commit perl-IO-Socket-SSL for openSUSE:Factory

27 Aug 2009

Hello community,

here is the log from the commit of package perl-IO-Socket-SSL for openSUSE:Factory
checked in at Fri Aug 28 00:36:45 CEST 2009.


--------

--- perl-IO-Socket-SSL/perl-IO-Socket-SSL.changes	2009-04-06 13:58:47.000000000 +0200
+++ perl-IO-Socket-SSL/perl-IO-Socket-SSL.changes	2009-08-03 17:07:07.000000000 +0200
@@ -1,0 +2,19 @@
+Mon Aug  3 16:01:26 CEST 2009 - anicka@suse.cz
+
+- update to 1.27
+ * changed possible local/utf-8 depended \w in some regex against more
+   explicit [a-zA-Z0-9_]. Fixed one regex, where it assumed, that service
+   names can't have '-' inside
+ * fixed bug https://rt.cpan.org/Ticket/Display.html?id=48131
+   where eli[AT]dvns[DOT]com reported warnings when perl -w was used.
+   While there made it more aware of errors in Net::ssl_write_all (return
+   undef not 0 in generic_write)
+ * SECURITY BUGFIX! 
+   fix Bug in verify_hostname_of_cert where it matched only the prefix for 
+   the hostname when no wildcard was given, e.g. www.example.org matched
+   against a certificate with name www.exam in it
+   Thanks to MLEHMANN for reporting
+ * t/nonblock.t: increase number of bytes written to fix bug with OS X 10.5
+   https://rt.cpan.org/Ticket/Display.html?id=47240
+
+-------------------------------------------------------------------

calling whatdependson for head-i586


Old:
----
  IO-Socket-SSL-1.24.tar.bz2

New:
----
  IO-Socket-SSL-1.27.tar.bz2

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ perl-IO-Socket-SSL.spec ++++++
--- /var/tmp/diff_new_pack.Xf1O44/_old	2009-08-28 00:34:01.000000000 +0200
+++ /var/tmp/diff_new_pack.Xf1O44/_new	2009-08-28 00:34:01.000000000 +0200
@@ -1,5 +1,5 @@
 #
-# spec file for package perl-IO-Socket-SSL (Version 1.24)
+# spec file for package perl-IO-Socket-SSL (Version 1.27)
 #
 # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
@@ -20,7 +20,7 @@
 
 Name:           perl-IO-Socket-SSL
 BuildRequires:  perl-Net-SSLeay perl-libwww-perl
-Version:        1.24
+Version:        1.27
 Release:        1
 Provides:       p_iossl
 Obsoletes:      p_iossl
@@ -28,7 +28,7 @@
 Requires:       perl = %{perl_version}
 AutoReqProv:    on
 Group:          Development/Libraries/Perl
-License:        Artistic License
+License:        Artistic License ..
 Url:            http://cpan.org/modules/by-module/IO
 Summary:        IO::Socket::SSL Perl Module
 Source:         IO-Socket-SSL-%{version}.tar.bz2

++++++ IO-Socket-SSL-1.24.tar.bz2 -> IO-Socket-SSL-1.27.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/IO-Socket-SSL-1.24/Changes new/IO-Socket-SSL-1.27/Changes
--- old/IO-Socket-SSL-1.24/Changes	2009-04-01 09:51:52.000000000 +0200
+++ new/IO-Socket-SSL-1.27/Changes	2009-07-24 08:30:39.000000000 +0200
@@ -1,4 +1,23 @@
 
