Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package perl-IO-Socket-SSL for openSUSE:Factory checked in at 2021-03-05 13:44:02 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/perl-IO-Socket-SSL (Old) and /work/SRC/openSUSE:Factory/.perl-IO-Socket-SSL.new.2378 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "perl-IO-Socket-SSL" Fri Mar 5 13:44:02 2021 rev:87 rq:876215 version:2.070 Changes: -------- --- /work/SRC/openSUSE:Factory/perl-IO-Socket-SSL/perl-IO-Socket-SSL.changes 2020-05-05 18:54:59.389360949 +0200 +++ /work/SRC/openSUSE:Factory/.perl-IO-Socket-SSL.new.2378/perl-IO-Socket-SSL.changes 2021-03-05 13:44:11.491563029 +0100 @@ -1,0 +2,14 @@ +Sat Feb 27 03:06:38 UTC 2021 - Tina M??ller <timueller+p...@suse.de> + +- updated to 2.070 + see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes + + 2.070 2021/02/26 + - changed bugtracker in Makefile.PL to github, away from obsolete rt.cpan.org + 2.069 2021/01/22 + - IO::Socket::Utils CERT_asHash and CERT_create now support subject and issuer + with multiple same parts (like multiple OU). In this case an array ref instead + of a scalar is used as hash value. + https://github.com/noxxi/p5-io-socket-ssl/issues/95 + +------------------------------------------------------------------- Old: ---- IO-Socket-SSL-2.068.tar.gz New: ---- IO-Socket-SSL-2.070.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ perl-IO-Socket-SSL.spec ++++++ --- /var/tmp/diff_new_pack.WJOMo8/_old 2021-03-05 13:44:12.007563497 +0100 +++ /var/tmp/diff_new_pack.WJOMo8/_new 2021-03-05 13:44:12.007563497 +0100 @@ -1,7 +1,7 @@ # # spec file for package perl-IO-Socket-SSL # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,18 +16,16 @@ # +%define cpan_name IO-Socket-SSL Name: perl-IO-Socket-SSL -Version: 2.068 +Version: 2.070 Release: 0 -%define cpan_name IO-Socket-SSL Summary: Nearly transparent SSL encapsulation for IO::Socket::INET License: Artistic-1.0 OR GPL-1.0-or-later -Group: Development/Libraries/Perl URL: https://metacpan.org/release/%{cpan_name} Source0: https://cpan.metacpan.org/authors/id/S/SU/SULLR/%{cpan_name}-%{version}.tar.gz Source1: cpanspec.yml BuildArch: noarch -BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: perl BuildRequires: perl-macros #BuildRequires: perl(Mozilla::CA) @@ -76,15 +74,12 @@ * * IO::Socket::SSL::Utils - Useful functions for certificates etc %prep -%setup -q -n %{cpan_name}-%{version} +%autosetup -n %{cpan_name}-%{version} find . -type f ! -path "*/t/*" ! -name "*.pl" ! -path "*/bin/*" ! -path "*/script/*" ! -name "configure" -print0 | xargs -0 chmod 644 -# MANUAL BEGIN -rm README.Win32 -# MANUAL END %build perl Makefile.PL INSTALLDIRS=vendor -make %{?_smp_mflags} +%make_build %check make test @@ -95,7 +90,6 @@ %perl_gen_filelist %files -f %{name}.files -%defattr(-,root,root,755) -%doc BUGS Changes docs example README +%doc BUGS Changes docs example README README.Win32 %changelog ++++++ IO-Socket-SSL-2.068.tar.gz -> IO-Socket-SSL-2.070.