Hello community,
here is the log from the commit of package perl-IO-Socket-SSL for
openSUSE:Factory checked in at 2015-04-22 01:12:30
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/perl-IO-Socket-SSL (Old)
and /work/SRC/openSUSE:Factory/.perl-IO-Socket-SSL.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "perl-IO-Socket-SSL"
Changes:
--------
--- /work/SRC/openSUSE:Factory/perl-IO-Socket-SSL/perl-IO-Socket-SSL.changes
2014-07-28 06:31:03.000000000 +0200
+++
/work/SRC/openSUSE:Factory/.perl-IO-Socket-SSL.new/perl-IO-Socket-SSL.changes
2015-04-22 01:12:31.000000000 +0200
@@ -1,0 +2,100 @@
+Fri Apr 17 12:32:39 UTC 2015 - [email protected]
+
+- add DHE-RSA to the default client cipher list to support PFS with
+ older machines (bnc#924976)
+ * added perl-IO-Socket-SSL_add_DHE-RSA_to_default_client_cipher_list.patch
+- add cpanspec.yml to support automatic version updates
+ (see http://lists.opensuse.org/opensuse-packaging/2015-04/msg00084.html)
+
+-------------------------------------------------------------------
+Tue Apr 14 18:29:56 UTC 2015 - [email protected]
+
+- updated to 2.012
+ see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes
+
+ 2.012 2014/02/02
+ - fix t/ocsp.t in case no HTTP::Tiny is installed
+ 2.011 2014/02/01
+ - fix t/ocsp.t - don't count on revoked.grc.com using OCSP stapling #101855
+ - added option 'purpose' to Utils::CERT_create to get better control of the
+ certificates purpose. Default is 'server,client' for non-CA (contrary to
+ only 'server' before)
+ - removed RC4 from default cipher suites on the server site
+ https://github.com/noxxi/p5-io-socket-ssl/issues/22
+ - refactoring of some tests using Test::More thanks to Sweet-kid and the
+ 2015 Pull Request Challenge
+ 2.010 2014/01/14
+ - new options SSL_client_ca_file and SSL_client_ca to let the server send
+ the list of acceptable CAs for the client certificate.
+ - t/protocol_version.t - fix in case SSLv3 is not supported in Net::SSLeay.
+ RT#101485, thanks to TEAM.
+ 2.009 2014/01/12
+ - remove util/analyze.pl. This tool is now together with other SSL tools in
+ https://github.com/noxxi/p5-ssl-tools
+ - added ALPN support (needs OpenSSL1.02, Net::SSLeay 1.56+) thanks to TEAM,
+ RT#101452
+ 2.008 2014/12/16
+ - work around recent OCSP verification errors for revoked.grc.com (badly
signed
+ OCSP response, Firefox also complains about it) in test t/external/ocsp.t.
+ - util/analyze.pl - report more details about preferred cipher for specific
TLS
+ versions
+ 2.007 2014/11/26
+ - make getline/readline fall back to super class if class is not sslified
yet,
+ i.e. behave the same as sysread, syswrite etc.
+ This fixes RT#100529
+ 2.006 2014/11/22
+ - Make (hopefully) non-blocking work on windows by using EWOULDBLOCK instead
of
+ EAGAIN. While this is the same on UNIX it is different on Windows and
socket
+ operations return there (WSA)EWOULDBLOCK and not EAGAIN. Enable
non-blocking
+ tests on Windows too.
+ - make PublicSuffix::_default_data thread safe
+ - update PublicSuffix with latest list from publicsuffix.org
+ 2.005 2014/11/15
+ - next try to fix t/protocol_version.t for OpenSSL w/o SSLv3 support
+ 2.004 2014/11/15
+ - only test fix: fix t/protocol_version.t to deal with OpenSSL installations
+ which are compiled without SSLv3 support.
+ 2.003 2014/11/14
+ - make SSLv3 available even if the SSL library disables it by default in
+ SSL_CTX_new (like done in LibreSSL). Default will stay to disable SSLv3,
+ so this will be only done when setting SSL_version explicitly.
+ - fix possible segmentation fault when trying to use an invalid certificate,
+ reported by Nick Andrew.
+ - Use only the ICANN part of the default public suffix list and not the
+ private domains. This makes existing exceptions for s3.amazonaws.com and
+ googleapis.com obsolete. Thanks to Gervase Markham from mozilla.org.
+ 2.002 2014/10/21
+ - fix check for (invalid) IPv4 when validating hostname against certificate.
Do
+ not use inet_aton any longer because it can cause DNS lookups for malformed
+ IP. RT#99448, thanks to justincase[AT]yopmail[DOT]com.
+ - Update PublicSuffix with latest version from publicsuffix.org - lots of new
+ top level domains.
+ - Add exception to PublicSuffix for s3.amazonaws.com - RT#99702, thanks to
+ cpan[AT]cpanel[DOT]net.
