Hello community, here is the log from the commit of package perl-IO-Socket-SSL for openSUSE:12.1:Update:Test checked in at 2011-12-02 18:05:32 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.1:Update:Test/perl-IO-Socket-SSL (Old) and /work/SRC/openSUSE:12.1:Update:Test/.perl-IO-Socket-SSL.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "perl-IO-Socket-SSL", Maintainer is "VCizek@suse.com" Changes: -------- New Changes file: --- /dev/null 2010-08-26 16:28:41.000000000 +0200 +++ /work/SRC/openSUSE:12.1:Update:Test/.perl-IO-Socket-SSL.new/perl-IO-Socket-SSL.changes 2011-12-02 18:05:33.000000000 +0100 @@ -0,0 +1,486 @@ +------------------------------------------------------------------- +Fri Dec 2 12:10:32 UTC 2011 - vcizek@suse.com + +- update to 1.49 (bnc#732156) +- another regression for readline fix, this time it failed to return lines + at eof which don't end with newline. Extended t/readline.t to catch this +- bugfix for readline fix in 1.45. If the pending data where false + (like '0') it failed to read rest of line. + Thanks to Victor Popov for reporting + https://rt.cpan.org/Ticket/Display.html?id=71953 + fix for 1.46 - check for mswin32 needs to be /i. Thanks to + Alexandr Ciornii for reporting + - added test for signals + +------------------------------------------------------------------- +Mon Oct 17 01:35:42 UTC 2011 - vcizek@suse.com + +- update to 1.45 +- fix readline to continue when getting interrupt waiting for more + data. Thanks to kgc[AT]corp[DOT]sonic[DOT]net for reporting problem + +------------------------------------------------------------------- +Fri May 27 20:07:41 UTC 2011 - pascal.bleser@opensuse.org + +- update to 1.44: + * fix invalid call to inet_pton in verify_hostname_of_cert when identity + should be verified as ipv6 address, because it contains colon + +------------------------------------------------------------------- +Wed May 11 10:45:47 UTC 2011 - pascal.bleser@opensuse.org + +- update to 1.43: no user-visible changes: fixes in testsuite + +------------------------------------------------------------------- +Tue May 10 19:18:51 UTC 2011 - pascal.bleser@opensuse.org + +- update to 1.42: + * add SSL_create_ctx_callback to have a way to adjust context on creation + RT#67799 + * describe problem of fake memory leak because of big session cache and how + to fix it, see RT#68073 + +- changes from 1.41: + * fix issue in stop_SSL where it did not issue a shutdown of the SSL + connection if it first received the shutdown from the other side + +------------------------------------------------------------------- +Wed May 4 10:55:36 UTC 2011 - coolo@opensuse.org + +- updated to 1.40 + - integrated patch from GAAS to get IDN support from URI. + https://rt.cpan.org/Ticket/Display.html?id=67676 + - fix in exampel/async_https_server. + Thanks to DetlefPilzecker[AT]web[DOT]de for reporting + +------------------------------------------------------------------- +Fri Mar 4 16:34:20 UTC 2011 - vcizek@novell.com + +- update to 1.39 + - fixed documentation of http verification: wildcards in cn is allowed + - close should undef _SSL_fileno, because the fileno is no longer + valid (SSL connection and socket are closed) + +------------------------------------------------------------------- +Wed Jan 19 15:49:23 UTC 2011 - vcizek@novell.com + +- update to 1.38 +- fixed wildcards_in_cn setting for http (wrongly set in 1.34 to 1 + instead of anywhere). Thanks to dagolden[AT]cpan[DOT]org for + reporting + https://rt.cpan.org/Ticket/Display.html?id=64864 + +------------------------------------------------------------------- +Thu Dec 16 13:34:57 CET 2010 - anicka@suse.cz + +- update to 1.37 + * don't complain about invalid certificate locations if user + explicitly set SSL_ca_path and SSL_ca_file to undef. Assume that + user knows what he is doing and will work around the problems + by itself. + * update documentation for SSL_verify_callback based on + +------------------------------------------------------------------- +Tue Dec 7 15:02:25 CET 2010 - anicka@suse.cz + +- update to 1.35 (fixes bnc#657907) + * if verify_mode is not VERIFY_NONE and the ca_file/ca_path cannot + be verified as valid it will no longer fall back to VERIFY_NONE + but throw an error. + +------------------------------------------------------------------- +Wed Dec 1 13:33:05 UTC 2010 - coolo@novell.com + +- switch to perl_requires macro + +------------------------------------------------------------------- +Wed Nov 24 21:12:12 UTC 2010 - chris@computersalat.de + +- recreated by cpanspec 1.78 + o fix deps +- noarch pkg +- removed Obsoletes/Provides p_iossl + +------------------------------------------------------------------- +Mon Nov 1 13:09:07 CET 2010 - anicka@suse.cz + +- update to 1.34 + * schema http for certificate verification changed to + wildcards_in_cn=1, because according to rfc2818 this is valid + and also seen in the wild + * if upgrading socket from inet to ssl fails due to handshake + problems the socket gets downgraded, but is still open. + * depreceate kill_socket, just use close() + +------------------------------------------------------------------- +Thu Mar 25 17:42:20 CET 2010 - anicka@suse.cz + +- update to 1.33 + * attempt to make t/memleak_bad_handshake.t more stable, it fails + for unknown reason on various systems + * fix hostname checking: an IP should only be checked against + subjectAltName GEN_IPADD, never against GEN_DNS or CN. + +------------------------------------------------------------------- +Tue Feb 23 16:22:22 CET 2010 - anicka@suse.cz + +- update to 1.32 + * Makefile.PL: die if Scalar::Util has no dualvar support instead of + only complaining. + +------------------------------------------------------------------- +Wed Jan 13 16:34:59 CET 2010 - anicka@suse.cz + +- update to 1.31 + * add and export constants for SSL_VERIFY_* + * set SSL_use_cert if cert is given and not SSL_server + * support alternative CRL file with SSL_crl_file thanks to patch of + w[DOT]phillip[DOT]moore[AT]gmail[DOT]com + * make t/memleak_bad_handshake.t more stable (increase listen queue, + ignore errors on connect, don't run on windows..) + * t/memleak_bad_handshake.t don't write errors with ps to stderr, + -o vsize argument is not supported on all platforms, just skip + test then + * make sure that idn_to_ascii gets no \0 bytes from identity, because + it simply cuts the string their (using C semantics). Not really a + security problem because IDN like identity is provided by user in + hostname, not by certificate. + * fix test t/memleak_bad_handshake.t + * fixed thanks for version 1.28 + * fix memleak when SSL handshake failed. + +------------------------------------------------------------------- +Sun Jan 10 15:43:32 CET 2010 - jengelh@medozas.de + +- enable parallel build + +------------------------------------------------------------------- +Mon Aug 3 16:01:26 CEST 2009 - anicka@suse.cz + +- update to 1.27 + * changed possible local/utf-8 depended \w in some regex against more + explicit [a-zA-Z0-9_]. Fixed one regex, where it assumed, that service + names can't have '-' inside + * fixed bug https://rt.cpan.org/Ticket/Display.html?id=48131 + where eli[AT]dvns[DOT]com reported warnings when perl -w was used. + While there made it more aware of errors in Net::ssl_write_all (return + undef not 0 in generic_write) + * SECURITY BUGFIX! + fix Bug in verify_hostname_of_cert where it matched only the prefix for + the hostname when no wildcard was given, e.g. www.example.org matched + against a certificate with name www.exam in it + Thanks to MLEHMANN for reporting + * t/nonblock.t: increase number of bytes written to fix bug with OS X 10.5 + https://rt.cpan.org/Ticket/Display.html?id=47240 + +------------------------------------------------------------------- +Mon Apr 6 13:45:00 CEST 2009 - anicka@suse.cz + +- update to 1.24 + * add verify hostname scheme ftp, same as http + * renew test certificates again (root CA expired, now valid for + 10 years) + +------------------------------------------------------------------- +Mon Feb 23 16:49:53 CET 2009 - anicka@suse.cz + +- update to 1.23 + * if neither SSL_ca_file nor SSL_ca_path are known (e.g not given + and the default values have no existing file|path) disable + checking of certificates, but carp about the problem + * new test certificates, the old ones expired and caused tests + to fail + * Net::SSLeay stores verify callbacks inside hash and never clears + them, so set verify callback to NULL in destroy of context + +------------------------------------------------------------------- +Tue Jan 20 17:50:47 CET 2009 - anicka@suse.cz ++++ 289 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:12.1:Update:Test/.perl-IO-Socket-SSL.new/perl-IO-Socket-SSL.changes New: ---- IO-Socket-SSL-1.49.tar.gz _link perl-IO-Socket-SSL.changes perl-IO-Socket-SSL.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ perl-IO-Socket-SSL.spec ++++++ # # spec file for package perl-IO-Socket-SSL # # Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: perl-IO-Socket-SSL Version: 1.49 Release: 1 License: GPL+ or Artistic %define cpan_name IO-Socket-SSL Summary: Nearly transparent SSL encapsulation for IO::Socket::INET Url: http://search.cpan.org/dist/IO-Socket-SSL/ Group: Development/Libraries/Perl Source: http://www.cpan.org/authors/id/S/SU/SULLR/%{cpan_name}-%{version}.tar.gz BuildRequires: perl # MANUAL BEGIN BuildRequires: perl(IO::Socket::INET6) BuildRequires: perl(Net::LibIDN) BuildRequires: perl(Net::SSLeay) >= 1.21 BuildRequires: perl-macros Requires: perl(Net::SSLeay) >= 1.21 Recommends: perl(IO::Socket::INET6) Recommends: perl(Net::LibIDN) BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArch: noarch # MANUAL END %{perl_requires} %description This module is a true drop-in replacement for IO::Socket::INET that uses SSL to encrypt data before it is transferred to a remote server or client. IO::Socket::SSL supports all the extra features that one needs to write a full-featured SSL client or server application: multiple SSL contexts, cipher selection, certificate verification, and SSL version selection. As an extra bonus, it works perfectly with mod_perl. If you have never used SSL before, you should read the appendix labelled 'Using SSL' before attempting to use this module. If you have used this module before, read on, as versions 0.93 and above have several changes from the previous IO::Socket::SSL versions (especially see the note about return values). If you are using non-blocking sockets read on, as version 0.98 added better support for non-blocking. If you are trying to use it with threads see the BUGS section. %prep %setup -q -n %{cpan_name}-%{version} %build perl Makefile.PL INSTALLDIRS=vendor make %{?_smp_mflags} %install %perl_make_install %perl_process_packlist %perl_gen_filelist %clean rm -rf %{buildroot} %files -f %{name}.files %defattr(-,root,root,755) %doc BUGS Changes README %changelog ++++++ _link ++++++ <link project="openSUSE:12.1" package="perl-IO-Socket-SSL" baserev="ee259b24b5c59fa8c684738ca42b3049"> <patches> <branch/> </patches> </link> -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org