- Change MASTER_SITES from GitHub to PYPI
- Add LICENSE_FILE
- Fix version requirement of RUN_DEPENDS
- Convert to USE_PYTHON=pep517
- Bump PORTREVISION for package change
- Take maintainership
yard-sorbet is a YARD plugin that parses Sorbet type annotations.
Features:
- Attaches existing documentation to methods and attributes that follow sig
declarations. (This information is otherwise discarded.)
- Translates sig type signatures into corresponding YARD tags
- Generates method definitions from T::Struct fields
- Generates constant definitions from T::Enum enums
- Modules marked abstract! or interface! are tagged @abstract
- Modules using mixes_in_class_methods will attach class methods
- Merges sigs in rbi files with source code documentation (rbi files must come
after source code in yard configuration)
packwerk-extensions is a home for checker extensions for packwerk 3.
Currently, it ships the following checkers to help improve the boundaries
between packages. These checkers are:
- A privacy checker that ensures other packages are using your package's public
API
- A visibility checker that allows packages to be private except to an explicit
group of other packages.
- A folder_privacy checker that allows packages to their sibling packs and
parent pack (to be used in an application that uses folder packs)
- A layer (formerly architecture) checker that allows packages to specify their
"layer" and requires that each layer only communicate with layers below it.
Packwerk is a Ruby gem used to enforce boundaries and modularize Rails
applications.
Packwerk can be used to:
- Combine groups of files into packages
- Define package-level constant visibility (i.e. have publicly accessible
constants)
- Help existing codebases to become more modular without obstructing development
ConstantResolver resolves partially qualified constant reference to the fully
qualified name and the path of the file defining it. It does not load the files
to do that, its inference engine purely works on file paths and constant names.
ConstantResolver uses the same assumptions as Rails' code loader, Zeitwerk to
infer constant locations. Please see Zeitwerk's documentation on file structure
and inflection for more information.
This gem replaces the normal ERB parsing with an HTML-aware ERB parsing. This
makes your templates smarter by adding runtime checks around the data
interpolated from Ruby into HTML.
This library exists to allow connecting with Happy Eyeballs when you already
have a list of addrinfo and not a DNS name.
The stdlib version of loop.create_connection() will only work when you pass in
an unresolved name which is not a good fit when using DNS caching or resolving
names via another method such was zeroconf.
geosnap provides a suite of tools for exploring, modeling, and visualizing the
social context and spatial extent of neighborhoods and regions over time. It
brings together state-of-the-art techniques from geodemographics,
regionalization, spatial data science, and segregation analysis to support
social science research, public policy analysis, and urban planning. It provides
a simple interface tailored to formal analysis of spatiotemporal urban data.
Main Features:
- fast, efficient tooling for standardizing data from multiple time periods into
a shared geographic representation appropriate for spatiotemporal analysis
- analytical methods for understanding sociospatial structure in neighborhoods,
cities, and regions, using unsupervised ML from scikit-learn and spatial
optimization from PySAL
- classic and spatial analytic methods for diagnosing model fit, and locating
(spatial) statistical outliers novel techniques for understanding the
evolution of neighborhoods over time, including identifying hotspots of local
neighborhood change, as well as modeling and simulating neighborhood
conditions into the future
- quick access to a large database of commonly-used neighborhood indicators from
U.S. providers including Census, EPA, LEHD, NCES, and NLCD, streamed from the
cloud thanks to quilt and the highly-performant geoparquet file format.
contextily is a small Python 3 package to retrieve tile maps from the internet.
It can add those tiles as basemap to matplotlib figures or write tile maps to
disk into geospatial raster files. Bounding boxes can be passed in both WGS84
(EPSG:4326) and Spheric Mercator (EPSG:3857). See the notebook
contextily_guide.ipynb for usage.
The current tile providers that are available in contextily are the providers
defined in the xyzservices package. This includes some popular tile maps, such
as:
- The standard OpenStreetMap map tiles
- Toner, Terrain and Watercolor map tiles by Stamen Design
The Python xasm module has routines for assembly, and has a command to assemble
bytecode for several different versions of Python.
