Member can update MR Assignees of owned MRs

CVE-2024-0402 CVE-2023-6159 CVE-2023-5933 CVE-2023-5612 CVE-2024-0456 https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/ 2024-01-25 2024-01-26
jenkins -- multiple vulnerabilities jenkins 2.422 jenkins-lts 2.426.3

Jenkins Security Advisory:

Description

(Critical) SECURITY-3314 / CVE-2024-23897

Arbitrary file read vulnerability through the CLI can lead to RCE

Description

(High) SECURITY-3315 / CVE-2024-23898

Cross-site WebSocket hijacking vulnerability in the CLI

CVE-2024-23897 CVE-2024-23898 https://www.jenkins.io/security/advisory/2024-01-24/ 2024-01-24 2024-01-24
TinyMCE -- mXSS in multiple plugins tinymce 6.7.3 roundcube 1.6.6,1

TinyMCE reports:

Special characters in unescaped text nodes can trigger mXSS when using TinyMCE undo/redo, getContentAPI, resetContentAPI, and Autosave plugin

CVE-2023-48219 https://github.com/tinymce/tinymce/security/advisories/GHSA-v626-r774-j7f8 https://github.com/roundcube/roundcubemail/releases/tag/1.6.6 2023-11-15 2024-01-23
zeek -- potential DoS vulnerability zeek 6.0.3

Tim Wojtulewicz of Corelight reports:

A specially-crafted series of packets containing nested MIME entities can cause Zeek to spend large amounts of time parsing the entities.

https://github.com/zeek/zeek/releases/tag/v6.0.3 2024-01-22 2024-01-22
electron26 -- Out of bounds memory access in V8 electron26 26.6.7

Electron developers report:

This update fixes the following vulnerability:

  • Security: backported fix for CVE-2024-0519.
CVE-2024-0519 https://github.com/advisories/GHSA-vg6w-jr5m-86c8 2024-01-18 2024-01-19
electron{26,27} -- multiple vulnerabilities electron26 26.6.6 electron27 27.2.4

Electron developers report:

This update fixes the following vulnerabilities:

  • Security: backported fix for CVE-2024-0518.
  • Security: backported fix for CVE-2024-0517.
CVE-2024-0518 https://github.com/advisories/GHSA-4pvg-f3m8-ff3j CVE-2024-0517 https://github.com/advisories/GHSA-v39r-662x-j524 2024-01-17 2024-01-17 2024-01-18
chromium -- multiple security fixes chromium 120.0.6099.224 ungoogled-chromium 120.0.6099.224

Chrome Releases reports:

This update includes 4 security fixes:

  • [1515930] High CVE-2024-0517: Out of bounds write in V8. Reported by Toan (suto) Pham of Qrious Secure on 2024-01-06
  • [1507412] High CVE-2024-0518: Type Confusion in V8. Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team on 2023-12-03
  • [1517354] High CVE-2024-0519: Out of bounds memory access in V8. Reported by Anonymous on 2024-01-11
CVE-2024-0517 CVE-2024-0518 CVE-2024-0519 https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html 2024-01-16 2024-01-17
xorg server -- Multiple vulnerabilities xorg-server xephyr xorg-vfbserver 21.1.11,1 xorg-nextserver 21.1.11,2 xwayland 23.2.4 xwayland-devel 21.0.99.1.653

The X.Org project reports:

  • CVE-2023-6816: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer

    Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255 but the X.Org Server was only allocating space for the device's number of buttons, leading to a heap overflow if a bigger value was used.

  • CVE-2024-0229: Reattaching to different master device may lead to out-of-bounds memory access

    If a device has both a button class and a key class and numButtons is zero, we can get an out-of-bounds write due to event under-allocation in the DeliverStateNotifyEvent function.

  • CVE-2024-21885: Heap buffer overflow in XISendDeviceHierarchyEvent

    The XISendDeviceHierarchyEvent() function allocates space to store up to MAXDEVICES (256) xXIHierarchyInfo structures in info. If a device with a given ID was removed and a new device with the same ID added both in the same operation, the single device ID will lead to two info structures being written to info. Since this case can occur for every device ID at once, a total of two times MAXDEVICES info structures might be written to the allocation, leading to a heap buffer overflow.

  • CVE-2024-21886: Heap buffer overflow in DisableDevice

    The DisableDevice() function is called whenever an enabled device is disabled and it moves the device from the inputInfo.devices linked list to the inputInfo.off_devices linked list. However, its link/unlink operation has an issue during the recursive call to DisableDevice() due to the prev pointer pointing to a removed device. This issue leads to a length mismatch between the total number of devices and the number of device in the list, leading to a heap overflow and, possibly, to local privilege escalation.

CVE-2023-6816 CVE-2024-0229 CVE-2024-21885 CVE-2024-21886 https://lists.x.org/archives/xorg/2024-January/061525.html 2024-01-16 2024-01-16
electron{26,27} -- multiple vulnerabilities electron26 26.6.5 electron27 27.2.2

Electron developers report:

This update fixes the following vulnerabilities:

  • Security: backported fix for CVE-2024-0224.
  • Security: backported fix for CVE-2024-0225.
  • Security: backported fix for CVE-2024-0223.
  • Security: backported fix for CVE-2024-0222.
CVE-2024-0224 https://github.com/advisories/GHSA-83wx-v283-85g9 CVE-2024-0225 https://github.com/advisories/GHSA-gqr9-4fcc-c9jq CVE-2024-0223 https://github.com/advisories/GHSA-w8x8-g534-x4rp CVE-2024-0222 https://github.com/advisories/GHSA-c87c-56pw-mwgh 2024-01-10 2024-01-12
Gitlab -- vulnerabilities gitlab-ce 16.7.016.7.2 16.6.016.6.4 8.13.016.5.6

Gitlab reports:

Account Takeover via Password Reset without user interactions

Attacker can abuse Slack/Mattermost integrations to execute slash commands as another user

Bypass CODEOWNERS approval removal

Workspaces able to be created under different root namespace

Commit signature validation ignores headers after signature

CVE-2023-7028 CVE-2023-5356 CVE-2023-4812 CVE-2023-6955 CVE-2023-2030 https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/ 2024-01-11 2024-01-12
OpenSSL -- Vector register corruption on PowerPC openssl 3.0.12_2,1 openssl-quictls 3.0.12_2 openssl31 3.1.4_2 openssl31-quictls 3.1.4_2 openssl32 3.2.0_1

SO-AND-SO reports:

The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions.

CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt 2024-01-09 2024-01-11
chromium -- security fix chromium 120.0.6099.216 ungoogled-chromium 120.0.6099.216

Chrome Releases reports:

This update includes 1 security fix:

  • [1513379] High CVE-2024-0333: Insufficient data validation in Extensions. Reported by Malcolm Stagg (@malcolmst) of SODIUM-24, LLC on 2023-12-20
CVE-2024-0333 https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_9.html 2024-01-09 2024-01-10
QtNetwork -- potential buffer overflow qt5-network 5.15.12p148_1 qt6-base 6.6.1_2

Andy Shaw reports:

A potential integer overflow has been discovered in Qt's HTTP2 implementation. If the HTTP2 implementation receives more than 4GiB in total headers, or more than 2GiB for any given header pair, then the internal buffers may overflow.

CVE-2023-51714 https://www.qt.io/blog/security-advisory-potential-integer-overflow-in-qts-http2-implementation 2023-12-14 2024-01-07
mantis -- multiple vulnerabilities mantis-php74 mantis-php80 mantis-php81 mantis-php82 mantis-php83 2.25.8,1

Mantis 2.25.8 release reports:

Security and maintenance release

  • 0032432: Update guzzlehttp/psr7 to 1.9.1 (CVE-2023-29197)
  • 0032981: Information Leakage on DokuWiki Integration (CVE-2023-44394)
CVE-2023-29197 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29197 CVE-2023-44394 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44394 2023-10-14 2024-01-06
chromium -- multiple security fixes chromium 120.0.6099.199 ungoogled-chromium 120.0.6099.199

Chrome Releases reports:

This update includes 6 security fixes:

  • [1501798] High CVE-2024-0222: Use after free in ANGLE. Reported by Toan (suto) Pham of Qrious Secure on 2023-11-13
  • [1505009] High CVE-2024-0223: Heap buffer overflow in ANGLE. Reported by Toan (suto) Pham and Tri Dang of Qrious Secure on 2023-11-24
  • [1505086] High CVE-2024-0224: Use after free in WebAudio. Reported by Huang Xilin of Ant Group Light-Year Security Lab on 2023-11-25
  • [1506923] High CVE-2024-0225: Use after free in WebGPU. Reported by Anonymous on 2023-12-01
CVE-2024-0222 CVE-2024-0223 CVE-2024-0224 CVE-2024-0225 https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html 2024-01-03 2024-01-04
electron27 -- multiple vulnerabilities electron27 27.2.1

Electron developers report:

This update fixes the following vulnerabilities:

  • Security: backported fix for CVE-2023-6706.
  • Security: backported fix for CVE-2023-6705.
  • Security: backported fix for CVE-2023-6703.
  • Security: backported fix for CVE-2023-6702.
  • Security: backported fix for CVE-2023-6704.
CVE-2023-6706 https://github.com/advisories/GHSA-jqrg-rvpw-5fw5 CVE-2023-6705 https://github.com/advisories/GHSA-h27f-fw5q-c2gh CVE-2023-6703 https://github.com/advisories/GHSA-9v72-359m-2vx4 CVE-2023-6702 https://github.com/advisories/GHSA-7hjc-c62g-4w73 CVE-2023-6704 https://github.com/advisories/GHSA-587x-fmc5-99p9 2024-01-04 2024-01-04
electron26 -- multiple vulnerabilities electron26 26.6.4

Electron developers report:

This update fixes the following vulnerabilities:

  • Security: backported fix for CVE-2023-6704.
  • Security: backported fix for CVE-2023-6705.
  • Security: backported fix for CVE-2023-6703.
  • Security: backported fix for CVE-2023-6702.
CVE-2023-6704 https://github.com/advisories/GHSA-587x-fmc5-99p9 CVE-2023-6705 https://github.com/advisories/GHSA-h27f-fw5q-c2gh CVE-2023-6703 https://github.com/advisories/GHSA-9v72-359m-2vx4 CVE-2023-6702 https://github.com/advisories/GHSA-7hjc-c62g-4w73 2024-01-04 2024-01-04
FreeBSD -- Prefix Truncation Attack in the SSH protocol FreeBSD 14.014.0_4 13.213.2_9

Problem Description:

The SSH protocol executes an initial handshake between the server and the client. This protocol handshake includes the possibility of several extensions allowing different options to be selected. Validation of the packets in the handshake is done through sequence numbers.

Impact:

A man in the middle attacker can silently manipulate handshake messages to truncate extension negotiation messages potentially leading to less secure client authentication algorithms or deactivating keystroke timing attack countermeasures.

CVE-2023-48795 SA-23:19.openssh 2023-12-19 2024-01-02
gitea -- Prevent anonymous container access gitea 1.21.5

Problem Description:

Even with RequireSignInView enabled, anonymous users can use docker pull to fetch public images.

https://blog.gitea.com/release-of-1.21.5/ 2024-01-24 2024-02-15