Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update module github.com/zmap/zlint/v3 to v3.6.1 #11

Merged
merged 1 commit into from
Feb 18, 2024
Merged

chore(deps): update module github.com/zmap/zlint/v3 to v3.6.1 #11

merged 1 commit into from
Feb 18, 2024

Conversation

renovate-bot
Copy link
Contributor

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
github.com/zmap/zlint/v3 v3.5.0 -> v3.6.1 age adoption passing confidence

Release Notes

zmap/zlint (github.com/zmap/zlint/v3)

v3.6.1

Compare Source

ZLint v3.6.1

The ZMap team is happy to share ZLint v3.6.1.

Thank you to everyone who contributes to ZLint!

Bug Fixes

  • Corrected an issue in e_single_email_if_present wherein certificates with multiple email fields were rejected rather than rejecting certificates with email fields which themselves contained multiple address.

Changelog

  • 82d733e Fix a bug in the check for 7.1.4.2.h - single email address in subject:emailAddress (#​792)
  • 5501b4f util: gtld_map autopull updates for 2024-01-22T23:19:16 UTC (#​789)
  • ddd1a81 Update copyright notices to 2024 (#​787)
  • 8a61dfa Refactor and improve the new lint creation bash script (#​786)

Full Changelog:zmap/zlint@v3.6.0...v3.6.1

v3.6.0

Compare Source

ZLint v3.6.0

The ZMap team is happy to share ZLint v3.6.0.

Thank you to everyone who contributes to ZLint!

Breaking Changes:

No breaking changes were made in this release.

Deprecation Warning:

This is primarily a deprecation warning for the library usages of ZLint.

The lint.Lint has been deprecated in favor of the categorical interfaces - CertificateLint and RevocationListLint.

It is advised to refrain from implementing news lints that target the lint.Lint interface as this interface will be removed entirely in a future release.

When implementing a lint for a x509 certificate, library usages should favor implementing the CertificateLint interface. Similarly, when implementing a lint for a CRL, the RevocationListLint interface should be used.

Security Patches

A patch was applied to the test certificate generation script which addresses CVE-2023-48795 (Severity Score: 5.9). This script never went online and as such never triggered the vulnerability.

Bug Fixes

  • Corrected an issue in e_registration_scheme_id_matches_subject_country wherein LEI and INT certificates were being incorrectly checked.

New Lints:

Work has begun on the implementation of CABF/BR SMIME lints. For a complete list of lints being tracked please see https://github.com/zmap/zlint/issues/712

  • SMIME certificates SHALL have cRLDistributionPoints (7.1.2.3.b)
  • Strict and Multipurpose SMIME certificate AIA fields: OCSP Responder "When provided, every accessMethod SHALL have the URI scheme HTTP." (7.1.2.3.c.1)
  • Strict and Multipurpose SMIME certificate AIA fields: caIssuers "When provided, every accessMethod SHALL have the URI scheme HTTP." (7.1.2.3.c.1)
  • Key usage, RSA certs, strict policies: prevent all key usages other than digitalSignature, nonRepudiation, keyEncipherment (7.1.2.3.e)
  • Key usage, RSA certs, multipurpose/legacy policies: prevent all key usages other than digitalSignature, nonRepudiation, keyEncipherment and dataEncipherment (7.1.2.3.e)
  • Key usage, EC certs, all: prevent all key usages other than digitalSignature, nonRepudiation, keyAgreement, encipherOnly, decipherOnly (7.1.2.3.e)
  • Key usage, EC certs, all: encipherOnly/decipherOnly are permitted only when keyAgreement is set (7.1.2.3.e)
  • Key usage, Edwards certs, keys defined on curve 25519: Bit positions SHALL be set for digitalSignature and MAY be set for nonRepudiation (7.1.2.3.e)
  • Extended key usage, strict: emailProtection SHALL be present. Other values SHALL NOT BE PRESENT (7.1.2.3.f)
  • Extended key usage, multipurpose/legacy: emailProtection SHALL be present. Other values MAY be present (7.1.2.3.f)
  • subjectAlternativeName, all: SHALL be present (7.1.2.3.h)
  • subjectAlternativeName, all: SHOULD NOT be marked critical unless subject field is empty (7.1.2.3.h)
  • Adobe Extensions, strict: is Prohibited (7.1.2.3.m)
  • subject:emailAddress, all: if present, the subject:emailAddress SHALL contain a single Mailbox Address. (7.1.4.2.2.h)
  • subject DN attributes for mailbox-validated profile (7.1.4.2.3)

