commit perl-Crypt-CBC for openSUSE:Factory
Hello community, here is the log from the commit of package perl-Crypt-CBC for openSUSE:Factory checked in at 2013-06-05 17:50:39 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/perl-Crypt-CBC (Old) and /work/SRC/openSUSE:Factory/.perl-Crypt-CBC.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "perl-Crypt-CBC" Changes: -------- --- /work/SRC/openSUSE:Factory/perl-Crypt-CBC/perl-Crypt-CBC.changes 2011-11-21 12:38:01.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.perl-Crypt-CBC.new/perl-Crypt-CBC.changes 2013-06-05 17:50:40.000000000 +0200 @@ -1,0 +2,10 @@ +Mon Jun 3 15:59:58 UTC 2013 - coolo@suse.com + +- updated to 2.32 + - Fixes "Taint checks are turned on and your key is tainted" error when autogenerating salt and IV. + - Fixes to regular expressions to avoid rare failures to + correctly strip padding in decoded messages. + - Add padding type = "none". + - Both fixes contributed by Bas van Sisseren. + +------------------------------------------------------------------- Old: ---- Crypt-CBC-2.30.tar.gz New: ---- Crypt-CBC-2.32.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ perl-Crypt-CBC.spec ++++++ --- /var/tmp/diff_new_pack.pixqaJ/_old 2013-06-05 17:50:40.000000000 +0200 +++ /var/tmp/diff_new_pack.pixqaJ/_new 2013-06-05 17:50:40.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package perl-Crypt-CBC # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,44 +15,22 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -# norootforbuild - -%bcond_with opt Name: perl-Crypt-CBC +Version: 2.32 +Release: 0 %define cpan_name Crypt-CBC Summary: Encrypt Data with Cipher Block Chaining Mode -Version: 2.30 -Release: 18 -License: Artistic-1.0 +License: GPL-1.0+ or Artistic-1.0 Group: Development/Libraries/Perl Url: http://search.cpan.org/dist/Crypt-CBC/ -#Source: http://www.cpan.org/authors/id/L/LD/LDS/Crypt-CBC-2.30.tar.gz -Source: %{cpan_name}-%{version}.tar.gz +Source: http://www.cpan.org/authors/id/L/LD/LDS/%{cpan_name}-%{version}.tar.gz BuildArch: noarch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: perl BuildRequires: perl-macros -%if %{with opt} -BuildRequires: perl(Crypt::Blowfish) -#BuildRequires: perl(Crypt::Blowfish_PP) -BuildRequires: perl(Crypt::CAST5) -BuildRequires: perl(Crypt::DES) -BuildRequires: perl(Crypt::DES_EDE3) -BuildRequires: perl(Crypt::IDEA) -%endif -BuildRequires: perl(Crypt::Rijndael) -BuildRequires: perl(Digest::MD5) >= 2.00 -Requires: perl(Digest::MD5) >= 2.00 -%if 0%{?suse_version} > 1010 -Recommends: perl(Crypt::Blowfish) -#Recommends: perl(Crypt::Blowfish_PP) -Recommends: perl(Crypt::CAST5) -Recommends: perl(Crypt::DES) -Recommends: perl(Crypt::DES_EDE3) -Recommends: perl(Crypt::IDEA) -Recommends: perl(Crypt::Rijndael) -%endif +#BuildRequires: perl(Crypt::CBC) +#BuildRequires: perl(Crypt::IDEA) %{perl_requires} %description @@ -62,6 +40,14 @@ encrypted messages are compatible with the encryption format used by the *OpenSSL* package. +To use this module, you will first create a Crypt::CBC cipher object with +new(). At the time of cipher creation, you