At Trail of Bits, we pride ourselves on making our best tools open source, such as Slither, PolyTracker, and RPC Investigator. But while this post is about open source, it’s not about our tools…
In 2023, our employees submitted over 450 pull requests (PRs) that were merged into non-Trail of Bits repositories. This demonstrates our commitment to securing the software ecosystem as a whole and to improving software quality for everyone. A representative list of contributions appears at the end of this post, but here are some highlights:
- Sigstore-conformance, a vital component of our Sigstore initiative in open-source engineering, functions as an integration test suite for diverse Sigstore client implementations. Ensuring conformity to the Sigstore client testing suite, it rigorously evaluates overall client behavior, addressing critical scenarios and aligning with ongoing efforts to establish an official Sigstore client specification. This workflow-focused testing suite seamlessly integrates into workflows with minimal configuration, offering comprehensive testing for Sigstore clients.
- Protobuf-specs is another initiative in our open-source engineering. It is a collaborative repository for standardized data models and protocols across various Sigstore clients andhouses specifications for Sigstore messages. To update protobuf definitions, use Docker to generate protobuf stubs by running $ make all, resulting in Go and Python files under the ‘gen/’ directory.
- pyOpenSSL stands as the predominant Python library for integrating OpenSSL functionality. Over approximately the past nine months, we have been actively involved in cleanup and maintenance tasks on pyOpenSSL as part of our contract with the STF. pyOpenSSL serves as a thin wrapper around a subset of the OpenSSL library, where many object methods simply invoke corresponding functions in the OpenSSL library.
- Osquery is an SQL-powered framework for operating system instrumentation, monitoring, and analytics. We made numerous contributions to osquery, most notably adding process event monitoring for macOS based on the new Endpoint Security API; completely overhauling the project’s code-signing, packaging, and CI; and, last but not least, adding native support for Apple Silicon, the ARM-based architecture that Apple began transitioning to in 2022.
- Homebrew-core serves as the central repository for the default Homebrew tap, encompassing a collection of software packages and associated formulas for seamless installations. Once you’ve configured Homebrew on your Mac or Linux system, you gain the ability to execute “brew install” commands for software available in this repository. Emilio Lopez, an application security engineer, actively contributed to this repository by submitting several pull requests and introducing new formulas or updating existing ones. Emilio’s focus has predominantly been on tools developed by ToB, such as crytic-compile, solc-select, Caracal, and others. Consequently, individuals can effortlessly install these tools with a straightforward “brew install” command, streamlining the installation process.
- Ghidra, a National Security Agency Research Directorate creation, is a powerful software reverse engineering (SRE) framework. It offers advanced tools for code analysis on Windows, macOS, and Linux, including disassembly, decompilation, and scripting. Supporting various processor instruction sets, Ghidra serves as a customizable SRE research platform, aiding in the analysis of malicious code for cybersecurity purposes. We fixed numerous bugs to enhance its functionality, particularly in support of our work on DARPA’s AMP (Assured Micropatching) program.
We would like to acknowledge that submitting a PR is only a tiny part of the open-source experience. Someone has to review the PR. Someone has to maintain the code after the PR is merged. And submitters of earlier PRs have to write tests to ensure the functionality of their code is preserved.
We contribute to these projects in part because we love the craft, but also because we find these projects useful. For this, we offer the open-source community our most sincere thanks and wish everyone a happy, safe, and productive 2024!
Some of Trail of Bits’ 2023 open-source contributions
AI/ML
- Repo: run-llama/llama_index
- Name: llms/openai: fix Azure OpenAI streaming
- #7677 ret2libc: https://github.com/run-llama/llama_index/pull/7677
- Repo: run-llama/llama_index
- Name: llms/openai: fix Azure OpenAI by considering
prompt_filter_results
field - #7755 ret2libc: https://github.com/run-llama/llama_index/pull/7755
- Name: llms/openai: fix Azure OpenAI by considering
Cryptography
- Repo: 0xPARC/zk-bug-tracker
- Name: Updated mitigation in section on arithmetic overflows
- #10 fegge: https://github.com/0xPARC/zk-bug-tracker/pull/10
- Repo: mlswg/mls-architecture
- Name: Change rathr -> rather
- #203 tjade273: https://github.com/mlswg/mls-architecture/pull/203
- Repo: yi-sun/circom-pairing
- Name: Get all tests passing
- #23 tjade273: https://github.com/yi-sun/circom-pairing/pull/23
- Repo: yi-sun/circom-pairing
- Name: Fix EllipticCurveAdd formula when computing (P – P) – P
- #22 tjade273: https://github.com/yi-sun/circom-pairing/pull/22
- Repo: pyca/cryptography
- Name: rust: add crate skeleton for X.509 path validation
- #8873 woodruffw: https://github.com/pyca/cryptography/pull/8873
- Repo: pyca/cryptography
- Name: verification: add missing max_chain_depth kwargs
- #9847 woodruffw: https://github.com/pyca/cryptography/pull/9847
- Repo: pyca/cryptography
- Name: extensions: add
Extensions::iter
- #9081 woodruffw: https://github.com/pyca/cryptography/pull/9081
- Name: extensions: add
- Repo: alex/rust-asn1
- Name: bump version to 0.15.4
- #403 woodruffw: https://github.com/alex/rust-asn1/pull/403
- Repo: alex/rust-asn1
- Name: types:
asn1::DateTime: PartialOrd
- #402 woodruffw: https://github.com/alex/rust-asn1/pull/402
- Name: types:
- Repo: pyca/cryptography
- Name: x509: Eq and Hash derives
- #9076 woodruffw: https://github.com/pyca/cryptography/pull/9076
- Repo: alex/rust-asn1
- Name: bump version to 0.15.3
- #401 woodruffw: https://github.com/alex/rust-asn1/pull/401
- Repo: pyca/cryptography
- Name: x509/common: make SPKI algorithm public
- #9061 woodruffw: https://github.com/pyca/cryptography/pull/9061
- Repo: alex/rust-asn1
- Name: types: document domains for DateTime fields
- #399 woodruffw: https://github.com/alex/rust-asn1/pull/399
- Repo: pyca/cryptography
- Name: Add support for ChaCha20 in LibreSSL
- #9758 facutuesca: https://github.com/pyca/cryptography/pull/9758
- Repo: pyca/cryptography
- Name: Add support for ChaCha20 with BoringSSL
- #9762 facutuesca: https://github.com/pyca/cryptography/pull/9762
- Repo: pyca/cryptography
- Name: Add support for ChaCha20 with LibreSSL
- #9209 facutuesca: https://github.com/pyca/cryptography/pull/9209
- Repo: pyca/cryptography
- Name: Add test vectors for ChaCha20 counter overflow
- #9221 facutuesca: https://github.com/pyca/cryptography/pull/9221
- Repo: pyca/cryptography
- Name: Add
poly1305
implementation for BoringSSL and LibreSSL - #9392 facutuesca: https://github.com/pyca/cryptography/pull/9392
- Name: Add
- Repo: sfackler/rust-openssl
- Name: Expose Poly1305 bindings on libressl and boringssl
- #1998 facutuesca: https://github.com/sfackler/rust-openssl/pull/1998
- Repo: pyca/cryptography
- Name: Fixes for ChaCha20 documentation
- #9192 facutuesca: https://github.com/pyca/cryptography/pull/9192
- Repo: pyca/cryptography
- Name: Add support for ChaCha20-Poly1305 with BoringSSL
- #8946 facutuesca: https://github.com/pyca/cryptography/pull/8946
- Repo: pyca/cryptography
- Name: certificate: add a
get_extension
helper - #8892 woodruffw: https://github.com/pyca/cryptography/pull/8892
- Name: certificate: add a
- Repo: alex/rust-asn1
- Name: types: add blanket
Eq
s forSequenceOf
andSetOf
- #400 woodruffw: https://github.com/alex/rust-asn1/pull/400
- Name: types: add blanket
- Repo: pyca/cryptography
- Name: CHANGELOG: record ChaCha20Poly1305 changes
- #8955 woodruffw: https://github.com/pyca/cryptography/pull/8955
- Repo: pyca/cryptography
- Name: validation: remove unused From impls
- #9891 woodruffw: https://github.com/pyca/cryptography/pull/9891
- Repo: pyca/cryptography
- Name: validation: flatten error types
- #9890 woodruffw: https://github.com/pyca/cryptography/pull/9890
- Repo: alex/rust-asn1
- Name: types: add
BigInt::is_negative
API - #425 woodruffw: https://github.com/alex/rust-asn1/pull/425
- Name: types: add
- Repo: pyca/cryptography
- Name: Fix transposed doc, simplify type in trust store test
- #9874 woodruffw: https://github.com/pyca/cryptography/pull/9874
- Repo: pyca/cryptography
- Name: verification: add VerificationError, doc APIs
- #9873 woodruffw: https://github.com/pyca/cryptography/pull/9873
- Repo: pyca/cryptography
- Name: validation/policy: breakout test changes
- #9872 woodruffw: https://github.com/pyca/cryptography/pull/9872
- Repo: pyca/cryptography
- Name: tests, ci: plumb x509-limbo-root
