Hello community,
here is the log from the commit of package perl-IO-Socket-SSL for
openSUSE:Factory checked in at 2016-04-11 09:11:16
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/perl-IO-Socket-SSL (Old)
and /work/SRC/openSUSE:Factory/.perl-IO-Socket-SSL.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "perl-IO-Socket-SSL"
Changes:
--------
--- /work/SRC/openSUSE:Factory/perl-IO-Socket-SSL/perl-IO-Socket-SSL.changes
2016-03-18 21:29:31.000000000 +0100
+++
/work/SRC/openSUSE:Factory/.perl-IO-Socket-SSL.new/perl-IO-Socket-SSL.changes
2016-04-11 09:11:35.000000000 +0200
@@ -1,0 +2,11 @@
+Wed Apr 6 09:46:47 UTC 2016 - [email protected]
+
+- updated to 2.025
+ see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes
+
+ 2.025 2016/04/04
+ - Resolved memleak if SSL_crl_file was used: RT#113257, RT#113530
+ Thanks to avi[DOT]maslati[AT]forescout[DOT]com and
+ mark[DOT]kurman[AT]gmail[DOT]com for reporting the problem
+
+-------------------------------------------------------------------
Old:
----
IO-Socket-SSL-2.024.tar.gz
New:
----
IO-Socket-SSL-2.025.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ perl-IO-Socket-SSL.spec ++++++
--- /var/tmp/diff_new_pack.y0I1HC/_old 2016-04-11 09:11:36.000000000 +0200
+++ /var/tmp/diff_new_pack.y0I1HC/_new 2016-04-11 09:11:36.000000000 +0200
@@ -17,7 +17,7 @@
Name: perl-IO-Socket-SSL
-Version: 2.024
+Version: 2.025
Release: 0
%define cpan_name IO-Socket-SSL
Summary: Nearly transparent SSL encapsulation for IO::Socket::INET
++++++ IO-Socket-SSL-2.024.tar.gz -> IO-Socket-SSL-2.025.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/IO-Socket-SSL-2.024/Changes
new/IO-Socket-SSL-2.025/Changes
--- old/IO-Socket-SSL-2.024/Changes 2016-02-06 20:34:22.000000000 +0100
+++ new/IO-Socket-SSL-2.025/Changes 2016-04-04 09:20:51.000000000 +0200
@@ -1,3 +1,7 @@
+2.025 2016/04/04
+- Resolved memleak if SSL_crl_file was used: RT#113257, RT#113530
+ Thanks to avi[DOT]maslati[AT]forescout[DOT]com and
+ mark[DOT]kurman[AT]gmail[DOT]com for reporting the problem
2.024 2016/02/06
- Work around issue where the connect fails on systems having only a loopback
interface and where IO::Socket::IP is used as super class (default when
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/IO-Socket-SSL-2.024/META.json
new/IO-Socket-SSL-2.025/META.json
--- old/IO-Socket-SSL-2.024/META.json 2016-02-06 20:36:49.000000000 +0100
+++ new/IO-Socket-SSL-2.025/META.json 2016-04-04 09:22:44.000000000 +0200
@@ -4,7 +4,7 @@
"Steffen Ullrich <[email protected]>, Peter Behroozi, Marko Asplund"
],
"dynamic_config" : 1,
- "generated_by" : "ExtUtils::MakeMaker version 6.98, CPAN::Meta::Converter
version 2.120630",
+ "generated_by" : "ExtUtils::MakeMaker version 6.66, CPAN::Meta::Converter
version 2.120921",
"license" : [
"perl_5"
],
@@ -50,5 +50,5 @@
"url" : "https://github.com/noxxi/p5-io-socket-ssl";
}
},
- "version" : "2.024"
+ "version" : "2.025"
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/IO-Socket-SSL-2.024/META.yml
new/IO-Socket-SSL-2.025/META.yml
--- old/IO-Socket-SSL-2.024/META.yml 2016-02-06 20:36:49.000000000 +0100
+++ new/IO-Socket-SSL-2.025/META.yml 2016-04-04 09:22:43.000000000 +0200
@@ -3,26 +3,26 @@
author:
- 'Steffen Ullrich <[email protected]>, Peter Behroozi, Marko Asplund'
build_requires:
- ExtUtils::MakeMaker: '0'
+ ExtUtils::MakeMaker: 0
configure_requires:
- ExtUtils::MakeMaker: '0'
+ ExtUtils::MakeMaker: 0
dynamic_config: 1
-generated_by: 'ExtUtils::MakeMaker version 6.98, CPAN::Meta::Converter version
2.120630'
+generated_by: 'ExtUtils::MakeMaker version 6.66, CPAN::Meta::Converter version
2.120921'
license: perl
