File: Changes

package info (click to toggle)
libauthen-passphrase-perl 0.008-2
  • links: PTS, VCS
  • area: main
  • in suites: bullseye, buster, sid, stretch
  • size: 380 kB
  • ctags: 169
  • sloc: perl: 1,932; makefile: 2
file content (265 lines) | stat: -rw-r--r-- 8,780 bytes parent folder | download | duplicates (2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
version 0.008; 2012-02-04

  * bugfix: avoid passing magic variables $1 et al into functions where
    they might unexpectedly change value

  * bugfix: in A::P::SaltedDigest, when loading digest modules, use
    bugfixed version of Module::Runtime (which works around a bug in
    Perl 5.8 and 5.10 regarding loading context-sensitive modules)

  * in base class documentation, indicate which algorithms should be
    preferred for new applications, and discuss side-channel attacks

  * in A::P::BlowfishCrypt documentation, discuss selection of cost
    parameter

  * for A::P::MySQL41, get sha1() from Digest::SHA rather than
    Digest::SHA1, because Digest::SHA is included in the core distribution

  * add many cross links in documentation

  * documentation typo fixes

  * include META.json in distribution

  * convert .cvsignore to .gitignore

  * add MYMETA.json to .cvsignore

version 0.007; 2010-07-30

  * bugfix: in A::P::SaltedDigest, use "[0-9a-zA-Z_]" instead of "\w"
    in regexps where only ASCII characters are desired

  * bugfix: in A::P::BlowfishCrypt, require bugfixed version of
    Crypt::Eksblowfish (for memory leak fix)

  * bugfix: in A::P::SaltedDigest, require bugfixed version of
    Module::Runtime (for ASCII restriction of module name syntax)

  * in A::P::EggdropBlowfish, use Crypt::Eksblowfish::Uklblowfish instead
    of Crypt::Blowfish to remove limitation on passphrase length

  * abandon use of the "fields" module

  * use simpler "parent" pragma in place of "base"

  * in documentation, use the term "truth value" instead of the less
    precise "boolean"

  * in A::P documentation, add MooseX::Types::Authen::Passphrase to
    "see also" list

  * check for required Perl version at runtime

  * use full stricture in test suite

  * in Build.PL, explicitly declare configure-time requirements

  * remove bogus "exit 0" from Build.PL

  * add MYMETA.yml to .cvsignore

version 0.006; 2009-03-07

  * bugfix: in A::P::SaltedDigest, use "[0-9]" instead of "\d" in regexps
    where only ASCII digits are desired

  * bugfix: require bugfixed versions of Authen::DecHpwd,
    Crypt::Eksblowfish::Bcrypt, and Crypt::UnixCrypt_XS (for UTF8 scalar
    handling)

  * bugfix: require bugfixed version of Authen::DecHpwd (for not crashing)

  * bugfix: require bugfixed version of Module::Runtime (for $SIG{__DIE__}
    handling)

  * avoid "\x{}" in regexp character classes, for compatibility with
    perl v5.6

  * in documentation for A::P::SaltedDigest, briefly discuss the new
    generation of hash algorithms

  * test POD syntax and coverage, and rename some internal functions to
    satisfy the coverage test

  * drop prototypes from method subs (where the prototypes have no effect)

  * in tests, avoid unreliable "\S" regexp element

  * build with Module::Build instead of ExtUtils::MakeMaker

  * complete dependency list

  * more precise Crypt::Eksblowfish::Bcrypt dependency instead of
    Crypt::Eksblowfish dependency

  * include signature in distribution

  * in documentation, separate "license" section from "copyright" section

version 0.005; 2007-01-21

  * avoid "my __PACKAGE__", for compatibility with perl v5.6

  * point to Crypt::SaltedHash from documentation for A::P::SaltedDigest

  * remove bogus link to Crypt::Passwd from documentation for
    A::P::SaltedDigest

  * grammar fix in documentation for A::P::LANManager

  * punctuation fix in documentation for A::P::Crypt16

version 0.004; 2006-09-01

  * implement Eggdrop blowfish.mod algorithm in
    Authen::Passphrase::EggdropBlowfish based on the Crypt::Blowfish
    module; initially limited to passphrases up to 56 bytes

  * in A::P::VMSPurdy, change ->hash_hex method to output in uppercase,
    as used in crypt strings

  * in A::P::VMSPurdy, add a "salt_hex =>" constructor parameter and a
    ->salt_hex method, handling salt in the hexadecimal format used in
    crypt strings

  * in documentation for A::P::DESCrypt, move the security warning to
    apply to both the traditional and extended schemes

  * in documentation for A::P::MySQL323, be more explicit about storage
    format

  * documentation markup fix in A::P::BlowfishCrypt

version 0.003; 2006-08-31

  * implement VMS Purdy polynomial algorithm family (crypt identifiers
    $VMS1$, $VMS2$, and $VMS3$) in Authen::Passphrase::VMSPurdy based
    on the Authen::DecHpwd module

