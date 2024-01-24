At Trail of Bits, we pride ourselves on making our best tools open source, such as Slither, PolyTracker, and RPC Investigator. But while this post is about open source, it’s not about our tools…

In 2023, our employees submitted over 450 pull requests (PRs) that were merged into non-Trail of Bits repositories. This demonstrates our commitment to securing the software ecosystem as a whole and to improving software quality for everyone. A representative list of contributions appears at the end of this post, but here are some highlights:

Sigstore-conformance, a vital component of our Sigstore initiative in open-source engineering, functions as an integration test suite for diverse Sigstore client implementations. Ensuring conformity to the Sigstore client testing suite, it rigorously evaluates overall client behavior, addressing critical scenarios and aligning with ongoing efforts to establish an official Sigstore client specification. This workflow-focused testing suite seamlessly integrates into workflows with minimal configuration, offering comprehensive testing for Sigstore clients.

Protobuf-specs is another initiative in our open-source engineering. It is a collaborative repository for standardized data models and protocols across various Sigstore clients andhouses specifications for Sigstore messages. To update protobuf definitions, use Docker to generate protobuf stubs by running $ make all, resulting in Go and Python files under the ‘gen/’ directory.

pyOpenSSL stands as the predominant Python library for integrating OpenSSL functionality. Over approximately the past nine months, we have been actively involved in cleanup and maintenance tasks on pyOpenSSL as part of our contract with the STF. pyOpenSSL serves as a thin wrapper around a subset of the OpenSSL library, where many object methods simply invoke corresponding functions in the OpenSSL library.

Osquery is an SQL-powered framework for operating system instrumentation, monitoring, and analytics. We made numerous contributions to osquery, most notably adding process event monitoring for macOS based on the new Endpoint Security API; completely overhauling the project’s code-signing, packaging, and CI; and, last but not least, adding native support for Apple Silicon, the ARM-based architecture that Apple began transitioning to in 2022.

Homebrew-core serves as the central repository for the default Homebrew tap, encompassing a collection of software packages and associated formulas for seamless installations. Once you’ve configured Homebrew on your Mac or Linux system, you gain the ability to execute “brew install” commands for software available in this repository. Emilio Lopez, an application security engineer, actively contributed to this repository by submitting several pull requests and introducing new formulas or updating existing ones. Emilio’s focus has predominantly been on tools developed by ToB, such as crytic-compile, solc-select, Caracal, and others. Consequently, individuals can effortlessly install these tools with a straightforward “brew install” command, streamlining the installation process.

Ghidra, a National Security Agency Research Directorate creation, is a powerful software reverse engineering (SRE) framework. It offers advanced tools for code analysis on Windows, macOS, and Linux, including disassembly, decompilation, and scripting. Supporting various processor instruction sets, Ghidra serves as a customizable SRE research platform, aiding in the analysis of malicious code for cybersecurity purposes. We fixed numerous bugs to enhance its functionality, particularly in support of our work on DARPA’s AMP (Assured Micropatching) program.

We would like to acknowledge that submitting a PR is only a tiny part of the open-source experience. Someone has to review the PR. Someone has to maintain the code after the PR is merged. And submitters of earlier PRs have to write tests to ensure the functionality of their code is preserved.

We contribute to these projects in part because we love the craft, but also because we find these projects useful. For this, we offer the open-source community our most sincere thanks and wish everyone a happy, safe, and productive 2024!

Some of Trail of Bits’ 2023 open-source contributions

AI/ML

Repo: run-llama/llama_index Name: llms/openai: fix Azure OpenAI streaming #7677 ret2libc: https://github.com/run-llama/llama_index/pull/7677

Repo: run-llama/llama_index Name: llms/openai: fix Azure OpenAI by considering prompt_filter_results field #7755 ret2libc: https://github.com/run-llama/llama_index/pull/7755



Cryptography

Repo: 0xPARC/zk-bug-tracker Name: Updated mitigation in section on arithmetic overflows #10 fegge: https://github.com/0xPARC/zk-bug-tracker/pull/10

Repo: mlswg/mls-architecture Name: Change rathr -> rather #203 tjade273: https://github.com/mlswg/mls-architecture/pull/203

Repo: yi-sun/circom-pairing Name: Get all tests passing #23 tjade273: https://github.com/yi-sun/circom-pairing/pull/23

Repo: yi-sun/circom-pairing Name: Fix EllipticCurveAdd formula when computing (P – P) – P #22 tjade273: https://github.com/yi-sun/circom-pairing/pull/22

Repo: pyca/cryptography Name: rust: add crate skeleton for X.509 path validation #8873 woodruffw: https://github.com/pyca/cryptography/pull/8873

Repo: pyca/cryptography Name: verification: add missing max_chain_depth kwargs #9847 woodruffw: https://github.com/pyca/cryptography/pull/9847

Repo: pyca/cryptography Name: extensions: add Extensions::iter #9081 woodruffw: https://github.com/pyca/cryptography/pull/9081

Repo: alex/rust-asn1 Name: bump version to 0.15.4 #403 woodruffw: https://github.com/alex/rust-asn1/pull/403

Repo: alex/rust-asn1 Name: types: asn1::DateTime: PartialOrd #402 woodruffw: https://github.com/alex/rust-asn1/pull/402

Repo: pyca/cryptography Name: x509: Eq and Hash derives #9076 woodruffw: https://github.com/pyca/cryptography/pull/9076

Repo: alex/rust-asn1 Name: bump version to 0.15.3 #401 woodruffw: https://github.com/alex/rust-asn1/pull/401

Repo: pyca/cryptography Name: x509/common: make SPKI algorithm public #9061 woodruffw: https://github.com/pyca/cryptography/pull/9061

Repo: alex/rust-asn1 Name: types: document domains for DateTime fields #399 woodruffw: https://github.com/alex/rust-asn1/pull/399

Repo: pyca/cryptography Name: Add support for ChaCha20 in LibreSSL #9758 facutuesca: https://github.com/pyca/cryptography/pull/9758

Repo: pyca/cryptography Name: Add support for ChaCha20 with BoringSSL #9762 facutuesca: https://github.com/pyca/cryptography/pull/9762

Repo: pyca/cryptography Name: Add support for ChaCha20 with LibreSSL #9209 facutuesca: https://github.com/pyca/cryptography/pull/9209

Repo: pyca/cryptography Name: Add test vectors for ChaCha20 counter overflow #9221 facutuesca: https://github.com/pyca/cryptography/pull/9221

Repo: pyca/cryptography Name: Add poly1305 implementation for BoringSSL and LibreSSL #9392 facutuesca: https://github.com/pyca/cryptography/pull/9392

Repo: sfackler/rust-openssl Name: Expose Poly1305 bindings on libressl and boringssl #1998 facutuesca: https://github.com/sfackler/rust-openssl/pull/1998

Repo: pyca/cryptography Name: Fixes for ChaCha20 documentation #9192 facutuesca: https://github.com/pyca/cryptography/pull/9192

Repo: pyca/cryptography Name: Add support for ChaCha20-Poly1305 with BoringSSL #8946 facutuesca: https://github.com/pyca/cryptography/pull/8946

Repo: pyca/cryptography Name: certificate: add a get_extension helper #8892 woodruffw: https://github.com/pyca/cryptography/pull/8892

Repo: alex/rust-asn1 Name: types: add blanket Eq s for SequenceOf and SetOf #400 woodruffw: https://github.com/alex/rust-asn1/pull/400

Repo: pyca/cryptography Name: CHANGELOG: record ChaCha20Poly1305 changes #8955 woodruffw: https://github.com/pyca/cryptography/pull/8955

Repo: pyca/cryptography Name: validation: remove unused From impls #9891 woodruffw: https://github.com/pyca/cryptography/pull/9891

Repo: pyca/cryptography Name: validation: flatten error types #9890 woodruffw: https://github.com/pyca/cryptography/pull/9890

Repo: alex/rust-asn1 Name: types: add BigInt::is_negative API #425 woodruffw: https://github.com/alex/rust-asn1/pull/425

