Release notes
*Sourced from [ecdsa's releases](https://github.com/warner/python-ecdsa/releases).*
> ## ecdsa 0.13.3
> Fix CVE-2019-14853 - possible DoS caused by malformed signature decoding
> Fix CVE-2019-14859 - signature malleability caused by insufficient checks of DER encoding
>
> Also harden key decoding from string and DER encodings.
>
> ## ecdsa 0.13.2
> Restore compatibility of setup.py with Python 2.6 and 2.7.
>
> ## ecdsa 0.13.1
> Fix the PyPI wheel - the old version included .pyc files.
Changelog
*Sourced from [ecdsa's changelog](https://github.com/warner/python-ecdsa/blob/master/NEWS).*
> * Release 0.15 (02 Jan 2020)
>
> Bug fixes:
> `from curves import *` will now correctly import `BRAINPOOLP256r1` and
> `BRAINPOOLP320r1` curves.
>
> New features:
> ECDH operations have a public explicit API.
> Large hashes are now supported with small curves (e.g. SHA-256 can be used
> with NIST192p).
> `VerifyingKey` now supports the `precompute()` method to further speed up
> signature verification with the given instance of the key.
>
> New API:
> `VerifyingKey`, `SigningKey`, `Public_key`, `Private_key` and
> `CurveFp` now have `__eq__` methods.
> `ecdsa.ecdh` module and `ECDH` class.
> `PointJacobi` added.
> `VerifyingKey.verify_digest`, `SigningKey.sign_digest` and
> `SigningKey.sign_digest_deterministic` methods now accept `allow_truncate`
> argument to enable use of hashes larger than the curve order.
> `VerifyingKey` `from_pem` and `from_der` now accept `hashfunc` parameter
> like other `from*` methods.
> `VerifyingKey` has `precompute` method now.
> `VerifyingKey.from_public_point` may now not perform validation of public
> point when `validate_point=False` argument is passed to method.
> `CurveFp` constructor now accepts the `h` parameter - the cofactor of the
> elliptic curve, it's used for selection of algorithm of public point
> verification.
>
> Performance:
> `randrange` now will now perform much fewer calls to system random number
> generator.
> `PointJacobi` introduced and used as the underlying implementation; speeds up
> the library by a factor of about 20.
> Library has now optional dependencies on `gmpy` and `gmpy2`. When they are
> availbale, the elliptic curve calculations will be about 3 times faster.
>
> Maintenance:
> expected minimum version of `six` module (1.9.0) is now specified explicitly
> in `setup.py` and tested against.
> Significantly faster test suite execution.
>
> * Release 0.14.1 (06 Nov 2019)
>
> Remove the obsolete `six.py` file from wheel
>
> * Release 0.14 (06 Nov 2019)
>
> Bug fixes:
> ... (truncated)
Commits
- [`7add221`](https://github.com/warner/python-ecdsa/commit/7add2213c992f51267eed8288b560f3f4108a28d) update NEWS file for 0.13.3
- [`5c4c74a`](https://github.com/warner/python-ecdsa/commit/5c4c74a454c852727ac3c0207a4010486dde1866) Merge pull request [#124](https://github-redirect.dependabot.com/warner/python-ecdsa/issues/124) from tomato42/backport-sig-decode
- [`1eb2c04`](https://github.com/warner/python-ecdsa/commit/1eb2c0410b97ac5101b5db20e2924d79db3e8ec5) update README with error handling of from_string() and from_der()
- [`b95be03`](https://github.com/warner/python-ecdsa/commit/b95be03d8540b3a088263cbb3a0a376a8a0efbd0) execute also new tests in Travis
- [`99c907d`](https://github.com/warner/python-ecdsa/commit/99c907d7acc94da6685470328174ea7299863dfd) harden also key decoding
- [`3427fa2`](https://github.com/warner/python-ecdsa/commit/3427fa29f319b27898a28601955807abb44c0830) ensure that the encoding is actually the minimal one for length and integer
- [`563d2ee`](https://github.com/warner/python-ecdsa/commit/563d2ee2c07e10ae4f77ccde4161d6a14c681b1b) make variable names in remove_integer more aproppriate
- [`14abfe0`](https://github.com/warner/python-ecdsa/commit/14abfe020d4907fd9849f269b98f5f8f1060366b) explicitly specify the distro to get py26 and py33
- [`9080d1d`](https://github.com/warner/python-ecdsa/commit/9080d1d5ac533da0de00466aaffb49bee808bb4e) fix length decoding
- [`897178c`](https://github.com/warner/python-ecdsa/commit/897178ca093282979ff19cc4035eadbc30ac0d23) give the same handling to string encoded signatures as to DER
- Additional commits viewable in [compare view](https://github.com/warner/python-ecdsa/compare/python-ecdsa-0.13...python-ecdsa-0.13.3)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/BangLiu/ACS-QG/network/alerts).
