Hello community,
here is the log from the commit of package perl-IO-Socket-SSL for
openSUSE:Factory checked in at 2015-06-12 20:27:49
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/perl-IO-Socket-SSL (Old)
and /work/SRC/openSUSE:Factory/.perl-IO-Socket-SSL.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "perl-IO-Socket-SSL"
Changes:
--------
--- /work/SRC/openSUSE:Factory/perl-IO-Socket-SSL/perl-IO-Socket-SSL.changes
2015-05-16 07:13:04.000000000 +0200
+++
/work/SRC/openSUSE:Factory/.perl-IO-Socket-SSL.new/perl-IO-Socket-SSL.changes
2015-06-12 20:27:51.000000000 +0200
@@ -1,0 +2,6 @@
+Sun Jun 7 08:37:21 UTC 2015 - [email protected]
+
+- updated to 2.016
+ see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes
+
+-------------------------------------------------------------------
Old:
----
IO-Socket-SSL-2.015.tar.gz
New:
----
IO-Socket-SSL-2.016.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ perl-IO-Socket-SSL.spec ++++++
--- /var/tmp/diff_new_pack.Xh8GkZ/_old 2015-06-12 20:27:52.000000000 +0200
+++ /var/tmp/diff_new_pack.Xh8GkZ/_new 2015-06-12 20:27:52.000000000 +0200
@@ -17,7 +17,7 @@
Name: perl-IO-Socket-SSL
-Version: 2.015
+Version: 2.016
Release: 0
%define cpan_name IO-Socket-SSL
Summary: Nearly transparent SSL encapsulation for IO::Socket::INET
++++++ IO-Socket-SSL-2.015.tar.gz -> IO-Socket-SSL-2.016.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/IO-Socket-SSL-2.015/Changes
new/IO-Socket-SSL-2.016/Changes
--- old/IO-Socket-SSL-2.015/Changes 2015-05-13 22:40:15.000000000 +0200
+++ new/IO-Socket-SSL-2.016/Changes 2015-06-02 22:39:42.000000000 +0200
@@ -1,4 +1,11 @@
-2.014 2015/05/13
+2.016 2015/06/02
+- add flag X509_V_FLAG_TRUSTED_FIRST by default if available in OpenSSL
+ (since 1.02) and available with Net::SSLeay. RT#104759 (thanks GAAS)
+- work around hanging prompt() with older perl in Makefile.PL RT#104731
+- make t/memleak_bad_handshake.t work on cygwin and other systems having
+ /proc/pid/statm, see RT#104659
+- add better debugging based on patch from H.Merijn Brand
+2.015 2015/05/13
- work around problem with IO::Socket::INET6 on windows, by explicitly using
Domain AF_INET in the tests.
Fixes RT#104226 reported by CHORNY
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/IO-Socket-SSL-2.015/META.json
new/IO-Socket-SSL-2.016/META.json
--- old/IO-Socket-SSL-2.015/META.json 2015-05-13 22:43:17.000000000 +0200
+++ new/IO-Socket-SSL-2.016/META.json 2015-06-02 22:39:52.000000000 +0200
@@ -4,7 +4,7 @@
"Steffen Ullrich <[email protected]>, Peter Behroozi, Marko Asplund"
],
"dynamic_config" : 1,
- "generated_by" : "ExtUtils::MakeMaker version 6.98, CPAN::Meta::Converter
version 2.140640",
+ "generated_by" : "ExtUtils::MakeMaker version 6.66, CPAN::Meta::Converter
version 2.120921",
"license" : [
"perl_5"
],
@@ -50,5 +50,5 @@
"url" : "https://github.com/noxxi/p5-io-socket-ssl";
}
},
- "version" : "2.015"
+ "version" : "2.016"
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/IO-Socket-SSL-2.015/META.yml
