File: Changes

package info (click to toggle)
libauthen-scram-perl 0.011-2
  • links: PTS, VCS
  • area: main
  • in suites: bookworm, forky, sid, trixie
  • size: 244 kB
  • sloc: perl: 813; makefile: 7
file content (102 lines) | stat: -rw-r--r-- 2,611 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
 
Revision history for Authen-SCRAM

0.011     2018-06-23 22:32:32-04:00 America/New_York

    [Fixed]

    - Fixed circular reference in nonce generator closure

0.010     2018-06-13 09:47:13-04:00 America/New_York

    [Changed]

    - Removed String::Compare::ConstantTime as a dependency. This
      is a temporary measure until warnings on older Perls are
      addressed and released.

0.009     2018-03-26 15:33:59-04:00 America/New_York

    [Fixed]

    - Fixed tests for older Perls

0.008     2018-03-26 14:43:49-04:00 America/New_York

    [Fixed]

    - Correctly handles wide characters in usernames without mojibaking the
      auth signature.  Previously undetected in roundtrip tests as the
      error was symmetric between client and server.  Cross-checked via a
      test conversation generated from http://github.com/xdg/scram.

0.007     2018-01-28 00:00:56-05:00 America/New_York

    [Added]

    - Public 'computed_keys' method on the client object to get
      stored/server keys that a server needs to keep to authenticate a
      user.

    [Changed]

    - Added 'minimum_iteration_count' on clients, defaulting to 4096, to
      mitigate downgrade attacks.

    [Tests]

    - Added a SCRAM-SHA-256 test.

0.006     2017-11-22 10:45:58-05:00 America/New_York

    [Added]

    - Expensive digested password computation is cached in clients and
      reused for future authentication where salt and iteration count
      is the same.

    [Fixed]

    - Applies "stored strings" normalization when doing SASLprep,
      as required by https://tools.ietf.org/html/rfc5802#section-2.2

0.005     2014-10-15 17:30:07-04:00 America/New_York

    [Fixed]

    - Prevent test failures due to warnings in other modules
      (which we can't control)

0.004     2014-10-14 11:45:09-04:00 America/New_York

    [Fixed]

    - Fixed warnings from length() on Perls before 5.12

    [Prereqs]

    - Bumped Moo prereq to 1.001000 for non-ref default value support

0.003     2014-10-07 22:05:31-04:00 America/New_York

    [Added]

    - Added 'skip_saslprep' attribute, in case applications insist on
      deviating from RFC 5802 in this regard

0.002     2014-10-06 12:09:01-04:00 America/New_York

    [Fixed]

    - Fixed handling of character encodings for non-ASCII characters in
      usernames and passwords

    [Documented]

    - Clarified that all inputs/outputs are expected to be character
      strings and that users are responsible for UTF-8 encoding/decoding
      during transmission and reception

0.001     2014-10-04 13:25:37-04:00 America/New_York

    - First release