File: Changes

package info (click to toggle)
libcrypt-cbc-perl 2.33-2
  • links: PTS, VCS
  • area: main
  • in suites: bullseye, buster, sid
  • size: 212 kB
  • sloc: perl: 1,356; makefile: 2
file content (182 lines) | stat: -rw-r--r-- 6,841 bytes parent folder | download | duplicates (2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
Revision history for Perl extension Crypt::CBC.
2.33    Tue Jul 30 16:02:04 EDT 2013
	- Fix minor RT bugs 83175 and 86455.

2.32    Fri Dec 14 14:20:17 EST 2012
	- Fix "Taint checks are turned on and your key is tainted" error when autogenerating salt and IV.

2.31    Tue Oct 30 07:03:40 EDT 2012
	- Fixes to regular expressions to avoid rare failures to
          correctly strip padding in decoded messages.
        - Add padding type = "none".
        - Both fixes contributed by Bas van Sisseren.

2.29	 Tue Apr 22 10:22:37 EDT 2008
	 - Fixed errors that occurred when encrypting/decrypting utf8 strings
	 in Perl's more recent than 5.8.8.

2.28	 Mon Mar 31 10:46:25 EDT 2008
	 - Fixed bug in onesandzeroes test that causes it to fail with Rijndael module
 	 is not installed.

2.27	 Fri Mar 28 10:13:32 EDT 2008
 	 - When taint mode is turned on and user is using a tainted key, explicitly check
	   tainting of key in order to avoid "cryptic" failure messages from some crypt
	   modules.

2.26	Thu Mar 20 16:41:23 EDT 2008
	- Fixed onezeropadding test, which was not reporting its test count
	  properly.

2.25	Fri Jan 11 15:26:27 EST 2008
	- Fixed failure of oneandzeroes padding when plaintext size is
	an even multiple of blocksize.
	- Added new "rijndael_compat" padding method, which is compatible
	with the oneandzeroes padding method used by Crypt::Rijndael in
	CBC mode.

2.24	Fri Sep 28 11:21:07 EDT 2007
	- Fixed failure to run under taint checks with Crypt::Rijndael
	or Crypt::OpenSSL::AES (and maybe other Crypt modules). See 
	http://rt.cpan.org/Public/Bug/Display.html?id=29646.

2.23	Fri Apr 13 14:50:21 EDT 2007
	- Added checks for other implementations of CBC which add no
	standard padding at all when cipher text is an even multiple
	of the block size.

2.22	Sun Oct 29 16:50:32 EST 2006
	- Fixed bug in which plaintext encrypted with the -literal_key
	option could not be decrypted using a new object created with
	the same -literal_key.
 	- Added documentation confirming that -literal_key must be accompanied by a 
	-header of 'none' and a manually specificied IV.

2.21	Mon Oct 16 19:26:26 EDT 2006
	- Fixed bug in which new() failed to work when first option is -literal_key.

2.20	Sat Aug 12 22:30:53 EDT 2006
	- Added ability to pass a preinitialized Crypt::* block cipher object instead of
	the class name.
        - Fixed a bug when processing -literal_key.

2.19    Tue Jul 18 18:39:57 EDT 2006
	- Renamed Crypt::CBC-2.16-vulnerability.txt so that package installs correctly under
	Cygwin

2.18   2006/06/06 23:17:04
	- added more documentation describing how to achieve compatibility with old encrypted messages

2.17    Mon Jan  9 18:22:51 EST 2006
        -IMPORTANT NOTE: Versions of this module prior to 2.17 were incorrectly
	using 8 byte IVs when generating the old-style RandomIV style header
	(as opposed to the new-style random salt header). This affects data
        encrypted using the Rijndael algorithm, which has a 16 byte blocksize,
        and is a significant security issue.

        The bug has been corrected in versions 2.17 and higher by making it
        impossible to use 16-byte block ciphers with RandomIV headers. You may
        still read legacy encrypted data by explicitly passing the 
        -insecure_legacy_decrypt option to Crypt::CBC->new().