new/IO-Socket-SSL-2.016/META.yml
--- old/IO-Socket-SSL-2.015/META.yml 2015-05-13 22:43:17.000000000 +0200
+++ new/IO-Socket-SSL-2.016/META.yml 2015-06-02 22:39:52.000000000 +0200
@@ -3,26 +3,26 @@
author:
- 'Steffen Ullrich <[email protected]>, Peter Behroozi, Marko Asplund'
build_requires:
- ExtUtils::MakeMaker: '0'
+ ExtUtils::MakeMaker: 0
configure_requires:
- ExtUtils::MakeMaker: '0'
+ ExtUtils::MakeMaker: 0
dynamic_config: 1
-generated_by: 'ExtUtils::MakeMaker version 6.98, CPAN::Meta::Converter version
2.140640'
+generated_by: 'ExtUtils::MakeMaker version 6.66, CPAN::Meta::Converter version
2.120921'
license: perl
meta-spec:
url: http://module-build.sourceforge.net/META-spec-v1.4.html
- version: '1.4'
+ version: 1.4
name: IO-Socket-SSL
no_index:
directory:
- t
- inc
requires:
- Net::SSLeay: '1.46'
- Scalar::Util: '0'
+ Net::SSLeay: 1.46
+ Scalar::Util: 0
resources:
bugtracker: https://rt.cpan.org/Dist/Display.html?Queue=IO-Socket-SSL
homepage: https://github.com/noxxi/p5-io-socket-ssl
license: http://dev.perl.org/licenses/
repository: https://github.com/noxxi/p5-io-socket-ssl
-version: '2.015'
+version: 2.016
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/IO-Socket-SSL-2.015/Makefile.PL
new/IO-Socket-SSL-2.016/Makefile.PL
--- old/IO-Socket-SSL-2.015/Makefile.PL 2015-05-01 17:13:11.000000000 +0200
+++ new/IO-Socket-SSL-2.016/Makefile.PL 2015-05-28 09:04:12.000000000 +0200
@@ -13,6 +13,23 @@
$| = 1;
+my $yesno = sub {
+ my ($msg,$default) = @_;
+ return $default if defined $default && $ENV{PERL_MM_USE_DEFAULT};
+ # Taken from ExtUtils::MakeMaker 6.16 (Michael Schwern) so that
+ # the prompt() function can be emulated for older versions of
ExtUtils::MakeMaker.
+ while ( -t STDIN && (-t STDOUT || !(-f STDOUT || -c STDOUT))) {
+ print "$msg ";
+ my $choice = <STDIN>;
+ $choice =~s{\s+$}{};
+ $choice ||= $default;
+ next if $choice !~m{^\s*([yn])}i;
+ return lc($1);
+ }
+
+ return $default;
+};
+
{
# issue warning, if Net::SSLeay cannot find random generator
# redefine __WARN__ only locally to allow detection of failures
@@ -26,16 +43,8 @@
print "to fail. Please see the README file for more information.\n";
print "the message from Net::SSLeay was: $warning\n";
- # Taken from ExtUtils::MakeMaker 6.16 (Michael Schwern) so that
- # the prompt() function can be emulated for older versions of
ExtUtils::MakeMaker.
- my $isa_tty = -t STDIN && (-t STDOUT || !(-f STDOUT || -c STDOUT));
-
- if ($isa_tty) {
- print "Do you REALLY want to continue? [Default: no] ";
- die "User cancelled install!\n" if (<STDIN> !~ /^y(?:es)?$/);
- } else {
- die "Install cancelled.\n";
- }
+ $yesno->("Do you REALLY want to continue? y/[N]","n") eq 'y'
+ or die "Install cancelled.\n";
};
if (! defined $ENV{SKIP_RNG_TEST}) {
@@ -109,11 +118,10 @@
}
my $xt = $ENV{NO_NETWORK_TESTING} && 'n';
-$xt ||= prompt( "Should I do external tests?\n".
+$xt ||= $yesno->( "Should I do external tests?\n".
