Celebrating our 2023 open-source contributions

At Trail of Bits, we pride ourselves on making our best tools open source, such as Slither, PolyTracker, and RPC Investigator. But while this post is about open source, it’s not about our tools…

In 2023, our employees submitted over 450 pull requests (PRs) that were merged into non-Trail of Bits repositories. This demonstrates our commitment to securing the software ecosystem as a whole and to improving software quality for everyone. A representative list of contributions appears at the end of this post, but here are some highlights:

Sigstore-conformance, a vital component of our Sigstore initiative in open-source engineering, functions as an integration test suite for diverse Sigstore client implementations. Ensuring conformity to the Sigstore client testing suite, it rigorously evaluates overall client behavior, addressing critical scenarios and aligning with ongoing efforts to establish an official Sigstore client specification. This workflow-focused testing suite seamlessly integrates into workflows with minimal configuration, offering comprehensive testing for Sigstore clients.
Protobuf-specs is another initiative in our open-source engineering. It is a collaborative repository for standardized data models and protocols across various Sigstore clients andhouses specifications for Sigstore messages. To update protobuf definitions, use Docker to generate protobuf stubs by running $ make all, resulting in Go and Python files under the ‘gen/’ directory.
pyOpenSSL stands as the predominant Python library for integrating OpenSSL functionality. Over approximately the past nine months, we have been actively involved in cleanup and maintenance tasks on pyOpenSSL as part of our contract with the STF. pyOpenSSL serves as a thin wrapper around a subset of the OpenSSL library, where many object methods simply invoke corresponding functions in the OpenSSL library.
Osquery is an SQL-powered framework for operating system instrumentation, monitoring, and analytics. We made numerous contributions to osquery, most notably adding process event monitoring for macOS based on the new Endpoint Security API; completely overhauling the project’s code-signing, packaging, and CI; and, last but not least, adding native support for Apple Silicon, the ARM-based architecture that Apple began transitioning to in 2022.
Homebrew-core serves as the central repository for the default Homebrew tap, encompassing a collection of software packages and associated formulas for seamless installations. Once you’ve configured Homebrew on your Mac or Linux system, you gain the ability to execute “brew install” commands for software available in this repository. Emilio Lopez, an application security engineer, actively contributed to this repository by submitting several pull requests and introducing new formulas or updating existing ones. Emilio’s focus has predominantly been on tools developed by ToB, such as crytic-compile, solc-select, Caracal, and others. Consequently, individuals can effortlessly install these tools with a straightforward “brew install” command, streamlining the installation process.
Ghidra, a National Security Agency Research Directorate creation, is a powerful software reverse engineering (SRE) framework. It offers advanced tools for code analysis on Windows, macOS, and Linux, including disassembly, decompilation, and scripting. Supporting various processor instruction sets, Ghidra serves as a customizable SRE research platform, aiding in the analysis of malicious code for cybersecurity purposes. We fixed numerous bugs to enhance its functionality, particularly in support of our work on DARPA’s AMP (Assured Micropatching) program.

We would like to acknowledge that submitting a PR is only a tiny part of the open-source experience. Someone has to review the PR. Someone has to maintain the code after the PR is merged. And submitters of earlier PRs have to write tests to ensure the functionality of their code is preserved.

We contribute to these projects in part because we love the craft, but also because we find these projects useful. For this, we offer the open-source community our most sincere thanks and wish everyone a happy, safe, and productive 2024!

Some of Trail of Bits’ 2023 open-source contributions

AI/ML

Repo: run-llama/llama_index
- Name: llms/openai: fix Azure OpenAI streaming
- #7677 ret2libc: https://github.com/run-llama/llama_index/pull/7677
Repo: run-llama/llama_index
- Name: llms/openai: fix Azure OpenAI by considering prompt_filter_results field
- #7755 ret2libc: https://github.com/run-llama/llama_index/pull/7755