Bumps ecdsa from 0.13 to 0.13.3.
Release notes
*Sourced from [ecdsa's releases](https://github.com/warner/python-ecdsa/releases).* > ## ecdsa 0.13.3 > Fix CVE-2019-14853 - possible DoS caused by malformed signature decoding > Fix CVE-2019-14859 - signature malleability caused by insufficient checks of DER encoding > > Also harden key decoding from string and DER encodings. > > ## ecdsa 0.13.2 > Restore compatibility of setup.py with Python 2.6 and 2.7. > > ## ecdsa 0.13.1 > Fix the PyPI wheel - the old version included .pyc files.Changelog
*Sourced from [ecdsa's changelog](https://github.com/warner/python-ecdsa/blob/master/NEWS).* > * Release 0.15 (02 Jan 2020) > > Bug fixes: > `from curves import *` will now correctly import `BRAINPOOLP256r1` and > `BRAINPOOLP320r1` curves. > > New features: > ECDH operations have a public explicit API. > Large hashes are now supported with small curves (e.g. SHA-256 can be used > with NIST192p). > `VerifyingKey` now supports the `precompute()` method to further speed up > signature verification with the given instance of the key. > > New API: > `VerifyingKey`, `SigningKey`, `Public_key`, `Private_key` and > `CurveFp` now have `__eq__` methods. > `ecdsa.ecdh` module and `ECDH` class. > `PointJacobi` added. > `VerifyingKey.verify_digest`, `SigningKey.sign_digest` and > `SigningKey.sign_digest_deterministic` methods now accept `allow_truncate` > argument to enable use of hashes larger than the curve order. > `VerifyingKey` `from_pem` and `from_der` now accept `hashfunc` parameter > like other `from*` methods. > `VerifyingKey` has `precompute` method now. > `VerifyingKey.from_public_point` may now not perform validation of public > point when `validate_point=False` argument is passed to method. > `CurveFp` constructor now accepts the `h` parameter - the cofactor of the > elliptic curve, it's used for selection of algorithm of public point > verification. > > Performance: > `randrange` now will now perform much fewer calls to system random number > generator. > `PointJacobi` introduced and used as the underlying implementation; speeds up > the library by a factor of about 20. > Library has now optional dependencies on `gmpy` and `gmpy2`. When they are > availbale, the elliptic curve calculations will be about 3 times faster. > > Maintenance: > expected minimum version of `six` module (1.9.0) is now specified explicitly > in `setup.py` and tested against. > Significantly faster test suite execution. > > * Release 0.14.1 (06 Nov 2019) > > Remove the obsolete `six.py` file from wheel > > * Release 0.14 (06 Nov 2019) > > Bug fixes: > ... (truncated)Commits
- [`7add221`](https://github.com/warner/python-ecdsa/commit/7add2213c992f51267eed8288b560f3f4108a28d) update NEWS file for 0.13.3 - [`5c4c74a`](https://github.com/warner/python-ecdsa/commit/5c4c74a454c852727ac3c0207a4010486dde1866) Merge pull request [#124](https://github-redirect.dependabot.com/warner/python-ecdsa/issues/124) from tomato42/backport-sig-decode - [`1eb2c04`](https://github.com/warner/python-ecdsa/commit/1eb2c0410b97ac5101b5db20e2924d79db3e8ec5) update README with error handling of from_string() and from_der() - [`b95be03`](https://github.com/warner/python-ecdsa/commit/b95be03d8540b3a088263cbb3a0a376a8a0efbd0) execute also new tests in Travis - [`99c907d`](https://github.com/warner/python-ecdsa/commit/99c907d7acc94da6685470328174ea7299863dfd) harden also key decoding - [`3427fa2`](https://github.com/warner/python-ecdsa/commit/3427fa29f319b27898a28601955807abb44c0830) ensure that the encoding is actually the minimal one for length and integer - [`563d2ee`](https://github.com/warner/python-ecdsa/commit/563d2ee2c07e10ae4f77ccde4161d6a14c681b1b) make variable names in remove_integer more aproppriate - [`14abfe0`](https://github.com/warner/python-ecdsa/commit/14abfe020d4907fd9849f269b98f5f8f1060366b) explicitly specify the distro to get py26 and py33 - [`9080d1d`](https://github.com/warner/python-ecdsa/commit/9080d1d5ac533da0de00466aaffb49bee808bb4e) fix length decoding - [`897178c`](https://github.com/warner/python-ecdsa/commit/897178ca093282979ff19cc4035eadbc30ac0d23) give the same handling to string encoded signatures as to DER - Additional commits viewable in [compare view](https://github.com/warner/python-ecdsa/compare/python-ecdsa-0.13...python-ecdsa-0.13.3)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/BangLiu/ACS-QG/network/alerts).