This is an automated email from the git hooks/post-receive script.

carnil pushed a change to annotated tag debian/2.046-1
in repository libio-socket-ssl-perl.

        at  4b67b24   (tag)
   tagging  d3795061e580e16e07c3768c38decbef6cd0f1d6 (commit)
  replaces  debian/2.045-1
 tagged by  Salvatore Bonaccorso
        on  Thu Feb 16 06:10:33 2017 +0100

- Log -----------------------------------------------------------------
tagging package libio-socket-ssl-perl version debian/2.046-1


Alexander Bluhm (2):
      Replace fail(...) with ok(0,...) in t/alpn.t.
      Put back a not ok accept failure that got lost in e8f4058.

Alexandr Ciornii (1):
      print module that was used as a parent

Andreas Huber (2):
      only do "stop_SSL" after accept_SSL failed with SSL_startHandshake=0 in 
      call to connect_SSL will fail if handshake already done; adds DEBUG 

Andy Grundman (1):
      Fix failing non-blocking test on Unix platforms where EWOULDBLOCK is not 
the same as EAGAIN (Solaris, AIX, HP-UX, etc). This bug was introduced by 
commit d95289 for 2.006. The fix is simply to check for either of these errors 
instead of just one.

Chase Whitener (3):
      fixed a few grammatical problems and made some slight word changes to 
enhance readability.  I also made mention of module names links instead of 
plain text
      a few more fixes.  about 40% done with the POD
      a bit further along.  There is a lot to read

Christopher Odenbach (2):
      Decode the serial number the right way
      Include signature algorithm in CERT_asHash

Daniel Frederick Crisman (3):
      Fix a couple DOC schema typos to scheme
      Update README to note needing 1.46 Net::SSLeay
      Update use Net::SSLeay 1.46 (continue v1.90 2013.05.27)

David Steinbrunner (1):
      Spelling corrections

Davs (1):
      fix socket variable name in documentation

E. Choroba (2):
      Fix POD (arrows in C<> sequences)
      Fix POD: brackets in SSL_ticket_keycb example

Jakub Wilk (4):
      Fix typos
      Fix typos
      Fix typo
      Fix typos

Jerry Lundström (1):
      Enhance the SNI support by configuring the SNI contexts in the same way 
as the main context.

Salvatore Bonaccorso (4):
      New upstream version 2.046
      Merge tag 'upstream/2.046'
      Update debian/changelog
      Prepare changelog for release

