From a551f76cd2d508053baa53e7e7286c280fb856a4 Mon Sep 17 00:00:00 2001 From: Paul Howarth Date: Tue, 23 Feb 2010 13:58:55 +0000 Subject: [PATCH 1/9] - Update to 1.32 (die in Makefile.PL if Scalar::Util has no dualvar support) - Use %{_fixperms} macro instead of our own %{__chmod} incantation --- .cvsignore | 2 +- perl-IO-Socket-SSL.spec | 14 +++++++++----- sources | 2 +- 3 files changed, 11 insertions(+), 7 deletions(-) diff --git a/.cvsignore b/.cvsignore index 95c54cc..e252149 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -IO-Socket-SSL-1.31.tar.gz +IO-Socket-SSL-1.32.tar.gz diff --git a/perl-IO-Socket-SSL.spec b/perl-IO-Socket-SSL.spec index 1b2f8aa..497e391 100644 --- a/perl-IO-Socket-SSL.spec +++ b/perl-IO-Socket-SSL.spec @@ -4,8 +4,8 @@ # Name: perl-IO-Socket-SSL -Version: 1.31 -Release: 2%{?dist} +Version: 1.32 +Release: 1%{?dist} Summary: Perl library for transparent SSL Group: Development/Libraries License: GPL+ or Artistic @@ -42,8 +42,8 @@ done %{__rm} -rf %{buildroot} %{__make} pure_install PERL_INSTALL_ROOT=%{buildroot} /usr/bin/find %{buildroot} -type f -name .packlist -exec %{__rm} -f {} ';' -/usr/bin/find %{buildroot} -depth -type d -exec /bin/rmdir {} 2>/dev/null ';' -%{__chmod} -R u+w %{buildroot}/* +/usr/bin/find %{buildroot} -depth -type d -exec /bin/rmdir {} ';' 2>/dev/null +%{_fixperms} %{buildroot} %check # Avoid running the session tests (spawns servers, requires 3 free ports @@ -61,8 +61,12 @@ done %{_mandir}/man3/IO::Socket::SSL.3pm* %changelog +* Tue Feb 23 2010 Paul Howarth - 1.32-1 +- Update to 1.32 (die in Makefile.PL if Scalar::Util has no dualvar support) +- Use %%{_fixperms} macro instead of our own %%{__chmod} incantation + * Mon Dec 7 2009 Stepan Kasal - 1.31-2 -- rebuild against perl 5.10.1 +- Rebuild against perl 5.10.1 * Sun Sep 27 2009 Paul Howarth - 1.31-1 - Update to 1.31 (see Changes for details) diff --git a/sources b/sources index fbe409d..1eb8e16 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -3a51c3f603ee242d5869e8ffd51b989b IO-Socket-SSL-1.31.tar.gz +324ec02c26ecb41c481d0586c4174a56 IO-Socket-SSL-1.32.tar.gz From 390ab9855dd5bf2887a27275f3799cbdb8066e83 Mon Sep 17 00:00:00 2001 From: Paul Howarth Date: Wed, 17 Mar 2010 16:23:40 +0000 Subject: [PATCH 2/9] Update to 1.33 --- .cvsignore | 2 +- perl-IO-Socket-SSL.spec | 7 ++++++- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.cvsignore b/.cvsignore index e252149..8798a8c 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -IO-Socket-SSL-1.32.tar.gz +IO-Socket-SSL-1.33.tar.gz diff --git a/perl-IO-Socket-SSL.spec b/perl-IO-Socket-SSL.spec index 497e391..7496c91 100644 --- a/perl-IO-Socket-SSL.spec +++ b/perl-IO-Socket-SSL.spec @@ -4,7 +4,7 @@ # Name: perl-IO-Socket-SSL -Version: 1.32 +Version: 1.33 Release: 1%{?dist} Summary: Perl library for transparent SSL Group: Development/Libraries @@ -61,6 +61,11 @@ done %{_mandir}/man3/IO::Socket::SSL.3pm* %changelog +* Wed Mar 17 2010 Paul Howarth - 1.33-1 +- Update to 1.33 + - attempt to make t/memleak_bad_handshake.t more stable + - fix hostname checking: only check an IP against subjectAltName GEN_IPADD + * Tue Feb 23 2010 Paul Howarth - 1.32-1 - Update to 1.32 (die in Makefile.PL if Scalar::Util has no dualvar support) - Use %%{_fixperms} macro instead of our own %%{__chmod} incantation diff --git a/sources b/sources index 1eb8e16..7b6a378 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -324ec02c26ecb41c481d0586c4174a56 IO-Socket-SSL-1.32.tar.gz +e288b5cda3de1f4cbf15e2eb709e9d7c IO-Socket-SSL-1.33.tar.gz From 5fc4b441aaa8cbf3b2ffb323a11bb11128cbb4e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcela=20Ma=C5=A1l=C3=A1=C5=88ov=C3=A1?