Hello community,
here is the log from the commit of package perl-IO-Socket-SSL for
openSUSE:Factory checked in at 2017-09-25 13:49:05
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/perl-IO-Socket-SSL (Old)
and /work/SRC/openSUSE:Factory/.perl-IO-Socket-SSL.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "perl-IO-Socket-SSL"
Mon Sep 25 13:49:05 2017 rev:74 rq:528222 version:2.051
Changes:
--------
--- /work/SRC/openSUSE:Factory/perl-IO-Socket-SSL/perl-IO-Socket-SSL.changes
2016-04-11 09:11:35.000000000 +0200
+++
/work/SRC/openSUSE:Factory/.perl-IO-Socket-SSL.new/perl-IO-Socket-SSL.changes
2017-09-25 13:49:09.165478348 +0200
@@ -1,0 +2,84 @@
+Thu Sep 21 15:37:34 UTC 2017 - [email protected]
+
+- update to 2.051
+ - syswrite: if SSL_write sets SSL_ERROR_SYSCALL but no $! (as seen with
+ OpenSSL 1.1.0 on Windows) set $! to EPIPE to propagate a useful error up
+ https://github.com/noxxi/p5-io-socket-ssl/issues/62
+ - removed unecessary settings of SSL_version and SSL_cipher_list from tests
+ - protocol_version.t can now deal when TLS 1.0 and/or TLS 1.1 are not
supported
+ as is the case with openssl versions in latest Debian (buster)
+ - fixed problem caused by typo in the context of session cache
+ https://github.com/noxxi/p5-io-socket-ssl/issues/60
+ - update PublicSuffix information from publicsuffix.org
+ - fixed small memory leaks during destruction of socket and context,
RT#120643
+ - better fix for problem which 2.046 tried to fix but broke LWP this way
+ - cleanup everything in DESTROY and make sure to start with a fresh %{*self}
+ in configure_SSL because it can happen that a GLOB gets used again without
+ calling DESTROY (https://github.com/noxxi/p5-io-socket-ssl/issues/56)
+ - fixed memory leak caused by not destroying CREATED_IN_THIS_THREAD for SSL
+ objects -> github pull#55
+ - optimization: don't track SSL objects and CTX in *CREATED_IN_THIS_THREAD
+ if perl is compiled w/o thread support
+ - small fix in t/protocol_version.t to use older versions of Net::SSLeay
+ with openssl build w/o SSLv3 support
+ - when setting SSL_keepSocketOnError to true the socket will not be closed
+ on fatal error. This is a modified version of
+ https://github.com/noxxi/p5-io-socket-ssl/pull/53/
+ - protect various 'eval'-based capability detections at startup with a
localized
+ __DIE__ handler. This way dynamically requiring IO::Socket::SSL as done by
+ various third party software should cause less problems even if there is a
+ global __DIE__ handler which does not properly deal with 'eval'.
+ - make t/session_ticket.t work with OpenSSL 1.1.0. With this version the
+ session does not get reused any longer if it was not properly closed which
+ is now done using an explicit close by the client which causes a
+ proper SSL_shutdown
+ - enable session ticket callback with Net::SSLeay>=1.80
+ - leave session ticket callback off for now until the needed patch is
+ included in Net::SSLeay. See
+ https://rt.cpan.org/Ticket/Display.html?id=116118#txn-1696146
+ - fix detection of default CA path for OpenSSL 1.1.x
+ - Utils::CERT_asHash now includes the signature algorithm used
+ - Utils::CERT_asHash can now deal with large serial numbers
+ - OpenSSL 1.1.0c changed the behavior of SSL_read so that it now returns -1
on
+ EOF without proper SSL shutdown. Since it looks like that this behavior
will
+ be kept at least for 1.1.1+ adapt to the changed API by treating
errno=NOERR
+ on SSL_ERROR_SYSCALL as EOF.
+ - restrict session ticket callback to Net::SSLeay 1.79+ since version before
+ contains bug. Add test for session reuse
+ - extend SSL fingerprint to pubkey digest, i.e. 'sha1$pub$xxxxxx....'
