Subject: CVS commit: pkgsrc/security/p5-Net-SSH
From: Makoto Fujiwara
Date: 2017-04-07 02:41:59
Message id: 20170407004159.D27FAFBE4@cvs.NetBSD.org

Log Message:
Updated security/p5-Net-SSH to 2.09.01
--------------------------------------
2.09 2016.10.26
    - Fix creation of keys in ecdsa, ed25519 key classes
    - Update eg/pssh-keygen to create ecdsa, ed25519 keys
    - Handle hostkeys-00@openssh.com global requests
    - Add support for 'CheckHostIP' and 'UpdateHostKeys' config options
    - Refactor handling of '+' syntax in options
    - Key fingerprints now output sha256-base64 by default.
      (md5 can be specified with FingerprintHash config option)
    - Add id_ed25519, id_ecdsa to default identity files
    - Documentation updates in Perl.pm to reflect new functionality in 2.XX

2.08 2016.10.14
    - Use sha512 instead of md5 in Net::SSH::Perl::Cipher->new_from_key_str()
      to provide ChachaPoly with enough key material
      Tests in t/05-cipher.t should now pass on all platforms [ CPAN bug #114077 ]
    - Add AES128_CBC to cipher tests
    - Info on using features not enabled by default added to README

2.07 2016.10.13

    - Fix blowfish compilation on SunOS [CPAN bug #116323]
    - Fix bug in Packet [CPAN bug #118335]
    - Add support for '+' syntax in MACs option
    - Remove hmac-sha1 from default MACs. It can re-enabled
      by passing the option: 'MACs +hmac-sha1'

2.06 2016.10.04

    - Add support for additional fixed Diffie-Hellman 2K, 4K and 8K groups
      from OpenSSH 7.3 (draft-ietf-curdle-ssh-kex-sha2-03)
    - Kex defaults now updated to draft-ietf-curdle-ssh-kex-sha2-03
      recommendations (diffie-hellman-group-exchange-sha1 removed)
      It can re-enabled by passing the option:
      'KexAlgorithms +diffie-hellman-group-exchange-sha1'

2.05 2016.10.03

    - Add support for '+' syntax in Ciphers, KexAlgorithms, HostKeyAlgorithms
      options as in OpenSSH

2.04 2016.05.11

    - Add ECDSA key support
    - Improve extract_public() in Key.pm inspired by
      https://github.com/renormalist/Net-SSH-Perl/pull/12
      but implement comment with backwards compat with RSA/DSA datafellows
    - Fix XS from being loaded more than once (warnings from Net::SFTP)

2.03 2016.05.06

    - Fixes so that "make test" passes

2.02 2016.05.04

    - Use CryptX to further reduce module depedencies
      This eliminates the need for:
        Math::Pari
        Crypt::DH
        Crypt::RSA
        Crypt::DSA
        Crypt::DES
        Crypt::Blowfish
        MIME::Base64
    - Add support for rsa-sha2-512,rsa-sha2-256 signing with RSA keys
    - Implement HashKnownHosts, KexAlgorithms, MACs config directives
    - Add XS code for Chacha20, BSD Blowfish, Ed25519 routines
    - Properly handle and create known_hosts entries when port is specified
    - Remove obsolete ciphers, MACs, Kex from default list to duplicate
      upcoming OpenSSH behavior
    - Bug fixes

2.01 2016.02.19

    - Use CryptX to reduce module depedencies
      This eliminates the need for:
        BSD::arc4random
        Digest::MD5
        Digest::SHA
        Digest::HMAC_MD5
        Crypt::OpenSSL::AES

2.00 2015.12.07

    - Add Chacha20-Poly1305 cipher support for best security
      (Requires Crypt::OpenSSH::ChachaPoly, see README)
    - Add AES Cipher support in CTR mode (CBC mode supported in Ed25519
      keys only)
    - Add Group Exchange (RFC4523) Diffie-Hellman Key Exchange
    - Add Curve25519 (curve25519-sha256@libssh.org) Key Exchange support
      (Requires Crypt::Curve25519)
    - Add hmac-sha2-256,hmac-sha2-512 MAC support
    - Add hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com
      Encrypt-then-MAC (ETM) MAC support
    - Use BSD::arc4random for encrypted packet padding
    - Add support for Ed25519 ssh/host keys (Requires Crypt::Ed25519)
      Encrypted Ed25519 key support requires Crypt::OpenBSD::Blowfish
      (See README for info)
    - Default ciphers order is now chacha,aes,3des,blowfish,arcfour
    - Default KEX order is now Curve25519, DHGEXSHA256, DHGEXSHA1, DH14, DH1
    - Default MAC order is now hmac-sha2-512-etm@openssh.com,
      hmac-sha2-256-etm@openssh.com, sha2-512, sha2-256, sha1, md5
    - SSH Keys can now be in DOS format (no need to remove CR/LF)
    - SOCKS proxy support via sub class Net::SSH:Perl::Proxy
    - Now does not abort due to OpenSSH 6.8+ server
      SSH2_MSG_GLOBAL_REQUEST messages for host key rotation

(pkgsrc changes)
    - Adjust DEPENDS base upon above note (p5-CryptX related)

Files:
RevisionActionfile
1.22modifypkgsrc/security/p5-Net-SSH/Makefile
1.7modifypkgsrc/security/p5-Net-SSH/distinfo