- #9871 woodruffw: https://github.com/pyca/cryptography/pull/9871
- Repo: pyca/cryptography
- Name: validation/policy: remove old critical ext check logic
- #9855 woodruffw: https://github.com/pyca/cryptography/pull/9855
- Repo: pyca/cryptography
- Name: actions: generalize the wycheproof fetch action
- #9848 woodruffw: https://github.com/pyca/cryptography/pull/9848
- Repo: pyca/cryptography
- Name: validation: subject is non-optional
- #9846 woodruffw: https://github.com/pyca/cryptography/pull/9846
- Repo: pyca/cryptography
- Name: src, tests: add max_chain_depth to validation API
- #9844 woodruffw: https://github.com/pyca/cryptography/pull/9844
- Repo: pyca/cryptography
- Name: x509/validation: make algo sets non-optional
- #9821 woodruffw: https://github.com/pyca/cryptography/pull/9821
- Repo: pyca/cryptography
- Name: Add top-level ServerVerifier.verify API
- #9805 woodruffw: https://github.com/pyca/cryptography/pull/9805
- Repo: pyca/cryptography
- Name: validation: add permitted_public_key_algorithms
- #9801 woodruffw: https://github.com/pyca/cryptography/pull/9801
- Repo: pyca/cryptography
- Name: X.509: Add WebPKI SPKI AlgorithmIdentifiers
- #9800 woodruffw: https://github.com/pyca/cryptography/pull/9800
- Repo: pyca/cryptography
- Name: validation: add Rust-side extension validation helpers
- #9781 tetsuo-cpp: https://github.com/pyca/cryptography/pull/9781
- Repo: pyca/cryptography
- Name: validation: add Rust-side certificate validation helpers
- #9757 tetsuo-cpp: https://github.com/pyca/cryptography/pull/9757
- Repo: pyca/cryptography
- Name: x509: construct
IPAddress
andIPRange
types - #9346 tnytown: https://github.com/pyca/cryptography/pull/9346
- Name: x509: construct
- Repo: pyca/cryptography
- Name: validation/ops: make
public_key
returnOption
- #9356 woodruffw: https://github.com/pyca/cryptography/pull/9356
- Name: validation/ops: make
- Repo: pyca/cryptography
- Name: noxfile, docs: fix posargs handling
- #9354 woodruffw: https://github.com/pyca/cryptography/pull/9354
- Repo: pyca/cryptography
- Name: Migrate more types
- #9254 woodruffw: https://github.com/pyca/cryptography/pull/9254
- Repo: pyca/cryptography
- Name: name: devolve
NameReadable
variant - #9282 woodruffw: https://github.com/pyca/cryptography/pull/9282
- Name: name: devolve
- Repo: pyca/cryptography
- Name: extensions: explicit lifetimes
- #9225 woodruffw: https://github.com/pyca/cryptography/pull/9225
- Repo: pyca/cryptography
- Name: x509: more extension APIs
- #9213 woodruffw: https://github.com/pyca/cryptography/pull/9213
- Repo: pyca/cryptography
- Name: oid: add more extension, EKU OIDs
- #9212 woodruffw: https://github.com/pyca/cryptography/pull/9212
- Repo: pyca/cryptography
- Name: Certificate: useful APIs
- #9300 woodruffw: https://github.com/pyca/cryptography/pull/9300
- Repo: pyca/cryptography
- Name: validation: profile trait, error types
- #9299 woodruffw: https://github.com/pyca/cryptography/pull/9299
- Repo: pyca/cryptography
- Name: rust: update lockfile
- #9298 woodruffw: https://github.com/pyca/cryptography/pull/9298
- Repo: pyca/cryptography
- Name: validation: add CryptoOps trait
- #9297 woodruffw: https://github.com/pyca/cryptography/pull/9297
- Repo: pyca/cryptography
- Name: rust: add PyCryptoOps, test
- #9355 woodruffw: https://github.com/pyca/cryptography/pull/9355
- Repo: pyca/cryptography
- Name: Path validation: builder/verifier API skeletons
- #9405 woodruffw: https://github.com/pyca/cryptography/pull/9405
- Repo: pyca/cryptography
- Name: validation: add Rust-side trust store APIs
- #9744 woodruffw: https://github.com/pyca/cryptography/pull/9744
- Repo: pyca/cryptography
- Name: validation/types: add DNSConstraint, rename IPConstraint
- #9700 woodruffw: https://github.com/pyca/cryptography/pull/9700
- Repo: pyca/cryptography
- Name: x509/policy: add WebPKI permitted algorithms
- #9548 woodruffw: https://github.com/pyca/cryptography/pull/9548
- Repo: pyca/cryptography
- Name: verification: fill in policy API internals
- #9642 woodruffw: https://github.com/pyca/cryptography/pull/9642
- Repo: pyca/cryptography
- Name: validation/policy: general name matching
- #9659 woodruffw: https://github.com/pyca/cryptography/pull/9659
- Repo: pyca/cryptography
- Name: certificate: increase lifetime precisions
- #9651 woodruffw: https://github.com/pyca/cryptography/pull/9651
- Repo: pyca/cryptography
- Name: extensions: drop unnecessary self lifetime bound
- #9650 woodruffw: https://github.com/pyca/cryptography/pull/9650
- Repo: pyca/cryptography
- Name: validation/ops: add test-only NullOps
- #9608 woodruffw: https://github.com/pyca/cryptography/pull/9608
- Repo: pyca/cryptography
- Name: verification: add PolicyBuilder API
- #9601 woodruffw: https://github.com/pyca/cryptography/pull/9601
- Repo: pyca/cryptography
- Name: ops: use
Result<..., Self::Err>
for returns - #9599 woodruffw: https://github.com/pyca/cryptography/pull/9599
- Name: ops: use
- Repo: pyca/cryptography
- Name: docs: add Store docs
- #9416 woodruffw: https://github.com/pyca/cryptography/pull/9416
- Repo: pyca/cryptography
- Name: x509: add Store API
- #9411 woodruffw: https://github.com/pyca/cryptography/pull/9411
- Repo: pyca/cryptography
- Name: common: add more RSA-PSS algorithm id definitions
- #9412 woodruffw: https://github.com/pyca/cryptography/pull/9412
- Repo: pyca/cryptography
- Name: rust: add PyCryptoOps
- #9606 woodruffw: https://github.com/pyca/cryptography/pull/9606
- Repo: pyca/cryptography
- Name: Add support for
AES-GCM-SIV
usingOpenSSL>=3.2.0
- #9843 facutuesca: https://github.com/pyca/cryptography/pull/9843
- Name: Add support for
- Repo: pyca/cryptography
- Name: Add test vectors for AES-GCM-SIV
- #9930 facutuesca: https://github.com/pyca/cryptography/pull/9930
- Repo: pyca/cryptography
- Name: validation/policy: rename var
- #9917 woodruffw: https://github.com/pyca/cryptography/pull/9917
- Repo: pyca/pyopenssl
- Name: Add support for
cryptography
CRLs toX509Store
- #1252 facutuesca: https://github.com/pyca/pyopenssl/pull/1252
- Name: Add support for
- Repo: pyca/pyopenssl
- Name: Remove use of
BN_set_word
- #1253 facutuesca: https://github.com/pyca/pyopenssl/pull/1253
- Name: Remove use of
- Repo: pyca/pyopenssl
- Name: Deprecate X509Extension
- #1255 facutuesca: https://github.com/pyca/pyopenssl/pull/1255
- Repo: pyca/pyopenssl
- Name: Migrate
.readthedocs.yml
to usebuild.os
- #1258 facutuesca: https://github.com/pyca/pyopenssl/pull/1258
- Name: Migrate
- Repo: pyca/cryptography
- Name: Deprecate naive datetime x509 APIs
- #9667 facutuesca: https://github.com/pyca/cryptography/pull/9667
- Repo: pyca/cryptography
- Name: Add timezone-aware API variants for x509
- #9661 facutuesca: https://github.com/pyca/cryptography/pull/9661
- Repo: pyca/pyopenssl
- Name: Add support for Python 3.12
- #1245 hugovk: https://github.com/pyca/pyopenssl/pull/1245
- Repo: pyca/pyopenssl
- Name: Add support for Python 3.12
- #1254 facutuesca: https://github.com/pyca/pyopenssl/pull/1254
- Repo: pyca/pyopenssl
- Name: Increase cryptography minimum in tox.ini
- #1257 facutuesca: https://github.com/pyca/pyopenssl/pull/1257
- Repo: pyca/pyopenssl
- Name: Deprecate CRL APIs
- #1251 facutuesca: https://github.com/pyca/pyopenssl/pull/1251
- Repo: pyca/cryptography
- Name: x509/sct: replace another utcfromtimestamp call
- #9589 woodruffw: https://github.com/pyca/cryptography/pull/9589
- Repo: pyca/pyopenssl
- Name: Fix failing test when running offline
- #1261 facutuesca: https://github.com/pyca/pyopenssl/pull/1261
- Repo: sfackler/rust-openssl
- Name: Add two methods to the PKCS7 API
- #2111 facutuesca: https://github.com/sfackler/rust-openssl/pull/2111
- Repo: pyca/pyopenssl
- Name: Put mypy, coverage.py, pytest in pyproject
- #1273 woodruffw: https://github.com/pyca/pyopenssl/pull/1273
Languages and compilers
- Repo: rust-lang/rust
- Name: Fix typo in universal_regions.rs comment
- #107195 smoelius: https://github.com/rust-lang/rust/pull/107195
- Repo: rust-lang/rust
- Name: docs: clarify explicitly freeing heap allocated memory
- #117563 0xalpharush: https://github.com/rust-lang/rust/pull/117563
- Repo: llvm/llvm-project
- Name: [NFC] Remove outdated comment
- #72591 AdvenamTacet: https://github.com/llvm/llvm-project/pull/72591
- Repo: llvm/llvm-project
- Name: [libc++][ASan] Removing clang version checks
- #71673 AdvenamTacet: https://github.com/llvm/llvm-project/pull/71673
- Repo: llvm/llvm-project
- Name: Add
std::basic_string
test cases - #74830 AdvenamTacet: https://github.com/llvm/llvm-project/pull/74830
- Name: Add
- Repo: llvm/llvm-project
- Name: [ASan][libc++] Refactor of ASan annotation functions
- #74023 AdvenamTacet: https://github.com/llvm/llvm-project/pull/74023
- Repo: llvm/llvm-project
- Name: [ASan][libc++] std::basic_string annotations
- #72677 AdvenamTacet: https://github.com/llvm/llvm-project/pull/72677
Libraries
- Repo: console-rs/indicatif
- Name: Fix attempt to subtract with overflow (#582)
- #586 smoelius: https://github.com/console-rs/indicatif/pull/586
- Repo: dtolnay/syn
- Name: Qualify
compile_error!