meta-spec:
url: http://module-build.sourceforge.net/META-spec-v1.4.html
- version: '1.4'
+ version: 1.4
name: IO-Socket-SSL
no_index:
directory:
- t
- inc
requires:
- Net::SSLeay: '1.46'
- Scalar::Util: '0'
+ Net::SSLeay: 1.46
+ Scalar::Util: 0
resources:
bugtracker: https://rt.cpan.org/Dist/Display.html?Queue=IO-Socket-SSL
homepage: https://github.com/noxxi/p5-io-socket-ssl
license: http://dev.perl.org/licenses/
repository: https://github.com/noxxi/p5-io-socket-ssl
-version: '2.024'
+version: 2.025
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/IO-Socket-SSL-2.024/lib/IO/Socket/SSL.pm
new/IO-Socket-SSL-2.025/lib/IO/Socket/SSL.pm
--- old/IO-Socket-SSL-2.024/lib/IO/Socket/SSL.pm 2016-02-06
20:29:52.000000000 +0100
+++ new/IO-Socket-SSL-2.025/lib/IO/Socket/SSL.pm 2016-04-04
09:18:18.000000000 +0200
@@ -13,7 +13,7 @@
package IO::Socket::SSL;
-our $VERSION = '2.024';
+our $VERSION = '2.025';
use IO::Socket;
use Net::SSLeay 1.46;
@@ -2379,6 +2379,7 @@
if ($arg_hash->{'SSL_crl_file'}) {
my $bio =
Net::SSLeay::BIO_new_file($arg_hash->{'SSL_crl_file'}, 'r');
my $crl = Net::SSLeay::PEM_read_bio_X509_CRL($bio);
+ Net::SSLeay::BIO_free($bio);
if ( $crl ) {
Net::SSLeay::X509_STORE_add_crl(Net::SSLeay::CTX_get_cert_store($ctx), $crl);
} else {
@@ -2876,6 +2877,7 @@
};
if (!($done = $cache->get($certid))) {
push @{ $todo{$uri}{ids} }, $certid;
+ push @{ $todo{$uri}{subj} }, $subj;
} elsif ( $done->{hard_error} ) {
# one error is enough to fail validation
$hard_error = $done->{hard_error};
@@ -2922,11 +2924,13 @@
# do we have a response
if (!$resp) {
- @soft_error = "http request failed"
+ @soft_error = "http request for OCSP failed; subject: ".
+ join("; ",@{$todo->{subj}});
# is it an valid OCSP_RESPONSE
} elsif ( ! eval { $resp = Net::SSLeay::d2i_OCSP_RESPONSE($resp) }) {
- @soft_error = "invalid response (no OCSP_RESPONSE)";
+ @soft_error = "invalid response (no OCSP_RESPONSE); subject: ".
+ join("; ",@{$todo->{subj}});
# hopefully short-time error
$self->{cache}->put($_,{
soft_error => "@soft_error",
@@ -2938,7 +2942,8 @@
!= Net::SSLeay::OCSP_RESPONSE_STATUS_SUCCESSFUL()
){
@soft_error = "OCSP response failed: ".
- Net::SSLeay::OCSP_response_status_str($status);
+ Net::SSLeay::OCSP_response_status_str($status).
+ "; subject: ".join("; ",@{$todo->{subj}});
# hopefully short-time error
$self->{cache}->put($_,{
soft_error => "@soft_error",
@@ -2957,7 +2962,8 @@
while ( my $err = Net::SSLeay::ERR_get_error()) {
push @soft_error, Net::SSLeay::ERR_error_string($err);
}
- @soft_error = 'failed to verify OCSP response' if ! @soft_error;
+ @soft_error = 'failed to verify OCSP response; subject: '.
+ join("; ",@{$todo->{subj}}) if ! @soft_error;
}
# configuration problem or we don't know the signer
$self->{cache}->put($_,{
@@ -2978,7 +2984,8 @@
} elsif ( $rv->[2]{statusType} ==
Net::SSLeay::V_OCSP_CERTSTATUS_GOOD()) {
# soft error, like response after nextUpdate
- push @soft_error,$rv->[1];
+ push @soft_error,$rv->[1]."; subject: ".
+ join("; ",@{$todo->{subj}});
$self->{cache}->put($rv->[0],{
%{$rv->[2]},
soft_error => "@soft_error",
@@ -2987,7 +2994,8 @@
} else {
# hard error
$self->{cache}->put($rv->[0],$rv->[2]);
- push @hard_error, $rv->[1];
+ push @hard_error, $rv->[1]."; subject: ".
+ join("; ",@{$todo->{subj}});
}
} else {
push @miss,$rv->[0];
@@ -3003,7 +3011,8 @@
$DEBUG>=2 && DEBUG("$uri just answered ".@found." of
".(@found+@miss)." requests");
}
} else {
- @soft_error = "no data in response";
+ @soft_error = "no data in response; subject: ".
+ join("; ",@{$todo->{subj}});
# probably configuration problem
$self->{cache}->put($_,{
soft_error => "@soft_error",
