From e66cad755e2cf06907ca21efb1843239e7792e03 Mon Sep 17 00:00:00 2001 From: Paul Howarth Date: Tue, 7 Nov 2023 08:52:53 +0000 Subject: [PATCH] Update to 2.084 - New upstream release 2.084 - Various fixes for edge cases and build: GH#136, GH#141, GH#142, GH#143, GH#145 - Update documentation to reflect default SSL_version --- ...2.084-use-system-default-SSL-version.patch | 20 +++++++++---------- ...2.084-use-system-default-cipher-list.patch | 2 +- perl-IO-Socket-SSL.spec | 14 +++++++++---- sources | 2 +- 4 files changed, 22 insertions(+), 16 deletions(-) rename IO-Socket-SSL-2.082-use-system-default-SSL-version.patch => IO-Socket-SSL-2.084-use-system-default-SSL-version.patch (60%) rename IO-Socket-SSL-2.082-use-system-default-cipher-list.patch => IO-Socket-SSL-2.084-use-system-default-cipher-list.patch (95%) diff --git a/IO-Socket-SSL-2.082-use-system-default-SSL-version.patch b/IO-Socket-SSL-2.084-use-system-default-SSL-version.patch similarity index 60% rename from IO-Socket-SSL-2.082-use-system-default-SSL-version.patch rename to IO-Socket-SSL-2.084-use-system-default-SSL-version.patch index 1722cf8..35118ed 100644 --- a/IO-Socket-SSL-2.082-use-system-default-SSL-version.patch +++ b/IO-Socket-SSL-2.084-use-system-default-SSL-version.patch @@ -10,7 +10,7 @@ SSL_verify_callback => undef, SSL_verifycn_scheme => undef, # fallback cn verification SSL_verifycn_publicsuffix => undef, # fallback default list verification -@@ -2438,7 +2437,7 @@ sub new { +@@ -2445,7 +2444,7 @@ sub new { my $ssl_op = $DEFAULT_SSL_OP; @@ -21,17 +21,17 @@ or croak("invalid SSL_version specified"); --- lib/IO/Socket/SSL.pod +++ lib/IO/Socket/SSL.pod -@@ -1043,11 +1043,12 @@ All values are case-insensitive. Instea - 'TLSv1_3' one can also use 'TLSv11', 'TLSv12', and 'TLSv13'. Support for - 'TLSv1_1', 'TLSv1_2', and 'TLSv1_3' requires recent versions of Net::SSLeay - and openssl. +@@ -1044,11 +1044,12 @@ All values are case-insensitive. Instea + versions are actually supported depend on the versions of OpenSSL and + Net::SSLeay installed, but modern protocols like TLS 1.3 are supported by these + for many years now. +The default SSL_version is defined by the underlying cryptographic library. Independent from the handshake format you can limit to set of accepted SSL versions by adding !version separated by ':'. --The default SSL_version is 'SSLv23:!SSLv3:!SSLv2' which means, that the -+For example, 'SSLv23:!SSLv3:!SSLv2' means that the - handshake format is compatible to SSL2.0 and higher, but that the successful - handshake is limited to TLS1.0 and higher, that is no SSL2.0 or SSL3.0 because - both of these versions have serious security issues and should not be used +-The default SSL_version is 'SSLv23:!TLSv1:!TLSv1_1:!SSLv3:!SSLv2'. This means, ++For example, 'SSLv23:!TLSv1:!TLSv1_1:!SSLv3:!SSLv2' means + that the handshake format is compatible to SSL2.0 and higher, but that the + successful handshake is limited to TLS1.2 and higher, that is no SSL2.0, SSL3.0, + TLS 1.0 or TLS 1.1 because these versions have serious security issues and diff --git a/IO-Socket-SSL-2.082-use-system-default-cipher-list.patch b/IO-Socket-SSL-2.084-use-system-default-cipher-list.patch similarity index 95% rename from IO-Socket-SSL-2.082-use-system-default-cipher-list.patch rename to IO-Socket-SSL-2.084-use-system-default-cipher-list.patch index 4c08428..0dfa472 100644 --- a/IO-Socket-SSL-2.082-use-system-default-cipher-list.patch +++ b/IO-Socket-SSL-2.084-use-system-default-cipher-list.patch @@ -15,7 +15,7 @@ my %DEFAULT_SSL_CLIENT_ARGS = ( --- lib/IO/Socket/SSL.pod +++ lib/IO/Socket/SSL.pod -@@ -1070,9 +1070,8 @@ ciphers for TLS 1.2 and lower. See the O +@@ -1071,9 +1071,8 @@ ciphers for TLS 1.2 and lower. See the O for more details. Unless you fail to contact your peer because of no shared ciphers it is diff --git a/perl-IO-Socket-SSL.spec b/perl-IO-Socket-SSL.spec index c41773f..d3a7f49 100644 --- a/perl-IO-Socket-SSL.spec +++ b/perl-IO-Socket-SSL.spec @@ -7,14 +7,14 @@ %endif Name: perl-IO-Socket-SSL -Version: 2.083 -Release: 3%{?dist} +Version: 2.084 +Release: 1%{?dist} Summary: Perl library for transparent SSL License: (GPL-1.0-or-later OR Artistic-1.0-Perl) AND MPL-2.0 URL: https://metacpan.org/release/IO-Socket-SSL Source0: https://cpan.metacpan.org/modules/by-module/IO/IO-Socket-SSL-%{version}.tar.gz -Patch0: IO-Socket-SSL-2.082-use-system-default-cipher-list.patch -Patch1: IO-Socket-SSL-2.082-use-system-default-SSL-version.patch +Patch0: IO-Socket-SSL-2.084-use-system-default-cipher-list.patch +Patch1: IO-Socket-SSL-2.084-use-system-default-SSL-version.patch # A test for Enable-Post-Handshake-Authentication-TLSv1.3-feature.patch, # bug #1632660, requires openssl tool Patch2: IO-Socket-SSL-2.080-Test-client-performs-Post-Handshake-Authentication.patch @@ -126,6 +126,12 @@ make test %{_mandir}/man3/IO::Socket::SSL::PublicSuffix.3* %changelog +* Tue Nov 7 2023 Paul Howarth - 2.084-1 +- Update to 2.084 + - Various fixes for edge cases and build: GH#136, GH#141, GH#142, GH#143, + GH#145 + - Update documentation to reflect default SSL_version + * Thu Jul 20 2023 Fedora Release Engineering - 2.083-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild diff --git a/sources b/sources index c4de492..5f14e64 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (IO-Socket-SSL-2.083.tar.gz) = a3fb70148eabc7b972c9b7a132b2a3f3ef23877606670c19ebffe40c82fc462431337ab498bca98b823b89ade8e2288d37fdb677ae154461de8f9f24e7568e4a +SHA512 (IO-Socket-SSL-2.084.tar.gz) = 348e71cda3b0f6c06f9e72a9cd332e5c747feec82b6e74fe508ef294fdca85f9318bdda2e369b1dd1f0f2c857bfba89f52f09a3088c9906326cda5f43a91b6b5