Steffen Ullrich (355):
      security fix for verify_hostname_of_cert, Version 1.26
      t/verify_hostname.t fixed number of tests
      v1.27 regex fixes and resolve Bug#48131 which only happened with perl -w:
      v1.28, v1.29
      1.30 - fix t/memleak_bad_handshake.t
      1.30_1 - make sure that idn_to_ascii is not called with identity 
containing \0
      1.30_3: make t/memleak_bad_handshake.t more stable
      1.31 - SSL_crl_file, SSL_VERIFY constants...
      removed svn-commit.tmp which should never have been checked in
      1.34: wildcards_in_cn for http, start_SSL does not close socket on failure
      1.35 - no fallback to verify_none if ca_* is not valid, instead throw 
      update SSL_verify_callback documentation
      let user explicitly set SSL_ca_{path,file} to undef
      1.38 - fixed setting for wildcards_in_cn from 1 to anywhere for http
      1.38_1 - make fileno on closed socket return undef
      fixed docu for http cn wildcard behavior
      version upgrade
      small fix in example/async_https_server
      added t/startssl-failed.t
      more fixes to async_https_server
      1.40 - IDN support from URI.
      v1.40_1 2011.05.09
      make 1.40_1 ->1.41, better error handling in t/nonblock.t
      1.42: add SSL_create_ctx_callback option
      1.43 - fix t/nonblock.t
      stability improvements t/inet6.t
      1.43_1 - try to make t/nonblock.t more stable
      1.44 - fix invalid call to inet_pton in verify_hostname_of_cert
      1.45 rewrite readline for better signal handling
      forgot to git add test for 1.45
      1.46 - disable t/signal-readline.t for windows
      1.47 fix os check in t/signal-readline.t
      1.47 - fix for readline introduced in 1.45
      1.49 - yet another readline regression. Add more tests to t/readline.t
      1.50 workaround t/nonblock.t for AIX
      1.52 fix syntax error in t/memleak_bad_handshake.t
      1.53 - fix child leak in memleak_bad_handshake.t when failing test
      1.54 - solved rt#73629 (unitialized warning)
      1.55 work around IO::Sockets work around for ystems returning EISCONN etc 
on connect retry
      1.56 added SNI support for client
      1.57 - fix t/dhe.t for openssl 1.0.1beta
      1.58 - disable workaround in  t/dhe.t for older openssl versions
      1.59 - useful error message on attempt to use unsupported SSLv2
      1.60 - doc update + fix readline for nonblocking socket
      Merge branch 'master' of
      1.61 rt#76053  automatically use CTX_set_session_id_context
      1.62 small fix to 1.61
      1.63 fix rt#76147 making Win32 tests more stable
      1.64 clarify verifycn_* behavior
      1.65 NPN support
      1.66 resolve bug with threads
      1.67 - more secure defaults, new key SSL_honor_cipher_order to mitigate 
      1.68 - remove sslv2 from default cipher list
      1.69 - reenabled workaround in t/dhe.t
      1.70 - make disabling protocols via SSL_version possible, default 
      1.71: 1.70 done right
      1.72 set DEFAULT_CIPHER_LIST to ALL:!LOW not HIGH:!LOW
      1.73 fixes to t/dhe.t to support more openssl versions
      1.74 - accept SSLv2/3 again at interpret it as SSLv23
      1.74_1 - integrate IO::Socket::IP (rt#75218)
      1.74_2 fix documentation of SSL_version, rt#77690
      1.75 - make it possible to disable TLS version 1.1 and 1.2
      1.76 - no longer depend on recent
      1.77 - rt#79916 - update_peer for IPv6
      work around systems were AF_INET6 is not defined
      fix format - change everything to sts=4 sw=4 ts=8, prev. formatting was 
mostly tab 8 with some tab 4
      moved to lib/IO/Socket/
      use getnameinfo instead of unpack_sockaddr_in6 to get PeerAddr and 
PeerPort from sockaddr in _update_peer, keeping scope
      1.79 - start migration to more secure default of SSL_verify_mode by 
issuing big warning, if current insecure default gets used
      1.80 - fixed tests so that don't hang anymore on windows rt#81493
      1.81 - cleanups..
      correct spelling of deprecated
      add link to github to Makefile.PL
      1.82 better error preserving
      - server side SNI
      much better documentation
      release as 1.83
      add more debugging for SNI
      1.83_1 - adapted and documented behavior of readline on non-blocking I/O
      1.84 with more stable client side SNI and better support/doc for SNI and 
      updated documentation
      update SEE ALSO and COPYRIGHT
      Merge pull request #3 from dsteinbrunner/master
      update Changes
      1.89 if IO::Socket::IP is used it should be at least version 0.20 to fix 
RT#81932 (HTTP::Daemon::SSL)
      added SSL interception
      - added test for intercepting feature
      Fix pod error in IO::Socket::SSL::Utils RT#85733
      set version of Intercept to 1.93, so that PAUSE indexer will index it 
      Makefile.PL: if the openssl versions looks to small show the detected 
version in the error message
      1.952 - fix t/acceptSSL-timeout.t on Win32, RT#86862
      1.953 - RT#87052 fix in
      Merge pull request #4 from crisman/doc-fix-schema
      Merge pull request #5 from crisman/more-net-ssleay-floor
      1.954 - accept older versions of ExtUtils::MakeMaker and add meta 
