Changes to 1.99.19/20100212
+ plug some memory leaks, from cppcheck via Thomas Klausner (thanks!)
+ make the singular of time units read correctly
+ print decryption key info properly when prompting for passphrase
Changes to 1.99.18/20100211
small steps, but lots of them - this is the first one.
+ print out the correct key information when signing files and memory.
what used to be printed out was the copy of the public key which is
stored as part of the private key. does not address the info shown
when decrypting, since that is done in a different way, by callback.
this whole part needs to be re-written, but will have to wait for two
good hands.
Changes to 1.99.17/20100206
+ get rid of last 2 static variables - use the __ops_printstate_t struct
passed down
+ get rid of 3 occurrences in reader.c where an automatic buffer was
addressed (as part of a subsequent callback) by a struct field from
a calling scope, and only valid within the callback. Found by
Flexelint and phk - many thanks.
+ print filename/"memory" when time problems occur when validating signatures
Changes to 1.99.16/20100205
+ minor simplifications to netpgp(1) internally
+ fix a bug in netpgp_verify_file where a non-existent file while listing
packets would cause a SIGSEGV
+ add duration arg to netpgp(1), and check for validity when verifying
signatures
+ add birthtime arg to netpgp(1), and check for validity when verifying
signatures
+ add netpgp commands to print pubkey, if desired
+ allow the passphrase for the signature to be taken from --pass-fd
+ get rid of static indent value when printing packet contents
+ print signature validity times when verifying a file's signature
pkgsrc changes:
- Adding license definition
- Adding pgp2-compat option which turns on idea dependency (defaultly off)
- Reordering and updating dependencies to cover fixes
Upstream changes:
1.04 2009.12.10
- Keyring lookup by uid is now case-insensitive to match the behavior
in GnuPG. Fixes http://rt.cpan.org/Public/Bug/Display.html?id=2225
- Got rid of a warning in Crypt::OpenPGP::SKSessionKey related to
broken calculation of the session_key; that session_key value was
never used, so I removed the code generating the key, hence removing
the warning. Addresses
http://rt.cpan.org/Public/Bug/Display.html?id=29950
- Default key and config file locations (in compatibility mode) now work
on Windows. Fixes http://rt.cpan.org/Public/Bug/Display.html?id=18815
- Updated to use Module::Install. Addresses
http://rt.cpan.org/Public/Bug/Display.html?id=35983 and
http://rt.cpan.org/Public/Bug/Display.html?id=31411
- Made all dependencies required, rather than optional based on
feature packages. Simplifies distribution and packaging, and addresses
http://rt.cpan.org/Public/Bug/Display.html?id=41426
- Removed sign() and auto_install() from Makefile.PL.
- Removed magic svn keywords.
- Converted test suite to Test::More.
- Added author tests (xt/) and modified SYNOPSIS for all modules to
make them pass the compilation test.
- Added support for checking permissions in cvm-qmail. See discussion
of $CVM_QMAIL_CHECK_PERMS in cvm-qmail.html
- Added support for I/O timeouts for cvm-local modules.
- Fixed the SQLite module to copy the row data.
- Fixed cvm-qmail dieing if control/locals is missing.
pkgsrc changes: set LICENSE and support DESTDIR.
pkgsrc changes:
- Adjusting dependencies
- Removing compatibility patches which are all applied upstream
Upstream changes:
1.36 30.01.2010
- Fix problems with building on GNU/kFreeBSD, to do with use of pack
instread of sockaddr_in. Patched by Debian Perl Group. (Closes RT#40144)
- Fixed a compile problem in t/local/ptr_cast_test.c for some gcc
versions. Reported by "Ryan McGuigan via RT". (Closes RT#52525)
- Improved OpenSSL detection on Win32/strawberry perl. Patch provided
by kmx. (Closes RT#49287)
- Fix test failures on some 64-bit platforms. (Closes RT#53585)
- Make X509_NAME_get_text_by_NID return its result without a trailing NUL.
Patched by Steffen Ullrich. (Closes RT#35754)
- SSL_set_session_secret_cb required for EAP-FAST is now enabled for both
SSL_F_SSL_SET_HELLO_EXTENSION and
SSL_F_SSL_SET_SESSION_TICKET_EXT. The name of this #define
changed after 0.9.8i. SSL_set_hello_extension is not available after
0.9.8i.
- Added SSL_CTX_get_client_CA_list sk_X509_NAME_free sk_X509_NAME_num
sk_X509_NAME_value SSL_get_client_CA_list, from patch provided by
Joerg Schneider
- Added EVP_add_digest and EVP_sha256 (if available)
- Improve documentation on callback functions.
- Stop looping forever when writing to broken connections. Patched by
Martin Mares. (Closes RT#44170)
- Patches from "Martijn van Beers via RT" to add SSL_SENT_SHUTDOWN
and SSL_RECEIVED_SHUTDOWN, remove broken URLs,
and to fix some documentation issues.
- Various changes to build with OpenSSL 1.0 beta1:
SSL_SESSION_cmp has been removed
return type of SSL_CTX_sessions changed in an ugly way
- Fixed a build problem reported by SISYPHUS:
On Windows Vista64, ActivePerl 5.10.0 (build 1004, x64), running 'nmake
test', the process hangs forever when it comes to building the test
executable (as the executable fails to build).