- #1431 smoelius: https://github.com/dtolnay/syn/pull/1431
- Name: Qualify
- Repo: matklad/xshell
- Name: Emit more informative error message when cwd does not exist
- #73 smoelius: https://github.com/matklad/xshell/pull/73
- Repo: rust-num/num-bigint
- Name: Release 0.4.4
- #280 cuviper: https://github.com/rust-num/num-bigint/pull/280
- Repo: Peternator7/strum
- Name: Handle rustoc comments in
#[derive(FromRepr)]
- #276 smoelius: https://github.com/Peternator7/strum/pull/276
- Name: Handle rustoc comments in
- Repo: pyrossh/rust-embed
- Name: Upgrade to
syn
2.0 - #211 smoelius: https://github.com/pyrossh/rust-embed/pull/211
- Name: Upgrade to
- Repo: TedDriggs/darling
- Name: Update README.md
- #232 smoelius: https://github.com/TedDriggs/darling/pull/232
- Repo: tree-sitter/tree-sitter
- Name: Partially revert d4d5e29
- #2278 smoelius: https://github.com/tree-sitter/tree-sitter/pull/2278
- Repo: tree-sitter/tree-sitter
- Name: Fix OOB in
Query::new
- #2280 smoelius: https://github.com/tree-sitter/tree-sitter/pull/2280
- Name: Fix OOB in
- Repo: tree-sitter/tree-sitter
- Name: Handle edge cases involving consecutive “zero or” modifiers
- #2281 smoelius: https://github.com/tree-sitter/tree-sitter/pull/2281
- Repo: XAMPPRocky/octocrab
- Name: Add
follow-redirect
feature - #469 smoelius: https://github.com/XAMPPRocky/octocrab/pull/469
- Name: Add
Tech infrastructure
- Repo: wasmerio/wasmer
- Name: fix: prevent potential UB by deriving repr C for union
- #4296 0xalpharush: https://github.com/wasmerio/wasmer/pull/4296
- Repo: rust-or/good_lp
- Name: deps: fix minimal fnv version
- #24 0xalpharush: https://github.com/rust-or/good_lp/pull/24
- Repo: haskell/network
- Name: Install and use
afunix_compat.h
header - #556 elopez: https://github.com/haskell/network/pull/556
- Name: Install and use
- Repo: haskell-actions/setup
- Name: Install the correct ghcup binary on aarch64
- #47 elopez: https://github.com/haskell-actions/setup/pull/47
- Repo: curl/curl-fuzzer
- Name: scripts: fix ssl builds on x86_64
- #80 elopez: https://github.com/curl/curl-fuzzer/pull/80
- Repo: Homebrew/homebrew-core
- Name: caracal 0.2.2 (new formula)
- #145966 elopez: https://github.com/Homebrew/homebrew-core/pull/145966
- Repo: Homebrew/homebrew-core
- Name: crytic-compile 0.3.1, slither 0.9.3
- #126164 elopez: https://github.com/Homebrew/homebrew-core/pull/126164
- Repo: Homebrew/homebrew-core
- Name: crytic-compile 0.3.5
- #151684 elopez: https://github.com/Homebrew/homebrew-core/pull/151684
- Repo: Homebrew/homebrew-core
- Name: echidna 2.0.5
- #121092 elopez: https://github.com/Homebrew/homebrew-core/pull/121092
- Repo: Homebrew/homebrew-core
- Name: echidna 2.1.0
- #125331 elopez: https://github.com/Homebrew/homebrew-core/pull/125331
- Repo: Homebrew/homebrew-core
- Name: echidna 2.1.1
- #128647 elopez: https://github.com/Homebrew/homebrew-core/pull/128647
- Repo: Homebrew/homebrew-core
- Name: echidna 2.2.0
- #131575 elopez: https://github.com/Homebrew/homebrew-core/pull/131575
- Repo: Homebrew/homebrew-core
- Name: echidna: update test
- #131509 elopez: https://github.com/Homebrew/homebrew-core/pull/131509
- Repo: Homebrew/homebrew-core
- Name: haskell-stack: rebuild with GHC 9.2.7
- #125010 elopez: https://github.com/Homebrew/homebrew-core/pull/125010
- Repo: Homebrew/homebrew-core
- Name: medusa 0.1.1 (new formula)
- #139078 elopez: https://github.com/Homebrew/homebrew-core/pull/139078
- Repo: Homebrew/homebrew-core
- Name: medusa 0.1.2
- #140307 elopez: https://github.com/Homebrew/homebrew-core/pull/140307
- Repo: Homebrew/homebrew-core
- Name: secp256k1: enable module recovery
- #121096 elopez: https://github.com/Homebrew/homebrew-core/pull/121096
- Repo: Homebrew/homebrew-core
- Name: slither-analyzer 0.9.2, crytic-compile 0.2.4, migrate to [email protected]
- #120361 elopez: https://github.com/Homebrew/homebrew-core/pull/120361
- Repo: Homebrew/homebrew-core
- Name: slither-analyzer 0.9.5
- #135057 elopez: https://github.com/Homebrew/homebrew-core/pull/135057
- Repo: Homebrew/homebrew-core
- Name: solc-select, crytic-compile, slither-analyzer, echidna: improve testing on ARM
- #127681 elopez: https://github.com/Homebrew/homebrew-core/pull/127681
- Repo: Homebrew/brew
- Name: extend/ENV/super: correct
deparallelize
signature - #15726 elopez: https://github.com/Homebrew/brew/pull/15726
- Name: extend/ENV/super: correct
- Repo: osquery/osquery
- Name: cve: Update openssl to 3.2.0
- #8212 Smjert: https://github.com/osquery/osquery/pull/8212
- Repo: osquery/osquery
- Name: tests: Enable client certificate verification in the TLS tests
- #8211 Smjert: https://github.com/osquery/osquery/pull/8211
- Repo: osquery/osquery
- Name: ci: Fix Linux build
- #8208 Smjert: https://github.com/osquery/osquery/pull/8208
- Repo: osquery/osquery
- Name: ci: Update nvdlib to use the latest NVD APIs
- #8207 Smjert: https://github.com/osquery/osquery/pull/8207
- Repo: osquery/osquery
- Name: build: Temporary workaround to build with XCode 15
- #8197 Smjert: https://github.com/osquery/osquery/pull/8197
- Repo: osquery/osquery
- Name: process_open_sockets: Mark pid column as additional instead of index
- #8191 Smjert: https://github.com/osquery/osquery/pull/8191
- Repo: osquery/osquery
- Name: docs: Correct link to a PR in the 4.7.0 changelog
- #8186 Smjert: https://github.com/osquery/osquery/pull/8186
- Repo: osquery/osquery
- Name: ci: Correct job order
- #8185 Smjert: https://github.com/osquery/osquery/pull/8185
- Repo: osquery/osquery
- Name: docs: Call out in the CHANGELOG the format changes of the status logs decorations
- #8174 Smjert: https://github.com/osquery/osquery/pull/8174
- Repo: osquery/osquery
- Name: docs: Remove some duplicated lines from 5.8.1 changelog
- #8172 Smjert: https://github.com/osquery/osquery/pull/8172
- Repo: osquery/osquery
- Name: cve: Update expat to version 2.5.0
- #8159 Smjert: https://github.com/osquery/osquery/pull/8159
- Repo: osquery/osquery
- Name: cve: Fix the expat product name in the libraries manifest
- #8158 Smjert: https://github.com/osquery/osquery/pull/8158