Cryptography

Repo: 0xPARC/zk-bug-tracker
- Name: Updated mitigation in section on arithmetic overflows
- #10 fegge: https://github.com/0xPARC/zk-bug-tracker/pull/10
Repo: mlswg/mls-architecture
- Name: Change rathr -> rather
- #203 tjade273: https://github.com/mlswg/mls-architecture/pull/203
Repo: yi-sun/circom-pairing
- Name: Get all tests passing
- #23 tjade273: https://github.com/yi-sun/circom-pairing/pull/23
Repo: yi-sun/circom-pairing
- Name: Fix EllipticCurveAdd formula when computing (P – P) – P
- #22 tjade273: https://github.com/yi-sun/circom-pairing/pull/22
Repo: pyca/cryptography
- Name: rust: add crate skeleton for X.509 path validation
- #8873 woodruffw: https://github.com/pyca/cryptography/pull/8873
Repo: pyca/cryptography
- Name: verification: add missing max_chain_depth kwargs
- #9847 woodruffw: https://github.com/pyca/cryptography/pull/9847
Repo: pyca/cryptography
- Name: extensions: add Extensions::iter
- #9081 woodruffw: https://github.com/pyca/cryptography/pull/9081
Repo: alex/rust-asn1
- Name: bump version to 0.15.4
- #403 woodruffw: https://github.com/alex/rust-asn1/pull/403
Repo: alex/rust-asn1
- - Name: types: asn1::DateTime: PartialOrd
- #402 woodruffw: https://github.com/alex/rust-asn1/pull/402
Repo: pyca/cryptography
- Name: x509: Eq and Hash derives
- #9076 woodruffw: https://github.com/pyca/cryptography/pull/9076
Repo: alex/rust-asn1
- Name: bump version to 0.15.3
- #401 woodruffw: https://github.com/alex/rust-asn1/pull/401
Repo: pyca/cryptography
- Name: x509/common: make SPKI algorithm public
- #9061 woodruffw: https://github.com/pyca/cryptography/pull/9061
Repo: alex/rust-asn1
- Name: types: document domains for DateTime fields
- #399 woodruffw: https://github.com/alex/rust-asn1/pull/399
Repo: pyca/cryptography
- Name: Add support for ChaCha20 in LibreSSL
- #9758 facutuesca: https://github.com/pyca/cryptography/pull/9758
Repo: pyca/cryptography
- Name: Add support for ChaCha20 with BoringSSL
- #9762 facutuesca: https://github.com/pyca/cryptography/pull/9762
Repo: pyca/cryptography
- Name: Add support for ChaCha20 with LibreSSL
- #9209 facutuesca: https://github.com/pyca/cryptography/pull/9209
Repo: pyca/cryptography
- Name: Add test vectors for ChaCha20 counter overflow
- #9221 facutuesca: https://github.com/pyca/cryptography/pull/9221
Repo: pyca/cryptography
- Name: Add poly1305 implementation for BoringSSL and LibreSSL
- #9392 facutuesca: https://github.com/pyca/cryptography/pull/9392
Repo: sfackler/rust-openssl
- Name: Expose Poly1305 bindings on libressl and boringssl
- #1998 facutuesca: https://github.com/sfackler/rust-openssl/pull/1998
Repo: pyca/cryptography
- Name: Fixes for ChaCha20 documentation
- #9192 facutuesca: https://github.com/pyca/cryptography/pull/9192
Repo: pyca/cryptography
- Name: Add support for ChaCha20-Poly1305 with BoringSSL
- #8946 facutuesca: https://github.com/pyca/cryptography/pull/8946
Repo: pyca/cryptography
- Name: certificate: add a get_extension helper
- #8892 woodruffw: https://github.com/pyca/cryptography/pull/8892
Repo: alex/rust-asn1
- Name: types: add blanket Eqs for SequenceOf and SetOf
- #400 woodruffw: https://github.com/alex/rust-asn1/pull/400
Repo: pyca/cryptography
- Name: CHANGELOG: record ChaCha20Poly1305 changes
- #8955 woodruffw: https://github.com/pyca/cryptography/pull/8955
Repo: pyca/cryptography
- Name: validation: remove unused From impls
- #9891 woodruffw: https://github.com/pyca/cryptography/pull/9891
Repo: pyca/cryptography
- Name: validation: flatten error types
- #9890 woodruffw: https://github.com/pyca/cryptography/pull/9890
Repo: alex/rust-asn1
- Name: types: add BigInt::is_negative API
- #425 woodruffw: https://github.com/alex/rust-asn1/pull/425
Repo: pyca/cryptography
- Name: Fix transposed doc, simplify type in trust store test
- #9874 woodruffw: https://github.com/pyca/cryptography/pull/9874
Repo: pyca/cryptography
- Name: verification: add VerificationError, doc APIs
- #9873 woodruffw: https://github.com/pyca/cryptography/pull/9873
Repo: pyca/cryptography
- Name: validation/policy: breakout test changes
- #9872 woodruffw: https://github.com/pyca/cryptography/pull/9872
Repo: pyca/cryptography
- Name: tests, ci: plumb x509-limbo-root
- #9871 woodruffw: https://github.com/pyca/cryptography/pull/9871
Repo: pyca/cryptography
- Name: validation/policy: remove old critical ext check logic
- #9855 woodruffw: https://github.com/pyca/cryptography/pull/9855
Repo: pyca/cryptography
- Name: actions: generalize the wycheproof fetch action
- #9848 woodruffw: https://github.com/pyca/cryptography/pull/9848
Repo: pyca/cryptography
- Name: validation: subject is non-optional
- #9846 woodruffw: https://github.com/pyca/cryptography/pull/9846
Repo: pyca/cryptography
- Name: src, tests: add max_chain_depth to validation API
- #9844 woodruffw: https://github.com/pyca/cryptography/pull/9844
Repo: pyca/cryptography
- Name: x509/validation: make algo sets non-optional
- #9821 woodruffw: https://github.com/pyca/cryptography/pull/9821
Repo: pyca/cryptography
- Name: Add top-level ServerVerifier.verify API
- #9805 woodruffw: https://github.com/pyca/cryptography/pull/9805
Repo: pyca/cryptography
- Name: validation: add permitted_public_key_algorithms
- #9801 woodruffw: https://github.com/pyca/cryptography/pull/9801
Repo: pyca/cryptography
- Name: X.509: Add WebPKI SPKI AlgorithmIdentifiers
- #9800 woodruffw: https://github.com/pyca/cryptography/pull/9800
Repo: pyca/cryptography
- Name: validation: add Rust-side extension validation helpers
- #9781 tetsuo-cpp: https://github.com/pyca/cryptography/pull/9781
Repo: pyca/cryptography
- Name: validation: add Rust-side certificate validation helpers
- #9757 tetsuo-cpp: https://github.com/pyca/cryptography/pull/9757
Repo: pyca/cryptography
- Name: x509: construct IPAddress and IPRange types
- #9346 tnytown: https://github.com/pyca/cryptography/pull/9346
Repo: pyca/cryptography
- Name: validation/ops: make public_key return Option
- #9356 woodruffw: https://github.com/pyca/cryptography/pull/9356
Repo: pyca/cryptography
- Name: noxfile, docs: fix posargs handling
- #9354 woodruffw: https://github.com/pyca/cryptography/pull/9354
Repo: pyca/cryptography
- Name: Migrate more types
- #9254 woodruffw: https://github.com/pyca/cryptography/pull/9254
Repo: pyca/cryptography
- Name: name: devolve NameReadable variant
- #9282 woodruffw: https://github.com/pyca/cryptography/pull/9282
Repo: pyca/cryptography
- Name: extensions: explicit lifetimes
- #9225 woodruffw: https://github.com/pyca/cryptography/pull/9225
Repo: pyca/cryptography
- Name: x509: more extension APIs
- #9213 woodruffw: https://github.com/pyca/cryptography/pull/9213
Repo: pyca/cryptography
- Name: oid: add more extension, EKU OIDs
- #9212 woodruffw: https://github.com/pyca/cryptography/pull/9212
Repo: pyca/cryptography
- Name: Certificate: useful APIs
- #9300 woodruffw: https://github.com/pyca/cryptography/pull/9300
Repo: pyca/cryptography
- Name: validation: profile trait, error types
- #9299 woodruffw: https://github.com/pyca/cryptography/pull/9299
Repo: pyca/cryptography
- Name: rust: update lockfile
- #9298 woodruffw: https://github.com/pyca/cryptography/pull/9298
Repo: pyca/cryptography
- Name: validation: add CryptoOps trait
- #9297 woodruffw: https://github.com/pyca/cryptography/pull/9297
Repo: pyca/cryptography
- Name: rust: add PyCryptoOps, test
- #9355 woodruffw: https://github.com/pyca/cryptography/pull/9355
Repo: pyca/cryptography
- Name: Path validation: builder/verifier API skeletons
- #9405 woodruffw: https://github.com/pyca/cryptography/pull/9405
Repo: pyca/cryptography
- Name: validation: add Rust-side trust store APIs
- #9744 woodruffw: https://github.com/pyca/cryptography/pull/9744
Repo: pyca/cryptography
- Name: validation/types: add DNSConstraint, rename IPConstraint
- #9700 woodruffw: https://github.com/pyca/cryptography/pull/9700
Repo: pyca/cryptography
- Name: x509/policy: add WebPKI permitted algorithms
- #9548 woodruffw: https://github.com/pyca/cryptography/pull/9548
Repo: pyca/cryptography
- Name: verification: fill in policy API internals
- #9642 woodruffw: https://github.com/pyca/cryptography/pull/9642
Repo: pyca/cryptography
- Name: validation/policy: general name matching
- #9659 woodruffw: https://github.com/pyca/cryptography/pull/9659
Repo: pyca/cryptography
- Name: certificate: increase lifetime precisions
- #9651 woodruffw: https://github.com/pyca/cryptography/pull/9651
Repo: pyca/cryptography
- Name: extensions: drop unnecessary self lifetime bound
- #9650 woodruffw: https://github.com/pyca/cryptography/pull/9650
Repo: pyca/cryptography
- Name: validation/ops: add test-only NullOps
- #9608 woodruffw: https://github.com/pyca/cryptography/pull/9608
Repo: pyca/cryptography
- Name: verification: add PolicyBuilder API
- #9601 woodruffw: https://github.com/pyca/cryptography/pull/9601
Repo: pyca/cryptography
- Name: ops: use Result<..., Self::Err> for returns
- #9599 woodruffw: https://github.com/pyca/cryptography/pull/9599
Repo: pyca/cryptography
- Name: docs: add Store docs
- #9416 woodruffw: https://github.com/pyca/cryptography/pull/9416
Repo: pyca/cryptography
- Name: x509: add Store API
- #9411 woodruffw: https://github.com/pyca/cryptography/pull/9411
Repo: pyca/cryptography
- Name: common: add more RSA-PSS algorithm id definitions
- #9412 woodruffw: https://github.com/pyca/cryptography/pull/9412
Repo: pyca/cryptography
- Name: rust: add PyCryptoOps
- #9606 woodruffw: https://github.com/pyca/cryptography/pull/9606
Repo: pyca/cryptography
- Name: Add support for AES-GCM-SIV using OpenSSL>=3.2.0
- #9843 facutuesca: https://github.com/pyca/cryptography/pull/9843
Repo: pyca/cryptography
- Name: Add test vectors for AES-GCM-SIV
- #9930 facutuesca: https://github.com/pyca/cryptography/pull/9930
Repo: pyca/cryptography
- Name: validation/policy: rename var
- #9917 woodruffw: https://github.com/pyca/cryptography/pull/9917
Repo: pyca/pyopenssl
- Name: Add support for cryptography CRLs to X509Store
- #1252 facutuesca: https://github.com/pyca/pyopenssl/pull/1252
Repo: pyca/pyopenssl
- Name: Remove use of BN_set_word
- #1253 facutuesca: https://github.com/pyca/pyopenssl/pull/1253
Repo: pyca/pyopenssl
- Name: Deprecate X509Extension
- #1255 facutuesca: https://github.com/pyca/pyopenssl/pull/1255
Repo: pyca/pyopenssl
- Name: Migrate .readthedocs.yml to use build.os
- #1258 facutuesca: https://github.com/pyca/pyopenssl/pull/1258
Repo: pyca/cryptography
- Name: Deprecate naive datetime x509 APIs
- #9667 facutuesca: https://github.com/pyca/cryptography/pull/9667
Repo: pyca/cryptography
- Name: Add timezone-aware API variants for x509
- #9661 facutuesca: https://github.com/pyca/cryptography/pull/9661
Repo: pyca/pyopenssl
- Name: Add support for Python 3.12
- #1245 hugovk: https://github.com/pyca/pyopenssl/pull/1245
Repo: pyca/pyopenssl
- Name: Add support for Python 3.12
- #1254 facutuesca: https://github.com/pyca/pyopenssl/pull/1254
Repo: pyca/pyopenssl
- Name: Increase cryptography minimum in tox.ini
- #1257 facutuesca: https://github.com/pyca/pyopenssl/pull/1257
Repo: pyca/pyopenssl
- Name: Deprecate CRL APIs
- #1251 facutuesca: https://github.com/pyca/pyopenssl/pull/1251
Repo: pyca/cryptography
- Name: x509/sct: replace another utcfromtimestamp call
- #9589 woodruffw: https://github.com/pyca/cryptography/pull/9589
Repo: pyca/pyopenssl
- Name: Fix failing test when running offline
- #1261 facutuesca: https://github.com/pyca/pyopenssl/pull/1261
Repo: sfackler/rust-openssl
- Name: Add two methods to the PKCS7 API
- #2111 facutuesca: https://github.com/sfackler/rust-openssl/pull/2111
Repo: pyca/pyopenssl
- Name: Put mypy, coverage.py, pytest in pyproject
- #1273 woodruffw: https://github.com/pyca/pyopenssl/pull/1273