+ 2.001 2014/10/21
+ - Add SSL_OP_SINGLE_(DH|ECDH)_USE to default options to increase PFS
security.
+ Thanks to Heikki Vatiainen for suggesting.
+ - Update external tests with currently expected fingerprints of hosts.
+ - Some fixes to make it still work on 5.8.1.
+ 2.000 2014/10/15
+ - consider SSL3.0 as broken because of POODLE and disable it by default.
+ - Skip live tests without asking if environment NO_NETWORK_TESTING is set.
+ Thanks to ntyni[AT]debian[DOT]org for suggestion.
+ - skip tests which require fork on non-default windows setups without proper
+ fork. Thanks to SHAY for https://github.com/noxxi/p5-io-socket-ssl/pull/18
+ 1.999 2014/10/09
+ - make sure we don't use version 0.30 of IO::Socket::IP
+ - make sure that PeerHost is checked on all places where PeerAddr is
+ checked, because these are synonyms and IO::Socket::IP prefers PeerHost
+ while others prefer PeerAddr. Also accept PeerService additionally to
+ PeerPort.
+ See https://github.com/noxxi/p5-io-socket-ssl/issues/16 for details.
+ - add ability to use client certificates and to overwrite hostname with
+ util/analyze-ssl.pl.
+ 1.998 2014/09/07
+ - make client authentication work at the server side when SNI is in by use
+ having CA path and other settings in all SSL contexts instead of only the
main
+ one. Based on code from lundstrom[DOT]jerry[AT]gmail[DOT]com,
+ https://github.com/noxxi/p5-io-socket-ssl/pull/15
+
+-------------------------------------------------------------------
Old:
----
IO-Socket-SSL-1.997.tar.gz
New:
----
IO-Socket-SSL-2.012.tar.gz
cpanspec.yml
perl-IO-Socket-SSL_add_DHE-RSA_to_default_client_cipher_list.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ perl-IO-Socket-SSL.spec ++++++
--- /var/tmp/diff_new_pack.3q56f7/_old 2015-04-22 01:12:32.000000000 +0200
+++ /var/tmp/diff_new_pack.3q56f7/_new 2015-04-22 01:12:32.000000000 +0200
@@ -1,7 +1,7 @@
#
# spec file for package perl-IO-Socket-SSL
#
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,14 +17,16 @@
Name: perl-IO-Socket-SSL
-Version: 1.997
+Version: 2.012
Release: 0
%define cpan_name IO-Socket-SSL
-Summary: Nearly transparent SSL encapsulation for IO::Socket::INET.
+Summary: Nearly transparent SSL encapsulation for IO::Socket::INET
License: Artistic-1.0 or GPL-1.0+
Group: Development/Libraries/Perl
Url: http://search.cpan.org/dist/IO-Socket-SSL/
Source:
http://www.cpan.org/authors/id/S/SU/SULLR/%{cpan_name}-%{version}.tar.gz
+Source1: cpanspec.yml
+Patch:
perl-IO-Socket-SSL_add_DHE-RSA_to_default_client_cipher_list.patch
BuildArch: noarch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: perl
@@ -76,6 +78,7 @@
%prep
%setup -q -n %{cpan_name}-%{version}
+%patch -p1
%build
%{__perl} Makefile.PL INSTALLDIRS=vendor
@@ -91,6 +94,6 @@
%files -f %{name}.files
%defattr(-,root,root,755)
-%doc BUGS Changes example README README.Win32 util
+%doc BUGS Changes example README README.Win32
%changelog
++++++ IO-Socket-SSL-1.997.tar.gz -> IO-Socket-SSL-2.012.tar.gz ++++++
++++ 7060 lines of diff (skipped)
++++++ cpanspec.yml ++++++
---
patches:
perl-IO-Socket-SSL_add_DHE-RSA_to_default_client_cipher_list.patch: -p1
++++++ perl-IO-Socket-SSL_add_DHE-RSA_to_default_client_cipher_list.patch ++++++
Index: IO-Socket-SSL-2.012/lib/IO/Socket/SSL.pm
===================================================================
--- IO-Socket-SSL-2.012.orig/lib/IO/Socket/SSL.pm 2015-02-02
08:44:32.000000000 +0100
+++ IO-Socket-SSL-2.012/lib/IO/Socket/SSL.pm 2015-04-18 11:37:15.730344825
+0200
@@ -129,6 +129,9 @@ my %DEFAULT_SSL_CLIENT_ARGS = (
DHE-DSS-AES128-SHA
DHE-DSS-AES256-SHA256
DHE-DSS-AES256-SHA
+ DHE-RSA-AES128-SHA
+ DHE-RSA-AES256-SHA256
+ DHE-RSA-AES256-SHA
AES128-SHA256
AES128-SHA
AES256-SHA256
