Pkgsrc changes:
- none
Changes since version 2.24:
===========================
2.29 Tue Apr 22 10:22:37 EDT 2008
- Fixed errors that occurred when encrypting/decrypting utf8 strings
in Perl's more recent than 5.8.8.
2.28 Mon Mar 31 10:46:25 EDT 2008
- Fixed bug in onesandzeroes test that causes it to fail with
Rijndael module is not installed.
2.27 Fri Mar 28 10:13:32 EDT 2008
- When taint mode is turned on and user is using a tainted key,
explicitly check tainting of key in order to avoid "cryptic"
failure messages from some crypt modules.
2.26 Thu Mar 20 16:41:23 EDT 2008
- Fixed onezeropadding test, which was not reporting its test count
properly.
2.25 Fri Jan 11 15:26:27 EST 2008
- Fixed failure of oneandzeroes padding when plaintext size is
an even multiple of blocksize.
- Added new "rijndael_compat" padding method, which is compatible
with the oneandzeroes padding method used by Crypt::Rijndael in
CBC mode.
Pkgsrc changes:
- The package supports installation to DESTDIR.
Changes since version 2.19:
===========================
Revision history for Perl extension Crypt::CBC.
2.24 Fri Sep 28 11:21:07 EDT 2007
- Fixed failure to run under taint checks with Crypt::Rijndael
or Crypt::OpenSSL::AES (and maybe other Crypt modules). See
http://rt.cpan.org/Public/Bug/Display.html?id=29646.
2.23 Fri Apr 13 14:50:21 EDT 2007
- Added checks for other implementations of CBC which add no
standard padding at all when cipher text is an even multiple
of the block size.
2.22 Sun Oct 29 16:50:32 EST 2006
- Fixed bug in which plaintext encrypted with the -literal_key
option could not be decrypted using a new object created with
the same -literal_key.
- Added documentation confirming that -literal_key must be
accompanied by a -header of 'none' and a manually specificied IV.
2.21 Mon Oct 16 19:26:26 EDT 2006
- Fixed bug in which new() failed to work when first option is
-literal_key.
2.20 Sat Aug 12 22:30:53 EDT 2006
- Added ability to pass a preinitialized Crypt::* block cipher
object instead of the class name.
- Fixed a bug when processing -literal_key.
This resolves PR pkg/34398 by Martin Wilke.
Pkgsrc changes:
- none
Changes since version 2.17:
===========================
2.19 Tue Jul 18 18:39:57 EDT 2006
- Renamed Crypt::CBC-2.16-vulnerability.txt so that package installs
correctly under Cygwin
2.18 2006/06/06 23:17:04
- added more documentation describing how to achieve compatibility
with old encrypted messages
Pkgsrc changes:
none
Changes since version 2.15:
===========================
2.17 Mon Jan 9 18:22:51 EST 2006
-IMPORTANT NOTE: Versions of this module prior to 2.17 were incorrectly
using 8 byte IVs when generating the old-style RandomIV style header
(as opposed to the new-style random salt header). This affects data
encrypted using the Rijndael algorithm, which has a 16 byte blocksize,
and is a significant security issue.
The bug has been corrected in versions 2.17 and higher by making it
impossible to use 16-byte block ciphers with RandomIV headers. You may
still read legacy encrypted data by explicitly passing the
-insecure_legacy_decrypt option to Crypt::CBC->new().
-The salt, iv and key are now reset before each complete encryption
cycle. This avoids inadvertent reuse of the same salt.
-A new -header option has been added that allows you to select
among the various types of headers, and avoids the ambiguity
of having multiple interacting options.
-A new random_bytes() method provides access to /dev/urandom on
suitably-equipped hardware.
2.16 Tue Dec 6 14:17:45 EST 2005
- Added two new options to new():
-keysize => <bytes> Force the keysize -- useful for Blowfish
-blocksize => <bytes> Force the blocksize -- not known to be useful
("-keysize=>16" is necessary to decrypt OpenSSL messages encrypted
with Blowfish)
Relevant changes since version 2.08:
=====================================
- RandomIV in message header overrides manually-supplied -salt, as one
would expect it should.
- Added OpenSSL compatibility
- Salt and IV generators take advantage of /dev/urandom device, if available
- Added regression test for PCBC mode
- Fixed bug reported by Joshua Brown that caused certain length
strings to not encrypt properly if ending in a "0" character.
- Fixed Rijndael compat problems
Taking maintainership.
Needs p5-Crypt-Rijndael for running the tests.
Adapted to buildlink3.
Changes sinces 2.02
===================
-Bug fix from Chris Laas to fix custom padding
-Bug fixes from Stephen Waters to fix space padding
-Lots of regression tests from Stephen Waters
-Makes zero-and-one padding compatible with Crypt::Rijndael::MODE_CBC.
-Lots of improvements to padding mechanisms from Stephen Waters
-Patch from Andy Turner <turner@mikomi.org> to allow backward
compatibility with old versions when key length exceeded max.
Changes :
- Patches for foreign program compatibility, initialization vectors
and padding methods from Jody Biggs <jody.biggs@paymybills.com>
- Removed debugging code
- Used Digest-MD5
