v1.14
- added support for verification of hostname from certificate
including subjectAltNames, support for IDN etc based on patch and
input from christopher[AT]odenbachs[DOT]de and
achim[AT]grolmsnet[DOT]de.
It is also possible to get more information from peer_certificate
based on this patch. See documentation for peer_certificate and
verify_hostname
- automatic verification of hostnames with SSL_verifycn_scheme and
SSL_verifycn_name
- global setting of default context options like SSL_verifycn_scheme,
SSL_verify_mode with set_ctx_defaults
- fix import of inet4,inet6 which got broken within 1.13_X.
Thanks to <at[AT]altlinux[DOT]ru> for bugreport and patch
- clarified and enhanced debugging supppport based on bugreport
http://rt.cpan.org/Ticket/Display.html?id=32960
- put information into README regarding the supported and recommanded
version of Net::SSLeay
1.35 25.07.208
- Fix test plan for autoload.t if Test::Exception isn't available.
- Skip rsa_generate_key.t if Test::Exception isn't available.
1.34 24.07.2008
- Fixed problem with X509_get_subjectAltNames, where some types of Alt
Name (eg DIRNAMEs) were not properly handled, resulting in seg faults.
Reported by Achim Grolms.
- Added support for ENGINE_load_builtin_engines and
ENGINE_register_all_complete in order to enable built-in OpenSSL
crypto engines for hardware acceleration etc.
- Added support for ENGINE_by_id and ENGINE_set_default, required
to enable Sun crypto acceleration
1.33_01 14.02.2008
- Fixed a compile problem with inc_paths /usr/kerberos/include
in inc/Module/Install/PRIVATE/Net/SSLeay.pm. Reported by "J. Nick
Koston via RT"
- Added optional support for SSL_set_hello_extension,
SSL_set_session_secret_cb to support various extension patches from
a patch to openssl-0.9.9-dev contributed by Jouni Malinen.
See wpa_supplicant/patches/openssl-0.9.9-session-ticket.patch in the
latest (git) version 0.6 and later of wpa_suplicant at
http://hostap.epitest.fi/. These additions are ifdefed to
SSL_F_SSL_SET_HELLO_EXTENSION which is added by the patch
Tested with openssl-SNAP-20070816.
- Added SSL_SESSION_set_master_key and SSL_get_keyblock_size.
- Added all SSL_OP_* options flags present in 0.9.9
- Fixed a bug in SSL_set_tmp_dh
- Doc improvements in README.Win32
- Fixed a problem with proxy connections: open_proxy_tcp_connection
was stopping after the first \n from teh proxy,
but instead should have looked for
$CRLF . $CRLF to find the beginning of the SSL content
- Fixed missing / on /usr/kerberos/include, reported by several people
- removed bacus.pt from host list in t/handle/external/10_destroy.t,
since it seems no longer to respond. Reported by tco2.
- changed t/handle/external/10_destroy.t so this list of URIs to be
tested can be configured with environment variable SSLEAY_URIS, a
colon separated list of host names. Suggested by tco2.
- changed t/handle/external/50_external.t and t/external/08_external.t
so this list of sites to be
tested can be configured with environment variable SSLEAY_SITES, a
colon separated list of host names. Suggested by tco2.
- Fixed doucumentation in README of how to use OPENSSL_PREFIX
environment variable to control the location of openssl. Reported by
"Quanah Gibson-Mount via RT".
- Don't use Module::Installs auto_install.
- Bind NID_ and GEN_ constants.
- Default to not running external tests.
sshfp is a small utility that generates RFC4255 SSHFP DNS records
based on the public keys stored in a known_hosts file or obtained by
using ssh-keyscan. If the nameserver of the domain allows zone
tranfers (AXFR), an entire domain can be processed for all its A
records. These can then be easilly added to a zone, and then secured
by DNSSEC.
Changes:
** libgnutls: Fix local crash in gnutls_handshake. [GNUTLS-SA-2008-2]
** libgnutls: Fix memory leaks when doing a re-handshake.
** Fix compiler warnings.
** Fix ordering of -I's to avoid opencdk.h conflict with system headers.
** srptool: Fix a problem where --verify check does not succeed.
Pkgsrc changes:
o Change to use CPAN as distribution source
o Change HOMEPAGE to use search.cpan.org; leave old
HOMEPAGE pointing to sourceforge commented-out
Upstream changes:
0.36 Mon Aug 13 12:16:38 EDT 2007
* [rt.cpan.org #28814] - Performance improvement
from mehradek (Radoslaw Zielinski)
-use English;
+use English qw( -no_match_vars );
0.35 Fri Apr 20 12:33:53 EDT 2007 - Jesse Vincent <jesse@bestpractical.com>
* New Maintainer: Jesse Vincent <jesse@bestpractical.com> took over
maintenance of this module.