Here are some potential uses:
- Make small changes to existing Python bytecode when you don't have source
- Craft custom and efficient bytecode
- Write an instruction-level optimizing compiler
- Experiment with and learn about Python bytecode
- Foil decompilers like uncompyle6 so that they can't disassemble bytecode (at
least for now)
This support the same kinds of bytecode that xdis supports. This is pretty much
all released bytecode, although we tend to lag behind the latest Python
releases.
This package uses Jay Earley's algorithm for parsing context free grammars, and
comes with some generic Abstract Syntax Tree routines. There is also a prototype
scanner which does its job by combining Python regular expressions.
(SPARK stands for Scanning, Parsing, and Rewriting Kit. It is a poor name since
it conflicts with a more popular package of the same name. In the future we will
rename this.)
The original version of this was written by John Aycock for his Ph.D thesis and
was described in his 1998 paper: "Compiling Little Languages in Python" at the
7th International Python Conference. The current incarnation of this code is
maintained (or not) by Rocky Bernstein.
Note: Earley algorithm parsers are almost linear when given an LR grammar. These
are grammars which are left-recursive.
When text is rendered by a computer, sometimes characters are displayed as
"tofu". They are little boxes to indicate your device doesn't have a font to
display the text.
Google has been developing a font family called Noto, which aims to support all
languages with a harmonious look and feel. Noto is Google's answer to tofu. The
name noto is to convey the idea that Google's goal is to see no more "tofu".
Noto has multiple styles and weights, and is freely available to all. The
comprehensive set of fonts and tools used in our development is available in our
GitHub repositories.
This port provides the fonts set of Noto Serif Kannada.
When text is rendered by a computer, sometimes characters are displayed as
"tofu". They are little boxes to indicate your device doesn't have a font to
display the text.
Google has been developing a font family called Noto, which aims to support all
languages with a harmonious look and feel. Noto is Google's answer to tofu. The
name noto is to convey the idea that Google's goal is to see no more "tofu".
Noto has multiple styles and weights, and is freely available to all. The
comprehensive set of fonts and tools used in our development is available in our
GitHub repositories.
This port provides the fonts set of Noto Sans Kannada.
XLSX I/O aims to provide a C library for reading and writing .xlsx files. The
.xlsx file format is the native format used by Microsoft(R) Excel(TM) since
version 2007.
decompyle3 is a native Python cross-version decompiler and fragment decompiler.
It is a reworking of uncompyle6.
decompyle3 translates Python bytecode back into equivalent Python source code.
It accepts bytecodes from Python version 3.7 on.
Changes since 5.7.0:
wolfSSL Release 5.7.2 (July 8, 2024)
NOTE: * --enable-heapmath is being deprecated and will be removed by end of
2024
Vulnerabilities
* [Medium] CVE-2024-1544
Potential ECDSA nonce side channel attack in versions of wolfSSL before 5.
6.6 with wc_ecc_sign_hash calls. Generating the ECDSA nonce k samples a
random number r and then truncates this randomness with a modular
reduction mod n where n is the order of the elliptic curve. Analyzing the
division through a control-flow revealing side-channel reveals a bias in
the most significant bits of k. Depending on the curve this is either a
negligible bias or a significant bias large enough to reconstruct k with
lattice reduction methods. Thanks to Luca Wilke, Florian Sieck and Thomas
Eisenbarth (University of Lübeck) for reporting the vulnerability.
Details will appear in the proceedings of CCS 24.
Fixed#7020
* [Medium] CVE-2024-5288
A private key blinding operation, enabled by defining the macro
WOLFSSL_BLIND_PRIVATE_KEY, was added to mitigate a potential row hammer
attack on ECC operations. If performing ECC private key operations in an
environment where a malicious user could gain fine control over the
device and perform row hammer style attacks it is recommended to update
the version of wolfSSL used and to build with WOLFSSL_BLIND_PRIVATE_KEY
defined. Thanks to Kemal Derya, M. Caner Tol, Berk Sunar for the report
(Vernam Applied Cryptography and Cybersecurity Lab at Worcester
Polytechnic Institute)
Fixed in github pull request #7416
* [Low] When parsing a provided maliciously crafted certificate directly
using wolfSSL API, outside of a TLS connection, a certificate with an
excessively large number of extensions could lead to a potential DoS.