Repo: pyca/cryptography Name: Fix transposed doc, simplify type in trust store test #9874 woodruffw: https://github.com/pyca/cryptography/pull/9874

Repo: pyca/cryptography Name: verification: add VerificationError, doc APIs #9873 woodruffw: https://github.com/pyca/cryptography/pull/9873

Repo: pyca/cryptography Name: validation/policy: breakout test changes #9872 woodruffw: https://github.com/pyca/cryptography/pull/9872

Repo: pyca/cryptography Name: tests, ci: plumb x509-limbo-root #9871 woodruffw: https://github.com/pyca/cryptography/pull/9871

Repo: pyca/cryptography Name: validation/policy: remove old critical ext check logic #9855 woodruffw: https://github.com/pyca/cryptography/pull/9855

Repo: pyca/cryptography Name: actions: generalize the wycheproof fetch action #9848 woodruffw: https://github.com/pyca/cryptography/pull/9848

Repo: pyca/cryptography Name: validation: subject is non-optional #9846 woodruffw: https://github.com/pyca/cryptography/pull/9846

Repo: pyca/cryptography Name: src, tests: add max_chain_depth to validation API #9844 woodruffw: https://github.com/pyca/cryptography/pull/9844

Repo: pyca/cryptography Name: x509/validation: make algo sets non-optional #9821 woodruffw: https://github.com/pyca/cryptography/pull/9821

Repo: pyca/cryptography Name: Add top-level ServerVerifier.verify API #9805 woodruffw: https://github.com/pyca/cryptography/pull/9805

Repo: pyca/cryptography Name: validation: add permitted_public_key_algorithms #9801 woodruffw: https://github.com/pyca/cryptography/pull/9801

Repo: pyca/cryptography Name: X.509: Add WebPKI SPKI AlgorithmIdentifiers #9800 woodruffw: https://github.com/pyca/cryptography/pull/9800

Repo: pyca/cryptography Name: validation: add Rust-side extension validation helpers #9781 tetsuo-cpp: https://github.com/pyca/cryptography/pull/9781

Repo: pyca/cryptography Name: validation: add Rust-side certificate validation helpers #9757 tetsuo-cpp: https://github.com/pyca/cryptography/pull/9757

Repo: pyca/cryptography Name: x509: construct IPAddress and IPRange types #9346 tnytown: https://github.com/pyca/cryptography/pull/9346

Repo: pyca/cryptography Name: validation/ops: make public_key return Option #9356 woodruffw: https://github.com/pyca/cryptography/pull/9356

Repo: pyca/cryptography Name: noxfile, docs: fix posargs handling #9354 woodruffw: https://github.com/pyca/cryptography/pull/9354

Repo: pyca/cryptography Name: Migrate more types #9254 woodruffw: https://github.com/pyca/cryptography/pull/9254

Repo: pyca/cryptography Name: name: devolve NameReadable variant #9282 woodruffw: https://github.com/pyca/cryptography/pull/9282

Repo: pyca/cryptography Name: extensions: explicit lifetimes #9225 woodruffw: https://github.com/pyca/cryptography/pull/9225

Repo: pyca/cryptography Name: x509: more extension APIs #9213 woodruffw: https://github.com/pyca/cryptography/pull/9213

Repo: pyca/cryptography Name: oid: add more extension, EKU OIDs #9212 woodruffw: https://github.com/pyca/cryptography/pull/9212

Repo: pyca/cryptography Name: Certificate: useful APIs #9300 woodruffw: https://github.com/pyca/cryptography/pull/9300

Repo: pyca/cryptography Name: validation: profile trait, error types #9299 woodruffw: https://github.com/pyca/cryptography/pull/9299

Repo: pyca/cryptography Name: rust: update lockfile #9298 woodruffw: https://github.com/pyca/cryptography/pull/9298

Repo: pyca/cryptography Name: validation: add CryptoOps trait #9297 woodruffw: https://github.com/pyca/cryptography/pull/9297

Repo: pyca/cryptography Name: rust: add PyCryptoOps, test #9355 woodruffw: https://github.com/pyca/cryptography/pull/9355

Repo: pyca/cryptography Name: Path validation: builder/verifier API skeletons #9405 woodruffw: https://github.com/pyca/cryptography/pull/9405

Repo: pyca/cryptography Name: validation: add Rust-side trust store APIs #9744 woodruffw: https://github.com/pyca/cryptography/pull/9744

Repo: pyca/cryptography Name: validation/types: add DNSConstraint, rename IPConstraint #9700 woodruffw: https://github.com/pyca/cryptography/pull/9700

Repo: pyca/cryptography Name: x509/policy: add WebPKI permitted algorithms #9548 woodruffw: https://github.com/pyca/cryptography/pull/9548

Repo: pyca/cryptography Name: verification: fill in policy API internals #9642 woodruffw: https://github.com/pyca/cryptography/pull/9642

Repo: pyca/cryptography Name: validation/policy: general name matching #9659 woodruffw: https://github.com/pyca/cryptography/pull/9659

Repo: pyca/cryptography Name: certificate: increase lifetime precisions #9651 woodruffw: https://github.com/pyca/cryptography/pull/9651

Repo: pyca/cryptography Name: extensions: drop unnecessary self lifetime bound #9650 woodruffw: https://github.com/pyca/cryptography/pull/9650

Repo: pyca/cryptography Name: validation/ops: add test-only NullOps #9608 woodruffw: https://github.com/pyca/cryptography/pull/9608

Repo: pyca/cryptography Name: verification: add PolicyBuilder API #9601 woodruffw: https://github.com/pyca/cryptography/pull/9601

Repo: pyca/cryptography Name: ops: use Result<..., Self::Err> for returns #9599 woodruffw: https://github.com/pyca/cryptography/pull/9599

Repo: pyca/cryptography Name: docs: add Store docs #9416 woodruffw: https://github.com/pyca/cryptography/pull/9416

Repo: pyca/cryptography Name: x509: add Store API #9411 woodruffw: https://github.com/pyca/cryptography/pull/9411

Repo: pyca/cryptography Name: common: add more RSA-PSS algorithm id definitions #9412 woodruffw: https://github.com/pyca/cryptography/pull/9412

Repo: pyca/cryptography Name: rust: add PyCryptoOps #9606 woodruffw: https://github.com/pyca/cryptography/pull/9606

Repo: pyca/cryptography Name: Add support for AES-GCM-SIV using OpenSSL>=3.2.0 #9843 facutuesca: https://github.com/pyca/cryptography/pull/9843

Repo: pyca/cryptography Name: Add test vectors for AES-GCM-SIV #9930 facutuesca: https://github.com/pyca/cryptography/pull/9930

Repo: pyca/cryptography Name: validation/policy: rename var #9917 woodruffw: https://github.com/pyca/cryptography/pull/9917

Repo: pyca/pyopenssl Name: Add support for cryptography CRLs to X509Store #1252 facutuesca: https://github.com/pyca/pyopenssl/pull/1252

Repo: pyca/pyopenssl Name: Remove use of BN_set_word #1253 facutuesca: https://github.com/pyca/pyopenssl/pull/1253

Repo: pyca/pyopenssl Name: Deprecate X509Extension #1255 facutuesca: https://github.com/pyca/pyopenssl/pull/1255

Repo: pyca/pyopenssl Name: Migrate .readthedocs.yml to use build.os #1258 facutuesca: https://github.com/pyca/pyopenssl/pull/1258

Repo: pyca/cryptography Name: Deprecate naive datetime x509 APIs #9667 facutuesca: https://github.com/pyca/cryptography/pull/9667

Repo: pyca/cryptography Name: Add timezone-aware API variants for x509 #9661 facutuesca: https://github.com/pyca/cryptography/pull/9661

Repo: pyca/pyopenssl Name: Add support for Python 3.12 #1245 hugovk: https://github.com/pyca/pyopenssl/pull/1245

Repo: pyca/pyopenssl Name: Add support for Python 3.12 #1254 facutuesca: https://github.com/pyca/pyopenssl/pull/1254