* Removed test key expiry dates. (Fixes
http://rt.cpan.org/Ticket/Display.html?id=17618)
* Applied secret key output patch for modern GPG from
http://rt.cpan.org/Ticket/Display.html?id=17619
* Applied patch to support 'tru' record types from
(http://search.cpan.org/src/JRED/Mail-GPG-1.0.6/patches/)
0.07 Thu Jul 23 10:31:33 2008
- rt 34703
- argument logic before filehandle fetch so that they'll apply
- read small chunk of file handles instead if readline() to
avoid various issues
Pkgsrc changes:
o Added full list of dependencies, from Makefile.PL.
Upstream changes:
0.04 Sun Jun 15 16:22:32 JST 2008
* fixed a bug caused memory greediness with too long strings :<
* improved internal code for PAUSE.
0.03 Sat Jun 14 19:17:30 JST 2008
* added support for Math::Random::MT::Perl.
* switched to Module::Build.
* cleaned up test scripts.
* added 'binary' option to rndpassword.
Based on maintainer update request in PR 39196.
There are a lot of changes and some incompatabilities with 2.5.3
(current version in pkgsrc) particularly as respects SQL schema.
Consult vendor's releases notes for more detail:
http://www.ijs.si/software/amavisd/release-notes.txt
- no complete ChangeLog from upstream -
ChangeLog:
2000-03-13 Gisle Aas <gisle@ActiveState.com>
Release 2.01
Broken out of the Digest-MD5-2.12 distribution and made into
a separate dist.
events received by Prelude. Several isolated alerts, generated from
different probes, can thus trigger a single correlation alert should the
events be related. This correlation alert then appears within the
Prewikka interface and indicates the potential target information via
the set of correlation rules.
- Improve thread safety when evicting events to disk.
- Handle IDMEF message version tag, which will be used in upcoming
libprelude version.
- Add support for newer GnuTLS 2.2.0 session priority functions. When
the option is available, the user might specify TLS settings through
the "tls-options" configuration entry.
- Fix a possible crash upon destruction of a bufpool that is writing to
a failover.
- Correct strtoul() error checking, when verifying scheduler options.
- Add support for newer GnuTLS 2.2.0 session priority functions. When
the option is available, the user might specify TLS settings through
the "tls-options" configuration entry.
- Workaround a GnuTLS issue where the client wouldn't be able
to negotiate a supported compression protocol with the server (#299).
- Implement variable substitution in Prelude configuration files.
- Allow IDMEF criteria with multiples values for a single path,
as can be seen in the following example:
alert.classification.text = (A || B || C || D)
- Implement negation of idmef-criteria, allowing to write criteria like:
! (alert.classification.text = A || alert.classification.text = B)
- Fix an IDMEF-Criteria matching problem, where the match function would
not attempt to match a OR after multiple consecutive AND that failed.
Thanks Alexander Afonyashin <firm(at)iname.com> for pointing out the
problem.
- Never use non-pointer field, always use the "required" keyword. Fix
API consistency issue, that could lead to unexpected behavior.
- Fix multiples problem with prelude_read_multiline /
prelude_read_multiline2,
(fix a problem with prelude-manager idmef-criteria that wouldn't read
external ruleset).
- Error out if GnuTLS initialization fail.
Pkgsrc changes:
- none
Changes since version 1.58:
===========================
1.98 Jul 08, 2008
* Precedence bug in Public::write() and Private::write()
(http://rt.cpan.org/Public/Bug/Display.html?id=37489)
Thanks to HRAFNKELL for reporting this!
1.96 Jul 06, 2008
* Set the version numbers in modules to $Crypt::RSA::Version::VERSIOn
1.95 Jul 06, 2008
* Remove STDERR error output in Crypt::RSA::SS::PSS.
(http://rt.cpan.org/Public/Bug/Display.html?id=29048)
* Allow symmetric cipher specification in Crypt::RSA::Key.
(http://rt.cpan.org/Public/Bug/Display.html?id=27929)
* Fix bug in AUTOLOAD.
(http://rt.cpan.org/Public/Bug/Display.html?id=26028)
* Use Module::Install instead of ExtUtils::MakeMaker
* Consolidate versioning to module version in Crypt::RSA::Version
(which is the reason for the version # jump)
* "use base" instead of @ISA
* "use FindBin" instead of the literal "lib" - this is safer.