+ - fix t/external/ocsp.t to use different server (under my control) to check
+ OCSP stapling
+ - fix session cache del_session: it freed the session but did not properly
+ remove it from the cache. Further reuse causes crash.
+ - disable OCSP support when Net::SSLeay 1.75..1.77 is used, see RT#116795
+ - move handling of global SSL arguments into creation of context, so that
these
+ get also applied when creating a context only.
+ - support for session ticket reuse over multiple contexts and processes
+ (if supported by Net::SSLeay)
+ - small optimizations, like saving various Net::SSLeay constants into
variables
+ and access variables instead of calling the constant sub all the time
+ - make t/dhe.t work with openssl 1.1.0
+ - Set session id context only on the server side. Even if the documentation
for
+ SSL_CTX_set_session_id_context makes clear that this function is server
side
+ only it actually affects hndling of session reuse on the client side too
and
+ can result in error "SSL3_GET_SERVER_HELLO:attempt to reuse session in
+ different context" at the client.
+ - Utils::CERT_create - don't add given extensions again if they were already
+ added. Firefox croaks with sec_error_extension_value_invalid if (specific?)
+ extensions are given twice.
+ - assume that Net::SSLeay::P_PKCS12_load_file will return the CA certificates
+ with the reverse order as in the PKCS12 file, because that's what it does.
+ - support for creating ECC keys in Utils once supported by Net::SSLeay
+ - remove internal sub session_cache and access cache directly (faster)
+ - fix del_session method in case a single item was in the cache
+ - use SSL_session_key as the real key for the cache and not some derivate of
it,
+ so that it works to remove the entry using the same key
+ - add del_session method to session cache
+ - only added Changes for 2.026
+ - update default server and client ciphers based on recommendation of
+ Mozilla and what the current browsers use. Notably this finally disables
+ RC4 for the client (was disabled for server long ago) and adds CHACHA20.
+- drop perl-IO-Socket-SSL_add_DHE-RSA_to_default_client_cipher_list.patch
+ (upstream)
+
+-------------------------------------------------------------------
Old:
----
IO-Socket-SSL-2.025.tar.gz
perl-IO-Socket-SSL_add_DHE-RSA_to_default_client_cipher_list.patch
New:
----
IO-Socket-SSL-2.051.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ perl-IO-Socket-SSL.spec ++++++
--- /var/tmp/diff_new_pack.UQnm1w/_old 2017-09-25 13:49:10.097347246 +0200
+++ /var/tmp/diff_new_pack.UQnm1w/_new 2017-09-25 13:49:10.097347246 +0200
@@ -1,7 +1,7 @@
#
# spec file for package perl-IO-Socket-SSL
#
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
Name: perl-IO-Socket-SSL
-Version: 2.025
+Version: 2.051
Release: 0
%define cpan_name IO-Socket-SSL
Summary: Nearly transparent SSL encapsulation for IO::Socket::INET
@@ -26,7 +26,6 @@
Url: http://search.cpan.org/dist/IO-Socket-SSL/
Source0:
http://www.cpan.org/authors/id/S/SU/SULLR/%{cpan_name}-%{version}.tar.gz
Source1: cpanspec.yml
-Patch0:
perl-IO-Socket-SSL_add_DHE-RSA_to_default_client_cipher_list.patch
BuildArch: noarch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: perl
@@ -77,7 +76,6 @@
%prep
%setup -q -n %{cpan_name}-%{version}
find . -type f ! -name \*.pl -print0 | xargs -0 chmod 644
-%patch0 -p1
%build
%{__perl} Makefile.PL INSTALLDIRS=vendor
++++++ IO-Socket-SSL-2.025.tar.gz -> IO-Socket-SSL-2.051.tar.gz ++++++
++++ 5788 lines of diff (skipped)
++++++ cpanspec.yml ++++++
--- /var/tmp/diff_new_pack.UQnm1w/_old 2017-09-25 13:49:10.233328116 +0200
+++ /var/tmp/diff_new_pack.UQnm1w/_new 2017-09-25 13:49:10.233328116 +0200
@@ -1,3 +1,2 @@
---
patches:
- perl-IO-Socket-SSL_add_DHE-RSA_to_default_client_cipher_list.patch: -p1