Repo: pyca/pyopenssl Name: Increase cryptography minimum in tox.ini #1257 facutuesca: https://github.com/pyca/pyopenssl/pull/1257

Repo: pyca/pyopenssl Name: Deprecate CRL APIs #1251 facutuesca: https://github.com/pyca/pyopenssl/pull/1251

Repo: pyca/cryptography Name: x509/sct: replace another utcfromtimestamp call #9589 woodruffw: https://github.com/pyca/cryptography/pull/9589

Repo: pyca/pyopenssl Name: Fix failing test when running offline #1261 facutuesca: https://github.com/pyca/pyopenssl/pull/1261

Repo: sfackler/rust-openssl Name: Add two methods to the PKCS7 API #2111 facutuesca: https://github.com/sfackler/rust-openssl/pull/2111

Repo: pyca/pyopenssl Name: Put mypy, coverage.py, pytest in pyproject #1273 woodruffw: https://github.com/pyca/pyopenssl/pull/1273



Languages and compilers

Repo: rust-lang/rust Name: Fix typo in universal_regions.rs comment #107195 smoelius: https://github.com/rust-lang/rust/pull/107195

Repo: rust-lang/rust Name: docs: clarify explicitly freeing heap allocated memory #117563 0xalpharush: https://github.com/rust-lang/rust/pull/117563

Repo: llvm/llvm-project Name: [NFC] Remove outdated comment #72591 AdvenamTacet: https://github.com/llvm/llvm-project/pull/72591

Repo: llvm/llvm-project Name: [libc++][ASan] Removing clang version checks #71673 AdvenamTacet: https://github.com/llvm/llvm-project/pull/71673

Repo: llvm/llvm-project Name: Add std::basic_string test cases #74830 AdvenamTacet: https://github.com/llvm/llvm-project/pull/74830

Repo: llvm/llvm-project Name: [ASan][libc++] Refactor of ASan annotation functions #74023 AdvenamTacet: https://github.com/llvm/llvm-project/pull/74023

Repo: llvm/llvm-project Name: [ASan][libc++] std::basic_string annotations #72677 AdvenamTacet: https://github.com/llvm/llvm-project/pull/72677



Libraries

Repo: console-rs/indicatif Name: Fix attempt to subtract with overflow (#582) #586 smoelius: https://github.com/console-rs/indicatif/pull/586

Repo: dtolnay/syn Name: Qualify compile_error! #1431 smoelius: https://github.com/dtolnay/syn/pull/1431

Repo: matklad/xshell Name: Emit more informative error message when cwd does not exist #73 smoelius: https://github.com/matklad/xshell/pull/73

Repo: rust-num/num-bigint Name: Release 0.4.4 #280 cuviper: https://github.com/rust-num/num-bigint/pull/280

Repo: Peternator7/strum Name: Handle rustoc comments in #[derive(FromRepr)] #276 smoelius: https://github.com/Peternator7/strum/pull/276

Repo: pyrossh/rust-embed Name: Upgrade to syn 2.0 #211 smoelius: https://github.com/pyrossh/rust-embed/pull/211

Repo: TedDriggs/darling Name: Update README.md #232 smoelius: https://github.com/TedDriggs/darling/pull/232

Repo: tree-sitter/tree-sitter Name: Partially revert d4d5e29 #2278 smoelius: https://github.com/tree-sitter/tree-sitter/pull/2278

Repo: tree-sitter/tree-sitter Name: Fix OOB in Query::new #2280 smoelius: https://github.com/tree-sitter/tree-sitter/pull/2280

Repo: tree-sitter/tree-sitter Name: Handle edge cases involving consecutive “zero or” modifiers #2281 smoelius: https://github.com/tree-sitter/tree-sitter/pull/2281

Repo: XAMPPRocky/octocrab Name: Add follow-redirect feature #469 smoelius: https://github.com/XAMPPRocky/octocrab/pull/469



Tech infrastructure

Repo: wasmerio/wasmer Name: fix: prevent potential UB by deriving repr C for union #4296 0xalpharush: https://github.com/wasmerio/wasmer/pull/4296

Repo: rust-or/good_lp Name: deps: fix minimal fnv version #24 0xalpharush: https://github.com/rust-or/good_lp/pull/24

Repo: haskell/network Name: Install and use afunix_compat.h header #556 elopez: https://github.com/haskell/network/pull/556

Repo: haskell-actions/setup Name: Install the correct ghcup binary on aarch64 #47 elopez: https://github.com/haskell-actions/setup/pull/47

Repo: curl/curl-fuzzer Name: scripts: fix ssl builds on x86_64 #80 elopez: https://github.com/curl/curl-fuzzer/pull/80

Repo: Homebrew/homebrew-core Name: caracal 0.2.2 (new formula) #145966 elopez: https://github.com/Homebrew/homebrew-core/pull/145966

Repo: Homebrew/homebrew-core Name: crytic-compile 0.3.1, slither 0.9.3 #126164 elopez: https://github.com/Homebrew/homebrew-core/pull/126164

Repo: Homebrew/homebrew-core Name: crytic-compile 0.3.5 #151684 elopez: https://github.com/Homebrew/homebrew-core/pull/151684

Repo: Homebrew/homebrew-core Name: echidna 2.0.5 #121092 elopez: https://github.com/Homebrew/homebrew-core/pull/121092

Repo: Homebrew/homebrew-core Name: echidna 2.1.0 #125331 elopez: https://github.com/Homebrew/homebrew-core/pull/125331

Repo: Homebrew/homebrew-core Name: echidna 2.1.1 #128647 elopez: https://github.com/Homebrew/homebrew-core/pull/128647

Repo: Homebrew/homebrew-core Name: echidna 2.2.0 #131575 elopez: https://github.com/Homebrew/homebrew-core/pull/131575

Repo: Homebrew/homebrew-core Name: echidna: update test #131509 elopez: https://github.com/Homebrew/homebrew-core/pull/131509

Repo: Homebrew/homebrew-core Name: haskell-stack: rebuild with GHC 9.2.7 #125010 elopez: https://github.com/Homebrew/homebrew-core/pull/125010

Repo: Homebrew/homebrew-core Name: medusa 0.1.1 (new formula) #139078 elopez: https://github.com/Homebrew/homebrew-core/pull/139078

Repo: Homebrew/homebrew-core Name: medusa 0.1.2 #140307 elopez: https://github.com/Homebrew/homebrew-core/pull/140307

Repo: Homebrew/homebrew-core Name: secp256k1: enable module recovery #121096 elopez: https://github.com/Homebrew/homebrew-core/pull/121096

Repo: Homebrew/homebrew-core Name: slither-analyzer 0.9.2, crytic-compile 0.2.4, migrate to python@3.11 #120361 elopez: https://github.com/Homebrew/homebrew-core/pull/120361

Repo: Homebrew/homebrew-core Name: slither-analyzer 0.9.5 #135057 elopez: https://github.com/Homebrew/homebrew-core/pull/135057

Repo: Homebrew/homebrew-core Name: solc-select, crytic-compile, slither-analyzer, echidna: improve testing on ARM #127681 elopez: https://github.com/Homebrew/homebrew-core/pull/127681

Repo: Homebrew/brew Name: extend/ENV/super: correct deparallelize signature #15726 elopez: https://github.com/Homebrew/brew/pull/15726

Repo: osquery/osquery Name: cve: Update openssl to 3.2.0 #8212 Smjert: https://github.com/osquery/osquery/pull/8212

Repo: osquery/osquery Name: tests: Enable client certificate verification in the TLS tests #8211 Smjert: https://github.com/osquery/osquery/pull/8211

Repo: osquery/osquery Name: ci: Fix Linux build #8208 Smjert: https://github.com/osquery/osquery/pull/8208

Repo: osquery/osquery Name: ci: Update nvdlib to use the latest NVD APIs #8207 Smjert: https://github.com/osquery/osquery/pull/8207

Repo: osquery/osquery Name: build: Temporary workaround to build with XCode 15 #8197 Smjert: https://github.com/osquery/osquery/pull/8197

