Hello community,
here is the log from the commit of package perl-Crypt-CBC
checked in at Thu Dec 7 21:21:27 CET 2006.
--------
--- perl-Crypt-CBC/perl-Crypt-CBC.changes 2006-09-15 19:45:53.000000000 +0200
+++ /mounts/work_src_done/STABLE/perl-Crypt-CBC/perl-Crypt-CBC.changes 2006-10-19 17:08:29.000000000 +0200
@@ -1,0 +2,9 @@
+Thu Oct 19 16:58:09 CEST 2006 - anicka@suse.cz
+
+- update to 2.21
+* Fixed bug in which new() failed to work when first option is
+ -literal_key.
+* Added ability to pass a preinitialized Crypt::* block cipher
+ object instead of the class name.
+
+-------------------------------------------------------------------
Old:
----
Crypt-CBC-2.19.tar.bz2
New:
----
Crypt-CBC-2.21.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ perl-Crypt-CBC.spec ++++++
--- /var/tmp/diff_new_pack.eagCfz/_old 2006-12-07 21:21:09.000000000 +0100
+++ /var/tmp/diff_new_pack.eagCfz/_new 2006-12-07 21:21:09.000000000 +0100
@@ -1,5 +1,5 @@
#
-# spec file for package perl-Crypt-CBC (Version 2.19)
+# spec file for package perl-Crypt-CBC (Version 2.21)
#
# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
@@ -13,8 +13,8 @@
Name: perl-Crypt-CBC
URL: http://cpan.org/modules/by-module/Crypt/
BuildRequires: perl-Crypt-Blowfish perl-Crypt-DES
-Version: 2.19
-Release: 1
+Version: 2.21
+Release: 2
Requires: perl-Crypt-Blowfish perl-Crypt-DES
Requires: perl = %{perl_version}
Autoreqprov: on
@@ -55,6 +55,12 @@
/var/adm/perl-modules/%{name}
%changelog -n perl-Crypt-CBC
+* Thu Oct 19 2006 - anicka@suse.cz
+- update to 2.21
+ * Fixed bug in which new() failed to work when first option is
+ -literal_key.
+ * Added ability to pass a preinitialized Crypt::* block cipher
+ object instead of the class name.
* Thu Sep 14 2006 - anicka@suse.cz
- update to 2.19
* Renamed Crypt::CBC-2.16-vulnerability.txt so that
++++++ Crypt-CBC-2.19.tar.bz2 -> Crypt-CBC-2.21.tar.bz2 ++++++
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Crypt-CBC-2.19/CBC.pm new/Crypt-CBC-2.21/CBC.pm
--- old/Crypt-CBC-2.19/CBC.pm 2006-08-12 21:49:12.000000000 +0200
+++ new/Crypt-CBC-2.21/CBC.pm 2006-10-17 01:26:17.000000000 +0200
@@ -4,7 +4,7 @@
use Carp;
use strict;
use vars qw($VERSION);
-$VERSION = '2.19';
+$VERSION = '2.21';
use constant RANDOM_DEVICE => '/dev/urandom';
@@ -19,7 +19,7 @@
}
# CGI style arguments
- elsif ($_[0] =~ /^-[a-zA-Z]{1,20}$/) {
+ elsif ($_[0] =~ /^-[a-zA-Z_]{1,20}$/) {
my %tmp = @_;
while ( my($key,$value) = each %tmp) {
$key =~ s/^-//;
@@ -32,10 +32,20 @@
$options->{cipher} = shift;
}
+ my $cipher_object_provided = $options->{cipher} && ref $options->{cipher};
+
# "key" is a misnomer here, because it is actually usually a passphrase that is used
# to derive the true key
my $pass = $options->{key};
- croak "Please provide an encryption/decryption passphrase or key using -key" unless defined $pass;
+
+ if ($cipher_object_provided) {
+ carp "Both a key and a pre-initialized Crypt::* object were passed. The key will be ignored"
+ if defined $pass;
+ $pass ||= '';
+ }
+ elsif (!defined $pass) {
+ croak "Please provide an encryption/decryption passphrase or key using -key"
+ }
# header mode
my %valid_modes = map {$_=>1} qw(none salt randomiv);
@@ -50,11 +60,14 @@
my $cipher = $options->{cipher};
$cipher = 'Crypt::DES' unless $cipher;
- $cipher = $cipher=~/^Crypt::/ ? $cipher : "Crypt::$cipher";
- $cipher->can('encrypt') or eval "require $cipher; 1" or croak "Couldn't load $cipher: $@";
+ my $cipherclass = ref $cipher || $cipher;
- # some crypt modules use the class Crypt::, and others don't
- $cipher =~ s/^Crypt::// unless $cipher->can('keysize');
+ unless (ref $cipher) { # munge the class name if no object passed
+ $cipher = $cipher=~/^Crypt::/ ? $cipher : "Crypt::$cipher";
+ $cipher->can('encrypt') or eval "require $cipher; 1" or croak "Couldn't load $cipher: $@";
+ # some crypt modules use the class Crypt::, and others don't
+ $cipher =~ s/^Crypt::// unless $cipher->can('keysize');
+ }
# allow user to override these values
my $ks = $options->{keysize};