- Repo: osquery/osquery
- Name: ci: Fix
DistributedTests.test_run_queries_with_denylisted_query
test - #8154 Smjert: https://github.com/osquery/osquery/pull/8154
- Name: ci: Fix
- Repo: osquery/osquery
- Name: wifi_survey: Do not crash if the ssid cannot be retrieved
- #8153 Smjert: https://github.com/osquery/osquery/pull/8153
- Repo: osquery/osquery
- Name: ci: Remove flakyness when removing unused packages on Linux
- #8144 Smjert: https://github.com/osquery/osquery/pull/8144
- Repo: osquery/osquery
- Name: file: Add Shortcut metadata parsing on Windows
- #8143 Smjert: https://github.com/osquery/osquery/pull/8143
- Repo: osquery/osquery
- Name: cve: Update libmagic to 5.45
- #8142 Smjert: https://github.com/osquery/osquery/pull/8142
- Repo: osquery/osquery
- Name: cve: Update openssl to 3.1.3
- #8141 Smjert: https://github.com/osquery/osquery/pull/8141
- Repo: osquery/osquery
- Name: Permit cross compiling for x86_64 on Apple Silicon
- #8136 Smjert: https://github.com/osquery/osquery/pull/8136
- Repo: osquery/osquery
- Name: cve: Update lzma to 5.4.4
- #8135 Smjert: https://github.com/osquery/osquery/pull/8135
- Repo: osquery/osquery
- Name: Fix openssl build arch for Windows ARM64
- #8134 Smjert: https://github.com/osquery/osquery/pull/8134
- Repo: osquery/osquery
- Name: ci: Increase disk space on the Linux x86_64 runner
- #8133 Smjert: https://github.com/osquery/osquery/pull/8133
- Repo: osquery/osquery
- Name: ci: Increase aarch64 available space by splitting the build
- #8131 Smjert: https://github.com/osquery/osquery/pull/8131
- Repo: osquery/osquery
- Name: docs: Update XCode version mentions to the proper one
- #8128 Smjert: https://github.com/osquery/osquery/pull/8128
- Repo: osquery/osquery
- Name: cve: Ignore libcap CVE-2023-2603
- #8127 Smjert: https://github.com/osquery/osquery/pull/8127
- Repo: osquery/osquery
- Name: cve: Ignore dbus CVE-2023-34969
- #8126 Smjert: https://github.com/osquery/osquery/pull/8126
- Repo: osquery/osquery
- Name: libs: Update openssl to 3.1.2
- #8124 Smjert: https://github.com/osquery/osquery/pull/8124
- Repo: osquery/osquery
- Name: Use JSON member iterator instead of rescanning
- #8122 Smjert: https://github.com/osquery/osquery/pull/8122
- Repo: osquery/osquery
- Name: Missing pragma/header guard for boottime.h
- #8117 Smjert: https://github.com/osquery/osquery/pull/8117
- Repo: osquery/osquery
- Name: aws: Add new AWS valid regions
- #8110 Smjert: https://github.com/osquery/osquery/pull/8110
- Repo: osquery/osquery
- Name: watchdog: Use virtual cores to calculate CPU utilization limit
- #8104 Smjert: https://github.com/osquery/osquery/pull/8104
- Repo: osquery/osquery
- Name: logs: Implement decorations_top_level flag for status logs
- #8102 Smjert: https://github.com/osquery/osquery/pull/8102
- Repo: osquery/osquery
- Name: Avoid blocking when reading plist files
- #8099 Smjert: https://github.com/osquery/osquery/pull/8099
- Repo: osquery/osquery
- Name: improvement: Avoid unnecessary string conversions
- #8093 Smjert: https://github.com/osquery/osquery/pull/8093
- Repo: osquery/osquery
- Name: cleanup: Substitute the TEXT macro with SQL_TEXT in table code
- #8091 Smjert: https://github.com/osquery/osquery/pull/8091
- Repo: osquery/osquery
- Name: firefox_addons: Use rapidjson to parse and don’t block on read
- #8089 Smjert: https://github.com/osquery/osquery/pull/8089
- Repo: osquery/osquery
- Name: core: Avoid checking if a file exists before opening
- #8087 Smjert: https://github.com/osquery/osquery/pull/8087
- Repo: osquery/osquery
- Name: cleanup: Remove forensicReadFile
- #8085 Smjert: https://github.com/osquery/osquery/pull/8085
- Repo: osquery/osquery
- Name: libs: Fix openssl build on aarch64
- #8084 Smjert: https://github.com/osquery/osquery/pull/8084
- Repo: osquery/osquery
- Name: Add warnings when an enrollment secret cannot be found
- #8082 Smjert: https://github.com/osquery/osquery/pull/8082
- Repo: osquery/osquery
- Name: libs: Update openssl to 3.1.1
- #8081 Smjert: https://github.com/osquery/osquery/pull/8081
- Repo: osquery/osquery
- Name: test: Fix leaks in inotify and rocksdb tests
- #8080 Smjert: https://github.com/osquery/osquery/pull/8080
- Repo: osquery/osquery
- Name: aws: Add an option to enforce FIPS endpoints
- #8075 Smjert: https://github.com/osquery/osquery/pull/8075
- Repo: osquery/osquery
- Name: Update expired Slack invite
- #8051 Smjert: https://github.com/osquery/osquery/pull/8051
- Repo: osquery/osquery
- Name: cve: Update to openssl 1.1.1u
- #8050 Smjert: https://github.com/osquery/osquery/pull/8050
- Repo: osquery/osquery
- Name: Improve extended_attributes implementation for Linux and macOS
- #8046 Smjert: https://github.com/osquery/osquery/pull/8046
- Repo: osquery/osquery
- Name: test: Fix a leak in ExtendedAttributesTableTests SetUp function
- #8045 Smjert: https://github.com/osquery/osquery/pull/8045
- Repo: osquery/osquery
- Name: Fix the aarch64 workflow
- #8036 Smjert: https://github.com/osquery/osquery/pull/8036
- Repo: osquery/osquery
- Name: Fix the aarch64 workflow
- #8035 Smjert: https://github.com/osquery/osquery/pull/8035
- Repo: osquery/osquery
- Name: Do not consider a 404 as an error in ec2-instance-metadata
- #8025 Smjert: https://github.com/osquery/osquery/pull/8025
- Repo: osquery/osquery
- Name: cve: Update libxml2 to v2.11.2
- #8023 Smjert: https://github.com/osquery/osquery/pull/8023
- Repo: osquery/osquery
- Name: libs: Bring out LZ4 from rdkafka and update it to v1.9.4
- #7996 Smjert: https://github.com/osquery/osquery/pull/7996
- Repo: osquery/osquery
- Name: ci: Update aarch64 runner to Ubuntu 20.04 and update badges
- #7984 Smjert: https://github.com/osquery/osquery/pull/7984
- Repo: osquery/osquery
- Name: ci: Update python version and docs build tools
- #7969 Smjert: https://github.com/osquery/osquery/pull/7969
- Repo: osquery/osquery
- Name: test: Do not always expect a row from the secureboot table
- #7967 Smjert: https://github.com/osquery/osquery/pull/7967
- Repo: osquery/osquery
- Name: tests: Do not always build root tests on Linux