Repo: osquery/osquery Name: process_open_sockets: Mark pid column as additional instead of index #8191 Smjert: https://github.com/osquery/osquery/pull/8191

Repo: osquery/osquery Name: docs: Correct link to a PR in the 4.7.0 changelog #8186 Smjert: https://github.com/osquery/osquery/pull/8186

Repo: osquery/osquery Name: ci: Correct job order #8185 Smjert: https://github.com/osquery/osquery/pull/8185

Repo: osquery/osquery Name: docs: Call out in the CHANGELOG the format changes of the status logs decorations #8174 Smjert: https://github.com/osquery/osquery/pull/8174

Repo: osquery/osquery Name: docs: Remove some duplicated lines from 5.8.1 changelog #8172 Smjert: https://github.com/osquery/osquery/pull/8172

Repo: osquery/osquery Name: cve: Update expat to version 2.5.0 #8159 Smjert: https://github.com/osquery/osquery/pull/8159

Repo: osquery/osquery Name: cve: Fix the expat product name in the libraries manifest #8158 Smjert: https://github.com/osquery/osquery/pull/8158

Repo: osquery/osquery Name: ci: Fix DistributedTests.test_run_queries_with_denylisted_query test #8154 Smjert: https://github.com/osquery/osquery/pull/8154

Repo: osquery/osquery Name: wifi_survey: Do not crash if the ssid cannot be retrieved #8153 Smjert: https://github.com/osquery/osquery/pull/8153

Repo: osquery/osquery Name: ci: Remove flakyness when removing unused packages on Linux #8144 Smjert: https://github.com/osquery/osquery/pull/8144

Repo: osquery/osquery Name: file: Add Shortcut metadata parsing on Windows #8143 Smjert: https://github.com/osquery/osquery/pull/8143

Repo: osquery/osquery Name: cve: Update libmagic to 5.45 #8142 Smjert: https://github.com/osquery/osquery/pull/8142

Repo: osquery/osquery Name: cve: Update openssl to 3.1.3 #8141 Smjert: https://github.com/osquery/osquery/pull/8141

Repo: osquery/osquery Name: Permit cross compiling for x86_64 on Apple Silicon #8136 Smjert: https://github.com/osquery/osquery/pull/8136

Repo: osquery/osquery Name: cve: Update lzma to 5.4.4 #8135 Smjert: https://github.com/osquery/osquery/pull/8135

Repo: osquery/osquery Name: Fix openssl build arch for Windows ARM64 #8134 Smjert: https://github.com/osquery/osquery/pull/8134

Repo: osquery/osquery Name: ci: Increase disk space on the Linux x86_64 runner #8133 Smjert: https://github.com/osquery/osquery/pull/8133

Repo: osquery/osquery Name: ci: Increase aarch64 available space by splitting the build #8131 Smjert: https://github.com/osquery/osquery/pull/8131

Repo: osquery/osquery Name: docs: Update XCode version mentions to the proper one #8128 Smjert: https://github.com/osquery/osquery/pull/8128

Repo: osquery/osquery Name: cve: Ignore libcap CVE-2023-2603 #8127 Smjert: https://github.com/osquery/osquery/pull/8127

Repo: osquery/osquery Name: cve: Ignore dbus CVE-2023-34969 #8126 Smjert: https://github.com/osquery/osquery/pull/8126

Repo: osquery/osquery Name: libs: Update openssl to 3.1.2 #8124 Smjert: https://github.com/osquery/osquery/pull/8124

Repo: osquery/osquery Name: Use JSON member iterator instead of rescanning #8122 Smjert: https://github.com/osquery/osquery/pull/8122

Repo: osquery/osquery Name: Missing pragma/header guard for boottime.h #8117 Smjert: https://github.com/osquery/osquery/pull/8117

Repo: osquery/osquery Name: aws: Add new AWS valid regions #8110 Smjert: https://github.com/osquery/osquery/pull/8110

Repo: osquery/osquery Name: watchdog: Use virtual cores to calculate CPU utilization limit #8104 Smjert: https://github.com/osquery/osquery/pull/8104

Repo: osquery/osquery Name: logs: Implement decorations_top_level flag for status logs #8102 Smjert: https://github.com/osquery/osquery/pull/8102

Repo: osquery/osquery Name: Avoid blocking when reading plist files #8099 Smjert: https://github.com/osquery/osquery/pull/8099

Repo: osquery/osquery Name: improvement: Avoid unnecessary string conversions #8093 Smjert: https://github.com/osquery/osquery/pull/8093

Repo: osquery/osquery Name: cleanup: Substitute the TEXT macro with SQL_TEXT in table code #8091 Smjert: https://github.com/osquery/osquery/pull/8091

Repo: osquery/osquery Name: firefox_addons: Use rapidjson to parse and don’t block on read #8089 Smjert: https://github.com/osquery/osquery/pull/8089

Repo: osquery/osquery Name: core: Avoid checking if a file exists before opening #8087 Smjert: https://github.com/osquery/osquery/pull/8087

Repo: osquery/osquery Name: cleanup: Remove forensicReadFile #8085 Smjert: https://github.com/osquery/osquery/pull/8085

Repo: osquery/osquery Name: libs: Fix openssl build on aarch64 #8084 Smjert: https://github.com/osquery/osquery/pull/8084

Repo: osquery/osquery Name: Add warnings when an enrollment secret cannot be found #8082 Smjert: https://github.com/osquery/osquery/pull/8082

Repo: osquery/osquery Name: libs: Update openssl to 3.1.1 #8081 Smjert: https://github.com/osquery/osquery/pull/8081

Repo: osquery/osquery Name: test: Fix leaks in inotify and rocksdb tests #8080 Smjert: https://github.com/osquery/osquery/pull/8080

Repo: osquery/osquery Name: aws: Add an option to enforce FIPS endpoints #8075 Smjert: https://github.com/osquery/osquery/pull/8075

Repo: osquery/osquery Name: Update expired Slack invite #8051 Smjert: https://github.com/osquery/osquery/pull/8051

Repo: osquery/osquery Name: cve: Update to openssl 1.1.1u #8050 Smjert: https://github.com/osquery/osquery/pull/8050

Repo: osquery/osquery Name: Improve extended_attributes implementation for Linux and macOS #8046 Smjert: https://github.com/osquery/osquery/pull/8046

Repo: osquery/osquery Name: test: Fix a leak in ExtendedAttributesTableTests SetUp function #8045 Smjert: https://github.com/osquery/osquery/pull/8045

Repo: osquery/osquery Name: Fix the aarch64 workflow #8036 Smjert: https://github.com/osquery/osquery/pull/8036

Repo: osquery/osquery Name: Fix the aarch64 workflow #8035 Smjert: https://github.com/osquery/osquery/pull/8035

Repo: osquery/osquery Name: Do not consider a 404 as an error in ec2-instance-metadata #8025 Smjert: https://github.com/osquery/osquery/pull/8025

Repo: osquery/osquery Name: cve: Update libxml2 to v2.11.2 #8023 Smjert: https://github.com/osquery/osquery/pull/8023

Repo: osquery/osquery Name: libs: Bring out LZ4 from rdkafka and update it to v1.9.4 #7996 Smjert: https://github.com/osquery/osquery/pull/7996

Repo: osquery/osquery Name: ci: Update aarch64 runner to Ubuntu 20.04 and update badges #7984 Smjert: https://github.com/osquery/osquery/pull/7984

Repo: osquery/osquery Name: ci: Update python version and docs build tools #7969 Smjert: https://github.com/osquery/osquery/pull/7969

Repo: osquery/osquery Name: test: Do not always expect a row from the secureboot table #7967 Smjert: https://github.com/osquery/osquery/pull/7967

Repo: osquery/osquery Name: tests: Do not always build root tests on Linux #7966 Smjert: https://github.com/osquery/osquery/pull/7966

Repo: osquery/osquery Name: test: Fix SystemdUnitsTest missing the unit_file_state column #7965 Smjert: https://github.com/osquery/osquery/pull/7965

