Gem that allows you to encrypt a Chef Data Bag Item using the public keys of a
list of chef nodes. This allows only those chef nodes to decrypt the encrypted
values.
WWW: https://github.com/chef/chef-vault
Chef Utils gem contains common code and mixins for the core Chef Infra Ruby
gems. This is intended to be a "core" or "foundations" library for the chef
ecosystem (and external related gems) which allows the use of core code and
utility functions of the chef gem without requiring all the heaviness of the
chef gem.
WWW: https://github.com/chef/chef/tree/master/chef-utils
This plugin allows applications that rely on Train to communicate with the WinRM
API. This plugin relies on the winrm and winrm-fs gems for implementation.
WWW: https://github.com/inspec/train-winrm
Train lets you talk to your local or remote operating systems and APIs with a
unified interface.
It allows you to:
- execute commands via run_command
- interact with files via file
- identify the target operating system via os
- authenticate to API-based services and treat them like a platform
Train supports:
- Local execution
- SSH
- WinRM
- Docker
- Mock (for testing and debugging)
- AWS as an API
- Azure as an API
- VMware via PowerCLI
- Habitat
WWW: https://github.com/inspec/train
This module provides access to the zlib library. Zlib is designed to be a
portable, free, general-purpose, legally unencumbered -- that is, not covered by
any patents -- lossless data-compression library for use on virtually any
computer hardware and operating system.
The library also supports reading and writing files in gzip (.gz) format with an
interface similar to that of IO. The gzip format is described in RFC 1952 which
is also a wrapper around a deflate stream.
WWW: https://github.com/ruby/zlib
Timeout provides a way to auto-terminate a potentially long-running operation if
it hasn't finished in a fixed amount of time.
WWW: https://github.com/ruby/timeout
The Etc module provides access to information typically stored in files in the
/etc directory on Unix systems.
The information accessible consists of the information found in the /etc/passwd
and /etc/group files, plus information about he system's temporary directory
(/tmp) and configuration directory (/etc).
The Etc module provides a more reliable way to access information about the
logged in user than environment variables such as +$USER+.
WWW: https://github.com/ruby/etc
Include the English library file in a Ruby script, and you can reference the
global variables such as $_ using less cryptic names.
WWW: https://github.com/ruby/English
This library provides three different ways to delegate method calls to an
object. The easiest to use is SimpleDelegator. Pass an object to the constructor
and all methods supported by the object will be delegated. This object can be
changed later.
Going a step further, the top level DelegateClass method allows you to easily
setup delegation through class inheritance. This is considerably more flexible
and thus probably the most common use for this library.
Finally, if you need full control over the delegation scheme, you can inherit
from the abstract class Delegator and customize as needed. (If you find yourself
needing this control, have a look at Forwardable which is also in the standard
library. It may suit your needs better.)
WWW: https://github.com/ruby/delegate
The Benchmark module provides methods for benchmarking Ruby code, giving
detailed reports on the time taken for each task.
WWW: https://github.com/ruby/benchmark
I wanted to incorporate a method to get an SSL certificate from a server, show
the user the same kind of information as you'd see in a browser, prompt them for
validity, then write it to disk for use in all requests to a server.
I was unable to find any great / easy ways that incorporated all of these
concepts into one neat thing. So I made a thing.
Originally this was based off of yet another lovely over-engineered solution in
get-ca-py by Josh Peak.
WWW: https://github.com/lifehackjim/cert_human
Use C11 compiler:
/usr/local/include/mysql/my_global.h:212: error: redefinition of typedef 'my_socket'
/usr/local/include/mysql/mysql.h:64: error: previous declaration of 'my_socket' was here
Since Qt5.15 update, pgmodeler 0.9.2 crashes. A new release is coming, we can as well fix this crash and prepare for this release.
- Update to 0.9.3-beta
- Reorder and alphabetize USES
Changelog:
https://github.com/pgmodeler/pgmodeler/blob/develop/CHANGELOG.md
Reported by: tcberner
Approved by: tcberner (mentor)
Differential Revision: D25877
KDE Project Security Advisory
=============================
Title: Ark: maliciously crafted archive can install files outside the extraction directory.
Risk Rating: Important
CVE: CVE-2020-16116
Versions: ark <= 20.04.3
Author: Elvis Angelaccio <elvis.angelaccio@kde.org>
Date: 30 July 2020
Overview
========
A maliciously crafted archive with "../" in the file paths
would install files anywhere in the user's home directory upon extraction.
Proof of concept
================
For testing, an example of malicious archive can be found at
https://github.com/jwilk/traversal-archives/releases/download/0/relative2.zip
Impact
======
Users can unwillingly install files like a modified .bashrc, or a malicious
script placed in ~/.config/autostart
Workaround
==========
Users should not use the 'Extract' context menu from the Dolphin file manager.
Before extracting a downloaded archive using the Ark GUI, users should inspect it
to make sure it doesn't contain entries with "../" in the file path.
Solution
========
Ark 20.08.0 prevents loading of malicious archives and shows a warning message
to the users.
Alternatively,
0df592524f
can be applied to previous releases.
Credits
=======
Thanks to Dominik Penner for finding and reporting this issue and thanks to
Elvis Angelaccio and Albert Astals Cid for fixing it.
