Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package perl-IO-Socket-SSL for openSUSE:Factory checked in at 2024-07-05 19:45:16 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/perl-IO-Socket-SSL (Old) and /work/SRC/openSUSE:Factory/.perl-IO-Socket-SSL.new.2080 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "perl-IO-Socket-SSL" Fri Jul 5 19:45:16 2024 rev:101 rq:1185405 version:2.86.0 Changes: -------- --- /work/SRC/openSUSE:Factory/perl-IO-Socket-SSL/perl-IO-Socket-SSL.changes 2024-03-28 14:03:53.186440930 +0100 +++ /work/SRC/openSUSE:Factory/.perl-IO-Socket-SSL.new.2080/perl-IO-Socket-SSL.changes 2024-07-05 19:50:07.088031743 +0200 @@ -1,0 +2,10 @@ +Wed Jul 3 16:49:59 UTC 2024 - Tina Müller <tina.mueller@suse.com> + +- updated to 2.86.0 (2.086) + see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes + + 2.086 2024/07/03 + - internal optimzation: implement _touch_entry in session cache instead + of using del+add. + +------------------------------------------------------------------- Old: ---- IO-Socket-SSL-2.085.tar.gz New: ---- IO-Socket-SSL-2.086.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ perl-IO-Socket-SSL.spec ++++++ --- /var/tmp/diff_new_pack.KucUyV/_old 2024-07-05 19:50:09.988138475 +0200 +++ /var/tmp/diff_new_pack.KucUyV/_new 2024-07-05 19:50:10.028139947 +0200 @@ -18,10 +18,10 @@ %define cpan_name IO-Socket-SSL Name: perl-IO-Socket-SSL -Version: 2.85.0 +Version: 2.86.0 Release: 0 -# 2.085 -> normalize -> 2.85.0 -%define cpan_version 2.085 +# 2.086 -> normalize -> 2.86.0 +%define cpan_version 2.086 License: Artistic-1.0 OR GPL-1.0-or-later Summary: Nearly transparent SSL encapsulation for IO::Socket::INET URL: https://metacpan.org/release/%{cpan_name} @@ -106,5 +106,5 @@ %perl_gen_filelist %files -f %{name}.files -%doc BUGS Changes docs example README README.Win32 +%doc BUGS Changes docs example README ++++++ IO-Socket-SSL-2.085.tar.gz -> IO-Socket-SSL-2.086.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/IO-Socket-SSL-2.085/Changes new/IO-Socket-SSL-2.086/Changes --- old/IO-Socket-SSL-2.085/Changes 2024-01-22 20:05:51.000000000 +0100 +++ new/IO-Socket-SSL-2.086/Changes 2024-07-03 13:28:52.000000000 +0200 @@ -1,3 +1,6 @@ +2.086 2024/07/03 +- internal optimzation: implement _touch_entry in session cache instead + of using del+add. 2.085 2024/01/22 - #147 fix test which failed due to behavior changes in OpenSSL 3.2 - update PublicSuffix @@ -192,10 +195,10 @@ which now no longer works 2.052 2017/10/22 - disable NPN support if LibreSSL>=2.6.1 is detected since they've replaced the - functions with dummies instead of removing NPN completly or setting + functions with dummies instead of removing NPN completely or setting OPENSSL_NO_NEXTPROTONEG - t/01loadmodule.t shows more output helpful in debugging problems -- update fingerprints for extenal tests +- update fingerprints for external tests - update documentation to make behavior of syswrite more clear 2.051 2017/09/05 - syswrite: if SSL_write sets SSL_ERROR_SYSCALL but no $! (as seen with diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/IO-Socket-SSL-2.085/MANIFEST new/IO-Socket-SSL-2.086/MANIFEST --- old/IO-Socket-SSL-2.085/MANIFEST 2024-01-22 20:06:34.000000000 +0100 +++ new/IO-Socket-SSL-2.086/MANIFEST 2024-07-03 14:10:23.000000000 +0200 @@ -15,7 +15,6 @@ Makefile.PL MANIFEST This list of files README -README.Win32 t/01loadmodule.t t/acceptSSL-timeout.t t/alpn.t diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/IO-Socket-SSL-2.085/META.json new/IO-Socket-SSL-2.086/META.json --- old/IO-Socket-SSL-2.085/META.json 2024-01-22 20:06:34.000000000 +0100 +++ new/IO-Socket-SSL-2.086/META.json 2024-07-03 14:10:23.000000000 +0200 @@ -52,6 +52,6 @@ "url" : "https://github.com/noxxi/p5-io-socket-ssl" } }, - "version" : "2.085", + "version" : "2.086", "x_serialization_backend" : "JSON::PP version 