information like link to repository only for newer versions.
      1.955 - added support for ECDH key exchange with key SSL_ecdh_curve
      fixed Skipped message in t/ecdhe.t
      - cipher_list is now per context, not per SSL object, e.g. behavior 
change if
      support for handshake protocol TLSv11, TLSv12
      - fixed error in Utils::CERT_free (wrong free call)
      - rework verification schemes based on RFC 6125
      - change cipherlist to more secure
      - fixed t/core.t for older openssl versions
      remove workaround for very old IO::Socket::INET6, instead require fixed 
      release as 1.958
      1.959 - fix test core.t for windows
      1.960 - documentation enhancements
      further documentation enhancements specifically for non-blocking and 
event loops
      1.961 IO::Socket::SSL::Utils::CERT_create can now create CA-certificates 
which are not self-signed (by giving issuer_*)
      1.962 - work around problems with older F5 BIG-IP by offering fewer 
ciphers on the client side by default, so that the client hello stays below 255 
      - documentation enhancements:
      - documentation fix: consistent use of $client instead of sometimes
      documentation enhancements to new_from_fd
      1.964: get_sslversion* function, disabling TLS1_1 fixed
      1.965 - new option SSL_session_key to influence client-side session 
      Merge pull request #10 from scop/master
      WIP: ssl_fingerprint etc
      1.967: new option SSL_fingerprint, default scheme for verifying names, ...
      - require at least version 2.62 instead of 2.55 for IO::Socket::INET6
      1.968 - better support for usable CA path by default
      pod fix from rt#93907
      1.970 fix rt#93987
      new file example/ to check behavior of clients against 
various strange behavior
      1.971 - try to use SSL_hostname for hostname verification if no 
SSL_verifycn_name is given
      1.972 fix rt#94117 t/external/usable_ca.t when no SNI support
      small code cleanups
      1.973: option SSL_ca additionally to SSL_ca_{file,path}
      spelling error RT#94219
      1.974 new function peer_certificates, extend 
      1.975 - work around TEA integration on OS X
      1.976 - check wildcard certificates against public prefix
      1.977 RT#94424 IDN fixes
      1.978 RT#94424 again, fix test on older openssl version with no SNI 
      This is a combination of 2 commits.
      hostname check: 'leftmost' renamed to 'full_label'
      stability improvements for tests
      relased as 1.979
      disable elliptic curve support for openssl 1.0.1d on 64bit:
      1.980 fix fingerprint calculation
      update Changes for 1.980
      1.981 - fix ecdhe test for openssl 1.0.1d
      1.982 - fix for using subroutine as argument to set_args_filter_hack
      usable_ca.t: update for current fingerprints (changed after heartbleed), 
check that we have a usable CA for host in CA store
      1.983 - fix use of public suffix list RT#95317
      OCSP handling - works but needs test
      tool util/ to analyze SSL connections
      removed util/ - way too old to be useful anymore
      update Changes file
      util/ - fix version check, show usable SSL_version string - check if client or server decides over cipher preference
      update Net::SSLeay patch for ocsp (include test, update documentation) - changed handling of http_proxy starttls, fixes for 
soft_error in ocsp_resolver
      current OCSP patch for Net::SSLeay
      small OCSP fixes: fix starttls smtp, --CApath
      work around/together with OCSP responders, which do not reply to all 
single requests inside an OCSP request
      - OCSP resolver: add caching of soft errors + fix expiring if cache too 
      - don't add ocsp tlsext if server mode
      remove Net::SSLeay OCSP patch and instead refer to Net::SSLeay version 
      update Changes
      release as 1.984
      fix skip if fingerprint does not match in t/external/ocsp.t
      1.985: OCSP enhancements, RT#95633
      support for IP in common name for www verification scheme. Need to add 
tests for this.
      1.986 - allow IPv4 in CN for www/http scheme. Fix public suffix list 
      1.987 fix t/verify_hostname_standalone.t on systems without usable IDNA 
or IPv6
      NEEDS testing: transparent support for DER and PKCS12 files in 
certificate and key
      1.988 - transparent support for DER and PKCS12 files for key and cert
      document behavior regarding freeing certificates, when using multiple 
certificates in SSL_cert
      1.989  fix #95881
      1.989_1 #95967, work around temporary OCSP error in t/external/ocsp.t
      1.990 added option SSL_ocsp_staple_callback to get the stapled OCSP 
      1.991 new option SSL_OCSP_TRY_STAPLE to enforce staple request even if 
VERIFY_NONE - do hostname verification which scheme matching starttls. 
set verified to name-mismatch if not matches, show subjectAltnames in show-chain
      1.992 - set $! to undef before doing IO (accept, read..).
      - rework error handling to distinguish between SSL errors and internal 
      1.923 - major rewrite of documentation
      documentation fix after #96451