@@ -68,7 +81,7 @@
# keysize (well, Crypt::Blowfish in any case). If we detect
# this, and find the blowfish module in use, then assume 56.
# Otherwise assume the least common denominator of 8.
- $ks ||= $cipher =~ /blowfish/i ? 56 : 8;
+ $ks ||= $cipherclass =~ /blowfish/i ? 56 : 8;
$bs ||= $ks;
my $pcbc = $options->{'pcbc'};
@@ -88,7 +101,7 @@
# note: iv will be autogenerated by start() if not specified in options
my $iv = $options->{iv};
my $random_iv = 1 unless defined $iv;
- croak "Initialization vector must be exactly $bs bytes long when using the $cipher cipher" if defined $iv and length($iv) != $bs;
+ croak "Initialization vector must be exactly $bs bytes long when using the $cipherclass cipher" if defined $iv and length($iv) != $bs;
my $legacy_hack = $options->{insecure_legacy_decrypt};
my $padding = $options->{padding} || 'standard';
@@ -306,9 +319,9 @@
unless $self->{key} && $self->{civ};
# now we can generate the crypt object itself
- $self->{crypt} = $self->{cipher}->new($self->{key})
- or croak "Could not create $self->{cipher} object: $@";
-
+ $self->{crypt} = ref $self->{cipher} ? $self->{cipher}
+ : $self->{cipher}->new($self->{key})
+ or croak "Could not create $self->{cipher} object: $@";
return '';
}
@@ -348,9 +361,9 @@
croak "key and/or iv are missing" unless defined $self->{key} && defined $self->{civ};
- $self->{crypt} = $self->{cipher}->new($self->{key})
- or croak "Could not create $self->{cipher} object: $@";
-
+ $self->{crypt} = ref $self->{cipher} ? $self->{cipher}
+ : $self->{cipher}->new($self->{key})
+ or croak "Could not create $self->{cipher} object: $@";
return $result;
}
@@ -587,7 +600,8 @@
-key The encryption/decryption key (required)
- -cipher The cipher algorithm (defaults to Crypt::DES)
+ -cipher The cipher algorithm (defaults to Crypt::DES), or
+ a preexisting cipher object.
-salt Enables OpenSSL-compatibility. If equal to a value
of "1" then causes a random salt to be generated
@@ -659,6 +673,14 @@
Crypt::CAST5 and Crypt::Rijndael. You may refer to them using their
full names ("Crypt::IDEA") or in abbreviated form ("IDEA").
+Instead of passing the name of a cipher class, you may pass an
+already-created block cipher object. This allows you to take advantage
+of cipher algorithms that have parameterized new() methods, such as
+Crypt::Eksblowfish:
+
+ my $eksblowfish = Crypt::Eksblowfish->new(8,$salt,$key);
+ my $cbc = Crypt::CBC->new(-cipher=>$eksblowfish);
+
The B<-key> argument provides either a passphrase to use to generate
the encryption key, or the literal value of the block cipher key. If
used in passphrase mode (which is the default), B<-key> can be any
@@ -670,6 +692,9 @@
B<-literal_key> option. In this case, you should choose a key of
length exactly equal to the cipher's key length.
+If you pass an existing Crypt::* object to new(), then the -key
+argument is ignored and the module will generate a warning.
+
The B<-header> argument specifies what type of header, if any, to
prepend to the beginning of the encrypted data stream. The header
allows Crypt::CBC to regenerate the original IV and correctly decrypt
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Crypt-CBC-2.19/Changes new/Crypt-CBC-2.21/Changes
--- old/Crypt-CBC-2.19/Changes 2006-08-12 21:49:12.000000000 +0200
+++ new/Crypt-CBC-2.21/Changes 2006-10-17 01:26:51.000000000 +0200
@@ -1,4 +1,11 @@
Revision history for Perl extension Crypt::CBC.
+2.21 Mon Oct 16 19:26:26 EDT 2006
+ - Fixed bug in which new() failed to work when first option is -literal_key.
+
+2.20 Sat Aug 12 22:30:53 EDT 2006
+ - Added ability to pass a preinitialized Crypt::* block cipher object instead of
+ the class name.