"These test will detect if there are network problems and fail soft,\n".
"so please disable them only if you definitely don't want to have any\n".
- "network traffic to external sites. ".
- "[Y/n]", 'y' );
+ "network traffic to external sites. [Y/n]", 'y' );
# See lib/ExtUtils/MakeMaker.pm for details of how to influence
@@ -131,7 +139,7 @@
! %usable_ca ? ( 'Mozilla::CA' => 0 ):(),
},
'dist' => { COMPRESS => 'gzip', SUFFIX => 'gz', },
- $xt =~m{^y}i ? ( test => { TESTS => 't/*.t t/external/*.t' }):(),
+ $xt eq 'y' ? ( test => { TESTS => 't/*.t t/external/*.t' }):(),
$ExtUtils::MakeMaker::VERSION >= 6.46 ? (
'META_MERGE' => {
resources => {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/IO-Socket-SSL-2.015/lib/IO/Socket/SSL.pm
new/IO-Socket-SSL-2.016/lib/IO/Socket/SSL.pm
--- old/IO-Socket-SSL-2.015/lib/IO/Socket/SSL.pm 2015-05-13
22:37:34.000000000 +0200
+++ new/IO-Socket-SSL-2.016/lib/IO/Socket/SSL.pm 2015-06-02
22:39:08.000000000 +0200
@@ -13,7 +13,7 @@
package IO::Socket::SSL;
-our $VERSION = '2.015';
+our $VERSION = '2.016';
use IO::Socket;
use Net::SSLeay 1.46;
@@ -230,6 +230,10 @@
};
}
+# Try to work around problems with alternative trust path by default, RT#104759
+my $DEFAULT_X509_STORE_flags = 0;
+eval { $DEFAULT_X509_STORE_flags |= Net::SSLeay::X509_V_FLAG_TRUSTED_FIRST() };
+
our $DEBUG;
use vars qw(@ISA $SSL_ERROR @EXPORT);
@@ -256,6 +260,7 @@
my @caller_force_inet4; # in case inet4 gets forced we store here who forced it
my $IOCLASS;
+my $family_key; # 'Domain'||'Family'
BEGIN {
# declare @ISA depending of the installed socket class
@@ -275,6 +280,7 @@
};
# try IO::Socket::IP or IO::Socket::INET6 for IPv6 support
+ $family_key = 'Domain'; # traditional
if ( $ip6 ) {
# if we have IO::Socket::IP >= 0.31 we will use this in preference
# because it can handle both IPv4 and IPv6
@@ -284,6 +290,7 @@
}) {
@ISA = qw(IO::Socket::IP);
constant->import( CAN_IPV6 => "IO::Socket::IP" );
+ $family_key = 'Family';
$IOCLASS = "IO::Socket::IP";
# if we have IO::Socket::INET6 we will use this not IO::Socket::INET
@@ -315,7 +322,12 @@
sub DEBUG {
$DEBUG or return;
- my (undef,$file,$line) = caller;
+ my (undef,$file,$line,$sub) = caller(1);
+ if ($sub =~m{^IO::Socket::SSL::(?:error|(_internal_error))$}) {
+ (undef,$file,$line) = caller(2) if $1;
+ } else {
+ (undef,$file,$line) = caller;
+ }
my $msg = shift;
$file = '...'.substr( $file,-17 ) if length($file)>20;
$msg = sprintf $msg,@_ if @_;
@@ -419,7 +431,7 @@
@ISA = ( CAN_IPV6 );
warn "IPv6 support re-enabled in __PACKAGE__, got disabled
in file $caller_force_inet4[1] line $caller_force_inet4[2]";
} else {
- die "INET6 is not supported, install IO::Socket::INET6";
+ die "INET6 is not supported, install IO::Socket::IP";
}
}
} elsif ( /^:?debug(\d+)/ ) {
@@ -468,6 +480,7 @@
$self->configure_SSL($arg_hash) || return;
