LibreSSL 2.7.4 💾

LibreSSL Portable is a free version of the SSL/TLS protocol forked from OpenSSL, and developed by the OpenBSD project. LibreSSL is developed as part of the OpenBSD system, with lots of ancient cruft and security woes already fixed. The portable version for other Unices is developed alongside.

: Avoid a timing side-channel leak when generating DSA and ECDSA. Signatures. This is caused by an attempt to do fast modular Arithmetic, which introduces branches that leak information Regarding secret values. identified and reported by Keegan Ryan of NCC Group. Reject excessively large primes in DH key generation. Problem. Reported by Guido Vranken to OpenSSL https://github.com/openssl/openssl/pull/6457) and based on his. Diff. The LibreSSL project continues improvement of the codebase to reflect modern. Safe programming practices. We welcome feedback and improvements from the Broader community. Thanks to all of the contributors who helped make this Release possible.

ISC ssl tls cryptography security libraries aes rsa sha1 communications

Ghost 1.24.3 💾

Ghost is a Node/io.js based blogging platform. It provides a fully customizable dashboard, and dual-panel live MarkDown editing. Ghost is meant to be mobile-friendly and beatiful out of the box.

minor feature: preview url and Zapier when running on subdirectory. custom templates for tags and authors. Koenig - Embed card. Koenig - Disable Grammarly to high CPU usage.

MITL javascript nodejs iojs blog web-publishing markdown

Whiley 0.5.9 💾

Whiley is a programming language with refinement types, extended static checking and an indentation-based syntax. It compiles to Java bytecode and runs per JAR-runtime on any JVM, which in turn allows to reuse existing Java libraries. The SDK includes a compiler (wyjc), documentation, a plugin framework, disassembler, and an Eclipse plugin.

minor feature: Remove Type.Intersection and Type.Difference . SemanticType FowardPropagation. . Moved more stuff into FlowTypeUtils. . Working on handling lifetime arguments. . Restored operand checking for equality operators. . Ripping out forward propagation. . Design for ReadWriteTypeExtractor. . Merge branch 'feature/844-syntype' into develop. . Add AbstractTypedVisitor and AmbiguousCoercionCheck. . Partial for ConcreteTypeExtractor. . Working on Type.Recursive. . Add Ref implementation. . for TypeSubtractor and Invalid Tests. . Updated dependency. . Merge branch 'feature/837-ambiguous' into develop. . Continuing work on ambiguous coercions. . Support coinduction to remove infinite loops. . Add support for expansion. . for AmbiguousCoercionCheck. . for type subtraction. . Merge branch 'feature/837-ambiguous' into develop. . Update test cases #854. . Support Binary and Hex Literals. . Merge branch 'feature/854-binlits' into develop. . Refactor to use BinaryRelation. . Add RecursiveTypeAnalysis. . Add WyllFile and accompanying compile task. . Add Wyll Interpreter. . Terminating this branch. . Merge branch 'feature/803-wyll' into develop. . Preparing next release. . Merge branch 'develop'.

BSDL jvm whiley java programming-language static-typing

ownCloud 10.0.9beta 💾

ownCloud is an online file synchronization and sharing solution. It's easy to use as consumer-grade product, but can be hosted on private servers or data centers. It integrates with existing IT business infrastructure as well, and this allows to constrain and customize security and functional requirements. It comes with a simple user interface for file uploading, viewing or editing, contacts and calendars, bookmarks and media files.

