search

hatching / httpreplay

Replay HTTP and HTTPS requests from a PCAP based on TLS Master Secrets.
Other
95 stars 35 forks source link

Bump tlslite-ng from 0.7.5 to 0.7.6 #33

Closed dependabot[bot] closed 2 years ago

dependabot[bot] commented 3 years ago

Bumps tlslite-ng from 0.7.5 to 0.7.6.

Release notes

Sourced from tlslite-ng's releases.

v0.7.6

  • workaround CVE-2020-26263 - Bleichenbacher oracle in RSA decryption. Please note that while the code was fortified, because of peculiarities of python, it's not possible to fully fix it. If you require resistance against side-channel attacks please use a different library.
  • stop mis-detecting pycryptodome as pycrypto
  • start running test coverage on Python 3.8, fix test suite incompatibility with python 3.8
  • fix incompatibility of imaplib wrapper with imaplib on python 3.9
  • start running test coverage on Python 3.9
  • drop official support for Python 3.2: while we didn't perform any changes that should make the library stop working on Python 3.2, our dependency, python-ecdsa, doesn't support it
Commits
  • cc8fa0b Merge pull request #445 from tlsfuzzer/readme-updates-0.7
  • 30c914f update version in code for 0.7.6
  • 464fb20 fix build on py3.3
  • 0ca374a update readme for 0.7.6 release
  • f2e64e9 Merge pull request #441 from tlsfuzzer/py33-0.7
  • 70b3647 add the py3.3 keyword back
  • 135e071 use old M2Crypto with old(er) pythons
  • d8a1726 fix py33 test coverage
  • c28d6d3 Merge pull request #439 from tlsfuzzer/bleichenbacher-fixes-0.7
  • 2738f15 implement deterministic implicit rejection for RSA decryption
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/hatching/httpreplay/network/alerts).
dependabot[bot] commented 2 years ago

Looks like tlslite-ng is up-to-date now, so this is no longer needed.