Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package perl-IO-Socket-SSL for openSUSE:Factory checked in at 2022-10-03 13:44:39 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/perl-IO-Socket-SSL (Old) and /work/SRC/openSUSE:Factory/.perl-IO-Socket-SSL.new.2275 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "perl-IO-Socket-SSL" Mon Oct 3 13:44:39 2022 rev:93 rq:1006681 version:2.075 Changes: -------- --- /work/SRC/openSUSE:Factory/perl-IO-Socket-SSL/perl-IO-Socket-SSL.changes 2022-08-07 18:33:53.569146404 +0200 +++ /work/SRC/openSUSE:Factory/.perl-IO-Socket-SSL.new.2275/perl-IO-Socket-SSL.changes 2022-10-03 13:44:55.497370936 +0200 @@ -1,0 +2,13 @@ +Sat Sep 3 03:06:38 UTC 2022 - Tina M??ller <timueller+p...@suse.de> + +- updated to 2.075 + see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes + + 2.075 + - treat SSL_write returning 0 same as previously -1, as suggested by both + OpenSSL and LibreSSL documentation + - propagate error from SSL_shutdown, but if the shutdown is caused by an outer + SSL error keep the original error + - small tests fixes + +------------------------------------------------------------------- Old: ---- IO-Socket-SSL-2.074.tar.gz New: ---- IO-Socket-SSL-2.075.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ perl-IO-Socket-SSL.spec ++++++ --- /var/tmp/diff_new_pack.IZmwOS/_old 2022-10-03 13:44:56.121372309 +0200 +++ /var/tmp/diff_new_pack.IZmwOS/_new 2022-10-03 13:44:56.121372309 +0200 @@ -18,15 +18,14 @@ %define cpan_name IO-Socket-SSL Name: perl-IO-Socket-SSL -Version: 2.074 +Version: 2.075 Release: 0 -Summary: Nearly transparent SSL encapsulation for IO::Socket::INET License: Artistic-1.0 OR GPL-1.0-or-later +Summary: Nearly transparent SSL encapsulation for IO::Socket::INET URL: https://metacpan.org/release/%{cpan_name} Source0: https://cpan.metacpan.org/authors/id/S/SU/SULLR/%{cpan_name}-%{version}.tar.gz Source1: cpanspec.yml -# (bsc#1200295) perl-IO-Socket-SSL doesn't follow system "PROFILE=SYSTEM" openSSL ciphers -# UPSTREAM PATCH: https://git.centos.org/rpms/perl-IO-Socket-SSL/blob/e0b0ae04f5cdb41b1f29cb7d76c23abba7ac35e9/f/SOURCES/IO-Socket-SSL-2.066-use-system-default-cipher-list.patch +# PATCH-FIX-UPSTREAM (bsc1200295) perl-IO-Socket-SSL doesn't follow system "PROFILE=SYSTEM" openSSL ciphers - https://git.centos.org/rpms/perl-IO-Socket-SSL/blob/e0b0ae04f5cdb41b1f29cb7d76c23abba7ac35e9/f/SOURCES/IO-Socket-SSL-2.066-use-system-default-cipher-list.patch Patch0: perl-IO-Socket-SSL-use-system-default-cipher-list.patch BuildArch: noarch BuildRequires: perl ++++++ IO-Socket-SSL-2.074.tar.gz -> IO-Socket-SSL-2.075.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/IO-Socket-SSL-2.074/Changes new/IO-Socket-SSL-2.075/Changes --- old/IO-Socket-SSL-2.074/Changes 2022-01-07 16:06:58.000000000 +0100 +++ new/IO-Socket-SSL-2.075/Changes 2022-05-30 17:02:02.000000000 +0200 @@ -1,3 +1,9 @@ +2.075 +- treat SSL_write returning 0 same as previously -1, as suggested by both + OpenSSL and LibreSSL documentation +- propagate error from SSL_shutdown, but if the shutdown is caused by an outer + SSL error keep the original error +- small tests fixes 2.074 - add SSL_ciphersuites option for TLS 1.3 ciphers - no longer use own default for ciphers, instead use system default but disable diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/IO-Socket-SSL-2.074/META.json new/IO-Socket-SSL-2.075/META.json --- old/IO-Socket-SSL-2.074/META.json 2022-01-07 16:08:40.000000000 +0100 +++ new/IO-Socket-SSL-2.075/META.json 2022-05-30 17:03:52.000000000 +0200 @@ -52,6 +52,6 @@ "url" : "https://github.com/noxxi/p5-io-socket-ssl"; } }, - "version" : "2.074", + "version" : "2.075", "x_serialization_backend" : "JSON::PP version 4.02" } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/IO-Socket-SSL-2.074/META.yml new/IO-Socket-SSL-2.075/META.yml --- old/IO-Socket-SSL-2.074/META.yml 2022-01-07 16:08:39.000000000 +0100 +++ new/IO-Socket-SSL-2.075/META.yml 2022-05-30 17:03:52.000000000 +0200 @@ -27,5 +27,5 @@ homepage: https://github.com/noxxi/p5-io-socket-ssl license: http://dev.perl.org/licenses/ repository: https://github.com/noxxi/p5-io-socket-ssl -version: '2.074' +version: '2.075' x_serialization_backend: 'CPAN::Meta::YAML version 0.018' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/IO-Socket-SSL-2.074/lib/IO/Socket/SSL.pm new/IO-Socket-SSL-2.075/lib/IO/Socket/SSL.pm --- old/IO-Socket-SSL-2.074/lib/IO/Socket/SSL.pm 2022-01-07 15:47:38.000000000 +0100 +++ new/IO-Socket-SSL-2.075/lib/IO/Socket/SSL.pm 2022-05-30 16:57:19.000000000 +0200 @@ -13,7 +13,7 @@ package IO::Socket::SSL; -our $VERSION = '2.074'; +our $VERSION = '2.075'; use IO::Socket; use Net::SSLeay 1.46; @@ -1211,7 +1211,7 @@ } else { $written = Net::SSLeay::write_partial( $ssl,$offset,$length,$$buffer ); # write_partial does SSL_write which returns -1 on error - $written = undef if $written < 0; + $written = undef if $written <= 0; } if ( !defined($written) ) { if ( my $err = $self->_skip_rw_error( $ssl,-1 )) { @@ -1432,11 +1432,16 @@ # initiate or complete shutdown local $SIG{PIPE} = 'IGNORE'; + $SSL_ERROR = $! = undef; my $rv = Net::SSLeay::shutdown($ssl); if ( $rv < 0 ) { # non-blocking socket? if ( ! $timeout ) { - $self->_skip_rw_error( $ssl,$rv ); + if ( my $err = $self->_skip_rw_error( $ssl, $rv )) { + # if $! is not set with ERROR_SYSCALL then report as EPIPE + $! ||= EPIPE if $err == $Net_SSLeay_ERROR_SYSCALL; + $self->error("SSL shutdown error ($err)"); + } # need to try again return; } @@ -1976,6 +1981,7 @@ my $self = shift; my $error_trap = ${*$self}{'_SSL_arguments'}->{'SSL_error_trap'}; $@ = $self->errstr; + my $saved_error = $SSL_ERROR; if (defined $error_trap and ref($error_trap) eq 'CODE') { $error_trap->($self, $self->errstr()."\n".$self->get_ssleay_error()); } elsif ( ${*$self}{'_SSL_ioclass_upgraded'} @@ -1987,6 +1993,7 @@ # kill socket $self->close } + $SSL_ERROR = $saved_error if $saved_error; return; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/IO-Socket-SSL-2.074/t/external/fingerprint.pl new/IO-Socket-SSL-2.075/t/external/fingerprint.pl --- old/IO-Socket-SSL-2.074/t/external/fingerprint.pl 2021-12-22 10:34:33.000000000 +0100 +++ new/IO-Socket-SSL-2.075/t/external/fingerprint.pl 2022-05-30 16:51:02.000000000 +0200 @@ -36,7 +36,7 @@ port => 443 }, { - fingerprint => 'sha1$pub$06d0540a8a17d0b794793830811985d821833ce0', + fingerprint => 'sha1$pub$151e1d9f65439c2612900df11c6e59b70a4bd135', host => 'www.yahoo.com', port => 443, subject_hash_ca => '244b5494' @@ -54,13 +54,13 @@ subject_hash_ca => '607986c7' }, { - fingerprint => 'sha1$pub$5ae9284e67d6e91db39f1f7e10cfab2e987ef1f2', + fingerprint => 'sha1$pub$232e02961a493a2e528460d0d3c0720a8f533428', host => 'www.twitter.com', port => 443, subject_hash_ca => '3513523f' }, { - fingerprint => 'sha1$pub$2003390d568988d918b40a10e2d32cf297d22117', + fingerprint => 'sha1$pub$e984dd7aa13ee2856e2e0162a385715b35b7ca99', host => 'www.facebook.com', port => 443, subject_hash_ca => '244b5494' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/IO-Socket-SSL-2.074/t/session_ticket.t new/IO-Socket-SSL-2.075/t/session_ticket.t --- old/IO-Socket-SSL-2.074/t/session_ticket.t 2021-01-22 17:48:39.000000000 +0100 +++ new/IO-Socket-SSL-2.075/t/session_ticket.t 2022-01-10 13:25:14.000000000 +0100 @@ -57,6 +57,10 @@ SSL_key => $client_key, SSL_ca => [ $cert ], + # LibreSSL has currently no support for TLS 1.3 session handling + # therefore enforce TLS 1.2 + Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") ? + (SSL_version => 'TLSv1_2') : # versions of Net::SSLeay with support for SESSION_up_ref have also the # other functionality needed for proper TLS 1.3 session handling defined(&Net::SSLeay::SESSION_up_ref) ? () diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/IO-Socket-SSL-2.074/t/sessions.t new/IO-Socket-SSL-2.075/t/sessions.t --- old/IO-Socket-SSL-2.074/t/sessions.t 2021-01-22 17:48:39.000000000 +0100 +++ new/IO-Socket-SSL-2.075/t/sessions.t 2022-01-10 13:23:49.000000000 +0100 @@ -43,13 +43,17 @@ $what = 'client'; @servers = (); my $ctx = IO::Socket::SSL::SSL_Context->new( - SSL_ca_file => "certs/test-ca.pem", - # make cache large enough since we get multiple tickets with TLS 1.3 - SSL_session_cache_size => 100, + SSL_ca_file => "certs/test-ca.pem", + # make cache large enough since we get multiple tickets with TLS 1.3 + SSL_session_cache_size => 100, + # LibreSSL has currently no support for TLS 1.3 session handling + # therefore enforce TLS 1.2 + Net::SSLeay::constant("LIBRESSL_VERSION_NUMBER") ? + (SSL_version => 'TLSv1_2') : # versions of Net::SSLeay with support for SESSION_up_ref have also the # other functionality needed for proper TLS 1.3 session handling - defined(&Net::SSLeay::SESSION_up_ref) ? () - : (SSL_version => 'SSLv23:!TLSv1_3:!SSLv3:!SSLv2'), + defined(&Net::SSLeay::SESSION_up_ref) ? () : + (SSL_version => 'SSLv23:!TLSv1_3:!SSLv3:!SSLv2'), ); my $cache = $ctx->{session_cache} or do { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/IO-Socket-SSL-2.074/t/set_curves.t new/IO-Socket-SSL-2.075/t/set_curves.t --- old/IO-Socket-SSL-2.074/t/set_curves.t 2020-02-14 15:23:13.000000000 +0100 +++ new/IO-Socket-SSL-2.075/t/set_curves.t 2022-01-15 08:08:24.000000000 +0100 @@ -47,12 +47,13 @@ close($server); for my $t (@tests) { my (undef,$curves) = @$t; - IO::Socket::SSL->new( + my $cl = IO::Socket::SSL->new( PeerAddr => $saddr, SSL_verify_mode => 1, SSL_ca_file => 'certs/test-ca.pem', SSL_ecdh_curve => $curves, - ); + ) or next; + <$cl>; } exit; } @@ -69,5 +70,6 @@ } else { print "not ok # expect success $curves: $SSL_ERROR\n"; } + close($csock) if $csock; } wait; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/IO-Socket-SSL-2.074/t/verify_fingerprint.t new/IO-Socket-SSL-2.075/t/verify_fingerprint.t --- old/IO-Socket-SSL-2.074/t/verify_fingerprint.t 2021-01-22 17:48:39.000000000 +0100 +++ new/IO-Socket-SSL-2.075/t/verify_fingerprint.t 2022-01-14 22:03:36.000000000 +0100 @@ -80,8 +80,10 @@ defined( my $pid = fork()) or die $!; if ( $pid ) { push @child,$pid; + my $saddr = '127.0.0.1:'.$sock->sockport; + close($sock); return ( - '127.0.0.1:'.$sock->sockport, + $saddr, map { [ 'sha1$'.Net::SSLeay::X509_get_fingerprint($_,'sha1'), 'sha1$pub$'.unpack("H*",Net::SSLeay::X509_pubkey_digest($_, ++++++ cpanspec.yml ++++++ --- /var/tmp/diff_new_pack.IZmwOS/_old 2022-10-03 13:44:56.257372608 +0200 +++ /var/tmp/diff_new_pack.IZmwOS/_new 2022-10-03 13:44:56.265372625 +0200 @@ -1,5 +1,5 @@ patches: - perl-IO-Socket-SSL-use-system-default-cipher-list.patch: -p1 + perl-IO-Socket-SSL-use-system-default-cipher-list.patch: -p1 PATCH-FIX-UPSTREAM (bsc1200295) perl-IO-Socket-SSL doesn't follow system "PROFILE=SYSTEM" openSSL ciphers - https://git.centos.org/rpms/perl-IO-Socket-SSL/blob/e0b0ae04f5cdb41b1f29cb7d76c23abba7ac35e9/f/SOURCES/IO-Socket-SSL-2.066-use-system-default-cipher-list.patch ignore_requires: Mozilla::CA prep: |- rm README.Win32