4.06" } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/IO-Socket-SSL-2.085/META.yml new/IO-Socket-SSL-2.086/META.yml --- old/IO-Socket-SSL-2.085/META.yml 2024-01-22 20:06:34.000000000 +0100 +++ new/IO-Socket-SSL-2.086/META.yml 2024-07-03 14:10:23.000000000 +0200 @@ -27,5 +27,5 @@ homepage: https://github.com/noxxi/p5-io-socket-ssl license: http://dev.perl.org/licenses/ repository: https://github.com/noxxi/p5-io-socket-ssl -version: '2.085' +version: '2.086' x_serialization_backend: 'CPAN::Meta::YAML version 0.018' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/IO-Socket-SSL-2.085/README.Win32 new/IO-Socket-SSL-2.086/README.Win32 --- old/IO-Socket-SSL-2.085/README.Win32 2023-11-04 17:10:35.000000000 +0100 +++ new/IO-Socket-SSL-2.086/README.Win32 1970-01-01 01:00:00.000000000 +0100 @@ -1,6 +0,0 @@ -The underlying IO::Socket::INET does not support non-blocking sockets on -Win32, thus non-blocking IO::Socket::SSL is not supported on Win32, which -means also, that timeouts don't work (because they are based on -non-blocking). -See also http://www.perlmonks.org/?node_id=378675 - diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/IO-Socket-SSL-2.085/lib/IO/Socket/SSL/Intercept.pm new/IO-Socket-SSL-2.086/lib/IO/Socket/SSL/Intercept.pm --- old/IO-Socket-SSL-2.085/lib/IO/Socket/SSL/Intercept.pm 2023-11-04 17:10:35.000000000 +0100 +++ new/IO-Socket-SSL-2.086/lib/IO/Socket/SSL/Intercept.pm 2024-04-11 09:14:13.000000000 +0200 @@ -346,7 +346,7 @@ call C<sub> without arguments to create a new C<< (cert,key) >>, store it and return it. If called with C<< $cache->('type') >> the function should just return 1 to -signal that it supports the current type of cache. If it reutrns nothing +signal that it supports the current type of cache. If it returns nothing instead the older cache interface is assumed for compatibility reasons. =back @@ -362,7 +362,7 @@ =item B<< $string = $mitm->serialize >> This creates a serialized version of the object (e.g. a string) which can then -be used to persistantly store created certificates over restarts of the +be used to persistently store created certificates over restarts of the application. The cache will only be serialized if it is a HASH. To work together with L<Storable> the C<STORABLE_freeze> function is defined to call C<serialize>. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/IO-Socket-SSL-2.085/lib/IO/Socket/SSL.pm new/IO-Socket-SSL-2.086/lib/IO/Socket/SSL.pm --- old/IO-Socket-SSL-2.085/lib/IO/Socket/SSL.pm 2024-01-22 19:48:15.000000000 +0100 +++ new/IO-Socket-SSL-2.086/lib/IO/Socket/SSL.pm 2024-07-03 13:28:19.000000000 +0200 @@ -13,7 +13,7 @@ package IO::Socket::SSL; -our $VERSION = '2.085'; +our $VERSION = '2.086'; use IO::Socket; use Net::SSLeay 1.46; @@ -3086,22 +3086,30 @@ package IO::Socket::SSL::Session_Cache; *DEBUG = *IO::Socket::SSL::DEBUG; + +# The cache is consisting of one list which contains all sessions and then +# for each session key another list containing all sessions for same key. +# The order of the list is by use, i.e. last used are put on top. +# self.ghead points to the top of the global list while +# self.shead{key} to the top of the session key specific list +# All lists are cyclic +# Each element in the list consists of an array with slots for ... use constant { - SESSION => 0, - KEY => 1, - GNEXT => 2, - GPREV => 3, - SNEXT => 4, - SPREV => 5, + SESSION => 0, # session object + KEY => 1, # key for object + GNEXT => 2, # next element in global list + GPREV => 3, # previous element in global list + SNEXT => 4, # next element for same session key + SPREV => 5, # previous element for same session key }; sub new { my ($class, $size) = @_; $size>0 or return; return bless { - room => $size, - ghead => undef, - shead => {}, + room => $size, # free space regarding to max size + ghead => undef, # top of global list + shead => {}, # top of key specific list }, $class; } @@ -3124,6 +3132,9 @@ sub del_session { my ($self, $key, $session) = @_; + + # find all sessions which match given key and session and add to @del + # if key is given scan only sessions for the key, else all sessions my ($head,$inext) = $key ? ($self->{shead}{$key},SNEXT) : ($self->{ghead},GNEXT); my $v = $head; @@ -3152,6 +3163,9 @@ sub get_session { my ($self, $key, $session) = @_; + + # find first session for key + # if $session is given further look for this specific one my $v = $self->{shead}{$key}; if ($session) { my $shead = $v; @@ -3162,10 +3176,10 @@ $v = undef if $v == $shead; # session not found } } - if ($v) { - _del_entry($self, $v); # remove - _add_entry($self, $v); # and add back on top - } + + # mark as recent by moving to top so that it gets expired last + _touch_entry($self,$v) if $v; + $DEBUG>=3 && DEBUG("get_session($key" . ( $session ? ",$session) -> " : ") -> ") . ($v? $v->[SESSION]:"none")); @@ -3174,20 +3188,25 @@ sub _add_entry { my ($self,$v) = @_; + + # If there are already sessions for same key add to this list else create + # a new sublist for this key. Similar for global list. for( [ SNEXT, SPREV, \$self->{shead}{$v->[KEY]} ], [ GNEXT, GPREV, \$self->{ghead} ], ) { my ($inext,$iprev,$rhead) = @$_; if ($$rhead) { + # add on top of list $v->[$inext] = $$rhead; $v->[$iprev] = ${$rhead}->[$iprev]; ${$rhead}->[$iprev][$inext] = $v; ${$rhead}->[$iprev] = $v; + $$rhead = $v; } else { - $v->[$inext] = $v->[$iprev] = $v; + # create a new list + $$rhead = $v->[$inext] = $v->[$iprev] = $v; } - $$rhead = $v; } $self->{room}--; @@ -3203,6 +3222,8 @@ sub _del_entry { my ($self,$v) = @_; + # Remove element from both key specific list and global list + # If key specific list is then empty drop it from self.shead for( [ SNEXT, SPREV, \$self->{shead}{$v->[KEY]} ], [ GNEXT, GPREV, \$self->{ghead} ], @@ -3228,6 +3249,32 @@ $self->{room}++; } +sub _touch_entry { + my ($self,$v) = @_; + + # Put element on top of both global list and key specific list + # so that it gets expired last when making space in the cache + for( + [ SNEXT, SPREV, \$self->{shead}{$v->[KEY]} ], + [ GNEXT, GPREV, \$self->{ghead} ], + ) { + my ($inext,$iprev,$rhead) = @$_; + $$rhead or die "entry not in list ($inext)"; # should not happen + next if $$rhead == $v; # already at top + + # remove from current position - like _del_entry + $v->[$inext][$iprev] = $v->[$iprev]; + $v->[$iprev][$inext] = $v->[$inext]; + + # add on top - like _add_entry + $v->[$inext] = $$rhead; + $v->[$iprev] = ${$rhead}->[$iprev]; + ${$rhead}->[$iprev][$inext] = $v; + ${$rhead}->[$iprev] = $v; + $$rhead = $v; + } +} + sub _dump { my $self = shift; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/IO-Socket-SSL-2.085/lib/IO/Socket/SSL.pod new/IO-Socket-SSL-2.086/lib/IO/Socket/SSL.pod --- old/IO-Socket-SSL-2.085/lib/IO/Socket/SSL.pod 2023-11-04 17:10:35.000000000 +0100 +++ new/IO-Socket-SSL-2.086/lib/IO/Socket/SSL.pod 2024-04-11 09:14:13.000000000 +0200 @@ -1594,7 +1594,7 @@ the maximum size of an SSL frame, will be written at once. For non-blocking sockets SSL specific behavior applies. -Pease read the specific section in this documentation. +Please read the specific section in this documentation. =item B<peek( BUF, LEN, [ OFFSET ])> @@ -2196,10 +2196,6 @@ IO::Socket::SSL does not work together with Storable::fd_retrieve/fd_store. See BUGS file for more information and how to work around the problem. -Non-blocking and timeouts (which are based on non-blocking) are not -supported on Win32, because the underlying IO::Socket::INET does not support -non-blocking on this platform. - If you have a server and it looks like you have a memory leak you might check the size of your session cache. Default for Net::SSLeay seems to be 20480, see the example for SSL_create_ctx_callback for how to limit it.