Languages and compilers

Repo: rust-lang/rust
- Name: Fix typo in universal_regions.rs comment
- #107195 smoelius: https://github.com/rust-lang/rust/pull/107195
Repo: rust-lang/rust
- Name: docs: clarify explicitly freeing heap allocated memory
- #117563 0xalpharush: https://github.com/rust-lang/rust/pull/117563
Repo: llvm/llvm-project
- Name: [NFC] Remove outdated comment
- #72591 AdvenamTacet: https://github.com/llvm/llvm-project/pull/72591
Repo: llvm/llvm-project
- Name: [libc++][ASan] Removing clang version checks
- #71673 AdvenamTacet: https://github.com/llvm/llvm-project/pull/71673
Repo: llvm/llvm-project
- Name: Add std::basic_string test cases
- #74830 AdvenamTacet: https://github.com/llvm/llvm-project/pull/74830
Repo: llvm/llvm-project
- Name: [ASan][libc++] Refactor of ASan annotation functions
- #74023 AdvenamTacet: https://github.com/llvm/llvm-project/pull/74023
Repo: llvm/llvm-project
- Name: [ASan][libc++] std::basic_string annotations
- #72677 AdvenamTacet: https://github.com/llvm/llvm-project/pull/72677

Libraries

Repo: console-rs/indicatif
- Name: Fix attempt to subtract with overflow (#582)
- #586 smoelius: https://github.com/console-rs/indicatif/pull/586
Repo: dtolnay/syn
- Name: Qualify compile_error!
- #1431 smoelius: https://github.com/dtolnay/syn/pull/1431
Repo: matklad/xshell
- Name: Emit more informative error message when cwd does not exist
- #73 smoelius: https://github.com/matklad/xshell/pull/73
Repo: rust-num/num-bigint
- Name: Release 0.4.4
- #280 cuviper: https://github.com/rust-num/num-bigint/pull/280
Repo: Peternator7/strum
- Name: Handle rustoc comments in #[derive(FromRepr)]
- #276 smoelius: https://github.com/Peternator7/strum/pull/276
Repo: pyrossh/rust-embed
- Name: Upgrade to syn 2.0
- #211 smoelius: https://github.com/pyrossh/rust-embed/pull/211
Repo: TedDriggs/darling
- Name: Update README.md
- #232 smoelius: https://github.com/TedDriggs/darling/pull/232
Repo: tree-sitter/tree-sitter
- Name: Partially revert d4d5e29
- #2278 smoelius: https://github.com/tree-sitter/tree-sitter/pull/2278
Repo: tree-sitter/tree-sitter
- Name: Fix OOB in Query::new
- #2280 smoelius: https://github.com/tree-sitter/tree-sitter/pull/2280
Repo: tree-sitter/tree-sitter
- Name: Handle edge cases involving consecutive “zero or” modifiers
- #2281 smoelius: https://github.com/tree-sitter/tree-sitter/pull/2281
Repo: XAMPPRocky/octocrab
- Name: Add follow-redirect feature
- #469 smoelius: https://github.com/XAMPPRocky/octocrab/pull/469