Pkgsrc changes:
- none
Changes since version 1.21:
===========================
1.24 (Tue Jul 15 14:35:35 EDT 2008)
- Remove references to Artistic License from README.
1.23 (Tue Jul 15 05:18:37 EDT 2008)
- Applied patch from ANDK@cpan.org to avoid failures in reforgy.t
[http://rt.cpan.org/Ticket/Display.html?id=27585]
- Turned off warnings in the test suite. It is supposed to generate
warnings but it freaks out people.
- License changed to Artistic 2.0 | GPL for Fedora folks.
Pkgsrc changes:
- none
Changes since version 2.24:
===========================
2.29 Tue Apr 22 10:22:37 EDT 2008
- Fixed errors that occurred when encrypting/decrypting utf8 strings
in Perl's more recent than 5.8.8.
2.28 Mon Mar 31 10:46:25 EDT 2008
- Fixed bug in onesandzeroes test that causes it to fail with
Rijndael module is not installed.
2.27 Fri Mar 28 10:13:32 EDT 2008
- When taint mode is turned on and user is using a tainted key,
explicitly check tainting of key in order to avoid "cryptic"
failure messages from some crypt modules.
2.26 Thu Mar 20 16:41:23 EDT 2008
- Fixed onezeropadding test, which was not reporting its test count
properly.
2.25 Fri Jan 11 15:26:27 EST 2008
- Fixed failure of oneandzeroes padding when plaintext size is
an even multiple of blocksize.
- Added new "rijndael_compat" padding method, which is compatible
with the oneandzeroes padding method used by Crypt::Rijndael in
CBC mode.
Pkgsrc changes:
- none
Changes since version 5.45:
===========================
5.47 Wed Apr 30 04:00:54 MST 2008
- modified Makefile.PL to install in core for Perls >= 5.10
-- thanks to Jerry Hedden for patch
- changed from #include <> to #include "" in SHA.xs
-- some platforms not able to find SHA source files
-- thanks to Alexandr Ciornii for testing
- moved .pm file to appropriate lib directory
- minor addition to META.yml
5.46 Wed Apr 9 05:04:00 MST 2008
- modified Addfile to recognize leading and trailing
whitespace in filenames (ref. rt.cpan.org #34690)
- minor C source code modification (ref. hmac.c)
- use const in sha.c for clean builds with -Wwrite-strings
-- thanks to Robin Barker for patch
(I didn't try whether it still works on 4.0. Would be nice if
someone did it.)
-supply an example pam.conf file
-slow down to avoid abuse, better cleanup in error cases, more paranoia
thanks to Joerg for suggestions
- fixed dependencies (required)
ChangeLog:
1.06 - Wed Apr 23 13:14:34 2008
* This release has a compiler-bug workaround for Sun C 5.9
identified by Andy Armstrong. No, really, it was a compiler
bug: http://in.opensolaris.org/jive/thread.jspa?threadID=53641&tstart=0
* You don't need to upgrade if you already have 1.05.
Changelog:
0.11 Wed Oct 31 20:26:13 2007
- fixed __reflect error
0.12 Sat Nov 3 10:11:42 2007
- Debug output removed
0.13 Sun Nov 4 11:22:54 2007
- fixed tests
0.14 Mon Nov 5 08:10:11 2007
- fixed __reflect error in non XS part
The Crypt::GPG module provides access to the functionality of the
GnuPG (www.gnupg.org) encryption tool through an object oriented
interface.
It provides methods for encryption, decryption, signing, signature
verification, key generation, key certification, export and import.
Key-server access is on the todo list.
Two crashes discovered using the Codenomicon TLS test suite, as reported
in CVE-2008-0891 and CVE-2008-1672, were fixed. The root CA certificates
of commercial CAs were removed from the distribution. Functions were added
to implement RFC3394 compatible AES key wrapping. Utility functions to
handle ASN1 structures were added. The certificate status request TLS
extension, as defined in RFC3546, was implemented. Several other bugfixes
and enhancements were made.
660) The -i flag should imply resetting the environment, as it did in
sudo version prior to 1.6.9. Also, the -i and -E flags are
mutually exclusive.
661) Fixed the configure test for dirfd() under Linux.
662) Fixed test for whether -lintl is required to link.
663) Changed how sudo handles the child process when sending mail.
This fixes a problem on Linux with the mail_always option.
664) Fixed a problem with line continuation characters inside of
quoted strings.