= Date: Sun, 2 May 2010 18:02:10 +0000 Subject: [PATCH 3/9] - Mass rebuild with perl-5.12.0 --- perl-IO-Socket-SSL.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/perl-IO-Socket-SSL.spec b/perl-IO-Socket-SSL.spec index 7496c91..323f78c 100644 --- a/perl-IO-Socket-SSL.spec +++ b/perl-IO-Socket-SSL.spec @@ -5,7 +5,7 @@ Name: perl-IO-Socket-SSL Version: 1.33 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Perl library for transparent SSL Group: Development/Libraries License: GPL+ or Artistic @@ -61,6 +61,9 @@ done %{_mandir}/man3/IO::Socket::SSL.3pm* %changelog +* Sun May 02 2010 Marcela Maslanova - 1.33-2 +- Mass rebuild with perl-5.12.0 + * Wed Mar 17 2010 Paul Howarth - 1.33-1 - Update to 1.33 - attempt to make t/memleak_bad_handshake.t more stable From 2f2fdf679e9b132538ea38d4e4d62c1b38d074c2 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 29 Jul 2010 07:00:08 +0000 Subject: [PATCH 4/9] dist-git conversion --- .cvsignore => .gitignore | 0 Makefile | 21 --------------------- 2 files changed, 21 deletions(-) rename .cvsignore => .gitignore (100%) delete mode 100644 Makefile diff --git a/.cvsignore b/.gitignore similarity index 100% rename from .cvsignore rename to .gitignore diff --git a/Makefile b/Makefile deleted file mode 100644 index cd377d0..0000000 --- a/Makefile +++ /dev/null @@ -1,21 +0,0 @@ -# Makefile for source rpm: perl-IO-Socket-SSL -# $Id: Makefile,v 1.2 2007/10/15 19:15:10 notting Exp $ -NAME := perl-IO-Socket-SSL -SPECFILE = $(firstword $(wildcard *.spec)) - -define find-makefile-common -for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done -endef - -MAKEFILE_COMMON := $(shell $(find-makefile-common)) - -ifeq ($(MAKEFILE_COMMON),) -# attempt a checkout -define checkout-makefile-common -test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2 -endef - -MAKEFILE_COMMON := $(shell $(checkout-makefile-common)) -endif - -include $(MAKEFILE_COMMON) From eefbde615fd84e8998257924b4b5b9b3e2f70b40 Mon Sep 17 00:00:00 2001 From: Paul Howarth Date: Tue, 2 Nov 2010 13:09:38 +0000 Subject: [PATCH 5/9] Update to 1.34 - New upstream release 1.34: - schema http for certificate verification changed to wildcards_in_cn=1 - if upgrading socket from inet to ssl fails due to handshake problems, the socket gets downgraded back again but is still open (CPAN RT#61466) - deprecate kill_socket: just use close() --- .gitignore | 2 +- perl-IO-Socket-SSL.spec | 11 +++++++++-- sources | 2 +- 3 files changed, 11 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 8798a8c..dbdc9ea 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -IO-Socket-SSL-1.33.tar.gz +/IO-Socket-SSL-1.34.tar.gz diff --git a/perl-IO-Socket-SSL.spec b/perl-IO-Socket-SSL.spec index 323f78c..2c25ae2 100644 --- a/perl-IO-Socket-SSL.spec +++ b/perl-IO-Socket-SSL.spec @@ -4,8 +4,8 @@ # Name: perl-IO-Socket-SSL -Version: 1.33 -Release: 2%{?dist} +Version: 1.34 +Release: 1%{?dist} Summary: Perl library for transparent SSL Group: Development/Libraries License: GPL+ or Artistic @@ -61,6 +61,13 @@ done %{_mandir}/man3/IO::Socket::SSL.3pm* %changelog +* Tue Nov 2 2010 Paul Howarth - 1.34-1 +- Update to 1.34 + - schema http for certificate verification changed to wildcards_in_cn=1 + - if upgrading socket from inet to ssl fails due to handshake problems, the + socket gets downgraded back again but is still open (CPAN RT#61466) + - deprecate kill_socket: just use close() + * Sun May 02 2010 Marcela Maslanova - 1.33-2 - Mass rebuild with perl-5.12.0 diff --git a/sources b/sources index 7b6a378..c48f473 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -e288b5cda3de1f4cbf15e2eb709e9d7c IO-Socket-SSL-1.33.tar.gz +c42dfa4172e6ee3673b5ead6709f7c04 IO-Socket-SSL-1.34.tar.gz From bd90bedbe33f9a91f3fc43a3548bacd69c2e2197 Mon Sep 17 00:00:00 2001 From: Paul Howarth Date: Mon, 6 Dec 2010 12:10:01 +0000 Subject: [PATCH 6/9] Update to 1.35 - New upstream release 1.35: - if verify_mode is not VERIFY_NONE and the ca_file/ca_path cannot be verified as valid, it will no longer fall back to VERIFY_NONE but throw an error (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606058) --- .gitignore | 2 +- perl-IO-Socket-SSL.spec | 8 +++++++- sources | 2 +- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index dbdc9ea..36f3e5c 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -/IO-Socket-SSL-1.34.tar.gz +/IO-Socket-SSL-1.35.tar.gz diff --git a/perl-IO-Socket-SSL.spec b/perl-IO-Socket-SSL.spec index 2c25ae2..445b417 100644 --- a/perl-IO-Socket-SSL.spec +++ b/perl-IO-Socket-SSL.spec @@ -4,7 +4,7 @@ # Name: perl-IO-Socket-SSL -Version: 1.34 +Version: 1.35 Release: 1%{?dist} Summary: Perl library for transparent SSL Group: Development/Libraries @@ -61,6 +61,12 @@ done %{_mandir}/man3/IO::Socket::SSL.3pm* %changelog +* Mon Dec 6 2010 Paul Howarth - 1.35-1 +- Update to 1.35 + - if verify_mode is not VERIFY_NONE and the ca_file/ca_path cannot be + verified as valid, it will no longer fall back to VERIFY_NONE but throw an + error (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606058) + * Tue Nov 2 2010 Paul Howarth - 1.34-1 - Update to 1.34 - schema http for certificate verification changed to wildcards_in_cn=1 diff --git a/sources b/sources index c48f473..b6567d5 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -c42dfa4172e6ee3673b5ead6709f7c04 IO-Socket-SSL-1.34.tar.gz +814126aa56e687a3ccc341be35c16cc5 IO-Socket-SSL-1.35.tar.gz From bff48884d12b9b13c6c0a2b8f95c2a6f1da37c74 Mon Sep 17 00:00:00 2001 From: Paul Howarth Date: Thu, 9 Dec 2010 11:31:38 +0000 Subject: [PATCH 7/9] Update to 1.36 - New upstream release 1.36: - update documentation for SSL_verify_callback based on CPAN RT#63743 and CPAN RT#63740 --- .gitignore | 2 +- perl-IO-Socket-SSL.spec | 7 ++++++- sources | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 36f3e5c..8f6bc20 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -/IO-Socket-SSL-1.35.tar.gz +/IO-Socket-SSL-1.36.tar.gz diff --git a/perl-IO-Socket-SSL.spec b/perl-IO-Socket-SSL.spec index 445b417..8c763e7 100644 --- a/perl-IO-Socket-SSL.spec +++ b/perl-IO-Socket-SSL.spec @@ -4,7 +4,7 @@ # Name: perl-IO-Socket-SSL -Version: 1.35 +Version: 1.36 Release: 1%{?dist} Summary: Perl library for transparent SSL Group: Development/Libraries @@ -61,6 +61,11 @@ done %{_mandir}/man3/IO::Socket::SSL.3pm* %changelog +* Thu Dec 9 2010 Paul Howarth - 1.36-1 +- Update to 1.36 + - update documentation for SSL_verify_callback based on CPAN RT#63743 and + CPAN RT#63740 + * Mon Dec 6 2010 Paul Howarth - 1.35-1 - Update to 1.35 - if verify_mode is not VERIFY_NONE and the ca_file/ca_path cannot be diff --git a/sources b/sources index b6567d5..7811bae 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -814126aa56e687a3ccc341be35c16cc5 IO-Socket-SSL-1.35.tar.gz +77ba509d657b723efbcb42249adbdb35 IO-Socket-SSL-1.36.tar.gz From f86243aa588d6624a57c3ca5fc8ed86b73c1ecac Mon Sep 17 00:00:00 2001 From: Paul Howarth Date: Fri, 10 Dec 2010 14:16:39 +0000 Subject: [PATCH 8/9] Update to 1.37 - New upstream release 1.37: - don't complain about invalid certificate locations if user explicitly set SSL_ca_path and SSL_ca_file to undef: assume that user knows what they are doing and will work around the problems themselves (CPAN RT#63741) --- .gitignore | 2 +- perl-IO-Socket-SSL.spec | 8 +++++++- sources | 2 +- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 8f6bc20..5e06e71 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -/IO-Socket-SSL-1.36.tar.gz +/IO-Socket-SSL-1.37.tar.gz diff --git a/perl-IO-Socket-SSL.spec b/perl-IO-Socket-SSL.spec index 8c763e7..d6df956 100644 --- a/perl-IO-Socket-SSL.spec +++ b/perl-IO-Socket-SSL.spec @@ -4,7 +4,7 @@ # Name: perl-IO-Socket-SSL -Version: 1.36 +Version: 1.37 Release: 1%{?dist} Summary: Perl library for transparent SSL Group: Development/Libraries @@ -61,6 +61,12 @@ done %{_mandir}/man3/IO::Socket::SSL.3pm* %changelog +* Fri Dec 10 2010 Paul Howarth - 1.37-1 +- Update to 1.37 + - don't complain about invalid certificate locations if user explicitly set + SSL_ca_path and SSL_ca_file to undef: assume that user knows what they are + doing and will work around the problems themselves (CPAN RT#63741) + * Thu Dec 9 2010 Paul Howarth - 1.36-1 - Update to 1.36 - update documentation for SSL_verify_callback based on CPAN RT#63743 and diff --git a/sources b/sources index 7811bae..df7455c 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -77ba509d657b723efbcb42249adbdb35 IO-Socket-SSL-1.36.tar.gz +a75c962ce989865213ca4320766fdb77 IO-Socket-SSL-1.37.tar.gz From 69a39b95e4d57aed35dccd82f82c61e5e63278e2 Mon Sep 17 00:00:00 2001 From: Paul Howarth Date: Fri, 17 Dec 2010 16:53:16 +0000 Subject: [PATCH 9/9] Add CVE reference in changelog for CVE-2010-4334 --- perl-IO-Socket-SSL.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/perl-IO-Socket-SSL.spec b/perl-IO-Socket-SSL.spec index d6df956..9d9cad3 100644 --- a/perl-IO-Socket-SSL.spec +++ b/perl-IO-Socket-SSL.spec @@ -73,7 +73,7 @@ done CPAN RT#63740 * Mon Dec 6 2010 Paul Howarth - 1.35-1 -- Update to 1.35 +- Update to 1.35 (addresses CVE-2010-4334) - if verify_mode is not VERIFY_NONE and the ca_file/ca_path cannot be verified as valid, it will no longer fall back to VERIFY_NONE but throw an error (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606058)