Tech infrastructure

Repo: wasmerio/wasmer
- Name: fix: prevent potential UB by deriving repr C for union
- #4296 0xalpharush: https://github.com/wasmerio/wasmer/pull/4296
Repo: rust-or/good_lp
- Name: deps: fix minimal fnv version
- #24 0xalpharush: https://github.com/rust-or/good_lp/pull/24
Repo: haskell/network
- Name: Install and use afunix_compat.h header
- #556 elopez: https://github.com/haskell/network/pull/556
Repo: haskell-actions/setup
- Name: Install the correct ghcup binary on aarch64
- #47 elopez: https://github.com/haskell-actions/setup/pull/47
Repo: curl/curl-fuzzer
- Name: scripts: fix ssl builds on x86_64
- #80 elopez: https://github.com/curl/curl-fuzzer/pull/80
Repo: Homebrew/homebrew-core
- Name: caracal 0.2.2 (new formula)
- #145966 elopez: https://github.com/Homebrew/homebrew-core/pull/145966
Repo: Homebrew/homebrew-core
- Name: crytic-compile 0.3.1, slither 0.9.3
- #126164 elopez: https://github.com/Homebrew/homebrew-core/pull/126164
Repo: Homebrew/homebrew-core
- Name: crytic-compile 0.3.5
- #151684 elopez: https://github.com/Homebrew/homebrew-core/pull/151684
Repo: Homebrew/homebrew-core
- Name: echidna 2.0.5
- #121092 elopez: https://github.com/Homebrew/homebrew-core/pull/121092
Repo: Homebrew/homebrew-core
- Name: echidna 2.1.0
- #125331 elopez: https://github.com/Homebrew/homebrew-core/pull/125331
Repo: Homebrew/homebrew-core
- Name: echidna 2.1.1
- #128647 elopez: https://github.com/Homebrew/homebrew-core/pull/128647
Repo: Homebrew/homebrew-core
- Name: echidna 2.2.0
- #131575 elopez: https://github.com/Homebrew/homebrew-core/pull/131575
Repo: Homebrew/homebrew-core
- Name: echidna: update test
- #131509 elopez: https://github.com/Homebrew/homebrew-core/pull/131509
Repo: Homebrew/homebrew-core
- Name: haskell-stack: rebuild with GHC 9.2.7
- #125010 elopez: https://github.com/Homebrew/homebrew-core/pull/125010
Repo: Homebrew/homebrew-core
- Name: medusa 0.1.1 (new formula)
- #139078 elopez: https://github.com/Homebrew/homebrew-core/pull/139078
Repo: Homebrew/homebrew-core
- Name: medusa 0.1.2
- #140307 elopez: https://github.com/Homebrew/homebrew-core/pull/140307
Repo: Homebrew/homebrew-core
- Name: secp256k1: enable module recovery
- #121096 elopez: https://github.com/Homebrew/homebrew-core/pull/121096
Repo: Homebrew/homebrew-core
- Name: slither-analyzer 0.9.2, crytic-compile 0.2.4, migrate to [email protected]
- #120361 elopez: https://github.com/Homebrew/homebrew-core/pull/120361
Repo: Homebrew/homebrew-core
- Name: slither-analyzer 0.9.5
- #135057 elopez: https://github.com/Homebrew/homebrew-core/pull/135057
Repo: Homebrew/homebrew-core
- Name: solc-select, crytic-compile, slither-analyzer, echidna: improve testing on ARM
- #127681 elopez: https://github.com/Homebrew/homebrew-core/pull/127681
Repo: Homebrew/brew
- Name: extend/ENV/super: correct deparallelize signature
- #15726 elopez: https://github.com/Homebrew/brew/pull/15726
Repo: osquery/osquery
- Name: cve: Update openssl to 3.2.0
- #8212 Smjert: https://github.com/osquery/osquery/pull/8212
Repo: osquery/osquery
- Name: tests: Enable client certificate verification in the TLS tests
- #8211 Smjert: https://github.com/osquery/osquery/pull/8211
Repo: osquery/osquery
- Name: ci: Fix Linux build
- #8208 Smjert: https://github.com/osquery/osquery/pull/8208
Repo: osquery/osquery
- Name: ci: Update nvdlib to use the latest NVD APIs
- #8207 Smjert: https://github.com/osquery/osquery/pull/8207
Repo: osquery/osquery
- Name: build: Temporary workaround to build with XCode 15
- #8197 Smjert: https://github.com/osquery/osquery/pull/8197
Repo: osquery/osquery
- Name: process_open_sockets: Mark pid column as additional instead of index
- #8191 Smjert: https://github.com/osquery/osquery/pull/8191
Repo: osquery/osquery
- Name: docs: Correct link to a PR in the 4.7.0 changelog
- #8186 Smjert: https://github.com/osquery/osquery/pull/8186
Repo: osquery/osquery
- Name: ci: Correct job order
- #8185 Smjert: https://github.com/osquery/osquery/pull/8185
Repo: osquery/osquery
- Name: docs: Call out in the CHANGELOG the format changes of the status logs decorations
- #8174 Smjert: https://github.com/osquery/osquery/pull/8174
Repo: osquery/osquery
- Name: docs: Remove some duplicated lines from 5.8.1 changelog
- #8172 Smjert: https://github.com/osquery/osquery/pull/8172
Repo: osquery/osquery
- Name: cve: Update expat to version 2.5.0
- #8159 Smjert: https://github.com/osquery/osquery/pull/8159
Repo: osquery/osquery
- Name: cve: Fix the expat product name in the libraries manifest
- #8158 Smjert: https://github.com/osquery/osquery/pull/8158
Repo: osquery/osquery
- Name: ci: Fix DistributedTests.test_run_queries_with_denylisted_query test
- #8154 Smjert: https://github.com/osquery/osquery/pull/8154
Repo: osquery/osquery
- Name: wifi_survey: Do not crash if the ssid cannot be retrieved
- #8153 Smjert: https://github.com/osquery/osquery/pull/8153
Repo: osquery/osquery
- Name: ci: Remove flakyness when removing unused packages on Linux
- #8144 Smjert: https://github.com/osquery/osquery/pull/8144
Repo: osquery/osquery
- Name: file: Add Shortcut metadata parsing on Windows
- #8143 Smjert: https://github.com/osquery/osquery/pull/8143
Repo: osquery/osquery
- Name: cve: Update libmagic to 5.45
- #8142 Smjert: https://github.com/osquery/osquery/pull/8142
Repo: osquery/osquery
- Name: cve: Update openssl to 3.1.3
- #8141 Smjert: https://github.com/osquery/osquery/pull/8141
Repo: osquery/osquery
- Name: Permit cross compiling for x86_64 on Apple Silicon
- #8136 Smjert: https://github.com/osquery/osquery/pull/8136
Repo: osquery/osquery
- Name: cve: Update lzma to 5.4.4
- #8135 Smjert: https://github.com/osquery/osquery/pull/8135
Repo: osquery/osquery
- Name: Fix openssl build arch for Windows ARM64
- #8134 Smjert: https://github.com/osquery/osquery/pull/8134
Repo: osquery/osquery
- Name: ci: Increase disk space on the Linux x86_64 runner
- #8133 Smjert: https://github.com/osquery/osquery/pull/8133
Repo: osquery/osquery
- Name: ci: Increase aarch64 available space by splitting the build
- #8131 Smjert: https://github.com/osquery/osquery/pull/8131
Repo: osquery/osquery
- Name: docs: Update XCode version mentions to the proper one
- #8128 Smjert: https://github.com/osquery/osquery/pull/8128
Repo: osquery/osquery
- Name: cve: Ignore libcap CVE-2023-2603
- #8127 Smjert: https://github.com/osquery/osquery/pull/8127
Repo: osquery/osquery
- Name: cve: Ignore dbus CVE-2023-34969
- #8126 Smjert: https://github.com/osquery/osquery/pull/8126
Repo: osquery/osquery
- Name: libs: Update openssl to 3.1.2
- #8124 Smjert: https://github.com/osquery/osquery/pull/8124
- Repo: osquery/osquery
- Name: Use JSON member iterator instead of rescanning
- #8122 Smjert: https://github.com/osquery/osquery/pull/8122
Repo: osquery/osquery
- Name: Missing pragma/header guard for boottime.h
- #8117 Smjert: https://github.com/osquery/osquery/pull/8117
Repo: osquery/osquery
- Name: aws: Add new AWS valid regions
- #8110 Smjert: https://github.com/osquery/osquery/pull/8110
Repo: osquery/osquery
- Name: watchdog: Use virtual cores to calculate CPU utilization limit
- #8104 Smjert: https://github.com/osquery/osquery/pull/8104