There are existing sanity checks during a TLS handshake with wolfSSL which
mitigate this issue. Thanks to Bing Shi for the report.
Fixed in github pull request #7597
* [Low] CVE-2024-5991
In the function MatchDomainName(), input param str is treated as a NULL
terminated string despite being user provided and unchecked.
Specifically, the Openssl compatibility function X509_check_host() takes
in a pointer and length to check against, with no requirements that it be
NULL terminated. While calling without a NULL terminated string is very
uncommon, it is still technically allowed. If a caller was attempting to
do a name check on a non*NULL terminated buffer, the code would read
beyond the bounds of the input array until it found a NULL terminator.
Fixed in github pull request #7604
* [Medium] CVE-2024-5814
A malicious TLS1.2 server can force a TLS1.3 client with downgrade
capability to use a ciphersuite that it did not agree to and achieve a
successful connection. This is because, aside from the extensions, the
client was skipping fully parsing the server hello when downgrading from
TLS 1.3.
Fixed in github pull request #7619
* [Medium] OCSP stapling version 2 response verification bypass issue when
a crafted response of length 0 is received. Found with internal testing.
Fixed in github pull request #7702
* [Medium] OCSP stapling version 2 revocation bypass with a retry of a TLS
connection attempt. A revoked CA certificate could incorrectly be loaded
into the trusted signers list and used in a repeat connection attempt.
Found with internal testing.
Fixed in github pull request #7702
New Feature Additions
* Added Dilithium/ML-DSA: Implementation of ML-DSA-44/65/87 (PR 7622)
* AES RISC-V 64-bit ASM: ECB/CBC/CTR/GCM/CCM (PR 7569)
* Added CUDA support for AES encryption (PR 7436)
* Added support for gRPC (PR 7445)
* Added function wc_RsaPrivateKeyDecodeRaw to import raw RSA private keys
(PR 7608)
* Added crypto callback for SHA-3 (PR 7670)
* Support for Infineon Modus Toolbox with wolfSSL (PR 7369)
* Allow user to send a user_canceled alert by calling
wolfSSL_SendUserCanceled (PR 7590)
* C# wrapper SNI support added (PR 7610)
* Quantum-safe algorithm support added to the Linux kernel module (PR 7574)
* Support for NIST 800-56C Option 1 KDF, using the macro
WC_KDF_NIST_SP_800_56C added (PR 7589)
* AES-XTS streaming mode added, along with hardware acceleration and kernel
module use (PR 7522, 7560, 7424)
* PlatformIO FreeRTOS with ESP build and addition of benchmark and test
example applications (PR 7528, 7413, 7559, 7542)
Enhancements and Optimizations
* Expanded STM32 AES hardware acceleration support for use with STM32H5 (PR
7578)
* Adjusted wc_xmss and wc_lms settings to support use with wolfBoot (PR
7393)
* Added the --enable-rpk option to autotools build for using raw public key
support (PR 7379)
* SHA-3 Thumb2, ARM32 assembly implementation added (PR 7667)
* Improvements to RSA padding to expose Pad/Unpad APIs (PR 7612)
* Updates and API additions for supporting socat version 1.8.0.0 (PR 7594)
* cmake build improvements, expanding build options with SINGLE_THREADED
and post-quantum algorithms, adjusting the generation of options.h file
and using “yes;no” boolean instead of strings (PR 7611, 7546, 7479, 7480,
7380)
* Improvements for Renesas RZ support (PR 7474)
* Improvements to dual algorithm certificates for post-quantum keys (PR
7286)
* Added wolfSSL_SessionIsSetup so the user can check if a session ticket
has been sent by the server (PR 7430)
* hostap updates: Implement PACs for EAP-FAST and filter cipher list on TLS
