rpms/perl-IO-Socket-SSL
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Update to 2.006

Browse Source 
- New upstream release 2.006
  - Make SSLv3 available even if the SSL library disables it by default in
    SSL_CTX_new (like done in LibreSSL); default will stay to disable SSLv3
    so this will be only done when setting SSL_version explicitly
  - Fix possible segmentation fault when trying to use an invalid certificate
  - Use only the ICANN part of the default public suffix list and not the
    private domains; this makes existing exceptions for s3.amazonaws.com and
    googleapis.com obsolete
  - Fix t/protocol_version.t to deal with OpenSSL installations that are
    compiled without SSLv3 support
  - Make (hopefully) non-blocking work on windows by using EWOULDBLOCK instead
    of EAGAIN; while this is the same on UNIX it is different on Windows and
    socket operations return there (WSA)EWOULDBLOCK and not EAGAIN
  - Enable non-blocking tests on Windows too
  - Make PublicSuffix::_default_data thread safe
  - Update PublicSuffix with latest list from publicsuffix.org
- Note that this package still uses system-default cipher and SSL versions,
  which may have SSL3.0 enabled
- Classify buildreqs by usage
This commit is contained in:
Paul Howarth 2014-11-23 14:55:09 +00:00
parent 1e5d92fafe
commit af52f67378
4 changed files with 50 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
IO-Socket-SSL-2.002-use-system-default-SSL-version.patch → IO-Socket-SSL-2.006-use-system-default-SSL-version.patch
View File

@ -9,7 +9,7 @@
SSL_verify_callback => undef, SSL_verify_callback => undef,
SSL_verifycn_scheme => undef, # fallback cn verification SSL_verifycn_scheme => undef, # fallback cn verification
SSL_verifycn_publicsuffix => undef, # fallback default list verification SSL_verifycn_publicsuffix => undef, # fallback default list verification
@@ -2058,7 +2058,7 @@ WARN @@ -2068,7 +2068,7 @@ WARN
$ssl_op |= &Net::SSLeay::OP_SINGLE_DH_USE; $ssl_op |= &Net::SSLeay::OP_SINGLE_DH_USE;
$ssl_op |= &Net::SSLeay::OP_SINGLE_ECDH_USE if $can_ecdh; $ssl_op |= &Net::SSLeay::OP_SINGLE_ECDH_USE if $can_ecdh;
@ -20,14 +20,13 @@
or croak("invalid SSL_version specified"); or croak("invalid SSL_version specified");
--- lib/IO/Socket/SSL.pod --- lib/IO/Socket/SSL.pod
+++ lib/IO/Socket/SSL.pod +++ lib/IO/Socket/SSL.pod
@@ -910,11 +910,12 @@ protocol to the specified version. @@ -911,11 +911,12 @@ protocol to the specified version.
All values are case-insensitive. Instead of 'TLSv1_1' and 'TLSv1_2' one can All values are case-insensitive. Instead of 'TLSv1_1' and 'TLSv1_2' one can
also use 'TLSv11' and 'TLSv12'. Support for 'TLSv1_1' and 'TLSv1_2' requires also use 'TLSv11' and 'TLSv12'. Support for 'TLSv1_1' and 'TLSv1_2' requires
recent versions of Net::SSLeay and openssl. recent versions of Net::SSLeay and openssl.
+The default SSL_version is defined by the underlying cryptographic library. +The default SSL_version is defined by the underlying cryptographic library.
-Independend from the handshake format you can limit to set of accepted SSL Independent from the handshake format you can limit to set of accepted SSL
+Independent from the handshake format you can limit the set of accepted SSL
versions by adding !version separated by ':'. versions by adding !version separated by ':'.
-The default SSL_version is 'SSLv23:!SSLv3:!SSLv2' which means, that the -The default SSL_version is 'SSLv23:!SSLv3:!SSLv2' which means, that the

2
IO-Socket-SSL-2.000-use-system-default-cipher-list.patch → IO-Socket-SSL-2.006-use-system-default-cipher-list.patch
View File

@ -56,7 +56,7 @@
# set values inside _init to work with perlcc, RT#95452 # set values inside _init to work with perlcc, RT#95452
--- lib/IO/Socket/SSL.pod --- lib/IO/Socket/SSL.pod
+++ lib/IO/Socket/SSL.pod +++ lib/IO/Socket/SSL.pod
@@ -936,12 +936,8 @@ documentation (L<http://www.openssl.org/ @@ -937,12 +937,8 @@ documentation (L<http://www.openssl.org/
for more details. for more details.
Unless you fail to contact your peer because of no shared ciphers it is Unless you fail to contact your peer because of no shared ciphers it is