Repo: osquery/osquery
- Name: logs: Implement decorations_top_level flag for status logs
- #8102 Smjert: https://github.com/osquery/osquery/pull/8102
Repo: osquery/osquery
- Name: Avoid blocking when reading plist files
- #8099 Smjert: https://github.com/osquery/osquery/pull/8099
Repo: osquery/osquery
- Name: improvement: Avoid unnecessary string conversions
- #8093 Smjert: https://github.com/osquery/osquery/pull/8093
Repo: osquery/osquery
- Name: cleanup: Substitute the TEXT macro with SQL_TEXT in table code
- #8091 Smjert: https://github.com/osquery/osquery/pull/8091
Repo: osquery/osquery
- Name: firefox_addons: Use rapidjson to parse and don’t block on read
- #8089 Smjert: https://github.com/osquery/osquery/pull/8089
Repo: osquery/osquery
- Name: core: Avoid checking if a file exists before opening
- #8087 Smjert: https://github.com/osquery/osquery/pull/8087
Repo: osquery/osquery
- Name: cleanup: Remove forensicReadFile
- #8085 Smjert: https://github.com/osquery/osquery/pull/8085
Repo: osquery/osquery
- Name: libs: Fix openssl build on aarch64
- #8084 Smjert: https://github.com/osquery/osquery/pull/8084
Repo: osquery/osquery
- Name: Add warnings when an enrollment secret cannot be found
- #8082 Smjert: https://github.com/osquery/osquery/pull/8082
Repo: osquery/osquery
- Name: libs: Update openssl to 3.1.1
- #8081 Smjert: https://github.com/osquery/osquery/pull/8081
Repo: osquery/osquery
- Name: test: Fix leaks in inotify and rocksdb tests
- #8080 Smjert: https://github.com/osquery/osquery/pull/8080
Repo: osquery/osquery
- Name: aws: Add an option to enforce FIPS endpoints
- #8075 Smjert: https://github.com/osquery/osquery/pull/8075
Repo: osquery/osquery
- Name: Update expired Slack invite
- #8051 Smjert: https://github.com/osquery/osquery/pull/8051
Repo: osquery/osquery
- Name: cve: Update to openssl 1.1.1u
- #8050 Smjert: https://github.com/osquery/osquery/pull/8050
Repo: osquery/osquery
- Name: Improve extended_attributes implementation for Linux and macOS
- #8046 Smjert: https://github.com/osquery/osquery/pull/8046
Repo: osquery/osquery
- Name: test: Fix a leak in ExtendedAttributesTableTests SetUp function
- #8045 Smjert: https://github.com/osquery/osquery/pull/8045
Repo: osquery/osquery
- Name: Fix the aarch64 workflow
- #8036 Smjert: https://github.com/osquery/osquery/pull/8036
Repo: osquery/osquery
- Name: Fix the aarch64 workflow
- #8035 Smjert: https://github.com/osquery/osquery/pull/8035
Repo: osquery/osquery
- Name: Do not consider a 404 as an error in ec2-instance-metadata
- #8025 Smjert: https://github.com/osquery/osquery/pull/8025
Repo: osquery/osquery
- Name: cve: Update libxml2 to v2.11.2
- #8023 Smjert: https://github.com/osquery/osquery/pull/8023
Repo: osquery/osquery
- Name: libs: Bring out LZ4 from rdkafka and update it to v1.9.4
- #7996 Smjert: https://github.com/osquery/osquery/pull/7996
Repo: osquery/osquery
- Name: ci: Update aarch64 runner to Ubuntu 20.04 and update badges
- #7984 Smjert: https://github.com/osquery/osquery/pull/7984
Repo: osquery/osquery
- Name: ci: Update python version and docs build tools
- #7969 Smjert: https://github.com/osquery/osquery/pull/7969
Repo: osquery/osquery
- Name: test: Do not always expect a row from the secureboot table
- #7967 Smjert: https://github.com/osquery/osquery/pull/7967
Repo: osquery/osquery
- Name: tests: Do not always build root tests on Linux
- #7966 Smjert: https://github.com/osquery/osquery/pull/7966
Repo: osquery/osquery
- Name: test: Fix SystemdUnitsTest missing the unit_file_state column
- #7965 Smjert: https://github.com/osquery/osquery/pull/7965
Repo: osquery/osquery
- Name: tests: Fix some tests becoming osquery shells
- #7964 Smjert: https://github.com/osquery/osquery/pull/7964
Repo: osquery/osquery
- Name: ci: Workaround in the aarch64 runner to avoid out of space
- #7941 Smjert: https://github.com/osquery/osquery/pull/7941
Repo: osquery/osquery
- Name: ci: Remove Windows 32bit build
- #7939 Smjert: https://github.com/osquery/osquery/pull/7939
Repo: osquery/osquery
- Name: cve: Update openssl to 1.1.1t
- #7937 Smjert: https://github.com/osquery/osquery/pull/7937
Repo: osquery/osquery
- Name: cve: Ignore util-linux cves
- #7929 Smjert: https://github.com/osquery/osquery/pull/7929
Repo: osquery/osquery
- Name: libs: Fix system paths used by dbus
- #7919 Smjert: https://github.com/osquery/osquery/pull/7919
Repo: osquery/osquery
- Name: libs: Fix libmagic build on macOS
- #7915 Smjert: https://github.com/osquery/osquery/pull/7915
Repo: osquery/osquery
- Name: cve: Update yara to 4.2.3
- #7912 Smjert: https://github.com/osquery/osquery/pull/7912
Repo: osquery/osquery
- Name: cve: Ignore sqlite CVE-2022-46908
- #7911 Smjert: https://github.com/osquery/osquery/pull/7911
Repo: osquery/osquery
- Name: cve: Update librpm to 4.18.0
- #7910 Smjert: https://github.com/osquery/osquery/pull/7910
Repo: osquery/osquery
- Name: libs: Update popt to 1.19
- #7909 Smjert: https://github.com/osquery/osquery/pull/7909
Repo: osquery/osquery
- Name: test: Speed up ec2InstanceMetadata.test_sanity
- #7907 Smjert: https://github.com/osquery/osquery/pull/7907
Repo: osquery/osquery
- Name: libs: Update dbus to 1.12.24
- #7905 Smjert: https://github.com/osquery/osquery/pull/7905
Repo: osquery/osquery
- Name: libs: Update util-linux to 2.35.2
- #7902 Smjert: https://github.com/osquery/osquery/pull/7902
Repo: osquery/osquery
- Name: `cpu_info`: Port the table to macOS x86 and Apple Silicon
- #7757 Smjert: https://github.com/osquery/osquery/pull/7757
Repo: osquery/osquery
- Name: logger: Add new string_batch request type to compliment existing string type
- #8027 alessandrogario: https://github.com/osquery/osquery/pull/8027
Repo: osquery/osquery
- Name: cmake: Add an option to disable shallow git clone operations
- #8026 alessandrogario: https://github.com/osquery/osquery/pull/8026
Repo: osquery/osquery
- Name: cmake: Only link against the experiments loader when needed
- #7959 alessandrogario: https://github.com/osquery/osquery/pull/7959
Repo: osquery/osquery
- Name: experiments: Implement a new bpf_process_events_v2 table
- #7773 alessandrogario: https://github.com/osquery/osquery/pull/7773
Repo: osquery/osquery
- Name: Restore functionality of crashes table on macOS 12 and newer
- #7819 mike-myers-tob: https://github.com/osquery/osquery/pull/7819
Repo: orium/cargo-rdme
- Name: Implement intralinks for reference-style links
- #165 smoelius: https://github.com/orium/cargo-rdme/pull/165
Repo: regexident/cargo-modules
- Name: Add --acyclic option
- #184 smoelius: https://github.com/regexident/cargo-modules/pull/184
Repo: rust-lang/docs.rs
- Name: Add components llvm-tools-preview and rustc-dev
- #2101 smoelius: https://github.com/rust-lang/docs.rs/pull/2101
Repo: rustsec/advisory-db
- Name: Add unmaintained dlopen_derive advisory
- #1735 smoelius: https://github.com/rustsec/advisory-db/pull/1735
Repo: rustsec/advisory-db
- Name: Link to HOWTO_UNMAINTAINED.md in README.md (#1748)
- #1754 smoelius: https://github.com/rustsec/advisory-db/pull/1754
Repo: rust-secure-code/cargo-supply-chain
- Name: Add --no-dev option
- #93 smoelius: https://github.com/rust-secure-code/cargo-supply-chain/pull/93