Repo: osquery/osquery Name: tests: Fix some tests becoming osquery shells #7964 Smjert: https://github.com/osquery/osquery/pull/7964

Repo: osquery/osquery Name: ci: Workaround in the aarch64 runner to avoid out of space #7941 Smjert: https://github.com/osquery/osquery/pull/7941

Repo: osquery/osquery Name: ci: Remove Windows 32bit build #7939 Smjert: https://github.com/osquery/osquery/pull/7939

Repo: osquery/osquery Name: cve: Update openssl to 1.1.1t #7937 Smjert: https://github.com/osquery/osquery/pull/7937

Repo: osquery/osquery Name: cve: Ignore util-linux cves #7929 Smjert: https://github.com/osquery/osquery/pull/7929

Repo: osquery/osquery Name: libs: Fix system paths used by dbus #7919 Smjert: https://github.com/osquery/osquery/pull/7919

Repo: osquery/osquery Name: libs: Fix libmagic build on macOS #7915 Smjert: https://github.com/osquery/osquery/pull/7915

Repo: osquery/osquery Name: cve: Update yara to 4.2.3 #7912 Smjert: https://github.com/osquery/osquery/pull/7912

Repo: osquery/osquery Name: cve: Ignore sqlite CVE-2022-46908 #7911 Smjert: https://github.com/osquery/osquery/pull/7911

Repo: osquery/osquery Name: cve: Update librpm to 4.18.0 #7910 Smjert: https://github.com/osquery/osquery/pull/7910

Repo: osquery/osquery Name: libs: Update popt to 1.19 #7909 Smjert: https://github.com/osquery/osquery/pull/7909

Repo: osquery/osquery Name: test: Speed up ec2InstanceMetadata.test_sanity #7907 Smjert: https://github.com/osquery/osquery/pull/7907

Repo: osquery/osquery Name: libs: Update dbus to 1.12.24 #7905 Smjert: https://github.com/osquery/osquery/pull/7905

Repo: osquery/osquery Name: libs: Update util-linux to 2.35.2 #7902 Smjert: https://github.com/osquery/osquery/pull/7902

Repo: osquery/osquery Name: `cpu_info`: Port the table to macOS x86 and Apple Silicon #7757 Smjert: https://github.com/osquery/osquery/pull/7757

Repo: osquery/osquery Name: logger: Add new string_batch request type to compliment existing string type #8027 alessandrogario: https://github.com/osquery/osquery/pull/8027

Repo: osquery/osquery Name: cmake: Add an option to disable shallow git clone operations #8026 alessandrogario: https://github.com/osquery/osquery/pull/8026

Repo: osquery/osquery Name: cmake: Only link against the experiments loader when needed #7959 alessandrogario: https://github.com/osquery/osquery/pull/7959

Repo: osquery/osquery Name: experiments: Implement a new bpf_process_events_v2 table #7773 alessandrogario: https://github.com/osquery/osquery/pull/7773

Repo: osquery/osquery Name: Restore functionality of crashes table on macOS 12 and newer #7819 mike-myers-tob: https://github.com/osquery/osquery/pull/7819

Repo: orium/cargo-rdme Name: Implement intralinks for reference-style links #165 smoelius: https://github.com/orium/cargo-rdme/pull/165

Repo: regexident/cargo-modules Name: Add --acyclic option #184 smoelius: https://github.com/regexident/cargo-modules/pull/184

Repo: rust-lang/docs.rs Name: Add components llvm-tools-preview and rustc-dev #2101 smoelius: https://github.com/rust-lang/docs.rs/pull/2101

Repo: rustsec/advisory-db Name: Add unmaintained dlopen_derive advisory #1735 smoelius: https://github.com/rustsec/advisory-db/pull/1735

Repo: rustsec/advisory-db Name: Link to HOWTO_UNMAINTAINED.md in README.md (#1748) #1754 smoelius: https://github.com/rustsec/advisory-db/pull/1754

Repo: rust-secure-code/cargo-supply-chain Name: Add --no-dev option #93 smoelius: https://github.com/rust-secure-code/cargo-supply-chain/pull/93



Software analysis tools

Repo: langston-barrett/tree-crasher Name: feat: add tree-crasher implementation for solidity #26 0xalpharush: https://github.com/langston-barrett/tree-crasher/pull/26

Repo: assert-rs/assert_cmd Name: Restore newlines when writing Bstr s #161 smoelius: https://github.com/assert-rs/assert_cmd/pull/161

Repo: rust-lang/rust-clippy Name: unwrap_or_else_default -> unwrap_or_default and improve resulting lint #10120 smoelius: https://github.com/rust-lang/rust-clippy/pull/10120

Repo: rust-lang/rust-clippy Name: Fix typo in unused_self diagnostic message #10138 smoelius: https://github.com/rust-lang/rust-clippy/pull/10138

Repo: rust-lang/rust-clippy Name: Tiny typo: eg. -> e.g. #10221 smoelius: https://github.com/rust-lang/rust-clippy/pull/10221

Repo: rust-lang/rust-clippy Name: Fix rust-lang/rust#107877, etc. #10403 smoelius: https://github.com/rust-lang/rust-clippy/pull/10403

Repo: rust-lang/rust-clippy Name: Two small documentation improvements #10425 smoelius: https://github.com/rust-lang/rust-clippy/pull/10425

Repo: rust-lang/rust-clippy Name: Update macros.rs (typo) #10734 smoelius: https://github.com/rust-lang/rust-clippy/pull/10734

Repo: rust-lang/rust-clippy Name: “try this” -> “try” #11055 smoelius: https://github.com/rust-lang/rust-clippy/pull/11055

Repo: rust-lang/rust-clippy Name: Fix ICE in #10535 #11130 smoelius: https://github.com/rust-lang/rust-clippy/pull/11130

Repo: rust-lang/rust-clippy Name: Fix unwrap_or_else_default false positive #11135 smoelius: https://github.com/rust-lang/rust-clippy/pull/11135

Repo: rust-lang/rust-clippy Name: Add “Known problems” section to needless_borrow documentation #11148 smoelius: https://github.com/rust-lang/rust-clippy/pull/11148

Repo: rust-lang/rust-clippy Name: Typo #11411 smoelius: https://github.com/rust-lang/rust-clippy/pull/11411

Repo: rust-lang/rust-clippy Name: Nit re matches! formatting #11863 smoelius: https://github.com/rust-lang/rust-clippy/pull/11863

Repo: rust-marker/marker Name: Typo #253 smoelius: https://github.com/rust-marker/marker/pull/253

Repo: rust-marker/marker Name: Rustc: Librarify marker_rustc_driver #271 smoelius: https://github.com/rust-marker/marker/pull/271



Blockchain software

Repo: ethereum/hevm Name: Bump nixpkgs to GHC 9.4 #303 arcz: https://github.com/ethereum/hevm/pull/303

Repo: ethereum/hevm Name: Prepare 0.51.2 release #305 arcz: https://github.com/ethereum/hevm/pull/305

Repo: ethereum/hevm Name: Fix path joining on Windows #306 arcz: https://github.com/ethereum/hevm/pull/306

Repo: foundry-rs/book Name: update slither instructions #1043 0xalpharush: https://github.com/foundry-rs/book/pull/1043

Repo: paradigmxyz/reth Name: ci: update test-fuzz installation #5126 0xalpharush: https://github.com/paradigmxyz/reth/pull/5126

Repo: paradigmxyz/reth Name: feat: roundtrip fuzz harness for PooledTransactions #5125 0xalpharush: https://github.com/paradigmxyz/reth/pull/5125

Repo: foundry-rs/foundry Name: feat(forge): implement glob pattern for forge build –skip #5267 0xalpharush: https://github.com/foundry-rs/foundry/pull/5267

Repo: foundry-rs/forge-std Name: feat(StdAssertions): Add assertEqCall #311 0xPhaze: https://github.com/foundry-rs/forge-std/pull/311

Repo: solana-labs/solana Name: remove inaccurate comment about system instructions #31829 0xalpharush: https://github.com/solana-labs/solana/pull/31829

