acme.sh/3.0.8 package update #28413
acme.sh/3.0.8 package update #28413
Conversation
![octo-sts[bot]](https://avatars.githubusercontent.com/in/801323?s=60&v=4){kind=small}
octo-sts
bot
commented
Sep 15, 2024
octo-sts
bot
commented
Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com>
octo-sts
bot
added
request-version-update
Package acme.sh: Click to expand/collapsePackage acme.sh:
(
"""
- # Generated by melange v0.15.5-4-g817ede6
+ # Generated by melange
pkgname = acme.sh
- pkgver = 3.0.7-r1
+ pkgver = 3.0.8-r0
arch = x86_64
- size = 1487069
+ size = 1363614
origin = acme.sh
pkgdesc = ACME Shell script, an acme client alternative to certbot
url =
- commit = dd07be6d1c4c8beb10935f6d9557b41a1db07e84
- builddate = 1710422077
+ commit = b723417d2a08d0c61f82ecd93122ed9b61a6d2ce
license = GPL-3.0-only
depend = curl
depend = openssl
depend = socat
- datahash = 5a205bac1aed0e38782dc2e742f8d4797e50bb0dc23c3ef2adf78adeab61ad09
+ datahash = b493215ce504bc3c394b231623689923cc0132e0fdae8d3c03d8a5711afab8af
"""
)
Added: /usr/share/acme.sh/deploy/ali_cdn.sh bincapz found differences: Click to expand/collapseDeleted: acme.sh/usr/share/acme.sh/dnsapi/dns_yandex.sh [
|
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -MEDIUM | ref/site/download | http dropper url | https://github.com/non7top/acme.sh |
| -LOW | net/dns/txt | Uses DNS TXT (text) records | TXT dns |
| -LOW | ref/path/usr/bin | path reference within /usr/bin | /usr/bin/env |
| -LOW | ref/site/url | contains embedded HTTPS URLs | https://github.com/non7top/acme.sh https://pddimp.yandex.ru/api2/admin/dns/add https://pddimp.yandex.ru/api2/admin/dns/del https://pddimp.yandex.ru/api2/admin/dns/list?domain= https://pddimp.yandex.ru/api2/admin/get_token. |
Deleted: acme.sh/usr/share/acme.sh/dnsapi/dns_do.sh [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -MEDIUM | net/http/cookies | access HTTP resources using cookies | Cookie HTTP |
| -MEDIUM | ref/site/download | http dropper url | https://github.com/seidler2547/acme.sh |
| -LOW | net/dns/txt | Uses DNS TXT (text) records | TXT dns |
| -LOW | ref/path/usr/bin | path reference within /usr/bin | /usr/bin/env |
| -LOW | ref/site/url | contains embedded HTTPS URLs | https://github.com/seidler2547/acme.sh/issues https://soap.resellerinterface.de/ |
| -LOW | ref/words/password | references a 'password' | customer ID and password |
Added: acme.sh/usr/share/acme.sh/deploy/ali_cdn.sh [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +MEDIUM | net/http/post | submit content to websites | POST http |
| +MEDIUM | net/upload | uploads files | upload |
| +MEDIUM | net/url/encode | encodes URL, likely to pass GET variables | urlencode |
| +MEDIUM | ref/path/dev | path reference within /dev | /dev/urandom |
| +LOW | encoding/base64 | Supports base64 encoded strings | base64 |
| +LOW | ref/path/usr/bin | path reference within /usr/bin | /usr/bin/env |
| +LOW | ref/site/url | contains embedded HTTPS URLs | https://cdn.aliyuncs.com/ |
Added: acme.sh/usr/share/acme.sh/dnsapi/dns_west_cn.sh [🔥 HIGH]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +HIGH | exfil/sysinfo_http | sends host information via HTTP GET variables | &hostname= |
| +MEDIUM | net/http/post | submit content to websites | POST http |
| +LOW | net/dns/txt | Uses DNS TXT (text) records | TXT dns |
| +LOW | ref/path/usr/bin | path reference within /usr/bin | /usr/bin/env |
| +LOW | ref/site/url | contains embedded HTTPS URLs | https://api.west.cn/API/v2 https://www.west.cn/manager/API/APIconfig.asp |
Added: acme.sh/usr/share/acme.sh/dnsapi/dns_timeweb.sh [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +LOW | net/dns/txt | Uses DNS TXT (text) records | TXT dns |