      1.994 - make socket switchable between plain and SSL with the same object
      fix documentation error RT#96765
      - refresh option for peer_certificate, so that it checks if the 
      Merge pull request #14 from frioux/patch-1
      1.995 - RT#95452: move initialization and creation of OpenSSL-internals 
into INIT section, so they get executed after compilation and perlcc is happy.
      1.996 move initialization out of INIT again because this breaks when used 
with require. Document work-arounds needed for perlcc
      1.997 - found way to detect when initialization was needed, so user needs 
no longer workarounds for perlcc
      add debug message on call to _internal_error or error
      update example/ssl_client,ssl_server
      Merge branch 'jelu-sni-enhancement'
      1.998 - redesign creation of SSL contexts, so that all contexts have CA 
path, verification callback etc
      accept PeerHost additionally to PeerAddr in all places, accept 
PeerService, enhance util/
      RT#98258 - make sure to set $/ to "\n" before using <$fh> in PublicSuffix
      make sure we don't use version 0.30 of IO::Socket::IP
      release as 1.999
      Merge pull request #18 from steve-m-hay/master
      update Changes after merge
      Solve Debian Bug#764868: with environment NO_NETWORK_TESTING set no 
external tests will be done.
      SSL3.0 is no longer allowed in default SSL_version because of POODLE
      2.000 - update documentation regarding disabled SSL3.0
      fix typo
      util/ - work around cloudflare behavior, where you get 
different ciphers with SNI then without
      make it work with 5.8.1 again
      update expected site fingerprints in t/external/*
      add SSL_OP_SINGLE_(DH|ECDH)_USE to default options to increase PFS 
      call it 2.001
      Update PublicSuffix with latest version from - lots of 
new top level domains.
      fix check for (invalid) IPv4 when validating hostname against 
certificate. Do not use aton any longer RT#99448
      release as 2.002
      use only ICANN part in public suffix list
      Propagate error if cert/key could not be used instead of continuing with 
an invalid context which might cause a segmentation fault
      skip io-socket-ip.t with IO::Socket::IP version 0.30 instead of failing
      max-cipher option for util/  Fix host parsing
      2.003 make SSLv3 accessible unless forbidden (default), even if the SSL 
library disables it by default in the context (LibreSSL)
      2.004 fix t/protocol_version.t to deal with OpenSSL installations which 
are compiled without SSLv3 support.
      2.005 next try to fix t/protocol_version.t for OpenSSL w/o SSLv3 support
      2.005_1: enable non-blocking support for windows, mainly by using 
      make PublicSuffix::_default_data thread safe by storing the default data 
inside a function inside within __DATA__
      Release as 2.006, update PublicSuffix with latest list from
      Utils: documentation fixes
      2.007 - implement getline/readline properly when not sslified (RT#100529)
      2.008 - fix test because of external errors. Small enhancements for
      fix #101020 (,
      util/ - analyze handshake compatibility - fix retry without SNI - fix for max_version, don't croak on anyonmous ciphers
      example/*.pl - sysread with 16k (max ssl frame size) to avoid issues with 
pending data
      util/ - compare sent chain certificates again used certificates 
and also display local root certificate
      reset $! after successful connect/accept with timeout
      dummy util/
      2.009 added ALPN support thanks to TEAM RT#101452
      t/protocol_version.t - fix in case SSLv3 is not supported in Net::SSLeay. 
      2.009 - new options SSL_client_ca_file and SSL_client_ca
      Merge pull request #21 from frioux/patch-2
      removed RC4 from default cipher suites on the server site
      Utils::CERT_create - add purpose client for non-CA certificates
      added option 'purpose' to Utils::CERT_create
      increase version in to 0.031
      removed RC4 from default cipher suites on the server site
      Utils::CERT_create - add purpose client for non-CA certificates
      added option 'purpose' to Utils::CERT_create
      increase version in to 0.031
      white space and intendation fixes
      replace various skip_all with fail, because these should fail
      don't use Test::More in t/alpn.t since it does not work with parent and 
forked child doing test output
      Merge branch 'Sweet-kid-use_Test_More'
      t/external/ocsp.t - don't count on using OCSP stapling
      release 2.011
      2.012 - fix t/ocsp.t in case no HTTP::Tiny is installed
      fixed Changes - last entries for 2014 should have been 2015 (thanks to 
Alvar Freude vor pointing out)
      Merge branch 'genio-master'
      updated Changes
      Merge pull request #28 from bluhm/alpn.t
      2.013 - rework error handling so that follow-up errors don't replace the 
original errors
      Merge pull request #32 from chorny/patch-1
      t/01loadmodule.t - add also version of @ISA module to diagnostics
      explicit check that IPv6 address only contains hex,'.' and ':' because