Software analysis tools

- Repo: langston-barrett/tree-crasher
  - Name: feat: add tree-crasher implementation for solidity
  - #26 0xalpharush: https://github.com/langston-barrett/tree-crasher/pull/26
- Repo: assert-rs/assert_cmd
  - Name: Restore newlines when writing Bstrs
  - #161 smoelius: https://github.com/assert-rs/assert_cmd/pull/161
- Repo: rust-lang/rust-clippy
  - Name: unwrap_or_else_default -> unwrap_or_default and improve resulting lint
  - #10120 smoelius: https://github.com/rust-lang/rust-clippy/pull/10120
- Repo: rust-lang/rust-clippy
  - Name: Fix typo in unused_self diagnostic message
  - #10138 smoelius: https://github.com/rust-lang/rust-clippy/pull/10138

- Repo: rust-lang/rust-clippy
  - Name: Tiny typo: eg. -> e.g.
  - #10221 smoelius: https://github.com/rust-lang/rust-clippy/pull/10221
- Repo: rust-lang/rust-clippy
  - Name: Fix rust-lang/rust#107877, etc.
  - #10403 smoelius: https://github.com/rust-lang/rust-clippy/pull/10403
- Repo: rust-lang/rust-clippy
  - Name: Two small documentation improvements
  - #10425 smoelius: https://github.com/rust-lang/rust-clippy/pull/10425
- Repo: rust-lang/rust-clippy
  - Name: Update macros.rs (typo)
  - #10734 smoelius: https://github.com/rust-lang/rust-clippy/pull/10734
- Repo: rust-lang/rust-clippy
  - Name: “try this” -> “try”
  - #11055 smoelius: https://github.com/rust-lang/rust-clippy/pull/11055
- Repo: rust-lang/rust-clippy
  - Name: Fix ICE in #10535
  - #11130 smoelius: https://github.com/rust-lang/rust-clippy/pull/11130
- Repo: rust-lang/rust-clippy
  - Name: Fix unwrap_or_else_default false positive
  - #11135 smoelius: https://github.com/rust-lang/rust-clippy/pull/11135
- Repo: rust-lang/rust-clippy
  - Name: Add “Known problems” section to needless_borrow documentation
  - #11148 smoelius: https://github.com/rust-lang/rust-clippy/pull/11148
- Repo: rust-lang/rust-clippy
  - Name: Typo
  - #11411 smoelius: https://github.com/rust-lang/rust-clippy/pull/11411

Repo: rust-lang/rust-clippy
- Name: Nit re matches! formatting
- #11863 smoelius: https://github.com/rust-lang/rust-clippy/pull/11863
Repo: rust-marker/marker
- Name: Typo
- #253 smoelius: https://github.com/rust-marker/marker/pull/253
Repo: rust-marker/marker
- Name: Rustc: Librarify marker_rustc_driver
- #271 smoelius: https://github.com/rust-marker/marker/pull/271