| +LOW | ref/path/usr/bin | path reference within /usr/bin | /usr/bin/env |
| +LOW | ref/site/url | contains embedded HTTPS URLs | https://api.timeweb.cloud/api/v1 https://github.com/nikolaypronchev. https://timeweb.cloud/my/api-keys |
Added: acme.sh/usr/share/acme.sh/notify/mattermost.sh [✅ LOW]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +LOW | ref/path/usr/bin | path reference within /usr/bin | /usr/bin/env |
Added: acme.sh/usr/share/acme.sh/dnsapi/dns_ionos_cloud.sh [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +MEDIUM | net/http/post | submit content to websites | HTTP POST http |
| +LOW | net/dns/txt | Uses DNS TXT (text) records | TXT dns |
| +LOW | ref/path/usr/bin | path reference within /usr/bin | /usr/bin/env |
| +LOW | ref/site/url | contains embedded HTTPS URLs | https://api.ionos.com/docs/authentication/v1/ https://dns.de-fra.ionos.com |
Added: acme.sh/usr/share/acme.sh/dnsapi/dns_alviy.sh [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +MEDIUM | net/http/post | submit content to websites | HTTP POST http |
| +LOW | net/dns/txt | Uses DNS TXT (text) records | TXT dns |
| +LOW | ref/path/usr/bin | path reference within /usr/bin | /usr/bin/env |
| +LOW | ref/site/url | contains embedded HTTPS URLs | https://cloud.alviy.com/api/v1 https://cloud.alviy.com/token |
Added: acme.sh/usr/share/acme.sh/notify/ntfy.sh [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +MEDIUM | net/http/post | submit content to websites | POST http |
| +LOW | ref/path/usr/bin | path reference within /usr/bin | /usr/bin/env |
Added: acme.sh/usr/share/acme.sh/dnsapi/dns_limacity.sh [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +MEDIUM | net/http/post | submit content to websites | POST http |
| +LOW | encoding/base64 | Supports base64 encoded strings | base64 |
| +LOW | net/dns/txt | Uses DNS TXT (text) records | TXT dns |
| +LOW | ref/path/usr/bin | path reference within /usr/bin | /usr/bin/env |
| +LOW | ref/site/url | contains embedded HTTPS URLs | https://www.lima-city.de/usercp |
Added: acme.sh/usr/share/acme.sh/dnsapi/dns_yandex360.sh [⚠️ MEDIUM]
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| +MEDIUM | net/http/post | submit content to websites | POST http |
| +LOW | kernel/platform | system identification | uname |
| +LOW | net/dns/txt | Uses DNS TXT (text) records | TXT dns |
| +LOW | ref/path/usr/bin | path reference within /usr/bin | /usr/bin/env |
| +LOW | ref/site/url | contains embedded HTTPS URLs | https://360.yandex.com/ https://api360.yandex.net/directory/v1 acmesh-official/acme.sh#5213 https://github.com/acmesh-official/acme.sh/wiki/dnsapi2 https://oauth.yandex.ru |
Changed: /tmp/wolfictl-apk-3824017707/acme.sh/usr/share/acme.sh/dnsapi/dns_df.sh
1 removed behaviors
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -MEDIUM | ref/site/download | http dropper url | https://github.com/ThiloGa/acme.sh |
Changed: /tmp/wolfictl-apk-3824017707/acme.sh/usr/share/acme.sh/dnsapi/dns_namecheap.sh
Changed: /tmp/wolfictl-apk-3824017707/acme.sh/usr/share/acme.sh/acme.sh
Changed: /tmp/wolfictl-apk-3824017707/acme.sh/usr/share/acme.sh/dnsapi/dns_nm.sh
1 removed behaviors
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -MEDIUM | ref/site/download | http dropper url | https://github.com/ThiloGa/acme.sh |
Moved: acme.sh/var/lib/db/sbom/acme.sh-3.0.7-r1.spdx.json -> /tmp/wolfictl-apk-3824017707/acme.sh/var/lib/db/sbom/acme.sh-3.0.8-r0.spdx.json (similarity: 0.98)
2 removed behaviors
| RISK | KEY | DESCRIPTION | EVIDENCE |
|---|---|---|---|
| -MEDIUM | ref/site/dyndns | dynamic dns user | duckdns |
| -MEDIUM | secrets/keychain | May access the macOS keychain | keychain |