- #7966 Smjert: https://github.com/osquery/osquery/pull/7966
- Repo: osquery/osquery
- Name: test: Fix SystemdUnitsTest missing the unit_file_state column
- #7965 Smjert: https://github.com/osquery/osquery/pull/7965
- Repo: osquery/osquery
- Name: tests: Fix some tests becoming osquery shells
- #7964 Smjert: https://github.com/osquery/osquery/pull/7964
- Repo: osquery/osquery
- Name: ci: Workaround in the aarch64 runner to avoid out of space
- #7941 Smjert: https://github.com/osquery/osquery/pull/7941
- Repo: osquery/osquery
- Name: ci: Remove Windows 32bit build
- #7939 Smjert: https://github.com/osquery/osquery/pull/7939
- Repo: osquery/osquery
- Name: cve: Update openssl to 1.1.1t
- #7937 Smjert: https://github.com/osquery/osquery/pull/7937
- Repo: osquery/osquery
- Name: cve: Ignore util-linux cves
- #7929 Smjert: https://github.com/osquery/osquery/pull/7929
- Repo: osquery/osquery
- Name: libs: Fix system paths used by dbus
- #7919 Smjert: https://github.com/osquery/osquery/pull/7919
- Repo: osquery/osquery
- Name: libs: Fix libmagic build on macOS
- #7915 Smjert: https://github.com/osquery/osquery/pull/7915
- Repo: osquery/osquery
- Name: cve: Update yara to 4.2.3
- #7912 Smjert: https://github.com/osquery/osquery/pull/7912
- Repo: osquery/osquery
- Name: cve: Ignore sqlite CVE-2022-46908
- #7911 Smjert: https://github.com/osquery/osquery/pull/7911
- Repo: osquery/osquery
- Name: cve: Update librpm to 4.18.0
- #7910 Smjert: https://github.com/osquery/osquery/pull/7910
- Repo: osquery/osquery
- Name: libs: Update popt to 1.19
- #7909 Smjert: https://github.com/osquery/osquery/pull/7909
- Repo: osquery/osquery
- Name: test: Speed up ec2InstanceMetadata.test_sanity
- #7907 Smjert: https://github.com/osquery/osquery/pull/7907
- Repo: osquery/osquery
- Name: libs: Update dbus to 1.12.24
- #7905 Smjert: https://github.com/osquery/osquery/pull/7905
- Repo: osquery/osquery
- Name: libs: Update util-linux to 2.35.2
- #7902 Smjert: https://github.com/osquery/osquery/pull/7902
- Repo: osquery/osquery
- Name: `cpu_info`: Port the table to macOS x86 and Apple Silicon
- #7757 Smjert: https://github.com/osquery/osquery/pull/7757
- Repo: osquery/osquery
- Name: logger: Add new
string_batch
request type to compliment existingstring
type - #8027 alessandrogario: https://github.com/osquery/osquery/pull/8027
- Name: logger: Add new
- Repo: osquery/osquery
- Name: cmake: Add an option to disable shallow git clone operations
- #8026 alessandrogario: https://github.com/osquery/osquery/pull/8026
- Repo: osquery/osquery
- Name: cmake: Only link against the experiments loader when needed
- #7959 alessandrogario: https://github.com/osquery/osquery/pull/7959
- Repo: osquery/osquery
- Name: experiments: Implement a new bpf_process_events_v2 table
- #7773 alessandrogario: https://github.com/osquery/osquery/pull/7773
- Repo: osquery/osquery
- Name: Restore functionality of
crashes
table on macOS 12 and newer - #7819 mike-myers-tob: https://github.com/osquery/osquery/pull/7819
- Name: Restore functionality of
- Repo: orium/cargo-rdme
- Name: Implement intralinks for reference-style links
- #165 smoelius: https://github.com/orium/cargo-rdme/pull/165
- Repo: regexident/cargo-modules
- Name: Add
--acyclic
option - #184 smoelius: https://github.com/regexident/cargo-modules/pull/184
- Name: Add
- Repo: rust-lang/docs.rs
- Name: Add components
llvm-tools-preview
andrustc-dev
- #2101 smoelius: https://github.com/rust-lang/docs.rs/pull/2101
- Name: Add components
- Repo: rustsec/advisory-db
- Name: Add unmaintained
dlopen_derive
advisory - #1735 smoelius: https://github.com/rustsec/advisory-db/pull/1735
- Name: Add unmaintained
- Repo: rustsec/advisory-db
- Name: Link to HOWTO_UNMAINTAINED.md in README.md (#1748)
- #1754 smoelius: https://github.com/rustsec/advisory-db/pull/1754
- Repo: rust-secure-code/cargo-supply-chain
- Name: Add
--no-dev
option - #93 smoelius: https://github.com/rust-secure-code/cargo-supply-chain/pull/93
- Name: Add
Software analysis tools
- Repo: langston-barrett/tree-crasher
- Name: feat: add tree-crasher implementation for solidity
- #26 0xalpharush: https://github.com/langston-barrett/tree-crasher/pull/26
- Repo: assert-rs/assert_cmd
- Name: Restore newlines when writing
Bstr
s - #161 smoelius: https://github.com/assert-rs/assert_cmd/pull/161
- Name: Restore newlines when writing
- Repo: rust-lang/rust-clippy
- Name:
unwrap_or_else_default
->unwrap_or_default
and improve resulting lint - #10120 smoelius: https://github.com/rust-lang/rust-clippy/pull/10120
- Name:
- Repo: rust-lang/rust-clippy
- Name: Fix typo in
unused_self
diagnostic message - #10138 smoelius: https://github.com/rust-lang/rust-clippy/pull/10138
- Name: Fix typo in
- Repo: rust-lang/rust-clippy
- Name: Tiny typo:
eg.
->e.g.
- #10221 smoelius: https://github.com/rust-lang/rust-clippy/pull/10221
- Name: Tiny typo:
- Repo: rust-lang/rust-clippy
- Name: Fix rust-lang/rust#107877, etc.
- #10403 smoelius: https://github.com/rust-lang/rust-clippy/pull/10403
- Repo: rust-lang/rust-clippy
- Name: Two small documentation improvements
- #10425 smoelius: https://github.com/rust-lang/rust-clippy/pull/10425
- Repo: rust-lang/rust-clippy
- Name: Update macros.rs (typo)
- #10734 smoelius: https://github.com/rust-lang/rust-clippy/pull/10734
- Repo: rust-lang/rust-clippy
- Name: “try this” -> “try”
- #11055 smoelius: https://github.com/rust-lang/rust-clippy/pull/11055
- Repo: rust-lang/rust-clippy
- Name: Fix ICE in #10535
- #11130 smoelius: https://github.com/rust-lang/rust-clippy/pull/11130
- Repo: rust-lang/rust-clippy
- Name: Fix
unwrap_or_else_default
false positive - #11135 smoelius: https://github.com/rust-lang/rust-clippy/pull/11135
- Name: Fix
- Repo: rust-lang/rust-clippy
- Name: Add “Known problems” section to
needless_borrow
documentation - #11148 smoelius: https://github.com/rust-lang/rust-clippy/pull/11148
- Name: Add “Known problems” section to
- Repo: rust-lang/rust-clippy
- Name: Typo
- #11411 smoelius: https://github.com/rust-lang/rust-clippy/pull/11411
- Repo: rust-lang/rust-clippy
- Name: Nit re
matches!
