Changelog:
Version 4.46, 2011.11.04, urgency: LOW:
* New features
- Added Unix socket support (e.g. "connect = /var/run/stunnel/socket").
- Added "verify = 4" mode to ignore CA chain and only verify peer certificate.
- Removed the limit of 16 IP addresses for a single 'connect' option.
- Removed the limit of 256 stunnel.conf sections in PTHREAD threading model.
It is still not possible have more than 63 sections on WIN32 platform.
http://msdn.microsoft.com/en-us/library/windows/desktop/ms740141(v=vs.85).aspx
* Optimizations
- Reduced per-connection memory usage.
- Performed a major refactoring of internal data structures. Extensive
internal testing was performed, but some regression bugs are expected.
* Bugfixes
- Fixed WIN32 compilation with Mingw32.
- Fixed non-blocking API emulation layer in UCONTEXT threading model.
- Fixed signal handling in UCONTEXT threading model.
Changes from previous:
0.52 May 9, 2011
- release as stable
- skip bad passwd test when IO::Pty is not available
0.51_12 May 2, 2011
- require version 2 of the SSH protocol (bug report by Jo
Rhett)
- remove harmless "my $foo = ... if ..." bug
0.51_11 Apr 24, 2011
- encoding handling in sftp method was broken (bug report and
solution by Todd Rinaldo)
- sftp method was broken (regression)
- better support for sharing SSH connections with children
- more tests
- add sample for usage with Net::Telnet
- bad sample in documentation corrected
0.51_10 Mar 29, 2011
- error status was not reset between calls (regression)
- remove internal line numbers from error messages
- encoding errors were not propageted in pipe_in and pipe_out
methods
- minor debuging cleanup
- better messages on bad encoding errors
0.51_09 Mar 29, 2011
- add support for passphrase protected keys
- add support for passing the private key path as an explicit
constructor option
- bug solved on password handling
- bug solved in _fileno_dup_over
- remove redundant _check_master_and_clear_error
- more tests
- some doc improvements
0.51_08 Mar 28, 2011
- pipe_in and pipe_out were not correctly setting error status
on failure
- support argument_encoding in pipe_in and pipe_out
- document how to set StrictHostKeyChecking=no
- replace @error_prefix arguments by a localized stack
- use _load_module for Encode loading
- remove no-encoding hack on _master_ctl
0.51_07 Mar 22, 2011
- add encoding support
- undef $SIG{CHLD} inside blocking methods
0.51_06 Mar 16, 2011
- make hostname argument to constructor optional when
external_master is set
- better error handling in constructor
- s/reuse_master/external_master/. I never were happy with the
old option name.
- some minor doc corrections
0.51_05 Mar 15, 2011
- implement reuse_master feature
- do not propagate extra arguments from wait_for_master to
_wait_for_master
- accept ssh_opts in make_remote_command
0.51_04 Mar 10, 2011
- solve "Not enough arguments for grep" bug (reported by Tom
Wittbrodt)
- some documentation improvements
0.51_03 Mar 9, 2011
- error message corrected
- troubleshooting guide improved
- add pointer to OpenSSH Wikibook
- add autosudo.pl sample
- implement stdintout_dpipe_is_parent feature
0.51_02 Feb 10, 2011
- add support for test method
- add support for dpipe feature
- simplify _wait_for_master code
- remove spurious warnings generated when control command
failed to run (bug report by jaiieq from Perlmonks)
- timeout at object level where being ignored by _waitpid
- document how to run detached remote processes
0.51_01 Feb 1, 2011
- add support for kill_ssh_on_timeout feature and better
timeout handling
- set ssh option ServerAliveInterval
- system could return -1 on error instead of false
- add change_password.pl sample
- some tests were failing when using csh as the remote shell
(bug report by Scott Davis)
2.4
===
* Python 3 support! (Thorsten E. Behrens, Anders Sundman)
PyCrypto now supports every version of Python from 2.1 through 3.2.
* Timing-attack countermeasures in _fastmath: When built against
libgmp version 5 or later, we use mpz_powm_sec instead of mpz_powm.
This should prevent the timing attack described by Geremy Condra at
PyCon 2011:
http://blip.tv/pycon-us-videos-2009-2010-2011/pycon-2011-through-the-side-channel-timing-and-implementation-attacks-in-python-4897955
* New hash modules (for Python >= 2.5 only): SHA224, SHA384, and
SHA512 (Frédéric Bertolus)
* Configuration using GNU autoconf. This should help fix a bunch of
build issues.
* Support using MPIR as an alternative to GMP.
* Improve the test command in setup.py, by allowing tests to be
performed on a single sub-package or module only. (Legrandin)
You can now do something like this:
python setup.py test -m Hash.SHA256 --skip-slow-tests
* Fix double-decref of "counter" when Cipher object initialisation
fails (Ryan Kelly)
* Apply patches from Debian's python-crypto 2.3-3 package (Jan
Dittberner, Sebastian Ramacher):
- fix-RSA-generate-exception.patch
- epydoc-exclude-introspect.patch
- no-usr-local.patch
* Fix launchpad bug #702835: "Import key code is not compatible with
GMP library" (Legrandin)
* More tests, better documentation, various bugfixes.
freshclam/manager.c: fix error when compiling without DNS support (bb#3056)
libclamav/pdf.c: flag and dump PDF objects with /Launch (bb #3514)
libclamav/bytecode.c,bytecode_api.c: fix recursion level crash
Changes from previous;
0.171 Tue Aug 09 13:09:00 BST 2011
- re-disting because I failed to notice MYMETA.* in the dist
0.170 Tue Aug 09 12:17:00 BST 2011
- fix user inflation code to handle arbitrary usernames
Taking a hint from the similarly-named Java Cryptography Architecture,
QCA aims to provide a straightforward and cross-platform crypto
API, using Qt datatypes and conventions. QCA separates the API from
the implementation, using plugins known as Providers. The advantage
of this model is to allow applications to avoid linking to or
explicitly depending on any particular cryptographic library. This
allows one to easily change or upgrade crypto implementations
without even needing to recompile the application. QCA should work
everywhere Qt does, including Windows/Unix/MacOSX.
Capabilities:
TLS, CMS, X.509, RSA, DSA, Diffie-Hellman, PKCS#7, PKCS#12, SHA0,
SHA1, SHA224, SHA256, SHA384, SHA512, MD2, MD4, MD5, RIPEMD160,
Blowfish, DES, 3DES, AES128, AES192, AES256, CAST5, HMAC(SHA1, MD5,
RIPEMD160), PBKDF1(MD2, SHA1), PBKDF2(SHA1)
This is the GnuPG plugin.
Packaged by jfranz@bsdprojects.net.
1.17 2011.06.16
- Upgrade to Module::Install 1.01
- Added support for OpenSSL 1.0.0 dsaparam format change.
- Requires perl 5.6 now
- Fixes for 64-bit support
While here, fix SA46275, with upstream patch from
https://rt.cpan.org/Public/Bug/Display.html?id=71421