+ $arg_hash->{$family_key} ||= $arg_hash->{Domain} || $arg_hash->{Family};
return $self->_internal_error("@ISA configuration failed",0)
if ! $self->SUPER::configure($arg_hash);
@@ -668,12 +681,12 @@
my $start = defined($timeout) && time();
{
- #DEBUG( 'calling ssleay::connect' );
$SSL_ERROR = undef;
$CURRENT_SSL_OBJECT = $self;
+ $DEBUG>=3 && DEBUG("call Net::SSLeay::connect" );
my $rv = Net::SSLeay::connect($ssl);
$CURRENT_SSL_OBJECT = undef;
- $DEBUG>=3 && DEBUG("Net::SSLeay::connect -> $rv" );
+ $DEBUG>=3 && DEBUG("done Net::SSLeay::connect -> $rv" );
if ( $rv < 0 ) {
if ( my $err = $self->_skip_rw_error( $ssl,$rv )) {
$self->error("SSL connect attempt failed");
@@ -826,7 +839,7 @@
};
$DEBUG>=2 && DEBUG('will not start SSL handshake yet');
return wantarray ? ($socket, getpeername($socket) ) : $socket
- };
+ }
}
$self->accept_SSL($socket) || return;
@@ -1160,7 +1173,7 @@
$buf .= $pb
} else {
return $buf eq '' ? ():$buf;
- };
+ }
if ( !$eod ) {
my $pos = index( $buf,$delim0 );
if ( $pos<0 ) {
@@ -2311,11 +2324,9 @@
}
}
+ my $X509_STORE_flags = $DEFAULT_X509_STORE_flags;
if ($arg_hash->{'SSL_check_crl'}) {
- Net::SSLeay::X509_STORE_set_flags(
- Net::SSLeay::CTX_get_cert_store($ctx),
- Net::SSLeay::X509_V_FLAG_CRL_CHECK()
- );
+ $X509_STORE_flags |= Net::SSLeay::X509_V_FLAG_CRL_CHECK();
if ($arg_hash->{'SSL_crl_file'}) {
my $bio =
Net::SSLeay::BIO_new_file($arg_hash->{'SSL_crl_file'}, 'r');
my $crl = Net::SSLeay::PEM_read_bio_X509_CRL($bio);
@@ -2327,6 +2338,11 @@
}
}
+ Net::SSLeay::X509_STORE_set_flags(
+ Net::SSLeay::CTX_get_cert_store($ctx),
+ $X509_STORE_flags
+ ) if $X509_STORE_flags;
+
Net::SSLeay::CTX_set_default_passwd_cb($ctx,$arg_hash->{SSL_passwd_cb})
if $arg_hash->{SSL_passwd_cb};
@@ -2373,8 +2389,8 @@
# don't free @chain, because CTX_add_extra_chain_cert
# did not duplicate the certificates
}
- $havecert or return
- IO::Socket::SSL->error("Failed to use certificate file");
+ $havecert or return IO::Socket::SSL->error(
+ "Failed to load certificate from file (no PEM, DER or PKCS12)");
}
if (!$havecert || $havekey) {
@@ -2392,9 +2408,8 @@
last;
}
}
- }
- if ($havecert && !$havekey) {
- return IO::Socket::SSL->error("Failed to use private key");
+ $havekey or return IO::Socket::SSL->error(
+ "Failed to load key from file (no PEM or DER)");
}
# replace arg_hash with created context
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/IO-Socket-SSL-2.015/lib/IO/Socket/SSL.pod
new/IO-Socket-SSL-2.016/lib/IO/Socket/SSL.pod
--- old/IO-Socket-SSL-2.015/lib/IO/Socket/SSL.pod 2015-04-17
14:06:34.000000000 +0200
+++ new/IO-Socket-SSL-2.016/lib/IO/Socket/SSL.pod 2015-05-27
07:15:09.000000000 +0200
@@ -821,9 +821,9 @@
trusted certificate authority. In this case you should use this option to
specify the file (C<SSL_ca_file>) or directory (C<SSL_ca_path>) containing the
certificateZ<>(s) of the trusted certificate authorities.