specify an encryption key to use +and, optionally, a block encryption algorithm. You will then call the +start() method to initialize the encryption or decryption process, crypt() +to encrypt or decrypt one or more blocks of data, and lastly finish(), to +pad and encrypt the final block. For your convenience, you can call the +encrypt() and decrypt() methods to operate on a whole data value at once. + %prep %setup -q -n %{cpan_name}-%{version} @@ -77,11 +63,8 @@ %perl_process_packlist %perl_gen_filelist -%clean -%{__rm} -rf %{buildroot} - %files -f %{name}.files %defattr(-,root,root,755) -%doc Changes README +%doc Changes Crypt-CBC-2.16-vulnerability.txt README %changelog ++++++ Crypt-CBC-2.30.tar.gz -> Crypt-CBC-2.32.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Crypt-CBC-2.30/CBC.pm new/Crypt-CBC-2.32/CBC.pm --- old/Crypt-CBC-2.30/CBC.pm 2008-09-30 17:11:49.000000000 +0200 +++ new/Crypt-CBC-2.32/CBC.pm 2012-12-14 20:18:00.000000000 +0100 @@ -5,7 +5,7 @@ use strict; use bytes; use vars qw($VERSION); -$VERSION = '2.30'; +$VERSION = '2.32'; use constant RANDOM_DEVICE => '/dev/urandom'; @@ -117,7 +117,8 @@ unless ($rbs == $bs); } } else { - $padding = $padding eq 'null' ? \&_null_padding + $padding = $padding eq 'none' ? \&_no_padding + :$padding eq 'null' ? \&_null_padding :$padding eq 'space' ? \&_space_padding :$padding eq 'oneandzeroes' ? \&_oneandzeroes_padding :$padding eq 'rijndael_compat'? \&_rijndael_compat @@ -228,6 +229,10 @@ my $bs = $self->{'blocksize'}; + croak "When using no padding, plaintext size must be a multiple of $bs" + if $self->{'padding'} eq \&_no_padding + and length($data) % $bs; + croak "When using rijndael_compat padding, plaintext size must be a multiple of $bs" if $self->{'padding'} eq \&_rijndael_compat and length($data) % $bs; @@ -389,6 +394,7 @@ my $has_scalar_util = eval "require Scalar::Util; 1"; my $tainted; + if ($has_scalar_util) { $tainted = Scalar::Util::tainted($key); } else { @@ -455,7 +461,8 @@ $result = pack("C*",map {rand(256)} 1..$length); } # Clear taint and check length - $result =~ /^(.{$length})$/s or croak "Invalid length while gathering $length randim bytes"; + $result =~ /^(.+)$/s; + length($1) == $length or croak "Invalid length while gathering $length random bytes"; return $1; } @@ -481,18 +488,23 @@ return unless length $b; $b = length $b ? $b : ''; if ($decrypt eq 'd') { - $b=~ s/ *$//s; + $b=~ s/ *\z//s; return $b; } return $b . pack("C*", (32) x ($bs - length($b) % $bs)); } +sub _no_padding ($$$) { + my ($b,$bs,$decrypt) = @_; + return $b; +} + sub _null_padding ($$$) { my ($b,$bs,$decrypt) = @_; return unless length $b; $b = length $b ? $b : ''; if ($decrypt eq 'd') { - $b=~ s/\0*$//s; + $b=~ s/\0*\z//s; return $b; } return $b . pack("C*", (0) x ($bs - length($b) % $bs)); @@ -502,9 +514,8 @@ my ($b,$bs,$decrypt) = @_; $b = length $b ? $b : ''; if ($decrypt eq 'd') { - my $hex = unpack("H*", $b); - $hex =~ s/80*$//s; - return pack("H*", $hex); + $b=~ s/\x80\0*\z//s; + return $b; } return $b . pack("C*", 128, (0) x ($bs - length($b) % $bs - 1) ); } @@ -513,9 +524,8 @@ my ($b,$bs,$decrypt) = @_; return unless length $b; if ($decrypt eq 'd') { - my $hex = unpack("H*", $b); - $hex =~ s/80*$//s; - return pack("H*", $hex); + $b=~ s/\x80\0*\z//s; + return $b; } return $b . pack("C*", 128, (0) x ($bs - length($b) % $bs - 1) ); } @@ -672,7 +682,7 @@ -padding The padding method, one of "standard" (default), "space", "oneandzeroes", "rijndael_compat", - or "null" (default "standard"). + "null", or "none" (default "standard"). -literal_key If true, the key provided by "key" is used directly for encryption/decryption. Otherwise the actual @@ -968,7 +978,7 @@ When the last block of plaintext is shorter than the block size, it must be padded. Padding methods include: "standard" (i.e., PKCS#5), -"oneandzeroes", "space", "rijndael_compat" and "null". +"oneandzeroes", "space", "rijndael_compat", "null", and "none". standard: (default) Binary safe pads with the number of bytes that should be truncated. So, if @@ -996,6 +1006,10 @@ space: text only same as "null", but with "20". + none: + no padding added. Useful for special-purpose applications where + you wish to add custom padding to the message. + Both the standard and oneandzeroes paddings are binary safe. The space and null paddings are recommended only for text data. Which type of padding you use depends on whether you wish to communicate diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Crypt-CBC-2.30/Changes new/Crypt-CBC-2.32/Changes --- old/Crypt-CBC-2.30/Changes 2008-04-22 16:23:13.000000000 +0200 +++ new/Crypt-CBC-2.32/Changes 2012-12-14 20:20:24.000000000 +0100 @@ -1,4 +1,13 @@ Revision history for Perl extension Crypt::CBC. +2.32 Fri Dec 14 14:20:17 EST 2012 + - Fixes "Taint checks are turned on and your key is tainted" error when autogenerating salt and IV. + +2.31 Tue Oct 30 07:03:40 EDT 2012 + - Fixes to regular expressions to avoid rare failures to + correctly strip padding in decoded messages. + - Add padding type = "none". + - Both fixes contributed by Bas van Sisseren. + 2.29 Tue Apr 22 10:22:37 EDT 2008 - Fixed errors that occurred when encrypting/decrypting utf8 strings in Perl's more recent than 5.8.8. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Crypt-CBC-2.30/MANIFEST new/Crypt-CBC-2.32/MANIFEST --- old/Crypt-CBC-2.30/MANIFEST 2008-03-28 15:16:08.000000000 +0100 +++ new/Crypt-CBC-2.32/MANIFEST 2012-12-14 20:25:16.000000000 +0100 @@ -22,3 +22,4 @@ t/parameters.t t/preexisting.t +META.json Module JSON meta-data (added by MakeMaker) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Crypt-CBC-2.30/META.json new/Crypt-CBC-2.32/META.json --- old/Crypt-CBC-2.30/META.json 1970-01-01 01:00:00.000000000 +0100 +++ new/Crypt-CBC-2.32/META.json 2012-12-14 20:25:16.000000000 +0100 @@ -0,0 +1,41 @@ +{ + "abstract" : "unknown", + "author" : [ + "unknown" + ], + "dynamic_config" : 1, + "generated_by" : "ExtUtils::MakeMaker version 6.62, CPAN::Meta::Converter version 2.112150", + "license" : [ + "unknown" + ], + "meta-spec" : { + "url" : "http://search.cpan.org/perldoc?CPAN::Meta::Spec", + "version" : "2" + }, + "name" : "Crypt-CBC", + "no_index" : { + "directory" : [ + "t", + "inc" + ] + }, + "prereqs" : { + "build" : { + "requires" : { + "ExtUtils::MakeMaker" : 0 + } + }, + "configure" : { + "requires" : { + "ExtUtils::MakeMaker" : 0 + } + }, + "runtime" : { + "requires" : { + "Digest::MD5" : "2.00" + } + } + }, + "release_status" : "stable", + "version" : "2.32" +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Crypt-CBC-2.30/META.yml new/Crypt-CBC-2.32/META.yml --- old/Crypt-CBC-2.30/META.yml 2008-09-30 17:16:22.000000000 +0200 +++ new/Crypt-CBC-2.32/META.yml 2012-12-14 20:25:16.000000000 +0100 @@ -1,13 +1,22 @@ ---- #YAML:1.0 -name: Crypt-CBC -version: 2.30 -abstract: ~ -license: ~ -author: ~ -generated_by: ExtUtils::MakeMaker version 6.44 -distribution_type: module -requires: - Digest::MD5: 2.00 +--- +abstract: unknown +author: + - unknown +build_requires: + ExtUtils::MakeMaker: 0 +configure_requires: + ExtUtils::MakeMaker: 0 +dynamic_config: 1 +generated_by: 'ExtUtils::MakeMaker version 6.62, CPAN::Meta::Converter version 2.112150' +license: unknown meta-spec: - url: http://module-build.sourceforge.net/META-spec-v1.3.html - version: 1.3 + url: http://module-build.sourceforge.net/META-spec-v1.4.html + version: 1.4 +name: Crypt-CBC +no_index: + directory: + - t + - inc +requires: + Digest::MD5: 2.00 +version: 2.32 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Crypt-CBC-2.30/t/Blowfish.t new/Crypt-CBC-2.32/t/Blowfish.t --- old/Crypt-CBC-2.30/t/Blowfish.t 2005-04-22 19:35:56.000000000 +0200 +++ new/Crypt-CBC-2.32/t/Blowfish.t 2012-12-14 20:18:49.000000000 +0100 @@ -1,4 +1,4 @@ -#!/usr/local/bin/perl +#!/usr/local/bin/perl -Tw use lib '..','../blib/lib','.','./blib/lib'; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Crypt-CBC-2.30/t/Blowfish_PP.t new/Crypt-CBC-2.32/t/Blowfish_PP.t --- old/Crypt-CBC-2.30/t/Blowfish_PP.t 2004-06-03 18:08:29.000000000 +0200 +++ new/Crypt-CBC-2.32/t/Blowfish_PP.t 2012-12-14 20:18:45.000000000 +0100 @@ -1,4 +1,4 @@ -#!/usr/local/bin/perl +#!/usr/local/bin/perl -Tw use lib '..','../blib/lib','.','./blib/lib'; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Crypt-CBC-2.30/t/CAST5.t new/Crypt-CBC-2.32/t/CAST5.t --- old/Crypt-CBC-2.30/t/CAST5.t 2004-08-18 00:34:50.000000000 +0200 +++ new/Crypt-CBC-2.32/t/CAST5.t 2012-12-14 20:18:53.000000000 +0100 @@ -1,4 +1,4 @@ -#!/usr/local/bin/perl +#!/usr/local/bin/perl -Tw use lib '..','../blib/lib','.','./blib/lib'; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Crypt-CBC-2.30/t/DES.t new/Crypt-CBC-2.32/t/DES.t --- old/Crypt-CBC-2.30/t/DES.t 2004-06-03 18:08:29.000000000 +0200 +++ new/Crypt-CBC-2.32/t/DES.t 2012-12-14 20:18:57.000000000 +0100 @@ -1,4 +1,4 @@ -#!/usr/local/bin/perl +#!/usr/local/bin/perl -Tw use lib '..','../blib/lib','.','./blib/lib'; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Crypt-CBC-2.30/t/IDEA.t new/Crypt-CBC-2.32/t/IDEA.t --- old/Crypt-CBC-2.30/t/IDEA.t 2004-06-03 18:08:29.000000000 +0200 +++ new/Crypt-CBC-2.32/t/IDEA.t 2012-12-14 20:19:04.000000000 +0100 @@ -1,4 +1,4 @@ -#!/usr/local/bin/perl +#!