minor feature: Save timezone as given during login . Split public password enforced capabilities into read-only, read_writ . . . . Standardize if test and comment format in acceptance test scripts. . Remove special Firefox V47 checks from webUI testing. . Put around env var usages. . Pass ADMIN_USERNAME in run.sh and start_ui_tests.sh scripts. . Removed unused webUI username and password definitions. . Add API test for creating a public read-write share of a file. . . . . . . . Preliminary changelog 10.0.9. . . . . . . . Put around remaining vars were they are missing. . . . Acceptance test coding standard changes. . . . Detune testStat storage mtime test. . . . API test for uploadToShare. . . . Simplify use statements in acceptance test code. . Acceptance test small typos. . stable10 . . Handle CSRF token errors on ajax/delete.php request. . acceptance test - file should not exist in trash. . acceptance test changeFavStateOfAnElement proppatch call. . acceptance test return value code smells. . Remove unused parameters in acceptance test methods. . Acceptance tests - a few var might not be defined IDE warnings. . Acceptance tests - add throws to doc blocks. . Remove null from param tags. . Add acceptance test for getting an empty list of groups of a user. . API test for gettingShares. . . . . . . . remove broken symlink. . Use settings l10n. . Bump symfony 3.4.9 to 3.4.11. . API test for moveReceivedShare. . API test for deleteShare. . API test for getWebDAVSharePermissions. . . . . . . . . . Update public link share in transfer ownership command. . . . . . Move select2 lib to core. . . . stable10 Symfony events added for login failed and public link acce . . . . . . API test for comments. . . . not-useful capabilities unit tests. . typo incomming = incoming. . . . Exclude uploads directory from read-only cache mask. . Bump icewind/smb from 1.1.0 to 3.0.0 in /apps/files_external/3rdparty. . Library update. .

OSL storage cloud web-environment file-sharing

QOwnNotes 18.06.2 💾

QOwnNotes is the open source (GPL) plain-text file notepad with markdown support and todo list manager for GNU/Linux, Mac OS X and Windows, that (optionally) works together with the notes application of ownCloud.

minor feature: Added `cups-control` to he snap version of QOwnNotes to possibly enable. Support for printing to printers (for Added tagging support for subfolders (for, a big thank you to @cal2195). Added new Chinese Traditional translation (for, a big thank you to @abev66). The current translation `Chinese` was renamed to `Chinese Simplified`. The desktop file `QOwnNotes.desktop` was renamed to `PBE.QOwnNotes.desktop`. For the Wayland compositor (for

GNU GPL desktop note-taking owncloud todo

requests 2.19.0 💾

Requests is a full-featured HTTP utility module for Python. It provides a simple and encompassing API for issuing requests and accessing responses and metadata. Requests supports international domains and IRLs, keep-alive session pools, persistent cookies, SSL/TLS, HTTP authorization (basic and digest token), standard Content-Encoding compression schemes, Unicode content, multipart/* MIME content, connection timeouts, and is thread-safe.

major bugfix: Improvements Warn user about possible slowdown when using cryptography version 1.3.4. Check for invalid host in proxy URL, before forwarding request to adapter. Fragments are now properly maintained across redirects. (RFC7231 7.1.2). Removed use of cgi module to expedite library load time. Added support for SHA-256 and SHA-512 digest auth algorithms. Minor performance improvement to `Request.content`. Migrate to using collections.abc for 3.7 compatibility. Parsing empty `Link` headers with `parse_header_links()` no longer return one bogus entry. where loading the default certificate bundle from a zip archive would raise an `IOError`. with unexpected `ImportError` on windows system which do not support `winreg` module. DNS resolution in proxy bypass no longer includes the username and password in the request. This also the of DNS queries failing on macOS. Properly normalize adapter prefor url comparison. Passing `None` as a file pointer to the `files` param no longer raises an exception. Calling `copy` on a `RequestsCookieJar` will now preserve the cookie policy correctly. Dependencies. We now support idna v2.7. We now support urllib3 v1.23.