-Also you can give X509* certificate handles (from L<Net::SSLeay> or
-L<IO::Socket::SSL::Utils>) as a list with C<SSL_ca>. These will be added to the
-CA store before path and file and thus take precedence.
+You can also give a list of X509* certificate handles (like you get from
+L<Net::SSLeay> or L<IO::Socket::SSL::Utils::PEM_xxx2cert>) with C<SSL_ca>.
These
+will be added to the CA store before path and file and thus take precedence.
If neither SSL_ca, nor SSL_ca_file or SSL_ca_path are set it will use
C<default_ca()> to determine the user-set or system defaults.
If you really don't want to set a CA set SSL_ca_file or SSL_ca_path to
@@ -859,7 +859,8 @@
should be verified by the client. Same is true for client certificates, which
should be verified by the server.
The certificate can be given as a file with SSL_cert_file or as an internal
-representation of a X509* object with SSL_cert.
+representation of a X509* object (like you get from L<Net::SSLeay> or
+L<IO::Socket::SSL::Utils::PEM_xxx2cert>) with SSL_cert.
If given as a file it will automatically detect the format.
Supported file formats are PEM, DER and PKCS#12, where PEM and PKCS#12 can
contain the certicate and the chain to use, while DER can only contain a single
@@ -873,7 +874,8 @@
For each certificate a key is need, which can either be given as a file with
SSL_key_file or as an internal representation of a EVP_PKEY* object with
-SSL_key.
+SSL_key (like you get from L<Net::SSLeay> or
+L<IO::Socket::SSL::Utils::PEM_xxx2key>).
If a key was already given within the PKCS#12 file specified by SSL_cert_file
it will ignore any SSL_key or SSL_key_file.
If no SSL_key or SSL_key_file was given it will try to use the PEM file given
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/IO-Socket-SSL-2.015/t/auto_verify_hostname.t
new/IO-Socket-SSL-2.016/t/auto_verify_hostname.t
--- old/IO-Socket-SSL-2.015/t/auto_verify_hostname.t 2015-05-13
22:08:44.000000000 +0200
+++ new/IO-Socket-SSL-2.016/t/auto_verify_hostname.t 2015-05-27
07:15:09.000000000 +0200
@@ -9,6 +9,19 @@
do './testlib.pl' || do './t/testlib.pl' || die "no testlib";
+plan tests => 1 + 7 + 4 + 7*2 + 4;
+my @tests = qw(
+ example.com www FAIL
+ server.local ldap OK
+ server.local www FAIL
+ bla.server.local www OK
+ www7.other.local www OK
+ www7.other.local ldap FAIL
+ bla.server.local ldap OK
+);
+
+
+
my $server = IO::Socket::SSL->new(
LocalAddr => '127.0.0.1',
LocalPort => 0,
@@ -32,16 +45,6 @@
}
close($server);
-my @tests = qw(
- example.com www FAIL
- server.local ldap OK
- server.local www FAIL
- bla.server.local www OK
- www7.other.local www OK
- www7.other.local ldap FAIL
- bla.server.local ldap OK
-);
-
IO::Socket::SSL::default_ca('certs/test-ca.pem');
for( my $i=0;$i<@tests;$i+=3 ) {
my ($name,$scheme,$result) = @tests[$i,$i+1,$i+2];
@@ -82,4 +85,3 @@
kill(9,$pid);
wait;
-done_testing();