57
perl-IO-Socket-SSL.spec
View File

@ -1,35 +1,49 @@
Name: perl-IO-Socket-SSL Name: perl-IO-Socket-SSL
Version: 2.002 Version: 2.006
Release: 1%{?dist} Release: 1%{?dist}
Summary: Perl library for transparent SSL Summary: Perl library for transparent SSL
Group: Development/Libraries Group: Development/Libraries
License: GPL+ or Artistic License: GPL+ or Artistic
URL: http://search.cpan.org/dist/IO-Socket-SSL/ URL: http://search.cpan.org/dist/IO-Socket-SSL/
Source0: http://search.cpan.org/CPAN/authors/id/S/SU/SULLR/IO-Socket-SSL-%{version}.tar.gz Source0: http://search.cpan.org/CPAN/authors/id/S/SU/SULLR/IO-Socket-SSL-%{version}.tar.gz
Patch0: IO-Socket-SSL-2.000-use-system-default-cipher-list.patch Patch0: IO-Socket-SSL-2.006-use-system-default-cipher-list.patch
Patch1: IO-Socket-SSL-2.002-use-system-default-SSL-version.patch Patch1: IO-Socket-SSL-2.006-use-system-default-SSL-version.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(id -nu) BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(id -nu)
BuildArch: noarch BuildArch: noarch
BuildRequires: openssl >= 0.9.8 # Module Build
BuildRequires: perl BuildRequires: perl
BuildRequires: perl(ExtUtils::MakeMaker)
# Module Runtime
BuildRequires: openssl >= 0.9.8
BuildRequires: perl(Carp) BuildRequires: perl(Carp)
BuildRequires: perl(constant) BuildRequires: perl(constant)
BuildRequires: perl(Data::Dumper) BuildRequires: perl(Errno)
BuildRequires: perl(Exporter) BuildRequires: perl(Exporter)
BuildRequires: perl(ExtUtils::MakeMaker) BuildRequires: perl(HTTP::Tiny)
BuildRequires: perl(File::Temp)
BuildRequires: perl(IO::Select)
BuildRequires: perl(IO::Socket) BuildRequires: perl(IO::Socket)
BuildRequires: perl(IO::Socket::INET)
BuildRequires: perl(IO::Socket::INET6) >= 2.62 BuildRequires: perl(IO::Socket::INET6) >= 2.62
BuildRequires: perl(Net::SSLeay) >= 1.46 BuildRequires: perl(Net::SSLeay) >= 1.46
BuildRequires: perl(Scalar::Util) BuildRequires: perl(Scalar::Util)
BuildRequires: perl(Socket) BuildRequires: perl(Socket)
BuildRequires: perl(Socket6) BuildRequires: perl(Socket6)
BuildRequires: perl(strict) BuildRequires: perl(strict)
BuildRequires: perl(Test::More) BuildRequires: perl(vars)
BuildRequires: perl(warnings) BuildRequires: perl(warnings)
# Test Suite
BuildRequires: perl(Config)
BuildRequires: perl(Data::Dumper)
BuildRequires: perl(File::Temp)
BuildRequires: perl(FindBin)
BuildRequires: perl(IO::Select)
BuildRequires: perl(IO::Socket::INET)
BuildRequires: perl(Test::More) >= 0.88
BuildRequires: perl(utf8)
BuildRequires: procps BuildRequires: procps
# Runtime
Requires: perl(:MODULE_COMPAT_%(eval "`perl -V:version`"; echo $version))
Requires: openssl >= 0.9.8
Requires: perl(HTTP::Tiny)
# Use IO::Socket::IP for IPv6 support where available, else IO::Socket::INET6 # Use IO::Socket::IP for IPv6 support where available, else IO::Socket::INET6
%if 0%{?fedora} > 15 || 0%{?rhel} > 6 %if 0%{?fedora} > 15 || 0%{?rhel} > 6
BuildRequires: perl(IO::Socket::IP) >= 0.20, perl(Socket) >= 1.95 BuildRequires: perl(IO::Socket::IP) >= 0.20, perl(Socket) >= 1.95
@ -37,8 +51,6 @@ Requires: perl(IO::Socket::IP) >= 0.20, perl(Socket) >= 1.95
%else %else
Requires: perl(IO::Socket::INET6) >= 2.62, perl(Socket6) Requires: perl(IO::Socket::INET6) >= 2.62, perl(Socket6)
%endif %endif
Requires: perl(:MODULE_COMPAT_%(eval "`perl -V:version`"; echo $version))
Requires: openssl >= 0.9.8
# IDN back-ends: URI::_idna (from URI ≥ 1.50) is preferred # IDN back-ends: URI::_idna (from URI ≥ 1.50) is preferred
# but Net::IDN::Encode (next pref) and Net::LibIDN are also tested # but Net::IDN::Encode (next pref) and Net::LibIDN are also tested
@ -100,6 +112,27 @@ rm -rf %{buildroot}
%{_mandir}/man3/IO::Socket::SSL::Utils.3* %{_mandir}/man3/IO::Socket::SSL::Utils.3*
%changelog %changelog
* Sun Nov 23 2014 Paul Howarth <paul@city-fan.org> - 2.006-1
- Update to 2.006
- Make SSLv3 available even if the SSL library disables it by default in
SSL_CTX_new (like done in LibreSSL); default will stay to disable SSLv3
so this will be only done when setting SSL_version explicitly
- Fix possible segmentation fault when trying to use an invalid certificate
- Use only the ICANN part of the default public suffix list and not the
private domains; this makes existing exceptions for s3.amazonaws.com and
googleapis.com obsolete
- Fix t/protocol_version.t to deal with OpenSSL installations that are
compiled without SSLv3 support
- Make (hopefully) non-blocking work on windows by using EWOULDBLOCK instead
of EAGAIN; while this is the same on UNIX it is different on Windows and
socket operations return there (WSA)EWOULDBLOCK and not EAGAIN
- Enable non-blocking tests on Windows too
- Make PublicSuffix::_default_data thread safe
- Update PublicSuffix with latest list from publicsuffix.org
- Note that this package still uses system-default cipher and SSL versions,
which may have SSL3.0 enabled
- Classify buildreqs by usage
* Wed Oct 22 2014 Paul Howarth <paul@city-fan.org> - 2.002-1 * Wed Oct 22 2014 Paul Howarth <paul@city-fan.org> - 2.002-1
- Update to 2.002 - Update to 2.002
- Fix check for (invalid) IPv4 when validating hostname against certificate; - Fix check for (invalid) IPv4 when validating hostname against certificate;

2
sources
View File

@ -1 +1 @@
3b0753495a1ff043bd782a6b876d990f IO-Socket-SSL-2.002.tar.gz cbb09143c0d697fc44dac1226641eb41 IO-Socket-SSL-2.006.tar.gz