version change (PR 7446)
* Changed subject name comparison to match different upper and lower cases
(PR 7420)
* Support for DTLS 1.3 downgrade when using PSK (PR 7367)
* Update to static memory build for more generic memory pools used (PR 7418)
* Improved performance of Kyber C implementation (PR 7654)
* Support for ECC_CACHE_CURVE with no malloc (PR 7490)
* Added the configure option --enable-debug-trace-errcodes (macro
WOLFSSL_DEBUG_TRACE_ERROR_CODES) which enables more debug tracking of
error code values (PR 7634)
* Enhanced wc_MakeRsaKey and wc_RsaKeyToDer to work with WOLFSSL_NO_MALLOC
(PR 7362)
* Improvements to assembly implementations of ChaCha20 and Poly1305 ASM for
use with MSVC (PR 7319)
* Cortex-M inline assembly labels with unique number appended (PR 7649)
* Added secret logging callback to TLS <= 1.2, enabled with the macro
HAVE_SECRET_CALLBACK (PR 7372)
* Made wc_RNG_DRBG_Reseed() a public wolfCrypt API (PR 7386)
* Enabled DES3 support without the DES3 ciphers. To re-enable DES3 cipher
suites, use the configure flag --enable-des3-tls-suites (PR 7315)
* Added stubs required for latest nginx (1.25.5) (PR 7449)
* Added option for using a custom salt with the function
wc_ecc_ctx_set_own_salt (PR 7552)
* Added PQ files for Windows (PR 7419)
* Enhancements to static memory feature, adding the option for a global
heap hint (PR 7478) and build options for a lean or debug setting,
enabled with --enable-staticmemory=small or --enable-staticmemory=debug
(PR 7597)
* Updated --enable-jni to define SESSION_CERTS for wolfJSSE (PR 7557)
* Exposed DTLS in Ada wrapper and updated examples (PR 7397)
* Added additional minimum TLS extension size sanity checks (PR 7602)
* ESP improvements: updating the examples and libraries, updates for Apple
HomeKit SHA/SRP, and fix for endianness with SHA512 software fallback (PR
7607, 7392, 7505, 7535)
* Made the wc_CheckCertSigPubKey API publicly available with the define of
the macro WOLFSSL_SMALL_CERT_VERIFY (PR 7599)
* Added an alpha/preview of additional FIPS 140-3 full submission, bringing
additional algorithms such as SRTP-KDF, AES-XTS, GCM streaming, AES-CFB,
ED25519, and ED448 into the FIPS module boundary (PR 7295)
* XCODE support for v5.2.3 of the FIPS module (PR 7140)
* Expanded OpenSSL compatibility layer and added EC_POINT_hex2point (PR
7191)
Fixes
* Fixed Kyber control-flow timing leak. Thanks to Antoon Purnal from
PQShield for the report.
* Fixed the NXP MMCAU HW acceleration for SHA-256 (PR 7389)
* Fixed AES-CFB1 encrypt/decrypt on size (8*x-1) bits (PR 7431)
* Fixed use of %rip with SHA-256 x64 assembly (PR 7409)
* Fixed OCSP response message build for DTLS (PR 7671)
* Handled edge case in wc_ecc_mulmod() with zero (PR 7532)
* Fixed RPK (Raw Public Key) to follow certificate use correctly (PR 7375)
* Added sanity check on record header with QUIC use (PR 7638)
* Added sanity check for empty directory strings in X.509 when parsing (PR
7669)
* Added sanity check on non-conforming serial number of 0 in certificates
being parsed (PR 7625)
* Fixed wolfSSL_CTX_set1_sigalgs_list() to make the TLS connection conform
to the selected sig hash algorithm (PR 7693)
* Various fixes for dual algorithm certificates including small stack use
and support for Certificate Signing Requests (PR 7577)
* Added sanity check for critical policy extension when wolfSSL is built
without policy extension support enabled (PR 7388)
* Added sanity check that the ed25519 signature is smaller than the order (
PR 7513)
* Fixed Segger emNet to handle non-blocking want read/want write (PR 7581)