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/IO-Socket-SSL-2.015/t/io-socket-ip.t
new/IO-Socket-SSL-2.016/t/io-socket-ip.t
--- old/IO-Socket-SSL-2.015/t/io-socket-ip.t 2015-05-13 22:10:41.000000000
+0200
+++ new/IO-Socket-SSL-2.016/t/io-socket-ip.t 2015-05-27 07:18:13.000000000
+0200
@@ -68,7 +68,6 @@
close($server);
my $to_server = IO::Socket::SSL->new(
PeerAddr => $addr,
- Domain => AF_INET,
SSL_verify_mode => 0
) || do {
notok( "connect failed: ".IO::Socket::SSL->errstr() );
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/IO-Socket-SSL-2.015/t/memleak_bad_handshake.t
new/IO-Socket-SSL-2.016/t/memleak_bad_handshake.t
--- old/IO-Socket-SSL-2.015/t/memleak_bad_handshake.t 2015-04-17
14:06:34.000000000 +0200
+++ new/IO-Socket-SSL-2.016/t/memleak_bad_handshake.t 2015-05-27
07:15:09.000000000 +0200
@@ -10,7 +10,22 @@
use IO::Select;
do './testlib.pl' || do './t/testlib.pl' || die "no testlib";
-if ( grep { $^O =~m{$_}i } qw( MacOS VOS vmesa riscos amigaos mswin32) ) {
+my $getsize;
+if ( -f "/proc/$$/statm" ) {
+ $getsize = sub {
+ my $pid = shift;
+ open( my $fh,'<', "/proc/$pid/statm");
+ my $line = <$fh>;
+ return (split(' ',$line))[0] * 4;
+ };
+} elsif ( ! grep { $^O =~m{$_}i } qw( MacOS VOS vmesa riscos amigaos mswin32)
) {
+ $getsize = sub {
+ my $pid = shift;
+ open( my $ps,'-|',"ps -o vsize -p $pid 2>/dev/null" ) or return;
+ $ps && <$ps> or return; # header
+ return int(<$ps>); # size
+ };
+} else {
print "1..0 # Skipped: ps not implemented on this platform\n";
exit
}
@@ -22,7 +37,7 @@
$|=1;
-if ( ! getsize($$) ) {
+if ( ! $getsize->($$) ) {
print "1..0 # Skipped: no usable ps\n";
exit;
}
@@ -52,7 +67,7 @@
for(1..100) {
IO::Socket::INET->new( $saddr ) or next;
}
-my $size100 = getsize($pid);
+my $size100 = $getsize->($pid);
if ( ! $size100 ) {
print "1..0 # Skipped: cannot get size of child process\n";
goto done;
@@ -61,12 +76,12 @@
for(100..200) {
IO::Socket::INET->new( $saddr ) or next;
}
-my $size200 = getsize($pid);
+my $size200 = $getsize->($pid);
for(200..300) {
IO::Socket::INET->new( $saddr ) or next;
}
-my $size300 = getsize($pid);
+my $size300 = $getsize->($pid);
if ($size100>$size200 or $size200<$size300) {;
print "1..0 # skipped - do we measure the right thing?\n";
goto done;
@@ -82,9 +97,3 @@
exit;
-sub getsize {
- my $pid = shift;
- open( my $ps,'-|',"ps -o vsize -p $pid 2>/dev/null" ) or return;
- $ps && <$ps> or return; # header
- return int(<$ps>); # size
-}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/IO-Socket-SSL-2.015/t/protocol_version.t
new/IO-Socket-SSL-2.016/t/protocol_version.t
--- old/IO-Socket-SSL-2.015/t/protocol_version.t 2015-05-13
22:11:14.000000000 +0200
+++ new/IO-Socket-SSL-2.016/t/protocol_version.t 2015-05-27
07:15:09.000000000 +0200
@@ -7,6 +7,9 @@
use IO::Socket::SSL;
do './testlib.pl' || do './t/testlib.pl' || die "no testlib";
+plan skip_all => "Test::More has no done_testing"
+ if !defined &done_testing;
+
$|=1;
my $XDEBUG = 0;