Repo: worldcoin/world-id-state-bridge Name: don’t allow calls to initialize on UUPS impl #5 0xalpharush: https://github.com/worldcoin/world-id-state-bridge/pull/5

Repo: OpenZeppelin/openzeppelin-contracts Name: Ignore reentrancy in executeBatch and update Slither config #3955 0xalpharush: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3955

Repo: Y-Nak/solc-rust Name: fix boost linking on M1 and update build instructions #1 0xalpharush: https://github.com/Y-Nak/solc-rust/pull/1

Repo: gakonst/ethers-rs Name: (docs): add clippy command #1967 0xalpharush: https://github.com/gakonst/ethers-rs/pull/1967

Repo: hyperledger/solang Name: solang-parser README.md should mention breaking changes may occur #1213 smoelius: https://github.com/hyperledger/solang/pull/1213

Repo: hyperledger/solang Name: Add optimizations test #1469 smoelius: https://github.com/hyperledger/solang/pull/1469

Repo: solana-labs/solana Name: borrow_mut -> borrow in two places #31399 smoelius: https://github.com/solana-labs/solana/pull/31399

Repo: ethereum/hevm Name: Windows build support #201 elopez: https://github.com/ethereum/hevm/pull/201

Repo: ethereum/hevm Name: ci: re-enable windows #264 elopez: https://github.com/ethereum/hevm/pull/264

Repo: ethereum/hevm Name: hevm: enable compact-unwind on macOS #281 elopez: https://github.com/ethereum/hevm/pull/281

Repo: ethereum/hevm Name: Move Windows build to GHC 9.4 #415 elopez: https://github.com/ethereum/hevm/pull/415

Repo: ethereum/hevm Name: Remove unused deps #161 arcz: https://github.com/ethereum/hevm/pull/161

Repo: ethereum/hevm Name: Fix SAR arithmetic overflow and copySlice regressions #163 arcz: https://github.com/ethereum/hevm/pull/163

Repo: ethereum/hevm Name: Implement prank(address) cheatcode #167 arcz: https://github.com/ethereum/hevm/pull/167

Repo: ethereum/hevm Name: Enable OverloadedRecordDot, NoFieldSelectors and DuplicateRecordFields #172 arcz: https://github.com/ethereum/hevm/pull/172

Repo: ethereum/hevm Name: Fix slot fetch cache lookup #180 arcz: https://github.com/ethereum/hevm/pull/180

Repo: ethereum/hevm Name: Cleanup some records #181 arcz: https://github.com/ethereum/hevm/pull/181

Repo: ethereum/hevm Name: Fix showing source line number in debugger #182 arcz: https://github.com/ethereum/hevm/pull/182

Repo: ethereum/hevm Name: Add fetchChainIdFrom #190 arcz: https://github.com/ethereum/hevm/pull/190

Repo: ethereum/hevm Name: Bump flake.lock #192 arcz: https://github.com/ethereum/hevm/pull/192

Repo: ethereum/hevm Name: Replace num/fromIntegral with witch #203 arcz: https://github.com/ethereum/hevm/pull/203

Repo: ethereum/hevm Name: Optimize W256 serialization #215 arcz: https://github.com/ethereum/hevm/pull/215

Repo: ethereum/hevm Name: Minor cleanup #216 arcz: https://github.com/ethereum/hevm/pull/216

Repo: ethereum/hevm Name: Remove StrictData to improve performance #217 arcz: https://github.com/ethereum/hevm/pull/217

Repo: ethereum/hevm Name: Run tests on all cores #222 arcz: https://github.com/ethereum/hevm/pull/222

Repo: ethereum/hevm Name: Change interpret to take vm arg instead of StateT #232 arcz: https://github.com/ethereum/hevm/pull/232

Repo: ethereum/hevm Name: Change BadCheatCode error to take just Word32 #237 arcz: https://github.com/ethereum/hevm/pull/237

Repo: ethereum/hevm Name: Add FunctionSelector type to improve semantics #238 arcz: https://github.com/ethereum/hevm/pull/238

Repo: ethereum/hevm Name: Cleanup and unify style in EVM module #239 arcz: https://github.com/ethereum/hevm/pull/239

Repo: ethereum/hevm Name: Bump nixpkgs #248 arcz: https://github.com/ethereum/hevm/pull/248

Repo: ethereum/hevm Name: Prepare 0.51.1 release #269 arcz: https://github.com/ethereum/hevm/pull/269

Repo: ethereum/hevm Name: Code cleanup #285 arcz: https://github.com/ethereum/hevm/pull/285

Repo: ethereum/hevm Name: Bring back combined JSON loading #293 arcz: https://github.com/ethereum/hevm/pull/293

Repo: ethereum/hevm Name: Prepare 0.51.3 release #310 arcz: https://github.com/ethereum/hevm/pull/310

Repo: ethereum/hevm Name: Ignore word-simplification test #315 arcz: https://github.com/ethereum/hevm/pull/315

Repo: ethereum/hevm Name: Simplify IOAct in Stepper #317 arcz: https://github.com/ethereum/hevm/pull/317

Repo: ethereum/hevm Name: Mutable memory #318 arcz: https://github.com/ethereum/hevm/pull/318

Repo: ethereum/hevm Name: Remove Stepper.Run action #326 arcz: https://github.com/ethereum/hevm/pull/326

Repo: ethereum/hevm Name: Cleanup stackOp2 and stackOp3 #351 arcz: https://github.com/ethereum/hevm/pull/351

Repo: ethereum/hevm Name: Bump nixpkgs #370 arcz: https://github.com/ethereum/hevm/pull/370



Reverse engineering tools

Repo: NationalSecurityAgency/ghidra Name: fix: incorrect sleigh in e_stmvsprw for PPC VLE #4886 Ninja3047: https://github.com/NationalSecurityAgency/ghidra/pull/4886

Repo: NationalSecurityAgency/ghidra Name: fix: also decode eieio (mbar 0) for VLE #4887 Ninja3047: https://github.com/NationalSecurityAgency/ghidra/pull/4887

Repo: NationalSecurityAgency/ghidra Name: Catch exception when reading invalid dwarf abbrev code and continue #5300 Ninja3047: https://github.com/NationalSecurityAgency/ghidra/pull/5300

Repo: NationalSecurityAgency/ghidra Name: Fix call_frame_cfa value for ppc #5315 Ninja3047: https://github.com/NationalSecurityAgency/ghidra/pull/5315

Repo: NationalSecurityAgency/ghidra Name: typo: setMinpeculativeOffset -> setMinSpeculativeOffset #5810 Ninja3047: https://github.com/NationalSecurityAgency/ghidra/pull/5810

Repo: NationalSecurityAgency/ghidra Name: gradle: Fix screenShotsImplementation typo #4964 ekilmer: https://github.com/NationalSecurityAgency/ghidra/pull/4964

Repo: NationalSecurityAgency/ghidra Name: gradle: Fix compile classpath for scripts #4974 ekilmer: https://github.com/NationalSecurityAgency/ghidra/pull/4974

Repo: NationalSecurityAgency/ghidra Name: gradle: Fix bundle_examples compilation #4975 ekilmer: https://github.com/NationalSecurityAgency/ghidra/pull/4975

Repo: NationalSecurityAgency/ghidra Name: Fix C++ sleighexample compilation #5211 ekilmer: https://github.com/NationalSecurityAgency/ghidra/pull/5211

Repo: NationalSecurityAgency/ghidra Name: Fix memory leak after xml errors #5383 ekilmer: https://github.com/NationalSecurityAgency/ghidra/pull/5383



Software analysis/transformational tools

Repo: michaelbrownuc/GadgetSetAnalyzer Name: Improve usability and some statistic calculations #13 reytchison: https://github.com/michaelbrownuc/GadgetSetAnalyzer/pull/13

Repo: michaelbrownuc/CARVE Name: Debloat code in-place and some minor changes #3 reytchison: https://github.com/michaelbrownuc/CARVE/pull/3

