All checksums have been double-checked against existing RMD160 and
SHA512 hashes
Unfetchable distfiles (fetched conditionally?):
./security/cyrus-sasl/distinfo cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2
2.14 2017.07.03
- DSA key bugfix: verify would fail if r had unnecessary leading zeros
2.13 2017.06.30
- Bug Fix: AES-CBC IV length needs to be blocksize, not keysize
- Bug Fix: DES3 init needs to pass key as variable to avoid scalar error
- Bug Fix: Packet padlen decode was using signed 8-bit unpack (should be unsigned)
- Fix CBC inefficiency
- Fix Key not being loaded prior to Agent use [ https://github.com/lkinley/Net-SSH-Perl/issues/10 ]
Pkgsrc changes:
* version number, checksum
* Comment out WRKSRC manipulation, not needed for 2.12.
Upstream changes:
2.12 2017.04.22
- Fix inefficiency in CTR, revealed by profiling with Devel::NYTProf
- Avoid warnings in Host from strange/invalid known_host entries
- Improve documentation of newer features
2.11 2017.04.16
- Packet bugfix: Introduced in 2.07, when ETM Mac is used, sometimes
not enough incoming bytes were available to fully read stored MAC
- DSA key bugfix: verify would fail if r/s had highest bit set
2.10 2017.03.23
- Add curve25519-sha256 alias for curve25519-sha256@libssh.org key exchange
- Bugfix for when unsupported key types are encountered
- Add support for '-' syntax in options, including wildcards
- Add wildcard support for '+' syntax in options
--------------------------------------
2.09 2016.10.26
- Fix creation of keys in ecdsa, ed25519 key classes
- Update eg/pssh-keygen to create ecdsa, ed25519 keys
- Handle hostkeys-00@openssh.com global requests
- Add support for 'CheckHostIP' and 'UpdateHostKeys' config options
- Refactor handling of '+' syntax in options
- Key fingerprints now output sha256-base64 by default.
(md5 can be specified with FingerprintHash config option)
- Add id_ed25519, id_ecdsa to default identity files
- Documentation updates in Perl.pm to reflect new functionality in 2.XX
2.08 2016.10.14
- Use sha512 instead of md5 in Net::SSH::Perl::Cipher->new_from_key_str()
to provide ChachaPoly with enough key material
Tests in t/05-cipher.t should now pass on all platforms [ CPAN bug #114077 ]
- Add AES128_CBC to cipher tests
- Info on using features not enabled by default added to README
2.07 2016.10.13
- Fix blowfish compilation on SunOS [CPAN bug #116323]
- Fix bug in Packet [CPAN bug #118335]
- Add support for '+' syntax in MACs option
- Remove hmac-sha1 from default MACs. It can re-enabled
by passing the option: 'MACs +hmac-sha1'
2.06 2016.10.04
- Add support for additional fixed Diffie-Hellman 2K, 4K and 8K groups
from OpenSSH 7.3 (draft-ietf-curdle-ssh-kex-sha2-03)
- Kex defaults now updated to draft-ietf-curdle-ssh-kex-sha2-03
recommendations (diffie-hellman-group-exchange-sha1 removed)
It can re-enabled by passing the option:
'KexAlgorithms +diffie-hellman-group-exchange-sha1'
2.05 2016.10.03
- Add support for '+' syntax in Ciphers, KexAlgorithms, HostKeyAlgorithms
options as in OpenSSH
2.04 2016.05.11
- Add ECDSA key support
- Improve extract_public() in Key.pm inspired by
https://github.com/renormalist/Net-SSH-Perl/pull/12
but implement comment with backwards compat with RSA/DSA datafellows
- Fix XS from being loaded more than once (warnings from Net::SFTP)
2.03 2016.05.06
- Fixes so that "make test" passes
2.02 2016.05.04
- Use CryptX to further reduce module depedencies
This eliminates the need for:
Math::Pari
Crypt::DH
Crypt::RSA
Crypt::DSA
Crypt::DES
Crypt::Blowfish
MIME::Base64
- Add support for rsa-sha2-512,rsa-sha2-256 signing with RSA keys
- Implement HashKnownHosts, KexAlgorithms, MACs config directives
- Add XS code for Chacha20, BSD Blowfish, Ed25519 routines
- Properly handle and create known_hosts entries when port is specified
- Remove obsolete ciphers, MACs, Kex from default list to duplicate
upcoming OpenSSH behavior
- Bug fixes
2.01 2016.02.19
- Use CryptX to reduce module depedencies
This eliminates the need for:
BSD::arc4random
Digest::MD5
Digest::SHA
Digest::HMAC_MD5
Crypt::OpenSSL::AES
2.00 2015.12.07
- Add Chacha20-Poly1305 cipher support for best security
(Requires Crypt::OpenSSH::ChachaPoly, see README)
- Add AES Cipher support in CTR mode (CBC mode supported in Ed25519
keys only)
- Add Group Exchange (RFC4523) Diffie-Hellman Key Exchange
- Add Curve25519 (curve25519-sha256@libssh.org) Key Exchange support
(Requires Crypt::Curve25519)
- Add hmac-sha2-256,hmac-sha2-512 MAC support
- Add hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com
Encrypt-then-MAC (ETM) MAC support
- Use BSD::arc4random for encrypted packet padding
- Add support for Ed25519 ssh/host keys (Requires Crypt::Ed25519)
Encrypted Ed25519 key support requires Crypt::OpenBSD::Blowfish
(See README for info)
- Default ciphers order is now chacha,aes,3des,blowfish,arcfour
- Default KEX order is now Curve25519, DHGEXSHA256, DHGEXSHA1, DH14, DH1
- Default MAC order is now hmac-sha2-512-etm@openssh.com,
hmac-sha2-256-etm@openssh.com, sha2-512, sha2-256, sha1, md5
- SSH Keys can now be in DOS format (no need to remove CR/LF)
- SOCKS proxy support via sub class Net::SSH:Perl::Proxy
- Now does not abort due to OpenSSH 6.8+ server
SSH2_MSG_GLOBAL_REQUEST messages for host key rotation
(pkgsrc changes)
- Adjust DEPENDS base upon above note (p5-CryptX related)
Problems found locating distfiles:
Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz
Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz
Package libidea: missing distfile libidea-0.8.2b.tar.gz
Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2
Package uvscan: missing distfile vlp4510e.tar.Z
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
{perl>=5.16.6,p5-ExtUtils-ParseXS>=3.15}:../../devel/p5-ExtUtils-ParseXS
since pkgsrc enforces the newest perl version anyway, so they
should always pick perl, but sometimes (pkg_add) don't due to the
design of the {,} syntax.