formatting - #11863 smoelius: https://github.com/rust-lang/rust-clippy/pull/11863
- Name: Nit re
- Repo: rust-marker/marker
- Name: Typo
- #253 smoelius: https://github.com/rust-marker/marker/pull/253
- Repo: rust-marker/marker
- Name: Rustc: Librarify
marker_rustc_driver
- #271 smoelius: https://github.com/rust-marker/marker/pull/271
- Name: Rustc: Librarify
Blockchain software
- Repo: ethereum/hevm
- Name: Bump nixpkgs to GHC 9.4
- #303 arcz: https://github.com/ethereum/hevm/pull/303
- Repo: ethereum/hevm
- Name: Prepare 0.51.2 release
- #305 arcz: https://github.com/ethereum/hevm/pull/305
- Repo: ethereum/hevm
- Name: Fix path joining on Windows
- #306 arcz: https://github.com/ethereum/hevm/pull/306
- Repo: foundry-rs/book
- Name: update slither instructions
- #1043 0xalpharush: https://github.com/foundry-rs/book/pull/1043
- Repo: paradigmxyz/reth
- Name: ci: update test-fuzz installation
- #5126 0xalpharush: https://github.com/paradigmxyz/reth/pull/5126
- Repo: paradigmxyz/reth
- Name: feat: roundtrip fuzz harness for
PooledTransactions
- #5125 0xalpharush: https://github.com/paradigmxyz/reth/pull/5125
- Name: feat: roundtrip fuzz harness for
- Repo: foundry-rs/foundry
- Name: feat(forge): implement glob pattern for forge build –skip
- #5267 0xalpharush: https://github.com/foundry-rs/foundry/pull/5267
- Repo: foundry-rs/forge-std
- Name: feat(StdAssertions): Add
assertEqCall
- #311 0xPhaze: https://github.com/foundry-rs/forge-std/pull/311
- Name: feat(StdAssertions): Add
- Repo: solana-labs/solana
- Name: remove inaccurate comment about system instructions
- #31829 0xalpharush: https://github.com/solana-labs/solana/pull/31829
- Repo: worldcoin/world-id-state-bridge
- Name: don’t allow calls to initialize on UUPS impl
- #5 0xalpharush: https://github.com/worldcoin/world-id-state-bridge/pull/5
- Repo: OpenZeppelin/openzeppelin-contracts
- Name: Ignore reentrancy in
executeBatch
and update Slither config - #3955 0xalpharush: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3955
- Name: Ignore reentrancy in
- Repo: Y-Nak/solc-rust
- Name: fix boost linking on M1 and update build instructions
- #1 0xalpharush: https://github.com/Y-Nak/solc-rust/pull/1
- Repo: gakonst/ethers-rs
- Name: (docs): add clippy command
- #1967 0xalpharush: https://github.com/gakonst/ethers-rs/pull/1967
- Repo: hyperledger/solang
- Name: solang-parser README.md should mention breaking changes may occur
- #1213 smoelius: https://github.com/hyperledger/solang/pull/1213
- Repo: hyperledger/solang
- Name: Add optimizations test
- #1469 smoelius: https://github.com/hyperledger/solang/pull/1469
- Repo: solana-labs/solana
- Name:
borrow_mut
->borrow
in two places - #31399 smoelius: https://github.com/solana-labs/solana/pull/31399
- Name:
- Repo: ethereum/hevm
- Name: Windows build support
- #201 elopez: https://github.com/ethereum/hevm/pull/201
- Repo: ethereum/hevm
- Name: ci: re-enable windows
- #264 elopez: https://github.com/ethereum/hevm/pull/264
- Repo: ethereum/hevm
- Name: hevm: enable compact-unwind on macOS
- #281 elopez: https://github.com/ethereum/hevm/pull/281
- Repo: ethereum/hevm
- Name: Move Windows build to GHC 9.4
- #415 elopez: https://github.com/ethereum/hevm/pull/415
- Repo: ethereum/hevm
- Name: Remove unused deps
- #161 arcz: https://github.com/ethereum/hevm/pull/161
- Repo: ethereum/hevm
- Name: Fix SAR arithmetic overflow and copySlice regressions
- #163 arcz: https://github.com/ethereum/hevm/pull/163
- Repo: ethereum/hevm
- Name: Implement prank(address) cheatcode
- #167 arcz: https://github.com/ethereum/hevm/pull/167
- Repo: ethereum/hevm
- Name: Enable OverloadedRecordDot, NoFieldSelectors and DuplicateRecordFields
- #172 arcz: https://github.com/ethereum/hevm/pull/172
- Repo: ethereum/hevm
- Name: Fix slot fetch cache lookup
- #180 arcz: https://github.com/ethereum/hevm/pull/180
- Repo: ethereum/hevm
- Name: Cleanup some records
- #181 arcz: https://github.com/ethereum/hevm/pull/181
- Repo: ethereum/hevm
- Name: Fix showing source line number in debugger
- #182 arcz: https://github.com/ethereum/hevm/pull/182
- Repo: ethereum/hevm
- Name: Add fetchChainIdFrom
- #190 arcz: https://github.com/ethereum/hevm/pull/190
- Repo: ethereum/hevm
- Name: Bump flake.lock
- #192 arcz: https://github.com/ethereum/hevm/pull/192
- Repo: ethereum/hevm
- Name: Replace num/fromIntegral with witch
- #203 arcz: https://github.com/ethereum/hevm/pull/203
- Repo: ethereum/hevm
- Name: Optimize W256 serialization
- #215 arcz: https://github.com/ethereum/hevm/pull/215
- Repo: ethereum/hevm
- Name: Minor cleanup
- #216 arcz: https://github.com/ethereum/hevm/pull/216
- Repo: ethereum/hevm
- Name: Remove StrictData to improve performance
- #217 arcz: https://github.com/ethereum/hevm/pull/217
- Repo: ethereum/hevm
- Name: Run tests on all cores
- #222 arcz: https://github.com/ethereum/hevm/pull/222
- Repo: ethereum/hevm
- Name: Change interpret to take vm arg instead of StateT
- #232 arcz: https://github.com/ethereum/hevm/pull/232
- Repo: ethereum/hevm
- Name: Change BadCheatCode error to take just Word32
- #237 arcz: https://github.com/ethereum/hevm/pull/237
- Repo: ethereum/hevm
- Name: Add FunctionSelector type to improve semantics
- #238 arcz: https://github.com/ethereum/hevm/pull/238
- Repo: ethereum/hevm
- Name: Cleanup and unify style in EVM module
- #239 arcz: https://github.com/ethereum/hevm/pull/239
- Repo: ethereum/hevm
- Name: Bump nixpkgs
- #248 arcz: https://github.com/ethereum/hevm/pull/248
- Repo: ethereum/hevm
- Name: Prepare 0.51.1 release
- #269 arcz: https://github.com/ethereum/hevm/pull/269
- Repo: ethereum/hevm
- Name: Code cleanup
- #285 arcz: https://github.com/ethereum/hevm/pull/285
- Repo: ethereum/hevm
- Name: Bring back combined JSON loading
- #293 arcz: https://github.com/ethereum/hevm/pull/293
- Repo: ethereum/hevm
- Name: Prepare 0.51.3 release
- #310 arcz: https://github.com/ethereum/hevm/pull/310
- Repo: ethereum/hevm
- Name: Ignore word-simplification test
- #315 arcz: https://github.com/ethereum/hevm/pull/315
- Repo: ethereum/hevm
- Name: Simplify IOAct in Stepper
- #317 arcz: https://github.com/ethereum/hevm/pull/317
- Repo: ethereum/hevm
- Name: Mutable memory
- #318 arcz: https://github.com/ethereum/hevm/pull/318
- Repo: ethereum/hevm
- Name: Remove Stepper.Run action
- #326 arcz: https://github.com/ethereum/hevm/pull/326
- Repo: ethereum/hevm
- Name: Cleanup stackOp2 and stackOp3
- #351 arcz: https://github.com/ethereum/hevm/pull/351
- Repo: ethereum/hevm
- Name: Bump nixpkgs
- #370 arcz: https://github.com/ethereum/hevm/pull/370
Reverse engineering tools
- Repo: NationalSecurityAgency/ghidra
- Name: fix: incorrect sleigh in e_stmvsprw for PPC VLE
- #4886 Ninja3047: https://github.com/NationalSecurityAgency/ghidra/pull/4886
- Repo: NationalSecurityAgency/ghidra
- Name: fix: also decode eieio (mbar 0) for VLE
- #4887 Ninja3047: https://github.com/NationalSecurityAgency/ghidra/pull/4887
- Repo: NationalSecurityAgency/ghidra
- Name: Catch exception when reading invalid dwarf abbrev code and continue
- #5300 Ninja3047: https://github.com/NationalSecurityAgency/ghidra/pull/5300
- Repo: NationalSecurityAgency/ghidra
- Name: Fix call_frame_cfa value for ppc
- #5315 Ninja3047: https://github.com/NationalSecurityAgency/ghidra/pull/5315
- Repo: NationalSecurityAgency/ghidra
- Name: typo: setMinpeculativeOffset -> setMinSpeculativeOffset
- #5810 Ninja3047: https://github.com/NationalSecurityAgency/ghidra/pull/5810
- Repo: NationalSecurityAgency/ghidra
- Name: gradle: Fix screenShotsImplementation typo
- #4964 ekilmer: https://github.com/NationalSecurityAgency/ghidra/pull/4964
- Repo: NationalSecurityAgency/ghidra
- Name: gradle: Fix compile classpath for scripts
- #4974 ekilmer: https://github.com/NationalSecurityAgency/ghidra/pull/4974
- Repo: NationalSecurityAgency/ghidra
- Name: gradle: Fix bundle_examples compilation
- #4975 ekilmer: https://github.com/NationalSecurityAgency/ghidra/pull/4975
- Repo: NationalSecurityAgency/ghidra
- Name: Fix C++ sleighexample compilation
- #5211 ekilmer: https://github.com/NationalSecurityAgency/ghidra/pull/5211
- Repo: NationalSecurityAgency/ghidra
- Name: Fix memory leak after xml errors
- #5383 ekilmer: https://github.com/NationalSecurityAgency/ghidra/pull/5383
Software analysis/transformational tools
- Repo: michaelbrownuc/GadgetSetAnalyzer
- Name: Improve usability and some statistic calculations
- #13 reytchison: https://github.com/michaelbrownuc/GadgetSetAnalyzer/pull/13
- Repo: michaelbrownuc/CARVE
- Name: Debloat code in-place and some minor changes
- #3 reytchison: https://github.com/michaelbrownuc/CARVE/pull/3
- Repo: michaelbrownuc/CARVE
- Name: Support debloating python, package the project, and add tests.