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/IO-Socket-SSL-2.068/Changes new/IO-Socket-SSL-2.070/Changes --- old/IO-Socket-SSL-2.068/Changes 2020-03-31 08:13:45.000000000 +0200 +++ new/IO-Socket-SSL-2.070/Changes 2021-02-26 09:00:47.000000000 +0100 @@ -1,3 +1,10 @@ +2.070 2021/02/26 +- changed bugtracker in Makefile.PL to github, away from obsolete rt.cpan.org +2.069 2021/01/22 +- IO::Socket::Utils CERT_asHash and CERT_create now support subject and issuer + with multiple same parts (like multiple OU). In this case an array ref instead + of a scalar is used as hash value. + https://github.com/noxxi/p5-io-socket-ssl/issues/95 2.068 2020/03/31 - treat OpenSSL 1.1.1e as broken and refuse to build with it in order to prevent follow-up problems in tests and user code diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/IO-Socket-SSL-2.068/META.json new/IO-Socket-SSL-2.070/META.json --- old/IO-Socket-SSL-2.068/META.json 2020-03-31 08:13:55.000000000 +0200 +++ new/IO-Socket-SSL-2.070/META.json 2021-02-26 09:01:59.000000000 +0100 @@ -4,13 +4,13 @@ "Steffen Ullrich <su...@cpan.org>, Peter Behroozi, Marko Asplund" ], "dynamic_config" : 1, - "generated_by" : "ExtUtils::MakeMaker version 7.24, CPAN::Meta::Converter version 2.150010", + "generated_by" : "ExtUtils::MakeMaker version 7.34, CPAN::Meta::Converter version 2.150010", "license" : [ "perl_5" ], "meta-spec" : { "url" : "http://search.cpan.org/perldoc?CPAN::Meta::Spec", - "version" : "2" + "version" : 2 }, "name" : "IO-Socket-SSL", "no_index" : { @@ -42,7 +42,7 @@ "release_status" : "stable", "resources" : { "bugtracker" : { - "web" : "https://rt.cpan.org/Dist/Display.html?Queue=IO-Socket-SSL" + "web" : "https://github.com/noxxi/p5-io-socket-ssl/issues" }, "homepage" : "https://github.com/noxxi/p5-io-socket-ssl", "license" : [ @@ -52,6 +52,6 @@ "url" : "https://github.com/noxxi/p5-io-socket-ssl" } }, - "version" : "2.068", - "x_serialization_backend" : "JSON::PP version 2.27400_02" + "version" : "2.070", + "x_serialization_backend" : "JSON::PP version 4.02" } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/IO-Socket-SSL-2.068/META.yml new/IO-Socket-SSL-2.070/META.yml --- old/IO-Socket-SSL-2.068/META.yml 2020-03-31 08:13:55.000000000 +0200 +++ new/IO-Socket-SSL-2.070/META.yml 2021-02-26 09:01:59.000000000 +0100 @@ -8,7 +8,7 @@ ExtUtils::MakeMaker: '0' Net::SSLeay: '1.46' dynamic_config: 1 -generated_by: 'ExtUtils::MakeMaker version 7.24, CPAN::Meta::Converter version 2.150010' +generated_by: 'ExtUtils::MakeMaker version 7.34, CPAN::Meta::Converter version 2.150010' license: perl meta-spec: url: http://module-build.sourceforge.net/META-spec-v1.4.html @@ -23,9 +23,9 @@ Net::SSLeay: '1.46' Scalar::Util: '0' resources: - bugtracker: https://rt.cpan.org/Dist/Display.html?Queue=IO-Socket-SSL + bugtracker: https://github.com/noxxi/p5-io-socket-ssl/issues homepage: https://github.com/noxxi/p5-io-socket-ssl license: http://dev.perl.org/licenses/ repository: https://github.com/noxxi/p5-io-socket-ssl -version: '2.068' +version: '2.070' x_serialization_backend: 'CPAN::Meta::YAML version 0.018' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/IO-Socket-SSL-2.068/Makefile.PL new/IO-Socket-SSL-2.070/Makefile.PL --- old/IO-Socket-SSL-2.068/Makefile.PL 2020-03-31 08:07:33.000000000 +0200 +++ new/IO-Socket-SSL-2.070/Makefile.PL 