Repo: michaelbrownuc/CARVE Name: Support debloating python, package the project, and add tests. #5 reytchison: https://github.com/michaelbrownuc/CARVE/pull/5



Packing ecosystem/supply chain

Repo: pypi/warehouse Name: Send emails on login from new IP address, API token creation #13869 tnytown: https://github.com/pypi/warehouse/pull/13869

Repo: pypi/warehouse Name: Add OIDC claims to the OIDCPublisher caveat #13668 tnytown: https://github.com/pypi/warehouse/pull/13668

Repo: pypi/warehouse Name: Trusted publishing: use user/repo slug in GitHub publisher form #13681 jleightcap: https://github.com/pypi/warehouse/pull/13681

Repo: pypi/warehouse Name: Expose OIDC claims in request context from macaroon #13680 tnytown: https://github.com/pypi/warehouse/pull/13680

Repo: pypi/warehouse Name: Expand OIDC email template’s publisher specifiers #13667 Martolivna: https://github.com/pypi/warehouse/pull/13667

Repo: pypi/warehouse Name: tests: fill in PEP 715 change coverage #14014 woodruffw: https://github.com/pypi/warehouse/pull/14014

Repo: pypi/warehouse Name: Prefer InputRequired over DataRequired on form validation #13696 jleightcap: https://github.com/pypi/warehouse/pull/13696

Repo: pypi/warehouse Name: trusted publishing: repo owner in emails #13753 woodruffw: https://github.com/pypi/warehouse/pull/13753

Repo: pypi/warehouse Name: Remove IAuthorizationPolicy from codebase #13754 tnytown: https://github.com/pypi/warehouse/pull/13754

Repo: pypi/warehouse Name: Emails whenever a release gets yanked or unyanked #13829 xBalbinus: https://github.com/pypi/warehouse/pull/13829

Repo: pypi/warehouse Name: Use InputRequired with explicit formdata #13828 jleightcap: https://github.com/pypi/warehouse/pull/13828

Repo: python/peps Name: PEP 715: Disabling bdist_egg distribution uploads on PyPI #3161 woodruffw: https://github.com/python/peps/pull/3161

Repo: pypi/warehouse Name: feat: Emails sent to existing email accounts when adding new email #13866 xBalbinus: https://github.com/pypi/warehouse/pull/13866

Repo: pypi/warehouse Name: tests, warehouse: per-provider OIDC admin flags #13871 woodruffw: https://github.com/pypi/warehouse/pull/13871

Repo: pypi/warehouse Name: Generalize trusted publishing emails #13872 woodruffw: https://github.com/pypi/warehouse/pull/13872

Repo: pypi/warehouse Name: Fix IP hashing in development environment #13879 tnytown: https://github.com/pypi/warehouse/pull/13879

Repo: pypi/warehouse Name: make the invalid-publisher err msg more informative #13941 kemingy: https://github.com/pypi/warehouse/pull/13941

Repo: pypi/warehouse Name: Monotonic journals #13936 dstufft: https://github.com/pypi/warehouse/pull/13936

Repo: pypi/warehouse Name: tests, warehouse: disable egg uploads #14118 woodruffw: https://github.com/pypi/warehouse/pull/14118

Repo: jpadilla/pyjwt Name: api_jwt: add a strict_aud option #902 woodruffw: https://github.com/jpadilla/pyjwt/pull/902

Repo: pypi/warehouse Name: Trusted publishing: Enforce strict audience checking #14158 woodruffw: https://github.com/pypi/warehouse/pull/14158

Repo: pypi/warehouse Name: legacy: improve error msg for project mismatches #14082 woodruffw: https://github.com/pypi/warehouse/pull/14082

Repo: pypi/warehouse Name: Implement initial rollout of PEP 715 #14017 ewdurbin: https://github.com/pypi/warehouse/pull/14017

Repo: pypi/warehouse Name: requirements: drop types-stdlib-list #14006 woodruffw: https://github.com/pypi/warehouse/pull/14006

Repo: pypi/warehouse Name: dev, tests, warehouse: rm warehouse.oidc.enabled #13885 woodruffw: https://github.com/pypi/warehouse/pull/13885

Repo: pypi/warehouse Name: legacy: lingering PEP 527 changes #13881 woodruffw: https://github.com/pypi/warehouse/pull/13881

Repo: pypi/warehouse Name: admin: add a “wipe factors” button #13848 woodruffw: https://github.com/pypi/warehouse/pull/13848

Repo: pypi/warehouse Name: Refactor Authorization #13849 dstufft: https://github.com/pypi/warehouse/pull/13849

Repo: pypi/warehouse Name: macaroons/caveats: document serialization limits #13810 woodruffw: https://github.com/pypi/warehouse/pull/13810

Repo: pypi/warehouse Name: Fix links in trusted publisher documentation #13736 tnytown: https://github.com/pypi/warehouse/pull/13736

Repo: pypi/warehouse Name: Document PyPI’s protections against resurrection attacks #13720 tnytown: https://github.com/pypi/warehouse/pull/13720

Repo: pypa/gh-action-pypi-publish Name: twine-upload: add a nudge for trusted publishing #167 woodruffw: https://github.com/pypa/gh-action-pypi-publish/pull/167

Repo: pypi/stdlib-list Name: README: reflow, preserve archived README #59 woodruffw: https://github.com/pypi/stdlib-list/pull/59

Repo: pypi/stdlib-list Name: treewide: PEP 517/8 #63 woodruffw: https://github.com/pypi/stdlib-list/pull/63

Repo: pypi/stdlib-list Name: Fix tests, run tests in CI #64 woodruffw: https://github.com/pypi/stdlib-list/pull/64

Repo: pypi/stdlib-list Name: QA: mypy, reformatting, and linting #69 woodruffw: https://github.com/pypi/stdlib-list/pull/69

Repo: pypi/stdlib-list Name: workflows/listgen: fix missing env var #73 woodruffw: https://github.com/pypi/stdlib-list/pull/73

Repo: pypi/stdlib-list Name: listgen: merge list instead of overwriting #81 woodruffw: https://github.com/pypi/stdlib-list/pull/81

Repo: pypi/stdlib-list Name: add dependabot, use alls-green #86 woodruffw: https://github.com/pypi/stdlib-list/pull/86

Repo: pypi/stdlib-list Name: stdlib_list: 0.9.0rc0 #87 woodruffw: https://github.com/pypi/stdlib-list/pull/87

Repo: pypi/stdlib-list Name: stdlib-list: 0.9.0 #88 woodruffw: https://github.com/pypi/stdlib-list/pull/88

Repo: sigstore/sigstore-python Name: cli: search for {input}.sigstore.json by default #820 woodruffw: https://github.com/sigstore/sigstore-python/pull/820

Repo: di/id Name: Drop Python 3.7, add 3.12 to tests and metadata #141 woodruffw: https://github.com/di/id/pull/141

Repo: sigstore/protobuf-specs Name: pb-rust: Serde via prost + pbjson #95 jleightcap: https://github.com/sigstore/protobuf-specs/pull/95

Repo: sigstore/sigstore-rs Name: conformance: add conformance CLI and action #287 jleightcap: https://github.com/sigstore/sigstore-rs/pull/287

Repo: sigstore/protobuf-specs Name: pb-rust: JSON schema compilation source #118 jleightcap: https://github.com/sigstore/protobuf-specs/pull/118

Repo: sigstore/protobuf-specs Name: jsonschema: container fix, updated compilation options #121 jleightcap: https://github.com/sigstore/protobuf-specs/pull/121

Repo: sigstore/protobuf-specs Name: python-release: use trusted publishing #157 woodruffw: https://github.com/sigstore/protobuf-specs/pull/157

Repo: sigstore/sigstore-conformance Name: README: prep 0.0.6 #92 woodruffw: https://github.com/sigstore/sigstore-conformance/pull/92

Repo: RustCrypto/formats Name: x509-cert: add Signed Certificate Timestamp (SCT) extension support #1134 imor: https://github.com/RustCrypto/formats/pull/1134