- #5 reytchison: https://github.com/michaelbrownuc/CARVE/pull/5
Packing ecosystem/supply chain
- Repo: pypi/warehouse
- Name: Send emails on login from new IP address, API token creation
- #13869 tnytown: https://github.com/pypi/warehouse/pull/13869
- Repo: pypi/warehouse
- Name: Add OIDC claims to the
OIDCPublisher
caveat - #13668 tnytown: https://github.com/pypi/warehouse/pull/13668
- Name: Add OIDC claims to the
- Repo: pypi/warehouse
- Name: Trusted publishing: use
user/repo
slug in GitHub publisher form - #13681 jleightcap: https://github.com/pypi/warehouse/pull/13681
- Name: Trusted publishing: use
- Repo: pypi/warehouse
- Name: Expose OIDC claims in
request
context from macaroon - #13680 tnytown: https://github.com/pypi/warehouse/pull/13680
- Name: Expose OIDC claims in
- Repo: pypi/warehouse
- Name: Expand OIDC email template’s publisher specifiers
- #13667 Martolivna: https://github.com/pypi/warehouse/pull/13667
- Repo: pypi/warehouse
- Name: tests: fill in PEP 715 change coverage
- #14014 woodruffw: https://github.com/pypi/warehouse/pull/14014
- Repo: pypi/warehouse
- Name: Prefer
InputRequired
overDataRequired
on form validation - #13696 jleightcap: https://github.com/pypi/warehouse/pull/13696
- Name: Prefer
- Repo: pypi/warehouse
- Name: trusted publishing: repo owner in emails
- #13753 woodruffw: https://github.com/pypi/warehouse/pull/13753
- Repo: pypi/warehouse
- Name: Remove
IAuthorizationPolicy
from codebase - #13754 tnytown: https://github.com/pypi/warehouse/pull/13754
- Name: Remove
- Repo: pypi/warehouse
- Name: Emails whenever a release gets yanked or unyanked
- #13829 xBalbinus: https://github.com/pypi/warehouse/pull/13829
- Repo: pypi/warehouse
- Name: Use
InputRequired
with explicitformdata
- #13828 jleightcap: https://github.com/pypi/warehouse/pull/13828
- Name: Use
- Repo: python/peps
- Name: PEP 715: Disabling bdist_egg distribution uploads on PyPI
- #3161 woodruffw: https://github.com/python/peps/pull/3161
- Repo: pypi/warehouse
- Name: feat: Emails sent to existing email accounts when adding new email
- #13866 xBalbinus: https://github.com/pypi/warehouse/pull/13866
- Repo: pypi/warehouse
- Name: tests, warehouse: per-provider OIDC admin flags
- #13871 woodruffw: https://github.com/pypi/warehouse/pull/13871
- Repo: pypi/warehouse
- Name: Generalize trusted publishing emails
- #13872 woodruffw: https://github.com/pypi/warehouse/pull/13872
- Repo: pypi/warehouse
- Name: Fix IP hashing in development environment
- #13879 tnytown: https://github.com/pypi/warehouse/pull/13879
- Repo: pypi/warehouse
- Name: make the
invalid-publisher
err msg more informative - #13941 kemingy: https://github.com/pypi/warehouse/pull/13941
- Name: make the
- Repo: pypi/warehouse
- Name: Monotonic journals
- #13936 dstufft: https://github.com/pypi/warehouse/pull/13936
- Repo: pypi/warehouse
- Name: tests, warehouse: disable egg uploads
- #14118 woodruffw: https://github.com/pypi/warehouse/pull/14118
- Repo: jpadilla/pyjwt
- Name: api_jwt: add a
strict_aud
option - #902 woodruffw: https://github.com/jpadilla/pyjwt/pull/902
- Name: api_jwt: add a
- Repo: pypi/warehouse
- Name: Trusted publishing: Enforce strict audience checking
- #14158 woodruffw: https://github.com/pypi/warehouse/pull/14158
- Repo: pypi/warehouse
- Name: legacy: improve error msg for project mismatches
- #14082 woodruffw: https://github.com/pypi/warehouse/pull/14082
- Repo: pypi/warehouse
- Name: Implement initial rollout of PEP 715
- #14017 ewdurbin: https://github.com/pypi/warehouse/pull/14017
- Repo: pypi/warehouse
- Name: requirements: drop types-stdlib-list
- #14006 woodruffw: https://github.com/pypi/warehouse/pull/14006
- Repo: pypi/warehouse
- Name: dev, tests, warehouse: rm
warehouse.oidc.enabled
- #13885 woodruffw: https://github.com/pypi/warehouse/pull/13885
- Name: dev, tests, warehouse: rm
- Repo: pypi/warehouse
- Name: legacy: lingering PEP 527 changes
- #13881 woodruffw: https://github.com/pypi/warehouse/pull/13881
- Repo: pypi/warehouse
- Name: admin: add a “wipe factors” button
- #13848 woodruffw: https://github.com/pypi/warehouse/pull/13848
- Repo: pypi/warehouse
- Name: Refactor Authorization
- #13849 dstufft: https://github.com/pypi/warehouse/pull/13849
- Repo: pypi/warehouse
- Name: macaroons/caveats: document serialization limits
- #13810 woodruffw: https://github.com/pypi/warehouse/pull/13810
- Repo: pypi/warehouse
- Name: Fix links in trusted publisher documentation
- #13736 tnytown: https://github.com/pypi/warehouse/pull/13736
- Repo: pypi/warehouse
- Name: Document PyPI’s protections against resurrection attacks
- #13720 tnytown: https://github.com/pypi/warehouse/pull/13720
- Repo: pypa/gh-action-pypi-publish
- Name: twine-upload: add a nudge for trusted publishing
- #167 woodruffw: https://github.com/pypa/gh-action-pypi-publish/pull/167
- Repo: pypi/stdlib-list
- Name: README: reflow, preserve archived README
- #59 woodruffw: https://github.com/pypi/stdlib-list/pull/59
- Repo: pypi/stdlib-list
- Name: treewide: PEP 517/8
- #63 woodruffw: https://github.com/pypi/stdlib-list/pull/63
- Repo: pypi/stdlib-list
- Name: Fix tests, run tests in CI
- #64 woodruffw: https://github.com/pypi/stdlib-list/pull/64
- Repo: pypi/stdlib-list
- Name: QA: mypy, reformatting, and linting
- #69 woodruffw: https://github.com/pypi/stdlib-list/pull/69
- Repo: pypi/stdlib-list
- Name: workflows/listgen: fix missing env var
- #73 woodruffw: https://github.com/pypi/stdlib-list/pull/73
- Repo: pypi/stdlib-list
- Name: listgen: merge list instead of overwriting
- #81 woodruffw: https://github.com/pypi/stdlib-list/pull/81
- Repo: pypi/stdlib-list
- Name: add dependabot, use alls-green
- #86 woodruffw: https://github.com/pypi/stdlib-list/pull/86
- Repo: pypi/stdlib-list
- Name: stdlib_list: 0.9.0rc0
- #87 woodruffw: https://github.com/pypi/stdlib-list/pull/87
- Repo: pypi/stdlib-list
- Name: stdlib-list: 0.9.0
- #88 woodruffw: https://github.com/pypi/stdlib-list/pull/88
- Repo: sigstore/sigstore-python
- Name: cli: search for
{input}.sigstore.json
by default - #820 woodruffw: https://github.com/sigstore/sigstore-python/pull/820
- Name: cli: search for
- Repo: di/id
- Name: Drop Python 3.7, add 3.12 to tests and metadata
- #141 woodruffw: https://github.com/di/id/pull/141
- Repo: sigstore/protobuf-specs
- Name: pb-rust: Serde via prost + pbjson
- #95 jleightcap: https://github.com/sigstore/protobuf-specs/pull/95
- Repo: sigstore/sigstore-rs
- Name: conformance: add conformance CLI and action
- #287 jleightcap: https://github.com/sigstore/sigstore-rs/pull/287
- Repo: sigstore/protobuf-specs
- Name: pb-rust: JSON schema compilation source
- #118 jleightcap: https://github.com/sigstore/protobuf-specs/pull/118
- Repo: sigstore/protobuf-specs
- Name: jsonschema: container fix, updated compilation options
- #121 jleightcap: https://github.com/sigstore/protobuf-specs/pull/121
- Repo: sigstore/protobuf-specs
- Name: python-release: use trusted publishing
- #157 woodruffw: https://github.com/sigstore/protobuf-specs/pull/157
- Repo: sigstore/sigstore-conformance
- Name: README: prep 0.0.6
- #92 woodruffw: https://github.com/sigstore/sigstore-conformance/pull/92
- Repo: RustCrypto/formats
- Name: x509-cert: add Signed Certificate Timestamp (SCT) extension support
- #1134 imor: https://github.com/RustCrypto/formats/pull/1134
- Repo: sigstore/sigstore-rs
- Name: sign: init
- #310 jleightcap: https://github.com/sigstore/sigstore-rs/pull/310