2021-02-26 09:00:15.000000000 +0100 @@ -156,7 +156,7 @@ license => 'http://dev.perl.org/licenses/', repository => 'https://github.com/noxxi/p5-io-socket-ssl', homepage => 'https://github.com/noxxi/p5-io-socket-ssl', - bugtracker => 'https://rt.cpan.org/Dist/Display.html?Queue=IO-Socket-SSL', + bugtracker => 'https://github.com/noxxi/p5-io-socket-ssl/issues', }, }, ):(), diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/IO-Socket-SSL-2.068/lib/IO/Socket/SSL/Utils.pm new/IO-Socket-SSL-2.070/lib/IO/Socket/SSL/Utils.pm --- old/IO-Socket-SSL-2.068/lib/IO/Socket/SSL/Utils.pm 2020-02-14 15:23:13.000000000 +0100 +++ new/IO-Socket-SSL-2.070/lib/IO/Socket/SSL/Utils.pm 2021-01-22 17:48:48.000000000 +0100 @@ -149,16 +149,27 @@ $cert,$digest_name), ); - my $subj = Net::SSLeay::X509_get_subject_name($cert); - my %subj; - for ( 0..Net::SSLeay::X509_NAME_entry_count($subj)-1 ) { - my $e = Net::SSLeay::X509_NAME_get_entry($subj,$_); - my $o = Net::SSLeay::X509_NAME_ENTRY_get_object($e); - $subj{ Net::SSLeay::OBJ_obj2txt($o) } = - Net::SSLeay::P_ASN1_STRING_get( - Net::SSLeay::X509_NAME_ENTRY_get_data($e)); + for([ subject => Net::SSLeay::X509_get_subject_name($cert) ], + [ issuer => Net::SSLeay::X509_get_issuer_name($cert) ]) { + my ($what,$subj) = @$_; + my %subj; + for ( 0..Net::SSLeay::X509_NAME_entry_count($subj)-1 ) { + my $e = Net::SSLeay::X509_NAME_get_entry($subj,$_); + my $k = Net::SSLeay::OBJ_obj2txt( + Net::SSLeay::X509_NAME_ENTRY_get_object($e)); + my $v = Net::SSLeay::P_ASN1_STRING_get( + Net::SSLeay::X509_NAME_ENTRY_get_data($e)); + if (!exists $subj{$k}) { + $subj{$k} = $v; + } elsif (!ref $subj{$k}) { + $subj{$k} = [ $subj{$k}, $v ]; + } else { + push @{$subj{$k}}, $v; + } + } + $hash{$what} = \%subj; } - $hash{subject} = \%subj; + if ( my @names = Net::SSLeay::X509_get_subjectAltNames($cert) ) { my $alt = $hash{subjectAltNames} = []; @@ -198,17 +209,6 @@ } } - my $issuer = Net::SSLeay::X509_get_issuer_name($cert); - my %issuer; - for ( 0..Net::SSLeay::X509_NAME_entry_count($issuer)-1 ) { - my $e = Net::SSLeay::X509_NAME_get_entry($issuer,$_); - my $o = Net::SSLeay::X509_NAME_ENTRY_get_object($e); - $issuer{ Net::SSLeay::OBJ_obj2txt($o) } = - Net::SSLeay::P_ASN1_STRING_get( - Net::SSLeay::X509_NAME_ENTRY_get_data($e)); - } - $hash{issuer} = \%issuer; - my @ext; for( 0..Net::SSLeay::X509_get_ext_count($cert)-1 ) { my $e = Net::SSLeay::X509_get_ext($cert,$_); @@ -271,14 +271,17 @@ organizationName => 'IO::Socket::SSL', commonName => 'IO::Socket::SSL Test' }; + while ( my ($k,$v) = each %$subj ) { # Not everything we get is nice - try with MBSTRING_UTF8 first and if it # fails try V_ASN1_T61STRING and finally V_ASN1_OCTET_STRING - Net::SSLeay::X509_NAME_add_entry_by_txt($subj_e,$k,0x1000,$v,-1,0) - or Net::SSLeay::X509_NAME_add_entry_by_txt($subj_e,$k,20,$v,-1,0) - or Net::SSLeay::X509_NAME_add_entry_by_txt($subj_e,$k,4,$v,-1,0) - or croak("failed to add entry for $k - ". - Net::SSLeay::ERR_error_string(Net::SSLeay::ERR_get_error())); + for (ref($v) ? @$v : ($v)) { + Net::SSLeay::X509_NAME_add_entry_by_txt($subj_e,$k,0x1000,$_,-1,0) + or Net::SSLeay::X509_NAME_add_entry_by_txt($subj_e,$k,20,$_,-1,0) + or