Repo: sigstore/sigstore-rs Name: sign: init #310 jleightcap: https://github.com/sigstore/sigstore-rs/pull/310

Repo: sigstore/sigstore-rs Name: verify: init #311 jleightcap: https://github.com/sigstore/sigstore-rs/pull/311

Repo: sigstore/sigstore-rs Name: test: bundles + conformance suite #315 jleightcap: https://github.com/sigstore/sigstore-rs/pull/315

Repo: sigstore/sigstore-rs Name: cosign/tuf: use trustroot #305 jleightcap: https://github.com/sigstore/sigstore-rs/pull/305

Repo: sigstore/protobuf-specs Name: gens, protos: initialize rust codegen #83 jleightcap: https://github.com/sigstore/protobuf-specs/pull/83

Repo: sigstore/protobuf-specs Name: workflows: add rust-release #88 woodruffw: https://github.com/sigstore/protobuf-specs/pull/88

Repo: sigstore/protobuf-specs Name: CHANGELOG: initialize #93 woodruffw: https://github.com/sigstore/protobuf-specs/pull/93

Repo: sigstore/protobuf-specs Name: pb-rust: docstring failure hotfix #123 jleightcap: https://github.com/sigstore/protobuf-specs/pull/123

Repo: sigstore/sigstore-conformance Name: Add v0.2 bundle tests #112 bdehamer: https://github.com/sigstore/sigstore-conformance/pull/112

Repo: sigstore/sigstore-conformance Name: Add opt-in support for tests that include providing a custom trust root #101 steiza: https://github.com/sigstore/sigstore-conformance/pull/101

Repo: sigstore-conformance/extremely-dangerous-public-oidc-beacon Name: Start publishing the cursed token on GitHub Pages #7 jku: https://github.com/sigstore-conformance/extremely-dangerous-public-oidc-beacon/pull/7

Repo: sigstore/protobuf-specs Name: python: 0.2.3rc1 #159 woodruffw: https://github.com/sigstore/protobuf-specs/pull/159

Repo: sigstore/protobuf-specs Name: python: 0.2.3rc0 #158 woodruffw: https://github.com/sigstore/protobuf-specs/pull/158

Repo: sigstore/protobuf-specs Name: python-release: use kebab-case #155 woodruffw: https://github.com/sigstore/protobuf-specs/pull/155

Repo: sigstore/protobuf-specs Name: python: support 3.12, drop 3.7, bump betterproto #151 woodruffw: https://github.com/sigstore/protobuf-specs/pull/151

Repo: sigstore/sigstore-conformance Name: assets: bump invalid_inclusion_proof to 0.2 bundle #109 woodruffw: https://github.com/sigstore/sigstore-conformance/pull/109

Repo: sigstore/sigstore-conformance Name: Improve unexpected success handling #108 jku: https://github.com/sigstore/sigstore-conformance/pull/108

Repo: sigstore/sigstore-conformance Name: README: prep 0.0.7 #106 woodruffw: https://github.com/sigstore/sigstore-conformance/pull/106

Repo: sigstore/sigstore-conformance Name: Allow multiple artifacts to exist #102 jku: https://github.com/sigstore/sigstore-conformance/pull/102

Repo: sigstore/root-signing Name: tuf_client_tests: use actions/cache #933 woodruffw: https://github.com/sigstore/root-signing/pull/933

Repo: sigstore/sigstore-conformance Name: action, conftest: initial xfail support #95 woodruffw: https://github.com/sigstore/sigstore-conformance/pull/95

Repo: sigstore/sigstore-conformance Name: Fix typo to reference skip-signing input; mark additional test as using signing #93 steiza: https://github.com/sigstore/sigstore-conformance/pull/93

Repo: sigstore/protobuf-specs Name: common: message_digest is not required #114 woodruffw: https://github.com/sigstore/protobuf-specs/pull/114

Repo: sigstore/sigstore-conformance Name: cli: move oidc token into pytest #91 jleightcap: https://github.com/sigstore/sigstore-conformance/pull/91

Repo: sigstore/sigstore-conformance Name: Change bundle verification test to not depend on signing #82 steiza: https://github.com/sigstore/sigstore-conformance/pull/82

Repo: sigstore/fulcio Name: oid-info: mark old issuer ext as deprecated #1289 woodruffw: https://github.com/sigstore/fulcio/pull/1289

Repo: sigstore/protobuf-specs Name: Added a prototype for generating jsonschema files #112 kommendorkapten: https://github.com/sigstore/protobuf-specs/pull/112

Repo: sigstore/sigstore-conformance Name: Make it easier to run verification test locally #100 steiza: https://github.com/sigstore/sigstore-conformance/pull/100

Repo: sigstore/sigstore-conformance Name: Add bundle tests to increase coverage of tlog entries #98 steiza: https://github.com/sigstore/sigstore-conformance/pull/98

Repo: sigstore/sigstore-conformance Name: action: invoke pytest through python #89 woodruffw: https://github.com/sigstore/sigstore-conformance/pull/89

Repo: sigstore/sigstore-conformance Name: README: prep 0.0.5 #86 tetsuo-cpp: https://github.com/sigstore/sigstore-conformance/pull/86

Repo: sigstore/sigstore-conformance Name: sigstore-python-conformance: Update wrapper #85 tetsuo-cpp: https://github.com/sigstore/sigstore-conformance/pull/85

Repo: sigstore/sigstore-conformance Name: Add several bundle tests #84 steiza: https://github.com/sigstore/sigstore-conformance/pull/84

Repo: sigstore/sigstore-conformance Name: conftest: Add --identity-token option back #80 tetsuo-cpp: https://github.com/sigstore/sigstore-conformance/pull/80

Repo: sigstore/sigstore-python Name: API-level DSSE signing support #804 woodruffw: https://github.com/sigstore/sigstore-python/pull/804

Repo: package-url/purl-spec Name: Add spec for brew package URLs #281 woodruffw: https://github.com/package-url/purl-spec/pull/281

Repo: in-toto/attestation Name: Python in CI/CD, add lintage and tests #306 woodruffw: https://github.com/in-toto/attestation/pull/306

Repo: in-toto/attestation Name: in_toto_attestation/v1: fix type hints #301 woodruffw: https://github.com/in-toto/attestation/pull/301

Repo: ossf/alpha-omega Name: Homebrew: 2023-10 update #273 woodruffw: https://github.com/ossf/alpha-omega/pull/273

Repo: sigstore/sigstore-python Name: rekor: use sigstore_rekor_types for models #788 woodruffw: https://github.com/sigstore/sigstore-python/pull/788

Repo: ossf/alpha-omega Name: Homebrew: fill in README #269 woodruffw: https://github.com/ossf/alpha-omega/pull/269

Repo: ossf/alpha-omega Name: Homebrew: add 2023-11 update #285 woodruffw: https://github.com/ossf/alpha-omega/pull/285

Repo: Gallopsled/pwntools Name: shellcraft: more explicit sleep.asm docstring #2226 disconnect3d: https://github.com/Gallopsled/pwntools/pull/2226

Repo: nix-community/poetry2nix Name: Add cryptography==41.0.3 hash #1249 disconnect3d: https://github.com/nix-community/poetry2nix/pull/1249

Repo: google/nsjail Name: cgroup2.cc: improve note about using Docker #219 disconnect3d: https://github.com/google/nsjail/pull/219

Repo: cs-au-dk/goat Name: Improve LoadPackages error message #2 disconnect3d: https://github.com/cs-au-dk/goat/pull/2

Repo: slimtoolkit/slim Name: sysenv_linux.go: fix SeccompMode always using /proc/self/ instead of $pid #474 disconnect3d: https://github.com/slimtoolkit/slim/pull/474

Repo: PowerShell/PowerShell-Native Name: libpsl-native: Fix _FORTIFY_SOURCE macros #88 disconnect3d: https://github.com/PowerShell/PowerShell-Native/pull/88



Share this: Twitter

LinkedIn

Reddit

Telegram

Facebook

Pocket

Email

Print



Like this: Like Loading...