      2.015 - work around problem with IO::Socket::INET6 on windows in tests by 
enforcing AF_INET as Domain
      accept Domain and Family argument, so it does not matter if the 
superclass uses Family (IO::Socket::IP) or Domain (IO::Socket::INET6)
      update documentation to make it more clear where to get the X509* and 
EV_PKEY* objects for SSL_ca, SSL_cert and SSL_key
      add better debugging based on a patch from H.Merijn Brand
      make t/memleak_bad_handshake.t work on cygwin and other systems having 
/proc/pid/statm., see RT#104659
      make some tests work with older Test::More w/o done_testing
      update version to 2.015_001
      removed wrong domain AF_INET from t/io-socket-ip.t
      2.015_003  work around hanging prompt() with older perl in Makefile.PL 
      2.015_004 - fix handling of default for yesno in Makefile.PL
      2.015_005 add flag X509_V_FLAG_TRUSTED_FIRST by default if available, 
      another try with X509_V_FLAG_TRUSTED_FIRST
      relase as 2.016
      2.016_001 - support different ciphers for SNI hosts
      2.016_002 - enforce default verification scheme if none was specified 
instead of just warning if name is wrong (i.e. hard fail vs. soft fail)
      add more detail to example in documentation to show that the user must do 
the SMTP dialogs by itself (RT#105936)
      Merge pull request #35 from andygrundman/master
      fix _update_peer for IPv6 (wrong use of getnameinfo)
      remove -r for checking SSL_{cert,key}_file since this will cause a usable 
error later anywy if file does not exist.
      added interface sock_certificate to get local certificate  as suggest in 
      check with open/opendir if SSL_ca_file/path is accessible. RT#106295
      catch cases where SSL_verify_mode is used with string instead number.
      2.018 - RT#106687 - startssl.t failed on darwin with old openssl since 
      2.019 work around different behavior of getnameinfo from Socket and 
      Merge pull request #34 from jwilk/typos
      2.020 support multiple directories in SSL_ca_path as proposed in RT#106711
      Merge pull request #36 from DavsX/doc/non_blocking_documentation_fix
      make documentation more clear regarding enforcing IPv4
      update public suffix list with latest version, adapt tests to changed list
      Merge pull request #38 from jwilk/spelling
      2.021  update PublicSuffix again before new release
      2.022 fix stringification of IPv6 inside subjectAltNames in 
Utils::CERT_asHash, RT#110253
      Merge pull request #39 from jwilk/spelling
      2.023 - work around changes in OpenSSL 1.0.2f regarding SSL_shutdown
      small documentation fixes for Intercept
      Fix calls to X509_NAME_add_entry_by_txt in Utils::CREATE_cert in case
      Intercept: ignore unknown extensions (unknown nid,sn) when cloning
      2.024 - work around issue with AI_ADDRCONFIG default an IO::Socket::IP,
      2.025 Resolved memleak if SSL_crl_file was used: RT#113257, RT#113530
      2.027 - only included changes for 2.027 in Changes file
      example/ - make it clear that client certificates are only 
      support for creating ECC keys in IO::Socket::SSL::Utils once supported by 
      assume that Net::SSLeay::P_PKCS12_load_file will return the CA 
certificates with
      Utils::CERT_create - don't add given extensions again if they were already
      2.031 fix for bug in session handling introduced in 2.031, RT#115975
      - support for session ticket reuse over multiple contexts and processes
      release as 2.033
      Merge pull request #44 from choroba/master
      describe problem with validating self-signed non-CA certificates
      update expected certificate fingerprints for external tests
      switched to different hosts for live OCSP tests in the hope that these
      apply (configurable) global settings after builtin default settings
      configure_SSL: return if context creation failed, might result in 
segfault otherwise
      released as 2.035
      2.036 - set can_ocsp to false for Net::SSLeay 1.75..1.77, see RT#116795
      forgot Changes information
      - don't check if SSL_key_file and SSL_cert_file are files, instead just
      Merge pull request #47 from odenbach/serial
      testlib: clear __DIE__ handler in child
      Fix number used for SSLEAY_DIR/OPENSSL_DIR since this changed with 
OpenSSL 1.1.
      release as 2.040
      2.041 disable session ticket callback for now until the feature is
      2.042 - enable session ticket callback with Net::SSLeay>=1.80
      2.043 - make t/session_ticket.t work with OpenSSL 1.1.0.
      2.044  protect various 'eval'-based capability detections at startup with 
a localized
      fix memory leak with %CREATED_IN_THIS_THREAD based on pull request
      Merge pull request #52 from jwilk/spelling
      Merge pull request #53 from hubandr/handshake_failed_stop_ssl
      optimization: don't track SSL objects and CTX in *CREATED_IN_THIS_THREAD 
if perl is compiled w/o thread support
      when setting SSL_keepSocketOnError to true the socket will not be closed 
on fatal error
      release as 2.045
      2.046 cleanup everything in DESTROY and make sure to start with a fresh 
%{*self} in configure_SSL