+v1.27 2009.07.24
+- changed possible local/utf-8 depended \w in some regex against more
+  explicit [a-zA-Z0-9_]. Fixed one regex, where it assumed, that service
+  names can't have '-' inside
+- fixed bug https://rt.cpan.org/Ticket/Display.html?id=48131
+  where eli[AT]dvns[DOT]com reported warnings when perl -w was used.
+  While there made it more aware of errors in Net::ssl_write_all (return
+  undef not 0 in generic_write)
+v1.26 2009.07.03
+- SECURITY BUGFIX! 
+  fix Bug in verify_hostname_of_cert where it matched only the prefix for 
+  the hostname when no wildcard was given, e.g. www.example.org matched
+  against a certificate with name www.exam in it
+  Thanks to MLEHMANN for reporting
+
+v1.25 2009.07.02
+- t/nonblock.t: increase number of bytes written to fix bug with OS X 10.5
+  https://rt.cpan.org/Ticket/Display.html?id=47240
+
 v1.24 2009.04.01
 - add verify hostname scheme ftp, same as http
 - renew test certificates again (root CA expired, now valid for 10 years)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/IO-Socket-SSL-1.24/META.yml new/IO-Socket-SSL-1.27/META.yml
--- old/IO-Socket-SSL-1.24/META.yml	2009-04-01 10:00:50.000000000 +0200
+++ new/IO-Socket-SSL-1.27/META.yml	2009-07-24 08:35:37.000000000 +0200
@@ -1,6 +1,6 @@
 --- #YAML:1.0
 name:                IO-Socket-SSL
-version:             1.24
+version:             1.27
 abstract:            Nearly transparent SSL encapsulation for IO::Socket::INET.
 license:             ~
 author:              
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/IO-Socket-SSL-1.24/SSL.pm new/IO-Socket-SSL-1.27/SSL.pm
--- old/IO-Socket-SSL-1.24/SSL.pm	2009-04-01 09:48:35.000000000 +0200
+++ new/IO-Socket-SSL-1.27/SSL.pm	2009-07-24 08:16:09.000000000 +0200
@@ -66,7 +66,7 @@
 	}) {
 		@ISA = qw(IO::Socket::INET);
 	}
-	$VERSION = '1.24';
+	$VERSION = '1.27';
 	$GLOBAL_CONTEXT_ARGS = {};
 
 	#Make $DEBUG another name for $Net::SSLeay::trace
@@ -253,7 +253,7 @@
 		my $host = $arg_hash->{SSL_verifycn_name};
 		if (not defined($host)) {
 			if ( $host = $arg_hash->{PeerAddr} || $arg_hash->{PeerHost} ) {
-				$host =~s{:\w+$}{};
+				$host =~s{:[a-zA-Z0-9_\-]+$}{};
 			}
 		}
 		$host ||= ref($vcn_scheme) && $vcn_scheme->{callback} && 'unknown';
@@ -645,11 +645,14 @@
 	my $written;
 	if ( $write_all ) {
 		my $data = $length < $buf_len-$offset ? substr($$buffer, $offset, $length) : $$buffer;
-		$written = Net::SSLeay::ssl_write_all($ssl, $data);
+		($written, my $errs) = Net::SSLeay::ssl_write_all($ssl, $data);
+		# ssl_write_all returns number of bytes written
+		$written = undef if ! $written && $errs;
 	} else {
 		$written = Net::SSLeay::write_partial( $ssl,$offset,$length,$$buffer );
+		# write_partial does SSL_write which returns -1 on error
+		$written = undef if $written < 0;
 	}
-	$written = undef if $written < 0; # Net::SSLeay::write returns -1 not undef on error
 	if ( !defined($written) ) {
 		$self->_set_rw_error( $ssl,-1 )
 			|| $self->error("SSL write error");
@@ -1077,8 +1080,8 @@
 			 # definitly no hostname, try IPv4
 			$ip4 = inet_aton( $identity ) or croak "'$identity' is not IPv4, but neither IPv6 nor hostname";
 		} else {
-			# assume hostname
-			if ( $identity !~m{^[a-zA-Z0-9-_\.]+$} ) {
+			# assume hostname, check for umlauts etc
+			if ( $identity =~m{[^a-zA-Z0-9_.\-]} ) {
 				$identity = idn_to_ascii($identity) or
 					croak "Warning: Given name '$identity' could not be converted to IDNA!";
 			}
@@ -1095,12 +1098,12 @@
 			# The RFCs are in this regard unspecific but we don't want to have to
 			# deal with certificates like *.com, *.co.uk or even *
 			# see also http://nils.toedtmann.net/pub/subjectAltName.txt
-			if ( $wtyp eq 'anywhere' and $name =~m{^([\w\-]*)\*(.+)} ) {
-				$pattern = qr{^\Q$1\E[\w\-]*\Q$2\E$}i;
+			if ( $wtyp eq 'anywhere' and $name =~m{^([a-zA-Z0-9_\-]*)\*(.+)} ) {
+				$pattern = qr{^\Q$1\E[a-zA-Z0-9_\-]*\Q$2\E$}i;
 			} elsif ( $wtyp eq 'leftmost' and $name =~m{^\*(\..+)$} ) {
-				$pattern = qr{^[\w\-]*\Q$1\E$}i;
+				$pattern = qr{^[a-zA-Z0-9_\-]*\Q$1\E$}i;
 			} else {
-				$pattern = qr{^\Q$name}i;
+				$pattern = qr{^\Q$name\E$}i;
 			}
 			return $identity =~ $pattern;
 		};
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/IO-Socket-SSL-1.24/t/nonblock.t new/IO-Socket-SSL-1.27/t/nonblock.t
--- old/IO-Socket-SSL-1.24/t/nonblock.t	2009-01-22 22:44:47.000000000 +0100
+++ new/IO-Socket-SSL-1.27/t/nonblock.t	2009-07-02 20:12:20.000000000 +0200
@@ -161,7 +161,7 @@
 	}
 