- Applied patch from ecmenifee in to improve handling of errors in
ssl_write_all. (Closes RT#48132)
- Patch to permit compile and testing on OS/2 submitted by Ilya
Zakharevich.
- Fixed compile problems with openssl-1.0.0-beta3 due to MD2 now being
optional. Reported by paul [...] city-fan.org.
- Fixed compile problems with openssl-0.9.7 and earlier with undefined
symbol EVP_sha256. Reported by paul [...] city-fan.org.
- Fixed a typo reported by Dan Dascalescu.
- added RIPEMD160 digest function. Patch provided by dkg.
Upstream changes:
0.44
- solve bug on rsync methods not correctly handling
pass-through options carrying an argument (bug report by
Daiju Kito)
- support several verbose levels in rsync methods
- document spurious warnings that appear when tty => 1 is
given and stdin is not attached to a tty
0.43 Dec 14, 2009
- call ssh with -tt instead of -t to force remote tty
allocation even when stdin is not attached to one locally
(bug report by Todd E. Rinaldo)
0.42 Dec 5, 2009
- add FAQ section
- add commercial support offering
- add pointer to my wishlist :-)
0.41_03 Nov 16, 2009
- add testing known_hosts to MANIFEST
- some bits where missing from 0.40
- allow also keyboard-interactive authentication when password
is given (bug report by Todd E. Rinaldo)
0.40 Nov 14, 2009
- DESTROY was clobbering $@ (bug report by Todd E. Rinaldo)
- when password authentication is requested add flags to ssh
master command to disable other auth. options
- document how to integrate Net::OpenSSH with Expect
0.39 Oct 10, 2009
- use SIGTERM instead of SIGHUP to kill lazy SSH master
- on 1_run.t remote commands could be aliased bug (report and
patch by Danijel Tasov)
- add methods for external master PID handling
- add 'all' tag to Net::OpenSSH::Constants
- check SSH client version from Makefile.PL
- work around L<Foo::Bar> links in POD being rendered as "the
Foo::Bar manpage" by some POD backends.
0.38 Sep 25, 2009
- remove alpha-status warning from docs!
- add debug support to master killing
- DESTROY was generating warnings when called before the
master connection had been established successfully
- add variable expansion feature
- minor doc corrections
0.37 Sep 15, 2009
- add support for stdout_file, stderr_file and stdin_file
options
Upstream changes:
0.26 Sun Nov 22 2009 11:01:13
- Change subclassing test to generate a 512 bit key in order to
work around an odd issue seen on some 64-bit redhat systems.
(CPAN bug 45498)
pkgsrc changes:
- Updating COMMENT to new short description from upstream
Upstream changes:
1.09 - Sun Jan 17 12:00:33 2010
* Clarify in the Makefile.PL that this is under LGPL.
* There are no code changes
scheduled import of www/p5-Catalyst-Authentication-Store-Htpasswd,
which is recommended by the update of editors/p5-Padre-Plugin-Catalyst.
This module provides a convenient, object-oriented interface to Apache-style
.htpasswd files. It supports passwords encrypted via MD5, SHA1, and crypt,
as well as plain (cleartext) passwords. Additional fields after username
and password, if present, are accessible via the extra_info array.
5.48 Mon Jan 4 16:32:52 MST 2010
- fixed "shasum -a0" option (ref. rt.cpan.org #53319)
-- incorrectly accepted 0 as a valid algorithm
-- thanks to Zefram for patch
- updated URL for NIST test vectors
-- ref. files t/nistbit.t, t/nistbyte.t
-- thanks to Leon Brocard for patch
Version 4.29, 2009.12.02, urgency: MEDIUM:
* New features sponsored by Searchtech Limited http://www.astraweb.com/
- sessiond, a high performance SSL session cache was built for stunnel.
A new service-level "sessiond" option was added. sessiond is
available for download on ftp://stunnel.mirt.net/stunnel/sessiond/ .
stunnel clusters will be a lot faster, now!
* Bugfixes
- "execargs" defaults to the "exec" parameter (thx to Peter Pentchev).
- Compilation fixes added for AIX and old versions of OpenSSL.
- Missing "fips" option was added to the manual.
Version 4.28, 2009.11.08, urgency: MEDIUM:
* New features
- Win32 DLLs for OpenSSL 0.9.8l.
- Transparent proxy support on Linux kernels >=2.6.28.
See the manual for details.
- New socket options to control TCP keepalive on Linux:
TCP_KEEPCNT, TCP_KEEPIDLE, TCP_KEEPINTVL.
- SSL options updated for the recent version of OpenSSL library.
* Bugfixes
- A serious bug in asynchronous shutdown code fixed.
- Data alignment updated in libwrap.c.
- Polish manual encoding fixed.
- Notes on compression implementation in OpenSSL added to the manual.
pkgsrc changes:
- Adjusting license definition
Upstream changes:
1.08 - Wed Dec 9 18:20:22 2009
* Promoting development release to full release.
* This release mainly clarifies the licensing.
1.07_02 - Tue Nov 4 02:21:27 2008
* RT #40511: Give a better warning when you try to use tainted
data as an initialization vector. If anyone wants to use
tainted data, they can patch the code to accept it.
1.07_01 - Tue Oct 14 08:59:58 2008
* Clarify that these files are under the Lesser GNU Public License
(also known as the Library GNU Public License).