+
2.19 Tue Jul 18 18:39:57 EDT 2006
- Renamed Crypt::CBC-2.16-vulnerability.txt so that package installs correctly under
Cygwin
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Crypt-CBC-2.19/MANIFEST new/Crypt-CBC-2.21/MANIFEST
--- old/Crypt-CBC-2.19/MANIFEST 2006-08-12 21:50:00.000000000 +0200
+++ new/Crypt-CBC-2.21/MANIFEST 2006-08-13 04:32:38.000000000 +0200
@@ -4,6 +4,7 @@
META.yml Module meta-data (added by MakeMaker)
Makefile.PL
README
+README.compatibility
Crypt-CBC-2.16-vulnerability.txt
eg/aes.pl
eg/des.pl
@@ -19,4 +20,5 @@
t/func.t
t/null_data.t
t/parameters.t
+t/preexisting.t
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Crypt-CBC-2.19/META.yml new/Crypt-CBC-2.21/META.yml
--- old/Crypt-CBC-2.19/META.yml 2006-08-12 21:50:09.000000000 +0200
+++ new/Crypt-CBC-2.21/META.yml 2006-10-17 01:39:10.000000000 +0200
@@ -1,7 +1,7 @@
# http://module-build.sourceforge.net/META-spec.html
#XXXXXXX This is a prototype!!! It will change in the future!!! XXXXX#
name: Crypt-CBC
-version: 2.19
+version: 2.21
version_from: CBC.pm
installdirs: site
requires:
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Crypt-CBC-2.19/README.compatibility new/Crypt-CBC-2.21/README.compatibility
--- old/Crypt-CBC-2.19/README.compatibility 1970-01-01 01:00:00.000000000 +0100
+++ new/Crypt-CBC-2.21/README.compatibility 2006-06-07 01:15:10.000000000 +0200
@@ -0,0 +1,44 @@
+Compatibility Notes
+-------------------
+
+Crypt::CBC version 2.17 and higher contains changes designed to make
+encrypted messages more secure. In particular, Crypt::CBC now works
+correctly with ciphers that use block sizes greater than 8 bytes,
+which includes Rijndael, the basis for the AES encryption system. It
+also interoperates seamlessly with the OpenSSL library. Unfortunately,
+these changes break compatibility with messages encrypted with
+versions 2.16 and lower.
+
+To successfully decrypt messages encrypted with Crypt::CBC 2.16 and
+lower, follow these steps:
+
+1) Pass Crypt::CBC->new() the option -header=>'randomiv'. Example:
+
+ my $cbc = Crypt::CBC->new(-key => $key,
+ -cipher => 'Blowfish',
+ -header => 'randomiv');
+
+This tells Crypt::CBC to decrypt messages using the legacy "randomiv"
+style header rather than the default SSL-compatible "salt" style
+header.
+
+2) If the legacy messages were encrypted using Rijndael, also pass
+Crypt::CBC the -insecure_legacy_decrypt=>1 option:
+
+ my $cbc = Crypt::CBC->new(-key => $key,
+ -cipher => 'Rijndael',
+ -header => 'randomiv',
+ -insecure_legacy_decrypt => 1 );
+
+
+This tells Crypt::CBC to allow you to decrypt Rijndael messages that
+were incorrectly encrypted by pre-2.17 versions. It is important to
+realize that Rijndael messages encrypted by version 2.16 and lower
+*ARE NOT SECURE*. New versions of Crypt::CBC will refuse to encrypt
+Rijndael messages in a way that is backward compatible with 2.16 and
+lower.
+
+I apologize for any inconvenience this causes.
+
+Lincoln Stein
+Spring 2006
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/Crypt-CBC-2.19/t/preexisting.t new/Crypt-CBC-2.21/t/preexisting.t
--- old/Crypt-CBC-2.19/t/preexisting.t 1970-01-01 01:00:00.000000000 +0100
+++ new/Crypt-CBC-2.21/t/preexisting.t 2006-08-13 04:24:16.000000000 +0200
@@ -0,0 +1,77 @@
+#!/usr/local/bin/perl
+
+use strict;
+use lib '..','../blib/lib','.','./blib/lib';
+
+my (@mods,$cipherclass,$i,$c,$p,$test_data);
+
+@mods = qw/Eksblowfish
+ Rijndael
+ Blowfish
+ Blowfish_PP
+ IDEA
+ DES
+ /;
+
+for my $mod (@mods) {
+ if (eval "use Crypt::$mod(); 1") {
+ $cipherclass = "Crypt::$mod";
+ warn "Using $cipherclass for test\n";
+ last;
+ }
+}
+
+unless ($cipherclass) {
+ print "1..0 # Skipped: No cryptographic module suitable for testing\n";
+ exit;
+}
+
+print "1..33\n";
+
+sub test {
+ local($^W) = 0;
+ my($num, $true,$msg) = @_;
+ print($true ? "ok $num\n" : "not ok $num $msg\n");
+}
+
+$test_data = <