No effective change for the above reason.
Ok joerg
Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.
a) refer 'perl' in their Makefile, or
b) have a directory name of p5-*, or
c) have any dependency on any p5-* package
Like last time, where this caused no complaints.
to trigger/signal a rebuild for the transition 5.10.1 -> 5.12.1.
The list of packages is computed by finding all packages which end
up having either of PERL5_USE_PACKLIST, BUILDLINK_API_DEPENDS.perl,
or PERL5_PACKLIST defined in their make setup (tested via
"make show-vars VARNAMES=..."), minus the packages updated after
the perl package update.
sno@ was right after all, obache@ kindly asked and he@ led the
way. Thanks!
Pkgsrc changes:
o Adjust dependencies according to module requirements (added p5-Crypt-IDEA)
Upstream changes:
1.34 2009.02.01
- Rekey properly after 1 GB of data (rt.cpan.org #25044). Patch by
Peter Oliver.
- Don't try to process nonexistent or empty auth file (rt.cpan.org #41877).
- Fix typo in croak message (rt.cpan.org #42056), thanks to
jamie at audible.transient.net.
- Move 'use base' call after Crypt module loading, per suggestion
(rt.cpan.org #42051).
- Only apply stdin if defined in SSH1 - John Payne (rt.cpan.org #42583)
Pkgsrc changes:
o Adapt patch-aa, still needed for non-hanging tests...
Upstream changes:
1.33 2008.10.21
- Fix open() calls (rt.cpan.org #40020)
- Fix non-shell problem (rt.cpan.org #39980)
- Allow full agent forwarding (rt.cpan.org #32190)
- Handle hashed known_hosts files (Greg Sabino Mullane, rt.cpan.org #25175)
1.32 2008.10.16
- Add IO::Handle to Perl.pm (rt.cpan.org #40057, #35985)
- Minor test cleanups.
1.31 2008.10.02
- New co-maintainer, Greg Sabino Mullane (TURNSTEP).
- Prevent t/03-packet.t from hanging due to high file descriptor.
(altblue at n0i.net, rt.cpan.org #6101)
- Skip some tests if Math::GMP not installed (e.g. from choosing only
protocol 2 in Makefile.PL) (Greg Sabino Mullane, reported in
rt.cpan.org #25152)
- If ENV{HOME} is not set, use getpwuid. If both fail and the dir
is needed, we croak. (Greg Sabino Mullane, expanded from patch
by dgehl at inverse.ca in rt.cpan.org #25174)
- Fix incorrect logical/bitwise AND mixup (Peter.Haydon at uk.fujitsu.com,
rt.cpan.org #31490)
- Allow empty stdin for SSH2 (rcp at rcable.co.uk, rt.cpan.org #32730)
- Adjust terminal dimensions dynamically if Term::ReadKey is available
(john at sackheads.org, rt.cpan.org #34874)
to trigger/signal a rebuild for the transition 5.8.8 -> 5.10.0.
The list of packages is computed by finding all packages which end
up having either of PERL5_USE_PACKLIST, BUILDLINK_API_DEPENDS.perl,
or PERL5_PACKLIST defined in their make setup (tested via
"make show-vars VARNAMES=...").
1.30 2006.03.17
- Fix for local *READ/*WRITE tie problem in open2 function (Bas van
Sisseren).
- Add back 'use IO::Socket' to fix 'Can't locate object method "blocking"
via package "IO::Handle"' error (rt.cpan.org #15102).
- Allow "The socket is already in use" as well as "Address already in use"
to detect port already in use (for AIX, rt.cpan.org #16301).
- Use sysread (not <>) to read the version string to avoid mixing read
types and allow pre-version data (fix by Denis Bider, rt.cpan.org #14812).
- Fix warnings on empty hostfile lines (fix by JOHANL, rt.cpan.org #13750).
- Get the user's home directory from getpwuid() if the HOME environment
variable isn't set (rt.cpan.org #13434).
developer is officially maintaining the package.
The rationale for changing this from "tech-pkg" to "pkgsrc-users" is
that it implies that any user can try to maintain the package (by
submitting patches to the mailing list). Since the folks most likely
to care about the package are the folks that want to use it or are
already using it, this would leverage the energy of users who aren't
developers.