Changelog

  • be8dd6a Limit e_registration_scheme_id_matches_subject_country to no longer apply to LEI or INT organizationIdentifiers (#​781)
  • dfb985b build(deps): bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /v3 (#​784)
  • 832a1ea build(deps): bump golang.org/x/crypto in /v3/cmd/genTestCerts (#​785)
  • d4e2de0 Fix goreleaser deprecation (#​783)
  • f830602 Added IsSMIMEBRCertificate in checkApplies where missing (#​780)
  • c1aacb0 golangci-lint update and fixes (#​782)
  • f90a51e util: gtld_map autopull updates for 2023-12-16T12:21:31 UTC (#​778)
  • 45de880 refactor of SMIME aia contains (#​777)
  • bc2c0fd CABF SMIME BR Appendix A.1 - countryName matches registration scheme id (#​768)
  • 7f6ef92 Metalint for checking against the deprecaetd lint.RegisterLint function (#​775)
  • ebf2071 util: gtld_map autopull updates for 2023-11-27T16:20:42 UTC (#​773)
  • c35c9b9 Policy Qualifiers other than id-qt-cps are no longer allowed as per CABF BRs (#​774)
  • 1bb58f0 Updating certificate lint template to use the new certificate specific interface (#​772)
  • 96a4799 util: gtld_map autopull updates for 2023-11-17T20:19:40 UTC (#​771)
  • a08efa8 CABF SMIME BR 7.1.2.3.m - Adobe Extensions (#​763)
  • 45e6204 Convert all Lints to CertificateLints (#​767)
  • 43b6954 address smime lint applicability issue. regenerate test certificates to fix unit tests broken by change (#​764)
  • e8c0c24 util: gtld_map autopull updates for 2023-11-06T23:18:29 UTC (#​756)
  • 64533b5 Ensure AIA URLs point to public paths (#​760)
  • 8923170 CABF SMIME BR 7.1.2.3.e - KeyUsages (#​757)
  • f9f30bc Fixing lint registration for CABF SMIME (#​761)
  • 1c307f4 Lints for CABF SMIME BRs 7.1.2.3.f - EKUs (#​747)
  • 553276d util: gtld_map autopull updates for 2023-10-19T17:18:28 UTC (#​755)
  • 2f54486 CABF SMIME 7.1.4.2.h If present, the subject:emailAddress SHALL contain a single Mailbox Address (#​752)
  • 2f0f4b8 build(deps): bump golang.org/x/net in /v3/cmd/genTestCerts (#​751)
  • 378c09f build(deps): bump golang.org/x/net from 0.8.0 to 0.17.0 in /v3 (#​750)
  • 88e01ad Lint for CABF SMIME 7.1.2.3.h - subjectAlternativeName SHOULD NOT be marked critical unless the subject field is an empty sequence (#​746)
  • 08a9354 Lint for CABF SMIME 7.1.2.3.h - subjectAlternativeName, all: SHALL be present (7.1.2.3.h) (#​744)
  • 386a8dc Lint for CABF SMIME 7.1.2.3b - cRLDistributionPoints SHALL be present (#​742)
  • 48baa89 Permit underscores in DNSNames if-and-only-if replacing all underscores results in valid LDH labels during BR 1.6.2's permissibility period (#​661)
  • ba30b3b Permit underscores in DNSNames if-and-only-if those certificates are valid for less than 30 days and during BR 1.6.2's permissibility period (#​660)
  • 1fd1c0d Part 1 of SC-62 related updates to zlint (#​739)
  • 5c4e05f util: gtld_map autopull updates for 2023-08-27T22:18:12 UTC (#​737)
  • 71d5e4b Reintroduce lint for inconsistent KU and EKU (#​708)
  • 59d4dd3 Inclusion of approximately 190000 email protection certificates into the test corpus (#​738)
  • d959c83 Add lint enforcing the restrictions on subject DN fields for mailbox validated SMIME certificates (#​713)
  • 624744d Include LintMetadata in the LintResult (#​729)
  • 38b7484 Add CRL Lints for the ReasonCode extension from the baseline requirements and RFC 5280 (#​715)
  • 1e3cf01 util: gtld_map autopull updates for 2023-07-25T22:18:37 UTC (#​736)
  • b492fe7 tidy: delete 'h' gitlog fragment from proj. root. (#​735)
  • 4d38bfe E ext cert policy disallowed any policy qualifier refactor (#​732)
  • 7602109 util: gtld_map autopull updates for 2023-07-08T13:20:31 UTC (#​733)
  • 40f2b32 Duplicate lints about keyIdentifier in certificates (#​726)
  • 3f1605e Ecdsa ee invalid ku check applies (#​731)
  • 8c46bdf Fix typo in LintRevocationListEx comment (#​730)
  • 7ef1f84 util: gtld_map autopull updates for 2023-06-14T22:18:50 UTC (#​727)
  • 5e0219d Bc critical (#​722)
  • 3746088 util: gtld_map autopull updates for 2023-06-06T18:20:14 UTC (#​698)
  • 9b18bdc Ca field empty description (#​723)
  • 59a91a2 Max length check applies (#​724)

Full Changelog:zmap/zlint@v3.5.0...v3.6.0

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@gitworkflows gitworkflows merged commit 9543392 into khulnasoft-lab:master Feb 18, 2024
5 of 7 checks passed
@renovate-bot renovate-bot deleted the renovate/github.com-zmap-zlint-v3-3.x branch March 12, 2024 12:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@renovate-bot @gitworkflows