Net::SSLeay::X509_NAME_add_entry_by_txt($subj_e,$k,4,$_,-1,0) + or croak("failed to add entry for $k - ". + Net::SSLeay::ERR_error_string(Net::SSLeay::ERR_get_error())); + } } my @ext = ( @@ -544,7 +547,9 @@ =item subject Hash with the parts of the subject, e.g. commonName, countryName, -organizationName, stateOrProvinceName, localityName. +organizationName, stateOrProvinceName, localityName. If there are multiple +values for any of these parts the hash value will be an array ref with the +values in order instead of just a scalar. =item subjectAltNames @@ -555,7 +560,9 @@ =item issuer Hash with the parts of the issuer, e.g. commonName, countryName, -organizationName, stateOrProvinceName, localityName. +organizationName, stateOrProvinceName, localityName. If there are multiple +values for any of these parts the hash value will be an array ref with the +values in order instead of just a scalar. =item not_before, not_after diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/IO-Socket-SSL-2.068/lib/IO/Socket/SSL.pm new/IO-Socket-SSL-2.070/lib/IO/Socket/SSL.pm --- old/IO-Socket-SSL-2.068/lib/IO/Socket/SSL.pm 2020-03-31 08:08:00.000000000 +0200 +++ new/IO-Socket-SSL-2.070/lib/IO/Socket/SSL.pm 2021-02-26 09:00:28.000000000 +0100 @@ -13,7 +13,7 @@ package IO::Socket::SSL; -our $VERSION = '2.068'; +our $VERSION = '2.070'; use IO::Socket; use Net::SSLeay 1.46; @@ -2989,11 +2989,11 @@ my $snictx = $ctx{lc($host)} || $ctx{''} or do { $DEBUG>1 and DEBUG( "cannot get context from servername '$host'"); - return 0; + return 2; # SSL_TLSEXT_ERR_ALERT_FATAL }; $DEBUG>1 and DEBUG("set context from servername $host"); Net::SSLeay::set_SSL_CTX($ssl,$snictx) if $snictx != $ctx; - return 1; + return 0; # SSL_TLSEXT_ERR_OK }); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/IO-Socket-SSL-2.068/t/sni.t new/IO-Socket-SSL-2.070/t/sni.t --- old/IO-Socket-SSL-2.068/t/sni.t 2020-02-14 15:23:13.000000000 +0100 +++ new/IO-Socket-SSL-2.070/t/sni.t 2020-12-08 15:14:18.000000000 +0100 @@ -63,20 +63,29 @@ SSL_verify_mode => 1, SSL_hostname => $host, SSL_ca_file => 'certs/test-ca.pem', - ) || print "not "; - print "ok # client ssl connect $host\n"; - - $client->verify_hostname($host,'http') or print "not "; - print "ok # client verify hostname in cert $host\n"; + ); + if ($client) { + print "ok # client ssl connect $host\n"; + $client->verify_hostname($host,'http') or print "not "; + print "ok # client verify hostname in cert $host\n"; + } else { + print "not ok # client ssl connect $host - $SSL_ERROR\n"; + print "ok # skip connect failed\n"; + } } exit; } for my $host (@tests) { - my $csock = $server->accept or print "not "; - print "ok # server accept\n"; - my $name = $csock->get_servername; - print "not " if ! $name or $name ne $host; - print "ok # server got SNI name $host\n"; + my $csock = $server->accept; + if ($csock) { + print "ok # server accept\n"; + my $name = $csock->get_servername; + print "not " if ! $name or $name ne $host; + print "ok # server got SNI name $host\n"; + } else { + print "not ok # server accept - $SSL_ERROR\n"; + print "ok # skip accept failed\n"; + } } wait;