 	# send some data
-	# we send up to 100000 bytes, server reads first 10 bytes and then sleeps
+	# we send up to 500000 bytes, server reads first 10 bytes and then sleeps
 	# before reading more. In total server only reads 30000 bytes 
 	# the sleep will cause the internal buffers to fill up so that the syswrite
 	# should return with EAGAIN+SSL_WANT_WRITE.
@@ -171,7 +171,7 @@
 	$attempts = 0;
 	my $bytes_send = 0;
 
-	# set send buffer to 8192 so it will definitly fail writing all 100000 bytes in it
+	# set send buffer to 8192 so it will definitly fail writing all 500000 bytes in it
 	# linux allocates twice as much (see tcp(7)) but it's small enough anyway
 	eval q{ 
 	    setsockopt( $to_server, SOL_SOCKET, SO_SNDBUF, pack( "I",8192 ));
@@ -184,7 +184,7 @@
 	}
 
 	WRITE:
-	for( my $i=0;$i<10000;$i++ ) {
+	for( my $i=0;$i<50000;$i++ ) {
 	    my $offset = 0;
 	    while (1) {
 		my $n = syswrite( $to_server,$msg,length($msg)-$offset,$offset );
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/IO-Socket-SSL-1.24/t/verify_hostname.t new/IO-Socket-SSL-1.27/t/verify_hostname.t
--- old/IO-Socket-SSL-1.24/t/verify_hostname.t	2009-04-01 09:46:52.000000000 +0200
+++ new/IO-Socket-SSL-1.27/t/verify_hostname.t	2009-07-03 09:33:29.000000000 +0200
@@ -25,7 +25,7 @@
 	( eval { require Net::LibIDN } || eval { require Net::IDN::Encode } );
 
 $|=1;
-my $max = 37;
+my $max = 40;
 $max+=3 if $can_idn;
 print "1..$max\n";
 
@@ -88,6 +88,7 @@
 		'www-13.lala.other.local' => [],
 		'smtp.mydomain.local' => [qw(smtp ldap www)],
 		'xn--lwe-sna.idntest.local' => [qw(smtp ldap www)],
+		'smtp.mydomain.localizing.useless.local' => [],
 	);
 	if ( $can_idn ) {
 		# check IDN handling


++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



Remember to have fun...

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org

    

commit perl-IO-Socket-SSL for openSUSE:Factory

root＠Hilbert.suse.de