Apache python requests http-client

asterisk 15.4.1 💾

Asterisk is an open source framework for building communications applications. Asterisk turns an ordinary computer into a communications server. Asterisk powers IP PBX systems, VoIP gateways, conference servers and other custom solutions. It is used by small businesses, large businesses, call centers, carriers and government agencies, worldwide. Asterisk is free and open source.

minor feature: Update for 15.4.1 AST-2018-008: enumeration of endpoints from ACL rejected addresses. When endpoint specific ACL rules block a SIP request they respond with a 403 forbidden. However, if an endpoint is not identified then a 401. Unauthorized response is sent. This vulnerability just diswhich Requests hit a defined endpoint. The ACL rules cannot be bypassed to gain Access to the disendpoints. Made endpoint specific ACL rules now respond with a 401 unauthorized. Which is the same as if an endpoint were not identified. The is Accomplished by replacing the found endpoint with the artificial endpoint Which always fails authentication. AST-2018-007: iostreams potential DoS when client connection prematurely Before Asterisk sends an HTTP response (at least in the case of errors), it attempts to read discard the content of the request. If the client. Lies about the Content-Length, or the connection is from the Client side before "Content-Length" bytes are sent, the request handling Thread will busy loop.

GNU GPL communication conferencing telephony sip

asterisk 14.7.7 💾

Asterisk is an open source framework for building communications applications. Asterisk turns an ordinary computer into a communications server. Asterisk powers IP PBX systems, VoIP gateways, conference servers and other custom solutions. It is used by small businesses, large businesses, call centers, carriers and government agencies, worldwide. Asterisk is free and open source.

minor feature: Update for 14.7.7 AST-2018-008: enumeration of endpoints from ACL rejected addresses. When endpoint specific ACL rules block a SIP request they respond with a 403 forbidden. However, if an endpoint is not identified then a 401. Unauthorized response is sent. This vulnerability just diswhich Requests hit a defined endpoint. The ACL rules cannot be bypassed to gain Access to the disendpoints. Made endpoint specific ACL rules now respond with a 401 unauthorized. Which is the same as if an endpoint were not identified. The is Accomplished by replacing the found endpoint with the artificial endpoint Which always fails authentication.

GNU GPL communication conferencing telephony sip

asterisk 13.21.1 💾

Asterisk is an open source framework for building communications applications. Asterisk turns an ordinary computer into a communications server. Asterisk powers IP PBX systems, VoIP gateways, conference servers and other custom solutions. It is used by small businesses, large businesses, call centers, carriers and government agencies, worldwide. Asterisk is free and open source.

minor feature: Update for 13.21.1 AST-2018-008: enumeration of endpoints from ACL rejected addresses. When endpoint specific ACL rules block a SIP request they respond with a 403 forbidden. However, if an endpoint is not identified then a 401. Unauthorized response is sent. This vulnerability just diswhich Requests hit a defined endpoint. The ACL rules cannot be bypassed to gain Access to the disendpoints. Made endpoint specific ACL rules now respond with a 401 unauthorized. Which is the same as if an endpoint were not identified. The is Accomplished by replacing the found endpoint with the artificial endpoint Which always fails authentication.

GNU GPL communication conferencing telephony sip

Pale Moon 27.9.3 💾

Pale Moon is a web browser derived from Firefox. It's not just a repackaged variant, but progresses with its own XUL-based interface focused on ease of use, but still incorporates latest Firefox technologies and supports many browser extensions.

minor feature: This is a security update. Changes/:. (CVE-2017-0381) Ported a patch from libopus upstream. Note. Contrary to that report, the libopus maintainers state they don't Believe remote code execution was possible, so this was not a critical Patch.. an with task counting in JS GC.. a use-after-free in DOMProxyHandler::EnsureExpandoObject.. Portable only: Included the previously omitted registry Helper. This may in some cases help with file/type associations.