/usr/local/bin/perl -Tw use lib '..','../blib/lib','.','./blib/lib'; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Crypt-CBC-2.30/t/PCBC.t new/Crypt-CBC-2.32/t/PCBC.t --- old/Crypt-CBC-2.30/t/PCBC.t 2006-01-10 00:47:11.000000000 +0100 +++ new/Crypt-CBC-2.32/t/PCBC.t 2012-12-14 20:19:20.000000000 +0100 @@ -1,4 +1,4 @@ -#!/usr/local/bin/perl +#!/usr/local/bin/perl -Tw use lib '..','../blib/lib','.','./blib/lib'; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Crypt-CBC-2.30/t/Rijndael.t new/Crypt-CBC-2.32/t/Rijndael.t --- old/Crypt-CBC-2.30/t/Rijndael.t 2004-06-03 18:08:29.000000000 +0200 +++ new/Crypt-CBC-2.32/t/Rijndael.t 2012-12-14 20:19:31.000000000 +0100 @@ -1,4 +1,4 @@ -#!/usr/local/bin/perl +#!/usr/local/bin/perl -Tw use lib '..','../blib/lib','.','./blib/lib'; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Crypt-CBC-2.30/t/Rijndael_compat.t new/Crypt-CBC-2.32/t/Rijndael_compat.t --- old/Crypt-CBC-2.30/t/Rijndael_compat.t 2008-01-11 21:12:26.000000000 +0100 +++ new/Crypt-CBC-2.32/t/Rijndael_compat.t 2012-12-14 20:19:27.000000000 +0100 @@ -1,4 +1,4 @@ -#!/usr/local/bin/perl +#!/usr/local/bin/perl -Tw use strict; use lib '..','../blib/lib','.','./blib/lib'; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Crypt-CBC-2.30/t/func.t new/Crypt-CBC-2.32/t/func.t --- old/Crypt-CBC-2.30/t/func.t 2006-01-10 00:47:11.000000000 +0100 +++ new/Crypt-CBC-2.32/t/func.t 2012-12-14 20:19:00.000000000 +0100 @@ -1,4 +1,4 @@ -#!/usr/local/bin/perl +#!/usr/local/bin/perl -Tw use strict; use lib '..','../blib/lib','.','./blib/lib'; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Crypt-CBC-2.30/t/null_data.t new/Crypt-CBC-2.32/t/null_data.t --- old/Crypt-CBC-2.30/t/null_data.t 2008-01-11 21:15:37.000000000 +0100 +++ new/Crypt-CBC-2.32/t/null_data.t 2012-12-14 20:19:07.000000000 +0100 @@ -1,4 +1,4 @@ -#!/usr/bin/perl -w +#!/usr/bin/perl -Tw use strict; use lib '..','../blib/lib','.','./blib/lib'; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Crypt-CBC-2.30/t/onezeropadding.t new/Crypt-CBC-2.32/t/onezeropadding.t --- old/Crypt-CBC-2.30/t/onezeropadding.t 2008-03-31 16:45:58.000000000 +0200 +++ new/Crypt-CBC-2.32/t/onezeropadding.t 2012-12-14 20:14:41.000000000 +0100 @@ -1,4 +1,4 @@ -#!/usr/local/bin/perl +#!/usr/local/bin/perl -Tw use lib '..','../blib/lib','.','./blib/lib'; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Crypt-CBC-2.30/t/parameters.t new/Crypt-CBC-2.32/t/parameters.t --- old/Crypt-CBC-2.30/t/parameters.t 2006-10-29 22:54:12.000000000 +0100 +++ new/Crypt-CBC-2.32/t/parameters.t 2012-12-14 20:19:15.000000000 +0100 @@ -1,4 +1,4 @@ -#!/usr/bin/perl -w +#!/usr/bin/perl -Tw use strict; use lib '..','../blib/lib','.','./blib/lib'; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Crypt-CBC-2.30/t/preexisting.t new/Crypt-CBC-2.32/t/preexisting.t --- old/Crypt-CBC-2.30/t/preexisting.t 2008-09-30 17:14:29.000000000 +0200 +++ new/Crypt-CBC-2.32/t/preexisting.t 2012-12-14 20:19:23.000000000 +0100 @@ -1,4 +1,4 @@ -#!/usr/local/bin/perl +#!/usr/local/bin/perl -Tw use strict; use lib '..','../blib/lib','.','./blib/lib'; -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org
participants (1)
-
root@hilbert.suse.de