- Added support for checking permissions in cvm-qmail. See discussion
of $CVM_QMAIL_CHECK_PERMS in cvm-qmail.html
- Added support for I/O timeouts for cvm-local modules.
- Fixed the SQLite module to copy the row data.
- Fixed cvm-qmail dieing if control/locals is missing.
pkgsrc changes: set LICENSE and support DESTDIR.
pkgsrc changes:
- Adjusting dependencies
- Removing compatibility patches which are all applied upstream
Upstream changes:
1.36 30.01.2010
- Fix problems with building on GNU/kFreeBSD, to do with use of pack
instread of sockaddr_in. Patched by Debian Perl Group. (Closes RT#40144)
- Fixed a compile problem in t/local/ptr_cast_test.c for some gcc
versions. Reported by "Ryan McGuigan via RT". (Closes RT#52525)
- Improved OpenSSL detection on Win32/strawberry perl. Patch provided
by kmx. (Closes RT#49287)
- Fix test failures on some 64-bit platforms. (Closes RT#53585)
- Make X509_NAME_get_text_by_NID return its result without a trailing NUL.
Patched by Steffen Ullrich. (Closes RT#35754)
- SSL_set_session_secret_cb required for EAP-FAST is now enabled for both
SSL_F_SSL_SET_HELLO_EXTENSION and
SSL_F_SSL_SET_SESSION_TICKET_EXT. The name of this #define
changed after 0.9.8i. SSL_set_hello_extension is not available after
0.9.8i.
- Added SSL_CTX_get_client_CA_list sk_X509_NAME_free sk_X509_NAME_num
sk_X509_NAME_value SSL_get_client_CA_list, from patch provided by
Joerg Schneider
- Added EVP_add_digest and EVP_sha256 (if available)
- Improve documentation on callback functions.
- Stop looping forever when writing to broken connections. Patched by
Martin Mares. (Closes RT#44170)
- Patches from "Martijn van Beers via RT" to add SSL_SENT_SHUTDOWN
and SSL_RECEIVED_SHUTDOWN, remove broken URLs,
and to fix some documentation issues.
- Various changes to build with OpenSSL 1.0 beta1:
SSL_SESSION_cmp has been removed
return type of SSL_CTX_sessions changed in an ugly way
- Fixed a build problem reported by SISYPHUS:
On Windows Vista64, ActivePerl 5.10.0 (build 1004, x64), running 'nmake
test', the process hangs forever when it comes to building the test
executable (as the executable fails to build).
- Applied patch from ecmenifee in to improve handling of errors in
ssl_write_all. (Closes RT#48132)
- Patch to permit compile and testing on OS/2 submitted by Ilya
Zakharevich.
- Fixed compile problems with openssl-1.0.0-beta3 due to MD2 now being
optional. Reported by paul [...] city-fan.org.
- Fixed compile problems with openssl-0.9.7 and earlier with undefined
symbol EVP_sha256. Reported by paul [...] city-fan.org.
- Fixed a typo reported by Dan Dascalescu.
- added RIPEMD160 digest function. Patch provided by dkg.
Upstream changes:
0.44
- solve bug on rsync methods not correctly handling
pass-through options carrying an argument (bug report by
Daiju Kito)
- support several verbose levels in rsync methods
- document spurious warnings that appear when tty => 1 is
given and stdin is not attached to a tty
0.43 Dec 14, 2009
- call ssh with -tt instead of -t to force remote tty
allocation even when stdin is not attached to one locally
(bug report by Todd E. Rinaldo)
0.42 Dec 5, 2009
- add FAQ section
- add commercial support offering
- add pointer to my wishlist :-)
0.41_03 Nov 16, 2009
- add testing known_hosts to MANIFEST
- some bits where missing from 0.40
- allow also keyboard-interactive authentication when password
is given (bug report by Todd E. Rinaldo)
0.40 Nov 14, 2009
- DESTROY was clobbering $@ (bug report by Todd E. Rinaldo)
- when password authentication is requested add flags to ssh
master command to disable other auth. options
- document how to integrate Net::OpenSSH with Expect
0.39 Oct 10, 2009
- use SIGTERM instead of SIGHUP to kill lazy SSH master
- on 1_run.t remote commands could be aliased bug (report and
patch by Danijel Tasov)
- add methods for external master PID handling
- add 'all' tag to Net::OpenSSH::Constants
- check SSH client version from Makefile.PL
- work around L<Foo::Bar> links in POD being rendered as "the
Foo::Bar manpage" by some POD backends.