- Repo: sigstore/sigstore-rs
- Name: verify: init
- #311 jleightcap: https://github.com/sigstore/sigstore-rs/pull/311
- Repo: sigstore/sigstore-rs
- Name: test: bundles + conformance suite
- #315 jleightcap: https://github.com/sigstore/sigstore-rs/pull/315
- Repo: sigstore/sigstore-rs
- Name: cosign/tuf: use trustroot
- #305 jleightcap: https://github.com/sigstore/sigstore-rs/pull/305
- Repo: sigstore/protobuf-specs
- Name: gens, protos: initialize rust codegen
- #83 jleightcap: https://github.com/sigstore/protobuf-specs/pull/83
- Repo: sigstore/protobuf-specs
- Name: workflows: add rust-release
- #88 woodruffw: https://github.com/sigstore/protobuf-specs/pull/88
- Repo: sigstore/protobuf-specs
- Name: CHANGELOG: initialize
- #93 woodruffw: https://github.com/sigstore/protobuf-specs/pull/93
- Repo: sigstore/protobuf-specs
- Name: pb-rust: docstring failure hotfix
- #123 jleightcap: https://github.com/sigstore/protobuf-specs/pull/123
- Repo: sigstore/sigstore-conformance
- Name: Add v0.2 bundle tests
- #112 bdehamer: https://github.com/sigstore/sigstore-conformance/pull/112
- Repo: sigstore/sigstore-conformance
- Name: Add opt-in support for tests that include providing a custom trust root
- #101 steiza: https://github.com/sigstore/sigstore-conformance/pull/101
- Repo: sigstore-conformance/extremely-dangerous-public-oidc-beacon
- Name: Start publishing the cursed token on GitHub Pages
- #7 jku: https://github.com/sigstore-conformance/extremely-dangerous-public-oidc-beacon/pull/7
- Repo: sigstore/protobuf-specs
- Name: python: 0.2.3rc1
- #159 woodruffw: https://github.com/sigstore/protobuf-specs/pull/159
- Repo: sigstore/protobuf-specs
- Name: python: 0.2.3rc0
- #158 woodruffw: https://github.com/sigstore/protobuf-specs/pull/158
- Repo: sigstore/protobuf-specs
- Name: python-release: use kebab-case
- #155 woodruffw: https://github.com/sigstore/protobuf-specs/pull/155
- Repo: sigstore/protobuf-specs
- Name: python: support 3.12, drop 3.7, bump betterproto
- #151 woodruffw: https://github.com/sigstore/protobuf-specs/pull/151
- Repo: sigstore/sigstore-conformance
- Name: assets: bump invalid_inclusion_proof to 0.2 bundle
- #109 woodruffw: https://github.com/sigstore/sigstore-conformance/pull/109
- Repo: sigstore/sigstore-conformance
- Name: Improve unexpected success handling
- #108 jku: https://github.com/sigstore/sigstore-conformance/pull/108
- Repo: sigstore/sigstore-conformance
- Name: README: prep 0.0.7
- #106 woodruffw: https://github.com/sigstore/sigstore-conformance/pull/106
- Repo: sigstore/sigstore-conformance
- Name: Allow multiple artifacts to exist
- #102 jku: https://github.com/sigstore/sigstore-conformance/pull/102
- Repo: sigstore/root-signing
- Name: tuf_client_tests: use actions/cache
- #933 woodruffw: https://github.com/sigstore/root-signing/pull/933
- Repo: sigstore/sigstore-conformance
- Name: action, conftest: initial xfail support
- #95 woodruffw: https://github.com/sigstore/sigstore-conformance/pull/95
- Repo: sigstore/sigstore-conformance
- Name: Fix typo to reference
skip-signing
input; mark additional test as using signing - #93 steiza: https://github.com/sigstore/sigstore-conformance/pull/93
- Name: Fix typo to reference
- Repo: sigstore/protobuf-specs
- Name: common: message_digest is not required
- #114 woodruffw: https://github.com/sigstore/protobuf-specs/pull/114
- Repo: sigstore/sigstore-conformance
- Name: cli: move oidc token into pytest
- #91 jleightcap: https://github.com/sigstore/sigstore-conformance/pull/91
- Repo: sigstore/sigstore-conformance
- Name: Change bundle verification test to not depend on signing
- #82 steiza: https://github.com/sigstore/sigstore-conformance/pull/82
- Repo: sigstore/fulcio
- Name: oid-info: mark old issuer ext as deprecated
- #1289 woodruffw: https://github.com/sigstore/fulcio/pull/1289
- Repo: sigstore/protobuf-specs
- Name: Added a prototype for generating jsonschema files
- #112 kommendorkapten: https://github.com/sigstore/protobuf-specs/pull/112
- Repo: sigstore/sigstore-conformance
- Name: Make it easier to run verification test locally
- #100 steiza: https://github.com/sigstore/sigstore-conformance/pull/100
- Repo: sigstore/sigstore-conformance
- Name: Add bundle tests to increase coverage of tlog entries
- #98 steiza: https://github.com/sigstore/sigstore-conformance/pull/98
- Repo: sigstore/sigstore-conformance
- Name: action: invoke pytest through python
- #89 woodruffw: https://github.com/sigstore/sigstore-conformance/pull/89
- Repo: sigstore/sigstore-conformance
- Name: README: prep 0.0.5
- #86 tetsuo-cpp: https://github.com/sigstore/sigstore-conformance/pull/86
- Repo: sigstore/sigstore-conformance
- Name: sigstore-python-conformance: Update wrapper
- #85 tetsuo-cpp: https://github.com/sigstore/sigstore-conformance/pull/85
- Repo: sigstore/sigstore-conformance
- Name: Add several bundle tests
- #84 steiza: https://github.com/sigstore/sigstore-conformance/pull/84
- Repo: sigstore/sigstore-conformance
- Name: conftest: Add
--identity-token
option back - #80 tetsuo-cpp: https://github.com/sigstore/sigstore-conformance/pull/80
- Name: conftest: Add
- Repo: sigstore/sigstore-python
- Name: API-level DSSE signing support
- #804 woodruffw: https://github.com/sigstore/sigstore-python/pull/804
- Repo: package-url/purl-spec
- Name: Add spec for
brew
package URLs - #281 woodruffw: https://github.com/package-url/purl-spec/pull/281
- Name: Add spec for
- Repo: in-toto/attestation
- Name: Python in CI/CD, add lintage and tests
- #306 woodruffw: https://github.com/in-toto/attestation/pull/306
- Repo: in-toto/attestation
- Name: in_toto_attestation/v1: fix type hints
- #301 woodruffw: https://github.com/in-toto/attestation/pull/301
- Repo: ossf/alpha-omega
- Name: Homebrew: 2023-10 update
- #273 woodruffw: https://github.com/ossf/alpha-omega/pull/273
- Repo: sigstore/sigstore-python
- Name: rekor: use
sigstore_rekor_types
for models - #788 woodruffw: https://github.com/sigstore/sigstore-python/pull/788
- Name: rekor: use
- Repo: ossf/alpha-omega
- Name: Homebrew: fill in README
- #269 woodruffw: https://github.com/ossf/alpha-omega/pull/269
- Repo: ossf/alpha-omega
- Name: Homebrew: add 2023-11 update
- #285 woodruffw: https://github.com/ossf/alpha-omega/pull/285
- Repo: Gallopsled/pwntools
- Name: shellcraft: more explicit sleep.asm docstring
- #2226 disconnect3d: https://github.com/Gallopsled/pwntools/pull/2226
- Repo: nix-community/poetry2nix
- Name: Add cryptography==41.0.3 hash
- #1249 disconnect3d: https://github.com/nix-community/poetry2nix/pull/1249
- Repo: google/nsjail
- Name: cgroup2.cc: improve note about using Docker
- #219 disconnect3d: https://github.com/google/nsjail/pull/219
- Repo: cs-au-dk/goat
- Name: Improve LoadPackages error message
- #2 disconnect3d: https://github.com/cs-au-dk/goat/pull/2
- Repo: slimtoolkit/slim
- Name: sysenv_linux.go: fix SeccompMode always using /proc/self/ instead of $pid
- #474 disconnect3d: https://github.com/slimtoolkit/slim/pull/474
- Repo: PowerShell/PowerShell-Native
- Name: libpsl-native: Fix
_FORTIFY_SOURCE
macros - #88 disconnect3d: https://github.com/PowerShell/PowerShell-Native/pull/88
- Name: libpsl-native: Fix
*** This is a Security Bloggers Network syndicated blog from Trail of Bits Blog authored by Trail of Bits. Read the original post at: https://blog.trailofbits.com/2024/01/24/celebrating-our-2023-open-source-contributions/