        -The salt, iv and key are now reset before each complete encryption
         cycle. This avoids inadvertent reuse of the same salt.

        -A new -header option has been added that allows you to select
         among the various types of headers, and avoids the ambiguity
         of having multiple interacting options.

        -A new random_bytes() method provides access to /dev/urandom on
         suitably-equipped hardware.

2.16	Tue Dec  6 14:17:45 EST 2005
	- Added two new options to new():
		-keysize   => <bytes>  Force the keysize -- useful for Blowfish
		-blocksize => <bytes>  Force the blocksize -- not known to be useful

		("-keysize=>16" is necessary to decrypt OpenSSL messages encrypted with
			Blowfish)

2.15	Thu Nov 17 17:34:28 EST 2005
	- -add_header=>0 now explicitly turns off any attempt of parsing the header
		in decrypt routines.

2.14	Thu May  5 16:08:15 EDT 2005
	- RandomIV in message header overrides manually-supplied -salt, as one
	would expect it should.

2.13	Fri Apr 22 13:01:32 EDT 200
	- Added OpenSSL compatibility
	- Salt and IV generators take advantage of /dev/urandom device, if available
	- Reorganized internal structure for coding clarity
	- Added regression test for PCBC mode

2.12	Thu Jun 17 11:52:04 EDT 2004
	- quenched (again) uninitialized variable warnings

2.11	Thu Jun  3 12:07:33 EDT 2004
	-Fixed bug reported by Joshua Brown that caused certain length
	strings to not encrypt properly if ending in a "0" character.

2.10	Sat May 29 13:10:05 EDT 2004
	-Fixed Rijndael compat problems

2.09	Thu May 27 11:18:06 EDT 2004
	-Quenched uninitialized variable warnings

2.08	Wed Sep 11 08:12:49 EDT 2002
	-Bug fix from Chris Laas to fix custom padding

2.07	Thu Aug  8 14:44:52 EDT 2002
	-Bug fixes from Stephen Waters to fix space padding
	-Lots of regression tests from Stephen Waters

2.05	Tue Jun 11 22:18:04 EDT 2002
	-Makes zero-and-one padding compatible with Crypt::Rijndael::MODE_CBC.
	-Lots of improvements to padding mechanisms from Stephen Waters

2.04	Tue Jun 11 22:18:04 EDT 2002
	WITHDRAWN VERSION DO NOT USE

2.03	Mon Feb  4 15:41:51 EST 2002
	-Patch from Andy Turner <turner@mikomi.org> to allow backward
	compatibility with old versions when key length exceeded max.

2.02	Thu Jan 24 00:15:52 EST 2002
	- Default to pre-2.00 style padding, because Jody's default padding
		method was not binary safe.

2.01	Mon Dec 10 12:11:35 EST 2001
	- Removed debugging code.

2.00	Tue Oct 31, 2000
	- Patches for foreign program compatibility, initialization vectors
		and padding methods from Jody Biggs <jody.biggs@paymybills.com>

1.25    Thu Jun  8 11:56:28 EDT 2000
	- Bug fix didn't get into version 1.24.  Is in version 1.25

1.24    Tue Jun  6 17:35:18 EDT 2000
	- Fixed a bug that prevented a DES and an IDEA object from being
		used simultaneously.

1.22	Wed Jan 26 19:07:30 EST 2000
	- Added support for Crypt::Blowfish (available from www.cryptix.org)
	- Fixed failure to encrypt data files < 8 bytes
	- Fixed -w warning when decrypting data files < 8 bytes
	
1.21	Mon Nov 29 17:11:17 EST 1999
	- Generate random initialization vector.
	- Use same encryption format as Ben Laurie's patches to OpenSSL (versions >= 0.9.5)

1.20  Sun Dec 20 3:58:01 1998 MET
	- Folded in bug fixes from Devin Carraway <aqua@sonic.net>
	(chiefly having to do with finish() being called with a
	zero-length buffer).

1.10  Thu Sep 11 09:15:01 1998
	- Changed package name to Crypt::CBC

1.00  Tue Jun 16 07:37:35 1998
	- original version; created by h2xs 1.18