Blockchain software

Repo: ethereum/hevm
- Name: Bump nixpkgs to GHC 9.4
- #303 arcz: https://github.com/ethereum/hevm/pull/303
Repo: ethereum/hevm
- Name: Prepare 0.51.2 release
- #305 arcz: https://github.com/ethereum/hevm/pull/305
Repo: ethereum/hevm
- Name: Fix path joining on Windows
- #306 arcz: https://github.com/ethereum/hevm/pull/306
Repo: etherehttps://github.com/foundry-rs/book
- Name: null
- #1043 null: https://github.com/etherehttps://github.com/foundry-rs/book/pull/1043
Repo: paradigmxyz/reth
- Name: ci: update test-fuzz installation
- #5126 0xalpharush: https://github.com/paradigmxyz/reth/pull/5126
Repo: paradigmxyz/reth
- Name: feat: roundtrip fuzz harness for PooledTransactions
- #5125 0xalpharush: https://github.com/paradigmxyz/reth/pull/5125
Repo: foundry-rs/foundry
- Name: feat(forge): implement glob pattern for forge build –skip
- #5267 0xalpharush: https://github.com/foundry-rs/foundry/pull/5267
Repo: foundry-rs/forge-std
- Name: feat(StdAssertions): Add assertEqCall
- #311 0xPhaze: https://github.com/foundry-rs/forge-std/pull/311
Repo: solana-labs/solana
- Name: remove inaccurate comment about system instructions
- #31829 0xalpharush: https://github.com/solana-labs/solana/pull/31829
Repo: worldcoin/world-id-state-bridge
- Name: don’t allow calls to initialize on UUPS impl
- #5 0xalpharush: https://github.com/worldcoin/world-id-state-bridge/pull/5
Repo: OpenZeppelin/openzeppelin-contracts
- Name: Ignore reentrancy in executeBatch and update Slither config
- #3955 0xalpharush: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3955
Repo: Y-Nak/solc-rust
- Name: fix boost linking on M1 and update build instructions
- #1 0xalpharush: https://github.com/Y-Nak/solc-rust/pull/1
Repo: gakonst/ethers-rs
- Name: (docs): add clippy command
- #1967 0xalpharush: https://github.com/gakonst/ethers-rs/pull/1967
Repo: hyperledger/solang
- Name: solang-parser README.md should mention breaking changes may occur
- #1213 smoelius: https://github.com/hyperledger/solang/pull/1213
Repo: hyperledger/solang
- Name: Add optimizations test
- #1469 smoelius: https://github.com/hyperledger/solang/pull/1469
Repo: solana-labs/solana
- Name: borrow_mut -> borrow in two places
- #31399 smoelius: https://github.com/solana-labs/solana/pull/31399
Repo: ethereum/hevm
- Name: Windows build support
- #201 elopez: https://github.com/ethereum/hevm/pull/201
Repo: ethereum/hevm
- Name: ci: re-enable windows
- #264 elopez: https://github.com/ethereum/hevm/pull/264
Repo: ethereum/hevm
- Name: hevm: enable compact-unwind on macOS
- #281 elopez: https://github.com/ethereum/hevm/pull/281
Repo: ethereum/hevm
- Name: Move Windows build to GHC 9.4
- #415 elopez: https://github.com/ethereum/hevm/pull/415
Repo: ethereum/hevm
- Name: Remove unused deps
- #161 arcz: https://github.com/ethereum/hevm/pull/161
Repo: ethereum/hevm
- Name: Fix SAR arithmetic overflow and copySlice regressions
- #163 arcz: https://github.com/ethereum/hevm/pull/163
Repo: ethereum/hevm
- Name: Implement prank(address) cheatcode
- #167 arcz: https://github.com/ethereum/hevm/pull/167
Repo: ethereum/hevm
- Name: Enable OverloadedRecordDot, NoFieldSelectors and DuplicateRecordFields
- #172 arcz: https://github.com/ethereum/hevm/pull/172
Repo: ethereum/hevm
- Name: Fix slot fetch cache lookup
- #180 arcz: https://github.com/ethereum/hevm/pull/180
Repo: ethereum/hevm
- Name: Cleanup some records
- #181 arcz: https://github.com/ethereum/hevm/pull/181
Repo: ethereum/hevm
- Name: Fix showing source line number in debugger
- #182 arcz: https://github.com/ethereum/hevm/pull/182
Repo: ethereum/hevm
- Name: Add fetchChainIdFrom
- #190 arcz: https://github.com/ethereum/hevm/pull/190
Repo: ethereum/hevm
- Name: Bump flake.lock
- #192 arcz: https://github.com/ethereum/hevm/pull/192
Repo: ethereum/hevm
- Name: Replace num/fromIntegral with witch
- #203 arcz: https://github.com/ethereum/hevm/pull/203
Repo: ethereum/hevm
- Name: Optimize W256 serialization
- #215 arcz: https://github.com/ethereum/hevm/pull/215
Repo: ethereum/hevm
- Name: Minor cleanup
- #216 arcz: https://github.com/ethereum/hevm/pull/216
Repo: ethereum/hevm
- Name: Remove StrictData to improve performance
- #217 arcz: https://github.com/ethereum/hevm/pull/217
Repo: ethereum/hevm
- Name: Run tests on all cores
- #222 arcz: https://github.com/ethereum/hevm/pull/222
Repo: ethereum/hevm
- Name: Change interpret to take vm arg instead of StateT
- #232 arcz: https://github.com/ethereum/hevm/pull/232
Repo: ethereum/hevm
- Name: Change BadCheatCode error to take just Word32
- #237 arcz: https://github.com/ethereum/hevm/pull/237
Repo: ethereum/hevm
- Name: Add FunctionSelector type to improve semantics
- #238 arcz: https://github.com/ethereum/hevm/pull/238
Repo: ethereum/hevm
- Name: Cleanup and unify style in EVM module
- #239 arcz: https://github.com/ethereum/hevm/pull/239
Repo: ethereum/hevm
- Name: Bump nixpkgs
- #248 arcz: https://github.com/ethereum/hevm/pull/248
Repo: ethereum/hevm
- Name: Prepare 0.51.1 release
- #269 arcz: https://github.com/ethereum/hevm/pull/269
Repo: ethereum/hevm
- Name: Code cleanup
- #285 arcz: https://github.com/ethereum/hevm/pull/285
Repo: ethereum/hevm
- Name: Bring back combined JSON loading
- #293 arcz: https://github.com/ethereum/hevm/pull/293
Repo: um/hevm/pull/310
- Name: null
- #um/hevm/pull/310 null: um/hevm/pull/310
Repo: ethereum/hevm
- Name: Ignore word-simplification test
- #315 arcz: https://github.com/ethereum/hevm/pull/315
Repo: ethereum/hevm
- Name: Simplify IOAct in Stepper
- #317 arcz: https://github.com/ethereum/hevm/pull/317
Repo: ethereum/hevm
- Name: Mutable memory
- #318 arcz: https://github.com/ethereum/hevm/pull/318
Repo: ethereum/hevm
- Name: Remove Stepper.Run action
- #326 arcz: https://github.com/ethereum/hevm/pull/326
Repo: ethereum/hevm
- Name: Cleanup stackOp2 and stackOp3
- #351 arcz: https://github.com/ethereum/hevm/pull/351
Repo: ethereum/hevm
- Name: Bump nixpkgs
- #370 arcz: https://github.com/ethereum/hevm/pull/370

Reverse engineering tools

Repo: NationalSecurityAgency/ghidra
- Name: fix: incorrect sleigh in e_stmvsprw for PPC VLE
- #4886 Ninja3047: https://github.com/NationalSecurityAgency/ghidra/pull/4886
Repo: NationalSecurityAgency/ghidra
- Name: fix: also decode eieio (mbar 0) for VLE
- #4887 Ninja3047: https://github.com/NationalSecurityAgency/ghidra/pull/4887
Repo: NationalSecurityAgency/ghidra
- Name: Catch exception when reading invalid dwarf abbrev code and continue
- #5300 Ninja3047: https://github.com/NationalSecurityAgency/ghidra/pull/5300
Repo: NationalSecurityAgency/ghidra
- Name: Fix call_frame_cfa value for ppc
- #5315 Ninja3047: https://github.com/NationalSecurityAgency/ghidra/pull/5315
Repo: NationalSecurityAgency/ghidra
- Name: typo: setMinpeculativeOffset -> setMinSpeculativeOffset
- #5810 Ninja3047: https://github.com/NationalSecurityAgency/ghidra/pull/5810
Repo: NationalSecurityAgency/ghidra
- Name: gradle: Fix screenShotsImplementation typo
- #4964 ekilmer: https://github.com/NationalSecurityAgency/ghidra/pull/4964
Repo: NationalSecurityAgency/ghidra
- Name: gradle: Fix compile classpath for scripts
- #4974 ekilmer: https://github.com/NationalSecurityAgency/ghidra/pull/4974
Repo: NationalSecurityAgency/ghidra
- Name: gradle: Fix bundle_examples compilation
- #4975 ekilmer: https://github.com/NationalSecurityAgency/ghidra/pull/4975
Repo: NationalSecurityAgency/ghidra
- Name: Fix C++ sleighexample compilation
- #5211 ekilmer: https://github.com/NationalSecurityAgency/ghidra/pull/5211
Repo: NationalSecurityAgency/ghidra
- Name: Fix memory leak after xml errors
- #5383 ekilmer: https://github.com/NationalSecurityAgency/ghidra/pull/5383

Software analysis/transformational tools

Repo: michaelbrownuc/GadgetSetAnalyzer
- Name: Improve usability and some statistic calculations
- #13 reytchison: https://github.com/michaelbrownuc/GadgetSetAnalyzer/pull/13
Repo: michaelbrownuc/CARVE
- Name: Debloat code in-place and some minor changes
- #3 reytchison: https://github.com/michaelbrownuc/CARVE/pull/3
Repo: michaelbrownuc/CARVE
- Name: Support debloating python, package the project, and add tests.
- #5 reytchison: https://github.com/michaelbrownuc/CARVE/pull/5