  * implement phpass algorithm (crypt identifier $P$) in
    Authen::Passphrase::PHPass

  * implement MySQL v3.23 algorithm in Authen::Passphrase::MySQL323
    based on the Crypt::MySQL module

  * implement MySQL v4.1 algorithm in Authen::Passphrase::MySQL41

  * in from_crypt, when handling known but unimplemented schemes, say so
    instead of not recognising the scheme identifier

  * move from_crypt and from_rfc2307 parsing code from Authen::Passphrase
    into scheme-specific modules

  * put all data stored in objects into canonical form, to avoid
    propagating dualvars or other oddities

  * document {CRYPT16}, ambiguously used by Exim

  * make {CRYPT} documentation more explicit

  * fix a bogus reference to DES in the documentation of
    A::P::BlowfishCrypt

version 0.002; 2006-08-12

  * implement LAN Manager hash scheme (RFC 2307 identifiers {LANMAN}
    and {LANM}) in Authen::Passphrase::LANManager, along with separable
    halves (crypt identifier $LM$) in Authen::Passphrase::LANManagerHalf

  * implement Netscape Mail Server's MD5-based scheme (RFC 2307 identifier
    {NS-MTA-MD5}) in Authen::Passphrase::NetscapeMail

  * implement crypt16 from Ultrix in Authen::Passphrase::Crypt16

  * implement bigcrypt from Digital Unix in Authen::Passphrase::BigCrypt

  * implement RFC 2307 scheme identifier {MD4} (plain MD4)

  * implement RFC 2307 scheme identifier {RMD160} (plain RIPEMD-160)

  * implement RFC 2307 scheme identifier {MSNT} (NT-Hash)

  * implement crypt scheme identifier $NT$ (NT-Hash with a different
    textual format from $3$)

  * implement RFC 2307 scheme identifier {WM-CRY} (synonym for {CRYPT})

  * add a "passphrase =>" constructor parameter to
    A::P::BlowfishCrypt->new, A::P::DESCrypt->new, A::P::MD5Crypt->new,
    A::P::NTHash->new, and A::P::SaltedDigest->new (such a parameter
    also exists in the new A::P::BigCrypt->new, A::P::Crypt16->new,
    A::P::LANManager->new, A::P::LANManagerHalf->new, and
    A::P::NetscapeMail->new)

  * add a "salt_random =>" constructor parameter to
    A::P::BlowfishCrypt->new, A::P::DESCrypt->new, A::P::MD5Crypt->new,
    and A::P::SaltedDigest->new (such a parameter also exists in the new
    A::P::BigCrypt->new, A::P::Crypt16->new and A::P::NetscapeMail->new)

  * in A::P::SaltedDigest, accept bare package names and related forms,
    and references to blessed objects, as algorithm identifiers

  * in the from_crypt and from_rfc2307 constructors, reject strings
    containing spaces or control characters

  * in Authen::Passphrase::MD5Crypt, refuse to put a space character
    into a crypt string

  * in Authen::Passphrase::Clear, refuse to put spaces or control
    characters into an RFC 2307 string

  * in Authen::Passphrase::MD5Crypt, check that the salt string contains
    only bytes

  * prohibit the base class from_crypt and from_rfc2307 constructors
    being called on subclasses

  * in testing Authen::Passphrase::NTHash, check case handling

  * rewrite the from_crypt constructor to use scheme identifiers as such,
    the way from_rfc2307 already does

  * in documentation for the from_crypt constructor, list all known
    scheme identifiers

  * in documentation for the from_rfc2307 constructor, list known
    pseudo-schemes (where instead of a passphrase hash there is a
    reference to some other authentication mechanism)

  * discuss resistance to brute force attacks in documentation

  * more realistic example salts in the synopsis of A::P::MD5Crypt and
    A::P::SaltedDigest

version 0.001; 2006-08-06

  * implement Blowfish-based crypt() scheme (crypt identifiers $2$
    and $2a$) in Authen::Passphrase::BlowfishCrypt, based on the new
    Crypt::Eksblowfish::Bcrypt module

  * include MIME::Base64 in dependency list in Makefile.PL

  * versioned dependencies

  * add test t/intdescrypt.t for the full DESCrypt interface

  * test full SaltedDigest interface in t/smd5.t and t/ssha.t

  * test full NTHash interface in t/nthash.t

  * use "=> 0" instead of "=> undef" in unversioned dependencies in
    Makefile.PL

  * in the Authen::Passphrase constructors, note the effects of the
    runtime loading of specific recogniser class modules

  * comment on the origins of the MD5-based and Blowfish-based crypt()
    schemes

  * corrected copyright year in README

version 0.000; 2006-05-23

  * initial released version