Steve Hay (1):
      Better skipping of tests requiring fork()

Upasana (1):
      ported some tests to use Test::More

Ville Skyttä (1):
      Spelling fixes

fREW Schmidt (3):
      Fix some typos and grammar issues
      Minor pod fixes
      Minor pod fixes

steffen (30):
      git-svn-id: file:///home/steffen/SVN/p5-io-socket-ssl@1 
      - new certificates in certs/ which are more current
      update wildcard cert
      version 1.13_2
      - update Changes
      - automatic verification of hostnames with SSL_verifycn_scheme and
      small fix in import
      - clarified and enhanced debugging supppport based on bugreport
      hopefully fix t/auto_verify_hostname by changing behavior on SSL error
      change code for SSL_check_crl to use X509_STORE_set_flags instead of
      - change opened() to report -1 if the IO::Handle is open, but the
      - better IPv6 support, enabled by default if IO::Socket::INET6
      v.16_2   2008.09.24
      +v.16_3   2008.09.25
      - make version 1.17, no code changes
      +v1.21 2009.01.22
      v1.22 2009.01.24
      delete META.yml from rep and MANIFEST, let it be created from Makefile.PL
      new test certificates, old expired
      checkin myca
      - if neither SSL_ca_file nor SSL_ca_path are known don't check cert but 
      warnings fix
      - renew certs
      version 1.32 and 1.33


This annotated tag includes the following new commits:

       new  187d4c1   Merge tag 'upstream/2.046'
       new  3d49223   Update debian/changelog
       new  d379506   Prepare changelog for release

The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.

Alioth's /usr/local/bin/git-commit-notice on 

Pkg-perl-cvs-commits mailing list

Reply via email to