MPL c gecko firefox web browser xul

exiftool 11.01 💾

ExifTool is a Perl library and command-line tool for reading and updating common meta data information in various file formats. Foremost it works on image files, EXIF, PNG, GPS, IPTC, XMP, JFIF/JPEG, GeoTIFF, ICC Profile, Photoshop IRB, FlashPix, AFCP, AIFF, DJVU, Postscript, GZIP, OpenDocument, PDF, SVG, OGG and ID3. It can also edit maker notes of digital (RAW) camera files from Canon, Casio, FLIR, FujiFilm, GE, HP, JVC/Victor, Kodak, Leaf, Minolta/Konica-Minolta, Nikon, Nintendo, Olympus/Epson, Panasonic/Leica, Pentax/Asahi, Phase One, Reconyx, Ricoh, Samsung, Sanyo, Sigma/Foveon and Sony.

minor feature: (production release). - Added a new ProfileCMMType. - Added a Validate warning about non-standard EXIF or XMP in PNG images. - Added a new Canon LensType. - Decode a couple more PanasonicRaw tags. - Patched to avoid adding tags to QuickTime videos with multiple 'mdat' atoms. -- avoids potential corruption of these videos!.

Artistic perl exif meta-data

ALT Starterkits 20180612 💾

ALT is a set of Linux distributions based on Sisyphus, an APT-enabled RPM package repository that aims to achieve feature completeness, usability, and security in a sensible and manageable mixture.

minor feature: Linux 4.9.105 / 4.14.48; Mesa 17.3.9; desktop images: Firefox ESR 52.8.0; icewm: added spacefm and refind; kde4, kde5, lxqt: Falkon browser; kde5: 5.46.0 / 5.12.0 / 17.12.3; lxde*, wmaker, sysv-xfce: Palemoon 27.8.3; lxqt: 0.13.0; rescue: added udpcast and partclone; server: samba 4.6.15, php5 5.6.36, php7 7.2.5

GNU GPL operating-system software-distribution installation end-users developers livecd rescue desktop server security

innoextract 1.7 💾

Inno Setup is a tool to create installers for Microsoft Windows applications. innoextract allows to extract such installers under non-windows systems without running the actual installer using Wine. innoextract currently supports installers created by Inno Setup 1.2.10 to 5.5.6. innoextract is able to unpack (most) GOG.com installers, Wadjet Eye Games installers (to play with AGS), Arx Fatalis patches (for use with Arx Libertatis) as well as various other Inno Setup executables.

minor feature: This release adds support for Inno Setup 5.6.0 installers as well as new GOG installers with GOG Galaxy file parts. It also add support for encrypted installers. Further, there are new --list-sizes and --list-checksums options to print file information as well as a --data-version (-V) option to check if an executable is an Inno Setup installer. Finally, this release fixes issues with the names used to load .bin slice files.

Zlib archiving compression console c++ boost liblzma windows macos cross-plattform freebsd netbsd openbsd bsd linux end-users

BuildAMation 1.2.0a4 💾

BuildAMation is an open source build system and project generator for Windows, Linux and macOS desktop software development in C/C++. It has a declarative markup language based on C# runtime compilation (using Mono on Linux and macOS), and has a plugin system to implement different backends, such as multi-threaded command line builds, VisualStudio or Xcode project generation, or MakeFiles. Common compiler/linker/archiver settings are exposed via C# properties, so you can configure the build using named settings rather than having to remember each toolchain's command line switches (handy for cross-platform development). Build scripts are debuggable in VisualStudio, MonoDevelop or VisualStudio for Mac. You can profile it with any standard tools. A number of standard open source projects have had build scripts written for them already, such as Qt, flex, bison, Python, zeromq, libtiff, zlib. CMake is a similar product.

minor feature: Detecting WindowsSDKs properly Handling spaces in install path See changelog.txt for details

BSDL developers linux windows macos c++ c build-tool

Wine 3.10 💾

Wine is an implementation of the Windows API on top of X and Unix. It does not require Microsoft Windows, but can use native Windows DLLs if they are available. It provides both a development toolkit for porting Windows source code to Unix as well as a program loader, allowing many unmodified Windows programs to run on x86-based Unixes.

minor feature: Swapchain support in Direct 3D 12. Vulkan support updated to the latest spec. Deger support for Wow64 processes. Still more support for the Task Scheduler. Various.

GNU LGPL c x86 windows win32 emulator compatibility library desktop operating-system