0.38 Sep 25, 2009
- remove alpha-status warning from docs!
- add debug support to master killing
- DESTROY was generating warnings when called before the
master connection had been established successfully
- add variable expansion feature
- minor doc corrections
0.37 Sep 15, 2009
- add support for stdout_file, stderr_file and stdin_file
options
Upstream changes:
0.26 Sun Nov 22 2009 11:01:13
- Change subclassing test to generate a 512 bit key in order to
work around an odd issue seen on some 64-bit redhat systems.
(CPAN bug 45498)
pkgsrc changes:
- Updating COMMENT to new short description from upstream
Upstream changes:
1.09 - Sun Jan 17 12:00:33 2010
* Clarify in the Makefile.PL that this is under LGPL.
* There are no code changes
scheduled import of www/p5-Catalyst-Authentication-Store-Htpasswd,
which is recommended by the update of editors/p5-Padre-Plugin-Catalyst.
This module provides a convenient, object-oriented interface to Apache-style
.htpasswd files. It supports passwords encrypted via MD5, SHA1, and crypt,
as well as plain (cleartext) passwords. Additional fields after username
and password, if present, are accessible via the extra_info array.
5.48 Mon Jan 4 16:32:52 MST 2010
- fixed "shasum -a0" option (ref. rt.cpan.org #53319)
-- incorrectly accepted 0 as a valid algorithm
-- thanks to Zefram for patch
- updated URL for NIST test vectors
-- ref. files t/nistbit.t, t/nistbyte.t
-- thanks to Leon Brocard for patch
Version 4.29, 2009.12.02, urgency: MEDIUM:
* New features sponsored by Searchtech Limited http://www.astraweb.com/
- sessiond, a high performance SSL session cache was built for stunnel.
A new service-level "sessiond" option was added. sessiond is
available for download on ftp://stunnel.mirt.net/stunnel/sessiond/ .
stunnel clusters will be a lot faster, now!
* Bugfixes
- "execargs" defaults to the "exec" parameter (thx to Peter Pentchev).
- Compilation fixes added for AIX and old versions of OpenSSL.
- Missing "fips" option was added to the manual.
Version 4.28, 2009.11.08, urgency: MEDIUM:
* New features
- Win32 DLLs for OpenSSL 0.9.8l.
- Transparent proxy support on Linux kernels >=2.6.28.
See the manual for details.
- New socket options to control TCP keepalive on Linux:
TCP_KEEPCNT, TCP_KEEPIDLE, TCP_KEEPINTVL.
- SSL options updated for the recent version of OpenSSL library.
* Bugfixes
- A serious bug in asynchronous shutdown code fixed.
- Data alignment updated in libwrap.c.
- Polish manual encoding fixed.
- Notes on compression implementation in OpenSSL added to the manual.
pkgsrc changes:
- Adjusting license definition
Upstream changes:
1.08 - Wed Dec 9 18:20:22 2009
* Promoting development release to full release.
* This release mainly clarifies the licensing.
1.07_02 - Tue Nov 4 02:21:27 2008
* RT #40511: Give a better warning when you try to use tainted
data as an initialization vector. If anyone wants to use
tainted data, they can patch the code to accept it.
1.07_01 - Tue Oct 14 08:59:58 2008
* Clarify that these files are under the Lesser GNU Public License
(also known as the Library GNU Public License).
changes:
* The default for --include-cert is now to include all certificates
in the chain except for the root certificate.
* Numerical values may now be used as an alternative to the
debug-level keywords.
* The GPGSM --audit-log feature is now more complete.
* GPG now supports DNS lookups for SRV, PKA and CERT on W32.
* New GPGSM option --ignore-cert-extension.
* New and changed passphrases are now created with an iteration count
requiring about 100ms of CPU work.
Approved by agc@.
Changes between 0.9.8k and 0.9.8l [5 Nov 2009]
*) Disable renegotiation completely - this fixes a severe security
problem (CVE-2009-3555) at the cost of breaking all
renegotiation. Renegotiation can be re-enabled by setting
SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION in s3->flags at
run-time. This is really not recommended unless you know what
you're doing.
[Ben Laurie]
* Not only interix-3, but also treat all interix release, allow to build on SUA.
* Gave up randomized image base, use 0x5e000000, as in mk/platform/Interix.mk.
It is workaround of PR 42369.
* Use -D_REENTRANT flags for threads.
* replace -Wl,soname= linker flags with -Wl,h, for Interix