Packing ecosystem/supply chain

Repo: pypi/warehouse
- Name: Send emails on login from new IP address, API token creation
- #13869 tnytown: https://github.com/pypi/warehouse/pull/13869
Repo: pypi/warehouse
- Name: Add OIDC claims to the OIDCPublisher caveat
- #13668 tnytown: https://github.com/pypi/warehouse/pull/13668
Repo: pypi/warehouse
- Name: Trusted publishing: use user/repo slug in GitHub publisher form
- #13681 jleightcap: https://github.com/pypi/warehouse/pull/13681
Repo: pypi/warehouse
- Name: Expose OIDC claims in request context from macaroon
- #13680 tnytown: https://github.com/pypi/warehouse/pull/13680
Repo: pypi/warehouse
- Name: Expand OIDC email template’s publisher specifiers
- #13667 Martolivna: https://github.com/pypi/warehouse/pull/13667
Repo: pypi/warehouse
- Name: tests: fill in PEP 715 change coverage
- #14014 woodruffw: https://github.com/pypi/warehouse/pull/14014
Repo: pypi/warehouse
- Name: Prefer InputRequired over DataRequired on form validation
- #13696 jleightcap: https://github.com/pypi/warehouse/pull/13696
Repo: pypi/warehouse
- Name: trusted publishing: repo owner in emails
- #13753 woodruffw: https://github.com/pypi/warehouse/pull/13753
Repo: pypi/warehouse
- Name: Remove IAuthorizationPolicy from codebase
- #13754 tnytown: https://github.com/pypi/warehouse/pull/13754
Repo: pypi/warehouse
- Name: Emails whenever a release gets yanked or unyanked
- #13829 xBalbinus: https://github.com/pypi/warehouse/pull/13829
Repo: pypi/warehouse
- Name: Use InputRequired with explicit formdata
- #13828 jleightcap: https://github.com/pypi/warehouse/pull/13828
Repo: python/peps
- Name: PEP 715: Disabling bdist_egg distribution uploads on PyPI
- #3161 woodruffw: https://github.com/python/peps/pull/3161
Repo: pypi/warehouse
- Name: feat: Emails sent to existing email accounts when adding new email
- #13866 xBalbinus: https://github.com/pypi/warehouse/pull/13866
Repo: pypi/warehouse
- Name: tests, warehouse: per-provider OIDC admin flags
- #13871 woodruffw: https://github.com/pypi/warehouse/pull/13871
Repo: pypi/warehouse
- Name: Generalize trusted publishing emails
- #13872 woodruffw: https://github.com/pypi/warehouse/pull/13872
Repo: pypi/warehouse
- Name: Fix IP hashing in development environment
- #13879 tnytown: https://github.com/pypi/warehouse/pull/13879
Repo: pypi/warehouse
- Name: make the invalid-publisher err msg more informative
- #13941 kemingy: https://github.com/pypi/warehouse/pull/13941
Repo: pypi/warehouse
- Name: Monotonic journals
- #13936 dstufft: https://github.com/pypi/warehouse/pull/13936
Repo: pypi/warehouse
- Name: tests, warehouse: disable egg uploads
- #14118 woodruffw: https://github.com/pypi/warehouse/pull/14118
Repo: jpadilla/pyjwt
- Name: api_jwt: add a strict_aud option
- #902 woodruffw: https://github.com/jpadilla/pyjwt/pull/902
Repo: pypi/warehouse
- Name: Trusted publishing: Enforce strict audience checking
- #14158 woodruffw: https://github.com/pypi/warehouse/pull/14158
Repo: pypi/warehouse
- Name: legacy: improve error msg for project mismatches
- #14082 woodruffw: https://github.com/pypi/warehouse/pull/14082
Repo: pypi/warehouse
- Name: Implement initial rollout of PEP 715
- #14017 ewdurbin: https://github.com/pypi/warehouse/pull/14017
Repo: pypi/warehouse
- Name: requirements: drop types-stdlib-list
- #14006 woodruffw: https://github.com/pypi/warehouse/pull/14006
Repo: pypi/warehouse
- Name: dev, tests, warehouse: rm warehouse.oidc.enabled
- #13885 woodruffw: https://github.com/pypi/warehouse/pull/13885
Repo: pypi/warehouse
- Name: legacy: lingering PEP 527 changes
- #13881 woodruffw: https://github.com/pypi/warehouse/pull/13881
Repo: pypi/warehouse
- Name: admin: add a “wipe factors” button
- #13848 woodruffw: https://github.com/pypi/warehouse/pull/13848
Repo: pypi/warehouse
- Name: Refactor Authorization
- #13849 dstufft: https://github.com/pypi/warehouse/pull/13849
Repo: pypi/warehouse
- Name: macaroons/caveats: document serialization limits
- #13810 woodruffw: https://github.com/pypi/warehouse/pull/13810
Repo: pypi/warehouse
- Name: Fix links in trusted publisher documentation
- #13736 tnytown: https://github.com/pypi/warehouse/pull/13736
Repo: pypi/warehouse
- Name: Document PyPI’s protections against resurrection attacks
- #13720 tnytown: https://github.com/pypi/warehouse/pull/13720
Repo: pypa/gh-action-pypi-publish
- Name: twine-upload: add a nudge for trusted publishing
- #167 woodruffw: https://github.com/pypa/gh-action-pypi-publish/pull/167
Repo: pypi/stdlib-list
- Name: README: reflow, preserve archived README
- #59 woodruffw: https://github.com/pypi/stdlib-list/pull/59
Repo: pypi/stdlib-list
- Name: treewide: PEP 517/8
- #63 woodruffw: https://github.com/pypi/stdlib-list/pull/63
Repo: pypi/stdlib-list
- Name: Fix tests, run tests in CI
- #64 woodruffw: https://github.com/pypi/stdlib-list/pull/64
Repo: pypi/stdlib-list
- Name: QA: mypy, reformatting, and linting
- #69 woodruffw: https://github.com/pypi/stdlib-list/pull/69
Repo: pypi/stdlib-list
- Name: workflows/listgen: fix missing env var
- #73 woodruffw: https://github.com/pypi/stdlib-list/pull/73
Repo: pypi/stdlib-list
- Name: listgen: merge list instead of overwriting
- #81 woodruffw: https://github.com/pypi/stdlib-list/pull/81
Repo: pypi/stdlib-list
- Name: add dependabot, use alls-green
- #86 woodruffw: https://github.com/pypi/stdlib-list/pull/86
Repo: pypi/stdlib-list
- Name: stdlib_list: 0.9.0rc0
- #87 woodruffw: https://github.com/pypi/stdlib-list/pull/87
Repo: pypi/stdlib-list
- Name: stdlib-list: 0.9.0
- #88 woodruffw: https://github.com/pypi/stdlib-list/pull/88
Repo: sigstore/sigstore-python
- Name: cli: search for {input}.sigstore.json by default
- #820 woodruffw: https://github.com/sigstore/sigstore-python/pull/820
Repo: di/id
- Name: Drop Python 3.7, add 3.12 to tests and metadata
- #141 woodruffw: https://github.com/di/id/pull/141
Repo: sigstore/protobuf-specs
- Name: pb-rust: Serde via prost + pbjson
- #95 jleightcap: https://github.com/sigstore/protobuf-specs/pull/95
Repo: sigstore/sigstore-rs
- Name: conformance: add conformance CLI and action
- #287 jleightcap: https://github.com/sigstore/sigstore-rs/pull/287
Repo: sigstore/protobuf-specs
- Name: pb-rust: JSON schema compilation source
- #118 jleightcap: https://github.com/sigstore/protobuf-specs/pull/118
Repo: sigstore/protobuf-specs
- Name: jsonschema: container fix, updated compilation options
- #121 jleightcap: https://github.com/sigstore/protobuf-specs/pull/121
Repo: sigstore/protobuf-specs
- Name: python-release: use trusted publishing
- #157 woodruffw: https://github.com/sigstore/protobuf-specs/pull/157
Repo: sigstore/sigstore-conformance
- Name: README: prep 0.0.6
- #92 woodruffw: https://github.com/sigstore/sigstore-conformance/pull/92
Repo: RustCrypto/formats
- Name: x509-cert: add Signed Certificate Timestamp (SCT) extension support
- #1134 imor: https://github.com/RustCrypto/formats/pull/1134
Repo: sigstore/sigstore-rs
- Name: sign: init
- #310 jleightcap: https://github.com/sigstore/sigstore-rs/pull/310
Repo: sigstore/sigstore-rs
- Name: verify: init
- #311 jleightcap: https://github.com/sigstore/sigstore-rs/pull/311
Repo: sigstore/sigstore-rs
- Name: test: bundles + conformance suite
- #315 jleightcap: https://github.com/sigstore/sigstore-rs/pull/315
Repo: sigstore/sigstore-rs
- Name: cosign/tuf: use trustroot
- #305 jleightcap: https://github.com/sigstore/sigstore-rs/pull/305
Repo: sigstore/protobuf-specs
- Name: gens, protos: initialize rust codegen
- #83 jleightcap: https://github.com/sigstore/protobuf-specs/pull/83
Repo: sigstore/protobuf-specs
- Name: workflows: add rust-release
- #88 woodruffw: https://github.com/sigstore/protobuf-specs/pull/88
Repo: sigstore/protobuf-specs
- Name: CHANGELOG: initialize
- #93 woodruffw: https://github.com/sigstore/protobuf-specs/pull/93
Repo: sigstore/protobuf-specs
- Name: pb-rust: docstring failure hotfix
- #123 jleightcap: https://github.com/sigstore/protobuf-specs/pull/123
Repo: sigstore/sigstore-conformance
- Name: Add v0.2 bundle tests
- #112 bdehamer: https://github.com/sigstore/sigstore-conformance/pull/112
Repo: sigstore/sigstore-conformance
- Name: Add opt-in support for tests that include providing a custom trust root
- #101 steiza: https://github.com/sigstore/sigstore-conformance/pull/101
Repo: sigstore-conformance/extremely-dangerous-public-oidc-beacon
- Name: Start publishing the cursed token on GitHub Pages
- #7 jku: https://github.com/sigstore-conformance/extremely-dangerous-public-oidc-beacon/pull/7
Repo: sigstore/protobuf-specs
- Name: python: 0.2.3rc1
- #159 woodruffw: https://github.com/sigstore/protobuf-specs/pull/159
Repo: sigstore/protobuf-specs
- Name: python: 0.2.3rc0
- #158 woodruffw: https://github.com/sigstore/protobuf-specs/pull/158
Repo: sigstore/protobuf-specs
- Name: python-release: use kebab-case
- #155 woodruffw: https://github.com/sigstore/protobuf-specs/pull/155
Repo: sigstore/protobuf-specs
- Name: python: support 3.12, drop 3.7, bump betterproto
- #151 woodruffw: https://github.com/sigstore/protobuf-specs/pull/151
Repo: sigstore/sigstore-conformance
- Name: assets: bump invalid_inclusion_proof to 0.2 bundle
- #109 woodruffw: https://github.com/sigstore/sigstore-conformance/pull/109
Repo: sigstore/sigstore-conformance
- Name: Improve unexpected success handling
- #108 jku: https://github.com/sigstore/sigstore-conformance/pull/108
Repo: sigstore/sigstore-conformance
- Name: README: prep 0.0.7
- #106 woodruffw: https://github.com/sigstore/sigstore-conformance/pull/106
Repo: sigstore/sigstore-conformance
- Name: Allow multiple artifacts to exist
- #102 jku: https://github.com/sigstore/sigstore-conformance/pull/102
Repo: sigstore/root-signing
- Name: tuf_client_tests: use actions/cache
- #933 woodruffw: https://github.com/sigstore/root-signing/pull/933
Repo: sigstore/sigstore-conformance
- Name: action, conftest: initial xfail support
- #95 woodruffw: https://github.com/sigstore/sigstore-conformance/pull/95
Repo: sigstore/sigstore-conformance
- Name: Fix typo to reference skip-signing input; mark additional test as using signing
- #93 steiza: https://github.com/sigstore/sigstore-conformance/pull/93
Repo: sigstore/protobuf-specs
- Name: common: message_digest is not required
- #114 woodruffw: https://github.com/sigstore/protobuf-specs/pull/114
Repo: sigstore/sigstore-conformance
- Name: cli: move oidc token into pytest
- #91 jleightcap: https://github.com/sigstore/sigstore-conformance/pull/91
Repo: sigstore/sigstore-conformance
- Name: Change bundle verification test to not depend on signing
- #82 steiza: https://github.com/sigstore/sigstore-conformance/pull/82
Repo: sigstore/fulcio
- Name: oid-info: mark old issuer ext as deprecated
- #1289 woodruffw: https://github.com/sigstore/fulcio/pull/1289
Repo: sigstore/protobuf-specs
- Name: Added a prototype for generating jsonschema files
- #112 kommendorkapten: https://github.com/sigstore/protobuf-specs/pull/112
Repo: sigstore/sigstore-conformance
- Name: Make it easier to run verification test locally
- #100 steiza: https://github.com/sigstore/sigstore-conformance/pull/100
Repo: sigstore/sigstore-conformance
- Name: Add bundle tests to increase coverage of tlog entries
- #98 steiza: https://github.com/sigstore/sigstore-conformance/pull/98
Repo: sigstore/sigstore-conformance
- Name: action: invoke pytest through python
- #89 woodruffw: https://github.com/sigstore/sigstore-conformance/pull/89
Repo: sigstore/sigstore-conformance
- Name: README: prep 0.0.5
- #86 tetsuo-cpp: https://github.com/sigstore/sigstore-conformance/pull/86
Repo: sigstore/sigstore-conformance
- Name: sigstore-python-conformance: Update wrapper
- #85 tetsuo-cpp: https://github.com/sigstore/sigstore-conformance/pull/85
Repo: sigstore/sigstore-conformance
- Name: Add several bundle tests
- #84 steiza: https://github.com/sigstore/sigstore-conformance/pull/84
Repo: sigstore/sigstore-conformance
- Name: conftest: Add --identity-token option back
- #80 tetsuo-cpp: https://github.com/sigstore/sigstore-conformance/pull/80
Repo: sigstore/sigstore-python
- Name: API-level DSSE signing support
- #804 woodruffw: https://github.com/sigstore/sigstore-python/pull/804
Repo: package-url/purl-spec
- Name: Add spec for brew package URLs
- #281 woodruffw: https://github.com/package-url/purl-spec/pull/281
Repo: in-toto/attestation
- Name: Python in CI/CD, add lintage and tests
- #306 woodruffw: https://github.com/in-toto/attestation/pull/306
Repo: in-toto/attestation
- Name: in_toto_attestation/v1: fix type hints
- #301 woodruffw: https://github.com/in-toto/attestation/pull/301
Repo: ossf/alpha-omega
- Name: Homebrew: 2023-10 update
- #273 woodruffw: https://github.com/ossf/alpha-omega/pull/273
Repo: sigstore/sigstore-python
- Name: rekor: use sigstore_rekor_types for models
- #788 woodruffw: https://github.com/sigstore/sigstore-python/pull/788
Repo: ossf/alpha-omega
- Name: Homebrew: fill in README
- #269 woodruffw: https://github.com/ossf/alpha-omega/pull/269
Repo: ossf/alpha-omega
- Name: Homebrew: add 2023-11 update
- #285 woodruffw: https://github.com/ossf/alpha-omega/pull/285
Repo: Gallopsled/pwntools
- Name: shellcraft: more explicit sleep.asm docstring
- #2226 disconnect3d: https://github.com/Gallopsled/pwntools/pull/2226
Repo: nix-community/poetry2nix
- Name: Add cryptography==41.0.3 hash
- #1249 disconnect3d: https://github.com/nix-community/poetry2nix/pull/1249
Repo: google/nsjail
- Name: cgroup2.cc: improve note about using Docker
- #219 disconnect3d: https://github.com/google/nsjail/pull/219
Repo: cs-au-dk/goat
- Name: Improve LoadPackages error message
- #2 disconnect3d: https://github.com/cs-au-dk/goat/pull/2
Repo: slimtoolkit/slim
- Name: sysenv_linux.go: fix SeccompMode always using /proc/self/ instead of $pid
- #474 disconnect3d: https://github.com/slimtoolkit/slim/pull/474
Repo: PowerShell/PowerShell-Native
- Name: libpsl-native: Fix _FORTIFY_SOURCE macros
- #88 disconnect3d: https://github.com/PowerShell/PowerShell-Native/pull/88